metasm 1.0.1 → 1.0.2

data/{lib/metasm → metasm}/exe_format/shellcode.rb

@@ -69,11 +69,11 @@ class Shellcode < ExeFormat
 		parse(*a) if not a.empty?
 		@encoded << assemble_sequence(@source, @cpu)
 		@source.clear
-		encode
+		self
 	end
 
 	def encode(binding={})
-		@encoded.fixup! binding
+		@encoded.fixup! binding if binding.kind_of? Hash
 		@encoded.fixup @encoded.binding(@base_addr)
 		@encoded.fill @encoded.rawsize
 		self
@@ -107,7 +107,11 @@ class Shellcode < ExeFormat
 	# returns a virtual subclass of Shellcode whose cpu_from_headers will return cpu
 	def self.withcpu(cpu)
 		c = Class.new(self)
-		c.send(:define_method, :cpu_from_headers) { cpu }
+		c.send(:define_method, :cpu_from_headers) {
+			cpu = Metasm.const_get(cpu) if cpu.kind_of?(::String)
+			cpu = cpu.new if cpu.kind_of?(::Class) and cpu.ancestors.include?(CPU)
+			cpu
+		}
 		c
 	end
 end

data/metasm/exe_format/shellcode_rwx.rb

@@ -0,0 +1,114 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+
+require 'metasm/exe_format/main'
+
+module Metasm
+# Similar to Shellcode, with distinct sections per memory permission (R / RW / RX)
+# encoding-side only
+class Shellcode_RWX < ExeFormat
+	# the array of source elements (Instr/Data etc)
+	attr_accessor :source_r, :source_w, :source_x
+	# base address per section
+	attr_accessor :base_r, :base_w, :base_x
+	# encodeddata
+	attr_accessor :encoded_r, :encoded_w, :encoded_x
+
+	def initialize(cpu=nil)
+		@base_r = @base_w = @base_x = nil
+		@encoded_r = EncodedData.new
+		@encoded_w = EncodedData.new
+		@encoded_x = EncodedData.new
+
+		super(cpu)
+	end
+
+	def parse_init
+		@source_r = []
+		@source_w = []
+		@source_x = []
+		@cursource = @source_x
+		super()
+	end
+
+	# allows definition of the base address
+	def parse_parser_instruction(instr)
+		case instr.raw.downcase
+		when '.base', '.baseaddr', '.base_addr'
+			# ".base_addr <expression>"
+			# expression should #reduce to integer
+			@lexer.skip_space
+			raise instr, 'syntax error' if not base = Expression.parse(@lexer).reduce
+			raise instr, 'syntax error' if tok = @lexer.nexttok and tok.type != :eol
+			if @cursource.equal?(@source_r)
+				@base_r = base
+			elsif @cursource.equal?(@source_w)
+				@base_w = base
+			elsif @cursource.equal?(@source_x)
+				@base_x = base
+			else raise instr, "Where am I ?"
+			end
+		when '.rdata', '.rodata'
+			@cursource = @source_r
+		when '.data', '.bss'
+			@cursource = @source_w
+		when '.text'
+			@cursource = @source_x
+		else super(instr)
+		end
+	end
+
+	# encodes the source found in self.source
+	# appends it to self.encoded
+	# clears self.source
+	# the optional parameter may contain a binding used to fixup! self.encoded
+	# uses self.base_addr if it exists
+	def assemble(*a)
+		parse(*a) if not a.empty?
+		@encoded_r << assemble_sequence(@source_r, @cpu); @source_r.clear
+		@encoded_w << assemble_sequence(@source_w, @cpu); @source_w.clear
+		@encoded_x << assemble_sequence(@source_x, @cpu); @source_x.clear
+		self
+	end
+
+	def encode(binding={})
+		bd = {}
+		bd.update @encoded_r.binding(@base_r)
+		bd.update @encoded_w.binding(@base_w)
+		bd.update @encoded_x.binding(@base_x)
+		bd.update binding if binding.kind_of?(Hash)
+		@encoded_r.fixup bd
+		@encoded_w.fixup bd
+		@encoded_x.fixup bd
+		self
+	end
+	alias fixup encode
+
+	# resolve inter-section xrefs, raise if unresolved relocations remain
+	# call this when you have assembled+allocated memory for every section
+	def fixup_check(base_r=nil, base_w=nil, base_x=nil, bd={})
+		if base_r.kind_of?(Hash)
+			bd = base_r
+			base_r = nil
+		end
+		@base_r = base_r if base_r
+		@base_w = base_w if base_w
+		@base_x = base_x if base_x
+		fixup bd
+		ed = EncodedData.new << @encoded_r << @encoded_w << @encoded_x
+		raise ["Unresolved relocations:", ed.reloc.map { |o, r| "#{r.target} " + (Backtrace.backtrace_str(r.backtrace) if r.backtrace).to_s }].join("\n") if not ed.reloc.empty?
+		self
+	end
+
+	def encode_string(*a)
+		encode(*a)
+		ed = EncodedData.new << @encoded_r << @encoded_w << @encoded_x
+		ed.fixup(ed.binding)
+		raise ["Unresolved relocations:", ed.reloc.map { |o, r| "#{r.target} " + (Backtrace.backtrace_str(r.backtrace) if r.backtrace).to_s }].join("\n") if not ed.reloc.empty?
+		ed.data
+	end
+end
+end

data/metasm/exe_format/swf.rb

@@ -0,0 +1,205 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+require 'metasm/exe_format/main'
+require 'metasm/encode'
+require 'metasm/decode'
+begin
+	require 'zlib'
+rescue LoadError
+end
+
+module Metasm
+class SWF < ExeFormat
+	attr_accessor :signature, :version, :header, :chunks
+
+	CHUNK_TYPE = {
+		0 => 'End', 1 => 'ShowFrame', 2 => 'DefineShape', 3 => 'FreeCharacter',
+		4 => 'PlaceObject', 5 => 'RemoveObject', 6 => 'DefineBits', 7 => 'DefineButton',
+		8 => 'JPEGTables', 9 => 'SetBackgroundColor', 10 => 'DefineFont', 11 => 'DefineText',
+		12 => 'DoAction', 13 => 'DefineFontInfo', 14 => 'DefineSound', 15 => 'StartSound',
+		16 => 'StopSound', 17 => 'DefineButtonSound', 18 => 'SoundStreamHead', 19 => 'SoundStreamBlock',
+		20 => 'DefineBitsLossless', 21 => 'DefineBitsJPEG2', 22 => 'DefineShape2', 23 => 'DefineButtonCxform',
+		24 => 'Protect', 25 => 'PathsArePostScript', 26 => 'PlaceObject2',
+		28 => 'RemoveObject2', 29 => 'SyncFrame', 31 => 'FreeAll',
+		32 => 'DefineShape3', 33 => 'DefineText2', 34 => 'DefineButton2', 35 => 'DefineBitsJPEG3',
+		36 => 'DefineBitsLossless2', 37 => 'DefineEditText', 38 => 'DefineVideo', 39 => 'DefineSprite',
+		40 => 'NameCharacter', 41 => 'ProductInfo', 42 => 'DefineTextFormat', 43 => 'FrameLabel',
+		44 => 'DefineBehavior', 45 => 'SoundStreamHead2', 46 => 'DefineMorphShape', 47 => 'FrameTag',
+		48 => 'DefineFont2', 49 => 'GenCommand', 50 => 'DefineCommandObj', 51 => 'CharacterSet',
+		52 => 'FontRef', 53 => 'DefineFunction', 54 => 'PlaceFunction', 55 => 'GenTagObject',
+		56 => 'ExportAssets', 57 => 'ImportAssets', 58 => 'EnableDebugger', 59 => 'DoInitAction',
+		60 => 'DefineVideoStream', 61 => 'VideoFrame', 62 => 'DefineFontInfo2', 63 => 'DebugID',
+		64 => 'EnableDebugger2', 65 => 'ScriptLimits', 66 => 'SetTabIndex', 67 => 'DefineShape4',
+		68 => 'DefineMorphShape2', 69 => 'FileAttributes', 70 => 'PlaceObject3', 71 => 'ImportAssets2',
+		72 => 'DoABC', 76 => 'SymbolClass', 82 => 'DoABC2',
+	}
+
+	class SerialStruct < Metasm::SerialStruct
+		new_int_field :u8, :u16, :u32, :f16, :f32
+	end
+
+	class Rectangle < SerialStruct
+		virtual :nbits, :xmin, :xmax, :ymin, :ymax
+
+		def decode(swf)
+			byte = swf.decode_u8
+			bleft = 3
+			@nbits = byte >> bleft
+			@xmin, @xmax, @ymin, @ymax = (0..3).map {
+				nb = @nbits
+				v = 0
+				while nb > bleft
+					nb -= bleft
+					v |= (byte & ((1<<bleft)-1)) << nb
+
+					bleft = 8
+					byte = swf.decode_u8
+				end
+				v |= (byte >> (bleft-nb)) & ((1<<nb)-1)
+				bleft -= nb
+
+				Expression.make_signed(v, @nbits)
+			}
+		end
+
+		def set_default_values(swf)
+			@xmin ||= 0
+			@xmax ||= 31
+			@ymin ||= 0
+			@ymax ||= 31
+			@nbits = (0..30).find { |nb|
+				[@xmin, @xmax, @ymin, @ymax].all? { |v|
+					if nb == 0
+						v == 0
+					elsif v >= 0
+						# reserve sign bit
+						(v >> (nb-1)) == 0
+					else
+						(v >> nb) == -1
+					end
+				} } || 31
+		end
+
+		def encode(swf)
+			ed = super(swf)
+
+			byte = @nbits << 3
+			bleft = 3
+			[@xmin, @xmax, @ymin, @ymax].each { |v|
+				nb = @nbits
+				while nb > bleft
+					byte |= (v >> (nb-bleft)) & ((1<<bleft)-1)
+					nb -= bleft
+
+					ed << byte
+					byte = 0
+					bleft = 8
+				end
+				byte |= (v & ((1<<nb)-1)) << (bleft-nb)
+				bleft -= nb
+			}
+			ed << byte if bleft < 8
+
+			ed
+		end
+	end
+
+	class Header < SerialStruct
+		virtual :view
+		u16 :framerate	# XXX bigendian...
+		u16 :framecount
+
+		def bswap_framerate(swf)
+			@framerate = ((@framerate >> 8) & 0xff) | ((@framerate & 0xff) << 8) if swf.endianness == :little
+		end
+
+		def decode(swf)
+			@view = Rectangle.decode(swf)
+			super(swf)
+			bswap_framerate(swf)
+		end
+
+		def encode(swf)
+			ed = @view.encode(swf)
+			bswap_framerate(swf)
+			ed << super(swf)
+			bswap_framerate(swf)
+			ed
+		end
+	end
+
+	class Chunk < SerialStruct
+		bitfield :u16, 0 => :length_, 6 => :tag
+		fld_enum :tag, CHUNK_TYPE
+		attr_accessor :data
+
+		def decode(swf)
+			super(swf)
+			@length = (@length_ == 0x3f ? swf.decode_u32 : @length_)
+			@data = swf.encoded.read(@length)
+		end
+
+		def set_default_values(swf)
+			@length = @data.length
+			@length_ = [@length, 0x3f].min
+		end
+
+		def encode(swf)
+			super(swf) <<
+			(swf.encode_u32(@length) if @length >= 0x3f) <<
+			@data
+		end
+	end
+
+	def decode_u8( edata=@encoded) edata.decode_imm(:u8,  @endianness) end
+	def decode_u16(edata=@encoded) edata.decode_imm(:u16, @endianness) end
+	def decode_u32(edata=@encoded) edata.decode_imm(:u32, @endianness) end
+	def decode_f16(edata=@encoded) edata.decode_imm(:i16, @endianness)/256.0 end
+	def decode_f32(edata=@encoded) edata.decode_imm(:i32, @endianness)/65536.0 end
+	def encode_u8(w)  Expression[w].encode(:u8,  @endianness) end
+	def encode_u16(w) Expression[w].encode(:u16, @endianness) end
+	def encode_u32(w) Expression[w].encode(:u32, @endianness) end
+	def encode_f16(w) Expression[(w*256).to_i].encode(:u16, @endianness) end
+	def encode_f32(w) Expression[(w*65536).to_i].encode(:u32, @endianness) end
+	def sizeof_u8 ; 1 ; end
+	def sizeof_u16 ; 2 ; end
+	def sizeof_u32 ; 4 ; end
+	def sizeof_f16 ; 2 ; end
+	def sizeof_f32 ; 4 ; end
+
+	attr_accessor :endianness
+	def initialize(cpu = nil)
+		@endianness = :little
+		@header = Header.new
+		@chunks = []
+		super(cpu)
+	end
+
+	def decode_header
+		@signature = @encoded.read(3)
+		@version = decode_u8
+		@data_length = decode_u32
+		case @signature
+		when 'FWS'
+		when 'CWS'
+			# data_length = uncompressed data length
+			data = @encoded.read(@encoded.length-8)
+			data = Zlib::Inflate.inflate(data)
+			@encoded = EncodedData.new(data)
+		else raise InvalidExeFormat, "Bad signature #{@signature.inspect}"
+		end
+		@data_length = [@data_length, @encoded.length].min
+		@header = Header.decode(self)
+	end
+
+	def decode
+		decode_header
+		while @encoded.ptr < @data_length
+			@chunks << Chunk.decode(self)
+		end
+	end
+end
+end

data/{lib/metasm → metasm}/exe_format/xcoff.rb

@@ -51,7 +51,7 @@ class XCoff < ExeFormat
 			@nsec   ||= xcoff.sections.size
 			@symptr ||= xcoff.symbols ? xcoff.new_label('symptr') : 0
 			@nsym   ||= xcoff.symbols ? xcoff.symbols.length : 0
-			@opthdr ||= xcoff.optheader ? OptHeader.size(xcoff) : 0
+			@opthdr ||= xcoff.optheader ? xcoff.optheader.sizeof(xcoff) : 0
 			super(xcoff)
 		end
 	end
@@ -61,13 +61,9 @@ class XCoff < ExeFormat
 		xwords :tsize, :dsize, :bsize, :entry, :text_start, :data_start, :toc
 		halfs :snentry, :sntext, :sndata, :sntoc, :snloader, :snbss, :aligntext, :aligndata, :modtype, :cpu
 		xwords :maxstack, :maxdata
-		new_field(:res, lambda { |exe, me| exe.encoded.read(exe.intsize == 32 ? 8 : 120) }, lambda { |exe, me, val| val }, '')
+		new_field(:res, lambda { |exe, me| exe.encoded.read(exe.intsize == 32 ? 8 : 120) }, lambda { |exe, me, val| val }, lambda { |exe, me| exe.intsize == 32 ? 8 : 120 }, '')
 
 
-		def self.size(xcoff)
-			xcoff.intsize == 32 ? 2*2+7*4+10*2+2*4+2+8 : 2*2+7*8+10*2+2*8+2+120
-		end
-
 		def set_default_values(xcoff)
 			@vstamp  ||= 1
 			@snentry ||= 1
@@ -99,12 +95,16 @@ class XCoff < ExeFormat
 	# basic immediates decoding functions
 	def decode_half( edata = @encoded) edata.decode_imm(:u16, @endianness) end
 	def decode_word( edata = @encoded) edata.decode_imm(:u32, @endianness) end
-	def decode_xhalf(edata = @encoded) edata.edoced_imm((@intsize == 32 ? :u16 : :u32), @endianness) end
+	def decode_xhalf(edata = @encoded) edata.decode_imm((@intsize == 32 ? :u16 : :u32), @endianness) end
 	def decode_xword(edata = @encoded) edata.decode_imm((@intsize == 32 ? :u32 : :u64), @endianness) end
 	def encode_half(w)  Expression[w].encode(:u16, @endianness) end
 	def encode_word(w)  Expression[w].encode(:u32, @endianness) end
 	def encode_xhalf(w) Expression[w].encode((@intsize == 32 ? :u16 : :u32), @endianness) end
 	def encode_xword(w) Expression[w].encode((@intsize == 32 ? :u32 : :u64), @endianness) end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
+	def sizeof_xhalf ; @intsize == 32 ? 2 : 4 ; end
+	def sizeof_xword ; @intsize == 32 ? 4 : 8 ; end
 
 
 	attr_accessor :header, :segments, :relocs, :intsize, :endianness

data/metasm/exe_format/zip.rb

@@ -0,0 +1,335 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+
+require 'metasm/exe_format/main'
+require 'metasm/encode'
+require 'metasm/decode'
+begin
+	require 'zlib'
+rescue LoadError
+end
+
+# generic ZIP file, may be an APK or JAR
+# supports only a trivial subset of the whole ZIP specification
+#  single file archive
+#  deflate or no compression
+#  no encryption
+#  32bit offsets/sizes
+
+module Metasm
+class ZIP < ExeFormat
+	MAGIC_LOCALHEADER = 0x04034b50
+	COMPRESSION_METHOD = { 0 => 'NONE', 1 => 'SHRUNK', 2 => 'REDUCE1', 3 => 'REDUCE2',
+		4 => 'REDUCE3', 5 => 'REDUCE4', 6 => 'IMPLODE', 7 => 'TOKENIZED',
+		8 => 'DEFLATE', 9 => 'DEFLATE64', 10 => 'OLDTERSE', 12 => 'BZIP2', 14 => 'LZMA',
+		18 => 'TERSE', 19 => 'LZ77', 97 => 'WAVPACK', 98 => 'PPMD' }
+
+	# zip file format:
+	#
+	# [local header 1]
+	# compressed data 1
+	#
+	# [local header 2]
+	# compressed data 2
+	#
+	# [central header 1]
+	# [central header 2]
+	#
+	# [end of central directory]
+
+	class LocalHeader < SerialStruct
+		word :signature, MAGIC_LOCALHEADER
+		half :verneed, 10
+		half :flags	# bit 3 => has data descriptor following the compressed data
+		half :compress_method, 0, COMPRESSION_METHOD
+		halfs :mtime, :mdate
+		word :crc32
+		words :compressed_sz, :uncompressed_sz
+		halfs :fname_len, :extra_len
+		attr_accessor :fname, :extra
+		attr_accessor :compressed_off
+
+		def decode(zip)
+			super(zip)
+			raise "Invalid ZIP signature #{@signature.to_s(16)}" if @signature != MAGIC_LOCALHEADER
+			@fname = zip.encoded.read(@fname_len) if @fname_len > 0
+			@extra = zip.encoded.read(@extra_len) if @extra_len > 0
+			@compressed_off = zip.encoded.ptr
+		end
+
+		def set_default_values(zip)
+			@fname_len = fname ? @fname.length : 0
+			@extra_len = extra ? @extra.length : 0
+			super(zip)
+		end
+
+		def encode(zip)
+			ed = super(zip)
+			ed << fname << extra
+		end
+
+		# return a new LocalHeader with all fields copied from a CentralHeader
+		def self.from_central(f)
+			l = new
+			l.verneed = f.verneed
+			l.flags = f.flags
+			l.compress_method = f.compress_method
+			l.mtime = f.mtime
+			l.mdate = f.mdate
+			l.crc32 = f.crc32
+			l.compressed_sz = f.compressed_sz
+			l.uncompressed_sz = f.uncompressed_sz
+			l.fname = f.fname
+			l.extra = f.extra
+			l
+		end
+	end
+
+	MAGIC_CENTRALHEADER = 0x02014b50
+	class CentralHeader < SerialStruct
+		word :signature, MAGIC_CENTRALHEADER
+		half :vermade, 10
+		half :verneed, 10
+		half :flags
+		half :compress_method, 0, COMPRESSION_METHOD
+		halfs :mtime, :mdate
+		word :crc32
+		words :compressed_sz, :uncompressed_sz
+		halfs :fname_len, :extra_len, :comment_len
+		half :disk_nr
+		half :file_attr_intern
+		word :file_attr_extern
+		word :localhdr_off
+		attr_accessor :fname, :extra, :comment
+		attr_accessor :data
+
+		def decode(zip)
+			super(zip)
+			raise "Invalid ZIP signature #{@signature.to_s(16)}" if @signature != MAGIC_CENTRALHEADER
+			@fname = zip.encoded.read(@fname_len) if @fname_len > 0
+			@extra = zip.encoded.read(@extra_len) if @extra_len > 0
+			@comment = zip.encoded.read(@comment_len) if @comment_len > 0
+		end
+
+		def set_default_values(zip)
+			@fname_len = fname ? @fname.length : 0
+			@extra_len = extra ? @extra.length : 0
+			@comment_len = comment ? @comment.length : 0
+			super(zip)
+		end
+
+		def encode(zip)
+			ed = super(zip)
+			ed << fname << extra << comment
+		end
+
+		# reads the raw file data from the archive
+		def file_data(zip)
+			return @data if data
+
+			zip.encoded.ptr = @localhdr_off
+			LocalHeader.decode(zip)
+			raw = zip.encoded.read(@compressed_sz)
+			@data = case @compress_method
+			when 'NONE'
+				raw
+			when 'DEFLATE'
+				z = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+				z.inflate(raw)
+			else
+				raise "Unsupported zip compress method #@compress_method"
+			end
+		end
+
+		def zlib_deflate(data, level=Zlib::DEFAULT_COMPRESSION)
+			z = Zlib::Deflate.new(level, -Zlib::MAX_WBITS)
+			z.deflate(data) + z.finish
+		end
+
+		# encode the data, fixup related fields
+		def encode_data(zip)
+			data = file_data(zip)
+			@compress_method = 'NONE' if data == ''
+
+			@crc32 = Zlib.crc32(data)
+			@uncompressed_sz = data.length
+
+			case compress_method
+			when 'NONE'
+			when 'DEFLATE'
+				data = zlib_deflate(data)
+			when nil
+				# autodetect compression method
+				# compress if we win more than 10% space
+				cdata = zlib_deflate(data)
+				ratio = cdata.length * 100 / data.length
+				if ratio < 90
+					@compress_method = 'DEFLATE'
+					data = cdata
+				else
+					@compress_method = 'NONE'
+				end
+			end
+
+			@compressed_sz = data.length
+
+			data
+		end
+	end
+
+	MAGIC_ENDCENTRALDIRECTORY = 0x06054b50
+	class EndCentralDirectory < SerialStruct
+		word :signature, MAGIC_ENDCENTRALDIRECTORY
+		halfs :disk_nr, :disk_centraldir, :entries_nr_thisdisk, :entries_nr
+		word :directory_sz
+		word :directory_off
+		half :comment_len
+		attr_accessor :comment
+
+		def decode(zip)
+			super(zip)
+			raise "Invalid ZIP end signature #{@signature.to_s(16)}" if @signature != MAGIC_ENDCENTRALDIRECTORY
+			@comment = zip.encoded.read(@comment_len) if @comment_len > 0
+		end
+
+		def set_default_values(zip)
+			@entries_nr_thisdisk = zip.files.length
+			@entries_nr = zip.files.length
+			@comment_len = comment ? @comment.length : 0
+			super(zip)
+		end
+
+		def encode(zip)
+			ed = super(zip)
+			ed << comment
+		end
+	end
+
+	def decode_half(edata=@encoded) edata.decode_imm(:u16, @endianness) end
+	def decode_word(edata=@encoded) edata.decode_imm(:u32, @endianness) end
+	def encode_half(w) Expression[w].encode(:u16, @endianness) end
+	def encode_word(w) Expression[w].encode(:u32, @endianness) end
+	def sizeof_half ; 2 ; end
+	def sizeof_word ; 4 ; end
+
+	attr_accessor :files, :header
+
+	def initialize(cpu = nil)
+		@endianness = :little
+		@header = EndCentralDirectory.new
+		@files = []
+		super(cpu)
+	end
+
+	# scan and decode the 'end of central directory' header
+	def decode_header
+		if not @encoded.ptr = @encoded.data.rindex([MAGIC_ENDCENTRALDIRECTORY].pack('V'))
+			raise "ZIP: no end of central directory record"
+		end
+		@header = EndCentralDirectory.decode(self)
+	end
+
+	# read the whole central directory file descriptors
+	def decode
+		decode_header
+		@encoded.ptr = @header.directory_off
+		while @encoded.ptr < @header.directory_off + @header.directory_sz
+			@files << CentralHeader.decode(self)
+		end
+	end
+
+	# checks if a given file name exists in the archive
+	# returns the CentralHeader or nil
+	# case-insensitive if lcase is false
+	def has_file(fname, lcase=true)
+		decode if @files.empty?
+		if lcase
+			@files.find { |f| f.fname == fname }
+		else
+			fname = fname.downcase
+			@files.find { |f| f.fname.downcase == fname }
+		end
+	end
+
+	# returns the uncompressed raw file content from a given name
+	# nil if name not found
+	# case-insensitive if lcase is false
+	def file_data(fname, lcase=true)
+		if f = has_file(fname, lcase)
+			f.file_data(self)
+		end
+	end
+
+	# add a new file to the zip archive
+	def add_file(fname, data, compress=:auto)
+		f = CentralHeader.new
+
+		case compress
+		when 'NONE', false; f.compress_method = 'NONE'
+		when 'DEFLATE', true; f.compress_method = 'DEFLATE'
+		end
+
+		f.fname = fname
+		f.data = data
+
+		@files << f
+		f
+	end
+
+	# create a new zip file
+	def encode
+		edata = EncodedData.new
+		central_dir = EncodedData.new
+
+		@files.each { |f|
+			encode_entry(f, edata, central_dir)
+		}
+
+		@header.directory_off = edata.length
+		@header.directory_sz  = central_dir.length
+
+		edata << central_dir << @header.encode(self)
+
+		@encoded = edata
+	end
+
+	# add one file to the zip stream
+	def encode_entry(f, edata, central_dir)
+		f.localhdr_off = edata.length
+
+		# may autodetect compression method
+		raw = f.encode_data(self)
+
+		zipalign(f, edata)
+
+		central_dir << f.encode(self)	# calls f.set_default_values
+
+		l = LocalHeader.from_central(f)
+		edata << l.encode(self)
+
+		edata << raw
+	end
+
+	# zipalign: ensure uncompressed data starts on a 4-aligned offset
+	def zipalign(f, edata)
+		if f.compress_method == 'NONE' and not f.extra
+			o = (edata.length + f.fname.length + 2) & 3
+			f.extra = " "*(4-o) if o > 0
+		end
+
+	end
+
+	# when called as AutoExe, try to find a meaningful exefmt
+	def self.autoexe_load(bin)
+		z = decode(bin)
+		if dex = z.file_data('classes.dex')
+			puts "ZIP: APK file, loading 'classes.dex'" if $VERBOSE
+			AutoExe.load(dex)
+		else
+			z
+		end
+	end
+end
+end