just now starting to create symbols... need to add transformations like

vmp does, except each reloc will decrypt the ptr... polymorphic stuff..
3 months ago · 79db6d538c
10 changed files with 132 additions and 26 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -97,6 +97,7 @@ target_include_directories(Theodosius PUBLIC
 target_link_libraries(Theodosius PUBLIC
 	linux-pe
 	spdlog
+	xed
 )

 unset(CMKR_TARGET)
--- a/cmake.toml
+++ b/cmake.toml
@ -11,4 +11,4 @@ sources = ["include/**.hpp", "src/theo/**.cpp"]
 include-directories = ["include"]
 compile-features = ["cxx_std_20"]
 compile-definitions = ["NOMINMAX"]
-link-libraries = ["linux-pe", "spdlog"]
+link-libraries = ["linux-pe", "spdlog", "xed"]
--- a/dependencies/CMakeLists.txt
+++ b/dependencies/CMakeLists.txt
@ -34,3 +34,25 @@ target_include_directories(linux-pe INTERFACE
 unset(CMKR_TARGET)
 unset(CMKR_SOURCES)

+# Target xed
+set(CMKR_TARGET xed)
+set(xed_SOURCES "")
+
+set(CMKR_SOURCES ${xed_SOURCES})
+add_library(xed INTERFACE)
+
+if(xed_SOURCES)
+	target_sources(xed INTERFACE ${xed_SOURCES})
+endif()
+
+target_include_directories(xed INTERFACE
+	"xed/obj/wkit/include/xed"
+)
+
+target_link_libraries(xed INTERFACE xed.lib)
+target_link_libraries(xed INTERFACE xed-ild.lib)
+target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
+
+unset(CMKR_TARGET)
+unset(CMKR_SOURCES)
+
--- a/dependencies/cmake.toml
+++ b/dependencies/cmake.toml
@ -2,4 +2,13 @@
 type = "interface"
 include-directories = ["linux-pe/includes/"]

-[subdir.spdlog]
+[subdir.spdlog]
+
+[target.xed]
+type = "interface"
+include-directories = ["xed/obj/wkit/include/xed"]
+cmake-after = """
+target_link_libraries(xed INTERFACE xed.lib)
+target_link_libraries(xed INTERFACE xed-ild.lib)
+target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
+"""
--- a/include/decomp/routine.hpp
+++ b/include/decomp/routine.hpp
@ -3,19 +3,27 @@
 #include <string>
 #include <vector>

-#include "symbol.hpp"
+#include <spdlog/spdlog.h>
+#include <decomp/symbol.hpp>
+
+#define XED_ENCODER
+extern "C" {
+#include <xed-decode.h>
+#include <xed-interface.h>
+}

 namespace theo::decomp {
 class routine_t {
 public:
-  explicit routine_t(coff::section_header_t scn_hdr,
-                   std::vector<std::uint8_t>& rtn_data);
+  explicit routine_t(coff::section_header_t* scn,
+                     std::vector<std::uint8_t>& fn);

  std::vector<decomp::symbol_t> decompose();
-  coff::section_header_t scn_hdr();
+  coff::section_header_t* scn();
  std::vector<std::uint8_t> data();
+
 private:
  std::vector<std::uint8_t> m_data;
-  coff::section_header_t m_scn_hdr;
+  coff::section_header_t* m_scn;
 };
 }  // namespace theo::decomp
--- a/include/theo.hpp
+++ b/include/theo.hpp
@ -1,11 +1,17 @@
 #pragma once
+#include <spdlog/spdlog.h>
 #include <comp/comp.hpp>
 #include <decomp/decomp.hpp>
-#include <spdlog/spdlog.h>

 #include <optional>
-#include <vector>
 #include <tuple>
+#include <vector>
+
+#define XED_ENCODER
+extern "C" {
+#include <xed-decode.h>
+#include <xed-interface.h>
+}

 namespace theo {
 using lnk_fns_t =
@ -13,12 +19,12 @@ using lnk_fns_t =

 class theo_t {
 public:
-  explicit theo_t(
-      std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);
+  explicit theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);

  std::optional<std::uint32_t> decompose();
  std::uintptr_t compose(const std::string&& entry_sym);
  std::uintptr_t resolve(const std::string&& sym);
+
 private:
  decomp::decomp_t m_dcmp;
  comp::comp_t m_cmp;
--- a/src/tests/demo/CMakeLists.txt
+++ b/src/tests/demo/CMakeLists.txt
@ -27,35 +27,35 @@ if(CMKR_ROOT_PROJECT)
 	configure_file(cmake.toml cmake.toml COPYONLY)
 endif()

-project(usermode-demo)
+project(demo)

-# Target usermode-demo
-set(CMKR_TARGET usermode-demo)
-set(usermode-demo_SOURCES "")
+# Target demo
+set(CMKR_TARGET demo)
+set(demo_SOURCES "")

-list(APPEND usermode-demo_SOURCES
+list(APPEND demo_SOURCES
 	main.cpp
 )

-list(APPEND usermode-demo_SOURCES
+list(APPEND demo_SOURCES
 	cmake.toml
 )

-set(CMKR_SOURCES ${usermode-demo_SOURCES})
-add_executable(usermode-demo)
+set(CMKR_SOURCES ${demo_SOURCES})
+add_executable(demo)

-if(usermode-demo_SOURCES)
-	target_sources(usermode-demo PRIVATE ${usermode-demo_SOURCES})
+if(demo_SOURCES)
+	target_sources(demo PRIVATE ${demo_SOURCES})
 endif()

 get_directory_property(CMKR_VS_STARTUP_PROJECT DIRECTORY ${PROJECT_SOURCE_DIR} DEFINITION VS_STARTUP_PROJECT)
 if(NOT CMKR_VS_STARTUP_PROJECT)
-	set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT usermode-demo)
+	set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT demo)
 endif()

-source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${usermode-demo_SOURCES})
+source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${demo_SOURCES})

-target_link_libraries(usermode-demo PRIVATE
+target_link_libraries(demo PRIVATE
 	Theodosius
 	spdlog
 )
--- a/src/theo/decomp/decomp.cpp
+++ b/src/theo/decomp/decomp.cpp
@ -22,7 +22,23 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
    auto syms_cnt = img->file_header.num_symbols;
    for (auto idx = 0u; idx < syms_cnt; ++idx) {
      auto sym = img->get_symbol(idx);
-      spdlog::info("handling symbol {}", sym->name.to_string().data());
+
+      if (sym->has_section() &&
+          sym->derived_type == coff::derived_type_id::function) {
+        auto scn = img->get_section(sym->section_index - 1);
+        auto fn_size = scn->size_raw_data;
+        auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
+
+        spdlog::info("decomposing function: {} size: {}",
+                     sym->name.to_string(img->get_strings()), fn_size);
+
+        std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
+        decomp::routine_t rtn(scn, fn);
+
+        auto syms = rtn.decompose();
+        spdlog::info("decomposed routine into {} symbols...", syms.size());
+        m_syms->add_symbols(syms);
+      }
    }
  });

--- a/src/theo/decomp/routine.cpp
+++ b/src/theo/decomp/routine.cpp
@ -0,0 +1,40 @@
+#include <decomp/routine.hpp>
+
+namespace theo::decomp {
+routine_t::routine_t(coff::section_header_t* scn, std::vector<std::uint8_t>& fn)
+    : m_scn(scn), m_data(fn) {}
+
+std::vector<decomp::symbol_t> routine_t::decompose() {
+  std::uint32_t offset = 0u;
+  xed_error_enum_t err;
+
+  xed_decoded_inst_t instr;
+  std::vector<xed_decoded_inst_t> instrs;
+  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+  xed_decoded_inst_zero_set_mode(&instr, &istate);
+
+  // keep looping over the section, lower the number of bytes each time...
+  //
+  while ((err = xed_decode(&instr, m_data.data() + offset,
+                           m_data.size() - offset)) == XED_ERROR_NONE) {
+    char buff[255];
+    offset += xed_decoded_inst_get_length(&instr);
+    xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, 0, 0, 0);
+    spdlog::info("{}", buff);
+    instrs.push_back(instr);
+
+    // need to set this so that instr can be used to decode again...
+    xed_decoded_inst_zero_set_mode(&instr, &istate);
+  }
+
+  return {};
+}
+
+coff::section_header_t* routine_t::scn() {
+  return m_scn;
+}
+
+std::vector<std::uint8_t> routine_t::data() {
+  return m_data;
+}
+}  // namespace theo::decomp
--- a/src/theo/theo.cpp
+++ b/src/theo/theo.cpp
@ -2,7 +2,11 @@

 namespace theo {
 theo_t::theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns)
-    : m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {}
+    : m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {
+  if (static std::atomic_bool v = true; v.exchange(false)) {
+    xed_tables_init();
+  }
+}

 std::optional<std::uint32_t> theo_t::decompose() {
  auto res = m_dcmp.decompose();