Ghidra Decompiler Analysis Engine
|
A collection of p-code injection payloads. More...
#include <pcodeinject.hh>
Public Member Functions | |
virtual | ~PcodeInjectLibrary (void) |
Destructor. | |
int4 | getPayloadId (int4 type, const string &nm) const |
Map name and type to the payload id. More... | |
string | getCallFixupName (int4 injectid) const |
Get the call-fixup name associated with an id. More... | |
string | getCallOtherTarget (int4 injectid) const |
Get the callother-fixup name associated with an id. More... | |
string | getCallMechanismName (int4 injectid) const |
Get the call mechanism name associated with an id. More... | |
int4 | restoreXmlInject (const string &src, const string &nm, int4 tp, const Element *el) |
Read in and register an injection payload from an XML stream. More... | |
virtual void | restoreDebug (const Element *el) |
A method for reading in p-code generated externally for use in debugging. More... | |
virtual int4 | manualCallFixup (const string &name, const string &snippetstring)=0 |
Manually add a call-fixup payload given a compilable snippet of p-code source. More... | |
virtual int4 | manualCallOtherFixup (const string &name, const string &outname, const vector< string > &inname, const string &snippet)=0 |
Manually add a callother-fixup payload given a compilable snippet of p-code source. More... | |
virtual InjectContext & | getCachedContext (void)=0 |
Retrieve a reusable context object for this library. More... | |
virtual const vector< OpBehavior * > & | getBehaviors (void)=0 |
Get the array of op-code behaviors for initializing and emulator. More... | |
Protected Member Functions | |
void | registerCallFixup (const string &fixupName, int4 injectid) |
Map a call-fixup name to a payload id. More... | |
void | registerCallOtherFixup (const string &fixupName, int4 injectid) |
Map a callother-fixup name to a payload id. More... | |
void | registerCallMechanism (const string &fixupName, int4 injectid) |
Map a call mechanism name to a payload id. More... | |
void | registerExeScript (const string &scriptName, int4 injectid) |
Map a p-code script name to a payload id. More... | |
virtual int4 | allocateInject (const string &sourceName, const string &name, int4 type)=0 |
Allocate a new InjectPayload object. More... | |
virtual void | registerInject (int4 injectid)=0 |
Finalize a payload within the library, once the payload is initialized. More... | |
Protected Attributes | |
Architecture * | glb |
The Architecture to which the injection payloads apply. | |
uintb | tempbase |
Offset within unique space for allocating temporaries within a payload. | |
vector< InjectPayload * > | injection |
Registered injections. | |
map< string, int4 > | callFixupMap |
Map of registered call-fixup names to injection id. | |
map< string, int4 > | callOtherFixupMap |
Map of registered callother-fixup names to injection id. | |
map< string, int4 > | callMechFixupMap |
Map of registered mechanism names to injection id. | |
map< string, int4 > | scriptMap |
Map of registered script names to ExecutablePcode id. | |
vector< string > | callFixupNames |
Map from injectid to call-fixup name. | |
vector< string > | callOtherTarget |
Map from injectid to callother-fixup target-op name. | |
vector< string > | callMechTarget |
Map from injectid to call-mech name. | |
vector< string > | scriptNames |
Map from injectid to script name. | |
A collection of p-code injection payloads.
This is a container of InjectPayload objects that can be applied for a specific Architecture. Payloads can be read in via XML (restoreXmlInject()) and manually via manualCallFixup() and manualCallOtherFixup(). Each payload is assigned an integer id when it is read in, and getPayload() fetches the payload during analysis. The library also associates the formal names of payloads with the id. Payloads of different types, CALLFIXUP_TYPE, CALLOTHERFIXUP_TYPE, etc., are stored in separate namespaces.
This is an abstract base class. The derived classes determine the type of storage used by the payloads. The library also provides a reusable InjectContext object to match the payloads, which can be obtained via getCachedContext().
|
protectedpure virtual |
Allocate a new InjectPayload object.
This acts as an InjectPayload factory. The formal name and type of the payload are given, this library allocates a new object that fits with its storage scheme and returns the id.
sourceName | is a string describing the source of the new payload |
name | is the formal name of the payload |
type | is the formal type (CALLFIXUP_TYPE, CALLOTHERFIXUP_TYPE, etc.) of the payload |
Implemented in PcodeInjectLibrarySleigh.
|
pure virtual |
Get the array of op-code behaviors for initializing and emulator.
Behaviors are pulled from the underlying architecture in order to initialize the Emulate object which services the p-code script payloads.
Implemented in PcodeInjectLibrarySleigh, and PcodeInjectLibraryGhidra.
|
pure virtual |
Retrieve a reusable context object for this library.
The object returned by this method gets passed to the payload inject() method. The clear() method must be called between uses.
Implemented in PcodeInjectLibrarySleigh, and PcodeInjectLibraryGhidra.
string PcodeInjectLibrary::getCallFixupName | ( | int4 | injectid | ) | const |
Get the call-fixup name associated with an id.
injectid | is an integer id of a call-fixup payload |
string PcodeInjectLibrary::getCallMechanismName | ( | int4 | injectid | ) | const |
Get the call mechanism name associated with an id.
injectid | is an integer id of a call mechanism payload |
string PcodeInjectLibrary::getCallOtherTarget | ( | int4 | injectid | ) | const |
Get the callother-fixup name associated with an id.
injectid | is an integer id of a callother-fixup payload |
int4 PcodeInjectLibrary::getPayloadId | ( | int4 | type, |
const string & | nm | ||
) | const |
Map name and type to the payload id.
The given name is looked up in a symbol table depending on the given type. The integer id of the matching InjectPayload is returned.
type | is the payload type |
nm | is the formal name of the payload |
|
pure virtual |
Manually add a call-fixup payload given a compilable snippet of p-code source.
The snippet is compiled immediately to produce the payload.
name | is the formal name of the new payload |
snippetstring | is the compilable snippet of p-code source |
Implemented in PcodeInjectLibrarySleigh, and PcodeInjectLibraryGhidra.
|
pure virtual |
Manually add a callother-fixup payload given a compilable snippet of p-code source.
The snippet is compiled immediately to produce the payload. Symbol names for input and output parameters must be provided to the compiler.
name | is the formal name of the new payload |
outname | is the name of the output symbol |
inname | is the ordered list of input symbol names |
snippet | is the compilable snippet of p-code source |
Implemented in PcodeInjectLibrarySleigh, and PcodeInjectLibraryGhidra.
|
protected |
Map a call-fixup name to a payload id.
fixupName | is the formal name of the call-fixup |
injectid | is the integer id |
|
protected |
Map a call mechanism name to a payload id.
fixupName | is the formal name of the call mechanism |
injectid | is the integer id |
|
protected |
Map a callother-fixup name to a payload id.
fixupName | is the formal name of the callother-fixup |
injectid | is the integer id |
|
protected |
Map a p-code script name to a payload id.
scriptName | is the formal name of the p-code script |
injectid | is the integer id |
|
protectedpure virtual |
Finalize a payload within the library, once the payload is initialized.
This provides the derived class the opportunity to add the payload name to the symbol tables or do anything else it needs to once the InjectPayload object has been fully initialized.
injectid | is the id of the InjectPayload to finalize |
Implemented in PcodeInjectLibrarySleigh.
|
inlinevirtual |
A method for reading in p-code generated externally for use in debugging.
Instantiate a special InjectPayloadDynamic object initialized with an <injectdebug> tag. Within the library, this replaces the original InjectPayload, allowing its p-code to be replayed for debugging purposes.
el | is the <injectdebug> element |
Reimplemented in PcodeInjectLibrarySleigh.
int4 PcodeInjectLibrary::restoreXmlInject | ( | const string & | src, |
const string & | nm, | ||
int4 | tp, | ||
const Element * | el | ||
) |
Read in and register an injection payload from an XML stream.
The root XML element describing the payload is given (<pcode>, <callfixup> <callotherfixup>, etc.), the InjectPayload is allocated and then initialized using the element. Then the InjectPayload is finalized with the library.
src | is a string describing the source of the payload being restored |
nm | is the name of the payload |
tp | is the type of the payload (CALLFIXUP_TYPE, EXECUTABLEPCODE_TYPE, etc.) |
el | is the given XML element |