ROSE  0.9.9.109
ModulesX86.h
1 #ifndef ROSE_Partitioner2_ModulesX86_H
2 #define ROSE_Partitioner2_ModulesX86_H
3 
4 #include <Partitioner2/Modules.h>
5 
6 namespace Rose {
7 namespace BinaryAnalysis {
8 namespace Partitioner2 {
9 namespace ModulesX86 {
10 
22 class MatchStandardPrologue: public FunctionPrologueMatcher {
23 protected:
24  Function::Ptr function_;
25 public:
26  static Ptr instance() { return Ptr(new MatchStandardPrologue); }
27  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
28  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
29 };
30 
39 class MatchHotPatchPrologue: public MatchStandardPrologue {
40 public:
41  static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }
42  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
43  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
44 };
45 
47 class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {
48 protected:
49  Function::Ptr function_;
50 public:
51  static Ptr instance() { return Ptr(new MatchAbbreviatedPrologue); }
52  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
53  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
54 };
55 
57 class MatchEnterPrologue: public FunctionPrologueMatcher {
58 protected:
59  Function::Ptr function_;
60 public:
61  static Ptr instance() { return Ptr(new MatchEnterPrologue); }
62  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
63  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
64 };
65 
70 class MatchThunk: public FunctionPrologueMatcher {
71 protected:
72  std::vector<Function::Ptr> functions_;
73 public:
74  static Ptr instance() { return Ptr(new MatchThunk); }
75  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return functions_; }
76  virtual bool match(const Partitioner&, rose_addr_t anchor) ROSE_OVERRIDE;
77 };
78 
80 class MatchRetPadPush: public FunctionPrologueMatcher {
81 protected:
82  Function::Ptr function_;
83 public:
84  static Ptr instance() { return Ptr(new MatchRetPadPush); }
85  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
86  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
87 };
88 
95 class FunctionReturnDetector: public BasicBlockCallback {
96 public:
97  static Ptr instance() { return Ptr(new FunctionReturnDetector); }
98  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
99 };
100 
105 class SwitchSuccessors: public BasicBlockCallback {
106 public:
107  static Ptr instance() { return Ptr(new SwitchSuccessors); }
108  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
109 };
110 
122 size_t isJmpMemThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
123 size_t isLeaJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
124 size_t isMovJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
125 size_t isJmpImmThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
126 size_t isThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
130 bool matchEnterAnyZero(const Partitioner&, SgAsmX86Instruction*);
131 
135 Sawyer::Optional<rose_addr_t> matchJmpConst(const Partitioner&, SgAsmX86Instruction*);
136 
138 bool matchLeaCxMemBpConst(const Partitioner&, SgAsmX86Instruction*);
139 
141 bool matchJmpMem(const Partitioner&, SgAsmX86Instruction*);
142 
144 bool matchMovBpSp(const Partitioner&, SgAsmX86Instruction*);
145 
147 bool matchMovDiDi(const Partitioner&, SgAsmX86Instruction*);
148 
150 bool matchPushBp(const Partitioner&, SgAsmX86Instruction*);
151 
153 bool matchPushSi(const Partitioner&, SgAsmX86Instruction*);
154 
156 size_t isThunk(const std::vector<SgAsmInstruction*> &insns);
157 
161 void splitThunkFunctions(Partitioner&);
162 
170 std::vector<rose_addr_t> scanCodeAddressTable(const Partitioner&, AddressInterval &tableLimits /*in,out*/,
171  const AddressInterval &targetLimits, size_t tableEntrySize);
172 
183 Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);
184 
185 
186 } // namespace
187 } // namespace
188 } // namespace
189 } // namespace
190 
191 #endif
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition: ModulesX86.h:80
Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition: ModulesX86.h:105
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:85
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:42
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition: Modules.h:38
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition: Modules.h:107
SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:638
std
STL namespace.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition: ModulesX86.h:95
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:75
Sawyer
Name space for the entire library.
Definition: Access.h:11
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) ROSE_OVERRIDE
Callback method.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition: ModulesX86.h:47
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:74
SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition: binaryInstruction.C:262
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::match
virtual bool match(const Partitioner &, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
SgAsmExpression
Base class for expressions.
Definition: binaryInstruction.C:2678
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:27
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
Sawyer::SharedPointer< FunctionPrologueMatcher > Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition: Modules.h:110
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:62
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
Sawyer::SharedPointer< BasicBlockCallback > Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition: Modules.h:41
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:289
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:52
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition: ModulesX86.h:39
Generated on Wed Sep 20 2017 03:51:06 for ROSE by   doxygen 1.8.10