indis-core 0.1.0

data/lib/indis-core/version.rb

@@ -0,0 +1,21 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  VERSION = "0.1.0"
+end

data/lib/indis-core/vmmap.rb

@@ -0,0 +1,141 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  
+  # VMMap provides access to target's virtaul memory address space
+  class VMMap
+    def initialize(target)
+      @target = target
+      @blocks = {}
+    end
+    
+    # @return [Indis::Segment] a segment at given address or nil
+    def segment_at(ofs)
+      @target.segments.each.find { |s| (s.vmaddr...s.vmaddr+s.vmsize).include? ofs }
+    end
+    
+    # @return [Indis::Section] a section at given address or nil
+    def section_at(ofs)
+      seg = segment_at(ofs)
+      return nil unless seg
+      
+      seg.sections.each.find { |s| (s.vmaddr...s.vmaddr+s.vmsize).include? ofs }
+    end
+    
+    # @return True if the address belongs to some segment
+    def address_valid?(ofs)
+      segment_at(ofs) != nil
+    end
+    
+    # @return [Fixnum] a byte value at given virtual address
+    def byte_at(ofs)
+      seg = segment_at(ofs)
+      return nil unless seg
+      
+      sect = section_at(ofs) # TODO: optimize here
+      s = sect || seg
+      
+      s.bytes[ofs-s.vmaddr].ord
+    end
+    
+    # @return [Array] a list of bytes at given virtual address span
+    def bytes_at(ofs, size)
+      seg = segment_at(ofs)
+      return nil unless seg
+      
+      sect = section_at(ofs) # TODO: optimize here
+      s = sect || seg
+      
+      st = ofs-s.vmaddr
+      ed = st + size
+      s.bytes[st...ed].unpack('C*')
+    end
+    
+    # @return [Indis::Entity] an entity mapped to given address
+    def entity_at(ofs)
+      @blocks[ofs]
+    end
+    
+    # @return True if the given range contains no entities
+    def has_unmapped(ofs, size)
+      size.times { |o| return false if entity_at(ofs+o) }
+      true
+    end
+    
+    # Maps an {Indis::Entity entity} (based on its offset).
+    # @raise [ArgumentError] if the range is occupied by another entity
+    def map(e)
+      raise ArgumentError unless has_unmapped(e.vmaddr, e.size)
+      @blocks[e.vmaddr] = e
+    end
+    
+    # Forcefully maps an {Indis::Entity entity} (based on its offset) unmapping
+    # any other entities in the same address range
+    def map!(e)
+      (e.vmaddr...(e.vmaddr+e.size)).each do |ofs|
+        b = @blocks[ofs]
+        if b
+          b.unmap
+          @blocks[ofs] = nil
+        end
+      end
+      map(e)
+    end
+    
+    # @overload [](ofs)
+    #   Returns an entity at given address, same as {VMMap#entity_at}
+    #   @todo should also return one-byte
+    #   @param [Fixnum] range offset for entity
+    #   @return [Indis::Entity] an entity mapped to given address
+    # @overload [](range)
+    #   Returns a list of entities and bytes at given range. The resulting Array
+    #   contains all bytes in range. For each {Indis::Entity entity} it is mapped
+    #   "as-is" and the following bytes up to {Indis::Entity#size} are filled with
+    #   nil's. For each unmapped byte it is returned as a Fixnum
+    #
+    #   @param [Range] range range
+    #   @return [Array] mapped entities
+    #   @raise [ArgumentError] if there is no segment at given range or the range spans several segments
+    def [](range)
+      return entity_at(range) if range.is_a?(Fixnum)
+      
+      raise ArgumentError unless range.is_a?(Range)
+      seg = segment_at(range.begin)
+      raise ArgumentError unless seg
+      raise ArgumentError unless seg == segment_at(range.max)
+      
+      a = []
+      ofs = range.begin
+      
+      begin
+        b = @blocks[ofs]
+        if b
+          a << b
+          (b.size-1).times { a << nil }
+          ofs += b.size
+        else
+          a << seg.bytes[ofs-seg.vmaddr].ord
+          ofs += 1
+        end
+      end while ofs <= range.max
+      a
+    end
+  end
+  
+end

data/spec/indis-core/binary_format_spec.rb

@@ -0,0 +1,7 @@
+require 'indis-core/binary_format'
+
+describe Indis::BinaryFormat do
+  it "provides no formats on its own" do
+    Indis::BinaryFormat.known_formats.length.should == 0
+  end
+end

data/spec/indis-core/data_entity_spec.rb

@@ -0,0 +1,13 @@
+require 'indis-core/data_entity'
+
+describe Indis::DataEntity do
+  it "should load its value from vmmap" do
+    map = double('VMMap', bytes_at: [1, 2, 3, 4])
+    e = Indis::DataEntity.new(0, 4, map)
+    e.to_s.should == "DCD\t04030201"
+  end
+  
+  it "should raise an erorr if the size is bad" do
+    expect { Indis::DataEntity.new(0, 3, nil) }.to raise_error(ArgumentError)
+  end
+end

data/spec/indis-core/section_spec.rb

@@ -0,0 +1,14 @@
+require 'indis-core/section'
+
+describe Indis::Section do
+  it "should provide a correct range for its vm region" do
+    sect = Indis::Section.new(double('Segment'), '__text', 0x4096, 120, 0)
+    sect.to_vmrange.should == (0x4096..0x410e)
+  end
+  
+  it "should provide bytes value from segment based on io offset" do
+    seg = double('Segment', bytes: 'qwertyuiop', iooff: 100)
+    sect = Indis::Section.new(seg, '__text', 0x4096, 4, 102)
+    sect.bytes.should == 'erty'
+  end
+end

data/spec/indis-core/segment_spec.rb

@@ -0,0 +1,19 @@
+require 'indis-core/segment'
+
+describe Indis::Segment do
+  it "should provide a correct range for its vm region" do
+    seg = Indis::Segment.new(double('Target'), '__TEXT', 0x4096, 120, 0, '')
+    seg.to_vmrange.should == (0x4096..0x410e)
+  end
+  
+  it "should provide bytes value based on io offset" do
+    seg = Indis::Segment.new(double('Target'), '__TEXT', 0x4096, 10, 0, 'qwertyuiop')
+    seg.bytes.should == 'qwertyuiop'
+  end
+  
+  it "should zero-pad bytes if the vm size is bigger" do
+    seg = Indis::Segment.new(double('Target'), '__TEXT', 0x4096, 120, 0, 'qwertyuiop')
+    seg.bytes.length.should == 120
+    seg.bytes.should == 'qwertyuiop' + ("\0"*110)
+  end
+end

data/spec/indis-core/symbol_spec.rb

@@ -0,0 +1,5 @@
+require 'indis-core/symbol'
+
+describe Indis::Symbol do
+  
+end

data/spec/indis-core/target_spec.rb

@@ -0,0 +1,18 @@
+require 'indis-core/target'
+
+describe Indis::Target do
+  it "should require an existing file to operate" do
+    expect { Indis::Target.new("qwerty") }.to raise_error
+  end
+  
+  it "should load file for known format" do
+    fmt = double('MachO', magic: 0xfeedface, name: 'Mach-O', new: nil)
+    Indis::BinaryFormat.stub(:known_formats).and_return([fmt])
+    t = Indis::Target.new("spec/fixtures/single-object.o")
+    t.io.length.should_not == 0
+  end
+  
+  it "should raise if there is no known format to process binary" do
+    expect { Indis::Target.new("spec/fixtures/single-object.o") }.to raise_error(RuntimeError)
+  end
+end

data/spec/indis-core/vmmap_spec.rb

@@ -0,0 +1,168 @@
+require 'indis-core/vmmap'
+require 'indis-core/entity'
+require 'indis-core/data_entity'
+
+def vmmap_target_double
+  double('Target', segments: [
+    double('Segment', name: '__PAGEZERO', vmaddr: 0, vmsize: 4096, sections: [],
+      bytes: ("\x00"*4096).force_encoding('BINARY'), iooff: 0, to_vmrange: 0...4096),
+    double('Segment', name: '__TEXT', vmaddr: 4096, vmsize: 8192, sections: [
+      double('Section', name: '__text', vmaddr: 8584, vmsize: 1104, bytes: ("\x0"*1104).force_encoding('BINARY')),
+      double('Section', name: '__stub_helper', vmaddr: 9688, vmsize: 156, bytes: ("\x0"*156).force_encoding('BINARY')),
+      double('Section', name: '__objc_methname', vmaddr: 9844, vmsize: 1371, bytes: ("\x0"*1371).force_encoding('BINARY')),
+      double('Section', name: '__cstring', vmaddr: 11215, vmsize: 148, bytes: ("\x0"*148).force_encoding('BINARY')),
+      double('Section', name: '__objc_classname', vmaddr: 11363, vmsize: 62, bytes: ("\x0"*62).force_encoding('BINARY')),
+      double('Section', name: '__objc_methtype', vmaddr: 11425, vmsize: 821, bytes: ("\x0"*821).force_encoding('BINARY')),
+      double('Section', name: '__symbolstub1', vmaddr: 12248, vmsize: 40, bytes: ("\x0"*40).force_encoding('BINARY'))
+    ], bytes: ("\x1\x2\x3\x4\x5\x6\x7\x8\x9"*(8192/8)).force_encoding('BINARY'), iooff: 0, to_vmrange: 4096...12288),
+    double('Segment', name: '__DATA', vmaddr: 12288, vmsize: 4096, sections: [
+      double('Section', name: '__lazy_symbol', vmaddr: 12288, vmsize: 40, bytes: ("\xbb"*40).force_encoding('BINARY')),
+      double('Section', name: '__program_vars', vmaddr: 12336, vmsize: 20, bytes: ("\xbb"*20).force_encoding('BINARY')),
+      double('Section', name: '__nl_symbol_ptr', vmaddr: 12356, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__objc_classlist', vmaddr: 12364, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__objc_protolist', vmaddr: 12372, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__objc_imageinfo', vmaddr: 12380, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__objc_const', vmaddr: 12392, vmsize: 1176, bytes: ("\xbb"*1176).force_encoding('BINARY')),
+      double('Section', name: '__objc_selrefs', vmaddr: 13568, vmsize: 72, bytes: ("\xbb"*72).force_encoding('BINARY')),
+      double('Section', name: '__objc_classrefs', vmaddr: 13640, vmsize: 16, bytes: ("\xbb"*16).force_encoding('BINARY')),
+      double('Section', name: '__objc_superrefs', vmaddr: 13656, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__objc_data', vmaddr: 13664, vmsize: 80, bytes: ("\xbb"*80).force_encoding('BINARY')),
+      double('Section', name: '__objc_ivar', vmaddr: 13744, vmsize: 8, bytes: ("\xbb"*8).force_encoding('BINARY')),
+      double('Section', name: '__cfstring', vmaddr: 13752, vmsize: 48, bytes: ("\xbb"*48).force_encoding('BINARY')),
+      double('Section', name: '__data', vmaddr: 13800, vmsize: 88, bytes: ("\xbb"*88).force_encoding('BINARY')),
+      double('Section', name: '__common', vmaddr: 13888, vmsize: 16, bytes: ("\xbb"*16).force_encoding('BINARY'))
+    ], bytes: ("\xBB"*4096).force_encoding('BINARY'), iooff: 0, to_vmrange: 12288...16384),
+    double('Segment', name: '__LINKEDIT', vmaddr: 16384, vmsize: 12288, sections: [],
+      bytes: ("\xCC"*12288).force_encoding('BINARY'), iooff: 0, to_vmrange: 16384...28672)
+  ])
+end
+
+describe Indis::VMMap do
+  it "should parse existing segments/sections and provide a linear map" do
+    map = Indis::VMMap.new(vmmap_target_double)
+    
+    map.segment_at(0).name.should == '__PAGEZERO'
+    map.segment_at(4095).name.should == '__PAGEZERO'
+    map.section_at(4095).should be_nil
+    
+    map.segment_at(4096).name.should == '__TEXT'
+    map.section_at(11215).name.should == '__cstring'
+    map.segment_at(16400).name.should == '__LINKEDIT'
+  end
+  
+  it "should return nil for address out of known segment bounds" do
+    map = Indis::VMMap.new(vmmap_target_double)
+    
+    map.address_valid?(13664).should == true
+    map.address_valid?(16384+12288).should == false
+    
+    map.byte_at(0).should == 0x00
+    map.byte_at(4096).should == 0x01
+    map.byte_at(16384+12288).should be_nil
+  end
+  
+  it "should allow to create entities" do
+    map = Indis::VMMap.new(vmmap_target_double)
+    
+    map[13800].should be_nil
+    de = Indis::DataEntity.new(13800, 4, map)
+    map.map(de)
+    map[13800].should_not be_nil
+    map[13800].should == de
+    map[13800...13804].should == [de, nil, nil, nil]
+  end
+  
+  it "should allow to force-map entities" do
+    map = Indis::VMMap.new(vmmap_target_double)
+    
+    de4 = Indis::DataEntity.new(13800, 4, map)
+    map.map(de4)
+
+    de2 = Indis::DataEntity.new(13800, 2, map)
+    expect { map.map(de2) }.to raise_error(ArgumentError)
+    map.map!(de2)
+    map[13800].should == de2
+    map[13800...13804].should == [de2, nil, 0xbb, 0xbb]
+  end
+  
+  it "should return an entity when one has been defined previously" do
+    map = Indis::VMMap.new(vmmap_target_double)
+    
+    map[13800].should be_nil
+    map.map(Indis::DataEntity.new(13800, 4, map))
+    
+    b = map[13800]
+    b.should be_a(Indis::DataEntity)
+    b.size.should == 4
+    b.kind.should == :dword
+    b.value.should == 0xbbbbbbbb
+  end
+  
+  it "should return correct size for slice" do
+    t = vmmap_target_double
+    text_seg = t.segments[1]
+    map = Indis::VMMap.new(t)
+    
+    map[text_seg.vmaddr..(text_seg.vmaddr+3)].length.should == 4
+    map[text_seg.vmaddr...(text_seg.vmaddr+3)].length.should == 3
+  end
+  
+  it "should return raw bytes in slice" do
+    t = vmmap_target_double
+    text_seg = t.segments[1]
+    map = Indis::VMMap.new(t)
+    
+    map[text_seg.vmaddr..(text_seg.vmaddr+3)].should == [1, 2, 3, 4]
+  end
+  
+  it "should return entities with nil padding in slice" do
+    t = vmmap_target_double
+    text_seg = t.segments[1]
+    map = Indis::VMMap.new(t)
+    
+    b = Indis::DataEntity.new(text_seg.vmaddr+1, 2, map)
+    map.map(b)
+    
+    map[text_seg.vmaddr..(text_seg.vmaddr+3)].should == [1, b, nil, 4]
+  end
+  
+  it "should return segment map as an array" do
+    t = vmmap_target_double
+    text_seg = t.segments[1]
+    map = Indis::VMMap.new(t)
+    
+    a = map[text_seg.to_vmrange]
+    a.should_not be_nil
+    a.length.should == 8192
+  end
+  
+  it "should map segment bytes to Fixnum when not resolved" do
+    t = vmmap_target_double
+    text_seg = t.segments[1]
+    map = Indis::VMMap.new(t)
+    
+    a = map[text_seg.to_vmrange]
+    a.each { |v| v.class.should == Fixnum }
+  end
+  
+  it "should map segment bytes to entities when resolved" do
+    t = vmmap_target_double
+    data_seg = t.segments[2]
+    map = Indis::VMMap.new(t)
+    
+    map.map(Indis::DataEntity.new(13800, 4, map))
+    a = map[data_seg.to_vmrange]
+    a.each_with_index do |v, idx|
+      case idx
+      when 1512
+        v.should be_a(Indis::DataEntity)
+      when 1513
+      when 1514
+      when 1515
+        v.should be_nil
+      else
+        v.should be_a(Fixnum)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'bundler/setup'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: indis-core
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Vladimir Pouzanov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Core components of indis, the intelligent disassembler framework
+email:
+- farcaller@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- Gemfile.ci
+- LICENSE
+- README.md
+- Rakefile
+- indis-core.gemspec
+- lib/indis-core.rb
+- lib/indis-core/binary_format.rb
+- lib/indis-core/data_entity.rb
+- lib/indis-core/entity.rb
+- lib/indis-core/section.rb
+- lib/indis-core/segment.rb
+- lib/indis-core/symbol.rb
+- lib/indis-core/target.rb
+- lib/indis-core/version.rb
+- lib/indis-core/vmmap.rb
+- spec/fixtures/single-object.o
+- spec/indis-core/binary_format_spec.rb
+- spec/indis-core/data_entity_spec.rb
+- spec/indis-core/section_spec.rb
+- spec/indis-core/segment_spec.rb
+- spec/indis-core/symbol_spec.rb
+- spec/indis-core/target_spec.rb
+- spec/indis-core/vmmap_spec.rb
+- spec/spec_helper.rb
+homepage: http://www.indis.org/
+licenses:
+- GPL-3
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Core indis components
+test_files:
+- spec/fixtures/single-object.o
+- spec/indis-core/binary_format_spec.rb
+- spec/indis-core/data_entity_spec.rb
+- spec/indis-core/section_spec.rb
+- spec/indis-core/segment_spec.rb
+- spec/indis-core/symbol_spec.rb
+- spec/indis-core/target_spec.rb
+- spec/indis-core/vmmap_spec.rb
+- spec/spec_helper.rb
+has_rdoc: