/** ControlFlowAnalysis implements FunctionAnalysis interface **/
func (a *ControlFlowAnalysis) AnalyzeFunction(f *artifacts.Function) error {
ld, e := LD.New(a.ws)
check(e)
cj, e := ld.RegisterJumpTraceHandler(func(
insn gapstone.Instruction,
from_bb AS.VA,
target AS.VA,
jtype P.JumpType) error {
return a.ws.MakeCodeCrossReference(AS.VA(insn.Address), target, jtype)
})
check(e)
defer ld.UnregisterJumpTraceHandler(cj)
cb, e := ld.RegisterBBTraceHandler(func(start AS.VA, end AS.VA) error {
return a.ws.MakeBasicBlock(start, end)
})
check(e)
defer ld.UnregisterBBTraceHandler(cb)
c, e := ld.RegisterCallTraceHandler(func(from AS.VA, to AS.VA) error {
return a.ws.MakeCallCrossReference(from, to)
})
check(e)
defer ld.UnregisterCallTraceHandler(c)
e = ld.ExploreFunction(a.ws, f.Start)
check(e)
return nil
}
/** StackDeltaAnalysis implements FunctionAnalysis interface **/
func (a *StackDeltaAnalysis) AnalyzeFunction(f *artifacts.Function) error {
ld, e := LD.New(a.ws)
check(e)
didSetStackDelta := false
c, e := ld.RegisterInstructionTraceHandler(func(insn gapstone.Instruction) error {
if !didSetStackDelta {
if !disassembly.DoesInstructionHaveGroup(insn, gapstone.X86_GRP_RET) {
return nil
}
if len(insn.X86.Operands) == 0 {
f.SetStackDelta(0)
return nil
}
if insn.X86.Operands[0].Type != gapstone.X86_OP_IMM {
return nil
}
stackDelta := insn.X86.Operands[0].Imm
f.SetStackDelta(stackDelta)
didSetStackDelta = true
}
return nil
})
check(e)
defer ld.UnregisterInstructionTraceHandler(c)
e = ld.ExploreFunction(a.ws, f.Start)
check(e)
return nil
}
