Added ability to load rip-relative addresses as C Strings

Author: Dan Harel

app.py

@@ -253,6 +253,12 @@ def get_reg_contents():
     address = int(request.args['address'])
     return jsonify(executable.ex.get_function_reg_contents(address))
 
+# expects {"file_offset": <int>}
+@app.route('/get_data_as_cstring', methods=["GET"])
+def get_data_as_cstring():
+    file_offset = int(request.args['file_offset'])
+    return executable.ex.get_data_as_cstring(file_offset)
+
 # debug=True auto reloads whenever server code changes
 app.run(debug=True)
 

executable.py

@@ -64,6 +64,8 @@ def get_all_functions(self):
     def get_symbol_by_addr(self, addr):
         self.raise_not_implemented()
 
+    def get_data_as_cstring(self, file_offset):
+        self.raise_not_implemented()
 
 """
 ELF executable
@@ -423,6 +425,21 @@ def get_sub_symbol_by_offset(self, symbol_name, offset, instr_addr):
             offset,
             instr_addr)
 
+    def get_data_as_cstring(self, file_offset):
+        cstring = ""
+        index = 0
+        curr_byte = self.get_bytes(file_offset, 1)
+        while curr_byte != '\x00':
+            cstring += curr_byte
+            index += 1
+            if index > 128:
+                break
+            curr_byte = self.get_bytes(file_offset + index, 1)
+        print repr(cstring)
+        print index
+        return repr(cstring)
+
+
 """
 Mach-o executable
 """

static/js/disassemble.js

@@ -18,6 +18,7 @@
 var URL_DIE_INFO = "/get_die_info";
 var URL_FUNCTION_ASSEMBLY = '/get_function_assembly';
 var URL_REG_CONTENTS = '/get_reg_contents';
+var URL_GET_CSTRING = '/get_data_as_cstring';
 
 // enums for register tracking/highlighting
 var READS_REG = 0;
@@ -75,15 +76,37 @@ $(function() {
                 name: "Referenced Value (ASCII)",
                 callback: function(key, opt) {
                   ripCallback(key, opt, '.rip-value-ascii');
-
                 }
             },
             value_hex: {
-              name: "References Value (Hex)",
+              name: "Referenced Value (Hex)",
               callback: function(key, opt) {
                 ripCallback(key, opt, '.rip-value-hex');
               }
             },
+            cstring: {
+              name: "Referenced Value (cString)",
+              callback: function(key, opt) {
+                $(opt.$trigger.context).find('rip-value-cstring').html("Loading...");
+                ripCallback(key, opt, '.rip-value-cstring');
+                var cString;
+                $.get(
+                  URL_GET_CSTRING, 
+                  {file_offset: parseInt(opt.$trigger.context.getAttribute('value'))}
+                )
+                .done(function(data) {
+                  cString = data;
+                })
+                .fail(function() {
+                  cString = "Unable to get cString from this value";
+                  console.log("Failed");
+                })
+                .always(function() {
+                  console.log(cString);
+                  $(opt.$trigger.context).find('.rip-value-cstring')[0].innerHTML = cString;
+                });
+              }
+            },
             symbol: {
               name: "Symbol",
               callback: function(key, opt) {
@@ -159,11 +182,12 @@ function get_function_assembly() {
       var _op_str = i.op_str;
       if (i['rip']) {
         var replacementStr =  "";
-        replacementStr += '<span class="rip">[';
+        replacementStr += '<span class="rip" value="' + i['rip-resolved'] + '">[';
         replacementStr += '<span class="rip-default">rip + ' + i['rip-offset'] + '</span>';
         replacementStr += '<span class="rip-resolved" hidden>' + i['rip-resolved'] + '</span>';
         replacementStr += '<span class="rip-value-ascii" hidden>"' + i['rip-value-ascii'] + '"</span>';
         replacementStr += '<span class="rip-value-hex" hidden>' + i['rip-value-hex'] + '</span>';
+        replacementStr += '<span class="rip-value-cstring" hidden></span>';
         replacementStr += ']</span>';
         i.op_str = i.op_str.replace(/\[.*\]/, replacementStr);
       }

static/js/number_conversion.js

@@ -69,15 +69,9 @@ $(function() {
             unsignedDec64: {
                 name: "64-bit Unsigned Decimal"
             },
-            unsignedDec128: {
-                name: "128-bit Unsigned Decimal"
-            },
             twosCompDec64: {
                 name: "64-bit Signed 2's Complement Decimal"
             },
-            twosCompDec128: {
-                name: "128-bit Signed 2's Complement Decimal"
-            },
             binary: {
                 name: "Binary"
             },
@@ -115,15 +109,9 @@ function getConvertedVal(startVal, base, key) {
         case "unsignedDec64":
             binString = unsignedDecToBin(startVal, 64);
             break;
-        case "unsignedDec128":
-            binString = unsignedDecToBin(startVal, 128);
-            break;
         case "twosCompDec64":
             binString = signedDecToBin(startVal, 64);
             break;
-        case "twosCompDec128":
-            binString = signedDecToBin(startVal, 128);
-            break;
         case "binary":
             binString = startVal;
             break;
@@ -142,15 +130,9 @@ function getConvertedVal(startVal, base, key) {
         case "unsignedDec64":
             newVal = binToUnsignedDec(binString, 64);
             break;
-        case "unsignedDec128":
-            newVal = binToUnsignedDec(binString, 128);
-            break;
         case "twosCompDec64":
             newVal = binToSignedDec(binString, 64);
             break;
-        case "twosCompDec128":
-            newVal = binToSignedDec(binString, 128);
-            break;
         case "binary":
             newVal = binString;
             break;