codeglob.h Source File

00001 /*
00002 PeRdr - PE file disassembler
00003 Copyright (C) 1999-2003 Frediano Ziglio
00004 -----
00005 
00006 This program is free software; you can redistribute it and/or modify
00007 it under the terms of the GNU General Public License as published by
00008 the Free Software Foundation; either version 2 of the License, or
00009 (at your option) any later version.
00010 
00011 This program is distributed in the hope that it will be useful,
00012 but WITHOUT ANY WARRANTY; without even the implied warranty of
00013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014 GNU General Public License for more details.
00015 
00016 You should have received a copy of the GNU General Public License
00017 along with this program; if not, write to the Free Software
00018 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
00019 -----
00020 
00021 INFORMATION
00022   www: https://freddy77.tripod.com/perdr/
00023   e-mail: freddy77@angelfire.com
00024 */
00025 #ifndef FILE_CODEGLOB_H
00026 #define FILE_CODEGLOB_H
00027 
00028 #include <list>
00029 #include <stack>
00030 #include "x86dasm.h"
00031 #include "symbols.h"
00032 #include "module.h"
00033 #include "utils/range.hpp"
00034 #include "utils/fixvect.hpp"
00035 #include "utils/f77auto_ptr"
00036 #include "code.h"
00037 #include "codescan.h"
00038 #include "byteinfo.h"
00039 #include "references.h"
00040 
00041 template <class C,class Item>
00042 inline bool IsPresent(const C& c,const Item& item)
00043 {
00044   return ( c.find(item) != c.end() );
00045 }
00046 
00047 struct TempReference:public IstrReference
00048 {
00049   uchar  priority;
00050 };
00051 
00052 // tipi di dati
00053 typedef std::stack< TempReference,std::list<TempReference> > TTempRefs;
00054 typedef std::set< vma_t,std::less<vma_t> > TAddresses;
00055 typedef std::map< vma_t,vma_t,std::less<vma_t> > TApiAlias;
00056 // !!! non set e disassembly ??
00057 typedef std::map< vma_t,vma_t,std::less<vma_t> > TApiCalls;
00058 typedef std::set< vma_t,std::less<vma_t> > TTempComplexReference;
00059 
00060 // funzioni globali
00061 void WriteInstruction(const Instruction& instruction,FILE* file = stdout);
00062 
00063 // legge istruzione all'indirizzo specificato
00064 int GetInstruction(ObjectModule& module,vma_t address,Instruction& instruction);
00065 
00066 // utilità per sezioni
00067 #define FOR_EACH_SECTION_CODE_BEGIN(module,iter) \
00068   FOR_EACH_CONST_BEGIN(ObjectModule::TSections,module->GetSections(),iter) \
00069   if ((*iter).IsCode()) {
00070 #define FOR_EACH_SECTION_CODE_END(module,iter) \
00071   } \
00072   FOR_EACH_CONST_END(ObjectModule::TSections,module->GetSections(),iter)
00073 
00074 #define FOR_EACH_SECTION_BEGIN(module,iter) \
00075   FOR_EACH_CONST_BEGIN(ObjectModule::TSections,module->GetSections(),iter)
00076 #define FOR_EACH_SECTION_END(module,iter) \
00077   FOR_EACH_CONST_END(ObjectModule::TSections,module->GetSections(),iter)
00078 
00079 // !!! other file
00080 inline bool IsNullAddress(vma_t address)
00081 { return address == 0; }
00082 
00083 // informazioni sul codice
00084 class CodeInfo
00085 {
00086 public:
00087   CodeInfo():pTempRefs(0) {};
00088 
00089   // riferimenti a variabili
00090   IstrReferences varReferences; // user by codescan.cpp
00091 
00092   // riferimenti salvati
00093   IstrReferences istrReferences; // user by codeprn.cpp and codescan.cpp
00094 
00095 
00096   ByteInfos byteInfo; // user by heuristic.cpp, codeprn.cpp and codesca.cpp
00097   // salti a api tenuti per visualizzazione
00098   TApiAlias apiAlias; // used by codeprn.cpp
00099   // indirizzi reference complessi
00100   TTempComplexReference complexReference;
00101 
00102   ObjectModule* module;
00103 
00104 protected:
00105   // riferimenti in sospeso da processare
00106   // !!! usato solo in code.cpp, dovrebbe sparire da qui
00107   TTempRefs* pTempRefs;
00108 
00109   // costanti che potrebbero essere codice
00110   // !!! usato solo in code.cpp, dovrebbe sparire da qui
00111   TAddresses addrConstants;
00112 
00113   // puntatori a dati e/o codice
00114   // !!! usato solo in code.cpp, dovrebbe sparire da qui
00115   TAddresses addrGeneral;
00116 };
00117 
00118 void ParseCode(CSignFile& file,uint32_t imageBase,vma_t entryPoint,const RVAFileTranslator& rva,const Symbols& symbols,const Symbols& exportedSymbols);
00119 
00120 class CodeParser: public CodeInfo
00121 {
00122 friend void ParseCode(CSignFile& file,uint32_t imageBase,vma_t entryPoint,const RVAFileTranslator& rva,const Symbols& symbols,const Symbols& exportedSymbols,
00123                       bool hasRelocation,const RelocationInfos& relocationInfos);
00124 public:
00125   //
00126   // Temp flow manage
00127   //
00128   void AddExportTempFlow(vma_t to,enum ByteInfo::TPriority priority);
00129   bool AddTempFlow(enum FlowTypes flow,vma_t from,
00130     const Instruction& instruction,vma_t instAddress,
00131     enum ByteInfo::TPriority priority,bool bAddComplex=true);
00132   void AddTempFlow(enum FlowTypes flow,vma_t from,vma_t to,
00133     enum ByteInfo::TPriority priority);
00134   bool ExtractTempRef(TempReference& tempRef);
00135 
00136   //
00137   // Scanning
00138   //
00139   void _ReverseScan(IScanning* scanning,vma_t address,IMachineStatus* status);
00140   void ReverseScan(IScanning* scanning,vma_t address);
00141 
00142   bool ExecuteComplexReference(vma_t address);
00143   bool ExecuteComplexReferenceMemory(vma_t address,const Instruction& instruction);
00144   bool ExecuteComplexReferenceReg(vma_t address,const Instruction& instruction);
00145 
00146   //
00147   // Code scanning and marking
00148   //
00149   bool CheckCodeRecursively(vma_t address,ByteInfo::TPriority priority,bool _bSetLabel = true);
00150   bool CheckCode(vma_t& address,ByteInfo::TPriority priority,bool bSetLabel = true);
00151 
00152   // utility
00153   bool IsApiReference(const Param& arg) const;
00154   bool ContainValidAddress(const Param& param) const;
00155 private:
00156   void Parse(CSignFile& _file,uint32_t imageBase,vma_t entryPoint,
00157     const RVAFileTranslator& rva,const Symbols& api,const Symbols& exportedApi,
00158     bool hasRelocation,const RelocationInfos& relocationInfos);
00159   void ExcludeFileRange(CSignFile& _file,const RVAFileTranslator& rva,uint32_t imageBase);
00160 
00161   //
00162   // Code scanning and marking
00163   //
00164   enum TScanCodeResult {
00165     scanCodeAlreadyProcessed, scanCodeNoError, scanCodeOverlapped,
00166     scanCodeInvalidJump, scanCodeInvalid, scanCodeMax = scanCodeInvalid };
00167   enum TScanCodeResult ScanCode(vma_t& address,ByteInfo::TPriority priority,bool bSetLabel = true);
00168   // verifica se esiste un riferimento a dati o codice
00169   void CheckForAddress(vma_t instAddress,const Instruction& instruction,enum ByteInfo::TPriority priority);
00170   void SetCodeRange(const range<vma_t>& r,ByteInfo::TPriority priority,bool bSetLabel = true);
00171   void ResetCodeRange(const range<vma_t>& r);
00172   void CheckImmediateCodeAddress(const Instruction& instruction);
00173 
00174   //
00175   // Statistic
00176   //
00177   void GetStringStats(vma_t address,unsigned& len,unsigned& num_printable);
00178   struct PointerArrayStat
00179   {
00180     unsigned nCodePointer,nPointer,nNull,nFirstNull;
00181   };
00182   void GetPointerArrayStats(vma_t address,PointerArrayStat& stat);
00183   struct BitStat
00184   {
00185     unsigned int bit8[8];
00186     unsigned int bit16[16];
00187     unsigned int bit32[32];
00188   };
00189   void GetBitStat(vma_t address,unsigned numBytes,BitStat& stat);
00190 
00191   //
00192   // Printing
00193   //
00194   void CheckReference(vma_t address);
00195   void CheckJumpReference(vma_t address,const Instruction& instruction);
00196   void WriteCode();
00197   void WriteString(vma_t address,int len) const;
00198   void WriteBegin(vma_t address,int num_bytes) const;
00199 };
00200 
00201 
00202 #endif //FILE_CODEGLOB_H