ModulesX86.h

#ifndef ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H
#define ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H
#include <featureTests.h>
#ifdef ROSE_ENABLE_BINARY_ANALYSIS
#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
 
#include <Rose/BinaryAnalysis/Partitioner2/JumpTable.h>
#include <Rose/BinaryAnalysis/Partitioner2/Modules.h>
 
namespace Rose {
namespace BinaryAnalysis {
namespace Partitioner2 {
 
namespace ModulesX86 {
 
// Classes for matching function prologues
 
class MatchStandardPrologue: public FunctionPrologueMatcher {
protected:
    FunctionPtr function_;
protected:
    MatchStandardPrologue();
public:
    ~MatchStandardPrologue();
 
public:
    static Ptr instance();                              
    virtual std::vector<FunctionPtr> functions() const override;
    virtual bool match(const PartitionerConstPtr&, Address anchor) override;
};
 
class MatchHotPatchPrologue: public MatchStandardPrologue {
public:
    static Ptr instance() { return Ptr(new MatchHotPatchPrologue); } 
    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }
    virtual bool match(const PartitionerConstPtr&, Address anchor) override;
};
 
class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {
protected:
    FunctionPtr function_;
protected:
    MatchAbbreviatedPrologue();
public:
    ~MatchAbbreviatedPrologue();
 
public:
    static Ptr instance();                              
    virtual std::vector<FunctionPtr> functions() const override;
    virtual bool match(const PartitionerConstPtr&, Address anchor) override;
};
 
class MatchEnterPrologue: public FunctionPrologueMatcher {
protected:
    FunctionPtr function_;
public:
    static Ptr instance() { return Ptr(new MatchEnterPrologue); } 
    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }
    virtual bool match(const PartitionerConstPtr&, Address anchor) override;
};
 
class MatchRetPadPush: public FunctionPrologueMatcher {
protected:
    FunctionPtr function_;
public:
    static Ptr instance() { return Ptr(new MatchRetPadPush); } 
    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }
    virtual bool match(const PartitionerConstPtr&, Address anchor) override;
};
 
// FunctionReturnDetector for CFG edges at a function return
 
class FunctionReturnDetector: public BasicBlockCallback {
public:
    static Ptr instance() { return Ptr(new FunctionReturnDetector); } 
    virtual bool operator()(bool chain, const Args&) override;
};
 
// SwitchSuccessors for CFG edges from a C `switch` statement or similar
 
class SwitchSuccessors: public BasicBlockCallback {
public:
private:
    // These get filled in during the pattern matching phase when we're looking at the content of the basic block in question to try
    // to figure out if it has a jump table and if so, some characteristics of that table. */
    std::string matcherName_;                           // pattern matcher that matched
    Sawyer::Optional<Address> tableVa_;                 // possible address for jump table
    JumpTable::EntryType entryType_ = JumpTable::EntryType::ABSOLUTE;
    size_t entrySizeBytes_ = 4;                         // size of each table entry
    Address entryOffset_ = 0;                           // value added to every table entry
 
    // These members are initialized after the jump table is loaded and are used to update the successors and attach basic blocks.
    JumpTable::Ptr mainTable_;
    std::vector<uint8_t> indexes_;                      // indexes into the main table immediately following the main table
 
public:
    ~SwitchSuccessors();
    SwitchSuccessors();
    static Ptr instance(); 
    virtual bool operator()(bool chain, const Args&) override;
 
    // Adjust successors and for the basic block, create a data block, and add everything to the partitioner.
    void addToPartitioner(const Args&, const std::set<Address> &successors) const;
 
private:
    // Pattern matchers that look at
    bool matchPattern1(SgAsmExpression *jmpArg);
    bool matchPattern2(const BasicBlockPtr&, SgAsmInstruction *jmp);
    bool matchPattern3(const PartitionerConstPtr&, const BasicBlockPtr&, SgAsmInstruction *jmp);
    bool matchPattern4(const PartitionerConstPtr&, const BasicBlockPtr&);
    bool matchPattern5(const PartitionerConstPtr&, const BasicBlockPtr&);
    bool matchPatterns(const PartitionerConstPtr&, const BasicBlockPtr&);
 
    // Try to parse the jump table. If successful, create a `table` in this object.
    void parseJumpTable(const Args&);
};
 
// Supporting functions used by this module
 
bool matchEnterAnyZero(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
Sawyer::Optional<Address> matchJmpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchLeaCxMemBpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchJmpMem(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchMovBpSp(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchMovDiDi(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchPushBp(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
bool matchPushSi(const PartitionerConstPtr&, SgAsmX86Instruction*);
 
Sawyer::Optional<Address> findTableBase(SgAsmExpression*);
 
 
} // namespace
} // namespace
} // namespace
} // namespace
 
#endif
#endif