Merge branch 'elf-core-support'

Author: Michal Bandzi

include/retdec/fileformat/fftypes.h

@@ -14,6 +14,8 @@
 #include "retdec/fileformat/types/dynamic_table/dynamic_table.h"
 #include "retdec/fileformat/types/export_table/export_table.h"
 #include "retdec/fileformat/types/import_table/import_table.h"
+#include "retdec/fileformat/types/note_section/elf_notes.h"
+#include "retdec/fileformat/types/note_section/elf_core.h"
 #include "retdec/fileformat/types/pdb_info/pdb_info.h"
 #include "retdec/fileformat/types/relocation_table/relocation_table.h"
 #include "retdec/fileformat/types/resource_table/resource_table.h"

include/retdec/fileformat/file_format/elf/elf_format.h

@@ -12,6 +12,7 @@
 #include <elfio/elfio.hpp>
 
 #include "retdec/fileformat/file_format/file_format.h"
+#include "retdec/fileformat/types/note_section/elf_notes.h"
 
 namespace retdec {
 namespace fileformat {
@@ -65,6 +66,13 @@ class ElfFormat : public FileFormat
 		void loadSegments();
 		void loadInfoFromDynamicTables(std::size_t noOfTables);
 		void loadInfoFromDynamicSegment();
+		void loadNoteSecSeg(ElfNoteSecSeg &noteSecSegs) const;
+		void loadNotes();
+		void loadCoreFileMap(std::size_t offset, std::size_t size);
+		void loadCorePrStat(std::size_t offset, std::size_t size);
+		void loadCorePrPsInfo(std::size_t offset, std::size_t size);
+		void loadCoreAuxvInfo(std::size_t offset, std::size_t size);
+		void loadCoreInfo();
 		/// @}
 	protected:
 		int elfClass;        ///< class of input ELF file

include/retdec/fileformat/file_format/file_format.h

@@ -58,6 +58,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
 		std::vector<DynamicTable*> dynamicTables;                         ///< tables with dynamic records
 		std::vector<unsigned char> bytes;                                 ///< content of file as bytes
 		std::vector<String> strings;                                      ///< detected strings
+		std::vector<ElfNoteSecSeg> noteSecSegs;                           ///< note sections or segemnts found in ELF file
 		std::set<std::uint64_t> unknownRelocs;                            ///< unknown relocations
 		ImportTable *importTable;                                         ///< table of imports
 		ExportTable *exportTable;                                         ///< table of exports
@@ -66,6 +67,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
 		RichHeader *richHeader;                                           ///< rich header
 		PdbInfo *pdbInfo;                                                 ///< information about related PDB debug file
 		CertificateTable *certificateTable;                               ///< table of certificates
+		ElfCoreInfo *elfCoreInfo;                                         ///< information about core file structures
 		Format fileFormat;                                                ///< format of input file
 		bool stateIsValid;                                                ///< internal state of instance
 		std::vector<std::pair<std::size_t, std::size_t>> secHashInfo;     ///< information for calculation of section table hash
@@ -202,6 +204,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
 		const RichHeader* getRichHeader() const;
 		const PdbInfo* getPdbInfo() const;
 		const CertificateTable* getCertificateTable() const;
+		const ElfCoreInfo* getElfCoreInfo() const;
 		const Symbol* getSymbol(const std::string &name) const;
 		const Symbol* getSymbol(unsigned long long address) const;
 		const Relocation* getRelocation(const std::string &name) const;
@@ -231,6 +234,7 @@ class FileFormat : public retdec::utils::ByteValueStorage, private retdec::utils
 		const unsigned char* getBytesData() const;
 		const unsigned char* getLoadedBytesData() const;
 		const std::vector<String>& getStrings() const;
+		const std::vector<ElfNoteSecSeg>& getElfNoteSecSegs() const;
 		const std::set<std::uint64_t>& getUnknownRelocations() const;
 		/// @}
 

include/retdec/fileformat/types/note_section/elf_core.h

@@ -0,0 +1,95 @@
+/**
+ * @file include/retdec/fileformat/types/note_section/elf_core.cpp
+ * @brief Class for ELF core data.
+ * @copyright (c) 2017 Avast Software, licensed under the MIT license
+ */
+
+#ifndef RETDEC_FILEFORMAT_TYPES_NOTE_SECTION_ELF_CORE_H
+#define RETDEC_FILEFORMAT_TYPES_NOTE_SECTION_ELF_CORE_H
+
+#include <string>
+#include <vector>
+#include <map>
+
+#include "retdec/utils/address.h"
+
+namespace retdec {
+namespace fileformat {
+
+using RegisterMap = std::map<std::string, std::uint64_t>;
+using AuxVectorEntry = std::pair<std::uint64_t, std::uint64_t>;
+
+/**
+ * Entry for one mapped file in NT_FILE note
+ */
+class FileMapEntry
+{
+	public:
+		std::uint64_t startAddr;  ///< start address of mapped segment
+		std::uint64_t endAddr;    ///< end address of mapped segment
+		std::uint64_t pageOffset; ///< page offset
+		std::string filePath;     ///< full path to mapped file
+};
+
+/**
+ * Class representing one NT_PRSTATUS note
+ *
+ * @note This structure is far from complete but we will add support only for
+ * things we can use somehow for decompilation purposes.
+ */
+class PrStatusInfo
+{
+	public:
+		std::uint64_t pid;     ///< process ID
+		std::uint64_t ppid;    ///< parent process ID
+		RegisterMap registers; ///< registers state
+};
+
+/**
+ * Class for representing information from core files
+ */
+class ElfCoreInfo
+{
+	private:
+		// NT_FILE
+		std::uint64_t pageSize;            ///< used page size
+		std::vector<FileMapEntry> fileMap; ///< parsed file map
+
+		// NT_PRSTATUS
+		std::vector<PrStatusInfo> prstatusInfos; ///< prstatus structures
+
+		// NT_PRPSINFO
+		std::string appName; ///< original application name
+		std::string cmdLine; ///< command line
+
+		// NT_AUXV
+		std::vector<AuxVectorEntry> auxVector; /// auxiliary vector
+
+	public:
+		/// @name Setters
+		/// @{
+		void setPageSize(const std::uint64_t& size);
+		void addFileMapEntry(const FileMapEntry& entry);
+		void addAuxVectorEntry(const AuxVectorEntry& entry);
+		void addPrStatusInfo(const PrStatusInfo& info);
+		void setAppName(const std::string& name);
+		void setCmdLine(const std::string& line);
+		/// @}
+
+		/// @name Getters
+		/// @{
+		std::uint64_t getPageSize() const;
+		const std::vector<FileMapEntry>& getFileMap() const;
+		const std::vector<AuxVectorEntry>& getAuxVector() const;
+		/// @}
+
+		/// @name Helper methods
+		/// @{
+		void dump(std::ostream& outStream);
+		/// @}
+};
+
+} // namespace fileformat
+} // namespace retdec
+
+#endif

include/retdec/fileformat/types/note_section/elf_notes.h

@@ -0,0 +1,90 @@
+/**
+ * @file include/retdec/fileformat/types/note_section/elf_note.cpp
+ * @brief Class for ELF note section (segment).
+ * @copyright (c) 2017 Avast Software, licensed under the MIT license
+ */
+
+#ifndef RETDEC_FILEFORMAT_TYPES_NOTE_SECTION_ELF_NOTE_H
+#define RETDEC_FILEFORMAT_TYPES_NOTE_SECTION_ELF_NOTE_H
+
+#include <string>
+#include <vector>
+
+#include "retdec/fileformat/types/sec_seg/sec_seg.h"
+
+namespace retdec {
+namespace fileformat {
+
+/**
+ * Class for one ELF note section or segment entry
+ */
+class ElfNoteEntry
+{
+	public:
+		std::string name; ///< interpreted name (owner)
+		std::size_t type; ///< owner specific type
+
+		// Type must be combined with name to tell how to interpret data
+
+		std::size_t dataOffset; ///< file offset of note data
+		std::size_t dataLength; ///< length of note data
+
+		/// @name Query methods
+		/// @{
+		bool isEmptyNote() const;
+		/// @}
+};
+
+/**
+ * Class describing one ELF note section or segment
+ */
+class ElfNoteSecSeg
+{
+	private:
+		const SecSeg* secSeg;            ///< associated section or segment
+		std::vector<ElfNoteEntry> notes; ///< notes in segment or section
+
+		bool malformed = false; ///< set to @c true if notes are malformed
+		std::string error;      ///< possible error message
+
+	public:
+		/// @name  Constructors and destructor
+		/// @{
+		ElfNoteSecSeg(const SecSeg* assocSecSeg);
+		~ElfNoteSecSeg();
+		/// @}
+
+		/// @name Setters
+		/// @{
+		void setMalformed(const std::string& message = "corrupted note");
+		/// @}
+
+		/// @name Add notes
+		/// @{
+		void addNote(ElfNoteEntry&& note);
+		void addNote(const ElfNoteEntry& note);
+		/// @}
+
+		/// @name Getters
+		/// @{
+		std::vector<ElfNoteEntry> getNotes() const;
+		std::string getErrorMessage() const;
+		std::size_t getSecSegOffset() const;
+		std::size_t getSecSegLength() const;
+		std::string getSectionName() const;
+		/// @}
+
+		/// @name Query methods
+		/// @{
+		bool isNamedSection() const;
+		bool isMalformed() const;
+		bool isEmpty() const;
+		/// @}
+};
+
+
+
+} // namespace fileformat
+} // namespace retdec
+
+#endif

src/fileformat/CMakeLists.txt

@@ -49,6 +49,8 @@ set(FILEFORMAT_SOURCES
 	types/dynamic_table/dynamic_entry.cpp
 	types/dynamic_table/dynamic_table.cpp
 	types/strings/string.cpp
+	types/note_section/elf_notes.cpp
+	types/note_section/elf_core.cpp
 	file_format/pe/pe_format_parser/pe_format_parser64.cpp
 	file_format/pe/pe_format_parser/pe_format_parser.cpp
 	file_format/pe/pe_format_parser/pe_format_parser32.cpp