regfinder.hpp File Reference

Go to the source code of this file.

Classes
struct	reg_finder_op_t
struct	reg_finder_t
struct	reg_finder_t::cond_t
struct	reg_finder_t::flow_t
struct	reg_finder_t::move_desc_t

Typedefs
typedef void(*	reg_finder_binary_ops_adjust_fun) (reg_value_info_t *v1, reg_value_info_t *v2, const insn_t &insn, void *ud)

Functions
	DECLARE_REG_VALUE_DEF_HELPERS (idaman) struct reg_value_def_t
	the register value and its defining instruction
	DECLARE_TYPE_AS_MOVABLE (reg_value_def_t)
	DECLARE_REG_VALUE_INFO_HELPERS (idaman) struct reg_value_info_t
	the value in a register after emulating instructions
	DECLARE_REG_FINDER_HELPERS (idaman) struct reg_finder_block_t
idaman int ida_export	find_reg_value (uval_t *uval, ea_t ea, int reg)
	Find register value using the register tracker.
idaman int ida_export	find_sp_value (sval_t *sval, ea_t ea, int reg=-1)
	Find a value of the SP based register using the register tracker.
idaman bool ida_export	find_reg_value_info (reg_value_info_t *rvi, ea_t ea, int reg, int max_depth=0)
	Find register value using the register tracker.
idaman int ida_export	find_nearest_rvi (reg_value_info_t *rvi, ea_t ea, const int reg[2])
	Find the value of any of the two registers using the register tracker.
idaman void ida_export	invalidate_regfinder_cache (ea_t to=BADADDR, ea_t from=BADADDR, cref_t cref=fl_U)
	The control flow from FROM to TO has removed (CREF==fl_U) or added (CREF!=fl_U).
idaman void ida_export	invalidate_regfinder_xrefs_cache (ea_t to=BADADDR, dref_t dref=dr_O)
	The data reference to TO has added (DREF!=dr_O) or removed (DREF==dr_O).

Typedef Documentation

reg_finder_binary_ops_adjust_fun

typedef void(* reg_finder_binary_ops_adjust_fun) (reg_value_info_t *v1, reg_value_info_t *v2, const insn_t &insn, void *ud)

Function Documentation

DECLARE_REG_VALUE_DEF_HELPERS()

DECLARE_REG_VALUE_DEF_HELPERS

(

idaman

)

the register value and its defining instruction

Note

A simple add/sub instruction (like PUSH for SP) is not considered as the defining instruction.

< the value

< the instruction address

< the instruction code (processor specific)

< additional info about the value

< like 'addi reg, imm'

< the value depends on DEF_EA only for numbers

See also

is_num()

< the value is like GOT only for numbers

See also

is_num()

How to print reg_value_def_t?

< without a value

< as a number

< as a SP delta

< as an ABORTED value

Return the string representation.

DECLARE_TYPE_AS_MOVABLE()

DECLARE_TYPE_AS_MOVABLE

(

reg_value_def_t

)

DECLARE_REG_VALUE_INFO_HELPERS()

DECLARE_REG_VALUE_INFO_HELPERS

(

idaman

)

the value in a register after emulating instructions

Undefine the value.

Return 'true' if we know nothing about a value.

Return the undefined value because of a dead end.

See also

is_dead_end()

Return the value after aborting.

See also

aborted()

Return the unknown value after a bad insn.

See also

is_badinsn()

Return the unknown value after executing the insn.

See also

is_unkinsn()

Return the unknown value from the function start.

See also

is_unkfunc()

Return the unknown value if it changes in a loop.

See also

is_unkloop()

Return the unknown value if the register has incompatible values.

See also

is_unkmult()

Return the unknown value if there are too many xrefs.

See also

is_unkxref()

Return the unknown value if the register has too many values.

See also

is_unkvals()

Return the value that is the RVAL number.

See also

is_num()

Return the value that is the RVAL number.

See also

is_num()

Return the value that is the initial stack pointer.

See also

is_spd()

Return 'true' if the value is undefined because of a dead end.

Return 'true' if the tracking process was aborted.

Return 'true' if the value requires special handling.

Return 'true' if the value is unknown because of a bad insn.

Return 'true' if the value is unknown after executing the insn.

Return 'true' if the value is unknown from the function start.

Return 'true' if the value is unknown because it changes in a loop.

Return 'true' if the value is unknown because the register has incompatible values (a number and SP delta).

Return 'true' if the value is unknown because there are too many xrefs.

Return 'true' if the value is unknown because the register has too many values.

Return 'true' if the value is unknown.

Return 'true' if the value is a constant.

Return 'true' if the value depends on the stack pointer.

Return 'true' if the value is known (i.e. it is a number or SP delta).

Return the number if the value is a constant.

See also

is_num()

Return the SP delta if the value depends on the stack pointer.

See also

is_spd()

Parameters

[out]

sval

the value of SP minus the initial value of SP at the function start.

Return the defining address.

Return the defining instruction code (processor specific).

Return the aborting depth if the value is ABORTED

Return a const iterator to the first value.

Return a const iterator right after the last value.

Return the number of values.

Check that the value is unique.

Check the given flag for each value.

Set the given flag for each value.

Set the value to be undefined because of a dead end.

See also

is_dead_end()

Set the value to be unknown after a bad insn.

See also

is_badinsn()

Set the value to be unknown after executing the insn.

See also

is_unkinsn()

Set the value to be unknown from the function start.

See also

is_unkfunc()

Set the value to be unknown because it changes in a loop.

See also

is_unkloop()

Set the value to be unknown because the register has incompatible values.

See also

is_unkmult()

Set the value to be unknown because there are too many xrefs.

See also

is_unkxref()

Set the value to be unknown because the register has too many values.

See also

is_unkvals()

Set the value after aborting.

See also

aborted()

Set the value to be a number after executing an insn.

See also

is_num()

Set the value to be numbers after executing an insn.

Note

This method spoils RVALS.

See also

is_num()

Set the value to be a number before an address.

See also

is_num()

The result of comparison of 2 value sets.

< L==R

< L contains R (i.e. R\L is empty)

< L is contained in R (i.e. L\R is empty)

< L\R is not empty and R\L is not empty

Add values from R into THIS ignoring duplicates.

Note

This method is the only way to get multiple values.

Return values

EQUAL	THIS is not changed
CONTAINS	THIS is not changed
CONTAINED	THIS is a copy of R
NOT_COMPARABLE	values from R are added to THIS

Sign-, or zero-extend the number or SP delta value to full size. The initial value is considered to be of size WIDTH.

Note

This method do nothing for unknown values.

Truncate the number to the application bitness.

Note

This method do nothing for non-number values.

Add R to the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Subtract R from the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Make bitwise OR of R to the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Make bitwise AND of R to the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Make bitwise eXclusive OR of R to the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Make bitwise AND of the inverse of R to the value, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Shift the value left by R, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Shift logically the value right by R, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Shift arithmetically the value right by R, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Replace the top 16 bits with bottom 16 bits of R, leaving the bottom 16 bits untouched, save INSN as a defining instruction.

Note

Either THIS or R must have a single value.

Negate the value, save INSN as a defining instruction.

Make bitwise inverse of the value, save INSN as a defining instruction.

Add R to the value, save INSN as a defining instruction.

Note

This method do nothing for unknown values.

Add R to the value, do not change the defining instructions.

Note

This method do nothing for unknown values.

Shift the value left by R, do not change the defining instructions.

Note

This method do nothing for unknown values.

Shift the value right by R, do not change the defining instructions.

Note

This method do nothing for unknown values.

Return the string representation.

DECLARE_REG_FINDER_HELPERS()

DECLARE_REG_FINDER_HELPERS

(

idaman

)

find_reg_value()

idaman int ida_export find_reg_value	(	uval_t *	uval,
		ea_t	ea,
		int	reg )

Find register value using the register tracker.

Note

The returned value is valid before executing the instruction.

Parameters

[out]	uval	the found value
	ea	the address to find a value at
	reg	the register to find

Return values

0	no value (the value is varying or the find depth is not enough to find a value)
1	the found value is in VAL
-1	the processor module does not support a register tracker

find_sp_value()

idaman int ida_export find_sp_value	(	sval_t *	sval,
		ea_t	ea,
		int	reg = -1 )

Find a value of the SP based register using the register tracker.

Note

The returned value is valid before executing the instruction.

Parameters

[out]	sval	the found value
	ea	the address to find a value at
	reg	the register to find. by default the SP register is used.

Return values

0	no value (the value is varying or the find depth is not enough to find a value)
1	the found value is in VAL
-1	the processor module does not support a register tracker

find_reg_value_info()

idaman bool ida_export find_reg_value_info	(	reg_value_info_t *	rvi,
		ea_t	ea,
		int	reg,
		int	max_depth = 0 )

Find register value using the register tracker.

Note

The returned value is valid before executing the instruction.

The undefined value means that there is no execution flow to EA, e.g. we try to find a value after the call of NORET function.

The unknown value means that the value is:

• a result of unsupported instruction, e.g. the result of a call,
• a function argument,
• is varying, e.g. it is a loop counter.

Parameters

[out]	rvi	the found value with additional attributes
	ea	the address to find a value at
	reg	the register to find
	max_depth	the number of basic blocks to look before aborting the search and returning the unknown value. 0 means the value of REGTRACK_MAX_DEPTH from ida.cfg for ordinal registers or REGTRACK_FUNC_MAX_DEPTH for the function-wide registers, -1 means the value of REGTRACK_FUNC_MAX_DEPTH from ida.cfg.

Return values

'false'	the processor module does not support a register tracker
'true'	the found value is in RVI

find_nearest_rvi()

idaman int ida_export find_nearest_rvi	(	reg_value_info_t *	rvi,
		ea_t	ea,
		const int	reg[2] )

Find the value of any of the two registers using the register tracker.

First, this function tries to find the registers in the basic block of EA, and if it could not do this, then it tries to find in the entire function.

Parameters

[out]	rvi	the found value with additional attributes
	ea	the address to find a value at
	reg	the registers to find

Returns

the index of the found register or -1

invalidate_regfinder_cache()

idaman void ida_export invalidate_regfinder_cache	(	ea_t	to = BADADDR,
		ea_t	from = BADADDR,
		cref_t	cref = fl_U )

The control flow from FROM to TO has removed (CREF==fl_U) or added (CREF!=fl_U).

Try to update the register tracker cache after this change. If TO == BADADDR then clear the entire cache.

invalidate_regfinder_xrefs_cache()

idaman void ida_export invalidate_regfinder_xrefs_cache	(	ea_t	to = BADADDR,
		dref_t	dref = dr_O )

The data reference to TO has added (DREF!=dr_O) or removed (DREF==dr_O).

Update the regtracker xrefs cache after this change. If TO == BADADDR then clear the entire xrefs cache.