metasm 1.0.2 → 1.0.3

data/metasm/exe_format/elf_decode.rb

@@ -365,8 +365,7 @@ class ELF
 	# marks a symbol as @encoded.export (from s.value, using segments or sections)
 	def decode_symbol_export(s)
 		if s.name and s.shndx != 'UNDEF' and %w[NOTYPE OBJECT FUNC].include?(s.type)
-			if @header.type == 'REL'
-				sec = @sections[s.shndx]
+			if @header.type == 'REL' and s.shndx.kind_of?(::Integer) and sec = @sections[s.shndx]
 				o = sec.offset + s.value
 			elsif not o = addr_to_off(s.value)
 				# allow to point to end of segment

data/metasm/exe_format/elf_encode.rb

@@ -11,7 +11,7 @@ module Metasm
 class ELF
 	class Header
 		def set_default_values elf
-			@magic     ||= "\x7fELF"
+			@magic     ||= ELF::MAGIC
 			@e_class   ||= elf.bitsize.to_s
 			@data      ||= (elf.endianness == :big ? 'MSB' : 'LSB')
 			@version   ||= 'CURRENT'
@@ -62,6 +62,7 @@ class ELF
 			return if name_p and sne.data[@name_p, @name.length+1] == @name+0.chr
 			return if @name_p = sne.data.index(@name+0.chr)
 			@name_p = sne.virtsize
+			@name.force_encoding('BINARY') if name.respond_to?(:force_encoding)
 			sne << @name << 0
 		end
 	end
@@ -92,6 +93,7 @@ class ELF
 			return if name_p and s[@name_p, @name.length+1] == @name+0.chr
 			return if @name_p = s.index(@name+0.chr)
 			@name_p = strtab.length
+			@name.force_encoding('BINARY') if name.respond_to?(:force_encoding)
 			strtab << @name << 0
 		end
 	end
@@ -519,6 +521,7 @@ class ELF
 		add_str = lambda { |n|
 			if n and n != '' and not ret = strtab.encoded.data.index(n + 0.chr)
 				ret = strtab.encoded.virtsize
+				n.force_encoding('BINARY') if n.respond_to?(:force_encoding)
 				strtab.encoded << n << 0
 			end
 			ret || 0

data/metasm/exe_format/macho.rb

@@ -43,6 +43,8 @@ class MachO < ExeFormat
 			9 => '8600', 10 => '8650', 11 => '8800', 12 => 'UVAXIII',
 		},
 		'ROMP' => { 0 => 'ALL', 1 => 'PC', 2 => 'APC', 3 => '135',
+		},
+		'NS32032' => {	# same for NS*
 			0 => 'MMAX_ALL', 1 => 'MMAX_DPC', 2 => 'SQT',
 			3 => 'MMAX_APC_FPU', 4 => 'MMAX_APC_FPA', 5 => 'MMAX_XPC',
 		},
@@ -138,7 +140,11 @@ class MachO < ExeFormat
 	SEC_TYPE = {
 		0 => 'REGULAR', 1 => 'ZEROFILL', 2 => 'CSTRING_LITERALS', 3 => '4BYTE_LITERALS',
 		4 => '8BYTE_LITERALS', 5 => 'LITERAL_POINTERS', 6 => 'NON_LAZY_SYMBOL_POINTERS',
-		7 => 'LAZY_SYMBOL_POINTERS', 8 => 'SYMBOL_STUBS', 9 => 'MOD_INIT_FUNC_POINTERS'
+		7 => 'LAZY_SYMBOL_POINTERS', 8 => 'SYMBOL_STUBS', 9 => 'MOD_INIT_FUNC_POINTERS',
+		10 => 'MOD_TERM_FUNC_POINTERS', 11 => 'COALESCED', 12 => 'GB_ZEROFILL', 13 => 'INTERPOSING',
+		14 => '16BYTE_LITERALS', 15 => 'DTRACE_DOF', 16 => 'LAZY_DYLIB_SYMBOL_POINTERS',
+		17 => 'THREAD_LOCAL_REGULAR', 18 => 'THREAD_LOCAL_ZEROFILL', 19 => 'THREAD_LOCAL_VARIABLES',
+		20 => 'THREAD_LOCAL_VARIABLE_POINTERS', 21 => 'THREAD_LOCAL_INIT_FUNCTION_POINTERS'
 	}
 
 	class SerialStruct < Metasm::SerialStruct
@@ -628,22 +634,26 @@ class MachO < ExeFormat
 				when 'NON_LAZY_SYMBOL_POINTERS', 'LAZY_SYMBOL_POINTERS'
 					edata = seg.encoded
 					off = sec.offset - seg.fileoff
-					(sec.size / 4).times { |i|
+					(sec.size / sizeof_xword).times { |i|
 						sidx = indsymtab[sec.res1+i]
+						if not sidx
+							puts "W: osx: invalid symbol pointer index #{i} ?" if $VERBOSE
+							next
+						end
 						case IND_SYM_IDX[sidx]
 						when 'INDIRECT_SYMBOL_LOCAL' # base reloc: add delta from prefered image base
 							edata.ptr = off
-							addr = decode_word(edata)
+							addr = decode_xword(edata)
 							if s = segment_at(addr)
 								label = label_at(s.encoded, s.encoded.ptr, "xref_#{Expression[addr]}")
-								seg.encoded.reloc[off] = Metasm::Relocation.new(Expression[label], :u32, @endianness)
+								seg.encoded.reloc[off] = Metasm::Relocation.new(Expression[label], "u#@size".to_sym, @endianness)
 							end
 						when 'INDIRECT_SYMBOL_ABS'   # nothing
 						else
 							sym = @symbols[sidx]
-							seg.encoded.reloc[off] = Metasm::Relocation.new(Expression[sym.name], :u32, @endianness)
+							seg.encoded.reloc[off] = Metasm::Relocation.new(Expression[sym.name],"u#@size".to_sym, @endianness)
 						end
-						off += 4
+						off += sizeof_xword
 					}
 				when 'SYMBOL_STUBS'
 					# TODO next unless arch == 386 and sec.attrs & SELF_MODIFYING_CODE and sec.res2 == 5
@@ -653,6 +663,10 @@ class MachO < ExeFormat
 					off = sec.offset - seg.fileoff + 1
 					(sec.size / 5).times { |i|
 						sidx = indsymtab[sec.res1+i]
+						if not sidx
+							puts "W: osx: invalid symbol stub index #{i} ?" if $VERBOSE
+							next
+						end
 						case IND_SYM_IDX[sidx]
 						when 'INDIRECT_SYMBOL_LOCAL' # base reloc: add delta from prefered image base
 							edata.ptr = off

data/metasm/exe_format/pe.rb

@@ -330,7 +330,7 @@ EOS
 	# compute Mandiant "importhash"
 	def imphash
 		lst = []
-		@imports.each { |id|
+		@imports.to_a.each { |id|
 			ln = id.libname.downcase.sub(/.(dll|sys|ocx)$/, '')
 			id.imports.each { |i|
 				if not i.name and ordtable = WindowsExports::IMPORT_HASH[ln]

data/metasm/exe_format/serialstruct.rb

@@ -56,7 +56,7 @@ class << self
 
 	# a fixed-size memory chunk
 	def mem(name, len, defval='')
-		new_field(name, lambda { |exe, me| exe.curencoded.read(len) }, lambda { |exe, me, val| val[0, len].ljust(len, 0.chr) }, lambda { |exe, me| len }, defval)
+		new_field(name, lambda { |exe, me| exe.curencoded.read(len) }, lambda { |exe, me, val| d = val[0, len].ljust(len, 0.chr) ; d.force_encoding('BINARY') if d.respond_to?(:force_encoding) ; d }, lambda { |exe, me| len }, defval)
 	end
 	# a fixed-size string, 0-padded
 	def str(name, len, defval='')

data/metasm/gui.rb

@@ -6,7 +6,7 @@ backend = ENV['METASM_GUI'] || (
 			require 'gtk2'
 			'gtk'
 		rescue LoadError
-			raise LoadError, 'No GUI ruby binding installed - please install libgtk2-ruby'
+			raise LoadError, 'No GUI ruby binding installed - please install ruby-gtk2'
 		end
 	end
 )

data/metasm/gui/dasm_hex.rb

@@ -350,8 +350,8 @@ class HexWidget < DrawableWidget
 				else
 					case v = key
 					when ?0..?9; v -= ?0
-					when ?a..?f; v -= ?a-10
-					when ?A..?F; v -= ?A-10
+					when ?a..?f; v -= ?a - 10
+					when ?A..?F; v -= ?A - 10
 					else return false
 					end
 				end

data/metasm/gui/dasm_main.rb

@@ -946,11 +946,11 @@ class DasmWindow < Window
 		exe
 	end
 
-	def promptopen(caption='chose target binary', &b)
+	def promptopen(caption='choose target binary', &b)
 		openfile(caption) { |exename| loadfile(exename) ; b.call(self) if b }
 	end
 
-	def promptdebug(caption='chose target', &b)
+	def promptdebug(caption='choose target', &b)
 		l = nil
 		i = inputbox(caption) { |name|
 			i = nil ; l.destroy if l and not l.destroyed?
@@ -996,7 +996,7 @@ class DasmWindow < Window
 			@dasm_widget.dasm.save_file @savefile
 			return
 		end
-		openfile('chose save file') { |file|
+		savefile('choose save file') { |file|
 			@savefile = file
 			@dasm_widget.dasm.save_file(file)
 		}
@@ -1039,13 +1039,13 @@ class DasmWindow < Window
 
 		importmenu = new_menu
 		addsubmenu(importmenu, 'Load _map') {
-			openfile('chose map file') { |file|
+			openfile('choose map file') { |file|
 				@dasm_widget.dasm.load_map(File.read(file)) if @dasm_widget
 				@dasm_widget.gui_update if @dasm_widget
 			} if @dasm_widget
 		}
 		addsubmenu(importmenu, 'Load _C') {
-			openfile('chose C file') { |file|
+			openfile('choose C file') { |file|
 				@dasm_widget.dasm.parse_c(File.read(file)) if @dasm_widget
 			} if @dasm_widget
 		}
@@ -1053,21 +1053,21 @@ class DasmWindow < Window
 
 		exportmenu = new_menu
 		addsubmenu(exportmenu, 'Save _map') {
-			savefile('chose map file') { |file|
+			savefile('choose map file') { |file|
 				File.open(file, 'w') { |fd|
 					fd.puts @dasm_widget.dasm.save_map
 				} if @dasm_widget
 			} if @dasm_widget
 		}
 		addsubmenu(exportmenu, 'Save _asm') {
-			savefile('chose asm file') { |file|
+			savefile('choose asm file') { |file|
 				File.open(file, 'w') { |fd|
 					fd.puts @dasm_widget.dasm
 				} if @dasm_widget
 			} if @dasm_widget
 		}
 		addsubmenu(exportmenu, 'Save _C') {
-			savefile('chose C file') { |file|
+			savefile('choose C file') { |file|
 				File.open(file, 'w') { |fd|
 					fd.puts @dasm_widget.dasm.c_parser
 				} if @dasm_widget

data/metasm/gui/debug.rb

@@ -154,7 +154,7 @@ class DbgWidget < ContainerVBoxWidget
 		@children.each { |c| c.gui_update }
 	end
 
-	def prompt_attach(caption='chose target')
+	def prompt_attach(caption='choose target')
 		l = nil
 		i = inputbox(caption) { |name|
 			i = nil ; l.destroy if l and not l.destroyed?
@@ -184,7 +184,7 @@ class DbgWidget < ContainerVBoxWidget
 		} if not list_pr.empty?
 	end
 
-	def prompt_createprocess(caption='chose path')
+	def prompt_createprocess(caption='choose path')
 		openfile(caption) { |path|
 			path = '"' + path + '"' if @dbg.shortname == 'windbg' and path =~ /\s/
 			inputbox('target args?', :text => path) { |pa|
@@ -410,8 +410,8 @@ class DbgRegWidget < DrawableWidget
 				case v = key
 				when ?\x20; v = nil
 				when ?0..?9; v -= ?0
-				when ?a..?f; v -= ?a-10
-				when ?A..?F; v -= ?A-10
+				when ?a..?f; v -= ?a - 10
+				when ?A..?F; v -= ?A - 10
 				else return false
 				end
 			end

data/metasm/gui/gtk.rb

@@ -45,7 +45,7 @@ module Msgbox
 		InputBox.new(toplevel, *a) { |*ya| protect { yield(*ya) } }
 	end
 
-	# asks to chose a file to open, yields filename
+	# asks to choose a file to open, yields filename
 	# args: title, :path => path
 	def openfile(*a)
 		OpenFile.new(toplevel, *a) { |*ya| protect { yield(*ya) } }

data/metasm/gui/qt.rb

@@ -51,7 +51,7 @@ module Msgbox
 
 	@@dialogfilefolder = nil
 
-	# asks to chose a file to open, yields filename
+	# asks to choose a file to open, yields filename
 	# args: title, :path => path
 	def openfile(title, opts={})
 		f = Qt::FileDialog.get_open_file_name(nil, title, @@dialogfilefolder)
@@ -180,7 +180,7 @@ Standby OpenUrl LaunchMail LaunchMedia Launch0 Launch1 Launch2 Launch3 Launch4 L
 LaunchC LaunchD LaunchE LaunchF MediaLast unknown Call Context1 Context2 Context3 Context4 Flip Hangup No Select Yes
 Execute Printer Play Sleep Zoom Cancel
 	].inject({}) { |h, cst|
-		v = Qt.const_get("Key_#{cst}").to_i	# AONETUHANOTEUHATNOHEU Qt::Enum != Fixnum
+		v = Qt.const_get("Key_#{cst}").to_i	# AONETUHANOTEUHATNOHEU Qt::Enum != Integer
 		key = cst.downcase.to_sym
 		key = { :pageup => :pgup, :pagedown => :pgdown, :escape => :esc, :return => :enter }.fetch(key, key)
 		h.update v => key

data/metasm/gui/win32.rb

@@ -1401,7 +1401,7 @@ module Msgbox
 		InputBox.new(toplevel, *a) { |*ya| protect { yield(*ya) } }
 	end
 
-	# asks to chose a file to open, yields filename
+	# asks to choose a file to open, yields filename
 	# args: title, :path => path
 	def openfile(*a)
 		OpenFile.new(toplevel, *a) { |*ya| protect { yield(*ya) } }

data/metasm/main.rb

@@ -307,7 +307,7 @@ class ExeFormat
 	def new_label(base = '')
 		base = base.dup.tr('^a-zA-Z0-9_', '_')
 		# use %x instead of to_s(16) for negative values
-		base = (base << '_uuid' << ('%08x' % base.object_id)).freeze if base.empty? or @unique_labels_cache[base]
+		base = (base << '_uuid' << ('%08x' % (base.object_id & 0xffff_ffff_ffff_ffff))).freeze if base.empty? or @unique_labels_cache[base]
 		@unique_labels_cache[base] = true
 		base
 	end
@@ -892,7 +892,7 @@ class Expression < ExpressionType
 			if targ and vars[targ]
 				return false if exp != vars[targ]
 			elsif targ and vars.has_key? targ
-				return false if not vars[targ] = exp
+				vars[targ] = exp
 			elsif targ.kind_of? ExpressionType
 				return false if not exp.kind_of? ExpressionType or not exp.match_rec(targ, vars)
 			else
@@ -1002,8 +1002,11 @@ class EncodedData
 	attr_reader   :ptr	# custom writer
 	def ptr=(p) @ptr = @export[p] || p end
 
+	INITIAL_DATA = ''
+	INITIAL_DATA.force_encoding('BINARY') if INITIAL_DATA.respond_to?(:force_encoding)
+
 	# opts' keys in :reloc, :export, :virtsize, defaults to empty/empty/data.length
-	def initialize(data='', opts={})
+	def initialize(data=INITIAL_DATA.dup, opts={})
 		if data.respond_to?(:force_encoding) and data.encoding.name != 'ASCII-8BIT' and data.length > 0
 			puts "Forcing edata.data.encoding = BINARY at", caller if $DEBUG
 			data = data.dup.force_encoding('binary')
@@ -1128,11 +1131,11 @@ class EncodedData
 		((val + len - 1) / len).to_i * len
 	end
 
-	# concatenation of another +EncodedData+ (or nil/Fixnum/anything supporting String#<<)
+	# concatenation of another +EncodedData+ (or nil/Integer/anything supporting String#<<)
 	def <<(other)
 		case other
 		when nil
-		when ::Fixnum
+		when ::Integer
 			fill
 			@data = @data.to_str if not @data.kind_of? String
 			@data << other
@@ -1151,17 +1154,19 @@ class EncodedData
 				other.inv_export.each { |k, v| @inv_export[@virtsize + k] = v }
 			end
 			if @data.empty?; @data = other.data.dup
+			elsif other.empty?
 			elsif not @data.kind_of?(String); @data = @data.to_str << other.data
 			else @data << other.data
 			end
 			@virtsize += other.virtsize
 		else
 			fill
-			if other.respond_to?(:force_encoding) and other.encoding.name != 'ASCII-8BIT'
+			if other.respond_to?(:force_encoding) and other.encoding.name != 'ASCII-8BIT' and other.length > 0
 				puts "Forcing edata.data.encoding = BINARY at", caller if $DEBUG
 				other = other.dup.force_encoding('binary')
 			end
 			if @data.empty?; @data = other.dup
+			elsif other.empty?
 			elsif not @data.kind_of?(String); @data = @data.to_str << other
 			else @data << other
 			end

data/metasm/os/windows.rb

@@ -1232,22 +1232,31 @@ class WinOS < OS
 		end
 		attr_writer :debugger
 
-		# returns the memory address size of the target process
-		def addrsz
-			@addrsz ||= if WinAPI.respond_to?(:iswow64process)
+		# return 32 for 32bit process, 64 for 64bit process
+		# populates iswow64
+		def cpusz
+			@cpusz ||= (
 				byte = 0.chr*8
-				if WinAPI.iswow64process(handle, byte)
+				if WinAPI.respond_to?(:iswow64process) and WinAPI.iswow64process(handle, byte)
+					# os supports iswow64process, so target may be 64bits
 					if byte != 0.chr*8
-						32 # target = wow64
-					elsif WinAPI.iswow64process(WinAPI.getcurrentprocess, byte) and byte != 0.chr*8
-						64 # us = wow64, target is not
+						@iswow64 = true
+						32
 					else
+						@iswow64 = false
 						WinAPI.host_cpu.size
 					end
 				else
 					WinAPI.host_cpu.size
 				end
-			end
+			)
+		end
+		attr_accessor :iswow64
+
+		# returns the memory address size of the target process
+		# if the target is a wow64 process (32bit process under a 64bit os), return 64
+		def addrsz
+			@addrsz ||= ((cpusz == 32 and iswow64) ? 64 : cpusz)
 		end
 
 		def modules
@@ -1363,7 +1372,7 @@ class WinOS < OS
 
 		# increment the suspend count of the target thread - stop at >0
 		def suspend
-			if WinAPI.host_cpu.size == 64 and process and process.addrsz == 32
+			if WinAPI.host_cpu.size == 64 and process and process.iswow64
 				WinAPI.wow64suspendthread(handle)
 			else
 				WinAPI.suspendthread(handle)
@@ -1400,26 +1409,20 @@ class WinOS < OS
 		class Context
 			def initialize(thread, kind=:all)
 				@handle = thread.handle
-				tg = (thread.process ? thread.process.addrsz : 32)
-				hcpu = WinAPI.host_cpu.shortname
-				case hcpu
-				when 'ia32', 'x64'
-				else raise "unsupported architecture #{tg}"
-				end
-
+				tg = (thread.process ? thread.process.cpusz : 32)
 				@getcontext = :getthreadcontext
 				@setcontext = :setthreadcontext
-				case tg
-				when 32
+				if tg == 32
+					# XXX check CS under wow64 ?
 					@context = WinAPI.alloc_c_struct('_CONTEXT_I386')
-					@context.contextflags = WinAPI::CONTEXT_I386_ALL
-					if hcpu == 'x64'
+					@context.contextflags = WinAPI::CONTEXT_I386_ALL	# XXX kind ?
+					if WinAPI.host_cpu.shortname == 'x64' and thread.process and thread.process.iswow64
 						@getcontext = :wow64getthreadcontext
 						@setcontext = :wow64setthreadcontext
 					end
-				when 64
+				else
 					@context = WinAPI.alloc_c_struct('_CONTEXT_AMD64')
-					@context.contextflags = WinAPI::CONTEXT_AMD64_ALL
+					@context.contextflags = WinAPI::CONTEXT_AMD64_ALL	# XXX kind ?
 				end
 			end
 
@@ -1805,7 +1808,7 @@ class WinDebugger < Debugger
 		return if not @os_process
 		case WinAPI.host_cpu.shortname
 		when 'ia32', 'x64'
-			@cpu = Ia32.new(os_process.addrsz)
+			@cpu = Ia32.new(os_process.cpusz)
 		else
 			raise 'unsupported architecture'
 		end

data/misc/hexdump.rb

@@ -29,7 +29,7 @@ def hexdump(ctx={})
 			print s.unpack('C*').map { |b| '%02x' % b }.join(' ').ljust(3*16-1) + '  ' if fmt.include? 'c'
 			print s.unpack('v*').map { |b| '%04x' % b }.join(' ').ljust(5*8-1)  + '  ' if fmt.include? 'w'
 			print s.unpack('L*').map { |b| '%08x' % b }.join(' ').ljust(9*4-1)  + '  ' if fmt.include? 'd'
-			print s.tr("\0-\x1f\x7f-\xff", '.') if fmt.include? 'a'
+			print s.tr("\0-\x1f\x7f-\xff".force_encoding('BINARY'), '.') if fmt.include? 'a'
 			puts
 		elsif not ctx[:lastdup]
 			ctx[:lastdup] = true
@@ -50,7 +50,7 @@ if $0 == __FILE__
 	fmt << 'w' if ARGV.delete '-W'
 	fmt << 'd' if ARGV.delete '-D'
 	fmt << 'a' if ARGV.delete '-A'
-	fmt = ['c', 'd', 'a'] if ARGV.delete '-a'
+	fmt = ['c', 'd', 'a'] if ARGV.delete '-a' or fmt.empty?
 	infd = ARGV.empty? ? $stdin : File.open(ARGV.first, 'rb')
 	infd.hexdump(:fmt => fmt)
 end