ffi-udis86 0.1.0

data/.gitignore

@@ -0,0 +1,8 @@
+doc
+pkg
+tmp/*
+.DS_Store
+.yardoc
+*.o
+*.swp
+*~

data/.specopts

@@ -0,0 +1 @@
+--colour --format specdoc

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title 'FFI UDis86 Documentation' --protected --files ChangeLog.md,LICENSE.txt

data/ChangeLog.md

@@ -0,0 +1,10 @@
+### 0.1.0 / 2010-02-19
+
+* Initial release:
+  * Supports x86 and x86-64 instructions.
+  * Supports 16 and 32 disassembly modes.
+  * Supports Intel and ATT syntax output.
+  * Supports disassembling files and arbitrary input.
+  * Supports using input buffers.
+  * Supports using input callbacks.
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+
+Copyright (c) 2009-2010 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/README.md

@@ -0,0 +1,60 @@
+# ffi-udis86
+
+* [github.com/sophsec/ffi-udis86](http://github.com/sophsec/ffi-udis86/)
+* [github.com/sophsec/ffi-udis86/issue](http://github.com/sophsec/ffi-udis86/)
+* Postmodern (postmodern.mod3 at gmail.com)
+
+## Description
+
+Ruby FFI bindings for udis86, a x86 and x86-64 disassembler.
+
+## Features
+
+* Supports x86 and x86-64 instructions.
+* Supports 16 and 32 disassembly modes.
+* Supports Intel and ATT syntax output.
+* Supports disassembling files and arbitrary input.
+* Supports using input buffers.
+* Supports using input callbacks.
+
+## Examples
+
+Create a new disassembler:
+
+    include FFI::UDis86
+    
+    ud = UD.create(:syntax => :att, :mode => 64)
+
+Set the input buffer:
+
+    ud.input_buffer = "\x90\x90\xc3"
+
+Add an input callback:
+
+    ud.input_callback { |ud| ops.shift || -1 }
+
+Read a file:
+
+    UD.open(path) do |ud|
+      ...
+    end
+
+Disassemble and print instructions:
+
+    ud.disas do |insn|
+      puts insn
+    end
+
+## Requirements
+
+* [udis86](http://udis86.sourceforge.net/) >= 1.7
+* [ffi](http://github.com/ffi/ffi) >= 0.6.2
+
+## Install
+
+    $ sudo gem install ffi-udis86
+
+## License
+
+See {file:LICENSE.txt} for license information.
+

data/Rakefile

@@ -0,0 +1,42 @@
+require 'rubygems'
+require 'rake'
+require './lib/udis86/version.rb'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = 'ffi-udis86'
+    gem.version = FFI::UDis86::VERSION
+    gem.summary = %Q{Ruby FFI bindings for udis86, a x86 and x86-64 disassembler.}
+    gem.description = %Q{Ruby FFI bindings for udis86, a x86 and x86-64 disassembler.}
+    gem.email = 'postmodern.mod3@gmail.com'
+    gem.homepage = 'http://github.com/sophsec/ffi-udis86'
+    gem.authors = ['Postmodern']
+    gem.add_dependency 'ffi', '>= 0.6.2'
+    gem.add_development_dependency 'rspec', '>= 1.3.0'
+    gem.add_development_dependency 'yard', '>= 0.5.3'
+    gem.has_rdoc = 'yard'
+  end
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs += ['lib', 'spec']
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+  spec.spec_opts = ['--options', '.specopts']
+end
+
+task :spec => :check_dependencies
+task :default => :spec
+
+begin
+  require 'yard'
+
+  YARD::Rake::YardocTask.new
+rescue LoadError
+  task :yard do
+    abort "YARD is not available. In order to run yard, you must: gem install yard"
+  end
+end

data/ffi-udis86.gemspec

@@ -0,0 +1,88 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{ffi-udis86}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Postmodern"]
+  s.date = %q{2010-02-19}
+  s.description = %q{Ruby FFI bindings for udis86, a x86 and x86-64 disassembler.}
+  s.email = %q{postmodern.mod3@gmail.com}
+  s.extra_rdoc_files = [
+    "ChangeLog.md",
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+    ".specopts",
+    ".yardopts",
+    "ChangeLog.md",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "ffi-udis86.gemspec",
+    "lib/udis86.rb",
+    "lib/udis86/ffi.rb",
+    "lib/udis86/operand.rb",
+    "lib/udis86/operand_pointer.rb",
+    "lib/udis86/operand_value.rb",
+    "lib/udis86/types.rb",
+    "lib/udis86/ud.rb",
+    "lib/udis86/version.rb",
+    "spec/helpers/files.rb",
+    "spec/helpers/files/operands_index_scale",
+    "spec/helpers/files/operands_index_scale.s",
+    "spec/helpers/files/operands_memory",
+    "spec/helpers/files/operands_memory.s",
+    "spec/helpers/files/operands_offset",
+    "spec/helpers/files/operands_offset.s",
+    "spec/helpers/files/operands_simple",
+    "spec/helpers/files/operands_simple.s",
+    "spec/helpers/files/simple",
+    "spec/helpers/files/simple.s",
+    "spec/helpers/operands.rb",
+    "spec/operand_spec.rb",
+    "spec/spec_helper.rb",
+    "spec/ud_spec.rb",
+    "spec/udis86_spec.rb"
+  ]
+  s.has_rdoc = %q{yard}
+  s.homepage = %q{http://github.com/sophsec/ffi-udis86}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Ruby FFI bindings for udis86, a x86 and x86-64 disassembler.}
+  s.test_files = [
+    "spec/spec_helper.rb",
+    "spec/udis86_spec.rb",
+    "spec/ud_spec.rb",
+    "spec/helpers/files.rb",
+    "spec/helpers/operands.rb",
+    "spec/operand_spec.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<ffi>, [">= 0.6.2"])
+      s.add_development_dependency(%q<rspec>, [">= 1.3.0"])
+      s.add_development_dependency(%q<yard>, [">= 0.5.3"])
+    else
+      s.add_dependency(%q<ffi>, [">= 0.6.2"])
+      s.add_dependency(%q<rspec>, [">= 1.3.0"])
+      s.add_dependency(%q<yard>, [">= 0.5.3"])
+    end
+  else
+    s.add_dependency(%q<ffi>, [">= 0.6.2"])
+    s.add_dependency(%q<rspec>, [">= 1.3.0"])
+    s.add_dependency(%q<yard>, [">= 0.5.3"])
+  end
+end
+

data/lib/udis86.rb

@@ -0,0 +1,4 @@
+require 'udis86/types'
+require 'udis86/ffi'
+require 'udis86/ud'
+require 'udis86/version'

data/lib/udis86/ffi.rb

@@ -0,0 +1,30 @@
+require 'udis86/types'
+require 'udis86/ud'
+
+require 'ffi'
+
+module FFI
+  module UDis86
+    extend FFI::Library
+
+    ffi_lib 'libudis86'
+
+    attach_function :ud_init, [:pointer], :void
+    attach_function :ud_set_input_hook, [:pointer, :ud_input_callback], :void
+    attach_function :ud_set_input_buffer, [:pointer, :pointer, :size_t], :void
+    attach_function :ud_set_mode, [:pointer, :uint8], :void
+    attach_function :ud_set_pc, [:pointer, :uint64], :void
+    attach_function :ud_translate_att, [:pointer], :void
+    attach_function :ud_translate_intel, [:pointer], :void
+    attach_function :ud_set_syntax, [:pointer, :ud_translator_callback], :void
+    attach_function :ud_set_vendor, [:pointer, :uint8], :void
+    attach_function :ud_disassemble, [:pointer], :uint
+    attach_function :ud_insn_len, [:pointer], :uint
+    attach_function :ud_insn_off, [:pointer], :uint64
+    attach_function :ud_insn_hex, [:pointer], :string
+    attach_function :ud_insn_ptr, [:pointer], :pointer
+    attach_function :ud_insn_asm, [:pointer], :string
+    attach_function :ud_input_skip, [:pointer, :size_t], :void
+    attach_function :ud_lookup_mnemonic, [:ud_mnemonic_code], :string
+  end
+end

data/lib/udis86/operand.rb

@@ -0,0 +1,174 @@
+require 'udis86/operand_value'
+require 'udis86/types'
+
+require 'ffi'
+
+module FFI
+  module UDis86
+    class Operand < FFI::Struct
+
+      layout :type, :ud_type,
+             :size, :uint8,
+             :value, OperandValue,
+             :base, :ud_type,
+             :index, :ud_type,
+             :offset, :uint8,
+             :scale, :uint8
+
+      #
+      # The type of the operand.
+      #
+      # @return [Integer]
+      #   The type of the operand.
+      #
+      def type
+        self[:type]
+      end
+
+      #
+      # Determines if the operand is a memory access.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is a memory access.
+      #
+      def is_mem?
+        self[:type] == :ud_op_mem
+      end
+
+      #
+      # Determines if the operand is Segment:Offset pointer.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is Segment:Offset pointer.
+      #
+      def is_seg_ptr?
+        self[:type] == :ud_op_ptr
+      end
+
+      #
+      # Determines if the operand is immediate data.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is immediate data.
+      #
+      def is_imm?
+        self[:type] == :ud_op_imm
+      end
+
+      #
+      # Determines if the operand is a relative offset used in a jump.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is a relative offset.
+      #
+      def is_jmp_imm?
+        self[:type] == :ud_op_jimm
+      end
+
+      #
+      # Determines if the operand is a data constant.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is a data constant.
+      #
+      def is_const?
+        self[:type] == :ud_op_const
+      end
+
+      #
+      # Determines if the operand is a register.
+      #
+      # @return [Boolean]
+      #   Specifies whether the operand is a register.
+      #
+      def is_reg?
+        self[:type] == :ud_op_reg
+      end
+
+      #
+      # The size of the operand.
+      #
+      # @return [Integer]
+      #   The size of the operand in bytes.
+      #
+      def size
+        self[:size]
+      end
+
+      #
+      # The value of the operand.
+      #
+      # @return [OperandValue, OperandPointer]
+      #   The value of the operand. If the operand represents a pointer,
+      #   an OperandPointer object will be returned.
+      #
+      def value
+        case type
+        when :ud_op_ptr
+          return self[:value].ptr
+        when :ud_op_reg
+          return nil
+        else
+          return self[:value]
+        end
+      end
+
+      #
+      # The base address used by the operand.
+      #
+      # @return [Integer]
+      #   The base address of the operand.
+      #
+      def base
+        REGS[self[:base]]
+      end
+
+      alias reg base
+
+      #
+      # The index value used by the operand.
+      #
+      # @return [Integer]
+      #   The index value of the operand.
+      #
+      def index
+        REGS[self[:index]]
+      end
+
+      #
+      # The offset value used by the operand.
+      #
+      # @return [OperandValue, 0]
+      #   The offset value of the operand.
+      #
+      def offset
+        if self[:offset] > 0
+          return self[:value]
+        else
+          return 0
+        end
+      end
+
+      #
+      # The word-length of the offset used with the operand.
+      #
+      # @return [Integer]
+      #   Word-length of the offset being used.
+      #
+      def offset_size
+        self[:offset]
+      end
+
+      #
+      # The scale value used by the operand.
+      #
+      # @return [Integer]
+      #   The scale value of the operand.
+      #
+      def scale
+        self[:scale]
+      end
+
+    end
+  end
+end