public class

EEmulator

extends Object
java.lang.Object
   ↳ com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.EEmulator

Class Overview

IR emulator, a controller for an IR state.

How to use:
- pass an existing EState to a constructor or use createStandard(IEGlobalContext) to create a state and an emulator
- use the settters to customize the emulator.
- setup() it
- run() it

Three modes of execution:
1- IR routine emulation
2- IR routine-supported stub emulation
3- Global routine emulation (disregarding routines), a generalized variant of 2, suitable for full program emulation
4- Global stub emulation

Summary

Nested Classes
class EEmulator.Metadata  
Constants
boolean defaultAllowOpt
long defaultHeapBase
int defaultMaxIterCount
boolean defaultRecordMemoryWrites
boolean defaultResetUnknownRegisters
long defaultReturnAddr
long defaultStackBase
Public Constructors
EEmulator(EState state)
Public Methods
void addArgument(byte[] val, INativeType t)
void addArgument(long val, INativeType t)
void addArgument(IEImm val)
void addHooks(IEEmulatorHooks hooks)
void clearArgument()
boolean commitMemoryChanges(boolean commitModifiedPagesOnly)
static EEmulator createStandard(IEGlobalContext gctx, int maxIterationCount)
Create an emulator as well as a standard emulation state that will be controlled by the emulator.
static EEmulator createStandard(IEGlobalContext gctx)
Create an emulator as well as a standard emulation state that will be controlled by the emulator.
int getAddressSize()
IEGlobalContext getGlobalContext()
IEImm getLastEvaluationResult()
MemoryChanges getMemoryChanges()
A convenience method to retrieve memory changes performed during emulation.
MemoryWrites getMemoryWrites()
EEmulator.Metadata getMetadata()
long getPCAddress()
int getRegisterSize()
IEImm getReturnValue()
long getSPAddress()
int getStackSlotSize()
EState getState()
IVirtualMemory getVirtualMemory()
long heapAlloc(int size)
void heapFree(long addr)
long heapRealloc(long addr, int newsize)
boolean isPrimaryEmulator()
boolean processStoredReturnAddress(RoutineIOSlot slot)
ret-addr on stack: pop and return
ret-addr in register: TBI
Long readPointer(long addr)
Convenience method.
IEImm readStorage(RoutineIOSlot slot)
void removeHooks(IEEmulatorHooks hooks)
static IPrototypeItem retrievePrototype(IDecompilerManager decomp, INativeMethodItem routine)
Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.
void run()
void setArguments(Collection<IEImm> vals)
void setGlobalRoutineEmulation(long routineAddress, IPrototypeItem routinePrototype)
void setGlobalRoutineEmulation(INativeMethodItem routine)
void setGlobalStubEmulation(long pcStart, Long pcStop)
void setLastEvaluationResult(IEImm val)
void setPCAddress(long nativeAddress)
void setPerformFreshDecompilations(boolean performFreshDecompilations)
void setPreferredStackBase(long address)
Must be called before setup().
void setPreferredTargetPrototype(IPrototypeItem proto)
void setRecordMemoryWrites(boolean recordMemoryWrites)
void setResetUnknownRegisters(boolean enabled)
Must be called before setup().
void setReturnAddress(long retAddr)
boolean setStack(long stackStart, int stackSize, Long sp0)
void setStubExecution(INativeMethodItem routine, long pcStart, long pcStop)
void setStubExecution(IERoutineContext ctx, int irStart, int irStop)
void setTargetRoutine(INativeMethodItem routine)
void setup()
void teardown()
Clean-up temporary constructs built during setup().
boolean writePointer(long addr, long ptr)
boolean writeStorage(RoutineIOSlot slot, IEImm val)
[Expand]
Inherited Methods
From class java.lang.Object

Constants

public static final boolean defaultAllowOpt

Constant Value: false

public static final long defaultHeapBase

Constant Value: 2080374784 (0x000000007c000000)

public static final int defaultMaxIterCount

Constant Value: 10000 (0x00002710)

public static final boolean defaultRecordMemoryWrites

Constant Value: false

public static final boolean defaultResetUnknownRegisters

Constant Value: true

public static final long defaultReturnAddr

Constant Value: 287454020 (0x0000000011223344)

public static final long defaultStackBase

Constant Value: 2113929216 (0x000000007e000000)

Public Constructors

public EEmulator (EState state)

Public Methods

public void addArgument (byte[] val, INativeType t)

public void addArgument (long val, INativeType t)

public void addArgument (IEImm val)

public void addHooks (IEEmulatorHooks hooks)

public void clearArgument ()

public boolean commitMemoryChanges (boolean commitModifiedPagesOnly)

public static EEmulator createStandard (IEGlobalContext gctx, int maxIterationCount)

Create an emulator as well as a standard emulation state that will be controlled by the emulator.

public static EEmulator createStandard (IEGlobalContext gctx)

Create an emulator as well as a standard emulation state that will be controlled by the emulator. Set the standard maximum iteration count to {@value #defaultMaxIterCount}.

public int getAddressSize ()

public IEGlobalContext getGlobalContext ()

public IEImm getLastEvaluationResult ()

public MemoryChanges getMemoryChanges ()

A convenience method to retrieve memory changes performed during emulation.

Returns
  • a changes object
Throws
UnsupportedOperationException if the emulator's memory is not a shim

public MemoryWrites getMemoryWrites ()

public EEmulator.Metadata getMetadata ()

public long getPCAddress ()

public int getRegisterSize ()

public IEImm getReturnValue ()

public long getSPAddress ()

public int getStackSlotSize ()

public EState getState ()

public IVirtualMemory getVirtualMemory ()

public long heapAlloc (int size)

public void heapFree (long addr)

public long heapRealloc (long addr, int newsize)

public boolean isPrimaryEmulator ()

public boolean processStoredReturnAddress (RoutineIOSlot slot)

ret-addr on stack: pop and return
ret-addr in register: TBI

public Long readPointer (long addr)

Convenience method.

public IEImm readStorage (RoutineIOSlot slot)

public void removeHooks (IEEmulatorHooks hooks)

public static IPrototypeItem retrievePrototype (IDecompilerManager decomp, INativeMethodItem routine)

Convenience method used to verify whether or not an emulator object would be able to retrieve a target method prototype.

Parameters
decomp decompiler unit
routine candidate target routine
Returns
  • the retrieved prototype that would be used by an emulator for the provided target routine

public void run ()

Throws
EvaluationException

public void setArguments (Collection<IEImm> vals)

public void setGlobalRoutineEmulation (long routineAddress, IPrototypeItem routinePrototype)

public void setGlobalRoutineEmulation (INativeMethodItem routine)

public void setGlobalStubEmulation (long pcStart, Long pcStop)

public void setLastEvaluationResult (IEImm val)

public void setPCAddress (long nativeAddress)

public void setPerformFreshDecompilations (boolean performFreshDecompilations)

public void setPreferredStackBase (long address)

Must be called before setup().

public void setPreferredTargetPrototype (IPrototypeItem proto)

public void setRecordMemoryWrites (boolean recordMemoryWrites)

public void setResetUnknownRegisters (boolean enabled)

Must be called before setup().

public void setReturnAddress (long retAddr)

public boolean setStack (long stackStart, int stackSize, Long sp0)

public void setStubExecution (INativeMethodItem routine, long pcStart, long pcStop)

public void setStubExecution (IERoutineContext ctx, int irStart, int irStop)

public void setTargetRoutine (INativeMethodItem routine)

public void setup ()

public void teardown ()

Clean-up temporary constructs built during setup().

public boolean writePointer (long addr, long ptr)

public boolean writeStorage (RoutineIOSlot slot, IEImm val)