Description
Settings that control the engine partitioning.
These switches are used by the engine to control how it partitions addresses into instructions and static data, instructions into basic blocks, and basic blocks and static data into functions. Some of these settings are copied into a Partitioner object while others affect the Engine directly.
The runtime descriptions and command-line parser for these switches can be obtained from Engine::partitionerSwitches.
Definition at line 404 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
#include <Rose/BinaryAnalysis/Partitioner2/BasicTypes.h>
Public Attributes | |
| BasePartitionerSettings | base |
| Base partitioner settings. More... | |
| std::vector< rose_addr_t > | functionStartingVas |
| Starting addresses for disassembly. More... | |
| bool | followingGhostEdges = false |
| Whether to follow ghost edges. More... | |
| bool | discontiguousBlocks = true |
| Whether to allow discontiguous basic blocks. More... | |
| size_t | maxBasicBlockSize = 0 |
| Maximum size for basic blocks. More... | |
| std::vector< rose_addr_t > | ipRewrites |
| CFG edge rewrite pairs. More... | |
| bool | findingFunctionPadding = true |
| Whether to find function padding. More... | |
| bool | findingDeadCode = true |
| Whether to find dead code. More... | |
| rose_addr_t | peScramblerDispatcherVa = 0 |
| PE-Scrambler dispatcher address. More... | |
| size_t | findingIntraFunctionCode = 10 |
| Whether to find intra-function code. More... | |
| bool | findingIntraFunctionData = true |
| Whether to find intra-function data. More... | |
| bool | findingInterFunctionCalls = true |
| Whether to search for function calls between exiting functions. More... | |
| bool | findingFunctionCallFunctions = true |
| Whether to turn function call targets into functions. More... | |
| bool | findingEntryFunctions = true |
| Whether to make functions at program entry points. More... | |
| bool | findingErrorFunctions = true |
| Whether to make error handling functions. More... | |
| bool | findingImportFunctions = true |
| Whether to make functions at import addresses. More... | |
| bool | findingExportFunctions = true |
| Whether to make functions at export addresses. More... | |
| bool | findingSymbolFunctions = true |
| Whether to make functions according to symbol tables. More... | |
| AddressInterval | interruptVector |
| Property: Location of machine interrupt vector. More... | |
| bool | doingPostAnalysis = true |
| Whether to perform any post-partitioning analysis steps. More... | |
| bool | doingPostFunctionMayReturn = true |
| Whether to run the function may-return analysis. More... | |
| bool | doingPostFunctionStackDelta = true |
| Whether to run the function stack delta analysis. More... | |
| bool | doingPostCallingConvention = false |
| Whether to run calling-convention analysis. More... | |
| bool | doingPostFunctionNoop = false |
| Whether to run no-op function analysis. More... | |
| FunctionReturnAnalysis | functionReturnAnalysis = MAYRETURN_DEFAULT_YES |
| How to run the function may-return analysis. More... | |
| size_t | functionReturnAnalysisMaxSorts = 50 |
| Maximum number of function may-return sorting operations. More... | |
| bool | findingDataFunctionPointers = false |
| Whether to search static data for function pointers. More... | |
| bool | findingCodeFunctionPointers = false |
| Whether to search existing instructions for function pointers. More... | |
| bool | findingThunks = true |
| Whether to match thunk patterns. More... | |
| bool | splittingThunks = false |
| Whether to split thunk instructions into mini functions. More... | |
| SemanticMemoryParadigm | semanticMemoryParadigm = LIST_BASED_MEMORY |
| Type of container for semantic memory. More... | |
| AddressInterval | namingConstants = AddressInterval::hull(4096, AddressInterval::whole().greatest()) |
| Whether to give names to constants. More... | |
| AddressInterval | namingStrings = AddressInterval::hull(4096, AddressInterval::whole().greatest()) |
| Addresses where strings might start. More... | |
| bool | namingSyscalls = true |
| Whether to give names to system calls. More... | |
| boost::filesystem::path | syscallHeader |
| Header file in which system calls are defined. More... | |
| bool | demangleNames = true |
| Whether to demangle names. More... | |
Member Data Documentation
| BasePartitionerSettings Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::base |
Base partitioner settings.
Definition at line 406 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| std::vector<rose_addr_t> Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::functionStartingVas |
Starting addresses for disassembly.
This is a list of addresses where functions will be created to start recursive disassembly. These addresses are in addition to entry addresses, addresses from symbols, addresses from configuration files, etc.
Definition at line 412 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::followingGhostEdges = false |
Whether to follow ghost edges.
A "ghost edge" is a control flow graph (CFG) edge that would be present if the CFG-building analysis looked only at individual instructions, but would be absent when the analysis considers coarser units of code. For instance, consider the following x86 instructions:
If the analysis looks only at instruction 3, then it appears to have two CFG successors: instructions 4 and 5. But if the analysis looks at the first three instructions collectively it will ascertain that instruction 3 has an opaque predicate, that the only valid CFG successor is instruction 4, and that the edge from 3 to 5 is a "ghost". In fact, if there are no other incoming edges to these instructions, then instructions 1 through 4 will form a basic block with the (unconditional) branch instruction in its interior. The ability to look at larger units of code than single instructions is controlled by the usingSemantics property.
If this followingGhostEdges property is true then ghost edges will be added back into the CFG as real edges, which might force a basic block to end, as in this example, at the branch instruction and may attempt to disassemble additional code by folowing all edges.
Definition at line 438 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::discontiguousBlocks = true |
Whether to allow discontiguous basic blocks.
ROSE's definition of a basic block allows two consecutive instructions, A and B, to be arranged in memory such that B does not immediately follow A. Clearing this property prevents this and would force A and B to belong to separate basic blocks.
Definition at line 445 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| size_t Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::maxBasicBlockSize = 0 |
Maximum size for basic blocks.
This property is the maximum size for basic blocks measured in number of instructions. Any basic block that would contain more than this number of instructions is split into multiple basic blocks. Having smaller basic blocks makes some intra-block analysis faster, but they have less information. A value of zero indicates no limit.
Definition at line 452 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| std::vector<rose_addr_t> Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::ipRewrites |
CFG edge rewrite pairs.
This property is a list of old/new instruction pointer pairs that describe how to rewrite edges of the global control flow graph. Whenever an instruction has a successor whose address is an old address, it will be replaced with a successor edge that points to the new address. This list must have an even number of elements where element 2*i+0 is and old address and element 2*i+1 is the corresponding new address.
Definition at line 460 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingFunctionPadding = true |
Whether to find function padding.
If set, then the partitioner will look for certain padding bytes appearing before the lowest address of a function and add those bytes to the function as static data.
Definition at line 466 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingDeadCode = true |
Whether to find dead code.
If ghost edges are being discovered (see usingSemantics and followingGhostEdges) and are not being inserted into the global CFG, then the target address of the ghost edges might not be used as code addresses during the code discovery phase. This property, when true, will cause the target address of ghost edges to be used to discover additional instructions even if they have no incoming CFG edges.
Definition at line 474 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| rose_addr_t Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::peScramblerDispatcherVa = 0 |
PE-Scrambler dispatcher address.
If non-zero then the partitioner defeats PE-scrambled binary obfuscation by replacing control flow edges that go through this function with the de-scrambled control flow edge.
Definition at line 480 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| size_t Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingIntraFunctionCode = 10 |
Whether to find intra-function code.
If positive, the partitioner will look for parts of memory that were not disassembled and occur between other parts of the same function, and will attempt to disassemble that missing part and link it into the surrounding function. It will perform up to n passes across the entire address space.
Definition at line 487 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingIntraFunctionData = true |
Whether to find intra-function data.
If set, the partitioner will look for parts of memory that were not disassembled and occur between other parts of the same function, and will treat the missing part as static data belonging to that function.
Definition at line 493 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingInterFunctionCalls = true |
Whether to search for function calls between exiting functions.
If set, then Engine::makeFunctionFromInterFunctionCalls is invoked, which looks for call-like code between existing functions in order to create new functions at the call target addresses.
Definition at line 499 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingFunctionCallFunctions = true |
Whether to turn function call targets into functions.
If set, then sequences of instructions that behave like a function call (including plain old function call instructions) will cause a function to be created at the call's target address under most circumstances.
Definition at line 505 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingEntryFunctions = true |
Whether to make functions at program entry points.
If set, then all program entry points are assumed to be the start of a function.
Definition at line 510 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingErrorFunctions = true |
Whether to make error handling functions.
If set and information is available about error handling and exceptions, then that information is used to create entry points for functions.
Definition at line 516 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingImportFunctions = true |
Whether to make functions at import addresses.
If set and the file contains a table describing the addresses of imported functions, then each of those addresses is assumed to be the entry point of a function.
Definition at line 522 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingExportFunctions = true |
Whether to make functions at export addresses.
If set and the file contains a table describing the addresses of exported functions, then each of those addresses is assumed to be the entry point of a function.
Definition at line 528 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingSymbolFunctions = true |
Whether to make functions according to symbol tables.
If set and the file contains symbol tables, then symbols that define function addresses cause functions to be created at those addresses.
Definition at line 534 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| AddressInterval Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::interruptVector |
Property: Location of machine interrupt vector.
If non-empty, the partitioner will treat the specified area as a machine interrupt vector. The effect of the vector varies by architecture.
Definition at line 540 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::doingPostAnalysis = true |
Whether to perform any post-partitioning analysis steps.
If set, then each of the enabled post-partitioning analysis steps are executed. Some of these can be quite expensive, but they can be enabled and disabled individually. Those that are enabled are only run if this property also is set.
Definition at line 546 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::doingPostFunctionMayReturn = true |
Whether to run the function may-return analysis.
Determines whether the may-return analysis is run when doingPostAnalysis is true.
Definition at line 551 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::doingPostFunctionStackDelta = true |
Whether to run the function stack delta analysis.
Determines whether the stack delta analysis is run when doingPostAnalysis is true.
Definition at line 556 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::doingPostCallingConvention = false |
Whether to run calling-convention analysis.
Determines whether calling convention analysis is run on each function when doingPostAnalysis is true.
Definition at line 561 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::doingPostFunctionNoop = false |
Whether to run no-op function analysis.
Determines whether function no-op analysis is run on each function when doingPostAnalysis is true. This analysis determines whether a function is effectively a no-op and gives it a name indicative of a no-op if it is one.
Definition at line 567 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| FunctionReturnAnalysis Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::functionReturnAnalysis = MAYRETURN_DEFAULT_YES |
How to run the function may-return analysis.
The caller can decide if and how may-return analysis runs and whether an indeterminate result should be considered true or false.
Definition at line 573 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| size_t Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::functionReturnAnalysisMaxSorts = 50 |
Maximum number of function may-return sorting operations.
If function may-return analysis is being run, the functions are normally sorted according to their call depth (after arbitrarily breaking cycles) and the analysis is run from the leaf functions to the higher functions in order to minimize forward dependencies. However, the functions need to be resorted each time a new function is discovered and/or when the global CFG is sufficiently modified. Therefore, the total cost of the sorting can be substantial for large specimens. This property limits the total number of sorting operations and reverts to unsorted analysis once the limit is reached. This allows smaller specimens to be handled as accurately as possible, but still allows large specimens to be processed in a reasonable amount of time. The limit is based on the number of sorting operations rather than the specimen size.
Definition at line 585 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingDataFunctionPointers = false |
Whether to search static data for function pointers.
If this property is set, then the partitioner will scan static data to look for things that might be pointers to functions.
Definition at line 591 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingCodeFunctionPointers = false |
Whether to search existing instructions for function pointers.
If this property is set, then the partitioner scans existing instructions to look for constants that seem to be pointers to functions that haven't been discovered yet.
Definition at line 597 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::findingThunks = true |
Whether to match thunk patterns.
If set, then the partitioner expands the list of function prologue patterns to include common thunk patterns when searching for funcitons in undiscovered areas of memory. This setting does not control whether thunk instructions are split into their own functions (see splittingThunks).
Definition at line 604 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::splittingThunks = false |
Whether to split thunk instructions into mini functions.
If set, then functions whose entry instructions match a thunk pattern are split so that those thunk instructions are in their own function.
Definition at line 610 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| SemanticMemoryParadigm Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::semanticMemoryParadigm = LIST_BASED_MEMORY |
Type of container for semantic memory.
Determines whether Partitioner objects created by this engine will be configured to use list-based or map-based semantic memory states. The list-based states are more precise, but they're also slower.
Definition at line 616 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| AddressInterval Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::namingConstants = AddressInterval::hull(4096, AddressInterval::whole().greatest()) |
Whether to give names to constants.
Within instruciton operands, any constants that fall within this set of addresses and which have a label associated with them (such as names of symbols) are given a comment consisting of that label. Setting this to empty disables assigning such labels to integer values.
See also, Modules::nameConstants.
Definition at line 625 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| AddressInterval Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::namingStrings = AddressInterval::hull(4096, AddressInterval::whole().greatest()) |
Addresses where strings might start.
Within instruction operands, any constants that fall within this set of addresses are checked to see if they point into an ASCII C-style NUL-terminated string. If so, and if the constant doesn't already have a comment, then a comment is attached describing the string. Setting this to empty disables assigning string literal comments to integer values.
Definition at line 632 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::namingSyscalls = true |
Whether to give names to system calls.
If this property is set, then the partitioner makes a pass after the control flow graph is finalized and tries to give names to system calls using the Rose::BinaryAnalysis::SystemCall analysis.
Definition at line 638 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| boost::filesystem::path Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::syscallHeader |
Header file in which system calls are defined.
If this property is not empty, then the specified Linux header file is parsed to obtain the mapping between system call numbers and their names. Otherwise, any analysis that needs system call names obtains them by looking in predetermined system header files.
Definition at line 646 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
| bool Rose::BinaryAnalysis::Partitioner2::PartitionerSettings::demangleNames = true |
Whether to demangle names.
If this property is set, then names are passed through a demangle step, which generally converts them from a low-level format to a source language format.
Definition at line 652 of file BinaryAnalysis/Partitioner2/BasicTypes.h.
The documentation for this struct was generated from the following file:
