#-*- coding:utf-8 -*- from builtins import range from miasm.expression.expression import ExprId from miasm.core.cpu import gen_reg, gen_regs exception_flags = ExprId('exception_flags', 32) interrupt_num = ExprId('interrupt_num', 32) gpregs32_str = ["W%d" % i for i in range(0x1f)] + ["WSP"] gpregs32_expr, gpregs32_init, gpregs32_info = gen_regs(gpregs32_str, globals(), 32) gpregs64_str = ["X%d" % i for i in range(0x1E)] + ["LR", "SP"] gpregs64_expr, gpregs64_init, gpregs64_info = gen_regs(gpregs64_str, globals(), 64) gpregsz32_str = ["W%d" % i for i in range(0x1f)] + ["WZR"] gpregsz32_expr, gpregsz32_init, gpregsz32_info = gen_regs( gpregsz32_str, globals(), 32) gpregsz64_str = ["X%d" % i for i in range(0x1e)] + ["LR", "XZR"] gpregsz64_expr, gpregsz64_init, gpregsz64_info = gen_regs( gpregsz64_str, globals(), 64) cr_str = ["c%d" % i for i in range(0xf)] cr_expr, cr_init, cr_info = gen_regs(cr_str, globals(), 32) simd08_str = ["B%d" % i for i in range(0x20)] simd08_expr, simd08_init, simd08_info = gen_regs(simd08_str, globals(), 8)
from miasm.expression.expression import ExprId from miasm.core.cpu import gen_regs # Used by internal miasm exceptions exception_flags = ExprId("exception_flags", 32) exception_flags_init = ExprId("exception_flags_init", 32) # General-purpose registers (R0 - R3) names gpr_names = ["R%d" % r for r in range(4)] # register names gpr_exprs, gpr_inits, gpr_infos = gen_regs(gpr_names, globals()) # sz=32 bits (default) csr_names = ["PC", "SP", "QP"] csr_exprs, csr_inits, csr_infos = gen_regs(csr_names, globals()) PC = csr_exprs[0] SP = csr_exprs[1] QP = csr_exprs[2] PC_init = csr_inits[0] SP_init = csr_inits[1] QP_init = csr_inits[2] # Set registers initial values all_regs_ids = gpr_exprs + csr_exprs + [exception_flags] all_regs_ids_init = gpr_inits + csr_inits + [exception_flags_init] all_regs_ids_no_alias = all_regs_ids[:] all_regs_ids_byname = dict([(x.name, x) for x in all_regs_ids]) regs_init = dict() # mandatory name for i, r in enumerate(all_regs_ids): regs_init[r] = all_regs_ids_init[i]
R_HI_init = ExprId('R_HI_init', 32) cpr0_str = ["CPR0_%d"%x for x in range(0x100)] cpr0_str[0] = "INDEX" cpr0_str[16] = "ENTRYLO0" cpr0_str[24] = "ENTRYLO1" cpr0_str[40] = "PAGEMASK" cpr0_str[72] = "COUNT" cpr0_str[80] = "ENTRYHI" cpr0_str[104] = "CAUSE" cpr0_str[112] = "EPC" cpr0_str[128] = "CONFIG" cpr0_str[152] = "WATCHHI" regs_cpr0_expr, regs_cpr0_init, regs_cpr0_info = gen_regs(cpr0_str, globals()) gpregs_expr, gpregs_init, gpregs = gen_regs(regs32_str, globals()) regs_flt_expr, regs_flt_init, fltregs = gen_regs(regs_flt_str, globals(), sz=64) regs_fcc_expr, regs_fcc_init, fccregs = gen_regs(regs_fcc_str, globals()) all_regs_ids = [PC, PC_FETCH, R_LO, R_HI, exception_flags] + gpregs_expr + regs_flt_expr + \ regs_fcc_expr + regs_cpr0_expr all_regs_ids_byname = dict([(x.name, x) for x in all_regs_ids]) all_regs_ids_init = [ExprId("%s_init" % reg.name, reg.size) for reg in all_regs_ids] all_regs_ids_no_alias = all_regs_ids[:] attrib_to_regs = { 'l': all_regs_ids_no_alias, 'b': all_regs_ids_no_alias,
cpr0_str[121] = "EBASE" cpr0_str[128] = "CONFIG" cpr0_str[129] = "CONFIG1" cpr0_str[130] = "CONFIG2" cpr0_str[131] = "CONFIG3" cpr0_str[132] = "CONFIG4" cpr0_str[133] = "CONFIG5" cpr0_str[152] = "WATCHHI" cpr0_str[250] = "KSCRATCH0" cpr0_str[251] = "KSCRATCH1" cpr0_str[252] = "KSCRATCH2" cpr0_str[253] = "KSCRATCH3" cpr0_str[254] = "KSCRATCH4" cpr0_str[255] = "KSCRATCH5" regs_cpr0_expr, regs_cpr0_init, regs_cpr0_info = gen_regs(cpr0_str, globals()) gpregs_expr, gpregs_init, gpregs = gen_regs(regs32_str, globals()) regs_flt_expr, regs_flt_init, fltregs = gen_regs(regs_flt_str, globals(), sz=64) regs_fcc_expr, regs_fcc_init, fccregs = gen_regs(regs_fcc_str, globals()) all_regs_ids = [PC, PC_FETCH, R_LO, R_HI, exception_flags] + gpregs_expr + regs_flt_expr + \ regs_fcc_expr + regs_cpr0_expr all_regs_ids_byname = dict([(x.name, x) for x in all_regs_ids]) all_regs_ids_init = [ ExprId("%s_init" % reg.name, reg.size) for reg in all_regs_ids ] all_regs_ids_no_alias = all_regs_ids[:]
from miasm.core.cpu import gen_reg, gen_regs exception_flags = ExprId('exception_flags', 32) spr_access = ExprId('spr_access', 32) reserve = ExprId('reserve', 1) reserve_address = ExprId('reserve_address', 32) SPR_ACCESS_IS_WRITE = 0x80000000 SPR_ACCESS_SPR_MASK = 0x000003FF SPR_ACCESS_SPR_OFF = 0 SPR_ACCESS_GPR_MASK = 0x0001F000 SPR_ACCESS_GPR_OFF = 12 gpregs_str = ["R%d" % i for i in range(32)] gpregs_expr, gpregs_init, gpregs = gen_regs(gpregs_str, globals(), 32) crfregs_str = ["CR%d" % i for i in range(8)] crfregs_expr, crfregs_init, crfregs = gen_regs(crfregs_str, globals(), 4) crfbitregs_str = [ "CR%d_%s" % (i, flag) for i in range(8) for flag in ['LT', 'GT', 'EQ', 'SO'] ] crfbitregs_expr, crfbitregs_init, crfbitregs = gen_regs( crfbitregs_str, globals(), 1) xerbitregs_str = ["XER_%s" % field for field in ['SO', 'OV', 'CA']] xerbitregs_expr, xerbitregs_init, xerbitregs = gen_regs( xerbitregs_str, globals(), 1)
exception_flags_init = ExprId("exception_flags_init", 32) is_repeat_end = ExprId("is_repeat_end", 32) is_repeat_end_init = ExprId("is_repeat_end_init", 32) last_addr = ExprId("last_addr", 32) last_addr_init = ExprId("last_addr_init", 32) take_jmp = ExprId("take_jmp", 32) take_jmp_init = ExprId("take_jmp_init", 32) in_erepeat = ExprId("in_erepeat", 32) in_erepeat_init = ExprId("take_jmp_init", 32) # General-purpose registers (R0 to R15) names gpr_names = ["R%d" % r for r in range(13)] # register names gpr_names += ["TP", "GP", "SP"] # according to the manual GP does not exist gpr_exprs, gpr_inits, gpr_infos = gen_regs(gpr_names, globals()) # sz=32 bits (default) # Notes: # - gpr_exprs: register ExprIds on 32 bits. The size is important for # symbolic execution. # - gpr_inits: register initial values. # - gpr_infos: object that binds names & ExprIds # Define aliases to general-purpose registers TP = gpr_exprs[13] # Tiny data area Pointer GP = gpr_exprs[14] # Global Pointer SP = gpr_exprs[15] # Stack Pointer # Control/special registers name csr_names = ["PC", "LP", "SAR", "S3", "RPB", "RPE", "RPC", "HI", "LO",
"HCR", "HDCR", "HCPTR", "HSTR", "HACR", "TTBR0", "TTBR1", "TTBCR", "HTCR", "VTCR", "DACR", "DFSR", "IFSR", "ADFSR", "AIFSR", "HADFSR", "HAIFSR", "HSR", "DFAR", "IFAR", "HDFAR", "HIFAR", "HPFAR", "ICIALLUIS", "BPIALLIS", "PAR", "ICIALLU", "ICIMVAU", "CP15ISB", "BPIALL", "BPIMVA", "DCIMVAC", "DCISW", "ATS1CPR", "ATS1CPW", "ATS1CUR", "ATS1CUW", "ATS12NSOPR", "ATS12NSOPW", "ATS12NSOUR", "ATS12NSOUW", "DCCMVAC", "DCCSW", "CP15DSB", "CP15DMB", "DCCMVAU", "DCCIMVAC", "DCCISW", "ATS1HR", "ATS1HW", "TLBIALLIS", "TLBIMVAIS", "TLBIASIDIS", "TLBIMVAAIS", "ITLBIALL", "ITLBIMVA", "ITLBIASID", "DTLBIALL", "DTLBIMVA", "DTLBIASID", "TLBIALL", "TLBIMVA", "TLBIASID", "TLBIMVAA", "TLBIALLHIS", "TLBIMVAHIS", "TLBIALLNSNHIS", "TLBIALLH", "TLBIMVAH", "TLBIALLNSNH", "PMCR", "PMCNTENSET", "PMCNTENCLR", "PMOVSR", "PMSWINC", "PMSELR", "PMCEID0", "PMCEID1", "PMCCNTR", "PMXEVTYPER", "PMXEVCNTR", "PMUSERENR", "PMINTENSET", "PMINTENCLR", "PMOVSSET", "PRRR", "NMRR", "AMAIR0", "AMAIR1", "HMAIR0", "HMAIR1", "HAMAIR0", "HAMAIR1", "VBAR", "MVBAR", "ISR", "HVBAR", "FCSEIDR", "CONTEXTIDR", "TPIDRURW", "TPIDRURO", "TPIDRPRW", "HTPIDR", "CNTFRQ", "CNTKCTL", "CNTP_TVAL", "CNTP_CTL", "CNTV_TVAL", "CNTV_CTL", "CNTHCTL", "CNTHP_TVAL", "CNTHP_CTL" ] coproc_reg_expr, coproc_reg_init, coproc_reg_info = gen_regs( coproc_reg_str, globals(), 32) all_regs_ids = all_regs_ids + coproc_reg_expr all_regs_ids_byname.update(dict([(x.name, x) for x in coproc_reg_expr])) all_regs_ids_init = all_regs_ids_init + coproc_reg_init for i, r in enumerate(coproc_reg_expr): regs_init[r] = coproc_reg_init[i] regs_flt_expr = []
# 00000054 r19_ dd ? # 00000058 bytecode_base dq ? # 00000060 vm_mem dq ? # 00000068 vm_mem_next_ptr dq ? # 00000070 rom dq ? # 00000078 rom_ptr dq ? # 00000080 loop_status dd ? # 00000084 exit_code dd ? # 00000088 put_flag db ? # 00000089 vm_context ends reg_names32 = [ "R0", "R1", "R2", "R3", "R4", "R5", "R6", "PC", "VM_MEM_PTR", "LR", "R10", "R11", "SP", "R13", "R14", "R15", "R16", "R17", "R18", "R19" ] reg_exprs, reg_inits, reg_infos = gen_regs(reg_names32, globals()) # sz=32 bits (default) extra_names64 = ["BYTECODE_BASE", "VM_MEM", "ROM", "ROM_PTR"] extra_exprs, extra_inits, extra_infos = gen_regs(extra_names64, globals(), 64) vmnp_expr, vmnp_inits, vmnp_infos = gen_regs(["VM_MEM_NEXT_PTR"], globals()) all_regs_ids = reg_exprs + extra_exprs + vmnp_expr + [exception_flags] all_regs_ids_init = reg_inits + extra_inits + vmnp_inits + [ exception_flags_init ] all_regs_ids_no_alias = all_regs_ids[:] all_regs_ids_byname = dict([(x.name, x) for x in all_regs_ids]) regs_init = dict() # mandatory name
#-*- coding:utf-8 -*- from builtins import range from miasm.expression.expression import ExprId from miasm.core.cpu import gen_reg, gen_regs exception_flags = ExprId('exception_flags', 32) interrupt_num = ExprId('interrupt_num', 32) gpregs32_str = ["W%d" % i for i in range(0x1f)] + ["WSP"] gpregs32_expr, gpregs32_init, gpregs32_info = gen_regs( gpregs32_str, globals(), 32) gpregs64_str = ["X%d" % i for i in range(0x1E)] + ["LR", "SP"] gpregs64_expr, gpregs64_init, gpregs64_info = gen_regs( gpregs64_str, globals(), 64) gpregsz32_str = ["W%d" % i for i in range(0x1f)] + ["WZR"] gpregsz32_expr, gpregsz32_init, gpregsz32_info = gen_regs( gpregsz32_str, globals(), 32) gpregsz64_str = ["X%d" % i for i in range(0x1e)] + ["LR", "XZR"] gpregsz64_expr, gpregsz64_init, gpregsz64_info = gen_regs( gpregsz64_str, globals(), 64) cr_str = ["c%d" % i for i in range(0xf)] cr_expr, cr_init, cr_info = gen_regs(cr_str, globals(), 32)
from miasm.core.cpu import gen_reg, gen_regs exception_flags = ExprId('exception_flags', 32) spr_access = ExprId('spr_access', 32) reserve = ExprId('reserve', 1) reserve_address = ExprId('reserve_address', 32) SPR_ACCESS_IS_WRITE = 0x80000000 SPR_ACCESS_SPR_MASK = 0x000003FF SPR_ACCESS_SPR_OFF = 0 SPR_ACCESS_GPR_MASK = 0x0001F000 SPR_ACCESS_GPR_OFF = 12 gpregs_str = ["R%d" % i for i in range(32)] gpregs_expr, gpregs_init, gpregs = gen_regs(gpregs_str, globals(), 32) crfregs_str = ["CR%d" % i for i in range(8)] crfregs_expr, crfregs_init, crfregs = gen_regs(crfregs_str, globals(), 4) crfbitregs_str = ["CR%d_%s" % (i, flag) for i in range(8) for flag in ['LT', 'GT', 'EQ', 'SO'] ] crfbitregs_expr, crfbitregs_init, crfbitregs = gen_regs(crfbitregs_str, globals(), 1) xerbitregs_str = ["XER_%s" % field for field in ['SO', 'OV', 'CA'] ] xerbitregs_expr, xerbitregs_init, xerbitregs = gen_regs(xerbitregs_str, globals(), 1) xerbcreg_str = ["XER_BC"] xerbcreg_expr, xerbcreg_init, xerbcreg = gen_regs(xerbcreg_str,