|
ROSE 0.11.145.275
|
Disassembly and partitioning utilities for Intel x86 and amd64.
Classes | |
| class | FunctionReturnDetector |
| Basic block callback to detect function returns. More... | |
| class | MatchAbbreviatedPrologue |
Matches an x86 MOV EDI,EDI; PUSH ESI function prologe. More... | |
| class | MatchEnterPrologue |
| Matches an x86 "ENTER xxx, 0" prologue. More... | |
| class | MatchHotPatchPrologue |
| Matches an x86 function prologue with hot patch. More... | |
| class | MatchRetPadPush |
| Match RET followed by PUSH with intervening no-op padding. More... | |
| class | MatchStandardPrologue |
| Matches an x86 function prologue. More... | |
| class | SwitchSuccessors |
| Basic block callback to detect "switch" statements. More... | |
Functions | |
| bool | matchEnterAnyZero (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "ENTER x, 0". | |
| Sawyer::Optional< Address > | matchJmpConst (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "JMP constant". | |
| bool | matchLeaCxMemBpConst (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "LEA ECX, [EBP + constant]" or variant. | |
| bool | matchJmpMem (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "JMP [address]" or variant. | |
| bool | matchMovBpSp (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "MOV EBP, ESP" or variant. | |
| bool | matchMovDiDi (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "MOV EDI, EDI" or variant. | |
| bool | matchPushBp (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "PUSH EBP" or variant. | |
| bool | matchPushSi (const PartitionerConstPtr &, SgAsmX86Instruction *) |
| Matches "PUSH SI" or variant. | |
| Sawyer::Optional< Address > | findTableBase (SgAsmExpression *) |
| Try to match a base+offset expression. | |
| Sawyer::Optional< Address > Rose::BinaryAnalysis::Partitioner2::ModulesX86::matchJmpConst | ( | const PartitionerConstPtr & | , |
| SgAsmX86Instruction * | |||
| ) |
Matches "JMP constant".
Returns the constant if matched, nothing otherwise.
| Sawyer::Optional< Address > Rose::BinaryAnalysis::Partitioner2::ModulesX86::findTableBase | ( | SgAsmExpression * | ) |
Try to match a base+offset expression.
Matches expressions like:
Returns the numeric value of base or nothing if the expression is not a recognized form.
1.9.8