Class TaintPieceHandler
- All Implemented Interfaces:
TraceEmulationIntegration.PieceHandler<byte[],TaintVec>
TaintVec
This contains the logic for integrating the Taint emulator with traces. That is, it is the
mechanism that loads previous taint analysis from a trace and stores new results back into the
trace. The object passed into these methods as piece is almost certainly a
TaintPcodeExecutorStatePiece, but not necessarily. As a matter of best practice, it
should not be necessary to cast. The given PcodeExecutorStatePiece interface should be
sufficient as internals can often be reached via
PcodeExecutorStatePiece.getVarInternal(AddressSpace, long, int, Reason).
-
Field Summary
FieldsFields inherited from interface ghidra.pcode.exec.trace.TraceEmulationIntegration.PieceHandler
NONE -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddecodeFrom(PcodeExecutorStatePiece<byte[], TaintVec> piece, AddressSetView limit, AddressRange range, String propertyValue) Decode a property entry and set appropriate variable(s) in the pieceprotected voidencodeInto(PcodeTracePropertyAccess<String> property, AddressRange range, TaintVec value) Encode a variable's value into a property entryClass<byte[]> Get the address domain this can handleprotected StringGet the name of the property map.Get the type of values in the property mapGet the value domain this can handleMethods inherited from class ghidra.pcode.exec.trace.TraceEmulationIntegration.AbstractPropertyBasedPieceHandler
abstractReadUninit, abstractWritten, readUninitialized, writeDownMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface ghidra.pcode.exec.trace.TraceEmulationIntegration.PieceHandler
dataWritten
-
Field Details
-
NAME
The name we will use for the property map- See Also:
-
-
Constructor Details
-
TaintPieceHandler
public TaintPieceHandler()
-
-
Method Details
-
getAddressDomain
Description copied from interface:TraceEmulationIntegration.PieceHandlerGet the address domain this can handle- Returns:
- the address domain
-
getValueDomain
Description copied from interface:TraceEmulationIntegration.PieceHandlerGet the value domain this can handle- Returns:
- the value domain
-
getPropertyName
Description copied from class:TraceEmulationIntegration.AbstractPropertyBasedPieceHandlerGet the name of the property map.This should be unique among all possible domains. Nor should it collide with map names used for other purposes.
- Specified by:
getPropertyNamein classTraceEmulationIntegration.AbstractPropertyBasedPieceHandler<byte[],TaintVec, String>
-
getPropertyType
Description copied from class:TraceEmulationIntegration.AbstractPropertyBasedPieceHandlerGet the type of values in the property map- Specified by:
getPropertyTypein classTraceEmulationIntegration.AbstractPropertyBasedPieceHandler<byte[],TaintVec, String> - Returns:
- the type, often
String.class
-
decodeFrom
protected void decodeFrom(PcodeExecutorStatePiece<byte[], TaintVec> piece, AddressSetView limit, AddressRange range, String propertyValue) Decode a property entry and set appropriate variable(s) in the pieceThe found property entry may cover more addresses than are actually required, either because they've not been requested or because the value has already been set. Writing a value that wasn't requested isn't too bad, but writing one that was already initialized could be catastrophic.
The super class takes care of visiting each property map entry that may be involved. This method gets invoked for each one found, identifying the range to which the property value applies and the value itself. IMPORTANT: This implementation must still ensure it only modifies addresses that are not yet initialized. The set of such addresses is given by
limit. Thus, we have the if-else to determine whether or not the found property entry is wholly contained within that limit. If not, then we have to piecemeal it.To insert each resulting entry into the state piece, we use
PcodeExecutorStatePiece.setVarInternal(AddressSpace, long, int, Object), so that we do not issue any follow-on callbacks.- Specified by:
decodeFromin classTraceEmulationIntegration.AbstractPropertyBasedPieceHandler<byte[],TaintVec, String> - Parameters:
piece- the piece with uninitialized variables to decode from a propertylimit- the portion that is requested and uninitialized. DO NOT initialize any address outside of this set.range- the range covered by the found property entrypropertyValue- the value of the property entry
-
encodeInto
protected void encodeInto(PcodeTracePropertyAccess<String> property, AddressRange range, TaintVec value) Encode a variable's value into a property entryThe super class takes care of iterating over the entries in the state piece, using
PcodeExecutorStatePiece.getNextEntryInternal(AddressSpace, long). In our case, since we coalesce identically-tainted contiguous bytes, serialization is fairly straightforward. The one nuances is that we'd rather not waste entries for addresses without any taint, and so we check for that and usenullinstead, which will cause the shim to clear the property on those addresses.- Specified by:
encodeIntoin classTraceEmulationIntegration.AbstractPropertyBasedPieceHandler<byte[],TaintVec, String> - Parameters:
property- the property map (access shim)range- the variable's address range (this may optionally be coalesced from several variables by the piece's internals)value- the variable's value
-