symbols
This module select the symbols to be used in symbolic expressions and declares the predicates needed to infer new symbols.
- inferred_symbol(EA:address, SymbolName:symbol, Scope:symbol, Visibility:symbol, Type:symbol, Pos:symbol_position)
A new symbol ‘SymbolName’ at address ‘EA’ should be created.
- inferred_special_symbol(EA:address, SymbolName:symbol, Scope:symbol, Visibility:symbol, Type:symbol, Pos:symbol_position)
A special symbol ‘SymbolName’ at address ‘EA’ has been inferred. Special inferred symbols have higher priority than regular inferred symbols.
Uses:
address_in_data,base_address,binary_format,binary_type,bss_section,entry_point,function_symbol,got_reference_pointer,instruction,loaded_section,op_immediate,pc_relative_operand,relocation,start_function,symbolUsed by:
abi_intrinsic,inferred_symbolRecursive:
symbolic_expr_symbol_minus_symbol,symbolic_expr,+disconnected3,data_object_conflict,labeled_data_candidate,code_pointer_in_data,+disconnected2,labeled_ea,code_in_refined_block,moved_label,block_needs_merging,best_symexpr_symbol,discarded_jump_table_entry,best_func_symbol,data_limit,moved_displacement_candidate,symbol_minus_symbol,refined_block,+disconnected1,moved_data_label,next_address_in_data,symbolic_expr_attribute,relative_jump_table_entry,inferred_main_function,symbol_minus_symbol_candidate,next_data_limit,main_function,symbolic_data,symbolic_operand_point,resolved_transfer,code_in_split_block,base_relative_symbolic_operand,address_array_aux,data_access_limit,symbol_minus_symbol_from_relocation,string_candidate_refined,split_block,+disconnected6,data_object_total_points,string_candidate,data_object,address_array,discarded_data_object,block_needs_splitting_at,inferred_special_symbol,symbol_score,after_address_in_data,symbolic_operand_attribute,data_object_point,moved_pc_relative_candidate,symbolic_operand,function_inference.function_entry,jump_table,data_limit_after_access,boundary_sym_expr,data_object_candidate,label_conflict,got_reference,moved_label_candidate,preferred_data_access
- best_symexpr_symbol(EA:address, SymbolName:symbol, Pos:symbol_position)
Best symbol at address ‘EA’ to be used for symbolic expressions. There can be two variants: If ‘Pos’ is “Beg”, the symbol points to the beginning of a block. If ‘Pos’ is “End”, the symbol points at the end of a block.
Used by:
cfi_directiveRecursive:
symbolic_expr_symbol_minus_symbol,symbolic_expr,+disconnected3,data_object_conflict,labeled_data_candidate,code_pointer_in_data,+disconnected2,labeled_ea,code_in_refined_block,moved_label,block_needs_merging,best_symexpr_symbol,discarded_jump_table_entry,best_func_symbol,data_limit,moved_displacement_candidate,symbol_minus_symbol,refined_block,+disconnected1,moved_data_label,next_address_in_data,symbolic_expr_attribute,relative_jump_table_entry,inferred_main_function,symbol_minus_symbol_candidate,next_data_limit,main_function,symbolic_data,symbolic_operand_point,resolved_transfer,code_in_split_block,base_relative_symbolic_operand,address_array_aux,data_access_limit,symbol_minus_symbol_from_relocation,string_candidate_refined,split_block,+disconnected6,data_object_total_points,string_candidate,data_object,address_array,discarded_data_object,block_needs_splitting_at,inferred_special_symbol,symbol_score,after_address_in_data,symbolic_operand_attribute,data_object_point,moved_pc_relative_candidate,symbolic_operand,function_inference.function_entry,jump_table,data_limit_after_access,boundary_sym_expr,data_object_candidate,label_conflict,got_reference,moved_label_candidate,preferred_data_access
- best_func_symbol(EA:address, SymbolName:symbol)
Best function symbol at address ‘EA’.
Uses:
binary_formatUsed by:
function_inference.function_entry_name,inferred_symbolRecursive:
symbolic_expr_symbol_minus_symbol,symbolic_expr,+disconnected3,data_object_conflict,labeled_data_candidate,code_pointer_in_data,+disconnected2,labeled_ea,code_in_refined_block,moved_label,block_needs_merging,best_symexpr_symbol,discarded_jump_table_entry,best_func_symbol,data_limit,moved_displacement_candidate,symbol_minus_symbol,refined_block,+disconnected1,moved_data_label,next_address_in_data,symbolic_expr_attribute,relative_jump_table_entry,inferred_main_function,symbol_minus_symbol_candidate,next_data_limit,main_function,symbolic_data,symbolic_operand_point,resolved_transfer,code_in_split_block,base_relative_symbolic_operand,address_array_aux,data_access_limit,symbol_minus_symbol_from_relocation,string_candidate_refined,split_block,+disconnected6,data_object_total_points,string_candidate,data_object,address_array,discarded_data_object,block_needs_splitting_at,inferred_special_symbol,symbol_score,after_address_in_data,symbolic_operand_attribute,data_object_point,moved_pc_relative_candidate,symbolic_operand,function_inference.function_entry,jump_table,data_limit_after_access,boundary_sym_expr,data_object_candidate,label_conflict,got_reference,moved_label_candidate,preferred_data_access
- symbol_score(EA:address, SymbolName:symbol, Type:symbol, Pos:symbol_position, Score:unsigned)
This predicate is computed to decide which is the best symbol for symbolic expressions or the best function symbol at each address. Each symbol receives a score based on its properties.
Uses:
ambiguous_symbol,avoid_symbols,defined_symbol,relocation,symbol_at_section_end,symbol_scope_score,symbol_type_score,symbol_visibility_scoreUsed by:
inferred_symbolRecursive:
symbolic_expr_symbol_minus_symbol,symbolic_expr,+disconnected3,data_object_conflict,labeled_data_candidate,code_pointer_in_data,+disconnected2,labeled_ea,code_in_refined_block,moved_label,block_needs_merging,best_symexpr_symbol,discarded_jump_table_entry,best_func_symbol,data_limit,moved_displacement_candidate,symbol_minus_symbol,refined_block,+disconnected1,moved_data_label,next_address_in_data,symbolic_expr_attribute,relative_jump_table_entry,inferred_main_function,symbol_minus_symbol_candidate,next_data_limit,main_function,symbolic_data,symbolic_operand_point,resolved_transfer,code_in_split_block,base_relative_symbolic_operand,address_array_aux,data_access_limit,symbol_minus_symbol_from_relocation,string_candidate_refined,split_block,+disconnected6,data_object_total_points,string_candidate,data_object,address_array,discarded_data_object,block_needs_splitting_at,inferred_special_symbol,symbol_score,after_address_in_data,symbolic_operand_attribute,data_object_point,moved_pc_relative_candidate,symbolic_operand,function_inference.function_entry,jump_table,data_limit_after_access,boundary_sym_expr,data_object_candidate,label_conflict,got_reference,moved_label_candidate,preferred_data_access
- symbol_type_score(Type:symbol, Scope:unsigned)
Auxiliary predicate to define
symbol_score. Prefer symbols with type different than NOTYPE.Uses:
symbolUsed by:
symbol_score
- symbol_scope_score(Scope:symbol, Score:unsigned)
Auxiliary predicate to define
symbol_scoreUses:
symbolUsed by:
symbol_score
- symbol_visibility_score(Visibility:symbol, Score:unsigned)
Auxiliary predicate to define
symbol_score. Prefer symbols that are not HIDDEN.Uses:
symbolUsed by:
ifunc_symbol_score,symbol_score
- avoid_symbols(SymbolName:symbol)
This predicate records a set of symbols that should not be used in symbolic expressions. These symbols are skipped by the pprinter. TODO: maybe the pprinter could stop skipping these symbols and we could remove them from here.
Uses:
arm_sym,binary_format,data_sym,elf_avoid_symbols,thumb_symUsed by:
symbol_score
- elf_avoid_symbols(SymbolName:symbol)
This predicate records the set of symbols that should not be used in symbolic expressions for ELF binaries
Used by:
avoid_symbols
- symbol_at_section_end(EA:address, SymbolName:symbol)
An existing symbol is pointing to the end of a section rather than the beginning of the next section.
Used by:
symbol_score
- symbol_at_end(EA:address, SymbolName:symbol)
The symbol at address ‘EA’ with name ‘SymbolName’ should point at the end of a block.
Uses:
inferred_symbol,section,symbol
- symbol_before_section_beg(EA:address, SymbolName:symbol, NewEA:address)
The symbol at address ‘EA’ with name ‘SymbolName’ is pointing outside its own section and should be moved to ‘NewEA’.