Description
Engine for specimens containing machine instructions.
This engine is reponsible for creating a partitioner for a specimen that has machine instructions such as the Intel x86 family of instruction sets, Arm instruction sets, PowerPC instructio sets, Motorola instruction sets, MIPS instruction sets, etc. It is specifically not to be used for byte code targeting the likes of the Java Virtual Machine (JVM) or the Common Language Runtime (CLR).
This engine provides an instance static member function that instantiates an engine of this type on the heap and returns a shared-ownership pointer to the instance. Refer to the base class, Partitioner2::Engine, to learn how to instantiate engines from factories.
This engine uses a hybrid approach combining linear and recursvie diassembly. Linear disassembly progresses by starting at some low address in the specimen address space, disassembling one instruction, and then moving on to the next (fallthrough) address and repeating. This approach is quite good at disassembling everything (especially for fixed length instructions) but makes no attempt to organize instructions according to flow of control. On the other hand, recursive disassembly uses a work list containing known instruction addresses, disassembles an instruction from the worklist, determines its control flow successors, and adds those addresses to the work list. As a side effect, it produces a control flow graph. ROSE's hybrid approach uses linear disassembly to find starting points using heuristics such as common compiler function prologues and epilogues, references from symbol tables of various types, and other available data. Once starting points are known, ROSE uses recursive disassembly to follow the control flow. Various kinds of analysis and heuristics are used to control the finer points of recursive disassembly. Part of the trick to a successful and accurate disassembly of what is essentially equivalent to the halting problem, depends on finding the right balance between the pure recursive approach and the heuristics and analyses. This balance is often different for each kind of specimens.
Definition at line 47 of file EngineBinary.h.
#include <Rose/BinaryAnalysis/Partitioner2/EngineBinary.h>
Public Types | |
| using | Ptr = EngineBinaryPtr |
| Shared ownership pointer. More... | |
 Public Types inherited from Rose::BinaryAnalysis::Partitioner2::Engine | |
| using | Ptr = EnginePtr |
| Shared ownership pointer. More... | |
Public Member Functions | |
| virtual bool | matchFactory (const std::vector< std::string > &specimen) const override |
| virtual EnginePtr | instanceFromFactory (const Settings &) override |
| virtual void | reset () override |
| Reset the engine to its initial state. More... | |
| virtual std::list< Sawyer::CommandLine::SwitchGroup > | commandLineSwitches () override |
| virtual std::pair< std::string, std::string > | specimenNameDocumentation () override |
| virtual bool | isNonContainer (const std::string &) override |
| Determine whether a specimen name is a non-container. More... | |
| virtual bool | areContainersParsed () const override |
| Returns true if containers are parsed. More... | |
| virtual void | loadVxCore (const std::string &spec) |
| Parses a vxcore specification and initializes memory. More... | |
| virtual void | loadContainers (const std::vector< std::string > &fileNames) |
| Loads memory from binary containers. More... | |
| virtual void | loadNonContainers (const std::vector< std::string > &names) |
| Loads memory from non-containers. More... | |
| virtual PartitionerPtr | createGenericPartitioner () |
| Create a generic partitioner. More... | |
| virtual PartitionerPtr | createTunedPartitioner () |
| Create a tuned partitioner. More... | |
| virtual PartitionerPtr | createPartitionerFromAst (SgAsmInterpretation *) |
| Create a partitioner from an AST. More... | |
| virtual PartitionerPtr | createPartitioner () override |
| Create partitioner. More... | |
| virtual void | runPartitionerInit (const PartitionerPtr &) override |
| Finds interesting things to work on initially. More... | |
| virtual void | runPartitionerRecursive (const PartitionerPtr &) override |
| Runs the recursive part of partioning. More... | |
| virtual void | runPartitionerFinal (const PartitionerPtr &) override |
| Runs the final parts of partitioning. More... | |
| virtual bool | partitionCilSections (const PartitionerPtr &) |
| Partition any sections containing CIL code. More... | |
| bool | hasCilCodeSection () |
| Determine whether the interpretation header contains a CIL code section. More... | |
| virtual std::vector< FunctionPtr > | makeEntryFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions at specimen entry addresses. More... | |
| virtual std::vector< FunctionPtr > | makeErrorHandlingFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions at error handling addresses. More... | |
| virtual std::vector< FunctionPtr > | makeImportFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions at import trampolines. More... | |
| virtual std::vector< FunctionPtr > | makeExportFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions at export addresses. More... | |
| virtual std::vector< FunctionPtr > | makeSymbolFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions for symbols. More... | |
| virtual std::vector< FunctionPtr > | makeContainerFunctions (const PartitionerPtr &, SgAsmInterpretation *) |
| Make functions based on specimen container. More... | |
| virtual std::vector< FunctionPtr > | makeInterruptVectorFunctions (const PartitionerPtr &, const AddressInterval &vector) |
| Make functions from an interrupt vector. More... | |
| virtual std::vector< FunctionPtr > | makeUserFunctions (const PartitionerPtr &, const std::vector< rose_addr_t > &) |
| Make a function at each specified address. More... | |
| virtual void | discoverBasicBlocks (const PartitionerPtr &) |
| Discover as many basic blocks as possible. More... | |
| virtual FunctionPtr | makeNextDataReferencedFunction (const PartitionerConstPtr &, rose_addr_t &startVa) |
| Scan read-only data to find function pointers. More... | |
| virtual FunctionPtr | makeNextCodeReferencedFunction (const PartitionerConstPtr &) |
| Scan instruction ASTs to function pointers. More... | |
| virtual std::vector< FunctionPtr > | makeCalledFunctions (const PartitionerPtr &) |
| Make functions for function call edges. More... | |
| virtual std::vector< FunctionPtr > | makeFunctionFromInterFunctionCalls (const PartitionerPtr &, rose_addr_t &startVa) |
| Make functions from inter-function calls. More... | |
| virtual void | discoverFunctions (const PartitionerPtr &) |
| Discover as many functions as possible. More... | |
| virtual std::set< rose_addr_t > | attachDeadCodeToFunction (const PartitionerPtr &, const FunctionPtr &, size_t maxIterations=size_t(-1)) |
| Attach dead code to function. More... | |
| virtual DataBlockPtr | attachPaddingToFunction (const PartitionerPtr &, const FunctionPtr &) |
| Attach function padding to function. More... | |
| virtual std::vector< DataBlockPtr > | attachPaddingToFunctions (const PartitionerPtr &) |
| Attach padding to all functions. More... | |
| virtual size_t | attachAllSurroundedCodeToFunctions (const PartitionerPtr &) |
| Attach all possible intra-function basic blocks to functions. More... | |
| virtual size_t | attachSurroundedCodeToFunctions (const PartitionerPtr &) |
| Attach intra-function basic blocks to functions. More... | |
| virtual void | attachBlocksToFunctions (const PartitionerPtr &) |
| Attach basic blocks to functions. More... | |
| virtual std::set< rose_addr_t > | attachDeadCodeToFunctions (const PartitionerPtr &, size_t maxIterations=size_t(-1)) |
| Attach dead code to functions. More... | |
| virtual std::vector< DataBlockPtr > | attachSurroundedDataToFunctions (const PartitionerPtr &) |
| Attach intra-function data to functions. More... | |
| virtual bool | makeNextCallReturnEdge (const PartitionerPtr &, boost::logic::tribool assumeCallReturns) |
| Insert a call-return edge and discover its basic block. More... | |
| virtual BasicBlockPtr | makeNextBasicBlockFromPlaceholder (const PartitionerPtr &) |
| Discover basic block at next placeholder. More... | |
| virtual BasicBlockPtr | makeNextBasicBlock (const PartitionerPtr &) |
| Discover a basic block. More... | |
| SgAsmBlock * | frontend (const std::vector< std::string > &args, const std::string &purpose, const std::string &description) override |
| virtual SgAsmInterpretation * | parseContainers (const std::vector< std::string > &fileNames) override |
| virtual MemoryMapPtr | loadSpecimens (const std::vector< std::string > &fileNames=std::vector< std::string >()) override |
| virtual PartitionerPtr | partition (const std::vector< std::string > &fileNames=std::vector< std::string >()) override |
| virtual SgAsmBlock * | buildAst (const std::vector< std::string > &fileNames=std::vector< std::string >()) override |
| virtual BinaryLoaderPtr | obtainLoader (const BinaryLoaderPtr &hint) |
| Obtain a binary loader. More... | |
| virtual BinaryLoaderPtr | obtainLoader () |
| Obtain a binary loader. More... | |
| virtual std::vector< FunctionPtr > | makeNextPrologueFunction (const PartitionerPtr &, rose_addr_t startVa) |
| Make function at prologue pattern. More... | |
| virtual std::vector< FunctionPtr > | makeNextPrologueFunction (const PartitionerPtr &, rose_addr_t startVa, rose_addr_t &lastSearchedVa) |
| Make function at prologue pattern. More... | |
| BinaryLoaderPtr | binaryLoader () const |
| Property: binary loader. More... | |
| virtual void | binaryLoader (const BinaryLoaderPtr &) |
| Property: binary loader. More... | |
| ThunkPredicatesPtr | functionMatcherThunks () const |
| Property: Predicate for finding functions that are thunks. More... | |
| virtual void | functionMatcherThunks (const ThunkPredicatesPtr &) |
| Property: Predicate for finding functions that are thunks. More... | |
| ThunkPredicatesPtr | functionSplittingThunks () const |
| Property: Predicate for finding thunks at the start of functions. More... | |
| virtual void | functionSplittingThunks (const ThunkPredicatesPtr &) |
| Property: Predicate for finding thunks at the start of functions. More... | |
| Public Member Functions inherited from Sawyer::SharedObject | |
| SharedObject () | |
| Default constructor. More... | |
| SharedObject (const SharedObject &) | |
| Copy constructor. More... | |
| virtual | ~SharedObject () |
| Virtual destructor. More... | |
| SharedObject & | operator= (const SharedObject &) |
| Assignment. More... | |
| Public Member Functions inherited from Sawyer::SharedFromThis< Engine > | |
| SharedPointer< Engine > | sharedFromThis () |
Create a shared pointer from this. More... | |
| SharedPointer< const Engine > | sharedFromThis () const |
Create a shared pointer from this. More... | |
Static Public Member Functions | |
| static EngineBinaryPtr | instance () |
| Allocating constructor. More... | |
| static EngineBinaryPtr | instance (const Settings &) |
| Allocating constructor with settings. More... | |
| static EngineBinaryPtr | factory () |
| Allocate a factory. More... | |
| static Sawyer::CommandLine::SwitchGroup | engineSwitches (EngineSettings &) |
| Command-line switches related to the general engine behavior. More... | |
| static Sawyer::CommandLine::SwitchGroup | loaderSwitches (LoaderSettings &) |
| Command-line switches related to loading specimen into memory. More... | |
| static Sawyer::CommandLine::SwitchGroup | disassemblerSwitches (DisassemblerSettings &) |
| Command-line switches related to decoding instructions. More... | |
| static Sawyer::CommandLine::SwitchGroup | partitionerSwitches (PartitionerSettings &) |
| Command-line switches related to partitioning instructions. More... | |
| static Sawyer::CommandLine::SwitchGroup | astConstructionSwitches (AstConstructionSettings &) |
| Command-line switches related to constructing an AST from the partitioner. More... | |
Protected Member Functions | |
| EngineBinary ()=delete | |
| Default constructor. More... | |
| EngineBinary (const Settings &) | |
| Protected Member Functions inherited from Rose::BinaryAnalysis::Partitioner2::Engine | |
| Engine ()=delete | |
| Default constructor. More... | |
| Engine (const Engine &)=delete | |
| Engine & | operator= (const Engine &)=delete |
| Engine (const std::string &name, const Settings &settings) | |
Allocating instance constructors are implemented by the non-abstract subclasses. More... | |
Member Typedef Documentation
Shared ownership pointer.
Definition at line 53 of file EngineBinary.h.
Constructor & Destructor Documentation
|
protecteddelete |
Default constructor.
Deleted, use factory method instance() instead.
Member Function Documentation
|
static |
Allocating constructor.
|
static |
Allocating constructor with settings.
|
static |
Allocate a factory.
|
overridevirtual |
Reset the engine to its initial state.
This does not reset the settings properties since that can be done easily by constructing a new engine. It only resets the interpretation, binary loader, disassembler, and memory map so all the top-level steps get executed again. This is a useful way to re-use the same partitioner to process multiple specimens.
|
static |
Command-line switches related to the general engine behavior.
The switches are configured to adjust the specified settings object when parsed.
|
static |
Command-line switches related to loading specimen into memory.
The switches are configured to adjust the specified settings object when parsed.
|
static |
Command-line switches related to decoding instructions.
The switches are configured to adjust the specified settings object when parsed.
|
static |
Command-line switches related to partitioning instructions.
The switches are configured to adjust the specified settings object when parsed.
|
static |
Command-line switches related to constructing an AST from the partitioner.
The switches are configured to adjust the specified settings object when parsed.
|
overridevirtual |
Determine whether a specimen name is a non-container.
Certain strings are recognized as special instructions for how to adjust a memory map and are not intended to be passed to ROSE's frontend function. This predicate returns true for such strings.
|
overridevirtual |
Returns true if containers are parsed.
Specifically, returns true if the engine has a non-null interpretation. If it has a null interpretation then parseContainers might have already been called but no binary containers specified, in which case calling it again with the same file names will have no effect.
|
virtual |
Parses a vxcore specification and initializes memory.
Parses a VxWorks core dump in the format defined by Jim Leek and loads the data into ROSE's analysis memory. The argument should be everything after the first colon in the URL "vxcore:[MEMORY_ATTRS]:[FILE_ATTRS]:FILE_NAME".
|
virtual |
Obtain a binary loader.
Find a suitable binary loader by one of the following methods (in this order):
- If this engine's binaryLoader property is non-null, then return that loader.
- If a binary container was parsed (areContainersParsed returns true and interpretation is non-null) then a loader is chosen based on the interpretation, and configured to map container sections into memory but not perform any linking or relocation fixups.
- If a
hintis supplied, use it.
- Fail by throwing an
std::runtime_error.
In any case, the binaryLoader property is set to this method's return value.
|
virtual |
Obtain a binary loader.
Find a suitable binary loader by one of the following methods (in this order):
- If this engine's binaryLoader property is non-null, then return that loader.
- If a binary container was parsed (areContainersParsed returns true and interpretation is non-null) then a loader is chosen based on the interpretation, and configured to map container sections into memory but not perform any linking or relocation fixups.
- If a
hintis supplied, use it.
- Fail by throwing an
std::runtime_error.
In any case, the binaryLoader property is set to this method's return value.
|
virtual |
Loads memory from binary containers.
If the engine has an interpretation whose memory map is missing or empty, then the engine obtains a binary loader via obtainLoader and invokes its load method on the interpretation. It then copies the interpretation's memory map into the engine (if present, or leaves it as is).
|
virtual |
Loads memory from non-containers.
Processes each non-container string (as determined by isNonContainer) and modifies the memory map according to the string.
|
virtual |
Create a generic partitioner.
A generic partitioner should work for any architecture but is not fine-tuned for any particular architecture. The engine must have disassembler (if doDisassemble property is set) and memoryMap properties assigned already, either explicitly or as the result of earlier steps.
|
virtual |
Create a tuned partitioner.
Returns a partitioner that is tuned to operate on a specific instruction set architecture. The engine must have disassembler (if doDisassemble property is set) and memoryMap properties assigned already, either explicitly or as the result of earlier steps.
|
virtual |
Create a partitioner from an AST.
Partitioner data structures are often more useful and more efficient for analysis than an AST. This method initializes the engine and a new partitioner with information from the AST.
|
overridevirtual |
Create partitioner.
This is the method usually called to create a new partitioner. The binary engine class just calls createTunedPartitioner.
|
overridevirtual |
Finds interesting things to work on initially.
Seeds the partitioner with addresses and functions where recursive disassembly should begin.
|
overridevirtual |
Runs the recursive part of partioning.
This is the long-running guts of the partitioner.
|
overridevirtual |
Runs the final parts of partitioning.
This does anything necessary after the main part of partitioning is finished. For instance, it might give names to some functions that don't have names yet.
|
virtual |
Partition any sections containing CIL code.
Decodes and partitions any sections of type SgAsmCliHeader. These sections contain CIL byte code.
Returns true if a section containing CIL code was found, false otherwise.
| bool Rose::BinaryAnalysis::Partitioner2::EngineBinary::hasCilCodeSection | ( | ) |
Determine whether the interpretation header contains a CIL code section.
When the interpretation has a header with a section named "CLR Runtime Header", it contains CIL code. This predicate returns true for such interpretations.
|
virtual |
Make functions at specimen entry addresses.
A function is created at each specimen entry address for all headers in the specified interpretation and adds them to the specified partitioner's CFG/AUM.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions at error handling addresses.
Makes a function at each error handling address in the specified interpratation and inserts the function into the specified partitioner's CFG/AUM.
Returns the list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions at import trampolines.
Makes a function at each import trampoline and inserts them into the specified partitioner's CFG/AUM. An import trampoline is a thunk that branches to a dynamically loaded/linked function. Since ROSE does not necessarily load/link dynamic functions, they often don't appear in the executable. Therefore, this function can be called to create functions from the trampolines and give them the same name as the function they would have called had the link step been performed.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions at export addresses.
Makes a function at each address that is indicated as being an exported function, and inserts them into the specified partitioner's CFG/AUM.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions for symbols.
Makes a function for each function symbol in the various symbol tables under the specified interpretation and inserts them into the specified partitioner's CFG/AUM.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions based on specimen container.
Traverses the specified interpretation parsed from, for example, related ELF or PE containers, and make functions at certain addresses that correspond to specimen entry points, imports and exports, symbol tables, etc. This method only calls many of the other "make*Functions" methods and accumulates their results.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make functions from an interrupt vector.
Reads the interrupt vector and builds functions for its entries. The functions are inserted into the partitioner's CFG/AUM.
Returns the list of such functions, some of which may have existed prior to this call.
|
virtual |
Make a function at each specified address.
A function is created at each address and is attached to the partitioner's CFG/AUM. Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Discover as many basic blocks as possible.
Processes the "undiscovered" work list until the list becomes empty. This list is the list of basic block placeholders for which no attempt has been made to discover instructions. This method implements a recursive descent disassembler, although it does not process the control flow edges in any particular order. Subclasses are expected to override this to implement a more directed approach to discovering basic blocks.
|
virtual |
Scan read-only data to find function pointers.
Scans read-only data beginning at the specified address in order to find pointers to code, and makes a new function at when found. The pointer must be word aligned and located in memory that's mapped read-only (not writable and not executable), and it must not point to an unknown instruction or an instruction that overlaps with any instruction that's already in the CFG/AUM.
Returns a pointer to a newly-allocated function that has not yet been attached to the CFG/AUM, or a null pointer if no function was found. In any case, the startVa is updated so it points to the next read-only address to check.
Functions created in this manner have the SgAsmFunction::FUNC_SCAN_RO_DATA reason.
|
virtual |
Scan instruction ASTs to function pointers.
Scans each instruction to find pointers to code and makes a new function when found. The pointer must be word aligned and located in memory that's mapped read-only (not writable and not executable), and it most not point to an unknown instruction of an instruction that overlaps with any instruction that's already in the CFG/AUM.
This function requires that the partitioner has been initialized to track instruction ASTs as they are added to and removed from the CFG/AUM.
Returns a pointer to a newly-allocated function that has not yet been attached to the CFG/AUM, or a null pointer if no function was found.
Functions created in this manner have the SgAsmFunction::FUNC_INSN_RO_DATA reason.
|
virtual |
Make functions for function call edges.
Scans the partitioner's CFG to find edges that are marked as function calls and makes a function at each target address that is concrete. The function is added to the specified partitioner's CFG/AUM.
Returns a list of such functions, some of which may have existed prior to this call.
|
virtual |
Make function at prologue pattern.
Scans executable memory starting at the specified address and which is not represented in the CFG/AUM and looks for byte patterns and/or instruction patterns that indicate the start of a function. When a pattern is found a function (or multiple functions, depending on the type of matcher) is created and inserted into the specified partitioner's CFG/AUM.
Patterns are found by calling the Partitioner::nextFunctionPrologue method, which most likely invokes a variety of predefined and user-defined callbacks to search for the next pattern.
Returns a vector of non-null function pointers pointer for the newly inserted functions, otherwise returns an empty vector. If the lastSearchedVa is provided, it will be set to the highest address at which a function prologue was searched.
|
virtual |
Make function at prologue pattern.
Scans executable memory starting at the specified address and which is not represented in the CFG/AUM and looks for byte patterns and/or instruction patterns that indicate the start of a function. When a pattern is found a function (or multiple functions, depending on the type of matcher) is created and inserted into the specified partitioner's CFG/AUM.
Patterns are found by calling the Partitioner::nextFunctionPrologue method, which most likely invokes a variety of predefined and user-defined callbacks to search for the next pattern.
Returns a vector of non-null function pointers pointer for the newly inserted functions, otherwise returns an empty vector. If the lastSearchedVa is provided, it will be set to the highest address at which a function prologue was searched.
|
virtual |
Make functions from inter-function calls.
This method scans the unused executable areas between existing functions to look for additional function calls and creates new functions for those calls. It starts the scan at startVa which is updated upon return to be the next address that needs to be scanned. The startVa is never incremented past the end of the address space (i.e., it never wraps back around to zero), so care should be taken to not call this in an infinite loop when the end of the address space is reached.
The scanner tries to discover new basic blocks in the unused portion of the address space. These basic blocks are not allowed to overlap with existing, attached basic blocks, data blocks, or functions since that is an indication that we accidentally disassembled non-code. If the basic block looks like a function call and the target address(es) is not pointing into the middle of an existing basic block, data-block, or function then a new function is created at the target address. The basic blocks which were scanned are not explicitly attached to the partitioner's CFG since we cannot be sure we found their starting address, but they might be later attached by following the control flow from the functions we did discover.
Returns the new function(s) for the first basic block that satisfied the requirements outlined above, and updates startVa to be a greater address which is not part of the basic block that was scanned.
|
virtual |
Discover as many functions as possible.
Discover as many functions as possible by discovering as many basic blocks as possible (discoverBasicBlocks), Each time we run out of basic blocks to try, we look for another function prologue pattern at the lowest possible address and then recursively discover more basic blocks. When this procedure is exhausted a call to attachBlocksToFunctions tries to attach each basic block to a function.
|
virtual |
Attach dead code to function.
Examines the ghost edges for the basic blocks that belong to the specified function in order to discover basic blocks that are not reachable according the CFG, adds placeholders for those basic blocks, and causes the function to own those blocks.
If maxIterations is larger than one then multiple iterations are performed. Between each iteration makeNextBasicBlock is called repeatedly to recursively discover instructions for all pending basic blocks, and then the CFG is traversed to add function-reachable basic blocks to the function. The loop terminates when the maximum number of iterations is reached, or when no more dead code can be found within this function.
Returns the set of newly discovered addresses for unreachable code. These are the ghost edge target addresses discovered at each iteration of the loop and do not include addresses of basic blocks that are reachable from the ghost target blocks.
|
virtual |
Attach function padding to function.
Examines the memory immediately prior to the specified function's entry address to determine if it is alignment padding. If so, it creates a data block for the padding and adds it to the function.
Returns the padding data block, which might have existed prior to this call. Returns null if the function apparently has no padding.
|
virtual |
Attach padding to all functions.
Invokes attachPaddingToFunction for each known function and returns the set of data blocks that were returned by the individual calls.
|
virtual |
Attach all possible intra-function basic blocks to functions.
This is similar to attachSurroundedCodeToFunctions except it calls that method repeatedly until it cannot do anything more. Between each call it also follows the CFG for the newly discovered blocks to discover as many blocks as possible, creates more functions by looking for function calls, and attaches additional basic blocks to functions by following the CFG for each function.
This method is called automatically by Engine::runPartitioner if the findingIntraFunctionCode property is set.
Returns the sum from all the calls to attachSurroundedCodeToFunctions.
|
virtual |
Attach intra-function basic blocks to functions.
This method scans the unused address intervals (those addresses that are not represented by the CFG/AUM). For each unused interval, if the interval is immediately surrounded by a single function then a basic block placeholder is created at the beginning of the interval and added to the function.
Returns the number of new placeholders created.
|
virtual |
Attach basic blocks to functions.
Calls Partitioner::discoverFunctionBasicBlocks once for each known function the partitioner's CFG/AUM in a sophomoric attempt to assign existing basic blocks to functions.
|
virtual |
Attach dead code to functions.
Calls attachDeadCodeToFunction once for each function that exists in the specified partitioner's CFG/AUM, passing along maxIterations each time.
Returns the union of the dead code addresses discovered for each function.
|
virtual |
Attach intra-function data to functions.
Looks for addresses that are not part of the partitioner's CFG/AUM and which are surrounded immediately below and above by the same function and add that address interval as a data block to the surrounding function. Returns the list of such data blocks added.
|
virtual |
Insert a call-return edge and discover its basic block.
Inserts a call-return (E_CALL_RETURN) edge for some function call that lacks such an edge and for which the callee may return. The assumeCallReturns parameter determines whether a call-return edge should be added or not for callees whose may-return analysis is indeterminate. If assumeCallReturns is true then an indeterminate callee will have a call-return edge added; if false then no call-return edge is added; if indeterminate then no call-return edge is added at this time but the vertex is saved so it can be reprocessed later.
Returns true if a new call-return edge was added to some call, or false if no such edge could be added. A post condition for a false return is that the pendingCallReturn list is empty.
|
virtual |
Discover basic block at next placeholder.
Discovers a basic block at some arbitrary placeholder. Returns a pointer to the new basic block if a block was discovered, or null if no block is discovered. A postcondition for a null return is that the CFG has no edges coming into the "undiscovered" vertex.
|
virtual |
Discover a basic block.
Discovers another basic block if possible. A variety of methods will be used to determine where to discover the next basic block:
- Discover a block at a placeholder by calling makeNextBasicBlockFromPlaceholder
- Insert a new call-return (E_CALL_RETURN) edge for a function call that may return. Insertion of such an edge may result in a new placeholder for which this method then discovers a basic block. The call-return insertion happens in two passes: the first pass only adds an edge for a callee whose may-return analysis is positive; the second pass relaxes that requirement and inserts an edge for any callee whose may-return is indeterminate (i.e., if ROSE can't prove that a callee never returns then assume it may return).
Returns the basic block that was discovered, or the null pointer if there are no pending undiscovered blocks.
| BinaryLoaderPtr Rose::BinaryAnalysis::Partitioner2::EngineBinary::binaryLoader | ( | ) | const |
Property: binary loader.
The binary loader that maps a binary container's sections into simulated memory and optionally performs dynamic linking and relocation fixups. If none is specified then the engine will choose one based on the container.
|
virtual |
Property: binary loader.
The binary loader that maps a binary container's sections into simulated memory and optionally performs dynamic linking and relocation fixups. If none is specified then the engine will choose one based on the container.
| ThunkPredicatesPtr Rose::BinaryAnalysis::Partitioner2::EngineBinary::functionMatcherThunks | ( | ) | const |
Property: Predicate for finding functions that are thunks.
This collective predicate is used when searching for function prologues in order to create new functions. Its purpose is to try to match sequences of instructions that look like thunks and then create a function at that address. A suitable default list of predicates is created when the engine is initialized, and can either be replaced by a new list, an empty list, or the list itself can be adjusted. The list is consulted only when findingThunks is set.
|
virtual |
Property: Predicate for finding functions that are thunks.
This collective predicate is used when searching for function prologues in order to create new functions. Its purpose is to try to match sequences of instructions that look like thunks and then create a function at that address. A suitable default list of predicates is created when the engine is initialized, and can either be replaced by a new list, an empty list, or the list itself can be adjusted. The list is consulted only when findingThunks is set.
| ThunkPredicatesPtr Rose::BinaryAnalysis::Partitioner2::EngineBinary::functionSplittingThunks | ( | ) | const |
Property: Predicate for finding thunks at the start of functions.
This collective predicate is used when searching for thunks at the beginnings of existing functions in order to split those thunk instructions into their own separate function. A suitable default list of predicates is created when the engine is initialized, and can either be replaced by a new list, an empty list, or the list itself can be adjusted. The list is consulted only when splittingThunks is set.
|
virtual |
Property: Predicate for finding thunks at the start of functions.
This collective predicate is used when searching for thunks at the beginnings of existing functions in order to split those thunk instructions into their own separate function. A suitable default list of predicates is created when the engine is initialized, and can either be replaced by a new list, an empty list, or the list itself can be adjusted. The list is consulted only when splittingThunks is set.
The documentation for this class was generated from the following file:
