elf_analy.cc

功能较全面的反汇编器：反汇编器ht-2.0.15.tar.gz

						if (demangled) free(demangled);
						addComment(address, 0, "");
						addComment(address, 0, ";********************************************************");
						addComment(address, 0, elf_buffer);
						addComment(address, 0, ";********************************************************");
						pushAddress(address, address);
						assignSymbol(address, label, label_func);
					}
					delete address;
				}
				break;
			}
			case ELF_STT_OBJECT: {
				char *label = name;
				if (!getSymbolByName(label)) {
					Address *address = createAddress64(sym.st_value);
					char *demangled = cplus_demangle(label, DMGL_PARAMS | DMGL_ANSI);
					if (!demangled) demangled = cplus_demangle_v3(label, DMGL_PARAMS | DMGL_ANSI | DMGL_TYPES);

					make_valid_name(label, label);

					ht_snprintf(elf_buffer, sizeof elf_buffer, "; data object %s, size %qd (%s)", (demangled) ? demangled : label, sym.st_size, bind);

					free(demangled);

					addComment(address, 0, "");
					addComment(address, 0, ";********************************************************");
					addComment(address, 0, elf_buffer);
					addComment(address, 0, ";********************************************************");
					assignSymbol(address, label, label_data);

					delete address;
				}
				break;
			}
			case ELF_STT_SECTION:
			case ELF_STT_FILE:
				break;
			}
			free(name);
		}
		if (entropy) free(entropy);
	}
}

/*
 *
 */
void ElfAnalyser::load(ObjectStream &f)
{
    	GET_OBJECT(f, validarea);
	Analyser::load(f);
}

/*
 *
 */
void ElfAnalyser::done()
{
	validarea->done();
	delete validarea;
	Analyser::done();
}

ObjectID ElfAnalyser::getObjectID() const
{
	return ATOM_ELF_ANALYSER;
}

/*
 *
 */
uint ElfAnalyser::bufPtr(Address *Addr, byte *buf, int size)
{
	FileOfs ofs = addressToFileofs(Addr);
/*     if (ofs == INVALID_FILE_OFS) {
		int as = 1;
	}*/
	assert(ofs != INVALID_FILE_OFS);
	file->seek(ofs);
	return file->read(buf, size);
}

bool ElfAnalyser::convertAddressToELFAddress(Address *addr, ELFAddress *r)
{
	if (addr->getObjectID()==ATOM_ADDRESS_FLAT_32) {
		r->a32 = ((AddressFlat32*)addr)->addr;
		return true;
	} else if (addr->getObjectID()==ATOM_ADDRESS_X86_FLAT_32) {
		r->a32 = ((AddressX86Flat32*)addr)->addr;
		return true;
	} else if (addr->getObjectID()==ATOM_ADDRESS_FLAT_64) {
		r->a64 = ((AddressFlat64*)addr)->addr;
		return true;
	} else {
		return false;
	}
}

Address *ElfAnalyser::createAddress()
{
	switch (elf_shared->ident.e_ident[ELF_EI_CLASS]) {
			case ELFCLASS32: {
				switch (elf_shared->header32.e_machine) {
					case ELF_EM_386:
						return new AddressX86Flat32();
				}
				return new AddressFlat32();
			}
			case ELFCLASS64: {
/*				switch (elf_shared->header32.e_machine) {
					case ELF_EM_386:
						return new AddressX86Flat32(0);
				}*/
				return new AddressFlat64();
			}
	}
	return new AddressFlat32();
}

Address *ElfAnalyser::createAddress32(uint32 addr)
{
	switch (elf_shared->header32.e_machine) {
		case ELF_EM_386:
			return new AddressX86Flat32(addr);
	}
	return new AddressFlat32(addr);
}

Address *ElfAnalyser::createAddress64(uint64 addr)
{
	return new AddressFlat64(addr);
}

/*
 *
 */
Assembler *ElfAnalyser::createAssembler()
{
	switch (elf_shared->ident.e_ident[ELF_EI_CLASS]) {
	case ELFCLASS32:
		switch (elf_shared->header32.e_machine) {
		case ELF_EM_386:
			Assembler *a = new x86asm(X86_OPSIZE32, X86_ADDRSIZE32);
			a->init();
			return a;
		}
	case ELFCLASS64:
		switch (elf_shared->header64.e_machine) {
		case ELF_EM_X86_64:
			Assembler *a = new x86_64asm();
			a->init();
			return a;
		}
	}
	return NULL;
}

/*
 *
 */
FileOfs ElfAnalyser::addressToFileofs(Address *Addr)
{
	if (validAddress(Addr, scinitialized)) {
		FileOfs ofs;
		ELFAddress ea;
		if (!convertAddressToELFAddress(Addr, &ea)) return INVALID_FILE_OFS;
		if (!elf_addr_to_ofs(&elf_shared->sheaders, elf_shared->ident.e_ident[ELF_EI_CLASS], ea, &ofs)) return INVALID_FILE_OFS;
		return ofs;
	} else {
		return INVALID_FILE_OFS;
	}
}

/*
 *
 */

const char *ElfAnalyser::getSegmentNameByAddress(Address *Addr)
{
	static char elf_sectionname[33];
	elf_section_headers *sections=&elf_shared->sheaders;
	int i;
	ELFAddress ea;
	if (!convertAddressToELFAddress(Addr, &ea)) return NULL;
	if (!elf_addr_to_section(sections, elf_shared->ident.e_ident[ELF_EI_CLASS], ea, &i)) return NULL;
	if (i == elf_shared->fake_undefined_shidx) {
		strcpy(elf_sectionname, "$$HT_FAKE$$");
	} else {
		ht_strlcpy(elf_sectionname, elf_shared->shnames[i], sizeof elf_sectionname);
	}
	return elf_sectionname;
}

/*
 *
 */
String &ElfAnalyser::getName(String &res)
{
	return file->getDesc(res);
}

/*
 *
 */
const char *ElfAnalyser::getType()
{
	return "ELF/Analyser";
}

/*
 *
 */
void ElfAnalyser::initCodeAnalyser()
{
	Analyser::initCodeAnalyser();
}

/*
 *
 */
void ElfAnalyser::initUnasm()
{
	DPRINTF("elf_analy: ");
	int machine = 0;
	bool elf64 = false;
	switch (elf_shared->ident.e_ident[ELF_EI_CLASS]) {
		case ELFCLASS32: machine = elf_shared->header32.e_machine; break;
		case ELFCLASS64: machine = elf_shared->header64.e_machine; elf64 = true; break;
	}
	switch (machine) {
	case ELF_EM_386:
		DPRINTF("initing analy_x86_disassembler\n");
		analy_disasm = new AnalyX86Disassembler();
		((AnalyX86Disassembler*)analy_disasm)->init(this, elf64 ? ANALYX86DISASSEMBLER_FLAGS_FLAT64 : 0);
		break;
	case ELF_EM_X86_64:
		if (elf_shared->ident.e_ident[ELF_EI_CLASS] != ELFCLASS64) {
			errorbox("x86_64 cant be used in a 32-Bit ELF.");
		} else {
			analy_disasm = new AnalyX86Disassembler();
			((AnalyX86Disassembler*)analy_disasm)->init(this, ANALYX86DISASSEMBLER_FLAGS_AMD64 | ANALYX86DISASSEMBLER_FLAGS_FLAT64);
		}
		break;
	case ELF_EM_IA_64: // Intel ia64
		if (elf_shared->ident.e_ident[ELF_EI_CLASS] != ELFCLASS64) {
			errorbox("Intel IA64 cant be used in a 32-Bit ELF.");
		} else {
			analy_disasm = new AnalyIA64Disassembler();
			((AnalyIA64Disassembler*)analy_disasm)->init(this);
		}
		break;
	case ELF_EM_PPC: // PowerPC
		if (elf_shared->ident.e_ident[ELF_EI_CLASS] != ELFCLASS32) {
			errorbox("PowerPC32 cant be used in a 64-Bit ELF.");
		} else {
			DPRINTF("initing analy_ppc_disassembler\n");
			analy_disasm = new AnalyPPCDisassembler();
			((AnalyPPCDisassembler*)analy_disasm)->init(this, ANALY_PPC_32);
		}
		break;
	case ELF_EM_PPC64: // PowerPC64
		if (elf_shared->ident.e_ident[ELF_EI_CLASS] != ELFCLASS64) {
			errorbox("PowerPC64 cant be used in a 32-Bit ELF.");
		} else {
			DPRINTF("initing analy_ppc_disassembler\n");
			analy_disasm = new AnalyPPCDisassembler();
			((AnalyPPCDisassembler*)analy_disasm)->init(this, ANALY_PPC_64);
		}
		break;
        case ELF_EM_ARM: // Arm
                if (elf_shared->ident.e_ident[ELF_EI_CLASS] != ELFCLASS32) {
                        errorbox("ARM cant be used in a 64-Bit ELF.");
                } else {
                        DPRINTF("initing analy_arm_disassembler\n");
                        analy_disasm = new AnalyArmDisassembler();
                        ((AnalyArmDisassembler*)analy_disasm)->init(this);
                }
                break;
	default:
		DPRINTF("no apropriate disassembler for machine %04x\n", machine);
		warnbox("No disassembler for unknown machine type %04x!", machine);
	}
}

/*
 *
 */
Address *ElfAnalyser::nextValid(Address *Addr)
{
	return (Address *)validarea->findNext(Addr);
}

/*
 *
 */
void ElfAnalyser::store(ObjectStream &f) const
{
	PUT_OBJECT(f, validarea);
	Analyser::store(f);
}

/*
 *
 */
int ElfAnalyser::queryConfig(int mode)
{
	switch (mode) {
		case Q_DO_ANALYSIS:
		case Q_ENGAGE_CODE_ANALYSER:
		case Q_ENGAGE_DATA_ANALYSER:
			return true;
		default:
			return 0;
	}
}

/*
 *
 */
Address *ElfAnalyser::fileofsToAddress(FileOfs fileofs)
{
	ELFAddress ea;
	if (elf_ofs_to_addr(&elf_shared->sheaders, elf_shared->ident.e_ident[ELF_EI_CLASS], fileofs, &ea)) {
		switch (elf_shared->ident.e_ident[ELF_EI_CLASS]) {
			case ELFCLASS32: return createAddress32(ea.a32);
			case ELFCLASS64: return createAddress64(ea.a64);
		}
		return new InvalidAddress();
	} else {
		return new InvalidAddress();
	}
}

/*
 *
 */
bool ElfAnalyser::validAddress(Address *Addr, tsectype action)
{
	elf_section_headers *sections=&elf_shared->sheaders;
	int sec;
	byte cls = elf_shared->ident.e_ident[ELF_EI_CLASS];
	ELFAddress ea;
	if (!convertAddressToELFAddress(Addr, &ea)) return false;
	if (!elf_addr_to_section(sections, cls, ea, &sec)) return false;
	switch (cls) {
	case ELFCLASS32: {
		ELF_SECTION_HEADER32 *s = sections->sheaders32 + sec;
		switch (action) {
		case scvalid:
			return true;
		case scread:
			return true;
		case scwrite:
		case screadwrite:
			return s->sh_flags & ELF_SHF_WRITE;
		case sccode:
			return (s->sh_flags & ELF_SHF_EXECINSTR) && (s->sh_type == ELF_SHT_PROGBITS);
		case scinitialized:
			return s->sh_type==ELF_SHT_PROGBITS;
		}
		return false;
	}
	case ELFCLASS64: {
		ELF_SECTION_HEADER64 *s = sections->sheaders64 + sec;
		switch (action) {
		case scvalid:
			return true;
		case scread:
			return true;
		case scwrite:
		case screadwrite:
			return s->sh_flags & ELF_SHF_WRITE;
		case sccode:
			return (s->sh_flags & ELF_SHF_EXECINSTR) && (s->sh_type == ELF_SHT_PROGBITS);
		case scinitialized:
			return s->sh_type==ELF_SHT_PROGBITS;
		}
		return false;
	}
	}
	return false;
}