/// <summary> /// Collects weakly connected components from the ICFG and gathers /// them into Clusters. /// </summary> public List <Cluster> FindClusters() { var nodesLeft = new HashSet <RtlBlock>(sr.ICFG.Nodes); var clusters = new List <Cluster>(); int totalCount = nodesLeft.Count; if (totalCount > 0) { listener.ShowProgress("Finding procedure candidates", 0, totalCount); var wl = WorkList.Create(nodesLeft); while (wl.TryGetWorkItem(out var node)) { if (listener.IsCanceled()) { break; } var cluster = new Cluster(); clusters.Add(cluster); BuildWCC(node, cluster, wl); sr.BreakOnWatchedAddress(cluster.Blocks.Select(b => b.Address)); listener.ShowProgress("Finding procedure candidates", totalCount - nodesLeft.Count, totalCount); } } return(clusters); }
public ScanResults ScanImage(ScanResults sr) { this.sr = sr; // sr.WatchedAddresses.Add(Address.Ptr32(0x00404F5C)); //$DEBUG // At this point, we have some entries in the image map // that are data, and unscanned ranges in betweeen. We // have hopefully a bunch of procedure addresses to // break up the unscanned ranges. if (ScanInstructions(sr) == null) { return(sr); } var the_blocks = BuildBasicBlocks(sr); sr.BreakOnWatchedAddress(the_blocks.Select(q => q.Key)); the_blocks = RemoveInvalidBlocks(sr, the_blocks); // Remove blocks that fall off the end of the segment // or into data. Probe(sr); sr.ICFG = BuildIcfg(sr, program.NamingPolicy, the_blocks); Probe(sr); sr.Dump("After shingle scan"); // On processors with variable length instructions, // there may be many blocks that partially overlap the // "real" blocks that would actually have been executed // by the processor. Starting with known "roots", try to // remove as many invalid blocks as possible. var hsc = new BlockConflictResolver( program, sr, program.SegmentMap.IsValidAddress, host); Probe(sr); hsc.ResolveBlockConflicts(sr.KnownProcedures.Concat(sr.DirectlyCalledAddresses.Keys)); Probe(sr); sr.Dump("After block conflict resolution"); // If we detect padding bytes between blocks, // we remove them now. var ppf = new ProcedurePaddingFinder(sr); var pads = ppf.FindPaddingBlocks(); ppf.Remove(pads); var pd = new ProcedureDetector(program, sr, this.eventListener); var procs = pd.DetectProcedures(); sr.Procedures = procs; sr.RemovedPadding = pads; return(sr); }
/// <summary> /// Collects weakly connected components from the ICFG and gathers /// them into Clusters. /// </summary> /// <param name="sr"></param> /// <returns></returns> public List <Cluster> FindClusters() { var nodesLeft = new HashSet <RtlBlock>(sr.ICFG.Nodes); var clusters = new List <Cluster>(); while (nodesLeft.Count > 0) { if (listener.IsCanceled()) { break; } var node = nodesLeft.First(); var cluster = new Cluster(); clusters.Add(cluster); BuildWCC(node, cluster, nodesLeft); sr.BreakOnWatchedAddress(cluster.Blocks.Select(b => b.Address)); } return(clusters); }
public void Probe(ScanResults sr) { sr.BreakOnWatchedAddress(sr.ICFG.Nodes.Select(n => n.Address)); }