[−][src]Crate p8n_types
A library for disassembling and analysing binary code.
The panopticon crate implements structures to model the in-memory representation of a program including is control flow, call graph and memory maps. The most important types and their interaction are as follows:
Project
├── Region
│ └── Layer
└── Program
└── Function
└── BasicBlock
└── Mnemonic
└── Statement
The Program, Function,
BasicBlock and Statement
types model the behaviour of code.
The Region and Layer types
represent how the program is laid out in memory.
Code
Panopticon models code as a collection of programs. Each
Program consists of functions. A Function a graph with nodes representing a
sequence of instructions and edges representing jumps. These instruction sequences are BasicBlocks
and contain a list of Mnemonics. The meaning of each
Mnemonic is described in the [RREIL][1] language. Each mnemonic includes a sequence of
Statements implementing it.
Panopticon allows multiple programs per project. For example, imagine a C# application that calls into a native DLL written in C. Such an application would have two program instances. One for the CIL code of the C# part of the application and one for the AMD64 object code inside the DLL.
The Disassembler and CodeGen are used to fill Function
structures with Mnemonics.
Data
The in-memory layout of an executable is modeled using the Region, Layer and
Cell types. All data is organized into Regions. Each Region is an array of
Cells numbered from 0 to n. Each Cell is an is either
undefined or has a value between 0 and 255 (both including). Regions are read
only. Changing their contents is done by applying Layer instance to them. A Layer
reads part of a Region or another Layer and returns a new Cell array. For example, Layer
can decrypt parts of a Region or replace individual Cells with new
ones.
In normal operation there is one Region for each memory address space, one on
Von-Neumann machines two on Harvard architectures. Other uses for Regions are
applying functions to Cell array where the result is not equal in size to the
input (for example uncompressing parts of the executable image).
Macros
| define_table_ref | |
| rreil2 | |
| rreil2_binop | |
| rreil2_unop | |
| rreil2_retop | |
| rreil2_callop | |
| rreil2_extop | |
| rreil2_selop | |
| rreil_imm | |
| rreil_load | |
| rreil_store | |
| rreil_val | |
| rreil_var |
Structs
| Area | Address range with sub-byte pecision. Used to order instructions that don't occupy any space in the binary (e.g. Phi). |
| BasicBlock | An uninterrupted sequence of machine code. Basic blocks cover a continuous address range. |
| BasicBlockIndex | Index of the basic block. |
| BasicBlockIterator | Iterator over basic blocks. |
| Bitcode | Memory conserving representation of IL code. |
| BitcodeIter | Iterator over serialized statements. |
| Constant | A constant value. |
| Content | Binary file meta information. Starting point for disassembler routines. |
| Error | The Error type. |
| Function | A single function in the binary. |
| Match | Result of a single disassembly operation. |
| Mnemonic | Native ISA mnemonic. |
| MnemonicIndex | Index of a mnemonic in a function. Local to a specific function. |
| MnemonicIterator | Iterator over a range of mnemonics |
| Name | A SSA variable name. |
| NameRef | Table index |
| Pointer | Named pointer inside a region. |
| Segment | A RREIL memory segment identifier. |
| SegmentRef | Table index |
| StrRef | Table index |
| Table | Table mapping hashable values to and from numeric indices. |
| TestArch | ISA used for testing. Single digits are interpreted as 32 bit constants, lower case letters as 32 bit registers or 1 bit flags depending on the context. First argument is the result. Upper case letters are opcodes. |
| Variable | A variable with known size. |
Enums
| CallTarget | Things that can be called. |
| CfgNode | Node in the control flow graph. |
| Constraint | A range of |
| Endianess | Byte order. |
| ErrorKind | The kind of an error. |
| FlowOperation | Call/Return operations. |
| Guard | Branch condition |
| Machine | CPU the binary file is intended for. |
| MemoryOperation | A memory operation. |
| Operation | A RREIL operation. |
| Region | A continuous address space. Regions are an array of cells numbered from 0. Each cell is either
|
| RewriteControl | Signaling for |
| Statement | A single IL statement. |
| Statements | A possibly compressed IL sequence. |
| UUID | UUIDs are used by RON to identify types, objects, events, etc. |
| Value | A RREIL value. |
Traits
| Architecture | CPU architecture and instruction set. |
| IntoStatementRange | Convertable into a range of statements. |
| ResultExt | Additional methods for |
Type Definitions
| Names | Name table for RREIL code. |
| Result | Convenient wrapper around |
| Segments | Segment table RREIL code. |
| Str | Our string type. |
| Strings | String table. |