/* Chrysalide - Outil d'analyse de fichiers binaires
* disassembler.c - encadrement des phases de désassemblage
*
* Copyright (C) 2010-2014 Cyrille Bagard
*
* This file is part of Chrysalide.
*
* OpenIDA is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* OpenIDA is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Foobar. If not, see .
*/
#include "disassembler.h"
#include
#include
#include
#include
#include "fetch.h"
#include "limit.h"
#include "links.h"
#include "loop.h"
#include "macro.h"
#include "output.h"
#include "rank.h"
#include "../../decomp/lang/asm.h"
#include "../../format/format.h"
#include "../../glibext/delayed-int.h"
#include "../../gui/panels/log.h"
#include "../../plugins/pglist.h"
/* ------------------------ DESASSEMBLAGE DE BINAIRE DIFFERE ------------------------ */
/* Ensembles binaires à désassembler (instance) */
struct _GDelayedDisassembly
{
GDelayedWork parent; /* A laisser en premier */
GLoadedBinary *binary; /* Destinataire final */
GExeFormat *format; /* Format du binaire représenté*/
GBinPart **parts; /* Parties binaires à traiter */
size_t count; /* Nombre de ces parties */
GArchInstruction **instrs; /* Instructions résultantes */
GCodeBuffer *buffer; /* Tampon pour le rendu */
};
/* Ensembles binaires à désassembler (classe) */
struct _GDelayedDisassemblyClass
{
GDelayedWorkClass parent; /* A laisser en premier */
};
/* Initialise la classe des tâches de désassemblage différé. */
static void g_delayed_disassembly_class_init(GDelayedDisassemblyClass *);
/* Initialise une tâche de désassemblage différé. */
static void g_delayed_disassembly_init(GDelayedDisassembly *);
/* Crée une tâche de désassemblage différé. */
static GDelayedDisassembly *g_delayed_disassembly_new(GLoadedBinary *, GBinPart **, size_t, GArchInstruction **, GCodeBuffer *);
/* Assure le désassemblage en différé. */
static void g_delayed_disassembly_process(GDelayedDisassembly *, GtkExtStatusBar *);
/* -------------------------- GESTION GLOBALE DE PROCEDURE -------------------------- */
/* Construit la description d'introduction du désassemblage. */
static void build_disass_prologue(GCodeBuffer *, const char *, const uint8_t *, off_t);
/* ---------------------------------------------------------------------------------- */
/* DESASSEMBLAGE DE BINAIRE DIFFERE */
/* ---------------------------------------------------------------------------------- */
/* Indique le type défini pour les tâches de désassemblage différé. */
G_DEFINE_TYPE(GDelayedDisassembly, g_delayed_disassembly, G_TYPE_DELAYED_WORK);
/******************************************************************************
* *
* Paramètres : klass = classe à initialiser. *
* *
* Description : Initialise la classe des tâches de désassemblage différé. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
static void g_delayed_disassembly_class_init(GDelayedDisassemblyClass *klass)
{
}
/******************************************************************************
* *
* Paramètres : disass = instance à initialiser. *
* *
* Description : Initialise une tâche de désassemblage différé. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
static void g_delayed_disassembly_init(GDelayedDisassembly *disass)
{
G_DELAYED_WORK(disass)->run = (run_task_fc)g_delayed_disassembly_process;
}
/******************************************************************************
* *
* Paramètres : binary = binaire chargé en attente des résultats. *
* format = format du binaire représenté. *
* parts = parties binaires à désassembler. *
* count = nombre de parties à traiter. *
* instrs = emplacement pour la liste d'instructions. *
* buffer = tampon de sortie pour les instructions. *
* *
* Description : Crée une tâche de désassemblage différé. *
* *
* Retour : Tâche créée. *
* *
* Remarques : - *
* *
******************************************************************************/
static GDelayedDisassembly *g_delayed_disassembly_new(GLoadedBinary *binary, GBinPart **parts, size_t count, GArchInstruction **instrs, GCodeBuffer *buffer)
{
GDelayedDisassembly *result; /* Tâche à retourner */
result = g_object_new(G_TYPE_DELAYED_DISASSEMBLY, NULL);
result->binary = binary;
result->format = g_loaded_binary_get_format(binary);
result->parts = parts;
result->count = count;
result->instrs = instrs;
result->buffer = buffer;
return result;
}
/******************************************************************************
* *
* Paramètres : disass = analyse à mener. *
* statusbar = barre de statut à tenir informée. *
* *
* Description : Assure le désassemblage en différé. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
#include "../../arch/vmpa.h"
#include
#include
#include
static void g_delayed_disassembly_process(GDelayedDisassembly *disass, GtkExtStatusBar *statusbar)
{
unsigned int valid; /* Instructions traduites */
unsigned int db; /* Instructions non décodées */
unsigned int valid_sum; /* Instructions traduites */
unsigned int instr_sum; /* Instructions totales */
size_t i; /* Boucle de parcours */
GBinRoutine **routines; /* Liste des routines trouvées */
size_t routines_count; /* Nombre de ces routines */
bstatus_id_t id; /* Identifiant de statut */
vmpa2t base;
clock_t begin, end;
double time_spent;
struct rusage usage;
unsigned long ustart;
unsigned long uend;
/* Première étape */
id = gtk_extended_status_bar_push(statusbar, _("Disassembling..."), true);
init_vmpa(&base, 0, 0);
begin = clock();
getrusage(RUSAGE_THREAD, &usage);
ustart = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec;
ustart += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec;
*disass->instrs = load_raw_binary(disass->binary, &base, 100, statusbar, id);
/*
*disass->instrs = disassemble_binary_parts(disass->binary, disass->parts, disass->count,
statusbar, id);
*/
getrusage(RUSAGE_THREAD, &usage);
uend = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec;
uend += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec;
end = clock();
time_spent = (double)(end - begin) / CLOCKS_PER_SEC;
printf("[[ TIME ]] Disassembly :: %.2g (%.2g)\n", time_spent, (uend - ustart) / 1000000.0);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_DISASSEMBLED, true);
/* Septième étape */
id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true);
qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_compare);
begin = clock();
getrusage(RUSAGE_THREAD, &usage);
ustart = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec;
ustart += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec;
print_disassembled_instructions(disass->buffer, disass->format, *disass->instrs,
routines, routines_count, statusbar, id);
getrusage(RUSAGE_THREAD, &usage);
uend = usage.ru_utime.tv_sec * 1000000 + usage.ru_utime.tv_usec;
uend += usage.ru_stime.tv_sec * 1000000 + usage.ru_stime.tv_usec;
end = clock();
time_spent = (double)(end - begin) / CLOCKS_PER_SEC;
printf("[[ TIME ]] Printing :: %.2g (%.2g)\n", time_spent, (uend - ustart) / 1000000.0);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_PRINTED, true);
}
/******************************************************************************
* *
* Paramètres : disass = analyse à mener. *
* statusbar = barre de statut à tenir informée. *
* *
* Description : Assure le désassemblage en différé. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
static void g_delayed_disassembly_process_old(GDelayedDisassembly *disass, GtkExtStatusBar *statusbar)
{
#ifdef DEBUG
unsigned int valid; /* Instructions traduites */
unsigned int db; /* Instructions non décodées */
unsigned int valid_sum; /* Instructions traduites */
unsigned int instr_sum; /* Instructions totales */
size_t i; /* Boucle de parcours */
#endif
GBinRoutine **routines; /* Liste des routines trouvées */
size_t routines_count; /* Nombre de ces routines */
bstatus_id_t id; /* Identifiant de statut */
routines = g_binary_format_get_routines(G_BIN_FORMAT(disass->format), &routines_count);
/* Première étape */
id = gtk_extended_status_bar_push(statusbar, _("Disassembling..."), true);
*disass->instrs = disassemble_binary_parts(disass->binary, disass->parts, disass->count,
statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
#ifdef DEBUG
valid_sum = 0;
instr_sum = 0;
for (i = 0; i < disass->count; i++)
{
g_binary_part_get_checkup(disass->parts[i], &valid, &db);
valid_sum += valid;
instr_sum += (valid + db);
}
log_variadic_message(LMT_WARNING, _("Disassembled instructions : %u %% (%u / %d)"),
(valid_sum * 100) / instr_sum,
valid_sum, instr_sum);
#endif
run_plugins_on_binary(disass->binary, PGA_BINARY_DISASSEMBLED, true);
/* Seconde étape */
id = gtk_extended_status_bar_push(statusbar, _("Establishing links..."), true);
establish_links_between_lines(*disass->instrs, routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_LINKED, true);
/* Troisième étape */
id = gtk_extended_status_bar_push(statusbar, _("Finding remaining limits..."), true);
qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_rcompare);
limit_all_routines(*disass->instrs, routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_BOUNDED, true);
/* Quatrième étape */
id = gtk_extended_status_bar_push(statusbar, _("Detecting loops..."), true);
detect_loops_in_code(*disass->instrs, routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
/* Cinquième étape */
id = gtk_extended_status_bar_push(statusbar, _("Grouping routines instructions..."), true);
qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_rcompare);
group_routines_instructions(*disass->instrs, routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_GROUPED, true);
/* Sixième étape */
id = gtk_extended_status_bar_push(statusbar, _("Ranking each instructions block..."), true);
qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_rcompare);
rank_routines_blocks(routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_GROUPED, true);
/* Septième étape */
id = gtk_extended_status_bar_push(statusbar, _("Printing disassembled code..."), true);
qsort(routines, routines_count, sizeof(GBinRoutine *), (__compar_fn_t)g_binary_routine_compare);
print_disassembled_instructions(disass->buffer, disass->format, *disass->instrs,
routines, routines_count, statusbar, id);
gtk_extended_status_bar_remove(statusbar, id);
run_plugins_on_binary(disass->binary, PGA_BINARY_PRINTED, true);
}
/* ---------------------------------------------------------------------------------- */
/* GESTION GLOBALE DE PROCEDURE */
/* ---------------------------------------------------------------------------------- */
/******************************************************************************
* *
* Paramètres : buffer = tampon de destination pour le texte. *
* filename = nom du fichier ciblé à décompiler. *
* data = données en mémoire pour l'empreinte. *
* length = quantité de données à prendre en compte. *
* *
* Description : Construit la description d'introduction du désassemblage. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
static void build_disass_prologue(GCodeBuffer *buffer, const char *filename, const uint8_t *data, off_t length)
{
GLangOutput *output; /* Modèle de sortie adéquat */
GBufferLine *line; /* Ligne de destination */
size_t len; /* Taille du texte */
char *content; /* Contenu textuel d'une ligne */
GChecksum *checksum; /* Calcul de l'empreinte */
const gchar *hex; /* Valeur hexadécimale du SHA */
output = g_asm_output_new();
line = g_lang_output_start_comments(output, buffer);
if (line != NULL) g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
/* Introduction */
line = g_lang_output_continue_comments(output, buffer,
SL(_("Disassembly generated by Chrysalide")));
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
line = g_lang_output_continue_comments(output, buffer,
SL(_("Chrysalide is free software - © 2008-2014 Cyrille Bagard")));
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
line = g_lang_output_continue_comments(output, buffer, NULL, 0);
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
/* Fichier */
len = strlen(_("File: ")) + strlen(filename) + 1;
content = (char *)calloc(len, sizeof(char));
snprintf(content, len, "%s%s", _("File: "), filename);
line = g_lang_output_continue_comments(output, buffer, content, len - 1);
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
free(content);
/* Checksum SHA256 */
checksum = g_checksum_new(G_CHECKSUM_SHA256);
g_checksum_update(checksum, data, length);
hex = g_checksum_get_string(checksum);
len = strlen(_("Sha256: ")) + strlen(hex);
content = (char *)calloc(len + 1, sizeof(char));
snprintf(content, len + 1, "%s%s", _("Sha256: "), hex);
g_checksum_free(checksum);
line = g_lang_output_continue_comments(output, buffer, content, len - 1);
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
free(content);
/* Ligne de séparation */
line = g_lang_output_continue_comments(output, buffer, NULL, 0);
g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
/* Conclusion */
line = g_lang_output_end_comments(output, buffer);
if (line != NULL) g_buffer_line_start_merge_at(line, BLC_PHYSICAL);
g_object_unref(G_OBJECT(output));
}
/******************************************************************************
* *
* Paramètres : binary = représentation de binaire chargé. *
* parts = parties binaires à désassembler. *
* count = nombre de parties à traiter. *
* instrs = liste des instructions chargées. [OUT] *
* buffer = tampon de code mis en place. [OUT] *
* ack = fonction à appeler une fois l'opération terminée. *
* *
* Description : Procède au désassemblage d'un contenu binaire donné. *
* *
* Retour : - *
* *
* Remarques : - *
* *
******************************************************************************/
void disassemble_binary(GLoadedBinary *binary, GBinPart **parts, size_t parts_count, GArchInstruction **instrs, GCodeBuffer **buffer, disassembly_ack_fc ack)
{
const uint8_t *data; /* Données binaires brutes */
off_t length; /* Quantité de ces données */
GDelayedDisassembly *disass; /* Désassemblage à mener */
GWorkQueue *queue; /* Gestionnaire de différés */
*buffer = g_code_buffer_new(BLC_ASSEMBLY);
data = g_loaded_binary_get_data(binary, &length);
build_disass_prologue(*buffer, g_loaded_binary_get_name(binary, true), data, length);
disass = g_delayed_disassembly_new(binary, parts, parts_count, instrs, *buffer);
g_signal_connect(disass, "work-completed", G_CALLBACK(ack), binary);
queue = get_work_queue();
g_work_queue_schedule_work(queue, G_DELAYED_WORK(disass));
}