|
ROSE
0.11.123.0
|
Disassembly and partitioning utilities for Intel x86 and amd64.
Classes | |
| class | FunctionReturnDetector |
| Basic block callback to detect function returns. More... | |
| class | MatchAbbreviatedPrologue |
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe. More... | |
| class | MatchEnterPrologue |
| Matches an x86 "ENTER xxx, 0" prologue. More... | |
| class | MatchHotPatchPrologue |
| Matches an x86 function prologue with hot patch. More... | |
| class | MatchRetPadPush |
| Match RET followed by PUSH with intervening no-op padding. More... | |
| class | MatchStandardPrologue |
| Matches an x86 function prologue. More... | |
| class | SwitchSuccessors |
| Basic block callback to detect "switch" statements. More... | |
Functions | |
| bool | matchEnterAnyZero (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "ENTER x, 0". | |
| Sawyer::Optional< rose_addr_t > | matchJmpConst (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "JMP constant". More... | |
| bool | matchLeaCxMemBpConst (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "LEA ECX, [EBP + constant]" or variant. More... | |
| bool | matchJmpMem (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "JMP [address]" or variant. More... | |
| bool | matchMovBpSp (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "MOV EBP, ESP" or variant. More... | |
| bool | matchMovDiDi (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "MOV EDI, EDI" or variant. More... | |
| bool | matchPushBp (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "PUSH EBP" or variant. More... | |
| bool | matchPushSi (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "PUSH SI" or variant. More... | |
| std::vector< rose_addr_t > | scanCodeAddressTable (const PartitionerConstPtr &, AddressInterval &tableLimits, const AddressInterval &targetLimits, SwitchSuccessors::EntryType tableEntryType, size_t tableEntrySizeBytes, Sawyer::Optional< rose_addr_t > probableStartVa=Sawyer::Nothing(), size_t nSkippable=0) |
| Reads a table of code addresses. More... | |
| Sawyer::Optional< rose_addr_t > | findTableBase (SgAsmExpression *) |
| Try to match a base+offset expression. More... | |
| Sawyer::Optional<rose_addr_t> Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "JMP constant".
Returns the constant if matched, nothing otherwise.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchLeaCxMemBpConst | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "LEA ECX, [EBP + constant]" or variant.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpMem | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "JMP [address]" or variant.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovBpSp | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "MOV EBP, ESP" or variant.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchMovDiDi | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "MOV EDI, EDI" or variant.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushBp | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "PUSH EBP" or variant.
| bool Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchPushSi | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "PUSH SI" or variant.
| std::vector<rose_addr_t> Rose::BinaryAnalysis::Partitioner2::ModulesX86::scanCodeAddressTable | ( | const PartitionerConstPtr & | , |
| AddressInterval & | tableLimits, | ||
| const AddressInterval & | targetLimits, | ||
| SwitchSuccessors::EntryType | tableEntryType, | ||
| size_t | tableEntrySizeBytes, | ||
| Sawyer::Optional< rose_addr_t > | probableStartVa = Sawyer::Nothing(), |
||
| size_t | nSkippable = 0 |
||
| ) |
Reads a table of code addresses.
Reads a table of code addresses from within the tableLimits memory range starting at either the specified probableStartVa or the beginning of the tableLimits. If nSkippable is positive, up to that many invalid entries can be skipped before actual valid entries are found. If no entries are skipped and the probableStartVa is larger than the minimum tableLimits then we also look backward from the probableStartVa to consume as many valid table entries as possible within the tableLimits. An entry is valid if it exists in read-only memory and its value (the target address) falls within targetLimits.
If valid table entries are found, and the table is some arbitrarily small number of entries, then it can be followed by zero or more single-byte indexes into the table entries.
Upon return, the tableLimits is adjusted to be the addresses where valid table entries were found unioned with the addresses of the optional post-table indexes. The return value is the valid table entries in the order they occur in the table.
| Sawyer::Optional<rose_addr_t> Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase | ( | SgAsmExpression * | ) |
Try to match a base+offset expression.
Matches expressions like:
Returns the numeric value of base or nothing if the expression is not a recognized form.
1.8.10