Package ghidra.util.state

Interface FunctionAnalyzer

All Known Implementing Classes:

MySwitchAnalyzer

public interface FunctionAnalyzer

Method Summary

Modifier and Type	Method	Description
void	dataReference(PcodeOp op, int instrOpIndex, Varnode storageVarnode, RefType refType, TaskMonitor monitor)	Callback indicating that an absolute memory reference was encountered
void	indirectDataReference(PcodeOp op, int instrOpIndex, Varnode offsetVarnode, int size, int storageSpaceID, RefType refType, TaskMonitor monitor)	Callback indicating that an indirect/computed memory reference was encountered using an indirect/computed offset
boolean	resolvedFlow(PcodeOp op, int instrOpIndex, Address destAddr, ContextState currentState, ResultsState results, TaskMonitor monitor)	Callback indicating that a call/branch destination was identified.
void	stackReference(PcodeOp op, int instrOpIndex, int stackOffset, int size, int storageSpaceID, RefType refType, TaskMonitor monitor)	Callback indicating that an absolute stack reference was encountered.
void	stackReference(PcodeOp op, int instrOpIndex, VarnodeOperation computedStackOffset, int size, int storageSpaceID, RefType refType, TaskMonitor monitor)	Callback indicating that a computed stack reference was encountered.
List<Address>	unresolvedIndirectFlow(PcodeOp op, int instrOpIndex, Varnode destination, ContextState currentState, ResultsState results, TaskMonitor monitor)	Callback indicating that a computed call/branch destination was not resolved.

Method Details

stackReference

void stackReference(PcodeOp op,
 int instrOpIndex,
 int stackOffset,
 int size,
 int storageSpaceID,
 RefType refType,
 TaskMonitor monitor)
             throws CancelledException

Callback indicating that an absolute stack reference was encountered. A non-load/store operation will have a -1 for both storageSpaceId and size.

Parameters:

op - pcode operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

stackOffset - stack offset

size - access size or -1 if not applicable

storageSpaceID - storage space ID or -1 if not applicable

refType - read/write/data reference type

monitor - task monitor

Throws:

CancelledException - if callback canceled by monitor

stackReference

void stackReference(PcodeOp op,
 int instrOpIndex,
 VarnodeOperation computedStackOffset,
 int size,
 int storageSpaceID,
 RefType refType,
 TaskMonitor monitor)
             throws CancelledException

Callback indicating that a computed stack reference was encountered. A non-load/store operation will have a -1 for both storageSpaceId and size.

Parameters:

op - pcode operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

computedStackOffset - stack offset computation (i.e., VarnodeOperation w/ stack pointer)

size - access size or -1 if not applicable

storageSpaceID - storage space ID or -1 if not applicable

refType - read/write/data reference type

monitor - task monitor

Throws:

CancelledException - if callback canceled by monitor

dataReference

void dataReference(PcodeOp op,
 int instrOpIndex,
 Varnode storageVarnode,
 RefType refType,
 TaskMonitor monitor)
            throws CancelledException

Callback indicating that an absolute memory reference was encountered

Parameters:

op - pcode operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

storageVarnode - absolute storage Varnode

refType - read/write/data reference type

monitor - task monitor

Throws:

CancelledException - if callback canceled by monitor

indirectDataReference

void indirectDataReference(PcodeOp op,
 int instrOpIndex,
 Varnode offsetVarnode,
 int size,
 int storageSpaceID,
 RefType refType,
 TaskMonitor monitor)
                    throws CancelledException

Callback indicating that an indirect/computed memory reference was encountered using an indirect/computed offset

Parameters:

op - pcode operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

offsetVarnode - indirect/computed offset

size - access size or -1 if not applicable

storageSpaceID - storage space ID

refType - read/write/data reference type

monitor - task monitor

Throws:

CancelledException - if callback canceled by monitor

resolvedFlow

boolean resolvedFlow(PcodeOp op,
 int instrOpIndex,
 Address destAddr,
 ContextState currentState,
 ResultsState results,
 TaskMonitor monitor)
              throws CancelledException

Callback indicating that a call/branch destination was identified. Analyzer should create reference if appropriate Keep in mind that there could be other unidentified destinations.

Parameters:

op - branch or call flow operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

destAddr - destination address

results - contains previous states leading upto the currentState

currentState - current state at the branch/call

monitor - task monitor

Returns:

true if destination should be disassembled if not already

Throws:

CancelledException - if callback canceled by monitor

unresolvedIndirectFlow

List<Address> unresolvedIndirectFlow(PcodeOp op,
 int instrOpIndex,
 Varnode destination,
 ContextState currentState,
 ResultsState results,
 TaskMonitor monitor)
                              throws CancelledException

Callback indicating that a computed call/branch destination was not resolved.

Parameters:

op - indirect branch or call flow operation

instrOpIndex - opIndex associated with reference or -1 if it could not be determined

destination - destination identified as a Varnode (may be an expression represented by a VarnodeOperation

results - contains previous states leading upto the currentState

currentState - current state at the branch/call

monitor - task monitor

Returns:

list of resolved destinations which should be used or null. List of destination addresses will trigger disassembly where necessary.

Throws:

CancelledException - if callback cancelled by monitor