ghidra.app.plugin.core.analysis.ConstantPropagationContextEvaluator Java Examples

The following examples show how to use ghidra.app.plugin.core.analysis.ConstantPropagationContextEvaluator. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResolveX86orX64LinuxSyscallsScript.java    From ghidra with Apache License 2.0 6 votes vote down vote up 
/**
 * Uses the symbolic propogator to attempt to determine the constant value in
 * the syscall register at each system call instruction
 * 
 * @param funcsToCalls map from functions containing syscalls to address in each function of 
 * the system call
 * @param program containing the functions
 * @return map from addresses of system calls to system call numbers
 * @throws CancelledException if the user cancels
 */
private Map<Address, Long> resolveConstants(Map<Function, Set<Address>> funcsToCalls,
		Program program, TaskMonitor tMonitor) throws CancelledException {
	Map<Address, Long> addressesToSyscalls = new HashMap<>();
	Register syscallReg = program.getLanguage().getRegister(syscallRegister);
	for (Function func : funcsToCalls.keySet()) {
		Address start = func.getEntryPoint();
		ContextEvaluator eval = new ConstantPropagationContextEvaluator(true);
		SymbolicPropogator symEval = new SymbolicPropogator(program);
		symEval.flowConstants(start, func.getBody(), eval, true, tMonitor);
		for (Address callSite : funcsToCalls.get(func)) {
			Value val = symEval.getRegisterValue(callSite, syscallReg);
			if (val == null) {
				createBookmark(callSite, "System Call",
					"Couldn't resolve value of " + syscallReg);
				printf("Couldn't resolve value of " + syscallReg + " at " + callSite + "\n");
				continue;
			}
			addressesToSyscalls.put(callSite, val.getValue());
		}
	}
	return addressesToSyscalls;
}