Uso del motor de desmontaje de Linux Udis86

Los dos primeros artículos hablaron sobre capstone / beaengine, esta sección usa el clásico udis86 juntos;

github: https: //github.com/vmt/udis86

0x01: Comparado con los dos anteriores, udis86 es relativamente simple de usar. Los documentos de uso son los siguientes:

Getting Started
===============

Building and Installing udis86
------------------------------
udis86 is developed for unix-like environments, and like most software,
the basic steps towards building and installing it are as follows.

.. code::

    $ ./configure
    $ make
    $ make install

Depending on your choice of install location, you may need to have root
privileges to do an install. The install scripts copy the necessary header
and library files to appropriate locations in your system.

Interfacing with libudis86: A Quick Example
-------------------------------------------
The following is an example of a program that interfaces with libudis86
and uses the API to generate assembly language output for 64-bit code,
input from STDIN.

.. code-block:: c

    #include <stdio.h>
    #include <udis86.h>

    int main()
    {
    
    
        ud_t ud_obj;

        ud_init(&ud_obj);
        ud_set_input_file(&ud_obj, stdin);
        ud_set_mode(&ud_obj, 64);
        ud_set_syntax(&ud_obj, UD_SYN_INTEL);

        while (ud_disassemble(&ud_obj)) {
    
    
            printf("\t%s\n", ud_insn_asm(&ud_obj));
        }

        return 0;
    }

To compile the program (using gcc):

.. code::

    $ gcc -ludis86 example.c -o example

This example should give you an idea of how this library can be used. The
following sections describe, in detail, the complete API of libudis86.

0x02: Luego siga este paso, la clave es que encontrará que no hay ningún archivo de configuración en la carpeta maestra, luego mire el README, primero configure el entorno de compilación;

Autotools Build
---------------

You need autotools if building from sources cloned form version control
system, or if you need to regenerate the build system. The wrapper
script 'autogen.sh' is provided that'll generate the build system.

//执行 ./autogen.sh报错 --> 原因是没有安装autoreconf
curits@curits-virtual-machine:~ /Desktop/udis86-master$ sudo ./autogen.sh 
./autogen.sh: line 4: autoreconf: command not found
autogen: autoreconf -i failed.
//安装
curits@curits-virtual-machine:~/Desktop/udis86-master$  sudo apt-get install autoconf automake libtool
//然后再执行./autogen.sh --> 生成build环境
curits@curits-virtual-machine:~/Desktop/udis86-master$ ./autogen.sh 
autoreconf: Entering directory `.'
autoreconf: configure.ac: not using Gettext
autoreconf: running: aclocal --force -I build/m4
autoreconf: configure.ac: tracing
autoreconf: running: libtoolize --copy --force
libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build'.
libtoolize: copying file 'build/ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'build/m4'.
libtoolize: copying file 'build/m4/libtool.m4'
libtoolize: copying file 'build/m4/ltoptions.m4'
libtoolize: copying file 'build/m4/ltsugar.m4'
libtoolize: copying file 'build/m4/ltversion.m4'
libtoolize: copying file 'build/m4/lt~obsolete.m4'
autoreconf: running: /usr/bin/autoconf --force
autoreconf: running: /usr/bin/autoheader --force
autoreconf: running: automake --add-missing --copy --force-missing
configure.ac:43: installing 'build/compile'
configure.ac:24: installing 'build/config.guess'
configure.ac:24: installing 'build/config.sub'
configure.ac:34: installing 'build/install-sh'
configure.ac:34: installing 'build/missing'
libudis86/Makefile.am: installing 'build/depcomp'
autoreconf: Leaving directory `.'
//接下来就是三板斧 ./configure --> make --> sudo make install （安装时使用root权限）

Luego copie el código del ejemplo, compílelo de acuerdo con el método dado y notifique un error No está claro por qué la compilación no es exitosa;

curits@curits-virtual-machine:~/Desktop/udis86-master$ g++ -ludis86 example.c -o example
/tmp/ccXcpvEg.o: In function `main':
example.c:(.text+0x25): undefined reference to `ud_init'
example.c:(.text+0x3e): undefined reference to `ud_set_input_file'
example.c:(.text+0x52): undefined reference to `ud_set_mode'
example.c:(.text+0x60): undefined reference to `ud_translate_intel'
example.c:(.text+0x6b): undefined reference to `ud_set_syntax'
example.c:(.text+0x7a): undefined reference to `ud_disassemble'
example.c:(.text+0x92): undefined reference to `ud_insn_asm'
collect2: error: ld returned 1 exit status

Solución: como puede verse en la información de impresión de make install, la biblioteca dinámica compilada se copia en / user / local / lib;

curits@curits-virtual-machine:/usr/local/lib$ ls
libudis86.la  libudis86.so  libudis86.so.0  libudis86.so.0.0.0  python2.7  python3.6

Simplemente copie la carpeta example.c directamente en el directorio actual y use directamente la biblioteca dinámica libudis86.so compilada;

//成功编译出二进制文件、
curits@curits-virtual-machine:/usr/local/lib$ export LD_LIBRARY_PATH=./
curits@curits-virtual-machine:/usr/local/lib$ sudo g++ -o example example.c libudis86.so
curits@curits-virtual-machine:/usr/local/lib$ ls
example  example.c  libudis86.la  libudis86.so  libudis86.so.0  libudis86.so.0.0.0  python2.7  python3.6
//执行example，从stdin中输入opencode
curits@curits-virtual-machine:/usr/local/lib$ ./example 
65 67 89 87 76 65 54 56 78 89 09 00 90
	sub eax, 0x35360a78
	and [rsi], dh
	invalid
	and [rax], bh
	cmp [rax], esp
	cmp [rdi], dh
	and [rdi], dh
	and [ss:rsi], dh
	xor eax, 0x20343520
	xor eax, 0x38372036
	and [rax], bh
	cmp [rax], esp
	xor [rcx], bh
	and [rax], dh
	xor [rax], ah
	cmp [rax], esi

Aunque se genera el código de desmontaje, el resultado es problemático. Para problemas específicos, hay que estudiar el código fuente;
consulte la API correspondiente en el sitio web oficial: http://udis86.sourceforge.net/manual/libudis86.html#setup-input

//对input函数 ud_set_input_file的相关说明
void ud_set_input_file(ud_t*, FILE* filep)
Sets the input source to a file pointed to by a given standard library FILE pointer. Note that libudis86 does not perform any checks, and assumes that the file pointer is properly initialized and open for reading.
//example代码初始化
ud_set_input_file(&ud_obj, stdin);

Modifique el código example.c para pasar un puntero de archivo a ud_set_input_file ():

#include <stdio.h>
#include <udis86.h>

#define FILENAME "/home/curits/Desktop/ins.txt"

int main()
{
    
    
    ud_t ud_obj;
    FILE * filep;

    filep = fopen( FILENAME, "rb+");

    if(!filep)
    {
    
    
            printf("Can not open file\n");
            return 0;
    }

    ud_init(&ud_obj);
  //  ud_set_input_file(&ud_obj, stdin);
    ud_set_input_file(&ud_obj, filep);
    ud_set_mode(&ud_obj, 64);
    ud_set_syntax(&ud_obj, UD_SYN_INTEL);

    while (ud_disassemble(&ud_obj)) {
    
    
        printf("\t%s\n", ud_insn_asm(&ud_obj));
    }

    fclose(filep);

    return 0;
}

Compilar y ejecutar:

//成功将ins.txt文件反汇编
curits@curits-virtual-machine:/usr/local/lib$ ./example 
	nop [rax+rax]
	push rbp
	mov rbp, rsp
	pop rbp
	ret
	nop [rax+rax]
//与intel-xed反汇编比较
curits@curits-virtual-machine:~/Desktop/xed-master/obj/wkit/bin$ ./xed -ir /home/curits/Desktop/ins.txt -64
XDIS 0: WIDENOP   BASE       0F1F440000               nop dword ptr [rax+rax*1], eax
XDIS 5: PUSH      BASE       55                       push rbp
XDIS 6: DATAXFER  BASE       4889E5                   mov rbp, rsp
XDIS 9: POP       BASE       5D                       pop rbp
XDIS a: RET       BASE       C3                       ret 
XDIS b: WIDENOP   BASE       0F1F440000               nop dword ptr [rax+rax*1], eax
# end of text section.
# Errors: 0
#XED3 DECODE STATS
#Total DECODE cycles:        1071003
#Total instructions DECODE: 6
#Total tail DECODE cycles:        1071003
#Total tail instructions DECODE: 6
#Total cycles/instruction DECODE: 178500.50
#Total tail cycles/instruction DECODE: 178500.50

Se pueden desarrollar más funciones en base a esto;