/* Chrysalide - Outil d'analyse de fichiers binaires * executable.c - équivalent Python du fichier "format/executable.c" * * Copyright (C) 2018-2024 Cyrille Bagard * * This file is part of Chrysalide. * * Chrysalide is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * Chrysalide is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "executable.h" #include #include #include #include #include "program.h" #include "../access.h" #include "../helpers.h" #include "../analysis/content.h" //#include "../arch/processor.h" #include "../arch/vmpa.h" #include "../glibext/portion.h" /* ------------------------ GLUE POUR CREATION DEPUIS PYTHON ------------------------ */ /* Initialise la classe des formats exécutables. */ static int py_executable_format_init_gclass(GExecutableFormatClass *, PyTypeObject *); CREATE_DYN_ABSTRACT_CONSTRUCTOR(executable_format, G_TYPE_EXECUTABLE_FORMAT); /* Initialise une instance sur la base du dérivé de GObject. */ static int py_executable_format_init(PyObject *, PyObject *, PyObject *); /* Indique le type d'architecture visée par le format. */ static char *py_executable_format_get_target_machine_wrapper(const GExecutableFormat *); /* Fournit l'adresse principale associée à un format. */ static bool py_executable_format_get_main_address_wrapper(GExecutableFormat *, vmpa2t *); /* Etend la définition des portions au sein d'un binaire. */ static bool py_executable_format_refine_portions_wrapper(GExecutableFormat *); /* ------------------------ DECLARATION DE FORMAT EXECUTABLE ------------------------ */ /* Procède à l'enregistrement d'une portion dans un format. */ static PyObject *py_executable_format_include_portion(PyObject *, PyObject *); /* Fournit l'emplacement correspondant à une position physique. */ static PyObject *py_executable_format_translate_offset_into_vmpa(PyObject *, PyObject *); /* Fournit l'emplacement correspondant à une adresse virtuelle. */ static PyObject *py_executable_format_translate_address_into_vmpa(PyObject *, PyObject *); /* Indique le type d'architecture visée par le format. */ static PyObject *py_executable_format_get_target_machine(PyObject *, void *); /* Fournit l'adresse principale associée à un format. */ static PyObject *py_executable_format_get_main_address(PyObject *, void *); /* Indique le type d'architecture visée par le format. */ static PyObject *py_executable_format_get_portions(PyObject *, void *); /* ---------------------------------------------------------------------------------- */ /* GLUE POUR CREATION DEPUIS PYTHON */ /* ---------------------------------------------------------------------------------- */ /****************************************************************************** * * * Paramètres : gclass = classe GLib à initialiser. * * pyclass = classe Python à initialiser. * * * * Description : Initialise la classe des formats exécutables. * * * * Retour : 0 pour indiquer un succès de l'opération. * * * * Remarques : - * * * ******************************************************************************/ static int py_executable_format_init_gclass(GExecutableFormatClass *gclass, PyTypeObject *pyclass) { PY_CLASS_SET_WRAPPER(gclass->get_machine, py_executable_format_get_target_machine_wrapper); PY_CLASS_SET_WRAPPER(gclass->get_main_addr, py_executable_format_get_main_address_wrapper); PY_CLASS_SET_WRAPPER(gclass->refine_portions, py_executable_format_refine_portions_wrapper); return 0; } /****************************************************************************** * * * Paramètres : self = objet à initialiser (théoriquement). * * args = arguments fournis à l'appel. * * kwds = arguments de type key=val fournis. * * * * Description : Initialise une instance sur la base du dérivé de GObject. * * * * Retour : 0. * * * * Remarques : - * * * ******************************************************************************/ static int py_executable_format_init(PyObject *self, PyObject *args, PyObject *kwds) { GBinContent *content; /* Contenu à intégrer au format*/ int ret; /* Bilan de lecture des args. */ GExecutableFormat *format; /* Format à manipuler */ #define EXECUTABLE_FORMAT_DOC \ "The ExecutableFormat class provides support for formats containing"\ " code to run.\n" \ "\n" \ "The following methods have to be defined for new classes:\n" \ "* pychrysalide.format.ExecutableFormat._get_target_machine();\n" \ "* pychrysalide.format.ExecutableFormat._get_main_address().\n" \ "\n" \ "The following method may be defined for new classes:\n" \ "* pychrysalide.format.ExecutableFormat._refine_portions().\n" \ "\n" \ "Calls to the *__init__* constructor of this abstract object expect"\ " only one argument: a binary content, provided as a" \ " pychrysalide.analysis.BinContent instance." /* Récupération des paramètres */ ret = PyArg_ParseTuple(args, "O&", convert_to_binary_content, &content); if (!ret) return -1; /* Initialisation d'un objet GLib */ ret = forward_pygobjet_init(self); if (ret == -1) return -1; /* Eléments de base */ format = G_EXECUTABLE_FORMAT(pygobject_get(self)); if (!g_executable_format_create(format, content)) return -1; return 0; } /****************************************************************************** * * * Paramètres : format = description du format exécutable à consulter. * * * * Description : Indique le type d'architecture visée par le format. * * * * Retour : Identifiant de l'architecture ciblée par le format. * * * * Remarques : - * * * ******************************************************************************/ static char *py_executable_format_get_target_machine_wrapper(const GExecutableFormat *format) { char *result; /* Désignation à renvoyer */ PyGILState_STATE gstate; /* Sauvegarde d'environnement */ PyObject *pyobj; /* Objet Python concerné */ PyObject *pyret; /* Valeur retournée */ int ret; /* Bilan d'une conversion */ #define EXECUTABLE_FORMAT_GET_TARGET_MACHINE_WRAPPER PYTHON_WRAPPER_DEF \ ( \ _get_target_machine, "$self", \ METH_NOARGS, \ "Abstract method used to define the identifier of the architecture" \ " suitable for the executable format.\n" \ "\n" \ "The return value has to be a (tiny) string." \ ) result = NULL; gstate = PyGILState_Ensure(); pyobj = pygobject_new(G_OBJECT(format)); if (has_python_method(pyobj, "_get_target_machine")) { pyret = run_python_method(pyobj, "_get_target_machine", NULL); if (pyret != NULL) { ret = PyUnicode_Check(pyret); if (ret) result = strdup(PyUnicode_AsUTF8(pyret)); else PyErr_SetString(PyExc_ValueError, _("unexpected value type for executable format target machine")); Py_DECREF(pyret); } } Py_DECREF(pyobj); PyGILState_Release(gstate); return result; } /****************************************************************************** * * * Paramètres : format = description de l'exécutable à consulter. * * addr = adresse principale trouvée si possible. [OUT] * * * * Description : Fournit l'adresse principale associée à un format. * * * * Retour : Validité de l'adresse transmise. * * * * Remarques : - * * * ******************************************************************************/ static bool py_executable_format_get_main_address_wrapper(GExecutableFormat *format, vmpa2t *addr) { bool result; /* Bilan à retourner */ PyGILState_STATE gstate; /* Sauvegarde d'environnement */ PyObject *pyobj; /* Objet Python concerné */ PyObject *pyret; /* Valeur retournée */ vmpa2t *tmp; /* Zone de stockage Python */ int ret; /* Bilan d'une conversion */ #define EXECUTABLE_FORMAT_GET_MAIN_ADDRESS_WRAPPER PYTHON_WRAPPER_DEF \ ( \ _get_main_address, "$self", \ METH_NOARGS, \ "Abstract method used to provide the main address of code for" \ " the executable format.\n" \ "\n" \ "The return value has to be a pychrysalide.arch.vmpa instance or" \ " *None* in case of failure." \ ) result = false; gstate = PyGILState_Ensure(); pyobj = pygobject_new(G_OBJECT(format)); if (has_python_method(pyobj, "_get_main_address")) { pyret = run_python_method(pyobj, "_get_main_address", NULL); if (pyret != NULL) { if (pyret == Py_None) { init_vmpa(addr, VMPA_NO_PHYSICAL, VMPA_NO_VIRTUAL); result = true; } else { ret = convert_any_to_vmpa(pyret, &tmp); result = (ret == 1 || ret == Py_CLEANUP_SUPPORTED); if (result) { copy_vmpa(addr, tmp); if (ret == Py_CLEANUP_SUPPORTED) clean_vmpa_arg(tmp); } else { /** * L'erreur Python peut être effacée. * * Elle sera remontée : * - au code C via le retour (false) : * - à Python lors de l'accès à la propriétée. */ PyErr_Clear(); } } Py_DECREF(pyret); } } Py_DECREF(pyobj); PyGILState_Release(gstate); return result; } /****************************************************************************** * * * Paramètres : format = informations chargées à consulter. * * * * Description : Etend la définition des portions au sein d'un binaire. * * * * Retour : Bilan des définitions de portions. * * * * Remarques : - * * * ******************************************************************************/ static bool py_executable_format_refine_portions_wrapper(GExecutableFormat *format) { bool result; /* Bilan à retourner */ PyGILState_STATE gstate; /* Sauvegarde d'environnement */ PyObject *pyobj; /* Objet Python concerné */ PyObject *pyret; /* Valeur retournée */ #define EXECUTABLE_FORMAT_REFINE_PORTIONS_WRAPPER PYTHON_WRAPPER_DEF \ ( \ _refine_portions, "$self", \ METH_NOARGS, \ "Abstract method used to extend the definition of the format" \ " with binary portions.\n" \ "\n" \ "Extra portions should be included with calls to" \ " pychrysalide.format.ExecutableFormat.include_portion().\n" \ "\n" \ "The return value has to be a boolean value: *True* in case of" \ " success, *False* in case of failure." \ ) result = true; gstate = PyGILState_Ensure(); pyobj = pygobject_new(G_OBJECT(format)); if (has_python_method(pyobj, "_refine_portions")) { pyret = run_python_method(pyobj, "_refine_portions", NULL); if (pyret != NULL) { result = (pyret == Py_True); Py_DECREF(pyret); } } Py_DECREF(pyobj); PyGILState_Release(gstate); return result; } /* ---------------------------------------------------------------------------------- */ /* DECLARATION DE FORMAT EXECUTABLE */ /* ---------------------------------------------------------------------------------- */ /****************************************************************************** * * * Paramètres : self = description de l'exécutable à consulter. * * args = arguments accompagnant l'appel. * * * * Description : Procède à l'enregistrement d'une portion dans un format. * * * * Retour : Bilan de l'opération : True si inclusion, False sinon. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_include_portion(PyObject *self, PyObject *args) { PyObject *result; /* Bilan à retourner */ GBinaryPortion *portion; /* Portion binaire à conserver */ vmpa2t *origin; /* Source de l'inclusion */ int ret; /* Bilan de lecture des args. */ GExecutableFormat *format; /* Version GLib du format */ bool status; /* Bilan de l'inclusion */ #define EXECUTABLE_FORMAT_INCLUDE_PORTION_METHOD PYTHON_METHOD_DEF \ ( \ include_portion, "$self, portion, /, origin=None", \ METH_VARARGS, py_executable_format, \ "Register a new portion inside the content of an executable format.\n" \ "\n" \ "The *portion* argument is a pychrysalide.glibext.BinaryPortion" \ " instance. The optional *origin* arguement specifies the source of the"\ " operation, as a pychrysalide.arch.vmpa definition, which may be used" \ " for tracking errors.\n" \ "\n" \ "The return value is a boolean value: *True* in case of success," \ " *False* in case of failure." \ ) origin = NULL; ret = PyArg_ParseTuple(args, "O&|O&", convert_to_binary_portion, &portion, convert_any_to_vmpa, &origin); if (!ret) return NULL; format = G_EXECUTABLE_FORMAT(pygobject_get(self)); status = g_executable_format_include_portion(format, portion, origin); result = status ? Py_True : Py_False; Py_INCREF(result); if (origin != NULL) clean_vmpa_arg(origin); return result; } /****************************************************************************** * * * Paramètres : self = description de l'exécutable à consulter. * * args = arguments accompagnant l'appel. * * * * Description : Fournit l'emplacement correspondant à une position physique. * * * * Retour : Position correspondante ou None. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_translate_offset_into_vmpa(PyObject *self, PyObject *args) { PyObject *result; /* Instance à retourner */ GExecutableFormat *format; /* Version GLib du format */ unsigned long long off; /* Adresse en mémoire virtuelle*/ int ret; /* Bilan de lecture des args. */ vmpa2t pos; /* Position complète déterminée*/ bool status; /* Bilan de l'opération */ #define EXECUTABLE_FORMAT_TRANSLATE_OFFSET_INTO_VMPA_METHOD PYTHON_METHOD_DEF \ ( \ translate_offset_into_vmpa, "$self, addr", \ METH_VARARGS, py_executable_format, \ "Translate a physical offset to a full location.\n" \ "\n" \ "The *off* argument is a physical offset provided as an integer value.\n" \ "\n" \ "The returned position is a pychrysalide.arch.vmpa instance or *None* in" \ " case of failure." \ ) ret = PyArg_ParseTuple(args, "K", &off); if (!ret) return NULL; format = G_EXECUTABLE_FORMAT(pygobject_get(self)); status = g_executable_format_translate_offset_into_vmpa(format, off, &pos); if (status) result = build_from_internal_vmpa(&pos); else { result = Py_None; Py_INCREF(result); } return result; } /****************************************************************************** * * * Paramètres : self = description de l'exécutable à consulter. * * args = arguments accompagnant l'appel. * * * * Description : Fournit l'emplacement correspondant à une adresse virtuelle. * * * * Retour : Position correspondante ou None. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_translate_address_into_vmpa(PyObject *self, PyObject *args) { PyObject *result; /* Instance à retourner */ GExecutableFormat *format; /* Version GLib du format */ unsigned long long addr; /* Adresse en mémoire virtuelle*/ int ret; /* Bilan de lecture des args. */ vmpa2t pos; /* Position complète déterminée*/ bool status; /* Bilan de l'opération */ #define EXECUTABLE_FORMAT_TRANSLATE_ADDRESS_INTO_VMPA_METHOD PYTHON_METHOD_DEF \ ( \ translate_address_into_vmpa, "$self, addr", \ METH_VARARGS, py_executable_format, \ "Translate a virtual address to a full location.\n" \ "\n" \ "The *addr* argument is a virtual address provided as an integer value.\n" \ "\n" \ "The returned position is a pychrysalide.arch.vmpa instance or *None* in" \ " case of failure." \ ) ret = PyArg_ParseTuple(args, "K", &addr); if (!ret) return NULL; format = G_EXECUTABLE_FORMAT(pygobject_get(self)); status = g_executable_format_translate_address_into_vmpa(format, addr, &pos); if (status) result = build_from_internal_vmpa(&pos); else { result = Py_None; Py_INCREF(result); } return result; } /****************************************************************************** * * * Paramètres : self = objet Python concerné par l'appel. * * closure = non utilisé ici. * * * * Description : Indique le type d'architecture visée par le format. * * * * Retour : Identifiant de l'architecture ciblée par le format. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_get_target_machine(PyObject *self, void *closure) { PyObject *result; /* Trouvailles à retourner */ GExecutableFormat *format; /* Format exécutable manipulé */ char *machine; /* Désignation machine ciblée */ #define EXECUTABLE_FORMAT_TARGET_MACHINE_ATTRIB PYTHON_GET_DEF_FULL \ ( \ target_machine, py_executable_format, \ "Identifier of the architecture suitable for the executable format,"\ " provided as a (tiny) string." \ ) format = G_EXECUTABLE_FORMAT(pygobject_get(self)); machine = g_executable_format_get_target_machine(format); if (machine != NULL) { result = PyUnicode_FromString(machine); free(machine); } else { result = NULL; if (PyErr_Occurred() == NULL) PyErr_SetString(PyExc_ValueError, _("unexpected NULL value for executable format target machine")); } return result; } /****************************************************************************** * * * Paramètres : self = objet Python concerné par l'appel. * * closure = non utilisé ici. * * * * Description : Fournit l'adresse principale associée à un format. * * * * Retour : Validité de l'adresse transmise. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_get_main_address(PyObject *self, void *closure) { PyObject *result; /* Trouvailles à retourner */ GExecutableFormat *format; /* Format exécutable manipulé */ vmpa2t addr; /* Point d'entrée principal */ bool status; /* Validité de l'adresse */ #define EXECUTABLE_FORMAT_MAIN_ADDRESS_ATTRIB PYTHON_GET_DEF_FULL \ ( \ main_address, py_executable_format, \ "Main address of code for the executable format.\n" \ "\n" \ "This property provide a pychrysalide.arch.vmpa instance or" \ " *None* in case of failure." \ ) format = G_EXECUTABLE_FORMAT(pygobject_get(self)); status = g_executable_format_get_main_address(format, &addr); if (status) result = build_from_internal_vmpa(&addr); else { PyErr_SetString(PyExc_AttributeError, _("unable to define a value for the main address")); result = NULL; } return result; } /****************************************************************************** * * * Paramètres : self = objet Python concerné par l'appel. * * closure = non utilisé ici. * * * * Description : Indique le type d'architecture visée par le format. * * * * Retour : Identifiant de l'architecture ciblée par le format. * * * * Remarques : - * * * ******************************************************************************/ static PyObject *py_executable_format_get_portions(PyObject *self, void *closure) { PyObject *result; /* Trouvailles à retourner */ GExecutableFormat *format; /* Format exécutable manipulé */ GBinaryPortion *portions; /* Portion principale du format*/ #define EXECUTABLE_FORMAT_PORTIONS_ATTRIB PYTHON_GET_DEF_FULL \ ( \ portions, py_executable_format, \ "Root portion of the executable format, provided as a" \ " pychrysalide.glibext.BinaryPortion instance." \ ) format = G_EXECUTABLE_FORMAT(pygobject_get(self)); portions = g_executable_format_get_portions(format); result = pygobject_new(G_OBJECT(portions)); unref_object(portions); return result; } /****************************************************************************** * * * Paramètres : - * * * * Description : Fournit un accès à une définition de type à diffuser. * * * * Retour : Définition d'objet pour Python. * * * * Remarques : - * * * ******************************************************************************/ PyTypeObject *get_python_executable_format_type(void) { static PyMethodDef py_executable_format_methods[] = { EXECUTABLE_FORMAT_GET_TARGET_MACHINE_WRAPPER, EXECUTABLE_FORMAT_GET_MAIN_ADDRESS_WRAPPER, EXECUTABLE_FORMAT_REFINE_PORTIONS_WRAPPER, EXECUTABLE_FORMAT_INCLUDE_PORTION_METHOD, EXECUTABLE_FORMAT_TRANSLATE_OFFSET_INTO_VMPA_METHOD, EXECUTABLE_FORMAT_TRANSLATE_ADDRESS_INTO_VMPA_METHOD, { NULL } }; static PyGetSetDef py_executable_format_getseters[] = { EXECUTABLE_FORMAT_TARGET_MACHINE_ATTRIB, EXECUTABLE_FORMAT_MAIN_ADDRESS_ATTRIB, EXECUTABLE_FORMAT_PORTIONS_ATTRIB, { NULL } }; static PyTypeObject py_executable_format_type = { PyVarObject_HEAD_INIT(NULL, 0) .tp_name = "pychrysalide.format.ExecutableFormat", .tp_basicsize = sizeof(PyGObject), .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE, .tp_doc = EXECUTABLE_FORMAT_DOC, .tp_methods = py_executable_format_methods, .tp_getset = py_executable_format_getseters, .tp_init = py_executable_format_init, .tp_new = py_executable_format_new, }; return &py_executable_format_type; } /****************************************************************************** * * * Paramètres : module = module dont la définition est à compléter. * * * * Description : Prend en charge l'objet 'pychrysalide.format.ExeFormat'. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ bool ensure_python_executable_format_is_registered(void) { PyTypeObject *type; /* Type Python 'ExeFormat' */ PyObject *module; /* Module à recompléter */ PyObject *dict; /* Dictionnaire du module */ type = get_python_executable_format_type(); if (!PyType_HasFeature(type, Py_TPFLAGS_READY)) { module = get_access_to_python_module("pychrysalide.format"); dict = PyModule_GetDict(module); if (!ensure_python_program_format_is_registered()) return false; pyg_register_class_init(G_TYPE_EXECUTABLE_FORMAT, (PyGClassInitFunc)py_executable_format_init_gclass); if (!register_class_for_pygobject(dict, G_TYPE_EXECUTABLE_FORMAT, type)) return false; } return true; } /****************************************************************************** * * * Paramètres : arg = argument quelconque à tenter de convertir. * * dst = destination des valeurs récupérées en cas de succès. * * * * Description : Tente de convertir en format exécutable. * * * * Retour : Bilan de l'opération, voire indications supplémentaires. * * * * Remarques : - * * * ******************************************************************************/ int convert_to_executable_format(PyObject *arg, void *dst) { int result; /* Bilan à retourner */ result = PyObject_IsInstance(arg, (PyObject *)get_python_executable_format_type()); switch (result) { case -1: /* L'exception est déjà fixée par Python */ result = 0; break; case 0: PyErr_SetString(PyExc_TypeError, "unable to convert the provided argument to executable format"); break; case 1: *((GExecutableFormat **)dst) = G_EXECUTABLE_FORMAT(pygobject_get(arg)); break; default: assert(false); break; } return result; } /* ---------------------------------------------------------------------------------- */ /* TRADUCTION D'EMPLACEMENT */ /* ---------------------------------------------------------------------------------- */ #if 0 /****************************************************************************** * * * Paramètres : obj = objet Python à convertir en emplacement. * * info = informations utiles à l'opération. * * * * Description : Réalise une conversion d'un objet Python en localisation. * * * * Retour : Bilan de l'opération. * * * * Remarques : - * * * ******************************************************************************/ int convert_to_vmpa_using_executable(PyObject *obj, exe_cv_info_t *info) { int result; /* Bilan à retourner */ int ret; /* Bilan d'une consultation */ const char *arch; /* Architecture d'exécution */ proc_cv_info_t conv; /* Informations de conversion */ ret = PyObject_IsInstance(obj, (PyObject *)get_python_vmpa_type()); if (ret) { info->vmpa = get_internal_vmpa(obj); result = 1; } else if (info->format != NULL) { arch = g_exe_format_get_target_machine(info->format); conv.proc = get_arch_processor_for_key(arch); if (conv.proc != NULL) { result = convert_to_vmpa_using_processor(obj, &conv); if (result == 1) { info->vmpa = conv.vmpa; copy_vmpa(&info->tmp, &conv.tmp); } g_object_unref(G_OBJECT(conv.proc)); } else result = 0; } else result = 0; if (result == 0) PyErr_Format(PyExc_TypeError, _("unable to convert object to VMPA location")); return result; } #endif