From 4b2eec0832a6a9ed5b1d1344f7d32faa27069932 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Sun, 25 Dec 2011 23:50:05 +0000 Subject: Supported a few more shl-related opcodes. git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@218 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a --- ChangeLog | 16 +++++ src/arch/dalvik/Makefile.am | 1 + src/arch/dalvik/instruction-def.h | 3 + src/arch/dalvik/instruction.c | 5 +- src/arch/dalvik/op_shl.c | 137 ++++++++++++++++++++++++++++++++++++++ src/arch/dalvik/opcodes.h | 9 +++ src/arch/dalvik/processor.c | 5 +- 7 files changed, 174 insertions(+), 2 deletions(-) create mode 100644 src/arch/dalvik/op_shl.c diff --git a/ChangeLog b/ChangeLog index c99c979..e7c95a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,21 @@ 11-12-26 Cyrille Bagard + * src/arch/dalvik/opcodes.h: + * src/arch/dalvik/processor.c: + * src/arch/dalvik/instruction.c: + Update code. + + * src/arch/dalvik/op_shl.c: + New entry: support a few more shl-related opcodes. + + * src/arch/dalvik/instruction-def.h: + Update code. + + * src/arch/dalvik/Makefile.am: + Add the op_shl.c to libarchdalvik_la_SOURCES. + +11-12-26 Cyrille Bagard + * configure.ac: Add the new Makefiles from the 'plugins/python' and 'plugins/python/apkfiles' directories to AC_CONFIG_FILES. diff --git a/src/arch/dalvik/Makefile.am b/src/arch/dalvik/Makefile.am index 18fb08d..15a403f 100644 --- a/src/arch/dalvik/Makefile.am +++ b/src/arch/dalvik/Makefile.am @@ -37,6 +37,7 @@ libarchdalvik_la_SOURCES = \ op_ret.c \ op_rsub.c \ op_sget.c \ + op_shl.c \ op_sput.c \ op_sub.c \ op_to.c \ diff --git a/src/arch/dalvik/instruction-def.h b/src/arch/dalvik/instruction-def.h index 48d7e96..f389600 100644 --- a/src/arch/dalvik/instruction-def.h +++ b/src/arch/dalvik/instruction-def.h @@ -160,6 +160,7 @@ typedef enum _DalvikOpcodes DOP_AND_INT, /* and-int (0x95) */ DOP_OR_INT, /* or-int (0x96) */ DOP_XOR_INT, /* xor-int (0x97) */ + DOP_SHL_INT, /* shl-int (0x98) */ DOP_ADD_INT_2ADDR, /* add-int/2addr (0xb0) */ @@ -169,6 +170,7 @@ typedef enum _DalvikOpcodes DOP_AND_INT_2ADDR, /* and-int/2addr (0xb5) */ DOP_OR_INT_2ADDR, /* or-int/2addr (0xb6) */ DOP_XOR_INT_2ADDR, /* xor-int/2addr (0xb7) */ + DOP_SHL_INT_2ADDR, /* shl-int/2addr (0xb8) */ DOP_MUL_DOUBLE_2ADDR, /* mul-double/2addr (0xcd) */ @@ -188,6 +190,7 @@ typedef enum _DalvikOpcodes DOP_AND_INT_LIT8, /* and-int/lit8 (0xdd) */ DOP_OR_INT_LIT8, /* or-int/lit8 (0xde) */ DOP_XOR_INT_LIT8, /* xor-int/lit8 (0xdf) */ + DOP_SHL_INT_LIT8, /* shl-int/lit8 (0xe0) */ DOP_COUNT diff --git a/src/arch/dalvik/instruction.c b/src/arch/dalvik/instruction.c index 0d68a83..0fc33f0 100644 --- a/src/arch/dalvik/instruction.c +++ b/src/arch/dalvik/instruction.c @@ -184,6 +184,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_AND_INT] = { 0x95, "and-int", dalvik_decomp_instr_arithm }, [DOP_OR_INT] = { 0x96, "or-int", dalvik_decomp_instr_arithm }, [DOP_XOR_INT] = { 0x97, "xor-int", dalvik_decomp_instr_arithm }, + [DOP_SHL_INT] = { 0x98, "shl-int" }, [DOP_ADD_INT_2ADDR] = { 0xb0, "add-int/2addr", dalvik_decomp_instr_arithm_2addr }, @@ -195,6 +196,7 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_AND_INT_2ADDR] = { 0xb5, "and-int/2addr", dalvik_decomp_instr_arithm_2addr }, [DOP_OR_INT_2ADDR] = { 0xb6, "or-int/2addr", dalvik_decomp_instr_arithm_2addr }, [DOP_XOR_INT_2ADDR] = { 0xb7, "xor-int/2addr", dalvik_decomp_instr_arithm_2addr }, + [DOP_SHL_INT_2ADDR] = { 0xb8, "shl-int/2addr" }, [DOP_MUL_DOUBLE_2ADDR] = { 0xcd, "mul-double/2addr", dalvik_decomp_instr_arithm_2addr }, @@ -213,7 +215,8 @@ static dalvik_instruction _instructions[DOP_COUNT] = { [DOP_REM_INT_LIT8] = { 0xdc, "rem-int/lit8", dalvik_decomp_instr_arithm_lit }, [DOP_AND_INT_LIT8] = { 0xdd, "and-int/lit8", dalvik_decomp_instr_arithm_lit }, [DOP_OR_INT_LIT8] = { 0xde, "or-int/lit8", dalvik_decomp_instr_arithm_lit }, - [DOP_XOR_INT_LIT8] = { 0xdf, "xor-int/lit8", dalvik_decomp_instr_arithm_lit } + [DOP_XOR_INT_LIT8] = { 0xdf, "xor-int/lit8", dalvik_decomp_instr_arithm_lit }, + [DOP_SHL_INT_LIT8] = { 0xe0, "shl-int/lit8" } }; diff --git a/src/arch/dalvik/op_shl.c b/src/arch/dalvik/op_shl.c new file mode 100644 index 0000000..879f405 --- /dev/null +++ b/src/arch/dalvik/op_shl.c @@ -0,0 +1,137 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * op_shl.c - décodage des opérations de OU exclusifs et logiques + * + * Copyright (C) 2010 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include "opcodes.h" + + +#include "instruction.h" +#include "operand.h" + + + +/****************************************************************************** +* * +* Paramètres : data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* len = taille totale des données à analyser. * +* addr = adresse virtuelle de l'instruction. * +* proc = architecture ciblée par le désassemblage. * +* * +* Description : Décode une instruction de type 'shl-int'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *dalvik_read_instr_shl_int(const bin_t *data, off_t *pos, off_t len, vmpa_t addr, const GDalvikProcessor *proc) +{ + GArchInstruction *result; /* Instruction à retourner */ + SourceEndian endian; /* Boutisme lié au binaire */ + + result = g_dalvik_instruction_new(DOP_SHL_INT); + + endian = g_arch_processor_get_endianness(G_ARCH_PROCESSOR(proc)); + + if (!dalvik_read_operands(result, data, pos, len, endian, DALVIK_OPT_23X)) + { + g_object_unref(G_OBJECT(result)); + return NULL; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* len = taille totale des données à analyser. * +* addr = adresse virtuelle de l'instruction. * +* proc = architecture ciblée par le désassemblage. * +* * +* Description : Décode une instruction de type 'shl-int/2addr'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *dalvik_read_instr_shl_int_2addr(const bin_t *data, off_t *pos, off_t len, vmpa_t addr, const GDalvikProcessor *proc) +{ + GArchInstruction *result; /* Instruction à retourner */ + SourceEndian endian; /* Boutisme lié au binaire */ + + result = g_dalvik_instruction_new(DOP_SHL_INT_2ADDR); + + endian = g_arch_processor_get_endianness(G_ARCH_PROCESSOR(proc)); + + if (!dalvik_read_operands(result, data, pos, len, endian, DALVIK_OPT_12X)) + { + g_object_unref(G_OBJECT(result)); + return NULL; + } + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* len = taille totale des données à analyser. * +* addr = adresse virtuelle de l'instruction. * +* proc = architecture ciblée par le désassemblage. * +* * +* Description : Décode une instruction de type 'shl-int/lit8'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +GArchInstruction *dalvik_read_instr_shl_int_lit8(const bin_t *data, off_t *pos, off_t len, vmpa_t addr, const GDalvikProcessor *proc) +{ + GArchInstruction *result; /* Instruction à retourner */ + SourceEndian endian; /* Boutisme lié au binaire */ + + result = g_dalvik_instruction_new(DOP_SHL_INT_LIT8); + + endian = g_arch_processor_get_endianness(G_ARCH_PROCESSOR(proc)); + + if (!dalvik_read_operands(result, data, pos, len, endian, DALVIK_OPT_22B)) + { + g_object_unref(G_OBJECT(result)); + return NULL; + } + + return result; + +} diff --git a/src/arch/dalvik/opcodes.h b/src/arch/dalvik/opcodes.h index d8d3616..0658306 100644 --- a/src/arch/dalvik/opcodes.h +++ b/src/arch/dalvik/opcodes.h @@ -429,6 +429,15 @@ GArchInstruction *dalvik_read_instr_sget_short(const bin_t *, off_t *, off_t, vm /* Décode une instruction de type 'sget-wide'. */ GArchInstruction *dalvik_read_instr_sget_wide(const bin_t *, off_t *, off_t, vmpa_t, const GDalvikProcessor *); +/* Décode une instruction de type 'shl-int'. */ +GArchInstruction *dalvik_read_instr_shl_int(const bin_t *, off_t *, off_t, vmpa_t, const GDalvikProcessor *); + +/* Décode une instruction de type 'shl-int/2addr'. */ +GArchInstruction *dalvik_read_instr_shl_int_2addr(const bin_t *, off_t *, off_t, vmpa_t, const GDalvikProcessor *); + +/* Décode une instruction de type 'shl-int/lit8'. */ +GArchInstruction *dalvik_read_instr_shl_int_lit8(const bin_t *, off_t *, off_t, vmpa_t, const GDalvikProcessor *); + /* Décode une instruction de type 'sput'. */ GArchInstruction *dalvik_read_instr_sput(const bin_t *, off_t *, off_t, vmpa_t, const GDalvikProcessor *); diff --git a/src/arch/dalvik/processor.c b/src/arch/dalvik/processor.c index 7925c55..3748e7e 100644 --- a/src/arch/dalvik/processor.c +++ b/src/arch/dalvik/processor.c @@ -364,6 +364,7 @@ static GArchInstruction *g_dalvik_processor_decode_instruction(const GDalvikProc [DOP_AND_INT] = dalvik_read_instr_and_int, [DOP_OR_INT] = dalvik_read_instr_or_int, [DOP_XOR_INT] = dalvik_read_instr_xor_int, + [DOP_SHL_INT] = dalvik_read_instr_shl_int, [DOP_ADD_INT_2ADDR] = dalvik_read_instr_add_int_2addr, @@ -374,6 +375,7 @@ static GArchInstruction *g_dalvik_processor_decode_instruction(const GDalvikProc [DOP_AND_INT_2ADDR] = dalvik_read_instr_and_int_2addr, [DOP_OR_INT_2ADDR] = dalvik_read_instr_or_int_2addr, [DOP_XOR_INT_2ADDR] = dalvik_read_instr_xor_int_2addr, + [DOP_SHL_INT_2ADDR] = dalvik_read_instr_shl_int_2addr, [DOP_MUL_DOUBLE_2ADDR] = dalvik_read_instr_mul_double_2addr, @@ -392,7 +394,8 @@ static GArchInstruction *g_dalvik_processor_decode_instruction(const GDalvikProc [DOP_REM_INT_LIT8] = dalvik_read_instr_rem_int_lit8, [DOP_AND_INT_LIT8] = dalvik_read_instr_and_int_lit8, [DOP_OR_INT_LIT8] = dalvik_read_instr_or_int_lit8, - [DOP_XOR_INT_LIT8] = dalvik_read_instr_xor_int_lit8 + [DOP_XOR_INT_LIT8] = dalvik_read_instr_xor_int_lit8, + [DOP_SHL_INT_LIT8] = dalvik_read_instr_shl_int_lit8 }; -- cgit v0.11.2-87-g4458