ROSE  0.11.137.0
ModulesElf.h
1 #ifndef ROSE_BinaryAnalysis_Partitioner2_ModulesElf_H
2 #define ROSE_BinaryAnalysis_Partitioner2_ModulesElf_H
3 #include <featureTests.h>
4 #ifdef ROSE_ENABLE_BINARY_ANALYSIS
5 
6 #include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
7 #include <Rose/BinaryAnalysis/Partitioner2/Function.h>
8 #include <Rose/BinaryAnalysis/Partitioner2/Modules.h>
9 
10 #include <boost/filesystem.hpp>
11 
12 namespace Rose {
13 namespace BinaryAnalysis {
14 namespace Partitioner2 {
15 
17 namespace ModulesElf {
18 
25 std::vector<FunctionPtr> findErrorHandlingFunctions(SgAsmElfFileHeader*);
26 std::vector<FunctionPtr> findErrorHandlingFunctions(SgAsmInterpretation*);
27 size_t findErrorHandlingFunctions(SgAsmElfFileHeader*, std::vector<FunctionPtr>&);
33 std::vector<FunctionPtr> findPltFunctions(const PartitionerPtr&, SgAsmElfFileHeader*);
34 std::vector<FunctionPtr> findPltFunctions(const PartitionerPtr&, SgAsmInterpretation*);
35 size_t findPltFunctions(const PartitionerPtr&, SgAsmElfFileHeader*, std::vector<FunctionPtr>&);
39 struct PltInfo {
40  SgAsmGenericSection *section;
41  size_t firstOffset;
42  size_t entrySize;
44  PltInfo()
45  : section(NULL), firstOffset(0), entrySize(0) {}
46 };
47 
49 PltInfo findPlt(const PartitionerConstPtr&, SgAsmGenericSection*, SgAsmElfFileHeader*);
50 
54 std::vector<SgAsmElfSection*> findSectionsByName(SgAsmInterpretation*, const std::string&);
55 
60 bool isImport(const PartitionerConstPtr&, const FunctionPtr&);
61 
66 bool isLinkedImport(const PartitionerConstPtr&, const FunctionPtr&);
67 
71 bool isUnlinkedImport(const PartitionerConstPtr&, const FunctionPtr&);
72 
77 bool isObjectFile(const boost::filesystem::path&);
78 
83 bool isStaticArchive(const boost::filesystem::path&);
84 
86 namespace FixUndefinedSymbols {
88 enum Boolean {
89  NO,
90  YES
91 };
92 } // namespace
93 
98 bool tryLink(const std::string &command, const boost::filesystem::path &outputName,
99  std::vector<boost::filesystem::path> inputNames, Sawyer::Message::Stream &errors,
100  FixUndefinedSymbols::Boolean fixUndefinedSymbols = FixUndefinedSymbols::YES);
101 
107 std::vector<boost::filesystem::path>
108 extractStaticArchive(const boost::filesystem::path &directory, const boost::filesystem::path &archive);
109 
112 struct PltEntryMatcher: public InstructionMatcher {
113  // These data members are generally optional, and filled in as they're matched.
114  rose_addr_t gotVa_ = 0; // address of global offset table
115  rose_addr_t gotEntryVa_ = 0; // address through which an indirect branch branches
116  size_t gotEntryNBytes_ = 0; // size of the global offset table entry in bytes
117  rose_addr_t gotEntry_ = 0; // address read from the GOT if the address is mapped (or zero)
118  size_t nBytesMatched_ = 0; // number of bytes matched for PLT entry
119  rose_addr_t functionNumber_ = 0; // function number argument for the dynamic linker (usually a push)
120  rose_addr_t pltEntryAlignment_ = 1; // must PLT entries be aligned, and by how much?
121 
122 public:
123  explicit PltEntryMatcher(rose_addr_t gotVa)
124  : gotVa_(gotVa) {}
125  static Ptr instance(rose_addr_t gotVa) {
126  return Ptr(new PltEntryMatcher(gotVa));
127  }
128  virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor);
129 
131  rose_addr_t gotVa() const { return gotVa_; }
132 
134  size_t nBytesMatched() const { return nBytesMatched_; }
135 
137  rose_addr_t pltEntryAlignment() const { return pltEntryAlignment_; }
138 
140  rose_addr_t gotEntryVa() const { return gotEntryVa_; }
141 
143  size_t gotEntryNBytes() const { return gotEntryNBytes_; }
144 
146  rose_addr_t gotEntry() const { return gotEntry_; }
147 
148 private:
149  SgAsmInstruction* matchNop(const PartitionerConstPtr&, rose_addr_t va);
150  SgAsmInstruction* matchPush(const PartitionerConstPtr&, rose_addr_t var, rose_addr_t &n /*out*/);
151  SgAsmInstruction* matchDirectJump(const PartitionerConstPtr&, rose_addr_t va);
152  SgAsmInstruction* matchIndirectJump(const PartitionerConstPtr&, rose_addr_t va,
153  rose_addr_t &indirectVa /*out*/, size_t &indirectNBytes /*out*/);
154  SgAsmInstruction* matchIndirectJumpEbx(const PartitionerConstPtr&, rose_addr_t va,
155  rose_addr_t &offsetFromEbx /*out*/, size_t &indirectNBytes /*out*/);
156  SgAsmInstruction* matchAarch64Adrp(const PartitionerConstPtr&, rose_addr_t va, rose_addr_t &value /*out*/);
157  SgAsmInstruction* matchAarch64Ldr(const PartitionerConstPtr&, rose_addr_t va, rose_addr_t &indirectVa /*in,out*/,
158  rose_addr_t &indirectNBytes /*out*/);
159  SgAsmInstruction* matchAarch64Add(const PartitionerConstPtr&, rose_addr_t va);
160  SgAsmInstruction* matchAarch64Br(const PartitionerConstPtr&, rose_addr_t va);
161  SgAsmInstruction* matchAarch32CopyPcToIp(const PartitionerConstPtr&, rose_addr_t va, uint32_t &result);
162  SgAsmInstruction* matchAarch32AddConstToIp(const PartitionerConstPtr&, rose_addr_t va, uint32_t &addend);
163  SgAsmInstruction* matchAarch32IndirectBranch(const PartitionerConstPtr&, rose_addr_t va, uint32_t &addend);
164 };
165 
167 void buildMayReturnLists(const PartitionerPtr&);
168 
169 } // namespace
170 } // namespace
171 } // namespace
172 } // namespace
173 
174 #endif
175 #endif
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findErrorHandlingFunctions
std::vector< FunctionPtr > findErrorHandlingFunctions(SgAsmElfFileHeader *)
Reads ELF .eh_frames to find function entry addresses.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findSectionsByName
std::vector< SgAsmElfSection * > findSectionsByName(SgAsmInterpretation *, const std::string &)
Get a list of all ELF sections by name.
SgAsmGenericSection
Contiguous region of a file.
Definition: binaryInstruction.C:27857
Rose::BinaryAnalysis::Partitioner2::ModulesElf::tryLink
bool tryLink(const std::string &command, const boost::filesystem::path &outputName, std::vector< boost::filesystem::path > inputNames, Sawyer::Message::Stream &errors, FixUndefinedSymbols::Boolean fixUndefinedSymbols=FixUndefinedSymbols::YES)
Try to run a link command.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntry
rose_addr_t gotEntry() const
Value stored in the GOT entry.
Definition: ModulesElf.h:146
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isObjectFile
bool isObjectFile(const boost::filesystem::path &)
True if named file is an ELF object file.
SgAsmElfFileHeader
Represents the file header of an ELF binary container.
Definition: binaryInstruction.C:19100
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isStaticArchive
bool isStaticArchive(const boost::filesystem::path &)
True if named file is a static library archive.
SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:39384
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findPlt
PltInfo findPlt(const PartitionerConstPtr &, SgAsmGenericSection *, SgAsmElfFileHeader *)
Find information about the PLT.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntryVa
rose_addr_t gotEntryVa() const
Address of the corresponding GOT entry.
Definition: ModulesElf.h:140
Rose::BinaryAnalysis::Partitioner2::ModulesElf::extractStaticArchive
std::vector< boost::filesystem::path > extractStaticArchive(const boost::filesystem::path &directory, const boost::filesystem::path &archive)
Extract object files from a static archive.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::buildMayReturnLists
void buildMayReturnLists(const PartitionerPtr &)
Build may-return white and black lists.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltInfo
Information about the procedure lookup table.
Definition: ModulesElf.h:39
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltInfo::entrySize
size_t entrySize
Size of each entry in bytes.
Definition: ModulesElf.h:42
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::InstructionMatcher
Base class for matching an instruction pattern.
Definition: Modules.h:78
Sawyer::SharedPointer
Reference-counting intrusive smart pointer.
Definition: SharedPointer.h:68
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor)
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::pltEntryAlignment
rose_addr_t pltEntryAlignment() const
Alignment of PLT entries w.r.t.
Definition: ModulesElf.h:137
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotVa
rose_addr_t gotVa() const
Address of global offset table.
Definition: ModulesElf.h:131
Rose::BinaryAnalysis::Partitioner2::ModulesElf::findPltFunctions
std::vector< FunctionPtr > findPltFunctions(const PartitionerPtr &, SgAsmElfFileHeader *)
Reads ELF PLT sections and returns a list of functions.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isLinkedImport
bool isLinkedImport(const PartitionerConstPtr &, const FunctionPtr &)
True if function is a linked import.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isUnlinkedImport
bool isUnlinkedImport(const PartitionerConstPtr &, const FunctionPtr &)
True if function is a non-linked import.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::nBytesMatched
size_t nBytesMatched() const
Size of the PLT entry in bytes.
Definition: ModulesElf.h:134
Rose::BinaryAnalysis::Partitioner2::InstructionMatcher::Ptr
Sawyer::SharedPointer< InstructionMatcher > Ptr
Shared-ownership pointer to an InstructionMatcher.
Definition: Modules.h:81
Sawyer::Message::Stream
Converts text to messages.
Definition: Message.h:1396
SgAsmInterpretation
Represents an interpretation of a binary container.
Definition: binaryInstruction.C:12440
Rose::BinaryAnalysis::Partitioner2::ModulesElf::isImport
bool isImport(const PartitionerConstPtr &, const FunctionPtr &)
True if the function is an import.
Rose::BinaryAnalysis::Partitioner2::ModulesElf::PltEntryMatcher::gotEntryNBytes
size_t gotEntryNBytes() const
Size of the GOT entry in bytes.
Definition: ModulesElf.h:143
Generated on Mon Aug 7 2023 04:56:04 for ROSE by   doxygen 1.8.10