From cefe490d56875b8b6e859dd80c4cba82333c2e84 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Tue, 18 Oct 2022 19:26:41 +0100 Subject: [PATCH 01/12] MOS65xx: Include mos65xx.h (WIP) Starting to build a plugin around Capstone Signed-off-by: Paul McQuade --- capstonebundle/plugin/arch.h | 2 ++ capstonebundle/plugin/plugin.cpp | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/capstonebundle/plugin/arch.h b/capstonebundle/plugin/arch.h index 77d3f41..581effa 100644 --- a/capstonebundle/plugin/arch.h +++ b/capstonebundle/plugin/arch.h @@ -10,3 +10,5 @@ #include "arm/common.h" #include "arm/arm.h" + +#include "../../capstonebundle/capstone/include/capstone/mos65xx.h" \ No newline at end of file diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index a6752b0..4d44f51 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -22,6 +22,10 @@ static void initUserData() CS_ITEMS[hashArch(CS_ARCH_ARM64, CS_MODE_BIG_ENDIAN)] = { ARM64BE_USERDATA, [](RDContext* ctx) { return new ARM64BE(ctx); } }; CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_LITTLE_ENDIAN)] = { ARM32LE_USERDATA, [](RDContext* ctx) { return new ARM32LE(ctx); } }; CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN)] = { ARM32BE_USERDATA, [](RDContext* ctx) { return new ARM32BE(ctx); } }; + + // CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN)] = { MOS65XXBE_USERDATA, [](RDContext* ctx) { return new MOS65XXBE(ctx); } }; + // CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_LITTLE_ENDIAN)] = { MOS65XXLE_USERDATA, [](RDContext* ctx) { return new MOS65XXLE(ctx); } }; + CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_THUMB | CS_MODE_LITTLE_ENDIAN)] = { THUMB32LE_USERDATA, [](RDContext* ctx) { return new ThumbLE(ctx); } }; CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_THUMB | CS_MODE_BIG_ENDIAN)] = { THUMB32BE_USERDATA, [](RDContext* ctx) { return new ThumbBE(ctx); } }; } @@ -110,6 +114,29 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) arm32be.bits = 32; RDAssembler_Register(pm, &arm32be); + // Editing + + /* + + RD_PLUGIN_ENTRY(RDEntryAssembler, arm32be, "MOS65xxx (Big Endian)"); + arm32be.emulate = &emulate; + arm32be.renderinstruction = &render; + arm32be.lift = &lift; + arm32be.bits = 8; + RDAssembler_Register(pm, &arm32be); + + + RD_PLUGIN_ENTRY(RDEntryAssembler, thumble, "MOS65xxx (Little Endian)"); + thumble.emulate = &emulate; + thumble.renderinstruction = &render; + thumble.lift = &lift; + thumble.bits = 8; + RDAssembler_Register(pm, &thumble); + + */ + + // Editing Ended + RD_PLUGIN_ENTRY(RDEntryAssembler, thumble, "THUMB (Little Endian)"); thumble.emulate = &emulate; thumble.renderinstruction = &render; From 911cf01b520f91ec4ddb85a6c83009eb274a398d Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Wed, 19 Oct 2022 15:35:18 +0100 Subject: [PATCH 02/12] MOS65xx Folder (WIP) - Crashes Build Step 1 - Attempt to build plugin Signed-off-by: Paul McQuade --- capstonebundle/plugin/arch.h | 3 +- capstonebundle/plugin/mos65xx/common.cpp | 1 + capstonebundle/plugin/mos65xx/common.h | 10 ++++++ capstonebundle/plugin/plugin.cpp | 39 ++++++++++++------------ 4 files changed, 32 insertions(+), 21 deletions(-) create mode 100644 capstonebundle/plugin/mos65xx/common.cpp create mode 100644 capstonebundle/plugin/mos65xx/common.h diff --git a/capstonebundle/plugin/arch.h b/capstonebundle/plugin/arch.h index 581effa..8004388 100644 --- a/capstonebundle/plugin/arch.h +++ b/capstonebundle/plugin/arch.h @@ -11,4 +11,5 @@ #include "arm/common.h" #include "arm/arm.h" -#include "../../capstonebundle/capstone/include/capstone/mos65xx.h" \ No newline at end of file +#include "../../capstonebundle/capstone/include/capstone/mos65xx.h" +#include "mos65xx/common.h" \ No newline at end of file diff --git a/capstonebundle/plugin/mos65xx/common.cpp b/capstonebundle/plugin/mos65xx/common.cpp new file mode 100644 index 0000000..67c02a2 --- /dev/null +++ b/capstonebundle/plugin/mos65xx/common.cpp @@ -0,0 +1 @@ +#include "common.h" diff --git a/capstonebundle/plugin/mos65xx/common.h b/capstonebundle/plugin/mos65xx/common.h new file mode 100644 index 0000000..f90dae1 --- /dev/null +++ b/capstonebundle/plugin/mos65xx/common.h @@ -0,0 +1,10 @@ +#pragma once + +#define MOS65XXLE_USERDATA "mos65xxle_userdata" +#define MOS65XXBE_USERDATA "mos65xxbe_userdata" + +#define MOS65XXLE_ID "mos65xxle" +#define MOS65XXBE_ID "mos65xxbe" + +//#define ARM_IS_THUMB(address) (address & 1) +//#define ARM_PC(address) (address & ~1) diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index 4d44f51..cd63ea7 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -23,9 +23,11 @@ static void initUserData() CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_LITTLE_ENDIAN)] = { ARM32LE_USERDATA, [](RDContext* ctx) { return new ARM32LE(ctx); } }; CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN)] = { ARM32BE_USERDATA, [](RDContext* ctx) { return new ARM32BE(ctx); } }; - // CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN)] = { MOS65XXBE_USERDATA, [](RDContext* ctx) { return new MOS65XXBE(ctx); } }; - // CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_LITTLE_ENDIAN)] = { MOS65XXLE_USERDATA, [](RDContext* ctx) { return new MOS65XXLE(ctx); } }; - + // Editing + CS_ITEMS[hashArch(CS_ARCH_ALL, CS_MODE_LITTLE_ENDIAN)] = { MOS65XXLE_USERDATA, [](RDContext* ctx) { return new MOS65XXLE(ctx); } }; + CS_ITEMS[hashArch(CS_ARCH_ALL, CS_MODE_BIG_ENDIAN)] = { MOS65XXBE_USERDATA, [](RDContext* ctx) { return new MOS65XXBE(ctx); } }; + // End Editing + CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_THUMB | CS_MODE_LITTLE_ENDIAN)] = { THUMB32LE_USERDATA, [](RDContext* ctx) { return new ThumbLE(ctx); } }; CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_THUMB | CS_MODE_BIG_ENDIAN)] = { THUMB32BE_USERDATA, [](RDContext* ctx) { return new ThumbBE(ctx); } }; } @@ -115,25 +117,22 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RDAssembler_Register(pm, &arm32be); // Editing - - /* - RD_PLUGIN_ENTRY(RDEntryAssembler, arm32be, "MOS65xxx (Big Endian)"); - arm32be.emulate = &emulate; - arm32be.renderinstruction = &render; - arm32be.lift = &lift; - arm32be.bits = 8; - RDAssembler_Register(pm, &arm32be); - - - RD_PLUGIN_ENTRY(RDEntryAssembler, thumble, "MOS65xxx (Little Endian)"); - thumble.emulate = &emulate; - thumble.renderinstruction = &render; - thumble.lift = &lift; - thumble.bits = 8; - RDAssembler_Register(pm, &thumble); + RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxbe, "MOS65xxx (Big Endian)"); + mos65xxbe.emulate = &emulate; + mos65xxbe.renderinstruction = &render; + mos65xxbe.lift = &lift; + mos65xxbe.bits = 8; + RDAssembler_Register(pm, &mos65xxbe); + + + RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); + mos65xxle.emulate = &emulate; + mos65xxle.renderinstruction = &render; + mos65xxle.lift = &lift; + mos65xxle.bits = 8; + RDAssembler_Register(pm, &mos65xxle); - */ // Editing Ended From 0fa5bc7a50bbceca741bd0d447d0d31c201799dc Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Wed, 19 Oct 2022 17:17:37 +0100 Subject: [PATCH 03/12] MOS65xx Plugin - Init (WIP) - Crashes Build Started structure of Plugin Signed-off-by: Paul McQuade --- capstonebundle/plugin/arch.h | 2 +- capstonebundle/plugin/mos65xx/capstone.cpp | 16 ++++++++++++++++ capstonebundle/plugin/mos65xx/capstone.h | 9 +++++++++ 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 capstonebundle/plugin/mos65xx/capstone.cpp create mode 100644 capstonebundle/plugin/mos65xx/capstone.h diff --git a/capstonebundle/plugin/arch.h b/capstonebundle/plugin/arch.h index 8004388..a2e7dd3 100644 --- a/capstonebundle/plugin/arch.h +++ b/capstonebundle/plugin/arch.h @@ -11,5 +11,5 @@ #include "arm/common.h" #include "arm/arm.h" -#include "../../capstonebundle/capstone/include/capstone/mos65xx.h" +#include "mos65xx/capstone.h" #include "mos65xx/common.h" \ No newline at end of file diff --git a/capstonebundle/plugin/mos65xx/capstone.cpp b/capstonebundle/plugin/mos65xx/capstone.cpp new file mode 100644 index 0000000..a4420c4 --- /dev/null +++ b/capstonebundle/plugin/mos65xx/capstone.cpp @@ -0,0 +1,16 @@ +// capstone.cpp +#include "mos65xx.h" + +MOS65XX::MOS65XX(RDContext* ctx): Capstone(ctx, CS_ARCH_MOS65XX, 0) { } + +void MOS65XX::emulate(RDEmulateResult* result) +{ + rd_address address = RDEmulateResult_GetAddress(result); + auto* insn = this->decode(address, RDEmulateResult_GetView(result)); + // Instruction is decoded, you can use Capstone API to analyze it +} + +void MOS65XX::render(const RDRendererParams* rp) +{ + // You can render instructions here +} \ No newline at end of file diff --git a/capstonebundle/plugin/mos65xx/capstone.h b/capstonebundle/plugin/mos65xx/capstone.h new file mode 100644 index 0000000..165544d --- /dev/null +++ b/capstonebundle/plugin/mos65xx/capstone.h @@ -0,0 +1,9 @@ +// capstone.h +#include "../capstone.h" + +class MOS65XX: public Capstone { + public: + Capstone(RDContext* ctx); // There is also a "cs_mode" argument, I don't know if this architecture needs it + void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) + void render(const RDRendererParams* rp) override; // This renders instructions visually +}; \ No newline at end of file From 0688e4cfee065bdc748b7da7631ab4239f856144 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Wed, 19 Oct 2022 18:31:41 +0100 Subject: [PATCH 04/12] MOS65xx Plugin 2 - Arch Setup (WIP) CS_ARCH_MOS65XX Added to plugin Signed-off-by: Paul McQuade --- capstonebundle/plugin/arch.h | 4 ++-- .../plugin/mos65xx/{capstone.cpp => mos65xx.cpp} | 8 +++++++- .../plugin/mos65xx/{capstone.h => mos65xx.h} | 0 capstonebundle/plugin/plugin.cpp | 16 ++++++++-------- 4 files changed, 17 insertions(+), 11 deletions(-) rename capstonebundle/plugin/mos65xx/{capstone.cpp => mos65xx.cpp} (61%) rename capstonebundle/plugin/mos65xx/{capstone.h => mos65xx.h} (100%) diff --git a/capstonebundle/plugin/arch.h b/capstonebundle/plugin/arch.h index a2e7dd3..28fdd14 100644 --- a/capstonebundle/plugin/arch.h +++ b/capstonebundle/plugin/arch.h @@ -11,5 +11,5 @@ #include "arm/common.h" #include "arm/arm.h" -#include "mos65xx/capstone.h" -#include "mos65xx/common.h" \ No newline at end of file +#include "mos65xx/common.h" +#include "mos65xx/mos65xx.h" diff --git a/capstonebundle/plugin/mos65xx/capstone.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp similarity index 61% rename from capstonebundle/plugin/mos65xx/capstone.cpp rename to capstonebundle/plugin/mos65xx/mos65xx.cpp index a4420c4..8cca820 100644 --- a/capstonebundle/plugin/mos65xx/capstone.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -13,4 +13,10 @@ void MOS65XX::emulate(RDEmulateResult* result) void MOS65XX::render(const RDRendererParams* rp) { // You can render instructions here -} \ No newline at end of file +} + +//ARMLE::ARMLE(RDContext* ctx): ARM(ctx, CS_MODE_LITTLE_ENDIAN) { } +//ARMBE::ARMBE(RDContext* ctx): ARM(ctx, CS_MODE_BIG_ENDIAN) { } + +MOS65XXLE::MOS65XXLE(RDContext* ctx): MOS65XX(ctx, CS_MODE_LITTLE_ENDIAN) { } +MOS65XXBE::MOS65XXBE(RDContext* ctx): MOS65XX(ctx, CS_MODE_BIG_ENDIAN) { } diff --git a/capstonebundle/plugin/mos65xx/capstone.h b/capstonebundle/plugin/mos65xx/mos65xx.h similarity index 100% rename from capstonebundle/plugin/mos65xx/capstone.h rename to capstonebundle/plugin/mos65xx/mos65xx.h diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index cd63ea7..aed5fcd 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -24,8 +24,8 @@ static void initUserData() CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN)] = { ARM32BE_USERDATA, [](RDContext* ctx) { return new ARM32BE(ctx); } }; // Editing - CS_ITEMS[hashArch(CS_ARCH_ALL, CS_MODE_LITTLE_ENDIAN)] = { MOS65XXLE_USERDATA, [](RDContext* ctx) { return new MOS65XXLE(ctx); } }; - CS_ITEMS[hashArch(CS_ARCH_ALL, CS_MODE_BIG_ENDIAN)] = { MOS65XXBE_USERDATA, [](RDContext* ctx) { return new MOS65XXBE(ctx); } }; + CS_ITEMS[hashArch(CS_ARCH_MOS65XX, CS_MODE_LITTLE_ENDIAN)] = { MOS65XXLE_USERDATA, [](RDContext* ctx) { return new MOS65XXLE(ctx); } }; + CS_ITEMS[hashArch(CS_ARCH_MOS65XX, CS_MODE_BIG_ENDIAN)] = { MOS65XXBE_USERDATA, [](RDContext* ctx) { return new MOS65XXBE(ctx); } }; // End Editing CS_ITEMS[hashArch(CS_ARCH_ARM, CS_MODE_THUMB | CS_MODE_LITTLE_ENDIAN)] = { THUMB32LE_USERDATA, [](RDContext* ctx) { return new ThumbLE(ctx); } }; @@ -119,17 +119,17 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) // Editing RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxbe, "MOS65xxx (Big Endian)"); - mos65xxbe.emulate = &emulate; - mos65xxbe.renderinstruction = &render; - mos65xxbe.lift = &lift; + mos65xxbe.emulate = &emulate; + mos65xxbe.renderinstruction = &render; + mos65xxbe.lift = &lift; mos65xxbe.bits = 8; RDAssembler_Register(pm, &mos65xxbe); RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); - mos65xxle.emulate = &emulate; - mos65xxle.renderinstruction = &render; - mos65xxle.lift = &lift; + mos65xxle.emulate = &emulate; + mos65xxle.renderinstruction = &render; + mos65xxle.lift = &lift; mos65xxle.bits = 8; RDAssembler_Register(pm, &mos65xxle); From 25b0456728898b61e2de902bfd8ab0ebabf74460 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Thu, 20 Oct 2022 16:51:02 +0100 Subject: [PATCH 05/12] MOS65xx Plugin 3 - Class Setup (WIP) Create a Class for MOS65xx Signed-off-by: Paul McQuade --- capstonebundle/plugin/arch.h | 1 - capstonebundle/plugin/mos65xx/common.cpp | 1 - capstonebundle/plugin/mos65xx/common.h | 10 ---------- capstonebundle/plugin/mos65xx/mos65xx.cpp | 17 +++++++++++++++-- capstonebundle/plugin/mos65xx/mos65xx.h | 22 +++++++++++++++++++--- capstonebundle/plugin/plugin.cpp | 6 +++--- 6 files changed, 37 insertions(+), 20 deletions(-) delete mode 100644 capstonebundle/plugin/mos65xx/common.cpp delete mode 100644 capstonebundle/plugin/mos65xx/common.h diff --git a/capstonebundle/plugin/arch.h b/capstonebundle/plugin/arch.h index 28fdd14..657c633 100644 --- a/capstonebundle/plugin/arch.h +++ b/capstonebundle/plugin/arch.h @@ -11,5 +11,4 @@ #include "arm/common.h" #include "arm/arm.h" -#include "mos65xx/common.h" #include "mos65xx/mos65xx.h" diff --git a/capstonebundle/plugin/mos65xx/common.cpp b/capstonebundle/plugin/mos65xx/common.cpp deleted file mode 100644 index 67c02a2..0000000 --- a/capstonebundle/plugin/mos65xx/common.cpp +++ /dev/null @@ -1 +0,0 @@ -#include "common.h" diff --git a/capstonebundle/plugin/mos65xx/common.h b/capstonebundle/plugin/mos65xx/common.h deleted file mode 100644 index f90dae1..0000000 --- a/capstonebundle/plugin/mos65xx/common.h +++ /dev/null @@ -1,10 +0,0 @@ -#pragma once - -#define MOS65XXLE_USERDATA "mos65xxle_userdata" -#define MOS65XXBE_USERDATA "mos65xxbe_userdata" - -#define MOS65XXLE_ID "mos65xxle" -#define MOS65XXBE_ID "mos65xxbe" - -//#define ARM_IS_THUMB(address) (address & 1) -//#define ARM_PC(address) (address & ~1) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 8cca820..dd1f30d 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -1,18 +1,31 @@ -// capstone.cpp +// mos65xx.cpp #include "mos65xx.h" -MOS65XX::MOS65XX(RDContext* ctx): Capstone(ctx, CS_ARCH_MOS65XX, 0) { } +//MOS65XX::MOS65XX(RDContext* ctx): Capstone(ctx, CS_ARCH_MOS65XX, 0) { } + +MOS65XX::MOS65XX(RDContext* ctx, cs_mode mode): Capstone(ctx, CS_ARCH_MOS65XX, mode) { } + void MOS65XX::emulate(RDEmulateResult* result) { rd_address address = RDEmulateResult_GetAddress(result); auto* insn = this->decode(address, RDEmulateResult_GetView(result)); + if(!insn) return; + // Instruction is decoded, you can use Capstone API to analyze it + + RDContext_SetAddressAssembler(m_context, address, this->endianness() == Endianness_Big ? MOS65XXBE_ID : MOS65XXLE_ID); + if(!this->decode(address, RDEmulateResult_GetView(result))) return; + + RDEmulateResult_SetSize(result, m_insn->size); + } void MOS65XX::render(const RDRendererParams* rp) { // You can render instructions here + auto* insn = this->decode(rp->address, &rp->view); + } //ARMLE::ARMLE(RDContext* ctx): ARM(ctx, CS_MODE_LITTLE_ENDIAN) { } diff --git a/capstonebundle/plugin/mos65xx/mos65xx.h b/capstonebundle/plugin/mos65xx/mos65xx.h index 165544d..61e8ca7 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.h +++ b/capstonebundle/plugin/mos65xx/mos65xx.h @@ -1,9 +1,25 @@ -// capstone.h +// mos65xx.h +#pragma once + +#define MOS65XXLE_USERDATA "mos65xxle_userdata" +#define MOS65XXBE_USERDATA "mos65xxbe_userdata" + +#define MOS65XXLE_ID "mos65xxle" +#define MOS65XXBE_ID "mos65xxbe" + +#include +#include #include "../capstone.h" class MOS65XX: public Capstone { public: - Capstone(RDContext* ctx); // There is also a "cs_mode" argument, I don't know if this architecture needs it + // Capstone(RDContext* ctx); // There is also a "cs_mode" argument, I don't know if this architecture needs it + MOS65XX(RDContext* ctx, cs_mode mode); void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) void render(const RDRendererParams* rp) override; // This renders instructions visually -}; \ No newline at end of file + void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) override; +}; + + +class MOS65XXLE: public MOS65XX { public: MOS65XXLE(RDContext* ctx); }; +class MOS65XXBE: public MOS65XX { public: MOS65XXBE(RDContext* ctx); }; \ No newline at end of file diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index aed5fcd..43bad0a 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -127,9 +127,9 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); - mos65xxle.emulate = &emulate; - mos65xxle.renderinstruction = &render; - mos65xxle.lift = &lift; + mos65xxle.emulate = &emulate; + mos65xxle.renderinstruction = &render; + mos65xxle.lift = &lift; mos65xxle.bits = 8; RDAssembler_Register(pm, &mos65xxle); From 632348cf9e39096cd6b0a8ed510853339b6c3e8a Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Thu, 20 Oct 2022 17:04:12 +0100 Subject: [PATCH 06/12] MOS65xx Plugin 4 - lift function (WIP) Created a Lifter class Signed-off-by: Paul McQuade --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 6 +++--- capstonebundle/plugin/mos65xx/mos65xx.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index dd1f30d..98a15b2 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -1,11 +1,8 @@ // mos65xx.cpp #include "mos65xx.h" -//MOS65XX::MOS65XX(RDContext* ctx): Capstone(ctx, CS_ARCH_MOS65XX, 0) { } - MOS65XX::MOS65XX(RDContext* ctx, cs_mode mode): Capstone(ctx, CS_ARCH_MOS65XX, mode) { } - void MOS65XX::emulate(RDEmulateResult* result) { rd_address address = RDEmulateResult_GetAddress(result); @@ -28,6 +25,9 @@ void MOS65XX::render(const RDRendererParams* rp) } +void MOS65XX::lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) { MOS65XXLifter::lift(capstone, address, view, il); } + + //ARMLE::ARMLE(RDContext* ctx): ARM(ctx, CS_MODE_LITTLE_ENDIAN) { } //ARMBE::ARMBE(RDContext* ctx): ARM(ctx, CS_MODE_BIG_ENDIAN) { } diff --git a/capstonebundle/plugin/mos65xx/mos65xx.h b/capstonebundle/plugin/mos65xx/mos65xx.h index 61e8ca7..c466d92 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.h +++ b/capstonebundle/plugin/mos65xx/mos65xx.h @@ -21,5 +21,16 @@ class MOS65XX: public Capstone { }; +class MOS65XXLifter +{ + public: + MOS65XXLifter() = delete; + static void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il); + + private: + static RDILExpression* liftOperand(const Capstone* capstone, rd_address address, const cs_insn* insn, size_t idx, const RDILFunction* il); +}; + + class MOS65XXLE: public MOS65XX { public: MOS65XXLE(RDContext* ctx); }; class MOS65XXBE: public MOS65XX { public: MOS65XXBE(RDContext* ctx); }; \ No newline at end of file From f12c34b3231ca79b1c8cdae4c8add4aad2a859df Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Thu, 20 Oct 2022 17:23:20 +0100 Subject: [PATCH 07/12] MOS65xx Plugin 4 - GUI Support (FIX Build) Doesn't output anything throught. Signed-off-by: Paul McQuade --- capstonebundle/plugin/plugin.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index 43bad0a..e6f63c4 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -127,9 +127,9 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); - mos65xxle.emulate = &emulate; - mos65xxle.renderinstruction = &render; - mos65xxle.lift = &lift; + mos65xxle.emulate = &emulate; + mos65xxle.renderinstruction = &render; + mos65xxle.lift = &lift; mos65xxle.bits = 8; RDAssembler_Register(pm, &mos65xxle); From 36844b70858ed9e1cdaf5817f75cdb607f3c7a58 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Fri, 21 Oct 2022 15:00:53 +0100 Subject: [PATCH 08/12] MOS65xx Plugin 5 - Remove Lifter Part not mandatory Signed-off-by: Paul McQuade --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 3 --- capstonebundle/plugin/mos65xx/mos65xx.h | 12 ------------ capstonebundle/plugin/plugin.cpp | 2 -- 3 files changed, 17 deletions(-) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 98a15b2..44682f4 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -25,9 +25,6 @@ void MOS65XX::render(const RDRendererParams* rp) } -void MOS65XX::lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) { MOS65XXLifter::lift(capstone, address, view, il); } - - //ARMLE::ARMLE(RDContext* ctx): ARM(ctx, CS_MODE_LITTLE_ENDIAN) { } //ARMBE::ARMBE(RDContext* ctx): ARM(ctx, CS_MODE_BIG_ENDIAN) { } diff --git a/capstonebundle/plugin/mos65xx/mos65xx.h b/capstonebundle/plugin/mos65xx/mos65xx.h index c466d92..a2f5850 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.h +++ b/capstonebundle/plugin/mos65xx/mos65xx.h @@ -17,18 +17,6 @@ class MOS65XX: public Capstone { MOS65XX(RDContext* ctx, cs_mode mode); void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) void render(const RDRendererParams* rp) override; // This renders instructions visually - void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) override; -}; - - -class MOS65XXLifter -{ - public: - MOS65XXLifter() = delete; - static void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il); - - private: - static RDILExpression* liftOperand(const Capstone* capstone, rd_address address, const cs_insn* insn, size_t idx, const RDILFunction* il); }; diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index e6f63c4..0059697 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -121,7 +121,6 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxbe, "MOS65xxx (Big Endian)"); mos65xxbe.emulate = &emulate; mos65xxbe.renderinstruction = &render; - mos65xxbe.lift = &lift; mos65xxbe.bits = 8; RDAssembler_Register(pm, &mos65xxbe); @@ -129,7 +128,6 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); mos65xxle.emulate = &emulate; mos65xxle.renderinstruction = &render; - mos65xxle.lift = &lift; mos65xxle.bits = 8; RDAssembler_Register(pm, &mos65xxle); From 92e48904203ccc8afc29bff1540918f3ce13ff95 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Wed, 26 Oct 2022 18:16:56 +0100 Subject: [PATCH 09/12] Revert "MOS65xx Plugin 5 - Remove Lifter Part" This reverts commit 36844b70858ed9e1cdaf5817f75cdb607f3c7a58. --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 3 +++ capstonebundle/plugin/mos65xx/mos65xx.h | 12 ++++++++++++ capstonebundle/plugin/plugin.cpp | 2 ++ 3 files changed, 17 insertions(+) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 44682f4..98a15b2 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -25,6 +25,9 @@ void MOS65XX::render(const RDRendererParams* rp) } +void MOS65XX::lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) { MOS65XXLifter::lift(capstone, address, view, il); } + + //ARMLE::ARMLE(RDContext* ctx): ARM(ctx, CS_MODE_LITTLE_ENDIAN) { } //ARMBE::ARMBE(RDContext* ctx): ARM(ctx, CS_MODE_BIG_ENDIAN) { } diff --git a/capstonebundle/plugin/mos65xx/mos65xx.h b/capstonebundle/plugin/mos65xx/mos65xx.h index a2f5850..c466d92 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.h +++ b/capstonebundle/plugin/mos65xx/mos65xx.h @@ -17,6 +17,18 @@ class MOS65XX: public Capstone { MOS65XX(RDContext* ctx, cs_mode mode); void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) void render(const RDRendererParams* rp) override; // This renders instructions visually + void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) override; +}; + + +class MOS65XXLifter +{ + public: + MOS65XXLifter() = delete; + static void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il); + + private: + static RDILExpression* liftOperand(const Capstone* capstone, rd_address address, const cs_insn* insn, size_t idx, const RDILFunction* il); }; diff --git a/capstonebundle/plugin/plugin.cpp b/capstonebundle/plugin/plugin.cpp index 0059697..e6f63c4 100644 --- a/capstonebundle/plugin/plugin.cpp +++ b/capstonebundle/plugin/plugin.cpp @@ -121,6 +121,7 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxbe, "MOS65xxx (Big Endian)"); mos65xxbe.emulate = &emulate; mos65xxbe.renderinstruction = &render; + mos65xxbe.lift = &lift; mos65xxbe.bits = 8; RDAssembler_Register(pm, &mos65xxbe); @@ -128,6 +129,7 @@ void rdplugin_init(RDContext*, RDPluginModule* pm) RD_PLUGIN_ENTRY(RDEntryAssembler, mos65xxle, "MOS65xxx (Little Endian)"); mos65xxle.emulate = &emulate; mos65xxle.renderinstruction = &render; + mos65xxle.lift = &lift; mos65xxle.bits = 8; RDAssembler_Register(pm, &mos65xxle); From 47c8c3bf128c85c6837cb7934473931551c20bd5 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Sat, 29 Oct 2022 15:01:24 +0100 Subject: [PATCH 10/12] MOS65xx Plugin 6 - Emulate Part Signed-off-by: Paul McQuade --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 98a15b2..8edda01 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -6,16 +6,30 @@ MOS65XX::MOS65XX(RDContext* ctx, cs_mode mode): Capstone(ctx, CS_ARCH_MOS65XX, m void MOS65XX::emulate(RDEmulateResult* result) { rd_address address = RDEmulateResult_GetAddress(result); + const auto& mos65xx = m_insn->detail->mos65xx; + + auto* insn = this->decode(address, RDEmulateResult_GetView(result)); if(!insn) return; // Instruction is decoded, you can use Capstone API to analyze it - RDContext_SetAddressAssembler(m_context, address, this->endianness() == Endianness_Big ? MOS65XXBE_ID : MOS65XXLE_ID); + // RDContext_SetAddressAssembler(m_context, address, this->endianness() == Endianness_Big ? MOS65XXBE_ID : MOS65XXLE_ID); if(!this->decode(address, RDEmulateResult_GetView(result))) return; - RDEmulateResult_SetSize(result, m_insn->size); + RDEmulateResult_SetSize(result, m_insn->size); // Next time "emulate" is called is after insn->size bytes + + switch(insn->id) + { + case MOS65XX_INS_BVS: { + + RDEmulateResult_AddBranch(result, mos65xx.operands[0].imm); + return; + } + + default: break; + } } void MOS65XX::render(const RDRendererParams* rp) From c5c3ebadd78fee39faaaed6d37e6e12496613d1d Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Fri, 4 Nov 2022 17:36:06 +0000 Subject: [PATCH 11/12] MOS65xx Plugin 6.1 - Emulate Part Branch Added MOS65XX_INS_BVS case Signed-off-by: Paul McQuade --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 25 ++++++++++++----------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 8edda01..5948e56 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -5,37 +5,38 @@ MOS65XX::MOS65XX(RDContext* ctx, cs_mode mode): Capstone(ctx, CS_ARCH_MOS65XX, m void MOS65XX::emulate(RDEmulateResult* result) { - rd_address address = RDEmulateResult_GetAddress(result); - const auto& mos65xx = m_insn->detail->mos65xx; - - auto* insn = this->decode(address, RDEmulateResult_GetView(result)); - if(!insn) return; + //auto* insn = this->decode(address, RDEmulateResult_GetView(result)); + //if(!insn) return; // Instruction is decoded, you can use Capstone API to analyze it - // RDContext_SetAddressAssembler(m_context, address, this->endianness() == Endianness_Big ? MOS65XXBE_ID : MOS65XXLE_ID); + rd_address address = RDEmulateResult_GetAddress(result); if(!this->decode(address, RDEmulateResult_GetView(result))) return; - RDEmulateResult_SetSize(result, m_insn->size); // Next time "emulate" is called is after insn->size bytes - switch(insn->id) + const auto& mos65xx = m_insn->detail->mos65xx; + + switch(m_insn->id) { case MOS65XX_INS_BVS: { - - RDEmulateResult_AddBranch(result, mos65xx.operands[0].imm); - + RDEmulateResult_AddBranchTrue(result, mos65xx.operands[0].imm); + RDEmulateResult_AddBranchFalse(result, address + m_insn->size); return; } default: break; } + return; } void MOS65XX::render(const RDRendererParams* rp) { // You can render instructions here - auto* insn = this->decode(rp->address, &rp->view); + // auto* insn = this->decode(rp->address, &rp->view); + + const auto& mos65xx = m_insn->detail->mos65xx; + } From ca2052b40d8c15d5fb79eabd1e0cdbcdbfe581a6 Mon Sep 17 00:00:00 2001 From: Paul McQuade Date: Fri, 4 Nov 2022 17:49:53 +0000 Subject: [PATCH 12/12] MOS65xx Plugin 7 - Render Part RDRenderer_MnemonicWord API Signed-off-by: Paul McQuade --- capstonebundle/plugin/mos65xx/mos65xx.cpp | 23 +++++++++++++++++++++++ capstonebundle/plugin/mos65xx/mos65xx.h | 14 ++++++++------ 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/capstonebundle/plugin/mos65xx/mos65xx.cpp b/capstonebundle/plugin/mos65xx/mos65xx.cpp index 5948e56..dad496b 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.cpp +++ b/capstonebundle/plugin/mos65xx/mos65xx.cpp @@ -36,10 +36,33 @@ void MOS65XX::render(const RDRendererParams* rp) // auto* insn = this->decode(rp->address, &rp->view); const auto& mos65xx = m_insn->detail->mos65xx; + RDRenderer_MnemonicWord(rp->renderer, m_insn->mnemonic, MOS65XX::mnemonicTheme(m_insn)); } +rd_type MOS65XX::mnemonicTheme(const cs_insn* m_insn) +{ + const auto& mos65xx = m_insn->detail->mos65xx; + + // switch(m_insn->id) + // { + // case ARM_INS_B: return (arm.cc == ARM_CC_AL) ? Theme_Jump : Theme_JumpCond; + + // case ARM_INS_BL: + // case ARM_INS_BLX: return Theme_Call; + + // case ARM_INS_LDR: { + // if(MOS65XX::isPC(insn, 0)) return Theme_Ret; + // break; + // } + + // default: break; + // } + + // return Theme_Default; +} + void MOS65XX::lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) { MOS65XXLifter::lift(capstone, address, view, il); } diff --git a/capstonebundle/plugin/mos65xx/mos65xx.h b/capstonebundle/plugin/mos65xx/mos65xx.h index c466d92..46f0ea8 100644 --- a/capstonebundle/plugin/mos65xx/mos65xx.h +++ b/capstonebundle/plugin/mos65xx/mos65xx.h @@ -12,12 +12,14 @@ #include "../capstone.h" class MOS65XX: public Capstone { - public: - // Capstone(RDContext* ctx); // There is also a "cs_mode" argument, I don't know if this architecture needs it - MOS65XX(RDContext* ctx, cs_mode mode); - void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) - void render(const RDRendererParams* rp) override; // This renders instructions visually - void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) override; + public: + // Capstone(RDContext* ctx); // There is also a "cs_mode" argument, I don't know if this architecture needs it + MOS65XX(RDContext* ctx, cs_mode mode); + void emulate(RDEmulateResult* result) override; // This implements the algorithm (jumps, calls etc) + void render(const RDRendererParams* rp) override; // This renders instructions visually + void lift(const Capstone* capstone, rd_address address, const RDBufferView* view, RDILFunction* il) override; + private: + static rd_type mnemonicTheme(const cs_insn* insn); };