RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

@@ -0,0 +1,63 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class CY16 < CPU
+	class Reg
+		class << self
+			attr_accessor :s_to_i, :i_to_s
+		end
+		@i_to_s = (0..14).inject({}) { |h, i| h.update i => "r#{i}" }
+		@i_to_s[15] = 'sp'
+		@s_to_i = @i_to_s.invert
+		attr_accessor :i
+		def initialize(i)
+			@i = i
+		end
+		def symbolic(orig=nil) ; to_s.to_sym ; end
+		def self.from_str(s)
+			raise "Bad name #{s.inspect}" if not x = @s_to_i[s]
+			new(x)
+		end
+	end
+	class Memref
+		attr_accessor :base, :offset, :sz, :autoincr
+		def initialize(base, offset, sz=nil, autoincr=nil)
+			@base = base
+			offset = Expression[offset] if offset
+			@offset = offset
+			@sz = sz
+			@autoincr = autoincr
+		end
+		def symbolic(orig)
+			p = nil
+			p = Expression[p, :+, @base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p.reduce, @sz, orig]
+		end
+	end
+	def initialize(family = :latest)
+		super()
+		@endianness = :little
+		@size = 16
+		@family = family
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+end
+end

data/metasm/cpu/cy16/opcodes.rb ADDED

@@ -0,0 +1,78 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/main'
+module Metasm
+class CY16
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.args << a if @fields_mask[a] or @valid_args[a]
+			o.props[a] = true if @valid_props[a]
+			o.fields[a] = @fields_shift[a] if @fields_mask[a]
+			raise "wtf #{a.inspect}" unless @valid_args[a] or @valid_props[a] or @fields_mask[a]
+		}
+		@opcode_list << o
+	end
+	def addop_macrocc(name, bin, *args)
+		%w[z nz b ae s ns o no a be g ge l le].each_with_index { |cc, i|
+			dbin = bin
+			dbin |= i << 8
+			addop name + cc, dbin, *args
+		}
+	end
+	def init_cy16
+		@opcode_list = []
+		@valid_args.update [:rs, :rd, :o7
+		].inject({}) { |h, v| h.update v => true }
+		@fields_mask.update :rs => 0x3f, :rd => 0x3f, :o7 => 0x7f, :x7 => 0x7f, :u3 => 7
+		@fields_shift.update :rs => 6, :rd => 0, :o7 => 0, :x7 => 0, :u3 => 6
+		addop 'mov', 0<<12, :rs, :rd
+		addop 'add', 1<<12, :rs, :rd
+		addop 'adc', 2<<12, :rs, :rd
+		addop 'addc',2<<12, :rs, :rd
+		addop 'sub', 3<<12, :rs, :rd
+		addop 'sbb', 4<<12, :rs, :rd
+		addop 'subb',4<<12, :rs, :rd
+		addop 'cmp', 5<<12, :rs, :rd
+		addop 'and', 6<<12, :rs, :rd
+		addop 'test',7<<12, :rs, :rd
+		addop 'or',  8<<12, :rs, :rd
+		addop 'xor', 9<<12, :rs, :rd
+		addop_macrocc 'int', (10<<12), :x7
+		addop 'int', (10<<12) | (15<<8), :x7
+		addop_macrocc 'c', (10<<12) | (1<<7), :setip, :saveip, :rd
+		addop 'call',(10<<12) | (15<<8) | (1<<7), :setip, :stopexec, :saveip, :rd
+		addop_macrocc 'r', (12<<12) | (1<<7) | 0b010111, :setip	# must come before absolute jmp
+		addop 'ret', (12<<12) | (15<<8) | (1<<7) | 0b010111, :setip, :stopexec
+		addop_macrocc 'j', (12<<12), :setip, :o7	# relative
+		addop 'jmp', (12<<12) | (15<<8), :setip, :stopexec, :o7	# relative
+		addop_macrocc 'j', (12<<12) | (1<<7), :setip, :rd	# absolute
+		addop 'jmp', (12<<12) | (15<<8) | (1<<7), :setip, :stopexec, :rd	# absolute
+		addop 'shr', (13<<12) | (0<<9), :u3, :rd
+		addop 'shl', (13<<12) | (1<<9), :u3, :rd
+		addop 'ror', (13<<12) | (2<<9), :u3, :rd
+		addop 'rol', (13<<12) | (3<<9), :u3, :rd
+		addop 'addi',(13<<12) | (4<<9), :u3, :rd
+		addop 'subi',(13<<12) | (5<<9), :u3, :rd
+		addop 'not', (13<<12) | (7<<9) | (0<<6), :rd
+		addop 'neg', (13<<12) | (7<<9) | (1<<6), :rd
+		addop 'cbw', (13<<12) | (7<<9) | (4<<6), :rd
+		addop 'sti', (13<<12) | (7<<9) | (7<<6) | 0
+		addop 'cli', (13<<12) | (7<<9) | (7<<6) | 1
+		addop 'stc', (13<<12) | (7<<9) | (7<<6) | 2
+		addop 'clc', (13<<12) | (7<<9) | (7<<6) | 3
+	end
+	alias init_latest init_cy16
+end
+end

data/metasm/cpu/cy16/render.rb ADDED

@@ -0,0 +1,41 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/cy16/opcodes'
+require 'metasm/render'
+module Metasm
+class CY16
+	class Reg
+		include Renderable
+		def render ; [self.class.i_to_s[@i]] end
+	end
+	class Memref
+		include Renderable
+		def render
+			r = []
+			r << (@sz == 1 ? 'byte ptr ' : 'word ptr ')
+			r << '['
+			r << @base if @base
+			r << '++' if @autoincr
+			r << ' + ' if @base and @offset
+			r << @offset if @offset
+			r << ']'
+		end
+	end
+	def render_instruction(i)
+		r = []
+		r << i.opname
+		if not i.args.empty?
+			r << ' '
+			i.args.each { |a_| r << a_ << ', ' }
+			r.pop
+		end
+		r
+	end
+end
+end

data/metasm/cpu/dalvik.rb ADDED

@@ -0,0 +1,11 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+class Metasm::Dalvik < Metasm::CPU
+end
+require 'metasm/main'
+require 'metasm/cpu/dalvik/decode'

data/{lib/metasm → metasm/cpu}/dalvik/decode.rb RENAMED

@@ -3,7 +3,7 @@
 #
 #    Licence is LGPL, see LICENCE in the top-level directory
-require 'metasm/dalvik/opcodes'
+require 'metasm/cpu/dalvik/opcodes'
 require 'metasm/decode'
 module Metasm
@@ -12,7 +12,7 @@ class Dalvik
 	end
 	def decode_findopcode(edata)
-		return if edata.ptr >= edata.data.length
+		return if edata.ptr+2 > edata.length
 		di = DecodedInstruction.new(self)
 		di.opcode = opcode_list[edata.decode_imm(:u16, @endianness) & 0xff]
 		edata.ptr -= 2
@@ -22,7 +22,7 @@ class Dalvik
 	def decode_instr_op(edata, di)
 		op = di.opcode
 		di.instruction.opname = op.name
 		val = [edata.decode_imm(:u16, @endianness)]
 		op.args.each { |a|
@@ -80,7 +80,7 @@ class Dalvik
 				Expression[Expression.make_signed((val[1] >> 8) & 0xff, 8)]
 			when :rlist4, :rlist5
 				cnt = (val[0] >> 12) & 0xf
-			       	val << edata.decode_imm(:u16, @endianness)
+				val << edata.decode_imm(:u16, @endianness)
 				[cnt, 4].min.times {
 					di.instruction.args << Reg.new(val[-1] & 0xf)
 					val[-1] >>= 4
@@ -96,20 +96,40 @@ class Dalvik
 				next
 			when :m16
 				val << edata.decode_imm(:u16, @endianness)
-				Method.new(@dex, val.last)
+				DexMethod.new(@dex, val.last)
+			when :fld16
+				val << edata.decode_imm(:u16, @endianness)
+				DexField.new(@dex, val.last)
+			when :typ16
+				val << edata.decode_imm(:u16, @endianness)
+				DexType.new(@dex, val.last)
+			when :str16
+				val << edata.decode_imm(:u16, @endianness)
+				DexString.new(@dex, val.last)
 			else raise SyntaxError, "Internal error: invalid argument #{a} in #{op.name}"
 			end
 		}
 		di.bin_length = val.length*2
+		return if edata.ptr > edata.length
+		di
+	end
+	def decode_instr_interpret(di, addr)
+		if di.opcode.props[:setip] and di.instruction.args.last.kind_of? Expression and di.instruction.opname =~ /^if|^goto/
+			arg = Expression[addr, :+, [di.instruction.args.last, :*, 2]].reduce
+			di.instruction.args[-1] = Expression[arg]
+		end
 		di
 	end
 	def backtrace_binding
 		@backtrace_binding ||= init_backtrace_binding
 	end
 	def init_backtrace_binding
 		@backtrace_binding ||= {}
 		sz = @size/8
@@ -117,12 +137,12 @@ class Dalvik
 			case op.name
 			when /invoke/
 				@backtrace_binding[op.name] = lambda { |di, *args| {
-					:callstack => Expression[:callstack, :-, sz],
+					:callstack => Expression[:callstack, :-, sz],
 					Indirection[:callstack, sz] => Expression[di.next_addr]
 				} }
 			when /return/
 				@backtrace_binding[op.name] = lambda { |di, *args| {
-			       		:callstack => Expression[:callstack, :+, sz]
+					:callstack => Expression[:callstack, :+, sz]
 				} }
 			end
 		}
@@ -136,9 +156,9 @@ class Dalvik
 			else arg
 			end
 		}
 		if binding = backtrace_binding[di.opcode.name]
-			bd = binding[di, *a]
+			binding[di, *a]
 		else
 			puts "unhandled instruction to backtrace: #{di}" if $VERBOSE
 			# assume nothing except the 1st arg is modified
@@ -150,18 +170,20 @@ class Dalvik
 		end
 	end
 	def get_xrefs_x(dasm, di)
 		if di.opcode.props[:saveip]
 			m = di.instruction.args.first
-			if m.kind_of? Method and m.off
+			if m.kind_of?(DexMethod) and m.off
 				[m.off]
 			else
 				[:default]
 			end
 		elsif di.opcode.props[:setip]
-			if di.opcode.name =~ /return/
+			if di.opcode.name =~ /^return/
 				[Indirection[:callstack, @size/8]]
+			elsif di.opcode.name =~ /^if|^goto/
+				[di.instruction.args.last]
 			else
 				[]	# [di.instruction.args.last]
 			end

data/{lib/metasm → metasm/cpu}/dalvik/main.rb RENAMED

@@ -23,13 +23,14 @@ class Dalvik < CPU
 		end
 	end
-	class Method
+	class DexMethod
 		attr_accessor :dex, :midx, :off
 		def initialize(dex, midx)
 			@dex = dex
 			@midx = midx
 			if @dex and m = @dex.methods[midx] and c = @dex.classes[m.classidx] and c.data and
-				me = (c.data.direct_methods+c.data.virtual_methods).find { |mm| mm.method == m }
+				me = (c.data.direct_methods+c.data.virtual_methods).find { |mm| mm.methodid == midx }
+				# FIXME this doesnt work
 				@off = me.codeoff + me.code.insns_off
 			end
 		end
@@ -44,6 +45,54 @@ class Dalvik < CPU
 		end
 	end
+	class DexField
+		attr_accessor :dex, :fidx
+		def initialize(dex, fidx)
+			@dex = dex
+			@fidx = fidx
+		end
+		def to_s
+			if @dex and f = @dex.fields[@fidx]
+				@dex.types[f.classidx] + '->' + @dex.strings[f.nameidx]
+			else
+				"field_#@fidx"
+			end
+		end
+	end
+	class DexType
+		attr_accessor :dex, :tidx
+		def initialize(dex, tidx)
+			@dex = dex
+			@tidx = tidx
+		end
+		def to_s
+			if @dex and f = @dex.types[@tidx]
+				f
+			else
+				"type_#@tidx"
+			end
+		end
+	end
+	class DexString
+		attr_accessor :dex, :sidx
+		def initialize(dex, sidx)
+			@dex = dex
+			@sidx = sidx
+		end
+		def to_s
+			if @dex and f = @dex.strings[@sidx]
+				f.inspect
+			else
+				"string_#@sidx"
+			end
+		end
+	end
 	def initialize(*args)
 		super()
 		@size = args.grep(Integer).first || 32

data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb RENAMED

@@ -11,7 +11,7 @@
 # the opcode number is in the low-order byte, and determines the
 # argument format, which may take up to 4 other words
-require 'metasm/dalvik/main'
+require 'metasm/cpu/dalvik/main'
 module Metasm
 class Dalvik
@@ -61,9 +61,11 @@ invoke_virtual_quick invoke_virtual_quick_range invoke_super_quick invoke_super_
 unused_fc unused_fd unused_fe unused_ff]
 	def init_dalvik
-		@valid_props << :canthrow
-		@valid_args = [:i16, :i16_32hi, :i16_64hi, :i32, :iaa, :ib, :icc, :u16, :u32, :u64,
-			:r16, :ra, :raa, :rb, :rbb, :rcc, :rlist16, :rlist4, :rlist5, :m16]
+		@valid_props[:canthrow] = true
+		[:i16, :i16_32hi, :i16_64hi, :i32, :iaa, :ib, :icc, :u16, :u32, :u64,
+		 :r16, :ra, :raa, :rb, :rbb, :rcc, :rlist16, :rlist4, :rlist5,
+		 :m16, :fld16, :typ16, :str16
+		].each { |a| @valid_args[a] = true }
 		@opcode_list = []
 		OPCODES.each_with_index { |n, b|
@@ -80,7 +82,7 @@ unused_fc unused_fd unused_fe unused_ff]
 	def addop_args(op)
 		fmt = case op.name
 		when 'goto'
-  			:fmt10t
+			:fmt10t
 		when 'nop', 'return_void'
 			:fmt10x
 		when 'const_4'
@@ -119,12 +121,16 @@ unused_fc unused_fd unused_fe unused_ff]
 			:fmt20t
 		when 'goto_32'
 			:fmt30t
-		when 'const_string', 'const_class', 'check_cast',
-			'new_instance', 'sget', 'sget_wide', 'sget_object',
+		when 'const_string'
+			:fmt21c_str
+		when 'const_class', 'check_cast',
+			'new_instance'
+			:fmt21c_typ
+		when 'sget', 'sget_wide', 'sget_object',
 			'sget_boolean', 'sget_byte', 'sget_char', 'sget_short',
 			'sput', 'sput_wide', 'sput_object', 'sput_boolean',
 			'sput_byte', 'sput_char', 'sput_short'
-			:fmt21c
+			:fmt21c_fld
 		when 'const_16', 'const_wide_16'
 			:fmt21s
 		when 'if_eqz', 'if_nez', 'if_ltz', 'if_gez', 'if_gtz', 'if_lez'
@@ -214,7 +220,9 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt10t; op.args << :iaa
 		when :fmt20t; op.args << :i16
 		when :fmt20bc; op.args << :iaa << :u16
-		when :fmt21c; op.args << :raa << :u16
+		when :fmt21c_str; op.args << :raa << :str16
+		when :fmt21c_typ; op.args << :raa << :typ16
+		when :fmt21c_fld; op.args << :raa << :fld16
 		when :fmt22x; op.args << :raa << :r16
 		when :fmt21s, :fmt21t; op.args << :raa << :i16
 		when :fmt21h; op.args << :raa << :i16_32hi
@@ -222,7 +230,7 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt23x; op.args << :raa << :rbb << :rcc
 		when :fmt22b; op.args << :raa << :rbb << :icc
 		when :fmt22s, :fmt22t; op.args << :ra << :rb << :i16
-		when :fmt22c, :fmt22cs; op.args << :ra << :rb << :u16
+		when :fmt22c, :fmt22cs; op.args << :ra << :rb << :fld16
 		when :fmt30t; op.args << :i32
 		when :fmt31t, :fmt31c; op.args << :raa << :u32
 		when :fmt32x; op.args << :r16 << :r16
@@ -238,7 +246,7 @@ unused_fc unused_fd unused_fe unused_ff]
 		when :fmt3inline
 			op.args << :r16 << :rlist4
 		when :fmt3rc, :fmt3rms
-		       	# rlist = :r16, :r16+1, :r16+2, ..., :r16+:iaa-1
+			# rlist = :r16, :r16+1, :r16+2, ..., :r16+:iaa-1
 			op.args << :r16 << :rlist16
 		when :fmt51l
 			# u64 = u16 | (u16 << 16) | ...