| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Binary.FunctionNames
Description
Contains function relating to control flow, including functions for resolving the targets of jumps and calls.
Synopsis
- try_plt_target_for_entry :: BinaryClass bin => bin -> Word64 -> Maybe ResolvedJumpTarget
- jump_target_for_instruction :: BinaryClass bin => bin -> Instruction -> ResolvedJumpTarget
- operand_static_resolve :: BinaryClass bin => bin -> Instruction -> Operand -> ResolvedJumpTarget
- try_read_function_pointer :: (Show p, BinaryClass p) => p -> p -> Word64 -> ResolvedJumpTarget
- function_name_of_entry :: BinaryClass bin => bin -> Word64 -> String
- function_name_of_instruction :: BinaryClass bin => bin -> Instruction -> String
Documentation
try_plt_target_for_entry Source #
Arguments
| :: BinaryClass bin | |
| => bin | |
| -> Word64 | The entry address |
| -> Maybe ResolvedJumpTarget |
Tries to retrieve a function name with an entry address.
If the entry matches a known symbol, return that.
Otherwise, simply return the entry address itself in hexadecimal notation.
However, there is one exception:
if the first instruction at the entry address immediately jumps to an external function,
return the name of that external function instead. This happens in a .got section.
jump_target_for_instruction Source #
Arguments
| :: BinaryClass bin | |
| => bin | |
| -> Instruction | The instruction |
| -> ResolvedJumpTarget |
Given an instruction that calls or jumps, try to find a jump target
operand_static_resolve Source #
Arguments
| :: BinaryClass bin | |
| => bin | |
| -> Instruction | The instruction |
| -> Operand | The operand of the instruction to be resolved |
| -> ResolvedJumpTarget |
many operands can statically be resolved, even though technically they are indirect (relative to RIP). Examples:
10005464e: call RIP + 1751660 resolves to an immediate jump target by resolving the RIP-relative addressing.
10005464e: call qword ptr [RIP + 1751660] read from address 1002000c0, but address has a symbol associated to it. This function call will resolve to an external function.
try_read_function_pointer :: (Show p, BinaryClass p) => p -> p -> Word64 -> ResolvedJumpTarget Source #
function_name_of_entry Source #
Arguments
| :: BinaryClass bin | |
| => bin | |
| -> Word64 | The entry address |
| -> String |
function_name_of_instruction Source #
Arguments
| :: BinaryClass bin | |
| => bin | |
| -> Instruction | The instruction |
| -> String |
Tries to retrieve a function name for a call-instruction (see function_name_of_entry
Returns the empty string if the given instruction is not a call or a jump.