public
class
EEmulator
extends Object| java.lang.Object | |
| ↳ | com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.EEmulator |
Class Overview
IR emulator, a controller for an IR state.
How to use:
- pass an existing EState to a constructor or use
createStandard(IEGlobalContext) to create a state and an emulator
- use the settters to customize the emulator.
- setup() it
- run() it
Three modes of execution:
1- IR routine emulation
2- IR routine-supported stub emulation
3- Global routine emulation (disregarding routines), a generalized variant of 2, suitable for
full program emulation
4- Global stub emulation
Summary
| Nested Classes | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| class | EEmulator.Metadata | IR emulator metadata. | |||||||||
| Constants | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| boolean | defaultAllowOpt | ||||||||||
| long | defaultHeapBase | ||||||||||
| int | defaultMaxIterCount | ||||||||||
| boolean | defaultRecordMemoryWrites | ||||||||||
| boolean | defaultResetUnknownRegisters | ||||||||||
| long | defaultReturnAddr | ||||||||||
| long | defaultStackBase | ||||||||||
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| EEmulator(EState state) | |||||||||||
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| void | addArgument(byte[] val, INativeType t) | ||||||||||
| void | addArgument(long val, INativeType t) | ||||||||||
| void | addArgument(IEImm val) | ||||||||||
| void |
addHooks(IEEmulatorHooks hooks)
This method is deprecated.
use
registerHooks(IEEmulatorHooks, boolean) instead
| ||||||||||
| void | clearArgument() | ||||||||||
| boolean | commitMemoryChanges(boolean commitModifiedPagesOnly) | ||||||||||
| long | createPseudoRoutine(String name) | ||||||||||
| long | createPseudoRoutine(INativeMethodItem routine) | ||||||||||
| static EEmulator |
createStandard(IEGlobalContext gctx, int maxIterationCount)
Create an emulator as well as a standard
emulation state that will be
controlled by the emulator. | ||||||||||
| static EEmulator |
createStandard(IEGlobalContext gctx)
Create an emulator as well as a standard
emulation state that will be
controlled by the emulator. | ||||||||||
| final long | currentRequestId() | ||||||||||
| long | findRegisteredRoutine(String name) | ||||||||||
| int | getAddressSize() | ||||||||||
| IEGlobalContext | getGlobalContext() | ||||||||||
| IEImm | getLastEvaluationResult() | ||||||||||
| MemoryChanges |
getMemoryChanges()
A convenience method to retrieve memory changes performed during emulation.
| ||||||||||
| MemoryWrites | getMemoryWrites() | ||||||||||
| EEmulator.Metadata | getMetadata() | ||||||||||
| long | getPCAddress() | ||||||||||
| int | getRegisterSize() | ||||||||||
| IEImm | getReturnAddress() | ||||||||||
| IEImm | getReturnValue() | ||||||||||
| long | getSPAddress() | ||||||||||
| int | getStackSlotSize() | ||||||||||
| EState | getState() | ||||||||||
| long | getTruncatedRegisterValue(String regname) | ||||||||||
| IVirtualMemory | getVirtualMemory() | ||||||||||
| long | heapAlloc(int size) | ||||||||||
| void | heapFree(long addr) | ||||||||||
| long | heapRealloc(long addr, int newsize) | ||||||||||
| Boolean | hooksEvaluateAt(long addr, IInstruction hintNativeStm) | ||||||||||
| Boolean | hooksEvaluateExternal(String routineName, INativeMethodItem routine) | ||||||||||
| boolean | hooksEvaluateSyscall(long addr, IInstruction insn) | ||||||||||
| Boolean | hooksEvaluateUntranslated(IEUntranslatedInstruction stm, IInstruction insn) | ||||||||||
| boolean | isPrimaryEmulator() | ||||||||||
| void | monitorHLSpecial(int code, Object... params) | ||||||||||
| boolean |
processStoredReturnAddress(StorageEntry entry, int stkSlotAdj)
ret-addr on stack: pop and return
ret-addr in register: TBI | ||||||||||
| boolean |
processStoredReturnAddress(StorageEntry entry)
ret-addr on stack: pop and return
ret-addr in register: TBI | ||||||||||
| Long |
readPointer(long addr)
Convenience method.
| ||||||||||
| IEImm | readStorage(StorageEntry entry) | ||||||||||
| void | registerHooks(IEEmulatorHooks hooks, boolean insertFirst) | ||||||||||
| long | registerRoutine(long addr, INativeMethodItem routine) | ||||||||||
| long | registerRoutine(long addr, String name) | ||||||||||
| void |
removeHooks(IEEmulatorHooks hooks)
This method is deprecated.
use
unregisterHooks(IEEmulatorHooks) instead
| ||||||||||
| static IPrototypeItem |
retrievePrototype(INativeDecompilerContext decomp, INativeMethodItem routine)
Convenience method used to verify whether or not an emulator object would be able to retrieve
a target method prototype.
| ||||||||||
| void | run() | ||||||||||
| void | setArguments(Collection<IEImm> vals) | ||||||||||
| void | setGlobalRoutineEmulation(long routineAddress, IPrototypeItem routinePrototype) | ||||||||||
| void | setGlobalRoutineEmulation(INativeMethodItem routine) | ||||||||||
| void | setGlobalStubEmulation(long pcStart, Long pcStop) | ||||||||||
| void | setLastEvaluationResult(IEImm val) | ||||||||||
| void | setPCAddress(long nativeAddress) | ||||||||||
| void | setPerformFreshDecompilations(boolean performFreshDecompilations) | ||||||||||
| void |
setPreferredStackBase(long address)
Must be called before
setup(). | ||||||||||
| void | setPreferredTargetPrototype(IPrototypeItem proto) | ||||||||||
| void | setRecordMemoryWrites(boolean recordMemoryWrites) | ||||||||||
| void |
setResetUnknownRegisters(boolean enabled)
Must be called before
setup(). | ||||||||||
| void | setReturnAddress(long retAddr) | ||||||||||
| boolean | setStack(long stackStart, int stackSize, Long sp0) | ||||||||||
| void | setStubExecution(INativeMethodItem routine, long pcStart, long pcStop) | ||||||||||
| void | setStubExecution(IERoutineContext ctx, int irStart, int irStop) | ||||||||||
| void | setTargetRoutine(INativeMethodItem routine) | ||||||||||
| void | setup() | ||||||||||
| void |
teardown()
Clean-up temporary constructs built during
setup(). | ||||||||||
| void | unregisterHooks(IEEmulatorHooks hooks) | ||||||||||
| long |
updateSPAddress(int delta)
Update the stack pointer register.
| ||||||||||
| boolean | writePointer(long addr, long ptr) | ||||||||||
| boolean | writeStorage(StorageEntry entry, IEImm val) | ||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
Constants
public static final boolean defaultAllowOpt
Constant Value:
false
public static final long defaultHeapBase
Constant Value:
2080374784
(0x000000007c000000)
public static final int defaultMaxIterCount
Constant Value:
10000
(0x00002710)
public static final boolean defaultRecordMemoryWrites
Constant Value:
false
public static final boolean defaultResetUnknownRegisters
Constant Value:
true
public static final long defaultReturnAddr
Constant Value:
287454020
(0x0000000011223344)
public static final long defaultStackBase
Constant Value:
2113929216
(0x000000007e000000)
Public Constructors
Public Methods
public void addHooks (IEEmulatorHooks hooks)
public void clearArgument ()
public boolean commitMemoryChanges (boolean commitModifiedPagesOnly)
public long createPseudoRoutine (String name)
public static EEmulator createStandard (IEGlobalContext gctx, int maxIterationCount)
Create an emulator as well as a standard emulation state that will be
controlled by the emulator.
public static EEmulator createStandard (IEGlobalContext gctx)
Create an emulator as well as a standard emulation state that will be
controlled by the emulator. Set the standard maximum iteration count to
{@value #defaultMaxIterCount}.
public final long currentRequestId ()
public long findRegisteredRoutine (String name)
public int getAddressSize ()
public MemoryChanges getMemoryChanges ()
A convenience method to retrieve memory changes performed during emulation.
Returns
- a changes object
Throws
| UnsupportedOperationException | if the emulator's memory is not a shim |
|---|
public long getPCAddress ()
public int getRegisterSize ()
public long getSPAddress ()
public int getStackSlotSize ()
public long getTruncatedRegisterValue (String regname)
public long heapAlloc (int size)
public void heapFree (long addr)
public long heapRealloc (long addr, int newsize)
public Boolean hooksEvaluateExternal (String routineName, INativeMethodItem routine)
Parameters
| routineName | mandatory |
|---|---|
| routine | optional |
public boolean isPrimaryEmulator ()
public void monitorHLSpecial (int code, Object... params)
public boolean processStoredReturnAddress (StorageEntry entry, int stkSlotAdj)
ret-addr on stack: pop and return
ret-addr in register: TBI
public boolean processStoredReturnAddress (StorageEntry entry)
ret-addr on stack: pop and return
ret-addr in register: TBI
public Long readPointer (long addr)
Convenience method.
public long registerRoutine (long addr, String name)
public void removeHooks (IEEmulatorHooks hooks)
public static IPrototypeItem retrievePrototype (INativeDecompilerContext decomp, INativeMethodItem routine)
Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.
Parameters
| decomp | decompiler unit |
|---|---|
| routine | candidate target routine |
Returns
- the retrieved prototype that would be used by an emulator for the provided target routine
public void setGlobalStubEmulation (long pcStart, Long pcStop)
public void setPCAddress (long nativeAddress)
public void setPerformFreshDecompilations (boolean performFreshDecompilations)
public void setRecordMemoryWrites (boolean recordMemoryWrites)
public void setReturnAddress (long retAddr)
public boolean setStack (long stackStart, int stackSize, Long sp0)
public void setup ()
public long updateSPAddress (int delta)
Update the stack pointer register.
Returns
- the updated SP value