public class

EEmulator

extends Object
java.lang.Object
   ↳ com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.EEmulator

Class Overview

IR emulator, a controller for an IR state.

How to use:
- pass an existing EState to a constructor or use createStandard(IEGlobalContext) to create a state and an emulator
- use the settters to customize the emulator.
- setup() it
- run() it

Three modes of execution:
1- IR routine emulation
2- IR routine-supported stub emulation
3- Global routine emulation (disregarding routines), a generalized variant of 2, suitable for full program emulation
4- Global stub emulation

Summary

Nested Classes
class EEmulator.Metadata IR emulator metadata. 
Constants
boolean defaultAllowOpt
long defaultHeapBase
int defaultMaxIterCount
boolean defaultRecordMemoryWrites
boolean defaultResetUnknownRegisters
long defaultReturnAddr
long defaultStackBase
Public Constructors
EEmulator(EState state)
Public Methods
void addArgument(byte[] val, INativeType t)
void addArgument(long val, INativeType t)
void addArgument(IEImm val)
void addHooks(IEEmulatorHooks hooks)
This method is deprecated. use registerHooks(IEEmulatorHooks, boolean) instead
void clearArgument()
boolean commitMemoryChanges(boolean commitModifiedPagesOnly)
long createPseudoRoutine(String name)
long createPseudoRoutine(INativeMethodItem routine)
static EEmulator createStandard(IEGlobalContext gctx, int maxIterationCount)
Create an emulator as well as a standard emulation state that will be controlled by the emulator.
static EEmulator createStandard(IEGlobalContext gctx)
Create an emulator as well as a standard emulation state that will be controlled by the emulator.
long findRegisteredRoutine(String name)
int getAddressSize()
IEGlobalContext getGlobalContext()
IEImm getLastEvaluationResult()
MemoryChanges getMemoryChanges()
A convenience method to retrieve memory changes performed during emulation.
MemoryWrites getMemoryWrites()
EEmulator.Metadata getMetadata()
long getPCAddress()
int getRegisterSize()
IEImm getReturnValue()
long getSPAddress()
int getStackSlotSize()
EState getState()
IVirtualMemory getVirtualMemory()
long heapAlloc(int size)
void heapFree(long addr)
long heapRealloc(long addr, int newsize)
Boolean hooksEvaluateAt(long addr, IInstruction hintNativeStm)
Boolean hooksEvaluateExternal(String routineName, INativeMethodItem routine)
boolean hooksEvaluateSyscall(long addr, IInstruction insn)
Boolean hooksEvaluateUntranslated(IEUntranslatedInstruction stm, IInstruction insn)
boolean isPrimaryEmulator()
boolean processStoredReturnAddress(StorageEntry slot)
ret-addr on stack: pop and return
ret-addr in register: TBI
Long readPointer(long addr)
Convenience method.
IEImm readStorage(StorageEntry slot)
void registerHooks(IEEmulatorHooks hooks, boolean insertFirst)
long registerRoutine(long addr, INativeMethodItem routine)
long registerRoutine(long addr, String name)
void removeHooks(IEEmulatorHooks hooks)
This method is deprecated. use unregisterHooks(IEEmulatorHooks) instead
static IPrototypeItem retrievePrototype(INativeDecompilerContext decomp, INativeMethodItem routine)
Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.
void run()
void setArguments(Collection<IEImm> vals)
void setGlobalRoutineEmulation(long routineAddress, IPrototypeItem routinePrototype)
void setGlobalRoutineEmulation(INativeMethodItem routine)
void setGlobalStubEmulation(long pcStart, Long pcStop)
void setLastEvaluationResult(IEImm val)
void setPCAddress(long nativeAddress)
void setPerformFreshDecompilations(boolean performFreshDecompilations)
void setPreferredStackBase(long address)
Must be called before setup().
void setPreferredTargetPrototype(IPrototypeItem proto)
void setRecordMemoryWrites(boolean recordMemoryWrites)
void setResetUnknownRegisters(boolean enabled)
Must be called before setup().
void setReturnAddress(long retAddr)
boolean setStack(long stackStart, int stackSize, Long sp0)
void setStubExecution(INativeMethodItem routine, long pcStart, long pcStop)
void setStubExecution(IERoutineContext ctx, int irStart, int irStop)
void setTargetRoutine(INativeMethodItem routine)
void setup()
void teardown()
Clean-up temporary constructs built during setup().
void unregisterHooks(IEEmulatorHooks hooks)
long updateSPAddress(int delta)
Update the stack pointer register.
boolean writePointer(long addr, long ptr)
boolean writeStorage(StorageEntry slot, IEImm val)
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final boolean defaultAllowOpt

Constant Value: false

public static final long defaultHeapBase

Constant Value: 2080374784 (0x000000007c000000)

public static final int defaultMaxIterCount

Constant Value: 10000 (0x00002710)

public static final boolean defaultRecordMemoryWrites

Constant Value: false

public static final boolean defaultResetUnknownRegisters

Constant Value: true

public static final long defaultReturnAddr

Constant Value: 287454020 (0x0000000011223344)

public static final long defaultStackBase

Constant Value: 2113929216 (0x000000007e000000)

Public Constructors

public EEmulator (EState state)

Public Methods

public void addArgument (byte[] val, INativeType t)

public void addArgument (long val, INativeType t)

public void addArgument (IEImm val)

public void addHooks (IEEmulatorHooks hooks)

This method is deprecated.
use registerHooks(IEEmulatorHooks, boolean) instead

public void clearArgument ()

public boolean commitMemoryChanges (boolean commitModifiedPagesOnly)

public long createPseudoRoutine (String name)

public long createPseudoRoutine (INativeMethodItem routine)

public static EEmulator createStandard (IEGlobalContext gctx, int maxIterationCount)

Create an emulator as well as a standard emulation state that will be controlled by the emulator.

public static EEmulator createStandard (IEGlobalContext gctx)

Create an emulator as well as a standard emulation state that will be controlled by the emulator. Set the standard maximum iteration count to {@value #defaultMaxIterCount}.

public long findRegisteredRoutine (String name)

public int getAddressSize ()

public IEGlobalContext getGlobalContext ()

public IEImm getLastEvaluationResult ()

public MemoryChanges getMemoryChanges ()

A convenience method to retrieve memory changes performed during emulation.

Returns
  • a changes object
Throws
UnsupportedOperationException if the emulator's memory is not a shim

public MemoryWrites getMemoryWrites ()

public EEmulator.Metadata getMetadata ()

public long getPCAddress ()

public int getRegisterSize ()

public IEImm getReturnValue ()

public long getSPAddress ()

public int getStackSlotSize ()

public EState getState ()

public IVirtualMemory getVirtualMemory ()

public long heapAlloc (int size)

public void heapFree (long addr)

public long heapRealloc (long addr, int newsize)

public Boolean hooksEvaluateAt (long addr, IInstruction hintNativeStm)

public Boolean hooksEvaluateExternal (String routineName, INativeMethodItem routine)

Parameters
routineName mandatory
routine optional

public boolean hooksEvaluateSyscall (long addr, IInstruction insn)

public Boolean hooksEvaluateUntranslated (IEUntranslatedInstruction stm, IInstruction insn)

public boolean isPrimaryEmulator ()

public boolean processStoredReturnAddress (StorageEntry slot)

ret-addr on stack: pop and return
ret-addr in register: TBI

public Long readPointer (long addr)

Convenience method.

public IEImm readStorage (StorageEntry slot)

public void registerHooks (IEEmulatorHooks hooks, boolean insertFirst)

public long registerRoutine (long addr, INativeMethodItem routine)

public long registerRoutine (long addr, String name)

public void removeHooks (IEEmulatorHooks hooks)

This method is deprecated.
use unregisterHooks(IEEmulatorHooks) instead

public static IPrototypeItem retrievePrototype (INativeDecompilerContext decomp, INativeMethodItem routine)

Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.

Parameters
decomp decompiler unit
routine candidate target routine
Returns
  • the retrieved prototype that would be used by an emulator for the provided target routine

public void run ()

Throws
EvaluationException

public void setArguments (Collection<IEImm> vals)

public void setGlobalRoutineEmulation (long routineAddress, IPrototypeItem routinePrototype)

public void setGlobalRoutineEmulation (INativeMethodItem routine)

public void setGlobalStubEmulation (long pcStart, Long pcStop)

public void setLastEvaluationResult (IEImm val)

public void setPCAddress (long nativeAddress)

public void setPerformFreshDecompilations (boolean performFreshDecompilations)

public void setPreferredStackBase (long address)

Must be called before setup().

public void setPreferredTargetPrototype (IPrototypeItem proto)

public void setRecordMemoryWrites (boolean recordMemoryWrites)

public void setResetUnknownRegisters (boolean enabled)

Must be called before setup().

public void setReturnAddress (long retAddr)

public boolean setStack (long stackStart, int stackSize, Long sp0)

public void setStubExecution (INativeMethodItem routine, long pcStart, long pcStop)

public void setStubExecution (IERoutineContext ctx, int irStart, int irStop)

public void setTargetRoutine (INativeMethodItem routine)

public void setup ()

public void teardown ()

Clean-up temporary constructs built during setup().

public void unregisterHooks (IEEmulatorHooks hooks)

public long updateSPAddress (int delta)

Update the stack pointer register.

Returns
  • the updated SP value

public boolean writePointer (long addr, long ptr)

public boolean writeStorage (StorageEntry slot, IEImm val)