checkpoint

Author: hugsy

src/cpu/arm.rs

@@ -9,7 +9,6 @@ impl cpu::Cpu for Arm {
 
     fn ptrsize(&self) -> usize {
         4
-        // TODO: thumb
     }
 
     fn ret_insns(&self) -> Vec<(Vec<u8>, Vec<u8>)> {
@@ -43,11 +42,11 @@ impl cpu::Cpu for Arm {
     }
 }
 
-impl std::fmt::Debug for Arm {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("Arm").finish()
-    }
-}
+// impl std::fmt::Debug for Arm {
+//     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+//         f.debug_struct("Arm").finish()
+//     }
+// }
 
 pub struct Arm64;
 
@@ -108,8 +107,8 @@ impl cpu::Cpu for Arm64 {
     }
 }
 
-impl std::fmt::Debug for Arm64 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("Arm64").finish()
-    }
-}
+// impl std::fmt::Debug for Arm64 {
+//     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+//         f.debug_struct("Arm64").finish()
+//     }
+// }

src/cpu/mod.rs

@@ -13,13 +13,14 @@ pub enum CpuType {
     ARM64,
 }
 
-pub trait Cpu: Send + Sync + std::fmt::Debug {
+pub trait Cpu: Send + Sync {
     fn cpu_type(&self) -> CpuType;
     fn ptrsize(&self) -> usize;
     fn insn_step(&self) -> usize;
 
     //
     // for each instruction type, the format is Vector<opcode, mask>
+    // TODO: replace with &[u8], &[u8]
     //
 
     fn ret_insns(&self) -> Vec<(Vec<u8>, Vec<u8>)>;
@@ -31,17 +32,28 @@ pub trait Cpu: Send + Sync + std::fmt::Debug {
     }
 }
 
+impl std::fmt::Debug for dyn Cpu {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("Cpu")
+            .field("cpu_type", &self.cpu_type())
+            .field("name", &self.name())
+            .field("ptrsize", &self.ptrsize())
+            .field("insn_step", &self.insn_step())
+            .finish()
+    }
+}
+
 impl std::fmt::Display for CpuType {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let val = match self {
-            CpuType::X86 => "x86-32",
-            CpuType::X64 => "x86-64",
-            CpuType::ARM => "ARM",
-            CpuType::ARM64 => "ARM64",
-            CpuType::Unknown => "Unknown",
-        };
+        // let val = match self {
+        //     CpuType::X86 => "x86-32",
+        //     CpuType::X64 => "x86-64",
+        //     CpuType::ARM => "ARM",
+        //     CpuType::ARM64 => "ARM64",
+        //     CpuType::Unknown => "Unknown",
+        // };
 
-        write!(f, "Arch={}", val)
+        write!(f, "{:?}", self)
     }
 }
 
@@ -69,15 +81,15 @@ impl From<&goblin::mach::header::Header> for CpuType {
     }
 }
 
-impl From<&goblin::pe::header::CoffHeader> for CpuType {
-    fn from(obj: &goblin::pe::header::CoffHeader) -> Self {
-        match obj.machine {
-            goblin::pe::header::COFF_MACHINE_X86 => CpuType::X86,
-            goblin::pe::header::COFF_MACHINE_X86_64 => CpuType::X64,
-            goblin::pe::header::COFF_MACHINE_ARM => CpuType::ARM,
-            goblin::pe::header::COFF_MACHINE_ARMNT => CpuType::ARM,
-            goblin::pe::header::COFF_MACHINE_ARM64 => CpuType::ARM64,
-            _ => panic!("Unsupported format"),
-        }
-    }
-}
+// impl From<&goblin::pe::header::CoffHeader> for CpuType {
+//     fn from(obj: &goblin::pe::header::CoffHeader) -> Self {
+//         match obj.machine {
+//             goblin::pe::header::COFF_MACHINE_X86 => CpuType::X86,
+//             goblin::pe::header::COFF_MACHINE_X86_64 => CpuType::X64,
+//             goblin::pe::header::COFF_MACHINE_ARM => CpuType::ARM,
+//             goblin::pe::header::COFF_MACHINE_ARMNT => CpuType::ARM,
+//             goblin::pe::header::COFF_MACHINE_ARM64 => CpuType::ARM64,
+//             _ => panic!("Unsupported format"),
+//         }
+//     }
+// }

src/cpu/x86.rs

@@ -46,11 +46,11 @@ impl cpu::Cpu for X86 {
     }
 }
 
-impl std::fmt::Debug for X86 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("X86").finish()
-    }
-}
+// impl std::fmt::Debug for X86 {
+//     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+//         f.debug_struct("X86").finish()
+//     }
+// }
 
 pub struct X64;
 
@@ -104,8 +104,8 @@ impl cpu::Cpu for X64 {
     }
 }
 
-impl std::fmt::Debug for X64 {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("X64").finish()
-    }
-}
+// impl std::fmt::Debug for X64 {
+//     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+//         f.debug_struct("X64").finish()
+//     }
+// }

src/engine.rs

@@ -78,7 +78,6 @@ impl Disassembler for CapstoneDisassembler {
     }
 
     fn name(&self) -> String {
-        // todo: add version strings
         let (major, minor) = Capstone::lib_version();
         format!("Capstone-Engine({}.{})", major, minor)
     }
@@ -90,7 +89,7 @@ impl Disassembler for CapstoneDisassembler {
 
 impl std::fmt::Display for CapstoneDisassembler {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "Disassembler({})", self.name())
+        write!(f, "{}", self.name())
     }
 }
 

src/format/elf.rs

@@ -107,7 +107,7 @@ impl ExecutableFileFormat for Elf {
         FileFormat::Elf
     }
 
-    fn sections(&self) -> &Vec<Section> {
+    fn executable_sections(&self) -> &Vec<Section> {
         &self.sections
     }
 

src/format/mach.rs

@@ -99,7 +99,7 @@ impl ExecutableFileFormat for Mach {
         FileFormat::MachO
     }
 
-    fn sections(&self) -> &Vec<Section> {
+    fn executable_sections(&self) -> &Vec<Section> {
         &self.sections
     }
 

src/format/mod.rs

@@ -21,14 +21,14 @@ pub enum FileFormat {
 
 impl std::fmt::Display for FileFormat {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let val = match self {
-            FileFormat::Pe => "PE",
-            FileFormat::Elf => "ELF",
-            FileFormat::MachO => "MachO",
-            // _ => panic!("Invalid FileFormat"),
-        };
-
-        write!(f, "BinaryFormat={}", val)
+        // let val = match self {
+        //     FileFormat::Pe => "PE",
+        //     FileFormat::Elf => "ELF",
+        //     FileFormat::MachO => "MachO",
+        //     // _ => panic!("Invalid FileFormat"),
+        // };
+
+        write!(f, "{:?}", &self)
     }
 }
 
@@ -38,7 +38,7 @@ pub trait ExecutableFileFormat: Send + Sync {
 
     fn format(&self) -> FileFormat;
 
-    fn sections(&self) -> &Vec<Section>;
+    fn executable_sections(&self) -> &Vec<Section>;
 
     // fn cpu(&self) -> &dyn cpu::Cpu;
 
@@ -47,6 +47,23 @@ pub trait ExecutableFileFormat: Send + Sync {
     fn entry_point(&self) -> u64;
 }
 
+impl std::fmt::Display for dyn ExecutableFileFormat {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{:?}", &self)
+    }
+}
+
+impl std::fmt::Debug for dyn ExecutableFileFormat {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("ExecutableFileFormat")
+            .field("format", &self.format().to_string())
+            .field("executable_sections", &self.executable_sections().len())
+            .field("cpu_type", &self.cpu_type())
+            .field("entry_point", &self.entry_point())
+            .finish()
+    }
+}
+
 /// Attempt to determine the file
 pub fn guess_file_format(file: &PathBuf) -> GenericResult<Box<dyn ExecutableFileFormat>> {
     if !file.as_path().exists() {
@@ -73,7 +90,6 @@ pub fn guess_file_format(file: &PathBuf) -> GenericResult<Box<dyn ExecutableFile
 pub fn try_parse(buf: &[u8]) -> GenericResult<FileFormat> {
     match buf.get(0..4) {
         Some(magic) => {
-            println!("{:?}", magic);
             if &magic[0..pe::IMAGE_DOS_SIGNATURE.len()] == pe::IMAGE_DOS_SIGNATURE {
                 Ok(FileFormat::Pe)
             } else if &magic[0..elf::ELF_HEADER_MAGIC.len()] == elf::ELF_HEADER_MAGIC {

src/format/pe.rs

@@ -2,9 +2,9 @@
 ///! Basic implementation of a PE parser, supports x86/64 to extract quickly the sections
 ///!
 use std::convert::TryInto;
-use std::fs::File;
-use std::io::Read;
-use std::path::PathBuf;
+// use std::fs::File;
+// use std::io::Read;
+// use std::path::PathBuf;
 use std::{fmt, mem};
 
 // use goblin;
@@ -21,7 +21,7 @@ use super::ExecutableFileFormat;
 #[derive(Debug, Default)]
 pub struct Pe {
     // path: PathBuf,
-    pub sections: Vec<Section>,
+    pub executable_sections: Vec<Section>,
     // cpu: Box<dyn cpu::Cpu>,
     pub entry_point: u64,
     cpu_type: cpu::CpuType,
@@ -163,6 +163,8 @@ const IMAGE_NT_HEADER_SIZE: usize = mem::size_of::<ImageFileHeader>();
 pub const IMAGE_FILE_MACHINE_I386: u16 = 0x014c;
 pub const IMAGE_FILE_MACHINE_X86_64: u16 = 0x8664;
 pub const IMAGE_FILE_MACHINE_ARM64: u16 = 0xaa64;
+pub const IMAGE_FILE_MACHINE_ARMNT: u16 = 0x1c4;
+
 pub const IMAGE_SCN_MEM_EXECUTE: u32 = 0x20000000;
 pub const IMAGE_SCN_MEM_READ: u32 = 0x40000000;
 pub const IMAGE_SCN_MEM_WRITE: u32 = 0x80000000;
@@ -231,6 +233,7 @@ impl<'a> PeParser<'a> {
                 IMAGE_FILE_MACHINE_I386 => Ok(cpu::CpuType::X86),
                 IMAGE_FILE_MACHINE_X86_64 => Ok(cpu::CpuType::X64),
                 IMAGE_FILE_MACHINE_ARM64 => Ok(cpu::CpuType::ARM64),
+                IMAGE_FILE_MACHINE_ARMNT => Ok(cpu::CpuType::ARM),
                 _ => Err(error::Error::UnsupportedCpuError),
             }
         }?;
@@ -285,9 +288,12 @@ impl<'a> PeParser<'a> {
 
         let opt_hdrs = pe_header.get(IMAGE_NT_HEADER_SIZE..).unwrap();
         let image_base_off = match machine {
-            cpu::CpuType::X86 => mem::offset_of!(ImageOptionalHeader32, image_base),
-            cpu::CpuType::X64 => mem::offset_of!(ImageOptionalHeader64, image_base),
-            cpu::CpuType::ARM64 => mem::offset_of!(ImageOptionalHeader64, image_base),
+            cpu::CpuType::X86 | cpu::CpuType::ARM => {
+                mem::offset_of!(ImageOptionalHeader32, image_base)
+            }
+            cpu::CpuType::X64 | cpu::CpuType::ARM64 => {
+                mem::offset_of!(ImageOptionalHeader64, image_base)
+            }
             _ => unreachable!(),
         } as usize;
 
@@ -298,9 +304,13 @@ impl<'a> PeParser<'a> {
         ) as u64;
 
         let entry_point_off = match machine {
-            cpu::CpuType::X86 => mem::offset_of!(ImageOptionalHeader32, address_of_entry_point),
-            cpu::CpuType::X64 => mem::offset_of!(ImageOptionalHeader64, address_of_entry_point),
-            cpu::CpuType::ARM64 => mem::offset_of!(ImageOptionalHeader64, address_of_entry_point),
+            cpu::CpuType::X86 | cpu::CpuType::ARM => {
+                mem::offset_of!(ImageOptionalHeader32, address_of_entry_point)
+            }
+
+            cpu::CpuType::X64 | cpu::CpuType::ARM64 => {
+                mem::offset_of!(ImageOptionalHeader64, address_of_entry_point)
+            }
             _ => unreachable!(),
         } as usize;
 
@@ -483,7 +493,7 @@ impl Pe {
         let executable_sections = pe
             .sections()?
             .into_iter()
-            .filter(|s| s.permission.contains(Permission::EXECUTABLE))
+            .filter(|s| s.is_executable())
             .collect();
 
         debug!("{:?}", &executable_sections);
@@ -535,7 +545,7 @@ impl Pe {
 
         Ok(Self {
             // path: path.clone(),
-            sections: executable_sections,
+            executable_sections,
             // cpu,
             cpu_type: machine,
             entry_point: entry_point,
@@ -553,8 +563,8 @@ impl ExecutableFileFormat for Pe {
         FileFormat::Pe
     }
 
-    fn sections(&self) -> &Vec<Section> {
-        &self.sections
+    fn executable_sections(&self) -> &Vec<Section> {
+        &self.executable_sections
     }
 
     // fn cpu(&self) -> &dyn cpu::Cpu {