Feature: unpacking script for LzExe 0.91

* New unpacking script for LzExe 0.91 (addresses part of #1287) * New `reko.dasm` OllyScript command. * Change CMakeLists.txt to use correct version number.
uxmal · Sep 4, 2023 · 61bbcfa · 61bbcfa
1 parent 04ffec4
commit 61bbcfa
Show file tree

Hide file tree

Showing 15 changed files with 921 additions and 211 deletions.
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -23,7 +23,7 @@ endif()
 
 # The path to the Reko's "src" directory, used for relative path
 set(REKO_SRC ${CMAKE_CURRENT_LIST_DIR})
-set(REKO_VERSION "0.11.4")
+set(REKO_VERSION "0.11.5")
 
 set(artifacts_dir ${REKO_SRC}/../bin)
 file(MAKE_DIRECTORY ${artifacts_dir})

diff --git a/src/Core/Core.csproj b/src/Core/Core.csproj
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
  <Import Project="$(ProjectDir)../Drivers/CommonBuildProperties.items" />
- <Import Project="$(ProjectDir)../Drivers/ApiTracking.items " />
+ <!-- <Import Project="$(ProjectDir)../Drivers/ApiTracking.items " /> -->
  <PropertyGroup>
  <ProjectGuid>{5C315C78-1F97-4B16-81AA-917284969DFE}</ProjectGuid>
  <AssemblyName>Reko.Core</AssemblyName>

diff --git a/src/Core/Output/GlobalDataWriter.cs b/src/Core/Output/GlobalDataWriter.cs
@@ -321,7 +321,10 @@ private void FormatRawBytes(byte[] bytes)
 
  public CodeFormatter VisitMemberPointer(MemberPointer memptr)
  {
- throw new NotImplementedException();
+ if (!rdr.TryRead(PrimitiveType.Create(Domain.Offset, memptr.BitSize), out var c))
+ return codeFormatter;
+ c.Accept(codeFormatter);
+ return codeFormatter;
  }
 
  public CodeFormatter VisitPointer(Pointer ptr)

diff --git a/src/Core/Output/GlobalObjectTracer.cs b/src/Core/Output/GlobalObjectTracer.cs
@@ -124,7 +124,7 @@ public int VisitFunctionType(FunctionType ft)
 
  public int VisitMemberPointer(MemberPointer memptr)
  {
- throw new NotImplementedException();
+ return 0;
  }
 
  public int VisitPointer(Pointer ptr)

diff --git a/src/Core/PublicAPI.Unshipped.txt b/src/Core/PublicAPI.Unshipped.txt
@@ -1130,6 +1130,7 @@ Reko.Core.SegmentMap.CreateImageReader(Reko.Core.Address! address, Reko.Core.IPr
 Reko.Core.SegmentMap.SegmentMap(params Reko.Core.Loading.ImageSegment![]! segments) -> void
 Reko.Core.SegmentMap.SegmentMap(Reko.Core.Address! addrBase, params Reko.Core.Loading.ImageSegment![]! segments) -> void
 Reko.Core.SegmentMap.Segments.get -> System.Collections.Generic.SortedList<Reko.Core.Address!, Reko.Core.Loading.ImageSegment!>!
+Reko.Core.SegmentMap.TryCreateImageReader(Reko.Core.Address! address, Reko.Core.IProcessorArchitecture! arch, out Reko.Core.Memory.EndianImageReader! rdr) -> bool
 Reko.Core.SegmentMap.TryFindSegment(Reko.Core.Address! addr, out Reko.Core.Loading.ImageSegment! segment) -> bool
 Reko.Core.SegmentMap.TryFindSegment(string! segmentName, out Reko.Core.Loading.ImageSegment! segment) -> bool
 Reko.Core.SegmentMap.TryFindSegment(ulong linAddress, out Reko.Core.Loading.ImageSegment! segment) -> bool

diff --git a/src/Core/SegmentMap.cs b/src/Core/SegmentMap.cs
@@ -227,6 +227,31 @@ public Address MapLinearAddressToAddress(ulong linearAddress)
  linearAddress));
  }
 
+ /// <summary>
+ /// Creates an <see cref="EndianImageReader"/> that starts reading at the <see cref="Address"/>
+ /// <paramref name="address"/>. The endianness of the image reader is controlled by the
+ /// <see cref="arch"/>. 
+ /// </summary>
+ /// <param name="address">Address at which to start reading.</param>
+ /// <param name="arch"><see cref="IProcessorArchitecture"/> that determines the 
+ /// endianness, byte granularity and other processor-specific details.
+ /// </param>
+ /// <returns>The resulting <see cref="EndianImageReader"/> instance.</returns>
+ public bool TryCreateImageReader(
+ Address address,
+ IProcessorArchitecture arch,
+ [MaybeNullWhen(false)] out EndianImageReader rdr)
+ {
+ if (!TryFindSegment(address, out var segment))
+ {
+ rdr = null;
+ return false;
+ }
+ rdr = segment.CreateImageReader(arch);
+ rdr.Seek(address - segment.Address);
+ return true;
+ }
+
  /// <summary>
  /// Returns the segment that contains the specified address.
  /// </summary>

diff --git a/src/Drivers/WebSite/reko.config b/src/Drivers/WebSite/reko.config
diff --git a/src/Drivers/WindowsDecompiler/Driver.cs b/src/Drivers/WindowsDecompiler/Driver.cs
@@ -18,7 +18,6 @@
  */
 #endregion
 
-using Reko.Core;
 using Reko.Core.Services;
 using Reko.Gui;
 using Reko.Gui.Services;

diff --git a/src/Drivers/reko.config b/src/Drivers/reko.config
@@ -94,7 +94,7 @@
  <!-- Image unpackers take a compressed image and uncompress it. -->
 
  <Loader Label="EXEPACK v4.05, v4.06" Type="Reko.ImageLoaders.MzExe.ExePackLoader,Reko.ImageLoaders.MzExe" />
- <Loader Label="LZEXE v0.91, v1.00a (1)" Type="Reko.ImageLoaders.MzExe.LzExeUnpacker,Reko.ImageLoaders.MzExe" />
+ <Loader Label="LZEXE v0.91, v1.00a (1)"  Argument="LzExe-0.91-unpacker.osc" Type="Reko.ImageLoaders.OdbgScript.OdbgScriptLoader,Reko.ImageLoaders.OdbgScript" />
  <Loader Label="PKLITE v1.00, v1.03" Type="Reko.ImageLoaders.MzExe.PkLiteUnpacker,Reko.ImageLoaders.MzExe" />
  <Loader Label="PKLITE v1.12, v1.15, v1.20 (1)" Argument="PkLite-1.12-unpacker.osc" Type="Reko.ImageLoaders.OdbgScript.OdbgScriptLoader,Reko.ImageLoaders.OdbgScript" />
  <Loader Label="UPX -&gt; www.upx.sourceforge.net" Argument="upx_ultimate.osc" Type="Reko.ImageLoaders.OdbgScript.OdbgScriptLoader,Reko.ImageLoaders.OdbgScript" />
@@ -107,7 +107,7 @@
  Label="RekoCHeader" />
 
  <!-- Reko-defined file format loaders -->
- <Loader Extension="xml" Type="Reko.Core.TypeLibraryLoader,Reko.Core"
+ <Loader Extension="xml" Type="Reko.Core.Loading.TypeLibraryLoader,Reko.Core"
  Label="RekoTypeLibrary" />
  <Loader Label="RekoAmigaHeader" Type="Reko.Environments.AmigaOS.AmigaHeaderLoader,Reko.Environments.AmigaOS" />
 

diff --git a/src/ImageLoaders/OdbgScript/LzExe-0.91-unpacker.osc b/src/ImageLoaders/OdbgScript/LzExe-0.91-unpacker.osc
@@ -0,0 +1,39 @@
+; Reko OllyDbg script for unpacking files packed with LzExe 0.91
+
+var selector
+
+; Run until the retf that calls the unpacker and step into the retf
+bp cs:002A
+run
+sti
+
+; msg $"At {cs}:{ip}"
+
+;; Now inside the unpacker code. Execute the unpacking and intercept
+;; the relocations.
+
+; Break at the instruction after a relocation is done.
+bp cs:0122 
+
+; Break at the point where the CS:IP have been stored at address
+; [CS:BX]
+bp cs:0155
+
+relocation_loop:
+run
+
+cmp ip,0155
+je relocation_done
+
+; Read the relocation
+mov selector,[es:di],2
+; msg $"Relocation at {es}:{di} = {selector}"
+reko.addseg es:di,selector
+jmp relocation_loop
+
+relocation_done:
+; Single step into the original code.
+sti
+msg $"Entry point at {cs}:{ip}"
+dpe "dontcare",cs:ip
+ret
diff --git a/src/ImageLoaders/OdbgScript/OllyLangInterpreter.Commands.cs b/src/ImageLoaders/OdbgScript/OllyLangInterpreter.Commands.cs
@@ -4218,5 +4218,31 @@ private bool RekoDumpBytes(Expression[] args)
  Host.TE_Log(sw.ToString());
  return true;
  }
+
+ private bool RekoDisassemble(Expression[] args)
+ {
+ if (args.Length < 1)
+ return false;
+ if (!GetAddress(args[0], out Address addr))
+ return false;
+ rulong count = 10;
+ if (args.Length == 2)
+ {
+ if (!GetRulong(args[1], out count))
+ return false;
+ }
+ if (!this.Host.SegmentMap.TryCreateImageReader(addr, arch, out var rdr))
+ return false;
+ var sw = new StringWriter();
+ var dasm = arch.CreateDisassembler(rdr).GetEnumerator();
+ for (uint i = 0; i < count && dasm.MoveNext(); ++i)
+ {
+ var instr = dasm.Current;
+ sw.WriteLine("{0}: {1}", instr.Address, instr);
+ }
+
+ Host.TE_Log(sw.ToString());
+ return true;
+ }
  }
 }
diff --git a/src/ImageLoaders/OdbgScript/OllyLangInterpreter.cs b/src/ImageLoaders/OdbgScript/OllyLangInterpreter.cs
@@ -313,6 +313,7 @@ public OllyLangInterpreter(IServiceProvider services, IProcessorArchitecture arc
 
  commands["reko.addseg"] = RekoAddSegmentReference;
  commands["reko.db"] = RekoDumpBytes;
+ commands["reko.dasm"] = RekoDisassemble;
 
  #endregion
 #if LATER
@@ -501,7 +502,7 @@ public eflags_t()
 
 
  // Commands that can be executed
- Dictionary<string, Func<Expression[], bool>> commands = new Dictionary<string, Func<Expression[], bool>>(StringComparer.InvariantCultureIgnoreCase );
+ Dictionary<string, Func<Expression[], bool>> commands = new(StringComparer.InvariantCultureIgnoreCase );
 
  private int EOB_row, EOE_row;
  private bool bInternalBP;

diff --git a/src/ImageLoaders/OdbgScript/OllyScriptParser.cs b/src/ImageLoaders/OdbgScript/OllyScriptParser.cs
@@ -382,7 +382,7 @@ private Expression[] ExpressionList()
  case TokenType.LBracket:
  GetToken();
  var ea = Expression();
- if (ea == null)
+ if (ea is null)
  return null; //$TODO: SyncTo(Comma, NewLine)
  if (!PeekAndDiscard(TokenType.RBracket))
  return null;

diff --git a/src/Installers/NuGetPackage/reko-files.xml b/src/Installers/NuGetPackage/reko-files.xml
@@ -344,12 +344,14 @@
  <File Source="$(var.Decompiler.ProjectDir)Loading\Signatures\PLATFORM_INDEPENDENT.xml" nuget_target="c:" />
 
  <!-- Unpacker scripts -->
+ <File Source="$(var.OdbgScript.ProjectDir)Exepack-3.60-unpacker.osc" nuget_target="c:" />
+ <File Source="$(var.OdbgScript.ProjectDir)LzExe-0.91-unpacker.osc" nuget_target="c:" />
+ <File Source="$(var.OdbgScript.ProjectDir)PkLite-1.12-unpacker.osc" nuget_target="c:" />
  <File Source="$(var.OdbgScript.ProjectDir)PkLite-1.50-unpacker.osc" nuget_target="c:" />
  <File Source="$(var.OdbgScript.ProjectDir)RekoUnpacker_823.osc" nuget_target="c:" />
  <File Source="$(var.OdbgScript.ProjectDir)upx_ultimate.osc" nuget_target="c:" />
- <File Source="$(var.OdbgScript.ProjectDir)Exepack-3.60-unpacker.osc" nuget_target="c:" />
 
- <!-- External files -->
+  <!-- External files -->
  <File Source="$(var.SolutionDir)..\external\Capstone\$(var.Platform)\capstone.dll" />
  <File Source="$(var.WindowsDecompiler.TargetDir)AutomaticGraphLayout.dll" />
  <File Source="$(var.WindowsDecompiler.TargetDir)AutomaticGraphLayout.Drawing.dll" />