radare2 icon indicating copy to clipboard operation
radare2 copied to clipboard

Published 20 hours ago verified publisher icon radareorg

Add support for XCOFF binaries

Open trufae opened this issue 1 year ago • 8 comments

  • https://www.ibm.com/docs/en/aix/7.2?topic=formats-xcoff-object-file-format
  • https://github.com/silentsignal/xcoff-ks
  • https://www.ibm.com/docs/en/ssw_aix_72/filesreference/filesreference_pdf.pdf
  • http://www.oss4aix.org/download/latest/aix72/

trufae avatar Aug 18 '22 10:08 trufae

Yay. Taking this one

riptl avatar Aug 20 '22 07:08 riptl

I'm new to radare2, but I've recently discovered that llvm has pretty wide support for different binary formats. XCOFF including, may be will be helpful: https://github.com/llvm/llvm-project/blob/main/llvm/lib/BinaryFormat/XCOFF.cpp

ZzEeKkAa avatar Aug 24 '22 01:08 ZzEeKkAa

@ZzEeKkAa I can only agree with you. KIt sounds very cool! BUT if you want to launch yourself in this adventure, do not forget to create tests for your own code. at least as many as there are instructions in your architetcture: create a file with name "xcoff" here: https://github.com/radareorg/radare2/tree/master/test/db/asm. AND edit documentation: to r2 blog: https://github.com/radareorg/blog additionally add it to the readme: add it to readme at https://github.com/radareorg/radare2#file-formats

Use 8051 anal architecture plugin as template. The code of this plugin is just almost perfect. Check : https://github.com/radareorg/radare2/blob/master/libr/anal/p/anal_8051.c

For the make file, read https://book.rada.re/plugins/dev-asm.html and https://book.rada.re/plugins/dev-anal.html

These two type of plugin have been merged in anal. Put it all together here.

Good luck.

Let me check for a review please.

gogo2464 avatar Oct 07 '22 20:10 gogo2464

I'm new to radare2, but I've recently discovered that llvm has pretty wide support for different binary formats. XCOFF including, may be will be helpful: https://github.com/llvm/llvm-project/blob/main/llvm/lib/BinaryFormat/XCOFF.cpp

yes but r2 does not want to have libraries in his code. Do not import llvm please. Reimplement all instead.

gogo2464 avatar Oct 07 '22 20:10 gogo2464

Go is the best resource on this: https://go.dev/src/internal/xcoff/xcoff.go

riptl avatar Feb 01 '23 08:02 riptl

@terorie can we close this?

trufae avatar Apr 09 '23 22:04 trufae

Ping @terorie

trufae avatar Oct 28 '23 05:10 trufae

@trufae No, we still don't have XCOFF(32) support. Only XCOFF64

% build/priv_install_dir/bin/rabin2 -I test/bins/xcoff/gcc-ppc32-aix-dwarf2-exec
binsz    54694
bits     0
canary   false
injprot  false
crypto   false
endian   little
havecode false

XCOFF is an odd middle ground between COFF and XCOFF64. (way weirder than the relationship between ELF32 and ELF64) Probably best to start a new plugin for it.

I'm pretty sure I have some unpublished code for it somewhere on my PC, let me try to dig it up.

riptl avatar Nov 26 '23 17:11 riptl