RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/metasm/cpu/cy16/main.rb ADDED

@@ -0,0 +1,63 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class CY16 < CPU
+	class Reg
+		class << self
+			attr_accessor :s_to_i, :i_to_s
+		end
+		@i_to_s = (0..14).inject({}) { |h, i| h.update i => "r#{i}" }
+		@i_to_s[15] = 'sp'
+		@s_to_i = @i_to_s.invert
+		attr_accessor :i
+		def initialize(i)
+			@i = i
+		end
+		def symbolic(orig=nil) ; to_s.to_sym ; end
+		def self.from_str(s)
+			raise "Bad name #{s.inspect}" if not x = @s_to_i[s]
+			new(x)
+		end
+	end
+	class Memref
+		attr_accessor :base, :offset, :sz, :autoincr
+		def initialize(base, offset, sz=nil, autoincr=nil)
+			@base = base
+			offset = Expression[offset] if offset
+			@offset = offset
+			@sz = sz
+			@autoincr = autoincr
+		end
+		def symbolic(orig)
+			p = nil
+			p = Expression[p, :+, @base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p.reduce, @sz, orig]
+		end
+	end
+	def initialize(family = :latest)
+		super()
+		@endianness = :little
+		@size = 16
+		@family = family
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+end
+end

data/metasm/cpu/cy16/opcodes.rb ADDED

@@ -0,0 +1,78 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/main'
+module Metasm
+class CY16
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.args << a if @fields_mask[a] or @valid_args[a]
+			o.props[a] = true if @valid_props[a]
+			o.fields[a] = @fields_shift[a] if @fields_mask[a]
+			raise "wtf #{a.inspect}" unless @valid_args[a] or @valid_props[a] or @fields_mask[a]
+		}
+		@opcode_list << o
+	end
+	def addop_macrocc(name, bin, *args)
+		%w[z nz b ae s ns o no a be g ge l le].each_with_index { |cc, i|
+			dbin = bin
+			dbin |= i << 8
+			addop name + cc, dbin, *args
+		}
+	end
+	def init_cy16
+		@opcode_list = []
+		@valid_args.update [:rs, :rd, :o7
+		].inject({}) { |h, v| h.update v => true }
+		@fields_mask.update :rs => 0x3f, :rd => 0x3f, :o7 => 0x7f, :x7 => 0x7f, :u3 => 7
+		@fields_shift.update :rs => 6, :rd => 0, :o7 => 0, :x7 => 0, :u3 => 6
+		addop 'mov', 0<<12, :rs, :rd
+		addop 'add', 1<<12, :rs, :rd
+		addop 'adc', 2<<12, :rs, :rd
+		addop 'addc',2<<12, :rs, :rd
+		addop 'sub', 3<<12, :rs, :rd
+		addop 'sbb', 4<<12, :rs, :rd
+		addop 'subb',4<<12, :rs, :rd
+		addop 'cmp', 5<<12, :rs, :rd
+		addop 'and', 6<<12, :rs, :rd
+		addop 'test',7<<12, :rs, :rd
+		addop 'or',  8<<12, :rs, :rd
+		addop 'xor', 9<<12, :rs, :rd
+		addop_macrocc 'int', (10<<12), :x7
+		addop 'int', (10<<12) | (15<<8), :x7
+		addop_macrocc 'c', (10<<12) | (1<<7), :setip, :saveip, :rd
+		addop 'call',(10<<12) | (15<<8) | (1<<7), :setip, :stopexec, :saveip, :rd
+		addop_macrocc 'r', (12<<12) | (1<<7) | 0b010111, :setip	# must come before absolute jmp
+		addop 'ret', (12<<12) | (15<<8) | (1<<7) | 0b010111, :setip, :stopexec
+		addop_macrocc 'j', (12<<12), :setip, :o7	# relative
+		addop 'jmp', (12<<12) | (15<<8), :setip, :stopexec, :o7	# relative
+		addop_macrocc 'j', (12<<12) | (1<<7), :setip, :rd	# absolute
+		addop 'jmp', (12<<12) | (15<<8) | (1<<7), :setip, :stopexec, :rd	# absolute
+		addop 'shr', (13<<12) | (0<<9), :u3, :rd
+		addop 'shl', (13<<12) | (1<<9), :u3, :rd
+		addop 'ror', (13<<12) | (2<<9), :u3, :rd
+		addop 'rol', (13<<12) | (3<<9), :u3, :rd
+		addop 'addi',(13<<12) | (4<<9), :u3, :rd
+		addop 'subi',(13<<12) | (5<<9), :u3, :rd
+		addop 'not', (13<<12) | (7<<9) | (0<<6), :rd
+		addop 'neg', (13<<12) | (7<<9) | (1<<6), :rd
+		addop 'cbw', (13<<12) | (7<<9) | (4<<6), :rd
+		addop 'sti', (13<<12) | (7<<9) | (7<<6) | 0
+		addop 'cli', (13<<12) | (7<<9) | (7<<6) | 1
+		addop 'stc', (13<<12) | (7<<9) | (7<<6) | 2
+		addop 'clc', (13<<12) | (7<<9) | (7<<6) | 3
+	end
+	alias init_latest init_cy16
+end
+end

data/metasm/cpu/cy16/render.rb ADDED

@@ -0,0 +1,41 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/opcodes'
+require 'metasm/render'
+module Metasm
+class CY16
+	class Reg
+		include Renderable
+		def render ; [self.class.i_to_s[@i]] end
+	end
+	class Memref
+		include Renderable
+		def render
+			r = []
+			r << (@sz == 1 ? 'byte ptr ' : 'word ptr ')
+			r << '['
+			r << @base if @base
+			r << '++' if @autoincr
+			r << ' + ' if @base and @offset
+			r << @offset if @offset
+			r << ']'
+		end
+	end
+	def render_instruction(i)
+		r = []
+		r << i.opname
+		if not i.args.empty?
+			r << ' '
+			i.args.each { |a_| r << a_ << ', ' }
+			r.pop
+		end
+		r
+	end
+end
+end

data/metasm/cpu/dalvik.rb ADDED

@@ -0,0 +1,11 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+class Metasm::Dalvik < Metasm::CPU
+end
+require 'metasm/main'
+require 'metasm/cpu/dalvik/decode'

data/{lib/metasm → metasm/cpu}/dalvik/decode.rb RENAMED

@@ -3,7 +3,7 @@
 #
 #    Licence is LGPL, see LICENCE in the top-level directory
-require 'metasm/dalvik/opcodes'
+require 'metasm/cpu/dalvik/opcodes'
 require 'metasm/decode'
 module Metasm
@@ -12,7 +12,7 @@ class Dalvik
 	end
 	def decode_findopcode(edata)
-		return if edata.ptr >= edata.data.length
+		return if edata.ptr+2 > edata.length
 		di = DecodedInstruction.new(self)
 		di.opcode = opcode_list[edata.decode_imm(:u16, @endianness) & 0xff]
 		edata.ptr -= 2
@@ -22,7 +22,7 @@ class Dalvik
 	def decode_instr_op(edata, di)
 		op = di.opcode
 		di.instruction.opname = op.name
 		val = [edata.decode_imm(:u16, @endianness)]
 		op.args.each { |a|
@@ -80,7 +80,7 @@ class Dalvik
 				Expression[Expression.make_signed((val[1] >> 8) & 0xff, 8)]
 			when :rlist4, :rlist5
 				cnt = (val[0] >> 12) & 0xf
-			       	val << edata.decode_imm(:u16, @endianness)
+				val << edata.decode_imm(:u16, @endianness)
 				[cnt, 4].min.times {
 					di.instruction.args << Reg.new(val[-1] & 0xf)
 					val[-1] >>= 4
@@ -96,20 +96,40 @@ class Dalvik
 				next
 			when :m16
 				val << edata.decode_imm(:u16, @endianness)
-				Method.new(@dex, val.last)
+				DexMethod.new(@dex, val.last)
+			when :fld16
+				val << edata.decode_imm(:u16, @endianness)
+				DexField.new(@dex, val.last)
+			when :typ16
+				val << edata.decode_imm(:u16, @endianness)
+				DexType.new(@dex, val.last)
+			when :str16
+				val << edata.decode_imm(:u16, @endianness)
+				DexString.new(@dex, val.last)
 			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
 			end
 		}
 		di.bin_length = val.length*2
+		return if edata.ptr > edata.length
+		di
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip] and di.instruction.args.last.kind_of? Expression and di.instruction.opname =~ /^if|^goto/
+			arg = Expression[addr, :+, [di.instruction.args.last, :*, 2]].reduce
+			di.instruction.args[-1] = Expression[arg]
+		end
 		di
 	end
 	def backtrace_binding
 		@backtrace_binding ||= init_backtrace_binding
 	end
 	def init_backtrace_binding
 		@backtrace_binding ||= {}
 		sz = @size/8
@@ -117,12 +137,12 @@ class Dalvik
 			case op.name
 			when /invoke/
 				@backtrace_binding[op.name] = lambda { |di, *args| {
-					:callstack => Expression[:callstack, :-, sz],
+					:callstack => Expression[:callstack, :-, sz],
 					Indirection[:callstack, sz] => Expression[di.next_addr]
 				} }
 			when /return/
 				@backtrace_binding[op.name] = lambda { |di, *args| {
-			       		:callstack => Expression[:callstack, :+, sz]
+					:callstack => Expression[:callstack, :+, sz]
 				} }
 			end
 		}
@@ -136,9 +156,9 @@ class Dalvik
 			else arg
 			end
 		}
 		if binding = backtrace_binding[di.opcode.name]
-			bd = binding[di, *a]
+			binding[di, *a]
 		else
 			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
 			# assume nothing except the 1st arg is modified
@@ -150,18 +170,20 @@ class Dalvik
 		end
 	end
 	def get_xrefs_x(dasm, di)
 		if di.opcode.props[:saveip]
 			m = di.instruction.args.first
-			if m.kind_of? Method and m.off
+			if m.kind_of?(DexMethod) and m.off
 				[m.off]
 			else
 				[:default]
 			end
 		elsif di.opcode.props[:setip]
-			if di.opcode.name =~ /return/
+			if di.opcode.name =~ /^return/
 				[Indirection[:callstack, @size/8]]
+			elsif di.opcode.name =~ /^if|^goto/
+				[di.instruction.args.last]
 			else
 				[]	# [di.instruction.args.last]
 			end

data/{lib/metasm → metasm/cpu}/dalvik/main.rb RENAMED

@@ -23,13 +23,14 @@ class Dalvik < CPU
 		end
 	end
-	class Method
+	class DexMethod
 		attr_accessor :dex, :midx, :off
 		def initialize(dex, midx)
 			@dex = dex
 			@midx = midx
 			if @dex and m = @dex.methods[midx] and c = @dex.classes[m.classidx] and c.data and
-				me = (c.data.direct_methods+c.data.virtual_methods).find { |mm| mm.method == m }
+				me = (c.data.direct_methods+c.data.virtual_methods).find { |mm| mm.methodid == midx }
+				# FIXME this doesnt work
 				@off = me.codeoff + me.code.insns_off
 			end
 		end
@@ -44,6 +45,54 @@ class Dalvik < CPU
 		end
 	end
+	class DexField
+		attr_accessor :dex, :fidx
+		def initialize(dex, fidx)
+			@dex = dex
+			@fidx = fidx
+		end
+		def to_s
+			if @dex and f = @dex.fields[@fidx]
+				@dex.types[f.classidx] + '->' + @dex.strings[f.nameidx]
+			else
+				"field_#@fidx"
+			end
+		end
+	end
+	class DexType
+		attr_accessor :dex, :tidx
+		def initialize(dex, tidx)
+			@dex = dex
+			@tidx = tidx
+		end
+		def to_s
+			if @dex and f = @dex.types[@tidx]
+				f
+			else
+				"type_#@tidx"
+			end
+		end
+	end
+	class DexString
+		attr_accessor :dex, :sidx
+		def initialize(dex, sidx)
+			@dex = dex
+			@sidx = sidx
+		end
+		def to_s
+			if @dex and f = @dex.strings[@sidx]
+				f.inspect
+			else
+				"string_#@sidx"
+			end
+		end
+	end
 	def initialize(*args)
 		super()
 		@size = args.grep(Integer).first || 32

data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb RENAMED

@@ -11,7 +11,7 @@
 # the opcode number is in the low-order byte, and determines the
 # argument format, which may take up to 4 other words
-require 'metasm/dalvik/main'
+require 'metasm/cpu/dalvik/main'
 module Metasm
 class Dalvik
@@ -61,9 +61,11 @@ invoke_virtual_quick invoke_virtual_quick_range invoke_super_quick invoke_super_
 unused_fc unused_fd unused_fe unused_ff]
 	def init_dalvik
-		@valid_props << :canthrow
-		@valid_args = [:i16, :i16_32hi, :i16_64hi, :i32, :iaa, :ib, :icc, :u16, :u32, :u64,
-			:r16, :ra, :raa, :rb, :rbb, :rcc, :rlist16, :rlist4, :rlist5, :m16]
+		@valid_props[:canthrow] = true
+		[:i16, :i16_32hi, :i16_64hi, :i32, :iaa, :ib, :icc, :u16, :u32, :u64,
+		 :r16, :ra, :raa, :rb, :rbb, :rcc, :rlist16, :rlist4, :rlist5,
+		 :m16, :fld16, :typ16, :str16
+		].each { |a| @valid_args[a] = true }
 		@opcode_list = []
 		OPCODES.each_with_index { |n, b|
@@ -80,7 +82,7 @@ unused_fc unused_fd unused_fe unused_ff]
 	def addop_args(op)
 		fmt = case op.name
 		when 'goto'
-  			:fmt10t
+			:fmt10t
 		when 'nop', 'return_void'
 			:fmt10x
 		when 'const_4'
@@ -119,12 +121,16 @@ unused_fc unused_fd unused_fe unused_ff]
 			:fmt20t
 		when 'goto_32'
 			:fmt30t
-		when 'const_string', 'const_class', 'check_cast',
-			'new_instance', 'sget', 'sget_wide', 'sget_object',
+		when 'const_string'
+			:fmt21c_str
+		when 'const_class', 'check_cast',
+			'new_instance'
+			:fmt21c_typ
+		when 'sget', 'sget_wide', 'sget_object',
 			'sget_boolean', 'sget_byte', 'sget_char', 'sget_short',
 			'sput', 'sput_wide', 'sput_object', 'sput_boolean',
 			'sput_byte', 'sput_char', 'sput_short'
-			:fmt21c
+			:fmt21c_fld
 		when 'const_16', 'const_wide_16'
 			:fmt21s
 		when 'if_eqz', 'if_nez', 'if_ltz', 'if_gez', 'if_gtz', 'if_lez'
@@ -214,7 +220,9 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt10t; op.args << :iaa
 		when :fmt20t; op.args << :i16
 		when :fmt20bc; op.args << :iaa << :u16
-		when :fmt21c; op.args << :raa << :u16
+		when :fmt21c_str; op.args << :raa << :str16
+		when :fmt21c_typ; op.args << :raa << :typ16
+		when :fmt21c_fld; op.args << :raa << :fld16
 		when :fmt22x; op.args << :raa << :r16
 		when :fmt21s, :fmt21t; op.args << :raa << :i16
 		when :fmt21h; op.args << :raa << :i16_32hi
@@ -222,7 +230,7 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt23x; op.args << :raa << :rbb << :rcc
 		when :fmt22b; op.args << :raa << :rbb << :icc
 		when :fmt22s, :fmt22t; op.args << :ra << :rb << :i16
-		when :fmt22c, :fmt22cs; op.args << :ra << :rb << :u16
+		when :fmt22c, :fmt22cs; op.args << :ra << :rb << :fld16
 		when :fmt30t; op.args << :i32
 		when :fmt31t, :fmt31c; op.args << :raa << :u32
 		when :fmt32x; op.args << :r16 << :r16
@@ -238,7 +246,7 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt3inline
 			op.args << :r16 << :rlist4
 		when :fmt3rc, :fmt3rms
-		       	# rlist = :r16, :r16+1, :r16+2, ..., :r16+:iaa-1
+			# rlist = :r16, :r16+1, :r16+2, ..., :r16+:iaa-1
 			op.args << :r16 << :rlist16
 		when :fmt51l
 			# u64 = u16 | (u16 << 16) | ...