forked from jjyg/metasm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
114 lines (99 loc) · 3.45 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
List of TODO items, by section, in random order
Ia32
emu fpu
AVX support
realmode
X86_64
decompiler
CPU
Arm
Sparc
Cell
Parser
Allow single-file multiplexer (C code + Asm + asm16bit + ...)
Fix the asm prepro comment issue: '; a /* b\n c ; */' should see 'c'
Assembler
Handle cpu pseudo-instrs (mips 'li' -> lui high + ori low)
SplitReloc? (for pseudo-instrs)
Ia32 GAS syntax
Make the autoimport depend on the target platform and not on the exeformat
Encode FPU constants
Disasm
DecodedData
Exe decoding generate decodeddata ?
Function variable names using stack analysis + ExpressionString
Fix thunk detection (thunk: mov ecx, 42 jmp [iat_thiscall] is not a thunk)
Test with ET_REL style exe
Store stuff out of mem (to handle big binaries)
Better :default usage
good on call eax, but not on <600k instrs> ret
use binary personality ? (uses call vs uses pushret..)
Improve 'backtrace => patch di.instr.args'
path-specific backtracking ( foo: call a ; a: jmp retloc ; bar: call b ; b: jmp retloc ; retloc: ret ; call foo ; ret : last ret trackback should only reach a:)
Decode pseudo/macro-instrs (mips 'li')
Deoptimizer (instr reordering for readability)
Optimizer (deobfuscating)
Per-instr context (allows to mix cell/ppc, x86 32/16bits, arm/armthumb..)
Compiler
Optimizer
Register allocator
Instr reordering
Asm intrinsics
Asm inline
inline functions
Separate partial compilation + linking (src1.c -> obj1.o, src2.c -> obj2.o, obj1.o+obj2.o -> bin)
Make generic compiler from cpu.instr_binding ?
create a cpu.what_instr_has_binding(:a => (:a + :b)) => 'add a, b' ?
Shellcode compiler (exit() => mov eax, 1 int 80h inline)
Decompiler
Fix decompiling on loaded savefile
Rewrite cpu-specific to really dumb
Just translate di.binding to C
maybe w/ trivial var dependency check for unused regs, but beware :incomplete instrs deps
Check interdependency ('xadd')
Move frame pointer checks / stack var detection to C code
Update asm listing from info in C (stack vars, stack var names..)
Handle renaming/retyping register vars / aliases
Handle switch() / computed goto
Fix inline asm reg dependencies
Handle direct syscalls (mov eax, 1 int 80h => exit())
Autodecode structs
FPU
Handle/hide compiler-generated stuff (getip, stack cookie setup/check..)
Handle call 1f ; 1: pop eax
More user control (force/forbid register arg, return type, etc)
Preserve C decompiled line association to range of asm decoded addrs
Debugger
OSX
Detour-style functionnality to patch binary code (also static to patch exe files?)
Move constants in a data/ folder (ptrace reg numbers, syscalls, etc)
Generic remote process manip
create blank state
linux virtualallocex
pax-compatible code patch through mmap
Remote debugging (small standalone C client)
Support dbghelp.dll (ms symbol server info)
Support debugee function call (gdb 'call')
ExeFormat
Handle minor editing without decode/reencode (eg patch ELF entrypoint)
ELF
test encoding openbsd binaries
handle symbol versions
LoadedELF.dump
Check relocation encoding (eg samples/dynamic_ruby with cpu.generate_PIC=false)
MachO
PE
resource editor ?
rc compiler ?
add simple accessor for resource stuff (manifest, icon, ...)
GUI
debugger
specialize widgets
show breakpoints
show jump direction from current flag values
have a console frontend
zoom font when zooming graph
text selection
map (part of) the binary & debug it (map a PE on a linux host & run it)
Ruby
write a fast ruby-like interpreter