本文整理汇总了C++中instruction::Ptr::getCategory方法的典型用法代码示例。如果您正苦于以下问题:C++ Ptr::getCategory方法的具体用法?C++ Ptr::getCategory怎么用?C++ Ptr::getCategory使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类instruction::Ptr的用法示例。
在下文中一共展示了Ptr::getCategory方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: isThunk
bool IA_IAPI::isThunk() const {
// Before we go a-wandering, check the target
bool valid; Address addr;
boost::tie(valid, addr) = getCFT();
if (!valid ||
!_isrc->isValidAddress(addr)) {
parsing_printf("... Call to 0x%lx is invalid (outside code or data)\n",
addr);
return false;
}
const unsigned char *target =
(const unsigned char *)_isrc->getPtrToInstruction(addr);
InstructionDecoder targetChecker(target,
2*InstructionDecoder::maxInstructionLength, _isrc->getArch());
Instruction::Ptr thunkFirst = targetChecker.decode();
Instruction::Ptr thunkSecond = targetChecker.decode();
if(thunkFirst && thunkSecond &&
(thunkFirst->getOperation().getID() == e_mov) &&
(thunkSecond->getCategory() == c_ReturnInsn))
{
if(thunkFirst->isRead(stackPtr[_isrc->getArch()]))
{
// it is not enough that the stack pointer is read; it must
// be a zero-offset read from the stack pointer
ThunkVisitor tv;
Operand op = thunkFirst->getOperand(1);
op.getValue()->apply(&tv);
return tv.offset() == 0;
}
}
return false;
}示例2: cleansStack
bool IA_IAPI::cleansStack() const
{
Instruction::Ptr ci = curInsn();
if (ci->getCategory() != c_ReturnInsn) return false;
std::vector<Operand> ops;
ci->getOperands(ops);
return (ops.size() > 1);
}示例3: make_tuple
boost::tuple<Instruction::Ptr,
Instruction::Ptr,
bool> IA_x86Details::findMaxSwitchInsn(Block *start)
{
std::set<Block *> visited;
std::vector<Block *> WL;
Block *curBlk;
int depth = 0;
bool foundMaxSwitch = false;
bool foundCondBranch = false;
WL.push_back(start);
Instruction::Ptr compareInsn, condBranchInsn;
bool compareOnTakenBranch = false;
for(unsigned j=0;j < WL.size(); j++)
{
curBlk = WL[j];
visited.insert(curBlk);
foundMaxSwitch = false;
foundCondBranch = false;
const unsigned char* buf =
(const unsigned char*)(currentBlock->_isrc->getPtrToInstruction(curBlk->start()));
if( buf == NULL ) {
parsing_printf("%s[%d]: failed to get pointer to instruction by offset\n",
FILE__, __LINE__);
return boost::make_tuple(Instruction::Ptr(), Instruction::Ptr(), false);
}
InstructionDecoder dec(buf, curBlk->size(), currentBlock->_isrc->getArch());
Instruction::Ptr i;
Address curAdr = curBlk->start();
while((i = dec.decode()))
{
if(i->getCategory() == c_CompareInsn)
// check for cmp
{
parsing_printf("\tFound jmp table cmp instruction %s at 0x%lx\n",
i->format().c_str(), curAdr);
compareInsn = i;
foundMaxSwitch = true;
}
if(i->getCategory() == c_BranchInsn &&
i->allowsFallThrough())
{
parsing_printf("\tFound jmp table cond br instruction %s at 0x%lx\n",
i->format().c_str(), curAdr);
condBranchInsn = i;
foundCondBranch = true;
Block::edgelist::const_iterator tit = curBlk->targets().begin();
bool taken_hit = false;
bool fallthrough_hit = false;
for ( ; tit != curBlk->targets().end(); ++tit) {
ParseAPI::Edge *t = *tit;
if (t->type() == COND_TAKEN &&
(visited.find(t->trg()) != visited.end()))
{
taken_hit = true;
}
if ((t->type() == COND_NOT_TAKEN ||
t->type() == FALLTHROUGH) &&
(visited.find(t->trg()) != visited.end()))
{
fallthrough_hit = true;
}
}
parsing_printf("\tfindMaxSwitchInsn: taken_hit: %d, fallthrough_hit: %d\n", taken_hit, fallthrough_hit);
compareOnTakenBranch = taken_hit && !fallthrough_hit;
break;
}
curAdr += i->size();
}
if(foundMaxSwitch && foundCondBranch)
break; // done
// look further back
Block::edgelist::const_iterator sit = curBlk->sources().begin();
depth++;
// We've seen depth 2 in libc et al
if(depth > 2) return boost::make_tuple(Instruction::Ptr(), Instruction::Ptr(), false);
for( ; sit != curBlk->sources().end(); ++sit)
{
ParseAPI::Edge * s = *sit;
// ignore return edges
if(s->type() == RET)
continue;
if(s->type() == CALL)
return boost::make_tuple(Instruction::Ptr(), Instruction::Ptr(), false);
Block * src = s->src();
if( (visited.find( src ) == visited.end())) {
WL.push_back(src);
}
}
}
//.........这里部分代码省略.........
示例4: calcRWSets
ReadWriteInfo LivenessAnalyzer::calcRWSets(Instruction::Ptr curInsn, Block* blk, Address a)
{
liveness_cerr << "calcRWSets for " << curInsn->format() << " @ " << hex << a << dec << endl;
ReadWriteInfo ret;
ret.read = abi->getBitArray();
ret.written = abi->getBitArray();
ret.insnSize = curInsn->size();
std::set<RegisterAST::Ptr> cur_read, cur_written;
curInsn->getReadSet(cur_read);
curInsn->getWriteSet(cur_written);
liveness_printf("Read registers: \n");
for (std::set<RegisterAST::Ptr>::const_iterator i = cur_read.begin();
i != cur_read.end(); i++)
{
MachRegister cur = (*i)->getID();
if (cur.getArchitecture() == Arch_ppc64)
cur = MachRegister((cur.val() & ~Arch_ppc64) | Arch_ppc32);
liveness_printf("\t%s \n", cur.name().c_str());
MachRegister base = cur.getBaseRegister();
if (cur == x86::flags || cur == x86_64::flags){
if (width == 4){
ret.read[getIndex(x86::of)] = true;
ret.read[getIndex(x86::cf)] = true;
ret.read[getIndex(x86::pf)] = true;
ret.read[getIndex(x86::af)] = true;
ret.read[getIndex(x86::zf)] = true;
ret.read[getIndex(x86::sf)] = true;
ret.read[getIndex(x86::df)] = true;
ret.read[getIndex(x86::tf)] = true;
ret.read[getIndex(x86::nt_)] = true;
}
else {
ret.read[getIndex(x86_64::of)] = true;
ret.read[getIndex(x86_64::cf)] = true;
ret.read[getIndex(x86_64::pf)] = true;
ret.read[getIndex(x86_64::af)] = true;
ret.read[getIndex(x86_64::zf)] = true;
ret.read[getIndex(x86_64::sf)] = true;
ret.read[getIndex(x86_64::df)] = true;
ret.read[getIndex(x86_64::tf)] = true;
ret.read[getIndex(x86_64::nt_)] = true;
}
}
else{
base = changeIfMMX(base);
ret.read[getIndex(base)] = true;
}
}
liveness_printf("Write Registers: \n");
for (std::set<RegisterAST::Ptr>::const_iterator i = cur_written.begin();
i != cur_written.end(); i++) {
MachRegister cur = (*i)->getID();
if (cur.getArchitecture() == Arch_ppc64)
cur = MachRegister((cur.val() & ~Arch_ppc64) | Arch_ppc32);
liveness_printf("\t%s \n", cur.name().c_str());
MachRegister base = cur.getBaseRegister();
if (cur == x86::flags || cur == x86_64::flags){
if (width == 4){
ret.written[getIndex(x86::of)] = true;
ret.written[getIndex(x86::cf)] = true;
ret.written[getIndex(x86::pf)] = true;
ret.written[getIndex(x86::af)] = true;
ret.written[getIndex(x86::zf)] = true;
ret.written[getIndex(x86::sf)] = true;
ret.written[getIndex(x86::df)] = true;
ret.written[getIndex(x86::tf)] = true;
ret.written[getIndex(x86::nt_)] = true;
}
else {
ret.written[getIndex(x86_64::of)] = true;
ret.written[getIndex(x86_64::cf)] = true;
ret.written[getIndex(x86_64::pf)] = true;
ret.written[getIndex(x86_64::af)] = true;
ret.written[getIndex(x86_64::zf)] = true;
ret.written[getIndex(x86_64::sf)] = true;
ret.written[getIndex(x86_64::df)] = true;
ret.written[getIndex(x86_64::tf)] = true;
ret.written[getIndex(x86_64::nt_)] = true;
}
}
else{
base = changeIfMMX(base);
ret.written[getIndex(base)] = true;
if ((cur != base && cur.size() < 4) || isMMX(base)) ret.read[getIndex(base)] = true;
}
}
InsnCategory category = curInsn->getCategory();
switch(category)
{
case c_CallInsn:
// Call instructions not at the end of a block are thunks, which are not ABI-compliant.
// So make conservative assumptions about what they may read (ABI) but don't assume they write anything.
ret.read |= (abi->getCallReadRegisters());
if(blk->lastInsnAddr() == a)
{
ret.written |= (abi->getCallWrittenRegisters());
}
break;
//.........这里部分代码省略.........
示例5: isFakeCall
/* returns true if the call leads to:
* -an invalid instruction (or immediately branches/calls to an invalid insn)
* -a block not ending in a return instruction that pops the return address
* off of the stack
*/
bool IA_IAPI::isFakeCall() const
{
assert(_obj->defensiveMode());
if (isDynamicCall()) {
return false;
}
// get func entry
bool tampers = false;
bool valid; Address entry;
boost::tie(valid, entry) = getCFT();
if (!valid) return false;
if (! _cr->contains(entry) ) {
return false;
}
if ( ! _isrc->isCode(entry) ) {
mal_printf("WARNING: found function call at %lx "
"to invalid address %lx %s[%d]\n", current,
entry, FILE__,__LINE__);
return false;
}
// get instruction at func entry
const unsigned char* bufPtr =
(const unsigned char *)(_cr->getPtrToInstruction(entry));
Offset entryOff = entry - _cr->offset();
InstructionDecoder newdec( bufPtr,
_cr->length() - entryOff,
_cr->getArch() );
IA_IAPI *ah = new IA_IAPI(newdec, entry, _obj, _cr, _isrc, _curBlk);
Instruction::Ptr insn = ah->curInsn();
// follow ctrl transfers until you get a block containing non-ctrl
// transfer instructions, or hit a return instruction
while (insn->getCategory() == c_CallInsn ||
insn->getCategory() == c_BranchInsn)
{
boost::tie(valid, entry) = ah->getCFT();
if ( !valid || ! _cr->contains(entry) || ! _isrc->isCode(entry) ) {
mal_printf("WARNING: found call to function at %lx that "
"leaves to %lx, out of the code region %s[%d]\n",
current, entry, FILE__,__LINE__);
return false;
}
bufPtr = (const unsigned char *)(_cr->getPtrToInstruction(entry));
entryOff = entry - _cr->offset();
delete(ah);
newdec = InstructionDecoder(bufPtr,
_cr->length() - entryOff,
_cr->getArch());
ah = new IA_IAPI(newdec, entry, _obj, _cr, _isrc, _curBlk);
insn = ah->curInsn();
}
// calculate instruction stack deltas for the block, leaving the iterator
// at the last ins'n if it's a control transfer, or after calculating the
// last instruction's delta if we run off the end of initialized memory
int stackDelta = 0;
int addrWidth = _isrc->getAddressWidth();
static Expression::Ptr theStackPtr
(new RegisterAST(MachRegister::getStackPointer(_isrc->getArch())));
Address curAddr = entry;
while(true) {
// exit condition 1
if (insn->getCategory() == c_CallInsn ||
insn->getCategory() == c_ReturnInsn ||
insn->getCategory() == c_BranchInsn)
{
break;
}
// calculate instruction delta
if(insn->isWritten(theStackPtr)) {
entryID what = insn->getOperation().getID();
int sign = 1;
switch(what)
{
case e_push:
sign = -1;
//FALLTHROUGH
case e_pop: {
int size = insn->getOperand(0).getValue()->size();
stackDelta += sign * size;
break;
}
case e_pusha:
case e_pushad:
sign = -1;
//FALLTHROUGH
//.........这里部分代码省略.........
示例6: decoder
func_instance *mapped_object::findGlobalDestructorFunc(const std::string &dtorHandler) {
using namespace Dyninst::InstructionAPI;
const pdvector<func_instance *> *funcs = findFuncVectorByMangled(dtorHandler);
if( funcs != NULL ) {
return funcs->at(0);
}
/*
* If the symbol isn't found, try looking for it in a call in the
* .fini section. It is the last call in .fini.
*
* The pattern is:
*
* _fini:
*
* ... some code ...
*
* call dtor_handler
*
* ... prologue ...
*/
Symtab *linkedFile = parse_img()->getObject();
Region *finiRegion = NULL;
if( !linkedFile->findRegion(finiRegion, ".fini") ) {
vector<Dyninst::SymtabAPI::Function *> symFuncs;
if( linkedFile->findFunctionsByName(symFuncs, "_fini") ) {
finiRegion = symFuncs[0]->getRegion();
}else{
logLine("failed to locate .fini Region or _fini function\n");
return NULL;
}
}
if( finiRegion == NULL ) {
logLine("failed to locate .fini Region or _fini function\n");
return NULL;
}
// Search for last call in the function
Address dtorAddress = 0;
unsigned bytesSeen = 0;
const unsigned char *p = reinterpret_cast<const unsigned char *>(finiRegion->getPtrToRawData());
InstructionDecoder decoder(p, finiRegion->getDiskSize(),
parse_img()->codeObject()->cs()->getArch());
Instruction::Ptr lastCall;
Instruction::Ptr curInsn = decoder.decode();
while(curInsn && curInsn->isValid() &&
bytesSeen < finiRegion->getDiskSize())
{
InsnCategory category = curInsn->getCategory();
if( category == c_CallInsn ) {
lastCall = curInsn;
break;
}
bytesSeen += curInsn->size();
curInsn = decoder.decode();
}
if( !lastCall.get() || !lastCall->isValid() ) {
logLine("heuristic for finding global destructor function failed\n");
return NULL;
}
Address callAddress = finiRegion->getMemOffset() + bytesSeen;
RegisterAST thePC = RegisterAST(
Dyninst::MachRegister::getPC(parse_img()->codeObject()->cs()->getArch()));
Expression::Ptr callTarget = lastCall->getControlFlowTarget();
if( !callTarget.get() ) {
logLine("failed to find global destructor function\n");
return NULL;
}
callTarget->bind(&thePC, Result(s64, callAddress));
Result actualTarget = callTarget->eval();
if( actualTarget.defined ) {
dtorAddress = actualTarget.convert<Address>();
}else{
logLine("failed to find global destructor function\n");
return NULL;
}
if( !dtorAddress || !parse_img()->codeObject()->cs()->isValidAddress(dtorAddress) ) {
logLine("invalid address for global destructor function\n");
return NULL;
}
// A targ stub should have been created at the address
func_instance *ret = NULL;
if( (ret = findFuncByEntry(dtorAddress)) == NULL ) {
logLine("unable to find global destructor function\n");
return NULL;
}
inst_printf("%s[%d]: set global destructor address to 0x%lx\n", FILE__, __LINE__,
//.........这里部分代码省略.........