Add support for multiple global pointer registers

Author: zznop

binaryninjaapi.h

@@ -8248,9 +8248,13 @@ namespace BinaryNinja {
 		std::vector<Ref<ExternalLocation>> GetExternalLocations();
 
 		Confidence<RegisterValue> GetGlobalPointerValue() const;
+		std::vector<std::pair<uint32_t, Confidence<RegisterValue>>> GetGlobalPointerValues() const;
+		std::vector<std::pair<uint32_t, Confidence<RegisterValue>>> GetDefaultGlobalPointerValues() const;
+		std::vector<std::pair<uint32_t, Confidence<RegisterValue>>> GetUserGlobalPointerValues() const;
 		bool UserGlobalPointerValueSet() const;
 		void ClearUserGlobalPointerValue();
 		void SetUserGlobalPointerValue(const Confidence<RegisterValue>& value);
+		void SetUserGlobalPointerValues(const std::vector<std::pair<uint32_t, Confidence<RegisterValue>>>& values);
 
 		std::optional<std::pair<std::string, BNStringType>> StringifyUnicodeData(Architecture* arch, const DataBuffer& buffer, bool nullTerminates = true, bool allowShortStrings = false);
 	};
@@ -13531,6 +13535,7 @@ namespace BinaryNinja {
 		std::vector<DisassemblyTextLine> GetTypeTokens(DisassemblySettings* settings = nullptr);
 
 		Confidence<RegisterValue> GetGlobalPointerValue() const;
+		std::vector<std::pair<uint32_t, Confidence<RegisterValue>>> GetGlobalPointerValues() const;
 		bool UsesIncomingGlobalPointer() const;
 		Confidence<RegisterValue> GetRegisterValueAtExit(uint32_t reg) const;
 
@@ -17822,6 +17827,7 @@ namespace BinaryNinja {
 		static uint32_t GetHighIntegerReturnValueRegisterCallback(void* ctxt);
 		static uint32_t GetFloatReturnValueRegisterCallback(void* ctxt);
 		static uint32_t GetGlobalPointerRegisterCallback(void* ctxt);
+		static uint32_t* GetGlobalPointerRegistersCallback(void* ctxt, size_t* count);
 
 		static uint32_t* GetImplicitlyDefinedRegistersCallback(void* ctxt, size_t* count);
 		static void GetIncomingRegisterValueCallback(
@@ -17867,6 +17873,7 @@ namespace BinaryNinja {
 		virtual uint32_t GetHighIntegerReturnValueRegister();
 		virtual uint32_t GetFloatReturnValueRegister();
 		virtual uint32_t GetGlobalPointerRegister();
+		virtual std::vector<uint32_t> GetGlobalPointerRegisters();
 
 		virtual std::vector<uint32_t> GetImplicitlyDefinedRegisters();
 		virtual RegisterValue GetIncomingRegisterValue(uint32_t reg, Function* func);
@@ -17901,6 +17908,7 @@ namespace BinaryNinja {
 		virtual uint32_t GetHighIntegerReturnValueRegister() override;
 		virtual uint32_t GetFloatReturnValueRegister() override;
 		virtual uint32_t GetGlobalPointerRegister() override;
+		virtual std::vector<uint32_t> GetGlobalPointerRegisters() override;
 
 		virtual std::vector<uint32_t> GetImplicitlyDefinedRegisters() override;
 		virtual RegisterValue GetIncomingRegisterValue(uint32_t reg, Function* func) override;

binaryninjacore.h

@@ -1314,6 +1314,12 @@ extern "C"
 		uint8_t confidence;
 	} BNRegisterValueWithConfidence;
 
+	typedef struct BNRegisterValueWithConfidenceAndRegister
+	{
+		uint32_t reg;
+		BNRegisterValueWithConfidence value;
+	} BNRegisterValueWithConfidenceAndRegister;
+
 	typedef struct BNValueRange
 	{
 		uint64_t start, end, step;
@@ -2875,6 +2881,7 @@ extern "C"
 		uint32_t (*getHighIntegerReturnValueRegister)(void* ctxt);
 		uint32_t (*getFloatReturnValueRegister)(void* ctxt);
 		uint32_t (*getGlobalPointerRegister)(void* ctxt);
+		uint32_t* (*getGlobalPointerRegisters)(void* ctxt, size_t* count);
 
 		uint32_t* (*getImplicitlyDefinedRegisters)(void* ctxt, size_t* count);
 		void (*getIncomingRegisterValue)(void* ctxt, uint32_t reg, BNFunction* func, BNRegisterValue* result);
@@ -4778,9 +4785,14 @@ extern "C"
 	BINARYNINJACOREAPI void BNFreeNameSpace(BNNameSpace* name);
 
 	BINARYNINJACOREAPI BNRegisterValueWithConfidence BNGetGlobalPointerValue(BNBinaryView* view);
+	BINARYNINJACOREAPI BNRegisterValueWithConfidenceAndRegister* BNGetGlobalPointerValues(BNBinaryView* view, size_t* count);
+	BINARYNINJACOREAPI BNRegisterValueWithConfidenceAndRegister* BNGetDefaultGlobalPointerValues(BNBinaryView* view, size_t* count);
+	BINARYNINJACOREAPI BNRegisterValueWithConfidenceAndRegister* BNGetUserGlobalPointerValues(BNBinaryView* view, size_t* count);
+	BINARYNINJACOREAPI void BNFreeRegisterValueWithConfidenceAndRegisterList(BNRegisterValueWithConfidenceAndRegister* values);
 	BINARYNINJACOREAPI bool BNUserGlobalPointerValueSet(BNBinaryView* view);
 	BINARYNINJACOREAPI void BNClearUserGlobalPointerValue(BNBinaryView* view);
 	BINARYNINJACOREAPI void BNSetUserGlobalPointerValue(BNBinaryView* view, BNRegisterValueWithConfidence value);
+	BINARYNINJACOREAPI void BNSetUserGlobalPointerValues(BNBinaryView* view, const BNRegisterValueWithConfidenceAndRegister* values, size_t count);
 
 	BINARYNINJACOREAPI bool BNStringifyUnicodeData(BNBinaryView* data, BNArchitecture* arch, const BNDataBuffer* buffer, bool nullTerminates, bool allowShortStrings, char** string, BNStringType* type);
 
@@ -5320,6 +5332,7 @@ extern "C"
 	    BNFunction* func, BNDisassemblySettings* settings, size_t* count);
 
 	BINARYNINJACOREAPI BNRegisterValueWithConfidence BNGetFunctionGlobalPointerValue(BNFunction* func);
+	BINARYNINJACOREAPI BNRegisterValueWithConfidenceAndRegister* BNGetFunctionGlobalPointerValues(BNFunction* func, size_t* count);
 	BINARYNINJACOREAPI bool BNFunctionUsesIncomingGlobalPointer(BNFunction* func);
 	BINARYNINJACOREAPI BNRegisterValueWithConfidence BNGetFunctionRegisterValueAtExit(BNFunction* func, uint32_t reg);
 
@@ -7623,6 +7636,7 @@ extern "C"
 	BINARYNINJACOREAPI uint32_t BNGetHighIntegerReturnValueRegister(BNCallingConvention* cc);
 	BINARYNINJACOREAPI uint32_t BNGetFloatReturnValueRegister(BNCallingConvention* cc);
 	BINARYNINJACOREAPI uint32_t BNGetGlobalPointerRegister(BNCallingConvention* cc);
+	BINARYNINJACOREAPI uint32_t* BNGetGlobalPointerRegisters(BNCallingConvention* cc, size_t* count);
 
 	BINARYNINJACOREAPI uint32_t* BNGetImplicitlyDefinedRegisters(BNCallingConvention* cc, size_t* count);
 	BINARYNINJACOREAPI BNRegisterValue BNGetIncomingRegisterValue(

binaryview.cpp

@@ -5800,6 +5800,43 @@ Confidence<RegisterValue> BinaryView::GetGlobalPointerValue() const
 }
 
 
+static vector<pair<uint32_t, Confidence<RegisterValue>>> ConvertGlobalPointerValues(
+	BNRegisterValueWithConfidenceAndRegister* values, size_t count)
+{
+	vector<pair<uint32_t, Confidence<RegisterValue>>> result;
+	result.reserve(count);
+	for (size_t i = 0; i < count; i++)
+		result.emplace_back(values[i].reg,
+			Confidence<RegisterValue>(RegisterValue::FromAPIObject(values[i].value.value), values[i].value.confidence));
+	BNFreeRegisterValueWithConfidenceAndRegisterList(values);
+	return result;
+}
+
+
+vector<pair<uint32_t, Confidence<RegisterValue>>> BinaryView::GetGlobalPointerValues() const
+{
+	size_t count;
+	BNRegisterValueWithConfidenceAndRegister* values = BNGetGlobalPointerValues(m_object, &count);
+	return ConvertGlobalPointerValues(values, count);
+}
+
+
+vector<pair<uint32_t, Confidence<RegisterValue>>> BinaryView::GetDefaultGlobalPointerValues() const
+{
+	size_t count;
+	BNRegisterValueWithConfidenceAndRegister* values = BNGetDefaultGlobalPointerValues(m_object, &count);
+	return ConvertGlobalPointerValues(values, count);
+}
+
+
+vector<pair<uint32_t, Confidence<RegisterValue>>> BinaryView::GetUserGlobalPointerValues() const
+{
+	size_t count;
+	BNRegisterValueWithConfidenceAndRegister* values = BNGetUserGlobalPointerValues(m_object, &count);
+	return ConvertGlobalPointerValues(values, count);
+}
+
+
 bool BinaryView::UserGlobalPointerValueSet() const
 {
 	return BNUserGlobalPointerValueSet(m_object);
@@ -5824,6 +5861,25 @@ void BinaryView::SetUserGlobalPointerValue(const Confidence<RegisterValue>& valu
 }
 
 
+void BinaryView::SetUserGlobalPointerValues(const vector<pair<uint32_t, Confidence<RegisterValue>>>& values)
+{
+	vector<BNRegisterValueWithConfidenceAndRegister> apiValues;
+	apiValues.reserve(values.size());
+	for (auto& [reg, value] : values)
+	{
+		BNRegisterValueWithConfidenceAndRegister v;
+		v.reg = reg;
+		v.value.confidence = value.GetConfidence();
+		v.value.value.value = value.GetValue().value;
+		v.value.value.state = value.GetValue().state;
+		v.value.value.size = value.GetValue().size;
+		v.value.value.offset = value.GetValue().offset;
+		apiValues.push_back(v);
+	}
+	BNSetUserGlobalPointerValues(m_object, apiValues.data(), apiValues.size());
+}
+
+
 optional<pair<string, BNStringType>> BinaryView::StringifyUnicodeData(Architecture* arch, const DataBuffer& buffer, bool nullTerminates, bool allowShortStrings)
 {
 	char* str = nullptr;

callingconvention.cpp

@@ -51,6 +51,7 @@ CallingConvention::CallingConvention(Architecture* arch, const string& name)
 	cc.getHighIntegerReturnValueRegister = GetHighIntegerReturnValueRegisterCallback;
 	cc.getFloatReturnValueRegister = GetFloatReturnValueRegisterCallback;
 	cc.getGlobalPointerRegister = GetGlobalPointerRegisterCallback;
+	cc.getGlobalPointerRegisters = GetGlobalPointerRegistersCallback;
 	cc.getImplicitlyDefinedRegisters = GetImplicitlyDefinedRegistersCallback;
 	cc.getIncomingRegisterValue = GetIncomingRegisterValueCallback;
 	cc.getIncomingFlagValue = GetIncomingFlagValueCallback;
@@ -216,6 +217,19 @@ uint32_t CallingConvention::GetGlobalPointerRegisterCallback(void* ctxt)
 }
 
 
+uint32_t* CallingConvention::GetGlobalPointerRegistersCallback(void* ctxt, size_t* count)
+{
+	CallbackRef<CallingConvention> cc(ctxt);
+	vector<uint32_t> regs = cc->GetGlobalPointerRegisters();
+	*count = regs.size();
+
+	uint32_t* result = new uint32_t[regs.size()];
+	for (size_t i = 0; i < regs.size(); i++)
+		result[i] = regs[i];
+	return result;
+}
+
+
 uint32_t* CallingConvention::GetImplicitlyDefinedRegistersCallback(void* ctxt, size_t* count)
 {
 	CallbackRef<CallingConvention> cc(ctxt);
@@ -372,6 +386,15 @@ uint32_t CallingConvention::GetGlobalPointerRegister()
 }
 
 
+vector<uint32_t> CallingConvention::GetGlobalPointerRegisters()
+{
+	uint32_t reg = GetGlobalPointerRegister();
+	if (reg == BN_INVALID_REGISTER)
+		return vector<uint32_t>();
+	return vector<uint32_t> { reg };
+}
+
+
 vector<uint32_t> CallingConvention::GetImplicitlyDefinedRegisters()
 {
 	return vector<uint32_t>();
@@ -533,6 +556,17 @@ uint32_t CoreCallingConvention::GetGlobalPointerRegister()
 }
 
 
+vector<uint32_t> CoreCallingConvention::GetGlobalPointerRegisters()
+{
+	size_t count;
+	uint32_t* regs = BNGetGlobalPointerRegisters(m_object, &count);
+	vector<uint32_t> result;
+	result.insert(result.end(), regs, &regs[count]);
+	BNFreeRegisterList(regs);
+	return result;
+}
+
+
 vector<uint32_t> CoreCallingConvention::GetImplicitlyDefinedRegisters()
 {
 	size_t count;

examples/triage/analysisinfo.cpp

@@ -44,11 +44,11 @@ AnalysisInfoWidget::~AnalysisInfoWidget()
 
 void AnalysisInfoWidget::timerExpired()
 {
-	auto gpValue = m_data->GetGlobalPointerValue();
-	if (gpValue == m_lastGPValue)
+	auto gpValues = m_data->GetGlobalPointerValues();
+	if (gpValues == m_lastGPValues)
 		return;
 
-	m_lastGPValue = gpValue;
+	m_lastGPValues = gpValues;
 	updateDisplay();
 }
 
@@ -61,14 +61,36 @@ void AnalysisInfoWidget::updateDisplay()
 		auto callingConvention = defaultPlatform->GetDefaultCallingConvention();
 		if (callingConvention)
 		{
-			auto gpRegister = callingConvention->GetGlobalPointerRegister();
-			if (gpRegister != BN_INVALID_REGISTER)
+			auto gpValues = m_data->GetGlobalPointerValues();
+			if (!gpValues.empty())
 			{
-				auto gpValue = m_data->GetGlobalPointerValue();
-				std::string gpString = getStringForRegisterValue(m_data->GetDefaultArchitecture(), gpValue);
-				std::string gpExtraString = std::string(" @ ") + m_data->GetDefaultArchitecture()->GetRegisterName(gpRegister);
+				std::vector<std::string> gpStrings;
+				auto arch = m_data->GetDefaultArchitecture();
+				for (auto& [reg, value] : gpValues)
+				{
+					if (reg == BN_INVALID_REGISTER)
+						continue;
+					gpStrings.push_back(arch->GetRegisterName(reg) + "=" + getStringForRegisterValue(arch, value));
+				}
+
+				if (gpStrings.empty())
+				{
+					m_gpLabel->setText("N/A");
+					m_gpExtraLabel->setText("");
+					return;
+				}
+
+				std::string gpString;
+				for (size_t i = 0; i < gpStrings.size(); i++)
+				{
+					if (i != 0)
+						gpString += ", ";
+					gpString += gpStrings[i];
+				}
+
+				std::string gpExtraString;
 				if (m_data->UserGlobalPointerValueSet())
-					gpExtraString += " (*)";
+					gpExtraString = " (*)";
 
 				m_gpLabel->setText(QString::fromStdString(gpString));
 				m_gpExtraLabel->setText(QString::fromStdString(gpExtraString));
@@ -78,4 +100,5 @@ void AnalysisInfoWidget::updateDisplay()
 	}
 
 	m_gpLabel->setText("N/A");
+	m_gpExtraLabel->setText("");
 }

examples/triage/analysisinfo.h

@@ -16,7 +16,7 @@ class AnalysisInfoWidget : public QWidget
 	NavigationAddressLabel* m_gpLabel;
 	QLabel* m_gpExtraLabel;
 
-	BinaryNinja::Confidence<BinaryNinja::RegisterValue> m_lastGPValue;
+	std::vector<std::pair<uint32_t, BinaryNinja::Confidence<BinaryNinja::RegisterValue>>> m_lastGPValues;
 
 	void updateDisplay();
 

function.cpp

@@ -2352,6 +2352,20 @@ Confidence<RegisterValue> Function::GetGlobalPointerValue() const
 }
 
 
+vector<pair<uint32_t, Confidence<RegisterValue>>> Function::GetGlobalPointerValues() const
+{
+	size_t count;
+	BNRegisterValueWithConfidenceAndRegister* values = BNGetFunctionGlobalPointerValues(m_object, &count);
+	vector<pair<uint32_t, Confidence<RegisterValue>>> result;
+	result.reserve(count);
+	for (size_t i = 0; i < count; i++)
+		result.emplace_back(values[i].reg,
+			Confidence<RegisterValue>(RegisterValue::FromAPIObject(values[i].value.value), values[i].value.confidence));
+	BNFreeRegisterValueWithConfidenceAndRegisterList(values);
+	return result;
+}
+
+
 bool Function::UsesIncomingGlobalPointer() const
 {
 	return BNFunctionUsesIncomingGlobalPointer(m_object);

python/binaryview.py

@@ -4200,6 +4200,34 @@ def global_pointer_value(self) -> 'variable.RegisterValue':
 		result = core.BNGetGlobalPointerValue(self.handle)
 		return variable.RegisterValue.from_BNRegisterValue(result, self.arch)
 
+	@property
+	def global_pointer_values(self) -> List[Tuple['architecture.RegisterName', 'variable.RegisterValue']]:
+		"""Discovered values of the global pointer registers, if the binary uses any (read-only)"""
+		return self._get_global_pointer_values(core.BNGetGlobalPointerValues)
+
+	@property
+	def default_global_pointer_values(self) -> List[Tuple['architecture.RegisterName', 'variable.RegisterValue']]:
+		"""Auto-discovered values of the global pointer registers before user overrides are applied (read-only)"""
+		return self._get_global_pointer_values(core.BNGetDefaultGlobalPointerValues)
+
+	@property
+	def user_global_pointer_values(self) -> List[Tuple['architecture.RegisterName', 'variable.RegisterValue']]:
+		"""User overrides for global pointer register values (read-only)"""
+		return self._get_global_pointer_values(core.BNGetUserGlobalPointerValues)
+
+	def _get_global_pointer_values(self, getter) -> List[Tuple['architecture.RegisterName', 'variable.RegisterValue']]:
+		count = ctypes.c_ulonglong()
+		values = getter(self.handle, count)
+		if values is None:
+			return []
+		try:
+			return [
+			    (self.arch.get_reg_name(values[i].reg), variable.RegisterValue.from_BNRegisterValue(values[i].value, self.arch))
+			    for i in range(count.value)
+			]
+		finally:
+			core.BNFreeRegisterValueWithConfidenceAndRegisterList(values)
+
 	@property
 	def user_global_pointer_value_set(self) -> bool:
 		"""Check whether a user global pointer value has been set"""
@@ -4255,6 +4283,23 @@ def set_user_global_pointer_value(self, value: variable.RegisterValue, confidenc
 		val.confidence = confidence
 		core.BNSetUserGlobalPointerValue(self.handle, val)
 
+	def set_user_global_pointer_values(self, values):
+		"""
+		Set user global pointer values for multiple registers.
+
+		:param list[tuple[str, variable.RegisterValue]] values: register name/value pairs
+		:return: None
+		:rtype: None
+		"""
+		api_values = (core.BNRegisterValueWithConfidenceAndRegister * len(values))()
+		for i, value in enumerate(values):
+			reg, reg_value = value[:2]
+			confidence = value[2] if len(value) > 2 else 255
+			api_values[i].reg = self.arch.get_reg_index(reg)
+			api_values[i].value.value = reg_value._to_core_struct()
+			api_values[i].value.confidence = confidence
+		core.BNSetUserGlobalPointerValues(self.handle, api_values, len(values))
+
 	@property
 	def parameters_for_analysis(self):
 		return core.BNGetParametersForAnalysis(self.handle)