C# 클래스 Reko.Scanning.Scanner

Scans the binary, locating and creating procedures and basic blocks by following calls, jumps, and branches. Simple data type analysis is done as well: for instance, pointers to code are located, as are global data pointers.

Callers feed the scanner by calling EnqueueXXX methods before calling ProcessQueue(). ProcessQueue() then processes the queues.

상속: IScanner, IRewriterHost

파일 보기 프로젝트 열기: uxmal/reko 1 사용 예제들

공개 메소드들

메소드	설명
AddBlock ( Address addr, Procedure proc, string blockName ) : Reko.Core.Block	Adds a new basic block to the procedure proc.
CreateBlockWorkItem ( Address addrStart, Procedure proc, ProcessorState stateOnEntry ) : BlockWorkitem	Creates a work item which will process code starting at the address addrStart. The resulting block will belong to the procedure proc.
CreateCallRetThunk ( Address addrFrom, Procedure procOld, Procedure procNew ) : Reko.Core.Block	Creates a small basic block, consisting solely of a 'call' followed by a 'return' instruction.
CreatePromoteWorkItem ( Address addrStart, Reko.Core.Block block, Procedure procNew ) : Reko.Scanning.PromoteBlockWorkItem
CreateReader ( Address addr ) : Reko.Core.ImageReader
EnqueueImageSymbol ( Reko.Core.ImageSymbol sym, bool isEntryPoint ) : void
EnqueueJumpTarget ( Address addrSrc, Address addrDest, Procedure proc, ProcessorState state ) : Reko.Core.Block
EnqueueProcedure ( Address addr ) : void
EnqueueUserGlobalData ( Address addr, DataType dt ) : void
EnqueueUserProcedure ( Address addr, FunctionType sig ) : void
EnqueueUserProcedure ( Procedure_v1 sp ) : void
EnsurePseudoProcedure ( string name, DataType returnType, int arity ) : PseudoProcedure
Error ( Address addr, string message ) : void
FindContainingBlock ( Address address ) : Reko.Core.Block
FindExactBlock ( Address address ) : Reko.Core.Block
GetCallSignatureAtAddress ( Address addrCallInstruction ) : FunctionType
GetImportedGlobal ( Address addrImportThunk, Address addrInstruction ) : Identifier
GetImportedProcedure ( Address addrImportThunk, Address addrInstruction ) : Reko.Core.ExternalProcedure	If addrImportThunk is the known address of an import thunk / trampoline, return the imported function as an ExternaProcedure. Otherwise, check to see if the call is an intercepted call.
GetInterceptedCall ( Address addrImportThunk ) : Reko.Core.ExternalProcedure	This method is used to detect if a trampoline (call [foo] where foo: jmp bar) is jumping into the body of a procedure that was loaded with GetProcAddress or the like.
GetTrace ( Address addrStart, ProcessorState state, Frame frame ) : IEnumerable
GetTrampoline ( Address addr ) : Reko.Core.ProcedureBase	Tries to determine if the instruction at addr is a trampoline instruction. If so, we return a call to the imported function directly. procedure. A trampoline is a procedure whose only contents is an indirect JUMP to a location that contains the address of an imported function. Because these trampolines may take on different appearances depending on the processor architecture, we have to call out to the architecture to assist in matching them.
InjectProcedureEntryInstructions ( Address addr, Procedure proc ) : void	Inject statements into the starting block that establish the frame, and if the procedure has been given a valid signature already, copy the input arguments into their local counterparts.
IsBlockLinearProcedureExit ( Reko.Core.Block block ) : bool
IsLinearReturning ( Reko.Core.Block block ) : bool	Determines whether a block is a linear sequence of assignments followed by a return statement.
PseudoProcedure ( string name, DataType returnType ) : Expression
PseudoProcedure ( string name, ProcedureCharacteristics c, DataType returnType ) : Expression
ScanImage ( ) : void	Performs the work of scanning the image and resolving any cross procedure jumps after the scan is done.
ScanImageHeuristically ( ) : void	Uses the HeuristicScanner to try to located code heuristically.
ScanImageSymbol ( Program program, ImageSymbol sym, bool isEntryPoint ) : void
ScanProcedure ( Address addr, string procedureName, ProcessorState state ) : ProcedureBase	Performs a scan of the blocks that constitute a procedure named procedureName
Scanner ( Program program, IImportResolver importResolver, IServiceProvider services ) : Reko.Analysis
SetAssumedRegisterValues ( Address addr, ProcessorState st ) : void
SetProcedureReturnAddressBytes ( Procedure proc, int returnAddressBytes, Address address ) : void
SplitBlock ( Block blockToSplit, Address addr ) : Block	Splits the given block at the specified address, yielding two blocks. The first block is the original block, now truncated, with a single out edge to the new block. The second block receives the out edges of the first block.
TerminateBlock ( Block block, Address addr ) : void	Terminates the block at
Warn ( Address addr, string message ) : void

비공개 메소드들

메소드	설명
CloneBlockIntoOtherProcedure ( Reko.Core.Block block, Procedure proc ) : Reko.Core.Block
Dump ( string title, IEnumerable blocks ) : void
EnsureProcedure ( Address addr, string procedureName ) : Procedure
EstablishInitialState ( Address addr, ProcessorState st, Procedure proc ) : void	Before processing the body of a procedure, perform housekeeping tasks.
IsNoDecompiledProcedure ( Address addr ) : bool
ProcessQueue ( ) : void
TerminateAnyBlockAt ( Address addr ) : void
TryGetNoDecompiledParsedProcedure ( Address addr, Procedure_v1 &parsedProc ) : bool
TryGetNoDecompiledProcedure ( Address addr, ExternalProcedure &ep ) : bool
TryGetNoDecompiledProcedure ( Address addr, Procedure_v1 &sProc ) : bool

메소드 상세

AddBlock() 공개 메소드

Adds a new basic block to the procedure proc.

public AddBlock ( Address addr, Procedure proc, string blockName ) : Reko.Core.Block
addr	Address
proc	Procedure
blockName	string
리턴	Reko.Core.Block

CreateBlockWorkItem() 공개 메소드

Creates a work item which will process code starting at the address addrStart. The resulting block will belong to the procedure proc.

public CreateBlockWorkItem ( Address addrStart, Procedure proc, ProcessorState stateOnEntry ) : BlockWorkitem
addrStart	Address
proc	Procedure
stateOnEntry	Reko.Core.ProcessorState
리턴	BlockWorkitem

CreateCallRetThunk() 공개 메소드

Creates a small basic block, consisting solely of a 'call' followed by a 'return' instruction.

public CreateCallRetThunk ( Address addrFrom, Procedure procOld, Procedure procNew ) : Reko.Core.Block
addrFrom	Address
procOld	Procedure
procNew	Procedure
리턴	Reko.Core.Block

CreatePromoteWorkItem() 공개 메소드

public CreatePromoteWorkItem ( Address addrStart, Reko.Core.Block block, Procedure procNew ) : Reko.Scanning.PromoteBlockWorkItem
addrStart	Address
block	Reko.Core.Block
procNew	Procedure
리턴	Reko.Scanning.PromoteBlockWorkItem

CreateReader() 공개 메소드

public CreateReader ( Address addr ) : Reko.Core.ImageReader
addr	Address
리턴	Reko.Core.ImageReader

EnqueueImageSymbol() 공개 메소드

public EnqueueImageSymbol ( Reko.Core.ImageSymbol sym, bool isEntryPoint ) : void
sym	Reko.Core.ImageSymbol
isEntryPoint	bool
리턴	void

EnqueueJumpTarget() 공개 메소드

public EnqueueJumpTarget ( Address addrSrc, Address addrDest, Procedure proc, ProcessorState state ) : Reko.Core.Block
addrSrc	Address
addrDest	Address
proc	Procedure
state	Reko.Core.ProcessorState
리턴	Reko.Core.Block

EnqueueProcedure() 공개 메소드

public EnqueueProcedure ( Address addr ) : void
addr	Address
리턴	void

EnqueueUserGlobalData() 공개 메소드

public EnqueueUserGlobalData ( Address addr, DataType dt ) : void
addr	Address
dt	DataType
리턴	void

EnqueueUserProcedure() 공개 메소드

public EnqueueUserProcedure ( Address addr, FunctionType sig ) : void
addr	Address
sig	FunctionType
리턴	void

EnqueueUserProcedure() 공개 메소드

public EnqueueUserProcedure ( Procedure_v1 sp ) : void
sp	Reko.Core.Serialization.Procedure_v1
리턴	void

EnsurePseudoProcedure() 공개 메소드

public EnsurePseudoProcedure ( string name, DataType returnType, int arity ) : PseudoProcedure
name	string
returnType	DataType
arity	int
리턴	Reko.Core.PseudoProcedure

Error() 공개 메소드

public Error ( Address addr, string message ) : void
addr	Address
message	string
리턴	void

FindContainingBlock() 공개 메소드

public FindContainingBlock ( Address address ) : Reko.Core.Block
address	Address
리턴	Reko.Core.Block

FindExactBlock() 공개 메소드

public FindExactBlock ( Address address ) : Reko.Core.Block
address	Address
리턴	Reko.Core.Block

GetCallSignatureAtAddress() 공개 메소드

public GetCallSignatureAtAddress ( Address addrCallInstruction ) : FunctionType
addrCallInstruction	Address
리턴	FunctionType

GetImportedGlobal() 공개 메소드

public GetImportedGlobal ( Address addrImportThunk, Address addrInstruction ) : Identifier
addrImportThunk	Address
addrInstruction	Address
리턴	Identifier

GetImportedProcedure() 공개 메소드

If addrImportThunk is the known address of an import thunk / trampoline, return the imported function as an ExternaProcedure. Otherwise, check to see if the call is an intercepted call.

public GetImportedProcedure ( Address addrImportThunk, Address addrInstruction ) : Reko.Core.ExternalProcedure
addrImportThunk	Address
addrInstruction	Address	Used to display diagnostics.
리턴	Reko.Core.ExternalProcedure

GetInterceptedCall() 공개 메소드

This method is used to detect if a trampoline (call [foo] where foo: jmp bar) is jumping into the body of a procedure that was loaded with GetProcAddress or the like.

public GetInterceptedCall ( Address addrImportThunk ) : Reko.Core.ExternalProcedure
addrImportThunk	Address
리턴	Reko.Core.ExternalProcedure

GetTrace() 공개 메소드

public GetTrace ( Address addrStart, ProcessorState state, Frame frame ) : IEnumerable
addrStart	Address
state	Reko.Core.ProcessorState
frame	Reko.Core.Frame
리턴	IEnumerable

GetTrampoline() 공개 메소드

Tries to determine if the instruction at addr is a trampoline instruction. If so, we return a call to the imported function directly. procedure.

A trampoline is a procedure whose only contents is an indirect JUMP to a location that contains the address of an imported function. Because these trampolines may take on different appearances depending on the processor architecture, we have to call out to the architecture to assist in matching them.

public GetTrampoline ( Address addr ) : Reko.Core.ProcedureBase
addr	Address
리턴	Reko.Core.ProcedureBase

InjectProcedureEntryInstructions() 공개 메소드

Inject statements into the starting block that establish the frame, and if the procedure has been given a valid signature already, copy the input arguments into their local counterparts.

public InjectProcedureEntryInstructions ( Address addr, Procedure proc ) : void
addr	Address
proc	Procedure
리턴	void

IsBlockLinearProcedureExit() 공개 메소드

public IsBlockLinearProcedureExit ( Reko.Core.Block block ) : bool
block	Reko.Core.Block
리턴	bool

IsLinearReturning() 공개 메소드

Determines whether a block is a linear sequence of assignments followed by a return statement.

public IsLinearReturning ( Reko.Core.Block block ) : bool
block	Reko.Core.Block
리턴	bool

PseudoProcedure() 공개 메소드

public PseudoProcedure ( string name, DataType returnType ) : Expression
name	string
returnType	DataType
리턴	Expression

PseudoProcedure() 공개 메소드

public PseudoProcedure ( string name, ProcedureCharacteristics c, DataType returnType ) : Expression
name	string
c	ProcedureCharacteristics
returnType	DataType
리턴	Expression

ScanImage() 공개 메소드

Performs the work of scanning the image and resolving any cross procedure jumps after the scan is done.

public ScanImage ( ) : void
리턴	void

ScanImageHeuristically() 공개 메소드

Uses the HeuristicScanner to try to located code heuristically.

public ScanImageHeuristically ( ) : void
리턴	void

ScanImageSymbol() 공개 메소드

public ScanImageSymbol ( Program program, ImageSymbol sym, bool isEntryPoint ) : void
program	Program
sym	ImageSymbol
isEntryPoint	bool
리턴	void

ScanProcedure() 공개 메소드

Performs a scan of the blocks that constitute a procedure named procedureName

public ScanProcedure ( Address addr, string procedureName, ProcessorState state ) : ProcedureBase
addr	Address	Address of the code from which we will start scanning.
procedureName	string
state	ProcessorState
리턴	ProcedureBase

Scanner() 공개 메소드

public Scanner ( Program program, IImportResolver importResolver, IServiceProvider services ) : Reko.Analysis
program	Program
importResolver	IImportResolver
services	IServiceProvider
리턴	Reko.Analysis

SetAssumedRegisterValues() 공개 메소드

public SetAssumedRegisterValues ( Address addr, ProcessorState st ) : void
addr	Address
st	ProcessorState
리턴	void

SetProcedureReturnAddressBytes() 공개 메소드

public SetProcedureReturnAddressBytes ( Procedure proc, int returnAddressBytes, Address address ) : void
proc	Procedure
returnAddressBytes	int
address	Address
리턴	void

SplitBlock() 공개 메소드

Splits the given block at the specified address, yielding two blocks. The first block is the original block, now truncated, with a single out edge to the new block. The second block receives the out edges of the first block.

public SplitBlock ( Block blockToSplit, Address addr ) : Block
blockToSplit	Block
addr	Address
리턴	Block

TerminateBlock() 공개 메소드

Terminates the block at

public TerminateBlock ( Block block, Address addr ) : void
block	Block
addr	Address
리턴	void

Warn() 공개 메소드

public Warn ( Address addr, string message ) : void
addr	Address
message	string
리턴	void