From 057cee1c3c109639af8f30e39e00f4884a353f31 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Sat, 28 Mar 2015 01:00:33 +0000 Subject: Provided readelf features as an external plugin. git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@495 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a --- ChangeLog | 42 ++ configure.ac | 1 + plugins/Makefile.am | 2 +- plugins/readelf/Makefile.am | 15 + plugins/readelf/header.c | 481 +++++++++++++++++++ plugins/readelf/header.h | 37 ++ plugins/readelf/program.c | 363 ++++++++++++++ plugins/readelf/program.h | 37 ++ plugins/readelf/reader.c | 66 +++ plugins/readelf/reader.h | 39 ++ plugins/readelf/section.c | 441 +++++++++++++++++ plugins/readelf/section.h | 37 ++ src/format/elf/elf-int.c | 34 +- src/format/elf/elf-int.h | 2 +- src/format/elf/elf.c | 43 +- src/format/elf/elf.h | 7 + src/format/elf/program.c | 2 +- src/format/elf/strings.c | 4 +- src/format/elf/symbols.c | 1098 ------------------------------------------- src/format/format.c | 2 + src/plugins/pglist.h | 4 + src/plugins/plugin-def.h | 5 +- src/plugins/plugin-int.h | 4 + src/plugins/plugin.c | 42 +- src/plugins/plugin.h | 3 + 25 files changed, 1686 insertions(+), 1125 deletions(-) create mode 100644 plugins/readelf/Makefile.am create mode 100644 plugins/readelf/header.c create mode 100644 plugins/readelf/header.h create mode 100644 plugins/readelf/program.c create mode 100644 plugins/readelf/program.h create mode 100644 plugins/readelf/reader.c create mode 100644 plugins/readelf/reader.h create mode 100644 plugins/readelf/section.c create mode 100644 plugins/readelf/section.h diff --git a/ChangeLog b/ChangeLog index e0c3655..ec56744 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,45 @@ +15-03-28 Cyrille Bagard + + * configure.ac: + Add the new Makefile from the 'plugins/readelf' directory. + + * plugins/Makefile.am: + Add readelf to SUBDIRS. + + * plugins/readelf/header.c: + * plugins/readelf/header.h: + * plugins/readelf/Makefile.am: + * plugins/readelf/program.c: + * plugins/readelf/program.h: + * plugins/readelf/reader.c: + * plugins/readelf/reader.h: + * plugins/readelf/section.c: + * plugins/readelf/section.h: + New entries: provide readelf features as an external plugin. + + * src/format/elf/elf.c: + * src/format/elf/elf.h: + Provide some ELF properties and update code. + + * src/format/elf/elf-int.c: + * src/format/elf/elf-int.h: + Read a program header without updating the read position. + + * src/format/elf/program.c: + * src/format/elf/strings.c: + * src/format/elf/symbols.c: + Update code. + + * src/format/format.c: + Increment references for borrowed binary content. + + * src/plugins/pglist.h: + * src/plugins/plugin.c: + * src/plugins/plugin-def.h: + * src/plugins/plugin.h: + * src/plugins/plugin-int.h: + Extend the plugins definitions to allow comments linked to instructions. + 15-03-25 Cyrille Bagard * tools/d2c/conv.c: diff --git a/configure.ac b/configure.ac index 611ca92..9c5ea40 100644 --- a/configure.ac +++ b/configure.ac @@ -297,6 +297,7 @@ AC_CONFIG_FILES([Makefile plugins/python/apkfiles/Makefile plugins/python/exectracer/Makefile plugins/python/samples/Makefile + plugins/readelf/Makefile plugins/stackvars/Makefile src/Makefile src/analysis/Makefile diff --git a/plugins/Makefile.am b/plugins/Makefile.am index 5eadf0c..de8fa29 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am @@ -1,2 +1,2 @@ -SUBDIRS = androhelpers devdbg mobicore pychrysa python stackvars +SUBDIRS = androhelpers devdbg mobicore pychrysa python readelf stackvars diff --git a/plugins/readelf/Makefile.am b/plugins/readelf/Makefile.am new file mode 100644 index 0000000..f6b3d5e --- /dev/null +++ b/plugins/readelf/Makefile.am @@ -0,0 +1,15 @@ + +lib_LTLIBRARIES = libreadelf.la + +libreadelf_la_SOURCES = \ + header.h header.c \ + program.h program.c \ + reader.h reader.c \ + section.h section.c + +libreadelf_la_CFLAGS = $(AM_CFLAGS) + + +AM_CPPFLAGS = $(LIBGTK_CFLAGS) $(LIBXML_CFLAGS) -I../../src + +AM_CFLAGS = $(DEBUG_CFLAGS) $(WARNING_FLAGS) $(COMPLIANCE_FLAGS) diff --git a/plugins/readelf/header.c b/plugins/readelf/header.c new file mode 100644 index 0000000..5fbd769 --- /dev/null +++ b/plugins/readelf/header.c @@ -0,0 +1,481 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.c - annotation des en-têtes de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "header.h" + + +#include +#include +#include + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge tous les symboles de l'en-tête ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool annotate_elf_header(GElfFormat *format) +{ + GBinContent *content; /* Contenu binaire à lire */ + const elf_header *header; /* En-tête principale */ + SourceEndian endian; /* Boutisme utilisé */ + vmpa2t pos; /* Tête de lecture des symboles*/ + vmpa2t start; /* Localisation des symboles */ + GArchInstruction *instr; /* Instruction décodée */ + GArchOperand *operand; /* Opérande à venir modifier */ + GDbComment *comment; /* Définition de commentaire */ + GBinSymbol *symbol; /* Symbole à intégrer */ + const char *text; /* Texte constant à insérer */ + + content = g_binary_format_get_conten_(G_BIN_FORMAT(format)); + + header = g_elf_format_get_header(format); + endian = g_elf_format_get_endianness(format); + + init_vmpa(&pos, 0, 0x3333); + + /* ELFMAG (0) */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 4, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 1, IOD_CHAR); + SET_IMM_DISPLAY(instr, operand, 2, IOD_CHAR); + SET_IMM_DISPLAY(instr, operand, 3, IOD_CHAR); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("ELF magic number")); + + /* EI_CLASS (4) */ + + switch (header->hdr32.e_ident[EI_CLASS]) + { + case EV_NONE: + text = _("File class: invalid"); + break; + case ELFCLASS32: + text = _("File class: 32-bit objects"); + break; + case ELFCLASS64: + text = _("File class: 64-bit objects"); + break; + default: + text = _("File class: unknown"); + break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* EI_DATA (5) */ + + switch (header->hdr32.e_ident[EI_DATA]) + { + case ELFDATANONE: + text = _("Data encoding: invalid"); + break; + case ELFDATA2LSB: + text = _("Data encoding: 2's complement, little endian"); + break; + case ELFDATA2MSB: + text = _("Data encoding: 2's complement, big endian"); + break; + default: + text = _("Data encoding: unknown"); + break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* EI_VERSION (6) */ + + switch (header->hdr32.e_ident[EI_VERSION]) + { + case EV_NONE: + text = _("File version: invalid"); + break; + case EV_CURRENT: + text = _("File version: current"); + break; + default: + text = _("File version: unknown"); + break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* EI_OSABI (7) */ + + switch (header->hdr32.e_ident[EI_OSABI]) + { + case ELFOSABI_SYSV: + text = _("OS ABI: UNIX System V"); + break; + case ELFOSABI_HPUX: + text = _("OS ABI: HP-UX"); + break; + case ELFOSABI_NETBSD: + text = _("OS ABI: NetBSD"); + break; + case ELFOSABI_GNU: + text = _("OS ABI: object uses GNU ELF extensions"); + break; + case ELFOSABI_SOLARIS: + text = _("OS ABI: Sun Solaris"); + break; + case ELFOSABI_AIX: + text = _("OS ABI: IBM AIX"); + break; + case ELFOSABI_IRIX: + text = _("OS ABI: SGI Irix"); + break; + case ELFOSABI_FREEBSD: + text = _("OS ABI: FreeBSD"); + break; + case ELFOSABI_TRU64: + text = _("OS ABI: Compaq TRU64 UNIX"); + break; + case ELFOSABI_MODESTO: + text = _("OS ABI: Novell Modesto"); + break; + case ELFOSABI_OPENBSD: + text = _("OS ABI: OpenBSD"); + break; + case ELFOSABI_ARM_AEABI: + text = _("OS ABI: ARM EABI"); + break; + case ELFOSABI_ARM: + text = _("OS ABI: ARM"); + break; + case ELFOSABI_STANDALONE: + text = _("OS ABI: standalone (embedded) application"); + break; + default: + text = _("OS ABI: unknown"); + break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* EI_ABIVERSION (8) */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("ABI version")); + + /* Padding */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_8_BITS, 7, &pos, endian); + + g_raw_instruction_mark_as_padding(G_RAW_INSTRUCTION(instr), true); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Padding")); + + /* Champ "e_type" */ + + switch (header->hdr32.e_type) + { + case ET_NONE: + text = _("Object file type: no file type"); + break; + case ET_REL: + text = _("Object file type: relocatable file"); + break; + case ET_EXEC: + text = _("Object file type: executable file"); + break; + case ET_DYN: + text = _("Object file type: shared object file"); + break; + case ET_CORE: + text = _("Object file type: core file"); + break; + case ET_LOOS ... ET_HIOS: + text = _("Object file type: OS-specific"); + break; + case ET_LOPROC ... ET_HIPROC: + text = _("Object file type: processor-specific"); + break; + default: + text = _("Object file type: unkown"); + break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* Champ "e_machine" */ + + switch (header->hdr32.e_machine) + { + case EM_NONE: text = _("Architecture: No machine"); break; + case EM_M32: text = _("Architecture: AT&T WE 32100"); break; + case EM_SPARC: text = _("Architecture: SUN SPARC"); break; + case EM_386: text = _("Architecture: Intel 80386"); break; + case EM_68K: text = _("Architecture: Motorola m68k family"); break; + case EM_88K: text = _("Architecture: Motorola m88k family"); break; + case EM_860: text = _("Architecture: Intel 80860"); break; + case EM_MIPS: text = _("Architecture: MIPS R3000 big-endian"); break; + case EM_S370: text = _("Architecture: IBM System/370"); break; + case EM_MIPS_RS3_LE:text = _("Architecture: MIPS R3000 little-endian"); break; + case EM_PARISC: text = _("Architecture: HPPA"); break; + case EM_VPP500: text = _("Architecture: Fujitsu VPP500"); break; + case EM_SPARC32PLUS:text = _("Architecture: Sun's \"v8plus\""); break; + case EM_960: text = _("Architecture: Intel 80960"); break; + case EM_PPC: text = _("Architecture: PowerPC"); break; + case EM_PPC64: text = _("Architecture: PowerPC 64-bit"); break; + case EM_S390: text = _("Architecture: IBM S390"); break; + case EM_V800: text = _("Architecture: NEC V800 series"); break; + case EM_FR20: text = _("Architecture: Fujitsu FR20"); break; + case EM_RH32: text = _("Architecture: TRW RH-32"); break; + case EM_RCE: text = _("Architecture: Motorola RCE"); break; + case EM_ARM: text = _("Architecture: ARM"); break; + case EM_FAKE_ALPHA: text = _("Architecture: Digital Alpha"); break; + case EM_SH: text = _("Architecture: Hitachi SH"); break; + case EM_SPARCV9: text = _("Architecture: SPARC v9 64-bit"); break; + case EM_TRICORE: text = _("Architecture: Siemens Tricore"); break; + case EM_ARC: text = _("Architecture: Argonaut RISC Core"); break; + case EM_H8_300: text = _("Architecture: Hitachi H8/300"); break; + case EM_H8_300H: text = _("Architecture: Hitachi H8/300H"); break; + case EM_H8S: text = _("Architecture: Hitachi H8S"); break; + case EM_H8_500: text = _("Architecture: Hitachi H8/500"); break; + case EM_IA_64: text = _("Architecture: Intel Merced"); break; + case EM_MIPS_X: text = _("Architecture: Stanford MIPS-X"); break; + case EM_COLDFIRE: text = _("Architecture: Motorola Coldfire"); break; + case EM_68HC12: text = _("Architecture: Motorola M68HC12"); break; + case EM_MMA: text = _("Architecture: Fujitsu MMA Multimedia Accelerator"); break; + case EM_PCP: text = _("Architecture: Siemens PCP"); break; + case EM_NCPU: text = _("Architecture: Sony nCPU embeeded RISC"); break; + case EM_NDR1: text = _("Architecture: Denso NDR1 microprocessor"); break; + case EM_STARCORE: text = _("Architecture: Motorola Start*Core processor"); break; + case EM_ME16: text = _("Architecture: Toyota ME16 processor"); break; + case EM_ST100: text = _("Architecture: STMicroelectronic ST100 processor"); break; + case EM_TINYJ: text = _("Architecture: Advanced Logic Corp. Tinyj emb.fam"); break; + case EM_X86_64: text = _("Architecture: AMD x86-64 architecture"); break; + case EM_PDSP: text = _("Architecture: Sony DSP Processor"); break; + case EM_FX66: text = _("Architecture: Siemens FX66 microcontroller"); break; + case EM_ST9PLUS: text = _("Architecture: STMicroelectronics ST9+ 8/16 mc"); break; + case EM_ST7: text = _("Architecture: STmicroelectronics ST7 8 bit mc"); break; + case EM_68HC16: text = _("Architecture: Motorola MC68HC16 microcontroller"); break; + case EM_68HC11: text = _("Architecture: Motorola MC68HC11 microcontroller"); break; + case EM_68HC08: text = _("Architecture: Motorola MC68HC08 microcontroller"); break; + case EM_68HC05: text = _("Architecture: Motorola MC68HC05 microcontroller"); break; + case EM_SVX: text = _("Architecture: Silicon Graphics SVx"); break; + case EM_ST19: text = _("Architecture: STMicroelectronics ST19 8 bit mc"); break; + case EM_VAX: text = _("Architecture: Digital VAX"); break; + case EM_CRIS: text = _("Architecture: Axis Communications 32-bit embedded processor"); break; + case EM_JAVELIN: text = _("Architecture: Infineon Technologies 32-bit embedded processor"); break; + case EM_FIREPATH: text = _("Architecture: Element 14 64-bit DSP Processor"); break; + case EM_ZSP: text = _("Architecture: LSI Logic 16-bit DSP Processor"); break; + case EM_MMIX: text = _("Architecture: Donald Knuth's educational 64-bit processor"); break; + case EM_HUANY: text = _("Architecture: Harvard University machine-independent object files"); break; + case EM_PRISM: text = _("Architecture: SiTera Prism"); break; + case EM_AVR: text = _("Architecture: Atmel AVR 8-bit microcontroller"); break; + case EM_FR30: text = _("Architecture: Fujitsu FR30"); break; + case EM_D10V: text = _("Architecture: Mitsubishi D10V"); break; + case EM_D30V: text = _("Architecture: Mitsubishi D30V"); break; + case EM_V850: text = _("Architecture: NEC v850"); break; + case EM_M32R: text = _("Architecture: Mitsubishi M32R"); break; + case EM_MN10300: text = _("Architecture: Matsushita MN10300"); break; + case EM_MN10200: text = _("Architecture: Matsushita MN10200"); break; + case EM_PJ: text = _("Architecture: picoJava"); break; + case EM_OPENRISC: text = _("Architecture: OpenRISC 32-bit embedded processor"); break; + case EM_ARC_A5: text = _("Architecture: ARC Cores Tangent-A5"); break; + case EM_XTENSA: text = _("Architecture: Tensilica Xtensa Architecture"); break; + case EM_AARCH64: text = _("Architecture: ARM AARCH64"); break; + case EM_TILEPRO: text = _("Architecture: Tilera TILEPro"); break; + case EM_MICROBLAZE: text = _("Architecture: Xilinx MicroBlaze"); break; + case EM_TILEGX: text = _("Architecture: Tilera TILE-Gx"); break; + default: text = _("Architecture: unknown"); break; + } + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* Champ "e_version" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Object file version")); + + if (header->hdr32.e_ident[EI_CLASS] == ELFCLASS32) + { + /* Champ "e_entry" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Entry point virtual address")); + + /* Champ "e_phoff" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Program header table file offset")); + + /* Champ "e_shoff" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section header table file offset")); + + } + + else if (header->hdr32.e_ident[EI_CLASS] == ELFCLASS64) + { + /* Champ "e_entry" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Entry point virtual address")); + + /* Champ "e_phoff" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Program header table file offset")); + + /* Champ "e_shoff" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, &pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section header table file offset")); + + } + + else return false; + + /* Champ "e_flags" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, &pos, endian); + + //SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Processor-specific flags")); + + /* Champ "e_ehsize" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("ELF header size in bytes")); + + /* Champ "e_phentsize" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Program header table entry size")); + + /* Champ "e_phnum" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Program header table entry count")); + + /* Champ "e_shentsize" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section header table entry size")); + + /* Champ "e_shnum" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section header table entry count")); + + /* Champ "e_shstrndx" */ + + copy_vmpa(&start, &pos); + instr = g_raw_instruction_new_array(content, MDS_16_BITS, 1, &pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section header string table index")); + + g_object_unref(G_OBJECT(content)); + + return true; + +} diff --git a/plugins/readelf/header.h b/plugins/readelf/header.h new file mode 100644 index 0000000..c86b07f --- /dev/null +++ b/plugins/readelf/header.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.h - prototypes pour l'annotation des en-têtes de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_READELF_HEADER_H +#define _PLUGINS_READELF_HEADER_H + + +#include + + + +/* Charge tous les symboles de l'en-tête ELF. */ +bool annotate_elf_header(GElfFormat *); + + + +#endif /* _PLUGINS_READELF_HEADER_H */ diff --git a/plugins/readelf/program.c b/plugins/readelf/program.c new file mode 100644 index 0000000..6912828 --- /dev/null +++ b/plugins/readelf/program.c @@ -0,0 +1,363 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.c - annotation des en-têtes de programme de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "program.h" + + +#include +#include +#include +#include +#include + + + +/* Charge tous les symboles liés à un en-tête de programme ELF. */ +static bool annotate_elf_program_header(GElfFormat *, SourceEndian, vmpa2t *); + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* endian = boutisme présentement utilisé. * +* pos = tête de lecture à déplacer. [OUT] * +* * +* Description : Charge tous les symboles liés à un en-tête de programme ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool annotate_elf_program_header(GElfFormat *format, SourceEndian endian, vmpa2t *pos) +{ + elf_phdr phdr; /* En-tête de programme ELF */ + GBinContent *content; /* Contenu binaire à lire */ + ImmOperandDisplay disp; /* Afficahge de valeur */ + const char *text; /* Texte constant à insérer */ + vmpa2t start; /* Localisation des symboles */ + GArchInstruction *instr; /* Instruction décodée */ + GArchOperand *operand; /* Opérande à venir modifier */ + GDbComment *comment; /* Définition de commentaire */ + GBinSymbol *symbol; /* Symbole à intégrer */ + char *dtext; /* Texte dynamique à créer */ + bool filled; /* Suivi de mise en place */ + + if (!read_elf_program_header(format, get_phy_addr(pos), &phdr)) + return false; + + content = g_binary_format_get_conten_(G_BIN_FORMAT(format)); + + /* Champ "p_type" */ + + disp = IOD_DEC; + + switch (ELF_PHDR(format, phdr, p_type)) + { + case PT_NULL: + text = _("Segment type: unused"); + break; + case PT_LOAD: + text = _("Segment type: loadable program segment"); + break; + case PT_DYNAMIC: + text = _("Segment type: dynamic linking information"); + break; + case PT_INTERP: + text = _("Segment type: program interpreter"); + break; + case PT_NOTE: + text = _("Segment type: auxiliary information"); + break; + case PT_SHLIB: + text = _("Segment type: reserved"); + break; + case PT_PHDR: + text = _("Segment type: entry for header table itself"); + break; + case PT_TLS: + text = _("Segment type: thread-local storage segment"); + break; + case PT_LOOS ... PT_HIOS: + disp = IOD_HEX; + switch (ELF_PHDR(format, phdr, p_type)) + { + case PT_GNU_EH_FRAME: + text = _("Segment type: GCC .eh_frame_hdr segment"); + break; + case PT_GNU_STACK: + text = _("Segment type: indicates stack executability"); + break; + case PT_GNU_RELRO: + text = _("Segment type: read-only after relocation"); + break; + case PT_LOSUNW ... PT_HISUNW: + switch (ELF_PHDR(format, phdr, p_type)) + { + case PT_SUNWSTACK: + text = _("Segment type: Sun Stack segment"); + break; + default: + text = _("Segment type: Sun specific segment"); + break; + } + break; + default: + text = _("Segment type: OS-specific"); + break; + } + break; + case PT_LOPROC ... PT_HIPROC: + disp = IOD_HEX; + text = _("Segment type: processor-specific"); + break; + default: + disp = IOD_HEX; + text = _("Segment type: unknown"); + break; + } + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, disp); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); + + if (format->is_32b) + { + /* Champ "p_offset" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment file offset")); + + /* Champ "p_vaddr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment virtual address")); + + /* Champ "p_paddr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment physical address")); + + /* Champ "p_filesz" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in file")); + + /* Champ "p_memsz" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in memory")); + + /* Champ "p_flags" */ + + dtext = strdup(_("Segment flags: ")); + filled = false; + + if (ELF_PHDR(format, phdr, p_flags) & PF_R) + { + dtext = stradd(dtext, "R"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_W) + { + dtext = stradd(dtext, "W"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_X) + { + dtext = stradd(dtext, "X"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_MASKOS) + /* TODO */; + + if (ELF_PHDR(format, phdr, p_flags) & PF_MASKPROC) + /* TODO */; + + if (!filled) + dtext = stradd(dtext, _("none")); + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); + + free(dtext); + + /* Champ "p_align" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment alignment")); + + } + else + { + /* Champ "p_flags" */ + + dtext = strdup(_("Segment flags: ")); + filled = false; + + if (ELF_PHDR(format, phdr, p_flags) & PF_R) + { + dtext = stradd(dtext, "R"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_W) + { + dtext = stradd(dtext, "W"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_X) + { + dtext = stradd(dtext, "X"); + filled = true; + } + + if (ELF_PHDR(format, phdr, p_flags) & PF_MASKOS) + /* TODO */; + + if (ELF_PHDR(format, phdr, p_flags) & PF_MASKPROC) + /* TODO */; + + if (!filled) + dtext = stradd(dtext, _("none")); + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); + + free(dtext); + + /* Champ "p_offset" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment file offset")); + + /* Champ "p_vaddr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment virtual address")); + + /* Champ "p_paddr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment physical address")); + + /* Champ "p_filesz" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in file")); + + /* Champ "p_memsz" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in memory")); + + /* Champ "p_align" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment alignment")); + + } + + g_object_unref(G_OBJECT(content)); + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge tous les symboles liés aux en-têtes de programme ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool annotate_elf_program_header_table(GElfFormat *format) +{ + bool result; /* Bilan à retourner */ + const elf_header *header; /* En-tête principale */ + SourceEndian endian; /* Boutisme utilisé */ + off_t offset; /* Tête de lecture du bbinaire */ + vmpa2t pos; /* Localisation des symboles */ + uint16_t e_phnum; /* Nombre d'éléments 'Program' */ + uint16_t i; /* Boucle de parcours */ + + result = true; + + header = g_elf_format_get_header(format); + endian = g_elf_format_get_endianness(format); + + offset = ELF_HDR(format, *header, e_phoff); + + init_vmpa(&pos, offset, 0x5500); + + e_phnum = ELF_HDR(format, *header, e_phnum); + + for (i = 0; i < e_phnum && result; i++) + result = annotate_elf_program_header(format, endian, &pos); + + return true; + +} diff --git a/plugins/readelf/program.h b/plugins/readelf/program.h new file mode 100644 index 0000000..b1f3a6d --- /dev/null +++ b/plugins/readelf/program.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.h - prototypes pour l'annotation des en-têtes de programme de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_READELF_PROGRAM_H +#define _PLUGINS_READELF_PROGRAM_H + + +#include + + + +/* Charge tous les symboles liés aux en-têtes de programme ELF. */ +bool annotate_elf_program_header_table(GElfFormat *); + + + +#endif /* _PLUGINS_READELF_PROGRAM_H */ diff --git a/plugins/readelf/reader.c b/plugins/readelf/reader.c new file mode 100644 index 0000000..5da60b7 --- /dev/null +++ b/plugins/readelf/reader.c @@ -0,0 +1,66 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * reader.c - interprétation des informations secondaires contenues dans un fichier ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "reader.h" + + +#include + + +#include "header.h" +#include "program.h" +#include "section.h" + + + +DEFINE_CHRYSALIDE_ACTIVE_PLUGIN("readelf", "Displays information about ELF files", "0.1.0", + PGA_FORMAT_LOADER_LAST); + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* action = type d'action attendue. * +* format = description de l'exécutable à compléter. * +* * +* Description : Etablit des symboles complémentaires dans un format ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +G_MODULE_EXPORT bool handle_binary_format(const GPluginModule *plugin, PluginAction action, GElfFormat *format) +{ + bool result; /* Bilan à retourner */ + + result = annotate_elf_header(format); + + result &= annotate_elf_program_header_table(format); + + result &= annotate_elf_section_header_table(format); + + return result; + +} diff --git a/plugins/readelf/reader.h b/plugins/readelf/reader.h new file mode 100644 index 0000000..fe997b6 --- /dev/null +++ b/plugins/readelf/reader.h @@ -0,0 +1,39 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * reader.h - prototypes pour l'interprétation des informations secondaires contenues dans un fichier ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_READELF_READER_H +#define _PLUGINS_READELF_READER_H + + +#include +#include +#include + + + +/* Etablit des symboles complémentaires dans un format ELF. */ +G_MODULE_EXPORT bool handle_binary_format(const GPluginModule *, PluginAction, GElfFormat *); + + + +#endif /* _PLUGINS_READELF_READER_H */ diff --git a/plugins/readelf/section.c b/plugins/readelf/section.c new file mode 100644 index 0000000..3884818 --- /dev/null +++ b/plugins/readelf/section.c @@ -0,0 +1,441 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.c - annotation des en-têtes de section de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "section.h" + + +#include +#include +#include +#include +#include +#include + + + +/* Charge tous les symboles liés à un en-tête de section ELF. */ +static bool annotate_elf_section_header(GElfFormat *, SourceEndian, const elf_shdr *, vmpa2t *); + + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* endian = boutisme présentement utilisé. * +* strings = section renvoyant vers des chaînes de caractères. * +* pos = tête de lecture à déplacer. [OUT] * +* * +* Description : Charge tous les symboles liés à un en-tête de section ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +static bool annotate_elf_section_header(GElfFormat *format, SourceEndian endian, const elf_shdr *strings, vmpa2t *pos) +{ + elf_shdr shdr; /* En-tête de programme ELF */ + GBinContent *content; /* Contenu binaire à lire */ + const char *secname; /* Nom d'une section analysée */ + ImmOperandDisplay disp; /* Afficahge de valeur */ + const char *text; /* Texte constant à insérer */ + vmpa2t start; /* Localisation des symboles */ + GArchInstruction *instr; /* Instruction décodée */ + GArchOperand *operand; /* Opérande à venir modifier */ + GDbComment *comment; /* Définition de commentaire */ + GBinSymbol *symbol; /* Symbole à intégrer */ + char *dtext; /* Texte dynamique à créer */ + bool filled; /* Suivi de mise en place */ + + if (!read_elf_section_header(format, get_phy_addr(pos), &shdr)) + return false; + + content = g_binary_format_get_conten_(G_BIN_FORMAT(format)); + + /* Champ "sh_name" */ + + secname = extract_name_from_elf_string_section(format, strings, + ELF_SHDR(format, shdr, sh_name)); + + if (secname == NULL) + dtext = strdup(_("Section name: ")); + else + { + dtext = strdup(_("Section name: '")); + dtext = stradd(dtext, secname); + dtext = stradd(dtext, "'"); + } + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, dtext); + + free(dtext); + + /* Champ "sh_type" */ + + disp = IOD_DEC; + + switch (ELF_SHDR(format, shdr, sh_type)) + { + case SHT_NULL: + text = _("Section type: unused"); + break; + case SHT_PROGBITS: + text = _("Section type: program data"); + break; + case SHT_SYMTAB: + text = _("Section type: symbol table"); + break; + case SHT_STRTAB: + text = _("Section type: string table"); + break; + case SHT_RELA: + text = _("Section type: relocation entries with addends"); + break; + case SHT_HASH: + text = _("Section type: symbol hash table"); + break; + case SHT_DYNAMIC: + text = _("Section type: dynamic linking information"); + break; + case SHT_NOTE: + text = _("Section type: notes"); + break; + case SHT_NOBITS: + text = _("Section type: program space with no data (bss)"); + break; + case SHT_REL: + text = _("Section type: relocation entries, no addends"); + break; + case SHT_SHLIB: + text = _("Section type: reserved"); + break; + case SHT_DYNSYM: + text = _("Section type: dynamic linker symbol table"); + break; + case SHT_INIT_ARRAY: + text = _("Section type: array of constructors"); + break; + case SHT_FINI_ARRAY: + text = _("Section type: array of destructors"); + break; + case SHT_PREINIT_ARRAY: + text = _("Section type: array of pre-constructors"); + break; + case SHT_GROUP: + text = _("Section type: section group"); + break; + case SHT_SYMTAB_SHNDX: + text = _("Section type: extended section indeces"); + break; + case SHT_LOOS ... SHT_HIOS: + disp = IOD_HEX; + switch (ELF_SHDR(format, shdr, sh_type)) + { + case SHT_GNU_ATTRIBUTES: + text = _("Section type: object attributes"); + break; + case SHT_GNU_HASH: + text = _("Section type: GNU-style hash table"); + break; + case SHT_GNU_LIBLIST: + text = _("Section type: prelink library list"); + break; + case SHT_CHECKSUM: + text = _("Section type: checksum for DSO content"); + break; + case SHT_LOSUNW ... SHT_HISUNW: + switch (ELF_SHDR(format, shdr, sh_type)) + { + case SHT_SUNW_move: + text = _("Section type: SHT_SUNW_move"); + break; + case SHT_SUNW_COMDAT: + text = _("Section type: SHT_SUNW_COMDAT"); + break; + case SHT_SUNW_syminfo: + text = _("Section type: SHT_SUNW_syminfo"); + break; + case SHT_GNU_verdef: + text = _("Section type: version definition section"); + break; + case SHT_GNU_verneed: + text = _("Section type: version needs section"); + break; + case SHT_GNU_versym: + text = _("Section type: version symbol table"); + break; + default: + text = _("Section type: Sun-specific"); + break; + } + break; + default: + text = _("Section type: OS-specific"); + break; + } + break; + case SHT_LOPROC ... SHT_HIPROC: + disp = IOD_HEX; + text = _("Section type: processor-specific"); + break; + case SHT_LOUSER ... SHT_HIUSER: + disp = IOD_HEX; + text = _("Section type: application-specific"); + break; + default: + disp = IOD_HEX; + text = _("Section type: unknown"); + break; + } + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, disp); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, text); + + /* Champ "sh_flags"... */ + + dtext = strdup(_("Section flags: ")); + filled = false; + + if (ELF_SHDR(format, shdr, sh_type) & SHF_WRITE) + { + dtext = stradd(dtext, "W"); + filled = true; + } + + if (ELF_SHDR(format, shdr, sh_type) & SHF_ALLOC) + { + dtext = stradd(dtext, "A"); + filled = true; + } + + if (ELF_SHDR(format, shdr, sh_type) & SHF_EXECINSTR) + { + dtext = stradd(dtext, "X"); + filled = true; + } + + if (ELF_SHDR(format, shdr, sh_type) & SHF_MERGE) + { + dtext = stradd(dtext, "M"); + filled = true; + } + + if (ELF_SHDR(format, shdr, sh_type) & SHF_LINK_ORDER) + { + dtext = stradd(dtext, "L"); + filled = true; + } + + if (ELF_SHDR(format, shdr, sh_type) & SHF_TLS) + { + dtext = stradd(dtext, "T"); + filled = true; + } + + if (!filled) + dtext = stradd(dtext, _("none")); + + if (format->is_32b) + { + /* Champ "sh_flags" (suite) */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, dtext); + + free(dtext); + + /* Champ "sh_addr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section virtual addr at execution")); + + /* Champ "sh_offset" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section file offset")); + + /* Champ "sh_size" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section size in bytes")); + + } + else + { + /* Champ "sh_flags" (suite) */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, dtext); + + free(dtext); + + /* Champ "sh_addr" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section virtual addr at execution")); + + /* Champ "sh_offset" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section file offset")); + + /* Champ "sh_size" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section size in bytes")); + + } + + /* Champ "sh_link" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Link to another section")); + + /* Champ "sh_info" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Additional section information")); + + if (format->is_32b) + { + /* Champ "sh_addralign" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section alignment")); + + /* Champ "sh_entsize" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_32_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Entry size if section holds table")); + + } + else + { + /* Champ "sh_addralign" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Section alignment")); + + /* Champ "sh_entsize" */ + + copy_vmpa(&start, pos); + instr = g_raw_instruction_new_array(content, MDS_64_BITS, 1, pos, endian); + + SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); + + ADD_RAW_AS_SYM(format, symbol, &start, instr, comment, _("Entry size if section holds table")); + + } + + g_object_unref(G_OBJECT(content)); + + return true; + +} + + +/****************************************************************************** +* * +* Paramètres : format = description de l'exécutable à compléter. * +* * +* Description : Charge tous les symboles liés aux en-têtes de section ELF. * +* * +* Retour : Bilan de l'opération. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool annotate_elf_section_header_table(GElfFormat *format) +{ + bool result; /* Bilan à retourner */ + const elf_header *header; /* En-tête principale */ + SourceEndian endian; /* Boutisme utilisé */ + elf_shdr strings; /* Section des descriptions */ + off_t offset; /* Tête de lecture du binaire */ + vmpa2t pos; /* Localisation des symboles */ + uint16_t e_shnum; /* Nombre d'éléments 'Program' */ + uint16_t i; /* Boucle de parcours */ + + result = true; + + header = g_elf_format_get_header(format); + endian = g_elf_format_get_endianness(format); + + if (!find_elf_section_by_index(format, ELF_HDR(format, *header, e_shstrndx), &strings)) + return false; + + offset = ELF_HDR(format, *header, e_shoff); + + init_vmpa(&pos, offset, 0x9900); + + e_shnum = ELF_HDR(format, *header, e_shnum); + + for (i = 0; i < e_shnum && result; i++) + result = annotate_elf_section_header(format, endian, &strings, &pos); + + return true; + +} diff --git a/plugins/readelf/section.h b/plugins/readelf/section.h new file mode 100644 index 0000000..ab0e50b --- /dev/null +++ b/plugins/readelf/section.h @@ -0,0 +1,37 @@ + +/* Chrysalide - Outil d'analyse de fichiers binaires + * header.h - prototypes pour l'annotation des en-têtes de section de binaires ELF + * + * Copyright (C) 2015 Cyrille Bagard + * + * This file is part of Chrysalide. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#ifndef _PLUGINS_READELF_SECTION_H +#define _PLUGINS_READELF_SECTION_H + + +#include + + + +/* Charge tous les symboles liés aux en-têtes de section ELF. */ +bool annotate_elf_section_header_table(GElfFormat *); + + + +#endif /* _PLUGINS_READELF_SECTION_H */ diff --git a/src/format/elf/elf-int.c b/src/format/elf/elf-int.c index 4fd65df..7ca958b 100644 --- a/src/format/elf/elf-int.c +++ b/src/format/elf/elf-int.c @@ -145,7 +145,7 @@ bool read_elf_header(GElfFormat *format, elf_header *header, bool *is_32b, Sourc * * ******************************************************************************/ -bool read_elf_program_header(const GElfFormat *format, off_t *pos, elf_phdr *header) +bool read_elf_program_header(const GElfFormat *format, off_t pos, elf_phdr *header) { bool result; /* Bilan à retourner */ const bin_t *content; /* Contenu binaire à lire */ @@ -156,25 +156,25 @@ bool read_elf_program_header(const GElfFormat *format, off_t *pos, elf_phdr *hea if (format->is_32b) { - result = read_u32(&header->phdr32.p_type, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_offset, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_vaddr, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_paddr, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_filesz, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_memsz, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_flags, content, pos, length, format->endian); - result &= read_u32(&header->phdr32.p_align, content, pos, length, format->endian); + result = read_u32(&header->phdr32.p_type, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_offset, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_vaddr, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_paddr, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_filesz, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_memsz, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_flags, content, &pos, length, format->endian); + result &= read_u32(&header->phdr32.p_align, content, &pos, length, format->endian); } else { - result = read_u32(&header->phdr64.p_type, content, pos, length, format->endian); - result &= read_u32(&header->phdr64.p_flags, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_offset, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_vaddr, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_paddr, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_filesz, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_memsz, content, pos, length, format->endian); - result &= read_u64(&header->phdr64.p_align, content, pos, length, format->endian); + result = read_u32(&header->phdr64.p_type, content, &pos, length, format->endian); + result &= read_u32(&header->phdr64.p_flags, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_offset, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_vaddr, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_paddr, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_filesz, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_memsz, content, &pos, length, format->endian); + result &= read_u64(&header->phdr64.p_align, content, &pos, length, format->endian); } return result; diff --git a/src/format/elf/elf-int.h b/src/format/elf/elf-int.h index 34b6cc9..fd0b74d 100644 --- a/src/format/elf/elf-int.h +++ b/src/format/elf/elf-int.h @@ -56,7 +56,7 @@ struct _GElfFormatClass bool read_elf_header(GElfFormat *, elf_header *, bool *, SourceEndian *); /* Procède à la lecture d'une en-tête de programme ELF. */ -bool read_elf_program_header(const GElfFormat *, off_t *, elf_phdr *); +bool read_elf_program_header(const GElfFormat *, off_t, elf_phdr *); /* Procède à la lecture d'une en-tête de section ELF. */ bool read_elf_section_header(const GElfFormat *, off_t, elf_shdr *); diff --git a/src/format/elf/elf.c b/src/format/elf/elf.c index f0c361e..f188734 100644 --- a/src/format/elf/elf.c +++ b/src/format/elf/elf.c @@ -39,6 +39,7 @@ #include "strings.h" #include "symbols.h" #include "../../gui/panels/log.h" +#include "../../plugins/pglist.h" @@ -222,6 +223,8 @@ GBinFormat *g_elf_format_new(GBinContent *content) } + handle_binary_format(PGA_FORMAT_LOADER_LAST, G_BIN_FORMAT(result)); + return G_BIN_FORMAT(result); @@ -308,7 +311,7 @@ static void g_elf_format_refine_portions(const GElfFormat *format, GBinPortion * offset = ELF_HDR(format, format->header, e_phoff) + ELF_HDR(format, format->header, e_phentsize) * i; - if (!read_elf_program_header(format, &offset, &phdr)) + if (!read_elf_program_header(format, offset, &phdr)) continue; p_flags = ELF_PHDR(format, phdr, p_flags); @@ -442,3 +445,41 @@ static bool g_elf_format_translate_offset_into_address(const GElfFormat *format, return result; } + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* * +* Description : Présente l'en-tête ELF du format chargé. * +* * +* Retour : Pointeur vers la description principale. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const elf_header *g_elf_format_get_header(const GElfFormat *format) +{ + return &format->header; + +} + + +/****************************************************************************** +* * +* Paramètres : format = informations chargées à consulter. * +* * +* Description : Informe quant au boutisme utilisé. * +* * +* Retour : Indicateur de boutisme. * +* * +* Remarques : - * +* * +******************************************************************************/ + +SourceEndian g_elf_format_get_endianness(const GElfFormat *format) +{ + return format->endian; + +} diff --git a/src/format/elf/elf.h b/src/format/elf/elf.h index f18670c..484cda8 100644 --- a/src/format/elf/elf.h +++ b/src/format/elf/elf.h @@ -30,6 +30,7 @@ #include +#include "elf_def.h" #include "../format.h" @@ -57,6 +58,12 @@ GType g_elf_format_get_type(void); /* Prend en charge un nouveau format ELF. */ GBinFormat *g_elf_format_new(GBinContent *); +/* Présente l'en-tête ELF du format chargé. */ +const elf_header *g_elf_format_get_header(const GElfFormat *); + +/* Informe quant au boutisme utilisé. */ +SourceEndian g_elf_format_get_endianness(const GElfFormat *); + #endif /* _FORMAT_ELF_ELF_H */ diff --git a/src/format/elf/program.c b/src/format/elf/program.c index d842b8e..95afd31 100644 --- a/src/format/elf/program.c +++ b/src/format/elf/program.c @@ -100,7 +100,7 @@ bool find_elf_program_by_index(const GElfFormat *format, uint16_t index, elf_phd offset = ELF_HDR(format, format->header, e_phoff) + ELF_HDR(format, format->header, e_phentsize) * index; - return read_elf_program_header(format, &offset, program); + return read_elf_program_header(format, offset, program); } diff --git a/src/format/elf/strings.c b/src/format/elf/strings.c index f2c5dd3..c11d53b 100644 --- a/src/format/elf/strings.c +++ b/src/format/elf/strings.c @@ -112,9 +112,9 @@ bool find_all_elf_strings(GElfFormat *format) length = G_BIN_FORMAT(format)->length; length = MIN(length, ELF_HDR(format, format->header, e_phnum) * ELF_SIZEOF_PHDR(format)); - for (iter = ELF_HDR(format, format->header, e_phoff); iter < length; ) + for (iter = ELF_HDR(format, format->header, e_phoff); iter < length; iter += ELF_SIZEOF_PHDR(format)) { - if (!read_elf_program_header(format, &iter, &phdr)) + if (!read_elf_program_header(format, iter, &phdr)) continue; if (ELF_PHDR(format, phdr, p_flags) & PF_R diff --git a/src/format/elf/symbols.c b/src/format/elf/symbols.c index a4ef2bc..03812f1 100644 --- a/src/format/elf/symbols.c +++ b/src/format/elf/symbols.c @@ -68,19 +68,6 @@ const char *get_elf_symbol_name(GElfFormat *, const elf_shdr *, const elf_shdr * -/* ------------------------ CHARGEMENT DE SYMBOLES DU FORMAT ------------------------ */ - - -/* Charge tous les symboles de l'en-tête ELF. */ -static bool annotate_elf_header(GElfFormat *); - -/* Charge tous les symboles liés aux en-têtes de programme ELF. */ -static bool annotate_elf_program_header_table(GElfFormat *); - -/* Charge tous les symboles liés aux en-têtes de section ELF. */ -static bool annotate_elf_section_header_table(GElfFormat *); - - /* -------------------------- DETAIL DES SYMBOLES INTERNES -------------------------- */ @@ -135,13 +122,6 @@ bool load_elf_symbols(GElfFormat *format) -#if 1 - annotate_elf_header(format); - - annotate_elf_program_header_table(format); - - annotate_elf_section_header_table(format); -#endif /* Symboles internes */ @@ -508,1084 +488,6 @@ const char *get_elf_symbol_name(GElfFormat *format, const elf_shdr *sym, const e - -/* ---------------------------------------------------------------------------------- */ -/* CHARGEMENT DE SYMBOLES DU FORMAT */ -/* ---------------------------------------------------------------------------------- */ - - -/****************************************************************************** -* * -* Paramètres : format = description de l'exécutable à compléter. * -* * -* Description : Charge tous les symboles de l'en-tête ELF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static bool annotate_elf_header(GElfFormat *format) -{ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - vmpa2t *pos; /* Localisation des symboles */ - bool status; /* Bilan d'une récupération */ - const char *text; /* Texte constant à insérer */ - GArchInstruction *instr; /* Instruction décodée */ - GArchOperand *operand; /* Opérande à venir modifier */ - GDbComment *comment; /* Définition de commentaire */ - GBinSymbol *symbol; /* Symbole à intégrer */ - - content = G_BIN_FORMAT(format)->content; - length = G_BIN_FORMAT(format)->length; - - pos = make_vmpa(0, 0x123); - - status = translate_offset_into_vmpa_using_elf_programs(format, 0, pos); - assert(status); - - /* ELFMAG (0) */ - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 4, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 1, IOD_CHAR); - SET_IMM_DISPLAY(instr, operand, 2, IOD_CHAR); - SET_IMM_DISPLAY(instr, operand, 3, IOD_CHAR); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("ELF magic number")); - - /* EI_CLASS (4) */ - - switch (format->header.hdr32.e_ident[EI_CLASS]) - { - case EV_NONE: - text = _("File class: invalid"); - break; - case ELFCLASS32: - text = _("File class: 32-bit objects"); - break; - case ELFCLASS64: - text = _("File class: 64-bit objects"); - break; - default: - text = _("File class: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* EI_DATA (5) */ - - switch (format->header.hdr32.e_ident[EI_DATA]) - { - case ELFDATANONE: - text = _("Data encoding: invalid"); - break; - case ELFDATA2LSB: - text = _("Data encoding: 2's complement, little endian"); - break; - case ELFDATA2MSB: - text = _("Data encoding: 2's complement, big endian"); - break; - default: - text = _("Data encoding: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* EI_VERSION (6) */ - - switch (format->header.hdr32.e_ident[EI_VERSION]) - { - case EV_NONE: - text = _("File version: invalid"); - break; - case EV_CURRENT: - text = _("File version: current"); - break; - default: - text = _("File version: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* EI_OSABI (7) */ - - switch (format->header.hdr32.e_ident[EI_OSABI]) - { - case ELFOSABI_SYSV: - text = _("OS ABI: UNIX System V"); - break; - case ELFOSABI_HPUX: - text = _("OS ABI: HP-UX"); - break; - case ELFOSABI_NETBSD: - text = _("OS ABI: NetBSD"); - break; - case ELFOSABI_GNU: - text = _("OS ABI: object uses GNU ELF extensions"); - break; - case ELFOSABI_SOLARIS: - text = _("OS ABI: Sun Solaris"); - break; - case ELFOSABI_AIX: - text = _("OS ABI: IBM AIX"); - break; - case ELFOSABI_IRIX: - text = _("OS ABI: SGI Irix"); - break; - case ELFOSABI_FREEBSD: - text = _("OS ABI: FreeBSD"); - break; - case ELFOSABI_TRU64: - text = _("OS ABI: Compaq TRU64 UNIX"); - break; - case ELFOSABI_MODESTO: - text = _("OS ABI: Novell Modesto"); - break; - case ELFOSABI_OPENBSD: - text = _("OS ABI: OpenBSD"); - break; - case ELFOSABI_ARM_AEABI: - text = _("OS ABI: ARM EABI"); - break; - case ELFOSABI_ARM: - text = _("OS ABI: ARM"); - break; - case ELFOSABI_STANDALONE: - text = _("OS ABI: standalone (embedded) application"); - break; - default: - text = _("OS ABI: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* EI_ABIVERSION (8) */ - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("ABI version")); - - /* Padding */ - - instr = g_raw_instruction_new_array_old(content, MDS_8_BITS, 7, pos, length, format->endian); - - g_raw_instruction_mark_as_padding(G_RAW_INSTRUCTION(instr), true); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Padding")); - - /* Champ "e_type" */ - - switch (format->header.hdr32.e_ident[EI_DATA]) - { - case ET_NONE: - text = _("Object file type: no file type"); - break; - case ET_REL: - text = _("Object file type: relocatable file"); - break; - case ET_EXEC: - text = _("Object file type: executable file"); - break; - case ET_DYN: - text = _("Object file type: shared object file"); - break; - case ET_CORE: - text = _("Object file type: core file"); - break; - case ET_LOOS ... ET_HIOS: - text = _("Object file type: OS-specific"); - break; - case ET_LOPROC ... ET_HIPROC: - text = _("Object file type: processor-specific"); - break; - default: - text = _("Object file type: unkown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* Champ "e_machine" */ - - switch (format->header.hdr32.e_machine) - { - case EM_NONE: text = _("Architecture: No machine"); break; - case EM_M32: text = _("Architecture: AT&T WE 32100"); break; - case EM_SPARC: text = _("Architecture: SUN SPARC"); break; - case EM_386: text = _("Architecture: Intel 80386"); break; - case EM_68K: text = _("Architecture: Motorola m68k family"); break; - case EM_88K: text = _("Architecture: Motorola m88k family"); break; - case EM_860: text = _("Architecture: Intel 80860"); break; - case EM_MIPS: text = _("Architecture: MIPS R3000 big-endian"); break; - case EM_S370: text = _("Architecture: IBM System/370"); break; - case EM_MIPS_RS3_LE:text = _("Architecture: MIPS R3000 little-endian"); break; - case EM_PARISC: text = _("Architecture: HPPA"); break; - case EM_VPP500: text = _("Architecture: Fujitsu VPP500"); break; - case EM_SPARC32PLUS:text = _("Architecture: Sun's \"v8plus\""); break; - case EM_960: text = _("Architecture: Intel 80960"); break; - case EM_PPC: text = _("Architecture: PowerPC"); break; - case EM_PPC64: text = _("Architecture: PowerPC 64-bit"); break; - case EM_S390: text = _("Architecture: IBM S390"); break; - case EM_V800: text = _("Architecture: NEC V800 series"); break; - case EM_FR20: text = _("Architecture: Fujitsu FR20"); break; - case EM_RH32: text = _("Architecture: TRW RH-32"); break; - case EM_RCE: text = _("Architecture: Motorola RCE"); break; - case EM_ARM: text = _("Architecture: ARM"); break; - case EM_FAKE_ALPHA: text = _("Architecture: Digital Alpha"); break; - case EM_SH: text = _("Architecture: Hitachi SH"); break; - case EM_SPARCV9: text = _("Architecture: SPARC v9 64-bit"); break; - case EM_TRICORE: text = _("Architecture: Siemens Tricore"); break; - case EM_ARC: text = _("Architecture: Argonaut RISC Core"); break; - case EM_H8_300: text = _("Architecture: Hitachi H8/300"); break; - case EM_H8_300H: text = _("Architecture: Hitachi H8/300H"); break; - case EM_H8S: text = _("Architecture: Hitachi H8S"); break; - case EM_H8_500: text = _("Architecture: Hitachi H8/500"); break; - case EM_IA_64: text = _("Architecture: Intel Merced"); break; - case EM_MIPS_X: text = _("Architecture: Stanford MIPS-X"); break; - case EM_COLDFIRE: text = _("Architecture: Motorola Coldfire"); break; - case EM_68HC12: text = _("Architecture: Motorola M68HC12"); break; - case EM_MMA: text = _("Architecture: Fujitsu MMA Multimedia Accelerator"); break; - case EM_PCP: text = _("Architecture: Siemens PCP"); break; - case EM_NCPU: text = _("Architecture: Sony nCPU embeeded RISC"); break; - case EM_NDR1: text = _("Architecture: Denso NDR1 microprocessor"); break; - case EM_STARCORE: text = _("Architecture: Motorola Start*Core processor"); break; - case EM_ME16: text = _("Architecture: Toyota ME16 processor"); break; - case EM_ST100: text = _("Architecture: STMicroelectronic ST100 processor"); break; - case EM_TINYJ: text = _("Architecture: Advanced Logic Corp. Tinyj emb.fam"); break; - case EM_X86_64: text = _("Architecture: AMD x86-64 architecture"); break; - case EM_PDSP: text = _("Architecture: Sony DSP Processor"); break; - case EM_FX66: text = _("Architecture: Siemens FX66 microcontroller"); break; - case EM_ST9PLUS: text = _("Architecture: STMicroelectronics ST9+ 8/16 mc"); break; - case EM_ST7: text = _("Architecture: STmicroelectronics ST7 8 bit mc"); break; - case EM_68HC16: text = _("Architecture: Motorola MC68HC16 microcontroller"); break; - case EM_68HC11: text = _("Architecture: Motorola MC68HC11 microcontroller"); break; - case EM_68HC08: text = _("Architecture: Motorola MC68HC08 microcontroller"); break; - case EM_68HC05: text = _("Architecture: Motorola MC68HC05 microcontroller"); break; - case EM_SVX: text = _("Architecture: Silicon Graphics SVx"); break; - case EM_ST19: text = _("Architecture: STMicroelectronics ST19 8 bit mc"); break; - case EM_VAX: text = _("Architecture: Digital VAX"); break; - case EM_CRIS: text = _("Architecture: Axis Communications 32-bit embedded processor"); break; - case EM_JAVELIN: text = _("Architecture: Infineon Technologies 32-bit embedded processor"); break; - case EM_FIREPATH: text = _("Architecture: Element 14 64-bit DSP Processor"); break; - case EM_ZSP: text = _("Architecture: LSI Logic 16-bit DSP Processor"); break; - case EM_MMIX: text = _("Architecture: Donald Knuth's educational 64-bit processor"); break; - case EM_HUANY: text = _("Architecture: Harvard University machine-independent object files"); break; - case EM_PRISM: text = _("Architecture: SiTera Prism"); break; - case EM_AVR: text = _("Architecture: Atmel AVR 8-bit microcontroller"); break; - case EM_FR30: text = _("Architecture: Fujitsu FR30"); break; - case EM_D10V: text = _("Architecture: Mitsubishi D10V"); break; - case EM_D30V: text = _("Architecture: Mitsubishi D30V"); break; - case EM_V850: text = _("Architecture: NEC v850"); break; - case EM_M32R: text = _("Architecture: Mitsubishi M32R"); break; - case EM_MN10300: text = _("Architecture: Matsushita MN10300"); break; - case EM_MN10200: text = _("Architecture: Matsushita MN10200"); break; - case EM_PJ: text = _("Architecture: picoJava"); break; - case EM_OPENRISC: text = _("Architecture: OpenRISC 32-bit embedded processor"); break; - case EM_ARC_A5: text = _("Architecture: ARC Cores Tangent-A5"); break; - case EM_XTENSA: text = _("Architecture: Tensilica Xtensa Architecture"); break; - case EM_AARCH64: text = _("Architecture: ARM AARCH64"); break; - case EM_TILEPRO: text = _("Architecture: Tilera TILEPro"); break; - case EM_MICROBLAZE: text = _("Architecture: Xilinx MicroBlaze"); break; - case EM_TILEGX: text = _("Architecture: Tilera TILE-Gx"); break; - default: text = _("Architecture: unknown"); break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* Champ "e_version" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Object file version")); - - if (format->header.hdr32.e_ident[EI_CLASS] == ELFCLASS32) - { - /* Champ "e_entry" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Entry point virtual address")); - - /* Champ "e_phoff" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Program header table file offset")); - - /* Champ "e_shoff" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section header table file offset")); - - } - - else if (format->header.hdr32.e_ident[EI_CLASS] == ELFCLASS64) - { - /* Champ "e_entry" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Entry point virtual address")); - - /* Champ "e_phoff" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Program header table file offset")); - - /* Champ "e_shoff" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section header table file offset")); - - } - - else return false; - - /* Champ "e_flags" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - //SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Processor-specific flags")); - - /* Champ "e_ehsize" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("ELF header size in bytes")); - - /* Champ "e_phentsize" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Program header table entry size")); - - /* Champ "e_phnum" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Program header table entry count")); - - /* Champ "e_shentsize" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section header table entry size")); - - /* Champ "e_shnum" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section header table entry count")); - - /* Champ "e_shstrndx" */ - - instr = g_raw_instruction_new_array_old(content, MDS_16_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section header string table index")); - - return true; - -} - - -/****************************************************************************** -* * -* Paramètres : format = description de l'exécutable à compléter. * -* * -* Description : Charge tous les symboles liés aux en-têtes de programme ELF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static bool annotate_elf_program_header_table(GElfFormat *format) -{ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - off_t offset; /* Tête de lecture du bbinaire */ - vmpa2t *pos; /* Localisation des symboles */ - bool status; /* Bilan d'une récupération */ - uint16_t e_phnum; /* Nombre d'éléments 'Program' */ - uint16_t i; /* Boucle de parcours */ - elf_phdr phdr; /* En-tête de programme ELF */ - ImmOperandDisplay disp; /* Afficahge de valeur */ - const char *text; /* Texte constant à insérer */ - GArchInstruction *instr; /* Instruction décodée */ - GArchOperand *operand; /* Opérande à venir modifier */ - GDbComment *comment; /* Définition de commentaire */ - GBinSymbol *symbol; /* Symbole à intégrer */ - char *dtext; /* Texte dynamique à créer */ - bool filled; /* Suivi de mise en place */ - - content = G_BIN_FORMAT(format)->content; - length = G_BIN_FORMAT(format)->length; - - offset = ELF_HDR(format, format->header, e_phoff); - - pos = make_vmpa(offset, 0x5500); - - status = translate_offset_into_vmpa_using_elf_programs(format, offset, pos); - assert(status); - - e_phnum = ELF_HDR(format, format->header, e_phnum); - - for (i = 0; i < e_phnum; i++) - { - if (!read_elf_program_header(format, &offset, &phdr)) - break; - - /* Champ "p_type" */ - - disp = IOD_DEC; - - switch (ELF_PHDR(format, phdr, p_type)) - { - case PT_NULL: - text = _("Segment type: unused"); - break; - case PT_LOAD: - text = _("Segment type: loadable program segment"); - break; - case PT_DYNAMIC: - text = _("Segment type: dynamic linking information"); - break; - case PT_INTERP: - text = _("Segment type: program interpreter"); - break; - case PT_NOTE: - text = _("Segment type: auxiliary information"); - break; - case PT_SHLIB: - text = _("Segment type: reserved"); - break; - case PT_PHDR: - text = _("Segment type: entry for header table itself"); - break; - case PT_TLS: - text = _("Segment type: thread-local storage segment"); - break; - case PT_LOOS ... PT_HIOS: - disp = IOD_HEX; - switch (ELF_PHDR(format, phdr, p_type)) - { - case PT_GNU_EH_FRAME: - text = _("Segment type: GCC .eh_frame_hdr segment"); - break; - case PT_GNU_STACK: - text = _("Segment type: indicates stack executability"); - break; - case PT_GNU_RELRO: - text = _("Segment type: read-only after relocation"); - break; - case PT_LOSUNW ... PT_HISUNW: - switch (ELF_PHDR(format, phdr, p_type)) - { - case PT_SUNWSTACK: - text = _("Segment type: Sun Stack segment"); - break; - default: - text = _("Segment type: Sun specific segment"); - break; - } - break; - default: - text = _("Segment type: OS-specific"); - break; - } - break; - case PT_LOPROC ... PT_HIPROC: - disp = IOD_HEX; - text = _("Segment type: processor-specific"); - break; - default: - disp = IOD_HEX; - text = _("Segment type: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, disp); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - if (format->is_32b) - { - /* Champ "p_offset" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment file offset")); - - /* Champ "p_vaddr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment virtual address")); - - /* Champ "p_paddr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment physical address")); - - /* Champ "p_filesz" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in file")); - - /* Champ "p_memsz" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in memory")); - - /* Champ "p_flags" */ - - dtext = strdup(_("Segment flags: ")); - filled = false; - - if (ELF_PHDR(format, phdr, p_flags) & PF_R) - { - dtext = stradd(dtext, "R"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_W) - { - dtext = stradd(dtext, "W"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_X) - { - dtext = stradd(dtext, "X"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_MASKOS) - /* TODO */; - - if (ELF_PHDR(format, phdr, p_flags) & PF_MASKPROC) - /* TODO */; - - if (!filled) - dtext = stradd(dtext, _("none")); - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); - - free(dtext); - - /* Champ "p_align" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment alignment")); - - } - else - { - /* Champ "p_flags" */ - - dtext = strdup(_("Segment flags: ")); - filled = false; - - if (ELF_PHDR(format, phdr, p_flags) & PF_R) - { - dtext = stradd(dtext, "R"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_W) - { - dtext = stradd(dtext, "W"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_X) - { - dtext = stradd(dtext, "X"); - filled = true; - } - - if (ELF_PHDR(format, phdr, p_flags) & PF_MASKOS) - /* TODO */; - - if (ELF_PHDR(format, phdr, p_flags) & PF_MASKPROC) - /* TODO */; - - if (!filled) - dtext = stradd(dtext, _("none")); - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); - - free(dtext); - - /* Champ "p_offset" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment file offset")); - - /* Champ "p_vaddr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment virtual address")); - - /* Champ "p_paddr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment physical address")); - - /* Champ "p_filesz" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in file")); - - /* Champ "p_memsz" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment size in memory")); - - /* Champ "p_align" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Segment alignment")); - - } - - } - - return true; - -} - - -/****************************************************************************** -* * -* Paramètres : format = description de l'exécutable à compléter. * -* * -* Description : Charge tous les symboles liés aux en-têtes de section ELF. * -* * -* Retour : Bilan de l'opération. * -* * -* Remarques : - * -* * -******************************************************************************/ - -static bool annotate_elf_section_header_table(GElfFormat *format) -{ - const bin_t *content; /* Contenu binaire à lire */ - off_t length; /* Taille totale du contenu */ - off_t offset; /* Tête de lecture du bbinaire */ - elf_shdr strings; /* Section des descriptions */ - vmpa2t *pos; /* Localisation des symboles */ - bool status; /* Bilan d'une récupération */ - uint16_t e_shnum; /* Nombre d'éléments 'Program' */ - uint16_t i; /* Boucle de parcours */ - elf_shdr shdr; /* En-tête de programme ELF */ - const char *secname; /* Nom d'une section analysée */ - ImmOperandDisplay disp; /* Afficahge de valeur */ - const char *text; /* Texte constant à insérer */ - GArchInstruction *instr; /* Instruction décodée */ - GArchOperand *operand; /* Opérande à venir modifier */ - GDbComment *comment; /* Définition de commentaire */ - GBinSymbol *symbol; /* Symbole à intégrer */ - char *dtext; /* Texte dynamique à créer */ - bool filled; /* Suivi de mise en place */ - - content = G_BIN_FORMAT(format)->content; - length = G_BIN_FORMAT(format)->length; - - if (!find_elf_section_by_index(format, ELF_HDR(format, format->header, e_shstrndx), &strings)) - return false; - - offset = ELF_HDR(format, format->header, e_shoff); - - pos = make_vmpa(offset, 0x99900); - - //status = translate_offset_into_vmpa_using_elf_programs(format, offset, pos); - //assert(status); - - e_shnum = ELF_HDR(format, format->header, e_shnum); - - for (i = 0; i < e_shnum; i++) - { - if (!read_elf_section_header(format, get_phy_addr(pos), &shdr)) - break; - - /* Champ "sh_name" */ - - secname = extract_name_from_elf_string_section(format, &strings, - ELF_SHDR(format, shdr, sh_name)); - - if (secname == NULL) - dtext = strdup(_("Section name: ")); - else - { - dtext = strdup(_("Section name: '")); - dtext = stradd(dtext, secname); - dtext = stradd(dtext, "'"); - } - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); - - free(dtext); - - /* Champ "sh_type" */ - - disp = IOD_DEC; - - switch (ELF_SHDR(format, shdr, sh_type)) - { - case SHT_NULL: - text = _("Section type: unused"); - break; - case SHT_PROGBITS: - text = _("Section type: program data"); - break; - case SHT_SYMTAB: - text = _("Section type: symbol table"); - break; - case SHT_STRTAB: - text = _("Section type: string table"); - break; - case SHT_RELA: - text = _("Section type: relocation entries with addends"); - break; - case SHT_HASH: - text = _("Section type: symbol hash table"); - break; - case SHT_DYNAMIC: - text = _("Section type: dynamic linking information"); - break; - case SHT_NOTE: - text = _("Section type: notes"); - break; - case SHT_NOBITS: - text = _("Section type: program space with no data (bss)"); - break; - case SHT_REL: - text = _("Section type: relocation entries, no addends"); - break; - case SHT_SHLIB: - text = _("Section type: reserved"); - break; - case SHT_DYNSYM: - text = _("Section type: dynamic linker symbol table"); - break; - case SHT_INIT_ARRAY: - text = _("Section type: array of constructors"); - break; - case SHT_FINI_ARRAY: - text = _("Section type: array of destructors"); - break; - case SHT_PREINIT_ARRAY: - text = _("Section type: array of pre-constructors"); - break; - case SHT_GROUP: - text = _("Section type: section group"); - break; - case SHT_SYMTAB_SHNDX: - text = _("Section type: extended section indeces"); - break; - case SHT_LOOS ... SHT_HIOS: - disp = IOD_HEX; - switch (ELF_SHDR(format, shdr, sh_type)) - { - case SHT_GNU_ATTRIBUTES: - text = _("Section type: object attributes"); - break; - case SHT_GNU_HASH: - text = _("Section type: GNU-style hash table"); - break; - case SHT_GNU_LIBLIST: - text = _("Section type: prelink library list"); - break; - case SHT_CHECKSUM: - text = _("Section type: checksum for DSO content"); - break; - case SHT_LOSUNW ... SHT_HISUNW: - switch (ELF_SHDR(format, shdr, sh_type)) - { - case SHT_SUNW_move: - text = _("Section type: SHT_SUNW_move"); - break; - case SHT_SUNW_COMDAT: - text = _("Section type: SHT_SUNW_COMDAT"); - break; - case SHT_SUNW_syminfo: - text = _("Section type: SHT_SUNW_syminfo"); - break; - case SHT_GNU_verdef: - text = _("Section type: version definition section"); - break; - case SHT_GNU_verneed: - text = _("Section type: version needs section"); - break; - case SHT_GNU_versym: - text = _("Section type: version symbol table"); - break; - default: - text = _("Section type: Sun-specific"); - break; - } - break; - default: - text = _("Section type: OS-specific"); - break; - } - break; - case SHT_LOPROC ... SHT_HIPROC: - disp = IOD_HEX; - text = _("Section type: processor-specific"); - break; - case SHT_LOUSER ... SHT_HIUSER: - disp = IOD_HEX; - text = _("Section type: application-specific"); - break; - default: - disp = IOD_HEX; - text = _("Section type: unknown"); - break; - } - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, disp); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, text); - - /* Champ "sh_flags"... */ - - dtext = strdup(_("Section flags: ")); - filled = false; - - if (ELF_SHDR(format, shdr, sh_type) & SHF_WRITE) - { - dtext = stradd(dtext, "W"); - filled = true; - } - - if (ELF_SHDR(format, shdr, sh_type) & SHF_ALLOC) - { - dtext = stradd(dtext, "A"); - filled = true; - } - - if (ELF_SHDR(format, shdr, sh_type) & SHF_EXECINSTR) - { - dtext = stradd(dtext, "X"); - filled = true; - } - - if (ELF_SHDR(format, shdr, sh_type) & SHF_MERGE) - { - dtext = stradd(dtext, "M"); - filled = true; - } - - if (ELF_SHDR(format, shdr, sh_type) & SHF_LINK_ORDER) - { - dtext = stradd(dtext, "L"); - filled = true; - } - - if (ELF_SHDR(format, shdr, sh_type) & SHF_TLS) - { - dtext = stradd(dtext, "T"); - filled = true; - } - - if (!filled) - dtext = stradd(dtext, _("none")); - - if (format->is_32b) - { - /* Champ "sh_flags" (suite) */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); - - free(dtext); - - /* Champ "sh_addr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section virtual addr at execution")); - - /* Champ "sh_offset" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section file offset")); - - /* Champ "sh_size" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section size in bytes")); - - } - else - { - /* Champ "sh_flags" (suite) */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, dtext); - - free(dtext); - - /* Champ "sh_addr" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section virtual addr at execution")); - - /* Champ "sh_offset" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section file offset")); - - /* Champ "sh_size" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section size in bytes")); - - } - - /* Champ "sh_link" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Link to another section")); - - /* Champ "sh_info" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Additional section information")); - - if (format->is_32b) - { - /* Champ "sh_addralign" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section alignment")); - - /* Champ "sh_entsize" */ - - instr = g_raw_instruction_new_array_old(content, MDS_32_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Entry size if section holds table")); - - } - else - { - /* Champ "sh_addralign" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Section alignment")); - - /* Champ "sh_entsize" */ - - instr = g_raw_instruction_new_array_old(content, MDS_64_BITS, 1, pos, length, format->endian); - - SET_IMM_DISPLAY(instr, operand, 0, IOD_DEC); - - ADD_RAW_AS_SYM(format, symbol, pos, instr, comment, _("Entry size if section holds table")); - - } - - } - - return true; - -} - - - /* ---------------------------------------------------------------------------------- */ /* DETAIL DES SYMBOLES INTERNES */ /* ---------------------------------------------------------------------------------- */ diff --git a/src/format/format.c b/src/format/format.c index 2093469..5478d3c 100644 --- a/src/format/format.c +++ b/src/format/format.c @@ -141,6 +141,8 @@ const bin_t *g_binary_format_get_content(const GBinFormat *format, off_t *length GBinContent *g_binary_format_get_conten_(const GBinFormat *format) { + g_object_ref(G_OBJECT(format->conten_)); + return format->conten_; diff --git a/src/plugins/pglist.h b/src/plugins/pglist.h index d0176aa..071dc6c 100644 --- a/src/plugins/pglist.h +++ b/src/plugins/pglist.h @@ -65,6 +65,10 @@ const GPluginModule **get_all_plugins_for_action(PluginAction, size_t *); #define find_matching_format() +#define handle_binary_format(a, f) \ + process_all_plugins_for(a, g_plugin_module_handle_binary_format, f) + + /* DPS_DISASSEMBLY */ diff --git a/src/plugins/plugin-def.h b/src/plugins/plugin-def.h index edab3a5..d7a37e4 100644 --- a/src/plugins/plugin-def.h +++ b/src/plugins/plugin-def.h @@ -116,9 +116,12 @@ typedef enum _PluginAction * DPC_BINARY_PROCESSING | DPS_FORMAT */ - /* Détection et chargement */ + /* Détection et chargement */ PGA_FORMAT_MATCHER = DPC_BINARY_PROCESSING | DPS_FORMAT | DEFINE_PLUGIN_ACTION(0), + /* Accompagnement du chargement (fin) */ + PGA_FORMAT_LOADER_LAST = DPC_BINARY_PROCESSING | DPS_FORMAT | DEFINE_PLUGIN_ACTION(1), + /** * DPC_BINARY_PROCESSING | DPS_DISASSEMBLY */ diff --git a/src/plugins/plugin-int.h b/src/plugins/plugin-int.h index 1bf459c..41cc535 100644 --- a/src/plugins/plugin-int.h +++ b/src/plugins/plugin-int.h @@ -42,6 +42,9 @@ typedef bool (* pg_management_fc) (GPluginModule *); /* Indique si le format peut être pris en charge ici. */ typedef bool (* pg_format_is_matching) (const GPluginModule *, GBinContent **); +/* Procède à une opération liée au format de fichier uniquement. */ +typedef bool (* pg_handle_format) (const GPluginModule *, PluginAction, GBinFormat *); + /* Exécute une action pendant un désassemblage de binaire. */ typedef void (* pg_process_disassembly) (const GPluginModule *, PluginAction, GLoadedBinary *); @@ -101,6 +104,7 @@ struct _GPluginModule pg_format_is_matching is_matching; /* Recherche de correspondance */ + pg_handle_format handle_format; /* Manipulation du format */ pg_process_disassembly proc_disass; /* Catégorie 'désassemblage' */ diff --git a/src/plugins/plugin.c b/src/plugins/plugin.c index fca22c1..89a8040 100644 --- a/src/plugins/plugin.c +++ b/src/plugins/plugin.c @@ -252,8 +252,26 @@ GPluginModule *g_plugin_module_new(const gchar *filename) switch (sub) { + case DPS_FORMAT: + switch (result->interface->actions[i]) + { + case PGA_FORMAT_LOADER_LAST: + if (!load_plugin_symbol(result->module, + "handle_binary_format", &result->handle_format)) + goto bad_plugin; + break; + + default: + log_variadic_message(LMT_WARNING, + _("Unknown action '0x%02x' in plugin '%s'..."), + result->interface->actions[i], filename); + break; + + } + + break; case DPS_DISASSEMBLY: if (!load_plugin_symbol(result->module, @@ -423,6 +441,27 @@ void g_plugin_module_log_variadic_message(const GPluginModule *plugin, LogMessag * * * Paramètres : plugin = greffon à manipuler. * * action = type d'action attendue. * +* format = format de binaire à manipuler pendant l'opération. * +* * +* Description : Procède à une opération liée au format de fichier uniquement.* +* * +* Retour : Bilan de l'exécution du traitement. * +* * +* Remarques : - * +* * +******************************************************************************/ + +bool g_plugin_module_handle_binary_format(const GPluginModule *plugin, PluginAction action, GBinFormat *format) +{ + return plugin->handle_format(plugin, action, format); + +} + + +/****************************************************************************** +* * +* Paramètres : plugin = greffon à manipuler. * +* action = type d'action attendue. * * binary = binaire dont le contenu est en cours de traitement. * * * * Description : Exécute une action pendant un désassemblage de binaire. * @@ -435,9 +474,6 @@ void g_plugin_module_log_variadic_message(const GPluginModule *plugin, LogMessag void g_plugin_module_process_disassembly_event(const GPluginModule *plugin, PluginAction action, GLoadedBinary *binary) { - printf("plugin = %p\n", plugin); - printf("plugin->proc_disass = %p\n", plugin->proc_disass); - plugin->proc_disass(plugin, action, binary); } diff --git a/src/plugins/plugin.h b/src/plugins/plugin.h index 835b1c7..d571659 100644 --- a/src/plugins/plugin.h +++ b/src/plugins/plugin.h @@ -61,6 +61,9 @@ const plugin_interface *g_plugin_module_get_interface(const GPluginModule *); +/* Procède à une opération liée au format de fichier uniquement. */ +bool g_plugin_module_handle_binary_format(const GPluginModule *, PluginAction, GBinFormat *); + /* Exécute une action pendant un désassemblage de binaire. */ void g_plugin_module_process_disassembly_event(const GPluginModule *, PluginAction, GLoadedBinary *); -- cgit v0.11.2-87-g4458