Examples with ViewNode com.google.security.zynamics.binnavi.API.disassembly.ViewNode used on opensource projects

Example 1 with ViewNode

use of com.google.security.zynamics.binnavi.API.disassembly.ViewNode in project binnavi by google.

the class PathFinderTest method testInsideFunctionPartial.

@Test
public void testInsideFunctionPartial() throws CouldntLoadDataException, PartialLoadException {
    // Tests path finding somewhere inside a function
    final Function startFunction = findFunction(m_notepad, 0x01002452);
    final BasicBlock startBlock = findBlock(startFunction, 0x10024C2);
    final BasicBlock endBlock = findBlock(startFunction, 0x10026FB);
    final View view = PathFinder.createPath(m_notepad, startBlock, endBlock, null, null);
    assertEquals(9, view.getGraph().nodeCount());
    assertEquals(11, view.getGraph().edgeCount());
    final List<ViewEdge> edges = view.getGraph().getEdges();
    final List<ViewNode> nodes = view.getGraph().getNodes();
    assertEquals(EdgeType.JumpConditionalFalse, findEdge(edges, 0x10024C2, 0x1002523).getType());
    assertEquals(EdgeType.JumpConditionalTrue, findEdge(edges, 0x10024C2, 0x1002539).getType());
    assertEquals(EdgeType.JumpUnconditional, findEdge(edges, 0x100253F, 0x10026F9).getType());
    assertEquals(Color.GREEN, findNode(nodes, 0x10024C2).getColor());
    assertEquals(Color.YELLOW, findNode(nodes, 0x10026FB).getColor());
}

Example 2 with ViewNode

use of com.google.security.zynamics.binnavi.API.disassembly.ViewNode in project binnavi by google.

the class PathFinder method createPath.

/**
   * Creates a view that shows all possible paths between two blocks of a module.
   *
   * @param module The module for which the view is created.
   * @param startBlock The basic block where the path begins (must be null if startFunction is not
   *        null).
   * @param targetBlock The basic block where the path ends (must be null if targetFunction is not
   *        null).
   * @param startFunction The function where the path starts (must be null if startBlock is not
   *        null).
   * @param targetFunction The function where the path ends (must be null if targetBlock is not
   *        null).
   *
   * @return The view that contains all possible paths between the start block and the target block.
   *
   * @throws CouldntLoadDataException
   * @throws PartialLoadException
   * @throws IllegalArgumentException
   */
public static View createPath(final Module module, final BasicBlock startBlock, final BasicBlock targetBlock, final Function startFunction, final Function targetFunction) throws CouldntLoadDataException, PartialLoadException {
    Preconditions.checkNotNull(module, "Error: Module argument can't be null");
    Preconditions.checkArgument(module.isLoaded(), "Error: Module is not loaded");
    if ((startBlock == null) && (startFunction == null)) {
        throw new IllegalArgumentException("Error: No valid start given");
    }
    if ((targetBlock == null) && (targetFunction == null)) {
        throw new IllegalArgumentException("Error: No valid target given");
    }
    if ((startFunction != null) && !startFunction.isLoaded()) {
        throw new IllegalArgumentException("Error: Start function is not loaded");
    }
    if ((targetFunction != null) && !targetFunction.isLoaded()) {
        throw new IllegalArgumentException("Error: Target function is not loaded");
    }
    // The algorithm works like this:
    //
    // 1. Find all functions that lie between the start function and the target function.
    // 2. Insert all of these functions into the new view.
    // 3. Connect the individual functions at function calls and split code nodes if necessary.
    // 4. Determine what nodes are actually on the path by taking the successors of the start
    // node and set-unioning those with the predecessors of the target node.
    // 5. Delete all the nodes which are not on the path.
    // At first we determine the function where the path starts and the function where the path
    // ends.
    final Function realStartFunction = startFunction != null ? startFunction : startBlock.getParentFunction();
    final Function realTargetFunction = targetFunction != null ? targetFunction : targetBlock.getParentFunction();
    if (realStartFunction.getGraph().nodeCount() == 0) {
        throw new IllegalArgumentException("Error: Functions with zero nodes can not be used for pathfinding");
    }
    // Determine the real start and end blocks of the path with the help of the function flow graphs
    final BasicBlock realStartBlock = startBlock != null ? startBlock : findEntryNode(realStartFunction);
    final BasicBlock realTargetBlock = targetBlock != null ? targetBlock : findEntryNode(realTargetFunction);
    // Find out what functions are called on the way between the first block and the second block.
    final LinkedHashSet<FunctionBlock> passedFunctions = findPassedFunctions(module.getCallgraph(), realStartFunction, realTargetFunction);
    // Create the view that represents the calculated path
    final String endAddress = realTargetBlock != null ? realTargetBlock.getAddress().toHexString() : realTargetFunction.getAddress().toHexString();
    final View view = module.createView("New Pathfinder View", String.format("%s -> %s", realStartBlock.getAddress().toHexString(), endAddress));
    view.load();
    // Maps basic blocks of functions to their corresponding node in the new view.
    final Map<BasicBlock, ViewNode> nodeMap = new HashMap<BasicBlock, ViewNode>();
    // Keeps track of the entry nodes for each function,
    final Map<Function, ViewNode> entryNodes = new HashMap<Function, ViewNode>();
    // Keeps track of the exit nodes for each function,
    final ArrayListMultimap<Function, ViewNode> exitNodes = ArrayListMultimap.create();
    // Keeps track of the function a view node belongs to.
    // TODO (timkornau): This should actually be accessible from the plug in API.
    final Map<ViewNode, Function> functionMap = new HashMap<ViewNode, Function>();
    // Create a code node for all basic blocks of the passed functions.
    createInitialBlocks(view, passedFunctions, nodeMap, functionMap);
    // Create view edges for all edges in the passed functions.
    createInitialEdges(view, passedFunctions, nodeMap);
    // Find the entry and exit nodes for all passed functions.
    findEntryExitNodes(passedFunctions, nodeMap, functionMap, entryNodes, exitNodes);
    ViewNode startNode = nodeMap.get(realStartBlock);
    ViewNode targetNode = realTargetBlock == null ? entryNodes.get(realTargetFunction) : nodeMap.get(realTargetBlock);
    startNode.setColor(Color.GREEN);
    targetNode.setColor(Color.YELLOW);
    // Connect the nodes of the different functions on function calls.
    final NodePair splitResult = connectFunctions(view, startNode, targetNode, passedFunctions, entryNodes, exitNodes, functionMap);
    startNode = splitResult.getFirst();
    targetNode = splitResult.getSecond();
    // all paths end here.
    for (final ViewEdge edge : targetNode.getOutgoingEdges()) {
        view.deleteEdge(edge);
    }
    // Delete all nodes that are not on the path.
    deleteNodesNotOnPath(view, startNode, targetNode);
    if (startNode.getOutgoingEdges().isEmpty()) {
        // no path exists between the two nodes
        return null;
    }
    try {
        view.save();
    } catch (final CouldntSaveDataException exception) {
        CUtilityFunctions.logException(exception);
    }
    return view;
}

Example 3 with ViewNode

use of com.google.security.zynamics.binnavi.API.disassembly.ViewNode in project binnavi by google.

the class PathFinder method connectFunctions.

/**
   * Connects the functions in the view using inlining edges.
   *
   * @param view The view where the edges are created.
   * @param startNode The start node of the path.
   * @param targetNode The target node of the path.
   * @param passedFunctions All functions that lie on the path.
   * @param entryNodes Keeps track of the entry nodes of all functions.
   * @param exitNodes Keeps track of the exit nodes of all functions.
   * @param functionMap Keeps track to what function a node belongs to.
   *
   * @return Node pair that contains the updated start node and target node.
   */
private static NodePair connectFunctions(final View view, final ViewNode startNode, final ViewNode targetNode, final Collection<FunctionBlock> passedFunctions, final Map<Function, ViewNode> entryNodes, final ArrayListMultimap<Function, ViewNode> exitNodes, final Map<ViewNode, Function> functionMap) {
    ViewNode realStartNode = startNode;
    ViewNode realTargetNode = targetNode;
    final Set<ViewNode> handled = new HashSet<ViewNode>();
    while (true) {
        boolean splitNode = false;
        start: for (final ViewNode node : view.getGraph().getNodes()) {
            if (handled.contains(node)) {
                continue;
            }
            if (!(node instanceof CodeNode)) {
                continue;
            }
            final CodeNode cnode = (CodeNode) node;
            for (final Instruction instruction : cnode.getInstructions()) {
                for (final FunctionBlock functionBlock : passedFunctions) {
                    final Function function = functionBlock.getFunction();
                    if (callsFunction(instruction, function)) {
                        // A function call to a function on the path was found.
                        // At this point we have to split the code node after
                        // the function call.
                        final NodePair result = splitBlock(view, functionMap.get(cnode), cnode, instruction);
                        if (realStartNode == cnode) {
                            // Of course it is possible that the start node was split,
                            // therefore we have to update the start node to the upper
                            // part of the new node.
                            realStartNode = result.getFirst();
                        }
                        if (realTargetNode == cnode) {
                            // Of course it is possible that the target node was split,
                            // therefore we have to update the target node to the upper
                            // part of the new node.
                            realTargetNode = result.getFirst();
                        }
                        // too.
                        for (final FunctionBlock functionBlock2 : passedFunctions) {
                            final Function function2 = functionBlock2.getFunction();
                            if (entryNodes.get(function2) == cnode) {
                                // Update the entry nodes
                                entryNodes.put(function2, result.getFirst());
                            }
                            if (exitNodes.get(function2).contains(cnode)) {
                                // Update the exit nodes
                                if (result.getSecond() != null) {
                                    exitNodes.remove(function2, cnode);
                                    exitNodes.put(function2, result.getSecond());
                                }
                            }
                        }
                        if (functionMap.containsKey(cnode)) {
                            final Function f = functionMap.get(cnode);
                            functionMap.remove(cnode);
                            functionMap.put(result.getFirst(), f);
                        }
                        handled.add(result.getFirst());
                        if (result.getSecond() == null) {
                            for (final ViewEdge edge : node.getOutgoingEdges()) {
                                for (final ViewNode currentExitNode : exitNodes.get(function)) {
                                    final ViewEdge leaveEdge = view.createEdge(currentExitNode, edge.getTarget(), EdgeType.LeaveInlinedFunction);
                                    leaveEdge.setColor(DEFAULT_INLINING_EDGE_COLOR);
                                }
                                view.deleteEdge(edge);
                            }
                            final ViewEdge enterEdge = view.createEdge(result.getFirst(), entryNodes.get(function), EdgeType.EnterInlinedFunction);
                            enterEdge.setColor(DEFAULT_INLINING_EDGE_COLOR);
                            handled.add(cnode);
                        } else {
                            // The node was split. We simply have to connect both split parts to the
                            // called function.
                            final ViewEdge enterEdge = view.createEdge(result.getFirst(), entryNodes.get(function), EdgeType.EnterInlinedFunction);
                            enterEdge.setColor(DEFAULT_INLINING_EDGE_COLOR);
                            for (final ViewNode currentExitNode : exitNodes.get(function)) {
                                final ViewEdge leaveEdge = view.createEdge(currentExitNode, result.getSecond(), EdgeType.LeaveInlinedFunction);
                                leaveEdge.setColor(DEFAULT_INLINING_EDGE_COLOR);
                            }
                        }
                        splitNode = true;
                        break start;
                    }
                }
            }
            handled.add(cnode);
        }
        if (!splitNode) {
            break;
        }
    }
    return new NodePair(realStartNode, realTargetNode);
}

Example 4 with ViewNode

use of com.google.security.zynamics.binnavi.API.disassembly.ViewNode in project binnavi by google.

the class BreakpointHelpers method getBreakpoints.

/**
   * Returns the addresses of a view where breakpoints are set.
   *
   * @param debugger The debugger that set the breakpoint.
   * @param view The view to search through.
   * @param type Type of the breakpoints to search for.
   *
   * @return The addresses of the view where breakpoints of a given type are set.
   */
private static List<Address> getBreakpoints(final Debugger debugger, final View view, final BreakpointType type) {
    Preconditions.checkNotNull(debugger, "Error: Debugger argument can not be null");
    Preconditions.checkNotNull(view, "Error: View argument can not be null");
    final BreakpointManager manager = debugger.getBreakpointManager();
    final List<Address> breakpoints = new ArrayList<Address>();
    for (final ViewNode node : view.getGraph().getNodes()) {
        if (node instanceof CodeNode) {
            breakpoints.addAll(getBreakpoints(debugger, (CodeNode) node, type));
        } else if (node instanceof FunctionNode) {
            final FunctionNode fnode = (FunctionNode) node;
            final BreakpointAddress address = new BreakpointAddress(fnode.getFunction().getNative().getModule(), new UnrelocatedAddress(fnode.getFunction().getNative().getAddress()));
            if (manager.getNative().hasBreakpoint(type, address)) {
                breakpoints.add(new Address(address.getAddress().getAddress().toBigInteger()));
            }
        }
    }
    return breakpoints;
}

Example 5 with ViewNode

use of com.google.security.zynamics.binnavi.API.disassembly.ViewNode in project binnavi by google.

the class InstructionFinders method findInstruction.

/**
   * Searches for an instruction in a view.
   *
   * @param view The view to search through.
   * @param searchInstruction The instruction to search for.
   *
   * @return The API instruction object that wraps the search instruction.
   */
public static Instruction findInstruction(final View view, final IInstruction searchInstruction) {
    Preconditions.checkNotNull(view, "IE02056: View argument can not be null");
    Preconditions.checkNotNull(searchInstruction, "IE02060: Instruction argument can not be null");
    for (final ViewNode node : view.getGraph().getNodes()) {
        if (node instanceof CodeNode) {
            final CodeNode codeNode = (CodeNode) node;
            for (final Instruction instruction : codeNode.getInstructions()) {
                if (instruction.getNative() == searchInstruction) {
                    return instruction;
                }
            }
        }
    }
    throw new IllegalStateException("IE01275: Could not determine what instruction could not be translated");
}