rz-bindgen/doxygen/analysis__pyc_8c_source.html

 // SPDX-FileCopyrightText: 2016-2020 FXTi <zjxiang1998@gmail.com>

 // SPDX-License-Identifier: LGPL-3.0-only


 #include <rz_types.h>

 #include <rz_lib.h>

 #include <rz_util.h>

 #include <rz_asm.h>


 #include "../../asm/arch/pyc/pyc_dis.h"


 static int archinfo(RzAnalysis *analysis, int query) {

     if (!strcmp(analysis->cpu, "x86")) {

         return -1;

     }


     switch (query) {

     case RZ_ANALYSIS_ARCHINFO_MIN_OP_SIZE:

         return (analysis->bits == 16) ? 1 : 2;

     case RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE:

         return (analysis->bits == 16) ? 3 : 2;

     default:

         return -1;

     }

 }


 static char *get_reg_profile(RzAnalysis *analysis) {

     return strdup(

         "=PC    pc\n"

         "=BP    bp\n"

         "=SP    sp\n"

         "=A0    sp\n"

         "gpr    sp  .32 0   0\n" // stack pointer

         "gpr    pc  .32 4   0\n" // program counter

         "gpr    bp  .32 8   0\n" // base pointer // unused

     );

 }


 static RzList *get_pyc_code_obj(RzAnalysis *analysis) {

     RzBin *b = analysis->binb.bin;

     RzBinPlugin *plugin = b->cur && b->cur->o ? b->cur->o->plugin : NULL;

     bool is_pyc = (plugin && strcmp(plugin->name, "pyc") == 0);

     if (!is_pyc) {

         return NULL;

     }

     return ((RzBinPycObj *)b->cur->o->bin_obj)->shared;

 }


 static int pyc_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *data, int len, RzAnalysisOpMask mask) {

     pyc_opcodes *ops = (pyc_opcodes *)a->plugin_data;

     RzList *cobjs = rz_list_get_n(get_pyc_code_obj(a), 0);

     RzListIter *iter = NULL;

     pyc_code_object *func = NULL, *t = NULL;

     rz_list_foreach (cobjs, iter, t) {

         if (RZ_BETWEEN(t->start_offset, addr, t->end_offset - 1)) { // addr in [start_offset, end_offset)

             func = t;

             break;

         }

     }

     if (!func) {

         return -1;

     }


     ut64 func_base = func->start_offset;

     ut32 extended_arg = 0, oparg = 0;

     ut8 op_code = data[0];

     op->addr = addr;

     op->sign = true;

     op->type = RZ_ANALYSIS_OP_TYPE_ILL;

     op->id = op_code;


     if (!pyc_opcodes_equal(ops, a->cpu)) {

         free_opcode(ops);

         ops = NULL;

     }


     if (!ops) {

         if (!(ops = get_opcode_by_version(a->cpu))) {

             return -1;

         }

         a->plugin_data = ops;

     }

     bool is_python36 = a->bits == 8;

     pyc_opcode_object *op_obj = &ops->opcodes[op_code];

     if (!op_obj->op_name) {

         op->type = RZ_ANALYSIS_OP_TYPE_ILL;

         op->size = 1;

         goto analysis_end;

     }


     op->size = is_python36 ? 2 : ((op_code >= ops->have_argument) ? 3 : 1);


     if (op_code >= ops->have_argument) {

         if (!is_python36) {

             oparg = data[1] + data[2] * 256 + extended_arg;

         } else {

             oparg = data[1] + extended_arg;

         }

     }


     if (op_obj->type & HASJABS) {

         op->type = RZ_ANALYSIS_OP_TYPE_JMP;

         op->jump = func_base + oparg;


         if (op_obj->type & HASCONDITION) {

             op->type = RZ_ANALYSIS_OP_TYPE_CJMP;

             op->fail = addr + ((is_python36) ? 2 : 3);

         }

         goto analysis_end;

     }

     if (op_obj->type & HASJREL) {

         op->type = RZ_ANALYSIS_OP_TYPE_JMP;

         op->jump = addr + oparg + ((is_python36) ? 2 : 3);

         op->fail = addr + ((is_python36) ? 2 : 3);


         if (op_obj->type & HASCONDITION) {

             op->type = RZ_ANALYSIS_OP_TYPE_CJMP;

             // op->fail = addr + ((is_python36)? 2: 3);

         }

         // goto analysis_end;

     }


     if (op_obj->type & HASCOMPARE) {

         op->type = RZ_ANALYSIS_OP_TYPE_CMP;

         goto analysis_end;

     }


     analysis_pyc_op(op, op_obj, oparg);


 analysis_end:

     return op->size;

 }


 static bool finish(void *user) {

     pyc_opcodes *ops = (user);

     free_opcode(ops);

     return true;

 }


 RzAnalysisPlugin rz_analysis_plugin_pyc = {

     .name = "pyc",

     .desc = "Python bytecode analysis plugin",

     .license = "LGPL3",

     .arch = "pyc",

     .bits = 16 | 8, // Partially agree with this

     .archinfo = archinfo,

     .get_reg_profile = get_reg_profile,

     .op = &pyc_op,

     .esil = false,

     .fini = &finish,

 };


 #ifndef RZ_PLUGIN_INCORE

 RZ_API RzLibStruct rizin_plugin = {

     .type = RZ_LIB_TYPE_ANALYSIS,

     .data = &rz_analysis_plugin_pyc,

     .version = RZ_VERSION

 };

 #endif

len
size_t len
Definition: 6502dis.c:15

ops
static struct @29 ops[]

mask
#define mask()
Definition: analysis_h8300.c:39

get_reg_profile
static char * get_reg_profile(RzAnalysis *analysis)
Definition: analysis_pyc.c:26

pyc_op
static int pyc_op(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *data, int len, RzAnalysisOpMask mask)
Definition: analysis_pyc.c:48

rz_analysis_plugin_pyc
RzAnalysisPlugin rz_analysis_plugin_pyc
Definition: analysis_pyc.c:139

rizin_plugin
RZ_API RzLibStruct rizin_plugin
Definition: analysis_pyc.c:153

get_pyc_code_obj
static RzList * get_pyc_code_obj(RzAnalysis *analysis)
Definition: analysis_pyc.c:38

finish
static bool finish(void *user)
Definition: analysis_pyc.c:133

archinfo
static int archinfo(RzAnalysis *analysis, int query)
Definition: analysis_pyc.c:11

RZ_API
#define RZ_API
Definition: core_plugin_example.c:36

NULL
#define NULL
Definition: cris-opc.c:27

ut32
uint32_t ut32
Definition: demangler_util.h:31

ut8
uint8_t ut8
Definition: lh5801.h:11

rz_list_get_n
RZ_API RZ_BORROW void * rz_list_get_n(RZ_NONNULL const RzList *list, ut32 n)
Returns the N-th element of the list.
Definition: list.c:574

strdup
return strdup("=SP	r13\n" "=LR	r14\n" "=PC	r15\n" "=A0	r0\n" "=A1	r1\n" "=A2	r2\n" "=A3	r3\n" "=ZF	zf\n" "=SF	nf\n" "=OF	vf\n" "=CF	cf\n" "=SN	or0\n" "gpr	lr	.32	56	0\n" "gpr	pc	.32	60	0\n" "gpr	cpsr	.32	64	0	____tfiae_________________qvczn\n" "gpr	or0	.32	68	0\n" "gpr	tf	.1	64.5	0	thumb\n" "gpr	ef	.1	64.9	0	endian\n" "gpr	jf	.1	64.24	0	java\n" "gpr	qf	.1	64.27	0	sticky_overflow\n" "gpr	vf	.1	64.28	0	overflow\n" "gpr	cf	.1	64.29	0	carry\n" "gpr	zf	.1	64.30	0	zero\n" "gpr	nf	.1	64.31	0	negative\n" "gpr	itc	.4	64.10	0	if_then_count\n" "gpr	gef	.4	64.16	0	great_or_equal\n" "gpr	r0	.32	0	0\n" "gpr	r1	.32	4	0\n" "gpr	r2	.32	8	0\n" "gpr	r3	.32	12	0\n" "gpr	r4	.32	16	0\n" "gpr	r5	.32	20	0\n" "gpr	r6	.32	24	0\n" "gpr	r7	.32	28	0\n" "gpr	r8	.32	32	0\n" "gpr	r9	.32	36	0\n" "gpr	r10	.32	40	0\n" "gpr	r11	.32	44	0\n" "gpr	r12	.32	48	0\n" "gpr	r13	.32	52	0\n" "gpr	r14	.32	56	0\n" "gpr	r15	.32	60	0\n" "gpr	r16	.32	64	0\n" "gpr	r17	.32	68	0\n")

iter
Definition: test_winkernel.cpp:47

free_opcode
void free_opcode(pyc_opcodes *opcodes)
Definition: opcode.c:217

get_opcode_by_version
pyc_opcodes * get_opcode_by_version(char *version)
Definition: opcode.c:169

pyc_opcodes_equal
bool pyc_opcodes_equal(pyc_opcodes *op, const char *version)
Definition: opcode.c:151

analysis_pyc_op
void analysis_pyc_op(RzAnalysisOp *op, pyc_opcode_object *op_obj, ut32 oparg)
Definition: opcode_analysis.c:902

HASCONDITION
@ HASCONDITION
Definition: opcode.h:17

HASCOMPARE
@ HASCOMPARE
Definition: opcode.h:16

HASJREL
@ HASJREL
Definition: opcode.h:21

HASJABS
@ HASJABS
Definition: opcode.h:20

RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE
#define RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE
Definition: rz_analysis.h:99

RzAnalysisOpMask
RzAnalysisOpMask
Definition: rz_analysis.h:439

RZ_ANALYSIS_ARCHINFO_MIN_OP_SIZE
#define RZ_ANALYSIS_ARCHINFO_MIN_OP_SIZE
Definition: rz_analysis.h:98

RZ_ANALYSIS_OP_TYPE_CMP
@ RZ_ANALYSIS_OP_TYPE_CMP
Definition: rz_analysis.h:399

RZ_ANALYSIS_OP_TYPE_JMP
@ RZ_ANALYSIS_OP_TYPE_JMP
Definition: rz_analysis.h:368

RZ_ANALYSIS_OP_TYPE_CJMP
@ RZ_ANALYSIS_OP_TYPE_CJMP
Definition: rz_analysis.h:373

RZ_ANALYSIS_OP_TYPE_ILL
@ RZ_ANALYSIS_OP_TYPE_ILL
Definition: rz_analysis.h:387

rz_asm.h

rz_lib.h

RZ_LIB_TYPE_ANALYSIS
@ RZ_LIB_TYPE_ANALYSIS
Definition: rz_lib.h:73

rz_types.h

RZ_BETWEEN
#define RZ_BETWEEN(x, y, z)
Definition: rz_types_base.h:131

rz_util.h

RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8

b
#define b(i)
Definition: sha256.c:42

a
#define a(i)
Definition: sha256.c:41

op_code
Definition: dis.c:12

pyc_code_object
Definition: marshal.h:55

pyc_code_object::start_offset
st64 start_offset
Definition: marshal.h:72

pyc_context
Definition: marshal.h:76

pyc_opcode_object
Definition: opcode.h:37

pyc_opcode_object::type
ut16 type
Definition: opcode.h:39

pyc_opcode_object::op_name
char * op_name
Definition: opcode.h:38

pyc_opcodes
Definition: opcode.h:45

rz_analysis_op_t
Definition: rz_analysis.h:811

rz_analysis_plugin_t
Definition: rz_analysis.h:1233

rz_analysis_plugin_t::version
const char * version
Definition: rz_analysis.h:1239

rz_analysis_plugin_t::name
const char * name
Definition: rz_analysis.h:1234

rz_analysis_t
Definition: rz_analysis.h:553

rz_analysis_t::cpu
char * cpu
Definition: rz_analysis.h:554

rz_analysis_t::binb
RzBinBind binb
Definition: rz_analysis.h:579

rz_analysis_t::bits
int bits
Definition: rz_analysis.h:556

rz_bin_bind_t::bin
RzBin * bin
Definition: rz_bin.h:807

rz_bin_plugin_t
Definition: rz_bin.h:508

rz_bin_plugin_t::name
char * name
Definition: rz_bin.h:509

rz_bin_t
Definition: rz_bin.h:328

rz_lib_struct_t
Definition: rz_lib.h:57

rz_lib_struct_t::type
int type
Definition: rz_lib.h:58

rz_list_iter_t
Definition: rz_list.h:13

rz_list_t
Definition: rz_list.h:18

op
Definition: dis.c:32

ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()

addr
static int addr
Definition: z80asm.c:58