ROSE  0.9.10.164
ModulesX86.h
1 #ifndef ROSE_Partitioner2_ModulesX86_H
2 #define ROSE_Partitioner2_ModulesX86_H
3 
4 #include <Partitioner2/Modules.h>
5 
6 namespace Rose {
7 namespace BinaryAnalysis {
8 namespace Partitioner2 {
9 
11 namespace ModulesX86 {
12 
24 class MatchStandardPrologue: public FunctionPrologueMatcher {
25 protected:
26  Function::Ptr function_;
27 public:
28  static Ptr instance() { return Ptr(new MatchStandardPrologue); }
29  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
30  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
31 };
32 
41 class MatchHotPatchPrologue: public MatchStandardPrologue {
42 public:
43  static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }
44  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
45  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
46 };
47 
49 class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {
50 protected:
51  Function::Ptr function_;
52 public:
53  static Ptr instance() { return Ptr(new MatchAbbreviatedPrologue); }
54  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
55  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
56 };
57 
59 class MatchEnterPrologue: public FunctionPrologueMatcher {
60 protected:
61  Function::Ptr function_;
62 public:
63  static Ptr instance() { return Ptr(new MatchEnterPrologue); }
64  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
65  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
66 };
67 
72 class MatchThunk: public FunctionPrologueMatcher {
73 protected:
74  std::vector<Function::Ptr> functions_;
75 public:
76  static Ptr instance() { return Ptr(new MatchThunk); }
77  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return functions_; }
78  virtual bool match(const Partitioner&, rose_addr_t anchor) ROSE_OVERRIDE;
79 };
80 
82 class MatchRetPadPush: public FunctionPrologueMatcher {
83 protected:
84  Function::Ptr function_;
85 public:
86  static Ptr instance() { return Ptr(new MatchRetPadPush); }
87  virtual std::vector<Function::Ptr> functions() const ROSE_OVERRIDE { return std::vector<Function::Ptr>(1, function_); }
88  virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE;
89 };
90 
97 class FunctionReturnDetector: public BasicBlockCallback {
98 public:
99  static Ptr instance() { return Ptr(new FunctionReturnDetector); }
100  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
101 };
102 
107 class SwitchSuccessors: public BasicBlockCallback {
108 public:
109  static Ptr instance() { return Ptr(new SwitchSuccessors); }
110  virtual bool operator()(bool chain, const Args&) ROSE_OVERRIDE;
111 };
112 
124 size_t isJmpMemThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
125 size_t isLeaJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
126 size_t isMovJmpThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
127 size_t isJmpImmThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
128 size_t isThunk(const Partitioner&, const std::vector<SgAsmInstruction*>&);
132 bool matchEnterAnyZero(const Partitioner&, SgAsmX86Instruction*);
133 
137 Sawyer::Optional<rose_addr_t> matchJmpConst(const Partitioner&, SgAsmX86Instruction*);
138 
140 bool matchLeaCxMemBpConst(const Partitioner&, SgAsmX86Instruction*);
141 
143 bool matchJmpMem(const Partitioner&, SgAsmX86Instruction*);
144 
146 bool matchMovBpSp(const Partitioner&, SgAsmX86Instruction*);
147 
149 bool matchMovDiDi(const Partitioner&, SgAsmX86Instruction*);
150 
152 bool matchPushBp(const Partitioner&, SgAsmX86Instruction*);
153 
155 bool matchPushSi(const Partitioner&, SgAsmX86Instruction*);
156 
158 size_t isThunk(const std::vector<SgAsmInstruction*> &insns);
159 
163 void splitThunkFunctions(Partitioner&);
164 
172 std::vector<rose_addr_t> scanCodeAddressTable(const Partitioner&, AddressInterval &tableLimits /*in,out*/,
173  const AddressInterval &targetLimits, size_t tableEntrySize);
174 
185 Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);
186 
187 
188 } // namespace
189 } // namespace
190 } // namespace
191 } // namespace
192 
193 #endif
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition: ModulesX86.h:82
Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition: ModulesX86.h:107
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:87
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:44
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition: Modules.h:38
Rose::BinaryAnalysis::Partitioner2::ModulesX86::isJmpImmThunk
size_t isJmpImmThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition: Modules.h:107
SgAsmInstruction
Base class for machine instructions.
Definition: binaryInstruction.C:664
Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi
bool matchMovDiDi(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::isThunk
size_t isThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.
std
STL namespace.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp
bool matchPushBp(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.
Rose
Main namespace for the ROSE library.
Definition: BinaryTutorial.dox:3
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition: ModulesX86.h:97
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:77
Sawyer::SharedPointer
Reference-counting smart pointer.
Definition: SharedPointer.h:34
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst
bool matchLeaCxMemBpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.
Sawyer
Name space for the entire library.
Definition: Access.h:13
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) ROSE_OVERRIDE
Callback method.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition: ModulesX86.h:49
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst
Sawyer::Optional< rose_addr_t > matchJmpConst(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP constant".
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::instance
static Ptr instance()
Allocating constructor.
Definition: ModulesX86.h:76
Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable
std::vector< rose_addr_t > scanCodeAddressTable(const Partitioner &, AddressInterval &tableLimits, const AddressInterval &targetLimits, size_t tableEntrySize)
Reads a table of code addresses.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi
bool matchPushSi(const Partitioner &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::isJmpMemThunk
size_t isJmpMemThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.
SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition: binaryInstruction.C:262
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchThunk::match
virtual bool match(const Partitioner &, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
SgAsmExpression
Base class for expressions.
Definition: binaryInstruction.C:2719
Rose::BinaryAnalysis::Partitioner2::ModulesX86::isMovJmpThunk
size_t isMovJmpThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp
bool matchMovBpSp(const Partitioner &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:29
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchEnterAnyZero
bool matchEnterAnyZero(const Partitioner &, SgAsmX86Instruction *)
Matches "ENTER x, 0".
Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
Sawyer::SharedPointer< FunctionPrologueMatcher > Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition: Modules.h:110
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
Attempt to match an instruction pattern.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:64
Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
Sawyer::SharedPointer< BasicBlockCallback > Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition: Modules.h:41
Rose::BinaryAnalysis::Partitioner2::ModulesX86::splitThunkFunctions
void splitThunkFunctions(Partitioner &)
Split thunks off from start of functions.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::isLeaJmpThunk
size_t isLeaJmpThunk(const Partitioner &, const std::vector< SgAsmInstruction * > &)
Determines whether an instruction sequence begins with a thunk.
Rose::BinaryAnalysis::Partitioner2::Partitioner
Partitions instructions into basic blocks and functions.
Definition: Partitioner.h:293
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< Function::Ptr > functions() const ROSE_OVERRIDE
Returns the function(s) for the previous successful match.
Definition: ModulesX86.h:54
Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem
bool matchJmpMem(const Partitioner &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.
Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition: ModulesX86.h:41
Generated on Thu Feb 14 2019 07:04:19 for ROSE by   doxygen 1.8.10