Crate liblisa_enc
Expand description
This library contains libLISA’s encoding analysis and some parts of enumeration.
§Encoding Analysis
Encoding analysis can be invoked as follows:
use liblisa::arch::x64::X64Arch;
use liblisa::instr::Instruction;
use liblisa_enc::infer_encoding;
use liblisa_x64_observer::with_oracle;
let instr = Instruction::new(&[0x90]);
let encoding = with_oracle(|mut oracle| infer_encoding(&instr, &mut oracle)).unwrap();
println!("{encoding}");§Enumeration
Two techniques for skipping invalid instructions or errors are implemented: tunneling and randomized search.
See crate::random_search_skip_invalid_instrs and tunnel_invalid_instrs/tunnel_memory_errors.
Modules§
- cache
- Cache for analysis results.
Structs§
- Change
Analysis - Determines
Changes between the dataflows of two instructions. - Dataflow
Analysis - Infers dataflows given an instruction and its
MemoryAccesses. - Encoding
Analysis - Infers
Encodings. - Json
Threshold Value - An efficent JSON representation of
ThresholdValues. - Json
Threshold Values - A collection of
JsonThresholdValues. - Memory
Access Analysis - Infers the
MemoryAccessesfor anInstruction. - Threshold
Values - A set of I/O examples for a destination, that identify the specific behavior of that destination.
Enums§
- Access
Analysis Error - Error returned when
MemoryAccessAnalysisfails. - Analysis
Error - Wrapper that can contain an
AccessAnalysisError,DataflowAnalysisErrororEncodingError. - Analysis
Result - The result of running Encoding Analysis on an
Instruction. - Change
- A difference between two
Dataflows. - Change
Location - The location in the
Dataflowswhere a change occurred. - Dataflow
Analysis Error - Error returned when
DataflowAnalysisfails. - Encoding
Error - Error returned when
EncodingAnalysisfails. - Find
Input Error - Error returned in an
AccessAnalysisErrorwhen no input registers can be found for an address calculation of a memory access. - Infer
Encoding Error - Error returned by
infer_encoding - Validity
- Determines whether a byte string is too short, too long, invalid, out-of-scope, or a valid instruction.
Functions§
- analyze
- Runs Encoding Analysis on the provided
Instruction. - infer_
encoding - Infers an
Encodingfor the providedInstruction. - random_
search_ skip_ invalid_ instrs - Skip consecutive byte strings that are invalid instructions using randomized search.
- tunnel_
invalid_ instrs - Skip byte strings that are invalid instructions using tunneling.
- tunnel_
memory_ errors - Skip instructions for which
crate::MemoryAccessAnalysisreturns an error using tunneling.