Examples of org.jakstab.asm.x86.X86Instruction

• org.jakstab.asm.x86.X86JmpInstruction

        /////////
        // Special case for non-exit edges of x86 REP/REPNZ prefixes (for loops using ecx)
        if (stmt.getSource().getType() == RTLGoto.Type.STRING_LENGTH_CHECK) {
          BasedNumberElement loopCounter = getValue(arch.loopCounter());
          if (loopCounter.isTop() || loopCounter.isNumberTop()) {
            X86Instruction instr = (X86Instruction)Program.getProgram().getInstruction(stmt.getAddress());
            BasedNumberValuation post = copyThisState();
            if (instr.hasEsiBasedMemorySource()) {
              logger.debug(stmt.getLabel() + ": ecx is unknown in REP/REPNZ, widening esi");
              post.setValue(arch.stringSource(), new BasedNumberElement(
                  getValue(arch.stringSource()).getRegion(),
                  NumberElement.getTop(arch.getAddressBitWidth())));
            }
            if (instr.hasEdiBasedMemoryTarget()) {
              logger.debug(stmt.getLabel() + ": ecx is unknown in REP/REPNZ, widening edi");
              post.setValue(arch.stringTarget(), new BasedNumberElement(
                  getValue(arch.stringTarget()).getRegion(),
                  NumberElement.getTop(arch.getAddressBitWidth())));
            }

    // Increase precision of ecx, esi, edi for REP prefixed instructions
    Program program = Program.getProgram();
    if (BoundedAddressTracking.repPrecBoost.getValue()) {
      AbsoluteAddress addr = location.getAddress();
      X86Instruction instr = (X86Instruction)program.getInstruction(addr);
      if (instr != null && (instr.hasPrefixREPZ() || instr.hasPrefixREPNZ())) {
        logger.debug("boost-rep: REP instruction at " + location + ", increasing precision of loop registers.");
        p.setThreshold(ExpressionFactory.createVariable("%ecx"), 1000);
        p.setThreshold(ExpressionFactory.createVariable("%esi"), 1000);
        p.setThreshold(ExpressionFactory.createVariable("%edi"), 1000);
      }

      AbsoluteAddress trampolineDest = new AbsoluteAddress(inBuf.readDWORD());
      //logger.debug("Trampoline destination is " + trampolineDest);
      pltIdx = (int)getFilePointer(trampolineDest);
      // Read the push instruction
      instr = disasm.decodeInstruction(pltIdx);
      X86Instruction pushSTOff = (X86Instruction)instr;
      // The push instruction's parameter is an index into the symbol table
      int symbolTableOff = ((Immediate)pushSTOff.getOperand1()).getNumber().intValue();
      // Read function name from symbol table
      //String functionName = elf.getSymbols()[symbolTableOff].toString();

      // r_offset is at 0, r_info at 4. r_info is an integer containing the symbol index
      int ri = symbolTableOff + 4;

   * Creates a new disassembler working on the given bytearray.
   *
   * @param code Byte array of code to be disassembled.
   */
  public X86Disassembler(BinaryInputBuffer code) {
    this(code, new X86InstructionFactoryImpl());
  }

      }
    }
    // now we should be at the first PLT jump
    while (true) {
      AbsoluteAddress jmpLocation = getVirtualAddress(pltIdx);
      X86JmpInstruction jmpToFunction = (X86JmpInstruction)instr;

      // Where the function pointer is to be stored
      AbsoluteAddress pltSlot = new AbsoluteAddress((((X86MemoryOperand)jmpToFunction.getBranchDestination())).getDisplacement());
      //logger.debug("Address of memory trampoline is " + pltSlot +
      //    ", file offset 0x" + Long.toHexString(getFilePointer(pltSlot)));
      // Before loading, there's a trampoline pointer back to the following push instruction stored in this slot
      inBuf.seek(getFilePointer(pltSlot));
      AbsoluteAddress trampolineDest = new AbsoluteAddress(inBuf.readDWORD());