[−][src]Crate p8n_types
A library for disassembling and analysing binary code.
The panopticon crate implements structures to model the in-memory representation of a program including is control flow, call graph and memory maps. The most important types and their interaction are as follows:
Project
├── Region
│ └── Layer
└── Program
└── Function
└── BasicBlock
└── Mnemonic
└── Statement
The Program
, Function
,
BasicBlock
and Statement
types model the behaviour of code.
The Region
and Layer
types
represent how the program is laid out in memory.
Code
Panopticon models code as a collection of programs. Each
Program
consists of functions. A Function
a graph with nodes representing a
sequence of instructions and edges representing jumps. These instruction sequences are BasicBlock
s
and contain a list of Mnemonic
s. The meaning of each
Mnemonic
is described in the [RREIL][1] language. Each mnemonic includes a sequence of
Statement
s implementing it.
Panopticon allows multiple programs per project. For example, imagine a C# application that calls into a native DLL written in C. Such an application would have two program instances. One for the CIL code of the C# part of the application and one for the AMD64 object code inside the DLL.
The Disassembler
and CodeGen
are used to fill Function
structures with Mnemonic
s.
Data
The in-memory layout of an executable is modeled using the Region
, Layer
and
Cell
types. All data is organized into Region
s. Each Region
is an array of
Cell
s numbered from 0 to n. Each Cell
is an is either
undefined or has a value between 0 and 255 (both including). Region
s are read
only. Changing their contents is done by applying Layer
instance to them. A Layer
reads part of a Region
or another Layer
and returns a new Cell
array. For example, Layer
can decrypt parts of a Region
or replace individual Cell
s with new
ones.
In normal operation there is one Region
for each memory address space, one on
Von-Neumann machines two on Harvard architectures. Other uses for Region
s are
applying functions to Cell
array where the result is not equal in size to the
input (for example uncompressing parts of the executable image).
Macros
define_table_ref | |
rreil2 | |
rreil2_binop | |
rreil2_unop | |
rreil2_retop | |
rreil2_callop | |
rreil2_extop | |
rreil2_selop | |
rreil_imm | |
rreil_load | |
rreil_store | |
rreil_val | |
rreil_var |
Structs
Area | Address range with sub-byte pecision. Used to order instructions that don't occupy any space in the binary (e.g. Phi). |
BasicBlock | An uninterrupted sequence of machine code. Basic blocks cover a continuous address range. |
BasicBlockIndex | Index of the basic block. |
BasicBlockIterator | Iterator over basic blocks. |
Bitcode | Memory conserving representation of IL code. |
BitcodeIter | Iterator over serialized statements. |
Constant | A constant value. |
Content | Binary file meta information. Starting point for disassembler routines. |
Error | The Error type. |
Function | A single function in the binary. |
Match | Result of a single disassembly operation. |
Mnemonic | Native ISA mnemonic. |
MnemonicIndex | Index of a mnemonic in a function. Local to a specific function. |
MnemonicIterator | Iterator over a range of mnemonics |
Name | A SSA variable name. |
NameRef | Table index |
Pointer | Named pointer inside a region. |
Segment | A RREIL memory segment identifier. |
SegmentRef | Table index |
StrRef | Table index |
Table | Table mapping hashable values to and from numeric indices. |
TestArch | ISA used for testing. Single digits are interpreted as 32 bit constants, lower case letters as 32 bit registers or 1 bit flags depending on the context. First argument is the result. Upper case letters are opcodes. |
Variable | A variable with known size. |
Enums
CallTarget | Things that can be called. |
CfgNode | Node in the control flow graph. |
Constraint | A range of |
Endianess | Byte order. |
ErrorKind | The kind of an error. |
FlowOperation | Call/Return operations. |
Guard | Branch condition |
Machine | CPU the binary file is intended for. |
MemoryOperation | A memory operation. |
Operation | A RREIL operation. |
Region | A continuous address space. Regions are an array of cells numbered from 0. Each cell is either
|
RewriteControl | Signaling for |
Statement | A single IL statement. |
Statements | A possibly compressed IL sequence. |
UUID | UUIDs are used by RON to identify types, objects, events, etc. |
Value | A RREIL value. |
Traits
Architecture | CPU architecture and instruction set. |
IntoStatementRange | Convertable into a range of statements. |
ResultExt | Additional methods for |
Type Definitions
Names | Name table for RREIL code. |
Result | Convenient wrapper around |
Segments | Segment table RREIL code. |
Str | Our string type. |
Strings | String table. |