java.lang.Object
com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.EEmulator

public class EEmulator extends Object
IR emulator, a controller for an IR state.

How to use:
- pass an existing EState to a constructor or use createStandard(IEGlobalContext) to create a state and an emulator
- use the settters to customize the emulator.
- setup() it
- run() it

Three modes of execution:
1- IR routine emulation
2- IR routine-supported stub emulation
3- Global routine emulation (disregarding routines), a generalized variant of 2, suitable for full program emulation
4- Global stub emulation

  • Field Details

  • Constructor Details

    • EEmulator

      public EEmulator(EState state)
  • Method Details

    • createStandard

      public static EEmulator createStandard(IEGlobalContext gctx)
      Create an emulator as well as a standard emulation state that will be controlled by the emulator. Set the standard maximum iteration count to 10000.
      Parameters:
      gctx -
      Returns:
    • createStandard

      public static EEmulator createStandard(IEGlobalContext gctx, int maxIterationCount)
      Create an emulator as well as a standard emulation state that will be controlled by the emulator.
      Parameters:
      gctx -
      maxIterationCount -
      Returns:
    • getGlobalContext

      public IEGlobalContext getGlobalContext()
    • getRegisterSize

      public int getRegisterSize()
    • getAddressSize

      public int getAddressSize()
    • getStackSlotSize

      public int getStackSlotSize()
    • setRecordMemoryWrites

      public void setRecordMemoryWrites(boolean recordMemoryWrites)
    • setResetUnknownRegisters

      public void setResetUnknownRegisters(boolean enabled)
      Must be called before setup().
      Parameters:
      enabled -
    • setPreferredStackBase

      public void setPreferredStackBase(long address)
      Must be called before setup().
      Parameters:
      address -
    • setPerformFreshDecompilations

      public void setPerformFreshDecompilations(boolean performFreshDecompilations)
    • setStubExecution

      public void setStubExecution(IERoutineContext ctx, int irStart, int irStop)
    • setStubExecution

      public void setStubExecution(INativeMethodItem routine, long pcStart, long pcStop)
    • setTargetRoutine

      public void setTargetRoutine(INativeMethodItem routine)
    • setPreferredTargetPrototype

      public void setPreferredTargetPrototype(IPrototypeItem proto)
    • setGlobalRoutineEmulation

      public void setGlobalRoutineEmulation(INativeMethodItem routine)
    • setGlobalRoutineEmulation

      public void setGlobalRoutineEmulation(long routineAddress, IPrototypeItem routinePrototype)
    • setGlobalStubEmulation

      public void setGlobalStubEmulation(long pcStart, Long pcStop)
    • setReturnAddress

      public void setReturnAddress(long retAddr)
    • clearArgument

      public void clearArgument()
    • addArgument

      public void addArgument(long val, INativeType t)
    • addArgument

      public void addArgument(byte[] val, INativeType t)
    • addArgument

      public void addArgument(IEImm val)
    • setArguments

      public void setArguments(Collection<IEImm> vals)
    • retrievePrototype

      public static IPrototypeItem retrievePrototype(INativeDecompilerContext decomp, INativeMethodItem routine)
      Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.
      Parameters:
      decomp - decompiler unit
      routine - candidate target routine
      Returns:
      the retrieved prototype that would be used by an emulator for the provided target routine
    • setup

      public void setup()
    • setStack

      public boolean setStack(long stackStart, int stackSize, Long sp0)
    • teardown

      public void teardown()
      Clean-up temporary constructs built during setup().
    • isPrimaryEmulator

      public boolean isPrimaryEmulator()
    • getState

      public EState getState()
    • getVirtualMemory

      public IVirtualMemory getVirtualMemory()
    • getMemoryChanges

      public MemoryChanges getMemoryChanges() throws UnsupportedOperationException
      A convenience method to retrieve memory changes performed during emulation.
      Returns:
      a changes object
      Throws:
      UnsupportedOperationException - if the emulator's memory is not a shim
    • getSPAddress

      public long getSPAddress()
    • updateSPAddress

      public long updateSPAddress(int delta)
      Update the stack pointer register.
      Parameters:
      delta -
      Returns:
      the updated SP value
    • getPCAddress

      public long getPCAddress()
    • setPCAddress

      public void setPCAddress(long nativeAddress)
    • run

      public void run() throws EvaluationException
      Throws:
      EvaluationException
    • setLastEvaluationResult

      public void setLastEvaluationResult(IEImm val)
    • getLastEvaluationResult

      public IEImm getLastEvaluationResult()
    • findRegisteredRoutine

      public long findRegisteredRoutine(String name)
    • createPseudoRoutine

      public long createPseudoRoutine(String name)
    • createPseudoRoutine

      public long createPseudoRoutine(INativeMethodItem routine)
    • registerRoutine

      public long registerRoutine(long addr, String name)
    • registerRoutine

      public long registerRoutine(long addr, INativeMethodItem routine)
    • currentRequestId

      public final long currentRequestId()
    • hooksEvaluateAt

      public Boolean hooksEvaluateAt(long addr, IInstruction hintNativeStm)
      Parameters:
      addr -
      hintNativeStm -
      Returns:
    • hooksEvaluateExternal

      public Boolean hooksEvaluateExternal(String routineName, INativeMethodItem routine)
      Parameters:
      routineName - mandatory
      routine - optional
      Returns:
    • hooksEvaluateUntranslated

      public Boolean hooksEvaluateUntranslated(IEUntranslatedInstruction stm, IInstruction insn)
    • hooksEvaluateSyscall

      public boolean hooksEvaluateSyscall(long addr, IInstruction insn)
    • monitorHLSpecial

      public void monitorHLSpecial(int code, Object... params)
    • readStorage

      public IEImm readStorage(StorageEntry entry)
    • writeStorage

      public boolean writeStorage(StorageEntry entry, IEImm val)
    • processStoredReturnAddress

      public boolean processStoredReturnAddress(StorageEntry entry)
      ret-addr on stack: pop and return
      ret-addr in register: TBI
    • processStoredReturnAddress

      public boolean processStoredReturnAddress(StorageEntry entry, int stkSlotAdj)
      ret-addr on stack: pop and return
      ret-addr in register: TBI
    • readPointer

      public Long readPointer(long addr)
      Convenience method.
      Parameters:
      addr -
      Returns:
    • writePointer

      public boolean writePointer(long addr, long ptr)
    • getMemoryWrites

      public MemoryWrites getMemoryWrites()
    • getReturnValue

      public IEImm getReturnValue()
    • getReturnAddress

      public IEImm getReturnAddress()
    • getTruncatedRegisterValue

      public long getTruncatedRegisterValue(String regname)
    • commitMemoryChanges

      public boolean commitMemoryChanges(boolean commitModifiedPagesOnly)
    • registerHooks

      public void registerHooks(IEEmulatorHooks hooks, boolean insertFirst)
    • unregisterHooks

      public void unregisterHooks(IEEmulatorHooks hooks)
    • heapAlloc

      public long heapAlloc(int size)
    • heapRealloc

      public long heapRealloc(long addr, int newsize)
    • heapFree

      public void heapFree(long addr)
    • getMetadata

      public EEmulator.Metadata getMetadata()