ROSE_HTML_Reference/ModulesX86_8h_source.html

 #ifndef ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H

 #define ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H

 #include <featureTests.h>

 #ifdef ROSE_ENABLE_BINARY_ANALYSIS

 #include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>


 #include <Rose/BinaryAnalysis/Partitioner2/Modules.h>


 namespace Rose {

 namespace BinaryAnalysis {

 namespace Partitioner2 {


 namespace ModulesX86 {


 class MatchStandardPrologue: public FunctionPrologueMatcher {

 protected:

     FunctionPtr function_;

 protected:

     MatchStandardPrologue();

 public:

     ~MatchStandardPrologue();


 public:

     static Ptr instance();

     virtual std::vector<FunctionPtr> functions() const override;

     virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

 };


 class MatchHotPatchPrologue: public MatchStandardPrologue {

 public:

     static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }

     virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

     virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

 };


 class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {

 protected:

     FunctionPtr function_;

 protected:

     MatchAbbreviatedPrologue();

 public:

     ~MatchAbbreviatedPrologue();


 public:

     static Ptr instance();

     virtual std::vector<FunctionPtr> functions() const override;

     virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

 };


 class MatchEnterPrologue: public FunctionPrologueMatcher {

 protected:

     FunctionPtr function_;

 public:

     static Ptr instance() { return Ptr(new MatchEnterPrologue); }

     virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

     virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

 };


 class MatchRetPadPush: public FunctionPrologueMatcher {

 protected:

     FunctionPtr function_;

 public:

     static Ptr instance() { return Ptr(new MatchRetPadPush); }

     virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

     virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

 };


 class FunctionReturnDetector: public BasicBlockCallback {

 public:

     static Ptr instance() { return Ptr(new FunctionReturnDetector); }

     virtual bool operator()(bool chain, const Args&) override;

 };


 class SwitchSuccessors: public BasicBlockCallback {

 public:

     enum EntryType { ABSOLUTE, RELATIVE };


 private:

     Sawyer::Optional<rose_addr_t> tableVa_;             // possible address for jump table

     EntryType entryType_;                               // type of table entries

     size_t entrySizeBytes_;                             // size of each table entry


 public:

     SwitchSuccessors()

         : entryType_(ABSOLUTE), entrySizeBytes_(4) {}

     static Ptr instance() { return Ptr(new SwitchSuccessors); }

     virtual bool operator()(bool chain, const Args&) override;

 private:

     bool matchPattern1(SgAsmExpression *jmpArg);

     bool matchPattern2(const BasicBlockPtr&, SgAsmInstruction *jmp);

     bool matchPattern3(const PartitionerConstPtr&, const BasicBlockPtr&, SgAsmInstruction *jmp);

     bool matchPatterns(const PartitionerConstPtr&, const BasicBlockPtr&);

 };


 bool matchEnterAnyZero(const PartitionerConstPtr&, SgAsmX86Instruction*);


 Sawyer::Optional<rose_addr_t> matchJmpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchLeaCxMemBpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchJmpMem(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchMovBpSp(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchMovDiDi(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchPushBp(const PartitionerConstPtr&, SgAsmX86Instruction*);


 bool matchPushSi(const PartitionerConstPtr&, SgAsmX86Instruction*);


 std::vector<rose_addr_t> scanCodeAddressTable(const PartitionerConstPtr&, AddressInterval &tableLimits /*in,out*/,

                                               const AddressInterval &targetLimits,

                                               SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes,

                                               Sawyer::Optional<rose_addr_t> probableStartVa = Sawyer::Nothing(),

                                               size_t nSkippable = 0);


 Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);


 } // namespace

 } // namespace

 } // namespace

 } // namespace


 #endif

 #endif

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst
bool matchLeaCxMemBpConst(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi
bool matchMovDiDi(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition: ModulesX86.h:82

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp
bool matchPushBp(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition: ModulesX86.h:107

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::instance
static Ptr instance()
Allocating constructor.

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition: Modules.h:39

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition: Modules.h:108

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem
bool matchJmpMem(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.

SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:38261

Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) override
Callback method.

Sawyer::Optional< rose_addr_t >

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi
bool matchPushSi(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp
bool matchMovBpSp(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.

Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition: ModulesX86.h:97

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchEnterAnyZero
bool matchEnterAnyZero(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "ENTER x, 0".

Sawyer::SharedPointer< Function >

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< FunctionPtr > functions() const  override
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:52

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition: ModulesX86.h:57

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::instance
static Ptr instance()
Allocating constructor.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors::operator()
virtual bool operator()(bool chain, const Args &) override
Callback method.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:76

Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable
std::vector< rose_addr_t > scanCodeAddressTable(const PartitionerConstPtr &, AddressInterval &tableLimits, const AddressInterval &targetLimits, SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes, Sawyer::Optional< rose_addr_t > probableStartVa=Sawyer::Nothing(), size_t nSkippable=0)
Reads a table of code addresses.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:119

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue
Matches an x86 function prologue.
Definition: ModulesX86.h:27

SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition: binaryInstruction.C:112

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:99

SgAsmExpression
Base class for expressions.
Definition: binaryInstruction.C:39026

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst
Sawyer::Optional< rose_addr_t > matchJmpConst(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "JMP constant".

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< FunctionPtr > functions() const  override
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:77

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< FunctionPtr > functions() const  override
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:87

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< FunctionPtr > functions() const  override
Returns the function(s) for the previous successful match.

Sawyer::Container::Interval< rose_addr_t >

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:51

Sawyer::Nothing
Represents no value.
Definition: Optional.h:32

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< FunctionPtr > functions() const  override
Returns the function(s) for the previous successful match.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:86

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
BasicBlockCallbackPtr Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition: Modules.h:42

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue
Matches an x86 "ENTER xxx, 0" prologue.
Definition: ModulesX86.h:72

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition: ModulesX86.h:49

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
FunctionPrologueMatcherPtr Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition: Modules.h:111