metasm 1.0.0

data/lib/metasm/arm.rb

@@ -0,0 +1,12 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/main'
+require 'metasm/arm/parse'
+require 'metasm/arm/encode'
+require 'metasm/arm/decode'
+require 'metasm/arm/render'
+require 'metasm/arm/debug'

data/lib/metasm/arm/debug.rb

@@ -0,0 +1,39 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/arm/opcodes'
+
+module Metasm
+class ARM
+	def dbg_register_pc
+		@dbg_register_pc ||= :pc
+	end
+	def dbg_register_flags
+		@dbg_register_flags ||= :flags
+	end
+
+	def dbg_register_list 
+		@dbg_register_list ||= [:r0, :r1, :r2, :r3, :r4, :r5, :r6, :r7, :r8, :r9, :r10, :r11, :r12, :sp, :lr, :pc]
+	end
+
+	def dbg_flag_list
+		@dbg_flag_list ||= []
+	end
+
+	def dbg_register_size
+		@dbg_register_size ||= Hash.new(32)
+	end
+
+	def dbg_need_stepover(dbg, addr, di)
+		di and di.opcode.props[:saveip]
+	end
+
+	def dbg_end_stepout(dbg, addr, di)
+		di and di.opcode.name == 'foobar'	# TODO
+	end
+
+end
+end

data/lib/metasm/arm/decode.rb

@@ -0,0 +1,167 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+require 'metasm/arm/opcodes'
+require 'metasm/decode'
+
+module Metasm
+class ARM
+	# create the bin_mask for a given opcode
+	def build_opcode_bin_mask(op)
+		# bit = 0 if can be mutated by an field value, 1 if fixed by opcode
+		op.bin_mask = 0
+		op.fields.each { |k, (m, s)|
+			op.bin_mask |= m << s
+		}
+		op.bin_mask = 0xffffffff ^ op.bin_mask
+	end
+
+	# create the lookaside hash from the first byte of the opcode
+	def build_bin_lookaside
+		lookaside = Array.new(256) { [] }
+
+		opcode_list.each { |op|
+			build_opcode_bin_mask op
+
+			b   = (op.bin >> 20) & 0xff
+			msk = (op.bin_mask >> 20) & 0xff
+			b &= msk
+
+			for i in b..(b | (255^msk))
+				lookaside[i] << op if i & msk == b
+			end
+		}
+
+		lookaside
+	end
+
+	def decode_findopcode(edata)
+		return if edata.ptr >= edata.data.length
+		di = DecodedInstruction.new(self)
+		val = edata.decode_imm(:u32, @endianness)
+		di.instance_variable_set('@raw', val)
+		di if di.opcode = @bin_lookaside[(val >> 20) & 0xff].find { |op|
+			(not op.props[:cond] or
+			 ((val >> @fields_shift[:cond]) & @fields_mask[:cond]) != 0xf) and
+			(op.bin & op.bin_mask) == (val & op.bin_mask)
+		}
+	end
+
+	def disassembler_default_func
+		df = DecodedFunction.new
+		df
+	end
+
+	def decode_instr_op(edata, di)
+		op = di.opcode
+		di.instruction.opname = op.name
+		val = di.instance_variable_get('@raw')
+		
+		field_val = lambda { |f|
+			r = (val >> @fields_shift[f]) & @fields_mask[f]
+			case f
+			when :i16; Expression.make_signed(r, 16)
+			when :i24; Expression.make_signed(r, 24)
+			when :i8_12; ((r >> 4) & 0xf0) | (r & 0xf)
+			when :stype; [:lsl, :lsr, :asr, :ror][r]
+			when :u; [:-, :+][r]
+			else r
+			end
+		}
+
+		if op.props[:cond]
+			cd = %w[eq ne cs cc mi pl vs vc hi ls ge lt gt le al][field_val[:cond]]
+			if cd != 'al'
+				di.opcode = di.opcode.dup
+				di.instruction.opname = di.opcode.name.dup
+				di.instruction.opname[(op.props[:cond_name_off] || di.opcode.name.length), 0] = cd
+				if di.opcode.props[:stopexec]
+					di.opcode.props = di.opcode.props.dup
+					di.opcode.props.delete :stopexec
+				end
+			end
+		end
+
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :rd, :rn, :rm; Reg.new field_val[a]
+			when :rm_rs; Reg.new field_val[:rm], field_val[:stype], Reg.new(field_val[:rs])
+			when :rm_is; Reg.new field_val[:rm], field_val[:stype], field_val[:shifti]*2
+			when :i24; Expression[field_val[a] << 2]
+			when :i8_r
+				i = field_val[:i8]
+				r = field_val[:rotate]*2
+				Expression[((i >> r) | (i << (32-r))) & 0xffff_ffff]
+			when :mem_rn_rm, :mem_rn_i8_12, :mem_rn_rms, :mem_rn_i12
+				b = Reg.new(field_val[:rn])
+				o = case a
+				when :mem_rn_rm; Reg.new(field_val[:rm])
+				when :mem_rn_i8_12; field_val[:i8_12]
+				when :mem_rn_rms; Reg.new(field_val[:rm], field_val[:stype], field_val[:shifti]*2)
+				when :mem_rn_i12; field_val[:i12]
+				end
+				Memref.new(b, o, field_val[:u], op.props[:baseincr])
+			when :reglist
+				di.instruction.args.last.updated = true if op.props[:baseincr]
+				msk = field_val[a]
+				l = RegList.new((0..15).map { |i| Reg.new(i) if (msk & (1 << i)) > 0 }.compact)
+				l.usermoderegs = true if op.props[:usermoderegs]
+				l
+			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
+			end
+		}
+
+		di.bin_length = 4
+		di
+	end
+
+	def decode_instr_interpret(di, addr)
+		if di.opcode.args.include? :i24
+			di.instruction.args[-1] = Expression[di.instruction.args[-1] + addr + 8]
+		end
+		di
+	end
+
+	def backtrace_binding
+		@backtrace_binding ||= init_backtrace_binding
+	end
+ 
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+	end
+
+	def get_backtrace_binding(di)
+		a = di.instruction.args.map { |arg|
+			case arg
+			when Reg; arg.symbolic
+			when Memref; arg.symbolic(di.address)
+			else arg
+			end
+		}
+	
+		if binding = backtrace_binding[di.opcode.name]
+			bd = binding[di, *a]
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			# assume nothing except the 1st arg is modified
+			case a[0]
+			when Indirection, Symbol; { a[0] => Expression::Unknown }
+			when Expression; (x = a[0].externals.first) ? { x => Expression::Unknown } : {}
+			else {}
+			end.update(:incomplete_binding => Expression[1])
+		end
+
+	end
+	
+	def get_xrefs_x(dasm, di)
+		if di.opcode.props[:setip]
+			[di.instruction.args.last]
+		else
+			# TODO ldr pc, ..
+			[]
+		end
+	end
+end
+end

data/lib/metasm/arm/encode.rb

@@ -0,0 +1,77 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/arm/opcodes'
+require 'metasm/encode'
+
+module Metasm
+class ARM
+	def encode_instr_op(section, instr, op)
+		base = op.bin
+		set_field = lambda { |f, v|
+			v = v.reduce if v.kind_of? Expression
+			case f
+			when :i8_12
+				base = Expression[base, :|, [[v, :&, 0xf], :|, [[v, :<<, 4], :&, 0xf00]]]
+				next
+			when :stype; v = [:lsl, :lsr, :asr, :ror].index(v)
+			when :u; v = [:-, :+].index(v)
+			end
+			base = Expression[base, :|, [[v, :&, @fields_mask[f]], :<<, @fields_shift[f]]]
+		}
+
+		val, mask, shift = 0, 0, 0
+
+		if op.props[:cond]
+			coff = op.props[:cond_name_off] || op.name.length
+			cd = instr.opname[coff, 2]
+			cdi = %w[eq ne cs cc mi pl vs vc hi ls ge lt gt le al].index(cd) || 14	# default = al
+			set_field[:cond, cdi]
+		end
+
+		op.args.zip(instr.args).each { |sym, arg|
+			case sym
+			when :rd, :rs, :rn, :rm; set_field[sym, arg.i]
+			when :rm_rs
+				set_field[:rm, arg.i]
+				set_field[:stype, arg.stype]
+				set_field[:rs, arg.shift.i]
+			when :rm_is
+				set_field[:rm, arg.i]
+				set_field[:stype, arg.stype]
+				set_field[:shifti, arg.shift/2]
+			when :mem_rn_rm, :mem_rn_rms, :mem_rn_i8_12, :mem_rn_i12
+				set_field[:rn, arg.base.i]
+				case sym
+				when :mem_rn_rm
+					set_field[:rm, arg.offset.i]
+				when :mem_rn_rms
+					set_field[:rm, arg.offset.i]
+					set_field[:stype, arg.offset.stype]
+					set_field[:rs, arg.offset.shift.i]
+				when :mem_rn_i8_12
+					set_field[:i8_12, arg.offset]
+				when :mem_rn_i12
+					set_field[:i12, arg.offset]
+				end
+				# TODO set_field[:u] etc
+			when :reglist
+				set_field[sym, arg.list.inject(0) { |rl, r| rl | (1 << r.i) }]
+			when :i8_r
+				# XXX doublecheck this
+				b = arg.reduce & 0xffffffff
+				r = (0..15).find { next true if b < 0x10 ; b = (b >> 2) | ((b & 3) << 30) }
+				set_field[:i8, b]
+				set_field[:rotate, r]
+			when :i16, :i24
+				val, mask, shift = arg, @fields_mask[sym], @fields_shift[sym]
+			end
+		}
+
+		Expression[base, :|, [[val, :<<, shift], :&, mask]].encode(:u32, @endianness)
+	end
+end
+end

data/lib/metasm/arm/main.rb

@@ -0,0 +1,75 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/main'
+
+module Metasm
+class ARM < CPU
+	class Reg
+		class << self
+			attr_accessor :s_to_i, :i_to_s
+		end
+		@i_to_s = %w[r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12 sp lr pc]
+		@s_to_i = { 'wr' => 7, 'sb' => 9, 'sl' => 10, 'fp' => 11, 'ip' => 12, 'sp' => 13, 'lr' => 14, 'pc' => 15 }
+		15.times { |i| @s_to_i["r#{i}"] = i }
+		4.times { |i| @s_to_i["a#{i+1}"] = i }
+		8.times { |i| @s_to_i["v#{i+1}"] = i+4 }
+
+		attr_accessor :i, :stype, :shift, :updated
+		def initialize(i, stype=:lsl, shift=0)
+			@i = i
+			@stype = stype
+			@shift = shift
+		end
+
+		def symbolic
+			r = self.class.i_to_s[@i].to_sym
+			if @stype == :lsl and @shift == 0
+				r
+			else
+				r	# TODO shift/rotate/...
+			end
+		end
+	end
+
+	class Memref
+		attr_accessor :base, :offset, :sign, :incr
+		def initialize(base, offset, sign=:+, incr=nil)
+			@base, @offset, @sign, @incr = base, offset, sign, incr
+		end
+
+		def symbolic(len=4, orig=nil)
+			o = @offset
+			o = o.symbolic if o.kind_of? Reg
+			p = Expression[@base.symbolic, @sign, o].reduce
+			Indirection[p, len, orig]
+		end
+	end
+
+	class RegList
+		attr_accessor :list, :usermoderegs
+
+		def initialize(l=[])
+			@list = l
+		end
+	end
+
+	def initialize(endianness = :little)
+		super()
+		@endianness = endianness
+		@size = 32
+	end
+
+	def init_opcode_list
+		init_latest
+		@opcode_list
+	end
+end
+
+class ARM_THUMB < ARM
+end
+end
+

data/lib/metasm/arm/opcodes.rb

@@ -0,0 +1,177 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/arm/main'
+
+module Metasm
+class ARM
+	private
+	def addop(name, bin, *args)
+		args << :cond if not args.delete :uncond
+
+		o = Opcode.new name, bin
+		o.args.concat(args & @valid_args)
+		(args & @valid_props).each { |p| o.props[p] = true }
+		args.grep(Hash).each { |h| o.props.update h }
+
+		# special args -> multiple fields
+		case (o.args & [:i8_r, :rm_is, :rm_rs, :mem_rn_rm, :mem_rn_i8_12, :mem_rn_rms, :mem_rn_i12]).first
+		when :i8_r; args << :i8 << :rotate
+		when :rm_is; args << :rm << :stype << :shifti
+		when :rm_rs; args << :rm << :stype << :rs
+		when :mem_rn_rm; args << :rn << :rm << :rsx << :u
+		when :mem_rn_i8_12; args << :rn << :i8_12 << :u
+		when :mem_rn_rms; args << :rn << :rm << :stype << :shifti << :u
+		when :mem_rn_i12; args << :rn << :i12 << :u
+		end
+
+		(args & @fields_mask.keys).each { |f|
+			o.fields[f] = [@fields_mask[f], @fields_shift[f]]
+		}
+
+		@opcode_list << o
+	end
+
+	def addop_data_s(name, op, a1, a2, *h)
+		addop name, op | (1 << 25), a1, a2, :i8_r, :rotate, *h
+		addop name, op, a1, a2, :rm_is, *h
+		addop name, op | (1 << 4), a1, a2, :rm_rs, *h
+	end
+	def addop_data(name, op, a1, a2)
+		addop_data_s name, op << 21, a1, a2
+		addop_data_s name+'s', (op << 21) | (1 << 20), a1, a2, :cond_name_off => name.length
+	end
+
+	def addop_load_puw(name, op, *a)
+		addop name, op, {:baseincr => :post}, :rd, :u, *a
+		addop name, op | (1 << 24), :rd, :u, *a
+		addop name, op | (1 << 24) | (1 << 21), {:baseincr => :pre}, :rd, :u, *a
+	end
+	def addop_load_lsh_o(name, op)
+		addop_load_puw name, op, :rsz, :mem_rn_rm, {:cond_name_off => 3}
+		addop_load_puw name, op | (1 << 22), :mem_rn_i8_12, {:cond_name_off => 3}
+	end
+	def addop_load_lsh
+		op = 9 << 4
+		addop_load_lsh_o 'strh',  op | (1 << 5)
+		addop_load_lsh_o 'ldrd',  op | (1 << 6)
+		addop_load_lsh_o 'strd',  op | (1 << 6) | (1 << 5)
+		addop_load_lsh_o 'ldrh',  op | (1 << 20) | (1 << 5)
+		addop_load_lsh_o 'ldrsb', op | (1 << 20) | (1 << 6)
+		addop_load_lsh_o 'ldrsh', op | (1 << 20) | (1 << 6) | (1 << 5)
+	end
+
+	def addop_load_puwt(name, op, *a)
+		addop_load_puw name, op, *a
+		addop name+'t', op | (1 << 21), {:baseincr => :post, :cond_name_off => name.length}, :rd, :u, *a
+	end
+	def addop_load_o(name, op, *a)
+		addop_load_puwt name, op, :mem_rn_i12, *a
+		addop_load_puwt name, op | (1 << 25), :mem_rn_rms, *a
+	end
+	def addop_load(name, op)
+		addop_load_o name, op
+		addop_load_o name+'b', op | (1 << 22), :cond_name_off => name.length
+	end
+
+	def addop_ldm_go(name, op, *a)
+		addop name, op, :rn, :reglist, {:cond_name_off => 3}, *a
+	end
+	def addop_ldm_w(name, op, *a)
+		addop_ldm_go name, op, *a		# base reg untouched
+		addop_ldm_go name, op | (1 << 21), {:baseincr => :post}, *a	# base updated
+	end
+	def addop_ldm_s(name, op)
+		addop_ldm_w name, op			# transfer regs
+		addop_ldm_w name, op | (1 << 22), :usermoderegs	# transfer usermode regs
+	end
+	def addop_ldm_p(name, op)
+		addop_ldm_s name+'a', op		# target memory included
+		addop_ldm_s name+'b', op | (1 << 24)	# target memory excluded, transfer starts at next addr
+	end
+	def addop_ldm_u(name, op)
+		addop_ldm_p name+'d', op		# transfer made downward
+		addop_ldm_p name+'i', op | (1 << 23)	# transfer made upward
+	end
+	def addop_ldm(name, op)
+		addop_ldm_u name, op
+	end
+
+	# ARMv6 instruction set, aka arm7/arm9
+	def init_arm_v6
+		@opcode_list = []
+		@valid_props << :baseincr << :cond << :cond_name_off << :usermoderegs <<
+				:tothumb << :tojazelle
+		@valid_args.concat [:rn, :rd, :rm, :crn, :crd, :crm, :cpn, :reglist, :i24,
+			:rm_rs, :rm_is, :i8_r, :mem_rn_rm, :mem_rn_i8_12, :mem_rn_rms, :mem_rn_i12]
+		@fields_mask.update :rn => 0xf, :rd => 0xf, :rs => 0xf, :rm => 0xf,
+			:crn => 0xf, :crd => 0xf, :crm => 0xf, :cpn => 0xf,
+			:rnx => 0xf, :rdx => 0xf, :rsx => 0xf,
+			:shifti => 0x1f, :stype => 3, :rotate => 0xf, :reglist => 0xffff,
+			:i8 => 0xff, :i12 => 0xfff, :i24 => 0xff_ffff, :i8_12 => 0xf0f,
+			:u => 1, :mask => 0xf, :sbo => 0xf, :cond => 0xf
+
+		@fields_shift.update :rn => 16, :rd => 12, :rs => 8, :rm => 0,
+			:crn => 16, :crd => 12, :crm => 0, :cpn => 8,
+			:rnx => 16, :rdx => 12, :rsx => 8,
+			:shifti => 7, :stype => 5, :rotate => 8, :reglist => 0,
+			:i8 => 0, :i12 => 0, :i24 => 0, :i8_12 => 0,
+			:u => 23, :mask => 16, :sbo => 12, :cond => 28
+		
+		addop_data 'and', 0,  :rd, :rn
+		addop_data 'eor', 1,  :rd, :rn
+		addop_data 'xor', 1,  :rd, :rn
+		addop_data 'sub', 2,  :rd, :rn
+		addop_data 'rsb', 3,  :rd, :rn
+		addop_data 'add', 4,  :rd, :rn
+		addop_data 'adc', 5,  :rd, :rn
+		addop_data 'sbc', 6,  :rd, :rn
+		addop_data 'rsc', 7,  :rd, :rn
+		addop_data 'tst', 8,  :rdx, :rn
+		addop_data 'teq', 9,  :rdx, :rn
+		addop_data 'cmp', 10, :rdx, :rn
+		addop_data 'cmn', 11, :rdx, :rn
+		addop_data 'orr', 12, :rd, :rn
+		addop_data 'or',  12, :rd, :rn
+		addop_data 'mov', 13, :rd, :rnx
+		addop_data 'bic', 14, :rd, :rn
+		addop_data 'mvn', 15, :rd, :rnx
+		
+		addop 'b',  0b1010 << 24, :setip, :stopexec, :i24
+		addop 'bl', 0b1011 << 24, :setip, :stopexec, :i24, :saveip
+		addop 'bkpt', (0b00010010 << 20) | (0b0111 << 4)		# other fields are available&unused, also cnd != AL is undef
+		addop 'blx', 0b1111101 << 25, :setip, :stopexec, :saveip, :tothumb, :h, :nocond, :i24
+		addop 'blx', (0b00010010 << 20) | (0b0011 << 4), :setip, :stopexec, :saveip, :tothumb, :rm
+		addop 'bx',  (0b00010010 << 20) | (0b0001 << 4), :setip, :stopexec, :rm
+		addop 'bxj',  (0b00010010 << 20) | (0b0010 << 4), :setip, :stopexec, :rm, :tojazelle
+
+		addop_load 'str', (1 << 26)
+		addop_load 'ldr', (1 << 26) | (1 << 20)
+		addop_load_lsh
+		addop_ldm 'stm', (1 << 27)
+		addop_ldm 'ldm', (1 << 27) | (1 << 20)
+	end
+	alias init_latest init_arm_v6
+end
+end
+
+__END__
+		addop_cond 'mrs',  0b0001000011110000000000000000, :rd
+		addop_cond 'msr',  0b0001001010011111000000000000, :rd
+		addop_cond 'msrf', 0b0001001010001111000000000000, :rd
+
+		addop_cond 'mul',  0b000000000000001001 << 4, :rd, :rn, :rs, :rm
+		addop_cond 'mla',  0b100000000000001001 << 4, :rd, :rn, :rs, :rm
+
+		addop_cond 'swp',   0b0001000000000000000010010000, :rd, :rn, :rs, :rm
+		addop_cond 'swpb',  0b0001010000000000000010010000, :rd, :rn, :rs, :rm
+
+		addop_cond 'undef', 0b00000110000000000000000000010000
+
+		addop_cond 'swi', 0b00001111 << 24
+
+		addop_cond 'bkpt',  0b1001000000000000001110000
+		addop_cond 'movw',  0b0011 << 24, :movwimm