RubyGems - rallhook - Versions diffs - 0.7.5 → 0.8.0 - Mend

rallhook 0.7.5 → 0.8.0

Files changed (30) hide show

data/AUTHORS +2 -0
data/CHANGELOG +2 -0
data/README +0 -2
data/Rakefile +1 -1
data/TODO +0 -1
data/ext/rallhook_base/deps/distorm/config.h +170 -0
data/ext/rallhook_base/deps/distorm/distorm.h +401 -0
data/ext/rallhook_base/deps/distorm/mnemonics.c +258 -0
data/ext/rallhook_base/deps/distorm/mnemonics.h +200 -0
data/ext/rallhook_base/deps/distorm/src/decoder.c +548 -0
data/ext/rallhook_base/deps/distorm/src/decoder.h +18 -0
data/ext/rallhook_base/deps/distorm/src/distorm.c +375 -0
data/ext/rallhook_base/deps/distorm/src/instructions.c +490 -0
data/ext/rallhook_base/deps/distorm/src/instructions.h +445 -0
data/ext/rallhook_base/deps/distorm/src/insts.c +4851 -0
data/ext/rallhook_base/deps/distorm/src/insts.h +36 -0
data/ext/rallhook_base/deps/distorm/src/operands.c +1270 -0
data/ext/rallhook_base/deps/distorm/src/operands.h +38 -0
data/ext/rallhook_base/deps/distorm/src/prefix.c +380 -0
data/ext/rallhook_base/deps/distorm/src/prefix.h +76 -0
data/ext/rallhook_base/deps/distorm/src/pydistorm.h +62 -0
data/ext/rallhook_base/deps/distorm/src/textdefs.c +180 -0
data/ext/rallhook_base/deps/distorm/src/textdefs.h +68 -0
data/ext/rallhook_base/deps/distorm/src/wstring.c +55 -0
data/ext/rallhook_base/deps/distorm/src/wstring.h +43 -0
data/ext/rallhook_base/deps/distorm/src/x86defs.c +41 -0
data/ext/rallhook_base/deps/distorm/src/x86defs.h +105 -0
data/ext/rallhook_base/extconf.rb +15 -20
data/ext/rallhook_base/rallhook.c +20 -8
metadata +27 -5

data/ext/rallhook_base/deps/distorm/src/x86defs.h ADDED

@@ -0,0 +1,105 @@
+/*
+x86defs.h
+diStorm3 - Powerful disassembler for X86/AMD64
+http://ragestorm.net/distorm/
+distorm at gmail dot com
+Copyright (C) 2010  Gil Dabah
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>
+*/
+#ifndef X86DEFS_H
+#define X86DEFS_H
+#include "../config.h"
+#include "instructions.h"
+#define SEG_REGS_MAX (6)
+#define CREGS_MAX (9)
+#define DREGS_MAX (8)
+/* Maximum instruction size, including prefixes */
+#define INST_MAXIMUM_SIZE (15)
+/* Maximum range of imm8 (comparison type) of special SSE instructions. */
+#define INST_CMP_MAX_RANGE (8)
+/* Wait instruction byte code. */
+#define INST_WAIT_INDEX (0x9b)
+/* Lea instruction byte code. */
+#define INST_LEA_INDEX (0x8d)
+/*
+ * Minimal MODR/M value of divided instructions.
+ * It's 0xc0, two MSBs set, which indicates a general purpose register is used too.
+ */
+#define INST_DIVIDED_MODRM (0xc0)
+/* This is the escape byte value used for 3DNow! instructions. */
+#define _3DNOW_ESCAPE_BYTE (0x0f)
+#define PREFIX_LOCK (0xf0)
+#define PREFIX_REPNZ (0xf2)
+#define PREFIX_REP (0xf3)
+#define PREFIX_CS (0x2e)
+#define PREFIX_SS (0x36)
+#define PREFIX_DS (0x3e)
+#define PREFIX_ES (0x26)
+#define PREFIX_FS (0x64)
+#define PREFIX_GS (0x65)
+#define PREFIX_OP_SIZE (0x66)
+#define PREFIX_ADDR_SIZE (0x67)
+#define PREFIX_VEX2b (0xc5)
+#define PREFIX_VEX3b (0xc4)
+/* REX prefix value range, 64 bits mode decoding only. */
+#define PREFIX_REX_LOW (0x40)
+#define PREFIX_REX_HI (0x4f)
+/* In order to use the extended GPR's we have to add 8 to the Modr/M info values. */
+#define EX_GPR_BASE (8)
+/* Mask for REX and VEX features: */
+/* Base */
+#define PREFIX_EX_B (1)
+/* Index */
+#define PREFIX_EX_X (2)
+/* Register */
+#define PREFIX_EX_R (4)
+/* Operand Width */
+#define PREFIX_EX_W (8)
+/* Vector Lengh */
+#define PREFIX_EX_L (0x10)
+/*
+ * The inst_lookup will return on of these two instructions according to the specified decoding mode.
+ * ARPL or MOVSXD on 64 bits is one byte instruction at index 0x63.
+ */
+#define INST_ARPL_INDEX (0x63)
+extern _InstInfo II_arpl;
+extern _InstInfoEx II_movsxd;
+/*
+ * The NOP instruction can be prefixed by REX in 64bits, therefore we have to decide in runtime whether it's an XCHG or NOP instruction.
+ * If 0x90 is prefixed by a useable REX it will become XCHG, otherwise it will become a NOP.
+ * Also note that if it's prefixed by 0xf3, it becomes a Pause.
+ */
+#define INST_NOP_INDEX (0x90)
+extern _InstInfo II_nop;
+extern _InstInfo II_pause;
+#endif /* X86DEFS_H */

data/ext/rallhook_base/extconf.rb CHANGED

@@ -5,26 +5,6 @@ CONFIG['CC'] = 'gcc'
 ruby_version = Config::CONFIG["ruby_version"]
 ruby_version = ruby_version.split(".")[0..1].join(".")
-def distorm
-  distorm_names = {
-      "/usr/lib/libdistorm3.so" => "distorm3",
-      "/usr/local/lib/libdistorm3.so" => "distorm3",
-      "/usr/lib/libdistorm64.so" => "distorm64",
-      "/usr/local/lib/libdistorm64.so" => "distorm64"
-    }
-  distorm_names.each do |k,v|
-    if File.exists? k then
-      return v
-    end
-  end
-  raise "Distorm library not found in the system"
-end
-$LIBS = $LIBS + " -l#{distorm()}"
 if ruby_version == "1.8"
 	$CFLAGS = $CFLAGS + " -DRUBY1_8"
 elsif ruby_version == "1.9"
@@ -34,6 +14,21 @@ else
 	print "try passing the rubyversion by argument (1.8 or 1.9)\n"
 end
+$CFLAGS = $CFLAGS  + " -o $@"
+srcdir = '.'
+$objs = []
+srcs = Dir[File.join(srcdir, "*.{#{SRC_EXT.join(%q{,})}}")]
+srcs += Dir[File.join(srcdir, "deps/distorm/*.c")]
+srcs += Dir[File.join(srcdir, "deps/distorm/src/*.c")]
+for f in srcs
+obj = f[2..-1].gsub(/\.c$/, ".o")
+$objs.push(obj) unless $objs.index(obj)
+end
 create_makefile('rallhook_base')

data/ext/rallhook_base/rallhook.c CHANGED

@@ -38,6 +38,7 @@ ID id_method_added;
 ID id_hook_enabled;
 ID id_hook_enable_left;
 ID id_hook_proc;
+ID __tinfo;
 ID id_return_value_var, id_klass_var, id_recv_var, id_method_var, id_unhook_var;
@@ -78,7 +79,7 @@ void tinfo_mark(AttachedThreadInfo* tinfo) {
 }
 AttachedThreadInfo* tinfo_from_thread(VALUE thread) {
-	VALUE tmp = rb_ivar_get( thread, rb_intern("__tinfo") );
+	VALUE tmp = rb_ivar_get( thread, __tinfo );
 	if (tmp == Qnil) {
 		AttachedThreadInfo* tinfo = malloc(sizeof(AttachedThreadInfo));
@@ -88,7 +89,7 @@ AttachedThreadInfo* tinfo_from_thread(VALUE thread) {
 		VALUE tinfo_obj = Data_Make_Struct(rb_cObject, AttachedThreadInfo, tinfo_mark, free, tinfo);
-		rb_ivar_set( thread, rb_intern("__tinfo"), tinfo_obj);
+		rb_ivar_set( thread, __tinfo, tinfo_obj);
 		return tinfo;
 	} else {
@@ -215,12 +216,6 @@ void rallhook_redirect_handler ( VALUE* klass, VALUE* recv, ID* mid ) {
 		}
 	}
-	// methods over class hook are illegal, may change the state of hook
-	if (*recv == rb_cHook ) {
-		rb_raise(rb_eSecurityError, "Illegal method call: Hook.%s", rb_id2name(*mid) );
-	}
 }
 /*
@@ -245,6 +240,8 @@ VALUE hook(VALUE self, VALUE hook_proc) {
 	enable_redirect(tinfo_from_thread(rb_thread_current()));
+	hook_rb_add_method();
 	if (rb_block_given_p() ) {
 		return rb_ensure(rb_yield, Qnil, unhook, self);
 	}
@@ -313,6 +310,19 @@ VALUE rb_thread_acquire_attributes( VALUE thread ) {
 	return Qnil;
 }
+#include "signal.h"
+void disable_sigsegv_handler() {
+struct sigaction sigDisable;
+sigDisable.sa_handler = SIG_IGN;
+sigDisable.sa_restorer = NULL;
+sigaction (SIGSEGV, &sigDisable, NULL);
+}
 extern void Init_rallhook_base() {
@@ -403,7 +413,9 @@ Example:
 	id_hook_enabled = rb_intern("__hook_enabled");
 	id_hook_enable_left = rb_intern("__hook_enable_left");
 	id_hook_proc = rb_intern("__hook_proc");
+	__tinfo = rb_intern("__tinfo");
 	rb_define_method(rb_cThread, "acquire_attributes", rb_thread_acquire_attributes,0);
+	disable_sigsegv_handler();
 }

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: rallhook
 version: !ruby/object:Gem::Version
-  hash: 9
+  hash: 63
   prerelease: false
   segments:
   - 0
-  - 7
-  - 5
-  version: 0.7.5
+  - 8
+  - 0
+  version: 0.8.0
 platform: ruby
 authors:
 - Dario Seminara
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-08-07 00:00:00 -03:00
+date: 2010-09-03 00:00:00 -03:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -71,6 +71,16 @@ files:
 - ext/rallhook_base/ruby_symbols.c
 - ext/rallhook_base/rb_call_fake.c
 - ext/rallhook_base/ruby_redirect.c
+- ext/rallhook_base/deps/distorm/src/decoder.c
+- ext/rallhook_base/deps/distorm/src/prefix.c
+- ext/rallhook_base/deps/distorm/src/distorm.c
+- ext/rallhook_base/deps/distorm/src/textdefs.c
+- ext/rallhook_base/deps/distorm/src/instructions.c
+- ext/rallhook_base/deps/distorm/src/wstring.c
+- ext/rallhook_base/deps/distorm/src/x86defs.c
+- ext/rallhook_base/deps/distorm/src/operands.c
+- ext/rallhook_base/deps/distorm/src/insts.c
+- ext/rallhook_base/deps/distorm/mnemonics.c
 - ext/rallhook_base/hook.c
 - ext/rallhook_base/rallhook.c
 - ext/rallhook_base/restrict_def.c
@@ -78,6 +88,18 @@ files:
 - ext/rallhook_base/method_node.c
 - ext/rallhook_base/hook.h
 - ext/rallhook_base/ruby_version.h
+- ext/rallhook_base/deps/distorm/src/operands.h
+- ext/rallhook_base/deps/distorm/src/decoder.h
+- ext/rallhook_base/deps/distorm/src/wstring.h
+- ext/rallhook_base/deps/distorm/src/prefix.h
+- ext/rallhook_base/deps/distorm/src/pydistorm.h
+- ext/rallhook_base/deps/distorm/src/textdefs.h
+- ext/rallhook_base/deps/distorm/src/instructions.h
+- ext/rallhook_base/deps/distorm/src/insts.h
+- ext/rallhook_base/deps/distorm/src/x86defs.h
+- ext/rallhook_base/deps/distorm/config.h
+- ext/rallhook_base/deps/distorm/mnemonics.h
+- ext/rallhook_base/deps/distorm/distorm.h
 - ext/rallhook_base/node_defs.h
 - ext/rallhook_base/hook_rb_call.h
 - ext/rallhook_base/ruby_symbols.h