From 5a70286f7f56cc72a0249fcaf404afabfb033956 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Mon, 19 Nov 2012 21:26:51 +0000 Subject: Handled Dalvik exception handlers in the graphic view. git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@285 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a --- ChangeLog | 84 ++++++++ configure.ac | 4 +- plugins/Makefile.am | 2 +- plugins/androhelpers/Makefile.am | 18 ++ plugins/androhelpers/androhelpers.c | 100 ++++++++++ plugins/androhelpers/androhelpers.h | 43 ++++ plugins/androhelpers/try_n_catch.c | 337 ++++++++++++++++++++++++++++++++ plugins/androhelpers/try_n_catch.h | 37 ++++ plugins/pychrysa/analysis/binary.c | 39 +++- plugins/pychrysa/format/Makefile.am | 9 +- plugins/pychrysa/format/dex/Makefile.am | 18 ++ plugins/pychrysa/format/dex/class.c | 157 +++++++++++++++ plugins/pychrysa/format/dex/class.h | 44 +++++ plugins/pychrysa/format/dex/dex.c | 250 +++++++++++++++++++++++ plugins/pychrysa/format/dex/dex.h | 44 +++++ plugins/pychrysa/format/dex/module.c | 70 +++++++ plugins/pychrysa/format/dex/module.h | 39 ++++ plugins/pychrysa/format/executable.c | 29 +++ plugins/pychrysa/format/executable.h | 6 + plugins/pychrysa/format/format.c | 159 +++++++++++++++ plugins/pychrysa/format/format.h | 44 +++++ plugins/pychrysa/format/module.c | 7 +- src/analysis/disass/links.c | 31 +++ src/analysis/type-int.h | 67 +++++++ src/arch/instruction-int.h | 1 + src/arch/instruction.c | 28 ++- src/arch/instruction.h | 7 +- src/common/leb128.h | 11 ++ src/format/dex/class.c | 59 ++++++ src/format/dex/class.h | 6 + src/format/dex/dex-int.c | 266 +++++++++++++++++++++++++ src/format/dex/dex-int.h | 30 +++ src/format/dex/dex.c | 41 +++- src/format/dex/dex.h | 2 +- src/format/dex/dex_def.h | 47 ++++- src/format/dex/method.c | 46 ++++- src/format/dex/method.h | 6 + src/gtkext/graph/dot.c | 18 +- src/gtkext/graph/layout.c | 35 +--- src/gtkext/gtkgraphview.c | 2 +- src/gtkext/gtklinkrenderer.c | 16 ++ src/gtkext/gtklinkrenderer.h | 1 + src/plugins/plugin.c | 11 +- 43 files changed, 2214 insertions(+), 57 deletions(-) create mode 100644 plugins/androhelpers/Makefile.am create mode 100644 plugins/androhelpers/androhelpers.c create mode 100644 plugins/androhelpers/androhelpers.h create mode 100644 plugins/androhelpers/try_n_catch.c create mode 100644 plugins/androhelpers/try_n_catch.h create mode 100644 plugins/pychrysa/format/dex/Makefile.am create mode 100644 plugins/pychrysa/format/dex/class.c create mode 100644 plugins/pychrysa/format/dex/class.h create mode 100644 plugins/pychrysa/format/dex/dex.c create mode 100644 plugins/pychrysa/format/dex/dex.h create mode 100644 plugins/pychrysa/format/dex/module.c create mode 100644 plugins/pychrysa/format/dex/module.h create mode 100644 plugins/pychrysa/format/format.c create mode 100644 plugins/pychrysa/format/format.h create mode 100644 src/analysis/type-int.h diff --git a/ChangeLog b/ChangeLog index 3153a68..159f811 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,87 @@ +12-11-19 Cyrille Bagard + + * configure.ac: + Add the new Makfiles from the 'plugins/androhelpers' and + 'plugins/pychrysa/format/dex' directories to AC_CONFIG_FILES. + Remove the old 'plugins/dexresolver' one. + + * plugins/androhelpers/androhelpers.c: + * plugins/androhelpers/androhelpers.h: + * plugins/androhelpers/Makefile.am: + * plugins/androhelpers/try_n_catch.c: + * plugins/androhelpers/try_n_catch.h: + New entries: handle Dalvik exception handlers in the graphic view. + + * plugins/Makefile.am: + Add androhelpers to SUBDIRS. + + * plugins/pychrysa/analysis/binary.c: + Improve a little bit the Python interface. + + * plugins/pychrysa/format/dex/class.c: + * plugins/pychrysa/format/dex/class.h: + * plugins/pychrysa/format/dex/dex.c: + * plugins/pychrysa/format/dex/dex.h: + * plugins/pychrysa/format/dex/Makefile.am: + * plugins/pychrysa/format/dex/module.c: + * plugins/pychrysa/format/dex/module.h: + New entries: define the Dex format for Python. + + * plugins/pychrysa/format/executable.c: + * plugins/pychrysa/format/executable.h: + Improve a little bit the Python interface. + + * plugins/pychrysa/format/format.c: + * plugins/pychrysa/format/format.h: + New entries: define formats for Python. + + * plugins/pychrysa/format/Makefile.am: + * plugins/pychrysa/format/module.c: + Improve a little bit the Python interface. + + * src/analysis/disass/links.c: + Create all links between instructions here. + + * src/analysis/type-int.h: + New entry: add a missing file. + + * src/arch/instruction.c: + * src/arch/instruction.h: + * src/arch/instruction-int.h: + Provide the previous instruction when asked. Extend links between + instructions (with something to fix ?). + + * src/common/leb128.h: + Improve leb128 support. + + * src/format/dex/class.c: + * src/format/dex/class.h: + * src/format/dex/dex.c: + * src/format/dex/dex_def.h: + * src/format/dex/dex.h: + * src/format/dex/dex-int.c: + * src/format/dex/dex-int.h: + * src/format/dex/method.c: + * src/format/dex/method.h: + Load more Dex/Dalvik structures and provides access to them. + + * src/gtkext/graph/dot.c: + Handle more kinds of links. Compare colors using strcmp(). + + * src/gtkext/graph/layout.c: + Handle more kinds of links. Do not create virtual links for the expected + excution flow anymore. + + * src/gtkext/gtkgraphview.c: + Fix a bug in case of return instruction. + + * src/gtkext/gtklinkrenderer.c: + * src/gtkext/gtklinkrenderer.h: + Handle more kinds of links. + + * src/plugins/plugin.c: + Update code. + 12-11-13 Cyrille Bagard * src/arch/dalvik/instruction.c: diff --git a/configure.ac b/configure.ac index 5ccb4af..89c11a1 100644 --- a/configure.ac +++ b/configure.ac @@ -234,13 +234,14 @@ AC_CONFIG_COMMANDS([marshal], [echo -e "VOID:UINT64,UINT64\nVOID:INT,UINT64,INT\ AC_CONFIG_FILES([Makefile pixmaps/Makefile plugins/Makefile - plugins/dexresolver/Makefile + plugins/androhelpers/Makefile plugins/govm/Makefile plugins/pychrysa/Makefile plugins/pychrysa/analysis/Makefile plugins/pychrysa/arch/Makefile plugins/pychrysa/debug/Makefile plugins/pychrysa/format/Makefile + plugins/pychrysa/format/dex/Makefile plugins/pychrysa/glibext/Makefile plugins/pychrysa/gui/Makefile plugins/pychrysa/gui/panels/Makefile @@ -249,7 +250,6 @@ AC_CONFIG_FILES([Makefile plugins/python/apkfiles/Makefile plugins/python/exectracer/Makefile plugins/stackvars/Makefile - plugins/theseus/Makefile src/Makefile src/analysis/Makefile src/analysis/binaries/Makefile diff --git a/plugins/Makefile.am b/plugins/Makefile.am index b789239..4a6a852 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -1,2 +1,2 @@ -SUBDIRS = pychrysa python stackvars +SUBDIRS = androhelpers pychrysa python stackvars diff --git a/plugins/androhelpers/Makefile.am b/plugins/androhelpers/Makefile.am new file mode 100644 index 0000000..3562206 --- /dev/null +++ b/plugins/androhelpers/Makefile.am @@ -0,0 +1,18 @@ + +lib_LTLIBRARIES = libandrohelpers.la + +libandrohelpers_la_SOURCES = \ + androhelpers.h androhelpers.c \ + try_n_catch.h try_n_catch.c + +libandrohelpers_la_LDFLAGS = -L../../src/.libs -L../../src/gui/.libs -lchrysagui \ + -lchrysadisass -lchrysagtkext \ + -L../../src/plugins/.libs -lplugins + + +INCLUDES = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I../../src + +AM_CPPFLAGS = + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/androhelpers/androhelpers.c b/plugins/androhelpers/androhelpers.c new file mode 100644 index 0000000..a644868 --- /dev/null +++ b/plugins/androhelpers/androhelpers.c @@ -0,0 +1,100 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * androhelpers.c - greffon d'appoint pour les traitements Android + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "androhelpers.h" + + +#include + + +#include "try_n_catch.h" + + + +/****************************************************************************** +* * +* Paramètres : - * +* * +* Description : Précise le nom associé au greffon. * +* * +* Retour : Nom à libérer de la mémoire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +char *get_plugin_name(void) +{ + return strdup("AndroHelpers"); + +} + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à consulter. * +* * +* Description : Indique les opérations offertes par un greffon donné. * +* * +* Retour : Action(s) offerte(s) par le greffon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PluginAction get_plugin_action(const GPluginModule *plugin) +{ + PluginAction result; /* Combinaison à retourner */ + + result = PGA_DISASS_PROCESS; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon de prise en charge à utiliser. * +* binary = représentation binaire à traiter. * +* action = action attendue. * +* * +* Description : Exécute une action définie sur un binaire chargé. * +* * +* Retour : true si une action a été menée, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool execute_action_on_binary(GPluginModule *plugin, GLoadedBinary *binary, PluginAction action) +{ + bool result; /* Bilan à retourner */ + + result = true; + + result &= process_exception_handlers(binary); + + return result; + +} diff --git a/plugins/androhelpers/androhelpers.h b/plugins/androhelpers/androhelpers.h new file mode 100644 index 0000000..b1a5084 --- /dev/null +++ b/plugins/androhelpers/androhelpers.h @@ -0,0 +1,43 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * androhelpers.h - prototypes pour le greffon d'appoint pour les traitements Android + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_ANDROHELPERS_H +#define _PLUGINS_ANDROHELPERS_H + + +#include + + + +/* Précise le nom associé au greffon. */ +char *get_plugin_name(void); + +/* Indique les opérations offertes par un greffon donné. */ +PluginAction get_plugin_action(const GPluginModule *); + +/* Exécute une action définie sur un binaire chargé. */ +bool execute_action_on_binary(GPluginModule *, GLoadedBinary *, PluginAction); + + + +#endif /* _PLUGINS_ANDROHELPERS_H */ diff --git a/plugins/androhelpers/try_n_catch.c b/plugins/androhelpers/try_n_catch.c new file mode 100644 index 0000000..e7a3c0a --- /dev/null +++ b/plugins/androhelpers/try_n_catch.c @@ -0,0 +1,337 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * try_n_catch.c - support des exceptions chez Android + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "try_n_catch.h" + + +#include + + +#include +#include +#include <../i18n.h> + + + +/* Mémorisation d'un lien vers un gestionnaire */ +typedef struct _caught_exception +{ + GArchInstruction *instr; /* Première instruction visée */ + char *desc; /* Nom de l'exception */ + +} caught_exception; + + + +/* Valide la zone couverte par le gestionnaire d'exceptions. */ +static bool check_covered_area(const try_item *, const GBinRoutine *); + +/* Construit une liste pointant sur les différentes gestions. */ +static caught_exception *build_destinations_list(GLoadedBinary *, const try_item *, const encoded_catch_handler_list *, const GBinRoutine *, size_t *); + +/* Rattache les gestionnaires d'exception à leur code couvert. */ +static void attach_caught_code(GLoadedBinary *, const try_item *, const encoded_catch_handler_list *, const GBinRoutine *); + +/* Recherche et met en avant tous les gestionnaires d'exception. */ +static void look_for_exception_handlers(GLoadedBinary *, const GDexFormat *, GDexMethod *); + + + +/****************************************************************************** +* * +* Paramètres : try = informations sur la gestion à consulter. * +* routine = routine associée, pour validation. * +* * +* Description : Valide la zone couverte par le gestionnaire d'exceptions. * +* * +* Retour : Validité de la zone couverte. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool check_covered_area(const try_item *try, const GBinRoutine *routine) +{ + off_t length; /* Taille de la zone de code */ + vmpa_t covered_start; /* Début de la zone couverte */ + vmpa_t covered_end; /* Fin de la zone couverte */ + + length = g_binary_routine_get_size(routine); + + covered_start = try->start_addr * sizeof(uint16_t); + covered_end = covered_start + try->insn_count * sizeof(uint16_t); + + return (covered_end <= length); + +} + + +/****************************************************************************** +* * +* Paramètres : binary = représentation binaire à traiter. * +* try = informations sur la gestion à consulter. * +* hlist = liste de tous les gestionnaires en place. * +* routine = routine associée, pour l'accès au instructions. * +* count = quantité de destinations trouvées. [OUT] * +* * +* Description : Construit une liste pointant sur les différentes gestions. * +* * +* Retour : Adresse des codes à lier systématiquement. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static caught_exception *build_destinations_list(GLoadedBinary *binary, const try_item *try, const encoded_catch_handler_list *hlist, const GBinRoutine *routine, size_t *count) +{ + caught_exception *result; /* Liste à retourner */ + GDexFormat *format; /* Format du binaire chargé */ + vmpa_t start; /* Début du code de la routine */ + GArchInstruction *instrs; /* Instructions Dalvik */ + uleb128_t index; /* Indice du bon gestionnaire */ + encoded_catch_handler *handlers; /* Groupe de gestionnaires */ + leb128_t max; /* Quantité d'exception */ + leb128_t i; /* Boucle de parcours */ + vmpa_t handler_addr; /* Adresse du code de gestion */ + GDataType *type; /* Type de l'exception */ + + format = G_DEX_FORMAT(g_loaded_binary_get_format(binary)); + + start = g_binary_routine_get_address(routine); + + instrs = g_loaded_binary_get_instructions(binary); + instrs = g_arch_instruction_find_by_address(instrs, start, true); + + for (index = 0; index < hlist->size; index++) + if (try->handler_off == hlist->list[index].offset) + break; + + if (index == hlist->size) + { + *count = 0; + return NULL; + } + + handlers = &hlist->list[index]; + max = leb128_abs(handlers->size); + + *count = max + (handlers->size < 0 ? 1 : 0); + result = (caught_exception *)calloc(*count, sizeof(caught_exception)); + + *count = 0; + + for (i = 0; i < max; i++) + { + handler_addr = start + handlers->handlers[i].addr * sizeof(uint16_t); + result[*count].instr = g_arch_instruction_find_by_address(instrs, handler_addr, true); + + if (result[*count].instr == NULL) + continue; + + type = get_type_from_dex_pool(format, handlers->handlers[i].type_idx); + result[*count].desc = g_data_type_to_string(type); + + (*count)++; + + } + + if (handlers->size < 0) + { + handler_addr = start + handlers->catch_all_addr * sizeof(uint16_t); + result[*count].instr = g_arch_instruction_find_by_address(instrs, handler_addr, true); + + if (result[*count].instr != NULL) + { + result[*count].desc = strdup(_("default")); + (*count)++; + } + + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : binary = représentation binaire à traiter. * +* try = informations sur la gestion à consulter. * +* handlers = liste de tous les gestionnaires en place. * +* routine = routine associée, pour l'accès au instructions. * +* * +* Description : Rattache les gestionnaires d'exception à leur code couvert. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void attach_caught_code(GLoadedBinary *binary, const try_item *try, const encoded_catch_handler_list *handlers, const GBinRoutine *routine) +{ + vmpa_t start; /* Début de la zone couverte */ + vmpa_t end; /* Début de la zone couverte */ + GArchInstruction *instrs; /* Instructions Dalvik */ + GArchInstruction *first; /* Première instruction */ + GArchInstruction *prev; /* Instruction à détacher */ + GArchInstruction *iter; /* Boucle de parcours */ + size_t dests_count; /* Nombre de points d'arrivée */ + caught_exception *dests; /* Points d'arrivée */ + size_t i; /* Boucle de parcours */ + + start = g_binary_routine_get_address(routine); + start += try->start_addr * sizeof(uint16_t); + + end = start + try->insn_count * sizeof(uint16_t); + + instrs = g_loaded_binary_get_instructions(binary); + first = g_arch_instruction_find_by_address(instrs, start, true); + + /* Si un détachement est nécessaire... */ + if (!g_arch_instruction_has_sources(first)) + { + prev = g_arch_instruction_get_prev_iter(instrs, first); + g_arch_instruction_link_with(prev, first, ILT_JUMP); + } + + /* Détermination du code des exceptions */ + dests = build_destinations_list(binary, try, handlers, routine, &dests_count); + + if (dests != NULL) + { + /* Rattachements */ + for (iter = first; + iter != NULL; + iter = g_arch_instruction_get_next_iter(instrs, iter, end)) + { + if (!g_arch_instruction_has_destinations(iter)) + continue; + + for (i = 0; i < dests_count; i++) + g_arch_instruction_link_with(iter, dests[i].instr, ILT_CATCH_EXCEPTION); + + } + + /* Libération de la mémoire utilisée */ + + for (i = 0; i < dests_count; i++) + free(dests[i].desc); + + free(dests); + + } + +} + + +/****************************************************************************** +* * +* Paramètres : binary = représentation binaire à traiter. * +* format = format du binaire Dex. * +* method = méthode à analyser. * +* * +* Description : Recherche et met en avant tous les gestionnaires d'exception.* +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +static void look_for_exception_handlers(GLoadedBinary *binary, const GDexFormat *format, GDexMethod *method) +{ + const code_item *body; /* Description du corps */ + GBinRoutine *routine; /* Abstraction globale */ + uint16_t i; /* Boucle de parcours */ + + body = g_dex_method_get_dex_body(method); + + if (body->tries_size == 0) + return; + + routine = g_dex_method_get_routine(method); + + for (i = 0; i < body->tries_size; i++) + { + if (!check_covered_area(&body->tries[i], routine)) + continue; + + attach_caught_code(binary, &body->tries[i], body->handlers, routine); + + } + +} + + +/****************************************************************************** +* * +* Paramètres : binary = représentation binaire à traiter. * +* * +* Description : Traite tous les gestionnaires d'exception trouvés. * +* * +* Retour : true si une action a été menée, false sinon. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool process_exception_handlers(GLoadedBinary *binary) +{ + GDexFormat *format; /* Format du binaire chargé */ + size_t cls_count; /* Nombre de classes trouvées */ + size_t i; /* Boucle de parcours #1 */ + GDexClass *class; /* Classe à analyser */ + size_t meth_count; /* Nombre de méthodes trouvées */ + size_t j; /* Boucle de parcours #2 */ + GDexMethod *method; /* Méthode à parcourir */ + + if (!G_IS_DEX_FORMAT(g_loaded_binary_get_format(binary))) + return false; + + format = G_DEX_FORMAT(g_loaded_binary_get_format(binary)); + + cls_count = g_dex_format_count_classes(format); + for (i = 0; i < cls_count; i++) + { + class = g_dex_format_get_class(format, i); + + meth_count = g_dex_class_count_methods(class, false); + for (j = 0; j < meth_count; j++) + { + method = g_dex_class_get_method(class, false, j); + look_for_exception_handlers(binary, format, method); + } + + meth_count = g_dex_class_count_methods(class, true); + for (j = 0; j < meth_count; j++) + { + method = g_dex_class_get_method(class, true, j); + look_for_exception_handlers(binary, format, method); + } + + } + + return true; + +} diff --git a/plugins/androhelpers/try_n_catch.h b/plugins/androhelpers/try_n_catch.h new file mode 100644 index 0000000..5ac4ad5 --- /dev/null +++ b/plugins/androhelpers/try_n_catch.h @@ -0,0 +1,37 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * try_n_catch.h - prototypes pour le support des exceptions chez Android + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_TRY_N_CATCH_H +#define _PLUGINS_TRY_N_CATCH_H + + +#include + + + +/* Traite tous les gestionnaires d'exception trouvés. */ +bool process_exception_handlers(GLoadedBinary *); + + + +#endif /* _PLUGINS_TRY_N_CATCH_H */ diff --git a/plugins/pychrysa/analysis/binary.c b/plugins/pychrysa/analysis/binary.c index 93db685..e8158a2 100644 --- a/plugins/pychrysa/analysis/binary.c +++ b/plugins/pychrysa/analysis/binary.c @@ -33,6 +33,7 @@ #include "../quirks.h" #include "../arch/instruction.h" +#include "../format/executable.h" #include "../glibext/codebuffer.h" @@ -43,6 +44,9 @@ static PyObject *py_loaded_binary_new(PyTypeObject *, PyObject *, PyObject *); /* Fournit le fichier correspondant à l'élément binaire. */ static PyObject *py_loaded_binary_get_filename(PyObject *self, PyObject *args); +/* Fournit le format de fichier reconnu dans le contenu binaire. */ +static PyObject *py_loaded_binary_get_format(PyObject *, PyObject *); + /* Fournit les instructions issues du désassemblage. */ static PyObject *py_loaded_binary_get_instructions(PyObject *, PyObject *); @@ -151,6 +155,35 @@ static PyObject *py_loaded_binary_get_filename(PyObject *self, PyObject *args) * Paramètres : self = classe représentant un binaire. * * args = arguments fournis à l'appel. * * * +* Description : Fournit le format de fichier reconnu dans le contenu binaire.* +* * +* Retour : Nom de fichier avec chemin absolu. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_loaded_binary_get_format(PyObject *self, PyObject *args) +{ + PyObject *result; /* Trouvailles à retourner */ + GLoadedBinary *binary; /* Version native */ + GExeFormat *format; /* Format du binaire physique */ + + binary = G_LOADED_BINARY(pygobject_get(self)); + format = g_loaded_binary_get_format(binary); + + result = py_executable_format_from_c(format); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = classe représentant un binaire. * +* args = arguments fournis à l'appel. * +* * * Description : Fournit les instructions issues du désassemblage. * * * * Retour : Instructions issues du désassemblage. * @@ -239,11 +272,15 @@ bool register_python_loaded_binary(PyObject *module) "Provide the filename of the loaded binary." }, { + "get_format", (PyCFunction)py_loaded_binary_get_format, + METH_NOARGS, + "Provide the file format recognized in the binary content." + }, + { "get_instructions", (PyCFunction)py_loaded_binary_get_instructions, METH_NOARGS, "Give access to all disassembled instructions." }, - { NULL } }; diff --git a/plugins/pychrysa/format/Makefile.am b/plugins/pychrysa/format/Makefile.am index a890385..9a48749 100644 --- a/plugins/pychrysa/format/Makefile.am +++ b/plugins/pychrysa/format/Makefile.am @@ -3,14 +3,21 @@ noinst_LTLIBRARIES = libpychrysaformat.la libpychrysaformat_la_SOURCES = \ executable.h executable.c \ + format.h format.c \ module.h module.c +libpychrysaformat_la_LIBADD = \ + dex/libpychrysaformatdex.la + libpychrysaformat_la_LDFLAGS = -INCLUDES = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) -I../../../src +INCLUDES = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I../../../src AM_CPPFLAGS = AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) + +SUBDIRS = dex diff --git a/plugins/pychrysa/format/dex/Makefile.am b/plugins/pychrysa/format/dex/Makefile.am new file mode 100644 index 0000000..79b5322 --- /dev/null +++ b/plugins/pychrysa/format/dex/Makefile.am @@ -0,0 +1,18 @@ + +noinst_LTLIBRARIES = libpychrysaformatdex.la + +libpychrysaformatdex_la_SOURCES = \ + class.h class.c \ + dex.h dex.c \ + module.h module.c + + +libpychrysaformatdex_la_LDFLAGS = + + +INCLUDES = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) $(LIBPYTHON_CFLAGS) $(LIBPYGOBJECT_CFLAGS) \ + -I../../../../src + +AM_CPPFLAGS = + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/pychrysa/format/dex/class.c b/plugins/pychrysa/format/dex/class.c new file mode 100644 index 0000000..97c1968 --- /dev/null +++ b/plugins/pychrysa/format/dex/class.c @@ -0,0 +1,157 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * class.c - équivalent Python du fichier "format/dex/class.c" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "class.h" + + +#include + + +#include "../../quirks.h" + + + +/* Crée un nouvel objet Python de type 'DexClass'. */ +static PyObject *py_dex_class_new(PyTypeObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : type = type de l'objet à instancier. * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Crée un nouvel objet Python de type 'DexClass'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_dex_class_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +{ + return Py_None; + +} + + +/****************************************************************************** +* * +* Paramètres : item = instance existante GLib. * +* * +* Description : Crée un nouvel objet Python de type 'DexClass'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *py_dex_class_from_c(GDexClass *class) +{ + PyObject *module; /* Module d'appartenance */ + PyTypeObject *type; /* Type Python correspondant */ + + module = PyImport_ImportModule("pychrysalide.format.dex"); + type = (PyTypeObject *)PyObject_GetAttrString(module, "DexClass"); + Py_DECREF(module); + + pychrysalide_set_instance_data(G_OBJECT(class), type); + + return pygobject_new(G_OBJECT(class)); + +} + + + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : module = module dont la définition est à compléter. * +* * +* Description : Prend en charge l'objet 'pychrysalide.format.dex.DexClass'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_python_dex_class(PyObject *module) +{ + PyObject *pygobj_mod; /* Module Python-GObject */ + int ret; /* Bilan d'un appel */ + + static PyMethodDef py_dex_class_methods[] = { + { NULL } + }; + + static PyGetSetDef py_dex_class_getseters[] = { + { NULL } + }; + + static PyTypeObject py_dex_class_type = { + + PyObject_HEAD_INIT(NULL) + + .tp_name = "pychrysalide.format.dex.DexClass", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = "PyChrysalide Dex class", + + .tp_methods = py_dex_class_methods, + .tp_getset = py_dex_class_getseters, + .tp_new = (newfunc)py_dex_class_new + + }; + + pygobj_mod = PyImport_ImportModule("gobject"); + if (pygobj_mod == NULL) return false; + + py_dex_class_type.tp_base = (PyTypeObject *)PyObject_GetAttrString(pygobj_mod, "GObject"); + Py_DECREF(pygobj_mod); + + if (PyType_Ready(&py_dex_class_type) < 0) + return false; + + Py_INCREF(&py_dex_class_type); + ret = PyModule_AddObject(module, "DexClass", (PyObject *)&py_dex_class_type); + + return (ret == 0); + +} diff --git a/plugins/pychrysa/format/dex/class.h b/plugins/pychrysa/format/dex/class.h new file mode 100644 index 0000000..addf7ca --- /dev/null +++ b/plugins/pychrysa/format/dex/class.h @@ -0,0 +1,44 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * class.h - prototypes pour l'équivalent Python du fichier "format/dex/class.h" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H +#define _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H + + +#include +#include + +#include + + + +/* Crée un nouvel objet Python de type 'DexClass'. */ +PyObject *py_dex_class_from_c(GDexClass *); + +/* Prend en charge l'objet 'pychrysalide.format.dex.DexClass'. */ +bool register_python_dex_class(PyObject *module); + + + +#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_CLASS_H */ diff --git a/plugins/pychrysa/format/dex/dex.c b/plugins/pychrysa/format/dex/dex.c new file mode 100644 index 0000000..2df8d1b --- /dev/null +++ b/plugins/pychrysa/format/dex/dex.c @@ -0,0 +1,250 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dex.c - équivalent Python du fichier "format/dex/dex.c" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "dex.h" + + +#include + +#include + + +#include "class.h" +#include "../../quirks.h" + + + +/* Crée un nouvel objet Python de type 'DexFormat'. */ +static PyObject *py_dex_format_new(PyTypeObject *, PyObject *, PyObject *); + +/* Dénombre le nombre de classes trouvées. */ +static PyObject *py_dex_format_count_classes(PyObject *, PyObject *); + +/* Fournit une classe du format chargée en mémoire. */ +static PyObject *py_dex_format_get_class(PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : type = type de l'objet à instancier. * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Crée un nouvel objet Python de type 'DexFormat'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_dex_format_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +{ + PyObject *result; /* Instance à retourner */ + const bin_t *content; /* Données binaires */ + int length; /* Quantité de ces données */ + int ret; /* Bilan de lecture des args. */ + GBinFormat *format; /* Version GLib du format */ + + ret = PyArg_ParseTuple(args, "s#", &content, &length); + if (!ret) return Py_None; + + format = g_dex_format_new(content, length); + if (format == NULL) return Py_None; + + result = py_dex_format_from_c(G_DEX_FORMAT(format)); + g_object_unref(format); + + return (PyObject *)result; + +} + + +/****************************************************************************** +* * +* Paramètres : item = instance existante GLib. * +* * +* Description : Crée un nouvel objet Python de type 'DexFormat'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *py_dex_format_from_c(GDexFormat *format) +{ + PyObject *module; /* Module d'appartenance */ + PyTypeObject *type; /* Type Python correspondant */ + + module = PyImport_ImportModule("pychrysalide.format.dex"); + type = (PyTypeObject *)PyObject_GetAttrString(module, "DexFormat"); + Py_DECREF(module); + + pychrysalide_set_instance_data(G_OBJECT(format), type); + + return pygobject_new(G_OBJECT(format)); + +} + + +/****************************************************************************** +* * +* Paramètres : self = classe représentant un binaire. * +* args = arguments fournis à l'appel. * +* * +* Description : Dénombre le nombre de classes trouvées. * +* * +* Retour : Quantité de classes présentes. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_dex_format_count_classes(PyObject *self, PyObject *args) +{ + PyObject *result; /* Trouvailles à retourner */ + GDexFormat *format; /* Version native */ + size_t count; /* Quantité à retourner */ + + format = G_DEX_FORMAT(pygobject_get(self)); + + count = g_dex_format_count_classes(format); + + result = PyLong_FromLong(count); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : self = classe représentant un binaire. * +* args = arguments fournis à l'appel. * +* * +* Description : Fournit une classe du format chargée en mémoire. * +* * +* Retour : Instance représentant une classe chargée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_dex_format_get_class(PyObject *self, PyObject *args) +{ + PyObject *result; /* Trouvailles à retourner */ + int ret; /* Bilan de lecture des args. */ + int index; /* Indice de la classe */ + GDexFormat *format; /* Version native */ + GDexClass *class; /* Classe à communiquer */ + + ret = PyArg_ParseTuple(args, "i", &index); + if (!ret) return Py_None; + + format = G_DEX_FORMAT(pygobject_get(self)); + + class = g_dex_format_get_class(format, index); + if (class == NULL) return Py_None; + + result = py_dex_class_from_c(class); + + return result; + +} + + + + + + + +/****************************************************************************** +* * +* Paramètres : module = module dont la définition est à compléter. * +* * +* Description : Prend en charge l'objet 'pychrysalide.format.dex.DexFormat'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_python_dex_format(PyObject *module) +{ + PyObject *pygobj_mod; /* Module Python-GObject */ + int ret; /* Bilan d'un appel */ + + static PyMethodDef py_dex_format_methods[] = { + { + "count_classes", (PyCFunction)py_dex_format_count_classes, + METH_NOARGS, + "Count the quantity of loaded Dex classes." + }, + { + "get_class", (PyCFunction)py_dex_format_get_class, + METH_VARARGS, + "Provide a given loaded Dex class." + }, + { NULL } + }; + + static PyGetSetDef py_dex_format_getseters[] = { + { NULL } + }; + + static PyTypeObject py_dex_format_type = { + + PyObject_HEAD_INIT(NULL) + + .tp_name = "pychrysalide.format.dex.DexFormat", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = "PyChrysalide Dex format", + + .tp_methods = py_dex_format_methods, + .tp_getset = py_dex_format_getseters, + .tp_new = (newfunc)py_dex_format_new + + }; + + pygobj_mod = PyImport_ImportModule("gobject"); + if (pygobj_mod == NULL) return false; + + py_dex_format_type.tp_base = (PyTypeObject *)PyObject_GetAttrString(pygobj_mod, "GObject"); + Py_DECREF(pygobj_mod); + + if (PyType_Ready(&py_dex_format_type) < 0) + return false; + + Py_INCREF(&py_dex_format_type); + ret = PyModule_AddObject(module, "DexFormat", (PyObject *)&py_dex_format_type); + + return (ret == 0); + +} diff --git a/plugins/pychrysa/format/dex/dex.h b/plugins/pychrysa/format/dex/dex.h new file mode 100644 index 0000000..65eec0d --- /dev/null +++ b/plugins/pychrysa/format/dex/dex.h @@ -0,0 +1,44 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * dex.h - prototypes pour l'équivalent Python du fichier "format/dex/dex.h" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H +#define _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H + + +#include +#include + +#include + + + +/* Crée un nouvel objet Python de type 'DexFormat'. */ +PyObject *py_dex_format_from_c(GDexFormat *); + +/* Prend en charge l'objet 'pychrysalide.format.dex.DexFormat'. */ +bool register_python_dex_format(PyObject *module); + + + +#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_DEX_H */ diff --git a/plugins/pychrysa/format/dex/module.c b/plugins/pychrysa/format/dex/module.c new file mode 100644 index 0000000..cea0702 --- /dev/null +++ b/plugins/pychrysa/format/dex/module.c @@ -0,0 +1,70 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * module.c - intégration du répertoire dex en tant que module + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "module.h" + + +#include "class.h" +#include "dex.h" + + + +/****************************************************************************** +* * +* Paramètres : module = module dont la définition est à compléter. * +* * +* Description : Ajoute le module 'format.dex' au module Python. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool add_format_dex_module_to_python_module(PyObject *super) +{ + bool result; + PyObject *module; + int ret; /* Bilan d'un appel */ + + static PyMethodDef py_format_dex_methods[] = { + { NULL } + }; + + module = Py_InitModule("pychrysalide.format.dex", py_format_dex_methods); + if (module == NULL) return false; + + Py_INCREF(module); + ret = PyModule_AddObject(super, "pychrysalide.format.dex", module); + + result = (ret != 0); + + if (ret != 0) /* ... */; + + result &= register_python_dex_class(module); + result &= register_python_dex_format(module); + + return true; + +} diff --git a/plugins/pychrysa/format/dex/module.h b/plugins/pychrysa/format/dex/module.h new file mode 100644 index 0000000..de79edb --- /dev/null +++ b/plugins/pychrysa/format/dex/module.h @@ -0,0 +1,39 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * module.h - prototypes pour l'intégration du répertoire dex en tant que module + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H +#define _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H + + +#include +#include + + + +/* Ajoute le module 'format.dex' au module Python. */ +bool add_format_dex_module_to_python_module(PyObject *); + + + +#endif /* _PLUGINS_PYCHRYSA_FORMAT_DEX_MODULE_H */ diff --git a/plugins/pychrysa/format/executable.c b/plugins/pychrysa/format/executable.c index 2f10f71..7cdc855 100644 --- a/plugins/pychrysa/format/executable.c +++ b/plugins/pychrysa/format/executable.c @@ -25,6 +25,35 @@ #include "executable.h" +#include "format.h" + + + + + + + + +/****************************************************************************** +* * +* Paramètres : format = instance existante GLib. * +* * +* Description : Crée un nouvel objet Python de type 'ExeFormat'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *py_executable_format_from_c(GExeFormat *format) +{ + return py_binary_format_from_c(G_BIN_FORMAT(format)); + +} + + + diff --git a/plugins/pychrysa/format/executable.h b/plugins/pychrysa/format/executable.h index 577d1f9..4109784 100644 --- a/plugins/pychrysa/format/executable.h +++ b/plugins/pychrysa/format/executable.h @@ -33,6 +33,12 @@ +/* Crée un nouvel objet Python de type 'ExeFormat'. */ +PyObject *py_executable_format_from_c(GExeFormat *); + + + + /* Convertit une instance GLib en objet Python 'py_executable'. */ PyObject *py_executable_convert(GExeFormat *); diff --git a/plugins/pychrysa/format/format.c b/plugins/pychrysa/format/format.c new file mode 100644 index 0000000..ea556ba --- /dev/null +++ b/plugins/pychrysa/format/format.c @@ -0,0 +1,159 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * format.c - équivalent Python du fichier "format/format.c" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include "format.h" + + +#include + + +#include "dex/dex.h" +#include "../quirks.h" + + + +/* Crée un nouvel objet Python de type 'BinFormat'. */ +static PyObject *py_binary_format_new(PyTypeObject *, PyObject *, PyObject *); + + + +/****************************************************************************** +* * +* Paramètres : type = type de l'objet à instancier. * +* args = arguments fournis à l'appel. * +* kwds = arguments de type key=val fournis. * +* * +* Description : Crée un nouvel objet Python de type 'BinFormat'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static PyObject *py_binary_format_new(PyTypeObject *type, PyObject *args, PyObject *kwds) +{ + return Py_None; + +} + + +/****************************************************************************** +* * +* Paramètres : format = instance existante GLib. * +* * +* Description : Crée un nouvel objet Python de type 'BinFormat'. * +* * +* Retour : Instance Python mise en place. * +* * +* Remarques : - * +* * +******************************************************************************/ + +PyObject *py_binary_format_from_c(GBinFormat *format) +{ + PyObject *result; /* Conversion à retourner */ + GType type; /* Type réel du format */ + + type = G_OBJECT_TYPE(G_OBJECT(format)); + + if (type == G_TYPE_DEX_FORMAT) + result = py_dex_format_from_c(G_DEX_FORMAT(format)); + else + result = Py_None; + + return result; + +} + + + + + + + + + + + + + + +/****************************************************************************** +* * +* Paramètres : module = module dont la définition est à compléter. * +* * +* Description : Prend en charge l'objet 'pychrysalide.gui.panels.BinFormat'. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool register_python_binary_format(PyObject *module) +{ + PyObject *pygobj_mod; /* Module Python-GObject */ + int ret; /* Bilan d'un appel */ + + static PyMethodDef py_binary_format_methods[] = { + { NULL } + }; + + static PyGetSetDef py_binary_format_getseters[] = { + { NULL } + }; + + static PyTypeObject py_binary_format_type = { + + PyObject_HEAD_INIT(NULL) + + .tp_name = "pychrysalide.format.BinFormat", + .tp_basicsize = sizeof(PyGObject), + + .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, + + .tp_doc = "PyChrysalide binary format", + + .tp_methods = py_binary_format_methods, + .tp_getset = py_binary_format_getseters, + .tp_new = (newfunc)py_binary_format_new + + }; + + pygobj_mod = PyImport_ImportModule("gobject"); + if (pygobj_mod == NULL) return false; + + py_binary_format_type.tp_base = (PyTypeObject *)PyObject_GetAttrString(pygobj_mod, "GObject"); + Py_DECREF(pygobj_mod); + + if (PyType_Ready(&py_binary_format_type) < 0) + return false; + + Py_INCREF(&py_binary_format_type); + ret = PyModule_AddObject(module, "BinFormat", (PyObject *)&py_binary_format_type); + + return (ret == 0); + +} diff --git a/plugins/pychrysa/format/format.h b/plugins/pychrysa/format/format.h new file mode 100644 index 0000000..8f38408 --- /dev/null +++ b/plugins/pychrysa/format/format.h @@ -0,0 +1,44 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * format.h - prototypes pour l'équivalent Python du fichier "format/format.h" + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#ifndef _PLUGINS_PYCHRYSA_FORMAT_FORMAT_H +#define _PLUGINS_PYCHRYSA_FORMAT_FORMAT_H + + +#include +#include + +#include + + + +/* Crée un nouvel objet Python de type 'BinFormat'. */ +PyObject *py_binary_format_from_c(GBinFormat *); + +/* Prend en charge l'objet 'pychrysalide.format.BinFormat'. */ +bool register_python_binary_format(PyObject *module); + + + +#endif /* _PLUGINS_PYCHRYSA_FORMAT_FORMAT_H */ diff --git a/plugins/pychrysa/format/module.c b/plugins/pychrysa/format/module.c index 1f15d50..d3e863f 100644 --- a/plugins/pychrysa/format/module.c +++ b/plugins/pychrysa/format/module.c @@ -26,6 +26,7 @@ #include "executable.h" +#include "dex/module.h" @@ -53,16 +54,18 @@ bool add_format_module_to_python_module(PyObject *super) { NULL } }; - module = Py_InitModule("pyoida.format", py_format_methods); + module = Py_InitModule("pychrysalide.format", py_format_methods); if (module == NULL) return false; Py_INCREF(module); - ret = PyModule_AddObject(super, "pyoida.format", module); + ret = PyModule_AddObject(super, "pychrysalide.format", module); result = (ret != 0); result &= add_format_executable_to_python_module(module); + result &= add_format_dex_module_to_python_module(module); + return result; } diff --git a/src/analysis/disass/links.c b/src/analysis/disass/links.c index 4d799fc..7cc3c27 100644 --- a/src/analysis/disass/links.c +++ b/src/analysis/disass/links.c @@ -50,12 +50,14 @@ void establish_links_between_lines(GArchInstruction *list, GBinRoutine **routine vmpa_t addr; /* Adresse référencée */ InstructionLinkType type; /* Type de référence */ GArchInstruction *target; /* Ligne visée par la référence*/ + GArchInstruction *prev; /* Instruction précédente */ for (i = 0; i < count; i++) { start = g_binary_routine_get_address(routines[i]); end = start + g_binary_routine_get_size(routines[i]); + /* Définition de toutes les destinations */ for (iter = g_arch_instruction_find_by_address(list, start, true); iter != NULL; iter = g_arch_instruction_get_next_iter(list, iter, end)) @@ -104,10 +106,39 @@ void establish_links_between_lines(GArchInstruction *list, GBinRoutine **routine break; + default: + /** + * Note pour GCC : à ce stade du désassemblage, ILT_CATCH_EXCEPTION + * ne peut être présente, car ne provenant que de greffons. + * Pour ILT_EXEC_FLOW, sa seule insertion est ici, plus bas. + */ + break; + } } + /* Rattachement de deux blocs selon le flux normal */ + + iter = g_arch_instruction_find_by_address(list, start, true); + + for (iter = g_arch_instruction_get_next_iter(list, iter, end); + iter != NULL; + iter = g_arch_instruction_get_next_iter(list, iter, end)) + { + if (!g_arch_instruction_has_sources(iter)) + continue; + + prev = g_arch_instruction_get_prev_iter(list, iter); + + if (g_arch_instruction_is_return(prev)) + continue; + + if (!g_arch_instruction_has_destinations(prev)) + g_arch_instruction_link_with(prev, iter, ILT_EXEC_FLOW); + + } + gtk_extended_status_bar_update_activity(statusbar, id, (i + 1) * 1.0 / count); } diff --git a/src/analysis/type-int.h b/src/analysis/type-int.h new file mode 100644 index 0000000..a26deeb --- /dev/null +++ b/src/analysis/type-int.h @@ -0,0 +1,67 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * type-int.h - prototypes pour la définition interne des types de données + * + * Copyright (C) 2012 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _ANALYSIS_TYPE_INT_H +#define _ANALYSIS_TYPE_INT_H + + +#include "type.h" + + + +/* Décrit le type fourni sous forme de caractères. */ +typedef GDataType * (* type_dup_fc) (const GDataType *); + +/* Décrit le type fourni sous forme de caractères. */ +typedef char * (* type_to_string_fc) (const GDataType *); + +/* Procède à l'impression de la description d'un type. */ +typedef void (* output_type_fc) (const GDataType *, GLangOutput *, GBufferLine *, bool, bool); + + +/* Description de type quelconque (instance) */ +struct _GDataType +{ + GObject parent; /* A laisser en premier */ + + type_dup_fc dup; /* Copie d'instance existante */ + type_to_string_fc to_string; /* Conversion au format texte */ + output_type_fc output; /* Impression à l'écran */ + + GDataType *namespace; /* Espace de noms / classe */ + TypeQualifier qualifiers; /* Eventuels qualificatifs */ + + GTypesManager *manager; /* Gestionnaire global */ + +}; + +/* Description de type quelconque (classe) */ +struct _GDataTypeClass +{ + GObjectClass parent; /* A laisser en premier */ + +}; + + + +#endif /* _ANALYSIS_TYPE_INT_H */ diff --git a/src/arch/instruction-int.h b/src/arch/instruction-int.h index e323d6c..c89a51b 100644 --- a/src/arch/instruction-int.h +++ b/src/arch/instruction-int.h @@ -83,6 +83,7 @@ struct _GArchInstructionClass }; +#define ainstr_list_prev_iter(iter, head) dl_list_prev_iter(iter, head, GArchInstruction, flow) #define ainstr_list_next_iter(iter, head) dl_list_next_iter(iter, head, GArchInstruction, flow) #define ainstr_list_add_tail(new, head) dl_list_add_tail(new, head, GArchInstruction, flow) #define ainstr_list_for_each(pos, head) dl_list_for_each(pos, head, GArchInstruction, flow) diff --git a/src/arch/instruction.c b/src/arch/instruction.c index b553aec..98d7c85 100644 --- a/src/arch/instruction.c +++ b/src/arch/instruction.c @@ -381,7 +381,9 @@ bool g_arch_instruction_has_sources(const GArchInstruction *instr) bool g_arch_instruction_has_destinations(const GArchInstruction *instr) { - return (instr->to_count > 1 || (instr->to_count == 1 && instr->links_type[0] != ILT_CALL)); + /* FIXME !? */ + //return (instr->to_count > 1 || (instr->to_count == 1 && instr->links_type[0] != ILT_CALL)); + return (instr->to_count > 0); } @@ -607,6 +609,30 @@ void g_arch_instruction_add_to_list(GArchInstruction **list, GArchInstruction *i * * * Paramètres : list = liste d'instructions à consulter. * * : iter = position actuelle dans la liste. * +* * +* Description : Fournit l'élement suivant un autre pour un parcours. * +* * +* Retour : Elément suivant ou NULL si aucun. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *g_arch_instruction_get_prev_iter(const GArchInstruction *list, const GArchInstruction *iter) +{ + GArchInstruction *result; /* Elément suivant à renvoyer */ + + result = ainstr_list_prev_iter(iter, list); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : list = liste d'instructions à consulter. * +* : iter = position actuelle dans la liste. * * max = adresse marquant la limite (exclue) du parcours. * * * * Description : Fournit l'élement suivant un autre pour un parcours. * diff --git a/src/arch/instruction.h b/src/arch/instruction.h index efd2b75..a4e26d4 100644 --- a/src/arch/instruction.h +++ b/src/arch/instruction.h @@ -42,10 +42,12 @@ typedef enum _InstructionLinkType { ILT_NONE, /* Aucune instruction visée */ + ILT_EXEC_FLOW, /* Raccord attendu entre blocs */ ILT_JUMP, /* Saut inconditionnel */ ILT_JUMP_IF_TRUE, /* Saut conditionnel (si vrai) */ ILT_JUMP_IF_FALSE, /* Saut conditionnel (si faux) */ - ILT_CALL /* Appel d'une fonction */ + ILT_CALL, /* Appel d'une fonction */ + ILT_CATCH_EXCEPTION /* Gestion d'une exception */ } InstructionLinkType; @@ -133,6 +135,9 @@ GDecInstruction *g_arch_instruction_decompile(const GArchInstruction *, GDecCont void g_arch_instruction_add_to_list(GArchInstruction **, GArchInstruction *); /* Fournit l'élement suivant un autre pour un parcours. */ +GArchInstruction *g_arch_instruction_get_prev_iter(const GArchInstruction *, const GArchInstruction *); + +/* Fournit l'élement suivant un autre pour un parcours. */ GArchInstruction *g_arch_instruction_get_next_iter(const GArchInstruction *, const GArchInstruction *, vmpa_t); /* Recherche une instruction d'après son adresse. */ diff --git a/src/common/leb128.h b/src/common/leb128.h index 0364cf7..398785f 100644 --- a/src/common/leb128.h +++ b/src/common/leb128.h @@ -26,6 +26,7 @@ #include +#include #include "../arch/archbase.h" @@ -37,6 +38,16 @@ typedef uint64_t uleb128_t; typedef int64_t leb128_t; +/* Récupération de la valeur absolue */ +#define leb128_abs(v) llabs(v) + + +/* Valeurs minimales et maximales */ +#define ULEB128_MIN UINT64_MIN +#define ULEB128_MAX UINT64_MAX +#define LEB128_MIN INT64_MIN +#define LEB128_MAX INT64_MAX + /* Lit un nombre non signé encodé au format LEB128. */ bool read_uleb128(uleb128_t *, const bin_t *, off_t *, off_t); diff --git a/src/format/dex/class.c b/src/format/dex/class.c index 52389c4..52141ae 100644 --- a/src/format/dex/class.c +++ b/src/format/dex/class.c @@ -254,6 +254,61 @@ static void g_dex_class_register_method(const GDexClass *class, GBinFormat *form /****************************************************************************** * * +* Paramètres : class = informations chargées à consulter. * +* virtual = précise la nature des méthodes ciblées. * +* * +* Description : Dénombre les méthodes chargées d'un type donné. * +* * +* Retour : Quantité de méthodes trouvées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dex_class_count_methods(const GDexClass *class, bool virtual) +{ + size_t result; /* Compte à retourner */ + + if (virtual) + result = class->vmethods_count; + else + result = class->dmethods_count; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : class = informations chargées à consulter. * +* virtual = précise la nature des méthodes ciblées. * +* index = indique l'indice de la méthode désirée. * +* * +* Description : Fournit une méthode chargée correspondant à un type donné. * +* * +* Retour : Quantité de méthodes trouvées. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexMethod *g_dex_class_get_method(const GDexClass *class, bool virtual, size_t index) +{ + GDexMethod *result; /* Instance à renvoyer */ + + if (virtual) + result = class->virtual_methods[index]; + else + result = class->direct_methods[index]; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : class = informations chargées à consulter. * * parts = liste à venir compléter. * * count = quantité de zones listées. [OUT] * @@ -294,6 +349,10 @@ GBinPart **g_dex_class_get_parts(const GDexClass *class, GBinPart **parts, size_ } + + + + /****************************************************************************** * * * Paramètres : class = informations chargées à consulter. * diff --git a/src/format/dex/class.h b/src/format/dex/class.h index 998c1b7..e7094ff 100644 --- a/src/format/dex/class.h +++ b/src/format/dex/class.h @@ -54,6 +54,12 @@ typedef struct _GDexClassClass GDexClassClass; /* Détermine le type d'une classe issue du code source. */ GType g_dex_class_get_type(void); +/* Dénombre les méthodes chargées d'un type donné. */ +size_t g_dex_class_count_methods(const GDexClass *, bool); + +/* Fournit une méthode chargée correspondant à un type donné. */ +GDexMethod *g_dex_class_get_method(const GDexClass *, bool, size_t); + /* Fournit les références aux zones binaires à analyser. */ GBinPart **g_dex_class_get_parts(const GDexClass *, GBinPart **, size_t *); diff --git a/src/format/dex/dex-int.c b/src/format/dex/dex-int.c index 5628e6b..200b01f 100644 --- a/src/format/dex/dex-int.c +++ b/src/format/dex/dex-int.c @@ -529,10 +529,226 @@ void reset_dex_class_data_item(class_data_item *item) +/* ---------------------------------------------------------------------------------- */ +/* PORTION DE CODE EXECUTABLE */ +/* ---------------------------------------------------------------------------------- */ + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* pair = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_type_addr_pair(const GDexFormat *format, off_t *pos, encoded_type_addr_pair *pair) +{ + bool result; /* Bilan à retourner */ + const bin_t *content; /* Contenu binaire à lire */ + off_t length; /* Taille totale du contenu */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + length = G_BIN_FORMAT(format)->length; + + result &= read_uleb128(&pair->type_idx, content, pos, length); + result &= read_uleb128(&pair->addr, content, pos, length); + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* handler = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_catch_handler(const GDexFormat *format, off_t *pos, encoded_catch_handler *handler) +{ + bool result; /* Bilan à retourner */ + const bin_t *content; /* Contenu binaire à lire */ + off_t length; /* Taille totale du contenu */ + leb128_t count; /* Nombre de gestionnaires */ + leb128_t i; /* Boucle de parcours */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + length = G_BIN_FORMAT(format)->length; + + handler->offset = *pos; + + result &= read_leb128(&handler->size, content, pos, length); + + count = leb128_abs(handler->size); + + if (count > 0 && result) + { + handler->handlers = (encoded_type_addr_pair *)calloc(count, sizeof(encoded_type_addr_pair)); + + for (i = 0; i < count && result; i++) + result &= read_dex_encoded_type_addr_pair(format, pos, &handler->handlers[i]); + + } + else handler->handlers = NULL; + + if (handler->size < 0) + result &= read_uleb128(&handler->catch_all_addr, content, pos, length); + else + handler->catch_all_addr = ULEB128_MAX; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : handler = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_encoded_catch_handler(encoded_catch_handler *handler) +{ + if (handler->handlers != NULL) + free(handler->handlers); + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* list = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_encoded_catch_handler_list(const GDexFormat *format, off_t *pos, encoded_catch_handler_list *list) +{ + bool result; /* Bilan à retourner */ + const bin_t *content; /* Contenu binaire à lire */ + off_t length; /* Taille totale du contenu */ + off_t saved_off; /* Sauvegarde de position */ + uleb128_t i; /* Boucle de parcours */ + result = true; + content = G_BIN_FORMAT(format)->content; + length = G_BIN_FORMAT(format)->length; + + saved_off = *pos; + + result &= read_uleb128(&list->size, content, pos, length); + if (list->size > 0 && result) + { + list->list = (encoded_catch_handler *)calloc(list->size, sizeof(encoded_catch_handler)); + for (i = 0; i < list->size && result; i++) + { + result &= read_dex_encoded_catch_handler(format, pos, &list->list[i]); + if (result) list->list[i].offset -= saved_off; + } + + } + else list->list = NULL; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : list = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_encoded_catch_handler_list(encoded_catch_handler_list *list) +{ + uleb128_t i; /* Boucle de parcours */ + + if (list->list != NULL) + { + for (i = 0; i < list->size; i++) + reset_dex_encoded_catch_handler(&list->list[i]); + + free(list->list); + + } + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* pos = position de début de lecture. [OUT] * +* item = structure lue à retourner. [OUT] * +* * +* Description : Procède à la lecture d'une association exception <-> code. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool read_dex_try_item(const GDexFormat *format, off_t *pos, try_item *item) +{ + bool result; /* Bilan à retourner */ + const bin_t *content; /* Contenu binaire à lire */ + off_t length; /* Taille totale du contenu */ + + result = true; + + content = G_BIN_FORMAT(format)->content; + length = G_BIN_FORMAT(format)->length; + + result &= read_u32(&item->start_addr, content, pos, length, SRE_LITTLE); + result &= read_u16(&item->insn_count, content, pos, length, SRE_LITTLE); + result &= read_u16(&item->handler_off, content, pos, length, SRE_LITTLE); + + return result; + +} /****************************************************************************** @@ -554,6 +770,8 @@ bool read_dex_code_item(const GDexFormat *format, off_t *pos, code_item *item) bool result; /* Bilan à retourner */ const bin_t *content; /* Contenu binaire à lire */ off_t length; /* Taille totale du contenu */ + uint16_t padding; /* Eventuel alignement */ + uint16_t i; /* Boucle de parcours */ result = true; @@ -569,11 +787,59 @@ bool read_dex_code_item(const GDexFormat *format, off_t *pos, code_item *item) item->insns = (uint16_t *)pos; + *pos += item->insns_size * sizeof(uint16_t); + + /* Padding ? */ + if (item->tries_size > 0 && item->insns_size % 2 == 1) + result &= read_u16(&padding, content, pos, length, SRE_LITTLE); + + if (item->tries_size > 0 && result) + { + item->tries = (try_item *)calloc(item->tries_size, sizeof(try_item)); + + for (i = 0; i < item->tries_size && result; i++) + result &= read_dex_try_item(format, pos, &item->tries[i]); + + if (result) + { + item->handlers = (encoded_catch_handler_list *)calloc(1, sizeof(encoded_catch_handler_list)); + result &= read_dex_encoded_catch_handler_list(format, pos, item->handlers); + } + + } + return result; } +/****************************************************************************** +* * +* Paramètres : item = structure à nettoyer. * +* * +* Description : Supprime tous les éléments chargés en mémoire à la lecture. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void reset_dex_code_item(code_item *item) +{ + if (item->tries != NULL) + free(item->tries); + + if (item->handlers != NULL) + { + reset_dex_encoded_catch_handler_list(item->handlers); + free(item->handlers); + } + +} + + + diff --git a/src/format/dex/dex-int.h b/src/format/dex/dex-int.h index 5feb427..6a153c1 100755 --- a/src/format/dex/dex-int.h +++ b/src/format/dex/dex-int.h @@ -61,6 +61,12 @@ struct _GDexFormatClass /* Retrouve si possible la méthode associée à une adresse. */ GDexMethod *g_dex_format_find_method_by_address(const GDexFormat *, vmpa_t); +/* Dénombre le nombre de classes trouvées. */ +size_t g_dex_format_count_classes(const GDexFormat *); + +/* Fournit une classe du format chargée en mémoire. */ +GDexClass *g_dex_format_get_class(const GDexFormat *, size_t); + /* ------------------------ ELEMENTS DE TABLE DES CONSTANTES ------------------------ */ @@ -112,9 +118,33 @@ void reset_dex_class_data_item(class_data_item *); +/* --------------------------- PORTION DE CODE EXECUTABLE --------------------------- */ + + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_type_addr_pair(const GDexFormat *, off_t *, encoded_type_addr_pair *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_catch_handler(const GDexFormat *, off_t *, encoded_catch_handler *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_encoded_catch_handler(encoded_catch_handler *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_encoded_catch_handler_list(const GDexFormat *, off_t *, encoded_catch_handler_list *); + +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_encoded_catch_handler_list(encoded_catch_handler_list *); + +/* Procède à la lecture d'une association exception <-> code. */ +bool read_dex_try_item(const GDexFormat *, off_t *, try_item *); + /* Procède à la lecture d'une portion de code DEX. */ bool read_dex_code_item(const GDexFormat *, off_t *, code_item *); +/* Supprime tous les éléments chargés en mémoire à la lecture. */ +void reset_dex_code_item(code_item *); + diff --git a/src/format/dex/dex.c b/src/format/dex/dex.c index f0fb421..841f72f 100755 --- a/src/format/dex/dex.c +++ b/src/format/dex/dex.c @@ -2,7 +2,7 @@ /* OpenIDA - Outil d'analyse de fichiers binaires * dex.c - support du format DEX * - * Copyright (C) 2010-2011 Cyrille Bagard + * Copyright (C) 2010-2012 Cyrille Bagard * * This file is part of OpenIDA. * @@ -450,3 +450,42 @@ static bool g_dex_format_translate_offset_into_address(const GDexFormat *format, return result; } + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à consulter. * +* * +* Description : Dénombre le nombre de classes trouvées. * +* * +* Retour : Quantité de classes présentes. * +* * +* Remarques : - * +* * +******************************************************************************/ + +size_t g_dex_format_count_classes(const GDexFormat *format) +{ + return format->classes_count; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à consulter. * +* index = indice de la classe visée. * +* * +* Description : Fournit une classe du format chargée en mémoire. * +* * +* Retour : Instance représentant une classe chargée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GDexClass *g_dex_format_get_class(const GDexFormat *format, size_t index) +{ + return format->classes[index]; + +} diff --git a/src/format/dex/dex.h b/src/format/dex/dex.h index cfa72c1..9b769c2 100755 --- a/src/format/dex/dex.h +++ b/src/format/dex/dex.h @@ -2,7 +2,7 @@ /* OpenIDA - Outil d'analyse de fichiers binaires * dex.h - prototypes pour le support du format DEX * - * Copyright (C) 2010 Cyrille Bagard + * Copyright (C) 2010-2012 Cyrille Bagard * * This file is part of OpenIDA. * diff --git a/src/format/dex/dex_def.h b/src/format/dex/dex_def.h index ba88d69..d21ac15 100755 --- a/src/format/dex/dex_def.h +++ b/src/format/dex/dex_def.h @@ -179,6 +179,49 @@ typedef struct _class_data_item /* --------------------------- PORTION DE CODE EXECUTABLE --------------------------- */ +/* Exception gérée */ +typedef struct _encoded_type_addr_pair +{ + uleb128_t type_idx; /* Type d'exception couverte */ + uleb128_t addr; /* Adresse du début du code */ + +} encoded_type_addr_pair; + +/* Ensemble d'exceptions prises en compte */ +typedef struct _encoded_catch_handler +{ + leb128_t size; /* Quantité d'exceptions */ + encoded_type_addr_pair *handlers; /* Gestionnaires explicites */ + uleb128_t catch_all_addr; /* Adresse par défaut */ + + /** + * Note : les spécifications indiquent que le champ handler_off de + * try_item renvoie vers le gestionnaire à partir de la base de la structure + * encoded_catch_handler_list. Comme la représentation interne de cette + * structure efface la représentation physique, on conserve en mémoire + * le décalage rencontré à la lecture dans un champ artificiel. + */ + off_t offset; /* Position dans le binaire */ + +} encoded_catch_handler; + +/* Liste des différents gestionnaires d'exceptions */ +typedef struct _encoded_catch_handler_list +{ + uleb128_t size; /* Taille de la liste */ + encoded_catch_handler *list; /* Gestionnaires en place */ + +} encoded_catch_handler_list; + +/* Zone couverte en cas de pépin */ +typedef struct _try_item +{ + uint32_t start_addr; /* Adresse du début couvert */ + uint16_t insn_count; /* Nbre de doubles-octets gérés*/ + uint16_t handler_off; /* Indice du gestionnaire */ + +} try_item; + /* Description de la zone */ typedef struct _code_item { @@ -190,13 +233,13 @@ typedef struct _code_item uint32_t insns_size; /* Nbre de blocs de 2 octets */ uint16_t *insns; /* Code exécutable */ - + try_item *tries; /* Zone d'exceptions */ + encoded_catch_handler_list *handlers; /* Gestionnaires associés */ } code_item; - /* -------------------------- DESCRIPTION DU FORMAT DALVIK -------------------------- */ diff --git a/src/format/dex/method.c b/src/format/dex/method.c index 25145f5..6ea9697 100644 --- a/src/format/dex/method.c +++ b/src/format/dex/method.c @@ -147,7 +147,9 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see result->info = *seed; result->body = item; - //printf(" ==== %s ====\n", g_binary_routine_get_name(routine)); + //printf(" ==== (%p) %s ====\n", routine, g_binary_routine_to_string(routine)); + + //printf(" try ? %d\n", item.tries_size); //printf(" method idx :: %d\n", seed->method_idx_diff); //printf(" code size :: %d\n", item.insns_size); @@ -180,6 +182,44 @@ GDexMethod *g_dex_method_new(const GDexFormat *format, const encoded_method *see /****************************************************************************** * * +* Paramètres : method = représentation interne de la méthode à consulter. * +* * +* Description : Fournit les indications Dex concernant la méthode. * +* * +* Retour : Données brutes du binaire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const encoded_method *g_dex_method_get_dex_info(const GDexMethod *method) +{ + return &method->info; + +} + + +/****************************************************************************** +* * +* Paramètres : method = représentation interne de la méthode à consulter. * +* * +* Description : Fournit les indications Dex relatives au corps de la méthode.* +* * +* Retour : Données brutes du binaire. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const code_item *g_dex_method_get_dex_body(const GDexMethod *method) +{ + return &method->body; + +} + + +/****************************************************************************** +* * * Paramètres : method = représentation interne du format DEX à consulter. * * * * Description : Fournit la routine OpenIDA correspondant à la méthode. * @@ -272,7 +312,7 @@ DexVariableIndex g_dex_method_get_variable(const GDexMethod *method, uint32_t in pivot = body->registers_size - body->ins_size; - if (!(method->info.access_flags & ACC_STATIC)) + if (!(info->access_flags & ACC_STATIC)) pivot++; if (index >= pivot) @@ -280,7 +320,7 @@ DexVariableIndex g_dex_method_get_variable(const GDexMethod *method, uint32_t in /* S'agit-il de "this" ? */ - if (!(method->info.access_flags & ACC_STATIC) + if (!(info->access_flags & ACC_STATIC) && index == (body->registers_size - body->ins_size)) return DVI_THIS; diff --git a/src/format/dex/method.h b/src/format/dex/method.h index c06df73..33f23b1 100644 --- a/src/format/dex/method.h +++ b/src/format/dex/method.h @@ -69,6 +69,12 @@ GType g_dex_method_get_type(void); /* Crée une nouvelle représentation de methode issue de code. */ GDexMethod *g_dex_method_new(const GDexFormat *, const encoded_method *, uleb128_t *); +/* Fournit les indications Dex concernant la méthode. */ +const encoded_method *g_dex_method_get_dex_info(const GDexMethod *); + +/* Fournit les indications Dex relatives au corps de la méthode. */ +const code_item *g_dex_method_get_dex_body(const GDexMethod *); + /* Fournit la routine OpenIDA correspondant à la méthode. */ GBinRoutine *g_dex_method_get_routine(const GDexMethod *); diff --git a/src/gtkext/graph/dot.c b/src/gtkext/graph/dot.c index 4c35089..0e7091e 100644 --- a/src/gtkext/graph/dot.c +++ b/src/gtkext/graph/dot.c @@ -25,6 +25,7 @@ #include +#include #include #include @@ -210,14 +211,19 @@ GtkLinkRenderer **create_links_from_graph_layout(const graph_layout *layout, siz /* Détermination de la couleur */ + color = LKC_DEFAULT; + attrib = agfindedgeattr(agraphof(agtail(eiter)), "color"); - if (eiter->attr[attrib->index][0] == 'g') /* "green" */ - color = LKC_GREEN; - else if (eiter->attr[attrib->index][0] == 'r') /* "red" */ - color = LKC_RED; - else - color = LKC_DEFAULT; + if (attrib != NULL) + { + if (strcmp("green", eiter->attr[attrib->index]) == 0) + color = LKC_GREEN; + else if (strcmp("red", eiter->attr[attrib->index]) == 0) + color = LKC_RED; + else if (strcmp("gray", eiter->attr[attrib->index]) == 0) + color = LKC_DASHED_GRAY; + } /* Raccordement au point de départ */ diff --git a/src/gtkext/graph/layout.c b/src/gtkext/graph/layout.c index 64a8236..3a2f4e3 100644 --- a/src/gtkext/graph/layout.c +++ b/src/gtkext/graph/layout.c @@ -137,7 +137,6 @@ static char *complete_graph_links(const GtkGraphView *view, GtkViewPanel **views size_t j; /* Boucle de parcours #2 */ size_t k; /* Boucle de parcours #3 */ char cmd[LINKS_DESC_LEN]; /* Tampon pour l'ajout de liens*/ - GArchInstruction *next; /* Instruction suivante */ if (count == 0) return desc; @@ -168,6 +167,7 @@ static char *complete_graph_links(const GtkGraphView *view, GtkViewPanel **views if (k < count) switch (types[j]) { + case ILT_EXEC_FLOW: case ILT_JUMP: snprintf(cmd, LINKS_DESC_LEN, "_%p:s -> _%p:n [ltail=cluster_%p, lhead=cluster_%p];\n", @@ -191,6 +191,14 @@ static char *complete_graph_links(const GtkGraphView *view, GtkViewPanel **views desc = stradd(desc, cmd); break; + case ILT_CATCH_EXCEPTION: + snprintf(cmd, LINKS_DESC_LEN, + "_%p:s -> _%p:n [ltail=cluster_%p, lhead=cluster_%p, " \ + "color=gray];\n", + views[i], views[k], views[i], views[k]); + desc = stradd(desc, cmd); + break; + default: break; @@ -200,31 +208,6 @@ static char *complete_graph_links(const GtkGraphView *view, GtkViewPanel **views } - /* Sinon on suit le flux normal */ - else - { - if (g_arch_instruction_is_return(last)) - continue; - - next = g_arch_instruction_get_next_iter(instrs, last, VMPA_MAX); - if (next == NULL) continue; - - g_arch_instruction_get_location(next, NULL, NULL, &addr); - - for (k = 0; k < count; k++) - if (gtk_view_panel_contain_address(views[k], addr)) - break; - - if (k < count) - { - snprintf(cmd, LINKS_DESC_LEN, - "_%p:s -> _%p:n [ltail=cluster_%p, lhead=cluster_%p];\n", - views[i], views[k], views[i], views[k]); - desc = stradd(desc, cmd); - } - - } - } return desc; diff --git a/src/gtkext/gtkgraphview.c b/src/gtkext/gtkgraphview.c index f205ee2..1a48680 100644 --- a/src/gtkext/gtkgraphview.c +++ b/src/gtkext/gtkgraphview.c @@ -650,7 +650,7 @@ static GtkViewPanel **gtk_graph_view_load_nodes(GtkGraphView *view, GLoadedBinar g_arch_instruction_get_location(iter, NULL, NULL, &last); if (first == VMPA_MAX) first = last; - if (g_arch_instruction_has_destinations(iter)) + if (g_arch_instruction_has_destinations(iter) || g_arch_instruction_is_return(iter)) { result = (GtkViewPanel **)realloc(result, ++(*count) * sizeof(GtkViewPanel *)); diff --git a/src/gtkext/gtklinkrenderer.c b/src/gtkext/gtklinkrenderer.c index 43eda38..8b43fa8 100644 --- a/src/gtkext/gtklinkrenderer.c +++ b/src/gtkext/gtklinkrenderer.c @@ -189,6 +189,22 @@ void _gtk_link_renderer_draw(const GtkLinkRenderer *renderer, cairo_t *cairo, bo case LKC_RED: cairo_set_source_rgb(cairo, 0.8, 0, 0); break; + case LKC_DASHED_GRAY: + cairo_set_source_rgb(cairo, 0.4, 0.4, 0.4); + break; + } + + switch (renderer->color) + { + default: + case LKC_DEFAULT: + case LKC_GREEN: + case LKC_RED: + cairo_set_dash(cairo, (double []) { 6.0 }, 0, 0.0); + break; + case LKC_DASHED_GRAY: + cairo_set_dash(cairo, (double []) { 6.0 }, 1, 0.0); + break; } /** diff --git a/src/gtkext/gtklinkrenderer.h b/src/gtkext/gtklinkrenderer.h index 574bd1d..3f6442c 100644 --- a/src/gtkext/gtklinkrenderer.h +++ b/src/gtkext/gtklinkrenderer.h @@ -52,6 +52,7 @@ typedef enum _LinkColor LKC_DEFAULT, /* Noir, par défaut */ LKC_GREEN, /* Condition vérifiée */ LKC_RED, /* Condition non vérifiée */ + LKC_DASHED_GRAY, /* Exception omniprésente */ LKC_COUNT diff --git a/src/plugins/plugin.c b/src/plugins/plugin.c index 89b46f0..416c647 100644 --- a/src/plugins/plugin.c +++ b/src/plugins/plugin.c @@ -125,10 +125,7 @@ GPluginModule *g_plugin_module_new(const gchar *filename, GObject *ref) result->name = get_name(); if (!g_module_symbol(result->module, "init_plugin", (gpointer *)&result->init)) - { - printf("Err plugin init sym\n"); - /* TODO */ - } + result->init = NULL; /* @@ -156,8 +153,7 @@ GPluginModule *g_plugin_module_new(const gchar *filename, GObject *ref) result->get_action = get_action; - /* - if (result->action & (PGA_DISASSEMBLE | PGA_CODE_PROCESS)) + if (g_plugin_module_get_action(result) & (PGA_DISASSEMBLE | PGA_DISASS_PROCESS | PGA_CODE_PROCESS)) { if (!g_module_symbol(result->module, "execute_action_on_binary", (gpointer *)&result->exec_on_bin)) { @@ -168,14 +164,13 @@ GPluginModule *g_plugin_module_new(const gchar *filename, GObject *ref) } - */ - if (!result->init(result, ref)) + if (result->init != NULL && !result->init(result, ref)) { log_variadic_message(LMT_ERROR, _("Initialization of plugin '%s' failed !"), filename); goto bad_plugin; -- cgit v0.11.2-87-g4458