diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2017-10-18 20:50:10 (GMT) |
commit | dce9d9cdfef1d37ef11a987a21f36e83b6b1944f (patch) | |
tree | 830623ade20e892954fcbddd3b7b05d09aac1dd7 /plugins | |
parent | 1e7c7de85438749d3faf7b76984b86a9c088fbc1 (diff) |
Created plugins for the Dex and Dalvik support.
Diffstat (limited to 'plugins')
289 files changed, 17945 insertions, 55 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index d8d771f..1070742 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -4,4 +4,4 @@ if HAVE_PYTHON3_CONFIG endif # androhelpers -SUBDIRS = devdbg elf fmtp libcsem mobicore $(PYTHON3_SUBDIRS) readdex readelf readmc ropgadgets +SUBDIRS = dalvik devdbg dex elf fmtp libcsem mobicore $(PYTHON3_SUBDIRS) readdex readelf readmc ropgadgets diff --git a/plugins/dalvik/Makefile.am b/plugins/dalvik/Makefile.am new file mode 100644 index 0000000..d12f733 --- /dev/null +++ b/plugins/dalvik/Makefile.am @@ -0,0 +1,31 @@ + +lib_LTLIBRARIES = libdalvik.la + +libdalvik_la_SOURCES = \ + context.h context.c \ + core.h core.c \ + fetch.h fetch.c \ + helpers.h \ + instruction-def.h \ + instruction-int.h \ + instruction.h instruction.c \ + link.h link.c \ + operand.h operand.c \ + post.h \ + processor.h processor.c \ + register.h register.c + +libdalvik_la_LIBADD = \ + opcodes/libdalvikopcodes.la \ + operands/libdalvikoperands.la \ + pseudo/libdalvikpseudo.la + +libdalvik_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + + +SUBDIRS = opdefs opcodes operands pseudo diff --git a/plugins/dalvik/context.c b/plugins/dalvik/context.c new file mode 100644 index 0000000..a48a9f3 --- /dev/null +++ b/plugins/dalvik/context.c @@ -0,0 +1,745 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * context.c - contexte lié à l'exécution d'un processeur + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "context.h" + + +#include <malloc.h> +#include <stdlib.h> +#include <string.h> + + +#include <analysis/contents/restricted.h> +#include <arch/context-int.h> +#include <arch/raw.h> +#include <common/sort.h> +#include <plugins/dex/dex-int.h> + + +#include "operands/register.h" + + + +/* ------------------------ MANIPULATION GLOBALE DU CONTEXTE ------------------------ */ + + +/* Mémorisation de données brutes dans le code */ +typedef struct _raw_data_area +{ + mrange_t range; /* Couverture à laisser en 1er */ + + phys_t item_len; /* Taille de chaque élément */ + +} raw_data_area; + +/* Définition d'un contexte pour processeur Dalkvik (instance) */ +struct _GDalvikContext +{ + GProcContext parent; /* A laisser en premier */ + + raw_data_area *data; /* Liste de zones brutes */ + size_t count; /* Taille de cette liste */ + GMutex mutex; /* Accès à la liste */ + +}; + + +/* Définition d'un contexte pour processeur Dalkvik (classe) */ +struct _GDalvikContextClass +{ + GProcContextClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des contextes de processeur Dalkvik. */ +static void g_dalvik_context_class_init(GDalvikContextClass *); + +/* Initialise une instance de contexte de processeur Dalkvik. */ +static void g_dalvik_context_init(GDalvikContext *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_context_dispose(GDalvikContext *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_context_finalize(GDalvikContext *); + + + +/* ------------------------- CONTEXTE POUR LA DECOMPILATION ------------------------- */ + + +#if 0 +/* Définition d'un contexte pour décompilation Dalkvik (instance) */ +struct _GDalvikDContext +{ + GDecContext parent; /* A laisser en premier */ + + GDecInstruction *this; /* Représentation de la classe */ + GHashTable *args; /* Correspondance arg./pseudo */ + GHashTable *locals; /* Correspondance var./pseudo */ + size_t locals_count; /* Quantité de var. locales */ + +}; + + +/* Définition d'un contexte pour décompilation Dalkvik (classe) */ +struct _GDalvikDContextClass +{ + GDecContextClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des contextes de décompilation Dalkvik. */ +static void g_dalvik_dcontext_class_init(GDalvikDContextClass *); + +/* Initialise une instance de contexte de décompilation Dalkvik. */ +static void g_dalvik_dcontext_init(GDalvikDContext *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_dcontext_dispose(GDalvikDContext *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_dcontext_finalize(GDalvikDContext *); + +/* Duplique un contexte de compilation. */ +static GDalvikDContext *g_dalvik_dcontext_dup(GDalvikDContext *); + +/* Propage un registre alloué et attendu par la suite. */ +static void g_dalvik_context_spread_allocated_shared_reg(GDalvikDContext *, GDalvikRegister *, GDecInstruction *); + +/* Convertit un registre machine en un pseudo-registre. */ +static GDecInstruction *g_dalvik_dcontext_convert_register(GDalvikDContext *, GDalvikRegisterOperand *, bool, vmpa_t); +#endif + + + +/* ---------------------------------------------------------------------------------- */ +/* MANIPULATION GLOBALE DU CONTEXTE */ +/* ---------------------------------------------------------------------------------- */ + + +/* Indique le type définit par la GLib pour le contexte de processeur Dalkvik. */ +G_DEFINE_TYPE(GDalvikContext, g_dalvik_context, G_TYPE_PROC_CONTEXT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des contextes de processeur Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_class_init(GDalvikContextClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_context_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_context_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à initialiser. * +* * +* Description : Initialise une instance de contexte de processeur Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_init(GDalvikContext *ctx) +{ + g_mutex_init(&ctx->mutex); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_dispose(GDalvikContext *ctx) +{ + g_mutex_clear(&ctx->mutex); + + G_OBJECT_CLASS(g_dalvik_context_parent_class)->dispose(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_finalize(GDalvikContext *ctx) +{ + if (ctx->data != NULL) + free(ctx->data); + + G_OBJECT_CLASS(g_dalvik_context_parent_class)->finalize(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un contexte pour l'exécution du processeur Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikContext *g_dalvik_context_new(void) +{ + GDalvikContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_CONTEXT, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à actualiser. * +* start = début de la zone à considérer. * +* length = taille de la zone couverte. * +* * +* Description : Mémorise une zone comme étant des données de branchements. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_context_register_switch_data(GDalvikContext *ctx, const vmpa2t *start, phys_t length) +{ + bool result; /* Bilan à retourner */ + raw_data_area new; /* Nouvel élément à insérer */ + size_t i; /* Boucle de parcours */ + + result = true; + + g_mutex_lock(&ctx->mutex); + + /* Vérification quant aux chevauchements */ + + init_mrange(&new.range, start, length); + + for (i = 0; i < ctx->count && result; i++) + result = !mrange_intersects_mrange(&ctx->data[i].range, &new.range); + + /* Insertion d'une nouvelle zone */ + + if (result) + { + new.item_len = 4; + + ctx->data = qinsert(ctx->data, &ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped, &new); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à actualiser. * +* start = début de la zone à considérer. * +* width = taille de chacun des éléments. * +* length = taille de la zone couverte. * +* * +* Description : Mémorise une zone comme étant des données d'un tableau. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_context_register_array_data(GDalvikContext *ctx, const vmpa2t *start, uint16_t width, phys_t length) +{ + bool result; /* Bilan à retourner */ + raw_data_area new; /* Nouvel élément à insérer */ + size_t i; /* Boucle de parcours */ + + result = true; + + g_mutex_lock(&ctx->mutex); + + /* Vérification quant aux chevauchements */ + + init_mrange(&new.range, start, length); + + for (i = 0; i < ctx->count && result; i++) + result = !mrange_intersects_mrange(&ctx->data[i].range, &new.range); + + /* Insertion d'une nouvelle zone */ + + if (result) + { + new.item_len = width; + + ctx->data = qinsert(ctx->data, &ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped, &new); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = contexte de désassemblage Dalvik à consulter. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Place une donnée en tant qu'instruction si besoin est. * +* * +* Retour : Instruction mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GArchInstruction *result; /* Instruction à retourner */ + raw_data_area *found; /* Zone de couverture trouvée */ + GBinContent *restricted; /* Zone de lecture effective */ + + result = NULL; + + g_mutex_lock(&ctx->mutex); + + found = bsearch(pos, ctx->data, ctx->count, sizeof(raw_data_area), + (__compar_fn_t)cmp_mrange_with_vmpa_swapped); + + if (found) + { + restricted = g_restricted_content_new_ro(content, &found->range); + + switch (found->item_len) + { + case 1: + result = g_raw_instruction_new_array(restricted, MDS_8_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 2: + result = g_raw_instruction_new_array(restricted, MDS_16_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 4: + result = g_raw_instruction_new_array(restricted, MDS_32_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + case 8: + result = g_raw_instruction_new_array(restricted, MDS_64_BITS_UNSIGNED, 1, pos, SRE_LITTLE); + break; + + default: + result = g_raw_instruction_new_array(restricted, MDS_8_BITS_UNSIGNED, + found->item_len, pos, SRE_LITTLE); + break; + + } + + g_object_unref(G_OBJECT(restricted)); + + } + + g_mutex_unlock(&ctx->mutex); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* CONTEXTE POUR LA DECOMPILATION */ +/* ---------------------------------------------------------------------------------- */ + + +#if 0 +/* Indique le type définit par la GLib pour le contexte de décompilation Dalkvik. */ +G_DEFINE_TYPE(GDalvikDContext, g_dalvik_dcontext, G_TYPE_DEC_CONTEXT); + + +/****************************************************************************** +* * +* Paramètres : class = classe à initialiser. * +* * +* Description : Initialise la classe des contextes de décompilation Dalkvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_class_init(GDalvikDContextClass *class) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(class); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_dcontext_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_dcontext_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à initialiser. * +* * +* Description : Initialise une instance de contexte de décompilation Dalkvik.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_init(GDalvikDContext *ctx) +{ + GDecContext *parent; /* Instance parente */ + + ctx->args = g_hash_table_new(g_constant_hash, g_direct_equal); + ctx->locals = g_hash_table_new(g_constant_hash, g_direct_equal); + + parent = G_DEC_CONTEXT(ctx); + + parent->dup = (dup_dec_context_fc)g_dalvik_dcontext_dup; + parent->spread = (spread_reg_fc)g_dalvik_context_spread_allocated_shared_reg; + parent->convert_reg = (convert_register_fc)g_dalvik_dcontext_convert_register; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_dispose(GDalvikDContext *ctx) +{ + if (ctx->this != NULL) + g_object_unref(G_OBJECT(ctx->this)); + + G_OBJECT_CLASS(g_dalvik_dcontext_parent_class)->dispose(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_dcontext_finalize(GDalvikDContext *ctx) +{ + G_OBJECT_CLASS(g_dalvik_dcontext_parent_class)->finalize(G_OBJECT(ctx)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un contexte pour la décompilation Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikDContext *g_dalvik_dcontext_new(void) +{ + GDalvikDContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_DCONTEXT, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : orig = contexte de compilation à copier. * +* * +* Description : Duplique un contexte de compilation. * +* * +* Retour : Contexte de décompilation prêt à emploi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDalvikDContext *g_dalvik_dcontext_dup(GDalvikDContext *orig) +{ + GDalvikDContext *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_DCONTEXT, NULL); + + //g_object_unref(G_OBJECT(result->args)); + //g_object_unref(G_OBJECT(result->locals)); + + _g_dec_context_dup(G_DEC_CONTEXT(result), G_DEC_CONTEXT(orig)); + + if (orig->this != NULL) g_object_ref(G_OBJECT(orig->this)); + //g_object_ref(G_OBJECT(orig->args)); + //g_object_ref(G_OBJECT(orig->locals)); + + result->this = orig->this; + result->args = orig->args; + result->locals = orig->locals; + result->locals_count = orig->locals_count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : parent = instance à éventuellement compléter. * +* child = instance à venir consulter. * +* * +* Description : Propage un registre alloué et attendu par la suite. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_context_spread_allocated_shared_reg(GDalvikDContext *ctx, GDalvikRegister *reg, GDecInstruction *dinstr) +{ + GDexFormat *format; /* Recherche de méthode */ + GBinRoutine *routine; /* Objet des recherches */ + GDexMethod *method; /* Méthode décompilée */ + uint16_t index; /* Identifiant du registre */ + DexVariableIndex info; /* Nature du registre */ + + format = G_DEX_FORMAT(G_DEC_CONTEXT(ctx)->format); + routine = G_DEC_CONTEXT(ctx)->routine; + + method = g_dex_format_find_method_by_address(format, g_binary_routine_get_address(routine)); + + index = g_dalvik_register_get_index(reg); + info = g_dex_method_get_variable(method, index); + + g_object_ref(G_OBJECT(dinstr)); + g_hash_table_insert(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info)), dinstr); + ctx->locals_count++; + +} + + +/****************************************************************************** +* * +* Paramètres : ctx = instance à consulter, voire mettre à jour. * +* operand = opérande représentant un registre quelconque. * +* assign = précise le sort prochain du registre. * +* addr = adresse de l'instruction décompilée. * +* * +* Description : Convertit un registre machine en un pseudo-registre. * +* * +* Retour : Pseudo-registre, existant ou non, prêt à emploi. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDecInstruction *g_dalvik_dcontext_convert_register(GDalvikDContext *ctx, GDalvikRegisterOperand *operand, bool assign, vmpa_t addr) +{ + GDecInstruction *result; /* Instance à retourner */ + GDexFormat *format; /* Recherche de méthode */ + GBinRoutine *routine; /* Objet des recherches */ + GDexMethod *method; /* Méthode décompilée */ + const GDalvikRegister *reg; /* Registre Dalvik représenté */ + uint16_t index; /* Identifiant du registre */ + DexVariableIndex info; /* Nature du registre */ + GBinVariable *this; /* Définition de "this" */ + gpointer *found; /* Pseudo-registre trouvé */ + + format = G_DEX_FORMAT(G_DEC_CONTEXT(ctx)->format); + routine = G_DEC_CONTEXT(ctx)->routine; + + method = g_dex_format_find_method_by_address(format, g_binary_routine_get_address(routine)); + + reg = g_dalvik_register_operand_get(operand); + + index = g_dalvik_register_get_index(reg); + info = g_dex_method_get_variable(method, index); + + /* Objet "this" */ + if (info & DVI_THIS) + { + if (ctx->this == NULL) + { + this = g_binary_variable_new(/* FIXME */g_basic_type_new(BTP_OTHER) /* FIXME */); + g_binary_variable_set_name(this, "this"); + + ctx->this = g_pseudo_register_new(PRU_THIS); + g_pseudo_register_set_variable(G_PSEUDO_REGISTER(ctx->this), this); + + } + + g_object_ref(G_OBJECT(ctx->this)); + result = ctx->this; + + } + + /* Argument d'appel */ + else if (info & DVI_ARGUMENT) + { + found = g_hash_table_lookup(ctx->args, GUINT_TO_POINTER(DVI_INDEX(info))); + + if (found != NULL) + { + g_object_ref(G_OBJECT(found)); + result = G_DEC_INSTRUCTION(found); + } + else + { + result = g_pseudo_register_new(PRU_ARG); + g_pseudo_register_set_basename(G_PSEUDO_REGISTER(result), "arg"); + g_pseudo_register_set_index(G_PSEUDO_REGISTER(result), DVI_INDEX(info)); + + g_hash_table_insert(ctx->args, GUINT_TO_POINTER(DVI_INDEX(info)), result); + + } + + } + + /* Variable locale */ + else + { + found = g_hash_table_lookup(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info))); + + if (!assign && found != NULL) + { + g_object_ref(G_OBJECT(found)); + result = G_DEC_INSTRUCTION(found); + } + else + { + /* + if (!assign) + { + printf("bug"); + exit(0); + } + */ + + result = g_dec_context_get_awaited_alloc(G_DEC_CONTEXT(ctx), G_ARCH_REGISTER(reg), addr); + + if (result == NULL) + { + result = g_pseudo_register_new(PRU_LOCAL); + g_pseudo_register_set_basename(G_PSEUDO_REGISTER(result), "var"); + g_pseudo_register_set_index(G_PSEUDO_REGISTER(result), ctx->locals_count); + + g_dec_context_notify_reg_alloc(G_DEC_CONTEXT(ctx), G_ARCH_REGISTER(reg), + result, addr); + + } + else + g_object_ref(G_OBJECT(result)); + + g_object_ref(G_OBJECT(result)); + g_hash_table_insert(ctx->locals, GUINT_TO_POINTER(DVI_INDEX(info)), result); + ctx->locals_count++; + + } + + } + + return result; + +} +#endif diff --git a/plugins/dalvik/context.h b/plugins/dalvik/context.h new file mode 100644 index 0000000..fbee9e0 --- /dev/null +++ b/plugins/dalvik/context.h @@ -0,0 +1,102 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * context.h - prototypes pour le contexte lié à l'exécution d'un processeur + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_CONTEXT_H +#define _ARCH_DALVIK_CONTEXT_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <arch/archbase.h> + + +#include "instruction.h" + + + +/* ------------------------ MANIPULATION GLOBALE DU CONTEXTE ------------------------ */ + + +#define G_TYPE_DALVIK_CONTEXT g_dalvik_context_get_type() +#define G_DALVIK_CONTEXT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_context_get_type(), GDalvikContext)) +#define G_IS_DALVIK_CONTEXT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_context_get_type())) +#define G_DALVIK_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_CONTEXT, GGDalvikContextClass)) +#define G_IS_DALVIK_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_CONTEXT)) +#define G_DALVIK_CONTEXT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_CONTEXT, GGDalvikContextClass)) + + +/* Définition d'un contexte pour processeur Dalkvik (instance) */ +typedef struct _GDalvikContext GDalvikContext; + +/* Définition d'un contexte pour processeur Dalkvik (classe) */ +typedef struct _GDalvikContextClass GDalvikContextClass; + + +/* Indique le type définit par la GLib pour le contexte de processeur Dalkvik. */ +GType g_dalvik_context_get_type(void); + +/* Crée un contexte pour l'exécution du processeur Dalvik. */ +GDalvikContext *g_dalvik_context_new(void); + +/* Mémorise une zone comme étant des données de branchements. */ +bool g_dalvik_context_register_switch_data(GDalvikContext *ctx, const vmpa2t *start, phys_t length); + +/* Mémorise une zone comme étant des données d'un tableau. */ +bool g_dalvik_context_register_array_data(GDalvikContext *, const vmpa2t *, uint16_t, phys_t); + +/* Place une donnée en tant qu'instruction si besoin est. */ +GArchInstruction *g_dalvik_context_get_raw_data(GDalvikContext *, const GBinContent *, vmpa2t *); + + + +/* ------------------------- CONTEXTE POUR LA DECOMPILATION ------------------------- */ + + +#if 0 +#define G_TYPE_DALVIK_DCONTEXT g_dalvik_dcontext_get_type() +#define G_DALVIK_DCONTEXT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_dcontext_get_type(), GDalvikDContext)) +#define G_IS_DALVIK_DCONTEXT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_dcontext_get_type())) +#define G_DALVIK_DCONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_DCONTEXT, GGDalvikDContextClass)) +#define G_IS_DALVIK_DCONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_DCONTEXT)) +#define G_DALVIK_DCONTEXT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_DCONTEXT, GGDalvikDContextClass)) + + +/* Définition d'un contexte pour décompilation Dalkvik (instance) */ +typedef struct _GDalvikDContext GDalvikDContext; + +/* Définition d'un contexte pour décompilation Dalkvik (classe) */ +typedef struct _GDalvikDContextClass GDalvikDContextClass; + + +/* Indique le type définit par la GLib pour le contexte de décompilation Dalkvik. */ +GType g_dalvik_dcontext_get_type(void); + +/* Crée un contexte pour la décompilation Dalvik. */ +GDalvikDContext *g_dalvik_dcontext_new(void); +#endif + + + +#endif /* _ARCH_DALVIK_CONTEXT_H */ diff --git a/plugins/dalvik/core.c b/plugins/dalvik/core.c new file mode 100644 index 0000000..f5b2f91 --- /dev/null +++ b/plugins/dalvik/core.c @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - intégration du support de l'architecture Dalvik + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <core/processors.h> +#include <plugins/plugin-def.h> + + +#include "processor.h" + + + +DEFINE_CHRYSALIDE_PLUGIN("dalvik", "Add suport for the Dalvik architecture", "0.1.0", + RL("PyChrysalide"), AL(PGA_PLUGIN_INIT)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* ref = espace de référencement global. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + + result = register_processor_type("dalvik", "Dalvik Virtual Machine", G_TYPE_DALVIK_PROCESSOR, + NULL, NULL); + + return result; + +} diff --git a/plugins/dalvik/core.h b/plugins/dalvik/core.h new file mode 100644 index 0000000..e72abaa --- /dev/null +++ b/plugins/dalvik/core.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour l'intégration du support de l'architecture Dalvik + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DALVIK_CORE_H +#define _PLUGINS_DALVIK_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + + + +#endif /* _PLUGINS_DALVIK_CORE_H */ diff --git a/plugins/dalvik/fetch.c b/plugins/dalvik/fetch.c new file mode 100644 index 0000000..aa17a9f --- /dev/null +++ b/plugins/dalvik/fetch.c @@ -0,0 +1,62 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fetch.c - ajouts de sauts à traiter durant la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "fetch.h" + + +#include <assert.h> + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* index = indice de l'opérande précisant le saut. * +* * +* Description : Pousse une adresse précisée par un saut pour désassemblage. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void help_fetching_with_dalvik_instruction(GArchInstruction *instr, GArchProcessor *proc, GDalvikContext *context, GExeFormat *format, size_t index) +{ + GArchOperand *op; /* Opérande numérique en place */ + virt_t target; /* Adresse virtuelle visée */ + bool status; /* Bilan de récupération */ + + op = g_arch_instruction_get_operand(instr, index); + assert(G_IS_IMM_OPERAND(op)); + + status = g_imm_operand_to_virt_t(G_IMM_OPERAND(op), &target); + assert(status); + + if (status) + g_proc_context_push_drop_point(G_PROC_CONTEXT(context), DPL_OTHER, target); + +} diff --git a/plugins/dalvik/fetch.h b/plugins/dalvik/fetch.h new file mode 100644 index 0000000..e9ea340 --- /dev/null +++ b/plugins/dalvik/fetch.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fetch.h - prototypes pour les ajouts de sauts à traiter durant la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_FETCH_H +#define _ARCH_DALVIK_FETCH_H + + +#include <arch/instruction.h> + + +#include "context.h" + + + +/* Pousse une adresse précisée par un saut pour désassemblage. */ +void help_fetching_with_dalvik_instruction(GArchInstruction *, GArchProcessor *, GDalvikContext *, GExeFormat *, size_t); + + +static inline void help_fetching_with_dalvik_goto_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 0); +} + +static inline void help_fetching_with_dalvik_if_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 2); +} + +static inline void help_fetching_with_dalvik_ifz_instruction(GArchInstruction *ins, GArchProcessor *proc, GDalvikContext *ctx, GExeFormat *fmt) +{ + help_fetching_with_dalvik_instruction(ins, proc, ctx, fmt, 1); +} + + + +#endif /* _ARCH_DALVIK_FETCH_H */ diff --git a/plugins/dalvik/helpers.h b/plugins/dalvik/helpers.h new file mode 100644 index 0000000..6a0ba5c --- /dev/null +++ b/plugins/dalvik/helpers.h @@ -0,0 +1,43 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * helpers.h - prototypes pour l'aide à la mise en place des opérandes Dalvik + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_HELPERS_H +#define _ARCH_DALVIK_HELPERS_H + + +#include "operand.h" + + + +/** + * Glues purement internes. + */ + +#define DALVIK_OPT_POOL_STRING DALVIK_OP_POOL(DPT_STRING) +#define DALVIK_OPT_POOL_TYPE DALVIK_OP_POOL(DPT_TYPE) +#define DALVIK_OPT_POOL_FIELD DALVIK_OP_POOL(DPT_FIELD) +#define DALVIK_OPT_POOL_METH DALVIK_OP_POOL(DPT_METHOD) + + + +#endif /* _ARCH_DALVIK_HELPERS_H */ diff --git a/plugins/dalvik/instruction-def.h b/plugins/dalvik/instruction-def.h new file mode 100644 index 0000000..af6e308 --- /dev/null +++ b/plugins/dalvik/instruction-def.h @@ -0,0 +1,305 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction-def.h - définition interne des identifiants d'instructions Dalvik + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_DEF_H +#define _ARCH_DALVIK_INSTRUCTION_DEF_H + + + +/* Enumération de tous les opcodes */ +typedef enum _DalvikOpcodes +{ + DOP_NOP, /* nop (0x00) */ + DOP_MOVE, /* move (0x01) */ + DOP_MOVE_FROM_16, /* move/from16 (0x02) */ + DOP_MOVE_16, /* move/16 (0x03) */ + DOP_MOVE_WIDE, /* move-wide (0x04) */ + DOP_MOVE_WIDE_FROM_16, /* move-wide/from16 (0x05) */ + DOP_MOVE_WIDE_16, /* move-wide/16 (0x06) */ + DOP_MOVE_OBJECT, /* move-object (0x07) */ + DOP_MOVE_OBJECT_FROM_16, /* move-object/from16 (0x08) */ + DOP_MOVE_OBJECT_16, /* move-object/16 (0x09) */ + DOP_MOVE_RESULT, /* move-result (0x0a) */ + DOP_MOVE_RESULT_WIDE, /* move-result-wide (0x0b) */ + DOP_MOVE_RESULT_OBJECT, /* move-result-object (0x0c) */ + DOP_MOVE_EXCEPTION, /* move-exception (0x0d) */ + DOP_RETURN_VOID, /* return-void (0x0e) */ + DOP_RETURN, /* return (0x0f) */ + DOP_RETURN_WIDE, /* return-wide (0x10) */ + DOP_RETURN_OBJECT, /* return-object (0x11) */ + DOP_CONST_4, /* const/4 (0x12) */ + DOP_CONST_16, /* const/16 (0x13) */ + DOP_CONST, /* const (0x14) */ + DOP_CONST_HIGH16, /* const/high16 (0x15) */ + DOP_CONST_WIDE_16, /* const-wide/16 (0x16) */ + DOP_CONST_WIDE_32, /* const-wide/32 (0x17) */ + DOP_CONST_WIDE, /* const-wide (0x18) */ + DOP_CONST_WIDE_HIGH16, /* const-wide/high16 (0x19) */ + DOP_CONST_STRING, /* const-string (0x1a) */ + DOP_CONST_STRING_JUMBO, /* const-string/jumbo (0x1b) */ + DOP_CONST_CLASS, /* const-class (0x1c) */ + DOP_MONITOR_ENTER, /* monitor-enter (0x1d) */ + DOP_MONITOR_EXIT, /* monitor-exit (0x1e) */ + DOP_CHECK_CAST, /* check-cast (0x1f) */ + DOP_INSTANCE_OF, /* instance-of (0x20) */ + DOP_ARRAY_LENGTH, /* array-length (0x21) */ + DOP_NEW_INSTANCE, /* new-instance (0x22) */ + DOP_NEW_ARRAY, /* new-array (0x23) */ + DOP_FILLED_NEW_ARRAY, /* filled-new-array (0x24) */ + DOP_FILLED_NEW_ARRAY_RANGE, /* filled-new-array/range(0x25)*/ + DOP_FILL_ARRAY_DATA, /* fill-array-data (0x26) */ + DOP_THROW, /* throw (0x27) */ + DOP_GOTO, /* goto (0x28) */ + DOP_GOTO_16, /* goto/16 (0x29) */ + DOP_GOTO_32, /* goto/32 (0x2a) */ + DOP_PACKED_SWITCH, /* packed-switch (0x2b) */ + DOP_SPARSE_SWITCH, /* sparse-switch (0x2c) */ + DOP_CMPL_FLOAT, /* cmp-long (0x2d) */ + DOP_CMPG_FLOAT, /* cmpg-float (0x2e) */ + DOP_CMPL_DOUBLE, /* cmpl-double (0x2f) */ + DOP_CMPG_DOUBLE, /* cmpg-double (0x30) */ + DOP_CMP_LONG, /* cmp-long (0x31) */ + DOP_IF_EQ, /* if-eq (0x32) */ + DOP_IF_NE, /* if-ne (0x33) */ + DOP_IF_LT, /* if-lt (0x34) */ + DOP_IF_GE, /* if-ge (0x35) */ + DOP_IF_GT, /* if-gt (0x36) */ + DOP_IF_LE, /* if-le (0x37) */ + DOP_IF_EQZ, /* if-eqz (0x38) */ + DOP_IF_NEZ, /* if-nez (0x39) */ + DOP_IF_LTZ, /* if-ltz (0x3a) */ + DOP_IF_GEZ, /* if-gez (0x3b) */ + DOP_IF_GTZ, /* if-gtz (0x3c) */ + DOP_IF_LEZ, /* if-lez (0x3d) */ + DOP_UNUSED_3E, /* -unused- (0x3e) */ + DOP_UNUSED_3F, /* -unused- (0x3f) */ + DOP_UNUSED_40, /* -unused- (0x40) */ + DOP_UNUSED_41, /* -unused- (0x41) */ + DOP_UNUSED_42, /* -unused- (0x42) */ + DOP_UNUSED_43, /* -unused- (0x43) */ + DOP_AGET, /* aget (0x44) */ + DOP_AGET_WIDE, /* aget-wide (0x45) */ + DOP_AGET_OBJECT, /* aget-object (0x46) */ + DOP_AGET_BOOLEAN, /* aget-boolean (0x47) */ + DOP_AGET_BYTE, /* aget-byte (0x48) */ + DOP_AGET_CHAR, /* aget-char (0x49) */ + DOP_AGET_SHORT, /* aget-short (0x4a) */ + DOP_APUT, /* aput (0x4b) */ + DOP_APUT_WIDE, /* aput-wide (0x4c) */ + DOP_APUT_OBJECT, /* aput-object (0x4d) */ + DOP_APUT_BOOLEAN, /* aput-boolean (0x4e) */ + DOP_APUT_BYTE, /* aput-byte (0x4f) */ + DOP_APUT_CHAR, /* aput-char (0x50) */ + DOP_APUT_SHORT, /* aput-short (0x51) */ + DOP_IGET, /* iget (0x52) */ + DOP_IGET_WIDE, /* iget-wide (0x53) */ + DOP_IGET_OBJECT, /* iget-object (0x54) */ + DOP_IGET_BOOLEAN, /* iget-boolean (0x55) */ + DOP_IGET_BYTE, /* iget-byte (0x56) */ + DOP_IGET_CHAR, /* iget-char (0x57) */ + DOP_IGET_SHORT, /* iget-short (0x58) */ + DOP_IPUT, /* iput (0x59) */ + DOP_IPUT_WIDE, /* iput-wide (0x5a) */ + DOP_IPUT_OBJECT, /* iput-object (0x5b) */ + DOP_IPUT_BOOLEAN, /* iput-boolean (0x5c) */ + DOP_IPUT_BYTE, /* iput-byte (0x5d) */ + DOP_IPUT_CHAR, /* iput-char (0x5e) */ + DOP_IPUT_SHORT, /* iput-short (0x5f) */ + DOP_SGET, /* sget (0x60) */ + DOP_SGET_WIDE, /* sget-wide (0x61) */ + DOP_SGET_OBJECT, /* sget-object (0x62) */ + DOP_SGET_BOOLEAN, /* sget-boolean (0x63) */ + DOP_SGET_BYTE, /* sget-byte (0x64) */ + DOP_SGET_CHAR, /* sget-char (0x65) */ + DOP_SGET_SHORT, /* sget-short (0x66) */ + DOP_SPUT, /* sput (0x67) */ + DOP_SPUT_WIDE, /* sput-wide (0x68) */ + DOP_SPUT_OBJECT, /* sput-object (0x69) */ + DOP_SPUT_BOOLEAN, /* sput-boolean (0x6a) */ + DOP_SPUT_BYTE, /* sput-byte (0x6b) */ + DOP_SPUT_CHAR, /* sput-char (0x6c) */ + DOP_SPUT_SHORT, /* sput-short (0x6d) */ + DOP_INVOKE_VIRTUAL, /* invoke-virtual (0x6e) */ + DOP_INVOKE_SUPER, /* invoke-super (0x6f) */ + DOP_INVOKE_DIRECT, /* invoke-direct (0x70) */ + DOP_INVOKE_STATIC, /* invoke-static (0x71) */ + DOP_INVOKE_INTERFACE, /* invoke-interface (0x72) */ + DOP_UNUSED_73, /* -unused- (0x73) */ + DOP_INVOKE_VIRTUAL_RANGE, /* invoke-virtual/range (0x74) */ + DOP_INVOKE_SUPER_RANGE, /* invoke-super/range (0x75) */ + DOP_INVOKE_DIRECT_RANGE, /* invoke-direct/range (0x76) */ + DOP_INVOKE_STATIC_RANGE, /* invoke-static/range (0x77) */ + DOP_INVOKE_INTERFACE_RANGE, /* invoke-interface/rg. (0x78) */ + DOP_UNUSED_79, /* -unused- (0x79) */ + DOP_UNUSED_7A, /* -unused- (0x7a) */ + DOP_NEG_INT, /* neg-int (0x7b) */ + DOP_NOT_INT, /* not-int (0x7c) */ + DOP_NEG_LONG, /* neg-long (0x7d) */ + DOP_NOT_LONG, /* not-long (0x7e) */ + DOP_NEG_FLOAT, /* neg-float (0x7f) */ + DOP_NEG_DOUBLE, /* neg-double (0x80) */ + DOP_TO_INT_LONG, /* int-to-long (0x81) */ + DOP_TO_INT_FLOAT, /* int-to-float (0x82) */ + DOP_TO_INT_DOUBLE, /* int-to-double (0x83) */ + DOP_TO_LONG_INT, /* long-to-int (0x84) */ + DOP_TO_LONG_FLOAT, /* long-to-float (0x85) */ + DOP_TO_LONG_DOUBLE, /* long-to-double (0x86) */ + DOP_TO_FLOAT_INT, /* float-to-int (0x87) */ + DOP_TO_FLOAT_LONG, /* float-to-long (0x88) */ + DOP_TO_FLOAT_DOUBLE, /* float-to-double (0x89) */ + DOP_TO_DOUBLE_INT, /* double-to-int (0x8a) */ + DOP_TO_DOUBLE_LONG, /* double-to-long (0x8b) */ + DOP_TO_DOUBLE_FLOAT, /* double-to-float (0x8c) */ + DOP_TO_INT_BYTE, /* int-to-byte (0x8d) */ + DOP_TO_INT_CHAR, /* int-to-char (0x8e) */ + DOP_TO_INT_SHORT, /* int-to-short (0x8f) */ + DOP_ADD_INT, /* add-int (0x90) */ + DOP_SUB_INT, /* sub-int (0x91) */ + DOP_MUL_INT, /* mul-int (0x92) */ + DOP_DIV_INT, /* div-int (0x93) */ + DOP_REM_INT, /* rem-int (0x94) */ + DOP_AND_INT, /* and-int (0x95) */ + DOP_OR_INT, /* or-int (0x96) */ + DOP_XOR_INT, /* xor-int (0x97) */ + DOP_SHL_INT, /* shl-int (0x98) */ + DOP_SHR_INT, /* shr-int (0x99) */ + DOP_USHR_INT, /* ushr-int (0x9a) */ + DOP_ADD_LONG, /* add-long (0x9b) */ + DOP_SUB_LONG, /* sub-long (0x9c) */ + DOP_MUL_LONG, /* mul-long (0x9d) */ + DOP_DIV_LONG, /* div-long (0x9e) */ + DOP_REM_LONG, /* rem-long (0x9f) */ + DOP_AND_LONG, /* and-long (0xa0) */ + DOP_OR_LONG, /* or-long (0xa1) */ + DOP_XOR_LONG, /* xor-long (0xa2) */ + DOP_SHL_LONG, /* shl-long (0xa3) */ + DOP_SHR_LONG, /* shr-long (0xa4) */ + DOP_USHR_LONG, /* ushr-long (0xa5) */ + DOP_ADD_FLOAT, /* add-float (0xa6) */ + DOP_SUB_FLOAT, /* sub-float (0xa7) */ + DOP_MUL_FLOAT, /* mul-float (0xa8) */ + DOP_DIV_FLOAT, /* mul-float (0xa9) */ + DOP_REM_FLOAT, /* mul-float (0xaa) */ + DOP_ADD_DOUBLE, /* add-double (0xab) */ + DOP_SUB_DOUBLE, /* sub-double (0xac) */ + DOP_MUL_DOUBLE, /* mul-double (0xad) */ + DOP_DIV_DOUBLE, /* div-double (0xae) */ + DOP_REM_DOUBLE, /* rem-double (0xaf) */ + DOP_ADD_INT_2ADDR, /* add-int/2addr (0xb0) */ + DOP_SUB_INT_2ADDR, /* add-int/2addr (0xb1) */ + DOP_MUL_INT_2ADDR, /* mul-int/2addr (0xb2) */ + DOP_DIV_INT_2ADDR, /* div-int/2addr (0xb3) */ + DOP_REM_INT_2ADDR, /* rem-int/2addr (0xb4) */ + DOP_AND_INT_2ADDR, /* and-int/2addr (0xb5) */ + DOP_OR_INT_2ADDR, /* or-int/2addr (0xb6) */ + DOP_XOR_INT_2ADDR, /* xor-int/2addr (0xb7) */ + DOP_SHL_INT_2ADDR, /* shl-int/2addr (0xb8) */ + DOP_SHR_INT_2ADDR, /* shr-int/2addr (0xb9) */ + DOP_USHR_INT_2ADDR, /* ushr-int/2addr (0xba) */ + DOP_ADD_LONG_2ADDR, /* add-long/2addr (0xbb) */ + DOP_SUB_LONG_2ADDR, /* sub-long/2addr (0xbc) */ + DOP_MUL_LONG_2ADDR, /* mul-long/2addr (0xbd) */ + DOP_DIV_LONG_2ADDR, /* div-long/2addr (0xbe) */ + DOP_REM_LONG_2ADDR, /* rem-long/2addr (0xbf) */ + DOP_AND_LONG_2ADDR, /* and-long/2addr (0xc0) */ + DOP_OR_LONG_2ADDR, /* or-long/2addr (0xc1) */ + DOP_XOR_LONG_2ADDR, /* xor-long/2addr (0xc2) */ + DOP_SHL_LONG_2ADDR, /* shl-long/2addr (0xc3) */ + DOP_SHR_LONG_2ADDR, /* shr-long/2addr (0xc4) */ + DOP_USHR_LONG_2ADDR, /* ushr-long/2addr (0xc5) */ + DOP_ADD_FLOAT_2ADDR, /* add-float/2addr (0xc6) */ + DOP_SUB_FLOAT_2ADDR, /* sub-float/2addr (0xc7) */ + DOP_MUL_FLOAT_2ADDR, /* mul-float/2addr (0xc8) */ + DOP_DIV_FLOAT_2ADDR, /* div-float/2addr (0xc9) */ + DOP_REM_FLOAT_2ADDR, /* rem-float/2addr (0xca) */ + DOP_ADD_DOUBLE_2ADDR, /* add-double/2addr (0xcb) */ + DOP_SUB_DOUBLE_2ADDR, /* sub-double/2addr (0xcc) */ + DOP_MUL_DOUBLE_2ADDR, /* mul-double/2addr (0xcd) */ + DOP_DIV_DOUBLE_2ADDR, /* div-double/2addr (0xce) */ + DOP_REM_DOUBLE_2ADDR, /* rem-double/2addr (0xcf) */ + DOP_ADD_INT_LIT16, /* add-int/lit16 (0xd0) */ + DOP_RSUB_INT, /* rsub-int (0xd1) */ + DOP_MUL_INT_LIT16, /* mul-int/lit16 (0xd2) */ + DOP_DIV_INT_LIT16, /* div-int/lit16 (0xd3) */ + DOP_REM_INT_LIT16, /* rem-int/lit16 (0xd4) */ + DOP_AND_INT_LIT16, /* and-int/lit16 (0xd5) */ + DOP_OR_INT_LIT16, /* or-int/lit16 (0xd6) */ + DOP_XOR_INT_LIT16, /* xor-int/lit16 (0xd7) */ + DOP_ADD_INT_LIT8, /* add-int/lit8 (0xd8) */ + DOP_RSUB_INT_LIT8, /* rsub-int/lit8 (0xd9) */ + DOP_MUL_INT_LIT8, /* mul-int/lit8 (0xda) */ + DOP_DIV_INT_LIT8, /* div-int/lit8 (0xdb) */ + DOP_REM_INT_LIT8, /* rem-int/lit8 (0xdc) */ + DOP_AND_INT_LIT8, /* and-int/lit8 (0xdd) */ + DOP_OR_INT_LIT8, /* or-int/lit8 (0xde) */ + DOP_XOR_INT_LIT8, /* xor-int/lit8 (0xdf) */ + DOP_SHL_INT_LIT8, /* shl-int/lit8 (0xe0) */ + DOP_SHR_INT_LIT8, /* shr-int/lit8 (0xe1) */ + DOP_USHR_INT_LIT8, /* ushr-int/lit8 (0xe2) */ + DOP_UNUSED_E3, /* -unused- (0xe3) */ + DOP_UNUSED_E4, /* -unused- (0xe4) */ + DOP_UNUSED_E5, /* -unused- (0xe5) */ + DOP_UNUSED_E6, /* -unused- (0xe6) */ + DOP_UNUSED_E7, /* -unused- (0xe7) */ + DOP_UNUSED_E8, /* -unused- (0xe8) */ + DOP_UNUSED_E9, /* -unused- (0xe9) */ + DOP_UNUSED_EA, /* -unused- (0xea) */ + DOP_UNUSED_EB, /* -unused- (0xeb) */ + DOP_UNUSED_EC, /* -unused- (0xec) */ + DOP_UNUSED_ED, /* -unused- (0xed) */ + DOP_UNUSED_EE, /* -unused- (0xee) */ + DOP_UNUSED_EF, /* -unused- (0xef) */ + DOP_UNUSED_F0, /* -unused- (0xf0) */ + DOP_UNUSED_F1, /* -unused- (0xf1) */ + DOP_UNUSED_F2, /* -unused- (0xf2) */ + DOP_UNUSED_F3, /* -unused- (0xf3) */ + DOP_UNUSED_F4, /* -unused- (0xf4) */ + DOP_UNUSED_F5, /* -unused- (0xf5) */ + DOP_UNUSED_F6, /* -unused- (0xf6) */ + DOP_UNUSED_F7, /* -unused- (0xf7) */ + DOP_UNUSED_F8, /* -unused- (0xf8) */ + DOP_UNUSED_F9, /* -unused- (0xf9) */ + DOP_UNUSED_FA, /* -unused- (0xfa) */ + DOP_UNUSED_FB, /* -unused- (0xfb) */ + DOP_UNUSED_FC, /* -unused- (0xfc) */ + DOP_UNUSED_FD, /* -unused- (0xfd) */ + DOP_UNUSED_FE, /* -unused- (0xfe) */ + DOP_UNUSED_FF, /* -unused- (0xff) */ + + DOP_COUNT + +} DalvikOpcodes; + + +/* Enumération de tous les pseudo-opcodes */ +typedef enum _DalvikPseudoOpcodes +{ + DPO_PACKED_SWITCH = 0x0100, /* Switch aux clefs compactes */ + DPO_SPARSE_SWITCH = 0x0200, /* Switch aux clefs éclatées */ + DPO_FILL_ARRAY_DATA = 0x0300 /* Contenu de tableau */ + +} DalvikPseudoOpcodes; + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_DEF_H */ diff --git a/plugins/dalvik/instruction-int.h b/plugins/dalvik/instruction-int.h new file mode 100644 index 0000000..b4e59b0 --- /dev/null +++ b/plugins/dalvik/instruction-int.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction-int.h - prototypes pour la définition générique interne des instructions Dalvik + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_INT_H +#define _ARCH_DALVIK_INSTRUCTION_INT_H + + +#include <arch/instruction-int.h> + + +#include "instruction-def.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikInstruction +{ + GArchInstruction parent; /* A laisser en premier */ + + const char *keyword; /* Nom clef de l'instruction */ + + DalvikOpcodes type; /* Position dans la liste */ + DalvikPseudoOpcodes ptype; /* Position dans la liste #2 */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikInstructionClass +{ + GArchInstructionClass parent; /* A laisser en premier */ + +}; + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_INT_H */ diff --git a/plugins/dalvik/instruction.c b/plugins/dalvik/instruction.c new file mode 100644 index 0000000..aafd34e --- /dev/null +++ b/plugins/dalvik/instruction.c @@ -0,0 +1,234 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction.c - gestion des instructions de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "instruction.h" + + +#include <string.h> + + +#include <arch/instruction-int.h> +#include <arch/register-int.h> + + +#include "instruction-int.h" +#include "operands/register.h" + + + +/* Initialise la classe des instructions pour Dalvik. */ +static void g_dalvik_instruction_class_init(GDalvikInstructionClass *); + +/* Initialise une instance d'opérande d'architecture Dalvik. */ +static void g_dalvik_instruction_init(GDalvikInstruction *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_instruction_dispose(GDalvikInstruction *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_instruction_finalize(GDalvikInstruction *); + +/* Indique l'encodage d'une instruction de façon détaillée. */ +static const char *g_dalvik_instruction_get_encoding(const GDalvikInstruction *); + +/* Fournit le nom humain de l'instruction manipulée. */ +static const char *dalvik_instruction_get_keyword(const GDalvikInstruction *, AsmSyntax); + + + +/* Indique le type défini pour une instruction d'architecture Dalvik. */ +G_DEFINE_TYPE(GDalvikInstruction, g_dalvik_instruction, G_TYPE_ARCH_INSTRUCTION); + + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des instructions pour Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_class_init(GDalvikInstructionClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchInstructionClass *instr; /* Encore une autre vision... */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_instruction_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_instruction_finalize; + + instr = G_ARCH_INSTRUCTION_CLASS(klass); + + instr->get_encoding = (get_instruction_encoding_fc)g_dalvik_instruction_get_encoding; + instr->get_keyword = (get_instruction_keyword_fc)dalvik_instruction_get_keyword; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_init(GDalvikInstruction *instr) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_dispose(GDalvikInstruction *instr) +{ + G_OBJECT_CLASS(g_dalvik_instruction_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_instruction_finalize(GDalvikInstruction *instr) +{ + G_OBJECT_CLASS(g_dalvik_instruction_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : keyword = définition du nom humaine de l'instruction. * +* * +* Description : Crée une instruction pour l'architecture Dalvik. * +* * +* Retour : Adresse de la structure mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_instruction_new(const char *keyword) +{ + GArchInstruction *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_INSTRUCTION, NULL); + + G_DALVIK_INSTRUCTION(result)->keyword = keyword; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction quelconque à consulter. * +* * +* Description : Indique l'encodage d'une instruction de façon détaillée. * +* * +* Retour : Description humaine de l'encodage utilisé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static const char *g_dalvik_instruction_get_encoding(const GDalvikInstruction *instr) +{ + const char *result; /* Description à retourner */ + + result = "Dalvik"; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à consulter. * +* syntax = type de représentation demandée. * +* * +* Description : Fournit le nom humain de l'instruction manipulée. * +* * +* Retour : Mot clef de bas niveau. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static const char *dalvik_instruction_get_keyword(const GDalvikInstruction *instr, AsmSyntax syntax) +{ + return instr->keyword; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction Dalvik à consulter. * +* * +* Description : Indique l'opcode associé à une instruction Dalvik. * +* * +* Retour : Identifiant de l'instruction en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DalvikOpcodes g_dalvik_instruction_get_opcode(const GDalvikInstruction *instr) +{ + return instr->type; + +} diff --git a/plugins/dalvik/instruction.h b/plugins/dalvik/instruction.h new file mode 100644 index 0000000..8f05cc5 --- /dev/null +++ b/plugins/dalvik/instruction.h @@ -0,0 +1,68 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * instruction.h - prototypes pour la gestion des instructions de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_INSTRUCTION_H +#define _ARCH_DALVIK_INSTRUCTION_H + + +#include <arch/instruction.h> + + +#include "instruction-def.h" + + + +#define G_TYPE_DALVIK_INSTRUCTION g_dalvik_instruction_get_type() +#define G_DALVIK_INSTRUCTION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_instruction_get_type(), GDalvikInstruction)) +#define G_IS_DALVIK_INSTRUCTION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_instruction_get_type())) +#define G_DALVIK_INSTRUCTION_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), g_dalvik_instruction_get_type(), GDalvikInstructionIface)) + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +typedef struct _GDalvikInstruction GDalvikInstruction; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +typedef struct _GDalvikInstructionClass GDalvikInstructionClass; + + +/* Indique le type défini pour une instruction d'architecture Dalvik. */ +GType g_dalvik_instruction_get_type(void); + +/* Crée une instruction pour l'architecture Dalvik. */ +GArchInstruction *g_dalvik_instruction_new(const char *); + +/* Indique l'opcode associé à une instruction Dalvik. */ +DalvikOpcodes g_dalvik_instruction_get_opcode(const struct _GDalvikInstruction *); + + + +/* --------------------- AIDE A LA MISE EN PLACE D'INSTRUCTIONS --------------------- */ + + + + +/* ------------------------ AIDE A LA PHASE DE DECOMPILATION ------------------------ */ + + + +#endif /* _ARCH_DALVIK_INSTRUCTION_H */ diff --git a/plugins/dalvik/link.c b/plugins/dalvik/link.c new file mode 100644 index 0000000..ae7aa63 --- /dev/null +++ b/plugins/dalvik/link.c @@ -0,0 +1,322 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * link.c - édition des liens après la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "link.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdbool.h> +#include <stdio.h> + + +#include <i18n.h> +#include <analysis/db/items/comment.h> +#include <arch/target.h> +#include <common/extstr.h> + + +#include "pseudo/switch.h" + + + +/* Mémorisation des cas rencontrés */ +typedef struct _case_comment +{ + bool valid; /* Entrée utilisable ? */ + + vmpa2t handler; /* Position du code associé */ + + bool is_default; /* Gestion par défaut ? */ + union + { + int32_t key; /* Clef unique */ + int32_t *keys; /* Ensemble de clefs dynamique */ + }; + + size_t count; /* Nombre de clefs conservées */ + +} case_comment; + + +/* REMME */ +#define COMMENT_LINE_SEP "\n" + + +/****************************************************************************** +* * +* Paramètres : instr = instruction ARMv7 à traiter. * +* proc = représentation de l'architecture utilisée. * +* context = contexte associé à la phase de désassemblage. * +* format = acès aux données du binaire d'origine. * +* * +* Description : Etablit tous les liens liés à un embranchement compressé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void handle_dalvik_packed_switch_links(GArchInstruction *instr, GArchProcessor *proc, GProcContext *context, GExeFormat *format) +{ + GArchOperand *op; /* Opérande numérique en place */ + bool defined; /* Adresse définie ? */ + vmpa2t addr; /* Adresse de destination */ + virt_t virt; /* Adresse virtuelle */ + GArchInstruction *switch_ins; /* Instruction de branchements */ + const mrange_t *range; /* Zone d'occupation */ + const vmpa2t *start_addr; /* Adresse de référentiel */ + const int32_t *keys; /* Conditions de sauts */ + const int32_t *targets; /* Positions relatives liées */ + uint16_t count; /* Taille de ces tableaux */ + case_comment *comments; /* Mémorisation progressive */ + vmpa2t def_addr; /* Traitement par défaut */ + GArchInstruction *target; /* Ligne visée par la référence*/ + case_comment *comment; /* Commentaire à éditer */ + uint16_t i; /* Boucle de parcours #1 */ + size_t j; /* Boucle de parcours #2 */ + int32_t tmp; /* Sauvegarde temporaire */ + char *msg; /* Indication à imprimer */ + size_t k; /* Boucle de parcours #3 */ + char *int_val; /* Valeur en chaîne de carac. */ + GDbComment *item; /* Indication sur la condition */ + + g_arch_instruction_lock_operands(instr); + + assert(_g_arch_instruction_count_operands(instr) == 2); + + op = _g_arch_instruction_get_operand(instr, 1); + + g_arch_instruction_unlock_operands(instr); + + defined = false; + + if (G_IS_TARGET_OPERAND(op)) + { + g_target_operand_get_addr(G_TARGET_OPERAND(op), &addr); + defined = true; + } + + else if (G_IS_IMM_OPERAND(op)) + { + if (g_imm_operand_to_virt_t(G_IMM_OPERAND(op), &virt)) + { + init_vmpa(&addr, VMPA_NO_PHYSICAL, virt); + defined = true; + } + } + + if (defined) + { + switch_ins = g_arch_processor_find_instr_by_address(proc, &addr); + + if (G_IS_DALVIK_SWITCH_INSTR(switch_ins)) + { + range = g_arch_instruction_get_range(instr); + + start_addr = get_mrange_addr(range); + + /* Préparation de l'édition des commentaires */ + + count = g_dalvik_switch_get_data(G_DALVIK_SWITCH_INSTR(switch_ins), &keys, &targets); + + comments = (case_comment *)calloc(1 + count, sizeof(case_comment)); + + /* Cas par défaut */ + + compute_mrange_end_addr(range, &def_addr); + + target = g_arch_processor_find_instr_by_address(proc, &def_addr); + + if (target != NULL) + { + comment = &comments[0]; + + comment->valid = true; + + copy_vmpa(&comment->handler, &def_addr); + + comment->is_default = true; + + g_arch_instruction_link_with(instr, target, ILT_CASE_JUMP); + + g_object_unref(G_OBJECT(target)); + + } + + /* Autres cas */ + + for (i = 0; i < count; i++) + { + copy_vmpa(&addr, start_addr); + advance_vmpa(&addr, targets[i] * sizeof(uint16_t)); + + if (cmp_vmpa(&addr, &def_addr) == 0) + continue; + + target = g_arch_processor_find_instr_by_address(proc, &addr); + + if (target != NULL) + { + for (j = 0; j < (1 + count); j++) + { + if (!comments[j].valid) + break; + + if (cmp_vmpa(&addr, &comments[j].handler) == 0) + break; + + } + + assert(j < (1 + count)); + + comment = &comments[j]; + + if (!comment->valid) + { + comment->valid = true; + + copy_vmpa(&comment->handler, &addr); + + comment->key = keys[i]; + comment->count = 1; + + } + else + { + if (comment->count == 0) + comment->key = keys[i]; + + if (comment->count == 1) + { + tmp = comment->key; + + comment->keys = (int32_t *)calloc(2, sizeof(int32_t)); + + comment->keys[0] = tmp; + comment->keys[1] = keys[i]; + + comment->count = 2; + + } + + else + { + comment->count++; + + comment->keys = (int32_t *)realloc(comment->keys, comment->count * sizeof(int32_t)); + + comment->keys[comment->count - 1] = keys[i]; + + } + + } + + g_arch_instruction_link_with(instr, target, ILT_CASE_JUMP); + + g_object_unref(G_OBJECT(target)); + + } + + } + + /* Edition des commentaires et nettoyage */ + + for (j = 0; j < (1 + count); j++) + { + comment = &comments[j]; + + if (!comment->valid) + break; + + switch (comment->count) + { + case 0: + msg = NULL; + break; + + case 1: + asprintf(&msg, _("Case %d"), comment->key); + break; + + default: + + msg = NULL; + + /** + * Les spécifications indiquent que les clefs sont triées. + * Donc nul besoin de s'occuper de leur ordre ici. + */ + + for (k = 0; k < comment->count; k++) + { + if (k > 0) + /* FIXME : encapsuler ! */ + msg = stradd(msg, COMMENT_LINE_SEP); + + asprintf(&int_val, _("Case %d:"), comment->keys[k]); + msg = stradd(msg, int_val); + free(int_val); + + } + + break; + + } + + if (comment->is_default) + { + if (msg == NULL) + msg = strdup(_("Defaut case:")); + else + { + /* FIXME : encapsuler ! */ + msg = stradd(msg, COMMENT_LINE_SEP); + msg = stradd(msg, _("Defaut case")); + } + + } + + item = g_db_comment_new_area(&comment->handler, BLF_NONE, msg, true); + + g_db_item_set_volatile(G_DB_ITEM(item), true); + g_proc_context_add_db_item(context, G_DB_ITEM(item)); + + free(msg); + + if (comment->count > 1) + free(comment->keys); + + } + + free(comments); + + } + + if (switch_ins != NULL) + g_object_unref(G_OBJECT(switch_ins)); + + } + +} diff --git a/plugins/dalvik/link.h b/plugins/dalvik/link.h new file mode 100644 index 0000000..41d03ec --- /dev/null +++ b/plugins/dalvik/link.h @@ -0,0 +1,48 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * link.h - prototypes pour l'édition des liens après la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_LINK_H +#define _ARCH_DALVIK_LINK_H + + +#include <arch/link.h> + + + +static inline void handle_dalvik_if_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + handle_branch_as_link(ins, proc, ctx, fmt, 2); +} + +static inline void handle_dalvik_ifz_branch_as_link(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + handle_branch_as_link(ins, proc, ctx, fmt, 1); +} + + +/* Etablit tous les liens liés à un embranchement compressé. */ +void handle_dalvik_packed_switch_links(GArchInstruction *, GArchProcessor *, GProcContext *, GExeFormat *); + + + +#endif /* _ARCH_DALVIK_LINK_H */ diff --git a/plugins/dalvik/opcodes/Makefile.am b/plugins/dalvik/opcodes/Makefile.am new file mode 100644 index 0000000..9889cfa --- /dev/null +++ b/plugins/dalvik/opcodes/Makefile.am @@ -0,0 +1,23 @@ + +# Initialement, ce Makefile est conçu sans définition de am__depfiles_maybe. +# Est-ce parce que GENERATED_FILES est vide et qu'il n'y a donc pas de code +# source ? En tout cas, au premier écrasement de gencode.mk, tous les fichiers +# sont regénérés, et am__depfiles_maybe apparaît enfin. Mais trop tard : +# des fichiers .Plo sont attendus mais non créés par l'ancien Makefile. +# On force les choses ici. +am__depfiles_maybe = depfiles + +include gencode.mk + +noinst_LTLIBRARIES = libdalvikopcodes.la + +libdalvikopcodes_la_SOURCES = $(GENERATED_FILES) + +libdalvikopcodes_la_LIBADD = + +libdalvikopcodes_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dalvik/opdefs/Makefile.am b/plugins/dalvik/opdefs/Makefile.am new file mode 100644 index 0000000..fed398f --- /dev/null +++ b/plugins/dalvik/opdefs/Makefile.am @@ -0,0 +1,286 @@ + +include $(top_srcdir)/tools/d2c/d2c.mk + + +D2C_BIN = $(top_srcdir)/tools/d2c/d2c +GEN_BIN = $(top_srcdir)/tools/d2c/d2c_genmakefile.sh + +D2C_TYPE = format + +D2C_OUTDIR = $(PWD)/.. + +D2C_ARCH = dalvik +D2C_HEADER = _ARCH_DALVIK +D2C_PREFIX = DALVIK_OPT_ + +D2C_ENCODINGS = \ + -e none + +D2C_MACROS = \ + -M SetInsFlag=g_arch_instruction_set_flag + +FIXED_C_INCLUDES = \ + \n\#include \<stdint.h\> \ + \n \ + \n\#include <analysis\/content.h> \ + \n\#include <arch/context.h> \ + \n\#include <format\/executable.h> \ + \n \ + \n\#include \"..\/fetch.h\" \ + \n\#include \"..\/helpers.h\" \ + \n\#include \"..\/instruction.h\" \ + \n\#include \"..\/link.h\" \ + \n\#include \"..\/post.h\" \ + \n\#include \"..\/processor.h\" \ + \n\n + +FIXED_H_INCLUDES = \ + \#include <stdint.h> \ + \n \ + \n\#include <arch/context.h> \ + \n\#include <analysis/content.h> \ + \n\#include <format/executable.h> \ + \n \ + \n\#include "../processor.h" + +# for (( i = 0; i < 256; i++)); do def=$(ls `printf "*_%02x.d" $i` 2> /dev/null); test -z "$def" || echo -e "\t$def\t\t\t\t\t\t\t\\" ; done +DALVIK_DEFS = \ + nop_00.d \ + move_01.d \ + move_02.d \ + move_03.d \ + move_04.d \ + move_05.d \ + move_06.d \ + move_07.d \ + move_08.d \ + move_09.d \ + move_0a.d \ + move_0b.d \ + move_0c.d \ + move_0d.d \ + return_0e.d \ + return_0f.d \ + return_10.d \ + return_11.d \ + const_12.d \ + const_13.d \ + const_14.d \ + const_15.d \ + const_16.d \ + const_17.d \ + const_18.d \ + const_19.d \ + const_1a.d \ + const_1b.d \ + const_1c.d \ + monitor_1d.d \ + monitor_1e.d \ + check_1f.d \ + instanceof_20.d \ + array_21.d \ + new_22.d \ + new_23.d \ + array_24.d \ + filled_25.d \ + array_26.d \ + throw_27.d \ + goto_28.d \ + goto_29.d \ + goto_2a.d \ + switch_2b.d \ + switch_2c.d \ + cmpl_2d.d \ + cmpg_2e.d \ + cmpl_2f.d \ + cmpg_30.d \ + cmp_31.d \ + if_32.d \ + if_33.d \ + if_34.d \ + if_35.d \ + if_36.d \ + if_37.d \ + if_38.d \ + if_39.d \ + if_3a.d \ + if_3b.d \ + if_3c.d \ + if_3d.d \ + aget_44.d \ + aget_45.d \ + aget_46.d \ + aget_47.d \ + aget_48.d \ + aget_49.d \ + aget_4a.d \ + aput_4b.d \ + aput_4c.d \ + aput_4d.d \ + aput_4e.d \ + aput_4f.d \ + aput_50.d \ + aput_51.d \ + iget_52.d \ + iget_53.d \ + iget_54.d \ + iget_55.d \ + iget_56.d \ + iget_57.d \ + iget_58.d \ + iput_59.d \ + iput_5a.d \ + iput_5b.d \ + iput_5c.d \ + iput_5d.d \ + iput_5e.d \ + iput_5f.d \ + sget_60.d \ + sget_61.d \ + sget_62.d \ + sget_63.d \ + sget_64.d \ + sget_65.d \ + sget_66.d \ + sput_67.d \ + sput_68.d \ + sput_69.d \ + sput_6a.d \ + sput_6b.d \ + sput_6c.d \ + sput_6d.d \ + invoke_6e.d \ + invoke_6f.d \ + invoke_70.d \ + invoke_71.d \ + invoke_72.d \ + invoke_74.d \ + invoke_75.d \ + invoke_76.d \ + invoke_77.d \ + invoke_78.d \ + neg_7b.d \ + not_7c.d \ + neg_7d.d \ + not_7e.d \ + neg_7f.d \ + neg_80.d \ + to_81.d \ + to_82.d \ + to_83.d \ + to_84.d \ + to_85.d \ + to_86.d \ + to_87.d \ + to_88.d \ + to_89.d \ + to_8a.d \ + to_8b.d \ + to_8c.d \ + to_8d.d \ + to_8e.d \ + to_8f.d \ + add_90.d \ + sub_91.d \ + mul_92.d \ + div_93.d \ + rem_94.d \ + and_95.d \ + or_96.d \ + xor_97.d \ + shl_98.d \ + shr_99.d \ + ushr_9a.d \ + add_9b.d \ + sub_9c.d \ + mul_9d.d \ + div_9e.d \ + rem_9f.d \ + and_a0.d \ + or_a1.d \ + xor_a2.d \ + shl_a3.d \ + shr_a4.d \ + ushr_a5.d \ + add_a6.d \ + sub_a7.d \ + mul_a8.d \ + div_a9.d \ + rem_aa.d \ + add_ab.d \ + sub_ac.d \ + mul_ad.d \ + div_ae.d \ + rem_af.d \ + add_b0.d \ + sub_b1.d \ + mul_b2.d \ + div_b3.d \ + rem_b4.d \ + and_b5.d \ + or_b6.d \ + xor_b7.d \ + shl_b8.d \ + shr_b9.d \ + ushr_ba.d \ + add_bb.d \ + sub_bc.d \ + mul_bd.d \ + div_be.d \ + rem_bf.d \ + and_c0.d \ + or_c1.d \ + xor_c2.d \ + shl_c3.d \ + shr_c4.d \ + ushr_c5.d \ + add_c6.d \ + sub_c7.d \ + mul_c8.d \ + div_c9.d \ + rem_ca.d \ + add_cb.d \ + sub_cc.d \ + mul_cd.d \ + div_ce.d \ + rem_cf.d \ + add_d0.d \ + rsub_d1.d \ + mul_d2.d \ + div_d3.d \ + rem_d4.d \ + and_d5.d \ + or_d6.d \ + xor_d7.d \ + add_d8.d \ + rsub_d9.d \ + mul_da.d \ + div_db.d \ + rem_dc.d \ + and_dd.d \ + or_de.d \ + xor_df.d \ + shl_e0.d \ + shr_e1.d \ + ushr_e2.d + +# make dist procède répertoire par répertoire. Or le répertoire opcodes utilise +# le contenu du répertoire opdefs. Il faut donc générer les fichiers nécessaires +# au répertoire opcodes. Et comme on ne peut pas compléter la règle dist, on +# ajoute à la distribution les cibles marquant la génération. (1/2) + +EXTRA_DIST = $(DALVIK_DEFS) $(DALVIK_DEFS:.d=.g) + +# Après coup, on supprime les fichiers inutiles de la distribution/ (2/2) + +dist-hook: + cd $(distdir) && rm $(DALVIK_DEFS:.d=.g) + +all: $(DALVIK_DEFS:.d=.g) fmk.done d2c_final_rules + +fmk.done: $(DALVIK_DEFS) + $(GEN_BIN) ../opcodes/ ../opdefs/.gen $(top_srcdir)/tools/d2c/globalgen.mk - + touch $@ + +clean: + rm -rf $(DALVIK_DEFS:.d=.g) .gen fmk.done diff --git a/plugins/dalvik/opdefs/add_90.d b/plugins/dalvik/opdefs/add_90.d new file mode 100644 index 0000000..04168ab --- /dev/null +++ b/plugins/dalvik/opdefs/add_90.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_9b.d b/plugins/dalvik/opdefs/add_9b.d new file mode 100644 index 0000000..fc40b13 --- /dev/null +++ b/plugins/dalvik/opdefs/add_9b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_a6.d b/plugins/dalvik/opdefs/add_a6.d new file mode 100644 index 0000000..055358b --- /dev/null +++ b/plugins/dalvik/opdefs/add_a6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_ab.d b/plugins/dalvik/opdefs/add_ab.d new file mode 100644 index 0000000..1506483 --- /dev/null +++ b/plugins/dalvik/opdefs/add_ab.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/add_b0.d b/plugins/dalvik/opdefs/add_b0.d new file mode 100644 index 0000000..9c5605e --- /dev/null +++ b/plugins/dalvik/opdefs/add_b0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_bb.d b/plugins/dalvik/opdefs/add_bb.d new file mode 100644 index 0000000..aba27f3 --- /dev/null +++ b/plugins/dalvik/opdefs/add_bb.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_c6.d b/plugins/dalvik/opdefs/add_c6.d new file mode 100644 index 0000000..3394b92 --- /dev/null +++ b/plugins/dalvik/opdefs/add_c6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_cb.d b/plugins/dalvik/opdefs/add_cb.d new file mode 100644 index 0000000..896f614 --- /dev/null +++ b/plugins/dalvik/opdefs/add_cb.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/add_d0.d b/plugins/dalvik/opdefs/add_d0.d new file mode 100644 index 0000000..f6f4324 --- /dev/null +++ b/plugins/dalvik/opdefs/add_d0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/add_d8.d b/plugins/dalvik/opdefs/add_d8.d new file mode 100644 index 0000000..ec4ee01 --- /dev/null +++ b/plugins/dalvik/opdefs/add_d8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title add-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/aget_44.d b/plugins/dalvik/opdefs/aget_44.d new file mode 100644 index 0000000..b3a26cb --- /dev/null +++ b/plugins/dalvik/opdefs/aget_44.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_45.d b/plugins/dalvik/opdefs/aget_45.d new file mode 100644 index 0000000..184667b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_45.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-wide + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_46.d b/plugins/dalvik/opdefs/aget_46.d new file mode 100644 index 0000000..b951c09 --- /dev/null +++ b/plugins/dalvik/opdefs/aget_46.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-object + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_47.d b/plugins/dalvik/opdefs/aget_47.d new file mode 100644 index 0000000..0a5e90b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_47.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-boolean + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_48.d b/plugins/dalvik/opdefs/aget_48.d new file mode 100644 index 0000000..c84f513 --- /dev/null +++ b/plugins/dalvik/opdefs/aget_48.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-byte + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_49.d b/plugins/dalvik/opdefs/aget_49.d new file mode 100644 index 0000000..396434b --- /dev/null +++ b/plugins/dalvik/opdefs/aget_49.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-char + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aget_4a.d b/plugins/dalvik/opdefs/aget_4a.d new file mode 100644 index 0000000..ce9497f --- /dev/null +++ b/plugins/dalvik/opdefs/aget_4a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aget-short + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_95.d b/plugins/dalvik/opdefs/and_95.d new file mode 100644 index 0000000..3926c05 --- /dev/null +++ b/plugins/dalvik/opdefs/and_95.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_a0.d b/plugins/dalvik/opdefs/and_a0.d new file mode 100644 index 0000000..b011156 --- /dev/null +++ b/plugins/dalvik/opdefs/and_a0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/and_b5.d b/plugins/dalvik/opdefs/and_b5.d new file mode 100644 index 0000000..dec2ffb --- /dev/null +++ b/plugins/dalvik/opdefs/and_b5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/and_c0.d b/plugins/dalvik/opdefs/and_c0.d new file mode 100644 index 0000000..6fb52b6 --- /dev/null +++ b/plugins/dalvik/opdefs/and_c0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/and_d5.d b/plugins/dalvik/opdefs/and_d5.d new file mode 100644 index 0000000..081c0d0 --- /dev/null +++ b/plugins/dalvik/opdefs/and_d5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/and_dd.d b/plugins/dalvik/opdefs/and_dd.d new file mode 100644 index 0000000..8adae05 --- /dev/null +++ b/plugins/dalvik/opdefs/and_dd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title and-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/aput_4b.d b/plugins/dalvik/opdefs/aput_4b.d new file mode 100644 index 0000000..90cc75f --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4c.d b/plugins/dalvik/opdefs/aput_4c.d new file mode 100644 index 0000000..ff545f4 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-wide + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4d.d b/plugins/dalvik/opdefs/aput_4d.d new file mode 100644 index 0000000..4c9ae98 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-object + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4e.d b/plugins/dalvik/opdefs/aput_4e.d new file mode 100644 index 0000000..1602e62 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-boolean + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_4f.d b/plugins/dalvik/opdefs/aput_4f.d new file mode 100644 index 0000000..3632974 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_4f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-byte + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_50.d b/plugins/dalvik/opdefs/aput_50.d new file mode 100644 index 0000000..c295386 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_50.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-char + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/aput_51.d b/plugins/dalvik/opdefs/aput_51.d new file mode 100644 index 0000000..11ad5b2 --- /dev/null +++ b/plugins/dalvik/opdefs/aput_51.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title aput-short + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/array_21.d b/plugins/dalvik/opdefs/array_21.d new file mode 100644 index 0000000..e0ca860 --- /dev/null +++ b/plugins/dalvik/opdefs/array_21.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title array-length + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/array_24.d b/plugins/dalvik/opdefs/array_24.d new file mode 100644 index 0000000..00b7896 --- /dev/null +++ b/plugins/dalvik/opdefs/array_24.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title filled-new-array + +@encoding() { + + @format 35c | pool_type + +} diff --git a/plugins/dalvik/opdefs/array_26.d b/plugins/dalvik/opdefs/array_26.d new file mode 100644 index 0000000..f57afd1 --- /dev/null +++ b/plugins/dalvik/opdefs/array_26.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title fill-array-data + +@encoding() { + + @format 31t + +} diff --git a/plugins/dalvik/opdefs/check_1f.d b/plugins/dalvik/opdefs/check_1f.d new file mode 100644 index 0000000..0f59ba7 --- /dev/null +++ b/plugins/dalvik/opdefs/check_1f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title check-cast + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/cmp_31.d b/plugins/dalvik/opdefs/cmp_31.d new file mode 100644 index 0000000..baedee6 --- /dev/null +++ b/plugins/dalvik/opdefs/cmp_31.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmp-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpg_2e.d b/plugins/dalvik/opdefs/cmpg_2e.d new file mode 100644 index 0000000..296337c --- /dev/null +++ b/plugins/dalvik/opdefs/cmpg_2e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpg-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpg_30.d b/plugins/dalvik/opdefs/cmpg_30.d new file mode 100644 index 0000000..dbb66ae --- /dev/null +++ b/plugins/dalvik/opdefs/cmpg_30.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpg-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpl_2d.d b/plugins/dalvik/opdefs/cmpl_2d.d new file mode 100644 index 0000000..b76b73e --- /dev/null +++ b/plugins/dalvik/opdefs/cmpl_2d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpl-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/cmpl_2f.d b/plugins/dalvik/opdefs/cmpl_2f.d new file mode 100644 index 0000000..cebd732 --- /dev/null +++ b/plugins/dalvik/opdefs/cmpl_2f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title cmpl-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/const_12.d b/plugins/dalvik/opdefs/const_12.d new file mode 100644 index 0000000..bc4e4f8 --- /dev/null +++ b/plugins/dalvik/opdefs/const_12.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/4 + +@encoding() { + + @format 11n + +} diff --git a/plugins/dalvik/opdefs/const_13.d b/plugins/dalvik/opdefs/const_13.d new file mode 100644 index 0000000..9b65ba4 --- /dev/null +++ b/plugins/dalvik/opdefs/const_13.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/16 + +@encoding() { + + @format 21s + +} diff --git a/plugins/dalvik/opdefs/const_14.d b/plugins/dalvik/opdefs/const_14.d new file mode 100644 index 0000000..039d372 --- /dev/null +++ b/plugins/dalvik/opdefs/const_14.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const + +@encoding() { + + @format 31i + +} diff --git a/plugins/dalvik/opdefs/const_15.d b/plugins/dalvik/opdefs/const_15.d new file mode 100644 index 0000000..add0673 --- /dev/null +++ b/plugins/dalvik/opdefs/const_15.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const/high16 + +@encoding() { + + @format 21h + +} diff --git a/plugins/dalvik/opdefs/const_16.d b/plugins/dalvik/opdefs/const_16.d new file mode 100644 index 0000000..cb1ce25 --- /dev/null +++ b/plugins/dalvik/opdefs/const_16.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/16 + +@encoding() { + + @format 21s + +} diff --git a/plugins/dalvik/opdefs/const_17.d b/plugins/dalvik/opdefs/const_17.d new file mode 100644 index 0000000..88a9f0c --- /dev/null +++ b/plugins/dalvik/opdefs/const_17.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/32 + +@encoding() { + + @format 31i + +} diff --git a/plugins/dalvik/opdefs/const_18.d b/plugins/dalvik/opdefs/const_18.d new file mode 100644 index 0000000..d792add --- /dev/null +++ b/plugins/dalvik/opdefs/const_18.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide + +@encoding() { + + @format 51l + +} diff --git a/plugins/dalvik/opdefs/const_19.d b/plugins/dalvik/opdefs/const_19.d new file mode 100644 index 0000000..577eaf3 --- /dev/null +++ b/plugins/dalvik/opdefs/const_19.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-wide/high16 + +@encoding() { + + @format 21h + +} diff --git a/plugins/dalvik/opdefs/const_1a.d b/plugins/dalvik/opdefs/const_1a.d new file mode 100644 index 0000000..22c11ae --- /dev/null +++ b/plugins/dalvik/opdefs/const_1a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-string + +@encoding() { + + @format 21c | pool_string + +} diff --git a/plugins/dalvik/opdefs/const_1b.d b/plugins/dalvik/opdefs/const_1b.d new file mode 100644 index 0000000..699cef6 --- /dev/null +++ b/plugins/dalvik/opdefs/const_1b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-string/jumbo + +@encoding() { + + @format 31c | pool_string + +} diff --git a/plugins/dalvik/opdefs/const_1c.d b/plugins/dalvik/opdefs/const_1c.d new file mode 100644 index 0000000..c539ee9 --- /dev/null +++ b/plugins/dalvik/opdefs/const_1c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title const-class + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/div_93.d b/plugins/dalvik/opdefs/div_93.d new file mode 100644 index 0000000..cfb7f34 --- /dev/null +++ b/plugins/dalvik/opdefs/div_93.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_9e.d b/plugins/dalvik/opdefs/div_9e.d new file mode 100644 index 0000000..b12ebd1 --- /dev/null +++ b/plugins/dalvik/opdefs/div_9e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_a9.d b/plugins/dalvik/opdefs/div_a9.d new file mode 100644 index 0000000..f7ce52e --- /dev/null +++ b/plugins/dalvik/opdefs/div_a9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_ae.d b/plugins/dalvik/opdefs/div_ae.d new file mode 100644 index 0000000..fae8164 --- /dev/null +++ b/plugins/dalvik/opdefs/div_ae.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/div_b3.d b/plugins/dalvik/opdefs/div_b3.d new file mode 100644 index 0000000..d1cf5d9 --- /dev/null +++ b/plugins/dalvik/opdefs/div_b3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_be.d b/plugins/dalvik/opdefs/div_be.d new file mode 100644 index 0000000..a146c29 --- /dev/null +++ b/plugins/dalvik/opdefs/div_be.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_c9.d b/plugins/dalvik/opdefs/div_c9.d new file mode 100644 index 0000000..541ed90 --- /dev/null +++ b/plugins/dalvik/opdefs/div_c9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_ce.d b/plugins/dalvik/opdefs/div_ce.d new file mode 100644 index 0000000..2c735e4 --- /dev/null +++ b/plugins/dalvik/opdefs/div_ce.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/div_d3.d b/plugins/dalvik/opdefs/div_d3.d new file mode 100644 index 0000000..9dde5bd --- /dev/null +++ b/plugins/dalvik/opdefs/div_d3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/div_db.d b/plugins/dalvik/opdefs/div_db.d new file mode 100644 index 0000000..6754ed8 --- /dev/null +++ b/plugins/dalvik/opdefs/div_db.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title div-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/filled_25.d b/plugins/dalvik/opdefs/filled_25.d new file mode 100644 index 0000000..cf31e09 --- /dev/null +++ b/plugins/dalvik/opdefs/filled_25.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title filled-new-array/range + +@encoding() { + + @format 3rc | pool_type + +} diff --git a/plugins/dalvik/opdefs/goto_28.d b/plugins/dalvik/opdefs/goto_28.d new file mode 100644 index 0000000..a9c12d1 --- /dev/null +++ b/plugins/dalvik/opdefs/goto_28.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto + +@encoding() { + + @format 10t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/goto_29.d b/plugins/dalvik/opdefs/goto_29.d new file mode 100644 index 0000000..8272a7d --- /dev/null +++ b/plugins/dalvik/opdefs/goto_29.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto/16 + +@encoding() { + + @format 20t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/goto_2a.d b/plugins/dalvik/opdefs/goto_2a.d new file mode 100644 index 0000000..937b10d --- /dev/null +++ b/plugins/dalvik/opdefs/goto_2a.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title goto/32 + +@encoding() { + + @format 30t + + @hooks { + + fetch = help_fetching_with_dalvik_goto_instruction + link = handle_jump_as_link + post = post_process_dalvik_goto_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_32.d b/plugins/dalvik/opdefs/if_32.d new file mode 100644 index 0000000..f88098a --- /dev/null +++ b/plugins/dalvik/opdefs/if_32.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-eq + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_33.d b/plugins/dalvik/opdefs/if_33.d new file mode 100644 index 0000000..f655f67 --- /dev/null +++ b/plugins/dalvik/opdefs/if_33.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ne + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_34.d b/plugins/dalvik/opdefs/if_34.d new file mode 100644 index 0000000..1146980 --- /dev/null +++ b/plugins/dalvik/opdefs/if_34.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-lt + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_35.d b/plugins/dalvik/opdefs/if_35.d new file mode 100644 index 0000000..b11b243 --- /dev/null +++ b/plugins/dalvik/opdefs/if_35.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ge + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_36.d b/plugins/dalvik/opdefs/if_36.d new file mode 100644 index 0000000..7436901 --- /dev/null +++ b/plugins/dalvik/opdefs/if_36.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gt + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_37.d b/plugins/dalvik/opdefs/if_37.d new file mode 100644 index 0000000..9ecbd84 --- /dev/null +++ b/plugins/dalvik/opdefs/if_37.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-le + +@encoding() { + + @format 22t + + @hooks { + + fetch = help_fetching_with_dalvik_if_instruction + link = handle_dalvik_if_branch_as_link + post = post_process_dalvik_if_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_38.d b/plugins/dalvik/opdefs/if_38.d new file mode 100644 index 0000000..ff21f2b --- /dev/null +++ b/plugins/dalvik/opdefs/if_38.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-eqz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_39.d b/plugins/dalvik/opdefs/if_39.d new file mode 100644 index 0000000..0dbba57 --- /dev/null +++ b/plugins/dalvik/opdefs/if_39.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-nez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3a.d b/plugins/dalvik/opdefs/if_3a.d new file mode 100644 index 0000000..b003824 --- /dev/null +++ b/plugins/dalvik/opdefs/if_3a.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-ltz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3b.d b/plugins/dalvik/opdefs/if_3b.d new file mode 100644 index 0000000..f571d7e --- /dev/null +++ b/plugins/dalvik/opdefs/if_3b.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3c.d b/plugins/dalvik/opdefs/if_3c.d new file mode 100644 index 0000000..154fe2c --- /dev/null +++ b/plugins/dalvik/opdefs/if_3c.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-gtz + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/if_3d.d b/plugins/dalvik/opdefs/if_3d.d new file mode 100644 index 0000000..2aa5f87 --- /dev/null +++ b/plugins/dalvik/opdefs/if_3d.d @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title if-lez + +@encoding() { + + @format 21t + + @hooks { + + fetch = help_fetching_with_dalvik_ifz_instruction + link = handle_dalvik_ifz_branch_as_link + post = post_process_dalvik_ifz_target_resolution + + } + +} diff --git a/plugins/dalvik/opdefs/iget_52.d b/plugins/dalvik/opdefs/iget_52.d new file mode 100644 index 0000000..ca5c140 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_52.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_53.d b/plugins/dalvik/opdefs/iget_53.d new file mode 100644 index 0000000..3d458d9 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_53.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-wide + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_54.d b/plugins/dalvik/opdefs/iget_54.d new file mode 100644 index 0000000..343accc --- /dev/null +++ b/plugins/dalvik/opdefs/iget_54.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-object + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_55.d b/plugins/dalvik/opdefs/iget_55.d new file mode 100644 index 0000000..dc9d7a4 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_55.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-boolean + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_56.d b/plugins/dalvik/opdefs/iget_56.d new file mode 100644 index 0000000..92e4d6c --- /dev/null +++ b/plugins/dalvik/opdefs/iget_56.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-byte + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_57.d b/plugins/dalvik/opdefs/iget_57.d new file mode 100644 index 0000000..b8864c7 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_57.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-char + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iget_58.d b/plugins/dalvik/opdefs/iget_58.d new file mode 100644 index 0000000..85a3fb8 --- /dev/null +++ b/plugins/dalvik/opdefs/iget_58.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iget-short + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/instanceof_20.d b/plugins/dalvik/opdefs/instanceof_20.d new file mode 100644 index 0000000..7652c56 --- /dev/null +++ b/plugins/dalvik/opdefs/instanceof_20.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title instance-of + +@encoding() { + + @format 22c | pool_type + +} diff --git a/plugins/dalvik/opdefs/invoke_6e.d b/plugins/dalvik/opdefs/invoke_6e.d new file mode 100644 index 0000000..e7b3f0d --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_6e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-virtual + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_6f.d b/plugins/dalvik/opdefs/invoke_6f.d new file mode 100644 index 0000000..9fa4666 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_6f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-super + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_70.d b/plugins/dalvik/opdefs/invoke_70.d new file mode 100644 index 0000000..6662ce3 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_70.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-direct + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_71.d b/plugins/dalvik/opdefs/invoke_71.d new file mode 100644 index 0000000..f179dbd --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_71.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-static + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_72.d b/plugins/dalvik/opdefs/invoke_72.d new file mode 100644 index 0000000..6ad8e09 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_72.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-interface + +@encoding() { + + @format 35c | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_74.d b/plugins/dalvik/opdefs/invoke_74.d new file mode 100644 index 0000000..77b68de --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_74.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-virtual/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_75.d b/plugins/dalvik/opdefs/invoke_75.d new file mode 100644 index 0000000..e886dad --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_75.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-super/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_76.d b/plugins/dalvik/opdefs/invoke_76.d new file mode 100644 index 0000000..8156689 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_76.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-direct/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_77.d b/plugins/dalvik/opdefs/invoke_77.d new file mode 100644 index 0000000..b5707e2 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_77.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-static/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/invoke_78.d b/plugins/dalvik/opdefs/invoke_78.d new file mode 100644 index 0000000..5589b38 --- /dev/null +++ b/plugins/dalvik/opdefs/invoke_78.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title invoke-interface/range + +@encoding() { + + @format 3rc | pool_meth + +} diff --git a/plugins/dalvik/opdefs/iput_59.d b/plugins/dalvik/opdefs/iput_59.d new file mode 100644 index 0000000..fd17db4 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_59.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5a.d b/plugins/dalvik/opdefs/iput_5a.d new file mode 100644 index 0000000..509868c --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-wide + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5b.d b/plugins/dalvik/opdefs/iput_5b.d new file mode 100644 index 0000000..9ad7500 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-object + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5c.d b/plugins/dalvik/opdefs/iput_5c.d new file mode 100644 index 0000000..9ae86fa --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-boolean + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5d.d b/plugins/dalvik/opdefs/iput_5d.d new file mode 100644 index 0000000..8a3830e --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-byte + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5e.d b/plugins/dalvik/opdefs/iput_5e.d new file mode 100644 index 0000000..5120675 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-char + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/iput_5f.d b/plugins/dalvik/opdefs/iput_5f.d new file mode 100644 index 0000000..7fe2d80 --- /dev/null +++ b/plugins/dalvik/opdefs/iput_5f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title iput-short + +@encoding() { + + @format 22c | pool_field + +} diff --git a/plugins/dalvik/opdefs/monitor_1d.d b/plugins/dalvik/opdefs/monitor_1d.d new file mode 100644 index 0000000..ab7ce5f --- /dev/null +++ b/plugins/dalvik/opdefs/monitor_1d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title monitor-enter + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/monitor_1e.d b/plugins/dalvik/opdefs/monitor_1e.d new file mode 100644 index 0000000..b5b0d20 --- /dev/null +++ b/plugins/dalvik/opdefs/monitor_1e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title monitor-exit + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_01.d b/plugins/dalvik/opdefs/move_01.d new file mode 100644 index 0000000..caa2a85 --- /dev/null +++ b/plugins/dalvik/opdefs/move_01.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_02.d b/plugins/dalvik/opdefs/move_02.d new file mode 100644 index 0000000..c8b96bd --- /dev/null +++ b/plugins/dalvik/opdefs/move_02.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_03.d b/plugins/dalvik/opdefs/move_03.d new file mode 100644 index 0000000..6957de7 --- /dev/null +++ b/plugins/dalvik/opdefs/move_03.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_04.d b/plugins/dalvik/opdefs/move_04.d new file mode 100644 index 0000000..57196cc --- /dev/null +++ b/plugins/dalvik/opdefs/move_04.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_05.d b/plugins/dalvik/opdefs/move_05.d new file mode 100644 index 0000000..2b974bb --- /dev/null +++ b/plugins/dalvik/opdefs/move_05.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_06.d b/plugins/dalvik/opdefs/move_06.d new file mode 100644 index 0000000..4acaf62 --- /dev/null +++ b/plugins/dalvik/opdefs/move_06.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-wide/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_07.d b/plugins/dalvik/opdefs/move_07.d new file mode 100644 index 0000000..cde3102 --- /dev/null +++ b/plugins/dalvik/opdefs/move_07.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/move_08.d b/plugins/dalvik/opdefs/move_08.d new file mode 100644 index 0000000..aba0cad --- /dev/null +++ b/plugins/dalvik/opdefs/move_08.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object/from16 + +@encoding() { + + @format 22x + +} diff --git a/plugins/dalvik/opdefs/move_09.d b/plugins/dalvik/opdefs/move_09.d new file mode 100644 index 0000000..3bf6a65 --- /dev/null +++ b/plugins/dalvik/opdefs/move_09.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-object/16 + +@encoding() { + + @format 32x + +} diff --git a/plugins/dalvik/opdefs/move_0a.d b/plugins/dalvik/opdefs/move_0a.d new file mode 100644 index 0000000..b6a185a --- /dev/null +++ b/plugins/dalvik/opdefs/move_0a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0b.d b/plugins/dalvik/opdefs/move_0b.d new file mode 100644 index 0000000..d266cb8 --- /dev/null +++ b/plugins/dalvik/opdefs/move_0b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result-wide + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0c.d b/plugins/dalvik/opdefs/move_0c.d new file mode 100644 index 0000000..8e6f67f --- /dev/null +++ b/plugins/dalvik/opdefs/move_0c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-result-object + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/move_0d.d b/plugins/dalvik/opdefs/move_0d.d new file mode 100644 index 0000000..f442006 --- /dev/null +++ b/plugins/dalvik/opdefs/move_0d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title move-exception + +@encoding() { + + @format 11x + +} diff --git a/plugins/dalvik/opdefs/mul_92.d b/plugins/dalvik/opdefs/mul_92.d new file mode 100644 index 0000000..83b5cac --- /dev/null +++ b/plugins/dalvik/opdefs/mul_92.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_9d.d b/plugins/dalvik/opdefs/mul_9d.d new file mode 100644 index 0000000..ecc216d --- /dev/null +++ b/plugins/dalvik/opdefs/mul_9d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_a8.d b/plugins/dalvik/opdefs/mul_a8.d new file mode 100644 index 0000000..63e51e5 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_a8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_ad.d b/plugins/dalvik/opdefs/mul_ad.d new file mode 100644 index 0000000..17f950c --- /dev/null +++ b/plugins/dalvik/opdefs/mul_ad.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/mul_b2.d b/plugins/dalvik/opdefs/mul_b2.d new file mode 100644 index 0000000..a7b917c --- /dev/null +++ b/plugins/dalvik/opdefs/mul_b2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_bd.d b/plugins/dalvik/opdefs/mul_bd.d new file mode 100644 index 0000000..8ce23b1 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_bd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_c8.d b/plugins/dalvik/opdefs/mul_c8.d new file mode 100644 index 0000000..1d17cc1 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_c8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_cd.d b/plugins/dalvik/opdefs/mul_cd.d new file mode 100644 index 0000000..1816780 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_cd.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/mul_d2.d b/plugins/dalvik/opdefs/mul_d2.d new file mode 100644 index 0000000..998ecd7 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_d2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/mul_da.d b/plugins/dalvik/opdefs/mul_da.d new file mode 100644 index 0000000..4c1a264 --- /dev/null +++ b/plugins/dalvik/opdefs/mul_da.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title mul-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/neg_7b.d b/plugins/dalvik/opdefs/neg_7b.d new file mode 100644 index 0000000..c8ec7df --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_7d.d b/plugins/dalvik/opdefs/neg_7d.d new file mode 100644 index 0000000..3d442c3 --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_7f.d b/plugins/dalvik/opdefs/neg_7f.d new file mode 100644 index 0000000..d30ede6 --- /dev/null +++ b/plugins/dalvik/opdefs/neg_7f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/neg_80.d b/plugins/dalvik/opdefs/neg_80.d new file mode 100644 index 0000000..49d6bdd --- /dev/null +++ b/plugins/dalvik/opdefs/neg_80.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title neg-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/new_22.d b/plugins/dalvik/opdefs/new_22.d new file mode 100644 index 0000000..4af913c --- /dev/null +++ b/plugins/dalvik/opdefs/new_22.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title new-instance + +@encoding() { + + @format 21c | pool_type + +} diff --git a/plugins/dalvik/opdefs/new_23.d b/plugins/dalvik/opdefs/new_23.d new file mode 100644 index 0000000..0a6a863 --- /dev/null +++ b/plugins/dalvik/opdefs/new_23.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title new-array + +@encoding() { + + @format 22c | pool_type + +} diff --git a/plugins/dalvik/opdefs/nop_00.d b/plugins/dalvik/opdefs/nop_00.d new file mode 100644 index 0000000..d10d439 --- /dev/null +++ b/plugins/dalvik/opdefs/nop_00.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title nop + +@encoding() { + + @format 10x + +} diff --git a/plugins/dalvik/opdefs/not_7c.d b/plugins/dalvik/opdefs/not_7c.d new file mode 100644 index 0000000..d52ad8c --- /dev/null +++ b/plugins/dalvik/opdefs/not_7c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title not-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/not_7e.d b/plugins/dalvik/opdefs/not_7e.d new file mode 100644 index 0000000..4291d7a --- /dev/null +++ b/plugins/dalvik/opdefs/not_7e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title not-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_96.d b/plugins/dalvik/opdefs/or_96.d new file mode 100644 index 0000000..62f24a5 --- /dev/null +++ b/plugins/dalvik/opdefs/or_96.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/or_a1.d b/plugins/dalvik/opdefs/or_a1.d new file mode 100644 index 0000000..2867a81 --- /dev/null +++ b/plugins/dalvik/opdefs/or_a1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/or_b6.d b/plugins/dalvik/opdefs/or_b6.d new file mode 100644 index 0000000..3d56801 --- /dev/null +++ b/plugins/dalvik/opdefs/or_b6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_c1.d b/plugins/dalvik/opdefs/or_c1.d new file mode 100644 index 0000000..8d13da3 --- /dev/null +++ b/plugins/dalvik/opdefs/or_c1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/or_d6.d b/plugins/dalvik/opdefs/or_d6.d new file mode 100644 index 0000000..71766a3 --- /dev/null +++ b/plugins/dalvik/opdefs/or_d6.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/or_de.d b/plugins/dalvik/opdefs/or_de.d new file mode 100644 index 0000000..1c293a5 --- /dev/null +++ b/plugins/dalvik/opdefs/or_de.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title or-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/rem_94.d b/plugins/dalvik/opdefs/rem_94.d new file mode 100644 index 0000000..9238d14 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_94.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_9f.d b/plugins/dalvik/opdefs/rem_9f.d new file mode 100644 index 0000000..6aef568 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_9f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_aa.d b/plugins/dalvik/opdefs/rem_aa.d new file mode 100644 index 0000000..71a0d8b --- /dev/null +++ b/plugins/dalvik/opdefs/rem_aa.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_af.d b/plugins/dalvik/opdefs/rem_af.d new file mode 100644 index 0000000..dc092a1 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_af.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/rem_b4.d b/plugins/dalvik/opdefs/rem_b4.d new file mode 100644 index 0000000..fada523 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_b4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_bf.d b/plugins/dalvik/opdefs/rem_bf.d new file mode 100644 index 0000000..b6b0997 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_bf.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_ca.d b/plugins/dalvik/opdefs/rem_ca.d new file mode 100644 index 0000000..3c6d287 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_ca.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_cf.d b/plugins/dalvik/opdefs/rem_cf.d new file mode 100644 index 0000000..1881502 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_cf.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/rem_d4.d b/plugins/dalvik/opdefs/rem_d4.d new file mode 100644 index 0000000..84d12b8 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_d4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/rem_dc.d b/plugins/dalvik/opdefs/rem_dc.d new file mode 100644 index 0000000..f70f9e9 --- /dev/null +++ b/plugins/dalvik/opdefs/rem_dc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rem-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/return_0e.d b/plugins/dalvik/opdefs/return_0e.d new file mode 100644 index 0000000..98fa1a8 --- /dev/null +++ b/plugins/dalvik/opdefs/return_0e.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-void + +@encoding() { + + @format 10x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_0f.d b/plugins/dalvik/opdefs/return_0f.d new file mode 100644 index 0000000..7e681ae --- /dev/null +++ b/plugins/dalvik/opdefs/return_0f.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_10.d b/plugins/dalvik/opdefs/return_10.d new file mode 100644 index 0000000..644760c --- /dev/null +++ b/plugins/dalvik/opdefs/return_10.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-wide + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/return_11.d b/plugins/dalvik/opdefs/return_11.d new file mode 100644 index 0000000..b8e4e60 --- /dev/null +++ b/plugins/dalvik/opdefs/return_11.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title return-object + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/rsub_d1.d b/plugins/dalvik/opdefs/rsub_d1.d new file mode 100644 index 0000000..0d05c84 --- /dev/null +++ b/plugins/dalvik/opdefs/rsub_d1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rsub-int + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/rsub_d9.d b/plugins/dalvik/opdefs/rsub_d9.d new file mode 100644 index 0000000..0f2f656 --- /dev/null +++ b/plugins/dalvik/opdefs/rsub_d9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title rsub-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/sget_60.d b/plugins/dalvik/opdefs/sget_60.d new file mode 100644 index 0000000..90090a2 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_60.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_61.d b/plugins/dalvik/opdefs/sget_61.d new file mode 100644 index 0000000..c3f132c --- /dev/null +++ b/plugins/dalvik/opdefs/sget_61.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-wide + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_62.d b/plugins/dalvik/opdefs/sget_62.d new file mode 100644 index 0000000..97d41d9 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_62.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-object + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_63.d b/plugins/dalvik/opdefs/sget_63.d new file mode 100644 index 0000000..0dca873 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_63.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-boolean + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_64.d b/plugins/dalvik/opdefs/sget_64.d new file mode 100644 index 0000000..507420e --- /dev/null +++ b/plugins/dalvik/opdefs/sget_64.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-byte + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_65.d b/plugins/dalvik/opdefs/sget_65.d new file mode 100644 index 0000000..5236314 --- /dev/null +++ b/plugins/dalvik/opdefs/sget_65.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-char + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sget_66.d b/plugins/dalvik/opdefs/sget_66.d new file mode 100644 index 0000000..9f8b4fa --- /dev/null +++ b/plugins/dalvik/opdefs/sget_66.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sget-short + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/shl_98.d b/plugins/dalvik/opdefs/shl_98.d new file mode 100644 index 0000000..bfb92bd --- /dev/null +++ b/plugins/dalvik/opdefs/shl_98.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shl_a3.d b/plugins/dalvik/opdefs/shl_a3.d new file mode 100644 index 0000000..c3772b0 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_a3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shl_b8.d b/plugins/dalvik/opdefs/shl_b8.d new file mode 100644 index 0000000..70f99e1 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_b8.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shl_c3.d b/plugins/dalvik/opdefs/shl_c3.d new file mode 100644 index 0000000..94d35e5 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_c3.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shl_e0.d b/plugins/dalvik/opdefs/shl_e0.d new file mode 100644 index 0000000..c5c8d50 --- /dev/null +++ b/plugins/dalvik/opdefs/shl_e0.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shl-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/shr_99.d b/plugins/dalvik/opdefs/shr_99.d new file mode 100644 index 0000000..203e4d5 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_99.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shr_a4.d b/plugins/dalvik/opdefs/shr_a4.d new file mode 100644 index 0000000..16e07a6 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_a4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/shr_b9.d b/plugins/dalvik/opdefs/shr_b9.d new file mode 100644 index 0000000..5f48795 --- /dev/null +++ b/plugins/dalvik/opdefs/shr_b9.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shr_c4.d b/plugins/dalvik/opdefs/shr_c4.d new file mode 100644 index 0000000..80cbfee --- /dev/null +++ b/plugins/dalvik/opdefs/shr_c4.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/shr_e1.d b/plugins/dalvik/opdefs/shr_e1.d new file mode 100644 index 0000000..38a30dc --- /dev/null +++ b/plugins/dalvik/opdefs/shr_e1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title shr-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/sput_67.d b/plugins/dalvik/opdefs/sput_67.d new file mode 100644 index 0000000..149337a --- /dev/null +++ b/plugins/dalvik/opdefs/sput_67.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_68.d b/plugins/dalvik/opdefs/sput_68.d new file mode 100644 index 0000000..3709445 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_68.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-wide + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_69.d b/plugins/dalvik/opdefs/sput_69.d new file mode 100644 index 0000000..89302eb --- /dev/null +++ b/plugins/dalvik/opdefs/sput_69.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-object + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6a.d b/plugins/dalvik/opdefs/sput_6a.d new file mode 100644 index 0000000..91f5f4f --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-boolean + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6b.d b/plugins/dalvik/opdefs/sput_6b.d new file mode 100644 index 0000000..72338a0 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-byte + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6c.d b/plugins/dalvik/opdefs/sput_6c.d new file mode 100644 index 0000000..1f0a7c5 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-char + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sput_6d.d b/plugins/dalvik/opdefs/sput_6d.d new file mode 100644 index 0000000..d164858 --- /dev/null +++ b/plugins/dalvik/opdefs/sput_6d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sput-short + +@encoding() { + + @format 21c | pool_field + +} diff --git a/plugins/dalvik/opdefs/sub_91.d b/plugins/dalvik/opdefs/sub_91.d new file mode 100644 index 0000000..34fd476 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_91.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_9c.d b/plugins/dalvik/opdefs/sub_9c.d new file mode 100644 index 0000000..566cb80 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_9c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_a7.d b/plugins/dalvik/opdefs/sub_a7.d new file mode 100644 index 0000000..22851c6 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_a7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-float + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_ac.d b/plugins/dalvik/opdefs/sub_ac.d new file mode 100644 index 0000000..c818423 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_ac.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-double + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/sub_b1.d b/plugins/dalvik/opdefs/sub_b1.d new file mode 100644 index 0000000..4102367 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_b1.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_bc.d b/plugins/dalvik/opdefs/sub_bc.d new file mode 100644 index 0000000..b0a22ae --- /dev/null +++ b/plugins/dalvik/opdefs/sub_bc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_c7.d b/plugins/dalvik/opdefs/sub_c7.d new file mode 100644 index 0000000..dc8fd47 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_c7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-float/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/sub_cc.d b/plugins/dalvik/opdefs/sub_cc.d new file mode 100644 index 0000000..d24b702 --- /dev/null +++ b/plugins/dalvik/opdefs/sub_cc.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sub-double/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/switch_2b.d b/plugins/dalvik/opdefs/switch_2b.d new file mode 100644 index 0000000..2ff6b33 --- /dev/null +++ b/plugins/dalvik/opdefs/switch_2b.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title packed-switch + +@encoding() { + + @format 31t + + @hooks { + + link = handle_dalvik_packed_switch_links + + } + +} diff --git a/plugins/dalvik/opdefs/switch_2c.d b/plugins/dalvik/opdefs/switch_2c.d new file mode 100644 index 0000000..0a4d248 --- /dev/null +++ b/plugins/dalvik/opdefs/switch_2c.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title sparse-switch + +@encoding() { + + @format 31t + + @hooks { + + link = handle_dalvik_packed_switch_links + + } + +} diff --git a/plugins/dalvik/opdefs/throw_27.d b/plugins/dalvik/opdefs/throw_27.d new file mode 100644 index 0000000..79c71dd --- /dev/null +++ b/plugins/dalvik/opdefs/throw_27.d @@ -0,0 +1,36 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title throw + +@encoding() { + + @format 11x + + @rules { + + call SetInsFlag(AIF_RETURN_POINT) + + } + +} diff --git a/plugins/dalvik/opdefs/to_81.d b/plugins/dalvik/opdefs/to_81.d new file mode 100644 index 0000000..e1b45b3 --- /dev/null +++ b/plugins/dalvik/opdefs/to_81.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_82.d b/plugins/dalvik/opdefs/to_82.d new file mode 100644 index 0000000..4d5e667 --- /dev/null +++ b/plugins/dalvik/opdefs/to_82.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_83.d b/plugins/dalvik/opdefs/to_83.d new file mode 100644 index 0000000..6f764c1 --- /dev/null +++ b/plugins/dalvik/opdefs/to_83.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_84.d b/plugins/dalvik/opdefs/to_84.d new file mode 100644 index 0000000..f3076ae --- /dev/null +++ b/plugins/dalvik/opdefs/to_84.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_85.d b/plugins/dalvik/opdefs/to_85.d new file mode 100644 index 0000000..3ac252c --- /dev/null +++ b/plugins/dalvik/opdefs/to_85.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_86.d b/plugins/dalvik/opdefs/to_86.d new file mode 100644 index 0000000..80e9a28 --- /dev/null +++ b/plugins/dalvik/opdefs/to_86.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title long-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_87.d b/plugins/dalvik/opdefs/to_87.d new file mode 100644 index 0000000..55028e3 --- /dev/null +++ b/plugins/dalvik/opdefs/to_87.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_88.d b/plugins/dalvik/opdefs/to_88.d new file mode 100644 index 0000000..2eaa85b --- /dev/null +++ b/plugins/dalvik/opdefs/to_88.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_89.d b/plugins/dalvik/opdefs/to_89.d new file mode 100644 index 0000000..147f280 --- /dev/null +++ b/plugins/dalvik/opdefs/to_89.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title float-to-double + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8a.d b/plugins/dalvik/opdefs/to_8a.d new file mode 100644 index 0000000..c089942 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-int + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8b.d b/plugins/dalvik/opdefs/to_8b.d new file mode 100644 index 0000000..e60ba2f --- /dev/null +++ b/plugins/dalvik/opdefs/to_8b.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-long + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8c.d b/plugins/dalvik/opdefs/to_8c.d new file mode 100644 index 0000000..b7ee496 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8c.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title double-to-float + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8d.d b/plugins/dalvik/opdefs/to_8d.d new file mode 100644 index 0000000..28a194e --- /dev/null +++ b/plugins/dalvik/opdefs/to_8d.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-byte + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8e.d b/plugins/dalvik/opdefs/to_8e.d new file mode 100644 index 0000000..c8b2598 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8e.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-char + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/to_8f.d b/plugins/dalvik/opdefs/to_8f.d new file mode 100644 index 0000000..697c102 --- /dev/null +++ b/plugins/dalvik/opdefs/to_8f.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title int-to-short + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_9a.d b/plugins/dalvik/opdefs/ushr_9a.d new file mode 100644 index 0000000..d3f48ba --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_9a.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/ushr_a5.d b/plugins/dalvik/opdefs/ushr_a5.d new file mode 100644 index 0000000..11578c3 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_a5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/ushr_ba.d b/plugins/dalvik/opdefs/ushr_ba.d new file mode 100644 index 0000000..d9c0ab7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_ba.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_c5.d b/plugins/dalvik/opdefs/ushr_c5.d new file mode 100644 index 0000000..b0117a7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_c5.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/ushr_e2.d b/plugins/dalvik/opdefs/ushr_e2.d new file mode 100644 index 0000000..5ade4f7 --- /dev/null +++ b/plugins/dalvik/opdefs/ushr_e2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title ushr-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/opdefs/xor_97.d b/plugins/dalvik/opdefs/xor_97.d new file mode 100644 index 0000000..3bdfc05 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_97.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/xor_a2.d b/plugins/dalvik/opdefs/xor_a2.d new file mode 100644 index 0000000..d651f66 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_a2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-long + +@encoding() { + + @format 23x + +} diff --git a/plugins/dalvik/opdefs/xor_b7.d b/plugins/dalvik/opdefs/xor_b7.d new file mode 100644 index 0000000..b42da76 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_b7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/xor_c2.d b/plugins/dalvik/opdefs/xor_c2.d new file mode 100644 index 0000000..3fd2660 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_c2.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-long/2addr + +@encoding() { + + @format 12x + +} diff --git a/plugins/dalvik/opdefs/xor_d7.d b/plugins/dalvik/opdefs/xor_d7.d new file mode 100644 index 0000000..2351a21 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_d7.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/lit16 + +@encoding() { + + @format 22s + +} diff --git a/plugins/dalvik/opdefs/xor_df.d b/plugins/dalvik/opdefs/xor_df.d new file mode 100644 index 0000000..04443f7 --- /dev/null +++ b/plugins/dalvik/opdefs/xor_df.d @@ -0,0 +1,30 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * ##FILE## - traduction d'instructions Dalvik + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +@title xor-int/lit8 + +@encoding() { + + @format 22b + +} diff --git a/plugins/dalvik/operand.c b/plugins/dalvik/operand.c new file mode 100644 index 0000000..e37a0bb --- /dev/null +++ b/plugins/dalvik/operand.c @@ -0,0 +1,752 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * operand.c - aide à la création d'opérandes Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "operand.h" + + +#include <assert.h> +#include <malloc.h> +#include <stdarg.h> + + + +/* Liste de tous les types d'opérandes */ +typedef enum _DalvikOperandID +{ + DOI_INVALID, + + DOI_REGISTER_4, + DOI_REGISTER_8, + DOI_REGISTER_16, + + DOI_IMMEDIATE_4, + DOI_IMMEDIATE_8, + DOI_IMMEDIATE_16, + DOI_IMMEDIATE_32, + DOI_IMMEDIATE_64, + DOI_IMMEDIATE_H16, + + DOI_POOL_CONST, + DOI_POOL_CONST_WIDE, + + DOI_TARGET_8, + DOI_TARGET_16, + DOI_TARGET_32 + +} DalvikOperandID; + + +/* Crée un opérande visant une instruction Dalvik. */ +static GArchOperand *dalvik_build_target_operand(const GBinContent *, vmpa2t *, MemoryDataSize , SourceEndian, const vmpa2t *); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_basic_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType, ...); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_fixed_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType); + +/* Procède à la lecture d'opérandes pour une instruction. */ +static bool dalvik_read_variatic_operands(GArchInstruction *, GDexFormat *, const GBinContent *, vmpa2t *, bool *, SourceEndian, DalvikOperandType); + + + +/****************************************************************************** +* * +* Paramètres : content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* size = taille de l'opérande. * +* endian = ordre des bits dans la source. * +* base = adresse de référence pour le calcul. * +* * +* Description : Crée un opérande visant une instruction Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchOperand *dalvik_build_target_operand(const GBinContent *content, vmpa2t *pos, MemoryDataSize size, SourceEndian endian, const vmpa2t *base) +{ + GArchOperand *result; /* Structure à retourner */ + phys_t offset; /* Emplacement de base */ + int8_t val8; /* Valeur sur 8 bits */ + int16_t val16; /* Valeur sur 16 bits */ + int32_t val32; /* Valeur sur 32 bits */ + bool test; /* Bilan de lecture */ + phys_t address; /* Adresse finale visée */ + + offset = get_phy_addr(base); + + switch (size) + { + case MDS_8_BITS_SIGNED: + test = g_binary_content_read_s8(content, pos, &val8); + address = offset + val8 * sizeof(uint16_t); + break; + case MDS_16_BITS_SIGNED: + test = g_binary_content_read_s16(content, pos, endian, &val16); + address = offset + val16 * sizeof(uint16_t); + break; + case MDS_32_BITS_SIGNED: + test = g_binary_content_read_s32(content, pos, endian, &val32); + address = offset + val32 * sizeof(uint16_t); + break; + default: + test = false; + break; + } + + if (!test) + return NULL; + + result = g_imm_operand_new_from_value(MDS_32_BITS, address); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* ... = éventuels arguments complémentaires. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_basic_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model, ...) +{ + bool result; /* Bilan à retourner */ + DalvikOperandID *types; /* Liste des chargements */ + DalvikOperandID *iter; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + uint16_t value16; /* Valeur sur 16 bits */ + DalvikPoolType pool_type; /* Type de table à manipuler */ + va_list ap; /* Arguments complémentaires */ + const vmpa2t *base; /* Base pour les sauts de code */ + + result = true; + + /* Choix des opérandes à charger */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10T: + types = (DalvikOperandID []) { + DOI_TARGET_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_11N: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_IMMEDIATE_4, + DOI_INVALID + }; + break; + + case DALVIK_OPT_11X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_12X: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_INVALID + }; + break; + + case DALVIK_OPT_20T: + types = (DalvikOperandID []) { + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21C: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_POOL_CONST, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21H: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_H16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21S: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_21T: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22B: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_IMMEDIATE_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22C: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_POOL_CONST, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22S: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_IMMEDIATE_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22T: + types = (DalvikOperandID []) { + DOI_REGISTER_4, + DOI_REGISTER_4, + DOI_TARGET_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_22X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_23X: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_REGISTER_8, + DOI_INVALID + }; + break; + + case DALVIK_OPT_30T: + types = (DalvikOperandID []) { + DOI_TARGET_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31C: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_POOL_CONST_WIDE, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31I: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_31T: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_TARGET_32, + DOI_INVALID + }; + break; + + case DALVIK_OPT_32X: + types = (DalvikOperandID []) { + DOI_REGISTER_16, + DOI_REGISTER_16, + DOI_INVALID + }; + break; + + case DALVIK_OPT_51L: + types = (DalvikOperandID []) { + DOI_REGISTER_8, + DOI_IMMEDIATE_64, + DOI_INVALID + }; + break; + + default: + types = (DalvikOperandID []) { + DOI_INVALID + }; + break; + + } + + /* Chargement des opérandes */ + + for (iter = types; *iter != G_TYPE_INVALID && result; iter++) + { + op = NULL; /* Nul de GCC */ + + switch (*iter) + { + case DOI_REGISTER_4: + op = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + break; + + case DOI_REGISTER_8: + op = g_dalvik_register_operand_new(content, pos, NULL, MDS_8_BITS, endian); + break; + + case DOI_REGISTER_16: + op = g_dalvik_register_operand_new(content, pos, NULL, MDS_16_BITS, endian); + break; + + case DOI_IMMEDIATE_4: + op = _g_imm_operand_new_from_data(MDS_4_BITS, content, pos, low, endian); + break; + + case DOI_IMMEDIATE_8: + op = g_imm_operand_new_from_data(MDS_8_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_16: + op = g_imm_operand_new_from_data(MDS_16_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_32: + op = g_imm_operand_new_from_data(MDS_32_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_64: + op = g_imm_operand_new_from_data(MDS_64_BITS, content, pos, endian); + break; + + case DOI_IMMEDIATE_H16: + result = g_binary_content_read_u16(content, pos, endian, &value16); + if (result) + op = g_imm_operand_new_from_value(MDS_32_BITS_SIGNED, ((uint32_t)value16) << 16); + break; + + case DOI_POOL_CONST: + pool_type = DALVIK_OP_GET_POOL(model); + op = g_dalvik_pool_operand_new(format, pool_type, content, pos, MDS_16_BITS, endian); + break; + + case DOI_POOL_CONST_WIDE: + pool_type = DALVIK_OP_GET_POOL(model); + op = g_dalvik_pool_operand_new(format, pool_type, content, pos, MDS_32_BITS, endian); + break; + + case DOI_TARGET_8: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_8_BITS_SIGNED, endian, base); + va_end(ap); + break; + + case DOI_TARGET_16: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_16_BITS_SIGNED, endian, base); + va_end(ap); + break; + + case DOI_TARGET_32: + va_start(ap, model); + base = va_arg(ap, const vmpa2t *); + op = dalvik_build_target_operand(content, pos, MDS_32_BITS_SIGNED, endian, base); + va_end(ap); + break; + + default: + op = NULL; + break; + + } + + if (op == NULL) result = false; + else g_arch_instruction_attach_extra_operand(instr, op); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_fixed_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model) +{ + GArchOperand *opg; /* Opérande G décodé */ + uint8_t a; /* Nbre. de registres utilisés */ + GArchOperand *target; /* Opérande visant la table #1 */ + GArchOperand *args; /* Liste des opérandes */ + uint8_t i; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + + opg = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + + if (!g_binary_content_read_u4(content, pos, low, &a)) + goto err_va; + + if (a == 5 && opg == NULL) + goto err_no_opg; + + target = g_dalvik_pool_operand_new(format, DALVIK_OP_GET_POOL(model), content, pos, MDS_16_BITS, endian); + if (target == NULL) goto err_target; + + /* Mise en place des arguments */ + + args = g_dalvik_args_operand_new(); + + for (i = 0; i < MIN(a, 4); i++) + { + op = g_dalvik_register_operand_new(content, pos, low, MDS_4_BITS, endian); + if (op == NULL) goto err_registers; + + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), op); + + } + + /* Consommation pleine et entière */ + + for (; i < 4; i++) + if (!g_binary_content_read_u4(content, pos, low, (uint8_t []) { 0 })) + goto err_padding; + + /* Rajout des éléments finaux déjà chargés */ + + if (a == 5) + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), opg); + + else + { + if (opg != NULL) + g_object_unref(G_OBJECT(opg)); + } + + g_arch_instruction_attach_extra_operand(instr, args); + + /* Rajout de la cible */ + + g_arch_instruction_attach_extra_operand(instr, target); + + return true; + + err_padding: + + err_registers: + + g_object_unref(G_OBJECT(target)); + + err_target: + + if (opg != NULL) + g_object_unref(G_OBJECT(opg)); + + err_no_opg: + err_va: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool dalvik_read_variatic_operands(GArchInstruction *instr, GDexFormat *format, const GBinContent *content, vmpa2t *pos, bool *low, SourceEndian endian, DalvikOperandType model) +{ + uint8_t a; /* Nbre. de registres utilisés */ + uint16_t c; /* Indice de registre */ + GArchOperand *target; /* Opérande visant la table */ + GArchOperand *args; /* Liste des opérandes */ + uint8_t i; /* Boucle de parcours */ + GArchOperand *op; /* Opérande unique décodé */ + + if (!g_binary_content_read_u8(content, pos, &a)) + return false; + + target = g_dalvik_pool_operand_new(format, DALVIK_OP_GET_POOL(model), content, pos, MDS_16_BITS, endian); + if (target == NULL) return false; + + if (!g_binary_content_read_u16(content, pos, endian, &c)) + return false; + + /* Mise en place des arguments */ + + args = g_dalvik_args_operand_new(); + + for (i = 0; i < a; i++) + { + op = g_dalvik_register_operand_new_from_existing(g_dalvik_register_new(c + i)); + if (op == NULL) goto drvo_registers; + + g_dalvik_args_operand_add(G_DALVIK_ARGS_OPERAND(args), op); + + } + + g_arch_instruction_attach_extra_operand(instr, args); + + /* Rajout de la cible */ + + g_arch_instruction_attach_extra_operand(instr, target); + + return true; + + drvo_registers: + + g_object_unref(G_OBJECT(target)); + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète.[OUT]* +* format = format du fichier contenant le code. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* endian = boutisme lié au binaire accompagnant. * +* model = type d'opérandes attendues. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : Bilan de l'opération : true en cas de succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dalvik_read_operands(GArchInstruction *instr, GExeFormat *format, const GBinContent *content, vmpa2t *pos, SourceEndian endian, DalvikOperandType model) +{ + bool result; /* Bilan à retourner */ + GDexFormat *dformat; /* Autre version du format */ + bool low; /* Partie d'octets à lire */ +#ifndef NDEBUG + vmpa2t old; /* Position avant traitements */ +#endif + vmpa2t base; /* Base pour les sauts de code */ + vmpa2t *extra; /* Information complémentaire */ +#ifndef NDEBUG + phys_t expected; /* Consommation attendue */ + phys_t consumed; /* Consommation réelle */ +#endif + + result = true; + + dformat = G_DEX_FORMAT(format); + + low = true; + +#ifndef NDEBUG + + copy_vmpa(&old, pos); + +#endif + + /* Récupération de la base ? */ + + if (DALVIK_OP_GET_MNEMONIC(model) == 'T') + { + extra = &base; + + copy_vmpa(extra, pos); + deminish_vmpa(extra, 1); + + } + else extra = NULL; + + /* Bourrage : ØØ|op ? */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10X: + case DALVIK_OPT_20T: + case DALVIK_OPT_30T: + case DALVIK_OPT_32X: + result = g_binary_content_seek(content, pos, 1); + break; + + default: + break; + + } + + /* Décodage... */ + + switch (model & ~DALVIK_OP_EXTRA_MASK) + { + case DALVIK_OPT_10T: + case DALVIK_OPT_11N: + case DALVIK_OPT_11X: + case DALVIK_OPT_12X: + case DALVIK_OPT_20T: + case DALVIK_OPT_21C: + case DALVIK_OPT_21H: + case DALVIK_OPT_21S: + case DALVIK_OPT_21T: + case DALVIK_OPT_22B: + case DALVIK_OPT_22C: + case DALVIK_OPT_22S: + case DALVIK_OPT_22T: + case DALVIK_OPT_22X: + case DALVIK_OPT_23X: + case DALVIK_OPT_30T: + case DALVIK_OPT_31C: + case DALVIK_OPT_31I: + case DALVIK_OPT_31T: + case DALVIK_OPT_32X: + case DALVIK_OPT_51L: + result = dalvik_read_basic_operands(instr, dformat, content, pos, &low, endian, model, extra); + break; + + case DALVIK_OPT_35C: + result = dalvik_read_fixed_operands(instr, dformat, content, pos, &low, endian, model); + break; + + case DALVIK_OPT_3RC: + case DALVIK_OPT_3RMS: + case DALVIK_OPT_3RFS: + result = dalvik_read_variatic_operands(instr, dformat, content, pos, &low, endian, model); + break; + + default: + break; + + } + +#ifndef NDEBUG + + /* Vérification d'implémentation */ + + if (result) + { + expected = DALVIK_OP_GET_LEN(model) * 2; + consumed = 1 + compute_vmpa_diff(&old, pos); + + assert(consumed == expected); + + } + +#endif + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction dont la définition est incomplète. * +* * +* Description : Procède à la lecture d'opérandes pour une instruction. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void dalvik_mark_first_operand_as_written(GArchInstruction *instr) +{ + GArchOperand *operand; /* Première opérande visé */ + + operand = g_arch_instruction_get_operand(instr, 0); + + g_dalvik_register_operand_mark_as_written(G_DALVIK_REGISTER_OPERAND(operand)); + +} diff --git a/plugins/dalvik/operand.h b/plugins/dalvik/operand.h new file mode 100644 index 0000000..b34c87c --- /dev/null +++ b/plugins/dalvik/operand.h @@ -0,0 +1,125 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * operand.h - prototypes pour l'aide à la création d'opérandes Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERAND_H +#define _ARCH_DALVIK_OPERAND_H + + +#include <arch/instruction.h> +#include <plugins/dex/format.h> + + +#include "operands/args.h" +#include "operands/pool.h" +#include "operands/register.h" + + + +/** + * Cf. les documentations suivantes : + * - http://www.netmite.com/android/mydroid/dalvik/docs/instruction-formats.html + * - http://www.netmite.com/android/mydroid/dalvik/docs/dalvik-bytecode.html + * - http://pallergabor.uw.hu/androidblog/dalvik_opcodes.html + */ + + +/* Construction d'identifiants typés */ + +#define DALVIK_OP_LEN_OFF 28 +#define DALVIK_OP_LEN_MASK 0xf0000000 + +#define DALVIK_OP_REG_OFF 24 +#define DALVIK_OP_REG_MASK 0x0f000000 +#define DALVIK_OP_REG_RANGE 0xf + +#define DALVIK_OP_POOL_OFF 20 +#define DALVIK_OP_POOL_MASK 0x00f00000 + +#define DALVIK_OP_EXTRA_MASK (DALVIK_OP_POOL_MASK) + +#define DALVIK_OP_LEN(l) ((l) << DALVIK_OP_LEN_OFF) +#define DALVIK_OP_GET_LEN(v) (((v) & DALVIK_OP_LEN_MASK) >> DALVIK_OP_LEN_OFF) + +#define DALVIK_OP_REG(r) ((r) << DALVIK_OP_REG_OFF) +#define DALVIK_OP_COUNT_REG(v) (((v) & DALVIK_OP_REG_MASK) >> DALVIK_OP_REG_OFF) + +#define DALVIK_OP_POOL(p) ((p) << DALVIK_OP_POOL_OFF) +#define DALVIK_OP_GET_POOL(v) (((v) & DALVIK_OP_POOL_MASK) >> DALVIK_OP_POOL_OFF) + +#define DALVIK_OP_GET_MNEMONIC(v) ((v) & 0xff) + + +/* Types d'opérandes supportés */ +typedef enum _DalvikOperandType +{ + DALVIK_OPT_10T = DALVIK_OP_LEN(1) | DALVIK_OP_REG(0) | 'T', + DALVIK_OPT_10X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(0) | 'X', + + DALVIK_OPT_11N = DALVIK_OP_LEN(1) | DALVIK_OP_REG(1) | 'N', + DALVIK_OPT_11X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(1) | 'X', + + DALVIK_OPT_12X = DALVIK_OP_LEN(1) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_20T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(0) | 'T', + + DALVIK_OPT_21C = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'C', + DALVIK_OPT_21H = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'H', + DALVIK_OPT_21S = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'S', + DALVIK_OPT_21T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(1) | 'T', + + DALVIK_OPT_22B = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'B', + DALVIK_OPT_22C = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'C', + DALVIK_OPT_22S = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'S', + DALVIK_OPT_22T = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'T', + DALVIK_OPT_22X = DALVIK_OP_LEN(2) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_23X = DALVIK_OP_LEN(2) | DALVIK_OP_REG(3) | 'X', + + DALVIK_OPT_30T = DALVIK_OP_LEN(3) | DALVIK_OP_REG(0) | 'T', + + DALVIK_OPT_31C = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'C', + DALVIK_OPT_31I = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'I', + DALVIK_OPT_31T = DALVIK_OP_LEN(3) | DALVIK_OP_REG(1) | 'T', + + DALVIK_OPT_32X = DALVIK_OP_LEN(3) | DALVIK_OP_REG(2) | 'X', + + DALVIK_OPT_35C = DALVIK_OP_LEN(3) | DALVIK_OP_REG(5) | 'C', + + DALVIK_OPT_3RC = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'C', + DALVIK_OPT_3RMS = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'M', + DALVIK_OPT_3RFS = DALVIK_OP_LEN(3) | DALVIK_OP_REG(DALVIK_OP_REG_RANGE) | 'F', + + DALVIK_OPT_51L = DALVIK_OP_LEN(5) | DALVIK_OP_REG(1) | 'L' + +} DalvikOperandType; + + +/* Procède à la lecture d'opérandes pour une instruction. */ +bool dalvik_read_operands(GArchInstruction *, GExeFormat *, const GBinContent *, vmpa2t *, SourceEndian, DalvikOperandType); + +/* Procède à la lecture d'opérandes pour une instruction. */ +void dalvik_mark_first_operand_as_written(GArchInstruction *); + + + +#endif /* _ARCH_DALVIK_OPERAND_H */ diff --git a/plugins/dalvik/operands/Makefile.am b/plugins/dalvik/operands/Makefile.am new file mode 100644 index 0000000..2c2ba27 --- /dev/null +++ b/plugins/dalvik/operands/Makefile.am @@ -0,0 +1,17 @@ + +noinst_LTLIBRARIES = libdalvikoperands.la + +libdalvikoperands_la_SOURCES = \ + args.h args.c \ + pool.h pool.c \ + register.h register.c + +libdalvik_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + + +SUBDIRS = diff --git a/plugins/dalvik/operands/args.c b/plugins/dalvik/operands/args.c new file mode 100644 index 0000000..a4f4b11 --- /dev/null +++ b/plugins/dalvik/operands/args.c @@ -0,0 +1,330 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * args.c - listes d'opérandes rassemblées en arguments + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "args.h" + + +#include <assert.h> +#include <malloc.h> + + +#include <arch/operand-int.h> +#include <common/sort.h> + + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (instance) */ +struct _GDalvikArgsOperand +{ + GArchOperand parent; /* Instance parente */ + + GArchOperand **args; /* Liste d'arguments */ + size_t count; /* Taille de cette liste */ + +}; + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (classe) */ +struct _GDalvikArgsOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des listes d'opérandes Dalvik. */ +static void g_dalvik_args_operand_class_init(GDalvikArgsOperandClass *); + +/* Initialise une instance de liste d'opérandes Dalvik. */ +static void g_dalvik_args_operand_init(GDalvikArgsOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_args_operand_dispose(GDalvikArgsOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_args_operand_finalize(GDalvikArgsOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_args_operand_compare(const GDalvikArgsOperand *, const GDalvikArgsOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_args_operand_print(const GDalvikArgsOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour une liste d'arguments Dalvik. */ +G_DEFINE_TYPE(GDalvikArgsOperand, g_dalvik_args_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des listes d'opérandes Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_class_init(GDalvikArgsOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + operand = G_ARCH_OPERAND_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_args_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_args_operand_finalize; + + operand->compare = (operand_compare_fc)g_dalvik_args_operand_compare; + operand->print = (operand_print_fc)g_dalvik_args_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance de liste d'opérandes Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_init(GDalvikArgsOperand *operand) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_dispose(GDalvikArgsOperand *operand) +{ + size_t i; + + for (i = 0; i < operand->count; i++) + g_object_unref(G_OBJECT(operand->args[i])); + + G_OBJECT_CLASS(g_dalvik_args_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_finalize(GDalvikArgsOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_args_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_args_operand_compare(const GDalvikArgsOperand *a, const GDalvikArgsOperand *b) +{ + int result; /* Bilan à renvoyer */ + size_t i; /* Boucle de parcours */ + + /* Création de l'objet... */ + if (b == NULL) + result = 1; + + else + { + result = sort_unsigned_long(a->count, b->count); + + for (i = 0; i < a->count && result == 0; i++) + result = g_arch_operand_compare(a->args[i], b->args[i]); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_args_operand_print(const GDalvikArgsOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + size_t i; /* Boucle de parcours */ + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "{", 1, RTT_HOOK, NULL); + + if (operand->count > 0) + { + g_arch_operand_print(operand->args[0], line, syntax); + + for (i = 1; i < operand->count; i++) + { + g_buffer_line_append_text(line, BLC_ASSEMBLY, ",", 1, RTT_PUNCT, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, " ", 1, RTT_RAW, NULL); + + g_arch_operand_print(operand->args[i], line, syntax); + + } + + } + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "}", 1, RTT_HOOK, NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée un réceptacle pour opérandes Dalvik servant d'arguments.* +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_args_operand_new(void) +{ + GArchOperand *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_ARGS_OPERAND, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* arg = nouvel argument pour un appel. * +* * +* Description : Ajoute un élément à la liste d'arguments Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dalvik_args_operand_add(GDalvikArgsOperand *operand, GArchOperand *arg) +{ + + operand->count++; + operand->args = (GArchOperand **)realloc(operand->args, operand->count * sizeof(GArchOperand *)); + + operand->args[operand->count - 1] = arg; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* * +* Description : Fournit le nombre d'arguments pris en charge. * +* * +* Retour : Nombre positif ou nul. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dalvik_args_count(const GDalvikArgsOperand *operand) +{ + return operand->count; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* index = indice de l'argument recherché. * +* * +* Description : Founit un élément de la liste d'arguments Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *operand, size_t index) +{ + assert(index < operand->count); + + return operand->args[index]; + +} diff --git a/plugins/dalvik/operands/args.h b/plugins/dalvik/operands/args.h new file mode 100644 index 0000000..354333d --- /dev/null +++ b/plugins/dalvik/operands/args.h @@ -0,0 +1,67 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * args.h - prototypes pour les listes d'opérandes rassemblées en arguments + * + * Copyright (C) 2010-2012x Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_ARGS_H +#define _ARCH_DALVIK_OPERANDS_ARGS_H + + +#include <glib-object.h> + + +#include <arch/operand.h> + + + +#define G_TYPE_DALVIK_ARGS_OPERAND g_dalvik_args_operand_get_type() +#define G_DALVIK_ARGS_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_args_operand_get_type(), GDalvikArgsOperand)) +#define G_IS_DALVIK_ARGS_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_args_operand_get_type())) +#define G_DALVIK_ARGS_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_ARGS_OPERAND, GDalvikArgsOperandClass)) +#define G_IS_DALVIK_ARGS_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_ARGS_OPERAND)) +#define G_DALVIK_ARGS_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_ARGS_OPERAND, GDalvikArgsOperandClass)) + + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (instance) */ +typedef struct _GDalvikArgsOperand GDalvikArgsOperand; + +/* Définition d'un opérande visant une liste d'opérandes Dalvik (classe) */ +typedef struct _GDalvikArgsOperandClass GDalvikArgsOperandClass; + + +/* Indique le type défini par la GLib pour une liste d'arguments Dalvik. */ +GType g_dalvik_args_operand_get_type(void); + +/* Crée un réceptacle pour opérandes Dalvik servant d'arguments. */ +GArchOperand *g_dalvik_args_operand_new(void); + +/* Ajoute un élément à la liste d'arguments Dalvik. */ +void g_dalvik_args_operand_add(GDalvikArgsOperand *, GArchOperand *); + +/* Fournit le nombre d'arguments pris en charge. */ +size_t g_dalvik_args_count(const GDalvikArgsOperand *); + +/* Founit un élément de la liste d'arguments Dalvik. */ +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *, size_t); + + + +#endif /* _ARCH_DALVIK_OPERANDS_ARGS_H */ diff --git a/plugins/dalvik/operands/pool.c b/plugins/dalvik/operands/pool.c new file mode 100644 index 0000000..a6dc5f2 --- /dev/null +++ b/plugins/dalvik/operands/pool.c @@ -0,0 +1,455 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.c - opérandes pointant vers la table des constantes + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "pool.h" + + +#include <stdio.h> +#include <string.h> + + +#include <i18n.h> + + +#include <arch/operand-int.h> +#include <common/sort.h> +#include <plugins/dex/pool.h> + + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (instance) */ +struct _GDalvikPoolOperand +{ + GArchOperand parent; /* Instance parente */ + + GDexFormat *format; /* Lien vers le contenu réel */ + DalvikPoolType type; /* Type de table visée */ + uint32_t index; /* Indice de l'élément visé */ + +}; + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (classe) */ +struct _GDalvikPoolOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des opérandes de constante Dalvik. */ +static void g_dalvik_pool_operand_class_init(GDalvikPoolOperandClass *); + +/* Initialise une instance d'opérande de constante Dalvik. */ +static void g_dalvik_pool_operand_init(GDalvikPoolOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_pool_operand_dispose(GDalvikPoolOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_pool_operand_finalize(GDalvikPoolOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_pool_operand_compare(const GDalvikPoolOperand *, const GDalvikPoolOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_pool_operand_print(const GDalvikPoolOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour un un élément de table de constantes Dalvik. */ +G_DEFINE_TYPE(GDalvikPoolOperand, g_dalvik_pool_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des opérandes de constante Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_class_init(GDalvikPoolOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_pool_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_pool_operand_finalize; + + operand = G_ARCH_OPERAND_CLASS(klass); + + operand->compare = (operand_compare_fc)g_dalvik_pool_operand_compare; + operand->print = (operand_print_fc)g_dalvik_pool_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance d'opérande de constante Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_init(GDalvikPoolOperand *operand) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : binary = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_dispose(GDalvikPoolOperand *operand) +{ + g_object_unref(G_OBJECT(operand->format)); + + G_OBJECT_CLASS(g_dalvik_pool_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : binary = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_finalize(GDalvikPoolOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_pool_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_pool_operand_compare(const GDalvikPoolOperand *a, const GDalvikPoolOperand *b) +{ + int result; /* Bilan à renvoyer */ + + result = sort_unsigned_long((unsigned long)a->format, (unsigned long)b->format); + + if (result == 0) + result = sort_unsigned_long(a->type, b->type); + + if (result == 0) + result = sort_unsigned_long(a->index, b->index); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_pool_operand_print(const GDalvikPoolOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + const char *string; /* Chaîne de caractères #1 */ + GDataType *type; /* Type à représenter */ + size_t len; /* Taille du texte à créer */ + char *tmp; /* Chaîne de caractères #2 */ + GBinVariable *field; /* Champ à représenter */ + GDexMethod *method; /* Méthode à retrouver */ + GBinRoutine *routine; /* Routine à représenter */ + + switch (operand->type) + { + case DPT_NONE: + g_buffer_line_append_text(line, BLC_ASSEMBLY, "????", 4, RTT_ERROR, NULL); + break; + + case DPT_STRING: + + string = get_string_from_dex_pool(operand->format, operand->index, NULL); + + if (string != NULL) + { + g_buffer_line_append_text(line, BLC_ASSEMBLY, "\"", 1, RTT_STRING, NULL); + + len = strlen(string); + + if (len > 0) + g_buffer_line_append_text(line, BLC_ASSEMBLY, string, len, RTT_STRING, NULL); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "\"", 1, RTT_STRING, NULL); + + } + else + { + len = strlen(_("<bad string index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad string index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + free(tmp); + + } + + break; + + case DPT_TYPE: + + type = get_type_from_dex_pool(operand->format, operand->index); + + if (type != NULL) + { + tmp = g_data_type_to_string(type); + g_object_unref(G_OBJECT(type)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad type index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad type index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + break; + + case DPT_PROTO: + g_buffer_line_append_text(line, BLC_ASSEMBLY, "proto(/*TODO*/)", 5, RTT_SECTION, NULL); + break; + + case DPT_FIELD: + + field = get_field_from_dex_pool(operand->format, operand->index); + + if (field != NULL) + { + tmp = g_binary_variable_to_string(field, false); + g_object_unref(G_OBJECT(field)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad field index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad field index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + break; + + case DPT_METHOD: + + method = get_method_from_dex_pool(operand->format, operand->index); + + if (method != NULL) + routine = g_dex_method_get_routine(method); + else + routine = NULL; + + if (routine != NULL) + { + tmp = g_binary_routine_to_string(routine); + g_object_unref(G_OBJECT(routine)); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, "<", 1, RTT_HOOK, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, strlen(tmp), RTT_VAR_NAME, NULL); + g_buffer_line_append_text(line, BLC_ASSEMBLY, ">", 1, RTT_HOOK, NULL); + + } + else + { + len = strlen(_("<bad method index (%d)>")) + 10 /* 4294967295U */ + 1; + tmp = calloc(len, sizeof(char)); + snprintf(tmp, len, _("<bad method index (%d)>"), operand->index); + + g_buffer_line_append_text(line, BLC_ASSEMBLY, tmp, len - 1, RTT_ERROR, NULL); + + } + + free(tmp); + + if (method != NULL) + g_object_unref(G_OBJECT(method)); + + break; + + } + +} + + +/****************************************************************************** +* * +* Paramètres : format = format du fichier contenant le code. * +* type = type de table visée avec la référence. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* size = taille de l'opérande, et donc du registre. * +* endian = ordre des bits dans la source. * +* * +* Description : Crée un opérande visant un élément constant Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_pool_operand_new(GDexFormat *format, DalvikPoolType type, const GBinContent *content, vmpa2t *pos, MemoryDataSize size, SourceEndian endian) +{ + GDalvikPoolOperand *result; /* Structure à retourner */ + uint8_t index8; /* Indice sur 8 bits */ + uint16_t index16; /* Indice sur 16 bits */ + bool test; /* Bilan de lecture */ + + switch (size) + { + case MDS_8_BITS: + test = g_binary_content_read_u8(content, pos, &index8); + break; + case MDS_16_BITS: + test = g_binary_content_read_u16(content, pos, endian, &index16); + break; + default: + test = false; + break; + } + + if (!test) + goto gdpon_exit; + + result = g_object_new(G_TYPE_DALVIK_POOL_OPERAND, NULL); + + g_object_ref(G_OBJECT(format)); + + result->format = format; + result->type = type; + result->index = (size == MDS_8_BITS ? index8 : index16); + + return G_ARCH_OPERAND(result); + + gdpon_exit: + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à consulter. * +* * +* Description : Indique la nature de la table de constantes visée ici. * +* * +* Retour : Type de table constantes visée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DalvikPoolType g_dalvik_pool_operand_get_pool_type(const GDalvikPoolOperand *operand) +{ + return operand->type; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à consulter. * +* * +* Description : Indique l'indice de l'élément dans la table de constantes. * +* * +* Retour : Indice de l'élément visé dans la table de constantes. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint32_t g_dalvik_pool_operand_get_index(const GDalvikPoolOperand *operand) +{ + return operand->index; + +} diff --git a/plugins/dalvik/operands/pool.h b/plugins/dalvik/operands/pool.h new file mode 100644 index 0000000..3045a2c --- /dev/null +++ b/plugins/dalvik/operands/pool.h @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.h - prototypes pour les opérandes pointant vers la table des constantes + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_POOL_H +#define _ARCH_DALVIK_OPERANDS_POOL_H + + +#include <glib-object.h> +#include <stdint.h> + + +#include <arch/operand.h> +#include <common/endianness.h> +#include <plugins/dex/pool.h> + + + +#define G_TYPE_DALVIK_POOL_OPERAND g_dalvik_pool_operand_get_type() +#define G_DALVIK_POOL_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperand)) +#define G_IS_DALVIK_POOL_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_POOL_OPERAND)) +#define G_DALVIK_POOL_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperandClass)) +#define G_IS_DALVIK_POOL_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_POOL_OPERAND)) +#define G_DALVIK_POOL_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_POOL_OPERAND, GDalvikPoolOperandClass)) + + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (instance) */ +typedef struct _GDalvikPoolOperand GDalvikPoolOperand; + +/* Définition d'un opérande visant un élément de table de constantes Dalvik (classe) */ +typedef struct _GDalvikPoolOperandClass GDalvikPoolOperandClass; + + +/* Type de table de constantes */ +typedef enum _DalvikPoolType +{ + DPT_NONE = 0x0, + DPT_STRING = 0x1, + DPT_TYPE = 0x2, + DPT_PROTO = 0x3, + DPT_FIELD = 0x4, + DPT_METHOD = 0x5 + +} DalvikPoolType; + + +/* Indique le type défini par la GLib pour un un élément de table de constantes Dalvik. */ +GType g_dalvik_pool_operand_get_type(void); + +/* Crée un opérande visant un élément constant Dalvik. */ +GArchOperand *g_dalvik_pool_operand_new(GDexFormat *, DalvikPoolType, const GBinContent *, vmpa2t *, MemoryDataSize, SourceEndian); + +/* Indique la nature de la table de constantes visée ici. */ +DalvikPoolType g_dalvik_pool_operand_get_pool_type(const GDalvikPoolOperand *); + +/* Indique l'indice de l'élément dans la table de constantes. */ +uint32_t g_dalvik_pool_operand_get_index(const GDalvikPoolOperand *); + + + +#endif /* _ARCH_DALVIK_OPERANDS_POOL_H */ diff --git a/plugins/dalvik/operands/register.c b/plugins/dalvik/operands/register.c new file mode 100644 index 0000000..4268252 --- /dev/null +++ b/plugins/dalvik/operands/register.c @@ -0,0 +1,363 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * register.c - opérandes visant un registre Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "register.h" + + +#include <arch/operand-int.h> +#include <arch/register.h> + + + +/* Définition d'un opérande visant un registre Dalvik (instance) */ +struct _GDalvikRegisterOperand +{ + GArchOperand parent; /* Instance parente */ + + const GDalvikRegister *reg; /* Registre représenté */ + bool is_written; /* Changement de contenu */ + +}; + + +/* Définition d'un opérande visant un registre Dalvik (classe) */ +struct _GDalvikRegisterOperandClass +{ + GArchOperandClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des opérandes de registre Dalvik. */ +static void g_dalvik_register_operand_class_init(GDalvikRegisterOperandClass *); + +/* Initialise une instance d'opérande de registre Dalvik. */ +static void g_dalvik_register_operand_init(GDalvikRegisterOperand *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_register_operand_dispose(GDalvikRegisterOperand *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_register_operand_finalize(GDalvikRegisterOperand *); + +/* Compare un opérande avec un autre. */ +static int g_dalvik_register_operand_compare(const GDalvikRegisterOperand *, const GDalvikRegisterOperand *); + +/* Traduit un opérande en version humainement lisible. */ +static void g_dalvik_register_operand_print(const GDalvikRegisterOperand *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini par la GLib pour un opérande de registre Dalvik. */ +G_DEFINE_TYPE(GDalvikRegisterOperand, g_dalvik_register_operand, G_TYPE_ARCH_OPERAND); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des opérandes de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_class_init(GDalvikRegisterOperandClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchOperandClass *operand; /* Version de classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_register_operand_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_register_operand_finalize; + + operand = G_ARCH_OPERAND_CLASS(klass); + + operand->compare = (operand_compare_fc)g_dalvik_register_operand_compare; + operand->print = (operand_print_fc)g_dalvik_register_operand_print; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance à initialiser. * +* * +* Description : Initialise une instance d'opérande de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_init(GDalvikRegisterOperand *operand) +{ + operand->is_written = false; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_dispose(GDalvikRegisterOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_register_operand_parent_class)->dispose(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_finalize(GDalvikRegisterOperand *operand) +{ + G_OBJECT_CLASS(g_dalvik_register_operand_parent_class)->finalize(G_OBJECT(operand)); + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un opérande avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static int g_dalvik_register_operand_compare(const GDalvikRegisterOperand *a, const GDalvikRegisterOperand *b) +{ + int result; /* Bilan à retourner */ + + result = g_dalvik_register_compare(a->reg, b->reg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à traiter. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un opérande en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_operand_print(const GDalvikRegisterOperand *operand, GBufferLine *line, AsmSyntax syntax) +{ + g_arch_register_print(G_ARCH_REGISTER(operand->reg), line, syntax); + +} + + +/****************************************************************************** +* * +* Paramètres : content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* low = position éventuelle des 4 bits visés. [OUT] * +* size = taille de l'opérande, et donc du registre. * +* endian = ordre des bits dans la source. * +* * +* Description : Crée un opérande visant un registre Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_register_operand_new(const GBinContent *content, vmpa2t *pos, bool *low, MemoryDataSize size, SourceEndian endian) +{ + GArchOperand *result; /* Structure à retourner */ + uint8_t index8; /* Indice sur 8 bits */ + uint16_t index16; /* Indice sur 16 bits */ + bool test; /* Bilan de lecture */ + GDalvikRegister *reg; /* Registre à représenter */ + + result = NULL; + + switch (size) + { + case MDS_4_BITS: + test = g_binary_content_read_u4(content, pos, low, &index8); + break; + case MDS_8_BITS: + test = g_binary_content_read_u8(content, pos, &index8); + break; + case MDS_16_BITS: + test = g_binary_content_read_u16(content, pos, endian, &index16); + break; + default: + test = false; + break; + } + + if (!test) + goto gdron_exit; + + switch (size) + { + case MDS_4_BITS: + case MDS_8_BITS: + reg = g_dalvik_register_new(index8); + break; + case MDS_16_BITS: + reg = g_dalvik_register_new(index16); + break; + default: + reg = NULL; + break; + } + + if (reg != NULL) + { + result = g_dalvik_register_operand_new_from_existing(reg); + + if (result == NULL) + g_object_unref(G_OBJECT(reg)); + + } + + return result; + + gdron_exit: + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre déjà en place. * +* * +* Description : Crée un opérande visant un registre Dalvik. * +* * +* Retour : Opérande mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_register_operand_new_from_existing(GDalvikRegister *reg) +{ + GDalvikRegisterOperand *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_REGISTER_OPERAND, NULL); + + result->reg = reg; + + return G_ARCH_OPERAND(result); + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre. * +* * +* Description : Fournit le registre Dalvik associé à l'opérande. * +* * +* Retour : Représentation interne du registre. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const GDalvikRegister *g_dalvik_register_operand_get(const GDalvikRegisterOperand *operand) +{ + return operand->reg; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre à mettre à jour. * +* * +* Description : Marque l'opérande comme étant écrit plutôt que consulté. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dalvik_register_operand_mark_as_written(GDalvikRegisterOperand *operand) +{ + operand->is_written = true; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande représentant un registre à consulter. * +* * +* Description : Indique le type d'accès réalisé sur l'opérande. * +* * +* Retour : Type d'accès : true en cas d'écriture, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dalvik_register_operand_is_written(const GDalvikRegisterOperand *operand) +{ + return operand->is_written; + +} diff --git a/plugins/dalvik/operands/register.h b/plugins/dalvik/operands/register.h new file mode 100644 index 0000000..f1dec72 --- /dev/null +++ b/plugins/dalvik/operands/register.h @@ -0,0 +1,75 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * register.h - prototypes pour les opérandes visant un registre Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_OPERANDS_REGISTER_H +#define _ARCH_DALVIK_OPERANDS_REGISTER_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <analysis/content.h> +#include <arch/operand.h> + + +#include "../register.h" + + + +#define G_TYPE_DALVIK_REGISTER_OPERAND g_dalvik_register_operand_get_type() +#define G_DALVIK_REGISTER_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperand)) +#define G_IS_DALVIK_REGISTER_OPERAND(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_REGISTER_OPERAND)) +#define G_DALVIK_REGISTER_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperandClass)) +#define G_IS_DALVIK_REGISTER_OPERAND_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_REGISTER_OPERAND)) +#define G_DALVIK_REGISTER_OPERAND_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_REGISTER_OPERAND, GDalvikRegisterOperandClass)) + + +/* Définition d'un opérande visant un registre Dalvik (instance) */ +typedef struct _GDalvikRegisterOperand GDalvikRegisterOperand; + +/* Définition d'un opérande visant un registre Dalvik (classe) */ +typedef struct _GDalvikRegisterOperandClass GDalvikRegisterOperandClass; + + +/* Indique le type défini par la GLib pour un opérande de registre Dalvik. */ +GType g_dalvik_register_operand_get_type(void); + +/* Crée un opérande visant un registre Dalvik. */ +GArchOperand *g_dalvik_register_operand_new(const GBinContent *, vmpa2t *, bool *, MemoryDataSize, SourceEndian); + +/* Crée un opérande visant un registre Dalvik. */ +GArchOperand *g_dalvik_register_operand_new_from_existing(GDalvikRegister *); + +/* Fournit le registre Dalvik associé à l'opérande. */ +const GDalvikRegister *g_dalvik_register_operand_get(const GDalvikRegisterOperand *); + +/* Marque l'opérande comme étant écrit plutôt que consulté. */ +void g_dalvik_register_operand_mark_as_written(GDalvikRegisterOperand *); + +/* Indique le type d'accès réalisé sur l'opérande. */ +bool g_dalvik_register_operand_is_written(const GDalvikRegisterOperand *); + + + +#endif /* _ARCH_DALVIK_OPERANDS_REGISTER_H */ diff --git a/plugins/dalvik/post.h b/plugins/dalvik/post.h new file mode 100644 index 0000000..63d35c3 --- /dev/null +++ b/plugins/dalvik/post.h @@ -0,0 +1,52 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * post.h - prototypes pour les traitements complémentaires à la phase de désassemblage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_POST_H +#define _ARCH_DALVIK_POST_H + + +#include <arch/post.h> + + + +static inline void post_process_dalvik_goto_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 0, STP_CODE_LABEL); + +} + +static inline void post_process_dalvik_if_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 2, STP_CODE_LABEL); + +} + +static inline void post_process_dalvik_ifz_target_resolution(GArchInstruction *ins, GArchProcessor *proc, GProcContext *ctx, GExeFormat *fmt) +{ + post_process_target_resolution(ins, proc, ctx, fmt, 1, STP_CODE_LABEL); + +} + + + +#endif /* _ARCH_DALVIK_POST_H */ diff --git a/plugins/dalvik/processor.c b/plugins/dalvik/processor.c new file mode 100644 index 0000000..16d6644 --- /dev/null +++ b/plugins/dalvik/processor.c @@ -0,0 +1,583 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * processor.c - manipulation du processeur de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "processor.h" + + +#include <assert.h> + + +#include <arch/processor-int.h> +#include <plugins/dex/format.h> + + +#include "context.h" +#include "instruction.h" +#include "opcodes/opcodes.h" +#include "pseudo/fill.h" +#include "pseudo/switch.h" + + + +/* Définition du processeur de la VM Dalvik (instance) */ +struct _GDalvikProcessor +{ + GArchProcessor parent; /* Instance parente */ + +}; + + +/* Définition du processeur de la VM Dalvik (classe) */ +struct _GDalvikProcessorClass +{ + GArchProcessorClass parent; /* Classe parente */ + +}; + + +/* Initialise la classe des processeurs de VM Dalvik. */ +static void g_dalvik_processor_class_init(GDalvikProcessorClass *); + +/* Initialise une instance de processeur de VM Dalvik. */ +static void g_dalvik_processor_init(GDalvikProcessor *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_processor_dispose(GDalvikProcessor *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_processor_finalize(GDalvikProcessor *); + +/* Fournit un contexte pour l'exécution du processeur Dalvik. */ +static GDalvikContext *g_dalvik_processor_get_context(const GDalvikProcessor *); + +/* Fournit un contexte pour la décompilation Dalvik. */ +//static GDalvikDContext *g_dalvik_processor_get_decomp_context(const GDalvikProcessor *); + +/* Décode une instruction dans un flux de données. */ +static GArchInstruction *g_dalvik_processor_disassemble(const GArchProcessor *, GDalvikContext *, const GBinContent *, vmpa2t *, GExeFormat *); + +/* Décode une pseudo-instruction dans un flux de données. */ +static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProcessor *, GDalvikContext *, const GBinContent *, vmpa2t *, uint8_t); + + + +/* Indique le type défini par la GLib pour le processeur DALVIK. */ +G_DEFINE_TYPE(GDalvikProcessor, g_dalvik_processor, G_TYPE_ARCH_PROCESSOR); + + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des processeurs de VM Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_class_init(GDalvikProcessorClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchProcessorClass *proc; /* Encore une autre vision... */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_processor_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_processor_finalize; + + proc = G_ARCH_PROCESSOR_CLASS(klass); + + proc->disassemble = (disass_instr_fc)g_dalvik_processor_disassemble; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = instance à initialiser. * +* * +* Description : Initialise une instance de processeur de VM Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_init(GDalvikProcessor *proc) +{ + GArchProcessor *parent; /* Instance parente */ + + parent = G_ARCH_PROCESSOR(proc); + + parent->endianness = SRE_LITTLE; + parent->memsize = MDS_32_BITS; + parent->inssize = MDS_16_BITS; + + parent->get_ctx = (get_processor_context_fc)g_dalvik_processor_get_context; + //parent->get_dec_ctx = (get_decomp_context_fc)g_dalvik_processor_get_decomp_context; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_dispose(GDalvikProcessor *proc) +{ + G_OBJECT_CLASS(g_dalvik_processor_parent_class)->dispose(G_OBJECT(proc)); + +} + + +/****************************************************************************** +* * +* Paramètres : bookmark = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_processor_finalize(GDalvikProcessor *proc) +{ + G_OBJECT_CLASS(g_dalvik_processor_parent_class)->finalize(G_OBJECT(proc)); + +} + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Crée le support de l'architecture Dalvik. * +* * +* Retour : Architecture mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchProcessor *g_dalvik_processor_new(void) +{ + GArchProcessor *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_PROCESSOR, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture, spectatrice ici. * +* * +* Description : Fournit un contexte pour l'exécution du processeur Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GDalvikContext *g_dalvik_processor_get_context(const GDalvikProcessor *proc) +{ + return g_dalvik_context_new(); + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture, spectatrice ici. * +* * +* Description : Fournit un contexte pour la décompilation Dalvik. * +* * +* Retour : Contexte mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ +#if 0 +static GDalvikDContext *g_dalvik_processor_get_decomp_context(const GDalvikProcessor *proc) +{ + return g_dalvik_dcontext_new(); + +} +#endif + + +/****************************************************************************** +* * +* Paramètres : proc = architecture visée par la procédure. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* format = format du fichier contenant le code. * +* * +* Description : Désassemble une instruction dans un flux de données. * +* * +* Retour : Instruction mise en place ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchInstruction *g_dalvik_processor_disassemble(const GArchProcessor *proc, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos, GExeFormat *format) +{ + GArchInstruction *result; /* Instruction à renvoyer */ + uint8_t raw8; /* Donnée de 8 bits à analyser */ + DalvikOpcodes id; /* Identifiant d'instruction */ + + static const disass_instr_fc decodings[DOP_COUNT] = { + + [DOP_NOP] = dalvik_read_instr_nop, + [DOP_MOVE] = dalvik_read_instr_move, + [DOP_MOVE_FROM_16] = dalvik_read_instr_move_from16, + [DOP_MOVE_16] = dalvik_read_instr_move_16, + [DOP_MOVE_WIDE] = dalvik_read_instr_move_wide, + [DOP_MOVE_WIDE_FROM_16] = dalvik_read_instr_move_wide_from16, + [DOP_MOVE_WIDE_16] = dalvik_read_instr_move_wide_16, + [DOP_MOVE_OBJECT] = dalvik_read_instr_move_object, + [DOP_MOVE_OBJECT_FROM_16] = dalvik_read_instr_move_object_from16, + [DOP_MOVE_OBJECT_16] = dalvik_read_instr_move_object_16, + [DOP_MOVE_RESULT] = dalvik_read_instr_move_result, + [DOP_MOVE_RESULT_WIDE] = dalvik_read_instr_move_result_wide, + [DOP_MOVE_RESULT_OBJECT] = dalvik_read_instr_move_result_object, + [DOP_MOVE_EXCEPTION] = dalvik_read_instr_move_exception, + [DOP_RETURN_VOID] = dalvik_read_instr_return_void, + [DOP_RETURN] = dalvik_read_instr_return, + [DOP_RETURN_WIDE] = dalvik_read_instr_return_wide, + [DOP_RETURN_OBJECT] = dalvik_read_instr_return_object, + [DOP_CONST_4] = dalvik_read_instr_const_4, + [DOP_CONST_16] = dalvik_read_instr_const_16, + [DOP_CONST] = dalvik_read_instr_const, + [DOP_CONST_HIGH16] = dalvik_read_instr_const_high16, + [DOP_CONST_WIDE_16] = dalvik_read_instr_const_wide_16, + [DOP_CONST_WIDE_32] = dalvik_read_instr_const_wide_32, + [DOP_CONST_WIDE] = dalvik_read_instr_const_wide, + [DOP_CONST_WIDE_HIGH16] = dalvik_read_instr_const_wide_high16, + [DOP_CONST_STRING] = dalvik_read_instr_const_string, + [DOP_CONST_STRING_JUMBO] = dalvik_read_instr_const_string_jumbo, + [DOP_CONST_CLASS] = dalvik_read_instr_const_class, + [DOP_MONITOR_ENTER] = dalvik_read_instr_monitor_enter, + [DOP_MONITOR_EXIT] = dalvik_read_instr_monitor_exit, + [DOP_CHECK_CAST] = dalvik_read_instr_check_cast, + [DOP_INSTANCE_OF] = dalvik_read_instr_instance_of, + [DOP_ARRAY_LENGTH] = dalvik_read_instr_array_length, + [DOP_NEW_INSTANCE] = dalvik_read_instr_new_instance, + [DOP_NEW_ARRAY] = dalvik_read_instr_new_array, + [DOP_FILLED_NEW_ARRAY] = dalvik_read_instr_filled_new_array, + [DOP_FILLED_NEW_ARRAY_RANGE]= dalvik_read_instr_filled_new_array_range, + [DOP_FILL_ARRAY_DATA] = dalvik_read_instr_fill_array_data, + [DOP_THROW] = dalvik_read_instr_throw, + [DOP_GOTO] = dalvik_read_instr_goto, + [DOP_GOTO_16] = dalvik_read_instr_goto_16, + [DOP_GOTO_32] = dalvik_read_instr_goto_32, + [DOP_PACKED_SWITCH] = dalvik_read_instr_packed_switch, + [DOP_SPARSE_SWITCH] = dalvik_read_instr_sparse_switch, + [DOP_CMPL_FLOAT] = dalvik_read_instr_cmpl_float, + [DOP_CMPG_FLOAT] = dalvik_read_instr_cmpg_float, + [DOP_CMPL_DOUBLE] = dalvik_read_instr_cmpl_double, + [DOP_CMPG_DOUBLE] = dalvik_read_instr_cmpg_double, + [DOP_CMP_LONG] = dalvik_read_instr_cmp_long, + [DOP_IF_EQ] = dalvik_read_instr_if_eq, + [DOP_IF_NE] = dalvik_read_instr_if_ne, + [DOP_IF_LT] = dalvik_read_instr_if_lt, + [DOP_IF_GE] = dalvik_read_instr_if_ge, + [DOP_IF_GT] = dalvik_read_instr_if_gt, + [DOP_IF_LE] = dalvik_read_instr_if_le, + [DOP_IF_EQZ] = dalvik_read_instr_if_eqz, + [DOP_IF_NEZ] = dalvik_read_instr_if_nez, + [DOP_IF_LTZ] = dalvik_read_instr_if_ltz, + [DOP_IF_GEZ] = dalvik_read_instr_if_gez, + [DOP_IF_GTZ] = dalvik_read_instr_if_gtz, + [DOP_IF_LEZ] = dalvik_read_instr_if_lez, + [DOP_AGET] = dalvik_read_instr_aget, + [DOP_AGET_WIDE] = dalvik_read_instr_aget_wide, + [DOP_AGET_OBJECT] = dalvik_read_instr_aget_object, + [DOP_AGET_BOOLEAN] = dalvik_read_instr_aget_boolean, + [DOP_AGET_BYTE] = dalvik_read_instr_aget_byte, + [DOP_AGET_CHAR] = dalvik_read_instr_aget_char, + [DOP_AGET_SHORT] = dalvik_read_instr_aget_short, + [DOP_APUT] = dalvik_read_instr_aput, + [DOP_APUT_WIDE] = dalvik_read_instr_aput_wide, + [DOP_APUT_OBJECT] = dalvik_read_instr_aput_object, + [DOP_APUT_BOOLEAN] = dalvik_read_instr_aput_boolean, + [DOP_APUT_BYTE] = dalvik_read_instr_aput_byte, + [DOP_APUT_CHAR] = dalvik_read_instr_aput_char, + [DOP_APUT_SHORT] = dalvik_read_instr_aput_short, + [DOP_IGET] = dalvik_read_instr_iget, + [DOP_IGET_WIDE] = dalvik_read_instr_iget_wide, + [DOP_IGET_OBJECT] = dalvik_read_instr_iget_object, + [DOP_IGET_BOOLEAN] = dalvik_read_instr_iget_boolean, + [DOP_IGET_BYTE] = dalvik_read_instr_iget_byte, + [DOP_IGET_CHAR] = dalvik_read_instr_iget_char, + [DOP_IGET_SHORT] = dalvik_read_instr_iget_short, + [DOP_IPUT] = dalvik_read_instr_iput, + [DOP_IPUT_WIDE] = dalvik_read_instr_iput_wide, + [DOP_IPUT_OBJECT] = dalvik_read_instr_iput_object, + [DOP_IPUT_BOOLEAN] = dalvik_read_instr_iput_boolean, + [DOP_IPUT_BYTE] = dalvik_read_instr_iput_byte, + [DOP_IPUT_CHAR] = dalvik_read_instr_iput_char, + [DOP_IPUT_SHORT] = dalvik_read_instr_iput_short, + [DOP_SGET] = dalvik_read_instr_sget, + [DOP_SGET_WIDE] = dalvik_read_instr_sget_wide, + [DOP_SGET_OBJECT] = dalvik_read_instr_sget_object, + [DOP_SGET_BOOLEAN] = dalvik_read_instr_sget_boolean, + [DOP_SGET_BYTE] = dalvik_read_instr_sget_byte, + [DOP_SGET_CHAR] = dalvik_read_instr_sget_char, + [DOP_SGET_SHORT] = dalvik_read_instr_sget_short, + [DOP_SPUT] = dalvik_read_instr_sput, + [DOP_SPUT_WIDE] = dalvik_read_instr_sput_wide, + [DOP_SPUT_OBJECT] = dalvik_read_instr_sput_object, + [DOP_SPUT_BOOLEAN] = dalvik_read_instr_sput_boolean, + [DOP_SPUT_BYTE] = dalvik_read_instr_sput_byte, + [DOP_SPUT_CHAR] = dalvik_read_instr_sput_char, + [DOP_SPUT_SHORT] = dalvik_read_instr_sput_short, + [DOP_INVOKE_VIRTUAL] = dalvik_read_instr_invoke_virtual, + [DOP_INVOKE_SUPER] = dalvik_read_instr_invoke_super, + [DOP_INVOKE_DIRECT] = dalvik_read_instr_invoke_direct, + [DOP_INVOKE_STATIC] = dalvik_read_instr_invoke_static, + [DOP_INVOKE_INTERFACE] = dalvik_read_instr_invoke_interface, + [DOP_INVOKE_VIRTUAL_RANGE] = dalvik_read_instr_invoke_virtual_range, + [DOP_INVOKE_SUPER_RANGE] = dalvik_read_instr_invoke_super_range, + [DOP_INVOKE_DIRECT_RANGE] = dalvik_read_instr_invoke_direct_range, + [DOP_INVOKE_STATIC_RANGE] = dalvik_read_instr_invoke_static_range, + [DOP_INVOKE_INTERFACE_RANGE]= dalvik_read_instr_invoke_interface_range, + [DOP_NEG_INT] = dalvik_read_instr_neg_int, + [DOP_NOT_INT] = dalvik_read_instr_not_int, + [DOP_NEG_LONG] = dalvik_read_instr_neg_long, + [DOP_NOT_LONG] = dalvik_read_instr_not_long, + [DOP_NEG_FLOAT] = dalvik_read_instr_neg_float, + [DOP_NEG_DOUBLE] = dalvik_read_instr_neg_double, + [DOP_TO_INT_LONG] = dalvik_read_instr_int_to_long, + [DOP_TO_INT_FLOAT] = dalvik_read_instr_int_to_float, + [DOP_TO_INT_DOUBLE] = dalvik_read_instr_int_to_double, + [DOP_TO_LONG_INT] = dalvik_read_instr_long_to_int, + [DOP_TO_LONG_FLOAT] = dalvik_read_instr_long_to_float, + [DOP_TO_LONG_DOUBLE] = dalvik_read_instr_long_to_double, + [DOP_TO_FLOAT_INT] = dalvik_read_instr_float_to_int, + [DOP_TO_FLOAT_LONG] = dalvik_read_instr_float_to_long, + [DOP_TO_FLOAT_DOUBLE] = dalvik_read_instr_float_to_double, + [DOP_TO_DOUBLE_INT] = dalvik_read_instr_double_to_int, + [DOP_TO_DOUBLE_LONG] = dalvik_read_instr_double_to_long, + [DOP_TO_DOUBLE_FLOAT] = dalvik_read_instr_double_to_float, + [DOP_TO_INT_BYTE] = dalvik_read_instr_int_to_byte, + [DOP_TO_INT_CHAR] = dalvik_read_instr_int_to_char, + [DOP_TO_INT_SHORT] = dalvik_read_instr_int_to_short, + [DOP_ADD_INT] = dalvik_read_instr_add_int, + [DOP_SUB_INT] = dalvik_read_instr_sub_int, + [DOP_MUL_INT] = dalvik_read_instr_mul_int, + [DOP_DIV_INT] = dalvik_read_instr_div_int, + [DOP_REM_INT] = dalvik_read_instr_rem_int, + [DOP_AND_INT] = dalvik_read_instr_and_int, + [DOP_OR_INT] = dalvik_read_instr_or_int, + [DOP_XOR_INT] = dalvik_read_instr_xor_int, + [DOP_SHL_INT] = dalvik_read_instr_shl_int, + [DOP_SHR_INT] = dalvik_read_instr_shr_int, + [DOP_USHR_INT] = dalvik_read_instr_ushr_int, + [DOP_ADD_LONG] = dalvik_read_instr_add_long, + [DOP_SUB_LONG] = dalvik_read_instr_sub_long, + [DOP_MUL_LONG] = dalvik_read_instr_mul_long, + [DOP_DIV_LONG] = dalvik_read_instr_div_long, + [DOP_REM_LONG] = dalvik_read_instr_rem_long, + [DOP_AND_LONG] = dalvik_read_instr_and_long, + [DOP_OR_LONG] = dalvik_read_instr_or_long, + [DOP_XOR_LONG] = dalvik_read_instr_xor_long, + [DOP_SHL_LONG] = dalvik_read_instr_shl_long, + [DOP_SHR_LONG] = dalvik_read_instr_shr_long, + [DOP_USHR_LONG] = dalvik_read_instr_ushr_long, + [DOP_ADD_FLOAT] = dalvik_read_instr_add_float, + [DOP_SUB_FLOAT] = dalvik_read_instr_sub_float, + [DOP_MUL_FLOAT] = dalvik_read_instr_mul_float, + [DOP_DIV_FLOAT] = dalvik_read_instr_div_float, + [DOP_REM_FLOAT] = dalvik_read_instr_rem_float, + [DOP_ADD_DOUBLE] = dalvik_read_instr_add_double, + [DOP_SUB_DOUBLE] = dalvik_read_instr_sub_double, + [DOP_MUL_DOUBLE] = dalvik_read_instr_mul_double, + [DOP_DIV_DOUBLE] = dalvik_read_instr_div_double, + [DOP_REM_DOUBLE] = dalvik_read_instr_rem_double, + [DOP_ADD_INT_2ADDR] = dalvik_read_instr_add_int_2addr, + [DOP_SUB_INT_2ADDR] = dalvik_read_instr_sub_int_2addr, + [DOP_MUL_INT_2ADDR] = dalvik_read_instr_mul_int_2addr, + [DOP_DIV_INT_2ADDR] = dalvik_read_instr_div_int_2addr, + [DOP_REM_INT_2ADDR] = dalvik_read_instr_rem_int_2addr, + [DOP_AND_INT_2ADDR] = dalvik_read_instr_and_int_2addr, + [DOP_OR_INT_2ADDR] = dalvik_read_instr_or_int_2addr, + [DOP_XOR_INT_2ADDR] = dalvik_read_instr_xor_int_2addr, + [DOP_SHL_INT_2ADDR] = dalvik_read_instr_shl_int_2addr, + [DOP_SHR_INT_2ADDR] = dalvik_read_instr_shr_int_2addr, + [DOP_USHR_INT_2ADDR] = dalvik_read_instr_ushr_int_2addr, + [DOP_ADD_LONG_2ADDR] = dalvik_read_instr_add_long_2addr, + [DOP_SUB_LONG_2ADDR] = dalvik_read_instr_sub_long_2addr, + [DOP_MUL_LONG_2ADDR] = dalvik_read_instr_mul_long_2addr, + [DOP_DIV_LONG_2ADDR] = dalvik_read_instr_div_long_2addr, + [DOP_REM_LONG_2ADDR] = dalvik_read_instr_rem_long_2addr, + [DOP_AND_LONG_2ADDR] = dalvik_read_instr_and_long_2addr, + [DOP_OR_LONG_2ADDR] = dalvik_read_instr_or_long_2addr, + [DOP_XOR_LONG_2ADDR] = dalvik_read_instr_xor_long_2addr, + [DOP_SHL_LONG_2ADDR] = dalvik_read_instr_shl_long_2addr, + [DOP_SHR_LONG_2ADDR] = dalvik_read_instr_shr_long_2addr, + [DOP_USHR_LONG_2ADDR] = dalvik_read_instr_ushr_long_2addr, + [DOP_ADD_FLOAT_2ADDR] = dalvik_read_instr_add_float_2addr, + [DOP_SUB_FLOAT_2ADDR] = dalvik_read_instr_sub_float_2addr, + [DOP_MUL_FLOAT_2ADDR] = dalvik_read_instr_mul_float_2addr, + [DOP_DIV_FLOAT_2ADDR] = dalvik_read_instr_div_float_2addr, + [DOP_REM_FLOAT_2ADDR] = dalvik_read_instr_rem_float_2addr, + [DOP_ADD_DOUBLE_2ADDR] = dalvik_read_instr_add_double_2addr, + [DOP_SUB_DOUBLE_2ADDR] = dalvik_read_instr_sub_double_2addr, + [DOP_MUL_DOUBLE_2ADDR] = dalvik_read_instr_mul_double_2addr, + [DOP_DIV_DOUBLE_2ADDR] = dalvik_read_instr_div_double_2addr, + [DOP_REM_DOUBLE_2ADDR] = dalvik_read_instr_rem_double_2addr, + [DOP_ADD_INT_LIT16] = dalvik_read_instr_add_int_lit16, + [DOP_RSUB_INT] = dalvik_read_instr_rsub_int, + [DOP_MUL_INT_LIT16] = dalvik_read_instr_mul_int_lit16, + [DOP_DIV_INT_LIT16] = dalvik_read_instr_div_int_lit16, + [DOP_REM_INT_LIT16] = dalvik_read_instr_rem_int_lit16, + [DOP_AND_INT_LIT16] = dalvik_read_instr_and_int_lit16, + [DOP_OR_INT_LIT16] = dalvik_read_instr_or_int_lit16, + [DOP_XOR_INT_LIT16] = dalvik_read_instr_xor_int_lit16, + [DOP_ADD_INT_LIT8] = dalvik_read_instr_add_int_lit8, + [DOP_RSUB_INT_LIT8] = dalvik_read_instr_rsub_int_lit8, + [DOP_MUL_INT_LIT8] = dalvik_read_instr_mul_int_lit8, + [DOP_DIV_INT_LIT8] = dalvik_read_instr_div_int_lit8, + [DOP_REM_INT_LIT8] = dalvik_read_instr_rem_int_lit8, + [DOP_AND_INT_LIT8] = dalvik_read_instr_and_int_lit8, + [DOP_OR_INT_LIT8] = dalvik_read_instr_or_int_lit8, + [DOP_XOR_INT_LIT8] = dalvik_read_instr_xor_int_lit8, + [DOP_SHL_INT_LIT8] = dalvik_read_instr_shl_int_lit8, + [DOP_SHR_INT_LIT8] = dalvik_read_instr_shr_int_lit8, + [DOP_USHR_INT_LIT8] = dalvik_read_instr_ushr_int_lit8 + + }; + + /* Données brutes associées à une instruction ? */ + + result = g_dalvik_context_get_raw_data(ctx, content, pos); + + if (result != NULL) goto gdpd_done; + + /* Pseudo-instruction... */ + + if (!g_binary_content_read_u8(content, pos, &raw8)) + return NULL; + + result = g_dalvik_processor_disassemble_pseudo(proc, ctx, content, pos, raw8); + + if (result != NULL) goto gdpd_done; + + /* ... ou instruction classique */ + + assert(raw8 < DOP_COUNT); + + id = (DalvikOpcodes)raw8; + + if (decodings[id] != NULL) + result = decodings[id](proc, G_PROC_CONTEXT(ctx), content, pos, format); + + gdpd_done: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : proc = architecture visée par la procédure. * +* data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* end = limite des données à analyser. * +* addr = adresse virtuelle de l'instruction. * +* low8 = 8 bits de poids faible déjà lus. * +* * +* Description : Décode une pseudo-instruction dans un flux de données. * +* * +* Retour : Instruction mise en place ou NULL si aucune trouvée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static GArchInstruction *g_dalvik_processor_disassemble_pseudo(const GArchProcessor *proc, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos, uint8_t low8) +{ + GArchInstruction *result; /* Instruction à renvoyer */ + vmpa2t tmp; /* Position modifiable */ + uint8_t high8; /* Nouvelle octet à venir lire */ + uint16_t ident; /* Valeur lue dans le code */ + + /* Vérification astucieuse et rapide...*/ + if (low8 != 0x00 /* DOP_NOP */) + return NULL; + + result = NULL; + + copy_vmpa(&tmp, pos); + + if (!g_binary_content_read_u8(content, pos, &high8)) + goto gdpdp_exit; + + ident = high8 << 8 | low8; + + switch (ident) + { + case DPO_PACKED_SWITCH: + case DPO_SPARSE_SWITCH: + result = g_dalvik_switch_instr_new(ident, ctx, content, pos); + break; + + case DPO_FILL_ARRAY_DATA: + result = g_dalvik_fill_instr_new(ident, ctx, content, pos); + break; + + default: + result = NULL; + break; + + } + + gdpdp_exit: + + if (result == NULL) + copy_vmpa(pos, &tmp); + + return result; + +} diff --git a/plugins/dalvik/processor.h b/plugins/dalvik/processor.h new file mode 100644 index 0000000..c6c1278 --- /dev/null +++ b/plugins/dalvik/processor.h @@ -0,0 +1,53 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * processor.h - prototypes pour la manipulation du processeur de la VM Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PROCESSOR_H +#define _ARCH_DALVIK_PROCESSOR_H + + +#include <arch/processor.h> + + + +#define G_TYPE_DALVIK_PROCESSOR g_dalvik_processor_get_type() +#define G_DALVIK_PROCESSOR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_processor_get_type(), GDalvikProcessor)) +#define G_IS_DALVIK_PROCESSOR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_processor_get_type())) +#define G_DALVIK_PROCESSOR_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), g_dalvik_processor_get_type(), GDalvikProcessorIface)) + + +/* Définition du processeur de la VM Dalvik (instance) */ +typedef struct _GDalvikProcessor GDalvikProcessor; + +/* Définition du processeur de la VM Dalvik (classe) */ +typedef struct _GDalvikProcessorClass GDalvikProcessorClass; + + +/* Indique le type défini par la GLib pour le processeur Dalvik. */ +GType g_dalvik_processor_get_type(void); + +/* Crée le support de l'architecture Dalvik. */ +GArchProcessor *g_dalvik_processor_new(void); + + + +#endif /* _ARCH_DALVIK_PROCESSOR_H */ diff --git a/plugins/dalvik/pseudo/Makefile.am b/plugins/dalvik/pseudo/Makefile.am new file mode 100644 index 0000000..6f49159 --- /dev/null +++ b/plugins/dalvik/pseudo/Makefile.am @@ -0,0 +1,15 @@ + +noinst_LTLIBRARIES = libdalvikpseudo.la + +libdalvikpseudo_la_SOURCES = \ + fill.h fill.c \ + switch.h switch.c + +libdalvikpseudo_la_LIBADD = + +libdalvikpseudo_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dalvik/pseudo/fill.c b/plugins/dalvik/pseudo/fill.c new file mode 100644 index 0000000..dc5683c --- /dev/null +++ b/plugins/dalvik/pseudo/fill.c @@ -0,0 +1,198 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.c - prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "fill.h" + + +#include <assert.h> +#include <string.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikFillInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t item_width; /* Taille des éléments */ + uint32_t array_size; /* Taille du tableau */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikFillInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_fill_instr_init(GDalvikFillInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikFillInstr, g_dalvik_fill_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_class_init(GDalvikFillInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_fill_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_fill_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_init(GDalvikFillInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "array-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_dispose(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_fill_instr_finalize(GDalvikFillInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_fill_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de remplissage. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_fill_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikFillInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_FILL_ARRAY_DATA); + + result = g_object_new(G_TYPE_DALVIK_FILL_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->item_width)) + goto gdfin_bad; + + if (!g_binary_content_read_u32(content, pos, SRE_LITTLE, &result->array_size)) + goto gdfin_bad; + + consumed = result->item_width * result->array_size; + + if (!g_dalvik_context_register_array_data(ctx, pos, result->item_width, consumed)) + goto gdfin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdfin_bad: + + g_object_unref(result); + + return NULL; + +} diff --git a/plugins/dalvik/pseudo/fill.h b/plugins/dalvik/pseudo/fill.h new file mode 100644 index 0000000..2a63df9 --- /dev/null +++ b/plugins/dalvik/pseudo/fill.h @@ -0,0 +1,60 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * fill.h - prototypes pour la prise en charge de l'instruction spéciale fill-array-data + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_FILL_H +#define _ARCH_DALVIK_PSEUDO_FILL_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_FILL_INSTR g_dalvik_fill_instr_get_type() +#define G_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_FILL_INSTR, GDalvikFillInstr)) +#define G_IS_DALVIK_FILL_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_FILL_INSTR)) +#define G_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) +#define G_IS_DALVIK_FILL_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_FILL)) +#define G_DALVIK_FILL_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_FILL, GGDalvikFillClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikFillInstr GDalvikFillInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikFillInstrClass GDalvikFillInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_fill_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de remplissage. */ +GArchInstruction *g_dalvik_fill_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + + + +#endif /* _ARCH_DALVIK_PSEUDO_FILL_H */ diff --git a/plugins/dalvik/pseudo/switch.c b/plugins/dalvik/pseudo/switch.c new file mode 100644 index 0000000..90cff87 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.c @@ -0,0 +1,301 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.c - prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "switch.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "../instruction-int.h" + + + +/* Définition générique d'une instruction d'architecture Dalvik (instance) */ +struct _GDalvikSwitchInstr +{ + GDalvikInstruction parent; /* A laisser en premier */ + + uint16_t switch_size; /* Taille du switch considéré */ + + int32_t *keys; /* Table de clefs */ + int32_t *targets; /* Table des sauts relatifs */ + +}; + +/* Définition générique d'une instruction d'architecture Dalvik (classe) */ +struct _GDalvikSwitchInstrClass +{ + GDalvikInstructionClass parent; /* A laisser en premier */ + +}; + + + +/* Initialise la classe générique des instructions. */ +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *); + +/* Initialise une instance d'opérande d'architecture. */ +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *); + +/* Lit toutes les valeurs associés aux branchements. */ +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *, const GBinContent *, const vmpa2t *); + + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +G_DEFINE_TYPE(GDalvikSwitchInstr, g_dalvik_switch_instr, G_TYPE_DALVIK_INSTRUCTION); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe générique des instructions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_class_init(GDalvikSwitchInstrClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_switch_instr_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_switch_instr_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance à initialiser. * +* * +* Description : Initialise une instance d'instruction d'architecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_init(GDalvikSwitchInstr *instr) +{ + G_DALVIK_INSTRUCTION(instr)->keyword = "switch-data"; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_dispose(GDalvikSwitchInstr *instr) +{ + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->dispose(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_switch_instr_finalize(GDalvikSwitchInstr *instr) +{ + if (instr->keys != NULL) + free(instr->keys); + + if (instr->targets != NULL) + free(instr->targets); + + G_OBJECT_CLASS(g_dalvik_switch_instr_parent_class)->finalize(G_OBJECT(instr)); + +} + + +/****************************************************************************** +* * +* Paramètres : ident = identifiant de l'instruction déjà lu. * +* ctx = contexte lié à l'exécution du processeur. * +* content = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* * +* Description : Crée une pesudo-instruction Dalvik de branchement. * +* * +* Retour : Instruction mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_dalvik_switch_instr_new(uint16_t ident, GDalvikContext *ctx, const GBinContent *content, vmpa2t *pos) +{ + GDalvikSwitchInstr *result; /* Structure à retourner */ + phys_t consumed; /* Données consommées */ + + assert(ident == DPO_PACKED_SWITCH || ident == DPO_SPARSE_SWITCH); + + result = g_object_new(G_TYPE_DALVIK_SWITCH_INSTR, NULL); + + G_DALVIK_INSTRUCTION(result)->ptype = ident; + + if (!g_binary_content_read_u16(content, pos, SRE_LITTLE, &result->switch_size)) + goto gdsin_bad; + + if (!g_dalvik_switch_decode_data(result, content, pos)) + goto gdsin_bad; + + if (ident == DPO_PACKED_SWITCH) + consumed = (1 + result->switch_size) * sizeof(int32_t); + else + consumed = (2 * result->switch_size) * sizeof(int32_t); + + if (!g_dalvik_context_register_switch_data(ctx, pos, consumed)) + goto gdsin_bad; + + return G_ARCH_INSTRUCTION(result); + + gdsin_bad: + + g_object_unref(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* content = flux de données à analyser. * +* pos = position de lecture courante dans ce flux. * +* * +* Description : Lit toutes les valeurs associés aux branchements. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_dalvik_switch_decode_data(GDalvikSwitchInstr *instr, const GBinContent *content, const vmpa2t *pos) +{ + vmpa2t iter; /* Position modifiable */ + int32_t first_key; /* Première clef */ + uint16_t i; /* Boucle de parcours */ + + instr->keys = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + instr->targets = (int32_t *)calloc(instr->switch_size, sizeof(int32_t)); + + copy_vmpa(&iter, pos); + + if (G_DALVIK_INSTRUCTION(instr)->ptype == DPO_PACKED_SWITCH) + { + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &first_key)) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + { + instr->keys[i] = first_key + i; + + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + } + + else + { + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->keys[i])) + goto gdsdd_bad; + + for (i = 0; i < instr->switch_size; i++) + if (!g_binary_content_read_s32(content, &iter, SRE_LITTLE, &instr->targets[i])) + goto gdsdd_bad; + + } + + return true; + + gdsdd_bad: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'assemblage à compléter. * +* keys = tableau renseignant les conditions de saut. [OUT] * +* targets = tableau renseignant les sauts relatifs. [OUT] * +* * +* Description : Fournit les données associées à un branchement Dalvik. * +* * +* Retour : Taille des tableaux renseignés. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *instr, const int32_t **keys, const int32_t **targets) +{ + if (keys != NULL) + *keys = instr->keys; + + if (targets != NULL) + *targets = instr->targets; + + return instr->switch_size; + +} diff --git a/plugins/dalvik/pseudo/switch.h b/plugins/dalvik/pseudo/switch.h new file mode 100644 index 0000000..d672f86 --- /dev/null +++ b/plugins/dalvik/pseudo/switch.h @@ -0,0 +1,63 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * switch.h - prototypes pour la prise en charge des instructions spéciales (packed|sparse)switch + * + * Copyright (C) 2011-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_PSEUDO_SWITCH_H +#define _ARCH_DALVIK_PSEUDO_SWITCH_H + + +#include "../context.h" +#include "../instruction.h" +#include "../processor.h" + + +#include <glib-object.h> + + + +#define G_TYPE_DALVIK_SWITCH_INSTR g_dalvik_switch_instr_get_type() +#define G_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DALVIK_SWITCH_INSTR, GDalvikSwitchInstr)) +#define G_IS_DALVIK_SWITCH_INSTR(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DALVIK_SWITCH_INSTR)) +#define G_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) +#define G_IS_DALVIK_SWITCH_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_SWITCH)) +#define G_DALVIK_SWITCH_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_SWITCH, GGDalvikSwitchClass)) + + +/* Définition générique d'une instruction d'architecture (instance) */ +typedef struct _GDalvikSwitchInstr GDalvikSwitchInstr; + +/* Définition générique d'une instruction d'architecture (classe) */ +typedef struct _GDalvikSwitchInstrClass GDalvikSwitchInstrClass; + + +/* Indique le type défini pour une pseudo-instruction Dalvik de remplissage. */ +GType g_dalvik_switch_instr_get_type(void); + +/* Crée une pesudo-instruction Dalvik de branchement. */ +GArchInstruction *g_dalvik_switch_instr_new(uint16_t, GDalvikContext *, const GBinContent *, vmpa2t *); + +/* Fournit les données associées à un branchement Dalvik. */ +uint16_t g_dalvik_switch_get_data(GDalvikSwitchInstr *, const int32_t **, const int32_t **); + + + +#endif /* _ARCH_DALVIK_PSEUDO_SWITCH_H */ diff --git a/plugins/dalvik/register.c b/plugins/dalvik/register.c new file mode 100644 index 0000000..00e9757 --- /dev/null +++ b/plugins/dalvik/register.c @@ -0,0 +1,291 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * registers.c - aides auxiliaires relatives aux registres Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "register.h" + + +#include <stdio.h> + + +#include <arch/register-int.h> +#include <common/sort.h> + + + +/* Représentation d'un registre Dalvik (instance) */ +struct _GDalvikRegister +{ + GArchRegister parent; /* Instance parente */ + + uint16_t index; /* Indice du registre */ + +}; + + +/* Représentation d'un registre Dalvik (classe) */ +struct _GDalvikRegisterClass +{ + GArchRegisterClass parent; /* Classe parente */ + +}; + + +#define MAX_REGNAME_LEN 8 + + +/* Initialise la classe des registres Dalvik. */ +static void g_dalvik_register_class_init(GDalvikRegisterClass *); + +/* Initialise une instance de registre Dalvik. */ +static void g_dalvik_register_init(GDalvikRegister *); + +/* Supprime toutes les références externes. */ +static void g_dalvik_register_dispose(GDalvikRegister *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dalvik_register_finalize(GDalvikRegister *); + +/* Produit une empreinte à partir d'un registre. */ +static guint g_dalvik_register_hash(const GDalvikRegister *); + +/* Traduit un registre en version humainement lisible. */ +static void g_dalvik_register_print(const GDalvikRegister *, GBufferLine *, AsmSyntax); + + + +/* Indique le type défini pour une représentation d'un registre Dalvik. */ +G_DEFINE_TYPE(GDalvikRegister, g_dalvik_register, G_TYPE_ARCH_REGISTER); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des registres Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_class_init(GDalvikRegisterClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GArchRegisterClass *register_class; /* Classe de haut niveau */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dalvik_register_dispose; + object->finalize = (GObjectFinalizeFunc)g_dalvik_register_finalize; + + register_class = G_ARCH_REGISTER_CLASS(klass); + + register_class->hash = (reg_hash_fc)g_dalvik_register_hash; + register_class->compare = (reg_compare_fc)g_dalvik_register_compare; + register_class->print = (reg_print_fc)g_dalvik_register_print; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance à initialiser. * +* * +* Description : Initialise une instance de registre Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_init(GDalvikRegister *reg) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_dispose(GDalvikRegister *reg) +{ + G_OBJECT_CLASS(g_dalvik_register_parent_class)->dispose(G_OBJECT(reg)); + +} + + +/****************************************************************************** +* * +* Paramètres : reg = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_finalize(GDalvikRegister *reg) +{ + G_OBJECT_CLASS(g_dalvik_register_parent_class)->finalize(G_OBJECT(reg)); + +} + + +/****************************************************************************** +* * +* Paramètres : reg = opérande à consulter pour le calcul. * +* * +* Description : Produit une empreinte à partir d'un registre. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static guint g_dalvik_register_hash(const GDalvikRegister *reg) +{ + return reg->index; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre à transcrire. * +* line = ligne tampon où imprimer l'opérande donné. * +* syntax = type de représentation demandée. * +* * +* Description : Traduit un registre en version humainement lisible. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dalvik_register_print(const GDalvikRegister *reg, GBufferLine *line, AsmSyntax syntax) +{ + char key[MAX_REGNAME_LEN]; /* Mot clef principal */ + size_t klen; /* Taille de ce mot clef */ + + switch (syntax) + { + case ASX_INTEL: + klen = snprintf(key, MAX_REGNAME_LEN, "v%hu", reg->index); + break; + + case ASX_ATT: + klen = snprintf(key, MAX_REGNAME_LEN, "%%v%hu", reg->index); + break; + + default: + klen = 0; + break; + + } + + g_buffer_line_append_text(line, BLC_ASSEMBLY, key, klen, RTT_REGISTER, NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : index = indice du registre correspondant. * +* * +* Description : Crée une réprésentation de registre Dalvik. * +* * +* Retour : Adresse de la structure mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDalvikRegister *g_dalvik_register_new(uint16_t index) +{ + GDalvikRegister *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DALVIK_REGISTER, NULL); + + result->index = index; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : reg = registre à consulter. * +* * +* Description : Fournit l'indice d'un registre Dalvik. * +* * +* Retour : Inditifiant représentant le registre. * +* * +* Remarques : - * +* * +******************************************************************************/ + +uint16_t g_dalvik_register_get_index(const GDalvikRegister *reg) +{ + return reg->index; + +} + + +/****************************************************************************** +* * +* Paramètres : a = premier opérande à consulter. * +* b = second opérande à consulter. * +* * +* Description : Compare un registre avec un autre. * +* * +* Retour : Bilan de la comparaison. * +* * +* Remarques : - * +* * +******************************************************************************/ + +int g_dalvik_register_compare(const GDalvikRegister *a, const GDalvikRegister *b) +{ + int result; /* Bilan à retourner */ + + result = sort_unsigned_long(a->index, b->index); + + return result; + +} diff --git a/plugins/dalvik/register.h b/plugins/dalvik/register.h new file mode 100644 index 0000000..460edd7 --- /dev/null +++ b/plugins/dalvik/register.h @@ -0,0 +1,65 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * registers.h - prototypes pour les aides auxiliaires relatives aux registres Dalvik + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ARCH_DALVIK_REGISTERS_H +#define _ARCH_DALVIK_REGISTERS_H + + +#include <glib-object.h> +#include <stdbool.h> + + +#include <arch/archbase.h> + + + +#define G_TYPE_DALVIK_REGISTER g_dalvik_register_get_type() +#define G_DALVIK_REGISTER(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dalvik_register_get_type(), GDalvikRegister)) +#define G_IS_DALVIK_REGISTER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dalvik_register_get_type())) +#define G_DALVIK_REGISTER_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DALVIK_REGISTER, GDalvikRegisterClass)) +#define G_IS_DALVIK_REGISTER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DALVIK_REGISTER)) +#define G_DALVIK_REGISTER_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DALVIK_REGISTER, GDalvikRegisterClass)) + + +/* Représentation d'un registre Dalvik (instance) */ +typedef struct _GDalvikRegister GDalvikRegister; + +/* Représentation d'un registre Dalvik (classe) */ +typedef struct _GDalvikRegisterClass GDalvikRegisterClass; + + +/* Indique le type défini pour une représentation d'un registre Dalvik. */ +GType g_dalvik_register_get_type(void); + +/* Crée une réprésentation de registre Dalvik. */ +GDalvikRegister *g_dalvik_register_new(uint16_t); + +/* Fournit l'indice d'un registre Dalvik. */ +uint16_t g_dalvik_register_get_index(const GDalvikRegister *); + +/* Compare un registre avec un autre. */ +int g_dalvik_register_compare(const GDalvikRegister *, const GDalvikRegister *); + + + +#endif /* _ARCH_DALVIK_REGISTERS_H */ diff --git a/plugins/dex/Makefile.am b/plugins/dex/Makefile.am new file mode 100755 index 0000000..a17b0f2 --- /dev/null +++ b/plugins/dex/Makefile.am @@ -0,0 +1,25 @@ + +lib_LTLIBRARIES = libdex.la + +libdex_la_SOURCES = \ + core.h core.c \ + class.h class.c \ + dex-int.h dex-int.c \ + dex_def.h \ + format.h format.c \ + loading.h loading.c \ + method.h method.c \ + pool.h pool.c + +libdex_la_LIBADD = \ + python/libdexpython.la + +libdex_la_LDFLAGS = \ + $(LIBPYTHON_LIBS) $(LIBPYGOBJECT_LIBS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + +SUBDIRS = python diff --git a/plugins/dex/class.c b/plugins/dex/class.c new file mode 100644 index 0000000..bb2ae71 --- /dev/null +++ b/plugins/dex/class.c @@ -0,0 +1,576 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * class.c - manipulation des classes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "class.h" + + +#include <malloc.h> + + +#include "dex-int.h" +#include "method.h" +#include "pool.h" + + + +/* Classe issue du code source (instance) */ +struct _GDexClass +{ + GObject parent; /* A laisser en premier */ + + class_def_item definition; /* Définition de la classe */ + bool has_data; /* Indicateur de présence */ + class_data_item data; /* Contenu de la classe */ + + GDexMethod **direct_methods; /* Méthodes propres */ + size_t dmethods_count; /* Quantité de ces méthodes */ + GDexMethod **virtual_methods; /* Méthodes virtuelles */ + size_t vmethods_count; /* Quantité de ces méthodes */ + +}; + +/* Classe issue du code source (classe) */ +struct _GDexClassClass +{ + GObjectClass parent; /* A laisser en premier */ + +}; + + +/* Procède à l'initialisation d'une classe issue du code source. */ +static void g_dex_class_class_init(GDexClassClass *); + +/* Procède à l'initialisation d'une classe issue du code source. */ +static void g_dex_class_init(GDexClass *); + +/* Supprime toutes les références externes. */ +static void g_dex_class_dispose(GDexClass *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dex_class_finalize(GDexClass *); + +/* Inscrit les méthodes d'une classe en tant que routines. */ +//static void g_dex_class_register_method(const GDexClass *, GBinFormat *); + + + +/* Détermine le type d'une classe issue du code source. */ +G_DEFINE_TYPE(GDexClass, g_dex_class, G_TYPE_OBJECT); + + +/****************************************************************************** +* * +* Paramètres : class = classe de composant GLib à initialiser. * +* * +* Description : Procède à l'initialisation d'une classe issue du code source.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_class_class_init(GDexClassClass *class) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(class); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dex_class_dispose; + object->finalize = (GObjectFinalizeFunc)g_dex_class_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : class = composant GLib à initialiser. * +* * +* Description : Procède à l'initialisation d'une classe issue du code source.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_class_init(GDexClass *class) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : class = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_class_dispose(GDexClass *class) +{ + size_t i; /* Boucle de parcours */ + + if (class->direct_methods != NULL) + for (i = 0; i < class->dmethods_count; i++) + if (class->direct_methods[i] != NULL) + g_object_unref(G_OBJECT(class->direct_methods[i])); + + if (class->virtual_methods != NULL) + for (i = 0; i < class->vmethods_count; i++) + if (class->virtual_methods[i] != NULL) + g_object_unref(G_OBJECT(class->virtual_methods[i])); + + G_OBJECT_CLASS(g_dex_class_parent_class)->dispose(G_OBJECT(class)); + +} + + +/****************************************************************************** +* * +* Paramètres : class = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_class_finalize(GDexClass *class) +{ + if (class->direct_methods != NULL) + free(class->direct_methods); + + if (class->virtual_methods != NULL) + free(class->virtual_methods); + + G_OBJECT_CLASS(g_dex_class_parent_class)->finalize(G_OBJECT(class)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* def = définitions générales associées à la classe. * +* * +* Description : Crée une nouvelle représentation de classe issue de code. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexClass *g_dex_class_new(GDexFormat *format, const class_def_item *def) +{ + GDexClass *result; /* Composant à retourner */ + vmpa2t addr; /* Tête de lecture générique */ + class_data_item data; /* Contenu de la classe */ + GDataType *ctype; /* Type créé par la classe */ + GBinFormat *base; /* Autre version du format */ + uleb128_t index; /* Conservation du dernier id */ + uleb128_t i; /* Boucle de parcours */ + GDexMethod *method; /* Méthode chargée */ + GBinRoutine *routine; /* Version interne de méthode */ + + result = g_object_new(G_TYPE_DEX_CLASS, NULL); + + result->definition = *def; + result->has_data = (def->class_data_off != 0); + + /* Interface vide ? */ + if (!result->has_data) + { + result->dmethods_count = 0; + result->direct_methods = NULL; + + result->vmethods_count = 0; + result->virtual_methods = NULL; + + goto gdcn_done; + + } + + init_vmpa(&addr, def->class_data_off, VMPA_NO_VIRTUAL); + + if (!read_dex_class_data_item(format, &addr, &data)) + goto gdcn_bad_item; + + result->data = data; + + /** + * On évite ici les méthodes (virtuelles) non définies. + */ + if (def->access_flags & ACC_ANNOTATION) goto gdcn_done; + + ctype = get_type_from_dex_pool(format, def->class_idx); + if (ctype == NULL) goto gdcn_unknown_type; + + base = G_BIN_FORMAT(format); + + index = 0; + + result->dmethods_count = data.direct_methods_size; + result->direct_methods = (GDexMethod **)calloc(result->dmethods_count, sizeof(GDexMethod *)); + + for (i = 0; i < data.direct_methods_size; i++) + { + method = g_dex_method_new_defined(format, &data.direct_methods[i], &index); + if (method == NULL) goto gdcn_bad_method; + + result->direct_methods[i] = method; + + /* Ajout à la liste des symboles */ + if (g_dex_method_has_dex_body(method)) + { + routine = g_dex_method_get_routine(method); + + g_object_ref(G_OBJECT(ctype)); + g_binary_routine_set_namespace(routine, ctype, "."); + + g_binary_format_add_symbol(base, G_BIN_SYMBOL(routine)); + + } + + } + + index = 0; + + result->vmethods_count = data.virtual_methods_size; + result->virtual_methods = (GDexMethod **)calloc(result->vmethods_count, sizeof(GDexMethod *)); + + for (i = 0; i < data.virtual_methods_size; i++) + { + method = g_dex_method_new_defined(format, &data.virtual_methods[i], &index); + if (method == NULL) goto gdcn_bad_method; + + result->virtual_methods[i] = method; + + /* Ajout à la liste des symboles */ + if (g_dex_method_has_dex_body(method)) + { + routine = g_dex_method_get_routine(method); + + g_object_ref(G_OBJECT(ctype)); + g_binary_routine_set_namespace(routine, ctype, "."); + + g_binary_format_add_symbol(base, G_BIN_SYMBOL(routine)); + + } + + } + + g_object_unref(G_OBJECT(ctype)); + + gdcn_done: + + return result; + + gdcn_bad_method: + + g_object_unref(G_OBJECT(ctype)); + + gdcn_unknown_type: + + gdcn_bad_item: + + g_object_unref(G_OBJECT(result)); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* * +* Description : Fournit la définition brute d'une classe. * +* * +* Retour : Données brutes issues du binaire chargé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const class_def_item *g_dex_class_get_definition(const GDexClass *class) +{ + return &class->definition; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* * +* Description : Fournit la définition brute des données d'une classe. * +* * +* Retour : Données brutes issues du binaire chargé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const class_data_item *g_dex_class_get_data(const GDexClass *class) +{ + return (class->has_data ? &class->data : NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* virtual = précise la nature des méthodes ciblées. * +* * +* Description : Dénombre les méthodes chargées d'un type donné. * +* * +* Retour : Quantité de méthodes trouvées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dex_class_count_methods(const GDexClass *class, bool virtual) +{ + size_t result; /* Compte à retourner */ + + if (virtual) + result = class->vmethods_count; + else + result = class->dmethods_count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* virtual = précise la nature des méthodes ciblées. * +* index = indique l'indice de la méthode désirée. * +* * +* Description : Fournit une méthode chargée correspondant à un type donné. * +* * +* Retour : Quantité de méthodes trouvées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_class_get_method(const GDexClass *class, bool virtual, size_t index) +{ + GDexMethod *result; /* Instance à renvoyer */ + + if (virtual) + result = class->virtual_methods[index]; + else + result = class->direct_methods[index]; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* format = format permettant d'obtenir une adresse complète. * +* * +* Description : Intègre la méthode en tant que portion de code. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dex_class_include_as_portion(const GDexClass *class, GExeFormat *format) +{ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < class->dmethods_count; i++) + g_dex_method_include_as_portion(class->direct_methods[i], format); + + for (i = 0; i < class->vmethods_count; i++) + g_dex_method_include_as_portion(class->virtual_methods[i], format); + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* addr = adresse de la routine à retrouver. * +* * +* Description : Retrouve si possible la méthode associée à une adresse. * +* * +* Retour : Méthde retrouvée ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_class_find_method_by_address(const GDexClass *class, vmpa_t addr) +{ + GDexMethod *result; /* Trouvaille à retourner */ + size_t i; /* Boucle de parcours */ + phys_t offset; /* Emplacement de méthode */ + + result = NULL; + +#if 0 /* FIXME */ + /* + +bool g_dex_method_get_offset(const GDexMethod *method, phys_t *offset) + + if (!g_exe_format_translate_offset_into_vmpa(G_EXE_FORMAT(format), method->offset, &addr)) + return; + + */ + + for (i = 0; i < class->dmethods_count && result == NULL; i++) + if (addr == (vmpa_t)g_dex_method_get_offset(class->direct_methods[i])) + result = class->direct_methods[i]; + + for (i = 0; i < class->vmethods_count && result == NULL; i++) + if (addr == (vmpa_t)g_dex_method_get_offset(class->virtual_methods[i])) + result = class->virtual_methods[i]; +#endif + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* format = représentation interne du format DEX à compléter. * +* * +* Description : Retrouve si possible le nom du fichier source d'une classe. * +* * +* Retour : Nom du fichier trouvé ou NULL si aucun. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char *g_dex_class_get_source_file(const GDexClass *class, const GDexFormat *format) +{ + const char *result; /* Trouvaille à renvoyer */ + + result = get_string_from_dex_pool(format, class->definition.source_file_idx, NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* lang = langage à utiliser pour la sortie humaine. * +* buffer = tampon mis à disposition pour la sortie. * +* format = informations chargées à consulter. * +* * +* Description : Procède à la décompilation complète d'une classe donnée. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ +#if 0 +void g_dex_class_decompile(const GDexClass *class, GLangOutput *lang, GCodeBuffer *buffer, const GDexFormat *format) +{ + +#if 0 + GDataType *type; + + + size_t i; /* Boucle de parcours */ + + + /* +GBufferLine *line, GLangOutput *output) + + for (i = 0; i < block->count; i++) + { + if (i > 0) + line = g_code_buffer_append_new_line(buffer); + +*/ + + + + type = get_type_from_dex_pool(format, class->definition.class_idx); + + //g_buffer_line_append_text(line, BLC_ASSEMBLY, "{", 3, RTT_SIGNS, NULL); + + //printf("Output :: %s\n", _g_data_type_to_string(type, true)); + + + + g_lang_output_start_class(lang, buffer, type); + + + + for (i = 0; i < class->vmethods_count; i++) + { + g_dex_method_decompile(class->virtual_methods[i], lang, buffer); + g_code_buffer_append_new_line_fixme(buffer); + } + + for (i = 0; i < class->dmethods_count; i++) + { + g_dex_method_decompile(class->direct_methods[i], lang, buffer); + g_code_buffer_append_new_line_fixme(buffer); + } + + + + + + + + + g_lang_output_end_class(lang, buffer); + + + +#endif + + +} +#endif diff --git a/plugins/dex/class.h b/plugins/dex/class.h new file mode 100644 index 0000000..73dd5df --- /dev/null +++ b/plugins/dex/class.h @@ -0,0 +1,89 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * class.h - prototypes pour la manipulation des classes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_CLASS_H +#define _PLUGINS_DEX_CLASS_H + + +#include <glib-object.h> + + +#include "format.h" +#include "method.h" + + + +#define G_TYPE_DEX_CLASS (g_dex_class_get_type()) +#define G_DEX_CLASS(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DEX_CLASS, GDexClass)) +#define G_DEX_CLASS_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DEX_CLASS, GDexClassClass)) +#define G_IS_DEX_CLASS(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DEX_CLASS)) +#define G_IS_DEX_CLASS_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DEX_CLASS)) +#define G_DEX_CLASS_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DEX_CLASS, GDexClassClass)) + + + +/* Classe issue du code source (instance) */ +typedef struct _GDexClass GDexClass; + +/* Classe issue du code source (classe) */ +typedef struct _GDexClassClass GDexClassClass; + + + +/* Détermine le type d'une classe issue du code source. */ +GType g_dex_class_get_type(void); + +/* Crée une nouvelle représentation de classe issue de code. */ +GDexClass *g_dex_class_new(GDexFormat *, const class_def_item *); + +/* Fournit la définition brute d'une classe. */ +const class_def_item *g_dex_class_get_definition(const GDexClass *); + +/* Fournit la définition brute des données d'une classe. */ +const class_data_item *g_dex_class_get_data(const GDexClass *); + +/* Dénombre les méthodes chargées d'un type donné. */ +size_t g_dex_class_count_methods(const GDexClass *, bool); + +/* Fournit une méthode chargée correspondant à un type donné. */ +GDexMethod *g_dex_class_get_method(const GDexClass *, bool, size_t); + +/* Intègre la méthode en tant que portion de code. */ +void g_dex_class_include_as_portion(const GDexClass *, GExeFormat *); + +/* Retrouve si possible la méthode associée à une adresse. */ +GDexMethod *g_dex_class_find_method_by_address(const GDexClass *, vmpa_t); + +/* Retrouve si possible le nom du fichier source d'une classe. */ +const char *g_dex_class_get_source_file(const GDexClass *, const GDexFormat *); + +/* Procède à la décompilation complète d'une classe donnée. */ +//void g_dex_class_decompile(const GDexClass *, GLangOutput *, GCodeBuffer *, const GDexFormat *); + + + + + + + +#endif /* _PLUGINS_DEX_CLASS_H */ diff --git a/plugins/dex/core.c b/plugins/dex/core.c new file mode 100644 index 0000000..c69904c --- /dev/null +++ b/plugins/dex/core.c @@ -0,0 +1,68 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.c - intégration du support du format ELF + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "core.h" + + +#include <core/formats.h> +#include <plugins/plugin-def.h> + + +#include "format.h" +#include "python/module.h" + + + +DEFINE_CHRYSALIDE_PLUGIN("dex", "Add suport for the DEX format", "0.1.0", + RL("PyChrysalide"), AL(PGA_PLUGIN_INIT)); + + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* ref = espace de référencement global. * +* * +* Description : Prend acte du chargement du greffon. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) +{ + bool result; /* Bilan à retourner */ + + result = register_format_matcher(dex_is_matching, NULL); + + if (result) + result = register_format_loader("dex", "Dalvik Executable format", g_dex_format_new); + + if (result) + result = add_format_dex_module_to_python_module(); + + return result; + +} diff --git a/plugins/dex/core.h b/plugins/dex/core.h new file mode 100644 index 0000000..9852948 --- /dev/null +++ b/plugins/dex/core.h @@ -0,0 +1,38 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour l'intégration du support du format ELF + * + * Copyright (C) 2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_CORE_H +#define _PLUGINS_DEX_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + + + +#endif /* _PLUGINS_DEX_CORE_H */ diff --git a/plugins/dex/dex-int.c b/plugins/dex/dex-int.c new file mode 100644 index 0000000..3f3eccb --- /dev/null +++ b/plugins/dex/dex-int.c @@ -0,0 +1,1115 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dex-int.c - structures internes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dex-int.h" + + +#include <assert.h> +#include <malloc.h> + + +#include <i18n.h> + + +#include <common/endianness.h> +#include <plugins/dalvik/instruction-def.h> + + + +/* ---------------------------------------------------------------------------------- */ +/* DESCRIPTION DU FORMAT DALVIK */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* header = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une en-tête de programme DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_header(const GDexFormat *format, vmpa2t *pos, dex_header *header) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + size_t i; /* Boucle de parcours */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + for (i = 0; i < DEX_FILE_MAGIC_LEN && result; i++) + result = g_binary_content_read_u8(content, pos, &header->magic[i]); + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->checksum); + + for (i = 0; i < 20 && result; i++) + result = g_binary_content_read_u8(content, pos, &header->signature[i]); + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->file_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->header_size); + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->endian_tag); + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->link_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->link_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->map_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->string_ids_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->string_ids_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->type_ids_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->type_ids_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->proto_ids_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->proto_ids_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->field_ids_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->field_ids_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->method_ids_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->method_ids_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->class_defs_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->class_defs_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->data_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &header->data_off); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* ELEMENTS DE TABLE DES CONSTANTES */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* str_id = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un identifiant de chaîne DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_string_id_item(const GDexFormat *format, vmpa2t *pos, string_id_item *str_id) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &str_id->string_data_off); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* str_data = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture de proriétés de chaîne DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_string_data_item(const GDexFormat *format, vmpa2t *pos, string_data_item *str_data) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_uleb128(content, pos, &str_data->utf16_size); + + if (result) + { + str_data->data = g_binary_content_get_raw_access(content, pos, str_data->utf16_size); + result = (str_data->data != NULL); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un identifiant de type DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_type_id_item(const GDexFormat *format, vmpa2t *pos, type_id_item *item) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &item->descriptor_idx); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* proto_id = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une description de prototype. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_proto_id_item(const GDexFormat *format, vmpa2t *pos, proto_id_item *proto_id) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &proto_id->shorty_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &proto_id->return_type_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &proto_id->parameters_off); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* field_id = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une description de champ. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_field_id_item(const GDexFormat *format, vmpa2t *pos, field_id_item *field_id) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &field_id->class_idx); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &field_id->type_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &field_id->name_idx); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* meth_id = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une description de méthode. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_method_id_item(const GDexFormat *format, vmpa2t *pos, method_id_item *meth_id) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &meth_id->class_idx); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &meth_id->proto_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &meth_id->name_idx); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* class_def = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture des propriétés d'une classe DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_class_def_item(const GDexFormat *format, vmpa2t *pos, class_def_item *class_def) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->class_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->access_flags); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->superclass_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->interfaces_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->source_file_idx); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->annotations_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->class_data_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &class_def->static_values_off); + + return result; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* DESCRIPTION DE CLASSES DEX */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* field = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un champ quelconque DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_field(const GDexFormat *format, vmpa2t *pos, encoded_field *field) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_uleb128(content, pos, &field->field_idx_diff); + result &= g_binary_content_read_uleb128(content, pos, &field->access_flags); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* method = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une méthode quelconque DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_method(const GDexFormat *format, vmpa2t *pos, encoded_method *method) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + copy_vmpa(&method->origin, pos); + + result &= g_binary_content_read_uleb128(content, pos, &method->method_idx_diff); + result &= g_binary_content_read_uleb128(content, pos, &method->access_flags); + result &= g_binary_content_read_uleb128(content, pos, &method->code_off); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un type DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_type_item(const GDexFormat *format, vmpa2t *pos, type_item *item) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->type_idx); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* list = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une liste de types DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_type_list(const GDexFormat *format, vmpa2t *pos, type_list *list) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &list->size); + + list->list = (type_item *)g_binary_content_get_raw_access(content, pos, list->size * sizeof(type_item)); + result &= (list->list != NULL); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un contenu de classe DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_class_data_item(const GDexFormat *format, vmpa2t *pos, class_data_item *item) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + uleb128_t i; /* Boucle de parcours */ + + result = true; + + item->static_fields = NULL; + item->instance_fields = NULL; + item->direct_methods = NULL; + item->virtual_methods = NULL; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_uleb128(content, pos, &item->static_fields_size); + result &= g_binary_content_read_uleb128(content, pos, &item->instance_fields_size); + result &= g_binary_content_read_uleb128(content, pos, &item->direct_methods_size); + result &= g_binary_content_read_uleb128(content, pos, &item->virtual_methods_size); + + if (result && item->static_fields_size > 0) + { + item->static_fields = (encoded_field *)calloc(item->static_fields_size, sizeof(encoded_field)); + if (item->static_fields == NULL) item->static_fields_size = 0; + + for (i = 0; i < item->static_fields_size && result; i++) + result = read_dex_encoded_field(format, pos, &item->static_fields[i]); + + } + + if (result && item->instance_fields_size > 0) + { + item->instance_fields = (encoded_field *)calloc(item->instance_fields_size, sizeof(encoded_field)); + if (item->instance_fields == NULL) item->instance_fields_size = 0; + + for (i = 0; i < item->instance_fields_size && result; i++) + result = read_dex_encoded_field(format, pos, &item->instance_fields[i]); + + } + + if (result && item->direct_methods_size > 0) + { + item->direct_methods = (encoded_method *)calloc(item->direct_methods_size, sizeof(encoded_method)); + if (item->direct_methods == NULL) item->direct_methods_size = 0; + + for (i = 0; i < item->direct_methods_size && result; i++) + result = read_dex_encoded_method(format, pos, &item->direct_methods[i]); + + } + + if (result && item->virtual_methods_size > 0) + { + item->virtual_methods = (encoded_method *)calloc(item->virtual_methods_size, sizeof(encoded_method)); + if (item->virtual_methods == NULL) item->virtual_methods_size = 0; + + for (i = 0; i < item->virtual_methods_size && result; i++) + result = read_dex_encoded_method(format, pos, &item->virtual_methods[i]); + + } + + if (!result) + reset_dex_class_data_item(item); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_class_data_item(class_data_item *item) +{ + if (item->static_fields != NULL) + free(item->static_fields); + + if (item->instance_fields != NULL) + free(item->instance_fields); + + if (item->direct_methods != NULL) + free(item->direct_methods); + + if (item->virtual_methods != NULL) + free(item->virtual_methods); + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* PORTION DE CODE EXECUTABLE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* pair = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_type_addr_pair(const GDexFormat *format, vmpa2t *pos, encoded_type_addr_pair *pair) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_uleb128(content, pos, &pair->type_idx); + result &= g_binary_content_read_uleb128(content, pos, &pair->addr); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* handler = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_catch_handler(const GDexFormat *format, vmpa2t *pos, encoded_catch_handler *handler) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + leb128_t count; /* Nombre de gestionnaires */ + leb128_t i; /* Boucle de parcours */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + handler->offset = get_phy_addr(pos); + + result &= g_binary_content_read_leb128(content, pos, &handler->size); + + count = leb128_abs(handler->size); + + if (count > 0 && result) + { + handler->handlers = (encoded_type_addr_pair *)calloc(count, sizeof(encoded_type_addr_pair)); + + for (i = 0; i < count && result; i++) + result &= read_dex_encoded_type_addr_pair(format, pos, &handler->handlers[i]); + + } + else handler->handlers = NULL; + + if (handler->size <= 0) + result &= g_binary_content_read_uleb128(content, pos, &handler->catch_all_addr); + + else + handler->catch_all_addr = ULEB128_MAX; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : handler = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_encoded_catch_handler(encoded_catch_handler *handler) +{ + if (handler->handlers != NULL) + free(handler->handlers); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* list = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_catch_handler_list(const GDexFormat *format, vmpa2t *pos, encoded_catch_handler_list *list) +{ + bool result; /* Bilan à retourner */ + off_t saved_off; /* Sauvegarde de position */ + GBinContent *content; /* Contenu binaire à lire */ + uleb128_t i; /* Boucle de parcours */ + + result = true; + + saved_off = get_phy_addr(pos); + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_uleb128(content, pos, &list->size); + + if (list->size > 0 && result) + { + list->list = (encoded_catch_handler *)calloc(list->size, sizeof(encoded_catch_handler)); + + for (i = 0; i < list->size && result; i++) + { + result &= read_dex_encoded_catch_handler(format, pos, &list->list[i]); + if (result) list->list[i].offset -= saved_off; + } + + } + else list->list = NULL; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : list = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_encoded_catch_handler_list(encoded_catch_handler_list *list) +{ + uleb128_t i; /* Boucle de parcours */ + + if (list->list != NULL) + { + for (i = 0; i < list->size; i++) + reset_dex_encoded_catch_handler(&list->list[i]); + + free(list->list); + + } + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_try_item(const GDexFormat *format, vmpa2t *pos, try_item *item) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &item->start_addr); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->insn_count); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->handler_off); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une portion de code DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_code_item(const GDexFormat *format, vmpa2t *pos, code_item *item) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + vmpa2t origin; /* Mémorisation d'une position */ + uint16_t padding; /* Eventuel alignement */ + uint16_t i; /* Boucle de parcours */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->registers_size); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->ins_size); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->outs_size); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &item->tries_size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &item->debug_info_off); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &item->insns_size); + + item->insns = (uint16_t *)g_binary_content_get_raw_access(content, pos, item->insns_size * sizeof(uint16_t)); + if (item->insns == NULL) goto rdci_bad_insns; + + /* Padding ? */ + if (item->tries_size > 0 && item->insns_size % 2 == 1) + { + copy_vmpa(&origin, pos); + + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &padding); + + if (padding != 0) + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_SPECIFICATION, &origin, + _("Expected a null value as padding.")); + + } + + if (item->tries_size > 0 && result) + { + assert(get_phy_addr(pos) % 4 == 0); + + item->tries = (try_item *)calloc(item->tries_size, sizeof(try_item)); + if (item->tries == NULL) goto rdci_bad_tries; + + for (i = 0; i < item->tries_size && result; i++) + result &= read_dex_try_item(format, pos, &item->tries[i]); + + if (result) + { + item->handlers = (encoded_catch_handler_list *)calloc(1, sizeof(encoded_catch_handler_list)); + result &= read_dex_encoded_catch_handler_list(format, pos, item->handlers); + } + + else + item->handlers = NULL; + + } + + else + { + item->tries = NULL; + item->handlers = NULL; + } + + return result; + + rdci_bad_insns: + + item->tries = NULL; + + rdci_bad_tries: + + item->handlers = NULL; + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : item = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_code_item(code_item *item) +{ + if (item->tries != NULL) + free(item->tries); + + if (item->handlers != NULL) + { + reset_dex_encoded_catch_handler_list(item->handlers); + free(item->handlers); + } + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* AIGUILLAGES DIVERS */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* packed = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un contenu d'aiguillage compact. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_packed_switch(const GDexFormat *format, vmpa2t *pos, packed_switch *packed) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + uint16_t i; /* Boucle de parcours */ + + result = true; + + packed->targets = NULL; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &packed->ident); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &packed->size); + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &packed->first_key); + + if (result && packed->size > 0) + { + packed->targets = (uint32_t *)calloc(packed->size, sizeof(uint32_t)); + + for (i = 0; i < packed->size && result; i++) + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &packed->targets[i]); + + } + + if (!result) + reset_dex_packed_switch(packed); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : packed = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_packed_switch(packed_switch *packed) +{ + if (packed->targets != NULL) + free(packed->targets); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* sparse = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un contenu d'aiguillage dispersé. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_sparse_switch(const GDexFormat *format, vmpa2t *pos, sparse_switch *sparse) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + uint16_t i; /* Boucle de parcours */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + sparse->keys = NULL; + sparse->targets = NULL; + + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &sparse->ident); + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &sparse->size); + + if (result && sparse->size > 0) + { + sparse->keys = (uint32_t *)calloc(sparse->size, sizeof(uint32_t)); + sparse->targets = (uint32_t *)calloc(sparse->size, sizeof(uint32_t)); + + for (i = 0; i < sparse->size && result; i++) + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &sparse->keys[i]); + + for (i = 0; i < sparse->size && result; i++) + result &= g_binary_content_read_u32(content, pos, SRE_LITTLE, &sparse->targets[i]); + + } + + if (!result) + reset_dex_sparse_switch(sparse); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : sparse = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_sparse_switch(sparse_switch *sparse) +{ + if (sparse->keys != NULL) + free(sparse->keys); + + if (sparse->targets != NULL) + free(sparse->targets); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* dsxitch = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un contenu d'aiguillage Dex interne. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_switch(const GDexFormat *format, vmpa2t *pos, dex_switch *dswitch) +{ + bool result; /* Bilan à retourner */ + GBinContent *content; /* Contenu binaire à lire */ + uint16_t ident; /* Pseudo-code d'identification*/ + + result = true; + + content = G_BIN_FORMAT(format)->content; + + result &= g_binary_content_read_u16(content, pos, SRE_LITTLE, &ident); + + /** + * La tête de lecture n'est pas mise à jour volontairement ! + */ + + if (result) + { + if (ident == DPO_PACKED_SWITCH) + result = read_dex_packed_switch(format, pos, (packed_switch *)dswitch); + + else if (ident == DPO_SPARSE_SWITCH) + result = read_dex_sparse_switch(format, pos, (sparse_switch *)dswitch); + + else + result = false; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : dswitch = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_switch(dex_switch *dswitch) +{ + if (dswitch->packed.ident == DPO_PACKED_SWITCH) + reset_dex_packed_switch((packed_switch *)dswitch); + else + reset_dex_sparse_switch((sparse_switch *)dswitch); + +} diff --git a/plugins/dex/dex-int.h b/plugins/dex/dex-int.h new file mode 100755 index 0000000..60d2f4d --- /dev/null +++ b/plugins/dex/dex-int.h @@ -0,0 +1,177 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dex-int.h - prototypes pour les structures internes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_DEX_INT_H +#define _PLUGINS_DEX_DEX_INT_H + + +#include <format/executable-int.h> + + +#include "class.h" +#include "dex_def.h" +#include "format.h" + + + +/* Format d'exécutable DEX (instance) */ +struct _GDexFormat +{ + GExeFormat parent; /* A laisser en premier */ + + dex_header header; /* En-tête du programme */ + + GDataType **types; /* Types partagés pour Dalvik */ + GBinVariable **fields; /* Champs de données partagés */ + GDexClass **classes; /* Classes retrouvées */ + +}; + +/* Format d'exécutable DEX (classe) */ +struct _GDexFormatClass +{ + GExeFormatClass parent; /* A laisser en premier */ + +}; + + +/* Retrouve si possible la méthode associée à une adresse. */ +GDexMethod *g_dex_format_find_method_by_address(const GDexFormat *, vmpa_t); + +/* Dénombre le nombre de classes trouvées. */ +size_t g_dex_format_count_classes(const GDexFormat *); + +/* Fournit une classe du format chargée en mémoire. */ +GDexClass *g_dex_format_get_class(const GDexFormat *, size_t); + + +/* -------------------------- DESCRIPTION DU FORMAT DALVIK -------------------------- */ + + +/* Procède à la lecture d'une en-tête de programme DEX. */ +bool read_dex_header(const GDexFormat *, vmpa2t *, dex_header *); + + + +/* ------------------------ ELEMENTS DE TABLE DES CONSTANTES ------------------------ */ + + +/* Procède à la lecture d'un identifiant de chaîne DEX. */ +bool read_dex_string_id_item(const GDexFormat *, vmpa2t *, string_id_item *); + +/* Procède à la lecture de proriétés de chaîne DEX. */ +bool read_dex_string_data_item(const GDexFormat *, vmpa2t *, string_data_item *); + +/* Procède à la lecture d'un identifiant de type DEX. */ +bool read_dex_type_id_item(const GDexFormat *, vmpa2t *, type_id_item *); + +/* Procède à la lecture d'une description de prototype. */ +bool read_dex_proto_id_item(const GDexFormat *, vmpa2t *, proto_id_item *); + +/* Procède à la lecture d'une description de champ. */ +bool read_dex_field_id_item(const GDexFormat *, vmpa2t *, field_id_item *); + +/* Procède à la lecture d'une description de méthode. */ +bool read_dex_method_id_item(const GDexFormat *, vmpa2t *, method_id_item *); + +/* Procède à la lecture des propriétés d'une classe DEX. */ +bool read_dex_class_def_item(const GDexFormat *, vmpa2t *, class_def_item *); + + + +/* --------------------------- DESCRIPTION DE CLASSES DEX --------------------------- */ + + +/* Procède à la lecture d'un champ quelconque DEX. */ +bool read_dex_encoded_field(const GDexFormat *, vmpa2t *, encoded_field *); + +/* Procède à la lecture d'une méthode quelconque DEX. */ +bool read_dex_encoded_method(const GDexFormat *, vmpa2t *, encoded_method *); + +/* Procède à la lecture d'un type DEX. */ +bool read_dex_type_item(const GDexFormat *, vmpa2t *, type_item *); + +/* Procède à la lecture d'une liste de types DEX. */ +bool read_dex_type_list(const GDexFormat *, vmpa2t *, type_list *); + +/* Procède à la lecture d'un contenu de classe DEX. */ +bool read_dex_class_data_item(const GDexFormat *, vmpa2t *, class_data_item *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_class_data_item(class_data_item *); + + + +/* --------------------------- PORTION DE CODE EXECUTABLE --------------------------- */ + + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_type_addr_pair(const GDexFormat *, vmpa2t *, encoded_type_addr_pair *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_catch_handler(const GDexFormat *, vmpa2t *, encoded_catch_handler *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_encoded_catch_handler(encoded_catch_handler *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_catch_handler_list(const GDexFormat *, vmpa2t *, encoded_catch_handler_list *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_encoded_catch_handler_list(encoded_catch_handler_list *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_try_item(const GDexFormat *, vmpa2t *, try_item *); + +/* Procède à la lecture d'une portion de code DEX. */ +bool read_dex_code_item(const GDexFormat *, vmpa2t *, code_item *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_code_item(code_item *); + + + +/* ------------------------------- AIGUILLAGES DIVERS ------------------------------- */ + + +/* Procède à la lecture d'un contenu d'aiguillage compact. */ +bool read_dex_packed_switch(const GDexFormat *, vmpa2t *, packed_switch *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_packed_switch(packed_switch *); + +/* Procède à la lecture d'un contenu d'aiguillage dispersé. */ +bool read_dex_sparse_switch(const GDexFormat *, vmpa2t *, sparse_switch *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_sparse_switch(sparse_switch *); + +/* Procède à la lecture d'un contenu d'aiguillage Dex interne. */ +bool read_dex_switch(const GDexFormat *, vmpa2t *, dex_switch *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_switch(dex_switch *); + + + +#endif /* _PLUGINS_DEX_DEX_INT_H */ diff --git a/plugins/dex/dex_def.h b/plugins/dex/dex_def.h new file mode 100755 index 0000000..1d2e0d7 --- /dev/null +++ b/plugins/dex/dex_def.h @@ -0,0 +1,327 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dex_def.h - liste des structures et constantes utilisées par le format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_DEX_DEF_H +#define _PLUGINS_DEX_DEX_DEF_H + + +#include <common/leb128.h> + + + +/* -------------------------- DESCRIPTION DU FORMAT DALVIK -------------------------- */ + + +/* Identifiant magique "dex\n035\0" */ +#define DEX_FILE_MAGIC "\x64\x65\x78\x0a\x30\x33\x35\x00" +#define DEX_FILE_MAGIC_LEN 8 + +/* Types de boutisme */ +#define ENDIAN_CONSTANT 0x12345678 +#define REVERSE_ENDIAN_CONSTANT 0x78563412 + +/* Indice non valide */ +#define NO_INDEX 0xffffffff + + +/* En-tête de tout programe Dex */ +typedef struct _dex_header +{ + uint8_t magic[DEX_FILE_MAGIC_LEN]; /* Valeur magique du format */ + + uint32_t checksum; /* Somme de contrôle adler32 */ + uint8_t signature[20]; /* Emprunte SHA-1 du reste */ + uint32_t file_size; /* Taille du fichier */ + uint32_t header_size; /* Taille de cette en-tête */ + + uint32_t endian_tag; /* Boutisme du fichier */ + + uint32_t link_size; /* Taille de section 'liaisons'*/ + uint32_t link_off; /* Position de ladite section */ + uint32_t map_off; /* Position de la cartographie */ + uint32_t string_ids_size; /* Nombre de chaînes de carac. */ + uint32_t string_ids_off; /* Position de cette liste */ + uint32_t type_ids_size; /* Nom d'identifiant de type */ + uint32_t type_ids_off; /* Position de la liste */ + uint32_t proto_ids_size; /* Nombre de prototypes */ + uint32_t proto_ids_off; /* Position de la liste */ + uint32_t field_ids_size; /* Nombre de champs */ + uint32_t field_ids_off; /* Position de la liste */ + uint32_t method_ids_size; /* Nombre de méthodes */ + uint32_t method_ids_off; /* Position de la liste */ + uint32_t class_defs_size; /* Nombre de classes déclarées */ + uint32_t class_defs_off; /* Position de la liste */ + uint32_t data_size; /* Taille des données */ + uint32_t data_off; /* Début des données */ + +} dex_header; + + + +/* -------------------------- CONSTANTES POUR DEX DIVERSES -------------------------- */ + + +/* Définition des drapeaux d'accès */ + +#define ACC_PUBLIC 0x00001 /* Elément publique */ +#define ACC_PRIVATE 0x00002 /* Elément privé */ +#define ACC_PROTECTED 0x00004 /* Elément protégé */ +#define ACC_STATIC 0x00008 /* Elément statique */ +#define ACC_FINAL 0x00010 /* Non dérivable / modifiable */ +#define ACC_SYNCHRONIZED 0x00020 /* Pose de verrou automatique */ +#define ACC_VOLATILE 0x00040 /* Accès spécial threads */ +#define ACC_BRIDGE 0x00040 /* Méthode pont */ +#define ACC_TRANSIENT 0x00080 /* Pas de sérialisation */ +#define ACC_VARARGS 0x00080 /* Arguments variables */ +#define ACC_NATIVE 0x00100 /* Implémentation en code natif*/ +#define ACC_INTERFACE 0x00200 /* Interface */ +#define ACC_ABSTRACT 0x00400 /* Non instanciable directement*/ +#define ACC_STRICT 0x00800 /* Règle pour les flottants */ +#define ACC_SYNTHETIC 0x01000 /* Non défini dans le code */ +#define ACC_ANNOTATION 0x02000 /* Annotation */ +#define ACC_ENUM 0x04000 /* Enumération */ +#define ACC_CONSTRUCTOR 0x10000 /* Constructeur */ +#define ACC_DECLARED_SYNCHRONIZED 0x20000 /* Pose de verrou automatique */ + + + +/* ------------------------ ELEMENTS DE TABLE DES CONSTANTES ------------------------ */ + + +/* Chaîne de caractères */ + +typedef struct _string_id_item +{ + uint32_t string_data_off; /* Propriétés de la chaîne */ + +} string_id_item; + +typedef struct _string_data_item +{ + uleb128_t utf16_size; /* Taille du décodage */ + const uint8_t *data; /* Caractères terminés par '\0'*/ + +} string_data_item; + +/* Description d'un type */ +typedef struct _type_id_item +{ + uint32_t descriptor_idx; /* Description du type */ + +} type_id_item; + +/* Description d'un prototype */ +typedef struct _proto_id_item +{ + uint32_t shorty_idx; /* Description version courte */ + uint32_t return_type_idx; /* Type de retour */ + uint32_t parameters_off; /* Position des arguments */ + +} proto_id_item; + +/* Description d'un champ */ +typedef struct _field_id_item +{ + uint16_t class_idx; /* Classe d'appartenance */ + uint16_t type_idx; /* Type du champ */ + uint32_t name_idx; /* Nom du champ */ + +} field_id_item; + +/* Description d'une méthode */ +typedef struct _method_id_item +{ + uint16_t class_idx; /* Classe d'appartenance */ + uint16_t proto_idx; /* Prototype de la méthode */ + uint32_t name_idx; /* Nom de la méthode */ + +} method_id_item; + +/* Description d'une classe */ +typedef struct _class_def_item +{ + uint32_t class_idx; /* Type de la classe */ + uint32_t access_flags; /* Drapeaux d'accès déclarés */ + uint32_t superclass_idx; /* Type de la classe parente */ + uint32_t interfaces_off; /* Liste des interfaces */ + uint32_t source_file_idx; /* Fichier source d'origine */ + uint32_t annotations_off; /* Eventuelles annotations */ + uint32_t class_data_off; /* Données de la classe */ + uint32_t static_values_off; /* Initialisations statiques */ + +} class_def_item; + + + +/* --------------------------- DESCRIPTION DE CLASSES DEX --------------------------- */ + + +/* Propriétés d'une champ */ +typedef struct _encoded_field +{ + uleb128_t field_idx_diff; /* Description du champ */ + uleb128_t access_flags; /* Conditions d'accès */ + +} encoded_field; + +/* Propriétés d'une méthode */ +typedef struct _encoded_method +{ + uleb128_t method_idx_diff; /* Description de la méthode */ + uleb128_t access_flags; /* Conditions d'accès */ + uleb128_t code_off; /* Position du code associé */ + + vmpa2t origin; /* Rajout pour suivi interne */ + +} encoded_method; + +/* Type quelconque */ +typedef struct _type_item +{ + uint16_t type_idx; /* Indice dans la table adaptée*/ + +} type_item; + +/* Liste de types */ +typedef struct _type_list +{ + uint32_t size; /* Nombre d'éléments présents */ + type_item *list; /* Liste des éléments inscrits */ + +} type_list; + +/* Données de fonctionnement pour classe */ +typedef struct _class_data_item +{ + uleb128_t static_fields_size; /* Quantité de champs statiques*/ + uleb128_t instance_fields_size; /* Qté de champs instanciables */ + uleb128_t direct_methods_size; /* Qté de méthodes propres */ + uleb128_t virtual_methods_size; /* Qté de méthodes virtuelles */ + + encoded_field *static_fields; /* Champs statiques */ + encoded_field *instance_fields; /* Champs instanciables */ + encoded_method *direct_methods; /* Méthodes propres */ + encoded_method *virtual_methods; /* Méthodes virtuelles */ + +} class_data_item; + + + +/* --------------------------- PORTION DE CODE EXECUTABLE --------------------------- */ + + +/* Exception gérée */ +typedef struct _encoded_type_addr_pair +{ + uleb128_t type_idx; /* Type d'exception couverte */ + uleb128_t addr; /* Adresse du début du code */ + +} encoded_type_addr_pair; + +/* Ensemble d'exceptions prises en compte */ +typedef struct _encoded_catch_handler +{ + leb128_t size; /* Quantité d'exceptions */ + encoded_type_addr_pair *handlers; /* Gestionnaires explicites */ + uleb128_t catch_all_addr; /* Adresse par défaut */ + + /** + * Note : les spécifications indiquent que le champ handler_off de + * try_item renvoie vers le gestionnaire à partir de la base de la structure + * encoded_catch_handler_list. Comme la représentation interne de cette + * structure efface la représentation physique, on conserve en mémoire + * le décalage rencontré à la lecture dans un champ artificiel. + */ + phys_t offset; /* Position dans le binaire */ + +} encoded_catch_handler; + +/* Liste des différents gestionnaires d'exceptions */ +typedef struct _encoded_catch_handler_list +{ + uleb128_t size; /* Taille de la liste */ + encoded_catch_handler *list; /* Gestionnaires en place */ + +} encoded_catch_handler_list; + +/* Zone couverte en cas de pépin */ +typedef struct _try_item +{ + uint32_t start_addr; /* Adresse du début couvert */ + uint16_t insn_count; /* Nbre de doubles-octets gérés*/ + uint16_t handler_off; /* Indice du gestionnaire */ + +} try_item; + +/* Description de la zone */ +typedef struct _code_item +{ + uint16_t registers_size; /* Qté de registres utilisés */ + uint16_t ins_size; /* Nbre d'arguments en entrée */ + uint16_t outs_size; /* Nbre d'arguments en sortie */ + uint16_t tries_size; /* Qté de try/catch */ + uint32_t debug_info_off; /* Information de débogage */ + uint32_t insns_size; /* Nbre de blocs de 2 octets */ + + uint16_t *insns; /* Code exécutable */ + try_item *tries; /* Zone d'exceptions */ + encoded_catch_handler_list *handlers; /* Gestionnaires associés */ + +} code_item; + + + +/* ------------------------------- AIGUILLAGES DIVERS ------------------------------- */ + + +/* Aiguillage compressé */ +typedef struct _packed_switch +{ + uint16_t ident; /* Pseudo-code d'identification*/ + uint16_t size; /* Nombre d'entrées */ + uint32_t first_key; /* Première et plus petite clef*/ + uint32_t *targets; /* Cibles relatives */ + +} packed_switch; + +/* Aiguillage dispersé */ +typedef struct _sparse_switch +{ + uint16_t ident; /* Pseudo-code d'identification*/ + uint16_t size; /* Nombre d'entrées */ + uint32_t *keys; /* Clefs valeureuses */ + uint32_t *targets; /* Cibles relatives */ + +} sparse_switch; + +/* Manipulation interne */ +typedef union _dex_switch +{ + packed_switch packed; /* Modèle compact */ + sparse_switch sparse; /* Modèle dispersé */ + +} dex_switch; + + + +#endif /* _PLUGINS_DEX_DEX_DEF_H */ diff --git a/plugins/dex/format.c b/plugins/dex/format.c new file mode 100755 index 0000000..72d0dd5 --- /dev/null +++ b/plugins/dex/format.c @@ -0,0 +1,611 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * format.c - support du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "format.h" + + +#include <string.h> + + +#include <i18n.h> +#include <core/global.h> +#include <plugins/pglist.h> + + +#include "dex-int.h" +#include "pool.h" + + + +/* Initialise la classe des formats d'exécutables DEX. */ +static void g_dex_format_class_init(GDexFormatClass *); + +/* Initialise une instance de format d'exécutable DEX. */ +static void g_dex_format_init(GDexFormat *); + +/* Supprime toutes les références externes. */ +static void g_dex_format_dispose(GDexFormat *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dex_format_finalize(GDexFormat *); + +/* Informe quant au boutisme utilisé. */ +static SourceEndian g_dex_format_get_endianness(const GDexFormat *); + +/* Indique le type d'architecture visée par le format. */ +static const char *g_dex_format_get_target_machine(const GDexFormat *); + +/* Etend la définition des portions au sein d'un binaire. */ +static void g_dex_format_refine_portions(GDexFormat *); + +/* Fournit l'emplacement d'une section donnée. */ +static bool g_dex_format_get_section_range_by_name(const GDexFormat *, const char *, mrange_t *); + + + + + + + + + + + + + +/* Détermine tous les fichiers source indiqués. */ +//static void g_dex_format_find_all_sources(GDexFormat *); + +/* Procède à la décompilation complète du format. */ +static void g_dex_format_decompile(const GDexFormat *, void/*GCodeBuffer*/ *, const char *); + + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * +* unused = adresse non utilisée ici. * +* key = identifiant de format trouvé ou NULL. [OUT] * +* * +* Description : Indique si le format peut être pris en charge ici. * +* * +* Retour : Conclusion de haut niveau sur la reconnaissance effectuée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +FormatMatchStatus dex_is_matching(GBinContent *content, GExeFormat *parent, void *unused, char **key) +{ + FormatMatchStatus result; /* Bilan à renvoyer */ + vmpa2t addr; /* Tête de lecture initiale */ + bool status; /* Bilan des accès mémoire */ + char magic[DEX_FILE_MAGIC_LEN]; /* Idenfiant standard */ + + + /* REMME */ + if (parent != NULL) return FMS_UNKNOWN; + + + init_vmpa(&addr, 0, VMPA_NO_VIRTUAL); + + status = g_binary_content_read_raw(content, &addr, DEX_FILE_MAGIC_LEN, (bin_t *)magic); + + status &= (memcmp(magic, DEX_FILE_MAGIC, DEX_FILE_MAGIC_LEN) == 0); + + if (status) + { + result = FMS_MATCHED; + *key = strdup(parent == NULL ? "dex" : "dexdbg"); + } + else + result = FMS_UNKNOWN; + + return result; + +} + + +/* Indique le type défini pour un format d'exécutable DEX. */ +G_DEFINE_TYPE(GDexFormat, g_dex_format, G_TYPE_EXE_FORMAT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des formats d'exécutables DEX. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_class_init(GDexFormatClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GBinFormatClass *fmt; /* Version en format basique */ + GExeFormatClass *exe; /* Version en exécutable */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dex_format_dispose; + object->finalize = (GObjectFinalizeFunc)g_dex_format_finalize; + + fmt = G_BIN_FORMAT_CLASS(klass); + + fmt->get_endian = (format_get_endian_fc)g_dex_format_get_endianness; + + exe = G_EXE_FORMAT_CLASS(klass); + + exe->get_machine = (get_target_machine_fc)g_dex_format_get_target_machine; + exe->refine_portions = (refine_portions_fc)g_dex_format_refine_portions; + + exe->translate_phys = (translate_phys_fc)g_exe_format_without_virt_translate_offset_into_vmpa; + exe->translate_virt = (translate_virt_fc)g_exe_format_without_virt_translate_address_into_vmpa; + + exe->get_range_by_name = (get_range_by_name_fc)g_dex_format_get_section_range_by_name; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance à initialiser. * +* * +* Description : Initialise une instance de format d'exécutable DEX. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_init(GDexFormat *format) +{ + GBinFormat *bin_format; /* Format parent à compléter #1*/ + + bin_format = G_BIN_FORMAT(format); + + bin_format->decompile = (format_decompile_fc)g_dex_format_decompile; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_dispose(GDexFormat *format) +{ + G_OBJECT_CLASS(g_dex_format_parent_class)->dispose(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_finalize(GDexFormat *format) +{ + G_OBJECT_CLASS(g_dex_format_parent_class)->finalize(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * + status = barre de statut à tenir informée. * +* * +* Description : Prend en charge un nouveau format Dex. * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinFormat *g_dex_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) +{ + GDexFormat *result; /* Structure à retourner */ + GBinFormat *base; /* Version basique du format */ + GExeFormat *exe_format; /* Autre version du format */ + vmpa2t pos; /* Position de tête de lecture */ + wgroup_id_t gid; /* Identifiant pour les tâches */ + + result = g_object_new(G_TYPE_DEX_FORMAT, NULL); + + base = G_BIN_FORMAT(result); + exe_format = G_EXE_FORMAT(result); + + g_binary_format_set_content(base, content); + + init_vmpa(&pos, 0, VMPA_NO_VIRTUAL); + + if (!read_dex_header(result, &pos, &result->header)) + goto gdfn_error; + + + + /* TODO : vérifier que les *_id ne se chevauchent pas */ + + + gid = g_work_queue_define_work_group(get_work_queue()); + + if (!load_all_dex_types(result, gid, status)) + goto gdfn_error; + + if (!load_all_dex_fields(result, gid, status)) + goto gdfn_error; + + if (!load_all_dex_classes(result, gid, status)) + goto gdfn_error; + + preload_binary_format(PGA_FORMAT_PRELOAD, base, base->info, status); + + if (!g_executable_format_complete_loading(exe_format, status)) + goto gdfn_error; + + return base; + + gdfn_error: + + g_object_unref(G_OBJECT(result)); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* * +* Description : Informe quant au boutisme utilisé. * +* * +* Retour : Indicateur de boutisme. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static SourceEndian g_dex_format_get_endianness(const GDexFormat *format) +{ + return SRE_LITTLE; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* * +* Description : Indique le type d'architecture visée par le format. * +* * +* Retour : Identifiant de l'architecture ciblée par le format. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static const char *g_dex_format_get_target_machine(const GDexFormat *format) +{ + return "dalvik"; + +} + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* main = couche de portions principale à raffiner. * +* * +* Description : Etend la définition des portions au sein d'un binaire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_refine_portions(GDexFormat *format) +{ + GExeFormat *exe_format; /* Autre version du format */ + size_t max; /* Nombre d'itérations prévues */ + size_t i; /* Boucle de parcours */ + + exe_format = G_EXE_FORMAT(format); + + max = g_dex_format_count_classes(format); + + for (i = 0; i < max; i++) + g_dex_class_include_as_portion(format->classes[i], exe_format); + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à consulter. * +* name = nom de la section recherchée. * +* range = emplacement en mémoire à renseigner. [OUT] * +* * +* Description : Fournit l'emplacement d'une section donnée. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool g_dex_format_get_section_range_by_name(const GDexFormat *format, const char *name, mrange_t *range) +{ + bool result; /* Bilan à retourner */ + + result = false; + + return result; + +} + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* addr = adresse de la routine à retrouver. * +* * +* Description : Retrouve si possible la méthode associée à une adresse. * +* * +* Retour : Méthde retrouvée ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_format_find_method_by_address(const GDexFormat *format, vmpa_t addr) +{ + + return NULL; + + +#if 0 + GDexMethod *result; /* Trouvaille à retourner */ + size_t i; /* Boucle de parcours */ + + result = NULL; + + for (i = 0; i < format->classes_count && result == NULL; i++) + result = g_dex_class_find_method_by_address(format->classes[i], addr); + + return result; +#endif + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à mettre à jour. * +* * +* Description : Détermine tous les fichiers source indiqués. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ +#if 0 +static void g_dex_format_find_all_sources(GDexFormat *format) +{ + +#if 0 + + GBinFormat *bf; /* Instance parente */ + size_t i; /* Boucle de parcours #1 */ + const char *source; /* Fichier source trouvé */ + bool found; /* Présence dans la liste */ + size_t k; /* Boucle de parcours #2 */ + + bf = G_BIN_FORMAT(format); + + for (i = 0; i < format->classes_count; i++) + { + source = g_dex_class_get_source_file(format->classes[i], format); + if (source == NULL) continue; + + found = false; + + for (k = 0; k < bf->src_count && !found; k++) + found = (strcmp(source, bf->src_files[k]) == 0); + + if (!found) + { + bf->src_files = (const char **)realloc(bf->src_files, + ++bf->src_count * sizeof(const char **)); + bf->src_files[bf->src_count - 1] = source; + } + + } + +#endif + +} +#endif + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* buffer = tampon mis à disposition pour la sortie. * +* filename = nom du fichier source à cibler. * +* * +* Description : Procède à la décompilation complète du format. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_format_decompile(const GDexFormat *format, void/*GCodeBuffer*/ *buffer, const char *filename) +{ + +#if 0 + + GLangOutput *lang; /* Langage de sortie */ + size_t i; /* Boucle de parcours */ + const char *source; /* Fichier source trouvé */ + + lang = g_java_output_new(); + + for (i = 0; i < format->classes_count; i++) + { + source = g_dex_class_get_source_file(format->classes[i], format); + if (source == NULL || strcmp(source, filename) != 0) continue; + + g_dex_class_decompile(format->classes[i], lang, buffer, format); + + + +#if 0 + GDataType *get_type_from_dex_pool(const GDexFormat *format, uint16_t index) + + + Décrit le type fourni sous forme de caractères. * +* * +* Retour : Chaîne à libérer de la mémoire après usage. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *_g_data_type_to_string(const GDataType *type, bool simple) + +#endif + + } + + +#endif + +} + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* * +* Description : Présente l'en-tête DEX du format chargé. * +* * +* Retour : Pointeur vers la description principale. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dex_header *g_dex_format_get_header(const GDexFormat *format) +{ + return &format->header; + +} + + + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à consulter. * +* * +* Description : Dénombre le nombre de classes trouvées. * +* * +* Retour : Quantité de classes présentes. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dex_format_count_classes(const GDexFormat *format) +{ + return format->header.class_defs_size; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à consulter. * +* index = indice de la classe visée. * +* * +* Description : Fournit une classe du format chargée en mémoire. * +* * +* Retour : Instance représentant une classe chargée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexClass *g_dex_format_get_class(const GDexFormat *format, size_t index) +{ + /* TODO : ref() */ + + return format->classes[index]; + +} + + + + + diff --git a/plugins/dex/format.h b/plugins/dex/format.h new file mode 100755 index 0000000..0398b9c --- /dev/null +++ b/plugins/dex/format.h @@ -0,0 +1,77 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * format.h - prototypes pour le support du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_FORMAT_H +#define _PLUGINS_DEX_FORMAT_H + + +#include <glib-object.h> +#include <stdbool.h> +#include <sys/types.h> + + +#include <core/formats.h> + + +#include "dex_def.h" + + + +#define G_TYPE_DEX_FORMAT g_dex_format_get_type() +#define G_DEX_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dex_format_get_type(), GDexFormat)) +#define G_IS_DEX_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dex_format_get_type())) +#define G_DEX_FORMAT_GET_IFACE(inst) (G_TYPE_INSTANCE_GET_INTERFACE((inst), g_dex_format_get_type(), GDexFormatIface)) +#define G_DEX_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DEX_FORMAT, GDexFormatClass)) + + +/* Format d'exécutable DEX (instance) */ +typedef struct _GDexFormat GDexFormat; + +/* Format d'exécutable DEX (classe) */ +typedef struct _GDexFormatClass GDexFormatClass; + + +/* Indique si le format peut être pris en charge ici. */ +FormatMatchStatus dex_is_matching(GBinContent *, GExeFormat *, void *, char **); + +/* Indique le type défini pour un format d'exécutable DEX. */ +GType g_dex_format_get_type(void); + +/* Prend en charge un nouveau format DEX. */ +GBinFormat *g_dex_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); + +/* Présente l'en-tête DEX du format chargé. */ +const dex_header *g_dex_format_get_header(const GDexFormat *); + +/* Redéfinition : classe issue du code source (instance) */ +typedef struct _GDexClass GDexClass; + +/* Dénombre le nombre de classes trouvées. */ +size_t g_dex_format_count_classes(const GDexFormat *); + +/* Fournit une classe du format chargée en mémoire. */ +GDexClass *g_dex_format_get_class(const GDexFormat *, size_t); + + + +#endif /* _PLUGINS_DEX_FORMAT_H */ diff --git a/plugins/dex/loading.c b/plugins/dex/loading.c new file mode 100644 index 0000000..c00d0c5 --- /dev/null +++ b/plugins/dex/loading.c @@ -0,0 +1,240 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * loading.c - chargements parallèles des éléments de la table globale du format Dex + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "loading.h" + + +#include <i18n.h> +#include <glibext/delayed-int.h> +#include <gui/panels/log.h> + + +#include "pool.h" + + + +/* Fraction de routines à limiter (instance) */ +struct _GDexLoading +{ + GDelayedWork parent; /* A laisser en premier */ + + GDexFormat *format; /* Format à faire évoluer */ + + dex_loading_cb callback; /* Routine de traitement finale*/ + uint32_t begin; /* Point de départ du parcours */ + uint32_t end; /* Point d'arrivée exclu */ + + activity_id_t id; /* Identifiant pour messages */ + + bool *status; /* Bilan global constitué */ + +}; + +/* Fraction de routines à limiter (classe) */ +struct _GDexLoadingClass +{ + GDelayedWorkClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des tâches des chargements pour DEX. */ +static void g_dex_loading_class_init(GDexLoadingClass *); + +/* Initialise une tâche de chargements pour DEX. */ +static void g_dex_loading_init(GDexLoading *); + +/* Supprime toutes les références externes. */ +static void g_dex_loading_dispose(GDexLoading *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dex_loading_finalize(GDexLoading *); + +/* Assure le chargement pour un format DEX en différé. */ +static void g_dex_loading_process(GDexLoading *, GtkStatusStack *); + + + +/* Indique le type défini pour les tâches de chargements pour format DEX. */ +G_DEFINE_TYPE(GDexLoading, g_dex_loading, G_TYPE_DELAYED_WORK); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des tâches des chargements pour DEX. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_loading_class_init(GDexLoadingClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GDelayedWorkClass *work; /* Version en classe parente */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dex_loading_dispose; + object->finalize = (GObjectFinalizeFunc)g_dex_loading_finalize; + + work = G_DELAYED_WORK_CLASS(klass); + + work->run = (run_task_fc)g_dex_loading_process; + +} + + +/****************************************************************************** +* * +* Paramètres : loading = instance à initialiser. * +* * +* Description : Initialise une tâche de chargements pour DEX. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_loading_init(GDexLoading *loading) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : loading = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_loading_dispose(GDexLoading *loading) +{ + G_OBJECT_CLASS(g_dex_loading_parent_class)->dispose(G_OBJECT(loading)); + +} + + +/****************************************************************************** +* * +* Paramètres : loading = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_loading_finalize(GDexLoading *loading) +{ + G_OBJECT_CLASS(g_dex_loading_parent_class)->finalize(G_OBJECT(loading)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = = ensemble d'instructions désassemblées. * +* begin = point de départ du parcours de liste. * +* end = point d'arrivée exclu du parcours. * +* id = identifiant du message affiché à l'utilisateur. * +* callback = routine de traitements particuliers. * +* status = bilan final à constituer. [OUT] * +* * +* Description : Crée une tâche de chargement pour DEX différée. * +* * +* Retour : Tâche créée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexLoading *g_dex_loading_new(GDexFormat *format, uint32_t begin, uint32_t end, activity_id_t id, dex_loading_cb callback, bool *status) +{ + GDexLoading *result; /* Tâche à retourner */ + + result = g_object_new(G_TYPE_DEX_LOADING, NULL); + + result->format = format; + + result->callback = callback; + result->begin = begin; + result->end = end; + + result->id = id; + + result->status = status; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : study = étude de routines à mener. * +* status = barre de statut à tenir informée. * +* * +* Description : Assure le chargement pour un format DEX en différé. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_loading_process(GDexLoading *loading, GtkStatusStack *status) +{ + uint32_t i; /* Boucle de parcours */ + GObject *obj; /* Object chargé en mémoire */ + + for (i = loading->begin; i < loading->end && *(loading->status); i++) + { + obj = loading->callback(loading->format, i); + + if (obj != NULL) + g_object_unref(obj); + + else + { + *(loading->status) = false; + log_variadic_message(LMT_ERROR, _("Error while loading Dex pool item #%u!"), i); + } + + gtk_status_stack_update_activity_value(status, loading->id, 1); + + } + +} diff --git a/plugins/dex/loading.h b/plugins/dex/loading.h new file mode 100644 index 0000000..612f962 --- /dev/null +++ b/plugins/dex/loading.h @@ -0,0 +1,63 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * loading.h - prototypes pour les chargements parallèles des éléments de la table globale du format Dex + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_LOADING_H +#define _PLUGINS_DEX_LOADING_H + + +#include <gtkext/gtkstatusstack.h> + + +#include "format.h" + + + +#define G_TYPE_DEX_LOADING g_dex_loading_get_type() +#define G_DEX_LOADING(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dex_loading_get_type(), GDexLoading)) +#define G_IS_DEX_LOADING(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dex_loading_get_type())) +#define G_DEX_LOADING_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DEX_LOADING, GDexLoadingClass)) +#define G_IS_DEX_LOADING_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DEX_LOADING)) +#define G_DEX_LOADING_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DEX_LOADING, GDexLoadingClass)) + + +/* Fraction de loading à limiter (instance) */ +typedef struct _GDexLoading GDexLoading; + +/* Fraction de loading à limiter (classe) */ +typedef struct _GDexLoadingClass GDexLoadingClass; + + + +/* Extrait une représentation générique d'une table Dex. */ +typedef GObject * (* dex_loading_cb) (GDexFormat *, uint32_t); + + +/* Indique le type défini pour les tâches de chargements pour format DEX. */ +GType g_dex_loading_get_type(void); + +/* Crée une tâche de chargement pour DEX différée. */ +GDexLoading *g_dex_loading_new(GDexFormat *, uint32_t, uint32_t, activity_id_t, dex_loading_cb, bool *); + + + +#endif /* _PLUGINS_DEX_LOADING_H */ diff --git a/plugins/dex/method.c b/plugins/dex/method.c new file mode 100644 index 0000000..0f49154 --- /dev/null +++ b/plugins/dex/method.c @@ -0,0 +1,489 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * method.c - manipulation des methodes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "method.h" + + +#include <stddef.h> +#include <string.h> + + +#include <i18n.h> + + +#include "dex-int.h" +#include "pool.h" + + + + +/* Methode issue du code source (instance) */ +struct _GDexMethod +{ + GObject parent; /* A laisser en premier */ + + GBinRoutine *routine; /* Représentation interne */ + + /* FIXME : méthode interne seulement */ + encoded_method info; /* Propriétés de la méthode */ + bool has_body; /* Indication de présence */ + code_item body; /* Corps de la méthode */ + off_t offset; /* Position du code */ + +}; + +/* Methode issue du code source (classe) */ +struct _GDexMethodClass +{ + GObjectClass parent; /* A laisser en premier */ + +}; + + +/* Procède à l'initialisation d'une methode issue du code. */ +static void g_dex_method_class_init(GDexMethodClass *); + +/* Procède à l'initialisation d'une methode issue du code. */ +static void g_dex_method_init(GDexMethod *); + +/* Supprime toutes les références externes. */ +static void g_dex_method_dispose(GDexMethod *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dex_method_finalize(GDexMethod *); + + + +/* Détermine le type d'une methode issue du code source. */ +G_DEFINE_TYPE(GDexMethod, g_dex_method, G_TYPE_OBJECT); + + + +/****************************************************************************** +* * +* Paramètres : class = classe de composant GLib à initialiser. * +* * +* Description : Procède à l'initialisation d'une methode issue du code. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_method_class_init(GDexMethodClass *class) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(class); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dex_method_dispose; + object->finalize = (GObjectFinalizeFunc)g_dex_method_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : method = composant GLib à initialiser. * +* * +* Description : Procède à l'initialisation d'une methode issue du code. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_method_init(GDexMethod *method) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_method_dispose(GDexMethod *method) +{ + if (method->routine != NULL) + g_object_unref(G_OBJECT(method->routine)); + + G_OBJECT_CLASS(g_dex_method_parent_class)->dispose(G_OBJECT(method)); + +} + + +/****************************************************************************** +* * +* Paramètres : method = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dex_method_finalize(GDexMethod *method) +{ + if (method->has_body) + reset_dex_code_item(&method->body); + + G_OBJECT_CLASS(g_dex_method_parent_class)->finalize(G_OBJECT(method)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* seed = graine des informations à extraire. * +* last = dernier indice utilisé (à mettre à jour). [OUT] * +* * +* Description : Crée une nouvelle représentation de methode issue de code. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_method_new_defined(GDexFormat *format, const encoded_method *seed, uleb128_t *last) +{ + GDexMethod *result; /* Composant à retourner */ + vmpa2t addr; /* Tête de lecture générique */ + code_item item; /* Corps de la méthode */ + phys_t ins_offset; /* Position physique du code */ + mrange_t range; /* Emplacement du code associé */ + + *last += seed->method_idx_diff; + + result = get_method_from_dex_pool(format, *last); + + if (result == NULL) + return NULL; + + result->info = *seed; + + result->has_body = (seed->code_off > 0); + + if (result->has_body) + { + init_vmpa(&addr, seed->code_off, VMPA_NO_VIRTUAL); + + if (!read_dex_code_item(format, &addr, &item)) + goto gdmnd_bad_code_item; + + ins_offset = seed->code_off + offsetof(code_item, insns); + + if (!g_exe_format_translate_offset_into_vmpa(G_EXE_FORMAT(format), ins_offset, &addr)) + goto gdmnd_bad_translation; + + result->body = item; + + result->offset = ins_offset; + + init_mrange(&range, &addr, item.insns_size * sizeof(uint16_t)); + g_binary_symbol_set_range(G_BIN_SYMBOL(result->routine), &range); + + } + + return result; + + gdmnd_bad_translation: + + reset_dex_code_item(&item); + + gdmnd_bad_code_item: + + g_object_unref(G_OBJECT(result)); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter.* +* method_id = informations de base quant à la méthode. * +* * +* Description : Crée une nouvelle représentation de methode vide. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_method_new_callable(GDexFormat *format, const method_id_item *method_id) +{ + GDexMethod *result; /* Composant à retourner */ + const char *name; /* Nom de la routine finale */ + GBinRoutine *routine; /* Routine représentée */ + + result = NULL; + + name = get_string_from_dex_pool(format, method_id->name_idx, NULL); + if (name == NULL) goto gdmne_exit; + + routine = get_prototype_from_dex_pool(format, method_id->proto_idx); + if (routine == NULL) goto gdmne_exit; + + g_binary_routine_set_name(routine, strdup(name)); + + result = g_object_new(G_TYPE_DEX_METHOD, NULL); + + result->routine = routine; + + gdmne_exit: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne de la méthode à consulter. * +* * +* Description : Fournit les indications Dex concernant la méthode. * +* * +* Retour : Données brutes du binaire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const encoded_method *g_dex_method_get_dex_info(const GDexMethod *method) +{ + return &method->info; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne de la méthode à consulter. * +* * +* Description : Indique si du code est rattaché à une méthode Dex. * +* * +* Retour : true si la méthode n'est pas abstraite ni native. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dex_method_has_dex_body(const GDexMethod *method) +{ + return method->has_body; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne de la méthode à consulter. * +* * +* Description : Fournit les indications Dex relatives au corps de la méthode.* +* * +* Retour : Données brutes du binaire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const code_item *g_dex_method_get_dex_body(const GDexMethod *method) +{ + return (method->has_body ? &method->body : NULL); + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne du format DEX à consulter. * +* * +* Description : Fournit la routine Chrysalide correspondant à la méthode. * +* * +* Retour : Instance de routine mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinRoutine *g_dex_method_get_routine(const GDexMethod *method) +{ + GBinRoutine *result; /* Instance à retourner */ + + result = method->routine; + + g_object_ref(G_OBJECT(result)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne du format DEX à consulter. * +* format = format permettant d'obtenir une adresse complète. * +* * +* Description : Intègre la méthode en tant que portion de code. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_dex_method_include_as_portion(const GDexMethod *method, GExeFormat *format) +{ + vmpa2t addr; /* Emplacement dans le binaire */ + GBinPortion *new; /* Nouvelle portion définie */ + + /* Si la taille est nulle, on ne fait rien */ + if (method->info.access_flags & ACC_NATIVE) + return; + + if (!method->has_body) + return; + + if (!g_exe_format_translate_offset_into_vmpa(format, method->offset, &addr)) + return; + + new = g_binary_portion_new(BPC_CODE, &addr, method->body.insns_size * sizeof(uint16_t)); + + g_binary_portion_set_desc(new, _("Dalvik code")); + + g_binary_portion_set_rights(new, PAC_READ | PAC_EXEC); + + g_exe_format_include_portion(format, new, &method->info.origin); + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne du format DEX à consulter. * +* offset = position physique à renseigner. [OUT] * +* * +* Description : Indique la position de la méthode au sein du binaire. * +* * +* Retour : Validiter de la position dans le contenu binaire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dex_method_get_offset(const GDexMethod *method, phys_t *offset) +{ + bool result; /* Indication à retourner */ + + result = method->has_body; + + if (result) + *offset = method->offset; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne du format DEX à consulter. * +* index = indice de base comme seul indice. * +* * +* Description : Fournit des indications sur la nature d'une variable donnée. * +* * +* Retour : Indentifiant complet d'une variable utilisée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DexVariableIndex g_dex_method_get_variable(const GDexMethod *method, uint32_t index) +{ + const encoded_method *info; /* Propriétés de la méthode */ + const code_item *body; /* Corps de la méthode */ + uint32_t pivot; /* Bascule pour les arguments */ + + info = &method->info; + body = &method->body; + + /* S'agit-il d'un argument ? */ + + pivot = body->registers_size - body->ins_size; + + if (!(info->access_flags & ACC_STATIC)) + pivot++; + + if (index >= pivot) + return (index - pivot) | DVI_ARGUMENT; + + /* S'agit-il de "this" ? */ + + if (!(info->access_flags & ACC_STATIC) + && index == (body->registers_size - body->ins_size)) + return DVI_THIS; + + /* Alors il s'agit d'une variable locale... */ + + return index | DVI_LOCAL; + +} + + +/****************************************************************************** +* * +* Paramètres : method = informations chargées à consulter. * +* lang = langage à utiliser pour la sortie humaine. * +* buffer = tampon mis à disposition pour la sortie. * +* * +* Description : Procède à la décompilation complète d'une routine donnée. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ +#if 0 +void g_dex_method_decompile(const GDexMethod *method, GLangOutput *lang, GCodeBuffer *buffer) +{ + g_binary_routine_print_code(method->routine, lang, buffer, true); + +} +#endif diff --git a/plugins/dex/method.h b/plugins/dex/method.h new file mode 100644 index 0000000..6716713 --- /dev/null +++ b/plugins/dex/method.h @@ -0,0 +1,104 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * method.h - prototypes pour la manipulation des methodes du format DEX + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_METHOD_H +#define _PLUGINS_DEX_METHOD_H + + +#include <glib-object.h> + + +#include <analysis/routine.h> + + +#include "dex_def.h" +#include "format.h" + + + +#define G_TYPE_DEX_METHOD (g_dex_method_get_type()) +#define G_DEX_METHOD(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DEX_METHOD, GDexMethod)) +#define G_DEX_METHOD_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DEX_METHOD, GDexMethodClass)) +#define G_IS_DEX_METHOD(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DEX_METHOD)) +#define G_IS_DEX_METHOD_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DEX_METHOD)) +#define G_DEX_METHOD_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DEX_METHOD, GDexMethodClass)) + + + +/* Methode issue du code source (instance) */ +typedef struct _GDexMethod GDexMethod; + +/* Methode issue du code source (classe) */ +typedef struct _GDexMethodClass GDexMethodClass; + + +/* Détermination des variables */ +typedef enum _DexVariableIndex +{ + /* Indices... */ + + DVI_LOCAL = (1 << 29), + DVI_THIS = (1 << 30), + DVI_ARGUMENT = (1 << 31) + +} DexVariableIndex; + +#define DVI_INDEX(v) (v & ~(7 << 29)) + + +/* Détermine le type d'une methode issue du code source. */ +GType g_dex_method_get_type(void); + +/* Crée une nouvelle représentation de methode issue de code. */ +GDexMethod *g_dex_method_new_defined(GDexFormat *, const encoded_method *, uleb128_t *); + +/* Crée une nouvelle représentation de methode vide. */ +GDexMethod *g_dex_method_new_callable(GDexFormat *, const method_id_item *); + +/* Fournit les indications Dex concernant la méthode. */ +const encoded_method *g_dex_method_get_dex_info(const GDexMethod *); + +/* Indique si du code est rattaché à une méthode Dex. */ +bool g_dex_method_has_dex_body(const GDexMethod *); + +/* Fournit les indications Dex relatives au corps de la méthode. */ +const code_item *g_dex_method_get_dex_body(const GDexMethod *); + +/* Fournit la routine Chrysalide correspondant à la méthode. */ +GBinRoutine *g_dex_method_get_routine(const GDexMethod *); + +/* Intègre la méthode en tant que portion de code. */ +void g_dex_method_include_as_portion(const GDexMethod *, GExeFormat *); + +/* Indique la position de la méthode au sein du binaire. */ +bool g_dex_method_get_offset(const GDexMethod *method, phys_t *); + +/* Fournit des indications sur la nature d'une variable donnée. */ +DexVariableIndex g_dex_method_get_variable(const GDexMethod *, uint32_t); + +/* Procède à la décompilation complète d'une routine donnée. */ +//void g_dex_method_decompile(const GDexMethod *, GLangOutput *, GCodeBuffer *); + + + +#endif /* _PLUGINS_DEX_METHOD_H */ diff --git a/plugins/dex/pool.c b/plugins/dex/pool.c new file mode 100644 index 0000000..3c97da3 --- /dev/null +++ b/plugins/dex/pool.c @@ -0,0 +1,686 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.c - extraction des informations issues des tables globales + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "pool.h" + + +#include <malloc.h> +#include <string.h> + + +#include <i18n.h> +#include <core/global.h> +#include <format/mangling/demangler.h> +#include <format/mangling/dex/context.h> + + +#include "dex-int.h" +#include "loading.h" + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à analyser. * +* * +* Description : Charge en mémoire toutes les chaînes trouvées. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool find_all_dex_strings(GDexFormat *format) +{ + GBinFormat *base; /* Autre version du format */ + uint32_t i; /* Boucle de parcours */ + mrange_t range; /* Couverture associée */ + const char *text; /* Texte issu du binaire */ + GBinSymbol *symbol; /* Nouveau symbole construit */ + char *label; /* Désignation de la chaîne */ + + base = G_BIN_FORMAT(format); + + for (i = 0; i < format->header.string_ids_size; i++) + { + text = get_string_from_dex_pool(format, i, &range); + if (text == NULL) continue; + + symbol = g_binary_symbol_new(&range, STP_STRING); + + label = create_string_label(base, get_mrange_addr(&range), get_mrange_length(&range)); + + g_binary_symbol_set_alt_label(symbol, label); + + free(label); + + g_binary_format_add_symbol(base, symbol); + + } + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index du type recherchée. * +* range = éventuelle couverture à renseigner ou NULL. [OUT] * +* * +* Description : Extrait une chaîne de caractères d'une table DEX. * +* * +* Retour : Chaîne de caractères trouvées ou NULL en cas d'erreur. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char *get_string_from_dex_pool(const GDexFormat *format, uint32_t index, mrange_t *range) +{ + off_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + string_id_item str_id; /* Identifiant de chaîne */ + string_data_item str_data; /* Description de chaîne */ + vmpa2t start; /* Début de la chaîne */ + phys_t diff; /* Avancée de tête de lecture */ + + if (index >= format->header.string_ids_size) + return NULL; + + pos = format->header.string_ids_off + index * sizeof(string_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_string_id_item(format, &addr, &str_id)) + return NULL; + + pos = str_id.string_data_off; + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_string_data_item(format, &addr, &str_data)) + return NULL; + + if (range != NULL) + { + init_vmpa(&start, pos, VMPA_NO_VIRTUAL); + diff = compute_vmpa_diff(&start, &addr); + + init_mrange(range, &start, diff); + + } + + return (const char *)str_data.data; + +} + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* gid = groupe de travail impliqué. * + status = barre de statut à tenir informée. * +* * +* Description : Charge en mémoire l'ensemble des types du format DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_all_dex_types(GDexFormat *format, wgroup_id_t gid, GtkStatusStack *status) +{ + bool result; /* Bilan à retourner */ + guint runs_count; /* Qté d'exécutions parallèles */ + uint32_t run_size; /* Volume réparti par exécution*/ + GWorkQueue *queue; /* Gestionnaire de différés */ + activity_id_t msg; /* Message de progression */ + guint i; /* Boucle de parcours */ + uint32_t begin; /* Début de bloc de traitement */ + uint32_t end; /* Fin d'un bloc de traitement */ + GDexLoading *loading; /* Tâche de chargement à lancer*/ + + result = true; + + /* Préparation du réceptacle */ + + format->types = (GDataType **)calloc(format->header.type_ids_size, sizeof(GDataType *)); + + /* Lancement des chargements */ + + runs_count = g_get_num_processors(); + + run_size = format->header.type_ids_size / runs_count; + + queue = get_work_queue(); + + msg = gtk_status_stack_add_activity(status, _("Loading all types from the Dex pool..."), + format->header.type_ids_size); + + for (i = 0; i < runs_count; i++) + { + begin = i * run_size; + + if ((i + 1) == runs_count) + end = format->header.type_ids_size; + else + end = begin + run_size; + + loading = g_dex_loading_new(format, begin, end, msg, + (dex_loading_cb)get_type_from_dex_pool, &result); + + g_work_queue_schedule_work(queue, G_DELAYED_WORK(loading), gid); + + } + + g_work_queue_wait_for_completion(queue, gid); + + gtk_status_stack_remove_activity(status, msg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index du type recherchée. * +* * +* Description : Extrait une représentation de type d'une table DEX. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDataType *get_type_from_dex_pool(GDexFormat *format, uint32_t index) +{ + GDataType *result; /* Instance à retourner */ + phys_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + type_id_item type_id; /* Définition de la classe */ + string_id_item str_id; /* Identifiant de chaîne */ + string_data_item str_data; /* Description de chaîne */ + + result = NULL; + + if (index >= format->header.type_ids_size) + goto gtfdp_error; + + if (format->types[index] == NULL) + { + pos = format->header.type_ids_off + index * sizeof(type_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_type_id_item(format, &addr, &type_id)) + goto gtfdp_error; + + pos = format->header.string_ids_off + type_id.descriptor_idx * sizeof(string_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_string_id_item(format, &addr, &str_id)) + goto gtfdp_error; + + pos = str_id.string_data_off; + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_string_data_item(format, &addr, &str_data)) + goto gtfdp_error; + + format->types[index] = demangle_type(G_TYPE_DEX_DEMANGLER, (char *)str_data.data); + + } + + result = format->types[index]; + + if (result != NULL) + g_object_ref(G_OBJECT(result)); + + gtfdp_error: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* gid = groupe de travail impliqué. * +* status = barre de statut à tenir informée. * +* * +* Description : Charge en mémoire l'ensemble des champs du format DEX. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_all_dex_fields(GDexFormat *format, wgroup_id_t gid, GtkStatusStack *status) +{ + bool result; /* Bilan à retourner */ + guint runs_count; /* Qté d'exécutions parallèles */ + uint32_t run_size; /* Volume réparti par exécution*/ + GWorkQueue *queue; /* Gestionnaire de différés */ + activity_id_t msg; /* Message de progression */ + guint i; /* Boucle de parcours */ + uint32_t begin; /* Début de bloc de traitement */ + uint32_t end; /* Fin d'un bloc de traitement */ + GDexLoading *loading; /* Tâche de chargement à lancer*/ + + result = true; + + /* Préparation du réceptacle */ + + format->fields = (GBinVariable **)calloc(format->header.field_ids_size, sizeof(GBinVariable *)); + + /* Lancement des chargements */ + + runs_count = g_get_num_processors(); + + run_size = format->header.field_ids_size / runs_count; + + queue = get_work_queue(); + + msg = gtk_status_stack_add_activity(status, _("Loading all fields from the Dex pool..."), + format->header.field_ids_size); + + for (i = 0; i < runs_count; i++) + { + begin = i * run_size; + + if ((i + 1) == runs_count) + end = format->header.field_ids_size; + else + end = begin + run_size; + + loading = g_dex_loading_new(format, begin, end, msg, + (dex_loading_cb)get_field_from_dex_pool, &result); + + g_work_queue_schedule_work(queue, G_DELAYED_WORK(loading), gid); + + } + + g_work_queue_wait_for_completion(queue, gid); + + gtk_status_stack_remove_activity(status, msg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index du champ recherché. * +* * +* Description : Extrait une représentation de champ d'une table DEX. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinVariable *get_field_from_dex_pool(GDexFormat *format, uint32_t index) +{ + GBinVariable *result; /* Instance à retourner */ + phys_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + field_id_item field_id; /* Description du champ */ + GDataType *type; /* Type du champ */ + const char *name; /* Désignation humaine */ + GBinVariable *field; /* Instance nouvelle à définir */ + GDataType *owner; /* Propriétaire du champ */ + + result = NULL; + + if (index >= format->header.field_ids_size) + goto gffdp_error; + + if (format->fields[index] == NULL) + { + pos = format->header.field_ids_off + index * sizeof(field_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_field_id_item(format, &addr, &field_id)) + goto gffdp_error; + + type = get_type_from_dex_pool(format, field_id.type_idx); + if (type == NULL) goto gffdp_error; + + name = get_string_from_dex_pool(format, field_id.name_idx, NULL); + if (name == NULL) goto gffdp_bad_name; + + field = g_binary_variable_new(type); + g_binary_variable_set_name(field, name); + + if (field_id.class_idx != NO_INDEX) + { + owner = get_type_from_dex_pool(format, field_id.class_idx); + if (owner == NULL) goto gffdp_bad_owner; + + g_binary_variable_set_owner(field, owner); + + } + + format->fields[index] = field; + + } + + result = format->fields[index]; + + if (result != NULL) + g_object_ref(G_OBJECT(result)); + + gffdp_error: + + return result; + + gffdp_bad_owner: + + g_object_ref(G_OBJECT(type)); + g_object_unref(G_OBJECT(result)); + + gffdp_bad_name: + + g_object_unref(G_OBJECT(type)); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index de la routine recherchée. * +* * +* Description : Extrait une représentation de routine d'une table DEX. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinRoutine *get_prototype_from_dex_pool(GDexFormat *format, uint32_t index) +{ + GBinRoutine *result; /* Instance à retourner */ + phys_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + proto_id_item proto_id; /* Prototype de routine */ + GDataType *type; /* Type de retour */ + const char *name; /* Description compressée */ + type_list args; /* Liste des arguments */ + uint32_t i; /* Boucle de parcours */ + GBinVariable *arg; /* Argument reconstitué */ + + result = NULL; + + /** + * Les prototypes sont personnalisés après chargement. + * Donc on ne peut pas conserver de version globale comme pour + * les autres éléments de la table des constantes. + */ + + if (index >= format->header.proto_ids_size) + goto grfdp_error; + + pos = format->header.proto_ids_off + index * sizeof(proto_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_proto_id_item(format, &addr, &proto_id)) + goto grfdp_error; + + /* Type de retour */ + + type = get_type_from_dex_pool(format, proto_id.return_type_idx); + + /* Nom de la méthode */ + + name = get_string_from_dex_pool(format, proto_id.shorty_idx, NULL); + + /* Liste des arguments */ + + pos = proto_id.parameters_off; + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + result = g_binary_routine_new();/////////////////////// + + if (read_dex_type_list(format, &addr, &args)) + for (i = 0; i < args.size; i++) + { + type = get_type_from_dex_pool(format, args.list[i].type_idx); + if (type == NULL) continue; + + arg = g_binary_variable_new(type); + g_binary_routine_add_arg(result, arg);/////////////////////// + + } + + /* Mise en place finale */ + + ///////result = demangle_routine(G_TYPE_DEX_DEMANGLER, name); + + g_binary_routine_set_name(result, strdup("...")); + +#if 1 + if (result != NULL)/////////////////////// + g_binary_routine_set_return_type(result, type); +#endif + + /* + if (result != NULL) + g_object_ref(G_OBJECT(result)); + */ + + grfdp_error: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index de la classe recherchée. * +* * +* Description : Extrait une représentation de méthode d'une table DEX. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *get_method_from_dex_pool(GDexFormat *format, uint32_t index) +{ + GDexMethod *result; /* Instance à retourner */ + phys_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + method_id_item method_id; /* Définition de la méthode */ + + result = NULL; + + if (index >= format->header.method_ids_size) + goto gmfdp_error; + + /** + * On charge ici une méthode à partir de la définition de 'method_id_item'. + * + * C'est l'élément 'encoded_method' qui référence cette cette définition et qui + * applique ensuite les attributs finaux de la méthode. La classe parente est + * précisée en outre bien en amont. + * + * Comme une même définition peut donc servir à plusieurs instances, + * on ne peut pas conserver un tableau d'allocations communes. + */ + + pos = format->header.method_ids_off + index * sizeof(method_id_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_method_id_item(format, &addr, &method_id)) + goto gmfdp_error; + + result = g_dex_method_new_callable(format, &method_id); + + gmfdp_error: + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à compléter. * +* gid = groupe de travail impliqué. * + status = barre de statut à tenir informée. * +* * +* Description : Charge toutes les classes listées dans le contenu binaire. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_all_dex_classes(GDexFormat *format, wgroup_id_t gid, GtkStatusStack *status) +{ + bool result; /* Bilan à retourner */ + guint runs_count; /* Qté d'exécutions parallèles */ + uint32_t run_size; /* Volume réparti par exécution*/ + GWorkQueue *queue; /* Gestionnaire de différés */ + activity_id_t msg; /* Message de progression */ + guint i; /* Boucle de parcours */ + uint32_t begin; /* Début de bloc de traitement */ + uint32_t end; /* Fin d'un bloc de traitement */ + GDexLoading *loading; /* Tâche de chargement à lancer*/ + + result = true; + + /* Préparation du réceptacle */ + + format->classes = (GDexClass **)calloc(format->header.class_defs_size, sizeof(GDexClass *)); + + /* Lancement des chargements */ + + runs_count = g_get_num_processors(); + + run_size = format->header.class_defs_size / runs_count; + + queue = get_work_queue(); + + msg = gtk_status_stack_add_activity(status, _("Loading all classes from the Dex pool..."), + format->header.class_defs_size); + + for (i = 0; i < runs_count; i++) + { + begin = i * run_size; + + if ((i + 1) == runs_count) + end = format->header.class_defs_size; + else + end = begin + run_size; + + loading = g_dex_loading_new(format, begin, end, msg, + (dex_loading_cb)get_class_from_dex_pool, &result); + + g_work_queue_schedule_work(queue, G_DELAYED_WORK(loading), gid); + + } + + g_work_queue_wait_for_completion(queue, gid); + + gtk_status_stack_remove_activity(status, msg); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = représentation interne du format DEX à consulter. * +* index = index de la classe recherchée. * +* * +* Description : Extrait une représentation de classe d'une table DEX. * +* * +* Retour : Composant GLib créé. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexClass *get_class_from_dex_pool(GDexFormat *format, uint32_t index) +{ + GDexClass *result; /* Instance à retourner */ + phys_t pos; /* Tête de lecture */ + vmpa2t addr; /* Tête de lecture générique */ + class_def_item class_def; /* Définition de la classe */ + + result = NULL; + + if (index >= format->header.class_defs_size) + goto gcfdp_error; + + if (format->classes[index] == NULL) + { + pos = format->header.class_defs_off + index * sizeof(class_def_item); + init_vmpa(&addr, pos, VMPA_NO_VIRTUAL); + + if (!read_dex_class_def_item(format, &addr, &class_def)) + goto gcfdp_error; + + format->classes[index] = g_dex_class_new(format, &class_def); + + } + + result = format->classes[index]; + + if (result != NULL) + g_object_ref(G_OBJECT(result)); + + gcfdp_error: + + return result; + +} diff --git a/plugins/dex/pool.h b/plugins/dex/pool.h new file mode 100644 index 0000000..56bcd64 --- /dev/null +++ b/plugins/dex/pool.h @@ -0,0 +1,74 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * pool.h - prototypes pour l'extraction des informations issues des tables globales + * + * Copyright (C) 2010-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DEX_POOL_H +#define _PLUGINS_DEX_POOL_H + + +#include <analysis/routine.h> +#include <glibext/delayed.h> + + +#include "class.h" +#include "format.h" +#include "method.h" + + + +/* Charge en mémoire toutes les chaînes trouvées. */ +bool find_all_dex_strings(GDexFormat *); + +/* Extrait une chaîne de caractères d'une table DEX. */ +const char *get_string_from_dex_pool(const GDexFormat *, uint32_t, mrange_t *); + + + + + +/* Charge en mémoire l'ensemble des types du format DEX. */ +bool load_all_dex_types(GDexFormat *, wgroup_id_t, GtkStatusStack *); + +/* Extrait une représentation de type d'une table DEX. */ +GDataType *get_type_from_dex_pool(GDexFormat *, uint32_t); + +/* Charge en mémoire l'ensemble des champs du format DEX. */ +bool load_all_dex_fields(GDexFormat *, wgroup_id_t, GtkStatusStack *); + +/* Extrait une représentation de champ d'une table DEX. */ +GBinVariable *get_field_from_dex_pool(GDexFormat *, uint32_t); + +/* Extrait une représentation de routine d'une table DEX. */ +GBinRoutine *get_prototype_from_dex_pool(GDexFormat *, uint32_t); + +/* Extrait une représentation de méthode d'une table DEX. */ +GDexMethod *get_method_from_dex_pool(GDexFormat *, uint32_t); + +/* Charge toutes les classes listées dans le contenu binaire. */ +bool load_all_dex_classes(GDexFormat *, wgroup_id_t, GtkStatusStack *); + +/* Extrait une représentation de classe d'une table DEX. */ +GDexClass *get_class_from_dex_pool(GDexFormat *, uint32_t); + + + +#endif /* _PLUGINS_DEX_POOL_H */ diff --git a/plugins/pychrysa/format/dex/Makefile.am b/plugins/dex/python/Makefile.am index ebf8966..fc6f85e 100644 --- a/plugins/pychrysa/format/dex/Makefile.am +++ b/plugins/dex/python/Makefile.am @@ -1,16 +1,16 @@ -noinst_LTLIBRARIES = libpychrysaformatdex.la +noinst_LTLIBRARIES = libdexpython.la -libpychrysaformatdex_la_SOURCES = \ +libdexpython_la_SOURCES = \ class.h class.c \ - dex.h dex.c \ + format.h format.c \ module.h module.c -libpychrysaformatdex_la_LDFLAGS = +libdexpython_la_LDFLAGS = AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ - -I../../../../src + -I$(top_srcdir)/src AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/pychrysa/format/dex/class.c b/plugins/dex/python/class.c index 13b1f2a..ec1c3f7 100644 --- a/plugins/pychrysa/format/dex/class.c +++ b/plugins/dex/python/class.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * class.c - équivalent Python du fichier "format/dex/class.c" + * class.c - équivalent Python du fichier "plugins/dex/class.c" * * Copyright (C) 2012-2017 Cyrille Bagard * @@ -28,10 +28,10 @@ #include <pygobject.h> -#include <format/dex/class.h> +#include <plugins/pychrysa/helpers.h> -#include "../../helpers.h" +#include "../class.h" diff --git a/plugins/pychrysa/format/dex/class.h b/plugins/dex/python/class.h index bd2d2a5..02ec882 100644 --- a/plugins/pychrysa/format/dex/class.h +++ b/plugins/dex/python/class.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * class.h - prototypes pour l'équivalent Python du fichier "format/dex/class.h" + * class.h - prototypes pour l'équivalent Python du fichier "plugins/dex/class.h" * * Copyright (C) 2012-2017 Cyrille Bagard * @@ -22,8 +22,8 @@ */ -#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H -#define _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H +#ifndef _PLUGINS_DEX_PYTHON_CLASS_H +#define _PLUGINS_DEX_PYTHON_CLASS_H #include <Python.h> @@ -39,4 +39,4 @@ bool register_python_dex_class(PyObject *module); -#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H */ +#endif /* _PLUGINS_DEX_PYTHON_CLASS_H */ diff --git a/plugins/pychrysa/format/dex/dex.c b/plugins/dex/python/format.c index 0eaf8a1..74f6eae 100644 --- a/plugins/pychrysa/format/dex/dex.c +++ b/plugins/dex/python/format.c @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * dex.c - équivalent Python du fichier "format/dex/dex.c" + * format.c - équivalent Python du fichier "plugins/dex/format.c" * * Copyright (C) 2012-2017 Cyrille Bagard * @@ -22,22 +22,21 @@ */ -#include "dex.h" +#include "format.h" #include <pygobject.h> #include <i18n.h> +#include <plugins/pychrysa/helpers.h> +#include <plugins/pychrysa/analysis/binary.h> +#include <plugins/pychrysa/analysis/content.h> +#include <plugins/pychrysa/format/executable.h> -#include <format/dex/class.h> -#include <format/dex/dex.h> - - -#include "../executable.h" -#include "../../analysis/content.h" -#include "../../helpers.h" +#include "../class.h" +#include "../format.h" diff --git a/plugins/pychrysa/format/dex/dex.h b/plugins/dex/python/format.h index 0871875..4a365c9 100644 --- a/plugins/pychrysa/format/dex/dex.h +++ b/plugins/dex/python/format.h @@ -1,6 +1,6 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * dex.h - prototypes pour l'équivalent Python du fichier "format/dex/dex.h" + * format.h - prototypes pour l'équivalent Python du fichier "plugins/dex/format.h" * * Copyright (C) 2012-2017 Cyrille Bagard * @@ -22,8 +22,8 @@ */ -#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H -#define _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H +#ifndef _PLUGINS_DEX_PYTHON_FORMAT_H +#define _PLUGINS_DEX_PYTHON_FORMAT_H #include <Python.h> @@ -39,4 +39,4 @@ bool register_python_dex_format(PyObject *); -#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H */ +#endif /* _PLUGINS_DEX_PYTHON_FORMAT_H */ diff --git a/plugins/pychrysa/format/dex/module.c b/plugins/dex/python/module.c index 49004b7..8d5092d 100644 --- a/plugins/pychrysa/format/dex/module.c +++ b/plugins/dex/python/module.c @@ -25,14 +25,20 @@ #include "module.h" +#include <Python.h> + + +#include <plugins/pychrysa/access.h> + + #include "class.h" -#include "dex.h" +#include "format.h" /****************************************************************************** * * -* Paramètres : module = module dont la définition est à compléter. * +* Paramètres : - * * * * Description : Ajoute le module 'format.dex' au module Python. * * * @@ -42,9 +48,10 @@ * * ******************************************************************************/ -bool add_format_dex_module_to_python_module(PyObject *super) +bool add_format_dex_module_to_python_module(void) { bool result; /* Bilan à retourner */ + PyObject *super; /* Module à compléter */ PyObject *module; /* Sous-module mis en place */ int ret; /* Bilan d'un appel */ @@ -61,6 +68,8 @@ bool add_format_dex_module_to_python_module(PyObject *super) result = false; + super = get_access_to_python_module("pychrysalide.format"); + module = PyModule_Create(&py_chrysalide_dex_module); if (module == NULL) return false; @@ -74,10 +83,10 @@ bool add_format_dex_module_to_python_module(PyObject *super) ret = PyModule_AddObject(super, "dex", module); if (ret != 0) goto loading_failed; - result = true; + result = register_python_dex_class(module); - result &= register_python_dex_class(module); - result &= register_python_dex_format(module); + if (result) + result = register_python_dex_format(module); loading_failed: diff --git a/plugins/pychrysa/format/dex/module.h b/plugins/dex/python/module.h index c43e12a..d1540d7 100644 --- a/plugins/pychrysa/format/dex/module.h +++ b/plugins/dex/python/module.h @@ -22,18 +22,17 @@ */ -#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H -#define _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H +#ifndef _PLUGINS_DEX_PYTHON_MODULE_H +#define _PLUGINS_DEX_PYTHON_MODULE_H -#include <Python.h> #include <stdbool.h> /* Ajoute le module 'format.dex' au module Python. */ -bool add_format_dex_module_to_python_module(PyObject *); +bool add_format_dex_module_to_python_module(void); -#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H */ +#endif /* _PLUGINS_DEX_PYTHON_MODULE_H */ diff --git a/plugins/elf/python/module.h b/plugins/elf/python/module.h index de3ce42..f011ef9 100644 --- a/plugins/elf/python/module.h +++ b/plugins/elf/python/module.h @@ -22,8 +22,8 @@ */ -#ifndef _PLUGINS_PYCHRYSA_FORMAT_ELF_MODULE_H -#define _PLUGINS_PYCHRYSA_FORMAT_ELF_MODULE_H +#ifndef _PLUGINS_ELF_PYTHON_MODULE_H +#define _PLUGINS_ELF_PYTHON_MODULE_H #include <stdbool.h> diff --git a/plugins/pychrysa/format/Makefile.am b/plugins/pychrysa/format/Makefile.am index 71f0022..e59cf8a 100644 --- a/plugins/pychrysa/format/Makefile.am +++ b/plugins/pychrysa/format/Makefile.am @@ -7,8 +7,7 @@ libpychrysaformat_la_SOURCES = \ module.h module.c \ symbol.h symbol.c -libpychrysaformat_la_LIBADD = \ - dex/libpychrysaformatdex.la +libpychrysaformat_la_LIBADD = libpychrysaformat_la_LDFLAGS = @@ -18,4 +17,4 @@ AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJE AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) -SUBDIRS = dex +SUBDIRS = diff --git a/plugins/pychrysa/format/module.c b/plugins/pychrysa/format/module.c index d15fea8..642b1dc 100644 --- a/plugins/pychrysa/format/module.c +++ b/plugins/pychrysa/format/module.c @@ -31,7 +31,6 @@ #include "executable.h" #include "format.h" #include "symbol.h" -#include "dex/module.h" #include "../access.h" @@ -87,8 +86,6 @@ bool add_format_module_to_python_module(PyObject *super) result &= register_python_executable_format(module); result &= register_python_binary_symbol(module); - result &= add_format_dex_module_to_python_module(module); - if (result) register_access_to_python_module("pychrysalide.format", module); diff --git a/plugins/readdex/class.c b/plugins/readdex/class.c index 7911c6f..c5cb35f 100644 --- a/plugins/readdex/class.c +++ b/plugins/readdex/class.c @@ -25,8 +25,8 @@ #include <i18n.h> -#include <format/dex/class.h> -#include <format/dex/dex_def.h> +#include <plugins/dex/class.h> +#include <plugins/dex/dex_def.h> #include <plugins/fmtp/parser.h> diff --git a/plugins/readdex/class.h b/plugins/readdex/class.h index 4e71fb2..c24ced1 100644 --- a/plugins/readdex/class.h +++ b/plugins/readdex/class.h @@ -26,7 +26,7 @@ #include <format/preload.h> -#include <format/dex/dex.h> +#include <plugins/dex/format.h> diff --git a/plugins/readdex/code.c b/plugins/readdex/code.c index 3a36c19..d17c4cc 100644 --- a/plugins/readdex/code.c +++ b/plugins/readdex/code.c @@ -24,7 +24,7 @@ #include "code.h" -#include <format/dex/dex_def.h> +#include <plugins/dex/dex_def.h> #include <plugins/fmtp/parser.h> diff --git a/plugins/readdex/code.h b/plugins/readdex/code.h index ea70df8..fc52dd0 100644 --- a/plugins/readdex/code.h +++ b/plugins/readdex/code.h @@ -26,7 +26,7 @@ #include <format/preload.h> -#include <format/dex/dex.h> +#include <plugins/dex/format.h> diff --git a/plugins/readdex/header.c b/plugins/readdex/header.c index b5ea776..860638c 100644 --- a/plugins/readdex/header.c +++ b/plugins/readdex/header.c @@ -25,7 +25,7 @@ #include <i18n.h> -#include <format/dex/dex_def.h> +#include <plugins/dex/dex_def.h> #include <plugins/fmtp/parser.h> diff --git a/plugins/readdex/header.h b/plugins/readdex/header.h index 17c6ccd..63d7c68 100644 --- a/plugins/readdex/header.h +++ b/plugins/readdex/header.h @@ -26,7 +26,7 @@ #include <format/preload.h> -#include <format/dex/dex.h> +#include <plugins/dex/format.h> diff --git a/plugins/readdex/ids.c b/plugins/readdex/ids.c index 88a60b0..73187cb 100644 --- a/plugins/readdex/ids.c +++ b/plugins/readdex/ids.c @@ -31,7 +31,7 @@ #include <i18n.h> #include <arch/raw.h> #include <format/symbol.h> -#include <format/dex/dex_def.h> +#include <plugins/dex/dex_def.h> #include <plugins/fmtp/parser.h> diff --git a/plugins/readdex/ids.h b/plugins/readdex/ids.h index 79618ce..b4a1dbf 100644 --- a/plugins/readdex/ids.h +++ b/plugins/readdex/ids.h @@ -26,7 +26,7 @@ #include <format/preload.h> -#include <format/dex/dex.h> +#include <plugins/dex/format.h> diff --git a/plugins/readdex/reader.c b/plugins/readdex/reader.c index a10ba90..cab6058 100644 --- a/plugins/readdex/reader.c +++ b/plugins/readdex/reader.c @@ -24,7 +24,7 @@ #include "reader.h" -#include <format/dex/dex.h> +#include <plugins/dex/format.h> #include <plugins/plugin-def.h> |