static int _decode_map(AsmFormatPlugin * format, DexHeader * dh, int raw) { int ret = 0; AsmFormatPluginHelper * helper = format->helper; uint32_t size; uint32_t i; off_t offset; DexMapItem dmi; #ifdef DEBUG fprintf(stderr, "DEBUG: %s()\n", __func__); #endif if(helper->seek(helper->format, dh->map_off, SEEK_SET) != dh->map_off) return -1; if(helper->read(helper->format, &size, sizeof(size)) != sizeof(size)) return -1; size = _htol32(size); #ifdef DEBUG fprintf(stderr, "DEBUG: %s() %u items\n", __func__, size); #endif for(i = 0; i < size; i++) { if(helper->read(helper->format, &dmi, sizeof(dmi)) != sizeof(dmi)) return -1; offset = helper->seek(helper->format, 0, SEEK_CUR); dmi.type = _htol16(dmi.type); dmi.size = _htol32(dmi.size); dmi.offset = _htol32(dmi.offset); #ifdef DEBUG fprintf(stderr, "DEBUG: item %u, type 0x%x, size 0x%x@0x%x\n", i, dmi.type, dmi.size, dmi.offset); #endif switch(dmi.type) { case TYPE_CODE_ITEM: ret |= _decode_map_code(format, i, dmi.offset, dmi.size); break; case TYPE_METHOD_ID_ITEM: ret |= _decode_map_method_id(format, dmi.offset, dmi.size); break; case TYPE_STRING_ID_ITEM: ret |= _decode_map_string_id(format, dmi.offset, dmi.size); break; } if(helper->seek(helper->format, offset, SEEK_SET) != offset) return -1; if(ret != 0) break; } return ret; }
static int _exit_32_phdr(AsmFormatPlugin * format, Elf32_Off offset) { AsmFormatPluginHelper * helper = format->helper; Elf * elf = format->priv; ElfArch * ea = elf->arch; Elf32_Ehdr hdr; #ifdef DEBUG fprintf(stderr, "DEBUG: %s()\n", __func__); #endif if(elf->es32_cnt == 0) return 0; if(helper->seek(helper->format, 0, SEEK_SET) != 0) return -1; if(helper->read(helper->format, &hdr, sizeof(hdr)) != sizeof(hdr)) return _elf_error(format); if(ea->endian == ELFDATA2MSB) { hdr.e_shoff = _htob32(offset); hdr.e_shnum = _htob16(elf->es32_cnt + 1); hdr.e_shstrndx = _htob16(elf->es32_cnt); } else { hdr.e_shoff = _htol32(offset); hdr.e_shnum = _htol16(elf->es32_cnt + 1); hdr.e_shstrndx = _htol16(elf->es32_cnt); } if(helper->seek(helper->format, 0, SEEK_SET) != 0) return -1; if(helper->write(helper->format, &hdr, sizeof(hdr)) != sizeof(hdr)) return -1; return 0; }
static int _decode64_strtab(AsmFormatPlugin * format, Elf64_Shdr * shdr, size_t shdr_cnt, uint16_t ndx, char ** strtab, size_t * strtab_cnt) { AsmFormatPluginHelper * helper = format->helper; ssize_t size; if(ndx >= shdr_cnt) return -error_set_code(1, "%s: %s", helper->get_filename(helper->format), "Unable to read the string table"); shdr = &shdr[ndx]; if(helper->seek(helper->format, shdr->sh_offset, SEEK_SET) < 0) return -1; size = sizeof(**strtab) * shdr->sh_size; if((*strtab = malloc(size)) == NULL) return -_elf_error(format); if(helper->read(helper->format, *strtab, size) != size) { free(*strtab); return -1; } *strtab_cnt = shdr->sh_size; return 0; }
static int _decode64_addr(AsmFormatPlugin * format, Elf64_Ehdr * ehdr, Elf64_Addr * addr) { AsmFormatPluginHelper * helper = format->helper; Elf64_Quarter i; Elf64_Phdr phdr; if(helper->seek(helper->format, ehdr->e_phoff, SEEK_SET) < 0) return -1; for(i = 0; i < ehdr->e_phnum; i++) { if(helper->read(helper->format, &phdr, sizeof(phdr)) != sizeof(phdr)) return -1; if(ehdr->e_ident[EI_DATA] != elf_arch_native->endian) _swap_64_phdr(&phdr); if(phdr.p_type == PT_LOAD && phdr.p_flags & (PF_R | PF_X)) { *addr = phdr.p_vaddr; return 0; } } *addr = 0x0; return 0; }
static int _decode64_shdr(AsmFormatPlugin * format, Elf64_Ehdr * ehdr, Elf64_Shdr ** shdr) { AsmFormatPluginHelper * helper = format->helper; ssize_t size; size_t i; if(ehdr->e_shentsize == 0) { *shdr = NULL; return 0; } if(ehdr->e_shentsize != sizeof(**shdr)) return -error_set_code(1, "%s: %s", helper->get_filename(helper->format), "Invalid section header size"); if(helper->seek(helper->format, ehdr->e_shoff, SEEK_SET) < 0) return -1; size = sizeof(**shdr) * ehdr->e_shnum; if((*shdr = malloc(size)) == NULL) return -_elf_error(format); if(helper->read(helper->format, *shdr, size) != size) { free(*shdr); return -1; } if(ehdr->e_ident[EI_DATA] != elf_arch_native->endian) for(i = 0; i < ehdr->e_shnum; i++) _swap_64_shdr(*shdr + i); return 0; }
static int _exit_64_phdr(AsmFormatPlugin * format, Elf64_Off offset) { AsmFormatPluginHelper * helper = format->helper; Elf * elf = format->priv; ElfArch * ea = elf->arch; Elf64_Ehdr hdr; if(elf->es64_cnt == 0) return 0; if(helper->seek(helper->format, 0, SEEK_SET) != 0) return -1; if(helper->read(helper->format, &hdr, sizeof(hdr)) != sizeof(hdr)) return -1; if(ea->endian == ELFDATA2MSB) { hdr.e_shoff = _htob64(offset); hdr.e_shnum = _htob16(elf->es64_cnt); hdr.e_shstrndx = _htob16(elf->es64_cnt - 1); } else { hdr.e_shoff = _htol64(offset); hdr.e_shnum = _htol16(elf->es64_cnt); hdr.e_shstrndx = _htol16(elf->es64_cnt - 1); } if(helper->seek(helper->format, 0, SEEK_SET) != 0) return -1; if(helper->write(helper->format, &hdr, sizeof(hdr)) != sizeof(hdr)) return -1; return 0; }
/* elf_detect */ static char const * _elf_detect(AsmFormatPlugin * format) { AsmFormatPluginHelper * helper = format->helper; char const * ret; union { Elf32_Ehdr ehdr32; Elf64_Ehdr ehdr64; } ehdr; if(helper->seek(helper->format, 0, SEEK_SET) != 0) return NULL; if(helper->read(helper->format, &ehdr, sizeof(ehdr)) != sizeof(ehdr)) return NULL; switch(ehdr.ehdr32.e_ident[EI_CLASS]) { case ELFCLASS32: if((ret = elf32_detect(format, &ehdr.ehdr32)) != NULL) format->decode = elf32_decode; break; case ELFCLASS64: if((ret = elf64_detect(format, &ehdr.ehdr64)) != NULL) format->decode = elf64_decode; break; default: ret = NULL; error_set_code(1, "%s: %s 0x%x\n", helper->get_filename(helper->format), "Unsupported ELF class", ehdr.ehdr32.e_ident[EI_CLASS]); break; } return ret; }
static int _elf_decode32(AsmFormatPlugin * format, int raw) { AsmFormatPluginHelper * helper = format->helper; Elf32_Ehdr ehdr; Elf32_Shdr * shdr = NULL; Elf32_Addr base = 0x0; char * shstrtab = NULL; size_t shstrtab_cnt = 0; size_t i; #ifdef DEBUG fprintf(stderr, "DEBUG: %s() \"%s\"\n", __func__, helper->get_filename(helper->format)); #endif if(helper->seek(helper->format, 0, SEEK_SET) != 0 || helper->read(helper->format, &ehdr, sizeof(ehdr)) != sizeof(ehdr)) return -1; if(ehdr.e_ident[EI_DATA] != elf_arch_native->endian) _swap_32_ehdr(&ehdr); if(_decode32_shdr(format, &ehdr, &shdr) != 0) return -1; if(_decode32_addr(format, &ehdr, &base) != 0 || _decode32_strtab(format, shdr, ehdr.e_shnum, ehdr.e_shstrndx, &shstrtab, &shstrtab_cnt) != 0) { free(shdr); return -1; } for(i = 0; i < ehdr.e_shnum; i++) if(shdr[i].sh_type == SHT_SYMTAB) { /* XXX ignore errors? */ _decode32_symtab(format, &ehdr, shdr, ehdr.e_shnum, i); break; } for(i = 0; i < ehdr.e_shnum; i++) { if(shdr[i].sh_name >= shstrtab_cnt) continue; if((raw || (shdr[i].sh_type == SHT_PROGBITS && shdr[i].sh_flags & SHF_EXECINSTR)) && helper->set_section(helper->format, i, &shstrtab[shdr[i].sh_name], shdr[i].sh_offset, shdr[i].sh_size, base + shdr[i].sh_offset) < 0) break; } free(shstrtab); free(shdr); return (i == ehdr.e_shnum) ? 0 : -1; }
static int _decode64_symtab(AsmFormatPlugin * format, Elf64_Ehdr * ehdr, Elf64_Shdr * shdr, size_t shdr_cnt, uint16_t ndx) { AsmFormatPluginHelper * helper = format->helper; char * strtab = NULL; size_t strtab_cnt = 0; Elf64_Sym sym; size_t i; off_t offset; #ifdef DEBUG fprintf(stderr, "DEBUG: %s()\n", __func__); #endif if(ndx >= shdr_cnt || shdr[ndx].sh_entsize != sizeof(sym)) return -1; if(_decode64_strtab(format, shdr, shdr_cnt, shdr[ndx].sh_link, &strtab, &strtab_cnt) != 0) return -1; /* read and process symbols */ if((offset = helper->seek(helper->format, shdr[ndx].sh_offset, SEEK_SET)) < 0 || (unsigned long)offset != shdr[ndx].sh_offset) { free(strtab); return -1; } for(i = 0; i * sizeof(sym) < shdr[ndx].sh_size; i++) if(helper->read(helper->format, &sym, sizeof(sym)) != sizeof(sym)) break; else if(sym.st_name >= strtab_cnt) break; else if(ELF64_ST_TYPE(sym.st_info) == STT_FUNC) { offset = -1; if(ehdr->e_type == ET_REL || ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN) offset = sym.st_value; /* record the function */ helper->set_function(helper->format, i, &strtab[sym.st_name], offset, sym.st_size); } if(i * sizeof(sym) != shdr[ndx].sh_size) { free(strtab); return -1; } return 0; }
static int _decode_map_string_id(AsmFormatPlugin * format, off_t offset, size_t size) { AsmFormatPluginHelper * helper = format->helper; DexStringIdItem * dsii; ssize_t s; size_t i; uint8_t u8; #ifdef DEBUG fprintf(stderr, "DEBUG: %s(%ld, %lu)\n", __func__, offset, size); #endif if(helper->seek(helper->format, offset, SEEK_SET) != offset) return -1; s = sizeof(*dsii) * size; if((dsii = malloc(s)) == NULL) return -error_set_code(1, "%s", strerror(errno)); if(helper->read(helper->format, dsii, s) != s) return -1; for(i = 0; i < size; i++) { dsii[i].string_data_off = _htol32(dsii[i].string_data_off); offset = dsii[i].string_data_off; if(helper->seek(helper->format, offset, SEEK_SET) != offset) break; if(helper->read(helper->format, &u8, sizeof(u8)) != sizeof(u8)) break; #ifdef DEBUG fprintf(stderr, "DEBUG: %s() string %lu offset 0x%lx len %u\n", __func__, i, offset, u8); #endif helper->set_string(helper->format, i, NULL, offset + 1, u8); } free(dsii); return (i == size) ? 0 : -1; }
static int _dex_decode(AsmFormatPlugin * format, int raw) { AsmFormatPluginHelper * helper = format->helper; DexHeader dh; #ifdef DEBUG fprintf(stderr, "DEBUG: %s(%d)\n", __func__, raw); #endif if(helper->seek(helper->format, 0, SEEK_SET) != 0) return -1; if(helper->read(helper->format, &dh, sizeof(dh)) != sizeof(dh)) return -1; dh.map_off = _htol32(dh.map_off); if(_decode_map(format, &dh, raw) != 0) return -1; return 0; }
/* dex_decode_uleb128 */ static int _dex_decode_uleb128(AsmFormatPlugin * format, uint32_t * u32) { AsmFormatPluginHelper * helper = format->helper; uint32_t ret = 0; size_t i; unsigned char c; for(i = 0; i < 5; i++) { if(helper->read(helper->format, &c, sizeof(c)) != sizeof(c)) return -1; ret |= ((c & 0x7f) << (7 * i)); if((c & 0x80) != 0x80) break; } *u32 = ret; return 0; }
static int _decode_map_method_id(AsmFormatPlugin * format, off_t offset, size_t size) { AsmFormatPluginHelper * helper = format->helper; Dex * dex = format; ssize_t s; size_t i; AsmString * string; char const * name; #ifdef DEBUG fprintf(stderr, "DEBUG: %s(%ld, %lu)\n", __func__, offset, size); #endif if(dex->dmii != NULL) return 0; /* already parsed */ if(helper->seek(helper->format, offset, SEEK_SET) != offset) return -1; s = sizeof(*dex->dmii) * size; if((dex->dmii = malloc(s)) == NULL) return -error_set_code(1, "%s", strerror(errno)); if(helper->read(helper->format, dex->dmii, s) != s) return -1; for(i = 0; i < size; i++) { dex->dmii[i].class_idx = _htol16(dex->dmii[i].class_idx); dex->dmii[i].proto_idx = _htol16(dex->dmii[i].proto_idx); dex->dmii[i].name_idx = _htol32(dex->dmii[i].name_idx); if((string = helper->get_string_by_id(helper->format, dex->dmii[i].name_idx)) != NULL) name = string->name; else /* XXX report error? */ name = NULL; helper->set_function(helper->format, i, name, -1, -1); } dex->dmii_cnt = size; return 0; }
static char const * _elf_detect(AsmFormatPlugin * format) { AsmFormatPluginHelper * helper = format->helper; union { Elf32_Ehdr ehdr32; Elf64_Ehdr ehdr64; } ehdr; if(helper->seek(helper->format, 0, SEEK_SET) != 0) return NULL; if(helper->read(helper->format, &ehdr, sizeof(ehdr)) != sizeof(ehdr)) return NULL; switch(ehdr.ehdr32.e_ident[EI_CLASS]) { case ELFCLASS32: return _detect_32(format, &ehdr.ehdr32); case ELFCLASS64: return _detect_64(format, &ehdr.ehdr64); } error_set_code(1, "%s: %s 0x%x\n", helper->get_filename(helper->format), "Unsupported ELF class", ehdr.ehdr32.e_ident[EI_CLASS]); return NULL; }
/* dex_decode_section */ static int _dex_decode_section(AsmFormatPlugin * format, AsmSection * section, AsmArchInstructionCall ** calls, size_t * calls_cnt) { AsmFormatPluginHelper * helper = format->helper; DexMapCodeItem dmci; size_t i; off_t seek; AsmFunction * f; size_t j; DexMapTryItem dmti; ssize_t s; uint32_t u32; int32_t s32; uint32_t v32; #ifdef DEBUG fprintf(stderr, "DEBUG: %s()\n", __func__); #endif if(helper->seek(helper->format, section->offset, SEEK_SET) != section->offset) return -1; for(i = 0; i < section->size; i++) { s = sizeof(dmci); if(helper->read(helper->format, &dmci, s) != s) return -1; dmci.registers_size = _htol16(dmci.registers_size); dmci.ins_size = _htol16(dmci.ins_size); dmci.outs_size = _htol16(dmci.outs_size); dmci.tries_size = _htol16(dmci.tries_size); dmci.debug_info_off = _htol32(dmci.debug_info_off); dmci.insns_size = _htol32(dmci.insns_size); seek = helper->seek(helper->format, 0, SEEK_CUR); if(helper->decode(helper->format, seek, dmci.insns_size * 2, seek, calls, calls_cnt) != 0) return -1; /* update the corresponding function offset */ if((f = helper->get_function_by_id(helper->format, i)) != NULL) /* XXX not very optimal */ helper->set_function(helper->format, i, f->name, seek, dmci.insns_size * 2); /* skip padding and try_items */ seek = (dmci.insns_size & 0x1) == 0x1 ? 2 : 0; #ifdef DEBUG fprintf(stderr, "DEBUG: code item %lu/%lu, offset 0x%lx" ", registers 0x%x, size 0x%x, debug @0x%x" ", tries 0x%x, seek 0x%lx\n", i, section->size, helper->seek(helper->format, 0, SEEK_CUR), dmci.registers_size, dmci.insns_size, dmci.debug_info_off, dmci.tries_size, seek); #endif if(seek != 0 && helper->seek(helper->format, seek, SEEK_CUR) < 0) return -1; if(dmci.tries_size > 0) { for(j = 0; j < dmci.tries_size; j++) { s = sizeof(dmti); if(helper->read(helper->format, &dmti, s) != s) return -1; dmti.start_addr = _htol32(dmti.start_addr); dmti.insn_count = _htol16(dmti.insn_count); dmti.handler_off = _htol16(dmti.handler_off); #ifdef DEBUG fprintf(stderr, "DEBUG: start 0x%x," " insn_count 0x%x," " handler_off 0x%x\n", dmti.start_addr, dmti.insn_count, dmti.handler_off); #endif } /* encoded catch handler */ /* list size */ if(_dex_decode_uleb128(format, &u32) != 0) return -1; for(; u32 > 0; u32--) { /* handler size */ if(_dex_decode_sleb128(format, &s32) != 0) return -1; /* address pairs */ for(j = abs(s32); j > 0; j--) { if(_dex_decode_uleb128(format, &v32) != 0) return -1; if(_dex_decode_uleb128(format, &v32) != 0) return -1; } /* catch-all address */ if(s32 <= 0 && _dex_decode_uleb128(format, &v32) != 0) return -1; } /* ensure alignment on 4 bytes */ seek = helper->seek(helper->format, 0, SEEK_CUR); if((seek = (4 - (seek & 0x3)) & 0x3) != 0) helper->seek(helper->format, seek, SEEK_CUR); } } return 0; }