indis-macho 0.2.0

data/lib/indis-macho/symbol.rb

@@ -0,0 +1,143 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  module MachO
+    
+    class Symbol
+      STAB_MASK = 0xe0
+      PEXT_MASK = 0x10
+      TYPE_MASK = 0x0e
+      EXT_MASK = 0x01
+      TYPE = {
+        0x0 => :UNDEF,
+        0x2 => :ABS,
+        0xe => :SECT,
+        0xc => :PBUD,
+        0xa => :INDR,
+      }
+      STAB = {
+        0x20 => :N_GSYM,
+        0x22 => :N_FNAME,
+        0x24 => :N_FUN,
+        0x26 => :N_STSYM,
+        0x28 => :N_LCSYM,
+        0x2e => :N_BNSYM,
+        0x3c => :N_OPT,
+        0x40 => :N_RSYM,
+        0x44 => :N_SLINE,
+        0x4e => :N_ENSYM,
+        0x60 => :N_SSYM,
+        0x64 => :N_SO,
+        0x66 => :N_OSO,
+        0x80 => :N_LSYM,
+        0x82 => :N_BINCL,
+        0x84 => :N_SOL,
+        0x86 => :N_PARAMS,
+        0x88 => :N_VERSION,
+        0x8A => :N_OLEVEL,
+        0xa0 => :N_PSYM,
+        0xa2 => :N_EINCL,
+        0xa4 => :N_ENTRY,
+        0xc0 => :N_LBRAC,
+        0xc2 => :N_EXCL,
+        0xe0 => :N_RBRAC,
+        0xe2 => :N_BCOMM,
+        0xe4 => :N_ECOMM,
+        0xe8 => :N_ECOML,
+        0xfe => :N_LENG,
+      }
+      REFERENCE_TYPE_MASK = 0xf
+      DESC_REFERENCE = {
+        0x0 => :REFERENCE_FLAG_UNDEFINED_NON_LAZY,
+        0x1 => :REFERENCE_FLAG_UNDEFINED_LAZY,
+        0x2 => :REFERENCE_FLAG_DEFINED,
+        0x3 => :REFERENCE_FLAG_PRIVATE_DEFINED,
+        0x4 => :REFERENCE_FLAG_PRIVATE_UNDEFINED_NON_LAZY,
+        0x5 => :REFERENCE_FLAG_PRIVATE_UNDEFINED_LAZY,
+      }
+      DESC_ADDITIONAL = {
+        0x08 => :N_ARM_THUMB_DEF,
+        0x10 => :REFERENCED_DYNAMICALLY,
+        0x20 => :N_DESC_DISCARDED_OR_N_NO_DEAD_STRIP, # TODO: resolve mach file type
+        0x40 => :N_WEAK_REF,
+        0x80 => :N_WEAK_DEF,
+      }
+      LIBRARY_ORDINAL = {
+        0x0  => :SELF_LIBRARY_ORDINAL,
+        0xfe => :DYNAMIC_LOOKUP_ORDINAL,
+        0xff => :EXECUTABLE_ORDINAL,
+      }
+      
+      attr_reader :name, :sect, :value
+      
+      def initialize(payload, strtab)
+        name_idx, @type_val, @sect, @desc_val, @value = payload.read(12).unpack('VCCSV')
+        if name_idx == 0
+          @name = ''
+        else
+          @name = strtab[name_idx..-1].split("\0", 2)[0]
+        end
+        
+        #puts "#{printf('%08x', value)} #{@name} sect #{@sect} #{self.type ? self.type : 'UNK 0b'+@type_val.to_s(2)} #{self.stab? ? 'stab ' : ''} #{self.private_extern? ? 'pvt ' : ''} #{self.extern? ? 'extern' : ''}"
+      end
+      
+      def type
+        if stab?
+          STAB[@type_val]
+        else
+          TYPE[@type_val & TYPE_MASK]
+        end
+      end
+      
+      def stab?
+        @type_val & STAB_MASK != 0
+      end
+      
+      def stab
+        if stab?
+          STAB[@type_val]
+        else
+          nil
+        end
+      end
+      
+      def private_extern?
+        @type_val & PEXT_MASK == PEXT_MASK
+      end
+      
+      def extern?
+        @type_val & EXT_MASK == EXT_MASK
+      end
+      
+      def desc
+        d = [DESC_REFERENCE[@desc_val & REFERENCE_TYPE_MASK]]
+        DESC_ADDITIONAL.each_pair do |k, v|
+          d << v if @desc_val & k == k
+        end
+        d
+      end
+      
+      def twolevel_library_ordinal
+        lo = (@desc_val >> 8) & 0xff
+        LIBRARY_ORDINAL[lo] || lo
+      end
+    end
+    
+  end
+end

data/lib/indis-macho/version.rb

@@ -0,0 +1,23 @@
+##############################################################################
+#   Indis framework                                                          #
+#   Copyright (C) 2012 Vladimir "Farcaller" Pouzanov <farcaller@gmail.com>   #
+#                                                                            #
+#   This program is free software: you can redistribute it and/or modify     #
+#   it under the terms of the GNU General Public License as published by     #
+#   the Free Software Foundation, either version 3 of the License, or        #
+#   (at your option) any later version.                                      #
+#                                                                            #
+#   This program is distributed in the hope that it will be useful,          #
+#   but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+#   GNU General Public License for more details.                             #
+#                                                                            #
+#   You should have received a copy of the GNU General Public License        #
+#   along with this program.  If not, see <http://www.gnu.org/licenses/>.    #
+##############################################################################
+
+module Indis
+  module MachO
+    VERSION = '0.2.0'
+  end
+end

data/spec/indis-macho/binary_format_spec.rb

@@ -0,0 +1,7 @@
+require 'indis-macho'
+
+describe Indis::BinaryFormat do
+  it "should autoload Mach-O format" do
+    Indis::BinaryFormat.known_formats.should include(Indis::BinaryFormat::MachO)
+  end
+end

data/spec/indis-macho/macho_spec.rb

@@ -0,0 +1,100 @@
+require 'indis-macho'
+
+def macho_target_double(*args)
+  o = args.length == 1 ? args[0] : {}
+  
+  target = double("Target")
+  target.stub(:segments=)
+  if o[:segments]
+    target.should_receive(:segments){ o[:segments] }.any_number_of_times
+  else
+    target.should_receive(:segments).any_number_of_times.and_return([])
+  end
+  target.stub(:symbols=)
+  if o[:symbols]
+    target.should_receive(:symbols){ o[:symbols] }.any_number_of_times
+  else
+    target.should_receive(:symbols).any_number_of_times.and_return({})
+  end
+  target.stub(:vamap=)
+  target.stub(:io).and_return(o[:io])
+  target
+end
+
+describe Indis::BinaryFormat::MachO do
+  it "should parse mach-o header" do
+    io = StringIO.new(File.open('spec/fixtures/single-object.o', 'rb').read().force_encoding('BINARY'))
+    target = macho_target_double(io: io)
+    
+    m = Indis::BinaryFormat::MachO.new(target, io)
+    
+    m.cputype.should == :CPU_TYPE_ARM
+    m.cpusubtype.should == :CPU_SUBTYPE_ARM_V4T
+    m.filetype.should == :MH_OBJECT
+    m.flags.should == [:MH_SUBSECTIONS_VIA_SYMBOLS]
+    
+    io = StringIO.new(File.open('spec/fixtures/app-arm-release.o', 'rb').read().force_encoding('BINARY'))
+    target = macho_target_double(io: io)
+    
+    m = Indis::BinaryFormat::MachO.new(target, io)
+    
+    m.cputype.should == :CPU_TYPE_ARM
+    m.cpusubtype.should == :CPU_SUBTYPE_ARM_V7
+    m.filetype.should == :MH_EXECUTE
+    m.flags.should == [:MH_NOUNDEFS, :MH_DYLDLINK, :MH_TWOLEVEL, :MH_PIE]
+  end
+  
+  it "should parse mach-o commands" do
+    io = StringIO.new(File.open('spec/fixtures/single-object.o', 'rb').read().force_encoding('BINARY'))
+    target = macho_target_double(io: io)
+    
+    m = Indis::BinaryFormat::MachO.new(target, io)
+
+    m.commands.length.should == 3
+    c = m.commands.first
+    c.cmd.should == :LC_SEGMENT
+    c.class.should == Indis::MachO::SegmentCommand
+    c.length.should == 464
+    
+    c.segname.should == ''
+    c.vmaddr.should == 0x0
+    c.vmsize.should == 0x79
+    c.fileoff.should == 596
+    c.filesize.should == 121
+    c.maxprot.should == 0x7
+    c.initprot.should == 0x7
+    c.nsects.should == 6
+    c.flags.should == 0x0
+    
+    c.sections.length.should == 6
+    s = c.sections.first
+    s.sectname.should == '__text'
+    s.segname.should == '__TEXT'
+  end
+  
+  it "should parse stub segment from .o file" do
+    seg = []
+    
+    io = StringIO.new(File.open('spec/fixtures/single-object.o', 'rb').read().force_encoding('BINARY'))
+    target = macho_target_double(io: io, segments: seg)
+    
+    m = Indis::BinaryFormat::MachO.new(target, io)
+    
+    seg.length.should == 1
+    seg[0].name.should == '__TEXT'
+    seg[0].sections.length.should == 6
+    seg[0].sections[0].name.should == '__text'
+  end
+  
+  it "should parse symbols" do
+    sym = {}
+    io = StringIO.new(File.open('spec/fixtures/single-object.o', 'rb').read().force_encoding('BINARY'))
+    target = macho_target_double(io: io, symbols: sym)
+    
+    m = Indis::BinaryFormat::MachO.new(target, io)
+    
+    sym.keys.should include("_add")
+    sym.keys.should include("_sub")
+    sym.keys.should include("_printf")
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'bundler/setup'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification
+name: indis-macho
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+  prerelease: 
+platform: ruby
+authors:
+- Vladimir Pouzanov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: indis-core
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Mach-o format processor for indis provides support for loading mach-o
+  binaries for analysis
+email:
+- farcaller@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- Gemfile.ci
+- LICENSE
+- README.md
+- Rakefile
+- indis-macho.gemspec
+- lib/indis-macho.rb
+- lib/indis-macho/command.rb
+- lib/indis-macho/symbol.rb
+- lib/indis-macho/version.rb
+- spec/fixtures/app-arm-release.o
+- spec/fixtures/single-object.o
+- spec/indis-macho/binary_format_spec.rb
+- spec/indis-macho/macho_spec.rb
+- spec/spec_helper.rb
+homepage: http://www.indis.org/
+licenses:
+- GPL-3
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.21
+signing_key: 
+specification_version: 3
+summary: Mach-o format processor for indis
+test_files:
+- spec/fixtures/app-arm-release.o
+- spec/fixtures/single-object.o
+- spec/indis-macho/binary_format_spec.rb
+- spec/indis-macho/macho_spec.rb
+- spec/spec_helper.rb
+has_rdoc: