package ghidra.app.cmd.function;

import ghidra.app.util.PseudoDisassembler;
import ghidra.framework.cmd.BackgroundCommand;
import ghidra.program.database.function.OverlappingFunctionException;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressSet;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.block.BasicBlockModel;
import ghidra.program.model.block.CodeBlock;
import ghidra.program.model.block.CodeBlockReference;
import ghidra.program.model.block.CodeBlockReferenceIterator;
import ghidra.program.model.block.SimpleBlockModel;
import ghidra.program.model.data.DataType;
import ghidra.program.model.lang.Register;
import ghidra.program.model.lang.RegisterValue;
import ghidra.program.model.listing.ContextChangeException;
import ghidra.program.model.listing.Function;
import ghidra.program.model.listing.FunctionManager;
import ghidra.program.model.listing.Instruction;
import ghidra.program.model.listing.Library;
import ghidra.program.model.listing.Listing;
import ghidra.program.model.listing.Program;
import ghidra.program.model.pcode.PcodeOp;
import ghidra.program.model.pcode.Varnode;
import ghidra.program.model.symbol.ExternalLocation;
import ghidra.program.model.symbol.ExternalLocationIterator;
import ghidra.program.model.symbol.ExternalManager;
import ghidra.program.model.symbol.FlowType;
import ghidra.program.model.symbol.Namespace;
import ghidra.program.model.symbol.RefType;
import ghidra.program.model.symbol.Reference;
import ghidra.program.model.symbol.SourceType;
import ghidra.program.model.symbol.Symbol;
import ghidra.program.model.symbol.SymbolType;
import ghidra.program.util.ContextEvaluator;
import ghidra.program.util.ContextEvaluatorAdapter;
import ghidra.program.util.SymbolicPropogator;
import ghidra.program.util.VarnodeContext;
import ghidra.util.Msg;
import ghidra.util.exception.CancelledException;
import ghidra.util.exception.DuplicateNameException;
import ghidra.util.exception.InvalidInputException;
import ghidra.util.task.TaskMonitor;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:ghidra/app/cmd/function/CreateThunkFunctionCmd.class */
public class CreateThunkFunctionCmd extends BackgroundCommand<Program> {
    private Address entry;
    private AddressSetView body;
    private Address referencedFunctionAddr;
    private Symbol referencedSymbol;
    private Function thunkFunction;
    private Function referencedFunction;
    private List<Address> referringThunkAddresses;
    private boolean checkForSideEffects;
    private static final int MAX_NUMBER_OF_THUNKING_INSTRUCTIONS = 8;
    static String DEFAULT_FUNCTION_COMMENT = " THUNK-FUNCTION";

    public CreateThunkFunctionCmd(Address address, AddressSetView addressSetView, Address address2, List<Address> list) {
        this(address, addressSetView, address2);
        if (list != null) {
            this.referringThunkAddresses.addAll(0, list);
        }
    }

    public CreateThunkFunctionCmd(Address address, AddressSetView addressSetView, Address address2) {
        super("Create Thunk Function", false, false, false);
        this.referringThunkAddresses = new ArrayList();
        this.checkForSideEffects = true;
        this.entry = address;
        this.body = addressSetView;
        this.referencedFunctionAddr = address2;
        this.referringThunkAddresses.add(address);
    }

    public CreateThunkFunctionCmd(Address address, AddressSetView addressSetView, Symbol symbol) {
        this(address, addressSetView, (Address) null);
        this.referencedSymbol = symbol;
    }

    public CreateThunkFunctionCmd(Address address, boolean z) {
        this(address, (AddressSetView) null, (Symbol) null);
        this.checkForSideEffects = z;
    }

    @Override // ghidra.framework.cmd.BackgroundCommand
    public boolean applyTo(Program program, TaskMonitor taskMonitor) {
        FunctionManager functionManager = program.getFunctionManager();
        if (this.referencedFunctionAddr == Address.NO_ADDRESS) {
            this.referencedFunctionAddr = null;
        }
        this.thunkFunction = functionManager.getFunctionAt(this.entry);
        if (this.body != null) {
            for (Function function : functionManager.getFunctions(this.body, true)) {
                if (function != this.thunkFunction) {
                    setStatusMsg("Specified body overlaps existing function '" + function.getName() + "' at " + String.valueOf(function.getEntryPoint()));
                    return false;
                }
            }
        }
        this.referencedFunction = getReferencedFunction(this.referencedFunctionAddr == null && this.referencedSymbol == null, program, taskMonitor);
        if (this.referencedFunction == null) {
            this.thunkFunction = null;
            return false;
        }
        this.referencedFunctionAddr = this.referencedFunction.getEntryPoint();
        if (this.thunkFunction != null) {
            try {
                this.thunkFunction.setThunkedFunction(this.referencedFunction);
                if (this.body == null) {
                    return true;
                }
                try {
                    this.thunkFunction.setBody(this.body);
                    return true;
                } catch (OverlappingFunctionException e) {
                    setStatusMsg("Specified body overlaps existing function(s): " + e.getMessage());
                    return false;
                }
            } catch (IllegalArgumentException e2) {
                setStatusMsg("Invalid thunked function specified: " + e2.getMessage());
                return false;
            }
        }
        if (program.getListing().getFunctionContaining(this.entry) != null) {
            setStatusMsg("Thunk function entry contained within another function");
            return false;
        }
        if (this.body == null) {
            this.body = computeThunkBody(program);
            if (this.body == null) {
                return false;
            }
        } else if (this.body.contains(this.referencedFunctionAddr)) {
            this.body = this.body.subtract(this.referencedFunction.getBody());
            if (this.body.getNumAddressRanges() != 1 || !this.body.contains(this.entry)) {
                return false;
            }
        }
        Namespace globalNamespace = program.getGlobalNamespace();
        String str = null;
        SourceType sourceType = SourceType.DEFAULT;
        Symbol primarySymbol = program.getSymbolTable().getPrimarySymbol(this.entry);
        if (primarySymbol != null) {
            str = primarySymbol.getName();
            globalNamespace = primarySymbol.getParentNamespace();
            sourceType = primarySymbol.getSource();
        }
        try {
            this.thunkFunction = functionManager.createThunkFunction(str, globalNamespace, this.entry, this.body, this.referencedFunction, sourceType);
            return true;
        } catch (OverlappingFunctionException e3) {
            setStatusMsg("Specified body overlaps existing function(s): " + e3.getMessage());
            return false;
        }
    }

    private AddressSetView computeThunkBody(Program program) {
        if (program.getMemory().isExternalBlockAddress(this.entry)) {
            return new AddressSet(this.entry, this.entry);
        }
        Instruction instructionAt = program.getListing().getInstructionAt(this.entry);
        if (instructionAt == null) {
            return null;
        }
        FlowType flowType = instructionAt.getFlowType();
        if (flowType == RefType.UNCONDITIONAL_JUMP || flowType == RefType.COMPUTED_JUMP || flowType == RefType.COMPUTED_CALL_TERMINATOR || flowType == RefType.CALL_TERMINATOR) {
            return new AddressSet(instructionAt.getMinAddress(), instructionAt.getMaxAddress());
        }
        setStatusMsg("Must specify thunk function body");
        return null;
    }

    private Function getReferencedFunction(boolean z, Program program, TaskMonitor taskMonitor) {
        Listing listing = program.getListing();
        if (this.referencedSymbol != null) {
            Object object = this.referencedSymbol.getObject();
            if (object instanceof Function) {
                return (Function) object;
            }
            if (object instanceof ExternalLocation) {
                return ((ExternalLocation) object).createFunction();
            }
            this.referencedFunctionAddr = this.referencedSymbol.getAddress();
        } else if ((this.referencedFunctionAddr == null || this.referencedFunctionAddr == Address.NO_ADDRESS) && z) {
            this.referencedFunctionAddr = getThunkedExternalFunctionAddress(program, this.entry);
            if (this.referencedFunctionAddr == null) {
                this.referencedFunctionAddr = getThunkedAddr(program, this.entry, this.checkForSideEffects);
            }
            if (this.referencedFunctionAddr == null || this.referencedFunctionAddr == Address.NO_ADDRESS) {
                try {
                    if (resolveComputableFlow(program, this.entry, taskMonitor)) {
                        this.referencedFunctionAddr = getThunkedAddr(program, this.entry, this.checkForSideEffects);
                    }
                } catch (CancelledException e) {
                    return null;
                }
            }
            if (this.referencedFunctionAddr == null || this.referencedFunctionAddr == Address.NO_ADDRESS) {
                this.referencedFunctionAddr = getFirstBlockJumpCall(program, taskMonitor);
            }
        } else if (this.referencedFunctionAddr != null) {
            this.referencedFunctionAddr = PseudoDisassembler.getNormalizedDisassemblyAddress(program, this.referencedFunctionAddr);
        }
        if (this.referencedFunctionAddr == null) {
            setStatusMsg("Failed to create thunk at " + String.valueOf(this.entry) + ": unable to find thunked function");
            return null;
        }
        Function functionAt = listing.getFunctionAt(this.referencedFunctionAddr);
        if (functionAt == null && program.getMemory().isExternalBlockAddress(this.referencedFunctionAddr)) {
            CreateThunkFunctionCmd createThunkFunctionCmd = new CreateThunkFunctionCmd(this.referencedFunctionAddr, false);
            if (createThunkFunctionCmd.applyTo(program)) {
                functionAt = createThunkFunctionCmd.getThunkFunction();
            }
        }
        if (functionAt != null) {
            if (!functionAt.getEntryPoint().equals(this.entry)) {
                return functionAt;
            }
            setStatusMsg("Invalid referenced function: circular reference");
            return null;
        }
        if (this.referencedFunctionAddr.isExternalAddress()) {
            Symbol primarySymbol = program.getSymbolTable().getPrimarySymbol(this.referencedFunctionAddr);
            if (primarySymbol == null) {
                return null;
            }
            ExternalLocation externalLocation = (ExternalLocation) primarySymbol.getObject();
            Msg.trace(this, "Converting external location to function as a result of thunk at: " + String.valueOf(this.entry));
            return externalLocation.createFunction();
        }
        if (!this.referencedFunctionAddr.isMemoryAddress()) {
            setStatusMsg("Referenced address/symbol is not a valid memory location");
            return null;
        }
        if (!program.getMemory().contains(this.referencedFunctionAddr)) {
            return getExternalFunction(program);
        }
        if (listing.getFunctionContaining(this.referencedFunctionAddr) != null || listing.getInstructionAt(this.referencedFunctionAddr) == null) {
            setStatusMsg("Invalid referenced function entry address");
            return null;
        }
        if (this.referringThunkAddresses.contains(this.referencedFunctionAddr)) {
            setStatusMsg("Invalid referenced function: circular reference");
            return null;
        }
        CreateFunctionCmd createFunctionCmd = new CreateFunctionCmd(this.referencedFunctionAddr, this.referringThunkAddresses);
        if (createFunctionCmd.applyTo(program)) {
            return createFunctionCmd.getFunction();
        }
        setStatusMsg("Failed to create thunk at " + String.valueOf(this.entry) + ": unable to create thunked-function at " + String.valueOf(this.referencedFunctionAddr));
        return null;
    }

    private Address getFirstBlockJumpCall(Program program, TaskMonitor taskMonitor) {
        try {
            CodeBlock codeBlockAt = new SimpleBlockModel(program).getCodeBlockAt(this.entry, taskMonitor);
            if (codeBlockAt == null) {
                return null;
            }
            CodeBlockReferenceIterator destinations = codeBlockAt.getDestinations(taskMonitor);
            while (destinations.hasNext()) {
                CodeBlockReference next = destinations.next();
                FlowType flowType = next.getFlowType();
                if ((flowType.isCall() || flowType.isJump()) && flowType.isUnConditional()) {
                    return next.getDestinationAddress();
                }
            }
            return null;
        } catch (CancelledException e) {
            return null;
        }
    }

    private Function getExternalFunction(Program program) {
        ExternalManager externalManager = program.getExternalManager();
        ExternalLocationIterator externalLocations = externalManager.getExternalLocations(this.referencedFunctionAddr);
        if (externalLocations.hasNext()) {
            ExternalLocation next = externalLocations.next();
            if (next.isFunction()) {
                return next.getFunction();
            }
            Msg.debug(this, "Converting external location to a function: " + next.toString());
            return next.createFunction();
        }
        try {
            ExternalLocation addExtFunction = externalManager.addExtFunction(Library.UNKNOWN, (String) null, this.referencedFunctionAddr, SourceType.DEFAULT);
            Msg.debug(this, "Created new external location for address " + String.valueOf(this.referencedFunctionAddr) + ": " + addExtFunction.toString());
            return addExtFunction.getFunction();
        } catch (DuplicateNameException | InvalidInputException e) {
            throw new RuntimeException("Unexpected exception", e);
        }
    }

    private boolean resolveComputableFlow(final Program program, Address address, TaskMonitor taskMonitor) throws CancelledException {
        final Register register = program.getRegister("ISAModeSwitch");
        final Register register2 = program.getRegister("ISA_MODE");
        CodeBlock firstCodeBlockContaining = new BasicBlockModel(program).getFirstCodeBlockContaining(address, taskMonitor);
        if (firstCodeBlockContaining == null) {
            return false;
        }
        final AtomicInteger atomicInteger = new AtomicInteger(0);
        new SymbolicPropogator(program).flowConstants(firstCodeBlockContaining.getFirstStartAddress(), (AddressSetView) firstCodeBlockContaining, (ContextEvaluator) new ContextEvaluatorAdapter(this) { // from class: ghidra.app.cmd.function.CreateThunkFunctionCmd.1
            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean evaluateReference(VarnodeContext varnodeContext, Instruction instruction, int i, Address address2, int i2, DataType dataType, RefType refType) {
                if (!refType.isComputed() || !refType.isFlow() || !program.getMemory().contains(address2)) {
                    return false;
                }
                propogateCodeMode(varnodeContext, address2);
                atomicInteger.incrementAndGet();
                return true;
            }

            @Override // ghidra.program.util.ContextEvaluatorAdapter, ghidra.program.util.ContextEvaluator
            public boolean allowAccess(VarnodeContext varnodeContext, Address address2) {
                return true;
            }

            private void propogateCodeMode(VarnodeContext varnodeContext, Address address2) {
                BigInteger value;
                if (register == null || (value = varnodeContext.getValue(register, false)) == null || program.getListing().getInstructionAt(address2) != null) {
                    return;
                }
                try {
                    program.getProgramContext().setValue(register2, address2, address2, value);
                } catch (ContextChangeException e) {
                }
            }
        }, false, taskMonitor);
        return atomicInteger.get() == 1;
    }

    public Function getThunkFunction() {
        return this.thunkFunction;
    }

    public Function getReferencedFunction() {
        return this.referencedFunction;
    }

    public static Address getThunkedAddr(Program program, Address address) {
        return getThunkedAddr(program, address, true);
    }

    public static Address getThunkedAddr(Program program, Address address, boolean z) {
        Listing listing = program.getListing();
        Instruction instructionAt = listing.getInstructionAt(address);
        if (instructionAt == null) {
            return null;
        }
        Address simpleFlow = getSimpleFlow(instructionAt);
        if (simpleFlow != null) {
            return simpleFlow;
        }
        boolean z2 = program.getAddressFactory().getDefaultAddressSpace().getSize() > 16;
        int i = 1;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        addSetRegisters(program, address, hashSet);
        while (instructionAt != null) {
            int i2 = i;
            i++;
            if (i2 > 8) {
                return null;
            }
            FlowType flowType = instructionAt.getFlowType();
            for (PcodeOp pcodeOp : instructionAt.getPcode(false)) {
                if (z && pcodeOp.getOpcode() == 3) {
                    return null;
                }
                if (z && !addRegisterUsage(program, hashSet, hashSet2, hashSet3, pcodeOp, z2)) {
                    return null;
                }
            }
            if (instructionAt.isFallthrough() && instructionAt.getDelaySlotDepth() == 0) {
                instructionAt = listing.getInstructionAt(instructionAt.getFallThrough());
            } else if (!isLocalBranch(listing, instructionAt, flowType)) {
                return getFlowingAddrFromFinalState(program, instructionAt, flowType, z, hashSet2, hashSet3);
            }
        }
        return null;
    }

    private static void addSetRegisters(Program program, Address address, HashSet<Varnode> hashSet) {
        RegisterValue registerValue;
        for (Register register : program.getProgramContext().getRegistersWithValues()) {
            if (!register.isProcessorContext() && (registerValue = program.getProgramContext().getRegisterValue(register, address)) != null && registerValue.hasValue()) {
                Register register2 = registerValue.getRegister();
                hashSet.add(new Varnode(register2.getAddress(), register2.getMinimumByteSize()));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Address getThunkedExternalFunctionAddress(Program program, Address address) {
        if (!program.getMemory().isExternalBlockAddress(address)) {
            return null;
        }
        Symbol[] symbols = program.getSymbolTable().getSymbols(address);
        if (symbols.length != 1) {
            return null;
        }
        Symbol symbol = symbols[0];
        if (symbol.isDynamic() || symbol.getSymbolType() != SymbolType.LABEL || !symbol.getParentNamespace().isGlobal()) {
            return null;
        }
        try {
            ExternalLocation addExtFunction = program.getExternalManager().addExtFunction(Library.UNKNOWN, symbol.getName(), (Address) null, symbol.getSource());
            symbol.delete();
            return addExtFunction.getExternalSpaceAddress();
        } catch (DuplicateNameException | InvalidInputException e) {
            return null;
        }
    }

    private static boolean isLocalBranch(Listing listing, Instruction instruction, FlowType flowType) {
        if (!flowType.isJump() || flowType.isConditional()) {
            return false;
        }
        Address[] flows = instruction.getFlows();
        return flows.length == 1 && instruction.getMinAddress().hasSameAddressSpace(flows[0]) && Math.abs(flows[0].subtract(instruction.getMinAddress())) <= 8;
    }

    private static Address getFlowingAddrFromFinalState(Program program, Instruction instruction, FlowType flowType, boolean z, HashSet<Varnode> hashSet, HashSet<Varnode> hashSet2) {
        Address address = null;
        if ((flowType.isJump() || flowType.equals(RefType.COMPUTED_CALL_TERMINATOR) || flowType.equals(RefType.CALL_TERMINATOR)) && !flowType.isConditional()) {
            Register programCounter = program.getLanguage().getProgramCounter();
            if (programCounter != null) {
                hashSet2.add(new Varnode(programCounter.getAddress(), programCounter.getMinimumByteSize()));
            }
            hashSet.removeAll(hashSet2);
            Iterator<Varnode> it = hashSet.iterator();
            while (it.hasNext()) {
                Register register = program.getRegister(it.next());
                if (register != null && register.isHidden()) {
                    it.remove();
                }
            }
            if (!z || hashSet.size() == 0) {
                address = getFlowingAddress(program, instruction);
            }
        }
        return address;
    }

    private static Address getSimpleFlow(Instruction instruction) {
        FlowType flowType = instruction.getFlowType();
        if (instruction.getDelaySlotDepth() != 0 || flowType.isConditional()) {
            return null;
        }
        if (!flowType.isJump() && (!flowType.isCall() || !flowType.isTerminal())) {
            return null;
        }
        Address[] flows = instruction.getFlows();
        if (flows.length == 1) {
            return flows[0];
        }
        return null;
    }

    private static boolean addRegisterUsage(Program program, HashSet<Varnode> hashSet, HashSet<Varnode> hashSet2, HashSet<Varnode> hashSet3, PcodeOp pcodeOp, boolean z) {
        int opcode = pcodeOp.getOpcode();
        Varnode output = pcodeOp.getOutput();
        if (opcode == 1) {
            if (output.isAddress()) {
                return false;
            }
            if (output.equals(pcodeOp.getInput(0))) {
                return true;
            }
        }
        for (Varnode varnode : pcodeOp.getInputs()) {
            if (varnode.isRegister()) {
                if ((!z || varnode.getSize() > 1) && !containsRegister(program, hashSet2, varnode) && !containsRegister(program, hashSet, varnode)) {
                    return false;
                }
                if (output == null || output.getSize() >= varnode.getSize()) {
                    hashSet3.add(varnode);
                }
            }
        }
        if (output == null || !output.isRegister()) {
            return true;
        }
        if (z && output.getSize() <= 1) {
            return true;
        }
        hashSet2.add(output);
        hashSet3.remove(output);
        return true;
    }

    private static boolean containsRegister(Program program, HashSet<Varnode> hashSet, Varnode varnode) {
        Register parentRegister;
        if (hashSet.contains(varnode)) {
            return true;
        }
        Register register = program.getRegister(varnode);
        if (register == null || (parentRegister = register.getParentRegister()) == null) {
            return false;
        }
        return hashSet.contains(new Varnode(parentRegister.getAddress(), parentRegister.getBitLength() / 8));
    }

    private static Address getFlowingAddress(Program program, Instruction instruction) {
        Reference reference = null;
        Reference reference2 = null;
        for (Reference reference3 : instruction.getReferencesFrom()) {
            RefType referenceType = reference3.getReferenceType();
            if (referenceType.isData()) {
                reference2 = reference3;
            } else if (!referenceType.isFlow()) {
                continue;
            } else {
                if (reference != null) {
                    return null;
                }
                reference = reference3;
            }
        }
        if (reference == null) {
            reference = reference2;
        }
        if (reference == null) {
            return Address.NO_ADDRESS;
        }
        RefType referenceType2 = reference.getReferenceType();
        if (!referenceType2.isData() && !referenceType2.isIndirect()) {
            return reference.getToAddress();
        }
        Reference[] referencesFrom = program.getReferenceManager().getReferencesFrom(reference.getToAddress());
        if (referencesFrom.length != 1) {
            return null;
        }
        if (referencesFrom[0].getReferenceType() == RefType.DATA || referencesFrom[0].isExternalReference()) {
            return referencesFrom[0].getToAddress();
        }
        return null;
    }

    public static boolean isThunk(Program program, Function function) {
        return getThunkedAddr(program, function.getEntryPoint()) != null;
    }
}
