diff --git a/.gitattributes b/.gitattributes
index 7d1f9d1d83bc45b108fd4d5861d29fb293542097..55a7c531ebca821df0780c944d837a5898a03f76 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -211,6 +211,10 @@ libIRDB/include/core/archdesc.hpp -text
libIRDB/include/core/baseobj.hpp -text
libIRDB/include/core/basetypes.hpp -text
libIRDB/include/core/dbinterface.hpp -text
+libIRDB/include/core/decode.hpp -text
+libIRDB/include/core/decode_bea.hpp -text
+libIRDB/include/core/decode_cs.hpp -text
+libIRDB/include/core/decode_meta.hpp -text
libIRDB/include/core/doip.hpp -text
libIRDB/include/core/eh.hpp -text
libIRDB/include/core/file.hpp -text
@@ -218,21 +222,16 @@ libIRDB/include/core/fileir.hpp -text
libIRDB/include/core/function.hpp -text
libIRDB/include/core/icfs.hpp -text
libIRDB/include/core/instruction.hpp -text
+libIRDB/include/core/operand_bea.hpp -text
+libIRDB/include/core/operand_cs.hpp -text
+libIRDB/include/core/operand_meta.hpp -text
libIRDB/include/core/pqxxdb.hpp -text
libIRDB/include/core/reloc.hpp -text
libIRDB/include/core/scoop.hpp -text
libIRDB/include/core/type.hpp -text
libIRDB/include/core/variantid.hpp -text
-libIRDB/include/decode/decode.hpp -text
-libIRDB/include/decode/decode_bea.hpp -text
-libIRDB/include/decode/decode_cs.hpp -text
-libIRDB/include/decode/decode_meta.hpp -text
-libIRDB/include/decode/operand_bea.hpp -text
-libIRDB/include/decode/operand_cs.hpp -text
-libIRDB/include/decode/operand_meta.hpp -text
libIRDB/include/libIRDB-cfg.hpp -text
libIRDB/include/libIRDB-core.hpp -text
-libIRDB/include/libIRDB-decode.hpp -text
libIRDB/include/libIRDB-syscall.hpp -text
libIRDB/include/libIRDB-util.hpp -text
libIRDB/include/syscall/syscall.hpp -text
@@ -256,6 +255,9 @@ libIRDB/src/core/address.cpp -text
libIRDB/src/core/all.hpp -text
libIRDB/src/core/baseobj.cpp -text
libIRDB/src/core/dbinterface.cpp -text
+libIRDB/src/core/decode_bea.cpp -text
+libIRDB/src/core/decode_cs.cpp -text
+libIRDB/src/core/decode_meta.cpp -text
libIRDB/src/core/eh.cpp -text
libIRDB/src/core/file.cpp -text
libIRDB/src/core/fileir.cpp -text
@@ -263,18 +265,14 @@ libIRDB/src/core/function.cpp -text
libIRDB/src/core/generate_spri.cpp -text
libIRDB/src/core/icfs.cpp -text
libIRDB/src/core/instruction.cpp -text
+libIRDB/src/core/operand_bea.cpp -text
+libIRDB/src/core/operand_cs.cpp -text
+libIRDB/src/core/operand_meta.cpp -text
libIRDB/src/core/pqxxdb.cpp -text
libIRDB/src/core/reloc.cpp -text
libIRDB/src/core/scoop.cpp -text
libIRDB/src/core/type.cpp -text
libIRDB/src/core/variantid.cpp -text
-libIRDB/src/decode/SConscript -text
-libIRDB/src/decode/decode_bea.cpp -text
-libIRDB/src/decode/decode_cs.cpp -text
-libIRDB/src/decode/decode_meta.cpp -text
-libIRDB/src/decode/operand_bea.cpp -text
-libIRDB/src/decode/operand_cs.cpp -text
-libIRDB/src/decode/operand_meta.cpp -text
libIRDB/src/syscall/Makefile.in -text
libIRDB/src/syscall/SConscript -text
libIRDB/src/syscall/SConstruct -text
diff --git a/libIRDB/include/decode/decode.hpp b/libIRDB/include/core/decode.hpp
similarity index 81%
rename from libIRDB/include/decode/decode.hpp
rename to libIRDB/include/core/decode.hpp
index 41e23126c77706bb7e6492cb648338dc76cce1e3..5970fc5f75521e09589ca4ab5f44b9883d20f982 100644
--- a/libIRDB/include/decode/decode.hpp
+++ b/libIRDB/include/core/decode.hpp
@@ -2,8 +2,8 @@
#define libdecode_decode_hpp
-#include <decode/decode_meta.hpp>
-#include <decode/operand_meta.hpp>
+#include <core/decode_meta.hpp>
+#include <core/operand_meta.hpp>
namespace libIRDB
diff --git a/libIRDB/include/decode/decode_bea.hpp b/libIRDB/include/core/decode_bea.hpp
similarity index 100%
rename from libIRDB/include/decode/decode_bea.hpp
rename to libIRDB/include/core/decode_bea.hpp
diff --git a/libIRDB/include/decode/decode_cs.hpp b/libIRDB/include/core/decode_cs.hpp
similarity index 100%
rename from libIRDB/include/decode/decode_cs.hpp
rename to libIRDB/include/core/decode_cs.hpp
diff --git a/libIRDB/include/decode/decode_meta.hpp b/libIRDB/include/core/decode_meta.hpp
similarity index 92%
rename from libIRDB/include/decode/decode_meta.hpp
rename to libIRDB/include/core/decode_meta.hpp
index 468cddbc4a501e5e38ba96cece675e66660ea19f..8937fd869c10219d774e80bbc3fc4fd1000e155d 100644
--- a/libIRDB/include/decode/decode_meta.hpp
+++ b/libIRDB/include/core/decode_meta.hpp
@@ -3,10 +3,10 @@
#include <stdint.h>
#include <vector>
-#include <decode/decode_bea.hpp>
-#include <decode/operand_bea.hpp>
-#include <decode/decode_cs.hpp>
-#include <decode/operand_cs.hpp>
+#include <core/decode_bea.hpp>
+#include <core/operand_bea.hpp>
+#include <core/decode_cs.hpp>
+#include <core/operand_cs.hpp>
namespace libIRDB
{
diff --git a/libIRDB/include/decode/operand_bea.hpp b/libIRDB/include/core/operand_bea.hpp
similarity index 100%
rename from libIRDB/include/decode/operand_bea.hpp
rename to libIRDB/include/core/operand_bea.hpp
diff --git a/libIRDB/include/decode/operand_cs.hpp b/libIRDB/include/core/operand_cs.hpp
similarity index 100%
rename from libIRDB/include/decode/operand_cs.hpp
rename to libIRDB/include/core/operand_cs.hpp
diff --git a/libIRDB/include/decode/operand_meta.hpp b/libIRDB/include/core/operand_meta.hpp
similarity index 95%
rename from libIRDB/include/decode/operand_meta.hpp
rename to libIRDB/include/core/operand_meta.hpp
index 3ec2cdfad3d03a36e0c9b420993ddb5bbae2aacf..43dad4017de719daa290da2725002cd4158f16b6 100644
--- a/libIRDB/include/decode/operand_meta.hpp
+++ b/libIRDB/include/core/operand_meta.hpp
@@ -1,8 +1,8 @@
#ifndef libRIDB_decodedoperandmeta_hpp
#define libRIDB_decodedoperandmeta_hpp
-#include <decode/decode_bea.hpp>
-#include <decode/operand_bea.hpp>
+#include <core/decode_bea.hpp>
+#include <core/operand_bea.hpp>
namespace libIRDB
{
diff --git a/libIRDB/include/libIRDB-core.hpp b/libIRDB/include/libIRDB-core.hpp
index 921894014214e6692ad4d71482d06d7b161f7672..5680c2fe1a987e84bdcfba6cddd6ee4bb575ac7c 100644
--- a/libIRDB/include/libIRDB-core.hpp
+++ b/libIRDB/include/libIRDB-core.hpp
@@ -59,4 +59,6 @@ class Instruction_t; // forward decl for many classes
};
+#include <core/decode.hpp>
+
#endif
diff --git a/libIRDB/include/libIRDB-decode.hpp b/libIRDB/include/libIRDB-decode.hpp
deleted file mode 100644
index 64b8f6ea8fd3d9e519077373ba7f400a83b97102..0000000000000000000000000000000000000000
--- a/libIRDB/include/libIRDB-decode.hpp
+++ /dev/null
@@ -1,7 +0,0 @@
-#ifndef libIRDB_core_hpp
-#define libIRDB_core_hpp
-
-#include <libIRDB-core.hpp>
-#include <decode/decode.hpp>
-
-#endif
diff --git a/libIRDB/src/SConscript b/libIRDB/src/SConscript
index b44cd606bc0bafa855f950954a180a2f51433374..439e5176c06481b34825a2eb2ddcb32f6f81ecd7 100644
--- a/libIRDB/src/SConscript
+++ b/libIRDB/src/SConscript
@@ -9,7 +9,6 @@ dirs='''
core
syscall
util
- decode
'''
for i in Split(dirs):
diff --git a/libIRDB/src/cfg/BasicBlock.cpp b/libIRDB/src/cfg/BasicBlock.cpp
index abb72391f0964facadaf52c49563aa10208ba1b4..16bc947d539282117892b4ea7084b6df4219f22d 100644
--- a/libIRDB/src/cfg/BasicBlock.cpp
+++ b/libIRDB/src/cfg/BasicBlock.cpp
@@ -23,8 +23,6 @@
#include <libIRDB-core.hpp>
#include <libIRDB-cfg.hpp>
#include <utils.hpp>
-//#include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libIRDB/src/cfg/callgraph.cpp b/libIRDB/src/cfg/callgraph.cpp
index 9797e8804fc6577e63e23d577d863cc87b6a731c..f1cda16f56d0f0a078f1310e17e5d2c2338d884a 100644
--- a/libIRDB/src/cfg/callgraph.cpp
+++ b/libIRDB/src/cfg/callgraph.cpp
@@ -23,9 +23,7 @@
#include <ostream>
#include <libIRDB-core.hpp>
#include <libIRDB-cfg.hpp>
-#include <libIRDB-decode.hpp>
#include <utils.hpp>
-//#include <bea_deprecated.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libIRDB/src/core/SConscript b/libIRDB/src/core/SConscript
index 8970146776ccc95446b3559b9289c9e9925260d1..e034ad49cd1c367b6ebc25df8009c87fb85c088d 100644
--- a/libIRDB/src/core/SConscript
+++ b/libIRDB/src/core/SConscript
@@ -1,4 +1,5 @@
import os
+import glob
Import('env')
myenv=env.Clone()
@@ -22,6 +23,12 @@ files= '''
variantid.cpp
eh.cpp
reloc.cpp
+ decode_cs.cpp
+ operand_cs.cpp
+ decode_bea.cpp
+ operand_bea.cpp
+ decode_meta.cpp
+ operand_meta.cpp
'''
cpppath='''
@@ -30,14 +37,18 @@ cpppath='''
$SECURITY_TRANSFORMS_HOME/libIRDB/include/
$SECURITY_TRANSFORMS_HOME/beaengine/include
$SECURITY_TRANSFORMS_HOME/beaengine/beaengineSources/Includes/
+ $SECURITY_TRANSFORMS_HOME/libcapstone/include/
'''
+globs=glob.glob(os.environ['SECURITY_TRANSFORMS_HOME']+'/libcapstone/zipr_unpack/*.o')
+
myenv.Append(CCFLAGS=" -std=c++11 ")
myenv=myenv.Clone(CPPPATH=Split(cpppath))
-mylib=myenv.Library(libname, Split(files))
+mylib=myenv.Library(libname, Split(files) + globs)
install=myenv.Install("$SECURITY_TRANSFORMS_HOME/lib/", mylib)
Default(install)
Return('install')
+
diff --git a/libIRDB/src/decode/decode_bea.cpp b/libIRDB/src/core/decode_bea.cpp
similarity index 98%
rename from libIRDB/src/decode/decode_bea.cpp
rename to libIRDB/src/core/decode_bea.cpp
index d98da4dc8da575ab55fde5d654f0ec7120329c97..6f508adce3e8d201fbf82c2ecd9369e75ae59263 100644
--- a/libIRDB/src/decode/decode_bea.cpp
+++ b/libIRDB/src/core/decode_bea.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
#include <bea_deprecated.hpp>
@@ -38,7 +38,7 @@ DecodedInstructionBea_t::DecodedInstructionBea_t(const virtual_offset_t start_ad
DecodedInstructionBea_t::DecodedInstructionBea_t(const virtual_offset_t start_addr, const void *data, const void* endptr)
{
disasm_data=static_cast<void*>(new DISASM({}));
- const auto length=(char*)endptr-(char*)data;
+ const auto length=(char*)endptr-(char*)data + 1;
Disassemble(start_addr,data,length);
}
diff --git a/libIRDB/src/decode/decode_cs.cpp b/libIRDB/src/core/decode_cs.cpp
similarity index 94%
rename from libIRDB/src/decode/decode_cs.cpp
rename to libIRDB/src/core/decode_cs.cpp
index 3d46647015a8a121c401fb480f7c5ab7db26d405..d2f6f019c3b1f0e1b5622c28280c90279d9420ff 100644
--- a/libIRDB/src/decode/decode_cs.cpp
+++ b/libIRDB/src/core/decode_cs.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
#include <capstone.h>
#include <x86.h>
@@ -13,6 +13,19 @@ using namespace std;
#define ALLOF(a) begin(a),end(a)
+typedef struct special_instruction special_instruction_t;
+struct special_instruction
+{
+ string binary;
+ string mnemonic;
+ string operands;
+};
+
+vector<special_instruction_t> cs_special_instructions=
+ {
+ {"\xdf\xc0", "ffreep", "st0"}
+ };
+
// static helpers
static inline bool hasPrefix(const cs_insn* the_insn, const x86_prefix desired_pref)
@@ -94,6 +107,27 @@ void DecodedInstructionCapstone_t::Disassemble(const virtual_offset_t start_addr
insn->size=0;
+ if(insn->size==0)
+ {
+ const auto special_it=find_if(ALLOF(cs_special_instructions), [&](const special_instruction_t& si)
+ {
+ if(si.binary.length() > max_len)
+ return false;
+ const auto data_as_str=string((char*)data,si.binary.length());
+ return si.binary==data_as_str;
+ });
+ const auto is_special=special_it != end(cs_special_instructions);
+ if(is_special)
+ {
+ // if we run into more complicated stuff, we may need to extend this
+ insn->size=special_it->binary.length();
+ strcpy(insn->mnemonic, special_it->mnemonic.c_str());
+ strcpy(insn->op_str, special_it->operands.c_str());
+ }
+
+ }
+
+
const auto cs_freer=[](cs_insn * insn) -> void
{
cs_free(insn,1);
diff --git a/libIRDB/src/decode/decode_meta.cpp b/libIRDB/src/core/decode_meta.cpp
similarity index 99%
rename from libIRDB/src/decode/decode_meta.cpp
rename to libIRDB/src/core/decode_meta.cpp
index 7de7908c807363f16cf91d0a6a13cff3d20adae8..0e89ca2e0210c9acde6052fc5d1670eee448f302 100644
--- a/libIRDB/src/decode/decode_meta.cpp
+++ b/libIRDB/src/core/decode_meta.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libIRDB/src/core/fileir.cpp b/libIRDB/src/core/fileir.cpp
index 0b29e4d96c3bcf44eea6fa7445f5ad4ee3180608..cfa5ae99ddcc01e6c5fc876042db2f5bf757f39c 100644
--- a/libIRDB/src/core/fileir.cpp
+++ b/libIRDB/src/core/fileir.cpp
@@ -28,7 +28,7 @@
#include <stdlib.h>
#include <sys/wait.h>
#include <iomanip>
-#include <bea_deprecated.hpp>
+//#include <bea_deprecated.hpp>
@@ -231,9 +231,9 @@ void FileIR_t::AssembleRegistry()
assert(actual_exit == 0);
- DISASM disasm;
- memset(&disasm, 0, sizeof(DISASM));
- disasm.Archi=GetArchitectureBitWidth();
+ //DISASM disasm;
+ //memset(&disasm, 0, sizeof(DISASM));
+ //disasm.Archi=GetArchitectureBitWidth();
ifstream binreader;
unsigned int filesize;
@@ -262,8 +262,19 @@ void FileIR_t::AssembleRegistry()
Instruction_t *instr = reg_val->first;
- disasm.EIP = (UIntPtr)&binary_stream[index];
- int instr_len = Disasm(&disasm);
+ // disasm.EIP = (UIntPtr)&binary_stream[index];
+ // int instr_len = Disasm(&disasm);
+
+ const auto disasm=DecodedInstruction_t
+ (
+ /* fake start addr doesn't matter */0x1000,
+ (void*)&binary_stream[index],
+ (void*)&binary_stream[filesize]
+ );
+
+ assert(disasm.valid());
+ const auto instr_len=disasm.length();
+
string rawBits;
rawBits.resize(instr_len);
for(int i=0;i<instr_len;i++,index++)
@@ -769,14 +780,15 @@ void FileIR_t::WriteToDB()
for(std::set<Instruction_t*>::const_iterator i=insns.begin(); i!=insns.end(); ++i)
{
Instruction_t const * const insnp=*i;
- DISASM disasm;
- Disassemble(insnp,disasm);
+ //DISASM disasm;
+ //Disassemble(insnp,disasm);
+ const auto disasm=DecodedInstruction_t(insnp);
if(insnp->GetOriginalAddressID() == NOT_IN_DATABASE)
{
- if(insnp->GetFallthrough()==NULL &&
- disasm.Instruction.BranchType!=RetType && disasm.Instruction.BranchType!=JmpType )
+ // if(insnp->GetFallthrough()==NULL && disasm.Instruction.BranchType!=RetType && disasm.Instruction.BranchType!=JmpType )
+ if(insnp->GetFallthrough()==NULL && !disasm.isReturn() && !disasm.isUnconditionalBranch())
{
// instructions that fall through are required to either specify a fallthrough that's
// in the IRDB, or have an associated "old" instruction.
@@ -786,11 +798,16 @@ void FileIR_t::WriteToDB()
assert(0);
abort();
}
- if(insnp->GetTarget()==NULL && disasm.Instruction.BranchType!=0 &&
- disasm.Instruction.BranchType!=RetType &&
+ //if(insnp->GetTarget()==NULL && disasm.Instruction.BranchType!=0 &&
+ // disasm.Instruction.BranchType!=RetType &&
+ // // not an indirect branch
+ // ((disasm.Instruction.BranchType!=JmpType && disasm.Instruction.BranchType!=CallType) ||
+ // disasm.Argument1.ArgType&CONSTANT_TYPE))
+
+ if(insnp->GetTarget()==NULL && disasm.isBranch() && !disasm.isReturn() &&
// not an indirect branch
- ((disasm.Instruction.BranchType!=JmpType && disasm.Instruction.BranchType!=CallType) ||
- disasm.Argument1.ArgType&CONSTANT_TYPE))
+ ( (!disasm.isUnconditionalBranch() && !disasm.isCall()) || disasm.getOperand(0).isConstant())
+ )
{
// direct branches are required to either specify a target that's
// in the IRDB, or have an associated "old" instruction.
diff --git a/libIRDB/src/core/generate_spri.cpp b/libIRDB/src/core/generate_spri.cpp
index df71a8cf922fbac983d5df548209e74852fbf759..caeda51a244d8af9e8b30a74b63e4322878679f1 100644
--- a/libIRDB/src/core/generate_spri.cpp
+++ b/libIRDB/src/core/generate_spri.cpp
@@ -28,7 +28,7 @@
#include <map>
#include <string.h>
#include <assert.h>
-#include <bea_deprecated.hpp>
+//#include <bea_deprecated.hpp>
#undef EIP
@@ -71,26 +71,31 @@ static string addressify(Instruction_t* insn);
//
// determine if this branch has a short offset that can't be represented as a long branch
//
-static bool needs_short_branch_rewrite(Instruction_t* newinsn, const DISASM &disasm)
+static bool needs_short_branch_rewrite(Instruction_t* newinsn, const DecodedInstruction_t &disasm)
{
- if ( strstr(disasm.Instruction.Mnemonic, "jecxz" )
- || strstr(disasm.Instruction.Mnemonic, "jrcxz" )
- || strstr(disasm.Instruction.Mnemonic, "loop" )
- || strstr(disasm.Instruction.Mnemonic, "loopne")
- || strstr(disasm.Instruction.Mnemonic, "loope" ) )
+ if ( (disasm.getMnemonic()== "jecxz" )
+ || (disasm.getMnemonic()== "jrcxz" )
+ || (disasm.getMnemonic()== "loop" )
+ || (disasm.getMnemonic()== "loopne")
+ || (disasm.getMnemonic()== "loope" ) )
return true;
/* 64-bit has more needs than this */
- if(disasm.Archi==32)
+ // if(disasm.Archi==32)
+ if(FileIR_t::GetArchitectureBitWidth()==32)
return false;
- if(disasm.Instruction.BranchType==0) /* non-branches, jumps, calls and returns don't need this rewrite */
+ // if(disasm.Instruction.BranchType==0) /* non-branches, jumps, calls and returns don't need this rewrite */
+ if(!disasm.isBranch())
return false;
- if(disasm.Instruction.BranchType==JmpType)
+ // if(disasm.Instruction.BranchType==JmpType)
+ if(disasm.isUnconditionalBranch())
return false;
- if(disasm.Instruction.BranchType==CallType)
+ // if(disasm.Instruction.BranchType==CallType)
+ if(disasm.isCall())
return false;
- if(disasm.Instruction.BranchType==RetType)
+ // if(disasm.Instruction.BranchType==RetType)
+ if(disasm.isReturn())
return false;
/* all other branches (on x86-64) need further checking */
@@ -278,12 +283,12 @@ bool convert_jump_for_64bit(Instruction_t* newinsn, string &final, string &emit_
return true;
}
-void emit_jump(FileIR_t* fileIRp, ostream& fout, DISASM& disasm, Instruction_t* newinsn, Instruction_t *old_insn, string & original_target, string &emit_later)
+void emit_jump(FileIR_t* fileIRp, ostream& fout, const DecodedInstruction_t& disasm, Instruction_t* newinsn, Instruction_t *old_insn, string & original_target, string &emit_later)
{
string label=labelfy(newinsn);
- string complete_instr=string(disasm.CompleteInstr);
- string address_string=string(disasm.Argument1.ArgMnemonic);
+ string complete_instr=disasm.getDisassembly();
+ string address_string=disasm.getOperand(0).getString();
bool converted=false;
@@ -316,15 +321,19 @@ void emit_jump(FileIR_t* fileIRp, ostream& fout, DISASM& disasm, Instruction_t*
/* sanity, no segment registers for absolute mode */
- assert(disasm.Argument1.SegmentReg==0);
+ //assert(disasm.Argument1.SegmentReg==0);
- if(disasm.Archi==64)
+ // if(disasm.Archi==64)
+ if(FileIR_t::GetArchitectureBitWidth()==64)
converted=convert_jump_for_64bit(newinsn,final, emit_later,new_target);
fout<<final<<endl;
if (new_target.c_str()[0]=='0')
{
+assert(0);
+#if 0
+this will never work again?
// if we converted to an indirect jump, do a 64-bit reloc
if(converted)
{
@@ -348,6 +357,7 @@ void emit_jump(FileIR_t* fileIRp, ostream& fout, DISASM& disasm, Instruction_t*
/* other jcc'often use a 2-byte opcode for far jmps (which is what spri will emit) */
emit_relocation(fileIRp, fout,2,"32-bit",newinsn);
}
+#endif
}
}
else /* this instruction has a target, but it's not in the DB */
@@ -355,6 +365,8 @@ void emit_jump(FileIR_t* fileIRp, ostream& fout, DISASM& disasm, Instruction_t*
/* so we'll just emit the instruction and let it go back to the application text. */
fout<<complete_instr<<endl;
// needs relocation info.
+#if 0
+// never to work again?
if(complete_instr.compare("call 0x00000000")==0 ||
complete_instr.compare("jmp 0x00000000")==0
)
@@ -377,6 +389,7 @@ void emit_jump(FileIR_t* fileIRp, ostream& fout, DISASM& disasm, Instruction_t*
assert(strstr(fileIRp->GetFile()->GetURL().c_str(),"a.ncexe")!=0);
}
}
+#endif
}
}
@@ -391,12 +404,15 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
Instruction_t* old_insn=insnMap[newinsn];
// disassemble using BeaEngine
- DISASM disasm;
+ // DISASM disasm;
/* Disassemble the instruction */
- int instr_len = Disassemble(newinsn,disasm);
+ //int instr_len = Disassemble(newinsn,disasm);
+ const auto disasm=DecodedInstruction_t(newinsn);
+// not needed after library fix.
+#if 0
/* if this instruction has a prefix, re-disassemble it showing the segment regs */
if(
disasm.Prefix.FSPrefix ||
@@ -418,11 +434,12 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
/* Disassemble the instruction */
int instr_len = Disasm(&disasm);
}
+#endif
string label=labelfy(newinsn);
- string complete_instr=string(disasm.CompleteInstr);
- string address_string=string(disasm.Argument1.ArgMnemonic);
+ string complete_instr=disasm.getDisassembly(); //string(disasm.CompleteInstr);
+ string address_string=disasm.getOperand(0).getString(); // string(disasm.Argument1.ArgMnemonic);
/* Emit any callback functions */
if (!newinsn->GetCallback().empty())
@@ -437,8 +454,8 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
/* emit the actual instruction from the database */
if(
- strstr(disasm.CompleteInstr,"jmp far")!=0 ||
- strstr(disasm.CompleteInstr,"call far")!=0
+ strstr(disasm.getDisassembly().c_str(),"jmp far")!=0 ||
+ strstr(disasm.getDisassembly().c_str(),"call far")!=0
)
{
fout<<"\t hlt " << endl;
@@ -446,9 +463,12 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
/* if it's a branch instruction, we have extra work to do */
else if(
- (disasm.Instruction.BranchType!=0) && // it is a branch
- (disasm.Instruction.BranchType!=RetType) && // and not a return
- (disasm.Argument1.ArgType & CONSTANT_TYPE)!=0 // and has a constant argument type 1
+ //(disasm.Instruction.BranchType!=0) && // it is a branch
+ //(disasm.Instruction.BranchType!=RetType) && // and not a return
+ //(disasm.Argument1.ArgType & CONSTANT_TYPE)!=0 // and has a constant argument type 1
+ disasm.isBranch() &&
+ !disasm.isReturn() &&
+ disasm.getOperand(0).isConstant()
)
{
emit_jump(fileIRp, fout, disasm,newinsn,old_insn, original_target, emit_later);
@@ -460,7 +480,11 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
/* beaEngine kinda sucks and does some non-nasmness. */
/* in this case, we look for an "lea <reg>, dword [ addr ]" and remove the "dword" part */
- if(strstr(disasm.CompleteInstr,"lea ") != NULL )
+ // if(strstr(disasm.CompleteInstr,"lea ") != NULL )
+
+// not needed after bea and/or libdecode fixes.
+#if 0
+ if(disasm.getMnemonic()=="lea")
{
char* a=strstr(disasm.CompleteInstr, "dword ");
if(a!=NULL)
@@ -473,9 +497,11 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
}
}
+
/* In this case, we look for "mov*x dstreg, srcreg" and convert srcreg to an appropriate size */
- if( strstr(disasm.CompleteInstr, "movzx ") ||
- strstr(disasm.CompleteInstr, "movsx ") )
+ //if( strstr(disasm.CompleteInstr, "movzx ") ||
+ // strstr(disasm.CompleteInstr, "movsx ") )
+ if( disasm.getMnemonic()== "movzx" || disasm.getMnemonic()== "movsx" )
{
if( disasm.Instruction.Opcode==0xfbe || disasm.Instruction.Opcode==0xfb6 )
{
@@ -519,8 +545,9 @@ static string emit_spri_instruction(FileIR_t* fileIRp, Instruction_t *newinsn, o
{
disasm.CompleteInstr[8]='\0';
}
+#endif
- fout<<disasm.CompleteInstr;
+ fout<<disasm.getDisassembly();
fout<<endl;
}
@@ -700,16 +727,21 @@ static void emit_spri_rule(FileIR_t* fileIRp, Instruction_t* newinsn, ostream& f
}
else
{
- DISASM disasm;
- disasm.Options = NasmSyntax + PrefixedNumeral + ShowSegmentRegs;
- disasm.Archi = fileIRp->GetArchitectureBitWidth();
- disasm.EIP = (UIntPtr)newinsn->GetDataBits().c_str();
- disasm.VirtualAddr = old_insn ? old_insn->GetAddress()->GetVirtualOffset() : 0;
+ //DISASM disasm;
+ //disasm.Options = NasmSyntax + PrefixedNumeral + ShowSegmentRegs;
+ //disasm.Archi = fileIRp->GetArchitectureBitWidth();
+ //disasm.EIP = (UIntPtr)newinsn->GetDataBits().c_str();
+ //disasm.VirtualAddr = old_insn ? old_insn->GetAddress()->GetVirtualOffset() : 0;
+ const auto disasm=DecodedInstruction_t(newinsn);
/* Disassemble the instruction */
- int instr_len = Disasm(&disasm);
+ //int instr_len = Disasm(&disasm);
+ assert(disasm.valid());
+ int instr_len = disasm.length();
+
- if( disasm.Instruction.BranchType!=RetType && disasm.Instruction.BranchType!=JmpType )
+ //if( disasm.Instruction.BranchType!=RetType && disasm.Instruction.BranchType!=JmpType )
+ if( !disasm.isReturn() && !disasm.isUnconditionalBranch())
{
assert(old_insn); /* it's an error to insert a new, non-unconditional branch instruction
* and not specify it's fallthrough */
diff --git a/libIRDB/src/decode/operand_bea.cpp b/libIRDB/src/core/operand_bea.cpp
similarity index 99%
rename from libIRDB/src/decode/operand_bea.cpp
rename to libIRDB/src/core/operand_bea.cpp
index 5fbcf6625e6b7459bdb8f6d1224fb52a1d1f941a..a247aed10e45428259cc362cfdd180e56ac6e3cf 100644
--- a/libIRDB/src/decode/operand_bea.cpp
+++ b/libIRDB/src/core/operand_bea.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
#include <bea_deprecated.hpp>
using namespace std;
diff --git a/libIRDB/src/decode/operand_cs.cpp b/libIRDB/src/core/operand_cs.cpp
similarity index 98%
rename from libIRDB/src/decode/operand_cs.cpp
rename to libIRDB/src/core/operand_cs.cpp
index 5dccde8173799e3dd9049b8b4a6e2cb3522548db..739af2c0ed0e6f55cf0ffd1218542b627a832ec4 100644
--- a/libIRDB/src/decode/operand_cs.cpp
+++ b/libIRDB/src/core/operand_cs.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
using namespace std;
using namespace libIRDB;
diff --git a/libIRDB/src/decode/operand_meta.cpp b/libIRDB/src/core/operand_meta.cpp
similarity index 98%
rename from libIRDB/src/decode/operand_meta.cpp
rename to libIRDB/src/core/operand_meta.cpp
index 9ad1985b5f9f40da9975f91d3a4b2b37ebefaad3..e62ae20f07dc8cac20e864f425f8f49e614c2de0 100644
--- a/libIRDB/src/decode/operand_meta.cpp
+++ b/libIRDB/src/core/operand_meta.cpp
@@ -1,5 +1,5 @@
-#include <libIRDB-decode.hpp>
+#include <libIRDB-core.hpp>
using namespace std;
using namespace libIRDB;
diff --git a/libIRDB/src/decode/SConscript b/libIRDB/src/decode/SConscript
deleted file mode 100644
index 84ed04ab98a48d25448eed083f2542e248250001..0000000000000000000000000000000000000000
--- a/libIRDB/src/decode/SConscript
+++ /dev/null
@@ -1,37 +0,0 @@
-import os
-import glob
-
-Import('env')
-myenv=env
-myenv.Replace(SECURITY_TRANSFORMS_HOME=os.environ['SECURITY_TRANSFORMS_HOME'])
-
-
-libnamesimple="IRDB-decode-simple"
-libname="IRDB-decode"
-files= '''
- decode_cs.cpp
- operand_cs.cpp
- decode_bea.cpp
- operand_bea.cpp
- decode_meta.cpp
- operand_meta.cpp
- '''
-cpppath='''
- $SECURITY_TRANSFORMS_HOME/include/
- $SECURITY_TRANSFORMS_HOME/libIRDB/include/
- $SECURITY_TRANSFORMS_HOME/beaengine/include
- $SECURITY_TRANSFORMS_HOME/beaengine/beaengineSources/Includes/
- $SECURITY_TRANSFORMS_HOME/libcapstone/include/
- '''
-
-#myenv.Append(CCFLAGS=" -Wall -W -Wextra -Wconversion ")
-
-myenv=myenv.Clone(CPPPATH=Split(cpppath))
-myenv.Append(CXXFLAGS = " -std=c++11 ")
-globs=glob.glob(os.environ['SECURITY_TRANSFORMS_HOME']+'/libcapstone/zipr_unpack/*.o')
-lib=myenv.Library(libname, Split(files) + globs );
-install=env.Install("$SECURITY_TRANSFORMS_HOME/lib/", lib)
-Default(install)
-
-
-Return('install')
diff --git a/libIRDB/src/syscall/SConscript b/libIRDB/src/syscall/SConscript
index 6d3fef69b8258b05a33fe0add5f0c11d4493d1a8..870242cf20a683e5c82066302c2e92841fc89cd0 100644
--- a/libIRDB/src/syscall/SConscript
+++ b/libIRDB/src/syscall/SConscript
@@ -18,6 +18,9 @@ cpppath='''
#myenv.Append(CCFLAGS=" -Wall -W -Wextra -Wconversion ")
+myenv.Append(CXXFLAGS = " -std=c++11 ")
+
+
myenv=myenv.Clone(CPPPATH=Split(cpppath))
lib=myenv.Library(libname, Split(files))
diff --git a/libIRDB/src/util/params.cpp b/libIRDB/src/util/params.cpp
index 973196d3537a9f16d9fbb57201a903001688edf1..2f32c1b960de6aac1dc48298f028ea5fcba163ad 100644
--- a/libIRDB/src/util/params.cpp
+++ b/libIRDB/src/util/params.cpp
@@ -21,9 +21,7 @@
#include <libIRDB-core.hpp>
#include <libIRDB-util.hpp>
-#include <libIRDB-decode.hpp>
#include <utils.hpp>
-//#include <bea_deprecated.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libIRDB/test/SConscript b/libIRDB/test/SConscript
index f0179c2fbb6d15753d6a4e70f8c586df08e50cef..539e33a4caabd171ae3723fef2d0654bf37416ac 100644
--- a/libIRDB/test/SConscript
+++ b/libIRDB/test/SConscript
@@ -19,7 +19,7 @@ if 'build_tools' not in myenv or myenv['build_tools'] is None or int(myenv['buil
'''
LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
- LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ " IRDB-cfg IRDB-util IRDB-decode MEDSannotation")
+ LIBS=Split( 'IRDB-cfg IRDB-util ' + env.subst('$BASE_IRDB_LIBS')+ " MEDSannotation")
print "The libs for libIRDB/tests are:"
print LIBS
diff --git a/libIRDB/test/check_thunks.cpp b/libIRDB/test/check_thunks.cpp
index bed7b33c32d30331f427341625a5c93880959270..0b3e8cae9b77aac83241b8a2ab5f6144c54232e0 100644
--- a/libIRDB/test/check_thunks.cpp
+++ b/libIRDB/test/check_thunks.cpp
@@ -35,8 +35,6 @@
#include "check_thunks.hpp"
#include "fill_in_indtargs.hpp"
-// #include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
using namespace libIRDB;
diff --git a/libIRDB/test/fill_in_cfg.cpp b/libIRDB/test/fill_in_cfg.cpp
index a93f559bd550bfaa07f703d05a98fd5f5332f91d..96523bfbc07a52e9f93f33d8a5f835b41ad5cec8 100644
--- a/libIRDB/test/fill_in_cfg.cpp
+++ b/libIRDB/test/fill_in_cfg.cpp
@@ -31,8 +31,6 @@
#include "elfio/elfio.hpp"
#include "elfio/elfio_dump.hpp"
#include "eh_frame.hpp"
-// #include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
int odd_target_count=0;
int bad_target_count=0;
diff --git a/libIRDB/test/fill_in_indtargs.cpp b/libIRDB/test/fill_in_indtargs.cpp
index 0b416fec33112cb97a2fcae303eba0054e0d76be..90693e24cea442b40e37cc81cf508c3be03e82eb 100644
--- a/libIRDB/test/fill_in_indtargs.cpp
+++ b/libIRDB/test/fill_in_indtargs.cpp
@@ -41,7 +41,6 @@
#include "check_thunks.hpp"
#include "fill_in_indtargs.hpp"
#include "libMEDSAnnotation.h"
-#include <libIRDB-decode.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libIRDB/test/find_strings.cpp b/libIRDB/test/find_strings.cpp
index 96342ef5e8f5ce8c83415e9e6365d609c6d79def..e131408912133ccc2805ab083a718126ca799e00 100644
--- a/libIRDB/test/find_strings.cpp
+++ b/libIRDB/test/find_strings.cpp
@@ -35,9 +35,7 @@
#include "targ-config.h"
#include "elfio/elfio.hpp"
#include "elfio/elfio_dump.hpp"
-// #include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
using namespace libIRDB;
diff --git a/libIRDB/test/fix_calls.cpp b/libIRDB/test/fix_calls.cpp
index 4b062d0e936c8add18614e1ae71b52514d0fc884..647ea664e677c226b3ef89c2d9324cd22efbd148 100644
--- a/libIRDB/test/fix_calls.cpp
+++ b/libIRDB/test/fix_calls.cpp
@@ -33,8 +33,6 @@
#include <exeio.h>
#include "fill_in_indtargs.hpp"
-#include <libIRDB-decode.hpp>
-//#include <bea_deprecated.hpp>
using namespace libIRDB;
diff --git a/libIRDB/test/ilr.cpp b/libIRDB/test/ilr.cpp
index ccc5d4c5104652d98d83de52accc04593edd00be..f7dff5d2d27fd406a402d9b0bac33fbad1c2d941 100644
--- a/libIRDB/test/ilr.cpp
+++ b/libIRDB/test/ilr.cpp
@@ -23,8 +23,6 @@
#include <libIRDB-core.hpp>
#include <iostream>
#include <stdlib.h>
-// #include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
using namespace libIRDB;
using namespace std;
diff --git a/libtransform/src/SConscript b/libtransform/src/SConscript
index 305ec42726180a9672129c204cd27152fd119906..1debb3fb00f9bb7e07e53786794a57cc638e2dfc 100644
--- a/libtransform/src/SConscript
+++ b/libtransform/src/SConscript
@@ -22,6 +22,8 @@ LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
LIBS=Split("IRDB-core IRDB-cfg IRDB-util pqxx BeaEngine_s_d ")
myenv=myenv.Clone(CPPPATH=Split(cpppath))
+myenv.Append(CXXFLAGS = " -std=c++11 ")
+
lib=myenv.Library("transform", Split(files), LIBPATH=LIBPATH, LIBS=LIBS)
install=myenv.Install("$SECURITY_TRANSFORMS_HOME/lib/", lib)
Default(install)
diff --git a/tools/cookbook/SConscript b/tools/cookbook/SConscript
index 4f8ac9a498a00b9c6a32370ca4f7f9b11ab43b53..021d8cffff86af96ac68fa14ce4db0c09bcf2eeb 100644
--- a/tools/cookbook/SConscript
+++ b/tools/cookbook/SConscript
@@ -15,6 +15,8 @@ cpppath='''
'''
#CFLAGS="-fPIC "
+myenv.Append(CXXFLAGS = " -std=c++11 ")
+
CPPDEFINES = {}
if os.environ.has_key('PS_NO_IDAPRO'):
print "Assuming that there is no IDA Pro available."
diff --git a/tools/dump_map/SConscript b/tools/dump_map/SConscript
index d5aef00f1bfafb59fbe3d09bc8aa0aa5e8550eee..222a689b2f9e05b8b987e41ad46a72ecbc41eaa5 100644
--- a/tools/dump_map/SConscript
+++ b/tools/dump_map/SConscript
@@ -23,7 +23,7 @@ myenv.Append(CPPFLAGS="-std=c++11")
pgm="dump_map.exe"
LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
-LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ " IRDB-cfg IRDB-decode IRDB-util transform rewrite MEDSannotation ")
+LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ " IRDB-cfg IRDB-util transform rewrite MEDSannotation ")
myenv=myenv.Clone(CPPPATH=Split(cpppath))
pgm=myenv.Program(pgm, files, LIBPATH=LIBPATH, LIBS=LIBS)
#install=myenv.Install("$SECURITY_TRANSFORMS_HOME/bin/", pgm)
diff --git a/tools/dump_map/dump_map.cpp b/tools/dump_map/dump_map.cpp
index 3e403e059fe83390121be2ff4abf302445752bf1..ba47423da749d615489a8311a0ceece4ee2282b1 100644
--- a/tools/dump_map/dump_map.cpp
+++ b/tools/dump_map/dump_map.cpp
@@ -21,7 +21,6 @@
#include <stdlib.h>
#include <fstream>
#include <libIRDB-core.hpp>
-#include <libIRDB-decode.hpp>
#include <libgen.h>
#include <iomanip>
#include <algorithm>
diff --git a/tools/selective_cfi/SConscript b/tools/selective_cfi/SConscript
index 0a41aeab6e2c1bde381ab7c7d3ed3e9ef4aee11d..9ce978eb387bb24dd909997313e7319b2719bbd1 100644
--- a/tools/selective_cfi/SConscript
+++ b/tools/selective_cfi/SConscript
@@ -23,7 +23,7 @@ myenv.Append(CXXFLAGS = " -std=c++11 -Wall ")
pgm="selective_cfi.exe"
LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
-LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ " IRDB-core IRDB-cfg IRDB-util IRDB-decode transform rewrite MEDSannotation pqxx pq")
+LIBS=Split( env.subst('$BASE_IRDB_LIBS')+ " IRDB-cfg IRDB-util IRDB-core transform rewrite MEDSannotation pqxx pq")
myenv=myenv.Clone(CPPPATH=Split(cpppath))
pgm=myenv.Program(pgm, files, LIBPATH=LIBPATH, LIBS=LIBS)
install=myenv.Install("$SECURITY_TRANSFORMS_HOME/plugins_install/", pgm)
diff --git a/tools/selective_cfi/scfi_instr.cpp b/tools/selective_cfi/scfi_instr.cpp
index cf964fa551910b2e1c9ae18011021da34ae5f770..e68cb4e6a2102eb433dff0e97a505c765b2e9505 100644
--- a/tools/selective_cfi/scfi_instr.cpp
+++ b/tools/selective_cfi/scfi_instr.cpp
@@ -30,8 +30,6 @@
#include <elf.h>
#include "elfio/elfio.hpp"
#include "elfio/elfio_dump.hpp"
-//#include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
diff --git a/tools/selective_cfi/tests/test_pow.sh b/tools/selective_cfi/tests/test_pow.sh
index 5b7915ef1b36fa156b8af6eeaf784d4851a3956a..6a9b2bd9ef90fd891ba9400abba6b9e612731938 100755
--- a/tools/selective_cfi/tests/test_pow.sh
+++ b/tools/selective_cfi/tests/test_pow.sh
@@ -86,7 +86,9 @@ main()
test pow.exe libm.so.6.cfi 5 8 # shared lib only
test pow.exe.cfi libm.so.6.cfi 5 8 # both protected
report
- clean
+ if [[ ! $1 == -k ]]; then
+ clean
+ fi
}
passes=0
diff --git a/tools/transforms/OffsetInference.cpp b/tools/transforms/OffsetInference.cpp
index 280254f982936129e47dcda115e8d03073f511dd..29904cd9ef77eb20f6e790a94e21e614288acb73 100644
--- a/tools/transforms/OffsetInference.cpp
+++ b/tools/transforms/OffsetInference.cpp
@@ -28,8 +28,6 @@
#include <set>
#include <fstream>
#include "globals.h"
-//#include <bea_deprecated.hpp>
-#include <libIRDB-decode.hpp>
using namespace std;
using namespace libIRDB;
diff --git a/tools/transforms/PNTransformDriver.cpp b/tools/transforms/PNTransformDriver.cpp
index f7a6db25aef2ca91d7e42d79e747dfdd11099ae9..01462f6267652ed8025263c169b4fca859a76d5f 100644
--- a/tools/transforms/PNTransformDriver.cpp
+++ b/tools/transforms/PNTransformDriver.cpp
@@ -29,7 +29,6 @@
#include <cmath>
#include "globals.h"
#include <libIRDB-cfg.hpp>
-#include <libIRDB-decode.hpp>
#include "EhUpdater.hpp"
#include <fcntl.h>
diff --git a/tools/transforms/PNTransformDriver.hpp b/tools/transforms/PNTransformDriver.hpp
index b24aafac693f2bba98c72a5a176212c28db04b5d..56ef2b8ee882e050df003f5f3c0285c1a8440790 100644
--- a/tools/transforms/PNTransformDriver.hpp
+++ b/tools/transforms/PNTransformDriver.hpp
@@ -31,7 +31,6 @@
#include "Rewrite_Utility.hpp"
#include <libIRDB-core.hpp>
#include <libIRDB-cfg.hpp>
-#include <libIRDB-decode.hpp>
#include "canary.h"
//#include <bea_deprecated.hpp>
diff --git a/tools/transforms/SConscript b/tools/transforms/SConscript
index b3ee955ff016290c5b0e38441880bc1fd1c2da8e..ae5d949e92cadcd8912e232f6ea873e954d2d70b 100644
--- a/tools/transforms/SConscript
+++ b/tools/transforms/SConscript
@@ -16,7 +16,7 @@ cpppath='''
$SECURITY_TRANSFORMS_HOME/beaengine/beaengineSources/Includes/
'''
-LIBS= " xform IRDB-cfg IRDB-decode MEDSannotation transform " + env.subst('$BASE_IRDB_LIBS')
+LIBS= " xform IRDB-cfg MEDSannotation transform " + env.subst('$BASE_IRDB_LIBS')
LIBPATH="$SECURITY_TRANSFORMS_HOME/lib"
#integer_files="transformutils.cpp integertransformdriver.cpp"