just now starting to create symbols... need to add transformations like

vmp does, except each reloc will decrypt the ptr... polymorphic stuff..
3.0
_xeroxz 3 years ago
parent 22504906d4
commit 79db6d538c

@ -97,6 +97,7 @@ target_include_directories(Theodosius PUBLIC
target_link_libraries(Theodosius PUBLIC target_link_libraries(Theodosius PUBLIC
linux-pe linux-pe
spdlog spdlog
xed
) )
unset(CMKR_TARGET) unset(CMKR_TARGET)

@ -11,4 +11,4 @@ sources = ["include/**.hpp", "src/theo/**.cpp"]
include-directories = ["include"] include-directories = ["include"]
compile-features = ["cxx_std_20"] compile-features = ["cxx_std_20"]
compile-definitions = ["NOMINMAX"] compile-definitions = ["NOMINMAX"]
link-libraries = ["linux-pe", "spdlog"] link-libraries = ["linux-pe", "spdlog", "xed"]

@ -34,3 +34,25 @@ target_include_directories(linux-pe INTERFACE
unset(CMKR_TARGET) unset(CMKR_TARGET)
unset(CMKR_SOURCES) unset(CMKR_SOURCES)
# Target xed
set(CMKR_TARGET xed)
set(xed_SOURCES "")
set(CMKR_SOURCES ${xed_SOURCES})
add_library(xed INTERFACE)
if(xed_SOURCES)
target_sources(xed INTERFACE ${xed_SOURCES})
endif()
target_include_directories(xed INTERFACE
"xed/obj/wkit/include/xed"
)
target_link_libraries(xed INTERFACE xed.lib)
target_link_libraries(xed INTERFACE xed-ild.lib)
target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
unset(CMKR_TARGET)
unset(CMKR_SOURCES)

@ -3,3 +3,12 @@ type = "interface"
include-directories = ["linux-pe/includes/"] include-directories = ["linux-pe/includes/"]
[subdir.spdlog] [subdir.spdlog]
[target.xed]
type = "interface"
include-directories = ["xed/obj/wkit/include/xed"]
cmake-after = """
target_link_libraries(xed INTERFACE xed.lib)
target_link_libraries(xed INTERFACE xed-ild.lib)
target_link_directories(xed INTERFACE xed/obj/wkit/lib/)
"""

@ -3,19 +3,27 @@
#include <string> #include <string>
#include <vector> #include <vector>
#include "symbol.hpp" #include <spdlog/spdlog.h>
#include <decomp/symbol.hpp>
#define XED_ENCODER
extern "C" {
#include <xed-decode.h>
#include <xed-interface.h>
}
namespace theo::decomp { namespace theo::decomp {
class routine_t { class routine_t {
public: public:
explicit routine_t(coff::section_header_t scn_hdr, explicit routine_t(coff::section_header_t* scn,
std::vector<std::uint8_t>& rtn_data); std::vector<std::uint8_t>& fn);
std::vector<decomp::symbol_t> decompose(); std::vector<decomp::symbol_t> decompose();
coff::section_header_t scn_hdr(); coff::section_header_t* scn();
std::vector<std::uint8_t> data(); std::vector<std::uint8_t> data();
private: private:
std::vector<std::uint8_t> m_data; std::vector<std::uint8_t> m_data;
coff::section_header_t m_scn_hdr; coff::section_header_t* m_scn;
}; };
} // namespace theo::decomp } // namespace theo::decomp

@ -1,11 +1,17 @@
#pragma once #pragma once
#include <spdlog/spdlog.h>
#include <comp/comp.hpp> #include <comp/comp.hpp>
#include <decomp/decomp.hpp> #include <decomp/decomp.hpp>
#include <spdlog/spdlog.h>
#include <optional> #include <optional>
#include <vector>
#include <tuple> #include <tuple>
#include <vector>
#define XED_ENCODER
extern "C" {
#include <xed-decode.h>
#include <xed-interface.h>
}
namespace theo { namespace theo {
using lnk_fns_t = using lnk_fns_t =
@ -13,12 +19,12 @@ using lnk_fns_t =
class theo_t { class theo_t {
public: public:
explicit theo_t( explicit theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);
std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns);
std::optional<std::uint32_t> decompose(); std::optional<std::uint32_t> decompose();
std::uintptr_t compose(const std::string&& entry_sym); std::uintptr_t compose(const std::string&& entry_sym);
std::uintptr_t resolve(const std::string&& sym); std::uintptr_t resolve(const std::string&& sym);
private: private:
decomp::decomp_t m_dcmp; decomp::decomp_t m_dcmp;
comp::comp_t m_cmp; comp::comp_t m_cmp;

@ -27,35 +27,35 @@ if(CMKR_ROOT_PROJECT)
configure_file(cmake.toml cmake.toml COPYONLY) configure_file(cmake.toml cmake.toml COPYONLY)
endif() endif()
project(usermode-demo) project(demo)
# Target usermode-demo # Target demo
set(CMKR_TARGET usermode-demo) set(CMKR_TARGET demo)
set(usermode-demo_SOURCES "") set(demo_SOURCES "")
list(APPEND usermode-demo_SOURCES list(APPEND demo_SOURCES
main.cpp main.cpp
) )
list(APPEND usermode-demo_SOURCES list(APPEND demo_SOURCES
cmake.toml cmake.toml
) )
set(CMKR_SOURCES ${usermode-demo_SOURCES}) set(CMKR_SOURCES ${demo_SOURCES})
add_executable(usermode-demo) add_executable(demo)
if(usermode-demo_SOURCES) if(demo_SOURCES)
target_sources(usermode-demo PRIVATE ${usermode-demo_SOURCES}) target_sources(demo PRIVATE ${demo_SOURCES})
endif() endif()
get_directory_property(CMKR_VS_STARTUP_PROJECT DIRECTORY ${PROJECT_SOURCE_DIR} DEFINITION VS_STARTUP_PROJECT) get_directory_property(CMKR_VS_STARTUP_PROJECT DIRECTORY ${PROJECT_SOURCE_DIR} DEFINITION VS_STARTUP_PROJECT)
if(NOT CMKR_VS_STARTUP_PROJECT) if(NOT CMKR_VS_STARTUP_PROJECT)
set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT usermode-demo) set_property(DIRECTORY ${PROJECT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT demo)
endif() endif()
source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${usermode-demo_SOURCES}) source_group(TREE ${CMAKE_CURRENT_SOURCE_DIR} FILES ${demo_SOURCES})
target_link_libraries(usermode-demo PRIVATE target_link_libraries(demo PRIVATE
Theodosius Theodosius
spdlog spdlog
) )

@ -22,7 +22,23 @@ std::optional<comp::symbol_table_t*> decomp_t::decompose() {
auto syms_cnt = img->file_header.num_symbols; auto syms_cnt = img->file_header.num_symbols;
for (auto idx = 0u; idx < syms_cnt; ++idx) { for (auto idx = 0u; idx < syms_cnt; ++idx) {
auto sym = img->get_symbol(idx); auto sym = img->get_symbol(idx);
spdlog::info("handling symbol {}", sym->name.to_string().data());
if (sym->has_section() &&
sym->derived_type == coff::derived_type_id::function) {
auto scn = img->get_section(sym->section_index - 1);
auto fn_size = scn->size_raw_data;
auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img);
spdlog::info("decomposing function: {} size: {}",
sym->name.to_string(img->get_strings()), fn_size);
std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
decomp::routine_t rtn(scn, fn);
auto syms = rtn.decompose();
spdlog::info("decomposed routine into {} symbols...", syms.size());
m_syms->add_symbols(syms);
}
} }
}); });

@ -0,0 +1,40 @@
#include <decomp/routine.hpp>
namespace theo::decomp {
routine_t::routine_t(coff::section_header_t* scn, std::vector<std::uint8_t>& fn)
: m_scn(scn), m_data(fn) {}
std::vector<decomp::symbol_t> routine_t::decompose() {
std::uint32_t offset = 0u;
xed_error_enum_t err;
xed_decoded_inst_t instr;
std::vector<xed_decoded_inst_t> instrs;
xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
xed_decoded_inst_zero_set_mode(&instr, &istate);
// keep looping over the section, lower the number of bytes each time...
//
while ((err = xed_decode(&instr, m_data.data() + offset,
m_data.size() - offset)) == XED_ERROR_NONE) {
char buff[255];
offset += xed_decoded_inst_get_length(&instr);
xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, 0, 0, 0);
spdlog::info("{}", buff);
instrs.push_back(instr);
// need to set this so that instr can be used to decode again...
xed_decoded_inst_zero_set_mode(&instr, &istate);
}
return {};
}
coff::section_header_t* routine_t::scn() {
return m_scn;
}
std::vector<std::uint8_t> routine_t::data() {
return m_data;
}
} // namespace theo::decomp

@ -2,7 +2,11 @@
namespace theo { namespace theo {
theo_t::theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns) theo_t::theo_t(std::vector<std::uint8_t>& lib, lnk_fns_t lnkr_fns)
: m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {} : m_dcmp(lib, &m_sym_tbl), m_cmp(&m_dcmp) {
if (static std::atomic_bool v = true; v.exchange(false)) {
xed_tables_init();
}
}
std::optional<std::uint32_t> theo_t::decompose() { std::optional<std::uint32_t> theo_t::decompose() {
auto res = m_dcmp.decompose(); auto res = m_dcmp.decompose();

Loading…
Cancel
Save