Description

Analyzes basic blocks to get system call names.

After being initialized with information about how system calls operate, this analysis is able to analyze a basic block that contains a system call and return information about the call such as its name.

Definition at line 22 of file SystemCall.h.

#include <Rose/BinaryAnalysis/SystemCall.h>

Classes
struct	Declaration
	Declarative information about a system call. More...

class	Exception
	Exceptions for system call analysis. More...

Public Types
typedef Sawyer::Container::Map< uint64_t, Declaration >	Declarations
	Table of syscall declarations indexed by syscall IDs.

Public Member Functions
void	declare (const Declaration &declaration)
	Declare a system call.

void	declare (const std::vector< Declaration > &declarations)
	Declare multiple system calls.

void	declare (const boost::filesystem::path &headerFileName)
	Declare multiple system calls by parsing a Linux header file.

const Declarations &	declarations () const
	All declarations.

Sawyer::Optional< Declaration >	lookup (uint64_t id) const
	Look up a system call by ID number.

std::vector< Declaration >	lookup (const std::string &name) const
	Look up system calls by name.

SgAsmInstruction *	hasSystemCall (const Partitioner2::BasicBlockPtr &) const
	Determine whether a basic block has a system call.

virtual Sawyer::Optional< Declaration >	analyze (const Partitioner2::PartitionerConstPtr &, const Partitioner2::BasicBlockPtr &, SgAsmInstruction *, const SmtSolver::Ptr &solver=SmtSolver::Ptr()) const
	Analyze a basic block and return the system calls.

virtual bool	isSystemCall (SgAsmInstruction *) const
	Predicate to determine whether an instruction is a system call.


const AbstractLocation &	ident () const
	Property: Abstract location that identifies the particular system call.

void	ident (const AbstractLocation &location)
	Property: Abstract location that identifies the particular system call.

Static Public Member Functions
static std::vector< Declaration >	parseHeaderFile (const boost::filesystem::path &headerFileName)
	Parse a Linux header file to obtain declarations for system calls.

Member Typedef Documentation

◆ Declarations

typedef Sawyer::Container::Map<uint64_t , Declaration> Rose::BinaryAnalysis::SystemCall::Declarations

Table of syscall declarations indexed by syscall IDs.

Definition at line 49 of file SystemCall.h.

Constructor & Destructor Documentation

◆ ~SystemCall()

virtual Rose::BinaryAnalysis::SystemCall::~SystemCall ( )

inlinevirtual

Definition at line 56 of file SystemCall.h.

Member Function Documentation

◆ declarations()

const Declarations & Rose::BinaryAnalysis::SystemCall::declarations ( ) const

inline

All declarations.

Definition at line 68 of file SystemCall.h.

◆ lookup() [1/2]

Sawyer::Optional< Declaration > Rose::BinaryAnalysis::SystemCall::lookup ( uint64_t id ) const

Look up a system call by ID number.

There is at most one system call declaration per ID.

◆ lookup() [2/2]

std::vector< Declaration > Rose::BinaryAnalysis::SystemCall::lookup ( const std::string & name ) const

Look up system calls by name.

There can be more than one system call with the same name, although this is uncommon.

◆ hasSystemCall()

SgAsmInstruction * Rose::BinaryAnalysis::SystemCall::hasSystemCall ( const Partitioner2::BasicBlockPtr & ) const

Determine whether a basic block has a system call.

If the specified basic block has a system call instruction, then the pointer to that instruction is returned. Otherwise a null pointer is returned. The determination is made by invoking isSystemCall for each instruction, which is intended to be a fairly inexpensive operation (certainly less expensive than analyze).

◆ ident() [1/2]

const AbstractLocation & Rose::BinaryAnalysis::SystemCall::ident ( ) const

inline

Property: Abstract location that identifies the particular system call.

This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.

Definition at line 92 of file SystemCall.h.

◆ ident() [2/2]

void Rose::BinaryAnalysis::SystemCall::ident ( const AbstractLocation & location )

inline

Property: Abstract location that identifies the particular system call.

This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.

Definition at line 93 of file SystemCall.h.

◆ analyze()

virtual Sawyer::Optional< Declaration > Rose::BinaryAnalysis::SystemCall::analyze	(	const Partitioner2::PartitionerConstPtr &	,
		const Partitioner2::BasicBlockPtr &	,
		SgAsmInstruction *	,
		const SmtSolver::Ptr &	solver = `SmtSolver::Ptr()`
	)		const

virtual

Analyze a basic block and return the system calls.

Analyzes the basic block using the same instruction semantics as the partitioner. If an instruction is specified then it should be the instruction that is the actual system call within the specified basic block. If no instruction is specified then isSystemCall is invoked for each instruction and the first for which it returns true is considered to be the system call instruction.

If a system call instruction is specified or found, then the pre-instruction semantic state is queried according to ident to obtain a concrete value of a register or memory location. This value is looked up in the list of known system calls to return either a system call declaration or nothing.

Throws an exception if semantic analysis fails.

The documentation for this class was generated from the following file:

SystemCall.h

Description

Classes

Public Types

Public Member Functions

Static Public Member Functions

Member Typedef Documentation

◆ Declarations

Constructor & Destructor Documentation

◆ ~SystemCall()

Member Function Documentation

◆ declarations()

◆ lookup() [1/2]

◆ lookup() [2/2]

◆ hasSystemCall()

◆ ident() [1/2]

◆ ident() [2/2]

◆ analyze()