Exemplo n.º 1
0
        /// <summary>
        /// Collects weakly connected components from the ICFG and gathers
        /// them into Clusters.
        /// </summary>
        public List <Cluster> FindClusters()
        {
            var nodesLeft  = new HashSet <RtlBlock>(sr.ICFG.Nodes);
            var clusters   = new List <Cluster>();
            int totalCount = nodesLeft.Count;

            if (totalCount > 0)
            {
                listener.ShowProgress("Finding procedure candidates", 0, totalCount);
                var wl = WorkList.Create(nodesLeft);
                while (wl.TryGetWorkItem(out var node))
                {
                    if (listener.IsCanceled())
                    {
                        break;
                    }
                    var cluster = new Cluster();
                    clusters.Add(cluster);

                    BuildWCC(node, cluster, wl);
                    sr.BreakOnWatchedAddress(cluster.Blocks.Select(b => b.Address));
                    listener.ShowProgress("Finding procedure candidates", totalCount - nodesLeft.Count, totalCount);
                }
            }
            return(clusters);
        }
Exemplo n.º 2
0
        public ScanResults ScanImage(ScanResults sr)
        {
            this.sr = sr;

            // sr.WatchedAddresses.Add(Address.Ptr32(0x00404F5C)); //$DEBUG

            // At this point, we have some entries in the image map
            // that are data, and unscanned ranges in betweeen. We
            // have hopefully a bunch of procedure addresses to
            // break up the unscanned ranges.

            if (ScanInstructions(sr) == null)
            {
                return(sr);
            }

            var the_blocks = BuildBasicBlocks(sr);

            sr.BreakOnWatchedAddress(the_blocks.Select(q => q.Key));
            the_blocks = RemoveInvalidBlocks(sr, the_blocks);

            // Remove blocks that fall off the end of the segment
            // or into data.
            Probe(sr);
            sr.ICFG = BuildIcfg(sr, program.NamingPolicy, the_blocks);
            Probe(sr);
            sr.Dump("After shingle scan");

            // On processors with variable length instructions,
            // there may be many blocks that partially overlap the
            // "real" blocks that would actually have been executed
            // by the processor. Starting with known "roots", try to
            // remove as many invalid blocks as possible.

            var hsc = new BlockConflictResolver(
                program,
                sr,
                program.SegmentMap.IsValidAddress,
                host);

            Probe(sr);
            hsc.ResolveBlockConflicts(sr.KnownProcedures.Concat(sr.DirectlyCalledAddresses.Keys));
            Probe(sr);
            sr.Dump("After block conflict resolution");

            // If we detect padding bytes between blocks,
            // we remove them now.
            var ppf  = new ProcedurePaddingFinder(sr);
            var pads = ppf.FindPaddingBlocks();

            ppf.Remove(pads);

            var pd    = new ProcedureDetector(program, sr, this.eventListener);
            var procs = pd.DetectProcedures();

            sr.Procedures     = procs;
            sr.RemovedPadding = pads;
            return(sr);
        }
Exemplo n.º 3
0
        /// <summary>
        /// Collects weakly connected components from the ICFG and gathers
        /// them into Clusters.
        /// </summary>
        /// <param name="sr"></param>
        /// <returns></returns>
        public List <Cluster> FindClusters()
        {
            var nodesLeft = new HashSet <RtlBlock>(sr.ICFG.Nodes);
            var clusters  = new List <Cluster>();

            while (nodesLeft.Count > 0)
            {
                if (listener.IsCanceled())
                {
                    break;
                }
                var node    = nodesLeft.First();
                var cluster = new Cluster();
                clusters.Add(cluster);

                BuildWCC(node, cluster, nodesLeft);
                sr.BreakOnWatchedAddress(cluster.Blocks.Select(b => b.Address));
            }
            return(clusters);
        }
Exemplo n.º 4
0
 public void Probe(ScanResults sr)
 {
     sr.BreakOnWatchedAddress(sr.ICFG.Nodes.Select(n => n.Address));
 }