package ghidra.app.plugin.core.analysis;

import generic.jar.ResourceFile;
import ghidra.app.cmd.disassemble.DisassembleCommand;
import ghidra.app.cmd.function.CreateFunctionCmd;
import ghidra.app.cmd.function.CreateThunkFunctionCmd;
import ghidra.app.services.AbstractAnalyzer;
import ghidra.app.services.AnalysisPriority;
import ghidra.app.services.AnalyzerType;
import ghidra.framework.Application;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressSet;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.data.DataType;
import ghidra.program.model.lang.Language;
import ghidra.program.model.lang.Register;
import ghidra.program.model.lang.RegisterValue;
import ghidra.program.model.listing.BookmarkManager;
import ghidra.program.model.listing.BookmarkType;
import ghidra.program.model.listing.CodeUnit;
import ghidra.program.model.listing.ContextChangeException;
import ghidra.program.model.listing.Data;
import ghidra.program.model.listing.FlowOverride;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.listing.Library;
import ghidra.program.model.listing.Listing;
import ghidra.program.model.listing.Program;
import ghidra.program.model.listing.ProgramContext;
import ghidra.program.model.mem.Memory;
import ghidra.program.model.mem.MemoryAccessException;
import ghidra.program.model.symbol.RefType;
import ghidra.program.model.symbol.SourceType;
import ghidra.program.util.ContextEvaluator;
import ghidra.program.util.ContextEvaluatorAdapter;
import ghidra.program.util.SymbolicPropogator;
import ghidra.program.util.VarnodeContext;
import ghidra.util.Msg;
import ghidra.util.bytesearch.DittedBitSequence;
import ghidra.util.bytesearch.Match;
import ghidra.util.bytesearch.Pattern;
import ghidra.util.bytesearch.SequenceSearchState;
import ghidra.util.exception.AssertException;
import ghidra.util.exception.CancelledException;
import ghidra.util.exception.DuplicateNameException;
import ghidra.util.exception.InvalidInputException;
import ghidra.util.task.TaskMonitor;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import org.xml.sax.SAXException;

/* loaded from: input_file:ghidra/app/plugin/core/analysis/PPC64CallStubAnalyzer.class */
public class PPC64CallStubAnalyzer extends AbstractAnalyzer {
    private static final String NAME = "PPC64 ELF Call Stubs";
    private static final String DESCRIPTION = "Detect ELF Call Stubs and create thunk function";
    private static final String PROCESSOR_NAME = "PowerPC";
    private static final String CALL_STUB_PATTERN_FILE = "ppc64-r2CallStubs.xml";
    private static final String UNKNOWN_FUNCTION_NAME = "___UNKNOWN_CALL_STUB___";
    private static boolean patternLoadFailed;
    private static ArrayList<Pattern> beCallStubPatterns;
    private static ArrayList<Pattern> leCallStubPatterns;
    private static int maxPatternLength;
    private Register r2Reg;
    private Register ctrReg;

    public PPC64CallStubAnalyzer() {
        super(NAME, DESCRIPTION, AnalyzerType.FUNCTION_ANALYZER);
        setDefaultEnablement(true);
        setPriority(AnalysisPriority.FUNCTION_ANALYSIS.before());
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public boolean canAnalyze(Program program) {
        Language language = program.getLanguage();
        if (!PROCESSOR_NAME.equals(language.getProcessor().toString()) || language.getLanguageDescription().getSize() != 64 || !patternsLoaded(language.isBigEndian())) {
            return false;
        }
        this.r2Reg = program.getRegister("r2");
        this.ctrReg = program.getRegister("CTR");
        return (this.r2Reg == null || this.ctrReg == null) ? false : true;
    }

    private static synchronized boolean patternsLoaded(boolean z) {
        if (patternLoadFailed) {
            return false;
        }
        if (!z) {
            if (leCallStubPatterns != null) {
                return true;
            }
            if (!patternsLoaded(true)) {
                return false;
            }
            leCallStubPatterns = flipPatterns(beCallStubPatterns);
            return true;
        }
        try {
            ResourceFile moduleDataFile = Application.getModuleDataFile(CALL_STUB_PATTERN_FILE);
            beCallStubPatterns = new ArrayList<>();
            Pattern.readPatterns(moduleDataFile, beCallStubPatterns, null);
            maxPatternLength = 0;
            Iterator<Pattern> it = beCallStubPatterns.iterator();
            while (it.hasNext()) {
                int size = it.next().getSize();
                if (size % 4 != 0) {
                    throw new SAXException("pattern must contain multiple of 4-bytes");
                }
                if (size > maxPatternLength) {
                    maxPatternLength = size;
                }
            }
            return true;
        } catch (FileNotFoundException e) {
            Msg.error(PPC64CallStubAnalyzer.class, "PowerPC resource file not found: ppc64-r2CallStubs.xml");
            patternLoadFailed = true;
            return false;
        } catch (IOException | SAXException e2) {
            Msg.error(PPC64CallStubAnalyzer.class, "Failed to parse byte pattern file: ppc64-r2CallStubs.xml", e2);
            patternLoadFailed = true;
            return false;
        }
    }

    private static ArrayList<Pattern> flipPatterns(ArrayList<Pattern> arrayList) {
        ArrayList<Pattern> arrayList2 = new ArrayList<>();
        Iterator<Pattern> it = arrayList.iterator();
        while (it.hasNext()) {
            Pattern next = it.next();
            arrayList2.add(new Pattern(new DittedBitSequence(flipPatternBytes(next.getValueBytes()), flipPatternBytes(next.getMaskBytes())), next.getMarkOffset(), next.getPostRules(), next.getMatchActions()));
        }
        return arrayList2;
    }

    private static byte[] flipPatternBytes(byte[] bArr) {
        for (int i = 0; i < bArr.length; i += 4) {
            byte b = bArr[i];
            bArr[i] = bArr[i + 3];
            bArr[i + 3] = b;
            byte b2 = bArr[i + 1];
            bArr[i + 1] = bArr[i + 2];
            bArr[i + 2] = b2;
        }
        return bArr;
    }

    /* JADX WARN: Removed duplicated region for block: B:20:0x00e4 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0061 A[SYNTHETIC] */
    @Override // ghidra.app.services.Analyzer
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean added(ghidra.program.model.listing.Program r8, ghidra.program.model.address.AddressSetView r9, ghidra.util.task.TaskMonitor r10, ghidra.app.util.importer.MessageLog r11) throws ghidra.util.exception.CancelledException {
        /*
            Method dump skipped, instructions count: 296
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ghidra.app.plugin.core.analysis.PPC64CallStubAnalyzer.added(ghidra.program.model.listing.Program, ghidra.program.model.address.AddressSetView, ghidra.util.task.TaskMonitor, ghidra.app.util.importer.MessageLog):boolean");
    }

    private Match matchKnownCallStubs(Address address, Memory memory, SequenceSearchState sequenceSearchState) {
        byte[] bArr = new byte[maxPatternLength];
        ArrayList<Match> arrayList = new ArrayList<>();
        int i = 0;
        try {
            i = memory.getBytes(address, bArr);
        } catch (MemoryAccessException e) {
        }
        if (i == 0) {
            return null;
        }
        byte[] bArr2 = bArr;
        if (i != bArr.length) {
            bArr2 = new byte[i];
            System.arraycopy(bArr, 0, bArr2, 0, i);
        }
        arrayList.clear();
        sequenceSearchState.apply(bArr2, arrayList);
        if (arrayList.size() == 0) {
            return null;
        }
        return arrayList.get(0);
    }

    private void createThunk(Program program, Address address, int i, Address address2) {
        new CreateThunkFunctionCmd(address, new AddressSet(address, address.add(i - 1)), address2).applyTo(program);
    }

    private void analyzeCallStub(final Program program, final Function function, final int i, final TaskMonitor taskMonitor) throws CancelledException {
        SymbolicPropogator symbolicPropogator = new SymbolicPropogator(program);
        symbolicPropogator.setParamRefCheck(false);
        symbolicPropogator.setReturnRefCheck(false);
        symbolicPropogator.setStoredRefCheck(false);
        final Address entryPoint = function.getEntryPoint();
        symbolicPropogator.flowConstants(entryPoint, (AddressSetView) new AddressSet(entryPoint, entryPoint.add(i - 1)), (ContextEvaluator) new ContextEvaluatorAdapter() { // from class: ghidra.app.plugin.core.analysis.PPC64CallStubAnalyzer.1
            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean followFalseConditionalBranches() {
                return false;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean evaluateReference(VarnodeContext varnodeContext, Instruction instruction, int i2, Address address, int i3, DataType dataType, RefType refType) {
                return true;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean evaluateDestination(VarnodeContext varnodeContext, Instruction instruction) {
                if (!"bctr".equals(instruction.getMnemonicString())) {
                    return true;
                }
                instruction.setFlowOverride(FlowOverride.CALL_RETURN);
                RegisterValue registerValue = varnodeContext.getRegisterValue(PPC64CallStubAnalyzer.this.ctrReg);
                if (registerValue == null || !registerValue.hasValue()) {
                    return true;
                }
                Function createDestinationFunction = PPC64CallStubAnalyzer.this.createDestinationFunction(program, entryPoint.getNewAddress(registerValue.getUnsignedValue().longValue()), instruction.getAddress(), varnodeContext.getRegisterValue(PPC64CallStubAnalyzer.this.r2Reg), taskMonitor);
                if (createDestinationFunction == null) {
                    return true;
                }
                if (function.isThunk()) {
                    function.setThunkedFunction(createDestinationFunction);
                    return true;
                }
                PPC64CallStubAnalyzer.this.createThunk(program, entryPoint, i, createDestinationFunction.getEntryPoint());
                return true;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean allowAccess(VarnodeContext varnodeContext, Address address) {
                return true;
            }
        }, false, taskMonitor);
    }

    private Function getUnknownFunction(Program program) {
        try {
            return program.getExternalManager().addExtFunction(Library.UNKNOWN, UNKNOWN_FUNCTION_NAME, (Address) null, SourceType.IMPORTED).getFunction();
        } catch (DuplicateNameException | InvalidInputException e) {
            throw new AssertException("unexpected", e);
        }
    }

    private boolean thunksUnknownFunction(Function function) {
        Function thunkedFunction = function.getThunkedFunction(false);
        if (thunkedFunction == null || !thunkedFunction.isExternal()) {
            return false;
        }
        return UNKNOWN_FUNCTION_NAME.equals(thunkedFunction.getName());
    }

    private Function createDestinationFunction(Program program, Address address, Address address2, RegisterValue registerValue, TaskMonitor taskMonitor) {
        ProgramContext programContext;
        RegisterValue registerValue2;
        Listing listing = program.getListing();
        BookmarkManager bookmarkManager = program.getBookmarkManager();
        if (!program.getMemory().contains(address)) {
            bookmarkManager.setBookmark(address2, BookmarkType.ERROR, "Bad Reference", "No memory for call stub destination at " + String.valueOf(address));
            return null;
        }
        Function functionAt = listing.getFunctionAt(address);
        if (registerValue != null && registerValue.hasValue() && ((registerValue2 = (programContext = program.getProgramContext()).getRegisterValue(registerValue.getRegister(), address)) == null || !registerValue2.hasValue())) {
            try {
                programContext.setRegisterValue(address, address, registerValue);
                if (functionAt != null) {
                    AutoAnalysisManager.getAnalysisManager(program).functionDefined(address);
                }
            } catch (ContextChangeException e) {
                throw new AssertException(e);
            }
        }
        if (functionAt != null) {
            return functionAt;
        }
        CodeUnit codeUnitContaining = listing.getCodeUnitContaining(address);
        if (codeUnitContaining == null) {
            throw new AssertException("expected code unit in memory");
        }
        if (!address.equals(codeUnitContaining.getMinAddress())) {
            bookmarkManager.setBookmark(codeUnitContaining.getMinAddress(), BookmarkType.ERROR, "Code Unit Conflict", "Expected function entry at " + String.valueOf(address) + " referenced by call stub from " + String.valueOf(address2));
            return null;
        }
        if (codeUnitContaining instanceof Data) {
            if (((Data) codeUnitContaining).isDefined()) {
                bookmarkManager.setBookmark(address, BookmarkType.ERROR, "Code Unit Conflict", "Expected function entry referenced by call stub from " + String.valueOf(address2));
                return null;
            }
            if (!new DisassembleCommand(address, (AddressSetView) null, true).applyTo(program, taskMonitor)) {
                return null;
            }
        }
        CreateFunctionCmd createFunctionCmd = new CreateFunctionCmd(address);
        if (createFunctionCmd.applyTo(program, taskMonitor)) {
            return createFunctionCmd.getFunction();
        }
        return null;
    }
}
