]>
git.siccegge.de Git - frida/frida.git/blob - src/disassembler/llvm/LLVMDisassembler.cxx
1 #include "disassembler/llvm/LLVMDisassembler.hxx"
2 #include "core/InformationManager.hxx"
3 #include "core/Function.hxx"
4 #include "core/BasicBlock.hxx"
11 using namespace llvm::object
;
12 using std::error_code
;
17 Disassembler
* createLLVMDisassembler(const std::string
& filename
, InformationManager
* manager
) {
21 std::unique_ptr
<Binary
> o
;
22 o
.reset(createBinary(filename
).get());
23 Binary
* op
= o
.release();
25 // ELFType<endian, maxalign, 64bit>
26 if (ELF32LEObjectFile
* object
= dyn_cast
<ELF32LEObjectFile
>(op
)) {
27 return new LLVMDisassembler
<ELFType
<support::little
, 2, false>>(filename
, manager
, object
);
29 if (ELF64LEObjectFile
* object
= dyn_cast
<ELF64LEObjectFile
>(op
)) {
30 return new LLVMDisassembler
<ELFType
<support::little
, 2, true>>(filename
, manager
, object
);
32 if (ELF32BEObjectFile
* object
= dyn_cast
<ELF32BEObjectFile
>(op
)) {
33 return new LLVMDisassembler
<ELFType
<support::big
, 2, false>>(filename
, manager
, object
);
35 if (ELF64BEObjectFile
* object
= dyn_cast
<ELF64BEObjectFile
>(op
)) {
36 return new LLVMDisassembler
<ELFType
<support::big
, 2, true>>(filename
, manager
, object
);
43 * TODO: fallback code falls die Datei kein ELF/PE/COFF/MacO/.. binary
44 * ist sondern z.B. einfach nur Instruktionen oder ein Bootsektor oder
47 template <typename ELFT
>
48 LLVMDisassembler
<ELFT
>::LLVMDisassembler(const std::string
& filename
,
49 InformationManager
* manager
,
50 ELFObjectFile
<ELFT
>* file
)
52 , logger(log4cxx::Logger::getLogger("LLVMDisassembler"))
53 , triple("unknown-unknown-unknown")
56 LOG4CXX_DEBUG(logger
, "Handling file" << filename
);
59 auto result
= createBinary(filename
);
62 if ((ec
= result
.getError())) {
63 LOG4CXX_ERROR(logger
, "Failed to load Binary" << ec
.message());
68 binary
.reset(result
.get());
70 o
= dyn_cast
<ELFObjectFile
<ELFT
>>(binary
.get());
76 triple
.setArch(Triple::ArchType(o
->getArch()));
77 std::string
tripleName(triple
.getTriple());
79 LOG4CXX_INFO(logger
, "Architecture " << tripleName
);
83 target
= TargetRegistry::lookupTarget("", triple
, es
);
85 LOG4CXX_ERROR(logger
, es
);
89 LOG4CXX_INFO(logger
, "Target " << target
->getName());
91 MRI
.reset(target
->createMCRegInfo(tripleName
));
93 LOG4CXX_ERROR(logger
, "no register info for target " << tripleName
);
97 // Set up disassembler.
98 AsmInfo
.reset(target
->createMCAsmInfo(*MRI
, tripleName
));
100 LOG4CXX_ERROR(logger
, "no assembly info for target " << tripleName
);
104 STI
.reset(target
->createMCSubtargetInfo(tripleName
, "", ""));
106 LOG4CXX_ERROR(logger
, "no subtarget info for target " << tripleName
);
110 MII
.reset(target
->createMCInstrInfo());
112 LOG4CXX_ERROR(logger
, "no instruction info for target " << tripleName
);
116 MOFI
.reset(new MCObjectFileInfo
);
117 MCContext
Ctx(AsmInfo
.get(), MRI
.get(), MOFI
.get());
119 DisAsm
.reset(target
->createMCDisassembler(*STI
, Ctx
));
121 LOG4CXX_ERROR(logger
, "no disassembler for target " << tripleName
);
125 target
->createMCRelocationInfo(tripleName
, Ctx
));
128 MCObjectSymbolizer::createObjectSymbolizer(Ctx
, std::move(RelInfo
), o
));
130 DisAsm
->setSymbolizer(std::move(Symzer
));
135 MIA
.reset(target
->createMCInstrAnalysis(MII
.get()));
137 LOG4CXX_ERROR(logger
, "no instruction analysis for target " << tripleName
);
141 int AsmPrinterVariant
= AsmInfo
->getAssemblerDialect();
142 IP
.reset(target
->createMCInstPrinter(AsmPrinterVariant
, *AsmInfo
, *MII
, *MRI
, *STI
));
144 LOG4CXX_ERROR(logger
, "no instruction printer for target " << tripleName
);
148 IP
->setPrintImmHex(llvm::HexStyle::C
);
149 IP
->setPrintImmHex(true);
151 std::unique_ptr
<MCObjectDisassembler
> OD(
152 new MCObjectDisassembler(*o
, *DisAsm
, *MIA
));
153 Mod
.reset(OD
->buildModule(false));
158 template <typename ELFT
>
159 void LLVMDisassembler
<ELFT
>::start() {
162 readDynamicSymbols();
165 template <typename ELFT
>
166 LLVMDisassembler
<ELFT
>::~LLVMDisassembler() {}
168 template <typename ELFT
>
169 Function
* LLVMDisassembler
<ELFT
>::disassembleFunctionAt(uint64_t address
, const std::string
& name
) {
171 SectionRef text_section
= sections
[".text"];
172 uint64_t base_address
, size
;
173 text_section
.getAddress(base_address
);
174 text_section
.getSize(size
);
176 if (address
< base_address
||
177 address
>= base_address
+ size
) {
181 if (NULL
== (function
= manager
->getFunction(address
))) {
185 s
<< "<Unnamed 0x" << std::hex
<< address
<< ">";
186 function
= manager
->newFunction(address
);
187 function
->setName(s
.str());
189 function
= manager
->newFunction(address
);
190 function
->setName(name
);
192 disassembleFunction(function
);
193 manager
->finishFunction(function
);
199 template <typename ELFT
>
200 void LLVMDisassembler
<ELFT
>::disassembleFunction(Function
* function
) {
201 std::stack
<BasicBlock
*> remaining_blocks
;
203 * Do all blocks get added properly? We should take care to remove
204 * the other ones at the end of the function!
206 std::map
<uint64_t, BasicBlock
*> new_blocks
;
207 SectionRef text_section
= sections
[".text"];
209 text_section
.getContents(bytes
);
210 StringRefMemoryObject
ref(bytes
);
212 LOG4CXX_DEBUG(logger
, "Handling function " << function
->getName());
214 BasicBlock
* block
= manager
->newBasicBlock(function
->getStartAddress());
215 remaining_blocks
.push(block
);
216 new_blocks
.insert(std::make_pair(block
->getStartAddress(), block
));
217 function
->addBasicBlock(block
);
219 while (remaining_blocks
.size()) {
220 BasicBlock
* current_block
= remaining_blocks
.top();
221 remaining_blocks
.pop();
223 LOG4CXX_DEBUG(logger
, "Handling Block starting at " << std::hex
224 << current_block
->getStartAddress());
227 uint64_t base_address
;
228 text_section
.getAddress(base_address
);
229 uint64_t current_address
= current_block
->getStartAddress() - base_address
;
233 llvm::raw_string_ostream
s(buf
);
235 if(llvm::MCDisassembler::Success
==
236 DisAsm
->getInstruction(inst
, inst_size
, ref
, current_address
, nulls(), nulls())) {
239 if (MIA
->evaluateBranch(inst
, current_address
, inst_size
, jmptarget
)) {
240 jmptarget
+= base_address
;
241 if (!MIA
->isIndirectBranch(inst
)) {
242 if (MIA
->isCall(inst
)) {
243 if (NULL
== manager
->getFunction(jmptarget
))
244 disassembleFunctionAt(jmptarget
);
246 current_block
->setNextBlock(0, jmptarget
);
247 if (new_blocks
.find(jmptarget
) == new_blocks
.end()) {
248 BasicBlock
* block
= manager
->newBasicBlock(jmptarget
);
250 new_blocks
.insert(std::make_pair(block
->getStartAddress(), block
));
251 function
->addBasicBlock(block
);
252 remaining_blocks
.push(block
);
254 LOG4CXX_DEBUG(logger
, "Reusing Block starting at " << std::hex
255 << current_block
->getStartAddress());
256 function
->addBasicBlock(new_blocks
.find(jmptarget
)->second
);
258 if (MIA
->isConditionalBranch(inst
)) {
259 jmptarget
= base_address
+ current_address
+ inst_size
;
260 current_block
->setNextBlock(1, jmptarget
);
261 if (new_blocks
.find(jmptarget
) == new_blocks
.end()) {
262 BasicBlock
* block
= manager
->newBasicBlock(jmptarget
);
264 new_blocks
.insert(std::make_pair(block
->getStartAddress(), block
));
265 function
->addBasicBlock(block
);
266 remaining_blocks
.push(block
);
268 LOG4CXX_DEBUG(logger
, "Reusing Block starting at " << std::hex
269 << current_block
->getStartAddress());
270 function
->addBasicBlock(new_blocks
.find(jmptarget
)->second
);
281 if (inst_size
== 0 || MIA
->isTerminator(inst
) || MIA
->isBranch(inst
)) {
282 current_block
->setEndAddress(current_address
+ base_address
+ inst_size
);
283 LOG4CXX_DEBUG(logger
, "Finished Block at " << std::hex
<<
284 current_block
->getEndAddress());
287 current_address
+= inst_size
;
290 splitBlocks(function
);
291 LOG4CXX_DEBUG(logger
, "Finished function " << function
->getName());
292 manager
->signal_new_function(function
);
295 template <typename ELFT
>
296 void LLVMDisassembler
<ELFT
>::disassemble() {
297 SectionRef text_section
= sections
[".text"];
298 std::vector
<Function
*> remaining_functions
;
300 // Assume all function symbols actually start a real function
301 for (auto x
= symbols
.begin(); x
!= symbols
.end(); ++x
) {
304 SymbolRef::Type symbol_type
;
307 if (text_section
.containsSymbol(x
->second
, contains
) || !contains
)
310 if (x
->second
.getType(symbol_type
)
311 || SymbolRef::ST_Function
!= symbol_type
)
314 if (!x
->second
.getAddress(result
)) {
315 Function
* fun
= manager
->newFunction(result
);
316 fun
->setName(x
->first
);
317 remaining_functions
.push_back(fun
);
318 LOG4CXX_DEBUG(logger
, "Disasembling " << x
->first
);
322 for (Function
* function
: remaining_functions
) {
323 disassembleFunction(function
);
324 manager
->finishFunction(function
);
327 if (binary
->isELF()) {
328 const ELFO
* elffile
= o
->getELFFile();
329 const typename
ELFO::Elf_Ehdr
* header
= elffile
->getHeader();
331 _entryAddress
= header
->e_entry
;
332 LOG4CXX_DEBUG(logger
, "Adding entryAddress at: " << std::hex
<< _entryAddress
);
334 s
<< "<_start 0x" << std::hex
<< _entryAddress
<< ">";
336 disassembleFunctionAt(_entryAddress
, s
.str());
339 if (!manager
->hasFunctions()) {
341 text_section
.getAddress(text_entry
);
342 LOG4CXX_INFO(logger
, "No Symbols found, starting at the beginning of the text segment");
343 disassembleFunctionAt(text_entry
);
347 template <typename ELFT
>
348 void LLVMDisassembler
<ELFT
>::splitBlocks(Function
* function
) {
349 SectionRef text_section
= sections
[".text"];
351 text_section
.getContents(bytes
);
352 StringRefMemoryObject
ref(bytes
);
354 // Split blocks where jumps are going inside the block
355 for (auto it
= function
->blocks().begin();
356 it
!= function
->blocks().end();
358 BasicBlock
* current_block
= it
->second
;
360 uint64_t base_address
;
361 text_section
.getAddress(base_address
);
362 uint64_t current_address
= current_block
->getStartAddress() - base_address
;
363 while(current_block
->getEndAddress() - base_address
> current_address
) {
366 llvm::raw_string_ostream
s(buf
);
368 if(llvm::MCDisassembler::Success
==
369 DisAsm
->getInstruction(inst
, inst_size
, ref
, current_address
, nulls(), nulls())) {
370 // See if some other block starts here
371 BasicBlock
* other
= manager
->getBasicBlock(current_address
375 // Special case, other block starts here but we are at the end anyway
377 uint64_t endaddress
= current_address
+ inst_size
+ base_address
;
378 if (endaddress
!= current_block
->getEndAddress()) {
379 LOG4CXX_DEBUG(logger
, "Shortening block starting at "
381 << current_block
->getStartAddress()
383 << other
->getStartAddress());
384 function
->addBasicBlock(other
);
385 current_block
->setEndAddress(endaddress
);
386 current_block
->setNextBlock(0, other
->getStartAddress());
387 current_block
->setNextBlock(1, 0);
393 current_address
+= inst_size
;
398 template <typename ELFT
>
399 void LLVMDisassembler
<ELFT
>::readDynamicSymbols() {
400 const ELFO
* elffile
= o
->getELFFile();
401 for (typename
ELFO::Elf_Sym_Iter
402 it
= elffile
->begin_dynamic_symbols(),
403 end
= elffile
->end_dynamic_symbols();
406 if (it
->getType() == 2) { // Function
408 // TODO: Error handling
409 std::string symbolname
= *(elffile
->getSymbolName(it
));
410 std::string symbolversion
= *(elffile
->getSymbolVersion(nullptr, &*it
, is_default
));
411 manager
->signal_new_dyn_symbol(symbolname
+ (is_default
? "@@" : "@") + symbolversion
);
412 LOG4CXX_DEBUG(logger
, "Adding dynamic Symbol " << symbolname
<< (is_default
? "@@" : "@") << symbolversion
);
417 template <typename ELFT
>
418 void LLVMDisassembler
<ELFT
>::readSymbols() {
420 symbol_iterator
si(o
->symbol_begin()), se(o
->symbol_end());
421 for (; si
!= se
; ++si
) {
423 if ((ec
= si
->getName(name
))) {
424 LOG4CXX_ERROR(logger
, ec
.message());
427 LOG4CXX_DEBUG(logger
, "Added symbol " << name
.str());
428 symbols
.insert(make_pair(name
.str(), *si
));
432 template <typename ELFT
>
433 void LLVMDisassembler
<ELFT
>::readSections() {
435 section_iterator
i(o
->section_begin()), e(o
->section_end());
436 for (; i
!= e
; ++i
) {
438 if ((ec
= i
->getName(name
))) {
439 LOG4CXX_ERROR(logger
, ec
.message());
442 LOG4CXX_DEBUG(logger
, "Added section " << name
.str());
443 sections
.insert(make_pair(name
.str(), *i
));
448 // template <typename ELFT>
449 // void LLVMDisassembler<ELFT>::forEachFunction(std::function<void (uint64_t, Function*)> callback) {
450 // // std::for_each(functions.begin(), functions.end(),
451 // // [&](std::pair<uint64_t, Function*> x) {
452 // // callback(x.first, x.second);
456 template <typename ELFT
>
457 void LLVMDisassembler
<ELFT
>::printEachInstruction(uint64_t start
, uint64_t end
,
458 std::function
<void (uint8_t*, size_t,
460 const std::string
&)> fun
) {
461 SectionRef text_section
= sections
[".text"];
462 uint64_t base_address
;
463 text_section
.getAddress(base_address
);
464 uint64_t current_address
= start
- base_address
;
467 text_section
.getContents(bytes
);
468 StringRefMemoryObject
ref(bytes
);
470 while (current_address
< end
- base_address
) {
474 llvm::raw_string_ostream
s(buf
);
476 if(llvm::MCDisassembler::Success
==
477 DisAsm
->getInstruction(inst
, inst_size
, ref
, current_address
, nulls(), nulls())) {
479 uint8_t bytes
[inst_size
+2];
480 ref
.readBytes(current_address
, inst_size
, bytes
);
484 IP
->printInst(&inst
, s
, "");
485 if (MIA
->evaluateBranch(inst
, current_address
, inst_size
, jmptarget
)) {
486 std::stringstream stream
;
487 if (MIA
->isCall(inst
))
488 stream
<< "function:";
492 stream
<< std::hex
<< (base_address
+ jmptarget
);
497 fun(bytes
, inst_size
, s
.str(), ref
);
499 LOG4CXX_WARN(logger
, "Invalid byte at" << std::hex
<< current_address
+ base_address
);
500 fun(NULL
, 0, "Invalid Byte", "");
504 current_address
+= inst_size
;
projects / frida / frida.git / blob