Rizin
unix-like reverse engineering framework and cli tools
Macros | Functions
vtable.c File Reference
#include "rz_util.h"
#include "rz_analysis.h"

Go to the source code of this file.

Macros

#define VTABLE_BUFF_SIZE   10
 
#define VTABLE_READ_ADDR_FUNC(fname, read_fname, sz)
 

Functions

RZ_API void rz_analysis_vtable_info_free (RVTableInfo *vtable)
 
RZ_API ut64 rz_analysis_vtable_info_get_size (RVTableContext *context, RVTableInfo *vtable)
 
RZ_API bool rz_analysis_vtable_begin (RzAnalysis *analysis, RVTableContext *context)
 
static bool vtable_addr_in_text_section (RVTableContext *context, ut64 curAddress)
 
static bool vtable_is_value_in_text_section (RVTableContext *context, ut64 curAddress, ut64 *value)
 
static bool vtable_section_can_contain_vtables (RzBinSection *section)
 
static bool section_can_contain_rtti (RzBinSection *section)
 
static bool vtable_is_addr_vtable_start_itanium (RVTableContext *context, RzBinSection *section, ut64 curAddress)
 
static bool vtable_is_addr_vtable_start_msvc (RVTableContext *context, ut64 curAddress)
 
static bool vtable_is_addr_vtable_start (RVTableContext *context, RzBinSection *section, ut64 curAddress)
 
RZ_API RVTableInfo * rz_analysis_vtable_parse_at (RVTableContext *context, ut64 addr)
 
RZ_API RzListrz_analysis_vtable_search (RVTableContext *context)
 
RZ_API void rz_analysis_list_vtables (RzAnalysis *analysis, RzOutputMode mode)
 

Macro Definition Documentation

◆ VTABLE_BUFF_SIZE

#define VTABLE_BUFF_SIZE   10

Definition at line 9 of file vtable.c.

◆ VTABLE_READ_ADDR_FUNC

#define VTABLE_READ_ADDR_FUNC (   fname,
  read_fname,
  sz 
)
Value:
static bool fname(RzAnalysis *analysis, ut64 addr, ut64 *buf) { \
ut8 tmp[sz]; \
if (!analysis->iob.read_at(analysis->iob.io, addr, tmp, sz)) { \
return false; \
} \
*buf = read_fname(tmp); \
return true; \
}
buf
voidpf void * buf
Definition: ioapi.h:138
autogen_x86imm.tmp
tmp
Definition: autogen_x86imm.py:12
create_tags_rz.fname
fname
Definition: create_tags_rz.py:12
rz_analysis_t
Definition: rz_analysis.h:553
rz_analysis_t::iob
RzIOBind iob
Definition: rz_analysis.h:574
rz_io_bind_t::read_at
RzIOReadAt read_at
Definition: rz_io.h:240
rz_io_bind_t::io
RzIO * io
Definition: rz_io.h:232
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
addr
static int addr
Definition: z80asm.c:58

Definition at line 11 of file vtable.c.

Function Documentation

◆ rz_analysis_list_vtables()

RZ_API void rz_analysis_list_vtables ( RzAnalysis analysis,
RzOutputMode  mode 
)

Definition at line 288 of file vtable.c.

288  {
289  RVTableContext context;
290  rz_analysis_vtable_begin(analysis, &context);
291 
292  const char *noMethodName = "No Name found";
293  RVTableMethodInfo *curMethod;
294  RzListIter *vtableIter;
295  RVTableInfo *table;
296 
297  RzList *vtables = rz_analysis_vtable_search(&context);
298 
299  if (mode == RZ_OUTPUT_MODE_JSON) {
300  PJ *pj = pj_new();
301  if (!pj) {
302  rz_list_free(vtables);
303  return;
304  }
305  pj_a(pj);
306  rz_list_foreach (vtables, vtableIter, table) {
307  pj_o(pj);
308  pj_kN(pj, "offset", table->saddr);
309  pj_ka(pj, "methods");
310  rz_vector_foreach(&table->methods, curMethod) {
311  RzAnalysisFunction *fcn = rz_analysis_get_fcn_in(analysis, curMethod->addr, 0);
312  const char *const name = fcn ? fcn->name : NULL;
313  pj_o(pj);
314  pj_kN(pj, "offset", curMethod->addr);
315  pj_ks(pj, "name", name ? name : noMethodName);
316  pj_end(pj);
317  }
318  pj_end(pj);
319  pj_end(pj);
320  }
321  pj_end(pj);
322  rz_cons_println(pj_string(pj));
323  pj_free(pj);
324  } else if (mode == RZ_OUTPUT_MODE_RIZIN) {
325  rz_list_foreach (vtables, vtableIter, table) {
326  rz_cons_printf("f vtable.0x%08" PFMT64x " %" PFMT64d " @ 0x%08" PFMT64x "\n",
327  table->saddr,
328  rz_analysis_vtable_info_get_size(&context, table),
329  table->saddr);
330  rz_vector_foreach(&table->methods, curMethod) {
331  rz_cons_printf("Cd %d @ 0x%08" PFMT64x "\n", context.word_size, table->saddr + curMethod->vtable_offset);
332  RzAnalysisFunction *fcn = rz_analysis_get_fcn_in(analysis, curMethod->addr, 0);
333  const char *const name = fcn ? fcn->name : NULL;
334  if (name) {
335  rz_cons_printf("f %s @ 0x%08" PFMT64x "\n", name, curMethod->addr);
336  } else {
337  rz_cons_printf("f method.virtual.0x%08" PFMT64x " @ 0x%08" PFMT64x "\n", curMethod->addr, curMethod->addr);
338  }
339  }
340  }
341  } else {
342  rz_list_foreach (vtables, vtableIter, table) {
343  ut64 vtableStartAddress = table->saddr;
344  rz_cons_printf("\nVtable Found at 0x%08" PFMT64x "\n", vtableStartAddress);
345  rz_vector_foreach(&table->methods, curMethod) {
346  RzAnalysisFunction *fcn = rz_analysis_get_fcn_in(analysis, curMethod->addr, 0);
347  const char *const name = fcn ? fcn->name : NULL;
348  rz_cons_printf("0x%08" PFMT64x " : %s\n", vtableStartAddress, name ? name : noMethodName);
349  vtableStartAddress += context.word_size;
350  }
351  rz_cons_newline();
352  }
353  }
354  rz_list_free(vtables);
355 }
rz_cons_newline
RZ_API void rz_cons_newline(void)
Definition: cons.c:1274
rz_cons_printf
RZ_API int rz_cons_printf(const char *format,...)
Definition: cons.c:1202
rz_cons_println
RZ_API void rz_cons_println(const char *str)
Definition: cons.c:233
NULL
#define NULL
Definition: cris-opc.c:27
rz_analysis_get_fcn_in
RZ_DEPRECATE RZ_API RzAnalysisFunction * rz_analysis_get_fcn_in(RzAnalysis *analysis, ut64 addr, int type)
Definition: fcn.c:1687
mode
const char int mode
Definition: ioapi.h:137
rz_list_free
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
Definition: list.c:137
pj_ka
RZ_API PJ * pj_ka(PJ *j, const char *k)
Definition: pj.c:163
pj_new
RZ_API PJ * pj_new(void)
Definition: pj.c:25
pj_end
RZ_API PJ * pj_end(PJ *j)
Definition: pj.c:87
pj_string
RZ_API const char * pj_string(PJ *pj)
Definition: pj.c:57
pj_free
RZ_API void pj_free(PJ *j)
Definition: pj.c:34
pj_o
RZ_API PJ * pj_o(PJ *j)
Definition: pj.c:75
pj_ks
RZ_API PJ * pj_ks(PJ *j, const char *k, const char *v)
Definition: pj.c:170
pj_a
RZ_API PJ * pj_a(PJ *j)
Definition: pj.c:81
pj_kN
RZ_API PJ * pj_kN(PJ *j, const char *k, st64 n)
Definition: pj.c:128
PFMT64d
#define PFMT64d
Definition: rz_types.h:394
RZ_OUTPUT_MODE_JSON
@ RZ_OUTPUT_MODE_JSON
Definition: rz_types.h:40
RZ_OUTPUT_MODE_RIZIN
@ RZ_OUTPUT_MODE_RIZIN
Definition: rz_types.h:41
PFMT64x
#define PFMT64x
Definition: rz_types.h:393
rz_vector_foreach
#define rz_vector_foreach(vec, it)
Definition: rz_vector.h:169
name
Definition: z80asm.h:102
pj_t
Definition: rz_pj.h:12
rz_analysis_function_t
Definition: rz_analysis.h:239
rz_analysis_function_t::name
char * name
Definition: rz_analysis.h:240
rz_list_iter_t
Definition: rz_list.h:13
rz_list_t
Definition: rz_list.h:18
rz_analysis_vtable_info_get_size
RZ_API ut64 rz_analysis_vtable_info_get_size(RVTableContext *context, RVTableInfo *vtable)
Definition: vtable.c:37
rz_analysis_vtable_search
RZ_API RzList * rz_analysis_vtable_search(RVTableContext *context)
Definition: vtable.c:219
rz_analysis_vtable_begin
RZ_API bool rz_analysis_vtable_begin(RzAnalysis *analysis, RVTableContext *context)
Definition: vtable.c:41

References rz_analysis_function_t::name, NULL, PFMT64d, PFMT64x, pj_a(), pj_end(), pj_free(), pj_ka(), pj_kN(), pj_ks(), pj_new(), pj_o(), pj_string(), rz_analysis_get_fcn_in(), rz_analysis_vtable_begin(), rz_analysis_vtable_info_get_size(), rz_analysis_vtable_search(), rz_cons_newline(), rz_cons_printf(), rz_cons_println(), rz_list_free(), RZ_OUTPUT_MODE_JSON, RZ_OUTPUT_MODE_RIZIN, rz_vector_foreach, and ut64().

Referenced by rz_analysis_list_vtables_handler().

◆ rz_analysis_vtable_begin()

RZ_API bool rz_analysis_vtable_begin ( RzAnalysis analysis,
RVTableContext *  context 
)

Definition at line 41 of file vtable.c.

41  {
42  context->analysis = analysis;
43  context->abi = analysis->cpp_abi;
44  context->word_size = (ut8)(analysis->bits / 8);
45  const bool is_arm = analysis->cur->arch && rz_str_startswith(analysis->cur->arch, "arm");
46  if (is_arm && context->word_size < 4) {
47  context->word_size = 4;
48  }
49  switch (context->word_size) {
50  case 1:
51  context->read_addr = analysis->big_endian ? vtable_read_addr_be8 : vtable_read_addr_le8;
52  break;
53  case 2:
54  context->read_addr = analysis->big_endian ? vtable_read_addr_be16 : vtable_read_addr_le16;
55  break;
56  case 4:
57  context->read_addr = analysis->big_endian ? vtable_read_addr_be32 : vtable_read_addr_le32;
58  break;
59  case 8:
60  context->read_addr = analysis->big_endian ? vtable_read_addr_be64 : vtable_read_addr_le64;
61  break;
62  default:
63  return false;
64  }
65  return true;
66 }
ut8
#define ut8
Definition: dcpu16.h:8
is_arm
static int is_arm(RzBinPEObj *bin)
Definition: pe_info.c:12
rz_str_startswith
RZ_API bool rz_str_startswith(RZ_NONNULL const char *str, RZ_NONNULL const char *needle)
Checks if a string starts with a specifc sequence of characters (case sensitive)
Definition: str.c:3286
rz_analysis_plugin_t::arch
const char * arch
Definition: rz_analysis.h:1237
rz_analysis_t::cpp_abi
RzAnalysisCPPABI cpp_abi
Definition: rz_analysis.h:560
rz_analysis_t::big_endian
int big_endian
Definition: rz_analysis.h:558
rz_analysis_t::cur
struct rz_analysis_plugin_t * cur
Definition: rz_analysis.h:586
rz_analysis_t::bits
int bits
Definition: rz_analysis.h:556

References rz_analysis_plugin_t::arch, rz_analysis_t::big_endian, rz_analysis_t::bits, rz_analysis_t::cpp_abi, rz_analysis_t::cur, is_arm(), rz_str_startswith(), and ut8.

Referenced by list_all_functions_at_vtable_offset(), rz_analysis_list_vtables(), rz_analysis_rtti_demangle_class_name(), rz_analysis_rtti_print_all(), rz_analysis_rtti_print_at_vtable(), and rz_analysis_rtti_recover_all().

◆ rz_analysis_vtable_info_free()

RZ_API void rz_analysis_vtable_info_free ( RVTableInfo *  vtable)

Definition at line 29 of file vtable.c.

29  {
30  if (!vtable) {
31  return;
32  }
33  rz_vector_clear(&vtable->methods);
34  free(vtable);
35 }
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
rz_vector_clear
RZ_API void rz_vector_clear(RzVector *vec)
Definition: vector.c:68

References free(), and rz_vector_clear().

Referenced by rz_analysis_rtti_msvc_recover_all(), and rz_analysis_vtable_search().

◆ rz_analysis_vtable_info_get_size()

RZ_API ut64 rz_analysis_vtable_info_get_size ( RVTableContext *  context,
RVTableInfo *  vtable 
)

Definition at line 37 of file vtable.c.

37  {
38  return (ut64)vtable->methods.len * context->word_size;
39 }

References ut64().

Referenced by recovery_apply_vtable(), rz_analysis_list_vtables(), and rz_analysis_vtable_search().

◆ rz_analysis_vtable_parse_at()

RZ_API RVTableInfo* rz_analysis_vtable_parse_at ( RVTableContext *  context,
ut64  addr 
)

Definition at line 184 of file vtable.c.

184  {
185  ut64 offset_to_top;
186  if (!context->read_addr(context->analysis, addr - 2 * context->word_size, &offset_to_top)) {
187  return NULL;
188  }
189 
190  RVTableInfo *vtable = calloc(1, sizeof(RVTableInfo));
191  if (!vtable) {
192  return NULL;
193  }
194 
195  vtable->saddr = addr;
196 
197  rz_vector_init(&vtable->methods, sizeof(RVTableMethodInfo), NULL, NULL);
198 
199  RVTableMethodInfo meth;
200  while (vtable_is_value_in_text_section(context, addr, &meth.addr)) {
201  meth.vtable_offset = addr - vtable->saddr;
202  if (!rz_vector_push(&vtable->methods, &meth)) {
203  break;
204  }
205 
206  addr += context->word_size;
207 
208  // a ref means the vtable has ended
209  RzList *ll = rz_analysis_xrefs_get_to(context->analysis, addr);
210  if (!rz_list_empty(ll)) {
211  rz_list_free(ll);
212  break;
213  }
214  rz_list_free(ll);
215  }
216  return vtable;
217 }
calloc
void * calloc(size_t number, size_t size)
Definition: malloc.c:102
rz_vector_push
RZ_API void * rz_vector_push(RzVector *vec, void *x)
Definition: vector.c:197
rz_vector_init
RZ_API void rz_vector_init(RzVector *vec, size_t elem_size, RzVectorFree free, void *free_user)
Definition: vector.c:33
vtable_is_value_in_text_section
static bool vtable_is_value_in_text_section(RVTableContext *context, ut64 curAddress, ut64 *value)
Definition: vtable.c:75
rz_analysis_xrefs_get_to
RZ_API RzList * rz_analysis_xrefs_get_to(RzAnalysis *analysis, ut64 addr)
Definition: xrefs.c:173

References addr, calloc(), NULL, rz_analysis_xrefs_get_to(), rz_list_free(), rz_vector_init(), rz_vector_push(), ut64(), and vtable_is_value_in_text_section().

Referenced by rz_analysis_vtable_search().

◆ rz_analysis_vtable_search()

RZ_API RzList* rz_analysis_vtable_search ( RVTableContext *  context)

Definition at line 219 of file vtable.c.

219  {
220  RzAnalysis *analysis = context->analysis;
221  if (!analysis) {
222  return NULL;
223  }
224 
225  RzList *vtables = rz_list_newf((RzListFree)rz_analysis_vtable_info_free);
226  if (!vtables) {
227  return NULL;
228  }
229 
230  RzList *sections = analysis->binb.get_sections(analysis->binb.bin);
231  if (!sections) {
232  rz_list_free(vtables);
233  return NULL;
234  }
235 
236  rz_cons_break_push(NULL, NULL);
237 
238  RzListIter *iter;
239  RzBinSection *section;
240  rz_list_foreach (sections, iter, section) {
241  if (rz_cons_is_breaked()) {
242  break;
243  }
244 
245  if (!vtable_section_can_contain_vtables(section)) {
246  continue;
247  }
248 
249  ut64 startAddress = section->vaddr;
250  ut64 endAddress = startAddress + (section->vsize) - context->word_size;
251  ut64 ss = endAddress - startAddress;
252  if (ss > ST32_MAX) {
253  break;
254  }
255  while (startAddress <= endAddress) {
256  if (rz_cons_is_breaked()) {
257  break;
258  }
259  if (!analysis->iob.is_valid_offset(analysis->iob.io, startAddress, 0)) {
260  break;
261  }
262 
263  if (vtable_is_addr_vtable_start(context, section, startAddress)) {
264  RVTableInfo *vtable = rz_analysis_vtable_parse_at(context, startAddress);
265  if (vtable) {
266  rz_list_append(vtables, vtable);
267  ut64 size = rz_analysis_vtable_info_get_size(context, vtable);
268  if (size > 0) {
269  startAddress += size;
270  continue;
271  }
272  }
273  }
274  startAddress += context->word_size;
275  }
276  }
277 
278  rz_cons_break_pop();
279 
280  if (rz_list_empty(vtables)) {
281  // stripped binary?
282  rz_list_free(vtables);
283  return NULL;
284  }
285  return vtables;
286 }
sections
RzList * sections(RzBinFile *bf)
Definition: bin_ne.c:110
rz_cons_break_pop
RZ_API void rz_cons_break_pop(void)
Definition: cons.c:361
rz_cons_break_push
RZ_API void rz_cons_break_push(RzConsBreak cb, void *user)
Definition: cons.c:357
rz_cons_is_breaked
RZ_API bool rz_cons_is_breaked(void)
Definition: cons.c:373
size
voidpf void uLong size
Definition: ioapi.h:138
rz_list_newf
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
Definition: list.c:248
rz_list_append
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
Definition: list.c:288
RzListFree
void(* RzListFree)(void *ptr)
Definition: rz_list.h:11
ST32_MAX
#define ST32_MAX
Definition: rz_types_base.h:97
rz_analysis_t::binb
RzBinBind binb
Definition: rz_analysis.h:579
rz_bin_bind_t::bin
RzBin * bin
Definition: rz_bin.h:807
rz_bin_bind_t::get_sections
RzBinGetSections get_sections
Definition: rz_bin.h:810
rz_bin_section_t
Definition: rz_bin.h:618
rz_io_bind_t::is_valid_offset
RzIOIsValidOff is_valid_offset
Definition: rz_io.h:257
vtable_section_can_contain_vtables
static bool vtable_section_can_contain_vtables(RzBinSection *section)
Definition: vtable.c:89
vtable_is_addr_vtable_start
static bool vtable_is_addr_vtable_start(RVTableContext *context, RzBinSection *section, ut64 curAddress)
Definition: vtable.c:174
rz_analysis_vtable_info_free
RZ_API void rz_analysis_vtable_info_free(RVTableInfo *vtable)
Definition: vtable.c:29
rz_analysis_vtable_parse_at
RZ_API RVTableInfo * rz_analysis_vtable_parse_at(RVTableContext *context, ut64 addr)
Definition: vtable.c:184
if
if(dbg->bits==RZ_SYS_BITS_64)
Definition: windows-arm64.h:4

References rz_bin_bind_t::bin, rz_analysis_t::binb, rz_bin_bind_t::get_sections, if(), rz_io_bind_t::io, rz_analysis_t::iob, rz_io_bind_t::is_valid_offset, NULL, rz_analysis_vtable_info_free(), rz_analysis_vtable_info_get_size(), rz_analysis_vtable_parse_at(), rz_cons_break_pop(), rz_cons_break_push(), rz_cons_is_breaked(), rz_list_append(), rz_list_free(), rz_list_newf(), sections(), ST32_MAX, ut64(), vtable_is_addr_vtable_start(), and vtable_section_can_contain_vtables().

Referenced by rz_analysis_list_vtables(), rz_analysis_rtti_print_all(), and rz_analysis_rtti_recover_all().

◆ section_can_contain_rtti()

static bool section_can_contain_rtti ( RzBinSection section)
static

Definition at line 100 of file vtable.c.

100  {
101  if (!section) {
102  return false;
103  }
104  if (section->is_data) {
105  return true;
106  }
107  return !strcmp(section->name, ".data.rel.ro") ||
108  !strcmp(section->name, ".data.rel.ro.local") ||
109  rz_str_endswith(section->name, "__const");
110 }
rz_str_endswith
RZ_API bool rz_str_endswith(RZ_NONNULL const char *str, RZ_NONNULL const char *needle)
Checks if a string ends with a specifc sequence of characters (case sensitive)
Definition: str.c:3329

References rz_str_endswith().

Referenced by vtable_is_addr_vtable_start_itanium().

◆ vtable_addr_in_text_section()

static bool vtable_addr_in_text_section ( RVTableContext *  context,
ut64  curAddress 
)
static

Definition at line 68 of file vtable.c.

68  {
69  // section of the curAddress
70  RzBinSection *value = context->analysis->binb.get_vsect_at(context->analysis->binb.bin, curAddress);
71  // If the pointed value lies in .text section
72  return value && strstr(value->name, "text") && (value->perm & 1) != 0;
73 }
value
static int value
Definition: cmd_api.c:93

References value.

Referenced by vtable_is_addr_vtable_start_msvc(), and vtable_is_value_in_text_section().

◆ vtable_is_addr_vtable_start()

static bool vtable_is_addr_vtable_start ( RVTableContext *  context,
RzBinSection section,
ut64  curAddress 
)
static

Definition at line 174 of file vtable.c.

174  {
175  if (context->abi == RZ_ANALYSIS_CPP_ABI_MSVC) {
176  return vtable_is_addr_vtable_start_msvc(context, curAddress);
177  }
178  if (context->abi == RZ_ANALYSIS_CPP_ABI_ITANIUM) {
179  return vtable_is_addr_vtable_start_itanium(context, section, curAddress);
180  }
181  rz_return_val_if_reached(false);
182 }
RZ_ANALYSIS_CPP_ABI_ITANIUM
@ RZ_ANALYSIS_CPP_ABI_ITANIUM
Definition: rz_analysis.h:542
RZ_ANALYSIS_CPP_ABI_MSVC
@ RZ_ANALYSIS_CPP_ABI_MSVC
Definition: rz_analysis.h:543
rz_return_val_if_reached
#define rz_return_val_if_reached(val)
Definition: rz_assert.h:122
vtable_is_addr_vtable_start_msvc
static bool vtable_is_addr_vtable_start_msvc(RVTableContext *context, ut64 curAddress)
Definition: vtable.c:136
vtable_is_addr_vtable_start_itanium
static bool vtable_is_addr_vtable_start_itanium(RVTableContext *context, RzBinSection *section, ut64 curAddress)
Definition: vtable.c:112

References RZ_ANALYSIS_CPP_ABI_ITANIUM, RZ_ANALYSIS_CPP_ABI_MSVC, rz_return_val_if_reached, vtable_is_addr_vtable_start_itanium(), and vtable_is_addr_vtable_start_msvc().

Referenced by rz_analysis_vtable_search().

◆ vtable_is_addr_vtable_start_itanium()

static bool vtable_is_addr_vtable_start_itanium ( RVTableContext *  context,
RzBinSection section,
ut64  curAddress 
)
static

Definition at line 112 of file vtable.c.

112  {
113  ut64 value;
114  if (!curAddress || curAddress == UT64_MAX) {
115  return false;
116  }
117  if (curAddress && !vtable_is_value_in_text_section(context, curAddress, NULL)) { // Vtable beginning referenced from the code
118  return false;
119  }
120  if (!context->read_addr(context->analysis, curAddress - context->word_size, &value)) { // get the RTTI pointer
121  return false;
122  }
123  RzBinSection *rtti_section = context->analysis->binb.get_vsect_at(context->analysis->binb.bin, value);
124  if (value && !section_can_contain_rtti(rtti_section)) { // RTTI ptr must point somewhere in the data section
125  return false;
126  }
127  if (!context->read_addr(context->analysis, curAddress - 2 * context->word_size, &value)) { // Offset to top
128  return false;
129  }
130  if ((st32)value > 0) { // Offset to top has to be negative
131  return false;
132  }
133  return true;
134 }
UT64_MAX
#define UT64_MAX
Definition: rz_types_base.h:86
st32
#define st32
Definition: rz_types_base.h:12
section_can_contain_rtti
static bool section_can_contain_rtti(RzBinSection *section)
Definition: vtable.c:100

References NULL, section_can_contain_rtti(), st32, ut64(), UT64_MAX, value, and vtable_is_value_in_text_section().

Referenced by vtable_is_addr_vtable_start().

◆ vtable_is_addr_vtable_start_msvc()

static bool vtable_is_addr_vtable_start_msvc ( RVTableContext *  context,
ut64  curAddress 
)
static

Definition at line 136 of file vtable.c.

136  {
137  RzAnalysisXRef *xref;
138  RzListIter *xrefIter;
139 
140  if (!curAddress || curAddress == UT64_MAX) {
141  return false;
142  }
143  if (curAddress && !vtable_is_value_in_text_section(context, curAddress, NULL)) {
144  return false;
145  }
146  // total xref's to curAddress
147  RzList *xrefs = rz_analysis_xrefs_get_to(context->analysis, curAddress);
148  if (rz_list_empty(xrefs)) {
149  rz_list_free(xrefs);
150  return false;
151  }
152  rz_list_foreach (xrefs, xrefIter, xref) {
153  // section in which currenct xref lies
154  if (vtable_addr_in_text_section(context, xref->from)) {
155  ut8 buf[VTABLE_BUFF_SIZE];
156  context->analysis->iob.read_at(context->analysis->iob.io, xref->from, buf, sizeof(buf));
157 
158  RzAnalysisOp analop = { 0 };
159  rz_analysis_op(context->analysis, &analop, xref->from, buf, sizeof(buf), RZ_ANALYSIS_OP_MASK_BASIC);
160 
161  if (analop.type == RZ_ANALYSIS_OP_TYPE_MOV || analop.type == RZ_ANALYSIS_OP_TYPE_LEA) {
162  rz_list_free(xrefs);
163  rz_analysis_op_fini(&analop);
164  return true;
165  }
166 
167  rz_analysis_op_fini(&analop);
168  }
169  }
170  rz_list_free(xrefs);
171  return false;
172 }
analop
static int analop(RzAnalysis *a, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask)
Definition: analysis_amd29k.c:285
ut8
uint8_t ut8
Definition: lh5801.h:11
rz_analysis_op_fini
RZ_API bool rz_analysis_op_fini(RzAnalysisOp *op)
Definition: op.c:37
rz_analysis_op
RZ_API int rz_analysis_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *data, int len, RzAnalysisOpMask mask)
Definition: op.c:96
RZ_ANALYSIS_OP_MASK_BASIC
@ RZ_ANALYSIS_OP_MASK_BASIC
Definition: rz_analysis.h:440
RZ_ANALYSIS_OP_TYPE_MOV
@ RZ_ANALYSIS_OP_TYPE_MOV
Definition: rz_analysis.h:390
RZ_ANALYSIS_OP_TYPE_LEA
@ RZ_ANALYSIS_OP_TYPE_LEA
Definition: rz_analysis.h:417
rz_analysis_op_t
Definition: rz_analysis.h:811
rz_analysis_ref_t
Definition: rz_analysis.h:906
rz_analysis_ref_t::from
ut64 from
Definition: rz_analysis.h:907
vtable_addr_in_text_section
static bool vtable_addr_in_text_section(RVTableContext *context, ut64 curAddress)
Definition: vtable.c:68
VTABLE_BUFF_SIZE
#define VTABLE_BUFF_SIZE
Definition: vtable.c:9

References analop(), rz_analysis_ref_t::from, NULL, rz_analysis_op(), rz_analysis_op_fini(), RZ_ANALYSIS_OP_MASK_BASIC, RZ_ANALYSIS_OP_TYPE_LEA, RZ_ANALYSIS_OP_TYPE_MOV, rz_analysis_xrefs_get_to(), rz_list_free(), UT64_MAX, vtable_addr_in_text_section(), VTABLE_BUFF_SIZE, and vtable_is_value_in_text_section().

Referenced by vtable_is_addr_vtable_start().

◆ vtable_is_value_in_text_section()

static bool vtable_is_value_in_text_section ( RVTableContext *  context,
ut64  curAddress,
ut64 value 
)
static

Definition at line 75 of file vtable.c.

75  {
76  // value at the current address
77  ut64 curAddressValue;
78  if (!context->read_addr(context->analysis, curAddress, &curAddressValue)) {
79  return false;
80  }
81  // if the value is in text section
82  bool ret = vtable_addr_in_text_section(context, curAddressValue);
83  if (value) {
84  *value = curAddressValue;
85  }
86  return ret;
87 }

References ut64(), value, and vtable_addr_in_text_section().

Referenced by rz_analysis_vtable_parse_at(), vtable_is_addr_vtable_start_itanium(), and vtable_is_addr_vtable_start_msvc().

◆ vtable_section_can_contain_vtables()

static bool vtable_section_can_contain_vtables ( RzBinSection section)
static

Definition at line 89 of file vtable.c.

89  {
90  if (section->is_segment) {
91  return false;
92  }
93  return !strcmp(section->name, ".rodata") ||
94  !strcmp(section->name, ".rdata") ||
95  !strcmp(section->name, ".data.rel.ro") ||
96  !strcmp(section->name, ".data.rel.ro.local") ||
97  rz_str_endswith(section->name, "__const");
98 }

References rz_str_endswith().

Referenced by rz_analysis_vtable_search().