smallworld-re 1.0.3__py3-none-any.whl → 2.0.0__py3-none-any.whl

smallworld/state/memory/elf/coredump/prstatus/ppc.py

@@ -0,0 +1,82 @@
+import typing
+
+import lief
+
+from ...... import platforms
+from .prstatus import PrStatus
+
+
+class PowerPC(PrStatus):
+    byteorder = platforms.Byteorder.BIG
+
+    @property
+    def register_coords(
+        self,
+    ) -> typing.List[typing.Tuple[typing.Optional[str], int, int]]:
+        return self._register_coords
+
+    def __init__(self, elf: lief.ELF.Binary, wordsize):
+        _register_list = [
+            "r0",
+            "r1",
+            "r2",
+            "r3",
+            "r4",
+            "r5",
+            "r6",
+            "r7",
+            "r8",
+            "r9",
+            "r10",
+            "r11",
+            "r12",
+            "r13",
+            "r14",
+            "r15",
+            "r16",
+            "r17",
+            "r18",
+            "r19",
+            "r20",
+            "r21",
+            "r22",
+            "r23",
+            "r24",
+            "r25",
+            "r26",
+            "r27",
+            "r28",
+            "r29",
+            "r30",
+            "r31",
+            "pc",
+            # No idea what these are, as it's not documented.
+            None,
+            None,
+            "ctr",
+            "lr",
+        ]
+        self._register_coords = [
+            (_register_list[i], i * wordsize, wordsize)
+            for i in range(0, len(_register_list))
+        ]
+        super().__init__(elf)
+
+
+class PowerPC32(PowerPC):
+    architecture = platforms.Architecture.POWERPC32
+    pr_regs_off = 72
+    pr_regs_size = 192
+
+    def __init__(self, elf: lief.ELF.Binary):
+        super().__init__(elf, 4)
+
+
+class PowerPC64(PowerPC):
+    architecture = platforms.Architecture.POWERPC64
+
+    pr_regs_off = 112
+    pr_regs_size = 384
+
+    def __init__(self, elf: lief.ELF.Binary):
+        super().__init__(elf, 8)

smallworld/state/memory/elf/coredump/prstatus/prstatus.py

@@ -0,0 +1,129 @@
+import abc
+import typing
+
+import lief
+
+from ...... import exceptions, platforms, utils
+from .....cpus import CPU
+from .....state import FixedRegister
+
+
+class PrStatus:
+    """Class for extracting process information from a core dump
+
+    The prstatus struct is arch-specific.
+    Lief can interpret them for a small number of architectures,
+    but definitely not all supported by SmallWorld.
+    """
+
+    @property
+    @abc.abstractmethod
+    def architecture(self) -> platforms.Architecture:
+        raise NotImplementedError()
+
+    @property
+    @abc.abstractmethod
+    def byteorder(self) -> platforms.Byteorder:
+        raise NotImplementedError()
+
+    def __init__(self, elf: lief.ELF.Binary):
+        assert elf.header.file_type == lief.ELF.E_TYPE.CORE
+
+        self.platform = platforms.Platform(self.architecture, self.byteorder)
+        self.platdef = platforms.PlatformDef.for_platform(self.platform)
+
+        self._registers: typing.Dict[str, int] = dict()
+
+        # Find the PrStatus note
+        prstatus: typing.Optional[lief.ELF.CorePrStatus] = None
+        for note in elf.notes:
+            if isinstance(note, lief.ELF.CorePrStatus):
+                prstatus = note
+                break
+
+        if prstatus is None:
+            # Didn't find one.
+            raise exceptions.ConfigurationError("ELF core file has no PrStatus note")
+
+        self._parse_prstatus(prstatus)
+
+    @property
+    @abc.abstractmethod
+    def pr_regs_off(self) -> int:
+        raise NotImplementedError()
+
+    @property
+    @abc.abstractmethod
+    def pr_regs_size(self) -> int:
+        raise NotImplementedError()
+
+    @property
+    def register_coords(
+        self,
+    ) -> typing.List[typing.Tuple[typing.Optional[str], int, int]]:
+        raise NotImplementedError()
+
+    def _parse_prstatus(self, prstatus: lief.ELF.CorePrStatus) -> None:
+        # Load the registers from prstatus.
+        #
+        # All prstatus structs have the same layout:
+        # a single field called 'pr_regs' that contains a list of registers.
+        # The only trick is knowng the offset of that field
+        # and the offset and size of each register within it.
+
+        # Get byteorder literals
+        byteorder: typing.Literal["little", "big"]
+        if self.byteorder is platforms.Byteorder.LITTLE:
+            byteorder = "little"
+        elif self.byteorder is platforms.Byteorder.BIG:
+            # NOTE: Core dumps generated on a little-endian machine appear to come out little-endian.
+            # This may be a problem in the future
+            byteorder = "little"
+        else:
+            raise exceptions.ConfigurationError(
+                f"Can't decode byteorder {self.byteorder}"
+            )
+
+        # Extract the raw bytes
+        data = prstatus.description.tobytes()
+
+        # Extract the registers from the struct
+        for name, reg_off, reg_size in self.register_coords:
+            if name is None:
+                # Register we don't handle, or padding.
+                continue
+            reg_start = self.pr_regs_off + reg_off
+            reg_end = self.pr_regs_off + reg_off + reg_size
+
+            reg_bytes = data[reg_start:reg_end]
+            if (
+                self.platdef.address_size == 8
+                and self.byteorder is platforms.Byteorder.BIG
+            ):
+                # 64-bit registers are somehow presented middle-endian
+                # I have no idea.
+                reg_bytes = reg_bytes[4:8] + reg_bytes[0:4]
+
+            self._registers[name] = int.from_bytes(reg_bytes, byteorder)
+
+    def populate_cpu(self, cpu: CPU) -> None:
+        for reg, value in self._registers.items():
+            if not hasattr(cpu, reg):
+                raise exceptions.ConfigurationError(
+                    f"PrStatus register {reg} not in CPU for platform {self.platform}"
+                )
+            field = getattr(cpu, reg)
+            if not isinstance(field, FixedRegister):
+                field.set(value)
+
+    @classmethod
+    def for_platform(cls, platform: platforms.Platform, elf: lief.ELF.Binary):
+        try:
+            return utils.find_subclass(
+                cls,
+                lambda x: x.architecture == platform.architecture
+                and x.byteorder == platform.byteorder,
+                elf,
+            )
+        except Exception as e:
+            raise ValueError(f"No PrStatus class for {platform}") from e

smallworld/state/memory/elf/elf.py

@@ -4,7 +4,6 @@ import typing
 import lief
 
 from ....exceptions import ConfigurationError
-from ....hinting import Hint, get_hinter
 from ....platforms import Architecture, Byteorder, Platform
 from ....utils import RangeCollection
 from ...state import BytesValue
@@ -13,7 +12,6 @@ from .rela import ElfRelocator
 from .structs import ElfRela, ElfSymbol
 
 log = logging.getLogger(__name__)
-hinter = get_hinter(__name__)
 
 # ELF machine values
 # See /usr/include/elf.h for the complete list
@@ -26,6 +24,7 @@ EM_X86_64 = 62  # AMD/Intel x86-64
 EM_XTENSA = 94  # Xtensa
 EM_AARCH64 = 183  # ARM v9, or AARCH64
 EM_RISCV = 243  # RISC-V
+EM_LOONGARCH = 258  # LoongArch
 
 # ARM-specific flag values
 EF_ARM_VFP_FLOAT = 0x400
@@ -99,10 +98,19 @@ class ElfExecutable(Executable):
         self._user_base = user_base
         self._file_base = 0
 
+        # Lief struct.
+        # We can't keep it around forever, since it's not copyable.
+        self._elf: typing.Optional[typing.Any] = None
+
+        # Initialize dynamic tag info
+        self._dtags: typing.Dict[int, int] = dict()
+
         # Initialize symbol info
-        self._symbols: typing.List[ElfSymbol] = list()
+        self._dynamic_symbols: typing.List[ElfSymbol] = list()
+        self._static_symbols: typing.List[ElfSymbol] = list()
+        self._dynamic_relas: typing.List[ElfRela] = list()
+        self._static_relas: typing.List[ElfRela] = list()
         self._syms_by_name: typing.Dict[str, typing.List[ElfSymbol]] = dict()
-        self._relas: typing.List[ElfRela] = list()
         self._relocator: typing.Optional[ElfRelocator] = None
 
         # Read the entire image out of the file.
@@ -121,6 +129,9 @@ class ElfExecutable(Executable):
         if elf is None:
             raise ConfigurationError("Failed parsing ELF")
 
+        # Save the lief struct
+        self._elf = elf
+
         # Extract the file header
         ehdr = elf.header
         if ehdr is None:
@@ -169,15 +180,13 @@ class ElfExecutable(Executable):
             elif phdr.type == PT_DYNAMIC:
                 # Dynamic linking metadata.
                 # This ELF needs dynamic linking
-                hint = Hint(message="Program includes dynamic linking metadata")
-                hinter.info(hint)
+                log.info("Program includes dynamic linking metadata")
             elif phdr.type == PT_INTERP:
                 # Program interpreter
                 # This completely changes how program loading works.
                 # Whether you care is a different matter.
                 interp = image[phdr.file_offset : phdr.file_offset + phdr.physical_size]
-                hint = Hint(message=f"Program specifies interpreter {interp!r}")
-                hinter.info(hint)
+                log.info(f"Program specifies interpreter {interp!r}")
             elif phdr.type == PT_NOTE:
                 # Auxiliary information
                 # Possibly useful for comparing machine/OS type.
@@ -189,8 +198,7 @@ class ElfExecutable(Executable):
             elif phdr.type == PT_TLS:
                 # TLS Segment
                 # Your analysis is about to get nasty :(
-                hint = Hint(message="Program includes thread-local storage")
-                hinter.info(hint)
+                log.info("Program includes thread-local storage")
             elif phdr.type == PT_GNU_EH_FRAME:
                 # Exception handler frame.
                 # GCC puts one of these in everything.  Do we care?
@@ -198,13 +206,11 @@ class ElfExecutable(Executable):
             elif phdr.type == PT_GNU_STACK:
                 # Stack executability
                 # If this is missing, assume executable stack
-                hint = Hint(message="Program specifies stack permissions")
-                hinter.info(hint)
+                log.info("Program specifies stack permissions")
             elif phdr.type == PT_GNU_RELRO:
                 # Read-only after relocation
                 # Only the dynamic linker should write this data.
-                hint = Hint(message="Program specifies RELRO data")
-                hinter.info(hint)
+                log.info("Program specifies RELRO data")
             elif phdr.type == PT_GNU_PROPERTY:
                 # GNU property segment
                 # Contains extra metadata which I'm not sure anything uses
@@ -213,21 +219,18 @@ class ElfExecutable(Executable):
                 # Unknown OS-specific program header
                 # Either this is a weird ISA that extends the generic GNU ABI,
                 # or this isn't a Linux ELF.
-                hint = Hint(f"Unknown OS-specific program header: {phdr.type:08x}")
-                hinter.warn(hint)
+                log.warn(f"Unknown OS-specific program header: {phdr.type:08x}")
             elif phdr.type >= PT_LOPROC and phdr.type <= PT_HIPROC:
                 # Unknown machine-specific program header
                 # This is probably a non-Intel ISA.
                 # Most of these are harmless, serving to tell the RTLD
                 # where to find machine-specific metadata
-                hint = Hint(
+                log.warn(
                     f"Unknown machine-specific program header: {phdr.type.value:08x}"
                 )
-                hinter.warn(hint)
             else:
                 # Unknown program header outside the allowed custom ranges
-                hint = Hint(f"Invalid program header: {phdr.type.value:08x}")
-                hinter.warn(hint)
+                log.warn(f"Invalid program header: {phdr.type.value:08x}")
 
         # Compute the final total capacity
         for offset, value in self.items():
@@ -258,6 +261,9 @@ class ElfExecutable(Executable):
             # Or this is PowerPC64 and the entrypoint is gibberish
             self.entrypoint = None
 
+        # Organize dynamic tags
+        self._extract_dtags(elf)
+
         # Organize symbols for later relocation
         self._extract_symbols(elf)
 
@@ -296,7 +302,24 @@ class ElfExecutable(Executable):
                 # This is ARMv7a, as built by gcc.
                 architecture = Architecture.ARM_V7A
             else:
-                raise ConfigurationError(f"Unknown ARM flags: {list(map(hex, flags))}")
+                # The file might be a core dump or some uncommon flavor of ARM.
+                # Fallback to a default if flags are missing.
+                log.warning(
+                    f"No recognized ARM flags found. flags={list(map(hex, flags))}, "
+                    "defaulting to ARM_V7A."
+                )
+                architecture = Architecture.ARM_V7A
+        elif elf.header.machine_type.value == EM_LOONGARCH:
+            if elf.header.identity_class.value == 1:
+                # 32-bit elf
+                raise ConfigurationError("LoongArch32 not supported")
+            elif elf.header.identity_class.value == 2:
+                # 64-bit elf
+                architecture = Architecture.LOONGARCH64
+            else:
+                raise ConfigurationError(
+                    f"Unknown value of ei_class: {hex(elf.header.identity_class.value)}"
+                )
         elif elf.header.machine_type.value == EM_MIPS:
             # Some kind of mips.
             # TODO: There are more parameters than just word size
@@ -420,6 +443,10 @@ class ElfExecutable(Executable):
         ), f"Expected {seg_size:x} bytes, got {seg_value._size:x}"
         self[seg_addr - self.address] = seg_value
 
+    def _extract_dtags(self, elf):
+        for dt in elf.dynamic_entries:
+            self._dtags[dt.tag.value] = dt.value
+
     def _extract_symbols(self, elf):
         lief_to_elf = dict()
 
@@ -435,9 +462,21 @@ class ElfExecutable(Executable):
             # Relative symbols will be relative to the load address
             baseaddr = self.address
 
+        dynsyms = set(elf.dynamic_symbols)
+        idx = 0
+        dynamic = True
         for s in elf.symbols:
+            # Lief lets you access dynamic symbols separately,
+            # but you need to access static symbols through
+            # the list of all symbols
+            if dynamic and s not in dynsyms:
+                idx = 0
+                dynamic = False
+
             # Build a symbol
             sym = ElfSymbol(
+                idx=idx,
+                dynamic=dynamic,
                 name=s.name,
                 type=s.type.value,
                 bind=s.binding.value,
@@ -446,9 +485,14 @@ class ElfExecutable(Executable):
                 value=s.value,
                 size=s.size,
                 baseaddr=baseaddr,
+                defined=(s.shndx != 0),
             )
             # Save the sym, and temporarily tie it to its lief partner
-            self._symbols.append(sym)
+            if dynamic:
+                self._dynamic_symbols.append(sym)
+            else:
+                self._static_symbols.append(sym)
+
             self._syms_by_name.setdefault(sym.name, list()).append(sym)
             lief_to_elf[s] = sym
 
@@ -459,30 +503,20 @@ class ElfExecutable(Executable):
             # All MIPS dynamic symbols have an implicit rela.
             # MIPS dynamic symbols always have a GOT entry;
             # to save space, the ABI just assumes that the rela exists
-
-            # Find the GOT and the number of local entries
-            gotoff = None
-            gotsym = None
-            local_gotno = None
-            for dt in elf.dynamic_entries:
-                if dt.tag.value == DT_MIPS_GOTSYM:
-                    gotsym = dt.value
-                if dt.tag.value == DT_MIPS_LOCAL_GOTNO:
-                    local_gotno = dt.value
-                if dt.tag.value == DT_PLTGOT:
-                    gotoff = dt.value
-                if (
-                    local_gotno is not None
-                    and gotsym is not None
-                    and gotoff is not None
-                ):
-                    break
-
-            if local_gotno is None or gotoff is None or gotsym is None:
-                log.error("MIPS binary missing got information")
+            if (
+                DT_MIPS_GOTSYM not in self._dtags
+                or DT_MIPS_LOCAL_GOTNO not in self._dtags
+                or DT_PLTGOT not in self._dtags
+            ):
+                # GOT is missing... not sure what's up.
+                log.error("MIPS binary missing GOT information")
             else:
                 # We found the GOT info; we're actually a dynamic binary
                 # Figure out the GOT entry size based on arch
+                gotsym = self._dtags[DT_MIPS_GOTSYM]
+                local_gotno = self._dtags[DT_MIPS_LOCAL_GOTNO]
+                gotoff = self._dtags[DT_PLTGOT]
+
                 if self.platform.architecture == Architecture.MIPS32:
                     gotent = 4
                     rela_type = R_MIPS_32
@@ -500,20 +534,35 @@ class ElfExecutable(Executable):
                     sym = lief_to_elf[s]
                     rela = ElfRela(offset=gotoff, type=rela_type, symbol=sym, addend=0)
                     sym.relas.append(rela)
-                    self._relas.append(rela)
+                    self._dynamic_relas.append(rela)
 
                     gotoff += gotent
 
-        for r in elf.relocations:
+        for r in list(elf.dynamic_relocations) + list(elf.pltgot_relocations):
             # Build a rela, and tie it to its symbol
+            # TODO: some relas have no symbols.  Live with it.
+            if r.symbol is None:
+                continue
             sym = lief_to_elf[r.symbol]
             rela = ElfRela(
                 offset=r.address + baseaddr, type=r.type, symbol=sym, addend=r.addend
             )
             sym.relas.append(rela)
-            self._relas.append(rela)
+            self._dynamic_relas.append(rela)
 
-    def _get_symbols(self, name: typing.Union[str, int]) -> typing.List[ElfSymbol]:
+        for r in elf.object_relocations:
+            if r.symbol is None:
+                continue
+            sym = lief_to_elf[r.symbol]
+            rela = ElfRela(
+                offset=r.address + baseaddr, type=r.type, symbol=sym, addend=r.addend
+            )
+            sym.relas.append(rela)
+            self._static_relas.append(rela)
+
+    def _get_symbols(
+        self, name: typing.Union[str, int], dynamic: bool
+    ) -> typing.List[ElfSymbol]:
         if isinstance(name, str):
             # Caller wants to look up a symbol by name
             if name not in self._syms_by_name:
@@ -522,14 +571,30 @@ class ElfExecutable(Executable):
             syms = self._syms_by_name[name]
             return list(syms)
         elif isinstance(name, int):
-            return [self._symbols[name]]
+            if dynamic:
+                return [self._dynamic_symbols[name]]
+            else:
+                return [self._static_symbols[name]]
         else:
             raise TypeError("Symbols must be specified by str names or int indexes")
 
     def get_symbol_value(
-        self, name: typing.Union[str, int], rebase: bool = True
+        self, name: typing.Union[str, int], dynamic: bool = False, rebase: bool = True
     ) -> int:
-        syms = self._get_symbols(name)
+        """Get the value for a symbol
+
+        The value of a symbol is usually an address or offset,
+        although the precise meaning can vary a little.
+
+        Arguments:
+            name: The name of the symbol, or its index into the symbol table
+            dynamic: If specified by index, whether to look in the static or dynamic symbol table
+            rebase: Whether the recorded value is relative to the base address of this ELF.
+
+        Returns:
+            The integer value of this symbol
+        """
+        syms = self._get_symbols(name, dynamic)
         if len(syms) > 1:
             for sym in syms:
                 if sym.value != syms[0].value and sym.baseaddr != syms[0].baseaddr:
@@ -540,8 +605,21 @@ class ElfExecutable(Executable):
             val += syms[0].baseaddr
         return val
 
-    def get_symbol_size(self, name: typing.Union[str, int]):
-        syms = self._get_symbols(name)
+    def get_symbol_size(self, name: typing.Union[str, int], dynamic: bool = False):
+        """Get the size for a symbol
+
+        If a symbol references a function or a data structure,
+        this will hold its size in bytes
+
+        Arguments:
+            name: The name of the symbol, or its index into the symbol table
+            dynamic: If specified by index, whether to look in the static or dynamic symbol table
+            rebase: Whether the recorded value is relative to the base address of this ELF.
+
+        Returns:
+            The size of this symbol
+        """
+        syms = self._get_symbols(name, dynamic)
         if len(syms) > 1:
             for sym in syms:
                 if sym.size != syms[0].size:
@@ -549,12 +627,31 @@ class ElfExecutable(Executable):
         return syms[0].size
 
     def update_symbol_value(
-        self, name: typing.Union[str, int], value: int, rebase: bool = True
+        self,
+        name: typing.Union[str, int, ElfSymbol],
+        value: int,
+        dynamic: bool = False,
+        rebase: bool = True,
     ) -> None:
-        syms = self._get_symbols(name)
-        if len(syms) > 1:
-            raise ConfigurationError(f"Multiple syms named {name}")
-        sym = syms[0]
+        """Update the value of a symbol
+
+        This will alter the value of the symbol,
+        and also propagate that updated value according to any associated relocations.
+
+        Arguments:
+            name: The name of the symbol, its index into the symbol table, or a specific symbol object
+            value: The new value for the symbol
+            dynamic: If specified by index, whether to look in the static or dynamic symbol table
+            rebase: Whether the recorded value is relative to the base address of this ELF.
+        """
+
+        if isinstance(name, ElfSymbol):
+            sym = name
+        else:
+            syms = self._get_symbols(name, dynamic)
+            if len(syms) > 1:
+                raise ConfigurationError(f"Multiple syms named {name}")
+            sym = syms[0]
 
         if rebase:
             # Value provided is absolute; rebase it to the symbol's base address
@@ -563,12 +660,69 @@ class ElfExecutable(Executable):
         # Update the value
         sym.value = value
 
+        # Mark this symbol as defined
+        sym.defined = True
+
         if self._relocator is not None:
             for rela in sym.relas:
                 # Relocate!
+                log.info(f"Relocating {rela}")
                 self._relocator.relocate(self, rela)
         else:
             log.error(f"No platform defined; cannot relocate {name}!")
 
+    def link_elf(self, elf: "ElfExecutable", dynamic: bool = True) -> None:
+        """Link one ELF against another
+
+        This roughly mimics the ELF linker;
+        it looks for undefined symbols in the current file,
+        and tries to populate their values from matching defined symbols
+        from another file.
+
+        Arguments:
+            elf: The ELF from which to draw symbol values
+            dynamic: Whether to link static or dynamic symbols
+        """
+        if dynamic:
+            # Relocate rela.dyn and rela.plt
+            relas = self._dynamic_relas
+        else:
+            # relocate static relocations
+            relas = self._static_relas
+
+        for rela in relas:
+            my_sym = rela.symbol
+            if my_sym.name == "":
+                # This isn't a real symbol
+                continue
+            if my_sym.defined:
+                # This is a defined symbol
+                continue
+
+            try:
+                o_syms = elf._get_symbols(my_sym.name, dynamic)
+            except ConfigurationError:
+                continue
+
+            o_syms = list(filter(lambda x: x.defined, o_syms))
+            if len(o_syms) == 0:
+                continue
+
+            if len(set(map(lambda x: x.value, o_syms))) > 1:
+                # Catch multiple symbols
+                # If they all have the same value, we don't care.
+                log.warning(f"Multiple symbols for {my_sym.name}")
+                continue
+
+            o_sym = o_syms[0]
+            self.update_symbol_value(my_sym, o_sym.value + o_sym.baseaddr, rebase=True)
+
+    def __getstate__(self):
+        # Override the default pickling mechanism.
+        # We can't save any lief data through a copy.
+        state = self.__dict__.copy()
+        state["_elf"] = None
+        return state
+
 
 __all__ = ["ElfExecutable"]