A shell that runs x86_64 assembly
c
x86-64
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

asmsh.h 4.5KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. /**@page asmsh
  2. @brief A shell that runs assembly
  3. @section SYNOPSIS
  4. asmsh [OPTIONS]...
  5. @section DESCRIPTION
  6. A shell designed to run assembly (for the moment only x86_64 is supported).
  7. A simple programm is spawned by the shell, and each instructions are runned in the
  8. subprocess environment.
  9. @section man_ui USER INTERFACE
  10. For the moment, the UI is implemented using GNU readline with basic support for
  11. completion (using tab).
  12. The prompt is composed like "asmsh@RIPVAL > " where RIPVAL is the RIP register (
  13. Instruction Pointer ) value in hexadecimal.
  14. Other readline(3) features are available like up arrow to display previous commands,
  15. C^R for history search, etc.
  16. @section INSTRUCTIONS
  17. The shell uses the GNU as compiler from binutils, the instructions syntax
  18. follows GAS syntax.
  19. For the moment GAS can only be used with the AT&T syntax.
  20. Details on x86 syntax can be found in GAS documentation at
  21. <pre>
  22. [https://sourceware.org/binutils/docs-2.40/as.html#i386_002dSyntax]
  23. </pre>
  24. The list & names of the registers can be found at the same place
  25. <pre>
  26. [https://sourceware.org/binutils/docs-2.40/as.html#i386_002dRegs]
  27. </pre>
  28. The list & documentation of the instructions for the x86_64 platform can be
  29. found in the 1st volume of "AMD64 Architecture Programmer’s Manual", in section
  30. 3.3 Instruction summary
  31. <pre>
  32. [https://www.amd.com/en/support/tech-docs/amd64-architecture-programmers-manual-volumes-1-5]
  33. </pre>
  34. Or in the Intel's equivalent document, namely the
  35. "Intel® 64 and IA-32 Architectures Software Developer’s Manual"
  36. <pre>
  37. [https://cdrdv2-public.intel.com/774494/325462-sdm-vol-1-2abcd-3abcd.pdf]
  38. </pre>
  39. @subsection man_reljmp Relative jumps
  40. For the moment there is no way to define symbols, so jumps can only be relative to
  41. the current address. The current address is expressed with the '.' character in an
  42. expression.
  43. Relative jumps can be expressed using the syntax :
  44. <pre>
  45. jmp . - 8
  46. jnz . + 32
  47. </pre>
  48. @section shell_cmds COMMANDS
  49. @par .bytecode
  50. Compile an instruction and display it's bytecode
  51. @par .flags
  52. Display the CPU flags
  53. @par .help [COMMAND]
  54. Display the builtin help or the help of the command gioven as argument
  55. @par .maps
  56. Display process memory maps
  57. @par .quit
  58. Exit the shell
  59. @par .regs
  60. Display the CPU registers values
  61. @par .syscalls
  62. Print syscalls names and numbers
  63. @par .reset
  64. Reset the shell (spawn a new process)
  65. @section EXAMPLES
  66. @subsection example_exit Exit with a specific status
  67. <pre>
  68. asmsh@0x7f55d2433000 > mov $60, \%rax
  69. asmsh@0x7f55d2433005 > mov $0x2a, \%rdi
  70. asmsh@0x7f55d243300a > syscall
  71. Child exited with status 42
  72. Exit with status 42
  73. </pre>
  74. @subsection example_hello Print a message to stdout
  75. <pre>
  76. asmsh@0x7f6e312e5000 > mov $0x0a6f6c6c, \%rax
  77. asmsh@0x7f6e312e5005 > shl $(8*2), \%rax
  78. asmsh@0x7f6e312e5009 > or $0x6548, \%rax
  79. asmsh@0x7f6e312e500f > push \%rax
  80. asmsh@0x7f6e312e5010 > mov $1, \%rax
  81. asmsh@0x7f6e312e5015 > mov \%rax, \%rdi
  82. asmsh@0x7f6e312e5018 > mov \%rsp, \%rsi
  83. asmsh@0x7f6e312e501b > mov $6, \%rdx
  84. asmsh@0x7f6e312e5020 > syscall
  85. Hello
  86. asmsh@0x7f6e312e5022 >
  87. </pre>
  88. @subsection example_loop Make a loop and use commands
  89. <pre>
  90. asmsh@0x7f3020bec000 > .regs \%rbx
  91. rbx: 0000000000000000
  92. asmsh@0x7f3020bec000 > mov $6, \%rcx
  93. asmsh@0x7f3020bec005 > add $0xb, \%rbx
  94. asmsh@0x7f3020bec009 > loop . -4
  95. asmsh@0x7f3020bec005 > .bytecode loop . -4
  96. loop . -4 = ( 2 Bytes) e2fa.... ........ ........ ......
  97. asmsh@0x7f3020bec005 > .breakpoint . + 6
  98. INFO: Set breakpoint @ 00007F3020BEC00B
  99. asmsh@0x7f3020bec005 > .run
  100. INFO: Breakpoint 00007f3020bec00b reached
  101. asmsh@0x7f3020bec00b > .regs \%rbx
  102. rbx: 0000000000000042
  103. </pre>
  104. @section TODO TODOLIST
  105. @todo Implement command for memory read/dump
  106. @todo Implement symbols for jumps
  107. @todo Add support for label declarations & references
  108. @todo Implement write without exec
  109. @todo Implement function declaration
  110. @todo Add switch between intel's & AT&T's syntaxes.
  111. @todo Implement a command to run until syscall only (and another for run until
  112. breakpoint or syscall ?)
  113. @todo Rationalise commands argument parsing (at the moment .breakpoints allready uses special stuff :/)
  114. @section AUTHOR
  115. Written by Yann Weber &lt;yann.weber@members.fsf.org&gt;
  116. @section COPYRIGHT
  117. Copyright © 2023 Weber Yann License GPLv3+: GNU GPL version 3 or later
  118. &lt;http://gnu.org/licenses/gpl.html>.
  119. This is free software: you are free to change and redistribute it.
  120. There is NO WARRANTY, to the extent permitted by law.
  121. */
  122. /**@mainpage
  123. * @brief Asmsh a shell that runs assembly
  124. *
  125. * @section Description
  126. *
  127. * A simple programm is spawned by the shell, and each instructions are runned in the
  128. * subprocess environment.
  129. */