Package ghidra.program.util

Interface ContextEvaluator

  • All Known Implementing Classes:
    ContextEvaluatorAdapter
    public interface ContextEvaluator
    ContextEvaluator provides a callback mechanism for the SymbolicPropogator as code is evaluated.

    • Method Detail

      • evaluateContextBefore

        boolean evaluateContextBefore​(VarnodeContext context,
                              Instruction instr)
        Evaluate the current instruction given the context before the instruction is evaluated
        Parameters:
        context - describes current state of registers
        instr - instruction whose context has not yet been applied
        Returns:
        true if evaluation should stop

      • evaluateContext

        boolean evaluateContext​(VarnodeContext context,
                        Instruction instr)
        Evaluate the current instruction given the final context for the instruction
        Parameters:
        context - describes current state of registers
        instr - instruction whose context has been applied
        Returns:
        true if evaluation should stop, false to continue evaluation

      • evaluateReference

        boolean evaluateReference​(VarnodeContext context,
                          Instruction instr,
                          int pcodeop,
                          Address address,
                          int size,
                          RefType refType)
        Evaluate the reference that has been found on this instruction. Computed values that are used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.
        Parameters:
        context - current program context
        instr - instruction on which this reference was detected
        pcodeop - the PcodeOp operation that is causing this reference
        address - address being referenced
        size - size of the item being referenced (only non-zero if load or store of data)
        refType - reference type (flow, data/read/write)
        Returns:
        false if the reference should be ignored (or has been taken care of by this routine)

      • evaluateConstant

        Address evaluateConstant​(VarnodeContext context,
                         Instruction instr,
                         int pcodeop,
                         Address constant,
                         int size,
                         RefType refType)
        Evaluate a potential constant to be used as an address or an interesting constant that should have a reference created for it. Computed values that are not know to be used as an address will be passed to this function. For example a value passed to a function, or a stored constant value.
        Parameters:
        context - current program context
        instr - instruction on which this reference was detected
        pcodeop - the PcodeOp operation that is causing this potential constant
        constant - constant value (in constant.getOffset() )
        size - size of constant value in bytes
        refType - reference type (flow, data/read/write)
        Returns:
        the original address unchanged if it should be a reference null if the constant reference should not be created a new address if the value should be a different address or address space Using something like instr.getProgram().getAddressFactory().getDefaultAddressSpace();

      • evaluateDestination

        boolean evaluateDestination​(VarnodeContext context,
                            Instruction instruction)
        Evaluate the instruction for an unknown destination
        Parameters:
        context - current register context
        instruction - instruction that has an unknown destination
        Returns:
        true if the evaluation should stop, false to continue evaluation

      • unknownValue

        java.lang.Long unknownValue​(VarnodeContext context,
                            Instruction instruction,
                            Varnode node)
        Called when a value is needed for a register that is unknown
        Parameters:
        context - current register context
        instruction - instruction that has an unknown destination
        node - varnode for the register being accessed to obtain a value
        Returns:
        null if the varnode should not have an assumed value. a long value if the varnode such as a Global Register should have an assumed constant

      • followFalseConditionalBranches

        boolean followFalseConditionalBranches()
        Follow all branches, even if the condition evaluates to false, indicating it shouldn't be followed.
        Returns:
        true if false evaluated conditional branches should be followed.

      • evaluateSymbolicReference

        boolean evaluateSymbolicReference​(VarnodeContext context,
                                  Instruction instr,
                                  Address address)
        Evaluate the reference that has been found on this instruction that points into an unknown space that has been designated as tracked.
        Parameters:
        context - current program context
        instr - instruction on which this reference was detected
        address - address being referenced
        Returns:
        false if the reference should be ignored (or has been taken care of by this routine) true to allow the reference to be created

      • allowAccess

        boolean allowAccess​(VarnodeContext context,
                    Address addr)
        Evaluate the address and check if the access to the value in the memory location to be read The address is read-only and is not close to this address.
        Parameters:
        context - current program context
        addr - Address of memory where location is attempting to be read
        Returns:
        true if the access should be allowed