vtil_parser

Struct Routine

Source 
pub struct Routine {
    pub header: Header,
    pub vip: Vip,
    pub routine_convention: RoutineConvention,
    pub subroutine_convention: SubroutineConvention,
    pub spec_subroutine_conventions: Vec<SubroutineConvention>,
    pub explored_blocks: IndexMap<Vip, BasicBlock>,
}
Expand description

VTIL routine container

Fields§

§header: Header

Header containing metadata about the VTIL container

§vip: Vip

The entry virtual instruction pointer for this VTIL routine

§routine_convention: RoutineConvention

Metadata regarding the calling conventions of the VTIL routine

§subroutine_convention: SubroutineConvention

Metadata regarding the calling conventions of the VTIL subroutine

§spec_subroutine_conventions: Vec<SubroutineConvention>

All special subroutine calling conventions in the top-level VTIL routine

§explored_blocks: IndexMap<Vip, BasicBlock>

Reachable BasicBlocks generated during a code-discovery analysis pass

Implementations§

Source§

impl Routine

VTIL routine container

Source

pub fn new(arch_id: ArchitectureIdentifier) -> Routine

Build a new VTIL routine container

Examples found in repository?
examples/builder.rs (line 18)
17fn main() -> Result<()> {
18    let mut routine = Routine::new(ArchitectureIdentifier::Virtual);
19    routine.header.arch_id = ArchitectureIdentifier::Amd64;
20    let basic_block = routine.create_block(Vip(0)).unwrap();
21    let mut builder = InstructionBuilder::from(basic_block);
22    let tmp1 = RegisterDesc::X86_REG_RAX;
23
24    for i in 0..100 {
25        builder
26            .add(tmp1, 13u32.into())
27            .nop()
28            .sub(tmp1, 12u32.into())
29            .nop()
30            .add(tmp1, 14u32.into())
31            .mov(tmp1, tmp1.into())
32            .sub(tmp1, tmp1.into())
33            .xor(tmp1, (i as u32).into())
34            .push(tmp1.into());
35    }
36
37    builder.vpinr(tmp1).vexit(0u64.into());
38
39    std::fs::write("built.vtil", routine.into_bytes()?)?;
40    Ok(())
41}
Source

pub fn create_block(&mut self, vip: Vip) -> Option<&mut BasicBlock>

Tries to create a BasicBlock, returns None if a block already exists at the given address

Examples found in repository?
examples/builder.rs (line 20)
17fn main() -> Result<()> {
18    let mut routine = Routine::new(ArchitectureIdentifier::Virtual);
19    routine.header.arch_id = ArchitectureIdentifier::Amd64;
20    let basic_block = routine.create_block(Vip(0)).unwrap();
21    let mut builder = InstructionBuilder::from(basic_block);
22    let tmp1 = RegisterDesc::X86_REG_RAX;
23
24    for i in 0..100 {
25        builder
26            .add(tmp1, 13u32.into())
27            .nop()
28            .sub(tmp1, 12u32.into())
29            .nop()
30            .add(tmp1, 14u32.into())
31            .mov(tmp1, tmp1.into())
32            .sub(tmp1, tmp1.into())
33            .xor(tmp1, (i as u32).into())
34            .push(tmp1.into());
35    }
36
37    builder.vpinr(tmp1).vexit(0u64.into());
38
39    std::fs::write("built.vtil", routine.into_bytes()?)?;
40    Ok(())
41}
Source

pub fn remove_block(&mut self, vip: Vip) -> Option<BasicBlock>

Tries to remove a BasicBlock from the Routine

Source

pub fn from_path<P: AsRef<Path>>(path: P) -> Result<Routine>

Tries to load VTIL routine from the given path

Examples found in repository?
examples/dot.rs (line 81)
79fn main() -> Result<()> {
80    let mut argv = env::args();
81    let routine = Routine::from_path(argv.nth(1).unwrap())?;
82    dump_routine(routine.explored_blocks.values());
83    Ok(())
84}
More examples
Hide additional examples
examples/dump.rs (line 20)
18fn main() -> Result<()> {
19    let mut argv = env::args();
20    let routine = Routine::from_path(argv.nth(1).unwrap())?;
21    dump_routine(&mut std::io::stdout(), &routine).unwrap();
22    Ok(())
23}
examples/simple.rs (line 20)
18fn main() -> Result<()> {
19    let mut argv = env::args();
20    let routine = Routine::from_path(argv.nth(1).unwrap())?;
21    println!(
22        "The architecture of this VTIL routine is: {:?}",
23        routine.header.arch_id
24    );
25    Ok(())
26}
Source

pub fn from_vec(source: &[u8]) -> Result<Routine>

Loads VTIL routine from a Vec<u8>

Source

pub fn into_bytes(self) -> Result<Vec<u8>>

Serialize the VTIL routine container, consuming it

Examples found in repository?
examples/builder.rs (line 39)
17fn main() -> Result<()> {
18    let mut routine = Routine::new(ArchitectureIdentifier::Virtual);
19    routine.header.arch_id = ArchitectureIdentifier::Amd64;
20    let basic_block = routine.create_block(Vip(0)).unwrap();
21    let mut builder = InstructionBuilder::from(basic_block);
22    let tmp1 = RegisterDesc::X86_REG_RAX;
23
24    for i in 0..100 {
25        builder
26            .add(tmp1, 13u32.into())
27            .nop()
28            .sub(tmp1, 12u32.into())
29            .nop()
30            .add(tmp1, 14u32.into())
31            .mov(tmp1, tmp1.into())
32            .sub(tmp1, tmp1.into())
33            .xor(tmp1, (i as u32).into())
34            .push(tmp1.into());
35    }
36
37    builder.vpinr(tmp1).vexit(0u64.into());
38
39    std::fs::write("built.vtil", routine.into_bytes()?)?;
40    Ok(())
41}

Trait Implementations§

Source§

impl Debug for Routine

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl SizeWith<Routine> for Routine

Source§

fn size_with(routine: &Routine) -> usize

Source§

impl TryFromCtx<'_, Endian> for Routine

Source§

type Error = Error

Source§

fn try_from_ctx(source: &[u8], endian: Endian) -> Result<(Self, usize)>

Source§

impl TryIntoCtx<Endian> for Routine

Source§

type Error = Error

Source§

fn try_into_ctx(self, sink: &mut [u8], _endian: Endian) -> Result<usize>

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.