public virtual bool ProbeForPointer(ImageReader rdr, out T linAddrInstr)
{
linAddrInstr = GetLinearAddress(rdr.Address);
T target;
uint opcode;
if (TryPeekOpcode(rdr, out opcode))
{
if ((flags & PointerScannerFlags.Calls) != 0)
{
if (MatchCall(rdr, opcode, out target) && knownLinAddresses.Contains(target))
{
rdr.Seek(PointerAlignment);
return(true);
}
}
if ((flags & PointerScannerFlags.Jumps) != 0)
{
if (MatchJump(rdr, opcode, out target) && knownLinAddresses.Contains(target))
{
rdr.Seek(PointerAlignment);
return(true);
}
}
if ((flags & PointerScannerFlags.Pointers) != 0)
{
if (TryPeekPointer(rdr, out target) && knownLinAddresses.Contains(target))
{
rdr.Seek(PointerAlignment);
return(true);
}
}
}
rdr.Seek(PointerAlignment);
return(false);
}
/// <summary>
/// Reads the ELF header.
/// </summary>
/// <returns></returns>
private Elf32_Ehdr ReadElfHeaderStart()
{
var rdr = new ImageReader(RawImage, 0);
var h = new Elf32_Ehdr();
h.e_ident = rdr.ReadBeUInt32();
h.e_class = rdr.ReadByte();
h.endianness = rdr.ReadByte();
h.version = rdr.ReadByte();
h.osAbi = rdr.ReadByte();
rdr.Seek(8); // 8 bytes of padding.
// Now that we know the endianness, read the remaining fields in endian mode.
rdr = CreateImageReader(h.endianness, rdr.Offset);
h.e_type = rdr.ReadInt16();
h.e_machine = rdr.ReadInt16();
h.e_version = rdr.ReadInt32();
h.e_entry = rdr.ReadUInt32();
h.e_phoff = rdr.ReadUInt32();
h.e_shoff = rdr.ReadUInt32();
h.e_flags = rdr.ReadInt32();
h.e_ehsize = rdr.ReadInt16();
h.e_phentsize = rdr.ReadInt16();
h.e_phnum = rdr.ReadInt16();
h.e_shentsize = rdr.ReadInt16();
h.e_shnum = rdr.ReadInt16();
h.e_shstrndx = rdr.ReadInt16();
Dump("e_type: {0}", h.e_type);
Dump("e_machine: {0}", (MachineType) h.e_machine);
Dump("e_version: {0}", h.e_version);
Dump("e_entry: {0:X}", h.e_entry);
Dump("e_phoff: {0:X}", h.e_phoff);
Dump("e_shoff: {0:X}", h.e_shoff);
Dump("e_flags: {0:X}", h.e_flags);
Dump("e_ehsize: {0}", h.e_ehsize);
Dump("e_phentsize: {0}", h.e_phentsize);
Dump("e_phnum: {0}", h.e_phnum);
Dump("e_shentsize: {0}", h.e_shentsize);
Dump("e_shnum: {0}", h.e_shnum);
Dump("e_shstrndx: {0}", h.e_shstrndx);
return h;
}
public override long Seek(long offset, SeekOrigin origin) {
return rdr.Seek(offset, origin);
}