Add support for XCOFF binaries

radareorg / radare2

UNIX-like reverse engineering framework and command-line toolset

https://www.radare.org/

GNU Lesser General Public License v3.0

20.39k stars 2.98k forks source link

Add support for XCOFF binaries #20601

Open trufae opened 2 years ago

trufae commented 2 years ago

riptl commented 2 years ago

Yay. Taking this one

ZzEeKkAa commented 2 years ago

I'm new to radare2, but I've recently discovered that llvm has pretty wide support for different binary formats. XCOFF including, may be will be helpful: https://github.com/llvm/llvm-project/blob/main/llvm/lib/BinaryFormat/XCOFF.cpp

gogo2464 commented 1 year ago

@ZzEeKkAa I can only agree with you. KIt sounds very cool! BUT if you want to launch yourself in this adventure, do not forget to create tests for your own code. at least as many as there are instructions in your architetcture: create a file with name "xcoff" here: https://github.com/radareorg/radare2/tree/master/test/db/asm. AND edit documentation: to r2 blog: https://github.com/radareorg/blog additionally add it to the readme: add it to readme at https://github.com/radareorg/radare2#file-formats

Use 8051 anal architecture plugin as template. The code of this plugin is just almost perfect. Check : https://github.com/radareorg/radare2/blob/master/libr/anal/p/anal_8051.c

For the make file, read https://book.rada.re/plugins/dev-asm.html and https://book.rada.re/plugins/dev-anal.html

These two type of plugin have been merged in anal. Put it all together here.

Good luck.

Let me check for a review please.

gogo2464 commented 1 year ago

I'm new to radare2, but I've recently discovered that llvm has pretty wide support for different binary formats. XCOFF including, may be will be helpful: https://github.com/llvm/llvm-project/blob/main/llvm/lib/BinaryFormat/XCOFF.cpp

yes but r2 does not want to have libraries in his code. Do not import llvm please. Reimplement all instead.

riptl commented 1 year ago

Go is the best resource on this: https://go.dev/src/internal/xcoff/xcoff.go

trufae commented 1 year ago

@terorie can we close this?

trufae commented 10 months ago

Ping @terorie

riptl commented 9 months ago

@trufae No, we still don't have XCOFF(32) support. Only XCOFF64

% build/priv_install_dir/bin/rabin2 -I test/bins/xcoff/gcc-ppc32-aix-dwarf2-exec
binsz    54694
bits     0
canary   false
injprot  false
crypto   false
endian   little
havecode false

XCOFF is an odd middle ground between COFF and XCOFF64. (way weirder than the relationship between ELF32 and ELF64) Probably best to start a new plugin for it.

I'm pretty sure I have some unpublished code for it somewhere on my PC, let me try to dig it up.