int main(int argc, char *argv[]) {
Diagnostics::initialize();
::mlog = Diagnostics::Facility("tool", Diagnostics::destination);
Diagnostics::mfacilities.insertAndAdjust(::mlog);
// Parse the command-line
Partitioner2::Engine engine;
std::vector<std::string> specimenNames = parseCommandLine(argc, argv, engine);
if (specimenNames.empty())
throw std::runtime_error("no specimen specified; see --help");
// Load specimen into memory
MemoryMap map = engine.loadSpecimens(specimenNames);
// Configure instruction semantics
Partitioner2::Partitioner partitioner = engine.createPartitioner();
Disassembler *disassembler = engine.obtainDisassembler();
const RegisterDictionary *regdict = disassembler->get_registers();
if (disassembler->dispatcher() == NULL)
throw std::runtime_error("no instruction semantics for this architecture");
BaseSemantics::RiscOperatorsPtr ops = InstructionSemantics2::ConcreteSemantics::RiscOperators::instance(regdict);
BaseSemantics::DispatcherPtr cpu = disassembler->dispatcher()->create(ops);
ConcreteSemantics::MemoryState::promote(ops->currentState()->memoryState())->memoryMap(map);
// Find starting address
rose_addr_t va = 0;
if (settings.startVa) {
va = *settings.startVa;
} else if (engine.isaName() == "coldfire") {
// Use the interrupt vector to initialize the stack pointer and instruction pointer.
uint32_t sp, ip;
if (4 != map.at(0).limit(4).read((uint8_t*)&sp).size())
throw std::runtime_error("cannot read stack pointer at address 0x00000000");
ops->writeRegister(disassembler->stackPointerRegister(), ops->number_(32, ByteOrder::be_to_host(sp)));
if (4 != map.at(4).limit(4).read((uint8_t*)&ip).size())
throw std::runtime_error("cannot read instruction pointer at address 0x00000004");
va = ByteOrder::be_to_host(ip);
} else if (!map.atOrAfter(0).require(MemoryMap::EXECUTABLE).next().assignTo(va)) {
throw std::runtime_error("no starting address specified and none marked executable");
}
ops->writeRegister(disassembler->instructionPointerRegister(), ops->number_(32, va));
// Execute
map.dump(::mlog[INFO]);
while (1) {
va = ops->readRegister(disassembler->instructionPointerRegister())->get_number();
SgAsmInstruction *insn = partitioner.instructionProvider()[va];
SAWYER_MESG(::mlog[TRACE]) <<unparseInstructionWithAddress(insn, NULL, regdict) <<"\n";
try {
cpu->processInstruction(insn);
} catch (const BaseSemantics::Exception &e) {
::mlog[WARN] <<e <<"\n";
}
}
// std::cout <<"Final state:\n";
// std::cout <<*ops->currentState();
}
int
main(int argc, char *argv[]) {
//! [commandline]
ROSE_INITIALIZE; // see rose::initialize
std::string purpose = "finds static strings in a binary specimen";
std::string description =
"This tool disassembles a binary specimen and then scans the "
"read-only parts of memory to find static strings. It looks for "
"C-style NUL-termianted printable ASCII strings, zero-terminated "
"UTF-16 little-endian strings, two-byte little-endian length-encoded "
"ASCII strings, and some other common formats.";
Partitioner2::Engine engine;
std::vector<std::string> specimen =
engine.parseCommandLine(argc, argv, purpose, description).unreachedArgs();
//! [commandline]
//! [load]
MemoryMap map = engine.loadSpecimens(specimen);
ByteOrder::Endianness sex = engine.obtainDisassembler()->get_sex();
//! [load]
//! [analysis]
Strings::StringFinder finder; // the string analyzer
finder.settings().minLength = 5; // no strings shorter than 5 characters
finder.settings().maxLength = 8192; // no strings longer than 8k characters
finder.insertCommonEncoders(sex); // match common encodings of strings
finder.find(map.require(MemoryMap::READABLE).prohibit(MemoryMap::WRITABLE));
//! [analysis]
//! [output]
// Output, or just do "std::cout <<finder" if you're not picky.
BOOST_FOREACH (const Strings::EncodedString &string, finder.strings()) {
std::cout <<"string at " <<string.address() <<" for " <<string.size() <<" bytes\n";
std::cout <<"encoding: " <<string.encoder()->name() <<"\n";
std::cout <<"narrow value: \"" <<StringUtility::cEscape(string.narrow()) <<"\"\n";
}
//! [output]
}