indis-core 0.1.0

data/README.md

@@ -0,0 +1,5 @@
+[![Build Status](https://secure.travis-ci.org/indis/indis-core.png?branch=master)](http://travis-ci.org/indis/indis-core)
+
+# Indis::Core
+
+This is the base of indis framework, core classes that deal with target image load and analysis.

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+
+require "bundler/gem_tasks"
+Bundler::GemHelper.install_tasks
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new('spec')
+
+task :default => :spec

data/indis-core.gemspec

@@ -0,0 +1,20 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/indis-core/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Vladimir Pouzanov"]
+  gem.email         = ["farcaller@gmail.com"]
+  gem.description   = "Core components of indis, the intelligent disassembler framework"
+  gem.summary       = "Core indis components"
+  gem.homepage      = "http://www.indis.org/"
+  gem.license       = "GPL-3"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "indis-core"
+  gem.require_paths = ["lib"]
+  gem.version       = Indis::VERSION
+  
+  gem.add_development_dependency 'rspec'
+end

data/lib/indis-core.rb

@@ -0,0 +1,22 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+require 'indis-core/version'
+
+module Indis
+end

data/lib/indis-core/binary_format.rb

@@ -0,0 +1,61 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  # BinaryFormat manages a set of known binary formats and provides support
+  # for guessing the correct format for target binary.
+  module BinaryFormat
+    
+    # Returns a list of all known binary formats.
+    #
+    # @return [Array] all known binary formats.
+    def self.known_formats
+      fmt = []
+      self.constants.each do |c|
+        e = const_get(c)
+        fmt << e if e.is_a?(Class) && e.superclass == Format
+      end
+      fmt
+    end
+    
+    # Base class for any binary format.
+    class Format
+      # Basic constructor takes care of storing the target and io stream.
+      def initialize(target, io)
+        @target = target
+        @io = io
+      end
+      
+      # @abstract Returns the format magic bytes.
+      #
+      # @return [Fixnum] Magic bytes that are checked against the first bytes in binary.
+      def self.magic
+        raise RuntimeError
+      end
+      
+      # @abstract Returns the human-readable format name.
+      #
+      # @return [String] Human-readable format name.
+      def self.name
+        raise RuntimeError
+      end
+    end
+    
+  end
+end

data/lib/indis-core/data_entity.rb

@@ -0,0 +1,64 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+require 'indis-core/entity'
+
+module Indis
+  
+  # DataEntity represens "data bytes" that are directly used e.g. in a load
+  # to register instruction. There are four sizes of data: 8, 16, 32 and 64
+  # bits long, namely +byte+, +word+, +dword+ and +qword+
+  class DataEntity < Entity
+    KIND = {
+      1 => :byte,
+      2 => :word,
+      4 => :dword,
+      8 => :qword,
+    }
+    
+    NAMED_TYPE = {
+      byte:  'DCB',
+      word:  'DCW',
+      dword: 'DCD',
+      qword: 'DCQ'
+    }
+    
+    attr_reader :value # @return [Fixnum] the value of entity
+    
+    # @param [Fixnum] ofs virtual address
+    # @param [Fixnum] size entity size in bytes
+    # @param [Indus::VMMap] vmmap map of the target to load value from
+    # @raise [AttributeError] if the size is not one of the known values
+    def initialize(ofs, size, vmmap)
+      raise ArgumentError, "Unaligned size" unless KIND[size]
+      super ofs
+      @size = size
+      @value = vmmap.bytes_at(ofs, size).reverse_each.reduce(0) { |v, i| (v << 8) + i }
+    end
+    
+    # @return [KIND] entity kind
+    def kind
+      KIND[@size]
+    end
+    
+    def to_s
+      "#{NAMED_TYPE[kind]}\t#{sprintf("%0#{@size*2}X", @value)}"
+    end
+  end
+  
+end

data/lib/indis-core/entity.rb

@@ -0,0 +1,43 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  # Entity represens an object mapped to some given bytes in the traget's
+  # virtual address space
+  class Entity
+    attr_reader :vmaddr # @return [Fixnum] virtaul address of the entity
+    
+    # @abstract You must provide @size value in a subclass
+    # @return [Fixnum] entity size in bytes
+    attr_reader :size
+    
+    attr_reader :tags # @return [Hash] cross-references and additional attributes of entity
+    
+    def initialize(ofs)
+      @vmaddr = ofs
+      @tags = {}
+    end
+    
+    def unmap
+      # TODO: Reverse unmap tags
+      @tags = nil
+    end
+  end
+  
+end

data/lib/indis-core/section.rb

@@ -0,0 +1,44 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  class Section
+    attr_reader :name, :segment
+    attr_reader :vmaddr, :vmsize, :bytes
+    
+    def initialize(seg, name, vmaddr, vmsize, iooff)
+      @segment = seg
+      @name = name
+      @vmaddr = vmaddr
+      @vmsize = vmsize
+      @iooff = iooff
+    end
+    
+    def to_vmrange
+      @vmaddr..(@vmaddr+@vmsize)
+    end
+    
+    def bytes
+      s = @iooff - @segment.iooff
+      e = s + @vmsize
+      @segment.bytes[s...e]
+    end
+  end
+  
+end

data/lib/indis-core/segment.rb

@@ -0,0 +1,75 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  # A segment describes one given segment contained in the target binary.
+  # Segment's virtual size might be different from physical (stored in file),
+  # in this case the data is padded with zeroes
+  #
+  # @note this class is heavily based on Mach-O
+  class Segment
+    # Contains a list of current segment sections
+    # @return [Array]
+    attr_reader :sections
+    
+    attr_reader :target   # @return [Indis::Target] owning target
+    
+    attr_reader :name     # @return [String] segment name
+    
+    attr_reader :vmaddr   # @return [Fixnum] starting virtual address
+    
+    attr_reader :vmsize   # @return [Fixnum] segment size
+    
+    # The whole (zero-padded if required) bytes string for a segment
+    # @return [String]
+    attr_reader :bytes
+    
+    attr_reader :iooff    # @return [Fixnum] offset from the beginning of of file to segment data
+    
+    # @param [Indis::Target] target the target containing a segment
+    # @param [String] name segment name
+    # @param [Fixnum] vmaddr starting virtual address
+    # @param [Fixnum] vmsize size (in bytes)
+    # @param [Fixnum] iooff offset from the beginning of of file to segment data
+    # @param [String] bytes known data bytes (loaded from binary)
+    def initialize(target, name, vmaddr, vmsize, iooff, bytes)
+      @target = target
+      @name = name
+      @sections = []
+      
+      @vmaddr = vmaddr
+      @vmsize = vmsize
+      @iooff = iooff
+      @bytes = pad_bytes(bytes)
+    end
+    
+    # Constructs a Range of virtual addresses used by segment
+    #
+    # @return [Range] the range of all addresses
+    def to_vmrange
+      @vmaddr..(@vmaddr+@vmsize)
+    end
+    
+    private
+    def pad_bytes(bytes)
+      bytes + ("\x0" * (@vmsize - bytes.length))
+    end
+  end
+
+end

data/lib/indis-core/symbol.rb

@@ -0,0 +1,33 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  class Symbol
+    attr_reader :name, :section, :format_sym, :image, :vmaddr
+    
+    def initialize(name, section, image, vmaddr, format_sym)
+      @name = name
+      @section = section
+      @image = image
+      @format_sym = format_sym
+      @vmaddr = vmaddr
+    end
+  end
+  
+end

data/lib/indis-core/target.rb

@@ -0,0 +1,68 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+require 'indis-core/binary_format'
+require 'indis-core/vmmap'
+
+module Indis
+
+  # The main entry point for indis. Target describes a given binary, performs
+  # format matching, loading the binary into memory and primary processing.
+  class Target
+    attr_reader :io     # @return [IO] IO object for target binary
+    
+    attr_reader :format # @return [Indis::BinaryFormat::Format] binary format of the target
+    
+    attr_reader :vmmap  # @return [Indis::VMMap] virtual memory map
+
+    attr_accessor :segments # @return [Array] list of all processed {Indis::Segment segments}
+    
+    attr_accessor :symbols  # @return [Array] list of all processed {Indis::Symbol symbols}
+    
+    # @param [String] filename target binary file name
+    # @raise [AttributeError] if the file does not exist
+    # @raise [RuntimeError] if there is no known format for magic or there are several matching formats
+    def initialize(filename)
+      raise AttributeError, "File does not exist" unless FileTest.file?(filename)
+      @filename = filename
+      @io = StringIO.new(File.open(filename).read().force_encoding('BINARY'))
+      
+      magic = @io.read(4).unpack('V')[0]
+      @io.seek(-4, IO::SEEK_CUR)
+
+      fmts = BinaryFormat.known_formats.map { |f| f if f.magic == magic }.compact
+      
+      raise RuntimeError, "Unknown format for magic #{magic.to_s(16)}" if fmts.length == 0
+      raise RuntimeError, "Several possible formats: #{fmts}" if fmts.length > 1
+      
+      @format = fmts.first.new(self, @io)
+      
+      @vmmap = VMMap.new(self)
+    end
+    
+    # A target can consist of several other targets (e.g. fat mach-o). In such
+    # a case the target is +meta+. It does not have any segments, sections or vmmap,
+    # but it has one or several subtargets.
+    # @todo implement meta targets
+    # @return True if the target is a meta target
+    def meta?
+      @subtargets && @subtargets.length > 0
+    end
+  end
+  
+end