qdb: partial mcu supported

Author: ucgJhe

qiling/debugger/qdb/frontend.py

@@ -164,67 +164,78 @@ def context_reg(ql: Qiling, saved_states: Optional[Mapping[str, int]] = None, /,
 
             print(lines.format(*_cur_regs.values()))
 
-        elif ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB):
+        elif ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB, QL_ARCH.CORTEX_M):
+
+            regs_in_row = 4
+            if ql.archtype == QL_ARCH.CORTEX_M:
+                regs_in_row = 3
 
             _cur_regs.update({"sl": _cur_regs.pop("r10")})
-            _cur_regs.update({"fp": _cur_regs.pop("r11")})
             _cur_regs.update({"ip": _cur_regs.pop("r12")})
+            _cur_regs.update({"fp": _cur_regs.pop("r11")})
+
+            # for re-order
+            _cur_regs.update({"xpsr": _cur_regs.pop("xpsr")})
+            _cur_regs.update({"control": _cur_regs.pop("control")})
+            _cur_regs.update({"primask": _cur_regs.pop("primask")})
+            _cur_regs.update({"faultmask": _cur_regs.pop("faultmask")})
+            _cur_regs.update({"basepri": _cur_regs.pop("basepri")})
 
+            _diff = None
             if saved_states is not None:
                 _saved_states = copy.deepcopy(saved_states)
                 _saved_states.update({"sl": _saved_states.pop("r10")})
-                _saved_states.update({"fp": _saved_states.pop("r11")})
                 _saved_states.update({"ip": _saved_states.pop("r12")})
+                _saved_states.update({"fp": _saved_states.pop("r11")})
                 _diff = [k for k in _cur_regs if _cur_regs[k] != _saved_states[k]]
 
-            else:
-                _diff = None
-
             lines = ""
             for idx, r in enumerate(_cur_regs, 1):
-                line = "{}{:}: 0x{{:08x}} {}\t".format(_colors[(idx-1) // 4], r, color.END)
+
+                line = "{}{:}: 0x{{:08x}} {}  ".format(_colors[(idx-1) // regs_in_row], r, color.END)
 
                 if _diff and r in _diff:
                     line = "{}{}".format(color.UNDERLINE, color.BOLD) + line
 
-                if idx % 4 == 0:
+                if idx % regs_in_row == 0:
                     line += "\n"
 
                 lines += line
 
             print(lines.format(*_cur_regs.values()))
             print(color.GREEN, "[{cpsr[mode]} mode], Thumb: {cpsr[thumb]}, FIQ: {cpsr[fiq]}, IRQ: {cpsr[irq]}, NEG: {cpsr[neg]}, ZERO: {cpsr[zero]}, Carry: {cpsr[carry]}, Overflow: {cpsr[overflow]}".format(cpsr=get_arm_flags(ql.reg.cpsr)), color.END, sep="")
 
-    # context render for Stack
-    with context_printer(ql, "[ STACK ]", ruler="─"):
-
-        for idx in range(10):
-            addr = ql.reg.arch_sp + idx * ql.pointersize
-            val = ql.mem.read(addr, ql.pointersize)
-            print(f"$sp+0x{idx*ql.pointersize:02x}│ [0x{addr:08x}] —▸ 0x{ql.unpack(val):08x}", end="")
+    if ql.archtype != QL_ARCH.CORTEX_M:
+    # context render for Stack, skip this for CORTEX_M
+        with context_printer(ql, "[ STACK ]", ruler="─"):
 
-            try:  # try to deference wether its a pointer
-                buf = ql.mem.read(addr, ql.pointersize)
-            except:
-                buf = None
+            for idx in range(10):
+                addr = ql.reg.arch_sp + idx * ql.pointersize
+                val = ql.mem.read(addr, ql.pointersize)
+                print(f"$sp+0x{idx*ql.pointersize:02x}│ [0x{addr:08x}] —▸ 0x{ql.unpack(val):08x}", end="")
 
-            if (addr := ql.unpack(buf)):
-                try:  # try to deference again
+                try:  # try to deference wether its a pointer
                     buf = ql.mem.read(addr, ql.pointersize)
                 except:
                     buf = None
 
-                if buf:
-                    try:
-                        s = ql.mem.string(addr)
+                if (addr := ql.unpack(buf)):
+                    try:  # try to deference again
+                        buf = ql.mem.read(addr, ql.pointersize)
                     except:
-                        s = None
+                        buf = None
 
-                    if s and s.isprintable():
-                        print(f" ◂— {ql.mem.string(addr)}", end="")
-                    else:
-                        print(f" ◂— 0x{ql.unpack(buf):08x}", end="")
-            print()
+                    if buf:
+                        try:
+                            s = ql.mem.string(addr)
+                        except:
+                            s = None
+
+                        if s and s.isprintable():
+                            print(f" ◂— {ql.mem.string(addr)}", end="")
+                        else:
+                            print(f" ◂— 0x{ql.unpack(buf):08x}", end="")
+                print()
 
 
 def print_asm(ql: Qiling, insn: CsInsn, to_jump: Optional[bool] = None, address: int = None) -> None:
@@ -251,9 +262,7 @@ def context_asm(ql: Qiling, address: int) -> None:
 
         past_list = []
 
-        if ql.archtype in (QL_ARCH.MIPS, QL_ARCH.ARM, QL_ARCH.ARM_THUMB):
-
-            line = disasm(ql, address-0x10)
+        line = disasm(ql, address-0x10)
 
         while line:
             if line.address == address:

qiling/debugger/qdb/qdb.py

@@ -39,14 +39,15 @@ def dbg_hook(self: QlQdb, init_hook: str):
 
         # self.ql.loader.entry_point  # ld.so
         # self.ql.loader.elf_entry    # .text of binary
+        if not self.ql.baremetal:
 
-        if init_hook:
-            init_hook = parse_int(init_hook)
+            if init_hook:
+                init_hook = parse_int(init_hook)
 
-            self.set_breakpoint(init_hook, is_temp=True)
+                self.set_breakpoint(init_hook, is_temp=True)
 
-        self.cur_addr = self.ql.loader.entry_point
-        self._init_state = self.ql.save()
+            self.cur_addr = self.ql.loader.entry_point
+            self._init_state = self.ql.save()
 
         self.do_context()
         self.interactive()
@@ -102,18 +103,18 @@ def _restore(self: QlQdb, *args) -> None:
 
         self.ql.restore(self._states_list.pop())
 
-    def _run(self: Qldbg, address: int = 0, count: int = 0) -> None:
+    def _run(self: Qldbg, address: int = 0, end: int = 0, count: int = 0) -> None:
         """
         internal function for emulating instruction
         """
 
         if not address:
             address = self.cur_addr
 
-        if self.ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB) and is_thumb(self.ql.reg.cpsr):
+        if self.ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB, QL_ARCH.CORTEX_M) and is_thumb(self.ql.reg.cpsr):
             address |= 1
 
-        self.ql.emu_start(address, 0, count=count)
+        self.ql.emu_start(begin=address, end=end, count=count)
 
     def parseline(self: QlQdb, line: str) -> Tuple[Optional[str], Optional[str], str]:
         """
@@ -196,6 +197,7 @@ def do_step(self: QlQdb, *args) -> Optional[bool]:
             print(f"{color.RED}[!] The program is not being run.{color.END}")
 
         else:
+            # save reg dump for data chaged highliting
             self._saved_reg_dump = dict(filter(lambda d: isinstance(d[0], str), self.ql.reg.save().items()))
 
             _, next_stop = handle_bnj(self.ql, self.cur_addr)
@@ -206,13 +208,21 @@ def do_step(self: QlQdb, *args) -> Optional[bool]:
             if self.rr:
                 self._save()
 
-            count = 1
-            if self.ql.archtype == QL_ARCH.MIPS and next_stop != self.cur_addr + 4:
-                # make sure delay slot executed
-                count = 2
+            if self.ql.baremetal:
+                self.ql.arch.step()
+                # self.ql.arch.run(count=1, end=self.ql.exit_point)
+                # self._run(count=1)
+                self.do_context()
 
-            self._run(count=count)
-            self.do_context()
+            else:
+
+                count = 1
+                if self.ql.archtype == QL_ARCH.MIPS and next_stop != self.cur_addr + 4:
+                    # make sure delay slot executed
+                    count = 2
+
+                self._run(count=count)
+                self.do_context()
 
     def set_breakpoint(self: QlQdb, address: int, is_temp: bool = False) -> None:
         """
@@ -262,6 +272,7 @@ def do_continue(self: QlQdb, address: str = "") -> None:
             address = parse_int(address)
 
         print(f"{color.CYAN}continued from 0x{self.cur_addr:08x}{color.END}")
+
         self._run(address)
 
     def do_examine(self: QlQdb, line: str) -> None:

qiling/debugger/qdb/utils.py

@@ -36,6 +36,16 @@ def dump_regs(ql: Qiling) -> Mapping[str, int]:
                 "r12", "sp", "lr", "pc",
                 )
 
+    elif ql.archtype == QL_ARCH.CORTEX_M:
+
+        _reg_order = (
+                "r0", "r1", "r2", "r3",
+                "r4", "r5", "r6", "r7",
+                "r8", "r9", "r10", "r11",
+                "r12", "sp", "lr", "pc",
+                "xpsr", "control", "primask", "basepri", "faultmask"
+                )
+
     return {reg_name: getattr(ql.reg, reg_name) for reg_name in _reg_order}
 
 
@@ -87,6 +97,7 @@ def handle_bnj(ql: Qiling, cur_addr: str) -> Callable[[Qiling, str], int]:
             QL_ARCH.MIPS     : handle_bnj_mips,
             QL_ARCH.ARM      : handle_bnj_arm,
             QL_ARCH.ARM_THUMB: handle_bnj_arm,
+            QL_ARCH.CORTEX_M : handle_bnj_arm,
             }.get(ql.archtype)(ql, cur_addr)
 
 
@@ -116,11 +127,11 @@ def disasm(ql: Qiling, address: int, detail: bool = False) -> Optional[int]:
     return ret
 
 
-def _read_inst(ql: Qiling, addr: str) -> int:
+def _read_inst(ql: Qiling, addr: int) -> int:
 
     result = ql.mem.read(addr, 4)
 
-    if ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB):
+    if ql.archtype in (QL_ARCH.ARM, QL_ARCH.ARM_THUMB, QL_ARCH.CORTEX_M):
         if is_thumb(ql.reg.cpsr):
 
             first_two = ql.unpack16(ql.mem.read(addr, 2))