Addjump

int Addjump(t_jmpdata *pdat,ulong from,ulong dest,int type);

Adds jump or call to the jump table. Each module has its own jump table that keeps the list of all recognized jumps and calls. Initially this table is filled by the Analyser. If plugin is able to detect additional branches, it may add them to the jump table, best of all while processing ODBG2_Pluginanalyse().

Note that dest may be 0, this means undefined jump/call destination (like in JMP EAX).

Usually many jumps or calls are added at once. To spare time, items are added to the end of the jump table and table is marked as unsorted. Functions that request jump data call Sortjumpdata() automatically. If table is long, this may take significant time, especially if queries for existing data and calls to Addjump() are interleaved. To reduce time spent on sorting, one may combine type with JT_NOSORT. Such jumps are excluded from the search either till the explicit call to Sortjumpdata() or till element without JT_NOSORT is added.


Parameters:

pdat
Input parameter, pointer to the descriptor of the jump table (structure of type t_jmpdata). It resides in the module descriptor. See t_module for details
from
Input parameter, address of the jump origin (first byte of the jump or call command) in the memory of the debugged application
dest
Input parameter, address of the jump or call destination. If destination is unknown or variable (as in JMP EAX), set dest to 0. If command has multiple fixed destinations, like table jump, add each destination separately
type
Input parameter, type of jump or call, may be set to one of the following constants:
JT_JUMP - unconditional jump (like JMP 0x00401234)
JT_COND - conditional jump (like JNZ 0x00401234)
JT_SWITCH - jump via switch table
JT_RET - return misused as jump (PUSH 0x00401234; RETN)
JT_CALL - call
JT_SWCALL - call via switch table
JT_NETJUMP - unconditional jump in CIL code
JT_NETCOND - conditional jump in CIL code
JT_NETSW - switch jump in CIL code
Additionally, type may be combined with the flag JT_NOSORT. See explanation above



Return values:

Returns 0 on success and -1 on error (new data is not added to the jump table).


Example:

int Addunconditionaljump(ulong from, ulong to) {
  t_jmpdata *pdat;
  t_module *pmod;
  pmod=Findmodule(from);
  if (pmod==NULL) return -1;
  pdat=pmod->jumps;
  return Addjump(pdat,from,to,JT_JUMP);
}



See also:
Analysis, t_jmp, t_jmpcall, t_jmpdata, t_module, Arelocaljumpscallstorange(), Findglobalcallsto(), Findglobaljumpscallsto(), Findjumpfrom(), Findlocaljumpscallsto(), Findlocaljumpsto(), Sortjumpdata()