def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = 0
for i in insn.operands:
if i.type == XCORE_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == XCORE_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == XCORE_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" \
% (c, insn.reg_name(i.mem.index)))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.mem.direct != 1:
print("\t\t\toperands[%u].mem.direct: -1")
c += 1
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == MIPS_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == MIPS_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == MIPS_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = 0
for i in insn.operands:
if i.type == TMS320C64X_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == TMS320C64X_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == TMS320C64X_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.disptype == TMS320C64X_MEM_DISP_INVALID:
print("\t\t\toperands[%u].mem.disptype: Invalid" % (c))
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.mem.disptype == TMS320C64X_MEM_DISP_CONSTANT:
print("\t\t\toperands[%u].mem.disptype: Constant" % (c))
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.mem.disptype == TMS320C64X_MEM_DISP_REGISTER:
print("\t\t\toperands[%u].mem.disptype: Register" % (c))
print("\t\t\toperands[%u].mem.disp: %s" \
% (c, insn.reg_name(i.mem.disp)))
print("\t\t\toperands[%u].mem.unit: %u" % (c, i.mem.unit))
if i.mem.direction == TMS320C64X_MEM_DIR_INVALID:
print("\t\t\toperands[%u].mem.direction: Invalid" % (c))
if i.mem.direction == TMS320C64X_MEM_DIR_FW:
print("\t\t\toperands[%u].mem.direction: Forward" % (c))
if i.mem.direction == TMS320C64X_MEM_DIR_BW:
print("\t\t\toperands[%u].mem.direction: Backward" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_INVALID:
print("\t\t\toperands[%u].mem.modify: Invalid" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_NO:
print("\t\t\toperands[%u].mem.modify: No" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_PRE:
print("\t\t\toperands[%u].mem.modify: Pre" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_POST:
print("\t\t\toperands[%u].mem.modify: Post" % (c))
print("\t\t\toperands[%u].mem.scaled: %u" % (c, i.mem.scaled))
if i.type == TMS320C64X_OP_REGPAIR:
print("\t\toperands[%u].type: REGPAIR = %s:%s" %
(c, insn.reg_name(i.reg + 1), insn.reg_name(i.reg)))
c += 1
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = 0
for i in insn.operands:
if i.type == TMS320C64X_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == TMS320C64X_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == TMS320C64X_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.disptype == TMS320C64X_MEM_DISP_INVALID:
print("\t\t\toperands[%u].mem.disptype: Invalid" % (c))
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.mem.disptype == TMS320C64X_MEM_DISP_CONSTANT:
print("\t\t\toperands[%u].mem.disptype: Constant" % (c))
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.mem.disptype == TMS320C64X_MEM_DISP_REGISTER:
print("\t\t\toperands[%u].mem.disptype: Register" % (c))
print("\t\t\toperands[%u].mem.disp: %s" \
% (c, insn.reg_name(i.mem.disp)))
print("\t\t\toperands[%u].mem.unit: %u" % (c, i.mem.unit))
if i.mem.direction == TMS320C64X_MEM_DIR_INVALID:
print("\t\t\toperands[%u].mem.direction: Invalid" % (c))
if i.mem.direction == TMS320C64X_MEM_DIR_FW:
print("\t\t\toperands[%u].mem.direction: Forward" % (c))
if i.mem.direction == TMS320C64X_MEM_DIR_BW:
print("\t\t\toperands[%u].mem.direction: Backward" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_INVALID:
print("\t\t\toperands[%u].mem.modify: Invalid" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_NO:
print("\t\t\toperands[%u].mem.modify: No" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_PRE:
print("\t\t\toperands[%u].mem.modify: Pre" % (c))
if i.mem.modify == TMS320C64X_MEM_MOD_POST:
print("\t\t\toperands[%u].mem.modify: Post" % (c))
print("\t\t\toperands[%u].mem.scaled: %u" % (c, i.mem.scaled))
if i.type == TMS320C64X_OP_REGPAIR:
print("\t\toperands[%u].type: REGPAIR = %s:%s" % (c, insn.reg_name(i.reg + 1), insn.reg_name(i.reg)))
c += 1
def get_single_IMM(insn):
seg_num = insn.op_count(CS_OP_IMM)
if seg_num > 1:
print "Extract: too much imm reg!"
if seg_num != 1:
print "Extract: no imm reg found!"
return to_x(insn.op_find(CS_OP_IMM, 1).value.imm)
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == ARM64_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == ARM64_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == ARM64_OP_CIMM:
print("\t\toperands[%u].type: C-IMM = %u" % (c, i.imm))
if i.type == ARM64_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == ARM64_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" \
% (c, insn.reg_name(i.mem.index)))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.shift.type != ARM64_SFT_INVALID and i.shift.value:
print("\t\t\tShift: type = %u, value = %u" % (i.shift.type, i.shift.value))
if i.ext != ARM64_EXT_INVALID:
print("\t\t\tExt: %u" % i.ext)
if insn.writeback:
print("\tWrite-back: True")
if not insn.cc in [ARM64_CC_AL, ARM64_CC_INVALID]:
print("\tCode condition: %u" % insn.cc)
if insn.update_flags:
print("\tUpdate-flags: True")
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
print("\taddress mode: %s" % (address_modes[insn.am]))
print("\tmodifies flags: %s" % ('true' if insn.modifies_flags != 0 else 'false'))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == MOS65XX_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == MOS65XX_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == MOS65XX_OP_MEM:
print("\t\toperands[%u].type: MEM = 0x%s" % (c, to_x(i.mem)))
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
print("\taddress mode: %s" % (address_modes[insn.am]))
print("\tmodifies flags: %s" %
('true' if insn.modifies_flags != 0 else 'false'))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == MOS65XX_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == MOS65XX_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == MOS65XX_OP_MEM:
print("\t\toperands[%u].type: MEM = 0x%s" % (c, to_x(i.mem)))
def test_details():
elffile = get_ELFFile('a.out')
code = elffile.get_section_by_name('.text')
ops = code.data()
addr = code['sh_addr']
md = Cs(CS_ARCH_X86, CS_MODE_64)
md.detail = True
for insn in md.disasm(ops, addr):
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
print(map(lambda x: to_x(int(x)), insn.bytes))
imm_count = insn.op_count(X86_OP_IMM)
if imm_count == 0:
continue
bytes_no_imm = []
# Inclusive 'start' and 'end' indexes
imm_start = insn.imm_offset
imm_end = imm_start + insn.imm_size + 1
for i in range(len(insn.bytes)):
if imm_start <= i <= imm_end:
continue
bytes_no_imm.append(insn.bytes[i])
print(map(lambda x: to_x(int(x)), bytes_no_imm))
def print_insn_detail(mode, insn):
def print_string_hex(comment, str):
print(comment, end=' '),
for c in str:
print("0x%02x " % c, end=''),
print()
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
# print instruction prefix
print_string_hex("\tPrefix:", insn.prefix)
# print segment override (if applicable)
if insn.segment != X86_REG_INVALID:
print("\tSegment override: %s" % insn.reg_name(insn.segment))
# print instruction's opcode
print_string_hex("\tOpcode:", insn.opcode)
# print operand's size, address size, displacement size & immediate size
print("\top_size: %u, addr_size: %u, disp_size: %u, imm_size: %u" \
% (insn.op_size, insn.addr_size, insn.disp_size, insn.imm_size))
# print modRM byte
print("\tmodrm: 0x%x" % (insn.modrm))
# print displacement value
print("\tdisp: 0x%s" % to_x_32(insn.disp))
# SIB is not available in 16-bit mode
if (mode & CS_MODE_16 == 0):
# print SIB byte
print("\tsib: 0x%x" % (insn.sib))
if (insn.sib):
if insn.sib_base != 0:
print("\t\tsib_base: %s" % (insn.reg_name(insn.sib_base)))
if insn.sib_index != 0:
print("\t\tsib_index: %s" % (insn.reg_name(insn.sib_index)))
if insn.sib_scale != 0:
print("\t\tsib_scale: %d" % (insn.sib_scale))
count = insn.op_count(X86_OP_IMM)
if count > 0:
print("\timm_count: %u" % count)
for i in range(count):
op = insn.op_find(X86_OP_IMM, i + 1)
print("\t\timms[%u]: 0x%s" % (i + 1, to_x(op.imm)))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == X86_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == X86_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == X86_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == X86_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" % (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" % (c, insn.reg_name(i.mem.index)))
if i.mem.scale != 1:
print("\t\t\toperands[%u].mem.scale: %u" % (c, i.mem.scale))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" % (c, to_x(i.mem.disp)))
def print_insn_detail(mode, insn):
def print_string_hex(comment, str):
print(comment, end=' '),
for c in str:
print("0x%02x " % c, end=''),
print()
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
# print instruction prefix
print_string_hex("\tPrefix:", insn.prefix)
# print instruction's opcode
print_string_hex("\tOpcode:", insn.opcode)
# print operand's REX prefix (non-zero value is relavant for x86_64 instructions)
print("\trex: 0x%x" % (insn.rex))
# print operand's address size
print("\taddr_size: %u" % (insn.addr_size))
# print modRM byte
print("\tmodrm: 0x%x" % (insn.modrm))
# print displacement value
print("\tdisp: 0x%s" % to_x_32(insn.disp))
# SIB is not available in 16-bit mode
if (mode & CS_MODE_16 == 0):
# print SIB byte
print("\tsib: 0x%x" % (insn.sib))
if (insn.sib):
if insn.sib_base != 0:
print("\t\tsib_base: %s" % (insn.reg_name(insn.sib_base)))
if insn.sib_index != 0:
print("\t\tsib_index: %s" % (insn.reg_name(insn.sib_index)))
if insn.sib_scale != 0:
print("\t\tsib_scale: %d" % (insn.sib_scale))
# SSE CC type
if insn.sse_cc != X86_SSE_CC_INVALID:
print("\tsse_cc: %u" % (insn.sse_cc))
# AVX CC type
if insn.avx_cc != X86_AVX_CC_INVALID:
print("\tavx_cc: %u" % (insn.avx_cc))
# AVX Suppress All Exception
if insn.avx_sae:
print("\tavx_sae: TRUE")
# AVX Rounding Mode type
if insn.avx_rm != X86_AVX_RM_INVALID:
print("\tavx_rm: %u" % (insn.avx_rm))
count = insn.op_count(X86_OP_IMM)
if count > 0:
print("\timm_count: %u" % count)
for i in range(count):
op = insn.op_find(X86_OP_IMM, i + 1)
print("\t\timms[%u]: 0x%s" % (i + 1, to_x(op.imm)))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == X86_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == X86_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == X86_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == X86_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.segment != 0:
print("\t\t\toperands[%u].mem.segment: REG = %s" % (c, insn.reg_name(i.mem.segment)))
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" % (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" % (c, insn.reg_name(i.mem.index)))
if i.mem.scale != 1:
print("\t\t\toperands[%u].mem.scale: %u" % (c, i.mem.scale))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" % (c, to_x(i.mem.disp)))
# AVX broadcast type
if i.avx_bcast != X86_AVX_BCAST_INVALID:
print("\t\toperands[%u].avx_bcast: %u" % (c, i.avx_bcast))
# AVX zero opmask {z}
if i.avx_zero_opmask:
print("\t\toperands[%u].avx_zero_opmask: TRUE" % (c))
print("\t\toperands[%u].size: %u" % (c, i.size))
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == ARM64_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == ARM64_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == ARM64_OP_CIMM:
print("\t\toperands[%u].type: C-IMM = %u" % (c, i.imm))
if i.type == ARM64_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == ARM64_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" \
% (c, insn.reg_name(i.mem.index)))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.type == ARM64_OP_REG_MRS:
print("\t\toperands[%u].type: REG_MRS = 0x%x" % (c, i.reg))
if i.type == ARM64_OP_REG_MSR:
print("\t\toperands[%u].type: REG_MSR = 0x%x" % (c, i.reg))
if i.type == ARM64_OP_PSTATE:
print("\t\toperands[%u].type: PSTATE = 0x%x" % (c, i.pstate))
if i.type == ARM64_OP_SYS:
print("\t\toperands[%u].type: SYS = 0x%x" % (c, i.sys))
if i.type == ARM64_OP_PREFETCH:
print("\t\toperands[%u].type: PREFETCH = 0x%x" % (c, i.prefetch))
if i.type == ARM64_OP_BARRIER:
print("\t\toperands[%u].type: BARRIER = 0x%x" % (c, i.barrier))
if i.shift.type != ARM64_SFT_INVALID and i.shift.value:
print("\t\t\tShift: type = %u, value = %u" % (i.shift.type, i.shift.value))
if i.ext != ARM64_EXT_INVALID:
print("\t\t\tExt: %u" % i.ext)
if i.vas != ARM64_VAS_INVALID:
print("\t\t\tVector Arrangement Specifier: 0x%x" % i.vas)
if i.vess != ARM64_VESS_INVALID:
print("\t\t\tVector Element Size Specifier: %u" % i.vess)
if i.vector_index != -1:
print("\t\t\tVector Index: %u" % i.vector_index)
if insn.writeback:
print("\tWrite-back: True")
if not insn.cc in [ARM64_CC_AL, ARM64_CC_INVALID]:
print("\tCode-condition: %u" % insn.cc)
if insn.update_flags:
print("\tUpdate-flags: True")
def print_insn_detail(mode, insn):
def print_string_hex(comment, str):
print(comment, end=' '),
for c in str:
print("0x%02x " % c, end=''),
print()
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
# print instruction prefix
print_string_hex("\tPrefix:", insn.prefix)
# print instruction's opcode
print_string_hex("\tOpcode:", insn.opcode)
# print operand's REX prefix (non-zero value is relavant for x86_64 instructions)
print("\trex: 0x%x" % (insn.rex))
# print operand's address size
print("\taddr_size: %u" % (insn.addr_size))
# print modRM byte
print("\tmodrm: 0x%x" % (insn.modrm))
# print modRM offset
if insn.modrm_offset != 0:
print("\tmodrm_offset: 0x%x" % (insn.modrm_offset))
# print displacement value
print("\tdisp: 0x%s" % to_x_32(insn.disp))
# print displacement offset (offset into instruction bytes)
if insn.disp_offset != 0:
print("\tdisp_offset: 0x%x" % (insn.disp_offset))
# print displacement size
if insn.disp_size != 0:
print("\tdisp_size: 0x%x" % (insn.disp_size))
# SIB is not available in 16-bit mode
if (mode & CS_MODE_16 == 0):
# print SIB byte
print("\tsib: 0x%x" % (insn.sib))
if (insn.sib):
if insn.sib_base != 0:
print("\t\tsib_base: %s" % (insn.reg_name(insn.sib_base)))
if insn.sib_index != 0:
print("\t\tsib_index: %s" % (insn.reg_name(insn.sib_index)))
if insn.sib_scale != 0:
print("\t\tsib_scale: %d" % (insn.sib_scale))
# XOP CC type
if insn.xop_cc != X86_XOP_CC_INVALID:
print("\txop_cc: %u" % (insn.xop_cc))
# SSE CC type
if insn.sse_cc != X86_SSE_CC_INVALID:
print("\tsse_cc: %u" % (insn.sse_cc))
# AVX CC type
if insn.avx_cc != X86_AVX_CC_INVALID:
print("\tavx_cc: %u" % (insn.avx_cc))
# AVX Suppress All Exception
if insn.avx_sae:
print("\tavx_sae: TRUE")
# AVX Rounding Mode type
if insn.avx_rm != X86_AVX_RM_INVALID:
print("\tavx_rm: %u" % (insn.avx_rm))
count = insn.op_count(X86_OP_IMM)
if count > 0:
print("\timm_count: %u" % count)
for i in range(count):
op = insn.op_find(X86_OP_IMM, i + 1)
print("\t\timms[%u]: 0x%s" % (i + 1, to_x(op.imm)))
if insn.imm_offset != 0:
print("\timm_offset: 0x%x" % (insn.imm_offset))
if insn.imm_size != 0:
print("\timm_size: 0x%x" % (insn.imm_size))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == X86_OP_REG:
print("\t\toperands[%u].type: REG = %s" % (c, insn.reg_name(i.reg)))
if i.type == X86_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == X86_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.segment != 0:
print("\t\t\toperands[%u].mem.segment: REG = %s" % (c, insn.reg_name(i.mem.segment)))
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" % (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" % (c, insn.reg_name(i.mem.index)))
if i.mem.scale != 1:
print("\t\t\toperands[%u].mem.scale: %u" % (c, i.mem.scale))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" % (c, to_x(i.mem.disp)))
# AVX broadcast type
if i.avx_bcast != X86_AVX_BCAST_INVALID:
print("\t\toperands[%u].avx_bcast: %u" % (c, i.avx_bcast))
# AVX zero opmask {z}
if i.avx_zero_opmask:
print("\t\toperands[%u].avx_zero_opmask: TRUE" % (c))
print("\t\toperands[%u].size: %u" % (c, i.size))
if i.access == CS_AC_READ:
print("\t\toperands[%u].access: READ\n" % (c))
elif i.access == CS_AC_WRITE:
print("\t\toperands[%u].access: WRITE\n" % (c))
elif i.access == CS_AC_READ | CS_AC_WRITE:
print("\t\toperands[%u].access: READ | WRITE\n" % (c))
(regs_read, regs_write) = insn.regs_access()
if len(regs_read) > 0:
print("\tRegisters read:", end="")
for r in regs_read:
print(" %s" %(insn.reg_name(r)), end="")
print("")
if len(regs_write) > 0:
print("\tRegisters modified:", end="")
for r in regs_write:
print(" %s" %(insn.reg_name(r)), end="")
print("")
if insn.eflags:
updated_flags = []
for i in range(0,46):
if insn.eflags & (1 << i):
updated_flags.append(get_eflag_name(1 << i))
print("\tEFLAGS: %s" % (','.join(p for p in updated_flags)))
def print_insn_detail(mode, insn):
def print_string_hex(comment, str):
print(comment, end=' '),
for c in str:
print("0x%02x " % c, end=''),
print()
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
# print instruction prefix
print_string_hex("\tPrefix:", insn.prefix)
# print instruction's opcode
print_string_hex("\tOpcode:", insn.opcode)
# print operand's REX prefix (non-zero value is relavant for x86_64 instructions)
print("\trex: 0x%x" % (insn.rex))
# print operand's address size
print("\taddr_size: %u" % (insn.addr_size))
# print modRM byte
print("\tmodrm: 0x%x" % (insn.modrm))
# print displacement value
print("\tdisp: 0x%s" % to_x_32(insn.disp))
# SIB is not available in 16-bit mode
if (mode & CS_MODE_16 == 0):
# print SIB byte
print("\tsib: 0x%x" % (insn.sib))
if (insn.sib):
if insn.sib_base != 0:
print("\t\tsib_base: %s" % (insn.reg_name(insn.sib_base)))
if insn.sib_index != 0:
print("\t\tsib_index: %s" % (insn.reg_name(insn.sib_index)))
if insn.sib_scale != 0:
print("\t\tsib_scale: %d" % (insn.sib_scale))
# XOP CC type
if insn.xop_cc != X86_XOP_CC_INVALID:
print("\txop_cc: %u" % (insn.xop_cc))
# SSE CC type
if insn.sse_cc != X86_SSE_CC_INVALID:
print("\tsse_cc: %u" % (insn.sse_cc))
# AVX CC type
if insn.avx_cc != X86_AVX_CC_INVALID:
print("\tavx_cc: %u" % (insn.avx_cc))
# AVX Suppress All Exception
if insn.avx_sae:
print("\tavx_sae: TRUE")
# AVX Rounding Mode type
if insn.avx_rm != X86_AVX_RM_INVALID:
print("\tavx_rm: %u" % (insn.avx_rm))
count = insn.op_count(X86_OP_IMM)
if count > 0:
print("\timm_count: %u" % count)
for i in range(count):
op = insn.op_find(X86_OP_IMM, i + 1)
print("\t\timms[%u]: 0x%s" % (i + 1, to_x(op.imm)))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == X86_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == X86_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == X86_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == X86_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.segment != 0:
print("\t\t\toperands[%u].mem.segment: REG = %s" %
(c, insn.reg_name(i.mem.segment)))
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" %
(c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" %
(c, insn.reg_name(i.mem.index)))
if i.mem.scale != 1:
print("\t\t\toperands[%u].mem.scale: %u" %
(c, i.mem.scale))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" %
(c, to_x(i.mem.disp)))
# AVX broadcast type
if i.avx_bcast != X86_AVX_BCAST_INVALID:
print("\t\toperands[%u].avx_bcast: %u" % (c, i.avx_bcast))
# AVX zero opmask {z}
if i.avx_zero_opmask:
print("\t\toperands[%u].avx_zero_opmask: TRUE" % (c))
print("\t\toperands[%u].size: %u" % (c, i.size))
if i.access == CS_AC_READ:
print("\t\toperands[%u].access: READ\n" % (c))
elif i.access == CS_AC_WRITE:
print("\t\toperands[%u].access: WRITE\n" % (c))
elif i.access == CS_AC_READ | CS_AC_WRITE:
print("\t\toperands[%u].access: READ | WRITE\n" % (c))
(regs_read, regs_write) = insn.regs_access()
if len(regs_read) > 0:
print("\tRegisters read:", end="")
for r in regs_read:
print(" %s" % (insn.reg_name(r)), end="")
print("")
if len(regs_write) > 0:
print("\tRegisters modified:", end="")
for r in regs_write:
print(" %s" % (insn.reg_name(r)), end="")
print("")
def print_SecCode(md):
print("[*]---- Start SecCode ----")
offset_table = Get_SecCode_OffsetTable(md)
j = 0
for insn in md.disasm(CODE, BASE_ADDR + START):
if insn.id == 0:
return
reg_name = []
if len(insn.operands) > 0:
for i in insn.operands:
if i.type == MIPS_OP_REG:
reg_name.append(insn.reg_name(i.reg))
if i.type == MIPS_OP_IMM:
imm = to_x(i.imm)
if i.type == MIPS_OP_MEM:
if i.mem.base != 0:
mem_base = insn.reg_name(i.mem.base)
if i.mem.disp != 0:
mem_disp = to_x(i.mem.disp & 0xffffffff)
if (DEBUG):
print("#0x%x:\t%s\t%s" %
(insn.address, insn.mnemonic, insn.op_str))
#sb
if insn.mnemonic == "sb":
if (rand_list[j]):
if (DEBUG):
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
print("\t\tPushImm,0x%s," % (mem_disp))
print("\t\tPopReg,RFPO,")
j += 1
else:
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
j += 1
if (rand_list[j]):
if (DEBUG):
print("\t#MovReg2Mem,%s,%s," %
(REG_TABLE[reg_name[0]], REG_TABLE[mem_base]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[0]]))
print("\t\tPopMem,%s," % (REG_TABLE[mem_base]))
j += 1
else:
print("\t#MovReg2Mem,%s,%s," %
(REG_TABLE[reg_name[0]], REG_TABLE[mem_base]))
j += 1
#lbu lb
if insn.mnemonic == "lbu":
if (rand_list[j]):
if (DEBUG):
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
print("\t\tPushImm,0x%s," % (mem_disp))
print("\t\tPopReg,RFPO,")
j += 1
else:
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
j += 1
if (rand_list[j]):
if (DEBUG):
print("\t#MovMem2Reg,%s,%s," %
(REG_TABLE[mem_base], REG_TABLE[reg_name[0]]))
print("\t\tPushMem,%s," % (REG_TABLE[mem_base]))
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MovMem2Reg,%s,%s," %
(REG_TABLE[mem_base], REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "lb":
if (rand_list[j]):
if (DEBUG):
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
print("\t\tPushImm,0x%s," % (mem_disp))
print("\t\tPopReg,RFPO,")
j += 1
else:
print("\t#MovImm2Reg,0x%s,RFPO," % (mem_disp))
j += 1
if (rand_list):
if (DEBUG):
print("\t#MovMem2Reg,%s,%s," %
(REG_TABLE[mem_base], REG_TABLE[reg_name[0]]))
print("\t\tPushMem,%s," % (REG_TABLE[mem_base]))
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MovMem2Reg,%s,%s," %
(REG_TABLE[mem_base], REG_TABLE[reg_name[0]]))
j += 1
#addiu addi addu add
if insn.mnemonic == "addiu":
if REG_TABLE[reg_name[1]] == "RFP":
imm = hex((int(imm, 16) * 4))[2:]
if (rand_list[j]):
if (DEBUG):
print(
"\t#AddReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomAdd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AddReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "addi":
if REG_TABLE[reg_name[1]] == "RFP":
imm = hex((int(imm, 16) * 4))[2:]
if (rand_list[j]):
if (DEBUG):
print(
"\t#AddReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomAdd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AddReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "addu":
if (rand_list[j]):
if (DEBUG):
print("\t#AddReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomAdd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AddReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "add":
if (rand_list[j]):
if (DEBUG):
print("\t#AddReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomAdd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AddReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#subiu subi subu sub
if insn.mnemonic == "subiu":
if (rand_list[j]):
if (DEBUG):
print(
"\t#SubReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomSub,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SubReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "subi":
if (rand_list[j]):
if (DEBUG):
print(
"\t#SubReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomSub,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SubReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "subu":
if (rand_list[j]):
if (DEBUG):
print("\t#SubReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomSub,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SubReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "sub":
if (rand_list[j]):
if (DEBUG):
print("\t#SubReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomSub,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SubReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#muliu muli mulu mul
if insn.mnemonic == "muliu":
if (rand_list[j]):
if (DEBUG):
print(
"\t#MulReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomMul,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MulReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "muli":
if (rand_list[j]):
if (DEBUG):
print(
"\t#MulReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomMul,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MulReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "mulu":
if (rand_list[j]):
if (DEBUG):
print("\t#MulReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomMul,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MulReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "mul":
if (rand_list[j]):
if (DEBUG):
print("\t#MulReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomMul,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#MulReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#andi andiu andu and
if insn.mnemonic == "andi":
if (rand_list[j]):
if (DEBUG):
print(
"\t#AndReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomAnd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AndReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "andiu":
if (rand_list[j]):
if (DEBUG):
print(
"\t#AndReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomAnd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AndReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "andu":
if (rand_list[j]):
if (DEBUG):
print("\t#AndReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomAnd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AndReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "and":
if (rand_list[j]):
if (DEBUG):
print("\t#AndReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomAnd,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#AndReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#sll sllv
if insn.mnemonic == "sll":
if (rand_list[j]):
if (DEBUG):
print(
"\t#SllReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomSll,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SllReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "sllv":
if (rand_list[j]):
if (DEBUG):
print("\t#SllReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomSll,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SllReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#sra srl srav srlv
if insn.mnemonic == "sra":
if (rand_list[j]):
if (DEBUG):
print(
"\t#SraReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomSra,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SraReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "srl":
if (rand_list[j]):
if (DEBUG):
print(
"\t#SraReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomSra,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SraReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "srav":
if (rand_list[j]):
if (DEBUG):
print("\t#SraReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomSra,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SraReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "srlv":
if (rand_list[j]):
if (DEBUG):
print("\t#SraReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomSra,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#SraReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
#xor xori
if insn.mnemonic == "xor":
if (rand_list[j]):
if (DEBUG):
print("\t#XorReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomXor,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#XorReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "xori":
if (rand_list[j]):
if (DEBUG):
print(
"\t#XorReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomXor,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#XorReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
#nor nori
if insn.mnemonic == "nor":
if (rand_list[j]):
if (DEBUG):
print("\t#NorReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[2]]))
print("\t\tAtomNor,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#NorReg4Reg2Reg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
j += 1
if insn.mnemonic == "nori":
if (rand_list[j]):
if (DEBUG):
print(
"\t#NorReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
print("\t\tPushReg,%s," % (REG_TABLE[reg_name[1]]))
print("\t\tPushImm,0x%s," % (imm))
print("\t\tAtomNor,")
print("\t\tPopReg,%s," % (REG_TABLE[reg_name[0]]))
j += 1
else:
print("\t#NorReg4Imm2Reg,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
j += 1
#sltiu slti slt sltu
if insn.mnemonic == "sltiu":
print("\tSetLessThanImm,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
if insn.mnemonic == "slti":
print("\tSetLessThanImm,%s,0x%s,%s," %
(REG_TABLE[reg_name[1]], imm, REG_TABLE[reg_name[0]]))
if insn.mnemonic == "slt":
print("\tSetLessThanReg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
if insn.mnemonic == "sltu":
print("\tSetLessThanReg,%s,%s,%s," %
(REG_TABLE[reg_name[1]], REG_TABLE[reg_name[2]],
REG_TABLE[reg_name[0]]))
#benz bne bqez beq b
if insn.mnemonic == "bnez":
offset_index = (int(imm, 16) - (BASE_ADDR + START)) / 4
b_offset = offset_table[offset_index]
print("\tBranchNotEquelZero,%s,%s," %
(REG_TABLE[reg_name[0]], b_offset))
if insn.mnemonic == "bne":
offset_index = (int(imm, 16) - (BASE_ADDR + START)) / 4
b_offset = offset_table[offset_index]
print("\tBranchNotEquelReg,%s,%s,%s," %
(REG_TABLE[reg_name[0]], REG_TABLE[reg_name[1]], b_offset))
if insn.mnemonic == "beqz":
offset_index = (int(imm, 16) - (BASE_ADDR + START)) / 4
b_offset = offset_table[offset_index]
print("\tBranchIfEquelZero,%s,%s," %
(REG_TABLE[reg_name[0]], b_offset))
if insn.mnemonic == "beq":
offset_index = (int(imm, 16) - (BASE_ADDR + START)) / 4
b_offset = offset_table[offset_index]
print("\tBranchIfEquelReg,%s,%s,%s," %
(REG_TABLE[reg_name[0]], REG_TABLE[reg_name[1]], b_offset))
if insn.mnemonic == "b":
offset_index = (int(imm, 16) - (BASE_ADDR + START)) / 4
b_offset = offset_table[offset_index]
print("\tJmp,%s," % (b_offset))
#nop
if insn.mnemonic == "nop":
print("\tNop,")
reg_name = []
print("\tRet,")
print("[*]---- Finish vmCode ----")
def print_insn_detail(insn):
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == ARM64_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == ARM64_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == ARM64_OP_CIMM:
print("\t\toperands[%u].type: C-IMM = %u" % (c, i.imm))
if i.type == ARM64_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == ARM64_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" \
% (c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" \
% (c, insn.reg_name(i.mem.index)))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" \
% (c, to_x(i.mem.disp)))
if i.type == ARM64_OP_REG_MRS:
print("\t\toperands[%u].type: REG_MRS = 0x%x" % (c, i.reg))
if i.type == ARM64_OP_REG_MSR:
print("\t\toperands[%u].type: REG_MSR = 0x%x" % (c, i.reg))
if i.type == ARM64_OP_PSTATE:
print("\t\toperands[%u].type: PSTATE = 0x%x" % (c, i.pstate))
if i.type == ARM64_OP_SYS:
print("\t\toperands[%u].type: SYS = 0x%x" % (c, i.sys))
if i.type == ARM64_OP_PREFETCH:
print("\t\toperands[%u].type: PREFETCH = 0x%x" %
(c, i.prefetch))
if i.type == ARM64_OP_BARRIER:
print("\t\toperands[%u].type: BARRIER = 0x%x" % (c, i.barrier))
if i.shift.type != ARM64_SFT_INVALID and i.shift.value:
print("\t\t\tShift: type = %u, value = %u" %
(i.shift.type, i.shift.value))
if i.ext != ARM64_EXT_INVALID:
print("\t\t\tExt: %u" % i.ext)
if i.vas != ARM64_VAS_INVALID:
print("\t\t\tVector Arrangement Specifier: 0x%x" % i.vas)
if i.vess != ARM64_VESS_INVALID:
print("\t\t\tVector Element Size Specifier: %u" % i.vess)
if i.vector_index != -1:
print("\t\t\tVector Index: %u" % i.vector_index)
if insn.writeback:
print("\tWrite-back: True")
if not insn.cc in [ARM64_CC_AL, ARM64_CC_INVALID]:
print("\tCode-condition: %u" % insn.cc)
if insn.update_flags:
print("\tUpdate-flags: True")
def print_insn_detail(mode, insn):
def print_string_hex(comment, str):
print(comment, end=' '),
for c in str:
print("0x%02x " % c, end=''),
print()
# print address, mnemonic and operands
print("0x%x:\t%s\t%s" % (insn.address, insn.mnemonic, insn.op_str))
# "data" instruction generated by SKIPDATA option has no detail
if insn.id == 0:
return
# print instruction prefix
print_string_hex("\tPrefix:", insn.prefix)
# print segment override (if applicable)
if insn.segment != X86_REG_INVALID:
print("\tSegment override: %s" % insn.reg_name(insn.segment))
# print instruction's opcode
print_string_hex("\tOpcode:", insn.opcode)
# print operand's size, address size, displacement size & immediate size
print("\top_size: %u, addr_size: %u, disp_size: %u, imm_size: %u" \
% (insn.op_size, insn.addr_size, insn.disp_size, insn.imm_size))
# print modRM byte
print("\tmodrm: 0x%x" % (insn.modrm))
# print displacement value
print("\tdisp: 0x%s" % to_x_32(insn.disp))
# SIB is not available in 16-bit mode
if (mode & CS_MODE_16 == 0):
# print SIB byte
print("\tsib: 0x%x" % (insn.sib))
if (insn.sib):
if insn.sib_base != 0:
print("\t\tsib_base: %s" % (insn.reg_name(insn.sib_base)))
if insn.sib_index != 0:
print("\t\tsib_index: %s" % (insn.reg_name(insn.sib_index)))
if insn.sib_scale != 0:
print("\t\tsib_scale: %d" % (insn.sib_scale))
count = insn.op_count(X86_OP_IMM)
if count > 0:
print("\timm_count: %u" % count)
for i in range(count):
op = insn.op_find(X86_OP_IMM, i + 1)
print("\t\timms[%u]: 0x%s" % (i + 1, to_x(op.imm)))
if len(insn.operands) > 0:
print("\top_count: %u" % len(insn.operands))
c = -1
for i in insn.operands:
c += 1
if i.type == X86_OP_REG:
print("\t\toperands[%u].type: REG = %s" %
(c, insn.reg_name(i.reg)))
if i.type == X86_OP_IMM:
print("\t\toperands[%u].type: IMM = 0x%s" % (c, to_x(i.imm)))
if i.type == X86_OP_FP:
print("\t\toperands[%u].type: FP = %f" % (c, i.fp))
if i.type == X86_OP_MEM:
print("\t\toperands[%u].type: MEM" % c)
if i.mem.base != 0:
print("\t\t\toperands[%u].mem.base: REG = %s" %
(c, insn.reg_name(i.mem.base)))
if i.mem.index != 0:
print("\t\t\toperands[%u].mem.index: REG = %s" %
(c, insn.reg_name(i.mem.index)))
if i.mem.scale != 1:
print("\t\t\toperands[%u].mem.scale: %u" %
(c, i.mem.scale))
if i.mem.disp != 0:
print("\t\t\toperands[%u].mem.disp: 0x%s" %
(c, to_x(i.mem.disp)))
