diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
commit | dce9d9cdfef1d37ef11a987a21f36e83b6b1944f (patch) | |
tree | 830623ade20e892954fcbddd3b7b05d09aac1dd7 /plugins/dalvik | |
parent | 1e7c7de85438749d3faf7b76984b86a9c088fbc1 (diff) |
Created plugins for the Dex and Dalvik support.
Diffstat (limited to 'plugins/dalvik')
253 files changed, 13128 insertions, 0 deletions
diff --git a/plugins/dalvik/Makefile.am b/plugins/dalvik/Makefile.am new file mode 100644 index 0000000..d12f733 --- /dev/null +++ b/plugins/dalvik/Makefile.am @@ -0,0 +1,31 @@ + +lib_LTLIBRARIES = libdalvik.la + +libdalvik_la_SOURCES = \ + context.h context.c \ + core.h core.c \ + fetch.h fetch.c \ + helpers.h \ + instruction-def.h \ + instruction-int.h \ + instruction.h instruction.c \ + link.h link.c \ + operand.h operand.c \ + post.h \ + processor.h processor.c \ + register.h register.c + +libdalvik_la_LIBADD = \ + opcodes/libdalvikopcodes.la \ + operands/libdalvikoperands.la \ + pseudo/libdalvikpseudo.la + +libdalvik_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + + +SUBDIRS = opdefs opcodes operands pseudo diff --git a/plugins/dalvik/context.c b/plugins/dalvik/context.c new file mode 100644 index 0000000..a48a9f3 --- /dev/null +++ b/plugins/dalvik/context.c @@ -0,0 +1,745 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * context.c - contexte lié à l'exécution d'un processeur + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "context.h" + + +#include <malloc.h> +#include <stdlib.h> +#include <string.h> + + +#include <analysis/contents/restricted.h> +#include <arch/context-int.h> +#include <arch/raw.h> +#include <common/sort.h> +#include <plugins/dex/dex-int.h> + + +#include "operands/register.h" + + + +/* ------------------------ MANIPULATION GLOBALE DU CONTEXTE ------------------------ */ + + +/* Mémorisation de données brutes dans le code */ +typedef struct _raw_data_area +{ + mrange_t range; /* Couverture à laisser en 1er */ + + phys_t item_len; /* Taille de chaque élément */ + +} raw_data_area; + +/* Définition d'un contexte pour processeur Dalkvik (instance) */ +struct _GDalvikContext +{ + GProcContext parent; /* A laisser en premier */ + + raw_data_area *data; /* Liste de zones brutes */ + size_t count; /* Taille de cette liste */ + GMutex mutex; /* Accès à la liste */ + +}; + + +/* Définition d'un contexte pour processeur Dalkvik (classe) */ +struct _GDalvikContextClass +{ + GProcContextClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des contextes de processeur Dalkvik. */ +static void g_dalvik_context_class_init(GDalvikContextClass *); + +/* Initialise une instance de contexte de processeur Dalkvik. */ +static void g_dalvik_context_init(GDalvikContext *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_context_dispose(GDalvikContext *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_context_finalize(GDalvikContext *); + + + +/* ------------------------- CONTEXTE POUR LA DECOMPILATION ------------------------- */ + + +#if 0 +/* Définition d'un contexte pour décompilation Dalkvik (instance) */ +struct _GDalvikDContext +{ + GDecContext parent; /* A laisser en premier */ + + GDecInstruction *this; /* Représentation de la classe */ + GHashTable *args; /* Correspondance arg./pseudo */ + GHashTable *locals; /* Correspondance var./pseudo */ + size_t locals_count; /* Quantité de var. locales */ + +}; + + +/* Définition d'un contexte pour décompilation Dalkvik (classe) */ +struct _GDalvikDContextClass +{ + GDecContextClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des contextes de décompilation Dalkvik. */ +static void g_dalvik_dcontext_class_init(GDalvikDContextClass *); + +/* Initialise une instance de contexte de décompilation Dalkvik. */ +static void g_dalvik_dcontext_init(GDalvikDContext *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_dcontext_dispose(GDalvikDContext *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_dcontext_finalize(GDalvikDContext *); + +/* Duplique un contexte de compilation. */ +static GDalvikDContext *g_dalvik_dcontext_dup(GDalvikDContext *); + +/* Propage un registre alloué et attendu par la suite. */ +static void g_dalvik_context_spread_allocated_shared_reg(GDalvikDContext *, GDalvikRegister *, GDecInstruction *); + +/* Convertit un registre machine en un pseudo-registre. */ +static GDecInstruction *g_dalvik_dcontext_convert_register(GDalvikDContext *, GDalvikRegisterOperand *, bool, vmpa_t); +#endif + + + +/* ---------------------------------------------------------------------------------- */ +/* MANIPULATION GLOBALE DU CONTEXTE */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type définit par la GLib pour le contexte de processeur Dalkvik. */ +G_DEFINE_TYPE(GDalvikContext, g_dalvik_context, G_TYPE_PROC_CONTEXT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des contextes de processeur Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_class_init(GDalvikContextClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_context_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_context_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à initialiser. * +* * +* Description : Initialise une instance de contexte de processeur Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_init(GDalvikContext *ctx) +{ + g_mutex_init(&ctx->mutex); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_dispose(GDalvikContext *ctx) +{ + g_mutex_clear(&ctx->mutex); + + G_OBJECT_CLASS(g_dalvik_context_parent_class)->dispose(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_finalize(GDalvikContext *ctx) +{ + if (ctx->data != NULL) + free(ctx->data); + + G_OBJECT_CLASS(g_dalvik_context_parent_class)->finalize(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un contexte pour l'exécution du processeur Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikContext *g_dalvik_context_new(void) +{ + GDalvikContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_CONTEXT, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à actualiser. * +* start = début de la zone à considérer. * +* length = taille de la zone couverte. * +* * +* Description : Mémorise une zone comme étant des données de branchements. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_context_register_switch_data(GDalvikContext *ctx, const vmpa2t *start, phys_t length) +{ + bool result; /* Bilan à retourner */ + raw_data_area new; /* Nouvel élément à insérer */ + size_t i; /* Boucle de parcours */ + + result = true; + + g_mutex_lock(&ctx->mutex); + + /* Vérification quant aux chevauchements */ + + init_mrange(&new.range, start, length); + + for (i = 0; i < ctx->count && result; i++) + result = !mrange_intersects_mrange(&ctx->data[i].range, &new.range); + + /* Insertion d'une nouvelle zone */ + + if (result) + { + new.item_len = 4; + + ctx->data = qinsert(ctx->data, &ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped, &new); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à actualiser. * +* start = début de la zone à considérer. * +* width = taille de chacun des éléments. * +* length = taille de la zone couverte. * +* * +* Description : Mémorise une zone comme étant des données d'un tableau. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_context_register_array_data(GDalvikContext *ctx, const vmpa2t *start, uint16_t width, phys_t length) +{ + bool result; /* Bilan à retourner */ + raw_data_area new; /* Nouvel élément à insérer */ + size_t i; /* Boucle de parcours */ + + result = true; + + g_mutex_lock(&ctx->mutex); + + /* Vérification quant aux chevauchements */ + + init_mrange(&new.range, start, length); + + for (i = 0; i < ctx->count && result; i++) + result = !mrange_intersects_mrange(&ctx->data[i].range, &new.range); + + /* Insertion d'une nouvelle zone */ + + if (result) + { + new.item_len = width; + + ctx->data = qinsert(ctx->data, &ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped, &new); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à consulter. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Place une donnée en tant qu'instruction si besoin est. * +* * +* Retour : Instruction mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GArchInstruction *result; /* Instruction à retourner */ + raw_data_area *found; /* Zone de couverture trouvée */ + GBinContent *restricted; /* Zone de lecture effective */ + + result = NULL; + + g_mutex_lock(&ctx->mutex); + + found = bsearch(pos, ctx->data, ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped); + + if (found) + { + restricted = g_restricted_content_new_ro(content, &found->range); + + switch (found->item_len) + { + case 1: + result = g_raw_instruction_new_array(restricted, MDS_8_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 2: + result = g_raw_instruction_new_array(restricted, MDS_16_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 4: + result = g_raw_instruction_new_array(restricted, MDS_32_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 8: + result = g_raw_instruction_new_array(restricted, MDS_64_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + default: + result = g_raw_instruction_new_array(restricted, MDS_8_BITS_UNSIGNED, + found->item_len, pos, SRE_LITTLE); + break; + + } + + g_object_unref(G_OBJECT(restricted)); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* CONTEXTE POUR LA DECOMPILATION */ +/* ---------------------------------------------------------------------------------- */ + + +#if 0 +/* Indique le type définit par la GLib pour le contexte de décompilation Dalkvik. */ +G_DEFINE_TYPE(GDalvikDContext, g_dalvik_dcontext, G_TYPE_DEC_CONTEXT); + + +/****************************************************************************** +* * +* Paramètres : class = classe à initialiser. * +* * +* Description : Initialise la classe des contextes de décompilation Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_class_init(GDalvikDContextClass *class) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(class); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_dcontext_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_dcontext_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à initialiser. * +* * +* Description : Initialise une instance de contexte de décompilation Dalkvik.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_init(GDalvikDContext *ctx) +{ + GDecContext *parent; /* Instance parente */ + + ctx->args = g_hash_table_new(g_constant_hash, g_direct_equal); + ctx->locals = g_hash_table_new(g_constant_hash, g_direct_equal); + + parent = G_DEC_CONTEXT(ctx); + + parent->dup = (dup_dec_context_fc)g_dalvik_dcontext_dup; + parent->spread = (spread_reg_fc)g_dalvik_context_spread_allocated_shared_reg; + parent->convert_reg = (convert_register_fc)g_dalvik_dcontext_convert_register; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_dispose(GDalvikDContext *ctx) +{ + if (ctx->this != NULL) + g_object_unref(G_OBJECT(ctx->this)); + + G_OBJECT_CLASS(g_dalvik_dcontext_parent_class)->dispose(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_finalize(GDalvikDContext *ctx) +{ + G_OBJECT_CLASS(g_dalvik_dcontext_parent_class)->finalize(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un contexte pour la décompilation Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikDContext *g_dalvik_dcontext_new(void) +{ + GDalvikDContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_DCONTEXT, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : orig = contexte de compilation à copier. * +* * +* Description : Duplique un contexte de compilation. * +* * +* Retour : Contexte de décompilation prêt à emploi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDalvikDContext *g_dalvik_dcontext_dup(GDalvikDContext *orig) +{ + GDalvikDContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_DCONTEXT, NULL); + + //g_object_unref(G_OBJECT(result->args)); + //g_object_unref(G_OBJECT(result->locals)); + + _g_dec_context_dup(G_DEC_CONTEXT(result), G_DEC_CONTEXT(orig)); + + if (orig->this != NULL) g_object_ref(G_OBJECT(orig->this)); + //g_object_ref(G_OBJECT(orig->args)); + //g_object_ref(G_OBJECT(orig->locals)); + + result->this = orig->this; + result->args = orig->args; + result->locals = orig->locals; + result->locals_count = orig->locals_count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : parent = instance à éventuellement compléter. * +* child = instance à venir consulter. * +* * +* Description : Propage un registre alloué et attendu par la suite. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_spread_allocated_shared_reg(GDalvikDContext *ctx, GDalvikRegister *reg, GDecInstruction *dinstr) +{ + GDexFormat *format; /* Recherche de méthode */ + GBinRoutine *routine; /* Objet des recherches */ + GDexMethod *method; /* Méthode décompilée */ + uint16_t index; /* Identifiant du registre */ + DexVariableIndex info; /* Nature du registre */ + + format = G_DEX_FORMAT(G_DEC_CONTEXT(ctx)->format); + routine = G_DEC_CONTEXT(ctx)->routine; + + method = g_dex_format_find_method_by_address(format, g_binary_routine_get_address(routine)); + + index = g_dalvik_register_get_index(reg); + info = g_dex_method_get_variable(method, index); + + g_object_ref(G_OBJECT(dinstr)); + g_hash_table_insert(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info)), dinstr); + ctx->locals_count++; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à consulter, voire mettre à jour. * +* operand = opérande représentant un registre quelconque. * +* assign = précise le sort prochain du registre. * +* addr = adresse de l'instruction décompilée. * +* * +* Description : Convertit un registre machine en un pseudo-registre. * +* * +* Retour : Pseudo-registre, existant ou non, prêt à emploi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDecInstruction *g_dalvik_dcontext_convert_register(GDalvikDContext *ctx, GDalvikRegisterOperand *operand, bool assign, vmpa_t addr) +{ + GDecInstruction *result; /* Instance à retourner */ + GDexFormat *format; /* Recherche de méthode */ + GBinRoutine *routine; /* Objet des recherches */ + GDexMethod *method; /* Méthode décompilée */ + const GDalvikRegister *reg; /* Registre Dalvik représenté */ + uint16_t index; /* Identifiant du registre */ + DexVariableIndex info; /* Nature du registre */ + GBinVariable *this; /* Définition de "this" */ + gpointer *found; /* Pseudo-registre trouvé */ + + format = G_DEX_FORMAT(G_DEC_CONTEXT(ctx)->format); + routine = G_DEC_CONTEXT(ctx)->routine; + + method = g_dex_format_find_method_by_address(format, g_binary_routine_get_address(routine)); + + reg = g_dalvik_register_operand_get(operand); + + index = g_dalvik_register_get_index(reg); + info = g_dex_method_get_variable(method, index); + + /* Objet "this" */ + if (info & DVI_THIS) + { + if (ctx->this == NULL) + { + this = g_binary_variable_new(/* FIXME */g_basic_type_new(BTP_OTHER) /* FIXME */); + g_binary_variable_set_name(this, "this"); + + ctx->this = g_pseudo_register_new(PRU_THIS); + g_pseudo_register_set_variable(G_PSEUDO_REGISTER(ctx->this), this); + + } + + g_object_ref(G_OBJECT(ctx->this)); + result = ctx->this; + + } + + /* Argument d'appel */ + else if (info & DVI_ARGUMENT) + { + found = g_hash_table_lookup(ctx->args, GUINT_TO_POINTER(DVI_INDEX(info))); + + if (found != NULL) + { + g_object_ref(G_OBJECT(found)); + result = G_DEC_INSTRUCTION(found); + } + else + { + result = g_pseudo_register_new(PRU_ARG); + g_pseudo_register_set_basename(G_PSEUDO_REGISTER(result), "arg"); + g_pseudo_register_set_index(G_PSEUDO_REGISTER(result), DVI_INDEX(info)); + + g_hash_table_insert(ctx->args, GUINT_TO_POINTER(DVI_INDEX(info)), result); + + } + + } + + /* Variable locale */ + else + { + found = g_hash_table_lookup(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info))); + + if (!assign && found != NULL) + { + g_object_ref(G_OBJECT(found)); + result = G_DEC_INSTRUCTION(found); + } + else + { + /* + if (!assign) + { + printf("bug"); + exit(0); + } + */ + + result = g_dec_context_get_awaited_alloc(G_DEC_CONTEXT(ctx), G_ARCH_REGISTER(reg), addr); + + if (result == NULL) + { + result = g_pseudo_register_new(PRU_LOCAL); + g_pseudo_register_set_basename(G_PSEUDO_REGISTER(result), "var"); + g_pseudo_register_set_index(G_PSEUDO_REGISTER(result), ctx->locals_count); + + g_dec_context_notify_reg_alloc(G_DEC_CONTEXT(ctx), G_ARCH_REGISTER(reg), + result, addr); + + } + else + g_object_ref(G_OBJECT(result)); + + g_object_ref(G_OBJECT(result)); + g_hash_table_insert(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info)), result); + ctx->locals_count++; + + } + + } + + return result; + +} +#endif diff --git a/plugins/dalvik/context.h b/plugins/dalvik/context.h new file mode 100644 index 0000000..fbee9e0 --- /dev/null +++ b/plugins/dalvik/context.h @@ -0,0 +1,102 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * context.h - prototypes pour le contexte lié à l'exécution d'un processeur + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_CONTEXT_H +#define _ARCH_DALVIK_CONTEXT_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <arch/archbase.h> + + +#include "instruction.h" + + + +/* ------------------------ MANIPULATION GLOBALE DU CONTEXTE ------------------------ */ + + +#define G_TYPE_DALVIK_CONTEXT g_dalvik_context_get_type() +#define G_DALVIK_CONTEXT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_context_get_type(), GDalvikContext)) +#define G_IS_DALVIK_CONTEXT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_context_get_type())) +#define G_DALVIK_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_CONTEXT, GGDalvikContextClass)) +#define G_IS_DALVIK_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_CONTEXT)) +#define G_DALVIK_CONTEXT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_CONTEXT, GGDalvikContextClass)) + + +/* Définition d'un contexte pour processeur Dalkvik (instance) */ +typedef struct _GDalvikContext GDalvikContext; + +/* Définition d'un contexte pour processeur Dalkvik (classe) */ +typedef struct _GDalvikContextClass GDalvikContextClass; + + +/* Indique le type définit par la GLib pour le contexte de processeur Dalkvik. */ +GType g_dalvik_context_get_type(void); + +/* Crée un contexte pour l'exécution du processeur Dalvik. */ +GDalvikContext *g_dalvik_context_new(void); + +/* Mémorise une zone comme étant des données de branchements. */ +bool g_dalvik_context_register_switch_data(GDalvikContext *ctx, const vmpa2t *start, phys_t length); + +/* Mémorise une zone comme étant des données d'un tableau. */ +bool g_dalvik_context_register_array_data(GDalvikContext *, const vmpa2t *, uint16_t, phys_t); + +/* Place une donnée en tant qu'instruction si besoin est. */ +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *, const GBinContent *, vmpa2t *); + + + +/* ------------------------- CONTEXTE POUR LA DECOMPILATION ------------------------- */ + + +#if 0 +#define G_TYPE_DALVIK_DCONTEXT g_dalvik_dcontext_get_type() +#define G_DALVIK_DCONTEXT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_dcontext_get_type(), GDalvikDContext)) +#define G_IS_DALVIK_DCONTEXT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_dcontext_get_type())) +#define G_DALVIK_DCONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_DCONTEXT, GGDalvikDContextClass)) +#define G_IS_DALVIK_DCONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_DCONTEXT)) +#define G_DALVIK_DCONTEXT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_DCONTEXT, GGDalvikDContextClass)) + + +/* Définition d'un contexte pour décompilation Dalkvik (instance) */ +typedef struct _GDalvikDContext GDalvikDContext; + +/* Définition d'un contexte pour décompilation Dalkvik (classe) */ +typedef struct _GDalvikDContextClass GDalvikDContextClass; + + +/* Indique le type définit par la GLib pour le contexte de décompilation Dalkvik. */ +GType g_dalvik_dcontext_get_type(void); + +/* Crée un contexte pour la décompilation Dalvik. */ +GDalvikDContext *g_dalvik_dcontext_new(void); +#endif + + + +#endif /* _ARCH_DALVIK_CONTEXT_H */ diff --git a/plugins/dalvik/core.c b/plugins/dalvik/core.c new file mode 100644 index 0000000..f5b2f91 --- /dev/null +++ b/plugins/dalvik/core.c @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - intégration du support de l'architecture Dalvik + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <core/processors.h> +#include <plugins/plugin-def.h> + + +#include "processor.h" + + + +DEFINE_CHRYSALIDE_PLUGIN("dalvik", "Add suport for the Dalvik architecture", "0.1.0", + RL("PyChrysalide"), AL(PGA_PLUGIN_INIT)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* ref = espace de référencement global. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + + result = register_processor_type("dalvik", "Dalvik Virtual Machine", G_TYPE_DALVIK_PROCESSOR, + NULL, NULL); + + return result; + +} diff --git a/plugins/dalvik/core.h b/plugins/dalvik/core.h new file mode 100644 index 0000000..e72abaa --- /dev/null +++ b/plugins/dalvik/core.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour l'intégration du support de l'architecture Dalvik + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DALVIK_CORE_H +#define _PLUGINS_DALVIK_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + + + +#endif /* _PLUGINS_DALVIK_CORE_H */ diff --git a/plugins/dalvik/fetch.c b/plugins/dalvik/fetch.c new file mode 100644 index 0000000..aa17a9f --- /dev/null +++ b/plugins/dalvik/fetch.c @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fetch.c - ajouts de sauts à traiter durant la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "fetch.h" + + +#include <assert.h> + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* index = indice de l'opérande précisant le saut. * +* * +* Description : Pousse une adresse précisée par un saut pour désassemblage. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void help_fetching_with_dalvik_instruction(GArchInstruction *instr, GArchProcessor *proc, GDalvikContext *context, GExeFormat *format, size_t index) +{ + GArchOperand *op; /* Opérande numérique en place */ + virt_t target; /* Adresse virtuelle visée */ + bool status; /* Bilan de récupération */ + + op = g_arch_instruction_get_operand(instr, index); + assert(G_IS_IMM_OPERAND(op)); + + status = g_imm_operand_to_virt_t(G_IMM_OPERAND(op), &target); + assert(status); + + if (status) + g_proc_context_push_drop_point(G_PROC_CONTEXT(context), DPL_OTHER, target); + +} diff --git a/plugins/dalvik/fetch.h b/plugins/dalvik/fetch.h new file mode 100644 index 0000000..e9ea340 --- /dev/null +++ b/plugins/dalvik/fetch.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fetch.h - prototypes pour les ajouts de sauts à traiter durant la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_FETCH_H +#define _ARCH_DALVIK_FETCH_H + + +#include <arch/instruction.h> + + +#include "context.h" + + + +/* Pousse une adresse précisée par un saut pour désassemblage. */ +void help_fetching_with_dalvik_instruction(GArchInstruction *, GArchProcessor *, GDalvikContext *, GExeFormat *, size_t); + + +static inline void help_fetching_with_dalvik_goto_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 0); +} + +static inline void help_fetching_with_dalvik_if_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 2); +} + +static inline void help_fetching_with_dalvik_ifz_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 1); +} + + + +#endif /* _ARCH_DALVIK_FETCH_H */ diff --git a/plugins/dalvik/helpers.h b/plugins/dalvik/helpers.h new file mode 100644 index 0000000..6a0ba5c --- /dev/null +++ b/plugins/dalvik/helpers.h @@ -0,0 +1,43 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * helpers.h - prototypes pour l'aide à la mise en place des opérandes Dalvik + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_HELPERS_H +#define _ARCH_DALVIK_HELPERS_H + + +#include "operand.h" + + + +/** + * Glues purement internes. + */ + +#define DALVIK_OPT_POOL_STRING DALVIK_OP_POOL(DPT_STRING) +#define DALVIK_OPT_POOL_TYPE DALVIK_OP_POOL(DPT_TYPE) +#define DALVIK_OPT_POOL_FIELD DALVIK_OP_POOL(DPT_FIELD) +#define DALVIK_OPT_POOL_METH DALVIK_OP_POOL(DPT_METHOD) + + + +#endif /* _ARCH_DALVIK_HELPERS_H */ diff --git a/plugins/dalvik/instruction-def.h b/plugins/dalvik/instruction-def.h new file mode 100644 index 0000000..af6e308 --- /dev/null +++ b/plugins/dalvik/instruction-def.h @@ -0,0 +1,305 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction-def.h - définition interne des identifiants d'instructions Dalvik + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_DEF_H +#define _ARCH_DALVIK_INSTRUCTION_DEF_H + + + +/* Enumération de tous les opcodes */ +typedef enum _DalvikOpcodes +{ + DOP_NOP, /* nop (0x00) */ + DOP_MOVE, /* move (0x01) */ + DOP_MOVE_FROM_16, /* move/from16 (0x02) */ + DOP_MOVE_16, /* move/16 (0x03) */ + DOP_MOVE_WIDE, /* move-wide (0x04) */ + DOP_MOVE_WIDE_FROM_16, /* move-wide/from16 (0x05) */ + DOP_MOVE_WIDE_16, /* move-wide/16 (0x06) */ + DOP_MOVE_OBJECT, /* move-object (0x07) */ + DOP_MOVE_OBJECT_FROM_16, /* move-object/from16 (0x08) */ + DOP_MOVE_OBJECT_16, /* move-object/16 (0x09) */ + DOP_MOVE_RESULT, /* move-result (0x0a) */ + DOP_MOVE_RESULT_WIDE, /* move-result-wide (0x0b) */ + DOP_MOVE_RESULT_OBJECT, /* move-result-object (0x0c) */ + DOP_MOVE_EXCEPTION, /* move-exception (0x0d) */ + DOP_RETURN_VOID, /* return-void (0x0e) */ + DOP_RETURN, /* return (0x0f) */ + DOP_RETURN_WIDE, /* return-wide (0x10) */ + DOP_RETURN_OBJECT, /* return-object (0x11) */ + DOP_CONST_4, /* const/4 (0x12) */ + DOP_CONST_16, /* const/16 (0x13) */ + DOP_CONST, /* const (0x14) */ + DOP_CONST_HIGH16, /* const/high16 (0x15) */ + DOP_CONST_WIDE_16, /* const-wide/16 (0x16) */ + DOP_CONST_WIDE_32, /* const-wide/32 (0x17) */ + DOP_CONST_WIDE, /* const-wide (0x18) */ + DOP_CONST_WIDE_HIGH16, /* const-wide/high16 (0x19) */ + DOP_CONST_STRING, /* const-string (0x1a) */ + DOP_CONST_STRING_JUMBO, /* const-string/jumbo (0x1b) */ + DOP_CONST_CLASS, /* const-class (0x1c) */ + DOP_MONITOR_ENTER, /* monitor-enter (0x1d) */ + DOP_MONITOR_EXIT, /* monitor-exit (0x1e) */ + DOP_CHECK_CAST, /* check-cast (0x1f) */ + DOP_INSTANCE_OF, /* instance-of (0x20) */ + DOP_ARRAY_LENGTH, /* array-length (0x21) */ + DOP_NEW_INSTANCE, /* new-instance (0x22) */ + DOP_NEW_ARRAY, /* new-array (0x23) */ + DOP_FILLED_NEW_ARRAY, /* filled-new-array (0x24) */ + DOP_FILLED_NEW_ARRAY_RANGE, /* filled-new-array/range(0x25)*/ + DOP_FILL_ARRAY_DATA, /* fill-array-data (0x26) */ + DOP_THROW, /* throw (0x27) */ + DOP_GOTO, /* goto (0x28) */ + DOP_GOTO_16, /* goto/16 (0x29) */ + DOP_GOTO_32, /* goto/32 (0x2a) */ + DOP_PACKED_SWITCH, /* packed-switch (0x2b) */ + DOP_SPARSE_SWITCH, /* sparse-switch (0x2c) */ + DOP_CMPL_FLOAT, /* cmp-long (0x2d) */ + DOP_CMPG_FLOAT, /* cmpg-float (0x2e) */ + DOP_CMPL_DOUBLE, /* cmpl-double (0x2f) */ + DOP_CMPG_DOUBLE, /* cmpg-double (0x30) */ + DOP_CMP_LONG, /* cmp-long (0x31) */ + DOP_IF_EQ, /* if-eq (0x32) */ + DOP_IF_NE, /* if-ne (0x33) */ + DOP_IF_LT, /* if-lt (0x34) */ + DOP_IF_GE, /* if-ge (0x35) */ + DOP_IF_GT, /* if-gt (0x36) */ + DOP_IF_LE, /* if-le (0x37) */ + DOP_IF_EQZ, /* if-eqz (0x38) */ + DOP_IF_NEZ, /* if-nez (0x39) */ + DOP_IF_LTZ, /* if-ltz (0x3a) */ + DOP_IF_GEZ, /* if-gez (0x3b) */ + DOP_IF_GTZ, /* if-gtz (0x3c) */ + DOP_IF_LEZ, /* if-lez (0x3d) */ + DOP_UNUSED_3E, /* -unused- (0x3e) */ + DOP_UNUSED_3F, /* -unused- (0x3f) */ + DOP_UNUSED_40, /* -unused- (0x40) */ + DOP_UNUSED_41, /* -unused- (0x41) */ + DOP_UNUSED_42, /* -unused- (0x42) */ + DOP_UNUSED_43, /* -unused- (0x43) */ + DOP_AGET, /* aget (0x44) */ + DOP_AGET_WIDE, /* aget-wide (0x45) */ + DOP_AGET_OBJECT, /* aget-object (0x46) */ + DOP_AGET_BOOLEAN, /* aget-boolean (0x47) */ + DOP_AGET_BYTE, /* aget-byte (0x48) */ + DOP_AGET_CHAR, /* aget-char (0x49) */ + DOP_AGET_SHORT, /* aget-short (0x4a) */ + DOP_APUT, /* aput (0x4b) */ + DOP_APUT_WIDE, /* aput-wide (0x4c) */ + DOP_APUT_OBJECT, /* aput-object (0x4d) */ + DOP_APUT_BOOLEAN, /* aput-boolean (0x4e) */ + DOP_APUT_BYTE, /* aput-byte (0x4f) */ + DOP_APUT_CHAR, /* aput-char (0x50) */ + DOP_APUT_SHORT, /* aput-short (0x51) */ + DOP_IGET, /* iget (0x52) */ + DOP_IGET_WIDE, /* iget-wide (0x53) */ + DOP_IGET_OBJECT, /* iget-object (0x54) */ + DOP_IGET_BOOLEAN, /* iget-boolean (0x55) */ + DOP_IGET_BYTE, /* iget-byte (0x56) */ + DOP_IGET_CHAR, /* iget-char (0x57) */ + DOP_IGET_SHORT, /* iget-short (0x58) */ + DOP_IPUT, /* iput (0x59) */ + DOP_IPUT_WIDE, /* iput-wide (0x5a) */ + DOP_IPUT_OBJECT, /* iput-object (0x5b) */ + DOP_IPUT_BOOLEAN, /* iput-boolean (0x5c) */ + DOP_IPUT_BYTE, /* iput-byte (0x5d) */ + DOP_IPUT_CHAR, /* iput-char (0x5e) */ + DOP_IPUT_SHORT, /* iput-short (0x5f) */ + DOP_SGET, /* sget (0x60) */ + DOP_SGET_WIDE, /* sget-wide (0x61) */ + DOP_SGET_OBJECT, /* sget-object (0x62) */ + DOP_SGET_BOOLEAN, /* sget-boolean (0x63) */ + DOP_SGET_BYTE, /* sget-byte (0x64) */ + DOP_SGET_CHAR, /* sget-char (0x65) */ + DOP_SGET_SHORT, /* sget-short (0x66) */ + DOP_SPUT, /* sput (0x67) */ + DOP_SPUT_WIDE, /* sput-wide (0x68) */ + DOP_SPUT_OBJECT, /* sput-object (0x69) */ + DOP_SPUT_BOOLEAN, /* sput-boolean (0x6a) */ + DOP_SPUT_BYTE, /* sput-byte (0x6b) */ + DOP_SPUT_CHAR, /* sput-char (0x6c) */ + DOP_SPUT_SHORT, /* sput-short (0x6d) */ + DOP_INVOKE_VIRTUAL, /* invoke-virtual (0x6e) */ + DOP_INVOKE_SUPER, /* invoke-super (0x6f) */ + DOP_INVOKE_DIRECT, /* invoke-direct (0x70) */ + DOP_INVOKE_STATIC, /* invoke-static (0x71) */ + DOP_INVOKE_INTERFACE, /* invoke-interface (0x72) */ + DOP_UNUSED_73, /* -unused- (0x73) */ + DOP_INVOKE_VIRTUAL_RANGE, /* invoke-virtual/range (0x74) */ + DOP_INVOKE_SUPER_RANGE, /* invoke-super/range (0x75) */ + DOP_INVOKE_DIRECT_RANGE, /* invoke-direct/range (0x76) */ + DOP_INVOKE_STATIC_RANGE, /* invoke-static/range (0x77) */ + DOP_INVOKE_INTERFACE_RANGE, /* invoke-interface/rg. (0x78) */ + DOP_UNUSED_79, /* -unused- (0x79) */ + DOP_UNUSED_7A, /* -unused- (0x7a) */ + DOP_NEG_INT, /* neg-int (0x7b) */ + DOP_NOT_INT, /* not-int (0x7c) */ + DOP_NEG_LONG, /* neg-long (0x7d) */ + DOP_NOT_LONG, /* not-long (0x7e) */ + DOP_NEG_FLOAT, /* neg-float (0x7f) */ + DOP_NEG_DOUBLE, /* neg-double (0x80) */ + DOP_TO_INT_LONG, /* int-to-long (0x81) */ + DOP_TO_INT_FLOAT, /* int-to-float (0x82) */ + DOP_TO_INT_DOUBLE, /* int-to-double (0x83) */ + DOP_TO_LONG_INT, /* long-to-int (0x84) */ + DOP_TO_LONG_FLOAT, /* long-to-float (0x85) */ + DOP_TO_LONG_DOUBLE, /* long-to-double (0x86) */ + DOP_TO_FLOAT_INT, /* float-to-int (0x87) */ + DOP_TO_FLOAT_LONG, /* float-to-long (0x88) */ + DOP_TO_FLOAT_DOUBLE, /* float-to-double (0x89) */ + DOP_TO_DOUBLE_INT, /* double-to-int (0x8a) */ + DOP_TO_DOUBLE_LONG, /* double-to-long (0x8b) */ + DOP_TO_DOUBLE_FLOAT, /* double-to-float (0x8c) */ + DOP_TO_INT_BYTE, /* int-to-byte (0x8d) */ + DOP_TO_INT_CHAR, /* int-to-char (0x8e) */ + DOP_TO_INT_SHORT, /* int-to-short (0x8f) */ + DOP_ADD_INT, /* add-int (0x90) */ + DOP_SUB_INT, /* sub-int (0x91) */ + DOP_MUL_INT, /* mul-int (0x92) */ + DOP_DIV_INT, /* div-int (0x93) */ + DOP_REM_INT, /* rem-int (0x94) */ + DOP_AND_INT, /* and-int (0x95) */ + DOP_OR_INT, /* or-int (0x96) */ + DOP_XOR_INT, /* xor-int (0x97) */ + DOP_SHL_INT, /* shl-int (0x98) */ + DOP_SHR_INT, /* shr-int (0x99) */ + DOP_USHR_INT, /* ushr-int (0x9a) */ + DOP_ADD_LONG, /* add-long (0x9b) */ + DOP_SUB_LONG, /* sub-long (0x9c) */ + DOP_MUL_LONG, /* mul-long (0x9d) */ + DOP_DIV_LONG, /* div-long (0x9e) */ + DOP_REM_LONG, /* rem-long (0x9f) */ + DOP_AND_LONG, /* and-long (0xa0) */ + DOP_OR_LONG, /* or-long (0xa1) */ + DOP_XOR_LONG, /* xor-long (0xa2) */ + DOP_SHL_LONG, /* shl-long (0xa3) */ + DOP_SHR_LONG, /* shr-long (0xa4) */ + DOP_USHR_LONG, /* ushr-long (0xa5) */ + DOP_ADD_FLOAT, /* add-float (0xa6) */ + DOP_SUB_FLOAT, /* sub-float (0xa7) */ + DOP_MUL_FLOAT, /* mul-float (0xa8) */ + DOP_DIV_FLOAT, /* mul-float (0xa9) */ + DOP_REM_FLOAT, /* mul-float (0xaa) */ + DOP_ADD_DOUBLE, /* add-double (0xab) */ + DOP_SUB_DOUBLE, /* sub-double (0xac) */ + DOP_MUL_DOUBLE, /* mul-double (0xad) */ + DOP_DIV_DOUBLE, /* div-double (0xae) */ + DOP_REM_DOUBLE, /* rem-double (0xaf) */ + DOP_ADD_INT_2ADDR, /* add-int/2addr (0xb0) */ + DOP_SUB_INT_2ADDR, /* add-int/2addr (0xb1) */ + DOP_MUL_INT_2ADDR, /* mul-int/2addr (0xb2) */ + DOP_DIV_INT_2ADDR, /* div-int/2addr (0xb3) */ + DOP_REM_INT_2ADDR, /* rem-int/2addr (0xb4) */ + DOP_AND_INT_2ADDR, /* and-int/2addr (0xb5) */ + DOP_OR_INT_2ADDR, /* or-int/2addr (0xb6) */ + DOP_XOR_INT_2ADDR, /* xor-int/2addr (0xb7) */ + DOP_SHL_INT_2ADDR, /* shl-int/2addr (0xb8) */ + DOP_SHR_INT_2ADDR, /* shr-int/2addr (0xb9) */ + DOP_USHR_INT_2ADDR, /* ushr-int/2addr (0xba) */ + DOP_ADD_LONG_2ADDR, /* add-long/2addr (0xbb) */ + DOP_SUB_LONG_2ADDR, /* sub-long/2addr (0xbc) */ + DOP_MUL_LONG_2ADDR, /* mul-long/2addr (0xbd) */ + DOP_DIV_LONG_2ADDR, /* div-long/2addr (0xbe) */ + DOP_REM_LONG_2ADDR, /* rem-long/2addr (0xbf) */ + DOP_AND_LONG_2ADDR, /* and-long/2addr (0xc0) */ + DOP_OR_LONG_2ADDR, /* or-long/2addr (0xc1) */ + DOP_XOR_LONG_2ADDR, /* xor-long/2addr (0xc2) */ + DOP_SHL_LONG_2ADDR, /* shl-long/2addr (0xc3) */ + DOP_SHR_LONG_2ADDR, /* shr-long/2addr (0xc4) */ + DOP_USHR_LONG_2ADDR, /* ushr-long/2addr (0xc5) */ + DOP_ADD_FLOAT_2ADDR, /* add-float/2addr (0xc6) */ + DOP_SUB_FLOAT_2ADDR, /* sub-float/2addr (0xc7) */ + DOP_MUL_FLOAT_2ADDR, /* mul-float/2addr (0xc8) */ + DOP_DIV_FLOAT_2ADDR, /* div-float/2addr (0xc9) */ + DOP_REM_FLOAT_2ADDR, /* rem-float/2addr (0xca) */ + DOP_ADD_DOUBLE_2ADDR, /* add-double/2addr (0xcb) */ + DOP_SUB_DOUBLE_2ADDR, /* sub-double/2addr (0xcc) */ + DOP_MUL_DOUBLE_2ADDR, /* mul-double/2addr (0xcd) */ + DOP_DIV_DOUBLE_2ADDR, /* div-double/2addr (0xce) */ + DOP_REM_DOUBLE_2ADDR, /* rem-double/2addr (0xcf) */ + DOP_ADD_INT_LIT16, /* add-int/lit16 (0xd0) */ + DOP_RSUB_INT, /* rsub-int (0xd1) */ + DOP_MUL_INT_LIT16, /* mul-int/lit16 (0xd2) */ + DOP_DIV_INT_LIT16, /* div-int/lit16 (0xd3) */ + DOP_REM_INT_LIT16, /* rem-int/lit16 (0xd4) */ + DOP_AND_INT_LIT16, /* and-int/lit16 (0xd5) */ + DOP_OR_INT_LIT16, /* or-int/lit16 (0xd6) */ + DOP_XOR_INT_LIT16, /* xor-int/lit16 (0xd7) */ + DOP_ADD_INT_LIT8, /* add-int/lit8 (0xd8) */ + DOP_RSUB_INT_LIT8, /* rsub-int/lit8 (0xd9) */ + DOP_MUL_INT_LIT8, /* mul-int/lit8 (0xda) */ + DOP_DIV_INT_LIT8, /* div-int/lit8 (0xdb) */ + DOP_REM_INT_LIT8, /* rem-int/lit8 (0xdc) */ + DOP_AND_INT_LIT8, /* and-int/lit8 (0xdd) */ + DOP_OR_INT_LIT8, /* or-int/lit8 (0xde) */ + DOP_XOR_INT_LIT8, /* xor-int/lit8 (0xdf) */ + DOP_SHL_INT_LIT8, /* shl-int/lit8 (0xe0) */ + DOP_SHR_INT_LIT8, /* shr-int/lit8 (0xe1) */ + DOP_USHR_INT_LIT8, /* ushr-int/lit8 (0xe2) */ + DOP_UNUSED_E3, /* -unused- (0xe3) */ + DOP_UNUSED_E4, /* -unused- (0xe4) */ + DOP_UNUSED_E5, /* -unused- (0xe5) */ + DOP_UNUSED_E6, /* -unused- (0xe6) */ + DOP_UNUSED_E7, /* -unused- (0xe7) */ + DOP_UNUSED_E8, /* -unused- (0xe8) */ + DOP_UNUSED_E9, /* -unused- (0xe9) */ + DOP_UNUSED_EA, /* -unused- (0xea) */ + DOP_UNUSED_EB, /* -unused- (0xeb) */ + DOP_UNUSED_EC, /* -unused- (0xec) */ + DOP_UNUSED_ED, /* -unused- (0xed) */ + DOP_UNUSED_EE, /* -unused- (0xee) */ + DOP_UNUSED_EF, /* -unused- (0xef) */ + DOP_UNUSED_F0, /* -unused- (0xf0) */ + DOP_UNUSED_F1, /* -unused- (0xf1) */ + DOP_UNUSED_F2, /* -unused- (0xf2) */ + DOP_UNUSED_F3, /* -unused- (0xf3) */ + DOP_UNUSED_F4, /* -unused- (0xf4) */ + DOP_UNUSED_F5, /* -unused- (0xf5) */ + DOP_UNUSED_F6, /* -unused- (0xf6) */ + DOP_UNUSED_F7, /* -unused- (0xf7) */ + DOP_UNUSED_F8, /* -unused- (0xf8) */ + DOP_UNUSED_F9, /* -unused- (0xf9) */ + DOP_UNUSED_FA, /* -unused- (0xfa) */ + DOP_UNUSED_FB, /* -unused- (0xfb) */ + DOP_UNUSED_FC, /* -unused- (0xfc) */ + DOP_UNUSED_FD, /* -unused- (0xfd) */ + DOP_UNUSED_FE, /* -unused- (0xfe) */ + DOP_UNUSED_FF, /* -unused- (0xff) */ + + DOP_COUNT + +} DalvikOpcodes; + + +/* Enumération de tous les pseudo-opcodes */ +typedef enum _DalvikPseudoOpcodes +{ + DPO_PACKED_SWITCH = 0x0100, /* Switch aux clefs compactes */ + DPO_SPARSE_SWITCH = 0x0200, /* Switch aux clefs éclatées */ + DPO_FILL_ARRAY_DATA = 0x0300 /* Contenu de tableau */ + +} DalvikPseudoOpcodes; + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_DEF_H */ diff --git a/plugins/dalvik/instruction-int.h b/plugins/dalvik/instruction-int.h new file mode 100644 index 0000000..b4e59b0 --- /dev/null +++ b/plugins/dalvik/instruction-int.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction-int.h - prototypes pour la définition générique interne des instructions Dalvik + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_INT_H +#define _ARCH_DALVIK_INSTRUCTION_INT_H + + +#include <arch/instruction-int.h> + + +#include "instruction-def.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikInstruction +{ + GArchInstruction parent; /* A laisser en premier */ + + const char *keyword; /* Nom clef de l'instruction */ + + DalvikOpcodes type; /* Position dans la liste */ + DalvikPseudoOpcodes ptype; /* Position dans la liste #2 */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikInstructionClass +{ + GArchInstructionClass parent; /* A laisser en premier */ + +}; + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_INT_H */ diff --git a/plugins/dalvik/instruction.c b/plugins/dalvik/instruction.c new file mode 100644 index 0000000..aafd34e --- /dev/null +++ b/plugins/dalvik/instruction.c @@ -0,0 +1,234 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction.c - gestion des instructions de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "instruction.h" + + +#include <string.h> + + +#include <arch/instruction-int.h> +#include <arch/register-int.h> + + +#include "instruction-int.h" +#include "operands/register.h" + + + +/* Initialise la classe des instructions pour Dalvik. */ +static void g_dalvik_instruction_class_init(GDalvikInstructionClass *); + +/* Initialise une instance d'opérande d'architecture Dalvik. */ +static void g_dalvik_instruction_init(GDalvikInstruction *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_instruction_dispose(GDalvikInstruction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_instruction_finalize(GDalvikInstruction *); + +/* Indique l'encodage d'une instruction de façon détaillée. */ +static const char *g_dalvik_instruction_get_encoding(const GDalvikInstruction *); + +/* Fournit le nom humain de l'instruction manipulée. */ +static const char *dalvik_instruction_get_keyword(const GDalvikInstruction *, AsmSyntax); + + + +/* Indique le type défini pour une instruction d'architecture Dalvik. */ +G_DEFINE_TYPE(GDalvikInstruction, g_dalvik_instruction, G_TYPE_ARCH_INSTRUCTION); + + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des instructions pour Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_class_init(GDalvikInstructionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchInstructionClass *instr; /* Encore une autre vision... */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_instruction_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_instruction_finalize; + + instr = G_ARCH_INSTRUCTION_CLASS(klass); + + instr->get_encoding = (get_instruction_encoding_fc)g_dalvik_instruction_get_encoding; + instr->get_keyword = (get_instruction_keyword_fc)dalvik_instruction_get_keyword; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_init(GDalvikInstruction *instr) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_dispose(GDalvikInstruction *instr) +{ + G_OBJECT_CLASS(g_dalvik_instruction_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_finalize(GDalvikInstruction *instr) +{ + G_OBJECT_CLASS(g_dalvik_instruction_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : keyword = définition du nom humaine de l'instruction. * +* * +* Description : Crée une instruction pour l'architecture Dalvik. * +* * +* Retour : Adresse de la structure mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_instruction_new(const char *keyword) +{ + GArchInstruction *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_INSTRUCTION, NULL); + + G_DALVIK_INSTRUCTION(result)->keyword = keyword; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction quelconque à consulter. * +* * +* Description : Indique l'encodage d'une instruction de façon détaillée. * +* * +* Retour : Description humaine de l'encodage utilisé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static const char *g_dalvik_instruction_get_encoding(const GDalvikInstruction *instr) +{ + const char *result; /* Description à retourner */ + + result = "Dalvik"; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à consulter. * +* syntax = type de représentation demandée. * +* * +* Description : Fournit le nom humain de l'instruction manipulée. * +* * +* Retour : Mot clef de bas niveau. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static const char *dalvik_instruction_get_keyword(const GDalvikInstruction *instr, AsmSyntax syntax) +{ + return instr->keyword; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction Dalvik à consulter. * +* * +* Description : Indique l'opcode associé à une instruction Dalvik. * +* * +* Retour : Identifiant de l'instruction en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DalvikOpcodes g_dalvik_instruction_get_opcode(const GDalvikInstruction *instr) +{ + return instr->type; + +} diff --git a/plugins/dalvik/instruction.h b/plugins/dalvik/instruction.h new file mode 100644 index 0000000..8f05cc5 --- /dev/null +++ b/plugins/dalvik/instruction.h @@ -0,0 +1,68 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction.h - prototypes pour la gestion des instructions de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_H +#define _ARCH_DALVIK_INSTRUCTION_H + + +#include <arch/instruction.h> + + +#include "instruction-def.h" + + + +#define G_TYPE_DALVIK_INSTRUCTION g_dalvik_instruction_get_type() +#define G_DALVIK_INSTRUCTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_instruction_get_type(), GDalvikInstruction)) +#define G_IS_DALVIK_INSTRUCTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_instruction_get_type())) +#define G_DALVIK_INSTRUCTION_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), g_dalvik_instruction_get_type(), GDalvikInstructionIface)) + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +typedef struct _GDalvikInstruction GDalvikInstruction; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +typedef struct _GDalvikInstructionClass GDalvikInstructionClass; + + +/* Indique le type défini pour une instruction d'architecture Dalvik. */ +GType g_dalvik_instruction_get_type(void); + +/* Crée une instruction pour l'architecture Dalvik. */ +GArchInstruction *g_dalvik_instruction_new(const char *); + +/* Indique l'opcode associé à une instruction Dalvik. */ +DalvikOpcodes g_dalvik_instruction_get_opcode(const struct _GDalvikInstruction *); + + + +/* --------------------- AIDE A LA MISE EN PLACE D'INSTRUCTIONS --------------------- */ + + + + +/* ------------------------ AIDE A LA PHASE DE DECOMPILATION ------------------------ */ + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_H */ diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c new file mode 100644 index 0000000..ae7aa63 --- /dev/null +++ b/plugins/dalvik/link.c @@ -0,0 +1,322 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * link.c - édition des liens après la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "link.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdbool.h> +#include <stdio.h> + + +#include <i18n.h> +#include <analysis/db/items/comment.h> +#include <arch/target.h> +#include <common/extstr.h> + + +#include "pseudo/switch.h" + + + +/* Mémorisation des cas rencontrés */ +typedef struct _case_comment +{ + bool valid; /* Entrée utilisable ? */ + + vmpa2t handler; /* Position du code associé */ + + bool is_default; /* Gestion par défaut ? */ + union + { + int32_t key; /* Clef unique */ + int32_t *keys; /* Ensemble de clefs dynamique */ + }; + + size_t count; /* Nombre de clefs conservées */ + +} case_comment; + + +/* REMME */ +#define COMMENT_LINE_SEP "\n" + + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* * +* Description : Etablit tous les liens liés à un embranchement compressé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void handle_dalvik_packed_switch_links(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format) +{ + GArchOperand *op; /* Opérande numérique en place */ + bool defined; /* Adresse définie ? */ + vmpa2t addr; /* Adresse de destination */ + virt_t virt; /* Adresse virtuelle */ + GArchInstruction *switch_ins; /* Instruction de branchements */ + const mrange_t *range; /* Zone d'occupation */ + const vmpa2t *start_addr; /* Adresse de référentiel */ + const int32_t *keys; /* Conditions de sauts */ + const int32_t *targets; /* Positions relatives liées */ + uint16_t count; /* Taille de ces tableaux */ + case_comment *comments; /* Mémorisation progressive */ + vmpa2t def_addr; /* Traitement par défaut */ + GArchInstruction *target; /* Ligne visée par la référence*/ + case_comment *comment; /* Commentaire à éditer */ + uint16_t i; /* Boucle de parcours #1 */ + size_t j; /* Boucle de parcours #2 */ + int32_t tmp; /* Sauvegarde temporaire */ + char *msg; /* Indication à imprimer */ + size_t k; /* Boucle de parcours #3 */ + char *int_val; /* Valeur en chaîne de carac. */ + GDbComment *item; /* Indication sur la condition */ + + g_arch_instruction_lock_operands(instr); + + assert(_g_arch_instruction_count_operands(instr) == 2); + + op = _g_arch_instruction_get_operand(instr, 1); + + g_arch_instruction_unlock_operands(instr); + + defined = false; + + if (G_IS_TARGET_OPERAND(op)) + { + g_target_operand_get_addr(G_TARGET_OPERAND(op), &addr); + defined = true; + } + + else if (G_IS_IMM_OPERAND(op)) + { + if (g_imm_operand_to_virt_t(G_IMM_OPERAND(op), &virt)) + { + init_vmpa(&addr, VMPA_NO_PHYSICAL, virt); + defined = true; + } + } + + if (defined) + { + switch_ins = g_arch_processor_find_instr_by_address(proc, &addr); + + if (G_IS_DALVIK_SWITCH_INSTR(switch_ins)) + { + range = g_arch_instruction_get_range(instr); + + start_addr = get_mrange_addr(range); + + /* Préparation de l'édition des commentaires */ + + count = g_dalvik_switch_get_data(G_DALVIK_SWITCH_INSTR(switch_ins), &keys, &targets); + + comments = (case_comment *)calloc(1 + count, sizeof(case_comment)); + + /* Cas par défaut */ + + compute_mrange_end_addr(range, &def_addr); + + target = g_arch_processor_find_instr_by_address(proc, &def_addr); + + if (target != NULL) + { + comment = &comments[0]; + + comment->valid = true; + + copy_vmpa(&comment->handler, &def_addr); + + comment->is_default = true; + + g_arch_instruction_link_with(instr, target, ILT_CASE_JUMP); + + g_object_unref(G_OBJECT(target)); + + } + + /* Autres cas */ + + for (i = 0; i < count; i++) + { + copy_vmpa(&addr, start_addr); + advance_vmpa(&addr, targets[i] * sizeof(uint16_t)); + + if (cmp_vmpa(&addr, &def_addr) == 0) + continue; + + target = g_arch_processor_find_instr_by_address(proc, &addr); + + if (target != NULL) + { + for (j = 0; j < (1 + count); j++) + { + if (!comments[j].valid) + break; + + if (cmp_vmpa(&addr, &comments[j].handler) == 0) + break; + + } + + assert(j < (1 + count)); + + comment = &comments[j]; + + if (!comment->valid) + { + comment->valid = true; + + copy_vmpa(&comment->handler, &addr); + + comment->key = keys[i]; + comment->count = 1; + + } + else + { + if (comment->count == 0) + comment->key = keys[i]; + + if (comment->count == 1) + { + tmp = comment->key; + + comment->keys = (int32_t *)calloc(2, sizeof(int32_t)); + + comment->keys[0] = tmp; + comment->keys[1] = keys[i]; + + comment->count = 2; + + } + + else + { + comment->count++; + + comment->keys = (int32_t *)realloc(comment->keys, comment->count * sizeof(int32_t)); + + comment->keys[comment->count - 1] = keys[i]; + + } + + } + + g_arch_instruction_link_with(instr, target, ILT_CASE_JUMP); + + g_object_unref(G_OBJECT(target)); + + } + + } + + /* Edition des commentaires et nettoyage */ + + for (j = 0; j < (1 + count); j++) + { + comment = &comments[j]; + + if (!comment->valid) + break; + + switch (comment->count) + { + case 0: + msg = NULL; + break; + + case 1: + asprintf(&msg, _("Case %d"), comment->key); + break; + + default: + + msg = NULL; + + /** + * Les spécifications indiquent que les clefs sont triées. + * Donc nul besoin de s'occuper de leur ordre ici. + */ + + for (k = 0; k < comment->count; k++) + { + if (k > 0) + /* FIXME : encapsuler ! */ + msg = stradd(msg, COMMENT_LINE_SEP); + + asprintf(&int_val, _("Case %d:"), comment->keys[k]); + msg = stradd(msg, int_val); + free(int_val); + + } + + break; + + } + + if (comment->is_default) + { + if (msg == NULL) + msg = strdup(_("Defaut case:")); + else + { + /* FIXME : encapsuler ! */ + msg = stradd(msg, COMMENT_LINE_SEP); + msg = stradd(msg, _("Defaut case")); + } + + } + + item = g_db_comment_new_area(&comment->handler, BLF_NONE, msg, true); + + g_db_item_set_volatile(G_DB_ITEM(item), true); + g_proc_context_add_db_item(context, G_DB_ITEM(item)); + + free(msg); + + if (comment->count > 1) + free(comment->keys); + + } + + free(comments); + + } + + if (switch_ins != NULL) + g_object_unref(G_OBJECT(switch_ins)); + + } + +} diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h new file mode 100644 index 0000000..41d03ec --- /dev/null +++ b/plugins/dalvik/link.h @@ -0,0 +1,48 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * link.h - prototypes pour l'édition des liens après la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_LINK_H +#define _ARCH_DALVIK_LINK_H + + +#include <arch/link.h> + + + +static inline void handle_dalvik_if_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + handle_branch_as_link(ins, proc, ctx, fmt, 2); +} + +static inline void handle_dalvik_ifz_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + handle_branch_as_link(ins, proc, ctx, fmt, 1); +} + + +/* Etablit tous les liens liés à un embranchement compressé. */ +void handle_dalvik_packed_switch_links(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *); + + + +#endif /* _ARCH_DALVIK_LINK_H */ diff --git a/plugins/dalvik/opcodes/Makefile.am b/plugins/dalvik/opcodes/Makefile.am new file mode 100644 index 0000000..9889cfa --- /dev/null +++ b/plugins/dalvik/opcodes/Makefile.am @@ -0,0 +1,23 @@ + +# Initialement, ce Makefile est conçu sans définition de am__depfiles_maybe. +# Est-ce parce que GENERATED_FILES est vide et qu'il n'y a donc pas de code +# source ? En tout cas, au premier écrasement de gencode.mk, tous les fichiers +# sont regénérés, et am__depfiles_maybe apparaît enfin. Mais trop tard : +# des fichiers .Plo sont attendus mais non créés par l'ancien Makefile. +# On force les choses ici. +am__depfiles_maybe = depfiles + +include gencode.mk + +noinst_LTLIBRARIES = libdalvikopcodes.la + +libdalvikopcodes_la_SOURCES = $(GENERATED_FILES) + +libdalvikopcodes_la_LIBADD = + +libdalvikopcodes_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dalvik/opdefs/Makefile.am b/plugins/dalvik/opdefs/Makefile.am new file mode 100644 index 0000000..fed398f --- /dev/null +++ b/plugins/dalvik/opdefs/Makefile.am @@ -0,0 +1,286 @@ + +include $(top_srcdir)/tools/d2c/d2c.mk + + +D2C_BIN = $(top_srcdir)/tools/d2c/d2c +GEN_BIN = $(top_srcdir)/tools/d2c/d2c_genmakefile.sh + +D2C_TYPE = format + +D2C_OUTDIR = $(PWD)/.. + +D2C_ARCH = dalvik +D2C_HEADER = _ARCH_DALVIK +D2C_PREFIX = DALVIK_OPT_ + +D2C_ENCODINGS = \ + -e none + +D2C_MACROS = \ + -M SetInsFlag=g_arch_instruction_set_flag + +FIXED_C_INCLUDES = \ + \n\#include \<stdint.h\> \ + \n \ + \n\#include <analysis\/content.h> \ + \n\#include <arch/context.h> \ + \n\#include <format\/executable.h> \ + \n \ + \n\#include \"..\/fetch.h\" \ + \n\#include \"..\/helpers.h\" \ + \n\#include \"..\/instruction.h\" \ + \n\#include \"..\/link.h\" \ + \n\#include \"..\/post.h\" \ + \n\#include \"..\/processor.h\" \ + \n\n + +FIXED_H_INCLUDES = \ + \#include <stdint.h> \ + \n \ + \n\#include <arch/context.h> \ + \n\#include <analysis/content.h> \ + \n\#include <format/executable.h> \ + \n \ + \n\#include "../processor.h" + +# for (( i = 0; i < 256; i++)); do def=$(ls `printf "*_%02x.d" $i` 2> /dev/null); test -z "$def" || echo -e "\t$def\t\t\t\t\t\t\t\\" ; done +DALVIK_DEFS = \ + nop_00.d \ + move_01.d \ + move_02.d \ + move_03.d \ + move_04.d \ + move_05.d \ + move_06.d \ + move_07.d \ + move_08.d \ + move_09.d \ + move_0a.d \ + move_0b.d \ + move_0c.d \ + move_0d.d \ + return_0e.d \ + return_0f.d \ + return_10.d \ + return_11.d \ + const_12.d \ + const_13.d \ + const_14.d \ + const_15.d \ + const_16.d \ + const_17.d \ + const_18.d \ + const_19.d \ + const_1a.d \ + const_1b.d \ + const_1c.d \ + monitor_1d.d \ + monitor_1e.d \ + check_1f.d \ + instanceof_20.d \ + array_21.d \ + new_22.d \ + new_23.d \ + array_24.d \ + filled_25.d \ + array_26.d \ + throw_27.d \ + goto_28.d \ + goto_29.d \ + goto_2a.d \ + switch_2b.d \ + switch_2c.d \ + cmpl_2d.d \ + cmpg_2e.d \ + cmpl_2f.d \ + cmpg_30.d \ + cmp_31.d \ + if_32.d \ + if_33.d \ + if_34.d \ + if_35.d \ + if_36.d \ + if_37.d \ + if_38.d \ + if_39.d \ + if_3a.d \ + if_3b.d \ + if_3c.d \ + if_3d.d \ + aget_44.d \ + aget_45.d \ + aget_46.d \ + aget_47.d \ + aget_48.d \ + aget_49.d \ + aget_4a.d \ + aput_4b.d \ + aput_4c.d \ + aput_4d.d \ + aput_4e.d \ + aput_4f.d \ + aput_50.d \ + aput_51.d \ + iget_52.d \ + iget_53.d \ + iget_54.d \ + iget_55.d \ + iget_56.d \ + iget_57.d \ + iget_58.d \ + iput_59.d \ + iput_5a.d \ + iput_5b.d \ + iput_5c.d \ + iput_5d.d \ + iput_5e.d \ + iput_5f.d \ + sget_60.d \ + sget_61.d \ + sget_62.d \ + sget_63.d \ + sget_64.d \ + sget_65.d \ + sget_66.d \ + sput_67.d \ + sput_68.d \ + sput_69.d \ + sput_6a.d \ + sput_6b.d \ + sput_6c.d \ + sput_6d.d \ + invoke_6e.d \ + invoke_6f.d \ + invoke_70.d \ + invoke_71.d \ + invoke_72.d \ + invoke_74.d \ + invoke_75.d \ + invoke_76.d \ + invoke_77.d \ + invoke_78.d \ + neg_7b.d \ + not_7c.d \ + neg_7d.d \ + not_7e.d \ + neg_7f.d \ + neg_80.d \ + to_81.d \ + to_82.d \ + to_83.d \ + to_84.d \ + to_85.d \ + to_86.d \ + to_87.d \ + to_88.d \ + to_89.d \ + to_8a.d \ + to_8b.d \ + to_8c.d \ + to_8d.d \ + to_8e.d \ + to_8f.d \ + add_90.d \ + sub_91.d \ + mul_92.d \ + div_93.d \ + rem_94.d \ + and_95.d \ + or_96.d \ + xor_97.d \ + shl_98.d \ + shr_99.d \ + ushr_9a.d \ + add_9b.d \ + sub_9c.d \ + mul_9d.d \ + div_9e.d \ + rem_9f.d \ + and_a0.d \ + or_a1.d \ + xor_a2.d \ + shl_a3.d \ + shr_a4.d \ + ushr_a5.d \ + add_a6.d \ + sub_a7.d \ + mul_a8.d \ + div_a9.d \ + rem_aa.d \ + add_ab.d \ + sub_ac.d \ + mul_ad.d \ + div_ae.d \ + rem_af.d \ + add_b0.d \ + sub_b1.d \ + mul_b2.d \ + div_b3.d \ + rem_b4.d \ + and_b5.d \ + or_b6.d \ + xor_b7.d \ + shl_b8.d \ + shr_b9.d \ + ushr_ba.d \ + add_bb.d \ + sub_bc.d \ + mul_bd.d \ + div_be.d \ + rem_bf.d \ + and_c0.d \ + or_c1.d \ + xor_c2.d \ + shl_c3.d \ + shr_c4.d \ + ushr_c5.d \ + add_c6.d \ + sub_c7.d \ + mul_c8.d \ + div_c9.d \ + rem_ca.d \ + add_cb.d \ + sub_cc.d \ + mul_cd.d \ + div_ce.d \ + rem_cf.d \ + add_d0.d \ + rsub_d1.d \ + mul_d2.d \ + div_d3.d \ + rem_d4.d \ + and_d5.d \ + or_d6.d \ + xor_d7.d \ + add_d8.d \ + rsub_d9.d \ + mul_da.d \ + div_db.d \ + rem_dc.d \ + and_dd.d \ + or_de.d \ + xor_df.d \ + shl_e0.d \ + shr_e1.d \ + ushr_e2.d + +# make dist procède répertoire par répertoire. Or le répertoire opcodes utilise +# le contenu du répertoire opdefs. Il faut donc générer les fichiers nécessaires +# au répertoire opcodes. Et comme on ne peut pas compléter la règle dist, on +# ajoute à la distribution les cibles marquant la génération. (1/2) + +EXTRA_DIST = $(DALVIK_DEFS) $(DALVIK_DEFS:.d=.g) + +# Après coup, on supprime les fichiers inutiles de la distribution/ (2/2) + +dist-hook: + cd $(distdir) && rm $(DALVIK_DEFS:.d=.g) + +all: $(DALVIK_DEFS:.d=.g) fmk.done d2c_final_rules + +fmk.done: $(DALVIK_DEFS) + $(GEN_BIN) ../opcodes/ ../opdefs/.gen $(top_srcdir)/tools/d2c/globalgen.mk - + touch $@ + +clean: + rm -rf $(DALVIK_DEFS:.d=.g) .gen fmk.done diff --git a/plugins/dalvik/opdefs/add_90.d b/plugins/dalvik/opdefs/add_90.d new file mode 100644 index 0000000..04168ab --- /dev/null +++ b/plugins/dalvik/opdefs/add_90.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_9b.d b/plugins/dalvik/opdefs/add_9b.d new file mode 100644 index 0000000..fc40b13 --- /dev/null +++ b/plugins/dalvik/opdefs/add_9b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_a6.d b/plugins/dalvik/opdefs/add_a6.d new file mode 100644 index 0000000..055358b --- /dev/null +++ b/plugins/dalvik/opdefs/add_a6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_ab.d b/plugins/dalvik/opdefs/add_ab.d new file mode 100644 index 0000000..1506483 --- /dev/null +++ b/plugins/dalvik/opdefs/add_ab.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_b0.d b/plugins/dalvik/opdefs/add_b0.d new file mode 100644 index 0000000..9c5605e --- /dev/null +++ b/plugins/dalvik/opdefs/add_b0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_bb.d b/plugins/dalvik/opdefs/add_bb.d new file mode 100644 index 0000000..aba27f3 --- /dev/null +++ b/plugins/dalvik/opdefs/add_bb.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_c6.d b/plugins/dalvik/opdefs/add_c6.d new file mode 100644 index 0000000..3394b92 --- /dev/null +++ b/plugins/dalvik/opdefs/add_c6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_cb.d b/plugins/dalvik/opdefs/add_cb.d new file mode 100644 index 0000000..896f614 --- /dev/null +++ b/plugins/dalvik/opdefs/add_cb.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_d0.d b/plugins/dalvik/opdefs/add_d0.d new file mode 100644 index 0000000..f6f4324 --- /dev/null +++ b/plugins/dalvik/opdefs/add_d0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/add_d8.d b/plugins/dalvik/opdefs/add_d8.d new file mode 100644 index 0000000..ec4ee01 --- /dev/null +++ b/plugins/dalvik/opdefs/add_d8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/aget_44.d b/plugins/dalvik/opdefs/aget_44.d new file mode 100644 index 0000000..b3a26cb --- /dev/null +++ b/plugins/dalvik/opdefs/aget_44.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_45.d b/plugins/dalvik/opdefs/aget_45.d new file mode 100644 index 0000000..184667b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_45.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-wide + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_46.d b/plugins/dalvik/opdefs/aget_46.d new file mode 100644 index 0000000..b951c09 --- /dev/null +++ b/plugins/dalvik/opdefs/aget_46.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-object + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_47.d b/plugins/dalvik/opdefs/aget_47.d new file mode 100644 index 0000000..0a5e90b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_47.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-boolean + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_48.d b/plugins/dalvik/opdefs/aget_48.d new file mode 100644 index 0000000..c84f513 --- /dev/null +++ b/plugins/dalvik/opdefs/aget_48.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-byte + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_49.d b/plugins/dalvik/opdefs/aget_49.d new file mode 100644 index 0000000..396434b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_49.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-char + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_4a.d b/plugins/dalvik/opdefs/aget_4a.d new file mode 100644 index 0000000..ce9497f --- /dev/null +++ b/plugins/dalvik/opdefs/aget_4a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-short + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_95.d b/plugins/dalvik/opdefs/and_95.d new file mode 100644 index 0000000..3926c05 --- /dev/null +++ b/plugins/dalvik/opdefs/and_95.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_a0.d b/plugins/dalvik/opdefs/and_a0.d new file mode 100644 index 0000000..b011156 --- /dev/null +++ b/plugins/dalvik/opdefs/and_a0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_b5.d b/plugins/dalvik/opdefs/and_b5.d new file mode 100644 index 0000000..dec2ffb --- /dev/null +++ b/plugins/dalvik/opdefs/and_b5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/and_c0.d b/plugins/dalvik/opdefs/and_c0.d new file mode 100644 index 0000000..6fb52b6 --- /dev/null +++ b/plugins/dalvik/opdefs/and_c0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/and_d5.d b/plugins/dalvik/opdefs/and_d5.d new file mode 100644 index 0000000..081c0d0 --- /dev/null +++ b/plugins/dalvik/opdefs/and_d5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/and_dd.d b/plugins/dalvik/opdefs/and_dd.d new file mode 100644 index 0000000..8adae05 --- /dev/null +++ b/plugins/dalvik/opdefs/and_dd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/aput_4b.d b/plugins/dalvik/opdefs/aput_4b.d new file mode 100644 index 0000000..90cc75f --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4c.d b/plugins/dalvik/opdefs/aput_4c.d new file mode 100644 index 0000000..ff545f4 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-wide + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4d.d b/plugins/dalvik/opdefs/aput_4d.d new file mode 100644 index 0000000..4c9ae98 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-object + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4e.d b/plugins/dalvik/opdefs/aput_4e.d new file mode 100644 index 0000000..1602e62 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-boolean + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4f.d b/plugins/dalvik/opdefs/aput_4f.d new file mode 100644 index 0000000..3632974 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-byte + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_50.d b/plugins/dalvik/opdefs/aput_50.d new file mode 100644 index 0000000..c295386 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_50.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-char + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_51.d b/plugins/dalvik/opdefs/aput_51.d new file mode 100644 index 0000000..11ad5b2 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_51.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-short + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/array_21.d b/plugins/dalvik/opdefs/array_21.d new file mode 100644 index 0000000..e0ca860 --- /dev/null +++ b/plugins/dalvik/opdefs/array_21.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title array-length + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/array_24.d b/plugins/dalvik/opdefs/array_24.d new file mode 100644 index 0000000..00b7896 --- /dev/null +++ b/plugins/dalvik/opdefs/array_24.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title filled-new-array + +@encoding() { + + @format 35c | pool_type + +} diff --git a/plugins/dalvik/opdefs/array_26.d b/plugins/dalvik/opdefs/array_26.d new file mode 100644 index 0000000..f57afd1 --- /dev/null +++ b/plugins/dalvik/opdefs/array_26.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title fill-array-data + +@encoding() { + + @format 31t + +} diff --git a/plugins/dalvik/opdefs/check_1f.d b/plugins/dalvik/opdefs/check_1f.d new file mode 100644 index 0000000..0f59ba7 --- /dev/null +++ b/plugins/dalvik/opdefs/check_1f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title check-cast + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/cmp_31.d b/plugins/dalvik/opdefs/cmp_31.d new file mode 100644 index 0000000..baedee6 --- /dev/null +++ b/plugins/dalvik/opdefs/cmp_31.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmp-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpg_2e.d b/plugins/dalvik/opdefs/cmpg_2e.d new file mode 100644 index 0000000..296337c --- /dev/null +++ b/plugins/dalvik/opdefs/cmpg_2e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpg-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpg_30.d b/plugins/dalvik/opdefs/cmpg_30.d new file mode 100644 index 0000000..dbb66ae --- /dev/null +++ b/plugins/dalvik/opdefs/cmpg_30.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpg-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpl_2d.d b/plugins/dalvik/opdefs/cmpl_2d.d new file mode 100644 index 0000000..b76b73e --- /dev/null +++ b/plugins/dalvik/opdefs/cmpl_2d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpl-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpl_2f.d b/plugins/dalvik/opdefs/cmpl_2f.d new file mode 100644 index 0000000..cebd732 --- /dev/null +++ b/plugins/dalvik/opdefs/cmpl_2f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpl-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/const_12.d b/plugins/dalvik/opdefs/const_12.d new file mode 100644 index 0000000..bc4e4f8 --- /dev/null +++ b/plugins/dalvik/opdefs/const_12.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/4 + +@encoding() { + + @format 11n + +} diff --git a/plugins/dalvik/opdefs/const_13.d b/plugins/dalvik/opdefs/const_13.d new file mode 100644 index 0000000..9b65ba4 --- /dev/null +++ b/plugins/dalvik/opdefs/const_13.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/16 + +@encoding() { + + @format 21s + +} diff --git a/plugins/dalvik/opdefs/const_14.d b/plugins/dalvik/opdefs/const_14.d new file mode 100644 index 0000000..039d372 --- /dev/null +++ b/plugins/dalvik/opdefs/const_14.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const + +@encoding() { + + @format 31i + +} diff --git a/plugins/dalvik/opdefs/const_15.d b/plugins/dalvik/opdefs/const_15.d new file mode 100644 index 0000000..add0673 --- /dev/null +++ b/plugins/dalvik/opdefs/const_15.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/high16 + +@encoding() { + + @format 21h + +} diff --git a/plugins/dalvik/opdefs/const_16.d b/plugins/dalvik/opdefs/const_16.d new file mode 100644 index 0000000..cb1ce25 --- /dev/null +++ b/plugins/dalvik/opdefs/const_16.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/16 + +@encoding() { + + @format 21s + +} diff --git a/plugins/dalvik/opdefs/const_17.d b/plugins/dalvik/opdefs/const_17.d new file mode 100644 index 0000000..88a9f0c --- /dev/null +++ b/plugins/dalvik/opdefs/const_17.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/32 + +@encoding() { + + @format 31i + +} diff --git a/plugins/dalvik/opdefs/const_18.d b/plugins/dalvik/opdefs/const_18.d new file mode 100644 index 0000000..d792add --- /dev/null +++ b/plugins/dalvik/opdefs/const_18.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide + +@encoding() { + + @format 51l + +} diff --git a/plugins/dalvik/opdefs/const_19.d b/plugins/dalvik/opdefs/const_19.d new file mode 100644 index 0000000..577eaf3 --- /dev/null +++ b/plugins/dalvik/opdefs/const_19.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/high16 + +@encoding() { + + @format 21h + +} diff --git a/plugins/dalvik/opdefs/const_1a.d b/plugins/dalvik/opdefs/const_1a.d new file mode 100644 index 0000000..22c11ae --- /dev/null +++ b/plugins/dalvik/opdefs/const_1a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-string + +@encoding() { + + @format 21c | pool_string + +} diff --git a/plugins/dalvik/opdefs/const_1b.d b/plugins/dalvik/opdefs/const_1b.d new file mode 100644 index 0000000..699cef6 --- /dev/null +++ b/plugins/dalvik/opdefs/const_1b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-string/jumbo + +@encoding() { + + @format 31c | pool_string + +} diff --git a/plugins/dalvik/opdefs/const_1c.d b/plugins/dalvik/opdefs/const_1c.d new file mode 100644 index 0000000..c539ee9 --- /dev/null +++ b/plugins/dalvik/opdefs/const_1c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-class + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/div_93.d b/plugins/dalvik/opdefs/div_93.d new file mode 100644 index 0000000..cfb7f34 --- /dev/null +++ b/plugins/dalvik/opdefs/div_93.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_9e.d b/plugins/dalvik/opdefs/div_9e.d new file mode 100644 index 0000000..b12ebd1 --- /dev/null +++ b/plugins/dalvik/opdefs/div_9e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_a9.d b/plugins/dalvik/opdefs/div_a9.d new file mode 100644 index 0000000..f7ce52e --- /dev/null +++ b/plugins/dalvik/opdefs/div_a9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_ae.d b/plugins/dalvik/opdefs/div_ae.d new file mode 100644 index 0000000..fae8164 --- /dev/null +++ b/plugins/dalvik/opdefs/div_ae.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_b3.d b/plugins/dalvik/opdefs/div_b3.d new file mode 100644 index 0000000..d1cf5d9 --- /dev/null +++ b/plugins/dalvik/opdefs/div_b3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_be.d b/plugins/dalvik/opdefs/div_be.d new file mode 100644 index 0000000..a146c29 --- /dev/null +++ b/plugins/dalvik/opdefs/div_be.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_c9.d b/plugins/dalvik/opdefs/div_c9.d new file mode 100644 index 0000000..541ed90 --- /dev/null +++ b/plugins/dalvik/opdefs/div_c9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_ce.d b/plugins/dalvik/opdefs/div_ce.d new file mode 100644 index 0000000..2c735e4 --- /dev/null +++ b/plugins/dalvik/opdefs/div_ce.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_d3.d b/plugins/dalvik/opdefs/div_d3.d new file mode 100644 index 0000000..9dde5bd --- /dev/null +++ b/plugins/dalvik/opdefs/div_d3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/div_db.d b/plugins/dalvik/opdefs/div_db.d new file mode 100644 index 0000000..6754ed8 --- /dev/null +++ b/plugins/dalvik/opdefs/div_db.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/filled_25.d b/plugins/dalvik/opdefs/filled_25.d new file mode 100644 index 0000000..cf31e09 --- /dev/null +++ b/plugins/dalvik/opdefs/filled_25.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title filled-new-array/range + +@encoding() { + + @format 3rc | pool_type + +} diff --git a/plugins/dalvik/opdefs/goto_28.d b/plugins/dalvik/opdefs/goto_28.d new file mode 100644 index 0000000..a9c12d1 --- /dev/null +++ b/plugins/dalvik/opdefs/goto_28.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto + +@encoding() { + + @format 10t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/goto_29.d b/plugins/dalvik/opdefs/goto_29.d new file mode 100644 index 0000000..8272a7d --- /dev/null +++ b/plugins/dalvik/opdefs/goto_29.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto/16 + +@encoding() { + + @format 20t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/goto_2a.d b/plugins/dalvik/opdefs/goto_2a.d new file mode 100644 index 0000000..937b10d --- /dev/null +++ b/plugins/dalvik/opdefs/goto_2a.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto/32 + +@encoding() { + + @format 30t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_32.d b/plugins/dalvik/opdefs/if_32.d new file mode 100644 index 0000000..f88098a --- /dev/null +++ b/plugins/dalvik/opdefs/if_32.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-eq + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_33.d b/plugins/dalvik/opdefs/if_33.d new file mode 100644 index 0000000..f655f67 --- /dev/null +++ b/plugins/dalvik/opdefs/if_33.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ne + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_34.d b/plugins/dalvik/opdefs/if_34.d new file mode 100644 index 0000000..1146980 --- /dev/null +++ b/plugins/dalvik/opdefs/if_34.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-lt + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_35.d b/plugins/dalvik/opdefs/if_35.d new file mode 100644 index 0000000..b11b243 --- /dev/null +++ b/plugins/dalvik/opdefs/if_35.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ge + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_36.d b/plugins/dalvik/opdefs/if_36.d new file mode 100644 index 0000000..7436901 --- /dev/null +++ b/plugins/dalvik/opdefs/if_36.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gt + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_37.d b/plugins/dalvik/opdefs/if_37.d new file mode 100644 index 0000000..9ecbd84 --- /dev/null +++ b/plugins/dalvik/opdefs/if_37.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-le + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_38.d b/plugins/dalvik/opdefs/if_38.d new file mode 100644 index 0000000..ff21f2b --- /dev/null +++ b/plugins/dalvik/opdefs/if_38.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-eqz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_39.d b/plugins/dalvik/opdefs/if_39.d new file mode 100644 index 0000000..0dbba57 --- /dev/null +++ b/plugins/dalvik/opdefs/if_39.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-nez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3a.d b/plugins/dalvik/opdefs/if_3a.d new file mode 100644 index 0000000..b003824 --- /dev/null +++ b/plugins/dalvik/opdefs/if_3a.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ltz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3b.d b/plugins/dalvik/opdefs/if_3b.d new file mode 100644 index 0000000..f571d7e --- /dev/null +++ b/plugins/dalvik/opdefs/if_3b.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3c.d b/plugins/dalvik/opdefs/if_3c.d new file mode 100644 index 0000000..154fe2c --- /dev/null +++ b/plugins/dalvik/opdefs/if_3c.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gtz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3d.d b/plugins/dalvik/opdefs/if_3d.d new file mode 100644 index 0000000..2aa5f87 --- /dev/null +++ b/plugins/dalvik/opdefs/if_3d.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-lez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/iget_52.d b/plugins/dalvik/opdefs/iget_52.d new file mode 100644 index 0000000..ca5c140 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_52.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_53.d b/plugins/dalvik/opdefs/iget_53.d new file mode 100644 index 0000000..3d458d9 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_53.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-wide + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_54.d b/plugins/dalvik/opdefs/iget_54.d new file mode 100644 index 0000000..343accc --- /dev/null +++ b/plugins/dalvik/opdefs/iget_54.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-object + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_55.d b/plugins/dalvik/opdefs/iget_55.d new file mode 100644 index 0000000..dc9d7a4 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_55.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-boolean + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_56.d b/plugins/dalvik/opdefs/iget_56.d new file mode 100644 index 0000000..92e4d6c --- /dev/null +++ b/plugins/dalvik/opdefs/iget_56.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-byte + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_57.d b/plugins/dalvik/opdefs/iget_57.d new file mode 100644 index 0000000..b8864c7 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_57.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-char + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_58.d b/plugins/dalvik/opdefs/iget_58.d new file mode 100644 index 0000000..85a3fb8 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_58.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-short + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/instanceof_20.d b/plugins/dalvik/opdefs/instanceof_20.d new file mode 100644 index 0000000..7652c56 --- /dev/null +++ b/plugins/dalvik/opdefs/instanceof_20.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title instance-of + +@encoding() { + + @format 22c | pool_type + +} diff --git a/plugins/dalvik/opdefs/invoke_6e.d b/plugins/dalvik/opdefs/invoke_6e.d new file mode 100644 index 0000000..e7b3f0d --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_6e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-virtual + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_6f.d b/plugins/dalvik/opdefs/invoke_6f.d new file mode 100644 index 0000000..9fa4666 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_6f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-super + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_70.d b/plugins/dalvik/opdefs/invoke_70.d new file mode 100644 index 0000000..6662ce3 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_70.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-direct + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_71.d b/plugins/dalvik/opdefs/invoke_71.d new file mode 100644 index 0000000..f179dbd --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_71.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-static + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_72.d b/plugins/dalvik/opdefs/invoke_72.d new file mode 100644 index 0000000..6ad8e09 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_72.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-interface + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_74.d b/plugins/dalvik/opdefs/invoke_74.d new file mode 100644 index 0000000..77b68de --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_74.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-virtual/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_75.d b/plugins/dalvik/opdefs/invoke_75.d new file mode 100644 index 0000000..e886dad --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_75.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-super/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_76.d b/plugins/dalvik/opdefs/invoke_76.d new file mode 100644 index 0000000..8156689 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_76.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-direct/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_77.d b/plugins/dalvik/opdefs/invoke_77.d new file mode 100644 index 0000000..b5707e2 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_77.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-static/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_78.d b/plugins/dalvik/opdefs/invoke_78.d new file mode 100644 index 0000000..5589b38 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_78.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-interface/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/iput_59.d b/plugins/dalvik/opdefs/iput_59.d new file mode 100644 index 0000000..fd17db4 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_59.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5a.d b/plugins/dalvik/opdefs/iput_5a.d new file mode 100644 index 0000000..509868c --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-wide + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5b.d b/plugins/dalvik/opdefs/iput_5b.d new file mode 100644 index 0000000..9ad7500 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-object + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5c.d b/plugins/dalvik/opdefs/iput_5c.d new file mode 100644 index 0000000..9ae86fa --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-boolean + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5d.d b/plugins/dalvik/opdefs/iput_5d.d new file mode 100644 index 0000000..8a3830e --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-byte + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5e.d b/plugins/dalvik/opdefs/iput_5e.d new file mode 100644 index 0000000..5120675 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-char + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5f.d b/plugins/dalvik/opdefs/iput_5f.d new file mode 100644 index 0000000..7fe2d80 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-short + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/monitor_1d.d b/plugins/dalvik/opdefs/monitor_1d.d new file mode 100644 index 0000000..ab7ce5f --- /dev/null +++ b/plugins/dalvik/opdefs/monitor_1d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title monitor-enter + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/monitor_1e.d b/plugins/dalvik/opdefs/monitor_1e.d new file mode 100644 index 0000000..b5b0d20 --- /dev/null +++ b/plugins/dalvik/opdefs/monitor_1e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title monitor-exit + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_01.d b/plugins/dalvik/opdefs/move_01.d new file mode 100644 index 0000000..caa2a85 --- /dev/null +++ b/plugins/dalvik/opdefs/move_01.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_02.d b/plugins/dalvik/opdefs/move_02.d new file mode 100644 index 0000000..c8b96bd --- /dev/null +++ b/plugins/dalvik/opdefs/move_02.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_03.d b/plugins/dalvik/opdefs/move_03.d new file mode 100644 index 0000000..6957de7 --- /dev/null +++ b/plugins/dalvik/opdefs/move_03.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_04.d b/plugins/dalvik/opdefs/move_04.d new file mode 100644 index 0000000..57196cc --- /dev/null +++ b/plugins/dalvik/opdefs/move_04.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_05.d b/plugins/dalvik/opdefs/move_05.d new file mode 100644 index 0000000..2b974bb --- /dev/null +++ b/plugins/dalvik/opdefs/move_05.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_06.d b/plugins/dalvik/opdefs/move_06.d new file mode 100644 index 0000000..4acaf62 --- /dev/null +++ b/plugins/dalvik/opdefs/move_06.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_07.d b/plugins/dalvik/opdefs/move_07.d new file mode 100644 index 0000000..cde3102 --- /dev/null +++ b/plugins/dalvik/opdefs/move_07.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_08.d b/plugins/dalvik/opdefs/move_08.d new file mode 100644 index 0000000..aba0cad --- /dev/null +++ b/plugins/dalvik/opdefs/move_08.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_09.d b/plugins/dalvik/opdefs/move_09.d new file mode 100644 index 0000000..3bf6a65 --- /dev/null +++ b/plugins/dalvik/opdefs/move_09.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_0a.d b/plugins/dalvik/opdefs/move_0a.d new file mode 100644 index 0000000..b6a185a --- /dev/null +++ b/plugins/dalvik/opdefs/move_0a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0b.d b/plugins/dalvik/opdefs/move_0b.d new file mode 100644 index 0000000..d266cb8 --- /dev/null +++ b/plugins/dalvik/opdefs/move_0b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result-wide + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0c.d b/plugins/dalvik/opdefs/move_0c.d new file mode 100644 index 0000000..8e6f67f --- /dev/null +++ b/plugins/dalvik/opdefs/move_0c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result-object + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0d.d b/plugins/dalvik/opdefs/move_0d.d new file mode 100644 index 0000000..f442006 --- /dev/null +++ b/plugins/dalvik/opdefs/move_0d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-exception + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/mul_92.d b/plugins/dalvik/opdefs/mul_92.d new file mode 100644 index 0000000..83b5cac --- /dev/null +++ b/plugins/dalvik/opdefs/mul_92.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_9d.d b/plugins/dalvik/opdefs/mul_9d.d new file mode 100644 index 0000000..ecc216d --- /dev/null +++ b/plugins/dalvik/opdefs/mul_9d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_a8.d b/plugins/dalvik/opdefs/mul_a8.d new file mode 100644 index 0000000..63e51e5 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_a8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_ad.d b/plugins/dalvik/opdefs/mul_ad.d new file mode 100644 index 0000000..17f950c --- /dev/null +++ b/plugins/dalvik/opdefs/mul_ad.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_b2.d b/plugins/dalvik/opdefs/mul_b2.d new file mode 100644 index 0000000..a7b917c --- /dev/null +++ b/plugins/dalvik/opdefs/mul_b2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_bd.d b/plugins/dalvik/opdefs/mul_bd.d new file mode 100644 index 0000000..8ce23b1 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_bd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_c8.d b/plugins/dalvik/opdefs/mul_c8.d new file mode 100644 index 0000000..1d17cc1 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_c8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_cd.d b/plugins/dalvik/opdefs/mul_cd.d new file mode 100644 index 0000000..1816780 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_cd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_d2.d b/plugins/dalvik/opdefs/mul_d2.d new file mode 100644 index 0000000..998ecd7 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_d2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/mul_da.d b/plugins/dalvik/opdefs/mul_da.d new file mode 100644 index 0000000..4c1a264 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_da.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/neg_7b.d b/plugins/dalvik/opdefs/neg_7b.d new file mode 100644 index 0000000..c8ec7df --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_7d.d b/plugins/dalvik/opdefs/neg_7d.d new file mode 100644 index 0000000..3d442c3 --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_7f.d b/plugins/dalvik/opdefs/neg_7f.d new file mode 100644 index 0000000..d30ede6 --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_80.d b/plugins/dalvik/opdefs/neg_80.d new file mode 100644 index 0000000..49d6bdd --- /dev/null +++ b/plugins/dalvik/opdefs/neg_80.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/new_22.d b/plugins/dalvik/opdefs/new_22.d new file mode 100644 index 0000000..4af913c --- /dev/null +++ b/plugins/dalvik/opdefs/new_22.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title new-instance + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/new_23.d b/plugins/dalvik/opdefs/new_23.d new file mode 100644 index 0000000..0a6a863 --- /dev/null +++ b/plugins/dalvik/opdefs/new_23.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title new-array + +@encoding() { + + @format 22c | pool_type + +} diff --git a/plugins/dalvik/opdefs/nop_00.d b/plugins/dalvik/opdefs/nop_00.d new file mode 100644 index 0000000..d10d439 --- /dev/null +++ b/plugins/dalvik/opdefs/nop_00.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title nop + +@encoding() { + + @format 10x + +} diff --git a/plugins/dalvik/opdefs/not_7c.d b/plugins/dalvik/opdefs/not_7c.d new file mode 100644 index 0000000..d52ad8c --- /dev/null +++ b/plugins/dalvik/opdefs/not_7c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title not-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/not_7e.d b/plugins/dalvik/opdefs/not_7e.d new file mode 100644 index 0000000..4291d7a --- /dev/null +++ b/plugins/dalvik/opdefs/not_7e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title not-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_96.d b/plugins/dalvik/opdefs/or_96.d new file mode 100644 index 0000000..62f24a5 --- /dev/null +++ b/plugins/dalvik/opdefs/or_96.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/or_a1.d b/plugins/dalvik/opdefs/or_a1.d new file mode 100644 index 0000000..2867a81 --- /dev/null +++ b/plugins/dalvik/opdefs/or_a1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/or_b6.d b/plugins/dalvik/opdefs/or_b6.d new file mode 100644 index 0000000..3d56801 --- /dev/null +++ b/plugins/dalvik/opdefs/or_b6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_c1.d b/plugins/dalvik/opdefs/or_c1.d new file mode 100644 index 0000000..8d13da3 --- /dev/null +++ b/plugins/dalvik/opdefs/or_c1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_d6.d b/plugins/dalvik/opdefs/or_d6.d new file mode 100644 index 0000000..71766a3 --- /dev/null +++ b/plugins/dalvik/opdefs/or_d6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/or_de.d b/plugins/dalvik/opdefs/or_de.d new file mode 100644 index 0000000..1c293a5 --- /dev/null +++ b/plugins/dalvik/opdefs/or_de.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/rem_94.d b/plugins/dalvik/opdefs/rem_94.d new file mode 100644 index 0000000..9238d14 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_94.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_9f.d b/plugins/dalvik/opdefs/rem_9f.d new file mode 100644 index 0000000..6aef568 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_9f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_aa.d b/plugins/dalvik/opdefs/rem_aa.d new file mode 100644 index 0000000..71a0d8b --- /dev/null +++ b/plugins/dalvik/opdefs/rem_aa.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_af.d b/plugins/dalvik/opdefs/rem_af.d new file mode 100644 index 0000000..dc092a1 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_af.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_b4.d b/plugins/dalvik/opdefs/rem_b4.d new file mode 100644 index 0000000..fada523 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_b4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_bf.d b/plugins/dalvik/opdefs/rem_bf.d new file mode 100644 index 0000000..b6b0997 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_bf.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_ca.d b/plugins/dalvik/opdefs/rem_ca.d new file mode 100644 index 0000000..3c6d287 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_ca.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_cf.d b/plugins/dalvik/opdefs/rem_cf.d new file mode 100644 index 0000000..1881502 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_cf.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_d4.d b/plugins/dalvik/opdefs/rem_d4.d new file mode 100644 index 0000000..84d12b8 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_d4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/rem_dc.d b/plugins/dalvik/opdefs/rem_dc.d new file mode 100644 index 0000000..f70f9e9 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_dc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/return_0e.d b/plugins/dalvik/opdefs/return_0e.d new file mode 100644 index 0000000..98fa1a8 --- /dev/null +++ b/plugins/dalvik/opdefs/return_0e.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-void + +@encoding() { + + @format 10x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_0f.d b/plugins/dalvik/opdefs/return_0f.d new file mode 100644 index 0000000..7e681ae --- /dev/null +++ b/plugins/dalvik/opdefs/return_0f.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_10.d b/plugins/dalvik/opdefs/return_10.d new file mode 100644 index 0000000..644760c --- /dev/null +++ b/plugins/dalvik/opdefs/return_10.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-wide + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_11.d b/plugins/dalvik/opdefs/return_11.d new file mode 100644 index 0000000..b8e4e60 --- /dev/null +++ b/plugins/dalvik/opdefs/return_11.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-object + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/rsub_d1.d b/plugins/dalvik/opdefs/rsub_d1.d new file mode 100644 index 0000000..0d05c84 --- /dev/null +++ b/plugins/dalvik/opdefs/rsub_d1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rsub-int + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/rsub_d9.d b/plugins/dalvik/opdefs/rsub_d9.d new file mode 100644 index 0000000..0f2f656 --- /dev/null +++ b/plugins/dalvik/opdefs/rsub_d9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rsub-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/sget_60.d b/plugins/dalvik/opdefs/sget_60.d new file mode 100644 index 0000000..90090a2 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_60.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_61.d b/plugins/dalvik/opdefs/sget_61.d new file mode 100644 index 0000000..c3f132c --- /dev/null +++ b/plugins/dalvik/opdefs/sget_61.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-wide + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_62.d b/plugins/dalvik/opdefs/sget_62.d new file mode 100644 index 0000000..97d41d9 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_62.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-object + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_63.d b/plugins/dalvik/opdefs/sget_63.d new file mode 100644 index 0000000..0dca873 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_63.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-boolean + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_64.d b/plugins/dalvik/opdefs/sget_64.d new file mode 100644 index 0000000..507420e --- /dev/null +++ b/plugins/dalvik/opdefs/sget_64.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-byte + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_65.d b/plugins/dalvik/opdefs/sget_65.d new file mode 100644 index 0000000..5236314 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_65.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-char + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_66.d b/plugins/dalvik/opdefs/sget_66.d new file mode 100644 index 0000000..9f8b4fa --- /dev/null +++ b/plugins/dalvik/opdefs/sget_66.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-short + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/shl_98.d b/plugins/dalvik/opdefs/shl_98.d new file mode 100644 index 0000000..bfb92bd --- /dev/null +++ b/plugins/dalvik/opdefs/shl_98.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shl_a3.d b/plugins/dalvik/opdefs/shl_a3.d new file mode 100644 index 0000000..c3772b0 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_a3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shl_b8.d b/plugins/dalvik/opdefs/shl_b8.d new file mode 100644 index 0000000..70f99e1 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_b8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shl_c3.d b/plugins/dalvik/opdefs/shl_c3.d new file mode 100644 index 0000000..94d35e5 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_c3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shl_e0.d b/plugins/dalvik/opdefs/shl_e0.d new file mode 100644 index 0000000..c5c8d50 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_e0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/shr_99.d b/plugins/dalvik/opdefs/shr_99.d new file mode 100644 index 0000000..203e4d5 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_99.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shr_a4.d b/plugins/dalvik/opdefs/shr_a4.d new file mode 100644 index 0000000..16e07a6 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_a4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shr_b9.d b/plugins/dalvik/opdefs/shr_b9.d new file mode 100644 index 0000000..5f48795 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_b9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shr_c4.d b/plugins/dalvik/opdefs/shr_c4.d new file mode 100644 index 0000000..80cbfee --- /dev/null +++ b/plugins/dalvik/opdefs/shr_c4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shr_e1.d b/plugins/dalvik/opdefs/shr_e1.d new file mode 100644 index 0000000..38a30dc --- /dev/null +++ b/plugins/dalvik/opdefs/shr_e1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/sput_67.d b/plugins/dalvik/opdefs/sput_67.d new file mode 100644 index 0000000..149337a --- /dev/null +++ b/plugins/dalvik/opdefs/sput_67.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_68.d b/plugins/dalvik/opdefs/sput_68.d new file mode 100644 index 0000000..3709445 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_68.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-wide + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_69.d b/plugins/dalvik/opdefs/sput_69.d new file mode 100644 index 0000000..89302eb --- /dev/null +++ b/plugins/dalvik/opdefs/sput_69.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-object + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6a.d b/plugins/dalvik/opdefs/sput_6a.d new file mode 100644 index 0000000..91f5f4f --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-boolean + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6b.d b/plugins/dalvik/opdefs/sput_6b.d new file mode 100644 index 0000000..72338a0 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-byte + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6c.d b/plugins/dalvik/opdefs/sput_6c.d new file mode 100644 index 0000000..1f0a7c5 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-char + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6d.d b/plugins/dalvik/opdefs/sput_6d.d new file mode 100644 index 0000000..d164858 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-short + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sub_91.d b/plugins/dalvik/opdefs/sub_91.d new file mode 100644 index 0000000..34fd476 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_91.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_9c.d b/plugins/dalvik/opdefs/sub_9c.d new file mode 100644 index 0000000..566cb80 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_9c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_a7.d b/plugins/dalvik/opdefs/sub_a7.d new file mode 100644 index 0000000..22851c6 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_a7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_ac.d b/plugins/dalvik/opdefs/sub_ac.d new file mode 100644 index 0000000..c818423 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_ac.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_b1.d b/plugins/dalvik/opdefs/sub_b1.d new file mode 100644 index 0000000..4102367 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_b1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_bc.d b/plugins/dalvik/opdefs/sub_bc.d new file mode 100644 index 0000000..b0a22ae --- /dev/null +++ b/plugins/dalvik/opdefs/sub_bc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_c7.d b/plugins/dalvik/opdefs/sub_c7.d new file mode 100644 index 0000000..dc8fd47 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_c7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_cc.d b/plugins/dalvik/opdefs/sub_cc.d new file mode 100644 index 0000000..d24b702 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_cc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/switch_2b.d b/plugins/dalvik/opdefs/switch_2b.d new file mode 100644 index 0000000..2ff6b33 --- /dev/null +++ b/plugins/dalvik/opdefs/switch_2b.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title packed-switch + +@encoding() { + + @format 31t + + @hooks { + + link = handle_dalvik_packed_switch_links + + } + +} diff --git a/plugins/dalvik/opdefs/switch_2c.d b/plugins/dalvik/opdefs/switch_2c.d new file mode 100644 index 0000000..0a4d248 --- /dev/null +++ b/plugins/dalvik/opdefs/switch_2c.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sparse-switch + +@encoding() { + + @format 31t + + @hooks { + + link = handle_dalvik_packed_switch_links + + } + +} diff --git a/plugins/dalvik/opdefs/throw_27.d b/plugins/dalvik/opdefs/throw_27.d new file mode 100644 index 0000000..79c71dd --- /dev/null +++ b/plugins/dalvik/opdefs/throw_27.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title throw + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/to_81.d b/plugins/dalvik/opdefs/to_81.d new file mode 100644 index 0000000..e1b45b3 --- /dev/null +++ b/plugins/dalvik/opdefs/to_81.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_82.d b/plugins/dalvik/opdefs/to_82.d new file mode 100644 index 0000000..4d5e667 --- /dev/null +++ b/plugins/dalvik/opdefs/to_82.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_83.d b/plugins/dalvik/opdefs/to_83.d new file mode 100644 index 0000000..6f764c1 --- /dev/null +++ b/plugins/dalvik/opdefs/to_83.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_84.d b/plugins/dalvik/opdefs/to_84.d new file mode 100644 index 0000000..f3076ae --- /dev/null +++ b/plugins/dalvik/opdefs/to_84.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_85.d b/plugins/dalvik/opdefs/to_85.d new file mode 100644 index 0000000..3ac252c --- /dev/null +++ b/plugins/dalvik/opdefs/to_85.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_86.d b/plugins/dalvik/opdefs/to_86.d new file mode 100644 index 0000000..80e9a28 --- /dev/null +++ b/plugins/dalvik/opdefs/to_86.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_87.d b/plugins/dalvik/opdefs/to_87.d new file mode 100644 index 0000000..55028e3 --- /dev/null +++ b/plugins/dalvik/opdefs/to_87.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_88.d b/plugins/dalvik/opdefs/to_88.d new file mode 100644 index 0000000..2eaa85b --- /dev/null +++ b/plugins/dalvik/opdefs/to_88.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_89.d b/plugins/dalvik/opdefs/to_89.d new file mode 100644 index 0000000..147f280 --- /dev/null +++ b/plugins/dalvik/opdefs/to_89.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8a.d b/plugins/dalvik/opdefs/to_8a.d new file mode 100644 index 0000000..c089942 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8b.d b/plugins/dalvik/opdefs/to_8b.d new file mode 100644 index 0000000..e60ba2f --- /dev/null +++ b/plugins/dalvik/opdefs/to_8b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8c.d b/plugins/dalvik/opdefs/to_8c.d new file mode 100644 index 0000000..b7ee496 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8d.d b/plugins/dalvik/opdefs/to_8d.d new file mode 100644 index 0000000..28a194e --- /dev/null +++ b/plugins/dalvik/opdefs/to_8d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-byte + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8e.d b/plugins/dalvik/opdefs/to_8e.d new file mode 100644 index 0000000..c8b2598 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-char + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8f.d b/plugins/dalvik/opdefs/to_8f.d new file mode 100644 index 0000000..697c102 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-short + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_9a.d b/plugins/dalvik/opdefs/ushr_9a.d new file mode 100644 index 0000000..d3f48ba --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_9a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/ushr_a5.d b/plugins/dalvik/opdefs/ushr_a5.d new file mode 100644 index 0000000..11578c3 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_a5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/ushr_ba.d b/plugins/dalvik/opdefs/ushr_ba.d new file mode 100644 index 0000000..d9c0ab7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_ba.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_c5.d b/plugins/dalvik/opdefs/ushr_c5.d new file mode 100644 index 0000000..b0117a7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_c5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_e2.d b/plugins/dalvik/opdefs/ushr_e2.d new file mode 100644 index 0000000..5ade4f7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_e2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/xor_97.d b/plugins/dalvik/opdefs/xor_97.d new file mode 100644 index 0000000..3bdfc05 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_97.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/xor_a2.d b/plugins/dalvik/opdefs/xor_a2.d new file mode 100644 index 0000000..d651f66 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_a2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/xor_b7.d b/plugins/dalvik/opdefs/xor_b7.d new file mode 100644 index 0000000..b42da76 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_b7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/xor_c2.d b/plugins/dalvik/opdefs/xor_c2.d new file mode 100644 index 0000000..3fd2660 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_c2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/xor_d7.d b/plugins/dalvik/opdefs/xor_d7.d new file mode 100644 index 0000000..2351a21 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_d7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/xor_df.d b/plugins/dalvik/opdefs/xor_df.d new file mode 100644 index 0000000..04443f7 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_df.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/operand.c b/plugins/dalvik/operand.c new file mode 100644 index 0000000..e37a0bb --- /dev/null +++ b/plugins/dalvik/operand.c @@ -0,0 +1,752 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * operand.c - aide à la création d'opérandes Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "operand.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdarg.h> + + + +/* Liste de tous les types d'opérandes */ +typedef enum _DalvikOperandID +{ + DOI_INVALID, + + DOI_REGISTER_4, + DOI_REGISTER_8, + DOI_REGISTER_16, + + DOI_IMMEDIATE_4, + DOI_IMMEDIATE_8, + DOI_IMMEDIATE_16, + DOI_IMMEDIATE_32, + DOI_IMMEDIATE_64, + DOI_IMMEDIATE_H16, + + DOI_POOL_CONST, + DOI_POOL_CONST_WIDE, + + DOI_TARGET_8, + DOI_TARGET_16, + DOI_TARGET_32 + +} DalvikOperandID; + + +/* Crée un opérande visant une instruction Dalvik. */ +static GArchOperand *dalvik_build_target_operand(const GBinContent *, vmpa2t *, MemoryDataSize , SourceEndian, const vmpa2t *); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_basic_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType, ...); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_fixed_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_variatic_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType); + + + +/****************************************************************************** +* * +* Paramètres : content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* size = taille de l'opérande. * +* endian = ordre des bits dans la source. * +* base = adresse de référence pour le calcul. * +* * +* Description : Crée un opérande visant une instruction Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchOperand *dalvik_build_target_operand(const GBinContent *content, vmpa2t *pos, MemoryDataSize size, SourceEndian endian, const vmpa2t *base) +{ + GArchOperand *result; /* Structure à retourner */ + phys_t offset; /* Emplacement de base */ + int8_t val8; /* Valeur sur 8 bits */ + int16_t val16; /* Valeur sur 16 bits */ + int32_t val32; /* Valeur sur 32 bits */ + bool test; /* Bilan de lecture */ + phys_t address; /* Adresse finale visée */ + + offset = get_phy_addr(base); + + switch (size) + { + case MDS_8_BITS_SIGNED: + test = g_binary_content_read_s8(content, pos, &val8); + address = offset + val8 * sizeof(uint16_t); + break; + case MDS_16_BITS_SIGNED: + test = g_binary_content_read_s16(content, pos, endian, &val16); + address = offset + val16 * sizeof(uint16_t); + break; + case MDS_32_BITS_SIGNED: + test = g_binary_content_read_s32(content, pos, endian, &val32); + address = offset + val32 * sizeof(uint16_t); + break; + default: + test = false; + break; + } + + if (!test) + return NULL; + + result = g_imm_operand_new_from_value(MDS_32_BITS, address); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* ... = éventuels arguments complémentaires. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_basic_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model, ...) +{ + bool result; /* Bilan à retourner */ + DalvikOperandID *types; /* Liste des chargements */ + DalvikOperandID *iter; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + uint16_t value16; /* Valeur sur 16 bits */ + DalvikPoolType pool_type; /* Type de table à manipuler */ + va_list ap; /* Arguments complémentaires */ + const vmpa2t *base; /* Base pour les sauts de code */ + + result = true; + + /* Choix des opérandes à charger */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10T: + types = (DalvikOperandID []) { + DOI_TARGET_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_11N: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_IMMEDIATE_4, + DOI_INVALID + }; + break; + + case DALVIK_OPT_11X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_12X: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_INVALID + }; + break; + + case DALVIK_OPT_20T: + types = (DalvikOperandID []) { + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21C: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_POOL_CONST, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21H: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_H16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21S: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21T: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22B: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_IMMEDIATE_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22C: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_POOL_CONST, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22S: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_IMMEDIATE_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22T: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_23X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_30T: + types = (DalvikOperandID []) { + DOI_TARGET_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31C: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_POOL_CONST_WIDE, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31I: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31T: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_TARGET_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_32X: + types = (DalvikOperandID []) { + DOI_REGISTER_16, + DOI_REGISTER_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_51L: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_64, + DOI_INVALID + }; + break; + + default: + types = (DalvikOperandID []) { + DOI_INVALID + }; + break; + + } + + /* Chargement des opérandes */ + + for (iter = types; *iter != G_TYPE_INVALID && result; iter++) + { + op = NULL; /* Nul de GCC */ + + switch (*iter) + { + case DOI_REGISTER_4: + op = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + break; + + case DOI_REGISTER_8: + op = g_dalvik_register_operand_new(content, pos, NULL, MDS_8_BITS, endian); + break; + + case DOI_REGISTER_16: + op = g_dalvik_register_operand_new(content, pos, NULL, MDS_16_BITS, endian); + break; + + case DOI_IMMEDIATE_4: + op = _g_imm_operand_new_from_data(MDS_4_BITS, content, pos, low, endian); + break; + + case DOI_IMMEDIATE_8: + op = g_imm_operand_new_from_data(MDS_8_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_16: + op = g_imm_operand_new_from_data(MDS_16_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_32: + op = g_imm_operand_new_from_data(MDS_32_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_64: + op = g_imm_operand_new_from_data(MDS_64_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_H16: + result = g_binary_content_read_u16(content, pos, endian, &value16); + if (result) + op = g_imm_operand_new_from_value(MDS_32_BITS_SIGNED, ((uint32_t)value16) << 16); + break; + + case DOI_POOL_CONST: + pool_type = DALVIK_OP_GET_POOL(model); + op = g_dalvik_pool_operand_new(format, pool_type, content, pos, MDS_16_BITS, endian); + break; + + case DOI_POOL_CONST_WIDE: + pool_type = DALVIK_OP_GET_POOL(model); + op = g_dalvik_pool_operand_new(format, pool_type, content, pos, MDS_32_BITS, endian); + break; + + case DOI_TARGET_8: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_8_BITS_SIGNED, endian, base); + va_end(ap); + break; + + case DOI_TARGET_16: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_16_BITS_SIGNED, endian, base); + va_end(ap); + break; + + case DOI_TARGET_32: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_32_BITS_SIGNED, endian, base); + va_end(ap); + break; + + default: + op = NULL; + break; + + } + + if (op == NULL) result = false; + else g_arch_instruction_attach_extra_operand(instr, op); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_fixed_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model) +{ + GArchOperand *opg; /* Opérande G décodé */ + uint8_t a; /* Nbre. de registres utilisés */ + GArchOperand *target; /* Opérande visant la table #1 */ + GArchOperand *args; /* Liste des opérandes */ + uint8_t i; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + + opg = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + + if (!g_binary_content_read_u4(content, pos, low, &a)) + goto err_va; + + if (a == 5 && opg == NULL) + goto err_no_opg; + + target = g_dalvik_pool_operand_new(format, DALVIK_OP_GET_POOL(model), content, pos, MDS_16_BITS, endian); + if (target == NULL) goto err_target; + + /* Mise en place des arguments */ + + args = g_dalvik_args_operand_new(); + + for (i = 0; i < MIN(a, 4); i++) + { + op = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + if (op == NULL) goto err_registers; + + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), op); + + } + + /* Consommation pleine et entière */ + + for (; i < 4; i++) + if (!g_binary_content_read_u4(content, pos, low, (uint8_t []) { 0 })) + goto err_padding; + + /* Rajout des éléments finaux déjà chargés */ + + if (a == 5) + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), opg); + + else + { + if (opg != NULL) + g_object_unref(G_OBJECT(opg)); + } + + g_arch_instruction_attach_extra_operand(instr, args); + + /* Rajout de la cible */ + + g_arch_instruction_attach_extra_operand(instr, target); + + return true; + + err_padding: + + err_registers: + + g_object_unref(G_OBJECT(target)); + + err_target: + + if (opg != NULL) + g_object_unref(G_OBJECT(opg)); + + err_no_opg: + err_va: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_variatic_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model) +{ + uint8_t a; /* Nbre. de registres utilisés */ + uint16_t c; /* Indice de registre */ + GArchOperand *target; /* Opérande visant la table */ + GArchOperand *args; /* Liste des opérandes */ + uint8_t i; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + + if (!g_binary_content_read_u8(content, pos, &a)) + return false; + + target = g_dalvik_pool_operand_new(format, DALVIK_OP_GET_POOL(model), content, pos, MDS_16_BITS, endian); + if (target == NULL) return false; + + if (!g_binary_content_read_u16(content, pos, endian, &c)) + return false; + + /* Mise en place des arguments */ + + args = g_dalvik_args_operand_new(); + + for (i = 0; i < a; i++) + { + op = g_dalvik_register_operand_new_from_existing(g_dalvik_register_new(c + i)); + if (op == NULL) goto drvo_registers; + + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), op); + + } + + g_arch_instruction_attach_extra_operand(instr, args); + + /* Rajout de la cible */ + + g_arch_instruction_attach_extra_operand(instr, target); + + return true; + + drvo_registers: + + g_object_unref(G_OBJECT(target)); + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dalvik_read_operands(GArchInstruction *instr, GExeFormat *format, const GBinContent *content, vmpa2t *pos, SourceEndian endian, DalvikOperandType model) +{ + bool result; /* Bilan à retourner */ + GDexFormat *dformat; /* Autre version du format */ + bool low; /* Partie d'octets à lire */ +#ifndef NDEBUG + vmpa2t old; /* Position avant traitements */ +#endif + vmpa2t base; /* Base pour les sauts de code */ + vmpa2t *extra; /* Information complémentaire */ +#ifndef NDEBUG + phys_t expected; /* Consommation attendue */ + phys_t consumed; /* Consommation réelle */ +#endif + + result = true; + + dformat = G_DEX_FORMAT(format); + + low = true; + +#ifndef NDEBUG + + copy_vmpa(&old, pos); + +#endif + + /* Récupération de la base ? */ + + if (DALVIK_OP_GET_MNEMONIC(model) == 'T') + { + extra = &base; + + copy_vmpa(extra, pos); + deminish_vmpa(extra, 1); + + } + else extra = NULL; + + /* Bourrage : ØØ|op ? */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10X: + case DALVIK_OPT_20T: + case DALVIK_OPT_30T: + case DALVIK_OPT_32X: + result = g_binary_content_seek(content, pos, 1); + break; + + default: + break; + + } + + /* Décodage... */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10T: + case DALVIK_OPT_11N: + case DALVIK_OPT_11X: + case DALVIK_OPT_12X: + case DALVIK_OPT_20T: + case DALVIK_OPT_21C: + case DALVIK_OPT_21H: + case DALVIK_OPT_21S: + case DALVIK_OPT_21T: + case DALVIK_OPT_22B: + case DALVIK_OPT_22C: + case DALVIK_OPT_22S: + case DALVIK_OPT_22T: + case DALVIK_OPT_22X: + case DALVIK_OPT_23X: + case DALVIK_OPT_30T: + case DALVIK_OPT_31C: + case DALVIK_OPT_31I: + case DALVIK_OPT_31T: + case DALVIK_OPT_32X: + case DALVIK_OPT_51L: + result = dalvik_read_basic_operands(instr, dformat, content, pos, &low, endian, model, extra); + break; + + case DALVIK_OPT_35C: + result = dalvik_read_fixed_operands(instr, dformat, content, pos, &low, endian, model); + break; + + case DALVIK_OPT_3RC: + case DALVIK_OPT_3RMS: + case DALVIK_OPT_3RFS: + result = dalvik_read_variatic_operands(instr, dformat, content, pos, &low, endian, model); + break; + + default: + break; + + } + +#ifndef NDEBUG + + /* Vérification d'implémentation */ + + if (result) + { + expected = DALVIK_OP_GET_LEN(model) * 2; + consumed = 1 + compute_vmpa_diff(&old, pos); + + assert(consumed == expected); + + } + +#endif + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void dalvik_mark_first_operand_as_written(GArchInstruction *instr) +{ + GArchOperand *operand; /* Première opérande visé */ + + operand = g_arch_instruction_get_operand(instr, 0); + + g_dalvik_register_operand_mark_as_written(G_DALVIK_REGISTER_OPERAND(operand)); + +} diff --git a/plugins/dalvik/operand.h b/plugins/dalvik/operand.h new file mode 100644 index 0000000..b34c87c --- /dev/null +++ b/plugins/dalvik/operand.h @@ -0,0 +1,125 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * operand.h - prototypes pour l'aide à la création d'opérandes Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERAND_H +#define _ARCH_DALVIK_OPERAND_H + + +#include <arch/instruction.h> +#include <plugins/dex/format.h> + + +#include "operands/args.h" +#include "operands/pool.h" +#include "operands/register.h" + + + +/** + * Cf. les documentations suivantes : + * - http://www.netmite.com/android/mydroid/dalvik/docs/instruction-formats.html + * - http://www.netmite.com/android/mydroid/dalvik/docs/dalvik-bytecode.html + * - http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html + */ + + +/* Construction d'identifiants typés */ + +#define DALVIK_OP_LEN_OFF 28 +#define DALVIK_OP_LEN_MASK 0xf0000000 + +#define DALVIK_OP_REG_OFF 24 +#define DALVIK_OP_REG_MASK 0x0f000000 +#define DALVIK_OP_REG_RANGE 0xf + +#define DALVIK_OP_POOL_OFF 20 +#define DALVIK_OP_POOL_MASK 0x00f00000 + +#define DALVIK_OP_EXTRA_MASK (DALVIK_OP_POOL_MASK) + +#define DALVIK_OP_LEN(l) ((l) << DALVIK_OP_LEN_OFF) +#define DALVIK_OP_GET_LEN(v) (((v) & DALVIK_OP_LEN_MASK) >> DALVIK_OP_LEN_OFF) + +#define DALVIK_OP_REG(r) ((r) << DALVIK_OP_REG_OFF) +#define DALVIK_OP_COUNT_REG(v) (((v) & DALVIK_OP_REG_MASK) >> DALVIK_OP_REG_OFF) + +#define DALVIK_OP_POOL(p) ((p) << DALVIK_OP_POOL_OFF) +#define DALVIK_OP_GET_POOL(v) (((v) & DALVIK_OP_POOL_MASK) >> DALVIK_OP_POOL_OFF) + +#define DALVIK_OP_GET_MNEMONIC(v) ((v) & 0xff) + + +/* Types d'opérandes supportés */ +typedef enum _DalvikOperandType +{ + DALVIK_OPT_10T = DALVIK_OP_LEN(1) | DALVIK_OP_REG(0) | 'T', + DALVIK_OPT_10X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(0) | 'X', + + DALVIK_OPT_11N = DALVIK_OP_LEN(1) | DALVIK_OP_REG(1) | 'N', + DALVIK_OPT_11X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(1) | 'X', + + DALVIK_OPT_12X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_20T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(0) | 'T', + + DALVIK_OPT_21C = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'C', + DALVIK_OPT_21H = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'H', + DALVIK_OPT_21S = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'S', + DALVIK_OPT_21T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'T', + + DALVIK_OPT_22B = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'B', + DALVIK_OPT_22C = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'C', + DALVIK_OPT_22S = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'S', + DALVIK_OPT_22T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'T', + DALVIK_OPT_22X = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_23X = DALVIK_OP_LEN(2) | DALVIK_OP_REG(3) | 'X', + + DALVIK_OPT_30T = DALVIK_OP_LEN(3) | DALVIK_OP_REG(0) | 'T', + + DALVIK_OPT_31C = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'C', + DALVIK_OPT_31I = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'I', + DALVIK_OPT_31T = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'T', + + DALVIK_OPT_32X = DALVIK_OP_LEN(3) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_35C = DALVIK_OP_LEN(3) | DALVIK_OP_REG(5) | 'C', + + DALVIK_OPT_3RC = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'C', + DALVIK_OPT_3RMS = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'M', + DALVIK_OPT_3RFS = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'F', + + DALVIK_OPT_51L = DALVIK_OP_LEN(5) | DALVIK_OP_REG(1) | 'L' + +} DalvikOperandType; + + +/* Procède à la lecture d'opérandes pour une instruction. */ +bool dalvik_read_operands(GArchInstruction *, GExeFormat *, const GBinContent *, vmpa2t *, SourceEndian, DalvikOperandType); + +/* Procède à la lecture d'opérandes pour une instruction. */ +void dalvik_mark_first_operand_as_written(GArchInstruction *); + + + +#endif /* _ARCH_DALVIK_OPERAND_H */ diff --git a/plugins/dalvik/operands/Makefile.am b/plugins/dalvik/operands/Makefile.am new file mode 100644 index 0000000..2c2ba27 --- /dev/null +++ b/plugins/dalvik/operands/Makefile.am @@ -0,0 +1,17 @@ + +noinst_LTLIBRARIES = libdalvikoperands.la + +libdalvikoperands_la_SOURCES = \ + args.h args.c \ + pool.h pool.c \ + register.h register.c + +libdalvik_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + + +SUBDIRS = diff --git a/plugins/dalvik/operands/args.c b/plugins/dalvik/operands/args.c new file mode 100644 index 0000000..a4f4b11 --- /dev/null +++ b/plugins/dalvik/operands/args.c @@ -0,0 +1,330 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * args.c - listes d'opérandes rassemblées en arguments + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "args.h" + + +#include <assert.h> +#include <malloc.h> + + +#include <arch/operand-int.h> +#include <common/sort.h> + + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (instance) */ +struct _GDalvikArgsOperand +{ + GArchOperand parent; /* Instance parente */ + + GArchOperand **args; /* Liste d'arguments */ + size_t count; /* Taille de cette liste */ + +}; + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (classe) */ +struct _GDalvikArgsOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des listes d'opérandes Dalvik. */ +static void g_dalvik_args_operand_class_init(GDalvikArgsOperandClass *); + +/* Initialise une instance de liste d'opérandes Dalvik. */ +static void g_dalvik_args_operand_init(GDalvikArgsOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_args_operand_dispose(GDalvikArgsOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_args_operand_finalize(GDalvikArgsOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_args_operand_compare(const GDalvikArgsOperand *, const GDalvikArgsOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_args_operand_print(const GDalvikArgsOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour une liste d'arguments Dalvik. */ +G_DEFINE_TYPE(GDalvikArgsOperand, g_dalvik_args_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des listes d'opérandes Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_class_init(GDalvikArgsOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + operand = G_ARCH_OPERAND_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_args_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_args_operand_finalize; + + operand->compare = (operand_compare_fc)g_dalvik_args_operand_compare; + operand->print = (operand_print_fc)g_dalvik_args_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance de liste d'opérandes Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_init(GDalvikArgsOperand *operand) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_dispose(GDalvikArgsOperand *operand) +{ + size_t i; + + for (i = 0; i < operand->count; i++) + g_object_unref(G_OBJECT(operand->args[i])); + + G_OBJECT_CLASS(g_dalvik_args_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_finalize(GDalvikArgsOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_args_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_args_operand_compare(const GDalvikArgsOperand *a, const GDalvikArgsOperand *b) +{ + int result; /* Bilan à renvoyer */ + size_t i; /* Boucle de parcours */ + + /* Création de l'objet... */ + if (b == NULL) + result = 1; + + else + { + result = sort_unsigned_long(a->count, b->count); + + for (i = 0; i < a->count && result == 0; i++) + result = g_arch_operand_compare(a->args[i], b->args[i]); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_print(const GDalvikArgsOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + size_t i; /* Boucle de parcours */ + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "{", 1, RTT_HOOK, NULL); + + if (operand->count > 0) + { + g_arch_operand_print(operand->args[0], line, syntax); + + for (i = 1; i < operand->count; i++) + { + g_buffer_line_append_text(line, BLC_ASSEMBLY, ",", 1, RTT_PUNCT, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, " ", 1, RTT_RAW, NULL); + + g_arch_operand_print(operand->args[i], line, syntax); + + } + + } + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "}", 1, RTT_HOOK, NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un réceptacle pour opérandes Dalvik servant d'arguments.* +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_args_operand_new(void) +{ + GArchOperand *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_ARGS_OPERAND, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* arg = nouvel argument pour un appel. * +* * +* Description : Ajoute un élément à la liste d'arguments Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dalvik_args_operand_add(GDalvikArgsOperand *operand, GArchOperand *arg) +{ + + operand->count++; + operand->args = (GArchOperand **)realloc(operand->args, operand->count * sizeof(GArchOperand *)); + + operand->args[operand->count - 1] = arg; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* * +* Description : Fournit le nombre d'arguments pris en charge. * +* * +* Retour : Nombre positif ou nul. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dalvik_args_count(const GDalvikArgsOperand *operand) +{ + return operand->count; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* index = indice de l'argument recherché. * +* * +* Description : Founit un élément de la liste d'arguments Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *operand, size_t index) +{ + assert(index < operand->count); + + return operand->args[index]; + +} diff --git a/plugins/dalvik/operands/args.h b/plugins/dalvik/operands/args.h new file mode 100644 index 0000000..354333d --- /dev/null +++ b/plugins/dalvik/operands/args.h @@ -0,0 +1,67 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * args.h - prototypes pour les listes d'opérandes rassemblées en arguments + * + * Copyright (C) 2010-2012x Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_ARGS_H +#define _ARCH_DALVIK_OPERANDS_ARGS_H + + +#include <glib-object.h> + + +#include <arch/operand.h> + + + +#define G_TYPE_DALVIK_ARGS_OPERAND g_dalvik_args_operand_get_type() +#define G_DALVIK_ARGS_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_args_operand_get_type(), GDalvikArgsOperand)) +#define G_IS_DALVIK_ARGS_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_args_operand_get_type())) +#define G_DALVIK_ARGS_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_ARGS_OPERAND, GDalvikArgsOperandClass)) +#define G_IS_DALVIK_ARGS_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_ARGS_OPERAND)) +#define G_DALVIK_ARGS_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_ARGS_OPERAND, GDalvikArgsOperandClass)) + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (instance) */ +typedef struct _GDalvikArgsOperand GDalvikArgsOperand; + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (classe) */ +typedef struct _GDalvikArgsOperandClass GDalvikArgsOperandClass; + + +/* Indique le type défini par la GLib pour une liste d'arguments Dalvik. */ +GType g_dalvik_args_operand_get_type(void); + +/* Crée un réceptacle pour opérandes Dalvik servant d'arguments. */ +GArchOperand *g_dalvik_args_operand_new(void); + +/* Ajoute un élément à la liste d'arguments Dalvik. */ +void g_dalvik_args_operand_add(GDalvikArgsOperand *, GArchOperand *); + +/* Fournit le nombre d'arguments pris en charge. */ +size_t g_dalvik_args_count(const GDalvikArgsOperand *); + +/* Founit un élément de la liste d'arguments Dalvik. */ +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *, size_t); + + + +#endif /* _ARCH_DALVIK_OPERANDS_ARGS_H */ diff --git a/plugins/dalvik/operands/pool.c b/plugins/dalvik/operands/pool.c new file mode 100644 index 0000000..a6dc5f2 --- /dev/null +++ b/plugins/dalvik/operands/pool.c @@ -0,0 +1,455 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.c - opérandes pointant vers la table des constantes + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "pool.h" + + +#include <stdio.h> +#include <string.h> + + +#include <i18n.h> + + +#include <arch/operand-int.h> +#include <common/sort.h> +#include <plugins/dex/pool.h> + + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (instance) */ +struct _GDalvikPoolOperand +{ + GArchOperand parent; /* Instance parente */ + + GDexFormat *format; /* Lien vers le contenu réel */ + DalvikPoolType type; /* Type de table visée */ + uint32_t index; /* Indice de l'élément visé */ + +}; + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (classe) */ +struct _GDalvikPoolOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des opérandes de constante Dalvik. */ +static void g_dalvik_pool_operand_class_init(GDalvikPoolOperandClass *); + +/* Initialise une instance d'opérande de constante Dalvik. */ +static void g_dalvik_pool_operand_init(GDalvikPoolOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_pool_operand_dispose(GDalvikPoolOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_pool_operand_finalize(GDalvikPoolOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_pool_operand_compare(const GDalvikPoolOperand *, const GDalvikPoolOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_pool_operand_print(const GDalvikPoolOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour un un élément de table de constantes Dalvik. */ +G_DEFINE_TYPE(GDalvikPoolOperand, g_dalvik_pool_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des opérandes de constante Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_class_init(GDalvikPoolOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_pool_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_pool_operand_finalize; + + operand = G_ARCH_OPERAND_CLASS(klass); + + operand->compare = (operand_compare_fc)g_dalvik_pool_operand_compare; + operand->print = (operand_print_fc)g_dalvik_pool_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance d'opérande de constante Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_init(GDalvikPoolOperand *operand) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : binary = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_dispose(GDalvikPoolOperand *operand) +{ + g_object_unref(G_OBJECT(operand->format)); + + G_OBJECT_CLASS(g_dalvik_pool_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : binary = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_finalize(GDalvikPoolOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_pool_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_pool_operand_compare(const GDalvikPoolOperand *a, const GDalvikPoolOperand *b) +{ + int result; /* Bilan à renvoyer */ + + result = sort_unsigned_long((unsigned long)a->format, (unsigned long)b->format); + + if (result == 0) + result = sort_unsigned_long(a->type, b->type); + + if (result == 0) + result = sort_unsigned_long(a->index, b->index); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_print(const GDalvikPoolOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + const char *string; /* Chaîne de caractères #1 */ + GDataType *type; /* Type à représenter */ + size_t len; /* Taille du texte à créer */ + char *tmp; /* Chaîne de caractères #2 */ + GBinVariable *field; /* Champ à représenter */ + GDexMethod *method; /* Méthode à retrouver */ + GBinRoutine *routine; /* Routine à représenter */ + + switch (operand->type) + { + case DPT_NONE: + g_buffer_line_append_text(line, BLC_ASSEMBLY, "????", 4, RTT_ERROR, NULL); + break; + + case DPT_STRING: + + string = get_string_from_dex_pool(operand->format, operand->index, NULL); + + if (string != NULL) + { + g_buffer_line_append_text(line, BLC_ASSEMBLY, "\"", 1, RTT_STRING, NULL); + + len = strlen(string); + + if (len > 0) + g_buffer_line_append_text(line, BLC_ASSEMBLY, string, len, RTT_STRING, NULL); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "\"", 1, RTT_STRING, NULL); + + } + else + { + len = strlen(_("<bad string index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad string index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + free(tmp); + + } + + break; + + case DPT_TYPE: + + type = get_type_from_dex_pool(operand->format, operand->index); + + if (type != NULL) + { + tmp = g_data_type_to_string(type); + g_object_unref(G_OBJECT(type)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad type index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad type index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + break; + + case DPT_PROTO: + g_buffer_line_append_text(line, BLC_ASSEMBLY, "proto(/*TODO*/)", 5, RTT_SECTION, NULL); + break; + + case DPT_FIELD: + + field = get_field_from_dex_pool(operand->format, operand->index); + + if (field != NULL) + { + tmp = g_binary_variable_to_string(field, false); + g_object_unref(G_OBJECT(field)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad field index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad field index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + break; + + case DPT_METHOD: + + method = get_method_from_dex_pool(operand->format, operand->index); + + if (method != NULL) + routine = g_dex_method_get_routine(method); + else + routine = NULL; + + if (routine != NULL) + { + tmp = g_binary_routine_to_string(routine); + g_object_unref(G_OBJECT(routine)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad method index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad method index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + if (method != NULL) + g_object_unref(G_OBJECT(method)); + + break; + + } + +} + + +/****************************************************************************** +* * +* Paramètres : format = format du fichier contenant le code. * +* type = type de table visée avec la référence. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* size = taille de l'opérande, et donc du registre. * +* endian = ordre des bits dans la source. * +* * +* Description : Crée un opérande visant un élément constant Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_pool_operand_new(GDexFormat *format, DalvikPoolType type, const GBinContent *content, vmpa2t *pos, MemoryDataSize size, SourceEndian endian) +{ + GDalvikPoolOperand *result; /* Structure à retourner */ + uint8_t index8; /* Indice sur 8 bits */ + uint16_t index16; /* Indice sur 16 bits */ + bool test; /* Bilan de lecture */ + + switch (size) + { + case MDS_8_BITS: + test = g_binary_content_read_u8(content, pos, &index8); + break; + case MDS_16_BITS: + test = g_binary_content_read_u16(content, pos, endian, &index16); + break; + default: + test = false; + break; + } + + if (!test) + goto gdpon_exit; + + result = g_object_new(G_TYPE_DALVIK_POOL_OPERAND, NULL); + + g_object_ref(G_OBJECT(format)); + + result->format = format; + result->type = type; + result->index = (size == MDS_8_BITS ? index8 : index16); + + return G_ARCH_OPERAND(result); + + gdpon_exit: + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à consulter. * +* * +* Description : Indique la nature de la table de constantes visée ici. * +* * +* Retour : Type de table constantes visée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DalvikPoolType g_dalvik_pool_operand_get_pool_type(const GDalvikPoolOperand *operand) +{ + return operand->type; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à consulter. * +* * +* Description : Indique l'indice de l'élément dans la table de constantes. * +* * +* Retour : Indice de l'élément visé dans la table de constantes. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint32_t g_dalvik_pool_operand_get_index(const GDalvikPoolOperand *operand) +{ + return operand->index; + +} diff --git a/plugins/dalvik/operands/pool.h b/plugins/dalvik/operands/pool.h new file mode 100644 index 0000000..3045a2c --- /dev/null +++ b/plugins/dalvik/operands/pool.h @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.h - prototypes pour les opérandes pointant vers la table des constantes + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_POOL_H +#define _ARCH_DALVIK_OPERANDS_POOL_H + + +#include <glib-object.h> +#include <stdint.h> + + +#include <arch/operand.h> +#include <common/endianness.h> +#include <plugins/dex/pool.h> + + + +#define G_TYPE_DALVIK_POOL_OPERAND g_dalvik_pool_operand_get_type() +#define G_DALVIK_POOL_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperand)) +#define G_IS_DALVIK_POOL_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_POOL_OPERAND)) +#define G_DALVIK_POOL_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperandClass)) +#define G_IS_DALVIK_POOL_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_POOL_OPERAND)) +#define G_DALVIK_POOL_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperandClass)) + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (instance) */ +typedef struct _GDalvikPoolOperand GDalvikPoolOperand; + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (classe) */ +typedef struct _GDalvikPoolOperandClass GDalvikPoolOperandClass; + + +/* Type de table de constantes */ +typedef enum _DalvikPoolType +{ + DPT_NONE = 0x0, + DPT_STRING = 0x1, + DPT_TYPE = 0x2, + DPT_PROTO = 0x3, + DPT_FIELD = 0x4, + DPT_METHOD = 0x5 + +} DalvikPoolType; + + +/* Indique le type défini par la GLib pour un un élément de table de constantes Dalvik. */ +GType g_dalvik_pool_operand_get_type(void); + +/* Crée un opérande visant un élément constant Dalvik. */ +GArchOperand *g_dalvik_pool_operand_new(GDexFormat *, DalvikPoolType, const GBinContent *, vmpa2t *, MemoryDataSize, SourceEndian); + +/* Indique la nature de la table de constantes visée ici. */ +DalvikPoolType g_dalvik_pool_operand_get_pool_type(const GDalvikPoolOperand *); + +/* Indique l'indice de l'élément dans la table de constantes. */ +uint32_t g_dalvik_pool_operand_get_index(const GDalvikPoolOperand *); + + + +#endif /* _ARCH_DALVIK_OPERANDS_POOL_H */ diff --git a/plugins/dalvik/operands/register.c b/plugins/dalvik/operands/register.c new file mode 100644 index 0000000..4268252 --- /dev/null +++ b/plugins/dalvik/operands/register.c @@ -0,0 +1,363 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * register.c - opérandes visant un registre Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "register.h" + + +#include <arch/operand-int.h> +#include <arch/register.h> + + + +/* Définition d'un opérande visant un registre Dalvik (instance) */ +struct _GDalvikRegisterOperand +{ + GArchOperand parent; /* Instance parente */ + + const GDalvikRegister *reg; /* Registre représenté */ + bool is_written; /* Changement de contenu */ + +}; + + +/* Définition d'un opérande visant un registre Dalvik (classe) */ +struct _GDalvikRegisterOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des opérandes de registre Dalvik. */ +static void g_dalvik_register_operand_class_init(GDalvikRegisterOperandClass *); + +/* Initialise une instance d'opérande de registre Dalvik. */ +static void g_dalvik_register_operand_init(GDalvikRegisterOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_register_operand_dispose(GDalvikRegisterOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_register_operand_finalize(GDalvikRegisterOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_register_operand_compare(const GDalvikRegisterOperand *, const GDalvikRegisterOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_register_operand_print(const GDalvikRegisterOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour un opérande de registre Dalvik. */ +G_DEFINE_TYPE(GDalvikRegisterOperand, g_dalvik_register_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des opérandes de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_class_init(GDalvikRegisterOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_register_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_register_operand_finalize; + + operand = G_ARCH_OPERAND_CLASS(klass); + + operand->compare = (operand_compare_fc)g_dalvik_register_operand_compare; + operand->print = (operand_print_fc)g_dalvik_register_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance d'opérande de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_init(GDalvikRegisterOperand *operand) +{ + operand->is_written = false; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_dispose(GDalvikRegisterOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_register_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_finalize(GDalvikRegisterOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_register_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_register_operand_compare(const GDalvikRegisterOperand *a, const GDalvikRegisterOperand *b) +{ + int result; /* Bilan à retourner */ + + result = g_dalvik_register_compare(a->reg, b->reg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_print(const GDalvikRegisterOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + g_arch_register_print(G_ARCH_REGISTER(operand->reg), line, syntax); + +} + + +/****************************************************************************** +* * +* Paramètres : content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* size = taille de l'opérande, et donc du registre. * +* endian = ordre des bits dans la source. * +* * +* Description : Crée un opérande visant un registre Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_register_operand_new(const GBinContent *content, vmpa2t *pos, bool *low, MemoryDataSize size, SourceEndian endian) +{ + GArchOperand *result; /* Structure à retourner */ + uint8_t index8; /* Indice sur 8 bits */ + uint16_t index16; /* Indice sur 16 bits */ + bool test; /* Bilan de lecture */ + GDalvikRegister *reg; /* Registre à représenter */ + + result = NULL; + + switch (size) + { + case MDS_4_BITS: + test = g_binary_content_read_u4(content, pos, low, &index8); + break; + case MDS_8_BITS: + test = g_binary_content_read_u8(content, pos, &index8); + break; + case MDS_16_BITS: + test = g_binary_content_read_u16(content, pos, endian, &index16); + break; + default: + test = false; + break; + } + + if (!test) + goto gdron_exit; + + switch (size) + { + case MDS_4_BITS: + case MDS_8_BITS: + reg = g_dalvik_register_new(index8); + break; + case MDS_16_BITS: + reg = g_dalvik_register_new(index16); + break; + default: + reg = NULL; + break; + } + + if (reg != NULL) + { + result = g_dalvik_register_operand_new_from_existing(reg); + + if (result == NULL) + g_object_unref(G_OBJECT(reg)); + + } + + return result; + + gdron_exit: + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre déjà en place. * +* * +* Description : Crée un opérande visant un registre Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_register_operand_new_from_existing(GDalvikRegister *reg) +{ + GDalvikRegisterOperand *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_REGISTER_OPERAND, NULL); + + result->reg = reg; + + return G_ARCH_OPERAND(result); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre. * +* * +* Description : Fournit le registre Dalvik associé à l'opérande. * +* * +* Retour : Représentation interne du registre. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const GDalvikRegister *g_dalvik_register_operand_get(const GDalvikRegisterOperand *operand) +{ + return operand->reg; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre à mettre à jour. * +* * +* Description : Marque l'opérande comme étant écrit plutôt que consulté. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dalvik_register_operand_mark_as_written(GDalvikRegisterOperand *operand) +{ + operand->is_written = true; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre à consulter. * +* * +* Description : Indique le type d'accès réalisé sur l'opérande. * +* * +* Retour : Type d'accès : true en cas d'écriture, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_register_operand_is_written(const GDalvikRegisterOperand *operand) +{ + return operand->is_written; + +} diff --git a/plugins/dalvik/operands/register.h b/plugins/dalvik/operands/register.h new file mode 100644 index 0000000..f1dec72 --- /dev/null +++ b/plugins/dalvik/operands/register.h @@ -0,0 +1,75 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * register.h - prototypes pour les opérandes visant un registre Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_REGISTER_H +#define _ARCH_DALVIK_OPERANDS_REGISTER_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <analysis/content.h> +#include <arch/operand.h> + + +#include "../register.h" + + + +#define G_TYPE_DALVIK_REGISTER_OPERAND g_dalvik_register_operand_get_type() +#define G_DALVIK_REGISTER_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperand)) +#define G_IS_DALVIK_REGISTER_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_REGISTER_OPERAND)) +#define G_DALVIK_REGISTER_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperandClass)) +#define G_IS_DALVIK_REGISTER_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_REGISTER_OPERAND)) +#define G_DALVIK_REGISTER_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperandClass)) + + +/* Définition d'un opérande visant un registre Dalvik (instance) */ +typedef struct _GDalvikRegisterOperand GDalvikRegisterOperand; + +/* Définition d'un opérande visant un registre Dalvik (classe) */ +typedef struct _GDalvikRegisterOperandClass GDalvikRegisterOperandClass; + + +/* Indique le type défini par la GLib pour un opérande de registre Dalvik. */ +GType g_dalvik_register_operand_get_type(void); + +/* Crée un opérande visant un registre Dalvik. */ +GArchOperand *g_dalvik_register_operand_new(const GBinContent *, vmpa2t *, bool *, MemoryDataSize, SourceEndian); + +/* Crée un opérande visant un registre Dalvik. */ +GArchOperand *g_dalvik_register_operand_new_from_existing(GDalvikRegister *); + +/* Fournit le registre Dalvik associé à l'opérande. */ +const GDalvikRegister *g_dalvik_register_operand_get(const GDalvikRegisterOperand *); + +/* Marque l'opérande comme étant écrit plutôt que consulté. */ +void g_dalvik_register_operand_mark_as_written(GDalvikRegisterOperand *); + +/* Indique le type d'accès réalisé sur l'opérande. */ +bool g_dalvik_register_operand_is_written(const GDalvikRegisterOperand *); + + + +#endif /* _ARCH_DALVIK_OPERANDS_REGISTER_H */ diff --git a/plugins/dalvik/post.h b/plugins/dalvik/post.h new file mode 100644 index 0000000..63d35c3 --- /dev/null +++ b/plugins/dalvik/post.h @@ -0,0 +1,52 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * post.h - prototypes pour les traitements complémentaires à la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_POST_H +#define _ARCH_DALVIK_POST_H + + +#include <arch/post.h> + + + +static inline void post_process_dalvik_goto_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 0, STP_CODE_LABEL); + +} + +static inline void post_process_dalvik_if_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 2, STP_CODE_LABEL); + +} + +static inline void post_process_dalvik_ifz_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 1, STP_CODE_LABEL); + +} + + + +#endif /* _ARCH_DALVIK_POST_H */ diff --git a/plugins/dalvik/processor.c b/plugins/dalvik/processor.c new file mode 100644 index 0000000..16d6644 --- /dev/null +++ b/plugins/dalvik/processor.c @@ -0,0 +1,583 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * processor.c - manipulation du processeur de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "processor.h" + + +#include <assert.h> + + +#include <arch/processor-int.h> +#include <plugins/dex/format.h> + + +#include "context.h" +#include "instruction.h" +#include "opcodes/opcodes.h" +#include "pseudo/fill.h" +#include "pseudo/switch.h" + + + +/* Définition du processeur de la VM Dalvik (instance) */ +struct _GDalvikProcessor +{ + GArchProcessor parent; /* Instance parente */ + +}; + + +/* Définition du processeur de la VM Dalvik (classe) */ +struct _GDalvikProcessorClass +{ + GArchProcessorClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des processeurs de VM Dalvik. */ +static void g_dalvik_processor_class_init(GDalvikProcessorClass *); + +/* Initialise une instance de processeur de VM Dalvik. */ +static void g_dalvik_processor_init(GDalvikProcessor *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_processor_dispose(GDalvikProcessor *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_processor_finalize(GDalvikProcessor *); + +/* Fournit un contexte pour l'exécution du processeur Dalvik. */ +static GDalvikContext *g_dalvik_processor_get_context(const GDalvikProcessor *); + +/* Fournit un contexte pour la décompilation Dalvik. */ +//static GDalvikDContext *g_dalvik_processor_get_decomp_context(const GDalvikProcessor *); + +/* Décode une instruction dans un flux de données. */ +static GArchInstruction *g_dalvik_processor_disassemble(const GArchProcessor *, GDalvikContext *, const GBinContent *, vmpa2t *, GExeFormat *); + +/* Décode une pseudo-instruction dans un flux de données. */ +static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProcessor *, GDalvikContext *, const GBinContent *, vmpa2t *, uint8_t); + + + +/* Indique le type défini par la GLib pour le processeur DALVIK. */ +G_DEFINE_TYPE(GDalvikProcessor, g_dalvik_processor, G_TYPE_ARCH_PROCESSOR); + + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des processeurs de VM Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_class_init(GDalvikProcessorClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchProcessorClass *proc; /* Encore une autre vision... */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_processor_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_processor_finalize; + + proc = G_ARCH_PROCESSOR_CLASS(klass); + + proc->disassemble = (disass_instr_fc)g_dalvik_processor_disassemble; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = instance à initialiser. * +* * +* Description : Initialise une instance de processeur de VM Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_init(GDalvikProcessor *proc) +{ + GArchProcessor *parent; /* Instance parente */ + + parent = G_ARCH_PROCESSOR(proc); + + parent->endianness = SRE_LITTLE; + parent->memsize = MDS_32_BITS; + parent->inssize = MDS_16_BITS; + + parent->get_ctx = (get_processor_context_fc)g_dalvik_processor_get_context; + //parent->get_dec_ctx = (get_decomp_context_fc)g_dalvik_processor_get_decomp_context; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_dispose(GDalvikProcessor *proc) +{ + G_OBJECT_CLASS(g_dalvik_processor_parent_class)->dispose(G_OBJECT(proc)); + +} + + +/****************************************************************************** +* * +* Paramètres : bookmark = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_finalize(GDalvikProcessor *proc) +{ + G_OBJECT_CLASS(g_dalvik_processor_parent_class)->finalize(G_OBJECT(proc)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée le support de l'architecture Dalvik. * +* * +* Retour : Architecture mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchProcessor *g_dalvik_processor_new(void) +{ + GArchProcessor *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_PROCESSOR, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture, spectatrice ici. * +* * +* Description : Fournit un contexte pour l'exécution du processeur Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDalvikContext *g_dalvik_processor_get_context(const GDalvikProcessor *proc) +{ + return g_dalvik_context_new(); + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture, spectatrice ici. * +* * +* Description : Fournit un contexte pour la décompilation Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ +#if 0 +static GDalvikDContext *g_dalvik_processor_get_decomp_context(const GDalvikProcessor *proc) +{ + return g_dalvik_dcontext_new(); + +} +#endif + + +/****************************************************************************** +* * +* Paramètres : proc = architecture visée par la procédure. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* format = format du fichier contenant le code. * +* * +* Description : Désassemble une instruction dans un flux de données. * +* * +* Retour : Instruction mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchInstruction *g_dalvik_processor_disassemble(const GArchProcessor *proc, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos, GExeFormat *format) +{ + GArchInstruction *result; /* Instruction à renvoyer */ + uint8_t raw8; /* Donnée de 8 bits à analyser */ + DalvikOpcodes id; /* Identifiant d'instruction */ + + static const disass_instr_fc decodings[DOP_COUNT] = { + + [DOP_NOP] = dalvik_read_instr_nop, + [DOP_MOVE] = dalvik_read_instr_move, + [DOP_MOVE_FROM_16] = dalvik_read_instr_move_from16, + [DOP_MOVE_16] = dalvik_read_instr_move_16, + [DOP_MOVE_WIDE] = dalvik_read_instr_move_wide, + [DOP_MOVE_WIDE_FROM_16] = dalvik_read_instr_move_wide_from16, + [DOP_MOVE_WIDE_16] = dalvik_read_instr_move_wide_16, + [DOP_MOVE_OBJECT] = dalvik_read_instr_move_object, + [DOP_MOVE_OBJECT_FROM_16] = dalvik_read_instr_move_object_from16, + [DOP_MOVE_OBJECT_16] = dalvik_read_instr_move_object_16, + [DOP_MOVE_RESULT] = dalvik_read_instr_move_result, + [DOP_MOVE_RESULT_WIDE] = dalvik_read_instr_move_result_wide, + [DOP_MOVE_RESULT_OBJECT] = dalvik_read_instr_move_result_object, + [DOP_MOVE_EXCEPTION] = dalvik_read_instr_move_exception, + [DOP_RETURN_VOID] = dalvik_read_instr_return_void, + [DOP_RETURN] = dalvik_read_instr_return, + [DOP_RETURN_WIDE] = dalvik_read_instr_return_wide, + [DOP_RETURN_OBJECT] = dalvik_read_instr_return_object, + [DOP_CONST_4] = dalvik_read_instr_const_4, + [DOP_CONST_16] = dalvik_read_instr_const_16, + [DOP_CONST] = dalvik_read_instr_const, + [DOP_CONST_HIGH16] = dalvik_read_instr_const_high16, + [DOP_CONST_WIDE_16] = dalvik_read_instr_const_wide_16, + [DOP_CONST_WIDE_32] = dalvik_read_instr_const_wide_32, + [DOP_CONST_WIDE] = dalvik_read_instr_const_wide, + [DOP_CONST_WIDE_HIGH16] = dalvik_read_instr_const_wide_high16, + [DOP_CONST_STRING] = dalvik_read_instr_const_string, + [DOP_CONST_STRING_JUMBO] = dalvik_read_instr_const_string_jumbo, + [DOP_CONST_CLASS] = dalvik_read_instr_const_class, + [DOP_MONITOR_ENTER] = dalvik_read_instr_monitor_enter, + [DOP_MONITOR_EXIT] = dalvik_read_instr_monitor_exit, + [DOP_CHECK_CAST] = dalvik_read_instr_check_cast, + [DOP_INSTANCE_OF] = dalvik_read_instr_instance_of, + [DOP_ARRAY_LENGTH] = dalvik_read_instr_array_length, + [DOP_NEW_INSTANCE] = dalvik_read_instr_new_instance, + [DOP_NEW_ARRAY] = dalvik_read_instr_new_array, + [DOP_FILLED_NEW_ARRAY] = dalvik_read_instr_filled_new_array, + [DOP_FILLED_NEW_ARRAY_RANGE]= dalvik_read_instr_filled_new_array_range, + [DOP_FILL_ARRAY_DATA] = dalvik_read_instr_fill_array_data, + [DOP_THROW] = dalvik_read_instr_throw, + [DOP_GOTO] = dalvik_read_instr_goto, + [DOP_GOTO_16] = dalvik_read_instr_goto_16, + [DOP_GOTO_32] = dalvik_read_instr_goto_32, + [DOP_PACKED_SWITCH] = dalvik_read_instr_packed_switch, + [DOP_SPARSE_SWITCH] = dalvik_read_instr_sparse_switch, + [DOP_CMPL_FLOAT] = dalvik_read_instr_cmpl_float, + [DOP_CMPG_FLOAT] = dalvik_read_instr_cmpg_float, + [DOP_CMPL_DOUBLE] = dalvik_read_instr_cmpl_double, + [DOP_CMPG_DOUBLE] = dalvik_read_instr_cmpg_double, + [DOP_CMP_LONG] = dalvik_read_instr_cmp_long, + [DOP_IF_EQ] = dalvik_read_instr_if_eq, + [DOP_IF_NE] = dalvik_read_instr_if_ne, + [DOP_IF_LT] = dalvik_read_instr_if_lt, + [DOP_IF_GE] = dalvik_read_instr_if_ge, + [DOP_IF_GT] = dalvik_read_instr_if_gt, + [DOP_IF_LE] = dalvik_read_instr_if_le, + [DOP_IF_EQZ] = dalvik_read_instr_if_eqz, + [DOP_IF_NEZ] = dalvik_read_instr_if_nez, + [DOP_IF_LTZ] = dalvik_read_instr_if_ltz, + [DOP_IF_GEZ] = dalvik_read_instr_if_gez, + [DOP_IF_GTZ] = dalvik_read_instr_if_gtz, + [DOP_IF_LEZ] = dalvik_read_instr_if_lez, + [DOP_AGET] = dalvik_read_instr_aget, + [DOP_AGET_WIDE] = dalvik_read_instr_aget_wide, + [DOP_AGET_OBJECT] = dalvik_read_instr_aget_object, + [DOP_AGET_BOOLEAN] = dalvik_read_instr_aget_boolean, + [DOP_AGET_BYTE] = dalvik_read_instr_aget_byte, + [DOP_AGET_CHAR] = dalvik_read_instr_aget_char, + [DOP_AGET_SHORT] = dalvik_read_instr_aget_short, + [DOP_APUT] = dalvik_read_instr_aput, + [DOP_APUT_WIDE] = dalvik_read_instr_aput_wide, + [DOP_APUT_OBJECT] = dalvik_read_instr_aput_object, + [DOP_APUT_BOOLEAN] = dalvik_read_instr_aput_boolean, + [DOP_APUT_BYTE] = dalvik_read_instr_aput_byte, + [DOP_APUT_CHAR] = dalvik_read_instr_aput_char, + [DOP_APUT_SHORT] = dalvik_read_instr_aput_short, + [DOP_IGET] = dalvik_read_instr_iget, + [DOP_IGET_WIDE] = dalvik_read_instr_iget_wide, + [DOP_IGET_OBJECT] = dalvik_read_instr_iget_object, + [DOP_IGET_BOOLEAN] = dalvik_read_instr_iget_boolean, + [DOP_IGET_BYTE] = dalvik_read_instr_iget_byte, + [DOP_IGET_CHAR] = dalvik_read_instr_iget_char, + [DOP_IGET_SHORT] = dalvik_read_instr_iget_short, + [DOP_IPUT] = dalvik_read_instr_iput, + [DOP_IPUT_WIDE] = dalvik_read_instr_iput_wide, + [DOP_IPUT_OBJECT] = dalvik_read_instr_iput_object, + [DOP_IPUT_BOOLEAN] = dalvik_read_instr_iput_boolean, + [DOP_IPUT_BYTE] = dalvik_read_instr_iput_byte, + [DOP_IPUT_CHAR] = dalvik_read_instr_iput_char, + [DOP_IPUT_SHORT] = dalvik_read_instr_iput_short, + [DOP_SGET] = dalvik_read_instr_sget, + [DOP_SGET_WIDE] = dalvik_read_instr_sget_wide, + [DOP_SGET_OBJECT] = dalvik_read_instr_sget_object, + [DOP_SGET_BOOLEAN] = dalvik_read_instr_sget_boolean, + [DOP_SGET_BYTE] = dalvik_read_instr_sget_byte, + [DOP_SGET_CHAR] = dalvik_read_instr_sget_char, + [DOP_SGET_SHORT] = dalvik_read_instr_sget_short, + [DOP_SPUT] = dalvik_read_instr_sput, + [DOP_SPUT_WIDE] = dalvik_read_instr_sput_wide, + [DOP_SPUT_OBJECT] = dalvik_read_instr_sput_object, + [DOP_SPUT_BOOLEAN] = dalvik_read_instr_sput_boolean, + [DOP_SPUT_BYTE] = dalvik_read_instr_sput_byte, + [DOP_SPUT_CHAR] = dalvik_read_instr_sput_char, + [DOP_SPUT_SHORT] = dalvik_read_instr_sput_short, + [DOP_INVOKE_VIRTUAL] = dalvik_read_instr_invoke_virtual, + [DOP_INVOKE_SUPER] = dalvik_read_instr_invoke_super, + [DOP_INVOKE_DIRECT] = dalvik_read_instr_invoke_direct, + [DOP_INVOKE_STATIC] = dalvik_read_instr_invoke_static, + [DOP_INVOKE_INTERFACE] = dalvik_read_instr_invoke_interface, + [DOP_INVOKE_VIRTUAL_RANGE] = dalvik_read_instr_invoke_virtual_range, + [DOP_INVOKE_SUPER_RANGE] = dalvik_read_instr_invoke_super_range, + [DOP_INVOKE_DIRECT_RANGE] = dalvik_read_instr_invoke_direct_range, + [DOP_INVOKE_STATIC_RANGE] = dalvik_read_instr_invoke_static_range, + [DOP_INVOKE_INTERFACE_RANGE]= dalvik_read_instr_invoke_interface_range, + [DOP_NEG_INT] = dalvik_read_instr_neg_int, + [DOP_NOT_INT] = dalvik_read_instr_not_int, + [DOP_NEG_LONG] = dalvik_read_instr_neg_long, + [DOP_NOT_LONG] = dalvik_read_instr_not_long, + [DOP_NEG_FLOAT] = dalvik_read_instr_neg_float, + [DOP_NEG_DOUBLE] = dalvik_read_instr_neg_double, + [DOP_TO_INT_LONG] = dalvik_read_instr_int_to_long, + [DOP_TO_INT_FLOAT] = dalvik_read_instr_int_to_float, + [DOP_TO_INT_DOUBLE] = dalvik_read_instr_int_to_double, + [DOP_TO_LONG_INT] = dalvik_read_instr_long_to_int, + [DOP_TO_LONG_FLOAT] = dalvik_read_instr_long_to_float, + [DOP_TO_LONG_DOUBLE] = dalvik_read_instr_long_to_double, + [DOP_TO_FLOAT_INT] = dalvik_read_instr_float_to_int, + [DOP_TO_FLOAT_LONG] = dalvik_read_instr_float_to_long, + [DOP_TO_FLOAT_DOUBLE] = dalvik_read_instr_float_to_double, + [DOP_TO_DOUBLE_INT] = dalvik_read_instr_double_to_int, + [DOP_TO_DOUBLE_LONG] = dalvik_read_instr_double_to_long, + [DOP_TO_DOUBLE_FLOAT] = dalvik_read_instr_double_to_float, + [DOP_TO_INT_BYTE] = dalvik_read_instr_int_to_byte, + [DOP_TO_INT_CHAR] = dalvik_read_instr_int_to_char, + [DOP_TO_INT_SHORT] = dalvik_read_instr_int_to_short, + [DOP_ADD_INT] = dalvik_read_instr_add_int, + [DOP_SUB_INT] = dalvik_read_instr_sub_int, + [DOP_MUL_INT] = dalvik_read_instr_mul_int, + [DOP_DIV_INT] = dalvik_read_instr_div_int, + [DOP_REM_INT] = dalvik_read_instr_rem_int, + [DOP_AND_INT] = dalvik_read_instr_and_int, + [DOP_OR_INT] = dalvik_read_instr_or_int, + [DOP_XOR_INT] = dalvik_read_instr_xor_int, + [DOP_SHL_INT] = dalvik_read_instr_shl_int, + [DOP_SHR_INT] = dalvik_read_instr_shr_int, + [DOP_USHR_INT] = dalvik_read_instr_ushr_int, + [DOP_ADD_LONG] = dalvik_read_instr_add_long, + [DOP_SUB_LONG] = dalvik_read_instr_sub_long, + [DOP_MUL_LONG] = dalvik_read_instr_mul_long, + [DOP_DIV_LONG] = dalvik_read_instr_div_long, + [DOP_REM_LONG] = dalvik_read_instr_rem_long, + [DOP_AND_LONG] = dalvik_read_instr_and_long, + [DOP_OR_LONG] = dalvik_read_instr_or_long, + [DOP_XOR_LONG] = dalvik_read_instr_xor_long, + [DOP_SHL_LONG] = dalvik_read_instr_shl_long, + [DOP_SHR_LONG] = dalvik_read_instr_shr_long, + [DOP_USHR_LONG] = dalvik_read_instr_ushr_long, + [DOP_ADD_FLOAT] = dalvik_read_instr_add_float, + [DOP_SUB_FLOAT] = dalvik_read_instr_sub_float, + [DOP_MUL_FLOAT] = dalvik_read_instr_mul_float, + [DOP_DIV_FLOAT] = dalvik_read_instr_div_float, + [DOP_REM_FLOAT] = dalvik_read_instr_rem_float, + [DOP_ADD_DOUBLE] = dalvik_read_instr_add_double, + [DOP_SUB_DOUBLE] = dalvik_read_instr_sub_double, + [DOP_MUL_DOUBLE] = dalvik_read_instr_mul_double, + [DOP_DIV_DOUBLE] = dalvik_read_instr_div_double, + [DOP_REM_DOUBLE] = dalvik_read_instr_rem_double, + [DOP_ADD_INT_2ADDR] = dalvik_read_instr_add_int_2addr, + [DOP_SUB_INT_2ADDR] = dalvik_read_instr_sub_int_2addr, + [DOP_MUL_INT_2ADDR] = dalvik_read_instr_mul_int_2addr, + [DOP_DIV_INT_2ADDR] = dalvik_read_instr_div_int_2addr, + [DOP_REM_INT_2ADDR] = dalvik_read_instr_rem_int_2addr, + [DOP_AND_INT_2ADDR] = dalvik_read_instr_and_int_2addr, + [DOP_OR_INT_2ADDR] = dalvik_read_instr_or_int_2addr, + [DOP_XOR_INT_2ADDR] = dalvik_read_instr_xor_int_2addr, + [DOP_SHL_INT_2ADDR] = dalvik_read_instr_shl_int_2addr, + [DOP_SHR_INT_2ADDR] = dalvik_read_instr_shr_int_2addr, + [DOP_USHR_INT_2ADDR] = dalvik_read_instr_ushr_int_2addr, + [DOP_ADD_LONG_2ADDR] = dalvik_read_instr_add_long_2addr, + [DOP_SUB_LONG_2ADDR] = dalvik_read_instr_sub_long_2addr, + [DOP_MUL_LONG_2ADDR] = dalvik_read_instr_mul_long_2addr, + [DOP_DIV_LONG_2ADDR] = dalvik_read_instr_div_long_2addr, + [DOP_REM_LONG_2ADDR] = dalvik_read_instr_rem_long_2addr, + [DOP_AND_LONG_2ADDR] = dalvik_read_instr_and_long_2addr, + [DOP_OR_LONG_2ADDR] = dalvik_read_instr_or_long_2addr, + [DOP_XOR_LONG_2ADDR] = dalvik_read_instr_xor_long_2addr, + [DOP_SHL_LONG_2ADDR] = dalvik_read_instr_shl_long_2addr, + [DOP_SHR_LONG_2ADDR] = dalvik_read_instr_shr_long_2addr, + [DOP_USHR_LONG_2ADDR] = dalvik_read_instr_ushr_long_2addr, + [DOP_ADD_FLOAT_2ADDR] = dalvik_read_instr_add_float_2addr, + [DOP_SUB_FLOAT_2ADDR] = dalvik_read_instr_sub_float_2addr, + [DOP_MUL_FLOAT_2ADDR] = dalvik_read_instr_mul_float_2addr, + [DOP_DIV_FLOAT_2ADDR] = dalvik_read_instr_div_float_2addr, + [DOP_REM_FLOAT_2ADDR] = dalvik_read_instr_rem_float_2addr, + [DOP_ADD_DOUBLE_2ADDR] = dalvik_read_instr_add_double_2addr, + [DOP_SUB_DOUBLE_2ADDR] = dalvik_read_instr_sub_double_2addr, + [DOP_MUL_DOUBLE_2ADDR] = dalvik_read_instr_mul_double_2addr, + [DOP_DIV_DOUBLE_2ADDR] = dalvik_read_instr_div_double_2addr, + [DOP_REM_DOUBLE_2ADDR] = dalvik_read_instr_rem_double_2addr, + [DOP_ADD_INT_LIT16] = dalvik_read_instr_add_int_lit16, + [DOP_RSUB_INT] = dalvik_read_instr_rsub_int, + [DOP_MUL_INT_LIT16] = dalvik_read_instr_mul_int_lit16, + [DOP_DIV_INT_LIT16] = dalvik_read_instr_div_int_lit16, + [DOP_REM_INT_LIT16] = dalvik_read_instr_rem_int_lit16, + [DOP_AND_INT_LIT16] = dalvik_read_instr_and_int_lit16, + [DOP_OR_INT_LIT16] = dalvik_read_instr_or_int_lit16, + [DOP_XOR_INT_LIT16] = dalvik_read_instr_xor_int_lit16, + [DOP_ADD_INT_LIT8] = dalvik_read_instr_add_int_lit8, + [DOP_RSUB_INT_LIT8] = dalvik_read_instr_rsub_int_lit8, + [DOP_MUL_INT_LIT8] = dalvik_read_instr_mul_int_lit8, + [DOP_DIV_INT_LIT8] = dalvik_read_instr_div_int_lit8, + [DOP_REM_INT_LIT8] = dalvik_read_instr_rem_int_lit8, + [DOP_AND_INT_LIT8] = dalvik_read_instr_and_int_lit8, + [DOP_OR_INT_LIT8] = dalvik_read_instr_or_int_lit8, + [DOP_XOR_INT_LIT8] = dalvik_read_instr_xor_int_lit8, + [DOP_SHL_INT_LIT8] = dalvik_read_instr_shl_int_lit8, + [DOP_SHR_INT_LIT8] = dalvik_read_instr_shr_int_lit8, + [DOP_USHR_INT_LIT8] = dalvik_read_instr_ushr_int_lit8 + + }; + + /* Données brutes associées à une instruction ? */ + + result = g_dalvik_context_get_raw_data(ctx, content, pos); + + if (result != NULL) goto gdpd_done; + + /* Pseudo-instruction... */ + + if (!g_binary_content_read_u8(content, pos, &raw8)) + return NULL; + + result = g_dalvik_processor_disassemble_pseudo(proc, ctx, content, pos, raw8); + + if (result != NULL) goto gdpd_done; + + /* ... ou instruction classique */ + + assert(raw8 < DOP_COUNT); + + id = (DalvikOpcodes)raw8; + + if (decodings[id] != NULL) + result = decodings[id](proc, G_PROC_CONTEXT(ctx), content, pos, format); + + gdpd_done: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture visée par la procédure. * +* data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* end = limite des données à analyser. * +* addr = adresse virtuelle de l'instruction. * +* low8 = 8 bits de poids faible déjà lus. * +* * +* Description : Décode une pseudo-instruction dans un flux de données. * +* * +* Retour : Instruction mise en place ou NULL si aucune trouvée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProcessor *proc, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos, uint8_t low8) +{ + GArchInstruction *result; /* Instruction à renvoyer */ + vmpa2t tmp; /* Position modifiable */ + uint8_t high8; /* Nouvelle octet à venir lire */ + uint16_t ident; /* Valeur lue dans le code */ + + /* Vérification astucieuse et rapide...*/ + if (low8 != 0x00 /* DOP_NOP */) + return NULL; + + result = NULL; + + copy_vmpa(&tmp, pos); + + if (!g_binary_content_read_u8(content, pos, &high8)) + goto gdpdp_exit; + + ident = high8 << 8 | low8; + + switch (ident) + { + case DPO_PACKED_SWITCH: + case DPO_SPARSE_SWITCH: + result = g_dalvik_switch_instr_new(ident, ctx, content, pos); + break; + + case DPO_FILL_ARRAY_DATA: + result = g_dalvik_fill_instr_new(ident, ctx, content, pos); + break; + + default: + result = NULL; + break; + + } + + gdpdp_exit: + + if (result == NULL) + copy_vmpa(pos, &tmp); + + return result; + +} diff --git a/plugins/dalvik/processor.h b/plugins/dalvik/processor.h new file mode 100644 index 0000000..c6c1278 --- /dev/null +++ b/plugins/dalvik/processor.h @@ -0,0 +1,53 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * processor.h - prototypes pour la manipulation du processeur de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PROCESSOR_H +#define _ARCH_DALVIK_PROCESSOR_H + + +#include <arch/processor.h> + + + +#define G_TYPE_DALVIK_PROCESSOR g_dalvik_processor_get_type() +#define G_DALVIK_PROCESSOR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_processor_get_type(), GDalvikProcessor)) +#define G_IS_DALVIK_PROCESSOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_processor_get_type())) +#define G_DALVIK_PROCESSOR_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), g_dalvik_processor_get_type(), GDalvikProcessorIface)) + + +/* Définition du processeur de la VM Dalvik (instance) */ +typedef struct _GDalvikProcessor GDalvikProcessor; + +/* Définition du processeur de la VM Dalvik (classe) */ +typedef struct _GDalvikProcessorClass GDalvikProcessorClass; + + +/* Indique le type défini par la GLib pour le processeur Dalvik. */ +GType g_dalvik_processor_get_type(void); + +/* Crée le support de l'architecture Dalvik. */ +GArchProcessor *g_dalvik_processor_new(void); + + + +#endif /* _ARCH_DALVIK_PROCESSOR_H */ diff --git a/plugins/dalvik/pseudo/Makefile.am b/plugins/dalvik/pseudo/Makefile.am new file mode 100644 index 0000000..6f49159 --- /dev/null +++ b/plugins/dalvik/pseudo/Makefile.am @@ -0,0 +1,15 @@ + +noinst_LTLIBRARIES = libdalvikpseudo.la + +libdalvikpseudo_la_SOURCES = \ + fill.h fill.c \ + switch.h switch.c + +libdalvikpseudo_la_LIBADD = + +libdalvikpseudo_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dalvik/pseudo/fill.c b/plugins/dalvik/pseudo/fill.c new file mode 100644 index 0000000..dc5683c --- /dev/null +++ b/plugins/dalvik/pseudo/fill.c @@ -0,0 +1,198 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.c - prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "fill.h" + + +#include <assert.h> +#include <string.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikFillInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t item_width; /* Taille des éléments */ + uint32_t array_size; /* Taille du tableau */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikFillInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_fill_instr_init(GDalvikFillInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikFillInstr, g_dalvik_fill_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_fill_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_fill_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_init(GDalvikFillInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "array-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de remplissage. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_fill_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikFillInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_FILL_ARRAY_DATA); + + result = g_object_new(G_TYPE_DALVIK_FILL_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->item_width)) + goto gdfin_bad; + + if (!g_binary_content_read_u32(content, pos, SRE_LITTLE, &result->array_size)) + goto gdfin_bad; + + consumed = result->item_width * result->array_size; + + if (!g_dalvik_context_register_array_data(ctx, pos, result->item_width, consumed)) + goto gdfin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdfin_bad: + + g_object_unref(result); + + return NULL; + +} diff --git a/plugins/dalvik/pseudo/fill.h b/plugins/dalvik/pseudo/fill.h new file mode 100644 index 0000000..2a63df9 --- /dev/null +++ b/plugins/dalvik/pseudo/fill.h @@ -0,0 +1,60 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.h - prototypes pour la prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_FILL_H +#define _ARCH_DALVIK_PSEUDO_FILL_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_FILL_INSTR g_dalvik_fill_instr_get_type() +#define G_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_FILL_INSTR, GDalvikFillInstr)) +#define G_IS_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_FILL_INSTR)) +#define G_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) +#define G_IS_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_FILL)) +#define G_DALVIK_FILL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikFillInstr GDalvikFillInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikFillInstrClass GDalvikFillInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_fill_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de remplissage. */ +GArchInstruction *g_dalvik_fill_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + + + +#endif /* _ARCH_DALVIK_PSEUDO_FILL_H */ diff --git a/plugins/dalvik/pseudo/switch.c b/plugins/dalvik/pseudo/switch.c new file mode 100644 index 0000000..90cff87 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.c @@ -0,0 +1,301 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.c - prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "switch.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikSwitchInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t switch_size; /* Taille du switch considéré */ + + int32_t *keys; /* Table de clefs */ + int32_t *targets; /* Table des sauts relatifs */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikSwitchInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *); + +/* Lit toutes les valeurs associés aux branchements. */ +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *, const GBinContent *, const vmpa2t *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikSwitchInstr, g_dalvik_switch_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_switch_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_switch_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "switch-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *instr) +{ + if (instr->keys != NULL) + free(instr->keys); + + if (instr->targets != NULL) + free(instr->targets); + + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de branchement. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_switch_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikSwitchInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_PACKED_SWITCH || ident == DPO_SPARSE_SWITCH); + + result = g_object_new(G_TYPE_DALVIK_SWITCH_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->switch_size)) + goto gdsin_bad; + + if (!g_dalvik_switch_decode_data(result, content, pos)) + goto gdsin_bad; + + if (ident == DPO_PACKED_SWITCH) + consumed = (1 + result->switch_size) * sizeof(int32_t); + else + consumed = (2 * result->switch_size) * sizeof(int32_t); + + if (!g_dalvik_context_register_switch_data(ctx, pos, consumed)) + goto gdsin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdsin_bad: + + g_object_unref(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* content = flux de données à analyser. * +* pos = position de lecture courante dans ce flux. * +* * +* Description : Lit toutes les valeurs associés aux branchements. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *instr, const GBinContent *content, const vmpa2t *pos) +{ + vmpa2t iter; /* Position modifiable */ + int32_t first_key; /* Première clef */ + uint16_t i; /* Boucle de parcours */ + + instr->keys = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + instr->targets = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + + copy_vmpa(&iter, pos); + + if (G_DALVIK_INSTRUCTION(instr)->ptype == DPO_PACKED_SWITCH) + { + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &first_key)) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + { + instr->keys[i] = first_key + i; + + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + } + + else + { + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->keys[i])) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + return true; + + gdsdd_bad: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* keys = tableau renseignant les conditions de saut. [OUT] * +* targets = tableau renseignant les sauts relatifs. [OUT] * +* * +* Description : Fournit les données associées à un branchement Dalvik. * +* * +* Retour : Taille des tableaux renseignés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *instr, const int32_t **keys, const int32_t **targets) +{ + if (keys != NULL) + *keys = instr->keys; + + if (targets != NULL) + *targets = instr->targets; + + return instr->switch_size; + +} diff --git a/plugins/dalvik/pseudo/switch.h b/plugins/dalvik/pseudo/switch.h new file mode 100644 index 0000000..d672f86 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.h @@ -0,0 +1,63 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.h - prototypes pour la prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_SWITCH_H +#define _ARCH_DALVIK_PSEUDO_SWITCH_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_SWITCH_INSTR g_dalvik_switch_instr_get_type() +#define G_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_SWITCH_INSTR, GDalvikSwitchInstr)) +#define G_IS_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_SWITCH_INSTR)) +#define G_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) +#define G_IS_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_SWITCH)) +#define G_DALVIK_SWITCH_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikSwitchInstr GDalvikSwitchInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikSwitchInstrClass GDalvikSwitchInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_switch_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de branchement. */ +GArchInstruction *g_dalvik_switch_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + +/* Fournit les données associées à un branchement Dalvik. */ +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *, const int32_t **, const int32_t **); + + + +#endif /* _ARCH_DALVIK_PSEUDO_SWITCH_H */ diff --git a/plugins/dalvik/register.c b/plugins/dalvik/register.c new file mode 100644 index 0000000..00e9757 --- /dev/null +++ b/plugins/dalvik/register.c @@ -0,0 +1,291 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * registers.c - aides auxiliaires relatives aux registres Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "register.h" + + +#include <stdio.h> + + +#include <arch/register-int.h> +#include <common/sort.h> + + + +/* Représentation d'un registre Dalvik (instance) */ +struct _GDalvikRegister +{ + GArchRegister parent; /* Instance parente */ + + uint16_t index; /* Indice du registre */ + +}; + + +/* Représentation d'un registre Dalvik (classe) */ +struct _GDalvikRegisterClass +{ + GArchRegisterClass parent; /* Classe parente */ + +}; + + +#define MAX_REGNAME_LEN 8 + + +/* Initialise la classe des registres Dalvik. */ +static void g_dalvik_register_class_init(GDalvikRegisterClass *); + +/* Initialise une instance de registre Dalvik. */ +static void g_dalvik_register_init(GDalvikRegister *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_register_dispose(GDalvikRegister *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_register_finalize(GDalvikRegister *); + +/* Produit une empreinte à partir d'un registre. */ +static guint g_dalvik_register_hash(const GDalvikRegister *); + +/* Traduit un registre en version humainement lisible. */ +static void g_dalvik_register_print(const GDalvikRegister *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini pour une représentation d'un registre Dalvik. */ +G_DEFINE_TYPE(GDalvikRegister, g_dalvik_register, G_TYPE_ARCH_REGISTER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des registres Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_class_init(GDalvikRegisterClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchRegisterClass *register_class; /* Classe de haut niveau */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_register_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_register_finalize; + + register_class = G_ARCH_REGISTER_CLASS(klass); + + register_class->hash = (reg_hash_fc)g_dalvik_register_hash; + register_class->compare = (reg_compare_fc)g_dalvik_register_compare; + register_class->print = (reg_print_fc)g_dalvik_register_print; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance à initialiser. * +* * +* Description : Initialise une instance de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_init(GDalvikRegister *reg) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_dispose(GDalvikRegister *reg) +{ + G_OBJECT_CLASS(g_dalvik_register_parent_class)->dispose(G_OBJECT(reg)); + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_finalize(GDalvikRegister *reg) +{ + G_OBJECT_CLASS(g_dalvik_register_parent_class)->finalize(G_OBJECT(reg)); + +} + + +/****************************************************************************** +* * +* Paramètres : reg = opérande à consulter pour le calcul. * +* * +* Description : Produit une empreinte à partir d'un registre. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static guint g_dalvik_register_hash(const GDalvikRegister *reg) +{ + return reg->index; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre à transcrire. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un registre en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_print(const GDalvikRegister *reg, GBufferLine *line, AsmSyntax syntax) +{ + char key[MAX_REGNAME_LEN]; /* Mot clef principal */ + size_t klen; /* Taille de ce mot clef */ + + switch (syntax) + { + case ASX_INTEL: + klen = snprintf(key, MAX_REGNAME_LEN, "v%hu", reg->index); + break; + + case ASX_ATT: + klen = snprintf(key, MAX_REGNAME_LEN, "%%v%hu", reg->index); + break; + + default: + klen = 0; + break; + + } + + g_buffer_line_append_text(line, BLC_ASSEMBLY, key, klen, RTT_REGISTER, NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : index = indice du registre correspondant. * +* * +* Description : Crée une réprésentation de registre Dalvik. * +* * +* Retour : Adresse de la structure mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikRegister *g_dalvik_register_new(uint16_t index) +{ + GDalvikRegister *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_REGISTER, NULL); + + result->index = index; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre à consulter. * +* * +* Description : Fournit l'indice d'un registre Dalvik. * +* * +* Retour : Inditifiant représentant le registre. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint16_t g_dalvik_register_get_index(const GDalvikRegister *reg) +{ + return reg->index; + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un registre avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int g_dalvik_register_compare(const GDalvikRegister *a, const GDalvikRegister *b) +{ + int result; /* Bilan à retourner */ + + result = sort_unsigned_long(a->index, b->index); + + return result; + +} diff --git a/plugins/dalvik/register.h b/plugins/dalvik/register.h new file mode 100644 index 0000000..460edd7 --- /dev/null +++ b/plugins/dalvik/register.h @@ -0,0 +1,65 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * registers.h - prototypes pour les aides auxiliaires relatives aux registres Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_REGISTERS_H +#define _ARCH_DALVIK_REGISTERS_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <arch/archbase.h> + + + +#define G_TYPE_DALVIK_REGISTER g_dalvik_register_get_type() +#define G_DALVIK_REGISTER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_register_get_type(), GDalvikRegister)) +#define G_IS_DALVIK_REGISTER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_register_get_type())) +#define G_DALVIK_REGISTER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_REGISTER, GDalvikRegisterClass)) +#define G_IS_DALVIK_REGISTER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_REGISTER)) +#define G_DALVIK_REGISTER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_REGISTER, GDalvikRegisterClass)) + + +/* Représentation d'un registre Dalvik (instance) */ +typedef struct _GDalvikRegister GDalvikRegister; + +/* Représentation d'un registre Dalvik (classe) */ +typedef struct _GDalvikRegisterClass GDalvikRegisterClass; + + +/* Indique le type défini pour une représentation d'un registre Dalvik. */ +GType g_dalvik_register_get_type(void); + +/* Crée une réprésentation de registre Dalvik. */ +GDalvikRegister *g_dalvik_register_new(uint16_t); + +/* Fournit l'indice d'un registre Dalvik. */ +uint16_t g_dalvik_register_get_index(const GDalvikRegister *); + +/* Compare un registre avec un autre. */ +int g_dalvik_register_compare(const GDalvikRegister *, const GDalvikRegister *); + + + +#endif /* _ARCH_DALVIK_REGISTERS_H */ |