This class represents an entry in the exception table (.pdata section) for the x86-64 architecture. More...
#include <RuntimeFunctionX64.hpp>
Classes | |
| struct | unwind_info_t |
| This structure represents the UNWIND_INFO which records the effects a function has on the stack pointer, and where the nonvolatile registers are saved on the stack. More... | |
Public Types | |
| enum class | UNWIND_FLAGS : uint8_t { EXCEPTION_HANDLER = 1 , TERMINATE_HANDLER = 2 , CHAIN_INFO = 4 } |
| enum class | UNWIND_OPCODES : uint32_t { PUSH_NONVOL = 0 , ALLOC_LARGE = 1 , ALLOC_SMALL = 2 , SET_FPREG = 3 , SAVE_NONVOL = 4 , SAVE_NONVOL_FAR = 5 , EPILOG = 6 , SPARE = 7 , SAVE_XMM128 = 8 , SAVE_XMM128_FAR = 9 , PUSH_MACHFRAME = 10 } |
| enum class | UNWIND_REG : uint32_t { RAX = 0 , RCX , RDX , RBX , RSP , RBP , RSI , RDI , R8 , R9 , R10 , R11 , R12 , R13 , R14 , R15 } |
| Public Types inherited from LIEF::PE::ExceptionInfo | |
| enum class | ARCH { UNKNOWN = 0 , ARM64 , X86_64 } |
| Arch discriminator for the subclasses. More... | |
Public Member Functions | |
| RuntimeFunctionX64 (uint32_t rva_start, uint32_t rva_end, uint32_t unwind_rva) | |
| RuntimeFunctionX64 (const RuntimeFunctionX64 &)=default | |
| RuntimeFunctionX64 & | operator= (const RuntimeFunctionX64 &)=default |
| RuntimeFunctionX64 (RuntimeFunctionX64 &&)=default | |
| RuntimeFunctionX64 & | operator= (RuntimeFunctionX64 &&)=default |
| std::unique_ptr< ExceptionInfo > | clone () const override |
| std::string | to_string () const override |
| uint32_t | rva_end () const |
| Function end address. | |
| uint32_t | unwind_rva () const |
| Unwind info address. | |
| uint32_t | size () const |
| Size of the function (in bytes). | |
| const unwind_info_t * | unwind_info () const |
| Detailed unwind information. | |
| unwind_info_t * | unwind_info () |
| void | unwind_info (unwind_info_t info) |
| ~RuntimeFunctionX64 ()=default | |
| Public Member Functions inherited from LIEF::PE::ExceptionInfo | |
| ExceptionInfo ()=delete | |
| ExceptionInfo (const ExceptionInfo &)=default | |
| ExceptionInfo & | operator= (const ExceptionInfo &)=default |
| ExceptionInfo (ExceptionInfo &&)=default | |
| ExceptionInfo & | operator= (ExceptionInfo &&)=default |
| ExceptionInfo (ARCH arch, uint64_t rva) | |
| ExceptionInfo (ARCH arch) | |
| ARCH | arch () const |
| Target architecture of this exception. | |
| uint32_t | rva_start () const |
| Function start address. | |
| virtual | ~ExceptionInfo ()=default |
| template<class T> | |
| T * | as () |
| Helper to downcast an ExceptionInfo into a concrete implementation. | |
| template<class T> | |
| const T * | as () const |
Static Public Member Functions | |
| static bool | classof (const ExceptionInfo *info) |
| Static Public Member Functions inherited from LIEF::PE::ExceptionInfo | |
| static std::unique_ptr< ExceptionInfo > | parse (Parser &ctx, BinaryStream &strm) |
| static std::unique_ptr< ExceptionInfo > | parse (Parser &ctx, BinaryStream &strm, Header::MACHINE_TYPES arch) |
Detailed Description
This class represents an entry in the exception table (.pdata section) for the x86-64 architecture.
Reference: https://learn.microsoft.com/en-us/cpp/build/exception-handling-x64
Member Enumeration Documentation
◆ UNWIND_FLAGS
|
strong |
◆ UNWIND_OPCODES
|
strong |
| Enumerator | |
|---|---|
| PUSH_NONVOL | Push a nonvolatile integer register, decrementing RSP by 8. The operation info is the number of the register. Because of the constraints on epilogs, PUSH_NONVOL unwind codes must appear first in the prolog and correspondingly, last in the unwind code array. This relative ordering applies to all other unwind codes except UNWIND_OPCODES::PUSH_MACHFRAME. |
| ALLOC_LARGE | Allocate a large-sized area on the stack. There are two forms. If the operation info equals 0, then the size of the allocation divided by 8 is recorded in the next slot, allowing an allocation up to 512K - 8. If the operation info equals 1, then the unscaled size of the allocation is recorded in the next two slots in little-endian format, allowing allocations up to 4GB - 8. |
| ALLOC_SMALL | Allocate a small-sized area on the stack. The size of the allocation is the operation info field * 8 + 8, allowing allocations from 8 to 128 bytes. |
| SET_FPREG | Establish the frame pointer register by setting the register to some offset of the current RSP. The offset is equal to the Frame Register offset (scaled) field in the UNWIND_INFO * 16, allowing offsets from 0 to 240. The use of an offset permits establishing a frame pointer that points to the middle of the fixed stack allocation, helping code density by allowing more accesses to use short instruction forms. The operation info field is reserved and shouldn't be used. |
| SAVE_NONVOL | Save a nonvolatile integer register on the stack using a MOV instead of a PUSH. This code is primarily used for shrink-wrapping, where a nonvolatile register is saved to the stack in a position that was previously allocated. The operation info is the number of the register. The scaled-by-8 stack offset is recorded in the next unwind operation code slot, as described in the note above. |
| SAVE_NONVOL_FAR | Save a nonvolatile integer register on the stack with a long offset, using a MOV instead of a PUSH. This code is primarily used for shrink-wrapping, where a nonvolatile register is saved to the stack in a position that was previously allocated. The operation info is the number of the register. The unscaled stack offset is recorded in the next two unwind operation code slots, as described in the note above. |
| EPILOG | This entry is only revelant for version 2. It describes the function epilog. |
| SPARE | Reserved Originally SAVE_XMM128_FAR in version 1, but deprecated and removed. |
| SAVE_XMM128 | Save all 128 bits of a nonvolatile XMM register on the stack. The operation info is the number of the register. The scaled-by-16 stack offset is recorded in the next slot. |
| SAVE_XMM128_FAR | Save all 128 bits of a nonvolatile XMM register on the stack with a long offset. The operation info is the number of the register. The unscaled stack offset is recorded in the next two slots. |
| PUSH_MACHFRAME | Push a machine frame. This unwind code is used to record the effect of a hardware interrupt or exception. |
◆ UNWIND_REG
|
strong |
Constructor & Destructor Documentation
◆ RuntimeFunctionX64() [1/3]
|
inline |
References LIEF::PE::ExceptionInfo::ExceptionInfo(), rva_end(), LIEF::PE::ExceptionInfo::rva_start(), unwind_rva(), and LIEF::PE::ExceptionInfo::X86_64.
Referenced by clone(), operator=(), operator=(), RuntimeFunctionX64(), and RuntimeFunctionX64().
◆ RuntimeFunctionX64() [2/3]
|
default |
References RuntimeFunctionX64().
◆ RuntimeFunctionX64() [3/3]
|
default |
References RuntimeFunctionX64().
◆ ~RuntimeFunctionX64()
|
default |
Member Function Documentation
◆ classof()
|
inlinestatic |
References LIEF::PE::ExceptionInfo::ExceptionInfo(), and LIEF::PE::ExceptionInfo::X86_64.
◆ clone()
|
inlineoverridevirtual |
Implements LIEF::PE::ExceptionInfo.
References RuntimeFunctionX64().
◆ operator=() [1/2]
|
default |
References RuntimeFunctionX64().
◆ operator=() [2/2]
|
default |
References RuntimeFunctionX64().
◆ rva_end()
|
inline |
Function end address.
Referenced by RuntimeFunctionX64(), and size().
◆ size()
|
inline |
Size of the function (in bytes).
References rva_end(), and LIEF::PE::ExceptionInfo::rva_start().
◆ to_string()
|
overridevirtual |
Implements LIEF::PE::ExceptionInfo.
◆ unwind_info() [1/3]
|
inline |
◆ unwind_info() [2/3]
|
inline |
Detailed unwind information.
◆ unwind_info() [3/3]
|
inline |
◆ unwind_rva()
|
inline |
Unwind info address.
Referenced by RuntimeFunctionX64().
The documentation for this class was generated from the following file:
Generated by
1.15.0