package ghidra.app.plugin.core.analysis;

import generic.jar.ResourceFile;
import ghidra.app.cmd.disassemble.DisassembleCommand;
import ghidra.app.cmd.function.CreateFunctionCmd;
import ghidra.app.cmd.function.CreateThunkFunctionCmd;
import ghidra.app.services.AbstractAnalyzer;
import ghidra.app.services.AnalysisPriority;
import ghidra.app.services.AnalyzerType;
import ghidra.app.util.bin.format.elf.ElfSectionHeaderConstants;
import ghidra.app.util.importer.MessageLog;
import ghidra.framework.Application;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressOutOfBoundsException;
import ghidra.program.model.address.AddressRange;
import ghidra.program.model.address.AddressSet;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.data.DataType;
import ghidra.program.model.lang.Language;
import ghidra.program.model.lang.Register;
import ghidra.program.model.lang.RegisterValue;
import ghidra.program.model.listing.BookmarkManager;
import ghidra.program.model.listing.BookmarkType;
import ghidra.program.model.listing.CodeUnit;
import ghidra.program.model.listing.Data;
import ghidra.program.model.listing.FlowOverride;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.listing.Listing;
import ghidra.program.model.listing.Program;
import ghidra.program.model.mem.MemoryAccessException;
import ghidra.program.model.mem.MemoryBlock;
import ghidra.program.model.symbol.RefType;
import ghidra.program.util.ContextEvaluator;
import ghidra.program.util.ContextEvaluatorAdapter;
import ghidra.program.util.SymbolicPropogator;
import ghidra.program.util.VarnodeContext;
import ghidra.util.Msg;
import ghidra.util.bytesearch.Match;
import ghidra.util.bytesearch.Pattern;
import ghidra.util.bytesearch.SequenceSearchState;
import ghidra.util.exception.AssertException;
import ghidra.util.exception.CancelledException;
import ghidra.util.task.TaskMonitor;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.compress.compressors.CompressorStreamFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:ghidra/app/plugin/core/analysis/AARCH64PltThunkAnalyzer.class */
public class AARCH64PltThunkAnalyzer extends AbstractAnalyzer {
    private static final String NAME = "AARCH64 ELF PLT Thunks";
    private static final String DESCRIPTION = "Create AARM64 ELF PLT thunk functions";
    private static final String PROCESSOR_NAME = "AARCH64";
    private static final String PLT_THUNK_PATTERN_FILE = "aarch64-pltThunks.xml";
    private static boolean patternLoadFailed;
    private static ArrayList<Pattern> leThunkPatterns;
    private static int maxPatternLength;
    private Register x17Reg;

    public AARCH64PltThunkAnalyzer() {
        super(NAME, DESCRIPTION, AnalyzerType.BYTE_ANALYZER);
        setDefaultEnablement(true);
        setPriority(AnalysisPriority.FORMAT_ANALYSIS);
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public boolean canAnalyze(Program program) {
        Language language = program.getLanguage();
        if (!PROCESSOR_NAME.equals(language.getProcessor().toString()) || !patternsLoaded(language.isBigEndian())) {
            return false;
        }
        this.x17Reg = program.getRegister("x17");
        return this.x17Reg != null;
    }

    private static synchronized boolean patternsLoaded(boolean z) {
        if (patternLoadFailed) {
            return false;
        }
        if (leThunkPatterns != null) {
            return true;
        }
        try {
            ResourceFile moduleDataFile = Application.getModuleDataFile(PLT_THUNK_PATTERN_FILE);
            leThunkPatterns = new ArrayList<>();
            Pattern.readPatterns(moduleDataFile, leThunkPatterns, null);
            maxPatternLength = 0;
            Iterator<Pattern> it = leThunkPatterns.iterator();
            while (it.hasNext()) {
                int size = it.next().getSize();
                if (size % 4 != 0) {
                    throw new SAXException("pattern must contain multiple of 4-bytes");
                }
                if (size > maxPatternLength) {
                    maxPatternLength = size;
                }
            }
            return true;
        } catch (FileNotFoundException e) {
            Msg.error(AARCH64PltThunkAnalyzer.class, "AARCH64 resource file not found: aarch64-pltThunks.xml");
            patternLoadFailed = true;
            return false;
        } catch (IOException | SAXException e2) {
            Msg.error(AARCH64PltThunkAnalyzer.class, "Failed to parse byte pattern file: aarch64-pltThunks.xml", e2);
            patternLoadFailed = true;
            return false;
        }
    }

    @Override // ghidra.app.services.Analyzer
    public boolean added(Program program, AddressSetView addressSetView, TaskMonitor taskMonitor, MessageLog messageLog) throws CancelledException {
        MemoryBlock block = program.getMemory().getBlock(ElfSectionHeaderConstants.dot_plt);
        if (block == null) {
            return true;
        }
        AddressSetView removeFunctionBodies = removeFunctionBodies(program, addressSetView.intersectRange(block.getStart(), block.getEnd()), taskMonitor);
        if (removeFunctionBodies.isEmpty()) {
            return true;
        }
        SequenceSearchState buildStateMachine = SequenceSearchState.buildStateMachine(leThunkPatterns);
        taskMonitor.setIndeterminate(true);
        taskMonitor.setProgress(0L);
        ArrayList<Match> arrayList = new ArrayList<>();
        try {
            for (AddressRange addressRange : removeFunctionBodies.getAddressRanges()) {
                byte[] bArr = new byte[(int) addressRange.getLength()];
                if (block.getBytes(addressRange.getMinAddress(), bArr, 0, bArr.length) != bArr.length) {
                    messageLog.appendMsg("Expected initialized .plt section block");
                    return false;
                }
                arrayList.clear();
                buildStateMachine.apply(bArr, arrayList);
                Iterator<Match> it = arrayList.iterator();
                while (it.hasNext()) {
                    Match next = it.next();
                    analyzePltThunk(program, addressRange.getMinAddress().add(next.getMarkOffset()), next.getSequenceSize(), taskMonitor);
                }
            }
            return true;
        } catch (AddressOutOfBoundsException | MemoryAccessException e) {
            messageLog.appendMsg("Expected initialized .plt section block: " + e.getMessage());
            return true;
        }
    }

    private AddressSetView removeFunctionBodies(Program program, AddressSetView addressSetView, TaskMonitor taskMonitor) throws CancelledException {
        if (addressSetView.isEmpty()) {
            return addressSetView;
        }
        for (Function function : program.getFunctionManager().getFunctions(addressSetView, true)) {
            taskMonitor.checkCancelled();
            addressSetView = addressSetView.subtract(function.getBody());
        }
        return addressSetView;
    }

    private void analyzePltThunk(final Program program, final Address address, int i, final TaskMonitor taskMonitor) throws CancelledException {
        SymbolicPropogator symbolicPropogator = new SymbolicPropogator(program);
        symbolicPropogator.setParamRefCheck(false);
        symbolicPropogator.setReturnRefCheck(false);
        symbolicPropogator.setStoredRefCheck(false);
        final AddressSet addressSet = new AddressSet(address, address.add(i - 1));
        symbolicPropogator.flowConstants(address, (AddressSetView) addressSet, (ContextEvaluator) new ContextEvaluatorAdapter() { // from class: ghidra.app.plugin.core.analysis.AARCH64PltThunkAnalyzer.1
            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean followFalseConditionalBranches() {
                return false;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean evaluateReference(VarnodeContext varnodeContext, Instruction instruction, int i2, Address address2, int i3, DataType dataType, RefType refType) {
                return true;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean evaluateDestination(VarnodeContext varnodeContext, Instruction instruction) {
                if (!CompressorStreamFactory.BROTLI.equals(instruction.getMnemonicString()) || !AARCH64PltThunkAnalyzer.this.x17Reg.equals(instruction.getRegister(0))) {
                    return true;
                }
                instruction.setFlowOverride(FlowOverride.CALL_RETURN);
                RegisterValue registerValue = varnodeContext.getRegisterValue(AARCH64PltThunkAnalyzer.this.x17Reg);
                if (registerValue == null || !registerValue.hasValue()) {
                    return true;
                }
                Function createDestinationFunction = AARCH64PltThunkAnalyzer.this.createDestinationFunction(program, address.getNewAddress(registerValue.getUnsignedValue().longValue()), instruction.getAddress(), taskMonitor);
                if (createDestinationFunction == null) {
                    return true;
                }
                new CreateThunkFunctionCmd(address, addressSet, createDestinationFunction.getEntryPoint()).applyTo(program);
                return true;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean allowAccess(VarnodeContext varnodeContext, Address address2) {
                return true;
            }
        }, false, taskMonitor);
    }

    private Function createDestinationFunction(Program program, Address address, Address address2, TaskMonitor taskMonitor) {
        Listing listing = program.getListing();
        BookmarkManager bookmarkManager = program.getBookmarkManager();
        if (!program.getMemory().contains(address)) {
            bookmarkManager.setBookmark(address2, BookmarkType.ERROR, "Bad Reference", "No memory for PLT Thunk destination at " + String.valueOf(address));
            return null;
        }
        Function functionAt = listing.getFunctionAt(address);
        if (functionAt != null) {
            return functionAt;
        }
        CodeUnit codeUnitContaining = listing.getCodeUnitContaining(address);
        if (codeUnitContaining == null) {
            throw new AssertException("expected code unit in memory");
        }
        if (!address.equals(codeUnitContaining.getMinAddress())) {
            bookmarkManager.setBookmark(codeUnitContaining.getMinAddress(), BookmarkType.ERROR, "Code Unit Conflict", "Expected function entry at " + String.valueOf(address) + " referenced by PLT Thunk at " + String.valueOf(address2));
            return null;
        }
        if (codeUnitContaining instanceof Data) {
            if (((Data) codeUnitContaining).isDefined()) {
                bookmarkManager.setBookmark(address, BookmarkType.ERROR, "Code Unit Conflict", "Expected function entry referenced by PLT Thunk at " + String.valueOf(address2));
                return null;
            }
            if (!new DisassembleCommand(address, (AddressSetView) null, true).applyTo(program, taskMonitor)) {
                return null;
            }
        }
        CreateFunctionCmd createFunctionCmd = new CreateFunctionCmd(address);
        if (createFunctionCmd.applyTo(program, taskMonitor)) {
            return createFunctionCmd.getFunction();
        }
        return null;
    }
}
