Package ghidra.pcode.emu.taint.lib
Class TaintFileReadsLinuxAmd64SyscallLibrary
java.lang.Object
ghidra.pcode.exec.AnnotatedPcodeUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
ghidra.pcode.emu.sys.AnnotatedEmuSyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
ghidra.pcode.emu.unix.AbstractEmuUnixSyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
ghidra.pcode.emu.linux.AbstractEmuLinuxSyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
ghidra.pcode.emu.linux.EmuLinuxAmd64SyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
ghidra.pcode.emu.taint.lib.TaintFileReadsLinuxAmd64SyscallLibrary
- All Implemented Interfaces:
EmuSyscallLibrary<org.apache.commons.lang3.tuple.Pair<byte[],,TaintVec>> PcodeUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
public class TaintFileReadsLinuxAmd64SyscallLibrary
extends EmuLinuxAmd64SyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>>
A library for performing Taint Analysis on a Linux-amd64 program that reads from tainted files
This library is not currently accessible from the UI. It can be used with scripts by overriding a taint emulator's userop library factory method.
TODO: A means of adding and configuring userop libraries in the UI.
TODO: Example scripts.
-
Nested Class Summary
Nested classes/interfaces inherited from class ghidra.pcode.emu.unix.AbstractEmuUnixSyscallUseropLibrary
AbstractEmuUnixSyscallUseropLibrary.Errno, AbstractEmuUnixSyscallUseropLibrary.UnixStructuredPartNested classes/interfaces inherited from class ghidra.pcode.emu.sys.AnnotatedEmuSyscallUseropLibrary
AnnotatedEmuSyscallUseropLibrary.EmuSyscall, AnnotatedEmuSyscallUseropLibrary.StructuredPartNested classes/interfaces inherited from class ghidra.pcode.exec.AnnotatedPcodeUseropLibrary
AnnotatedPcodeUseropLibrary.AnnotatedPcodeUseropDefinition<T>, AnnotatedPcodeUseropLibrary.FixedArgsAnnotatedPcodeUseropDefinition<T>, AnnotatedPcodeUseropLibrary.OpExecutor, AnnotatedPcodeUseropLibrary.OpLibrary, AnnotatedPcodeUseropLibrary.OpOutput, AnnotatedPcodeUseropLibrary.OpState, AnnotatedPcodeUseropLibrary.PcodeUserop, AnnotatedPcodeUseropLibrary.VariadicAnnotatedPcodeUseropDefinition<T>Nested classes/interfaces inherited from interface ghidra.pcode.emu.sys.EmuSyscallLibrary
EmuSyscallLibrary.EmuSyscallDefinition<T>, EmuSyscallLibrary.SyscallPcodeUseropDefinition<T>Nested classes/interfaces inherited from interface ghidra.pcode.exec.PcodeUseropLibrary
PcodeUseropLibrary.EmptyPcodeUseropLibrary, PcodeUseropLibrary.PcodeUseropDefinition<T> -
Field Summary
Fields inherited from class ghidra.pcode.emu.linux.EmuLinuxAmd64SyscallUseropLibrary
clib64, regRAXFields inherited from class ghidra.pcode.emu.linux.AbstractEmuLinuxSyscallUseropLibrary
ERRNOS, O_APPEND, O_CREAT, O_MASK_RDWR, O_RDONLY, O_RDWR, O_TRUNC, O_WRONLYFields inherited from class ghidra.pcode.emu.unix.AbstractEmuUnixSyscallUseropLibrary
closedFds, descriptors, fs, intSize, userFields inherited from class ghidra.pcode.emu.sys.AnnotatedEmuSyscallUseropLibrary
additionalArchives, CACHE_BY_CLASS, cSpec, dtMachineWord, machine, program, SYSCALL_SPACE_NAME, syscallMapFields inherited from class ghidra.pcode.exec.AnnotatedPcodeUseropLibrary
opsFields inherited from interface ghidra.pcode.emu.sys.EmuSyscallLibrary
SYSCALL_CONVENTION_NAMEFields inherited from interface ghidra.pcode.exec.PcodeUseropLibrary
NIL -
Constructor Summary
ConstructorsConstructorDescriptionTaintFileReadsLinuxAmd64SyscallLibrary(PcodeMachine<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> machine, EmuUnixFileSystem<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> fs, Program program) TaintFileReadsLinuxAmd64SyscallLibrary(PcodeMachine<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> machine, EmuUnixFileSystem<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> fs, Program program, EmuUnixUser user) -
Method Summary
Modifier and TypeMethodDescriptionorg.apache.commons.lang3.tuple.Pair<byte[], TaintVec> unix_read(PcodeExecutorState<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> state, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> fd, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> bufPtr, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> count) The UNIXreadsystem callMethods inherited from class ghidra.pcode.emu.linux.EmuLinuxAmd64SyscallUseropLibrary
disposeAdditionalArchives, getAdditionalArchives, readSyscallNumber, returnErrnoMethods inherited from class ghidra.pcode.emu.linux.AbstractEmuLinuxSyscallUseropLibrary
convertFlags, getErrnoMethods inherited from class ghidra.pcode.emu.unix.AbstractEmuUnixSyscallUseropLibrary
claimFd, createHandle, findFd, handleError, lowestFd, newStructuredPart, putDescriptor, releaseFd, unix_close, unix_exit, unix_group_exit, unix_open, unix_writeMethods inherited from class ghidra.pcode.emu.sys.AnnotatedEmuSyscallUseropLibrary
getSyscalls, getSyscallUserop, mapAndBindSyscalls, mapAndBindSyscalls, newBoundSyscallMethods inherited from class ghidra.pcode.exec.AnnotatedPcodeUseropLibrary
getMethodLookup, getOperandType, getUseropsMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ghidra.pcode.emu.sys.EmuSyscallLibrary
syscallMethods inherited from interface ghidra.pcode.exec.PcodeUseropLibrary
compose, getSymbols, getUserops
-
Constructor Details
-
TaintFileReadsLinuxAmd64SyscallLibrary
public TaintFileReadsLinuxAmd64SyscallLibrary(PcodeMachine<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> machine, EmuUnixFileSystem<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> fs, Program program, EmuUnixUser user) -
TaintFileReadsLinuxAmd64SyscallLibrary
public TaintFileReadsLinuxAmd64SyscallLibrary(PcodeMachine<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> machine, EmuUnixFileSystem<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> fs, Program program)
-
-
Method Details
-
unix_read
public org.apache.commons.lang3.tuple.Pair<byte[],TaintVec> unix_read(PcodeExecutorState<org.apache.commons.lang3.tuple.Pair<byte[], TaintVec>> state, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> fd, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> bufPtr, org.apache.commons.lang3.tuple.Pair<byte[], TaintVec> count) Description copied from class:AbstractEmuUnixSyscallUseropLibraryThe UNIXreadsystem call- Overrides:
unix_readin classAbstractEmuUnixSyscallUseropLibrary<org.apache.commons.lang3.tuple.Pair<byte[],TaintVec>> - Parameters:
state- to receive the thread's statefd- the file descriptorbufPtr- the pointer to the buffer to receive the datacount- the number of bytes to read- Returns:
- the number of bytes successfully read
-