def populate(self, known_instrs): addr = self.entry while True: known_instrs[addr] = self if self.exe.architecture() == "x86": opcode = self.exe.read(addr, 15) result = X86.disassemble32(opcode, addr) opcode = opcode[0:result.length] instr = X86Instruction(opcode, addr, result, 4) arch = X86 elif self.exe.architecture() == "x86_64": opcode = self.exe.read(addr, 15) result = X86.disassemble64(opcode, addr) opcode = opcode[0:result.length] instr = X86Instruction(opcode, addr, result, 8) arch = X86 elif self.exe.architecture() == "ppc": opcode = self.exe.read(addr, 4) if len(opcode) == 4: result = PPC.disassemble(struct.unpack(">I", opcode)[0], addr) instr = PPCInstruction(opcode, addr, result) else: instr = PPCInstruction("", addr, PPC.Instruction()) arch = PPC elif self.exe.architecture() == "arm": opcode = self.exe.read(addr & (~1), 4) if len(opcode) == 4: result = Arm.disassemble(struct.unpack("<I", opcode)[0], addr) instr = ArmInstruction(opcode, addr, result) else: instr = ArmInstruction("", addr, Arm.Instruction()) arch = Arm else: break self.instrs += [instr] instr.format_text(self, self.analysis.options) if not instr.isValid(): break if instr.isBlockEnding(): if instr.isConditionalBranch(): self.true_path = instr.target self.false_path = addr + instr.length() self.exits += [self.true_path, self.false_path] elif instr.target != None: self.exits += [instr.target] break addr += instr.length() if addr in known_instrs: self.exits += [addr] break
def populate(self, known_instrs): addr = self.entry while True: known_instrs[addr] = self if self.exe.architecture() == "x86": opcode = self.exe.read(addr, 15) result = X86.disassemble32(opcode, addr) opcode = opcode[0:result.length] instr = X86Instruction(opcode, addr, result, 4) arch = X86 elif self.exe.architecture() == "x86_64": opcode = self.exe.read(addr, 15) result = X86.disassemble64(opcode, addr) opcode = opcode[0:result.length] instr = X86Instruction(opcode, addr, result, 8) arch = X86 elif self.exe.architecture() == "ppc": opcode = self.exe.read(addr, 4) if len(opcode) == 4: result = PPC.disassemble( struct.unpack(">I", opcode)[0], addr) instr = PPCInstruction(opcode, addr, result) else: instr = PPCInstruction("", addr, PPC.Instruction()) arch = PPC elif self.exe.architecture() == "arm": opcode = self.exe.read(addr & (~1), 4) if len(opcode) == 4: result = Arm.disassemble( struct.unpack("<I", opcode)[0], addr) instr = ArmInstruction(opcode, addr, result) else: instr = ArmInstruction("", addr, Arm.Instruction()) arch = Arm else: break self.instrs += [instr] instr.format_text(self, self.analysis.options) if not instr.isValid(): break if instr.isBlockEnding(): if instr.isConditionalBranch(): self.true_path = instr.target self.false_path = addr + instr.length() self.exits += [self.true_path, self.false_path] elif instr.target != None: self.exits += [instr.target] break addr += instr.length() if addr in known_instrs: self.exits += [addr] break