Class: Relyze::ExecutableFileModel

Inherits:

FileModel

• Object
• FileModel
• Relyze::ExecutableFileModel

Defined in:

C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb

Defined Under Namespace

Classes: BasicBlock, CodeBlock, DataBlock, DataType, DataTypeFactory, FunctionDataType, Instruction, PointerDataType, Reference, Segment, StructureDataType

Instance Attribute Summary

• #auto_analyze ⇒ Object

  Gets and Sets whether auto analysis is performed during operation that modify the executable model.

• #data_type_factory ⇒ Object (also: #dtf) readonly

  Gets the DataTypeFactory for this model.

Attributes inherited from FileModel

#buffer

Instance Method Summary

• #add_bookmark(rva, description) ⇒ true, false

  Add a bookmark at a given RVA.

• #add_comment(rva, comment) ⇒ true, false

  Add a comment at a given RVA.

• #add_segment(name, rva, initialized_length, uninitialized_length, readable, writeable, executable) ⇒ Relyze::ExecutableFileModel::Segment^?

  Add a new segment to this model.

• #address2rva(address) ⇒ Integer^?

  Convert an address to an RVA, where address is the current address mode selected by the user, e.g.

• #analysis_queue_push(queue, rva, name = nil, data_type = nil) ⇒ true, false

  Add an address to the analysis queue for processing.

• #analyze ⇒ true, false

  Run the automatic analysis engine against any outstanding operations.

• #arch ⇒ Symbol

  Get this models architecture.

• #assemble(rva, source, padd = true, arch = nil, mode = nil) ⇒ true, false

  Edit an Instruction from a block which starts at a specific RVA location.

• #bits ⇒ Integer

  Get this model architectures bit width.

• #block(rva) ⇒ Relyze::ExecutableFileModel::BasicBlock^?

  Get the BasicBlock which contains this RVA, if any.

• #blocks {|basic_block| ... } ⇒ Object

  Get every BasicBlock in this model.

• #bookmark?(rva) ⇒ true, false

  Check if a bookmark exists at a given RVA.

• #bookmarks {|rva, description| ... } ⇒ Object

  Get every bookmark in this model.

• #comment?(rva) ⇒ true, false

  Check if a comment exists at a given RVA.

• #comments {|rva, description| ... } ⇒ Object

  Get every user comment in this model.

• #delete_function(function) ⇒ true, false
• #delete_segment(segment) ⇒ true, false

  Delete a segment from this model.

• #diff(modelB, options = {}) ⇒ Relyze::DiffResults::DiffModelResult^?

  Perform a differential analysis of this model (side A) against another model (side B).

• #endian ⇒ Object

  Get this models endianness.

• #entry_point ⇒ Integer

  Get the RVA of this models initial entry point.

• #exports {|rva, name| ... } ⇒ Object

  Get every export in this model.

• #first_segment ⇒ Relyze::ExecutableFileModel::Segment

  Get the first segment in this model.

• #function(rva) ⇒ Relyze::ExecutableFileModel::FunctionDataType^?

  Get a FunctionDataType in this model at a specific RVA.

• #functions(rva = nil) {|function| ... } ⇒ Object

  Get every FunctionDataType in this model.

• #get_comment(rva) ⇒ String^?

  Get a comment at a given RVA.

• #get_processor_mode(rva) ⇒ Symbol, NilClass

  Get the current processor mode.

• #imports {|rva, module_name, import_name| ... } ⇒ Object

  Get every import in this model.

• #initialize ⇒ ExecutableFileModel constructor

  A new instance of ExecutableFileModel.

• #last_segment ⇒ Relyze::ExecutableFileModel::Segment

  Get the last segment in this model.

• #lines {|rva, object_file, source_file, source_line, length| ... } ⇒ Object

  Get every symbol line for this model, if any.

• #name2rva(name) ⇒ Integer^?

  Resolve the name of a location in the model to its RVA.

• #offset2rva(offset) ⇒ Integer^?

  Convert a file offset to an RVA or nil if not a valid RVA.

• #remove_bookmark(rva) ⇒ true, false

  Remove a bookmark at a given RVA.

• #remove_comment(rva) ⇒ true, false

  Remove a comment at a given RVA.

• #rva2address(rva) ⇒ Integer^?

  Convert an RVA to an address, where address is the current address mode selected by the user, e.g.

• #rva2offset(rva) ⇒ Integer^?

  Convert an RVA to a file offset or nil if not a valid file offset.

• #rva2va(rva) ⇒ Integer^?

  Convert an RVA to a virtual address (VA) or nil if not a valid virtual address.

• #segment(rva) ⇒ Relyze::ExecutableFileModel::Segment^?

  Get the Segment which contains this RVA, if any.

• #segments {|segment| ... } ⇒ Object

  Get every segment in this model.

• #set_function_prototype(rva, prototype, name = nil) ⇒ Trueclass, FalseClass

  Create a function at this RVA or edit an existing function prototype.

• #set_jumptable(jump_rva, table_rva, table_count, table_type, entry_width, entry_base = nil, negative_index = false, default_case_rva = nil, case_table_rva = nil, entry_stride = 0) ⇒ Object

  Edit a jump table.

• #set_processor_mode(rva, mode) ⇒ true, false

  Set the current processor mode.

• #signatures {|rva, length, name, description| ... } ⇒ Object

  Get every signature that has been applied to this model during Static Library Analysis.

• #strings {|rva, value| ... } ⇒ Object

  Get every string in this model.

• #synchronize_analyze(&block) ⇒ Object

  call a block while holding the models write lock and disabling auto analysis.

• #system_mode ⇒ Symbol

  Get this models system mode.

• #to_graph(display = {}) ⇒ Relyze::Graph::DirectedGraph

  Generate a Graph::DirectedGraph object for this models call graph.

• #type ⇒ Symbol

  Get the type of ExecutableFileModel.

• #va2rva(va) ⇒ Integer^?

  Convert an VA to an RVA or nil if not a valid RVA.

Methods inherited from FileModel

#abort, #add_auxiliary_text, #add_entropy_marker, #add_information, #current_file_name, #current_file_path, #entropy_markers, #file_size, #file_type, #get_entropy, #information, #origional_file_name, #origional_file_path, #read_buffer, #realloc_buffer, #remove_information, #restart, #run_plugin, #structure, #synchronize_read, #synchronize_write, #to_s, #write_buffer

Constructor Details

#initialize ⇒ ExecutableFileModel

Returns a new instance of ExecutableFileModel

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1632

def initialize
    super
    @data_type_factory = nil
    @auto_analyze      = true
end

Instance Attribute Details

#auto_analyze ⇒ Object

Gets and Sets whether auto analysis is performed during operation that modify the executable model. If set to false, auto analysis is disabled. You can manually trigger auto analysis by calling the #analyze method at any time.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1628

def auto_analyze
  @auto_analyze
end

#data_type_factory ⇒ Object (readonly) Also known as: dtf

Gets the DataTypeFactory for this model.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1623

def data_type_factory
  @data_type_factory
end

Instance Method Details

#add_bookmark(rva, description) ⇒ true, false

Add a bookmark at a given RVA.

Parameters:

• rva (Integer) —

  Add a bookmark at this RVA.

• description (String) —

  The bookmarks description.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1854

def add_bookmark( rva, description )
    return false
end

#add_comment(rva, comment) ⇒ true, false

Add a comment at a given RVA.

Parameters:

• rva (Integer) —

  Add the comment at this RVA.

• comment (String) —

  The comment to add.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1795

def add_comment( rva, comment )
    return false
end

#add_segment(name, rva, initialized_length, uninitialized_length, readable, writeable, executable) ⇒ Relyze::ExecutableFileModel::Segment^?

Add a new segment to this model. New segments cannot overlap existing segments.

Examples:

Create a new segment, write some data and convert it to code.

cm.synchronize_analyze do
    segment = cm.add_segment(
        "test",
        cm.last_segment.last_rva + 4096,
        4096,
        1024,
        true,
        true,
        true
    )

    segment.write_buffer( 0, "\x90\xCC" * 32 )

    block = cm.block( segment.rva )

    block.to_code
end

Parameters:

• name (String) —

  The segments name.

• rva (Integer) —

  The segments base RVA.

• initialized_length (Integer) —

  The segment initialized byte length.

• uninitialized_length (Integer) —

  The segment uninitialized byte length.

• readable (true, false) —

  Whether this segment holds readable memory.

• writeable (true, false) —

  Whether this segment holds writeable memory.

• executable (true, false) —

  Whether this segment holds executable memory.

Returns:

• (Relyze::ExecutableFileModel::Segment, nil) —

  The newly created segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1966

def add_segment( name, rva, initialized_length, uninitialized_length, readable, writeable, executable )
    return nil
end

#address2rva(address) ⇒ Integer^?

Convert an address to an RVA, where address is the current address mode selected by the user, e.g. RVA mode, VA mode or Rebased VA mode.

Parameters:

• address (Integer) —

  The address to convert.

Returns:

• (Integer, nil) —

  The converted RVA or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1761

def address2rva( address )
    return nil
end

#analysis_queue_push(queue, rva, name = nil, data_type = nil) ⇒ true, false

Add an address to the analysis queue for processing.

Examples:

cm.synchronize_analyze do
    entry_rva = cm.va2rva( cm.structure['Ident']['Header']['entry'].value )
    cm.analysis_queue_push( :function, entry_rva )
end

Parameters:

• queue (Symbol) —

  The queue to add to, :code, :data, :function, :jumptable, :indirectcall.

• rva (Integer) —

  The RVA to add to the queue.

• name (nil, String) (defaults to: nil) —

  Set the name of the BasicBlock at the given RVA.

• data_type (nil, Relyze::ExecutableFileModel::DataType) (defaults to: nil) —

  Set the data type of the BasicBlock at the given RVA.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2130

def analysis_queue_push( queue, rva, name=nil, data_type=nil )
    return false
end

#analyze ⇒ true, false

Run the automatic analysis engine against any outstanding operations.

Note 1: Analysis cannot run while another thread holds either a read or write lock on this model, and will block until these locks are released.

Note 2: If the current thread holds either a read or write lock, then analysis cannot be multi threaded and will be forced to be single threaded. In this scenario, multi threaded analysis would not be possible as worker threads would be unable to to ever acquire the read or write locks as needed, as this thread cannot release the lock it holds until analysis completes.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2113

def analyze
    return false
end

#arch ⇒ Symbol

Get this models architecture.

Returns:

• (Symbol) —

  This models architecture, either :x86, :x64, :arm or :arm64.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1680

def arch
    return nil
end

#assemble(rva, source, padd = true, arch = nil, mode = nil) ⇒ true, false

Edit an Instruction from a block which starts at a specific RVA location.

Parameters:

• rva (Integer) —

  The RVA location of the start of an instruction.

• source (String) —

  The source to assemble

• padd (true, false) (defaults to: true) —

  If required, add padding bytes equivalent to a NOP instruction, to align to the next instruction boundary.

• arch (Symbol, NilClass) (defaults to: nil) —

  The architecture to assemble, either :x86, :x64, :arm or :arm64. If arch is nil, default to the models arch.

• mode (Symbol, NilClass) (defaults to: nil) —

  The instruction mode to use, default to nil. If arch is :arm, mode can be :thumb. If arch is nil, default to the models current processor mode.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2223

def assemble( rva, source, padd=true, arch=nil, mode=nil )
    
    start_block = self.block( rva )
    if( start_block.nil? )
        return false
    end
    
    if( not start_block.code? )
        return false
    end
    
    arch = self.arch if arch.nil?
    
    mode = self.get_processor_mode( rva ) if mode.nil?
    
    resolver = lambda do | name |
    
        resolved_rva = self.name2rva( name )
        
        if( not resolved_rva.nil? )
            return self.rva2va( resolved_rva )
        end
        
        return nil
    end 
    
    buffer = Relyze::ExecutableFileModel::Instruction.assemble( source, arch, self.rva2va( rva ), mode, resolver )
    
    if( buffer.nil? )
        return false
    end
    
    pre_padd_buffer = ''
    
    if( padd )
        
        nearest_rva = start_block.nearest_boundary( rva )
    
        if( nearest_rva < rva )
        
            padd_length = rva - nearest_rva
            
            padd_buffer = Relyze::ExecutableFileModel::Instruction.assemble( 'nop', arch, self.rva2va( rva ), mode )
            
            if( padd_buffer.nil? )
                return false
            end
            
            pre_padd_buffer = padd_buffer * ( padd_length / padd_buffer.length )
            
            rva = nearest_rva
        end
    end
    
    post_padd_buffer = ''
    
    if( padd )

        last_rva = rva + pre_padd_buffer.length + buffer.length
        
        last_block = self.block( last_rva )
        
        if( not last_block.nil? and last_block.code? and last_rva != last_block.nearest_boundary( last_rva )  )

            next_rva = last_block.next_boundary( last_rva )
            
            if( next_rva > last_rva )
            
                padd_length = next_rva - last_rva

                padd_buffer = Relyze::ExecutableFileModel::Instruction.assemble( 'nop', arch, self.rva2va( rva ), mode )
                
                if( padd_buffer.nil? )
                    return false
                end
                
                post_padd_buffer = padd_buffer * ( padd_length / padd_buffer.length )
            end
        end
    end
    
    off = start_block.segment.rva2offset( rva )
    if( off.nil? )
        return false
    end
    
    buffer = pre_padd_buffer + buffer + post_padd_buffer
    
    if( start_block.segment.write_buffer( off, buffer ).nil? )
        return false
    end
    
    end_rva = rva + buffer.length
    
    self.synchronize_analyze do
    
        while( true )
        
            start_block = start_block.reprocess
            
            break if start_block.nil? 
            
            start_block = start_block.adjacent
            
            break if start_block.nil? 
                
            break if start_block.rva + start_block.length >= end_rva
            
        end
    end
    
    return true
end

#bits ⇒ Integer

Get this model architectures bit width.

Returns:

• (Integer) —

  The number of bits in this architecture, either 32 or 64.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1666

def bits
    return 0
end

#block(rva) ⇒ Relyze::ExecutableFileModel::BasicBlock^?

Get the BasicBlock which contains this RVA, if any.

Parameters:

• rva (Integer) —

  An RVA location.

Returns:

• (Relyze::ExecutableFileModel::BasicBlock, nil) —

  A basic block containing the given RVA or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2001

def block( rva )
    return nil
end

#blocks {|basic_block| ... } ⇒ Object

Get every BasicBlock in this model.

Yields:

• (basic_block) —

  yields the basic_block to the block.

Yield Parameters:

• basic_block (Relyze::ExecutableFileModel::BasicBlock) —

  A basic block.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1993

def blocks
    return []
end

#bookmark?(rva) ⇒ true, false

Check if a bookmark exists at a given RVA.

Parameters:

• rva (Integer) —

  Check for a bookmark at this RVA.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1845

def bookmark?( rva )
    return false
end

#bookmarks {|rva, description| ... } ⇒ Object

Get every bookmark in this model.

Yields:

• (rva, description) —

  yields the RVA and description to the block.

Yield Parameters:

• rva (Integer) —

  The bookmarks RVA.

• description (String) —

  The bookmarks description.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1837

def bookmarks
    return []
end

#comment?(rva) ⇒ true, false

Check if a comment exists at a given RVA.

Parameters:

• rva (Integer) —

  Check for a comment at this RVA.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1786

def comment?( rva )
    return false
end

#comments {|rva, description| ... } ⇒ Object

Get every user comment in this model.

Yields:

• (rva, description) —

  yields the RVA and description to the block.

Yield Parameters:

• rva (Integer) —

  The comments RVA.

• description (String) —

  The comments description.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1778

def comments
    return []
end

#delete_function(function) ⇒ true, false

Parameters:

• function (Relyze::ExecutableFileModel::FunctionDataType) —

  The function to delete.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2026

def delete_function( function )
    return false
end

#delete_segment(segment) ⇒ true, false

Delete a segment from this model.

Parameters:

• segment (Relyze::ExecutableFileModel::Segment) —

  The segment to delete.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1974

def delete_segment( segment )
    return false
end

#diff(modelB, options = {}) ⇒ Relyze::DiffResults::DiffModelResult^?

Perform a differential analysis of this model (side A) against another model (side B).

Parameters:

• modelB (Relyze::ExecutableFileModel) —

  The model to perform the differential analysis against.

• options (Hash) (defaults to: {}) —

  An hash of options for the differential analysis.

Options Hash (options):

• :includeA (Array<Integer>) —

  An optional array of function RVA's from model A to include in the differential analysis. Functions not in this list are automatically excluded.

• :includeB (Array<Integer>) —

  An optional array of function RVA's from model B to include in the differential analysis. Functions not in this list are automatically excluded.

• :excludeA (Array<Integer>) —

  An optional array of function RVA's from model A to exclude from the differential analysis. Functions not in this list are automatically included.

• :excludeB (Array<Integer>) —

  An optional array of function RVA's from model B to exclude from the differential analysis. Functions not in this list are automatically included.

Returns:

• (Relyze::DiffResults::DiffModelResult, nil) —

  Returns the result of the differential analysis.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2143

def diff( modelB, options={} )
    nil
end

#endian ⇒ Object

Get this models endianness.

return [Symbol] This models endianness, either :little or :big.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1673

def endian
    return nil
end

#entry_point ⇒ Integer

Get the RVA of this models initial entry point.

Returns:

• (Integer) —

  The entry point RVA.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1711

def entry_point
    return nil
end

#exports {|rva, name| ... } ⇒ Object

Get every export in this model.

Yields:

• (rva, name) —

  yields the rva and name to the block.

Yield Parameters:

• rva (Integer) —

  The exports RVA.

• name (String) —

  The exports name.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1880

def exports
    return []
end

#first_segment ⇒ Relyze::ExecutableFileModel::Segment

Get the first segment in this model.

Returns:

• (Relyze::ExecutableFileModel::Segment) —

  The first segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1929

def first_segment
    s = self.segments.sort do | a, b |
        a.rva <=> b.rva
    end

    return s.first
end

#function(rva) ⇒ Relyze::ExecutableFileModel::FunctionDataType^?

Get a FunctionDataType in this model at a specific RVA.

Parameters:

• rva (Integer) —

  The RVA of the root block in a function.

Returns:

• (Relyze::ExecutableFileModel::FunctionDataType, nil) —

  The function at this RVA or nil if none found.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2018

def function( rva )
    return nil
end

#functions(rva = nil) {|function| ... } ⇒ Object

Get every FunctionDataType in this model.

Parameters:

• rva (Integer, nil) (defaults to: nil) —

  If an RVA is given, then we get every function in this model which contains this RVA. If no RVA is given, then we get every function in this model.

Yields:

• (function) —

  yields the function to the block.

Yield Parameters:

• function (Relyze::ExecutableFileModel::FunctionDataType) —

  A function.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2010

def functions( rva=nil )
    return []
end

#get_comment(rva) ⇒ String^?

Get a comment at a given RVA.

Parameters:

• rva (Integer) —

  Get the comment at this RVA.

Returns:

• (String, nil) —

  The comment or nil if none exists.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1811

def get_comment( rva )
    return nil
end

#get_processor_mode(rva) ⇒ Symbol, NilClass

Get the current processor mode.

Parameters:

• rva (Integer) —

  The RVA to to get the current processor mode for.

Returns:

• (Symbol, NilClass) —

  The current processor mode. If arch is :arm, mode can be either :arm or :thumb.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1695

def get_processor_mode( rva )
    return nil
end

#imports {|rva, module_name, import_name| ... } ⇒ Object

Get every import in this model.

Yields:

• (rva, module_name, import_name) —

  yields the rva, module_name and import_name to the block.

Yield Parameters:

• rva (Integer) —

  The imports RVA.

• module_name (String) —

  The imports module name.

• import_name (String) —

  The imports name.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1890

def imports
    return []
end

#last_segment ⇒ Relyze::ExecutableFileModel::Segment

Get the last segment in this model.

Returns:

• (Relyze::ExecutableFileModel::Segment) —

  The last segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1918

def last_segment
    s = self.segments.sort do | a, b |
        a.rva <=> b.rva
    end

    return s.last
end

#lines {|rva, object_file, source_file, source_line, length| ... } ⇒ Object

Get every symbol line for this model, if any.

Yields:

• (rva, object_file, source_file, source_line, length) —

  yields the rva, object_file, source_file, source_line and length to the block.

Yield Parameters:

• rva (Integer) —

  This lines RVA.

• object_file (String) —

  This lines object file.

• source_file (String) —

  This lines source file.

• source_line (Integer) —

  This lines source line number.

• length (Integer) —

  This lines byte length.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1985

def lines
    return []
end

#name2rva(name) ⇒ Integer^?

Resolve the name of a location in the model to its RVA.

Parameters:

• name (String) —

  The name of a block in the model.

Returns:

• (Integer, nil) —

  The resolved RVA or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1769

def name2rva( name )
    return nil
end

#offset2rva(offset) ⇒ Integer^?

Convert a file offset to an RVA or nil if not a valid RVA.

Parameters:

• offset (Integer) —

  The file offset to convert.

Returns:

• (Integer, nil) —

  The converted RVA or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1727

def offset2rva( offset )
    return nil
end

#remove_bookmark(rva) ⇒ true, false

Remove a bookmark at a given RVA.

Parameters:

• rva (Integer) —

  Remove a bookmark at this RVA.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1862

def remove_bookmark( rva )
    return false
end

#remove_comment(rva) ⇒ true, false

Remove a comment at a given RVA.

Parameters:

• rva (Integer) —

  Remove the comment at this RVA.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1803

def remove_comment( rva )
    return false
end

#rva2address(rva) ⇒ Integer^?

Convert an RVA to an address, where address is the current address mode selected by the user, e.g. RVA mode, VA mode or Rebased VA mode.

Parameters:

• rva (Integer) —

  The RVA to convert.

Returns:

• (Integer, nil) —

  The converted address or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1752

def rva2address( rva )
    return nil
end

#rva2offset(rva) ⇒ Integer^?

Convert an RVA to a file offset or nil if not a valid file offset.

Parameters:

• rva (Integer) —

  The RVA to convert.

Returns:

• (Integer, nil) —

  The converted file offset or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1719

def rva2offset( rva )
    return nil
end

#rva2va(rva) ⇒ Integer^?

Convert an RVA to a virtual address (VA) or nil if not a valid virtual address.

Parameters:

• rva (Integer) —

  The RVA to convert.

Returns:

• (Integer, nil) —

  The converted virtual address or nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1735

def rva2va( rva )
    return nil
end

#segment(rva) ⇒ Relyze::ExecutableFileModel::Segment^?

Get the Segment which contains this RVA, if any.

Parameters:

• rva (Integer) —

  The RVA to whose segment we will return.

Returns:

• (Relyze::ExecutableFileModel::Segment, nil) —

  The segment of nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1906

def segment( rva )
    self.segments do | s |
        if( rva >= s.rva and rva < s.last_rva )
            return s
        end
    end
    return nil
end

#segments {|segment| ... } ⇒ Object

Get every segment in this model. Note, they are not yielded in order or their location.

Yields:

• (segment) —

  yields the segment to the block.

Yield Parameters:

• segment (Relyze::ExecutableFileModel::Segment) —

  The segment.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1898

def segments
    return []
end

#set_function_prototype(rva, prototype, name = nil) ⇒ Trueclass, FalseClass

Create a function at this RVA or edit an existing function prototype.

Examples:

cm.set_function_prototype( cm.entry_point, "bool __stdcall foo( int count, char * buff )", "foo" )
@relyze.update_gui

Parameters:

• rva (Integer)
• prototype (String)
• name (String) (defaults to: nil)

Returns:

• (Trueclass, FalseClass)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2040

def set_function_prototype( rva, prototype, name=nil )
    return self.synchronize_analyze do
        # Generate the FunctionDataType from the prototype string. Do this
        # first do we can fail gracefully if we fail to create the type.
        type = self.data_type_factory.get( prototype )
        if( type.nil? )
            break false
        end

        # Pull out the block containing this rva (may be data or code)
        blk = self.block( rva )
        if( blk.nil? )
            break false
        end

        # Split the block if we are creating the function inside the current block
        if( blk.rva != rva )
            blk = blk.split( rva, :code )
            if( blk.nil? )
                break false
            end
        else
            # If it is a data block, convert it to code
            if( blk.type == :data )
                blk = blk.to_code
                if( blk.nil? )
                    break false
                end
            end
        end

        blk.datatype = type

        if( not name.nil? )
            blk.name = name
        end
    end
end

#set_jumptable(jump_rva, table_rva, table_count, table_type, entry_width, entry_base = nil, negative_index = false, default_case_rva = nil, case_table_rva = nil, entry_stride = 0) ⇒ Object

Edit a jump table.

Examples:

cm.synchronize_analyze do
    cm.set_jumptable( 0xEB02, 0xEB6A, 8, :va, 32 )
end
@relyze.update_gui

Parameters:

• jump_rva (Integer) —

  The RVA of the indirect jump instruction.

• table_rva (Integer) —

  The RVA of the table containing the jump locations.

• table_count (Integer) —

  The number of locations in the jump table.

• table_type (Symbol) —

  The type entries in the jump table, either :va, :rva, :signedoffsetfromtable, :unsignedoffsetfromtable, :offsetfromjump, :signedoffsetfromcustomentrybase or :unsignedoffsetfromcustomentrybase.

• entry_width (Integer) —

  The width of the entries in the jump table, either 64, 32, 16 or 8.

• entry_base (nil, Integer) (defaults to: nil) —

  A custom entry base RVA for table_type of :signedoffsetfromcustomentrybase or :unsignedoffsetfromcustomentrybase.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2097

def set_jumptable( jump_rva, table_rva, table_count, table_type, entry_width, entry_base=nil, negative_index=false, default_case_rva=nil, case_table_rva=nil, entry_stride=0 )
    return false
end

#set_processor_mode(rva, mode) ⇒ true, false

Set the current processor mode. Changing the mode will reprocess any effected code blocks.

Parameters:

• rva (Integer) —

  The RVA to to set the current processor mode for.

• mode (Symbol) —

  The mode to to set. If arch is :arm, mode can be either :arm or :thumb.

Returns:

• (true, false)

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1704

def set_processor_mode( rva, mode )
    return false
end

#signatures {|rva, length, name, description| ... } ⇒ Object

Get every signature that has been applied to this model during Static Library Analysis.

Examples:

Displaying every signature in the current model.

cm.signatures do |rva, length, name, description|
   print_message( "0x#{rva.to_s(16)} - #{name} - #{description}" )
end

Yields:

• (rva, length, name, description) —

  yields the signatures RVA , length and name and Static Library Package description to the block.

Yield Parameters:

• rva (Integer) —

  The signatures RVA.

• length (Integer) —

  The signatures length.

• name (String) —

  The signatures name.

• description (String) —

  The Static Library Package description.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1828

def signatures
    return []
end

#strings {|rva, value| ... } ⇒ Object

Get every string in this model.

Yields:

• (rva, value) —

  yields the rva and value to the block.

Yield Parameters:

• rva (Integer) —

  The strings RVA.

• value (String) —

  The strings value.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1871

def strings
    return []
end

#synchronize_analyze(&block) ⇒ Object

call a block while holding the models write lock and disabling auto analysis. After calling the block, auto analysis is reset and the #analyze method is called.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1640

def synchronize_analyze( &block )
    result = self.synchronize_write do
        orig_auto_analyze = self.auto_analyze
        self.auto_analyze = false
        result = block.call
        self.auto_analyze = orig_auto_analyze
        result
    end
    # Call analyze _after_ synchronize_write so we can take advantage of multi threaded 
    # analysis. If we were to call analyze while holding the write lock, we would force 
    # single threaded analysis (as worker threads would never be able to acquire the 
    # model lock).
    self.analyze
    return result
end

#system_mode ⇒ Symbol

Get this models system mode.

Returns:

• (Symbol) —

  This models architecture, either :user or :kernel.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1687

def system_mode
    return nil
end

#to_graph(display = {}) ⇒ Relyze::Graph::DirectedGraph

Generate a Graph::DirectedGraph object for this models call graph.

Examples:

# generate this models function call graph
graph = cm.to_graph
# post process the graph...
graph.nodes.each do | node |
    # set the nodes data to the function name so the nodes
    # text content in the GUI becomes just the function name.
    node.data = node.data.name
end
# perform a circular layout based on the nodes in degree
graph.layout( { :layout => :circular, :order => :indegree } )
# display this graph in the GUI so user can interact with it...
@relyze.tab_display_graph( graph )

Parameters:

• display (Hash) (defaults to: {}) —

  An optional hash of display options to pass to the graph.

Returns:

• (Relyze::Graph::DirectedGraph) —

  This models call graph.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 2165

def to_graph( display={} )

    graph = Relyze::Graph::DirectedGraph.new(
        "CG",
        {
            :node_shape            => :circle,
            :font_justify          => :center,
            :edge_color            => '#16A085',
            :node_background_color => '#3498DB',
        }.merge!( display )
    )

    self.functions do | function |

        root_block = function.block( function.rva )

        root_block.references( :in ) do | ref |

            next if not ref.control_flow?

            next if ref.target_rva != root_block.rva

            n1 = graph.find_or_create_node( function )

            n1.display[:rva] = function.rva

            if( self.entry_point == function.rva )
                graph.root = n1
            end

            self.functions( ref.owner_rva ) do | caller_function |

                n2 = graph.find_or_create_node( caller_function )

                n2.display[:rva] = caller_function.rva

                if( self.entry_point == caller_function.rva )
                    graph.root = n2
                end

                if( not n2.edge?( n1 ) )
                    edge = graph.create_edge( n2, n1 )
                end
            end
        end
    end

    return graph
end

#type ⇒ Symbol

Get the type of ExecutableFileModel

Returns:

• (Symbol) —

  This models type, either :elf, :pe, :coff or :flat.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1659

def type
    return nil
end

#va2rva(va) ⇒ Integer^?

Convert an VA to an RVA or nil if not a valid RVA.

Parameters:

• va (Integer) —

  The VA to convert.

Returns:

• (Integer, nil) —

  The converted RVA nil on failure.

# File 'C:/Program Files/Relyze/lib/relyze/core/executable_file_model.rb', line 1743

def va2rva( va )
    return nil
end