Python unicorn.UC_ARCH_X86 Examples
The following are 3
code examples of unicorn.UC_ARCH_X86().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
unicorn
, or try the search function
.
.
Example #1
| Source File: unicorn_trace.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def __init__(self):
Emulator.__init__(self, "X86",
unicorn.UC_ARCH_X86, unicorn.UC_MODE_32,
"eip",
32,
["esp", "eip", "gs", "fs", "ds"
])
# "ss", "cs", "ds", "es",
self.syscall_regnames = ["edi", "esi", "ecx", "edx",
"ebx", "eax", "ebp", "esp"]
self.stackbot = "ebp"
self.stacktop = "esp"
Example #2
| Source File: unicorn_trace.py From bootloader_instrumentation_suite with MIT License | 5 votes |
|
def __init__(self):
Emulator.__init__(self, "X86",
unicorn.UC_ARCH_X86,
unicorn.UC_MODE_64,
"rip",
64,
["rsp", "cs", "ss", "rbx", "si", "ip"])
self.syscall_regnames = ["rdi", "rsi", "rcx", "r8", "rdx",
"r9", "rbx", "rax"]
self.stackbot = "rbp"
self.stacktop = "rsp"
Example #3
| Source File: objc2_analyzer.py From flare-ida with Apache License 2.0 | 4 votes |
|
def getIvarTypeFromFunc(self, eh, va):
if va in self.ivarSetters:
return self.ivarSetters[va]
elif va in self.notIvarSetters:
return UNKNOWN
addr = va
endVa = idc.get_func_attr(va, idc.FUNCATTR_END)
if endVa - va < 0x20:
ivarVa = None
while addr <= endVa:
srcOpnd = idc.print_operand(addr, 1)
# if ivar is the src op for an instruction, assume this function will return it
if eh.arch == unicorn.UC_ARCH_ARM and "_OBJC_IVAR_$_" in srcOpnd:
oploc = idc.get_name_ea_simple(
srcOpnd[srcOpnd.find("_OBJC_IVAR_$_"):srcOpnd.find(" ")])
if oploc != idc.BADADDR:
ivarVa = oploc
break
elif eh.arch == unicorn.UC_ARCH_ARM64:
for x in idautils.XrefsFrom(addr):
if (idc.get_segm_name(x.to) == "__objc_ivar" and
idc.get_name(x.to, idc.ida_name.GN_VISIBLE)[:13] == "_OBJC_IVAR_$_"):
ivarVa = x.to
break
elif eh.arch == unicorn.UC_ARCH_X86:
if "_OBJC_IVAR_$_" in srcOpnd:
ivarVa = idc.get_operand_value(addr, 1)
break
addr = idc.next_head(addr, idc.get_inf_attr(idc.INF_MAX_EA))
if ivarVa:
for x in idautils.XrefsTo(ivarVa):
if x.frm >= self.objcConst[0] and x.frm < self.objcConst[1]:
typeStr = eh.getIDBString(
eh.derefPtr(x.frm + eh.size_pointer * 2))
self.ivarSetters[va] = typeStr[2:-1]
logging.debug("%s is an ivar getter function, returning type %s" % (
eh.hexString(va), typeStr[2:-1]))
return typeStr[2:-1]
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
else:
logging.debug(
"%s determined not to be an ivar getter function", eh.hexString(va))
self.notIvarSetters.append(va)
return UNKNOWN
# returns class or sel name from IDA name
