public interface

IEEmulatorHooks

implements IPriorityBasedHooks
com.pnfsoftware.jeb.core.units.code.asm.decompiler.ir.emulator.IEEmulatorHooks

Class Overview

Evaluation (execution) hooks.

Summary

Public Methods
abstract Boolean evaluateAt(EEmulator emu, long addr, IInstruction hintNativeStm)
This hook is called before a native instruction is converted and evaluated.
abstract Boolean evaluateExternal(EEmulator emu, String routineName, INativeMethodItem routine)
This higher-level hook is called when an external method (e.g.
abstract Long evaluateSyscall(EEmulator emu, long addr, IInstruction nativeStm, int syscallNum, String syscallName, INativeMethodItem syscallRoutine, List<Long> args)
This higher-level hook is called when a system call type instruction is about to be executed.
abstract Boolean evaluateUntranslated(EEmulator emu, IEUntranslatedInstruction stm, IInstruction nativeStm)
This hook is called when an instruction conversion produced an IEUntranslatedInstruction IR.
abstract void monitorHLSpecial(EEmulator emu, int code, List<Object> params)
Reserved for internal use.
abstract void postEvaluateAt(EEmulator emu, long addr, IInstruction hintNativeStm, long reqid, boolean result)
abstract void postEvaluateExternal(EEmulator emu, String routineName, INativeMethodItem routine, long reqid, boolean result)
abstract void postEvaluateSyscall(EEmulator emu, long addr, IInstruction nativeStm, int syscallNum, String syscallName, INativeMethodItem syscallRoutine, List<Long> args, long reqid, long result)
abstract void postEvaluateUntranslated(EEmulator emu, IEUntranslatedInstruction stm, IInstruction nativeStm, long reqid, Boolean result)
[Expand]
Inherited Methods
From interface com.pnfsoftware.jeb.core.units.IPriorityBasedHooks

Public Methods

public abstract Boolean evaluateAt (EEmulator emu, long addr, IInstruction hintNativeStm)

This hook is called before a native instruction is converted and evaluated. The hook has a chance to examine and modify the emulator state (provide a custom evaluation) if it wants to. If a hook succeeded (returned: true), it is expected that the PC was updated to point to the next instruction to be executed,. The emulator will proceed at the then-current PC.

Parameters
emu the emulator
addr native address (current PC)
hintNativeStm (optional) instruction parsed at the current PC
Returns
  • null means nothing was done, check the next hooks; true means the hooks was successful, the emulator should proceed with the next cycle; false means the hook failed, the next hooks should not be checked

public abstract Boolean evaluateExternal (EEmulator emu, String routineName, INativeMethodItem routine)

This higher-level hook is called when an external method (e.g. a library method) is about to be executed. The PC when this method is called is on the routine entry-point. The hook has a chance to provide a custom evaluation if it wants to. If a hook succeeded (returned: true), it is expected that the PC (along with other execution environment attributes, such as the stack) was updated to the return address provided to the routine. The emulator will proceed at the then-current PC.

Parameters
emu the emulator
routineName mandatory routine name
routine optional routine reference
Returns
  • null means nothing was done, check the next hooks; true means the hooks was successful, the emulator should proceed with the next cycle; false means the hook failed, the next hooks should not be checked

public abstract Long evaluateSyscall (EEmulator emu, long addr, IInstruction nativeStm, int syscallNum, String syscallName, INativeMethodItem syscallRoutine, List<Long> args)

This higher-level hook is called when a system call type instruction is about to be executed. The hook has a chance to examine and modify the emulator state (provide a custom evaluation) if it wants to. If a hook succeeded (returned: non-null), the emulator will update the PC to point to the next instruction, i.e. the implementor does not need to update the PC itself.

Parameters
emu the emulator
addr native address (current PC)
nativeStm the system call instruction
syscallNum the system call number, always provided
syscallName system call name (optional)
syscallRoutine system routine to be executed (optional)
args the arguments to the system call
Returns
  • the return value, or null if nothing was done, in which case the next hook will be attempted

public abstract Boolean evaluateUntranslated (EEmulator emu, IEUntranslatedInstruction stm, IInstruction nativeStm)

This hook is called when an instruction conversion produced an IEUntranslatedInstruction IR. The hook has a chance to provide a custom evaluation is it can. Else, the emulator is very likely to fail and the emulation will stop. If a hook succeeded (returned: true), it is expected that the PC was updated to point to the next instruction to be executed,. The emulator will proceed at the then-current PC.

Parameters
emu the emulator
stm untranslated IR statement
nativeStm source native instruction
Returns
  • null means nothing was done, check the next hooks; true means the hooks was successful, the emulator should proceed with the next cycle; false means the hook failed, the next hooks should not be checked

public abstract void monitorHLSpecial (EEmulator emu, int code, List<Object> params)

Reserved for internal use.

Parameters
emu the emulator
code a monitoring code
params the associated parameters (depends on code)

public abstract void postEvaluateAt (EEmulator emu, long addr, IInstruction hintNativeStm, long reqid, boolean result)

public abstract void postEvaluateExternal (EEmulator emu, String routineName, INativeMethodItem routine, long reqid, boolean result)

public abstract void postEvaluateSyscall (EEmulator emu, long addr, IInstruction nativeStm, int syscallNum, String syscallName, INativeMethodItem syscallRoutine, List<Long> args, long reqid, long result)

public abstract void postEvaluateUntranslated (EEmulator emu, IEUntranslatedInstruction stm, IInstruction nativeStm, long reqid, Boolean result)