RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} RENAMED

@@ -5,7 +5,5 @@
 require 'metasm/main'
-require 'metasm/ppc/parse'
-require 'metasm/ppc/encode'
-require 'metasm/ppc/decode'
-require 'metasm/ppc/decompile'
+require 'metasm/cpu/bpf/decode'
+require 'metasm/cpu/bpf/render'

data/metasm/cpu/bpf/decode.rb ADDED

@@ -0,0 +1,142 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/opcodes'
+require 'metasm/decode'
+module Metasm
+class BPF
+	def build_bin_lookaside
+		opcode_list.inject({}) { |h, op| h.update op.bin => op }
+	end
+	# tries to find the opcode encoded at edata.ptr
+	def decode_findopcode(edata)
+		return if edata.ptr > edata.data.length-8
+		di = DecodedInstruction.new self
+		code = edata.data[edata.ptr, 2].unpack('v')[0]
+		return di if di.opcode = @bin_lookaside[code]
+	end
+	def decode_instr_op(edata, di)
+		op = di.opcode
+		di.instruction.opname = op.name
+		di.bin_length = 8
+		code, jt, jf, k = edata.read(8).unpack('vCCV')
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :k;    Expression[k]
+			when :x;    Reg.new(:x)
+			when :a;    Reg.new(:a)
+			when :len;  Reg.new(:len)
+			when :p_k;  PktRef.new(nil, Expression[k], op.props[:msz])
+			when :p_xk; PktRef.new(Reg.new(:x), Expression[k], op.props[:msz])
+			when :m_k;  MemRef.new(nil, Expression[4*k], 4)
+			when :jt;   Expression[jt]
+			when :jf;   Expression[jf]
+			else raise "unhandled arg #{a}"
+			end
+		}
+		# je a, x, 0, 12 -> jne a, x, 12
+		# je a, x, 12, 0 -> je a, x, 12
+		if op.args[2] == :jt and di.instruction.args[2] == Expression[0]
+			di.opcode = op.dup
+			di.opcode.props.delete :stopexec
+			di.instruction.opname = { 'jg' => 'jle', 'jge' => 'jl', 'je' => 'jne', 'jtest' => 'jntest' }[di.instruction.opname]
+			di.instruction.args.delete_at(2)
+		elsif op.args[3] == :jf and di.instruction.args[3] == Expression[0]
+			di.opcode = op.dup
+			di.opcode.props.delete :stopexec
+			di.instruction.args.delete_at(3)
+		end
+		di
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip]
+			delta = di.instruction.args[-1].reduce + 1
+			arg = Expression[addr, :+, 8*delta].reduce
+			di.instruction.args[-1] = Expression[arg]
+			if di.instruction.args.length == 4
+				delta = di.instruction.args[2].reduce + 1
+				arg = Expression[addr, :+, 8*delta].reduce
+				di.instruction.args[2] = Expression[arg]
+			end
+		end
+		di
+	end
+	# hash opcode_name => lambda { |dasm, di, *symbolic_args| instr_binding }
+	def backtrace_binding
+		@backtrace_binding ||= init_backtrace_binding
+	end
+	def backtrace_binding=(b) @backtrace_binding = b end
+	# populate the @backtrace_binding hash with default values
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+		opcode_list.map { |ol| ol.basename }.uniq.sort.each { |op|
+			binding = case op
+			when 'mov'; lambda { |di, a0, a1| { a0 => Expression[a1] } }
+			when 'add'; lambda { |di, a0, a1| { a0 => Expression[a0, :+, a1] } }
+			when 'sub'; lambda { |di, a0, a1| { a0 => Expression[a0, :-, a1] } }
+			when 'mul'; lambda { |di, a0, a1| { a0 => Expression[a0, :*, a1] } }
+			when 'div'; lambda { |di, a0, a1| { a0 => Expression[a0, :/, a1] } }
+			when 'shl'; lambda { |di, a0, a1| { a0 => Expression[a0, :<<, a1] } }
+			when 'shr'; lambda { |di, a0, a1| { a0 => Expression[a0, :>>, a1] } }
+			when 'neg'; lambda { |di, a0| { a0 => Expression[:-, a0] } }
+			when 'msh'; lambda { |di, a0, a1| { a0 => Expression[[a1, :&, 0xf], :<<, 2] } }
+			when 'jmp', 'jg', 'jge', 'je', 'jtest', 'ret'; lambda { |di, *a| { } }
+			end
+			@backtrace_binding[op] ||= binding if binding
+		}
+		@backtrace_binding
+	end
+	def get_backtrace_binding(di)
+		a = di.instruction.args.map { |arg|
+			case arg
+			when PktRef, MemRef, Reg; arg.symbolic(di)
+			else arg
+			end
+		}
+		if binding = backtrace_binding[di.opcode.name]
+			binding[di, *a]
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			{:incomplete_binding => Expression[1]}
+		end
+	end
+	def get_xrefs_x(dasm, di)
+		return [] if not di.opcode.props[:setip]
+		if di.instruction.args.length == 4
+			di.instruction.args[-2, 2]
+		else
+			di.instruction.args[-1, 1]
+		end
+	end
+	# updates an instruction's argument replacing an expression with another (eg label renamed)
+	def replace_instr_arg_immediate(i, old, new)
+		i.args.map! { |a|
+			case a
+			when Expression; a == old ? new : Expression[a.bind(old => new).reduce]
+			else a
+			end
+		}
+	end
+end
+end

data/metasm/cpu/bpf/main.rb ADDED

@@ -0,0 +1,60 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class BPF < CPU
+	class Reg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(orig=nil) ; @v ; end
+	end
+	class MemRef
+		attr_accessor :base, :offset, :msz
+		def memtype
+			:mem
+		end
+		def initialize(base, offset, msz)
+			@base = base
+			@offset = offset
+			@msz = msz
+		end
+		def symbolic(orig)
+			p = Expression[memtype]
+			p = Expression[p, :+, @base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p, @msz, orig]
+		end
+	end
+	class PktRef < MemRef
+		def memtype
+			:pkt
+		end
+	end
+	def initialize(family = :latest)
+		super()
+		@endianness = :big
+		@size = 32
+		@family = family
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+end
+end

data/metasm/cpu/bpf/opcodes.rb ADDED

@@ -0,0 +1,81 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/main'
+module Metasm
+class BPF
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.args << a if @valid_args[a]
+			o.props.update a if a.kind_of?(::Hash)
+		}
+		@opcode_list << o
+	end
+	def addop_ldx(bin, src)
+		addop 'mov', bin | 0x00, :a, src
+		addop 'mov', bin | 0x01, :x, src
+	end
+	def addop_ldsz(bin, src)
+		addop 'mov', bin | 0x00, :a, src, :msz => 4
+		addop 'mov', bin | 0x08, :a, src, :msz => 2
+		addop 'mov', bin | 0x10, :a, src, :msz => 1
+	end
+	def addop_alu(name, bin)
+		addop name, bin | 0x04, :a, :k
+		addop name, bin | 0x0C, :a, :x
+	end
+	def addop_j(name, bin)
+		addop name, bin | 0x05 | 0x00, :a, :k, :jt, :jf, :setip => true, :stopexec => true
+		addop name, bin | 0x05 | 0x08, :a, :x, :jt, :jf, :setip => true, :stopexec => true
+	end
+	def init_bpf
+		@opcode_list = []
+		[:a, :k, :x, :len, :m_k, :p_k, :p_xk, :jt, :jf].each { |a| @valid_args[a] = true }
+		# LD/ST
+		addop_ldx  0x00, :k
+		addop_ldsz 0x20, :p_k
+		addop_ldsz 0x40, :p_xk
+		addop_ldx  0x60, :m_k
+		addop_ldx  0x80, :len
+		addop 'msh', 0xB1, :x, :p_k, :msz => 1
+		addop 'mov', 0x02, :m_k, :a
+		addop 'mov', 0x03, :m_k, :x
+		# ALU
+		addop_alu 'add', 0x00
+		addop_alu 'sub', 0x10
+		addop_alu 'mul', 0x20
+		addop_alu 'div', 0x30
+		addop_alu 'or',  0x40
+		addop_alu 'and', 0x50
+		addop_alu 'shl', 0x60
+		addop_alu 'shr', 0x70
+		addop 'neg', 0x84, :a
+		# JMP
+		addop   'jmp',  0x05, :k, :setip => true, :stopexec => true
+		addop_j 'je',   0x10
+		addop_j 'jg',   0x20
+		addop_j 'jge',  0x30
+		addop_j 'jtest',0x40
+		addop   'ret',  0x06, :k, :stopexec => true
+		addop   'ret',  0x16, :a, :stopexec => true
+		addop 'mov', 0x07, :x, :a
+		addop 'mov', 0x87, :a, :x
+	end
+	alias init_latest init_bpf
+end
+end

data/metasm/cpu/bpf/render.rb ADDED

@@ -0,0 +1,41 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/opcodes'
+require 'metasm/render'
+module Metasm
+class BPF
+	class Reg
+		include Renderable
+		def render ; [@v.to_s] end
+	end
+	class MemRef
+		include Renderable
+		def render
+			r = []
+			r << memtype
+			r << [nil, ' byte ', ' word ', nil, ' dword '][@msz]
+			r << '['
+			r << @base if @base
+			r << '+' if @base and @offset
+			r << @offset if @offset
+			r << ']'
+		end
+	end
+	def render_instruction(i)
+		r = []
+		r << i.opname
+		if not i.args.empty?
+			r << ' '
+			i.args.each { |a_| r << a_ << ', ' }
+			r.pop
+		end
+		r
+	end
+end
+end

data/metasm/cpu/cy16.rb ADDED

@@ -0,0 +1,9 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+require 'metasm/cpu/cy16/decode'
+require 'metasm/cpu/cy16/render'

data/metasm/cpu/cy16/decode.rb ADDED

@@ -0,0 +1,253 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/opcodes'
+require 'metasm/decode'
+module Metasm
+class CY16
+	def build_opcode_bin_mask(op)
+		# bit = 0 if can be mutated by an field value, 1 if fixed by opcode
+		op.bin_mask = 0
+		op.fields.each { |f, off|
+			op.bin_mask |= (@fields_mask[f] << off)
+		}
+		op.bin_mask ^= 0xffff
+	end
+	def build_bin_lookaside
+		# sets up a hash byte value => list of opcodes that may match
+		# opcode.bin_mask is built here
+		lookaside = Array.new(256) { [] }
+		opcode_list.each { |op|
+			build_opcode_bin_mask op
+			b   = (op.bin >> 8) & 0xff
+			msk = (op.bin_mask >> 8) & 0xff
+			for i in b..(b | (255^msk))
+				lookaside[i] << op if i & msk == b & msk
+			end
+		}
+		lookaside
+	end
+	def decode_findopcode(edata)
+		di = DecodedInstruction.new self
+		return if edata.ptr+2 > edata.length
+		bin = edata.decode_imm(:u16, @endianness)
+		edata.ptr -= 2
+		return di if di.opcode = @bin_lookaside[(bin >> 8) & 0xff].find { |op|
+			bin & op.bin_mask == op.bin & op.bin_mask
+		}
+	end
+	def decode_instr_op_r(val, edata)
+		bw = ((val & 0b1000) > 0 ? 1 : 2)
+		case val & 0b11_0000
+		when 0b00_0000
+			Reg.new(val)
+		when 0b01_0000
+			if val == 0b01_1111
+				Expression[edata.decode_imm(:u16, @endianness)]
+			else
+				Memref.new(Reg.new(8+(val&7)), nil, bw)
+			end
+		when 0b10_0000
+			if val & 7 == 7
+				Memref.new(nil, edata.decode_imm(:u16, @endianness), bw)
+			else
+				Memref.new(Reg.new(8+(val&7)), nil, bw, true)
+			end
+		when 0b11_0000
+			Memref.new(Reg.new(8+(val&7)), edata.decode_imm(:u16, @endianness), bw)
+		end
+	end
+	def decode_instr_op(edata, di)
+		before_ptr = edata.ptr
+		op = di.opcode
+		di.instruction.opname = op.name
+		bin = edata.decode_imm(:u16, @endianness)
+		field_val = lambda { |f|
+			if off = op.fields[f]
+				(bin >> off) & @fields_mask[f]
+			end
+		}
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :rs, :rd; decode_instr_op_r(field_val[a], edata)
+			when :o7; Expression[2*Expression.make_signed(field_val[a], 7)]
+			when :x7; Expression[field_val[a]]
+			when :u3; Expression[field_val[a]+1]
+			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
+			end
+		}
+		di.instruction.args.reverse!
+		di.bin_length += edata.ptr - before_ptr
+		di
+	rescue InvalidRD
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip] and di.opcode.args.last == :o7
+			delta = di.instruction.args.last.reduce
+			arg = Expression[[addr, :+, di.bin_length], :+, delta].reduce
+			di.instruction.args[-1] = Expression[arg]
+		end
+		di
+	end
+	# hash opcode_name => lambda { |dasm, di, *symbolic_args| instr_binding }
+	def backtrace_binding
+		@backtrace_binding ||= init_backtrace_binding
+	end
+	def backtrace_binding=(b) @backtrace_binding = b end
+	# populate the @backtrace_binding hash with default values
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+		mask = 0xffff
+		opcode_list.map { |ol| ol.basename }.uniq.sort.each { |op|
+			binding = case op
+			when 'mov'; lambda { |di, a0, a1| { a0 => Expression[a1] } }
+			when 'add', 'adc', 'sub', 'sbc', 'and', 'xor', 'or', 'addi', 'subi'
+				lambda { |di, a0, a1|
+					e_op = { 'add' => :+, 'adc' => :+, 'sub' => :-, 'sbc' => :-, 'and' => :&,
+						 'xor' => :^, 'or' => :|, 'addi' => :+, 'subi' => :- }[op]
+					ret = Expression[a0, e_op, a1]
+					ret = Expression[ret, e_op, :flag_c] if op == 'adc' or op == 'sbb'
+					# optimises eax ^ eax => 0
+					# avoid hiding memory accesses (to not hide possible fault)
+					ret = Expression[ret.reduce] if not a0.kind_of? Indirection
+					{ a0 => ret }
+				}
+			when 'cmp', 'test'; lambda { |di, *a| {} }
+			when 'not'; lambda { |di, a0| { a0 => Expression[a0, :^, mask] } }
+			when 'call'
+				lambda { |di, a0| { :sp => Expression[:sp, :-, 2],
+					  Indirection[:sp, 2, di.address] => Expression[di.next_addr] }
+				}
+			when 'ret'; lambda { |di, *a| { :sp => Expression[:sp, :+, 2] } }
+			# TODO callCC, retCC ...
+			when /^j/; lambda { |di, *a| {} }
+			end
+			# TODO flags ?
+			@backtrace_binding[op] ||= binding if binding
+		}
+		@backtrace_binding
+	end
+	def get_backtrace_binding(di)
+		a = di.instruction.args.map { |arg|
+			case arg
+			when Memref, Reg; arg.symbolic(di)
+			else arg
+			end
+		}
+		if binding = backtrace_binding[di.opcode.basename]
+			bd = {}
+			di.instruction.args.each { |aa| bd[aa.base.symbolic] = Expression[aa.base.symbolic, :+, aa.sz] if aa.kind_of?(Memref) and aa.autoincr }
+			bd.update binding[di, *a]
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			# assume nothing except the 1st arg is modified
+			case a[0]
+			when Indirection, Symbol; { a[0] => Expression::Unknown }
+			when Expression; (x = a[0].externals.first) ? { x => Expression::Unknown } : {}
+			else {}
+			end.update(:incomplete_binding => Expression[1])
+		end
+	end
+	# patch a forward binding from the backtrace binding
+	def fix_fwdemu_binding(di, fbd)
+		case di.opcode.name
+		when 'call'; fbd[Indirection[[:sp, :-, 2], 2]] = fbd.delete(Indirection[:sp, 2])
+		end
+		fbd
+	end
+	def get_xrefs_x(dasm, di)
+		return [] if not di.opcode.props[:setip]
+		return [Indirection[:sp, 2, di.address]] if di.opcode.name =~ /^r/
+		case tg = di.instruction.args.first
+		when Memref; [Expression[tg.symbolic(di)]]
+		when Reg; [Expression[tg.symbolic(di)]]
+		when Expression, ::Integer; [Expression[tg]]
+		else
+			puts "unhandled setip at #{di.address} #{di.instruction}" if $DEBUG
+			[]
+		end
+	end
+	# checks if expr is a valid return expression matching the :saveip instruction
+	def backtrace_is_function_return(expr, di=nil)
+		expr = Expression[expr].reduce_rec
+		expr.kind_of?(Indirection) and expr.len == 2 and expr.target == Expression[:sp]
+	end
+	# updates the function backtrace_binding
+	# if the function is big and no specific register is given, do nothing (the binding will be lazily updated later, on demand)
+	def backtrace_update_function_binding(dasm, faddr, f, retaddrlist, *wantregs)
+		b = f.backtrace_binding
+		bt_val = lambda { |r|
+			next if not retaddrlist
+			b[r] = Expression::Unknown
+			bt = []
+			retaddrlist.each { |retaddr|
+				bt |= dasm.backtrace(Expression[r], retaddr, :include_start => true,
+					     :snapshot_addr => faddr, :origin => retaddr)
+			}
+			if bt.length != 1
+				b[r] = Expression::Unknown
+			else
+				b[r] = bt.first
+			end
+		}
+		if not wantregs.empty?
+			wantregs.each(&bt_val)
+		else
+			bt_val[:sp]
+		end
+		b
+	end
+	# returns true if the expression is an address on the stack
+	def backtrace_is_stack_address(expr)
+		Expression[expr].expr_externals.include?(:sp)
+	end
+	# updates an instruction's argument replacing an expression with another (eg label renamed)
+	def replace_instr_arg_immediate(i, old, new)
+		i.args.map! { |a|
+			case a
+			when Expression; a == old ? new : Expression[a.bind(old => new).reduce]
+			when Memref
+				a.offset = (a.offset == old ? new : Expression[a.offset.bind(old => new).reduce]) if a.offset
+				a
+			else a
+			end
+		}
+	end
+end
+end