Java Code Examples for ghidra.program.model.listing.Program#getDefaultPointerSize()

/**
 * Determines the number of vf addresses in the vf table that begins at the specified base 
 * address.
 * @param program the program whose memory is providing their addresses
 * @param vfTableBaseAddress the base address in the program for the vf table
 * @return the number of virtual function addresses in the vf table
 */
static int getVfTableCount(Program program, Address vfTableBaseAddress) {

	Memory memory = program.getMemory();
	MemoryBlock textBlock = memory.getBlock(".text");
	AddressSetView initializedAddresses = memory.getLoadedAndInitializedAddressSet();
	PseudoDisassembler pseudoDisassembler = new PseudoDisassembler(program);

	// Create pointers starting at the address until reaching a 0 pointer.
	// Terminate the possible table at any entry containing a cross reference that 
	// is beyond the first table entry and don't include it.
	int tableSize = 0;
	Address currentVfPointerAddress = vfTableBaseAddress;
	int defaultPointerSize = program.getDefaultPointerSize();
	while (true) {
		Address referencedAddress = getAbsoluteAddress(program, currentVfPointerAddress);
		if (referencedAddress == null) {
			break; // Cannot get a virtual function address.
		}
		if (referencedAddress.getOffset() == 0) {
			break; // Encountered 0 entry.
		}
		if (!initializedAddresses.contains(referencedAddress)) {
			break; // Not pointing to initialized memory.
		}
		if ((textBlock != null) ? !textBlock.equals(memory.getBlock(referencedAddress))
				: false) {
			break; // Not pointing to text section.
		}
		if (!pseudoDisassembler.isValidSubroutine(referencedAddress, true)) {
			break; // Not pointing to possible function.
		}

		tableSize++; // Count this entry in the table.

		// Advance to the next table entry address.
		currentVfPointerAddress = currentVfPointerAddress.add(defaultPointerSize);
	}
	return tableSize;
}
 

/**
 * returns shifted address bytes if they are different than un-shifted
 * 
 * @param program program
 * @param toAddress target address
 * @return shifted bytes, null if same as un-shifted
 */
public static byte[] getShiftedDirectAddressBytes(Program program, Address toAddress) {

	byte[] addressBytes = getDirectAddressBytes(program, toAddress);

	Memory memory = program.getMemory();
	boolean isBigEndian = memory.isBigEndian();

	DataConverter dataConverter;
	if (isBigEndian) {
		dataConverter = new BigEndianDataConverter();
	}
	else {
		dataConverter = new LittleEndianDataConverter();
	}

	byte[] shiftedAddressBytes = null;
	DataTypeManager dataTypeManager = program.getDataTypeManager();
	DataOrganization dataOrganization = dataTypeManager.getDataOrganization();
	int addressShiftAmount = dataOrganization.getPointerShift();
	if (addressShiftAmount != 0 && program.getDefaultPointerSize() == addressBytes.length) {
		long addrLong = toAddress.getAddressableWordOffset();
		long mask = (-1 >> addressShiftAmount) << addressShiftAmount;
		if ((addrLong & mask) == addrLong) { // make sure use of shift is valid
			shiftedAddressBytes = new byte[addressBytes.length];
			addrLong = addrLong >> addressShiftAmount;
			byte[] tmpBytes = new byte[8];
			dataConverter.getBytes(addrLong, tmpBytes);
			System.arraycopy(tmpBytes,
				isBigEndian ? (tmpBytes.length - addressBytes.length) : 0, shiftedAddressBytes,
				0, shiftedAddressBytes.length);
		}
	}

	return shiftedAddressBytes;
}
 

/**
 * Utility method for creating an Address object from a byte array. The Address object may or may not
 * be a legitimate Address in the program's address space. This method is meant to provide a way of
 * creating an Address object from a sequence of bytes that can be used for additional tests and
 * comparisons.
 *
 * @param p - program being analyzed.
 * @param addrBytes - byte array to use containing the values the address will be constructed from.
 * @return - Address object constructed from the addrBytes array. Returns null if the program is null,
 * addrBytes is null, or the length of addrBytes does not match the default Pointer size or does not contain
 * a valid offset.
 *
 */
public static Address evaluate(Program p, byte[] addrBytes) {

	boolean isBigEndian = p.getMemory().isBigEndian();

	int ptrSize = p.getDefaultPointerSize();
	int index = 0;
	long offset = 0;

	// Make sure correct # of bytes were passed
	if (addrBytes == null || addrBytes.length != ptrSize) {
		return null;
	}

	/*
	 * Make sure we account for endianess of the program.
	 * Computing the number of bits to shift the current byte value
	 * is different for Little vs. Big Endian. Need to multiply by
	 * 8 to shift in 1-byte increments.
	 */
	if (isBigEndian) {
		index = 0;
		while (index < addrBytes.length) {
			offset += (addrBytes[index] & 0xff) << ((addrBytes.length - index - 1) * 8);
			index++;
		}
	}
	else {
		// Program is LittleEndian
		index = addrBytes.length - 1;
		while (index >= 0) {
			offset += ((addrBytes[index] & 0xff) << (index * 8));
			index--;
		}
	}

	AddressSpace space = p.getAddressFactory().getDefaultAddressSpace();
	try {
		return space.getAddress(offset, true);
	}
	catch (AddressOutOfBoundsException e) {
		return null;
	}
}
 

@Override
public boolean added(Program program, AddressSetView set, TaskMonitor monitor, MessageLog log)
		throws CancelledException {

	List<MemoryBlock> dataBlocks =
		ProgramMemoryUtil.getMemoryBlocksStartingWithName(program, set, ".data", monitor);
	List<Address> typeInfoAddresses =
		ProgramMemoryUtil.findString(TYPE_INFO_STRING, program, dataBlocks, set, monitor);

	int typeInfoCount = typeInfoAddresses.size();
	if (typeInfoCount != 1) {
		if (typeInfoCount == 0) {
			log.appendMsg(this.getName(), "Couldn't find type info structure.");
			return true;
		}
		log.appendMsg(this.getName(),
			"Found " + typeInfoCount + " type info structures when expecting only 1.");
		return false;
	}

	// Found exactly 1 type info string, so use it to find RTTI structures.
	Address typeInfoStringAddress = typeInfoAddresses.get(0);
	Address typeInfoRtti0Address =
		TypeDescriptorModel.getBaseAddress(program, typeInfoStringAddress);
	if (typeInfoRtti0Address == null) {
		log.appendMsg(this.getName(), "Couldn't find RTTI type info structure.");
		return true;
	}

	// Get the address of the vf table data in common for all RTTI 0.
	TypeDescriptorModel typeDescriptorModel =
		new TypeDescriptorModel(program, typeInfoRtti0Address, validationOptions);
	try {
		Address commonVfTableAddress = typeDescriptorModel.getVFTableAddress();
		if (commonVfTableAddress == null) {
			log.appendMsg(this.getName(),
				"Couldn't get vf table address for RTTI 0 @ " + typeInfoRtti0Address + ". ");
			return false;
		}

		int alignment = program.getDefaultPointerSize();
		Set<Address> possibleTypeAddresses = ProgramMemoryUtil.findDirectReferences(program,
			dataBlocks, alignment, commonVfTableAddress, monitor);

		// We now have a list of potential rtti0 addresses.
		processRtti0(possibleTypeAddresses, program, monitor);

		return true;
	}
	catch (InvalidDataTypeException | UndefinedValueException e) {
		log.appendMsg(this.getName(), "Couldn't get vf table address for RTTI 0 @ " +
			typeInfoRtti0Address + ". " + e.getMessage());
		return false;
	}
}
 

/**
 * Create a pseudo disassembler for the given program.
 */
public PseudoDisassembler(Program program) {
	this.program = program;

	memory = program.getMemory();

	this.language = program.getLanguage();

	pointerSize = program.getDefaultPointerSize();

	this.programContext = program.getProgramContext();
}
 

/**
 * Determines if the indicated program appears to be 64 bit (has 64 bit pointers).
 * @param program the program
 * @return true if 64 bit.
 */
public static boolean is64Bit(Program program) {
	return program.getDefaultPointerSize() == 8;
}