def base(self):
"""The value of the base register if operand is a displacement."""
if not self.has_phrase:
return None
base_reg = utils.reg2str(utils.x86_base_reg(self._insn, self._op))
value = self._cpu_context.registers[base_reg]
return utils.signed(value, utils.get_bits())
def _calc_displacement(self):
"""
Calculate the displacement offset of the operand's text.
e.g:
word ptr [rdi+rbx]
:return int: calculated value
"""
size = 8 if idc.__EA64__ else 4
insn = idaapi.insn_t()
idaapi.decode_insn(insn, self.ip)
op = insn.ops[self.idx]
offset = utils.signed(op.addr, utils.get_bits())
scale = utils.sib_scale(op)
base_reg = utils.x86_base_reg(insn, op)
indx_reg = utils.x86_index_reg(insn, op)
base_val = self._cpu_context.registers[utils.reg2str(base_reg, size)]
indx_val = self._cpu_context.registers[utils.reg2str(
indx_reg, size)] if indx_reg != -1 else 0
result = base_val + indx_val * scale + offset
logger.debug("calc_displacement :: Displacement {} -> {}".format(
self.text, result))
# Before returning, record the frame_id and stack_offset for this address.
# (This can become useful information for retrieving the original location of a variable)
frame_id = idc.get_frame_id(self.ip)
stack_var = ida_frame.get_stkvar(insn, op, offset)
if stack_var:
_, stack_offset = stack_var
self._cpu_context.stack_variables[result] = (frame_id,
stack_offset)
return result
def __str__(self):
"""
Print information about current memory map.
"""
# Create text output.
_just = 25 if get_bits() == 32 else 50
_hex_fmt = "0x{:08X}" if get_bits() == 32 else "0x{:016X}"
title = "{}{}{}".format("Base Address".ljust(_just),
"Address Range".ljust(_just), "Size")
memory_ranges = []
for base_address, size in self.blocks:
memory_ranges.append("{}{}{}".format(
_hex_fmt.format(base_address).ljust(_just), "{} - {}".format(
_hex_fmt.format(base_address),
_hex_fmt.format(base_address + size)).ljust(_just), size))
return "{}\n{}\n".format(title, "\n".join(memory_ranges))
def index(self):
"""The value of the index register if operand is a displacement."""
if not self.has_phrase:
return None
index_reg = utils.x86_index_reg(self._insn, self._op)
if index_reg == -1:
return 0
index_reg = utils.reg2str(index_reg)
value = self._cpu_context.registers[index_reg]
return utils.signed(value, utils.get_bits())
def __init__(self, registers, instruction_pointer, stack_pointer, stack_registers=None):
self.registers = registers
self.jcccontext = JccContext()
self.memory = Memory()
self.func_calls = {} # Keeps track of function calls.
self.executed_instructions = [] # Keeps track of the instructions that have been executed.
self.memory_copies = collections.defaultdict(list) # Keeps track of memory moves.
self.bitness = utils.get_bits()
self.byteness = self.bitness // 8
self.stack_registers = stack_registers or []
self.variables = VariableMap(self)
self._sp = stack_pointer
self._ip = instruction_pointer
def __init__(self, emulator, registers, instruction_pointer,
stack_pointer):
self.emulator = emulator
self.registers = registers
self.jcccontext = JccContext()
self.memory = Memory()
self.func_calls = {} # Keeps track of function calls.
self.executed_instructions = [
] # Keeps track of the instructions that have been executed.
self.memory_copies = collections.defaultdict(
list) # Keeps track of memory moves.
self.bitness = utils.get_bits()
self.byteness = self.bitness // 8
self.variables = VariableMap(self)
self.objects = ObjectMap(self)
self.actions = [] # List of action objects (namedtuples)
# Function start address of a function we are currently hooking.
self.hooking_call = None
self._sp = stack_pointer
self._ip = instruction_pointer
self._sp_start = self.sp
def offset(self):
"""The offset value if the operand is a displacement."""
if not self.has_phrase:
return None
return utils.signed(self._op.addr, utils.get_bits())