1 #ifndef ROSE_Partitioner2_ModulesX86_H
2 #define ROSE_Partitioner2_ModulesX86_H
4 #include <featureTests.h>
5 #ifdef ROSE_ENABLE_BINARY_ANALYSIS
7 #include <Partitioner2/Modules.h>
8 #include <Partitioner2/Thunk.h>
12 namespace Partitioner2 {
15 namespace ModulesX86 {
33 virtual std::vector<Function::Ptr>
functions() const ROSE_OVERRIDE {
return std::vector<Function::Ptr>(1, function_); }
34 virtual bool match(
const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
48 virtual std::vector<Function::Ptr>
functions() const ROSE_OVERRIDE {
return std::vector<Function::Ptr>(1, function_); }
49 virtual bool match(
const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
58 virtual std::vector<Function::Ptr>
functions() const ROSE_OVERRIDE {
return std::vector<Function::Ptr>(1, function_); }
59 virtual bool match(
const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
68 virtual std::vector<Function::Ptr>
functions() const ROSE_OVERRIDE {
return std::vector<Function::Ptr>(1, function_); }
69 virtual bool match(
const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
78 virtual std::vector<Function::Ptr>
functions() const ROSE_OVERRIDE {
return std::vector<Function::Ptr>(1, function_); }
79 virtual bool match(
const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
91 virtual bool operator()(
bool chain,
const Args&) ROSE_OVERRIDE;
100 enum EntryType { ABSOLUTE, RELATIVE };
104 EntryType entryType_;
105 size_t entrySizeBytes_;
109 : entryType_(ABSOLUTE), entrySizeBytes_(4) {}
111 virtual bool operator()(
bool chain,
const Args&) ROSE_OVERRIDE;
116 bool matchPatterns(const Partitioner&, const BasicBlockPtr&);
131 bool matchJmpMem(const Partitioner&, SgAsmX86Instruction*);
134 bool matchMovBpSp(const Partitioner&, SgAsmX86Instruction*);
137 bool matchMovDiDi(const Partitioner&, SgAsmX86Instruction*);
140 bool matchPushBp(const Partitioner&, SgAsmX86Instruction*);
143 bool matchPushSi(const Partitioner&, SgAsmX86Instruction*);
163 Sawyer::Optional<rose_addr_t> probableStartVa =
Sawyer::Nothing(),
164 size_t nSkippable = 0);
Match RET followed by PUSH with intervening no-op padding.
Basic block callback to detect "switch" statements.
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
static Ptr instance()
Allocating constructor.
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Base class for adjusting basic blocks during discovery.
Base class for matching function prologues.
Base class for machine instructions.
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.
bool matchMovDiDi(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
bool matchPushBp(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.
Main namespace for the ROSE library.
Basic block callback to detect function returns.
std::vector< rose_addr_t > scanCodeAddressTable(const Partitioner &, AddressInterval &tableLimits, const AddressInterval &targetLimits, SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes, Sawyer::Optional< rose_addr_t > probableStartVa=Sawyer::Nothing(), size_t nSkippable=0)
Reads a table of code addresses.
bool matchLeaCxMemBpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.
Name space for the entire library.
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
virtual bool operator()(bool chain, const Args &) ROSE_OVERRIDE
Callback method.
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
static Ptr instance()
Allocating constructor.
Sawyer::Optional< rose_addr_t > matchJmpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP constant".
static Ptr instance()
Allocating constructor.
Matches an x86 function prologue.
bool matchPushSi(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.
Represents one Intel x86 machine instruction.
static Ptr instance()
Allocating constructor.
Base class for expressions.
bool matchMovBpSp(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
bool matchEnterAnyZero(const Partitioner &, SgAsmX86Instruction *)
Matches "ENTER x, 0".
Sawyer::SharedPointer< FunctionPrologueMatcher > Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Sawyer::SharedPointer< BasicBlockCallback > Ptr
Shared-ownership pointer to a BasicBlockCallback.
static Ptr instance()
Allocating constructor.
static Ptr instance()
Allocating constructor.
Partitions instructions into basic blocks and functions.
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
bool matchJmpMem(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.
Matches an x86 "ENTER xxx, 0" prologue.
Matches an x86 function prologue with hot patch.
