├── .gitignore
├── LICENSE
├── Misc
    └── Web-(Dis)Assembly.pdf
├── README.md
└── Tools
    ├── IDA-Wasm
        ├── README.md
        ├── wasm_loader.py
        └── wasm_processor.py
    ├── Kaitai-Wasm
        ├── Makefile
        ├── requirements.txt
        ├── tests
        │   └── hello.wasm
        ├── vlq_base128_le.ksy
        ├── wasm-disassembler.py
        └── webassembly.ksy
    └── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | __pycache__
3 | *.pyo
4 | *.pyd
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    Copyright 2019 Sophos Group PLC
179 | 
180 |    Licensed under the Apache License, Version 2.0 (the "License");
181 |    you may not use this file except in compliance with the License.
182 |    You may obtain a copy of the License at
183 | 
184 |        http://www.apache.org/licenses/LICENSE-2.0
185 | 
186 |    Unless required by applicable law or agreed to in writing, software
187 |    distributed under the License is distributed on an "AS IS" BASIS,
188 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
189 |    See the License for the specific language governing permissions and
190 |    limitations under the License.
191 | 


--------------------------------------------------------------------------------
/Misc/Web-(Dis)Assembly.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophoslabs/WebAssembly/8ac3c7183b860599573622aceb207b94de7640f3/Misc/Web-(Dis)Assembly.pdf


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # WebAssembly #
 2 | 
 3 | This repository contains some tools developed to help analyzing [WebAssembly format](https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md):
 4 | 
 5 |  - the `Tools/` contains all the tools including:
 6 |     - a [Kaitai](https://kaitai.io) module for parsing `.wasm` files
 7 |     - a [IDA Pro](https://www.hex-rays.com/products/ida) processor and loader for the file format
 8 |  - the `Misc/` contains the slides for the [presentation on WebAssembly at Shakacon X](https://www.shakacon.org/web-disassembly-in-depth-peek-at-the-vm-running-inside-your-web-browser-by-christophe-alladoum/)
 9 | 
10 | 
11 | 


--------------------------------------------------------------------------------
/Tools/IDA-Wasm/README.md:
--------------------------------------------------------------------------------
 1 | # WebAssembly module for IDA Pro #
 2 | 
 3 | To support `.wasm` parsing in IDA Pro, it is required to have IDA Pro 7+ with IDAPython. The installation can be done by copying the files
 4 | `wasm_processor.py` (respectively `wasm_loader.py`) into the following directories:
 5 | 
 6 |  - `C:\Program Files\IDA 7.x\procs` (resp. `C:\Program Files\IDA 7.x\loaders`)  for a system-wide installation (need Admin privileges)
 7 |  - `%APPDATA%\Hex Rays\IDA\procs` (resp. `%APPDATA%\Hex Rays\IDA\procs`)  for a user-specific installation
 8 | 
 9 | ![preview.png](https://i.imgur.com/ROf2pXM.png)
10 | 
11 | 
12 | ## Known bugs ##
13 | 
14 |  - Since WASM uses function indexes and not addresses for function calls, the xref support for `call` instructions is not working correctly
15 |  - Exports tab does not uses the WASM function declaration
16 |  - Imports tab does not uses the WASM header
17 | 
18 | 


--------------------------------------------------------------------------------
/Tools/IDA-Wasm/wasm_loader.py:
--------------------------------------------------------------------------------
  1 | # -*- mode: python -*-
  2 | # -*- coding: utf-8 -*-
  3 | #
  4 | # WebAssembly loader for IDA Pro 7.+
  5 | #
  6 | #
  7 | # To install, simply copy `wasm_loader.py` in :
  8 | #  - C:\Program Files\IDA 7.1\loaders  (system-wide)
  9 | #  - %APPDATA%\Hex Rays\IDA\loaders  (user only)
 10 | #
 11 | 
 12 | from __future__ import print_function
 13 | 
 14 | import io, struct
 15 | import idc, idaapi
 16 | from idaapi import *
 17 | from idc import *
 18 | 
 19 | 
 20 | #
 21 | # Change here to enable verbose output
 22 | #
 23 | DEBUG = False
 24 | 
 25 | 
 26 | def enum(**enums):
 27 |     return type('Enum', (), enums)
 28 | 
 29 | def u8 (x): return struct.unpack("<B", x)[0]
 30 | def u16(x): return struct.unpack("<H", x)[0]
 31 | def u32(x): return struct.unpack("<I", x)[0]
 32 | def u64(x): return struct.unpack("<Q", x)[0]
 33 | 
 34 | def p8 (x): return struct.pack("<B", x)
 35 | def p16(x): return struct.pack("<H", x)
 36 | def p32(x): return struct.pack("<I", x)
 37 | def p64(x): return struct.pack("<Q", x)
 38 | 
 39 | def log(x): print(x)
 40 | def dbg(x): log("[*] {:s}".format(x)) if DEBUG else None
 41 | def ok(x): log("[+] {:s}".format(x))
 42 | def err(x): log("[-] {:s}".format(x))
 43 | def warn(x): log("[!] {:s}".format(x))
 44 | 
 45 | 
 46 | class DecodingError(Exception): 
 47 |     pass
 48 | 
 49 | 
 50 | class uint32:
 51 |     def __init__(self, raw):
 52 |         self.raw = raw[:4]
 53 |         self.value = u32(self.raw)
 54 |         self.max_size = self.size = 4
 55 | 
 56 | 
 57 | class uint64:
 58 |     def __init__(self, raw):
 59 |         self.raw = raw[:8]
 60 |         self.value = u64(self.raw)
 61 |         self.max_size = self.size = 8
 62 | 
 63 | 
 64 | class varuint32:
 65 |     max_size = 4
 66 |     def __init__(self, raw):
 67 |         self.raw = raw
 68 |         self.size, self.value = varint_decode_bytes(self.raw)
 69 | 
 70 | 
 71 | class varuint64(varuint32):
 72 |     max_size = 8
 73 | 
 74 | class func_type:
 75 |     def __init__(self, fd):
 76 |         _, self.form = varint_decode_stream(fd)
 77 |         _, self.param_count = varint_decode_stream(fd)
 78 |         self.param_types = []
 79 |         for i in range(self.param_count):
 80 |             _, self.param_types.append(varint_decode_stream(fd)[1])
 81 |         _, self.return_count = varint_decode_stream(fd)
 82 |         if self.return_count == 1:
 83 |             _, self.return_type = varint_decode_stream(fd)
 84 | 
 85 | class global_type:
 86 |     def __init__(self, fd):
 87 |         _, self.content_type = varint_decode_stream(fd)
 88 |         self.mutability = read_one(fd)
 89 | 
 90 | class table_type:
 91 |     def __init__(self, fd):
 92 |         _, self.element_type = varint_decode_stream(fd)
 93 |         self.limits = resizable_limits(fd)
 94 | 
 95 | class memory_type:
 96 |     def __init__(self, fd):
 97 |         self.limits = resizable_limits(fd)
 98 | 
 99 | class resizable_limits:
100 |     def __init__(self, fd):
101 |         _, self.flags = varint_decode_stream(fd)
102 |         _, self.initial = varint_decode_stream(fd)
103 |         if self.flags == 1:
104 |             _, self.maximal = varint_decode_stream(fd)
105 | 
106 | def read_one(stream):
107 |     c = stream.read(1)
108 |     if c == '':
109 |         raise EOFError("Unexpected EOF while reading bytes")
110 |     return ord(c)
111 | 
112 | def read_n(stream, n):
113 |     res = []
114 |     while n:
115 |         c = stream.read(1)
116 |         if c == '':
117 |             break
118 |         res.append(c)
119 |         n -= 1
120 |     return res
121 | 
122 | def read_until(stream, c):
123 |     res = []
124 |     while True:
125 |         cur = read_one(stream)
126 |         res.append(cur)
127 |         if cur == c:
128 |             break
129 |     return res
130 | 
131 | 
132 | # From https://github.com/fmoo/python-varint/blob/master/varint.py
133 | def varint_decode_stream(stream):
134 |     shift = 0
135 |     result = 0
136 |     j = 0
137 |     while True:
138 |         i = read_one(stream)
139 |         result |= (i & 0x7f) << shift
140 |         shift += 7
141 |         j += 1
142 |         if not (i & 0x80):
143 |             break
144 |     return j, result
145 | 
146 | 
147 | def varint_decode_bytes(buf):
148 |     return varint_decode_stream(io.BytesIO(buf))
149 | 
150 | 
151 | def AddWasmSegment(startea, endea, name, cls=None, base=0):
152 |     s = segment_t()
153 |     s.start_ea = startea
154 |     s.end_ea = endea
155 |     s.sel = setup_selector(base)
156 |     s.use32 = 0
157 |     s.align = saRelByte # saRelDble
158 |     s.perm = SEGPERM_EXEC | SEGPERM_WRITE | SEGPERM_READ
159 |     fl = ADDSEG_OR_DIE
160 |     idaapi.add_segm_ex(s, name, cls, fl)
161 |     return
162 | 
163 | 
164 | class WasmSection:
165 |     id = None            # varuint7
166 |     payload_len = None   # varuint32
167 |     name_len = None      # varuint32
168 |     bytes = None
169 |     payload_data = None
170 |     start_ea = 0
171 |     end_ea = 0
172 | 
173 |     CUSTOM=0
174 |     TYPE=1
175 |     IMPORT=2
176 |     FUNCTION=3
177 |     TABLE=4
178 |     MEMORY=5
179 |     GLOBAL=6
180 |     EXPORT=7
181 |     START=8
182 |     ELEMENT=9
183 |     CODE=10
184 |     DATA=11
185 | 
186 |     @staticmethod
187 |     def id_str(i):
188 |         if i==0: return "CUSTOM"
189 |         if i==1: return "TYPE"
190 |         if i==2: return "IMPORT"
191 |         if i==3: return "FUNCTION"
192 |         if i==4: return "TABLE"
193 |         if i==5: return "MEMORY"
194 |         if i==6: return "GLOBAL"
195 |         if i==7: return "EXPORT"
196 |         if i==8: return "START"
197 |         if i==9: return "ELEMENT"
198 |         if i==10: return "CODE"
199 |         if i==11: return "DATA"
200 | 
201 | 
202 | value_type = enum(i32=0x7f, i64=0x7e, f32=0x7d, f64=0x7c)
203 | 
204 | 
205 | class LocalEntry:
206 |     count = 0 # varuint32
207 |     type = 0 # value_type (varint7)
208 | 
209 | 
210 | class FunctionBody:
211 |     body_size = 0 # varuint32
212 |     local_count = 0 # varuint32
213 |     locals = []
214 |     code = []
215 |     end = 0x0b
216 |     start_ea = 0
217 |     end_ea = 0
218 |     ordinal = 0
219 | 
220 |     def __str__(self):
221 |         return "FunctionBody(len=%d)" %  (self.end_ea - self.start_ea)
222 | 
223 | 
224 | class CodeSection:
225 |     count = 0 # variunt32
226 |     function_bodies = [] # array of FunctionBody
227 | 
228 |     def __str__(self): 
229 |         return "CodeSection(%d functions)" % len(self.function_bodies)
230 | 
231 | 
232 | class ElemSegment:
233 |     index = 0
234 |     offset = None
235 |     num_elem = 0
236 |     elems = []
237 | 
238 | 
239 | class ElementSection:
240 |     count = 0 # variunt32
241 |     entries = []
242 | 
243 |     def __str__(self): 
244 |         return "ElementSection(%d elements)" % len(self.entries)
245 | 
246 | 
247 | class ImportSection:
248 |     count = 0 # variunt32
249 |     entries = []
250 | 
251 |     def __str__(self): 
252 |         return "ImportSection(%d imports)" % len(self.entries)
253 | 
254 | 
255 | class ImportEntry:
256 |     module_len = 0 # variunt32
257 |     module_str = None
258 |     field_len = 0 # variunt32
259 |     field_str = None
260 |     kind = 0
261 |     module_str_addr = 0
262 |     field_str_addr = 0
263 |     type = 0
264 | 
265 |     def __str__(self): 
266 |         return "ImportEntry(%s:%s, type:%s, kind:%d)" % (self.module_str, self.field_str, self.type.__class__.__name__, self.kind)
267 | 
268 | 
269 | class ExportSection:
270 |     count = 0 # variunt32
271 |     entries = []
272 | 
273 |     def __str__(self): 
274 |         return "ExportSection(%d exports)" % len(self.entries)
275 | 
276 | 
277 | class ExportEntry:
278 |     field_len = 0 # variunt32
279 |     field_str = None
280 |     kind = 0
281 |     index = 0
282 |     start_ea = 0
283 |     end_ea = 0
284 | 
285 |     def __str__(self): 
286 |         return "ExportEntry(%s)" % (self.field_str,)
287 | 
288 | 
289 | 
290 | class WASM:
291 |     MAGIC = "\x00asm"
292 |     VERSION = 1
293 | 
294 |     def __init__(self, fd, *args, **kwargs):
295 |         fd.seek(0)
296 |         raw = fd.read(8)
297 |         header, version = raw[:4], u32(raw[4:8])
298 |         assert header == WASM.MAGIC and version == WASM.VERSION
299 |         self.sections = []
300 |         self.code_start = None
301 |         self.entry_point = None
302 |         self.code_end = None
303 |         self.fd = fd
304 |         return
305 | 
306 | 
307 |     def __parse_code_section(self, fd):
308 |         cs = CodeSection()
309 |         _, cs.count = varint_decode_stream(fd)
310 |         for i in range(cs.count):
311 |             fb = FunctionBody()
312 |             _, fb.body_size = varint_decode_stream(fd)
313 |             _, fb.local_count = varint_decode_stream(fd)
314 |             local_start = fd.tell()
315 |             for j in range(fb.local_count):
316 |                 le = LocalEntry()
317 |                 _, le.count = varint_decode_stream(fd)
318 |                 _, le.type = varint_decode_stream(fd)
319 |                 fb.locals.append(le)
320 |             fb.start_ea = fd.tell()
321 |             fb.code = fd.read(fb.body_size - (fb.start_ea - local_start) - 1)
322 |             end = u8(fb.code[-1])
323 |             fb.end_ea = fd.tell()
324 |             dbg("FunctionBody {:x}-{:x} , body_size={:x}, local_count={:x}".format(fb.start_ea, fb.end_ea, fb.body_size, fb.local_count))
325 |             assert end == FunctionBody.end, "[CODE] {:x} != {:x} at {:x}".format(end, FunctionBody.end, fb.end_ea)
326 |             fb.ordinal = i
327 |             cs.function_bodies.append(fb)
328 |         dbg(cs)
329 |         return cs
330 | 
331 | 
332 |     def __parse_element_section(self, fd):
333 |         es = ElementSection()
334 |         _, es.count = varint_decode_stream(fd)
335 |         for i in range(es.count):
336 |             e = ElemSegment()
337 |             _, e.index = varint_decode_stream(fd)
338 |             e.offset = read_until(fd, 0x0b) # varint_decode_stream(fd)
339 |             _, e.num_elem = varint_decode_stream(fd)
340 |             for j in range(e.num_elem):
341 |                 _, elem = varint_decode_stream(fd)
342 |                 e.elems.append(elem)
343 |             dbg(e)
344 |         return es
345 | 
346 | 
347 |     def __parse_import_section(self, fd):
348 |         imp = ImportSection()
349 |         _, imp.count = varint_decode_stream(fd)
350 |         for ent in range(imp.count):
351 |             ie = ImportEntry()
352 |             _, ie.module_len = varint_decode_stream(fd)
353 |             ie.module_str_addr = fd.tell()
354 |             ie.module_str = fd.read(ie.module_len)
355 |             _, ie.field_len = varint_decode_stream(fd)
356 |             ie.field_str_addr = fd.tell()
357 |             ie.field_str = fd.read(ie.field_len)
358 |             ie.kind = read_one(fd)
359 |             if ie.kind == 0:                ie.type = varint_decode_stream(fd)
360 |             elif ie.kind == 1:              ie.type = table_type(fd)
361 |             elif ie.kind == 2:              ie.type = memory_type(fd)
362 |             elif ie.kind == 3:              ie.type = global_type(fd)
363 |             imp.entries.append(ie)
364 |             dbg("%d - %#x: %s" % (ent, fd.tell(), ie))
365 |         dbg(imp)
366 |         return imp
367 | 
368 | 
369 |     def __parse_export_section(self, fd):
370 |         exp = ExportSection()
371 |         _, exp.count = varint_decode_stream(fd)
372 |         for ent in range(exp.count):
373 |             ee = ExportEntry()
374 |             _, ee.field_len = varint_decode_stream(fd)
375 |             ee.start_ea = fd.tell()
376 |             ee.field_str = fd.read(ee.field_len)
377 |             ee.end_ea = fd.tell()
378 |             ee.kind = read_one(fd)
379 |             _, ee.index = varint_decode_stream(fd)
380 |             exp.entries.append(ee)
381 |         return exp
382 | 
383 | 
384 |     def parse(self):
385 |         fd = self.fd
386 |         fd.seek(8)
387 | 
388 |         fd.file2base(0, 0, 8, False)
389 |         AddWasmSegment(0, 8, "HEADER")
390 | 
391 |         while True:
392 |             try:
393 |                 s = WasmSection()
394 |                 s.start_ea = fd.tell()
395 |                 _, s.id = varint_decode_stream(fd)
396 |                 assert s.id in range(12), "[parser] Found invalid id %d at %#x" % (s.id, s.start_ea)
397 |                 _, s.payload_len = varint_decode_stream(fd)
398 |                 dbg("{:d} - {:s}".format(s.id, WasmSection.id_str(s.id)))
399 | 
400 |                 if s.id == WasmSection.CUSTOM:
401 |                     sizeof_namelen, s.name_len = varint_decode_stream(fd)
402 |                     s.name = fd.read(s.name_len)
403 |                     s.payload_data = fd.read(s.payload_len - len(s.name) - sizeof_namelen)
404 | 
405 |                 elif s.id == WasmSection.CODE:
406 |                     s.payload_data = self.__parse_code_section(fd)
407 | 
408 |                 elif s.id == WasmSection.ELEMENT:
409 |                     s.payload_data = self.__parse_element_section(fd)
410 | 
411 |                 elif s.id == WasmSection.IMPORT:
412 |                     s.payload_data = self.__parse_import_section(fd)
413 | 
414 |                 elif s.id == WasmSection.EXPORT:
415 |                     s.payload_data = self.__parse_export_section(fd)
416 | 
417 |                 else:
418 |                     s.payload_data = fd.read(s.payload_len)
419 | 
420 |                 s.end_ea = fd.tell()
421 |                 self.sections.append(s)
422 |             except Exception as e:
423 |                 err("ParseSection() raised exception '%s', skipping..." % (str(e),))
424 |                 break
425 | 
426 |         dbg("[*] found %d sections" % len(self.sections))
427 | 
428 |         found_code_section = False
429 |         for s in self.sections:
430 |             if s.id == WasmSection.CODE:
431 |                 found_code_section = True
432 |                 break
433 | 
434 |         assert found_code_section, "WASM file invalid: no CODE section"
435 |             
436 | 
437 |         for s in self.sections:
438 |             name = WasmSection.id_str(s.id)
439 |             print ("[+] Adding new Section '%s': %x-%x" % (name, s.start_ea, s.end_ea))
440 |             fd.file2base(s.start_ea, s.start_ea, s.end_ea, True)
441 |             cls=""
442 | 
443 |             if s.id == WasmSection.CODE:
444 |                 self.code_start = s.start_ea
445 |                 self.code_end  = s.end_ea
446 |                 for fb in s.payload_data.function_bodies:
447 |                     add_entry(fb.start_ea, fb.start_ea, "sub_{:08x}".format(fb.start_ea), 1)
448 | 
449 |                 cls = "CODE"
450 | 
451 |             if s.id == WasmSection.EXPORT:
452 |                 for idx, ee in enumerate(s.payload_data.entries):
453 |                     dbg("[EXPORT] Making str %d at %x (len=%x)" % (idx, ee.start_ea, ee.field_len))
454 |                     idc.MakeStr(ee.start_ea,  ee.start_ea+ee.field_len)
455 | 
456 |             if s.id == WasmSection.IMPORT:
457 |                 for idx, imp in enumerate(s.payload_data.entries):
458 |                     # dbg("[IMPORT] Making module str %d at %x (len=%x)" % (idx, imp.module_str_addr, imp.module_len))
459 |                     # idc.MakeStr(imp.module_str_addr, imp.module_str_addr+imp.module_len)
460 |                     # dbg("[IMPORT] Making field str %d at %x (len=%x)" % (idx, imp.field_str_addr, imp.field_len))
461 |                     # idc.MakeStr(imp.field_str_addr, imp.field_str_addr+imp.field_len)
462 |                     __class = idaapi.get_many_bytes(imp.module_str_addr, imp.module_len)
463 |                     __func = idaapi.get_many_bytes(imp.field_str_addr, imp.field_len)
464 |                     MakeDword(imp.module_str_addr)
465 |                     MakeName(imp.module_str_addr, "%s::%s" % (__class, __func))
466 | 
467 |                 cls = "XTRN"
468 | 
469 |                 # TODO add entry in Modules tab
470 | 
471 |             AddWasmSegment(s.start_ea, s.end_ea, name, cls)
472 | 
473 |         return
474 | 
475 | 
476 | def accept_file(f, n):
477 |     size = f.size()
478 |     retcode = 0
479 |     magic = f.read(4)
480 |     if magic == WASM.MAGIC:
481 |         ver = u32(f.read(4))
482 |         if ver == WASM.VERSION:
483 |             retcode = {"format": "WASM v%d Image" % ver , "processor":"wasm"}
484 |     return retcode
485 | 
486 | 
487 | def load_file(f, neflags, fmt):
488 |     SetProcessorType("wasm", SETPROC_ALL)
489 |     WASM(f).parse()
490 |     return 1
491 | 


--------------------------------------------------------------------------------
/Tools/IDA-Wasm/wasm_processor.py:
--------------------------------------------------------------------------------
  1 | # -*- mode: python -*-
  2 | # -*- coding: utf-8 -*-
  3 | #
  4 | # WebAssembly processor for IDA 7.+
  5 | #
  6 | #
  7 | # To install, simply copy `wasm_processor.py` in :
  8 | #  - C:\Program Files\IDA 7.1\procs  (system-wide)
  9 | #  - %APPDATA%\Hex Rays\IDA\procs  (user only)
 10 | #
 11 | # TODO:
 12 | # - handle xref to function indexes
 13 | # - fix incorrect block parsing
 14 | # - fill Exports tab based on wasm function declaration
 15 | # - fill Imports tab from WASM header
 16 | #
 17 | 
 18 | 
 19 | from __future__ import print_function
 20 | 
 21 | import collections
 22 | import math
 23 | import io
 24 | import struct
 25 | 
 26 | from idaapi import *
 27 | 
 28 | 
 29 | #
 30 | # If True, the disassembly will take way longer
 31 | #
 32 | DEBUG = False
 33 | 
 34 | 
 35 | FL_SIGNED = 0x000001
 36 | UA_MAXOP  = 8
 37 | 
 38 | 
 39 | def log(x): print(x)
 40 | def dbg(x): log("[*] {:s}".format(x)) if DEBUG else None
 41 | def ok(x): log("[+] {:s}".format(x))
 42 | def err(x): log("[-] {:s}".format(x))
 43 | def warn(x): log("[!] {:s}".format(x))
 44 | 
 45 | 
 46 | class DecodingError(Exception):
 47 |     pass
 48 | 
 49 | 
 50 | def varint_decode_stream(stream):
 51 |     def _read_one(stream):
 52 |         c = stream.read(1)
 53 |         if c == '':
 54 |             raise EOFError("Unexpected EOF while reading bytes")
 55 |         return ord(c)
 56 | 
 57 |     shift = 0
 58 |     result = 0
 59 |     j = 0
 60 |     while True:
 61 |         i = _read_one(stream)
 62 |         result |= (i & 0x7f) << shift
 63 |         shift += 7
 64 |         j += 1
 65 |         if not (i & 0x80):
 66 |             break
 67 | 
 68 |     return j, result
 69 | 
 70 | 
 71 | def varint_decode_bytes(buf):
 72 |     return varint_decode_stream(io.BytesIO(buf))
 73 | 
 74 | 
 75 | class uint32:
 76 |     def __init__(self, raw):
 77 |         self.raw = raw[:4]
 78 |         self.value = struct.unpack("<I", self.raw)
 79 |         self.max_size = self.size = 4
 80 | 
 81 | class uint64:
 82 |     def __init__(self, raw):
 83 |         self.raw = raw[:8]
 84 |         self.value = struct.unpack("<Q", self.raw)
 85 |         self.max_size = self.size = 8
 86 | 
 87 | class varuint32:
 88 |     max_size = 4
 89 |     def __init__(self, raw):
 90 |         self.raw = raw
 91 |         self.size, self.value = varint_decode_bytes(self.raw)
 92 | 
 93 | 
 94 | class varuint64(varuint32):
 95 |     max_size = 8
 96 | 
 97 | 
 98 | class memory_immediate:
 99 |     def __init__(self, raw):
100 |         s1, self.flags = varint_decode_bytes(raw)
101 |         s2, self.offset = varint_decode_bytes(raw[s1:])
102 |         self.size = s1 + s2
103 |         self.value = self.offset
104 | 
105 | 
106 | class block_type:
107 |     def __init__(self, raw):
108 |         self.size, self.value = varint_decode_bytes(raw)
109 | 
110 | 
111 | def get_next_bytes(insn, nb):
112 |     # horrible horrible hack
113 |     c = ""
114 |     old = nb
115 |     while nb:
116 |         c += chr(insn.get_next_byte())
117 |         nb -= 1
118 |     insn.size -= old
119 |     return c
120 | 
121 | 
122 | def read_until(insn, c):
123 |     res = []
124 |     nb = 0
125 |     while True:
126 |         cur = chr(insn.get_next_byte())
127 |         nb += 1
128 |         if cur == c:
129 |             break
130 |         res.append(cur)
131 |         nb += 1
132 |     insn.size -= nb
133 |     return "".join(res)
134 | 
135 | 
136 | 
137 | 
138 | #
139 | # Some internal flags used by the decoder, emulator and output
140 | # useless
141 | #
142 | FL_B         = 0x000000001 # 8 bits
143 | FL_W         = 0x000000002 # 16 bits
144 | FL_D         = 0x000000004 # 32 bits
145 | FL_Q         = 0x000000008 # 64 bits
146 | FL_OP1       = 0x000000010 # check operand 1
147 | FL_32        = 0x000000020 # Is 32
148 | FL_64        = 0x000000040 # Is 64
149 | FL_NATIVE    = 0x000000080 # native call
150 | FL_REL       = 0x000000100 # relative address
151 | FL_CS        = 0x000000200 # Condition flag is set
152 | FL_NCS       = 0x000000400 # Condition flag is not set
153 | FL_INDIREC   = 0x000000800 # This is an indirect access (not immediate value)
154 | FL_SIGNED    = 0x000001000 # This is a signed operand
155 | 
156 | 
157 | 
158 | 
159 | 
160 | class wasm_processor_t(processor_t):
161 |     id = 0x8000 + 1337
162 |     flag = PR_USE32 | PR_NO_SEGMOVE | PR_ADJSEGS | PRN_HEX 
163 |     cnbits = 8
164 |     dnbits = 8
165 |     psnames = ["wasm"]
166 |     plnames = ["WASM"]
167 |     segreg_size = 0
168 |     instruc_start = 0
169 |     tbyte_size = 0
170 |     assembler = {
171 |         "flag": AS_NCHRE | ASH_HEXF4 | ASD_DECF1 | ASO_OCTF3 | ASB_BINF2  | AS_NOTAB,
172 |         "uflag": 0,
173 |         "name": "WASM Assembler",
174 |         "origin": ".org",
175 |         "end": ".end",
176 |         "cmnt": ";",
177 |         "ascsep": '"',
178 |         "accsep": "'",
179 |         "esccodes": "\"'",
180 |         "a_ascii": ".ascii",
181 |         "a_byte": ".byte",
182 |         "a_word": ".word",
183 |         "a_bss": "dfs %s",
184 |         "a_seg": "seg",
185 |         "a_curip": "pc",
186 |         "a_public": "",
187 |         "a_weak": "",
188 |         "a_extrn": ".extern",
189 |         "a_comdef": "",
190 |         "a_align": ".align",
191 |         "lbrace": "(",
192 |         "rbrace": ")",
193 |         "a_mod": "%",
194 |         "a_band": "&",
195 |         "a_bor": "|",
196 |         "a_xor": "^",
197 |         "a_bnot": "~",
198 |         "a_shl": "<<",
199 |         "a_shr": ">>",
200 |         "a_sizeof_fmt": "size %s",
201 |     }
202 | 
203 |     instruc = instrs  = [
204 |         ### (name , opcode , description , ida-feature)
205 |         ## Feature bits: https://www.hex-rays.com/products/ida/support/sdkdoc/group___c_f__.html
206 | 
207 |         # Control flow operators
208 |         {"name": "unreachable", "opcode": 0x00, "description": "trap immediately", "feature": CF_STOP, "args": []},
209 |         {"name": "nop", "opcode": 0x01, "description": "no operation", "feature": 0, "args": []},
210 |         {"name": "block", "opcode": 0x02, "description": "begin a sequence of expressions, yielding 0 or 1 values", "feature": CF_JUMP, "args": [block_type, ]},
211 |         {"name": "loop", "opcode": 0x03, "description": "begin a block which can also form control flow loops", "feature": CF_JUMP, "args": [block_type, ]},
212 |         {"name": "if", "opcode": 0x04, "description": "begin if expression", "feature": CF_JUMP, "args": [block_type, ]},
213 |         {"name": "else", "opcode": 0x05, "description": "begin else expression of if", "feature": 0, "args": []},
214 |         {"name": "end", "opcode": 0x0b, "description": "end a block, loop, or if", "feature": 0, "args": []},
215 |         {"name": "br", "opcode": 0x0c, "description": "break that targets an outer nested block", "feature": CF_JUMP, "args": [varuint32, ]},
216 |         {"name": "br_if", "opcode": 0x0d, "description": "conditional break that targets an outer nested block", "feature": CF_JUMP, "args": [varuint32, ]},
217 |         {"name": "br_table", "opcode": 0x0e, "description": "branch table control flow construct", "feature": CF_JUMP, "args": []},
218 |         {"name": "return", "opcode": 0x0f, "description": "return zero or one value from this function", "feature": CF_STOP, "args": []},
219 | 
220 |         # Call operators
221 |         {"name": "call", "opcode": 0x10, "description": "call a function by its index", "feature": CF_CALL, "args": [varuint32, ]},
222 |         {"name": "call_indirect", "opcode": 0x11, "description": "call a function indirect with an expected signature", "feature": CF_CALL , "args": [varuint32, ]},
223 | 
224 |         # Parametric operators
225 |         {"name": "drop", "opcode": 0x1a, "description": "ignore value", "feature": 0, "args": []},
226 |         {"name": "select", "opcode": 0x1b, "description": "select one of two values based on condition", "feature": 0, "args": []},
227 | 
228 |         # Variable access
229 |         {"name": "get_local", "opcode": 0x20, "description": "read a local variable or parameter", "feature": CF_USE1, "args": [varuint32, ]},
230 |         {"name": "set_local", "opcode": 0x21, "description": "write a local variable or parameter", "feature": CF_USE1  | CF_CHG1, "args": [varuint32, ]},
231 |         {"name": "tee_local", "opcode": 0x22, "description": "write a local variable or parameter and return the same value", "feature": CF_USE1  | CF_CHG1 | CF_JUMP, "args": [varuint32, ]},
232 |         {"name": "get_global", "opcode": 0x23, "description": "read a global variable", "feature": CF_USE1, "args": [varuint32, ]},
233 |         {"name": "set_global", "opcode": 0x24, "description": "write a global variable", "feature": CF_CHG1, "args": [varuint32, ]},
234 | 
235 |         # # Memory-related operators
236 |         {"name": "i32.load"	, "opcode": 0x28,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
237 |         {"name": "i64.load"	, "opcode": 0x29,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
238 |         {"name": "f32.load"	, "opcode": 0x2a,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
239 |         {"name": "f64.load"	, "opcode": 0x2b,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
240 |         {"name": "i32.load8_s"	, "opcode": 0x2c,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
241 |         {"name": "i32.load8_u"	, "opcode": 0x2d,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
242 |         {"name": "i32.load16_s"	, "opcode": 0x2e,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
243 |         {"name": "i32.load16_u"	, "opcode": 0x2f,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
244 |         {"name": "i64.load8_s"	, "opcode": 0x30,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
245 |         {"name": "i64.load8_u"	, "opcode": 0x31,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
246 |         {"name": "i64.load16_s"	, "opcode": 0x32,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
247 |         {"name": "i64.load16_u"	, "opcode": 0x33,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
248 |         {"name": "i64.load32_s"	, "opcode": 0x34,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
249 |         {"name": "i64.load32_u"	, "opcode": 0x35,	"description": "load from memory", "feature": CF_USE1, "args": [memory_immediate,]},
250 |         {"name": "i32.store"	, "opcode": 0x36,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
251 |         {"name": "i64.store"	, "opcode": 0x37,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
252 |         {"name": "f32.store"	, "opcode": 0x38,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
253 |         {"name": "f64.store"	, "opcode": 0x39,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
254 |         {"name": "i32.store8"	, "opcode": 0x3a,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
255 |         {"name": "i32.store16"	, "opcode": 0x3b,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
256 |         {"name": "i64.store8"	, "opcode": 0x3c,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
257 |         {"name": "i64.store16"	, "opcode": 0x3d,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
258 |         {"name": "i64.store32"	, "opcode": 0x3e,	"description": "store to memory", "feature": CF_USE1, "args": [memory_immediate,]},
259 |         {"name": "current_memory", "opcode": 0x3f,      "description": "query the size of memory", "feature": 0, "args": [varuint32,]},
260 |         {"name": "grow_memory"	, "opcode": 0x40,	"description": "grow the size of memory", "feature": CF_USE1, "args": [varuint32,]},
261 | 
262 |         # # Constants
263 |         {"name": "i32.const", "opcode": 0x41, "description": "a constant value interpreted as i32", "feature": CF_USE1, "args": [varuint32,]},
264 |         {"name": "i64.const", "opcode": 0x42, "description": "a constant value interpreted as i64", "feature": CF_USE1, "args": [varuint64,]},
265 |         {"name": "f32.const", "opcode": 0x43, "description": "a constant value interpreted as f32", "feature": CF_USE1, "args": [uint32, ]},
266 |         {"name": "f64.const", "opcode": 0x44, "description": "a constant value interpreted as f64", "feature": CF_USE1, "args": [uint64, ]},
267 | 
268 |         # Comparison operators
269 |         {"name": "i32.eqz", "opcode": 0x45, "description": "", "feature": 0, "args": []},
270 |         {"name": "i32.eq",  "opcode": 0x46, "description": "", "feature": 0, "args": []},
271 |         {"name": "i32.ne", "opcode": 0x47, "description": "", "feature": 0, "args": []},
272 |         {"name": "i32.lt_s", "opcode": 0x48, "description": "", "feature": 0, "args": []},
273 |         {"name": "i32.lt_u" , "opcode": 0x49, "description": "", "feature": 0, "args": []},
274 |         {"name": "i32.gt_s" , "opcode": 0x4a, "description": "", "feature": 0, "args": []},
275 |         {"name": "i32.gt_u" , "opcode": 0x4b, "description": "", "feature": 0, "args": []},
276 |         {"name": "i32.le_s" , "opcode": 0x4c, "description": "", "feature": 0, "args": []},
277 |         {"name": "i32.le_u" , "opcode": 0x4d, "description": "", "feature": 0, "args": []},
278 |         {"name": "i32.ge_s" , "opcode": 0x4e, "description": "", "feature": 0, "args": []},
279 |         {"name": "i32.ge_u" , "opcode": 0x4f, "description": "", "feature": 0, "args": []},
280 |         {"name": "i64.eqz", "opcode": 0x50, "description": "", "feature": 0, "args": []},
281 |         {"name": "i64.eq", "opcode": 0x51, "description": "", "feature": 0, "args": []},
282 |         {"name": "i64.ne", "opcode": 0x52, "description": "", "feature": 0, "args": []},
283 |         {"name": "i64.lt_s" , "opcode": 0x53, "description": "", "feature": 0, "args": []},
284 |         {"name": "i64.lt_u" , "opcode": 0x54, "description": "", "feature": 0, "args": []},
285 |         {"name": "i64.gt_s" , "opcode": 0x55, "description": "", "feature": 0, "args": []},
286 |         {"name": "i64.gt_u" , "opcode": 0x56, "description": "", "feature": 0, "args": []},
287 |         {"name": "i64.le_s" , "opcode": 0x57, "description": "", "feature": 0, "args": []},
288 |         {"name": "i64.le_u" , "opcode": 0x58, "description": "", "feature": 0, "args": []},
289 |         {"name": "i64.ge_s" , "opcode": 0x59, "description": "", "feature": 0, "args": []},
290 |         {"name": "i64.ge_u" , "opcode": 0x5a, "description": "", "feature": 0, "args": []},
291 |         {"name": "f32.eq" , "opcode": 0x5b, "description": "", "feature": 0, "args": []},
292 |         {"name": "f32.ne" , "opcode": 0x5c, "description": "", "feature": 0, "args": []},
293 |         {"name": "f32.lt" , "opcode": 0x5d, "description": "", "feature": 0, "args": []},
294 |         {"name": "f32.gt" , "opcode": 0x5e, "description": "", "feature": 0, "args": []},
295 |         {"name": "f32.le" , "opcode": 0x5f, "description": "", "feature": 0, "args": []},
296 |         {"name": "f32.ge" , "opcode": 0x60, "description": "", "feature": 0, "args": []},
297 |         {"name": "f64.eq" , "opcode": 0x61, "description": "", "feature": 0, "args": []},
298 |         {"name": "f64.ne" , "opcode": 0x62, "description": "", "feature": 0, "args": []},
299 |         {"name": "f64.lt" , "opcode": 0x63, "description": "", "feature": 0, "args": []},
300 |         {"name": "f64.gt" , "opcode": 0x64, "description": "", "feature": 0, "args": []},
301 |         {"name": "f64.le" , "opcode": 0x65, "description": "", "feature": 0, "args": []},
302 |         {"name": "f64.ge" , "opcode": 0x66, "description": "", "feature": 0, "args": []},
303 | 
304 |         # Numeric operators
305 |         {"name": "i32.clz", "opcode": 0x67, "description": "", "feature": 0, "args": []},
306 |         {"name": "i32.ctz", "opcode": 0x68, "description": "", "feature": 0, "args": []},
307 |         {"name": "i32.popcnt", "opcode": 0x69, "description": "", "feature": 0, "args": []},
308 |         {"name": "i32.add", "opcode": 0x6a, "description": "", "feature": 0, "args": []},
309 |         {"name": "i32.sub", "opcode": 0x6b, "description": "", "feature": 0, "args": []},
310 |         {"name": "i32.mul", "opcode": 0x6c, "description": "", "feature": 0, "args": []},
311 |         {"name": "i32.div_s", "opcode": 0x6d, "description": "", "feature": 0, "args": []},
312 |         {"name": "i32.div_u", "opcode": 0x6e, "description": "", "feature": 0, "args": []},
313 |         {"name": "i32.rem_s", "opcode": 0x6f, "description": "", "feature": 0, "args": []},
314 |         {"name": "i32.rem_u", "opcode": 0x70, "description": "", "feature": 0, "args": []},
315 |         {"name": "i32.and", "opcode": 0x71, "description": "", "feature": 0, "args": []},
316 |         {"name": "i32.or", "opcode": 0x72, "description": "", "feature": 0, "args": []},
317 |         {"name": "i32.xor", "opcode": 0x73, "description": "", "feature": 0, "args": []},
318 |         {"name": "i32.shl", "opcode": 0x74, "description": "", "feature": 0, "args": []},
319 |         {"name": "i32.shr_s", "opcode": 0x75, "description": "", "feature": 0, "args": []},
320 |         {"name": "i32.shr_u", "opcode": 0x76, "description": "", "feature": 0, "args": []},
321 |         {"name": "i32.rotl", "opcode": 0x77, "description": "", "feature": 0, "args": []},
322 |         {"name": "i32.rotr", "opcode": 0x78, "description": "", "feature": 0, "args": []},
323 |         {"name": "i64.clz", "opcode": 0x79, "description": "", "feature": 0, "args": []},
324 |         {"name": "i64.ctz", "opcode": 0x7a, "description": "", "feature": 0, "args": []},
325 |         {"name": "i64.popcnt", "opcode": 0x7b, "description": "", "feature": 0, "args": []},
326 |         {"name": "i64.add", "opcode": 0x7c, "description": "", "feature": 0, "args": []},
327 |         {"name": "i64.sub", "opcode": 0x7d, "description": "", "feature": 0, "args": []},
328 |         {"name": "i64.mul", "opcode": 0x7e, "description": "", "feature": 0, "args": []},
329 |         {"name": "i64.div_s", "opcode": 0x7f, "description": "", "feature": 0, "args": []},
330 |         {"name": "i64.div_u", "opcode": 0x80, "description": "", "feature": 0, "args": []},
331 |         {"name": "i64.rem_s", "opcode": 0x81, "description": "", "feature": 0, "args": []},
332 |         {"name": "i64.rem_u", "opcode": 0x82, "description": "", "feature": 0, "args": []},
333 |         {"name": "i64.and", "opcode": 0x83, "description": "", "feature": 0, "args": []},
334 |         {"name": "i64.or", "opcode": 0x84, "description": "", "feature": 0, "args": []},
335 |         {"name": "i64.xor", "opcode": 0x85, "description": "", "feature": 0, "args": []},
336 |         {"name": "i64.shl", "opcode": 0x86, "description": "", "feature": 0, "args": []},
337 |         {"name": "i64.shr_s", "opcode": 0x87, "description": "", "feature": 0, "args": []},
338 |         {"name": "i64.shr_u", "opcode": 0x88, "description": "", "feature": 0, "args": []},
339 |         {"name": "i64.rotl", "opcode": 0x89, "description": "", "feature": 0, "args": []},
340 |         {"name": "i64.rotr", "opcode": 0x8a, "description": "", "feature": 0, "args": []},
341 |         {"name": "f32.abs", "opcode": 0x8b, "description": "", "feature": 0, "args": []},
342 |         {"name": "f32.neg", "opcode": 0x8c, "description": "", "feature": 0, "args": []},
343 |         {"name": "f32.ceil", "opcode": 0x8d, "description": "", "feature": 0, "args": []},
344 |         {"name": "f32.floor", "opcode": 0x8e, "description": "", "feature": 0, "args": []},
345 |         {"name": "f32.trunc", "opcode": 0x8f, "description": "", "feature": 0, "args": []},
346 |         {"name": "f32.nearest", "opcode": 0x90, "description": "", "feature": 0, "args": []},
347 |         {"name": "f32.sqrt", "opcode": 0x91, "description": "", "feature": 0, "args": []},
348 |         {"name": "f32.add", "opcode": 0x92, "description": "", "feature": 0, "args": []},
349 |         {"name": "f32.sub", "opcode": 0x93, "description": "", "feature": 0, "args": []},
350 |         {"name": "f32.mul", "opcode": 0x94, "description": "", "feature": 0, "args": []},
351 |         {"name": "f32.div", "opcode": 0x95, "description": "", "feature": 0, "args": []},
352 |         {"name": "f32.min", "opcode": 0x96, "description": "", "feature": 0, "args": []},
353 |         {"name": "f32.max", "opcode": 0x97, "description": "", "feature": 0, "args": []},
354 |         {"name": "f32.copysign", "opcode": 0x98, "description": "", "feature": 0, "args": []},
355 |         {"name": "f64.abs", "opcode": 0x99, "description": "", "feature": 0, "args": []},
356 |         {"name": "f64.neg", "opcode": 0x9a, "description": "", "feature": 0, "args": []},
357 |         {"name": "f64.ceil", "opcode": 0x9b, "description": "", "feature": 0, "args": []},
358 |         {"name": "f64.floor", "opcode": 0x9c, "description": "", "feature": 0, "args": []},
359 |         {"name": "f64.trunc", "opcode": 0x9d, "description": "", "feature": 0, "args": []},
360 |         {"name": "f64.nearest", "opcode": 0x9e, "description": "", "feature": 0, "args": []},
361 |         {"name": "f64.sqrt", "opcode": 0x9f, "description": "", "feature": 0, "args": []},
362 |         {"name": "f64.add", "opcode": 0xa0, "description": "", "feature": 0, "args": []},
363 |         {"name": "f64.sub", "opcode": 0xa1, "description": "", "feature": 0, "args": []},
364 |         {"name": "f64.mul", "opcode": 0xa2, "description": "", "feature": 0, "args": []},
365 |         {"name": "f64.div", "opcode": 0xa3, "description": "", "feature": 0, "args": []},
366 |         {"name": "f64.min", "opcode": 0xa4, "description": "", "feature": 0, "args": []},
367 |         {"name": "f64.max", "opcode": 0xa5, "description": "", "feature": 0, "args": []},
368 |         {"name": "f64.copysign", "opcode": 0xa6, "description": "", "feature": 0, "args": []},
369 | 
370 |         # # Conversions
371 |         {"name": "i32.wrap/i64", "opcode": 0xa7, "description": "", "feature": 0, "args": []},
372 |         {"name": "i32.trunc_s/f32", "opcode": 0xa8, "description": "", "feature": 0, "args": []},
373 |         {"name": "i32.trunc_u/f32", "opcode": 0xa9, "description": "", "feature": 0, "args": []},
374 |         {"name": "i32.trunc_s/f64", "opcode": 0xaa, "description": "", "feature": 0, "args": []},
375 |         {"name": "i32.trunc_u/f64", "opcode": 0xab, "description": "", "feature": 0, "args": []},
376 |         {"name": "i64.extend_s/i32", "opcode": 0xac, "description": "", "feature": 0, "args": []},
377 |         {"name": "i64.extend_u/i32", "opcode": 0xad, "description": "", "feature": 0, "args": []},
378 |         {"name": "i64.trunc_s/f32", "opcode": 0xae, "description": "", "feature": 0, "args": []},
379 |         {"name": "i64.trunc_u/f32", "opcode": 0xaf, "description": "", "feature": 0, "args": []},
380 |         {"name": "i64.trunc_s/f64", "opcode": 0xb0, "description": "", "feature": 0, "args": []},
381 |         {"name": "i64.trunc_u/f64", "opcode": 0xb1, "description": "", "feature": 0, "args": []},
382 |         {"name": "f32.convert_s/i32", "opcode": 0xb2, "description": "", "feature": 0, "args": []},
383 |         {"name": "f32.convert_u/i32", "opcode": 0xb3, "description": "", "feature": 0, "args": []},
384 |         {"name": "f32.convert_s/i64", "opcode": 0xb4, "description": "", "feature": 0, "args": []},
385 |         {"name": "f32.convert_u/i64", "opcode": 0xb5, "description": "", "feature": 0, "args": []},
386 |         {"name": "f32.demote/f64", "opcode": 0xb6, "description": "", "feature": 0, "args": []},
387 |         {"name": "f64.convert_s/i32", "opcode": 0xb7, "description": "", "feature": 0, "args": []},
388 |         {"name": "f64.convert_u/i32", "opcode": 0xb8, "description": "", "feature": 0, "args": []},
389 |         {"name": "f64.convert_s/i64", "opcode": 0xb9, "description": "", "feature": 0, "args": []},
390 |         {"name": "f64.convert_u/i64", "opcode": 0xba, "description": "", "feature": 0, "args": []},
391 |         {"name": "f64.promote/f32", "opcode": 0xbb, "description": "", "feature": 0, "args": []},
392 | 
393 |         # Reinterpretations
394 |         {"name": "i32.reinterpret/f32", "opcode": 0xbc, "description": "",  "feature": 0, "args": []},
395 |         {"name": "i64.reinterpret/f64", "opcode": 0xbd, "description": "",  "feature": 0, "args": []},
396 |         {"name": "f32.reinterpret/i32", "opcode": 0xbe, "description": "",  "feature": 0, "args": []},
397 |         {"name": "f64.reinterpret/i64", "opcode": 0xbf, "description": "",  "feature": 0, "args": []},
398 | 
399 |     ]
400 | 
401 |     instruc_end = len(instruc)
402 | 
403 |     def __init__(self):
404 |         processor_t.__init__(self)
405 |         self.PTRSZ = 4
406 |         self.init_instructions()
407 |         self.init_registers()
408 |         return
409 | 
410 | 
411 |     #
412 |     # Processor callback section
413 |     #
414 | 
415 |     def notify_get_autocmt(self, insn):
416 |         for name, itype in self.inames.iteritems():
417 |             if itype == insn.itype:
418 |                 for wi in self.insns:
419 |                     if wi.name == name:
420 |                         return wi.description
421 | 
422 | 
423 |     def notify_emu(self, insn):
424 |         dbg("in notify_emu...")
425 |         aux = insn.auxpref
426 |         ft = insn.get_canon_feature()
427 | 
428 |         if ft & CF_STOP == 0:
429 |             add_cref(insn.ea, insn.ea + insn.size, fl_F)
430 |         if ft & CF_JUMP:
431 |             if self.insns[insn.itype].name == "if":
432 |                 nb = 0
433 |                 while True:
434 |                     cur = insn.get_next_byte()
435 |                     nb += 1
436 |                     if cur in (0x05, 0x0b): # `end` or `else`
437 |                         break
438 |                 nb += 1
439 |                 insn.size -= nb
440 |                 add_cref(insn.ea, insn.ea + nb, fl_JN)
441 |             else:
442 |                 remember_problem(PR_JUMP, insn.ea)
443 |         return 1
444 | 
445 | 
446 |     def notify_out_operand(self, ctx, op):
447 |         dbg("in notify_out_operand...")
448 |         optype = op.type
449 |         fl = op.specval
450 |         signed = OOF_SIGNED if fl & FL_SIGNED else 0
451 |         ctx.out_value(op, OOFW_IMM | signed | (OOFW_32 if self.PTRSZ == 4 else OOFW_64))
452 |         return True
453 | 
454 | 
455 |     def notify_out_insn(self, ctx):
456 |         dbg("in notify_out_insn...")
457 |         operands = []
458 | 
459 |         ctx.out_mnemonic()
460 |         for i in range(UA_MAXOP):
461 |             op = ctx.insn[i]
462 |             if op.type == o_void: break
463 |             operands.append(op)
464 | 
465 |         for i, op in enumerate(operands):
466 |             ctx.out_char(' ')
467 |             ctx.out_one_operand(i)
468 |             if i != len(operands)-1:
469 |                 ctx.out_symbol(',')
470 | 
471 |         ctx.set_gen_cmt()
472 |         ctx.flush_outbuf()
473 |         return
474 | 
475 | 
476 |     def notify_ana(self, insn):
477 |         dbg("in notify_ana...")
478 |         self._ana(insn)
479 |         return insn.size
480 | 
481 | 
482 |     def ev_out_operand(self, ctx, op):
483 |         dbg("in ev_out_operand...")
484 |         return 1
485 | 
486 | 
487 |     def ev_out_insn(self, ctx):
488 |         dbg("in ev_out_insn...")
489 |         return
490 | 
491 | 
492 | 
493 |     #
494 |     # Processor initialization
495 |     #
496 | 
497 | 
498 |     def init_instructions(self):
499 |         dbg("Initializing WASM processor instruction set...")
500 |         self.inames = {}
501 |         self.insns = {}
502 |         WasmInstruction = collections.namedtuple("WasmInstruction", ["name" , "opcode" , "description" , "feature", "args"])
503 |         for i, ins in enumerate(self.instrs):
504 |             wi = WasmInstruction(**ins)
505 |             self.inames[wi.name] = i
506 |             self.insns[wi.opcode] = wi
507 |         return
508 | 
509 | 
510 | 
511 |     def init_registers(self):
512 |         self.regs_num = 1
513 |         self.reg_names = ["r%d" % d for d in range(0, self.regs_num)]
514 |         self.reg_names+= ["CS", "DS"]
515 |         self.reg_ids = {}
516 |         for i, reg in enumerate(self.reg_names):
517 |             self.reg_ids[reg] = i
518 | 
519 |         self.reg_first_sreg = self.reg_code_sreg = self.reg_ids["CS"]
520 |         self.reg_last_sreg  = self.reg_data_sreg = self.reg_ids["DS"]
521 |         return
522 | 
523 | 
524 | 
525 |     #
526 |     # Analysis and decoding functions
527 |     #
528 | 
529 |     def _ana(self, insn):
530 |         dbg("_ana at 0x%x" % insn.ea)
531 |         opcode = insn.get_next_byte()
532 | 
533 |         if not opcode in self.insns:
534 |             raise DecodingError("Unknown opcode 0x%x at offset 0x%x" % (opcode, insn.ea))
535 | 
536 |         wi = self.insns[opcode]
537 | 
538 |         insn.itype = self.inames[wi.name]
539 |         insn.size = 1
540 | 
541 |         dbg("creating insn %s (type=%d, size=%d, ea=%x, ip=%x)" % (wi.name, insn.itype, insn.size, insn.ea, insn.ip))
542 | 
543 |         if wi.args:
544 | 
545 |             for i, arg_t in enumerate(wi.args):
546 |                 op = insn.ops[i]
547 | 
548 |                 if arg_t is varuint32:
549 |                     raw_bytes = get_next_bytes(insn, 4)
550 |                     arg = varuint32(raw_bytes)
551 |                     op.type = o_imm
552 |                     op.value = arg.value
553 |                     op.flags = OF_SHOW
554 |                     op.specval |= FL_SIGNED
555 |                     op.addr = insn.ea + insn.size
556 |                     insn.size += arg.size
557 |                     dbg("adding VARUINT32 operand (value=%d, size=%d, raw=%s)" % (arg.value, arg.size, repr(raw_bytes)))
558 |                     continue
559 | 
560 |                 if arg_t is block_type:
561 |                     raw_bytes = get_next_bytes(insn, 4)
562 |                     b = block_type(raw_bytes)
563 |                     op.type = o_imm
564 |                     op.value = b.value
565 |                     op.flags = OF_SHOW
566 |                     op.specval |= FL_SIGNED
567 |                     op.addr = insn.ea + insn.size
568 |                     insn.size += b.size
569 |                     dbg("adding BLOCK_TYPE operand (value=%d, size=%d, raw=%s)" % (b.value, b.size, repr(raw_bytes)))
570 |                     continue
571 | 
572 |                 if arg_t is memory_immediate:
573 |                     raw_bytes = get_next_bytes(insn, 8)
574 |                     mi = memory_immediate(raw_bytes)
575 |                     op.type = o_imm
576 |                     op.value = mi.flags
577 |                     op.flags = OF_SHOW
578 |                     op.specval |= FL_SIGNED
579 |                     op.addr = insn.ea + insn.size
580 |                     insn.size += mi.size
581 |                     dbg("adding MEMORY_IMMEDIATE operand (value=%d, size=%d, raw=%s)" % (mi.value, mi.size, repr(raw_bytes)))
582 |                     continue
583 | 
584 |                 # default
585 |                 op.type = o_void
586 |                 op.flags = 0
587 | 
588 |         dbg("opcode %x -> %s, size=%d" % (wi.opcode, wi.name, insn.size))
589 |         return insn.size
590 | 
591 | 
592 | def PROCESSOR_ENTRY():
593 |     return wasm_processor_t()
594 | 


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/Makefile:
--------------------------------------------------------------------------------
 1 | EMCC	=	emcc
 2 | 
 3 | .PHONY: all clean
 4 | 
 5 | %.html: %.c
 6 | 	$(EMCC) -O0 $^ -s WASM=1 -o $@
 7 | 
 8 | %.py: %.ksy
 9 | 	kaitai-struct-compiler -t python  $^
10 | 
11 | %.js: %.ksy
12 | 	kaitai-struct-compiler -t javascript $^
13 | 
14 | all: webassembly.py
15 | 	make -C tests all
16 | 
17 | clean:
18 | 	rm -fr -- __pycache__ *.pyc webassembly.py vlq_base128_le.py
19 | 
20 | test: webassembly.py tests/hello.html
21 | 	./wasm-disassembler.py tests/hello.wasm
22 | 


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/requirements.txt:
--------------------------------------------------------------------------------
1 | hexdump
2 | kaitaistruct
3 | 


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/tests/hello.wasm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sophoslabs/WebAssembly/8ac3c7183b860599573622aceb207b94de7640f3/Tools/Kaitai-Wasm/tests/hello.wasm


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/vlq_base128_le.ksy:
--------------------------------------------------------------------------------
 1 | # -*- mode: yaml -*-
 2 | meta:
 3 |   id: vlq_base128_le
 4 |   title: Variable length quantity, unsigned integer, base128, little-endian
 5 |   license: CC0-1.0
 6 |   ks-version: 0.7
 7 | doc: |
 8 |   A variable-length unsigned integer using base128 encoding. 1-byte groups
 9 |   consists of 1-bit flag of continuation and 7-bit value, and are ordered
10 |   least significant group first, i.e. in little-endian manner
11 |   (https://github.com/kaitai-io/kaitai_struct_formats/blob/master/common/vlq_base128_le.ksy)
12 | 
13 | seq:
14 |   - id: groups
15 |     type: group
16 |     repeat: until
17 |     repeat-until: not _.has_next
18 | types:
19 |   group:
20 |     doc: |
21 |       One byte group, clearly divided into 7-bit "value" and 1-bit "has continuation
22 |       in the next byte" flag.
23 |     seq:
24 |       - id: b
25 |         type: u1
26 |     instances:
27 |       has_next:
28 |         value: (b & 0b1000_0000) != 0
29 |         doc: If true, then we have more bytes to read
30 |       value:
31 |         value: b & 0b0111_1111
32 |         doc: The 7-bit (base128) numeric value of this group
33 | instances:
34 |   len:
35 |     value: groups.size
36 |   value:
37 |     value: >-
38 |       groups[0].value
39 |       + (len >= 2 ? (groups[1].value << 7) : 0)
40 |       + (len >= 3 ? (groups[2].value << 14) : 0)
41 |       + (len >= 4 ? (groups[3].value << 21) : 0)
42 |       + (len >= 5 ? (groups[4].value << 28) : 0)
43 |       + (len >= 6 ? (groups[5].value << 35) : 0)
44 |       + (len >= 7 ? (groups[6].value << 42) : 0)
45 |       + (len >= 8 ? (groups[7].value << 49) : 0)
46 |     doc: Resulting value as normal integer
47 | 


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/wasm-disassembler.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python3
  2 | # -*- mode: python -*-
  3 | # -*- coding: utf-8 -*-
  4 | 
  5 | 
  6 | __author__    =   "Christophe Alladoum"
  7 | __version__   =   "0.1"
  8 | __licence__   =   "WTFPL v.2"
  9 | __file__      =   "wasm-disassembler.py"
 10 | __desc__      =   """WebAssembly file disassembler, based on Kaitai.io structure parser."""
 11 | __usage__     =   """
 12 | {3} version {0}, {1}
 13 | by {2}
 14 | syntax: {3} [options] args
 15 | """.format(__version__, __licence__, __author__, __file__)
 16 | 
 17 | 
 18 | import sys, os, argparse, struct, binascii
 19 | 
 20 | # katai-generated modules
 21 | try:
 22 |     from kaitaistruct import KaitaiStream, BytesIO
 23 | except ImportError:
 24 |     print("[-] Missing kaitai.io module")
 25 |     print("[-] Did you install: python -m pip install kaitaistruct")
 26 |     sys.exit(1)
 27 | 
 28 | try:
 29 |     import webassembly, vlq_base128_le
 30 | except ImportError:
 31 |     print("[-] Missing Webassembly module")
 32 |     print("[-] Did you run: ksc -t python webassembly.ksy")
 33 |     sys.exit(1)
 34 | 
 35 | # external pip modules
 36 | import hexdump
 37 | 
 38 | verbose = False
 39 | 
 40 | class WasmInstruction:
 41 |     mnemonic = None
 42 |     operands = []
 43 |     length = 0
 44 |     raw = bytearray()
 45 | 
 46 |     def __init__(self, data):
 47 |         opcode = data[0]
 48 |         if not opcode in opcodes:
 49 |             raise Exception("Invalid opcode {:02x}".format(opcode))
 50 | 
 51 |         self.mnemonic, nb_arg, arg_funcs = opcodes[opcode]
 52 | 
 53 |         length = 0
 54 |         args = []
 55 | 
 56 |         if nb_arg > 0:
 57 | 
 58 |             if self.mnemonic == "br_table":
 59 |                 length, args = branch_table(data[1:])
 60 | 
 61 |             else:
 62 |                 for i in range(nb_arg):
 63 |                     func = arg_funcs[i]
 64 |                     l, v = func(data[1+length:])
 65 |                     length += l
 66 |                     args.append("%#x" % v)
 67 | 
 68 |         self.operands = args
 69 |         self.length   = 1 + length
 70 |         self.raw      = data[0 : self.length]
 71 |         return
 72 | 
 73 |     def __str__(self):
 74 |         return "{} {}".format(self.mnemonic, ','.join(self.operands))
 75 | 
 76 |     @property
 77 |     def hexdump(self):
 78 |         return " ".join(["{:02x}".format(_) for _ in self.raw])
 79 | 
 80 | 
 81 | def varint(i):
 82 |     io = KaitaiStream(BytesIO(i))
 83 |     res = vlq_base128_le.VlqBase128Le(io)
 84 |     return res.len, res.value
 85 | 
 86 | def u8(i):
 87 |     return 1, struct.unpack("<B", i[0:1])[0]
 88 | 
 89 | def u16(i):
 90 |     return 2, struct.unpack("<H", i[0:2])[0]
 91 | 
 92 | def u32(i):
 93 |     return 4, struct.unpack("<I", i[0:4])[0]
 94 | 
 95 | def u64(i):
 96 |     return 8, struct.unpack("<Q", i[0:8])[0]
 97 | 
 98 | def block_type(i):
 99 |     return u8(i)
100 | 
101 | def branch_table(i):
102 |     target_table = []
103 |     total_length, target_count = varint(i)
104 |     for _ in range(target_count + 1):
105 |         _l, _c = varint(i[total_length:])
106 |         total_length+=_l
107 |         target_table.append("%#x" % _c)
108 | 
109 |     return total_length, target_table
110 | 
111 | 
112 | opcodes = {
113 |     # Control flow operators
114 |     0x00: ("unreachable", 0, []),
115 |     0x01: ("nop", 0, []),
116 |     0x02: ("block", 1, [block_type,]),
117 |     0x03: ("loop",1, [block_type,]),
118 |     0x04: ("if",1, [block_type,]),
119 |     0x05: ("else",0, []),
120 |     0x0b: ("end",0, []),
121 |     0x0c: ("br", 1, [varint, ]),
122 |     0x0d: ("br_if", 1, [varint, ]),
123 |     0x0e: ("br_table", 1, [branch_table, ]),
124 |     0x0f: ("return",0,[]),
125 | 
126 |     # Call operators
127 |     0x10: ("call", 1, [varint, ]),
128 |     0x11: ("call_indirect", 1, [varint, ]),
129 | 
130 |     # Parametric operators
131 |     0x1a: ("drop", 0, []),
132 |     0x1b: ("select", 0, []),
133 | 
134 |     # Variable access
135 |     0x20: ("get_local", 1, [varint, ]),
136 |     0x21: ("set_local", 1, [varint, ]),
137 |     0x22: ("tee_local", 1, [varint, ]),
138 |     0x23: ("get_global", 1, [varint, ]),
139 |     0x24: ("set_global", 1, [varint, ]),
140 | 
141 |     # Memory-related operators
142 |     0x28: ("i32.load", 2, [varint, varint, ]),
143 |     0x29: ("i64.load", 2, [varint, varint, ]),
144 |     0x2a: ("f32.load", 2, [varint, varint, ]),
145 |     0x2b: ("f64.load", 2, [varint, varint, ]),
146 |     0x2c: ("i32.load8_s", 2, [varint, varint, ]),
147 |     0x2d: ("i32.load8_u", 2, [varint, varint, ]),
148 |     0x2e: ("i32.load16_s", 2, [varint, varint, ]),
149 |     0x2f: ("i32.load16_u", 2, [varint, varint, ]),
150 |     0x30: ("i64.load8_s", 2, [varint, varint, ]),
151 |     0x31: ("i64.load8_u", 2, [varint, varint, ]),
152 |     0x32: ("i64.load16_s", 2, [varint, varint, ]),
153 |     0x33: ("i64.load16_u", 2, [varint, varint, ]),
154 |     0x34: ("i64.load32_s", 2, [varint, varint, ]),
155 |     0x35: ("i64.load32_u", 2, [varint, varint, ]),
156 |     0x36: ("i32.store", 2, [varint, varint, ]),
157 |     0x37: ("i64.store", 2, [varint, varint, ]),
158 |     0x38: ("f32.store", 2, [varint, varint, ]),
159 |     0x39: ("f64.store", 2, [varint, varint, ]),
160 |     0x3a: ("i32.store8", 2, [varint, varint, ]),
161 |     0x3b: ("i32.store16", 2, [varint, varint, ]),
162 |     0x3c: ("i64.store8", 2, [varint, varint, ]),
163 |     0x3d: ("i64.store16", 2, [varint, varint, ]),
164 |     0x3e: ("i64.store32", 2, [varint, varint, ]),
165 |     0x3f: ("current_memory", 1, [varint, ]),
166 |     0x40: ("grow_memory", 1, [varint, ]),
167 | 
168 |     # Constants
169 |     0x41: ("i32.const", 1, [varint, ]),
170 |     0x42: ("i64.const", 1, [varint, ]),
171 |     0x43: ("f32.const", 1, [u32, ]),
172 |     0x44: ("f64.const", 1, [u64, ]),
173 | 
174 |     # Comparison operators
175 |     0x45: ("i32.eqz", 0, []),
176 |     0x46: ("i32.eq", 0, []),
177 |     0x47: ("i32.ne", 0, []),
178 |     0x48: ("i32.lt_s", 0, []),
179 |     0x49: ("i32.lt_u", 0, []),
180 |     0x4a: ("i32.gt_s", 0, []),
181 |     0x4b: ("i32.gt_u", 0, []),
182 |     0x4c: ("i32.le_s", 0, []),
183 |     0x4d: ("i32.le_u", 0, []),
184 |     0x4e: ("i32.ge_s", 0, []),
185 |     0x4f: ("i32.ge_u", 0, []),
186 |     0x50: ("i64.eqz", 0, []),
187 |     0x51: ("i64.eq", 0, []),
188 |     0x52: ("i64.ne", 0, []),
189 |     0x53: ("i64.lt_s", 0, []),
190 |     0x54: ("i64.lt_u", 0, []),
191 |     0x55: ("i64.gt_s", 0, []),
192 |     0x56: ("i64.gt_u", 0, []),
193 |     0x57: ("i64.le_s", 0, []),
194 |     0x58: ("i64.le_u", 0, []),
195 |     0x59: ("i64.ge_s", 0, []),
196 |     0x5a: ("i64.ge_u", 0, []),
197 |     0x5b: ("f32.eq", 0, []),
198 |     0x5c: ("f32.ne", 0, []),
199 |     0x5d: ("f32.lt", 0, []),
200 |     0x5e: ("f32.gt", 0, []),
201 |     0x5f: ("f32.le", 0, []),
202 |     0x60: ("f32.ge", 0, []),
203 |     0x61: ("f64.eq", 0, []),
204 |     0x62: ("f64.ne", 0, []),
205 |     0x63: ("f64.lt", 0, []),
206 |     0x64: ("f64.gt", 0, []),
207 |     0x65: ("f64.le", 0, []),
208 |     0x66: ("f64.ge", 0, []),
209 | 
210 |     # Numeric operators
211 |     0x67: ("i32.clz", 0, []),
212 |     0x68: ("i32.ctz", 0, []),
213 |     0x69: ("i32.popcnt", 0, []),
214 |     0x6a: ("i32.add", 0, []),
215 |     0x6b: ("i32.sub", 0, []),
216 |     0x6c: ("i32.mul", 0, []),
217 |     0x6d: ("i32.div_s", 0, []),
218 |     0x6e: ("i32.div_u", 0, []),
219 |     0x6f: ("i32.rem_s", 0, []),
220 |     0x70: ("i32.rem_u", 0, []),
221 |     0x71: ("i32.and", 0, []),
222 |     0x72: ("i32.or", 0, []),
223 |     0x73: ("i32.xor", 0, []),
224 |     0x74: ("i32.shl", 0, []),
225 |     0x75: ("i32.shr_s", 0, []),
226 |     0x76: ("i32.shr_u", 0, []),
227 |     0x77: ("i32.rotl", 0, []),
228 |     0x78: ("i32.rotr", 0, []),
229 |     0x79: ("i64.clz", 0, []),
230 |     0x7a: ("i64.ctz", 0, []),
231 |     0x7b: ("i64.popcnt", 0, []),
232 |     0x7c: ("i64.add", 0, []),
233 |     0x7d: ("i64.sub", 0, []),
234 |     0x7e: ("i64.mul", 0, []),
235 |     0x7f: ("i64.div_s", 0, []),
236 |     0x80: ("i64.div_u", 0, []),
237 |     0x81: ("i64.rem_s", 0, []),
238 |     0x82: ("i64.rem_u", 0, []),
239 |     0x83: ("i64.and", 0, []),
240 |     0x84: ("i64.or", 0, []),
241 |     0x85: ("i64.xor", 0, []),
242 |     0x86: ("i64.shl", 0, []),
243 |     0x87: ("i64.shr_s", 0, []),
244 |     0x88: ("i64.shr_u", 0, []),
245 |     0x89: ("i64.rotl", 0, []),
246 |     0x8a: ("i64.rotr", 0, []),
247 |     0x8b: ("f32.abs", 0, []),
248 |     0x8c: ("f32.neg", 0, []),
249 |     0x8d: ("f32.ceil", 0, []),
250 |     0x8e: ("f32.floor", 0, []),
251 |     0x8f: ("f32.trunc", 0, []),
252 |     0x90: ("f32.nearest", 0, []),
253 |     0x91: ("f32.sqrt", 0, []),
254 |     0x92: ("f32.add", 0, []),
255 |     0x93: ("f32.sub", 0, []),
256 |     0x94: ("f32.mul", 0, []),
257 |     0x95: ("f32.div", 0, []),
258 |     0x96: ("f32.min", 0, []),
259 |     0x97: ("f32.max", 0, []),
260 |     0x98: ("f32.copysign", 0, []),
261 |     0x99: ("f64.abs", 0, []),
262 |     0x9a: ("f64.neg", 0, []),
263 |     0x9b: ("f64.ceil", 0, []),
264 |     0x9c: ("f64.floor", 0, []),
265 |     0x9d: ("f64.trunc", 0, []),
266 |     0x9e: ("f64.nearest", 0, []),
267 |     0x9f: ("f64.sqrt", 0, []),
268 |     0xa0: ("f64.add", 0, []),
269 |     0xa1: ("f64.sub", 0, []),
270 |     0xa2: ("f64.mul", 0, []),
271 |     0xa3: ("f64.div", 0, []),
272 |     0xa4: ("f64.min", 0, []),
273 |     0xa5: ("f64.max", 0, []),
274 |     0xa6: ("f64.copysign", 0, []),
275 | 
276 |     # Conversions
277 |     0xa7: ("i32.wrap/i64", 0, []),
278 |     0xa8: ("i32.trunc_s/f32", 0, []),
279 |     0xa9: ("i32.trunc_u/f32", 0, []),
280 |     0xaa: ("i32.trunc_s/f64", 0, []),
281 |     0xab: ("i32.trunc_u/f64", 0, []),
282 |     0xac: ("i64.extend_s/i32", 0, []),
283 |     0xad: ("i64.extend_u/i32", 0, []),
284 |     0xae: ("i64.trunc_s/f32", 0, []),
285 |     0xaf: ("i64.trunc_u/f32", 0, []),
286 |     0xb0: ("i64.trunc_s/f64", 0, []),
287 |     0xb1: ("i64.trunc_u/f64", 0, []),
288 |     0xb2: ("f32.convert_s/i32", 0, []),
289 |     0xb3: ("f32.convert_u/i32", 0, []),
290 |     0xb4: ("f32.convert_s/i64", 0, []),
291 |     0xb5: ("f32.convert_u/i64", 0, []),
292 |     0xb6: ("f32.demote/f64", 0, []),
293 |     0xb7: ("f64.convert_s/i32", 0, []),
294 |     0xb8: ("f64.convert_u/i32", 0, []),
295 |     0xb9: ("f64.convert_s/i64", 0, []),
296 |     0xba: ("f64.convert_u/i64", 0, []),
297 |     0xbb: ("f64.promote/f32", 0, []),
298 | 
299 |     # Reinterpretations
300 |     0xbc: ("i32.reinterpret/f32", 0, []),
301 |     0xbd: ("i64.reinterpret/f64", 0, []),
302 |     0xbe: ("f32.reinterpret/i32", 0, []),
303 |     0xbf: ("f64.reinterpret/i64", 0, []),
304 | }
305 | 
306 | 
307 | def get_code_section_data(w):
308 |     for s in w.sections.sections:
309 |         if s.header.id == w.PayloadType.code_payload:
310 |             return s.payload_data
311 |     return None
312 | 
313 | 
314 | def disassemble_blocks(code, *args, **kwargs):
315 |     global verbose
316 | 
317 |     if verbose:
318 |         nb_blocks = len(code.bodies)
319 |         print("[+] %d functions" % nb_blocks)
320 | 
321 |     for i, block in enumerate(code.bodies):
322 |         raw_data = block.data.code
323 |         disassemble_block(raw_data, i, args, kwargs)
324 | 
325 |     return
326 | 
327 | 
328 | def disassemble_block(raw, idx, *args, **kwargs):
329 |     stream = raw[:]
330 | 
331 |     print("[+] sub_%04x {" % idx)
332 | 
333 |     if kwargs.get("show_as_hexdump", False) == True:
334 |         hexdump.hexdump(stream)
335 | 
336 |     else:
337 |         idx = 0
338 |         while idx < len(stream):
339 |             insn = WasmInstruction(stream[idx:])
340 |             print("{:08x}  {:16s}  {}".format(idx, insn.hexdump, str(insn), ))
341 |             idx += insn.length
342 |     print("}")
343 | 
344 |     del stream
345 |     return
346 | 
347 | 
348 | if __name__ == "__main__":
349 |     parser = argparse.ArgumentParser(usage = __usage__,
350 |                                      description = __desc__)
351 | 
352 |     parser.add_argument("--raw", default=False,
353 |                         action="store_true", dest="show_as_hexdump",
354 |                         help="Show blocks as raw hexdump instead of instructions")
355 | 
356 |     parser.add_argument("-f", "--function-number", type=int, dest="funcnum",
357 |                         help="Only disassemble the function")
358 | 
359 |     parser.add_argument("-v", "--verbose", default=False,
360 |                         action="store_true", dest="verbose",
361 |                         help="Increments verbosity")
362 | 
363 |     parser.add_argument("wasm_file", help="WASM file to disassemble")
364 | 
365 |     args = parser.parse_args()
366 |     verbose = args.verbose
367 | 
368 |     assert( os.access(args.wasm_file, os.R_OK) )
369 | 
370 |     fd = open(args.wasm_file, 'rb')
371 |     wasm = webassembly.Webassembly.from_file(args.wasm_file)
372 |     assert( wasm.magic == b"\0asm" )
373 |     assert( wasm.version == 0x01 )
374 | 
375 |     if verbose:
376 |         print("[+] WASM '%s' has %d sections" % (args.wasm_file, len(wasm.sections.sections)))
377 | 
378 |     code = get_code_section_data(wasm)
379 |     assert( code is not None)
380 | 
381 |     if verbose:
382 |         print("[+] Code is at {:#x}".format(wasm._io.pos()))
383 | 
384 |     disassemble_blocks(code, show_as_hexdump=args.show_as_hexdump, wasm=wasm, fd=fd)
385 |     sys.exit(0)
386 | 


--------------------------------------------------------------------------------
/Tools/Kaitai-Wasm/webassembly.ksy:
--------------------------------------------------------------------------------
  1 | # -*- mode: yaml -*-
  2 | meta:
  3 |     id: webassembly
  4 |     title: Web Assembly parser
  5 |     file-extension: wasm
  6 |     endian: le
  7 |     license: CC0-1.0
  8 |     file-extension:
  9 |       - wasm
 10 |     imports:
 11 |       - vlq_base128_le
 12 | 
 13 | doc: |
 14 |   WebAssembly is a web standard that defines a binary format and a corresponding
 15 |   assembly-like text format for executable code in Web pages. It is meant to
 16 |   enable executing code nearly as fast as running native machine code.
 17 | 
 18 | doc-ref: https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md
 19 | 
 20 | #####################################################################################################
 21 | 
 22 | seq:
 23 |     - id: magic
 24 |       size: 4
 25 |       contents: [0x00, "asm"]
 26 |     - id: version
 27 |       type: u4
 28 |     - id: sections
 29 |       type: sections
 30 | 
 31 | #####################################################################################################
 32 | 
 33 | types:
 34 | 
 35 |   func_type:
 36 |     seq:
 37 |       - id: form
 38 |         type: u1
 39 |         enum: constructor_type
 40 |       - id: param_count
 41 |         type: u1
 42 |       - id: param_types
 43 |         type: u1
 44 |         enum: value_type
 45 |         repeat: expr
 46 |         repeat-expr: param_count
 47 |         if: param_count > 0
 48 |       - id: return_count
 49 |         type: u1
 50 |       - id: return_type
 51 |         type: u1
 52 |         enum: value_type
 53 |         if: return_count==1
 54 | 
 55 |   resizable_limits_type:
 56 |     seq:
 57 |       - id: flags
 58 |         type: u1
 59 |       - id: initial
 60 |         type: vlq_base128_le
 61 |       - id: maximum
 62 |         type: vlq_base128_le
 63 |         if: flags == 1
 64 | 
 65 |   table_type:
 66 |     seq:
 67 |       - id: element_type
 68 |         type: u1
 69 |         enum: elem_type
 70 |       - id: limits
 71 |         type: resizable_limits_type
 72 | 
 73 |   memory_type:
 74 |     seq:
 75 |       - id: limits
 76 |         type: resizable_limits_type
 77 | 
 78 |   global_type:
 79 |     seq:
 80 |       - id: content_type
 81 |         type: u1
 82 |         enum: value_type
 83 |       - id: mutability
 84 |         type: u1
 85 |         enum: mutability_flag
 86 | 
 87 |   global_variable_type:
 88 |     seq:
 89 |       - id: type
 90 |         type: global_type
 91 |       - id: init
 92 |         type: u1
 93 |         repeat: until
 94 |         repeat-until: _ == 0x0b
 95 | 
 96 |   export_entry_type:
 97 |     seq:
 98 |       - id: field_len
 99 |         type: vlq_base128_le
100 |       - id: field_str
101 |         type: str
102 |         encoding: UTF-8
103 |         size: field_len.value
104 |       - id: kind
105 |         type: u1
106 |         enum: kind_type
107 |       - id: index
108 |         type: vlq_base128_le
109 | 
110 |   elem_segment_type:
111 |     seq:
112 |       - id: index
113 |         type: vlq_base128_le
114 |       - id: offset
115 |         type: u1
116 |         repeat: until
117 |         repeat-until: _ == 0x0b
118 |       - id: num_elem
119 |         type: vlq_base128_le
120 |       - id: elems
121 |         type: vlq_base128_le
122 |         repeat: expr
123 |         repeat-expr: num_elem.value
124 | 
125 |   function_body_type:
126 |     seq:
127 |       - id: body_size
128 |         type: vlq_base128_le
129 |       - id: data
130 |         type: function_body_data_type
131 |         size: body_size.value
132 | 
133 |   function_body_data_type:
134 |     seq:
135 |       - id: local_count
136 |         type: vlq_base128_le
137 |       - id: locals
138 |         type: local_entry_type
139 |         repeat: expr
140 |         repeat-expr: local_count.value
141 |       - id: code
142 |         size-eos: true
143 | 
144 |   local_entry_type:
145 |     seq:
146 |       - id: count
147 |         type: vlq_base128_le
148 |       - id: type
149 |         type: u1
150 |         enum: value_type
151 | 
152 |   data_segment_type:
153 |     seq:
154 |       - id: index
155 |         type: vlq_base128_le
156 |       - id: offset
157 |         type: u1
158 |         repeat: until
159 |         repeat-until: _ == 0x0b
160 |       - id: size
161 |         type: vlq_base128_le
162 |       - id: data
163 |         type: u1
164 |         repeat: expr
165 |         repeat-expr: size.value
166 | 
167 |   section_header:
168 |     seq:
169 |       - id: id
170 |         type: u1
171 |         enum: payload_type
172 |       - id: payload_len
173 |         type: vlq_base128_le
174 |       - id: name_len
175 |         type: u4
176 |         if: id == payload_type::custom_payload
177 |       - id: name
178 |         size: name_len
179 |         if: id == payload_type::custom_payload
180 | 
181 |   section:
182 |     seq:
183 |       - id: header
184 |         type: section_header
185 | 
186 |       - id: payload_data
187 |         type:
188 |           switch-on: header.id
189 |           cases:
190 |             # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#high-level-structure
191 |             'payload_type::custom_payload':    unimplemented_section
192 |             'payload_type::type_payload':      type_section
193 |             'payload_type::import_payload':    import_section
194 |             'payload_type::function_payload':  function_section
195 |             'payload_type::table_payload':     table_section
196 |             'payload_type::memory_payload':    memory_section
197 |             'payload_type::global_payload':    global_section
198 |             'payload_type::export_payload':    export_section
199 |             'payload_type::start_payload':     start_section
200 |             'payload_type::element_payload':   element_section
201 |             'payload_type::code_payload':      code_section
202 |             'payload_type::data_payload':      data_section
203 | 
204 | 
205 |   sections:
206 |     seq:
207 |       - id: sections
208 |         type: section
209 |         repeat: eos
210 | 
211 |   type_section:
212 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#type-section
213 |     seq:
214 |       - id: count
215 |         type: u1
216 |       - id: entries
217 |         type: func_type
218 |         repeat: expr
219 |         repeat-expr: count
220 | 
221 |   import_section:
222 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#import-section
223 |     seq:
224 |       - id: count
225 |         type: u1
226 |       - id: entries
227 |         type: import_entry
228 |         if: count > 0
229 |         repeat: expr
230 |         repeat-expr: count
231 | 
232 |   import_entry:
233 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#import-entry
234 |     seq:
235 |       - id: module_len
236 |         type: vlq_base128_le
237 |       - id: module_str
238 |         type: str
239 |         size: module_len.value
240 |         encoding: UTF-8
241 |       - id: field_len
242 |         type: vlq_base128_le
243 |       - id: field_str
244 |         type: str
245 |         size: field_len.value
246 |         encoding: UTF-8
247 |       - id: kind
248 |         type: u1
249 |         enum: kind_type
250 |       - id: type
251 |         type:
252 |           switch-on: kind
253 |           cases:
254 |             'kind_type::function_kind':  vlq_base128_le
255 |             'kind_type::table_kind':     table_type
256 |             'kind_type::memory_kind':    memory_type
257 |             'kind_type::global_kind':    global_type
258 | 
259 |   function_section:
260 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#function-section
261 |     seq:
262 |       - id: count
263 |         type: vlq_base128_le
264 |       - id: types
265 |         type: vlq_base128_le
266 |         repeat: expr
267 |         repeat-expr: count.value
268 | 
269 |   table_section:
270 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#table-section
271 |     seq:
272 |       - id: count
273 |         type: vlq_base128_le
274 |       - id: entries
275 |         type: table_type
276 |         repeat: expr
277 |         repeat-expr: count.value
278 | 
279 |   memory_section:
280 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#memory-section
281 |     seq:
282 |       - id: count
283 |         type: vlq_base128_le
284 |       - id: entries
285 |         type: memory_type
286 |         repeat: expr
287 |         repeat-expr: count.value
288 | 
289 |   global_section:
290 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#global-section
291 |     seq:
292 |       - id: count
293 |         type: vlq_base128_le
294 |       - id: globals
295 |         type: global_variable_type
296 |         repeat: expr
297 |         repeat-expr: count.value
298 | 
299 |   export_section:
300 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#export-section
301 |     seq:
302 |       - id: count
303 |         type: vlq_base128_le
304 |       - id: entries
305 |         type: export_entry_type
306 |         repeat: expr
307 |         repeat-expr: count.value
308 | 
309 |   start_section:
310 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#start-section
311 |     seq:
312 |       - id: index
313 |         type: vlq_base128_le
314 | 
315 |   element_section:
316 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#element-section
317 |     seq:
318 |       - id: count
319 |         type: vlq_base128_le
320 |       - id: entries
321 |         type: elem_segment_type
322 |         repeat: expr
323 |         repeat-expr: count.value
324 | 
325 |   code_section:
326 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#code-section
327 |     seq:
328 |       - id: count
329 |         type: vlq_base128_le
330 |       - id: bodies
331 |         type: function_body_type
332 |         repeat: expr
333 |         repeat-expr: count.value
334 | 
335 |   data_section:
336 |     # https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#data-section
337 |     seq:
338 |       - id: count
339 |         type: vlq_base128_le
340 |       - id: entries
341 |         type: data_segment_type
342 |         repeat: expr
343 |         repeat-expr: count.value
344 | 
345 |   unimplemented_section:
346 |       seq:
347 |         - id: raw
348 |           type: u1
349 |           repeat: expr
350 |           repeat-expr: _parent.header.payload_len.value
351 | 
352 | #####################################################################################################
353 | 
354 | enums:
355 | 
356 |   constructor_type:
357 |     0x7f: i32
358 |     0x7e: i64
359 |     0x7d: f32
360 |     0x7c: f64
361 |     0x70: anyfunc
362 |     0x60: func
363 |     0x40: empty_block
364 | 
365 |   value_type:
366 |     0x7f: i32
367 |     0x7e: i64
368 |     0x7d: f32
369 |     0x7c: f64
370 | 
371 |   kind_type:
372 |     0: function_kind
373 |     1: table_kind
374 |     2: memory_kind
375 |     3: global_kind
376 | 
377 |   payload_type:
378 |     0: custom_payload
379 |     1: type_payload
380 |     2: import_payload
381 |     3: function_payload
382 |     4: table_payload
383 |     5: memory_payload
384 |     6: global_payload
385 |     7: export_payload
386 |     8: start_payload
387 |     9: element_payload
388 |     10: code_payload
389 |     11: data_payload
390 | 
391 |   elem_type:
392 |     0x70: anyfunc
393 | 
394 |   mutability_flag:
395 |     0: immutable
396 |     1: mutable
397 | 


--------------------------------------------------------------------------------
/Tools/README.md:
--------------------------------------------------------------------------------
 1 | # WebAssembly parser for Kaitai.io #
 2 | 
 3 | 
 4 | ## Requirements ##
 5 | 
 6 |   * `emcc` from [EmScripten compiler suite](https://github.com/kripken/emscripten). Build instructions can be
 7 |     found [here](http://kripken.github.io/emscripten-site/docs/getting_started/downloads.html)
 8 |   * [`kaitai-struct`](http://kaitai.io/) and its Python module
 9 | 
10 | ``` bash
11 | # for debian-based Linux systems
12 | $ sudo apt-key adv --keyserver hkp://pool.sks-keyservers.net --recv 379CE192D401AB61
13 | $ echo "deb https://dl.bintray.com/kaitai-io/debian jessie main" | sudo tee /etc/apt/sources.list.d/kaitai.list
14 | $ sudo apt update && sudo apt install kaitai-struct-compiler
15 | $ pip3 install --user -r ./requirements.txt
16 | ```
17 | 
18 | 
19 | ## Tests ##
20 | 
21 | `make test` will compile everything and disassemble a test WASM compiled "print
22 | (Hello World)" file.
23 | 
24 | ``` bash
25 | $ make test
26 | kaitai-struct-compiler -t python  webassembly.ksy
27 | emcc tests/hello.c -s WASM=1 -o tests/hello.html
28 | ./wasm-disassembler.py tests/hello.wasm
29 | [+] sub_0000 {
30 | 00000000  23 0c             get_global 0xc
31 | 00000002  21 01             set_local 0x1
32 | 00000004  23 0c             get_global 0xc
33 | 00000006  20 00             get_local 0x0
34 | 00000008  6a                i32.add
35 | 00000009  24 0c             set_global 0xc
36 | 0000000b  23 0c             get_global 0xc
37 | 0000000d  41 0f             i32.const 0xf
38 | 0000000f  6a                i32.add
39 | }
40 | [...]
41 | ```
42 | 


--------------------------------------------------------------------------------