Rizin
unix-like reverse engineering framework and cli tools
analysis_cil.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2022 wingdeans <wingdeans@protonmail.com>
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 #include <rz_analysis.h>
5 #include "../../asm/arch/cil/cil_dis.h"
6 
11 static ut64 analyze_InlineMethod(RzAnalysis *analysis, CILOp *cilop) {
12  RzBinGetOffset get_offset;
13  RzBin *bin;
14 
15  if (!analysis ||
16  !(bin = analysis->binb.bin) ||
17  !(get_offset = analysis->binb.get_offset)) {
18  return UT64_MAX;
19  }
20 
21  ut32 tok = cilop->tok;
22  ut32 table = tok >> 24;
23  if (table == 0x06) { // MethodDef index
24  return get_offset(bin, 'd', tok & 0xffffff);
25  }
26 
27  return UT64_MAX;
28 }
29 
30 static int cil_analyze_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask) {
31  CILOp cilop = { { { 0 } } };
32  if (cil_dis(&cilop, buf, len)) {
33  return 0;
34  }
35  rz_strbuf_fini(&cilop.strbuf);
36 
37  op->addr = addr;
38 
39  switch (cilop.byte1) {
40  case CIL_OP_LDARG_0:
41  case CIL_OP_LDARG_1:
42  case CIL_OP_LDARG_2:
43  case CIL_OP_LDARG_3:
44  case CIL_OP_LDLOC_0:
45  case CIL_OP_LDLOC_1:
46  case CIL_OP_LDLOC_2:
47  case CIL_OP_LDLOC_3:
48  case CIL_OP_LDARG_S:
49  case CIL_OP_LDARGA_S:
50  case CIL_OP_LDLOC_S:
51  case CIL_OP_LDLOCA_S:
52  case CIL_OP_LDNULL:
53  case CIL_OP_LDC_I4_M1:
54  case CIL_OP_LDC_I4_0:
55  case CIL_OP_LDC_I4_1:
56  case CIL_OP_LDC_I4_2:
57  case CIL_OP_LDC_I4_3:
58  case CIL_OP_LDC_I4_4:
59  case CIL_OP_LDC_I4_5:
60  case CIL_OP_LDC_I4_6:
61  case CIL_OP_LDC_I4_7:
62  case CIL_OP_LDC_I4_8:
63  case CIL_OP_LDC_I4_S:
64  case CIL_OP_LDC_I4:
65  case CIL_OP_LDC_I8:
66  case CIL_OP_LDC_R4:
67  case CIL_OP_LDC_R8:
68  case CIL_OP_LDIND_I1:
69  case CIL_OP_LDIND_U1:
70  case CIL_OP_LDIND_I2:
71  case CIL_OP_LDIND_U2:
72  case CIL_OP_LDIND_I4:
73  case CIL_OP_LDIND_U4:
74  case CIL_OP_LDIND_I8:
75  case CIL_OP_LDIND_I:
76  case CIL_OP_LDIND_R4:
77  case CIL_OP_LDIND_R8:
78  case CIL_OP_LDIND_REF:
79  case CIL_OP_LDOBJ:
80  case CIL_OP_LDSTR:
81  case CIL_OP_LDFLD:
82  case CIL_OP_LDFLDA:
83  case CIL_OP_LDSFLDA:
84  case CIL_OP_LDLEN:
85  case CIL_OP_LDELEMA:
86  case CIL_OP_LDELEM_I1:
87  case CIL_OP_LDELEM_U1:
88  case CIL_OP_LDELEM_I2:
89  case CIL_OP_LDELEM_U2:
90  case CIL_OP_LDELEM_I4:
91  case CIL_OP_LDELEM_U4:
92  case CIL_OP_LDELEM_I8:
93  case CIL_OP_LDELEM_I:
94  case CIL_OP_LDELEM_R4:
95  case CIL_OP_LDELEM_R8:
96  case CIL_OP_LDELEM_REF:
97  case CIL_OP_LDELEM:
98  case CIL_OP_LDTOKEN:
99  op->type = RZ_ANALYSIS_OP_TYPE_LOAD;
100  break;
101  case CIL_OP_STLOC_0:
102  case CIL_OP_STLOC_1:
103  case CIL_OP_STLOC_2:
104  case CIL_OP_STLOC_3:
105  case CIL_OP_STARG_S:
106  case CIL_OP_STLOC_S:
107  case CIL_OP_STIND_REF:
108  case CIL_OP_STIND_I1:
109  case CIL_OP_STIND_I2:
110  case CIL_OP_STIND_I4:
111  case CIL_OP_STIND_I8:
112  case CIL_OP_STIND_R4:
113  case CIL_OP_STIND_R8:
114  case CIL_OP_STFLD:
115  case CIL_OP_STSFLD:
116  case CIL_OP_STOBJ:
117  case CIL_OP_STELEM_I:
118  case CIL_OP_STELEM_I1:
119  case CIL_OP_STELEM_I2:
120  case CIL_OP_STELEM_I4:
121  case CIL_OP_STELEM_I8:
122  case CIL_OP_STELEM_R4:
123  case CIL_OP_STELEM_R8:
124  case CIL_OP_STELEM_REF:
125  case CIL_OP_STELEM:
126  case CIL_OP_STIND_I:
127  op->type = RZ_ANALYSIS_OP_TYPE_STORE;
128  break;
129  case CIL_OP_ADD:
130  case CIL_OP_ADD_OVF:
131  case CIL_OP_ADD_OVF_UN:
132  op->type = RZ_ANALYSIS_OP_TYPE_ADD;
133  break;
134  case CIL_OP_SUB:
135  case CIL_OP_SUB_OVF:
136  case CIL_OP_SUB_OVF_UN:
137  op->type = RZ_ANALYSIS_OP_TYPE_SUB;
138  break;
139  case CIL_OP_MUL:
140  case CIL_OP_MUL_OVF:
141  case CIL_OP_MUL_OVF_UN:
142  op->type = RZ_ANALYSIS_OP_TYPE_MUL;
143  break;
144  case CIL_OP_DIV:
145  case CIL_OP_DIV_UN:
146  op->type = RZ_ANALYSIS_OP_TYPE_DIV;
147  break;
148  case CIL_OP_REM:
149  case CIL_OP_REM_UN:
150  op->type = RZ_ANALYSIS_OP_TYPE_MOD;
151  break;
152  case CIL_OP_AND:
153  op->type = RZ_ANALYSIS_OP_TYPE_AND;
154  break;
155  case CIL_OP_OR:
156  op->type = RZ_ANALYSIS_OP_TYPE_OR;
157  break;
158  case CIL_OP_XOR:
159  op->type = RZ_ANALYSIS_OP_TYPE_XOR;
160  break;
161  case CIL_OP_SHL:
162  op->type = RZ_ANALYSIS_OP_TYPE_SHL;
163  break;
164  case CIL_OP_SHR:
165  op->type = RZ_ANALYSIS_OP_TYPE_SAR;
166  break;
167  case CIL_OP_SHR_UN:
168  op->type = RZ_ANALYSIS_OP_TYPE_SHR;
169  break;
170  case CIL_OP_NEG:
171  case CIL_OP_NOT:
172  op->type = RZ_ANALYSIS_OP_TYPE_NOT;
173  break;
174  case CIL_OP_CONV_I1:
175  case CIL_OP_CONV_I2:
176  case CIL_OP_CONV_I4:
177  case CIL_OP_CONV_I8:
178  case CIL_OP_CONV_R4:
179  case CIL_OP_CONV_R8:
180  case CIL_OP_CONV_U4:
181  case CIL_OP_CONV_U8:
182  case CIL_OP_CONV_R_UN:
183  case CIL_OP_CONV_OVF_I1_UN:
184  case CIL_OP_CONV_OVF_I2_UN:
185  case CIL_OP_CONV_OVF_I4_UN:
186  case CIL_OP_CONV_OVF_I8_UN:
187  case CIL_OP_CONV_OVF_U1_UN:
188  case CIL_OP_CONV_OVF_U2_UN:
189  case CIL_OP_CONV_OVF_U4_UN:
190  case CIL_OP_CONV_OVF_U8_UN:
191  case CIL_OP_CONV_OVF_I_UN:
192  case CIL_OP_CONV_OVF_U_UN:
193  case CIL_OP_CONV_OVF_I1:
194  case CIL_OP_CONV_OVF_U1:
195  case CIL_OP_CONV_OVF_I2:
196  case CIL_OP_CONV_OVF_U2:
197  case CIL_OP_CONV_OVF_I4:
198  case CIL_OP_CONV_OVF_U4:
199  case CIL_OP_CONV_OVF_I8:
200  case CIL_OP_CONV_OVF_U8:
201  case CIL_OP_CONV_U2:
202  case CIL_OP_CONV_U1:
203  case CIL_OP_CONV_I:
204  case CIL_OP_CONV_OVF_I:
205  case CIL_OP_CONV_OVF_U:
206  case CIL_OP_CONV_U:
207  op->type = RZ_ANALYSIS_OP_TYPE_CAST;
208  break;
209  // InlineMethod
210  case CIL_OP_JMP:
211  op->type = RZ_ANALYSIS_OP_TYPE_JMP;
212  op->jump = analyze_InlineMethod(analysis, &cilop);
213  break;
214  case CIL_OP_CALL:
215  case CIL_OP_CALLI:
216  case CIL_OP_CALLVIRT:
217  case CIL_OP_NEWOBJ:
218  op->type = RZ_ANALYSIS_OP_TYPE_CALL;
219  op->jump = analyze_InlineMethod(analysis, &cilop);
220  break;
221  // InlineBrTarget / ShortInlineBrTarget
222  case CIL_OP_BR_S:
223  case CIL_OP_BR:
224  op->type = RZ_ANALYSIS_OP_TYPE_JMP;
225  op->jump = addr + 2 + cilop.target;
226  break;
227  case CIL_OP_BRFALSE_S:
228  case CIL_OP_BRTRUE_S:
229  case CIL_OP_BEQ_S:
230  case CIL_OP_BGE_S:
231  case CIL_OP_BGT_S:
232  case CIL_OP_BLE_S:
233  case CIL_OP_BLT_S:
234  case CIL_OP_BNE_UN_S:
235  case CIL_OP_BGE_UN_S:
236  case CIL_OP_BGT_UN_S:
237  case CIL_OP_BLE_UN_S:
238  case CIL_OP_BLT_UN_S:
239  case CIL_OP_BRFALSE:
240  case CIL_OP_BRTRUE:
241  case CIL_OP_BEQ:
242  case CIL_OP_BGE:
243  case CIL_OP_BGT:
244  case CIL_OP_BLE:
245  case CIL_OP_BLT:
246  case CIL_OP_BNE_UN:
247  case CIL_OP_BGE_UN:
248  case CIL_OP_BGT_UN:
249  case CIL_OP_BLE_UN:
250  case CIL_OP_BLT_UN:
251  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
252  op->jump = addr + 5 + cilop.target;
253  break;
254  case CIL_OP_NOP:
255  op->type = RZ_ANALYSIS_OP_TYPE_NOP;
256  break;
257  case CIL_OP_RET:
258  op->type = RZ_ANALYSIS_OP_TYPE_RET;
259  break;
260  case 0xFE:
261  switch (cilop.byte2) {
262  case CIL_OP2_CEQ:
263  case CIL_OP2_CGT:
264  case CIL_OP2_CGT_UN:
265  case CIL_OP2_CLT:
266  case CIL_OP2_CLT_UN:
267  op->type = RZ_ANALYSIS_OP_TYPE_CMP;
268  break;
269  case CIL_OP2_LDFTN:
270  case CIL_OP2_LDVIRTFTN:
271  case CIL_OP2_LDARG:
272  case CIL_OP2_LDARGA:
273  case CIL_OP2_LDLOC:
274  case CIL_OP2_LDLOCA:
275  op->type = RZ_ANALYSIS_OP_TYPE_LOAD;
276  break;
277  case CIL_OP2_STARG:
278  case CIL_OP2_STLOC:
279  op->type = RZ_ANALYSIS_OP_TYPE_STORE;
280  break;
281  default:
282  op->type = RZ_ANALYSIS_OP_TYPE_NULL;
283  }
284  break;
285  default:
286  op->type = RZ_ANALYSIS_OP_TYPE_NULL;
287  }
288 
289  return op->size = cilop.size;
290 }
291 
292 RzAnalysisPlugin rz_analysis_plugin_cil = {
293  .name = "cil",
294  .desc = "dotnet CIL code analysis plugin",
295  .license = "LGPL3",
296  .arch = "cil",
297  .op = cil_analyze_op,
298 };
len
size_t len
Definition: 6502dis.c:15
rz_analysis_plugin_cil
RzAnalysisPlugin rz_analysis_plugin_cil
Definition: analysis_cil.c:292
analyze_InlineMethod
static ut64 analyze_InlineMethod(RzAnalysis *analysis, CILOp *cilop)
Definition: analysis_cil.c:11
cil_analyze_op
static int cil_analyze_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask)
Definition: analysis_cil.c:30
mask
#define mask()
Definition: analysis_h8300.c:39
get_offset
static ut64 get_offset(RzBinFile *bf, int type, int index)
Definition: bin_dex.c:206
cil_dis
int cil_dis(CILOp *op, const ut8 *buf, int len)
Disassemble a CIL buffer.
Definition: cil_dis.c:150
ut32
uint32_t ut32
Definition: demangler_util.h:31
buf
voidpf void * buf
Definition: ioapi.h:138
ut8
uint8_t ut8
Definition: lh5801.h:11
rz_analysis.h
RzAnalysisOpMask
RzAnalysisOpMask
Definition: rz_analysis.h:439
RZ_ANALYSIS_OP_TYPE_CMP
@ RZ_ANALYSIS_OP_TYPE_CMP
Definition: rz_analysis.h:399
RZ_ANALYSIS_OP_TYPE_SUB
@ RZ_ANALYSIS_OP_TYPE_SUB
Definition: rz_analysis.h:402
RZ_ANALYSIS_OP_TYPE_LOAD
@ RZ_ANALYSIS_OP_TYPE_LOAD
Definition: rz_analysis.h:416
RZ_ANALYSIS_OP_TYPE_MUL
@ RZ_ANALYSIS_OP_TYPE_MUL
Definition: rz_analysis.h:404
RZ_ANALYSIS_OP_TYPE_JMP
@ RZ_ANALYSIS_OP_TYPE_JMP
Definition: rz_analysis.h:368
RZ_ANALYSIS_OP_TYPE_AND
@ RZ_ANALYSIS_OP_TYPE_AND
Definition: rz_analysis.h:411
RZ_ANALYSIS_OP_TYPE_MOD
@ RZ_ANALYSIS_OP_TYPE_MOD
Definition: rz_analysis.h:422
RZ_ANALYSIS_OP_TYPE_SAR
@ RZ_ANALYSIS_OP_TYPE_SAR
Definition: rz_analysis.h:409
RZ_ANALYSIS_OP_TYPE_NULL
@ RZ_ANALYSIS_OP_TYPE_NULL
Definition: rz_analysis.h:367
RZ_ANALYSIS_OP_TYPE_CALL
@ RZ_ANALYSIS_OP_TYPE_CALL
Definition: rz_analysis.h:378
RZ_ANALYSIS_OP_TYPE_ADD
@ RZ_ANALYSIS_OP_TYPE_ADD
Definition: rz_analysis.h:401
RZ_ANALYSIS_OP_TYPE_OR
@ RZ_ANALYSIS_OP_TYPE_OR
Definition: rz_analysis.h:410
RZ_ANALYSIS_OP_TYPE_STORE
@ RZ_ANALYSIS_OP_TYPE_STORE
Definition: rz_analysis.h:415
RZ_ANALYSIS_OP_TYPE_SHR
@ RZ_ANALYSIS_OP_TYPE_SHR
Definition: rz_analysis.h:406
RZ_ANALYSIS_OP_TYPE_CJMP
@ RZ_ANALYSIS_OP_TYPE_CJMP
Definition: rz_analysis.h:373
RZ_ANALYSIS_OP_TYPE_DIV
@ RZ_ANALYSIS_OP_TYPE_DIV
Definition: rz_analysis.h:405
RZ_ANALYSIS_OP_TYPE_CAST
@ RZ_ANALYSIS_OP_TYPE_CAST
Definition: rz_analysis.h:426
RZ_ANALYSIS_OP_TYPE_SHL
@ RZ_ANALYSIS_OP_TYPE_SHL
Definition: rz_analysis.h:407
RZ_ANALYSIS_OP_TYPE_NOT
@ RZ_ANALYSIS_OP_TYPE_NOT
Definition: rz_analysis.h:414
RZ_ANALYSIS_OP_TYPE_RET
@ RZ_ANALYSIS_OP_TYPE_RET
Definition: rz_analysis.h:385
RZ_ANALYSIS_OP_TYPE_NOP
@ RZ_ANALYSIS_OP_TYPE_NOP
Definition: rz_analysis.h:389
RZ_ANALYSIS_OP_TYPE_XOR
@ RZ_ANALYSIS_OP_TYPE_XOR
Definition: rz_analysis.h:412
RzBinGetOffset
ut64(* RzBinGetOffset)(RzBin *bin, int type, int idx)
Definition: rz_bin.h:800
rz_strbuf_fini
RZ_API void rz_strbuf_fini(RzStrBuf *sb)
Definition: strbuf.c:365
UT64_MAX
#define UT64_MAX
Definition: rz_types_base.h:86
CILOp
Definition: cil_dis.h:27
CILOp::target
st32 target
Definition: cil_dis.h:34
CILOp::byte2
ut8 byte2
Definition: cil_dis.h:31
CILOp::size
int size
Definition: cil_dis.h:29
CILOp::strbuf
RzStrBuf strbuf
Definition: cil_dis.h:28
CILOp::tok
ut32 tok
Definition: cil_dis.h:33
CILOp::byte1
ut8 byte1
Definition: cil_dis.h:30
bin
Definition: malloc.c:26
rz_analysis_op_t
Definition: rz_analysis.h:811
rz_analysis_plugin_t
Definition: rz_analysis.h:1233
rz_analysis_plugin_t::name
const char * name
Definition: rz_analysis.h:1234
rz_analysis_t
Definition: rz_analysis.h:553
rz_analysis_t::binb
RzBinBind binb
Definition: rz_analysis.h:579
rz_bin_bind_t::bin
RzBin * bin
Definition: rz_bin.h:807
rz_bin_bind_t::get_offset
RzBinGetOffset get_offset
Definition: rz_bin.h:808
rz_bin_t
Definition: rz_bin.h:328
op
Definition: dis.c:32
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
addr
static int addr
Definition: z80asm.c:58