Description
Base class for matching function prologues.
A function prologue is a pattern of bytes or instructions that typically mark the beginning of a function. For instance, many x86-based functions start with "PUSH EBX; MOV EBX, ESP" while many M68k functions begin with a single LINK instruction affecting the A6 register. A subclass must implement the match method that does the actual pattern matching. If the match method returns true, then the partitioner will call the Function Declarations method to obtain the new function objects.
The matcher will be called only with anchor addresses that are mapped with execute permission and which are not a starting address of any instruction in the CFG. The matcher should ensure similar conditions are met for any additional addresses.
#include <Rose/BinaryAnalysis/Partitioner2/Modules.h>
Public Types | |
| using | Ptr = FunctionPrologueMatcherPtr |
| Shared-ownership pointer to a FunctionPrologueMatcher. | |
 Public Types inherited from Rose::BinaryAnalysis::Partitioner2::InstructionMatcher | |
| typedef Sawyer::SharedPointer< InstructionMatcher > | Ptr |
| Shared-ownership pointer to an InstructionMatcher. | |
Public Member Functions | |
| virtual std::vector< FunctionPtr > | functions () const =0 |
| Returns the function(s) for the previous successful match. | |
| Public Member Functions inherited from Rose::BinaryAnalysis::Partitioner2::InstructionMatcher | |
| virtual bool | match (const PartitionerConstPtr &, rose_addr_t anchor)=0 |
| Attempt to match an instruction pattern. | |
| Public Member Functions inherited from Sawyer::SharedObject | |
| SharedObject () | |
| Default constructor. | |
| SharedObject (const SharedObject &) | |
| Copy constructor. | |
| virtual | ~SharedObject () |
| Virtual destructor. | |
| SharedObject & | operator= (const SharedObject &) |
| Assignment. | |
Member Typedef Documentation
◆ Ptr
Shared-ownership pointer to a FunctionPrologueMatcher.
See Shared ownership.
Member Function Documentation
◆ functions()
|
pure virtual |
Returns the function(s) for the previous successful match.
If the previous call to match returned true then this method should return at least one function for the matched function prologue. Although the function returned by this method is often at the same address as the anchor for the match, it need not be. For instance, a matcher could match against some amount of padding followed the instructions for setting up the stack frame, in which case it might choose to return a function that starts at the stack frame setup instructions and includes the padding as static data.
Multiple functions can be created. For instance, if the matcher matches a thunk then two functions will likely be created: the thunk itself, and the function to which it points.
The partitioner will never call Function Declarations without first having called match.
Implemented in Rose::BinaryAnalysis::Partitioner2::Modules::MatchThunk, Rose::BinaryAnalysis::Partitioner2::ModulesM68k::MatchLink, Rose::BinaryAnalysis::Partitioner2::ModulesMips::MatchRetAddiu, Rose::BinaryAnalysis::Partitioner2::ModulesPowerpc::MatchStwuPrologue, Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue, Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue, Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchAbbreviatedPrologue, Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchEnterPrologue, and Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchRetPadPush.
The documentation for this class was generated from the following file:
