<div dir="ltr">Hi<div><br></div><div>I am working on a project related to the indirect calls in a binary.</div><div><br></div><div>I know it would be rather hard to know the called functions statically.</div><div><br></div><div>However, is it able to know how many possibilities in total for every indirect call?</div><div><br></div><div>Further more. I write a LLVM pass to help me to first locate all the indirect calls.</div><div><br></div><div>First, I use CallInst * callInst = dyn_cast<CallInst>(&I) to help me to check whether this is a callinst.</div><div><br></div><div>Then, I use </div><div><br></div><div>if(Function *calledFunction = callInst->getCalledFunction()){</div><div>direct call</div><div>}</div><div>else{</div><div>indirect call<br>}</div><div><br></div><div>I am not sure whether this is a good way to locate all the indirect alls. </div><div><br></div><div>As you can see, below is a piece of code in libxml2.</div><div>




<span></span>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">if</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> (uqname != </span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">) {</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>cur = xmlHashLookup3(table, uqname, prefix, elem);</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">3285:        </span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">if</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> (prefix != </span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">) xmlFree(prefix);</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">3286:        </span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">if</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> (uqname != </span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">) xmlFree(uqname);</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span>} </span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">else</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">        </span>cur = xmlHashLookup3(table, name, </span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">, elem);</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">    </span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">return</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">(cur);</span></p>


<br></div><div>The LLVM pass will think that are indirect calls. I don't understand why.</div><div><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";text-decoration-style:initial;text-decoration-color:initial;margin:0px;color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       <span> </span></span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">if</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span> </span>(prefix !=<span> </span></span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">) xmlFree(prefix);</span></p><p class="gmail-p1" style="font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";text-decoration-style:initial;text-decoration-color:initial;margin:0px;color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span class="gmail-Apple-converted-space">       <span> </span></span></span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(205,121,35)">if</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"><span> </span>(uqname !=<span> </span></span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(195,55,32)">NULL</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">) xmlFree(uqname);</span></p>Some IR is below:</div><div><br></div><div>




<span></span>





<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Source Line:3285|Column:22|File:valid.c|IR:<span class="gmail-Apple-converted-space">  </span>%9 = load void (i8*)*, void (i8*)** @xmlFree, align 8, !dbg !12809, !tbaa !12786</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Source Line:3285|Column:22|File:valid.c|IR:<span class="gmail-Apple-converted-space">  </span>call void %9(i8* nonnull %8) #4, !dbg !12809</span></p>
<p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:normal;font-stretch:normal;font-size:12px;line-height:normal;font-family:"Andale Mono";color:rgb(40,254,20);background-color:rgba(0,0,0,0.9)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Source Line:3285|Column:22|File:valid.c|IR:<span class="gmail-Apple-converted-space">  </span>br label %"valid.c:3286:", !dbg !12809</span></p>


</div><div><br></div><div><br></div><div>If you need more information, please tell me. Many Thanks</div><div><br></div><div>Regards</div><div>Muhui</div><div><br></div></div>