A snippet of p-code that can be executed outside of normal analysis. More...
#include <pcodeinject.hh>
Public Member Functions | |
| ExecutablePcode (Architecture *g, const string &src, const string &nm) | |
| Constructor. More... | |
| virtual string | getSource (void) const |
| Return a string describing the source of the injection (.cspec, prototype model, etc.) | |
| uintb | evaluate (const vector< uintb > &input) |
| Evaluate the snippet on the given inputs. More... | |
 Public Member Functions inherited from ghidra::InjectPayload | |
| InjectPayload (const string &nm, int4 tp) | |
| Construct for use with decode. | |
| int4 | getParamShift (void) const |
| Get the number of parameters shifted. | |
| bool | isDynamic (void) const |
| Return true if p-code in the injection is generated dynamically. | |
| bool | isIncidentalCopy (void) const |
| Return true if any injected COPY is considered incidental. | |
| int4 | sizeInput (void) const |
| Return the number of input parameters. | |
| int4 | sizeOutput (void) const |
| Return the number of output parameters. | |
| InjectParameter & | getInput (int4 i) |
| Get the i-th input parameter. | |
| InjectParameter & | getOutput (int4 i) |
| Get the i-th output parameter. | |
| virtual | ~InjectPayload (void) |
| Destructor. | |
| virtual void | inject (InjectContext &context, PcodeEmit &emit) const =0 |
| virtual void | decode (Decoder &decoder)=0 |
| Decode this payload from a stream. | |
| virtual void | printTemplate (ostream &s) const =0 |
| Print the p-code ops of the injection to a stream (for debugging) | |
| string | getName (void) const |
| Return the name of the injection. | |
| int4 | getType (void) const |
| Return the type of injection (CALLFIXUP_TYPE, CALLOTHERFIXUP_TYPE, etc.) | |
Private Member Functions | |
| void | build (void) |
| Initialize the Emulate object with the snippet p-code. | |
Private Attributes | |
| Architecture * | glb |
| The Architecture owning this snippet. | |
| string | source |
| Description of the source of this snippet. | |
| bool | built |
| Whether build() method has run, setting up the emulator. | |
| EmulateSnippet | emulator |
| The emulator. | |
| vector< uintb > | inputList |
| Temporary ids of input varnodes. | |
| vector< uintb > | outputList |
| Temporary ids of output varnodes. | |
| PcodeEmit * | emitter |
| Emitter (allocated temporarily) for initializing the emulator. | |
Additional Inherited Members | |
| Public Types inherited from ghidra::InjectPayload | |
| enum | { CALLFIXUP_TYPE = 1, CALLOTHERFIXUP_TYPE = 2, CALLMECHANISM_TYPE = 3, EXECUTABLEPCODE_TYPE = 4 } |
| Protected Member Functions inherited from ghidra::InjectPayload | |
| void | orderParameters (void) |
| Assign an index to parameters. More... | |
| void | decodePayloadAttributes (Decoder &decoder) |
| Parse the attributes of the current <pcode> tag. More... | |
| void | decodePayloadParams (Decoder &decoder) |
| Parse any <input> or <output> children of current <pcode> tag. More... | |
| Static Protected Member Functions inherited from ghidra::InjectPayload | |
| static void | decodeParameter (Decoder &decoder, string &name, uint4 &size) |
| Parse an <input> or <output> element describing an injection parameter. More... | |
| Protected Attributes inherited from ghidra::InjectPayload | |
| string | name |
| Formal name of the payload. | |
| int4 | type |
| Type of this payload: CALLFIXUP_TYPE, CALLOTHERFIXUP_TYPE, etc. | |
| bool | dynamic |
| True if the injection is generated dynamically. | |
| bool | incidentalCopy |
| True if injected COPYs are considered incidental. | |
| int4 | paramshift |
| Number of parameters shifted in the original call. | |
| vector< InjectParameter > | inputlist |
| List of input parameters to this payload. | |
| vector< InjectParameter > | output |
| List of output parameters. | |
Detailed Description
A snippet of p-code that can be executed outside of normal analysis.
Essentially a p-code script. The p-code contained in this snippet needs to be processor agnostic, so any register Varnodes must be temporary (out of the unique space) and any control-flow operations must be contained within the snippet (p-code relative addressing). Input and output to the snippet/script is provided by standard injection parameters. The class contains, as a field, a stripped down emulator to run the script and a convenience method evaluate() to feed in concrete values to the input parameters and return a value from a single output parameter.
Constructor & Destructor Documentation
◆ ExecutablePcode()
| ghidra::ExecutablePcode::ExecutablePcode | ( | Architecture * | g, |
| const string & | src, | ||
| const string & | nm | ||
| ) |
Constructor.
- Parameters
-
g is the Architecture owning snippet src is a string describing the source of the snippet nm is the formal name of the snippet
Member Function Documentation
◆ evaluate()
| uintb ghidra::ExecutablePcode::evaluate | ( | const vector< uintb > & | input | ) |
Evaluate the snippet on the given inputs.
The caller provides a list of concrete values that are assigned to the input parameters. The number of values and input parameters must match, and values are assigned in order. Input parameter order is determined either by the order of tags in the defining XML. This method assumes there is exactly 1 relevant output parameter. Once the snippet is executed the value of this parameter is read from the emulator state and returned.
- Parameters
-
input is the ordered list of input values to feed to this script
- Returns
- the value of the output parameter after script execution
References build(), emulator, ghidra::Emulate::executeCurrentOp(), ghidra::Emulate::getHalt(), ghidra::EmulateSnippet::getTempValue(), inputList, outputList, ghidra::EmulateSnippet::resetMemory(), and ghidra::EmulateSnippet::setVarnodeValue().
Referenced by ghidra::JumpAssisted::buildAddresses(), ghidra::JumpAssisted::buildLabels(), ghidra::SegmentOp::execute(), and ghidra::JumpAssisted::recoverModel().
The documentation for this class was generated from the following files:
- pcodeinject.hh
- pcodeinject.cc
