RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} RENAMED

@@ -5,7 +5,5 @@
 require 'metasm/main'
-require 'metasm/ppc/parse'
-require 'metasm/ppc/encode'
-require 'metasm/ppc/decode'
-require 'metasm/ppc/decompile'
+require 'metasm/cpu/bpf/decode'
+require 'metasm/cpu/bpf/render'

data/metasm/cpu/bpf/decode.rb ADDED

@@ -0,0 +1,142 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/opcodes'
+require 'metasm/decode'
+module Metasm
+class BPF
+	def build_bin_lookaside
+		opcode_list.inject({}) { |h, op| h.update op.bin => op }
+	end
+	# tries to find the opcode encoded at edata.ptr
+	def decode_findopcode(edata)
+		return if edata.ptr > edata.data.length-8
+		di = DecodedInstruction.new self
+		code = edata.data[edata.ptr, 2].unpack('v')[0]
+		return di if di.opcode = @bin_lookaside[code]
+	end
+	def decode_instr_op(edata, di)
+		op = di.opcode
+		di.instruction.opname = op.name
+		di.bin_length = 8
+		code, jt, jf, k = edata.read(8).unpack('vCCV')
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :k;    Expression[k]
+			when :x;    Reg.new(:x)
+			when :a;    Reg.new(:a)
+			when :len;  Reg.new(:len)
+			when :p_k;  PktRef.new(nil, Expression[k], op.props[:msz])
+			when :p_xk; PktRef.new(Reg.new(:x), Expression[k], op.props[:msz])
+			when :m_k;  MemRef.new(nil, Expression[4*k], 4)
+			when :jt;   Expression[jt]
+			when :jf;   Expression[jf]
+			else raise "unhandled arg #{a}"
+			end
+		}
+		# je a, x, 0, 12 -> jne a, x, 12
+		# je a, x, 12, 0 -> je a, x, 12
+		if op.args[2] == :jt and di.instruction.args[2] == Expression[0]
+			di.opcode = op.dup
+			di.opcode.props.delete :stopexec
+			di.instruction.opname = { 'jg' => 'jle', 'jge' => 'jl', 'je' => 'jne', 'jtest' => 'jntest' }[di.instruction.opname]
+			di.instruction.args.delete_at(2)
+		elsif op.args[3] == :jf and di.instruction.args[3] == Expression[0]
+			di.opcode = op.dup
+			di.opcode.props.delete :stopexec
+			di.instruction.args.delete_at(3)
+		end
+		di
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip]
+			delta = di.instruction.args[-1].reduce + 1
+			arg = Expression[addr, :+, 8*delta].reduce
+			di.instruction.args[-1] = Expression[arg]
+			if di.instruction.args.length == 4
+				delta = di.instruction.args[2].reduce + 1
+				arg = Expression[addr, :+, 8*delta].reduce
+				di.instruction.args[2] = Expression[arg]
+			end
+		end
+		di
+	end
+	# hash opcode_name => lambda { |dasm, di, *symbolic_args| instr_binding }
+	def backtrace_binding
+		@backtrace_binding ||= init_backtrace_binding
+	end
+	def backtrace_binding=(b) @backtrace_binding = b end
+	# populate the @backtrace_binding hash with default values
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+		opcode_list.map { |ol| ol.basename }.uniq.sort.each { |op|
+			binding = case op
+			when 'mov'; lambda { |di, a0, a1| { a0 => Expression[a1] } }
+			when 'add'; lambda { |di, a0, a1| { a0 => Expression[a0, :+, a1] } }
+			when 'sub'; lambda { |di, a0, a1| { a0 => Expression[a0, :-, a1] } }
+			when 'mul'; lambda { |di, a0, a1| { a0 => Expression[a0, :*, a1] } }
+			when 'div'; lambda { |di, a0, a1| { a0 => Expression[a0, :/, a1] } }
+			when 'shl'; lambda { |di, a0, a1| { a0 => Expression[a0, :<<, a1] } }
+			when 'shr'; lambda { |di, a0, a1| { a0 => Expression[a0, :>>, a1] } }
+			when 'neg'; lambda { |di, a0| { a0 => Expression[:-, a0] } }
+			when 'msh'; lambda { |di, a0, a1| { a0 => Expression[[a1, :&, 0xf], :<<, 2] } }
+			when 'jmp', 'jg', 'jge', 'je', 'jtest', 'ret'; lambda { |di, *a| { } }
+			end
+			@backtrace_binding[op] ||= binding if binding
+		}
+		@backtrace_binding
+	end
+	def get_backtrace_binding(di)
+		a = di.instruction.args.map { |arg|
+			case arg
+			when PktRef, MemRef, Reg; arg.symbolic(di)
+			else arg
+			end
+		}
+		if binding = backtrace_binding[di.opcode.name]
+			binding[di, *a]
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			{:incomplete_binding => Expression[1]}
+		end
+	end
+	def get_xrefs_x(dasm, di)
+		return [] if not di.opcode.props[:setip]
+		if di.instruction.args.length == 4
+			di.instruction.args[-2, 2]
+		else
+			di.instruction.args[-1, 1]
+		end
+	end
+	# updates an instruction's argument replacing an expression with another (eg label renamed)
+	def replace_instr_arg_immediate(i, old, new)
+		i.args.map! { |a|
+			case a
+			when Expression; a == old ? new : Expression[a.bind(old => new).reduce]
+			else a
+			end
+		}
+	end
+end
+end

data/metasm/cpu/bpf/main.rb ADDED

@@ -0,0 +1,60 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class BPF < CPU
+	class Reg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(orig=nil) ; @v ; end
+	end
+	class MemRef
+		attr_accessor :base, :offset, :msz
+		def memtype
+			:mem
+		end
+		def initialize(base, offset, msz)
+			@base = base
+			@offset = offset
+			@msz = msz
+		end
+		def symbolic(orig)
+			p = Expression[memtype]
+			p = Expression[p, :+, @base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p, @msz, orig]
+		end
+	end
+	class PktRef < MemRef
+		def memtype
+			:pkt
+		end
+	end
+	def initialize(family = :latest)
+		super()
+		@endianness = :big
+		@size = 32
+		@family = family
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+end
+end

data/metasm/cpu/bpf/opcodes.rb ADDED

@@ -0,0 +1,81 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/main'
+module Metasm
+class BPF
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.args << a if @valid_args[a]
+			o.props.update a if a.kind_of?(::Hash)
+		}
+		@opcode_list << o
+	end
+	def addop_ldx(bin, src)
+		addop 'mov', bin | 0x00, :a, src
+		addop 'mov', bin | 0x01, :x, src
+	end
+	def addop_ldsz(bin, src)
+		addop 'mov', bin | 0x00, :a, src, :msz => 4
+		addop 'mov', bin | 0x08, :a, src, :msz => 2
+		addop 'mov', bin | 0x10, :a, src, :msz => 1
+	end
+	def addop_alu(name, bin)
+		addop name, bin | 0x04, :a, :k
+		addop name, bin | 0x0C, :a, :x
+	end
+	def addop_j(name, bin)
+		addop name, bin | 0x05 | 0x00, :a, :k, :jt, :jf, :setip => true, :stopexec => true
+		addop name, bin | 0x05 | 0x08, :a, :x, :jt, :jf, :setip => true, :stopexec => true
+	end
+	def init_bpf
+		@opcode_list = []
+		[:a, :k, :x, :len, :m_k, :p_k, :p_xk, :jt, :jf].each { |a| @valid_args[a] = true }
+		# LD/ST
+		addop_ldx  0x00, :k
+		addop_ldsz 0x20, :p_k
+		addop_ldsz 0x40, :p_xk
+		addop_ldx  0x60, :m_k
+		addop_ldx  0x80, :len
+		addop 'msh', 0xB1, :x, :p_k, :msz => 1
+		addop 'mov', 0x02, :m_k, :a
+		addop 'mov', 0x03, :m_k, :x
+		# ALU
+		addop_alu 'add', 0x00
+		addop_alu 'sub', 0x10
+		addop_alu 'mul', 0x20
+		addop_alu 'div', 0x30
+		addop_alu 'or',  0x40
+		addop_alu 'and', 0x50
+		addop_alu 'shl', 0x60
+		addop_alu 'shr', 0x70
+		addop 'neg', 0x84, :a
+		# JMP
+		addop   'jmp',  0x05, :k, :setip => true, :stopexec => true
+		addop_j 'je',   0x10
+		addop_j 'jg',   0x20
+		addop_j 'jge',  0x30
+		addop_j 'jtest',0x40
+		addop   'ret',  0x06, :k, :stopexec => true
+		addop   'ret',  0x16, :a, :stopexec => true
+		addop 'mov', 0x07, :x, :a
+		addop 'mov', 0x87, :a, :x
+	end
+	alias init_latest init_bpf
+end
+end

data/metasm/cpu/bpf/render.rb ADDED

@@ -0,0 +1,41 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/bpf/opcodes'
+require 'metasm/render'
+module Metasm
+class BPF
+	class Reg
+		include Renderable
+		def render ; [@v.to_s] end
+	end
+	class MemRef
+		include Renderable
+		def render
+			r = []
+			r << memtype
+			r << [nil, ' byte ', ' word ', nil, ' dword '][@msz]
+			r << '['
+			r << @base if @base
+			r << '+' if @base and @offset
+			r << @offset if @offset
+			r << ']'
+		end
+	end
+	def render_instruction(i)
+		r = []
+		r << i.opname
+		if not i.args.empty?
+			r << ' '
+			i.args.each { |a_| r << a_ << ', ' }
+			r.pop
+		end
+		r
+	end
+end
+end

data/metasm/cpu/cy16.rb ADDED

@@ -0,0 +1,9 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+require 'metasm/cpu/cy16/decode'
+require 'metasm/cpu/cy16/render'

data/metasm/cpu/cy16/decode.rb ADDED

@@ -0,0 +1,253 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/opcodes'
+require 'metasm/decode'
+module Metasm
+class CY16
+	def build_opcode_bin_mask(op)
+		# bit = 0 if can be mutated by an field value, 1 if fixed by opcode
+		op.bin_mask = 0
+		op.fields.each { |f, off|
+			op.bin_mask |= (@fields_mask[f] << off)
+		}
+		op.bin_mask ^= 0xffff
+	end
+	def build_bin_lookaside
+		# sets up a hash byte value => list of opcodes that may match
+		# opcode.bin_mask is built here
+		lookaside = Array.new(256) { [] }
+		opcode_list.each { |op|
+			build_opcode_bin_mask op
+			b   = (op.bin >> 8) & 0xff
+			msk = (op.bin_mask >> 8) & 0xff
+			for i in b..(b | (255^msk))
+				lookaside[i] << op if i & msk == b & msk
+			end
+		}
+		lookaside
+	end
+	def decode_findopcode(edata)
+		di = DecodedInstruction.new self
+		return if edata.ptr+2 > edata.length
+		bin = edata.decode_imm(:u16, @endianness)
+		edata.ptr -= 2
+		return di if di.opcode = @bin_lookaside[(bin >> 8) & 0xff].find { |op|
+			bin & op.bin_mask == op.bin & op.bin_mask
+		}
+	end
+	def decode_instr_op_r(val, edata)
+		bw = ((val & 0b1000) > 0 ? 1 : 2)
+		case val & 0b11_0000
+		when 0b00_0000
+			Reg.new(val)
+		when 0b01_0000
+			if val == 0b01_1111
+				Expression[edata.decode_imm(:u16, @endianness)]
+			else
+				Memref.new(Reg.new(8+(val&7)), nil, bw)
+			end
+		when 0b10_0000
+			if val & 7 == 7
+				Memref.new(nil, edata.decode_imm(:u16, @endianness), bw)
+			else
+				Memref.new(Reg.new(8+(val&7)), nil, bw, true)
+			end
+		when 0b11_0000
+			Memref.new(Reg.new(8+(val&7)), edata.decode_imm(:u16, @endianness), bw)
+		end
+	end
+	def decode_instr_op(edata, di)
+		before_ptr = edata.ptr
+		op = di.opcode
+		di.instruction.opname = op.name
+		bin = edata.decode_imm(:u16, @endianness)
+		field_val = lambda { |f|
+			if off = op.fields[f]
+				(bin >> off) & @fields_mask[f]
+			end
+		}
+		op.args.each { |a|
+			di.instruction.args << case a
+			when :rs, :rd; decode_instr_op_r(field_val[a], edata)
+			when :o7; Expression[2*Expression.make_signed(field_val[a], 7)]
+			when :x7; Expression[field_val[a]]
+			when :u3; Expression[field_val[a]+1]
+			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
+			end
+		}
+		di.instruction.args.reverse!
+		di.bin_length += edata.ptr - before_ptr
+		di
+	rescue InvalidRD
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip] and di.opcode.args.last == :o7
+			delta = di.instruction.args.last.reduce
+			arg = Expression[[addr, :+, di.bin_length], :+, delta].reduce
+			di.instruction.args[-1] = Expression[arg]
+		end
+		di
+	end
+	# hash opcode_name => lambda { |dasm, di, *symbolic_args| instr_binding }
+	def backtrace_binding
+		@backtrace_binding ||= init_backtrace_binding
+	end
+	def backtrace_binding=(b) @backtrace_binding = b end
+	# populate the @backtrace_binding hash with default values
+	def init_backtrace_binding
+		@backtrace_binding ||= {}
+		mask = 0xffff
+		opcode_list.map { |ol| ol.basename }.uniq.sort.each { |op|
+			binding = case op
+			when 'mov'; lambda { |di, a0, a1| { a0 => Expression[a1] } }
+			when 'add', 'adc', 'sub', 'sbc', 'and', 'xor', 'or', 'addi', 'subi'
+				lambda { |di, a0, a1|
+					e_op = { 'add' => :+, 'adc' => :+, 'sub' => :-, 'sbc' => :-, 'and' => :&,
+						 'xor' => :^, 'or' => :|, 'addi' => :+, 'subi' => :- }[op]
+					ret = Expression[a0, e_op, a1]
+					ret = Expression[ret, e_op, :flag_c] if op == 'adc' or op == 'sbb'
+					# optimises eax ^ eax => 0
+					# avoid hiding memory accesses (to not hide possible fault)
+					ret = Expression[ret.reduce] if not a0.kind_of? Indirection
+					{ a0 => ret }
+				}
+			when 'cmp', 'test'; lambda { |di, *a| {} }
+			when 'not'; lambda { |di, a0| { a0 => Expression[a0, :^, mask] } }
+			when 'call'
+				lambda { |di, a0| { :sp => Expression[:sp, :-, 2],
+					  Indirection[:sp, 2, di.address] => Expression[di.next_addr] }
+				}
+			when 'ret'; lambda { |di, *a| { :sp => Expression[:sp, :+, 2] } }
+			# TODO callCC, retCC ...
+			when /^j/; lambda { |di, *a| {} }
+			end
+			# TODO flags ?
+			@backtrace_binding[op] ||= binding if binding
+		}
+		@backtrace_binding
+	end
+	def get_backtrace_binding(di)
+		a = di.instruction.args.map { |arg|
+			case arg
+			when Memref, Reg; arg.symbolic(di)
+			else arg
+			end
+		}
+		if binding = backtrace_binding[di.opcode.basename]
+			bd = {}
+			di.instruction.args.each { |aa| bd[aa.base.symbolic] = Expression[aa.base.symbolic, :+, aa.sz] if aa.kind_of?(Memref) and aa.autoincr }
+			bd.update binding[di, *a]
+		else
+			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
+			# assume nothing except the 1st arg is modified
+			case a[0]
+			when Indirection, Symbol; { a[0] => Expression::Unknown }
+			when Expression; (x = a[0].externals.first) ? { x => Expression::Unknown } : {}
+			else {}
+			end.update(:incomplete_binding => Expression[1])
+		end
+	end
+	# patch a forward binding from the backtrace binding
+	def fix_fwdemu_binding(di, fbd)
+		case di.opcode.name
+		when 'call'; fbd[Indirection[[:sp, :-, 2], 2]] = fbd.delete(Indirection[:sp, 2])
+		end
+		fbd
+	end
+	def get_xrefs_x(dasm, di)
+		return [] if not di.opcode.props[:setip]
+		return [Indirection[:sp, 2, di.address]] if di.opcode.name =~ /^r/
+		case tg = di.instruction.args.first
+		when Memref; [Expression[tg.symbolic(di)]]
+		when Reg; [Expression[tg.symbolic(di)]]
+		when Expression, ::Integer; [Expression[tg]]
+		else
+			puts "unhandled setip at #{di.address} #{di.instruction}" if $DEBUG
+			[]
+		end
+	end
+	# checks if expr is a valid return expression matching the :saveip instruction
+	def backtrace_is_function_return(expr, di=nil)
+		expr = Expression[expr].reduce_rec
+		expr.kind_of?(Indirection) and expr.len == 2 and expr.target == Expression[:sp]
+	end
+	# updates the function backtrace_binding
+	# if the function is big and no specific register is given, do nothing (the binding will be lazily updated later, on demand)
+	def backtrace_update_function_binding(dasm, faddr, f, retaddrlist, *wantregs)
+		b = f.backtrace_binding
+		bt_val = lambda { |r|
+			next if not retaddrlist
+			b[r] = Expression::Unknown
+			bt = []
+			retaddrlist.each { |retaddr|
+				bt |= dasm.backtrace(Expression[r], retaddr, :include_start => true,
+					     :snapshot_addr => faddr, :origin => retaddr)
+			}
+			if bt.length != 1
+				b[r] = Expression::Unknown
+			else
+				b[r] = bt.first
+			end
+		}
+		if not wantregs.empty?
+			wantregs.each(&bt_val)
+		else
+			bt_val[:sp]
+		end
+		b
+	end
+	# returns true if the expression is an address on the stack
+	def backtrace_is_stack_address(expr)
+		Expression[expr].expr_externals.include?(:sp)
+	end
+	# updates an instruction's argument replacing an expression with another (eg label renamed)
+	def replace_instr_arg_immediate(i, old, new)
+		i.args.map! { |a|
+			case a
+			when Expression; a == old ? new : Expression[a.bind(old => new).reduce]
+			when Memref
+				a.offset = (a.offset == old ? new : Expression[a.offset.bind(old => new).reduce]) if a.offset
+				a
+			else a
+			end
+		}
+	end
+end
+end