Tamarin-central, the stable source tree of open source VM used by
Adobe Flash,
was
updated last December (Dec 22 2009) after relatively long
blank. The newer tree has faster VM and includes updated ABC
assembler and disassembler. Especially those ABC utilities are quite
useful to a binary hacker of AVM2.
Download latest Flex SDK
I found that neither Flex SDK 3.5 nor 4.0 stable build can compile
abcdump. You need to download later version from the
Download
Flex site. Flex 4-Beta 2 (4.0.0.10485) works well. I would set the
Flex directory to environment variable FLEX.
$ export FLEX=~/Downloads/flex_sdk_4.0.0.10485_mpl
Download and build Tamarin-central
Building procedure is well documented in
Tamarin_Build_Documentation. Only
my additional suggestion is to add --enable-debugger, it makes error
messages easy to read, it helps you, really.
$ hg clone http://hg.mozilla.org/tamarin-central/
$ cd tamarin-central
$ mkdir objdir-release
$ cd objdir-release
$ python ../configure.py --enable-shell --enable-debugger
$ make
$ ./shell/avmshell -Dversion
shell 1.5 release-debugger build cyclone
features AVMSYSTEM_32BIT; ...
Build abcdump
There are various useful utilities in utils/ directory. Some utilizes
are written in ActionScript, so you need to compile them to
use. Abcdump, ABC disassembler, is one of such utilities.
$ cd ..
$ java -jar $FLEX/lib/asc.jar -import core/builtin.abc -import shell/shell_toplevel.abc utils/abcdump.as
core/builtin.abc and shell/shell_toplevel.abc are basic libraries
provided by tamarin, you can use them to try to see how abcdump
works. Note that you need to separate abc file names with --,
otherwise arguments are processed by avmshell instead of abcdump.
$ ./objdir-release/shell/avmshell ./utils/abcdump.abc -- core/builtin.abc
// magic 2e0010
// Cpool numbers size 158 0 %
...
I recommend you to make a tiny shell script to ease such a complicated command line.
#!/bin/sh
~/tmp/tamarin-central/objdir-release/shell/avmshell ~/tmp/tamarin-central/utils/abcdump.abc -- $@
How to use abcasm
Abcasm is a ABC assembler. It is written in java and shell script, so
you don't need to compile to try it. utils/abcasm/test/ directory
includes various interesting sample programs. You can test them easily
and quickly.
$ cd utils/abcasm/
$ ./abcasm.sh test/hello.abs
test/hello.abs
$ ../../objdir-release/shell/avmshell test/hello.abc
Hello, world
Hi, Takashi! Thanks for sharing these instructions. I find them really useful. In 2007-2008 period I was a binary AVM hacker, working on great compiler technology for Flash VM, but unfortunately the project was abandoned. I hope that in near future the project goes live (may be in the end of this year). I will follow your blog since I am very interested in Tamarin project. Keep hacking!
ReplyDeleteWhen installing Tamarin-central, you may need to build without strict aliasing. I did this by editing configure.py before running the python command-- in APP_CXXFLAGS, change "-fstrict-aliasing" to "-fno-strict-aliasing". That was all I needed to make everything build smoothly.
ReplyDeleteJames, thanks a million for that aliasing trick. Just ran into the same error and don't know how many hours you saved me!
ReplyDelete