RubyGems - metasm - Versions diffs - 1.0.1 → 1.0.2 - Mend

metasm 1.0.1 → 1.0.2

Files changed (235) hide show

checksums.yaml +7 -0
data/.gitignore +1 -0
data/.hgtags +3 -0
data/Gemfile +1 -0
data/INSTALL +61 -0
data/LICENCE +458 -0
data/README +29 -21
data/Rakefile +10 -0
data/TODO +10 -12
data/doc/code_organisation.txt +2 -0
data/doc/core/DynLdr.txt +247 -0
data/doc/core/ExeFormat.txt +43 -0
data/doc/core/Expression.txt +220 -0
data/doc/core/GNUExports.txt +27 -0
data/doc/core/Ia32.txt +236 -0
data/doc/core/SerialStruct.txt +108 -0
data/doc/core/VirtualString.txt +145 -0
data/doc/core/WindowsExports.txt +61 -0
data/doc/core/index.txt +1 -0
data/doc/style.css +6 -3
data/doc/usage/debugger.txt +327 -0
data/doc/usage/index.txt +1 -0
data/doc/use_cases.txt +2 -2
data/metasm.gemspec +22 -0
data/{lib/metasm.rb → metasm.rb} +11 -3
data/{lib/metasm → metasm}/compile_c.rb +13 -7
data/metasm/cpu/arc.rb +8 -0
data/metasm/cpu/arc/decode.rb +425 -0
data/metasm/cpu/arc/main.rb +191 -0
data/metasm/cpu/arc/opcodes.rb +588 -0
data/{lib/metasm → metasm/cpu}/arm.rb +7 -5
data/{lib/metasm → metasm/cpu}/arm/debug.rb +2 -2
data/{lib/metasm → metasm/cpu}/arm/decode.rb +13 -12
data/{lib/metasm → metasm/cpu}/arm/encode.rb +23 -8
data/{lib/metasm → metasm/cpu}/arm/main.rb +0 -3
data/metasm/cpu/arm/opcodes.rb +324 -0
data/{lib/metasm → metasm/cpu}/arm/parse.rb +25 -13
data/{lib/metasm → metasm/cpu}/arm/render.rb +2 -2
data/metasm/cpu/arm64.rb +15 -0
data/metasm/cpu/arm64/debug.rb +38 -0
data/metasm/cpu/arm64/decode.rb +289 -0
data/metasm/cpu/arm64/encode.rb +41 -0
data/metasm/cpu/arm64/main.rb +105 -0
data/metasm/cpu/arm64/opcodes.rb +232 -0
data/metasm/cpu/arm64/parse.rb +20 -0
data/metasm/cpu/arm64/render.rb +95 -0
data/{lib/metasm/ppc.rb → metasm/cpu/bpf.rb} +2 -4
data/metasm/cpu/bpf/decode.rb +142 -0
data/metasm/cpu/bpf/main.rb +60 -0
data/metasm/cpu/bpf/opcodes.rb +81 -0
data/metasm/cpu/bpf/render.rb +41 -0
data/metasm/cpu/cy16.rb +9 -0
data/metasm/cpu/cy16/decode.rb +253 -0
data/metasm/cpu/cy16/main.rb +63 -0
data/metasm/cpu/cy16/opcodes.rb +78 -0
data/metasm/cpu/cy16/render.rb +41 -0
data/metasm/cpu/dalvik.rb +11 -0
data/{lib/metasm → metasm/cpu}/dalvik/decode.rb +35 -13
data/{lib/metasm → metasm/cpu}/dalvik/main.rb +51 -2
data/{lib/metasm → metasm/cpu}/dalvik/opcodes.rb +19 -11
data/metasm/cpu/ia32.rb +17 -0
data/{lib/metasm → metasm/cpu}/ia32/compile_c.rb +5 -7
data/{lib/metasm → metasm/cpu}/ia32/debug.rb +5 -5
data/{lib/metasm → metasm/cpu}/ia32/decode.rb +246 -59
data/{lib/metasm → metasm/cpu}/ia32/decompile.rb +7 -7
data/{lib/metasm → metasm/cpu}/ia32/encode.rb +19 -13
data/{lib/metasm → metasm/cpu}/ia32/main.rb +51 -8
data/metasm/cpu/ia32/opcodes.rb +1424 -0
data/{lib/metasm → metasm/cpu}/ia32/parse.rb +47 -16
data/{lib/metasm → metasm/cpu}/ia32/render.rb +31 -4
data/metasm/cpu/mips.rb +14 -0
data/{lib/metasm → metasm/cpu}/mips/compile_c.rb +1 -1
data/metasm/cpu/mips/debug.rb +42 -0
data/{lib/metasm → metasm/cpu}/mips/decode.rb +46 -16
data/{lib/metasm → metasm/cpu}/mips/encode.rb +4 -3
data/{lib/metasm → metasm/cpu}/mips/main.rb +11 -4
data/{lib/metasm → metasm/cpu}/mips/opcodes.rb +86 -17
data/{lib/metasm → metasm/cpu}/mips/parse.rb +1 -1
data/{lib/metasm → metasm/cpu}/mips/render.rb +1 -1
data/{lib/metasm/dalvik.rb → metasm/cpu/msp430.rb} +1 -1
data/metasm/cpu/msp430/decode.rb +247 -0
data/metasm/cpu/msp430/main.rb +62 -0
data/metasm/cpu/msp430/opcodes.rb +101 -0
data/{lib/metasm → metasm/cpu}/pic16c/decode.rb +6 -7
data/{lib/metasm → metasm/cpu}/pic16c/main.rb +0 -0
data/{lib/metasm → metasm/cpu}/pic16c/opcodes.rb +1 -1
data/{lib/metasm/mips.rb → metasm/cpu/ppc.rb} +4 -4
data/{lib/metasm → metasm/cpu}/ppc/decode.rb +18 -12
data/{lib/metasm → metasm/cpu}/ppc/decompile.rb +3 -3
data/{lib/metasm → metasm/cpu}/ppc/encode.rb +2 -2
data/{lib/metasm → metasm/cpu}/ppc/main.rb +17 -12
data/{lib/metasm → metasm/cpu}/ppc/opcodes.rb +11 -5
data/metasm/cpu/ppc/parse.rb +55 -0
data/metasm/cpu/python.rb +8 -0
data/metasm/cpu/python/decode.rb +136 -0
data/metasm/cpu/python/main.rb +36 -0
data/metasm/cpu/python/opcodes.rb +180 -0
data/{lib/metasm → metasm/cpu}/sh4.rb +1 -1
data/{lib/metasm → metasm/cpu}/sh4/decode.rb +48 -17
data/{lib/metasm → metasm/cpu}/sh4/main.rb +13 -4
data/{lib/metasm → metasm/cpu}/sh4/opcodes.rb +7 -8
data/metasm/cpu/x86_64.rb +15 -0
data/{lib/metasm → metasm/cpu}/x86_64/compile_c.rb +28 -17
data/{lib/metasm → metasm/cpu}/x86_64/debug.rb +4 -4
data/{lib/metasm → metasm/cpu}/x86_64/decode.rb +57 -15
data/{lib/metasm → metasm/cpu}/x86_64/encode.rb +55 -26
data/{lib/metasm → metasm/cpu}/x86_64/main.rb +14 -6
data/metasm/cpu/x86_64/opcodes.rb +136 -0
data/{lib/metasm → metasm/cpu}/x86_64/parse.rb +10 -2
data/metasm/cpu/x86_64/render.rb +35 -0
data/metasm/cpu/z80.rb +9 -0
data/metasm/cpu/z80/decode.rb +313 -0
data/metasm/cpu/z80/main.rb +67 -0
data/metasm/cpu/z80/opcodes.rb +224 -0
data/metasm/cpu/z80/render.rb +59 -0
data/{lib/metasm/os/main.rb → metasm/debug.rb} +160 -401
data/{lib/metasm → metasm}/decode.rb +35 -4
data/{lib/metasm → metasm}/decompile.rb +15 -16
data/{lib/metasm → metasm}/disassemble.rb +201 -45
data/{lib/metasm → metasm}/disassemble_api.rb +651 -87
data/{lib/metasm → metasm}/dynldr.rb +220 -133
data/{lib/metasm → metasm}/encode.rb +10 -1
data/{lib/metasm → metasm}/exe_format/a_out.rb +9 -6
data/{lib/metasm → metasm}/exe_format/autoexe.rb +1 -0
data/{lib/metasm → metasm}/exe_format/bflt.rb +57 -27
data/{lib/metasm → metasm}/exe_format/coff.rb +11 -3
data/{lib/metasm → metasm}/exe_format/coff_decode.rb +53 -20
data/{lib/metasm → metasm}/exe_format/coff_encode.rb +11 -13
data/{lib/metasm → metasm}/exe_format/dex.rb +13 -5
data/{lib/metasm → metasm}/exe_format/dol.rb +1 -0
data/{lib/metasm → metasm}/exe_format/elf.rb +93 -57
data/{lib/metasm → metasm}/exe_format/elf_decode.rb +143 -34
data/{lib/metasm → metasm}/exe_format/elf_encode.rb +122 -31
data/metasm/exe_format/gb.rb +65 -0
data/metasm/exe_format/javaclass.rb +424 -0
data/{lib/metasm → metasm}/exe_format/macho.rb +204 -16
data/{lib/metasm → metasm}/exe_format/main.rb +26 -3
data/{lib/metasm → metasm}/exe_format/mz.rb +1 -0
data/{lib/metasm → metasm}/exe_format/nds.rb +7 -4
data/{lib/metasm → metasm}/exe_format/pe.rb +71 -8
data/metasm/exe_format/pyc.rb +167 -0
data/{lib/metasm → metasm}/exe_format/serialstruct.rb +67 -14
data/{lib/metasm → metasm}/exe_format/shellcode.rb +7 -3
data/metasm/exe_format/shellcode_rwx.rb +114 -0
data/metasm/exe_format/swf.rb +205 -0
data/{lib/metasm → metasm}/exe_format/xcoff.rb +7 -7
data/metasm/exe_format/zip.rb +335 -0
data/metasm/gui.rb +13 -0
data/{lib/metasm → metasm}/gui/cstruct.rb +35 -41
data/{lib/metasm → metasm}/gui/dasm_coverage.rb +11 -11
data/{lib/metasm → metasm}/gui/dasm_decomp.rb +7 -20
data/{lib/metasm → metasm}/gui/dasm_funcgraph.rb +0 -0
data/metasm/gui/dasm_graph.rb +1695 -0
data/{lib/metasm → metasm}/gui/dasm_hex.rb +12 -8
data/{lib/metasm → metasm}/gui/dasm_listing.rb +43 -28
data/{lib/metasm → metasm}/gui/dasm_main.rb +310 -53
data/{lib/metasm → metasm}/gui/dasm_opcodes.rb +5 -19
data/{lib/metasm → metasm}/gui/debug.rb +93 -27
data/{lib/metasm → metasm}/gui/gtk.rb +162 -40
data/{lib/metasm → metasm}/gui/qt.rb +12 -2
data/{lib/metasm → metasm}/gui/win32.rb +179 -42
data/{lib/metasm → metasm}/gui/x11.rb +59 -59
data/{lib/metasm → metasm}/main.rb +389 -264
data/{lib/metasm/os/remote.rb → metasm/os/gdbremote.rb} +146 -54
data/{lib/metasm → metasm}/os/gnu_exports.rb +1 -1
data/{lib/metasm → metasm}/os/linux.rb +628 -151
data/metasm/os/main.rb +330 -0
data/{lib/metasm → metasm}/os/windows.rb +132 -42
data/{lib/metasm → metasm}/os/windows_exports.rb +141 -0
data/{lib/metasm → metasm}/parse.rb +26 -24
data/{lib/metasm → metasm}/parse_c.rb +221 -116
data/{lib/metasm → metasm}/preprocessor.rb +55 -40
data/{lib/metasm → metasm}/render.rb +14 -38
data/misc/hexdump.rb +2 -1
data/misc/lint.rb +58 -0
data/misc/txt2html.rb +9 -7
data/samples/bindiff.rb +3 -4
data/samples/dasm-plugins/bindiff.rb +15 -0
data/samples/dasm-plugins/bookmark.rb +133 -0
data/samples/dasm-plugins/c_constants.rb +57 -0
data/samples/dasm-plugins/colortheme_solarized.rb +125 -0
data/samples/dasm-plugins/cppobj_funcall.rb +60 -0
data/samples/dasm-plugins/dasm_all.rb +70 -0
data/samples/dasm-plugins/demangle_cpp.rb +31 -0
data/samples/dasm-plugins/deobfuscate.rb +251 -0
data/samples/dasm-plugins/dump_text.rb +35 -0
data/samples/dasm-plugins/export_graph_svg.rb +86 -0
data/samples/dasm-plugins/findgadget.rb +75 -0
data/samples/dasm-plugins/hl_opcode.rb +32 -0
data/samples/dasm-plugins/hotfix_gtk_dbg.rb +19 -0
data/samples/dasm-plugins/imm2off.rb +34 -0
data/samples/dasm-plugins/match_libsigs.rb +93 -0
data/samples/dasm-plugins/patch_file.rb +95 -0
data/samples/dasm-plugins/scanfuncstart.rb +36 -0
data/samples/dasm-plugins/scanxrefs.rb +26 -0
data/samples/dasm-plugins/selfmodify.rb +197 -0
data/samples/dasm-plugins/stringsxrefs.rb +28 -0
data/samples/dasmnavig.rb +1 -1
data/samples/dbg-apihook.rb +24 -9
data/samples/dbg-plugins/heapscan.rb +283 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_lin.c +155 -0
data/samples/dbg-plugins/heapscan/compiled_heapscan_win.c +128 -0
data/samples/dbg-plugins/heapscan/graphheap.rb +616 -0
data/samples/dbg-plugins/heapscan/heapscan.rb +709 -0
data/samples/dbg-plugins/heapscan/winheap.h +174 -0
data/samples/dbg-plugins/heapscan/winheap7.h +307 -0
data/samples/dbg-plugins/trace_func.rb +214 -0
data/samples/disassemble-gui.rb +35 -5
data/samples/disassemble.rb +31 -6
data/samples/dump_upx.rb +24 -12
data/samples/dynamic_ruby.rb +12 -3
data/samples/exeencode.rb +6 -5
data/samples/factorize-headers-peimports.rb +1 -1
data/samples/lindebug.rb +175 -381
data/samples/metasm-shell.rb +1 -2
data/samples/peldr.rb +2 -2
data/tests/all.rb +1 -1
data/tests/arc.rb +26 -0
data/tests/dynldr.rb +22 -4
data/tests/expression.rb +55 -0
data/tests/graph_layout.rb +285 -0
data/tests/ia32.rb +79 -26
data/tests/mips.rb +9 -2
data/tests/x86_64.rb +66 -18
metadata +330 -218
data/lib/metasm/arm/opcodes.rb +0 -177
data/lib/metasm/gui.rb +0 -23
data/lib/metasm/gui/dasm_graph.rb +0 -1354
data/lib/metasm/ia32.rb +0 -14
data/lib/metasm/ia32/opcodes.rb +0 -873
data/lib/metasm/ppc/parse.rb +0 -52
data/lib/metasm/x86_64.rb +0 -12
data/lib/metasm/x86_64/opcodes.rb +0 -118
data/samples/gdbclient.rb +0 -583
data/samples/rubstop.rb +0 -399

data/{lib/metasm → metasm}/encode.rb RENAMED

@@ -271,7 +271,16 @@ class Expression
 	def encode(type, endianness, backtrace=nil)
 		case val = reduce
 		when Integer; EncodedData.new Expression.encode_imm(val, type, endianness, backtrace)
-		else          EncodedData.new([0].pack('C')*(INT_SIZE[type]/8), :reloc => {0 => Relocation.new(self, type, endianness, backtrace)})
+		else
+			str = case INT_SIZE[type]
+			      when  8; "\0"
+			      when 16; "\0\0"
+			      when 32; "\0\0\0\0"
+			      when 64; "\0\0\0\0\0\0\0\0"
+			      else [0].pack('C')*(INT_SIZE[type]/8)
+			      end
+			str = str.force_encoding('BINARY') if str.respond_to?(:force_encoding)
+			EncodedData.new(str, :reloc => {0 => Relocation.new(self, type, endianness, backtrace)})
 		end
 	end

data/{lib/metasm → metasm}/exe_format/a_out.rb RENAMED

@@ -58,7 +58,7 @@ class AOut < ExeFormat
 	class Relocation < SerialStruct
 		word :address
 		bitfield :word, 0 => :symbolnum, 24 => :pcrel, 25 => :length,
- 			27 => :extern, 28 => :baserel, 29 => :jmptable, 30 => :relative, 31 => :rtcopy
+			27 => :extern, 28 => :baserel, 29 => :jmptable, 30 => :relative, 31 => :rtcopy
 		fld_enum :length, 0 => 1, 1 => 2, 2 => 4, 3 => 8
 		fld_default :length, 4
 	end
@@ -68,7 +68,7 @@ class AOut < ExeFormat
 		bitfield :byte, 0 => :extern, 1 => :type, 5 => :stab
 		byte :other
 		half :desc
- 		word :value
+		word :value
 		attr_accessor :name
 		def decode(aout, strings=nil)
@@ -93,6 +93,9 @@ class AOut < ExeFormat
 	def encode_byte(w) Expression[w].encode(:u8 , @endianness) end
 	def encode_half(w) Expression[w].encode(:u16, @endianness) end
 	def encode_word(w) Expression[w].encode(:u32, @endianness) end
+	def sizeof_byte ; 1 ; end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
 	def initialize(cpu = nil)
 		@endianness = cpu ? cpu.endianness : :little
@@ -119,11 +122,11 @@ class AOut < ExeFormat
 		@data = EncodedData.new << @encoded.read(@header.data)
-		textrel = @encoded.read @header.trsz
-		datarel = @encoded.read @header.drsz
-		syms    = @encoded.read @header.syms
-		strings = @encoded.read
 		# TODO
+		#textrel = @encoded.read @header.trsz
+		#datarel = @encoded.read @header.drsz
+		#syms    = @encoded.read @header.syms
+		#strings = @encoded.read
 	end
 	def encode

data/{lib/metasm → metasm}/exe_format/autoexe.rb RENAMED

@@ -58,6 +58,7 @@ register_signature("\xca\xfe\xba\xbe") { UniversalBinary }
 register_signature("dex\n") { DEX }
 register_signature("dey\n") { DEY }
 register_signature("\xfa\x70\x0e\x1f") { FatELF }
+register_signature("\x50\x4b\x03\x04") { ZIP }
 register_signature('Metasm.dasm') { Disassembler }
 # replacement for AutoExe where #load defaults to a Shellcode of the specified CPU

data/{lib/metasm → metasm}/exe_format/bflt.rb RENAMED

@@ -9,6 +9,7 @@ require 'metasm/decode'
 module Metasm
 # BFLT is the binary flat format used by the uClinux
+# from examining a v4 binary, it looks like the header is discarded and the file is mapped from 0x40 to memory address 0 (wrt relocations)
 class Bflt < ExeFormat
 	MAGIC = 'bFLT'
 	FLAGS = { 1 => 'RAM', 2 => 'GOTPIC', 4 => 'GZIP' }
@@ -29,13 +30,20 @@ class Bflt < ExeFormat
 			when MAGIC
 			else raise InvalidExeFormat, "Bad bFLT signature #@magic"
 			end
+			if @rev >= 0x01000000 and (@rev & 0x00f0ffff) == 0
+				puts "Bflt: probable wrong endianness, retrying" if $VERBOSE
+				exe.endianness = { :big => :little, :little => :big }[exe.endianness]
+				exe.encoded.ptr -= 4*16
+				super(exe)
+			end
 		end
 		def set_default_values(exe)
 			@magic ||= MAGIC
 			@rev ||= 4
 			@entry ||= 0x40
-			@data_start ||= @entry + exe.text.length if exe.text
+			@data_start ||= 0x40 + exe.text.length if exe.text
 			@data_end ||= @data_start + exe.data.data.length if exe.data
 			@bss_end ||= @data_start + exe.data.length if exe.data
 			@stack_size ||= 0x1000
@@ -49,7 +57,9 @@ class Bflt < ExeFormat
 	def decode_word(edata = @encoded) edata.decode_imm(:u32, @endianness) end
 	def encode_word(w) Expression[w].encode(:u32, @endianness) end
+	def sizeof_word ; 4 ; end
+	attr_accessor :endianness
 	def initialize(cpu = nil)
 		@endianness = cpu ? cpu.endianness : :little
 		@header = Header.new
@@ -61,17 +71,17 @@ class Bflt < ExeFormat
 	def decode_header
 		@encoded.ptr = 0
 		@header.decode(self)
+		@encoded.add_export(new_label('entrypoint'), @header.entry)
 	end
 	def decode
 		decode_header
-		@encoded.ptr = @header.entry
-		@text = EncodedData.new << @encoded.read(@header.data_start - @header.entry)
-		@data = EncodedData.new << @encoded.read(@header.data_end - @header.data_start)
-		@data.virtsize += (@header.bss_end - @header.data_end)
+		@text = @encoded[0x40...@header.data_start]
+		@data = @encoded[@header.data_start...@header.data_end]
+		@data.virtsize += @header.bss_end - @header.data_end
-		if @header.flags.include? 'GZIP'
+		if @header.flags.include?('GZIP')
 			# TODO gzip
 			raise 'bFLT decoder: gzip format not supported'
 		end
@@ -79,7 +89,7 @@ class Bflt < ExeFormat
 		@reloc = []
 		@encoded.ptr = @header.reloc_start
 		@header.reloc_count.times { @reloc << decode_word }
-		if @header.version == 2
+		if @header.rev == 2
 			@reloc.map! { |r| r & 0x3fff_ffff }
 		end
@@ -87,32 +97,29 @@ class Bflt < ExeFormat
 	end
 	def decode_interpret_relocs
+		textsz = @header.data_start-0x40
 		@reloc.each { |r|
 			# where the reloc is
-			if r >= @header.entry and r < @header.data_start
+			if r < textsz
 				section = @text
-				base = @header.entry
-			elsif r >= @header.data_start and r < @header.data_end
-				section = @data
-				base = @header.data_start
+				off = section.ptr = r
 			else
-				puts "out of bounds reloc at #{Expression[r]}" if $VERBOSE
-				next
+				section = @data
+				off = section.ptr = r-textsz
 			end
 			# what it points to
-			section.ptr = r-base
 			target = decode_word(section)
-			if target >= @header.entry and target < @header.data_start
-				target = label_at(@text, target - @header.entry, "xref_#{Expression[target]}")
-			elsif target >= @header.data_start and target < @header.bss_end
-				target = label_at(@data, target - @header.data_start, "xref_#{Expression[target]}")
+			if target < textsz
+				target = label_at(@text, target, "xref_#{Expression[target]}")
+			elsif target < @header.bss_end-0x40
+				target = label_at(@data, target-textsz, "xref_#{Expression[target]}")
 			else
-				puts "out of bounds reloc target at #{Expression[r]}" if $VERBOSE
+				puts "out of bounds reloc target #{Expression[target]} at #{Expression[r]}" if $VERBOSE
 				next
 			end
-			@text.reloc[r-base] = Relocation.new(Expression[target], :u32, @endianness)
+			section.reloc[off] = Relocation.new(Expression[target], :u32, @endianness)
 		}
 	end
@@ -127,8 +134,8 @@ class Bflt < ExeFormat
 		@encoded = EncodedData.new
 		@encoded << @header.encode(self)
-		binding = @text.binding(@header.entry).merge(@data.binding(@header.data_start))
+		binding = @text.binding(0x40).merge(@data.binding(@header.data_start))
 		@encoded << @text << @data.data
 		@encoded.fixup! binding
 		@encoded.reloc.clear
@@ -143,7 +150,7 @@ class Bflt < ExeFormat
 		mapaddr = new_label('mapaddr')
 		binding = @text.binding(mapaddr).merge(@data.binding(mapaddr))
 		[@text, @data].each { |section|
-			base = @header.entry || 0x40
+			base = 0x40	# XXX maybe 0 ?
 			base = @header.data_start || base+@text.length if section == @data
 			section.reloc.each { |o, r|
 				if r.endianness == @endianness and [:u32, :a32, :i32].include? r.type and
@@ -167,7 +174,16 @@ class Bflt < ExeFormat
 		case instr.raw.downcase
 		when '.text'; @cursource = @textsrc
 		when '.data'; @cursource = @datasrc
-		# entrypoint is the 1st byte of .text
+		when '.entrypoint'
+			# ".entrypoint <somelabel/expression>" or ".entrypoint" (here)
+			@lexer.skip_space
+			if tok = @lexer.nexttok and tok.type == :string
+				raise instr if not entrypoint = Expression.parse(@lexer)
+			else
+				entrypoint = new_label('entrypoint')
+				@cursource << Label.new(entrypoint, instr.backtrace.dup)
+			end
+			@header.entry = entrypoint
 		else super(instr)
 		end
 	end
@@ -181,9 +197,23 @@ class Bflt < ExeFormat
 		self
 	end
+	def get_default_entrypoints
+		['entrypoint']
+	end
 	def each_section
-		yield @text, @header.entry
-		yield @data, @header.data_start
+		yield @text, 0
+		yield @data, @header.data_start - @header.entry
+	end
+	def section_info
+		[['.text', 0, @text.length, 'rx'],
+		 ['.data', @header.data_addr-0x40, @data.data.length, 'rw'],
+		 ['.bss',  @header.data_end-0x40,  @data.length-@data.data.length, 'rw']]
+	end
+	def module_symbols
+		['entrypoint', @header.entry-0x40]
 	end
 end
 end

data/{lib/metasm → metasm}/exe_format/coff.rb RENAMED

@@ -81,7 +81,7 @@ class COFF < ExeFormat
 		11 => 'UNION_MEMBER', 12 => 'UNION_TAG', 13 => 'TYPEDEF', 14 => 'UNDEF_STATIC',
 		15 => 'ENUM_TAG', 16 => 'ENUM_MEMBER', 17 => 'REG_PARAM', 18 => 'BIT_FIELD',
 		100 => 'BLOCK', 101 => 'FUNCTION', 102 => 'END_STRUCT',
-	       	103 => 'FILE', 104 => 'SECTION', 105 => 'WEAK_EXT',
+		103 => 'FILE', 104 => 'SECTION', 105 => 'WEAK_EXT',
 	}
 	DEBUG_TYPE = { 0 => 'UNKNOWN', 1 => 'COFF', 2 => 'CODEVIEW', 3 => 'FPO', 4 => 'MISC',
@@ -140,7 +140,7 @@ class COFF < ExeFormat
 		bytes :link_ver_maj, :link_ver_min
 		words :code_size, :data_size, :udata_size, :entrypoint, :base_of_code
 		# base_of_data does not exist in 64-bit
-		new_field(:base_of_data, lambda { |exe, hdr| exe.decode_word if exe.bitsize != 64 }, lambda { |exe, hdr, val| exe.encode_word(val) if exe.bitsize != 64 }, 0)
+		new_field(:base_of_data, lambda { |exe, hdr| exe.decode_word if exe.bitsize != 64 }, lambda { |exe, hdr, val| exe.encode_word(val) if exe.bitsize != 64 }, lambda { |exe, hdr| exe.bitsize != 64 ? 4 : 0 }, 0)
 		# NT-specific fields
 		xword :image_base
 		words :sect_align, :file_align
@@ -264,7 +264,7 @@ class COFF < ExeFormat
 	class TLSDirectory < SerialStruct
 		xwords :start_va, :end_va, :index_addr, :callback_p
- 		words :zerofill_sz, :characteristics
+		words :zerofill_sz, :characteristics
 		attr_accessor :callbacks
 	end
@@ -413,6 +413,11 @@ class COFF < ExeFormat
 	end
 	def shortname; 'coff'; end
+	def sizeof_byte ; 1 ; end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
+	def sizeof_xword ; @bitsize == 32 ? 4 : 8 ; end
 end
 # the COFF archive file format
@@ -448,6 +453,9 @@ class COFFArchive < ExeFormat
 	def member(name)
 		@members.find { |m| m.name == name }
 	end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
 end
 end

data/{lib/metasm → metasm}/exe_format/coff_decode.rb RENAMED

@@ -17,13 +17,15 @@ class COFF
 		# decodes a COFF optional header from coff.cursection
 		# also decodes directories in coff.directory
 		def decode(coff)
-			return set_default_values(coff) if coff.header.size_opthdr == 0
+			return set_default_values(coff) if coff.header.size_opthdr == 0 and not coff.header.characteristics.include?('EXECUTABLE_IMAGE')
+			off = coff.curencoded.ptr
 			super(coff)
+			nrva = (coff.header.size_opthdr - (coff.curencoded.ptr - off)) / 8
+			nrva = @numrva if nrva < 0
-			nrva = @numrva
-			if @numrva > DIRECTORIES.length
-				puts "W: COFF: Invalid directories count #{@numrva}" if $VERBOSE
-				nrva = DIRECTORIES.length
+			if nrva > DIRECTORIES.length or nrva != @numrva
+				puts "W: COFF: Weird directories count #{@numrva}" if $VERBOSE
+				nrva = DIRECTORIES.length if nrva > DIRECTORIES.length
 			end
 			coff.directory = {}
@@ -171,17 +173,17 @@ class COFF
 	end
 	class ResourceDirectory
-		def decode(coff, edata = coff.curencoded, startptr = edata.ptr)
+		def decode(coff, edata = coff.curencoded, startptr = edata.ptr, maxdepth=3)
 			super(coff, edata)
 			@entries = []
 			nrnames = @nr_names if $DEBUG
 			(@nr_names+@nr_id).times {
- 				e = Entry.new
+				e = Entry.new
- 				e_id = coff.decode_word(edata)
- 				e_ptr = coff.decode_word(edata)
+				e_id = coff.decode_word(edata)
+				e_ptr = coff.decode_word(edata)
 				if not e_id.kind_of? Integer or not e_ptr.kind_of? Integer
 					puts 'W: COFF: relocs in the rsrc directory?' if $VERBOSE
@@ -213,10 +215,12 @@ class COFF
 					e.subdir_p = e_ptr & 0x7fff_ffff
 					if startptr + e.subdir_p >= edata.length
 						puts 'W: COFF: invalid resource structure: directory too far' if $VERBOSE
-					else
+					elsif maxdepth > 0
 						edata.ptr = startptr + e.subdir_p
 						e.subdir = ResourceDirectory.new
-						e.subdir.decode coff, edata, startptr
+						e.subdir.decode coff, edata, startptr, maxdepth-1
+					else
+						puts 'W: COFF: recursive resource section' if $VERBOSE
 					end
 				else
 					e.dataentry_p = e_ptr
@@ -244,7 +248,8 @@ class COFF
 			decode_tllv = lambda { |ed, state|
 				sptr = ed.ptr
-				len, vlen, type = coff.decode_half(ed), coff.decode_half(ed), coff.decode_half(ed)
+				len, vlen = coff.decode_half(ed), coff.decode_half(ed)
+				coff.decode_half(ed)	# type
 				tagname = ''
 				while c = coff.decode_half(ed) and c != 0
 					tagname << (c&255)
@@ -273,7 +278,7 @@ class COFF
 				when :str
 					val = ed.read(vlen*2).unpack('v*')
 					val.pop if val[-1] == 0
-					val = val.pack('C*') if val.all? { |c_| c_ > 0 and  c_ < 256 }
+					val = val.pack('C*') if val.all? { |c_| c_ > 0 and  c_ < 256 }
 					vers[tagname] = val
 				when :var
 					val = ed.read(vlen).unpack('V*')
@@ -426,8 +431,7 @@ class COFF
 	def sect_at_rva(rva)
 		return if not rva or rva <= 0
 		if sections and not @sections.empty?
-			valign = lambda { |l| EncodedData.align_size(l, @optheader.sect_align) }
-			if s = @sections.find { |s_| s_.virtaddr <= rva and s_.virtaddr + valign[s_.virtsize] > rva }
+			if s = @sections.find { |s_| s_.virtaddr <= rva and s_.virtaddr + EncodedData.align_size((s_.virtsize == 0 ? s_.rawsize : s_.virtsize), @optheader.sect_align) > rva }
 				s.encoded.ptr = rva - s.virtaddr
 				@cursection = s
 			elsif rva < @sections.map { |s_| s_.virtaddr }.min
@@ -479,7 +483,7 @@ class COFF
 	end
 	def each_section
-		if @header.size_opthdr == 0
+		if @header.size_opthdr == 0 and not @header.characteristics.include?('EXECUTABLE_IMAGE')
 			@sections.each { |s|
 				next if not s.encoded
 				l = new_label(s.name)
@@ -490,7 +494,9 @@ class COFF
 		end
 		base = @optheader.image_base
 		base = 0 if not base.kind_of? Integer
-		yield @encoded[0, @optheader.headers_size], base
+		sz = @optheader.headers_size
+		sz = EncodedData.align_size(@optheader.image_size, 4096) if @sections.empty?
+		yield @encoded[0, sz], base
 		@sections.each { |s| yield s.encoded, base + s.virtaddr }
 	end
@@ -566,8 +572,10 @@ class COFF
 	# decodes a section content (allows simpler LoadedPE override)
 	def decode_section_body(s)
 		raw = EncodedData.align_size(s.rawsize, @optheader.file_align)
-		virt = EncodedData.align_size(s.virtsize, @optheader.sect_align)
+		virt = s.virtsize
 		virt = raw = s.rawsize if @header.size_opthdr == 0
+		virt = raw if virt == 0
+		virt = EncodedData.align_size(virt, @optheader.sect_align)
 		s.encoded = @encoded[s.rawaddr, [raw, virt].min] || EncodedData.new
 		s.encoded.virtsize = virt
 	end
@@ -634,8 +642,13 @@ class COFF
 		if ct = @directory['certificate_table']
 			@certificates = []
 			@cursection = self
+			if ct[0] > @encoded.length or ct[1] > @encoded.length - ct[0]
+				puts "W: COFF: invalid certificate_table #{'0x%X+0x%0X' % ct}" if $VERBOSE
+				ct = [ct[0], 1]
+			end
 			@encoded.ptr = ct[0]
 			off_end = ct[0]+ct[1]
+			off_end = @encoded.length if off_end > @encoded.length
 			while @encoded.ptr < off_end
 				certlen = decode_word
 				certrev = decode_half
@@ -704,6 +717,25 @@ class COFF
 		end
 	end
+	def decode_reloc_amd64(r)
+		case r.type
+		when 'ABSOLUTE'
+		when 'HIGHLOW'
+			addr = decode_word
+			if s = sect_at_va(addr)
+				label = label_at(s.encoded, s.encoded.ptr, "xref_#{Expression[addr]}")
+				Metasm::Relocation.new(Expression[label], :u32, @endianness)
+			end
+		when 'DIR64'
+			addr = decode_xword
+			if s = sect_at_va(addr)
+				label = label_at(s.encoded, s.encoded.ptr, "xref_#{Expression[addr]}")
+				Metasm::Relocation.new(Expression[label], :u64, @endianness)
+			end
+		else puts "W: COFF: Unsupported amd64 relocation #{r.inspect}" if $VERBOSE
+		end
+	end
 	def decode_debug
 		if dd = @directory['debug'] and sect_at_rva(dd[0])
 			@debug = []
@@ -719,11 +751,11 @@ class COFF
 	def decode_tls
 		if @directory['tls_table'] and sect_at_rva(@directory['tls_table'][0])
 			@tls = TLSDirectory.decode(self)
-		       	if s = sect_at_va(@tls.callback_p)
+			if s = sect_at_va(@tls.callback_p)
 				s.encoded.add_export 'tls_callback_table'
 				@tls.callbacks.each_with_index { |cb, i|
 					@tls.callbacks[i] = curencoded.add_export "tls_callback_#{i}" if sect_at_rva(cb)
-			       	}
+				}
 			end
 		end
 	end
@@ -815,6 +847,7 @@ class COFFArchive
 			ar.encoded.ptr += 1 if @size & 1 == 1
 		end
+		# TODO XXX are those actually used ?
 		def decode_half ; @encoded.decode_imm(:u16, :big) end
 		def decode_word ; @encoded.decode_imm(:u32, :big) end