ROSE_HTML_Reference/ModulesX86_8h_source.html

#ifndef ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H

#define ROSE_BinaryAnalysis_Partitioner2_ModulesX86_H

#include <featureTests.h>

#ifdef ROSE_ENABLE_BINARY_ANALYSIS

#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>


#include <Rose/BinaryAnalysis/Partitioner2/Modules.h>


namespace Rose {

namespace BinaryAnalysis {

namespace Partitioner2 {


namespace ModulesX86 {


class MatchStandardPrologue: public FunctionPrologueMatcher {

protected:

    FunctionPtr function_;

protected:

    MatchStandardPrologue();

public:

    ~MatchStandardPrologue();


public:

    static Ptr instance();

    virtual std::vector<FunctionPtr> functions() const override;

    virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

};


class MatchHotPatchPrologue: public MatchStandardPrologue {

public:

    static Ptr instance() { return Ptr(new MatchHotPatchPrologue); }

    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

    virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

};


class MatchAbbreviatedPrologue: public FunctionPrologueMatcher {

protected:

    FunctionPtr function_;

protected:

    MatchAbbreviatedPrologue();

public:

    ~MatchAbbreviatedPrologue();


public:

    static Ptr instance();

    virtual std::vector<FunctionPtr> functions() const override;

    virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

};


class MatchEnterPrologue: public FunctionPrologueMatcher {

protected:

    FunctionPtr function_;

public:

    static Ptr instance() { return Ptr(new MatchEnterPrologue); }

    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

    virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

};


class MatchRetPadPush: public FunctionPrologueMatcher {

protected:

    FunctionPtr function_;

public:

    static Ptr instance() { return Ptr(new MatchRetPadPush); }

    virtual std::vector<FunctionPtr> functions() const override { return std::vector<FunctionPtr>(1, function_); }

    virtual bool match(const PartitionerConstPtr&, rose_addr_t anchor) override;

};


class FunctionReturnDetector: public BasicBlockCallback {

public:

    static Ptr instance() { return Ptr(new FunctionReturnDetector); }


    virtual bool operator()(bool chain, const Args&) override;

};


class SwitchSuccessors: public BasicBlockCallback {

public:

    enum EntryType { ABSOLUTE, RELATIVE };


private:

    Sawyer::Optional<rose_addr_t> tableVa_;             // possible address for jump table

    EntryType entryType_;                               // type of table entries

    size_t entrySizeBytes_;                             // size of each table entry


public:

    SwitchSuccessors()

        : entryType_(ABSOLUTE), entrySizeBytes_(4) {}

    static Ptr instance() { return Ptr(new SwitchSuccessors); }


    virtual bool operator()(bool chain, const Args&) override;

private:

    bool matchPattern1(SgAsmExpression *jmpArg);

    bool matchPattern2(const BasicBlockPtr&, SgAsmInstruction *jmp);

    bool matchPattern3(const PartitionerConstPtr&, const BasicBlockPtr&, SgAsmInstruction *jmp);

    bool matchPatterns(const PartitionerConstPtr&, const BasicBlockPtr&);

};


bool matchEnterAnyZero(const PartitionerConstPtr&, SgAsmX86Instruction*);


Sawyer::Optional<rose_addr_t> matchJmpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchLeaCxMemBpConst(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchJmpMem(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchMovBpSp(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchMovDiDi(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchPushBp(const PartitionerConstPtr&, SgAsmX86Instruction*);


bool matchPushSi(const PartitionerConstPtr&, SgAsmX86Instruction*);


std::vector<rose_addr_t> scanCodeAddressTable(const PartitionerConstPtr&, AddressInterval &tableLimits /*in,out*/,

                                              const AddressInterval &targetLimits,

                                              SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes,

                                              Sawyer::Optional<rose_addr_t> probableStartVa = Sawyer::Nothing(),

                                              size_t nSkippable = 0);


Sawyer::Optional<rose_addr_t> findTableBase(SgAsmExpression*);


} // namespace

} // namespace

} // namespace

} // namespace


#endif

#endif


Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback
Base class for adjusting basic blocks during discovery.
Definition Modules.h:39

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Ptr
BasicBlockCallbackPtr Ptr
Shared-ownership pointer to a BasicBlockCallback.
Definition Modules.h:42

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher
Base class for matching function prologues.
Definition Modules.h:108

Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher::Ptr
FunctionPrologueMatcherPtr Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
Definition Modules.h:111

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector
Basic block callback to detect function returns.
Definition ModulesX86.h:97

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::instance
static Ptr instance()
Allocating constructor.
Definition ModulesX86.h:99

Rose::BinaryAnalysis::Partitioner2::ModulesX86::FunctionReturnDetector::operator()
virtual bool operator()(bool chain, const Args &) override
Callback method.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe.
Definition ModulesX86.h:57

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::functions
virtual std::vector< FunctionPtr > functions() const override
Returns the function(s) for the previous successful match.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::instance
static Ptr instance()
Allocating constructor.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue
Matches an x86 "ENTER xxx, 0" prologue.
Definition ModulesX86.h:72

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::functions
virtual std::vector< FunctionPtr > functions() const override
Returns the function(s) for the previous successful match.
Definition ModulesX86.h:77

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue::instance
static Ptr instance()
Allocating constructor.
Definition ModulesX86.h:76

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue
Matches an x86 function prologue with hot patch.
Definition ModulesX86.h:49

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::instance
static Ptr instance()
Allocating constructor.
Definition ModulesX86.h:51

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::functions
virtual std::vector< FunctionPtr > functions() const override
Returns the function(s) for the previous successful match.
Definition ModulesX86.h:52

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush
Match RET followed by PUSH with intervening no-op padding.
Definition ModulesX86.h:82

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::instance
static Ptr instance()
Allocating constructor.
Definition ModulesX86.h:86

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush::functions
virtual std::vector< FunctionPtr > functions() const override
Returns the function(s) for the previous successful match.
Definition ModulesX86.h:87

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue
Matches an x86 function prologue.
Definition ModulesX86.h:27

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions
virtual std::vector< FunctionPtr > functions() const override
Returns the function(s) for the previous successful match.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::instance
static Ptr instance()
Allocating constructor.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match
virtual bool match(const PartitionerConstPtr &, rose_addr_t anchor) override
Attempt to match an instruction pattern.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors
Basic block callback to detect "switch" statements.
Definition ModulesX86.h:107

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors::instance
static Ptr instance()
Allocating constructor.
Definition ModulesX86.h:119

Rose::BinaryAnalysis::Partitioner2::ModulesX86::SwitchSuccessors::operator()
virtual bool operator()(bool chain, const Args &) override
Callback method.

Sawyer::Container::Interval< Address >

Sawyer::Nothing
Represents no value.
Definition Optional.h:36

Sawyer::Optional
Holds a value or nothing.
Definition Optional.h:56

Sawyer::SharedPointer< Function >

SgAsmExpression
Base class for expressions.
Definition binaryInstruction.C:44270

SgAsmInstruction
Base class for machine instructions.
Definition binaryInstruction.C:43518

SgAsmX86Instruction
Represents one Intel x86 machine instruction.
Definition binaryInstruction.C:122

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp
bool matchMovBpSp(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "MOV EBP, ESP" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchEnterAnyZero
bool matchEnterAnyZero(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "ENTER x, 0".

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp
bool matchPushBp(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "PUSH EBP" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi
bool matchMovDiDi(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "MOV EDI, EDI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst
Sawyer::Optional< rose_addr_t > matchJmpConst(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "JMP constant".

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi
bool matchPushSi(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "PUSH SI" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem
bool matchJmpMem(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "JMP [address]" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase
Sawyer::Optional< rose_addr_t > findTableBase(SgAsmExpression *)
Try to match a base+offset expression.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst
bool matchLeaCxMemBpConst(const PartitionerConstPtr &, SgAsmX86Instruction *)
Matches "LEA ECX, [EBP + constant]" or variant.

Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable
std::vector< rose_addr_t > scanCodeAddressTable(const PartitionerConstPtr &, AddressInterval &tableLimits, const AddressInterval &targetLimits, SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes, Sawyer::Optional< rose_addr_t > probableStartVa=Sawyer::Nothing(), size_t nSkippable=0)
Reads a table of code addresses.

Rose
The ROSE library.
Definition BinaryTutorial.dox:3

Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback::Args
Arguments passed to the callback.
Definition Modules.h:58