|
ROSE
0.11.145.0
|
Analyzes basic blocks to get system call names.
After being initialized with information about how system calls operate, this analysis is able to analyze a basic block that contains a system call and return information about the call such as its name.
Definition at line 22 of file SystemCall.h.
#include <Rose/BinaryAnalysis/SystemCall.h>
Classes | |
| struct | Declaration |
| Declarative information about a system call. More... | |
| class | Exception |
| Exceptions for system call analysis. More... | |
Public Types | |
| typedef Sawyer::Container::Map< uint64_t, Declaration > | Declarations |
| Table of syscall declarations indexed by syscall IDs. More... | |
Public Member Functions | |
| void | declare (const Declaration &declaration) |
| Declare a system call. More... | |
| void | declare (const std::vector< Declaration > &declarations) |
| Declare multiple system calls. More... | |
| void | declare (const boost::filesystem::path &headerFileName) |
| Declare multiple system calls by parsing a Linux header file. More... | |
| const Declarations & | declarations () const |
| All declarations. More... | |
| Sawyer::Optional< Declaration > | lookup (uint64_t id) const |
| Look up a system call by ID number. More... | |
| std::vector< Declaration > | lookup (const std::string &name) const |
| Look up system calls by name. More... | |
| SgAsmInstruction * | hasSystemCall (const Partitioner2::BasicBlockPtr &) const |
| Determine whether a basic block has a system call. More... | |
| virtual Sawyer::Optional< Declaration > | analyze (const Partitioner2::PartitionerConstPtr &, const Partitioner2::BasicBlockPtr &, SgAsmInstruction *, const SmtSolver::Ptr &solver=SmtSolver::Ptr()) const |
| Analyze a basic block and return the system calls. More... | |
| virtual bool | isSystemCall (SgAsmInstruction *) const |
| Predicate to determine whether an instruction is a system call. More... | |
| const AbstractLocation & | ident () const |
| Property: Abstract location that identifies the particular system call. More... | |
| void | ident (const AbstractLocation &location) |
| Property: Abstract location that identifies the particular system call. More... | |
Static Public Member Functions | |
| static std::vector< Declaration > | parseHeaderFile (const boost::filesystem::path &headerFileName) |
| Parse a Linux header file to obtain declarations for system calls. More... | |
| typedef Sawyer::Container::Map<uint64_t , Declaration> Rose::BinaryAnalysis::SystemCall::Declarations |
Table of syscall declarations indexed by syscall IDs.
Definition at line 49 of file SystemCall.h.
| void Rose::BinaryAnalysis::SystemCall::declare | ( | const Declaration & | declaration | ) |
Declare a system call.
| void Rose::BinaryAnalysis::SystemCall::declare | ( | const std::vector< Declaration > & | declarations | ) |
Declare multiple system calls.
| void Rose::BinaryAnalysis::SystemCall::declare | ( | const boost::filesystem::path & | headerFileName | ) |
Declare multiple system calls by parsing a Linux header file.
|
inline |
All declarations.
Definition at line 68 of file SystemCall.h.
| Sawyer::Optional<Declaration> Rose::BinaryAnalysis::SystemCall::lookup | ( | uint64_t | id | ) | const |
Look up a system call by ID number.
There is at most one system call declaration per ID.
| std::vector<Declaration> Rose::BinaryAnalysis::SystemCall::lookup | ( | const std::string & | name | ) | const |
Look up system calls by name.
There can be more than one system call with the same name, although this is uncommon.
|
static |
Parse a Linux header file to obtain declarations for system calls.
| SgAsmInstruction* Rose::BinaryAnalysis::SystemCall::hasSystemCall | ( | const Partitioner2::BasicBlockPtr & | ) | const |
Determine whether a basic block has a system call.
If the specified basic block has a system call instruction, then the pointer to that instruction is returned. Otherwise a null pointer is returned. The determination is made by invoking isSystemCall for each instruction, which is intended to be a fairly inexpensive operation (certainly less expensive than analyze).
|
inline |
Property: Abstract location that identifies the particular system call.
This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.
Definition at line 92 of file SystemCall.h.
|
inline |
Property: Abstract location that identifies the particular system call.
This is a register or memory location that identifies which system call is being invoked. For instance, for a specimen that's intended to run on 32-bit i386 Linux, the identifying location is the EAX register.
Definition at line 93 of file SystemCall.h.
|
virtual |
Analyze a basic block and return the system calls.
Analyzes the basic block using the same instruction semantics as the partitioner. If an instruction is specified then it should be the instruction that is the actual system call within the specified basic block. If no instruction is specified then isSystemCall is invoked for each instruction and the first for which it returns true is considered to be the system call instruction.
If a system call instruction is specified or found, then the pre-instruction semantic state is queried according to ident to obtain a concrete value of a register or memory location. This value is looked up in the list of known system calls to return either a system call declaration or nothing.
Throws an exception if semantic analysis fails.
|
virtual |
Predicate to determine whether an instruction is a system call.
1.8.10