ROSE_HTML_Reference/ModulesX86_8h_source.html

 #ifndef ROSE_Partitioner2_ModulesX86_H

 #define ROSE_Partitioner2_ModulesX86_H


 #include <Partitioner2/Modules.h>


 namespace Rose {

 namespace BinaryAnalysis {

 namespace Partitioner2 {


 namespace ModulesX86 {


 class MatchStandardPrologue: public FunctionPrologueMatcher {

 protected:

     Function::Ptr function_;

 public:

     static Ptr instance() { return Ptr(new MatchStandardPrologue); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }

     virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class MatchHotPatchPrologue: public MatchStandardPrologue {

 public:

     static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }

     virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {

 protected:

     Function::Ptr function_;

 public:

     static Ptr instance() { return Ptr(new MatchAbbreviatedPrologue); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }

     virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class MatchEnterPrologue: public FunctionPrologueMatcher {

 protected:

     Function::Ptr function_;

 public:

     static Ptr instance() { return Ptr(new MatchEnterPrologue); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }

     virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class MatchThunk: public FunctionPrologueMatcher {

 protected:

     std::vector<Function::Ptr> functions_;

 public:

     static Ptr instance() { return Ptr(new MatchThunk); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return functions_; }

     virtual bool match(const Partitioner&, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class MatchRetPadPush: public FunctionPrologueMatcher {

 protected:

     Function::Ptr function_;

 public:

     static Ptr instance() { return Ptr(new MatchRetPadPush); }

     virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }

     virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;

 };


 class FunctionReturnDetector: public BasicBlockCallback {

 public:

     static Ptr instance() { return Ptr(new FunctionReturnDetector); }

     virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;

 };


 class SwitchSuccessors: public BasicBlockCallback {

 public:

     static Ptr instance() { return Ptr(new SwitchSuccessors); }

     virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;

 };


 size_t isJmpMemThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);

 size_t isLeaJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);

 size_t isMovJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);

 size_t isJmpImmThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);

 size_t isThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);

 bool matchEnterAnyZero(const Partitioner&, SgAsmX86Instruction*);


 Sawyer::Optional<rose_addr_t> matchJmpConst(const Partitioner&, SgAsmX86Instruction*);


 bool matchLeaCxMemBpConst(const Partitioner&, SgAsmX86Instruction*);


 bool matchJmpMem(const Partitioner&, SgAsmX86Instruction*);


 bool matchMovBpSp(const Partitioner&, SgAsmX86Instruction*);


 bool matchMovDiDi(const Partitioner&, SgAsmX86Instruction*);


 bool matchPushBp(const Partitioner&, SgAsmX86Instruction*);


 bool matchPushSi(const Partitioner&, SgAsmX86Instruction*);


 size_t isThunk(const std::vector<SgAsmInstruction*> &insns);


 void splitThunkFunctions(Partitioner&);


 std::vector<rose_addr_t> scanCodeAddressTable(const Partitioner&, AddressInterval &tableLimits /*in,out*/,

                                               const AddressInterval &targetLimits, size_t tableEntrySize);


 Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);


 } // namespace

 } // namespace

 } // namespace

 } // namespace


 #endif

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition: ModulesX86.h:82

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition: ModulesX86.h:107

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:87

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:28

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:44

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition: Modules.h:38

Rose::BinaryAnalysis::Partitioner2::ModulesX86::isJmpImmThunk
size_t isJmpImmThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition: Modules.h:107

SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:664

Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi
bool matchMovDiDi(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::isThunk
size_t isThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.

std
STL namespace.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp
bool matchPushBp(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.

Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition: ModulesX86.h:97

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:77

Sawyer::SharedPointer< Function >

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst
bool matchLeaCxMemBpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.

Sawyer
Name space for the entire library.
Definition: Access.h:13

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) ROSE_OVERRIDE
Callback method.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition: ModulesX86.h:49

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:63

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst
Sawyer::Optional< rose_addr_t > matchJmpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP constant".

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:76

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:109

Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable
std::vector< rose_addr_t > scanCodeAddressTable(const Partitioner &, AddressInterval &tableLimits, const AddressInterval &targetLimits, size_t tableEntrySize)
Reads a table of code addresses.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue
Matches an x86 function prologue.
Definition: ModulesX86.h:24

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi
bool matchPushSi(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::isJmpMemThunk
size_t isJmpMemThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.

SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition: binaryInstruction.C:262

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::match
virtual bool match(const Partitioner &, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:99

SgAsmExpression
Base class for expressions.
Definition: binaryInstruction.C:2719

BinaryAnalysis

Rose::BinaryAnalysis::Partitioner2::ModulesX86::isMovJmpThunk
size_t isMovJmpThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp
bool matchMovBpSp(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:29

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk
Match thunk.
Definition: ModulesX86.h:72

Sawyer::Container::Interval< rose_addr_t >

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchEnterAnyZero
bool matchEnterAnyZero(const Partitioner &, SgAsmX86Instruction *)
Matches "ENTER x, 0".

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
Sawyer::SharedPointer< FunctionPrologueMatcher > Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition: Modules.h:110

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:64

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
Sawyer::SharedPointer< BasicBlockCallback > Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition: Modules.h:41

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:43

Rose::BinaryAnalysis::Partitioner2::ModulesX86::splitThunkFunctions
void splitThunkFunctions(Partitioner &)
Split thunks off from start of functions.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::isLeaJmpThunk
size_t isLeaJmpThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:86

Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:293

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:54

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem
bool matchJmpMem(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue
Matches an x86 "ENTER xxx, 0" prologue.
Definition: ModulesX86.h:59

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition: ModulesX86.h:41