1 {-# LANGUAGE OverloadedStrings #-}
2 {-# LANGUAGE TemplateHaskell, FlexibleInstances #-}
3 {-# LANGUAGE ForeignFunctionInterface #-}
8 import System.Environment hiding (getEnv)
9 import qualified Data.Map as M
10 import qualified Data.ByteString.Lazy as B
16 import qualified JVM.Assembler as J
17 import JVM.Assembler hiding (Instruction)
25 import Foreign.C.Types
28 import Harpy.X86Disassembler
32 foreign import ccall "dynamic"
33 code_void :: FunPtr (CInt -> IO CInt) -> (CInt -> IO CInt)
35 foreign import ccall "getaddr"
38 foreign import ccall "callertrap"
42 $(callDecl "callAsWord32" [t|Word32|])
48 clsFile <- decodeFile clspath
49 let cp = constsPool (clsFile :: Class Pointers)
50 putStrLn "==== constpool: ===="
51 putStrLn $ showListIx $ M.elems cp
52 cf <- parseClassFile clspath
53 putStrLn "==== classfile dump: ===="
55 putStrLn "==== random stuff: ===="
56 let mainmethod = lookupMethod "main" cf -- "main|([Ljava/lang/String;)V" cf
58 Nothing -> putStrLn "no main found"
60 case attrByName main "Code" of
61 Nothing -> putStrLn "no code attr found"
63 putStrLn "woot, running now"
64 allocaArray 26 (\ p -> mapM_ (\ i -> poke (advancePtr p i) 0) [0..25] >> runstuff p bytecode)
65 _ -> error "Synopsis: dump-class File.class"
67 runstuff :: Ptr Int32 -> B.ByteString -> IO ()
68 runstuff env bytecode = do
69 let emittedcode = (compile (fromIntegral getaddr)) $ codeInstructions $ decodeMethod bytecode
70 (_, Right ((entryPtr, endOffset), disasm)) <- runCodeGen emittedcode env ()
71 printf "entry point: 0x%08x\n" ((fromIntegral $ ptrToIntPtr entryPtr) :: Int)
74 let entryFuncPtr = ((castPtrToFunPtr entryPtr) :: FunPtr (CInt -> IO CInt))
76 result <- code_void entryFuncPtr (fromIntegral 0x1337)
77 printf "called code_void\n"
78 let iresult::Int; iresult = fromIntegral result
79 printf "result: 0x%08x\n" iresult -- expecting (2 * 0x1337) + 0x42 = 0x26b0
81 result2 <- code_void entryFuncPtr (fromIntegral (-0x20))
82 let iresult2::Int; iresult2 = fromIntegral result2
83 printf "result: 0x%08x\n" iresult2 -- expecting 0x2
86 -- s/mov ebx 0x6666/mov eax 0x6666/
87 let patchit = plusPtr entryPtr 0xb
88 poke patchit (0xb8 :: Word8)
90 result3 <- code_void entryFuncPtr (fromIntegral 0)
91 let iresult3::Int; iresult3 = fromIntegral result3
92 printf "result: 0x%08x\n" iresult3 -- expecting 0x6666
95 mapM_ (putStrLn . showAtt) disasm
97 printf "patched disasm:\n"
98 Right newdisasm <- disassembleBlock entryPtr endOffset
99 mapM_ (putStrLn . showAtt) $ newdisasm
101 let addr :: Int; addr = (fromIntegral getaddr :: Int)
102 printf "getaddr: 0x%08x\n" addr
107 entryCode :: CodeGen e s ()
108 entryCode = do push ebp
111 exitCode :: CodeGen e s ()
112 exitCode = do mov esp ebp
116 compile :: Word32 -> [J.Instruction] -> CodeGen (Ptr Int32) s ((Ptr Word8, Int), [Instruction])
117 compile trapaddr insn = do
119 mapM compile_ins insn
121 mov ecx (trapaddr :: Word32)
123 -- call trapaddr -- Y U DON'T WORK? (ask mr. gdb for help)
131 compile_ins :: J.Instruction -> CodeGen (Ptr Int32) s ()
132 compile_ins (BIPUSH w8) = do mov eax ((fromIntegral w8) :: Word32)
133 compile_ins (PUTSTATIC w16) = do add eax (Disp 8, ebp) -- add first argument to %eax
134 compile_ins (GETSTATIC w16) = do nop
135 compile_ins ICONST_2 = do mov ebx (0x6666 :: Word32) -- patch me!
136 compile_ins IMUL = do nop
137 -- mov eax (0 :: Word32)
139 compile_ins RETURN = do nop
140 compile_ins _ = do nop