def get_instruction_info(self, data, addr):
info = InstructionInfo()
info.add_branch(BranchType.TrueBranch, addr +
self.imm6 + 4)
info.add_branch(BranchType.FalseBranch, addr + self.length)
info.length = self.length
return info
def get_instruction_info(self, data, addr):
opcode, offset, value, length = self.parse_instruction(data, addr)
info = InstructionInfo()
info.length = length
if opcodes[opcode] == 'hlt':
info.add_branch(BranchType.FunctionReturn)
return info
def perform_get_instruction_info(self, data, addr):
instr, src, src_op, dst, dst_op, src_value, dst_value, length = self.decode_instruction(
data, addr)
res = InstructionInfo()
res.length = length
if instr in {'ret'}:
res.add_branch(BranchType.FunctionReturn)
elif instr in BRANCH_INSTRUCTIONS:
res.add_branch(BranchType.TrueBranch, dst_value)
res.add_branch(BranchType.FalseBranch, addr + 16)
elif instr == 'jsra':
res.add_branch(BranchType.CallDestination, dst_value)
elif instr == "jmpa":
res.add_branch(BranchType.UnconditionalBranch, dst_value)
return res
def get_instruction_info(self, data, addr):
opcode, length = self.parse_instruction(data, addr)
info = InstructionInfo()
info.length = length
if opcodes[opcode] == 'Close':
info.add_branch(BranchType.UnresolvedBranch)
info.add_branch(BranchType.FalseBranch, addr + 1)
elif opcodes[opcode] == 'Open':
info.add_branch(BranchType.TrueBranch, addr + 1)
info.add_branch(BranchType.UnresolvedBranch)
return info
def get_instruction_info(self, data, addr):
instruction = disassemble_one(data, addr)
result = InstructionInfo()
result.length = instruction.size
if instruction.name == "JUMP":
result.add_branch(BranchType.UnresolvedBranch)
elif instruction.name == "JUMPI":
result.add_branch(BranchType.UnresolvedBranch)
result.add_branch(BranchType.FalseBranch, addr + 1)
elif instruction.name in ('RETURN', 'REVERT', 'SUICIDE', 'INVALID',
'STOP', 'SELFDESTRUCT'):
result.add_branch(BranchType.FunctionReturn)
return result
def get_instruction_info(self, data, addr):
instr = self.disassembler.decode(data, addr)
if instr is None:
return None
result = InstructionInfo()
result.length = instr.size
dest = addr + instr.imm
if instr.name == 'ret':
result.add_branch(BranchType.FunctionReturn)
elif instr.name in branch_ins:
result.add_branch(BranchType.TrueBranch, dest)
result.add_branch(BranchType.FalseBranch, addr + 4)
elif instr.name in direct_call_ins:
result.add_branch(BranchType.CallDestination, dest)
elif instr.name in indirect_call_ins:
result.add_branch(BranchType.UnresolvedBranch)
return result
def get_instruction_info(self, data, addr):
if self.get_reg1(data) == self.get_reg2(data):
# unconditional
info = InstructionInfo()
info.add_branch(BranchType.UnconditionalBranch, self.get_imm(data))
info.length = self.length
return info
else:
# conditional
info = InstructionInfo()
info.add_branch(BranchType.TrueBranch, self.get_imm(data))
info.add_branch(BranchType.FalseBranch, addr + 5)
info.length = self.length
return info
def perform_get_instruction_info(self, data, addr):
instr, _, _, _, _, _, length, src_value, _ = self.decode_instruction(
data, addr)
if instr is None:
return None
result = InstructionInfo()
result.length = length
# Add branches
if instr in ['ret', 'reti']:
result.add_branch(BranchType.FunctionReturn)
elif instr in ['jmp', 'br'] and src_value is not None:
result.add_branch(BranchType.UnconditionalBranch, src_value)
elif instr in TYPE3_INSTRUCTIONS:
result.add_branch(BranchType.TrueBranch, src_value)
result.add_branch(BranchType.FalseBranch, addr + 2)
elif instr == 'call' and src_value is not None:
result.add_branch(BranchType.CallDestination, src_value)
return result
def perform_get_instruction_info(self, data, addr):
# If we can't decode an instruction return None
if len(data) < 12:
return None
# Unpack our operands from the data
a, b, c = struct.unpack('<3I', data[:12])
# Create the InstructionInfo object for our instruction
res = InstructionInfo()
res.length = 12
if c != 0:
if b == a:
# Unconditional branch jumps to integer index c
res.add_branch(BranchType.UnconditionalBranch, c * 4)
else:
# True branch jumps to integer index c
res.add_branch(BranchType.TrueBranch, c * 4)
# False branch continues to next instruction
res.add_branch(BranchType.FalseBranch, addr + 12)
return res
def perform_get_instruction_info(self, data, addr):
instruction, opcode = self.retrieve_instruction(data)
if not instruction:
return
result = InstructionInfo()
result.length = self.address_size
inst_name = instruction.name
if inst_name in ('bi', 'iret'):
result.add_branch(FunctionReturn)
elif inst_name in ('brsl', 'brasl'):
branch_addr, _ = instruction.decode(opcode, addr)
result.add_branch(CallDestination, branch_addr)
elif inst_name == ('bisl', 'biz', 'binz', 'bihnz', 'bisled'):
_, ra, _ = instruction.decode(opcode, addr)
result.add_branch(IndirectBranch, ra)
elif inst_name in ('brz', 'brnz', 'brhz', 'brhnz'):
branch_addr, _ = instruction.decode(opcode, addr)
result.add_branch(TrueBranch, branch_addr)
result.add_branch(FalseBranch, addr + self.address_size)
elif inst_name in ('br', 'bra'):
branch_addr, _ = instruction.decode(opcode, addr)
result.add_branch(UnconditionalBranch, branch_addr)
return result
def branch_jsr_n(insn, result: InstructionInfo):
result.add_branch(BranchType.IndirectBranch)
def branch_bsr(insn, result: InstructionInfo):
result.add_branch(BranchType.CallDestination,
insn.opcode["args"][0].val)
def get_instruction_info(self, data, addr):
instr_obj = self.decode_instruction(data, addr)
if not instr_obj:
return None
result = InstructionInfo()
result.length = instr_obj.length
instr_name = instr_obj.getName()
# TODO: update this properly
# Add branches
if instr_name in ['ret', 'end']:
result.add_branch(BranchType.FunctionReturn)
elif instr_name.startswith('jmp'):
result.add_branch(BranchType.UnconditionalBranch,
instr_obj.dst_value)
elif instr_name in BRANCH_INSTRUCTIONS:
result.add_branch(BranchType.TrueBranch, instr_obj.dst_value)
result.add_branch(BranchType.FalseBranch, addr + instr_obj.length)
elif instr_name == 'call':
result.add_branch(BranchType.CallDestination, instr_obj.dst_value)
elif instr_name == 'syscall':
result.add_branch(BranchType.SystemCall)
return result
def get_instruction_info(self, data, addr):
try:
(_, inst_length, _, inst_type, mode,
value) = M6800._decode_instruction(data, addr)
except LookupError as error:
log_error(error.__str__())
return None
inst = InstructionInfo()
inst.length = inst_length
if inst_type == InstructionType.CONDITIONAL_BRANCH:
if mode == AddressMode.INDEXED:
inst.add_branch(BranchType.UnresolvedBranch)
else:
inst.add_branch(BranchType.TrueBranch, value)
inst.add_branch(BranchType.FalseBranch, addr + inst_length)
elif inst_type == InstructionType.UNCONDITIONAL_BRANCH:
if mode == AddressMode.INDEXED:
inst.add_branch(BranchType.UnresolvedBranch)
else:
inst.add_branch(BranchType.UnconditionalBranch, value)
elif inst_type == InstructionType.CALL:
if mode == AddressMode.INDEXED:
inst.add_branch(BranchType.UnresolvedBranch)
else:
inst.add_branch(BranchType.CallDestination, value)
elif inst_type == InstructionType.RETURN:
inst.add_branch(BranchType.FunctionReturn)
return inst
def branch_bf(insn, result: InstructionInfo, size=ISIZE):
result.add_branch(BranchType.TrueBranch, insn.opcode["args"][0].val)
result.add_branch(BranchType.FalseBranch, insn.addr + size)
def get_instruction_info(self, data, addr):
info = InstructionInfo()
info.add_branch(BranchType.FunctionReturn)
info.length = self.length
return info
def get_instruction_info(self, data, addr):
ffi = self.ffi
libvle = self.libvle
# vle_handle = self.vle_handle
vle_handle = self.ffi.new('vle_handle*')
# vle_handle = ffi.new('vle_handle*')
vle_instr = ffi.new('vle_t*')
data_len = len(data[0:4])
data_buf = ffi.new('char[]', data[0:4])
return_code = libvle.vle_init(vle_handle, data_buf, data_len)
decoding_success = libvle.vle_next(vle_handle, vle_instr);
if not decoding_success or vle_instr.name == ffi.NULL or vle_instr.op_type == libvle.OP_TYPE_ILL:
return None
result = InstructionInfo()
result.length = vle_instr.size
if vle_instr.op_type == libvle.OP_TYPE_JMP:
result.add_branch(BranchType.UnconditionalBranch, (vle_instr.fields[0].value + addr) & 0xffffffff)
elif vle_instr.op_type == libvle.OP_TYPE_CJMP:
if vle_instr.fields[0].type == libvle.TYPE_JMP:
result.add_branch(BranchType.TrueBranch, (vle_instr.fields[0].value + addr) & 0xffffffff)
result.add_branch(BranchType.FalseBranch, result.length + addr)
elif vle_instr.fields[0].type == libvle.TYPE_CR:
result.add_branch(BranchType.TrueBranch, (vle_instr.fields[1].value + addr) & 0xffffffff)
result.add_branch(BranchType.FalseBranch, result.length + addr)
else:
return None
elif vle_instr.op_type == libvle.OP_TYPE_CALL:
target = (vle_instr.fields[0].value + addr) & 0xffffffff
if target != addr + vle_instr.size:
result.add_branch(BranchType.CallDestination, target)
elif vle_instr.op_type == libvle.OP_TYPE_CCALL:
result.add_branch(BranchType.FalseBranch, result.length + addr)
result.add_branch(BranchType.CallDestination, (vle_instr.fields[0].value + addr) & 0xffffffff)
elif vle_instr.op_type == libvle.OP_TYPE_RCALL:
result.add_branch(BranchType.IndirectBranch)
elif vle_instr.op_type == libvle.OP_TYPE_RJMP:
result.add_branch(BranchType.IndirectBranch)
elif vle_instr.op_type == libvle.OP_TYPE_RET:
result.add_branch(BranchType.FunctionReturn)
elif vle_instr.op_type == libvle.OP_TYPE_SWI:
result.add_branch(BranchType.SystemCall)
elif vle_instr.op_type == libvle.OP_TYPE_TRAP:
result.add_branch(BranchType.FunctionReturn)
# 0x18211100
# 1d53a: 18 21 11 00 e_stmvsprw 0(r1)
# 1d53e: 18 81 11 10 e_stmvsrrw 16(r1)
# 1d5a4: 18 81 10 10 e_ldmvsrrw 16(r1)
# 1d5a8: 18 21 10 00 e_ldmvsprw 0(r1)
return result
def branch_rtv_n(insn, result: InstructionInfo):
result.add_branch(BranchType.FunctionReturn)
def get_instruction_info(self, data, addr):
info = InstructionInfo()
info.add_branch(BranchType.CallDestination, self.get_imm(data))
info.length = self.length
return info
def branch_bra(insn, result: InstructionInfo):
result.add_branch(BranchType.UnconditionalBranch,
insn.opcode["args"][0].val)
def perform_get_instruction_info(self, data, addr):
reader = BitReader16(BytestringReader(data))
try:
ins = disassemble(reader)
except InvalidMachineCodeException as e:
log_error("InvalidMachineCodeException at address: " + hex(addr) +
" {0}".format(e))
return None
insInfo = InstructionInfo()
insInfo.length = reader.nytes_read() * 2
op = ins.mnemonic
if op in ['re', 'ht']:
insInfo.add_branch(BranchType.FunctionReturn)
elif op in ['b', 'brr']:
# relative direct unconditional
insInfo.add_branch(BranchType.UnconditionalBranch,
addr + 2 * ins.op1.value)
elif op in [
'bn', 'be', 'bl', 'ble', 'bg', 'bge', 'bno', 'bo', 'bns', 'bs',
'bsl', 'bsle', 'bsg', 'bsge'
]:
# relative direct conditional
insInfo.add_branch(BranchType.TrueBranch, addr + 2 * ins.op1.value)
insInfo.add_branch(BranchType.FalseBranch, addr + insInfo.length)
elif op == 'br':
# absolute indirect unconditonal
insInfo.add_branch(BranchType.IndirectBranch)
elif op in [
'brn', 'bre', 'brl', 'brle', 'brg', 'brge', 'brno', 'bro',
'brns', 'brs', 'brsl', 'brsle', 'brsg', 'brsge'
]:
# absolute indirect conditonal
insInfo.add_branch(BranchType.TrueBranch)
insInfo.add_branch(BranchType.FalseBranch, addr + insInfo.length)
elif op == 'bra':
# absolute direct
insInfo.add_branch(BranchType.UnconditionalBranch,
2 * ins.op1.value)
elif op in ['c', 'car']:
# relative direct unconditional
insInfo.add_branch(BranchType.CallDestination,
addr + 2 * ins.op1.value)
elif op in [
'cn', 'ce', 'cl', 'cle', 'cg', 'cge', 'cno', 'co', 'cns', 'cs',
'csl', 'csle', 'csg', 'csge'
]:
# relative direct conditional
insInfo.add_branch(BranchType.CallDestination,
addr + 2 * ins.op1.value)
#insInfo.add_branch(BranchType.TrueBranch, addr + 2 * ins.op1.value)
insInfo.add_branch(BranchType.FalseBranch, addr + insInfo.length)
elif op == 'caa':
insInfo.add_branch(BranchType.CallDestination, 2 * ins.op1.value)
elif op == 'cr':
insInfo.add_branch(BranchType.CallDestination)
elif op in [
'crn', 'cre', 'crl', 'crle', 'crg', 'crge', 'crno', 'cro',
'crns', 'crs', 'crsl', 'crsle', 'crsg', 'crsge'
]:
insInfo.add_branch(BranchType.CallDestination)
insInfo.add_branch(BranchType.FalseBranch, addr + insInfo.length)
return insInfo
def get_instruction_info(self, data, addr):
info = InstructionInfo()
info.add_branch(BranchType.UnconditionalBranch)
info.length = self.length
return info
def get_instruction_info(self, data, addr):
info = InstructionInfo()
addr_calc = addr + twos_comp(self.offset, 18) + 4
info.add_branch(BranchType.UnconditionalBranch, addr_calc)
info.length = self.length
return info
def perform_get_instruction_info(self, data, addr):
instr, _, _, _, _, dst, length, src_value, _ = self.decode_instruction(
data, addr)
if instr is None:
return None
result = InstructionInfo()
result.length = length
if instr == 'ret':
result.add_branch(BranchType.FunctionReturn)
elif instr == 'reti':
result.add_branch(BranchType.FunctionReturn)
elif instr == 'call':
result.add_branch(BranchType.CallDestination, dst * 2)
elif instr == 'rcall':
result.add_branch(BranchType.CallDestination,
addr + dst * 2 + 1 * 2)
elif instr == 'jmp':
result.add_branch(BranchType.UnconditionalBranch, dst * 2)
elif instr == 'rjmp':
result.add_branch(BranchType.UnconditionalBranch,
addr + dst * 2 + 1 * 2)
elif (instr == 'breq' or instr == 'brne' or instr == 'brcs'
or instr == 'brcc' or instr == 'brsh' or instr == 'brlo'
or instr == 'brmi' or instr == 'brpl' or instr == 'brge'
or instr == 'brlt' or instr == 'brhs' or instr == 'brhc'
or instr == 'brts' or instr == 'brtc' or instr == 'brvs'
or instr == 'brvc' or instr == 'brie' or instr == 'brid'):
result.add_branch(BranchType.TrueBranch, addr + dst * 2 + 1 * 2)
result.add_branch(BranchType.FalseBranch, addr + 1 * 2)
elif (instr == 'brbs' or instr == 'brbc'):
result.add_branch(BranchType.TrueBranch, addr + dst * 2 + 1 * 2)
result.add_branch(BranchType.FalseBranch, addr + 1 * 2)
elif (instr == 'cpse' or instr == 'sbrc' or instr == 'sbrs'
or instr == 'sbic' or instr == 'sbis'):
result.add_branch(BranchType.TrueBranch, addr + 2 * 2)
result.add_branch(BranchType.FalseBranch, addr + 1 * 2)
elif (instr == 'icall' or instr == 'ijmp'):
result.add_branch(BranchType.IndirectBranch)
#TODO
return result