seccomp-tools 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bd34a83058ba2aee13d7ddc08a6547fc70eac825
-  data.tar.gz: 0e07f97dfc60b2a21a26a584eadaae86055c3578
+  metadata.gz: 52d71ec73ddfa5dab7d22d982b27b2d4c3610080
+  data.tar.gz: '08439390a2e4a08d8619eba08b7b66a2814372b1'
 SHA512:
-  metadata.gz: 1415f2f48d7a626f3390f0a6705871da51448c92a086c6321bd201e7d5666be1f1691b561d0fbbf91265419905b44052fa1a89d7f59140ff922cba15c737549e
-  data.tar.gz: c5496c8708fb0f88e8dca0b967bcedd5221bc66ccdc0fd2f93f45d3b76ed8e8446677f5694b1c34d2ce2b4bfa18a12fb56e433187c8ece9d2dc7f9f719e21c5b
+  metadata.gz: c69c741edae030e7a775dcad768fa983c627cda1d849947c079d45148453a018cbba249abd18faced059b4c4cdc793e746d707e178b2e845804e7bb9a4c70437
+  data.tar.gz: fc8cc5926cba54d561822b3a75b57c8721b1113ef16117f455c8a91f651dbad16ced7f6e09209d2adcd7a8183f4a1f8d327aa490652fe5f8ee7a3be187fe361a

data/README.md

@@ -16,6 +16,7 @@ Some features might be CTF-specific, but still useful for analysis of seccomp in
 * Disasm - Convert bpf to human readable format.
   - Simple decompile.
   - Show syscall names.
+* Asm - Write seccomp rules is so easy!
 * Emu - Emulate seccomp rules.
 * (TODO) Solve constraints for executing syscalls (e.g. `execve/open/read/write`).
 * Support multi-architectures.
@@ -39,6 +40,7 @@ $ seccomp-tools --help
 #
 # 	dump	Automatically dump seccomp bpf from execution file.
 # 	disasm	Disassemble seccomp bpf.
+# 	asm	Seccomp bpf assembler.
 # 	emu	Emulate seccomp rules.
 #
 # See 'seccomp-tools --help <command>' to read about a specific subcommand.
@@ -111,7 +113,7 @@ $ seccomp-tools dump spec/binary/twctf-2016-diary -f raw | xxd
 
 ### disasm
 
-Disassemble the seccomp bpf.
+Disassemble the seccomp from raw bpf.
 ```bash
 $ xxd spec/data/twctf-2016-diary.bpf | head -n 3
 # 00000000: 2000 0000 0000 0000 1500 0001 0200 0000   ...............
@@ -142,6 +144,65 @@ $ seccomp-tools disasm spec/data/twctf-2016-diary.bpf
 
 ```
 
+### asm
+
+Assemble the seccomp rules into raw bytes.
+Very useful when want to write custom seccomp rules.
+
+Supports labels for jumping and use syscall names directly. See example below.
+```bash
+$ seccomp-tools asm
+# asm - Seccomp bpf assembler.
+#
+# Usage: seccomp-tools asm IN_FILE [options]
+#     -o, --output FILE                Output result into FILE instead of stdout.
+#     -f, --format FORMAT              Output format. FORMAT can only be one of <inspect|raw|carray>.
+#                                      Default: inspect
+#     -a, --arch ARCH                  Specify architecture.
+#                                      Supported architectures are <amd64|i386>.
+
+# Input file for asm
+$ cat spec/data/libseccomp.asm
+# # check if arch is X86_64
+# A = arch
+# A == 0xc000003e ? next : dead
+# A = sys_number
+# A >= 0x40000000 ? dead : next
+# A == write ? ok : next
+# A == close ? ok : next
+# A == dup ? ok : next
+# A == exit ? ok : next
+# return ERRNO(5)
+# ok:
+# return ALLOW
+# dead:
+# return KILL
+
+$ seccomp-tools asm spec/data/libseccomp.asm
+# " \x00\x00\x00\x04\x00\x00\x00\x15\x00\x00\b>\x00\x00\xC0 \x00\x00\x00\x00\x00\x00\x005\x00\x06\x00\x00\x00\x00@\x15\x00\x04\x00\x01\x00\x00\x00\x15\x00\x03\x00\x03\x00\x00\x00\x15\x00\x02\x00 \x00\x00\x00\x15\x00\x01\x00<\x00\x00\x00\x06\x00\x00\x00\x05\x00\x05\x00\x06\x00\x00\x00\x00\x00\xFF\x7F\x06\x00\x00\x00\x00\x00\x00\x00"
+
+$ seccomp-tools asm spec/data/libseccomp.asm -f carray
+# unsigned char bpf[] = {32,0,0,0,4,0,0,0,21,0,0,8,62,0,0,192,32,0,0,0,0,0,0,0,53,0,6,0,0,0,0,64,21,0,4,0,1,0,0,0,21,0,3,0,3,0,0,0,21,0,2,0,32,0,0,0,21,0,1,0,60,0,0,0,6,0,0,0,5,0,5,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0};
+
+
+# let's asm then disasm!
+$ seccomp-tools asm spec/data/libseccomp.asm -f raw | seccomp-tools disasm -
+#  line  CODE  JT   JF      K
+# =================================
+#  0000: 0x20 0x00 0x00 0x00000004  A = arch
+#  0001: 0x15 0x00 0x08 0xc000003e  if (A != ARCH_X86_64) goto 0010
+#  0002: 0x20 0x00 0x00 0x00000000  A = sys_number
+#  0003: 0x35 0x06 0x00 0x40000000  if (A >= 0x40000000) goto 0010
+#  0004: 0x15 0x04 0x00 0x00000001  if (A == write) goto 0009
+#  0005: 0x15 0x03 0x00 0x00000003  if (A == close) goto 0009
+#  0006: 0x15 0x02 0x00 0x00000020  if (A == dup) goto 0009
+#  0007: 0x15 0x01 0x00 0x0000003c  if (A == exit) goto 0009
+#  0008: 0x06 0x00 0x00 0x00050005  return ERRNO
+#  0009: 0x06 0x00 0x00 0x7fff0000  return ALLOW
+#  0010: 0x06 0x00 0x00 0x00000000  return KILL
+
+```
+
 ### Emu
 
 Emulate seccomp given `sys_nr`, `arg0`, `arg1`, etc.

data/lib/seccomp-tools/asm/asm.rb

@@ -0,0 +1,34 @@
+require 'seccomp-tools/asm/compiler'
+require 'seccomp-tools/util'
+
+module SeccompTools
+  # Assembler of seccomp bpf.
+  module Asm
+    module_function
+
+    # Assembler of seccomp bpf.
+    # @param [String] str
+    # @return [String]
+    #   Raw bpf bytes.
+    # @example
+    #   asm(<<EOS)
+    #     # lines start with '#' are comments
+    #     A = sys_number                # here's a comment, too
+    #     A >= 0x40000000 ? dead : next # 'next' is a keyword, denote the next instruction
+    #     A == read ? ok : next         # custom defined label 'dead' and 'ok'
+    #     A == 1 ? ok : next            # SYS_write = 1 in amd64
+    #     return ERRNO(1)
+    #     dead:
+    #     return KILL
+    #     ok:
+    #     return ALLOW
+    #   EOS
+    #   #=> <raw binary bytes>
+    def asm(str, arch: nil)
+      arch = Util.system_arch if arch.nil? # TODO: show warning
+      compiler = Compiler.new(arch)
+      str.lines.each { |l| compiler.process(l) }
+      compiler.compile!.map(&:asm).join
+    end
+  end
+end

data/lib/seccomp-tools/asm/compiler.rb

@@ -0,0 +1,221 @@
+require 'seccomp-tools/asm/tokenizer'
+require 'seccomp-tools/bpf'
+require 'seccomp-tools/const'
+
+module SeccompTools
+  module Asm
+    # Compile seccomp rules.
+    class Compiler
+      def initialize(arch)
+        @arch = arch
+        @insts = []
+        @labels = {}
+        @input = []
+      end
+
+      # Before compile assembly codes, process each lines.
+      #
+      # With this we can support label in seccomp rules.
+      # @param [String] line
+      #   One line of seccomp rule.
+      # @return [void]
+      def process(line)
+        @input << line.strip
+        line = remove_comment(line)
+        @token = Tokenizer.new(line)
+        return if line.empty?
+        begin
+          res = case line
+                when /\?/ then cmp
+                when /^#{Tokenizer::LABEL_REGEXP}:/ then define_label
+                when /^return/ then ret
+                when /^(A|X)\s*=[^=]/ then assign
+                when /^A\s*.=/ then alu
+                end
+        rescue ArgumentError => e
+          invalid(@input.size - 1, e.message)
+        end
+        invalid(@input.size - 1) if res.nil?
+        if res.first == :label
+          @labels[res.last] = @insts.size
+        else
+          @insts << res
+        end
+        res
+      end
+
+      # @return [Array<SeccompTools::BPF>]
+      def compile!
+        @insts.map.with_index do |inst, idx|
+          @line = idx
+          case inst.first
+          when :assign then compile_assign(inst[1], inst[2])
+          when :alu then compile_alu(inst[1], inst[2])
+          when :ret then compile_ret(inst[1])
+          when :cmp then compile_cmp(inst[1], inst[2], inst[3], inst[4])
+          end
+        end
+      rescue ArgumentError => e
+        invalid(@line, e.message)
+      end
+
+      private
+
+      def emit(*args, k: 0, jt: 0, jf: 0)
+        code = 0
+        # bad idea, while keys are not duplicated so this is ok.
+        args.each do |a|
+          code |= Const::BPF::COMMAND.fetch(a, 0)
+          code |= Const::BPF::JMP.fetch(a, 0)
+          code |= Const::BPF::SRC.fetch(a, 0)
+          code |= Const::BPF::MODE.fetch(a, 0)
+          code |= Const::BPF::OP.fetch(a, 0)
+          code |= Const::BPF::MISCOP.fetch(a, 0)
+        end
+        BPF.new({ code: code, k: k, jt: jt, jf: jf }, @arch, @line)
+      end
+
+      # A = X / X = A
+      # <A|X> = mem[i]
+      # <A|X> = 123|sys_const
+      # A = args[i]|sys_number|arch
+      # A = data[4 * i]
+      def compile_assign(dst, src)
+        # misc txa / tax
+        return emit(:misc, :txa) if dst == :a && src == :x
+        return emit(:misc, :tax) if dst == :x && src == :a
+        src = evaluate(src)
+        # TODO: handle store case.
+        ld = dst == :x ? :ldx : :ld
+        # <A|X> = <immi>
+        return emit(ld, :imm, k: src) if src.is_a?(Integer)
+        # now src must be in form [:mem/:data, num]
+        return emit(ld, :mem, k: src.last) if src.first == :mem
+        # check if num is multiple of 4
+        raise ArgumentError, 'Index of data[] must be multiplication of 4' if src.last % 4 != 0
+        emit(ld, :abs, k: src.last)
+      end
+
+      def compile_alu(op, val)
+        val = evaluate(val)
+        src = val == :x ? :x : :k
+        val = 0 if val == :x
+        emit(:alu, op, src, k: val)
+      end
+
+      def compile_ret(val)
+        emit(:ret, k: val)
+      end
+
+      def compile_cmp(op, val, jt, jf)
+        jt = label_offset(jt)
+        jf = label_offset(jf)
+        val = evaluate(val)
+        src = val == :x ? :x : :k
+        val = 0 if val == :x
+        emit(:jmp, op, src, jt: jt, jf: jf, k: val)
+      end
+
+      def label_offset(label)
+        return label if label.is_a?(Integer)
+        return 0 if label == 'next'
+        raise ArgumentError, "Undefined label #{label.inspect}" if @labels[label].nil?
+        @labels[label] - @line - 1
+      end
+
+      def evaluate(val)
+        return val if val.is_a?(Integer) || val == :x
+        # keywords
+        val = case val
+              when 'sys_number' then [:data, 0]
+              when 'arch' then [:data, 4]
+              else val
+              end
+        return Const::Syscall.const_get(@arch.upcase.to_sym)[val.to_sym] if val.is_a?(String)
+        # remains are [:mem/:data/:args, <num>]
+        # first convert args to data
+        val = [:data, val.last * 8 + 16] if val.first == :args
+        val
+      end
+
+      attr_reader :token
+
+      # A <comparison> <sys_str|X|Integer> ? <label|Integer> : <label|Integer>
+      def cmp
+        token.fetch!('A')
+        op = token.fetch!(:comparison)
+        dst = token.fetch!(:sys_num_x)
+        token.fetch!('?')
+        jt = token.fetch!(:goto)
+        token.fetch!(':')
+        jf = token.fetch!(:goto)
+        convert = {
+          :< => :>=,
+          :<= => :>,
+          :!= => :==
+        }
+        if convert[op]
+          op = convert[op]
+          jt, jf = jf, jt
+        end
+        op = {
+          :>= => :jge,
+          :> => :jgt,
+          :== => :jeq
+        }[op]
+        [:cmp, op, dst, jt, jf]
+      end
+
+      def ret
+        token.fetch!('return')
+        [:ret, token.fetch!(:ret)]
+      end
+
+      # possible types after '=':
+      #   A = X
+      #   X = A
+      #   A = 123
+      #   A = data[i]
+      #   A = mem[i]
+      #   A = args[i]
+      #   A = sys_number|arch
+      def assign
+        dst = token.fetch!(:ax)
+        token.fetch!('=')
+        src = token.fetch(:ax) ||
+              token.fetch(:sys_num_x) ||
+              token.fetch(:ary) ||
+              token.fetch('sys_number') ||
+              token.fetch('arch')
+        [:assign, dst, src]
+      end
+
+      def define_label
+        name = token.fetch!(:goto)
+        token.fetch(':')
+        [:label, name]
+      end
+
+      # A op= sys_num_x
+      def alu
+        token.fetch!('A')
+        op = token.fetch!(:alu_op)
+        token.fetch!('=')
+        src = token.fetch!(:sys_num_x)
+        [:alu, op, src]
+      end
+
+      def remove_comment(line)
+        line = line.to_s.dup
+        line.slice!(/#.*\Z/m)
+        line.strip
+      end
+
+      def invalid(line, extra_msg = nil)
+        message = "Invalid instruction at line #{line + 1}: #{@input[line].inspect}"
+        message += "\n" + 'Error: ' + extra_msg if extra_msg
+        raise ArgumentError, message
+      end
+    end
+  end
+end

data/lib/seccomp-tools/asm/tokenizer.rb

@@ -0,0 +1,152 @@
+require 'seccomp-tools/const'
+require 'seccomp-tools/instruction/alu'
+
+module SeccompTools
+  module Asm
+    # Fetch tokens from string.
+    # This class is for internel usage, used by {Compiler}.
+    class Tokenizer
+      # a valid label
+      LABEL_REGEXP = /[a-z_][a-z0-9_]+/
+      attr_accessor :cur
+
+      # @param [String] str
+      # @example
+      #   Tokenizer.new('return ALLOW')
+      def initialize(str)
+        @str = str
+        @cur = @str.dup
+      end
+
+      # Fetch a token without raising errors.
+      def fetch(type)
+        fetch!(type)
+      rescue ArgumentError
+        nil
+      end
+
+      # Fetch a token. When expected token is not found,
+      # error with proper message would be raised.
+      #
+      # @param [String, Symbol] type
+      # @example
+      #   tokenizer = Tokenizer.new('return ALLOW')
+      #   tokenfizer.fetch!('return')
+      #   #=> "return"
+      #   tokenizer.fetch!(:ret)
+      #   #=> 2147418112
+      def fetch!(type)
+        @last_match_size = 0
+        res = case type
+              when String then fetch_str(type) || raise_expected("token #{type.inspect}")
+              when :comparison then fetch_strs(COMPARISON).to_sym || raise_expected('a comparison operator')
+              when :sys_num_x then fetch_sys_num_x || raise_expected("a syscall number or 'X'")
+              when :goto then fetch_number || fetch_label || raise_expected('a number or label name')
+              when :ret then fetch_return || raise(ArgumentError, <<-EOS)
+Invalid return type: #{cur.inspect}.
+              EOS
+              when :ax then fetch_ax || raise_expected("'A' or 'X'")
+              when :ary then fetch_ary || raise_expected('data[<num>], mem[<num>], or args[<num>]')
+              when :alu_op then fetch_alu || raise_expected('an ALU operator')
+              else raise ArgumentError, "Unsupported type: #{type.inspect}"
+              end
+        slice!
+        res
+      end
+
+      private
+
+      COMPARISON = %w[== != <= >= < >].freeze
+
+      def fetch_strs(strs)
+        strs.find(&method(:fetch_str))
+      end
+
+      def fetch_str(str)
+        return nil unless cur.start_with?(str)
+        @last_match_size = str.size
+        str
+      end
+
+      def fetch_ax
+        return :a if fetch_str('A')
+        return :x if fetch_str('X')
+        nil
+      end
+
+      def fetch_sys_num_x
+        return :x if fetch_str('X')
+        fetch_number || fetch_syscall
+      end
+
+      # Currently only supports 10-based decimal numbers.
+      def fetch_number
+        res = fetch_regexp(/^0x[0-9a-f]+/) || fetch_regexp(/^[0-9]+/)
+        return nil if res.nil?
+        Integer(res)
+      end
+
+      def fetch_syscall
+        sys = Const::Syscall::AMD64
+        sys = sys.merge(Const::Syscall::I386)
+        fetch_strs(sys.keys.map(&:to_s).sort_by(&:size).reverse)
+      end
+
+      def fetch_regexp(regexp)
+        idx = cur =~ regexp
+        return nil if idx.nil? || idx != 0
+        match = cur.match(regexp)[0]
+        @last_match_size = match.size
+        match
+      end
+
+      def fetch_label
+        fetch_regexp(LABEL_REGEXP)
+      end
+
+      # Convert <type>(num) into return value according to {Const::ACTION}
+      # @return [Integer, :a]
+      def fetch_return
+        regexp = /(#{Const::BPF::ACTION.keys.join('|')})(\([0-9]{1,5}\))?/
+        action = fetch_regexp(regexp)
+        return fetch_str('A') && :a if action.nil?
+        # check if action contains '('the next bytes are (<num>)
+        ret_val = 0
+        if action.include?('(')
+          action, val = action.split('(')
+          ret_val = val.to_i
+        end
+        Const::BPF::ACTION[action.to_sym] | ret_val
+      end
+
+      def fetch_ary
+        support_name = %w[data mem args]
+        regexp = /(#{support_name.join('|')})\[[0-9]{1,2}\]/
+        match = fetch_regexp(regexp)
+        return nil if match.nil?
+        res, val = match.split('[')
+        val = val.to_i
+        [res.to_sym, val]
+      end
+
+      def fetch_alu
+        ops = %w[+ - * / | & ^ << >>]
+        op = fetch_strs(ops)
+        return nil if op.nil?
+        Instruction::ALU::OP_SYM.invert[op.to_sym]
+      end
+
+      def slice!
+        ret = cur.slice!(0, @last_match_size)
+        cur.strip!
+        ret
+      end
+
+      def raise_expected(msg)
+        raise ArgumentError, <<-EOS
+Expected #{msg}, while #{cur.split[0].inspect} occured.
+        EOS
+      end
+    end
+  end
+end

data/lib/seccomp-tools/bpf.rb

@@ -1,3 +1,5 @@
+require 'set'
+
 require 'seccomp-tools/const'
 require 'seccomp-tools/instruction/instruction'
 
@@ -27,11 +29,18 @@ module SeccompTools
     # @param [Integer] line
     #   Line number of this filter.
     def initialize(raw, arch, line)
-      io = StringIO.new(raw)
-      @code = io.read(2).unpack('S').first
-      @jt = io.read(1).ord
-      @jf = io.read(1).ord
-      @k = io.read(4).unpack('L').first
+      if raw.is_a?(String)
+        io = StringIO.new(raw)
+        @code = io.read(2).unpack('S').first
+        @jt = io.read(1).ord
+        @jf = io.read(1).ord
+        @k = io.read(4).unpack('L').first
+      else
+        @code = raw[:code]
+        @jt = raw[:jt]
+        @jf = raw[:jf]
+        @k = raw[:k]
+      end
       @arch = arch
       @line = line
       @contexts = Set.new
@@ -44,6 +53,13 @@ module SeccompTools
              line, code, jt, jf, k, decompile)
     end
 
+    # Convert to raw bytes.
+    # @return [String]
+    #   Raw bpf bytes.
+    def asm
+      [code].pack('S*') + [jt, jf].pack('C*') + [k].pack('L')
+    end
+
     # Command according to +code+.
     # @return [Symbol]
     #   See {Const::BPF::COMMAND} for list of commands.

data/lib/seccomp-tools/cli/asm.rb

@@ -0,0 +1,54 @@
+require 'seccomp-tools/cli/base'
+require 'seccomp-tools/asm/asm'
+
+module SeccompTools
+  module CLI
+    # Handle 'asm' command.
+    class Asm < Base
+      # Summary of this command.
+      SUMMARY = 'Seccomp bpf assembler.'.freeze
+      # Usage of this command.
+      USAGE = ('asm - ' + SUMMARY + "\n\n" + 'Usage: seccomp-tools asm IN_FILE [options]').freeze
+
+      def initialize(*)
+        super
+        option[:format] = :inspect
+      end
+
+      # Define option parser.
+      # @return [OptionParser]
+      def parser
+        @parser ||= OptionParser.new do |opt|
+          opt.banner = usage
+          opt.on('-o', '--output FILE', 'Output result into FILE instead of stdout.') do |o|
+            option[:ofile] = o
+          end
+
+          opt.on('-f', '--format FORMAT', %i[inspect raw carray],
+                 'Output format. FORMAT can only be one of <inspect|raw|carray>.',
+                 'Default: inspect') do |f|
+                   option[:format] = f
+                 end
+
+          option_arch(opt)
+        end
+      end
+
+      # Handle options.
+      # @return [void]
+      def handle
+        return unless super
+        option[:ifile] = argv.shift
+        return CLI.show(parser.help) if option[:ifile].nil?
+        res = SeccompTools::Asm.asm(input, arch: option[:arch])
+        output do
+          case option[:format]
+          when :inspect then res.inspect + "\n"
+          when :raw then res
+          when :carray then "unsigned char bpf[] = {#{res.bytes.join(',')}};\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/seccomp-tools/cli/base.rb

@@ -30,6 +30,14 @@ module SeccompTools
         true
       end
 
+      # If +option[:ifile]+ is '-', read from stdin,
+      # otherwise, read from file.
+      # @return [String]
+      #   String read from file.
+      def input
+        option[:ifile] == '-' ? STDIN.read.force_encoding('ascii-8bit') : IO.binread(option[:ifile])
+      end
+
       # Write data to stdout or file(s).
       # @yieldreturn [String]
       #   The data to be written.

data/lib/seccomp-tools/cli/cli.rb

@@ -1,3 +1,4 @@
+require 'seccomp-tools/cli/asm'
 require 'seccomp-tools/cli/disasm'
 require 'seccomp-tools/cli/dump'
 require 'seccomp-tools/cli/emu'
@@ -10,6 +11,7 @@ module SeccompTools
     COMMANDS = {
       'dump' => SeccompTools::CLI::Dump,
       'disasm' => SeccompTools::CLI::Disasm,
+      'asm' => SeccompTools::CLI::Asm,
       'emu' => SeccompTools::CLI::Emu
     }.freeze
 

data/lib/seccomp-tools/cli/disasm.rb

@@ -3,7 +3,7 @@ require 'seccomp-tools/disasm/disasm'
 
 module SeccompTools
   module CLI
-    # Handle 'dump' command.
+    # Handle 'disasm' command.
     class Disasm < Base
       # Summary of this command.
       SUMMARY = 'Disassemble seccomp bpf.'.freeze
@@ -29,7 +29,7 @@ module SeccompTools
         return unless super
         option[:ifile] = argv.shift
         return CLI.show(parser.help) if option[:ifile].nil?
-        output { SeccompTools::Disasm.disasm(IO.binread(option[:ifile]), arch: option[:arch]) }
+        output { SeccompTools::Disasm.disasm(input, arch: option[:arch]) }
       end
     end
   end

data/lib/seccomp-tools/cli/emu.rb

@@ -42,7 +42,7 @@ module SeccompTools
         return unless super
         option[:ifile] = argv.shift
         return CLI.show(parser.help) if option[:ifile].nil?
-        raw = IO.binread(option[:ifile])
+        raw = input
         insts = SeccompTools::Disasm.to_bpf(raw, option[:arch]).map(&:inst)
         disasm = SeccompTools::Disasm.disasm(raw, arch: option[:arch])
         sys, *args = argv

data/lib/seccomp-tools/emulator.rb

@@ -28,7 +28,7 @@ module SeccompTools
     # Run emulation!
     # @return [Hash{Symbol, Integer => Integer}]
     def run
-      @values = { pc: 0 }
+      @values = { pc: 0, a: 0, x: 0 }
       loop do
         break if @values[:ret] # break when returned
         yield(@values) if block_given?

data/lib/seccomp-tools/instruction/alu.rb

@@ -4,6 +4,20 @@ module SeccompTools
   module Instruction
     # Instruction alu.
     class ALU < Base
+      # Mapping from name to operator.
+      OP_SYM = {
+        add: :+,
+        sub: :-,
+        mul: :*,
+        div: :/,
+        or: :|,
+        and: :&,
+        lsh: :<<,
+        rsh: :>>,
+        # neg: :-, # should not be invoked
+        # mod: :%, # unsupported
+        xor: :^
+      }.freeze
       # Decompile instruction.
       def decompile
         return 'A = -A' if op == :neg
@@ -36,23 +50,15 @@ module SeccompTools
       end
 
       def op_sym
-        case op
-        when :add then :+
-        when :sub then :-
-        when :mul then :*
-        when :div then :/
-        when :or  then :|
-        when :and then :&
-        when :lsh then :<<
-        when :rsh then :>>
-        # when :neg then :- # should not invoke this method
-        # when :mod then :% # unsupported
-        when :xor then :^
-        end
+        OP_SYM[op]
       end
 
       def src_str
-        src == :x ? 'X' : src.to_s
+        return 'X' if src == :x
+        case op
+        when :lsh, :rsh then src.to_s
+        else '0x' + src.to_s(16)
+        end
       end
 
       def src

data/lib/seccomp-tools/version.rb

@@ -1,4 +1,4 @@
 module SeccompTools
   # Gem version.
-  VERSION = '1.0.0'.freeze
+  VERSION = '1.1.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: seccomp-tools
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - david942j
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-10 00:00:00.000000000 Z
+date: 2017-09-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: codeclimate-test-reporter
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.6'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -124,7 +138,11 @@ files:
 - ext/ptrace/extconf.rb
 - ext/ptrace/ptrace.c
 - lib/seccomp-tools.rb
+- lib/seccomp-tools/asm/asm.rb
+- lib/seccomp-tools/asm/compiler.rb
+- lib/seccomp-tools/asm/tokenizer.rb
 - lib/seccomp-tools/bpf.rb
+- lib/seccomp-tools/cli/asm.rb
 - lib/seccomp-tools/cli/base.rb
 - lib/seccomp-tools/cli/cli.rb
 - lib/seccomp-tools/cli/disasm.rb
@@ -170,7 +188,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: seccomp-tools