From 79db6d538c5d4999fb4b6226068bd042e4b03f59 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Mon, 4 Apr 2022 00:55:43 -0700
Subject: [PATCH] just now starting to create symbols... need to add
 transformations like vmp does, except each reloc will decrypt the ptr...
 polymorphic stuff..

---
 CMakeLists.txt                |  1 +
 cmake.toml                    |  2 +-
 dependencies/CMakeLists.txt   | 22 +++++++++++++++++++
 dependencies/cmake.toml       | 11 +++++++++-
 include/decomp/routine.hpp    | 18 +++++++++++-----
 include/theo.hpp              | 14 ++++++++----
 src/tests/demo/CMakeLists.txt | 26 +++++++++++------------
 src/theo/decomp/decomp.cpp    | 18 +++++++++++++++-
 src/theo/decomp/routine.cpp   | 40 +++++++++++++++++++++++++++++++++++
 src/theo/theo.cpp             |  6 +++++-
 10 files changed, 132 insertions(+), 26 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6c470c8..cb22317 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -97,6 +97,7 @@ target_include_directories(Theodosius PUBLIC
 target_link_libraries(Theodosius PUBLIC
 	linux-pe
 	spdlog
+	xed
 )
 
 unset(CMKR_TARGET)
diff --git a/cmake.toml b/cmake.toml
index 2de60c6..7759c1b 100644
--- a/cmake.toml
+++ b/cmake.toml
@@ -11,4 +11,4 @@ sources = ["include/**.hpp", "src/theo/**.cpp"]
 include-directories = ["include"]
 compile-features = ["cxx_std_20"]
 compile-definitions = ["NOMINMAX"]
-link-libraries = ["linux-pe", "spdlog"]
\ No newline at end of file
+link-libraries = ["linux-pe", "spdlog", "xed"]
\ No newline at end of file
diff --git a/dependencies/CMakeLists.txt b/dependencies/CMakeLists.txt
index 8ecc545..b105b2b 100644
--- a/dependencies/CMakeLists.txt
+++ b/dependencies/CMakeLists.txt
@@ -34,3 +34,25 @@ target_include_directories(linux-pe INTERFACE
 unset(CMKR_TARGET)
 unset(CMKR_SOURCES)
 
+# Target xed
+set(CMKR_TARGET xed)
+set(xed_SOURCES "")
+
+set(CMKR_SOURCES ${xed_SOURCES})
+add_library(xed INTERFACE)
+
+if(xed_SOURCES)
+	target_sources(xed INTERFACE ${xed_SOURCES})
+endif()
+
+target_include_directories(xed INTERFACE
+	"xed/obj/wkit/include/xed"
+)
+
+target_link_libraries(xed INTERFACE xed.lib)
+target_link_libraries(xed INTERFACE xed-ild.lib)
+target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
+
+unset(CMKR_TARGET)
+unset(CMKR_SOURCES)
+
diff --git a/dependencies/cmake.toml b/dependencies/cmake.toml
index 5085f79..203835a 100644
--- a/dependencies/cmake.toml
+++ b/dependencies/cmake.toml
@@ -2,4 +2,13 @@
 type = "interface"
 include-directories = ["linux-pe/includes/"]
 
-[subdir.spdlog]
\ No newline at end of file
+[subdir.spdlog]
+
+[target.xed]
+type = "interface"
+include-directories = ["xed/obj/wkit/include/xed"]
+cmake-after = """
+target_link_libraries(xed INTERFACE xed.lib)
+target_link_libraries(xed INTERFACE xed-ild.lib)
+target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
+"""
\ No newline at end of file
diff --git a/include/decomp/routine.hpp b/include/decomp/routine.hpp
index 95f1341..6a795fc 100644
--- a/include/decomp/routine.hpp
+++ b/include/decomp/routine.hpp
@@ -3,19 +3,27 @@
 #include <string>
 #include <vector>
 
-#include "symbol.hpp"
+#include <spdlog/spdlog.h>
+#include <decomp/symbol.hpp>
+
+#define XED_ENCODER
+extern "C" {
+#include <xed-decode.h>
+#include <xed-interface.h>
+}
 
 namespace theo::decomp {
 class routine_t {
  public:
-  explicit routine_t(coff::section_header_t scn_hdr,
-                   std::vector<std::uint8_t>& rtn_data);
+  explicit routine_t(coff::section_header_t* scn,
+                     std::vector<std::uint8_t>& fn);
 
   std::vector<decomp::symbol_t> decompose();
-  coff::section_header_t scn_hdr();
+  coff::section_header_t* scn();
   std::vector<std::uint8_t> data();
+
  private:
   std::vector<std::uint8_t> m_data;
-  coff::section_header_t m_scn_hdr;
+  coff::section_header_t* m_scn;
 };
 }  // namespace theo::decomp
\ No newline at end of file
diff --git a/include/theo.hpp b/include/theo.hpp
index 1eea6e2..b673ed2 100644
--- a/include/theo.hpp
+++ b/include/theo.hpp
@@ -1,11 +1,17 @@
 #pragma once
+#include <spdlog/spdlog.h>
 #include <comp/comp.hpp>
 #include <decomp/decomp.hpp>
-#include <spdlog/spdlog.h>
 
 #include <optional>
-#include <vector>
 #include <tuple>
+#include <vector>
+
+#define XED_ENCODER
+extern "C" {
+#include <xed-decode.h>
+#include <xed-interface.h>
+}
 
 namespace theo {
 using lnk_fns_t =
@@ -13,12 +19,12 @@ using lnk_fns_t =
 
 class theo_t {
  public:
-  explicit theo_t(
-      std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);
+  explicit theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);
 
   std::optional<std::uint32_t> decompose();
   std::uintptr_t compose(const std::string&& entry_sym);
   std::uintptr_t resolve(const std::string&& sym);
+
  private:
   decomp::decomp_t m_dcmp;
   comp::comp_t m_cmp;
diff --git a/src/tests/demo/CMakeLists.txt b/src/tests/demo/CMakeLists.txt
index 67e059b..aefe969 100644
--- a/src/tests/demo/CMakeLists.txt
+++ b/src/tests/demo/CMakeLists.txt
@@ -27,35 +27,35 @@ if(CMKR_ROOT_PROJECT)
 	configure_file(cmake.toml cmake.toml COPYONLY)
 endif()
 
-project(usermode-demo)
+project(demo)
 
-# Target usermode-demo
-set(CMKR_TARGET usermode-demo)
-set(usermode-demo_SOURCES "")
+# Target demo
+set(CMKR_TARGET demo)
+set(demo_SOURCES "")
 
-list(APPEND usermode-demo_SOURCES
+list(APPEND demo_SOURCES
 	main.cpp
 )
 
-list(APPEND usermode-demo_SOURCES
+list(APPEND demo_SOURCES
 	cmake.toml
 )
 
-set(CMKR_SOURCES ${usermode-demo_SOURCES})
-add_executable(usermode-demo)
+set(CMKR_SOURCES ${demo_SOURCES})
+add_executable(demo)
 
-if(usermode-demo_SOURCES)
-	target_sources(usermode-demo PRIVATE ${usermode-demo_SOURCES})
+if(demo_SOURCES)
+	target_sources(demo PRIVATE ${demo_SOURCES})
 endif()
 
 get_directory_property(CMKR_VS_STARTUP_PROJECT DIRECTORY ${PROJECT_SOURCE_DIR} DEFINITION VS_STARTUP_PROJECT)
 if(NOT CMKR_VS_STARTUP_PROJECT)
-	set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT usermode-demo)
+	set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT demo)
 endif()
 
-source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${usermode-demo_SOURCES})
+source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${demo_SOURCES})
 
-target_link_libraries(usermode-demo PRIVATE
+target_link_libraries(demo PRIVATE
 	Theodosius
 	spdlog
 )
diff --git a/src/theo/decomp/decomp.cpp b/src/theo/decomp/decomp.cpp
index ade5583..1c818d7 100644
--- a/src/theo/decomp/decomp.cpp
+++ b/src/theo/decomp/decomp.cpp
@@ -22,7 +22,23 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
     auto syms_cnt = img->file_header.num_symbols;
     for (auto idx = 0u; idx < syms_cnt; ++idx) {
       auto sym = img->get_symbol(idx);
-      spdlog::info("handling symbol {}", sym->name.to_string().data());
+
+      if (sym->has_section() &&
+          sym->derived_type == coff::derived_type_id::function) {
+        auto scn = img->get_section(sym->section_index - 1);
+        auto fn_size = scn->size_raw_data;
+        auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
+
+        spdlog::info("decomposing function: {} size: {}",
+                     sym->name.to_string(img->get_strings()), fn_size);
+
+        std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
+        decomp::routine_t rtn(scn, fn);
+
+        auto syms = rtn.decompose();
+        spdlog::info("decomposed routine into {} symbols...", syms.size());
+        m_syms->add_symbols(syms);
+      }
     }
   });
 
diff --git a/src/theo/decomp/routine.cpp b/src/theo/decomp/routine.cpp
index e69de29..d8ea3f8 100644
--- a/src/theo/decomp/routine.cpp
+++ b/src/theo/decomp/routine.cpp
@@ -0,0 +1,40 @@
+#include <decomp/routine.hpp>
+
+namespace theo::decomp {
+routine_t::routine_t(coff::section_header_t* scn, std::vector<std::uint8_t>& fn)
+    : m_scn(scn), m_data(fn) {}
+
+std::vector<decomp::symbol_t> routine_t::decompose() {
+  std::uint32_t offset = 0u;
+  xed_error_enum_t err;
+
+  xed_decoded_inst_t instr;
+  std::vector<xed_decoded_inst_t> instrs;
+  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+  xed_decoded_inst_zero_set_mode(&instr, &istate);
+
+  // keep looping over the section, lower the number of bytes each time...
+  //
+  while ((err = xed_decode(&instr, m_data.data() + offset,
+                           m_data.size() - offset)) == XED_ERROR_NONE) {
+    char buff[255];
+    offset += xed_decoded_inst_get_length(&instr);
+    xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, 0, 0, 0);
+    spdlog::info("{}", buff);
+    instrs.push_back(instr);
+
+    // need to set this so that instr can be used to decode again...
+    xed_decoded_inst_zero_set_mode(&instr, &istate);
+  }
+
+  return {};
+}
+
+coff::section_header_t* routine_t::scn() {
+  return m_scn;
+}
+
+std::vector<std::uint8_t> routine_t::data() {
+  return m_data;
+}
+}  // namespace theo::decomp
\ No newline at end of file
diff --git a/src/theo/theo.cpp b/src/theo/theo.cpp
index edd6d80..5fabf1e 100644
--- a/src/theo/theo.cpp
+++ b/src/theo/theo.cpp
@@ -2,7 +2,11 @@
 
 namespace theo {
 theo_t::theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns)
-    : m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {}
+    : m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {
+  if (static std::atomic_bool v = true; v.exchange(false)) {
+    xed_tables_init();
+  }
+}
 
 std::optional<std::uint32_t> theo_t::decompose() {
   auto res = m_dcmp.decompose();