Description
Callback to restore PEScrambler function call edges.
This basic block callback is invoked each time the partitioner discovers a new instruction. It looks at the instruction's successors, and if the only successor is the PEScrambler dispatch function (as specified during callback construction) then the successor edge is replace with the edge to the original callee as if PEScrambler's dispatcher did the replacement.
Definition at line 80 of file ModulesPe.h.
#include <ModulesPe.h>
Classes | |
| struct | DispatchEntry |
| One dispatch table entry in native format. More... | |
Public Types | |
| typedef Sawyer::SharedPointer< PeDescrambler > | Ptr |
| Shared-ownership pointer to a PeDescrambler. More... | |
| typedef std::vector< DispatchEntry > | DispatchTable |
| The function dispatch table. More... | |
 Public Types inherited from Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback | |
| enum | Termination { CONTINUE_DISCOVERY, TERMINATE_NOW, TERMINATE_PRIOR } |
| Whether to terminate a basic block. More... | |
| typedef Sawyer::SharedPointer< BasicBlockCallback > | Ptr |
| Shared-ownership pointer to a BasicBlockCallback. More... | |
Public Member Functions | |
| void | nameKeyAddresses (Partitioner &) |
| Name certain addresses in the specimen. More... | |
| rose_addr_t | dispatcherVa () const |
| Virtual address of PEScrambler dispatch function. More... | |
| rose_addr_t | dispatchTableVa () const |
| Virtual address of PEScrambler dispatch table. More... | |
| virtual bool | operator() (bool chain, const Args &) ROSE_OVERRIDE |
| Callback method. More... | |
| const DispatchTable & | dispatchTable () const |
| Dispatch table. More... | |
| DispatchTable & | dispatchTable () |
| Dispatch table. More... | |
| Public Member Functions inherited from Sawyer::SharedObject | |
| SharedObject () | |
| Default constructor. More... | |
| SharedObject (const SharedObject &) | |
| Copy constructor. More... | |
| virtual | ~SharedObject () |
| Virtual destructor. More... | |
| SharedObject & | operator= (const SharedObject &) |
| Assignment. More... | |
Static Public Member Functions | |
| static Ptr | instance (rose_addr_t dispatcherVa, rose_addr_t dispatchTableVa) |
| Construct a new PeDescrambler. More... | |
| static Ptr | instance (rose_addr_t dispatcherVa) |
| Construct a new PeDescrambler. More... | |
Protected Member Functions | |
| PeDescrambler (rose_addr_t dispatcherVa, rose_addr_t dispatchTableVa) | |
Member Typedef Documentation
| typedef Sawyer::SharedPointer<PeDescrambler> Rose::BinaryAnalysis::Partitioner2::ModulesPe::PeDescrambler::Ptr |
Shared-ownership pointer to a PeDescrambler.
See Shared ownership.
Definition at line 83 of file ModulesPe.h.
| typedef std::vector<DispatchEntry> Rose::BinaryAnalysis::Partitioner2::ModulesPe::PeDescrambler::DispatchTable |
The function dispatch table.
The first part of the table, up to and including the first zero-valued returnVa, has calleeVa values which are function addresses. The second part of the table's calleeVa values are addresses containing the address of a function (i.e., an extra level of indirection).
Definition at line 98 of file ModulesPe.h.
Member Function Documentation
|
inlinestatic |
Construct a new PeDescrambler.
The dispatcherVa is the virtual address of the PEScrambler dispatch function. One can easily find it by looking at the call graph since it will be the function that probably has many more callers than any other function. The dispatchTableVa is the address of the PEScrambler dispatch table, which normally starts at the first byte past the end of the dispatch function.
Definition at line 122 of file ModulesPe.h.
|
inlinestatic |
Construct a new PeDescrambler.
This is the same as the two-argument constructor, but the dispatch table address is assumed to be at a fixed offset from the dispatch function.
Definition at line 130 of file ModulesPe.h.
| void Rose::BinaryAnalysis::Partitioner2::ModulesPe::PeDescrambler::nameKeyAddresses | ( | Partitioner & | ) |
Name certain addresses in the specimen.
Names the PEScrambler dispatch address and dispatch table address if they don't have names yet.
|
inline |
Virtual address of PEScrambler dispatch function.
Definition at line 140 of file ModulesPe.h.
|
inline |
Virtual address of PEScrambler dispatch table.
Definition at line 143 of file ModulesPe.h.
|
inline |
Dispatch table.
Returns a reference to the dispatch table as it currently exists in this callback. The callback extends the table only as needed in order to locate a return address, and the table is extended in arbitrary sized chunks (so it may contain data that isn't actually part of the table as far as the specimen is concerned). The caller is free to modify the table. See DispatchTable for more information.
Definition at line 153 of file ModulesPe.h.
|
inline |
Dispatch table.
Returns a reference to the dispatch table as it currently exists in this callback. The callback extends the table only as needed in order to locate a return address, and the table is extended in arbitrary sized chunks (so it may contain data that isn't actually part of the table as far as the specimen is concerned). The caller is free to modify the table. See DispatchTable for more information.
Definition at line 154 of file ModulesPe.h.
|
virtual |
Callback method.
This is the method invoked for the callback. The chain argument is the return value from the previous callback in the list (true for the first callback). The successor callbacks use chain to indicate whether subsequent callbacks should do anything.
Implements Rose::BinaryAnalysis::Partitioner2::BasicBlockCallback.
The documentation for this class was generated from the following file:
