Lib.rs

Data structures
#region #binary #basic #representing #programs #mnemonic #statement

p8n-types

Basic types for representing binary programs

Owned by Kai Michaelis.

2 stable releases

Uses old Rust 2015

2.0.1 Feb 6, 2019
1.0.0 Jan 3, 2019

#1628 in Data structures

LGPL-2.1-or-later

360KB
7K SLoC

Contains (DOS exe, 67KB) tests/data/test.exe, (Mach-o exe, 9KB) tests/data/deadbeef.mach, (ELF exe/lib, 7KB) tests/data/dynamic-32, (Mach-o library, 9KB) tests/data/libbeef.dylib

p8n-types

Basic types for representing binary programs. Part of Panopticon. The documentation is hosted on docs.rs.

Usage

# Cargo.toml
[dependencies]
p8n-types = "2.0.1"

License

This project is licensed under

lib.rs:

A library for disassembling and analysing binary code.

The panopticon crate implements structures to model the in-memory representation of a program including is control flow, call graph and memory maps. The most important types and their interaction are as follows:

Project
├── Region
│   └── Layer
└── Program
    └── Function
        └── BasicBlock
            └── Mnemonic
                └── Statement

The Program, Function, BasicBlock and Statement types model the behaviour of code. The Region and Layer types represent how the program is laid out in memory.

Code

Panopticon models code as a collection of programs. Each Program consists of functions. A Function a graph with nodes representing a sequence of instructions and edges representing jumps. These instruction sequences are BasicBlocks and contain a list of Mnemonics. The meaning of each Mnemonic is described in the [RREIL][1] language. Each mnemonic includes a sequence of Statements implementing it.

Panopticon allows multiple programs per project. For example, imagine a C# application that calls into a native DLL written in C. Such an application would have two program instances. One for the CIL code of the C# part of the application and one for the AMD64 object code inside the DLL.

The Disassembler and CodeGen are used to fill Function structures with Mnemonics.

Data

The in-memory layout of an executable is modeled using the Region, Layer and Cell types. All data is organized into Regions. Each Region is an array of Cells numbered from 0 to n. Each Cell is an is either undefined or has a value between 0 and 255 (both including). Regions are read only. Changing their contents is done by applying Layer instance to them. A Layer reads part of a Region or another Layer and returns a new Cell array. For example, Layer can decrypt parts of a Region or replace individual Cells with new ones.

In normal operation there is one Region for each memory address space, one on Von-Neumann machines two on Harvard architectures. Other uses for Regions are applying functions to Cell array where the result is not equal in size to the input (for example uncompressing parts of the executable image).

Dependencies

~9MB
~155K SLoC