Use segments

Author: toolCHAINZ

Cargo.toml

@@ -34,7 +34,7 @@ tracing = "0.1.40"
 colored = "2.1.0"
 tracing-subscriber = { version = "0.3.18", optional = true, features = ["env-filter"] }
 toml_edit = { version = "0.22.12", optional = true, features = ["serde"] }
-object = { version = "0.36.0" }
+object = "0.36.7"
 clap = { version = "4.0.32", optional = true , features = ["derive"]}
 rand = "0.8.5"
 derive_builder = "0.20.0"

src/config/error.rs

@@ -10,6 +10,8 @@ pub enum CrackersConfigError {
     Gimli(#[from] object::Error),
     #[error("Spec objects must have a '_start' symbol")]
     SpecMissingStartSymbol,
+    #[error("Unable to parse a segment from the target binary")]
+    LibraryParse,
     #[error("Spec objects must have a '.text' symbol")]
     SpecMissingTextSection,
     #[error("Unable to determine the architecture of the provided object file. This is a config file limitation and not a sleigh limitation.")]

src/config/object.rs

@@ -10,15 +10,28 @@ use object::{File, Object};
 use crate::config::error::CrackersConfigError;
 use crate::config::error::CrackersConfigError::UnrecognizedArchitecture;
 use crate::config::sleigh::SleighConfig;
+use crate::gadget::library::image::SegmentFile;
 
-fn load_image<T: AsRef<Path>>(path: T) -> Result<(OwnedFile, &'static str), CrackersConfigError> {
+fn load_image<T: AsRef<Path>>(path: T) -> Result<(SegmentFile, &'static str), CrackersConfigError> {
     let data = fs::read(path.as_ref())?;
     let file = File::parse(&*data)?;
     let arch = map_gimli_architecture(&file).ok_or(UnrecognizedArchitecture(format!(
         "{:?}",
         file.architecture()
     )))?;
-    let img = OwnedFile::new(&file)?;
+    let img = SegmentFile::new(&file).map_err(|_| CrackersConfigError::LibraryParse)?;
+    Ok((img, arch))
+}
+
+/// gross hack
+fn load_image_spec<T: AsRef<Path>>(path: T) -> Result<(OwnedFile, &'static str), CrackersConfigError> {
+    let data = fs::read(path.as_ref())?;
+    let file = File::parse(&*data)?;
+    let arch = map_gimli_architecture(&file).ok_or(UnrecognizedArchitecture(format!(
+        "{:?}",
+        file.architecture()
+    )))?;
+    let img = OwnedFile::new(&file).map_err(|_| CrackersConfigError::LibraryParse)?;
     Ok((img, arch))
 }
 
@@ -32,3 +45,14 @@ pub fn load_sleigh<T: AsRef<Path>>(
     let ctx = ctx.initialize_with_image(img)?;
     Ok(ctx)
 }
+
+pub fn load_sleigh_spec<T: AsRef<Path>>(
+    file_path: T,
+    sleigh_config: &SleighConfig,
+) -> Result<LoadedSleighContext, CrackersConfigError> {
+    let (img, arch) = load_image_spec(file_path)?;
+    let builder = sleigh_config.context_builder()?;
+    let ctx = builder.build(arch)?;
+    let ctx = ctx.initialize_with_image(img)?;
+    Ok(ctx)
+}

src/config/specification.rs

@@ -7,7 +7,7 @@ use serde::{Deserialize, Serialize};
 
 use crate::config::error::CrackersConfigError;
 use crate::config::error::CrackersConfigError::{SpecMissingStartSymbol, SpecMissingTextSection};
-use crate::config::object::load_sleigh;
+use crate::config::object::load_sleigh_spec;
 use crate::config::sleigh::SleighConfig;
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -21,7 +21,7 @@ impl SpecificationConfig {
         &self,
         sleigh_config: &'a SleighConfig,
     ) -> Result<LoadedSleighContext<'a>, CrackersConfigError> {
-        load_sleigh(&self.path, sleigh_config)
+        load_sleigh_spec(&self.path, sleigh_config)
     }
 
     pub fn get_spec(

src/gadget/library/image.rs

@@ -0,0 +1,125 @@
+use crate::error::CrackersError;
+use jingle::sleigh::context::image::{ImageProvider, ImageSection, ImageSectionIterator, Perms};
+use jingle::sleigh::JingleSleighError::ImageLoadError;
+use jingle::sleigh::VarNode;
+use jingle::JingleError::Sleigh;
+use object::elf::{PF_R, PF_W, PF_X};
+use object::macho::{VM_PROT_EXECUTE, VM_PROT_READ, VM_PROT_WRITE};
+use object::pe::{IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE};
+use object::{File, Object, ObjectSegment, Segment, SegmentFlags};
+use std::cmp::{max, min};
+
+#[derive(Debug, PartialEq, Eq)]
+pub struct ImageSegment {
+    data: Vec<u8>,
+    perms: Perms,
+    base_address: usize,
+}
+
+impl<'a> From<&'a ImageSegment> for ImageSection<'a> {
+    fn from(value: &'a ImageSegment) -> Self {
+        ImageSection {
+            data: value.data.as_slice(),
+            perms: value.perms.clone(),
+            base_address: value.base_address,
+        }
+    }
+}
+
+impl TryFrom<Segment<'_, '_>> for ImageSegment {
+    type Error = CrackersError;
+
+    fn try_from(value: Segment) -> Result<Self, Self::Error> {
+        let data = value
+            .data()
+            .map_err(|_| CrackersError::Jingle(Sleigh(ImageLoadError)))?
+            .to_vec();
+        Ok(ImageSegment {
+            data,
+            perms: map_seg_flags(&value.flags())?,
+            base_address: value.address() as usize,
+        })
+    }
+}
+
+/// todo: this should go in jingle
+fn map_seg_flags(p0: &SegmentFlags) -> Result<Perms, CrackersError> {
+    match p0 {
+        SegmentFlags::None => Ok(Perms::RWX),
+        SegmentFlags::Elf { p_flags } => Ok(Perms {
+            read: p_flags & PF_R != 0,
+            write: p_flags & PF_W != 0,
+            exec: p_flags & PF_X != 0,
+        }),
+        SegmentFlags::MachO { maxprot, .. } => Ok(Perms {
+            read: maxprot & VM_PROT_READ != 0,
+            write: maxprot & VM_PROT_WRITE != 0,
+            exec: maxprot & VM_PROT_EXECUTE != 0,
+        }),
+        SegmentFlags::Coff { characteristics } => Ok(Perms {
+            read: characteristics & IMAGE_SCN_MEM_READ != 0,
+            write: characteristics & IMAGE_SCN_MEM_WRITE != 0,
+            exec: characteristics & IMAGE_SCN_MEM_EXECUTE != 0,
+        }),
+        _ => Err(CrackersError::Jingle(Sleigh(ImageLoadError))),
+    }
+}
+
+/// A gross hack because we want to process the entire executable segment, rather
+/// than the portion that is marked executable for the linker
+pub struct SegmentFile {
+    segments: Vec<ImageSegment>,
+}
+
+impl SegmentFile {
+    pub fn new(file: &File) -> Result<Self, CrackersError> {
+        let mut segments = vec![];
+        for x in file
+            .segments()
+            .filter(|f| map_seg_flags(&f.flags()).map(|f| f.exec).unwrap_or(false))
+        {
+            segments.push(x.try_into()?);
+        }
+        Ok(Self { segments })
+    }
+}
+
+impl ImageProvider for SegmentFile {
+    fn load(&self, vn: &VarNode, output: &mut [u8]) -> usize {
+        let mut written = 0;
+        output.fill(0);
+        let output_start_addr = vn.offset as usize;
+        let output_end_addr = output_start_addr + vn.size;
+        if let Some(x) = self.get_section_info().find(|s| {
+            output_start_addr >= s.base_address
+                && output_start_addr < (s.base_address + s.data.len())
+        }) {
+            let input_start_addr = x.base_address;
+            let input_end_addr = input_start_addr + x.data.len();
+            let start_addr = max(input_start_addr, output_start_addr);
+            let end_addr = max(min(input_end_addr, output_end_addr), start_addr);
+            if end_addr > start_addr {
+                let i_s = start_addr - x.base_address;
+                let i_e = end_addr - x.base_address;
+                let o_s = start_addr - vn.offset as usize;
+                let o_e = end_addr - vn.offset as usize;
+                let out_slice = &mut output[o_s..o_e];
+                let in_slice = &x.data[i_s..i_e];
+                out_slice.copy_from_slice(in_slice);
+                written += end_addr - start_addr;
+            }
+        }
+        written
+    }
+
+    fn has_full_range(&self, vn: &VarNode) -> bool {
+        self.get_section_info().any(|s| {
+            s.base_address <= vn.offset as usize
+                && (s.base_address + s.data.len()) >= (vn.offset as usize + vn.size)
+        })
+    }
+
+    fn get_section_info(&self) -> ImageSectionIterator {
+        ImageSectionIterator::new(self.segments.iter().map(ImageSection::from))
+    }
+}

src/gadget/library/mod.rs

@@ -14,6 +14,7 @@ use crate::gadget::library::builder::GadgetLibraryParams;
 use crate::gadget::Gadget;
 
 pub mod builder;
+pub mod image;
 
 #[derive(Clone, Debug)]
 pub struct GadgetLibrary {