/****************************************************
* process all instructions in the DB
* add the instructions to the blocks
****************************************************/
void RoseBin_DB_IDAPRO::process_instruction_query(MYSQL* conn, MYSQL_RES* res_set) {
rememberInstructions.clear();
// get the functions
// char* q = (char*)"SELECT * FROM instructions_1";
char *q = (char*)"select *, (select parent_function from basic_blocks_1 where id = i.basic_block_id and (i.address - parent_function) >= 0 and (i.address - parent_function) = (select min(i.address - parent_function) from basic_blocks_1 where id = i.basic_block_id and (i.address - parent_function) >= 0) ) as i_f from instructions_1 i order by i.address";
if (RoseBin_support::DEBUG_MODE())
cout << "\n>> QUERY:: " << q << "\n" << endl;
res_set = process_query(conn,q);
if (res_set == NULL) {
print_problemWithResults(conn);
} else {
MYSQL_ROW row;
string mnemonic=(char*)"";
uint64_t address=0;
int basic_block=-1;
int sequence =-1;
string data=(char*)"";
int i_func;
while ((row = mysql_fetch_row(res_set))!=NULL) {
for (unsigned int i=0; i<mysql_num_fields(res_set);i++) {
char* ret=(char*)"";
if (row[i] ==NULL) {
ret = (char*)"<NULL>";
if (i==0) address = -1;
if (i==1) basic_block = -1;
if (i==2) mnemonic = ret;
if (i==3) sequence = -1;
if (i==4) data=ret;
if (i==5) i_func= -1;
} else {
ret= row[i];
if (i==0) address = atoi(ret);
if (i==1) basic_block = atoi(ret);
if (i==2) mnemonic = ret;
if (i==3) sequence = atoi(ret);
if (i==4) data=ret;
if (i==5) i_func = atoi(ret);
}
}
// patched to adjust to objdump , Apr 26 2007
if (mnemonic ==(char*)"retn")
mnemonic = (char*)"ret";
if (RoseBin_support::DEBUG_MODE()) {
ostringstream addrhex;
addrhex << hex << setw(8) << address ;
cout << ">> creating instruction : " << addrhex.str() << " " << address <<
" - " << basic_block << " - " << mnemonic << " - " << sequence << endl;
}
// check if it is an instruction or if it appears in the callgraph,
// if it is in the callgraph, one wants to create a BinaryCall instead
// append the instruction to its function
rose_hash::unordered_map <int, SgAsmFunction* >::iterator func_it = rememberFunctions.find(i_func);
SgAsmFunction* func = NULL;
// for (func_it; func_it!=rememberFunctions.end(); ++func_it) {
if (func_it != rememberFunctions.end()) {
func = func_it->second;
} else {
if (i_func!=-1)
cerr << " ERROR : cant find the function i_func : " << i_func << " in rememberFunctions for instruction : " << mnemonic << endl;
}
SgAsmInstruction* instruction = NULL;
instruction = createInstruction(address, func, mnemonic);
// instruction = new SgAsmInstruction(address,bb,mnemonic,"");
// Sep 29, tps : commented the following line out, since the function was removed.
//instruction->set_raw_bytes(data);
ROSE_ASSERT(instruction);
SgAsmOperandList* operandList = new SgAsmOperandList();
instruction->set_operandList(operandList);
operandList->set_parent(instruction);
ostringstream hexaddr;
hexaddr << hex << setw(8) << address ;
if (RoseBin_support::DEBUG_MODE())
cout << " .rememberInstruction " << instruction->class_name()
<< " at : " << address << " hex: " << hexaddr.str() << endl;
rememberInstructions[address]= instruction ;
if (func) {
// get the block in the func and append to it to conform to jeremiah
func->append_statement(instruction);
instruction->set_parent(func);
//vector <SgNode*> blockVec =func->get_traversalSuccessorContainer();
//SgAsmBlock* block = isSgAsmBlock(blockVec[0]);
//ROSE_ASSERT(block);
//block->append_statement(instruction);
//instruction->set_parent(block);
ROSE_ASSERT(instruction->get_parent());
//SgAsmNode* nInst = (SgAsmNode*) instruction;
//nInst->set_parent(func);
ostringstream addrhex;
addrhex << hex << setw(8) << i_func ;
if (RoseBin_support::DEBUG_MODE())
cout << ">> appended instruction to function: " << func->get_name() << " addr " << addrhex.str() << " " << address << endl;
} else {
if (i_func!=-1) {
cerr << " ERROR :: could not append instruction to function : " << endl;
//exit(0);
}
}
} // while
} // if (res_set==NULL)
checkError(conn,res_set);
}
void
RoseBin_FlowAnalysis::checkControlFlow( SgAsmInstruction* binInst,
int functionSize, int countDown,
string& currentFunctionName, int func_nr) {
//cerr << "check control flow" << endl;
while (!worklist_forthisfunction.empty()) {
SgAsmInstruction* binInst = worklist_forthisfunction.top();
worklist_forthisfunction.pop();
ROSE_ASSERT(binInst);
countDown--;
int address = binInst->get_address();
ostringstream addrhex;
addrhex << hex << setw(8) << address ;
ROSE_ASSERT(g_algo->info);
vector <VirtualBinCFG::CFGEdge> vec;
if (forward_analysis) {
vec = binInst->cfgBinOutEdges(g_algo->info);
if (isSgAsmx86Instruction(binInst) && isSgAsmx86Instruction(binInst)->get_kind() == x86_call) {
// vec.push_back(VirtualBinCFG::CFGEdge(VirtualBinCFG::CFGNode(binInst), VirtualBinCFG::CFGNode(g_algo->info->getInstructionAtAddress(binInst->get_address() + binInst->get_raw_bytes().size())), g_algo->info));
}
}
else
vec = binInst->cfgBinInEdges(g_algo->info);
string name = binInst->get_mnemonic();
// if (RoseBin_support::DEBUG_MODE())
// cout << " " << addrhex.str() << " " << func_nr << " :: " << functionSize <<
// "/" << countDown << " ---------- next CFG instruction : " << name << " vecSize : " << vec.size() << endl;
for (int i=0; i < (int)vec.size(); i++) {
VirtualBinCFG::CFGEdge edge = vec[i];
VirtualBinCFG::CFGNode cfg_target = edge.target();
VirtualBinCFG::CFGNode cfg_source = edge.source();
if (!forward_analysis) {
cfg_target = edge.source();
cfg_source = edge.target();
}
SgAsmInstruction* bin_target = isSgAsmInstruction(cfg_target.getNode());
SgAsmInstruction* thisbin = isSgAsmInstruction(cfg_source.getNode());
ROSE_ASSERT(thisbin);
SgAsmx86Instruction* thisbinX86 = isSgAsmx86Instruction(thisbin);
ROSE_ASSERT (thisbinX86);
string src_mnemonic = thisbin->get_mnemonic();
int src_address = thisbin->get_address();
if (analysisName=="callgraph")
src_address = funcDecl->get_address();
ostringstream addrhex_s;
addrhex_s << hex << setw(8) << src_address ;
SgGraphNode* src =NULL;
string hexStr = addrhex_s.str();
if (analysisName!="callgraph") {
vector<SgGraphNode*> sources;
vizzGraph->checkIfGraphNodeExists(hexStr, sources);
vector<SgGraphNode*>::const_iterator src_it =
sources.begin();
for (;src_it!=sources.end();++src_it) {
// should only be one node! adapted to new interface
src = *src_it;
}
if (src==NULL) {
// src= vizzGraph->createNode (src_mnemonic, typeNode, src_address, vizzGraph->graph->get_graph_id(), false, thisbin);
src= addCFNode (src_mnemonic, typeNode, src_address, false, thisbin);
string unp_name = unparseInstructionWithAddress(thisbin);
src->append_properties(SgGraph::name,unp_name);
if (analysisName=="dfa")
src->append_properties(SgGraph::dfa_standard,unp_name);
}
ROSE_ASSERT(src);
if (thisbinX86->get_kind() == x86_call) {
uint64_t returnAddr = thisbinX86->get_address() + thisbinX86->get_raw_bytes().size();
ROSE_ASSERT(g_algo->info);
SgAsmInstruction* retInsn = g_algo->info->getInstructionAtAddress(returnAddr);
if (retInsn) {
//worklist_forthisfunction.push(retInsn);
//ostringstream tgthex_s;
//tgthex_s << hex << setw(8) << returnAddr ;
//string tgtStr = tgthex_s.str();
//SgGraphNode* tgt = vizzGraph->checkIfGraphNodeExists(tgtStr);
// tps (25 Aug 2008) : this line seems broken!
//string mne = retInsn->get_mnemonic();
//if (!tgt) {tgt = vizzGraph->createNode(mne, typeNode, returnAddr, vizzGraph->graph->get_graph_id(), false, retInsn);}
// cerr << " ------> Creating return edge : " << thisbinX86->get_address() << " " << returnAddr << endl;
// vizzGraph->createEdge( typeEdge, vizzGraph->graph->get_graph_id(), src, thisbinX86->get_address(), tgt, returnAddr);
}
}
}
else if (analysisName=="callgraph") {
// These are special cases that annotate the call graph (nodes)
// so that the visualization can pick up the properties and color correctly
ROSE_ASSERT(g_algo->info);
if (thisbinX86->get_kind() == x86_jmp) {
if (thisbinX86->cfgBinOutEdges(g_algo->info).empty()) {
funcDeclNode->append_properties(SgGraph::nodest_jmp,RoseBin_support::ToString("nodest_jmp"));
}
}
else if (thisbinX86->get_kind() == x86_call) {
//cerr << "CallGRAPH: Found call : " <<
// RoseBin_support::HexToString(VirtualBinCFG::CFGNode(thisbinX86).getNode()->get_address()) << " to " <<
// RoseBin_support::HexToString(VirtualBinCFG::CFGNode(g_algo->info->getInstructionAtAddress(thisbinX86->get_address() + thisbinX86->get_raw_bytes().size())).getNode()->get_address()) << endl;
vector<VirtualBinCFG::CFGEdge> dests = thisbinX86->cfgBinOutEdges(g_algo->info);
dests.push_back(VirtualBinCFG::CFGEdge(VirtualBinCFG::CFGNode(thisbinX86), VirtualBinCFG::CFGNode(g_algo->info->getInstructionAtAddress(thisbinX86->get_address() + thisbinX86->get_raw_bytes().size())), g_algo->info));
if (!dests.empty()) {
SgAsmNode* parent = isSgAsmNode(dests[0].target().getNode()->get_parent());
if (!db)
parent = isSgAsmNode(parent->get_parent());
if (parent) {
SgAsmFunction* funcdestparent = isSgAsmFunction(parent);
string trg_func_name = funcdestparent->get_name();
if (trg_func_name==currentFunctionName) {
funcDeclNode->append_properties(SgGraph::itself_call,RoseBin_support::ToString("itself_call"));
}
}
} else {
funcDeclNode->append_properties(SgGraph::nodest_call,RoseBin_support::ToString("nodest_call"));
//cerr << " no destination found for call " << addrhex.str() << endl;
}
}
else if (thisbinX86->get_kind() == x86_int) {
funcDeclNode->append_properties(SgGraph::interrupt,RoseBin_support::ToString("interrupt"));
}
}
if (bin_target!=NULL) {
string trg_func_name = "";
int trg_func_address =1;
string hexStrf = "";
SgAsmFunction* funcDeclparent=NULL;
if (analysisName=="callgraph") {
SgAsmNode* parent = dynamic_cast<SgAsmNode*>(bin_target->get_parent());
if (parent==NULL)
continue;
if (!db)
parent = isSgAsmNode(parent->get_parent());
ROSE_ASSERT(parent);
funcDeclparent = isSgAsmFunction(parent);
ROSE_ASSERT(funcDeclparent);
trg_func_name = funcDeclparent->get_name();
trg_func_address = funcDeclparent->get_address();
ostringstream addrhex_tf;
addrhex_tf << hex << setw(8) << trg_func_address ;
hexStrf = addrhex_tf.str();
//cerr << " CALLGRAPH TARGET PARENT : " << hexStrf << endl;
}
string trg_mnemonic = bin_target->get_mnemonic();
int trg_address = bin_target->get_address();
ostringstream addrhex_t;
addrhex_t << hex << setw(8) << trg_address ;
if (RoseBin_support::DEBUG_MODE())
cout << " OUTEDGES TO: vec[" << i << "/" << vec.size() << "] :" <<
addrhex_t.str() << " " << trg_mnemonic << endl;
string hexStr = addrhex_t.str();
SgGraphNode* trg=NULL;
vector<SgGraphNode*> targets;
if (analysisName=="callgraph")
vizzGraph->checkIfGraphNodeExists(hexStrf, targets);
else
vizzGraph->checkIfGraphNodeExists(hexStr, targets);
vector<SgGraphNode*>::const_iterator src_it =
targets.begin();
for (;src_it!=targets.end();++src_it) {
// should only be one node! adapted to new interface
trg = *src_it;
}
//ROSE_ASSERT(trg);
bool target_visited = false;
// DQ (4/23/2009): We want the type defined in the base class.
// rose_hash::unordered_map <string, SgAsmInstruction*>::iterator vis = local_visited.find(hexStr);
// CH (4/9/2010): Use boost::unordered instead
//#ifndef _MSCx_VER
#if 1
rose_hash::unordered_map <string, SgAsmInstruction*>::iterator vis = local_visited.find(hexStr);
#else
rose_hash::unordered_map <string, SgAsmInstruction*,rose_hash::hash_string>::iterator vis = local_visited.find(hexStr);
#endif
if (vis!=local_visited.end())
target_visited=true;
if (trg==NULL) {
if (analysisName=="callgraph") {
// cerr << " >>> TARGET FUNC NAME " << trg_func_name << endl;
//trg = vizzGraph->createNode (trg_func_name, typeNode, trg_func_address, vizzGraph->graph->get_graph_id(),false, funcDeclparent);
trg = addCFNode (trg_func_name, typeNode, trg_func_address,false, funcDeclparent);
} else {
//trg = vizzGraph->createNode (trg_mnemonic, typeNode, trg_address, vizzGraph->graph->get_graph_id(),false, bin_target);
trg = addCFNode (trg_mnemonic, typeNode, trg_address, false, bin_target);
}
string unp_name = unparseInstructionWithAddress(bin_target);
//cout << " (target==NULL) unparse name : " << unp_name << endl;
trg->append_properties(SgGraph::name,unp_name);
if (analysisName=="dfa")
trg->append_properties(SgGraph::dfa_standard,unp_name);
} else {
string unp_name = unparseInstructionWithAddress(bin_target);
//cout << " unparse name : " << unp_name << endl;
trg->append_properties(SgGraph::name,unp_name);
if (analysisName=="dfa")
trg->append_properties(SgGraph::dfa_standard,unp_name);
}
ROSE_ASSERT(trg);
local_visited[hexStr] = bin_target;
string name="";
if (analysisName=="callgraph")
name = RoseBin_support::ToString(src_address)+RoseBin_support::ToString(trg_func_address);
else
name = RoseBin_support::ToString(src_address)+RoseBin_support::ToString(trg_address);
bool exists = vizzGraph->checkIfDirectedGraphEdgeExists(src, trg);
if (!exists) {
if (analysisName=="callgraph") {
if (currentFunctionName!=trg_func_name && thisbinX86->get_kind() != x86_ret) {
// SgDirectedGraphEdge* edge = vizzGraph->createEdge( typeEdge, vizzGraph->graph->get_graph_id(), funcDeclNode, src_address, trg, trg_func_address);
SgDirectedGraphEdge* edge = vizzGraph->addDirectedEdge( funcDeclNode, trg, typeEdge);
//cerr << "CallGraph : create edge : " << RoseBin_support::HexToString(src_address) << " to func : " << RoseBin_support::HexToString(trg_func_address) << endl;
vizzGraph->setProperty(SgGraph::type, edge, RoseBin_support::ToString(SgGraph::cfg));
}
} else {
//string addr = RoseBin_support::HexToString(binInst->get_address());
//if (addr==" 8048392" || addr==" 80482fd")
// cerr << " >>>>>>>>>> found " << addr << " -- target_address : " << RoseBin_support::HexToString(trg_address) << endl;
// SgDirectedGraphEdge* edge =vizzGraph->createEdge( typeEdge, vizzGraph->graph->get_graph_id(), src, src_address, trg, trg_address);
SgDirectedGraphEdge* edge = vizzGraph->addDirectedEdge( src, trg, typeEdge);
vizzGraph->setProperty(SgGraph::type, edge, RoseBin_support::ToString(SgGraph::cfg));
}
}
if (analysisName!="callgraph") {
// handle return edges
SgAsmStatementPtrList sources = thisbin->get_sources();
SgAsmStatementPtrList::iterator it = sources.begin();
for (;it!=sources.end();++it) {
SgAsmInstruction* instT = isSgAsmInstruction(*it);
//cerr << " This node is called from : " << instT->get_address() << endl;
ostringstream addr_t;
addr_t << hex << setw(8) << instT->get_address() ;
SgGraphNode* trg =NULL;
string hexStr = addr_t.str();
vector<SgGraphNode*> targets;
vizzGraph->checkIfGraphNodeExists(hexStr, targets);
vector<SgGraphNode*>::const_iterator src_it =
targets.begin();
for (;src_it!=targets.end();++src_it) {
// should only be one node! adapted to new interface
trg = *src_it;
}
//trg= vizzGraph->checkIfGraphNodeExists(hexStr);
if (trg==NULL) {
string hexa = RoseBin_support::HexToString(instT->get_address());
hexa = hexa.substr(1,hexa.size());
string name = "0x"+hexa+":"+instT->get_mnemonic();
//trg= vizzGraph->createNode (name, typeNode, instT->get_address(), vizzGraph->graph->get_graph_id(), false, instT);
trg= addCFNode(name, typeNode, instT->get_address(), false, instT);
}
bool exists = vizzGraph->checkIfDirectedGraphEdgeExists( trg,src);
if (!exists) {
bool same = sameParents(trg,src);
if (!same) {
SgDirectedGraphEdge* edge =vizzGraph->addDirectedEdge( trg, src, typeEdge);
//SgDirectedGraphEdge* edge =vizzGraph->createEdge( typeEdge, vizzGraph->graph->get_graph_id(), trg, instT->get_address(), src, src_address);
vizzGraph->setProperty(SgGraph::type, edge, RoseBin_support::ToString(SgGraph::cfg));
}
}
}
}
if (!target_visited) {
// check if target is in the same function!!!
SgAsmNode* block = bin_target;
if (!db)
block = isSgAsmNode(bin_target->get_parent());
ROSE_ASSERT(block);
SgAsmFunction* funcPar = isSgAsmFunction(block->get_parent());
if (funcPar) {
string nameFunc = funcPar->get_name();
if (nameFunc==currentFunctionName) {
//checkControlFlow(bin_target, functionSize, countDown, currentFunctionName);
worklist_forthisfunction.push(bin_target);
}
} else {
if (RoseBin_support::DEBUG_MODE())
cerr << " ERROR:: Target Instruction has no parent! " << bin_target->class_name() << endl;
}
} // if visited
} else {
nr_target_missed++;
if (binInst)
if (RoseBin_support::DEBUG_MODE())
cerr << " WARNING:: no target found for " << RoseBin_support::HexToString(binInst->get_address()) << " " << binInst->class_name() << endl;
}
}
}
// if (RoseBin_support::DEBUG_MODE())
// cout << " ------------------------ done with instr: " << name << " " << addrhex.str() << endl;
}
