diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2010-11-11 01:22:43 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2010-11-11 01:22:43 (GMT) |
commit | b33a52031c0d44a79604bc8d9036c30bffd020cb (patch) | |
tree | c825e3330684ca57f7c423328cd116b2d6ec0f6a /src/arch/dalvik | |
parent | 828124e38d266e382bb1477ef51c9fac8e81c591 (diff) |
Built some expressions for the decompilation tree.
git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@190 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
Diffstat (limited to 'src/arch/dalvik')
-rw-r--r-- | src/arch/dalvik/Makefile.am | 9 | ||||
-rw-r--r-- | src/arch/dalvik/dop_aget.c | 68 | ||||
-rw-r--r-- | src/arch/dalvik/dop_aput.c | 68 | ||||
-rw-r--r-- | src/arch/dalvik/dop_arithm.c | 175 | ||||
-rw-r--r-- | src/arch/dalvik/dop_array.c | 74 | ||||
-rw-r--r-- | src/arch/dalvik/dop_const.c | 72 | ||||
-rw-r--r-- | src/arch/dalvik/dop_invoke.c | 158 | ||||
-rw-r--r-- | src/arch/dalvik/instruction.c | 110 | ||||
-rw-r--r-- | src/arch/dalvik/instruction.h | 3 | ||||
-rw-r--r-- | src/arch/dalvik/translate.h | 56 |
10 files changed, 764 insertions, 29 deletions
diff --git a/src/arch/dalvik/Makefile.am b/src/arch/dalvik/Makefile.am index a7e099f..8dc93ae 100644 --- a/src/arch/dalvik/Makefile.am +++ b/src/arch/dalvik/Makefile.am @@ -3,6 +3,12 @@ noinst_LTLIBRARIES = libarchdalvik.la libarchdalvik_la_SOURCES = \ instruction.h instruction.c \ + dop_aget.c \ + dop_aput.c \ + dop_arithm.c \ + dop_array.c \ + dop_const.c \ + dop_invoke.c \ op_add.c \ op_aget.c \ op_and.c \ @@ -33,7 +39,8 @@ libarchdalvik_la_SOURCES = \ opcodes.h \ operand.h operand.c \ processor.h processor.c \ - register.h register.c + register.h register.c \ + translate.h libarchdalvik_la_CFLAGS = $(AM_CFLAGS) diff --git a/src/arch/dalvik/dop_aget.c b/src/arch/dalvik/dop_aget.c new file mode 100644 index 0000000..77e6ef2 --- /dev/null +++ b/src/arch/dalvik/dop_aget.c @@ -0,0 +1,68 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_aget.c - décompilation des instructions manipulant des tableaux (chargement) + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../decomp/expr/array.h" +#include "../../decomp/expr/assign.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'aget'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_aget(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *content; /* Contenu de cellule visé */ + GDecInstruction *array; /* Tableau accédé */ + GDecInstruction *index; /* Indice de cellule considérée*/ + GDecInstruction *access; /* Représentation de l'accès */ + + operand = g_arch_instruction_get_operand(instr, 0); + content = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + array = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 2); + index = g_pseudo_register_new(); + + access = g_array_access_new(G_DEC_EXPRESSION(array), G_DEC_EXPRESSION(index)); + result = g_assign_expression_new(G_DEC_EXPRESSION(content), G_DEC_EXPRESSION(access)); + + return result; + +} diff --git a/src/arch/dalvik/dop_aput.c b/src/arch/dalvik/dop_aput.c new file mode 100644 index 0000000..2e4527e --- /dev/null +++ b/src/arch/dalvik/dop_aput.c @@ -0,0 +1,68 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_aput.c - décompilation des instructions manipulant des tableaux (enregistrement) + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../decomp/expr/array.h" +#include "../../decomp/expr/assign.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'aput'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_aput(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *content; /* Contenu de cellule visé */ + GDecInstruction *array; /* Tableau accédé */ + GDecInstruction *index; /* Indice de cellule considérée*/ + GDecInstruction *access; /* Représentation de l'accès */ + + operand = g_arch_instruction_get_operand(instr, 0); + content = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + array = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 2); + index = g_pseudo_register_new(); + + access = g_array_access_new(G_DEC_EXPRESSION(array), G_DEC_EXPRESSION(index)); + result = g_assign_expression_new(G_DEC_EXPRESSION(access), G_DEC_EXPRESSION(content)); + + return result; + +} diff --git a/src/arch/dalvik/dop_arithm.c b/src/arch/dalvik/dop_arithm.c new file mode 100644 index 0000000..388f906 --- /dev/null +++ b/src/arch/dalvik/dop_arithm.c @@ -0,0 +1,175 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_arithm.c - décompilation des opérations arithmétiques + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "instruction.h" +#include "../../decomp/expr/arithm.h" +#include "../../decomp/expr/assign.h" +#include "../../decomp/expr/immediate.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'opérations arithmétiques'.* +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_arithm_2addr(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + ArithmOperationType type; /* Type d'opération menée */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Enregistrement du résultat */ + GDecInstruction *op1; /* Premier opérande utilisé */ + GDecInstruction *op2; /* Second opérande utilisé */ + GDecInstruction *arithm; /* Opération arithmétique */ + + switch (g_dalvik_instruction_get_opcode(G_DALVIK_INSTRUCTION(instr))) + { + case DOP_ADD_INT_2ADDR: + type = AOT_ADD; + break; + case DOP_MUL_INT_2ADDR: + case DOP_MUL_DOUBLE_2ADDR: + type = AOT_MUL; + break; + case DOP_DIV_INT_2ADDR: + type = AOT_DIV; + break; + case DOP_REM_INT_2ADDR: + type = AOT_REM; + break; + case DOP_AND_INT_2ADDR: + type = AOT_AND; + break; + case DOP_OR_INT_2ADDR: + type = AOT_OR; + break; + case DOP_XOR_INT_2ADDR: + type = AOT_XOR; + break; + default: + type = AOT_COUNT; + break; + } + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + op1 = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 2); + op2 = g_pseudo_register_new(); + + arithm = g_arithm_expression_new(G_DEC_EXPRESSION(op1), type, G_DEC_EXPRESSION(op2)); + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(arithm)); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'opérations arithmétiques'.* +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_arithm_lit(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + ArithmOperationType type; /* Type d'opération menée */ + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *dest; /* Enregistrement du résultat */ + GDecInstruction *op1; /* Premier opérande utilisé */ + GDecInstruction *op2; /* Second opérande utilisé */ + GDecInstruction *arithm; /* Opération arithmétique */ + + switch (g_dalvik_instruction_get_opcode(G_DALVIK_INSTRUCTION(instr))) + { + case DOP_ADD_INT_LIT8: + case DOP_ADD_INT_LIT16: + type = AOT_ADD; + break; + case DOP_MUL_INT_LIT8: + case DOP_MUL_INT_LIT16: + type = AOT_MUL; + break; + case DOP_DIV_INT_LIT8: + case DOP_DIV_INT_LIT16: + type = AOT_DIV; + break; + case DOP_REM_INT_LIT8: + case DOP_REM_INT_LIT16: + type = AOT_REM; + break; + case DOP_AND_INT_LIT8: + case DOP_AND_INT_LIT16: + type = AOT_AND; + break; + case DOP_OR_INT_LIT8: + case DOP_OR_INT_LIT16: + type = AOT_OR; + break; + case DOP_XOR_INT_LIT8: + case DOP_XOR_INT_LIT16: + type = AOT_XOR; + break; + default: + type = AOT_COUNT; + break; + } + + operand = g_arch_instruction_get_operand(instr, 0); + dest = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + op1 = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 2); + op2 = g_imm_expression_new(G_IMM_OPERAND(operand)); + + arithm = g_arithm_expression_new(G_DEC_EXPRESSION(op1), type, G_DEC_EXPRESSION(op2)); + result = g_assign_expression_new(G_DEC_EXPRESSION(dest), G_DEC_EXPRESSION(arithm)); + + return result; + +} diff --git a/src/arch/dalvik/dop_array.c b/src/arch/dalvik/dop_array.c new file mode 100644 index 0000000..035b3eb --- /dev/null +++ b/src/arch/dalvik/dop_array.c @@ -0,0 +1,74 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_array.c - décompilation de l'opération récupérant la longueur d'un tableau + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../decomp/expr/assign.h" +#include "../../decomp/expr/dalvik/array.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'array-length'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_array_length(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + + + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *reg; /* Pseudo-registre redéfini */ + GDecInstruction *len; /* Enregistrement de taille */ + + + result = NULL; + + + printf("PAssaage !\n"); + + + + operand = g_arch_instruction_get_operand(instr, 1); + reg = g_pseudo_register_new(); + len = g_dalvik_alength_new(G_DEC_EXPRESSION(reg)); + + operand = g_arch_instruction_get_operand(instr, 0); + reg = g_pseudo_register_new(); + + + result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(len)); + + return result; + +} diff --git a/src/arch/dalvik/dop_const.c b/src/arch/dalvik/dop_const.c new file mode 100644 index 0000000..eab7acd --- /dev/null +++ b/src/arch/dalvik/dop_const.c @@ -0,0 +1,72 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_const.c - décompilation des chargements de constantes + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "../../decomp/expr/assign.h" +#include "../../decomp/expr/immediate.h" + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'const'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_const(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + + + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *reg; /* Pseudo-registre redéfini */ + GDecInstruction *imm; /* Valeur immédiate décompilée */ + + + result = NULL; + + + printf("PAssaage !\n"); + + + + operand = g_arch_instruction_get_operand(instr, 1); + reg = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + imm = g_imm_expression_new(G_IMM_OPERAND(operand)); + + result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(imm)); + + return result; + +} diff --git a/src/arch/dalvik/dop_invoke.c b/src/arch/dalvik/dop_invoke.c new file mode 100644 index 0000000..e4fa1fb --- /dev/null +++ b/src/arch/dalvik/dop_invoke.c @@ -0,0 +1,158 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dop_invoke.c - décompilation des appels de méthode + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "translate.h" + + +#include "instruction.h" +#include "operand.h" +#include "../../decomp/expr/assign.h" +#include "../../decomp/expr/call.h" +#include "../../format/dex/pool.h" + + + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de type 'invoke-virtual'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_decomp_instr_invoke_virtual(const GArchInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + + + size_t count; /* Quantité d'opérandes */ + GArchOperand *op; /* Opérande de l'instruction */ + uint32_t index; /* Indice de l'élément visé */ + GDexFormat *format; /* Accès aux constantes */ + GBinRoutine *routine; /* Routine visée par l'appel */ + + const char *string; /* Chaîne à afficher */ + GOpenidaType *type; /* Type quelconque */ + char *tmp; /* Chaîne à afficher & libérer */ + + + + GArchOperand *operand; /* Opérande de l'instruction */ + GDecInstruction *reg; /* Pseudo-registre redéfini */ + GDecInstruction *imm; /* Valeur immédiate décompilée */ + + GArchInstruction *iter; /* Boucle de parcours */ + vmpa_t max; /* Limite à ne pas dépasser */ + + + result = NULL; + + + printf("PAssaage !\n"); + + + + + + + /* Récupération de la méthode */ + + count = g_arch_instruction_count_operands(instr); + op = g_arch_instruction_get_operand(instr, count - 1); + + index = g_dalvik_pool_operand_get_index(G_DALVIK_POOL_OPERAND(op)); + + printf("POOL ?? %d -> %d\n", G_IS_DALVIK_POOL_OPERAND(op), index); + + format = G_DEX_FORMAT(g_object_get_data(G_OBJECT(ctx), "format")); + routine = get_routine_from_dex_pool(format, index); + if (routine == NULL) return NULL; + + +#if 0 + if (operand->cache.method == NULL) + g_content_exporter_insert_into_buffer(exporter, buffer, BLC_ASSEMBLY, + "<bad_method_index>", 18, RTT_VAR_NAME); + + else + { + tmp = g_binary_routine_to_string(operand->cache.method); + + g_content_exporter_insert_into_buffer(exporter, buffer, BLC_ASSEMBLY, + tmp, strlen(tmp), RTT_VAR_NAME); + + free(tmp); + + +#endif + + result = g_routine_call_new(routine, true); + + //GDecInstruction *g_routine_call_new(GBinRoutine *routine, bool is_object) + /* + operand = g_arch_instruction_get_operand(instr, 1); + reg = g_pseudo_register_new(); + + operand = g_arch_instruction_get_operand(instr, 1); + imm = g_imm_expression_new(G_IMM_OPERAND(operand)); + + result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(imm)); + */ + + + + + + /* Récupération d'un résultat ? */ + + iter = instr; + max = g_dec_context_get_max_address(ctx); + + iter = g_arch_instruction_get_next_iter(instr, iter, max); + + if (iter != NULL) + switch (g_dalvik_instruction_get_opcode(G_DALVIK_INSTRUCTION(iter))) + { + case DOP_MOVE_RESULT: + + operand = g_arch_instruction_get_operand(instr, 0); + reg = g_pseudo_register_new(); + + result = g_assign_expression_new(G_DEC_EXPRESSION(reg), G_DEC_EXPRESSION(result)); + + break; + + default: + break; + + } + + return result; + +} diff --git a/src/arch/dalvik/instruction.c b/src/arch/dalvik/instruction.c index 13c8e83..e8059d6 100644 --- a/src/arch/dalvik/instruction.c +++ b/src/arch/dalvik/instruction.c @@ -24,7 +24,8 @@ #include "instruction.h" -#include "../instruction-int.h" +#include "translate.h" +#include "../instruction-int.h" @@ -63,6 +64,8 @@ typedef struct _dalvik_instruction const char *keyword; /* Mot clef de la commande */ + decomp_instr_fc decomp; /* Procédure de décompilation */ + } dalvik_instruction; @@ -81,7 +84,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_RETURN] = { 0x0f, "return" }, [DOP_RETURN_WIDE] = { 0x10, "return-wide" }, [DOP_RETURN_OBJECT] = { 0x11, "return-object" }, - [DOP_CONST_4] = { 0x12, "const/4" }, + [DOP_CONST_4] = { 0x12, "const/4", dalvik_decomp_instr_const }, [DOP_CONST_16] = { 0x13, "const/16" }, [DOP_CONST] = { 0x14, "const" }, [DOP_CONST_HIGH16] = { 0x15, "const/high16" }, @@ -94,7 +97,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_CHECK_CAST] = { 0x1f, "check-cast" }, - [DOP_ARRAY_LENGTH] = { 0x21, "array-length" }, + [DOP_ARRAY_LENGTH] = { 0x21, "array-length", dalvik_decomp_instr_array_length }, [DOP_NEW_INSTANCE] = { 0x22, "new-instance" }, [DOP_NEW_ARRAY] = { 0x23, "new-array" }, @@ -126,14 +129,14 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_AGET_WIDE] = { 0x45, "aget-wide" }, [DOP_AGET_OBJECT] = { 0x46, "aget-object" }, [DOP_AGET_BOOLEAN] = { 0x47, "aget-boolean" }, - [DOP_AGET_BYTE] = { 0x48, "aget-byte" }, + [DOP_AGET_BYTE] = { 0x48, "aget-byte", dalvik_decomp_instr_aget }, [DOP_AGET_CHAR] = { 0x49, "aget-char" }, [DOP_AGET_SHORT] = { 0x4a, "aget-short" }, [DOP_APUT] = { 0x4b, "aput" }, [DOP_APUT_WIDE] = { 0x4c, "aput-wide" }, [DOP_APUT_OBJECT] = { 0x4d, "aput-object" }, [DOP_APUT_BOOLEAN] = { 0x4e, "aput-boolean" }, - [DOP_APUT_BYTE] = { 0x4f, "aput-byte" }, + [DOP_APUT_BYTE] = { 0x4f, "aput-byte", dalvik_decomp_instr_aput }, [DOP_APUT_CHAR] = { 0x50, "aput-char" }, [DOP_APUT_SHORT] = { 0x51, "aput-short" }, [DOP_IGET] = { 0x52, "iget" }, @@ -164,7 +167,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_SPUT_BYTE] = { 0x6b, "sput-byte" }, [DOP_SPUT_CHAR] = { 0x6c, "sput-char" }, [DOP_SPUT_SHORT] = { 0x6d, "sput-short" }, - [DOP_INVOKE_VIRTUAL] = { 0x6e, "invoke-virtual" }, + [DOP_INVOKE_VIRTUAL] = { 0x6e, "invoke-virtual", dalvik_decomp_instr_invoke_virtual }, [DOP_INVOKE_SUPER] = { 0x6f, "invoke-static" }, [DOP_INVOKE_DIRECT] = { 0x70, "invoke-direct" }, [DOP_INVOKE_STATIC] = { 0x71, "invoke-static" }, @@ -195,34 +198,34 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_XOR_INT] = { 0x97, "xor-int" }, - [DOP_ADD_INT_2ADDR] = { 0xb0, "add-int/2addr" }, + [DOP_ADD_INT_2ADDR] = { 0xb0, "add-int/2addr", dalvik_decomp_instr_arithm_2addr }, - [DOP_MUL_INT_2ADDR] = { 0xb2, "mul-int/2addr" }, - [DOP_DIV_INT_2ADDR] = { 0xb3, "div-int/2addr" }, - [DOP_REM_INT_2ADDR] = { 0xb4, "rem-int/2addr" }, - [DOP_AND_INT_2ADDR] = { 0xb5, "and-int/2addr" }, - [DOP_OR_INT_2ADDR] = { 0xb6, "or-int/2addr" }, - [DOP_XOR_INT_2ADDR] = { 0xb7, "xor-int/2addr" }, + [DOP_MUL_INT_2ADDR] = { 0xb2, "mul-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_DIV_INT_2ADDR] = { 0xb3, "div-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_REM_INT_2ADDR] = { 0xb4, "rem-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_AND_INT_2ADDR] = { 0xb5, "and-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_OR_INT_2ADDR] = { 0xb6, "or-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_XOR_INT_2ADDR] = { 0xb7, "xor-int/2addr", dalvik_decomp_instr_arithm_2addr }, - [DOP_MUL_DOUBLE_2ADDR] = { 0xcd, "mul-double/2addr" }, + [DOP_MUL_DOUBLE_2ADDR] = { 0xcd, "mul-double/2addr", dalvik_decomp_instr_arithm_2addr }, - [DOP_ADD_INT_LIT16] = { 0xd0, "add-int/lit16" }, + [DOP_ADD_INT_LIT16] = { 0xd0, "add-int/lit16", dalvik_decomp_instr_arithm_lit }, [DOP_RSUB_INT] = { 0xd1, "rsub-int" }, - [DOP_MUL_INT_LIT16] = { 0xd2, "mul-int/lit16" }, - [DOP_DIV_INT_LIT16] = { 0xd3, "div-int/lit16" }, - [DOP_REM_INT_LIT16] = { 0xd4, "rem-int/lit16" }, - [DOP_AND_INT_LIT16] = { 0xd5, "and-int/lit16" }, - [DOP_OR_INT_LIT16] = { 0xd6, "or-int/lit16" }, - [DOP_XOR_INT_LIT16] = { 0xd7, "xor-int/lit16" }, - [DOP_ADD_INT_LIT8] = { 0xd8, "add-int/lit8" }, + [DOP_MUL_INT_LIT16] = { 0xd2, "mul-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_DIV_INT_LIT16] = { 0xd3, "div-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_REM_INT_LIT16] = { 0xd4, "rem-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_AND_INT_LIT16] = { 0xd5, "and-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_OR_INT_LIT16] = { 0xd6, "or-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_XOR_INT_LIT16] = { 0xd7, "xor-int/lit16", dalvik_decomp_instr_arithm_lit }, + [DOP_ADD_INT_LIT8] = { 0xd8, "add-int/lit8", dalvik_decomp_instr_arithm_lit }, [DOP_RSUB_INT_LIT8] = { 0xd9, "rsub-int/lit8" }, - [DOP_MUL_INT_LIT8] = { 0xda, "mul-int/lit8" }, - [DOP_DIV_INT_LIT8] = { 0xdb, "div-int/lit8" }, - [DOP_REM_INT_LIT8] = { 0xdc, "rem-int/lit8" }, - [DOP_AND_INT_LIT8] = { 0xdd, "and-int/lit8" }, - [DOP_OR_INT_LIT8] = { 0xde, "or-int/lit8" }, - [DOP_XOR_INT_LIT8] = { 0xdf, "xor-int/lit8" } + [DOP_MUL_INT_LIT8] = { 0xda, "mul-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_DIV_INT_LIT8] = { 0xdb, "div-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_REM_INT_LIT8] = { 0xdc, "rem-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_AND_INT_LIT8] = { 0xdd, "and-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_OR_INT_LIT8] = { 0xde, "or-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_XOR_INT_LIT8] = { 0xdf, "xor-int/lit8", dalvik_decomp_instr_arithm_lit } }; @@ -237,6 +240,9 @@ static InstructionLinkType dalvik_get_instruction_link(const GDalvikInstruction /* Indique si l'instruction correspond à un retour de fonction. */ static bool dalvik_instruction_is_return(const GDalvikInstruction *); +/* Décompile une instruction de la machine virtuelle Dalvik. */ +GDecInstruction *dalvik_instruction_decompile(const GDalvikInstruction *, GDecContext *); + /* Indique le type défini pour une instruction d'architecture Dalvik. */ @@ -283,6 +289,7 @@ static void g_dalvik_instruction_init(GDalvikInstruction *instr) parent->get_text = (get_instruction_text_fc)dalvik_get_instruction_text; parent->get_link = (get_instruction_link_fc)dalvik_get_instruction_link; parent->is_return = (is_instruction_return_fc)dalvik_instruction_is_return; + parent->decomp = (decomp_instr_fc)dalvik_instruction_decompile; } @@ -312,6 +319,25 @@ GArchInstruction *g_dalvik_instruction_new(DalvikOpcodes type) } +/****************************************************************************** +* * +* Paramètres : instr = instruction Dalvik à consulter. * +* * +* Description : Indique l'opcode associé à une instruction Dalvik. * +* * +* Retour : Identifiant de l'instruction en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DalvikOpcodes g_dalvik_instruction_get_opcode(const GDalvikInstruction *instr) +{ + return instr->type; + +} + + /* ---------------------------------------------------------------------------------- */ /* AIDE A LA MISE EN PLACE D'INSTRUCTIONS */ @@ -409,3 +435,31 @@ static bool dalvik_instruction_is_return(const GDalvikInstruction *instr) return (instr->type == DOP_RETURN_VOID); } + + +/****************************************************************************** +* * +* Paramètres : instr = instruction d'origine à convertir. * +* ctx = contexte de la phase de décompilation. * +* * +* Description : Décompile une instruction de la machine virtuelle Dalvik. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDecInstruction *dalvik_instruction_decompile(const GDalvikInstruction *instr, GDecContext *ctx) +{ + GDecInstruction *result; /* Instruction à retourner */ + + if (_instructions[instr->type].decomp != NULL) + result = _instructions[instr->type].decomp(G_ARCH_INSTRUCTION(instr), ctx); + + else + result = NULL; + + return result; + +} diff --git a/src/arch/dalvik/instruction.h b/src/arch/dalvik/instruction.h index cc7f845..8eaed17 100644 --- a/src/arch/dalvik/instruction.h +++ b/src/arch/dalvik/instruction.h @@ -214,6 +214,9 @@ GType g_dalvik_instruction_get_type(void); /* Crée une instruction pour l'architecture Dalvik. */ GArchInstruction *g_dalvik_instruction_new(DalvikOpcodes); +/* Indique l'opcode associé à une instruction Dalvik. */ +DalvikOpcodes g_dalvik_instruction_get_opcode(const GDalvikInstruction *); + /* --------------------- AIDE A LA MISE EN PLACE D'INSTRUCTIONS --------------------- */ diff --git a/src/arch/dalvik/translate.h b/src/arch/dalvik/translate.h new file mode 100644 index 0000000..779c133 --- /dev/null +++ b/src/arch/dalvik/translate.h @@ -0,0 +1,56 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * translate.h - prototypes pour les environnements de traduction d'instructions Dalvik + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _ANALYSIS_DECOMP_RTL_DALVIK_TRANSLATE_H +#define _ANALYSIS_DECOMP_RTL_DALVIK_TRANSLATE_H + + +#include "../translate.h" + + + +/* Décompile une instruction de type 'aget'. */ +GDecInstruction *dalvik_decomp_instr_aget(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'aput'. */ +GDecInstruction *dalvik_decomp_instr_aput(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'array-length'. */ +GDecInstruction *dalvik_decomp_instr_array_length(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'const'. */ +GDecInstruction *dalvik_decomp_instr_const(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'invoke-virtual'. */ +GDecInstruction *dalvik_decomp_instr_invoke_virtual(const GArchInstruction *, GDecContext *); + + +/* Décompile une instruction de type 'opérations arithmétiques'. */ +GDecInstruction *dalvik_decomp_instr_arithm_2addr(const GArchInstruction *, GDecContext *); + +/* Décompile une instruction de type 'opérations arithmétiques'. */ +GDecInstruction *dalvik_decomp_instr_arithm_lit(const GArchInstruction *, GDecContext *); + + + +#endif /* _ANALYSIS_DECOMP_RTL_DALVIK_TRANSLATE_H */ |