diff options
Diffstat (limited to 'plugins/dwarf')
33 files changed, 6718 insertions, 0 deletions
diff --git a/plugins/dwarf/Makefile.am b/plugins/dwarf/Makefile.am new file mode 100644 index 0000000..3020643 --- /dev/null +++ b/plugins/dwarf/Makefile.am @@ -0,0 +1,39 @@ + +noinst_LTLIBRARIES = libformatdwarf.la + +libformatdwarf_la_SOURCES = \ + abbrev.h abbrev.c \ + die.h die.c \ + dwarf.h dwarf.c \ + dwarf-int.h dwarf-int.c \ + dwarf_def.h \ + form.h form.c \ + info.h info.c \ + symbols.h symbols.c + +# libformatdwarf_la_SOURCES = \ +# abbrev.h abbrev.c \ +# dwarf.h dwarf.c \ +# d_dwarf.h d_dwarf.c \ +# dwarf_def.h \ +# info.h info.c \ +# utils.h utils.c + +libformatdwarf_la_LIBADD = \ + v2/libformatdwarfv2.la \ + v3/libformatdwarfv3.la \ + v4/libformatdwarfv4.la + +libformatdwarf_la_LDFLAGS = $(LIBGTK_LIBS) + + +devdir = $(includedir)/chrysalide/$(subdir:src/%=%) + +dev_HEADERS = $(libformatdwarf_la_SOURCES:%c=) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + +SUBDIRS = v2 v3 v4 diff --git a/plugins/dwarf/abbrev.c b/plugins/dwarf/abbrev.c new file mode 100644 index 0000000..f214430 --- /dev/null +++ b/plugins/dwarf/abbrev.c @@ -0,0 +1,1390 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * abbrev.c - manipulation des abréviation DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "abbrev.h" + + +#include <malloc.h> + + +#include "dwarf-int.h" + + + + + +/* Description d'un attribut d'une abréviation */ +typedef struct _dw_abbrev_attr +{ + DwarfAttrib name; /* Sujet de l'élément */ + DwarfForm form; /* Représentation */ + +} dw_abbrev_attr; + + +/* Description d'une abréviation */ +struct _dw_abbrev +{ + uleb128_t code; /* Identifiant attribué */ + DwarfTag tag; /* Sujet de l'élément */ + + dw_abbrev_attr *attribs; /* Liste des attributs */ + size_t attribs_count; /* Nombre de ces attributs */ + + struct _dw_abbrev **children; /* Liste des sous-éléments */ + size_t children_count; /* Nombre de ces enfants */ + +}; + + + + + +/* Procède à la conversion de base d'une abréviation DWARF. */ +static bool check_abbreviation_decl(const GDwarfFormat *, const dw_abbrev_decl *, dw_abbrev *); + +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +static bool check_abbreviation_attrib(const GDwarfFormat *, const dw_abbrev_raw_attr *, dw_abbrev_attr *); + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à constituer. * +* * +* Description : Charge toutes les abbréviations présentes dans un DWARF. * +* * +* Retour : Bilan de l'opération, potentiellement un succès sans sortie. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_all_dwarf_abbreviations(GDwarfFormat *format) +{ + bool result; /* Bilan à faire remonter */ + mrange_t range; /* Couverture d'une section */ + vmpa2t *pos; /* Position de tête de lecture */ + + result = g_exe_format_get_section_range_by_name(G_DBG_FORMAT(format)->executable, ".debug_abbrev", &range); + + pos = get_mrange_addr(&range); + + printf("start :: 0x%08x\n", (unsigned int)pos->physical); + + result &= load_dwarf_abbreviation(format, pos, &format->abbreviations); + + printf("abbrevs :: %p\n", format->abbreviations); + + if (format->abbreviations != NULL) + printf(" -> children : %zu\n", format->abbreviations->children_count); + else + printf(" -> (nothing)\n"); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à faire évoluer. * +* abbrev = abréviation lue et complète, NULL si aucune. [OUT] * +* * +* Description : Charge une abréviation valide pour un DWARF en mémoire. * +* * +* Retour : Bilan de l'opération, potentiellement un succès sans sortie. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_dwarf_abbreviation(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev **abbrev) +{ + dw_abbrev_decl decl; /* En-tête d'abréviation */ + bool status; /* Bilan d'une lecture */ + dw_abbrev_raw_attr attr; /* Attribut de l'abréviation */ + dw_abbrev *child; /* Rejeton à intégrer */ + + *abbrev = NULL; + + /** + * Cette routine est la transcription du paragraphe 7.5.3 ("Abbreviations Tables"), + * de la quatrième version de la définition du format DWARF. + * + * La spécification précise : + * + * As mentioned in Section 2.3, each chain of sibling entries is terminated by a null entry. + * + * Cependant, ce formalisme n'est pas constaté dans la pratique. D'ailleurs, readelf + * comporte le commentaire suivant dans le fichier 'dwarf_reader.cc' : + * + * Read the abbrev code. A zero here indicates the end of the abbrev table. + * + */ + + if (!read_dwarf_abbrev_decl(format, pos, &decl)) + goto lda_bad_exit; + + if (decl.code == 0) + goto lda_exit; + + *abbrev = (dw_abbrev *)calloc(1, sizeof(dw_abbrev)); + + if (!check_abbreviation_decl(format, &decl, *abbrev)) + goto lda_bad_exit; + + /* Chargement des attributs */ + + for (;;) + { + status = read_dwarf_abbrev_attr(format, pos, &attr); + if (!status) goto lda_bad_exit; + + printf(" -- [0x%llx] [0x%llx] name = %u\tform = %u\n", + (unsigned long long)pos->physical, + (unsigned long long)decl.code, + (unsigned int)attr.name, (unsigned int)attr.form); + + if (attr.name == DW_ATTR_invalid && attr.form == DW_FORM_invalid) + break; + + (*abbrev)->attribs_count++; + (*abbrev)->attribs = (dw_abbrev_attr *)realloc((*abbrev)->attribs, + (*abbrev)->attribs_count * sizeof(dw_abbrev_attr)); + + status = check_abbreviation_attrib(format, &attr, + &(*abbrev)->attribs[(*abbrev)->attribs_count - 1]); + if (!status) goto lda_bad_exit; + + } + + /* Chargement des enfants */ + + printf(" || children ? %d vs %d\n", (int)decl.has_children, (int)DW_CHILDREN_yes); + + if (decl.has_children == DW_CHILDREN_yes) + for (;;) + { + status = load_dwarf_abbreviation(format, pos, &child); + if (!status) goto lda_bad_exit; + + if (child == NULL) + break; + + (*abbrev)->children_count++; + (*abbrev)->children = (dw_abbrev **)realloc((*abbrev)->children, + (*abbrev)->children_count * sizeof(dw_abbrev)); + + (*abbrev)->children[(*abbrev)->children_count - 1] = child; + + } + + lda_exit: + + return true; + + lda_bad_exit: + + free_dwarf_abbreviation(*abbrev); + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à traiter. * +* * +* Description : Supprime de la mémoire toute trace d'une abréviation DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void free_dwarf_abbreviation(dw_abbrev *abbrev) +{ + size_t i; /* Boucle de parcours */ + + if (abbrev->attribs != NULL) + free(abbrev->attribs); + + if (abbrev->children != NULL) + { + for (i = 0; i < abbrev->children_count; i++) + free_dwarf_abbreviation(abbrev->children[i]); + + free(abbrev->attribs); + + } + + free(abbrev); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* decl = structure brute dont le contenu est à valider. * +* abbrev = abréviation à constituer à partir du brut. [OUT] * +* * +* Description : Procède à la conversion de base d'une abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool check_abbreviation_decl(const GDwarfFormat *format, const dw_abbrev_decl *decl, dw_abbrev *abbrev) +{ + bool result; /* Validité à retourner */ + + result = (decl->has_children == DW_CHILDREN_no + || decl->has_children == DW_CHILDREN_yes); + + + /* TODO : vérifier les bornes de 'tag' */ + + + if (result) + { + abbrev->code = decl->code; + abbrev->tag = decl->tag; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* decl = structure brute dont le contenu est à valider. * +* abbrev = abréviation à constituer à partir du brut. [OUT] * +* * +* Description : Procède à la conversion d'un attribut d'abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool check_abbreviation_attrib(const GDwarfFormat *format, const dw_abbrev_raw_attr *attr, dw_abbrev_attr *attrib) +{ + bool result; /* Validité à retourner */ + + result = true; + + + /* TODO : vérifier les bornes de 'name' et 'form' */ + + + if (result) + { + attrib->name = attr->name; + attrib->form = attr->form; + + + + } + + return result; + +} + + + + + + + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * +* * +* Description : Fournit l'étiquette associée à l'ensemble des attributs. * +* * +* Retour : Etiquette officielle de l'ensemble représenté. * +* * +* Remarques : - * +* * +******************************************************************************/ + +DwarfTag dwarf_abbreviation_get_tag(const dw_abbrev *abbrev) +{ + return abbrev->tag; + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * +* * +* Description : Compte le nombre d'attributs présents dans une abréviation. * +* * +* Retour : Quantité d'attributs pris en compte dans l'abréviation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t dwarf_abbreviation_count_attribs(const dw_abbrev *abbrev) +{ + return abbrev->attribs_count; + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * +* attrib = désignation de l'attribut à retrouver. * +* index = indice de cet attribut dans l'ensemble. [OUT] * +* * +* Description : Recherche un attribut dans une abréviation. * +* * +* Retour : Indication sur le bilan des recherches. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dwarf_abbreviation_get_attrib_index(const dw_abbrev *abbrev, DwarfAttrib attrib, size_t *index) +{ + bool result; /* Etat de validité à renvoyer */ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < abbrev->attribs_count; i++) + if (abbrev->attribs[i].name == attrib) + break; + + if (i < abbrev->attribs_count) + { + result = true; + *index = i; + } + else + result = false; + + return result; + +} + + + + + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * +* attrib = désignation de l'attribut à retrouver. * +* index = indice de cet attribut dans l'ensemble. * +* form = type de valeur attendu pour un attribut donné. [OUT]* +* * +* Description : Détermine le type d'un attribut dans une abréviation. * +* * +* Retour : Indication sur le bilan des accès. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dwarf_abbreviation_get_form_for_index(const dw_abbrev *abbrev, size_t index, DwarfForm *form) +{ + if (index >= abbrev->attribs_count) + return false; + + *form = abbrev->attribs[index].form; + + return true; + +} + + + + + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * +* * +* Description : Indique si une abbréviation comporte des sous-définitions. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dwarf_abbreviation_has_children(const dw_abbrev *abbrev) +{ + return (abbrev->children_count > 0); + +} + + + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* code = identifiant de l'abbréviation recherchée. * +* * +* Description : Recherche une abréviation DWARF donnée. * +* * +* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_abbrev *find_dwarf_abbreviations(const GDwarfFormat *format, uleb128_t code) +{ + const dw_abbrev *result; /* Trouvaille à retourner */ + + if (format->abbreviations->code == code) + result = format->abbreviations; + + else + { + const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *abbrev, uleb128_t c) + { + const dw_abbrev *found; /* Trouvaille à retourner */ + size_t i; /* Boucle de parcours */ + + if (abbrev->code == c) + found = abbrev; + else + { + found = NULL; + + for (i = 0; i < abbrev->children_count && found == NULL; i++) + found = _find_dwarf_abbreviations(abbrev->children[i], c); + + } + + return found; + + } + + result = _find_dwarf_abbreviations(format->abbreviations, code); + + } + + return result; + +} + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = contenu binaire de débogage à parcourir. * +* cu = unité de compilation parente. * +* form = nature de la valeur à lire. * +* pos = tête de lecture au sein des données. [OUT] * +* value = valeur au format donné lue. [OUT] * +* * +* Description : Lit la valeur correspondant à un type donné. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +dw_value *translate_abbreviation_attributes(const GDwarfFormat *format, const dw_abbrev *abbrev, const dw_compil_unit_header *cu, vmpa2t *pos) +{ + dw_value *result; /* Valeurs lues retournées */ + size_t i; /* Boucle de parcours */ + bool status; /* Bilan d'une lecture */ + + result = (dw_value *)calloc(abbrev->attribs_count, sizeof(dw_value)); + + for (i = 0; i < abbrev->attribs_count; i++) + { + result[i].attrib = abbrev->attribs[i].name; + + printf("-- loading attrib %x (%u) -- form = %x (%u) -- pos = %llx --\n", + (unsigned int)abbrev->attribs[i].name, + (unsigned int)abbrev->attribs[i].name, + (unsigned int)abbrev->attribs[i].form, + (unsigned int)abbrev->attribs[i].form, + (unsigned long long)(pos->physical - 0x1039)); + + status = G_DWARF_FORMAT_GET_CLASS(format)->read_form(format, cu, + abbrev->attribs[i].form, pos, &result[i].value); + if (!status) printf("[%zu] failed for %x\n", i, abbrev->attribs[i].form); + if (status) printf("[%zu] success for %x\n", i, abbrev->attribs[i].form); + printf(" current pos :: %llx\n", (unsigned long long)(pos->physical - 0x1039)); + if (!status) break; + + } + + if (i != abbrev->attribs_count) + { + free(result); + result = NULL; + } + + return result; + +} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +#if 0 + +#include <malloc.h> +#include <stdarg.h> +#include <string.h> + + +#include "utils.h" + + + +#include <ctype.h> + + + +/* Libère de la mémoire une abréviation DWARF. */ +void free_dwarf_abbrev(dw_abbrev *); + +/* Charge une abréviations DWARF. */ +dw_abbrev *read_dwarf_abbreviations(dwarf_format *, off_t *, uint64_t *); + +/* Recherche une abréviation DWARF donnée. */ +const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *, uint8_t *); + +/* Lit la valeur d'un attribut DWARF. */ +bool _read_dwarf_abbrev_attribute(dwarf_format *, off_t *, DwarfForm, ...); + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* * +* Description : Charge les abréviations trouvées pour un DWARF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_dwarf_abbreviations(dwarf_format *format) +{ + bool result; /* Bilan à renvoyer */ + + + + + off_t offset; + off_t start; + off_t size; + + bool test; + + int i; + + + dw_abbrev *abbrev; + uint64_t index; + + printf("Searching...\n"); + + + result = true; + + test = find_exe_section(DBG_FORMAT(format)->e_format, ".debug_abbrev", &start, &size, NULL); + + offset = start; + + + printf(" -> offset=%d size=%d\n", offset, size); + + + + for (i = 0; i < size; i++) + { + if (i % 10 == 0) printf("\n"); + printf("0x%02hhx ", DBG_FORMAT(format)->content[offset + i]); + } + + printf("\n"); + + + + + while (offset < (start + size)) + { + abbrev = read_dwarf_abbreviations(format, &offset, &index); + + offset++; /* 0x00 */ + + printf("abbrev :: %p\n", abbrev); + + if (abbrev != NULL) + { + abbrev->offset -= start; + + format->abbrevs = (dw_abbrev **)realloc(format->abbrevs, ++format->abbrevs_count * sizeof(dw_abbrev *)); + format->abbrevs[format->abbrevs_count - 1] = abbrev; + + printf(" %d attribs, %d children\n", abbrev->attribs_count, abbrev->children_count); + + } + else + { + unload_dwarf_abbreviations(format); + result = false; + break; + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à effacer. * +* * +* Description : Décharge les abréviations trouvées pour un DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void unload_dwarf_abbreviations(dwarf_format *format) +{ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < format->abbrevs_count; i++) + free_dwarf_abbrev(format->abbrevs[i]); + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = élément à supprimer de la mémoire. * +* * +* Description : Libère de la mémoire une abréviation DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void free_dwarf_abbrev(dw_abbrev *abbrev) +{ + size_t i; /* Boucle de parcours */ + + for (i = 0; i < abbrev->children_count; i++) + free_dwarf_abbrev(abbrev->children[i]); + + free(abbrev->attribs); + free(abbrev->children); + + free(abbrev); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* index = code de l'abréviation. [OUT] * +* * +* Description : Charge une abréviation DWARF. * +* * +* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +dw_abbrev *read_dwarf_abbreviations(dwarf_format *format, off_t *pos, uint64_t *index) +{ + dw_abbrev *result; /* Abréviation à retourner */ + bool has_children; /* Indique la présence de fils */ + uint64_t value1; /* Valeur quelconque lue #1 */ + uint64_t value2; /* Valeur quelconque lue #2 */ + uint64_t sub_index; /* Indice d'un sous-élément */ + dw_abbrev *child; /* Sous-élément à intégrer */ + + result = (dw_abbrev *)calloc(1, sizeof(dw_abbrev)); + + result->offset = *pos; + + /* Code de l'élément */ + if (!read_uleb128(format, pos, index, true)) goto rda_error; + + if (!read_uleb128(format, pos, &value1, true)) goto rda_error; + result->tag = value1; + + printf(" --ta :: 0x%02llx\n", value1); + + if (*pos >= DBG_FORMAT(format)->length) goto rda_error; + has_children = (DBG_FORMAT(format)->content[(*pos)++] == DW_CHILDREN_YES); + + printf(" --ch ? %d\n", has_children); + + /* Liste des attributs */ + + while (DBG_FORMAT(format)->content[*pos] != 0x00) + { + if (!read_uleb128(format, pos, &value1, true)) goto rda_error; + if (!read_uleb128(format, pos, &value2, true)) goto rda_error; + + result->attribs = (dw_abbrev_attr *)realloc(result->attribs, ++result->attribs_count * sizeof(dw_abbrev_attr)); + + result->attribs[result->attribs_count - 1].attrib = value1; + result->attribs[result->attribs_count - 1].form = value2; + + } + + (*pos) += 2; /* 0x00 0x00 */ + + /* Chargement des sous-éléments */ + + if (has_children) + while (DBG_FORMAT(format)->content[*pos] != 0x00) + { + child = read_dwarf_abbreviations(format, pos, &sub_index); + + if (child == NULL) goto rda_error; + + if ((sub_index - *index - 1) != result->children_count) goto rda_error; + + result->children = (dw_abbrev **)realloc(result->children, ++result->children_count * sizeof(dw_abbrev *)); + + result->children[result->children_count - 1] = child; + + } + + return result; + + rda_error: + + free_dwarf_abbrev(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = abréviation racine à parcourir. * +* index = code de l'abréviation. [OUT] * +* * +* Description : Recherche une abréviation DWARF donnée. * +* * +* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *abbrev, uint8_t *index) +{ + const dw_abbrev *result; /* Structure à retourner */ + size_t i; /* Boucle de parcours */ + + result = NULL; + + if (*index == 0) result = abbrev; + else + for (i = 0; i < abbrev->children_count && result == NULL; i++) + { + (*index)--; + result = _find_dwarf_abbreviations(abbrev->children[i], index); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* offset = position dans les abréviations. * +* pos = position dans le flux binaire courant. [OUT] * +* * +* Description : Recherche une abréviation DWARF donnée. * +* * +* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_abbrev *find_dwarf_abbreviations(dwarf_format *format, const off_t *offset, off_t *pos) +{ + const dw_abbrev *result; /* Structure à retourner */ + uint64_t index; /* Code de l'abréviation */ + size_t i; /* Boucle de parcours */ + + result = NULL; + + do + { + if (!read_uleb128(format, pos, &index, true)) + { + printf("error skipping padding...\n"); + return NULL; + } + } + while (index == 0); + + for (i = 0; i < format->abbrevs_count; i++) + if (format->abbrevs[i]->offset == *offset) break; + + if (i < format->abbrevs_count) + { + index--; + result = _find_dwarf_abbreviations(format->abbrevs[i], &index); + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : abbrev = informations à parcourir. * +* attrib = attribut visé par la lecture. * +* * +* Description : Indique la présence ou l'absence d'un attribut donné. * +* * +* Retour : true si l'attribut est présent, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool test_dwarf_abbrev_attribute(const dw_abbrev *abbrev, DwarfAttrib attrib) +{ + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ + + result = false; + + for (i = 0; i < abbrev->attribs_count && !result; i++) + result = (abbrev->attribs[i].attrib == attrib); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* form = format des données à lire. * +* ... = lieu d'enregistrement ou NULL. [OUT] * +* * +* Description : Lit la valeur d'un attribut DWARF. * +* * +* Retour : true si la lecture est un succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool _read_dwarf_abbrev_attribute(dwarf_format *format, off_t *pos, DwarfForm form, ...) +{ + bool result; /* Bilan à revoyer */ + va_list ap; /* Adresse fournie en dernier */ + uint8_t *val8; /* Données sur 8 bits */ + uint16_t *val16; /* Données sur 16 bits */ + uint32_t *val32; /* Données sur 32 bits */ + uint64_t *val64; /* Données sur 64 bits */ + uint64_t *sval64; /* Données sur 64 bits (signée)*/ + bool *boolval; /* Valeur booléenne */ + uint8_t tmp8; /* Données sur 8 bits */ + uint16_t tmp16; /* Données sur 16 bits */ + uint32_t tmp32; /* Données sur 32 bits */ + uint64_t tmp64; /* Données sur 64 bits */ + uint64_t stmp64; /* Données sur 64 bits (signée)*/ + uint64_t size_to_read; /* Nombre d'octets à lire */ + off_t offset; /* Décalage dans une zone */ + char **strval; /* Chaîne de caractères */ + size_t length; /* Taille d'une chaîne */ + + va_start(ap, form); + + switch (form) + { + case DWF_ADDR: + result = ((*pos + (format->format == DWF_32_BITS ? 4 : 8)) <= DBG_FORMAT(format)->length); + if (result) + { + val64 = va_arg(ap, uint64_t *); + if (val64 != NULL) + { + if (format->format == DWF_32_BITS) + { + memcpy(&tmp32, &DBG_FORMAT(format)->content[*pos], 4); + *val64 = tmp32; + } + else memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); + } + *pos += (format->format == DWF_32_BITS ? 4 : 8); + } + break; + + case DWF_BLOCK2: + result = ((*pos + 2) <= DBG_FORMAT(format)->length); + if (result) + { + memcpy(&tmp16, &DBG_FORMAT(format)->content[*pos], 2); + size_to_read = tmp16; + /* ... */ + *pos += 2 + size_to_read; + } + break; + + case DWF_BLOCK4: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + if (result) + { + memcpy(&tmp32, &DBG_FORMAT(format)->content[*pos], 4); + size_to_read = tmp32; + /* ... */ + *pos += 4 + size_to_read; + } + break; + + case DWF_DATA2: + result = ((*pos + 2) <= DBG_FORMAT(format)->length); + if (result) + { + val16 = va_arg(ap, uint16_t *); + if (val16 != NULL) memcpy(val16, &DBG_FORMAT(format)->content[*pos], 2); + *pos += 2; + } + break; + + case DWF_DATA4: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + if (result) + { + val32 = va_arg(ap, uint32_t *); + if (val32 != NULL) memcpy(val32, &DBG_FORMAT(format)->content[*pos], 4); + *pos += 4; + } + break; + + case DWF_DATA8: + result = ((*pos + 8) <= DBG_FORMAT(format)->length); + if (result) + { + val64 = va_arg(ap, uint64_t *); + if (val64 != NULL) memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); + *pos += 8; + } + break; + + case DWF_STRING: + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (result) + { + strval = va_arg(ap, char **); + if (strval != NULL) *strval = (char *)calloc(1, sizeof(char)); + length = 0; + + while (result) + { + if (DBG_FORMAT(format)->content[*pos] == '\0') break; + + length++; + + if (strval != NULL) + { + *strval = (char *)realloc(*strval, (length + 1) * sizeof(char)); + (*strval)[length - 1] = DBG_FORMAT(format)->content[*pos]; + } + + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (!result) break; + + (*pos)++; + + } + + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + + if (result) + { + (*pos)++; + + if (strval != NULL) + (*strval)[length] = 0; + + } + else if (strval != NULL) + { + free(*strval); + *strval = NULL; + } + + } + + break; + + case DWF_BLOCK: + result = read_uleb128(format, pos, &size_to_read, true); + result &= ((*pos + size_to_read) <= DBG_FORMAT(format)->length); + if (result) + { + /* ... */ + *pos += size_to_read; + } + break; + + case DWF_BLOCK1: + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (result) + { + memcpy(&tmp8, &DBG_FORMAT(format)->content[*pos], 1); + size_to_read = tmp8; + /* ... */ + *pos += 1 + size_to_read; + } + break; + + case DWF_DATA1: + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (result) + { + val8 = va_arg(ap, uint8_t *); + if (val8 != NULL) memcpy(val8, &DBG_FORMAT(format)->content[*pos], 1); + *pos += 1; + } + break; + + case DWF_FLAG: + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (result) + { + boolval = va_arg(ap, bool *); + if (boolval != NULL) *boolval = (DBG_FORMAT(format)->content[*pos] != 0x00); + *pos += 1; + } + break; + + case DWF_SDATA: + sval64 = va_arg(ap, int64_t *); + if (sval64 == NULL) sval64 = &stmp64; + result = read_uleb128(format, pos, sval64, true); + break; + + case DWF_STRP: + result = read_abbrev_offset(format, pos, &offset); + if (result) + { + if (va_arg(ap, bool *) != NULL) + { + printf("TODO\n"); + exit(0); + } + /* + boolval = va_arg(ap, bool *); + if (boolval != NULL) *boolval = (DBG_FORMAT(format)->content[*pos] != 0x00); + */ + } + break; + + case DWF_UDATA: + val64 = va_arg(ap, uint64_t *); + if (val64 == NULL) val64 = &tmp64; + result = read_uleb128(format, pos, val64, true); + break; + + case DWF_REF_ADDR: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + + printf("bad at %d\n", __LINE__); exit(0); + + break; + + + case DWF_REF1: + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + if (result) + { + val8 = va_arg(ap, uint8_t *); + if (val8 != NULL) memcpy(val8, &DBG_FORMAT(format)->content[*pos], 1); + *pos += 1; + } + break; + + case DWF_REF2: + result = ((*pos + 2) <= DBG_FORMAT(format)->length); + if (result) + { + val16 = va_arg(ap, uint16_t *); + if (val16 != NULL) memcpy(val16, &DBG_FORMAT(format)->content[*pos], 2); + *pos += 2; + } + break; + + case DWF_REF4: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + if (result) + { + val32 = va_arg(ap, uint32_t *); + if (val32 != NULL) memcpy(val32, &DBG_FORMAT(format)->content[*pos], 4); + *pos += 4; + } + break; + + case DWF_REF8: + result = ((*pos + 8) <= DBG_FORMAT(format)->length); + if (result) + { + val64 = va_arg(ap, uint64_t *); + if (val64 != NULL) memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); + *pos += 8; + } + break; + + case DWF_REF_UDATA: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + + printf("bad at %d\n", __LINE__); exit(0); + + break; + + + case DWF_INDIRECT: + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + + printf("bad at %d\n", __LINE__); exit(0); + + break; + + + + + default: + result = false; + break; + + } + + va_end(ap); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* update = indique si la position est à mettre à jour. * +* abbrev = informations à parcourir. * +* attrib = attribut visé par la lecture. * +* ... = lieu d'enregistrement ou NULL. [OUT] * +* * +* Description : Lit la valeur d'un attribut DWARF. * +* * +* Retour : true si la lecture est un succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_abbrev_attribute(dwarf_format *format, off_t *pos, bool update, const dw_abbrev *abbrev, DwarfAttrib attrib, ...) +{ + bool result; /* Bilan à retourner */ + off_t curpos; /* Tête de lecture effective */ + size_t i; /* Boucle de parcours */ + va_list ap; /* Adresse fournie en dernier */ + + result = true; + + curpos = *pos; + + for (i = 0; i < abbrev->attribs_count && result; i++) + if (abbrev->attribs[i].attrib == attrib) break; + else result = _read_dwarf_abbrev_attribute(format, &curpos, abbrev->attribs[i].form, NULL); + + if (result) + { + va_start(ap, attrib); + + if (i < abbrev->attribs_count) + result = _read_dwarf_abbrev_attribute(format, &curpos, abbrev->attribs[i].form, va_arg(ap, void *)); + else + result = false; + + va_end(ap); + + } + + if (result && update) *pos = curpos; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* abbrev = informations à survoler. * +* * +* Description : Fait avancer la tête de lecture d'une seule abréviation. * +* * +* Retour : true si l'opération est un succès, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool skip_dwarf_abbrev(dwarf_format *format, off_t *pos, const dw_abbrev *abbrev) +{ + bool result; /* Bilan à revoyer */ + size_t i; /* Boucle de parcours */ + uint64_t index; /* Code de padding */ + + result = true; + + /* Ecartement du corps */ + + for (i = 0; i < abbrev->attribs_count && result; i++) + result = _read_dwarf_abbrev_attribute(format, pos, abbrev->attribs[i].form, NULL); + + /* Ecartement du padding */ + + do + { + if (!read_uleb128(format, pos, &index, false)) + { + printf("error skipping padding...\n"); + return false; + } + + if (index == 0) + read_uleb128(format, pos, &index, true); + + } + while (index == 0); + + return result; + +} + +#endif diff --git a/plugins/dwarf/abbrev.h b/plugins/dwarf/abbrev.h new file mode 100644 index 0000000..b5fe3be --- /dev/null +++ b/plugins/dwarf/abbrev.h @@ -0,0 +1,126 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * abbrev.h - prototypes pour la manipulation des abréviation DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_ABBREV_H +#define _FORMAT_DWARF_ABBREV_H + + +#include <stdbool.h> + + +#include "dwarf.h" +#include "dwarf_def.h" + + + + +/* Description d'une abréviation */ +typedef struct _dw_abbrev dw_abbrev; + + + + + + + +/* Charge toutes les abbréviations présentes dans un DWARF. */ +bool load_all_dwarf_abbreviations(GDwarfFormat *); + +/* Charge une abréviation valide pour un DWARF en mémoire. */ +bool load_dwarf_abbreviation(const GDwarfFormat *, vmpa2t *, dw_abbrev **); + +/* Supprime de la mémoire toute trace d'une abréviation DWARF. */ +void free_dwarf_abbreviation(dw_abbrev *); + +/* Fournit l'étiquette associée à l'ensemble des attributs. */ +DwarfTag dwarf_abbreviation_get_tag(const dw_abbrev *); + +/* Compte le nombre d'attributs présents dans une abréviation. */ +size_t dwarf_abbreviation_count_attribs(const dw_abbrev *); + +/* Recherche un attribut dans une abréviation. */ +bool dwarf_abbreviation_get_attrib_index(const dw_abbrev *, DwarfAttrib, size_t *); + + +/* Détermine le type d'un attribut dans une abréviation. */ +bool dwarf_abbreviation_get_form_for_index(const dw_abbrev *, size_t, DwarfForm *); + + +/* Indique si une abbréviation comporte des sous-définitions. */ +bool dwarf_abbreviation_has_children(const dw_abbrev *); + + + +/* Recherche une abréviation DWARF donnée. */ +const dw_abbrev *find_dwarf_abbreviations(const GDwarfFormat *, uleb128_t); + +/* Lit la valeur correspondant à un type donné. */ +dw_value *translate_abbreviation_attributes(const GDwarfFormat *, const dw_abbrev *, const dw_compil_unit_header *, vmpa2t *); + + + + + + + + + + + + + +#if 0 + + +#include <stdbool.h> + + +#include "d_dwarf.h" +#include "dwarf-int.h" + + + +/* Charge les abréviations trouvées pour un DWARF. */ +bool load_dwarf_abbreviations(dwarf_format *); + +/* Décharge les abréviations trouvées pour un DWARF. */ +void unload_dwarf_abbreviations(dwarf_format *); + +/* Recherche une abréviation DWARF donnée. */ +const dw_abbrev *find_dwarf_abbreviations(dwarf_format *, const off_t *, off_t *); + +/* Indique la présence ou l'absence d'un attribut donné. */ +bool test_dwarf_abbrev_attribute(const dw_abbrev *, DwarfAttrib); + +/* Lit la valeur d'un attribut DWARF. */ +bool read_dwarf_abbrev_attribute(dwarf_format *, off_t *, bool, const dw_abbrev *, DwarfAttrib, ...); + +/* Fait avancer la tête de lecture d'une seule abréviation. */ +bool skip_dwarf_abbrev(dwarf_format *, off_t *, const dw_abbrev *); + + +#endif + + + +#endif /* _FORMAT_DWARF_ABBREV_H */ diff --git a/plugins/dwarf/d_dwarf.c b/plugins/dwarf/d_dwarf.c new file mode 100644 index 0000000..67ab955 --- /dev/null +++ b/plugins/dwarf/d_dwarf.c @@ -0,0 +1,114 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * d_dwarf.c - support du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "d_dwarf.h" + + +#include <malloc.h> + + +#include "abbrev.h" +#include "dwarf-int.h" +#include "info.h" + + + + + + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* length = taille du contenu en question. * +* e_format = gestionnaire global (partie exécutable). * +* * +* Description : Prend en charge un nouveau DWARF. * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +dwarf_format *load_dwarf(const uint8_t *content, off_t length, exe_format *e_format) +{ + dwarf_format *result; /* Structure à retourner */ + bool test; /* Bilan d'une initialisation */ + + result = (dwarf_format *)calloc(1, sizeof(dwarf_format)); + + DBG_FORMAT(result)->content = content; + DBG_FORMAT(result)->length = length; + + DBG_FORMAT(result)->e_format = e_format; + + result->format = DWF_32_BITS; + + test = load_dwarf_abbreviations(result); + + test = load_dwarf_information(result); + + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* comments = liste des commentaires à insérer. [OUT] * +* offsets = liste des indices des commentaires. [OUT] * +* * +* Description : Récupère tous les commentaires à insérer dans le code. * +* * +* Retour : Nombre d'éléments mis en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t get_dwarf_comments(const dwarf_format *format, const char ***comments, uint64_t **offsets) +{ + size_t result; /* Quantité à retourner */ + size_t i; /* Boucle de parcours */ + + result = format->dbg_fc_count; + + if (result > 0) + { + *comments = (char **)calloc(result, sizeof(char *)); + *offsets = (uint64_t *)calloc(result, sizeof(uint64_t)); + + for (i = 0; i < result; i++) + { + (*comments)[i] = format->dbg_functions[i]->prototype; + (*offsets)[i] = format->dbg_functions[i]->low_pc; + } + + } + + return result; + +} diff --git a/plugins/dwarf/d_dwarf.h b/plugins/dwarf/d_dwarf.h new file mode 100644 index 0000000..4b699ca --- /dev/null +++ b/plugins/dwarf/d_dwarf.h @@ -0,0 +1,50 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * d_dwarf.h - prototypes pour le support du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_DWARF_H +#define _FORMAT_DWARF_DWARF_H + + +#include <stdint.h> +#include <sys/types.h> + + +#include "../exe_format.h" + + + +/* Description du format DWARF */ +typedef struct _dwarf_format dwarf_format; + + + +/* Prend en charge un nouveau DWARF. */ +dwarf_format *load_dwarf(const uint8_t *, off_t, exe_format *); + +/* Récupère tous les commentaires à insérer dans le code. */ +size_t get_dwarf_comments(const dwarf_format *, const char ***, uint64_t **); + + + + +#endif /* _FORMAT_DWARF_DWARF_H */ diff --git a/plugins/dwarf/die.c b/plugins/dwarf/die.c new file mode 100644 index 0000000..0c1887c --- /dev/null +++ b/plugins/dwarf/die.c @@ -0,0 +1,303 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * die.c - gestion des entrées renvoyant à des informations de débogage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "die.h" + + +#include <assert.h> +#include <malloc.h> + + +#include "dwarf-int.h" + + + +/** + * § 2.1 The Debugging Information Entry (DIE). + */ + +typedef struct _dw_die +{ + unsigned int level; /* Niveau hiérarchique */ + phys_t offset; /* Position dans le flux */ + + const dw_abbrev *abbrev; /* Lien vers la représentation */ + + dw_value *values; /* Liste des valeurs associées */ + + bool has_children; /* Feuille ou noeud de l'arbre */ + struct _dw_die **children; /* Liste d'éventuels enfants */ + size_t children_count; /* Taille de cette liste */ + +} dw_die; + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête de description de l'unité à traiter. * +* die = emplacement de stockage de l'entrée ou NULL. [OUT] * +* * +* Description : Procède à la lecture de l'en-tête d'une unité de compilation.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : Le format autorise à ne rien produire ici légitimement. * +* * +******************************************************************************/ + +bool build_dwarf_die(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die **die) +{ + uleb128_t code; /* Code de la description liée */ + bool status; /* Bilan de la lecture */ + const dw_abbrev *abbrev; /* Lien vers la représentation */ + dw_value *values; /* Liste des valeurs associées */ + + *die = NULL; + + /** + * § 7.5.2 Debugging Information Entry. + */ + + status = g_binary_content_read_uleb128(G_BIN_FORMAT(format)->content, pos, &code); + if (!status) return false; + + printf("[ok] code = 0x%llx\n", (unsigned long long)code); + + if (code == 0) return true; + + abbrev = find_dwarf_abbreviations(format, code); + + printf("[ok] abbrev = %p\n", abbrev); + + printf("----------------------\n"); + + + values = translate_abbreviation_attributes(format, abbrev, header, pos); + if (values == NULL) return false; + + printf("[ok] values = %p\n", values); + + + + *die = (dw_die *)calloc(1, sizeof(dw_die)); + + (*die)->abbrev = abbrev; + + (*die)->values = values; + + (*die)->has_children = dwarf_abbreviation_has_children(abbrev); + + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée à libérer de la mémoire. * +* * +* Description : Supprime les éléments mis en place pour une entrée d'info. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void delete_dwarf_die(dw_die *die) +{ + size_t i; /* Boucle de parcours */ + + if (die->values != NULL) + free(die->values); + + for (i = 0; i < die->children_count; i++) + delete_dwarf_die(die->children[i]); + + if (die->children != NULL) + free(die->children); + + free(die); + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée à consulter. * +* * +* Description : Fournit un lien vers l'abréviation de représentation. * +* * +* Retour : Structure de représentation en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_abbrev *dw_die_get_abbrev(const dw_die *die) +{ + return die->abbrev; + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée à consulter. * +* index = indice de cet attribut dans l'ensemble. * +* * +* Description : Fournit un lien vers l'abréviation de représentation. * +* * +* Retour : Valeur recherchée ou NULL en cas d'erreur. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_form_value *dw_die_peek_value(const dw_die *die, size_t index) +{ + dw_form_value *result; /* Valeur ciblée à retourner */ + + if (index >= dwarf_abbreviation_count_attribs(die->abbrev)) + return NULL; + + result = &die->values[index].value; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée d'information à consulter. * +* attrib = désignation de l'attribut à retrouver. * +* form = type de valeur attendu pour un attribut donné. [OUT]* +* * +* Description : Fournit un lien vers l'abréviation de représentation. * +* * +* Retour : Valeur recherchée ou NULL en cas d'erreur. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const dw_form_value *dw_die_peek_extended_value(const dw_die *die, DwarfAttrib attrib, DwarfForm *form) +{ + const dw_form_value *result; /* Valeur ciblée à retourner */ + size_t index; /* Indice d'élément à relire */ + bool status; /* Bilan d'une récupération */ + + status = dwarf_abbreviation_get_attrib_index(die->abbrev, attrib, &index); + if (!status) return NULL; + + status = dwarf_abbreviation_get_form_for_index(die->abbrev, index, form); + if (!status) return NULL; + + result = dw_die_peek_value(die, index); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée à consulter. * +* * +* Description : Indique si une entrée de débogage possède des enfants. * +* * +* Retour : true ou false selon la situation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dw_die_has_children(const dw_die *die) +{ + return die->has_children; + +} + + +/****************************************************************************** +* * +* Paramètres : die = entrée à consulter. * +* * +* Description : Indique si une entrée de débogage possède des enfants. * +* * +* Retour : true ou false selon la situation. * +* * +* Remarques : - * +* * +******************************************************************************/ + +void dw_die_append_child(dw_die *die, dw_die *child) +{ + assert(die->has_children); + + die->children = (dw_die **)realloc(die->children, ++die->children_count * sizeof(dw_die *)); + + die->children[die->children_count - 1] = child; + +} + + + +/* ---------------------------------------------------------------------------------- */ +/* TRAITEMENT PAR ENSEMBLES */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : root = entrée première à consulter. * +* visitor = intervention régulière à respecter. * +* data = données quelconques à associer aux visites. * +* * +* Description : Entame une grande tournée de toutes les entrées présentes. * +* * +* Retour : true si l'opération s'est déroulée complètement, false sinon.* +* * +* Remarques : - * +* * +******************************************************************************/ + +bool dw_die_visit(dw_die *root, visit_dies_fc visitor, void *data) +{ + bool result; /* Bilan à retourner */ + size_t i; /* Boucle de parcours */ + + result = visitor(root, data); + + for (i = 0; i < root->children_count && result; i++) + result = dw_die_visit(root->children[i], visitor, data); + + return result; + +} diff --git a/plugins/dwarf/die.h b/plugins/dwarf/die.h new file mode 100644 index 0000000..8bff4a9 --- /dev/null +++ b/plugins/dwarf/die.h @@ -0,0 +1,76 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * die.h - prototypes pour la gestion des entrées renvoyant à des informations de débogage + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_DIE_H +#define _FORMAT_DWARF_DIE_H + + +#include <stdbool.h> + + +#include "abbrev.h" +#include "dwarf.h" +#include "dwarf_def.h" + + + +/* § 2.1 The Debugging Information Entry (DIE). */ +typedef struct _dw_die dw_die; + + +/* Procède à la lecture de l'en-tête d'une unité de compilation. */ +bool build_dwarf_die(GDwarfFormat *, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die **); + +/* Supprime les éléments mis en place pour une entrée d'info. */ +void delete_dwarf_die(dw_die *); + +/* Fournit un lien vers l'abréviation de représentation. */ +const dw_abbrev *dw_die_get_abbrev(const dw_die *); + +/* Fournit un lien vers l'abréviation de représentation. */ +const dw_form_value *dw_die_peek_value(const dw_die *, size_t); + +/* Fournit un lien vers l'abréviation de représentation. */ +const dw_form_value *dw_die_peek_extended_value(const dw_die *, DwarfAttrib, DwarfForm *); + +/* Indique si une entrée de débogage possède des enfants. */ +bool dw_die_has_children(const dw_die *); + +/* Indique si une entrée de débogage possède des enfants. */ +void dw_die_append_child(dw_die *, dw_die *); + + + +/* ---------------------------- TRAITEMENT PAR ENSEMBLES ---------------------------- */ + + +/* Procédure appelée pour chaque élément recontré pendant une visite. */ +typedef bool (* visit_dies_fc) (const dw_die *, void *); + + +/* Entame une grande tournée de toutes les entrées présentes. */ +bool dw_die_visit(dw_die *, visit_dies_fc, void *); + + + +#endif /* _FORMAT_DWARF_DIE_H */ diff --git a/plugins/dwarf/dwarf-int.c b/plugins/dwarf/dwarf-int.c new file mode 100644 index 0000000..365414b --- /dev/null +++ b/plugins/dwarf/dwarf-int.c @@ -0,0 +1,207 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf-int.c - structures internes du format DWARF + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dwarf-int.h" + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* attr = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'un attribut d'abréviation DWARF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_abbrev_attr(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev_raw_attr *attr) +{ + bool result; /* Bilan à retourner */ + const GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_uleb128(content, pos, &attr->name); + result &= g_binary_content_read_uleb128(content, pos, &attr->form); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* decl = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une déclaration d'abréviation DWARF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_abbrev_decl(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev_decl *decl) +{ + bool result; /* Bilan à retourner */ + const GBinContent *content; /* Contenu binaire à lire */ + + content = G_BIN_FORMAT(format)->content; + + result = g_binary_content_read_uleb128(content, pos, &decl->code); + result &= g_binary_content_read_uleb128(content, pos, &decl->tag); + result &= g_binary_content_read_u8(content, pos, &decl->has_children); + + return result; + +} + + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête à déterminer. [OUT] * +* * +* Description : Procède à la lecture de l'en-tête d'un contenu binaire DWARF.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_section_header(GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_section_header *header) +{ + bool result; /* Bilan à retourner */ + uint32_t first; /* Premier paquet d'octets */ + bool status; /* Bilan d'opération */ + + result = false; + + status = g_binary_content_read_u32(content, pos, endian, &first); + if (!status) goto rdsh_exit; + + if (first >= 0xfffffff0 && first != 0xffffffff) + goto rdsh_exit; + + if (first == 0xffffffff) + { + result = g_binary_content_read_u64(content, pos, endian, &header->unit_length); + header->is_32b = false; + } + else + { + result = true; + header->unit_length = first; + header->is_32b = true; + } + + result &= g_binary_content_read_u16(content, pos, endian, &header->version); + + rdsh_exit: + + return result; + +} + + + + + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête à déterminer. [OUT] * +* * +* Description : Procède à la lecture de l'en-tête d'une unité de compilation.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_compil_unit_header(GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_compil_unit_header *header) +{ + bool result; /* Bilan à retourner */ + uint32_t val32; /* Premier paquet d'octets */ + bool status; /* Bilan d'opération */ + + result = read_dwarf_section_header(content, pos, endian, (dw_section_header *)header); + if (!result) goto rdcuh_exit; + + if (header->is_32b) + { + status = g_binary_content_read_u32(content, pos, endian, &val32); + if (!status) goto rdcuh_exit; + + header->debug_abbrev_offset = val32; + + } + else + { + status = g_binary_content_read_u64(content, pos, endian, &header->debug_abbrev_offset); + if (!status) goto rdcuh_exit; + + } + + result &= g_binary_content_read_u8(content, pos, &header->address_size); + + rdcuh_exit: + + return result; + +} + + + + + + + diff --git a/plugins/dwarf/dwarf-int.h b/plugins/dwarf/dwarf-int.h new file mode 100644 index 0000000..6f8f921 --- /dev/null +++ b/plugins/dwarf/dwarf-int.h @@ -0,0 +1,185 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf-int.h - prototypes pour les structures internes du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_DWARF_INT_H +#define _FORMAT_DWARF_DWARF_INT_H + + +#include "dwarf.h" + + +#include <stdint.h> + + + + +#include "../debuggable-int.h" + +#include "abbrev.h" +#include "die.h" +#include "dwarf_def.h" + + + + + +/* Procède à la lecture d'un attribut d'abréviation DWARF. */ +bool read_dwarf_abbrev_attr(const GDwarfFormat *, vmpa2t *, dw_abbrev_raw_attr *); + +/* Procède à la lecture d'une déclaration d'abréviation DWARF. */ +bool read_dwarf_abbrev_decl(const GDwarfFormat *, vmpa2t *, dw_abbrev_decl *); + + + + +/* En-tête présente dans certaines sections */ +typedef struct _dw_section_header +{ + uint64_t unit_length; /* Taille totale sans le champ */ + bool is_32b; /* Le format est-il sur 32b ? */ + + uint16_t version; /* Version de la section */ + +} dw_section_header; + + + + + + +/* Procède à la lecture de l'en-tête d'un contenu binaire ELF. */ +bool read_dwarf_section_header(GBinContent *, vmpa2t *, SourceEndian, dw_section_header *); + + + + + +/* Procède à la lecture de l'en-tête d'une unité de compilation. */ +bool read_dwarf_compil_unit_header(GBinContent *, vmpa2t *, SourceEndian, dw_compil_unit_header *); + + + +///--------------------- + + + + +//------------------------------- + + + + + +/* Lit la valeur correspondant à un type donné. */ +typedef bool (* read_form_value_fc) (const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_form_value *); + + +/* Format de débogage DWARF (instance) */ +struct _GDwarfFormat +{ + GDbgFormat parent; /* A laisser en premier */ + + dw_abbrev *abbreviations; /* Racine des abbréviations */ + + + dw_die *info_die; + + + +}; + +/* Format de débogage DWARF (classe) */ +struct _GDwarfFormatClass +{ + GDbgFormatClass parent; /* A laisser en premier */ + + read_form_value_fc read_form; /* lecture de valeurs formatées*/ + +}; + + + + + +/* Charge de façon générique toutes les informations DWARF. */ +bool g_dwarf_format_load(GDwarfFormat *, GExeFormat *); + + + + + + + + + + + + + + + + +/* Format du DWARF */ +typedef enum _DwarfFormat +{ + DWF_32_BITS, /* Mode 32 bits */ + DWF_64_BITS /* Mode 64 bits */ + +} DwarfFormat; + + + + + +/* Eléments récupérés sur une fonction */ +typedef struct _dw_dbg_function +{ + char *name; /* Nom de la fonction */ + char *prototype; /* Chaîne descriptive */ + + uint64_t low_pc; /* Début de la fonction */ + uint64_t high_pc; /* Fin de la fonction */ + +} dw_dbg_function; + + +#if 0 +/* Description du format DWARF */ +struct _dwarf_format +{ + dbg_format dummy; /* A laisser en premier */ + + DwarfFormat format; /* Format de l'instance */ + + dw_abbrev **abbrevs; /* Liste des abréviations */ + size_t abbrevs_count; /* Nombre de ces abréviations */ + + dw_dbg_function **dbg_functions; /* Liste de fonctions trouvées */ + size_t dbg_fc_count; /* Nombre de ces fonctions */ + +}; +#endif + + + +#endif /* _FORMAT_DWARF_DWARF_INT_H */ diff --git a/plugins/dwarf/dwarf.c b/plugins/dwarf/dwarf.c new file mode 100644 index 0000000..0c0dab8 --- /dev/null +++ b/plugins/dwarf/dwarf.c @@ -0,0 +1,337 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.c - support du format Dwarf + * + * Copyright (C) 2009-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dwarf.h" + + +#include "abbrev.h" +#include "dwarf-int.h" +#include "info.h" +#include "symbols.h" +#include "../../common/cpp.h" + + + +/* Initialise la classe des formats de débogage DWARF. */ +static void g_dwarf_format_class_init(GDwarfFormatClass *); + +/* Initialise une instance de format de débogage DWARF. */ +static void g_dwarf_format_init(GDwarfFormat *); + +/* Supprime toutes les références externes. */ +static void g_dwarf_format_dispose(GDwarfFormat *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dwarf_format_finalize(GDwarfFormat *); + + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * +* unused = adresse non utilisée ici. * +* key = identifiant de format trouvé ou NULL. [OUT] * +* * +* Description : Indique si le format peut être pris en charge ici. * +* * +* Retour : Conclusion de haut niveau sur la reconnaissance effectuée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +FormatMatchStatus dwarf_is_matching(GBinContent *content, GExeFormat *parent, void *unused, char **key) +{ + FormatMatchStatus result; /* Bilan à renvoyer */ + size_t i; /* Boucle de parcours */ + mrange_t range; /* Couverture d'une section */ + dw_section_header header; /* En-tête DWARF de section */ + bool found; /* Bilan d'une comparaison */ + + static const char *section_names[] = { + ".debug_aranges", + ".debug_frame", + ".debug_info", + ".debug_line", + ".debug_pubnames", + ".debug_pubtypes", + ".debug_types" + }; + + static const uint16_t dwarf_v2_versions[] = { + 2, /* .debug_aranges */ + 1, /* .debug_frame */ + 2, /* .debug_info */ + 2, /* .debug_line */ + 2, /* .debug_pubnames */ + 0, /* .debug_pubtypes */ + 0 /* .debug_types */ + }; + + static const uint16_t dwarf_v3_versions[] = { + 2, /* .debug_aranges */ + 3, /* .debug_frame */ + 3, /* .debug_info */ + 3, /* .debug_line */ + 2, /* .debug_pubnames */ + 2, /* .debug_pubtypes */ + 0 /* .debug_types */ + }; + + static const uint16_t dwarf_v4_versions[] = { + 2, /* .debug_aranges */ + 4, /* .debug_frame */ + 4, /* .debug_info */ + 4, /* .debug_line */ + 2, /* .debug_pubnames */ + 2, /* .debug_pubtypes */ + 4 /* .debug_types */ + }; + + uint16_t current_versions[] = { + 0, /* .debug_aranges */ + 0, /* .debug_frame */ + 0, /* .debug_info */ + 0, /* .debug_line */ + 0, /* .debug_pubnames */ + 0, /* .debug_pubtypes */ + 0 /* .debug_types */ + }; + + result = FMS_UNKNOWN; + + if (parent == NULL) + return FMS_UNKNOWN; + return FMS_UNKNOWN; + *key = strdup("dwarf_v4"); + return FMS_MATCHED; + + /* Lecture des indices présents */ + + for (i = 0; i < ARRAY_SIZE(section_names); i++) + { + if (!g_exe_format_get_section_range_by_name(parent, section_names[i], &range)) + continue; + + if (!read_dwarf_section_header(content, get_mrange_addr(&range), SRE_LITTLE /* FIXME */, &header)) + continue; + + current_versions[i] = header.version; + + } + + /* Détermination d'une version bien identifiée */ + + bool check_dwarf_version(const uint16_t *ref, const uint16_t *cur, size_t count) + { + bool equal; + size_t k; + + equal = true; + + for (k = 0; k < count && equal; k++) + printf(" -> %hhu vs %hhu\n", ref[k], cur[k]); + + for (k = 0; k < count && equal; k++) + equal = (cur[k] == 0) || (ref[k] == cur[k]); + + return equal; + + } + + /** + * Un fichier DWARF sans section sera vu comme un fichier DWARF de + * dernière génération. + * Ce qui n'est pas très grave car rien ne sera chargé par la suite, + * du fait de l'absence de section, donc il n'y aura pas d'incompatibilité. + */ + + printf("---dwarf v4\n"); + + found = check_dwarf_version(dwarf_v4_versions, current_versions, ARRAY_SIZE(section_names)); + + if (found) + { + result = FMS_MATCHED; + *key = strdup("dwarf_v4"); + } + + if (result == FMS_UNKNOWN) + { + printf("---dwarf v3\n"); + + found = check_dwarf_version(dwarf_v3_versions, current_versions, ARRAY_SIZE(section_names)); + + if (found) + { + result = FMS_MATCHED; + *key = strdup("dwarf_v3"); + } + + } + + if (result == FMS_UNKNOWN) + { + printf("---dwarf v2\n"); + + found = check_dwarf_version(dwarf_v2_versions, current_versions, ARRAY_SIZE(section_names)); + + if (found) + { + result = FMS_MATCHED; + *key = strdup("dwarf_v2"); + } + + } + + return result; + +} + + +/* Indique le type défini pour un format de débogage générique. */ +G_DEFINE_TYPE(GDwarfFormat, g_dwarf_format, G_TYPE_DBG_FORMAT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des formats de débogage DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarf_format_class_init(GDwarfFormatClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarf_format_dispose; + object->finalize = (GObjectFinalizeFunc)g_dwarf_format_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance à initialiser. * +* * +* Description : Initialise une instance de format de débogage DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarf_format_init(GDwarfFormat *format) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarf_format_dispose(GDwarfFormat *format) +{ + G_OBJECT_CLASS(g_dwarf_format_parent_class)->dispose(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarf_format_finalize(GDwarfFormat *format) +{ + G_OBJECT_CLASS(g_dwarf_format_parent_class)->finalize(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = description du binaire de débogage à compléter. * +* executable = référence vers le binaire exécutable à lier. * +* * +* Description : Charge de façon générique toutes les informations DWARF. * +* * +* Retour : Bilan du chargement : réussi ou non ? * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_dwarf_format_load(GDwarfFormat *format, GExeFormat *executable) +{ + bool result; /* Bilan à faire remonter */ + + result = true; + + g_debuggable_format_attach_executable(G_DBG_FORMAT(format), executable); + + printf("Loading abbrev...\n"); + + result &= load_all_dwarf_abbreviations(format); + + printf("Loading debug info...\n"); + + result &= load_dwarf_debug_information(format); + + printf("Done!\n"); + + result &= load_dwarf_symbols(format); + + printf("Got symbols...\n"); + + exit(0); + + return result; + +} + diff --git a/plugins/dwarf/dwarf.h b/plugins/dwarf/dwarf.h new file mode 100644 index 0000000..ad2f008 --- /dev/null +++ b/plugins/dwarf/dwarf.h @@ -0,0 +1,55 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.h - prototypes pour le support du format Dwarf + * + * Copyright (C) 2009-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_DWARF_H +#define _FORMAT_DWARF_DWARF_H + + +#include "../../core/formats.h" + + + +#define G_TYPE_DWARF_FORMAT g_dwarf_format_get_type() +#define G_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarf_format_get_type(), GDwarfFormat)) +#define G_IS_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarf_format_get_type())) +#define G_DWARF_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARF_FORMAT, GDwarfFormatClass)) +#define G_IS_DWARF_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARF_FORMAT)) +#define G_DWARF_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARF_FORMAT, GDwarfFormatClass)) + + +/* Format de débogage DWARF (instance) */ +typedef struct _GDwarfFormat GDwarfFormat; + +/* Format de débogage DWARF (classe) */ +typedef struct _GDwarfFormatClass GDwarfFormatClass; + + +/* Indique si le format peut être pris en charge ici. */ +FormatMatchStatus dwarf_is_matching(GBinContent *, GExeFormat *, void *, char **); + +/* Indique le type défini pour un format de débogage DWARF. */ +GType g_dwarf_format_get_type(void); + + + +#endif /* _FORMAT_DWARF_DWARF_H */ diff --git a/plugins/dwarf/dwarf_def.h b/plugins/dwarf/dwarf_def.h new file mode 100644 index 0000000..6641576 --- /dev/null +++ b/plugins/dwarf/dwarf_def.h @@ -0,0 +1,830 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf_def.h - liste des constantes utilisées par le format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_DWARF_DEF_H +#define _FORMAT_DWARF_DWARF_DEF_H + + + +#include <stdint.h> + + +#include "../../arch/vmpa.h" +#include "../../common/leb128.h" + + + + +/** + * § 7.5.1.1 Compilation Unit Header. + */ + +/* En-tête présente dans certaines sections */ +typedef struct _dw_compil_unit_header +{ + uint64_t unit_length; /* Taille totale sans le champ */ + bool is_32b; /* Le format est-il sur 32b ? */ + + uint16_t version; /* Version de la section */ + + uint64_t debug_abbrev_offset; /* Emplacement dans la section */ + uint8_t address_size; /* Taille des adresses */ + +} dw_compil_unit_header; + + +/** + * § 7.5.4 Attribute Encodings + */ + +/* Figure 18, Tag encodings, begins here. */ + +typedef enum _DwarfTag +{ + DW_TAG_array_type = 0x01, + DW_TAG_class_type = 0x02, + DW_TAG_entry_point = 0x03, + DW_TAG_enumeration_type = 0x04, + DW_TAG_formal_parameter = 0x05, + DW_TAG_imported_declaration = 0x08, + DW_TAG_label = 0x0a, + DW_TAG_lexical_block = 0x0b, + DW_TAG_member = 0x0d, + DW_TAG_pointer_type = 0x0f, + DW_TAG_reference_type = 0x10, + DW_TAG_compile_unit = 0x11, + DW_TAG_string_type = 0x12, + DW_TAG_structure_type = 0x13, + DW_TAG_subroutine_type = 0x15, + DW_TAG_typedef = 0x16, + DW_TAG_union_type = 0x17, + DW_TAG_unspecified_parameters = 0x18, + DW_TAG_variant = 0x19, + DW_TAG_common_block = 0x1a, + DW_TAG_common_inclusion = 0x1b, + DW_TAG_inheritance = 0x1c, + DW_TAG_inlined_subroutine = 0x1d, + DW_TAG_module = 0x1e, + DW_TAG_ptr_to_member_type = 0x1f, + DW_TAG_set_type = 0x20, + DW_TAG_subrange_type = 0x21, + DW_TAG_with_stmt = 0x22, + DW_TAG_access_declaration = 0x23, + DW_TAG_base_type = 0x24, + DW_TAG_catch_block = 0x25, + DW_TAG_const_type = 0x26, + DW_TAG_constant = 0x27, + DW_TAG_enumerator = 0x28, + DW_TAG_file_type = 0x29, + DW_TAG_friend = 0x2a, + DW_TAG_namelist = 0x2b, + DW_TAG_namelist_item = 0x2c, + DW_TAG_packed_type = 0x2d, + DW_TAG_subprogram = 0x2e, + DW_TAG_template_type_parameter = 0x2f, + DW_TAG_template_value_parameter = 0x30, + DW_TAG_thrown_type = 0x31, + DW_TAG_try_block = 0x32, + DW_TAG_variant_part = 0x33, + DW_TAG_variable = 0x34, + DW_TAG_volatile_type = 0x35, + + DW_TAG_dwarf_procedure = 0x36, + DW_TAG_restrict_type = 0x37, + DW_TAG_interface_type = 0x38, + DW_TAG_namespace = 0x39, + DW_TAG_imported_module = 0x3a, + DW_TAG_unspecified_type = 0x3b, + DW_TAG_partial_unit = 0x3c, + DW_TAG_imported_unit = 0x3d, + DW_TAG_condition = 0x3f, + DW_TAG_shared_type = 0x40, + + /* Nouveautés v.4 */ + + DW_TAG_type_unit = 0x41, + DW_TAG_rvalue_reference_type = 0x42, + DW_TAG_template_alias = 0x43, + + DW_TAG_lo_user = 0x4080, + DW_TAG_hi_user = 0xffff + +} DwarfTag; + +/* Figure 19. Child determination encodings. */ + +#define DW_CHILDREN_no 0x00 +#define DW_CHILDREN_yes 0x01 + +/* Figure 21. Attribute form encodings. */ + +typedef enum _DwarfForm +{ + DW_FORM_invalid = 0x00, + + DW_FORM_addr = 0x01, + DW_FORM_block2 = 0x03, + DW_FORM_block4 = 0x04, + DW_FORM_data2 = 0x05, + DW_FORM_data4 = 0x06, + DW_FORM_data8 = 0x07, + DW_FORM_string = 0x08, + DW_FORM_block = 0x09, + DW_FORM_block1 = 0x0a, + DW_FORM_data1 = 0x0b, + DW_FORM_flag = 0x0c, + DW_FORM_sdata = 0x0d, + DW_FORM_strp = 0x0e, + DW_FORM_udata = 0x0f, + DW_FORM_ref_addr = 0x10, + DW_FORM_ref1 = 0x11, + DW_FORM_ref2 = 0x12, + DW_FORM_ref4 = 0x13, + DW_FORM_ref8 = 0x14, + DW_FORM_ref_udata = 0x15, + DW_FORM_indirect = 0x16, + + /* Nouveautés v4 */ + + DW_FORM_sec_offset = 0x17, + DW_FORM_exprloc = 0x18, + DW_FORM_flag_present = 0x19, + DW_FORM_ref_sig8 = 0x20 + +} DwarfForm; + + + + + + +/* Résumé des différentes valeurs dans DWARF v2 */ +typedef union _dw_v2_form_value +{ + /* DW_FORM_addr */ + virt_t address; + + /* DW_FORM_data[1248] */ + uint8_t data1; + uint16_t data2; + uint32_t data4; + uint64_t data8; + + /* DW_FORM_sdata */ + leb128_t sdata; + + /* DW_FORM_udata */ + uleb128_t udata; + + /* DW_FORM_block[124]? */ + struct + { + const bin_t *start; + phys_t size; + + } block; + + /* DW_FORM_string */ + /* DW_FORM_strp */ + const char *string; + + /* DW_FORM_flag */ + uint8_t flag; + + /* DW_FORM_ref[1248] */ + uint8_t ref1; + uint16_t ref2; + uint32_t ref4; + uint64_t ref8; + + /* DW_FORM_ref_udata */ + uleb128_t ref_udata; + +} dw_v2_form_value; + + +/* Résumé des différentes valeurs dans DWARF v4 */ +typedef union _dw_v4_form_value +{ + dw_v2_form_value v2; + + /* DW_FORM_sec_offset */ + uint64_t sec_offset; + + /* DW_FORM_exprloc */ + struct + { + const bin_t *start; + phys_t size; + + } expr; + + /* DW_FORM_flag_present */ + bool has_flag; + + /* DW_FORM_ref_sig8 */ + uint64_t signature; + +} dw_v4_form_value; + + +/* Résumé des différentes valeurs dans DWARF */ +typedef union _dw_form_value +{ + dw_v2_form_value v2; + dw_v2_form_value v4; + +} dw_form_value; + + + + + + + + + + + + + + + + + + + +/** + * § 7.5.3 Abbreviations Tables. + */ + +/* Description d'un attribut d'une abréviation */ +typedef struct _dw_abbrev_raw_attr +{ + uleb128_t name; /* Désignation de l'attribut */ + uleb128_t form; /* Nature de sa valeur */ + +} dw_abbrev_raw_attr; + +/* En-tête de déclaration d'une abréviation */ +typedef struct _dw_abbrev_decl +{ + uleb128_t code; /* Identifiant attribué */ + uleb128_t tag; /* Identifiant attribué */ + + uint8_t has_children; /* Présence de sous-entrées ? */ + +} dw_abbrev_decl; + + + + + + + + + + +/* Liste des attributs rencontrés */ +typedef enum _DwarfAttrib +{ + DW_AT_sibling = 0x01, + DW_AT_location = 0x02, + DW_AT_name = 0x03, + DW_AT_ordering = 0x09, + DW_AT_byte_size = 0x0b, + DW_AT_bit_offset = 0x0c, + DW_AT_bit_size = 0x0d, + DW_AT_stmt_list = 0x10, + DW_AT_low_pc = 0x11, + DW_AT_high_pc = 0x12, + DW_AT_language = 0x13, + DW_AT_discr = 0x15, + DW_AT_discr_value = 0x16, + DW_AT_visibility = 0x17, + DW_AT_import = 0x18, + DW_AT_string_length = 0x19, + DW_AT_common_reference = 0x1a, + DW_AT_comp_dir = 0x1b, + DW_AT_const_value = 0x1c, + DW_AT_containing_type = 0x1d, + DW_AT_default_value = 0x1e, + DW_AT_inline = 0x20, + DW_AT_is_optional = 0x21, + DW_AT_lower_bound = 0x22, + DW_AT_producer = 0x25, + DW_AT_prototyped = 0x27, + DW_AT_return_addr = 0x2a, + DW_AT_start_scope = 0x2c, + DW_AT_bit_stride = 0x2e, + DW_AT_upper_bound = 0x2f, + DW_AT_abstract_origin = 0x31, + DW_AT_accessibility = 0x32, + DW_AT_address_class = 0x33, + DW_AT_artificial = 0x34, + DW_AT_base_types = 0x35, + DW_AT_calling_convention = 0x36, + DW_AT_count = 0x37, + DW_AT_data_member_location = 0x38, + DW_AT_decl_column = 0x39, + DW_AT_decl_file = 0x3a, + DW_AT_decl_line = 0x3b, + DW_AT_declaration = 0x3c, + DW_AT_discr_list = 0x3d, + DW_AT_encoding = 0x3e, + DW_AT_external = 0x3f, + DW_AT_frame_base = 0x40, + DW_AT_friend = 0x41, + DW_AT_identifier_case = 0x42, + DW_AT_macro_info = 0x43, + DW_AT_namelist_item = 0x44, + DW_AT_priority = 0x45, + DW_AT_segment = 0x46, + DW_AT_specification = 0x47, + DW_AT_static_link = 0x48, + DW_AT_type = 0x49, + DW_AT_use_location = 0x4a, + DW_AT_variable_parameter = 0x4b, + DW_AT_virtuality = 0x4c, + DW_AT_vtable_elem_location = 0x4d, + DW_AT_allocated = 0x4e, + DW_AT_associated = 0x4f, + DW_AT_data_location = 0x50, + DW_AT_byte_stride = 0x51, + DW_AT_entry_pc = 0x52, + DW_AT_use_UTF8 = 0x53, + DW_AT_extension = 0x54, + DW_AT_ranges = 0x55, + DW_AT_trampoline = 0x56, + DW_AT_call_column = 0x57, + DW_AT_call_file = 0x58, + DW_AT_call_line = 0x59, + DW_AT_description = 0x5a, + DW_AT_binary_scale = 0x5b, + DW_AT_decimal_scale = 0x5c, + DW_AT_small = 0x5d, + DW_AT_decimal_sign = 0x5e, + DW_AT_digit_count = 0x5f, + DW_AT_picture_string = 0x60, + DW_AT_mutable = 0x61, + DW_AT_threads_scaled = 0x62, + DW_AT_explicit = 0x63, + DW_AT_object_pointer = 0x64, + DW_AT_endianity = 0x65, + DW_AT_elemental = 0x66, + DW_AT_pure = 0x67, + DW_AT_recursive = 0x68, + + /* Nouveautés v4 */ + + DW_AT_signature = 0x69, + DW_AT_main_subprogram = 0x6a, + DW_AT_data_bit_offset = 0x6b, + DW_AT_const_expr = 0x6c, + DW_AT_enum_class = 0x6d, + DW_AT_linkage_name = 0x6e, + + DW_AT_lo_user = 0x2000, + DW_AT_hi_user = 0x3fff, + +} DwarfAttrib; + + +#define DW_ATTR_invalid 0 /* FIXME */ + + +typedef struct _dw_value +{ + DwarfAttrib attrib; /* Sujet de l'élément */ + dw_form_value value; /* Valeur instanciée associée */ + +} dw_value; + + + + + + + + + + + + + + + +#if 0 + + + + + + + + + + + + + + + +/* Liste des balises rencontrées */ +typedef enum _DwarfTag +{ + DWT_NONE = 0x00, + + DWT_ARRAY_TYPE = 0x01, + DWT_CLASS_TYPE = 0x02, + DWT_ENTRY_POINT = 0x03, + DWT_ENUMERATION_TYPE = 0x04, + DWT_FORMAL_PARAMETER = 0x05, + DWT_IMPORTED_DECLARATION = 0x08, + DWT_LABEL = 0x0a, + DWT_LEXICAL_BLOCK = 0x0b, + DWT_MEMBER = 0x0d, + DWT_POINTER_TYPE = 0x0f, + DWT_REFERENCE_TYPE = 0x10, + DWT_COMPILE_UNIT = 0x11, + DWT_STRING_TYPE = 0x12, + DWT_STRUCTURE_TYPE = 0x13, + DWT_SUBROUTINE_TYPE = 0x15, + DWT_TYPEDEF = 0x16, + DWT_UNION_TYPE = 0x17, + DWT_UNSPECIFIED_PARAMETERS = 0x18, + DWT_VARIANT = 0x19, + DWT_COMMON_BLOCK = 0x1a, + DWT_COMMON_INCLUSION = 0x1b, + DWT_INHERITANCE = 0x1c, + DWT_INLINED_SUBROUTINE = 0x1d, + DWT_MODULE = 0x1e, + DWT_PTR_TO_MEMBER_TYPE = 0x1f, + DWT_SET_TYPE = 0x20, + DWT_SUBRANGE_TYPE = 0x21, + DWT_WITH_STMT = 0x22, + DWT_ACCESS_DECLARATION = 0x23, + DWT_BASE_TYPE = 0x24, + DWT_CATCH_BLOCK = 0x25, + DWT_CONST_TYPE = 0x26, + DWT_CONSTANT = 0x27, + DWT_ENUMERATOR = 0x28, + DWT_FILE_TYPE = 0x29, + DWT_FRIEND = 0x2a, + DWT_NAMELIST = 0x2b, + + DWT_NAMELIST_ITEM = 0x2c, + DWT_PACKED_TYPE = 0x2d, + DWT_SUBPROGRAM = 0x2e, + + DWT_TEMPLATE_TYPE_PARAM = 0x2f, /* DWARF2 */ + DWT_TEMPLATE_TYPE_PARAMETER = 0x2f, /* DWARF3 */ + DWT_TEMPLATE_VALUE_PARAM = 0x30, /* DWARF2 */ + DWT_TEMPLATE_VALUE_PARAMETER = 0x30, /* DWARF3 */ + DWT_THROWN_TYPE = 0x31, + DWT_TRY_BLOCK = 0x32, + DWT_VARIANT_PART = 0x33, + DWT_VARIABLE = 0x34, + DWT_VOLATILE_TYPE = 0x35, + DWT_DWARF_PROCEDURE = 0x36, /* DWARF3 */ + DWT_RESTRICT_TYPE = 0x37, /* DWARF3 */ + DWT_INTERFACE_TYPE = 0x38, /* DWARF3 */ + DWT_NAMESPACE = 0x39, /* DWARF3 */ + DWT_IMPORTED_MODULE = 0x3a, /* DWARF3 */ + DWT_UNSPECIFIED_TYPE = 0x3b, /* DWARF3 */ + DWT_PARTIAL_UNIT = 0x3c, /* DWARF3 */ + DWT_IMPORTED_UNIT = 0x3d, /* DWARF3 */ + + DWT_MUTABLE_TYPE = 0x3e, /* Oublié en faveur des deux suivantes (DWARF3 -> DWARF3f) */ + DWT_CONDITION = 0x3f, /* DWARF3f */ + DWT_SHARED_TYPE = 0x40, /* DWARF3f */ + + DWT_LO_USER = 0x4080, + + DWT_MIPS_LOOP = 0x4081, + + /* Extensions HP */ + + DWT_HP_ARRAY_DESCRIPTOR = 0x4090, + + /* Extensions GNU */ + + DWT_GNU_FORMAT_LABEL = 0x4101, /* Fortran. */ + DWT_GNU_FUNCTION_TEMPLATE = 0x4102, /* C++ */ + DWT_GNU_CLASS_TEMPLATE = 0x4103, /* C++ */ + DWT_GNU_BINCL = 0x4104, + DWT_GNU_EINCL = 0x4105, + + /* Extensions ALTIUM */ + + DWT_ALTIUM_CIRC_TYPE = 0x5101, /* DSP-C/Starcore __circ qualifier */ + DWT_ALTIUM_MWA_CIRC_TYPE = 0x5102, /* Starcore __mwa_circ qualifier */ + DWT_ALTIUM_REV_CARRY_TYPE = 0x5103, /* Starcore __rev_carry qualifier */ + DWT_ALTIUM_ROM = 0x5111, /* M16 __rom qualifier */ + + /* Extensions pour le support UPC */ + + DWT_UPC_SHARED_TYPE = 0x8765, + DWT_UPC_STRICT_TYPE = 0x8766, + DWT_UPC_RELAXED_TYPE = 0x8767, + + /* Extensions PGI (STMicroelectronics) */ + + DWT_PGI_KANJI_TYPE = 0xa000, + DWT_PGI_INTERFACE_BLOCK = 0xa020, + + /* Extensions SUN */ + + DWT_SUN_FUNCTION_TEMPLATE = 0x4201, + DWT_SUN_CLASS_TEMPLATE = 0x4202, + DWT_SUN_STRUCT_TEMPLATE = 0x4203, + DWT_SUN_UNION_TEMPLATE = 0x4204, + DWT_SUN_INDIRECT_INHERITANCE = 0x4205, + DWT_SUN_CODEFLAGS = 0x4206, + DWT_SUN_MEMOP_INFO = 0x4207, + DWT_SUN_OMP_CHILD_FUNC = 0x4208, + DWT_SUN_RTTI_DESCRIPTOR = 0x4209, + DWT_SUN_DTOR_INFO = 0x420a, + DWT_SUN_DTOR = 0x420b, + DWT_SUN_F90_INTERFACE = 0x420c, + DWT_SUN_FORTRAN_VAX_STRUCTURE = 0x420d, + DWT_SUN_HI = 0x42ff, + + DWT_HI_USER = 0xffff + +} DwarfTag; + + +#define DW_CHILDREN_NO 0x00 +#define DW_CHILDREN_YES 0x01 + + +/* Liste des attributs rencontrés */ +typedef enum _DwarfAttrib +{ + DWA_SIBLING = 0x01, + DWA_LOCATION = 0x02, + DWA_NAME = 0x03, + DWA_ORDERING = 0x09, + DWA_SUBSCR_DATA = 0x0a, + DWA_BYTE_SIZE = 0x0b, + DWA_BIT_OFFSET = 0x0c, + DWA_BIT_SIZE = 0x0d, + DWA_ELEMENT_LIST = 0x0f, + DWA_STMT_LIST = 0x10, + DWA_LOW_PC = 0x11, + DWA_HIGH_PC = 0x12, + DWA_LANGUAGE = 0x13, + DWA_MEMBER = 0x14, + DWA_DISCR = 0x15, + DWA_DISCR_VALUE = 0x16, + DWA_VISIBILITY = 0x17, + DWA_IMPORT = 0x18, + DWA_STRING_LENGTH = 0x19, + DWA_COMMON_REFERENCE = 0x1a, + DWA_COMP_DIR = 0x1b, + DWA_CONST_VALUE = 0x1c, + DWA_CONTAINING_TYPE = 0x1d, + DWA_DEFAULT_VALUE = 0x1e, + DWA_INLINE = 0x20, + DWA_IS_OPTIONAL = 0x21, + DWA_LOWER_BOUND = 0x22, + DWA_PRODUCER = 0x25, + DWA_PROTOTYPED = 0x27, + DWA_RETURN_ADDR = 0x2a, + DWA_START_SCOPE = 0x2c, + DWA_BIT_STRIDE = 0x2e, /* DWARF3 */ + DWA_STRIDE_SIZE = 0x2e, /* DWARF2 */ + DWA_UPPER_BOUND = 0x2f, + DWA_ABSTRACT_ORIGIN = 0x31, + DWA_ACCESSIBILITY = 0x32, + DWA_ADDRESS_CLASS = 0x33, + DWA_ARTIFICIAL = 0x34, + DWA_BASE_TYPES = 0x35, + DWA_CALLING_CONVENTION = 0x36, + DWA_COUNT = 0x37, + DWA_DATA_MEMBER_LOCATION = 0x38, + DWA_DECL_COLUMN = 0x39, + DWA_DECL_FILE = 0x3a, + DWA_DECL_LINE = 0x3b, + DWA_DECLARATION = 0x3c, + DWA_DISCR_LIST = 0x3d, + DWA_ENCODING = 0x3e, + DWA_EXTERNAL = 0x3f, + DWA_FRAME_BASE = 0x40, + DWA_FRIEND = 0x41, + DWA_IDENTIFIER_CASE = 0x42, + DWA_MACRO_INFO = 0x43, + DWA_NAMELIST_ITEM = 0x44, + DWA_PRIORITY = 0x45, + DWA_SEGMENT = 0x46, + DWA_SPECIFICATION = 0x47, + DWA_STATIC_LINK = 0x48, + DWA_TYPE = 0x49, + DWA_USE_LOCATION = 0x4a, + DWA_VARIABLE_PARAMETER = 0x4b, + DWA_VIRTUALITY = 0x4c, + DWA_VTABLE_ELEM_LOCATION = 0x4d, + DWA_ALLOCATED = 0x4e, /* DWARF3 */ + DWA_ASSOCIATED = 0x4f, /* DWARF3 */ + DWA_DATA_LOCATION = 0x50, /* DWARF3 */ + DWA_BYTE_STRIDE = 0x51, /* DWARF3f */ + DWA_STRIDE = 0x51, /* DWARF3 (ne pas utiliser) */ + DWA_ENTRY_PC = 0x52, /* DWARF3 */ + DWA_USE_UTF8 = 0x53, /* DWARF3 */ + DWA_EXTENSION = 0x54, /* DWARF3 */ + DWA_RANGES = 0x55, /* DWARF3 */ + DWA_TRAMPOLINE = 0x56, /* DWARF3 */ + DWA_CALL_COLUMN = 0x57, /* DWARF3 */ + DWA_CALL_FILE = 0x58, /* DWARF3 */ + DWA_CALL_LINE = 0x59, /* DWARF3 */ + DWA_DESCRIPTION = 0x5a, /* DWARF3 */ + DWA_BINARY_SCALE = 0x5b, /* DWARF3f */ + DWA_DECIMAL_SCALE = 0x5c, /* DWARF3f */ + DWA_SMALL = 0x5d, /* DWARF3f */ + DWA_DECIMAL_SIGN = 0x5e, /* DWARF3f */ + DWA_DIGIT_COUNT = 0x5f, /* DWARF3f */ + DWA_PICTURE_STRING = 0x60, /* DWARF3f */ + DWA_MUTABLE = 0x61, /* DWARF3f */ + DWA_THREADS_SCALED = 0x62, /* DWARF3f */ + DWA_EXPLICIT = 0x63, /* DWARF3f */ + DWA_OBJECT_POINTER = 0x64, /* DWARF3f */ + DWA_ENDIANITY = 0x65, /* DWARF3f */ + DWA_ELEMENTAL = 0x66, /* DWARF3f */ + DWA_PURE = 0x67, /* DWARF3f */ + DWA_RECURSIVE = 0x68, /* DWARF3f */ + + DWA_LO_USER = 0x2000, + + /* Extension HP */ + + DWA_HP_BLOCK_INDEX = 0x2000, + + /* Extensions MIPS/SGI */ + + DWA_MIPS_FDE = 0x2001, + DWA_MIPS_LOOP_BEGIN = 0x2002, + DWA_MIPS_TAIL_LOOP_BEGIN = 0x2003, + DWA_MIPS_EPILOG_BEGIN = 0x2004, + DWA_MIPS_LOOP_UNROLL_FACTOR = 0x2005, + DWA_MIPS_SOFTWARE_PIPELINE_DEPTH = 0x2006, + DWA_MIPS_LINKAGE_NAME = 0x2007, + DWA_MIPS_STRIDE = 0x2008, + DWA_MIPS_ABSTRACT_NAME = 0x2009, + DWA_MIPS_CLONE_ORIGIN = 0x200a, + DWA_MIPS_HAS_INLINES = 0x200b, + DWA_MIPS_STRIDE_BYTE = 0x200c, + DWA_MIPS_STRIDE_ELEM = 0x200d, + DWA_MIPS_PTR_DOPETYPE = 0x200e, + DWA_MIPS_ALLOCATABLE_DOPETYPE = 0x200f, + DWA_MIPS_ASSUMED_SHAPE_DOPETYPE = 0x2010, + DWA_MIPS_ASSUMED_SIZE = 0x2011, + + /* Extensions HP */ + + DWA_HP_unmodifiable = 0x2001, /* conflit : MIPS */ + DWA_HP_actuals_stmt_list = 0x2010, /* conflit : MIPS */ + DWA_HP_proc_per_section = 0x2011, /* conflit : MIPS */ + DWA_HP_raw_data_ptr = 0x2012, + DWA_HP_pass_by_reference = 0x2013, + DWA_HP_opt_level = 0x2014, + DWA_HP_prof_version_id = 0x2015, + DWA_HP_opt_flags = 0x2016, + DWA_HP_cold_region_low_pc = 0x2017, + DWA_HP_cold_region_high_pc = 0x2018, + DWA_HP_all_variables_modifiable = 0x2019, + DWA_HP_linkage_name = 0x201a, + DWA_HP_prof_flags = 0x201b, + + /* Extensions GNU */ + + DWA_GNU_SF_NAMES = 0x2101, + DWA_GNU_SRC_INFO = 0x2102, + DWA_GNU_MAC_INFO = 0x2103, + DWA_GNU_SRC_COORDS = 0x2104, + DWA_GNU_BODY_BEGIN = 0x2105, + DWA_GNU_BODY_END = 0x2106, + DWA_GNU_VECTOR = 0x2107, + + /* Extensions SUN */ + + DWA_SUN_TEMPLATE = 0x2201, + DWA_SUN_RTNBEG_PD_ADDRESS = 0x2201, + DWA_SUN_ALIGNMENT = 0x2202, + DWA_SUN_VTABLE = 0x2203, + DWA_SUN_COUNT_GUARANTEE = 0x2204, + DWA_SUN_COMMAND_LINE = 0x2205, + DWA_SUN_VBASE = 0x2206, + DWA_SUN_COMPILE_OPTIONS = 0x2207, + DWA_SUN_LANGUAGE = 0x2208, + DWA_SUN_BROWSER_FILE = 0x2209, + DWA_SUN_VTABLE_ABI = 0x2210, + DWA_SUN_FUNC_OFFSETS = 0x2211, + DWA_SUN_CF_KIND = 0x2212, + DWA_SUN_VTABLE_INDEX = 0x2213, + DWA_SUN_OMP_TPRIV_ADDR = 0x2214, + DWA_SUN_OMP_CHILD_FUNC = 0x2215, + DWA_SUN_FUNC_OFFSET = 0x2216, + DWA_SUN_MEMOP_TYPE_REF = 0x2217, + DWA_SUN_PROFILE_ID = 0x2218, + DWA_SUN_MEMOP_SIGNATURE = 0x2219, + DWA_SUN_OBJ_DIR = 0x2220, + DWA_SUN_OBJ_FILE = 0x2221, + DWA_SUN_ORIGINAL_NAME = 0x2222, + DWA_SUN_HWCPROF_SIGNATURE = 0x2223, + DWA_SUN_AMD64_PARMDUMP = 0x2224, + DWA_SUN_PART_LINK_NAME = 0x2225, + DWA_SUN_LINK_NAME = 0x2226, + DWA_SUN_PASS_WITH_CONST = 0x2227, + DWA_SUN_RETURN_WITH_CONST = 0x2228, + DWA_SUN_IMPORT_BY_NAME = 0x2229, + DWA_SUN_F90_POINTER = 0x222a, + DWA_SUN_PASS_BY_REF = 0x222b, + DWA_SUN_F90_ALLOCATABLE = 0x222c, + DWA_SUN_F90_ASSUMED_SHAPE_ARRAY = 0x222d, + DWA_SUN_C_VLA = 0x222e, + DWA_SUN_RETURN_VALUE_PTR = 0x2230, + DWA_SUN_DTOR_START = 0x2231, + DWA_SUN_DTOR_LENGTH = 0x2232, + DWA_SUN_DTOR_STATE_INITIAL = 0x2233, + DWA_SUN_DTOR_STATE_FINAL = 0x2234, + DWA_SUN_DTOR_STATE_DELTAS = 0x2235, + DWA_SUN_IMPORT_BY_LNAME = 0x2236, + DWA_SUN_F90_USE_ONLY = 0x2237, + DWA_SUN_NAMELIST_SPEC = 0x2238, + DWA_SUN_IS_OMP_CHILD_FUNC = 0x2239, + DWA_SUN_FORTRAN_MAIN_ALIAS = 0x223a, + DWA_SUN_FORTRAN_BASED = 0x223b, + + /* Extensions ALTIUM */ + + DWA_ALTIUM_LOCLIST = 0x2300, + + /* Extensions PGI (STMicroelectronics) */ + + DWA_PGI_LBASE = 0x3a00, + DWA_PGI_SOFFSET = 0x3a01, + DWA_PGI_LSTRIDE = 0x3a02, + + /* Extensions pour le support UPC */ + + DWA_UPC_THREADS_SCALED = 0x3210, + + DWA_HI_USER = 0x3fff + +} DwarfAttrib; + + +/* Liste des types de données */ +typedef enum _DwarfForm +{ + DWF_ADDR = 0x01, + DWF_BLOCK2 = 0x03, + DWF_BLOCK4 = 0x04, + DWF_DATA2 = 0x05, + DWF_DATA4 = 0x06, + DWF_DATA8 = 0x07, + DWF_STRING = 0x08, + DWF_BLOCK = 0x09, + DWF_BLOCK1 = 0x0a, + DWF_DATA1 = 0x0b, + DWF_FLAG = 0x0c, + DWF_SDATA = 0x0d, + DWF_STRP = 0x0e, + DWF_UDATA = 0x0f, + DWF_REF_ADDR = 0x10, + DWF_REF1 = 0x11, + DWF_REF2 = 0x12, + DWF_REF4 = 0x13, + DWF_REF8 = 0x14, + DWF_REF_UDATA = 0x15, + DWF_INDIRECT = 0x16 + +} DwarfForm; + + +#endif + + + +#endif /* _FORMAT_DWARF_DWARF_DEF_H */ diff --git a/plugins/dwarf/form.c b/plugins/dwarf/form.c new file mode 100644 index 0000000..d7922f7 --- /dev/null +++ b/plugins/dwarf/form.c @@ -0,0 +1,113 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.h - prototypes pour la transmission des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "form.h" + + + +/****************************************************************************** +* * +* Paramètres : value = valeur au format Dwarf à consulter. * +* form = nature de la valeur à lire. * +* addr = valeur utilisable en interne récupérée. [OUT] * +* * +* Description : Transcrit une valeur Dwarf brute en adresse virtuelle. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool translate_form_into_address(const dw_form_value *value, DwarfForm form, virt_t *addr) +{ + bool result; /* Bilan à retourner */ + + result = true; + + switch (form) + { + case DW_FORM_addr: + *addr = value->v2.address; + break; + + case DW_FORM_data1: + *addr = value->v2.data1; + break; + + case DW_FORM_data2: + *addr = value->v2.data2; + break; + + case DW_FORM_data4: + *addr = value->v2.data4; + break; + + case DW_FORM_data8: + *addr = value->v2.data8; + break; + + default: + result = false; + break; + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : value = valeur au format Dwarf à consulter. * +* form = nature de la valeur à lire. * +* * +* Description : Transcrit une valeur Dwarf brute en chaîne de caractères. * +* * +* Retour : Bilan de l'opération : chaîne de caractères ou NULL si échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +const char *translate_form_into_string(const dw_form_value *value, DwarfForm form) +{ + const char *result; /* Valeur et bilan à retourner */ + + switch (form) + { + case DW_FORM_string: + case DW_FORM_strp: + result = value->v2.string; + break; + + default: + result = NULL; + break; + + } + + return result; + +} diff --git a/plugins/dwarf/form.h b/plugins/dwarf/form.h new file mode 100644 index 0000000..bdef9b3 --- /dev/null +++ b/plugins/dwarf/form.h @@ -0,0 +1,40 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.h - prototypes pour la transmission des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_FORM_H +#define _FORMAT_DWARF_FORM_H + + +#include "dwarf_def.h" + + + +/* Transcrit une valeur Dwarf brute en adresse virtuelle. */ +bool translate_form_into_address(const dw_form_value *, DwarfForm, virt_t *); + +/* Transcrit une valeur Dwarf brute en chaîne de caractères. */ +const char *translate_form_into_string(const dw_form_value *, DwarfForm); + + + +#endif /* _FORMAT_DWARF_FORM_H */ diff --git a/plugins/dwarf/info.c b/plugins/dwarf/info.c new file mode 100644 index 0000000..432280e --- /dev/null +++ b/plugins/dwarf/info.c @@ -0,0 +1,853 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * info.c - lecture des informations principales du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "info.h" + + +#include "die.h" +#include "dwarf-int.h" +#include "../debuggable-int.h" + + + + + +static bool extract_dies_from_debug_information(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die *parent, dw_die **die); + + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage DWARF à compléter. * +* * +* Description : Charge les informations depuis une section ".debug_info". * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_dwarf_debug_information(GDwarfFormat *format) +{ + bool result; /* Bilan à renvoyer */ + + + + mrange_t range; /* Couverture d'une section */ + vmpa2t end; + vmpa2t iter; /* Tête de lecture mouvante */ + + dw_compil_unit_header header; + dw_die *die; + + + + result = g_exe_format_get_section_range_by_name(G_DBG_FORMAT(format)->executable, ".debug_info", &range); + if (!result) goto lddi_exit; + + copy_vmpa(&iter, get_mrange_addr(&range)); + + + printf("[%d] Passage :: 0x%08llx 0x%08llx\n", + result, + (unsigned long long)range.addr.physical, + (unsigned long long)range.addr.virtual); + + compute_mrange_end_addr(&range, &end); + + while (result) + { + /* Si il n'y a plus rien à lire dans la section... */ + if (cmp_vmpa(&iter, &end) >= 0) break; + + + printf("========================================================================\n"); + printf("========================================================================\n"); + printf("========================================================================\n"); + printf("========================================================================\n"); + printf("\n"); + printf("HEADER START :: 0x%x\n", (unsigned int)iter.physical); + + + result = read_dwarf_compil_unit_header(G_BIN_FORMAT(format)->content, &iter, + SRE_LITTLE /* FIXME */, &header); + if (!result) break; + + printf("[%d] header :: addr size=%hhu\n", result, header.address_size); + + + result = extract_dies_from_debug_information(format, &iter, + SRE_LITTLE /* FIXME */, &header, + NULL, &die); + + + + } + + + format->info_die = die; + + + lddi_exit: + + return result; + +} + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage DWARF à compléter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête de description de l'unité à traiter. * +* parent = entrée parent de rattachement ou NULL si racine. * +* die = emplacement de stockage de l'entrée. [OUT] * +* * +* Description : Procède à la lecture de l'en-tête d'un contenu binaire DWARF.* +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool extract_dies_from_debug_information(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die *parent, dw_die **die) +{ + bool result; /* Bilan à faire remonter */ + dw_die *child; /* Entrée subordonnée à charger*/ + + printf("==================================\n"); + printf("=== version : 0x%hx\n", header->version); + printf("=== offset abbrev : 0x%llx\n", (unsigned long long)header->debug_abbrev_offset); + printf("==================================\n"); + + + phys_t start = 0x1039; + + printf("start :: 0x%x\n", (unsigned int)(pos->physical - start)); + printf("start :: 0x%x\n", (unsigned int)(0x0 + pos->physical)); + + result = build_dwarf_die(format, pos, SRE_LITTLE /* FIXME */, header, die); + if (*die == NULL) return result; + + if (parent != NULL) + dw_die_append_child(parent, *die); + + if (dw_die_has_children(*die)) + { + printf("<<<< children >>>>\n"); + + printf("next :: 0x%x\n", (unsigned int)(pos->physical - start)); + + while (result) + { + result = extract_dies_from_debug_information(format, pos, endian, header, *die, &child); + + if (!result) + delete_dwarf_die(*die); + + /* Entrée avec un code nul -> fin */ + if (child == NULL) break; + + } + + } + + return result; + +} + + + + + + + +#if 0 +#include <malloc.h> +#include <string.h> + + +#include "abbrev.h" +#include "dwarf-int.h" +#include "utils.h" + + +/* Informations utiles d'une unité de compilation */ +typedef struct _compil_unit +{ + off_t startpos; /* Position de début d'unité */ + off_t endpos; /* Position d'unité suivante */ + + off_t offset; /* Position dans les abréviat° */ + uint8_t ptrsize; /* Taille des adresses mémoire */ + +} compil_unit; + + + +#define _(str) str + + +/* Procède à la lecture d'une unité de compilation. */ +bool read_dwarf_compilation_unit(dwarf_format *, off_t *, compil_unit *); + +/* Récupère toutes les déclarations DWARF utiles trouvées. */ +bool parse_dwarf_compilation_unit(dwarf_format *, off_t *, const compil_unit *); + +/* Enregistre toutes les déclarations de fonction trouvées. */ +dw_dbg_function *look_for_dwarf_subprograms(dwarf_format *, const dw_abbrev *, off_t *, const compil_unit *); + +/* Obtient la description humaine d'un type. */ +char *resolve_dwarf_function_type(dwarf_format *, const dw_abbrev *, const off_t *, const compil_unit *); + + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* * +* Description : Charge les informations trouvées dans un DWARF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_dwarf_information(dwarf_format *format) +{ + bool result; /* Bilan à renvoyer */ + + + + + off_t offset; + off_t start; + off_t size; + + bool test; + + int i; + + + compil_unit cu; + + + + result = true; + + test = find_exe_section(DBG_FORMAT(format)->e_format, ".debug_info", &start, &size, NULL); + + offset = start; + + + printf(" -> offset=%d size=%d\n", offset, size); + + + + for (i = 0; i < size; i++) + { + if (i % 25 == 0) printf("\n"); + printf("0x%02hhx ", DBG_FORMAT(format)->content[offset + i]); + } + + printf("\n"); + + + + while (offset < (start + size) && result) + { + printf("-------------\n"); + + result = read_dwarf_compilation_unit(format, &offset, &cu); + + if (result) + parse_dwarf_compilation_unit(format, &offset, &cu); + + } + + + printf("##############\nRegistered functions:\n"); + + for (i = 0; i < format->dbg_fc_count; i++) + printf(" > [0x%08llx] %s\n", format->dbg_functions[i]->low_pc, format->dbg_functions[i]->prototype); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à effacer. * +* * +* Description : Décharge les informations trouvées dans un DWARF. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void unload_dwarf_information(dwarf_format *format) +{ + + + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* cu = unité de compilation lue. [OUT] * +* * +* Description : Procède à la lecture d'une unité de compilation. * +* * +* Retour : true en cas de succès de la lecture, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_compilation_unit(dwarf_format *format, off_t *pos, compil_unit *cu) +{ + off_t ulength; /* Taille de l'unité */ + uint16_t version; /* Version du format DWARF */ + + cu->startpos = *pos; + + if (!read_unit_length(format, pos, &ulength)) + return false; + + cu->endpos = *pos + ulength; + + if (!read_uhalf(format, pos, &version)) + return false; + + if (version > 3) return false; + + if (!read_abbrev_offset(format, pos, &cu->offset)) + return false; + + if (!read_address_size(format, pos, &cu->ptrsize)) + return false; + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* cu = unité de compilation courante. * +* * +* Description : Récupère toutes les déclarations DWARF utiles trouvées. * +* * +* Retour : true en cas de succès de la lecture, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool parse_dwarf_compilation_unit(dwarf_format *format, off_t *pos, const compil_unit *cu) +{ + bool result; /* Bilan à retourner */ + const dw_abbrev *abbrev; /* Abréviation rencontrée */ + dw_dbg_function *function; /* Nouvelle fonction lue */ + + + + result = true; + + while (*pos < cu->endpos && result) + { + + + printf(" =+> Cur :: 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx\n", + DBG_FORMAT(format)->content[*pos], + DBG_FORMAT(format)->content[*pos + 1], + DBG_FORMAT(format)->content[*pos + 2], + DBG_FORMAT(format)->content[*pos + 3], + DBG_FORMAT(format)->content[*pos + 4]); + + + + abbrev = find_dwarf_abbreviations(format, &cu->offset, pos); + + if (abbrev == NULL) + break; + + + + printf(" --> %p\n", abbrev); + + printf(" == 0x%02x (matched ? %d)\n", abbrev->tag, abbrev->tag == DWT_SUBPROGRAM); + + + + switch (abbrev->tag) + { + case DWT_SUBPROGRAM: + function = look_for_dwarf_subprograms(format, abbrev, pos, cu); + + if (function != NULL) + { + format->dbg_functions = (dw_dbg_function **)realloc(format->dbg_functions, ++format->dbg_fc_count * sizeof(dw_dbg_function *)); + format->dbg_functions[format->dbg_fc_count - 1] = function; + } + else result = false; + + break; + + default: + break; + + } + + + + + + + + + + + + + if (!skip_dwarf_abbrev(format, pos, abbrev)) + printf("error skipping :(\n"); + + + } + + + printf(" =+> Next :: 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx\n", + DBG_FORMAT(format)->content[*pos], + DBG_FORMAT(format)->content[*pos + 1], + DBG_FORMAT(format)->content[*pos + 2], + DBG_FORMAT(format)->content[*pos + 3], + DBG_FORMAT(format)->content[*pos + 4]); + + + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* abbrev = abréviation trouvée à traiter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* cu = unité de compilation courante. * +* * +* Description : Enregistre toutes les déclarations de fonction trouvées. * +* * +* Retour : Fonction chargée en mémoire ou NULL en cas d'échec. * +* * +* Remarques : - * +* * +******************************************************************************/ + +dw_dbg_function *look_for_dwarf_subprograms(dwarf_format *format, const dw_abbrev *abbrev, off_t *pos, const compil_unit *cu) +{ + dw_dbg_function *result; /* Structure à retourner */ + uint32_t type_pos; /* Décalage p/r au pt courant */ + off_t subpos; /* Sous-position de lecture #1 */ + const dw_abbrev *subabbrev; /* Abréviation fille à lire */ + char *retstr; /* Elément du prototype */ + char *prototype; /* Stockage temporaire */ + size_t proto_len; /* Taille du prototype */ + bool is_pointer; /* Mémorise le type 'pointeur' */ + uint64_t index; /* Index de la fonction */ + bool first_arg; /* Marque le 1er argument */ + off_t subpos2; /* Sous-position de lecture #2 */ + const dw_abbrev *subabbrev2; /* Abréviation fille à lire #2 */ + + result = (dw_dbg_function *)calloc(1, sizeof(dw_dbg_function)); + + /* Récupération des informations de base */ + + if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_NAME, &result->name)) + goto lfds_error; + + if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_LOW_PC, &result->low_pc)) + goto lfds_error; + + if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_HIGH_PC, &result->high_pc)) + goto lfds_error; + + /* Type de la fonction */ + + if (test_dwarf_abbrev_attribute(abbrev, DWA_TYPE)) + { + if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_TYPE, &type_pos)) + goto lfds_error; + + subpos = cu->startpos + type_pos; + + subabbrev = find_dwarf_abbreviations(format, &cu->offset, &subpos); + + retstr = resolve_dwarf_function_type(format, subabbrev, &subpos, cu); + + } + else retstr = strdup("void"); + + if (retstr == NULL) + { + proto_len = 3; + prototype = (char *)calloc(proto_len + 1, sizeof(char)); + strcat(prototype, "???"); + + is_pointer = false; + + } + else + { + proto_len = strlen(retstr); + prototype = (char *)calloc(proto_len + 1, sizeof(char)); + strcat(prototype, retstr); + + is_pointer = (retstr[strlen(retstr) - 1] == '*'); + + free(retstr); + + } + + /* On saute l'abréviation de la déclaration de fonction... */ + + subpos = *pos; + + if (!read_uleb128(format, &subpos, &index, true)) + goto lfds_error; + + if (!skip_dwarf_abbrev(format, &subpos, abbrev)) + goto lfds_error; + + /* Lecture des différents arguments */ + + proto_len += (!is_pointer ? 1 : 0) + strlen(result->name) + 1; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + if (!is_pointer) strcat(prototype, " "); + strcat(prototype, result->name); + strcat(prototype, "("); + + first_arg = true; + + while (1) + { + subabbrev = find_dwarf_abbreviations(format, &cu->offset, &subpos); + if (subabbrev == NULL) goto exit_loop; + + switch (subabbrev->tag) + { + case DWT_UNSPECIFIED_PARAMETERS: + + /* Virgule de séparation */ + + if (first_arg) first_arg = false; + else + { + proto_len += 2; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, ", "); + } + + /* Marque de l'absence de type */ + + proto_len += 3; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, "..."); + + break; + + case DWT_FORMAL_PARAMETER: + + if (!read_dwarf_abbrev_attribute(format, &subpos, false, subabbrev, DWA_TYPE, &type_pos)) + goto lfds_error; + + subpos2 = cu->startpos + type_pos; + + subabbrev2 = find_dwarf_abbreviations(format, &cu->offset, &subpos2); + + retstr = resolve_dwarf_function_type(format, subabbrev2, &subpos2, cu); + + /* Virgule de séparation */ + + if (first_arg) first_arg = false; + else + { + proto_len += 2; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, ", "); + } + + /* Type de l'argument */ + + if (retstr == NULL) + { + proto_len += 3; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, "???"); + + is_pointer = false; + + } + else + { + proto_len += strlen(retstr); + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, retstr); + + is_pointer = (retstr[strlen(retstr) - 1] == '*'); + + free(retstr); + + } + + /* Nom de l'argument */ + + if (test_dwarf_abbrev_attribute(abbrev, DWA_NAME)) + { + if (!read_dwarf_abbrev_attribute(format, &subpos, false, subabbrev, DWA_NAME, &retstr)) + goto lfds_error; + } + else retstr = strdup(_("[no name]")); + + if (retstr != NULL) + { + proto_len += strlen(retstr) + (!is_pointer ? 1 : 0) + 1; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + if (!is_pointer) strcat(prototype, " "); + strcat(prototype, retstr); + + free(retstr); + + } + + break; + + default: + goto exit_loop; + break; + + } + + if (!skip_dwarf_abbrev(format, &subpos, subabbrev)) + goto lfds_error; + + } + + exit_loop: + + proto_len += 1; + prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); + strcat(prototype, ")"); + + result->prototype = prototype; + + return result; + + lfds_error: + + if (result->name != NULL) free(result->name); + if (result->prototype != NULL) free(result->prototype); + + free(result); + + return NULL; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à compléter. * +* abbrev = abréviation associée au type. * +* pos = tête de lecture à avoir sous le coude. * +* cu = unité de compilation courante. * +* * +* Description : Obtient la description humaine d'un type. * +* * +* Retour : Chaîne de caractères en cas de succès, NULL sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *resolve_dwarf_function_type(dwarf_format *format, const dw_abbrev *abbrev, const off_t *pos, const compil_unit *cu) +{ + char *result; /* Description à retourner */ + off_t oldpos; /* Conservation de l'indice */ + uint32_t type_pos; /* Sous-type détecté */ + uint64_t index; /* Indice de l'abréviation... */ + const dw_abbrev *subabbrev; /* ... et abréviation associée */ + size_t len; /* Longeur d'un résultat */ + + result = NULL; + oldpos = *pos; + + switch (abbrev->tag) + { + /* 0x04 */ + case DWT_ENUMERATION_TYPE: + + oldpos = *pos; + read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); + + if (result != NULL) + { + len = strlen(result); + + result = (char *)realloc(result, (strlen("enum ") + len + 1) * sizeof(char)); + memmove(&result[strlen("enum ")], result, len); + memcpy(result, "enum ", strlen("enum ")); + + } + + break; + + /* 0x0f */ + case DWT_POINTER_TYPE: + + if (test_dwarf_abbrev_attribute(abbrev, DWA_TYPE)) + { + if (!read_dwarf_abbrev_attribute(format, &oldpos, true, abbrev, DWA_TYPE, &type_pos)) + return NULL; + + oldpos = cu->startpos + type_pos; + + subabbrev = find_dwarf_abbreviations(format, &cu->offset, &oldpos); + + result = resolve_dwarf_function_type(format, subabbrev, &oldpos, cu); + + } + else result = strdup("void"); + + if (result != NULL) + { + len = strlen(result); + + if (result[len - 1] == '*') + { + result = (char *)realloc(result, (len + 2) * sizeof(char)); + result[len] = '*'; + } + else + { + result = (char *)realloc(result, (len + 3) * sizeof(char)); + strcat(result, " *"); + } + + } + + break; + + /* 0x13 */ + case DWT_STRUCTURE_TYPE: + + oldpos = *pos; + read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); + + if (result != NULL) + { + len = strlen(result); + + result = (char *)realloc(result, (strlen("struct ") + len + 1) * sizeof(char)); + memmove(&result[strlen("struct ")], result, len); + memcpy(result, "struct ", strlen("struct ")); + + } + + break; + + /* 0x16 */ + case DWT_TYPEDEF: + oldpos = *pos; + read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); + break; + + /* 0x24 */ + case DWT_BASE_TYPE: + oldpos = *pos; + read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); + break; + + /* 0x26 */ + case DWT_CONST_TYPE: + + + + if (read_dwarf_abbrev_attribute(format, &oldpos, true, abbrev, DWA_TYPE, &type_pos)) + printf(" ## sub type :: 0x%08x\n", type_pos); + else printf(" error: no type\n"); + + oldpos = cu->startpos + type_pos; + + + + + + + subabbrev = find_dwarf_abbreviations(format, &cu->offset, &oldpos); + printf("subabbrev == %p\n", subabbrev); + + + + + result = resolve_dwarf_function_type(format, subabbrev, &oldpos, cu); + + if (result != NULL) + { + len = strlen(result); + + result = (char *)realloc(result, (strlen("const ") + len + 1) * sizeof(char)); + memmove(&result[strlen("const ")], result, len); + memcpy(result, "const ", strlen("const ")); + + } + + break; + + default: + printf("### NOT HANDLED ### Tag :: 0x%02x\n", abbrev->tag); + break; + + } + + return result; + +} +#endif diff --git a/plugins/dwarf/info.h b/plugins/dwarf/info.h new file mode 100644 index 0000000..76220e5 --- /dev/null +++ b/plugins/dwarf/info.h @@ -0,0 +1,63 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * info.h - prototypes pour la lecture des informations principales du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_INFO_H +#define _FORMAT_DWARF_INFO_H + + +#include <stdbool.h> + + +#include "dwarf.h" + + + +/* Charge les informations depuis une section ".debug_info". */ +bool load_dwarf_debug_information(GDwarfFormat *); + + + + + + + + +#if 0 + +#include <stdbool.h> + + +#include "d_dwarf.h" + + + +/* Charge les informations trouvées dans un DWARF. */ +bool load_dwarf_information(dwarf_format *); + +/* Décharge les informations trouvées dans un DWARF. */ +void unload_dwarf_information(dwarf_format *); +#endif + + + +#endif /* _FORMAT_DWARF_INFO_H */ diff --git a/plugins/dwarf/symbols.c b/plugins/dwarf/symbols.c new file mode 100644 index 0000000..3ddfb96 --- /dev/null +++ b/plugins/dwarf/symbols.c @@ -0,0 +1,316 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * symbols.c - gestion des symboles d'un DWARF + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "symbols.h" + + +#include "die.h" +#include "dwarf-int.h" +#include "form.h" +#include "../../core/params.h" +#include "../../mangling/demangler.h" + + + +/* Charge les informations d'une routine en tant que symbole. */ +static bool load_routine_as_symbol_from_dwarf(GDwarfFormat *, const dw_die *, const dw_abbrev *, bool); + +/* Charge les informations d'un objet en tant que symbole. */ +static bool load_object_as_symbol_from_dwarf(GDwarfFormat *, const dw_die *, const dw_abbrev *, bool); + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* die = entrée d'informations de débogage à utiliser. * +* abbrev = abréviation déjà chargée sur laquelle s'appuyer. * +* use_virt = oriente le choix de la distinction ultime. * +* * +* Description : Charge les informations d'une routine en tant que symbole. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool load_routine_as_symbol_from_dwarf(GDwarfFormat *format, const dw_die *die, const dw_abbrev *abbrev, bool use_virt) +{ + DwarfForm form; /* Type d'une valeur d'attribut*/ + const dw_form_value *value; /* Valeur concrète d'attribut */ + virt_t virt; /* Adresse virtuelle de départ */ + bool status; /* Bilan d'une récupération */ + virt_t len; /* Taille de la zone couverte */ + vmpa2t addr; /* Localisation complète */ + mrange_t range; /* Espace de couverture total */ + const char *name; /* Désignation humaine */ + char alt_name[6 + VMPA_MAX_LEN]; /* Nom abstrait de substitution*/ + GBinRoutine *routine; /* Nouvelle routine trouvée */ + GBinSymbol *symbol; /* Nouveau symbole construit */ + + /* Surface couverte */ + + value = dw_die_peek_extended_value(die, DW_AT_low_pc, &form); + if (value == NULL) goto lrasfd_bad_start; + + status = translate_form_into_address(value, form, &virt); + if (!status) goto lrasfd_bad_start; + + value = dw_die_peek_extended_value(die, DW_AT_high_pc, &form); + if (value == NULL) goto lrasfd_bad_start; + + status &= translate_form_into_address(value, form, &len); + if (!status) goto lrasfd_bad_start; + + if (!g_exe_format_translate_address_into_vmpa(G_DBG_FORMAT(format)->executable, virt, &addr)) + init_vmpa(&addr, VMPA_NO_PHYSICAL, virt); + + init_mrange(&range, &addr, len); + + /* Désignation humaine */ + + value = dw_die_peek_extended_value(die, DW_AT_name, &form); + if (value == NULL) goto lrasfd_bad_name; + + name = translate_form_into_string(value, form); + + if (name == NULL) + { + strcpy(alt_name, "func_"); + + if (use_virt) + vmpa2_virt_to_string(&addr, MDS_UNDEFINED, alt_name + 5, NULL); + else + vmpa2_phys_to_string(&addr, MDS_UNDEFINED, alt_name + 5, NULL); + + name = alt_name; + + } + + /* Intégration en bonne et due forme */ + + routine = g_binary_format_decode_routine(G_BIN_FORMAT(format), name); + symbol = G_BIN_SYMBOL(routine); + + g_binary_symbol_set_range(symbol, &range); + + g_binary_format_add_symbol(G_BIN_FORMAT(format), symbol); + + + + + printf(" --> [valid ?= %d] start @ 0x%08llx\n", status, virt); + printf(" --> [valid ?= %d] len = 0x%08llx\n", status, len); + printf(" --> [valid ?= %d] name = '%s'\n", status, name); + + + return true; + + lrasfd_bad_start: + lrasfd_bad_name: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* die = entrée d'informations de débogage à utiliser. * +* abbrev = abréviation déjà chargée sur laquelle s'appuyer. * +* use_virt = oriente le choix de la distinction ultime. * +* * +* Description : Charge les informations d'un objet en tant que symbole. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool load_object_as_symbol_from_dwarf(GDwarfFormat *format, const dw_die *die, const dw_abbrev *abbrev, bool use_virt) +{ + DwarfForm form; /* Type d'une valeur d'attribut*/ + const dw_form_value *value; /* Valeur concrète d'attribut */ + virt_t virt; /* Adresse virtuelle de départ */ + bool status; /* Bilan d'une récupération */ + virt_t len; /* Taille de la zone couverte */ + vmpa2t addr; /* Localisation complète */ + mrange_t range; /* Espace de couverture total */ + const char *name; /* Désignation humaine */ + char alt_name[5 + VMPA_MAX_LEN]; /* Nom abstrait de substitution*/ + GBinRoutine *routine; /* Nouvelle routine trouvée */ + GBinSymbol *symbol; /* Nouveau symbole construit */ + + /* Surface couverte */ + + + + + + + /* + value = dw_die_peek_extended_value(die, DW_AT_low_pc, &form); + if (value == NULL) goto lrasfd_bad_start; + + status = translate_form_into_address(value, form, &virt); + if (!status) goto lrasfd_bad_start; + + value = dw_die_peek_extended_value(die, DW_AT_high_pc, &form); + if (value == NULL) goto lrasfd_bad_start; + + status &= translate_form_into_address(value, form, &len); + if (!status) goto lrasfd_bad_start; + + if (!g_exe_format_translate_address_into_vmpa(G_DBG_FORMAT(format)->executable, virt, &addr)) + init_vmpa(&addr, VMPA_NO_PHYSICAL, virt); + + init_mrange(&range, &addr, len); + */ + + + + + + /* Désignation humaine */ + + value = dw_die_peek_extended_value(die, DW_AT_name, &form); + if (value == NULL) goto lrasfd_bad_name; + + name = translate_form_into_string(value, form); + + if (name == NULL) + { + strcpy(alt_name, "obj_"); + + if (use_virt) + vmpa2_virt_to_string(&addr, MDS_UNDEFINED, alt_name + 5, NULL); + else + vmpa2_phys_to_string(&addr, MDS_UNDEFINED, alt_name + 5, NULL); + + name = alt_name; + + } + + /* Intégration en bonne et due forme */ + + /* + routine = try_to_demangle_routine(name); + + g_binary_symbol_set_range(G_BIN_SYMBOL(routine), &range); + + symbol = g_binary_symbol_new(NULL, STP_OBJECT); + g_binary_symbol_attach_routine(symbol, routine); + + g_binary_format_add_symbol(G_BIN_FORMAT(format), symbol); + */ + + + + //printf(" --> [valid ?= %d] start @ 0x%08llx\n", status, virt); + //printf(" --> [valid ?= %d] len = 0x%08llx\n", status, len); + //printf(" --> [valid ?= %d] name = '%s'\n", status, name); + + + return true; + + lrasfd_bad_start: + lrasfd_bad_name: + + return false; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge en mémoire la liste humaine des symboles. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool load_dwarf_symbols(GDwarfFormat *format) +{ + bool result; /* Bilan à retourner */ + bool no_name; /* Choix de construction de nom*/ + + typedef struct _die_visit_info + { + GDwarfFormat *format; + bool use_virt; + + } die_visit_info; + + die_visit_info vinfo; /* Information pour visiteur */ + + + bool catch_dwarf_symbol(const dw_die *die, die_visit_info *info) + { + const dw_abbrev *abbrev; /* Lien vers la représentation */ + DwarfTag tag; /* Etiquette à analyser */ + bool status; /* Bilan d'un chargement */ + + abbrev = dw_die_get_abbrev(die); + tag = dwarf_abbreviation_get_tag(abbrev); + + switch (tag) + { + case DW_TAG_subprogram: + printf(" DIE ==> %p -> %p // tag = %x\n", die, abbrev, tag); + status = load_routine_as_symbol_from_dwarf(info->format, die, abbrev, info->use_virt); + break; + + case DW_TAG_variable: + printf(" DIE ==> %p -> %p // tag = %x\n", die, abbrev, tag); + status = load_object_as_symbol_from_dwarf(info->format, die, abbrev, info->use_virt); + break; + + default: + status = true; + break; + + } + + return status; + + } + + + if (!g_generic_config_get_value(get_main_configuration(), MPK_FORMAT_NO_NAME, &no_name)) + return false; + + vinfo.format = format; + vinfo.use_virt = no_name; + + result = dw_die_visit(format->info_die, (visit_dies_fc)catch_dwarf_symbol, &vinfo); + + return result; + +} diff --git a/plugins/dwarf/symbols.h b/plugins/dwarf/symbols.h new file mode 100644 index 0000000..128f00c --- /dev/null +++ b/plugins/dwarf/symbols.h @@ -0,0 +1,40 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * symbols.h - prototypes pour la gestion des symboles d'un DWARF + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_SYMBOLS_H +#define _FORMAT_DWARF_SYMBOLS_H + + +#include <stdbool.h> + + +#include "dwarf.h" + + + +/* Charge en mémoire la liste humaine des symboles. */ +bool load_dwarf_symbols(GDwarfFormat *); + + + +#endif /* _FORMAT_DWARF_SYMBOLS_H */ diff --git a/plugins/dwarf/utils.c b/plugins/dwarf/utils.c new file mode 100644 index 0000000..b767970 --- /dev/null +++ b/plugins/dwarf/utils.c @@ -0,0 +1,304 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * utils.h - prototypes pour les fonctions d'aisance vis à vis du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "utils.h" + + +#include <string.h> + + +#include "dwarf-int.h" + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur au format LEB128 lue. [OUT] * +* update = indique si la position est à mettre à jour. * +* * +* Description : Lit une valeur Little Endian Base 128 signée. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : En cas d'échec, la tête de lecture est indéterminée. * +* * +******************************************************************************/ + +bool read_leb128(dwarf_format *format, off_t *pos, int64_t *value, bool update) +{ + off_t curpos; /* Tête de lecture effective */ + int shift; /* Décalage à appliquer */ + off_t i; /* Boucle de parcours */ + + curpos = *pos; + shift = 0; + *value = 0; + + for (i = 0; i < 8; i++) + { + /* On évite les débordements... */ + if (curpos >= DBG_FORMAT(format)->length) return false; + + *value |= (DBG_FORMAT(format)->content[curpos] & 0x7f) << shift; + + shift += 7; + curpos++; + + if ((DBG_FORMAT(format)->content[*pos + i] & 0x80) == 0x00) break; + + } + + if ((shift < 64) && (DBG_FORMAT(format)->content[curpos - 1] & 0x40) == 0x40) + *value |= - (1 << shift); + + if (update) *pos = curpos; + + return (i < 8); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur au format LEB128 lue. [OUT] * +* update = indique si la position est à mettre à jour. * +* * +* Description : Lit une valeur Little Endian Base 128 non signée. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : En cas d'échec, la tête de lecture est indéterminée. * +* * +******************************************************************************/ + +bool read_uleb128(dwarf_format *format, off_t *pos, uint64_t *value, bool update) +{ + off_t curpos; /* Tête de lecture effective */ + int shift; /* Décalage à appliquer */ + off_t i; /* Boucle de parcours */ + + curpos = *pos; + shift = 0; + *value = 0; + + for (i = 0; i < 8; i++) + { + /* On évite les débordements... */ + if (curpos >= DBG_FORMAT(format)->length) return false; + + *value |= (DBG_FORMAT(format)->content[curpos] & 0x7f) << shift; + + shift += 7; + curpos++; + + if ((DBG_FORMAT(format)->content[*pos + i] & 0x80) == 0x00) break; + + } + + if (update) *pos = curpos; + + return (i < 8); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur entière lue. [OUT] * +* * +* Description : Lit une valeur représentant une longueur d'unité. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : Un peu sale : la sortie est signée et dépend du système, * +* alors que la valeur est non signée et dépend de la cible. * +* * +******************************************************************************/ + +bool read_unit_length(dwarf_format *format, off_t *pos, off_t *value) +{ + bool result; /* Bilan à retourner */ + uint32_t val32; /* Entier sur 4 octets */ + uint64_t val64; /* Entier sur 8 octets */ + + /* FIXME : Endian... */ + + if (format->format == DWF_32_BITS) + { + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + + if (result) + { + memcpy(&val32, &DBG_FORMAT(format)->content[*pos], 4); + (*pos) += 4; + + *value = val32; + + } + + } + else + { + result = ((*pos + 4 + 8) <= DBG_FORMAT(format)->length); + + if (result) + { + memcpy(&val64, &DBG_FORMAT(format)->content[*pos + 4], 8); + (*pos) += 4 + 8; + + *value = val64; + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur entière non signée lue. [OUT] * +* * +* Description : Lit une valeur non signée sur deux octets. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_uhalf(dwarf_format *format, off_t *pos, uint16_t *value) +{ + bool result; /* Bilan à retourner */ + + /* FIXME : Endian... */ + + result = ((*pos + 2) <= DBG_FORMAT(format)->length); + + if (result) + { + memcpy(value, &DBG_FORMAT(format)->content[*pos], 2); + (*pos) += 2; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur entière lue. [OUT] * +* * +* Description : Lit une valeur indiquant une position dans les abréviations. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : Un peu sale : la sortie est signée et dépend du système, * +* alors que la valeur est non signée et dépend de la cible. * +* * +******************************************************************************/ + +bool read_abbrev_offset(dwarf_format *format, off_t *pos, off_t *value) +{ + bool result; /* Bilan à retourner */ + uint32_t val32; /* Entier sur 4 octets */ + uint64_t val64; /* Entier sur 8 octets */ + + /* FIXME : Endian... */ + + if (format->format == DWF_32_BITS) + { + result = ((*pos + 4) <= DBG_FORMAT(format)->length); + + if (result) + { + memcpy(&val32, &DBG_FORMAT(format)->content[*pos], 4); + (*pos) += 4; + + *value = val32; + + } + + } + else + { + result = ((*pos + 8) <= DBG_FORMAT(format)->length); + + if (result) + { + memcpy(&val64, &DBG_FORMAT(format)->content[*pos], 8); + (*pos) += 8; + + *value = val64; + + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* pos = tête de lecture à mettre à jour. [OUT] * +* value = valeur entière non signée lue. [OUT] * +* * +* Description : Lit une valeur indiquant la taille des adresses mémoire. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_address_size(dwarf_format *format, off_t *pos, uint8_t *value) +{ + bool result; /* Bilan à retourner */ + + result = ((*pos + 1) <= DBG_FORMAT(format)->length); + + if (result) + { + *value = DBG_FORMAT(format)->content[*pos]; + (*pos)++; + } + + return result; + +} diff --git a/plugins/dwarf/utils.h b/plugins/dwarf/utils.h new file mode 100644 index 0000000..6727082 --- /dev/null +++ b/plugins/dwarf/utils.h @@ -0,0 +1,56 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * utils.h - prototypes pour les fonctions d'aisance vis à vis du format DWARF + * + * Copyright (C) 2008-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_UTILS_H +#define _FORMAT_DWARF_UTILS_H + + +#include <stdbool.h> +#include <stdint.h> + + +#include "d_dwarf.h" + + + +/* Lit une valeur Little Endian Base 128 signée. */ +bool read_leb128(dwarf_format *, off_t *, int64_t *, bool); + +/* Lit une valeur Little Endian Base 128 non signée. */ +bool read_uleb128(dwarf_format *, off_t *, uint64_t *, bool); + +/* Lit une valeur représentant une longueur d'unité. */ +bool read_unit_length(dwarf_format *, off_t *, off_t *); + +/* Lit une valeur non signée sur deux octets. */ +bool read_uhalf(dwarf_format *, off_t *, uint16_t *); + +/* Lit une valeur indiquant une position dans les abréviations. */ +bool read_abbrev_offset(dwarf_format *, off_t *, off_t *); + +/* Lit une valeur indiquant la taille des adresses mémoire. */ +bool read_address_size(dwarf_format *, off_t *, uint8_t *); + + + +#endif /* _FORMAT_DWARF_UTILS_H */ diff --git a/plugins/dwarf/v2/Makefile.am b/plugins/dwarf/v2/Makefile.am new file mode 100644 index 0000000..d1fc563 --- /dev/null +++ b/plugins/dwarf/v2/Makefile.am @@ -0,0 +1,18 @@ + +noinst_LTLIBRARIES = libformatdwarfv2.la + +libformatdwarfv2_la_SOURCES = \ + dwarf.h dwarf.c \ + form.h form.c + +libformatdwarfv2_la_LDFLAGS = $(LIBGTK_LIBS) + + +devdir = $(includedir)/chrysalide/$(subdir:src/%=%) + +dev_HEADERS = $(libformatdwarfv2_la_SOURCES:%c=) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/v2/dwarf.c b/plugins/dwarf/v2/dwarf.c new file mode 100644 index 0000000..8f794bf --- /dev/null +++ b/plugins/dwarf/v2/dwarf.c @@ -0,0 +1,180 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.c - support du format DWARF v2 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dwarf.h" + + +#include "../dwarf-int.h" + + +#include "form.h" + + + +/* Format de débogage DWARF v2 (instance) */ +struct _GDwarfV2Format +{ + GDwarfFormat parent; /* A laisser en premier */ + +}; + +/* Format de débogage DWARF v2 (classe) */ +struct _GDwarfV2FormatClass +{ + GDwarfFormatClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des formats de débogage DWARF v2. */ +static void g_dwarfv2_format_class_init(GDwarfV2FormatClass *); + +/* Initialise une instance de format de débogage DWARF v2. */ +static void g_dwarfv2_format_init(GDwarfV2Format *); + +/* Supprime toutes les références externes. */ +static void g_dwarfv2_format_dispose(GDwarfV2Format *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dwarfv2_format_finalize(GDwarfV2Format *); + + + +/* Indique le type défini pour un format de débogage DWARF v2. */ +G_DEFINE_TYPE(GDwarfV2Format, g_dwarfv2_format, G_TYPE_DWARF_FORMAT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des formats de débogage DWARF v2. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv2_format_class_init(GDwarfV2FormatClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GDwarfFormatClass *dwarf; /* Version parente de la classe*/ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv2_format_dispose; + object->finalize = (GObjectFinalizeFunc)g_dwarfv2_format_finalize; + + dwarf = G_DWARF_FORMAT_CLASS(klass); + + dwarf->read_form = (read_form_value_fc)read_dwarf_v2_form_value; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance à initialiser. * +* * +* Description : Initialise une instance de format de débogage DWARF v2. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv2_format_init(GDwarfV2Format *format) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv2_format_dispose(GDwarfV2Format *format) +{ + G_OBJECT_CLASS(g_dwarfv2_format_parent_class)->dispose(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv2_format_finalize(GDwarfV2Format *format) +{ + G_OBJECT_CLASS(g_dwarfv2_format_parent_class)->finalize(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * + status = barre de statut à tenir informée. * +* * +* Description : Prend en charge un nouveau format DWARF (v2). * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinFormat *g_dwarfv2_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) +{ + GDwarfV2Format *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DWARFV2_FORMAT, NULL); + + + + g_binary_format_set_content(G_BIN_FORMAT(result), content); + + + + return G_BIN_FORMAT(result); + +} diff --git a/plugins/dwarf/v2/dwarf.h b/plugins/dwarf/v2/dwarf.h new file mode 100644 index 0000000..f3b3501 --- /dev/null +++ b/plugins/dwarf/v2/dwarf.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.h - prototypes pour le support du format DWARF v2 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_V2_DWARF_H +#define _FORMAT_DWARF_V2_DWARF_H + + +#include <glib-object.h> + + +#include "../../../core/formats.h" + + + +#define G_TYPE_DWARFV2_FORMAT g_dwarfv2_format_get_type() +#define G_DWARFV2_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv2_format_get_type(), GDwarfV2Format)) +#define G_IS_DWARFV2_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv2_format_get_type())) +#define G_DWARFV2_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV2_FORMAT, GDwarfV2FormatClass)) +#define G_IS_DWARFV2_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV2_FORMAT)) +#define G_DWARFV2_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV2_FORMAT, GDwarfV2FormatClass)) + + +/* Format de débogage DWARF v2 (instance) */ +typedef struct _GDwarfV2Format GDwarfV2Format; + +/* Format de débogage DWARF v2 (classe) */ +typedef struct _GDwarfV2FormatClass GDwarfV2FormatClass; + + +/* Indique le type défini pour un format de débogage DWARF v2. */ +GType g_dwarfv2_format_get_type(void); + +/* Prend en charge un nouveau format DWARF (v2). */ +GBinFormat *g_dwarfv2_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); + + + +#endif /* _FORMAT_DWARF_V2_DWARF_H */ diff --git a/plugins/dwarf/v2/form.c b/plugins/dwarf/v2/form.c new file mode 100644 index 0000000..7e012b7 --- /dev/null +++ b/plugins/dwarf/v2/form.c @@ -0,0 +1,276 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.c - chargement en mémoire des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "form.h" + + +#include "../dwarf-int.h" + + + +/****************************************************************************** +* * +* Paramètres : format = contenu binaire de débogage à parcourir. * +* cu = unité de compilation parente. * +* form = nature de la valeur à lire. * +* pos = tête de lecture au sein des données. [OUT] * +* value = valeur au format donné lue. [OUT] * +* * +* Description : Lit la valeur correspondant à un type donné. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_v2_form_value(const GDwarfFormat *format, const dw_compil_unit_header *cu, DwarfForm form, vmpa2t *pos, dw_v2_form_value *value) +{ + bool result; /* Bilan de lecture à renvoyer */ + GBinContent *content; /* Contenu binaire à parcourir */ + SourceEndian endian; /* Boutisme des enregistrements*/ + GExeFormat *exe; /* Format d'exécutable rattaché*/ + const bin_t *tmp; /* Données quelconques */ + uint8_t tmp8; /* Données sur 8 bits */ + uint16_t tmp16; /* Données sur 16 bits */ + uint32_t tmp32; /* Données sur 32 bits */ + uint64_t tmp64; /* Données sur 64 bits */ + uleb128_t tmpuleb; /* Données sur xxx bits */ + phys_t offset; /* Décalage à appliquer */ + mrange_t range; /* Couverture d'une section */ + vmpa2t iter; /* Point de lecture parallèle */ + + content = G_BIN_FORMAT(format)->content; + endian = g_binary_format_get_endianness(G_BIN_FORMAT(format)); + exe = G_DBG_FORMAT(format)->executable; + + switch (form) + { + case DW_FORM_addr: + + switch (cu->address_size) + { + case 2: + result = g_binary_content_read_u16(content, pos, endian, &tmp16); + if (result) value->address = tmp16; + break; + case 4: + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + if (result) value->address = tmp32; + break; + case 8: + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + if (result) value->address = tmp64; + break; + default: + result = false; + break; + } + break; + + case DW_FORM_block2: + result = g_binary_content_read_u16(content, pos, endian, &tmp16); + if (result) + { + value->block.size = tmp16; + goto block_finish; + } + break; + + case DW_FORM_block4: + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + if (result) + { + value->block.size = tmp32; + goto block_finish; + } + break; + + case DW_FORM_data2: + result = g_binary_content_read_u16(content, pos, endian, &value->data2); + break; + + case DW_FORM_data4: + result = g_binary_content_read_u32(content, pos, endian, &value->data4); + break; + + case DW_FORM_data8: + result = g_binary_content_read_u64(content, pos, endian, &value->data8); + break; + + case DW_FORM_string: + + tmp = g_binary_content_get_raw_access(content, pos, 1); + result = (tmp != NULL); + + if (result) + { + value->string = (const char *)tmp; + + while (result && *tmp != '\0') + { + tmp = g_binary_content_get_raw_access(content, pos, 1); + result = (tmp != NULL); + } + + } + + break; + + case DW_FORM_block: + + tmpuleb = 0; /* Pour GCC */ + + result = g_binary_content_read_uleb128(content, pos, &tmpuleb); + if (!result) break; + + value->block.size = tmpuleb; + + block_finish: + + value->block.start = g_binary_content_get_raw_access(content, pos, value->block.size); + + result = (value->block.start != NULL); + break; + + case DW_FORM_block1: + result = g_binary_content_read_u8(content, pos, &tmp8); + if (result) + { + value->block.size = tmp8; + goto block_finish; + } + break; + + case DW_FORM_data1: + result = g_binary_content_read_u8(content, pos, &value->data1); + break; + + case DW_FORM_flag: + result = g_binary_content_read_u8(content, pos, &value->flag); + break; + + case DW_FORM_sdata: + result = g_binary_content_read_leb128(content, pos, &value->sdata); + break; + + case DW_FORM_strp: + + /* Définition des positions */ + + if (cu->is_32b) + { + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + offset = tmp32; + } + else + { + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + offset = tmp64; + } + + /* Lecture dans la section adaptée */ + + if (result) + result = g_exe_format_get_section_range_by_name(exe, ".debug_str", &range); + + if (result) + { + copy_vmpa(&iter, get_mrange_addr(&range)); + + result = g_binary_content_seek(content, &iter, offset); + + if (!result) + break; + + tmp = g_binary_content_get_raw_access(content, &iter, 1); + result = (tmp != NULL); + + if (result) + { + value->string = (const char *)tmp; + + while (result && *tmp != '\0') + { + tmp = g_binary_content_get_raw_access(content, &iter, 1); + result = (tmp != NULL); + } + + } + + } + + break; + + case DW_FORM_udata: + result = g_binary_content_read_uleb128(content, pos, &value->udata); + break; + + + + + + + + + + + + case DW_FORM_ref1: + result = g_binary_content_read_u8(content, pos, &value->ref1); + break; + + case DW_FORM_ref2: + result = g_binary_content_read_u16(content, pos, endian, &value->ref2); + break; + + case DW_FORM_ref4: + result = g_binary_content_read_u32(content, pos, endian, &value->ref4); + break; + + case DW_FORM_ref8: + result = g_binary_content_read_u64(content, pos, endian, &value->ref8); + break; + + case DW_FORM_ref_udata: + result = g_binary_content_read_uleb128(content, pos, &value->ref_udata); + break; + + + + + + + + + + + default: + result = false; + break; + + } + + return result; + +} diff --git a/plugins/dwarf/v2/form.h b/plugins/dwarf/v2/form.h new file mode 100644 index 0000000..a124e67 --- /dev/null +++ b/plugins/dwarf/v2/form.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.h - prototypes pour le chargement en mémoire des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_V2_FORM_H +#define _FORMAT_DWARF_V2_FORM_H + + +#include "../dwarf.h" +#include "../dwarf_def.h" +#include "../../../analysis/content.h" + + + +/* Lit la valeur correspondant à un type donné. */ +bool read_dwarf_v2_form_value(const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_v2_form_value *); + + + +#endif /* _FORMAT_DWARF_V2_FORM_H */ diff --git a/plugins/dwarf/v3/Makefile.am b/plugins/dwarf/v3/Makefile.am new file mode 100644 index 0000000..f6c12c3 --- /dev/null +++ b/plugins/dwarf/v3/Makefile.am @@ -0,0 +1,17 @@ + +noinst_LTLIBRARIES = libformatdwarfv3.la + +libformatdwarfv3_la_SOURCES = \ + dwarf.h dwarf.c + +libformatdwarfv3_la_LDFLAGS = $(LIBGTK_LIBS) + + +devdir = $(includedir)/chrysalide/$(subdir:src/%=%) + +dev_HEADERS = $(libformatdwarfv3_la_SOURCES:%c=) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/v3/dwarf.c b/plugins/dwarf/v3/dwarf.c new file mode 100644 index 0000000..942c289 --- /dev/null +++ b/plugins/dwarf/v3/dwarf.c @@ -0,0 +1,172 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.c - support du format DWARF v3 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dwarf.h" + + +#include "../dwarf-int.h" + + + +/* Format de débogage DWARF v3 (instance) */ +struct _GDwarfV3Format +{ + GDwarfFormat parent; /* A laisser en premier */ + +}; + +/* Format de débogage DWARF v3 (classe) */ +struct _GDwarfV3FormatClass +{ + GDwarfFormatClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des formats de débogage DWARF v3. */ +static void g_dwarfv3_format_class_init(GDwarfV3FormatClass *); + +/* Initialise une instance de format de débogage DWARF v3. */ +static void g_dwarfv3_format_init(GDwarfV3Format *); + +/* Supprime toutes les références externes. */ +static void g_dwarfv3_format_dispose(GDwarfV3Format *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dwarfv3_format_finalize(GDwarfV3Format *); + + + +/* Indique le type défini pour un format de débogage DWARF v3. */ +G_DEFINE_TYPE(GDwarfV3Format, g_dwarfv3_format, G_TYPE_DWARF_FORMAT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des formats de débogage DWARF v3. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv3_format_class_init(GDwarfV3FormatClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv3_format_dispose; + object->finalize = (GObjectFinalizeFunc)g_dwarfv3_format_finalize; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance à initialiser. * +* * +* Description : Initialise une instance de format de débogage DWARF v3. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv3_format_init(GDwarfV3Format *format) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv3_format_dispose(GDwarfV3Format *format) +{ + G_OBJECT_CLASS(g_dwarfv3_format_parent_class)->dispose(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv3_format_finalize(GDwarfV3Format *format) +{ + G_OBJECT_CLASS(g_dwarfv3_format_parent_class)->finalize(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * + status = barre de statut à tenir informée. * +* * +* Description : Prend en charge un nouveau format DWARF (v3). * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinFormat *g_dwarfv3_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) +{ + GDwarfV3Format *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DWARFV3_FORMAT, NULL); + + + + g_binary_format_set_content(G_BIN_FORMAT(result), content); + + + + return G_BIN_FORMAT(result); + +} diff --git a/plugins/dwarf/v3/dwarf.h b/plugins/dwarf/v3/dwarf.h new file mode 100644 index 0000000..5042b89 --- /dev/null +++ b/plugins/dwarf/v3/dwarf.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.h - prototypes pour le support du format DWARF v3 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_V3_DWARF_H +#define _FORMAT_DWARF_V3_DWARF_H + + +#include <glib-object.h> + + +#include "../../../core/formats.h" + + + +#define G_TYPE_DWARFV3_FORMAT g_dwarfv3_format_get_type() +#define G_DWARFV3_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv3_format_get_type(), GDwarfV3Format)) +#define G_IS_DWARFV3_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv3_format_get_type())) +#define G_DWARFV3_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV3_FORMAT, GDwarfV3FormatClass)) +#define G_IS_DWARFV3_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV3_FORMAT)) +#define G_DWARFV3_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV3_FORMAT, GDwarfV3FormatClass)) + + +/* Format de débogage DWARF v3 (instance) */ +typedef struct _GDwarfV3Format GDwarfV3Format; + +/* Format de débogage DWARF v3 (classe) */ +typedef struct _GDwarfV3FormatClass GDwarfV3FormatClass; + + +/* Indique le type défini pour un format de débogage DWARF v3. */ +GType g_dwarfv3_format_get_type(void); + +/* Prend en charge un nouveau format DWARF (v3). */ +GBinFormat *g_dwarfv3_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); + + + +#endif /* _FORMAT_DWARF_V3_DWARF_H */ diff --git a/plugins/dwarf/v4/Makefile.am b/plugins/dwarf/v4/Makefile.am new file mode 100644 index 0000000..ca77923 --- /dev/null +++ b/plugins/dwarf/v4/Makefile.am @@ -0,0 +1,18 @@ + +noinst_LTLIBRARIES = libformatdwarfv4.la + +libformatdwarfv4_la_SOURCES = \ + dwarf.h dwarf.c \ + form.h form.c + +libformatdwarfv4_la_LDFLAGS = $(LIBGTK_LIBS) + + +devdir = $(includedir)/chrysalide/$(subdir:src/%=%) + +dev_HEADERS = $(libformatdwarfv4_la_SOURCES:%c=) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/v4/dwarf.c b/plugins/dwarf/v4/dwarf.c new file mode 100644 index 0000000..a220aff --- /dev/null +++ b/plugins/dwarf/v4/dwarf.c @@ -0,0 +1,182 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.c - support du format DWARF v4 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "dwarf.h" + + +#include "../dwarf-int.h" + + +#include "form.h" + + + +/* Format de débogage DWARF v4 (instance) */ +struct _GDwarfV4Format +{ + GDwarfFormat parent; /* A laisser en premier */ + +}; + +/* Format de débogage DWARF v4 (classe) */ +struct _GDwarfV4FormatClass +{ + GDwarfFormatClass parent; /* A laisser en premier */ + +}; + + +/* Initialise la classe des formats de débogage DWARF v4. */ +static void g_dwarfv4_format_class_init(GDwarfV4FormatClass *); + +/* Initialise une instance de format de débogage DWARF v4. */ +static void g_dwarfv4_format_init(GDwarfV4Format *); + +/* Supprime toutes les références externes. */ +static void g_dwarfv4_format_dispose(GDwarfV4Format *); + +/* Procède à la libération totale de la mémoire. */ +static void g_dwarfv4_format_finalize(GDwarfV4Format *); + + + +/* Indique le type défini pour un format de débogage DWARF v4. */ +G_DEFINE_TYPE(GDwarfV4Format, g_dwarfv4_format, G_TYPE_DWARF_FORMAT); + + +/****************************************************************************** +* * +* Paramètres : klass = classe à initialiser. * +* * +* Description : Initialise la classe des formats de débogage DWARF v4. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv4_format_class_init(GDwarfV4FormatClass *klass) +{ + GObjectClass *object; /* Autre version de la classe */ + GDwarfFormatClass *dwarf; /* Version parente de la classe*/ + + object = G_OBJECT_CLASS(klass); + + object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv4_format_dispose; + object->finalize = (GObjectFinalizeFunc)g_dwarfv4_format_finalize; + + dwarf = G_DWARF_FORMAT_CLASS(klass); + + dwarf->read_form = (read_form_value_fc)read_dwarf_v4_form_value; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance à initialiser. * +* * +* Description : Initialise une instance de format de débogage DWARF v4. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv4_format_init(GDwarfV4Format *format) +{ + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Supprime toutes les références externes. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv4_format_dispose(GDwarfV4Format *format) +{ + G_OBJECT_CLASS(g_dwarfv4_format_parent_class)->dispose(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance d'objet GLib à traiter. * +* * +* Description : Procède à la libération totale de la mémoire. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void g_dwarfv4_format_finalize(GDwarfV4Format *format) +{ + G_OBJECT_CLASS(g_dwarfv4_format_parent_class)->finalize(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : content = contenu binaire à parcourir. * +* parent = éventuel format exécutable déjà chargé. * + status = barre de statut à tenir informée. * +* * +* Description : Prend en charge un nouveau format DWARF (v4). * +* * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* * +* Remarques : - * +* * +******************************************************************************/ + +GBinFormat *g_dwarfv4_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) +{ + GDwarfV4Format *result; /* Structure à retourner */ + + result = g_object_new(G_TYPE_DWARFV4_FORMAT, NULL); + + g_binary_format_set_content(G_BIN_FORMAT(result), content); + + if (!g_dwarf_format_load(G_DWARF_FORMAT(result), parent)) + { + g_object_unref(G_OBJECT(result)); + result = NULL; + } + + return G_BIN_FORMAT(result); + +} diff --git a/plugins/dwarf/v4/dwarf.h b/plugins/dwarf/v4/dwarf.h new file mode 100644 index 0000000..89135e3 --- /dev/null +++ b/plugins/dwarf/v4/dwarf.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf.h - prototypes pour le support du format DWARF v4 + * + * Copyright (C) 2015-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_V4_DWARF_H +#define _FORMAT_DWARF_V4_DWARF_H + + +#include <glib-object.h> + + +#include "../../../core/formats.h" + + + +#define G_TYPE_DWARFV4_FORMAT g_dwarfv4_format_get_type() +#define G_DWARFV4_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv4_format_get_type(), GDwarfV4Format)) +#define G_IS_DWARFV4_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv4_format_get_type())) +#define G_DWARFV4_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV4_FORMAT, GDwarfV4FormatClass)) +#define G_IS_DWARFV4_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV4_FORMAT)) +#define G_DWARFV4_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV4_FORMAT, GDwarfV4FormatClass)) + + +/* Format de débogage DWARF v4 (instance) */ +typedef struct _GDwarfV4Format GDwarfV4Format; + +/* Format de débogage DWARF v4 (classe) */ +typedef struct _GDwarfV4FormatClass GDwarfV4FormatClass; + + +/* Indique le type défini pour un format de débogage DWARF v4. */ +GType g_dwarfv4_format_get_type(void); + +/* Prend en charge un nouveau format DWARF (v4). */ +GBinFormat *g_dwarfv4_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); + + + +#endif /* _FORMAT_DWARF_V4_DWARF_H */ diff --git a/plugins/dwarf/v4/form.c b/plugins/dwarf/v4/form.c new file mode 100644 index 0000000..80dbf1e --- /dev/null +++ b/plugins/dwarf/v4/form.c @@ -0,0 +1,106 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.c - chargement en mémoire des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "form.h" + + +#include "../dwarf-int.h" +#include "../v2/form.h" + + + +/****************************************************************************** +* * +* Paramètres : format = contenu binaire de débogage à parcourir. * +* cu = unité de compilation parente. * +* form = nature de la valeur à lire. * +* pos = tête de lecture au sein des données. [OUT] * +* value = valeur au format donné lue. [OUT] * +* * +* Description : Lit la valeur correspondant à un type donné. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_v4_form_value(const GDwarfFormat *format, const dw_compil_unit_header *cu, DwarfForm form, vmpa2t *pos, dw_v4_form_value *value) +{ + bool result; /* Bilan de lecture à renvoyer */ + GBinContent *content; /* Contenu binaire à parcourir */ + SourceEndian endian; /* Boutisme des enregistrements*/ + uint32_t tmp32; /* Données sur 32 bits */ + uint64_t tmp64; /* Données sur 64 bits */ + uleb128_t tmpuleb; /* Données sur xxx bits */ + + content = G_BIN_FORMAT(format)->content; + endian = g_binary_format_get_endianness(G_BIN_FORMAT(format)); + + switch (form) + { + case DW_FORM_sec_offset: + + if (cu->is_32b) + { + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + tmp64 = tmp32; + } + else + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + + value->sec_offset = tmp64; + break; + + case DW_FORM_exprloc: + + tmpuleb = 0; /* Pour GCC */ + + result = g_binary_content_read_uleb128(content, pos, &tmpuleb); + if (!result) break; + + value->expr.size = tmpuleb; + + value->expr.start = g_binary_content_get_raw_access(content, pos, value->expr.size); + result = (value->expr.start != NULL); + + break; + + case DW_FORM_flag_present: + result = true; + value->has_flag = true; + break; + + case DW_FORM_ref_sig8: + result = g_binary_content_read_u64(content, pos, endian, &value->signature); + break; + + default: + result = read_dwarf_v2_form_value(format, cu, form, pos, &value->v2); + break; + + } + + return result; + +} diff --git a/plugins/dwarf/v4/form.h b/plugins/dwarf/v4/form.h new file mode 100644 index 0000000..053b693 --- /dev/null +++ b/plugins/dwarf/v4/form.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * form.h - prototypes pour le chargement en mémoire des valeurs d'attributs + * + * Copyright (C) 2016-2017 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _FORMAT_DWARF_V4_FORM_H +#define _FORMAT_DWARF_V4_FORM_H + + +#include "../dwarf.h" +#include "../dwarf_def.h" +#include "../../../analysis/content.h" + + + +/* Lit la valeur correspondant à un type donné. */ +bool read_dwarf_v4_form_value(const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_v4_form_value *); + + + +#endif /* _FORMAT_DWARF_V4_FORM_H */ |