Class: Relyze::ExecutableFileModel::FunctionDataType

Inherits:

DataType

• Object
• DataType
• Relyze::ExecutableFileModel::FunctionDataType

Defined in:

C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb

Instance Method Summary

• #add_parameter(name, data_type, index = nil) ⇒ true, false

  Add a new parameter to this function.

• #block(rva) ⇒ Relyze::ExecutableFileModel::CodeBlock^?

  Get the basic block which both contains a given RVA and belongs to this function, if any.

• #blocks {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::CodeBlock>^?

  Get every basic block in this function.

• #cc ⇒ Symbol^?

  Get this functions current calling convention if known.

• #cc=(calling_convention) ⇒ Symbol^?

  Set this functions current calling convention.

• #color=(color) ⇒ Object

  Set or clear the color of every basic block in the function.

• #dfs {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::CodeBlock>^?

  Perform a depth first search over this function from its root block, yielding every block in the search.

• #diff(functionB) ⇒ Relyze::DiffResults::DiffFunctionResult^?

  Perform a differential analysis of this function (side A) against another function (side B).

• #leaf? ⇒ true, false

  Check if this a leaf function; a function with no child calls.

• #library? ⇒ true, false

  Check if this a static library function; a function which analysis has identified as originating from a static library used when this executable code was linked.

• #parameter(index) ⇒ Hash^?

  Get a description for the parameter at a given zero based index, see #parameters.

• #parameters {|parameter| ... } ⇒ Object

  Get a description of every parameter in this function.

• #remove_parameter(index) ⇒ true, false

  Remove a parameters name at a given index.

• #return ⇒ Relyze::ExecutableFileModel::DataType^?

  Get this functions current return type if known.

• #return=(data_type) ⇒ true, false

  Set this functions current return type.

• #rva ⇒ Integer^?

  Get this functions RVA if known.

• #set_parameter_data_type(index, data_type) ⇒ true, false

  Set a parameters DataType at a given index.

• #set_parameter_name(index, name) ⇒ true, false

  Set a parameters name at a given index.

• #stack_block(rva) ⇒ Relyze::ExecutableFileModel::DataBlock^?

  Get the basic block in this functions stack segment which contains the given RVA location.

• #stack_blocks {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::DataBlock>^?

  Get every basic block in this functions stack segment.

• #stack_delta2rva(delta) ⇒ Integer^?

  Convert a stack delta value into a stack segment RVA location.

• #stack_rva2delta(rva) ⇒ Integer

  Convert a stack segment RVA location into a stack delta value.

• #to_graph(display = {}) ⇒ Relyze::Graph::DirectedGraph

  Generate a Graph::DirectedGraph object for this functions control flow graph.

• #to_pseudo(options = {}) ⇒ String^?

  Decompile this function to pseudo code.

• #to_tcg ⇒ Relyze::TCG::TCGGraph^?

  Generate a TCG::TCGGraph for this function.

Methods inherited from DataType

#access, #dup, #modifiers, #name, #size, #to_s, #type

Instance Method Details

#add_parameter(name, data_type, index = nil) ⇒ true, false

Add a new parameter to this function.

Parameters:

• name (String) —

  The name to give the parameter

• data_type (Relyze::ExecutableFileModel::DataType) —

  The data type to give the parameter

• index (Integer, nil) (defaults to: nil) —

  Nil to add the parameter at the end or a zero based index to insert the parameter.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 505

def add_parameter( name, data_type, index=nil )
    return false
end

#block(rva) ⇒ Relyze::ExecutableFileModel::CodeBlock^?

Get the basic block which both contains a given RVA and belongs to this function, if any.

Parameters:

• rva (Integer) —

  An RVA location.

Returns:

• (Relyze::ExecutableFileModel::CodeBlock, nil) —

  A basic block in the function.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 530

def block( rva )
    self.blocks do | b |
        if( rva >= b.rva and rva < (b.rva + b.length) )
            return b
        end
    end
    return nil
end

#blocks {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::CodeBlock>^?

Get every basic block in this function. No order is assumed.

Yields:

• (basic_block) —

  yields the basic_block to the block.

Yield Parameters:

• basic_block (Relyze::ExecutableFileModel::CodeBlock) —

  A basic block in the function.

Returns:

• (Array<Relyze::ExecutableFileModel::CodeBlock>, nil)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 522

def blocks
    return nil
end

#cc ⇒ Symbol^?

Get this functions current calling convention if known.

Returns:

• (Symbol, nil) —

  The current calling convention, either :cdecl, :stdcall, :fastcall, :thiscall or nil.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 400

def cc
    return nil
end

#cc=(calling_convention) ⇒ Symbol^?

Set this functions current calling convention.

Parameters:

• calling_convention (Symbol) —

  A calling convention, either :cdecl, :stdcall, :fastcall, :thiscall or nil to set as unknown.

Returns:

• (Symbol, nil) —

  The current calling convention

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 408

def cc=( calling_convention )
    return nil
end

#color=(color) ⇒ Object

Set or clear the color of every basic block in the function.

Parameters:

• color (Integer, nil) —

  Use nil to clear the colors of every block or a Integer to set the color.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 597

def color=( color )
    self.blocks do | b |
        b.color = color
    end
end

#dfs {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::CodeBlock>^?

Perform a depth first search over this function from its root block, yielding every block in the search.

Yields:

• (basic_block) —

  yields the basic_block to the block.

Yield Parameters:

• basic_block (Relyze::ExecutableFileModel::CodeBlock) —

  A basic block in the function.

Returns:

• (Array<Relyze::ExecutableFileModel::CodeBlock>, nil)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 544

def dfs
    return nil
end

#diff(functionB) ⇒ Relyze::DiffResults::DiffFunctionResult^?

Perform a differential analysis of this function (side A) against another function (side B).

Examples:

# get a function from the current model
functionA = cm.function( cm.name2rva('SomeTestFunction1') )
# get a second function from the current model (could also be from another model)
functionB = cm.function( cm.name2rva('SomeTestFunction2') )
# perform a differential analysis of functionA against functionB
dr_func = functionA.diff( functionB )
# inspect the diff function result
print_message( "Function '%s' was %s (difference %.2f%%)" % [dr_func.name, dr_func.type, ( dr_func.difference * 100 ) ] )
# iterate over every DiffCodeBlockResult in the diff function result
dr_func.blocks do | dr_block |
    print_message( "    Block '%s' was %s (difference %.2f%%)" % [dr_block.name, dr_block.type, ( dr_block.difference * 100 ) ] )
    # iterate over every DiffInstructionResult in the current diff code block result
    dr_block.instructions do | dr_inst |
        print_message( "        Instruction '%s' was %s (difference %.2f%%)" % [dr_inst.name, dr_inst.type, ( dr_inst.difference * 100 ) ] )
    end
end

Parameters:

• functionB (Relyze::ExecutableFileModel::FunctionDataType) —

  The function to perform the differential analysis against.

Returns:

• (Relyze::DiffResults::DiffFunctionResult, nil) —

  Returns the result of the differential analysis.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 710

def diff( functionB )
    nil
end

#leaf? ⇒ true, false

Check if this a leaf function; a function with no child calls.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 386

def leaf?
    return false
end

#library? ⇒ true, false

Check if this a static library function; a function which analysis has identified as originating from a static library used when this executable code was linked.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 393

def library?
    return false
end

#parameter(index) ⇒ Hash^?

Get a description for the parameter at a given zero based index, see #parameters.

Parameters:

• index (Integer) —

  A zero based parameter index.

Returns:

• (Hash, nil) —

  A hash describing this parameter.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 477

def parameter( index )
    return nil
end

#parameters {|parameter| ... } ⇒ Object

Get a description of every parameter in this function.

Examples:

The contents of a parameter hash value.

# This parameters zero based index (Integer)
parameter[:index]
# This parameters definition type (Symbol), either :implicit or :explicit
parameter[:definition]
# This parameters name (String)
parameter[:name]
# This parameters data type if known (Relyze::ExecutableFileModel::DataType)
parameter[:data_type]
# This parameters location according to the functions current calling convention (Symbol) either :stack or :register
parameter[:location]
# If parameter[:location] is :stack
    # The delta value for this parameters location on the stack (Integer)
    parameter[:stack_delta]
    # The byte length of this parameter on the stack (Integer)
    parameter[:stack_length]
# If parameter[:location] is :register
    # An array of register names this parameter is held in (Array<String>)
    parameter[:reg_names]
# The method this parameter is passed by the caller, if known. (Symbol), either :value or :pointer
parameter[:passedby]

Pull out a function by name and rename its explicit parameters

rva = cm.name2rva( 'CMachine::GetData' )
func = cm.function( rva )
func.parameters do | parameter |
    next if parameter[:definition] != :explicit
    if( parameter[:location] == :register )
        name = "reg"
        parameter[:reg_names].each do | r |
            name << "_#{r}"
        end
        func.set_parameter_name( parameter[:index], name )
    elsif( parameter[:location] == :stack )
        func.set_parameter_name( parameter[:index], "stk_%d" % parameter[:stack_delta] )
    end
end

Yields:

• (parameter) —

  yields the parameter to the block.

Yield Parameters:

• parameter (Hash) —

  A hash describing this parameter.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 469

def parameters
    return nil
end

#remove_parameter(index) ⇒ true, false

Remove a parameters name at a given index.

Parameters:

• index (Integer) —

  A zero based parameter index.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 513

def remove_parameter( index )
    return false
end

#return ⇒ Relyze::ExecutableFileModel::DataType^?

Get this functions current return type if known.

Returns:

• (Relyze::ExecutableFileModel::DataType, nil) —

  The current return type.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 415

def return
    return nil
end

#return=(data_type) ⇒ true, false

Set this functions current return type.

Parameters:

• data_type (Relyze::ExecutableFileModel::DataType, nil) —

  The return type.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 423

def return=( data_type )
    return false
end

#rva ⇒ Integer^?

Get this functions RVA if known.

Returns:

• (Integer, nil) —

  This functions RVA if known.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 373

def rva
    return nil
end

#set_parameter_data_type(index, data_type) ⇒ true, false

Set a parameters DataType at a given index.

Parameters:

• index (Integer) —

  A zero based parameter index.

• data_type (Relyze::ExecutableFileModel::DataType) —

  The data type to give the parameter

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 495

def set_parameter_data_type( index, data_type )
    return false
end

#set_parameter_name(index, name) ⇒ true, false

Set a parameters name at a given index.

Parameters:

• index (Integer) —

  A zero based parameter index.

• name (String) —

  The name to give the parameter

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 486

def set_parameter_name( index, name )
    return false
end

#stack_block(rva) ⇒ Relyze::ExecutableFileModel::DataBlock^?

Get the basic block in this functions stack segment which contains the given RVA location.

Returns:

• (Relyze::ExecutableFileModel::DataBlock, nil) —

  A basic block in the function stack segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 569

def stack_block( rva )
    self.stack_blocks do | b |
        if( rva >= b.rva and rva < (b.rva + b.length) )
            return b
        end
    end
    return nil
end

#stack_blocks {|basic_block| ... } ⇒ Array<Relyze::ExecutableFileModel::DataBlock>^?

Get every basic block in this functions stack segment.

Examples:

Enumerate a functions stack block and list the references in to each one.

func = cm.function( cm.entry_point )
func.stack_blocks do | block |
    print_message( "%s - delta %d" % [ block, func.stack_rva2delta( block.rva ) ] )
    block.references( :in ) do | ref |
        print_message( "\t" + ref.to_s )
    end
end

Yields:

• (basic_block) —

  yields the basic_block to the block.

Yield Parameters:

• basic_block (Relyze::ExecutableFileModel::DataBlock) —

  A basic block in the function.

Returns:

• (Array<Relyze::ExecutableFileModel::DataBlock>, nil)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 562

def stack_blocks
    return []
end

#stack_delta2rva(delta) ⇒ Integer^?

Convert a stack delta value into a stack segment RVA location.

Parameters:

• delta (Integer) —

  A stack delta location.

Returns:

• (Integer, nil) —

  An RVA location in the stack segment corresponding to the given delta.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 582

def stack_delta2rva( delta )
    return nil
end

#stack_rva2delta(rva) ⇒ Integer

Convert a stack segment RVA location into a stack delta value.

Parameters:

• rva (Integer) —

  An RVA location in the stack segment.

Returns:

• (Integer) —

  A stack delta location corresponding to the given RVA location in the stack segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 590

def stack_rva2delta( rva )
    return nil
end

#to_graph(display = {}) ⇒ Relyze::Graph::DirectedGraph

Generate a Graph::DirectedGraph object for this functions control flow graph.

Examples:

func = cm.function( @relyze.tab_current_function_rva )
graph = func.to_graph
::File.write( 'func_cfg.dot', graph.to_dot )

Parameters:

• display (Hash) (defaults to: {}) —

  An optional hash of display options to pass to the graph.

Returns:

• (Relyze::Graph::DirectedGraph) —

  This functions control flow graph.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 612

def to_graph( display={} )
    graph = ::Relyze::Graph::DirectedGraph.new(
        'CFG',
        {
            :node_padding => 0
        }.merge!( display )
    )

    self.blocks do | block |

        source_node = graph.find_or_create_node( block )

        source_node.display[:rva] = block.rva

        if( not block.color.nil? )
            source_node.display[:node_background_color] = graph.color2html( block.color )
        end

        if( block.rva == self.rva )
            graph.root = source_node
        end

        block.references( :out ) do | ref |
        
            next if not ref.control_flow?

            next if ref.target.nil?

            if( not ref.implicit? )
            
                inst = block.instruction( ref.owner_rva )

                if( inst.nil? or ( inst.branch? and (inst.branch_type != :conditional_jump and inst.branch_type != :unconditional_jump) ) )
                    next
                end
            end

            target_node = graph.find_or_create_node( ref.target )

            target_node.display[:rva] = ref.target.rva

            edge = graph.create_edge( source_node, target_node, ref )

            case ref.control_flow_condition
                when :true
                    edge.display[:edge_color] = "#16A085"
                when :false
                    edge.display[:edge_color] = "#C0392B"
                when :unconditional
                    edge.display[:edge_color] = "#3498DB"
                else
            end
        end
    end

    return graph
end

#to_pseudo(options = {}) ⇒ String^?

Decompile this function to pseudo code.

Parameters:

• options (Hash) (defaults to: {}) —

  The options to pass to the decompiler.

Options Hash (options):

• :timeout (Integer, nil) —

  An optional timeout in seconds to abort decompilation and raise a StandardError exception. Default nil for no timeout.

• :display_casts (true, false) —

  Display casts in the output. Defaults to true.

• :display_comments (true, false) —

  Display comments in the output. Defaults to true.

Returns:

• (String, nil)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 684

def to_pseudo( options={} )
     return nil
end

#to_tcg ⇒ Relyze::TCG::TCGGraph^?

Generate a TCG::TCGGraph for this function.

Returns:

• (Relyze::TCG::TCGGraph, nil)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 673

def to_tcg
    return nil
end