ROSE  0.9.12.28
ModulesX86.h
1 #ifndef ROSE_Partitioner2_ModulesX86_H
2 #define ROSE_Partitioner2_ModulesX86_H
3 
4 #include <Partitioner2/Modules.h>
5 #include <Partitioner2/Thunk.h>
6 
7 namespace Rose {
8 namespace BinaryAnalysis {
9 namespace Partitioner2 {
10 
12 namespace ModulesX86 {
13 
25 class MatchStandardPrologue: public FunctionPrologueMatcher {
26 protected:
27  Function::Ptr function_;
28 public:
29  static Ptr instance() { return Ptr(new MatchStandardPrologue); }
30  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
31  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
32 };
33 
42 class MatchHotPatchPrologue: public MatchStandardPrologue {
43 public:
44  static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }
45  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
46  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
47 };
48 
50 class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {
51 protected:
52  Function::Ptr function_;
53 public:
54  static Ptr instance() { return Ptr(new MatchAbbreviatedPrologue); }
55  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
56  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
57 };
58 
60 class MatchEnterPrologue: public FunctionPrologueMatcher {
61 protected:
62  Function::Ptr function_;
63 public:
64  static Ptr instance() { return Ptr(new MatchEnterPrologue); }
65  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
66  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
67 };
68 
70 class MatchRetPadPush: public FunctionPrologueMatcher {
71 protected:
72  Function::Ptr function_;
73 public:
74  static Ptr instance() { return Ptr(new MatchRetPadPush); }
75  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
76  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
77 };
78 
85 class FunctionReturnDetector: public BasicBlockCallback {
86 public:
87  static Ptr instance() { return Ptr(new FunctionReturnDetector); }
88  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
89 };
90 
95 class SwitchSuccessors: public BasicBlockCallback {
96 public:
97  static Ptr instance() { return Ptr(new SwitchSuccessors); }
98  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
99 };
100 
102 bool matchEnterAnyZero(const Partitioner&, SgAsmX86Instruction*);
103 
107 Sawyer::Optional<rose_addr_t> matchJmpConst(const Partitioner&, SgAsmX86Instruction*);
108 
110 bool matchLeaCxMemBpConst(const Partitioner&, SgAsmX86Instruction*);
111 
113 bool matchJmpMem(const Partitioner&, SgAsmX86Instruction*);
114 
116 bool matchMovBpSp(const Partitioner&, SgAsmX86Instruction*);
117 
119 bool matchMovDiDi(const Partitioner&, SgAsmX86Instruction*);
120 
122 bool matchPushBp(const Partitioner&, SgAsmX86Instruction*);
123 
125 bool matchPushSi(const Partitioner&, SgAsmX86Instruction*);
126 
142 std::vector<rose_addr_t> scanCodeAddressTable(const Partitioner&, AddressInterval &tableLimits /*in,out*/,
143  const AddressInterval &targetLimits, size_t tableEntrySize,
144  Sawyer::Optional<rose_addr_t> probableStartVa = Sawyer::Nothing(),
145  size_t nSkippable = 0);
146 
157 Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);
158 
159 
160 } // namespace
161 } // namespace
162 } // namespace
163 } // namespace
164 
165 #endif
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition: ModulesX86.h:70
Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition: ModulesX86.h:95
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:75
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:45
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition: Modules.h:40
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition: Modules.h:109
Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable
std::vector< rose_addr_t > scanCodeAddressTable(const Partitioner &, AddressInterval &tableLimits, const AddressInterval &targetLimits, size_t tableEntrySize, Sawyer::Optional< rose_addr_t > probableStartVa=Sawyer::Nothing(), size_t nSkippable=0)
Reads a table of code addresses.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi
bool matchMovDiDi(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.
std
STL namespace.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp
bool matchPushBp(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition: ModulesX86.h:85
Sawyer::SharedPointer
Reference-counting smart pointer.
Definition: SharedPointer.h:67
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst
bool matchLeaCxMemBpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.
Sawyer
Name space for the entire library.
Definition: BinaryFeasiblePath.h:634
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) ROSE_OVERRIDE
Callback method.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition: ModulesX86.h:50
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst
Sawyer::Optional< rose_addr_t > matchJmpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP constant".
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi
bool matchPushSi(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.
SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition: binaryInstruction.C:266
SgAsmExpression
Base class for expressions.
Definition: binaryInstruction.C:2775
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp
bool matchMovBpSp(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:30
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchEnterAnyZero
bool matchEnterAnyZero(const Partitioner &, SgAsmX86Instruction *)
Matches "ENTER x, 0".
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
Sawyer::SharedPointer< FunctionPrologueMatcher > Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition: Modules.h:112
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:65
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
Sawyer::SharedPointer< BasicBlockCallback > Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition: Modules.h:43
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:316
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:55
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem
bool matchJmpMem(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition: ModulesX86.h:42
Generated on Thu Nov 28 2019 09:02:42 for ROSE by   doxygen 1.8.10