Interface INativeCodeUnit<InsnType extends IInstruction>
- All Superinterfaces:
IAddressableUnit
,ICodeUnit
,IEventSource
,IInteractiveUnit
,IMethodManager
,INativeContext
,IUnit
,IUnitCreator
,IUserDataSupport
Code units own and work closely with the following objects:
INativeCodeAnalyzer
- code analyzerIMemoryModel
- code model forINativeItem
and derived objectsITypeManager
- type and package manager
Note: if a debugger is attached, a temporary physical image base can be set.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
SymbolType.EXTERN_FUNCTION
routine prefixstatic final String
SymbolType.PTRFUNCTION
routine prefixstatic final String
Target routine prefix with named trampoline: '*'static final String
Trampoline routines prefix: unicode RIGHTWARDS ARROW '→'Fields inherited from interface com.pnfsoftware.jeb.core.units.code.asm.items.IMethodManager
FLAG_DO_NOT_ANALYZE, FLAG_DO_NOT_UNMANGLE, FLAG_PLACEHOLDER_METHOD
-
Method Summary
Modifier and TypeMethodDescriptionGet the principal code analyzer extension attached to this unit.long
getCanonicalMemoryAddress
(String address) Convert a flexible native code unit address to a canonical memory address.long
getCanonicalMemoryAddress
(String address, AddressConversionPrecision precision) Convert a flexible native code unit address to a canonical memory address.Convenience method used to retrieve a class by name.getClassByIndex
(int index) Get a class by its internal index.List<? extends INativeClassItem>
Get the list of classes.Get the code analyzer.Retrieve the currently-set analyzer extensions manager.Get the helper object used to format instructions into a sink.Get the code model.Provide the parent code object container, if there is one.Get the comment manager.getDataTypeAt
(long address) Get the native type of the data item located at the provided address.Retrieve or create a decompiler for this unit.Convenience method to retrieve the text document representing the disassembly of this code unit.Retrieve the endianness.long
Get the address of the entry-point of this unit, if any.Convenience method used to retrieve a field by name.getFieldByIndex
(int index) Get a field by its internal index.Get the list of fields.long
Get the address of the high-level entry-point of this unit, if any.getInlineComment
(long address) Convenience method used to retrieve the inline comment at the provided virtual address.getInternalMethod
(long memoryAddress) Retrieve an internal method by its entry-point address.getInternalMethod
(long memoryAddress, boolean addressIsEntryPoint) Retrieve an internal method by address (any address within the method).List<? extends INativeMethodItem>
Retrieve all internal methods.List<? extends INativeMethodItem>
getInternalMethods
(long memoryAddress) Retrieve the internal methods spanning over the provided addressList<? extends INativeMethodItem>
Retrieve all internal methods, ordered from the leaves to the roots.List<? extends INativeMethodItem>
Retrieve all internal methods, ordered from their ascending byte size.getItemObject
(long id) Optionally provide an object associated with the given item.getLock()
Retrieve the model lock, used to request a full-access model lock or a partial, read-only, transactional lock.Retrieve the virtual memory managed used by this unit.Convenience method used to retrieve a method by name.getMethodByIndex
(int index) Get a method by its internal index.List<? extends INativeMethodItem>
Get the list of methods.getNativeItemAt
(long address) Get the item located at the exact address.getNativeItemOver
(long address) Get the item spanning over the provided address.getNativeItemsOver
(long address, int size) Retrieve a read-only map of the native items located within the provided memory range.Get the package/namespace manager used by this unit.Get the list of code packages.long
Retrieve the difference between Physical Image base as set bysetPhysicalImageBase(long)
and Virtual Image Base as retrieved byINativeContext.getVirtualImageBase()
.Retrieve the machine code parser (pseudo-processor) managed by this unit.Convenience method used to retrieve the processor's name.Get the global signature manager used by this unit.getStringByIndex
(int index) Retrieve a string by index.List<? extends INativeStringItem>
Get the list of code strings.getSymbolicStringAddress
(long address) Retrieve the simplest symbol address that corresponds to the given physical address.getSymbolicStringAddress
(long address, int sspref) Retrieve a symbol address that corresponds to the given physical address.Get the global type library service.Get the global type manager used by this unit.List<? extends INativeType>
getTypes()
Get the list of types.boolean
Determine whether a code analysis pass is ongoing.boolean
Determine whether or not an initial analysis pass has been done.boolean
performAnalysis
(boolean async, Boolean includeAdvancedAnalysis, Runnable onCompletion) Start an analysis.boolean
Perform the initial analysis pass.boolean
performInitialAnalysis
(Boolean blocking) boolean
process()
Quickly process the unit.void
Set the principal code analyzer extension for this unit.void
boolean
setCodeAt
(long address, int procmode, boolean undefineOverlappingItems) Parse and create an instruction at the provided address.void
setCodeFormatter
(GenericCodeFormatter<InsnType> codeFormatter) void
setCompilerType
(CompilerType compilerType) Set a hint.boolean
setDataAt
(long address, INativeType type, String name) Create or update a data item at the provided address.boolean
setDataAt
(long address, INativeType type, String name, boolean undefineOverlappingItems) Create or update a data item at the provided address.boolean
setDataTypeAt
(long address, INativeType type) Convenience method to set the native type of a data item located at the provided address.boolean
setInlineComment
(long address, String comment) Convenience method used to set the inline comment at the provided virtual address.void
setMemory
(IVirtualMemory mem) Optionally set the current optional virtual memory (VM) used by this unit.void
setPhysicalImageBase
(long physicalImageBase) Set the real (physical) image base for this piece of code.void
setProcessor
(IProcessor<InsnType> proc) Set the code parser (processor) used by this unit.boolean
setRoutineAt
(long address) Parse and attempt to create a routine at the provided address.boolean
setRoutineAt
(long address, int procmode) Parse and attempt to create a routine at the provided address.boolean
setRoutineAt
(long address, int procmode, int permission) Parse and attempt to create a routine at the provided address.boolean
setRoutinePrototype
(INativeMethodItem routine, String prototypeString) Set a routine prototype.boolean
setRoutineReferenceAt
(long address, INativeMethodItem routine) Create a special data item representing a reference to a method.boolean
setRoutineSignature
(INativeMethodItem routine, String signatureString, boolean prototypeOnly) Set a routine signature or protytpe.boolean
setStringAt
(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars) Create a string data item.boolean
setStringAt
(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars, boolean undefineOverlappingItems) Create a string data item.void
setSubsystemType
(SubsystemType subsystemType) Set a hint.void
setVirtualImageBase
(long virtualImageBase) Set preferred image baseboolean
undefineItem
(long address) Undefine the memory item starting at the provided address.Methods inherited from interface com.pnfsoftware.jeb.core.units.IAddressableUnit
getAddressLabel, getAddressLabels, getAddressOfItem, getCanonicalAddress, getItemAtAddress, getRelatedItems, getWellKnownAddresses, isValidAddress
Methods inherited from interface com.pnfsoftware.jeb.core.units.code.ICodeUnit
getAddressFromCodeCoordinates, getCodeCoordinatesFromAddress, getCodeItemByAddress, getDisassembly, getHierarchy
Methods inherited from interface com.pnfsoftware.jeb.util.events.IEventSource
addListener, countListeners, getListeners, getParentSource, insertListener, notifyListeners, removeListener, setParentSource
Methods inherited from interface com.pnfsoftware.jeb.core.units.IInteractiveUnit
addressToLocation, canExecuteAction, executeAction, executeAction, getAddressActions, getFullComment, getFullComments, getGlobalActions, getInlineComment, getInlineComments, getItemActions, getMetadataManager, locationToAddress, prepareExecution, setInlineComment
Methods inherited from interface com.pnfsoftware.jeb.core.units.code.asm.items.IMethodManager
createMethodReference, createMethodReference
Methods inherited from interface com.pnfsoftware.jeb.core.units.code.asm.INativeContext
createMethodReference, getCodeContainerType, getDetectedCompiler, getDynamicBranchResolution, getField, getImageSize, getRoutine, getRoutineByName, getRoutineOver, getRoutines, getSubsystemType, getVirtualImageBase, recordDynamicBranchTarget, requestRoutineReanalysis, trackNativeItem
Methods inherited from interface com.pnfsoftware.jeb.core.units.IUnit
addChild, addChild, canBePersisted, dispose, generateQuickState, getChildren, getContributions, getCreationTimestamp, getDescription, getExtraInputs, getFormatter, getFormatType, getIconData, getInput, getInterpreters, getName, getNotes, getNotificationManager, getParent, getParentArtifact, getParentProject, getPropertyDefinitionManager, getPropertyManager, getRealName, getStatus, getUid, getUnitProcessor, initializePropertyObjects, isDisposed, isProcessed, isStale, isTransientChild, notifyGenericChange, postDeserialization, removeChild, setName, setNotes, setParent, setRealName, setUnitProcessor
Methods inherited from interface com.pnfsoftware.jeb.core.IUserDataSupport
clearAllData, getAllData, getData, setData
-
Field Details
-
externalSymbolsPrefix
SymbolType.EXTERN_FUNCTION
routine prefix- See Also:
-
importPtrPrefix
SymbolType.PTRFUNCTION
routine prefix- See Also:
-
trampolinePrefix
Trampoline routines prefix: unicode RIGHTWARDS ARROW '→'- See Also:
-
targetPrefix
Target routine prefix with named trampoline: '*'- See Also:
-
-
Method Details
-
getLock
IUnitLock getLock()Retrieve the model lock, used to request a full-access model lock or a partial, read-only, transactional lock. All plugin code accessing the native units and units relying on native units should use those locks to perform operations safely in a concurrent environment. -
getItemObject
Description copied from interface:IAddressableUnit
Optionally provide an object associated with the given item. This method may return null, an opaque object, or an object defined by the contract of the implementing object or sub-interface. The SPI of sub-interfaces should specify the item id formats, if any, as well as types and semantics associated with the objects returned by this method.- Specified by:
getItemObject
in interfaceIAddressableUnit
- Parameters:
id
- the item id- Returns:
- an object, whose type is defined by contract, potentially null
-
getAddressFromCodeCoordinates
-
getStrings
List<? extends INativeStringItem> getStrings()Description copied from interface:ICodeUnit
Get the list of code strings.- Specified by:
getStrings
in interfaceICodeUnit
- Returns:
-
getStringByIndex
Retrieve a string by index. Careful, this is not the same asgetStrings().get(index)
.- Parameters:
index
-- Returns:
-
getPackages
Description copied from interface:ICodeUnit
Get the list of code packages.- Specified by:
getPackages
in interfaceICodeUnit
- Returns:
-
getTypes
List<? extends INativeType> getTypes()Description copied from interface:ICodeUnit
Get the list of types. -
getClasses
List<? extends INativeClassItem> getClasses()Description copied from interface:ICodeUnit
Get the list of classes.- Specified by:
getClasses
in interfaceICodeUnit
- Returns:
-
getFields
List<INativeFieldItem> getFields()Description copied from interface:ICodeUnit
Get the list of fields.- Specified by:
getFields
in interfaceICodeUnit
- Specified by:
getFields
in interfaceINativeContext
-
getMethods
List<? extends INativeMethodItem> getMethods()Description copied from interface:ICodeUnit
Get the list of methods.- Specified by:
getMethods
in interfaceICodeUnit
- Returns:
-
getClass
Description copied from interface:ICodeUnit
Convenience method used to retrieve a class by name. -
getField
Description copied from interface:ICodeUnit
Convenience method used to retrieve a field by name. -
getMethod
Description copied from interface:ICodeUnit
Convenience method used to retrieve a method by name. -
getClassByIndex
Get a class by its internal index. Class indices are monotonously increasing, and gaps may exist as classes get destroyed and created. The caller should not assume thatgetClassByIndex(i)==getClasses().get(i)
.- Parameters:
index
- an opaque class index, eg one present inICodeCoordinates
- Returns:
- a class object or null
-
getFieldByIndex
Get a field by its internal index. Field indices are monotonously increasing, and gaps may exist as fields get destroyed and created. The caller should not assume thatgetFieldByIndex(i)==getFields().get(i)
.- Parameters:
index
- an opaque field index, eg one present inICodeCoordinates
- Returns:
- a field object or null
-
getMethodByIndex
Get a method by its internal index. Method indices are monotonously increasing, and gaps may exist as methods get destroyed and created. The caller should not assume thatgetMethodByIndex(i)==getMethods().get(i)
.- Parameters:
index
- an opaque method index, eg one present inICodeCoordinates
- Returns:
- a method object or null
-
getDisassemblyDocument
INativeDisassemblyDocument getDisassemblyDocument()Description copied from interface:ICodeUnit
Convenience method to retrieve the text document representing the disassembly of this code unit.The caller is responsible for disposing the returned document after usage.
- Specified by:
getDisassemblyDocument
in interfaceICodeUnit
- Returns:
-
getCodeObjectContainer
ICodeObjectUnit getCodeObjectContainer()Provide the parent code object container, if there is one. Typically, that would be an ELF, PE-COFF, or Mach-O unit accessible through the generic interfaceICodeObjectUnit
or any of the derived specialized interfaces.- Returns:
- a unit or null
-
getInternalMethods
List<? extends INativeMethodItem> getInternalMethods()Retrieve all internal methods. An internal method has an associateddata
item associated to it.- Returns:
- a list of internal methods
-
getInternalMethodsLeafFirst
List<? extends INativeMethodItem> getInternalMethodsLeafFirst()Retrieve all internal methods, ordered from the leaves to the roots. An internal method has an associateddata
item associated to it.- Returns:
-
getInternalMethodsSizeFirst
List<? extends INativeMethodItem> getInternalMethodsSizeFirst()Retrieve all internal methods, ordered from their ascending byte size. An internal method has an associateddata
item associated to it.- Returns:
-
getInternalMethod
Retrieve an internal method by its entry-point address. An internal method has an associateddata
item associated to it. If multiple methods share the provided entry-point address, the first one is returned.- Parameters:
memoryAddress
-- Returns:
- a routine item or null
-
getInternalMethod
Retrieve an internal method by address (any address within the method). An internal method has an associateddata
item associated to it. If multiple methods share the provided address, the one with the lowest entry-point address is returned.- Parameters:
memoryAddress
-addressIsEntryPoint
- true if the provided address is the method entry-point; false if the address is just part of the routine. In the latter case, if the address belongs to several routines, any one is returned- Returns:
- a routine item or null
-
getInternalMethods
Retrieve the internal methods spanning over the provided address- Parameters:
memoryAddress
-- Returns:
-
setProcessor
Set the code parser (processor) used by this unit. This method should be called at most once (typically done in the unit's identifier), beforeprocessing
the unit.- Parameters:
proc
- mandatory processor
-
setCallingConvention
- Parameters:
cc
-
-
getProcessor
IProcessor<InsnType> getProcessor()Retrieve the machine code parser (pseudo-processor) managed by this unit.- Specified by:
getProcessor
in interfaceINativeContext
- Returns:
-
getProcessorName
String getProcessorName()Convenience method used to retrieve the processor's name. The processor value specifies, among other things, the underlying instruction set used by the instructions of this code unit.- Returns:
- a lower-case string, never null (if the processor is unknown or not set, 'unknown' is retrieved)
-
getEndianness
Endianness getEndianness()Retrieve the endianness. This method is for convenience only; byte ordering can always be retrieved through theIProcessor
.- Returns:
- byte ordering for the target
-
setMemory
Optionally set the current optional virtual memory (VM) used by this unit. This method should be called at most once (typically done in the unit's identifier), beforeprocessing
the unit. It is optional; the VM object set may be overridden during unit processing if it is deemed inappropriate to handle the code object. Therefore, after processing, client code should always retrieve the actual VM object viagetMemory()
.- Parameters:
mem
- optional VM
-
getMemory
IVirtualMemory getMemory()Retrieve the virtual memory managed used by this unit.- Specified by:
getMemory
in interfaceINativeContext
- Returns:
-
setSubsystemType
Set a hint. This method may be called optionally, before process(). The hint may be disregarded.- Parameters:
subsystemType
-
-
setCompilerType
Set a hint. This method may be called optionally, before process(). The hint may be disregarded.- Parameters:
compilerType
-
-
setCodeFormatter
- Parameters:
codeFormatter
-
-
getCodeFormatter
GenericCodeFormatter<InsnType> getCodeFormatter()Get the helper object used to format instructions into a sink.Do not confuse the code formatter with the unit's
formatter
.- Returns:
-
getAnalyzerExtension
INativeCodeAnalyzerExtension<InsnType> getAnalyzerExtension()Get the principal code analyzer extension attached to this unit.- Returns:
-
setAnalyzerExtension
Set the principal code analyzer extension for this unit.- Parameters:
ext
-
-
getCodeModel
INativeCodeModel<InsnType> getCodeModel()Get the code model.- Returns:
-
getCodeAnalyzer
INativeCodeAnalyzer<InsnType> getCodeAnalyzer()Get the code analyzer.Life-cycle information: this method will return null until the unit is
processed
.- Returns:
-
getCodeAnalyzerExtensionsManager
INativeCodeAnalyzerExtensionsManager<InsnType> getCodeAnalyzerExtensionsManager()Retrieve the currently-set analyzer extensions manager. Life-cycle information: this method will return null until the unit isprocessed
.Note: third-party code should not use this for now.
- Returns:
-
process
boolean process()Quickly process the unit. Be careful that theIUnit
is not analyzed whileperformInitialAnalysis()
was not called.- Specified by:
process
in interfaceIUnit
- Returns:
- true if
IUnit
was processed (may then checkisInitialAnalysisDone()
to check that unit is fully usable)
-
isInitialAnalysisDone
boolean isInitialAnalysisDone()Determine whether or not an initial analysis pass has been done.- Returns:
-
performInitialAnalysis
boolean performInitialAnalysis()Perform the initial analysis pass. This method should be called once, aftersuccessful unit processing
. The initial analysis pass parameters, such as synchronicity, the inclusion of global or advanced analysis, etc. are determined automatically.- Returns:
-
performInitialAnalysis
-
performAnalysis
Start an analysis.- Parameters:
async
- if true, this method is executed asynchronously and returns immediately; useINativeCodeAnalyzer.isAnalyzing()
to determine whether the analysis has completed.includeAdvancedAnalysis
- if null, use the unit's settings; if non-null, bypass the unit's configuration and force-enable or force-disable the advanced analysisonCompletion
- optional runnable to be executed on completion (always)- Returns:
-
isAnalysisCompleted
boolean isAnalysisCompleted()Determine whether a code analysis pass is ongoing.- Returns:
- false if a code analysis is currently taking place, true otherwise
-
getCanonicalMemoryAddress
Convert a flexible native code unit address to a canonical memory address.Unit addresses can be code labels, pseudo labels, string representations of physical addresses, etc.
- Parameters:
address
- an address- Returns:
- the memory address, or -1 (0xFFFFFFFF_FFFFFFFFL) on failure
-
getCanonicalMemoryAddress
Convert a flexible native code unit address to a canonical memory address.Unit addresses can be code labels, pseudo labels, string representations of physical addresses, etc.
- Parameters:
address
- an addressprecision
- use COARSE to bypass early name resolution, and attempt a simple number conversion first (e.g., with coarse address "aabb" will be resolved to 0xAABB before looking if an item is named "aabb"); with FINE (or DEFAULT), item name resolution is attempted first; therefore, for quick and unreliable conversions, use COARSE; else, use the DEFAULT setting- Returns:
- the memory address, or -1 (0xFFFFFFFF_FFFFFFFFL) on failure
-
getSymbolicStringAddress
Retrieve the simplest symbol address that corresponds to the given physical address. Same asgetSymbolicStringAddress(address, 0)
.- Parameters:
address
-- Returns:
-
getSymbolicStringAddress
Retrieve a symbol address that corresponds to the given physical address.Example: if address if at offset 10h inside method foo() (at address 401000h), querying this method with sspref=2 will return a label "foo+10h"; however, querying with sspref=0 would simply return "401010h".
- Parameters:
address
- a memory addresssspref
- resolution type: (in the examples a below, a routine exists at address 0x401000)
0= will resolve to a standard hex-formatted address, e.g.0x402000
to402000h
1= will first resolve to any existing label, routine address, e.g.0x401000
tosub_401000
etc.
2= will first resolve to a routine-based address, e.g.sub_401010
tosub_401000+10h
- Returns:
-
setVirtualImageBase
void setVirtualImageBase(long virtualImageBase) Set preferred image base- Parameters:
virtualImageBase
-
-
setPhysicalImageBase
void setPhysicalImageBase(long physicalImageBase) Set the real (physical) image base for this piece of code. That address is the real address of the first loaded byte on a target device. The existence of this method implies that at most one physical address can be used at any time. (Typically, debuggers use this method to let code units know of where they are currently mapped, which in turn is used to better render assembly output.) Generally, the physical image address changes across different launches.- Parameters:
physicalImageBase
- the physical image base of this code unit; the value 0 means that the physical address is unknown
-
getPhysicalImageDelta
long getPhysicalImageDelta()Retrieve the difference between Physical Image base as set bysetPhysicalImageBase(long)
and Virtual Image Base as retrieved byINativeContext.getVirtualImageBase()
. This value should only be used for rendering.- Returns:
-
getEntryPointAddress
long getEntryPointAddress()Get the address of the entry-point of this unit, if any.- Returns:
-
getHighLevelEntryPointAddress
long getHighLevelEntryPointAddress()Get the address of the high-level entry-point of this unit, if any.The high-level entry-point corresponds to a
main()
(or similar) routine. It is the routine executed after the compiler-generated initialization code is executed. Note that it might be set as a result of the initial analysis.- Returns:
- real entry point address, -1L if none
-
getSignatureManager
NativeSignatureDBManager getSignatureManager()Get the global signature manager used by this unit.- Returns:
-
getTypeManager
ITypeManager getTypeManager()Get the global type manager used by this unit.- Specified by:
getTypeManager
in interfaceINativeContext
- Returns:
-
getPackageManager
IPackageManager getPackageManager()Get the package/namespace manager used by this unit.- Returns:
-
getClassManager
IClassManager getClassManager()- Returns:
-
getFieldManager
IFieldManager getFieldManager()- Returns:
-
getMethodManager
IMethodManager getMethodManager()- Returns:
-
getTypeLibraryService
TypeLibraryService getTypeLibraryService()Get the global type library service.- Returns:
-
setRoutinePrototype
Set a routine prototype. This method uses non-standard prototype declarations and should be avoided. UsesetRoutineSignature(INativeMethodItem, String, boolean)
instead.- Parameters:
routine
- target routineprototypeString
- a prototype string having the following style:<calling-convention> returnType(paramType1 _) <calling-convention> returnType(paramType1, paramType2) <calling-convention> returnType(paramType1, paramType2, ...)
- Returns:
- success indicator
-
setRoutineSignature
boolean setRoutineSignature(INativeMethodItem routine, String signatureString, boolean prototypeOnly) Set a routine signature or protytpe.- Parameters:
routine
- target routinesignatureString
- a C-like signature; some C++ features such as namespaces (::) or templates (<...>) are allowed but disregardedprototypeOnly
- if true, only the prototype will be applied; method and parameter names, if provided, will not be applied- Returns:
- success indicator
-
getDataTypeAt
Get the native type of the data item located at the provided address.- Parameters:
address
-- Returns:
-
setDataTypeAt
Convenience method to set the native type of a data item located at the provided address. If no item exists at the provided address, one will be created. Overlapping items may be deleted.Note: to create String items, see
setStringAt(long, long, StringEncoding, int, int)
.- Parameters:
address
-type
-- Returns:
- success indicator
-
setDataAt
Create or update a data item at the provided address. Overlapping items may be deleted.Note: to create String items, see
setStringAt(long, long, StringEncoding, int, int)
.- Parameters:
address
- item addresstype
- item typename
- optional name- Returns:
- success indicator
-
setDataAt
Create or update a data item at the provided address.Note: to create String items, see
setStringAt(long, long, StringEncoding, int, int)
.- Parameters:
address
- item addresstype
- item typename
- optional nameundefineOverlappingItems
- if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item- Returns:
- success indicator
-
setStringAt
boolean setStringAt(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars) Create a string data item. Overlapping items may be deleted.- Parameters:
address
- mandatory start addressaddressMax
- optional maximum (final) address for the string; use -1 for no limitstringType
- the string type hint; null to let this method determine the best string type heuristicallyminChars
- minimum number of characters to be found in the string for it to be considered valid; set to -1 for default (currently: 3)maxChars
- maximum number of characters (not bytes) to be parsed; set to -1 for default (currently: 100_000)- Returns:
- success indicator
-
setStringAt
boolean setStringAt(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars, boolean undefineOverlappingItems) Create a string data item.- Parameters:
address
- mandatory start addressaddressMax
- optional maximum (final) address for the string; use -1 for no limitstringType
- the string type hint; null to let this method determine the best string type heuristicallyminChars
- minimum number of characters to be found in the string for it to be considered valid; set to -1 for default (currently: 3)maxChars
- maximum number of characters (not bytes) to be parsed; set to -1 for default (currently: 100_000)undefineOverlappingItems
- if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item- Returns:
- success indicator
-
setCodeAt
boolean setCodeAt(long address, int procmode, boolean undefineOverlappingItems) Parse and create an instruction at the provided address.- Parameters:
address
- instruction addressprocmode
- processor mode (refer toMODE_xxx
constants inIProcessor
)undefineOverlappingItems
- if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item- Returns:
- success indicator
-
setRoutineReferenceAt
Create a special data item representing a reference to a method. Those items are similar to function pointer items (pointer to prototypes), except that they refer specifically to routine objects managed by this unit.- Parameters:
address
-routine
-- Returns:
-
setRoutineAt
boolean setRoutineAt(long address) Parse and attempt to create a routine at the provided address. The processor mode used will be the default one, and the analysis will be done forcefully.- Parameters:
address
- routine start address- Returns:
- success indicator: if true, a routine was created (or existed) at the provided address
-
setRoutineAt
boolean setRoutineAt(long address, int procmode) Parse and attempt to create a routine at the provided address. The analysis is done forcefully.- Parameters:
address
- routine start addressprocmode
- processor mode- Returns:
- success indicator: if true, a routine was created (or existed) at the provided address
-
setRoutineAt
boolean setRoutineAt(long address, int procmode, int permission) Parse and attempt to create a routine at the provided address.- Parameters:
address
- routine start addressprocmode
- processor modepermission
- one of thePERMISSION_xxx
constants ofINativeCodeAnalyzer
(refer toenqueuePointerForAnalysis
for details)- Returns:
- success indicator: if true, a routine was created (or existed) at the provided address
-
getNativeItemAt
Get the item located at the exact address.- Specified by:
getNativeItemAt
in interfaceINativeContext
- Parameters:
address
- item start address- Returns:
-
getNativeItemOver
Get the item spanning over the provided address.- Specified by:
getNativeItemOver
in interfaceINativeContext
- Parameters:
address
- an address- Returns:
-
getNativeItemsOver
Retrieve a read-only map of the native items located within the provided memory range.- Parameters:
address
-size
-- Returns:
-
undefineItem
boolean undefineItem(long address) Undefine the memory item starting at the provided address. Careful, this method may have unintended side effects. Example: deleting an instruction item that's part of a routine body will also discard that routine, which in turn may discard other items or references, within this unit or other units.- Parameters:
address
- item address- Returns:
- success indicator
-
getCommentManager
NativeCommentManager getCommentManager()Description copied from interface:IInteractiveUnit
Get the comment manager. This method is optional. When the unit is disposed, this method must return null. The default implementation returns null.- Specified by:
getCommentManager
in interfaceICodeUnit
- Specified by:
getCommentManager
in interfaceIInteractiveUnit
- Returns:
- a comment manager, or null if the unit does not have one
-
setInlineComment
Convenience method used to set the inline comment at the provided virtual address.- Parameters:
address
- VAcomment
- a comment- Returns:
- success indicator
-
getInlineComment
Convenience method used to retrieve the inline comment at the provided virtual address.- Parameters:
address
- VA- Returns:
- a comment or null
-
getDecompiler
INativeDecompilerUnit<InsnType> getDecompiler()Retrieve or create a decompiler for this unit. If a correspondinggendec
plugin is not available with your JEB license, null is returned.- Returns:
-