diff options
Diffstat (limited to 'disasm/extractfunction.cpp')
| -rw-r--r-- | disasm/extractfunction.cpp | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/disasm/extractfunction.cpp b/disasm/extractfunction.cpp index f2da04c..288d78f 100644 --- a/disasm/extractfunction.cpp +++ b/disasm/extractfunction.cpp @@ -1,6 +1,6 @@ #include "extractfunction.hpp" -#include "leparseutil.hpp" +#include "le_parse_util.hpp" #include "output.hpp" @@ -14,7 +14,7 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binparse::Offset32 function_offset) { std::stringstream ss; - ss << "f_" << function_offset << ".a"; + ss << "f_" << function_offset << ".asm"; std::string o_file = ss.str(); if(boost::filesystem::exists(o_file)) { return; @@ -26,7 +26,6 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar auto file = parse_file(ifs); - _DInst decinst; _DecodeType dt = Decode32Bits; unsigned int decodedInstructionsCount = 0; @@ -42,7 +41,11 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar binparse::Offset32 furthestjmp; bool done = false; + + std::cout << "Scanning function: " << function_offset << std::endl; while(!done) { + _DInst decinst; + distorm_decompose64(&ci, &decinst, 1, &decodedInstructionsCount); if(decinst.flags == FLAG_NOT_DECODABLE) { @@ -52,7 +55,22 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar switch(META_GET_FC(decinst.meta)) { case FC_CALL: { binparse::Offset32 target = binparse::Offset32(INSTRUCTION_GET_TARGET(&decinst)); - extract_function(file_path, object_id, target); + + _DecodedInst inst; + distorm_format64(&ci, &decinst, &inst); + + //std::cout << inst.mnemonic.p << " " << inst.operands.p << std::endl; + //std::cout << "target: " << target << std::endl; + + if(decinst.ops[0].type == O_PC || decinst.ops[0].type == O_PTR || decinst.ops[0].type == O_DISP) { + + //extract_function(file_path, object_id, target); + + } else if (decinst.ops[0].type == O_SMEM) { + std::cout << "unhandled case: " << inst.mnemonic.p << " " << inst.operands.p << std::endl; + } else { + std::cout << "unrecognized case: " << inst.mnemonic.p << " " << inst.operands.p << std::endl; + } break; } case FC_CMOV: { @@ -79,7 +97,7 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar break; } case FC_SYS: { - //std::cout << "SYS?!?:\t"; + //std::cout << "syscall:\t"; break; } case FC_UNC_BRANCH: { @@ -96,6 +114,11 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar } } + _DecodedInst inst; + distorm_format64(&ci, &decinst, &inst); + + std::cout << binparse::Offset32(ci.codeOffset) << " " << inst.mnemonic.p << " " << inst.operands.p << std::endl; + if(!done) { auto distance = ci.nextOffset - ci.codeOffset; @@ -104,8 +127,8 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar ci.codeOffset += distance; } } - std::cout << "Function starts at: " << function_offset << std::endl; - std::cout << "Function ends at: " << binparse::Offset32(ci.nextOffset) << std::endl; + //std::cout << "Function starts at: " << function_offset << std::endl; + //std::cout << "Function ends at: " << binparse::Offset32(ci.nextOffset) << std::endl; auto end = ci.nextOffset; @@ -117,13 +140,14 @@ void extract_function(std::string file_path, binparse::Value32 object_id, binpar ci.features = DF_NONE; while(ci.nextOffset < end) { + _DInst decinst; distorm_decompose(&ci, &decinst, 1, &decodedInstructionsCount); _DecodedInst inst; distorm_format64(&ci, &decinst, &inst); - std::cout << std::hex << std::setw(8) << std::setfill('0') << inst.offset << ":\t" << inst.mnemonic.p << " " << inst.operands.p << std::endl; - output << inst.mnemonic.p << " " << inst.operands.p << std::endl; + //std::cout << std::hex << std::setw(8) << std::setfill('0') << inst.offset << ":\t" << inst.mnemonic.p << " " << inst.operands.p << std::endl; + output << binparse::Offset32(inst.offset) << " " << inst.mnemonic.p << " " << inst.operands.p << std::endl; auto distance = ci.nextOffset - ci.codeOffset; |