Package ghidra.program.util

Class VarnodeContext

java.lang.Object
ghidra.program.util.VarnodeContext
All Implemented Interfaces:
ProcessorContext, ProcessorContextView
public class VarnodeContext extends Object implements ProcessorContext

  • Field Details

  • Constructor Details

  • Method Details

    • setDebug

      public void setDebug(boolean debugOn)

    • getDebug

      public boolean getDebug()

    • setCurrentInstruction

      public void setCurrentInstruction(Instruction instr)

    • getCurrentInstruction

      public Instruction getCurrentInstruction(Address addr)

    • getBaseContextRegister

      public Register getBaseContextRegister()
      Specified by:
      getBaseContextRegister in interface ProcessorContextView
      Returns:
      the base processor context register or null if one has not been defined

    • getKnownFlowToAddresses

      public Address[] getKnownFlowToAddresses(Address toAddr)

    • flowToAddress

      public void flowToAddress(Address fromAddr, Address toAddr)
      Records flow from/to basic blocks, or non-fallthru flow

    • flowStart

      public void flowStart(Address toAddr)
      Start flow at an address, recording any initial state for the current instruction

    • flowEnd

      public void flowEnd(Address address)
      End flow and save any necessary end flow state for the current instruction at address

    • getReturnVarnode

      public Varnode[] getReturnVarnode(Function targetFunc)
      Parameters:
      targetFunc - function to get a returning varnode for NOTE: this only gets one, unless there is custom storage on the called function there may be bonded ones in the default convention!
      Returns:
      varnode that represents where functions place their return value

    • getKilledVarnodes

      public Varnode[] getKilledVarnodes(Function targetFunc)
      Parameters:
      targetFunc - function to get killed varnodes for NOTE: this removes the return varnodes so they aren't duplicated
      Returns:
      varnode that represents where functions place their return value

    • getStackVarnode

      public Varnode getStackVarnode()
      Returns:
      Varnode that represents the stack register

    • getStackRegister

      public Register getStackRegister()
      Returns:
      Register that represents the stack register

    • getValue

      public Varnode getValue(Varnode varnode, ContextEvaluator evaluator)

    • getValue

      public Varnode getValue(Varnode varnode, boolean signed, ContextEvaluator evaluator)

    • getMemoryValue

      protected Varnode getMemoryValue(Varnode varnode, boolean signed)
      Search the value state stack for the first occurrence of the set value
      Parameters:
      varnode - varnode to search for a value
      signed - true if retrieving a signed value
      Returns:
      first value found on stack, null otherwise

    • getMemoryValue

      protected Varnode getMemoryValue(List<HashMap<Address,Varnode>> valStore, int backupDepth, Varnode varnode, boolean signed)

    • getMemoryValue

      protected Varnode getMemoryValue(HashMap<Address,Varnode> valStore, Varnode varnode, boolean signed)

    • putMemoryValue

      protected void putMemoryValue(Varnode out, Varnode value)
      Put the value for the varnode on the top of the memory state stack
      Parameters:
      out - varnode for the value
      value - value to store for the varnode

    • putMemoryValue

      protected void putMemoryValue(Stack<HashMap<Address,Varnode>> valStore, Varnode out, Varnode value)

    • isReadOnly

      protected boolean isReadOnly(Address addr)
      Check if the symbol at the address is read_only.
      Parameters:
      addr - - address of the symbol
      Returns:
      true if the block is read_only, and there are no write references.

    • createVarnode

      public Varnode createVarnode(long value, int spaceID, int size)

    • createConstantVarnode

      public Varnode createConstantVarnode(long value, int size)

    • splitToBytes

      public Varnode[] splitToBytes(Varnode v, int len)

    • createBadVarnode

      public Varnode createBadVarnode()

    • createVarnode

      public Varnode createVarnode(BigInteger bigVal, BigInteger spaceVal, int size)

    • putValue

      public void putValue(Varnode out, Varnode result, boolean mustClear)

    • readExecutableCode

      public boolean readExecutableCode()

    • setReadExecutableCode

      public void setReadExecutableCode()

    • clearReadExecutableCode

      public void clearReadExecutableCode()

    • propogateResults

      public void propogateResults(boolean clearContext)
      Propogate any results that are in the value cache.
      Parameters:
      clearContext - true if the cache should be cleared. The propogation could be for flow purposes, and the processing of the instruction is finished, so it's effects should be kept.

    • propogateValue

      public void propogateValue(Register reg, Varnode node, Varnode val, Address address)

    • getLastSetLocation

      public Address getLastSetLocation(Register reg, BigInteger bval)
      return the location that this register was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      reg - register to find last set location
      bval - value to look for to differentiate set locations, null if don't care
      Returns:
      address that the register was set.

    • getLastSetLocation

      public Address getLastSetLocation(Varnode rvar, BigInteger bval)
      return the location that this varnode was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      rvar - the register varnode
      bval - this parameter is unused.
      Returns:
      address that the register was set.

    • getVarnode

      public Varnode getVarnode(int spaceID, long offset, int size)

    • getConstant

      public Long getConstant(Varnode vnode, ContextEvaluator evaluator)

    • getVarnode

      public Varnode getVarnode(Varnode space, Varnode offset, int size, ContextEvaluator evaluator)

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register reg, Address fromAddr, Address toAddr, boolean signed)
      Get the value (value, space, size) of a register at the start of the last execution flow taken for the instruction at toAddr.
      Parameters:
      reg - register to retrieve the start value
      fromAddr - flow from address (not used currently, future use to retrieve multiple flows)
      toAddr - address of instruction to retrieve the register flow state
      signed - true if value is signed, will sext the top bit based on value size
      Returns:
      instruction start state value for register, or null if no known state

    • getEndRegisterVarnodeValue

      public Varnode getEndRegisterVarnodeValue(Register reg, Address fromAddr, Address toAddr, boolean signed)
      Get the value (value, space, size) of a register at the end of the last execution flow taken for the instruction at toAddr. Note: This can only be called if trackStartEndState flag is true.
      Parameters:
      reg - register to retrieve the end value
      fromAddr - flow from address (not used currently, future use to retrieve multiple flows)
      toAddr - address of instruction to retrieve the register flow state
      signed - is the value signed or unsigned, will sext the top bit based on value size
      Returns:
      instruction end state value for register, or null if no known state
      Throws:
      javax.help.UnsupportedOperationException - trackStartEndState == false at construction

    • print

      protected String print(Varnode rvnode)

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address toAddr)
      Get the current value of the register at the address. Note: If trackStartEndState flag is false, then this will return the current value.
      Parameters:
      reg - value of register to get
      toAddr - value of register at a location
      Returns:
      value of register or null

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address fromAddr, Address toAddr)
      Get the value of a register that was set coming from an address to an another address. Note: If trackStartEndState flag is false, then this will return the current value.
      Parameters:
      reg - value of register to get
      fromAddr - location the value came from
      toAddr - location to get the value of the register coming from fromAddr
      Returns:
      value of register or null

    • getRegisterValueAddressRanges

      public AddressRangeIterator getRegisterValueAddressRanges(Register reg)

    • hasValueOverRange

      public boolean hasValueOverRange(Register reg, BigInteger bval, AddressSet set)

    • copy

      public void copy(Varnode out, Varnode in, boolean mustClearAll, ContextEvaluator evaluator)
      Copy the varnode with as little manipulation as possible. Try to keep whatever partial state there is intact if a real value isn't required.
      Parameters:
      out - varnode to put it in
      in - varnode to copy from.
      mustClearAll - true if must clear if value is not unique
      evaluator - user provided evaluator if needed

    • add

      public Varnode add(Varnode val1, Varnode val2, ContextEvaluator evaluator)
      Add two varnodes together to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space, or null

    • and

      public Varnode and(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • or

      public Varnode or(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • left

      public Varnode left(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • getAddressSpace

      public int getAddressSpace(String name, int bitSize)

    • subtract

      public Varnode subtract(Varnode val1, Varnode val2, ContextEvaluator evaluator)
      Subtract two varnodes to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space

    • extendValue

      public Varnode extendValue(Varnode out, Varnode[] in, boolean signExtend, ContextEvaluator evaluator)
      Extend a constant value if it can be extended.
      Parameters:
      out - varnode to extend into (for size)
      in - varnode value to extend the size
      Returns:
      new sign extended varnode

    • clearRegister

      public void clearRegister(Register reg)
      Description copied from interface: ProcessorContext
      Clears the register within this context.
      Specified by:
      clearRegister in interface ProcessorContext
      Parameters:
      reg - register to be cleared.

    • getRegister

      public Register getRegister(String name)
      Description copied from interface: ProcessorContextView
      Get a Register given the name of a register
      Specified by:
      getRegister in interface ProcessorContextView
      Parameters:
      name - the name of the register.
      Returns:
      The register with the given name.

    • getRegisterValue

      public RegisterValue getRegisterValue(Register register)
      Description copied from interface: ProcessorContextView
      Get the RegisterValue for the given register.
      Specified by:
      getRegisterValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      RegisterValue object containing the value of the register if a value exists, otherwise null.

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register register)

    • getRegisterVarnode

      public Varnode getRegisterVarnode(Register register)

    • getRegister

      public Register getRegister(Varnode vnode)
      Return a register given a varnode

    • getRegisters

      public List<Register> getRegisters()
      Description copied from interface: ProcessorContextView
      Returns all the Registers for the processor as an unmodifiable list
      Specified by:
      getRegisters in interface ProcessorContextView
      Returns:
      all the Registers for the processor

    • getValue

      public BigInteger getValue(Register register, boolean signed)
      Description copied from interface: ProcessorContextView
      Get the contents of a processor register as a BigInteger object
      Specified by:
      getValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      a BigInteger object containing the value of the register if a value exists, otherwise null.

    • hasValue

      public boolean hasValue(Register register)
      Description copied from interface: ProcessorContextView
      Returns true if a value is defined for the given register.
      Specified by:
      hasValue in interface ProcessorContextView
      Parameters:
      register - the register to check for a value.
      Returns:
      true if the given register has a value.

    • setRegisterValue

      public void setRegisterValue(RegisterValue value)
      Description copied from interface: ProcessorContext
      Sets the specified register value within this context.
      Specified by:
      setRegisterValue in interface ProcessorContext
      Parameters:
      value - register value

    • setValue

      public void setValue(Register register, BigInteger value)
      Description copied from interface: ProcessorContext
      Sets the value for a Register.
      Specified by:
      setValue in interface ProcessorContext
      Parameters:
      register - the register to have its value set
      value - the value for the register (null is not permitted).

    • isSymbol

      public boolean isSymbol(Varnode varnode)
      Check if the varnode is associated with a Symbolic location
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is a symbolic location

    • isRegister

      public boolean isRegister(Varnode varnode)
      Check if the varnode is associated with a register.
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is associated with a register

    • isConstant

      public boolean isConstant(Varnode varnode)
      Check if this is a constant, or a suspect constant
      Parameters:
      varnode - to check
      Returns:
      true if should be treated as a constant for most purposes

    • isBadAddress

      public boolean isBadAddress(Varnode v)
      Check if this is a bad address, or offset from a bad address
      Parameters:
      v - to check
      Returns:
      true if should be treated as a constant for most purposes

    • isSuspectConstant

      public boolean isSuspectConstant(Varnode varnode)
      Check if the constant is a suspect constant It shouldn't be trusted in certain cases. Suspect constants act like constants, but are in a Suspicious address space instead of the constant space.
      Parameters:
      varnode - varnode to check
      Returns:
      true if varnode is a suspect constant

    • isStackSymbolicSpace

      public boolean isStackSymbolicSpace(Varnode varnode)
      Check if varnode is in the stack space
      Parameters:
      varnode - varnode to check
      Returns:
      true if this varnode is stored in the symbolic stack space

    • isStackSpaceName

      public boolean isStackSpaceName(String spaceName)
      Check if spaceName is associated with the stack
      Parameters:
      spaceName - of address space to check
      Returns:
      true if spaceName is associated with the stack space

    • isSymbolicSpace

      public boolean isSymbolicSpace(AddressSpace space)
      Check if the space name is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      space - the address space
      Returns:
      true if is a symbolic space

    • isSymbolicSpace

      public boolean isSymbolicSpace(int spaceID)
      Check if the space ID is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • isExternalSpace

      public boolean isExternalSpace(int spaceID)
      Check if the space ID is an external space. External spaces are single locations that have no size normally associated with a location in another program.
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • pushMemState

      public void pushMemState()
      Save the current memory state

    • popMemState

      public void popMemState()
      restore a previously saved memory state