diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2012-07-23 19:07:29 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2012-07-23 19:07:29 (GMT) |
commit | 8b35a66464636d0c46237af7490a6ca6866ecc4d (patch) | |
tree | 92199b36e3af00eb4c175a80c20b9b14511a6a45 /src/arch/dalvik | |
parent | 8b2189a819c7a761cfdb97d9e3382ea963f225fb (diff) |
Improved decompilation of Dalvik bytecode.
git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@252 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
Diffstat (limited to 'src/arch/dalvik')
-rw-r--r-- | src/arch/dalvik/decomp/Makefile.am | 4 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/array.c | 2 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/const.c | 43 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/iget.c | 78 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/invoke.c | 164 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/iput.c | 78 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/move.c | 99 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/new.c | 72 | ||||
-rw-r--r-- | src/arch/dalvik/decomp/translate.h | 21 | ||||
-rw-r--r-- | src/arch/dalvik/instruction.c | 22 | ||||
-rw-r--r-- | src/arch/dalvik/opcodes/move.c | 2 | ||||
-rw-r--r-- | src/arch/dalvik/operands/args.c | 43 | ||||
-rw-r--r-- | src/arch/dalvik/operands/args.h | 8 |
13 files changed, 563 insertions, 73 deletions
diff --git a/src/arch/dalvik/decomp/Makefile.am b/src/arch/dalvik/decomp/Makefile.am index fef68f6..7a7f068 100644 --- a/src/arch/dalvik/decomp/Makefile.am +++ b/src/arch/dalvik/decomp/Makefile.am @@ -8,7 +8,11 @@ libarchdalvikdecomp_la_SOURCES = \ array.c \ const.c \ if.c \ + iget.c \ invoke.c \ + iput.c \ + move.c \ + new.c \ ret.c \ translate.h diff --git a/src/arch/dalvik/decomp/array.c b/src/arch/dalvik/decomp/array.c index c5db396..a841986 100644 --- a/src/arch/dalvik/decomp/array.c +++ b/src/arch/dalvik/decomp/array.c @@ -55,7 +55,7 @@ GDecInstruction *dalvik_decomp_instr_array_length(const GArchInstruction *instr, result = NULL; - printf("PAssaage !\n"); + //printf("PAssaage !\n"); diff --git a/src/arch/dalvik/decomp/const.c b/src/arch/dalvik/decomp/const.c index 54b6403..dce6b35 100644 --- a/src/arch/dalvik/decomp/const.c +++ b/src/arch/dalvik/decomp/const.c @@ -24,8 +24,10 @@ #include "translate.h" +#include "../operands/pool.h" #include "../../../decomp/expr/assign.h" #include "../../../decomp/expr/immediate.h" +#include "../../../decomp/expr/text.h" @@ -60,3 +62,44 @@ GDecInstruction *dalvik_decomp_instr_const(const GArchInstruction *instr, GDecCo return result; } + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'const-string'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_const_str(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *reg; /* Pseudo-registre redéfini */ + uint32_t index; /* Indice de la chaîne */ + GDexFormat *format; /* Accès aux constantes */ + const char *value; /* Chaîne de caractères */ + GDecInstruction *str; /* Chaîne décompilée */ + + operand = g_arch_instruction_get_operand(instr, 0); + reg = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 1); + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + value = get_string_from_dex_pool(format, index); + + str = g_str_expression_new(value); + + result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(str)); + + return result; + +} diff --git a/src/arch/dalvik/decomp/iget.c b/src/arch/dalvik/decomp/iget.c new file mode 100644 index 0000000..8b8f9f0 --- /dev/null +++ b/src/arch/dalvik/decomp/iget.c @@ -0,0 +1,78 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * iget.c - décompilation des instructions manipulant des champs d'instance (chargement) + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../../arch/dalvik/operands/pool.h" +#include "../../../decomp/expr/access.h" +#include "../../../decomp/expr/assign.h" +#include "../../../decomp/expr/pseudo.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'iget'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_iget(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Registre de destination */ + GDecInstruction *src; /* Registre de l'object */ + uint32_t index; /* Indice dans la table */ + GDexFormat *format; /* Accès aux constantes */ + GDecInstruction *field; /* Champ concerné par l'opérat°*/ + GBinVariable *var; /* Variable / champ accédé */ + GDecInstruction *access; /* Représentation de l'accès */ + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 1); + src = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 2); + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + var = get_field_from_dex_pool(format, index); + + field = g_pseudo_register_new(); + g_pseudo_register_set_variable(G_PSEUDO_REGISTER(field), var); + + access = g_access_expression_new(G_DEC_EXPRESSION(src), G_DEC_EXPRESSION(field)); + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(access)); + + return result; + +} diff --git a/src/arch/dalvik/decomp/invoke.c b/src/arch/dalvik/decomp/invoke.c index 7360659..a8772cd 100644 --- a/src/arch/dalvik/decomp/invoke.c +++ b/src/arch/dalvik/decomp/invoke.c @@ -24,8 +24,12 @@ #include "translate.h" +#include <string.h> + + #include "../instruction.h" #include "../operand.h" +#include "../../../decomp/expr/access.h" #include "../../../decomp/expr/assign.h" #include "../../../decomp/expr/call.h" #include "../../../format/dex/pool.h" @@ -38,7 +42,7 @@ * Paramètres : instr = instruction d'origine à convertir. * * ctx = contexte de la phase de décompilation. * * * -* Description : Décompile une instruction de type 'invoke-virtual'. * +* Description : Décompile une instruction de type 'invoke-direct'. * * * * Retour : Instruction mise en place ou NULL. * * * @@ -46,112 +50,156 @@ * * ******************************************************************************/ -GDecInstruction *dalvik_decomp_instr_invoke_virtual(const GArchInstruction *instr, GDecContext *ctx) +GDecInstruction *dalvik_decomp_instr_invoke_direct(const GArchInstruction *instr, GDecContext *ctx) { GDecInstruction *result; /* Instruction à retourner */ - - + GDecInstruction *iter; /* Boucle de parcours #1 */ + GDecInstruction *list; /* Instructions décompilées */ size_t count; /* Quantité d'opérandes */ - GArchOperand *op; /* Opérande de l'instruction */ + GArchOperand *operand; /* Opérande de l'instruction */ uint32_t index; /* Indice de l'élément visé */ GDexFormat *format; /* Accès aux constantes */ GBinRoutine *routine; /* Routine visée par l'appel */ + const char *name; /* Chaîne à afficher */ + GDecInstruction *src; /* Source de l'assignation */ + GDecInstruction *dest; /* Destination de l'assignat° */ + size_t i; /* Boucle de parcours #2 */ + GArchOperand *arg; /* Argument brut de l'appel */ + GDecInstruction *reg; /* Argument converti */ - const char *string; /* Chaîne à afficher */ - GOpenidaType *type; /* Type quelconque */ - char *tmp; /* Chaîne à afficher & libérer */ + result = NULL; + iter = NULL; + list = g_dec_context_get_decomp_instrs(ctx); + if (list == NULL) return NULL; + /* Récupération de la méthode */ - GArchOperand *operand; /* Opérande de l'instruction */ - GDecInstruction *reg; /* Pseudo-registre redéfini */ - GDecInstruction *imm; /* Valeur immédiate décompilée */ + count = g_arch_instruction_count_operands(instr); + operand = g_arch_instruction_get_operand(instr, count - 1); - GArchInstruction *iter; /* Boucle de parcours */ - vmpa_t max; /* Limite à ne pas dépasser */ + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + routine = get_routine_from_dex_pool(format, index); + if (routine == NULL) return NULL; - result = NULL; + /* Détermination de la routine-cible exacte */ + name = g_binary_routine_get_name(routine); - printf("PAssaage !\n"); + if (strcmp(name, "<init>") != 0) + result = g_routine_call_new(routine); + else + { + src = NULL; /* Pour gcc... */ + for (iter = g_dec_instruction_get_last(list); + iter != NULL; + iter = g_dec_instruction_get_prev_iter(list, iter)) + { + if (!G_IS_ASSIGN_EXPRESSION(iter)) continue; + src = g_assign_expression_get_src(G_ASSIGN_EXPRESSION(iter)); + if (!G_IS_ROUTINE_CALL(src)) continue; + dest = g_assign_expression_get_dest(G_ASSIGN_EXPRESSION(iter)); + /* TODO : vérifier aussi la concordance des registres src && instr */ + break; - /* Récupération de la méthode */ + } - count = g_arch_instruction_count_operands(instr); - op = g_arch_instruction_get_operand(instr, count - 1); + if (iter == NULL) return NULL; - index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op)); + result = src; - printf("POOL ?? %d -> %d\n", G_IS_DALVIK_POOL_OPERAND(op), index); + g_dec_instruction_delete(&list, iter); + g_dec_context_set_decomp_instrs(ctx, list); - format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); - routine = get_routine_from_dex_pool(format, index); - if (routine == NULL) return NULL; + } + /* Ajout des arguments */ -#if 0 - if (operand->cache.method == NULL) - g_content_exporter_insert_into_buffer(exporter, buffer, BLC_ASSEMBLY, - "<bad_method_index>", 18, RTT_VAR_NAME); + operand = g_arch_instruction_get_operand(instr, 0); + count = g_dalvik_args_count(G_DALVIK_ARGS_OPERAND(operand)); - else - { - tmp = g_binary_routine_to_string(operand->cache.method); + for (i = 1; i < count; i++) + { + arg = g_dalvik_args_operand_get(G_DALVIK_ARGS_OPERAND(operand), i); + reg = g_dec_context_convert_register(ctx, arg); - g_content_exporter_insert_into_buffer(exporter, buffer, BLC_ASSEMBLY, - tmp, strlen(tmp), RTT_VAR_NAME); + g_routine_call_add_arg(G_ROUTINE_CALL(result), reg); - free(tmp); + } + return (iter != NULL ? iter : result); -#endif +} - result = g_routine_call_new(routine, true); - //GDecInstruction *g_routine_call_new(GBinRoutine *routine, bool is_object) - /* - operand = g_arch_instruction_get_operand(instr, 1); - reg = g_dec_context_convert_register(ctx, operand); +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'invoke-virtual'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ - operand = g_arch_instruction_get_operand(instr, 1); - imm = g_imm_expression_new(G_IMM_OPERAND(operand)); +GDecInstruction *dalvik_decomp_instr_invoke_virtual(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + size_t count; /* Quantité d'opérandes */ + GArchOperand *operand; /* Opérande de l'instruction */ + uint32_t index; /* Indice de l'élément visé */ + GDexFormat *format; /* Accès aux constantes */ + GBinRoutine *routine; /* Routine visée par l'appel */ + GDecInstruction *call; /* Représentation de l'appel */ + size_t i; /* Boucle de parcours #2 */ + GArchOperand *arg; /* Argument brut de l'appel */ + GDecInstruction *reg; /* Argument converti */ - result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(imm)); - */ + result = NULL; + /* Récupération de la méthode */ + count = g_arch_instruction_count_operands(instr); + operand = g_arch_instruction_get_operand(instr, count - 1); + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + routine = get_routine_from_dex_pool(format, index); + if (routine == NULL) return NULL; - /* Récupération d'un résultat ? */ + call = g_routine_call_new(routine); - iter = instr; - max = g_dec_context_get_max_address(ctx); + /* Ajout des arguments */ - iter = g_arch_instruction_get_next_iter(instr, iter, max); + operand = g_arch_instruction_get_operand(instr, 0); + count = g_dalvik_args_count(G_DALVIK_ARGS_OPERAND(operand)); - if (iter != NULL) - switch (g_dalvik_instruction_get_opcode(G_DALVIK_INSTRUCTION(iter))) - { - case DOP_MOVE_RESULT: + for (i = 1; i < count; i++) + { + arg = g_dalvik_args_operand_get(G_DALVIK_ARGS_OPERAND(operand), i); + reg = g_dec_context_convert_register(ctx, arg); - operand = g_arch_instruction_get_operand(iter, 0); - reg = g_dec_context_convert_register(ctx, operand); + g_routine_call_add_arg(G_ROUTINE_CALL(call), reg); - result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(result)); + } - break; + /* Appel depuis le propriétaire */ - default: - break; + arg = g_dalvik_args_operand_get(G_DALVIK_ARGS_OPERAND(operand), 0); + reg = g_dec_context_convert_register(ctx, arg); - } + result = g_access_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(call)); return result; diff --git a/src/arch/dalvik/decomp/iput.c b/src/arch/dalvik/decomp/iput.c new file mode 100644 index 0000000..4db4770 --- /dev/null +++ b/src/arch/dalvik/decomp/iput.c @@ -0,0 +1,78 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * iput.c - décompilation des instructions manipulant des champs d'instance (déchargement) + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../../arch/dalvik/operands/pool.h" +#include "../../../decomp/expr/access.h" +#include "../../../decomp/expr/assign.h" +#include "../../../decomp/expr/pseudo.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'iput'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_iput(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Registre de destination */ + GDecInstruction *src; /* Registre de l'object */ + uint32_t index; /* Indice dans la table */ + GDexFormat *format; /* Accès aux constantes */ + GDecInstruction *field; /* Champ concerné par l'opérat°*/ + GBinVariable *var; /* Variable / champ accédé */ + GDecInstruction *access; /* Représentation de l'accès */ + + operand = g_arch_instruction_get_operand(instr, 0); + src = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 1); + dest = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 2); + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + var = get_field_from_dex_pool(format, index); + + field = g_pseudo_register_new(); + g_pseudo_register_set_variable(G_PSEUDO_REGISTER(field), var); + + access = g_access_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(field)); + result = g_assign_expression_new(G_DEC_EXPRESSION(access), G_DEC_EXPRESSION(src)); + + return result; + +} diff --git a/src/arch/dalvik/decomp/move.c b/src/arch/dalvik/decomp/move.c new file mode 100644 index 0000000..798b6b0 --- /dev/null +++ b/src/arch/dalvik/decomp/move.c @@ -0,0 +1,99 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * move.c - décompilation des opérations de déplacement + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../../decomp/expr/assign.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'move-object'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_move_object(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Registre de destination */ + GDecInstruction *src; /* Registre de l'object */ + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 1); + src = g_dec_context_convert_register(ctx, operand); + + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(src)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'move-result'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_move_result(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GDecInstruction *list; /* Instructions décompilées */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Registre de destination */ + GDecInstruction *last; /* Instruction précédante */ + + list = g_dec_context_get_decomp_instrs(ctx); + if (list == NULL) return NULL; + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_dec_context_convert_register(ctx, operand); + + last = g_dec_instruction_get_last(list); + g_dec_instruction_delete(&list, last); + g_dec_context_set_decomp_instrs(ctx, list); + + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(last)); + + return result; + +} diff --git a/src/arch/dalvik/decomp/new.c b/src/arch/dalvik/decomp/new.c new file mode 100644 index 0000000..1c4c06e --- /dev/null +++ b/src/arch/dalvik/decomp/new.c @@ -0,0 +1,72 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * new.c - décompilation des créations de nouvelles instances + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../../arch/dalvik/operands/pool.h" +#include "../../../decomp/expr/assign.h" +#include "../../../decomp/expr/call.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'new-instance'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_new_instance(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Registre de destination */ + uint32_t index; /* Indice dans la table */ + GDexFormat *format; /* Accès aux constantes */ + GOpenidaType *type; /* Type concerné par l'opérat° */ + GBinRoutine *constructor; /* Constructeur reconstruit */ + GDecInstruction *call; /* Appel au constructeur */ + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_dec_context_convert_register(ctx, operand); + + operand = g_arch_instruction_get_operand(instr, 1); + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(operand)); + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + type = get_type_from_dex_pool(format, index); + + constructor = g_binary_routine_new_constructor(type); + call = g_routine_call_new(constructor); + + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(call)); + + return result; + +} diff --git a/src/arch/dalvik/decomp/translate.h b/src/arch/dalvik/decomp/translate.h index 11b11f7..7779ab7 100644 --- a/src/arch/dalvik/decomp/translate.h +++ b/src/arch/dalvik/decomp/translate.h @@ -41,9 +41,30 @@ GDecInstruction *dalvik_decomp_instr_array_length(const GArchInstruction *, GDec /* Décompile une instruction de type 'const'. */ GDecInstruction *dalvik_decomp_instr_const(const GArchInstruction *, GDecContext *); +/* Décompile une instruction de type 'const-string'. */ +GDecInstruction *dalvik_decomp_instr_const_str(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'iget'. */ +GDecInstruction *dalvik_decomp_instr_iget(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'invoke-direct'. */ +GDecInstruction *dalvik_decomp_instr_invoke_direct(const GArchInstruction *, GDecContext *); + /* Décompile une instruction de type 'invoke-virtual'. */ GDecInstruction *dalvik_decomp_instr_invoke_virtual(const GArchInstruction *, GDecContext *); +/* Décompile une instruction de type 'iput'. */ +GDecInstruction *dalvik_decomp_instr_iput(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'move-object'. */ +GDecInstruction *dalvik_decomp_instr_move_object(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'move-result'. */ +GDecInstruction *dalvik_decomp_instr_move_result(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'new-instance'. */ +GDecInstruction *dalvik_decomp_instr_new_instance(const GArchInstruction *, GDecContext *); + /* Décompile une instruction de type 'return'. */ GDecInstruction *dalvik_decomp_instr_return(const GArchInstruction *, GDecContext *); diff --git a/src/arch/dalvik/instruction.c b/src/arch/dalvik/instruction.c index b593d51..7949225 100644 --- a/src/arch/dalvik/instruction.c +++ b/src/arch/dalvik/instruction.c @@ -2,7 +2,7 @@ /* OpenIDA - Outil d'analyse de fichiers binaires * instruction.c - gestion des instructions de la VM Dalvik * - * Copyright (C) 2010-2011 Cyrille Bagard + * Copyright (C) 2010-2012 Cyrille Bagard * * This file is part of OpenIDA. * @@ -55,7 +55,7 @@ typedef struct _dalvik_instruction static dalvik_instruction _instructions[DOP_COUNT] = { - [DOP_NOP] = { 0x00, "nop" }, + [DOP_NOP] = { 0x00, "nop", NULL }, [DOP_MOVE] = { 0x01, "move" }, [DOP_MOVE_FROM_16] = { 0x02, "move/from16" }, @@ -63,12 +63,12 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_MOVE_WIDE_FROM_16] = { 0x05, "move-wide/from16" }, - [DOP_MOVE_OBJECT] = { 0x07, "move-object" }, + [DOP_MOVE_OBJECT] = { 0x07, "move-object", dalvik_decomp_instr_move_object }, [DOP_MOVE_OBJECT_FROM_16] = { 0x08, "move-object/from16" }, - [DOP_MOVE_RESULT] = { 0x0a, "move-result" }, - [DOP_MOVE_RESULT_WIDE] = { 0x0b, "move-result-wide" }, - [DOP_MOVE_RESULT_OBJECT] = { 0x0c, "move-result-object" }, + [DOP_MOVE_RESULT] = { 0x0a, "move-result", dalvik_decomp_instr_move_result }, + [DOP_MOVE_RESULT_WIDE] = { 0x0b, "move-result-wide", dalvik_decomp_instr_move_result }, + [DOP_MOVE_RESULT_OBJECT] = { 0x0c, "move-result-object", dalvik_decomp_instr_move_result }, [DOP_MOVE_EXCEPTION] = { 0x0d, "move-exception" }, [DOP_RETURN_VOID] = { 0x0e, "return-void", dalvik_decomp_instr_return_void }, [DOP_RETURN] = { 0x0f, "return", dalvik_decomp_instr_return }, @@ -82,7 +82,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_CONST_WIDE_32] = { 0x17, "const-wide/32" }, [DOP_CONST_WIDE] = { 0x18, "const-wide" }, [DOP_CONST_WIDE_HIGH16] = { 0x19, "const-wide/high16" }, - [DOP_CONST_STRING] = { 0x1a, "const-string" }, + [DOP_CONST_STRING] = { 0x1a, "const-string", dalvik_decomp_instr_const_str }, [DOP_CONST_STRING_JUMBO] = { 0x1b, "const-string/jumbo" }, [DOP_CONST_CLASS] = { 0x1c, "const-class" }, @@ -90,7 +90,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_ARRAY_LENGTH] = { 0x21, "array-length", dalvik_decomp_instr_array_length }, - [DOP_NEW_INSTANCE] = { 0x22, "new-instance" }, + [DOP_NEW_INSTANCE] = { 0x22, "new-instance", dalvik_decomp_instr_new_instance }, [DOP_NEW_ARRAY] = { 0x23, "new-array" }, @@ -135,14 +135,14 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_APUT_BYTE] = { 0x4f, "aput-byte", dalvik_decomp_instr_aput }, [DOP_APUT_CHAR] = { 0x50, "aput-char" }, [DOP_APUT_SHORT] = { 0x51, "aput-short" }, - [DOP_IGET] = { 0x52, "iget" }, + [DOP_IGET] = { 0x52, "iget", dalvik_decomp_instr_iget }, [DOP_IGET_WIDE] = { 0x53, "iget-wide" }, [DOP_IGET_OBJECT] = { 0x54, "iget-object" }, [DOP_IGET_BOOLEAN] = { 0x55, "iget-boolean" }, [DOP_IGET_BYTE] = { 0x56, "iget-byte" }, [DOP_IGET_CHAR] = { 0x57, "iget-char" }, [DOP_IGET_SHORT] = { 0x58, "iget-short" }, - [DOP_IPUT] = { 0x59, "iput" }, + [DOP_IPUT] = { 0x59, "iput", dalvik_decomp_instr_iput }, [DOP_IPUT_WIDE] = { 0x5a, "iput-wide" }, [DOP_IPUT_OBJECT] = { 0x5b, "iput-object" }, [DOP_IPUT_BOOLEAN] = { 0x5c, "iput-boolean" }, @@ -165,7 +165,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_SPUT_SHORT] = { 0x6d, "sput-short" }, [DOP_INVOKE_VIRTUAL] = { 0x6e, "invoke-virtual", dalvik_decomp_instr_invoke_virtual }, [DOP_INVOKE_SUPER] = { 0x6f, "invoke-static" }, - [DOP_INVOKE_DIRECT] = { 0x70, "invoke-direct" }, + [DOP_INVOKE_DIRECT] = { 0x70, "invoke-direct", dalvik_decomp_instr_invoke_direct }, [DOP_INVOKE_STATIC] = { 0x71, "invoke-static" }, [DOP_INVOKE_INTERFACE] = { 0x72, "invoke-interface" }, diff --git a/src/arch/dalvik/opcodes/move.c b/src/arch/dalvik/opcodes/move.c index cb4e274..e6e1e6e 100644 --- a/src/arch/dalvik/opcodes/move.c +++ b/src/arch/dalvik/opcodes/move.c @@ -1,6 +1,6 @@ /* OpenIDA - Outil d'analyse de fichiers binaires - * move.c - décodage des opérations de multiplications + * move.c - décodage des opérations de déplacement * * Copyright (C) 2010-2012 Cyrille Bagard * diff --git a/src/arch/dalvik/operands/args.c b/src/arch/dalvik/operands/args.c index 367a718..16d995c 100644 --- a/src/arch/dalvik/operands/args.c +++ b/src/arch/dalvik/operands/args.c @@ -2,7 +2,7 @@ /* OpenIDA - Outil d'analyse de fichiers binaires * args.c - listes d'opérandes rassemblées en arguments * - * Copyright (C) 2010 Cyrille Bagard + * Copyright (C) 2010-2012 Cyrille Bagard * * This file is part of OpenIDA. * @@ -187,3 +187,44 @@ void g_dalvik_args_operand_add(GDalvikArgsOperand *operand, GArchOperand *arg) operand->args[operand->count - 1] = arg; } + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* * +* Description : Fournit le nombre d'arguments pris en charge. * +* * +* Retour : Nombre positif ou nul. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dalvik_args_count(const GDalvikArgsOperand *operand) +{ + return operand->count; + +} + + +/****************************************************************************** +* * +* Paramètres : operand = opérande à compléter. * +* index = indice de l'argument recherché. * +* * +* Description : Founit un élément de la liste d'arguments Dalvik. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *operand, size_t index) +{ + /* BUG_ON(index >= operand->count) */ + + return operand->args[index]; + +} diff --git a/src/arch/dalvik/operands/args.h b/src/arch/dalvik/operands/args.h index 87ec9ae..70ca153 100644 --- a/src/arch/dalvik/operands/args.h +++ b/src/arch/dalvik/operands/args.h @@ -2,7 +2,7 @@ /* OpenIDA - Outil d'analyse de fichiers binaires * args.h - prototypes pour les listes d'opérandes rassemblées en arguments * - * Copyright (C) 2010 Cyrille Bagard + * Copyright (C) 2010-2012x Cyrille Bagard * * This file is part of OpenIDA. * @@ -56,6 +56,12 @@ GArchOperand *g_dalvik_args_operand_new(void); /* Ajoute un élément à la liste d'arguments Dalvik. */ void g_dalvik_args_operand_add(GDalvikArgsOperand *, GArchOperand *); +/* Fournit le nombre d'arguments pris en charge. */ +size_t g_dalvik_args_count(const GDalvikArgsOperand *); + +/* Founit un élément de la liste d'arguments Dalvik. */ +GArchOperand *g_dalvik_args_operand_get(const GDalvikArgsOperand *, size_t); + #endif /* _ARCH_DALVIK_OPERANDS_ARGS_H */ |