From 565b6c3363766daea7489c7ef3ad25d0d8455f25 Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Tue, 27 Sep 2016 07:39:51 -0700 Subject: [PATCH 1/6] fix typo, style Signed-off-by: Satoshi Tanda --- COMPILE_MSVC.TXT | 2 +- HACK.TXT | 2 +- contrib/cs_driver/cs_driver/cs_driver.c | 4 ++-- docs/README | 2 +- include/capstone/x86.h | 8 ++++---- tests/test_winkernel.cpp | 5 +++-- windows/winkernel_mm.c | 15 ++++++++------- windows/winkernel_mm.h | 1 + 8 files changed, 21 insertions(+), 18 deletions(-) diff --git a/COMPILE_MSVC.TXT b/COMPILE_MSVC.TXT index 31748be7..24705ed3 100644 --- a/COMPILE_MSVC.TXT +++ b/COMPILE_MSVC.TXT @@ -27,7 +27,7 @@ versions, and Windows Driver Kit 8.1 Update 1 or newer versions are required. next steps. In VisualStudio interface, modify the preprocessor definitions via - "Project Properties" -> "Configuration Propertis" -> "C/C++" -> "Preprocessor" + "Project Properties" -> "Configuration Properties" -> "C/C++" -> "Preprocessor" to customize Capstone library, as followings. - CAPSTONE_HAS_ARM: support ARM. Delete this to remove ARM support. diff --git a/HACK.TXT b/HACK.TXT index 19099bbc..8651410c 100644 --- a/HACK.TXT +++ b/HACK.TXT @@ -36,7 +36,7 @@ the code and try to recompile/reinstall again. This can be done with: $ sudo ./make.sh install At the same time, for Java/Ocaml/Python bindings, be sure to always use -the bindings coming with the core to avoid potential incompatility issue +the bindings coming with the core to avoid potential incompatibility issue with older versions. See bindings//README for detail instructions on how to compile & install the bindings. diff --git a/contrib/cs_driver/cs_driver/cs_driver.c b/contrib/cs_driver/cs_driver/cs_driver.c index 11a129f3..99a1f12f 100644 --- a/contrib/cs_driver/cs_driver/cs_driver.c +++ b/contrib/cs_driver/cs_driver/cs_driver.c @@ -56,14 +56,14 @@ static NTSTATUS cs_driver_hello() { // On a 32bit driver, KeSaveFloatingPointState() is required before using any // Capstone function because Capstone can access to the MMX/x87 registers and // 32bit Windows requires drivers to use KeSaveFloatingPointState() before and - // KeRestoreFloatingPointState() after accesing to them. See "Using Floating + // KeRestoreFloatingPointState() after accessing them. See "Using Floating // Point or MMX in a WDM Driver" on MSDN for more details. status = KeSaveFloatingPointState(&float_save); if (!NT_SUCCESS(status)) { return status; } - // Do stuff just like user-mode. All functionalites are supported. + // Do stuff just like user-mode. All functionalities are supported. if (cs_open(CS_ARCH_X86, (sizeof(void *) == 4) ? CS_MODE_32 : CS_MODE_64, &handle) != CS_ERR_OK) { goto exit; diff --git a/docs/README b/docs/README index 0865cca8..15bbeb3c 100644 --- a/docs/README +++ b/docs/README @@ -1,4 +1,4 @@ -Documention of Capstone disassembly framework. +Documentation of Capstone disassembly framework. * Switching to 2.1 engine. diff --git a/include/capstone/x86.h b/include/capstone/x86.h index adf8fa3c..d31ceee0 100644 --- a/include/capstone/x86.h +++ b/include/capstone/x86.h @@ -269,15 +269,15 @@ typedef struct cs_x86 { // prefix[3] indicates address-size override (X86_PREFIX_ADDRSIZE) uint8_t prefix[4]; - // Instruction opcode, wich can be from 1 to 4 bytes in size. + // Instruction opcode, which can be from 1 to 4 bytes in size. // This contains VEX opcode as well. // An trailing opcode byte gets value 0 when irrelevant. uint8_t opcode[4]; - // REX prefix: only a non-zero value is relavant for x86_64 + // REX prefix: only a non-zero value is relevant for x86_64 uint8_t rex; - // Address size, which can be overrided with above prefix[5]. + // Address size, which can be overridden with above prefix[5]. uint8_t addr_size; // ModR/M byte @@ -292,7 +292,7 @@ typedef struct cs_x86 { /* SIB state */ // SIB index register, or X86_REG_INVALID when irrelevant. x86_reg sib_index; - // SIB scale. only applicable if sib_index is relavant. + // SIB scale. only applicable if sib_index is relevant. int8_t sib_scale; // SIB base register, or X86_REG_INVALID when irrelevant. x86_reg sib_base; diff --git a/tests/test_winkernel.cpp b/tests/test_winkernel.cpp index dade7795..6413b1a2 100644 --- a/tests/test_winkernel.cpp +++ b/tests/test_winkernel.cpp @@ -1,5 +1,6 @@ /* Capstone Disassembly Engine */ /* By Satoshi Tanda , 2016 */ + #include #include @@ -21,7 +22,7 @@ EXTERN_C DRIVER_INITIALIZE DriverEntry; #pragma warning(disable : 4005) // 'identifier' : macro redefinition #pragma warning(disable : 4007) // 'main': must be '__cdecl' -// Drivers must protect floating point hardware state. See use of float simm: +// Drivers must protect floating point hardware state. See use of float. // Use KeSaveFloatingPointState/KeRestoreFloatingPointState around floating // point operations. Display Drivers should use the corresponding Eng... routines. #pragma warning(disable : 28110) // Suppress this, as it is false positive. @@ -103,7 +104,7 @@ static void test() // On a 32bit driver, KeSaveFloatingPointState() is required before using any // Capstone function because Capstone can access to the MMX/x87 registers and // 32bit Windows requires drivers to use KeSaveFloatingPointState() before and - // KeRestoreFloatingPointState() after accesing to them. See "Using Floating + // KeRestoreFloatingPointState() after accessing them. See "Using Floating // Point or MMX in a WDM Driver" on MSDN for more details. status = KeSaveFloatingPointState(&float_save); if (!NT_SUCCESS(status)) { diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c index 2a378664..6052be28 100644 --- a/windows/winkernel_mm.c +++ b/windows/winkernel_mm.c @@ -1,5 +1,6 @@ /* Capstone Disassembly Engine */ /* By Satoshi Tanda , 2016 */ + #include "winkernel_mm.h" #include @@ -77,27 +78,27 @@ void * CAPSTONE_API cs_winkernel_realloc(void *ptr, size_t size) return new_ptr; } -// vsnprintf(). _vsnprintf() is avaialable for drivers, but it differs from -// vsnprintf() in a return value and when a null-terminater is set. +// vsnprintf(). _vsnprintf() is available for drivers, but it differs from +// vsnprintf() in a return value and when a null-terminator is set. // cs_winkernel_vsnprintf() takes care of those differences. #pragma warning(push) -#pragma warning(disable : 28719) // Banned API Usage : _vsnprintf is a Banned -// API as listed in dontuse.h for security -// purposes. +// Banned API Usage : _vsnprintf is a Banned API as listed in dontuse.h for +// security purposes. +#pragma warning(disable : 28719) int CAPSTONE_API cs_winkernel_vsnprintf(char *buffer, size_t count, const char *format, va_list argptr) { int result = _vsnprintf(buffer, count, format, argptr); // _vsnprintf() returns -1 when a string is truncated, and returns "count" // when an entire string is stored but without '\0' at the end of "buffer". - // In both cases, null-terminater needs to be added manually. + // In both cases, null-terminator needs to be added manually. if (result == -1 || (size_t)result == count) { buffer[count - 1] = '\0'; } if (result == -1) { // In case when -1 is returned, the function has to get and return a number - // of characters that would have been written. This attempts so by re-tring + // of characters that would have been written. This attempts so by retrying // the same conversion with temp buffer that is most likely big enough to // complete formatting and get a number of characters that would have been // written. diff --git a/windows/winkernel_mm.h b/windows/winkernel_mm.h index 2df3bfd1..ed743f3e 100644 --- a/windows/winkernel_mm.h +++ b/windows/winkernel_mm.h @@ -1,5 +1,6 @@ /* Capstone Disassembly Engine */ /* By Satoshi Tanda , 2016 */ + #ifndef CS_WINDOWS_WINKERNEL_MM_H #define CS_WINDOWS_WINKERNEL_MM_H From 777f0d30a6fa538456400c894c7e60347dbb7a48 Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Tue, 27 Sep 2016 08:05:06 -0700 Subject: [PATCH 2/6] ignore MSVC project upgrade files Signed-off-by: Satoshi Tanda --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index d0bb91ce..26b340a3 100644 --- a/.gitignore +++ b/.gitignore @@ -77,6 +77,7 @@ _* packages/freebsd/ports/devel/capstone/distinfo # VisualStudio +ProjectUpgradeLog.log Debug/ Release/ ipch/ @@ -84,6 +85,7 @@ ipch/ *.opensdf *.suo *.user +*.backup *.VC.db *.VC.opendb From 2df9a8eab77cb651250632308de52149c2a0ab3d Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Tue, 27 Sep 2016 08:08:58 -0700 Subject: [PATCH 3/6] suppress MSVC code analysis (PREfast) warnings Signed-off-by: Satoshi Tanda --- arch/AArch64/AArch64BaseInfo.c | 3 ++- arch/Sparc/SparcInstPrinter.c | 4 ++++ arch/XCore/XCoreInstPrinter.c | 13 +++++-------- cs.c | 3 ++- windows/winkernel_mm.c | 2 ++ 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/arch/AArch64/AArch64BaseInfo.c b/arch/AArch64/AArch64BaseInfo.c index 26eb786a..5afb9249 100644 --- a/arch/AArch64/AArch64BaseInfo.c +++ b/arch/AArch64/AArch64BaseInfo.c @@ -17,7 +17,8 @@ #ifdef CAPSTONE_HAS_ARM64 #if defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64) -#pragma warning(disable:4996) +#pragma warning(disable:4996) // disable MSVC's warning on strcpy() +#pragma warning(disable:28719) // disable MSVC's warning on strcpy() #endif #include "../../utils.h" diff --git a/arch/Sparc/SparcInstPrinter.c b/arch/Sparc/SparcInstPrinter.c index c5f1e2c2..ff92c04f 100644 --- a/arch/Sparc/SparcInstPrinter.c +++ b/arch/Sparc/SparcInstPrinter.c @@ -20,6 +20,10 @@ #define _CRT_SECURE_NO_WARNINGS #endif +#if defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64) +#pragma warning(disable:28719) // disable MSVC's warning on strncpy() +#endif + #include #include #include diff --git a/arch/XCore/XCoreInstPrinter.c b/arch/XCore/XCoreInstPrinter.c index c050c581..c9aec945 100644 --- a/arch/XCore/XCoreInstPrinter.c +++ b/arch/XCore/XCoreInstPrinter.c @@ -16,6 +16,11 @@ #ifdef CAPSTONE_HAS_XCORE +#if defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64) +#pragma warning(disable : 4996) // disable MSVC's warning on strcpy() +#pragma warning(disable : 28719) // disable MSVC's warning on strcpy() +#endif + #include #include #include @@ -46,15 +51,7 @@ void XCore_insn_extract(MCInst *MI, const char *code) char *p, *p2; char tmp[128]; -// make MSVC shut up on strcpy() -#ifdef _MSC_VER -#pragma warning(push) -#pragma warning(disable : 4996) -#endif strcpy(tmp, code); // safe because code is way shorter than 128 bytes -#ifdef _MSC_VER -#pragma warning(pop) -#endif // find the first space p = strchr(tmp, ' '); diff --git a/cs.c b/cs.c index c3becd8c..30839051 100644 --- a/cs.c +++ b/cs.c @@ -1,7 +1,8 @@ /* Capstone Disassembly Engine */ /* By Nguyen Anh Quynh , 2013-2015 */ #if defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64) -#pragma warning(disable:4996) +#pragma warning(disable:4996) // disable MSVC's warning on strcpy() +#pragma warning(disable:28719) // disable MSVC's warning on strcpy() #endif #if defined(CAPSTONE_HAS_OSXKERNEL) #include diff --git a/windows/winkernel_mm.c b/windows/winkernel_mm.c index 6052be28..c127da3a 100644 --- a/windows/winkernel_mm.c +++ b/windows/winkernel_mm.c @@ -31,6 +31,8 @@ void * CAPSTONE_API cs_winkernel_malloc(size_t size) // in many cases, indicate a potential validation issue in the calling code. NT_ASSERT(size); + // FP; a use of NonPagedPool is required for Windows 7 support +#pragma prefast(suppress : 30030) // Allocating executable POOL_TYPE memory CS_WINKERNEL_MEMBLOCK *block = (CS_WINKERNEL_MEMBLOCK *)ExAllocatePoolWithTag( NonPagedPool, size + sizeof(CS_WINKERNEL_MEMBLOCK), CS_WINKERNEL_POOL_TAG); if (!block) { From 3730e2010e3971ecf9f10c97a2ebd7f37b6ece80 Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Wed, 28 Sep 2016 07:59:25 -0700 Subject: [PATCH 4/6] suppress MSVC code analysis (PREfast) warnings for m68k Signed-off-by: Satoshi Tanda --- arch/M68K/M68KInstPrinter.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/M68K/M68KInstPrinter.c b/arch/M68K/M68KInstPrinter.c index 9ad32872..b2f7a87b 100644 --- a/arch/M68K/M68KInstPrinter.c +++ b/arch/M68K/M68KInstPrinter.c @@ -6,6 +6,10 @@ #ifndef _CRT_SECURE_NO_WARNINGS #define _CRT_SECURE_NO_WARNINGS #endif + +//Banned API Usage : strcat / sprintf is a Banned API as listed in dontuse.h for +//security purposes. +#pragma warning(disable:28719) #endif #include // DEBUG From bc954d0ac749b07e2cd03c2ebd6d79d1a8c10271 Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Wed, 28 Sep 2016 08:00:22 -0700 Subject: [PATCH 5/6] fix compile error with capstone_static_winkernel The MSVC project capstone_static_winkernel uses __stdcall as a default calling convention to fit with environment for Windows driver development. This leads to a compile error in a use of qsort() with regs_cmp() since it is compiled as a __stdcall function while qsort() expects a __cdelc function. This fix adds explicit calling convention to regs_cmp() for MSVC. Signed-off-by: Satoshi Tanda --- arch/X86/X86Mapping.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/X86/X86Mapping.c b/arch/X86/X86Mapping.c index fa966139..9e2de505 100644 --- a/arch/X86/X86Mapping.c +++ b/arch/X86/X86Mapping.c @@ -2923,7 +2923,7 @@ static struct insn_reg2 insn_regs_intel2[] = { static struct insn_reg insn_regs_intel_sorted [ARR_SIZE(insn_regs_intel)]; -static int regs_cmp(const void *a, const void *b) +static int CAPSTONE_API regs_cmp(const void *a, const void *b) { uint16_t l = ((struct insn_reg *)a)->insn; uint16_t r = ((struct insn_reg *)b)->insn; From 1f351e827a8e2fbbe22be5c07e81ab5d9dff31ba Mon Sep 17 00:00:00 2001 From: Satoshi Tanda Date: Wed, 28 Sep 2016 17:22:36 -0700 Subject: [PATCH 6/6] add explanation comment for use of CAPSTONE_API Signed-off-by: Satoshi Tanda --- arch/X86/X86Mapping.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/X86/X86Mapping.c b/arch/X86/X86Mapping.c index 9e2de505..1ce5f47f 100644 --- a/arch/X86/X86Mapping.c +++ b/arch/X86/X86Mapping.c @@ -2923,6 +2923,9 @@ static struct insn_reg2 insn_regs_intel2[] = { static struct insn_reg insn_regs_intel_sorted [ARR_SIZE(insn_regs_intel)]; +// Explicitly specified calling convention with CAPSTONE_API so that it is always +// compiled as __cdecl on MSVC and does not cause a compile error even when +// default calling convention is __stdcall (eg. capstone_static_winkernel project) static int CAPSTONE_API regs_cmp(const void *a, const void *b) { uint16_t l = ((struct insn_reg *)a)->insn;