#include <rz_analysis.h>

Functions
Config and Init State
static void	var_state_free (void e, void user)

RZ_API RzAnalysisILInitState *	rz_analysis_il_init_state_new ()

RZ_API void	rz_analysis_il_init_state_free (RzAnalysisILInitState *state)

RZ_API void	rz_analysis_il_init_state_set_var (RZ_NONNULL RzAnalysisILInitState state, RZ_NONNULL const char name, RZ_NONNULL RZ_OWN RzILVal *val)

RZ_API RZ_OWN RzAnalysisILConfig *	rz_analysis_il_config_new (ut32 pc_size, bool big_endian, ut32 mem_key_size)

RZ_API void	rz_analysis_il_config_free (RzAnalysisILConfig *cfg)

RZ_API void	rz_analysis_il_config_add_label (RZ_NONNULL RzAnalysisILConfig cfg, RZ_NONNULL RZ_OWN RzILEffectLabel label)

Analysis IL VM
static void	setup_vm_from_config (RzAnalysis analysis, RzAnalysisILVM vm, RzAnalysisILConfig *cfg)

static void	setup_vm_init_state (RzAnalysisILVM vm, RZ_NULLABLE RzAnalysisILInitState is, RZ_NULLABLE RzReg *reg)

RZ_API RZ_OWN RzAnalysisILVM *	rz_analysis_il_vm_new (RzAnalysis a, RZ_NULLABLE RzReg init_state_reg)

RZ_API void	rz_analysis_il_vm_free (RZ_NULLABLE RzAnalysisILVM *vm)

static bool	setup_regs (RzAnalysis a, RzAnalysisILVM vm, RzAnalysisILConfig *cfg)

RZ_API void	rz_analysis_il_vm_sync_from_reg (RzAnalysisILVM vm, RZ_NONNULL RzReg reg)

RZ_API bool	rz_analysis_il_vm_sync_to_reg (RzAnalysisILVM vm, RZ_NONNULL RzReg reg)

RZ_API RzAnalysisILStepResult	rz_analysis_il_vm_step (RZ_NONNULL RzAnalysis analysis, RZ_NONNULL RzAnalysisILVM vm, RZ_NULLABLE RzReg *reg)

Global, user-faced VM setup
RZ_API bool	rz_analysis_il_vm_setup (RzAnalysis *analysis)

RZ_API void	rz_analysis_il_vm_cleanup (RzAnalysis *analysis)

Function Documentation

◆ rz_analysis_il_config_add_label()

RZ_API void rz_analysis_il_config_add_label	(	RZ_NONNULL RzAnalysisILConfig *	cfg,
		RZ_NONNULL RZ_OWN RzILEffectLabel *	label
	)

Add label to the IL config cfg to describe that it is globally available in a vm

Definition at line 77 of file analysis_il.c.

                                                                                                                           {
     rz_return_if_fail(cfg && label);
     rz_pvector_push(&cfg->labels, label);
 }

References rz_pvector_push(), and rz_return_if_fail.

Referenced by il_config(), rz_arm_cs_32_il_config(), and rz_arm_cs_64_il_config().

◆ rz_analysis_il_config_free()

RZ_API void rz_analysis_il_config_free ( RzAnalysisILConfig * cfg )

Definition at line 66 of file analysis_il.c.

                                                                 {
     if (!cfg) {
         return;
     }
     rz_pvector_fini(&cfg->labels);
     free(cfg);
 }

References free(), rz_analysis_il_config_t::labels, and rz_pvector_fini().

Referenced by il_config(), and rz_analysis_il_vm_new().

◆ rz_analysis_il_config_new()

RZ_API RZ_OWN RzAnalysisILConfig* rz_analysis_il_config_new	(	ut32	pc_size,
		bool	big_endian,
		ut32	mem_key_size
	)

Create an IL config and initialize it with the given minimal mandatory info

Definition at line 53 of file analysis_il.c.

                                                                                                               {
     rz_return_val_if_fail(pc_size && mem_key_size, NULL);
     RzAnalysisILConfig *r = RZ_NEW0(RzAnalysisILConfig);
     if (!r) {
         return NULL;
     }
     r->pc_size = pc_size;
     r->big_endian = big_endian;
     r->mem_key_size = mem_key_size;
     rz_pvector_init(&r->labels, (RzPVectorFree)rz_il_effect_label_free);
     return r;
 }

References NULL, r, rz_il_effect_label_free(), RZ_NEW0, rz_pvector_init(), and rz_return_val_if_fail.

Referenced by il_config(), rz_arm_cs_32_il_config(), rz_arm_cs_64_il_config(), rz_avr_il_config(), and rz_sh_il_config().

◆ rz_analysis_il_init_state_free()

RZ_API void rz_analysis_il_init_state_free ( RzAnalysisILInitState * state )

Definition at line 28 of file analysis_il.c.

                                                                          {
     if (!state) {
         return;
     }
     rz_vector_fini(&state->vars);
 }

References rz_vector_fini().

◆ rz_analysis_il_init_state_new()

RZ_API RzAnalysisILInitState* rz_analysis_il_init_state_new ( )

Definition at line 19 of file analysis_il.c.

                                                               {
     RzAnalysisILInitState *r = RZ_NEW0(RzAnalysisILInitState);
     if (!r) {
         return NULL;
     }
     rz_vector_init(&r->vars, sizeof(RzAnalysisILInitStateVar), var_state_free, NULL);
     return r;
 }

References NULL, r, RZ_NEW0, rz_vector_init(), and var_state_free().

Referenced by il_config().

◆ rz_analysis_il_init_state_set_var()

RZ_API void rz_analysis_il_init_state_set_var	(	RZ_NONNULL RzAnalysisILInitState *	state,
		RZ_NONNULL const char *	name,
		RZ_NONNULL RZ_OWN RzILVal *	val
	)

Set the value of the global variable called name name to val in the initial state state

Definition at line 38 of file analysis_il.c.

                                                                  {
     rz_return_if_fail(state && name && val);
     RzAnalysisILInitStateVar *v = rz_vector_push(&state->vars, NULL);
     if (!v) {
         rz_il_value_free(val);
         return;
     }
     v->name = name;
     v->val = val;
 }

References name, NULL, rz_il_value_free(), rz_return_if_fail, rz_vector_push(), v, and val.

Referenced by il_config().

◆ rz_analysis_il_vm_cleanup()

RZ_API void rz_analysis_il_vm_cleanup ( RzAnalysis * analysis )

Destroy the global user-faced vm

Definition at line 303 of file analysis_il.c.

                                                             {
     rz_return_if_fail(analysis);
     rz_analysis_il_vm_free(analysis->il_vm);
     analysis->il_vm = NULL;
 }

References rz_analysis_t::il_vm, NULL, rz_analysis_il_vm_free(), and rz_return_if_fail.

Referenced by rz_analysis_free(), and rz_analysis_il_vm_setup().

◆ rz_analysis_il_vm_free()

RZ_API void rz_analysis_il_vm_free ( RZ_NULLABLE RzAnalysisILVM * vm )

Frees an RzAnalysisILVM instance

Definition at line 125 of file analysis_il.c.

                                                                    {
     if (!vm) {
         return;
     }
     rz_il_vm_free(vm->vm);
     rz_il_reg_binding_free(vm->reg_binding);
     rz_buf_free(vm->io_buf);
     free(vm);
 }

References free(), rz_buf_free(), rz_il_reg_binding_free(), and rz_il_vm_free().

Referenced by print_and_check_il(), and rz_analysis_il_vm_cleanup().

◆ rz_analysis_il_vm_new()

RZ_API RZ_OWN RzAnalysisILVM* rz_analysis_il_vm_new	(	RzAnalysis *	a,
		RZ_NULLABLE RzReg *	init_state_reg
	)

Create and initialize an RzAnalysisILVM with the current arch/cpu/bits configuration and plugin init_state_reg optional RzReg to take variable values from, unless the plugin overrides them using RzAnalysisILInitState

Returns: RzAnalysisRzil* a pointer to RzAnalysisILVM instance

Definition at line 98 of file analysis_il.c.

                                                                                                       {
     rz_return_val_if_fail(a, NULL);
     RzAnalysisILConfig *config = a->cur->il_config(a);
     if (!config) {
         return false;
     }
     RzAnalysisILVM *r = RZ_NEW0(RzAnalysisILVM);
     if (!r) {
         goto ruby_pool;
     }
     r->io_buf = rz_buf_new_with_io(&a->iob);
     setup_vm_from_config(a, r, config);
     if (!r->vm) {
         rz_buf_free(r->io_buf);
         free(r);
         r = NULL;
         goto ruby_pool;
     }
     setup_vm_init_state(r, config->init_state, init_state_reg);
 ruby_pool:
     rz_analysis_il_config_free(config);
     return r;
 }

References a, free(), NULL, r, rz_analysis_il_config_free(), rz_buf_free(), rz_buf_new_with_io(), RZ_NEW0, rz_return_val_if_fail, setup_vm_from_config(), and setup_vm_init_state().

Referenced by print_and_check_il(), and rz_analysis_il_vm_setup().

◆ rz_analysis_il_vm_setup()

RZ_API bool rz_analysis_il_vm_setup ( RzAnalysis * analysis )

(Re)initialize the global user-faced vm

Returns: whether the init succeeded

Definition at line 285 of file analysis_il.c.

                                                           {
     rz_return_val_if_fail(analysis, false);
     rz_analysis_il_vm_cleanup(analysis);
     if (!analysis->cur || !analysis->cur->il_config) {
         return false;
     }
     analysis->il_vm = rz_analysis_il_vm_new(analysis, analysis->reg);
     if (analysis->il_vm) {
         // rz_analysis_il_vm_new merges the contents of analysis->reg with the plugin's optional RzAnalysisILInitState
         // Now sync the merged state back:
         rz_il_vm_sync_to_reg(analysis->il_vm->vm, analysis->il_vm->reg_binding, analysis->reg);
     }
     return !!analysis->il_vm;
 }

References rz_analysis_t::cur, rz_analysis_plugin_t::il_config, rz_analysis_t::il_vm, rz_analysis_t::reg, rz_analysis_il_vm_t::reg_binding, rz_analysis_il_vm_cleanup(), rz_analysis_il_vm_new(), rz_il_vm_sync_to_reg(), rz_return_val_if_fail, and rz_analysis_il_vm_t::vm.

Referenced by rz_analysis_use(), and rz_core_analysis_il_reinit().

◆ rz_analysis_il_vm_step()

RZ_API RzAnalysisILStepResult rz_analysis_il_vm_step	(	RZ_NONNULL RzAnalysis *	analysis,
		RZ_NONNULL RzAnalysisILVM *	vm,
		RZ_NULLABLE RzReg *	reg
	)

Perform a single step in the VM

If given, this syncs the contents of reg into the vm. Then it disassembles an instruction at the program counter of the vm and executes it. Finally, if no error occured, the contents are optionally synced back to reg.

Returns: and indicator for which error occured, if any

Definition at line 240 of file analysis_il.c.

                                                                                                                                              {
     rz_return_val_if_fail(analysis && vm, false);
     RzAnalysisPlugin *cur = analysis->cur;
     if (!cur || !analysis->read_at) {
         return RZ_ANALYSIS_IL_STEP_RESULT_NOT_SET_UP;
     }
  
     if (reg) {
         rz_analysis_il_vm_sync_from_reg(vm, reg);
     }
     ut64 addr = rz_bv_to_ut64(vm->vm->pc);
  
     ut8 code[32] = { 0 };
     analysis->read_at(analysis, addr, code, sizeof(code));
     RzAnalysisOp op = { 0 };
     int r = rz_analysis_op(analysis, &op, addr, code, sizeof(code), RZ_ANALYSIS_OP_MASK_IL | RZ_ANALYSIS_OP_MASK_HINT);
     RzILOpEffect *ilop = r < 0 ? NULL : op.il_op;
  
     RzAnalysisILStepResult res;
     if (ilop) {
         bool succ = rz_il_vm_step(vm->vm, ilop, addr + (op.size > 0 ? op.size : 1));
         res = succ ? RZ_ANALYSIS_IL_STEP_RESULT_SUCCESS : RZ_ANALYSIS_IL_STEP_IL_RUNTIME_ERROR;
         if (reg) {
             rz_analysis_il_vm_sync_to_reg(vm, reg);
         }
     } else {
         res = RZ_ANALYSIS_IL_STEP_INVALID_OP;
     }
  
     rz_analysis_op_fini(&op);
     return res;
 }

References addr, NULL, r, reg, RZ_ANALYSIS_IL_STEP_IL_RUNTIME_ERROR, RZ_ANALYSIS_IL_STEP_INVALID_OP, RZ_ANALYSIS_IL_STEP_RESULT_NOT_SET_UP, RZ_ANALYSIS_IL_STEP_RESULT_SUCCESS, rz_analysis_il_vm_sync_from_reg(), rz_analysis_il_vm_sync_to_reg(), rz_analysis_op(), rz_analysis_op_fini(), RZ_ANALYSIS_OP_MASK_HINT, RZ_ANALYSIS_OP_MASK_IL, rz_bv_to_ut64(), rz_il_vm_step(), rz_return_val_if_fail, and ut64().

Referenced by rz_core_il_step().

◆ rz_analysis_il_vm_sync_from_reg()

RZ_API void rz_analysis_il_vm_sync_from_reg	(	RzAnalysisILVM *	vm,
		RZ_NONNULL RzReg *	reg
	)

Set the values of all variables in vm that are bound to registers and PC to the respective contents from reg.

This is like the low-level rz_il_vm_sync_from_reg(), but uses the binding that is part of vm. See its documentation for details.

Definition at line 213 of file analysis_il.c.

                                                                                        {
     rz_return_if_fail(vm && reg);
     rz_il_vm_sync_from_reg(vm->vm, vm->reg_binding, reg);
 }

References reg, rz_analysis_il_vm_t::reg_binding, rz_il_vm_sync_from_reg(), rz_return_if_fail, and rz_analysis_il_vm_t::vm.

Referenced by rz_analysis_il_vm_step().

◆ rz_analysis_il_vm_sync_to_reg()

RZ_API bool rz_analysis_il_vm_sync_to_reg	(	RzAnalysisILVM *	vm,
		RZ_NONNULL RzReg *	reg
	)

Set the values of all bound regs in reg to the respective variable or PC contents in vm.

This is like the low-level rz_il_vm_sync_to_reg(), but uses the binding that is part of vm. See its documentation for details.

Returns: whether the sync was cleanly applied without errors or adjustments

Definition at line 226 of file analysis_il.c.

                                                                                      {
     rz_return_val_if_fail(vm && reg, false);
     return rz_il_vm_sync_to_reg(vm->vm, vm->reg_binding, reg);
 }

References reg, rz_analysis_il_vm_t::reg_binding, rz_il_vm_sync_to_reg(), rz_return_val_if_fail, and rz_analysis_il_vm_t::vm.

Referenced by rz_analysis_il_vm_step().

◆ setup_regs()

static bool setup_regs	(	RzAnalysis *	a,
		RzAnalysisILVM *	vm,
		RzAnalysisILConfig *	cfg
	)

static

Definition at line 135 of file analysis_il.c.

                                                                                    {
     if (!a->cur->get_reg_profile) {
         return false;
     }
     // Explicitly use a new reg here!
     // The a->reg might be changed by the user, but plugins expect exactly
     // the register profile they supplied. Syncing will later adjust the register
     // contents if necessary.
     RzReg *reg = rz_reg_new();
     if (!reg) {
         return false;
     }
     char *profile = a->cur->get_reg_profile(a);
     bool succ;
     if (!profile) {
         succ = false;
         goto new_real;
     }
     succ = rz_reg_set_profile_string(reg, profile);
     free(profile);
     if (!succ) {
         goto new_real;
     }
     if (cfg->reg_bindings) {
         size_t count = 0;
         while (cfg->reg_bindings[count]) {
             count++;
         }
         vm->reg_binding = rz_il_reg_binding_exactly(reg, count, cfg->reg_bindings);
     } else {
         vm->reg_binding = rz_il_reg_binding_derive(reg);
     }
     if (!vm->reg_binding) {
         succ = false;
         goto new_real;
     }
     rz_il_vm_setup_reg_binding(vm->vm, vm->reg_binding);
 new_real:
     rz_reg_free(reg);
     return succ;
 }

References a, count, free(), reg, rz_analysis_il_vm_t::reg_binding, rz_analysis_il_config_t::reg_bindings, rz_il_reg_binding_derive(), rz_il_reg_binding_exactly(), rz_il_vm_setup_reg_binding(), rz_reg_free(), rz_reg_new(), rz_reg_set_profile_string(), and rz_analysis_il_vm_t::vm.

Referenced by setup_vm_from_config().

◆ setup_vm_from_config()

static void setup_vm_from_config	(	RzAnalysis *	analysis,
		RzAnalysisILVM *	vm,
		RzAnalysisILConfig *	cfg
	)

static

Definition at line 177 of file analysis_il.c.

                                                                                                     {
     vm->vm = rz_il_vm_new(0, cfg->pc_size, cfg->big_endian);
     if (!vm->vm) {
         return;
     }
     if (!setup_regs(analysis, vm, cfg)) {
         rz_il_vm_free(vm->vm);
         vm->vm = NULL;
         return;
     }
     rz_il_vm_add_mem(vm->vm, 0, rz_il_mem_new(vm->io_buf, cfg->mem_key_size));
     void **it;
     rz_pvector_foreach (&cfg->labels, it) {
         RzILEffectLabel *lbl = *it;
         rz_il_vm_add_label(vm->vm, rz_il_effect_label_dup(lbl));
     }
 }

References rz_analysis_il_config_t::big_endian, rz_analysis_il_vm_t::io_buf, rz_analysis_il_config_t::labels, rz_analysis_il_config_t::mem_key_size, NULL, rz_analysis_il_config_t::pc_size, rz_il_effect_label_dup(), rz_il_mem_new(), rz_il_vm_add_label(), rz_il_vm_add_mem(), rz_il_vm_free(), rz_il_vm_new(), rz_pvector_foreach, setup_regs(), and rz_analysis_il_vm_t::vm.

Referenced by rz_analysis_il_vm_new().

◆ setup_vm_init_state()

static void setup_vm_init_state	(	RzAnalysisILVM *	vm,
		RZ_NULLABLE RzAnalysisILInitState *	is,
		RZ_NULLABLE RzReg *	reg
	)

static

Definition at line 195 of file analysis_il.c.

                                                                                                                    {
     if (reg) {
         rz_il_vm_sync_from_reg(vm->vm, vm->reg_binding, reg);
     }
     if (is) {
         RzAnalysisILInitStateVar *v;
         rz_vector_foreach(&is->vars, v) {
             rz_il_vm_set_global_var(vm->vm, v->name, rz_il_value_dup(v->val));
         }
     }
 }

References reg, rz_analysis_il_vm_t::reg_binding, rz_il_value_dup(), rz_il_vm_set_global_var(), rz_il_vm_sync_from_reg(), rz_vector_foreach, v, and rz_analysis_il_vm_t::vm.

Referenced by rz_analysis_il_vm_new().

◆ var_state_free()

static void var_state_free	(	void *	e,
		void *	user
	)

static

Definition at line 11 of file analysis_il.c.

                                                 {
     RzAnalysisILInitStateVar *s = e;
     if (!s) {
         return;
     }
     rz_il_value_free(s->val);
 }

References e, rz_il_value_free(), and s.

Referenced by rz_analysis_il_init_state_new().

Functions

Function Documentation

◆ rz_analysis_il_config_add_label()

◆ rz_analysis_il_config_free()

◆ rz_analysis_il_config_new()

◆ rz_analysis_il_init_state_free()

◆ rz_analysis_il_init_state_new()

◆ rz_analysis_il_init_state_set_var()

◆ rz_analysis_il_vm_cleanup()

◆ rz_analysis_il_vm_free()

◆ rz_analysis_il_vm_new()

◆ rz_analysis_il_vm_setup()

◆ rz_analysis_il_vm_step()

◆ rz_analysis_il_vm_sync_from_reg()

◆ rz_analysis_il_vm_sync_to_reg()

◆ setup_regs()

◆ setup_vm_from_config()

◆ setup_vm_init_state()

◆ var_state_free()