Table of Contents

Class SymbolicFlowGraphBuilder<TInstruction>

Namespace
Echo.DataFlow.Construction
Assembly
Echo.DataFlow.dll

Provides an implementation of a control flow graph builder that traverses the instructions in a recursive manner, and maintains an symbolic program state to determine all possible branch targets of any indirect branching instruction.

public class SymbolicFlowGraphBuilder<TInstruction> : FlowGraphBuilder<TInstruction>, IFlowGraphBuilder<TInstruction> where TInstruction : notnull

Type Parameters

TInstruction

The type of instructions to store in the control flow graph.

Inheritance
FlowGraphBuilder<TInstruction>
SymbolicFlowGraphBuilder<TInstruction>
Implements
IFlowGraphBuilder<TInstruction>
Inherited Members

Constructors

SymbolicFlowGraphBuilder(IArchitecture<TInstruction>, IEnumerable<TInstruction>, IStateTransitioner<TInstruction>)

Creates a new symbolic control flow graph builder using the provided program state transition resolver.

public SymbolicFlowGraphBuilder(IArchitecture<TInstruction> architecture, IEnumerable<TInstruction> instructions, IStateTransitioner<TInstruction> transitioner)

Parameters

architecture IArchitecture<TInstruction>

The architecture of the instructions.

instructions IEnumerable<TInstruction>

The instructions to traverse.

transitioner IStateTransitioner<TInstruction>

The transition resolver to use for inferring branch targets.

SymbolicFlowGraphBuilder(IStaticInstructionProvider<TInstruction>, IStateTransitioner<TInstruction>)

Creates a new symbolic control flow graph builder using the provided program state transition resolver.

public SymbolicFlowGraphBuilder(IStaticInstructionProvider<TInstruction> instructions, IStateTransitioner<TInstruction> transitioner)

Parameters

instructions IStaticInstructionProvider<TInstruction>

The instructions to traverse.

transitioner IStateTransitioner<TInstruction>

The transition resolver to use for inferring branch targets.

SymbolicFlowGraphBuilder(ISymbolicInstructionProvider<TInstruction>, IStateTransitioner<TInstruction>)

Creates a new symbolic control flow graph builder using the provided program state transition resolver.

public SymbolicFlowGraphBuilder(ISymbolicInstructionProvider<TInstruction> instructions, IStateTransitioner<TInstruction> transitioner)

Parameters

instructions ISymbolicInstructionProvider<TInstruction>

The instructions to traverse.

transitioner IStateTransitioner<TInstruction>

The transition resolver to use for inferring branch targets.

Properties

Architecture

Gets the architecture of the instructions to graph.

public override IArchitecture<TInstruction> Architecture { get; }

Property Value

IArchitecture<TInstruction>

Instructions

Gets the instructions to traverse.

public ISymbolicInstructionProvider<TInstruction> Instructions { get; }

Property Value

ISymbolicInstructionProvider<TInstruction>

StateTransitioner

Gets the object responsible for resolving every transition in the program state that an instruction might introduce.

public IStateTransitioner<TInstruction> StateTransitioner { get; }

Property Value

IStateTransitioner<TInstruction>

Methods

CollectInstructions(long, IEnumerable<long>)

Traverses the instructions and records block headers and successor information about each traversed instruction.

protected override IInstructionTraversalResult<TInstruction> CollectInstructions(long entrypoint, IEnumerable<long> knownBlockHeaders)

Parameters

entrypoint long

The address of the first instruction to traverse.

knownBlockHeaders IEnumerable<long>

A list of known block headers that should be included in the traversal.

Returns

IInstructionTraversalResult<TInstruction>

An object containing the result of the traversal, including the block headers and successors of each instruction.