Interface ContextEvaluator

All Known Implementing Classes:
ContextEvaluatorAdapter

public interface ContextEvaluator
ContextEvaluator provides a callback mechanism for the SymbolicPropogator as code is evaluated.
  • Method Details

    • evaluateContextBefore

      boolean evaluateContextBefore(VarnodeContext context, Instruction instr)
      Evaluate the current instruction given the context before the instruction is evaluated
      Parameters:
      context - describes current state of registers
      instr - instruction whose context has not yet been applied
      Returns:
      true if evaluation should stop
    • evaluateContext

      boolean evaluateContext(VarnodeContext context, Instruction instr)
      Evaluate the current instruction given the final context for the instruction
      Parameters:
      context - describes current state of registers
      instr - instruction whose context has been applied
      Returns:
      true if evaluation should stop, false to continue evaluation
    • evaluateReference

      boolean evaluateReference(VarnodeContext context, Instruction instr, int pcodeop, Address address, int size, DataType dataType, RefType refType)
      Evaluate the reference that has been found on this instruction. Computed values that are used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.
      Parameters:
      context - current program context
      instr - instruction on which this reference was detected
      pcodeop - the PcodeOp operation that is causing this reference
      address - address being referenced
      size - size of the item being referenced (only non-zero if load or store of data)
      dataType - dataType associated with the reference if known
      refType - reference type (flow, data/read/write)
      Returns:
      false if the reference should be ignored (or has been taken care of by this routine)
    • evaluateConstant

      Address evaluateConstant(VarnodeContext context, Instruction instr, int pcodeop, Address constant, int size, DataType dataType, RefType refType)
      Evaluate a potential constant to be used as an address or an interesting constant that should have a reference created for it. Computed values that are not know to be used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.
      Parameters:
      context - current program context
      instr - instruction on which this reference was detected
      pcodeop - the PcodeOp operation that is causing this potential constant
      constant - constant value (in constant.getOffset() )
      size - size of constant value in bytes
      dataType - dataType associated with the reference if known
      refType - reference type (flow, data/read/write)
      Returns:
      the original address unchanged if it should be a reference null if the constant reference should not be created a new address if the value should be a different address or address space Using something like instr.getProgram().getAddressFactory().getDefaultAddressSpace();
    • evaluateDestination

      boolean evaluateDestination(VarnodeContext context, Instruction instruction)
      Evaluate the instruction for an unknown destination
      Parameters:
      context - current register context
      instruction - instruction that has an unknown destination
      Returns:
      true if the evaluation should stop, false to continue evaluation
    • evaluateReturn

      boolean evaluateReturn(Varnode retVN, VarnodeContext context, Instruction instruction)
      Evaluate the the target of a return
      Parameters:
      retVN - varnode that is the target of a RETURN pcodeop
      context - current register context
      instruction - instruction that has an unknown destination
      Returns:
      true if the evaluation should stop, false to continue evaluation
    • unknownValue

      Long unknownValue(VarnodeContext context, Instruction instruction, Varnode node)
      Called when a value is needed for a register that is unknown
      Parameters:
      context - current register context
      instruction - instruction that has an unknown destination
      node - varnode for the register being accessed to obtain a value
      Returns:
      null if the varnode should not have an assumed value. a long value if the varnode such as a Global Register should have an assumed constant
    • followFalseConditionalBranches

      boolean followFalseConditionalBranches()
      Follow all branches, even if the condition evaluates to false, indicating it shouldn't be followed.
      Returns:
      true if false evaluated conditional branches should be followed.
    • evaluateSymbolicReference

      boolean evaluateSymbolicReference(VarnodeContext context, Instruction instr, Address address)
      Evaluate the reference that has been found on this instruction that points into an unknown space that has been designated as tracked.
      Parameters:
      context - current program context
      instr - instruction on which this reference was detected
      address - address being referenced
      Returns:
      false if the reference should be ignored (or has been taken care of by this routine) true to allow the reference to be created
    • allowAccess

      boolean allowAccess(VarnodeContext context, Address addr)
      Evaluate the address and check if the access to the value in the memory location to be read The address is read-only and is not close to this address.
      Parameters:
      context - current program context
      addr - Address of memory where location is attempting to be read
      Returns:
      true if the access should be allowed