Merge branch 'master' into master

plasma-disassembler · web-flow · commit 1d8452867a84 · 2019-03-04T13:05:34.000+01:00
diff --git a/plasma/lib/__init__.py b/plasma/lib/__init__.py
@@ -119,6 +119,7 @@ def parse_args(self):
                 help='Disable analysis on the entry point / symbols and don\'t scan memmory. You can force it with the command push_analyze_symbols.')
         parser.add_argument('--debugsp', action='store_true',
                 help="Print the stack offset on each instructions. Warning: these values will not be saved in the database.")
+        parser.add_argument('--db_path', default=None, help="Database path ('.<exe_name>.db' by default).")
 
         args = parser.parse_args()
 
@@ -140,6 +141,7 @@ def parse_args(self):
         self.list_sections   = args.sections
         self.autoanalyzer    = not args.noautoanalyzer
         self.debugsp         = args.debugsp
+        self.db_path         = args.db_path
 
         if args.nbytes == 0:
             self.nbytes = 4
@@ -157,6 +159,13 @@ def parse_args(self):
         else:
             self.raw_base = 0
 
+    def _get_database_path(self, executable_filename):
+        if self.db_path is not None:
+          return self.db_path
+        dirname = os.path.dirname(executable_filename)
+        path = dirname + "/" if dirname != "" else ""
+        path +=  "." + os.path.basename(executable_filename) + ".db"
+        return path
 
     def load_file(self, filename=None):
         if filename is None:
@@ -175,7 +184,7 @@ def load_file(self, filename=None):
             die()
 
         self.db = Database()
-        self.db.load(filename)
+        self.db.load(self._get_database_path(filename))
 
         if self.raw_base != 0:
             self.db.raw_base = self.raw_base
diff --git a/plasma/lib/arch/arm/utils.py b/plasma/lib/arch/arm/utils.py
@@ -45,6 +45,8 @@ def is_cmp(i):
     return i.id == ARM_INS_CMP
 
 def is_jump(i):
+    if len(i.operands) <= 0 :
+        return False
     # Suppose that the written register is the first operand
     op = i.operands[0]
 
@@ -67,6 +69,8 @@ def is_uncond_jump(i):
     return is_jump(i) and i.cc == ARM_CC_AL
 
 def is_ret(i):
+    if len(i.operands) <= 0 :
+        return False
     op = i.operands[0]
     return i.group(CS_GRP_RET) or i.id == ARM_INS_BX and \
         op.type == ARM_OP_REG and op.value.reg == ARM_REG_LR
diff --git a/plasma/lib/arch/mips/output.py b/plasma/lib/arch/mips/output.py
@@ -26,16 +26,16 @@
                            MIPS_INS_SUBU, MIPS_INS_BGTZ, MIPS_INS_LH, MIPS_INS_LHU,
                            MIPS_INS_SH, MIPS_INS_SD, MIPS_INS_LD, MIPS_GRP_MIPS64,
                            MIPS_INS_BGEZ, MIPS_INS_BNEZ, MIPS_INS_BEQZ, MIPS_INS_BLEZ,
-                           MIPS_INS_BLTZ, MIPS_REG_ZERO, MIPS_REG_GP, MIPS_INS_NEG)
+                           MIPS_INS_BLTZ, MIPS_REG_ZERO, MIPS_REG_GP, MIPS_INS_NEG,
+                           MIPS_INS_BEQ, MIPS_INS_BNE)
 
 from plasma.lib.output import OutputAbs
 from plasma.lib.arch.mips.utils import (inst_symbol, is_call, is_jump, is_ret,
                                         is_uncond_jump, cond_symbol)
 from capstone.mips import (MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU,
                            MIPS_INS_ANDI, MIPS_INS_OR, MIPS_INS_ORI)
 
-# ASSIGNMENT_OPS = {ARM_INS_EOR, ARM_INS_AND, ARM_INS_ORR}
-ASSIGNMENT_OPS = {MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU}
+ASSIGNMENT_OPS = {MIPS_INS_SLT, MIPS_INS_SLTI, MIPS_INS_SLTIU, MIPS_INS_SLTU, MIPS_INS_BEQ, MIPS_INS_BNE}
 
 LD_TYPE = {
     MIPS_INS_LH: "halfword",
@@ -148,16 +148,18 @@ def _if_cond(self, cond, fused_inst):
                 self._add(" 0")
             return
 
-        assignment = fused_inst.id in ASSIGNMENT_OPS
+        assignment = fused_inst.id in ASSIGNMENT_OPS or fused_inst.id in COND_ADD_ZERO
 
         if assignment:
             self._add("(")
-            self._operand(fused_inst, 1)
-            if cond == MIPS_INS_BNEZ:
-                self._add(" < ")
+            self._operand(fused_inst, 0)
+            self._add(" ")
+            self._add(cond_symbol(cond))
+            if cond in COND_ADD_ZERO:
+                self._add(" 0")
             else:
-                self._add(" >= ")
-            self._operand(fused_inst, 2)
+                self._add(" ")
+                self._operand(fused_inst, 1)
             self._add(")")
 
     def _sub_asm_inst(self, i, tab=0):
@@ -265,8 +267,11 @@ def _sub_asm_inst(self, i, tab=0):
                 if i.id == MIPS_INS_LUI:
                     self._operand(i, 0)
                     self._add(" = ")
-                    self._operand(i, 1)
-                    self._add(" << 16")
+                    if str(i.operands[1].value.reg).isdigit:
+                        self._add(" 0x%x" % (i.operands[1].value.reg << 16))
+                    else:
+                        self._operand(i, 1)
+                        self._add(" << 16")
 
                 elif i.id == MIPS_INS_MOVE:
                     self._operand(i, 0)
diff --git a/plasma/lib/arch/mips/process_ast.py b/plasma/lib/arch/mips/process_ast.py
@@ -21,18 +21,16 @@
                            MIPS_INS_LUI, MIPS_OP_REG, MIPS_REG_ZERO, MipsOpValue)
 
 from plasma.lib.ast import (Ast_Branch, Ast_Loop, Ast_IfGoto, Ast_Ifelse,
-                            Ast_AndIf)
+                            Ast_AndIf, Ast_If_cond)
 from plasma.lib.arch.mips.output import ASSIGNMENT_OPS
 
 
 FUSE_OPS = set(ASSIGNMENT_OPS)
-# FUSE_OPS.add(ARM_INS_CMP)
-# FUSE_OPS.add(ARM_INS_TST)
 
 
 def fuse_inst_with_if(ctx, ast):
     if isinstance(ast, Ast_Branch):
-        types_ast = (Ast_Ifelse, Ast_IfGoto, Ast_AndIf)
+        types_ast = (Ast_Ifelse, Ast_IfGoto, Ast_AndIf, Ast_If_cond)
         for i, n in enumerate(ast.nodes):
             if isinstance(n, list):
                 if n[-1].id in FUSE_OPS and i + 1 < len(ast.nodes) \
@@ -43,8 +41,10 @@ def fuse_inst_with_if(ctx, ast):
                 fuse_inst_with_if(ctx, n)
 
     elif isinstance(ast, Ast_Ifelse):
+        ast.fused_inst = ast.jump_inst
         fuse_inst_with_if(ctx, ast.br_next)
         fuse_inst_with_if(ctx, ast.br_next_jump)
 
     elif isinstance(ast, Ast_Loop):
         fuse_inst_with_if(ctx, ast.branch)
+
diff --git a/plasma/lib/arch/x86/int80.py b/plasma/lib/arch/x86/int80.py
@@ -17,6 +17,8 @@
 # along with this program.    If not, see <http://www.gnu.org/licenses/>.
 #
 
+from collections import defaultdict
+
 from capstone.x86 import (X86_REG_EBX, X86_REG_ECX, X86_REG_EDX, X86_REG_ESI,
         X86_INS_INT, X86_OP_IMM, X86_REG_AL, X86_REG_AX, X86_REG_EAX,
         X86_REG_RAX, X86_REG_BL, X86_REG_CL, X86_REG_DL, X86_REG_BX,
@@ -57,7 +59,7 @@
 
 # http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
 
-SYSCALL = {
+SYSCALL_DATA = {
     1: {"name": "exit", "args_type": [ARG_INT]},
     # 2: {"name": "fork", "args_type": ['struct pt_regs']},
     2: {"name": "fork", "args_type": []},
@@ -241,6 +243,10 @@
     190: {"name": "vfork", "args_type": ['struct pt_regs']},
 }
 
+def SYSCALL(no):
+  if no not in SYSCALL_DATA:
+    SYSCALL_DATA[no] = {"name": "SYS%d" % no, "args_type": []}
+  return SYSCALL_DATA[no]
 
 
 def reg_write(inst, reg_id):
@@ -292,11 +298,11 @@ def read_block(ctx, blk):
             inline_comm[inst.address] = "?"
             continue
 
-        inline_comm[inst.address] = SYSCALL[sysnum]["name"] + "("
+        inline_comm[inst.address] = SYSCALL(sysnum)["name"] + "("
 
         # Search values for each args, otherwise print the register
 
-        args_type = SYSCALL[sysnum]["args_type"]
+        args_type = SYSCALL(sysnum)["args_type"]
         for j in range(len(args_type)):
             idx_wr_reg = search_backward(blk, i, ARGS_ORDER[j])
 
diff --git a/plasma/lib/database.py b/plasma/lib/database.py
@@ -92,9 +92,7 @@ def __init_vars(self):
     def load(self, filename):
         gc.disable()
 
-        dirname = os.path.dirname(filename)
-        self.path = dirname + "/" if dirname != "" else ""
-        self.path +=  "." + os.path.basename(filename) + ".db"
+        self.path = filename
 
         if os.path.exists(self.path):
             info("open database %s" % self.path)
diff --git a/plasma/lib/fileformat/elf.py b/plasma/lib/fileformat/elf.py
@@ -285,6 +285,7 @@ def load_dyn_sym(self):
                 "sh_size": relsz,
                 "sh_flags":0,
                 "sh_addralign":0
+                "sh_flags": 2048,
             }
             reloc_sec = RelocationSection(
                     fakerelheader, "reloc_plasma", self.elf)
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
 pefile
 pyelftools
 msgpack-python>=0.4.6
+nose

Original file line number	Diff line number	Diff line change
`@@ -285,6 +285,7 @@ def load_dyn_sym(self):`
`285`	`285`	`"sh_size": relsz,`
`286`	`286`	`"sh_flags":0,`
`287`	`287`	`"sh_addralign":0`
	`288`	`+ "sh_flags": 2048,`
`288`	`289`	`}`
`289`	`290`	`reloc_sec = RelocationSection(`
`290`	`291`	`fakerelheader, "reloc_plasma", self.elf)`
-Original file line number
+Diff line change
@@ @@ -1,3 +1,4 @@ @@
 pefile
 pyelftools
 msgpack-python>=0.4.6
 +nose