Package ghidra.program.util

Class VarnodeContext

java.lang.Object
ghidra.program.util.VarnodeContext
All Implemented Interfaces:
ProcessorContext, ProcessorContextView
public class VarnodeContext extends Object implements ProcessorContext

  • Field Details

  • Constructor Details

  • Method Details

    • setDebug

      public void setDebug(boolean debugOn)

    • getDebug

      public boolean getDebug()

    • setCurrentInstruction

      public void setCurrentInstruction(Instruction instr)

    • getCurrentInstruction

      public Instruction getCurrentInstruction(Address addr)

    • getBaseContextRegister

      public Register getBaseContextRegister()
      Specified by:
      getBaseContextRegister in interface ProcessorContextView
      Returns:
      the base processor context register or null if one has not been defined

    • flowEnd

      public void flowEnd(Address address)

    • flowToAddress

      public void flowToAddress(Address fromAddr, Address toAddr)

    • getKnownFlowToAddresses

      public Address[] getKnownFlowToAddresses(Address toAddr)

    • flowStart

      public void flowStart(Address fromAddr, Address toAddr)

    • copyToFutureFlowState

      public void copyToFutureFlowState(Address fromAddr, Address toAddr)

    • mergeToFutureFlowState

      public boolean mergeToFutureFlowState(Address fromAddr, Address toAddr)

    • setFutureRegisterValue

      public void setFutureRegisterValue(Address address, RegisterValue regVal)

    • getReturnVarnode

      public Varnode[] getReturnVarnode(Function targetFunc)
      Parameters:
      targetFunc - function to get a returning varnode for NOTE: this only gets one, unless there is custom storage on the called function there may be bonded ones in the default convention!
      Returns:
      varnode that represents where functions place their return value

    • getKilledVarnodes

      public Varnode[] getKilledVarnodes(Function targetFunc)
      Parameters:
      targetFunc - function to get killed varnodes for NOTE: this removes the return varnodes so they aren't duplicated
      Returns:
      varnode that represents where functions place their return value

    • getStackVarnode

      public Varnode getStackVarnode()
      Returns:
      Varnode that represents the stack register

    • getStackRegister

      public Register getStackRegister()
      Returns:
      Register that represents the stack register

    • getValue

      public Varnode getValue(Varnode varnode, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • getValue

      public Varnode getValue(Varnode varnode, boolean signed, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • getMemoryValue

      protected Varnode getMemoryValue(Varnode varnode)
      Search the value state stack for the first occurence of the set value
      Parameters:
      varnode - varnode to search for a value
      Returns:
      first value found on stack, null otherwise

    • putMemoryValue

      protected void putMemoryValue(Varnode out, Varnode value)
      Put the value for the varnode on the top of the memory state stack
      Parameters:
      out - varnode for the value
      value - value to store for the varnode

    • isReadOnly

      protected boolean isReadOnly(Address addr)
      Check if the symbol at the address is read_only.
      Parameters:
      addr - - address of the symbol
      Returns:
      true if the block is read_only, and there are no write references.

    • createVarnode

      public Varnode createVarnode(long value, int spaceID, int size)

    • createConstantVarnode

      public Varnode createConstantVarnode(long value, int size)

    • createBadVarnode

      public Varnode createBadVarnode()

    • createVarnode

      public Varnode createVarnode(BigInteger bigVal, BigInteger spaceVal, int size)

    • putValue

      public void putValue(Varnode out, Varnode result, boolean mustClear)

    • readExecutableCode

      public boolean readExecutableCode()

    • setReadExecutableCode

      public void setReadExecutableCode()

    • clearReadExecutableCode

      public void clearReadExecutableCode()

    • propogateResults

      public void propogateResults(boolean clearContext)
      Propogate any results that are in the value cache.
      Parameters:
      clearContext - true if the cache should be cleared. The propogation could be for flow purposes, and the processing of the instruction is finished, so it's effects should be kept.

    • propogateValue

      public void propogateValue(Register reg, Varnode node, Varnode val, Address address)

    • getLastSetLocation

      public Address getLastSetLocation(Register reg, BigInteger bval)
      return the location that this register was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      reg - register to find last set location
      bval - value to look for to differentiate set locations, null if don't care
      Returns:
      address that the register was set.

    • getLastSetLocation

      public Address getLastSetLocation(Varnode rvar, BigInteger bval)
      return the location that this varnode was last set This is a transient thing, so it should only be used as a particular flow is being processed...
      Parameters:
      rvar - the register varnode
      bval - this parameter is unused.
      Returns:
      address that the register was set.

    • getVarnode

      public Varnode getVarnode(int spaceID, long offset, int size)

    • getConstant

      public long getConstant(Varnode vnode, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • getVarnode

      public Varnode getVarnode(Varnode space, Varnode offset, int size, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register reg, Address fromAddr, Address toAddr, boolean signed)
      get the value of a register as a varnode (value, space, size)
      Parameters:
      reg - register to get value for
      fromAddr - from address
      toAddr - to address
      signed - true if signed
      Returns:
      the register value or null

    • print

      protected String print(Varnode rvnode)

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address toAddr)
      Get the current value of the register at the address
      Parameters:
      reg - value of register to get
      toAddr - value of register at a location
      Returns:
      value of register or null

    • getRegisterValue

      public RegisterValue getRegisterValue(Register reg, Address fromAddr, Address toAddr)
      Get the value of a register that was set coming from an address to an another address.
      Parameters:
      reg - value of register to get
      fromAddr - location the value came from
      toAddr - location to get the value of the register coming from fromAddr
      Returns:
      value of register or null

    • getRegisterValueAddressRanges

      public AddressRangeIterator getRegisterValueAddressRanges(Register reg)

    • hasValueOverRange

      public boolean hasValueOverRange(Register reg, BigInteger bval, AddressSet set)

    • copy

      public void copy(Varnode out, Varnode in, boolean mustClearAll, ContextEvaluator evaluator) throws NotFoundException
      Copy the varnode with as little manipulation as possible. Try to keep whatever partial state there is intact if a real value isn't required.
      Parameters:
      out - varnode to put it in
      in - varnode to copy from.
      mustClearAll - true if must clear if value is not unique
      evaluator - user provided evaluator if needed
      Throws:
      NotFoundException - if there is no known value for in

    • add

      public Varnode add(Varnode val1, Varnode val2, ContextEvaluator evaluator) throws NotFoundException
      Add two varnodes together to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space
      Throws:
      NotFoundException - if any constant is needed not known

    • and

      public Varnode and(Varnode val1, Varnode val2, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • or

      public Varnode or(Varnode val1, Varnode val2, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • left

      public Varnode left(Varnode val1, Varnode val2, ContextEvaluator evaluator) throws NotFoundException
      Throws:
      NotFoundException

    • getAddressSpace

      public int getAddressSpace(String name)

    • subtract

      public Varnode subtract(Varnode val1, Varnode val2, ContextEvaluator evaluator) throws NotFoundException
      Subtract two varnodes to get a new value This could create a new space and return a varnode pointed into that space
      Parameters:
      val1 - first value
      val2 - second value
      Returns:
      varnode that could be a constant, or an offset into a space
      Throws:
      NotFoundException - if any constant is needed not known

    • extendValue

      public Varnode extendValue(Varnode out, Varnode[] in, boolean signExtend, ContextEvaluator evaluator) throws NotFoundException
      Extend a constant value if it can be extended.
      Parameters:
      out - varnode to extend into (for size)
      in - varnode value to extend the size
      Returns:
      Throws:
      NotFoundException

    • clearRegister

      public void clearRegister(Register reg)
      Description copied from interface: ProcessorContext
      Clears the register within this context.
      Specified by:
      clearRegister in interface ProcessorContext
      Parameters:
      reg - register to be cleared.

    • getRegister

      public Register getRegister(String name)
      Description copied from interface: ProcessorContextView
      Get a Register given the name of a register
      Specified by:
      getRegister in interface ProcessorContextView
      Parameters:
      name - the name of the register.
      Returns:
      The register with the given name.

    • getRegisterValue

      public RegisterValue getRegisterValue(Register register)
      Description copied from interface: ProcessorContextView
      Get the RegisterValue for the given register.
      Specified by:
      getRegisterValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      RegisterValue object containing the value of the register if a value exists, otherwise null.

    • getRegisterVarnodeValue

      public Varnode getRegisterVarnodeValue(Register register)

    • getRegisterVarnode

      public Varnode getRegisterVarnode(Register register)

    • getRegister

      public Register getRegister(Varnode vnode)
      Return a register given a varnode

    • getRegisters

      public List<Register> getRegisters()
      Description copied from interface: ProcessorContextView
      Returns all the Registers for the processor as an unmodifiable list
      Specified by:
      getRegisters in interface ProcessorContextView
      Returns:
      all the Registers for the processor

    • getValue

      public BigInteger getValue(Register register, boolean signed)
      Description copied from interface: ProcessorContextView
      Get the contents of a processor register as a BigInteger object
      Specified by:
      getValue in interface ProcessorContextView
      Parameters:
      register - register to get the value for
      Returns:
      a BigInteger object containing the value of the register if a value exists, otherwise null.

    • hasValue

      public boolean hasValue(Register register)
      Description copied from interface: ProcessorContextView
      Returns true if a value is defined for the given register.
      Specified by:
      hasValue in interface ProcessorContextView
      Parameters:
      register - the register to check for a value.
      Returns:
      true if the given register has a value.

    • setRegisterValue

      public void setRegisterValue(RegisterValue value)
      Description copied from interface: ProcessorContext
      Sets the specified register value within this context.
      Specified by:
      setRegisterValue in interface ProcessorContext
      Parameters:
      value - register value

    • setValue

      public void setValue(Register register, BigInteger value)
      Description copied from interface: ProcessorContext
      Sets the value for a Register.
      Specified by:
      setValue in interface ProcessorContext
      Parameters:
      register - the register to have its value set
      value - the value for the register (null is not permitted).

    • isSymbol

      public boolean isSymbol(Varnode varnode)
      Check if the varnode is associated with a Symbolic location
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is a symbolic location

    • isRegister

      public boolean isRegister(Varnode varnode)
      Check if the varnode is associated with a register.
      Parameters:
      varnode - to check
      Returns:
      true if the varnode is associated with a register

    • isConstant

      public boolean isConstant(Varnode varnode)
      Check if this is a constant, or a suspect constant
      Parameters:
      varnode - to check
      Returns:
      true if should be treated as a constant for most purposes

    • isSuspectConstant

      public boolean isSuspectConstant(Varnode val1)
      Check if the constant is a suspect constant It shouldn't be trusted in certain cases. Suspect constants act like constants, but are in a Suspicious address space instead of the constant space.
      Parameters:
      val1 - varnode to check
      Returns:
      true if varnode is a suspect constant

    • isStackSymbolicSpace

      public boolean isStackSymbolicSpace(Varnode varnode)
      Check if varnode is in the stack space
      Parameters:
      varnode - varnode to check
      Returns:
      true if this varnode is stored in the symbolic stack space

    • isStackSpaceName

      public boolean isStackSpaceName(String spaceName)
      Check if spaceName is associated with the stack
      Parameters:
      spaceName - of address space to check
      Returns:
      true if spaceName is associated with the stack space

    • isSymbolicSpace

      public boolean isSymbolicSpace(AddressSpace space)
      Check if the space name is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      space - the address space
      Returns:
      true if is a symbolic space

    • isSymbolicSpace

      public boolean isSymbolicSpace(int spaceID)
      Check if the space ID is a symbolic space. A symbolic space is a space named after a register/unknown value and an offset into that symbolic space. Symbolic spaces come from the OffsetAddressFactory
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • isExternalSpace

      public boolean isExternalSpace(int spaceID)
      Check if the space ID is an external space. External spaces are single locations that have no size normally associated with a location in another program.
      Parameters:
      spaceID - the ID of the space
      Returns:
      true if is a symbolic space

    • pushMemState

      public void pushMemState()
      Save the current memory state

    • popMemState

      public void popMemState()
      restore a previously saved memory state