/**
* Loads the module containing the main function. This function should be called last for correct
* symbol resolution.
*
* @param moduleFile the file to load
* @return the ExecutableImage class for the loaded module
* @throws IOException
* @throws BinaryParseException
*/
public ExecutableImage loadMainModule(File moduleFile) throws IOException, BinaryParseException {
ExecutableImage module = loadModule(moduleFile);
mainModule = module;
setEntryAddress(module.getEntryPoint());
installStubs();
return module;
}
public AbsoluteAddress getAddressForSymbol(String symbol) {
for (ExecutableImage module : modules) {
AbsoluteAddress a = module.getSymbolFinder().getAddressFor(symbol);
if (a != null) return a;
}
logger.error("Could not find address for symbol \"" + symbol + "\"");
return null;
}
/**
* Gets the assembly instruction at the specified virtual address.
*
* @param address a virtual address
* @return the assembly instruction at the specified address
*/
public final Instruction getInstruction(AbsoluteAddress address) {
Instruction instr = assemblyMap.get(address);
if (instr != null) {
return instr;
} else {
// No real instructions in prologue/epilogue
if (harness.contains(address) || isStub(address)) return null;
ExecutableImage module = getModule(address);
long fp = -1;
if (module == null) {
logger.error("No module for address " + address + ". Cannot disassemble instruction!");
} else {
fp = module.getFilePointer(address);
// Also check whether fp is out of the int range, since the X86Disassembler actually
// performs this cast in its implementation.
if (fp < 0 || (int) fp < 0) {
logger.error("Requested instruction outside of file area: " + address);
} else {
if (!module.isCodeArea(address)) {
logger.error("Requested instruction outside code section: " + address);
return null;
}
instr = module.getDisassembler().decodeInstruction(fp);
if (instr == null) {
logger.error("Instruction could not be disassembled at: " + address);
}
}
}
if (instr != null) putInstruction(address, instr);
return instr;
}
}
/**
* Loads a secondary (library or stub) module for analysis. Automatically determines the correct
* file type.
*
* @param moduleFile the file to load
* @return the ExecutableImage class for the loaded module
* @throws IOException
* @throws BinaryParseException
*/
public ExecutableImage loadModule(File moduleFile) throws IOException, BinaryParseException {
// First try to load it as a PE file, then object file, ELF and finally raw binary code
// The right thing to do would be some smart IDing of the file type, but
// this exception chaining works for now...
ExecutableImage module = null;
try {
module = new PEModule(moduleFile, getArchitecture());
targetOS = TargetOS.WINDOWS;
} catch (BinaryParseException e) {
try {
module = new ObjectFile(moduleFile, getArchitecture());
} catch (BinaryParseException e2) {
try {
module = new ELFModule(moduleFile, getArchitecture());
targetOS = TargetOS.LINUX;
} catch (BinaryParseException e3) {
module = new RawModule(moduleFile, getArchitecture());
}
}
}
for (ExecutableImage existingModule : modules) {
if (existingModule.getMaxAddress().getValue() >= module.getMinAddress().getValue()
&& existingModule.getMinAddress().getValue() <= module.getMaxAddress().getValue()) {
throw new RuntimeException("Virtual addresses of modules overlap!");
}
}
modules.add(module);
unresolvedSymbols.addAll(module.getUnresolvedSymbols());
for (ExportedSymbol symbol : module.getExportedSymbols()) {
exportedSymbols.put(removeDecoration(symbol.getName()), symbol);
}
resolveSymbols();
return module;
}
private SymbolFinder symbolFinder(AbsoluteAddress addr) {
if (isStub(addr)) return stubLibrary.getSymbolFinder();
ExecutableImage module = getModule(addr);
return (module == null) ? DummySymbolFinder.getInstance() : module.getSymbolFinder();
}
/**
* Get the module that contains the specified virtual address at runtime.
*
* @param a a virtual address
* @return the module to which the given virtual address belongs.
*/
public ExecutableImage getModule(AbsoluteAddress a) {
for (ExecutableImage module : modules) {
if (module.getFilePointer(a) >= 0) return module;
}
return null;
}
public boolean isImport(AbsoluteAddress a) {
if (isStub(a)) return true;
ExecutableImage m = getModule(a);
if (m == null) return false;
return m.isImportArea(a);
}