Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue Class Reference


Matches an x86 function prologue.

The standard x86 function prologue is:

push ebp
mov ebp, esp

The width of ebp and esp must match the word size for the architecture (i.e., they must be EBP and ESP for the i386 family, and RBP, RSP for the amd64 family).

Definition at line 28 of file ModulesX86.h.

#include <ModulesX86.h>

Public Member Functions

virtual std::vector< Function::Ptrfunctions () const ROSE_OVERRIDE
 Returns the function(s) for the previous successful match. More...
virtual bool match (const Partitioner &partitioner, rose_addr_t anchor) ROSE_OVERRIDE
 Attempt to match an instruction pattern. More...
Static Public Member Functions

static Ptr instance ()
 Allocating constructor. More...

Protected Attributes

Function::Ptr function_

Member Function Documentation

static Ptr Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::instance ( )

Allocating constructor.

Definition at line 32 of file ModulesX86.h.

virtual std::vector<Function::Ptr> Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::functions ( ) const

Returns the function(s) for the previous successful match.

If the previous call to match returned true then this method should return at least one function for the matched function prologue. Although the function returned by this method is often at the same address as the anchor for the match, it need not be. For instance, a matcher could match against some amount of padding followed the instructions for setting up the stack frame, in which case it might choose to return a function that starts at the stack frame setup instructions and includes the padding as static data.

Multiple functions can be created. For instance, if the matcher matches a thunk then two functions will likely be created: the thunk itself, and the function to which it points.

The partitioner will never call function without first having called match.

Implements Rose::BinaryAnalysis::Partitioner2::FunctionPrologueMatcher.

Reimplemented in Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue.

Definition at line 33 of file ModulesX86.h.

virtual bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchStandardPrologue::match ( const Partitioner ,
rose_addr_t  anchor 

Attempt to match an instruction pattern.

If the subclass implementation is able to match instructions, bytes, etc. anchored at the anchor address then it should return true, otherwise false. The anchor address will always be valid for the situation (e.g., if the partitioner is trying to match something anchored at an address that is not in the CFG, then the anchor will be such an address; if it is trying to match something that is definitely an instruction then the address will be mapped with execute permission; etc.). This precondition makes writing matchers that match against a single address easier to write, but matchers that match at additional locations must explicitly check those other locations with the same conditions (FIXME[Robb P. Matzke 2014-08-04]: perhaps we should pass those conditions as an argument).

Implements Rose::BinaryAnalysis::Partitioner2::InstructionMatcher.

Reimplemented in Rose::BinaryAnalysis::Partitioner2::ModulesX86::MatchHotPatchPrologue.

