def pfactory(**kwds): keys = 'length modrm imm reg'.split(' ') res = prop([(k, None) for k in keys]) for k,v in kwds.items(): res[k] = v return res
def decode(s): '''given an iterable s, return the next valid instruction''' s = iter(s) size = 0 keys = 'prefix opcode modrm sib disp imm size'.split(' ') res = prop([(k, None) for k in keys]) res['prefix'] = [] ## prefixes for x in range(4): v = s.next() size += 1 if ord(v) in prefix: res['prefix'].append(v) continue break ## rex prefixes # j/k ## opcode row = optable[ ord(v) ] opcode = str(v) if row[0] == '>': tbl = table[row[1]] v = s.next() row = tbl[ ord(v) ] opcode += v args = row[2] res['opcode'] = opcode ## modrm / sib if args['modrm']: res['modrm'] = s.next() mod,reg,rm = modrm(res['modrm']) size += 1 if mod < 3 and rm == 4: res['sib'] = True if mod == 0 and rm == 5: res['disp'] = 4 if mod == 1: res['disp'] = 1 if mod == 2: res['disp'] = 4 if res['sib']: res['sib'] = s.next() size += 1 ## displacement if res['disp']: length = res['disp'] res['disp'] = ''.join([x for i,x in zip(range(length), s)]) size += length ## immediate if args['imm']: length = args['length']( 0x66 not in res['prefix'] ) res['imm'] = ''.join([x for i,x in zip(range(length), s)]) size += length res['size'] = size return res
def decode(s): '''given an iterable s, return the next valid instruction''' s = iter(s) size = 0 keys = 'prefix opcode modrm sib disp imm size'.split(' ') res = prop([(k, None) for k in keys]) res['prefix'] = [] ## prefixes for x in range(4): v = s.next() size += 1 if ord(v) in prefix: res['prefix'].append(v) continue break ## rex prefixes # j/k ## opcode row = optable[ord(v)] opcode = str(v) if row[0] == '>': tbl = table[row[1]] v = s.next() row = tbl[ord(v)] opcode += v args = row[2] res['opcode'] = opcode ## modrm / sib if args['modrm']: res['modrm'] = s.next() mod, reg, rm = modrm(res['modrm']) size += 1 if mod < 3 and rm == 4: res['sib'] = True if mod == 0 and rm == 5: res['disp'] = 4 if mod == 1: res['disp'] = 1 if mod == 2: res['disp'] = 4 if res['sib']: res['sib'] = s.next() size += 1 ## displacement if res['disp']: length = res['disp'] res['disp'] = ''.join([x for i, x in zip(range(length), s)]) size += length ## immediate if args['imm']: length = args['length'](0x66 not in res['prefix']) res['imm'] = ''.join([x for i, x in zip(range(length), s)]) size += length res['size'] = size return res