diff options
Diffstat (limited to 'plugins')
39 files changed, 1994 insertions, 4818 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 6b0c295..e47a5fb 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -4,4 +4,4 @@ if HAVE_PYTHON3_CONFIG endif # androhelpers -SUBDIRS = $(PYTHON3_SUBDIRS) arm dex dalvik devdbg dexbnf elf fmtp itanium libcsem lnxsyscalls mobicore readdex readelf readmc ropgadgets +SUBDIRS = $(PYTHON3_SUBDIRS) arm dex dalvik devdbg dexbnf dwarf elf fmtp itanium libcsem lnxsyscalls mobicore readdex readelf readmc ropgadgets diff --git a/plugins/dwarf/Makefile.am b/plugins/dwarf/Makefile.am index 3020643..7ef847d 100644 --- a/plugins/dwarf/Makefile.am +++ b/plugins/dwarf/Makefile.am @@ -1,38 +1,46 @@ -noinst_LTLIBRARIES = libformatdwarf.la +lib_LTLIBRARIES = libdwarf.la -libformatdwarf_la_SOURCES = \ +libdir = $(pluginslibdir) + + +libdwarf_la_SOURCES = \ abbrev.h abbrev.c \ + checks.h checks.c \ + core.h core.c \ + def.h \ die.h die.c \ - dwarf.h dwarf.c \ - dwarf-int.h dwarf-int.c \ - dwarf_def.h \ form.h form.c \ + format.h format.c \ info.h info.c \ - symbols.h symbols.c + utils.h utils.c + -# libformatdwarf_la_SOURCES = \ +# libdwarf_la_SOURCES = \ # abbrev.h abbrev.c \ +# die.h die.c \ # dwarf.h dwarf.c \ -# d_dwarf.h d_dwarf.c \ +# dwarf-int.h dwarf-int.c \ # dwarf_def.h \ +# form.h form.c \ # info.h info.c \ -# utils.h utils.c +# symbols.h symbols.c -libformatdwarf_la_LIBADD = \ - v2/libformatdwarfv2.la \ - v3/libformatdwarfv3.la \ - v4/libformatdwarfv4.la +libdwarf_la_LIBADD = \ + v2/libdwarfv2.la \ + v3/libdwarfv3.la \ + v4/libdwarfv4.la -libformatdwarf_la_LDFLAGS = $(LIBGTK_LIBS) +libdwarf_la_LDFLAGS = \ + -L$(top_srcdir)/src/.libs -lchrysacore -devdir = $(includedir)/chrysalide/$(subdir:src/%=%) +devdir = $(includedir)/chrysalide-$(subdir) -dev_HEADERS = $(libformatdwarf_la_SOURCES:%c=) +dev_HEADERS = $(libdwarf_la_SOURCES:%c=) -AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/abbrev.c b/plugins/dwarf/abbrev.c index f214430..e755acf 100644 --- a/plugins/dwarf/abbrev.c +++ b/plugins/dwarf/abbrev.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * abbrev.c - manipulation des abréviation DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,13 +24,16 @@ #include "abbrev.h" -#include <malloc.h> +#include <analysis/contents/restricted.h> -#include "dwarf-int.h" +#include "checks.h" +#include "format-int.h" +#include "utils.h" +/* ----------------------- TRAITEMENT D'ABREVIATION A L'UNITE ----------------------- */ /* Description d'un attribut d'une abréviation */ @@ -41,78 +44,59 @@ typedef struct _dw_abbrev_attr } dw_abbrev_attr; - /* Description d'une abréviation */ struct _dw_abbrev { uleb128_t code; /* Identifiant attribué */ DwarfTag tag; /* Sujet de l'élément */ - dw_abbrev_attr *attribs; /* Liste des attributs */ - size_t attribs_count; /* Nombre de ces attributs */ + bool has_children; /* Présence de sous-éléments ? */ - struct _dw_abbrev **children; /* Liste des sous-éléments */ - size_t children_count; /* Nombre de ces enfants */ + dw_abbrev_attr *attribs; /* Liste des attributs */ + size_t count; /* Nombre de ces attributs */ }; +/* Charge une abréviation valide pour un DWARF en mémoire. */ +static bool load_dwarf_abbreviation(GDwarfFormat *, const dw_compil_unit_header *, GBinContent *, vmpa2t *, dw_abbrev **); - +/* Supprime de la mémoire toute trace d'une abréviation DWARF. */ +static void free_dwarf_abbrev(dw_abbrev *); /* Procède à la conversion de base d'une abréviation DWARF. */ -static bool check_abbreviation_decl(const GDwarfFormat *, const dw_abbrev_decl *, dw_abbrev *); +static bool conv_abbrev_decl(GDwarfFormat *, const dw_compil_unit_header *, const dw_abbrev_decl *, dw_abbrev *, const vmpa2t *); /* Procède à la conversion d'un attribut d'abréviation DWARF. */ -static bool check_abbreviation_attrib(const GDwarfFormat *, const dw_abbrev_raw_attr *, dw_abbrev_attr *); +static bool conv_abbrev_attrib(GDwarfFormat *, const dw_compil_unit_header *, const dw_abbrev_raw_attr *, dw_abbrev_attr *, const vmpa2t *); +/* ----------------------- TRAITEMENT D'ABREVIATIONS PAR LOTS ----------------------- */ -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à constituer. * -* * -* Description : Charge toutes les abbréviations présentes dans un DWARF. * -* * -* Retour : Bilan de l'opération, potentiellement un succès sans sortie. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool load_all_dwarf_abbreviations(GDwarfFormat *format) +/* Brochette d'abréviations */ +struct _dw_abbrev_brotherhood { - bool result; /* Bilan à faire remonter */ - mrange_t range; /* Couverture d'une section */ - vmpa2t *pos; /* Position de tête de lecture */ + dw_abbrev **abbrevs; /* Liste des sous-éléments */ + size_t count; /* Nombre de ces éléments */ - result = g_exe_format_get_section_range_by_name(G_DBG_FORMAT(format)->executable, ".debug_abbrev", &range); - - pos = get_mrange_addr(&range); - - printf("start :: 0x%08x\n", (unsigned int)pos->physical); - - result &= load_dwarf_abbreviation(format, pos, &format->abbreviations); - - printf("abbrevs :: %p\n", format->abbreviations); +}; - if (format->abbreviations != NULL) - printf(" -> children : %zu\n", format->abbreviations->children_count); - else - printf(" -> (nothing)\n"); - return result; -} +/* ---------------------------------------------------------------------------------- */ +/* TRAITEMENT D'ABREVIATION A L'UNITE */ +/* ---------------------------------------------------------------------------------- */ /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à faire évoluer. * -* abbrev = abréviation lue et complète, NULL si aucune. [OUT] * +* Paramètres : format = informations de débogage à consulter. * +* cu = unité de compilation parente. * +* content = contenu binaire borné à parcourir. * +* pos = tête de lecture à faire évoluer. [OUT] * +* abbrev = abréviation lue et complète, NULL si aucune. [OUT] * * * * Description : Charge une abréviation valide pour un DWARF en mémoire. * * * @@ -122,14 +106,15 @@ bool load_all_dwarf_abbreviations(GDwarfFormat *format) * * ******************************************************************************/ -bool load_dwarf_abbreviation(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev **abbrev) +static bool load_dwarf_abbreviation(GDwarfFormat *format, const dw_compil_unit_header *cu, GBinContent *content, vmpa2t *pos, dw_abbrev **abbrev) { + vmpa2t old; /* Mémorisation d'une position */ + dw_abbrev *new; /* Nouvelle abréviation */ dw_abbrev_decl decl; /* En-tête d'abréviation */ - bool status; /* Bilan d'une lecture */ dw_abbrev_raw_attr attr; /* Attribut de l'abréviation */ - dw_abbrev *child; /* Rejeton à intégrer */ + bool status; /* Bilan d'une lecture */ - *abbrev = NULL; + new = NULL; /** * Cette routine est la transcription du paragraphe 7.5.3 ("Abbreviations Tables"), @@ -139,77 +124,58 @@ bool load_dwarf_abbreviation(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev * * As mentioned in Section 2.3, each chain of sibling entries is terminated by a null entry. * - * Cependant, ce formalisme n'est pas constaté dans la pratique. D'ailleurs, readelf - * comporte le commentaire suivant dans le fichier 'dwarf_reader.cc' : + * Par ailleurs, readelf comporte le commentaire suivant dans le fichier 'dwarf_reader.cc' : * * Read the abbrev code. A zero here indicates the end of the abbrev table. * */ - if (!read_dwarf_abbrev_decl(format, pos, &decl)) + copy_vmpa(&old, pos); + + if (!read_dwarf_abbrev_decl(content, pos, &decl)) goto lda_bad_exit; if (decl.code == 0) goto lda_exit; - *abbrev = (dw_abbrev *)calloc(1, sizeof(dw_abbrev)); + new = (dw_abbrev *)calloc(1, sizeof(dw_abbrev)); - if (!check_abbreviation_decl(format, &decl, *abbrev)) + if (!conv_abbrev_decl(format, cu, &decl, new, &old)) goto lda_bad_exit; /* Chargement des attributs */ for (;;) { - status = read_dwarf_abbrev_attr(format, pos, &attr); - if (!status) goto lda_bad_exit; + copy_vmpa(&old, pos); - printf(" -- [0x%llx] [0x%llx] name = %u\tform = %u\n", - (unsigned long long)pos->physical, - (unsigned long long)decl.code, - (unsigned int)attr.name, (unsigned int)attr.form); + status = read_dwarf_abbrev_attr(content, pos, &attr); + if (!status) goto lda_bad_exit; - if (attr.name == DW_ATTR_invalid && attr.form == DW_FORM_invalid) + if (attr.name == 0 && attr.form == 0) break; - (*abbrev)->attribs_count++; - (*abbrev)->attribs = (dw_abbrev_attr *)realloc((*abbrev)->attribs, - (*abbrev)->attribs_count * sizeof(dw_abbrev_attr)); + new->count++; + new->attribs = (dw_abbrev_attr *)realloc(new->attribs, + new->count * sizeof(dw_abbrev_attr)); - status = check_abbreviation_attrib(format, &attr, - &(*abbrev)->attribs[(*abbrev)->attribs_count - 1]); + status = conv_abbrev_attrib(format, cu, &attr, &new->attribs[new->count - 1], &old); if (!status) goto lda_bad_exit; } - /* Chargement des enfants */ - - printf(" || children ? %d vs %d\n", (int)decl.has_children, (int)DW_CHILDREN_yes); - - if (decl.has_children == DW_CHILDREN_yes) - for (;;) - { - status = load_dwarf_abbreviation(format, pos, &child); - if (!status) goto lda_bad_exit; - - if (child == NULL) - break; - - (*abbrev)->children_count++; - (*abbrev)->children = (dw_abbrev **)realloc((*abbrev)->children, - (*abbrev)->children_count * sizeof(dw_abbrev)); - - (*abbrev)->children[(*abbrev)->children_count - 1] = child; - - } - lda_exit: + *abbrev = new; + return true; lda_bad_exit: - free_dwarf_abbreviation(*abbrev); + if (new != NULL) + free_dwarf_abbrev(new); + + *abbrev = NULL; return false; @@ -228,22 +194,11 @@ bool load_dwarf_abbreviation(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev * * ******************************************************************************/ -void free_dwarf_abbreviation(dw_abbrev *abbrev) +static void free_dwarf_abbrev(dw_abbrev *abbrev) { - size_t i; /* Boucle de parcours */ - if (abbrev->attribs != NULL) free(abbrev->attribs); - if (abbrev->children != NULL) - { - for (i = 0; i < abbrev->children_count; i++) - free_dwarf_abbreviation(abbrev->children[i]); - - free(abbrev->attribs); - - } - free(abbrev); } @@ -251,9 +206,11 @@ void free_dwarf_abbreviation(dw_abbrev *abbrev) /****************************************************************************** * * -* Paramètres : format = informations chargées à consulter. * +* Paramètres : format = informations de débogage à consulter. * +* cu = unité de compilation parente. * * decl = structure brute dont le contenu est à valider. * * abbrev = abréviation à constituer à partir du brut. [OUT] * +* pos = emplacement de l'élément à vérifier dans le binaire.* * * * Description : Procède à la conversion de base d'une abréviation DWARF. * * * @@ -263,21 +220,19 @@ void free_dwarf_abbreviation(dw_abbrev *abbrev) * * ******************************************************************************/ -static bool check_abbreviation_decl(const GDwarfFormat *format, const dw_abbrev_decl *decl, dw_abbrev *abbrev) +static bool conv_abbrev_decl(GDwarfFormat *format, const dw_compil_unit_header *cu, const dw_abbrev_decl *decl, dw_abbrev *abbrev, const vmpa2t *pos) { bool result; /* Validité à retourner */ - result = (decl->has_children == DW_CHILDREN_no - || decl->has_children == DW_CHILDREN_yes); - - - /* TODO : vérifier les bornes de 'tag' */ - + result = check_dwarf_abbrev_decl(format, decl, cu->version, pos); if (result) { abbrev->code = decl->code; abbrev->tag = decl->tag; + + abbrev->has_children = (decl->has_children == DW_CHILDREN_yes); + } return result; @@ -287,9 +242,11 @@ static bool check_abbreviation_decl(const GDwarfFormat *format, const dw_abbrev_ /****************************************************************************** * * -* Paramètres : format = informations chargées à consulter. * +* Paramètres : format = informations de débogage à consulter. * +* cu = unité de compilation parente. * * decl = structure brute dont le contenu est à valider. * * abbrev = abréviation à constituer à partir du brut. [OUT] * +* pos = emplacement de l'élément à vérifier dans le binaire.* * * * Description : Procède à la conversion d'un attribut d'abréviation DWARF. * * * @@ -299,23 +256,16 @@ static bool check_abbreviation_decl(const GDwarfFormat *format, const dw_abbrev_ * * ******************************************************************************/ -static bool check_abbreviation_attrib(const GDwarfFormat *format, const dw_abbrev_raw_attr *attr, dw_abbrev_attr *attrib) +static bool conv_abbrev_attrib(GDwarfFormat *format, const dw_compil_unit_header *cu, const dw_abbrev_raw_attr *attr, dw_abbrev_attr *attrib, const vmpa2t *pos) { bool result; /* Validité à retourner */ - result = true; - - - /* TODO : vérifier les bornes de 'name' et 'form' */ - + result = check_dwarf_abbrev_attrib(format, attr, cu->version, pos); if (result) { attrib->name = attr->name; attrib->form = attr->form; - - - } return result; @@ -323,31 +273,6 @@ static bool check_abbreviation_attrib(const GDwarfFormat *format, const dw_abbre } - - - - - - -/****************************************************************************** -* * -* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * -* * -* Description : Fournit l'étiquette associée à l'ensemble des attributs. * -* * -* Retour : Etiquette officielle de l'ensemble représenté. * -* * -* Remarques : - * -* * -******************************************************************************/ - -DwarfTag dwarf_abbreviation_get_tag(const dw_abbrev *abbrev) -{ - return abbrev->tag; - -} - - /****************************************************************************** * * * Paramètres : abbrev = abréviation chargée en mémoire à consulter. * @@ -362,178 +287,18 @@ DwarfTag dwarf_abbreviation_get_tag(const dw_abbrev *abbrev) size_t dwarf_abbreviation_count_attribs(const dw_abbrev *abbrev) { - return abbrev->attribs_count; - -} - - -/****************************************************************************** -* * -* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * -* attrib = désignation de l'attribut à retrouver. * -* index = indice de cet attribut dans l'ensemble. [OUT] * -* * -* Description : Recherche un attribut dans une abréviation. * -* * -* Retour : Indication sur le bilan des recherches. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool dwarf_abbreviation_get_attrib_index(const dw_abbrev *abbrev, DwarfAttrib attrib, size_t *index) -{ - bool result; /* Etat de validité à renvoyer */ - size_t i; /* Boucle de parcours */ - - for (i = 0; i < abbrev->attribs_count; i++) - if (abbrev->attribs[i].name == attrib) - break; - - if (i < abbrev->attribs_count) - { - result = true; - *index = i; - } - else - result = false; - - return result; + return abbrev->count; } - - - - /****************************************************************************** * * -* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * -* attrib = désignation de l'attribut à retrouver. * -* index = indice de cet attribut dans l'ensemble. * -* form = type de valeur attendu pour un attribut donné. [OUT]* -* * -* Description : Détermine le type d'un attribut dans une abréviation. * -* * -* Retour : Indication sur le bilan des accès. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool dwarf_abbreviation_get_form_for_index(const dw_abbrev *abbrev, size_t index, DwarfForm *form) -{ - if (index >= abbrev->attribs_count) - return false; - - *form = abbrev->attribs[index].form; - - return true; - -} - - - - - - -/****************************************************************************** -* * -* Paramètres : abbrev = abréviation chargée en mémoire à consulter. * -* * -* Description : Indique si une abbréviation comporte des sous-définitions. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool dwarf_abbreviation_has_children(const dw_abbrev *abbrev) -{ - return (abbrev->children_count > 0); - -} - - - - - - - - - - - - - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à consulter. * -* code = identifiant de l'abbréviation recherchée. * -* * -* Description : Recherche une abréviation DWARF donnée. * -* * -* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * -* * -* Remarques : - * -* * -******************************************************************************/ - -const dw_abbrev *find_dwarf_abbreviations(const GDwarfFormat *format, uleb128_t code) -{ - const dw_abbrev *result; /* Trouvaille à retourner */ - - if (format->abbreviations->code == code) - result = format->abbreviations; - - else - { - const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *abbrev, uleb128_t c) - { - const dw_abbrev *found; /* Trouvaille à retourner */ - size_t i; /* Boucle de parcours */ - - if (abbrev->code == c) - found = abbrev; - else - { - found = NULL; - - for (i = 0; i < abbrev->children_count && found == NULL; i++) - found = _find_dwarf_abbreviations(abbrev->children[i], c); - - } - - return found; - - } - - result = _find_dwarf_abbreviations(format->abbreviations, code); - - } - - return result; - -} - - - - - - - - - -/****************************************************************************** -* * -* Paramètres : format = contenu binaire de débogage à parcourir. * -* cu = unité de compilation parente. * -* form = nature de la valeur à lire. * -* pos = tête de lecture au sein des données. [OUT] * -* value = valeur au format donné lue. [OUT] * +* Paramètres : abbrev = abréviation à consulter. * +* format = contenu binaire de débogage à parcourir. * +* content = contenu encadré à parcourir. * +* pos = tête de lecture au sein des données. [OUT] * +* cu = unité de compilation parente. * * * * Description : Lit la valeur correspondant à un type donné. * * * @@ -543,37 +308,28 @@ const dw_abbrev *find_dwarf_abbreviations(const GDwarfFormat *format, uleb128_t * * ******************************************************************************/ -dw_value *translate_abbreviation_attributes(const GDwarfFormat *format, const dw_abbrev *abbrev, const dw_compil_unit_header *cu, vmpa2t *pos) +dw_value *translate_abbrev_attribs(const dw_abbrev *abbrev, const GDwarfFormat *format, GBinContent *content, vmpa2t *pos, const dw_compil_unit_header *cu) { dw_value *result; /* Valeurs lues retournées */ size_t i; /* Boucle de parcours */ bool status; /* Bilan d'une lecture */ - result = (dw_value *)calloc(abbrev->attribs_count, sizeof(dw_value)); + result = (dw_value *)calloc(abbrev->count, sizeof(dw_value)); - for (i = 0; i < abbrev->attribs_count; i++) + for (i = 0; i < abbrev->count; i++) { result[i].attrib = abbrev->attribs[i].name; - printf("-- loading attrib %x (%u) -- form = %x (%u) -- pos = %llx --\n", - (unsigned int)abbrev->attribs[i].name, - (unsigned int)abbrev->attribs[i].name, - (unsigned int)abbrev->attribs[i].form, - (unsigned int)abbrev->attribs[i].form, - (unsigned long long)(pos->physical - 0x1039)); - - status = G_DWARF_FORMAT_GET_CLASS(format)->read_form(format, cu, - abbrev->attribs[i].form, pos, &result[i].value); - if (!status) printf("[%zu] failed for %x\n", i, abbrev->attribs[i].form); - if (status) printf("[%zu] success for %x\n", i, abbrev->attribs[i].form); - printf(" current pos :: %llx\n", (unsigned long long)(pos->physical - 0x1039)); + status = read_dwarf_form_value(format, content, pos, cu, + abbrev->attribs[i].form, &result[i].value); + if (!status) break; } - if (i != abbrev->attribs_count) + if (i != abbrev->count) { - free(result); + free_abbrev_attribs(result, abbrev->count); result = NULL; } @@ -582,195 +338,12 @@ dw_value *translate_abbreviation_attributes(const GDwarfFormat *format, const dw } - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -#if 0 - -#include <malloc.h> -#include <stdarg.h> -#include <string.h> - - -#include "utils.h" - - - -#include <ctype.h> - - - -/* Libère de la mémoire une abréviation DWARF. */ -void free_dwarf_abbrev(dw_abbrev *); - -/* Charge une abréviations DWARF. */ -dw_abbrev *read_dwarf_abbreviations(dwarf_format *, off_t *, uint64_t *); - -/* Recherche une abréviation DWARF donnée. */ -const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *, uint8_t *); - -/* Lit la valeur d'un attribut DWARF. */ -bool _read_dwarf_abbrev_attribute(dwarf_format *, off_t *, DwarfForm, ...); - - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à compléter. * -* * -* Description : Charge les abréviations trouvées pour un DWARF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool load_dwarf_abbreviations(dwarf_format *format) -{ - bool result; /* Bilan à renvoyer */ - - - - - off_t offset; - off_t start; - off_t size; - - bool test; - - int i; - - - dw_abbrev *abbrev; - uint64_t index; - - printf("Searching...\n"); - - - result = true; - - test = find_exe_section(DBG_FORMAT(format)->e_format, ".debug_abbrev", &start, &size, NULL); - - offset = start; - - - printf(" -> offset=%d size=%d\n", offset, size); - - - - for (i = 0; i < size; i++) - { - if (i % 10 == 0) printf("\n"); - printf("0x%02hhx ", DBG_FORMAT(format)->content[offset + i]); - } - - printf("\n"); - - - - - while (offset < (start + size)) - { - abbrev = read_dwarf_abbreviations(format, &offset, &index); - - offset++; /* 0x00 */ - - printf("abbrev :: %p\n", abbrev); - - if (abbrev != NULL) - { - abbrev->offset -= start; - - format->abbrevs = (dw_abbrev **)realloc(format->abbrevs, ++format->abbrevs_count * sizeof(dw_abbrev *)); - format->abbrevs[format->abbrevs_count - 1] = abbrev; - - printf(" %d attribs, %d children\n", abbrev->attribs_count, abbrev->children_count); - - } - else - { - unload_dwarf_abbreviations(format); - result = false; - break; - } - - } - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à effacer. * -* * -* Description : Décharge les abréviations trouvées pour un DWARF. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -void unload_dwarf_abbreviations(dwarf_format *format) -{ - size_t i; /* Boucle de parcours */ - - for (i = 0; i < format->abbrevs_count; i++) - free_dwarf_abbrev(format->abbrevs[i]); - -} - - /****************************************************************************** * * -* Paramètres : abbrev = élément à supprimer de la mémoire. * +* Paramètres : values = liste de valeurs typées à traiter. * +* count = nombre d'éléments de la liste. * * * -* Description : Libère de la mémoire une abréviation DWARF. * +* Description : Supprime de la mémoire une liste de valeurs typées. * * * * Retour : - * * * @@ -778,511 +351,118 @@ void unload_dwarf_abbreviations(dwarf_format *format) * * ******************************************************************************/ -void free_dwarf_abbrev(dw_abbrev *abbrev) +void free_abbrev_attribs(dw_value *values, size_t count) { size_t i; /* Boucle de parcours */ - for (i = 0; i < abbrev->children_count; i++) - free_dwarf_abbrev(abbrev->children[i]); - - free(abbrev->attribs); - free(abbrev->children); + for (i = 0; i < count; i++) + if (values[i].value != NULL) + free_dwarf_form_value(values[i].value); - free(abbrev); + free(values); } /****************************************************************************** * * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* index = code de l'abréviation. [OUT] * +* Paramètres : abbrev = abréviation à consulter. * * * -* Description : Charge une abréviation DWARF. * +* Description : Détermine si l'abréviation possède des enfants. * * * -* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* Retour : true si des sous-éléments sont présents. * * * * Remarques : - * * * ******************************************************************************/ -dw_abbrev *read_dwarf_abbreviations(dwarf_format *format, off_t *pos, uint64_t *index) +bool has_abbrev_children(const dw_abbrev *abbrev) { - dw_abbrev *result; /* Abréviation à retourner */ - bool has_children; /* Indique la présence de fils */ - uint64_t value1; /* Valeur quelconque lue #1 */ - uint64_t value2; /* Valeur quelconque lue #2 */ - uint64_t sub_index; /* Indice d'un sous-élément */ - dw_abbrev *child; /* Sous-élément à intégrer */ - - result = (dw_abbrev *)calloc(1, sizeof(dw_abbrev)); - - result->offset = *pos; - - /* Code de l'élément */ - if (!read_uleb128(format, pos, index, true)) goto rda_error; - - if (!read_uleb128(format, pos, &value1, true)) goto rda_error; - result->tag = value1; - - printf(" --ta :: 0x%02llx\n", value1); - - if (*pos >= DBG_FORMAT(format)->length) goto rda_error; - has_children = (DBG_FORMAT(format)->content[(*pos)++] == DW_CHILDREN_YES); - - printf(" --ch ? %d\n", has_children); - - /* Liste des attributs */ - - while (DBG_FORMAT(format)->content[*pos] != 0x00) - { - if (!read_uleb128(format, pos, &value1, true)) goto rda_error; - if (!read_uleb128(format, pos, &value2, true)) goto rda_error; - - result->attribs = (dw_abbrev_attr *)realloc(result->attribs, ++result->attribs_count * sizeof(dw_abbrev_attr)); - - result->attribs[result->attribs_count - 1].attrib = value1; - result->attribs[result->attribs_count - 1].form = value2; - - } - - (*pos) += 2; /* 0x00 0x00 */ - - /* Chargement des sous-éléments */ - - if (has_children) - while (DBG_FORMAT(format)->content[*pos] != 0x00) - { - child = read_dwarf_abbreviations(format, pos, &sub_index); - - if (child == NULL) goto rda_error; - - if ((sub_index - *index - 1) != result->children_count) goto rda_error; - - result->children = (dw_abbrev **)realloc(result->children, ++result->children_count * sizeof(dw_abbrev *)); + bool result; /* Bilan à retourner */ - result->children[result->children_count - 1] = child; - - } + result = abbrev->has_children; return result; - rda_error: - - free_dwarf_abbrev(result); - - return NULL; - } -/****************************************************************************** -* * -* Paramètres : abbrev = abréviation racine à parcourir. * -* index = code de l'abréviation. [OUT] * -* * -* Description : Recherche une abréviation DWARF donnée. * -* * -* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * -* * -* Remarques : - * -* * -******************************************************************************/ - -const dw_abbrev *_find_dwarf_abbreviations(const dw_abbrev *abbrev, uint8_t *index) -{ - const dw_abbrev *result; /* Structure à retourner */ - size_t i; /* Boucle de parcours */ - - result = NULL; - - if (*index == 0) result = abbrev; - else - for (i = 0; i < abbrev->children_count && result == NULL; i++) - { - (*index)--; - result = _find_dwarf_abbreviations(abbrev->children[i], index); - } - - return result; -} +/* ---------------------------------------------------------------------------------- */ +/* TRAITEMENT D'ABREVIATIONS PAR LOTS */ +/* ---------------------------------------------------------------------------------- */ /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* offset = position dans les abréviations. * -* pos = position dans le flux binaire courant. [OUT] * +* Paramètres : format = informations de débogage à constituer. * +* cu = en-tête de description de l'unité à traiter. * * * -* Description : Recherche une abréviation DWARF donnée. * +* Description : Charge une série d'abréviations présentes dans un DWARF. * * * -* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * +* Retour : Structure mise en place, ou NULL en cas d'erreur. * * * -* Remarques : - * +* Remarques : Le décalage est positionné à VMPA_NO_PHYSICAL en cas de fin. * * * ******************************************************************************/ -const dw_abbrev *find_dwarf_abbreviations(dwarf_format *format, const off_t *offset, off_t *pos) +dw_abbrev_brotherhood *load_all_dwarf_abbreviations(GDwarfFormat *format, const dw_compil_unit_header *cu) { - const dw_abbrev *result; /* Structure à retourner */ - uint64_t index; /* Code de l'abréviation */ - size_t i; /* Boucle de parcours */ + dw_abbrev_brotherhood *result; /* Abréviations à retourner */ + GExeFormat *exe; /* Exécutable associé */ + mrange_t range; /* Couverture d'une section */ + bool status; /* Bilan d'un appel */ + GBinContent *content; /* Contenu binaire à lire */ + GBinContent *restricted; /* Limitation des traitements */ + vmpa2t pos; /* Position de tête de lecture */ + dw_abbrev *abbrev; /* Nouvelle abréviation */ result = NULL; - do - { - if (!read_uleb128(format, pos, &index, true)) - { - printf("error skipping padding...\n"); - return NULL; - } - } - while (index == 0); - - for (i = 0; i < format->abbrevs_count; i++) - if (format->abbrevs[i]->offset == *offset) break; - - if (i < format->abbrevs_count) - { - index--; - result = _find_dwarf_abbreviations(format->abbrevs[i], &index); - } - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : abbrev = informations à parcourir. * -* attrib = attribut visé par la lecture. * -* * -* Description : Indique la présence ou l'absence d'un attribut donné. * -* * -* Retour : true si l'attribut est présent, false sinon. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool test_dwarf_abbrev_attribute(const dw_abbrev *abbrev, DwarfAttrib attrib) -{ - bool result; /* Bilan à retourner */ - size_t i; /* Boucle de parcours */ - - result = false; - - for (i = 0; i < abbrev->attribs_count && !result; i++) - result = (abbrev->attribs[i].attrib == attrib); - - return result; - -} + exe = G_DBG_FORMAT(format)->executable; + status = g_exe_format_get_section_range_by_name(exe, ".debug_abbrev", &range); -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* form = format des données à lire. * -* ... = lieu d'enregistrement ou NULL. [OUT] * -* * -* Description : Lit la valeur d'un attribut DWARF. * -* * -* Retour : true si la lecture est un succès, false sinon. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool _read_dwarf_abbrev_attribute(dwarf_format *format, off_t *pos, DwarfForm form, ...) -{ - bool result; /* Bilan à revoyer */ - va_list ap; /* Adresse fournie en dernier */ - uint8_t *val8; /* Données sur 8 bits */ - uint16_t *val16; /* Données sur 16 bits */ - uint32_t *val32; /* Données sur 32 bits */ - uint64_t *val64; /* Données sur 64 bits */ - uint64_t *sval64; /* Données sur 64 bits (signée)*/ - bool *boolval; /* Valeur booléenne */ - uint8_t tmp8; /* Données sur 8 bits */ - uint16_t tmp16; /* Données sur 16 bits */ - uint32_t tmp32; /* Données sur 32 bits */ - uint64_t tmp64; /* Données sur 64 bits */ - uint64_t stmp64; /* Données sur 64 bits (signée)*/ - uint64_t size_to_read; /* Nombre d'octets à lire */ - off_t offset; /* Décalage dans une zone */ - char **strval; /* Chaîne de caractères */ - size_t length; /* Taille d'une chaîne */ - - va_start(ap, form); - - switch (form) + if (status) { - case DWF_ADDR: - result = ((*pos + (format->format == DWF_32_BITS ? 4 : 8)) <= DBG_FORMAT(format)->length); - if (result) - { - val64 = va_arg(ap, uint64_t *); - if (val64 != NULL) - { - if (format->format == DWF_32_BITS) - { - memcpy(&tmp32, &DBG_FORMAT(format)->content[*pos], 4); - *val64 = tmp32; - } - else memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); - } - *pos += (format->format == DWF_32_BITS ? 4 : 8); - } - break; + /* Définition d'un zone de travail */ - case DWF_BLOCK2: - result = ((*pos + 2) <= DBG_FORMAT(format)->length); - if (result) - { - memcpy(&tmp16, &DBG_FORMAT(format)->content[*pos], 2); - size_to_read = tmp16; - /* ... */ - *pos += 2 + size_to_read; - } - break; + content = G_BIN_FORMAT(format)->content; + restricted = g_restricted_content_new(content, &range); - case DWF_BLOCK4: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - if (result) - { - memcpy(&tmp32, &DBG_FORMAT(format)->content[*pos], 4); - size_to_read = tmp32; - /* ... */ - *pos += 4 + size_to_read; - } - break; + copy_vmpa(&pos, get_mrange_addr(&range)); + advance_vmpa(&pos, cu->debug_abbrev_offset); - case DWF_DATA2: - result = ((*pos + 2) <= DBG_FORMAT(format)->length); - if (result) - { - val16 = va_arg(ap, uint16_t *); - if (val16 != NULL) memcpy(val16, &DBG_FORMAT(format)->content[*pos], 2); - *pos += 2; - } - break; + /* Lecture de toutes les abréviations */ - case DWF_DATA4: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - if (result) - { - val32 = va_arg(ap, uint32_t *); - if (val32 != NULL) memcpy(val32, &DBG_FORMAT(format)->content[*pos], 4); - *pos += 4; - } - break; - - case DWF_DATA8: - result = ((*pos + 8) <= DBG_FORMAT(format)->length); - if (result) - { - val64 = va_arg(ap, uint64_t *); - if (val64 != NULL) memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); - *pos += 8; - } - break; - - case DWF_STRING: - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (result) - { - strval = va_arg(ap, char **); - if (strval != NULL) *strval = (char *)calloc(1, sizeof(char)); - length = 0; - - while (result) - { - if (DBG_FORMAT(format)->content[*pos] == '\0') break; - - length++; - - if (strval != NULL) - { - *strval = (char *)realloc(*strval, (length + 1) * sizeof(char)); - (*strval)[length - 1] = DBG_FORMAT(format)->content[*pos]; - } - - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (!result) break; - - (*pos)++; - - } - - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - - if (result) - { - (*pos)++; - - if (strval != NULL) - (*strval)[length] = 0; - - } - else if (strval != NULL) - { - free(*strval); - *strval = NULL; - } - - } - - break; - - case DWF_BLOCK: - result = read_uleb128(format, pos, &size_to_read, true); - result &= ((*pos + size_to_read) <= DBG_FORMAT(format)->length); - if (result) - { - /* ... */ - *pos += size_to_read; - } - break; - - case DWF_BLOCK1: - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (result) - { - memcpy(&tmp8, &DBG_FORMAT(format)->content[*pos], 1); - size_to_read = tmp8; - /* ... */ - *pos += 1 + size_to_read; - } - break; - - case DWF_DATA1: - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (result) - { - val8 = va_arg(ap, uint8_t *); - if (val8 != NULL) memcpy(val8, &DBG_FORMAT(format)->content[*pos], 1); - *pos += 1; - } - break; - - case DWF_FLAG: - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (result) - { - boolval = va_arg(ap, bool *); - if (boolval != NULL) *boolval = (DBG_FORMAT(format)->content[*pos] != 0x00); - *pos += 1; - } - break; - - case DWF_SDATA: - sval64 = va_arg(ap, int64_t *); - if (sval64 == NULL) sval64 = &stmp64; - result = read_uleb128(format, pos, sval64, true); - break; - - case DWF_STRP: - result = read_abbrev_offset(format, pos, &offset); - if (result) - { - if (va_arg(ap, bool *) != NULL) - { - printf("TODO\n"); - exit(0); - } - /* - boolval = va_arg(ap, bool *); - if (boolval != NULL) *boolval = (DBG_FORMAT(format)->content[*pos] != 0x00); - */ - } - break; - - case DWF_UDATA: - val64 = va_arg(ap, uint64_t *); - if (val64 == NULL) val64 = &tmp64; - result = read_uleb128(format, pos, val64, true); - break; - - case DWF_REF_ADDR: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - - printf("bad at %d\n", __LINE__); exit(0); - - break; - - - case DWF_REF1: - result = ((*pos + 1) <= DBG_FORMAT(format)->length); - if (result) - { - val8 = va_arg(ap, uint8_t *); - if (val8 != NULL) memcpy(val8, &DBG_FORMAT(format)->content[*pos], 1); - *pos += 1; - } - break; - - case DWF_REF2: - result = ((*pos + 2) <= DBG_FORMAT(format)->length); - if (result) - { - val16 = va_arg(ap, uint16_t *); - if (val16 != NULL) memcpy(val16, &DBG_FORMAT(format)->content[*pos], 2); - *pos += 2; - } - break; - - case DWF_REF4: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - if (result) - { - val32 = va_arg(ap, uint32_t *); - if (val32 != NULL) memcpy(val32, &DBG_FORMAT(format)->content[*pos], 4); - *pos += 4; - } - break; - - case DWF_REF8: - result = ((*pos + 8) <= DBG_FORMAT(format)->length); - if (result) - { - val64 = va_arg(ap, uint64_t *); - if (val64 != NULL) memcpy(val64, &DBG_FORMAT(format)->content[*pos], 8); - *pos += 8; - } - break; - - case DWF_REF_UDATA: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - - printf("bad at %d\n", __LINE__); exit(0); - - break; + result = calloc(1, sizeof(dw_abbrev_brotherhood)); + while (true) + { + status = load_dwarf_abbreviation(format, cu, restricted, &pos, &abbrev); + if (!status) break; - case DWF_INDIRECT: - result = ((*pos + 4) <= DBG_FORMAT(format)->length); + if (abbrev == NULL) + break; - printf("bad at %d\n", __LINE__); exit(0); + result->abbrevs = realloc(result->abbrevs, ++result->count * sizeof(dw_abbrev *)); - break; + result->abbrevs[result->count - 1] = abbrev; + } + /* Nettoyage */ + if (!status) + { + free_all_dwarf_abbreviations(result); + result = NULL; + } - default: - result = false; - break; + g_object_unref(G_OBJECT(restricted)); } - va_end(ap); - return result; } @@ -1290,101 +470,58 @@ bool _read_dwarf_abbrev_attribute(dwarf_format *format, off_t *pos, DwarfForm fo /****************************************************************************** * * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* update = indique si la position est à mettre à jour. * -* abbrev = informations à parcourir. * -* attrib = attribut visé par la lecture. * -* ... = lieu d'enregistrement ou NULL. [OUT] * +* Paramètres : list = série d'abréviations chargées en mémoire à traiter. * * * -* Description : Lit la valeur d'un attribut DWARF. * +* Description : Supprime de la mémoire toute trace d'abréviations DWARF. * * * -* Retour : true si la lecture est un succès, false sinon. * +* Retour : - * * * * Remarques : - * * * ******************************************************************************/ -bool read_dwarf_abbrev_attribute(dwarf_format *format, off_t *pos, bool update, const dw_abbrev *abbrev, DwarfAttrib attrib, ...) +void free_all_dwarf_abbreviations(dw_abbrev_brotherhood *list) { - bool result; /* Bilan à retourner */ - off_t curpos; /* Tête de lecture effective */ size_t i; /* Boucle de parcours */ - va_list ap; /* Adresse fournie en dernier */ - - result = true; - - curpos = *pos; - - for (i = 0; i < abbrev->attribs_count && result; i++) - if (abbrev->attribs[i].attrib == attrib) break; - else result = _read_dwarf_abbrev_attribute(format, &curpos, abbrev->attribs[i].form, NULL); - - if (result) - { - va_start(ap, attrib); - - if (i < abbrev->attribs_count) - result = _read_dwarf_abbrev_attribute(format, &curpos, abbrev->attribs[i].form, va_arg(ap, void *)); - else - result = false; - va_end(ap); + for (i = 0; i < list->count; i++) + free_dwarf_abbrev(list->abbrevs[i]); - } - - if (result && update) *pos = curpos; + if (list->abbrevs != NULL) + free(list->abbrevs); - return result; + free(list); } /****************************************************************************** * * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* abbrev = informations à survoler. * +* Paramètres : list = série d'abréviations à consulter. * +* code = identifiant de l'abbréviation recherchée. * * * -* Description : Fait avancer la tête de lecture d'une seule abréviation. * +* Description : Recherche une abréviation DWARF donnée. * * * -* Retour : true si l'opération est un succès, false sinon. * +* Retour : Adresse d'une abréviation ou NULL en cas d'échec. * * * * Remarques : - * * * ******************************************************************************/ -bool skip_dwarf_abbrev(dwarf_format *format, off_t *pos, const dw_abbrev *abbrev) +const dw_abbrev *find_dwarf_abbreviation(const dw_abbrev_brotherhood *list, uleb128_t code) { - bool result; /* Bilan à revoyer */ + const dw_abbrev *result; /* Trouvaille à retourner */ size_t i; /* Boucle de parcours */ - uint64_t index; /* Code de padding */ - - result = true; - - /* Ecartement du corps */ - for (i = 0; i < abbrev->attribs_count && result; i++) - result = _read_dwarf_abbrev_attribute(format, pos, abbrev->attribs[i].form, NULL); - - /* Ecartement du padding */ + result = NULL; - do - { - if (!read_uleb128(format, pos, &index, false)) + for (i = 0; i < list->count; i++) + if (list->abbrevs[i]->code == code) { - printf("error skipping padding...\n"); - return false; + result = list->abbrevs[i]; + break; } - if (index == 0) - read_uleb128(format, pos, &index, true); - - } - while (index == 0); - return result; } - -#endif diff --git a/plugins/dwarf/abbrev.h b/plugins/dwarf/abbrev.h index b5fe3be..6536b72 100644 --- a/plugins/dwarf/abbrev.h +++ b/plugins/dwarf/abbrev.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * abbrev.h - prototypes pour la manipulation des abréviation DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,106 +21,65 @@ */ -#ifndef _FORMAT_DWARF_ABBREV_H -#define _FORMAT_DWARF_ABBREV_H +#ifndef _PLUGINS_DWARF_ABBREV_H +#define _PLUGINS_DWARF_ABBREV_H #include <stdbool.h> -#include "dwarf.h" -#include "dwarf_def.h" +#include "form.h" +#include "format.h" +/* ----------------------- TRAITEMENT D'ABREVIATION A L'UNITE ----------------------- */ -/* Description d'une abréviation */ -typedef struct _dw_abbrev dw_abbrev; - - - - - - - -/* Charge toutes les abbréviations présentes dans un DWARF. */ -bool load_all_dwarf_abbreviations(GDwarfFormat *); -/* Charge une abréviation valide pour un DWARF en mémoire. */ -bool load_dwarf_abbreviation(const GDwarfFormat *, vmpa2t *, dw_abbrev **); - -/* Supprime de la mémoire toute trace d'une abréviation DWARF. */ -void free_dwarf_abbreviation(dw_abbrev *); +/* Description d'une abréviation */ +typedef struct _dw_abbrev dw_abbrev; -/* Fournit l'étiquette associée à l'ensemble des attributs. */ -DwarfTag dwarf_abbreviation_get_tag(const dw_abbrev *); /* Compte le nombre d'attributs présents dans une abréviation. */ size_t dwarf_abbreviation_count_attribs(const dw_abbrev *); -/* Recherche un attribut dans une abréviation. */ -bool dwarf_abbreviation_get_attrib_index(const dw_abbrev *, DwarfAttrib, size_t *); - - -/* Détermine le type d'un attribut dans une abréviation. */ -bool dwarf_abbreviation_get_form_for_index(const dw_abbrev *, size_t, DwarfForm *); +/* Forme de valeur typée */ +typedef struct _dw_value +{ + DwarfAttrib attrib; /* Sujet de l'élément */ + dw_form_value *value; /* Valeur instanciée associée */ -/* Indique si une abbréviation comporte des sous-définitions. */ -bool dwarf_abbreviation_has_children(const dw_abbrev *); +} dw_value; - -/* Recherche une abréviation DWARF donnée. */ -const dw_abbrev *find_dwarf_abbreviations(const GDwarfFormat *, uleb128_t); - /* Lit la valeur correspondant à un type donné. */ -dw_value *translate_abbreviation_attributes(const GDwarfFormat *, const dw_abbrev *, const dw_compil_unit_header *, vmpa2t *); - +dw_value *translate_abbrev_attribs(const dw_abbrev *, const GDwarfFormat *, GBinContent *, vmpa2t *, const dw_compil_unit_header *); +/* Supprime de la mémoire une liste de valeurs typées. */ +void free_abbrev_attribs(dw_value *, size_t); +/* Détermine si l'abréviation possède des enfants. */ +bool has_abbrev_children(const dw_abbrev *); +/* ----------------------- TRAITEMENT D'ABREVIATIONS PAR LOTS ----------------------- */ +/* Brochette d'abréviations */ +typedef struct _dw_abbrev_brotherhood dw_abbrev_brotherhood; +/* Charge une série d'abréviations présentes dans un DWARF. */ +dw_abbrev_brotherhood *load_all_dwarf_abbreviations(GDwarfFormat *, const dw_compil_unit_header *); - - -#if 0 - - -#include <stdbool.h> - - -#include "d_dwarf.h" -#include "dwarf-int.h" - - - -/* Charge les abréviations trouvées pour un DWARF. */ -bool load_dwarf_abbreviations(dwarf_format *); - -/* Décharge les abréviations trouvées pour un DWARF. */ -void unload_dwarf_abbreviations(dwarf_format *); +/* Supprime de la mémoire toute trace d'abréviations DWARF. */ +void free_all_dwarf_abbreviations(dw_abbrev_brotherhood *); /* Recherche une abréviation DWARF donnée. */ -const dw_abbrev *find_dwarf_abbreviations(dwarf_format *, const off_t *, off_t *); - -/* Indique la présence ou l'absence d'un attribut donné. */ -bool test_dwarf_abbrev_attribute(const dw_abbrev *, DwarfAttrib); - -/* Lit la valeur d'un attribut DWARF. */ -bool read_dwarf_abbrev_attribute(dwarf_format *, off_t *, bool, const dw_abbrev *, DwarfAttrib, ...); - -/* Fait avancer la tête de lecture d'une seule abréviation. */ -bool skip_dwarf_abbrev(dwarf_format *, off_t *, const dw_abbrev *); - - -#endif +const dw_abbrev *find_dwarf_abbreviation(const dw_abbrev_brotherhood *, uleb128_t); -#endif /* _FORMAT_DWARF_ABBREV_H */ +#endif /* _PLUGINS_DWARF_ABBREV_H */ diff --git a/plugins/dwarf/checks.c b/plugins/dwarf/checks.c new file mode 100644 index 0000000..7dc8a7c --- /dev/null +++ b/plugins/dwarf/checks.c @@ -0,0 +1,224 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * checks.c - validations liées au format DWARF v2 + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "checks.h" + + +#include <malloc.h> +#include <stdio.h> + + +#include <i18n.h> +#include <common/cpp.h> +#include <format/format.h> + + +#include "core.h" +#include "v2/checks.h" +#include "v3/checks.h" +#include "v4/checks.h" + + + +/** + * Opérations disponibles par version. + */ + +/* Procède à la conversion de base d'une abréviation DWARF. */ +typedef bool (* check_dwarf_decl_fc) (const dw_abbrev_decl *); + +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +typedef bool (* check_dwarf_attrib_fc) (const dw_abbrev_raw_attr *); + +typedef struct _abbrev_check_op +{ + check_dwarf_decl_fc check_decl; /* Validation des déclarations */ + check_dwarf_attrib_fc check_attrib; /* Validation des attributs */ + +} abbrev_check_op; + +static const abbrev_check_op _check_ops[5] = { + + [2] = { + .check_decl = (check_dwarf_decl_fc)check_dwarfv2_abbrev_decl, + .check_attrib = (check_dwarf_attrib_fc)check_dwarfv2_abbrev_attrib + }, + + [3] = { + .check_decl = (check_dwarf_decl_fc)check_dwarfv3_abbrev_decl, + .check_attrib = (check_dwarf_attrib_fc)check_dwarfv3_abbrev_attrib + }, + + [4] = { + .check_decl = (check_dwarf_decl_fc)check_dwarfv4_abbrev_decl, + .check_attrib = (check_dwarf_attrib_fc)check_dwarfv4_abbrev_attrib + } + +}; + + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* decl = structure brute dont le contenu est à valider. * +* target = version ciblée par le format. * +* pos = emplacement de l'élément à vérifier dans le binaire.* +* * +* Description : Procède à la conversion de base d'une abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarf_abbrev_decl(GDwarfFormat *format, const dw_abbrev_decl *decl, uint16_t target, const vmpa2t *pos) +{ + bool result; /* Validité à retourner */ + char *msg; /* Message à imprimer */ + uint16_t i; /* Boucle de parcours */ + VMPA_BUFFER(loc); /* Position humainement lisible*/ + + result = false; + + if (target < 2) + { + asprintf(&msg, _("Too old DWARF compilation unit (%hu < 2) ; fixed!"), target); + + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_STRUCTURE, pos, msg); + + free(msg); + + target = 2; + + } + + for (i = target; i < ARRAY_SIZE(_check_ops); i++) + { + result = _check_ops[i].check_decl(decl); + + if (result) + break; + + } + + if (result) + { + if (i > target) + { + asprintf(&msg, _("The DWARF abbreviation declaration belongs to another version (%hu vs %hu)"), + i, target); + + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_STRUCTURE, pos, msg); + + free(msg); + + } + + } + + else + { + vmpa2_phys_to_string(pos, MDS_UNDEFINED, loc, NULL); + + log_dwarf_variadic_message(LMT_BAD_BINARY, _("Invalid abbreviation declaration at %s"), loc); + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations de débogage à consulter. * +* decl = structure brute dont le contenu est à valider. * +* target = version ciblée par le format. * +* pos = emplacement de l'élément à vérifier dans le binaire.* +* * +* Description : Procède à la conversion d'un attribut d'abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarf_abbrev_attrib(GDwarfFormat *format, const dw_abbrev_raw_attr *attr, uint16_t target, const vmpa2t *pos) +{ + bool result; /* Validité à retourner */ + char *msg; /* Message à imprimer */ + uint16_t i; /* Boucle de parcours */ + VMPA_BUFFER(loc); /* Position humainement lisible*/ + + result = false; + + if (target < 2) + { + asprintf(&msg, _("Too old DWARF compilation unit (%hu < 2) ; fixed!"), target); + + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_STRUCTURE, pos, msg); + + free(msg); + + target = 2; + + } + + for (i = target; i < ARRAY_SIZE(_check_ops); i++) + { + result = _check_ops[i].check_attrib(attr); + + if (result) + break; + + } + + if (result) + { + if (i > target) + { + asprintf(&msg, _("The DWARF abbreviation attribute belongs to another version (%hu vs %hu)"), + i, target); + + g_binary_format_add_error(G_BIN_FORMAT(format), BFE_STRUCTURE, pos, msg); + + free(msg); + + } + + } + + else + { + vmpa2_phys_to_string(pos, MDS_UNDEFINED, loc, NULL); + + log_dwarf_variadic_message(LMT_BAD_BINARY, _("Invalid abbreviation attribute at %s"), loc); + + } + + return result; + +} diff --git a/plugins/dwarf/checks.h b/plugins/dwarf/checks.h new file mode 100644 index 0000000..87c02e7 --- /dev/null +++ b/plugins/dwarf/checks.h @@ -0,0 +1,41 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * checks.h - prototypes pour les validations liées au format DWARF + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DWARF_CHECKS_H +#define _PLUGINS_DWARF_CHECKS_H + + +#include "def.h" +#include "format.h" + + + +/* Procède à la conversion de base d'une abréviation DWARF. */ +bool check_dwarf_abbrev_decl(GDwarfFormat *, const dw_abbrev_decl *, uint16_t, const vmpa2t *); + +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +bool check_dwarf_abbrev_attrib(GDwarfFormat *, const dw_abbrev_raw_attr *, uint16_t, const vmpa2t *); + + + +#endif /* _PLUGINS_DWARF_CHECKS_H */ diff --git a/plugins/dwarf/v3/dwarf.c b/plugins/dwarf/core.c index 942c289..fa7e0ec 100644 --- a/plugins/dwarf/v3/dwarf.c +++ b/plugins/dwarf/core.c @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.c - support du format DWARF v3 + * core.c - intégration du support du format DWARF * - * Copyright (C) 2015-2017 Cyrille Bagard + * Copyright (C) 2017 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,51 +21,31 @@ */ -#include "dwarf.h" +#include "core.h" -#include "../dwarf-int.h" +#include <plugins/plugin-def.h> +#include "format.h" -/* Format de débogage DWARF v3 (instance) */ -struct _GDwarfV3Format -{ - GDwarfFormat parent; /* A laisser en premier */ - -}; - -/* Format de débogage DWARF v3 (classe) */ -struct _GDwarfV3FormatClass -{ - GDwarfFormatClass parent; /* A laisser en premier */ - -}; - - -/* Initialise la classe des formats de débogage DWARF v3. */ -static void g_dwarfv3_format_class_init(GDwarfV3FormatClass *); -/* Initialise une instance de format de débogage DWARF v3. */ -static void g_dwarfv3_format_init(GDwarfV3Format *); -/* Supprime toutes les références externes. */ -static void g_dwarfv3_format_dispose(GDwarfV3Format *); +DEFINE_CHRYSALIDE_PLUGIN("dwarf", "Add support for the DWARF format", "0.1.0", + RL("PyChrysalide"), AL(PGA_PLUGIN_INIT, PGA_FORMAT_ATTACH_DEBUG)); -/* Procède à la libération totale de la mémoire. */ -static void g_dwarfv3_format_finalize(GDwarfV3Format *); +/* Conservation d'une référence au greffon pour les messages */ +static GPluginModule *_this = NULL; -/* Indique le type défini pour un format de débogage DWARF v3. */ -G_DEFINE_TYPE(GDwarfV3Format, g_dwarfv3_format, G_TYPE_DWARF_FORMAT); /****************************************************************************** * * -* Paramètres : klass = classe à initialiser. * +* Paramètres : plugin = greffon à manipuler. * * * -* Description : Initialise la classe des formats de débogage DWARF v3. * +* Description : Prend acte du chargement du greffon. * * * * Retour : - * * * @@ -73,23 +53,26 @@ G_DEFINE_TYPE(GDwarfV3Format, g_dwarfv3_format, G_TYPE_DWARF_FORMAT); * * ******************************************************************************/ -static void g_dwarfv3_format_class_init(GDwarfV3FormatClass *klass) +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *plugin) { - GObjectClass *object; /* Autre version de la classe */ + bool result; /* Bilan à retourner */ - object = G_OBJECT_CLASS(klass); + _this = plugin; - object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv3_format_dispose; - object->finalize = (GObjectFinalizeFunc)g_dwarfv3_format_finalize; + result = true; + + return result; } /****************************************************************************** * * -* Paramètres : format = instance à initialiser. * +* Paramètres : plugin = greffon à manipuler. * +* action = type d'action attendue. * +* format = format de binaire à manipuler pendant l'opération. * * * -* Description : Initialise une instance de format de débogage DWARF v3. * +* Description : Procède au rattachement d'éventuelles infos de débogage. * * * * Retour : - * * * @@ -97,36 +80,23 @@ static void g_dwarfv3_format_class_init(GDwarfV3FormatClass *klass) * * ******************************************************************************/ -static void g_dwarfv3_format_init(GDwarfV3Format *format) +G_MODULE_EXPORT void chrysalide_plugin_attach_debug(const GPluginModule *plugin, PluginAction action, GExeFormat *format) { + GDbgFormat *info; -} + info = check_dwarf_format(format); - -/****************************************************************************** -* * -* Paramètres : format = instance d'objet GLib à traiter. * -* * -* Description : Supprime toutes les références externes. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv3_format_dispose(GDwarfV3Format *format) -{ - G_OBJECT_CLASS(g_dwarfv3_format_parent_class)->dispose(G_OBJECT(format)); + if (info != NULL) + g_exe_format_add_debug_info(format, info); } /****************************************************************************** * * -* Paramètres : format = instance d'objet GLib à traiter. * +* Paramètres : msg = message à faire apparaître à l'écran. * * * -* Description : Procède à la libération totale de la mémoire. * +* Description : Présente dans le journal un message simple. * * * * Retour : - * * * @@ -134,39 +104,42 @@ static void g_dwarfv3_format_dispose(GDwarfV3Format *format) * * ******************************************************************************/ -static void g_dwarfv3_format_finalize(GDwarfV3Format *format) +void log_dwarf_simple_message(LogMessageType type, const char *msg) { - G_OBJECT_CLASS(g_dwarfv3_format_parent_class)->finalize(G_OBJECT(format)); + g_plugin_module_log_simple_message(_this, type, msg); } /****************************************************************************** * * -* Paramètres : content = contenu binaire à parcourir. * -* parent = éventuel format exécutable déjà chargé. * - status = barre de statut à tenir informée. * +* Paramètres : type = espèce du message à ajouter. * +* fmt = format du message à faire apparaître à l'écran. * +* ... = éventuels arguments venant compléter le message. * * * -* Description : Prend en charge un nouveau format DWARF (v3). * +* Description : Présente dans le journal un message complexe. * * * -* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* Retour : - * * * * Remarques : - * * * ******************************************************************************/ -GBinFormat *g_dwarfv3_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) +void log_dwarf_variadic_message(LogMessageType type, const char *fmt, ...) { - GDwarfV3Format *result; /* Structure à retourner */ - - result = g_object_new(G_TYPE_DWARFV3_FORMAT, NULL); - - + va_list ap; /* Liste d'arguments variable */ + char *buffer; /* Tampon du msg reconstitué */ - g_binary_format_set_content(G_BIN_FORMAT(result), content); + va_start(ap, fmt); + buffer = build_variadic_message(fmt, ap); + va_end(ap); + if (buffer != NULL) + { + g_plugin_module_log_simple_message(_this, type, buffer); + free(buffer); - return G_BIN_FORMAT(result); + } } diff --git a/plugins/dwarf/core.h b/plugins/dwarf/core.h new file mode 100644 index 0000000..7e2c367 --- /dev/null +++ b/plugins/dwarf/core.h @@ -0,0 +1,47 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * core.h - prototypes pour l'intégration du support du format DWARF + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DWARF_CORE_H +#define _PLUGINS_DWARF_CORE_H + + +#include <plugins/plugin.h> +#include <plugins/plugin-int.h> + + + +/* Prend acte du chargement du greffon. */ +G_MODULE_EXPORT bool chrysalide_plugin_init(GPluginModule *); + +/* Procède au rattachement d'éventuelles infos de débogage. */ +G_MODULE_EXPORT void chrysalide_plugin_attach_debug(const GPluginModule *, PluginAction, GExeFormat *); + +/* Présente dans le journal un message simple. */ +void log_dwarf_simple_message(LogMessageType, const char *); + +/* Présente dans le journal un message complexe. */ +void log_dwarf_variadic_message(LogMessageType, const char *, ...); + + + +#endif /* _PLUGINS_DWARF_CORE_H */ diff --git a/plugins/dwarf/def.h b/plugins/dwarf/def.h new file mode 100644 index 0000000..cb0d836 --- /dev/null +++ b/plugins/dwarf/def.h @@ -0,0 +1,315 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * def.h - prototype pour la manipulation directe du format DWARF + * + * Copyright (C) 20018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DWARF_DEF_H +#define _PLUGINS_DWARF_DEF_H + + +#include <stdint.h> + + +#include <common/leb128.h> + + + +/* Plus petit dénominateur commun des différents en-têtes */ +typedef struct _dw_section_header +{ + uint64_t unit_length; /* Taille totale sans le champ */ + bool is_32b; /* Le format est-il sur 32b ? */ + + uint16_t version; /* Version de la section */ + +} dw_section_header; + + +/** + * § 7.5.1.1 Compilation Unit Header. + */ + +/* En-tête présente dans certaines sections */ +typedef struct _dw_compil_unit_header +{ + uint64_t unit_length; /* Taille totale sans le champ */ + bool is_32b; /* Le format est-il sur 32b ? */ + + uint16_t version; /* Version de la section */ + + uint64_t debug_abbrev_offset; /* Emplacement dans la section */ + uint8_t address_size; /* Taille des adresses */ + +} dw_compil_unit_header; + + +/** + * § 7.5.3 Abbreviations Tables. + */ + +/* En-tête de déclaration d'une abréviation */ +typedef struct _dw_abbrev_decl +{ + uleb128_t code; /* Identifiant attribué */ + uleb128_t tag; /* Identifiant attribué */ + + uint8_t has_children; /* Présence de sous-entrées ? */ + +} dw_abbrev_decl; + +/* Description d'un attribut d'une abréviation */ +typedef struct _dw_abbrev_raw_attr +{ + uleb128_t name; /* Désignation de l'attribut */ + uleb128_t form; /* Nature de sa valeur */ + +} dw_abbrev_raw_attr; + +/* Figure 18. Tag encodings */ + +typedef enum _DwarfTag +{ + DW_TAG_array_type = 0x01, + DW_TAG_class_type = 0x02, + DW_TAG_entry_point = 0x03, + DW_TAG_enumeration_type = 0x04, + DW_TAG_formal_parameter = 0x05, + DW_TAG_imported_declaration = 0x08, + DW_TAG_label = 0x0a, + DW_TAG_lexical_block = 0x0b, + DW_TAG_member = 0x0d, + DW_TAG_pointer_type = 0x0f, + DW_TAG_reference_type = 0x10, + DW_TAG_compile_unit = 0x11, + DW_TAG_string_type = 0x12, + DW_TAG_structure_type = 0x13, + DW_TAG_subroutine_type = 0x15, + DW_TAG_typedef = 0x16, + DW_TAG_union_type = 0x17, + DW_TAG_unspecified_parameters = 0x18, + DW_TAG_variant = 0x19, + DW_TAG_common_block = 0x1a, + DW_TAG_common_inclusion = 0x1b, + DW_TAG_inheritance = 0x1c, + DW_TAG_inlined_subroutine = 0x1d, + DW_TAG_module = 0x1e, + DW_TAG_ptr_to_member_type = 0x1f, + DW_TAG_set_type = 0x20, + DW_TAG_subrange_type = 0x21, + DW_TAG_with_stmt = 0x22, + DW_TAG_access_declaration = 0x23, + DW_TAG_base_type = 0x24, + DW_TAG_catch_block = 0x25, + DW_TAG_const_type = 0x26, + DW_TAG_constant = 0x27, + DW_TAG_enumerator = 0x28, + DW_TAG_file_type = 0x29, + DW_TAG_friend = 0x2a, + DW_TAG_namelist = 0x2b, + DW_TAG_namelist_item = 0x2c, + DW_TAG_packed_type = 0x2d, + DW_TAG_subprogram = 0x2e, + DW_TAG_template_type_parameter = 0x2f, + DW_TAG_template_value_parameter = 0x30, + DW_TAG_thrown_type = 0x31, + DW_TAG_try_block = 0x32, + DW_TAG_variant_part = 0x33, + DW_TAG_variable = 0x34, + DW_TAG_volatile_type = 0x35, + + /* Nouveautés v.3 */ + + DW_TAG_dwarf_procedure = 0x36, + DW_TAG_restrict_type = 0x37, + DW_TAG_interface_type = 0x38, + DW_TAG_namespace = 0x39, + DW_TAG_imported_module = 0x3a, + DW_TAG_unspecified_type = 0x3b, + DW_TAG_partial_unit = 0x3c, + DW_TAG_imported_unit = 0x3d, + DW_TAG_condition = 0x3f, + DW_TAG_shared_type = 0x40, + + /* Nouveautés v.4 */ + + DW_TAG_type_unit = 0x41, + DW_TAG_rvalue_reference_type = 0x42, + DW_TAG_template_alias = 0x43, + + /* Possiblités d'extensions */ + + DW_TAG_lo_user = 0x4080, + DW_TAG_hi_user = 0xffff + +} DwarfTag; + +/* Figure 19. Child determination encodings. */ + +#define DW_CHILDREN_no 0x00 +#define DW_CHILDREN_yes 0x01 + +/* Figure 20. Attribute encodings */ +typedef enum _DwarfAttrib +{ + DW_AT_sibling = 0x01, + DW_AT_location = 0x02, + DW_AT_name = 0x03, + DW_AT_ordering = 0x09, + DW_AT_byte_size = 0x0b, + DW_AT_bit_offset = 0x0c, + DW_AT_bit_size = 0x0d, + DW_AT_stmt_list = 0x10, + DW_AT_low_pc = 0x11, + DW_AT_high_pc = 0x12, + DW_AT_language = 0x13, + DW_AT_discr = 0x15, + DW_AT_discr_value = 0x16, + DW_AT_visibility = 0x17, + DW_AT_import = 0x18, + DW_AT_string_length = 0x19, + DW_AT_common_reference = 0x1a, + DW_AT_comp_dir = 0x1b, + DW_AT_const_value = 0x1c, + DW_AT_containing_type = 0x1d, + DW_AT_default_value = 0x1e, + DW_AT_inline = 0x20, + DW_AT_is_optional = 0x21, + DW_AT_lower_bound = 0x22, + DW_AT_producer = 0x25, + DW_AT_prototyped = 0x27, + DW_AT_return_addr = 0x2a, + DW_AT_start_scope = 0x2c, + DW_AT_bit_stride = 0x2e, + DW_AT_upper_bound = 0x2f, + DW_AT_abstract_origin = 0x31, + DW_AT_accessibility = 0x32, + DW_AT_address_class = 0x33, + DW_AT_artificial = 0x34, + DW_AT_base_types = 0x35, + DW_AT_calling_convention = 0x36, + DW_AT_count = 0x37, + DW_AT_data_member_location = 0x38, + DW_AT_decl_column = 0x39, + DW_AT_decl_file = 0x3a, + DW_AT_decl_line = 0x3b, + DW_AT_declaration = 0x3c, + DW_AT_discr_list = 0x3d, + DW_AT_encoding = 0x3e, + DW_AT_external = 0x3f, + DW_AT_frame_base = 0x40, + DW_AT_friend = 0x41, + DW_AT_identifier_case = 0x42, + DW_AT_macro_info = 0x43, + DW_AT_namelist_item = 0x44, + DW_AT_priority = 0x45, + DW_AT_segment = 0x46, + DW_AT_specification = 0x47, + DW_AT_static_link = 0x48, + DW_AT_type = 0x49, + DW_AT_use_location = 0x4a, + DW_AT_variable_parameter = 0x4b, + DW_AT_virtuality = 0x4c, + DW_AT_vtable_elem_location = 0x4d, + + /* Nouveautés v3 */ + + DW_AT_allocated = 0x4e, + DW_AT_associated = 0x4f, + DW_AT_data_location = 0x50, + DW_AT_byte_stride = 0x51, + DW_AT_entry_pc = 0x52, + DW_AT_use_UTF8 = 0x53, + DW_AT_extension = 0x54, + DW_AT_ranges = 0x55, + DW_AT_trampoline = 0x56, + DW_AT_call_column = 0x57, + DW_AT_call_file = 0x58, + DW_AT_call_line = 0x59, + DW_AT_description = 0x5a, + DW_AT_binary_scale = 0x5b, + DW_AT_decimal_scale = 0x5c, + DW_AT_small = 0x5d, + DW_AT_decimal_sign = 0x5e, + DW_AT_digit_count = 0x5f, + DW_AT_picture_string = 0x60, + DW_AT_mutable = 0x61, + DW_AT_threads_scaled = 0x62, + DW_AT_explicit = 0x63, + DW_AT_object_pointer = 0x64, + DW_AT_endianity = 0x65, + DW_AT_elemental = 0x66, + DW_AT_pure = 0x67, + DW_AT_recursive = 0x68, + + /* Nouveautés v4 */ + + DW_AT_signature = 0x69, + DW_AT_main_subprogram = 0x6a, + DW_AT_data_bit_offset = 0x6b, + DW_AT_const_expr = 0x6c, + DW_AT_enum_class = 0x6d, + DW_AT_linkage_name = 0x6e, + + /* Possiblités d'extensions */ + + DW_AT_lo_user = 0x2000, + DW_AT_hi_user = 0x3fff, + +} DwarfAttrib; + +/* Figure 21. Attribute form encodings. */ + +typedef enum _DwarfForm +{ + DW_FORM_addr = 0x01, + DW_FORM_block2 = 0x03, + DW_FORM_block4 = 0x04, + DW_FORM_data2 = 0x05, + DW_FORM_data4 = 0x06, + DW_FORM_data8 = 0x07, + DW_FORM_string = 0x08, + DW_FORM_block = 0x09, + DW_FORM_block1 = 0x0a, + DW_FORM_data1 = 0x0b, + DW_FORM_flag = 0x0c, + DW_FORM_sdata = 0x0d, + DW_FORM_strp = 0x0e, + DW_FORM_udata = 0x0f, + DW_FORM_ref_addr = 0x10, + DW_FORM_ref1 = 0x11, + DW_FORM_ref2 = 0x12, + DW_FORM_ref4 = 0x13, + DW_FORM_ref8 = 0x14, + DW_FORM_ref_udata = 0x15, + DW_FORM_indirect = 0x16, + + /* Nouveautés v4 */ + + DW_FORM_sec_offset = 0x17, + DW_FORM_exprloc = 0x18, + DW_FORM_flag_present = 0x19, + DW_FORM_ref_sig8 = 0x20 + +} DwarfForm; + + + +#endif /* _PLUGINS_DWARF_DEF_H */ diff --git a/plugins/dwarf/die.c b/plugins/dwarf/die.c index 0c1887c..0a8cbec 100644 --- a/plugins/dwarf/die.c +++ b/plugins/dwarf/die.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * die.c - gestion des entrées renvoyant à des informations de débogage * - * Copyright (C) 2016-2017 Cyrille Bagard + * Copyright (C) 2016-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,13 +24,6 @@ #include "die.h" -#include <assert.h> -#include <malloc.h> - - -#include "dwarf-int.h" - - /** * § 2.1 The Debugging Information Entry (DIE). @@ -38,14 +31,9 @@ typedef struct _dw_die { - unsigned int level; /* Niveau hiérarchique */ - phys_t offset; /* Position dans le flux */ - - const dw_abbrev *abbrev; /* Lien vers la représentation */ - dw_value *values; /* Liste des valeurs associées */ + size_t values_count; /* Taille de cette liste */ - bool has_children; /* Feuille ou noeud de l'arbre */ struct _dw_die **children; /* Liste d'éventuels enfants */ size_t children_count; /* Taille de cette liste */ @@ -55,13 +43,13 @@ typedef struct _dw_die /****************************************************************************** * * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* endian = boutisme reconnu dans le format. * -* header = en-tête de description de l'unité à traiter. * -* die = emplacement de stockage de l'entrée ou NULL. [OUT] * +* Paramètres : format = informations chargées à consulter. * +* content = contenu encadré à parcourir. * +* pos = position de début de lecture. [OUT] * +* cu = en-tête de description de l'unité à traiter. * +* die = emplacement de stockage de l'entrée ou NULL. [OUT] * * * -* Description : Procède à la lecture de l'en-tête d'une unité de compilation.* +* Description : Procède à la lecture d'un élément d'information de débogage. * * * * Retour : Bilan de l'opération. * * * @@ -69,50 +57,67 @@ typedef struct _dw_die * * ******************************************************************************/ -bool build_dwarf_die(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die **die) +bool build_dwarf_die(GDwarfFormat *format, GBinContent *content, vmpa2t *pos, const dw_compil_unit_header *cu, const dw_abbrev_brotherhood *abbrevs, dw_die **die) { + bool result; /* Bilan à retourner */ uleb128_t code; /* Code de la description liée */ bool status; /* Bilan de la lecture */ const dw_abbrev *abbrev; /* Lien vers la représentation */ dw_value *values; /* Liste des valeurs associées */ + dw_die *child; /* Sous-élément à intégrer */ - *die = NULL; + result = false; /** * § 7.5.2 Debugging Information Entry. */ - status = g_binary_content_read_uleb128(G_BIN_FORMAT(format)->content, pos, &code); - if (!status) return false; + status = g_binary_content_read_uleb128(content, pos, &code); + if (!status) goto exit; - printf("[ok] code = 0x%llx\n", (unsigned long long)code); + if (code == 0) + { + *die = NULL; + goto end_of_sibling; + } - if (code == 0) return true; + abbrev = find_dwarf_abbreviation(abbrevs, code); + if (abbrev == NULL) goto exit; - abbrev = find_dwarf_abbreviations(format, code); + values = translate_abbrev_attribs(abbrev, format, content, pos, cu); + if (values == NULL) goto exit; - printf("[ok] abbrev = %p\n", abbrev); + *die = calloc(1, sizeof(dw_die)); - printf("----------------------\n"); - - - values = translate_abbreviation_attributes(format, abbrev, header, pos); - if (values == NULL) return false; + (*die)->values = values; + (*die)->values_count = dwarf_abbreviation_count_attribs(abbrev); - printf("[ok] values = %p\n", values); + if (has_abbrev_children(abbrev)) + while (true) + { + status = build_dwarf_die(format, content, pos, cu, abbrevs, &child); + if (!status) + { + delete_dwarf_die(*die); + goto exit; + } + if (child == NULL) + break; - *die = (dw_die *)calloc(1, sizeof(dw_die)); + (*die)->children = realloc((*die)->children, ++(*die)->children_count * sizeof(dw_die *)); + (*die)->children[(*die)->children_count - 1] = child; - (*die)->abbrev = abbrev; + } - (*die)->values = values; + end_of_sibling: - (*die)->has_children = dwarf_abbreviation_has_children(abbrev); + result = true; + exit: - return true; + return result; } @@ -134,7 +139,7 @@ void delete_dwarf_die(dw_die *die) size_t i; /* Boucle de parcours */ if (die->values != NULL) - free(die->values); + free_abbrev_attribs(die->values, die->values_count); for (i = 0; i < die->children_count; i++) delete_dwarf_die(die->children[i]); @@ -145,159 +150,3 @@ void delete_dwarf_die(dw_die *die) free(die); } - - -/****************************************************************************** -* * -* Paramètres : die = entrée à consulter. * -* * -* Description : Fournit un lien vers l'abréviation de représentation. * -* * -* Retour : Structure de représentation en place. * -* * -* Remarques : - * -* * -******************************************************************************/ - -const dw_abbrev *dw_die_get_abbrev(const dw_die *die) -{ - return die->abbrev; - -} - - -/****************************************************************************** -* * -* Paramètres : die = entrée à consulter. * -* index = indice de cet attribut dans l'ensemble. * -* * -* Description : Fournit un lien vers l'abréviation de représentation. * -* * -* Retour : Valeur recherchée ou NULL en cas d'erreur. * -* * -* Remarques : - * -* * -******************************************************************************/ - -const dw_form_value *dw_die_peek_value(const dw_die *die, size_t index) -{ - dw_form_value *result; /* Valeur ciblée à retourner */ - - if (index >= dwarf_abbreviation_count_attribs(die->abbrev)) - return NULL; - - result = &die->values[index].value; - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : die = entrée d'information à consulter. * -* attrib = désignation de l'attribut à retrouver. * -* form = type de valeur attendu pour un attribut donné. [OUT]* -* * -* Description : Fournit un lien vers l'abréviation de représentation. * -* * -* Retour : Valeur recherchée ou NULL en cas d'erreur. * -* * -* Remarques : - * -* * -******************************************************************************/ - -const dw_form_value *dw_die_peek_extended_value(const dw_die *die, DwarfAttrib attrib, DwarfForm *form) -{ - const dw_form_value *result; /* Valeur ciblée à retourner */ - size_t index; /* Indice d'élément à relire */ - bool status; /* Bilan d'une récupération */ - - status = dwarf_abbreviation_get_attrib_index(die->abbrev, attrib, &index); - if (!status) return NULL; - - status = dwarf_abbreviation_get_form_for_index(die->abbrev, index, form); - if (!status) return NULL; - - result = dw_die_peek_value(die, index); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : die = entrée à consulter. * -* * -* Description : Indique si une entrée de débogage possède des enfants. * -* * -* Retour : true ou false selon la situation. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool dw_die_has_children(const dw_die *die) -{ - return die->has_children; - -} - - -/****************************************************************************** -* * -* Paramètres : die = entrée à consulter. * -* * -* Description : Indique si une entrée de débogage possède des enfants. * -* * -* Retour : true ou false selon la situation. * -* * -* Remarques : - * -* * -******************************************************************************/ - -void dw_die_append_child(dw_die *die, dw_die *child) -{ - assert(die->has_children); - - die->children = (dw_die **)realloc(die->children, ++die->children_count * sizeof(dw_die *)); - - die->children[die->children_count - 1] = child; - -} - - - -/* ---------------------------------------------------------------------------------- */ -/* TRAITEMENT PAR ENSEMBLES */ -/* ---------------------------------------------------------------------------------- */ - - -/****************************************************************************** -* * -* Paramètres : root = entrée première à consulter. * -* visitor = intervention régulière à respecter. * -* data = données quelconques à associer aux visites. * -* * -* Description : Entame une grande tournée de toutes les entrées présentes. * -* * -* Retour : true si l'opération s'est déroulée complètement, false sinon.* -* * -* Remarques : - * -* * -******************************************************************************/ - -bool dw_die_visit(dw_die *root, visit_dies_fc visitor, void *data) -{ - bool result; /* Bilan à retourner */ - size_t i; /* Boucle de parcours */ - - result = visitor(root, data); - - for (i = 0; i < root->children_count && result; i++) - result = dw_die_visit(root->children[i], visitor, data); - - return result; - -} diff --git a/plugins/dwarf/die.h b/plugins/dwarf/die.h index 8bff4a9..6d85d56 100644 --- a/plugins/dwarf/die.h +++ b/plugins/dwarf/die.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * die.h - prototypes pour la gestion des entrées renvoyant à des informations de débogage * - * Copyright (C) 2016-2017 Cyrille Bagard + * Copyright (C) 2016-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,16 +21,19 @@ */ -#ifndef _FORMAT_DWARF_DIE_H -#define _FORMAT_DWARF_DIE_H +#ifndef _PLUGINS_DWARF_DIE_H +#define _PLUGINS_DWARF_DIE_H #include <stdbool.h> +#include <analysis/content.h> + + #include "abbrev.h" -#include "dwarf.h" -#include "dwarf_def.h" +#include "def.h" +#include "format.h" @@ -38,39 +41,12 @@ typedef struct _dw_die dw_die; -/* Procède à la lecture de l'en-tête d'une unité de compilation. */ -bool build_dwarf_die(GDwarfFormat *, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die **); +/* Procède à la lecture d'un élément d'information de débogage. */ +bool build_dwarf_die(GDwarfFormat *, GBinContent *, vmpa2t *, const dw_compil_unit_header *, const dw_abbrev_brotherhood *, dw_die **); /* Supprime les éléments mis en place pour une entrée d'info. */ void delete_dwarf_die(dw_die *); -/* Fournit un lien vers l'abréviation de représentation. */ -const dw_abbrev *dw_die_get_abbrev(const dw_die *); - -/* Fournit un lien vers l'abréviation de représentation. */ -const dw_form_value *dw_die_peek_value(const dw_die *, size_t); - -/* Fournit un lien vers l'abréviation de représentation. */ -const dw_form_value *dw_die_peek_extended_value(const dw_die *, DwarfAttrib, DwarfForm *); - -/* Indique si une entrée de débogage possède des enfants. */ -bool dw_die_has_children(const dw_die *); - -/* Indique si une entrée de débogage possède des enfants. */ -void dw_die_append_child(dw_die *, dw_die *); - - - -/* ---------------------------- TRAITEMENT PAR ENSEMBLES ---------------------------- */ - - -/* Procédure appelée pour chaque élément recontré pendant une visite. */ -typedef bool (* visit_dies_fc) (const dw_die *, void *); - - -/* Entame une grande tournée de toutes les entrées présentes. */ -bool dw_die_visit(dw_die *, visit_dies_fc, void *); - -#endif /* _FORMAT_DWARF_DIE_H */ +#endif /* _PLUGINS_DWARF_DIE_H */ diff --git a/plugins/dwarf/dwarf-int.c b/plugins/dwarf/dwarf-int.c deleted file mode 100644 index 365414b..0000000 --- a/plugins/dwarf/dwarf-int.c +++ /dev/null @@ -1,207 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf-int.c - structures internes du format DWARF - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "dwarf-int.h" - - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* attr = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'un attribut d'abréviation DWARF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_abbrev_attr(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev_raw_attr *attr) -{ - bool result; /* Bilan à retourner */ - const GBinContent *content; /* Contenu binaire à lire */ - - content = G_BIN_FORMAT(format)->content; - - result = g_binary_content_read_uleb128(content, pos, &attr->name); - result &= g_binary_content_read_uleb128(content, pos, &attr->form); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* decl = structure lue à retourner. [OUT] * -* * -* Description : Procède à la lecture d'une déclaration d'abréviation DWARF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_abbrev_decl(const GDwarfFormat *format, vmpa2t *pos, dw_abbrev_decl *decl) -{ - bool result; /* Bilan à retourner */ - const GBinContent *content; /* Contenu binaire à lire */ - - content = G_BIN_FORMAT(format)->content; - - result = g_binary_content_read_uleb128(content, pos, &decl->code); - result &= g_binary_content_read_uleb128(content, pos, &decl->tag); - result &= g_binary_content_read_u8(content, pos, &decl->has_children); - - return result; - -} - - - - - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* endian = boutisme reconnu dans le format. * -* header = en-tête à déterminer. [OUT] * -* * -* Description : Procède à la lecture de l'en-tête d'un contenu binaire DWARF.* -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_section_header(GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_section_header *header) -{ - bool result; /* Bilan à retourner */ - uint32_t first; /* Premier paquet d'octets */ - bool status; /* Bilan d'opération */ - - result = false; - - status = g_binary_content_read_u32(content, pos, endian, &first); - if (!status) goto rdsh_exit; - - if (first >= 0xfffffff0 && first != 0xffffffff) - goto rdsh_exit; - - if (first == 0xffffffff) - { - result = g_binary_content_read_u64(content, pos, endian, &header->unit_length); - header->is_32b = false; - } - else - { - result = true; - header->unit_length = first; - header->is_32b = true; - } - - result &= g_binary_content_read_u16(content, pos, endian, &header->version); - - rdsh_exit: - - return result; - -} - - - - - - - - - - - - - - - - -/****************************************************************************** -* * -* Paramètres : format = informations chargées à consulter. * -* pos = position de début de lecture. [OUT] * -* endian = boutisme reconnu dans le format. * -* header = en-tête à déterminer. [OUT] * -* * -* Description : Procède à la lecture de l'en-tête d'une unité de compilation.* -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_compil_unit_header(GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_compil_unit_header *header) -{ - bool result; /* Bilan à retourner */ - uint32_t val32; /* Premier paquet d'octets */ - bool status; /* Bilan d'opération */ - - result = read_dwarf_section_header(content, pos, endian, (dw_section_header *)header); - if (!result) goto rdcuh_exit; - - if (header->is_32b) - { - status = g_binary_content_read_u32(content, pos, endian, &val32); - if (!status) goto rdcuh_exit; - - header->debug_abbrev_offset = val32; - - } - else - { - status = g_binary_content_read_u64(content, pos, endian, &header->debug_abbrev_offset); - if (!status) goto rdcuh_exit; - - } - - result &= g_binary_content_read_u8(content, pos, &header->address_size); - - rdcuh_exit: - - return result; - -} - - - - - - - diff --git a/plugins/dwarf/dwarf-int.h b/plugins/dwarf/dwarf-int.h deleted file mode 100644 index 6f8f921..0000000 --- a/plugins/dwarf/dwarf-int.h +++ /dev/null @@ -1,185 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf-int.h - prototypes pour les structures internes du format DWARF - * - * Copyright (C) 2008-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _FORMAT_DWARF_DWARF_INT_H -#define _FORMAT_DWARF_DWARF_INT_H - - -#include "dwarf.h" - - -#include <stdint.h> - - - - -#include "../debuggable-int.h" - -#include "abbrev.h" -#include "die.h" -#include "dwarf_def.h" - - - - - -/* Procède à la lecture d'un attribut d'abréviation DWARF. */ -bool read_dwarf_abbrev_attr(const GDwarfFormat *, vmpa2t *, dw_abbrev_raw_attr *); - -/* Procède à la lecture d'une déclaration d'abréviation DWARF. */ -bool read_dwarf_abbrev_decl(const GDwarfFormat *, vmpa2t *, dw_abbrev_decl *); - - - - -/* En-tête présente dans certaines sections */ -typedef struct _dw_section_header -{ - uint64_t unit_length; /* Taille totale sans le champ */ - bool is_32b; /* Le format est-il sur 32b ? */ - - uint16_t version; /* Version de la section */ - -} dw_section_header; - - - - - - -/* Procède à la lecture de l'en-tête d'un contenu binaire ELF. */ -bool read_dwarf_section_header(GBinContent *, vmpa2t *, SourceEndian, dw_section_header *); - - - - - -/* Procède à la lecture de l'en-tête d'une unité de compilation. */ -bool read_dwarf_compil_unit_header(GBinContent *, vmpa2t *, SourceEndian, dw_compil_unit_header *); - - - -///--------------------- - - - - -//------------------------------- - - - - - -/* Lit la valeur correspondant à un type donné. */ -typedef bool (* read_form_value_fc) (const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_form_value *); - - -/* Format de débogage DWARF (instance) */ -struct _GDwarfFormat -{ - GDbgFormat parent; /* A laisser en premier */ - - dw_abbrev *abbreviations; /* Racine des abbréviations */ - - - dw_die *info_die; - - - -}; - -/* Format de débogage DWARF (classe) */ -struct _GDwarfFormatClass -{ - GDbgFormatClass parent; /* A laisser en premier */ - - read_form_value_fc read_form; /* lecture de valeurs formatées*/ - -}; - - - - - -/* Charge de façon générique toutes les informations DWARF. */ -bool g_dwarf_format_load(GDwarfFormat *, GExeFormat *); - - - - - - - - - - - - - - - - -/* Format du DWARF */ -typedef enum _DwarfFormat -{ - DWF_32_BITS, /* Mode 32 bits */ - DWF_64_BITS /* Mode 64 bits */ - -} DwarfFormat; - - - - - -/* Eléments récupérés sur une fonction */ -typedef struct _dw_dbg_function -{ - char *name; /* Nom de la fonction */ - char *prototype; /* Chaîne descriptive */ - - uint64_t low_pc; /* Début de la fonction */ - uint64_t high_pc; /* Fin de la fonction */ - -} dw_dbg_function; - - -#if 0 -/* Description du format DWARF */ -struct _dwarf_format -{ - dbg_format dummy; /* A laisser en premier */ - - DwarfFormat format; /* Format de l'instance */ - - dw_abbrev **abbrevs; /* Liste des abréviations */ - size_t abbrevs_count; /* Nombre de ces abréviations */ - - dw_dbg_function **dbg_functions; /* Liste de fonctions trouvées */ - size_t dbg_fc_count; /* Nombre de ces fonctions */ - -}; -#endif - - - -#endif /* _FORMAT_DWARF_DWARF_INT_H */ diff --git a/plugins/dwarf/dwarf_def.h b/plugins/dwarf/dwarf_def.h deleted file mode 100644 index 6641576..0000000 --- a/plugins/dwarf/dwarf_def.h +++ /dev/null @@ -1,830 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf_def.h - liste des constantes utilisées par le format DWARF - * - * Copyright (C) 2008-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _FORMAT_DWARF_DWARF_DEF_H -#define _FORMAT_DWARF_DWARF_DEF_H - - - -#include <stdint.h> - - -#include "../../arch/vmpa.h" -#include "../../common/leb128.h" - - - - -/** - * § 7.5.1.1 Compilation Unit Header. - */ - -/* En-tête présente dans certaines sections */ -typedef struct _dw_compil_unit_header -{ - uint64_t unit_length; /* Taille totale sans le champ */ - bool is_32b; /* Le format est-il sur 32b ? */ - - uint16_t version; /* Version de la section */ - - uint64_t debug_abbrev_offset; /* Emplacement dans la section */ - uint8_t address_size; /* Taille des adresses */ - -} dw_compil_unit_header; - - -/** - * § 7.5.4 Attribute Encodings - */ - -/* Figure 18, Tag encodings, begins here. */ - -typedef enum _DwarfTag -{ - DW_TAG_array_type = 0x01, - DW_TAG_class_type = 0x02, - DW_TAG_entry_point = 0x03, - DW_TAG_enumeration_type = 0x04, - DW_TAG_formal_parameter = 0x05, - DW_TAG_imported_declaration = 0x08, - DW_TAG_label = 0x0a, - DW_TAG_lexical_block = 0x0b, - DW_TAG_member = 0x0d, - DW_TAG_pointer_type = 0x0f, - DW_TAG_reference_type = 0x10, - DW_TAG_compile_unit = 0x11, - DW_TAG_string_type = 0x12, - DW_TAG_structure_type = 0x13, - DW_TAG_subroutine_type = 0x15, - DW_TAG_typedef = 0x16, - DW_TAG_union_type = 0x17, - DW_TAG_unspecified_parameters = 0x18, - DW_TAG_variant = 0x19, - DW_TAG_common_block = 0x1a, - DW_TAG_common_inclusion = 0x1b, - DW_TAG_inheritance = 0x1c, - DW_TAG_inlined_subroutine = 0x1d, - DW_TAG_module = 0x1e, - DW_TAG_ptr_to_member_type = 0x1f, - DW_TAG_set_type = 0x20, - DW_TAG_subrange_type = 0x21, - DW_TAG_with_stmt = 0x22, - DW_TAG_access_declaration = 0x23, - DW_TAG_base_type = 0x24, - DW_TAG_catch_block = 0x25, - DW_TAG_const_type = 0x26, - DW_TAG_constant = 0x27, - DW_TAG_enumerator = 0x28, - DW_TAG_file_type = 0x29, - DW_TAG_friend = 0x2a, - DW_TAG_namelist = 0x2b, - DW_TAG_namelist_item = 0x2c, - DW_TAG_packed_type = 0x2d, - DW_TAG_subprogram = 0x2e, - DW_TAG_template_type_parameter = 0x2f, - DW_TAG_template_value_parameter = 0x30, - DW_TAG_thrown_type = 0x31, - DW_TAG_try_block = 0x32, - DW_TAG_variant_part = 0x33, - DW_TAG_variable = 0x34, - DW_TAG_volatile_type = 0x35, - - DW_TAG_dwarf_procedure = 0x36, - DW_TAG_restrict_type = 0x37, - DW_TAG_interface_type = 0x38, - DW_TAG_namespace = 0x39, - DW_TAG_imported_module = 0x3a, - DW_TAG_unspecified_type = 0x3b, - DW_TAG_partial_unit = 0x3c, - DW_TAG_imported_unit = 0x3d, - DW_TAG_condition = 0x3f, - DW_TAG_shared_type = 0x40, - - /* Nouveautés v.4 */ - - DW_TAG_type_unit = 0x41, - DW_TAG_rvalue_reference_type = 0x42, - DW_TAG_template_alias = 0x43, - - DW_TAG_lo_user = 0x4080, - DW_TAG_hi_user = 0xffff - -} DwarfTag; - -/* Figure 19. Child determination encodings. */ - -#define DW_CHILDREN_no 0x00 -#define DW_CHILDREN_yes 0x01 - -/* Figure 21. Attribute form encodings. */ - -typedef enum _DwarfForm -{ - DW_FORM_invalid = 0x00, - - DW_FORM_addr = 0x01, - DW_FORM_block2 = 0x03, - DW_FORM_block4 = 0x04, - DW_FORM_data2 = 0x05, - DW_FORM_data4 = 0x06, - DW_FORM_data8 = 0x07, - DW_FORM_string = 0x08, - DW_FORM_block = 0x09, - DW_FORM_block1 = 0x0a, - DW_FORM_data1 = 0x0b, - DW_FORM_flag = 0x0c, - DW_FORM_sdata = 0x0d, - DW_FORM_strp = 0x0e, - DW_FORM_udata = 0x0f, - DW_FORM_ref_addr = 0x10, - DW_FORM_ref1 = 0x11, - DW_FORM_ref2 = 0x12, - DW_FORM_ref4 = 0x13, - DW_FORM_ref8 = 0x14, - DW_FORM_ref_udata = 0x15, - DW_FORM_indirect = 0x16, - - /* Nouveautés v4 */ - - DW_FORM_sec_offset = 0x17, - DW_FORM_exprloc = 0x18, - DW_FORM_flag_present = 0x19, - DW_FORM_ref_sig8 = 0x20 - -} DwarfForm; - - - - - - -/* Résumé des différentes valeurs dans DWARF v2 */ -typedef union _dw_v2_form_value -{ - /* DW_FORM_addr */ - virt_t address; - - /* DW_FORM_data[1248] */ - uint8_t data1; - uint16_t data2; - uint32_t data4; - uint64_t data8; - - /* DW_FORM_sdata */ - leb128_t sdata; - - /* DW_FORM_udata */ - uleb128_t udata; - - /* DW_FORM_block[124]? */ - struct - { - const bin_t *start; - phys_t size; - - } block; - - /* DW_FORM_string */ - /* DW_FORM_strp */ - const char *string; - - /* DW_FORM_flag */ - uint8_t flag; - - /* DW_FORM_ref[1248] */ - uint8_t ref1; - uint16_t ref2; - uint32_t ref4; - uint64_t ref8; - - /* DW_FORM_ref_udata */ - uleb128_t ref_udata; - -} dw_v2_form_value; - - -/* Résumé des différentes valeurs dans DWARF v4 */ -typedef union _dw_v4_form_value -{ - dw_v2_form_value v2; - - /* DW_FORM_sec_offset */ - uint64_t sec_offset; - - /* DW_FORM_exprloc */ - struct - { - const bin_t *start; - phys_t size; - - } expr; - - /* DW_FORM_flag_present */ - bool has_flag; - - /* DW_FORM_ref_sig8 */ - uint64_t signature; - -} dw_v4_form_value; - - -/* Résumé des différentes valeurs dans DWARF */ -typedef union _dw_form_value -{ - dw_v2_form_value v2; - dw_v2_form_value v4; - -} dw_form_value; - - - - - - - - - - - - - - - - - - - -/** - * § 7.5.3 Abbreviations Tables. - */ - -/* Description d'un attribut d'une abréviation */ -typedef struct _dw_abbrev_raw_attr -{ - uleb128_t name; /* Désignation de l'attribut */ - uleb128_t form; /* Nature de sa valeur */ - -} dw_abbrev_raw_attr; - -/* En-tête de déclaration d'une abréviation */ -typedef struct _dw_abbrev_decl -{ - uleb128_t code; /* Identifiant attribué */ - uleb128_t tag; /* Identifiant attribué */ - - uint8_t has_children; /* Présence de sous-entrées ? */ - -} dw_abbrev_decl; - - - - - - - - - - -/* Liste des attributs rencontrés */ -typedef enum _DwarfAttrib -{ - DW_AT_sibling = 0x01, - DW_AT_location = 0x02, - DW_AT_name = 0x03, - DW_AT_ordering = 0x09, - DW_AT_byte_size = 0x0b, - DW_AT_bit_offset = 0x0c, - DW_AT_bit_size = 0x0d, - DW_AT_stmt_list = 0x10, - DW_AT_low_pc = 0x11, - DW_AT_high_pc = 0x12, - DW_AT_language = 0x13, - DW_AT_discr = 0x15, - DW_AT_discr_value = 0x16, - DW_AT_visibility = 0x17, - DW_AT_import = 0x18, - DW_AT_string_length = 0x19, - DW_AT_common_reference = 0x1a, - DW_AT_comp_dir = 0x1b, - DW_AT_const_value = 0x1c, - DW_AT_containing_type = 0x1d, - DW_AT_default_value = 0x1e, - DW_AT_inline = 0x20, - DW_AT_is_optional = 0x21, - DW_AT_lower_bound = 0x22, - DW_AT_producer = 0x25, - DW_AT_prototyped = 0x27, - DW_AT_return_addr = 0x2a, - DW_AT_start_scope = 0x2c, - DW_AT_bit_stride = 0x2e, - DW_AT_upper_bound = 0x2f, - DW_AT_abstract_origin = 0x31, - DW_AT_accessibility = 0x32, - DW_AT_address_class = 0x33, - DW_AT_artificial = 0x34, - DW_AT_base_types = 0x35, - DW_AT_calling_convention = 0x36, - DW_AT_count = 0x37, - DW_AT_data_member_location = 0x38, - DW_AT_decl_column = 0x39, - DW_AT_decl_file = 0x3a, - DW_AT_decl_line = 0x3b, - DW_AT_declaration = 0x3c, - DW_AT_discr_list = 0x3d, - DW_AT_encoding = 0x3e, - DW_AT_external = 0x3f, - DW_AT_frame_base = 0x40, - DW_AT_friend = 0x41, - DW_AT_identifier_case = 0x42, - DW_AT_macro_info = 0x43, - DW_AT_namelist_item = 0x44, - DW_AT_priority = 0x45, - DW_AT_segment = 0x46, - DW_AT_specification = 0x47, - DW_AT_static_link = 0x48, - DW_AT_type = 0x49, - DW_AT_use_location = 0x4a, - DW_AT_variable_parameter = 0x4b, - DW_AT_virtuality = 0x4c, - DW_AT_vtable_elem_location = 0x4d, - DW_AT_allocated = 0x4e, - DW_AT_associated = 0x4f, - DW_AT_data_location = 0x50, - DW_AT_byte_stride = 0x51, - DW_AT_entry_pc = 0x52, - DW_AT_use_UTF8 = 0x53, - DW_AT_extension = 0x54, - DW_AT_ranges = 0x55, - DW_AT_trampoline = 0x56, - DW_AT_call_column = 0x57, - DW_AT_call_file = 0x58, - DW_AT_call_line = 0x59, - DW_AT_description = 0x5a, - DW_AT_binary_scale = 0x5b, - DW_AT_decimal_scale = 0x5c, - DW_AT_small = 0x5d, - DW_AT_decimal_sign = 0x5e, - DW_AT_digit_count = 0x5f, - DW_AT_picture_string = 0x60, - DW_AT_mutable = 0x61, - DW_AT_threads_scaled = 0x62, - DW_AT_explicit = 0x63, - DW_AT_object_pointer = 0x64, - DW_AT_endianity = 0x65, - DW_AT_elemental = 0x66, - DW_AT_pure = 0x67, - DW_AT_recursive = 0x68, - - /* Nouveautés v4 */ - - DW_AT_signature = 0x69, - DW_AT_main_subprogram = 0x6a, - DW_AT_data_bit_offset = 0x6b, - DW_AT_const_expr = 0x6c, - DW_AT_enum_class = 0x6d, - DW_AT_linkage_name = 0x6e, - - DW_AT_lo_user = 0x2000, - DW_AT_hi_user = 0x3fff, - -} DwarfAttrib; - - -#define DW_ATTR_invalid 0 /* FIXME */ - - -typedef struct _dw_value -{ - DwarfAttrib attrib; /* Sujet de l'élément */ - dw_form_value value; /* Valeur instanciée associée */ - -} dw_value; - - - - - - - - - - - - - - - -#if 0 - - - - - - - - - - - - - - - -/* Liste des balises rencontrées */ -typedef enum _DwarfTag -{ - DWT_NONE = 0x00, - - DWT_ARRAY_TYPE = 0x01, - DWT_CLASS_TYPE = 0x02, - DWT_ENTRY_POINT = 0x03, - DWT_ENUMERATION_TYPE = 0x04, - DWT_FORMAL_PARAMETER = 0x05, - DWT_IMPORTED_DECLARATION = 0x08, - DWT_LABEL = 0x0a, - DWT_LEXICAL_BLOCK = 0x0b, - DWT_MEMBER = 0x0d, - DWT_POINTER_TYPE = 0x0f, - DWT_REFERENCE_TYPE = 0x10, - DWT_COMPILE_UNIT = 0x11, - DWT_STRING_TYPE = 0x12, - DWT_STRUCTURE_TYPE = 0x13, - DWT_SUBROUTINE_TYPE = 0x15, - DWT_TYPEDEF = 0x16, - DWT_UNION_TYPE = 0x17, - DWT_UNSPECIFIED_PARAMETERS = 0x18, - DWT_VARIANT = 0x19, - DWT_COMMON_BLOCK = 0x1a, - DWT_COMMON_INCLUSION = 0x1b, - DWT_INHERITANCE = 0x1c, - DWT_INLINED_SUBROUTINE = 0x1d, - DWT_MODULE = 0x1e, - DWT_PTR_TO_MEMBER_TYPE = 0x1f, - DWT_SET_TYPE = 0x20, - DWT_SUBRANGE_TYPE = 0x21, - DWT_WITH_STMT = 0x22, - DWT_ACCESS_DECLARATION = 0x23, - DWT_BASE_TYPE = 0x24, - DWT_CATCH_BLOCK = 0x25, - DWT_CONST_TYPE = 0x26, - DWT_CONSTANT = 0x27, - DWT_ENUMERATOR = 0x28, - DWT_FILE_TYPE = 0x29, - DWT_FRIEND = 0x2a, - DWT_NAMELIST = 0x2b, - - DWT_NAMELIST_ITEM = 0x2c, - DWT_PACKED_TYPE = 0x2d, - DWT_SUBPROGRAM = 0x2e, - - DWT_TEMPLATE_TYPE_PARAM = 0x2f, /* DWARF2 */ - DWT_TEMPLATE_TYPE_PARAMETER = 0x2f, /* DWARF3 */ - DWT_TEMPLATE_VALUE_PARAM = 0x30, /* DWARF2 */ - DWT_TEMPLATE_VALUE_PARAMETER = 0x30, /* DWARF3 */ - DWT_THROWN_TYPE = 0x31, - DWT_TRY_BLOCK = 0x32, - DWT_VARIANT_PART = 0x33, - DWT_VARIABLE = 0x34, - DWT_VOLATILE_TYPE = 0x35, - DWT_DWARF_PROCEDURE = 0x36, /* DWARF3 */ - DWT_RESTRICT_TYPE = 0x37, /* DWARF3 */ - DWT_INTERFACE_TYPE = 0x38, /* DWARF3 */ - DWT_NAMESPACE = 0x39, /* DWARF3 */ - DWT_IMPORTED_MODULE = 0x3a, /* DWARF3 */ - DWT_UNSPECIFIED_TYPE = 0x3b, /* DWARF3 */ - DWT_PARTIAL_UNIT = 0x3c, /* DWARF3 */ - DWT_IMPORTED_UNIT = 0x3d, /* DWARF3 */ - - DWT_MUTABLE_TYPE = 0x3e, /* Oublié en faveur des deux suivantes (DWARF3 -> DWARF3f) */ - DWT_CONDITION = 0x3f, /* DWARF3f */ - DWT_SHARED_TYPE = 0x40, /* DWARF3f */ - - DWT_LO_USER = 0x4080, - - DWT_MIPS_LOOP = 0x4081, - - /* Extensions HP */ - - DWT_HP_ARRAY_DESCRIPTOR = 0x4090, - - /* Extensions GNU */ - - DWT_GNU_FORMAT_LABEL = 0x4101, /* Fortran. */ - DWT_GNU_FUNCTION_TEMPLATE = 0x4102, /* C++ */ - DWT_GNU_CLASS_TEMPLATE = 0x4103, /* C++ */ - DWT_GNU_BINCL = 0x4104, - DWT_GNU_EINCL = 0x4105, - - /* Extensions ALTIUM */ - - DWT_ALTIUM_CIRC_TYPE = 0x5101, /* DSP-C/Starcore __circ qualifier */ - DWT_ALTIUM_MWA_CIRC_TYPE = 0x5102, /* Starcore __mwa_circ qualifier */ - DWT_ALTIUM_REV_CARRY_TYPE = 0x5103, /* Starcore __rev_carry qualifier */ - DWT_ALTIUM_ROM = 0x5111, /* M16 __rom qualifier */ - - /* Extensions pour le support UPC */ - - DWT_UPC_SHARED_TYPE = 0x8765, - DWT_UPC_STRICT_TYPE = 0x8766, - DWT_UPC_RELAXED_TYPE = 0x8767, - - /* Extensions PGI (STMicroelectronics) */ - - DWT_PGI_KANJI_TYPE = 0xa000, - DWT_PGI_INTERFACE_BLOCK = 0xa020, - - /* Extensions SUN */ - - DWT_SUN_FUNCTION_TEMPLATE = 0x4201, - DWT_SUN_CLASS_TEMPLATE = 0x4202, - DWT_SUN_STRUCT_TEMPLATE = 0x4203, - DWT_SUN_UNION_TEMPLATE = 0x4204, - DWT_SUN_INDIRECT_INHERITANCE = 0x4205, - DWT_SUN_CODEFLAGS = 0x4206, - DWT_SUN_MEMOP_INFO = 0x4207, - DWT_SUN_OMP_CHILD_FUNC = 0x4208, - DWT_SUN_RTTI_DESCRIPTOR = 0x4209, - DWT_SUN_DTOR_INFO = 0x420a, - DWT_SUN_DTOR = 0x420b, - DWT_SUN_F90_INTERFACE = 0x420c, - DWT_SUN_FORTRAN_VAX_STRUCTURE = 0x420d, - DWT_SUN_HI = 0x42ff, - - DWT_HI_USER = 0xffff - -} DwarfTag; - - -#define DW_CHILDREN_NO 0x00 -#define DW_CHILDREN_YES 0x01 - - -/* Liste des attributs rencontrés */ -typedef enum _DwarfAttrib -{ - DWA_SIBLING = 0x01, - DWA_LOCATION = 0x02, - DWA_NAME = 0x03, - DWA_ORDERING = 0x09, - DWA_SUBSCR_DATA = 0x0a, - DWA_BYTE_SIZE = 0x0b, - DWA_BIT_OFFSET = 0x0c, - DWA_BIT_SIZE = 0x0d, - DWA_ELEMENT_LIST = 0x0f, - DWA_STMT_LIST = 0x10, - DWA_LOW_PC = 0x11, - DWA_HIGH_PC = 0x12, - DWA_LANGUAGE = 0x13, - DWA_MEMBER = 0x14, - DWA_DISCR = 0x15, - DWA_DISCR_VALUE = 0x16, - DWA_VISIBILITY = 0x17, - DWA_IMPORT = 0x18, - DWA_STRING_LENGTH = 0x19, - DWA_COMMON_REFERENCE = 0x1a, - DWA_COMP_DIR = 0x1b, - DWA_CONST_VALUE = 0x1c, - DWA_CONTAINING_TYPE = 0x1d, - DWA_DEFAULT_VALUE = 0x1e, - DWA_INLINE = 0x20, - DWA_IS_OPTIONAL = 0x21, - DWA_LOWER_BOUND = 0x22, - DWA_PRODUCER = 0x25, - DWA_PROTOTYPED = 0x27, - DWA_RETURN_ADDR = 0x2a, - DWA_START_SCOPE = 0x2c, - DWA_BIT_STRIDE = 0x2e, /* DWARF3 */ - DWA_STRIDE_SIZE = 0x2e, /* DWARF2 */ - DWA_UPPER_BOUND = 0x2f, - DWA_ABSTRACT_ORIGIN = 0x31, - DWA_ACCESSIBILITY = 0x32, - DWA_ADDRESS_CLASS = 0x33, - DWA_ARTIFICIAL = 0x34, - DWA_BASE_TYPES = 0x35, - DWA_CALLING_CONVENTION = 0x36, - DWA_COUNT = 0x37, - DWA_DATA_MEMBER_LOCATION = 0x38, - DWA_DECL_COLUMN = 0x39, - DWA_DECL_FILE = 0x3a, - DWA_DECL_LINE = 0x3b, - DWA_DECLARATION = 0x3c, - DWA_DISCR_LIST = 0x3d, - DWA_ENCODING = 0x3e, - DWA_EXTERNAL = 0x3f, - DWA_FRAME_BASE = 0x40, - DWA_FRIEND = 0x41, - DWA_IDENTIFIER_CASE = 0x42, - DWA_MACRO_INFO = 0x43, - DWA_NAMELIST_ITEM = 0x44, - DWA_PRIORITY = 0x45, - DWA_SEGMENT = 0x46, - DWA_SPECIFICATION = 0x47, - DWA_STATIC_LINK = 0x48, - DWA_TYPE = 0x49, - DWA_USE_LOCATION = 0x4a, - DWA_VARIABLE_PARAMETER = 0x4b, - DWA_VIRTUALITY = 0x4c, - DWA_VTABLE_ELEM_LOCATION = 0x4d, - DWA_ALLOCATED = 0x4e, /* DWARF3 */ - DWA_ASSOCIATED = 0x4f, /* DWARF3 */ - DWA_DATA_LOCATION = 0x50, /* DWARF3 */ - DWA_BYTE_STRIDE = 0x51, /* DWARF3f */ - DWA_STRIDE = 0x51, /* DWARF3 (ne pas utiliser) */ - DWA_ENTRY_PC = 0x52, /* DWARF3 */ - DWA_USE_UTF8 = 0x53, /* DWARF3 */ - DWA_EXTENSION = 0x54, /* DWARF3 */ - DWA_RANGES = 0x55, /* DWARF3 */ - DWA_TRAMPOLINE = 0x56, /* DWARF3 */ - DWA_CALL_COLUMN = 0x57, /* DWARF3 */ - DWA_CALL_FILE = 0x58, /* DWARF3 */ - DWA_CALL_LINE = 0x59, /* DWARF3 */ - DWA_DESCRIPTION = 0x5a, /* DWARF3 */ - DWA_BINARY_SCALE = 0x5b, /* DWARF3f */ - DWA_DECIMAL_SCALE = 0x5c, /* DWARF3f */ - DWA_SMALL = 0x5d, /* DWARF3f */ - DWA_DECIMAL_SIGN = 0x5e, /* DWARF3f */ - DWA_DIGIT_COUNT = 0x5f, /* DWARF3f */ - DWA_PICTURE_STRING = 0x60, /* DWARF3f */ - DWA_MUTABLE = 0x61, /* DWARF3f */ - DWA_THREADS_SCALED = 0x62, /* DWARF3f */ - DWA_EXPLICIT = 0x63, /* DWARF3f */ - DWA_OBJECT_POINTER = 0x64, /* DWARF3f */ - DWA_ENDIANITY = 0x65, /* DWARF3f */ - DWA_ELEMENTAL = 0x66, /* DWARF3f */ - DWA_PURE = 0x67, /* DWARF3f */ - DWA_RECURSIVE = 0x68, /* DWARF3f */ - - DWA_LO_USER = 0x2000, - - /* Extension HP */ - - DWA_HP_BLOCK_INDEX = 0x2000, - - /* Extensions MIPS/SGI */ - - DWA_MIPS_FDE = 0x2001, - DWA_MIPS_LOOP_BEGIN = 0x2002, - DWA_MIPS_TAIL_LOOP_BEGIN = 0x2003, - DWA_MIPS_EPILOG_BEGIN = 0x2004, - DWA_MIPS_LOOP_UNROLL_FACTOR = 0x2005, - DWA_MIPS_SOFTWARE_PIPELINE_DEPTH = 0x2006, - DWA_MIPS_LINKAGE_NAME = 0x2007, - DWA_MIPS_STRIDE = 0x2008, - DWA_MIPS_ABSTRACT_NAME = 0x2009, - DWA_MIPS_CLONE_ORIGIN = 0x200a, - DWA_MIPS_HAS_INLINES = 0x200b, - DWA_MIPS_STRIDE_BYTE = 0x200c, - DWA_MIPS_STRIDE_ELEM = 0x200d, - DWA_MIPS_PTR_DOPETYPE = 0x200e, - DWA_MIPS_ALLOCATABLE_DOPETYPE = 0x200f, - DWA_MIPS_ASSUMED_SHAPE_DOPETYPE = 0x2010, - DWA_MIPS_ASSUMED_SIZE = 0x2011, - - /* Extensions HP */ - - DWA_HP_unmodifiable = 0x2001, /* conflit : MIPS */ - DWA_HP_actuals_stmt_list = 0x2010, /* conflit : MIPS */ - DWA_HP_proc_per_section = 0x2011, /* conflit : MIPS */ - DWA_HP_raw_data_ptr = 0x2012, - DWA_HP_pass_by_reference = 0x2013, - DWA_HP_opt_level = 0x2014, - DWA_HP_prof_version_id = 0x2015, - DWA_HP_opt_flags = 0x2016, - DWA_HP_cold_region_low_pc = 0x2017, - DWA_HP_cold_region_high_pc = 0x2018, - DWA_HP_all_variables_modifiable = 0x2019, - DWA_HP_linkage_name = 0x201a, - DWA_HP_prof_flags = 0x201b, - - /* Extensions GNU */ - - DWA_GNU_SF_NAMES = 0x2101, - DWA_GNU_SRC_INFO = 0x2102, - DWA_GNU_MAC_INFO = 0x2103, - DWA_GNU_SRC_COORDS = 0x2104, - DWA_GNU_BODY_BEGIN = 0x2105, - DWA_GNU_BODY_END = 0x2106, - DWA_GNU_VECTOR = 0x2107, - - /* Extensions SUN */ - - DWA_SUN_TEMPLATE = 0x2201, - DWA_SUN_RTNBEG_PD_ADDRESS = 0x2201, - DWA_SUN_ALIGNMENT = 0x2202, - DWA_SUN_VTABLE = 0x2203, - DWA_SUN_COUNT_GUARANTEE = 0x2204, - DWA_SUN_COMMAND_LINE = 0x2205, - DWA_SUN_VBASE = 0x2206, - DWA_SUN_COMPILE_OPTIONS = 0x2207, - DWA_SUN_LANGUAGE = 0x2208, - DWA_SUN_BROWSER_FILE = 0x2209, - DWA_SUN_VTABLE_ABI = 0x2210, - DWA_SUN_FUNC_OFFSETS = 0x2211, - DWA_SUN_CF_KIND = 0x2212, - DWA_SUN_VTABLE_INDEX = 0x2213, - DWA_SUN_OMP_TPRIV_ADDR = 0x2214, - DWA_SUN_OMP_CHILD_FUNC = 0x2215, - DWA_SUN_FUNC_OFFSET = 0x2216, - DWA_SUN_MEMOP_TYPE_REF = 0x2217, - DWA_SUN_PROFILE_ID = 0x2218, - DWA_SUN_MEMOP_SIGNATURE = 0x2219, - DWA_SUN_OBJ_DIR = 0x2220, - DWA_SUN_OBJ_FILE = 0x2221, - DWA_SUN_ORIGINAL_NAME = 0x2222, - DWA_SUN_HWCPROF_SIGNATURE = 0x2223, - DWA_SUN_AMD64_PARMDUMP = 0x2224, - DWA_SUN_PART_LINK_NAME = 0x2225, - DWA_SUN_LINK_NAME = 0x2226, - DWA_SUN_PASS_WITH_CONST = 0x2227, - DWA_SUN_RETURN_WITH_CONST = 0x2228, - DWA_SUN_IMPORT_BY_NAME = 0x2229, - DWA_SUN_F90_POINTER = 0x222a, - DWA_SUN_PASS_BY_REF = 0x222b, - DWA_SUN_F90_ALLOCATABLE = 0x222c, - DWA_SUN_F90_ASSUMED_SHAPE_ARRAY = 0x222d, - DWA_SUN_C_VLA = 0x222e, - DWA_SUN_RETURN_VALUE_PTR = 0x2230, - DWA_SUN_DTOR_START = 0x2231, - DWA_SUN_DTOR_LENGTH = 0x2232, - DWA_SUN_DTOR_STATE_INITIAL = 0x2233, - DWA_SUN_DTOR_STATE_FINAL = 0x2234, - DWA_SUN_DTOR_STATE_DELTAS = 0x2235, - DWA_SUN_IMPORT_BY_LNAME = 0x2236, - DWA_SUN_F90_USE_ONLY = 0x2237, - DWA_SUN_NAMELIST_SPEC = 0x2238, - DWA_SUN_IS_OMP_CHILD_FUNC = 0x2239, - DWA_SUN_FORTRAN_MAIN_ALIAS = 0x223a, - DWA_SUN_FORTRAN_BASED = 0x223b, - - /* Extensions ALTIUM */ - - DWA_ALTIUM_LOCLIST = 0x2300, - - /* Extensions PGI (STMicroelectronics) */ - - DWA_PGI_LBASE = 0x3a00, - DWA_PGI_SOFFSET = 0x3a01, - DWA_PGI_LSTRIDE = 0x3a02, - - /* Extensions pour le support UPC */ - - DWA_UPC_THREADS_SCALED = 0x3210, - - DWA_HI_USER = 0x3fff - -} DwarfAttrib; - - -/* Liste des types de données */ -typedef enum _DwarfForm -{ - DWF_ADDR = 0x01, - DWF_BLOCK2 = 0x03, - DWF_BLOCK4 = 0x04, - DWF_DATA2 = 0x05, - DWF_DATA4 = 0x06, - DWF_DATA8 = 0x07, - DWF_STRING = 0x08, - DWF_BLOCK = 0x09, - DWF_BLOCK1 = 0x0a, - DWF_DATA1 = 0x0b, - DWF_FLAG = 0x0c, - DWF_SDATA = 0x0d, - DWF_STRP = 0x0e, - DWF_UDATA = 0x0f, - DWF_REF_ADDR = 0x10, - DWF_REF1 = 0x11, - DWF_REF2 = 0x12, - DWF_REF4 = 0x13, - DWF_REF8 = 0x14, - DWF_REF_UDATA = 0x15, - DWF_INDIRECT = 0x16 - -} DwarfForm; - - -#endif - - - -#endif /* _FORMAT_DWARF_DWARF_DEF_H */ diff --git a/plugins/dwarf/form.c b/plugins/dwarf/form.c index d7922f7..78fbd63 100644 --- a/plugins/dwarf/form.c +++ b/plugins/dwarf/form.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * form.h - prototypes pour la transmission des valeurs d'attributs * - * Copyright (C) 2016-2017 Cyrille Bagard + * Copyright (C) 2016-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,6 +24,412 @@ #include "form.h" +#include <malloc.h> + + +#include "format-int.h" + + + +/* Valeurs dans DWARF */ +union _dw_form_value +{ + /** + * Version 2. + */ + /* DW_FORM_addr */ + virt_t address; + + /* DW_FORM_data[1248] */ + uint8_t data1; + uint16_t data2; + uint32_t data4; + uint64_t data8; + + /* DW_FORM_sdata */ + leb128_t sdata; + + /* DW_FORM_udata */ + uleb128_t udata; + + /* DW_FORM_block[124]? */ + struct + { + const bin_t *start; + phys_t size; + + } block; + + /* DW_FORM_string */ + /* DW_FORM_strp */ + const char *string; + + /* DW_FORM_flag */ + uint8_t flag; + + /* DW_FORM_ref[1248] */ + uint8_t ref1; + uint16_t ref2; + uint32_t ref4; + uint64_t ref8; + + /* DW_FORM_ref_udata */ + uleb128_t ref_udata; + + + /** + * Version 4. + */ + + /* DW_FORM_sec_offset */ + uint64_t sec_offset; + + /* DW_FORM_exprloc */ + struct + { + const bin_t *start; + phys_t size; + + } expr; + + /* DW_FORM_flag_present */ + bool has_flag; + + /* DW_FORM_ref_sig8 */ + uint64_t signature; + +}; + + +/****************************************************************************** +* * +* Paramètres : format = contenu binaire de débogage à parcourir. * +* content = contenu encadré à parcourir. * +* pos = tête de lecture au sein des données. [OUT] * +* cu = unité de compilation parente. * +* form = nature de la valeur à lire. * +* output = valeur au format donné lue. [OUT] * +* * +* Description : Lit la valeur correspondant à un type donné. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dwarf_form_value(const GDwarfFormat *format, GBinContent *content, vmpa2t *pos, const dw_compil_unit_header *cu, DwarfForm form, dw_form_value **output) +{ + bool result; /* Bilan de lecture à renvoyer */ + dw_form_value *value; /* Valeur constituée */ + SourceEndian endian; /* Boutisme des enregistrements*/ + + + const bin_t *tmp; /* Données quelconques */ + uint8_t tmp8; /* Données sur 8 bits */ + uint16_t tmp16; /* Données sur 16 bits */ + uint32_t tmp32; /* Données sur 32 bits */ + uint64_t tmp64; /* Données sur 64 bits */ + uleb128_t tmpuleb; /* Données sur xxx bits */ + phys_t offset; /* Décalage à appliquer */ + GExeFormat *exe; /* Format d'exécutable rattaché*/ + mrange_t range; /* Couverture d'une section */ + vmpa2t iter; /* Point de lecture parallèle */ + + + value = (dw_form_value *)malloc(sizeof(dw_form_value)); + + endian = g_binary_format_get_endianness(G_BIN_FORMAT(format)); + + switch (form) + { + + + + + /* Version 2 */ + + + case DW_FORM_addr: + + switch (cu->address_size) + { + case 2: + result = g_binary_content_read_u16(content, pos, endian, &tmp16); + if (result) value->address = tmp16; + break; + case 4: + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + if (result) value->address = tmp32; + break; + case 8: + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + if (result) value->address = tmp64; + break; + default: + result = false; + break; + } + break; + + case DW_FORM_block2: + result = g_binary_content_read_u16(content, pos, endian, &tmp16); + if (result) + { + value->block.size = tmp16; + goto block_finish; + } + break; + + case DW_FORM_block4: + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + if (result) + { + value->block.size = tmp32; + goto block_finish; + } + break; + + case DW_FORM_data2: + result = g_binary_content_read_u16(content, pos, endian, &value->data2); + break; + + case DW_FORM_data4: + result = g_binary_content_read_u32(content, pos, endian, &value->data4); + break; + + case DW_FORM_data8: + result = g_binary_content_read_u64(content, pos, endian, &value->data8); + break; + + case DW_FORM_string: + + tmp = g_binary_content_get_raw_access(content, pos, 1); + result = (tmp != NULL); + + if (result) + { + value->string = (const char *)tmp; + + while (result && *tmp != '\0') + { + tmp = g_binary_content_get_raw_access(content, pos, 1); + result = (tmp != NULL); + } + + } + + break; + + case DW_FORM_block: + + tmpuleb = 0; /* Pour GCC */ + + result = g_binary_content_read_uleb128(content, pos, &tmpuleb); + if (!result) break; + + value->block.size = tmpuleb; + + block_finish: + + value->block.start = g_binary_content_get_raw_access(content, pos, value->block.size); + + result = (value->block.start != NULL); + break; + + case DW_FORM_block1: + result = g_binary_content_read_u8(content, pos, &tmp8); + if (result) + { + value->block.size = tmp8; + goto block_finish; + } + break; + + case DW_FORM_data1: + result = g_binary_content_read_u8(content, pos, &value->data1); + break; + + case DW_FORM_flag: + result = g_binary_content_read_u8(content, pos, &value->flag); + break; + + case DW_FORM_sdata: + result = g_binary_content_read_leb128(content, pos, &value->sdata); + break; + + case DW_FORM_strp: + + /* Définition des positions */ + + if (cu->is_32b) + { + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + offset = tmp32; + } + else + { + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + offset = tmp64; + } + + /* Lecture dans la section adaptée */ + + if (result) + { + exe = G_DBG_FORMAT(format)->executable; + result = g_exe_format_get_section_range_by_name(exe, ".debug_str", &range); + } + + if (result) + { + copy_vmpa(&iter, get_mrange_addr(&range)); + + result = g_binary_content_seek(content, &iter, offset); + + if (!result) + break; + + tmp = g_binary_content_get_raw_access(content, &iter, 1); + result = (tmp != NULL); + + if (result) + { + value->string = (const char *)tmp; + + while (result && *tmp != '\0') + { + tmp = g_binary_content_get_raw_access(content, &iter, 1); + result = (tmp != NULL); + } + + } + + } + + break; + + case DW_FORM_udata: + result = g_binary_content_read_uleb128(content, pos, &value->udata); + break; + + + + + + + + + + + + case DW_FORM_ref1: + result = g_binary_content_read_u8(content, pos, &value->ref1); + break; + + case DW_FORM_ref2: + result = g_binary_content_read_u16(content, pos, endian, &value->ref2); + break; + + case DW_FORM_ref4: + result = g_binary_content_read_u32(content, pos, endian, &value->ref4); + break; + + case DW_FORM_ref8: + result = g_binary_content_read_u64(content, pos, endian, &value->ref8); + break; + + case DW_FORM_ref_udata: + result = g_binary_content_read_uleb128(content, pos, &value->ref_udata); + break; + + + + + + + + + + + + + + + + + /* Version 4 */ + + case DW_FORM_sec_offset: + + if (cu->is_32b) + { + result = g_binary_content_read_u32(content, pos, endian, &tmp32); + tmp64 = tmp32; + } + else + result = g_binary_content_read_u64(content, pos, endian, &tmp64); + + value->sec_offset = tmp64; + break; + + case DW_FORM_exprloc: + + //tmpuleb = 0; /* Pour GCC */ + + result = g_binary_content_read_uleb128(content, pos, &tmpuleb); + if (!result) break; + + value->expr.size = tmpuleb; + + value->expr.start = g_binary_content_get_raw_access(content, pos, value->expr.size); + result = (value->expr.start != NULL); + + break; + + case DW_FORM_flag_present: + result = true; + value->has_flag = true; + break; + + case DW_FORM_ref_sig8: + result = g_binary_content_read_u64(content, pos, endian, &value->signature); + break; + + default: + result = false; + break; + + } + + if (result) + *output = value; + else + free_dwarf_form_value(value); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : value = valeur à librérer de la mémoire. * +* * +* Description : Supprime de la mémoire une valeur correspondant à un type. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void free_dwarf_form_value(dw_form_value *value) +{ + free(value); + +} + /****************************************************************************** * * @@ -48,23 +454,23 @@ bool translate_form_into_address(const dw_form_value *value, DwarfForm form, vir switch (form) { case DW_FORM_addr: - *addr = value->v2.address; + *addr = value->address; break; case DW_FORM_data1: - *addr = value->v2.data1; + *addr = value->data1; break; case DW_FORM_data2: - *addr = value->v2.data2; + *addr = value->data2; break; case DW_FORM_data4: - *addr = value->v2.data4; + *addr = value->data4; break; case DW_FORM_data8: - *addr = value->v2.data8; + *addr = value->data8; break; default: @@ -99,7 +505,7 @@ const char *translate_form_into_string(const dw_form_value *value, DwarfForm for { case DW_FORM_string: case DW_FORM_strp: - result = value->v2.string; + result = value->string; break; default: diff --git a/plugins/dwarf/form.h b/plugins/dwarf/form.h index bdef9b3..ec1ce1a 100644 --- a/plugins/dwarf/form.h +++ b/plugins/dwarf/form.h @@ -25,9 +25,22 @@ #define _FORMAT_DWARF_FORM_H -#include "dwarf_def.h" +#include "format.h" +#include <analysis/content.h> + + + +/* Valeurs dans DWARF */ +typedef union _dw_form_value dw_form_value; + + +/* Lit la valeur correspondant à un type donné. */ +bool read_dwarf_form_value(const GDwarfFormat *, GBinContent *, vmpa2t *, const dw_compil_unit_header *, DwarfForm, dw_form_value **); + +/* Supprime de la mémoire une valeur correspondant à un type. */ +void free_dwarf_form_value(dw_form_value *); /* Transcrit une valeur Dwarf brute en adresse virtuelle. */ bool translate_form_into_address(const dw_form_value *, DwarfForm, virt_t *); diff --git a/plugins/dwarf/format-int.h b/plugins/dwarf/format-int.h new file mode 100644 index 0000000..c13af65 --- /dev/null +++ b/plugins/dwarf/format-int.h @@ -0,0 +1,58 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * dwarf-int.h - prototypes pour les structures internes du format DWARF + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#ifndef _PLUGINS_DWARF_FORMAT_INT_H +#define _PLUGINS_DWARF_FORMAT_INT_H + + +#include "format.h" + + +#include <format/debuggable-int.h> + + +#include "abbrev.h" +#include "die.h" + + + +/* Format de débogage DWARF (instance) */ +struct _GDwarfFormat +{ + GDbgFormat parent; /* A laisser en premier */ + + dw_die **info; /* DIE de debug_info */ + size_t info_count; /* Quantité de ces éléments */ + +}; + +/* Format de débogage DWARF (classe) */ +struct _GDwarfFormatClass +{ + GDbgFormatClass parent; /* A laisser en premier */ + +}; + + + +#endif /* _PLUGINS_DWARF_FORMAT_INT_H */ diff --git a/plugins/dwarf/dwarf.c b/plugins/dwarf/format.c index 0c0dab8..6bd47cd 100644 --- a/plugins/dwarf/dwarf.c +++ b/plugins/dwarf/format.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * dwarf.c - support du format Dwarf * - * Copyright (C) 2009-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,14 +21,18 @@ */ -#include "dwarf.h" +#include "format.h" -#include "abbrev.h" -#include "dwarf-int.h" +#include <i18n.h> +#include <common/cpp.h> +#include <format/format.h> + + +#include "def.h" +#include "format-int.h" #include "info.h" -#include "symbols.h" -#include "../../common/cpp.h" +#include "utils.h" @@ -44,166 +48,41 @@ static void g_dwarf_format_dispose(GDwarfFormat *); /* Procède à la libération totale de la mémoire. */ static void g_dwarf_format_finalize(GDwarfFormat *); +/* Assure l'interprétation d'un format en différé. */ +static bool g_dwarf_format_analyze(GDwarfFormat *, wgroup_id_t, GtkStatusStack *); + /****************************************************************************** * * -* Paramètres : content = contenu binaire à parcourir. * -* parent = éventuel format exécutable déjà chargé. * -* unused = adresse non utilisée ici. * -* key = identifiant de format trouvé ou NULL. [OUT] * +* Paramètres : format = exécutable auquel on peut tenter de se raccrocher. * * * -* Description : Indique si le format peut être pris en charge ici. * +* Description : Valide un contenu comme étant un format Dwarf. * * * -* Retour : Conclusion de haut niveau sur la reconnaissance effectuée. * +* Retour : - * * * * Remarques : - * * * ******************************************************************************/ -FormatMatchStatus dwarf_is_matching(GBinContent *content, GExeFormat *parent, void *unused, char **key) +GDbgFormat *check_dwarf_format(GExeFormat *format) { - FormatMatchStatus result; /* Bilan à renvoyer */ - size_t i; /* Boucle de parcours */ - mrange_t range; /* Couverture d'une section */ - dw_section_header header; /* En-tête DWARF de section */ - bool found; /* Bilan d'une comparaison */ + GDbgFormat *result; /* Eventuel format à renvoyer */ + bool matched; /* Correspondance probable */ + size_t i; /* Boucle de parcours #1 */ static const char *section_names[] = { - ".debug_aranges", - ".debug_frame", - ".debug_info", - ".debug_line", - ".debug_pubnames", - ".debug_pubtypes", - ".debug_types" - }; - - static const uint16_t dwarf_v2_versions[] = { - 2, /* .debug_aranges */ - 1, /* .debug_frame */ - 2, /* .debug_info */ - 2, /* .debug_line */ - 2, /* .debug_pubnames */ - 0, /* .debug_pubtypes */ - 0 /* .debug_types */ + ".debug_abbrev", + ".debug_info" }; - static const uint16_t dwarf_v3_versions[] = { - 2, /* .debug_aranges */ - 3, /* .debug_frame */ - 3, /* .debug_info */ - 3, /* .debug_line */ - 2, /* .debug_pubnames */ - 2, /* .debug_pubtypes */ - 0 /* .debug_types */ - }; - - static const uint16_t dwarf_v4_versions[] = { - 2, /* .debug_aranges */ - 4, /* .debug_frame */ - 4, /* .debug_info */ - 4, /* .debug_line */ - 2, /* .debug_pubnames */ - 2, /* .debug_pubtypes */ - 4 /* .debug_types */ - }; - - uint16_t current_versions[] = { - 0, /* .debug_aranges */ - 0, /* .debug_frame */ - 0, /* .debug_info */ - 0, /* .debug_line */ - 0, /* .debug_pubnames */ - 0, /* .debug_pubtypes */ - 0 /* .debug_types */ - }; - - result = FMS_UNKNOWN; - - if (parent == NULL) - return FMS_UNKNOWN; - return FMS_UNKNOWN; - *key = strdup("dwarf_v4"); - return FMS_MATCHED; - - /* Lecture des indices présents */ - - for (i = 0; i < ARRAY_SIZE(section_names); i++) - { - if (!g_exe_format_get_section_range_by_name(parent, section_names[i], &range)) - continue; - - if (!read_dwarf_section_header(content, get_mrange_addr(&range), SRE_LITTLE /* FIXME */, &header)) - continue; - - current_versions[i] = header.version; - - } - - /* Détermination d'une version bien identifiée */ - - bool check_dwarf_version(const uint16_t *ref, const uint16_t *cur, size_t count) - { - bool equal; - size_t k; - - equal = true; - - for (k = 0; k < count && equal; k++) - printf(" -> %hhu vs %hhu\n", ref[k], cur[k]); - - for (k = 0; k < count && equal; k++) - equal = (cur[k] == 0) || (ref[k] == cur[k]); - - return equal; - - } - - /** - * Un fichier DWARF sans section sera vu comme un fichier DWARF de - * dernière génération. - * Ce qui n'est pas très grave car rien ne sera chargé par la suite, - * du fait de l'absence de section, donc il n'y aura pas d'incompatibilité. - */ + matched = true; - printf("---dwarf v4\n"); + for (i = 0; i < ARRAY_SIZE(section_names) && matched; i++) + matched = g_exe_format_get_section_range_by_name(format, section_names[i], (mrange_t []) { 0 }); - found = check_dwarf_version(dwarf_v4_versions, current_versions, ARRAY_SIZE(section_names)); - - if (found) - { - result = FMS_MATCHED; - *key = strdup("dwarf_v4"); - } - - if (result == FMS_UNKNOWN) - { - printf("---dwarf v3\n"); - - found = check_dwarf_version(dwarf_v3_versions, current_versions, ARRAY_SIZE(section_names)); - - if (found) - { - result = FMS_MATCHED; - *key = strdup("dwarf_v3"); - } - - } - - if (result == FMS_UNKNOWN) - { - printf("---dwarf v2\n"); - - found = check_dwarf_version(dwarf_v2_versions, current_versions, ARRAY_SIZE(section_names)); - - if (found) - { - result = FMS_MATCHED; - *key = strdup("dwarf_v2"); - } - - } + if (matched) + result = g_dwarf_format_new(format); return result; @@ -229,12 +108,17 @@ G_DEFINE_TYPE(GDwarfFormat, g_dwarf_format, G_TYPE_DBG_FORMAT); static void g_dwarf_format_class_init(GDwarfFormatClass *klass) { GObjectClass *object; /* Autre version de la classe */ + GBinFormatClass *fmt; /* Version en format basique */ object = G_OBJECT_CLASS(klass); object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarf_format_dispose; object->finalize = (GObjectFinalizeFunc)g_dwarf_format_finalize; + fmt = G_BIN_FORMAT_CLASS(klass); + + fmt->analyze = (format_analyze_fc)g_dwarf_format_analyze; + } @@ -289,6 +173,15 @@ static void g_dwarf_format_dispose(GDwarfFormat *format) static void g_dwarf_format_finalize(GDwarfFormat *format) { + size_t i; /* Boucle de parcours */ + + for (i = 0; i < format->info_count; i++) + if (format->info[i] != NULL) + delete_dwarf_die(format->info[i]); + + if (format->info != NULL) + free(format->info); + G_OBJECT_CLASS(g_dwarf_format_parent_class)->finalize(G_OBJECT(format)); } @@ -296,42 +189,56 @@ static void g_dwarf_format_finalize(GDwarfFormat *format) /****************************************************************************** * * -* Paramètres : format = description du binaire de débogage à compléter. * -* executable = référence vers le binaire exécutable à lier. * -* * -* Description : Charge de façon générique toutes les informations DWARF. * +* Paramètres : parent = éventuel format exécutable déjà chargé. * + * +* Description : Prend en charge un nouveau format DWARF. * * * -* Retour : Bilan du chargement : réussi ou non ? * +* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* * * * Remarques : - * * * ******************************************************************************/ -bool g_dwarf_format_load(GDwarfFormat *format, GExeFormat *executable) +GDbgFormat *g_dwarf_format_new(GExeFormat *parent) { - bool result; /* Bilan à faire remonter */ + GDwarfFormat *result; /* Structure à retourner */ + GBinContent *content; /* Contenu binaire à lire */ - result = true; + result = g_object_new(G_TYPE_DWARF_FORMAT, NULL); - g_debuggable_format_attach_executable(G_DBG_FORMAT(format), executable); + G_DBG_FORMAT(result)->executable = parent; + g_object_ref(G_OBJECT(parent)); - printf("Loading abbrev...\n"); + content = G_BIN_FORMAT(parent)->content; - result &= load_all_dwarf_abbreviations(format); + G_BIN_FORMAT(result)->content = content; + g_object_ref(G_OBJECT(content)); - printf("Loading debug info...\n"); + return G_DBG_FORMAT(result); - result &= load_dwarf_debug_information(format); +} - printf("Done!\n"); - result &= load_dwarf_symbols(format); +/****************************************************************************** +* * +* Paramètres : format = format chargé dont l'analyse est lancée. * +* gid = groupe de travail dédié. * +* status = barre de statut à tenir informée. * +* * +* Description : Assure l'interprétation d'un format en différé. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ - printf("Got symbols...\n"); +static bool g_dwarf_format_analyze(GDwarfFormat *format, wgroup_id_t gid, GtkStatusStack *status) +{ + bool result; /* Bilan à retourner */ - exit(0); + result = load_dwarf_debug_information(format, gid, status); return result; } - diff --git a/plugins/dwarf/dwarf.h b/plugins/dwarf/format.h index ad2f008..73933d4 100644 --- a/plugins/dwarf/dwarf.h +++ b/plugins/dwarf/format.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * dwarf.h - prototypes pour le support du format Dwarf * - * Copyright (C) 2009-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,17 +21,24 @@ */ -#ifndef _FORMAT_DWARF_DWARF_H -#define _FORMAT_DWARF_DWARF_H +#ifndef _PLUGINS_DWARF_FORMAT_H +#define _PLUGINS_DWARF_FORMAT_H -#include "../../core/formats.h" +#include <glib-object.h> + + +#include <format/debuggable.h> +#include <format/executable.h> + + +#include "def.h" #define G_TYPE_DWARF_FORMAT g_dwarf_format_get_type() -#define G_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarf_format_get_type(), GDwarfFormat)) -#define G_IS_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarf_format_get_type())) +#define G_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), G_TYPE_DWARF_FORMAT, GDwarfFormat)) +#define G_IS_DWARF_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), G_TYPE_DWARF_FORMAT)) #define G_DWARF_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARF_FORMAT, GDwarfFormatClass)) #define G_IS_DWARF_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARF_FORMAT)) #define G_DWARF_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARF_FORMAT, GDwarfFormatClass)) @@ -44,12 +51,15 @@ typedef struct _GDwarfFormat GDwarfFormat; typedef struct _GDwarfFormatClass GDwarfFormatClass; -/* Indique si le format peut être pris en charge ici. */ -FormatMatchStatus dwarf_is_matching(GBinContent *, GExeFormat *, void *, char **); +/* Valide un contenu comme étant un format Dwarf. */ +GDbgFormat *check_dwarf_format(GExeFormat *); /* Indique le type défini pour un format de débogage DWARF. */ GType g_dwarf_format_get_type(void); +/* Prend en charge un nouveau format DWARF. */ +GDbgFormat *g_dwarf_format_new(GExeFormat *); + -#endif /* _FORMAT_DWARF_DWARF_H */ +#endif /* _PLUGINS_DWARF_FORMAT_H */ diff --git a/plugins/dwarf/info.c b/plugins/dwarf/info.c index 432280e..7a2be44 100644 --- a/plugins/dwarf/info.c +++ b/plugins/dwarf/info.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * info.c - lecture des informations principales du format DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,215 +24,43 @@ #include "info.h" -#include "die.h" -#include "dwarf-int.h" -#include "../debuggable-int.h" - - +#include <i18n.h> +#include <analysis/contents/restricted.h> +#include <core/nproc.h> +#include <glibext/seq.h> +#include <core/global.h> - -static bool extract_dies_from_debug_information(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die *parent, dw_die **die); +#include "die.h" +#include "format-int.h" +#include "utils.h" +#define RANGE_ALLOC_BLOCK 100 -/****************************************************************************** -* * -* Paramètres : format = informations de débogage DWARF à compléter. * -* * -* Description : Charge les informations depuis une section ".debug_info". * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ -bool load_dwarf_debug_information(GDwarfFormat *format) +/* Rassemblement des informations utiles */ +typedef struct _work_data { - bool result; /* Bilan à renvoyer */ - - - - mrange_t range; /* Couverture d'une section */ - vmpa2t end; - vmpa2t iter; /* Tête de lecture mouvante */ - - dw_compil_unit_header header; - dw_die *die; - - - - result = g_exe_format_get_section_range_by_name(G_DBG_FORMAT(format)->executable, ".debug_info", &range); - if (!result) goto lddi_exit; - - copy_vmpa(&iter, get_mrange_addr(&range)); - - - printf("[%d] Passage :: 0x%08llx 0x%08llx\n", - result, - (unsigned long long)range.addr.physical, - (unsigned long long)range.addr.virtual); - - compute_mrange_end_addr(&range, &end); - - while (result) - { - /* Si il n'y a plus rien à lire dans la section... */ - if (cmp_vmpa(&iter, &end) >= 0) break; - - - printf("========================================================================\n"); - printf("========================================================================\n"); - printf("========================================================================\n"); - printf("========================================================================\n"); - printf("\n"); - printf("HEADER START :: 0x%x\n", (unsigned int)iter.physical); - - - result = read_dwarf_compil_unit_header(G_BIN_FORMAT(format)->content, &iter, - SRE_LITTLE /* FIXME */, &header); - if (!result) break; - - printf("[%d] header :: addr size=%hhu\n", result, header.address_size); - - - result = extract_dies_from_debug_information(format, &iter, - SRE_LITTLE /* FIXME */, &header, - NULL, &die); - - - - } + GDwarfFormat *format; /* Format à manipuler */ + mrange_t *ranges; /* Espace des DIE à charger */ +} work_data; - format->info_die = die; - - - lddi_exit: - - return result; - -} +/* Procède au chargement d'un DIE de la section debug_info. */ +static bool extract_dies_from_debug_info(const work_data *, size_t, GtkStatusStack *, activity_id_t); /****************************************************************************** * * * Paramètres : format = informations de débogage DWARF à compléter. * -* pos = position de début de lecture. [OUT] * -* endian = boutisme reconnu dans le format. * -* header = en-tête de description de l'unité à traiter. * -* parent = entrée parent de rattachement ou NULL si racine. * -* die = emplacement de stockage de l'entrée. [OUT] * -* * -* Description : Procède à la lecture de l'en-tête d'un contenu binaire DWARF.* -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static bool extract_dies_from_debug_information(GDwarfFormat *format, vmpa2t *pos, SourceEndian endian, const dw_compil_unit_header *header, dw_die *parent, dw_die **die) -{ - bool result; /* Bilan à faire remonter */ - dw_die *child; /* Entrée subordonnée à charger*/ - - printf("==================================\n"); - printf("=== version : 0x%hx\n", header->version); - printf("=== offset abbrev : 0x%llx\n", (unsigned long long)header->debug_abbrev_offset); - printf("==================================\n"); - - - phys_t start = 0x1039; - - printf("start :: 0x%x\n", (unsigned int)(pos->physical - start)); - printf("start :: 0x%x\n", (unsigned int)(0x0 + pos->physical)); - - result = build_dwarf_die(format, pos, SRE_LITTLE /* FIXME */, header, die); - if (*die == NULL) return result; - - if (parent != NULL) - dw_die_append_child(parent, *die); - - if (dw_die_has_children(*die)) - { - printf("<<<< children >>>>\n"); - - printf("next :: 0x%x\n", (unsigned int)(pos->physical - start)); - - while (result) - { - result = extract_dies_from_debug_information(format, pos, endian, header, *die, &child); - - if (!result) - delete_dwarf_die(*die); - - /* Entrée avec un code nul -> fin */ - if (child == NULL) break; - - } - - } - - return result; - -} - - - - - - - -#if 0 -#include <malloc.h> -#include <string.h> +* gid = groupe de travail impliqué. * + status = barre de statut à tenir informée. * - -#include "abbrev.h" -#include "dwarf-int.h" -#include "utils.h" - - -/* Informations utiles d'une unité de compilation */ -typedef struct _compil_unit -{ - off_t startpos; /* Position de début d'unité */ - off_t endpos; /* Position d'unité suivante */ - - off_t offset; /* Position dans les abréviat° */ - uint8_t ptrsize; /* Taille des adresses mémoire */ - -} compil_unit; - - - -#define _(str) str - - -/* Procède à la lecture d'une unité de compilation. */ -bool read_dwarf_compilation_unit(dwarf_format *, off_t *, compil_unit *); - -/* Récupère toutes les déclarations DWARF utiles trouvées. */ -bool parse_dwarf_compilation_unit(dwarf_format *, off_t *, const compil_unit *); - -/* Enregistre toutes les déclarations de fonction trouvées. */ -dw_dbg_function *look_for_dwarf_subprograms(dwarf_format *, const dw_abbrev *, off_t *, const compil_unit *); - -/* Obtient la description humaine d'un type. */ -char *resolve_dwarf_function_type(dwarf_format *, const dw_abbrev *, const off_t *, const compil_unit *); - - - - -/****************************************************************************** * * -* Paramètres : format = informations de débogage à compléter. * -* * -* Description : Charge les informations trouvées dans un DWARF. * +* Description : Charge les informations depuis une section ".debug_info". * * * * Retour : Bilan de l'opération. * * * @@ -240,614 +68,190 @@ char *resolve_dwarf_function_type(dwarf_format *, const dw_abbrev *, const off_t * * ******************************************************************************/ -bool load_dwarf_information(dwarf_format *format) +bool load_dwarf_debug_information(GDwarfFormat *format, wgroup_id_t gid, GtkStatusStack *status) { bool result; /* Bilan à renvoyer */ - - - - - off_t offset; - off_t start; - off_t size; - - bool test; - - int i; - - - compil_unit cu; - - - - result = true; - - test = find_exe_section(DBG_FORMAT(format)->e_format, ".debug_info", &start, &size, NULL); - - offset = start; - - - printf(" -> offset=%d size=%d\n", offset, size); - - - - for (i = 0; i < size; i++) - { - if (i % 25 == 0) printf("\n"); - printf("0x%02hhx ", DBG_FORMAT(format)->content[offset + i]); - } - - printf("\n"); - - - - while (offset < (start + size) && result) - { - printf("-------------\n"); - - result = read_dwarf_compilation_unit(format, &offset, &cu); - - if (result) - parse_dwarf_compilation_unit(format, &offset, &cu); - - } - - - printf("##############\nRegistered functions:\n"); - - for (i = 0; i < format->dbg_fc_count; i++) - printf(" > [0x%08llx] %s\n", format->dbg_functions[i]->low_pc, format->dbg_functions[i]->prototype); - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à effacer. * -* * -* Description : Décharge les informations trouvées dans un DWARF. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -void unload_dwarf_information(dwarf_format *format) -{ - - - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* cu = unité de compilation lue. [OUT] * -* * -* Description : Procède à la lecture d'une unité de compilation. * -* * -* Retour : true en cas de succès de la lecture, false sinon. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_compilation_unit(dwarf_format *format, off_t *pos, compil_unit *cu) -{ - off_t ulength; /* Taille de l'unité */ - uint16_t version; /* Version du format DWARF */ - - cu->startpos = *pos; - - if (!read_unit_length(format, pos, &ulength)) - return false; - - cu->endpos = *pos + ulength; - - if (!read_uhalf(format, pos, &version)) - return false; - - if (version > 3) return false; - - if (!read_abbrev_offset(format, pos, &cu->offset)) - return false; - - if (!read_address_size(format, pos, &cu->ptrsize)) - return false; - - return true; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à compléter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* cu = unité de compilation courante. * -* * -* Description : Récupère toutes les déclarations DWARF utiles trouvées. * -* * -* Retour : true en cas de succès de la lecture, false sinon. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool parse_dwarf_compilation_unit(dwarf_format *format, off_t *pos, const compil_unit *cu) -{ - bool result; /* Bilan à retourner */ - const dw_abbrev *abbrev; /* Abréviation rencontrée */ - dw_dbg_function *function; /* Nouvelle fonction lue */ - - - - result = true; - - while (*pos < cu->endpos && result) + GExeFormat *exe; /* Exécutable associé */ + mrange_t range; /* Couverture d'une section */ + GBinContent *content; /* Contenu binaire à lire */ + GBinContent *restricted; /* Limitation des traitements */ + vmpa2t stop; /* Point d'arrivée à atteindre */ + mrange_t *ranges; /* Séquences de zones à traiter*/ + size_t count; /* Nombre de ces séquences */ + size_t allocated; /* Quantité d'allocations */ + SourceEndian endian; /* Boutisme du format parent */ + vmpa2t iter; /* Tête de lecture mouvante */ + vmpa2t start; /* Sauvegarde de position */ + dw_compil_unit_header header; /* Unité à cerner puis traiter */ + vmpa2t next; /* Départ de l'unité suivante */ + phys_t size; /* Taille complète d'une unité */ + work_data data; /* Données à communiquer */ + guint runs_count; /* Qté d'exécutions parallèles */ + size_t run_size; /* Volume réparti par exécution*/ + GWorkQueue *queue; /* Gestionnaire de différés */ + activity_id_t msg; /* Message de progression */ + guint i; /* Boucle de parcours */ + size_t begin; /* Début de bloc de traitement */ + size_t end; /* Fin d'un bloc de traitement */ + GSeqWork *work; /* Tâche de chargement à lancer*/ + + exe = G_DBG_FORMAT(format)->executable; + + result = g_exe_format_get_section_range_by_name(exe, ".debug_info", &range); + + if (result) { + content = G_BIN_FORMAT(format)->content; + restricted = g_restricted_content_new(content, &range); - printf(" =+> Cur :: 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx\n", - DBG_FORMAT(format)->content[*pos], - DBG_FORMAT(format)->content[*pos + 1], - DBG_FORMAT(format)->content[*pos + 2], - DBG_FORMAT(format)->content[*pos + 3], - DBG_FORMAT(format)->content[*pos + 4]); - - - - abbrev = find_dwarf_abbreviations(format, &cu->offset, pos); - - if (abbrev == NULL) - break; + compute_mrange_end_addr(&range, &stop); + /* Constitution des zones de travail */ + ranges = NULL; + count = 0; + allocated = 0; - printf(" --> %p\n", abbrev); + endian = g_binary_format_get_endianness(G_BIN_FORMAT(exe)); - printf(" == 0x%02x (matched ? %d)\n", abbrev->tag, abbrev->tag == DWT_SUBPROGRAM); - - - - switch (abbrev->tag) + for (copy_vmpa(&iter, get_mrange_addr(&range)); + result && cmp_vmpa(&iter, &stop) < 0; + copy_vmpa(&iter, &next)) { - case DWT_SUBPROGRAM: - function = look_for_dwarf_subprograms(format, abbrev, pos, cu); - - if (function != NULL) - { - format->dbg_functions = (dw_dbg_function **)realloc(format->dbg_functions, ++format->dbg_fc_count * sizeof(dw_dbg_function *)); - format->dbg_functions[format->dbg_fc_count - 1] = function; - } - else result = false; - - break; - - default: - break; - - } - - - + copy_vmpa(&start, &iter); + result = read_dwarf_compil_unit_header(restricted, &iter, endian, &header, &next); + if (!result) break; + if (count == allocated) + { + allocated += RANGE_ALLOC_BLOCK; + ranges = realloc(ranges, allocated * sizeof(mrange_t)); + } + size = compute_vmpa_diff(&start, &next); + init_mrange(&ranges[count++], &start, size); + } + if (!result) + goto exit; + /* Préparation des réceptacles */ + format->info = calloc(count, sizeof(dw_die *)); + format->info_count = count; - if (!skip_dwarf_abbrev(format, pos, abbrev)) - printf("error skipping :(\n"); - - - } - - - printf(" =+> Next :: 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx 0x%02hhx\n", - DBG_FORMAT(format)->content[*pos], - DBG_FORMAT(format)->content[*pos + 1], - DBG_FORMAT(format)->content[*pos + 2], - DBG_FORMAT(format)->content[*pos + 3], - DBG_FORMAT(format)->content[*pos + 4]); - - - - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à compléter. * -* abbrev = abréviation trouvée à traiter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* cu = unité de compilation courante. * -* * -* Description : Enregistre toutes les déclarations de fonction trouvées. * -* * -* Retour : Fonction chargée en mémoire ou NULL en cas d'échec. * -* * -* Remarques : - * -* * -******************************************************************************/ - -dw_dbg_function *look_for_dwarf_subprograms(dwarf_format *format, const dw_abbrev *abbrev, off_t *pos, const compil_unit *cu) -{ - dw_dbg_function *result; /* Structure à retourner */ - uint32_t type_pos; /* Décalage p/r au pt courant */ - off_t subpos; /* Sous-position de lecture #1 */ - const dw_abbrev *subabbrev; /* Abréviation fille à lire */ - char *retstr; /* Elément du prototype */ - char *prototype; /* Stockage temporaire */ - size_t proto_len; /* Taille du prototype */ - bool is_pointer; /* Mémorise le type 'pointeur' */ - uint64_t index; /* Index de la fonction */ - bool first_arg; /* Marque le 1er argument */ - off_t subpos2; /* Sous-position de lecture #2 */ - const dw_abbrev *subabbrev2; /* Abréviation fille à lire #2 */ - - result = (dw_dbg_function *)calloc(1, sizeof(dw_dbg_function)); - - /* Récupération des informations de base */ - - if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_NAME, &result->name)) - goto lfds_error; - - if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_LOW_PC, &result->low_pc)) - goto lfds_error; - - if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_HIGH_PC, &result->high_pc)) - goto lfds_error; - - /* Type de la fonction */ - - if (test_dwarf_abbrev_attribute(abbrev, DWA_TYPE)) - { - if (!read_dwarf_abbrev_attribute(format, pos, false, abbrev, DWA_TYPE, &type_pos)) - goto lfds_error; - - subpos = cu->startpos + type_pos; - - subabbrev = find_dwarf_abbreviations(format, &cu->offset, &subpos); - - retstr = resolve_dwarf_function_type(format, subabbrev, &subpos, cu); - - } - else retstr = strdup("void"); - - if (retstr == NULL) - { - proto_len = 3; - prototype = (char *)calloc(proto_len + 1, sizeof(char)); - strcat(prototype, "???"); - - is_pointer = false; - - } - else - { - proto_len = strlen(retstr); - prototype = (char *)calloc(proto_len + 1, sizeof(char)); - strcat(prototype, retstr); - - is_pointer = (retstr[strlen(retstr) - 1] == '*'); - - free(retstr); - - } - - /* On saute l'abréviation de la déclaration de fonction... */ - - subpos = *pos; + data.format = format; + data.ranges = ranges; - if (!read_uleb128(format, &subpos, &index, true)) - goto lfds_error; + /* Lancement des travaux */ - if (!skip_dwarf_abbrev(format, &subpos, abbrev)) - goto lfds_error; + runs_count = get_max_online_threads(); - /* Lecture des différents arguments */ + run_size = count / runs_count; - proto_len += (!is_pointer ? 1 : 0) + strlen(result->name) + 1; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - if (!is_pointer) strcat(prototype, " "); - strcat(prototype, result->name); - strcat(prototype, "("); + queue = get_work_queue(); - first_arg = true; + msg = gtk_status_stack_add_activity(status, _("Loading all information from the .debug_info section..."), + get_mrange_length(&range)); - while (1) - { - subabbrev = find_dwarf_abbreviations(format, &cu->offset, &subpos); - if (subabbrev == NULL) goto exit_loop; - - switch (subabbrev->tag) + for (i = 0; i < runs_count; i++) { - case DWT_UNSPECIFIED_PARAMETERS: - - /* Virgule de séparation */ - - if (first_arg) first_arg = false; - else - { - proto_len += 2; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, ", "); - } - - /* Marque de l'absence de type */ - - proto_len += 3; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, "..."); - - break; - - case DWT_FORMAL_PARAMETER: - - if (!read_dwarf_abbrev_attribute(format, &subpos, false, subabbrev, DWA_TYPE, &type_pos)) - goto lfds_error; - - subpos2 = cu->startpos + type_pos; - - subabbrev2 = find_dwarf_abbreviations(format, &cu->offset, &subpos2); - - retstr = resolve_dwarf_function_type(format, subabbrev2, &subpos2, cu); - - /* Virgule de séparation */ - - if (first_arg) first_arg = false; - else - { - proto_len += 2; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, ", "); - } + begin = i * run_size; - /* Type de l'argument */ + if ((i + 1) == runs_count) + end = count; + else + end = begin + run_size; - if (retstr == NULL) - { - proto_len += 3; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, "???"); + work = g_seq_work_new_boolean(&data, begin, end, msg, + (seq_work_bool_cb)extract_dies_from_debug_info, &result); - is_pointer = false; + g_work_queue_schedule_work(queue, G_DELAYED_WORK(work), gid); - } - else - { - proto_len += strlen(retstr); - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, retstr); - - is_pointer = (retstr[strlen(retstr) - 1] == '*'); - - free(retstr); - - } - - /* Nom de l'argument */ - - if (test_dwarf_abbrev_attribute(abbrev, DWA_NAME)) - { - if (!read_dwarf_abbrev_attribute(format, &subpos, false, subabbrev, DWA_NAME, &retstr)) - goto lfds_error; - } - else retstr = strdup(_("[no name]")); - - if (retstr != NULL) - { - proto_len += strlen(retstr) + (!is_pointer ? 1 : 0) + 1; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - if (!is_pointer) strcat(prototype, " "); - strcat(prototype, retstr); - - free(retstr); + } - } + g_work_queue_wait_for_completion(queue, gid); - break; + gtk_status_stack_remove_activity(status, msg); - default: - goto exit_loop; - break; + exit: - } + if (ranges != NULL) + free(ranges); - if (!skip_dwarf_abbrev(format, &subpos, subabbrev)) - goto lfds_error; + g_object_unref(G_OBJECT(restricted)); } - exit_loop: - - proto_len += 1; - prototype = (char *)realloc(prototype, (proto_len + 1) * sizeof(char)); - strcat(prototype, ")"); - - result->prototype = prototype; - return result; - lfds_error: - - if (result->name != NULL) free(result->name); - if (result->prototype != NULL) free(result->prototype); - - free(result); - - return NULL; - } /****************************************************************************** * * -* Paramètres : format = informations de débogage à compléter. * -* abbrev = abréviation associée au type. * -* pos = tête de lecture à avoir sous le coude. * -* cu = unité de compilation courante. * +* Paramètres : data = ensemble d'informations utiles à l'opération. * +* i = indice des éléments à traiter. * +* status = barre de statut à tenir informée. * +* id = identifiant du message affiché à l'utilisateur. * * * -* Description : Obtient la description humaine d'un type. * +* Description : Procède au chargement d'un DIE de la section debug_info. * * * -* Retour : Chaîne de caractères en cas de succès, NULL sinon. * +* Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ -char *resolve_dwarf_function_type(dwarf_format *format, const dw_abbrev *abbrev, const off_t *pos, const compil_unit *cu) +static bool extract_dies_from_debug_info(const work_data *data, size_t i, GtkStatusStack *status, activity_id_t id) { - char *result; /* Description à retourner */ - off_t oldpos; /* Conservation de l'indice */ - uint32_t type_pos; /* Sous-type détecté */ - uint64_t index; /* Indice de l'abréviation... */ - const dw_abbrev *subabbrev; /* ... et abréviation associée */ - size_t len; /* Longeur d'un résultat */ - - result = NULL; - oldpos = *pos; - - switch (abbrev->tag) - { - /* 0x04 */ - case DWT_ENUMERATION_TYPE: - - oldpos = *pos; - read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); - - if (result != NULL) - { - len = strlen(result); - - result = (char *)realloc(result, (strlen("enum ") + len + 1) * sizeof(char)); - memmove(&result[strlen("enum ")], result, len); - memcpy(result, "enum ", strlen("enum ")); - - } - - break; - - /* 0x0f */ - case DWT_POINTER_TYPE: - - if (test_dwarf_abbrev_attribute(abbrev, DWA_TYPE)) - { - if (!read_dwarf_abbrev_attribute(format, &oldpos, true, abbrev, DWA_TYPE, &type_pos)) - return NULL; - - oldpos = cu->startpos + type_pos; - - subabbrev = find_dwarf_abbreviations(format, &cu->offset, &oldpos); - - result = resolve_dwarf_function_type(format, subabbrev, &oldpos, cu); - - } - else result = strdup("void"); - - if (result != NULL) - { - len = strlen(result); - - if (result[len - 1] == '*') - { - result = (char *)realloc(result, (len + 2) * sizeof(char)); - result[len] = '*'; - } - else - { - result = (char *)realloc(result, (len + 3) * sizeof(char)); - strcat(result, " *"); - } - - } - - break; - - /* 0x13 */ - case DWT_STRUCTURE_TYPE: - - oldpos = *pos; - read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); - - if (result != NULL) - { - len = strlen(result); - - result = (char *)realloc(result, (strlen("struct ") + len + 1) * sizeof(char)); - memmove(&result[strlen("struct ")], result, len); - memcpy(result, "struct ", strlen("struct ")); - - } - - break; - - /* 0x16 */ - case DWT_TYPEDEF: - oldpos = *pos; - read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); - break; - - /* 0x24 */ - case DWT_BASE_TYPE: - oldpos = *pos; - read_dwarf_abbrev_attribute(format, &oldpos, true /* ??? */, abbrev, DWA_NAME, &result); - break; - - /* 0x26 */ - case DWT_CONST_TYPE: - - - - if (read_dwarf_abbrev_attribute(format, &oldpos, true, abbrev, DWA_TYPE, &type_pos)) - printf(" ## sub type :: 0x%08x\n", type_pos); - else printf(" error: no type\n"); - - oldpos = cu->startpos + type_pos; - - - - + bool result; /* Bilan à retourner */ + GDwarfFormat *format; /* Format en cours d'analyse */ + GBinContent *content; /* Contenu binaire à lire */ + GExeFormat *exe; /* Exécutable associé */ + SourceEndian endian; /* Boutisme du format parent */ + vmpa2t iter; /* Tête de lecture mouvante */ + dw_compil_unit_header header; /* Unité à cerner puis traiter */ + vmpa2t next; /* Départ de l'unité suivante */ + dw_abbrev_brotherhood *abbrevs; /* Série d'abréviations */ + format = data->format; - subabbrev = find_dwarf_abbreviations(format, &cu->offset, &oldpos); - printf("subabbrev == %p\n", subabbrev); + /** + * Comme les informations peuvent aller taper ailleurs dans le binaire + * (par exemple dans la section debug_str pour certaine valeur, on ne peut + * pas restreinte le contenu au seul espace traité. + * + * L'en-tête lui même a déjà été valide, donc on ne s'embête pas à distinguer + * différents cas ici. + */ + content = G_BIN_FORMAT(format)->content; + exe = G_DBG_FORMAT(format)->executable; + endian = g_binary_format_get_endianness(G_BIN_FORMAT(exe)); - result = resolve_dwarf_function_type(format, subabbrev, &oldpos, cu); + copy_vmpa(&iter, get_mrange_addr(&data->ranges[i])); - if (result != NULL) - { - len = strlen(result); + result = read_dwarf_compil_unit_header(content, &iter, endian, &header, &next); + if (!result) goto exit; - result = (char *)realloc(result, (strlen("const ") + len + 1) * sizeof(char)); - memmove(&result[strlen("const ")], result, len); - memcpy(result, "const ", strlen("const ")); + abbrevs = load_all_dwarf_abbreviations(format, &header); + if (abbrevs == NULL) goto exit; - } + result = build_dwarf_die(format, content, &iter, &header, abbrevs, &format->info[i]); - break; + free_all_dwarf_abbreviations(abbrevs); - default: - printf("### NOT HANDLED ### Tag :: 0x%02x\n", abbrev->tag); - break; + gtk_status_stack_update_activity_value(status, id, get_mrange_length(&data->ranges[i])); - } + exit: return result; } -#endif diff --git a/plugins/dwarf/info.h b/plugins/dwarf/info.h index 76220e5..011b880 100644 --- a/plugins/dwarf/info.h +++ b/plugins/dwarf/info.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * info.h - prototypes pour la lecture des informations principales du format DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,43 +21,23 @@ */ -#ifndef _FORMAT_DWARF_INFO_H -#define _FORMAT_DWARF_INFO_H +#ifndef _PLUGINS_DWARF_INFO_H +#define _PLUGINS_DWARF_INFO_H #include <stdbool.h> -#include "dwarf.h" - - - -/* Charge les informations depuis une section ".debug_info". */ -bool load_dwarf_debug_information(GDwarfFormat *); - - - - +#include <glibext/delayed.h> +#include "format.h" -#if 0 -#include <stdbool.h> - - -#include "d_dwarf.h" - - - -/* Charge les informations trouvées dans un DWARF. */ -bool load_dwarf_information(dwarf_format *); - -/* Décharge les informations trouvées dans un DWARF. */ -void unload_dwarf_information(dwarf_format *); -#endif +/* Charge les informations depuis une section ".debug_info". */ +bool load_dwarf_debug_information(GDwarfFormat *, wgroup_id_t, GtkStatusStack *); -#endif /* _FORMAT_DWARF_INFO_H */ +#endif /* _PLUGINS_DWARF_INFO_H */ diff --git a/plugins/dwarf/utils.c b/plugins/dwarf/utils.c index b767970..444d3a6 100644 --- a/plugins/dwarf/utils.c +++ b/plugins/dwarf/utils.c @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * utils.h - prototypes pour les fonctions d'aisance vis à vis du format DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -24,192 +24,109 @@ #include "utils.h" -#include <string.h> - - -#include "dwarf-int.h" - - /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur au format LEB128 lue. [OUT] * -* update = indique si la position est à mettre à jour. * +* Paramètres : content = contenu binaire à consulter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête à déterminer. [OUT] * +* next = position du prochain en-tête. [OUT] * * * -* Description : Lit une valeur Little Endian Base 128 signée. * +* Description : Procède à la lecture de l'en-tête d'un contenu binaire DWARF.* * * * Retour : Bilan de l'opération. * * * -* Remarques : En cas d'échec, la tête de lecture est indéterminée. * +* Remarques : - * * * ******************************************************************************/ -bool read_leb128(dwarf_format *format, off_t *pos, int64_t *value, bool update) +bool read_dwarf_section_header(const GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_section_header *header, vmpa2t *next) { - off_t curpos; /* Tête de lecture effective */ - int shift; /* Décalage à appliquer */ - off_t i; /* Boucle de parcours */ - - curpos = *pos; - shift = 0; - *value = 0; - - for (i = 0; i < 8; i++) - { - /* On évite les débordements... */ - if (curpos >= DBG_FORMAT(format)->length) return false; + bool result; /* Bilan à retourner */ + uint32_t first; /* Premier paquet d'octets */ + bool status; /* Bilan d'opération */ - *value |= (DBG_FORMAT(format)->content[curpos] & 0x7f) << shift; + result = false; - shift += 7; - curpos++; + status = g_binary_content_read_u32(content, pos, endian, &first); + if (!status) goto rdsh_exit; - if ((DBG_FORMAT(format)->content[*pos + i] & 0x80) == 0x00) break; + if (first >= 0xfffffff0 && first != 0xffffffff) + goto rdsh_exit; + if (first == 0xffffffff) + { + result = g_binary_content_read_u64(content, pos, endian, &header->unit_length); + header->is_32b = false; } - - if ((shift < 64) && (DBG_FORMAT(format)->content[curpos - 1] & 0x40) == 0x40) - *value |= - (1 << shift); - - if (update) *pos = curpos; - - return (i < 8); - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur au format LEB128 lue. [OUT] * -* update = indique si la position est à mettre à jour. * -* * -* Description : Lit une valeur Little Endian Base 128 non signée. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : En cas d'échec, la tête de lecture est indéterminée. * -* * -******************************************************************************/ - -bool read_uleb128(dwarf_format *format, off_t *pos, uint64_t *value, bool update) -{ - off_t curpos; /* Tête de lecture effective */ - int shift; /* Décalage à appliquer */ - off_t i; /* Boucle de parcours */ - - curpos = *pos; - shift = 0; - *value = 0; - - for (i = 0; i < 8; i++) + else { - /* On évite les débordements... */ - if (curpos >= DBG_FORMAT(format)->length) return false; - - *value |= (DBG_FORMAT(format)->content[curpos] & 0x7f) << shift; - - shift += 7; - curpos++; - - if ((DBG_FORMAT(format)->content[*pos + i] & 0x80) == 0x00) break; + result = true; + header->unit_length = first; + header->is_32b = true; + } + if (next != NULL) + { + copy_vmpa(next, pos); + advance_vmpa(next, header->unit_length); } - if (update) *pos = curpos; + result &= g_binary_content_read_u16(content, pos, endian, &header->version); + + rdsh_exit: - return (i < 8); + return result; } /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur entière lue. [OUT] * +* Paramètres : content = contenu binaire à consulter. * +* pos = position de début de lecture. [OUT] * +* endian = boutisme reconnu dans le format. * +* header = en-tête à déterminer. [OUT] * +* next = position du prochain en-tête. [OUT] * * * -* Description : Lit une valeur représentant une longueur d'unité. * +* Description : Procède à la lecture de l'en-tête d'une unité de compilation.* * * * Retour : Bilan de l'opération. * * * -* Remarques : Un peu sale : la sortie est signée et dépend du système, * -* alors que la valeur est non signée et dépend de la cible. * +* Remarques : - * * * ******************************************************************************/ -bool read_unit_length(dwarf_format *format, off_t *pos, off_t *value) +bool read_dwarf_compil_unit_header(GBinContent *content, vmpa2t *pos, SourceEndian endian, dw_compil_unit_header *header, vmpa2t *next) { bool result; /* Bilan à retourner */ - uint32_t val32; /* Entier sur 4 octets */ - uint64_t val64; /* Entier sur 8 octets */ + uint32_t val32; /* Premier paquet d'octets */ + bool status; /* Bilan d'opération */ - /* FIXME : Endian... */ + result = false; - if (format->format == DWF_32_BITS) - { - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - - if (result) - { - memcpy(&val32, &DBG_FORMAT(format)->content[*pos], 4); - (*pos) += 4; + status = read_dwarf_section_header(content, pos, endian, (dw_section_header *)header, next); + if (!status) goto rdcuh_exit; - *value = val32; + if (header->is_32b) + { + status = g_binary_content_read_u32(content, pos, endian, &val32); + if (!status) goto rdcuh_exit; - } + header->debug_abbrev_offset = val32; } else { - result = ((*pos + 4 + 8) <= DBG_FORMAT(format)->length); - - if (result) - { - memcpy(&val64, &DBG_FORMAT(format)->content[*pos + 4], 8); - (*pos) += 4 + 8; - - *value = val64; - - } + status = g_binary_content_read_u64(content, pos, endian, &header->debug_abbrev_offset); + if (!status) goto rdcuh_exit; } - return result; - -} - - -/****************************************************************************** -* * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur entière non signée lue. [OUT] * -* * -* Description : Lit une valeur non signée sur deux octets. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_uhalf(dwarf_format *format, off_t *pos, uint16_t *value) -{ - bool result; /* Bilan à retourner */ - - /* FIXME : Endian... */ + result = g_binary_content_read_u8(content, pos, &header->address_size); - result = ((*pos + 2) <= DBG_FORMAT(format)->length); - - if (result) - { - memcpy(value, &DBG_FORMAT(format)->content[*pos], 2); - (*pos) += 2; - } + rdcuh_exit: return result; @@ -218,53 +135,30 @@ bool read_uhalf(dwarf_format *format, off_t *pos, uint16_t *value) /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur entière lue. [OUT] * +* Paramètres : content = contenu binaire à consulter. * +* pos = position de début de lecture. [OUT] * +* decl = structure lue à retourner. [OUT] * * * -* Description : Lit une valeur indiquant une position dans les abréviations. * +* Description : Procède à la lecture d'une déclaration d'abréviation DWARF. * * * * Retour : Bilan de l'opération. * * * -* Remarques : Un peu sale : la sortie est signée et dépend du système, * -* alors que la valeur est non signée et dépend de la cible. * +* Remarques : - * * * ******************************************************************************/ -bool read_abbrev_offset(dwarf_format *format, off_t *pos, off_t *value) +bool read_dwarf_abbrev_decl(const GBinContent *content, vmpa2t *pos, dw_abbrev_decl *decl) { bool result; /* Bilan à retourner */ - uint32_t val32; /* Entier sur 4 octets */ - uint64_t val64; /* Entier sur 8 octets */ - - /* FIXME : Endian... */ - - if (format->format == DWF_32_BITS) - { - result = ((*pos + 4) <= DBG_FORMAT(format)->length); - - if (result) - { - memcpy(&val32, &DBG_FORMAT(format)->content[*pos], 4); - (*pos) += 4; - *value = val32; + result = g_binary_content_read_uleb128(content, pos, &decl->code); - } - - } - else + if (result && decl->code > 0) { - result = ((*pos + 8) <= DBG_FORMAT(format)->length); + result = g_binary_content_read_uleb128(content, pos, &decl->tag); if (result) - { - memcpy(&val64, &DBG_FORMAT(format)->content[*pos], 8); - (*pos) += 8; - - *value = val64; - - } + result = g_binary_content_read_u8(content, pos, &decl->has_children); } @@ -275,11 +169,11 @@ bool read_abbrev_offset(dwarf_format *format, off_t *pos, off_t *value) /****************************************************************************** * * -* Paramètres : format = informations de débogage à consulter. * -* pos = tête de lecture à mettre à jour. [OUT] * -* value = valeur entière non signée lue. [OUT] * +* Paramètres : content = contenu binaire à consulter. * +* pos = position de début de lecture. [OUT] * +* attr = structure lue à retourner. [OUT] * * * -* Description : Lit une valeur indiquant la taille des adresses mémoire. * +* Description : Procède à la lecture d'un attribut d'abréviation DWARF. * * * * Retour : Bilan de l'opération. * * * @@ -287,17 +181,14 @@ bool read_abbrev_offset(dwarf_format *format, off_t *pos, off_t *value) * * ******************************************************************************/ -bool read_address_size(dwarf_format *format, off_t *pos, uint8_t *value) +bool read_dwarf_abbrev_attr(const GBinContent *content, vmpa2t *pos, dw_abbrev_raw_attr *attr) { bool result; /* Bilan à retourner */ - result = ((*pos + 1) <= DBG_FORMAT(format)->length); + result = g_binary_content_read_uleb128(content, pos, &attr->name); if (result) - { - *value = DBG_FORMAT(format)->content[*pos]; - (*pos)++; - } + result = g_binary_content_read_uleb128(content, pos, &attr->form); return result; diff --git a/plugins/dwarf/utils.h b/plugins/dwarf/utils.h index 6727082..ea340bb 100644 --- a/plugins/dwarf/utils.h +++ b/plugins/dwarf/utils.h @@ -2,7 +2,7 @@ /* Chrysalide - Outil d'analyse de fichiers binaires * utils.h - prototypes pour les fonctions d'aisance vis à vis du format DWARF * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2008-2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,36 +21,29 @@ */ -#ifndef _FORMAT_DWARF_UTILS_H -#define _FORMAT_DWARF_UTILS_H +#ifndef _PLUGINS_DWARF_UTILS_H +#define _PLUGINS_DWARF_UTILS_H -#include <stdbool.h> -#include <stdint.h> +#include <analysis/content.h> -#include "d_dwarf.h" +#include "def.h" -/* Lit une valeur Little Endian Base 128 signée. */ -bool read_leb128(dwarf_format *, off_t *, int64_t *, bool); +/* Procède à la lecture de l'en-tête d'un contenu binaire DWARF. */ +bool read_dwarf_section_header(const GBinContent *, vmpa2t *, SourceEndian, dw_section_header *, vmpa2t *); -/* Lit une valeur Little Endian Base 128 non signée. */ -bool read_uleb128(dwarf_format *, off_t *, uint64_t *, bool); +/* Procède à la lecture de l'en-tête d'une unité de compilation. */ +bool read_dwarf_compil_unit_header(GBinContent *, vmpa2t *, SourceEndian, dw_compil_unit_header *, vmpa2t *); -/* Lit une valeur représentant une longueur d'unité. */ -bool read_unit_length(dwarf_format *, off_t *, off_t *); +/* Procède à la lecture d'une déclaration d'abréviation DWARF. */ +bool read_dwarf_abbrev_decl(const GBinContent *, vmpa2t *, dw_abbrev_decl *); -/* Lit une valeur non signée sur deux octets. */ -bool read_uhalf(dwarf_format *, off_t *, uint16_t *); +/* Procède à la lecture d'un attribut d'abréviation DWARF. */ +bool read_dwarf_abbrev_attr(const GBinContent *, vmpa2t *, dw_abbrev_raw_attr *); -/* Lit une valeur indiquant une position dans les abréviations. */ -bool read_abbrev_offset(dwarf_format *, off_t *, off_t *); -/* Lit une valeur indiquant la taille des adresses mémoire. */ -bool read_address_size(dwarf_format *, off_t *, uint8_t *); - - -#endif /* _FORMAT_DWARF_UTILS_H */ +#endif /* _PLUGINS_DWARF_UTILS_H */ diff --git a/plugins/dwarf/v2/Makefile.am b/plugins/dwarf/v2/Makefile.am index d1fc563..a597686 100644 --- a/plugins/dwarf/v2/Makefile.am +++ b/plugins/dwarf/v2/Makefile.am @@ -1,18 +1,17 @@ -noinst_LTLIBRARIES = libformatdwarfv2.la +noinst_LTLIBRARIES = libdwarfv2.la -libformatdwarfv2_la_SOURCES = \ - dwarf.h dwarf.c \ - form.h form.c +libdwarfv2_la_SOURCES = \ + checks.h checks.c -libformatdwarfv2_la_LDFLAGS = $(LIBGTK_LIBS) +libdwarfv2_la_LDFLAGS = $(LIBGTK_LIBS) -devdir = $(includedir)/chrysalide/$(subdir:src/%=%) +devdir = $(includedir)/chrysalide-$(subdir) -dev_HEADERS = $(libformatdwarfv2_la_SOURCES:%c=) +dev_HEADERS = $(libdwarfv2_la_SOURCES:%c=) -AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/d_dwarf.c b/plugins/dwarf/v2/checks.c index 67ab955..4d1e660 100644 --- a/plugins/dwarf/d_dwarf.c +++ b/plugins/dwarf/v2/checks.c @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * d_dwarf.c - support du format DWARF + * checks.c - validations liées au format DWARF v2 * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,54 +21,32 @@ */ -#include "d_dwarf.h" - - -#include <malloc.h> - - -#include "abbrev.h" -#include "dwarf-int.h" -#include "info.h" - - - - +#include "checks.h" /****************************************************************************** * * -* Paramètres : content = contenu binaire à parcourir. * -* length = taille du contenu en question. * -* e_format = gestionnaire global (partie exécutable). * +* Paramètres : decl = structure brute dont le contenu est à valider. * * * -* Description : Prend en charge un nouveau DWARF. * +* Description : Procède à la conversion de base d'une abréviation DWARF. * * * -* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* +* Retour : Validité confirmée ou non. * * * * Remarques : - * * * ******************************************************************************/ -dwarf_format *load_dwarf(const uint8_t *content, off_t length, exe_format *e_format) +bool check_dwarfv2_abbrev_decl(const dw_abbrev_decl *decl) { - dwarf_format *result; /* Structure à retourner */ - bool test; /* Bilan d'une initialisation */ + bool result; /* Validité à retourner */ - result = (dwarf_format *)calloc(1, sizeof(dwarf_format)); - - DBG_FORMAT(result)->content = content; - DBG_FORMAT(result)->length = length; - - DBG_FORMAT(result)->e_format = e_format; - - result->format = DWF_32_BITS; - - test = load_dwarf_abbreviations(result); - - test = load_dwarf_information(result); + result = (decl->tag >= DW_TAG_array_type && decl->tag <= DW_TAG_volatile_type) + || (decl->tag >= DW_TAG_lo_user && decl->tag <= DW_TAG_hi_user); + if (result) + result = (decl->has_children == DW_CHILDREN_no + || decl->has_children == DW_CHILDREN_yes); return result; @@ -77,37 +55,25 @@ dwarf_format *load_dwarf(const uint8_t *content, off_t length, exe_format *e_for /****************************************************************************** * * -* Paramètres : format = informations chargées à consulter. * -* comments = liste des commentaires à insérer. [OUT] * -* offsets = liste des indices des commentaires. [OUT] * +* Paramètres : decl = structure brute dont le contenu est à valider. * * * -* Description : Récupère tous les commentaires à insérer dans le code. * +* Description : Procède à la conversion d'un attribut d'abréviation DWARF. * * * -* Retour : Nombre d'éléments mis en place. * +* Retour : Validité confirmée ou non. * * * * Remarques : - * * * ******************************************************************************/ -size_t get_dwarf_comments(const dwarf_format *format, const char ***comments, uint64_t **offsets) +bool check_dwarfv2_abbrev_attrib(const dw_abbrev_raw_attr *attr) { - size_t result; /* Quantité à retourner */ - size_t i; /* Boucle de parcours */ - - result = format->dbg_fc_count; - - if (result > 0) - { - *comments = (char **)calloc(result, sizeof(char *)); - *offsets = (uint64_t *)calloc(result, sizeof(uint64_t)); + bool result; /* Validité à retourner */ - for (i = 0; i < result; i++) - { - (*comments)[i] = format->dbg_functions[i]->prototype; - (*offsets)[i] = format->dbg_functions[i]->low_pc; - } + result = (attr->name >= DW_AT_sibling && attr->name <= DW_AT_vtable_elem_location) + || (attr->name >= DW_AT_lo_user && attr->name <= DW_AT_hi_user); - } + if (result) + result = (attr->form >= DW_FORM_addr && attr->form <= DW_FORM_indirect); return result; diff --git a/plugins/dwarf/v4/form.h b/plugins/dwarf/v2/checks.h index 053b693..c0f8030 100644 --- a/plugins/dwarf/v4/form.h +++ b/plugins/dwarf/v2/checks.h @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * form.h - prototypes pour le chargement en mémoire des valeurs d'attributs + * checks.h - prototypes pour les validations liées au format DWARF v2 * - * Copyright (C) 2016-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,19 +21,23 @@ */ -#ifndef _FORMAT_DWARF_V4_FORM_H -#define _FORMAT_DWARF_V4_FORM_H +#ifndef _PLUGINS_DWARF_V2_CHECKS_H +#define _PLUGINS_DWARF_V2_CHECKS_H -#include "../dwarf.h" -#include "../dwarf_def.h" -#include "../../../analysis/content.h" +#include <stdbool.h> +#include "../def.h" -/* Lit la valeur correspondant à un type donné. */ -bool read_dwarf_v4_form_value(const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_v4_form_value *); +/* Procède à la conversion de base d'une abréviation DWARF. */ +bool check_dwarfv2_abbrev_decl(const dw_abbrev_decl *); -#endif /* _FORMAT_DWARF_V4_FORM_H */ +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +bool check_dwarfv2_abbrev_attrib(const dw_abbrev_raw_attr *); + + + +#endif /* _PLUGINS_DWARF_V2_CHECKS_H */ diff --git a/plugins/dwarf/v2/dwarf.c b/plugins/dwarf/v2/dwarf.c deleted file mode 100644 index 8f794bf..0000000 --- a/plugins/dwarf/v2/dwarf.c +++ /dev/null @@ -1,180 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.c - support du format DWARF v2 - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "dwarf.h" - - -#include "../dwarf-int.h" - - -#include "form.h" - - - -/* Format de débogage DWARF v2 (instance) */ -struct _GDwarfV2Format -{ - GDwarfFormat parent; /* A laisser en premier */ - -}; - -/* Format de débogage DWARF v2 (classe) */ -struct _GDwarfV2FormatClass -{ - GDwarfFormatClass parent; /* A laisser en premier */ - -}; - - -/* Initialise la classe des formats de débogage DWARF v2. */ -static void g_dwarfv2_format_class_init(GDwarfV2FormatClass *); - -/* Initialise une instance de format de débogage DWARF v2. */ -static void g_dwarfv2_format_init(GDwarfV2Format *); - -/* Supprime toutes les références externes. */ -static void g_dwarfv2_format_dispose(GDwarfV2Format *); - -/* Procède à la libération totale de la mémoire. */ -static void g_dwarfv2_format_finalize(GDwarfV2Format *); - - - -/* Indique le type défini pour un format de débogage DWARF v2. */ -G_DEFINE_TYPE(GDwarfV2Format, g_dwarfv2_format, G_TYPE_DWARF_FORMAT); - - -/****************************************************************************** -* * -* Paramètres : klass = classe à initialiser. * -* * -* Description : Initialise la classe des formats de débogage DWARF v2. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv2_format_class_init(GDwarfV2FormatClass *klass) -{ - GObjectClass *object; /* Autre version de la classe */ - GDwarfFormatClass *dwarf; /* Version parente de la classe*/ - - object = G_OBJECT_CLASS(klass); - - object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv2_format_dispose; - object->finalize = (GObjectFinalizeFunc)g_dwarfv2_format_finalize; - - dwarf = G_DWARF_FORMAT_CLASS(klass); - - dwarf->read_form = (read_form_value_fc)read_dwarf_v2_form_value; - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance à initialiser. * -* * -* Description : Initialise une instance de format de débogage DWARF v2. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv2_format_init(GDwarfV2Format *format) -{ - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance d'objet GLib à traiter. * -* * -* Description : Supprime toutes les références externes. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv2_format_dispose(GDwarfV2Format *format) -{ - G_OBJECT_CLASS(g_dwarfv2_format_parent_class)->dispose(G_OBJECT(format)); - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance d'objet GLib à traiter. * -* * -* Description : Procède à la libération totale de la mémoire. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv2_format_finalize(GDwarfV2Format *format) -{ - G_OBJECT_CLASS(g_dwarfv2_format_parent_class)->finalize(G_OBJECT(format)); - -} - - -/****************************************************************************** -* * -* Paramètres : content = contenu binaire à parcourir. * -* parent = éventuel format exécutable déjà chargé. * - status = barre de statut à tenir informée. * -* * -* Description : Prend en charge un nouveau format DWARF (v2). * -* * -* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* -* * -* Remarques : - * -* * -******************************************************************************/ - -GBinFormat *g_dwarfv2_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) -{ - GDwarfV2Format *result; /* Structure à retourner */ - - result = g_object_new(G_TYPE_DWARFV2_FORMAT, NULL); - - - - g_binary_format_set_content(G_BIN_FORMAT(result), content); - - - - return G_BIN_FORMAT(result); - -} diff --git a/plugins/dwarf/v2/dwarf.h b/plugins/dwarf/v2/dwarf.h deleted file mode 100644 index f3b3501..0000000 --- a/plugins/dwarf/v2/dwarf.h +++ /dev/null @@ -1,58 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.h - prototypes pour le support du format DWARF v2 - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _FORMAT_DWARF_V2_DWARF_H -#define _FORMAT_DWARF_V2_DWARF_H - - -#include <glib-object.h> - - -#include "../../../core/formats.h" - - - -#define G_TYPE_DWARFV2_FORMAT g_dwarfv2_format_get_type() -#define G_DWARFV2_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv2_format_get_type(), GDwarfV2Format)) -#define G_IS_DWARFV2_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv2_format_get_type())) -#define G_DWARFV2_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV2_FORMAT, GDwarfV2FormatClass)) -#define G_IS_DWARFV2_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV2_FORMAT)) -#define G_DWARFV2_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV2_FORMAT, GDwarfV2FormatClass)) - - -/* Format de débogage DWARF v2 (instance) */ -typedef struct _GDwarfV2Format GDwarfV2Format; - -/* Format de débogage DWARF v2 (classe) */ -typedef struct _GDwarfV2FormatClass GDwarfV2FormatClass; - - -/* Indique le type défini pour un format de débogage DWARF v2. */ -GType g_dwarfv2_format_get_type(void); - -/* Prend en charge un nouveau format DWARF (v2). */ -GBinFormat *g_dwarfv2_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); - - - -#endif /* _FORMAT_DWARF_V2_DWARF_H */ diff --git a/plugins/dwarf/v2/form.c b/plugins/dwarf/v2/form.c deleted file mode 100644 index 7e012b7..0000000 --- a/plugins/dwarf/v2/form.c +++ /dev/null @@ -1,276 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * form.c - chargement en mémoire des valeurs d'attributs - * - * Copyright (C) 2016-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "form.h" - - -#include "../dwarf-int.h" - - - -/****************************************************************************** -* * -* Paramètres : format = contenu binaire de débogage à parcourir. * -* cu = unité de compilation parente. * -* form = nature de la valeur à lire. * -* pos = tête de lecture au sein des données. [OUT] * -* value = valeur au format donné lue. [OUT] * -* * -* Description : Lit la valeur correspondant à un type donné. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_v2_form_value(const GDwarfFormat *format, const dw_compil_unit_header *cu, DwarfForm form, vmpa2t *pos, dw_v2_form_value *value) -{ - bool result; /* Bilan de lecture à renvoyer */ - GBinContent *content; /* Contenu binaire à parcourir */ - SourceEndian endian; /* Boutisme des enregistrements*/ - GExeFormat *exe; /* Format d'exécutable rattaché*/ - const bin_t *tmp; /* Données quelconques */ - uint8_t tmp8; /* Données sur 8 bits */ - uint16_t tmp16; /* Données sur 16 bits */ - uint32_t tmp32; /* Données sur 32 bits */ - uint64_t tmp64; /* Données sur 64 bits */ - uleb128_t tmpuleb; /* Données sur xxx bits */ - phys_t offset; /* Décalage à appliquer */ - mrange_t range; /* Couverture d'une section */ - vmpa2t iter; /* Point de lecture parallèle */ - - content = G_BIN_FORMAT(format)->content; - endian = g_binary_format_get_endianness(G_BIN_FORMAT(format)); - exe = G_DBG_FORMAT(format)->executable; - - switch (form) - { - case DW_FORM_addr: - - switch (cu->address_size) - { - case 2: - result = g_binary_content_read_u16(content, pos, endian, &tmp16); - if (result) value->address = tmp16; - break; - case 4: - result = g_binary_content_read_u32(content, pos, endian, &tmp32); - if (result) value->address = tmp32; - break; - case 8: - result = g_binary_content_read_u64(content, pos, endian, &tmp64); - if (result) value->address = tmp64; - break; - default: - result = false; - break; - } - break; - - case DW_FORM_block2: - result = g_binary_content_read_u16(content, pos, endian, &tmp16); - if (result) - { - value->block.size = tmp16; - goto block_finish; - } - break; - - case DW_FORM_block4: - result = g_binary_content_read_u32(content, pos, endian, &tmp32); - if (result) - { - value->block.size = tmp32; - goto block_finish; - } - break; - - case DW_FORM_data2: - result = g_binary_content_read_u16(content, pos, endian, &value->data2); - break; - - case DW_FORM_data4: - result = g_binary_content_read_u32(content, pos, endian, &value->data4); - break; - - case DW_FORM_data8: - result = g_binary_content_read_u64(content, pos, endian, &value->data8); - break; - - case DW_FORM_string: - - tmp = g_binary_content_get_raw_access(content, pos, 1); - result = (tmp != NULL); - - if (result) - { - value->string = (const char *)tmp; - - while (result && *tmp != '\0') - { - tmp = g_binary_content_get_raw_access(content, pos, 1); - result = (tmp != NULL); - } - - } - - break; - - case DW_FORM_block: - - tmpuleb = 0; /* Pour GCC */ - - result = g_binary_content_read_uleb128(content, pos, &tmpuleb); - if (!result) break; - - value->block.size = tmpuleb; - - block_finish: - - value->block.start = g_binary_content_get_raw_access(content, pos, value->block.size); - - result = (value->block.start != NULL); - break; - - case DW_FORM_block1: - result = g_binary_content_read_u8(content, pos, &tmp8); - if (result) - { - value->block.size = tmp8; - goto block_finish; - } - break; - - case DW_FORM_data1: - result = g_binary_content_read_u8(content, pos, &value->data1); - break; - - case DW_FORM_flag: - result = g_binary_content_read_u8(content, pos, &value->flag); - break; - - case DW_FORM_sdata: - result = g_binary_content_read_leb128(content, pos, &value->sdata); - break; - - case DW_FORM_strp: - - /* Définition des positions */ - - if (cu->is_32b) - { - result = g_binary_content_read_u32(content, pos, endian, &tmp32); - offset = tmp32; - } - else - { - result = g_binary_content_read_u64(content, pos, endian, &tmp64); - offset = tmp64; - } - - /* Lecture dans la section adaptée */ - - if (result) - result = g_exe_format_get_section_range_by_name(exe, ".debug_str", &range); - - if (result) - { - copy_vmpa(&iter, get_mrange_addr(&range)); - - result = g_binary_content_seek(content, &iter, offset); - - if (!result) - break; - - tmp = g_binary_content_get_raw_access(content, &iter, 1); - result = (tmp != NULL); - - if (result) - { - value->string = (const char *)tmp; - - while (result && *tmp != '\0') - { - tmp = g_binary_content_get_raw_access(content, &iter, 1); - result = (tmp != NULL); - } - - } - - } - - break; - - case DW_FORM_udata: - result = g_binary_content_read_uleb128(content, pos, &value->udata); - break; - - - - - - - - - - - - case DW_FORM_ref1: - result = g_binary_content_read_u8(content, pos, &value->ref1); - break; - - case DW_FORM_ref2: - result = g_binary_content_read_u16(content, pos, endian, &value->ref2); - break; - - case DW_FORM_ref4: - result = g_binary_content_read_u32(content, pos, endian, &value->ref4); - break; - - case DW_FORM_ref8: - result = g_binary_content_read_u64(content, pos, endian, &value->ref8); - break; - - case DW_FORM_ref_udata: - result = g_binary_content_read_uleb128(content, pos, &value->ref_udata); - break; - - - - - - - - - - - default: - result = false; - break; - - } - - return result; - -} diff --git a/plugins/dwarf/v3/Makefile.am b/plugins/dwarf/v3/Makefile.am index f6c12c3..4bd063b 100644 --- a/plugins/dwarf/v3/Makefile.am +++ b/plugins/dwarf/v3/Makefile.am @@ -1,17 +1,17 @@ -noinst_LTLIBRARIES = libformatdwarfv3.la +noinst_LTLIBRARIES = libdwarfv3.la -libformatdwarfv3_la_SOURCES = \ - dwarf.h dwarf.c +libdwarfv3_la_SOURCES = \ + checks.h checks.c -libformatdwarfv3_la_LDFLAGS = $(LIBGTK_LIBS) +libdwarfv3_la_LDFLAGS = $(LIBGTK_LIBS) -devdir = $(includedir)/chrysalide/$(subdir:src/%=%) +devdir = $(includedir)/chrysalide-$(subdir) -dev_HEADERS = $(libformatdwarfv3_la_SOURCES:%c=) +dev_HEADERS = $(libdwarfv3_la_SOURCES:%c=) -AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/v3/checks.c b/plugins/dwarf/v3/checks.c new file mode 100644 index 0000000..39f9aee --- /dev/null +++ b/plugins/dwarf/v3/checks.c @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * checks.c - validations liées au format DWARF v3 + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "checks.h" + + + +/****************************************************************************** +* * +* Paramètres : decl = structure brute dont le contenu est à valider. * +* * +* Description : Procède à la conversion de base d'une abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarfv3_abbrev_decl(const dw_abbrev_decl *decl) +{ + bool result; /* Validité à retourner */ + + result = (decl->tag >= DW_TAG_array_type && decl->tag <= DW_TAG_shared_type) + || (decl->tag >= DW_TAG_lo_user && decl->tag <= DW_TAG_hi_user); + + if (result) + result = (decl->has_children == DW_CHILDREN_no + || decl->has_children == DW_CHILDREN_yes); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : decl = structure brute dont le contenu est à valider. * +* * +* Description : Procède à la conversion d'un attribut d'abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarfv3_abbrev_attrib(const dw_abbrev_raw_attr *attr) +{ + bool result; /* Validité à retourner */ + + result = (attr->name >= DW_AT_sibling && attr->name <= DW_AT_recursive) + || (attr->name >= DW_AT_lo_user && attr->name <= DW_AT_hi_user); + + if (result) + result = (attr->form >= DW_FORM_addr && attr->form <= DW_FORM_indirect); + + return result; + +} diff --git a/plugins/dwarf/v2/form.h b/plugins/dwarf/v3/checks.h index a124e67..f9ddbec 100644 --- a/plugins/dwarf/v2/form.h +++ b/plugins/dwarf/v3/checks.h @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * form.h - prototypes pour le chargement en mémoire des valeurs d'attributs + * checks.h - prototypes pour les validations liées au format DWARF v3 * - * Copyright (C) 2016-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,19 +21,23 @@ */ -#ifndef _FORMAT_DWARF_V2_FORM_H -#define _FORMAT_DWARF_V2_FORM_H +#ifndef _PLUGINS_DWARF_V3_CHECKS_H +#define _PLUGINS_DWARF_V3_CHECKS_H -#include "../dwarf.h" -#include "../dwarf_def.h" -#include "../../../analysis/content.h" +#include <stdbool.h> +#include "../def.h" -/* Lit la valeur correspondant à un type donné. */ -bool read_dwarf_v2_form_value(const GDwarfFormat *, const dw_compil_unit_header *, DwarfForm, vmpa2t *, dw_v2_form_value *); +/* Procède à la conversion de base d'une abréviation DWARF. */ +bool check_dwarfv3_abbrev_decl(const dw_abbrev_decl *); -#endif /* _FORMAT_DWARF_V2_FORM_H */ +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +bool check_dwarfv3_abbrev_attrib(const dw_abbrev_raw_attr *); + + + +#endif /* _PLUGINS_DWARF_V3_CHECKS_H */ diff --git a/plugins/dwarf/v3/dwarf.h b/plugins/dwarf/v3/dwarf.h deleted file mode 100644 index 5042b89..0000000 --- a/plugins/dwarf/v3/dwarf.h +++ /dev/null @@ -1,58 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.h - prototypes pour le support du format DWARF v3 - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _FORMAT_DWARF_V3_DWARF_H -#define _FORMAT_DWARF_V3_DWARF_H - - -#include <glib-object.h> - - -#include "../../../core/formats.h" - - - -#define G_TYPE_DWARFV3_FORMAT g_dwarfv3_format_get_type() -#define G_DWARFV3_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv3_format_get_type(), GDwarfV3Format)) -#define G_IS_DWARFV3_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv3_format_get_type())) -#define G_DWARFV3_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV3_FORMAT, GDwarfV3FormatClass)) -#define G_IS_DWARFV3_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV3_FORMAT)) -#define G_DWARFV3_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV3_FORMAT, GDwarfV3FormatClass)) - - -/* Format de débogage DWARF v3 (instance) */ -typedef struct _GDwarfV3Format GDwarfV3Format; - -/* Format de débogage DWARF v3 (classe) */ -typedef struct _GDwarfV3FormatClass GDwarfV3FormatClass; - - -/* Indique le type défini pour un format de débogage DWARF v3. */ -GType g_dwarfv3_format_get_type(void); - -/* Prend en charge un nouveau format DWARF (v3). */ -GBinFormat *g_dwarfv3_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); - - - -#endif /* _FORMAT_DWARF_V3_DWARF_H */ diff --git a/plugins/dwarf/v4/Makefile.am b/plugins/dwarf/v4/Makefile.am index ca77923..333dfac 100644 --- a/plugins/dwarf/v4/Makefile.am +++ b/plugins/dwarf/v4/Makefile.am @@ -1,18 +1,17 @@ -noinst_LTLIBRARIES = libformatdwarfv4.la +noinst_LTLIBRARIES = libdwarfv4.la -libformatdwarfv4_la_SOURCES = \ - dwarf.h dwarf.c \ - form.h form.c +libdwarfv4_la_SOURCES = \ + checks.h checks.c -libformatdwarfv4_la_LDFLAGS = $(LIBGTK_LIBS) +libdwarfv4_la_LDFLAGS = $(LIBGTK_LIBS) -devdir = $(includedir)/chrysalide/$(subdir:src/%=%) +devdir = $(includedir)/chrysalide-$(subdir) -dev_HEADERS = $(libformatdwarfv4_la_SOURCES:%c=) +dev_HEADERS = $(libdwarfv4_la_SOURCES:%c=) -AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I$(top_srcdir)/src AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/dwarf/v4/checks.c b/plugins/dwarf/v4/checks.c new file mode 100644 index 0000000..3450287 --- /dev/null +++ b/plugins/dwarf/v4/checks.c @@ -0,0 +1,80 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * checks.c - validations liées au format DWARF v4 + * + * Copyright (C) 2018 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * Chrysalide is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * Chrysalide is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. + */ + + +#include "checks.h" + + + +/****************************************************************************** +* * +* Paramètres : decl = structure brute dont le contenu est à valider. * +* * +* Description : Procède à la conversion de base d'une abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarfv4_abbrev_decl(const dw_abbrev_decl *decl) +{ + bool result; /* Validité à retourner */ + + result = (decl->tag >= DW_TAG_array_type && decl->tag <= DW_TAG_template_alias) + || (decl->tag >= DW_TAG_lo_user && decl->tag <= DW_TAG_hi_user); + + if (result) + result = (decl->has_children == DW_CHILDREN_no + || decl->has_children == DW_CHILDREN_yes); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : decl = structure brute dont le contenu est à valider. * +* * +* Description : Procède à la conversion d'un attribut d'abréviation DWARF. * +* * +* Retour : Validité confirmée ou non. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool check_dwarfv4_abbrev_attrib(const dw_abbrev_raw_attr *attr) +{ + bool result; /* Validité à retourner */ + + result = (attr->name >= DW_AT_sibling && attr->name <= DW_AT_linkage_name) + || (attr->name >= DW_AT_lo_user && attr->name <= DW_AT_hi_user); + + if (result) + result = (attr->form >= DW_FORM_addr && attr->form <= DW_FORM_ref_sig8); + + return result; + +} diff --git a/plugins/dwarf/d_dwarf.h b/plugins/dwarf/v4/checks.h index 4b699ca..25b8fc1 100644 --- a/plugins/dwarf/d_dwarf.h +++ b/plugins/dwarf/v4/checks.h @@ -1,8 +1,8 @@ /* Chrysalide - Outil d'analyse de fichiers binaires - * d_dwarf.h - prototypes pour le support du format DWARF + * checks.h - prototypes pour les validations liées au format DWARF v4 * - * Copyright (C) 2008-2017 Cyrille Bagard + * Copyright (C) 2018 Cyrille Bagard * * This file is part of Chrysalide. * @@ -21,30 +21,23 @@ */ -#ifndef _FORMAT_DWARF_DWARF_H -#define _FORMAT_DWARF_DWARF_H +#ifndef _PLUGINS_DWARF_V4_CHECKS_H +#define _PLUGINS_DWARF_V4_CHECKS_H -#include <stdint.h> -#include <sys/types.h> +#include <stdbool.h> -#include "../exe_format.h" +#include "../def.h" -/* Description du format DWARF */ -typedef struct _dwarf_format dwarf_format; +/* Procède à la conversion de base d'une abréviation DWARF. */ +bool check_dwarfv4_abbrev_decl(const dw_abbrev_decl *); +/* Procède à la conversion d'un attribut d'abréviation DWARF. */ +bool check_dwarfv4_abbrev_attrib(const dw_abbrev_raw_attr *); -/* Prend en charge un nouveau DWARF. */ -dwarf_format *load_dwarf(const uint8_t *, off_t, exe_format *); -/* Récupère tous les commentaires à insérer dans le code. */ -size_t get_dwarf_comments(const dwarf_format *, const char ***, uint64_t **); - - - - -#endif /* _FORMAT_DWARF_DWARF_H */ +#endif /* _PLUGINS_DWARF_V4_CHECKS_H */ diff --git a/plugins/dwarf/v4/dwarf.c b/plugins/dwarf/v4/dwarf.c deleted file mode 100644 index a220aff..0000000 --- a/plugins/dwarf/v4/dwarf.c +++ /dev/null @@ -1,182 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.c - support du format DWARF v4 - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "dwarf.h" - - -#include "../dwarf-int.h" - - -#include "form.h" - - - -/* Format de débogage DWARF v4 (instance) */ -struct _GDwarfV4Format -{ - GDwarfFormat parent; /* A laisser en premier */ - -}; - -/* Format de débogage DWARF v4 (classe) */ -struct _GDwarfV4FormatClass -{ - GDwarfFormatClass parent; /* A laisser en premier */ - -}; - - -/* Initialise la classe des formats de débogage DWARF v4. */ -static void g_dwarfv4_format_class_init(GDwarfV4FormatClass *); - -/* Initialise une instance de format de débogage DWARF v4. */ -static void g_dwarfv4_format_init(GDwarfV4Format *); - -/* Supprime toutes les références externes. */ -static void g_dwarfv4_format_dispose(GDwarfV4Format *); - -/* Procède à la libération totale de la mémoire. */ -static void g_dwarfv4_format_finalize(GDwarfV4Format *); - - - -/* Indique le type défini pour un format de débogage DWARF v4. */ -G_DEFINE_TYPE(GDwarfV4Format, g_dwarfv4_format, G_TYPE_DWARF_FORMAT); - - -/****************************************************************************** -* * -* Paramètres : klass = classe à initialiser. * -* * -* Description : Initialise la classe des formats de débogage DWARF v4. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv4_format_class_init(GDwarfV4FormatClass *klass) -{ - GObjectClass *object; /* Autre version de la classe */ - GDwarfFormatClass *dwarf; /* Version parente de la classe*/ - - object = G_OBJECT_CLASS(klass); - - object->dispose = (GObjectFinalizeFunc/* ! */)g_dwarfv4_format_dispose; - object->finalize = (GObjectFinalizeFunc)g_dwarfv4_format_finalize; - - dwarf = G_DWARF_FORMAT_CLASS(klass); - - dwarf->read_form = (read_form_value_fc)read_dwarf_v4_form_value; - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance à initialiser. * -* * -* Description : Initialise une instance de format de débogage DWARF v4. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv4_format_init(GDwarfV4Format *format) -{ - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance d'objet GLib à traiter. * -* * -* Description : Supprime toutes les références externes. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv4_format_dispose(GDwarfV4Format *format) -{ - G_OBJECT_CLASS(g_dwarfv4_format_parent_class)->dispose(G_OBJECT(format)); - -} - - -/****************************************************************************** -* * -* Paramètres : format = instance d'objet GLib à traiter. * -* * -* Description : Procède à la libération totale de la mémoire. * -* * -* Retour : - * -* * -* Remarques : - * -* * -******************************************************************************/ - -static void g_dwarfv4_format_finalize(GDwarfV4Format *format) -{ - G_OBJECT_CLASS(g_dwarfv4_format_parent_class)->finalize(G_OBJECT(format)); - -} - - -/****************************************************************************** -* * -* Paramètres : content = contenu binaire à parcourir. * -* parent = éventuel format exécutable déjà chargé. * - status = barre de statut à tenir informée. * -* * -* Description : Prend en charge un nouveau format DWARF (v4). * -* * -* Retour : Adresse de la structure mise en place ou NULL en cas d'échec.* -* * -* Remarques : - * -* * -******************************************************************************/ - -GBinFormat *g_dwarfv4_format_new(GBinContent *content, GExeFormat *parent, GtkStatusStack *status) -{ - GDwarfV4Format *result; /* Structure à retourner */ - - result = g_object_new(G_TYPE_DWARFV4_FORMAT, NULL); - - g_binary_format_set_content(G_BIN_FORMAT(result), content); - - if (!g_dwarf_format_load(G_DWARF_FORMAT(result), parent)) - { - g_object_unref(G_OBJECT(result)); - result = NULL; - } - - return G_BIN_FORMAT(result); - -} diff --git a/plugins/dwarf/v4/dwarf.h b/plugins/dwarf/v4/dwarf.h deleted file mode 100644 index 89135e3..0000000 --- a/plugins/dwarf/v4/dwarf.h +++ /dev/null @@ -1,58 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * dwarf.h - prototypes pour le support du format DWARF v4 - * - * Copyright (C) 2015-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#ifndef _FORMAT_DWARF_V4_DWARF_H -#define _FORMAT_DWARF_V4_DWARF_H - - -#include <glib-object.h> - - -#include "../../../core/formats.h" - - - -#define G_TYPE_DWARFV4_FORMAT g_dwarfv4_format_get_type() -#define G_DWARFV4_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), g_dwarfv4_format_get_type(), GDwarfV4Format)) -#define G_IS_DWARFV4_FORMAT(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), g_dwarfv4_format_get_type())) -#define G_DWARFV4_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), G_TYPE_DWARFV4_FORMAT, GDwarfV4FormatClass)) -#define G_IS_DWARFV4_FORMAT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE((klass), G_TYPE_DWARFV4_FORMAT)) -#define G_DWARFV4_FORMAT_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS((obj), G_TYPE_DWARFV4_FORMAT, GDwarfV4FormatClass)) - - -/* Format de débogage DWARF v4 (instance) */ -typedef struct _GDwarfV4Format GDwarfV4Format; - -/* Format de débogage DWARF v4 (classe) */ -typedef struct _GDwarfV4FormatClass GDwarfV4FormatClass; - - -/* Indique le type défini pour un format de débogage DWARF v4. */ -GType g_dwarfv4_format_get_type(void); - -/* Prend en charge un nouveau format DWARF (v4). */ -GBinFormat *g_dwarfv4_format_new(GBinContent *, GExeFormat *, GtkStatusStack *); - - - -#endif /* _FORMAT_DWARF_V4_DWARF_H */ diff --git a/plugins/dwarf/v4/form.c b/plugins/dwarf/v4/form.c deleted file mode 100644 index 80dbf1e..0000000 --- a/plugins/dwarf/v4/form.c +++ /dev/null @@ -1,106 +0,0 @@ - -/* Chrysalide - Outil d'analyse de fichiers binaires - * form.c - chargement en mémoire des valeurs d'attributs - * - * Copyright (C) 2016-2017 Cyrille Bagard - * - * This file is part of Chrysalide. - * - * Chrysalide is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * Chrysalide is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with Chrysalide. If not, see <http://www.gnu.org/licenses/>. - */ - - -#include "form.h" - - -#include "../dwarf-int.h" -#include "../v2/form.h" - - - -/****************************************************************************** -* * -* Paramètres : format = contenu binaire de débogage à parcourir. * -* cu = unité de compilation parente. * -* form = nature de la valeur à lire. * -* pos = tête de lecture au sein des données. [OUT] * -* value = valeur au format donné lue. [OUT] * -* * -* Description : Lit la valeur correspondant à un type donné. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -bool read_dwarf_v4_form_value(const GDwarfFormat *format, const dw_compil_unit_header *cu, DwarfForm form, vmpa2t *pos, dw_v4_form_value *value) -{ - bool result; /* Bilan de lecture à renvoyer */ - GBinContent *content; /* Contenu binaire à parcourir */ - SourceEndian endian; /* Boutisme des enregistrements*/ - uint32_t tmp32; /* Données sur 32 bits */ - uint64_t tmp64; /* Données sur 64 bits */ - uleb128_t tmpuleb; /* Données sur xxx bits */ - - content = G_BIN_FORMAT(format)->content; - endian = g_binary_format_get_endianness(G_BIN_FORMAT(format)); - - switch (form) - { - case DW_FORM_sec_offset: - - if (cu->is_32b) - { - result = g_binary_content_read_u32(content, pos, endian, &tmp32); - tmp64 = tmp32; - } - else - result = g_binary_content_read_u64(content, pos, endian, &tmp64); - - value->sec_offset = tmp64; - break; - - case DW_FORM_exprloc: - - tmpuleb = 0; /* Pour GCC */ - - result = g_binary_content_read_uleb128(content, pos, &tmpuleb); - if (!result) break; - - value->expr.size = tmpuleb; - - value->expr.start = g_binary_content_get_raw_access(content, pos, value->expr.size); - result = (value->expr.start != NULL); - - break; - - case DW_FORM_flag_present: - result = true; - value->has_flag = true; - break; - - case DW_FORM_ref_sig8: - result = g_binary_content_read_u64(content, pos, endian, &value->signature); - break; - - default: - result = read_dwarf_v2_form_value(format, cu, form, pos, &value->v2); - break; - - } - - return result; - -} |