2012-11-30 00:06:30 +00:00
|
|
|
/* radare - LGPL - Copyright 2011-2012 - pancake */
|
2013-10-19 21:10:08 +00:00
|
|
|
|
2011-10-10 23:21:38 +00:00
|
|
|
#include <r_core.h>
|
|
|
|
|
2015-09-15 09:22:32 +00:00
|
|
|
/* We can not use some kind of structure type with
|
|
|
|
* a string for each case, because some architectures (like ARM)
|
|
|
|
* have several modes/alignement requirements.
|
|
|
|
*/
|
|
|
|
|
|
|
|
void r_core_hack_help(const RCore *core) {
|
|
|
|
const char* help_msg[] = {
|
|
|
|
"wao", " [op]", "performs a modification on current opcode",
|
|
|
|
"wao", " nop", "nop current opcode",
|
|
|
|
"wao", " jz", "make current opcode conditional (zero)",
|
|
|
|
"wao", " jnz", "make current opcode conditional (not zero)",
|
|
|
|
"wao", " ret1", "make the current opcode return 1",
|
|
|
|
"wao", " ret0", "make the current opcode return 0",
|
|
|
|
"wao", " retn", "make the current opcode return -1",
|
|
|
|
"wao", " un-cjmp", "remove conditional operation to branch",
|
2015-09-23 23:05:30 +00:00
|
|
|
"wao", " trap", "make the current opcode a trap",
|
2015-09-15 09:22:32 +00:00
|
|
|
"wao", " swap-cjmp", "swap conditional branch",
|
|
|
|
"NOTE:", "", "those operations are only implemented for x86 and arm atm.", //TODO
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
r_core_cmd_help(core, help_msg);
|
2011-10-10 23:21:38 +00:00
|
|
|
}
|
|
|
|
|
2015-09-15 09:22:32 +00:00
|
|
|
R_API int r_core_hack_arm(RCore *core, const char *op, const RAnalOp *analop) {
|
|
|
|
const int bits = core->assembler->bits;
|
|
|
|
const ut8 *b = core->block;
|
|
|
|
|
2015-09-07 21:36:57 +00:00
|
|
|
if (!strcmp (op, "nop")) {
|
2015-09-15 09:22:32 +00:00
|
|
|
const int nopsize = (bits==16)? 2: 4;
|
|
|
|
const char *nopcode = (bits==16)? "00bf":"0000a0e1";
|
|
|
|
const int len = analop->size;
|
|
|
|
char* str;
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (len % nopsize) {
|
2015-09-07 21:36:57 +00:00
|
|
|
eprintf ("Invalid nopcode size\n");
|
2015-09-14 10:35:38 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
|
|
|
|
str = malloc (len*2 + 1);
|
|
|
|
for (i=0; i<len; i+=nopsize)
|
|
|
|
memcpy (str+i*2, nopcode, nopsize*2);
|
|
|
|
str[len*2] = '\0';
|
|
|
|
r_core_cmdf (core, "wx %s\n", str);
|
|
|
|
free (str);
|
2015-09-23 23:05:30 +00:00
|
|
|
} else if (!strcmp (op, "trap")) {
|
|
|
|
const char* trapcode = (bits==16)? "bebe": "fedeffe7";
|
|
|
|
r_core_cmdf (core, "wx %s\n", trapcode);
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "jz")) {
|
2015-09-07 21:36:57 +00:00
|
|
|
if (bits == 16) {
|
|
|
|
switch (b[1]) {
|
|
|
|
case 0xb9: // CBNZ
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx b1 @@ $$+1\n"); //CBZ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
case 0xbb: // CBNZ
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx b3 @@ $$+1\n"); //CBZ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
case 0xd1: // BNE
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx d0 @@ $$+1\n"); //BEQ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
default:
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
eprintf ("ARM jz hack not supported\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "jnz")) {
|
2015-09-07 21:36:57 +00:00
|
|
|
if (bits == 16) {
|
|
|
|
switch (b[1]) {
|
|
|
|
case 0xb1: // CBZ
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx b9 @@ $$+1\n"); //CBNZ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
case 0xb3: // CBZ
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx bb @@ $$+1\n"); //CBNZ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
case 0xd0: // BEQ
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx d1 @@ $$+1\n"); //BNE
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
default:
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
|
|
|
} else {
|
2015-09-15 09:22:32 +00:00
|
|
|
eprintf ("ARM jnz hack not supported\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "un-cjmp")) {
|
2015-09-07 21:36:57 +00:00
|
|
|
// TODO: drop conditional bit instead of that hack
|
|
|
|
if (bits == 16) {
|
|
|
|
switch (b[1]) {
|
|
|
|
case 0xb1: // CBZ
|
|
|
|
case 0xb3: // CBZ
|
|
|
|
case 0xd0: // BEQ
|
|
|
|
case 0xb9: // CBNZ
|
|
|
|
case 0xbb: // CBNZ
|
|
|
|
case 0xd1: // BNE
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx e0 @@ $$+1\n"); //BEQ
|
2015-09-23 23:05:30 +00:00
|
|
|
break;
|
2015-09-07 21:36:57 +00:00
|
|
|
default:
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
|
|
|
} else {
|
2015-09-15 09:22:32 +00:00
|
|
|
eprintf ("ARM un-cjmp hack not supported\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "swap-cjmp")) {
|
2015-09-07 21:36:57 +00:00
|
|
|
eprintf ("TODO: use jnz or jz\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
return false;
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "ret1")) {
|
|
|
|
if (bits == 16)
|
|
|
|
r_core_cmd0 (core, "wx 01207047 @@ $$+1\n"); // mov r0, 1; bx lr
|
|
|
|
else
|
|
|
|
r_core_cmd0 (core, "wx 0100b0e31eff2fe1 @@ $$+1\n"); // movs r0, 1; bx lr
|
|
|
|
} else if (!strcmp (op, "ret0")) {
|
|
|
|
if (bits == 16)
|
2015-09-23 23:05:30 +00:00
|
|
|
r_core_cmd0 (core, "wx 00207047 @@ $$+1\n"); // mov r0, 0; bx lr
|
2015-09-15 09:22:32 +00:00
|
|
|
else
|
2015-09-23 23:05:30 +00:00
|
|
|
r_core_cmd0 (core, "wx 0000a0e31eff2fe1 @@ $$+1\n"); // movs r0, 0; bx lr
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "retn")) {
|
|
|
|
if (bits == 16)
|
2015-09-23 23:05:30 +00:00
|
|
|
r_core_cmd0 (core, "wx ff207047 @@ $$+1\n"); // mov r0, -1; bx lr
|
2015-09-15 09:22:32 +00:00
|
|
|
else
|
2015-09-23 23:05:30 +00:00
|
|
|
r_core_cmd0 (core, "wx ff00a0e31eff2fe1 @@ $$+1\n"); // movs r0, -1; bx lr
|
|
|
|
} else {
|
|
|
|
eprintf ("Invalid operation\n");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
|
|
|
|
2015-09-15 09:22:32 +00:00
|
|
|
R_API int r_core_hack_x86(RCore *core, const char *op, const RAnalOp *analop) {
|
|
|
|
const ut8 *b = core->block;
|
|
|
|
const int size = analop->size;
|
2011-10-10 23:21:38 +00:00
|
|
|
if (!strcmp (op, "nop")) {
|
2015-09-15 09:22:32 +00:00
|
|
|
char* str = malloc (size*2 + 1);
|
|
|
|
int i;
|
|
|
|
for (i=0;i<size;i++)
|
|
|
|
memcpy(str+(i*2), "90", 2);
|
|
|
|
str[size*2] = '\0';
|
|
|
|
r_core_cmdf(core, "wx %s\n", str);
|
|
|
|
free(str);
|
2015-09-23 23:05:30 +00:00
|
|
|
} else if (!strcmp (op, "trap")) {
|
|
|
|
r_core_cmd0 (core, "wx cc\n");
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "jz")) {
|
2011-10-10 23:21:38 +00:00
|
|
|
if (b[0] == 0x75) {
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx 74\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
} else {
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "jnz")) {
|
2011-10-10 23:21:38 +00:00
|
|
|
if (b[0] == 0x74) {
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx 75\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
} else {
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "un-cjmp")) {
|
2011-10-10 23:21:38 +00:00
|
|
|
if (b[0] >= 0x70 && b[0] <= 0x7f) {
|
2015-09-15 09:22:32 +00:00
|
|
|
r_core_cmd0 (core, "wx eb\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
} else {
|
|
|
|
eprintf ("Current opcode is not conditional\n");
|
|
|
|
return false;
|
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
} else if (!strcmp (op, "swap-cjmp")) {
|
|
|
|
if (b[0] < 0x80 && b[0] >= 0x70){ // jo, jno, jb, jae, je, jne, jbe, ja, js, jns
|
|
|
|
r_core_cmdf (core, "wx %x\n", (b[0]%2)? b[0] - 1: b[0] + 1);
|
|
|
|
} else {
|
|
|
|
eprintf ("Invalid opcode\n");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} else if (!strcmp (op, "ret1")) {
|
|
|
|
r_core_cmd0 (core, "wx c20100\n");
|
|
|
|
} else if (!strcmp (op, "ret0")) {
|
|
|
|
r_core_cmd0 (core, "wx c20000\n");
|
|
|
|
} else if (!strcmp (op, "retn")) {
|
|
|
|
r_core_cmd0 (core, "wx c2ffff\n");
|
2015-09-23 23:05:30 +00:00
|
|
|
} else {
|
|
|
|
eprintf ("Invalid operation\n");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
2011-10-10 23:21:38 +00:00
|
|
|
}
|
2014-10-07 00:52:47 +00:00
|
|
|
|
|
|
|
R_API int r_core_hack(RCore *core, const char *op) {
|
2015-09-15 09:22:32 +00:00
|
|
|
int (*hack)(RCore *core, const char *op, const RAnalOp *analop) = NULL;
|
2015-09-07 21:36:57 +00:00
|
|
|
const char *asmarch = r_config_get (core->config, "asm.arch");
|
2015-09-15 09:22:32 +00:00
|
|
|
RAnalOp analop;
|
|
|
|
|
2015-09-07 21:36:57 +00:00
|
|
|
if (strstr (asmarch, "x86")) {
|
|
|
|
hack = r_core_hack_x86;
|
|
|
|
} else if (strstr (asmarch, "arm")) {
|
|
|
|
hack = r_core_hack_arm;
|
|
|
|
} else {
|
2014-10-07 00:52:47 +00:00
|
|
|
eprintf ("TODO: write hacks are only for x86\n");
|
|
|
|
}
|
2015-09-07 21:36:57 +00:00
|
|
|
if (hack) {
|
2015-09-15 09:22:32 +00:00
|
|
|
if (!r_anal_op (core->anal, &analop, core->offset, core->block, core->blocksize)) {
|
2015-09-07 21:36:57 +00:00
|
|
|
eprintf ("anal op fail\n");
|
2015-09-14 10:35:38 +00:00
|
|
|
return false;
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
return hack (core, op, &analop);
|
2015-09-07 21:36:57 +00:00
|
|
|
}
|
2015-09-15 09:22:32 +00:00
|
|
|
return false;
|
2014-10-07 00:52:47 +00:00
|
|
|
}
|