Crate p8n_types

Expand description

A library for disassembling and analysing binary code.

The panopticon crate implements structures to model the in-memory representation of a program including is control flow, call graph and memory maps. The most important types and their interaction are as follows:

Project
├── Region
│   └── Layer
└── Program
    └── Function
        └── BasicBlock
            └── Mnemonic
                └── Statement

The Program, Function, BasicBlock and Statement types model the behaviour of code. The Region and Layer types represent how the program is laid out in memory.

§Code

Panopticon models code as a collection of programs. Each Program consists of functions. A Function a graph with nodes representing a sequence of instructions and edges representing jumps. These instruction sequences are BasicBlocks and contain a list of Mnemonics. The meaning of each Mnemonic is described in the [RREIL][1] language. Each mnemonic includes a sequence of Statements implementing it.

Panopticon allows multiple programs per project. For example, imagine a C# application that calls into a native DLL written in C. Such an application would have two program instances. One for the CIL code of the C# part of the application and one for the AMD64 object code inside the DLL.

The Disassembler and CodeGen are used to fill Function structures with Mnemonics.

§Data

The in-memory layout of an executable is modeled using the Region, Layer and Cell types. All data is organized into Regions. Each Region is an array of Cells numbered from 0 to n. Each Cell is an is either undefined or has a value between 0 and 255 (both including). Regions are read only. Changing their contents is done by applying Layer instance to them. A Layer reads part of a Region or another Layer and returns a new Cell array. For example, Layer can decrypt parts of a Region or replace individual Cells with new ones.

In normal operation there is one Region for each memory address space, one on Von-Neumann machines two on Harvard architectures. Other uses for Regions are applying functions to Cell array where the result is not equal in size to the input (for example uncompressing parts of the executable image).

Macros§

define_table_ref
rreil2
rreil2_binop
rreil2_callop
rreil2_extop
rreil2_retop
rreil2_selop
rreil2_unop
rreil_imm
rreil_load
rreil_store
rreil_val
rreil_var

Structs§

Area: Address range with sub-byte pecision. Used to order instructions that don’t occupy any space in the binary (e.g. Phi).
BasicBlock: An uninterrupted sequence of machine code. Basic blocks cover a continuous address range.
BasicBlockIndex: Index of the basic block.
BasicBlockIterator: Iterator over basic blocks.
Bitcode: Memory conserving representation of IL code.
BitcodeIter: Iterator over serialized statements.
Constant: A constant value.
Content: Binary file meta information. Starting point for disassembler routines.
Error: The Error type.
Function: A single function in the binary.
Match: Result of a single disassembly operation.
Mnemonic: Native ISA mnemonic.
MnemonicIndex: Index of a mnemonic in a function. Local to a specific function.
MnemonicIterator: Iterator over a range of mnemonics
Name: A SSA variable name.
NameRef: Table index
Pointer: Named pointer inside a region.
Segment: A RREIL memory segment identifier.
SegmentRef: Table index
StrRef: Table index
Table: Table mapping hashable values to and from numeric indices.
TestArch: ISA used for testing. Single digits are interpreted as 32 bit constants, lower case letters as 32 bit registers or 1 bit flags depending on the context. First argument is the result. Upper case letters are opcodes.
Variable: A variable with known size.

Enums§

CallTarget: Things that can be called.
CfgNode: Node in the control flow graph.
Constraint: A range of n-bit integers.
Endianess: Byte order.
ErrorKind: The kind of an error.
FlowOperation: Call/Return operations.
Guard: Branch condition
Machine: CPU the binary file is intended for.
MemoryOperation: A memory operation.
Operation: A RREIL operation.
Region: A continuous address space. Regions are an array of cells numbered from 0. Each cell is either undefined of carries a single byte value.
RewriteControl: Signaling for Statement::rewrite.
Statement: A single IL statement.
Statements: A possibly compressed IL sequence.
UUID: UUIDs are used by RON to identify types, objects, events, etc.
Value: A RREIL value.

Traits§

Architecture: CPU architecture and instruction set.
IntoStatementRange: Convertable into a range of statements.
ResultExt: Additional methods for Result, for easy interaction with this crate.

Type Aliases§

Names: Name table for RREIL code.
Result: Convenient wrapper around std::Result.
Segments: Segment table RREIL code.
Str: Our string type.
Strings: String table.

Crate p8n_typesCopy item path