added XED to the project, starting to use XED on executable sections...

.gitmodules

@@ -4,3 +4,9 @@
 [submodule "dependencies/linux-pe"]
 	path = dependencies/linux-pe
 	url = https://github.com/can1357/linux-pe.git
+[submodule "dependencies/xed"]
+	path = dependencies/xed
+	url = https://github.com/intelxed/xed.git
+[submodule "dependencies/mbuild"]
+	path = dependencies/mbuild
+	url = https://github.com/intelxed/mbuild.git

dependencies/mbuild

@@ -0,0 +1 @@
+Subproject commit 09b6654be0c52bf1df44e88c88b411a67b624cbd

dependencies/xed

@@ -0,0 +1 @@
+Subproject commit 428712c28e831573579b7f749db63d3a58dcdbd9

include/lloiff.hpp

@@ -5,6 +5,13 @@
 #include <string>
 #include <vector>
 
+#define XED_ENCODER
+extern "C"
+{
+    #include <xed-decode.h>
+    #include <xed-interface.h>
+}
+
 namespace llo
 {
     /// <summary>
@@ -13,6 +20,31 @@ namespace llo
     class lloiff_t
     {
       public:
+        /// <summary>
+        /// section protections structure...
+        /// </summary>
+        struct iff_prot_t
+        {
+            /// <summary>
+            /// the raw characteristics of the original binary file...
+            /// </summary>
+            std::uint64_t characteristics;
+
+            /// <summary>
+            /// bit field structure containing IL version of characteristics...
+            /// </summary>
+            union
+            {
+                struct
+                {
+                    std::uint32_t is_executable : 1;
+                    std::uint32_t is_writable : 1;
+                    std::uint32_t is_discardable : 1;
+                };
+                std::uint32_t flags;
+            } prot;
+        };
+
         /// <summary>
         /// iff section struct containing IL information about a section...
         /// </summary>
@@ -27,6 +59,18 @@ namespace llo
             /// vector of raw bytes containing the original bytes of this section...
             /// </summary>
             std::vector< std::uint8_t > raw;
+
+            /// <summary>
+            /// IL and native characteristics of a section...
+            /// contains information such as: is the section executable,
+            /// writable, and or discardable?
+            /// </summary>
+            iff_prot_t characteristics;
+
+            /// <summary>
+            /// a vector containing every single instruction of this section...
+            /// </summary>
+            std::vector< xed_decoded_inst_t > instrs;
         };
 
         /// <summary>

llo-s1.vcxproj

@@ -43,6 +43,42 @@
     <ClInclude Include="dependencies\linux-pe\includes\nt\image.hpp" />
     <ClInclude Include="dependencies\linux-pe\includes\nt\nt_headers.hpp" />
     <ClInclude Include="dependencies\linux-pe\includes\nt\optional_header.hpp" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-agen.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-attributes.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-chip-features.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-common-defs.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-common-hdrs.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-cpuid-rec.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decode.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decoded-inst-api.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decoded-inst.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-disas.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode-check.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode-direct.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encoder-hl.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-flags.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-format-options.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-get-time.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-iform-map.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-ild.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-immdis.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-immed.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-init.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-inst.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-interface.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-isa-set.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-operand-action.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-operand-values-interface.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-patch.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-portability.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-print-info.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-reg-class.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-rep-prefix.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-state.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-types.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-util.h" />
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-version.h" />
     <ClInclude Include="include\llodctor\llodctor_base.hpp" />
     <ClInclude Include="include\llodctor\llodctor_coff.hpp" />
     <ClInclude Include="include\llodctor\llodctor_lib.hpp" />
@@ -98,11 +134,11 @@
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
-    <IncludePath>$(ProjectDir)include;$(IncludePath);$(ProjectDir)include;$(ProjectDir)dependencies\fcml\include\;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\linux-pe\includes;$(ProjectDir)dependencies\xtils\</IncludePath>
+    <IncludePath>$(ProjectDir)include;$(IncludePath);$(ProjectDir)include;$(ProjectDir)dependencies\fcml\include\;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\linux-pe\includes;$(ProjectDir)dependencies\xtils\;$(ProjectDir)dependencies\xed\include\public\xed;$(ProjectDir)dependencies\xed\obj\;$(ProjectDir)dependencies\xed\obj\wkit\include\xed\</IncludePath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <LinkIncremental>false</LinkIncremental>
-    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);;$(ProjectDir)include;$(ProjectDir)dependencies\fcml\include\;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\linux-pe\includes;$(ProjectDir)dependencies\xtils\</IncludePath>
+    <IncludePath>$(VC_IncludePath);$(WindowsSDK_IncludePath);;$(ProjectDir)include;$(ProjectDir)dependencies\fcml\include\;$(ProjectDir)dependencies\cli-parser\;$(ProjectDir)dependencies\linux-pe\includes;$(ProjectDir)dependencies\xtils\;$(ProjectDir)dependencies\xed\include\public\xed;$(ProjectDir)dependencies\xed\obj\;$(ProjectDir)dependencies\xed\obj\wkit\include\xed\</IncludePath>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <ClCompile>
@@ -115,7 +151,7 @@
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)dependencies\xed\obj\wkit\lib\xed.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <GenerateMapFile>true</GenerateMapFile>
       <MapExports>true</MapExports>
     </Link>
@@ -129,13 +165,14 @@
       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
       <LanguageStandard>stdcpplatest</LanguageStandard>
+      <CompileAs>CompileAsCpp</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
-      <AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>$(ProjectDir)dependencies\xed\obj\wkit\lib\xed.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <GenerateMapFile>true</GenerateMapFile>
       <MapExports>true</MapExports>
     </Link>

llo-s1.vcxproj.filters

@@ -39,6 +39,9 @@
     <Filter Include="Source Files\llodctor">
       <UniqueIdentifier>{9bd2b0b0-4ae2-4d9d-8620-4b596f84d20d}</UniqueIdentifier>
     </Filter>
+    <Filter Include="Header Files\xed">
+      <UniqueIdentifier>{52d58ded-b48c-456a-98fe-4dfb9e81e1a9}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="include\lloiff.hpp">
@@ -161,6 +164,114 @@
     <ClInclude Include="include\llodctor\llodctor_coff.hpp">
       <Filter>Header Files\llodctor</Filter>
     </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-agen.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-attributes.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-chip-features.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-common-defs.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-common-hdrs.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-cpuid-rec.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decode.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decoded-inst.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-decoded-inst-api.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-disas.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode-check.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encode-direct.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-encoder-hl.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-flags.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-format-options.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-get-time.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-iform-map.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-ild.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-immdis.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-immed.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-init.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-inst.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-interface.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-isa-set.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-operand-action.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-operand-values-interface.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-patch.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-portability.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-print-info.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-reg-class.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-rep-prefix.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-state.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-types.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-util.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
+    <ClInclude Include="dependencies\xed\include\public\xed\xed-version.h">
+      <Filter>Header Files\xed</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <None Include=".clang-format">

llo-s1.vcxproj.user

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-i llo-s1.lib</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-i demo.lib</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

src/llodctor/llodctor_coff.cpp

@@ -4,15 +4,42 @@ namespace llo::s1
 {
     void dctor_coff_t::generate( lloiff_t &iff )
     {
-        std::for_each( img_header->get_sections(), img_header->get_sections() + num_sections,
-                       [ & ]( const coff::section_header_t section_header ) {
-                           lloiff_t::iff_section_t section{
-                               std::string( section_header.name.to_string( img_header->get_strings() ) ) };
+        std::for_each(
+            img_header->get_sections(), img_header->get_sections() + num_sections,
+            [ & ]( const coff::section_header_t section_header ) {
+                const auto section_name = std::string( section_header.name.to_string( img_header->get_strings() ) );
+                lloiff_t::iff_section_t iff_section{ section_name };
 
-                           section.raw = { img.data() + section_header.ptr_raw_data,
-                                           img.data() + section_header.ptr_raw_data + section_header.size_raw_data };
+                iff_section.raw = { img.data() + section_header.ptr_raw_data,
+                                    img.data() + section_header.ptr_raw_data + section_header.size_raw_data };
 
-                           iff.sections.emplace_back( section );
-                       } );
+                const auto &prots = section_header.prots;
+                iff_section.characteristics.prot = { prots.mem_execute, prots.mem_write, prots.mem_discardable };
+                iff_section.characteristics.characteristics = section_header.prots.flags;
+
+                // if the section is writable then we want to disassamble the entire section...
+                if ( iff_section.characteristics.prot.is_executable && iff_section.raw.data() )
+                {
+                    std::uint32_t offset = 0u;
+                    xed_error_enum_t err;
+
+                    xed_decoded_inst_t instr;
+                    xed_state_t istate{ XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b };
+                    xed_decoded_inst_zero_set_mode( &instr, &istate );
+
+                    // keep looping over the section, lower the number of bytes each time...
+                    while ( ( err = xed_decode( &instr, iff_section.raw.data() + offset,
+                                                iff_section.raw.size() - offset ) ) == XED_ERROR_NONE )
+                    {
+                        offset += xed_decoded_inst_get_length( &instr );
+                        iff_section.instrs.push_back( instr );
+                        
+                        // need to set this so that instr can be used to decode again...
+                        xed_decoded_inst_zero_set_mode( &instr, &istate );
+                    }
+                }
+
+                iff.sections.emplace_back( iff_section );
+            } );
     }
 } // namespace llo::s1

src/llodctor/llodctor_pe.cpp

@@ -2,14 +2,42 @@
 
 void llo::s1::dctor_pe_t::generate( lloiff_t &iff )
 {
-    // lift section information to iff...
-    for ( auto idx = 0u; idx < section_count; ++idx )
-    {
-        iff.sections.push_back( { std::string( sections[ idx ].name.to_string() ),
-                                  { img.data(), img.data() + sections[ idx ].ptr_raw_data } } );
-
-        // TODO... more information probably can be lifted/added...
-    }
+    std::for_each( sections, sections + section_count, [ & ]( const win::section_header_t &section_header ) {
+        llo::lloiff_t::iff_section_t iff_section{
+            std::string( section_header.name.to_string() ),
+            { img.data() + section_header.ptr_raw_data,
+              img.data() + section_header.ptr_raw_data + section_header.size_raw_data } };
+
+        const auto &prots = section_header.prots;
+        iff_section.characteristics.prot = { prots.mem_execute, prots.mem_write, prots.mem_discardable };
+        iff_section.characteristics.characteristics = section_header.prots.flags;
+
+        // if the section is writable then we want to disassamble the entire section...
+        if ( iff_section.characteristics.prot.is_executable && iff_section.raw.data() )
+        {
+            std::uint32_t offset = 0u;
+            xed_error_enum_t err;
+
+            xed_decoded_inst_t instr;
+            xed_state_t istate{ XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b };
+            xed_decoded_inst_zero_set_mode( &instr, &istate );
+
+            // keep looping over the section, lower the number of bytes each time...
+            while ( ( err = xed_decode( &instr, iff_section.raw.data() + offset, iff_section.raw.size() - offset ) ) ==
+                    XED_ERROR_NONE )
+            {
+                offset += xed_decoded_inst_get_length( &instr );
+                iff_section.instrs.push_back( instr );
+
+                // need to set this so that instr can be used to decode again...
+                xed_decoded_inst_zero_set_mode( &instr, &istate );
+            }
+
+            std::printf( "> err = %d, offset = %d, size = %d\n", err, offset, iff_section.raw.size() );
+        }
+
+        iff.sections.emplace_back( iff_section );
+    } );
 
     // run symbol loader pass... this could be pdb, map, etc...
     if ( symbol_loader )

src/main.cpp

@@ -10,7 +10,7 @@
 int __cdecl main( int argc, const char *argv[] )
 {
     argparse::argument_parser_t cli_parser( "llo stage-one", "llo stage one demo" );
-    
+
     cli_parser.add_argument()
         .names( { "-i", "--input" } )
         .description( "input file, must be a supported file format..." )
@@ -90,17 +90,35 @@ int __cdecl main( int argc, const char *argv[] )
         return -1;
     }
 
+    xed_tables_init();
     llo::lloiff_t iff( name, image );
     file_dctor->generate( iff );
 
     std::printf( "> iff number of children = %d\n", iff.children.size() );
-    for ( auto &child : iff.children )
+
+    for ( auto &section : iff.sections )
     {
+        std::printf( "> section name = %s\n", section.section_name.get_data().c_str() );
+        std::printf( "> section data = %p\n", section.raw.data() );
+
+        if ( section.characteristics.prot.is_executable )
+            std::printf( "> number of instructions = %d\n", section.instrs.size() );
+
+        std::printf( "> size of raw section = %d\n", section.raw.size() );
+    }
 
+    for ( auto &child : iff.children )
+    {
         for ( auto &section : child->sections )
         {
             std::printf( "> section name = %s\n", section.section_name.get_data().c_str() );
+            std::printf( "> section data = %p\n", section.raw.data() );
+
+            if ( section.characteristics.prot.is_executable )
+                std::printf( "> number of instructions = %d\n", section.instrs.size() );
+
             std::printf( "> size of raw section = %d\n", section.raw.size() );
         }
     }
+    std::getchar();
 }