Python capstone.CS_MODE_THUMB Examples
The following are 27
code examples of capstone.CS_MODE_THUMB().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
capstone
, or try the search function
.
.
Example #1
| Source File: disassembler.py From barf-project with BSD 2-Clause "Simplified" License | 6 votes |
|
def __setup_available_disassemblers(self):
arch_map = {
ARCH_ARM_MODE_ARM: CS_MODE_ARM,
ARCH_ARM_MODE_THUMB: CS_MODE_THUMB,
}
self._available_disassemblers = {
ARCH_ARM_MODE_ARM: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_ARM]),
ARCH_ARM_MODE_THUMB: Cs(CS_ARCH_ARM, arch_map[ARCH_ARM_MODE_THUMB]),
}
self._available_disassemblers[ARCH_ARM_MODE_ARM].detail = True
self._available_disassemblers[ARCH_ARM_MODE_THUMB].detail = True
# Casptone to BARF translation
# ======================================================================== #
Example #2
| Source File: arm.py From rainbow with GNU Lesser General Public License v3.0 | 6 votes |
|
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_ARM)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_ARM | cs.CS_MODE_THUMB)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
Example #3
| Source File: cortexm.py From rainbow with GNU Lesser General Public License v3.0 | 6 votes |
|
def __init__(self, trace=True, sca_mode=False, local_vars={}):
super().__init__(trace, sca_mode)
self.emu = uc.Uc(uc.UC_ARCH_ARM, uc.UC_MODE_THUMB | uc.UC_MODE_MCLASS)
self.disasm = cs.Cs(cs.CS_ARCH_ARM, cs.CS_MODE_THUMB | cs.CS_MODE_MCLASS)
self.disasm.detail = True
self.word_size = 4
self.endianness = "little"
self.page_size = self.emu.query(uc.UC_QUERY_PAGE_SIZE)
self.page_shift = self.page_size.bit_length() - 1
self.pc = uc.arm_const.UC_ARM_REG_PC
known_regs = [i[len('UC_ARM_REG_'):] for i in dir(uc.arm_const) if '_REG' in i]
self.reg_map = {r.lower(): getattr(uc.arm_const, 'UC_ARM_REG_'+r) for r in known_regs}
self.stubbed_functions = local_vars
self.setup(sca_mode)
self.reset_stack()
# Force mapping of those addresses so that
# exception returns can be caught in the base
# block hook rather than a code fetch hook
self.map_space(0xfffffff0, 0xffffffff)
self.emu.hook_add(uc.UC_HOOK_INTR, self.intr_hook)
Example #4
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
"""Assemble the given string using Keystone using the specified CPU mode."""
# Explicitly uses late importing so that Keystone will only be imported if this is called.
# This lets us avoid requiring installation of Keystone for running tests.
global ks, ks_thumb
from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB
if ks is None:
ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
if ks_thumb is None:
ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)
if CS_MODE_ARM == mode:
ords = ks.asm(asm)[0]
elif CS_MODE_THUMB == mode:
ords = ks_thumb.asm(asm)[0]
else:
raise Exception(f"bad processor mode for assembly: {mode}")
if not ords:
raise Exception(f"bad assembly: {asm}")
return binascii.hexlify(bytearray(ords))
Example #5
| Source File: DisasmViewMode.py From qiew with GNU General Public License v2.0 | 6 votes |
|
def init_disassembler_engine(self):
# init state for disasambler
# set capstone, lexer, asmline
arch, mode = self.plugin.hintDisasm()
self.disasm_engine = capstone.Cs(arch, mode)
self.disasm_engine.detail = True
if arch == capstone.CS_ARCH_X86:
Lexer = X86_Lexer()
if arch == capstone.CS_ARCH_ARM and mode in [capstone.CS_MODE_ARM, capstone.CS_MODE_THUMB]:
Lexer = ARM_Lexer()
if arch == capstone.CS_ARCH_ARM64:
Lexer = ARM64_Lexer()
# todo: ASM_ARM_Line?
self.ASMLine = ASMx86Line
Lexer.build()
self.lexer = Lexer.lexer()
Example #6
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _set_mode_by_val(self, val):
new_mode = Operators.ITEBV(
self.address_bit_size, (val & 0x1) == 0x1, cs.CS_MODE_THUMB, cs.CS_MODE_ARM
)
if issymbolic(new_mode):
from ..state import Concretize
def set_concrete_mode(state, value):
state.cpu.mode = value
raise Concretize(
"Concretizing ARMv7 mode", expression=new_mode, setstate=set_concrete_mode
)
self.mode = new_mode
Example #7
| Source File: test_armv7unicorn.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def _ks_assemble(asm: str, mode=CS_MODE_ARM) -> bytes:
"""Assemble the given string using Keystone using the specified CPU mode."""
# Explicitly uses late importing so that Keystone will only be imported if this is called.
# This lets us avoid requiring installation of Keystone for running tests.
global ks, ks_thumb
from keystone import Ks, KS_ARCH_ARM, KS_MODE_ARM, KS_MODE_THUMB
if ks is None:
ks = Ks(KS_ARCH_ARM, KS_MODE_ARM)
if ks_thumb is None:
ks_thumb = Ks(KS_ARCH_ARM, KS_MODE_THUMB)
if CS_MODE_ARM == mode:
ords = ks.asm(asm)[0]
elif CS_MODE_THUMB == mode:
ords = ks_thumb.asm(asm)[0]
else:
raise Exception(f"bad processor mode for assembly: {mode}")
if not ords:
raise Exception(f"bad assembly: {asm}")
return binascii.hexlify(bytearray(ords))
Example #8
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 6 votes |
|
def test_blx_reg_sym(self):
dest = self.cpu.memory.constraints.new_bitvec(32, "dest")
self.cpu.memory.constraints.add(dest >= 0x1000)
self.cpu.memory.constraints.add(dest <= 0x1001)
self.cpu.R1 = dest
# First, make sure we raise when the mode is symbolic and ambiguous
with self.assertRaises(Concretize) as cm:
self.cpu.execute()
# Then, make sure we have the correct expression
e = cm.exception
all_modes = solver.get_all_values(self.cpu.memory.constraints, e.expression)
self.assertIn(CS_MODE_THUMB, all_modes)
self.assertIn(CS_MODE_ARM, all_modes)
# Assuming we're in ARM mode, ensure the callback toggles correctly.
self.assertEqual(self.cpu.mode, CS_MODE_ARM)
# The setstate callback expects a State as its first argument; since we
# don't have a state, the unit test itself is an okay approximation, since
# the cpu lives in self.cpu
e.setstate(self, CS_MODE_THUMB)
self.assertEqual(self.cpu.mode, CS_MODE_THUMB)
Example #9
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def test_bx_thumb(self):
pre_pc = self.rf.read("PC")
self.cpu.execute()
self.assertEqual(self.rf.read("PC"), pre_pc + 4)
self.assertEqual(self.cpu.mode, CS_MODE_THUMB)
# ORR
Example #10
| Source File: test_armv7unicorn.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def test_thumb_mode_emulation(self):
asm = "add r0, r1, r2"
self._setupCpu(asm, mode=CS_MODE_THUMB)
self.rf.write("R0", 0)
self.rf.write("R1", 0x1234)
self.rf.write("R2", 0x5678)
emu = emulate_next(self.cpu)
self.assertEqual(self.rf.read("R0"), 0x1234 + 0x5678)
self.assertEqual(emu._emu.query(UC_QUERY_MODE), UC_MODE_THUMB)
Example #11
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def test_blx_reg_thumb(self):
self.assertEqual(self.rf.read("PC"), 0x1008)
self.assertEqual(self.rf.read("LR"), 0x1008)
self.assertEqual(self.cpu.mode, CS_MODE_THUMB)
Example #12
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def test_symbolic_conditional(self):
asm = ""
asm += " tst r0, r0\n" # 0x1004
asm += " beq label\n" # 0x1006
asm += " bne label\n" # 0x1008
asm += "label:\n"
asm += " nop" # 0x100a
self._setupCpu(asm, mode=CS_MODE_THUMB) # code starts at 0x1004
# Set R0 as a symbolic value
self.cpu.R0 = self.cpu.memory.constraints.new_bitvec(32, "val")
self.cpu.execute() # tst r0, r0
self.cpu.execute() # beq label
# Here the PC can have two values, one for each branch of the beq
with self.assertRaises(ConcretizeRegister) as cm:
self.cpu.execute() # Should request concretizing the PC
# Get the symbolic expression of the PC
expression = self.cpu.read_register(cm.exception.reg_name)
# Get all possible values of the expression
all_values = solver.get_all_values(self.cpu.memory.constraints, expression)
# They should be either the beq instruction itself, or the next instruction
self.assertEqual(sorted(all_values), [0x1006, 0x1008])
# Move the PC to the second branch instruction
self.cpu.PC = 0x1008
self.cpu.execute() # bne label
# Here the PC can have two values again, one for each branch of the bne
with self.assertRaises(ConcretizeRegister) as cm:
self.cpu.execute() # Should request concretizing the PC
# Get the symbolic expression of the PC
expression = self.cpu.read_register(cm.exception.reg_name)
# Get all possible values of the PC
all_values = solver.get_all_values(self.cpu.memory.constraints, expression)
# They should be either the bne instruction itself, or the next instruction
self.assertEqual(sorted(all_values), [0x1008, 0x100A])
Example #13
| Source File: disasm.py From OpenXMolar with BSD 3-Clause "New" or "Revised" License | 5 votes |
|
def __init__(self, arch = None):
super(CapstoneEngine, self).__init__(arch)
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
list(capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1
))[0],
capstone.capstone.CsInsn
)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #14
| Source File: database.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def uboot_mux_init(self):
self._mux_name = "set_muxconf_regs"
(self._mux_start, self._mux_end) = utils.get_symbol_location_start_end(self._mux_name,
self.stage)
self._mux_start += 2
self._mux_end -= 2
if self.thumbranges.overlaps_point(self._mux_start):
self.cs = capstone.Cs(CS_ARCH_ARM, CS_MODE_THUMB)
self.cs.detail = True
self._thumb = True
self.emu = Uc(UC_ARCH_ARM, UC_MODE_THUMB)
else:
self.cs = capstone.Cs(CS_ARCH_ARM, CS_MODE_ARM)
self.cs.detail = True
self._thumb = False
self.emu = Uc(UC_ARCH_ARM, UC_MODE_ARM)
entrypoint = self._mux_start
headers = pure_utils.get_section_headers(elf)
for h in headers:
if h['size'] > 0:
codeaddr = h['virtaddr']
break
alignedstart = self._mux_start & 0xFFFFF0000
size = 2*1024*1024
fileoffset = alignedstart
elf = stage.elf
code = open(elf, "rb").read()[self._mux_start-fileoffset:self._mux_end-fileoffset]
hw = Main.get_hardwareclass_config()
for i in hw.addr_range:
if i.begin == 0:
size = i.end
else:
size = i.begin - i.end
self.emu.mem_map(i.begin, size, UC_PROT_ALL)
self.emu.mem_write(self._mux_start, code)
self.emu.reg_write(self.stage.elf.entrypoint, ARM_REG_SP)
Example #15
| Source File: database.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def mdthumb(self):
if self._mdthumb is None:
self._mdthumb = capstone.Cs(capstone.CS_ARCH_ARM,
capstone.CS_MODE_THUMB + capstone.CS_MODE_V8)
self._mdthumb.detail = True
return self._mdthumb
Example #16
| Source File: disasm.py From filmkodi with Apache License 2.0 | 5 votes |
|
def _import_dependencies(self):
# Load the Capstone bindings.
global capstone
if capstone is None:
import capstone
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1)[0],
capstone.capstone.CsInsn)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #17
| Source File: arch_arm.py From archinfo with BSD 2-Clause "Simplified" License | 5 votes |
|
def capstone_thumb(self):
if _capstone is None:
l.warning("Capstone is not installed!")
return None
if self._cs_thumb is None:
self._cs_thumb = _capstone.Cs(self.cs_arch, self.cs_mode + _capstone.CS_MODE_THUMB)
self._cs_thumb.detail = True
return self._cs_thumb
Example #18
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def test_ldr_imm_off_none_to_thumb(self):
self.cpu.stack_push(43)
self.cpu.execute()
self.assertEqual(self.rf.read("R15"), 42)
self.assertEqual(self.cpu.mode, CS_MODE_THUMB)
Example #19
| Source File: test_armv7cpu.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def itest_thumb(asm):
def instr_dec(assertions_func):
@wraps(assertions_func)
def wrapper(self):
self._setupCpu(asm, mode=CS_MODE_THUMB)
self.cpu.execute()
assertions_func(self)
return wrapper
return instr_dec
Example #20
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def BL(cpu, label):
next_instr_addr = cpu.regfile.read("PC")
if cpu.mode == cs.CS_MODE_THUMB:
cpu.regfile.write("LR", next_instr_addr + 1)
else:
cpu.regfile.write("LR", next_instr_addr)
cpu.regfile.write("PC", label.read())
Example #21
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def _swap_mode(self):
"""Toggle between ARM and Thumb mode"""
assert self.mode in (cs.CS_MODE_ARM, cs.CS_MODE_THUMB)
if self.mode == cs.CS_MODE_ARM:
self.mode = cs.CS_MODE_THUMB
else:
self.mode = cs.CS_MODE_ARM
# Flags that are the result of arithmetic instructions. Unconditionally
# set, but conditionally committed.
#
# Register file has the actual CPU flags
Example #22
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 5 votes |
|
def mode(self, new_mode):
assert new_mode in (cs.CS_MODE_ARM, cs.CS_MODE_THUMB)
if self._mode != new_mode:
logger.debug(f'swapping into {"ARM" if new_mode == cs.CS_MODE_ARM else "THUMB"} mode')
self._mode = new_mode
self.disasm.disasm.mode = new_mode
Example #23
| Source File: translator.py From reil with Apache License 2.0 | 5 votes |
|
def __init__(self):
TranslationContext.__init__(self)
self.registers = {
capstone.arm.ARM_REG_R0: r('r0', 32),
capstone.arm.ARM_REG_R1: r('r1', 32),
capstone.arm.ARM_REG_R2: r('r2', 32),
capstone.arm.ARM_REG_R3: r('r3', 32),
capstone.arm.ARM_REG_R4: r('r4', 32),
capstone.arm.ARM_REG_R5: r('r5', 32),
capstone.arm.ARM_REG_R6: r('r6', 32),
capstone.arm.ARM_REG_R7: r('r7', 32),
capstone.arm.ARM_REG_R8: r('r8', 32),
capstone.arm.ARM_REG_R9: r('r9', 32),
capstone.arm.ARM_REG_R10: r('r10', 32),
capstone.arm.ARM_REG_R11: r('r11', 32),
capstone.arm.ARM_REG_R13: r('sp', 32),
capstone.arm.ARM_REG_R14: r('lr', 32),
capstone.arm.ARM_REG_R15: r('pc', 32),
}
self.word_size = 32
self.thumb = True
self.stack_ptr = self.registers[capstone.arm.ARM_REG_R13]
self.link_reg = self.registers[capstone.arm.ARM_REG_R14]
self.program_ctr = self.registers[capstone.arm.ARM_REG_R15]
self.disassembler = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
self.disassembler.detail = True
Example #24
| Source File: disasm.py From PyDev.Debugger with Eclipse Public License 1.0 | 5 votes |
|
def _import_dependencies(self):
# Load the Capstone bindings.
global capstone
if capstone is None:
import capstone
# Load the constants for the requested architecture.
self.__constants = {
win32.ARCH_I386:
(capstone.CS_ARCH_X86, capstone.CS_MODE_32),
win32.ARCH_AMD64:
(capstone.CS_ARCH_X86, capstone.CS_MODE_64),
win32.ARCH_THUMB:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB),
win32.ARCH_ARM:
(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM),
win32.ARCH_ARM64:
(capstone.CS_ARCH_ARM64, capstone.CS_MODE_ARM),
}
# Test for the bug in early versions of Capstone.
# If found, warn the user about it.
try:
self.__bug = not isinstance(
capstone.cs_disasm_quick(
capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1)[0],
capstone.capstone.CsInsn)
except AttributeError:
self.__bug = False
if self.__bug:
warnings.warn(
"This version of the Capstone bindings is unstable,"
" please upgrade to a newer one!",
RuntimeWarning, stacklevel=4)
Example #25
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 4 votes |
|
def _SR(cpu, insn_id, dest, op, *rest):
"""
Notes on Capstone behavior:
- In ARM mode, _SR reg has `rest`, but _SR imm does not, its baked into `op`.
- In ARM mode, `lsr r1, r2` will have a `rest[0]`
- In Thumb mode, `lsr r1, r2` will have an empty `rest`
- In ARM mode, something like `lsr r1, 3` will not have `rest` and op will be
the immediate.
"""
assert insn_id in (cs.arm.ARM_INS_ASR, cs.arm.ARM_INS_LSL, cs.arm.ARM_INS_LSR)
if insn_id == cs.arm.ARM_INS_ASR:
if rest and rest[0].type == "immediate":
srtype = cs.arm.ARM_SFT_ASR
else:
srtype = cs.arm.ARM_SFT_ASR_REG
elif insn_id == cs.arm.ARM_INS_LSL:
if rest and rest[0].type == "immediate":
srtype = cs.arm.ARM_SFT_LSL
else:
srtype = cs.arm.ARM_SFT_LSL_REG
elif insn_id == cs.arm.ARM_INS_LSR:
if rest and rest[0].type == "immediate":
srtype = cs.arm.ARM_SFT_LSR
else:
srtype = cs.arm.ARM_SFT_LSR_REG
carry = cpu.regfile.read("APSR_C")
if rest and rest[0].type == "register":
# FIXME we should make Operand.op private (and not accessible)
src_reg = cpu.instruction.reg_name(rest[0].op.reg).upper()
amount = cpu.regfile.read(src_reg)
result, carry = cpu._shift(op.read(), srtype, amount, carry)
elif rest and rest[0].type == "immediate":
amount = rest[0].read()
result, carry = cpu._shift(op.read(), srtype, amount, carry)
elif cpu.mode == cs.CS_MODE_THUMB:
amount = op.read()
result, carry = cpu._shift(dest.read(), srtype, amount, carry)
else:
result, carry = op.read(with_carry=True)
dest.write(result)
cpu.set_flags(N=HighBit(result), Z=(result == 0), C=carry)
Example #26
| Source File: arm.py From manticore with GNU Affero General Public License v3.0 | 4 votes |
|
def read(self, nbits=None, with_carry=False):
carry = self.cpu.regfile.read("APSR_C")
if self.__type == "register":
value = self.cpu.regfile.read(self.reg)
# PC in this case has to be set to the instruction after next. PC at this point
# is already pointing to next instruction; we bump it one more.
if self.reg in ("PC", "R15"):
value += self.cpu.instruction.size
if self.is_shifted():
shift = self.op.shift
# XXX: This is unnecessary repetition.
if shift.type in range(cs.arm.ARM_SFT_ASR_REG, cs.arm.ARM_SFT_RRX_REG + 1):
if self.cpu.mode == cs.CS_MODE_THUMB:
amount = shift.value.read()
else:
src_reg = self.cpu.instruction.reg_name(shift.value).upper()
amount = self.cpu.regfile.read(src_reg)
else:
amount = shift.value
value, carry = self.cpu._shift(value, shift.type, amount, carry)
if self.op.subtracted:
value = -value
if with_carry:
return value, carry
return value
elif self.__type == "immediate":
imm = self.op.imm
if self.op.subtracted:
imm = -imm
if with_carry:
return imm, self._get_expand_imm_carry(carry)
return imm
elif self.__type == "coprocessor":
imm = self.op.imm
return imm
elif self.__type == "memory":
val = self.cpu.read_int(self.address(), nbits)
if with_carry:
return val, carry
return val
else:
raise NotImplementedError("readOperand unknown type", self.op.type)
Example #27
| Source File: gdb_tools.py From bootloader_instrumentation_suite with MIT License | 4 votes |
|
def __init__(self, controller, r, stage):
# controller.gdb_print("creating longwrite break\n")
self.emptywrite = {'start': None,
'end': None,
'pc': None}
self.writeinfo = self.emptywrite
self.breakaddr = r['breakaddr']
self.contaddr = r['contaddr']
self.writeaddr = r['writeaddr']
self.thumb = r['thumb']
r2.gets(stage.elf, "s 0x%x" % self.writeaddr)
if self.thumb:
self.emu = unicorn.Uc(unicorn.UC_ARCH_ARM, unicorn.UC_MODE_THUMB)
r2.gets(stage.elf, "ahb 16")
r2.gets(stage.elf, "e asm.bits=16")
self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_THUMB)
else:
self.emu = unicorn.Uc(unicorn.UC_ARCH_ARM, unicorn.UC_MODE_ARM)
r2.gets(stage.elf, "ahb 32")
r2.gets(stage.elf, "e asm.bits=32")
self.cs = capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
r2.get(stage.elf, "pdj 1")
self.cs.detail = True
self.info = staticanalysis.LongWriteInfo(stage.elf, r['start'],
r['end'], self.thumb)
self.inss = []
self.regs = set()
self.bytes = b""
self.dst_addrs = []
self.write_size = r['writesize']
for i in self.info.bbs:
self.inss.append(i)
bs = i["bytes"].decode("hex")
self.bytes += b"%s" % bs
ci = next(self.cs.disasm(bs, i["offset"], 1))
if i["offset"] == self.writeaddr:
self.write_ins = ci
(read, write) = ci.regs_access()
for rs in (read, write):
self.regs.update([ci.reg_name(rn).encode('ascii') for rn in rs])
self.emu.mem_map(0, 0xFFFFFFFF + 1, unicorn.UC_PROT_ALL)
self.emu.mem_write(self.inss[0]["offset"], self.bytes)
self.emu.hook_add(unicorn.UC_HOOK_MEM_WRITE, self.write_hook)
self.spec = "*(0x%x)" % r['breakaddr']
TargetBreak.__init__(self, self.spec, controller, True, stage, r=r)
