ROSE 0.11.145.272
ModulesElf.h
1#ifndef ROSE_BinaryAnalysis_Partitioner2_ModulesElf_H
2#define ROSE_BinaryAnalysis_Partitioner2_ModulesElf_H
3#include <featureTests.h>
4#ifdef ROSE_ENABLE_BINARY_ANALYSIS
5
6#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
7#include <Rose/BinaryAnalysis/Partitioner2/Function.h>
8#include <Rose/BinaryAnalysis/Partitioner2/Modules.h>
9
10#include <boost/filesystem.hpp>
11
12namespace Rose {
13namespace BinaryAnalysis {
14namespace Partitioner2 {
15
17namespace ModulesElf {
18
25std::vector<FunctionPtr> findErrorHandlingFunctions(SgAsmElfFileHeader*);
26std::vector<FunctionPtr> findErrorHandlingFunctions(SgAsmInterpretation*);
27size_t findErrorHandlingFunctions(SgAsmElfFileHeader*, std::vector<FunctionPtr>&);
33std::vector<FunctionPtr> findPltFunctions(const PartitionerPtr&, SgAsmElfFileHeader*);
34std::vector<FunctionPtr> findPltFunctions(const PartitionerPtr&, SgAsmInterpretation*);
35size_t findPltFunctions(const PartitionerPtr&, SgAsmElfFileHeader*, std::vector<FunctionPtr>&);
39struct PltInfo {
40 SgAsmGenericSection *section;
41 size_t firstOffset;
42 size_t entrySize;
44 PltInfo()
45 : section(NULL), firstOffset(0), entrySize(0) {}
46};
47
49PltInfo findPlt(const PartitionerConstPtr&, SgAsmGenericSection*, SgAsmElfFileHeader*);
50
54std::vector<SgAsmElfSection*> findSectionsByName(SgAsmInterpretation*, const std::string&);
55
60bool isImport(const PartitionerConstPtr&, const FunctionPtr&);
61
66bool isLinkedImport(const PartitionerConstPtr&, const FunctionPtr&);
67
71bool isUnlinkedImport(const PartitionerConstPtr&, const FunctionPtr&);
72
77bool isObjectFile(const boost::filesystem::path&);
78
83bool isStaticArchive(const boost::filesystem::path&);
84
86namespace FixUndefinedSymbols {
88enum Boolean {
89 NO,
90 YES
91};
92} // namespace
93
98bool tryLink(const std::string &command, const boost::filesystem::path &outputName,
99 std::vector<boost::filesystem::path> inputNames, Sawyer::Message::Stream &errors,
100 FixUndefinedSymbols::Boolean fixUndefinedSymbols = FixUndefinedSymbols::YES);
101
107std::vector<boost::filesystem::path>
108extractStaticArchive(const boost::filesystem::path &directory, const boost::filesystem::path &archive);
109
112struct PltEntryMatcher: public InstructionMatcher {
113 // These data members are generally optional, and filled in as they're matched.
114 Address gotVa_ = 0; // address of global offset table
115 Address gotEntryVa_ = 0; // address through which an indirect branch branches
116 size_t gotEntryNBytes_ = 0; // size of the global offset table entry in bytes
117 Address gotEntry_ = 0; // address read from the GOT if the address is mapped (or zero)
118 size_t nBytesMatched_ = 0; // number of bytes matched for PLT entry
119 Address functionNumber_ = 0; // function number argument for the dynamic linker (usually a push)
120 Address pltEntryAlignment_ = 1; // must PLT entries be aligned, and by how much?
121
122public:
123 explicit PltEntryMatcher(Address gotVa)
124 : gotVa_(gotVa) {}
125 static Ptr instance(Address gotVa) {
126 return Ptr(new PltEntryMatcher(gotVa));
127 }
128 virtual bool match(const PartitionerConstPtr&, Address anchor);
129
131 Address gotVa() const { return gotVa_; }
132
134 size_t nBytesMatched() const { return nBytesMatched_; }
135
137 Address pltEntryAlignment() const { return pltEntryAlignment_; }
138
140 Address gotEntryVa() const { return gotEntryVa_; }
141
143 size_t gotEntryNBytes() const { return gotEntryNBytes_; }
144
146 Address gotEntry() const { return gotEntry_; }
147
148private:
149 SgAsmInstruction* matchNop(const PartitionerConstPtr&, Address va);
150 SgAsmInstruction* matchPush(const PartitionerConstPtr&, Address var, Address &n /*out*/);
151 SgAsmInstruction* matchDirectJump(const PartitionerConstPtr&, Address va);
152 SgAsmInstruction* matchIndirectJump(const PartitionerConstPtr&, Address va, Address &indirectVa /*out*/,
153 size_t &indirectNBytes /*out*/);
154 SgAsmInstruction* matchIndirectJumpEbx(const PartitionerConstPtr&, Address va, Address &offsetFromEbx /*out*/,
155 size_t &indirectNBytes /*out*/);
156 SgAsmInstruction* matchAarch64Adrp(const PartitionerConstPtr&, Address va, Address &value /*out*/);
157 SgAsmInstruction* matchAarch64Ldr(const PartitionerConstPtr&, Address va, Address &indirectVa /*in,out*/,
158 Address &indirectNBytes /*out*/);
159 SgAsmInstruction* matchAarch64Add(const PartitionerConstPtr&, Address va);
160 SgAsmInstruction* matchAarch64Br(const PartitionerConstPtr&, Address va);
161 SgAsmInstruction* matchAarch32CopyPcToIp(const PartitionerConstPtr&, Address va, uint32_t &result);
162 SgAsmInstruction* matchAarch32AddConstToIp(const PartitionerConstPtr&, Address va, uint32_t &addend);
163 SgAsmInstruction* matchAarch32IndirectBranch(const PartitionerConstPtr&, Address va, uint32_t &addend);
164};
165
167void buildMayReturnLists(const PartitionerPtr&);
168
169} // namespace
170} // namespace
171} // namespace
172} // namespace
173
174#endif
175#endif
Rose::BinaryAnalysis::Partitioner2::InstructionMatcher
Base class for matching an instruction pattern.
Definition Modules.h:78
Rose::BinaryAnalysis::Partitioner2::InstructionMatcher::Ptr
Sawyer::SharedPointer< InstructionMatcher > Ptr
Shared-ownership pointer to an InstructionMatcher.
Definition Modules.h:81
Sawyer::Message::Stream
Converts text to messages.
Definition Message.h:1396
Sawyer::SharedPointer
Reference-counting intrusive smart pointer.
Definition SharedPointer.h:65
SgAsmElfFileHeader
Represents the file header of an ELF binary container.
Definition binaryInstruction.C:21673
SgAsmGenericSection
Contiguous region of a file.
Definition binaryInstruction.C:31279
SgAsmInstruction
Base class for machine instructions.
Definition binaryInstruction.C:43866
SgAsmInterpretation
Represents an interpretation of a binary container.
Definition binaryInstruction.C:14346
Rose::BinaryAnalysis::Partitioner2::ModulesElf::FixUndefinedSymbols::Boolean
Boolean
Boolean flag for Rose::BinaryAnalysis::Partitioner2::ModulesElf::tryLink.
Definition ModulesElf.h:88
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isImport
bool isImport(const PartitionerConstPtr &, const FunctionPtr &)
True if the function is an import.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findErrorHandlingFunctions
std::vector< FunctionPtr > findErrorHandlingFunctions(SgAsmElfFileHeader *)
Reads ELF .eh_frames to find function entry addresses.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findSectionsByName
std::vector< SgAsmElfSection * > findSectionsByName(SgAsmInterpretation *, const std::string &)
Get a list of all ELF sections by name.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isObjectFile
bool isObjectFile(const boost::filesystem::path &)
True if named file is an ELF object file.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::tryLink
bool tryLink(const std::string &command, const boost::filesystem::path &outputName, std::vector< boost::filesystem::path > inputNames, Sawyer::Message::Stream &errors, FixUndefinedSymbols::Boolean fixUndefinedSymbols=FixUndefinedSymbols::YES)
Try to run a link command.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findPlt
PltInfo findPlt(const PartitionerConstPtr &, SgAsmGenericSection *, SgAsmElfFileHeader *)
Find information about the PLT.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findPltFunctions
std::vector< FunctionPtr > findPltFunctions(const PartitionerPtr &, SgAsmElfFileHeader *)
Reads ELF PLT sections and returns a list of functions.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isLinkedImport
bool isLinkedImport(const PartitionerConstPtr &, const FunctionPtr &)
True if function is a linked import.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::buildMayReturnLists
void buildMayReturnLists(const PartitionerPtr &)
Build may-return white and black lists.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::extractStaticArchive
std::vector< boost::filesystem::path > extractStaticArchive(const boost::filesystem::path &directory, const boost::filesystem::path &archive)
Extract object files from a static archive.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isStaticArchive
bool isStaticArchive(const boost::filesystem::path &)
True if named file is a static library archive.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isUnlinkedImport
bool isUnlinkedImport(const PartitionerConstPtr &, const FunctionPtr &)
True if function is a non-linked import.
Rose::BinaryAnalysis::Address
std::uint64_t Address
Address.
Definition Address.h:11
Rose
The ROSE library.
Definition BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntry
Address gotEntry() const
Value stored in the GOT entry.
Definition ModulesElf.h:146
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::nBytesMatched
size_t nBytesMatched() const
Size of the PLT entry in bytes.
Definition ModulesElf.h:134
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotVa
Address gotVa() const
Address of global offset table.
Definition ModulesElf.h:131
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntryNBytes
size_t gotEntryNBytes() const
Size of the GOT entry in bytes.
Definition ModulesElf.h:143
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::match
virtual bool match(const PartitionerConstPtr &, Address anchor)
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntryVa
Address gotEntryVa() const
Address of the corresponding GOT entry.
Definition ModulesElf.h:140
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::pltEntryAlignment
Address pltEntryAlignment() const
Alignment of PLT entries w.r.t.
Definition ModulesElf.h:137
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltInfo
Information about the procedure lookup table.
Definition ModulesElf.h:39
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltInfo::entrySize
size_t entrySize
Size of each entry in bytes.
Definition ModulesElf.h:42
Generated on Sun May 18 2025 21:55:22 for ROSE by doxygen 1.9.8