public interface

INativeCodeUnit

implements ICodeUnit INativeContext IMethodManager
com.pnfsoftware.jeb.core.units.INativeCodeUnit<InsnType extends com.pnfsoftware.jeb.core.units.code.IInstruction>

Class Overview

Specialized code unit that manages a native code processor and uses a virtual memory.

Code units own and work closely with the following objects:

Note: if a debugger is attached, a temporary physical image base can be set.

Summary

Constants
String externalSymbolsPrefix EXTERN_FUNCTION routine prefix
String importPtrPrefix PTRFUNCTION routine prefix
String targetPrefix Target routine prefix with named trampoline: '*'
String trampolinePrefix Trampoline routines prefix: unicode RIGHTWARDS ARROW '→'
[Expand]
Inherited Constants
From interface com.pnfsoftware.jeb.core.units.code.asm.items.IMethodManager
Public Methods
abstract String getAddressFromCodeCoordinates(ICodeCoordinates cc, AddressConversionPrecision precision)
abstract INativeCodeAnalyzerExtension<InsnType> getAnalyzerExtension()
Get the principal code analyzer extension attached to this unit.
abstract long getCanonicalMemoryAddress(String address)
Convert a flexible native code unit address to a canonical memory address.
abstract long getCanonicalMemoryAddress(String address, AddressConversionPrecision precision)
Convert a flexible native code unit address to a canonical memory address.
abstract INativeClassItem getClass(String fqname)
Convenience method used to retrieve a class by name.
abstract INativeClassItem getClassByIndex(int index)
Get a class by its internal index.
abstract IClassManager getClassManager()
abstract List<? extends INativeClassItem> getClasses()
Get the list of classes.
abstract INativeCodeAnalyzer<InsnType> getCodeAnalyzer()
Get the code analyzer.
abstract INativeCodeAnalyzerExtensionsManager<InsnType> getCodeAnalyzerExtensionsManager()
Retrieve the currently-set analyzer extensions manager.
abstract GenericCodeFormatter<InsnType> getCodeFormatter()
Get the helper object used to format instructions into a sink.
abstract INativeCodeModel<InsnType> getCodeModel()
Get the code model.
abstract ICodeObjectUnit getCodeObjectContainer()
Provide the parent code object container, if there is one.
abstract NativeCommentManager getCommentManager()
Get the comment manager.
abstract INativeType getDataTypeAt(long address)
Get the native type of the data item located at the provided address.
abstract INativeDecompilerUnit<InsnType> getDecompiler()
Retrieve or create a decompiler for this unit.
abstract INativeDisassemblyDocument getDisassemblyDocument()
Convenience method to retrieve the text document representing the disassembly of this code unit.
abstract Endianness getEndianness()
Retrieve the endianness.
abstract long getEntryPointAddress()
Get the address of the entry-point of this unit, if any.
abstract INativeFieldItem getField(String fqname)
Convenience method used to retrieve a field by name.
abstract INativeFieldItem getFieldByIndex(int index)
Get a field by its internal index.
abstract IFieldManager getFieldManager()
abstract List<INativeFieldItem> getFields()
Get the list of fields.
abstract long getHighLevelEntryPointAddress()
Get the address of the high-level entry-point of this unit, if any.
abstract String getInlineComment(long address)
Convenience method used to retrieve the inline comment at the provided virtual address.
abstract INativeMethodItem getInternalMethod(long memoryAddress, boolean addressIsEntryPoint)
Retrieve an internal method by address (any address within the method).
abstract INativeMethodItem getInternalMethod(long memoryAddress)
Retrieve an internal method by its entry-point address.
abstract List<? extends INativeMethodItem> getInternalMethods()
Retrieve all internal methods.
abstract List<? extends INativeMethodItem> getInternalMethods(long memoryAddress)
Retrieve the internal methods spanning over the provided address
abstract List<? extends INativeMethodItem> getInternalMethodsLeafFirst()
Retrieve all internal methods, ordered from the leaves to the roots.
abstract List<? extends INativeMethodItem> getInternalMethodsSizeFirst()
Retrieve all internal methods, ordered from their ascending byte size.
abstract INativeItem getItemObject(long id)
Optionally provide an object associated with the given item.
abstract IUnitLock getLock()
Retrieve the model lock, used to request a full-access model lock or a partial, read-only, transactional lock.
abstract IVirtualMemory getMemory()
Retrieve the virtual memory managed used by this unit.
abstract INativeMethodItem getMethod(String fqname)
Convenience method used to retrieve a method by name.
abstract INativeMethodItem getMethodByIndex(int index)
Get a method by its internal index.
abstract IMethodManager getMethodManager()
abstract List<? extends INativeMethodItem> getMethods()
Get the list of methods.
abstract INativeContinuousItem getNativeItemAt(long address)
Get the item located at the exact address.
abstract INativeContinuousItem getNativeItemOver(long address)
Get the item spanning over the provided address.
abstract SortedMap<Long, INativeContinuousItem> getNativeItemsOver(long address, int size)
Retrieve a read-only map of the native items located within the provided memory range.
abstract IPackageManager getPackageManager()
Get the package/namespace manager used by this unit.
abstract List<? extends IPackage> getPackages()
Get the list of code packages.
abstract long getPhysicalImageDelta()
Retrieve the difference between Physical Image base as set by setPhysicalImageBase(long) and Virtual Image Base as retrieved by getVirtualImageBase().
abstract IProcessor<InsnType> getProcessor()
Retrieve the machine code parser (pseudo-processor) managed by this unit.
abstract String getProcessorName()
Convenience method used to retrieve the processor's name.
abstract NativeSignatureDBManager getSignatureManager()
Get the global signature manager used by this unit.
abstract INativeStringItem getStringByIndex(int index)
Retrieve a string by index.
abstract List<? extends INativeStringItem> getStrings()
Get the list of code strings.
abstract String getSymbolicStringAddress(long address)
Retrieve the simplest symbol address that corresponds to the given physical address.
abstract String getSymbolicStringAddress(long address, int sspref)
Retrieve a symbol address that corresponds to the given physical address.
abstract TypeLibraryService getTypeLibraryService()
Get the global type library service.
abstract ITypeManager getTypeManager()
Get the global type manager used by this unit.
abstract List<? extends INativeType> getTypes()
Get the list of types.
abstract boolean isAnalysisCompleted()
Determine whether a code analysis pass is ongoing.
abstract boolean isInitialAnalysisDone()
Determine whether or not an initial analysis pass has been done.
abstract boolean performAnalysis(boolean async, Boolean includeAdvancedAnalysis, Runnable onCompletion)
Start an analysis.
abstract boolean performInitialAnalysis(Boolean blocking)
abstract boolean performInitialAnalysis()
Perform the initial analysis pass.
abstract boolean process()
Quickly process the unit.
abstract void setAnalyzerExtension(INativeCodeAnalyzerExtension<InsnType> ext)
Set the principal code analyzer extension for this unit.
abstract void setCallingConvention(ICallingConvention cc)
abstract boolean setCodeAt(long address, int procmode, boolean undefineOverlappingItems)
Parse and create an instruction at the provided address.
abstract void setCodeFormatter(GenericCodeFormatter<InsnType> codeFormatter)
abstract void setCompilerType(CompilerType compilerType)
Set a hint.
abstract boolean setDataAt(long address, INativeType type, String name, boolean undefineOverlappingItems)
Create or update a data item at the provided address.
abstract boolean setDataAt(long address, INativeType type, String name)
Create or update a data item at the provided address.
abstract boolean setDataTypeAt(long address, INativeType type)
Convenience method to set the native type of a data item located at the provided address.
abstract boolean setInlineComment(long address, String comment)
Convenience method used to set the inline comment at the provided virtual address.
abstract void setMemory(IVirtualMemory mem)
Optionally set the current optional virtual memory (VM) used by this unit.
abstract void setPhysicalImageBase(long physicalImageBase)
Set the real (physical) image base for this piece of code.
abstract void setProcessor(IProcessor<InsnType> proc)
Set the code parser (processor) used by this unit.
abstract boolean setRoutineAt(long address)
Parse and attempt to create a routine at the provided address.
abstract boolean setRoutineAt(long address, int procmode, int permission)
Parse and attempt to create a routine at the provided address.
abstract boolean setRoutineAt(long address, int procmode)
Parse and attempt to create a routine at the provided address.
abstract boolean setRoutinePrototype(INativeMethodItem routine, String prototypeString)
Set a routine prototype.
abstract boolean setRoutineReferenceAt(long address, INativeMethodItem routine)
Create a special data item representing a reference to a method.
abstract boolean setRoutineSignature(INativeMethodItem routine, String signatureString, boolean prototypeOnly)
Set a routine signature or protytpe.
abstract boolean setStringAt(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars)
Create a string data item.
abstract boolean setStringAt(long address, long addressMax, StringEncoding stringType, int minChars, int maxChars, boolean undefineOverlappingItems)
Create a string data item.
abstract void setSubsystemType(SubsystemType subsystemType)
Set a hint.
abstract void setVirtualImageBase(long virtualImageBase)
Set preferred image base
abstract boolean undefineItem(long address)
Undefine the memory item starting at the provided address.
[Expand]
Inherited Methods
From interface com.pnfsoftware.jeb.core.IUnitCreator
From interface com.pnfsoftware.jeb.core.IUserDataSupport
From interface com.pnfsoftware.jeb.core.units.IAddressableUnit
From interface com.pnfsoftware.jeb.core.units.IInteractiveUnit
From interface com.pnfsoftware.jeb.core.units.IUnit
From interface com.pnfsoftware.jeb.core.units.code.ICodeUnit
From interface com.pnfsoftware.jeb.core.units.code.asm.INativeContext
From interface com.pnfsoftware.jeb.core.units.code.asm.items.IMethodManager
From interface com.pnfsoftware.jeb.util.events.IEventSource

Constants

public static final String externalSymbolsPrefix

EXTERN_FUNCTION routine prefix

Constant Value: "extern"

public static final String importPtrPrefix

PTRFUNCTION routine prefix

Constant Value: "ptr_"

public static final String targetPrefix

Target routine prefix with named trampoline: '*'

Constant Value: "*"

public static final String trampolinePrefix

Trampoline routines prefix: unicode RIGHTWARDS ARROW '→'

Constant Value: "→"

Public Methods

public abstract String getAddressFromCodeCoordinates (ICodeCoordinates cc, AddressConversionPrecision precision)

public abstract INativeCodeAnalyzerExtension<InsnType> getAnalyzerExtension ()

Get the principal code analyzer extension attached to this unit.

public abstract long getCanonicalMemoryAddress (String address)

Convert a flexible native code unit address to a canonical memory address.

Unit addresses can be code labels, pseudo labels, string representations of physical addresses, etc.

Parameters
address an address
Returns
  • the memory address, or -1 (0xFFFFFFFF_FFFFFFFFL) on failure

public abstract long getCanonicalMemoryAddress (String address, AddressConversionPrecision precision)

Convert a flexible native code unit address to a canonical memory address.

Unit addresses can be code labels, pseudo labels, string representations of physical addresses, etc.

Parameters
address an address
precision use COARSE to bypass early name resolution, and attempt a simple number conversion first (e.g., with coarse address "aabb" will be resolved to 0xAABB before looking if an item is named "aabb"); with FINE (or DEFAULT), item name resolution is attempted first; therefore, for quick and unreliable conversions, use COARSE; else, use the DEFAULT setting
Returns
  • the memory address, or -1 (0xFFFFFFFF_FFFFFFFFL) on failure

public abstract INativeClassItem getClass (String fqname)

Convenience method used to retrieve a class by name.

public abstract INativeClassItem getClassByIndex (int index)

Get a class by its internal index. Class indices are monotonously increasing, and gaps may exist as classes get destroyed and created. The caller should not assume that getClassByIndex(i)==getClasses().get(i).

Parameters
index an opaque class index, eg one present in ICodeCoordinates
Returns
  • a class object or null

public abstract IClassManager getClassManager ()

public abstract List<? extends INativeClassItem> getClasses ()

Get the list of classes.

public abstract INativeCodeAnalyzer<InsnType> getCodeAnalyzer ()

Get the code analyzer.

Life-cycle information: this method will return null until the unit is processed.

public abstract INativeCodeAnalyzerExtensionsManager<InsnType> getCodeAnalyzerExtensionsManager ()

Retrieve the currently-set analyzer extensions manager. Life-cycle information: this method will return null until the unit is processed.

Note: third-party code should not use this for now.

public abstract GenericCodeFormatter<InsnType> getCodeFormatter ()

Get the helper object used to format instructions into a sink.

Do not confuse the code formatter with the unit's formatter.

public abstract INativeCodeModel<InsnType> getCodeModel ()

Get the code model.

public abstract ICodeObjectUnit getCodeObjectContainer ()

Provide the parent code object container, if there is one. Typically, that would be an ELF, PE-COFF, or Mach-O unit accessible through the generic interface ICodeObjectUnit or any of the derived specialized interfaces.

Returns
  • a unit or null

public abstract NativeCommentManager getCommentManager ()

Get the comment manager. This method is optional. When the unit is disposed, this method must return null. The default implementation returns null.

Returns
  • a comment manager, or null if the unit does not have one

public abstract INativeType getDataTypeAt (long address)

Get the native type of the data item located at the provided address.

public abstract INativeDecompilerUnit<InsnType> getDecompiler ()

Retrieve or create a decompiler for this unit. If a corresponding gendec plugin is not available with your JEB license, null is returned.

public abstract INativeDisassemblyDocument getDisassemblyDocument ()

Convenience method to retrieve the text document representing the disassembly of this code unit.

The caller is responsible for disposing the returned document after usage.

public abstract Endianness getEndianness ()

Retrieve the endianness. This method is for convenience only; byte ordering can always be retrieved through the IProcessor.

Returns
  • byte ordering for the target

public abstract long getEntryPointAddress ()

Get the address of the entry-point of this unit, if any.

public abstract INativeFieldItem getField (String fqname)

Convenience method used to retrieve a field by name.

public abstract INativeFieldItem getFieldByIndex (int index)

Get a field by its internal index. Field indices are monotonously increasing, and gaps may exist as fields get destroyed and created. The caller should not assume that getFieldByIndex(i)==getFields().get(i).

Parameters
index an opaque field index, eg one present in ICodeCoordinates
Returns
  • a field object or null

public abstract IFieldManager getFieldManager ()

public abstract List<INativeFieldItem> getFields ()

Get the list of fields.

public abstract long getHighLevelEntryPointAddress ()

Get the address of the high-level entry-point of this unit, if any.

The high-level entry-point corresponds to a main() (or similar) routine. It is the routine executed after the compiler-generated initialization code is executed. Note that it might be set as a result of the initial analysis.

Returns
  • real entry point address, -1L if none

public abstract String getInlineComment (long address)

Convenience method used to retrieve the inline comment at the provided virtual address.

Parameters
address VA
Returns
  • a comment or null

public abstract INativeMethodItem getInternalMethod (long memoryAddress, boolean addressIsEntryPoint)

Retrieve an internal method by address (any address within the method). An internal method has an associated data item associated to it. If multiple methods share the provided address, the one with the lowest entry-point address is returned.

Parameters
addressIsEntryPoint true if the provided address is the method entry-point; false if the address is just part of the routine. In the latter case, if the address belongs to several routines, any one is returned
Returns
  • a routine item or null

public abstract INativeMethodItem getInternalMethod (long memoryAddress)

Retrieve an internal method by its entry-point address. An internal method has an associated data item associated to it. If multiple methods share the provided entry-point address, the first one is returned.

Returns
  • a routine item or null

public abstract List<? extends INativeMethodItem> getInternalMethods ()

Retrieve all internal methods. An internal method has an associated data item associated to it.

Returns
  • a list of internal methods

public abstract List<? extends INativeMethodItem> getInternalMethods (long memoryAddress)

Retrieve the internal methods spanning over the provided address

public abstract List<? extends INativeMethodItem> getInternalMethodsLeafFirst ()

Retrieve all internal methods, ordered from the leaves to the roots. An internal method has an associated data item associated to it.

public abstract List<? extends INativeMethodItem> getInternalMethodsSizeFirst ()

Retrieve all internal methods, ordered from their ascending byte size. An internal method has an associated data item associated to it.

public abstract INativeItem getItemObject (long id)

Optionally provide an object associated with the given item. This method may return null, an opaque object, or an object defined by the contract of the implementing object or sub-interface. The SPI of sub-interfaces should specify the item id formats, if any, as well as types and semantics associated with the objects returned by this method.

Parameters
id the item id
Returns
  • an object, whose type is defined by contract, potentially null

public abstract IUnitLock getLock ()

Retrieve the model lock, used to request a full-access model lock or a partial, read-only, transactional lock. All plugin code accessing the native units and units relying on native units should use those locks to perform operations safely in a concurrent environment.

public abstract IVirtualMemory getMemory ()

Retrieve the virtual memory managed used by this unit.

public abstract INativeMethodItem getMethod (String fqname)

Convenience method used to retrieve a method by name.

public abstract INativeMethodItem getMethodByIndex (int index)

Get a method by its internal index. Method indices are monotonously increasing, and gaps may exist as methods get destroyed and created. The caller should not assume that getMethodByIndex(i)==getMethods().get(i).

Parameters
index an opaque method index, eg one present in ICodeCoordinates
Returns
  • a method object or null

public abstract IMethodManager getMethodManager ()

public abstract List<? extends INativeMethodItem> getMethods ()

Get the list of methods.

public abstract INativeContinuousItem getNativeItemAt (long address)

Get the item located at the exact address.

Parameters
address item start address

public abstract INativeContinuousItem getNativeItemOver (long address)

Get the item spanning over the provided address.

Parameters
address an address

public abstract SortedMap<Long, INativeContinuousItem> getNativeItemsOver (long address, int size)

Retrieve a read-only map of the native items located within the provided memory range.

public abstract IPackageManager getPackageManager ()

Get the package/namespace manager used by this unit.

public abstract List<? extends IPackage> getPackages ()

Get the list of code packages.

public abstract long getPhysicalImageDelta ()

Retrieve the difference between Physical Image base as set by setPhysicalImageBase(long) and Virtual Image Base as retrieved by getVirtualImageBase(). This value should only be used for rendering.

public abstract IProcessor<InsnType> getProcessor ()

Retrieve the machine code parser (pseudo-processor) managed by this unit.

public abstract String getProcessorName ()

Convenience method used to retrieve the processor's name. The processor value specifies, among other things, the underlying instruction set used by the instructions of this code unit.

Returns
  • a lower-case string, never null (if the processor is unknown or not set, 'unknown' is retrieved)

public abstract NativeSignatureDBManager getSignatureManager ()

Get the global signature manager used by this unit.

public abstract INativeStringItem getStringByIndex (int index)

Retrieve a string by index. Careful, this is not the same as getStrings().get(index).

public abstract List<? extends INativeStringItem> getStrings ()

Get the list of code strings.

public abstract String getSymbolicStringAddress (long address)

Retrieve the simplest symbol address that corresponds to the given physical address. Same as getSymbolicStringAddress(address, 0).

public abstract String getSymbolicStringAddress (long address, int sspref)

Retrieve a symbol address that corresponds to the given physical address.

Example: if address if at offset 10h inside method foo() (at address 401000h), querying this method with sspref=2 will return a label "foo+10h"; however, querying with sspref=0 would simply return "401010h".

Parameters
address a memory address
sspref resolution type: (in the examples a below, a routine exists at address 0x401000)
0= will resolve to a standard hex-formatted address, e.g. 0x402000 to 402000h
1= will first resolve to any existing label, routine address, e.g. 0x401000 to sub_401000 etc.
2= will first resolve to a routine-based address, e.g. sub_401010 to sub_401000+10h

public abstract TypeLibraryService getTypeLibraryService ()

Get the global type library service.

public abstract ITypeManager getTypeManager ()

Get the global type manager used by this unit.

public abstract List<? extends INativeType> getTypes ()

Get the list of types.

public abstract boolean isAnalysisCompleted ()

Determine whether a code analysis pass is ongoing.

Returns
  • false if a code analysis is currently taking place, true otherwise

public abstract boolean isInitialAnalysisDone ()

Determine whether or not an initial analysis pass has been done.

public abstract boolean performAnalysis (boolean async, Boolean includeAdvancedAnalysis, Runnable onCompletion)

Start an analysis.

Parameters
async if true, this method is executed asynchronously and returns immediately; use isAnalyzing() to determine whether the analysis has completed.
includeAdvancedAnalysis if null, use the unit's settings; if non-null, bypass the unit's configuration and force-enable or force-disable the advanced analysis
onCompletion optional runnable to be executed on completion (always)

public abstract boolean performInitialAnalysis (Boolean blocking)

public abstract boolean performInitialAnalysis ()

Perform the initial analysis pass. This method should be called once, after successful unit processing. The initial analysis pass parameters, such as synchronicity, the inclusion of global or advanced analysis, etc. are determined automatically.

public abstract boolean process ()

Quickly process the unit. Be careful that the IUnit is not analyzed while performInitialAnalysis() was not called.

Returns

public abstract void setAnalyzerExtension (INativeCodeAnalyzerExtension<InsnType> ext)

Set the principal code analyzer extension for this unit.

public abstract void setCallingConvention (ICallingConvention cc)

public abstract boolean setCodeAt (long address, int procmode, boolean undefineOverlappingItems)

Parse and create an instruction at the provided address.

Parameters
address instruction address
procmode processor mode (refer to MODE_xxx constants in IProcessor)
undefineOverlappingItems if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item
Returns
  • success indicator

public abstract void setCodeFormatter (GenericCodeFormatter<InsnType> codeFormatter)

public abstract void setCompilerType (CompilerType compilerType)

Set a hint. This method may be called optionally, before process(). The hint may be disregarded.

public abstract boolean setDataAt (long address, INativeType type, String name, boolean undefineOverlappingItems)

Create or update a data item at the provided address.

Note: to create String items, see setStringAt(long, long, StringEncoding, int, int).

Parameters
address item address
type item type
name optional name
undefineOverlappingItems if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item
Returns
  • success indicator

public abstract boolean setDataAt (long address, INativeType type, String name)

Create or update a data item at the provided address. Overlapping items may be deleted.

Note: to create String items, see setStringAt(long, long, StringEncoding, int, int).

Parameters
address item address
type item type
name optional name
Returns
  • success indicator

public abstract boolean setDataTypeAt (long address, INativeType type)

Convenience method to set the native type of a data item located at the provided address. If no item exists at the provided address, one will be created. Overlapping items may be deleted.

Note: to create String items, see setStringAt(long, long, StringEncoding, int, int).

Returns
  • success indicator

public abstract boolean setInlineComment (long address, String comment)

Convenience method used to set the inline comment at the provided virtual address.

Parameters
address VA
comment a comment
Returns
  • success indicator

public abstract void setMemory (IVirtualMemory mem)

Optionally set the current optional virtual memory (VM) used by this unit. This method should be called at most once (typically done in the unit's identifier), before processing the unit. It is optional; the VM object set may be overridden during unit processing if it is deemed inappropriate to handle the code object. Therefore, after processing, client code should always retrieve the actual VM object via getMemory().

Parameters
mem optional VM

public abstract void setPhysicalImageBase (long physicalImageBase)

Set the real (physical) image base for this piece of code. That address is the real address of the first loaded byte on a target device. The existence of this method implies that at most one physical address can be used at any time. (Typically, debuggers use this method to let code units know of where they are currently mapped, which in turn is used to better render assembly output.) Generally, the physical image address changes across different launches.

Parameters
physicalImageBase the physical image base of this code unit; the value 0 means that the physical address is unknown

public abstract void setProcessor (IProcessor<InsnType> proc)

Set the code parser (processor) used by this unit. This method should be called at most once (typically done in the unit's identifier), before processing the unit.

Parameters
proc mandatory processor

public abstract boolean setRoutineAt (long address)

Parse and attempt to create a routine at the provided address. The processor mode used will be the default one, and the analysis will be done forcefully.

Parameters
address routine start address
Returns
  • success indicator: if true, a routine was created (or existed) at the provided address

public abstract boolean setRoutineAt (long address, int procmode, int permission)

Parse and attempt to create a routine at the provided address.

Parameters
address routine start address
procmode processor mode
permission one of the PERMISSION_xxx constants of INativeCodeAnalyzer (refer to enqueuePointerForAnalysis for details)
Returns
  • success indicator: if true, a routine was created (or existed) at the provided address

public abstract boolean setRoutineAt (long address, int procmode)

Parse and attempt to create a routine at the provided address. The analysis is done forcefully.

Parameters
address routine start address
procmode processor mode
Returns
  • success indicator: if true, a routine was created (or existed) at the provided address

public abstract boolean setRoutinePrototype (INativeMethodItem routine, String prototypeString)

Set a routine prototype. This method uses non-standard prototype declarations and should be avoided. Use setRoutineSignature(INativeMethodItem, String, boolean) instead.

Parameters
routine target routine
prototypeString a prototype string having the following style: 
 <calling-convention> returnType(paramType1 _)
 <calling-convention> returnType(paramType1, paramType2)
 <calling-convention> returnType(paramType1, paramType2, ...)
Returns
  • success indicator

public abstract boolean setRoutineReferenceAt (long address, INativeMethodItem routine)

Create a special data item representing a reference to a method. Those items are similar to function pointer items (pointer to prototypes), except that they refer specifically to routine objects managed by this unit.

public abstract boolean setRoutineSignature (INativeMethodItem routine, String signatureString, boolean prototypeOnly)

Set a routine signature or protytpe.

Parameters
routine target routine
signatureString a C-like signature; some C++ features such as namespaces (::) or templates (<...>) are allowed but disregarded
prototypeOnly if true, only the prototype will be applied; method and parameter names, if provided, will not be applied
Returns
  • success indicator

public abstract boolean setStringAt (long address, long addressMax, StringEncoding stringType, int minChars, int maxChars)

Create a string data item. Overlapping items may be deleted.

Parameters
address mandatory start address
addressMax optional maximum (final) address for the string; use -1 for no limit
stringType the string type hint; null to let this method determine the best string type heuristically
minChars minimum number of characters to be found in the string for it to be considered valid; set to -1 for default (currently: 3)
maxChars maximum number of characters (not bytes) to be parsed; set to -1 for default (currently: 100_000)
Returns
  • success indicator

public abstract boolean setStringAt (long address, long addressMax, StringEncoding stringType, int minChars, int maxChars, boolean undefineOverlappingItems)

Create a string data item.

Parameters
address mandatory start address
addressMax optional maximum (final) address for the string; use -1 for no limit
stringType the string type hint; null to let this method determine the best string type heuristically
minChars minimum number of characters to be found in the string for it to be considered valid; set to -1 for default (currently: 3)
maxChars maximum number of characters (not bytes) to be parsed; set to -1 for default (currently: 100_000)
undefineOverlappingItems if false, the method will fail if existing items overlap with the memory range needed to accommodate a newly-created item
Returns
  • success indicator

public abstract void setSubsystemType (SubsystemType subsystemType)

Set a hint. This method may be called optionally, before process(). The hint may be disregarded.

public abstract void setVirtualImageBase (long virtualImageBase)

Set preferred image base

public abstract boolean undefineItem (long address)

Undefine the memory item starting at the provided address. Careful, this method may have unintended side effects. Example: deleting an instruction item that's part of a routine body will also discard that routine, which in turn may discard other items or references, within this unit or other units.

Parameters
address item address
Returns
  • success indicator