Package ghidra.program.util

Class VarnodeContext

java.lang.Object
ghidra.program.util.VarnodeContext
All Implemented Interfaces:
ProcessorContext, ProcessorContextView
public class VarnodeContext extends Object implements ProcessorContext

  • Field Details

  • Constructor Details

  • Method Details

    • setDebug

      public void setDebug(boolean debugOn)

    • getDebug

      public boolean getDebug()

    • setCurrentInstruction

      public void setCurrentInstruction(Instruction instr)

    • getCurrentInstruction

      public Instruction getCurrentInstruction(Address addr)

    • getBaseContextRegister

      public Register getBaseContextRegister()
      Specified by:
      getBaseContextRegister in interface ProcessorContextView
      Returns:
      the base processor context register or null if one has not been defined

    • getKnownFlowToAddresses

      public Address[] getKnownFlowToAddresses(Address toAddr)

    • flowToAddress

      public void flowToAddress(Address fromAddr, Address toAddr)
      Records flow from/to basic blocks, or non-fallthru flow

    • flowStart

      public void flowStart(Address toAddr)
      Start flow at an address, recording any initial state for the current instruction

    • flowEnd

      public void flowEnd(Address address)
      End flow and save any necessary end flow state for the current instruction at address

    • getReturnVarnode

      public Varnode[] getReturnVarnode(Function targetFunc)
      Parameters:
      targetFunc - function to get a returning varnode for NOTE: this only gets one, unless there is custom storage on the called function there may be bonded ones in the default convention!
      Returns:
      varnode that represents where functions place their return value

    • getKilledVarnodes

      public Varnode[] getKilledVarnodes(Function targetFunc)
      Parameters:
      targetFunc - function to get killed varnodes for NOTE: this removes the return varnodes so they aren't duplicated
      Returns:
      varnode that represents where functions place their return value

    • getStackVarnode

      public Varnode getStackVarnode()
      Returns:
      Varnode that represents the stack register

    • getStackRegister

      public Register getStackRegister()
      Returns:
      Register that represents the stack register

    • getValue

      public Varnode getValue(Varnode varnode, ContextEvaluator evaluator)

    • getValue

      public Varnode getValue(Varnode varnode, boolean signed, ContextEvaluator evaluator)

    • getMemoryValue

      protected Varnode getMemoryValue(Varnode varnode, boolean signed)
      Search the value state stack for the first occurrence of the set value
      Parameters:
      varnode - varnode to search for a value
      signed - true if retrieving a signed value
      Returns:
      first value found on stack, null otherwise

    • getMemoryValue

      protected Varnode getMemoryValue(List<HashMap<Address,Varnode>> valStore, int backupDepth, Varnode varnode, boolean signed)

    • getMemoryValue

      protected Varnode getMemoryValue(HashMap<Address,Varnode> valStore, Varnode varnode, boolean signed)

    • putMemoryValue

      protected void putMemoryValue(Varnode out, Varnode value)
      Put the value for the varnode on the top of the memory state stack
      Parameters:
      out - varnode for the value
      value - value to store for the varnode

    • putMemoryValue

      protected void putMemoryValue(Stack<HashMap<Address,Varnode>> valStore, Varnode out, Varnode value)

    • isReadOnly

      protected boolean isReadOnly(Address addr)
      Check if the symbol at the address is read_only.
      Parameters:
      addr - - address of the symbol
      Returns:
      true if the block is read_only, and there are no write references.

    • createVarnode

      public Varnode createVarnode(long value, int spaceID, int size)

    • createConstantVarnode

      public Varnode createConstantVarnode(long value, int size)

    • splitToBytes

      public Varnode[] splitToBytes(Varnode v, int len)

    • createBadVarnode

      public Varnode createBadVarnode()

    • createVarnode

      public Varnode createVarnode(BigInteger bigVal, BigInteger spaceVal, int size)

    • putValue

      public void putValue(Varnode out, Varnode result, boolean mustClear)

    • readExecutableCode

      public boolean readExecutableCode()

    • setReadExecutableCode

      public void setReadExecutableCode()

    • clearReadExecutableCode

      public void clearReadExecutableCode()

    • propogateResults

      public void propogateResults(boolean clearContext)
      Propogate any results that are in the value cache.
      Parameters:
      clearContext - true if the cache should be cleared. The propogation could be for flow purposes, and the processing of the instruction is finished, so it's effects should be kept.

    • propogateValue

      public void propogateValue(Register reg, Varnode node, Varnode val, Address address)

    • getLastSetLocation

      public Address getLastSetLocation(Register reg, BigInteger bval)
      return the location that this register was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      reg - register to find last set location
      bval - value to look for to differentiate set locations, null if don't care
      Returns:
      address that the register was set.

    • getLastSetLocation

      public Address getLastSetLocation(Varnode rvar, BigInteger bval)
      return the location that this varnode was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      rvar - the register varnode
      bval - this parameter is unused.
      Returns:
      address that the register was set.

    • getVarnode

      public Varnode getVarnode(int spaceID, long offset, int size)

    • getConstant

      public Long getConstant(Varnode vnode, ContextEvaluator evaluator)

    • getVarnode

      public Varnode getVarnode(Varnode space, Varnode offset, int size, ContextEvaluator evaluator)

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register reg, Address fromAddr, Address toAddr, boolean signed)
      Get the value (value, space, size) of a register at the start of the last execution flow taken for the instruction at toAddr.
      Parameters:
      reg - register to retrieve the start value
      fromAddr - flow from address (not used currently, future use to retrieve multiple flows)
      toAddr - address of instruction to retrieve the register flow state
      signed - true if value is signed, will sext the top bit based on value size
      Returns:
      instruction start state value for register, or null if no known state

    • getEndRegisterVarnodeValue

      public Varnode getEndRegisterVarnodeValue(Register reg, Address fromAddr, Address toAddr, boolean signed)
      Get the value (value, space, size) of a register at the end of the last execution flow taken for the instruction at toAddr. Note: This can only be called if recordStartEndState flag is true.
      Parameters:
      reg - register to retrieve the end value
      fromAddr - flow from address (not used currently, future use to retrieve multiple flows)
      toAddr - address of instruction to retrieve the register flow state
      signed - is the value signed or unsigned, will sext the top bit based on value size
      Returns:
      instruction end state value for register, or null if no known state
      Throws:
      javax.help.UnsupportedOperationException - recordStartEndState == false at construction

    • print

      protected String print(Varnode rvnode)

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address toAddr)
      Get the current value of the register at the address. Note: If recordStartEndState flag is false, then this will return the current value.
      Parameters:
      reg - value of register to get
      toAddr - value of register at a location
      Returns:
      value of register or null

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address fromAddr, Address toAddr)
      Get the value of a register that was set coming from an address to an another address. Note: If recordStartEndState flag is false, then this will return the current value.
      Parameters:
      reg - value of register to get
      fromAddr - location the value came from
      toAddr - location to get the value of the register coming from fromAddr
      Returns:
      value of register or null

    • getRegisterValueAddressRanges

      public AddressRangeIterator getRegisterValueAddressRanges(Register reg)

    • hasValueOverRange

      public boolean hasValueOverRange(Register reg, BigInteger bval, AddressSet set)

    • copy

      public void copy(Varnode out, Varnode in, boolean mustClearAll, ContextEvaluator evaluator)
      Copy the varnode with as little manipulation as possible. Try to keep whatever partial state there is intact if a real value isn't required.
      Parameters:
      out - varnode to put it in
      in - varnode to copy from.
      mustClearAll - true if must clear if value is not unique
      evaluator - user provided evaluator if needed

    • add

      public Varnode add(Varnode val1, Varnode val2, ContextEvaluator evaluator)
      Add two varnodes together to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space, or null

    • and

      public Varnode and(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • or

      public Varnode or(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • left

      public Varnode left(Varnode val1, Varnode val2, ContextEvaluator evaluator)

    • getAddressSpace

      public int getAddressSpace(String name, int bitSize)

    • subtract

      public Varnode subtract(Varnode val1, Varnode val2, ContextEvaluator evaluator)
      Subtract two varnodes to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space

    • extendValue

      public Varnode extendValue(Varnode out, Varnode[] in, boolean signExtend, ContextEvaluator evaluator)
      Extend a constant value if it can be extended.
      Parameters:
      out - varnode to extend into (for size)
      in - varnode value to extend the size
      Returns:
      new sign extended varnode

    • clearRegister

      public void clearRegister(Register reg)
      Description copied from interface: ProcessorContext
      Clears the register within this context.
      Specified by:
      clearRegister in interface ProcessorContext
      Parameters:
      reg - register to be cleared.

    • getRegister

      public Register getRegister(String name)
      Description copied from interface: ProcessorContextView
      Get a Register given the name of a register
      Specified by:
      getRegister in interface ProcessorContextView
      Parameters:
      name - the name of the register.
      Returns:
      The register with the given name.

    • getRegisterValue

      public RegisterValue getRegisterValue(Register register)
      Description copied from interface: ProcessorContextView
      Get the RegisterValue for the given register.
      Specified by:
      getRegisterValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      RegisterValue object containing the value of the register if a value exists, otherwise null.

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register register)

    • getRegisterVarnode

      public Varnode getRegisterVarnode(Register register)

    • getRegister

      public Register getRegister(Varnode vnode)
      Return a register given a varnode

    • getRegisters

      public List<Register> getRegisters()
      Description copied from interface: ProcessorContextView
      Returns all the Registers for the processor as an unmodifiable list
      Specified by:
      getRegisters in interface ProcessorContextView
      Returns:
      all the Registers for the processor

    • getValue

      public BigInteger getValue(Register register, boolean signed)
      Description copied from interface: ProcessorContextView
      Get the contents of a processor register as a BigInteger object
      Specified by:
      getValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      a BigInteger object containing the value of the register if a value exists, otherwise null.

    • hasValue

      public boolean hasValue(Register register)
      Description copied from interface: ProcessorContextView
      Returns true if a value is defined for the given register.
      Specified by:
      hasValue in interface ProcessorContextView
      Parameters:
      register - the register to check for a value.
      Returns:
      true if the given register has a value.

    • setRegisterValue

      public void setRegisterValue(RegisterValue value)
      Description copied from interface: ProcessorContext
      Sets the specified register value within this context.
      Specified by:
      setRegisterValue in interface ProcessorContext
      Parameters:
      value - register value

    • setValue

      public void setValue(Register register, BigInteger value)
      Description copied from interface: ProcessorContext
      Sets the value for a Register.
      Specified by:
      setValue in interface ProcessorContext
      Parameters:
      register - the register to have its value set
      value - the value for the register (null is not permitted).

    • isSymbol

      public boolean isSymbol(Varnode varnode)
      Check if the varnode is associated with a Symbolic location
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is a symbolic location

    • isRegister

      public boolean isRegister(Varnode varnode)
      Check if the varnode is associated with a register.
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is associated with a register

    • isConstant

      public boolean isConstant(Varnode varnode)
      Check if this is a constant, or a suspect constant
      Parameters:
      varnode - to check
      Returns:
      true if should be treated as a constant for most purposes

    • isBadAddress

      public boolean isBadAddress(Varnode v)
      Check if this is a bad address, or offset from a bad address
      Parameters:
      v - to check
      Returns:
      true if should be treated as a constant for most purposes

    • isSuspectConstant

      public boolean isSuspectConstant(Varnode varnode)
      Check if the constant is a suspect constant It shouldn't be trusted in certain cases. Suspect constants act like constants, but are in a Suspicious address space instead of the constant space.
      Parameters:
      varnode - varnode to check
      Returns:
      true if varnode is a suspect constant

    • isStackSymbolicSpace

      public boolean isStackSymbolicSpace(Varnode varnode)
      Check if varnode is in the stack space
      Parameters:
      varnode - varnode to check
      Returns:
      true if this varnode is stored in the symbolic stack space

    • isStackSpaceName

      public boolean isStackSpaceName(String spaceName)
      Check if spaceName is associated with the stack
      Parameters:
      spaceName - of address space to check
      Returns:
      true if spaceName is associated with the stack space

    • isSymbolicSpace

      public boolean isSymbolicSpace(AddressSpace space)
      Check if the space name is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      space - the address space
      Returns:
      true if is a symbolic space

    • isSymbolicSpace

      public boolean isSymbolicSpace(int spaceID)
      Check if the space ID is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • isExternalSpace

      public boolean isExternalSpace(int spaceID)
      Check if the space ID is an external space. External spaces are single locations that have no size normally associated with a location in another program.
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • pushMemState NEW

      public void pushMemState(boolean saveTempUniques)
      Save the current memory state
      Parameters:
      saveTempUniques - - if internal branching, must save the tempUniques as well Note: currently unique values do not survive in the sleigh parser for crossbuild lookback if any branch is taken. In the future crossbuilds may be path based. This will need to be re-worked and the unique value state treated as other path tracing and stored in uniqueVals.

    • popMemState

      public void popMemState()
      restore a previously saved memory state