use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class IndirectCallFinder method find.
/**
* Returns information about all indirect call instructions of a module.
*
* @param module The module whose indirect call instructions are found.
*
* @return A list of indirect call information.
*/
public static List<IndirectCall> find(final Module module) {
final Set<Address> importedFunctionCalls = getDirectFunctionCalls(module);
final Map<Address, Function> functionMap = new HashMap<Address, Function>();
for (final Function function : module.getFunctions()) {
functionMap.put(function.getAddress(), function);
}
// TODO (timkornau): make sure to only include the call sides which we are willing to
// take a look at depending on the architecture of the module.
final String callMnemonics = // x86
"'call', " + // MIPS
"'bal', 'bgezal', 'bgezall', 'bltzal', 'bltzall', 'jal', 'jalr', " + // ARM
"'bl', 'blx', " + // PowerPC
"'bcctrl', 'bcctr'";
final String registerOrdinal = String.valueOf(ExpressionType.Register.ordinal() + 1);
final String dereferenceOrdinal = String.valueOf(ExpressionType.MemDeref.ordinal() + 1);
final String query = "SELECT ft.address AS faddress, it.address AS iaddress " + " FROM " + TableNames.FUNCTIONS_TABLE + " AS ft " + " JOIN " + TableNames.FUNCTION_VIEWS_TABLE + " AS fvt ON ft.address = fvt.function " + " AND ft.module_id = fvt.module_id" + " JOIN " + TableNames.NODES_TABLE + " AS nt ON fvt.view_id = nt.view_id " + " JOIN " + TableNames.CODENODE_INSTRUCTIONS_TABLE + " AS cit ON nt.id = cit.node_id " + " AND cit.module_id = ft.module_id " + " JOIN " + TableNames.INSTRUCTIONS_TABLE + " AS it ON it.address = cit.address " + " AND it.module_id = cit.module_id" + " JOIN " + TableNames.OPERANDS_TABLE + " AS ot ON it.address = ot.address " + " AND it.module_id = ot.module_id" + " JOIN " + TableNames.EXPRESSION_TREE_MAPPING_TABLE + " AS etm ON ot.expression_tree_id = etm.tree_id " + " AND etm.module_id = ft.module_id" + " JOIN " + TableNames.EXPRESSION_TREE_TABLE + " AS et ON et.id = etm.tree_node_id " + " AND et.module_id = ft.module_id" + " WHERE ft.module_id = " + module.getId() + " and mnemonic in (" + callMnemonics + ") " + " AND (et.type in (" + registerOrdinal + ", " + dereferenceOrdinal + "))" + " GROUP BY faddress, iaddress";
final List<IndirectCall> addresses = new ArrayList<IndirectCall>();
try {
final ResultSet resultSet = module.getDatabase().executeQuery(query);
try {
while (resultSet.next()) {
final Address address = new Address(resultSet.getLong("iaddress"));
if (importedFunctionCalls.contains(address)) {
continue;
}
final Address faddress = new Address(resultSet.getLong("faddress"));
final Function function = functionMap.get(faddress);
addresses.add(new IndirectCall(module, function, address));
}
} finally {
resultSet.close();
}
return addresses;
} catch (final SQLException exception) {
exception.printStackTrace();
return new ArrayList<IndirectCall>();
}
}
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class OutputListGenerator method generate.
/**
* Generates a string that shows the resolved functions.
*
* @param resolvedAddresses The function resolver result.
*
* @return The string that shows the resolved functions.
*/
public static String generate(final Map<BigInteger, Set<ResolvedFunction>> resolvedAddresses) {
assert resolvedAddresses != null;
final StringBuffer buffer = new StringBuffer();
buffer.append("Resolved the following indirect calls:\n");
for (final Entry<BigInteger, Set<ResolvedFunction>> element : sort(resolvedAddresses.entrySet())) {
final BigInteger start = element.getKey();
final Set<ResolvedFunction> targets = element.getValue();
buffer.append(String.format("%08X ->\n", start.longValue()));
for (final ResolvedFunction target : targets) {
if (target.getFunction() != null) {
final Function function = target.getFunction();
final Address functionAddress = function.getAddress();
final String functionName = function.getModule().getName() + "!" + function.getName();
buffer.append(String.format(" %08X (%s)\n", functionAddress.toLong(), functionName));
} else if (target.getMemoryModule() != null) {
final MemoryModule module = target.getMemoryModule();
final Address functionAddress = target.getAddress();
final String functionName = module.getName() + "!???";
buffer.append(String.format(" %08X (%s)\n", functionAddress.toLong(), functionName));
} else {
final Address address = target.getAddress();
buffer.append(String.format(" %s (%s)\n", address.toHexString().toUpperCase(), "???!???"));
}
}
}
return buffer.toString();
}
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class CallResolver method resolveFunctions.
private void resolveFunctions(final Module module) {
if (!module.isLoaded()) {
return;
}
final Map<Address, Function> functionMap = new HashMap<Address, Function>();
for (final Function function : module.getFunctions()) {
final Address rebasedAddress = target.getDebugger().toImagebase(module, function.getAddress());
functionMap.put(rebasedAddress, function);
}
resolvedFunctions.put(module, functionMap);
}
use of com.google.security.zynamics.binnavi.API.disassembly.Address in project binnavi by google.
the class BreakpointHelpers method getBreakpoints.
/**
* Returns the addresses of a view where breakpoints are set.
*
* @param debugger The debugger that set the breakpoint.
* @param view The view to search through.
* @param type Type of the breakpoints to search for.
*
* @return The addresses of the view where breakpoints of a given type are set.
*/
private static List<Address> getBreakpoints(final Debugger debugger, final View view, final BreakpointType type) {
Preconditions.checkNotNull(debugger, "Error: Debugger argument can not be null");
Preconditions.checkNotNull(view, "Error: View argument can not be null");
final BreakpointManager manager = debugger.getBreakpointManager();
final List<Address> breakpoints = new ArrayList<Address>();
for (final ViewNode node : view.getGraph().getNodes()) {
if (node instanceof CodeNode) {
breakpoints.addAll(getBreakpoints(debugger, (CodeNode) node, type));
} else if (node instanceof FunctionNode) {
final FunctionNode fnode = (FunctionNode) node;
final BreakpointAddress address = new BreakpointAddress(fnode.getFunction().getNative().getModule(), new UnrelocatedAddress(fnode.getFunction().getNative().getAddress()));
if (manager.getNative().hasBreakpoint(type, address)) {
breakpoints.add(new Address(address.getAddress().getAddress().toBigInteger()));
}
}
}
return breakpoints;
}
Aggregations