RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm → metasm}/encode.rb RENAMED

@@ -271,7 +271,16 @@ class Expression
 	def encode(type, endianness, backtrace=nil)
 		case val = reduce
 		when Integer; EncodedData.new Expression.encode_imm(val, type, endianness, backtrace)
-		else          EncodedData.new([0].pack('C')*(INT_SIZE[type]/8), :reloc => {0 => Relocation.new(self, type, endianness, backtrace)})
+		else
+			str = case INT_SIZE[type]
+			      when  8; "\0"
+			      when 16; "\0\0"
+			      when 32; "\0\0\0\0"
+			      when 64; "\0\0\0\0\0\0\0\0"
+			      else [0].pack('C')*(INT_SIZE[type]/8)
+			      end
+			str = str.force_encoding('BINARY') if str.respond_to?(:force_encoding)
+			EncodedData.new(str, :reloc => {0 => Relocation.new(self, type, endianness, backtrace)})
 		end
 	end

data/{lib/metasm → metasm}/exe_format/a_out.rb RENAMED

@@ -58,7 +58,7 @@ class AOut < ExeFormat
 	class Relocation < SerialStruct
 		word :address
 		bitfield :word, 0 => :symbolnum, 24 => :pcrel, 25 => :length,
- 			27 => :extern, 28 => :baserel, 29 => :jmptable, 30 => :relative, 31 => :rtcopy
+			27 => :extern, 28 => :baserel, 29 => :jmptable, 30 => :relative, 31 => :rtcopy
 		fld_enum :length, 0 => 1, 1 => 2, 2 => 4, 3 => 8
 		fld_default :length, 4
 	end
@@ -68,7 +68,7 @@ class AOut < ExeFormat
 		bitfield :byte, 0 => :extern, 1 => :type, 5 => :stab
 		byte :other
 		half :desc
- 		word :value
+		word :value
 		attr_accessor :name
 		def decode(aout, strings=nil)
@@ -93,6 +93,9 @@ class AOut < ExeFormat
 	def encode_byte(w) Expression[w].encode(:u8 , @endianness) end
 	def encode_half(w) Expression[w].encode(:u16, @endianness) end
 	def encode_word(w) Expression[w].encode(:u32, @endianness) end
+	def sizeof_byte ; 1 ; end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
 	def initialize(cpu = nil)
 		@endianness = cpu ? cpu.endianness : :little
@@ -119,11 +122,11 @@ class AOut < ExeFormat
 		@data = EncodedData.new << @encoded.read(@header.data)
-		textrel = @encoded.read @header.trsz
-		datarel = @encoded.read @header.drsz
-		syms    = @encoded.read @header.syms
-		strings = @encoded.read
 		# TODO
+		#textrel = @encoded.read @header.trsz
+		#datarel = @encoded.read @header.drsz
+		#syms    = @encoded.read @header.syms
+		#strings = @encoded.read
 	end
 	def encode

data/{lib/metasm → metasm}/exe_format/autoexe.rb RENAMED

@@ -58,6 +58,7 @@ register_signature("\xca\xfe\xba\xbe") { UniversalBinary }
 register_signature("dex\n") { DEX }
 register_signature("dey\n") { DEY }
 register_signature("\xfa\x70\x0e\x1f") { FatELF }
+register_signature("\x50\x4b\x03\x04") { ZIP }
 register_signature('Metasm.dasm') { Disassembler }
 # replacement for AutoExe where #load defaults to a Shellcode of the specified CPU

data/{lib/metasm → metasm}/exe_format/bflt.rb RENAMED

@@ -9,6 +9,7 @@ require 'metasm/decode'
 module Metasm
 # BFLT is the binary flat format used by the uClinux
+# from examining a v4 binary, it looks like the header is discarded and the file is mapped from 0x40 to memory address 0 (wrt relocations)
 class Bflt < ExeFormat
 	MAGIC = 'bFLT'
 	FLAGS = { 1 => 'RAM', 2 => 'GOTPIC', 4 => 'GZIP' }
@@ -29,13 +30,20 @@ class Bflt < ExeFormat
 			when MAGIC
 			else raise InvalidExeFormat, "Bad bFLT signature #@magic"
 			end
+			if @rev >= 0x01000000 and (@rev & 0x00f0ffff) == 0
+				puts "Bflt: probable wrong endianness, retrying" if $VERBOSE
+				exe.endianness = { :big => :little, :little => :big }[exe.endianness]
+				exe.encoded.ptr -= 4*16
+				super(exe)
+			end
 		end
 		def set_default_values(exe)
 			@magic ||= MAGIC
 			@rev ||= 4
 			@entry ||= 0x40
-			@data_start ||= @entry + exe.text.length if exe.text
+			@data_start ||= 0x40 + exe.text.length if exe.text
 			@data_end ||= @data_start + exe.data.data.length if exe.data
 			@bss_end ||= @data_start + exe.data.length if exe.data
 			@stack_size ||= 0x1000
@@ -49,7 +57,9 @@ class Bflt < ExeFormat
 	def decode_word(edata = @encoded) edata.decode_imm(:u32, @endianness) end
 	def encode_word(w) Expression[w].encode(:u32, @endianness) end
+	def sizeof_word ; 4 ; end
+	attr_accessor :endianness
 	def initialize(cpu = nil)
 		@endianness = cpu ? cpu.endianness : :little
 		@header = Header.new
@@ -61,17 +71,17 @@ class Bflt < ExeFormat
 	def decode_header
 		@encoded.ptr = 0
 		@header.decode(self)
+		@encoded.add_export(new_label('entrypoint'), @header.entry)
 	end
 	def decode
 		decode_header
-		@encoded.ptr = @header.entry
-		@text = EncodedData.new << @encoded.read(@header.data_start - @header.entry)
-		@data = EncodedData.new << @encoded.read(@header.data_end - @header.data_start)
-		@data.virtsize += (@header.bss_end - @header.data_end)
+		@text = @encoded[0x40...@header.data_start]
+		@data = @encoded[@header.data_start...@header.data_end]
+		@data.virtsize += @header.bss_end - @header.data_end
-		if @header.flags.include? 'GZIP'
+		if @header.flags.include?('GZIP')
 			# TODO gzip
 			raise 'bFLT decoder: gzip format not supported'
 		end
@@ -79,7 +89,7 @@ class Bflt < ExeFormat
 		@reloc = []
 		@encoded.ptr = @header.reloc_start
 		@header.reloc_count.times { @reloc << decode_word }
-		if @header.version == 2
+		if @header.rev == 2
 			@reloc.map! { |r| r & 0x3fff_ffff }
 		end
@@ -87,32 +97,29 @@ class Bflt < ExeFormat
 	end
 	def decode_interpret_relocs
+		textsz = @header.data_start-0x40
 		@reloc.each { |r|
 			# where the reloc is
-			if r >= @header.entry and r < @header.data_start
+			if r < textsz
 				section = @text
-				base = @header.entry
-			elsif r >= @header.data_start and r < @header.data_end
-				section = @data
-				base = @header.data_start
+				off = section.ptr = r
 			else
-				puts "out of bounds reloc at #{Expression[r]}" if $VERBOSE
-				next
+				section = @data
+				off = section.ptr = r-textsz
 			end
 			# what it points to
-			section.ptr = r-base
 			target = decode_word(section)
-			if target >= @header.entry and target < @header.data_start
-				target = label_at(@text, target - @header.entry, "xref_#{Expression[target]}")
-			elsif target >= @header.data_start and target < @header.bss_end
-				target = label_at(@data, target - @header.data_start, "xref_#{Expression[target]}")
+			if target < textsz
+				target = label_at(@text, target, "xref_#{Expression[target]}")
+			elsif target < @header.bss_end-0x40
+				target = label_at(@data, target-textsz, "xref_#{Expression[target]}")
 			else
-				puts "out of bounds reloc target at #{Expression[r]}" if $VERBOSE
+				puts "out of bounds reloc target #{Expression[target]} at #{Expression[r]}" if $VERBOSE
 				next
 			end
-			@text.reloc[r-base] = Relocation.new(Expression[target], :u32, @endianness)
+			section.reloc[off] = Relocation.new(Expression[target], :u32, @endianness)
 		}
 	end
@@ -127,8 +134,8 @@ class Bflt < ExeFormat
 		@encoded = EncodedData.new
 		@encoded << @header.encode(self)
-		binding = @text.binding(@header.entry).merge(@data.binding(@header.data_start))
+		binding = @text.binding(0x40).merge(@data.binding(@header.data_start))
 		@encoded << @text << @data.data
 		@encoded.fixup! binding
 		@encoded.reloc.clear
@@ -143,7 +150,7 @@ class Bflt < ExeFormat
 		mapaddr = new_label('mapaddr')
 		binding = @text.binding(mapaddr).merge(@data.binding(mapaddr))
 		[@text, @data].each { |section|
-			base = @header.entry || 0x40
+			base = 0x40	# XXX maybe 0 ?
 			base = @header.data_start || base+@text.length if section == @data
 			section.reloc.each { |o, r|
 				if r.endianness == @endianness and [:u32, :a32, :i32].include? r.type and
@@ -167,7 +174,16 @@ class Bflt < ExeFormat
 		case instr.raw.downcase
 		when '.text'; @cursource = @textsrc
 		when '.data'; @cursource = @datasrc
-		# entrypoint is the 1st byte of .text
+		when '.entrypoint'
+			# ".entrypoint <somelabel/expression>" or ".entrypoint" (here)
+			@lexer.skip_space
+			if tok = @lexer.nexttok and tok.type == :string
+				raise instr if not entrypoint = Expression.parse(@lexer)
+			else
+				entrypoint = new_label('entrypoint')
+				@cursource << Label.new(entrypoint, instr.backtrace.dup)
+			end
+			@header.entry = entrypoint
 		else super(instr)
 		end
 	end
@@ -181,9 +197,23 @@ class Bflt < ExeFormat
 		self
 	end
+	def get_default_entrypoints
+		['entrypoint']
+	end
 	def each_section
-		yield @text, @header.entry
-		yield @data, @header.data_start
+		yield @text, 0
+		yield @data, @header.data_start - @header.entry
+	end
+	def section_info
+		[['.text', 0, @text.length, 'rx'],
+		 ['.data', @header.data_addr-0x40, @data.data.length, 'rw'],
+		 ['.bss',  @header.data_end-0x40,  @data.length-@data.data.length, 'rw']]
+	end
+	def module_symbols
+		['entrypoint', @header.entry-0x40]
 	end
 end
 end

data/{lib/metasm → metasm}/exe_format/coff.rb RENAMED

@@ -81,7 +81,7 @@ class COFF < ExeFormat
 		11 => 'UNION_MEMBER', 12 => 'UNION_TAG', 13 => 'TYPEDEF', 14 => 'UNDEF_STATIC',
 		15 => 'ENUM_TAG', 16 => 'ENUM_MEMBER', 17 => 'REG_PARAM', 18 => 'BIT_FIELD',
 		100 => 'BLOCK', 101 => 'FUNCTION', 102 => 'END_STRUCT',
-	       	103 => 'FILE', 104 => 'SECTION', 105 => 'WEAK_EXT',
+		103 => 'FILE', 104 => 'SECTION', 105 => 'WEAK_EXT',
 	}
 	DEBUG_TYPE = { 0 => 'UNKNOWN', 1 => 'COFF', 2 => 'CODEVIEW', 3 => 'FPO', 4 => 'MISC',
@@ -140,7 +140,7 @@ class COFF < ExeFormat
 		bytes :link_ver_maj, :link_ver_min
 		words :code_size, :data_size, :udata_size, :entrypoint, :base_of_code
 		# base_of_data does not exist in 64-bit
-		new_field(:base_of_data, lambda { |exe, hdr| exe.decode_word if exe.bitsize != 64 }, lambda { |exe, hdr, val| exe.encode_word(val) if exe.bitsize != 64 }, 0)
+		new_field(:base_of_data, lambda { |exe, hdr| exe.decode_word if exe.bitsize != 64 }, lambda { |exe, hdr, val| exe.encode_word(val) if exe.bitsize != 64 }, lambda { |exe, hdr| exe.bitsize != 64 ? 4 : 0 }, 0)
 		# NT-specific fields
 		xword :image_base
 		words :sect_align, :file_align
@@ -264,7 +264,7 @@ class COFF < ExeFormat
 	class TLSDirectory < SerialStruct
 		xwords :start_va, :end_va, :index_addr, :callback_p
- 		words :zerofill_sz, :characteristics
+		words :zerofill_sz, :characteristics
 		attr_accessor :callbacks
 	end
@@ -413,6 +413,11 @@ class COFF < ExeFormat
 	end
 	def shortname; 'coff'; end
+	def sizeof_byte ; 1 ; end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
+	def sizeof_xword ; @bitsize == 32 ? 4 : 8 ; end
 end
 # the COFF archive file format
@@ -448,6 +453,9 @@ class COFFArchive < ExeFormat
 	def member(name)
 		@members.find { |m| m.name == name }
 	end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
 end
 end

data/{lib/metasm → metasm}/exe_format/coff_decode.rb RENAMED

@@ -17,13 +17,15 @@ class COFF
 		# decodes a COFF optional header from coff.cursection
 		# also decodes directories in coff.directory
 		def decode(coff)
-			return set_default_values(coff) if coff.header.size_opthdr == 0
+			return set_default_values(coff) if coff.header.size_opthdr == 0 and not coff.header.characteristics.include?('EXECUTABLE_IMAGE')
+			off = coff.curencoded.ptr
 			super(coff)
+			nrva = (coff.header.size_opthdr - (coff.curencoded.ptr - off)) / 8
+			nrva = @numrva if nrva < 0
-			nrva = @numrva
-			if @numrva > DIRECTORIES.length
-				puts "W: COFF: Invalid directories count #{@numrva}" if $VERBOSE
-				nrva = DIRECTORIES.length
+			if nrva > DIRECTORIES.length or nrva != @numrva
+				puts "W: COFF: Weird directories count #{@numrva}" if $VERBOSE
+				nrva = DIRECTORIES.length if nrva > DIRECTORIES.length
 			end
 			coff.directory = {}
@@ -171,17 +173,17 @@ class COFF
 	end
 	class ResourceDirectory
-		def decode(coff, edata = coff.curencoded, startptr = edata.ptr)
+		def decode(coff, edata = coff.curencoded, startptr = edata.ptr, maxdepth=3)
 			super(coff, edata)
 			@entries = []
 			nrnames = @nr_names if $DEBUG
 			(@nr_names+@nr_id).times {
- 				e = Entry.new
+				e = Entry.new
- 				e_id = coff.decode_word(edata)
- 				e_ptr = coff.decode_word(edata)
+				e_id = coff.decode_word(edata)
+				e_ptr = coff.decode_word(edata)
 				if not e_id.kind_of? Integer or not e_ptr.kind_of? Integer
 					puts 'W: COFF: relocs in the rsrc directory?' if $VERBOSE
@@ -213,10 +215,12 @@ class COFF
 					e.subdir_p = e_ptr & 0x7fff_ffff
 					if startptr + e.subdir_p >= edata.length
 						puts 'W: COFF: invalid resource structure: directory too far' if $VERBOSE
-					else
+					elsif maxdepth > 0
 						edata.ptr = startptr + e.subdir_p
 						e.subdir = ResourceDirectory.new
-						e.subdir.decode coff, edata, startptr
+						e.subdir.decode coff, edata, startptr, maxdepth-1
+					else
+						puts 'W: COFF: recursive resource section' if $VERBOSE
 					end
 				else
 					e.dataentry_p = e_ptr
@@ -244,7 +248,8 @@ class COFF
 			decode_tllv = lambda { |ed, state|
 				sptr = ed.ptr
-				len, vlen, type = coff.decode_half(ed), coff.decode_half(ed), coff.decode_half(ed)
+				len, vlen = coff.decode_half(ed), coff.decode_half(ed)
+				coff.decode_half(ed)	# type
 				tagname = ''
 				while c = coff.decode_half(ed) and c != 0
 					tagname << (c&255)
@@ -273,7 +278,7 @@ class COFF
 				when :str
 					val = ed.read(vlen*2).unpack('v*')
 					val.pop if val[-1] == 0
-					val = val.pack('C*') if val.all? { |c_| c_ > 0 and  c_ < 256 }
+					val = val.pack('C*') if val.all? { |c_| c_ > 0 and  c_ < 256 }
 					vers[tagname] = val
 				when :var
 					val = ed.read(vlen).unpack('V*')
@@ -426,8 +431,7 @@ class COFF
 	def sect_at_rva(rva)
 		return if not rva or rva <= 0
 		if sections and not @sections.empty?
-			valign = lambda { |l| EncodedData.align_size(l, @optheader.sect_align) }
-			if s = @sections.find { |s_| s_.virtaddr <= rva and s_.virtaddr + valign[s_.virtsize] > rva }
+			if s = @sections.find { |s_| s_.virtaddr <= rva and s_.virtaddr + EncodedData.align_size((s_.virtsize == 0 ? s_.rawsize : s_.virtsize), @optheader.sect_align) > rva }
 				s.encoded.ptr = rva - s.virtaddr
 				@cursection = s
 			elsif rva < @sections.map { |s_| s_.virtaddr }.min
@@ -479,7 +483,7 @@ class COFF
 	end
 	def each_section
-		if @header.size_opthdr == 0
+		if @header.size_opthdr == 0 and not @header.characteristics.include?('EXECUTABLE_IMAGE')
 			@sections.each { |s|
 				next if not s.encoded
 				l = new_label(s.name)
@@ -490,7 +494,9 @@ class COFF
 		end
 		base = @optheader.image_base
 		base = 0 if not base.kind_of? Integer
-		yield @encoded[0, @optheader.headers_size], base
+		sz = @optheader.headers_size
+		sz = EncodedData.align_size(@optheader.image_size, 4096) if @sections.empty?
+		yield @encoded[0, sz], base
 		@sections.each { |s| yield s.encoded, base + s.virtaddr }
 	end
@@ -566,8 +572,10 @@ class COFF
 	# decodes a section content (allows simpler LoadedPE override)
 	def decode_section_body(s)
 		raw = EncodedData.align_size(s.rawsize, @optheader.file_align)
-		virt = EncodedData.align_size(s.virtsize, @optheader.sect_align)
+		virt = s.virtsize
 		virt = raw = s.rawsize if @header.size_opthdr == 0
+		virt = raw if virt == 0
+		virt = EncodedData.align_size(virt, @optheader.sect_align)
 		s.encoded = @encoded[s.rawaddr, [raw, virt].min] || EncodedData.new
 		s.encoded.virtsize = virt
 	end
@@ -634,8 +642,13 @@ class COFF
 		if ct = @directory['certificate_table']
 			@certificates = []
 			@cursection = self
+			if ct[0] > @encoded.length or ct[1] > @encoded.length - ct[0]
+				puts "W: COFF: invalid certificate_table #{'0x%X+0x%0X' % ct}" if $VERBOSE
+				ct = [ct[0], 1]
+			end
 			@encoded.ptr = ct[0]
 			off_end = ct[0]+ct[1]
+			off_end = @encoded.length if off_end > @encoded.length
 			while @encoded.ptr < off_end
 				certlen = decode_word
 				certrev = decode_half
@@ -704,6 +717,25 @@ class COFF
 		end
 	end
+	def decode_reloc_amd64(r)
+		case r.type
+		when 'ABSOLUTE'
+		when 'HIGHLOW'
+			addr = decode_word
+			if s = sect_at_va(addr)
+				label = label_at(s.encoded, s.encoded.ptr, "xref_#{Expression[addr]}")
+				Metasm::Relocation.new(Expression[label], :u32, @endianness)
+			end
+		when 'DIR64'
+			addr = decode_xword
+			if s = sect_at_va(addr)
+				label = label_at(s.encoded, s.encoded.ptr, "xref_#{Expression[addr]}")
+				Metasm::Relocation.new(Expression[label], :u64, @endianness)
+			end
+		else puts "W: COFF: Unsupported amd64 relocation #{r.inspect}" if $VERBOSE
+		end
+	end
 	def decode_debug
 		if dd = @directory['debug'] and sect_at_rva(dd[0])
 			@debug = []
@@ -719,11 +751,11 @@ class COFF
 	def decode_tls
 		if @directory['tls_table'] and sect_at_rva(@directory['tls_table'][0])
 			@tls = TLSDirectory.decode(self)
-		       	if s = sect_at_va(@tls.callback_p)
+			if s = sect_at_va(@tls.callback_p)
 				s.encoded.add_export 'tls_callback_table'
 				@tls.callbacks.each_with_index { |cb, i|
 					@tls.callbacks[i] = curencoded.add_export "tls_callback_#{i}" if sect_at_rva(cb)
-			       	}
+				}
 			end
 		end
 	end
@@ -815,6 +847,7 @@ class COFFArchive
 			ar.encoded.ptr += 1 if @size & 1 == 1
 		end
+		# TODO XXX are those actually used ?
 		def decode_half ; @encoded.decode_imm(:u16, :big) end
 		def decode_word ; @encoded.decode_imm(:u32, :big) end