├── format ├── objc │ ├── mach064_classes.c │ ├── mach064_classes.h │ └── mach0_classes.h ├── pe │ ├── pe64.c │ ├── pe64.h │ ├── pe64_write.c │ ├── pemixed.h │ ├── pe_write.c │ ├── pemixed.c │ ├── pe.h │ └── dotnet.h ├── elf │ ├── elf64.h │ ├── elf64.c │ ├── elf64_write.c │ ├── elf_specs.h │ ├── elf.h │ └── elf_write.c ├── mach0 │ ├── mach064.c │ ├── mach064.h │ ├── fatmach0.h │ ├── dyldcache.h │ ├── fatmach0.c │ ├── mach0.h │ ├── mach0_specs.h │ └── dyldcache.c ├── mdmp │ ├── mdmp_pe64.c │ ├── mdmp_pe64.h │ ├── mdmp_pe.h │ ├── mdmp.h │ ├── mdmp_pe.c │ └── mdmp_windefs.h ├── mz │ ├── mz_specs.h │ ├── mz.h │ └── mz.c ├── psxexe │ └── psxexe.h ├── nin │ ├── n3ds.h │ ├── gba.h │ ├── nds.h │ └── nin.h ├── zimg │ ├── zimg.c │ └── zimg.h ├── p9 │ ├── p9bin.c │ └── p9bin.h ├── coff │ ├── coff.h │ ├── coff.c │ └── coff_specs.h ├── nxo │ ├── nxo.h │ └── nxo.c ├── xbe │ ├── xbe.h │ └── kernel.h ├── bflt │ ├── bflt.h │ └── bflt.c ├── spc700 │ └── spc_specs.h ├── omf │ ├── omf.h │ └── omf_specs.h ├── sfc │ └── sfc_specs.h ├── te │ ├── te.h │ └── te_specs.h ├── vsf │ └── vsf_specs.h ├── nes │ └── nes_specs.h ├── dex │ ├── dex.h │ └── dex.c └── wasm │ └── wasm.h ├── .gitignore ├── README.md ├── Makefile ├── r_cf_dict.h ├── scripts ├── build_mig_index.py └── machtraps.py └── yxml.h /format/objc/mach064_classes.c: -------------------------------------------------------------------------------- 1 | #define R_BIN_MACH064 1 2 | #include "mach0_classes.c" 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.dSYM 2 | test 3 | cfdict-parse 4 | bin_kernelcache.dylib 5 | *.d 6 | *.o 7 | -------------------------------------------------------------------------------- /format/pe/pe64.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2014 - nibble */ 2 | 3 | #define R_BIN_PE64 1 4 | #include "pe.c" 5 | -------------------------------------------------------------------------------- /format/elf/elf64.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008 nibble<.ds@gmail.com> */ 2 | 3 | #define R_BIN_ELF64 1 4 | #include "elf.h" 5 | -------------------------------------------------------------------------------- /format/pe/pe64.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008 nibble<.ds@gmail.com> */ 2 | 3 | #define R_BIN_PE64 1 4 | #include "pe.h" 5 | -------------------------------------------------------------------------------- /format/elf/elf64.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2010 nibble<.ds@gmail.com> */ 2 | 3 | #define R_BIN_ELF64 1 4 | #include "elf.c" 5 | -------------------------------------------------------------------------------- /format/pe/pe64_write.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2017 nibble, pancake */ 2 | 3 | #define R_BIN_PE64 1 4 | #include "pe_write.c" -------------------------------------------------------------------------------- /format/mach0/mach064.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008 nibble<.ds@gmail.com> */ 2 | 3 | #define R_BIN_MACH064 1 4 | #include "mach0.c" 5 | -------------------------------------------------------------------------------- /format/mach0/mach064.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008 nibble<.ds@gmail.com> */ 2 | 3 | #define R_BIN_MACH064 1 4 | #include "mach0.h" 5 | -------------------------------------------------------------------------------- /format/elf/elf64_write.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2015 nibble, pancake */ 2 | 3 | #define R_BIN_ELF64 1 4 | #include "elf_write.c" 5 | -------------------------------------------------------------------------------- /format/mdmp/mdmp_pe64.c: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016 - Davis, Alex Kornitzer */ 2 | 3 | #define R_BIN_PE64 1 4 | #include "mdmp_pe.c" 5 | -------------------------------------------------------------------------------- /format/objc/mach064_classes.h: -------------------------------------------------------------------------------- 1 | #ifndef MACH064_CLASSES 2 | #define MACH064_CLASSES 3 | 4 | #define R_BIN_MACH064 1 5 | #include "mach0_classes.h" 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /format/mdmp/mdmp_pe64.h: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016 - Davis, Alex Kornitzer */ 2 | 3 | #ifndef MDMP_PE64_H 4 | #define MDMP_PE64_H 5 | 6 | #define R_BIN_PE64 1 7 | 8 | #ifdef MDMP_PE_H 9 | #undef MDMP_PE_H 10 | #include "mdmp_pe.h" 11 | #else 12 | #include "mdmp_pe.h" 13 | #undef MDMP_PE_H 14 | #endif 15 | 16 | #endif /* MDMP_PE64_H */ 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## NOTE: this has been moved into radare2, this repo is archived 2 | 3 | It's like a regular mach0 but with all the KEXTs prelinked in. 4 | 5 | Usage: 6 | 7 | ``` 8 | r2 -F kernelcache you.decompressed.64bit.kernelcache 9 | ``` 10 | 11 | Cinema: 12 | 13 | [![asciicast](https://asciinema.org/a/1SZ330P1vULSvuElDCCFTFVND.png)](https://asciinema.org/a/1SZ330P1vULSvuElDCCFTFVND) 14 | -------------------------------------------------------------------------------- /format/mz/mz_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2015 nodepad */ 2 | 3 | typedef struct { 4 | ut16 signature; /* == 'MZ' or 'ZM' */ 5 | ut16 bytes_in_last_block; 6 | ut16 blocks_in_file; 7 | ut16 num_relocs; 8 | ut16 header_paragraphs; 9 | ut16 min_extra_paragraphs; 10 | ut16 max_extra_paragraphs; 11 | ut16 ss; 12 | ut16 sp; 13 | ut16 checksum; 14 | ut16 ip; 15 | ut16 cs; 16 | ut16 reloc_table_offset; 17 | ut16 overlay_number; 18 | } MZ_image_dos_header; 19 | 20 | typedef struct { 21 | ut16 offset; 22 | ut16 segment; 23 | } MZ_image_relocation_entry; 24 | -------------------------------------------------------------------------------- /format/psxexe/psxexe.h: -------------------------------------------------------------------------------- 1 | #ifndef PSXEXE_H 2 | #define PSXEXE_H 3 | 4 | #define PSXEXE_ID "PS-X EXE" 5 | #define PSXEXE_ID_LEN 8 6 | #define PSXEXE_TEXTSECTION_OFFSET 0x800 7 | 8 | #include 9 | 10 | typedef struct psxexe_header { 11 | ut8 id[8]; 12 | ut32 text; 13 | ut32 data; 14 | ut32 pc0; 15 | ut32 gp0; 16 | ut32 t_addr; 17 | ut32 t_size; 18 | ut32 d_addr; 19 | ut32 d_size; 20 | ut32 b_addr; 21 | ut32 b_size; 22 | ut32 S_addr; 23 | ut32 S_size; 24 | ut32 SavedSP; 25 | ut32 SavedFP; 26 | ut32 SavedGP; 27 | ut32 SavedRA; 28 | ut32 SavedS0; 29 | } psxexe_header; 30 | 31 | #endif // PSXEXE_H 32 | -------------------------------------------------------------------------------- /format/nin/n3ds.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | https://www.3dbrew.org/wiki/FIRM 4 | More formats to support: https://www.3dbrew.org/wiki/Category:File_formats 5 | */ 6 | 7 | #ifndef NIN_N3DS_H 8 | #define NIN_N3DS_H 9 | 10 | #include 11 | R_PACKED ( 12 | struct n3ds_firm_sect_hdr 13 | { 14 | ut32 offset; 15 | ut32 address; 16 | ut32 size; 17 | ut32 type; /* ('0'=ARM9/'1'=ARM11) */ 18 | ut8 sha256[0x20]; 19 | }); 20 | 21 | R_PACKED ( 22 | struct n3ds_firm_hdr 23 | { 24 | ut8 magic[4]; 25 | ut8 reserved1[4]; 26 | ut32 arm11_ep; 27 | ut32 arm9_ep; 28 | ut8 reserved2[0x30]; 29 | struct n3ds_firm_sect_hdr sections[4]; 30 | ut8 rsa2048[0x100]; 31 | }); 32 | 33 | #endif /* NIN_N3DS_H */ 34 | 35 | -------------------------------------------------------------------------------- /format/objc/mach0_classes.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "mach0/mach0_specs.h" 4 | #include "mach0/mach0.h" 5 | 6 | #undef mach0_ut 7 | #undef r_bin_plugin_mach 8 | 9 | #ifdef R_BIN_MACH064 10 | #define mach0_ut ut64 11 | #define r_bin_plugin_mach r_bin_plugin_mach064 12 | #else 13 | #define mach0_ut ut32 14 | #define r_bin_plugin_mach r_bin_plugin_mach0 15 | #endif 16 | 17 | #ifndef MACH0_CLASSES_H 18 | #define MACH0_CLASSES_H 19 | 20 | R_API RList *MACH0_(parse_classes)(RBinFile *bf); 21 | R_API void MACH0_(get_class_t)(mach0_ut p, RBinFile *bf, RBinClass *klass, bool dupe); 22 | R_API void MACH0_(get_category_t)(mach0_ut p, RBinFile *bf, RBinClass *klass, RSkipList *relocs); 23 | 24 | #endif // MACH0_CLASSES_H 25 | -------------------------------------------------------------------------------- /format/zimg/zimg.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2009-2015 - ninjahacker */ 2 | 3 | #include 4 | #include 5 | #include "zimg.h" 6 | 7 | 8 | struct r_bin_zimg_obj_t* r_bin_zimg_new_buf(RBuffer *buf) { 9 | struct r_bin_zimg_obj_t *bin = R_NEW0 (struct r_bin_zimg_obj_t); 10 | if (!bin) { 11 | goto fail; 12 | } 13 | bin->size = buf->length; 14 | bin->b = r_buf_new (); 15 | if (!r_buf_set_bytes (bin->b, buf->buf, bin->size)){ 16 | goto fail; 17 | } 18 | 19 | if (r_buf_size (bin->b) < sizeof (struct zimg_header_t)) { 20 | goto fail; 21 | } 22 | bin->header = (*(struct zimg_header_t*)bin->b->buf); 23 | 24 | return bin; 25 | 26 | fail: 27 | if (bin) { 28 | r_buf_free (bin->b); 29 | free (bin); 30 | } 31 | return NULL; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /format/mdmp/mdmp_pe.h: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016 - Davis, Alex Kornitzer */ 2 | 3 | #ifndef MDMP_PE_H 4 | #define MDMP_PE_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "pe/pe.h" 12 | 13 | #include "mdmp_specs.h" 14 | 15 | struct PE_(r_bin_mdmp_pe_bin) { 16 | ut64 vaddr; 17 | ut64 paddr; 18 | struct PE_(r_bin_pe_obj_t) *bin; 19 | }; 20 | 21 | 22 | RList *PE_(r_bin_mdmp_pe_get_entrypoint)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin); 23 | RList *PE_(r_bin_mdmp_pe_get_imports)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin); 24 | RList *PE_(r_bin_mdmp_pe_get_sections)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin); 25 | RList *PE_(r_bin_mdmp_pe_get_symbols)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin); 26 | 27 | #endif /* MDMP_PE_H */ 28 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | R2_PLUGIN_PATH=$(shell r2 -hh|grep LIBR_PLUGINS|awk '{print $$2}') 2 | CFLAGS_BIN=-g -fPIC $(shell pkg-config --cflags r_bin) 3 | LDFLAGS_BIN=-shared $(shell pkg-config --libs r_bin) -lr_syscall -lr_hash 4 | LDFLAGS_EXEC=$(shell pkg-config --libs r_bin) 5 | EXT_SO=$(shell r2 -hh|grep LIBEXT|awk '{print $$2}') 6 | SUDO=sudo 7 | 8 | CC_ASAN=-fsanitize=address 9 | CC_BIN=$(CC) $(CFLAGS_BIN) $(LDFLAGS_BIN) 10 | CC_EXEC=$(CC) $(CFLAGS_BIN) $(LDFLAGS_EXEC) 11 | 12 | all: 13 | $(CC_BIN) -DR_CF_DICT_IN_LIB -o bin_kernelcache.$(EXT_SO) bin_kernelcache.c r_cf_dict.c yxml.c format/mach0/mach064.c 14 | $(CC_EXEC) -o cfdict-parse r_cf_dict.c yxml.c 15 | 16 | install: all 17 | $(SUDO) cp -f *.$(EXT_SO) $(R2_PLUGIN_PATH) 18 | 19 | uninstall: 20 | for a in *.$(EXT_SO) ; do rm -f $(R2_PLUGIN_PATH)/$$a ; done 21 | 22 | clean: 23 | rm -f *.$(EXT_SO) 24 | rm -rf *.$(EXT_SO).dSYM 25 | -------------------------------------------------------------------------------- /format/mach0/fatmach0.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2009-2011 nibble<.ds@gmail.com> */ 2 | 3 | #include 4 | #include "mach0_specs.h" 5 | 6 | #ifndef _INCLUDE_R_BIN_FATMACH0_H_ 7 | #define _INCLUDE_R_BIN_FATMACH0_H_ 8 | 9 | struct r_bin_fatmach0_obj_t { 10 | const char *file; 11 | int size; 12 | int nfat_arch; 13 | struct fat_header hdr; 14 | struct fat_arch *archs; 15 | struct r_buf_t* b; 16 | }; 17 | 18 | struct r_bin_fatmach0_arch_t { 19 | int size; 20 | int offset; 21 | struct r_buf_t *b; 22 | int last; 23 | }; 24 | 25 | struct r_bin_fatmach0_arch_t *r_bin_fatmach0_extract(struct r_bin_fatmach0_obj_t* bin, int idx, int *narch); 26 | void* r_bin_fatmach0_free(struct r_bin_fatmach0_obj_t* bin); 27 | struct r_bin_fatmach0_obj_t* r_bin_fatmach0_new(const char* file); 28 | struct r_bin_fatmach0_obj_t* r_bin_fatmach0_from_bytes_new(const ut8* buf, ut64 size); 29 | #endif 30 | -------------------------------------------------------------------------------- /format/zimg/zimg.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #define R_BIN_ZIMG_MAXSTR 256 7 | 8 | struct zimg_header_t { 9 | ut8 magic[8]; 10 | ut32 filler[6]; 11 | ut8 arm_magic[4]; 12 | ut32 kernel_start; 13 | ut32 kernel_end; 14 | }; 15 | 16 | typedef struct r_bin_zimg_obj_t { 17 | int size; 18 | const char *file; 19 | struct r_buf_t *b; 20 | struct zimg_header_t header; 21 | ut32 *strings; 22 | RList *methods_list; 23 | RList *imports_list; 24 | ut64 code_from; 25 | ut64 code_to; 26 | Sdb *kv; 27 | } RBinZimgObj; 28 | 29 | struct r_bin_zimg_str_t { 30 | char str[R_BIN_ZIMG_MAXSTR]; 31 | ut64 offset; 32 | ut64 ordinal; 33 | int size; 34 | int last; 35 | }; 36 | 37 | struct r_bin_zimg_obj_t *r_bin_zimg_new_buf(struct r_buf_t *buf); 38 | struct r_bin_zimg_str_t *r_bin_zimg_get_strings (struct r_bin_zimg_obj_t* bin); 39 | -------------------------------------------------------------------------------- /format/p9/p9bin.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2011 pancake */ 2 | 3 | #include "p9bin.h" 4 | #include 5 | 6 | int r_bin_p9_get_arch(const ut8 *b, int *bits, int *big_endian) { 7 | st32 a = (st32) r_read_be32 (b); 8 | if (bits) { 9 | *bits = 32; 10 | } 11 | if (big_endian) { 12 | *big_endian = 0; 13 | } 14 | switch (a) { 15 | case I_MAGIC: 16 | return R_ASM_ARCH_X86; 17 | case T_MAGIC: 18 | if (bits) { 19 | *bits = 64; 20 | } 21 | return R_ASM_ARCH_PPC; 22 | case S_MAGIC: 23 | if (bits) { 24 | *bits = 64; 25 | } 26 | return R_ASM_ARCH_X86; 27 | case K_MAGIC: 28 | return R_ASM_ARCH_SPARC; 29 | case U_MAGIC: 30 | if (bits) { 31 | *bits = 64; 32 | } 33 | return R_ASM_ARCH_SPARC; 34 | case V_MAGIC: 35 | case M_MAGIC: 36 | case N_MAGIC: 37 | case P_MAGIC: 38 | return R_ASM_ARCH_MIPS; 39 | case E_MAGIC: 40 | return R_ASM_ARCH_ARM; 41 | case Q_MAGIC: 42 | return R_ASM_ARCH_PPC; 43 | //case A_MAGIC: // 68020 44 | } 45 | return 0; 46 | } 47 | -------------------------------------------------------------------------------- /format/coff/coff.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2014 Fedor Sakharov */ 2 | 3 | #ifndef COFF_H 4 | #define COFF_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "coff_specs.h" 12 | 13 | struct r_bin_coff_obj { 14 | struct coff_hdr hdr; 15 | struct coff_opt_hdr opt_hdr; 16 | struct coff_scn_hdr *scn_hdrs; 17 | struct coff_symbol *symbols; 18 | 19 | ut16 target_id; /* TI COFF specific */ 20 | 21 | struct r_buf_t *b; 22 | size_t size; 23 | ut8 endian; 24 | Sdb *kv; 25 | bool verbose; 26 | }; 27 | 28 | bool r_coff_supported_arch(const ut8 *buf); /* Reads two bytes from buf. */ 29 | struct r_bin_coff_obj* r_bin_coff_new_buf(RBuffer *buf, bool verbose); 30 | void r_bin_coff_free(struct r_bin_coff_obj *obj); 31 | RBinAddr *r_coff_get_entry(struct r_bin_coff_obj *obj); 32 | char *r_coff_symbol_name (struct r_bin_coff_obj *obj, void *ptr); 33 | int r_coff_is_stripped (struct r_bin_coff_obj *obj); 34 | 35 | #endif /* COFF_H */ 36 | -------------------------------------------------------------------------------- /format/nin/gba.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | const ut8 lic_gba[]={ 4 | 0x24, 0xff, 0xae, 0x51, 0x69, 0x9a, 0xa2, 0x21, 0x3d, 0x84, 0x82, 5 | 0x0a, 0x84, 0xe4, 0x09, 0xad, 0x11, 0x24, 0x8b, 0x98, 0xc0, 0x81, 6 | 0x7f, 0x21, 0xa3, 0x52, 0xbe, 0x19, 0x93, 0x09, 0xce, 0x20, 0x10, 7 | 0x46, 0x4a, 0x4a, 0xf8, 0x27, 0x31, 0xec, 0x58, 0xc7, 0xe8, 0x33, 8 | 0x82, 0xe3, 0xce, 0xbf, 0x85, 0xf4, 0xdf, 0x94, 0xce, 0x4b, 0x09, 9 | 0xc1, 0x94, 0x56, 0x8a, 0xc0, 0x13, 0x72, 0xa7, 0xfc, 0x9f, 0x84, 10 | 0x4d, 0x73, 0xa3, 0xca, 0x9a, 0x61, 0x58, 0x97, 0xa3, 0x27, 0xfc, 11 | 0x03, 0x98, 0x76, 0x23, 0x1d, 0xc7, 0x61, 0x03, 0x04, 0xae, 0x56, 12 | 0xbf, 0x38, 0x84, 0x00, 0x40, 0xa7, 0x0e, 0xfd, 0xff, 0x52, 0xfe, 13 | 0x03, 0x6f, 0x95, 0x30, 0xf1, 0x97, 0xfb, 0xc0, 0x85, 0x60, 0xd6, 14 | 0x80, 0x25, 0xa9, 0x63, 0xbe, 0x03, 0x01, 0x4e, 0x38, 0xe2, 0xf9, 15 | 0xa2, 0x34, 0xff, 0xbb, 0x3e, 0x03, 0x44, 0x78, 0x00, 0x90, 0xcb, 16 | 0x88, 0x11, 0x3a, 0x94, 0x65, 0xc0, 0x7c, 0x63, 0x87, 0xf0, 0x3c, 17 | 0xaf, 0xd6, 0x25, 0xe4, 0x8b, 0x38, 0x0a, 0xac, 0x72, 0x21, 0xd4, 18 | 0xf8, 0x07}; 19 | -------------------------------------------------------------------------------- /format/pe/pemixed.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "pe.h" 3 | 4 | #define SUB_BIN_DOS 0 5 | #define SUB_BIN_NATIVE 1 6 | #define SUB_BIN_NET 2 7 | 8 | #ifndef _INCLUDE_R_BIN_PEMIXED_H_ 9 | #define _INCLUDE_R_BIN_PEMIXED_H_ 10 | 11 | struct r_bin_pemixed_obj_t { 12 | const char* file; 13 | int size; 14 | struct PE_(r_bin_pe_obj_t)* sub_bin_dos; 15 | struct PE_(r_bin_pe_obj_t)* sub_bin_native; 16 | struct PE_(r_bin_pe_obj_t)* sub_bin_net; 17 | 18 | struct r_buf_t* b; 19 | }; 20 | 21 | // static int r_bin_pemixed_init(struct r_bin_pemixed_obj_t* bin, struct PE_(r_bin_pe_obj_t)* pe_bin); 22 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_init_dos(struct PE_(r_bin_pe_obj_t)* pe_bin); 23 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_init_native(struct PE_(r_bin_pe_obj_t)* pe_bin); 24 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_extract(struct r_bin_pemixed_obj_t* bin, int sub_bin); 25 | // static bool check_il_only(ut32 flags); 26 | void* r_bin_pemixed_free(struct r_bin_pemixed_obj_t* bin); 27 | struct r_bin_pemixed_obj_t * r_bin_pemixed_from_bytes_new(const ut8* buf, ut64 size); 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /format/mz/mz.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2015 nodepad */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "mz_specs.h" 8 | 9 | struct r_bin_mz_segment_t { 10 | ut64 paddr; 11 | ut64 vaddr; 12 | ut64 size; 13 | int last; 14 | }; 15 | 16 | struct r_bin_mz_reloc_t { 17 | ut64 paddr; 18 | ut64 vaddr; 19 | int last; 20 | }; 21 | 22 | struct r_bin_mz_obj_t { 23 | const MZ_image_dos_header *dos_header; 24 | const void *dos_extended_header; 25 | MZ_image_relocation_entry *relocation_entries; 26 | 27 | int dos_extended_header_size; 28 | 29 | int size; 30 | int dos_file_size; /* Size of dos file from dos executable header */ 31 | int load_module_size; /* Size of load module: dos_file_size - header size */ 32 | const char *file; 33 | struct r_buf_t *b; 34 | Sdb *kv; 35 | }; 36 | 37 | RBinAddr *r_bin_mz_get_entrypoint (const struct r_bin_mz_obj_t *bin); 38 | RList *r_bin_mz_get_segments (const struct r_bin_mz_obj_t *bin); 39 | struct r_bin_mz_reloc_t *r_bin_mz_get_relocs (const struct r_bin_mz_obj_t *bin); 40 | void *r_bin_mz_free (struct r_bin_mz_obj_t *bin); 41 | struct r_bin_mz_obj_t *r_bin_mz_new (const char *file); 42 | struct r_bin_mz_obj_t *r_bin_mz_new_buf (const struct r_buf_t *buf); 43 | RBinAddr *r_bin_mz_get_main_vaddr (struct r_bin_mz_obj_t *bin); 44 | -------------------------------------------------------------------------------- /r_cf_dict.h: -------------------------------------------------------------------------------- 1 | #ifndef R_CF_DICT_H 2 | #define R_CF_DICT_H 3 | 4 | #define R_CF_OPTION_NONE 0 5 | #define R_CF_OPTION_SKIP_NSDATA 1 6 | 7 | typedef enum { 8 | R_CF_INVALID, 9 | R_CF_DICT, 10 | R_CF_ARRAY, 11 | R_CF_STRING, 12 | R_CF_INTEGER, 13 | R_CF_DATA, 14 | R_CF_NULL, 15 | R_CF_TRUE, 16 | R_CF_FALSE 17 | } RCFValueType; 18 | 19 | typedef struct _CFValue { 20 | RCFValueType type; 21 | } RCFValue; 22 | 23 | typedef struct _CFKeyValue { 24 | char * key; 25 | RCFValue * value; 26 | } RCFKeyValue; 27 | 28 | typedef struct _CFValueDict { 29 | RCFValueType type; 30 | RList * pairs; //_CFKeyValue 31 | } RCFValueDict; 32 | 33 | typedef struct _CFValueArray { 34 | RCFValueType type; 35 | RList * values; //_CFValue 36 | } RCFValueArray; 37 | 38 | typedef struct _CFValueString { 39 | RCFValueType type; 40 | char * value; 41 | } RCFValueString; 42 | 43 | typedef struct _CFValueInteger { 44 | RCFValueType type; 45 | ut64 value; 46 | } RCFValueInteger; 47 | 48 | typedef struct _CFValueData { 49 | RCFValueType type; 50 | RBuffer * value; 51 | } RCFValueData; 52 | 53 | typedef struct _CFValueBool { 54 | RCFValueType type; 55 | } RCFValueBool; 56 | 57 | typedef struct _CFValueNULL { 58 | RCFValueType type; 59 | } RCFValueNULL; 60 | 61 | RCFValueDict * r_cf_value_dict_parse(RBuffer * file_buf, ut64 offset, ut64 size, int options); 62 | void r_cf_value_dict_free(RCFValueDict * dict); 63 | 64 | #endif 65 | -------------------------------------------------------------------------------- /format/nxo/nxo.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - 2018 - rkx1209 */ 2 | 3 | #ifndef _NXO_H 4 | #define _NXO_H 5 | 6 | typedef struct { 7 | ut32 unused; 8 | ut32 mod_memoffset; 9 | ut64 padding; 10 | } NXOStart; 11 | 12 | typedef struct { 13 | ut32 magic; 14 | ut32 dynamic; 15 | ut32 bss_start; 16 | ut32 bss_end; 17 | ut32 unwind_start; 18 | ut32 unwind_end; 19 | ut32 mod_object; 20 | } MODHeader; 21 | 22 | typedef struct { 23 | ut64 next; 24 | ut64 prev; 25 | ut64 relplt; 26 | ut64 reldyn; 27 | ut64 base; 28 | ut64 dynamic; 29 | ut64 is_rela; 30 | ut64 relplt_size; 31 | ut64 init; 32 | ut64 fini; 33 | ut64 bucket; 34 | ut64 chain; 35 | ut64 strtab; 36 | ut64 symtab; 37 | ut64 strtab_size; 38 | ut64 got; 39 | ut64 reladyn_size; 40 | ut64 reldyn_size; 41 | ut64 relcount; 42 | ut64 relacount; 43 | ut64 nchain; 44 | ut64 nbucket; 45 | ut64 got_value; 46 | } MODObject; 47 | 48 | typedef struct { 49 | ut32 mod_offset; 50 | ut32 text_offset; 51 | ut32 text_size; 52 | ut32 ro_offset; 53 | ut32 ro_size; 54 | ut32 data_offset; 55 | ut32 data_size; 56 | ut32 bss_size; 57 | } MODMeta; 58 | 59 | typedef struct { 60 | ut32 *strings; 61 | RList *methods_list; 62 | RList *imports_list; 63 | RList *classes_list; 64 | } RBinNXOObj; 65 | 66 | ut32 readLE32(RBuffer *buf, int off); 67 | ut64 readLE64(RBuffer *buf, int off); 68 | void parseMod (RBuffer *buf, RBinNXOObj *bin, ut32 mod0, ut64 baddr); 69 | const char *fileType(const ut8 *buf); 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /format/xbe/xbe.h: -------------------------------------------------------------------------------- 1 | 2 | #define XBE_MAGIC 0x48454258 3 | 4 | #define XBE_EP_RETAIL 0xA8FC57AB 5 | #define XBE_EP_DEBUG 0x94859D4B 6 | 7 | #define XBE_KP_RETAIL 0x5b6d40b6 8 | #define XBE_KP_DEBUG 0xefb1f152 9 | 10 | #define XBE_EP_CHIHIRO 0x40B5C16E 11 | #define XBE_KP_CHIHIRO 0x2290059D 12 | 13 | #define XBE_MAX_THUNK 378 14 | R_PACKED( 15 | typedef struct { 16 | ut32 magic; 17 | ut8 signature[0x100]; 18 | ut32 base; 19 | ut32 headers_size; 20 | ut32 image_size; 21 | ut32 image_header_size; 22 | ut32 timestamp; 23 | ut32 cert_addr; 24 | ut32 sections; 25 | ut32 sechdr_addr; 26 | ut32 init_flags; 27 | ut32 ep; 28 | ut32 tls_addr; 29 | ut32 pe_shit[7]; 30 | ut32 debug_path_addr; 31 | ut32 debug_name_addr; 32 | ut32 debug_uname_addr; 33 | ut32 kernel_thunk_addr; 34 | ut32 nonkernel_import_dir_addr; 35 | ut32 lib_versions; 36 | ut32 lib_versions_addr; 37 | ut32 kernel_lib_addr; 38 | ut32 xapi_lib_addr; 39 | ut32 shit[2]; 40 | }) xbe_header; 41 | 42 | 43 | #define SECT_FLAG_X 0x00000004 44 | #define SECT_FLAG_W 0x00000001 45 | R_PACKED ( 46 | typedef struct { 47 | ut32 flags; 48 | ut32 vaddr; 49 | ut32 vsize; 50 | ut32 offset; 51 | ut32 size; 52 | ut32 name_addr; 53 | ut32 refcount; 54 | ut32 shit[2]; 55 | ut8 digest[20]; 56 | }) xbe_section; 57 | 58 | R_PACKED ( 59 | typedef struct { 60 | ut8 name[8]; 61 | ut16 major; 62 | ut16 minor; 63 | ut16 build; 64 | ut16 flags; 65 | }) xbe_lib; 66 | 67 | typedef struct { 68 | xbe_header *header; 69 | int kt_key; 70 | int ep_key; 71 | } r_bin_xbe_obj_t; 72 | 73 | 74 | -------------------------------------------------------------------------------- /format/bflt/bflt.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2016 - Oscar Salvador */ 2 | 3 | #ifndef BFLT_H 4 | #define BFLT_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | /* Version 4 */ 12 | #define FLAT_VERSION 0x00000004L 13 | #define FLAT_FLAG_RAM 0x1 /* load program entirely into RAM */ 14 | #define FLAT_FLAG_GOTPIC 0x2 /* program is PIC with GOT */ 15 | #define FLAT_FLAG_GZIP 0x4 /* all but the header is compressed */ 16 | #define FLAT_FLAG_GZDATA 0x8 /* only data/relocs are compressed (for XIP) */ 17 | #define FLAT_FLAG_KTRACE 0x10 /* output useful kernel trace for debugging */ 18 | 19 | struct bflt_hdr { 20 | char magic[4]; 21 | ut32 rev; 22 | ut32 entry; 23 | ut32 data_start; 24 | ut32 data_end; 25 | ut32 bss_end; 26 | ut32 stack_size; 27 | ut32 reloc_start; 28 | ut32 reloc_count; 29 | ut32 flags; 30 | ut32 build_date; 31 | ut32 filler[5]; 32 | }; 33 | 34 | //typedef reloc_struct_t 35 | 36 | struct reloc_struct_t { 37 | ut32 addr_to_patch; 38 | ut32 data_offset; 39 | }; 40 | 41 | struct r_bin_bflt_obj { 42 | struct bflt_hdr *hdr; 43 | struct reloc_struct_t *reloc_table; 44 | struct reloc_struct_t *got_table; 45 | RBuffer *b; 46 | ut8 endian; 47 | size_t size; 48 | uint32_t n_got; 49 | }; 50 | 51 | #define BFLT_HDR_SIZE sizeof (struct bflt_hdr) 52 | #define VALID_GOT_ENTRY(x) (x != 0xFFFFFFFF) 53 | 54 | RBinAddr *r_bflt_get_entry(struct r_bin_bflt_obj *bin); 55 | struct r_bin_bflt_obj *r_bin_bflt_new_buf(struct r_buf_t *buf); 56 | void r_bin_bflt_free(struct r_bin_bflt_obj *obj); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /format/pe/pe_write.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2010-2018 pancake, nibble */ 2 | 3 | #include 4 | #include 5 | #include "pe.h" 6 | 7 | bool PE_(r_bin_pe_section_perms)(struct PE_(r_bin_pe_obj_t) *bin, const char *name, int perms) { 8 | PE_(image_section_header) *shdr = bin->section_header; 9 | int i; 10 | 11 | if (!shdr) { 12 | return false; 13 | } 14 | 15 | for (i = 0; i < bin->num_sections; i++) { 16 | const char *sname = (const char*) shdr[i].Name; 17 | if (!strncmp (name, sname, PE_IMAGE_SIZEOF_SHORT_NAME)) { 18 | int patchoff; 19 | ut32 newperms = shdr[i].Characteristics; 20 | ut32 newperms_le; 21 | 22 | /* Apply permission flags */ 23 | if (perms & R_PERM_X) { 24 | newperms |= PE_IMAGE_SCN_MEM_EXECUTE; 25 | } else { 26 | newperms &= ~PE_IMAGE_SCN_MEM_EXECUTE; 27 | } 28 | if (perms & R_PERM_W) { 29 | newperms |= PE_IMAGE_SCN_MEM_WRITE; 30 | } else { 31 | newperms &= ~PE_IMAGE_SCN_MEM_WRITE; 32 | } 33 | if (perms & R_PERM_R) { 34 | newperms |= PE_IMAGE_SCN_MEM_READ; 35 | } else { 36 | newperms &= ~PE_IMAGE_SCN_MEM_READ; 37 | } 38 | if (perms & R_PERM_SHAR) { 39 | newperms |= PE_IMAGE_SCN_MEM_SHARED; 40 | } else { 41 | newperms &= ~PE_IMAGE_SCN_MEM_SHARED; 42 | } 43 | 44 | patchoff = bin->section_header_offset; 45 | patchoff += i * sizeof (PE_(image_section_header)); 46 | patchoff += r_offsetof (PE_(image_section_header), Characteristics); 47 | r_write_le32 (&newperms_le, newperms); 48 | printf ("wx %02x @ 0x%x\n", newperms_le, patchoff); 49 | r_buf_write_at (bin->b, patchoff, (ut8*)&newperms_le, sizeof (newperms_le)); 50 | return true; 51 | } 52 | } 53 | return false; 54 | } 55 | -------------------------------------------------------------------------------- /format/mdmp/mdmp.h: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016 - Davis, Alex Kornitzer */ 2 | 3 | #ifndef MDMP_H 4 | #define MDMP_H 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | #include "mdmp_specs.h" 12 | #include "mdmp_pe.h" 13 | #include "mdmp_pe64.h" 14 | 15 | struct r_bin_mdmp_obj { 16 | struct minidump_header *hdr; 17 | 18 | /* Encountered streams */ 19 | struct minidump_streams { 20 | ut8 *comments_a; 21 | ut8 *comments_w; 22 | 23 | struct minidump_exception_stream *exception; 24 | struct minidump_function_table_stream *function_table; 25 | struct minidump_handle_data_stream *handle_data; 26 | struct minidump_system_info *system_info; 27 | 28 | union { 29 | struct minidump_misc_info *misc_info_1; 30 | struct minidump_misc_info_2 *misc_info_2; 31 | } misc_info; 32 | 33 | /* Lists */ 34 | RList *ex_threads; 35 | RList *memories; 36 | RList *memory_infos; 37 | RList *modules; 38 | RList *operations; 39 | RList *thread_infos; 40 | RList *threads; 41 | RList *token_infos; 42 | RList *unloaded_modules; 43 | struct { 44 | rva64_t base_rva; 45 | RList *memories; 46 | } memories64; 47 | } streams; 48 | 49 | /* Binary memory objects */ 50 | RList *pe32_bins; 51 | RList *pe64_bins; 52 | 53 | struct r_buf_t *b; 54 | size_t size; 55 | ut8 endian; 56 | Sdb *kv; 57 | }; 58 | 59 | struct r_bin_mdmp_obj *r_bin_mdmp_new_buf(struct r_buf_t *buf); 60 | void r_bin_mdmp_free(struct r_bin_mdmp_obj *obj); 61 | ut64 r_bin_mdmp_get_paddr(struct r_bin_mdmp_obj *obj, ut64 vaddr); 62 | ut32 r_bin_mdmp_get_perm(struct r_bin_mdmp_obj *obj, ut64 vaddr); 63 | struct minidump_memory_info *r_bin_mdmp_get_mem_info(struct r_bin_mdmp_obj *obj, ut64 vaddr); 64 | 65 | #endif /* MDMP_H */ 66 | -------------------------------------------------------------------------------- /format/nin/nds.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | http://dsibrew.org/wiki/NDS_Format 4 | http://sourceforge.net/p/devkitpro/ndstool/ci/master/tree/source/header.h 5 | */ 6 | 7 | #ifndef NIN_NDS_H 8 | #define NIN_NDS_H 9 | 10 | #include 11 | 12 | R_PACKED ( 13 | struct nds_hdr 14 | { 15 | st8 title[0xC]; 16 | st8 gamecode[0x4]; 17 | st8 makercode[2]; 18 | ut8 unitcode; 19 | ut8 devicetype; 20 | ut8 devicecap; 21 | ut8 reserved1[0x9]; 22 | ut8 romversion; 23 | ut8 reserved2; 24 | ut32 arm9_rom_offset; 25 | ut32 arm9_entry_address; 26 | ut32 arm9_ram_address; 27 | ut32 arm9_size; 28 | ut32 arm7_rom_offset; 29 | ut32 arm7_entry_address; 30 | ut32 arm7_ram_address; 31 | ut32 arm7_size; 32 | ut32 fnt_offset; 33 | ut32 fnt_size; 34 | ut32 fat_offset; 35 | ut32 fat_size; 36 | ut32 arm9_overlay_offset; 37 | ut32 arm9_overlay_size; 38 | ut32 arm7_overlay_offset; 39 | ut32 arm7_overlay_size; 40 | ut32 rom_control_info1; 41 | ut32 rom_control_info2; 42 | ut32 banner_offset; 43 | ut16 secure_area_crc; 44 | ut16 rom_control_info3; 45 | ut32 offset_0x70; 46 | ut32 offset_0x74; 47 | ut32 offset_0x78; 48 | ut32 offset_0x7C; 49 | ut32 application_end_offset; 50 | ut32 rom_header_size; 51 | ut32 offset_0x88; 52 | ut32 offset_0x8C; 53 | 54 | /* reserved */ 55 | ut32 offset_0x90; 56 | ut32 offset_0x94; 57 | ut32 offset_0x98; 58 | ut32 offset_0x9C; 59 | ut32 offset_0xA0; 60 | ut32 offset_0xA4; 61 | ut32 offset_0xA8; 62 | ut32 offset_0xAC; 63 | ut32 offset_0xB0; 64 | ut32 offset_0xB4; 65 | ut32 offset_0xB8; 66 | ut32 offset_0xBC; 67 | 68 | ut8 logo[156]; 69 | ut16 logo_crc; 70 | ut16 header_crc; 71 | 72 | }); 73 | 74 | #endif /* NIN_NDS_H */ 75 | 76 | -------------------------------------------------------------------------------- /scripts/build_mig_index.py: -------------------------------------------------------------------------------- 1 | import sys, re, json 2 | 3 | header = """ /* 4 | * This file is generated in this way: 5 | * 6 | * python2 build_mig_index.py ~/xnu-4570.51.1/bsd/kern/trace_codes traps.json > mig_index.h 7 | * 8 | * 9 | * The traps.json file is generated from any dyld cache using the machtraps.py r2pipe script. 10 | * 11 | */ 12 | """ 13 | 14 | def convert (trace_codes, trap_json): 15 | data = {} 16 | with open(trace_codes, 'r') as f: 17 | for line in f: 18 | splitted = re.compile('\s+').split(line.rstrip('\n')) 19 | name = splitted[1] 20 | code = int(splitted[0], 0) 21 | klass = code & 0xff000000 22 | if klass == 0xff000000: # MIG 23 | name = name.replace('MSG_', '') 24 | num = (code & 0x00ffffff) >> 2 25 | data[num] = name 26 | 27 | with open(trap_json, 'r') as f: 28 | traps = json.loads(f.read()) 29 | for routine in traps: 30 | num = routine['num'] 31 | if num in data: 32 | continue 33 | data[num] = routine['name'] 34 | 35 | result = [] 36 | for num in data: 37 | result.append((num, data[num])) 38 | 39 | result.sort(key = lambda x: x[0]) 40 | 41 | print header 42 | print '#ifndef R_MIG_INDEX_H' 43 | print '#define R_MIG_INDEX_H\n' 44 | 45 | print '#define R_MIG_INDEX_LEN %d\n' % (len(data) * 2) 46 | 47 | print 'static const char * mig_index[R_MIG_INDEX_LEN] = {' 48 | for pair in result: 49 | print '\t"%d", "%s",' % pair 50 | print '};\n' 51 | 52 | print '#endif' 53 | 54 | 55 | if __name__ == '__main__': 56 | if len(sys.argv) < 3: 57 | print 'usage %s bsd/kern/trace_codes traps.json' % sys.argv[0] 58 | else: 59 | convert(sys.argv[1], sys.argv[2]) 60 | 61 | -------------------------------------------------------------------------------- /format/mach0/dyldcache.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2009-2010 nibble<.ds@gmail.com> */ 2 | 3 | #include 4 | #include "mach0_specs.h" 5 | 6 | #ifndef _INCLUDE_R_BIN_DYLDCACHE_H_ 7 | #define _INCLUDE_R_BIN_DYLDCACHE_H_ 8 | 9 | struct r_bin_dyldcache_obj_t { 10 | const char *file; 11 | int size; 12 | int nlibs; 13 | struct cache_header hdr; 14 | RBuffer* b; 15 | }; 16 | 17 | struct r_bin_dyldcache_lib_t { 18 | char path[1024]; 19 | int size; 20 | ut64 offset; 21 | RBuffer *b; 22 | int last; 23 | }; 24 | 25 | 26 | struct dyld_cache_mapping_info { 27 | ut64 address; 28 | ut64 size; 29 | ut64 fileOffset; 30 | ut32 maxProt; 31 | ut32 initProt; 32 | }; 33 | 34 | struct dyld_cache_image_info { 35 | ut64 address; 36 | ut64 modTime; 37 | ut64 inode; 38 | ut32 pathFileOffset; 39 | ut32 pad; 40 | }; 41 | 42 | struct dyld_cache_slide_info { 43 | ut32 version; 44 | ut32 toc_offset; 45 | ut32 toc_count; 46 | ut32 entries_offset; 47 | ut32 entries_count; 48 | ut32 entries_size; 49 | }; 50 | 51 | typedef struct _dyld_cache_local_symbols_info { 52 | ut32 nlistOffset; 53 | ut32 nlistCount; 54 | ut32 stringsOffset; 55 | ut32 stringsSize; 56 | ut32 entriesOffset; 57 | ut32 entriesCount; 58 | } dyld_cache_local_symbols_info; 59 | 60 | typedef struct _dyld_cache_local_symbols_entry { 61 | ut32 dylibOffset; 62 | ut32 nlistStartIndex; 63 | ut32 nlistCount; 64 | } dyld_cache_local_symbols_entry; 65 | 66 | struct r_bin_dyldcache_lib_t *r_bin_dyldcache_extract(struct r_bin_dyldcache_obj_t* bin, int idx, int *nlib); 67 | void *r_bin_dyldcache_free(struct r_bin_dyldcache_obj_t* bin); 68 | struct r_bin_dyldcache_obj_t* r_bin_dyldcache_new(const char* file); 69 | struct r_bin_dyldcache_obj_t* r_bin_dyldcache_from_bytes_new (const ut8* bytes, ut64 size); 70 | void r_bin_dydlcache_get_libname(struct r_bin_dyldcache_lib_t *lib, char **libname); 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /format/spc700/spc_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - 2015 - maijin */ 2 | 3 | #ifndef _SPC_H 4 | #define _SPC_H 5 | 6 | #define SPC_MAGIC "SNES-SPC700 Sound File Data" 7 | #define SPC_HDR_SIZE sizeof (spc_hdr) 8 | 9 | #define RAM_START_ADDRESS 0x100 10 | #define RAM_SIZE 0x10000 11 | 12 | #define DSP_REG_START_ADDRESS 0x10100 13 | #define DSP_REG_SIZE 0x80 14 | 15 | #define EXTRA_RAM_START_ADDRESS 0x101C0 16 | #define EXTRA_RAM_SIZE 0x40 17 | 18 | #define EXTENDED_ID666_START_ADDRESS 0x10200 19 | 20 | typedef enum { 21 | UNKNOWN, 22 | ZSNES, 23 | SNES9X, 24 | } emulator_used; 25 | 26 | R_PACKED( 27 | typedef struct { //SNES9x 28 | char song_title [32]; 29 | char game_title [32]; 30 | char name_of_dumper [16]; 31 | char comments [32]; 32 | ut8 date[11]; 33 | ut8 num_sec_bef_fade_out[3]; 34 | ut8 len_fade_out[5]; 35 | char artist_song [32]; 36 | bool default_channel_disabled; 37 | emulator_used emulator_used[1]; 38 | ut8 reserved[1]; 39 | }) id666_tag_text; 40 | 41 | R_PACKED ( 42 | typedef struct { //ZSNES 43 | char song_title [32]; 44 | char game_title [32]; 45 | char name_of_dumper [16]; 46 | char comments [32]; 47 | ut8 date[4]; 48 | ut8 unused[8]; 49 | ut8 num_sec_bef_fade_out[3]; 50 | ut8 len_fade_out[4]; 51 | char artist_song [32]; 52 | bool default_channel_disabled; 53 | ut8 reserved[1]; 54 | }) id666_tag_binary; 55 | 56 | R_PACKED ( 57 | typedef struct { 58 | char signature [33]; 59 | ut8 signature2 [2]; 60 | ut8 has_id666; 61 | ut8 version; 62 | }) spc_hdr; 63 | 64 | R_PACKED ( 65 | typedef struct { 66 | ut8 pcl; 67 | ut8 pch; 68 | ut8 a; 69 | ut8 x; 70 | ut8 y; 71 | ut8 psw; 72 | ut8 sp; 73 | ut8 reserved_1; 74 | ut8 reserved_2; 75 | }) spc_reg; 76 | 77 | R_PACKED ( 78 | typedef struct { 79 | ut8 ram [0x10000]; 80 | ut8 dsp [128]; 81 | ut8 unused [0x40]; 82 | ut8 ipl_rom [0x40]; 83 | }) spc_data; 84 | 85 | #endif // _SPC_H 86 | -------------------------------------------------------------------------------- /format/omf/omf.h: -------------------------------------------------------------------------------- 1 | #ifndef OMF_H_ 2 | #define OMF_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #include "omf_specs.h" 9 | 10 | typedef struct OMF_record_handler { 11 | OMF_record record; 12 | struct OMF_record_handler *next; 13 | } OMF_record_handler; 14 | 15 | typedef struct { 16 | ut32 nb_elem; 17 | void *elems; 18 | } OMF_multi_datas; 19 | 20 | typedef struct OMF_DATA{ 21 | ut64 paddr; // offset in file 22 | ut64 size; 23 | ut32 offset; 24 | ut16 seg_idx; 25 | struct OMF_DATA *next; 26 | } OMF_data; 27 | 28 | // sections return by the plugin are the addr of datas because sections are 29 | // separate on non contiguous block on the omf file 30 | typedef struct { 31 | ut32 name_idx; 32 | ut64 size; 33 | ut8 bits; 34 | ut64 vaddr; 35 | OMF_data *data; 36 | } OMF_segment; 37 | 38 | typedef struct { 39 | char *name; 40 | ut16 seg_idx; 41 | ut32 offset; 42 | } OMF_symbol; 43 | 44 | typedef struct { 45 | ut8 bits; 46 | char **names; 47 | ut32 nb_name; 48 | OMF_segment **sections; 49 | ut32 nb_section; 50 | OMF_symbol **symbols; 51 | ut32 nb_symbol; 52 | OMF_record_handler *records; 53 | } r_bin_omf_obj; 54 | 55 | // this value was chosen arbitrarily to made the loader work correctly 56 | // if someone want to implement rellocation for omf he has to remove this 57 | #define OMF_BASE_ADDR 0x1000 58 | 59 | int r_bin_checksum_omf_ok(const ut8 *buf, ut64 buf_size); 60 | r_bin_omf_obj *r_bin_internal_omf_load(const ut8 *buf, ut64 size); 61 | void r_bin_free_all_omf_obj(r_bin_omf_obj *obj); 62 | bool r_bin_omf_get_entry(r_bin_omf_obj *obj, RBinAddr *addr); 63 | int r_bin_omf_get_bits(r_bin_omf_obj *obj); 64 | int r_bin_omf_send_sections(RList *list, OMF_segment *section, r_bin_omf_obj *obj); 65 | ut64 r_bin_omf_get_paddr_sym(r_bin_omf_obj *obj, OMF_symbol *sym); 66 | ut64 r_bin_omf_get_vaddr_sym(r_bin_omf_obj *obj, OMF_symbol *sym); 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /format/sfc/sfc_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - 2015 - maijin */ 2 | 3 | //CPU_memory_map: http://wiki.nesdev.com/w/index.php/CPU_memory_map 4 | 5 | #ifndef _SFC_SPECS_H 6 | #define _SFC_SPECS_H 7 | 8 | #define LOROM_PAGE_SIZE 0x8000 9 | #define HIROM_PAGE_SIZE 0x10000 10 | #define BANK_SIZE 0x10000 11 | 12 | #define SFC_HDR_SIZE sizeof (sfc_int_hdr) 13 | #define LOROM_HDR_LOC 0x7FC0 14 | #define HIROM_HDR_LOC 0xFFC0 15 | 16 | #define ADDMEM_START_ADDRESS 0x6000 17 | #define ADDMEM_SIZE 0x2000 18 | 19 | //identical for both LoROM and HiROM 20 | 21 | #define PPU1_REG_ADDRESS 0x2100 22 | #define PPU1_REG_SIZE 0x0100 23 | 24 | #define DSP_REG_ADDRESS 0x3000 25 | #define DSP_REG_SIZE 0x1000 26 | 27 | #define OLDJOY_REG_ADDRESS 0x4000 28 | #define OLDJOY_REG_SIZE 0x0100 29 | 30 | #define PPU2_REG_ADDRESS 0x4200 31 | #define PPU2_REG_SIZE 0x0300 32 | 33 | #define LOWRAM_START_ADDRESS 0x7E0000 34 | #define LOWRAM_SIZE 0x2000 35 | 36 | #define LOWRAM_MIRROR_START_ADDRESS 0x0000 37 | #define LOWRAM_MIRROR_SIZE 0x2000 38 | 39 | #define HIRAM_START_ADDRESS 0x7E2000 40 | #define HIRAM_SIZE 0x6000 41 | 42 | #define EXTRAM_START_ADDRESS 0x7E8000 43 | #define EXTRAM_SIZE 0x18000 44 | 45 | R_PACKED ( 46 | typedef struct { 47 | char name[0x15]; //game title. 48 | ut8 rom_setup; //ROM setup (LoROM/HiROM, etc.) 49 | ut8 rom_type; 50 | ut8 rom_size; //in 1kb chunks 51 | ut8 sram_size; //in 1kb chunks 52 | ut8 dest_code; 53 | ut8 fixed_0x33; //should be equal to 0x33 54 | ut8 rom_version; 55 | ut16 comp_check; //should be equal to ~checksum 56 | ut16 checksum; 57 | }) sfc_int_hdr; 58 | 59 | #endif // _SFC_SPECS_H 60 | -------------------------------------------------------------------------------- /format/te/te.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2013 xvilka */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #ifndef _INCLUDE_R_BIN_TE_H_ 10 | #define _INCLUDE_R_BIN_TE_H_ 11 | 12 | #define R_BIN_TE_SCN_IS_SHAREABLE(x) x & TE_IMAGE_SCN_MEM_SHARED 13 | #define R_BIN_TE_SCN_IS_EXECUTABLE(x) x & TE_IMAGE_SCN_MEM_EXECUTE 14 | #define R_BIN_TE_SCN_IS_READABLE(x) x & TE_IMAGE_SCN_MEM_READ 15 | #define R_BIN_TE_SCN_IS_WRITABLE(x) x & TE_IMAGE_SCN_MEM_WRITE 16 | 17 | struct r_bin_te_section_t { 18 | ut8 name[TE_IMAGE_SIZEOF_NAME]; 19 | ut64 size; 20 | ut64 vsize; 21 | ut64 vaddr; 22 | ut64 paddr; 23 | ut64 flags; 24 | int last; 25 | }; 26 | 27 | struct r_bin_te_string_t { 28 | char string[TE_STRING_LENGTH]; 29 | ut64 vaddr; 30 | ut64 paddr; 31 | ut64 size; 32 | char type; 33 | int last; 34 | }; 35 | 36 | struct r_bin_te_obj_t { 37 | TE_image_file_header *header; 38 | TE_image_section_header *section_header; 39 | int size; 40 | int endian; 41 | const char* file; 42 | struct r_buf_t* b; 43 | Sdb *kv; 44 | }; 45 | 46 | char* r_bin_te_get_arch(struct r_bin_te_obj_t* bin); 47 | RBinAddr* r_bin_te_get_entrypoint(struct r_bin_te_obj_t* bin); 48 | ut64 r_bin_te_get_main_paddr(struct r_bin_te_obj_t *bin); 49 | ut64 r_bin_te_get_image_base(struct r_bin_te_obj_t* bin); 50 | int r_bin_te_get_image_size(struct r_bin_te_obj_t* bin); 51 | char* r_bin_te_get_machine(struct r_bin_te_obj_t* bin); 52 | int r_bin_te_get_bits(struct r_bin_te_obj_t* bin); 53 | char* r_bin_te_get_os(struct r_bin_te_obj_t* bin); 54 | struct r_bin_te_section_t* r_bin_te_get_sections(struct r_bin_te_obj_t* bin); 55 | char* r_bin_te_get_subsystem(struct r_bin_te_obj_t* bin); 56 | void* r_bin_te_free(struct r_bin_te_obj_t* bin); 57 | struct r_bin_te_obj_t* r_bin_te_new(const char* file); 58 | struct r_bin_te_obj_t* r_bin_te_new_buf(struct r_buf_t *buf); 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /format/p9/p9bin.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Binary loader for Plan 9's a.out executable format 3 | * 4 | * Copyright (C) 2008 Anant Narayanan 5 | */ 6 | struct plan9_exec { 7 | unsigned long magic; /* magic number */ 8 | unsigned long text; /* size of text segment */ 9 | unsigned long data; /* size of initialized data */ 10 | unsigned long bss; /* size of uninitialized data */ 11 | unsigned long syms; /* size of symbol table */ 12 | unsigned long entry; /* entry point */ 13 | unsigned long spsz; /* size of pc/sp offset table */ 14 | unsigned long pcsz; /* size of pc/line number table */ 15 | }; 16 | 17 | #define HDR_MAGIC 0x00008000 /* header expansion */ 18 | 19 | #define _MAGIC(f, b) ((f)|((((4*(b))+0)*(b))+7)) 20 | #define A_MAGIC _MAGIC(0, 8) /* 68020 */ 21 | #define I_MAGIC _MAGIC(0, 11) /* intel 386 */ 22 | #define J_MAGIC _MAGIC(0, 12) /* intel 960 (retired) */ 23 | #define K_MAGIC _MAGIC(0, 13) /* sparc */ 24 | #define V_MAGIC _MAGIC(0, 16) /* mips 3000 BE */ 25 | #define X_MAGIC _MAGIC(0, 17) /* att dsp 3210 (retired) */ 26 | #define M_MAGIC _MAGIC(0, 18) /* mips 4000 BE */ 27 | #define D_MAGIC _MAGIC(0, 19) /* amd 29000 (retired) */ 28 | #define E_MAGIC _MAGIC(0, 20) /* arm */ 29 | #define Q_MAGIC _MAGIC(0, 21) /* powerpc */ 30 | #define N_MAGIC _MAGIC(0, 22) /* mips 4000 LE */ 31 | #define L_MAGIC _MAGIC(0, 23) /* dec alpha */ 32 | #define P_MAGIC _MAGIC(0, 24) /* mips 3000 LE */ 33 | #define U_MAGIC _MAGIC(0, 25) /* sparc64 */ 34 | #define S_MAGIC _MAGIC(HDR_MAGIC, 26) /* amd64 */ 35 | #define T_MAGIC _MAGIC(HDR_MAGIC, 27) /* powerpc64 */ 36 | 37 | #define TOS_SIZE 14 /* Size of Top of Stack: 56 / 4 */ 38 | #define HDR_SIZE 0x20 39 | #define STR_ADDR 0x1000 /* Start Address */ 40 | #define TXT_ADDR HDR_SIZE + ex.text /* TEXT Address */ 41 | #define DAT_ADDR STR_ADDR + PAGE_ALIGN(TXT_ADDR) /* DATA&BSS Address */ 42 | 43 | /*---*/ 44 | 45 | #define p9bin_open(x) fopen(x,"r") 46 | #define p9bin_close(x) fclose(x) 47 | 48 | /* Reads four bytes from b. */ 49 | int r_bin_p9_get_arch(const unsigned char *b, int *bits, int *big_endian); 50 | -------------------------------------------------------------------------------- /format/vsf/vsf_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2015 riq */ 2 | #ifndef VSF_SPECS_H 3 | #define VSF_SPECS_H 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | /* Snapshot format for VICE: http://vice-emu.sourceforge.net/ */ 11 | 12 | R_PACKED ( 13 | struct vsf_hdr { 14 | char id[19]; /* "VICE Snapshot File" */ 15 | char major; 16 | char minor; 17 | char machine[16]; /* "C64" or "C128" or... */ 18 | }); 19 | 20 | R_PACKED ( 21 | struct vsf_module { 22 | char module_name[16]; /* looking for "C64MEM", ... */ 23 | char major; 24 | char minor; 25 | ut32 length; /* little endian */ 26 | }); 27 | 28 | R_PACKED ( 29 | struct vsf_maincpu { 30 | ut32 clk; /* CPU clock value */ 31 | ut8 ac; /* A */ 32 | ut8 xr; /* X */ 33 | ut8 yr; /* Y */ 34 | ut8 sp; /* stack pointer */ 35 | ut16 pc; /* program counter */ 36 | ut8 st; /* Status register */ 37 | ut32 lastopcode; /* ? */ 38 | ut32 ba_low_flags; /* ? */ 39 | }); 40 | 41 | R_PACKED ( 42 | struct vsf_c64mem { 43 | ut8 cpudata; /* CPU port data byte */ 44 | ut8 cpudir; /* CPU port direction byte */ 45 | ut8 exrom; /* state of the EXROM line (?) */ 46 | ut8 game; /* state of the GAME line (?) */ 47 | ut8 ram[1024 * 64]; /* 64k RAM dump */ 48 | }); 49 | 50 | R_PACKED ( 51 | struct vsf_c64rom { 52 | ut8 kernal[1024 * 8]; /* Kernal ROM */ 53 | ut8 basic[1024 * 8]; /* BASIC ROM */ 54 | ut8 chargen[1024 * 4]; /* Charset */ 55 | }); 56 | 57 | R_PACKED ( 58 | struct vsf_c128mem { 59 | ut8 mmu[12]; /* dump of the 12 MMU registers */ 60 | ut8 ram[1024 * 128]; /* 128k RAM dump: banks 0 and 1 */ 61 | }); 62 | 63 | R_PACKED ( 64 | struct vsf_c128rom { 65 | ut8 kernal[1024 * 8]; /* Kernal ROM */ 66 | ut8 basic[1024 * 32]; /* BASIC ROM */ 67 | ut8 editor[1024 * 4]; /* Dump of the editor ROM */ 68 | ut8 chargen[1024 * 4]; /* Charset */ 69 | }); 70 | 71 | /* Internal structure */ 72 | struct r_bin_vsf_obj { 73 | int machine_idx; /* 0=C64, 1=C128, ... see bin_vsf.c */ 74 | void* rom; /* ptr to C64/C128 rom */ 75 | void* mem; /* ptr to C64/C128 ram */ 76 | struct vsf_maincpu* maincpu; 77 | Sdb* kv; 78 | }; 79 | 80 | #endif /* VSF_SPECS_H */ 81 | 82 | -------------------------------------------------------------------------------- /format/bflt/bflt.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2016 - Oscar Salvador */ 2 | 3 | #include 4 | #include 5 | 6 | #include "bflt.h" 7 | 8 | #define READ(x, i) r_read_be32 ((x) + (i)); (i) += 4; 9 | 10 | RBinAddr *r_bflt_get_entry(struct r_bin_bflt_obj *bin) { 11 | RBinAddr *addr = R_NEW0 (RBinAddr); 12 | if (addr && bin && bin->hdr) { 13 | addr->paddr = bin->hdr->entry; 14 | } 15 | return addr; 16 | } 17 | 18 | static int bflt_init_hdr (struct r_bin_bflt_obj *bin) { 19 | struct bflt_hdr *p_hdr; 20 | ut8 bhdr[BFLT_HDR_SIZE] = {0}; 21 | int len, i = 0; 22 | 23 | len = r_buf_read_at (bin->b, 0, bhdr, BFLT_HDR_SIZE); 24 | if (len < 1) { 25 | eprintf ("Warning: read bFLT hdr failed\n"); 26 | goto fail; 27 | } 28 | 29 | if (strncmp ((const char *)bhdr, "bFLT", 4)) { 30 | eprintf ("Warning: wrong magic number in bFLT file\n"); 31 | goto fail; 32 | } 33 | p_hdr = R_NEW0 (struct bflt_hdr); 34 | if (!p_hdr) { 35 | eprintf ("Warning: couldn't allocate memory\n"); 36 | goto fail; 37 | } 38 | 39 | i += 4; 40 | p_hdr->rev = READ (bhdr, i); 41 | p_hdr->entry = READ (bhdr, i); 42 | p_hdr->data_start = READ (bhdr, i); 43 | p_hdr->data_end = READ (bhdr, i); 44 | p_hdr->bss_end = READ (bhdr, i); 45 | p_hdr->stack_size = READ (bhdr, i); 46 | p_hdr->reloc_start = READ (bhdr, i); 47 | p_hdr->reloc_count = READ (bhdr, i); 48 | p_hdr->flags = READ (bhdr, i); 49 | p_hdr->build_date = READ (bhdr, i); 50 | 51 | if (p_hdr->rev != FLAT_VERSION) { 52 | eprintf ("Warning: only v4 is supported!\n"); 53 | R_FREE (p_hdr); 54 | goto fail; 55 | } 56 | bin->hdr = p_hdr; 57 | return true; 58 | fail: 59 | return false; 60 | } 61 | 62 | static int r_bin_bflt_init(struct r_bin_bflt_obj *obj, RBuffer *buf) { 63 | if (!(obj->b = r_buf_new ())) { 64 | return false; 65 | } 66 | obj->size = buf->length; 67 | obj->endian = false; 68 | obj->reloc_table = NULL; 69 | obj->got_table = NULL; 70 | obj->n_got = 0; 71 | obj->hdr = NULL; 72 | 73 | if(!r_buf_set_bytes (obj->b, buf->buf, obj->size)) { 74 | r_buf_free (obj->b); 75 | return false; 76 | } 77 | if (!bflt_init_hdr (obj)) { 78 | return false; 79 | } 80 | return true; 81 | } 82 | 83 | struct r_bin_bflt_obj *r_bin_bflt_new_buf(struct r_buf_t *buf) { 84 | struct r_bin_bflt_obj *bin = R_NEW0 (struct r_bin_bflt_obj); 85 | if (bin && r_bin_bflt_init (bin, buf)) { 86 | return bin; 87 | } 88 | r_bin_bflt_free (bin); 89 | return NULL; 90 | } 91 | 92 | void r_bin_bflt_free(struct r_bin_bflt_obj *obj) { 93 | if (obj) { 94 | R_FREE (obj->hdr); 95 | R_FREE (obj->b); 96 | R_FREE (obj); 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /format/elf/elf_specs.h: -------------------------------------------------------------------------------- 1 | #undef Elf_ 2 | #undef Elf_Vword 3 | #undef ELF_ST_BIND 4 | #undef ELF_ST_TYPE 5 | #undef ELF_ST_INFO 6 | #undef ELF_ST_VISIBILITY 7 | #undef ELF_R_SYM 8 | #undef ELF_R_TYPE 9 | #undef ELF_R_INFO 10 | #undef ELF_M_SYM 11 | #undef ELF_M_SIZE 12 | #undef ELF_M_INFO 13 | 14 | #ifdef R_BIN_ELF64 15 | # define Elf_(name) Elf64_##name 16 | # define ELF_ST_BIND ELF64_ST_BIND 17 | # define ELF_ST_TYPE ELF64_ST_TYPE 18 | # define ELF_ST_INFO ELF64_ST_INFO 19 | # define ELF_ST_VISIBILITY ELF64_ST_VISIBILITY 20 | # define ELF_R_SYM ELF64_R_SYM 21 | # define ELF_R_TYPE ELF64_R_TYPE 22 | # define ELF_R_INFO ELF64_R_INFO 23 | # define ELF_M_SYM ELF64_M_SYM 24 | # define ELF_M_SIZE ELF64_M_SIZE 25 | # define ELF_M_INFO ELF64_M_INFO 26 | #else 27 | # define Elf_(name) Elf32_##name 28 | # define ELF_ST_BIND ELF32_ST_BIND 29 | # define ELF_ST_TYPE ELF32_ST_TYPE 30 | # define ELF_ST_INFO ELF32_ST_INFO 31 | # define ELF_ST_VISIBILITY ELF32_ST_VISIBILITY 32 | # define ELF_R_SYM ELF32_R_SYM 33 | # define ELF_R_TYPE ELF32_R_TYPE 34 | # define ELF_R_INFO ELF32_R_INFO 35 | # define ELF_M_SYM ELF32_M_SYM 36 | # define ELF_M_SIZE ELF32_M_SIZE 37 | # define ELF_M_INFO ELF32_M_INFO 38 | #endif 39 | 40 | /* MingW doesn't define __BEGIN_DECLS / __END_DECLS. */ 41 | #ifndef __BEGIN_DECLS 42 | # ifdef __cplusplus 43 | # define __BEGIN_DECLS extern "C" { 44 | # else 45 | # define __BEGIN_DECLS 46 | # endif 47 | #endif 48 | #ifndef __END_DECLS 49 | # ifdef __cplusplus 50 | # define __END_DECLS } 51 | # else 52 | # define __END_DECLS 53 | # endif 54 | #endif 55 | 56 | #include "glibc_elf.h" 57 | 58 | #ifndef _INCLUDE_ELF_SPECS_H 59 | #define _INCLUDE_ELF_SPECS_H 60 | 61 | #define ELF_STRING_LENGTH 256 62 | 63 | // not strictly ELF, but close enough: 64 | #define CGCMAG "\177CGC" 65 | #define SCGCMAG 4 66 | 67 | #define ELFOSABI_HURD 4 /* GNU/HURD */ 68 | #define ELFOSABI_86OPEN 5 /* 86open */ 69 | #define ELFOSABI_OPENVMS 13 /* OpenVMS */ 70 | #define ELFOSABI_ARM_AEABI 64 /* ARM EABI */ 71 | 72 | #define EM_BLACKFIN 106 /* Analog Devices Blackfin */ 73 | #define EM_MCST_ELBRUS 175 74 | #define EM_PROPELLER 0x5072 75 | #define EM_RISCV 243 76 | #define EM_LANAI 0x8123 77 | #define EM_VIDEOCORE 95 // XXX dupe for EM_NUM 78 | #define EM_VIDEOCORE3 137 79 | #define EM_VIDEOCORE4 200 80 | #define EM_MSP430 0x69 81 | 82 | 83 | #endif // _INCLUDE_ELF_SPECS_H 84 | -------------------------------------------------------------------------------- /scripts/machtraps.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | """ 5 | Example usage to regenerate traps.json: 6 | - open the dyld cache in r2 like this: 7 | R_DYLDCACHE_FILTER=libsystem_kernel r2 -e bin.usextr=false ~/Library/Developer/Xcode/iOS\ DeviceSupport/12.1.2\ \(16C101\)\ arm64e/Symbols/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64e 8 | 9 | - run the script with this command: 10 | #!pipe python2 /path/to/this/script.py > traps.json 11 | 12 | """ 13 | 14 | import r2pipe, json, re 15 | 16 | r = r2pipe.open('#!pipe') 17 | 18 | def walk_back_until (addr, pattern, min_addr): 19 | cursor = addr 20 | while cursor >= min_addr: 21 | op = r.cmdj('aoj@' + str(cursor))[0]['opcode'] 22 | if re.search(pattern, op) != None: 23 | return cursor + 4 24 | if re.search(r'^ret', op) != None: 25 | return cursor + 4 26 | if re.search(r'^b ', op) != None: 27 | return cursor + 4 28 | cursor -= 4 29 | 30 | return min_addr 31 | 32 | def carve_trap_num (addr, flag): 33 | saved_seek = r.cmd('?v $$') 34 | r.cmd('e io.cache=true') 35 | r.cmd('e emu.write=true') 36 | r.cmd('aei') 37 | r.cmd('aeim') 38 | min_addr = int(r.cmd('?v ' + flag), 0) 39 | emu_start = walk_back_until(addr - 4, r'^b|^ret|^invalid', min_addr) 40 | r.cmd('s ' + str(emu_start)) 41 | obj = r.cmd('aefa 0x%08x~[0]:0' % addr) 42 | r.cmd('s ' + saved_seek) 43 | val = r.cmdj('pv4j@%s+0x14' % obj)['value'] 44 | if val == 0: 45 | val = r.cmdj('pv4j@%s+0x18' % obj)['value'] 46 | return val 47 | 48 | def beautify_name (name): 49 | return re.sub(r'^_', '', name) 50 | 51 | def carve_traps (): 52 | msgs = r.cmdj('axtj sym._mach_msg') 53 | if len(msgs) == 0: 54 | r.cmd('s sym._mach_msg') 55 | r.cmd('aae $SS @ $S') 56 | r.cmd('s-') 57 | msgs = r.cmdj('axtj sym._mach_msg') 58 | if len(msgs) == 0: 59 | print 'Cannot find refs to mach_msg!' 60 | return 61 | 62 | traps = {} 63 | for ref in msgs: 64 | if ref['type'] != 'CALL' or 'realname' not in ref: 65 | continue 66 | name = ref['realname'] 67 | if re.search(r'^_mach_msg', name) != None: 68 | continue 69 | addr = ref['from'] 70 | traps[addr] = { 71 | 'name': name 72 | } 73 | 74 | result = [] 75 | for addr in traps: 76 | trap = traps[addr] 77 | flag = 'sym.%s' % trap['name'] 78 | trap['name'] = beautify_name(trap['name']) 79 | trap['num'] = carve_trap_num(addr, flag) 80 | if trap['num'] != None: 81 | result.append(trap) 82 | 83 | result.sort(key=lambda x: x['num']) 84 | 85 | return result 86 | 87 | if __name__ == '__main__': 88 | traps = carve_traps() 89 | print json.dumps(traps, indent=4) 90 | -------------------------------------------------------------------------------- /format/nes/nes_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - 2015 - maijin */ 2 | 3 | //CPU_memory_map: http://wiki.nesdev.com/w/index.php/CPU_memory_map 4 | 5 | #ifndef _NES_H 6 | #define _NES_H 7 | 8 | #define INES_MAGIC "\x4E\x45\x53\x1A" 9 | 10 | #define PRG_PAGE_SIZE 0x4000 11 | #define CHR_PAGE_SIZE 0x2000 12 | #define INES_HDR_SIZE sizeof (ines_hdr) 13 | 14 | #define RAM_START_ADDRESS 0x0000 15 | #define RAM_SIZE 0x0800 16 | 17 | #define RAM_MIRROR_1_ADDRESS 0x0800 18 | #define RAM_MIRROR_1_SIZE 0x0800 19 | 20 | #define RAM_MIRROR_2_ADDRESS 0x1000 21 | #define RAM_MIRROR_2_SIZE 0x0800 22 | 23 | #define RAM_MIRROR_3_ADDRESS 0x1800 24 | #define RAM_MIRROR_3_SIZE 0x0800 25 | 26 | #define PPU_REG_ADDRESS 0x2000 27 | #define PPU_REG_SIZE 0x0008 28 | 29 | #define APU_AND_IOREGS_START_ADDRESS 0x4000 30 | #define APU_AND_IOREGS_SIZE 0x0020 31 | 32 | #define SRAM_START_ADDRESS 0x6000 33 | #define SRAM_SIZE 0x2000 34 | 35 | #define ROM_START_ADDRESS 0x8000 36 | #define ROM_SIZE 0x8000 37 | 38 | #define NMI_VECTOR_START_ADDRESS 0xFFFA 39 | #define RESET_VECTOR_START_ADDRESS 0xFFFC 40 | #define IRQ_VECTOR_START_ADDRESS 0xFFFE 41 | 42 | #define PPU_CTRL_REG1 0x2000 43 | #define PPU_CTRL_REG2 0x2001 44 | #define PPU_STATUS 0x2002 45 | #define PPU_SPR_ADDR 0x2003 46 | #define PPU_SPR_DATA 0x2004 47 | #define PPU_SCROLL_REG 0x2005 48 | #define PPU_ADDRESS 0x2006 49 | #define PPU_DATA 0x2007 50 | 51 | #define SND_REGISTER 0x4000 52 | #define SND_SQUARE1_REG 0x4000 53 | #define SND_SQUARE2_REG 0x4004 54 | #define SND_TRIANGLE_REG 0x4008 55 | #define SND_NOISE_REG 0x400c 56 | #define SND_DELTA_REG 0x4010 57 | #define SND_MASTERCTRL_REG 0x4015 58 | 59 | #define SPR_DMA 0x4014 60 | #define JOYPAD_PORT 0x4016 61 | #define JOYPAD_PORT1 0x4016 62 | #define JOYPAD_PORT2 0x4017 63 | 64 | R_PACKED ( 65 | typedef struct { 66 | char id[0x4]; // NES\x1A 67 | ut8 prg_page_count_16k; // number of PRG-ROM pages 68 | ut8 chr_page_count_8k; // number of CHR-ROM pages 69 | ut8 rom_control_byte_0; // flags describing ROM image 70 | ut8 rom_control_byte_1; // flags describing ROM image 71 | ut8 ram_bank_count_8k; // size of PRG RAM 72 | ut8 reserved[7]; // zero filled 73 | }) ines_hdr; 74 | 75 | #endif // _NES_H 76 | -------------------------------------------------------------------------------- /format/dex/dex.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #define R_BIN_DEX_MAXSTR 256 7 | #define DEX_CLASS_SIZE (32) 8 | 9 | R_PACKED( 10 | typedef struct dex_header_t { 11 | ut8 magic[8]; 12 | ut32 checksum; 13 | ut8 signature[20]; 14 | ut32 size; 15 | ut32 header_size; 16 | ut32 endian; 17 | ut32 linksection_size; 18 | ut32 linksection_offset; 19 | ut32 map_offset; 20 | ut32 strings_size; 21 | ut32 strings_offset; 22 | ut32 types_size; 23 | ut32 types_offset; 24 | ut32 prototypes_size; 25 | ut32 prototypes_offset; 26 | ut32 fields_size; 27 | ut32 fields_offset; 28 | ut32 method_size; 29 | ut32 method_offset; 30 | ut32 class_size; 31 | ut32 class_offset; 32 | ut32 data_size; 33 | ut32 data_offset; 34 | }) DexHeader; 35 | 36 | R_PACKED( 37 | typedef struct dex_proto_t { 38 | ut32 shorty_id; 39 | ut32 return_type_id; 40 | ut32 parameters_off; 41 | }) DexProto; 42 | 43 | typedef struct dex_type_t { 44 | ut32 descriptor_id; 45 | } DexType; 46 | 47 | // #pragma pack(1) 48 | typedef struct dex_field_t { 49 | ut16 class_id; 50 | ut16 type_id; 51 | ut32 name_id; 52 | } DexField; 53 | 54 | R_PACKED( 55 | typedef struct dex_method_t { 56 | ut16 class_id; 57 | ut16 proto_id; 58 | ut32 name_id; 59 | }) RBinDexMethod; 60 | 61 | R_PACKED( 62 | typedef struct dex_class_t { 63 | ut32 class_id; // index into typeids 64 | ut32 access_flags; 65 | ut32 super_class; 66 | ut32 interfaces_offset; 67 | ut32 source_file; 68 | ut32 anotations_offset; 69 | ut32 class_data_offset; 70 | ut32 static_values_offset; 71 | struct dex_class_data_item_t *class_data; 72 | }) RBinDexClass; 73 | 74 | R_PACKED( 75 | typedef struct dex_class_data_item_t { 76 | ut64 static_fields_size; 77 | ut64 instance_fields_size; 78 | ut64 direct_methods_size; 79 | ut64 virtual_methods_size; 80 | }) RBinDexClassData; 81 | 82 | typedef struct r_bin_dex_obj_t { 83 | int size; 84 | const char *file; 85 | RBuffer *b; 86 | struct dex_header_t header; 87 | ut32 *strings; 88 | struct dex_type_t *types; 89 | struct dex_proto_t *protos; 90 | struct dex_field_t *fields; 91 | struct dex_method_t *methods; 92 | struct dex_class_t *classes; 93 | RList *methods_list; 94 | RList *imports_list; 95 | RList *classes_list; 96 | RList *lines_list; 97 | ut64 code_from; 98 | ut64 code_to; 99 | char *version; 100 | Sdb *kv; 101 | } RBinDexObj; 102 | 103 | struct r_bin_dex_str_t { 104 | char str[R_BIN_DEX_MAXSTR]; 105 | ut64 offset; 106 | ut64 ordinal; 107 | int size; 108 | int last; 109 | }; 110 | 111 | struct dex_encoded_type_addr_pair_t { 112 | ut64 type_idx; 113 | ut64 addr; 114 | }; 115 | 116 | struct dex_encoded_catch_handler_t { 117 | st64 size; 118 | struct dex_encoded_type_addr_pair_t *handlers; 119 | ut64 catch_all_addr; 120 | }; 121 | 122 | struct dex_debug_position_t { 123 | ut32 source_file_idx; 124 | ut64 address; 125 | ut64 line; 126 | }; 127 | 128 | struct dex_debug_local_t { 129 | const char *name; 130 | const char *descriptor; 131 | const char *signature; 132 | ut16 startAddress; 133 | bool live; 134 | int reg; 135 | ut16 endAddress; 136 | }; 137 | 138 | char* r_bin_dex_get_version(struct r_bin_dex_obj_t* bin); 139 | struct r_bin_dex_obj_t *r_bin_dex_new_buf(struct r_buf_t *buf); 140 | struct r_bin_dex_str_t *r_bin_dex_get_strings (struct r_bin_dex_obj_t* bin); 141 | 142 | int dex_read_uleb128 (const ut8 *ptr, int size); 143 | int dex_read_sleb128 (const char *ptr, int size); 144 | int dex_uleb128_len (const ut8 *ptr, int size); 145 | -------------------------------------------------------------------------------- /format/nin/nin.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | enum{ 5 | GB_SGB = 3 6 | ,GB_GBC = 0x80 7 | }; 8 | 9 | enum{ 10 | GB_ROM 11 | ,GB_ROM_MBC1 12 | ,GB_ROM_MBC1_RAM 13 | ,GB_ROM_MBC1_RAM_BAT 14 | ,GB_ROM_MBC2 = 0x5 15 | ,GB_ROM_MBC2_BAT 16 | ,GB_ROM_RAM = 0x8 17 | ,GB_ROM_RAM_BAT 18 | ,GB_ROM_MMM0 = 0xb 19 | ,GB_ROM_MMM0_SRAM 20 | ,GB_ROM_MMM0_SRAM_BAT 21 | ,GB_ROM_MBC3_TIMER_BAT = 0xf 22 | ,GB_ROM_MBC3_TIMER_RAM_BAT 23 | ,GB_ROM_MBC3 24 | ,GB_ROM_MBC3_RAM 25 | ,GB_ROM_MBC3_RAM_BAT 26 | ,GB_ROM_MBC5 = 0x19 27 | ,GB_ROM_MBC5_RAM 28 | ,GB_ROM_MBC5_RAM_BAT 29 | ,GB_ROM_MBC5_RMBL 30 | ,GB_ROM_MBC5_RMBL_SRAM 31 | ,GB_ROM_MBC5_RMBL_SRAM_BAT 32 | ,GB_CAM 33 | ,GB_TAMA5 = 0xfd 34 | ,GB_HUC3 35 | ,GB_HUC1 36 | }; 37 | 38 | enum{ 39 | GB_ROM_BANKS_2 40 | ,GB_ROM_BANKS_4 41 | ,GB_ROM_BANKS_8 42 | ,GB_ROM_BANKS_16 43 | ,GB_ROM_BANKS_32 44 | ,GB_ROM_BANKS_64 45 | ,GB_ROM_BANKS_128 46 | ,GB_ROM_BANKS_72 = 0x52 47 | ,GB_ROM_BANKS_80 48 | ,GB_ROM_BANKS_96 49 | }; 50 | 51 | enum{ 52 | GB_NO_RAM 53 | ,GB_RAM_2 54 | ,GB_RAM_8 55 | ,GB_RAM_32 56 | ,GB_RAM_128 57 | }; 58 | 59 | const ut8 lic[]={ 60 | 0xce, 0xed, 0x66, 0x66, 0xcc, 0x0d, 0x00, 0x0b, 0x03, 0x73, 0x00, 61 | 0x83, 0x00, 0x0c, 0x00, 0x0d, 0x00, 0x08, 0x11, 0x1f, 0x88, 0x89, 62 | 0x00, 0x0e, 0xdc, 0xcc, 0x6e, 0xe6, 0xdd, 0xdd, 0xd9, 0x99, 0xbb, 63 | 0xbb, 0x67, 0x63, 0x6e, 0x0e, 0xec, 0xcc, 0xdd, 0xdc, 0x99, 0x9f, 64 | 0xbb, 0xb9, 0x33, 0x3e}; 65 | 66 | 67 | const char *gb_card_type_str[]={ 68 | "ROM", 69 | "ROM+MBC1", 70 | "ROM+MBC1+RAM", 71 | "ROM+MBC1+RAM+BAT", 72 | "XXX", 73 | "ROM+MBC2", 74 | "ROM+MBC2+BAT", 75 | "XXX", 76 | "ROM+RAM", 77 | "ROM+RAM+BAT", 78 | "XXX", 79 | "ROM+MMM0", 80 | "ROM+MMM0+SRAM", 81 | "ROM+MMM0+SRAM+BAT", 82 | "XXX", 83 | "ROM+MBC3+TIMER+BAT", 84 | "ROM+MBC3+TIMER+RAM+BAT", 85 | "ROM+MBC3", 86 | "ROM+MBC3+RAM", 87 | "ROM+MBC3+RAM+BAT", 88 | "TAMA5", 89 | "HUC3", 90 | "HUC1", 91 | "XXX", //mbc4? 92 | "XXX", 93 | "ROM+MBC5", 94 | "ROM+MBC5+RAM", 95 | "ROM+MBC5+RAM+BAT", 96 | "ROM+MBC5+RUMBLE", 97 | "ROM+MBC5+RUMBLE+SRAM", 98 | "ROM+MBC5+RUMBLE+SRAM+BAT", 99 | "CAM" 100 | }; 101 | 102 | void gb_add_cardtype(char *type, ut8 cardcode){ 103 | strcat (type,"\ncard\t"); 104 | switch (cardcode){ 105 | case GB_TAMA5: 106 | case GB_HUC3: 107 | case GB_HUC1: 108 | strcat (type,gb_card_type_str[cardcode-240]); 109 | break; 110 | case 0x15: 111 | case 0x16: 112 | case 0x17: 113 | strcat (type,"XXX"); 114 | break; 115 | default: 116 | if (cardcode>GB_CAM) { 117 | strcat (type,"XXX"); 118 | return; 119 | } 120 | strcat (type,gb_card_type_str[cardcode]); 121 | break; 122 | } 123 | } 124 | 125 | int gb_get_rombanks(ut8 id){ 126 | switch (id){ 127 | case GB_ROM_BANKS_2: 128 | return 2; 129 | case GB_ROM_BANKS_4: 130 | return 4; 131 | case GB_ROM_BANKS_8: 132 | return 8; 133 | case GB_ROM_BANKS_16: 134 | return 16; 135 | case GB_ROM_BANKS_32: 136 | return 32; 137 | case GB_ROM_BANKS_64: 138 | return 64; 139 | case GB_ROM_BANKS_128: 140 | return 128; 141 | case GB_ROM_BANKS_72: 142 | return 72; 143 | case GB_ROM_BANKS_80: 144 | return 80; 145 | case GB_ROM_BANKS_96: 146 | return 96; 147 | } 148 | return 2; 149 | } 150 | 151 | 152 | void gb_get_gbtype(char *type, ut8 foo, ut8 bar){ 153 | if (foo==GB_SGB) { 154 | strcpy (type, "SuperGameboy-Rom"); 155 | } else { 156 | if (bar==GB_GBC) { 157 | strcpy (type, "GameboyColor-Rom"); 158 | } else { 159 | strcpy (type, "Gameboy-Rom"); 160 | } 161 | } 162 | } 163 | -------------------------------------------------------------------------------- /format/te/te_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2013 nibble, xvilka */ 2 | 3 | #undef TE_ 4 | #undef TE_Word 5 | #undef TE_DWord 6 | #undef TE_VWord 7 | 8 | #define TE_Word ut16 9 | #define TE_DWord ut64 10 | #define TE_VWord ut32 11 | 12 | #ifndef _INCLUDE_R_BIN_TE_SPECS_H_ 13 | #define _INCLUDE_R_BIN_TE_SPECS_H_ 14 | 15 | #define TE_NAME_LENGTH 256 16 | #define TE_STRING_LENGTH 256 17 | 18 | #define TE_IMAGE_FILE_MACHINE_UNKNOWN 0x0000 19 | #define TE_IMAGE_FILE_MACHINE_ALPHA 0x0184 20 | #define TE_IMAGE_FILE_MACHINE_ALPHA64 0x0284 21 | #define TE_IMAGE_FILE_MACHINE_AM33 0x01d3 22 | #define TE_IMAGE_FILE_MACHINE_AMD64 0x8664 23 | #define TE_IMAGE_FILE_MACHINE_ARM 0x01c0 24 | #define TE_IMAGE_FILE_MACHINE_AXP64 TE_IMAGE_FILE_MACHINE_ALPHA64 25 | #define TE_IMAGE_FILE_MACHINE_CEE 0xc0ee 26 | #define TE_IMAGE_FILE_MACHINE_CEF 0x0cef 27 | #define TE_IMAGE_FILE_MACHINE_EBC 0x0ebc 28 | #define TE_IMAGE_FILE_MACHINE_I386 0x014c 29 | #define TE_IMAGE_FILE_MACHINE_IA64 0x0200 30 | #define TE_IMAGE_FILE_MACHINE_M32R 0x9041 31 | #define TE_IMAGE_FILE_MACHINE_M68K 0x0268 32 | #define TE_IMAGE_FILE_MACHINE_MIPS16 0x0266 33 | #define TE_IMAGE_FILE_MACHINE_MIPSFPU 0x0366 34 | #define TE_IMAGE_FILE_MACHINE_MIPSFPU16 0x0466 35 | #define TE_IMAGE_FILE_MACHINE_POWERPC 0x01f0 36 | #define TE_IMAGE_FILE_MACHINE_POWERPCFP 0x01f1 37 | #define TE_IMAGE_FILE_MACHINE_R10000 0x0168 38 | #define TE_IMAGE_FILE_MACHINE_R3000 0x0162 39 | #define TE_IMAGE_FILE_MACHINE_R4000 0x0166 40 | #define TE_IMAGE_FILE_MACHINE_SH3 0x01a2 41 | #define TE_IMAGE_FILE_MACHINE_SH3DSP 0x01a3 42 | #define TE_IMAGE_FILE_MACHINE_SH3E 0x01a4 43 | #define TE_IMAGE_FILE_MACHINE_SH4 0x01a6 44 | #define TE_IMAGE_FILE_MACHINE_SH5 0x01a8 45 | #define TE_IMAGE_FILE_MACHINE_THUMB 0x01c2 46 | #define TE_IMAGE_FILE_MACHINE_TRICORE 0x0520 47 | #define TE_IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 48 | 49 | #define TE_IMAGE_DIRECTORY_ENTRIES 2 50 | 51 | #define TE_IMAGE_DIRECTORY_ENTRY_BASERELOC 0 52 | #define TE_IMAGE_DIRECTORY_ENTRY_DEBUG 1 53 | 54 | #define TE_IMAGE_SUBSYSTEM_UNKNOWN 0 55 | #define TE_IMAGE_SUBSYSTEM_NATIVE 1 56 | #define TE_IMAGE_SUBSYSTEM_WINDOWS_GUI 2 57 | #define TE_IMAGE_SUBSYSTEM_WINDOWS_CUI 3 58 | #define TE_IMAGE_SUBSYSTEM_POSIX_CUI 7 59 | #define TE_IMAGE_SUBSYSTEM_WINDOWS_CE_GUI 9 60 | #define TE_IMAGE_SUBSYSTEM_EFI_APPLICATION 10 61 | #define TE_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER 11 62 | #define TE_IMAGE_SUBSYSTEM_EFI_RUNTIME_DRIVER 12 63 | #define TE_IMAGE_SUBSYSTEM_EFI_ROM 13 64 | #define TE_IMAGE_SUBSYSTEM_XBOX 14 65 | 66 | 67 | typedef struct { 68 | ut32 VirtualAddress; 69 | ut32 Size; 70 | } efi_image_data_directory; 71 | 72 | typedef struct { 73 | ut16 Signature; 74 | ut16 Machine; 75 | ut8 NumberOfSections; 76 | ut8 Subsystem; 77 | ut16 StrippedSize; 78 | ut32 AddressOfEntryPoint; 79 | ut32 BaseOfCode; 80 | ut64 ImageBase; 81 | efi_image_data_directory DataDirectory[2]; 82 | } TE_image_file_header; 83 | 84 | #define TE_IMAGE_SIZEOF_NAME 8 85 | 86 | #define TE_IMAGE_SCN_MEM_SHARED 0x10000000 87 | #define TE_IMAGE_SCN_MEM_EXECUTE 0x20000000 88 | #define TE_IMAGE_SCN_MEM_READ 0x40000000 89 | #define TE_IMAGE_SCN_MEM_WRITE 0x80000000 90 | 91 | typedef struct { 92 | ut8 Name[TE_IMAGE_SIZEOF_NAME]; 93 | ut32 VirtualSize; 94 | ut32 VirtualAddress; 95 | ut32 SizeOfRawData; 96 | ut32 PointerToRawData; 97 | ut32 PointerToRelocations; 98 | ut32 PointerToLineNumbers; 99 | ut16 NumberOfRelocations; 100 | ut16 NumberOfLinenumbers; 101 | ut32 Characteristics; 102 | } TE_image_section_header; 103 | 104 | #endif 105 | -------------------------------------------------------------------------------- /format/omf/omf_specs.h: -------------------------------------------------------------------------------- 1 | #ifndef OMF_SPECS_H_ 2 | #define OMF_SPECS_H_ 3 | 4 | // additionnal informations : http://pierrelib.pagesperso-orange.fr/exec_formats/OMF_v1.1.pdf 5 | 6 | // record type 7 | #define OMF_THEADR 0x80 // Translator Header Record 8 | #define OMF_LHEADR 0x82 // Library Module Header Record 9 | #define OMF_COMENT 0x88 // Comment Record (Including all comment class extensions) 10 | #define OMF_MODEND 0x8A // Module End Record 16 bits 11 | #define OMF_MODEND32 0x8B // Module End Record 32 bits 12 | #define OMF_EXTDEF 0x8C // External Names Definition Record 13 | #define OMF_PUBDEF 0x90 // Public Names Definition Record 16 bits 14 | #define OMF_PUBDEF32 0x91 // Public Names Definition Record 32 bits 15 | #define OMF_LINNUM 0x94 // Line Numbers Record 16 bits 16 | #define OMF_LINNUM32 0x95 // Line Numbers Record 32 bits 17 | #define OMF_LNAMES 0x96 // List of Names Record 18 | #define OMF_SEGDEF 0x98 // Segment Definition Record bits 16 19 | #define OMF_SEGDEF32 0x99 // Segment Definition Record bits 32 20 | #define OMF_GRPDEF 0x9A // Group Definition Record 21 | #define OMF_FIXUPP 0x9C // Fixup Record 16 bits 22 | #define OMF_FIXUPP32 0x9D // Fixup Record 32 bits 23 | #define OMF_LEDATA 0xA0 // Logical Enumerated Data Record 16 bits 24 | #define OMF_LEDATA32 0xA1 // Logical Enumerated Data Record 32 bits 25 | #define OMF_LIDATA 0xA2 // Logical Iterated Data Record 16 bits 26 | #define OMF_LIDATA32 0xA3 // Logical Iterated Data Record 32 bits 27 | #define OMF_COMDEF 0xB0 // Communal Names Definition Record 28 | #define OMF_BAKPAT 0xB2 // Backpatch Record 16 bits 29 | #define OMF_BAKPAT32 0xB3 // Backpatch Record 32 bits 30 | #define OMF_LEXTDEF 0xB4 // Local External Names Definition Record 31 | #define OMF_LPUBDEF 0xB6 // Local Public Names Definition Record 16 bits 32 | #define OMF_LPUBDEF32 0xB7 // Local Public Names Definition Record 32 bits 33 | #define OMF_LCOMDEF 0xB8 // Local Communal Names Definition Record 34 | #define OMF_CEXTDEF 0xBC // COMDAT External Names Definition Record 35 | #define OMF_COMDAT 0xC2 // Initialized Communal Data Record 16 bits 36 | #define OMF_COMDAT32 0xC3 // Initialized Communal Data Record 32 bits 37 | #define OMF_LINSYM 0xC4 // Symbol Line Numbers Record 16 bits 38 | #define OMF_LINSYM32 0xC5 // Symbol Line Numbers Record 32 bits 39 | #define OMF_ALIAS 0xC6 // Alias Definition Record 40 | #define OMF_NBKPAT 0xC8 // Named Backpatch Record 16 bits 41 | #define OMF_NBKPAT32 0xC9 // Named Backpatch Record 32 bits 42 | #define OMF_LLNAMES 0xCA // Local Logical Names Definition Record 43 | #define OMF_VERNUM 0xCC // OMF Version Number Record 44 | #define OMF_VENDEXT 0xCE // Vendor-specific OMF Extension Record 45 | 46 | // comment type 47 | #define OMF_COMENT_EXT 0xA0 // OMF extensions 48 | #define OMF_COMENT_NEW_EXT 0xA1 // OMF new extensions 49 | #define OMF_COMENT_LINK_SEP 0xA2 // Link Pass Separator 50 | #define OMF_COMENT_LIBMOD 0xA3 // Library module comment record 51 | #define OMF_COMENT_EXESTR 0xA4 // executable string 52 | #define OMF_COMENT_INCERR 0xA6 // Incremental compilation error 53 | #define OMF_COMENT_NOPAD 0xA7 // No segment padding 54 | #define OMF_COMENT_WKEXT 0xA8 // Weak Extern record 55 | #define OMF_COMENT_LZEXT 0xA9 // Lazy Extern record 56 | #define OMF_COMENT_COMMENT 0xDA // random comment 57 | #define OMF_COMENT_COMPIL 0xDB // compiler comment (version number) 58 | #define OMF_COMENT_DATE 0xDC // date 59 | #define OMF_COMENT_TIMESTAMP 0xDD // timestamp 60 | #define OMF_COMENT_USER 0xDF // user's comment 61 | #define OMF_COMENT_DEP_FILE 0xE9 // Borland : Show include file needed for building 62 | #define OMF_COMENT_CMD_LINE 0xFF // Microsoft QuickC : Shows the compiler options chosen 63 | 64 | // comment extensions subtype 65 | #define OMF_COMENT_EXT_IMPDEF 0x01 // Import definition record 66 | #define OMF_COMENT_EXT_EXPDEF 0x02 // Export definition record 67 | #define OMF_COMENT_EXT_INCDEF 0x03 // Incremental compilation record 68 | #define OMF_COMENT_EXT_PMEM_LIB 0x04 // Protect loading for 32 bits library 69 | #define OMF_COMENT_EXT_LNKDIR 0x05 // Microsoft C++ linker directives record 70 | #define OMF_COMENT_EXT_BIG_E 0x06 // Target machine is big endian 71 | 72 | typedef struct { 73 | ut8 type; 74 | ut16 size; 75 | void *content; 76 | ut8 checksum; 77 | } OMF_record; 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /format/mach0/fatmach0.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2010-2013 - nibble */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "fatmach0.h" 7 | 8 | static int r_bin_fatmach0_init(struct r_bin_fatmach0_obj_t* bin) { 9 | ut32 size; 10 | ut32 i; 11 | ut8 hdrbytes[sizeof (struct fat_header)] = {0}; 12 | int len = r_buf_read_at (bin->b, 0, &hdrbytes[0], sizeof (struct fat_header)); 13 | if (len != sizeof (struct fat_header)) { 14 | perror ("read (fat_header)"); 15 | return false; 16 | } 17 | bin->hdr.magic = r_read_be32 (&hdrbytes[0]); 18 | bin->hdr.nfat_arch = r_read_be32 (&hdrbytes[4]); 19 | bin->nfat_arch = bin->hdr.nfat_arch; 20 | if (sizeof (struct fat_header) + bin->nfat_arch * 21 | sizeof (struct fat_arch) > bin->size) { 22 | return false; 23 | } 24 | if (bin->hdr.magic != FAT_MAGIC || !bin->nfat_arch || bin->nfat_arch < 1) { 25 | eprintf ("Endian FAT_MAGIC failed (?)\n"); 26 | return false; 27 | } 28 | size = bin->nfat_arch * sizeof (struct fat_arch); 29 | if (size < bin->nfat_arch) { 30 | return false; 31 | } 32 | if (!(bin->archs = malloc (size))) { 33 | perror ("malloc (fat_arch)"); 34 | return false; 35 | } 36 | for (i = 0; i < bin->nfat_arch; i++) { 37 | ut8 archbytes[sizeof (struct fat_arch)] = {0}; 38 | len = r_buf_read_at (bin->b, 8 + i * sizeof (struct fat_arch), &archbytes[0], sizeof (struct fat_arch)); 39 | if (len != sizeof (struct fat_arch)) { 40 | perror ("read (fat_arch)"); 41 | R_FREE (bin->archs); 42 | return false; 43 | } 44 | bin->archs[i].cputype = r_read_be32 (&archbytes[0]); 45 | bin->archs[i].cpusubtype = r_read_be32 (&archbytes[4]); 46 | bin->archs[i].offset = r_read_be32 (&archbytes[8]); 47 | bin->archs[i].size = r_read_be32 (&archbytes[12]); 48 | bin->archs[i].align = r_read_be32 (&archbytes[16]); 49 | } 50 | return true; 51 | } 52 | 53 | struct r_bin_fatmach0_arch_t *r_bin_fatmach0_extract(struct r_bin_fatmach0_obj_t* bin, int idx, int *narch) { 54 | struct r_bin_fatmach0_arch_t *ret; 55 | ut8 *buf = NULL; 56 | 57 | if (!bin || (idx < 0) || (idx > bin->nfat_arch)) { 58 | return NULL; 59 | } 60 | if (bin->archs[idx].offset > bin->size || 61 | bin->archs[idx].offset + bin->archs[idx].size > bin->size) { 62 | return NULL; 63 | } 64 | 65 | if (narch) { 66 | *narch = bin->nfat_arch; 67 | } 68 | if (!(ret = R_NEW0 (struct r_bin_fatmach0_arch_t))) { 69 | perror ("malloc (ret)"); 70 | return NULL; 71 | } 72 | if (!bin->archs[idx].size || bin->archs[idx].size > bin->size) { 73 | eprintf ("Skipping corrupted sub-bin %d arch %d\n", idx, bin->archs[idx].size); 74 | free (ret); 75 | return NULL; 76 | } 77 | if (!(buf = malloc (1 + bin->archs[idx].size))) { 78 | perror ("malloc (buf)"); 79 | free (ret); 80 | return NULL; 81 | } 82 | if (r_buf_read_at (bin->b, bin->archs[idx].offset, buf, bin->archs[idx].size) != bin->archs[idx].size) { 83 | perror ("read (buf)"); 84 | free (buf); 85 | free (ret); 86 | return NULL; 87 | } 88 | if (!(ret->b = r_buf_new ())) { 89 | free (buf); 90 | free (ret); 91 | return NULL; 92 | } 93 | if (!r_buf_set_bytes (ret->b, buf, bin->archs[idx].size)) { 94 | free (buf); 95 | r_buf_free (ret->b); 96 | free (ret); 97 | return NULL; 98 | } 99 | free (buf); 100 | ret->offset = bin->archs[idx].offset; 101 | ret->size = bin->archs[idx].size; 102 | return ret; 103 | } 104 | 105 | void* r_bin_fatmach0_free(struct r_bin_fatmach0_obj_t* bin) { 106 | if (!bin) { 107 | return NULL; 108 | } 109 | free (bin->archs); 110 | r_buf_free (bin->b); 111 | R_FREE (bin); 112 | return NULL; 113 | } 114 | 115 | struct r_bin_fatmach0_obj_t* r_bin_fatmach0_new(const char* file) { 116 | ut8 *buf; 117 | struct r_bin_fatmach0_obj_t *bin = R_NEW0 (struct r_bin_fatmach0_obj_t); 118 | if (!bin) { 119 | return NULL; 120 | } 121 | bin->file = file; 122 | if (!(buf = (ut8*)r_file_slurp (file, &bin->size))) { 123 | return r_bin_fatmach0_free (bin); 124 | } 125 | bin->b = r_buf_new (); 126 | if (!r_buf_set_bytes (bin->b, buf, bin->size)) { 127 | free (buf); 128 | return r_bin_fatmach0_free (bin); 129 | } 130 | free (buf); 131 | if (!r_bin_fatmach0_init (bin)) { 132 | return r_bin_fatmach0_free (bin); 133 | } 134 | return bin; 135 | } 136 | 137 | struct r_bin_fatmach0_obj_t* r_bin_fatmach0_from_bytes_new(const ut8* buf, ut64 size) { 138 | struct r_bin_fatmach0_obj_t *bin = R_NEW0 (struct r_bin_fatmach0_obj_t); 139 | if (!bin) { 140 | return NULL; 141 | } 142 | if (!buf) { 143 | return r_bin_fatmach0_free (bin); 144 | } 145 | bin->b = r_buf_new (); 146 | bin->size = size; 147 | if (!r_buf_set_bytes (bin->b, buf, size)) { 148 | return r_bin_fatmach0_free (bin); 149 | } 150 | if (!r_bin_fatmach0_init (bin)) { 151 | return r_bin_fatmach0_free (bin); 152 | } 153 | return bin; 154 | } 155 | -------------------------------------------------------------------------------- /format/nxo/nxo.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2018 - rkx1209 */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include "nxo.h" 12 | 13 | ut32 readLE32(RBuffer *buf, int off) { 14 | //int left = 0; 15 | ut32 num = 0; 16 | (void)r_buf_read_at (buf, off, (ut8 *)&num, 4); 17 | return num; 18 | //const ut8 *data = r_buf_get_at (buf, off, &left); 19 | //return left > 3? r_read_le32 (data): 0; 20 | } 21 | 22 | ut64 readLE64(RBuffer *buf, int off) { 23 | int left = 0; 24 | const ut8 *data = r_buf_get_at (buf, off, &left); 25 | return left > 7? r_read_le64 (data): 0; 26 | } 27 | 28 | static char *readString(RBuffer *buf, int off) { 29 | char symbol[128]; // assume 128 as max symbol name length 30 | int left = r_buf_read_at (buf, off, (ut8*)symbol, sizeof (symbol)); 31 | if (left < 1) { 32 | return NULL; 33 | } 34 | symbol[sizeof (symbol) - 1] = 0; 35 | return strdup (symbol); 36 | } 37 | 38 | const char *fileType(const ut8 *buf) { 39 | if (!memcmp (buf, "NRO0", 4)) { 40 | return "nro0"; 41 | } 42 | if (!memcmp (buf, "NRR0", 4)) { 43 | return "nrr0"; 44 | } 45 | if (!memcmp (buf, "MOD0", 4)) { 46 | return "mod0"; 47 | } 48 | if (!memcmp (buf, "NSO0", 4)) { 49 | return "nso0"; 50 | } 51 | return NULL; 52 | } 53 | 54 | static void walkSymbols (RBuffer *buf, RBinNXOObj *bin, ut64 symtab, ut64 strtab, ut64 strtab_size, ut64 relplt, ut64 baddr) { 55 | int i, import = 0; 56 | RBinSymbol *sym; 57 | RBinImport *imp; 58 | for (i = 8; i < 99999; i++) { 59 | ut64 addr = readLE64 (buf, symtab + i); 60 | ut64 size = readLE64 (buf, symtab + i + 8); 61 | i += 16; // NULL, NULL 62 | ut64 name = readLE32 (buf, symtab + i); 63 | //ut64 type = readLE32 (buf, symtab + i + 4); 64 | char *symName = readString (buf, strtab + name); 65 | if (!symName) { 66 | break; 67 | } 68 | sym = R_NEW0 (RBinSymbol); 69 | if (!sym) { 70 | free (symName); 71 | break; 72 | } 73 | sym->type = r_str_const (R_BIN_TYPE_FUNC_STR); 74 | sym->bind = r_str_const ("NONE"); 75 | sym->size = size; 76 | 77 | if (addr == 0) { 78 | import ++; 79 | ut64 pltSym = readLE64 (buf, relplt + (import * 24)); 80 | imp = R_NEW0 (RBinImport); 81 | if (!imp) { 82 | R_FREE (sym); 83 | free (symName); 84 | break; 85 | } 86 | imp->name = symName; 87 | if (!imp->name) { 88 | goto out_walk_symbol; 89 | } 90 | imp->type = r_str_const ("FUNC"); 91 | if (!imp->type) { 92 | goto out_walk_symbol; 93 | } 94 | imp->bind = r_str_const ("NONE"); 95 | if (!imp->bind) { 96 | goto out_walk_symbol; 97 | } 98 | imp->ordinal = bin->imports_list->length; 99 | r_list_append (bin->imports_list, imp); 100 | sym->name = r_str_newf ("imp.%s", symName); 101 | if (!sym->name) { 102 | goto out_walk_symbol; 103 | } 104 | sym->paddr = pltSym - 8; 105 | sym->vaddr = sym->paddr + baddr; 106 | eprintf ("f sym.imp.%s = 0x%"PFMT64x"\n", symName, pltSym - 8); 107 | } else { 108 | sym->name = symName; 109 | if (!sym->name) { 110 | R_FREE (sym); 111 | break; 112 | } 113 | sym->paddr = addr; 114 | sym->vaddr = sym->paddr + baddr; 115 | eprintf ("f sym.%s %"PFMT64u "0x%"PFMT64x"\n", symName, size, addr); 116 | } 117 | r_list_append (bin->methods_list, sym); 118 | i += 8 - 1; 119 | } 120 | return; 121 | 122 | out_walk_symbol: 123 | R_FREE (sym); 124 | R_FREE (imp); 125 | return; 126 | } 127 | 128 | void parseMod(RBuffer *buf, RBinNXOObj *bin, ut32 mod0, ut64 baddr) { 129 | ut32 ptr = readLE32 (buf, mod0); 130 | eprintf ("magic %x at 0x%x\n", ptr, mod0); 131 | if (ptr == 0x30444f4d) { // MOD0 132 | eprintf ("is mode0\n"); 133 | MODHeader mh = { 134 | .magic = readLE32 (buf, mod0), 135 | .dynamic = readLE32 (buf, mod0 + 4), 136 | .bss_start = readLE32 (buf, mod0 + 8), 137 | .bss_end = readLE32 (buf, mod0 + 12), 138 | .unwind_start = readLE32 (buf, mod0 + 16), 139 | .unwind_end = readLE32 (buf, mod0 + 20), 140 | .mod_object = readLE32 (buf, mod0 + 24), 141 | }; 142 | mh.mod_object += mod0; 143 | eprintf ("magic 0x%x\n", mh.magic); 144 | eprintf ("dynamic 0x%x\n", mh.dynamic); 145 | eprintf ("bss 0x%x 0x%x\n", mh.bss_start, mh.bss_end); 146 | eprintf ("unwind 0x%x 0x%x\n", mh.unwind_start, mh.unwind_end); 147 | eprintf ("-------------\n"); 148 | eprintf ("mod 0x%x\n", mh.mod_object); 149 | #define MO_(x) readLE64(buf, mh.mod_object + r_offsetof(MODObject, x)) 150 | MODObject mo = { 151 | .next = MO_(next), 152 | .prev = MO_(prev), 153 | .relplt = MO_(relplt), 154 | .reldyn = MO_(reldyn), 155 | .base = MO_(base), 156 | .dynamic = MO_(dynamic), 157 | .is_rela = MO_(is_rela), 158 | .relplt_size = MO_(relplt_size), 159 | .init = MO_(init), 160 | .fini = MO_(fini), 161 | .bucket = MO_(bucket), 162 | .chain = MO_(chain), 163 | .strtab = MO_(strtab), 164 | .symtab = MO_(symtab), 165 | .strtab_size = MO_(strtab_size) 166 | }; 167 | eprintf ("next 0x%"PFMT64x"\n", mo.next); 168 | eprintf ("prev 0x%"PFMT64x"\n", mo.prev); 169 | eprintf ("base 0x%"PFMT64x"\n", mo.base); 170 | eprintf ("init 0x%"PFMT64x"\n", mo.init); 171 | eprintf ("fini 0x%"PFMT64x"\n", mo.fini); 172 | eprintf ("relplt 0x%"PFMT64x"\n", mo.relplt - mo.base); 173 | eprintf ("symtab = 0x%"PFMT64x"\n", mo.symtab - mo.base); 174 | eprintf ("strtab = 0x%"PFMT64x"\n", mo.strtab - mo.base); 175 | eprintf ("strtabsz = 0x%"PFMT64x"\n", mo.strtab_size); 176 | //ut32 modo = mh.mod_object; 177 | ut64 strtab = mo.strtab - mo.base; 178 | ut64 symtab = mo.symtab - mo.base; 179 | walkSymbols (buf, bin, symtab, strtab, mo.strtab_size, mo.relplt - mo.base, baddr); 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /format/mach0/mach0.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2010-2017 - pancake, nibble */ 2 | 3 | #include 4 | #include 5 | #include "mach0_specs.h" 6 | 7 | #ifndef _INCLUDE_R_BIN_MACH0_H_ 8 | #define _INCLUDE_R_BIN_MACH0_H_ 9 | 10 | #define R_BIN_MACH0_STRING_LENGTH 256 11 | 12 | 13 | #define CSMAGIC_CODEDIRECTORY 0xfade0c02 14 | #define CSMAGIC_EMBEDDED_SIGNATURE 0xfade0cc0 15 | #define CSMAGIC_DETACHED_SIGNATURE 0xfade0cc1 /* multi-arch collection of embedded signatures */ 16 | #define CSMAGIC_ENTITLEMENTS 0xfade7171 17 | #define CSMAGIC_REQUIREMENT 0xfade0c00 /* single Requirement blob */ 18 | #define CSMAGIC_REQUIREMENTS 0xfade0c01 /* Requirements vector (internal requirements) */ 19 | 20 | #define CS_PAGE_SIZE 4096 21 | 22 | #define CS_HASHTYPE_SHA1 1 23 | #define CS_HASHTYPE_SHA256 2 24 | #define CS_HASHTYPE_SHA256_TRUNCATED 3 25 | 26 | #define CS_HASH_SIZE_SHA1 20 27 | #define CS_HASH_SIZE_SHA256 32 28 | #define CS_HASH_SIZE_SHA256_TRUNCATED 20 29 | 30 | #define CSSLOT_CODEDIRECTORY 0 31 | #define CSSLOT_INFOSLOT 1 32 | #define CSSLOT_REQUIREMENTS 2 33 | #define CSSLOT_RESOURCEDIR 3 34 | #define CSSLOT_APPLICATION 4 35 | #define CSSLOT_ENTITLEMENTS 5 36 | #define CSSLOT_CMS_SIGNATURE 0x10000 37 | 38 | struct section_t { 39 | ut64 offset; 40 | ut64 addr; 41 | ut64 size; 42 | ut64 vsize; 43 | ut32 align; 44 | ut32 flags; 45 | int perm; 46 | char name[R_BIN_MACH0_STRING_LENGTH]; 47 | int last; 48 | }; 49 | 50 | struct symbol_t { 51 | ut64 offset; 52 | ut64 addr; 53 | ut64 size; 54 | int type; 55 | char name[R_BIN_MACH0_STRING_LENGTH]; 56 | int last; 57 | }; 58 | 59 | struct import_t { 60 | char name[R_BIN_MACH0_STRING_LENGTH]; 61 | int ord; 62 | int last; 63 | }; 64 | 65 | struct reloc_t { 66 | ut64 offset; 67 | ut64 addr; 68 | st64 addend; 69 | ut8 type; 70 | int ord; 71 | int last; 72 | char name[256]; 73 | }; 74 | 75 | struct addr_t { 76 | ut64 offset; 77 | ut64 addr; 78 | ut64 haddr; 79 | int last; 80 | }; 81 | 82 | struct lib_t { 83 | char name[R_BIN_MACH0_STRING_LENGTH]; 84 | int last; 85 | }; 86 | 87 | struct blob_index_t { 88 | ut32 type; 89 | ut32 offset; 90 | }; 91 | 92 | struct blob_t { 93 | ut32 magic; 94 | ut32 length; 95 | }; 96 | 97 | struct super_blob_t { 98 | struct blob_t blob; 99 | ut32 count; 100 | struct blob_index_t index[]; 101 | }; 102 | 103 | struct MACH0_(opts_t) { 104 | bool verbose; 105 | ut64 header_at; 106 | }; 107 | 108 | struct MACH0_(obj_t) { 109 | struct MACH0_(mach_header) hdr; 110 | struct MACH0_(segment_command) *segs; 111 | char *intrp; 112 | int nsegs; 113 | struct MACH0_(section) *sects; 114 | int nsects; 115 | struct MACH0_(nlist) *symtab; 116 | ut8 *symstr; 117 | ut8 *func_start; //buffer that hold the data from LC_FUNCTION_STARTS 118 | int symstrlen; 119 | int nsymtab; 120 | ut32 *indirectsyms; 121 | int nindirectsyms; 122 | 123 | RBinImport **imports_by_ord; 124 | size_t imports_by_ord_size; 125 | HtPP *imports_by_name; 126 | 127 | struct dysymtab_command dysymtab; 128 | struct load_command main_cmd; 129 | struct dyld_info_command *dyld_info; 130 | struct dylib_table_of_contents *toc; 131 | int ntoc; 132 | struct MACH0_(dylib_module) *modtab; 133 | int nmodtab; 134 | struct thread_command thread; 135 | ut8 *signature; 136 | union { 137 | struct x86_thread_state32 x86_32; 138 | struct x86_thread_state64 x86_64; 139 | struct ppc_thread_state32 ppc_32; 140 | struct ppc_thread_state64 ppc_64; 141 | struct arm_thread_state32 arm_32; 142 | struct arm_thread_state64 arm_64; 143 | } thread_state; 144 | char (*libs)[R_BIN_MACH0_STRING_LENGTH]; 145 | int nlibs; 146 | int size; 147 | ut64 baddr; 148 | ut64 entry; 149 | bool big_endian; 150 | const char *file; 151 | RBuffer *b; 152 | int os; 153 | Sdb *kv; 154 | int has_crypto; 155 | int has_canary; 156 | int has_retguard; 157 | int has_sanitizers; 158 | int has_blocks_ext; 159 | int dbg_info; 160 | const char *lang; 161 | int uuidn; 162 | int func_size; 163 | bool verbose; 164 | ut64 header_at; 165 | void *user; 166 | ut64 (*va2pa)(ut64 p, ut32 *offset, ut32 *left, RBinFile *bf); 167 | }; 168 | 169 | void MACH0_(opts_set_default)(struct MACH0_(opts_t) *options, RBinFile *bf); 170 | struct MACH0_(obj_t) *MACH0_(mach0_new)(const char *file, struct MACH0_(opts_t) *options); 171 | struct MACH0_(obj_t) *MACH0_(new_buf)(RBuffer *buf, struct MACH0_(opts_t) *options); 172 | void *MACH0_(mach0_free)(struct MACH0_(obj_t) *bin); 173 | struct section_t *MACH0_(get_sections)(struct MACH0_(obj_t) *bin); 174 | struct symbol_t *MACH0_(get_symbols)(struct MACH0_(obj_t) *bin); 175 | void MACH0_(pull_symbols)(struct MACH0_(obj_t) *mo, RBinSymbolCallback cb, void *user); 176 | struct import_t *MACH0_(get_imports)(struct MACH0_(obj_t) *bin); 177 | RSkipList *MACH0_(get_relocs)(struct MACH0_(obj_t) *bin); 178 | struct addr_t *MACH0_(get_entrypoint)(struct MACH0_(obj_t) *bin); 179 | struct lib_t *MACH0_(get_libs)(struct MACH0_(obj_t) *bin); 180 | ut64 MACH0_(get_baddr)(struct MACH0_(obj_t) *bin); 181 | char *MACH0_(get_class)(struct MACH0_(obj_t) *bin); 182 | int MACH0_(get_bits)(struct MACH0_(obj_t) *bin); 183 | bool MACH0_(is_big_endian)(struct MACH0_(obj_t) *bin); 184 | bool MACH0_(is_pie)(struct MACH0_(obj_t) *bin); 185 | bool MACH0_(has_nx)(struct MACH0_(obj_t) *bin); 186 | const char *MACH0_(get_intrp)(struct MACH0_(obj_t) *bin); 187 | const char *MACH0_(get_os)(struct MACH0_(obj_t) *bin); 188 | const char *MACH0_(get_cputype)(struct MACH0_(obj_t) *bin); 189 | char *MACH0_(get_cpusubtype)(struct MACH0_(obj_t) *bin); 190 | char *MACH0_(get_cpusubtype_from_hdr)(struct MACH0_(mach_header) *hdr); 191 | char *MACH0_(get_filetype)(struct MACH0_(obj_t) *bin); 192 | char *MACH0_(get_filetype_from_hdr)(struct MACH0_(mach_header) *hdr); 193 | ut64 MACH0_(get_main)(struct MACH0_(obj_t) *bin); 194 | const char *MACH0_(get_cputype_from_hdr)(struct MACH0_(mach_header) *hdr); 195 | int MACH0_(get_bits_from_hdr)(struct MACH0_(mach_header) *hdr); 196 | struct MACH0_(mach_header) *MACH0_(get_hdr_from_bytes)(RBuffer *buf); 197 | void MACH0_(mach_headerfields)(RBinFile *bf); 198 | RList *MACH0_(mach_fields)(RBinFile *bf); 199 | #endif 200 | -------------------------------------------------------------------------------- /format/pe/pemixed.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2018 - JohnPeng47 */ 2 | 3 | #include 4 | #include "pemixed.h" 5 | 6 | static bool check_il_only(ut32 flags); 7 | 8 | static int r_bin_pemixed_init(struct r_bin_pemixed_obj_t* bin, struct PE_(r_bin_pe_obj_t)* pe_bin) { 9 | struct PE_(r_bin_pe_obj_t)* sub_bin_dos; 10 | struct PE_(r_bin_pe_obj_t)* sub_bin_native; 11 | struct PE_(r_bin_pe_obj_t)* sub_bin_net; 12 | 13 | sub_bin_dos = r_bin_pemixed_init_dos (pe_bin); 14 | if (sub_bin_dos) { 15 | bin->sub_bin_dos = sub_bin_dos; 16 | } 17 | 18 | sub_bin_native = r_bin_pemixed_init_native (pe_bin); 19 | if (sub_bin_native) { 20 | bin->sub_bin_native = sub_bin_native; 21 | } 22 | sub_bin_net = pe_bin; 23 | bin->sub_bin_net = sub_bin_net; 24 | return true; 25 | } 26 | 27 | //carves out dos from original pe 28 | //TODO: return mz file instead pe 29 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_init_dos(struct PE_(r_bin_pe_obj_t)* pe_bin) { 30 | ut8 * tmp_buf; 31 | 32 | ut64 pe_hdr_off = pe_bin->dos_header->e_lfanew; 33 | 34 | //idk if this is the most efficient way but could not find a function to read 35 | //RBuffer into another RBuffer 36 | if (!(tmp_buf = malloc (pe_hdr_off))) { 37 | return NULL; 38 | } 39 | 40 | if ((r_buf_read_at (pe_bin->b, 0, tmp_buf, pe_hdr_off)) == -1) { 41 | eprintf ("Error reading to buffer\n"); 42 | return NULL; 43 | } 44 | 45 | struct PE_(r_bin_pe_obj_t)* sub_bin_dos = R_NEW0 (struct PE_(r_bin_pe_obj_t)); 46 | if (!(sub_bin_dos->b = r_buf_new_with_bytes(tmp_buf, pe_hdr_off))) { 47 | PE_(r_bin_pe_free) (sub_bin_dos); 48 | return NULL; 49 | } 50 | 51 | sub_bin_dos->size = pe_hdr_off; 52 | sub_bin_dos->dos_header = pe_bin->dos_header; 53 | 54 | free (tmp_buf); 55 | return sub_bin_dos; 56 | } 57 | 58 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_init_native(struct PE_(r_bin_pe_obj_t)* pe_bin) { 59 | ut8* zero_out; 60 | ut64 b_size; 61 | 62 | struct PE_(r_bin_pe_obj_t)* sub_bin_native = R_NEW0 (struct PE_(r_bin_pe_obj_t)); 63 | memcpy (sub_bin_native, pe_bin, sizeof(struct PE_(r_bin_pe_obj_t))); 64 | 65 | b_size = pe_bin->b->length; 66 | 67 | //copy pe_bin->b and assign to sub_bin_native 68 | 69 | // if (!(tmp_buf = malloc (b_size))) { 70 | // eprintf("wtf malloc\n"); 71 | // }; 72 | 73 | // if (!(r_buf_read_at (pe_bin->b, 0, tmp_buf, b_size))) { 74 | // free (sub_bin_native); 75 | // return NULL; 76 | // } 77 | 78 | if (!(sub_bin_native->b = r_buf_new_with_bytes(pe_bin->b->buf, b_size))) { 79 | free (sub_bin_native); 80 | eprintf ("failed\n"); 81 | return NULL; 82 | } 83 | 84 | //calculate the dotnet data directory offset 85 | int dotnet_offset = pe_bin->dos_header->e_lfanew; 86 | dotnet_offset += sizeof (PE_(image_nt_headers)); 87 | dotnet_offset -= sizeof (PE_(image_data_directory)) * 2; 88 | 89 | if (!(zero_out = (ut8*) calloc (2, 4 * sizeof (ut8)))) { 90 | // can't call PE_(r_bin_pe_free) since this will free the underlying pe_bin 91 | // object which we may need for later 92 | // PE_(r_bin_pe_free) (sub_bin_native); 93 | r_buf_free (sub_bin_native->b); 94 | free (sub_bin_native); 95 | return NULL; 96 | } 97 | 98 | if (r_buf_write_at (sub_bin_native->b, dotnet_offset, zero_out, sizeof (PE_(image_data_directory))) < -1) { 99 | eprintf ("Zeroing out dotnet offset failed\n"); 100 | r_buf_free (sub_bin_native->b); 101 | free (sub_bin_native); 102 | free (zero_out); 103 | return NULL; 104 | } 105 | 106 | free (zero_out); 107 | return sub_bin_native; 108 | } 109 | 110 | //this method should just return the original pe file 111 | // struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_init_net(struct PE_(r_bin_pe_obj_t)* pe_bin) { 112 | // return pe_bin; 113 | // } 114 | 115 | //not sure if this function is nessescary 116 | struct PE_(r_bin_pe_obj_t)* r_bin_pemixed_extract(struct r_bin_pemixed_obj_t* bin, int sub_bin) { 117 | if (!bin) { 118 | return NULL; 119 | } 120 | 121 | switch (sub_bin) { 122 | case SUB_BIN_DOS: 123 | return bin->sub_bin_dos; 124 | case SUB_BIN_NATIVE: 125 | return bin->sub_bin_native; 126 | case SUB_BIN_NET: 127 | return bin->sub_bin_net; 128 | } 129 | return NULL; 130 | } 131 | 132 | //if IL only bit is set; if true then it is pure .NET binary with no unmanaged code 133 | static bool check_il_only(ut32 flag) { 134 | ut32 check_mask = 1; 135 | return flag & check_mask; 136 | } 137 | 138 | void* r_bin_pemixed_free(struct r_bin_pemixed_obj_t* bin) { 139 | if (!bin) { 140 | return NULL; 141 | } 142 | //only one free is nessescary since they all point 143 | //to the same original pe struct 144 | //possible memleak here 145 | PE_(r_bin_pe_free)(bin->sub_bin_net); 146 | if (bin->sub_bin_dos) { 147 | r_buf_free (bin->sub_bin_dos->b); //dos is the only one with its own buf 148 | } 149 | free (bin->sub_bin_dos); 150 | free (bin->sub_bin_native); 151 | 152 | // PE_(r_bin_pe_free)(bin->sub_bin_native); 153 | // PE_(r_bin_pe_free)(bin->sub_bin_net); 154 | r_buf_free (bin->b); 155 | R_FREE(bin); 156 | return NULL; 157 | } 158 | 159 | struct r_bin_pemixed_obj_t * r_bin_pemixed_from_bytes_new(const ut8* buf, ut64 size) { 160 | struct r_bin_pemixed_obj_t* bin = R_NEW0 (struct r_bin_pemixed_obj_t); 161 | struct PE_(r_bin_pe_obj_t)* pe_bin; 162 | if (!bin || !buf) { 163 | return r_bin_pemixed_free (bin); 164 | } 165 | bin->b = r_buf_new(); 166 | bin->size = size; 167 | if (!r_buf_set_bytes (bin->b, buf, size)) { //copy buf to bin->b 168 | return r_bin_pemixed_free (bin); 169 | } 170 | pe_bin = PE_(r_bin_pe_new_buf) (bin->b, true); 171 | if (!pe_bin) { 172 | PE_(r_bin_pe_free)(pe_bin); 173 | return r_bin_pemixed_free (bin); 174 | } 175 | if (!pe_bin->clr_hdr) { 176 | PE_(r_bin_pe_free) (pe_bin); 177 | return r_bin_pemixed_free (bin); 178 | } 179 | //check if binary only contains managed code 180 | //check implemented here cuz we need to intialize 181 | //the pe header to access the clr hdr 182 | if (check_il_only(pe_bin->clr_hdr->Flags)) { 183 | PE_(r_bin_pe_free) (pe_bin); 184 | return r_bin_pemixed_free (bin); 185 | } 186 | if (!r_bin_pemixed_init (bin, pe_bin)) { 187 | PE_(r_bin_pe_free) (pe_bin); 188 | return r_bin_pemixed_free (bin); 189 | } 190 | return bin; 191 | } 192 | 193 | -------------------------------------------------------------------------------- /format/pe/pe.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008 nibble<.ds@gmail.com> */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include "pe_specs.h" 9 | 10 | #ifndef _INCLUDE_R_BIN_PE_H_ 11 | #define _INCLUDE_R_BIN_PE_H_ 12 | 13 | #define R_BIN_PE_SCN_IS_SHAREABLE(x) x & PE_IMAGE_SCN_MEM_SHARED 14 | #define R_BIN_PE_SCN_IS_EXECUTABLE(x) x & PE_IMAGE_SCN_MEM_EXECUTE 15 | #define R_BIN_PE_SCN_IS_READABLE(x) x & PE_IMAGE_SCN_MEM_READ 16 | #define R_BIN_PE_SCN_IS_WRITABLE(x) x & PE_IMAGE_SCN_MEM_WRITE 17 | 18 | struct r_bin_pe_addr_t { 19 | ut64 vaddr; 20 | ut64 paddr; 21 | ut64 haddr; 22 | }; 23 | 24 | struct r_bin_pe_section_t { 25 | ut8 name[PE_IMAGE_SIZEOF_SHORT_NAME * 3]; 26 | ut64 size; 27 | ut64 vsize; 28 | ut64 vaddr; 29 | ut64 paddr; 30 | ut64 perm; 31 | int last; 32 | }; 33 | 34 | struct r_bin_pe_import_t { 35 | ut8 name[PE_NAME_LENGTH + 1]; 36 | ut64 vaddr; 37 | ut64 paddr; 38 | ut64 hint; 39 | ut64 ordinal; 40 | int last; 41 | }; 42 | 43 | struct r_bin_pe_export_t { 44 | ut8 name[PE_NAME_LENGTH + 1]; 45 | ut8 forwarder[PE_NAME_LENGTH + 1]; 46 | ut64 vaddr; 47 | ut64 paddr; 48 | ut64 ordinal; 49 | int last; 50 | }; 51 | 52 | struct r_bin_pe_string_t { 53 | char string[PE_STRING_LENGTH]; 54 | ut64 vaddr; 55 | ut64 paddr; 56 | ut64 size; 57 | char type; 58 | int last; 59 | }; 60 | 61 | struct r_bin_pe_lib_t { 62 | char name[PE_STRING_LENGTH]; 63 | int last; 64 | }; 65 | 66 | 67 | typedef struct _PE_RESOURCE { 68 | char *timestr; 69 | char *type; 70 | char *language; 71 | char *name; 72 | Pe_image_resource_data_entry *data; 73 | } r_pe_resource; 74 | 75 | #define GUIDSTR_LEN 41 76 | #define DBG_FILE_NAME_LEN 255 77 | 78 | typedef struct SDebugInfo { 79 | char guidstr[GUIDSTR_LEN]; 80 | char file_name[DBG_FILE_NAME_LEN]; 81 | } SDebugInfo; 82 | 83 | #endif 84 | 85 | struct PE_(r_bin_pe_obj_t) { 86 | // these pointers contain a copy of the headers and sections! 87 | PE_(image_dos_header) * dos_header; 88 | PE_(image_nt_headers) * nt_headers; 89 | PE_(image_optional_header) * optional_header; //not free this just pointer into nt_headers 90 | PE_(image_data_directory) * data_directory; //not free this just pointer into nt_headers 91 | PE_(image_section_header) * section_header; 92 | PE_(image_export_directory) * export_directory; 93 | PE_(image_import_directory) * import_directory; 94 | PE_(image_tls_directory) * tls_directory; 95 | Pe_image_resource_directory* resource_directory; 96 | PE_(image_delay_import_directory) * delay_import_directory; 97 | 98 | // these pointers pertain to the .net relevant sections 99 | PE_(image_clr_header) * clr_hdr; 100 | PE_(image_metadata_header) * metadata_header; 101 | PE_(image_metadata_stream) * *streams; 102 | 103 | /* store the section information for future use */ 104 | struct r_bin_pe_section_t *sections; 105 | 106 | // these values define the real offset into the untouched binary 107 | ut64 nt_header_offset; 108 | ut64 section_header_offset; 109 | ut64 import_directory_offset; 110 | ut64 export_directory_offset; 111 | ut64 resource_directory_offset; 112 | ut64 delay_import_directory_offset; 113 | 114 | int import_directory_size; 115 | int size; 116 | int num_sections; 117 | int endian; 118 | bool verbose; 119 | int big_endian; 120 | RList* relocs; 121 | RList* resources; //RList of r_pe_resources 122 | const char* file; 123 | struct r_buf_t* b; 124 | Sdb *kv; 125 | RCMS* cms; 126 | bool is_signed; 127 | }; 128 | 129 | void PE_(r_bin_store_all_resource_version_info)(struct PE_(r_bin_pe_obj_t)* bin); 130 | char* PE_(r_bin_pe_get_arch)(struct PE_(r_bin_pe_obj_t)* bin); 131 | struct r_bin_pe_addr_t* PE_(r_bin_pe_get_entrypoint)(struct PE_(r_bin_pe_obj_t)* bin); 132 | struct r_bin_pe_addr_t* PE_(r_bin_pe_get_main_vaddr)(struct PE_(r_bin_pe_obj_t)* bin); 133 | struct r_bin_pe_export_t* PE_(r_bin_pe_get_exports)(struct PE_(r_bin_pe_obj_t)* bin); // TODO 134 | int PE_(r_bin_pe_get_file_alignment)(struct PE_(r_bin_pe_obj_t)* bin); 135 | ut64 PE_(r_bin_pe_get_image_base)(struct PE_(r_bin_pe_obj_t)* bin); 136 | struct r_bin_pe_import_t* PE_(r_bin_pe_get_imports)(struct PE_(r_bin_pe_obj_t)* bin); // TODO 137 | struct r_bin_pe_lib_t* PE_(r_bin_pe_get_libs)(struct PE_(r_bin_pe_obj_t)* bin); 138 | int PE_(r_bin_pe_get_image_size)(struct PE_(r_bin_pe_obj_t)* bin); 139 | char* PE_(r_bin_pe_get_machine)(struct PE_(r_bin_pe_obj_t)* bin); 140 | char* PE_(r_bin_pe_get_os)(struct PE_(r_bin_pe_obj_t)* bin); 141 | char* PE_(r_bin_pe_get_class)(struct PE_(r_bin_pe_obj_t)* bin); 142 | int PE_(r_bin_pe_get_bits)(struct PE_(r_bin_pe_obj_t)* bin); 143 | int PE_(r_bin_pe_get_section_alignment)(struct PE_(r_bin_pe_obj_t)* bin); 144 | char* PE_(r_bin_pe_get_subsystem)(struct PE_(r_bin_pe_obj_t)* bin); 145 | int PE_(r_bin_pe_is_dll)(struct PE_(r_bin_pe_obj_t)* bin); 146 | int PE_(r_bin_pe_is_big_endian)(struct PE_(r_bin_pe_obj_t)* bin); 147 | int PE_(r_bin_pe_is_stripped_relocs)(struct PE_(r_bin_pe_obj_t)* bin); 148 | int PE_(r_bin_pe_is_stripped_line_nums)(struct PE_(r_bin_pe_obj_t)* bin); 149 | int PE_(r_bin_pe_is_stripped_local_syms)(struct PE_(r_bin_pe_obj_t)* bin); 150 | int PE_(r_bin_pe_is_stripped_debug)(struct PE_(r_bin_pe_obj_t)* bin); 151 | void* PE_(r_bin_pe_free)(struct PE_(r_bin_pe_obj_t)* bin); 152 | struct PE_(r_bin_pe_obj_t)* PE_(r_bin_pe_new)(const char* file, bool verbose); 153 | struct PE_(r_bin_pe_obj_t)* PE_(r_bin_pe_new_buf)(struct r_buf_t* buf, bool verbose); 154 | int PE_(r_bin_pe_get_debug_data)(struct PE_(r_bin_pe_obj_t)* bin, struct SDebugInfo* res); 155 | int PE_(bin_pe_get_claimed_checksum)(struct PE_(r_bin_pe_obj_t)* bin); 156 | int PE_(bin_pe_get_actual_checksum)(struct PE_(r_bin_pe_obj_t)* bin); 157 | int PE_(bin_pe_get_overlay)(struct PE_(r_bin_pe_obj_t)* bin, ut64* size); 158 | void PE_(r_bin_pe_check_sections)(struct PE_(r_bin_pe_obj_t)* bin, struct r_bin_pe_section_t** sects); 159 | struct r_bin_pe_addr_t *PE_(check_unknow) (struct PE_(r_bin_pe_obj_t) *bin); 160 | struct r_bin_pe_addr_t *PE_(check_msvcseh) (struct PE_(r_bin_pe_obj_t) *bin); 161 | struct r_bin_pe_addr_t *PE_(check_mingw) (struct PE_(r_bin_pe_obj_t) *bin); 162 | bool PE_(r_bin_pe_section_perms)(struct PE_(r_bin_pe_obj_t) *bin, const char *name, int perms); 163 | R_API void PE_(bin_pe_parse_resource) (struct PE_(r_bin_pe_obj_t) *bin); 164 | -------------------------------------------------------------------------------- /format/elf/elf.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "elf_specs.h" 7 | 8 | #ifndef _INCLUDE_ELF_H_ 9 | #define _INCLUDE_ELF_H_ 10 | 11 | #define R_BIN_ELF_SCN_IS_EXECUTABLE(x) x & SHF_EXECINSTR 12 | #define R_BIN_ELF_SCN_IS_READABLE(x) x & SHF_ALLOC 13 | #define R_BIN_ELF_SCN_IS_WRITABLE(x) x & SHF_WRITE 14 | 15 | #define R_BIN_ELF_SYMTAB_SYMBOLS 1 << 0 16 | #define R_BIN_ELF_DYNSYM_SYMBOLS 1 << 1 17 | #define R_BIN_ELF_IMPORT_SYMBOLS (1 << 2 | (bin->ehdr.e_type == ET_REL ? R_BIN_ELF_SYMTAB_SYMBOLS : R_BIN_ELF_DYNSYM_SYMBOLS)) 18 | #define R_BIN_ELF_ALL_SYMBOLS (R_BIN_ELF_SYMTAB_SYMBOLS | R_BIN_ELF_DYNSYM_SYMBOLS) 19 | #define ELFOBJ struct Elf_(r_bin_elf_obj_t) 20 | 21 | typedef struct r_bin_elf_section_t { 22 | ut64 offset; 23 | ut64 rva; 24 | ut64 size; 25 | ut64 align; 26 | ut32 flags; 27 | ut32 link; 28 | ut32 info; 29 | char name[ELF_STRING_LENGTH]; 30 | int last; 31 | int type; 32 | } RBinElfSection; 33 | 34 | typedef struct r_bin_elf_symbol_t { 35 | ut64 offset; 36 | ut64 size; 37 | ut32 ordinal; 38 | const char *bind; 39 | const char *type; 40 | char name[ELF_STRING_LENGTH]; 41 | int last; 42 | bool in_shdr; 43 | bool is_sht_null; 44 | bool is_vaddr; /* when true, offset is virtual address, otherwise it's physical */ 45 | bool is_imported; 46 | } RBinElfSymbol; 47 | 48 | typedef struct r_bin_elf_reloc_t { 49 | int sym; 50 | int type; 51 | int is_rela; 52 | st64 addend; 53 | ut64 offset; 54 | ut64 rva; 55 | ut16 section; 56 | int last; 57 | ut64 sto; 58 | } RBinElfReloc; 59 | 60 | typedef struct r_bin_elf_field_t { 61 | ut64 offset; 62 | char name[ELF_STRING_LENGTH]; 63 | int last; 64 | } RBinElfField; 65 | 66 | typedef struct r_bin_elf_string_t { 67 | ut64 offset; 68 | ut64 size; 69 | char type; 70 | char string[ELF_STRING_LENGTH]; 71 | int last; 72 | } RBinElfString; 73 | 74 | typedef struct r_bin_elf_lib_t { 75 | char name[ELF_STRING_LENGTH]; 76 | int last; 77 | } RBinElfLib; 78 | 79 | struct Elf_(r_bin_elf_obj_t) { 80 | Elf_(Ehdr) ehdr; 81 | Elf_(Phdr)* phdr; 82 | Elf_(Shdr)* shdr; 83 | 84 | Elf_(Shdr) *strtab_section; 85 | ut64 strtab_size; 86 | char* strtab; 87 | 88 | Elf_(Shdr) *shstrtab_section; 89 | ut64 shstrtab_size; 90 | char* shstrtab; 91 | 92 | Elf_(Dyn) *dyn_buf; 93 | int dyn_entries; 94 | int is_rela; 95 | ut32 reloc_num; 96 | 97 | ut64 version_info[DT_VERSIONTAGNUM]; 98 | 99 | char *dynstr; 100 | ut32 dynstr_size; 101 | 102 | RBinImport **imports_by_ord; 103 | size_t imports_by_ord_size; 104 | RBinSymbol **symbols_by_ord; 105 | size_t symbols_by_ord_size; 106 | 107 | int bss; 108 | ut64 size; 109 | ut64 baddr; 110 | ut64 boffset; 111 | int endian; 112 | bool verbose; 113 | const char* file; 114 | RBuffer *b; 115 | Sdb *kv; 116 | /*cache purpose*/ 117 | RBinElfSection *g_sections; 118 | RBinElfSymbol *g_symbols; 119 | RBinElfSymbol *g_imports; 120 | RBinElfSymbol *phdr_symbols; 121 | RBinElfSymbol *phdr_imports; 122 | HtUP *rel_cache; 123 | }; 124 | 125 | int Elf_(r_bin_elf_has_va)(struct Elf_(r_bin_elf_obj_t) *bin); 126 | ut64 Elf_(r_bin_elf_get_section_addr)(struct Elf_(r_bin_elf_obj_t) *bin, const char *section_name); 127 | ut64 Elf_(r_bin_elf_get_section_offset)(struct Elf_(r_bin_elf_obj_t) *bin, const char *section_name); 128 | ut64 Elf_(r_bin_elf_get_baddr)(struct Elf_(r_bin_elf_obj_t) *bin); 129 | ut64 Elf_(r_bin_elf_p2v)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 paddr); 130 | ut64 Elf_(r_bin_elf_v2p)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 vaddr); 131 | ut64 Elf_(r_bin_elf_p2v_new)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 paddr); 132 | ut64 Elf_(r_bin_elf_v2p_new)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 vaddr); 133 | ut64 Elf_(r_bin_elf_get_boffset)(struct Elf_(r_bin_elf_obj_t) *bin); 134 | ut64 Elf_(r_bin_elf_get_entry_offset)(struct Elf_(r_bin_elf_obj_t) *bin); 135 | ut64 Elf_(r_bin_elf_get_main_offset)(struct Elf_(r_bin_elf_obj_t) *bin); 136 | ut64 Elf_(r_bin_elf_get_init_offset)(struct Elf_(r_bin_elf_obj_t) *bin); 137 | ut64 Elf_(r_bin_elf_get_fini_offset)(struct Elf_(r_bin_elf_obj_t) *bin); 138 | char *Elf_(r_bin_elf_intrp)(struct Elf_(r_bin_elf_obj_t) *bin); 139 | bool Elf_(r_bin_elf_get_stripped)(struct Elf_(r_bin_elf_obj_t) *bin); 140 | bool Elf_(r_bin_elf_is_static)(struct Elf_(r_bin_elf_obj_t) *bin); 141 | char* Elf_(r_bin_elf_get_data_encoding)(struct Elf_(r_bin_elf_obj_t) *bin); 142 | char* Elf_(r_bin_elf_get_arch)(struct Elf_(r_bin_elf_obj_t) *bin); 143 | char* Elf_(r_bin_elf_get_machine_name)(struct Elf_(r_bin_elf_obj_t) *bin); 144 | char* Elf_(r_bin_elf_get_file_type)(struct Elf_(r_bin_elf_obj_t) *bin); 145 | char* Elf_(r_bin_elf_get_elf_class)(struct Elf_(r_bin_elf_obj_t) *bin); 146 | int Elf_(r_bin_elf_get_bits)(struct Elf_(r_bin_elf_obj_t) *bin); 147 | char* Elf_(r_bin_elf_get_osabi_name)(struct Elf_(r_bin_elf_obj_t) *bin); 148 | int Elf_(r_bin_elf_is_big_endian)(struct Elf_(r_bin_elf_obj_t) *bin); 149 | RBinElfReloc* Elf_(r_bin_elf_get_relocs)(struct Elf_(r_bin_elf_obj_t) *bin); 150 | RBinElfLib* Elf_(r_bin_elf_get_libs)(struct Elf_(r_bin_elf_obj_t) *bin); 151 | RBinElfSection* Elf_(r_bin_elf_get_sections)(struct Elf_(r_bin_elf_obj_t) *bin); 152 | RBinElfSymbol* Elf_(r_bin_elf_get_symbols)(struct Elf_(r_bin_elf_obj_t) *bin); 153 | RBinElfSymbol* Elf_(r_bin_elf_get_imports)(struct Elf_(r_bin_elf_obj_t) *bin); 154 | struct r_bin_elf_field_t* Elf_(r_bin_elf_get_fields)(struct Elf_(r_bin_elf_obj_t) *bin); 155 | char *Elf_(r_bin_elf_get_rpath)(struct Elf_(r_bin_elf_obj_t) *bin); 156 | void* Elf_(r_bin_elf_free)(struct Elf_(r_bin_elf_obj_t)* bin); 157 | struct Elf_(r_bin_elf_obj_t)* Elf_(r_bin_elf_new)(const char* file, bool verbose); 158 | struct Elf_(r_bin_elf_obj_t)* Elf_(r_bin_elf_new_buf)(struct r_buf_t *buf, bool verbose); 159 | ut64 Elf_(r_bin_elf_resize_section)(struct Elf_(r_bin_elf_obj_t) *bin, const char *name, ut64 size); 160 | bool Elf_(r_bin_elf_section_perms)(struct Elf_(r_bin_elf_obj_t) *bin, const char *name, int perms); 161 | bool Elf_(r_bin_elf_entry_write)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 addr); 162 | bool Elf_(r_bin_elf_del_rpath)(struct Elf_(r_bin_elf_obj_t) *bin); 163 | int Elf_(r_bin_elf_has_relro)(struct Elf_(r_bin_elf_obj_t) *bin); 164 | int Elf_(r_bin_elf_has_nx)(struct Elf_(r_bin_elf_obj_t) *bin); 165 | ut8 *Elf_(r_bin_elf_grab_regstate)(struct Elf_(r_bin_elf_obj_t) *bin, int *len); 166 | RList *Elf_(r_bin_elf_get_maps)(ELFOBJ *bin); 167 | RBinSymbol *Elf_(_r_bin_elf_convert_symbol)(struct Elf_(r_bin_elf_obj_t) *bin, 168 | struct r_bin_elf_symbol_t *symbol, 169 | const char *namefmt); 170 | 171 | #endif 172 | -------------------------------------------------------------------------------- /format/wasm/wasm.h: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2017-2018 - cgvwzq */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #ifndef _INCLUDE_WASM_H_ 9 | #define _INCLUDE_WASM_H_ 10 | 11 | // version 0x1 (WIP) 12 | // https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md 13 | 14 | #define R_BIN_WASM_MAGIC_BYTES "\x00" "asm" 15 | #define R_BIN_WASM_VERSION 0x1 16 | #define R_BIN_WASM_STRING_LENGTH 256 17 | #define R_BIN_WASM_END_OF_CODE 0xb 18 | 19 | #define R_BIN_WASM_SECTION_CUSTOM 0x0 20 | #define R_BIN_WASM_SECTION_TYPE 0x1 21 | #define R_BIN_WASM_SECTION_IMPORT 0x2 22 | #define R_BIN_WASM_SECTION_FUNCTION 0x3 23 | #define R_BIN_WASM_SECTION_TABLE 0x4 24 | #define R_BIN_WASM_SECTION_MEMORY 0x5 25 | #define R_BIN_WASM_SECTION_GLOBAL 0x6 26 | #define R_BIN_WASM_SECTION_EXPORT 0x7 27 | #define R_BIN_WASM_SECTION_START 0x8 28 | #define R_BIN_WASM_SECTION_ELEMENT 0x9 29 | #define R_BIN_WASM_SECTION_CODE 0xa 30 | #define R_BIN_WASM_SECTION_DATA 0xb 31 | 32 | typedef enum { 33 | R_BIN_WASM_VALUETYPE_i32 = 0x1, 34 | R_BIN_WASM_VALUETYPE_i64 = 0x2, 35 | R_BIN_WASM_VALUETYPE_f32 = 0x3, 36 | R_BIN_WASM_VALUETYPE_f64 = 0x4, 37 | R_BIN_WASM_VALUETYPE_ANYFUNC = 0x10, 38 | R_BIN_WASM_VALUETYPE_FUNC = 0x20, 39 | R_BIN_WASM_VALUETYPE_EMPTY = 0x40, 40 | } r_bin_wasm_value_type_t; 41 | 42 | typedef enum { 43 | R_BIN_WASM_EXTERNALKIND_Function = 0x0, 44 | R_BIN_WASM_EXTERNALKIND_Table = 0x1, 45 | R_BIN_WASM_EXTERNALKIND_Memory = 0x2, 46 | R_BIN_WASM_EXTERNALKIND_Global = 0x3, 47 | } r_bin_wasm_external_kind_t; 48 | 49 | typedef enum { 50 | R_BIN_WASM_NAMETYPE_Function = 0x1, 51 | R_BIN_WASM_NAMETYPE_Local = 0x2, 52 | } r_bin_wasm_name_type_t; 53 | 54 | struct r_bin_wasm_init_expr_t { 55 | // bytecode terminated in 0xb 56 | size_t len; 57 | }; 58 | 59 | struct r_bin_wasm_resizable_limits_t { 60 | ut8 flags; // 1 if max field is present, 0 otherwise 61 | ut32 initial; 62 | ut32 maximum; 63 | }; 64 | 65 | typedef struct r_bin_wasm_symbol_t { 66 | ut32 id; 67 | ut32 name_len; 68 | char name[R_BIN_WASM_STRING_LENGTH]; 69 | } RBinWasmSymbol; 70 | 71 | typedef struct r_bin_wasm_section_t { 72 | ut8 id; 73 | ut32 size; 74 | ut32 name_len; 75 | char name[R_BIN_WASM_STRING_LENGTH]; 76 | ut32 offset; 77 | ut32 payload_data; 78 | ut32 payload_len; 79 | ut32 count; 80 | } RBinWasmSection; 81 | 82 | typedef struct r_bin_wasm_type_t { 83 | ut8 form; 84 | ut32 param_count; 85 | r_bin_wasm_value_type_t *param_types; 86 | st8 return_count; // MVP = 1 87 | r_bin_wasm_value_type_t return_type; 88 | char to_str[R_BIN_WASM_STRING_LENGTH]; 89 | } RBinWasmTypeEntry; 90 | 91 | // Other Types 92 | struct r_bin_wasm_global_type_t { 93 | r_bin_wasm_value_type_t content_type; 94 | ut8 mutability; 95 | }; 96 | 97 | struct r_bin_wasm_table_type_t { 98 | r_bin_wasm_value_type_t elem_type; 99 | struct r_bin_wasm_resizable_limits_t limits; 100 | }; 101 | 102 | struct r_bin_wasm_memory_type_t { 103 | struct r_bin_wasm_resizable_limits_t limits; 104 | }; 105 | 106 | typedef struct r_bin_wasm_import_t { 107 | ut32 module_len; 108 | char module_str[R_BIN_WASM_STRING_LENGTH]; 109 | ut32 field_len; 110 | char field_str[R_BIN_WASM_STRING_LENGTH]; 111 | ut8 kind; 112 | union { 113 | ut32 type_f; 114 | struct r_bin_wasm_global_type_t type_g; 115 | struct r_bin_wasm_table_type_t type_t; 116 | struct r_bin_wasm_memory_type_t type_m; 117 | }; 118 | 119 | } RBinWasmImportEntry; 120 | 121 | typedef struct r_bin_wasm_function_t { 122 | ut32 type_index; // index to Type entries 123 | } RBinWasmFunctionEntry; 124 | 125 | typedef struct r_bin_wasm_table_t { 126 | ut8 element_type; // only anyfunc 127 | struct r_bin_wasm_resizable_limits_t limits; 128 | } RBinWasmTableEntry; 129 | 130 | typedef struct r_bin_wasm_memory_t { 131 | struct r_bin_wasm_resizable_limits_t limits; 132 | } RBinWasmMemoryEntry; 133 | 134 | typedef struct r_bin_wasm_global_t { 135 | r_bin_wasm_value_type_t content_type; 136 | ut8 mutability; // 0 if immutable, 1 if mutable 137 | struct r_bin_wasm_init_expr_t init; 138 | } RBinWasmGlobalEntry; 139 | 140 | typedef struct r_bin_wasm_export_t { 141 | ut32 field_len; 142 | char field_str[R_BIN_WASM_STRING_LENGTH]; 143 | ut8 kind; 144 | ut32 index; 145 | } RBinWasmExportEntry; 146 | 147 | typedef struct r_bin_wasm_start_t { 148 | ut32 index; 149 | } RBinWasmStartEntry; 150 | 151 | struct r_bin_wasm_local_entry_t { 152 | ut32 count; 153 | r_bin_wasm_value_type_t type; 154 | }; 155 | 156 | typedef struct r_bin_wasm_element_t { 157 | ut32 index; 158 | struct r_bin_wasm_init_expr_t init; 159 | ut32 num_elem; 160 | ut32 elems[]; 161 | } RBinWasmElementEntry; 162 | 163 | typedef struct r_bin_wasm_code_t { 164 | ut32 body_size; 165 | ut32 local_count; // numer of local entries 166 | struct r_bin_wasm_local_entry_t *locals; 167 | ut32 code; // offset 168 | ut32 len; // real bytecode length 169 | ut8 byte; // 0xb, indicating end of the body 170 | char name[R_BIN_WASM_STRING_LENGTH]; 171 | char *signature; 172 | } RBinWasmCodeEntry; 173 | 174 | typedef struct r_bin_wasm_data_t { 175 | ut32 index; // linear memory index (0 in MVP) 176 | struct r_bin_wasm_init_expr_t offset; // bytecode evaluated at runtime 177 | ut32 size; 178 | ut32 data; // offset 179 | } RBinWasmDataEntry; 180 | 181 | // TODO: custom sections 182 | 183 | typedef struct r_bin_wasm_custom_name_t { 184 | r_bin_wasm_name_type_t name_type; 185 | ut32 name_payload_length; 186 | ut32 name_payload_data; 187 | } RBinWasmCustomNameEntry; 188 | 189 | typedef struct r_bin_wasm_obj_t { 190 | 191 | RBuffer *buf; 192 | size_t size; 193 | 194 | ut32 entrypoint; 195 | 196 | // cache purposes 197 | RList *g_sections; 198 | RList *g_types; 199 | RList *g_imports; 200 | RList *g_exports; 201 | RList *g_tables; 202 | RList *g_memories; 203 | RList *g_globals; 204 | RList *g_elements; 205 | RList *g_codes; 206 | RList *g_datas; 207 | RList *g_symtab; 208 | RBinWasmStartEntry *g_start; 209 | // etc... 210 | 211 | } RBinWasmObj; 212 | 213 | RBinWasmObj *r_bin_wasm_init(RBinFile *bf); 214 | void r_bin_wasm_destroy(RBinFile *bf); 215 | RList *r_bin_wasm_get_sections(RBinWasmObj *bin); 216 | RList *r_bin_wasm_get_types(RBinWasmObj *bin); 217 | RList *r_bin_wasm_get_imports(RBinWasmObj *bin); 218 | RList *r_bin_wasm_get_exports(RBinWasmObj *bin); 219 | RList *r_bin_wasm_get_tables(RBinWasmObj *bin); 220 | RList *r_bin_wasm_get_memories(RBinWasmObj *bin); 221 | RList *r_bin_wasm_get_globals(RBinWasmObj *bin); 222 | RList *r_bin_wasm_get_elements(RBinWasmObj *bin); 223 | RList *r_bin_wasm_get_codes(RBinWasmObj *bin); 224 | RList *r_bin_wasm_get_datas(RBinWasmObj *bin); 225 | RList *r_bin_wasm_get_symtab(RBinWasmObj *bin); 226 | ut32 r_bin_wasm_get_entrypoint(RBinWasmObj *bin); 227 | const char *r_bin_wasm_valuetype_to_string(r_bin_wasm_value_type_t type); 228 | 229 | #endif 230 | -------------------------------------------------------------------------------- /yxml.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2013-2014 Yoran Heling 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be included 12 | in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 17 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 18 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 19 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 20 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef YXML_H 24 | #define YXML_H 25 | 26 | #include 27 | #include 28 | 29 | #if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline) 30 | #define inline __inline 31 | #endif 32 | 33 | /* Full API documentation for this library can be found in the "yxml.pod" file 34 | * in the yxml git repository, or online at http://dev.yorhel.nl/yxml/man */ 35 | 36 | typedef enum { 37 | YXML_EEOF = -5, /* Unexpected EOF */ 38 | YXML_EREF = -4, /* Invalid character or entity reference (&whatever;) */ 39 | YXML_ECLOSE = -3, /* Close tag does not match open tag ( .. ) */ 40 | YXML_ESTACK = -2, /* Stack overflow (too deeply nested tags or too long element/attribute name) */ 41 | YXML_ESYN = -1, /* Syntax error (unexpected byte) */ 42 | YXML_OK = 0, /* Character consumed, no new token present */ 43 | YXML_ELEMSTART = 1, /* Start of an element: '' or '' */ 46 | YXML_ATTRSTART = 4, /* Attribute: 'Name=..' */ 47 | YXML_ATTRVAL = 5, /* Attribute value */ 48 | YXML_ATTREND = 6, /* End of attribute '.."' */ 49 | YXML_PISTART = 7, /* Start of a processing instruction */ 50 | YXML_PICONTENT = 8, /* Content of a PI */ 51 | YXML_PIEND = 9 /* End of a processing instruction */ 52 | } yxml_ret_t; 53 | 54 | /* When, exactly, are tokens returned? 55 | * 56 | * ' ELEMSTART 58 | * '/' ELEMSTART, '>' ELEMEND 59 | * ' ' ELEMSTART 60 | * '>' 61 | * '/', '>' ELEMEND 62 | * Attr 63 | * '=' ATTRSTART 64 | * "X ATTRVAL 65 | * 'Y' ATTRVAL 66 | * 'Z' ATTRVAL 67 | * '"' ATTREND 68 | * '>' 69 | * '/', '>' ELEMEND 70 | * 71 | * ' ELEMEND 73 | */ 74 | 75 | 76 | typedef struct { 77 | /* PUBLIC (read-only) */ 78 | 79 | /* Name of the current element, zero-length if not in any element. Changed 80 | * after YXML_ELEMSTART. The pointer will remain valid up to and including 81 | * the next non-YXML_ATTR* token, the pointed-to buffer will remain valid 82 | * up to and including the YXML_ELEMEND for the corresponding element. */ 83 | char *elem; 84 | 85 | /* The last read character(s) of an attribute value (YXML_ATTRVAL), element 86 | * data (YXML_CONTENT), or processing instruction (YXML_PICONTENT). Changed 87 | * after one of the respective YXML_ values is returned, and only valid 88 | * until the next yxml_parse() call. Usually, this string only consists of 89 | * a single byte, but multiple bytes are returned in the following cases: 90 | * - "": The two characters "?x" 91 | * - "": The two characters "]x" 92 | * - "": The three characters "]]x" 93 | * - "&#N;" and "&#xN;", where dec(n) > 127. The referenced Unicode 94 | * character is then encoded in multiple UTF-8 bytes. 95 | */ 96 | char data[8]; 97 | 98 | /* Name of the current attribute. Changed after YXML_ATTRSTART, valid up to 99 | * and including the next YXML_ATTREND. */ 100 | char *attr; 101 | 102 | /* Name/target of the current processing instruction, zero-length if not in 103 | * a PI. Changed after YXML_PISTART, valid up to (but excluding) 104 | * the next YXML_PIEND. */ 105 | char *pi; 106 | 107 | /* Line number, byte offset within that line, and total bytes read. These 108 | * values refer to the position _after_ the last byte given to 109 | * yxml_parse(). These are useful for debugging and error reporting. */ 110 | uint64_t byte; 111 | uint64_t total; 112 | uint32_t line; 113 | 114 | 115 | /* PRIVATE */ 116 | int state; 117 | unsigned char *stack; /* Stack of element names + attribute/PI name, separated by \0. Also starts with a \0. */ 118 | size_t stacksize, stacklen; 119 | unsigned reflen; 120 | unsigned quote; 121 | int nextstate; /* Used for '@' state remembering and for the "string" consuming state */ 122 | unsigned ignore; 123 | unsigned char *string; 124 | } yxml_t; 125 | 126 | 127 | #ifdef __cplusplus 128 | extern "C" { 129 | #endif 130 | 131 | void yxml_init(yxml_t *, void *, size_t); 132 | 133 | 134 | yxml_ret_t yxml_parse(yxml_t *, int); 135 | 136 | 137 | /* May be called after the last character has been given to yxml_parse(). 138 | * Returns YXML_OK if the XML document is valid, YXML_EEOF otherwise. Using 139 | * this function isn't really necessary, but can be used to detect documents 140 | * that don't end correctly. In particular, an error is returned when the XML 141 | * document did not contain a (complete) root element, or when the document 142 | * ended while in a comment or processing instruction. */ 143 | yxml_ret_t yxml_eof(yxml_t *); 144 | 145 | #ifdef __cplusplus 146 | } 147 | #endif 148 | 149 | 150 | /* Returns the length of the element name (x->elem), attribute name (x->attr), 151 | * or PI name (x->pi). This function should ONLY be used directly after the 152 | * YXML_ELEMSTART, YXML_ATTRSTART or YXML_PISTART (respectively) tokens have 153 | * been returned by yxml_parse(), calling this at any other time may not give 154 | * the correct results. This function should also NOT be used on strings other 155 | * than x->elem, x->attr or x->pi. */ 156 | static inline size_t yxml_symlen(yxml_t *x, const char *s) { 157 | return (x->stack + x->stacklen) - (const unsigned char*)s; 158 | } 159 | 160 | #endif 161 | 162 | /* vim: set noet sw=4 ts=4: */ 163 | -------------------------------------------------------------------------------- /format/coff/coff.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2008-2017 pancake, inisider */ 2 | 3 | #include 4 | 5 | #include "coff.h" 6 | 7 | #define bprintf if(obj->verbose)eprintf 8 | 9 | bool r_coff_supported_arch(const ut8 *buf) { 10 | ut16 arch = *(ut16*)buf; 11 | switch (arch) { 12 | case COFF_FILE_MACHINE_AMD64: 13 | case COFF_FILE_MACHINE_I386: 14 | case COFF_FILE_MACHINE_H8300: 15 | case COFF_FILE_TI_COFF: 16 | case COFF_FILE_MACHINE_R4000: 17 | return true; 18 | default: 19 | return false; 20 | } 21 | } 22 | 23 | int r_coff_is_stripped(struct r_bin_coff_obj *obj) { 24 | return !!(obj->hdr.f_flags & (COFF_FLAGS_TI_F_RELFLG | \ 25 | COFF_FLAGS_TI_F_LNNO | COFF_FLAGS_TI_F_LSYMS)); 26 | } 27 | 28 | char *r_coff_symbol_name(struct r_bin_coff_obj *obj, void *ptr) { 29 | char n[256] = {0}; 30 | int len = 0, offset = 0; 31 | union { 32 | char name[8]; 33 | struct { 34 | ut32 zero; 35 | ut32 offset; 36 | }; 37 | } *p = ptr; 38 | if (!ptr) { 39 | return NULL; 40 | } 41 | if (p->zero) { 42 | return strdup (p->name); 43 | } 44 | offset = obj->hdr.f_symptr + obj->hdr.f_nsyms * sizeof (struct coff_symbol) + p->offset; 45 | if (offset > obj->size) { 46 | return NULL; 47 | } 48 | len = r_buf_read_at (obj->b, offset, (ut8*)n, sizeof (n)); 49 | if (len < 1) { 50 | return NULL; 51 | } 52 | /* ensure null terminated string */ 53 | n[sizeof (n) - 1] = 0; 54 | return strdup (n); 55 | } 56 | 57 | static int r_coff_rebase_sym(struct r_bin_coff_obj *obj, RBinAddr *addr, struct coff_symbol *sym) { 58 | if (sym->n_scnum < 1 || sym->n_scnum > obj->hdr.f_nscns) { 59 | return 0; 60 | } 61 | addr->paddr = obj->scn_hdrs[sym->n_scnum - 1].s_scnptr + sym->n_value; 62 | return 1; 63 | } 64 | 65 | /* Try to get a valid entrypoint using the methods outlined in 66 | * http://ftp.gnu.org/old-gnu/Manuals/ld-2.9.1/html_mono/ld.html#SEC24 */ 67 | RBinAddr *r_coff_get_entry(struct r_bin_coff_obj *obj) { 68 | RBinAddr *addr = R_NEW0 (RBinAddr); 69 | int i; 70 | if (!addr) { 71 | return NULL; 72 | } 73 | /* Simplest case, the header provides the entrypoint address */ 74 | if (obj->hdr.f_opthdr) { 75 | addr->paddr = obj->opt_hdr.entry; 76 | return addr; 77 | } 78 | /* No help from the header eh? Use the address of the symbols '_start' 79 | * or 'main' if present */ 80 | if (obj->symbols) { 81 | for (i = 0; i < obj->hdr.f_nsyms; i++) { 82 | if ((!strcmp (obj->symbols[i].n_name, "_start") || 83 | !strcmp (obj->symbols[i].n_name, "start")) && 84 | r_coff_rebase_sym (obj, addr, &obj->symbols[i])) { 85 | return addr; 86 | } 87 | } 88 | for (i = 0; i < obj->hdr.f_nsyms; i++) { 89 | if ((!strcmp (obj->symbols[i].n_name, "_main") || 90 | !strcmp (obj->symbols[i].n_name, "main")) && 91 | r_coff_rebase_sym (obj, addr, &obj->symbols[i])) { 92 | return addr; 93 | } 94 | } 95 | } 96 | /* Still clueless ? Let's just use the address of .text */ 97 | if (obj->scn_hdrs) { 98 | for (i = 0; i < obj->hdr.f_nscns; i++) { 99 | //avoid doing string matching and use x bit from the section 100 | if (obj->scn_hdrs[i].s_flags & COFF_SCN_MEM_EXECUTE) { 101 | addr->paddr = obj->scn_hdrs[i].s_scnptr; 102 | return addr; 103 | } 104 | } 105 | } 106 | return addr; 107 | } 108 | 109 | static bool r_bin_coff_init_hdr(struct r_bin_coff_obj *obj) { 110 | ut16 magic = *(ut16 *)obj->b->buf; 111 | obj->endian = (magic == COFF_FILE_MACHINE_H8300)? 1 : 0; 112 | int ret = 0; 113 | ret = r_buf_fread_at (obj->b, 0, (ut8 *)&obj->hdr, obj->endian? "2S3I2S": "2s3i2s", 1); 114 | if (ret != sizeof (struct coff_hdr)) { 115 | return false; 116 | } 117 | if (obj->hdr.f_magic == COFF_FILE_TI_COFF) { 118 | ret = r_buf_fread_at (obj->b, R_BUF_CUR, (ut8 *)&obj->target_id, obj->endian? "S": "s", 1); 119 | if (ret != sizeof (ut16)) { 120 | return false; 121 | } 122 | } 123 | return true; 124 | } 125 | 126 | static bool r_bin_coff_init_opt_hdr(struct r_bin_coff_obj *obj) { 127 | int ret; 128 | if (!obj->hdr.f_opthdr) { 129 | return false; 130 | } 131 | ret = r_buf_fread_at (obj->b, sizeof (struct coff_hdr), 132 | (ut8 *)&obj->opt_hdr, obj->endian? "2S6I": "2s6i", 1); 133 | if (ret != sizeof (struct coff_opt_hdr)) { 134 | return false; 135 | } 136 | return true; 137 | } 138 | 139 | static bool r_bin_coff_init_scn_hdr(struct r_bin_coff_obj *obj) { 140 | int ret, size; 141 | ut64 offset = sizeof (struct coff_hdr) + (obj->hdr.f_opthdr ? sizeof (struct coff_opt_hdr) : 0); 142 | if (obj->hdr.f_magic == COFF_FILE_TI_COFF) { 143 | offset += 2; 144 | } 145 | size = obj->hdr.f_nscns * sizeof (struct coff_scn_hdr); 146 | if (offset > obj->size || offset + size > obj->size || size < 0) { 147 | return false; 148 | } 149 | obj->scn_hdrs = calloc (1, size + sizeof (struct coff_scn_hdr)); 150 | if (!obj->scn_hdrs) { 151 | return false; 152 | } 153 | ret = r_buf_fread_at (obj->b, offset, (ut8 *)obj->scn_hdrs, obj->endian? "8c6I2S1I": "8c6i2s1i", obj->hdr.f_nscns); 154 | if (ret != size) { 155 | R_FREE (obj->scn_hdrs); 156 | return false; 157 | } 158 | return true; 159 | } 160 | 161 | static bool r_bin_coff_init_symtable(struct r_bin_coff_obj *obj) { 162 | int ret, size; 163 | ut64 offset = obj->hdr.f_symptr; 164 | if (obj->hdr.f_nsyms >= 0xffff || !obj->hdr.f_nsyms) { // too much symbols, probably not allocatable 165 | return false; 166 | } 167 | size = obj->hdr.f_nsyms * sizeof (struct coff_symbol); 168 | if (size < 0 || 169 | size > obj->size || 170 | offset > obj->size || 171 | offset + size > obj->size) { 172 | return false; 173 | } 174 | obj->symbols = calloc (1, size + sizeof (struct coff_symbol)); 175 | if (!obj->symbols) { 176 | return false; 177 | } 178 | ret = r_buf_fread_at (obj->b, offset, (ut8 *)obj->symbols, obj->endian? "8c1I2S2c": "8c1i2s2c", obj->hdr.f_nsyms); 179 | if (ret != size) { 180 | R_FREE (obj->symbols); 181 | return false; 182 | } 183 | return true; 184 | } 185 | 186 | static int r_bin_coff_init(struct r_bin_coff_obj *obj, RBuffer *buf, bool verbose) { 187 | obj->b = r_buf_new (); 188 | obj->size = buf->length; 189 | obj->verbose = verbose; 190 | if (!r_buf_set_bytes (obj->b, buf->buf, obj->size)){ 191 | r_buf_free (obj->b); 192 | return false; 193 | } 194 | if (!r_bin_coff_init_hdr (obj)) { 195 | bprintf ("Warning: failed to init hdr\n"); 196 | return false; 197 | } 198 | r_bin_coff_init_opt_hdr (obj); 199 | if (!r_bin_coff_init_scn_hdr (obj)) { 200 | bprintf ("Warning: failed to init section header\n"); 201 | return false; 202 | } 203 | if (!r_bin_coff_init_symtable (obj)) { 204 | bprintf ("Warning: failed to init symtable\n"); 205 | return false; 206 | } 207 | return true; 208 | } 209 | 210 | void r_bin_coff_free(struct r_bin_coff_obj *obj) { 211 | free (obj->scn_hdrs); 212 | free (obj->symbols); 213 | R_FREE (obj); 214 | } 215 | 216 | struct r_bin_coff_obj* r_bin_coff_new_buf(RBuffer *buf, bool verbose) { 217 | struct r_bin_coff_obj* bin = R_NEW0 (struct r_bin_coff_obj); 218 | r_bin_coff_init (bin, buf, verbose); 219 | return bin; 220 | } 221 | -------------------------------------------------------------------------------- /format/mach0/mach0_specs.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef _INCLUDE_R_BIN_MACH0_SPECS_H_ 3 | #define _INCLUDE_R_BIN_MACH0_SPECS_H_ 4 | 5 | typedef int integer_t; 6 | 7 | // NOTE(eddyb) the following have been slightly modified to work under radare. 8 | 9 | #include "mach0_defines.h" 10 | 11 | // HACK(eddyb) everything below is from the old mach0_specs.h, should replace 12 | // with proper original definitions. 13 | 14 | #undef MACH0_ 15 | 16 | #if R_BIN_MACH064 17 | #define MACH0_(name) name##_64 18 | #else 19 | #define MACH0_(name) name 20 | #endif 21 | 22 | #define R_BIN_MACH0_SYMBOL_TYPE_EXT 0 23 | #define R_BIN_MACH0_SYMBOL_TYPE_LOCAL 1 24 | 25 | struct x86_thread_state32 { 26 | ut32 eax; 27 | ut32 ebx; 28 | ut32 ecx; 29 | ut32 edx; 30 | ut32 edi; 31 | ut32 esi; 32 | ut32 ebp; 33 | ut32 esp; 34 | ut32 ss; 35 | ut32 eflags; 36 | ut32 eip; 37 | ut32 cs; 38 | ut32 ds; 39 | ut32 es; 40 | ut32 fs; 41 | ut32 gs; 42 | }; 43 | 44 | struct x86_thread_state64 { 45 | ut64 rax; 46 | ut64 rbx; 47 | ut64 rcx; 48 | ut64 rdx; 49 | ut64 rdi; 50 | ut64 rsi; 51 | ut64 rbp; 52 | ut64 rsp; 53 | ut64 r8; 54 | ut64 r9; 55 | ut64 r10; 56 | ut64 r11; 57 | ut64 r12; 58 | ut64 r13; 59 | ut64 r14; 60 | ut64 r15; 61 | ut64 rip; 62 | ut64 rflags; 63 | ut64 cs; 64 | ut64 fs; 65 | ut64 gs; 66 | }; 67 | 68 | #define X86_THREAD_STATE32 1 69 | #define X86_THREAD_STATE64 4 70 | 71 | struct ppc_thread_state32 { 72 | ut32 srr0; /* Instruction address register (PC) */ 73 | ut32 srr1; /* Machine state register (supervisor) */ 74 | ut32 r0; 75 | ut32 r1; 76 | ut32 r2; 77 | ut32 r3; 78 | ut32 r4; 79 | ut32 r5; 80 | ut32 r6; 81 | ut32 r7; 82 | ut32 r8; 83 | ut32 r9; 84 | ut32 r10; 85 | ut32 r11; 86 | ut32 r12; 87 | ut32 r13; 88 | ut32 r14; 89 | ut32 r15; 90 | ut32 r16; 91 | ut32 r17; 92 | ut32 r18; 93 | ut32 r19; 94 | ut32 r20; 95 | ut32 r21; 96 | ut32 r22; 97 | ut32 r23; 98 | ut32 r24; 99 | ut32 r25; 100 | ut32 r26; 101 | ut32 r27; 102 | ut32 r28; 103 | ut32 r29; 104 | ut32 r30; 105 | ut32 r31; 106 | 107 | ut32 cr; /* Condition register */ 108 | ut32 xer; /* User's integer exception register */ 109 | ut32 lr; /* Link register */ 110 | ut32 ctr; /* Count register */ 111 | ut32 mq; /* MQ register (601 only) */ 112 | 113 | ut32 vrsave; /* Vector Save Register */ 114 | }; 115 | 116 | struct ppc_thread_state64 { 117 | ut64 srr0; /* Instruction address register (PC) */ 118 | ut64 srr1; /* Machine state register (supervisor) */ 119 | ut64 r0; 120 | ut64 r1; 121 | ut64 r2; 122 | ut64 r3; 123 | ut64 r4; 124 | ut64 r5; 125 | ut64 r6; 126 | ut64 r7; 127 | ut64 r8; 128 | ut64 r9; 129 | ut64 r10; 130 | ut64 r11; 131 | ut64 r12; 132 | ut64 r13; 133 | ut64 r14; 134 | ut64 r15; 135 | ut64 r16; 136 | ut64 r17; 137 | ut64 r18; 138 | ut64 r19; 139 | ut64 r20; 140 | ut64 r21; 141 | ut64 r22; 142 | ut64 r23; 143 | ut64 r24; 144 | ut64 r25; 145 | ut64 r26; 146 | ut64 r27; 147 | ut64 r28; 148 | ut64 r29; 149 | ut64 r30; 150 | ut64 r31; 151 | 152 | ut32 cr; /* Condition register */ 153 | ut64 xer; /* User's integer exception register */ 154 | ut64 lr; /* Link register */ 155 | ut64 ctr; /* Count register */ 156 | 157 | ut32 vrsave; /* Vector Save Register */ 158 | }; 159 | 160 | struct arm_thread_state32 { 161 | ut32 r0; 162 | ut32 r1; 163 | ut32 r2; 164 | ut32 r3; 165 | ut32 r4; 166 | ut32 r5; 167 | ut32 r6; 168 | ut32 r7; 169 | ut32 r8; 170 | ut32 r9; 171 | ut32 r10; 172 | ut32 r11; 173 | ut32 r12; 174 | ut32 r13; 175 | ut32 r14; 176 | ut32 r15; 177 | ut32 r16; /* Apple's thread_state has this 17th reg, bug?? */ 178 | }; 179 | 180 | struct arm_thread_state64 { 181 | ut64 x[29]; 182 | ut64 fp; 183 | ut64 lr; 184 | ut64 sp; 185 | ut64 pc; 186 | ut32 cpsr; 187 | }; 188 | 189 | /* Cache header */ 190 | 191 | struct cache_header { 192 | char version[16]; 193 | ut32 baseaddroff; //mappingOffset 194 | ut32 mappingCount; 195 | ut32 startaddr; 196 | ut32 numlibs; 197 | ut64 dyldaddr; 198 | ut64 codeSignatureOffset; 199 | ut64 codeSignatureSize; 200 | ut64 slideInfoOffset; 201 | ut64 slideInfoSize; 202 | ut64 localSymbolsOffset; 203 | ut64 localSymbolsSize; 204 | }; 205 | 206 | // dupe? 207 | typedef struct { 208 | char magic[16]; 209 | uint32_t mappingOffset; 210 | uint32_t mappingCount; 211 | uint32_t imagesOffset; 212 | uint32_t imagesCount; 213 | uint64_t dyldBaseAddress; 214 | uint64_t codeSignatureOffset; 215 | uint64_t codeSignatureSize; 216 | uint64_t slideInfoOffset; 217 | uint64_t slideInfoSize; 218 | uint64_t localSymbolsOffset; 219 | uint64_t localSymbolsSize; 220 | uint8_t uuid[16]; 221 | uint64_t cacheType; 222 | uint32_t branchPoolsOffset; 223 | uint32_t branchPoolsCount; 224 | uint64_t accelerateInfoAddr; 225 | uint64_t accelerateInfoSize; 226 | uint64_t imagesTextOffset; 227 | uint64_t imagesTextCount; 228 | } cache_hdr_t; 229 | 230 | typedef struct { 231 | uint64_t address; 232 | uint64_t size; 233 | uint64_t fileOffset; 234 | uint32_t maxProt; 235 | uint32_t initProt; 236 | } cache_map_t; 237 | 238 | typedef struct { 239 | uint64_t address; 240 | uint64_t modTime; 241 | uint64_t inode; 242 | uint32_t pathFileOffset; 243 | uint32_t pad; 244 | } cache_img_t; 245 | 246 | typedef struct 247 | { 248 | uint32_t version; 249 | uint32_t page_size; 250 | uint32_t page_starts_count; 251 | uint32_t padding; 252 | uint64_t auth_value_add; 253 | } cache_slide3_t; 254 | 255 | typedef struct { 256 | uint32_t version; 257 | uint32_t page_size; 258 | uint32_t page_starts_offset; 259 | uint32_t page_starts_count; 260 | uint32_t page_extras_offset; 261 | uint32_t page_extras_count; 262 | uint64_t delta_mask; 263 | uint64_t value_add; 264 | } cache_slide2_t; 265 | 266 | typedef struct { 267 | uint32_t version; 268 | uint32_t toc_offset; 269 | uint32_t toc_count; 270 | uint32_t entries_offset; 271 | uint32_t entries_count; 272 | uint32_t entries_size; 273 | } cache_slide1_t; 274 | 275 | typedef struct 276 | { 277 | uint32_t version; 278 | uint32_t imageExtrasCount; 279 | uint32_t imagesExtrasOffset; 280 | uint32_t bottomUpListOffset; 281 | uint32_t dylibTrieOffset; 282 | uint32_t dylibTrieSize; 283 | uint32_t initializersOffset; 284 | uint32_t initializersCount; 285 | uint32_t dofSectionsOffset; 286 | uint32_t dofSectionsCount; 287 | uint32_t reExportListOffset; 288 | uint32_t reExportCount; 289 | uint32_t depListOffset; 290 | uint32_t depListCount; 291 | uint32_t rangeTableOffset; 292 | uint32_t rangeTableCount; 293 | uint64_t dyldSectionAddr; 294 | } cache_accel_t; 295 | 296 | typedef struct 297 | { 298 | uint64_t exportsTrieAddr; 299 | uint64_t weakBindingsAddr; 300 | uint32_t exportsTrieSize; 301 | uint32_t weakBindingsSize; 302 | uint32_t dependentsStartArrayIndex; 303 | uint32_t reExportsStartArrayIndex; 304 | } cache_imgxtr_t; 305 | 306 | #define DYLD_CACHE_SLIDE_PAGE_ATTRS 0xC000 307 | #define DYLD_CACHE_SLIDE_PAGE_ATTR_EXTRA 0x8000 308 | #define DYLD_CACHE_SLIDE_PAGE_ATTR_NO_REBASE 0x4000 309 | #define DYLD_CACHE_SLIDE_PAGE_ATTR_END 0x8000 310 | #define DYLD_CACHE_SLIDE_V3_PAGE_ATTR_NO_REBASE 0xFFFF 311 | #endif 312 | -------------------------------------------------------------------------------- /format/coff/coff_specs.h: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2014 - Fedor Sakharov */ 2 | #ifndef COFF_SPECS_H 3 | #define COFF_SPECS_H 4 | 5 | #include 6 | 7 | #define COFF_FILE_MACHINE_UNKNOWN 0x0 8 | #define COFF_FILE_MACHINE_AM33 0x1d3 9 | #define COFF_FILE_MACHINE_AMD64 0x8664 10 | #define COFF_FILE_MACHINE_ARM 0x1c0 11 | #define COFF_FILE_MACHINE_ARMNT 0x1c4 12 | #define COFF_FILE_MACHINE_ARM64 0xaa64 13 | #define COFF_FILE_MACHINE_EBC 0xebc 14 | #define COFF_FILE_MACHINE_I386 0x14c 15 | #define COFF_FILE_MACHINE_IA64 0x200 16 | #define COFF_FILE_MACHINE_M32R 0x9041 17 | #define COFF_FILE_MACHINE_MIPS16 0x266 18 | #define COFF_FILE_MACHINE_MIPSFPU 0x366 19 | #define COFF_FILE_MACHINE_MIPSFPU16 0x466 20 | #define COFF_FILE_MACHINE_POWERPC 0x1f0 21 | #define COFF_FILE_MACHINE_POWERPCFP 0x1f1 22 | #define COFF_FILE_MACHINE_R4000 0x166 23 | #define COFF_FILE_MACHINE_SH3 0x1a2 24 | #define COFF_FILE_MACHINE_SH3DSP 0x1a3 25 | #define COFF_FILE_MACHINE_SH4 0x1a6 26 | #define COFF_FILE_MACHINE_SH5 0x1a8 27 | #define COFF_FILE_MACHINE_THUMB 0x1c2 28 | #define COFF_FILE_MACHINE_WCEMIPSV2 0x169 29 | #define COFF_FILE_MACHINE_H8300 0x0083 30 | 31 | #define COFF_FILE_TI_COFF 0xc1 32 | #define COFF_FILE_MACHINE_TMS470 0x0097 33 | #define COFF_FILE_MACHINE_TMS320C54 0x0098 34 | #define COFF_FILE_MACHINE_TMS320C60 0x0099 35 | #define COFF_FILE_MACHINE_TMS320C55 0x009C 36 | #define COFF_FILE_MACHINE_TMS320C28 0x009D 37 | #define COFF_FILE_MACHINE_MSP430 0x00A0 38 | #define COFF_FILE_MACHINE_TMS320C55PLUS 0x00A1 39 | 40 | #define COFF_FLAGS_TI_F_RELFLG 0x0001 41 | #define COFF_FLAGS_TI_F_EXEC 0x0002 42 | #define COFF_FLAGS_TI_F_LNNO 0x0004 43 | #define COFF_FLAGS_TI_F_LSYMS 0x0008 44 | #define COFF_FLAGS_TI_F_BIG 0x0200 45 | #define COFF_FLAGS_TI_F_LITTLE 0x0100 46 | 47 | #define COFF_SCN_TYPE_NO_PAD 0x00000008 48 | #define COFF_SCN_CNT_CODE 0x00000020 49 | #define COFF_SCN_CNT_INIT_DATA 0x00000040 50 | #define COFF_SCN_LNK_OTHER 0x00000100 51 | #define COFF_SCN_LNK_INFO 0x00000200 52 | #define COFF_SCN_LNK_REMOVE 0x00000800 53 | #define COFF_SCN_LNK_COMDAT 0x00001000 54 | #define COFF_SCN_GPREL 0x00008000 55 | #define COFF_SCN_MEM_PURGEABLE 0x00010000 56 | #define COFF_SCN_MEM_16BIT 0x00020000 57 | #define COFF_SCN_MEM_LOCKED 0x00040000 58 | #define COFF_SCN_MEM_PRELOAD 0x00080000 59 | #define COFF_SCN_ALIGN_1BYTES 0x00100000 60 | #define COFF_SCN_ALIGN_2BYTES 0x00200000 61 | #define COFF_SCN_ALIGN_4BYTES 0x00300000 62 | #define COFF_SCN_ALIGN_8BYTES 0x00400000 63 | #define COFF_SCN_ALIGN_16BYTES 0x00500000 64 | #define COFF_SCN_ALIGN_32BYTES 0x00600000 65 | #define COFF_SCN_ALIGN_64BYTES 0x00700000 66 | #define COFF_SCN_ALIGN_128BYTES 0x00800000 67 | #define COFF_SCN_ALIGN_256BYTES 0x00900000 68 | #define COFF_SCN_ALIGN_512BYTES 0x00A00000 69 | #define COFF_SCN_ALIGN_1024BYTES 0x00B00000 70 | #define COFF_SCN_ALIGN_2048BYTES 0x00C00000 71 | #define COFF_SCN_ALIGN_4096BYTES 0x00D00000 72 | #define COFF_SCN_ALIGN_8192BYTES 0x00E00000 73 | #define COFF_SCN_LNK_NRELOC_OVFL 0x01000000 74 | #define COFF_SCN_MEM_DISCARDABLE 0x02000000 75 | #define COFF_SCN_MEM_NOT_CACHED 0x04000000 76 | #define COFF_SCN_MEM_NOT_PAGED 0x08000000 77 | #define COFF_SCN_MEM_SHARED 0x10000000 78 | #define COFF_SCN_MEM_EXECUTE 0x20000000 79 | #define COFF_SCN_MEM_READ 0x40000000 80 | #define COFF_SCN_MEM_WRITE 0x80000000 81 | 82 | #define COFF_SYM_TYPE_NULL 0 83 | #define COFF_SYM_TYPE_VOID 1 84 | #define COFF_SYM_TYPE_CHAR 2 85 | #define COFF_SYM_TYPE_SHORT 3 86 | #define COFF_SYM_TYPE_INT 4 87 | #define COFF_SYM_TYPE_LONG 5 88 | #define COFF_SYM_TYPE_FLOAT 6 89 | #define COFF_SYM_TYPE_DOUBLE 7 90 | #define COFF_SYM_TYPE_STRUCT 8 91 | #define COFF_SYM_TYPE_UNION 9 92 | #define COFF_SYM_TYPE_ENUM 10 93 | #define COFF_SYM_TYPE_MOE 11 94 | #define COFF_SYM_TYPE_BYTE 12 95 | #define COFF_SYM_TYPE_WORD 13 96 | #define COFF_SYM_TYPE_UINT 14 97 | #define COFF_SYM_TYPE_DWORD 15 98 | 99 | #define COFF_SYM_DTYPE_NULL 0 100 | #define COFF_SYM_DTYPE_POINTER 1 101 | #define COFF_SYM_DTYPE_FUNCTION 2 102 | #define COFF_SYM_DTYPE_ARRAY 3 103 | 104 | #define COFF_SYM_CLASS_END_OF_FUNCTION 0xFF 105 | #define COFF_SYM_CLASS_NULL 0 106 | #define COFF_SYM_CLASS_AUTOMATIC 1 107 | #define COFF_SYM_CLASS_EXTERNAL 2 108 | #define COFF_SYM_CLASS_STATIC 3 109 | #define COFF_SYM_CLASS_REGISTER 4 110 | #define COFF_SYM_CLASS_EXTERNAL_DEF 5 111 | #define COFF_SYM_CLASS_LABEL 6 112 | #define COFF_SYM_CLASS_UNDEFINED_LABEL 7 113 | #define COFF_SYM_CLASS_MEMBER_OF_STRUCT 8 114 | #define COFF_SYM_CLASS_ARGUMENT 9 115 | #define COFF_SYM_CLASS_STRUCT_TAG 10 116 | #define COFF_SYM_CLASS_MEMBER_OF_UNION 11 117 | #define COFF_SYM_CLASS_UNION_TAG 12 118 | #define COFF_SYM_CLASS_TYPE_DEFINITION 13 119 | #define COFF_SYM_CLASS_UNDEFINED_STATIC 14 120 | #define COFF_SYM_CLASS_ENUM_TAG 15 121 | #define COFF_SYM_CLASS_MEMBER_OF_ENUM 16 122 | #define COFF_SYM_CLASS_REGISTER_PARAM 17 123 | #define COFF_SYM_CLASS_BIT_FIELD 18 124 | #define COFF_SYM_CLASS_BLOCK 100 125 | #define COFF_SYM_CLASS_FUNCTION 101 126 | #define COFF_SYM_CLASS_END_OF_STRUCT 102 127 | #define COFF_SYM_CLASS_FILE 103 128 | #define COFF_SYM_CLASS_SECTION 104 129 | #define COFF_SYM_CLASS_WEAK_EXTERNAL 105 130 | #define COFF_SYM_CLASS_CLR_TOKEN 107 131 | 132 | R_PACKED( 133 | struct coff_hdr { 134 | ut16 f_magic; /* Magic number */ 135 | ut16 f_nscns; /* Number of Sections */ 136 | ut32 f_timdat; /* Time & date stamp */ 137 | ut32 f_symptr; /* File pointer to Symbol Table */ 138 | ut32 f_nsyms; /* Number of Symbols */ 139 | ut16 f_opthdr; /* sizeof(Optional Header) */ 140 | ut16 f_flags; /* Flags */ 141 | });// __attribute__ ((packed)); 142 | 143 | R_PACKED ( 144 | struct coff_opt_hdr { 145 | ut16 magic; /* Magic Number */ 146 | ut16 vstamp; /* Version stamp */ 147 | ut32 tsize; /* Text size in bytes */ 148 | ut32 dsize; /* Initialised data size */ 149 | ut32 bsize; /* Uninitialised data size */ 150 | ut32 entry; /* Entry point */ 151 | ut32 text_start; /* Base of Text used for this file */ 152 | ut32 data_start; /* Base of Data used for this file */ 153 | }); 154 | 155 | R_PACKED ( 156 | struct coff_scn_hdr { 157 | char s_name[8]; /* Section Name */ 158 | ut32 s_paddr; /* Physical Address */ 159 | ut32 s_vaddr; /* Virtual Address */ 160 | ut32 s_size; /* Section Size in Bytes */ 161 | ut32 s_scnptr; /* File offset to the Section data */ 162 | ut32 s_relptr; /* File offset to the Relocation table for this Section */ 163 | ut32 s_lnnoptr; /* File offset to the Line Number table for this Section */ 164 | ut16 s_nreloc; /* Number of Relocation table entries */ 165 | ut16 s_nlnno; /* Number of Line Number table entries */ 166 | ut32 s_flags; /* Flags for this section */ 167 | }); 168 | 169 | R_PACKED ( 170 | struct coff_symbol { 171 | char n_name[8]; /* Symbol Name */ 172 | ut32 n_value; /* Value of Symbol */ 173 | ut16 n_scnum; /* Section Number */ 174 | ut16 n_type; /* Symbol Type */ 175 | ut8 n_sclass; /* Storage Class */ 176 | ut8 n_numaux; /* Auxiliary Count */ 177 | }); 178 | 179 | R_PACKED ( 180 | struct coff_reloc { 181 | ut32 r_vaddr; /* Reference Address */ 182 | ut32 r_symndx; /* Symbol index */ 183 | ut16 r_type; /* Type of relocation */ 184 | }); 185 | #endif /* COFF_SPECS_H */ 186 | -------------------------------------------------------------------------------- /format/mdmp/mdmp_pe.c: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016-2018 - Davis, Alex Kornitzer */ 2 | 3 | #include 4 | #include 5 | 6 | #include "mdmp_pe.h" 7 | 8 | static void PE_(add_tls_callbacks)(struct PE_(r_bin_pe_obj_t) *bin, RList* list) { 9 | char *key; 10 | int count = 0; 11 | PE_DWord haddr, paddr, vaddr; 12 | RBinAddr *ptr = NULL; 13 | 14 | do { 15 | key = sdb_fmt ("pe.tls_callback%d_paddr", count); 16 | paddr = sdb_num_get (bin->kv, key, 0); 17 | if (!paddr) { 18 | break; 19 | } 20 | 21 | key = sdb_fmt ("pe.tls_callback%d_vaddr", count); 22 | vaddr = sdb_num_get (bin->kv, key, 0); 23 | if (!vaddr) { 24 | break; 25 | } 26 | 27 | key = sdb_fmt ("pe.tls_callback%d_haddr", count); 28 | haddr = sdb_num_get (bin->kv, key, 0); 29 | if (!haddr) { 30 | break; 31 | } 32 | if ((ptr = R_NEW0 (RBinAddr))) { 33 | ptr->paddr = paddr; 34 | ptr->vaddr = vaddr; 35 | ptr->hpaddr = haddr; 36 | ptr->type = R_BIN_ENTRY_TYPE_TLS; 37 | r_list_append (list, ptr); 38 | } 39 | count++; 40 | } while (vaddr); 41 | } 42 | 43 | RList *PE_(r_bin_mdmp_pe_get_entrypoint)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin) { 44 | ut64 offset; 45 | struct r_bin_pe_addr_t *entry = NULL; 46 | RBinAddr *ptr = NULL; 47 | RList* ret; 48 | 49 | if (!(entry = PE_(r_bin_pe_get_entrypoint) (pe_bin->bin))) { 50 | return NULL; 51 | } 52 | if (!(ret = r_list_new ())) { 53 | return NULL; 54 | } 55 | 56 | if ((ptr = R_NEW0 (RBinAddr))) { 57 | offset = entry->vaddr; 58 | if (offset > pe_bin->vaddr) { 59 | offset -= pe_bin->vaddr; 60 | } 61 | ptr->paddr = offset + pe_bin->paddr; 62 | ptr->vaddr = offset + pe_bin->vaddr; 63 | ptr->hpaddr = pe_bin->paddr + entry->haddr; 64 | ptr->type = R_BIN_ENTRY_TYPE_PROGRAM; 65 | 66 | r_list_append (ret, ptr); 67 | } 68 | 69 | PE_(add_tls_callbacks) (pe_bin->bin, ret); 70 | 71 | free (entry); 72 | 73 | return ret; 74 | } 75 | 76 | static void filter_import(ut8 *n) { 77 | int I; 78 | for (I = 0; n[I]; I++) { 79 | if (n[I] < 30 || n[I] >= 0x7f) { 80 | n[I] = 0; 81 | break; 82 | } 83 | } 84 | } 85 | 86 | RList *PE_(r_bin_mdmp_pe_get_imports)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin) { 87 | int i; 88 | ut64 offset; 89 | struct r_bin_pe_import_t *imports = NULL; 90 | RBinImport *ptr = NULL; 91 | RBinReloc *rel; 92 | RList *ret, *relocs; 93 | 94 | imports = PE_(r_bin_pe_get_imports) (pe_bin->bin); 95 | ret = r_list_new (); 96 | relocs = r_list_newf (free); 97 | 98 | if (!imports || !ret || !relocs) { 99 | free (imports); 100 | free (ret); 101 | free (relocs); 102 | return NULL; 103 | } 104 | 105 | pe_bin->bin->relocs = relocs; 106 | for (i = 0; !imports[i].last; i++) { 107 | if (!(ptr = R_NEW0 (RBinImport))) { 108 | break; 109 | } 110 | filter_import (imports[i].name); 111 | ptr->name = strdup ((char*)imports[i].name); 112 | ptr->bind = r_str_const ("NONE"); 113 | ptr->type = r_str_const (R_BIN_TYPE_FUNC_STR); 114 | ptr->ordinal = imports[i].ordinal; 115 | r_list_append (ret, ptr); 116 | 117 | if (!(rel = R_NEW0 (RBinReloc))) { 118 | break; 119 | } 120 | #ifdef R_BIN_PE64 121 | rel->type = R_BIN_RELOC_64; 122 | #else 123 | rel->type = R_BIN_RELOC_32; 124 | #endif 125 | offset = imports[i].vaddr; 126 | if (offset > pe_bin->vaddr) { 127 | offset -= pe_bin->vaddr; 128 | } 129 | rel->additive = 0; 130 | rel->import = ptr; 131 | rel->addend = 0; 132 | rel->vaddr = offset + pe_bin->vaddr; 133 | rel->paddr = imports[i].paddr + pe_bin->paddr; 134 | r_list_append (relocs, rel); 135 | } 136 | free (imports); 137 | 138 | return ret; 139 | } 140 | 141 | RList *PE_(r_bin_mdmp_pe_get_sections)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin) { 142 | /* TODO: Vet code, taken verbatim(ish) from bin_pe.c */ 143 | int i; 144 | ut64 ba = pe_bin->vaddr;//baddr (arch); 145 | struct r_bin_pe_section_t *sections = NULL; 146 | RBinSection *ptr; 147 | RList *ret; 148 | 149 | if (!(ret = r_list_new ())) { 150 | return NULL; 151 | } 152 | if (!pe_bin->bin || !(sections = pe_bin->bin->sections)){ 153 | r_list_free (ret); 154 | return NULL; 155 | } 156 | PE_(r_bin_pe_check_sections) (pe_bin->bin, §ions); 157 | for (i = 0; !sections[i].last; i++) { 158 | if (!(ptr = R_NEW0 (RBinSection))) { 159 | break; 160 | } 161 | if (sections[i].name[0]) { 162 | ptr->name = strdup ((char*)sections[i].name); 163 | } else { 164 | ptr->name = strdup (""); 165 | } 166 | ptr->size = sections[i].size; 167 | if (ptr->size > pe_bin->bin->size) { 168 | if (sections[i].vsize < pe_bin->bin->size) { 169 | ptr->size = sections[i].vsize; 170 | } else { 171 | //hack give it page size 172 | ptr->size = 4096; 173 | } 174 | } 175 | ptr->vsize = sections[i].vsize; 176 | if (!ptr->vsize && ptr->size) { 177 | ptr->vsize = ptr->size; 178 | } 179 | ptr->paddr = sections[i].paddr + pe_bin->paddr; 180 | ptr->vaddr = sections[i].vaddr + ba; 181 | ptr->add = false; 182 | ptr->perm = 0; 183 | if (R_BIN_PE_SCN_IS_EXECUTABLE (sections[i].perm)) { 184 | ptr->perm |= R_PERM_X; 185 | } 186 | if (R_BIN_PE_SCN_IS_WRITABLE (sections[i].perm)) { 187 | ptr->perm |= R_PERM_W; 188 | } 189 | if (R_BIN_PE_SCN_IS_READABLE (sections[i].perm)) { 190 | ptr->perm |= R_PERM_X; 191 | } 192 | if (R_BIN_PE_SCN_IS_SHAREABLE (sections[i].perm)) { 193 | ptr->perm |= R_PERM_SHAR; 194 | } 195 | #define X 1 196 | #define ROW (4 | 2) 197 | if (ptr->perm & ROW && !(ptr->perm & X) && ptr->size > 0) { 198 | if (!strcmp (ptr->name, ".rsrc") || 199 | !strcmp (ptr->name, ".data") || 200 | !strcmp (ptr->name, ".rdata")) { 201 | ptr->is_data = true; 202 | } 203 | } 204 | r_list_append (ret, ptr); 205 | } 206 | return ret; 207 | } 208 | 209 | RList *PE_(r_bin_mdmp_pe_get_symbols)(struct PE_(r_bin_mdmp_pe_bin) *pe_bin) { 210 | int i; 211 | ut64 offset; 212 | struct r_bin_pe_export_t *symbols = NULL; 213 | struct r_bin_pe_import_t *imports = NULL; 214 | RBinSymbol *ptr = NULL; 215 | RList* ret; 216 | 217 | if (!(ret = r_list_new ())) { 218 | return NULL; 219 | } 220 | 221 | /* TODO: Load symbol table from pdb file */ 222 | if ((symbols = PE_(r_bin_pe_get_exports) (pe_bin->bin))) { 223 | for (i = 0; !symbols[i].last; i++) { 224 | if (!(ptr = R_NEW0 (RBinSymbol))) { 225 | break; 226 | } 227 | offset = symbols[i].vaddr; 228 | if (offset > pe_bin->vaddr) { 229 | offset -= pe_bin->vaddr; 230 | } 231 | ptr->name = strdup ((char *)symbols[i].name); 232 | ptr->forwarder = r_str_const ((char *)symbols[i].forwarder); 233 | ptr->bind = r_str_const (R_BIN_BIND_GLOBAL_STR); 234 | ptr->type = r_str_const (R_BIN_TYPE_FUNC_STR); 235 | ptr->size = 0; 236 | ptr->vaddr = offset + pe_bin->vaddr; 237 | ptr->paddr = symbols[i].paddr + pe_bin->paddr; 238 | ptr->ordinal = symbols[i].ordinal; 239 | 240 | r_list_append (ret, ptr); 241 | } 242 | free (symbols); 243 | } 244 | /* Calling imports is unstable at the moment, I think this is an issue in pe.c */ 245 | if ((imports = PE_(r_bin_pe_get_imports) (pe_bin->bin))) { 246 | for (i = 0; !imports[i].last; i++) { 247 | if (!(ptr = R_NEW0 (RBinSymbol))) { 248 | break; 249 | } 250 | offset = imports[i].vaddr; 251 | if (offset > pe_bin->vaddr) { 252 | offset -= pe_bin->vaddr; 253 | } 254 | ptr->name = r_str_newf ("imp.%s", imports[i].name); 255 | ptr->bind = r_str_const ("NONE"); 256 | ptr->type = r_str_const (R_BIN_TYPE_FUNC_STR); 257 | ptr->size = 0; 258 | ptr->vaddr = offset + pe_bin->vaddr; 259 | ptr->paddr = imports[i].paddr + pe_bin->paddr; 260 | ptr->ordinal = imports[i].ordinal; 261 | 262 | r_list_append (ret, ptr); 263 | } 264 | free (imports); 265 | } 266 | 267 | return ret; 268 | } 269 | -------------------------------------------------------------------------------- /format/mach0/dyldcache.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2010-2018 - nibble, pancake */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include "dyldcache.h" 7 | 8 | static int r_bin_dyldcache_init(struct r_bin_dyldcache_obj_t* bin) { 9 | int len = r_buf_fread_at (bin->b, 0, (ut8*)&bin->hdr, "16c4i7l", 1); 10 | if (len == -1) { 11 | perror ("read (cache_header)"); 12 | return false; 13 | } 14 | bin->nlibs = bin->hdr.numlibs; 15 | return true; 16 | } 17 | 18 | static int r_bin_dyldcache_apply_patch (struct r_buf_t* buf, ut32 data, ut64 offset) { 19 | return r_buf_write_at (buf, offset, (ut8*)&data, sizeof (data)); 20 | } 21 | 22 | #define NZ_OFFSET(x) if((x) > 0) r_bin_dyldcache_apply_patch (dbuf, (x) - linkedit_offset, (ut64)((size_t)&(x) - (size_t)data)) 23 | 24 | // make it public in util/buf.c ? 25 | static ut64 r_buf_read64le (RBuffer *buf, ut64 off) { 26 | ut8 data[8] = {0}; 27 | r_buf_read_at (buf, off, data, 8); 28 | return r_read_le64 (data); 29 | } 30 | 31 | static char *r_buf_read_string (RBuffer *buf, ut64 addr, int len) { 32 | ut8 *data = malloc (len); 33 | if (data) { 34 | r_buf_read_at (buf, addr, data, len); 35 | data[len - 1] = 0; 36 | return (char *)data; 37 | } 38 | return NULL; 39 | } 40 | 41 | /* TODO: Needs more testing and ERROR HANDLING */ 42 | struct r_bin_dyldcache_lib_t *r_bin_dyldcache_extract(struct r_bin_dyldcache_obj_t* bin, int idx, int *nlib) { 43 | ut64 liboff, linkedit_offset; 44 | ut64 dyld_vmbase; 45 | ut32 addend = 0; 46 | struct r_bin_dyldcache_lib_t *ret = NULL; 47 | struct dyld_cache_image_info* image_infos = NULL; 48 | struct mach_header *mh; 49 | ut8 *data, *cmdptr; 50 | int cmd, libsz = 0; 51 | RBuffer* dbuf; 52 | char *libname; 53 | 54 | if (!bin) { 55 | return NULL; 56 | } 57 | if (bin->size < 1) { 58 | eprintf ("Empty file? (%s)\n", bin->file? bin->file: "(null)"); 59 | return NULL; 60 | } 61 | if (bin->nlibs < 0 || idx < 0 || idx >= bin->nlibs) { 62 | return NULL; 63 | } 64 | *nlib = bin->nlibs; 65 | ret = R_NEW0 (struct r_bin_dyldcache_lib_t); 66 | if (!ret) { 67 | return NULL; 68 | } 69 | if (bin->hdr.startaddr > bin->size) { 70 | eprintf ("corrupted dyldcache"); 71 | free (ret); 72 | return NULL; 73 | } 74 | 75 | if (bin->hdr.startaddr > bin->size || bin->hdr.baseaddroff > bin->size) { 76 | eprintf ("corrupted dyldcache"); 77 | free (ret); 78 | return NULL; 79 | } 80 | int sz = bin->nlibs * sizeof (struct dyld_cache_image_info); 81 | image_infos = malloc (sz); //(struct dyld_cache_image_info*) (bin->b->buf + bin->hdr.startaddr); 82 | if (!image_infos) { 83 | free (ret); 84 | return NULL; 85 | } 86 | r_buf_read_at (bin->b, bin->hdr.startaddr, (ut8*)image_infos, sz); 87 | dyld_vmbase = r_buf_read64le (bin->b, bin->hdr.baseaddroff); 88 | liboff = image_infos[idx].address - dyld_vmbase; 89 | if (liboff > bin->size) { 90 | eprintf ("Corrupted file\n"); 91 | free (ret); 92 | return NULL; 93 | } 94 | ret->offset = liboff; 95 | int pfo = image_infos[idx].pathFileOffset; 96 | if (pfo < 0 || pfo > bin->size) { 97 | eprintf ("corrupted file: pathFileOffset > bin->size (%d)\n", pfo); 98 | free (ret); 99 | return NULL; 100 | } 101 | libname = r_buf_read_string (bin->b, pfo, 64); 102 | /* Locate lib hdr in cache */ 103 | data = bin->b->buf + liboff; 104 | mh = (struct mach_header *)data; 105 | /* Check it is mach-o */ 106 | if (mh->magic != MH_MAGIC && mh->magic != MH_MAGIC_64) { 107 | if (mh->magic == 0xbebafeca) { //FAT binary 108 | eprintf ("FAT Binary\n"); 109 | } 110 | eprintf ("Not mach-o\n"); 111 | free (ret); 112 | return NULL; 113 | } 114 | /* Write mach-o hdr */ 115 | if (!(dbuf = r_buf_new ())) { 116 | eprintf ("new (dbuf)\n"); 117 | free (ret); 118 | return NULL; 119 | } 120 | addend = mh->magic == MH_MAGIC? sizeof (struct mach_header) : sizeof (struct mach_header_64); 121 | r_buf_set_bytes (dbuf, data, addend); 122 | cmdptr = data + addend; 123 | /* Write load commands */ 124 | for (cmd = 0; cmd < mh->ncmds; cmd++) { 125 | struct load_command *lc = (struct load_command *)cmdptr; 126 | r_buf_append_bytes (dbuf, (ut8*)lc, lc->cmdsize); 127 | cmdptr += lc->cmdsize; 128 | } 129 | cmdptr = data + addend; 130 | /* Write segments */ 131 | for (cmd = linkedit_offset = 0; cmd < mh->ncmds; cmd++) { 132 | struct load_command *lc = (struct load_command *)cmdptr; 133 | cmdptr += lc->cmdsize; 134 | switch (lc->cmd) { 135 | case LC_SEGMENT: 136 | { 137 | /* Write segment and patch offset */ 138 | struct segment_command *seg = (struct segment_command *)lc; 139 | int t = seg->filesize; 140 | if (seg->fileoff + seg->filesize > bin->size || seg->fileoff > bin->size) { 141 | eprintf ("malformed dyldcache\n"); 142 | free (ret); 143 | r_buf_free (dbuf); 144 | return NULL; 145 | } 146 | r_buf_append_bytes (dbuf, bin->b->buf+seg->fileoff, t); 147 | r_bin_dyldcache_apply_patch (dbuf, dbuf->length, (ut64)((size_t)&seg->fileoff - (size_t)data)); 148 | /* Patch section offsets */ 149 | int sect_offset = seg->fileoff - libsz; 150 | libsz = dbuf->length; 151 | if (!strcmp (seg->segname, "__LINKEDIT")) { 152 | linkedit_offset = sect_offset; 153 | } 154 | if (seg->nsects > 0) { 155 | struct section *sects = (struct section *)((ut8 *)seg + sizeof(struct segment_command)); 156 | int nsect; 157 | for (nsect = 0; nsect < seg->nsects; nsect++) { 158 | if (sects[nsect].offset > libsz) { 159 | r_bin_dyldcache_apply_patch (dbuf, sects[nsect].offset - sect_offset, 160 | (ut64)((size_t)§s[nsect].offset - (size_t)data)); 161 | } 162 | } 163 | } 164 | } 165 | break; 166 | case LC_SYMTAB: 167 | { 168 | struct symtab_command *st = (struct symtab_command *)lc; 169 | NZ_OFFSET (st->symoff); 170 | NZ_OFFSET (st->stroff); 171 | } 172 | break; 173 | case LC_DYSYMTAB: 174 | { 175 | struct dysymtab_command *st = (struct dysymtab_command *)lc; 176 | NZ_OFFSET (st->tocoff); 177 | NZ_OFFSET (st->modtaboff); 178 | NZ_OFFSET (st->extrefsymoff); 179 | NZ_OFFSET (st->indirectsymoff); 180 | NZ_OFFSET (st->extreloff); 181 | NZ_OFFSET (st->locreloff); 182 | } 183 | break; 184 | case LC_DYLD_INFO: 185 | case LC_DYLD_INFO_ONLY: 186 | { 187 | struct dyld_info_command *st = (struct dyld_info_command *)lc; 188 | NZ_OFFSET (st->rebase_off); 189 | NZ_OFFSET (st->bind_off); 190 | NZ_OFFSET (st->weak_bind_off); 191 | NZ_OFFSET (st->lazy_bind_off); 192 | NZ_OFFSET (st->export_off); 193 | } 194 | break; 195 | } 196 | } 197 | /* Fill r_bin_dyldcache_lib_t ret */ 198 | ret->b = dbuf; 199 | strncpy (ret->path, libname, sizeof (ret->path) - 1); 200 | ret->size = libsz; 201 | return ret; 202 | } 203 | 204 | void* r_bin_dyldcache_free(struct r_bin_dyldcache_obj_t* bin) { 205 | if (!bin) { 206 | return NULL; 207 | } 208 | r_buf_free (bin->b); 209 | free (bin); 210 | return NULL; 211 | } 212 | 213 | void r_bin_dydlcache_get_libname(struct r_bin_dyldcache_lib_t *lib, char **libname) { 214 | char *cur = lib->path; 215 | char *res = lib->path; 216 | int path_length = strlen (lib->path); 217 | while (cur < cur + path_length - 1) { 218 | cur = strchr (cur, '/'); 219 | if (!cur) { 220 | break; 221 | } 222 | cur++; 223 | res = cur; 224 | } 225 | *libname = res; 226 | } 227 | 228 | struct r_bin_dyldcache_obj_t* r_bin_dyldcache_new(const char* file) { 229 | struct r_bin_dyldcache_obj_t *bin; 230 | ut8 *buf; 231 | if (!(bin = R_NEW0 (struct r_bin_dyldcache_obj_t))) { 232 | return NULL; 233 | } 234 | bin->file = file; 235 | if (!(buf = (ut8*)r_file_slurp (file, &bin->size))) { 236 | return r_bin_dyldcache_free (bin); 237 | } 238 | bin->b = r_buf_new (); 239 | if (!r_buf_set_bytes (bin->b, buf, bin->size)) { 240 | free (buf); 241 | return r_bin_dyldcache_free (bin); 242 | } 243 | free (buf); 244 | if (!r_bin_dyldcache_init (bin)) { 245 | return r_bin_dyldcache_free (bin); 246 | } 247 | return bin; 248 | } 249 | 250 | struct r_bin_dyldcache_obj_t* r_bin_dyldcache_from_bytes_new(const ut8* buf, ut64 size) { 251 | struct r_bin_dyldcache_obj_t *bin = R_NEW0 (struct r_bin_dyldcache_obj_t); 252 | if (!bin) { 253 | return NULL; 254 | } 255 | if (!buf) { 256 | return r_bin_dyldcache_free (bin); 257 | } 258 | bin->b = r_buf_new (); 259 | if (!bin->b || !r_buf_set_bytes (bin->b, buf, size)) { 260 | return r_bin_dyldcache_free (bin); 261 | } 262 | if (!r_bin_dyldcache_init (bin)) { 263 | return r_bin_dyldcache_free (bin); 264 | } 265 | bin->size = size; 266 | return bin; 267 | } 268 | -------------------------------------------------------------------------------- /format/elf/elf_write.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2010-2018 pancake, nibble */ 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "elf.h" 9 | 10 | // XXX UGLY CODE 11 | /* TODO: Take care of endianess */ 12 | /* TODO: Real error handling */ 13 | /* TODO: Resize sections before .init */ 14 | ut64 Elf_(r_bin_elf_resize_section)(struct Elf_(r_bin_elf_obj_t) *bin, const char *name, ut64 size) { 15 | Elf_(Ehdr) *ehdr = &bin->ehdr; 16 | Elf_(Phdr) *phdr = bin->phdr, *phdrp; 17 | Elf_(Shdr) *shdr = bin->shdr, *shdrp; 18 | const char *strtab = bin->shstrtab; 19 | ut8 *buf; 20 | ut64 off, got_offset = 0, got_addr = 0, rsz_offset = 0, delta = 0; 21 | ut64 rsz_osize = 0, rsz_size = size, rest_size = 0; 22 | int i, j, done = 0; 23 | 24 | if (size == 0) { 25 | eprintf ("0 size section?\n"); 26 | return 0; 27 | } 28 | 29 | /* calculate delta */ 30 | for (i = 0, shdrp = shdr; i < ehdr->e_shnum; i++, shdrp++) { 31 | int idx = shdrp->sh_name; 32 | if (idx < 0 || idx >= bin->shstrtab_size) { 33 | continue; 34 | } 35 | const char *sh_name = &strtab[shdrp->sh_name]; 36 | if (sh_name && !strncmp (name, sh_name, ELF_STRING_LENGTH)) { 37 | delta = rsz_size - shdrp->sh_size; 38 | rsz_offset = (ut64)shdrp->sh_offset; 39 | rsz_osize = (ut64)shdrp->sh_size; 40 | } 41 | } 42 | 43 | if (delta == 0) { 44 | eprintf ("Cannot find section\n"); 45 | return 0; 46 | } 47 | 48 | eprintf ("delta: %"PFMT64d"\n", delta); 49 | 50 | /* rewrite rel's (imports) */ 51 | for (i = 0, shdrp = shdr; i < ehdr->e_shnum; i++, shdrp++) { 52 | if (!strcmp(&strtab[shdrp->sh_name], ".got")) { 53 | got_addr = (ut64)shdrp->sh_addr; 54 | got_offset = (ut64)shdrp->sh_offset; 55 | } 56 | } 57 | if (got_addr == 0 || got_offset == 0) { 58 | /* TODO: Unknown GOT address */ 59 | } 60 | 61 | for (i = 0, shdrp = shdr; i < ehdr->e_shnum; i++, shdrp++) { 62 | if (!strcmp (&strtab[shdrp->sh_name], ".rel.plt")) { 63 | Elf_(Rel) *rel, *relp; 64 | rel = (Elf_(Rel) *)malloc (1+shdrp->sh_size); 65 | if (!rel) { 66 | perror ("malloc"); 67 | return 0; 68 | } 69 | if (r_buf_read_at (bin->b, shdrp->sh_offset, (ut8*)rel, shdrp->sh_size) == -1) { 70 | perror("read (rel)"); 71 | } 72 | for (j = 0, relp = rel; j < shdrp->sh_size; j += sizeof(Elf_(Rel)), relp++) { 73 | /* rewrite relp->r_offset */ 74 | if (relp->r_offset - got_addr + got_offset >= rsz_offset + rsz_osize) { 75 | relp->r_offset+=delta; 76 | off = shdrp->sh_offset + j; 77 | if (r_buf_write_at (bin->b, off, (ut8*)relp, sizeof (Elf_(Rel))) == -1) { 78 | perror("write (imports)"); 79 | } 80 | } 81 | } 82 | free(rel); 83 | break; 84 | } else if (!strcmp (&strtab[shdrp->sh_name], ".rela.plt")) { 85 | Elf_(Rela) *rel, *relp; 86 | rel = (Elf_(Rela) *)malloc (shdrp->sh_size + 1); 87 | if (!rel) { 88 | perror("malloc"); 89 | return 0; 90 | } 91 | if (r_buf_read_at (bin->b, shdrp->sh_offset, (ut8*)rel, shdrp->sh_size) == -1) { 92 | perror("read (rel)"); 93 | } 94 | for (j = 0, relp = rel; j < shdrp->sh_size; j += sizeof(Elf_(Rela)), relp++) { 95 | /* rewrite relp->r_offset */ 96 | if (relp->r_offset - got_addr + got_offset >= rsz_offset + rsz_osize) { 97 | relp->r_offset+=delta; 98 | off = shdrp->sh_offset + j; 99 | if (r_buf_write_at (bin->b, off, (ut8*)relp, sizeof (Elf_(Rela))) == -1) { 100 | perror("write (imports)"); 101 | } 102 | } 103 | } 104 | free(rel); 105 | break; 106 | } 107 | } 108 | 109 | /* rewrite section headers */ 110 | for (i = 0, shdrp = shdr; i < ehdr->e_shnum; i++, shdrp++) { 111 | if (!done && !strncmp (name, &strtab[shdrp->sh_name], ELF_STRING_LENGTH)) { 112 | shdrp->sh_size = rsz_size; 113 | done = 1; 114 | } else if (shdrp->sh_offset >= rsz_offset + rsz_osize) { 115 | shdrp->sh_offset += delta; 116 | if (shdrp->sh_addr) { 117 | shdrp->sh_addr += delta; 118 | } 119 | } 120 | off = ehdr->e_shoff + i * sizeof (Elf_(Shdr)); 121 | if (r_buf_write_at (bin->b, off, (ut8*)shdrp, sizeof (Elf_(Shdr))) == -1) { 122 | perror ("write (shdr)"); 123 | } 124 | printf ("-> elf section (%s)\n", &strtab[shdrp->sh_name]); 125 | } 126 | 127 | /* rewrite program headers */ 128 | for (i = 0, phdrp = phdr; i < ehdr->e_phnum; i++, phdrp++) { 129 | #if 0 130 | if (phdrp->p_offset < rsz_offset && phdrp->p_offset + phdrp->p_filesz > rsz_offset) { 131 | phdrp->p_filesz += delta; 132 | phdrp->p_memsz += delta; 133 | } 134 | #endif 135 | if (phdrp->p_offset >= rsz_offset + rsz_osize) { 136 | phdrp->p_offset += delta; 137 | if (phdrp->p_vaddr) { 138 | phdrp->p_vaddr += delta; 139 | } 140 | if (phdrp->p_paddr) { 141 | phdrp->p_paddr += delta; 142 | } 143 | } else if (phdrp->p_offset + phdrp->p_filesz >= rsz_offset + rsz_osize) { 144 | phdrp->p_filesz += delta; 145 | phdrp->p_memsz += delta; 146 | } 147 | off = ehdr->e_phoff + i * sizeof (Elf_(Phdr)); 148 | if (r_buf_write_at (bin->b, off, (ut8 *)phdrp, sizeof (Elf_ (Phdr))) == -1) { 149 | perror ("write (phdr)"); 150 | } 151 | printf ("-> program header (0x%08"PFMT64x")\n", (ut64) phdrp->p_offset); 152 | } 153 | 154 | /* rewrite other elf pointers (entrypoint, phoff, shoff) */ 155 | if (ehdr->e_entry - bin->baddr >= rsz_offset + rsz_osize) { 156 | ehdr->e_entry += delta; 157 | } 158 | if (ehdr->e_phoff >= rsz_offset + rsz_osize) { 159 | ehdr->e_phoff += delta; 160 | } 161 | if (ehdr->e_shoff >= rsz_offset + rsz_osize) { 162 | ehdr->e_shoff += delta; 163 | } 164 | if (r_buf_write_at (bin->b, 0, (ut8*)ehdr, sizeof (Elf_(Ehdr))) == -1) { 165 | perror ("write (ehdr)"); 166 | } 167 | 168 | /* inverse order to write bodies .. avoid overlapping here */ 169 | /* XXX Check when delta is negative */ 170 | rest_size = bin->size - (rsz_offset + rsz_osize); 171 | 172 | buf = (ut8 *)malloc (1+bin->size); 173 | r_buf_read_at (bin->b, 0, (ut8*)buf, bin->size); 174 | r_buf_set_bytes (bin->b, (ut8*)buf, (int)(rsz_offset+rsz_size+rest_size)); 175 | 176 | printf ("COPY FROM 0x%08"PFMT64x"\n", (ut64)(rsz_offset+rsz_osize)); 177 | r_buf_read_at (bin->b, rsz_offset + rsz_osize, (ut8*)buf, rest_size); 178 | printf ("COPY TO 0x%08"PFMT64x"\n", (ut64)(rsz_offset+rsz_size)); 179 | r_buf_write_at (bin->b, rsz_offset + rsz_size, (ut8*)buf, rest_size); 180 | printf ("Shifted %d byte(s)\n", (int)delta); 181 | free (buf); 182 | bin->size = bin->b->length; 183 | 184 | return delta; 185 | } 186 | 187 | /* XXX Endianness? */ 188 | bool Elf_(r_bin_elf_del_rpath)(struct Elf_(r_bin_elf_obj_t) *bin) { 189 | Elf_(Dyn) *dyn = NULL; 190 | ut64 stroff = 0LL; 191 | int ndyn, i, j; 192 | 193 | if (!bin->phdr) { 194 | return false; 195 | } 196 | for (i = 0; i < bin->ehdr.e_phnum; i++) { 197 | if (bin->phdr[i].p_type != PT_DYNAMIC) { 198 | continue; 199 | } 200 | if (!(dyn = malloc (bin->phdr[i].p_filesz + 1))) { 201 | perror ("malloc (dyn)"); 202 | return false; 203 | } 204 | if (r_buf_read_at (bin->b, bin->phdr[i].p_offset, (ut8*)dyn, bin->phdr[i].p_filesz) == -1) { 205 | eprintf ("Error: read (dyn)\n"); 206 | free (dyn); 207 | return false; 208 | } 209 | if ((ndyn = (int)(bin->phdr[i].p_filesz / sizeof (Elf_(Dyn)))) > 0) { 210 | for (j = 0; j < ndyn; j++) { 211 | if (dyn[j].d_tag == DT_STRTAB) { 212 | stroff = (ut64)(dyn[j].d_un.d_ptr - bin->baddr); 213 | break; 214 | } 215 | } 216 | for (j = 0; j < ndyn; j++) { 217 | if (dyn[j].d_tag == DT_RPATH || dyn[j].d_tag == DT_RUNPATH) { 218 | if (r_buf_write_at (bin->b, stroff + dyn[j].d_un.d_val, 219 | (ut8*)"", 1) == -1) { 220 | eprintf ("Error: write (rpath)\n"); 221 | free (dyn); 222 | return false; 223 | } 224 | } 225 | } 226 | } 227 | free (dyn); 228 | break; 229 | } 230 | return true; 231 | } 232 | 233 | bool Elf_(r_bin_elf_section_perms)(struct Elf_(r_bin_elf_obj_t) *bin, const char *name, int perms) { 234 | Elf_(Ehdr) *ehdr = &bin->ehdr; 235 | Elf_(Shdr) *shdr = bin->shdr, *shdrp; 236 | const char *strtab = bin->shstrtab; 237 | int i, patchoff; 238 | 239 | /* calculate delta */ 240 | for (i = 0, shdrp = shdr; i < ehdr->e_shnum; i++, shdrp++) { 241 | const char *shname = &strtab[shdrp->sh_name]; 242 | int operms = shdrp->sh_flags; 243 | if (!strncmp (name, shname, ELF_STRING_LENGTH)) { 244 | ut8 newperms = (ut8)operms; 245 | // SHF_EXECINSTR 246 | if (perms & 1) { 247 | R_BIT_SET (&newperms, 2); 248 | } else { 249 | R_BIT_UNSET (&newperms, 2); 250 | } 251 | // SHF_WRITE 252 | if (perms & 2) { 253 | R_BIT_SET (&newperms, 0); 254 | } else { 255 | R_BIT_UNSET (&newperms, 0); 256 | } 257 | patchoff = bin->ehdr.e_shoff; 258 | patchoff += ((const ut8*)shdrp - (const ut8*)bin->shdr); 259 | patchoff += r_offsetof (Elf_(Shdr), sh_flags); 260 | printf ("wx %02x @ 0x%x\n", newperms, patchoff); 261 | r_buf_write_at (bin->b, patchoff, (ut8*)&newperms, 1); 262 | return true; 263 | } 264 | } 265 | return false; 266 | } 267 | 268 | bool Elf_(r_bin_elf_entry_write)(struct Elf_(r_bin_elf_obj_t) *bin, ut64 addr) { 269 | int patchoff = 0x18; 270 | #if R_BIN_ELF64 271 | printf ("wv8 0x%"PFMT64x" @ 0x%x\n", addr, patchoff); 272 | eprintf ("%d\n", r_buf_write_at (bin->b, patchoff, (ut8*)&addr, sizeof (addr))); 273 | #else 274 | ut32 addr32 = (ut32)addr; 275 | printf ("wv4 0x%x @ 0x%x\n", addr32, patchoff); 276 | r_buf_write_at (bin->b, patchoff, (ut8*)&addr32, sizeof (addr32)); 277 | #endif 278 | return true; 279 | } 280 | -------------------------------------------------------------------------------- /format/dex/dex.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2009-2017 - pancake, h4ng3r */ 2 | 3 | #include 4 | #include 5 | #include "dex.h" 6 | 7 | char* r_bin_dex_get_version(RBinDexObj *bin) { 8 | if (bin) { 9 | ut8* version = calloc (1, 8); 10 | r_buf_read_at (bin->b, 4, version, 3); 11 | return (char *)version; 12 | } 13 | return NULL; 14 | } 15 | 16 | #define FAIL(x) { eprintf(x"\n"); goto fail; } 17 | RBinDexObj *r_bin_dex_new_buf(RBuffer *buf) { 18 | if (!buf) { 19 | return NULL; 20 | } 21 | RBinDexObj *bin = R_NEW0 (RBinDexObj); 22 | int i; 23 | ut8 *bufptr; 24 | struct dex_header_t *dexhdr; 25 | if (!bin) { 26 | goto fail; 27 | } 28 | bin->size = buf->length; 29 | bin->b = r_buf_new (); 30 | if (!r_buf_set_bytes (bin->b, buf->buf, bin->size)) { 31 | goto fail; 32 | } 33 | /* header */ 34 | if (bin->size < sizeof (struct dex_header_t)) { 35 | goto fail; 36 | } 37 | bufptr = bin->b->buf; 38 | dexhdr = &bin->header; 39 | 40 | //check boundaries of bufptr 41 | if (bin->size < 112) { 42 | goto fail; 43 | } 44 | 45 | memcpy (&dexhdr->magic, bufptr, 8); 46 | dexhdr->checksum = r_read_le32 (bufptr + 8); 47 | memcpy (&dexhdr->signature, bufptr + 12, 20); 48 | dexhdr->size = r_read_le32 (bufptr + 32); 49 | dexhdr->header_size = r_read_le32 (bufptr + 36); 50 | dexhdr->endian = r_read_le32 (bufptr + 40); 51 | // TODO: this offsets and size will be used for checking, 52 | // so they should be checked. Check overlap, < 0, > bin.size 53 | dexhdr->linksection_size = r_read_le32 (bufptr + 44); 54 | dexhdr->linksection_offset = r_read_le32 (bufptr + 48); 55 | dexhdr->map_offset = r_read_le32 (bufptr + 52); 56 | dexhdr->strings_size = r_read_le32 (bufptr + 56); 57 | dexhdr->strings_offset = r_read_le32 (bufptr + 60); 58 | dexhdr->types_size = r_read_le32 (bufptr + 64); 59 | dexhdr->types_offset = r_read_le32 (bufptr + 68); 60 | dexhdr->prototypes_size = r_read_le32 (bufptr + 72); 61 | dexhdr->prototypes_offset = r_read_le32 (bufptr + 76); 62 | dexhdr->fields_size = r_read_le32 (bufptr + 80); 63 | dexhdr->fields_offset = r_read_le32 (bufptr + 84); 64 | dexhdr->method_size = r_read_le32 (bufptr + 88); 65 | dexhdr->method_offset = r_read_le32 (bufptr + 92); 66 | dexhdr->class_size = r_read_le32 (bufptr + 96); 67 | dexhdr->class_offset = r_read_le32 (bufptr + 100); 68 | dexhdr->data_size = r_read_le32 (bufptr + 104); 69 | dexhdr->data_offset = r_read_le32 (bufptr + 108); 70 | 71 | /* strings */ 72 | #define STRINGS_SIZE ((dexhdr->strings_size + 1) * sizeof (ut32)) 73 | bin->strings = (ut32 *) calloc (dexhdr->strings_size + 1, sizeof (ut32)); 74 | if (!bin->strings) { 75 | goto fail; 76 | } 77 | if (dexhdr->strings_size > bin->size) { 78 | free (bin->strings); 79 | goto fail; 80 | } 81 | for (i = 0; i < dexhdr->strings_size; i++) { 82 | ut64 offset = dexhdr->strings_offset + i * sizeof (ut32); 83 | //make sure we can read from bufptr without oob 84 | if (offset + 4 > bin->size) { 85 | free (bin->strings); 86 | goto fail; 87 | } 88 | bin->strings[i] = r_read_le32 (bufptr + offset); 89 | } 90 | /* classes */ 91 | // TODO: not sure about if that is needed 92 | int classes_size = dexhdr->class_size * DEX_CLASS_SIZE; 93 | if (dexhdr->class_offset + classes_size >= bin->size) { 94 | classes_size = bin->size - dexhdr->class_offset; 95 | } 96 | if (classes_size < 0) { 97 | classes_size = 0; 98 | } 99 | 100 | dexhdr->class_size = classes_size / DEX_CLASS_SIZE; 101 | bin->classes = (struct dex_class_t *) calloc (dexhdr->class_size, sizeof (struct dex_class_t)); 102 | for (i = 0; i < dexhdr->class_size; i++) { 103 | ut64 offset = dexhdr->class_offset + i * DEX_CLASS_SIZE; 104 | if (offset + 32 > bin->size) { 105 | free (bin->strings); 106 | free (bin->classes); 107 | goto fail; 108 | } 109 | bin->classes[i].class_id = r_read_le32 (bufptr + offset + 0); 110 | bin->classes[i].access_flags = r_read_le32 (bufptr + offset + 4); 111 | bin->classes[i].super_class = r_read_le32 (bufptr + offset + 8); 112 | bin->classes[i].interfaces_offset = r_read_le32 (bufptr + offset + 12); 113 | bin->classes[i].source_file = r_read_le32 (bufptr + offset + 16); 114 | bin->classes[i].anotations_offset = r_read_le32 (bufptr + offset + 20); 115 | bin->classes[i].class_data_offset = r_read_le32 (bufptr + offset + 24); 116 | bin->classes[i].static_values_offset = r_read_le32 (bufptr + offset + 28); 117 | } 118 | 119 | /* methods */ 120 | int methods_size = dexhdr->method_size * sizeof (struct dex_method_t); 121 | if (dexhdr->method_offset + methods_size >= bin->size) { 122 | methods_size = bin->size - dexhdr->method_offset; 123 | } 124 | if (methods_size < 0) { 125 | methods_size = 0; 126 | } 127 | dexhdr->method_size = methods_size / sizeof (struct dex_method_t); 128 | bin->methods = (struct dex_method_t *) calloc (methods_size + 1, 1); 129 | for (i = 0; i < dexhdr->method_size; i++) { 130 | ut64 offset = dexhdr->method_offset + i * sizeof (struct dex_method_t); 131 | if (offset + 8 > bin->size) { 132 | free (bin->strings); 133 | free (bin->classes); 134 | free (bin->methods); 135 | goto fail; 136 | } 137 | bin->methods[i].class_id = r_read_le16 (bufptr + offset + 0); 138 | bin->methods[i].proto_id = r_read_le16 (bufptr + offset + 2); 139 | bin->methods[i].name_id = r_read_le32 (bufptr + offset + 4); 140 | } 141 | 142 | /* types */ 143 | int types_size = dexhdr->types_size * sizeof (struct dex_type_t); 144 | if (dexhdr->types_offset + types_size >= bin->size) { 145 | types_size = bin->size - dexhdr->types_offset; 146 | } 147 | if (types_size < 0) { 148 | types_size = 0; 149 | } 150 | dexhdr->types_size = types_size / sizeof (struct dex_type_t); 151 | bin->types = (struct dex_type_t *) calloc (types_size + 1, 1); 152 | for (i = 0; i < dexhdr->types_size; i++) { 153 | ut64 offset = dexhdr->types_offset + i * sizeof (struct dex_type_t); 154 | if (offset + 4 > bin->size) { 155 | free (bin->strings); 156 | free (bin->classes); 157 | free (bin->methods); 158 | free (bin->types); 159 | goto fail; 160 | } 161 | bin->types[i].descriptor_id = r_read_le32 (bufptr + offset); 162 | } 163 | 164 | /* fields */ 165 | int fields_size = dexhdr->fields_size * sizeof (struct dex_field_t); 166 | if (dexhdr->fields_offset + fields_size >= bin->size) { 167 | fields_size = bin->size - dexhdr->fields_offset; 168 | } 169 | if (fields_size < 0) { 170 | fields_size = 0; 171 | } 172 | dexhdr->fields_size = fields_size / sizeof (struct dex_field_t); 173 | bin->fields = (struct dex_field_t *) calloc (fields_size + 1, 1); 174 | for (i = 0; i < dexhdr->fields_size; i++) { 175 | ut64 offset = dexhdr->fields_offset + i * sizeof (struct dex_field_t); 176 | if (offset + 8 > bin->size) { 177 | free (bin->strings); 178 | free (bin->classes); 179 | free (bin->methods); 180 | free (bin->types); 181 | free (bin->fields); 182 | goto fail; 183 | } 184 | bin->fields[i].class_id = r_read_le16 (bufptr + offset + 0); 185 | bin->fields[i].type_id = r_read_le16 (bufptr + offset + 2); 186 | bin->fields[i].name_id = r_read_le32 (bufptr + offset + 4); 187 | } 188 | 189 | /* proto */ 190 | int protos_size = dexhdr->prototypes_size * sizeof (struct dex_proto_t); 191 | if (dexhdr->prototypes_offset + protos_size >= bin->size) { 192 | protos_size = bin->size - dexhdr->prototypes_offset; 193 | } 194 | if (protos_size < 1) { 195 | dexhdr->prototypes_size = 0; 196 | return bin; 197 | } 198 | dexhdr->prototypes_size = protos_size / sizeof (struct dex_proto_t); 199 | bin->protos = (struct dex_proto_t *) calloc (protos_size, 1); 200 | for (i = 0; i < dexhdr->prototypes_size; i++) { 201 | ut64 offset = dexhdr->prototypes_offset + i * sizeof (struct dex_proto_t); 202 | if (offset + 12 > bin->size) { 203 | free (bin->strings); 204 | free (bin->classes); 205 | free (bin->methods); 206 | free (bin->types); 207 | free (bin->fields); 208 | free (bin->protos); 209 | goto fail; 210 | } 211 | bin->protos[i].shorty_id = r_read_le32 (bufptr + offset + 0); 212 | bin->protos[i].return_type_id = r_read_le32 (bufptr + offset + 4); 213 | bin->protos[i].parameters_off = r_read_le32 (bufptr + offset + 8); 214 | } 215 | 216 | return bin; 217 | 218 | fail: 219 | if (bin) { 220 | r_buf_free (bin->b); 221 | free (bin); 222 | } 223 | return NULL; 224 | } 225 | 226 | // Move to r_util ?? 227 | int dex_read_uleb128(const ut8 *ptr, int size) { 228 | ut8 len = dex_uleb128_len (ptr, size); 229 | if (len > size) { 230 | return 0; 231 | } 232 | const ut8 *in = ptr + len - 1; 233 | ut32 result = 0; 234 | ut8 shift = 0; 235 | ut8 byte; 236 | 237 | while(shift < 29 && len > 0) { 238 | byte = *(in--); 239 | result |= (byte & 0x7f << shift); 240 | if (byte > 0x7f) { 241 | break; 242 | } 243 | shift += 7; 244 | len--; 245 | } 246 | return result; 247 | } 248 | 249 | #define LEB_MAX_SIZE 6 250 | int dex_uleb128_len(const ut8 *ptr, int size) { 251 | int i = 1, result = *(ptr++); 252 | while (result > 0x7f && i <= LEB_MAX_SIZE && i < size) { 253 | result = *(ptr++); 254 | i++; 255 | } 256 | return i; 257 | } 258 | 259 | #define SIG_EXTEND(X,Y) X = ((X) << (Y)) >> Y 260 | int dex_read_sleb128(const char *ptr, int size) { 261 | int cur, result; 262 | ut8 len = dex_uleb128_len ((const ut8*)ptr, size); 263 | if (len > size) { 264 | return 0; 265 | } 266 | ptr += len - 1; 267 | result = *(ptr--); 268 | 269 | if (result <= 0x7f) { 270 | SIG_EXTEND (result, 25); 271 | } else { 272 | cur = *(ptr--); 273 | result = (result & 0x7f) | ((cur & 0x7f) << 7); 274 | if (cur <= 0x7f) { 275 | SIG_EXTEND (result, 18); 276 | } else { 277 | cur = *(ptr--); 278 | result |= (cur & 0x7f) << 14; 279 | if (cur <= 0x7f) { 280 | SIG_EXTEND (result, 11); 281 | } else { 282 | cur = *(ptr--); 283 | result |= (cur & 0x7f) << 21; 284 | if (cur <= 0x7f) { 285 | SIG_EXTEND (result, 4); 286 | } else { 287 | cur = *(ptr--); 288 | result |= cur << 28; 289 | } 290 | } 291 | } 292 | } 293 | return result; 294 | } 295 | -------------------------------------------------------------------------------- /format/xbe/kernel.h: -------------------------------------------------------------------------------- 1 | "AvGetSavedDataAddress", 2 | "AvSendTVEncoderOption", 3 | "AvSetDisplayMode", 4 | "AvSetSavedDataAddress", 5 | "DbgBreakPoint", 6 | "DbgBreakPointWithStatus", 7 | "DbgLoadImageSymbols", 8 | "DbgPrint", 9 | "HalReadSMCTrayState", 10 | "DbgPrompt", 11 | "DbgUnLoadImageSymbols", 12 | "ExAcquireReadWriteLockExclusive", 13 | "ExAcquireReadWriteLockShared", 14 | "ExAllocatePool", 15 | "ExAllocatePoolWithTag", 16 | "ExEventObjectType", 17 | "ExFreePool", 18 | "ExInitializeReadWriteLock", 19 | "ExInterlockedAddLargeInteger", 20 | "ExInterlockedAddLargeStatistic", 21 | "ExInterlockedCompareExchange64", 22 | "ExMutantObjectType", 23 | "ExQueryPoolBlockSize", 24 | "ExQueryNonVolatileSetting", 25 | "ExReadWriteRefurbInfo", 26 | "ExRaiseException", 27 | "ExRaiseStatus", 28 | "ExReleaseReadWriteLock", 29 | "ExSaveNonVolatileSetting", 30 | "ExSemaphoreObjectType", 31 | "ExTimerObjectType", 32 | "ExfInterlockedInsertHeadList", 33 | "ExfInterlockedInsertTailList", 34 | "ExfInterlockedRemoveHeadList", 35 | "FscGetCacheSize", 36 | "FscInvalidateIdleBlocks", 37 | "FscSetCacheSize", 38 | "HalClearSoftwareInterrupt", 39 | "HalDisableSystemInterrupt", 40 | "HalDiskCachePartitionCount", 41 | "HalDiskModelNumber", 42 | "HalDiskSerialNumber", 43 | "HalEnableSystemInterrupt", 44 | "HalGetInterruptVector", 45 | "HalReadSMBusValue", 46 | "HalReadWritePCISpace", 47 | "HalRegisterShutdownNotification", 48 | "HalRequestSoftwareInterrupt", 49 | "HalReturnToFirmware", 50 | "HalWriteSMBusValue", 51 | "InterlockedCompareExchange", 52 | "InterlockedDecrement", 53 | "InterlockedIncrement", 54 | "InterlockedExchange", 55 | "InterlockedExchangeAdd", 56 | "InterlockedFlushSList", 57 | "InterlockedPopEntrySList", 58 | "InterlockedPushEntrySList", 59 | "IoAllocateIrp", 60 | "IoBuildAsynchronousFsdRequest", 61 | "IoBuildDeviceIoControlRequest", 62 | "IoBuildSynchronousFsdRequest", 63 | "IoCheckShareAccess", 64 | "IoCompletionObjectType", 65 | "IoCreateDevice", 66 | "IoCreateFile", 67 | "IoCreateSymbolicLink", 68 | "IoDeleteDevice", 69 | "IoDeleteSymbolicLink", 70 | "IoDeviceObjectType", 71 | "IoFileObjectType", 72 | "IoFreeIrp", 73 | "IoInitializeIrp", 74 | "IoInvalidDeviceRequest", 75 | "IoQueryFileInformation", 76 | "IoQueryVolumeInformation", 77 | "IoQueueThreadIrp", 78 | "IoRemoveShareAccess", 79 | "IoSetIoCompletion", 80 | "IoSetShareAccess", 81 | "IoStartNextPacket", 82 | "IoStartNextPacketByKey", 83 | "IoStartPacket", 84 | "IoSynchronousDeviceIoControlRequest", 85 | "IoSynchronousFsdRequest", 86 | "IofCallDriver", 87 | "IofCompleteRequest", 88 | "KdDebuggerEnabled", 89 | "KdDebuggerNotPresent", 90 | "IoDismountVolume", 91 | "IoDismountVolumeByName", 92 | "KeAlertResumeThread", 93 | "KeAlertThread", 94 | "KeBoostPriorityThread", 95 | "KeBugCheck", 96 | "KeBugCheckEx", 97 | "KeCancelTimer", 98 | "KeConnectInterrupt", 99 | "KeDelayExecutionThread", 100 | "KeDisconnectInterrupt", 101 | "KeEnterCriticalRegion", 102 | "MmGlobalData", 103 | "KeGetCurrentIrql", 104 | "KeGetCurrentThread", 105 | "KeInitializeApc", 106 | "KeInitializeDeviceQueue", 107 | "KeInitializeDpc", 108 | "KeInitializeEvent", 109 | "KeInitializeInterrupt", 110 | "KeInitializeMutant", 111 | "KeInitializeQueue", 112 | "KeInitializeSemaphore", 113 | "KeInitializeTimerEx", 114 | "KeInsertByKeyDeviceQueue", 115 | "KeInsertDeviceQueue", 116 | "KeInsertHeadQueue", 117 | "KeInsertQueue", 118 | "KeInsertQueueApc", 119 | "KeInsertQueueDpc", 120 | "KeInterruptTime", 121 | "KeIsExecutingDpc", 122 | "KeLeaveCriticalRegion", 123 | "KePulseEvent", 124 | "KeQueryBasePriorityThread", 125 | "KeQueryInterruptTime", 126 | "KeQueryPerformanceCounter", 127 | "KeQueryPerformanceFrequency", 128 | "KeQuerySystemTime", 129 | "KeRaiseIrqlToDpcLevel", 130 | "KeRaiseIrqlToSynchLevel", 131 | "KeReleaseMutant", 132 | "KeReleaseSemaphore", 133 | "KeRemoveByKeyDeviceQueue", 134 | "KeRemoveDeviceQueue", 135 | "KeRemoveEntryDeviceQueue", 136 | "KeRemoveQueue", 137 | "KeRemoveQueueDpc", 138 | "KeResetEvent", 139 | "KeRestoreFloatingPointState", 140 | "KeResumeThread", 141 | "KeRundownQueue", 142 | "KeSaveFloatingPointState", 143 | "KeSetBasePriorityThread", 144 | "KeSetDisableBoostThread", 145 | "KeSetEvent", 146 | "KeSetEventBoostPriority", 147 | "KeSetPriorityProcess", 148 | "KeSetPriorityThread", 149 | "KeSetTimer", 150 | "KeSetTimerEx", 151 | "KeStallExecutionProcessor", 152 | "KeSuspendThread", 153 | "KeSynchronizeExecution", 154 | "KeSystemTime", 155 | "KeTestAlertThread", 156 | "KeTickCount", 157 | "KeTimeIncrement", 158 | "KeWaitForMultipleObjects", 159 | "KeWaitForSingleObject", 160 | "KfRaiseIrql", 161 | "KfLowerIrql", 162 | "KiBugCheckData", 163 | "KiUnlockDispatcherDatabase", 164 | "LaunchDataPage", 165 | "MmAllocateContiguousMemory", 166 | "MmAllocateContiguousMemoryEx", 167 | "MmAllocateSystemMemory", 168 | "MmClaimGpuInstanceMemory", 169 | "MmCreateKernelStack", 170 | "MmDeleteKernelStack", 171 | "MmFreeContiguousMemory", 172 | "MmFreeSystemMemory", 173 | "MmGetPhysicalAddress", 174 | "MmIsAddressValid", 175 | "MmLockUnlockBufferPages", 176 | "MmLockUnlockPhysicalPage", 177 | "MmMapIoSpace", 178 | "MmPersistContiguousMemory", 179 | "MmQueryAddressProtect", 180 | "MmQueryAllocationSize", 181 | "MmQueryStatistics", 182 | "MmSetAddressProtect", 183 | "MmUnmapIoSpace", 184 | "NtAllocateVirtualMemory", 185 | "NtCancelTimer", 186 | "NtClearEvent", 187 | "NtClose", 188 | "NtCreateDirectoryObject", 189 | "NtCreateEvent", 190 | "NtCreateFile", 191 | "NtCreateIoCompletion", 192 | "NtCreateMutant", 193 | "NtCreateSemaphore", 194 | "NtCreateTimer", 195 | "NtDeleteFile", 196 | "NtDeviceIoControlFile", 197 | "NtDuplicateObject", 198 | "NtFlushBuffersFile", 199 | "NtFreeVirtualMemory", 200 | "NtFsControlFile", 201 | "NtOpenDirectoryObject", 202 | "NtOpenFile", 203 | "NtOpenSymbolicLinkObject", 204 | "NtProtectVirtualMemory", 205 | "NtPulseEvent", 206 | "NtQueueApcThread", 207 | "NtQueryDirectoryFile", 208 | "NtQueryDirectoryObject", 209 | "NtQueryEvent", 210 | "NtQueryFullAttributesFile", 211 | "NtQueryInformationFile", 212 | "NtQueryIoCompletion", 213 | "NtQueryMutant", 214 | "NtQuerySemaphore", 215 | "NtQuerySymbolicLinkObject", 216 | "NtQueryTimer", 217 | "NtQueryVirtualMemory", 218 | "NtQueryVolumeInformationFile", 219 | "NtReadFile", 220 | "NtReadFileScatter", 221 | "NtReleaseMutant", 222 | "NtReleaseSemaphore", 223 | "NtRemoveIoCompletion", 224 | "NtResumeThread", 225 | "NtSetEvent", 226 | "NtSetInformationFile", 227 | "NtSetIoCompletion", 228 | "NtSetSystemTime", 229 | "NtSetTimerEx", 230 | "NtSignalAndWaitForSingleObjectEx", 231 | "NtSuspendThread", 232 | "NtUserIoApcDispatcher", 233 | "NtWaitForSingleObject", 234 | "NtWaitForSingleObjectEx", 235 | "NtWaitForMultipleObjectsEx", 236 | "NtWriteFile", 237 | "NtWriteFileGather", 238 | "NtYieldExecution", 239 | "ObCreateObject", 240 | "ObDirectoryObjectType", 241 | "ObInsertObject", 242 | "ObMakeTemporaryObject", 243 | "ObOpenObjectByName", 244 | "ObOpenObjectByPointer", 245 | "ObpObjectHandleTable", 246 | "ObReferenceObjectByHandle", 247 | "ObReferenceObjectByName", 248 | "ObReferenceObjectByPointer", 249 | "ObSymbolicLinkObjectType", 250 | "ObfDereferenceObject", 251 | "ObfReferenceObject", 252 | "PhyGetLinkState", 253 | "PhyInitialize", 254 | "PsCreateSystemThread", 255 | "PsCreateSystemThreadEx", 256 | "PsQueryStatistics", 257 | "PsSetCreateThreadNotifyRoutine", 258 | "PsTerminateSystemThread", 259 | "PsThreadObjectType", 260 | "RtlAnsiStringToUnicodeString", 261 | "RtlAppendStringToString", 262 | "RtlAppendUnicodeStringToString", 263 | "RtlAppendUnicodeToString", 264 | "RtlAssert", 265 | "RtlCaptureContext", 266 | "RtlCaptureStackBackTrace", 267 | "RtlCharToInteger", 268 | "RtlCompareMemory", 269 | "RtlCompareMemoryUlong", 270 | "RtlCompareString", 271 | "RtlCompareUnicodeString", 272 | "RtlCopyString", 273 | "RtlCopyUnicodeString", 274 | "RtlCreateUnicodeString", 275 | "RtlDowncaseUnicodeChar", 276 | "RtlDowncaseUnicodeString", 277 | "RtlEnterCriticalSection", 278 | "RtlEnterCriticalSectionAndRegion", 279 | "RtlEqualString", 280 | "RtlEqualUnicodeString", 281 | "RtlExtendedIntegerMultiply", 282 | "RtlExtendedLargeIntegerDivide", 283 | "RtlExtendedMagicDivide", 284 | "RtlFillMemory", 285 | "RtlFillMemoryUlong", 286 | "RtlFreeAnsiString", 287 | "RtlFreeUnicodeString", 288 | "RtlGetCallersAddress", 289 | "RtlInitAnsiString", 290 | "RtlInitUnicodeString", 291 | "RtlInitializeCriticalSection", 292 | "RtlIntegerToChar", 293 | "RtlIntegerToUnicodeString", 294 | "RtlLeaveCriticalSection", 295 | "RtlLeaveCriticalSectionAndRegion", 296 | "RtlLowerChar", 297 | "RtlMapGenericMask", 298 | "RtlMoveMemory", 299 | "RtlMultiByteToUnicodeN", 300 | "RtlMultiByteToUnicodeSize", 301 | "RtlNtStatusToDosError", 302 | "RtlRaiseException", 303 | "RtlRaiseStatus", 304 | "RtlTimeFieldsToTime", 305 | "RtlTimeToTimeFields", 306 | "RtlTryEnterCriticalSection", 307 | "RtlUlongByteSwap", 308 | "RtlUnicodeStringToAnsiString", 309 | "RtlUnicodeStringToInteger", 310 | "RtlUnicodeToMultiByteN", 311 | "RtlUnicodeToMultiByteSize", 312 | "RtlUnwind", 313 | "RtlUpcaseUnicodeChar", 314 | "RtlUpcaseUnicodeString", 315 | "RtlUpcaseUnicodeToMultiByteN", 316 | "RtlUpperChar", 317 | "RtlUpperString", 318 | "RtlUshortByteSwap", 319 | "RtlWalkFrameChain", 320 | "RtlZeroMemory", 321 | "XboxEEPROMKey", 322 | "XboxHardwareInfo", 323 | "XboxHDKey", 324 | "XboxKrnlVersion", 325 | "XboxSignatureKey", 326 | "XeImageFileName", 327 | "XeLoadSection", 328 | "XeUnloadSection", 329 | "READ_PORT_BUFFER_UCHAR", 330 | "READ_PORT_BUFFER_USHORT", 331 | "READ_PORT_BUFFER_ULONG", 332 | "WRITE_PORT_BUFFER_UCHAR", 333 | "WRITE_PORT_BUFFER_USHORT", 334 | "WRITE_PORT_BUFFER_ULONG", 335 | "XcSHAInit", 336 | "XcSHAUpdate", 337 | "XcSHAFinal", 338 | "XcRC4Key", 339 | "XcRC4Crypt", 340 | "XcHMAC", 341 | "XcPKEncPublic", 342 | "XcPKDecPrivate", 343 | "XcPKGetKeyLen", 344 | "XcVerifyPKCS1Signature", 345 | "XcModExp", 346 | "XcDESKeyParity", 347 | "XcKeyTable", 348 | "XcBlockCrypt", 349 | "XcBlockCryptCBC", 350 | "XcCryptService", 351 | "XcUpdateCrypto", 352 | "RtlRip", 353 | "XboxLANKey", 354 | "XboxAlternateSignatureKeys", 355 | "XePublicKeyData", 356 | "HalBootSMCVideoMode", 357 | "IdexChannelObject", 358 | "HalIsResetOrShutdownPending", 359 | "IoMarkIrpMustComplete", 360 | "HalInitiateShutdown", 361 | "snprintf", 362 | "sprintf", 363 | "vsnprintf", 364 | "vsprintf", 365 | "HalEnableSecureTrayEject", 366 | "HalWriteSMCScratchRegister", 367 | "", 368 | "", 369 | "", 370 | "", 371 | "", 372 | "", 373 | "", 374 | "MmDbgAllocateMemory", 375 | "MmDbgFreeMemory", 376 | "MmDbgQueryAvailablePages", 377 | "MmDbgReleaseAddress", 378 | "MmDbgWriteCheck", 379 | -------------------------------------------------------------------------------- /format/pe/dotnet.h: -------------------------------------------------------------------------------- 1 | #ifndef YR_DOTNET_H 2 | #define YR_DOTNET_H 3 | 4 | #include 5 | #include "pe_specs.h" 6 | 7 | #pragma pack(push, 1) 8 | 9 | 10 | #define fits_in_pe(pe, pointer, size) \ 11 | ((size_t) size <= pe->data_size && \ 12 | (uint8_t*) (pointer) >= pe->data && \ 13 | (uint8_t*) (pointer) <= pe->data + pe->data_size - size) 14 | 15 | #define struct_fits_in_pe(pe, pointer, struct_type) \ 16 | fits_in_pe(pe, pointer, sizeof(struct_type)) 17 | 18 | // 19 | // CLI header. 20 | // ECMA-335 Section II.25.3.3 21 | // 22 | typedef struct _CLI_HEADER { 23 | DWORD Size; // Called "Cb" in documentation. 24 | WORD MajorRuntimeVersion; 25 | WORD MinorRuntimeVersion; 26 | IMAGE_DATA_DIRECTORY MetaData; 27 | DWORD Flags; 28 | DWORD EntryPointToken; 29 | IMAGE_DATA_DIRECTORY Resources; 30 | IMAGE_DATA_DIRECTORY StrongNameSignature; 31 | ULONGLONG CodeManagerTable; 32 | IMAGE_DATA_DIRECTORY VTableFixups; 33 | ULONGLONG ExportAddressTableJumps; 34 | ULONGLONG ManagedNativeHeader; 35 | } CLI_HEADER, *PCLI_HEADER; 36 | 37 | #define NET_METADATA_MAGIC 0x424a5342 38 | 39 | // 40 | // CLI MetaData 41 | // ECMA-335 Section II.24.2.1 42 | // 43 | // Note: This is only part of the struct, as the rest of it is variable length. 44 | // 45 | typedef struct _NET_METADATA { 46 | DWORD Magic; 47 | WORD MajorVersion; 48 | WORD MinorVersion; 49 | DWORD Reserved; 50 | DWORD Length; 51 | char Version[0]; 52 | } NET_METADATA, *PNET_METADATA; 53 | 54 | #define DOTNET_STREAM_NAME_SIZE 32 55 | 56 | // 57 | // CLI Stream Header 58 | // ECMA-335 Section II.24.2.2 59 | // 60 | typedef struct _STREAM_HEADER { 61 | DWORD Offset; 62 | DWORD Size; 63 | char Name[0]; 64 | } STREAM_HEADER, *PSTREAM_HEADER; 65 | 66 | 67 | // 68 | // CLI #~ Stream Header 69 | // ECMA-335 Section II.24.2.6 70 | // 71 | typedef struct _TILDE_HEADER { 72 | DWORD Reserved1; 73 | BYTE MajorVersion; 74 | BYTE MinorVersion; 75 | BYTE HeapSizes; 76 | BYTE Reserved2; 77 | ULONGLONG Valid; 78 | ULONGLONG Sorted; 79 | } TILDE_HEADER, *PTILDE_HEADER; 80 | 81 | // These are the bit positions in Valid which will be set if the table 82 | // exists. 83 | #define BIT_MODULE 0x00 84 | #define BIT_TYPEREF 0x01 85 | #define BIT_TYPEDEF 0x02 86 | #define BIT_FIELDPTR 0x03 // Not documented in ECMA-335 87 | #define BIT_FIELD 0x04 88 | #define BIT_METHODDEFPTR 0x05 // Not documented in ECMA-335 89 | #define BIT_METHODDEF 0x06 90 | #define BIT_PARAMPTR 0x07 // Not documented in ECMA-335 91 | #define BIT_PARAM 0x08 92 | #define BIT_INTERFACEIMPL 0x09 93 | #define BIT_MEMBERREF 0x0A 94 | #define BIT_CONSTANT 0x0B 95 | #define BIT_CUSTOMATTRIBUTE 0x0C 96 | #define BIT_FIELDMARSHAL 0x0D 97 | #define BIT_DECLSECURITY 0x0E 98 | #define BIT_CLASSLAYOUT 0x0F 99 | #define BIT_FIELDLAYOUT 0x10 100 | #define BIT_STANDALONESIG 0x11 101 | #define BIT_EVENTMAP 0x12 102 | #define BIT_EVENTPTR 0x13 // Not documented in ECMA-335 103 | #define BIT_EVENT 0x14 104 | #define BIT_PROPERTYMAP 0x15 105 | #define BIT_PROPERTYPTR 0x16 // Not documented in ECMA-335 106 | #define BIT_PROPERTY 0x17 107 | #define BIT_METHODSEMANTICS 0x18 108 | #define BIT_METHODIMPL 0x19 109 | #define BIT_MODULEREF 0x1A 110 | #define BIT_TYPESPEC 0x1B 111 | #define BIT_IMPLMAP 0x1C 112 | #define BIT_FIELDRVA 0x1D 113 | #define BIT_ENCLOG 0x1E // Not documented in ECMA-335 114 | #define BIT_ENCMAP 0x1F // Not documented in ECMA-335 115 | #define BIT_ASSEMBLY 0x20 116 | #define BIT_ASSEMBLYPROCESSOR 0x21 117 | #define BIT_ASSEMBLYOS 0x22 118 | #define BIT_ASSEMBLYREF 0x23 119 | #define BIT_ASSEMBLYREFPROCESSOR 0x24 120 | #define BIT_ASSEMBLYREFOS 0x25 121 | #define BIT_FILE 0x26 122 | #define BIT_EXPORTEDTYPE 0x27 123 | #define BIT_MANIFESTRESOURCE 0x28 124 | #define BIT_NESTEDCLASS 0x29 125 | #define BIT_GENERICPARAM 0x2A 126 | #define BIT_METHODSPEC 0x2B 127 | #define BIT_GENERICPARAMCONSTRAINT 0x2C 128 | // These are not documented in ECMA-335 nor is it clear what the format is. 129 | // They are for debugging information as far as I can tell. 130 | //#define BIT_DOCUMENT 0x30 131 | //#define BIT_METHODDEBUGINFORMATION 0x31 132 | //#define BIT_LOCALSCOPE 0x32 133 | //#define BIT_LOCALVARIABLE 0x33 134 | //#define BIT_LOCALCONSTANT 0x34 135 | //#define BIT_IMPORTSCOPE 0x35 136 | //#define BIT_STATEMACHINEMETHOD 0x36 137 | 138 | 139 | // 140 | // Element types. Note this is not a complete list as we aren't parsing all of 141 | // them. This only includes the ones we care about. 142 | // ECMA-335 Section II.23.1.16 143 | // 144 | #define ELEMENT_TYPE_STRING 0x0E 145 | 146 | 147 | // The string length of a typelib attribute is at most 0xFF. 148 | #define MAX_TYPELIB_SIZE 0xFF 149 | 150 | // 151 | // Module table 152 | // ECMA-335 Section II.22.30 153 | // 154 | typedef struct _MODULE_TABLE { 155 | WORD Generation; 156 | union { 157 | WORD Name_Short; 158 | DWORD Name_Long; 159 | } Name; 160 | union { 161 | WORD Mvid_Short; 162 | DWORD Mvid_Long; 163 | } Mvid; 164 | union { 165 | WORD EncId_Short; 166 | DWORD EncId_Long; 167 | } EncId; 168 | union { 169 | WORD EncBaseId_Short; 170 | DWORD EncBaseId_Long; 171 | } EncBaseId; 172 | } MODULE_TABLE, *PMODULE_TABLE; 173 | 174 | // 175 | // Assembly Table 176 | // ECMA-335 Section II.22.2 177 | // 178 | typedef struct _ASSEMBLY_TABLE { 179 | DWORD HashAlgId; 180 | WORD MajorVersion; 181 | WORD MinorVersion; 182 | WORD BuildNumber; 183 | WORD RevisionNumber; 184 | DWORD Flags; 185 | union { 186 | WORD PublicKey_Short; 187 | DWORD PublicKey_Long; 188 | } PublicKey; 189 | union { 190 | WORD Name_Short; 191 | DWORD Name_Long; 192 | } Name; 193 | } ASSEMBLY_TABLE, *PASSEMBLY_TABLE; 194 | 195 | 196 | // 197 | // Assembly Reference Table 198 | // ECMA-335 Section II.22.5 199 | // 200 | typedef struct _ASSEMBLYREF_TABLE { 201 | WORD MajorVersion; 202 | WORD MinorVersion; 203 | WORD BuildNumber; 204 | WORD RevisionNumber; 205 | DWORD Flags; 206 | union { 207 | WORD PublicKeyOrToken_Short; 208 | DWORD PublicKeyOrToken_Long; 209 | } PublicKeyOrToken; 210 | union { 211 | WORD Name_Short; 212 | DWORD Name_Long; 213 | } Name; 214 | } ASSEMBLYREF_TABLE, *PASSEMBLYREF_TABLE; 215 | 216 | 217 | // 218 | // Manifest Resource Table 219 | // ECMA-335 Section II.22.24 220 | // 221 | typedef struct _MANIFESTRESOURCE_TABLE { 222 | DWORD Offset; 223 | DWORD Flags; 224 | union { 225 | WORD Name_Short; 226 | DWORD Name_Long; 227 | } Name; 228 | union { 229 | WORD Implementation_Short; 230 | DWORD Implementation_Long; 231 | } Implementation; 232 | } MANIFESTRESOURCE_TABLE, *PMANIFESTRESOURCE_TABLE; 233 | 234 | // 235 | // ModuleRef Table 236 | // ECMA-335 Section II.22.31 237 | // 238 | // This is a short table, but necessary because the field size can change. 239 | // 240 | typedef struct _MODULEREF_TABLE { 241 | union { 242 | WORD Name_Short; 243 | DWORD Name_Long; 244 | } Name; 245 | } MODULEREF_TABLE, *PMODULEREF_TABLE; 246 | 247 | 248 | // 249 | // CustomAttribute Table 250 | // ECMA-335 Section II.22.10 251 | // 252 | typedef struct _CUSTOMATTRIBUTE_TABLE { 253 | union { 254 | WORD Parent_Short; 255 | DWORD Parent_Long; 256 | } Parent; 257 | union { 258 | WORD Type_Short; 259 | DWORD Type_Long; 260 | } Type; 261 | union { 262 | WORD Value_Short; 263 | DWORD Value_Long; 264 | } Value; 265 | } CUSTOMATTRIBUTE_TABLE, *PCUSTOMATTRIBUTE_TABLE; 266 | 267 | 268 | // 269 | // Constant TAble 270 | // ECMA-335 Section II.22.9 271 | // 272 | typedef struct _CONSTANT_TABLE { 273 | WORD Type; 274 | union { 275 | WORD Parent_Short; 276 | DWORD Parent_Long; 277 | } Parent; 278 | union { 279 | WORD Value_Short; 280 | DWORD Value_Long; 281 | } Value; 282 | } CONSTANT_TABLE, *PCONSTANT_TABLE; 283 | 284 | 285 | // Used to return offsets to the various headers. 286 | typedef struct _STREAMS { 287 | PSTREAM_HEADER guid; 288 | PSTREAM_HEADER tilde; 289 | PSTREAM_HEADER string; 290 | PSTREAM_HEADER blob; 291 | PSTREAM_HEADER us; 292 | } STREAMS, *PSTREAMS; 293 | 294 | 295 | // Used to return the value of parsing a #US or #Blob entry. 296 | // ECMA-335 Section II.24.2.4 297 | typedef struct _BLOB_PARSE_RESULT { 298 | uint8_t size; // Number of bytes parsed. This is the new offset. 299 | DWORD length; // Value of the bytes parsed. This is the blob length. 300 | } BLOB_PARSE_RESULT, *PBLOB_PARSE_RESULT; 301 | 302 | 303 | // Used to store the number of rows of each table. 304 | typedef struct _ROWS { 305 | uint32_t module; 306 | uint32_t moduleref; 307 | uint32_t assemblyref; 308 | uint32_t typeref; 309 | uint32_t methoddef; 310 | uint32_t memberref; 311 | uint32_t typedef_; 312 | uint32_t typespec; 313 | uint32_t field; 314 | uint32_t param; 315 | uint32_t property; 316 | uint32_t interfaceimpl; 317 | uint32_t event; 318 | uint32_t standalonesig; 319 | uint32_t assembly; 320 | uint32_t file; 321 | uint32_t exportedtype; 322 | uint32_t manifestresource; 323 | uint32_t genericparam; 324 | uint32_t genericparamconstraint; 325 | uint32_t methodspec; 326 | uint32_t assemblyrefprocessor; 327 | } ROWS, *PROWS; 328 | 329 | 330 | // Used to store the index sizes for the various tables. 331 | typedef struct _INDEX_SIZES { 332 | uint8_t string; 333 | uint8_t guid; 334 | uint8_t blob; 335 | uint8_t field; 336 | uint8_t methoddef; 337 | uint8_t memberref; 338 | uint8_t param; 339 | uint8_t event; 340 | uint8_t typedef_; 341 | uint8_t property; 342 | uint8_t moduleref; 343 | uint8_t assemblyrefprocessor; 344 | uint8_t assemblyref; 345 | uint8_t genericparam; 346 | } INDEX_SIZES, *PINDEX_SIZES; 347 | 348 | #pragma pack(pop) 349 | #endif 350 | -------------------------------------------------------------------------------- /format/mz/mz.c: -------------------------------------------------------------------------------- 1 | /* radare - LGPL - Copyright 2015-2018 nodepad, pancake */ 2 | 3 | #include "mz.h" 4 | #include 5 | 6 | static ut64 r_bin_mz_va_to_la(const ut16 segment, const ut16 offset) { 7 | return (segment << 4) + offset; 8 | } 9 | 10 | static ut64 r_bin_mz_la_to_pa(const struct r_bin_mz_obj_t *bin, ut64 la) { 11 | return la + (bin->dos_header->header_paragraphs << 4); 12 | } 13 | 14 | RBinAddr *r_bin_mz_get_entrypoint (const struct r_bin_mz_obj_t *bin) { 15 | const MZ_image_dos_header *mz; 16 | ut64 la; 17 | RBinAddr *entrypoint; 18 | 19 | if (!bin || !bin->dos_header) { 20 | return NULL; 21 | } 22 | 23 | mz = bin->dos_header; 24 | la = r_bin_mz_va_to_la (mz->cs, mz->ip); 25 | la &= 0xfffff; 26 | if (la >= bin->load_module_size) { 27 | eprintf ("Error: entry point outside load module\n"); 28 | return NULL; 29 | } 30 | entrypoint = R_NEW0 (RBinAddr); 31 | if (entrypoint) { 32 | entrypoint->vaddr = la; 33 | entrypoint->paddr = r_bin_mz_la_to_pa (bin, la); 34 | } 35 | 36 | return entrypoint; 37 | } 38 | 39 | static int cmp_sections(const void *a, const void *b) { 40 | const RBinSection *s_a, *s_b; 41 | 42 | s_a = a; 43 | s_b = b; 44 | 45 | return s_a->vaddr - s_b->vaddr; 46 | } 47 | 48 | static RBinSection *r_bin_mz_init_section(const struct r_bin_mz_obj_t *bin, 49 | ut64 laddr) { 50 | RBinSection *section; 51 | 52 | section = R_NEW0 (RBinSection); 53 | if (section) { 54 | section->vaddr = laddr; 55 | } 56 | 57 | return section; 58 | } 59 | 60 | RList *r_bin_mz_get_segments (const struct r_bin_mz_obj_t *bin) { 61 | RList *seg_list; 62 | RListIter *iter; 63 | RBinSection *section; 64 | MZ_image_relocation_entry *relocs; 65 | int i, num_relocs, section_number; 66 | ut16 ss; 67 | 68 | if (!bin || !bin->dos_header) { 69 | return NULL; 70 | } 71 | 72 | seg_list = r_list_newf (free); 73 | if (!seg_list) { 74 | return NULL; 75 | } 76 | 77 | /* Add address of first segment to make sure that it is present 78 | * even if there are no relocations or there isn't first segment in 79 | * the relocations. */ 80 | section = r_bin_mz_init_section (bin, 0); 81 | if (!section) { 82 | goto err_out; 83 | } 84 | r_list_add_sorted (seg_list, section, cmp_sections); 85 | 86 | relocs = bin->relocation_entries; 87 | num_relocs = bin->dos_header->num_relocs; 88 | for (i = 0; i < num_relocs; i++) { 89 | RBinSection c; 90 | ut64 laddr, paddr, section_laddr; 91 | ut16 *curr_seg; 92 | int left; 93 | 94 | laddr = r_bin_mz_va_to_la (relocs[i].segment, relocs[i].offset); 95 | if ((laddr + 2) >= bin->load_module_size) { 96 | continue; 97 | } 98 | 99 | paddr = r_bin_mz_la_to_pa (bin, laddr); 100 | curr_seg = (ut16 *)r_buf_get_at (bin->b, paddr, &left); 101 | if (left < 2) { 102 | continue; 103 | } 104 | 105 | section_laddr = r_bin_mz_va_to_la (r_read_le16 (curr_seg), 0); 106 | if (section_laddr > bin->load_module_size) { 107 | continue; 108 | } 109 | 110 | c.vaddr = section_laddr; 111 | if (r_list_find (seg_list, &c, cmp_sections)) { 112 | continue; 113 | } 114 | 115 | section = r_bin_mz_init_section (bin, section_laddr); 116 | if (!section) { 117 | goto err_out; 118 | } 119 | r_list_add_sorted (seg_list, section, cmp_sections); 120 | } 121 | 122 | /* Add address of stack segment if it's inside the load module. */ 123 | ss = bin->dos_header->ss; 124 | if (r_bin_mz_va_to_la (ss, 0) < bin->load_module_size) { 125 | section = r_bin_mz_init_section (bin, r_bin_mz_va_to_la (ss, 0)); 126 | if (!section) { 127 | goto err_out; 128 | } 129 | r_list_add_sorted (seg_list, section, cmp_sections); 130 | } 131 | 132 | /* Fixup sizes and addresses, set name, permissions and set add flag */ 133 | section_number = 0; 134 | r_list_foreach (seg_list, iter, section) { 135 | section->name = r_str_newf ("seg_%03d", section_number); 136 | if (section_number) { 137 | RBinSection *p_section = iter->p->data; 138 | p_section->size = section->vaddr - p_section->vaddr; 139 | p_section->vsize = p_section->size; 140 | } 141 | section->vsize = section->size; 142 | section->paddr = r_bin_mz_la_to_pa (bin, section->vaddr); 143 | section->perm = r_str_rwx ("rwx"); 144 | section->add = true; 145 | section_number++; 146 | } 147 | section = r_list_get_top (seg_list); 148 | section->size = bin->load_module_size - section->vaddr; 149 | section->vsize = section->size; 150 | 151 | return seg_list; 152 | 153 | err_out: 154 | eprintf ("Error: alloc (RBinSection)\n"); 155 | r_list_free (seg_list); 156 | 157 | return NULL; 158 | } 159 | 160 | struct r_bin_mz_reloc_t *r_bin_mz_get_relocs (const struct r_bin_mz_obj_t *bin) { 161 | int i, j; 162 | const int num_relocs = bin->dos_header->num_relocs; 163 | const MZ_image_relocation_entry *const rel_entry = bin->relocation_entries; 164 | 165 | struct r_bin_mz_reloc_t *relocs = calloc (num_relocs + 1, sizeof (*relocs)); 166 | if (!relocs) { 167 | eprintf ("Error: calloc (struct r_bin_mz_reloc_t)\n"); 168 | return NULL; 169 | } 170 | for (i = 0, j = 0; i < num_relocs; i++) { 171 | relocs[j].vaddr = r_bin_mz_va_to_la (rel_entry[i].segment, 172 | rel_entry[i].offset); 173 | relocs[j].paddr = r_bin_mz_la_to_pa (bin, relocs[j].vaddr); 174 | 175 | /* Add only relocations which resides inside dos executable */ 176 | if (relocs[j].vaddr < bin->load_module_size) { 177 | j++; 178 | } 179 | } 180 | relocs[j].last = 1; 181 | 182 | return relocs; 183 | } 184 | 185 | void *r_bin_mz_free (struct r_bin_mz_obj_t *bin) { 186 | if (!bin) { 187 | return NULL; 188 | } 189 | free ((void *)bin->dos_header); 190 | free ((void *)bin->dos_extended_header); 191 | free ((void *)bin->relocation_entries); 192 | r_buf_free (bin->b); 193 | bin->b = NULL; 194 | free (bin); 195 | return NULL; 196 | } 197 | 198 | static int r_bin_mz_init_hdr(struct r_bin_mz_obj_t *bin) { 199 | int relocations_size, dos_file_size; 200 | MZ_image_dos_header *mz; 201 | if (!(mz = R_NEW0 (MZ_image_dos_header))) { 202 | r_sys_perror ("malloc (MZ_image_dos_header)"); 203 | return false; 204 | } 205 | bin->dos_header = mz; 206 | // TODO: read field by field to avoid endian and alignment issues 207 | if (r_buf_read_at (bin->b, 0, (ut8 *)mz, sizeof (*mz)) == -1) { 208 | eprintf ("Error: read (MZ_image_dos_header)\n"); 209 | return false; 210 | } 211 | // dos_header is not endian safe here in this point 212 | if (mz->blocks_in_file < 1) { 213 | return false; 214 | } 215 | dos_file_size = ((mz->blocks_in_file - 1) << 9) + 216 | mz->bytes_in_last_block; 217 | 218 | bin->dos_file_size = dos_file_size; 219 | if (dos_file_size > bin->size) { 220 | return false; 221 | } 222 | bin->load_module_size = dos_file_size - (mz->header_paragraphs << 4); 223 | relocations_size = mz->num_relocs * sizeof (MZ_image_relocation_entry); 224 | if ((mz->reloc_table_offset + relocations_size) > bin->size) { 225 | return false; 226 | } 227 | 228 | sdb_num_set (bin->kv, "mz.initial.cs", mz->cs, 0); 229 | sdb_num_set (bin->kv, "mz.initial.ip", mz->ip, 0); 230 | sdb_num_set (bin->kv, "mz.initial.ss", mz->ss, 0); 231 | sdb_num_set (bin->kv, "mz.initial.sp", mz->sp, 0); 232 | sdb_num_set (bin->kv, "mz.overlay_number", mz->overlay_number, 0); 233 | sdb_num_set (bin->kv, "mz.dos_header.offset", 0, 0); 234 | sdb_set (bin->kv, "mz.dos_header.format", "[2]zwwwwwwwwwwwww" 235 | " signature bytes_in_last_block blocks_in_file num_relocs " 236 | " header_paragraphs min_extra_paragraphs max_extra_paragraphs " 237 | " ss sp checksum ip cs reloc_table_offset overlay_number ", 238 | 0); 239 | 240 | bin->dos_extended_header_size = mz->reloc_table_offset - 241 | sizeof (MZ_image_dos_header); 242 | 243 | if (bin->dos_extended_header_size > 0) { 244 | if (!(bin->dos_extended_header = 245 | malloc (bin->dos_extended_header_size))) { 246 | r_sys_perror ("malloc (dos extended header)"); 247 | return false; 248 | } 249 | if (r_buf_read_at (bin->b, sizeof (MZ_image_dos_header), 250 | (ut8 *)bin->dos_extended_header, 251 | bin->dos_extended_header_size) == -1) { 252 | eprintf ("Error: read (dos extended header)\n"); 253 | return false; 254 | } 255 | } 256 | 257 | if (relocations_size > 0) { 258 | if (!(bin->relocation_entries = malloc (relocations_size))) { 259 | r_sys_perror ("malloc (dos relocation entries)"); 260 | return false; 261 | } 262 | if (r_buf_read_at (bin->b, bin->dos_header->reloc_table_offset, 263 | (ut8 *)bin->relocation_entries, relocations_size) == -1) { 264 | eprintf ("Error: read (dos relocation entries)\n"); 265 | R_FREE (bin->relocation_entries); 266 | return false; 267 | } 268 | } 269 | return true; 270 | } 271 | 272 | static int r_bin_mz_init(struct r_bin_mz_obj_t *bin) { 273 | bin->dos_header = NULL; 274 | bin->dos_extended_header = NULL; 275 | bin->relocation_entries = NULL; 276 | bin->kv = sdb_new0 (); 277 | if (!r_bin_mz_init_hdr (bin)) { 278 | eprintf ("Warning: File is not MZ\n"); 279 | return false; 280 | } 281 | return true; 282 | } 283 | 284 | struct r_bin_mz_obj_t *r_bin_mz_new (const char *file) { 285 | const ut8 *buf; 286 | struct r_bin_mz_obj_t *bin = R_NEW0 (struct r_bin_mz_obj_t); 287 | if (!bin) { 288 | return NULL; 289 | } 290 | bin->file = file; 291 | if (!(buf = (ut8 *)r_file_slurp (file, &bin->size))) { 292 | return r_bin_mz_free (bin); 293 | } 294 | bin->b = r_buf_new (); 295 | if (!r_buf_set_bytes (bin->b, buf, bin->size)) { 296 | free ((void *)buf); 297 | return r_bin_mz_free (bin); 298 | } 299 | free ((void *)buf); 300 | if (!r_bin_mz_init (bin)) { 301 | return r_bin_mz_free (bin); 302 | } 303 | return bin; 304 | } 305 | 306 | struct r_bin_mz_obj_t *r_bin_mz_new_buf (const struct r_buf_t *buf) { 307 | struct r_bin_mz_obj_t *bin = R_NEW0 (struct r_bin_mz_obj_t); 308 | if (!bin) { 309 | return NULL; 310 | } 311 | bin->b = r_buf_new (); 312 | bin->size = buf->length; 313 | if (!r_buf_set_bytes (bin->b, buf->buf, bin->size)) { 314 | return r_bin_mz_free (bin); 315 | } 316 | 317 | return r_bin_mz_init (bin) ? bin : r_bin_mz_free (bin); 318 | } 319 | 320 | RBinAddr *r_bin_mz_get_main_vaddr (struct r_bin_mz_obj_t *bin) { 321 | int n; 322 | ut8 b[512]; 323 | if (!bin || !bin->b) { 324 | return NULL; 325 | } 326 | RBinAddr *entry = r_bin_mz_get_entrypoint (bin); 327 | if (!entry) { 328 | return NULL; 329 | } 330 | ZERO_FILL (b); 331 | if (r_buf_read_at (bin->b, entry->paddr, b, sizeof (b)) < 0) { 332 | eprintf ("Warning: Cannot read entry at 0x%16" PFMT64x "\n", (ut64)entry->paddr); 333 | free (entry); 334 | return NULL; 335 | } 336 | // MSVC 337 | if (b[0] == 0xb4 && b[1] == 0x30) { 338 | // ff 36 XX XX push XXXX 339 | // ff 36 XX XX push argv 340 | // ff 36 XX XX push argc 341 | // 9a XX XX XX XX lcall _main 342 | // 50 push ax 343 | for (n = 0; n < sizeof (b) - 18; n++) { 344 | if (b[n] == 0xff && b[n + 4] == 0xff && b[n + 8] == 0xff && b[n + 12] == 0x9a && b[n + 17] == 0x50) { 345 | const ut16 call_addr = r_read_ble16 (b + n + 13, 0); 346 | const ut16 call_seg = r_read_ble16 (b + n + 15, 0); 347 | entry->vaddr = r_bin_mz_va_to_la (call_seg, call_addr); 348 | entry->paddr = r_bin_mz_la_to_pa (bin, entry->vaddr); 349 | return entry; 350 | } 351 | } 352 | } 353 | 354 | R_FREE (entry); 355 | return NULL; 356 | } 357 | -------------------------------------------------------------------------------- /format/mdmp/mdmp_windefs.h: -------------------------------------------------------------------------------- 1 | /* radare2 - LGPL - Copyright 2016 - Davis, Alex Kornitzer */ 2 | 3 | #ifndef MDMP_WINDEFS_H 4 | #define MDMP_WINDEFS_H 5 | 6 | #define EXCEPTION_MAXIMUM_PARAMETERS 15 7 | 8 | #define MAXIMUM_SUPPORTED_EXTENSION 512 9 | 10 | #define SIZE_OF_80387_REGISTERS 80 11 | 12 | #define ARM_MAX_BREAKPOINTS 8 13 | #define ARM_MAX_WATCHPOINTS 1 14 | 15 | R_PACKED ( 16 | struct windows_floating_save_area { 17 | ut32 control_word; 18 | ut32 status_word; 19 | ut32 tag_word; 20 | ut32 error_offset; 21 | ut32 error_selector; 22 | ut32 data_offset; 23 | ut32 data_selector; 24 | ut8 register_area[SIZE_OF_80387_REGISTERS]; 25 | ut32 spare_0; 26 | }); 27 | 28 | R_PACKED ( 29 | struct windows_systemtime { 30 | ut16 w_year; 31 | ut16 w_month; 32 | ut16 w_day_of_week; 33 | ut16 w_day; 34 | ut16 w_hour; 35 | ut16 w_minute; 36 | ut16 w_second; 37 | ut16 w_milliseconds; 38 | }); 39 | 40 | R_PACKED ( 41 | struct windows_timezone_information { 42 | ut32 bias; 43 | ut16 standard_name[32]; 44 | struct windows_systemtime standard_date; 45 | ut32 standard_bias; 46 | ut16 daylight_name[32]; 47 | struct windows_systemtime daylight_date; 48 | ut32 daylight_bias; 49 | }); 50 | 51 | R_PACKED ( 52 | struct windows_m128a { 53 | ut64 low; 54 | st64 high; 55 | }); 56 | 57 | R_PACKED ( 58 | struct windows_neon128 { 59 | ut64 low; 60 | st64 high; 61 | }); 62 | 63 | R_PACKED ( 64 | struct windows_float128 { 65 | ut64 low; 66 | st64 high; 67 | }); 68 | 69 | R_PACKED ( 70 | struct context_type_i386 { 71 | ut32 context_flags; 72 | 73 | ut32 dr0; 74 | ut32 dr1; 75 | ut32 dr2; 76 | ut32 dr3; 77 | ut32 dr6; 78 | ut32 dr7; 79 | 80 | struct windows_floating_save_area float_save; 81 | 82 | ut32 seg_gs; 83 | ut32 seg_fs; 84 | ut32 seg_es; 85 | ut32 seg_ds; 86 | 87 | ut32 edi; 88 | ut32 esi; 89 | ut32 ebx; 90 | ut32 edx; 91 | ut32 ecx; 92 | ut32 eax; 93 | 94 | ut32 ebp; 95 | ut32 eip; 96 | ut32 seg_cs; 97 | ut32 e_flags; 98 | ut32 esp; 99 | ut32 seg_ss; 100 | 101 | ut8 extended_registers[MAXIMUM_SUPPORTED_EXTENSION]; 102 | }); 103 | 104 | R_PACKED ( 105 | struct context_type_ia64 { 106 | ut32 context_flags; 107 | ut32 fill_1[3]; 108 | 109 | ut64 db_i0; 110 | ut64 db_i1; 111 | ut64 db_i2; 112 | ut64 db_i3; 113 | ut64 db_i4; 114 | ut64 db_i5; 115 | ut64 db_i6; 116 | ut64 db_i7; 117 | 118 | ut64 db_d0; 119 | ut64 db_d1; 120 | ut64 db_d2; 121 | ut64 db_d3; 122 | ut64 db_d4; 123 | ut64 db_d5; 124 | ut64 db_d6; 125 | ut64 db_d7; 126 | 127 | struct windows_float128 flt_s0; 128 | struct windows_float128 flt_s1; 129 | struct windows_float128 flt_s2; 130 | struct windows_float128 flt_s3; 131 | struct windows_float128 flt_t0; 132 | struct windows_float128 flt_t1; 133 | struct windows_float128 flt_t2; 134 | struct windows_float128 flt_t3; 135 | struct windows_float128 flt_t4; 136 | struct windows_float128 flt_t5; 137 | struct windows_float128 flt_t6; 138 | struct windows_float128 flt_t7; 139 | struct windows_float128 flt_t8; 140 | struct windows_float128 flt_t9; 141 | 142 | struct windows_float128 flt_s4; 143 | struct windows_float128 flt_s5; 144 | struct windows_float128 flt_s6; 145 | struct windows_float128 flt_s7; 146 | struct windows_float128 flt_s8; 147 | struct windows_float128 flt_s9; 148 | struct windows_float128 flt_s10; 149 | struct windows_float128 flt_s11; 150 | struct windows_float128 flt_s12; 151 | struct windows_float128 flt_s13; 152 | struct windows_float128 flt_s14; 153 | struct windows_float128 flt_s15; 154 | struct windows_float128 flt_s16; 155 | struct windows_float128 flt_s17; 156 | struct windows_float128 flt_s18; 157 | struct windows_float128 flt_s19; 158 | 159 | struct windows_float128 flt_f32; 160 | struct windows_float128 flt_f33; 161 | struct windows_float128 flt_f34; 162 | struct windows_float128 flt_f35; 163 | struct windows_float128 flt_f36; 164 | struct windows_float128 flt_f37; 165 | struct windows_float128 flt_f38; 166 | struct windows_float128 flt_f39; 167 | 168 | struct windows_float128 flt_f40; 169 | struct windows_float128 flt_f41; 170 | struct windows_float128 flt_f42; 171 | struct windows_float128 flt_f43; 172 | struct windows_float128 flt_f44; 173 | struct windows_float128 flt_f45; 174 | struct windows_float128 flt_f46; 175 | struct windows_float128 flt_f47; 176 | struct windows_float128 flt_f48; 177 | struct windows_float128 flt_f49; 178 | 179 | struct windows_float128 flt_f50; 180 | struct windows_float128 flt_f51; 181 | struct windows_float128 flt_f52; 182 | struct windows_float128 flt_f53; 183 | struct windows_float128 flt_f54; 184 | struct windows_float128 flt_f55; 185 | struct windows_float128 flt_f56; 186 | struct windows_float128 flt_f57; 187 | struct windows_float128 flt_f58; 188 | struct windows_float128 flt_f59; 189 | 190 | struct windows_float128 flt_f60; 191 | struct windows_float128 flt_f61; 192 | struct windows_float128 flt_f62; 193 | struct windows_float128 flt_f63; 194 | struct windows_float128 flt_f64; 195 | struct windows_float128 flt_f65; 196 | struct windows_float128 flt_f66; 197 | struct windows_float128 flt_f67; 198 | struct windows_float128 flt_f68; 199 | struct windows_float128 flt_f69; 200 | 201 | struct windows_float128 flt_f70; 202 | struct windows_float128 flt_f71; 203 | struct windows_float128 flt_f72; 204 | struct windows_float128 flt_f73; 205 | struct windows_float128 flt_f74; 206 | struct windows_float128 flt_f75; 207 | struct windows_float128 flt_f76; 208 | struct windows_float128 flt_f77; 209 | struct windows_float128 flt_f78; 210 | struct windows_float128 flt_f79; 211 | 212 | struct windows_float128 flt_f80; 213 | struct windows_float128 flt_f81; 214 | struct windows_float128 flt_f82; 215 | struct windows_float128 flt_f83; 216 | struct windows_float128 flt_f84; 217 | struct windows_float128 flt_f85; 218 | struct windows_float128 flt_f86; 219 | struct windows_float128 flt_f87; 220 | struct windows_float128 flt_f88; 221 | struct windows_float128 flt_f89; 222 | 223 | struct windows_float128 flt_f90; 224 | struct windows_float128 flt_f91; 225 | struct windows_float128 flt_f92; 226 | struct windows_float128 flt_f93; 227 | struct windows_float128 flt_f94; 228 | struct windows_float128 flt_f95; 229 | struct windows_float128 flt_f96; 230 | struct windows_float128 flt_f97; 231 | struct windows_float128 flt_f98; 232 | struct windows_float128 flt_f99; 233 | 234 | struct windows_float128 flt_f100; 235 | struct windows_float128 flt_f101; 236 | struct windows_float128 flt_f102; 237 | struct windows_float128 flt_f103; 238 | struct windows_float128 flt_f104; 239 | struct windows_float128 flt_f105; 240 | struct windows_float128 flt_f106; 241 | struct windows_float128 flt_f107; 242 | struct windows_float128 flt_f108; 243 | struct windows_float128 flt_f109; 244 | 245 | struct windows_float128 flt_f110; 246 | struct windows_float128 flt_f111; 247 | struct windows_float128 flt_f112; 248 | struct windows_float128 flt_f113; 249 | struct windows_float128 flt_f114; 250 | struct windows_float128 flt_f115; 251 | struct windows_float128 flt_f116; 252 | struct windows_float128 flt_f117; 253 | struct windows_float128 flt_f118; 254 | struct windows_float128 flt_f119; 255 | 256 | struct windows_float128 flt_f120; 257 | struct windows_float128 flt_f121; 258 | struct windows_float128 flt_f122; 259 | struct windows_float128 flt_f123; 260 | struct windows_float128 flt_f124; 261 | struct windows_float128 flt_f125; 262 | struct windows_float128 flt_f126; 263 | struct windows_float128 flt_f127; 264 | 265 | ut64 st_fpsr; 266 | 267 | ut64 int_gp; 268 | ut64 int_t0; 269 | ut64 int_t1; 270 | ut64 int_s0; 271 | ut64 int_s1; 272 | ut64 int_s2; 273 | ut64 int_s3; 274 | ut64 int_v0; 275 | ut64 int_t2; 276 | ut64 int_t3; 277 | ut64 int_t4; 278 | ut64 int_sp; 279 | ut64 int_teb; 280 | ut64 int_t5; 281 | ut64 int_t6; 282 | ut64 int_t7; 283 | ut64 int_t8; 284 | ut64 int_t9; 285 | ut64 int_t10; 286 | ut64 int_t11; 287 | ut64 int_t12; 288 | ut64 int_t13; 289 | ut64 int_t14; 290 | ut64 int_t15; 291 | ut64 int_t16; 292 | ut64 int_t17; 293 | ut64 int_t18; 294 | ut64 int_t19; 295 | ut64 int_t20; 296 | ut64 int_t21; 297 | ut64 int_t22; 298 | 299 | ut64 int_nats; 300 | 301 | ut64 preds; 302 | 303 | ut64 br_rp; 304 | ut64 br_s0; 305 | ut64 br_s1; 306 | ut64 br_s2; 307 | ut64 br_s3; 308 | ut64 br_s4; 309 | ut64 br_t0; 310 | ut64 br_t1; 311 | 312 | ut64 ap_unat; 313 | ut64 ap_lc; 314 | ut64 ap_ec; 315 | ut64 ap_ccv; 316 | ut64 ap_dcr; 317 | 318 | ut64 rs_pfs; 319 | ut64 rs_bsp; 320 | ut64 rs_bspstore; 321 | ut64 rs_rsc; 322 | ut64 rs_rnat; 323 | 324 | ut64 st_ipsr; 325 | ut64 st_iip; 326 | ut64 st_ifs; 327 | 328 | ut64 st_fcr; 329 | ut64 eflag; 330 | ut64 seg_csd; 331 | ut64 seg_ssd; 332 | ut64 cflag; 333 | ut64 st_fsr; 334 | ut64 st_fir; 335 | ut64 st_fdr; 336 | 337 | ut64 unusedpack; 338 | }); 339 | 340 | R_PACKED ( 341 | struct context_type_arm { 342 | ut32 context_flags; 343 | 344 | ut32 r0; 345 | ut32 r1; 346 | ut32 r2; 347 | ut32 r3; 348 | ut32 r4; 349 | ut32 r5; 350 | ut32 r6; 351 | ut32 r7; 352 | ut32 r8; 353 | ut32 r9; 354 | ut32 r10; 355 | ut32 r11; 356 | ut32 r12; 357 | 358 | ut32 sp; 359 | ut32 lr; 360 | ut32 pc; 361 | ut32 cpsr; 362 | 363 | ut32 fpscr; 364 | ut32 padding; 365 | union { 366 | struct windows_neon128 q[16]; 367 | ut64 d[32]; 368 | ut32 s[32]; 369 | }; 370 | 371 | ut32 bvr[ARM_MAX_BREAKPOINTS]; 372 | ut32 bcr[ARM_MAX_BREAKPOINTS]; 373 | ut32 wvr[ARM_MAX_WATCHPOINTS]; 374 | ut32 wcr[ARM_MAX_WATCHPOINTS]; 375 | ut32 padding_2[2]; 376 | }); 377 | 378 | R_PACKED ( 379 | struct windows_xsave_format32 { 380 | ut16 control_word; 381 | ut16 status_word; 382 | ut8 tag_word; 383 | ut8 reserved_1; 384 | ut16 error_opcode; 385 | ut32 error_offset; 386 | ut16 error_selector; 387 | ut16 reserved_2; 388 | ut32 data_offset; 389 | ut16 data_selector; 390 | ut16 reserved3; 391 | ut32 mx_csr; 392 | ut32 mx_csr_mask; 393 | struct windows_m128a float_registers[8]; 394 | struct windows_m128a xmm_registers[8]; 395 | ut8 reserved_4[224]; 396 | }); 397 | 398 | R_PACKED ( 399 | struct context_type_amd64 { 400 | ut64 p1_home; 401 | ut64 p2_home; 402 | ut64 p3_home; 403 | ut64 p4_home; 404 | ut64 p5_home; 405 | ut64 p6_home; 406 | 407 | ut32 context_flags; 408 | ut32 mx_csr; 409 | 410 | ut16 seg_cs; 411 | ut16 seg_ds; 412 | ut16 seg_es; 413 | ut16 seg_fs; 414 | ut16 seg_gs; 415 | ut16 seg_ss; 416 | ut32 e_flags; 417 | 418 | ut64 dr0; 419 | ut64 dr1; 420 | ut64 dr2; 421 | ut64 dr3; 422 | ut64 dr6; 423 | ut64 dr7; 424 | 425 | ut64 rax; 426 | ut64 rcx; 427 | ut64 rdx; 428 | ut64 rbx; 429 | ut64 rsp; 430 | ut64 rbp; 431 | ut64 rsi; 432 | ut64 rdi; 433 | ut64 r8; 434 | ut64 r9; 435 | ut64 r10; 436 | ut64 r11; 437 | ut64 r12; 438 | ut64 r13; 439 | ut64 r14; 440 | ut64 r15; 441 | 442 | ut64 rip; 443 | 444 | union { 445 | struct windows_xsave_format32 flt_save; 446 | struct { 447 | struct windows_m128a header[2]; 448 | struct windows_m128a legacy[8]; 449 | struct windows_m128a xmm_0; 450 | struct windows_m128a xmm_1; 451 | struct windows_m128a xmm_2; 452 | struct windows_m128a xmm_3; 453 | struct windows_m128a xmm_4; 454 | struct windows_m128a xmm_5; 455 | struct windows_m128a xmm_6; 456 | struct windows_m128a xmm_7; 457 | struct windows_m128a xmm_8; 458 | struct windows_m128a xmm_9; 459 | struct windows_m128a xmm_10; 460 | struct windows_m128a xmm_11; 461 | struct windows_m128a xmm_12; 462 | struct windows_m128a xmm_13; 463 | struct windows_m128a xmm_14; 464 | struct windows_m128a xmm_15; 465 | }; 466 | }; 467 | 468 | struct windows_m128a vector_register[26]; 469 | ut64 vector_control; 470 | 471 | ut64 debugcontrol; 472 | ut64 last_branch_to_rip; 473 | ut64 last_branch_from_rip; 474 | ut64 last_exception_to_rip; 475 | ut64 last_exception_from_rip; 476 | }); 477 | 478 | R_PACKED ( 479 | struct windows_exception_record32 { 480 | ut32 exception_code; 481 | ut32 exception_flags; 482 | struct windows_exception_record32 *exception_record; 483 | ut32 exception_address; 484 | ut32 number_parameters; 485 | ut32 exception_information[EXCEPTION_MAXIMUM_PARAMETERS]; 486 | }); 487 | 488 | R_PACKED ( 489 | struct exception_pointers_i386 { 490 | struct windows_exception_record32 *exception_record; 491 | void /*struct context*/ *context_record; 492 | }); 493 | 494 | #endif /* MDMP_WINDEFS_H */ 495 | --------------------------------------------------------------------------------