def __init__(self, data): PEcore.__init__(self, data) self.func_formatter( _Name=lambda k, x, cls: highlight([(Token.Name, self.Name)])) self.func_formatter(StorageClass=lambda k, x, cls: highlight([( Token.Name, self.classname())])) self.AuxSymbols = [] data = data[len(self):] if self.Type >> 8 == 0x20 and self.StorageClass == 2 and self.SectionNumber > IMAGE_SYM_UNDEF: auxclass = AuxFunctionDefinition elif self.StorageClass == 101 and (self.Name == '.bf' or self.Name == '.ef'): auxclass = Aux_bf_ef elif self.StorageClass == 2 and self.SectionNumber == IMAGE_SYM_UNDEF and Self.Value == 0: auxclass = AuxWeakExternal elif self.StorageClass == 103: assert self.Name == '.file' auxclass = AuxFile elif self.StorageClass == 3: auxclass = AuxSectionDefinition else: auxclass = AuxSymbolRecord for x in range(self.NumberOfAuxSymbols): self.AuxSymbols.append(auxclass(data)) data = data[len(self):]
def __init__(self, data=None, offset=0): self.func_formatter( _Name=lambda k, x, cls: highlight([(Token.Name, self.Name)])) self.func_formatter(StorageClass=lambda k, x, cls: highlight([( Token.Name, self.classname())])) self.AuxSymbols = [] if data: self.unpack(data, offset) offset += len(self) if (self.Type >> 8 == 0x20 and self.StorageClass == 2 and self.SectionNumber > IMAGE_SYM_UNDEF): auxclass = AuxFunctionDefinition elif self.StorageClass == 101 and (self.Name == ".bf" or self.Name == ".ef"): auxclass = Aux_bf_ef elif (self.StorageClass == 2 and self.SectionNumber == IMAGE_SYM_UNDEF and Self.Value == 0): auxclass = AuxWeakExternal elif self.StorageClass == 103: assert self.Name == ".file" auxclass = AuxFile elif self.StorageClass == 3: auxclass = AuxSectionDefinition else: auxclass = AuxSymbolRecord for x in range(self.NumberOfAuxSymbols): s = auxclass(data, offset) self.AuxSymbols.append(s) offset += len(s)
def token_name_fmt(k, x, cls=None): pfx = "%s." % cls if cls != None else "" ks = k try: return highlight([(Token.Name, Consts.All[ks][x])]) except KeyError: return token_constant_fmt(k, x)
def token_datetime_fmt(k, x, cls=None): """The date formatter prints value 'x' of attribute 'k' as a date token UTC datetime string from timestamp value """ from datetime import datetime return highlight([(Token.Date, str(datetime.utcfromtimestamp(x)))])
def token_flag_fmt(k, x, cls): s = [] pfx = "%s." % cls if cls != None else "" ks = k for v, name in Consts.All[ks].items(): if (x & v): s.append(highlight([(Token.Name, name)])) return ','.join(s) if len(s) > 0 else token_mask_fmt(k, x)
def token_default_fmt(k, x, cls=None, fmt=None): """The default formatter just prints value 'x' of attribute 'k' as a literal token python string """ try: s = x.pp__() except AttributeError: s = str(x) return highlight([(Token.Literal, s)],fmt)
def token_constant_fmt(k, x, cls=None, fmt=None): """The constant formatter prints value 'x' of attribute 'k' as a constant token decimal value """ try: s = x.pp__() except AttributeError: s = str(x) return highlight([(Token.Constant, s)],fmt)
def MSP430_synthetic(null, i, toks=False): s = MSP430_full(i, True) if i.mnemonic == 'ADDC' and i.operands[0] == 0: s[0] = mn('adc')[0] del s[1:3] elif i.mnemonic == 'DADD' and i.operands[0] == 0: s[0] = mn('dadc')[0] del s[1:3] elif i.mnemonic == 'CMP' and i.operands[0] == 0: s[0] = mn('tst')[0] del s[1:3] elif i.mnemonic == 'MOV': if i.operands[1] is pc: s[0] = mn('br')[0] del s[2:4] elif i.operands[0] == 0: s[0] = mn('clr')[0] del s[1:3] elif i.misc['autoinc'] is sp: if i.operands[1] is pc: s = mn('ret') else: s[0] = mn('pop')[0] del s[1:3] elif i.mnemonic == 'BIC': if i.operands[1] is sr: m = None if i.operands[0] == 1: m = 'clrc' elif i.operands[0] == 4: m = 'clrn' elif i.operands[0] == 2: m = 'clrz' elif i.operands[0] == 8: m = 'dint' if m: s = mn(m) elif i.mnemonic == 'BIS': if i.operands[1] is sr: m = None if i.operands[0] == 1: m = 'setc' elif i.operands[0] == 4: m = 'setn' elif i.operands[0] == 2: m = 'setz' elif i.operands[0] == 8: m = 'eint' if m: s = mn(m) elif i.mnemonic == 'SUB' and i.operands[0] == 1: s[0] = mn('dec')[0] del s[1:3] elif i.mnemonic == 'SUB' and i.operands[0] == 2: s[0] = mn('decd')[0] del s[1:3] elif i.mnemonic == 'ADD' and i.operands[0] == 1: s[0] = mn('inc')[0] del s[1:3] elif i.mnemonic == 'ADD' and i.operands[0] == 2: s[0] = mn('incd')[0] del s[1:3] elif i.mnemonic == 'XOR' and i.operands[0].signextend(16).value == -1: s[0] = mn('inv')[0] del s[1:-1] if toks: return s return highlight(s)
def formatter(i, toks=False): """default formatter if no formatter has been set, will return the highlighted list from tokens for raw mnemonic, and comma-separated operands expressions. """ t = [(Token.Mnemonic, i.mnemonic)] t += [(Token.Literal, op) for op in map(str, i.operands[0:1])] t += [(Token.Literal, ", " + op) for op in map(str, i.operands[1:])] return t if toks else highlight(t)
def __call__(self,i,toks=False): s=[] for f in self.getparts(i): if hasattr(f,'format'): t = f.format(i=i) else: t = f(i) if isinstance(t,str): t = [(Token.Literal,t)] s.extend(t) return s if toks else highlight(s)
def token_name_fmt(k, x, cls=None): """The name formatter prints value 'x' of attribute 'k' as a name token variable symbol matching the value """ pfx = "%s." % cls if cls != None else "" if pfx + k in Consts.All: k = pfx + k ks = k try: return highlight([(Token.Name, Consts.All[ks][x])]) except KeyError: return token_constant_fmt(k, x)
def token_flag_fmt(k, x, cls): """The flag formatter prints value 'x' of attribute 'k' as a name token variable series of symbols matching the flag value """ s = [] pfx = "%s." % cls if cls != None else "" if pfx + k in Consts.All: k = pfx + k ks = k for v, name in Consts.All[ks].items(): if x & v: s.append(highlight([(Token.Name, name)])) return ",".join(s) if len(s) > 0 else token_mask_fmt(k, x)
def token_address_fmt(k, x): return highlight([(Token.Address, hex(x))])
def token_default_fmt(k, x): if 'addr' in k: return token_address_fmt(k, x) if 'flags' in k: return token_flag_fmt(k, x) return highlight([(Token.Literal, str(x))])
def token_flag_fmt(k, x): s = [] for v, name in ELF_CONSTS[k].items(): if (x & v): s.append(highlight([(Token.Name, name)])) return ','.join(s)
def token_datetime_fmt(k, x, cls=None): from datetime import datetime return highlight([(Token.Date, str(datetime.utcfromtimestamp(x)))])
def token_mask_fmt(k, x, cls=None): return highlight([(Token.Constant, hex(x))])
def token_default_fmt(k, x, cls=None): return highlight([(Token.Literal, str(x))])
def token_constant_fmt(k, x, cls=None): """The constant formatter prints value 'x' of attribute 'k' as a constant token decimal value """ return highlight([(Token.Constant, str(x))])
def token_mask_fmt(k, x, cls=None): """The mask formatter prints value 'x' of attribute 'k' as a constant token hexadecimal value """ return highlight([(Token.Constant, hex(x))])
def pp(self,**kargs): return highlight(self.toks(**kargs))
def token_constant_fmt(k, x): return highlight([(Token.Constant, str(x))])
def token_name_fmt(k, x): try: return highlight([(Token.Name, ELF_CONSTS[k][x])]) except KeyError: return token_constant_fmt(k, x)
def __init__(self, srv): cmd.Cmd.__init__(self, completekey=conf.UI.completekey) self.srv = srv prompt = [(Token.Mnemonic, "amoco"), (Token.Literal, "> ")] self.prompt = highlight(prompt)
def SPARC_Synthetic_renaming(s, i, toks=False): if i.mnemonic == "sethi" and i.operands[0] == cst( 0, 22) and i.operands[1] == g0: return "nop" if (i.mnemonic == "or" and not i.misc["icc"] and i.operands[0] == i.operands[1] == g0): replace_mnemonic_token(s, "clr") replace_opn_token(s, 1, None) replace_opn_token(s, 0, None) elif i.mnemonic == "or" and not i.misc["icc"] and i.operands[0] == g0: replace_mnemonic_token(s, "mov") replace_opn_token(s, 0, None) elif i.mnemonic == "or" and not i.misc["icc"] and i.operands[ 0] == i.operands[2]: replace_mnemonic_token(s, "bset") replace_opn_token(s, 0, None) elif i.mnemonic == "rd": op1 = str(i.operands[0]) if op1.startswith("asr") or op1 in ("y", "psr", "wim", "tbr"): replace_mnemonic_token(s, "mov") elif i.mnemonic == "wr" and i.operands[0] == g0: replace_mnemonic_token(s, "mov") replace_opn_token(s, 0, None) elif i.mnemonic == "sub" and i.misc["icc"] and i.operands[2] == g0: replace_mnemonic_token(s, "cmp") replace_opn_token(s, 2, None) elif i.mnemonic == "jmpl" and i.operands[1] == g0: if i.operands[0] == (i7 + cst(8)): s = [(Token.Mnemonic, "ret")] elif i.operands[0] == (o7 + cst(8)): s = [(Token.Mnemonic, "retl")] else: replace_mnemonic_token(s, "jmp") replace_opn_token(s, 1, None) elif i.mnemonic == "jmpl" and i.operands[1] == o7: replace_mnemonic_token(s, "call") replace_opn_token(s, 1, None) elif (i.mnemonic == "or" and i.misc["icc"] and i.operands[1]._is_reg and i.operands[0] == i.operands[2] == g0): replace_mnemonic_token(s, "tst") replace_opn_token(s, 2, None) replace_opn_token(s, 0, None) elif (i.mnemonic == "restore" and i.operands[0] == i.operands[1] == i.operands[2] == g0): s = [(Token.Mnemonic, "restore")] if i.mnemonic == "save" and i.operands[0] == i.operands[1] == i.operands[ 2] == g0: s = [(Token.Mnemonic, "save")] if i.mnemonic == "xnor" and i.operands[1] == g0: replace_mnemonic_token(s, "not") replace_opn_token(s, 1, None) if i.operands[0] == i.operands[2]: replace_opn_token(s, 2, None) elif i.mnemonic == "sub" and i.operands[0] == g0 and i.operands[1]._is_reg: replace_mnemonic_token(s, "neg") replace_opn_token(s, 0, None) if i.operands[1] == i.operands[2]: replace_opn_token(s, 2, None) elif i.mnemonic == "add" and i.operands[0] == i.operands[2] and i.operands[ 1]._is_cst: m = "inccc" if i.misc["icc"] else "inc" replace_mnemonic_token(s, m) if i.operands[1] == 1: replace_opn_token(s, 2, None) replace_opn_token(s, 1, None) else: replace_opn_token(s, 0, None) elif i.mnemonic == "sub" and i.operands[0] == i.operands[2] and i.operands[ 1]._is_cst: m = "deccc" if i.misc["icc"] else "dec" replace_mnemonic_token(s, m) if i.operands[1] == 1: replace_opn_token(s, 2, None) replace_opn_token(s, 1, None) else: replace_opn_token(s, 0, None) elif i.mnemonic == "and" and i.misc["icc"] and i.operands[2] == g0: replace_mnemonic_token(s, "btst") replace_opn_token(s, 2, None) s[1], s[3] = s[3], s[1] elif i.mnemonic == "andn" and not i.misc["icc"] and i.operands[ 0] == i.operands[2]: replace_mnemonic_token(s, "bclr") replace_opn_token(s, 0, None) elif i.mnemonic == "xor" and not i.misc["icc"] and i.operands[ 0] == i.operands[2]: replace_mnemonic_token(s, "btog") replace_opn_token(s, 0, None) elif i.mnemonic == "stb" and i.operands[0] == g0: replace_mnemonic_token(s, "clrb") replace_opn_token(s, 0, None) elif i.mnemonic == "sth" and i.operands[0] == g0: replace_mnemonic_token(s, "clrh") replace_opn_token(s, 0, None) elif i.mnemonic == "st" and i.operands[0] == g0: replace_mnemonic_token(s, "clr") replace_opn_token(s, 0, None) return s if toks else highlight(s)
def token_address_fmt(k, x, cls=None): """The address formatter prints value 'x' of attribute 'k' as a address token hexadecimal value """ return highlight([(Token.Address, hex(x))])
def formatter(i,toks=False): t = (Token.Mnemonic,i.mnemonic) t+= [(Token.Literal,op) for op in map(str,i.operands[0:1])] t+= [(Token.Literal,', '+op) for op in map(str,i.operands[1:])] return t if toks else highlight(t)
def token_address_fmt(k, x, cls=None): return highlight([(Token.Address, "0x%04x" % x)])
def token_flag_fmt(k, x, cls): s = [] for v, name in PE_CONSTS["%s%s" % (cls, k)].items(): if (x & v): s.append(highlight([(Token.Name, name)])) return ','.join(s)
def token_default_fmt(k, x, cls=None): """The default formatter just prints value 'x' of attribute 'k' as a literal token python string """ return highlight([(Token.Literal, str(x))])