Package ghidra.program.util
Interface ContextEvaluator
- All Known Implementing Classes:
ContextEvaluatorAdapter
public interface ContextEvaluator
ContextEvaluator provides a callback mechanism for the SymbolicPropogator as code is evaluated.
-
Method Summary
Modifier and TypeMethodDescriptionboolean
allowAccess
(VarnodeContext context, Address addr) Evaluate the address and check if the access to the value in the memory location to be read The address is read-only and is not close to this address.evaluateConstant
(VarnodeContext context, Instruction instr, int pcodeop, Address constant, int size, DataType dataType, RefType refType) Evaluate a potential constant to be used as an address or an interesting constant that should have a reference created for it.boolean
evaluateContext
(VarnodeContext context, Instruction instr) Evaluate the current instruction given the final context for the instructionboolean
evaluateContextBefore
(VarnodeContext context, Instruction instr) Evaluate the current instruction given the context before the instruction is evaluatedboolean
evaluateDestination
(VarnodeContext context, Instruction instruction) Evaluate the instruction for an unknown destinationboolean
evaluateReference
(VarnodeContext context, Instruction instr, int pcodeop, Address address, int size, DataType dataType, RefType refType) Evaluate the reference that has been found on this instruction.boolean
evaluateReturn
(Varnode retVN, VarnodeContext context, Instruction instruction) Evaluate the the target of a returnboolean
evaluateSymbolicReference
(VarnodeContext context, Instruction instr, Address address) Evaluate the reference that has been found on this instruction that points into an unknown space that has been designated as tracked.boolean
Follow all branches, even if the condition evaluates to false, indicating it shouldn't be followed.unknownValue
(VarnodeContext context, Instruction instruction, Varnode node) Called when a value is needed for a register that is unknown
-
Method Details
-
evaluateContextBefore
Evaluate the current instruction given the context before the instruction is evaluated- Parameters:
context
- describes current state of registersinstr
- instruction whose context has not yet been applied- Returns:
- true if evaluation should stop
-
evaluateContext
Evaluate the current instruction given the final context for the instruction- Parameters:
context
- describes current state of registersinstr
- instruction whose context has been applied- Returns:
- true if evaluation should stop, false to continue evaluation
-
evaluateReference
boolean evaluateReference(VarnodeContext context, Instruction instr, int pcodeop, Address address, int size, DataType dataType, RefType refType) Evaluate the reference that has been found on this instruction. Computed values that are used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.- Parameters:
context
- current program contextinstr
- instruction on which this reference was detectedpcodeop
- the PcodeOp operation that is causing this referenceaddress
- address being referencedsize
- size of the item being referenced (only non-zero if load or store of data)dataType
- dataType associated with the reference if knownrefType
- reference type (flow, data/read/write)- Returns:
- false if the reference should be ignored (or has been taken care of by this routine)
-
evaluateConstant
Address evaluateConstant(VarnodeContext context, Instruction instr, int pcodeop, Address constant, int size, DataType dataType, RefType refType) Evaluate a potential constant to be used as an address or an interesting constant that should have a reference created for it. Computed values that are not know to be used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.- Parameters:
context
- current program contextinstr
- instruction on which this reference was detectedpcodeop
- the PcodeOp operation that is causing this potential constantconstant
- constant value (in constant.getOffset() )size
- size of constant value in bytesdataType
- dataType associated with the reference if knownrefType
- reference type (flow, data/read/write)- Returns:
- the original address unchanged if it should be a reference null if the constant reference should not be created a new address if the value should be a different address or address space Using something like instr.getProgram().getAddressFactory().getDefaultAddressSpace();
-
evaluateDestination
Evaluate the instruction for an unknown destination- Parameters:
context
- current register contextinstruction
- instruction that has an unknown destination- Returns:
- true if the evaluation should stop, false to continue evaluation
-
evaluateReturn
Evaluate the the target of a return- Parameters:
retVN
- varnode that is the target of a RETURN pcodeopcontext
- current register contextinstruction
- instruction that has an unknown destination- Returns:
- true if the evaluation should stop, false to continue evaluation
-
unknownValue
Called when a value is needed for a register that is unknown- Parameters:
context
- current register contextinstruction
- instruction that has an unknown destinationnode
- varnode for the register being accessed to obtain a value- Returns:
- null if the varnode should not have an assumed value. a long value if the varnode such as a Global Register should have an assumed constant
-
followFalseConditionalBranches
boolean followFalseConditionalBranches()Follow all branches, even if the condition evaluates to false, indicating it shouldn't be followed.- Returns:
- true if false evaluated conditional branches should be followed.
-
evaluateSymbolicReference
Evaluate the reference that has been found on this instruction that points into an unknown space that has been designated as tracked.- Parameters:
context
- current program contextinstr
- instruction on which this reference was detectedaddress
- address being referenced- Returns:
- false if the reference should be ignored (or has been taken care of by this routine) true to allow the reference to be created
-
allowAccess
Evaluate the address and check if the access to the value in the memory location to be read The address is read-only and is not close to this address.- Parameters:
context
- current program contextaddr
- Address of memory where location is attempting to be read- Returns:
- true if the access should be allowed
-