Addjump
int Addjump(t_jmpdata *pdat,ulong from,ulong dest,int type);
Adds
jump or call to the jump table. Each module has its own jump table that
keeps the list of all recognized jumps and calls. Initially this table
is filled by the Analyser. If plugin is able to detect additional branches, it may add them to the jump table, best of all while processing ODBG2_Pluginanalyse().
Note that dest may be 0, this means undefined jump/call destination (like in JMP EAX).
Usually
many jumps or calls are added at once. To spare time, items are
added to the end of the jump table and table is marked as unsorted.
Functions that request jump data call Sortjumpdata() automatically. If table is long, this may take significant time, especially if queries for existing data and calls to Addjump() are interleaved. To reduce time spent on sorting, one may combine type with JT_NOSORT. Such jumps are excluded from the search either till the explicit call to Sortjumpdata() or till element without JT_NOSORT is added.
Parameters:
pdat
Input
parameter, pointer to the descriptor of the jump table (structure of
type t_jmpdata). It resides in the module descriptor. See t_module for
details
from
Input
parameter, address of the jump origin (first byte of the jump or call command) in the memory of the debugged application
dest
Input
parameter, address of the jump or call destination. If destination is
unknown or variable (as in JMP EAX), set dest to 0. If command has
multiple fixed destinations, like table jump, add each destination
separately
type
Input
parameter, type of jump or call, may be set to one of the following constants:
JT_JUMP - unconditional jump (like JMP 0x00401234)
JT_COND - conditional jump (like JNZ 0x00401234)
JT_SWITCH - jump via switch table
JT_RET - return misused as jump (PUSH 0x00401234; RETN)
JT_CALL - call
JT_SWCALL - call via switch table
JT_NETJUMP - unconditional jump in CIL code
JT_NETCOND - conditional jump in CIL code
JT_NETSW - switch jump in CIL code
Additionally, type may be combined with the flag JT_NOSORT. See explanation above
Return
values:
Returns 0 on success and -1 on error (new data is not added to the jump table).
Example:
int Addunconditionaljump(ulong from, ulong to) {
t_jmpdata *pdat;
t_module *pmod;
pmod=Findmodule(from);
if (pmod==NULL) return -1;
pdat=pmod->jumps;
return Addjump(pdat,from,to,JT_JUMP);
}
See
also:
Analysis, t_jmp, t_jmpcall, t_jmpdata, t_module, Arelocaljumpscallstorange(), Findglobalcallsto(), Findglobaljumpscallsto(), Findjumpfrom(), Findlocaljumpscallsto(), Findlocaljumpsto(), Sortjumpdata()