crabstone 3.0.3

data/Rakefile

@@ -0,0 +1,27 @@
+require 'rake'
+require 'rake/clean'
+require 'rake/testtask'
+require 'rbconfig'
+
+CLEAN.include('**/*.rbc', '**/*.rbx', '**/*.gem')
+
+namespace 'gem' do
+  desc 'Create the crabstone gem'
+  task :create => [:clean] do
+    spec = eval(IO.read('crabstone.gemspec'))
+    Gem::Builder.new(spec).build
+  end
+
+  desc 'Install the crabstone gem'
+  task :install => [:create] do
+     file = Dir["*.gem"].first
+     sh "gem install #{file}"
+  end
+end
+
+Rake::TestTask.new do |t|
+  t.verbose = true
+  t.warning = true
+end
+
+task :default => :test

data/bin/genconst

@@ -0,0 +1,66 @@
+#!/usr/bin/env ruby
+
+require 'date'
+
+# I hate these little scripts :(
+
+unless ARGV.length == 1
+	fail "Usage: #{$0} path/to/capstone/bindings/python/capstone"
+end
+
+pyfiles = Dir.glob(File.join(ARGV[0], "*_const.py"))
+if pyfiles.empty?
+	fail "No *_const.py files found in #{ARGV[0]}"
+end
+
+pyfiles.each {|fn|
+
+	mod = File.basename(fn).split('_').first.upcase
+	python = File.read fn
+	rbfn = "#{mod.downcase}_const.rb"
+
+	# Fixup the odd module names
+	mod = case mod
+	when 'SYSZ'
+		'SysZ'
+	when 'XCORE'
+		'XCore'
+	when 'SPARC'
+		'Sparc'
+	else
+		mod
+	end
+
+	puts "Writing #{mod}"
+
+	prefix = <<END
+# Library by Nguyen Anh Quynh
+# Original binding by Nguyen Anh Quynh and Tan Sheng Di
+# Additional binding work by Ben Nagy
+# (c) 2013 COSEINC. All Rights Reserved.
+
+# THIS FILE WAS AUTO-GENERATED -- DO NOT EDIT!
+# Command: #{$0} #{ARGV[0]}
+# #{DateTime.now}
+
+module Crabstone
+  module #{mod}
+
+END
+
+	postfix = <<END
+  end
+end
+END
+
+	lines = python.lines[2..-1].map {|l| 
+		l.gsub(/#{mod.upcase}_/, '').sub(%q(//), ' # ')
+	}
+
+	File.open(rbfn, 'w+') {|fh|
+		fh.write prefix
+		lines.each {|l| fh.write "    #{l}"}
+		fh.write postfix
+	}
+
+}

data/bin/genreg

@@ -0,0 +1,99 @@
+#!/usr/bin/env ruby
+
+require 'date'
+
+# I hate these little scripts :(
+
+unless ARGV.length == 1
+	fail "Usage: #{$0} path/to/capstone/bindings/python/capstone"
+end
+
+pyfiles = Dir.glob(File.join(ARGV[0], "*_const.py"))
+if pyfiles.empty?
+	fail "No *_const.py files found in #{ARGV[0]}"
+end
+
+pyfiles.each {|fn|
+
+	mod = File.basename(fn).split('_').first.upcase
+	python = File.read fn
+	rbfn = "#{mod.downcase}_registers.rb"
+
+	# Fixup the odd module names
+	mod = case mod
+	when 'SYSZ'
+		'SysZ'
+	when 'XCORE'
+		'XCore'
+	when 'SPARC'
+		'Sparc'
+	else
+		mod
+	end
+
+	puts "Writing #{mod}"
+
+	prefix = <<END
+# Library by Nguyen Anh Quynh
+# Original binding by Nguyen Anh Quynh and Tan Sheng Di
+# Additional binding work by Ben Nagy
+# (c) 2013 COSEINC. All Rights Reserved.
+
+# THIS FILE WAS AUTO-GENERATED -- DO NOT EDIT!
+# Command: #{$0} #{ARGV[0]}
+# #{DateTime.now}
+
+module Crabstone
+  module #{mod}
+    REG_LOOKUP = {
+END
+
+middle = <<END
+
+    ID_LOOKUP = REG_LOOKUP.invert
+
+    # alias registers
+END
+
+postfix = <<END
+    SYM_LOOKUP = Hash[REG_LOOKUP.map {|k,v| [k.downcase.to_sym,v]}]
+
+    def self.register reg
+      return reg if ID_LOOKUP[reg]
+      return SYM_LOOKUP[reg] if SYM_LOOKUP[reg]
+      if reg.respond_to? :upcase
+        return REG_LOOKUP[reg.upcase] || REG_LOOKUP['INVALID']
+      end
+      REG_LOOKUP['INVALID']
+    end
+
+  end
+end
+END
+
+	lines = python.lines[2..-1].map {|l| 
+		l.gsub(/#{mod.upcase}_/, '').sub(%q(//), ' # ')
+	}
+
+	File.open(rbfn, 'w+') {|fh|
+		fh.write prefix
+		registers = lines.map {|l|
+			next if l=~ /ENDING/
+			if l =~ /^REG_(.*) = (\d+)/
+				"      '#{$1}' => #{$2}"
+			end
+		}.compact
+		fh.write registers.join(",\n")
+		fh.write "\n    }\n"
+		fh.write middle
+		lines.each {|l|
+			next if l=~ /ENDING/
+			if l =~ /^REG_(.*) = REG_(.*)/
+				fh.write "    REG_LOOKUP['#{$1}'] = REG_LOOKUP['#{$2}']\n"
+			end
+		}
+		fh.puts
+		fh.write postfix
+	}
+
+}

data/crabstone.gemspec

@@ -0,0 +1,27 @@
+require 'rubygems'
+
+Gem::Specification.new do |spec|
+  spec.name       = 'crabstone'
+  spec.version    = '3.0.3'
+  spec.author     = 'Ben Nagy'
+  spec.license    = 'BSD'
+  spec.email      = 'crabstone@ben.iagu.net'
+  spec.homepage   = 'https://github.com/bnagy/crabstone'
+  spec.summary    = 'Ruby FFI bindings for the capstone disassembly engine'
+  spec.test_files = Dir['test/*.rb']
+  spec.files      = Dir['**/*'].delete_if{ |item| item.include?('git') }
+
+  spec.extra_rdoc_files = ['CHANGES.md', 'README.md', 'MANIFEST']
+
+  spec.add_runtime_dependency 'ffi' unless RUBY_PLATFORM =~/java/
+  spec.add_development_dependency 'test-unit'
+
+  spec.description = <<-EOF
+
+  Capstone is a disassembly engine written by Nguyen Anh Quynh, available here
+  https://github.com/aquynh/capstone. This is the Ruby FFI binding. We test
+  against MRI 2.0.0,  2.1.0 and JRuby 1.7.8. AFAIK it works with rubinius
+  2.2.1.
+
+    EOF
+end

data/examples/hello_world.rb

@@ -0,0 +1,43 @@
+#!/usr/bin/env ruby
+
+# Library by Nguyen Anh Quynh
+# Original binding by Nguyen Anh Quynh and Tan Sheng Di
+# Additional binding work by Ben Nagy
+# (c) 2013 COSEINC. All Rights Reserved.
+
+require 'crabstone'
+include Crabstone
+
+arm = (
+  "\xED\xFF\xFF\xEB\x04\xe0\x2d\xe5\x00\x00\x00\x00\xe0\x83\x22" <<
+  "\xe5\xf1\x02\x03\x0e\x00\x00\xa0\xe3\x02\x30\xc1\xe7\x00\x00\x53\xe3"
+)
+
+begin
+  
+  cs = Disassembler.new(ARCH_ARM, MODE_ARM)
+  puts "Hello from Capstone v #{cs.version.join('.')}!"
+  puts "Disasm:"
+
+  begin
+    cs.decomposer = true
+
+    # disasm is an array of Crabstone::Instruction objects
+    disasm = cs.disasm(arm, 0x1000)
+
+    disasm.each {|i|
+      printf("0x%x:\t%s\t\t%s\n",i.address, i.mnemonic, i.op_str)
+    }
+
+    disasm = cs.disasm(arm, 0x1000)
+    puts disasm.map {|i| "0x%x:\t%s\t\t%s\n" % [i.address, i.mnemonic, i.op_str]}
+
+  rescue
+    fail "Disassembly error: #{$!} #{$@}"
+  ensure
+    cs.close
+  end
+
+rescue
+  fail "Unable to open engine: #{$!}"
+end

data/lib/arch/arm.rb

@@ -0,0 +1,128 @@
+# Library by Nguyen Anh Quynh
+# Original binding by Nguyen Anh Quynh and Tan Sheng Di
+# Additional binding work by Ben Nagy
+# (c) 2013 COSEINC. All Rights Reserved.
+
+require 'ffi'
+
+require_relative 'arm_const'
+
+module Crabstone
+  module ARM
+
+    class OperandShift < FFI::Struct
+      layout(
+        :type, :uint,
+        :value, :uint
+      )
+    end
+
+    class MemoryOperand < FFI::Struct
+      layout(
+        :base, :uint,
+        :index, :uint,
+        :scale, :int,
+        :disp, :int
+      )
+    end
+
+    class OperandValue < FFI::Union
+      layout(
+        :reg, :uint,
+        :imm, :int32,
+        :fp, :double,
+        :mem, MemoryOperand,
+        :setend, :int
+      )
+    end
+
+    class Operand < FFI::Struct
+      layout(
+        :vector_index, :int,
+        :shift, OperandShift,
+        :type, :uint,
+        :value, OperandValue,
+        :subtracted, :bool
+      )
+
+      def value
+        case self[:type]
+        when *[OP_REG, OP_SYSREG]
+          self[:value][:reg]
+        when *[OP_IMM, OP_CIMM, OP_PIMM]
+          self[:value][:imm]
+        when OP_MEM
+          self[:value][:mem]
+        when OP_FP
+          self[:value][:fp]
+        when OP_SETEND
+          self[:value][:setend]
+        else
+          nil
+        end
+      end
+
+      def reg?
+        [OP_REG, OP_SYSREG].include? self[:type]
+      end
+
+      def imm?
+        [OP_IMM, OP_CIMM, OP_PIMM].include? self[:type]
+      end
+
+      def cimm?
+        self[:type] == OP_CIMM
+      end
+
+      def pimm?
+        self[:type] == OP_PIMM
+      end
+
+      def mem?
+        self[:type] == OP_MEM
+      end
+
+      def fp?
+        self[:type] == OP_FP
+      end
+
+      def sysreg?
+        self[:type] == OP_SYSREG
+      end
+
+      def valid?
+        [
+          OP_MEM,
+          OP_IMM,
+          OP_CIMM,
+          OP_PIMM,
+          OP_FP,
+          OP_REG,
+          OP_SYSREG,
+          OP_SETEND
+        ].include? self[:type]
+      end
+    end
+
+    class Instruction < FFI::Struct
+      layout(
+        :usermode, :bool,
+        :vector_size, :int,
+        :vector_data, :int,
+        :cps_mode, :int,
+        :cps_flag, :int,
+        :cc, :uint,
+        :update_flags, :bool,
+        :writeback, :bool,
+        :mem_barrier, :int,
+        :op_count, :uint8,
+        :operands, [Operand, 36]
+      )
+
+      def operands
+        self[:operands].take_while {|op| op[:type].nonzero?}
+      end
+
+    end
+  end
+end

data/lib/arch/arm64.rb

@@ -0,0 +1,167 @@
+# Library by Nguyen Anh Quynh
+# Original binding by Nguyen Anh Quynh and Tan Sheng Di
+# Additional binding work by Ben Nagy
+# (c) 2013 COSEINC. All Rights Reserved.
+
+require 'ffi'
+
+require_relative 'arm64_const'
+
+module Crabstone
+    module ARM64
+
+
+        class OperandShift < FFI::Struct
+            layout(
+                :type, :uint,
+                :value, :uint
+            )
+        end
+
+        class MemoryOperand < FFI::Struct
+            layout(
+                :base, :uint,
+                :index, :uint,
+                :disp, :int32
+            )
+        end
+
+        class OperandValue < FFI::Union
+            layout(
+                :reg, :uint,
+                :imm, :int64,
+                :fp, :double,
+                :mem, MemoryOperand,
+                :pstate, :int,
+                :sys, :uint,
+                :prefetch, :int,
+                :barrier, :int
+            )
+        end
+
+        class Operand < FFI::Struct
+
+            layout(
+                :vector_index, :int,
+                :vas, :int,
+                :vess, :int,
+                :shift, OperandShift,
+                :ext, :uint,
+                :type, :uint,
+                :value, OperandValue
+            )
+
+            def value
+                case self[:type]
+                when *[OP_REG, OP_REG_MRS, OP_REG_MSR]  # Register operand.
+                    self[:value][:reg]
+                when *[OP_IMM, OP_CIMM]                 # Immediate operand.
+                    self[:value][:imm]
+                when OP_FP                              # Floating-Point immediate operand.
+                    self[:value][:fp]
+                when OP_MEM                             # Memory operand
+                    self[:value][:mem]
+                when OP_PSTATE                          # PState operand.
+                    self[:value][:pstate]
+                when OP_SYS                             # SYS operand for IC/DC/AT/TLBI instructions.
+                    self[:value][:sys]
+                when OP_PREFETCH                        # Prefetch operand (PRFM).
+                    self[:value][:prefetch]
+                when OP_BARRIER                         # Memory barrier operand (ISB/DMB/DSB instructions).
+                    self[:value][:barrier]
+                else
+                    nil
+                end
+            end
+
+            def shift_type
+                self[:shift][:type]
+            end
+
+            def shift_value
+                self[:shift][:value]
+            end
+
+            def shift?
+                self[:shift][:type] != SFT_INVALID
+            end
+
+            def ext?
+                self[:ext] != EXT_INVALID
+            end
+
+            def reg?
+                self[:type] == OP_REG
+            end
+
+            def imm?
+                self[:type] == OP_IMM
+            end
+
+            def cimm?
+                self[:type] == OP_CIMM
+            end
+
+            def mem?
+                self[:type] == OP_MEM
+            end
+
+            def fp?
+                self[:type] == OP_FP
+            end
+
+            def pstate?
+                self[:type] == OP_PSTATE
+            end
+
+            def msr?
+                self[:type] == OP_REG_MSR
+            end
+
+            def mrs?
+                self[:type] == OP_REG_MRS
+            end
+
+            def barrier?
+                self[:type] == OP_BARRIER
+            end
+
+            def prefetch?
+                self[:type] == OP_PREFETCH
+            end
+
+            def valid?
+                [
+                    OP_INVALID,
+                    OP_REG,
+                    OP_CIMM,
+                    OP_IMM,
+                    OP_FP,
+                    OP_MEM,
+                    OP_REG_MRS,
+                    OP_REG_MSR,
+                    OP_PSTATE,
+                    OP_SYS,
+                    OP_PREFETCH,
+                    OP_BARRIER
+                ].include? self[:type]
+            end
+
+        end
+
+        class Instruction < FFI::Struct
+            layout(
+                :cc, :uint,
+                :update_flags, :bool,
+                :writeback, :bool,
+                :op_count, :uint8,
+                :operands, [Operand, 8]
+            )
+
+            def operands
+                self[:operands].take_while {|op| op[:type].nonzero?}
+            end
+
+        end
+    end
+end