Class EEmulator
java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.EEmulator
IR emulator, a controller for an
IR state
.
How to use:
- pass an existing EState
to a constructor or use
createStandard(IEGlobalContext)
to create a state and an emulator
- use the settters
to customize the emulator.
- setup()
it
- run()
it
Three modes of execution:
1- IR routine emulation
2- IR routine-supported stub emulation
3- Global routine emulation (disregarding routines), a generalized variant of 2, suitable for
full program emulation
4- Global stub emulation
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final boolean
static final long
static final int
static final boolean
static final boolean
static final long
static final long
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoid
addArgument
(byte[] val, INativeType t) void
addArgument
(long val, INativeType t) void
addArgument
(IEImm val) void
boolean
commitMemoryChanges
(boolean commitModifiedPagesOnly) long
createPseudoRoutine
(INativeMethodItem routine) long
createPseudoRoutine
(String name) static EEmulator
Create an emulator as well as a standardemulation state
that will be controlled by the emulator.static EEmulator
createStandard
(IEGlobalContext gctx, int maxIterationCount) Create an emulator as well as a standardemulation state
that will be controlled by the emulator.final long
long
findRegisteredRoutine
(String name) int
A convenience method to retrieve memory changes performed during emulation.long
int
long
int
getState()
long
getTruncatedRegisterValue
(String regname) long
heapAlloc
(int size) void
heapFree
(long addr) long
heapRealloc
(long addr, int newsize) hooksEvaluateAt
(long addr, IInstruction hintNativeStm) hooksEvaluateExternal
(String routineName, INativeMethodItem routine) boolean
hooksEvaluateSyscall
(long addr, IInstruction insn) boolean
void
monitorHLSpecial
(int code, Object... params) boolean
ret-addr on stack: pop and return
ret-addr in register: TBIboolean
processStoredReturnAddress
(StorageEntry entry, int stkSlotAdj) ret-addr on stack: pop and return
ret-addr in register: TBIreadPointer
(long addr) Convenience method.readStorage
(StorageEntry entry) void
registerHooks
(IEEmulatorHooks hooks, boolean insertFirst) long
registerRoutine
(long addr, INativeMethodItem routine) long
registerRoutine
(long addr, String name) static IPrototypeItem
retrievePrototype
(INativeDecompilerContext decomp, INativeMethodItem routine) Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.void
run()
void
setArguments
(Collection<IEImm> vals) void
setGlobalRoutineEmulation
(long routineAddress, IPrototypeItem routinePrototype) void
void
setGlobalStubEmulation
(long pcStart, Long pcStop) void
void
setPCAddress
(long nativeAddress) void
setPerformFreshDecompilations
(boolean performFreshDecompilations) void
setPreferredStackBase
(long address) Must be called beforesetup()
.void
void
setRecordMemoryWrites
(boolean recordMemoryWrites) void
setResetUnknownRegisters
(boolean enabled) Must be called beforesetup()
.void
setReturnAddress
(long retAddr) boolean
void
setStubExecution
(IERoutineContext ctx, int irStart, int irStop) void
setStubExecution
(INativeMethodItem routine, long pcStart, long pcStop) void
setTargetRoutine
(INativeMethodItem routine) void
setup()
void
teardown()
Clean-up temporary constructs built duringsetup()
.void
unregisterHooks
(IEEmulatorHooks hooks) long
updateSPAddress
(int delta) Update the stack pointer register.boolean
writePointer
(long addr, long ptr) boolean
writeStorage
(StorageEntry entry, IEImm val)
-
Field Details
-
defaultMaxIterCount
public static final int defaultMaxIterCount- See Also:
-
defaultAllowOpt
public static final boolean defaultAllowOpt- See Also:
-
defaultHeapBase
public static final long defaultHeapBase- See Also:
-
defaultStackBase
public static final long defaultStackBase- See Also:
-
defaultResetUnknownRegisters
public static final boolean defaultResetUnknownRegisters- See Also:
-
defaultReturnAddr
public static final long defaultReturnAddr- See Also:
-
defaultRecordMemoryWrites
public static final boolean defaultRecordMemoryWrites- See Also:
-
-
Constructor Details
-
EEmulator
-
-
Method Details
-
createStandard
Create an emulator as well as a standardemulation state
that will be controlled by the emulator. Set the standard maximum iteration count to 10000.- Parameters:
gctx
-- Returns:
-
createStandard
Create an emulator as well as a standardemulation state
that will be controlled by the emulator.- Parameters:
gctx
-maxIterationCount
-- Returns:
-
getGlobalContext
-
getRegisterSize
public int getRegisterSize() -
getAddressSize
public int getAddressSize() -
getStackSlotSize
public int getStackSlotSize() -
setRecordMemoryWrites
public void setRecordMemoryWrites(boolean recordMemoryWrites) -
setResetUnknownRegisters
public void setResetUnknownRegisters(boolean enabled) Must be called beforesetup()
.- Parameters:
enabled
-
-
setPreferredStackBase
public void setPreferredStackBase(long address) Must be called beforesetup()
.- Parameters:
address
-
-
setPerformFreshDecompilations
public void setPerformFreshDecompilations(boolean performFreshDecompilations) -
setStubExecution
-
setStubExecution
-
setTargetRoutine
-
setPreferredTargetPrototype
-
setGlobalRoutineEmulation
-
setGlobalRoutineEmulation
-
setGlobalStubEmulation
-
setReturnAddress
public void setReturnAddress(long retAddr) -
clearArgument
public void clearArgument() -
addArgument
-
addArgument
-
addArgument
-
setArguments
-
retrievePrototype
public static IPrototypeItem retrievePrototype(INativeDecompilerContext decomp, INativeMethodItem routine) Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.- Parameters:
decomp
- decompiler unitroutine
- candidate target routine- Returns:
- the retrieved prototype that would be used by an emulator for the provided target routine
-
setup
public void setup() -
setStack
-
teardown
public void teardown()Clean-up temporary constructs built duringsetup()
. -
isPrimaryEmulator
public boolean isPrimaryEmulator() -
getState
-
getVirtualMemory
-
getMemoryChanges
A convenience method to retrieve memory changes performed during emulation.- Returns:
- a changes object
- Throws:
UnsupportedOperationException
- if the emulator's memory is not a shim
-
getSPAddress
public long getSPAddress() -
updateSPAddress
public long updateSPAddress(int delta) Update the stack pointer register.- Parameters:
delta
-- Returns:
- the updated SP value
-
getPCAddress
public long getPCAddress() -
setPCAddress
public void setPCAddress(long nativeAddress) -
run
- Throws:
EvaluationException
-
setLastEvaluationResult
-
getLastEvaluationResult
-
findRegisteredRoutine
-
createPseudoRoutine
-
createPseudoRoutine
-
registerRoutine
-
registerRoutine
-
currentRequestId
public final long currentRequestId() -
hooksEvaluateAt
- Parameters:
addr
-hintNativeStm
-- Returns:
-
hooksEvaluateExternal
- Parameters:
routineName
- mandatoryroutine
- optional- Returns:
-
hooksEvaluateUntranslated
-
hooksEvaluateSyscall
-
monitorHLSpecial
-
readStorage
-
writeStorage
-
processStoredReturnAddress
ret-addr on stack: pop and return
ret-addr in register: TBI -
processStoredReturnAddress
ret-addr on stack: pop and return
ret-addr in register: TBI -
readPointer
Convenience method.- Parameters:
addr
-- Returns:
-
writePointer
public boolean writePointer(long addr, long ptr) -
getMemoryWrites
-
getReturnValue
-
getReturnAddress
-
getTruncatedRegisterValue
-
commitMemoryChanges
public boolean commitMemoryChanges(boolean commitModifiedPagesOnly) -
registerHooks
-
unregisterHooks
-
heapAlloc
public long heapAlloc(int size) -
heapRealloc
public long heapRealloc(long addr, int newsize) -
heapFree
public void heapFree(long addr) -
getMetadata
-