package ghidra.app.plugin.prototype.MicrosoftCodeAnalyzerPlugin;

import ghidra.app.cmd.data.CreateTypeDescriptorBackgroundCmd;
import ghidra.app.cmd.data.rtti.CreateRtti4BackgroundCmd;
import ghidra.app.cmd.data.rtti.Rtti4Model;
import ghidra.app.cmd.data.rtti.RttiUtil;
import ghidra.app.services.AbstractAnalyzer;
import ghidra.app.services.AnalysisPriority;
import ghidra.app.services.AnalyzerType;
import ghidra.app.util.datatype.microsoft.DataApplyOptions;
import ghidra.app.util.datatype.microsoft.DataValidationOptions;
import ghidra.app.util.datatype.microsoft.MSDataTypeUtils;
import ghidra.app.util.importer.MessageLog;
import ghidra.program.model.address.Address;
import ghidra.program.model.address.AddressOverflowException;
import ghidra.program.model.address.AddressSet;
import ghidra.program.model.address.AddressSetView;
import ghidra.program.model.data.InvalidDataTypeException;
import ghidra.program.model.listing.Program;
import ghidra.program.model.mem.MemoryBlock;
import ghidra.program.util.ProgramMemoryUtil;
import ghidra.util.bytesearch.GenericByteSequencePattern;
import ghidra.util.bytesearch.GenericMatchAction;
import ghidra.util.bytesearch.Match;
import ghidra.util.bytesearch.MemoryBytePatternSearcher;
import ghidra.util.exception.CancelledException;
import ghidra.util.task.TaskMonitor;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;

/* loaded from: input_file:ghidra/app/plugin/prototype/MicrosoftCodeAnalyzerPlugin/RttiAnalyzer.class */
public class RttiAnalyzer extends AbstractAnalyzer {
    private static final String NAME = "Windows x86 PE RTTI Analyzer";
    private static final String DESCRIPTION = "Finds and creates RTTI metadata structures and associated vf tables.";
    public static final String RTTI_FOUND_OPTION = "RTTI Found";
    private static final String CLASS_PREFIX_CHARS = ".?A";
    private DataValidationOptions validationOptions;
    private DataApplyOptions applyOptions;

    public RttiAnalyzer() {
        super(NAME, DESCRIPTION, AnalyzerType.BYTE_ANALYZER);
        setSupportsOneTimeAnalysis();
        setPriority(AnalysisPriority.REFERENCE_ANALYSIS.before());
        setDefaultEnablement(true);
        this.validationOptions = new DataValidationOptions();
        this.applyOptions = new DataApplyOptions();
    }

    @Override // ghidra.app.services.AbstractAnalyzer, ghidra.app.services.Analyzer
    public boolean canAnalyze(Program program) {
        return PEUtil.isVisualStudioOrClangPe(program);
    }

    @Override // ghidra.app.services.Analyzer
    public boolean added(Program program, AddressSetView addressSetView, TaskMonitor taskMonitor, MessageLog messageLog) throws CancelledException {
        if (hasRun(program)) {
            return true;
        }
        Address findTypeInfoVftableAddress = RttiUtil.findTypeInfoVftableAddress(program, taskMonitor);
        if (findTypeInfoVftableAddress == null) {
            setRttiFound(program, false);
            return true;
        }
        RttiUtil.createTypeInfoVftableSymbol(program, findTypeInfoVftableAddress);
        Set<Address> locatePotentialRTTI0Entries = locatePotentialRTTI0Entries(program, addressSetView, taskMonitor);
        if (locatePotentialRTTI0Entries == null) {
            setRttiFound(program, false);
            return true;
        }
        processRtti0(locatePotentialRTTI0Entries, program, taskMonitor);
        setRttiFound(program, true);
        return true;
    }

    private boolean hasRun(Program program) {
        return ((Boolean) program.getOptions(Program.PROGRAM_INFO).getObject(RTTI_FOUND_OPTION, null)) != null;
    }

    private void setRttiFound(Program program, boolean z) {
        program.getOptions(Program.PROGRAM_INFO).setBoolean(RTTI_FOUND_OPTION, z);
    }

    private Set<Address> locatePotentialRTTI0Entries(Program program, AddressSetView addressSetView, TaskMonitor taskMonitor) throws CancelledException {
        Address findTypeInfoVftableAddress = RttiUtil.findTypeInfoVftableAddress(program, taskMonitor);
        if (findTypeInfoVftableAddress == null) {
            return null;
        }
        return ProgramMemoryUtil.findDirectReferences(program, ProgramMemoryUtil.getMemoryBlocksStartingWithName(program, program.getMemory(), ".data", TaskMonitor.DUMMY), program.getDefaultPointerSize(), findTypeInfoVftableAddress, taskMonitor);
    }

    private void processRtti0(Collection<Address> collection, Program program, TaskMonitor taskMonitor) throws CancelledException {
        taskMonitor.setMaximum(collection.size());
        taskMonitor.setMessage("Creating RTTI Data...");
        ArrayList arrayList = new ArrayList();
        int i = 0;
        for (Address address : collection) {
            taskMonitor.checkCancelled();
            int i2 = i;
            i++;
            taskMonitor.setProgress(i2);
            if (new CreateTypeDescriptorBackgroundCmd(address, this.validationOptions, this.applyOptions).applyTo(program, taskMonitor)) {
                arrayList.add(address);
            }
        }
        processRtti4sForRtti0(program, arrayList, taskMonitor);
    }

    private void processRtti4sForRtti0(Program program, List<Address> list, TaskMonitor taskMonitor) throws CancelledException {
        List<MemoryBlock> memoryBlocksStartingWithName = ProgramMemoryUtil.getMemoryBlocksStartingWithName(program, program.getMemory(), ".rdata", taskMonitor);
        memoryBlocksStartingWithName.addAll(ProgramMemoryUtil.getMemoryBlocksStartingWithName(program, program.getMemory(), ".data", taskMonitor));
        memoryBlocksStartingWithName.addAll(ProgramMemoryUtil.getMemoryBlocksStartingWithName(program, program.getMemory(), ".text", taskMonitor));
        List<Address> rtti4Addresses = getRtti4Addresses(program, memoryBlocksStartingWithName, list, this.validationOptions, taskMonitor);
        if (rtti4Addresses.size() > 0) {
            new CreateRtti4BackgroundCmd(rtti4Addresses, memoryBlocksStartingWithName, this.validationOptions, this.applyOptions).applyTo(program, taskMonitor);
        }
    }

    private static List<Address> getRtti4Addresses(Program program, List<MemoryBlock> list, List<Address> list2, DataValidationOptions dataValidationOptions, TaskMonitor taskMonitor) throws CancelledException {
        taskMonitor.checkCancelled();
        return getRefsToRtti0(program, list, list2, dataValidationOptions, taskMonitor);
    }

    private static List<Address> getRefsToRtti0(Program program, List<MemoryBlock> list, List<Address> list2, DataValidationOptions dataValidationOptions, TaskMonitor taskMonitor) throws CancelledException {
        ArrayList arrayList = new ArrayList();
        int rtti0PointerComponentOffset = Rtti4Model.getRtti0PointerComponentOffset();
        MemoryBytePatternSearcher memoryBytePatternSearcher = new MemoryBytePatternSearcher("RTTI0 references");
        for (Address address : list2) {
            if (MSDataTypeUtils.is64Bit(program)) {
                addByteSearchPattern(memoryBytePatternSearcher, dataValidationOptions, arrayList, rtti0PointerComponentOffset, address, ProgramMemoryUtil.getImageBaseOffsets32Bytes(program, 4, address));
            } else {
                addByteSearchPattern(memoryBytePatternSearcher, dataValidationOptions, arrayList, rtti0PointerComponentOffset, address, ProgramMemoryUtil.getDirectAddressBytes(program, address));
            }
        }
        AddressSet addressSet = new AddressSet();
        for (MemoryBlock memoryBlock : list) {
            addressSet.add(memoryBlock.getStart(), memoryBlock.getEnd());
        }
        memoryBytePatternSearcher.search(program, addressSet, taskMonitor);
        return arrayList;
    }

    private static void addByteSearchPattern(MemoryBytePatternSearcher memoryBytePatternSearcher, final DataValidationOptions dataValidationOptions, final List<Address> list, final int i, Address address, byte[] bArr) {
        if (bArr == null) {
            return;
        }
        memoryBytePatternSearcher.addPattern(new GenericByteSequencePattern(bArr, new GenericMatchAction<Address>(address) { // from class: ghidra.app.plugin.prototype.MicrosoftCodeAnalyzerPlugin.RttiAnalyzer.1
            @Override // ghidra.util.bytesearch.DummyMatchAction, ghidra.util.bytesearch.MatchAction
            public void apply(Program program, Address address2, Match match) {
                try {
                    Address subtractNoWrap = address2.subtractNoWrap(i);
                    Rtti4Model rtti4Model = new Rtti4Model(program, subtractNoWrap, dataValidationOptions);
                    try {
                        rtti4Model.validate();
                        if (rtti4Model.refersToRtti0(getMatchValue())) {
                            list.add(subtractNoWrap);
                        }
                    } catch (InvalidDataTypeException e) {
                    }
                } catch (AddressOverflowException e2) {
                }
            }
        }));
    }
}
