RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm → metasm}/decode.rb RENAMED

@@ -134,9 +134,10 @@ class EncodedData
 	# bytes from rawsize to virtsize are returned as zeroes
 	# ignores self.relocations
 	def read(len=@virtsize-@ptr)
-		len = @virtsize-@ptr if len > @virtsize-@ptr
-		str = (@ptr < @data.length) ? @data[@ptr, len] : ''
-		str = str.to_str.ljust(len, "\0") if str.length < len
+		vlen = len
+		vlen = @virtsize-@ptr if len > @virtsize-@ptr
+		str = (@ptr < @data.length) ? @data[@ptr, vlen] : ''
+		str = str.to_str.ljust(vlen, "\0") if str.length < vlen
 		@ptr += len
 		str
 	end
@@ -182,7 +183,7 @@ class CPU
 	# returns a DecodedInstruction or nil
 	def decode_instruction(edata, addr)
 		@bin_lookaside ||= build_bin_lookaside
-		di = decode_findopcode edata
+		di = decode_findopcode edata if edata.ptr <= edata.length
 		di.address = addr if di
 		di = decode_instr_op(edata, di) if di
 		decode_instr_interpret(di, addr) if di
@@ -209,5 +210,35 @@ class CPU
 	def delay_slot(di=nil)
 		0
 	end
+	def disassembler_default_func
+		DecodedFunction.new
+	end
+	# return something like backtrace_binding in the forward direction
+	# set pc_reg to some reg name (eg :pc) to include effects on the instruction pointer
+	def get_fwdemu_binding(di, pc_reg=nil)
+		fdi = di.backtrace_binding ||= get_backtrace_binding(di)
+		fdi = fix_fwdemu_binding(di, fdi)
+		if pc_reg
+			if di.opcode.props[:setip]
+				xr = get_xrefs_x(nil, di)
+				if xr and xr.length == 1
+					fdi[pc_reg] = xr[0]
+				else
+					fdi[:incomplete_binding] = Expression[1]
+				end
+			else
+				fdi[pc_reg] = Expression[pc_reg, :+, di.bin_length]
+			end
+		end
+		fdi
+	end
+	# patch a forward binding from the backtrace binding
+	# useful only on specific instructions that update a register *and* dereference that register (eg push)
+	def fix_fwdemu_binding(di, fbd)
+		fbd
+	end
 end
 end

data/{lib/metasm → metasm}/decompile.rb RENAMED

@@ -69,7 +69,7 @@ class Decompiler
 				@c_parser.toplevel.symbol.delete func.name
 				decompile_func(entry)
 				@recurse = pre_recurse
-				if not dcl = @c_parser.toplevel.statements.grep(C::Declaration).find { |decl| decl.var.name == func.name }
+				if not @c_parser.toplevel.statements.grep(C::Declaration).find { |decl| decl.var.name == func.name }
 					@c_parser.toplevel.statements << C::Declaration.new(func)
 				end
 			end
@@ -208,7 +208,7 @@ class Decompiler
 					@c_parser.toplevel.statements.delete_if { |ts| ts.kind_of? C::Declaration and ts.var.name == name }
 					aoff = 1
 					ptype.args.to_a.each { |a|
-				       		aoff = (aoff + @c_parser.typesize[:ptr] - 1) / @c_parser.typesize[:ptr] * @c_parser.typesize[:ptr]
+						aoff = (aoff + @c_parser.typesize[:ptr] - 1) / @c_parser.typesize[:ptr] * @c_parser.typesize[:ptr]
 						f.decompdata[:stackoff_type][aoff] ||= a.type
 						f.decompdata[:stackoff_name][aoff] ||= a.name if a.name
 						aoff += sizeof(a)	# ary ?
@@ -293,7 +293,7 @@ class Decompiler
 					@dasm.function[ta] = DecodedFunction.new
 					puts "autofunc #{Expression[ta]}" if $VERBOSE
 				end
 				if @dasm.function[ta] and type != :subfuncret
 					f = dasm.auto_label_at(ta, 'func')
 					ta = dasm.normalize($1) if f =~ /^thunk_(.*)/
@@ -350,7 +350,7 @@ class Decompiler
 						:include_start => i_s, :no_check => true, :terminals => [:frameptr])
 				if vals.length == 1 and ee = vals.first and (ee.kind_of? Expression and (ee == Expression[:frameptr] or
 						(ee.lexpr == :frameptr and ee.op == :+ and ee.rexpr.kind_of? ::Integer)))
- 					ee
+					ee
 				else e
 				end
 				end
@@ -602,12 +602,12 @@ class Decompiler
 			when C::If
 				patch_test[ce.test]
 				if ce.bthen.kind_of? C::Block
- 					case ce.bthen.statements.length
+					case ce.bthen.statements.length
 					when 1
 						walk(ce.bthen.statements) { |sst| sst.outer = ce.bthen.outer if sst.kind_of? C::Block and sst.outer == ce.bthen }
 						ce.bthen = ce.bthen.statements.first
 					when 0
- 						if not ce.belse and i = ce.bthen.outer.statements.index(ce)
+						if not ce.belse and i = ce.bthen.outer.statements.index(ce)
 							ce.bthen.outer.statements[i] = ce.test	# TODO remove sideeffectless parts
 						end
 					end
@@ -1521,7 +1521,7 @@ class Decompiler
 		tabidx = off / sizeof(st)
 		off -= tabidx * sizeof(st)
 		ptr = C::CExpression[:&, [ptr, :'[]', [tabidx]]] if tabidx != 0 or ptr.type.untypedef.kind_of? C::Array
-		return ptr if off == 0 and (not msz or 	# avoid infinite recursion with eg chained list
+		return ptr if off == 0 and (not msz or	# avoid infinite recursion with eg chained list
 				(ptr.kind_of? C::CExpression and ((ptr.op == :& and not ptr.lexpr and s=ptr.rexpr) or (ptr.op == :'.' and s=ptr)) and
 				not s.type.untypedef.kind_of? C::Union))
@@ -1656,13 +1656,12 @@ class Decompiler
 					ce.rexpr = p if ce.rexpr == v1
 				}
 			}
 		}
 	end
 	# to be run with scope = function body with only CExpr/Decl/Label/Goto/IfGoto/Return, with correct variables types
 	# will transform += 1 to ++, inline them to prev/next statement ('++x; if (x)..' => 'if (++x)..')
- 	# remove useless variables ('int i;', i never used or 'i = 1; j = i;', i never read after => 'j = 1;')
+	# remove useless variables ('int i;', i never used or 'i = 1; j = i;', i never read after => 'j = 1;')
 	# remove useless casts ('(int)i' with 'int i;' => 'i')
 	def optimize(scope)
 		optimize_code(scope)
@@ -1681,7 +1680,7 @@ class Decompiler
 			t2 = t2.pointed.untypedef if t2.pointer? and t2.pointed.untypedef.kind_of? C::Function
 			t1 == t2 or
 			(t1.kind_of? C::Function and t2.kind_of? C::Function and sametype[t1.type, t2.type] and t1.args.to_a.length == t2.args.to_a.length and
-			 	t1.args.to_a.zip(t2.args.to_a).all? { |st1, st2| sametype[st1.type, st2.type] }) or
+				 t1.args.to_a.zip(t2.args.to_a).all? { |st1, st2| sametype[st1.type, st2.type] }) or
 			(t1.kind_of? C::BaseType and t1.integral? and t2.kind_of? C::BaseType and t2.integral? and sizeof(nil, t1) == sizeof(nil, t2)) or
 			(t1.pointer? and t2.pointer? and sametype[t1.type, t2.type])
 		}
@@ -1871,7 +1870,7 @@ class Decompiler
 		when ::Array; exp.any? { |_e| sideeffect _e, scope }
 		when C::Variable; (scope and not scope.symbol[exp.name]) or exp.type.qualifier.to_a.include? :volatile
 		when C::CExpression; (exp.op == :* and not exp.lexpr) or exp.op == :funcall or AssignOp.include?(exp.op) or
-		       		sideeffect(exp.lexpr, scope) or sideeffect(exp.rexpr, scope)
+				sideeffect(exp.lexpr, scope) or sideeffect(exp.rexpr, scope)
 		else true	# failsafe
 		end
 	end
@@ -2009,7 +2008,7 @@ class Decompiler
 			}.compact
 			tw = to - [:write]
- 			if to.include? :split or tw.length > 1
+			if to.include? :split or tw.length > 1
 				:split
 			elsif tw.length == 1
 				tw.first
@@ -2089,7 +2088,7 @@ class Decompiler
 				if (e.op == :'++' or e.op == :'--') and v = (e.lexpr || e.rexpr) and v.kind_of? C::Variable and
 						scope.symbol[v.name] and not v.type.qualifier.to_a.include? :volatile
 					next if !((pos = :post.to_sym) and (oe = find_next_read_bl[label, i, v]) and oe.kind_of? C::CExpression) and
-				   		!((pos = :prev.to_sym) and (oe = find_prev_read[label, i-2, v]) and oe.kind_of? C::CExpression)
+						!((pos = :prev.to_sym) and (oe = find_prev_read[label, i-2, v]) and oe.kind_of? C::CExpression)
 					next if oe.op == :& and not oe.lexpr	# no &(++eax)
 					# merge pre/postincrement into next/prev var usage
@@ -2221,7 +2220,7 @@ class Decompiler
 							}
 							case cnt
 							when 0
- 								break if bad
+								break if bad
 								next
 							when 1	# good
 								break if e.complexity > 10 and ce_.complexity > 3	# try to keep the C readable
@@ -2443,7 +2442,7 @@ class Decompiler
 			end
 			# compare type.type cause var is an Array and the cast is a Pointer
 			countderef[r.rexpr.name] += 1 if r.kind_of? C::CExpression and not r.op and r.rexpr.kind_of? C::Variable and
-		       			sizeof(nil, r.type.type) == sizeof(nil, r.rexpr.type.type) rescue nil
+					sizeof(nil, r.type.type) == sizeof(nil, r.rexpr.type.type) rescue nil
 		}
 		vars.each { |n|
 			if countref[n] == countderef[n]
@@ -2453,7 +2452,7 @@ class Decompiler
 				v.initializer = v.initializer.first if v.initializer.kind_of? ::Array
 				walk_ce(tl) { |ce|
 					if ce.op == :'->' and C::CExpression[ce.lexpr] == C::CExpression[v]
-						ce.op = :'.'
+						ce.op = :'.'
 					elsif ce.lexpr == target
 						ce.lexpr = v
 					end

data/{lib/metasm → metasm}/disassemble.rb RENAMED

@@ -24,6 +24,8 @@ class DecodedInstruction
 	attr_accessor :comment
 	# a cache of the binding used by the backtracker to emulate this instruction
 	attr_accessor :backtrace_binding
+	# used during fixed-size instruction decoding to hold the decoded raw opcode
+	attr_accessor :raw_data
 	# create a new DecodedInstruction with an Instruction whose cpu is the argument
 	# can take an existing Instruction as argument
@@ -233,6 +235,11 @@ class DecodedFunction
 	attr_accessor :finalized
 	# bool, if true the function does not return (eg exit() or ExitProcess())
 	attr_accessor :noreturn
+	# hash stackoff => varname
+	# varname is a single String object shared by all ExpressionStrings (to allow renames)
+	attr_accessor :localvars
+	# hash stack offset => di address
+	attr_accessor :localvars_xrefs
 	# if btbind_callback is defined, calls it with args [dasm, binding, funcaddr, calladdr, expr, origin, maxdepth]
 	# else update lazily the binding from expr.externals, and return backtrace_binding
@@ -264,6 +271,16 @@ class DecodedFunction
 		@backtracked_for = []
 		@backtrace_binding = {}
 	end
+	def get_localvar_stackoff(off, di=nil, str=nil)
+		if di
+			@localvars_xrefs ||= {}
+			@localvars_xrefs[off] ||= []
+			@localvars_xrefs[off] |= [di.address]
+		end
+		@localvars ||= {}
+		@localvars[off] ||= (str || (off > 0 ? 'arg_%X' % off : 'var_%X' % -off))
+	end
 end
 class CPU
@@ -438,7 +455,9 @@ class Disassembler
 		when ::Integer
 		when ::String
 			raise "invalid section base #{base.inspect} - not at section start" if encoded.export[base] and encoded.export[base] != 0
-			raise "invalid section base #{base.inspect} - already seen at #{@prog_binding[base]}" if @prog_binding[base] and @prog_binding[base] != Expression[base]
+			if ed = get_edata_at(base)
+				ed.del_export(base)
+			end
 			encoded.add_export base, 0
 		else raise "invalid section base #{base.inspect} - expected string or integer"
 		end
@@ -451,7 +470,7 @@ class Disassembler
 		# update section_edata.reloc
 		# label -> list of relocs that refers to it
-		@inv_section_reloc = {}
+		@inv_section_reloc ||= {}
 		@sections.each { |b, e|
 			e.reloc.each { |o, r|
 				r.target.externals.grep(::String).each { |ext| (@inv_section_reloc[ext] ||= []) << [b, e, o, r] }
@@ -485,14 +504,16 @@ class Disassembler
 		# add pseudo-xrefs for exe relocs
 		if (not type or type == :reloc) and l = get_label_at(addr) and a = @inv_section_reloc[l]
+			x_more = []
 			a.each { |b, e, o, r|
 				addr = Expression[b]+o
 				# ignore relocs embedded in an already-listed instr
-				x << Xref.new(:reloc, addr) if not x.find { |x_|
+				x_more << Xref.new(:reloc, addr) if not x.find { |x_|
 					next if not x_.origin or not di_at(x_.origin)
-					(addr - x_.origin rescue 50) < @decoded[x_.origin].bin_length
+					(addr - x_.origin) < @decoded[x_.origin].bin_length rescue false
 				}
 			}
+			x.concat x_more
 		end
 		x.each { |x_| yield x_ }
@@ -505,9 +526,18 @@ class Disassembler
 	# parses a C string for function prototypes
 	def parse_c(str, filename=nil, lineno=1)
+		@c_parser_constcache = nil
 		@c_parser ||= @cpu.new_cparser
 		@c_parser.lexer.define_weak('__METASM__DECODE__')
 		@c_parser.parse(str, filename, lineno)
+	rescue ParseError
+		@c_parser.lexer.feed! ''
+		raise
+	end
+	# list the constants ([name, integer value]) defined in the C code (#define / enums)
+	def c_constants
+		@c_parser_constcache ||= @c_parser.numeric_constants
 	end
 	# returns the canonical form of addr (absolute address integer or label of start of section + section offset)
@@ -568,6 +598,7 @@ class Disassembler
 	end
 	# returns a hash associating addr => list of labels at this addr
+	# label_alias[a] may be nil if a new label is created elsewhere in the edata with the same name
 	def label_alias
 		if not @label_alias_cache
 			@label_alias_cache = {}
@@ -622,17 +653,16 @@ class Disassembler
 			if not f.finalized
 				f.finalized = true
 puts "  finalize subfunc #{Expression[addr]}" if debug_backtrace
-				@cpu.backtrace_update_function_binding(self, addr, f, f.return_address)
+				backtrace_update_function_binding(addr, f)
 				if not f.return_address
 					detect_function_thunk(addr)
 				end
 			end
-			@comment[addr] ||= []
 			bd = f.backtrace_binding.reject { |k, v| Expression[k] == Expression[v] or Expression[v] == Expression::Unknown }
 			unk = f.backtrace_binding.map { |k, v| k if v == Expression::Unknown }.compact
 			bd[unk.map { |u| Expression[u].to_s }.sort.join(',')] = Expression::Unknown if not unk.empty?
-			@comment[addr] |= ["function binding: " + bd.map { |k, v| "#{k} -> #{v}" }.sort.join(', ')]
-			@comment[addr] |= ["function ends at " + f.return_address.map { |ra| Expression[ra] }.join(', ')] if f.return_address
+			add_comment(addr, "function binding: " + bd.map { |k, v| "#{k} -> #{v}" }.sort.join(', '))
+			add_comment(addr, "function ends at " + f.return_address.map { |ra| Expression[ra] }.join(', ')) if f.return_address
 		}
 	end
@@ -658,7 +688,7 @@ puts "  finalize subfunc #{Expression[addr]}" if debug_backtrace
 				next if not f = @function[subfunc] or f.finalized
 				f.finalized = true
 puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
-				@cpu.backtrace_update_function_binding(self, subfunc, f, f.return_address)
+				backtrace_update_function_binding(subfunc, f)
 				if not f.return_address
 					detect_function_thunk(subfunc)
 				end
@@ -667,7 +697,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 		if di = @decoded[addr]
 			if di.kind_of? DecodedInstruction
-				split_block(di.block, di.address) if not di.block_head?	# this updates di.block
+				split_block(di.block, di.address, true) if not di.block_head?	# this updates di.block
 				di.block.add_from(from, from_subfuncret ? :subfuncret : :normal) if from and from != :default
 				bf = di.block
 			elsif di == true
@@ -726,20 +756,22 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 	end
 	# splits an InstructionBlock, updates the blocks backtracked_for
-	def split_block(block, address=nil)
+	def split_block(block, address=nil, rebacktrace=false)
 		if not address	# invoked as split_block(0x401012)
 			return if not @decoded[block].kind_of? DecodedInstruction
 			block, address = @decoded[block].block, block
 		end
 		return block if address == block.address
 		new_b = block.split address
-		new_b.backtracked_for.dup.each { |btt|
-			backtrace(btt.expr, btt.address,
-				  :only_upto => block.list.last.address,
-				  :include_start => !btt.exclude_instr, :from_subfuncret => btt.from_subfuncret,
-				  :origin => btt.origin, :orig_expr => btt.orig_expr, :type => btt.type, :len => btt.len,
-				  :detached => btt.detached, :maxdepth => btt.maxdepth)
-		}
+		if rebacktrace
+			new_b.backtracked_for.dup.each { |btt|
+				backtrace(btt.expr, btt.address,
+					  :only_upto => block.list.last.address,
+					  :include_start => !btt.exclude_instr, :from_subfuncret => btt.from_subfuncret,
+					  :origin => btt.origin, :orig_expr => btt.orig_expr, :type => btt.type, :len => btt.len,
+					  :detached => btt.detached, :maxdepth => btt.maxdepth)
+			}
+		end
 		new_b
 	end
@@ -763,8 +795,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 				each_xref(waddr, :w) { |x|
 					#next if off + x.len < 0
 					puts "W: disasm: self-modifying code at #{Expression[waddr]}" if $VERBOSE
-					@comment[di_addr] ||= []
-					@comment[di_addr] |= ["overwritten by #{@decoded[x.origin]}"]
+					add_comment(di_addr, "overwritten by #{@decoded[x.origin]}")
 					@callback_selfmodifying[di_addr] if callback_selfmodifying
 					return
 				}
@@ -775,7 +806,8 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			block.edata.ptr = di_addr - block.address + block.edata_ptr
 			if not di = @cpu.decode_instruction(block.edata, di_addr)
 				ed = block.edata
-				puts "#{ed.ptr >= ed.length ? "end of section reached" : "unknown instruction #{ed.data[di_addr-block.address+block.edata_ptr, 4].to_s.unpack('H*')}"} at #{Expression[di_addr]}" if $VERBOSE
+				break if ed.ptr >= ed.length and get_section_at(di_addr) and di = block.list.last
+				puts "#{ed.ptr >= ed.length ? "end of section reached" : "unknown instruction #{ed.data[di_addr-block.address+block.edata_ptr, 4].to_s.unpack('H*').first}"} at #{Expression[di_addr]}" if $VERBOSE
 				return
 			end
@@ -783,7 +815,18 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			block.add_di di
 			puts di if $DEBUG
-			di = @callback_newinstr[di] if callback_newinstr
+			if callback_newinstr
+				ndi = @callback_newinstr[di]
+				if not ndi or not ndi.block
+					block.list.delete di
+					if ndi
+						block.add_di ndi
+						ndi.bin_length = di.bin_length if ndi.bin_length == 0
+						@decoded[di_addr] = ndi
+					end
+				end
+				di = ndi
+			end
 			return if not di
 			block = di.block
@@ -793,7 +836,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			if not di_addr or di.opcode.props[:stopexec] or not @program.get_xrefs_x(self, di).empty?
 				# do not backtrace until delay slot is finished (eg MIPS: di is a
-			       	#  ret and the delay slot holds stack fixup needed to calc func_binding)
+				#  ret and the delay slot holds stack fixup needed to calc func_binding)
 				# XXX if the delay slot is also xref_x or :stopexec it is ignored
 				delay_slot ||= [di, @cpu.delay_slot(di)]
 			end
@@ -835,6 +878,8 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 		@entrypoints |= entrypoints
 		entrypoints.each { |ep| do_disassemble_fast_deep(normalize(ep)) }
+		@callback_finished[] if callback_finished
 	end
 	def do_disassemble_fast_deep(ep)
@@ -896,8 +941,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			}
 			if func
 				auto_label_at(addr, 'sub', 'loc', 'xref')
-				# XXX use default_btbind_callback ?
-				@function[addr] = DecodedFunction.new
+				@function[addr] = (@function[:default] || DecodedFunction.new).dup
 				@function[addr].finalized = true
 				detect_function_thunk(addr)
 				puts "found new function #{get_label_at(addr)} at #{Expression[addr]}" if $VERBOSE
@@ -909,7 +953,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 	# does not recurse into subfunctions
 	# assumes all :saveip returns, except those pointing to a subfunc with noreturn
 	# yields subfunction addresses (targets of :saveip)
-	# only backtrace for :x with maxdepth 1 (ie handles only basic push+ret)
+	# no backtrace for :x (change with backtrace_maxblocks_fast)
 	# returns a todo-style ary
 	# assumes @addrs_todo is empty
 	def disassemble_fast_block(block, &b)
@@ -927,6 +971,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			# decode instruction
 			block.edata.ptr = di_addr - block.address + block.edata_ptr
 			if not di = @cpu.decode_instruction(block.edata, di_addr)
+				break if block.edata.ptr >= block.edata.length and get_section_at(di_addr) and di = block.list.last
 				return ret
 			end
@@ -934,7 +979,18 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			block.add_di di
 			puts di if $DEBUG
-			di = @callback_newinstr[di] if callback_newinstr
+			if callback_newinstr
+				ndi = @callback_newinstr[di]
+				if not ndi or not ndi.block
+					block.list.delete di
+					if ndi
+						block.add_di ndi
+						ndi.bin_length = di.bin_length if ndi.bin_length == 0
+						@decoded[di_addr] = ndi
+					end
+				end
+				di = ndi
+			end
 			return ret if not di
 			di_addr = di.next_addr
@@ -942,7 +998,9 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			if di.opcode.props[:stopexec] or di.opcode.props[:setip]
 				if di.opcode.props[:setip]
 					@addrs_todo = []
-					@program.get_xrefs_x(self, di).each { |expr|
+					ar = @program.get_xrefs_x(self, di)
+					ar = @callback_newaddr[di.address, ar] || ar if callback_newaddr
+					ar.each { |expr|
 						backtrace(expr, di.address, :origin => di.address, :type => :x, :maxdepth => @backtrace_maxblocks_fast)
 					}
 				end
@@ -965,8 +1023,13 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 			end
 		}
-		di.block.add_to_normal(di_addr)
-		ret << [di_addr, di.address]
+		ar = [di_addr]
+		ar = @callback_newaddr[block.list.last.address, ar] || ar if callback_newaddr
+		ar.each { |a|
+			di.block.add_to_normal(a)
+			ret << [a, di.address]
+		}
+		ret
 	end
 	# handles when disassemble_fast encounters a call to a subfunction
@@ -1037,7 +1100,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 		count = 0
 		while b = block_at(addr)
 			count += 1
-			return if count > 5 or b.list.length > 4
+			return if count > 5 or b.list.length > 5
 			if b.to_subfuncret and not b.to_subfuncret.empty?
 				return if b.to_subfuncret.length != 1
 				addr = normalize(b.to_subfuncret.first)
@@ -1047,7 +1110,7 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 				return if not btb = sf.backtrace_binding
 				btb = btb.dup
 				btb.delete_if { |k, v| Expression[k] == Expression[v] }
-			       	return if btb.length > 2 or btb.values.include? Expression::Unknown
+				return if btb.length > 2 or btb.values.include? Expression::Unknown
 			else
 				return if not bt = b.to_normal
 				if bt.include? :default
@@ -1291,6 +1354,88 @@ puts "  finalize subfunc #{Expression[subfunc]}" if debug_backtrace
 		end
 	end
+	# iterates over all instructions of a function from a given entrypoint
+	# carries an object while walking, the object is yielded every instruction
+	# every block is walked only once, after all previous blocks are done (if possible)
+	# on a 'jz', a [:clone] event is yielded for every path beside the first
+	# on a juction (eg a -> b -> d, a -> c -> d), a [:merge] event occurs if froms have different objs
+	# event list:
+	#  [:di, <addr>, <decoded_instruction>, <object>]
+	#  [:clone, <newaddr>, <oldaddr>, <object>]
+	#  [:merge, <newaddr>, {<oldaddr1> => <object1>, <oldaddr2> => <object2>, ...}, <object1>]
+	#  [:subfunc, <subfunc_addr>, <call_addr>, <object>]
+	# all events should return an object
+	# :merge has a copy of object1 at the end so that uninterested callers can always return args[-1]
+	# if an event returns false, the trace stops for the current branch
+	def function_walk(addr_start, obj_start)
+		# addresses of instrs already seen => obj
+		done = {}
+		todo = [[addr_start, obj_start]]
+		while hop = todo.pop
+			addr, obj = hop
+			next if done.has_key?(done)
+			di = di_at(addr)
+			next if not di
+			if done.empty?
+				dilist = di.block.list[di.block.list.index(di)..-1]
+			else
+				# new block, check all 'from' have been seen
+				if not hop[2]
+					# may retry later
+					all_ok = true
+					di.block.each_from_samefunc(self) { |fa| all_ok = false unless done.has_key?(fa) }
+					if not all_ok
+						todo.unshift([addr, obj, true])
+						next
+					end
+				end
+				froms = {}
+				di.block.each_from_samefunc(self) { |fa| froms[fa] = done[fa] if done[fa] }
+				if froms.values.uniq.length > 1
+					obj = yield([:merge, addr, froms, froms.values.first])
+					next if obj == false
+				end
+				dilist = di.block.list
+			end
+			if dilist.each { |_di|
+					break if done.has_key?(_di.address)	# looped back into addr_start
+					done[_di.address] = obj
+					obj = yield([:di, _di.address, _di, obj])
+					break if obj == false	# also return false for the previous 'if'
+				}
+				from = dilist.last.address
+				if di.block.to_normal and di.block.to_normal[0] and
+						di.block.to_subfuncret and di.block.to_subfuncret[0]
+					# current instruction block calls into a subfunction
+					obj = di.block.to_normal.map { |subf|
+						yield([:subfunc, subf, from, obj])
+					}.first		# propagate 1st subfunc result
+					next if obj == false
+				end
+				wantclone = false
+				di.block.each_to_samefunc(self) { |ta|
+					if wantclone
+						nobj = yield([:clone, ta, from, obj])
+						next if obj == false
+						todo << [ta, nobj]
+					else
+						todo << [ta, obj]
+						wantclone = true
+					end
+				}
+			end
+		end
+	end
 	# holds a backtrace result until a snapshot_addr is encountered
 	class StoppedExpr
 		attr_accessor :exprs
@@ -1356,7 +1501,7 @@ puts "  not backtracking stack address #{expr}" if debug_backtrace
 		end
 		if vals = (no_check ? (!need_backtrace(expr, terminals) and [expr]) : backtrace_check_found(expr,
-				di, origin, type, len, maxdepth, detached))
+				di, origin, type, len, maxdepth, detached, snapshot_addr))
 			# no need to update backtracked_for
 			return vals
 		elsif maxdepth <= 0
@@ -1396,7 +1541,7 @@ puts "  backtrace up #{Expression[h[:addr]]}  #{oldexpr}#{" => #{expr}" if expr
 					if expr != oldexpr and not snapshot_addr and vals = (no_check ?
 							(!need_backtrace(expr, terminals) and [expr]) :
 							backtrace_check_found(expr, nil, origin, type, len,
-								maxdepth-h[:loopdetect].length, detached))
+								maxdepth-h[:loopdetect].length, detached, snapshot_addr))
 						result |= vals
 						next
 					end
@@ -1437,7 +1582,7 @@ puts "  backtrace up #{Expression[h[:from]]}->#{Expression[h[:to]]}  #{oldexpr}#
 				if expr != oldexpr and vals = (no_check ? (!need_backtrace(expr, terminals) and [expr]) :
 						backtrace_check_found(expr, @decoded[h[:from]], origin, type, len,
-							maxdepth-h[:loopdetect].length, detached))
+							maxdepth-h[:loopdetect].length, detached, snapshot_addr))
 					if snapshot_addr
 						expr = StoppedExpr.new vals
 						next expr
@@ -1498,7 +1643,7 @@ oldexpr = expr
 				when :func
 					expr = backtrace_emu_subfunc(h[:func], h[:funcaddr], h[:addr], expr, origin, maxdepth-h[:loopdetect].length)
 					if snapshot_addr and snapshot_addr == h[:funcaddr]
-						# XXX recursiveness detection needs to be fixed
+						# XXX recursiveness detection needs to be fixed
 puts "  backtrace: recursive function #{Expression[h[:funcaddr]]}" if debug_backtrace
 						next false
 					end
@@ -1506,7 +1651,7 @@ puts "  backtrace: recursive function #{Expression[h[:funcaddr]]}" if debug_back
 				end
 puts "  backtrace #{h[:di] || Expression[h[:funcaddr]]}  #{oldexpr} => #{expr}" if debug_backtrace and expr != oldexpr
 				if vals = (no_check ? (!need_backtrace(expr, terminals) and [expr]) : backtrace_check_found(expr,
-						h[:di], origin, type, len, maxdepth-h[:loopdetect].length, detached))
+						h[:di], origin, type, len, maxdepth-h[:loopdetect].length, detached, snapshot_addr))
 					if snapshot_addr
 						expr = StoppedExpr.new vals
 					else
@@ -1588,10 +1733,14 @@ puts "  backtrace addrs_todo << #{Expression[retaddr]} from #{di} (funcret)" if
 		(ab = @address_binding[addr]) ? Expression[expr.bind(ab).reduce] : expr
 	end
+	def backtrace_update_function_binding(addr, func=@function[addr], retaddrs=func.return_address)
+		@cpu.backtrace_update_function_binding(self, addr, func, retaddrs)
+	end
 	# static resolution of indirections
 	def resolve(expr)
 		binding = Expression[expr].expr_indirections.inject(@old_prog_binding) { |binding_, ind|
-			e, b = get_section_at(resolve(ind.target))
+			e = get_edata_at(resolve(ind.target))
 			return expr if not e
 			binding_.merge ind => Expression[ e.decode_imm("u#{8*ind.len}".to_sym, @cpu.endianness) ]
 		}
@@ -1619,7 +1768,7 @@ puts "  backtrace addrs_todo << #{Expression[retaddr]} from #{di} (funcret)" if
 	# TODO trace expr evolution through backtrace, to modify immediates to an expr involving label names
 	# TODO mov [ptr], imm ; <...> ; jmp [ptr] => rename imm as loc_XX
 	#  eg. mov eax, 42 ; add eax, 4 ; jmp eax  =>  mov eax, some_label-4
-	def backtrace_check_found(expr, di, origin, type, len, maxdepth, detached)
+	def backtrace_check_found(expr, di, origin, type, len, maxdepth, detached, snapshot_addr=nil)
 		# only entrypoints or block starts called by a :saveip are checked for being a function
 		# want to execute [esp] from a block start
 		if type == :x and di and di == di.block.list.first and @cpu.backtrace_is_function_return(expr, @decoded[origin]) and (
@@ -1649,11 +1798,14 @@ puts "  backtrace addrs_todo << #{Expression[retaddr]} from #{di} (funcret)" if
 		end
 		return if need_backtrace(expr)
+		if snapshot_addr
+			return if expr.expr_externals(true).find { |ee| ee.kind_of?(Indirection) }
+		end
 puts "backtrace #{type} found #{expr} from #{di} orig #{@decoded[origin] || Expression[origin] if origin}" if debug_backtrace
 		result = backtrace_value(expr, maxdepth)
 		# keep the ori pointer in the results to emulate volatile memory (eg decompiler prefers this)
-		result << expr if not type
+		#result << expr if not type	# XXX returning multiple values for nothing is too confusing, TODO fix decompiler
 		result.uniq!
 		# create xrefs/labels
@@ -1695,7 +1847,7 @@ puts "backtrace #{type} found #{expr} from #{di} orig #{@decoded[origin] || Expr
 		ret = []
 		decode_imm = lambda { |addr, len|
-			edata, foo = get_section_at(addr)
+			edata = get_edata_at(addr)
 			if edata
 				Expression[ edata.decode_imm("u#{8*len}".to_sym, @cpu.endianness) ]
 			else
@@ -1803,7 +1955,7 @@ puts "   backtrace_indirection for #{ind.target} failed: #{ev}" if debug_backtra
 		# TODO trace expression evolution to allow handling of
 		#  mov eax, 28 ; add eax, 4 ; jmp eax
 		#  => mov eax, (loc_xx-4)
-		if di and not unk # and di.address == origin
+		if di and not unk and expr != n # and di.address == origin
 			@cpu.replace_instr_arg_immediate(di.instruction, expr, n)
 		end
 		if @decoded[origin] and not unk
@@ -1850,6 +2002,10 @@ puts "   backtrace_indirection for #{ind.target} failed: #{ev}" if debug_backtra
 		end
 	end
+	def inspect
+		"<Metasm::Disassembler @%x>" % object_id
+	end
 	def to_s
 		a = ''
 		dump { |l| a << l << "\n" }
@@ -1916,7 +2072,7 @@ puts "   backtrace_indirection for #{ind.target} failed: #{ev}" if debug_backtra
 		if not xr.empty?
 			b["\n// Xrefs: #{xr[0, 8].join(' ')}#{' ...' if xr.length > 8}"]
 		end
-		if block.edata.inv_export[block.edata_ptr]
+		if block.edata.inv_export[block.edata_ptr] and label_alias[block.address]
 			b["\n"] if xr.empty?
 			label_alias[block.address].each { |name| b["#{name}:"] }
 		end
@@ -1933,8 +2089,8 @@ puts "   backtrace_indirection for #{ind.target} failed: #{ev}" if debug_backtra
 	# TODO array-style data access
 	def dump_data(addr, edata, off, &b)
 		b ||= lambda { |l| puts l }
-		if l = edata.inv_export[off]
-			l_list = label_alias[addr].to_a.sort
+		if l = edata.inv_export[off] and label_alias[addr]
+			l_list = label_alias[addr].sort
 			l = l_list.pop || l
 			l_list.each { |ll|
 				b["#{ll}:"]