Example 1 with Address
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class CallResolver method resolveFunction.
private ResolvedFunction resolveFunction(final Address address) {
for (final Module module : target.getModules()) {
if (!resolvedFunctions.containsKey(module)) {
resolveFunctions(module);
if (!resolvedFunctions.containsKey(module)) {
continue;
}
}
final Map<Address, Function> functionMap = resolvedFunctions.get(module);
final Function function = functionMap.get(address);
if (function != null) {
return new ResolvedFunction(function);
}
}
for (final MemoryModule memoryModule : target.getDebugger().getProcess().getModules()) {
if ((address.toLong() >= memoryModule.getBaseAddress().toLong()) && (address.toLong() < (memoryModule.getBaseAddress().toLong() + memoryModule.getSize()))) {
return new ResolvedFunction(memoryModule, address);
}
}
return new ResolvedFunction(address);
}
Also used :
Function(com.google.security.zynamics.binnavi.API.disassembly.Function)
Address(com.google.security.zynamics.binnavi.API.disassembly.Address)
MemoryModule(com.google.security.zynamics.binnavi.API.debug.MemoryModule)
Module(com.google.security.zynamics.binnavi.API.disassembly.Module)
MemoryModule(com.google.security.zynamics.binnavi.API.debug.MemoryModule)
Example 2 with Address
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class CallResolver method removeBreakpoint.
/**
* Removes a breakpoint from an indirect call.
*
* @param indirectCall The indirect call from which the breakpoint is removed.
*/
private void removeBreakpoint(final IndirectCall indirectCall) {
final Module module = indirectCall.getModule();
final Address address = indirectCall.getAddress();
final BreakpointManager breakpointManager = debugger.getBreakpointManager();
if (breakpointManager.hasBreakpoint(module, address)) {
debugger.getBreakpointManager().removeBreakpoint(indirectCall.getModule(), indirectCall.getAddress());
}
}
Also used :
Address(com.google.security.zynamics.binnavi.API.disassembly.Address)
MemoryModule(com.google.security.zynamics.binnavi.API.debug.MemoryModule)
Module(com.google.security.zynamics.binnavi.API.disassembly.Module)
BreakpointManager(com.google.security.zynamics.binnavi.API.debug.BreakpointManager)
Example 3 with Address
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class CallResolver method processCompleteSingleStep.
/**
* After a single step was completed successfully, we know the target of the function call and can
* update our internal structures.
*
* @param threadId The thread ID of the thread that completed the single step.
* @param resolvedAddress The address of the called function.
*/
private void processCompleteSingleStep(final long threadId, final BigInteger resolvedAddress) {
final BigInteger lastIndirectCallAddress = lastHits.get(threadId);
if (lastIndirectCallAddress == null) {
// occurs because of a race condition in multi-threaded programs.
return;
}
synchronized (resolvedAddresses) {
if (!resolvedAddresses.containsKey(lastIndirectCallAddress)) {
resolvedAddresses.put(lastIndirectCallAddress, new HashSet<ResolvedFunction>());
}
final ResolvedFunction resolvedFunction = resolveFunction(new Address(resolvedAddress));
if (resolvedAddresses.get(lastIndirectCallAddress).add(resolvedFunction)) {
hitCounter.put(lastIndirectCallAddress, 0);
}
if (hitCounter.get(lastIndirectCallAddress) >= HIT_THRESHOLD) {
final IndirectCall indirectCall = IndirectCallResolver.findIndirectCall(debugger, indirectCallAddresses, lastIndirectCallAddress);
if (indirectCall != null) {
removeBreakpoint(indirectCall);
removedBreakpoints.add(indirectCall);
resolvedCall(lastIndirectCallAddress, resolvedFunction);
}
}
}
}
Also used :
Address(com.google.security.zynamics.binnavi.API.disassembly.Address)
BigInteger(java.math.BigInteger)
Example 4 with Address
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class IndirectCallResolver method findIndirectCall.
/**
* Searches for an indirect call given the relocated call address.
*
* @param debugger The debugger that provides the relocation information.
* @param indirectCallAddresses The list of indirect call addresses to search through.
* @param callAddress The relocated call address to find.
*
* @return The found indirect call object.
*/
public static IndirectCall findIndirectCall(final Debugger debugger, final List<IndirectCall> indirectCallAddresses, final BigInteger callAddress) {
for (final IndirectCall indirectCall : indirectCallAddresses) {
final Module module = indirectCall.getModule();
final Address address = indirectCall.getAddress();
final Address rebasedAddress = debugger.toImagebase(module, address);
if (rebasedAddress.equals(new Address(callAddress))) {
return indirectCall;
}
}
return null;
}Example 5 with Address
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class IndirectCallFinder method getDirectFunctionCalls.
/**
* Returns the direct function call addresses for a given module.
*
* @param module The module whose direct function call addresses are returned.
*
* @return The direct function call addresses of the module.
*/
private static Set<Address> getDirectFunctionCalls(final Module module) {
final Set<Address> set = new HashSet<Address>();
final String query = "SELECT it.address" + " FROM " + TableNames.INSTRUCTIONS_TABLE + " AS it" + " JOIN " + TableNames.ADDRESS_REFERENCES_TABLE + " AS art ON it.address = art.address " + " AND it.module_id = art.module_id" + " WHERE type = 'call_direct' AND art.module_id = " + module.getId();
try {
final ResultSet resultSet = module.getDatabase().executeQuery(query);
try {
while (resultSet.next()) {
set.add(new Address(resultSet.getLong("address")));
}
} finally {
resultSet.close();
}
} catch (final SQLException exception) {
exception.printStackTrace();
}
return set;
}
Also used :
Address(com.google.security.zynamics.binnavi.API.disassembly.Address)
SQLException(java.sql.SQLException)
ResultSet(java.sql.ResultSet)
HashSet(java.util.HashSet)
Aggregations
Address (com.google.security.zynamics.binnavi.API.disassembly.Address)44
Test (org.junit.Test)32
CAddress (com.google.security.zynamics.zylib.disassembly.CAddress)30
UnrelocatedAddress (com.google.security.zynamics.binnavi.disassembly.UnrelocatedAddress)19
BreakpointAddress (com.google.security.zynamics.binnavi.debug.models.breakpoints.BreakpointAddress)17
Module (com.google.security.zynamics.binnavi.API.disassembly.Module)7
Trace (com.google.security.zynamics.binnavi.API.disassembly.Trace)5
RelocatedAddress (com.google.security.zynamics.binnavi.disassembly.RelocatedAddress)5
Function (com.google.security.zynamics.binnavi.API.disassembly.Function)4
TracePoint (com.google.security.zynamics.binnavi.API.disassembly.TracePoint)4
ArrayList (java.util.ArrayList)4
MemoryModule (com.google.security.zynamics.binnavi.API.debug.MemoryModule)3
ReilInstruction (com.google.security.zynamics.binnavi.API.reil.ReilInstruction)2
InstructionGraph (com.google.security.zynamics.binnavi.API.reil.mono.InstructionGraph)2
InstructionGraphEdge (com.google.security.zynamics.binnavi.API.reil.mono.InstructionGraphEdge)2
InstructionGraphNode (com.google.security.zynamics.binnavi.API.reil.mono.InstructionGraphNode)2
EchoBreakpointHitReply (com.google.security.zynamics.binnavi.debug.connection.packets.replies.EchoBreakpointHitReply)2
RegisterValue (com.google.security.zynamics.binnavi.debug.models.targetinformation.RegisterValue)2
RegisterValues (com.google.security.zynamics.binnavi.debug.models.targetinformation.RegisterValues)2
ThreadRegisters (com.google.security.zynamics.binnavi.debug.models.targetinformation.ThreadRegisters)2
