├── .travis.yml ├── LICENSE ├── Makefile ├── README.md ├── build └── mackextdump └── src ├── capstone ├── arm.h ├── arm64.h ├── capstone.h ├── mips.h ├── platform.h ├── ppc.h ├── sparc.h ├── systemz.h ├── x86.h └── xcore.h ├── libcapstone.a └── main.m /.travis.yml: -------------------------------------------------------------------------------- 1 | language: objective-c 2 | compiler: clang 3 | os: osx 4 | script: make 5 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 cocoahuke 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CC=clang 2 | CFLAGS=-fobjc-arc -fobjc-link-runtime -framework Foundation src/libcapstone.a 3 | 4 | build/mackextdump: 5 | mkdir -p build; 6 | $(CC) $(CFLAGS) src/*.m -o $@ 7 | 8 | .PHONY:install 9 | install:build/mackextdump 10 | mkdir -p /usr/local/bin 11 | cp build/mackextdump /usr/local/bin/mackextdump 12 | 13 | .PHONY:uninstall 14 | uninstall: 15 | rm /usr/local/bin/mackextdump 16 | 17 | .PHONY:clean 18 | clean: 19 | rm -rf build 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # machkextdump 2 | Dump Kext information from Macos. Support batch analysis. The disassembly framework used is [Capstone](http://www.capstone-engine.org/) 3 | 4 | [![Contact](https://img.shields.io/badge/contact-@cocoahuke-fbb52b.svg?style=flat)](https://twitter.com/cocoahuke) [![build](https://travis-ci.org/cocoahuke/mackextdump.svg?branch=master)](https://github.com/cocoahuke/machkextdump) [![license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/cocoahuke/machkextdump/blob/master/LICENSE) [![paypal](https://img.shields.io/badge/Donate-PayPal-039ce0.svg)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=EQDXSYW8Z23UY) 5 | 6 | ##### Dump Kext info For iOS: 7 | **32bit(arm): [ioskextdump_32](https://github.com/cocoahuke/ioskextdump_32)** 8 | **64bit(aarch64): [ioskextdump](https://github.com/cocoahuke/ioskextdump)** 9 | ##### 64bit version of iOS10: 10 | **64bit(arm): [ioskextdump_ios10](https://github.com/cocoahuke/ioskextdump_ios10)** 11 | 12 | # How to use 13 | 14 | **Download** 15 | ```bash 16 | git clone https://github.com/cocoahuke/machkextdump.git && cd machkextdump 17 | ``` 18 | **Compile and install** to /usr/local/bin/ 19 | 20 | ```bash 21 | make 22 | make install 23 | ``` 24 | **Usage** 25 | ``` 26 | Usage: mackextdump [-s ] 27 | ``` 28 | `-s` example: 29 | ``` 30 | mackextdump -s /System/Library/Extensions/IOHIDFamily.kext/Contents/MacOS/IOHIDFamily 31 | ``` 32 | or batch analysis kexts copy that from `/System/Library/Extensions` 33 | ``` 34 | mackextdump /System/Library/Extensions 35 | ``` 36 | **Save the batch analysis output as file**, so you got a file that include all kext class, methods name and vtable address, do some searching in this file may give some help to you 37 | 38 | mostly rdx are 0xffffffffffffffff, because its super class didn't defined in a same binary file, it reference from outside 39 | 40 | All addresses from output are file offset, not virtual memory address 41 | 42 | Tested on Macos 10.12.1 43 | 44 | **Example to use** 45 | 46 | ``` 47 | ... 48 | ******** 43:com.apple.AMDRadeonAccelerator ******* 49 | **/Users/huke/Desktop/mackext_copy/10_12_1_kext/AMDRadeonX3000.kext/Contents/MacOS/AMDRadeonX3000** 50 | 51 | (0x3c6d8)->OSMetaClass:OSMetaClass call 4 args list 52 | rdi:0x567488 53 | rsi:AMDR8xxGLContext 54 | rdx:0xffffffffffffffff 55 | rcx:0x1d58 56 | vtable_start: 0x236b00 57 | 58 | vtable functions: 59 | AMDR8xxGLContext_E 60 | AMDR8xxGLContext_ 61 | AMDR8xxGLContext_getMetaClass 62 | AMDR8xxGLContext_getTargetAndMethodForIndex 63 | IOAccelContext2_getOwningTask 64 | IOAccelContext2_getGPUTask 65 | IOAccelContext2_getOwningTaskPid 66 | ... 67 | ``` 68 | -------------------------------------------------------------------------------- /build/mackextdump: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cocoahuke/mackextdump/fe8dd412b19f8419c21013664cf309eb4ecd4e8f/build/mackextdump -------------------------------------------------------------------------------- /src/capstone/arm.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM_H 2 | #define CAPSTONE_ARM_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM shift type 19 | typedef enum arm_shifter { 20 | ARM_SFT_INVALID = 0, 21 | ARM_SFT_ASR, // shift with immediate const 22 | ARM_SFT_LSL, // shift with immediate const 23 | ARM_SFT_LSR, // shift with immediate const 24 | ARM_SFT_ROR, // shift with immediate const 25 | ARM_SFT_RRX, // shift with immediate const 26 | ARM_SFT_ASR_REG, // shift with register 27 | ARM_SFT_LSL_REG, // shift with register 28 | ARM_SFT_LSR_REG, // shift with register 29 | ARM_SFT_ROR_REG, // shift with register 30 | ARM_SFT_RRX_REG, // shift with register 31 | } arm_shifter; 32 | 33 | //> ARM condition code 34 | typedef enum arm_cc { 35 | ARM_CC_INVALID = 0, 36 | ARM_CC_EQ, // Equal Equal 37 | ARM_CC_NE, // Not equal Not equal, or unordered 38 | ARM_CC_HS, // Carry set >, ==, or unordered 39 | ARM_CC_LO, // Carry clear Less than 40 | ARM_CC_MI, // Minus, negative Less than 41 | ARM_CC_PL, // Plus, positive or zero >, ==, or unordered 42 | ARM_CC_VS, // Overflow Unordered 43 | ARM_CC_VC, // No overflow Not unordered 44 | ARM_CC_HI, // Unsigned higher Greater than, or unordered 45 | ARM_CC_LS, // Unsigned lower or same Less than or equal 46 | ARM_CC_GE, // Greater than or equal Greater than or equal 47 | ARM_CC_LT, // Less than Less than, or unordered 48 | ARM_CC_GT, // Greater than Greater than 49 | ARM_CC_LE, // Less than or equal <, ==, or unordered 50 | ARM_CC_AL // Always (unconditional) Always (unconditional) 51 | } arm_cc; 52 | 53 | typedef enum arm_sysreg { 54 | //> Special registers for MSR 55 | ARM_SYSREG_INVALID = 0, 56 | 57 | // SPSR* registers can be OR combined 58 | ARM_SYSREG_SPSR_C = 1, 59 | ARM_SYSREG_SPSR_X = 2, 60 | ARM_SYSREG_SPSR_S = 4, 61 | ARM_SYSREG_SPSR_F = 8, 62 | 63 | // CPSR* registers can be OR combined 64 | ARM_SYSREG_CPSR_C = 16, 65 | ARM_SYSREG_CPSR_X = 32, 66 | ARM_SYSREG_CPSR_S = 64, 67 | ARM_SYSREG_CPSR_F = 128, 68 | 69 | // independent registers 70 | ARM_SYSREG_APSR = 256, 71 | ARM_SYSREG_APSR_G, 72 | ARM_SYSREG_APSR_NZCVQ, 73 | ARM_SYSREG_APSR_NZCVQG, 74 | 75 | ARM_SYSREG_IAPSR, 76 | ARM_SYSREG_IAPSR_G, 77 | ARM_SYSREG_IAPSR_NZCVQG, 78 | 79 | ARM_SYSREG_EAPSR, 80 | ARM_SYSREG_EAPSR_G, 81 | ARM_SYSREG_EAPSR_NZCVQG, 82 | 83 | ARM_SYSREG_XPSR, 84 | ARM_SYSREG_XPSR_G, 85 | ARM_SYSREG_XPSR_NZCVQG, 86 | 87 | ARM_SYSREG_IPSR, 88 | ARM_SYSREG_EPSR, 89 | ARM_SYSREG_IEPSR, 90 | 91 | ARM_SYSREG_MSP, 92 | ARM_SYSREG_PSP, 93 | ARM_SYSREG_PRIMASK, 94 | ARM_SYSREG_BASEPRI, 95 | ARM_SYSREG_BASEPRI_MAX, 96 | ARM_SYSREG_FAULTMASK, 97 | ARM_SYSREG_CONTROL, 98 | } arm_sysreg; 99 | 100 | //> The memory barrier constants map directly to the 4-bit encoding of 101 | //> the option field for Memory Barrier operations. 102 | typedef enum arm_mem_barrier { 103 | ARM_MB_INVALID = 0, 104 | ARM_MB_RESERVED_0, 105 | ARM_MB_OSHLD, 106 | ARM_MB_OSHST, 107 | ARM_MB_OSH, 108 | ARM_MB_RESERVED_4, 109 | ARM_MB_NSHLD, 110 | ARM_MB_NSHST, 111 | ARM_MB_NSH, 112 | ARM_MB_RESERVED_8, 113 | ARM_MB_ISHLD, 114 | ARM_MB_ISHST, 115 | ARM_MB_ISH, 116 | ARM_MB_RESERVED_12, 117 | ARM_MB_LD, 118 | ARM_MB_ST, 119 | ARM_MB_SY, 120 | } arm_mem_barrier; 121 | 122 | //> Operand type for instruction's operands 123 | typedef enum arm_op_type { 124 | ARM_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 125 | ARM_OP_REG, // = CS_OP_REG (Register operand). 126 | ARM_OP_IMM, // = CS_OP_IMM (Immediate operand). 127 | ARM_OP_MEM, // = CS_OP_MEM (Memory operand). 128 | ARM_OP_FP, // = CS_OP_FP (Floating-Point operand). 129 | ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers) 130 | ARM_OP_PIMM, // P-Immediate (coprocessor registers) 131 | ARM_OP_SETEND, // operand for SETEND instruction 132 | ARM_OP_SYSREG, // MSR/MSR special register operand 133 | } arm_op_type; 134 | 135 | //> Operand type for SETEND instruction 136 | typedef enum arm_setend_type { 137 | ARM_SETEND_INVALID = 0, // Uninitialized. 138 | ARM_SETEND_BE, // BE operand. 139 | ARM_SETEND_LE, // LE operand 140 | } arm_setend_type; 141 | 142 | typedef enum arm_cpsmode_type { 143 | ARM_CPSMODE_INVALID = 0, 144 | ARM_CPSMODE_IE = 2, 145 | ARM_CPSMODE_ID = 3 146 | } arm_cpsmode_type; 147 | 148 | //> Operand type for SETEND instruction 149 | typedef enum arm_cpsflag_type { 150 | ARM_CPSFLAG_INVALID = 0, 151 | ARM_CPSFLAG_F = 1, 152 | ARM_CPSFLAG_I = 2, 153 | ARM_CPSFLAG_A = 4, 154 | ARM_CPSFLAG_NONE = 16, // no flag 155 | } arm_cpsflag_type; 156 | 157 | //> Data type for elements of vector instructions. 158 | typedef enum arm_vectordata_type { 159 | ARM_VECTORDATA_INVALID = 0, 160 | 161 | // Integer type 162 | ARM_VECTORDATA_I8, 163 | ARM_VECTORDATA_I16, 164 | ARM_VECTORDATA_I32, 165 | ARM_VECTORDATA_I64, 166 | 167 | // Signed integer type 168 | ARM_VECTORDATA_S8, 169 | ARM_VECTORDATA_S16, 170 | ARM_VECTORDATA_S32, 171 | ARM_VECTORDATA_S64, 172 | 173 | // Unsigned integer type 174 | ARM_VECTORDATA_U8, 175 | ARM_VECTORDATA_U16, 176 | ARM_VECTORDATA_U32, 177 | ARM_VECTORDATA_U64, 178 | 179 | // Data type for VMUL/VMULL 180 | ARM_VECTORDATA_P8, 181 | 182 | // Floating type 183 | ARM_VECTORDATA_F32, 184 | ARM_VECTORDATA_F64, 185 | 186 | // Convert float <-> float 187 | ARM_VECTORDATA_F16F64, // f16.f64 188 | ARM_VECTORDATA_F64F16, // f64.f16 189 | ARM_VECTORDATA_F32F16, // f32.f16 190 | ARM_VECTORDATA_F16F32, // f32.f16 191 | ARM_VECTORDATA_F64F32, // f64.f32 192 | ARM_VECTORDATA_F32F64, // f32.f64 193 | 194 | // Convert integer <-> float 195 | ARM_VECTORDATA_S32F32, // s32.f32 196 | ARM_VECTORDATA_U32F32, // u32.f32 197 | ARM_VECTORDATA_F32S32, // f32.s32 198 | ARM_VECTORDATA_F32U32, // f32.u32 199 | ARM_VECTORDATA_F64S16, // f64.s16 200 | ARM_VECTORDATA_F32S16, // f32.s16 201 | ARM_VECTORDATA_F64S32, // f64.s32 202 | ARM_VECTORDATA_S16F64, // s16.f64 203 | ARM_VECTORDATA_S16F32, // s16.f64 204 | ARM_VECTORDATA_S32F64, // s32.f64 205 | ARM_VECTORDATA_U16F64, // u16.f64 206 | ARM_VECTORDATA_U16F32, // u16.f32 207 | ARM_VECTORDATA_U32F64, // u32.f64 208 | ARM_VECTORDATA_F64U16, // f64.u16 209 | ARM_VECTORDATA_F32U16, // f32.u16 210 | ARM_VECTORDATA_F64U32, // f64.u32 211 | } arm_vectordata_type; 212 | 213 | // Instruction's operand referring to memory 214 | // This is associated with ARM_OP_MEM operand type above 215 | typedef struct arm_op_mem { 216 | unsigned int base; // base register 217 | unsigned int index; // index register 218 | int scale; // scale for index register (can be 1, or -1) 219 | int disp; // displacement/offset value 220 | } arm_op_mem; 221 | 222 | // Instruction operand 223 | typedef struct cs_arm_op { 224 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 225 | struct { 226 | arm_shifter type; 227 | unsigned int value; 228 | } shift; 229 | arm_op_type type; // operand type 230 | union { 231 | unsigned int reg; // register value for REG/SYSREG operand 232 | int32_t imm; // immediate value for C-IMM, P-IMM or IMM operand 233 | double fp; // floating point value for FP operand 234 | arm_op_mem mem; // base/index/scale/disp value for MEM operand 235 | arm_setend_type setend; // SETEND instruction's operand type 236 | }; 237 | // in some instructions, an operand can be subtracted or added to 238 | // the base register, 239 | bool subtracted; // if TRUE, this operand is subtracted. otherwise, it is added. 240 | } cs_arm_op; 241 | 242 | // Instruction structure 243 | typedef struct cs_arm { 244 | bool usermode; // User-mode registers to be loaded (for LDM/STM instructions) 245 | int vector_size; // Scalar size for vector instructions 246 | arm_vectordata_type vector_data; // Data type for elements of vector instructions 247 | arm_cpsmode_type cps_mode; // CPS mode for CPS instruction 248 | arm_cpsflag_type cps_flag; // CPS mode for CPS instruction 249 | arm_cc cc; // conditional code for this insn 250 | bool update_flags; // does this insn update flags? 251 | bool writeback; // does this insn write-back? 252 | arm_mem_barrier mem_barrier; // Option for some memory barrier instructions 253 | 254 | // Number of operands of this instruction, 255 | // or 0 when instruction has no operand. 256 | uint8_t op_count; 257 | 258 | cs_arm_op operands[36]; // operands for this instruction. 259 | } cs_arm; 260 | 261 | //> ARM registers 262 | typedef enum arm_reg { 263 | ARM_REG_INVALID = 0, 264 | ARM_REG_APSR, 265 | ARM_REG_APSR_NZCV, 266 | ARM_REG_CPSR, 267 | ARM_REG_FPEXC, 268 | ARM_REG_FPINST, 269 | ARM_REG_FPSCR, 270 | ARM_REG_FPSCR_NZCV, 271 | ARM_REG_FPSID, 272 | ARM_REG_ITSTATE, 273 | ARM_REG_LR, 274 | ARM_REG_PC, 275 | ARM_REG_SP, 276 | ARM_REG_SPSR, 277 | ARM_REG_D0, 278 | ARM_REG_D1, 279 | ARM_REG_D2, 280 | ARM_REG_D3, 281 | ARM_REG_D4, 282 | ARM_REG_D5, 283 | ARM_REG_D6, 284 | ARM_REG_D7, 285 | ARM_REG_D8, 286 | ARM_REG_D9, 287 | ARM_REG_D10, 288 | ARM_REG_D11, 289 | ARM_REG_D12, 290 | ARM_REG_D13, 291 | ARM_REG_D14, 292 | ARM_REG_D15, 293 | ARM_REG_D16, 294 | ARM_REG_D17, 295 | ARM_REG_D18, 296 | ARM_REG_D19, 297 | ARM_REG_D20, 298 | ARM_REG_D21, 299 | ARM_REG_D22, 300 | ARM_REG_D23, 301 | ARM_REG_D24, 302 | ARM_REG_D25, 303 | ARM_REG_D26, 304 | ARM_REG_D27, 305 | ARM_REG_D28, 306 | ARM_REG_D29, 307 | ARM_REG_D30, 308 | ARM_REG_D31, 309 | ARM_REG_FPINST2, 310 | ARM_REG_MVFR0, 311 | ARM_REG_MVFR1, 312 | ARM_REG_MVFR2, 313 | ARM_REG_Q0, 314 | ARM_REG_Q1, 315 | ARM_REG_Q2, 316 | ARM_REG_Q3, 317 | ARM_REG_Q4, 318 | ARM_REG_Q5, 319 | ARM_REG_Q6, 320 | ARM_REG_Q7, 321 | ARM_REG_Q8, 322 | ARM_REG_Q9, 323 | ARM_REG_Q10, 324 | ARM_REG_Q11, 325 | ARM_REG_Q12, 326 | ARM_REG_Q13, 327 | ARM_REG_Q14, 328 | ARM_REG_Q15, 329 | ARM_REG_R0, 330 | ARM_REG_R1, 331 | ARM_REG_R2, 332 | ARM_REG_R3, 333 | ARM_REG_R4, 334 | ARM_REG_R5, 335 | ARM_REG_R6, 336 | ARM_REG_R7, 337 | ARM_REG_R8, 338 | ARM_REG_R9, 339 | ARM_REG_R10, 340 | ARM_REG_R11, 341 | ARM_REG_R12, 342 | ARM_REG_S0, 343 | ARM_REG_S1, 344 | ARM_REG_S2, 345 | ARM_REG_S3, 346 | ARM_REG_S4, 347 | ARM_REG_S5, 348 | ARM_REG_S6, 349 | ARM_REG_S7, 350 | ARM_REG_S8, 351 | ARM_REG_S9, 352 | ARM_REG_S10, 353 | ARM_REG_S11, 354 | ARM_REG_S12, 355 | ARM_REG_S13, 356 | ARM_REG_S14, 357 | ARM_REG_S15, 358 | ARM_REG_S16, 359 | ARM_REG_S17, 360 | ARM_REG_S18, 361 | ARM_REG_S19, 362 | ARM_REG_S20, 363 | ARM_REG_S21, 364 | ARM_REG_S22, 365 | ARM_REG_S23, 366 | ARM_REG_S24, 367 | ARM_REG_S25, 368 | ARM_REG_S26, 369 | ARM_REG_S27, 370 | ARM_REG_S28, 371 | ARM_REG_S29, 372 | ARM_REG_S30, 373 | ARM_REG_S31, 374 | 375 | ARM_REG_ENDING, // <-- mark the end of the list or registers 376 | 377 | //> alias registers 378 | ARM_REG_R13 = ARM_REG_SP, 379 | ARM_REG_R14 = ARM_REG_LR, 380 | ARM_REG_R15 = ARM_REG_PC, 381 | 382 | ARM_REG_SB = ARM_REG_R9, 383 | ARM_REG_SL = ARM_REG_R10, 384 | ARM_REG_FP = ARM_REG_R11, 385 | ARM_REG_IP = ARM_REG_R12, 386 | } arm_reg; 387 | 388 | //> ARM instruction 389 | typedef enum arm_insn { 390 | ARM_INS_INVALID = 0, 391 | 392 | ARM_INS_ADC, 393 | ARM_INS_ADD, 394 | ARM_INS_ADR, 395 | ARM_INS_AESD, 396 | ARM_INS_AESE, 397 | ARM_INS_AESIMC, 398 | ARM_INS_AESMC, 399 | ARM_INS_AND, 400 | ARM_INS_BFC, 401 | ARM_INS_BFI, 402 | ARM_INS_BIC, 403 | ARM_INS_BKPT, 404 | ARM_INS_BL, 405 | ARM_INS_BLX, 406 | ARM_INS_BX, 407 | ARM_INS_BXJ, 408 | ARM_INS_B, 409 | ARM_INS_CDP, 410 | ARM_INS_CDP2, 411 | ARM_INS_CLREX, 412 | ARM_INS_CLZ, 413 | ARM_INS_CMN, 414 | ARM_INS_CMP, 415 | ARM_INS_CPS, 416 | ARM_INS_CRC32B, 417 | ARM_INS_CRC32CB, 418 | ARM_INS_CRC32CH, 419 | ARM_INS_CRC32CW, 420 | ARM_INS_CRC32H, 421 | ARM_INS_CRC32W, 422 | ARM_INS_DBG, 423 | ARM_INS_DMB, 424 | ARM_INS_DSB, 425 | ARM_INS_EOR, 426 | ARM_INS_VMOV, 427 | ARM_INS_FLDMDBX, 428 | ARM_INS_FLDMIAX, 429 | ARM_INS_VMRS, 430 | ARM_INS_FSTMDBX, 431 | ARM_INS_FSTMIAX, 432 | ARM_INS_HINT, 433 | ARM_INS_HLT, 434 | ARM_INS_ISB, 435 | ARM_INS_LDA, 436 | ARM_INS_LDAB, 437 | ARM_INS_LDAEX, 438 | ARM_INS_LDAEXB, 439 | ARM_INS_LDAEXD, 440 | ARM_INS_LDAEXH, 441 | ARM_INS_LDAH, 442 | ARM_INS_LDC2L, 443 | ARM_INS_LDC2, 444 | ARM_INS_LDCL, 445 | ARM_INS_LDC, 446 | ARM_INS_LDMDA, 447 | ARM_INS_LDMDB, 448 | ARM_INS_LDM, 449 | ARM_INS_LDMIB, 450 | ARM_INS_LDRBT, 451 | ARM_INS_LDRB, 452 | ARM_INS_LDRD, 453 | ARM_INS_LDREX, 454 | ARM_INS_LDREXB, 455 | ARM_INS_LDREXD, 456 | ARM_INS_LDREXH, 457 | ARM_INS_LDRH, 458 | ARM_INS_LDRHT, 459 | ARM_INS_LDRSB, 460 | ARM_INS_LDRSBT, 461 | ARM_INS_LDRSH, 462 | ARM_INS_LDRSHT, 463 | ARM_INS_LDRT, 464 | ARM_INS_LDR, 465 | ARM_INS_MCR, 466 | ARM_INS_MCR2, 467 | ARM_INS_MCRR, 468 | ARM_INS_MCRR2, 469 | ARM_INS_MLA, 470 | ARM_INS_MLS, 471 | ARM_INS_MOV, 472 | ARM_INS_MOVT, 473 | ARM_INS_MOVW, 474 | ARM_INS_MRC, 475 | ARM_INS_MRC2, 476 | ARM_INS_MRRC, 477 | ARM_INS_MRRC2, 478 | ARM_INS_MRS, 479 | ARM_INS_MSR, 480 | ARM_INS_MUL, 481 | ARM_INS_MVN, 482 | ARM_INS_ORR, 483 | ARM_INS_PKHBT, 484 | ARM_INS_PKHTB, 485 | ARM_INS_PLDW, 486 | ARM_INS_PLD, 487 | ARM_INS_PLI, 488 | ARM_INS_QADD, 489 | ARM_INS_QADD16, 490 | ARM_INS_QADD8, 491 | ARM_INS_QASX, 492 | ARM_INS_QDADD, 493 | ARM_INS_QDSUB, 494 | ARM_INS_QSAX, 495 | ARM_INS_QSUB, 496 | ARM_INS_QSUB16, 497 | ARM_INS_QSUB8, 498 | ARM_INS_RBIT, 499 | ARM_INS_REV, 500 | ARM_INS_REV16, 501 | ARM_INS_REVSH, 502 | ARM_INS_RFEDA, 503 | ARM_INS_RFEDB, 504 | ARM_INS_RFEIA, 505 | ARM_INS_RFEIB, 506 | ARM_INS_RSB, 507 | ARM_INS_RSC, 508 | ARM_INS_SADD16, 509 | ARM_INS_SADD8, 510 | ARM_INS_SASX, 511 | ARM_INS_SBC, 512 | ARM_INS_SBFX, 513 | ARM_INS_SDIV, 514 | ARM_INS_SEL, 515 | ARM_INS_SETEND, 516 | ARM_INS_SHA1C, 517 | ARM_INS_SHA1H, 518 | ARM_INS_SHA1M, 519 | ARM_INS_SHA1P, 520 | ARM_INS_SHA1SU0, 521 | ARM_INS_SHA1SU1, 522 | ARM_INS_SHA256H, 523 | ARM_INS_SHA256H2, 524 | ARM_INS_SHA256SU0, 525 | ARM_INS_SHA256SU1, 526 | ARM_INS_SHADD16, 527 | ARM_INS_SHADD8, 528 | ARM_INS_SHASX, 529 | ARM_INS_SHSAX, 530 | ARM_INS_SHSUB16, 531 | ARM_INS_SHSUB8, 532 | ARM_INS_SMC, 533 | ARM_INS_SMLABB, 534 | ARM_INS_SMLABT, 535 | ARM_INS_SMLAD, 536 | ARM_INS_SMLADX, 537 | ARM_INS_SMLAL, 538 | ARM_INS_SMLALBB, 539 | ARM_INS_SMLALBT, 540 | ARM_INS_SMLALD, 541 | ARM_INS_SMLALDX, 542 | ARM_INS_SMLALTB, 543 | ARM_INS_SMLALTT, 544 | ARM_INS_SMLATB, 545 | ARM_INS_SMLATT, 546 | ARM_INS_SMLAWB, 547 | ARM_INS_SMLAWT, 548 | ARM_INS_SMLSD, 549 | ARM_INS_SMLSDX, 550 | ARM_INS_SMLSLD, 551 | ARM_INS_SMLSLDX, 552 | ARM_INS_SMMLA, 553 | ARM_INS_SMMLAR, 554 | ARM_INS_SMMLS, 555 | ARM_INS_SMMLSR, 556 | ARM_INS_SMMUL, 557 | ARM_INS_SMMULR, 558 | ARM_INS_SMUAD, 559 | ARM_INS_SMUADX, 560 | ARM_INS_SMULBB, 561 | ARM_INS_SMULBT, 562 | ARM_INS_SMULL, 563 | ARM_INS_SMULTB, 564 | ARM_INS_SMULTT, 565 | ARM_INS_SMULWB, 566 | ARM_INS_SMULWT, 567 | ARM_INS_SMUSD, 568 | ARM_INS_SMUSDX, 569 | ARM_INS_SRSDA, 570 | ARM_INS_SRSDB, 571 | ARM_INS_SRSIA, 572 | ARM_INS_SRSIB, 573 | ARM_INS_SSAT, 574 | ARM_INS_SSAT16, 575 | ARM_INS_SSAX, 576 | ARM_INS_SSUB16, 577 | ARM_INS_SSUB8, 578 | ARM_INS_STC2L, 579 | ARM_INS_STC2, 580 | ARM_INS_STCL, 581 | ARM_INS_STC, 582 | ARM_INS_STL, 583 | ARM_INS_STLB, 584 | ARM_INS_STLEX, 585 | ARM_INS_STLEXB, 586 | ARM_INS_STLEXD, 587 | ARM_INS_STLEXH, 588 | ARM_INS_STLH, 589 | ARM_INS_STMDA, 590 | ARM_INS_STMDB, 591 | ARM_INS_STM, 592 | ARM_INS_STMIB, 593 | ARM_INS_STRBT, 594 | ARM_INS_STRB, 595 | ARM_INS_STRD, 596 | ARM_INS_STREX, 597 | ARM_INS_STREXB, 598 | ARM_INS_STREXD, 599 | ARM_INS_STREXH, 600 | ARM_INS_STRH, 601 | ARM_INS_STRHT, 602 | ARM_INS_STRT, 603 | ARM_INS_STR, 604 | ARM_INS_SUB, 605 | ARM_INS_SVC, 606 | ARM_INS_SWP, 607 | ARM_INS_SWPB, 608 | ARM_INS_SXTAB, 609 | ARM_INS_SXTAB16, 610 | ARM_INS_SXTAH, 611 | ARM_INS_SXTB, 612 | ARM_INS_SXTB16, 613 | ARM_INS_SXTH, 614 | ARM_INS_TEQ, 615 | ARM_INS_TRAP, 616 | ARM_INS_TST, 617 | ARM_INS_UADD16, 618 | ARM_INS_UADD8, 619 | ARM_INS_UASX, 620 | ARM_INS_UBFX, 621 | ARM_INS_UDF, 622 | ARM_INS_UDIV, 623 | ARM_INS_UHADD16, 624 | ARM_INS_UHADD8, 625 | ARM_INS_UHASX, 626 | ARM_INS_UHSAX, 627 | ARM_INS_UHSUB16, 628 | ARM_INS_UHSUB8, 629 | ARM_INS_UMAAL, 630 | ARM_INS_UMLAL, 631 | ARM_INS_UMULL, 632 | ARM_INS_UQADD16, 633 | ARM_INS_UQADD8, 634 | ARM_INS_UQASX, 635 | ARM_INS_UQSAX, 636 | ARM_INS_UQSUB16, 637 | ARM_INS_UQSUB8, 638 | ARM_INS_USAD8, 639 | ARM_INS_USADA8, 640 | ARM_INS_USAT, 641 | ARM_INS_USAT16, 642 | ARM_INS_USAX, 643 | ARM_INS_USUB16, 644 | ARM_INS_USUB8, 645 | ARM_INS_UXTAB, 646 | ARM_INS_UXTAB16, 647 | ARM_INS_UXTAH, 648 | ARM_INS_UXTB, 649 | ARM_INS_UXTB16, 650 | ARM_INS_UXTH, 651 | ARM_INS_VABAL, 652 | ARM_INS_VABA, 653 | ARM_INS_VABDL, 654 | ARM_INS_VABD, 655 | ARM_INS_VABS, 656 | ARM_INS_VACGE, 657 | ARM_INS_VACGT, 658 | ARM_INS_VADD, 659 | ARM_INS_VADDHN, 660 | ARM_INS_VADDL, 661 | ARM_INS_VADDW, 662 | ARM_INS_VAND, 663 | ARM_INS_VBIC, 664 | ARM_INS_VBIF, 665 | ARM_INS_VBIT, 666 | ARM_INS_VBSL, 667 | ARM_INS_VCEQ, 668 | ARM_INS_VCGE, 669 | ARM_INS_VCGT, 670 | ARM_INS_VCLE, 671 | ARM_INS_VCLS, 672 | ARM_INS_VCLT, 673 | ARM_INS_VCLZ, 674 | ARM_INS_VCMP, 675 | ARM_INS_VCMPE, 676 | ARM_INS_VCNT, 677 | ARM_INS_VCVTA, 678 | ARM_INS_VCVTB, 679 | ARM_INS_VCVT, 680 | ARM_INS_VCVTM, 681 | ARM_INS_VCVTN, 682 | ARM_INS_VCVTP, 683 | ARM_INS_VCVTT, 684 | ARM_INS_VDIV, 685 | ARM_INS_VDUP, 686 | ARM_INS_VEOR, 687 | ARM_INS_VEXT, 688 | ARM_INS_VFMA, 689 | ARM_INS_VFMS, 690 | ARM_INS_VFNMA, 691 | ARM_INS_VFNMS, 692 | ARM_INS_VHADD, 693 | ARM_INS_VHSUB, 694 | ARM_INS_VLD1, 695 | ARM_INS_VLD2, 696 | ARM_INS_VLD3, 697 | ARM_INS_VLD4, 698 | ARM_INS_VLDMDB, 699 | ARM_INS_VLDMIA, 700 | ARM_INS_VLDR, 701 | ARM_INS_VMAXNM, 702 | ARM_INS_VMAX, 703 | ARM_INS_VMINNM, 704 | ARM_INS_VMIN, 705 | ARM_INS_VMLA, 706 | ARM_INS_VMLAL, 707 | ARM_INS_VMLS, 708 | ARM_INS_VMLSL, 709 | ARM_INS_VMOVL, 710 | ARM_INS_VMOVN, 711 | ARM_INS_VMSR, 712 | ARM_INS_VMUL, 713 | ARM_INS_VMULL, 714 | ARM_INS_VMVN, 715 | ARM_INS_VNEG, 716 | ARM_INS_VNMLA, 717 | ARM_INS_VNMLS, 718 | ARM_INS_VNMUL, 719 | ARM_INS_VORN, 720 | ARM_INS_VORR, 721 | ARM_INS_VPADAL, 722 | ARM_INS_VPADDL, 723 | ARM_INS_VPADD, 724 | ARM_INS_VPMAX, 725 | ARM_INS_VPMIN, 726 | ARM_INS_VQABS, 727 | ARM_INS_VQADD, 728 | ARM_INS_VQDMLAL, 729 | ARM_INS_VQDMLSL, 730 | ARM_INS_VQDMULH, 731 | ARM_INS_VQDMULL, 732 | ARM_INS_VQMOVUN, 733 | ARM_INS_VQMOVN, 734 | ARM_INS_VQNEG, 735 | ARM_INS_VQRDMULH, 736 | ARM_INS_VQRSHL, 737 | ARM_INS_VQRSHRN, 738 | ARM_INS_VQRSHRUN, 739 | ARM_INS_VQSHL, 740 | ARM_INS_VQSHLU, 741 | ARM_INS_VQSHRN, 742 | ARM_INS_VQSHRUN, 743 | ARM_INS_VQSUB, 744 | ARM_INS_VRADDHN, 745 | ARM_INS_VRECPE, 746 | ARM_INS_VRECPS, 747 | ARM_INS_VREV16, 748 | ARM_INS_VREV32, 749 | ARM_INS_VREV64, 750 | ARM_INS_VRHADD, 751 | ARM_INS_VRINTA, 752 | ARM_INS_VRINTM, 753 | ARM_INS_VRINTN, 754 | ARM_INS_VRINTP, 755 | ARM_INS_VRINTR, 756 | ARM_INS_VRINTX, 757 | ARM_INS_VRINTZ, 758 | ARM_INS_VRSHL, 759 | ARM_INS_VRSHRN, 760 | ARM_INS_VRSHR, 761 | ARM_INS_VRSQRTE, 762 | ARM_INS_VRSQRTS, 763 | ARM_INS_VRSRA, 764 | ARM_INS_VRSUBHN, 765 | ARM_INS_VSELEQ, 766 | ARM_INS_VSELGE, 767 | ARM_INS_VSELGT, 768 | ARM_INS_VSELVS, 769 | ARM_INS_VSHLL, 770 | ARM_INS_VSHL, 771 | ARM_INS_VSHRN, 772 | ARM_INS_VSHR, 773 | ARM_INS_VSLI, 774 | ARM_INS_VSQRT, 775 | ARM_INS_VSRA, 776 | ARM_INS_VSRI, 777 | ARM_INS_VST1, 778 | ARM_INS_VST2, 779 | ARM_INS_VST3, 780 | ARM_INS_VST4, 781 | ARM_INS_VSTMDB, 782 | ARM_INS_VSTMIA, 783 | ARM_INS_VSTR, 784 | ARM_INS_VSUB, 785 | ARM_INS_VSUBHN, 786 | ARM_INS_VSUBL, 787 | ARM_INS_VSUBW, 788 | ARM_INS_VSWP, 789 | ARM_INS_VTBL, 790 | ARM_INS_VTBX, 791 | ARM_INS_VCVTR, 792 | ARM_INS_VTRN, 793 | ARM_INS_VTST, 794 | ARM_INS_VUZP, 795 | ARM_INS_VZIP, 796 | ARM_INS_ADDW, 797 | ARM_INS_ASR, 798 | ARM_INS_DCPS1, 799 | ARM_INS_DCPS2, 800 | ARM_INS_DCPS3, 801 | ARM_INS_IT, 802 | ARM_INS_LSL, 803 | ARM_INS_LSR, 804 | ARM_INS_ASRS, 805 | ARM_INS_LSRS, 806 | ARM_INS_ORN, 807 | ARM_INS_ROR, 808 | ARM_INS_RRX, 809 | ARM_INS_SUBS, 810 | ARM_INS_SUBW, 811 | ARM_INS_TBB, 812 | ARM_INS_TBH, 813 | ARM_INS_CBNZ, 814 | ARM_INS_CBZ, 815 | ARM_INS_MOVS, 816 | ARM_INS_POP, 817 | ARM_INS_PUSH, 818 | 819 | // special instructions 820 | ARM_INS_NOP, 821 | ARM_INS_YIELD, 822 | ARM_INS_WFE, 823 | ARM_INS_WFI, 824 | ARM_INS_SEV, 825 | ARM_INS_SEVL, 826 | ARM_INS_VPUSH, 827 | ARM_INS_VPOP, 828 | 829 | ARM_INS_ENDING, // <-- mark the end of the list of instructions 830 | } arm_insn; 831 | 832 | //> Group of ARM instructions 833 | typedef enum arm_insn_group { 834 | ARM_GRP_INVALID = 0, // = CS_GRP_INVALID 835 | 836 | //> Generic groups 837 | // all jump instructions (conditional+direct+indirect jumps) 838 | ARM_GRP_JUMP, // = CS_GRP_JUMP 839 | 840 | //> Architecture-specific groups 841 | ARM_GRP_CRYPTO = 128, 842 | ARM_GRP_DATABARRIER, 843 | ARM_GRP_DIVIDE, 844 | ARM_GRP_FPARMV8, 845 | ARM_GRP_MULTPRO, 846 | ARM_GRP_NEON, 847 | ARM_GRP_T2EXTRACTPACK, 848 | ARM_GRP_THUMB2DSP, 849 | ARM_GRP_TRUSTZONE, 850 | ARM_GRP_V4T, 851 | ARM_GRP_V5T, 852 | ARM_GRP_V5TE, 853 | ARM_GRP_V6, 854 | ARM_GRP_V6T2, 855 | ARM_GRP_V7, 856 | ARM_GRP_V8, 857 | ARM_GRP_VFP2, 858 | ARM_GRP_VFP3, 859 | ARM_GRP_VFP4, 860 | ARM_GRP_ARM, 861 | ARM_GRP_MCLASS, 862 | ARM_GRP_NOTMCLASS, 863 | ARM_GRP_THUMB, 864 | ARM_GRP_THUMB1ONLY, 865 | ARM_GRP_THUMB2, 866 | ARM_GRP_PREV8, 867 | ARM_GRP_FPVMLX, 868 | ARM_GRP_MULOPS, 869 | ARM_GRP_CRC, 870 | ARM_GRP_DPVFP, 871 | ARM_GRP_V6M, 872 | 873 | ARM_GRP_ENDING, 874 | } arm_insn_group; 875 | 876 | #ifdef __cplusplus 877 | } 878 | #endif 879 | 880 | #endif 881 | -------------------------------------------------------------------------------- /src/capstone/arm64.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM64_H 2 | #define CAPSTONE_ARM64_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM64 shift type 19 | typedef enum arm64_shifter { 20 | ARM64_SFT_INVALID = 0, 21 | ARM64_SFT_LSL = 1, 22 | ARM64_SFT_MSL = 2, 23 | ARM64_SFT_LSR = 3, 24 | ARM64_SFT_ASR = 4, 25 | ARM64_SFT_ROR = 5, 26 | } arm64_shifter; 27 | 28 | //> ARM64 extender type 29 | typedef enum arm64_extender { 30 | ARM64_EXT_INVALID = 0, 31 | ARM64_EXT_UXTB = 1, 32 | ARM64_EXT_UXTH = 2, 33 | ARM64_EXT_UXTW = 3, 34 | ARM64_EXT_UXTX = 4, 35 | ARM64_EXT_SXTB = 5, 36 | ARM64_EXT_SXTH = 6, 37 | ARM64_EXT_SXTW = 7, 38 | ARM64_EXT_SXTX = 8, 39 | } arm64_extender; 40 | 41 | //> ARM64 condition code 42 | typedef enum arm64_cc { 43 | ARM64_CC_INVALID = 0, 44 | ARM64_CC_EQ = 1, // Equal 45 | ARM64_CC_NE = 2, // Not equal: Not equal, or unordered 46 | ARM64_CC_HS = 3, // Unsigned higher or same: >, ==, or unordered 47 | ARM64_CC_LO = 4, // Unsigned lower or same: Less than 48 | ARM64_CC_MI = 5, // Minus, negative: Less than 49 | ARM64_CC_PL = 6, // Plus, positive or zero: >, ==, or unordered 50 | ARM64_CC_VS = 7, // Overflow: Unordered 51 | ARM64_CC_VC = 8, // No overflow: Ordered 52 | ARM64_CC_HI = 9, // Unsigned higher: Greater than, or unordered 53 | ARM64_CC_LS = 10, // Unsigned lower or same: Less than or equal 54 | ARM64_CC_GE = 11, // Greater than or equal: Greater than or equal 55 | ARM64_CC_LT = 12, // Less than: Less than, or unordered 56 | ARM64_CC_GT = 13, // Signed greater than: Greater than 57 | ARM64_CC_LE = 14, // Signed less than or equal: <, ==, or unordered 58 | ARM64_CC_AL = 15, // Always (unconditional): Always (unconditional) 59 | ARM64_CC_NV = 16, // Always (unconditional): Always (unconditional) 60 | // Note the NV exists purely to disassemble 0b1111. Execution 61 | // is "always". 62 | } arm64_cc; 63 | 64 | //> System registers 65 | typedef enum arm64_mrs_reg { 66 | //> System registers for MRS 67 | ARM64_SYSREG_INVALID = 0, 68 | ARM64_SYSREG_MDCCSR_EL0 = 0x9808, // 10 011 0000 0001 000 69 | ARM64_SYSREG_DBGDTRRX_EL0 = 0x9828, // 10 011 0000 0101 000 70 | ARM64_SYSREG_MDRAR_EL1 = 0x8080, // 10 000 0001 0000 000 71 | ARM64_SYSREG_OSLSR_EL1 = 0x808c, // 10 000 0001 0001 100 72 | ARM64_SYSREG_DBGAUTHSTATUS_EL1 = 0x83f6, // 10 000 0111 1110 110 73 | ARM64_SYSREG_PMCEID0_EL0 = 0xdce6, // 11 011 1001 1100 110 74 | ARM64_SYSREG_PMCEID1_EL0 = 0xdce7, // 11 011 1001 1100 111 75 | ARM64_SYSREG_MIDR_EL1 = 0xc000, // 11 000 0000 0000 000 76 | ARM64_SYSREG_CCSIDR_EL1 = 0xc800, // 11 001 0000 0000 000 77 | ARM64_SYSREG_CLIDR_EL1 = 0xc801, // 11 001 0000 0000 001 78 | ARM64_SYSREG_CTR_EL0 = 0xd801, // 11 011 0000 0000 001 79 | ARM64_SYSREG_MPIDR_EL1 = 0xc005, // 11 000 0000 0000 101 80 | ARM64_SYSREG_REVIDR_EL1 = 0xc006, // 11 000 0000 0000 110 81 | ARM64_SYSREG_AIDR_EL1 = 0xc807, // 11 001 0000 0000 111 82 | ARM64_SYSREG_DCZID_EL0 = 0xd807, // 11 011 0000 0000 111 83 | ARM64_SYSREG_ID_PFR0_EL1 = 0xc008, // 11 000 0000 0001 000 84 | ARM64_SYSREG_ID_PFR1_EL1 = 0xc009, // 11 000 0000 0001 001 85 | ARM64_SYSREG_ID_DFR0_EL1 = 0xc00a, // 11 000 0000 0001 010 86 | ARM64_SYSREG_ID_AFR0_EL1 = 0xc00b, // 11 000 0000 0001 011 87 | ARM64_SYSREG_ID_MMFR0_EL1 = 0xc00c, // 11 000 0000 0001 100 88 | ARM64_SYSREG_ID_MMFR1_EL1 = 0xc00d, // 11 000 0000 0001 101 89 | ARM64_SYSREG_ID_MMFR2_EL1 = 0xc00e, // 11 000 0000 0001 110 90 | ARM64_SYSREG_ID_MMFR3_EL1 = 0xc00f, // 11 000 0000 0001 111 91 | ARM64_SYSREG_ID_ISAR0_EL1 = 0xc010, // 11 000 0000 0010 000 92 | ARM64_SYSREG_ID_ISAR1_EL1 = 0xc011, // 11 000 0000 0010 001 93 | ARM64_SYSREG_ID_ISAR2_EL1 = 0xc012, // 11 000 0000 0010 010 94 | ARM64_SYSREG_ID_ISAR3_EL1 = 0xc013, // 11 000 0000 0010 011 95 | ARM64_SYSREG_ID_ISAR4_EL1 = 0xc014, // 11 000 0000 0010 100 96 | ARM64_SYSREG_ID_ISAR5_EL1 = 0xc015, // 11 000 0000 0010 101 97 | ARM64_SYSREG_ID_A64PFR0_EL1 = 0xc020, // 11 000 0000 0100 000 98 | ARM64_SYSREG_ID_A64PFR1_EL1 = 0xc021, // 11 000 0000 0100 001 99 | ARM64_SYSREG_ID_A64DFR0_EL1 = 0xc028, // 11 000 0000 0101 000 100 | ARM64_SYSREG_ID_A64DFR1_EL1 = 0xc029, // 11 000 0000 0101 001 101 | ARM64_SYSREG_ID_A64AFR0_EL1 = 0xc02c, // 11 000 0000 0101 100 102 | ARM64_SYSREG_ID_A64AFR1_EL1 = 0xc02d, // 11 000 0000 0101 101 103 | ARM64_SYSREG_ID_A64ISAR0_EL1 = 0xc030, // 11 000 0000 0110 000 104 | ARM64_SYSREG_ID_A64ISAR1_EL1 = 0xc031, // 11 000 0000 0110 001 105 | ARM64_SYSREG_ID_A64MMFR0_EL1 = 0xc038, // 11 000 0000 0111 000 106 | ARM64_SYSREG_ID_A64MMFR1_EL1 = 0xc039, // 11 000 0000 0111 001 107 | ARM64_SYSREG_MVFR0_EL1 = 0xc018, // 11 000 0000 0011 000 108 | ARM64_SYSREG_MVFR1_EL1 = 0xc019, // 11 000 0000 0011 001 109 | ARM64_SYSREG_MVFR2_EL1 = 0xc01a, // 11 000 0000 0011 010 110 | ARM64_SYSREG_RVBAR_EL1 = 0xc601, // 11 000 1100 0000 001 111 | ARM64_SYSREG_RVBAR_EL2 = 0xe601, // 11 100 1100 0000 001 112 | ARM64_SYSREG_RVBAR_EL3 = 0xf601, // 11 110 1100 0000 001 113 | ARM64_SYSREG_ISR_EL1 = 0xc608, // 11 000 1100 0001 000 114 | ARM64_SYSREG_CNTPCT_EL0 = 0xdf01, // 11 011 1110 0000 001 115 | ARM64_SYSREG_CNTVCT_EL0 = 0xdf02, // 11 011 1110 0000 010 116 | 117 | // Trace registers 118 | ARM64_SYSREG_TRCSTATR = 0x8818, // 10 001 0000 0011 000 119 | ARM64_SYSREG_TRCIDR8 = 0x8806, // 10 001 0000 0000 110 120 | ARM64_SYSREG_TRCIDR9 = 0x880e, // 10 001 0000 0001 110 121 | ARM64_SYSREG_TRCIDR10 = 0x8816, // 10 001 0000 0010 110 122 | ARM64_SYSREG_TRCIDR11 = 0x881e, // 10 001 0000 0011 110 123 | ARM64_SYSREG_TRCIDR12 = 0x8826, // 10 001 0000 0100 110 124 | ARM64_SYSREG_TRCIDR13 = 0x882e, // 10 001 0000 0101 110 125 | ARM64_SYSREG_TRCIDR0 = 0x8847, // 10 001 0000 1000 111 126 | ARM64_SYSREG_TRCIDR1 = 0x884f, // 10 001 0000 1001 111 127 | ARM64_SYSREG_TRCIDR2 = 0x8857, // 10 001 0000 1010 111 128 | ARM64_SYSREG_TRCIDR3 = 0x885f, // 10 001 0000 1011 111 129 | ARM64_SYSREG_TRCIDR4 = 0x8867, // 10 001 0000 1100 111 130 | ARM64_SYSREG_TRCIDR5 = 0x886f, // 10 001 0000 1101 111 131 | ARM64_SYSREG_TRCIDR6 = 0x8877, // 10 001 0000 1110 111 132 | ARM64_SYSREG_TRCIDR7 = 0x887f, // 10 001 0000 1111 111 133 | ARM64_SYSREG_TRCOSLSR = 0x888c, // 10 001 0001 0001 100 134 | ARM64_SYSREG_TRCPDSR = 0x88ac, // 10 001 0001 0101 100 135 | ARM64_SYSREG_TRCDEVAFF0 = 0x8bd6, // 10 001 0111 1010 110 136 | ARM64_SYSREG_TRCDEVAFF1 = 0x8bde, // 10 001 0111 1011 110 137 | ARM64_SYSREG_TRCLSR = 0x8bee, // 10 001 0111 1101 110 138 | ARM64_SYSREG_TRCAUTHSTATUS = 0x8bf6, // 10 001 0111 1110 110 139 | ARM64_SYSREG_TRCDEVARCH = 0x8bfe, // 10 001 0111 1111 110 140 | ARM64_SYSREG_TRCDEVID = 0x8b97, // 10 001 0111 0010 111 141 | ARM64_SYSREG_TRCDEVTYPE = 0x8b9f, // 10 001 0111 0011 111 142 | ARM64_SYSREG_TRCPIDR4 = 0x8ba7, // 10 001 0111 0100 111 143 | ARM64_SYSREG_TRCPIDR5 = 0x8baf, // 10 001 0111 0101 111 144 | ARM64_SYSREG_TRCPIDR6 = 0x8bb7, // 10 001 0111 0110 111 145 | ARM64_SYSREG_TRCPIDR7 = 0x8bbf, // 10 001 0111 0111 111 146 | ARM64_SYSREG_TRCPIDR0 = 0x8bc7, // 10 001 0111 1000 111 147 | ARM64_SYSREG_TRCPIDR1 = 0x8bcf, // 10 001 0111 1001 111 148 | ARM64_SYSREG_TRCPIDR2 = 0x8bd7, // 10 001 0111 1010 111 149 | ARM64_SYSREG_TRCPIDR3 = 0x8bdf, // 10 001 0111 1011 111 150 | ARM64_SYSREG_TRCCIDR0 = 0x8be7, // 10 001 0111 1100 111 151 | ARM64_SYSREG_TRCCIDR1 = 0x8bef, // 10 001 0111 1101 111 152 | ARM64_SYSREG_TRCCIDR2 = 0x8bf7, // 10 001 0111 1110 111 153 | ARM64_SYSREG_TRCCIDR3 = 0x8bff, // 10 001 0111 1111 111 154 | 155 | // GICv3 registers 156 | ARM64_SYSREG_ICC_IAR1_EL1 = 0xc660, // 11 000 1100 1100 000 157 | ARM64_SYSREG_ICC_IAR0_EL1 = 0xc640, // 11 000 1100 1000 000 158 | ARM64_SYSREG_ICC_HPPIR1_EL1 = 0xc662, // 11 000 1100 1100 010 159 | ARM64_SYSREG_ICC_HPPIR0_EL1 = 0xc642, // 11 000 1100 1000 010 160 | ARM64_SYSREG_ICC_RPR_EL1 = 0xc65b, // 11 000 1100 1011 011 161 | ARM64_SYSREG_ICH_VTR_EL2 = 0xe659, // 11 100 1100 1011 001 162 | ARM64_SYSREG_ICH_EISR_EL2 = 0xe65b, // 11 100 1100 1011 011 163 | ARM64_SYSREG_ICH_ELSR_EL2 = 0xe65d, // 11 100 1100 1011 101 164 | } arm64_sysreg; 165 | 166 | typedef enum arm64_msr_reg { 167 | //> System registers for MSR 168 | ARM64_SYSREG_DBGDTRTX_EL0 = 0x9828, // 10 011 0000 0101 000 169 | ARM64_SYSREG_OSLAR_EL1 = 0x8084, // 10 000 0001 0000 100 170 | ARM64_SYSREG_PMSWINC_EL0 = 0xdce4, // 11 011 1001 1100 100 171 | 172 | // Trace Registers 173 | ARM64_SYSREG_TRCOSLAR = 0x8884, // 10 001 0001 0000 100 174 | ARM64_SYSREG_TRCLAR = 0x8be6, // 10 001 0111 1100 110 175 | 176 | // GICv3 registers 177 | ARM64_SYSREG_ICC_EOIR1_EL1 = 0xc661, // 11 000 1100 1100 001 178 | ARM64_SYSREG_ICC_EOIR0_EL1 = 0xc641, // 11 000 1100 1000 001 179 | ARM64_SYSREG_ICC_DIR_EL1 = 0xc659, // 11 000 1100 1011 001 180 | ARM64_SYSREG_ICC_SGI1R_EL1 = 0xc65d, // 11 000 1100 1011 101 181 | ARM64_SYSREG_ICC_ASGI1R_EL1 = 0xc65e, // 11 000 1100 1011 110 182 | ARM64_SYSREG_ICC_SGI0R_EL1 = 0xc65f, // 11 000 1100 1011 111 183 | } arm64_msr_reg; 184 | 185 | //> System PState Field (MSR instruction) 186 | typedef enum arm64_pstate { 187 | ARM64_PSTATE_INVALID = 0, 188 | ARM64_PSTATE_SPSEL = 0x05, 189 | ARM64_PSTATE_DAIFSET = 0x1e, 190 | ARM64_PSTATE_DAIFCLR = 0x1f 191 | } arm64_pstate; 192 | 193 | //> Vector arrangement specifier (for FloatingPoint/Advanced SIMD insn) 194 | typedef enum arm64_vas { 195 | ARM64_VAS_INVALID = 0, 196 | ARM64_VAS_8B, 197 | ARM64_VAS_16B, 198 | ARM64_VAS_4H, 199 | ARM64_VAS_8H, 200 | ARM64_VAS_2S, 201 | ARM64_VAS_4S, 202 | ARM64_VAS_1D, 203 | ARM64_VAS_2D, 204 | ARM64_VAS_1Q, 205 | } arm64_vas; 206 | 207 | //> Vector element size specifier 208 | typedef enum arm64_vess { 209 | ARM64_VESS_INVALID = 0, 210 | ARM64_VESS_B, 211 | ARM64_VESS_H, 212 | ARM64_VESS_S, 213 | ARM64_VESS_D, 214 | } arm64_vess; 215 | 216 | //> Memory barrier operands 217 | typedef enum arm64_barrier_op { 218 | ARM64_BARRIER_INVALID = 0, 219 | ARM64_BARRIER_OSHLD = 0x1, 220 | ARM64_BARRIER_OSHST = 0x2, 221 | ARM64_BARRIER_OSH = 0x3, 222 | ARM64_BARRIER_NSHLD = 0x5, 223 | ARM64_BARRIER_NSHST = 0x6, 224 | ARM64_BARRIER_NSH = 0x7, 225 | ARM64_BARRIER_ISHLD = 0x9, 226 | ARM64_BARRIER_ISHST = 0xa, 227 | ARM64_BARRIER_ISH = 0xb, 228 | ARM64_BARRIER_LD = 0xd, 229 | ARM64_BARRIER_ST = 0xe, 230 | ARM64_BARRIER_SY = 0xf 231 | } arm64_barrier_op; 232 | 233 | //> Operand type for instruction's operands 234 | typedef enum arm64_op_type { 235 | ARM64_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 236 | ARM64_OP_REG, // = CS_OP_REG (Register operand). 237 | ARM64_OP_IMM, // = CS_OP_IMM (Immediate operand). 238 | ARM64_OP_MEM, // = CS_OP_MEM (Memory operand). 239 | ARM64_OP_FP, // = CS_OP_FP (Floating-Point operand). 240 | ARM64_OP_CIMM = 64, // C-Immediate 241 | ARM64_OP_REG_MRS, // MRS register operand. 242 | ARM64_OP_REG_MSR, // MSR register operand. 243 | ARM64_OP_PSTATE, // PState operand. 244 | ARM64_OP_SYS, // SYS operand for IC/DC/AT/TLBI instructions. 245 | ARM64_OP_PREFETCH, // Prefetch operand (PRFM). 246 | ARM64_OP_BARRIER, // Memory barrier operand (ISB/DMB/DSB instructions). 247 | } arm64_op_type; 248 | 249 | //> TLBI operations 250 | typedef enum arm64_tlbi_op { 251 | ARM64_TLBI_INVALID = 0, 252 | ARM64_TLBI_VMALLE1IS, 253 | ARM64_TLBI_VAE1IS, 254 | ARM64_TLBI_ASIDE1IS, 255 | ARM64_TLBI_VAAE1IS, 256 | ARM64_TLBI_VALE1IS, 257 | ARM64_TLBI_VAALE1IS, 258 | ARM64_TLBI_ALLE2IS, 259 | ARM64_TLBI_VAE2IS, 260 | ARM64_TLBI_ALLE1IS, 261 | ARM64_TLBI_VALE2IS, 262 | ARM64_TLBI_VMALLS12E1IS, 263 | ARM64_TLBI_ALLE3IS, 264 | ARM64_TLBI_VAE3IS, 265 | ARM64_TLBI_VALE3IS, 266 | ARM64_TLBI_IPAS2E1IS, 267 | ARM64_TLBI_IPAS2LE1IS, 268 | ARM64_TLBI_IPAS2E1, 269 | ARM64_TLBI_IPAS2LE1, 270 | ARM64_TLBI_VMALLE1, 271 | ARM64_TLBI_VAE1, 272 | ARM64_TLBI_ASIDE1, 273 | ARM64_TLBI_VAAE1, 274 | ARM64_TLBI_VALE1, 275 | ARM64_TLBI_VAALE1, 276 | ARM64_TLBI_ALLE2, 277 | ARM64_TLBI_VAE2, 278 | ARM64_TLBI_ALLE1, 279 | ARM64_TLBI_VALE2, 280 | ARM64_TLBI_VMALLS12E1, 281 | ARM64_TLBI_ALLE3, 282 | ARM64_TLBI_VAE3, 283 | ARM64_TLBI_VALE3, 284 | } arm64_tlbi_op; 285 | 286 | //> AT operations 287 | typedef enum arm64_at_op { 288 | ARM64_AT_S1E1R, 289 | ARM64_AT_S1E1W, 290 | ARM64_AT_S1E0R, 291 | ARM64_AT_S1E0W, 292 | ARM64_AT_S1E2R, 293 | ARM64_AT_S1E2W, 294 | ARM64_AT_S12E1R, 295 | ARM64_AT_S12E1W, 296 | ARM64_AT_S12E0R, 297 | ARM64_AT_S12E0W, 298 | ARM64_AT_S1E3R, 299 | ARM64_AT_S1E3W, 300 | } arm64_at_op; 301 | 302 | //> DC operations 303 | typedef enum arm64_dc_op { 304 | ARM64_DC_INVALID = 0, 305 | ARM64_DC_ZVA, 306 | ARM64_DC_IVAC, 307 | ARM64_DC_ISW, 308 | ARM64_DC_CVAC, 309 | ARM64_DC_CSW, 310 | ARM64_DC_CVAU, 311 | ARM64_DC_CIVAC, 312 | ARM64_DC_CISW, 313 | } arm64_dc_op; 314 | 315 | //> IC operations 316 | typedef enum arm64_ic_op { 317 | ARM64_IC_INVALID = 0, 318 | ARM64_IC_IALLUIS, 319 | ARM64_IC_IALLU, 320 | ARM64_IC_IVAU, 321 | } arm64_ic_op; 322 | 323 | //> Prefetch operations (PRFM) 324 | typedef enum arm64_prefetch_op { 325 | ARM64_PRFM_INVALID = 0, 326 | ARM64_PRFM_PLDL1KEEP = 0x00 + 1, 327 | ARM64_PRFM_PLDL1STRM = 0x01 + 1, 328 | ARM64_PRFM_PLDL2KEEP = 0x02 + 1, 329 | ARM64_PRFM_PLDL2STRM = 0x03 + 1, 330 | ARM64_PRFM_PLDL3KEEP = 0x04 + 1, 331 | ARM64_PRFM_PLDL3STRM = 0x05 + 1, 332 | ARM64_PRFM_PLIL1KEEP = 0x08 + 1, 333 | ARM64_PRFM_PLIL1STRM = 0x09 + 1, 334 | ARM64_PRFM_PLIL2KEEP = 0x0a + 1, 335 | ARM64_PRFM_PLIL2STRM = 0x0b + 1, 336 | ARM64_PRFM_PLIL3KEEP = 0x0c + 1, 337 | ARM64_PRFM_PLIL3STRM = 0x0d + 1, 338 | ARM64_PRFM_PSTL1KEEP = 0x10 + 1, 339 | ARM64_PRFM_PSTL1STRM = 0x11 + 1, 340 | ARM64_PRFM_PSTL2KEEP = 0x12 + 1, 341 | ARM64_PRFM_PSTL2STRM = 0x13 + 1, 342 | ARM64_PRFM_PSTL3KEEP = 0x14 + 1, 343 | ARM64_PRFM_PSTL3STRM = 0x15 + 1, 344 | } arm64_prefetch_op; 345 | 346 | // Instruction's operand referring to memory 347 | // This is associated with ARM64_OP_MEM operand type above 348 | typedef struct arm64_op_mem { 349 | unsigned int base; // base register 350 | unsigned int index; // index register 351 | int32_t disp; // displacement/offset value 352 | } arm64_op_mem; 353 | 354 | // Instruction operand 355 | typedef struct cs_arm64_op { 356 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 357 | arm64_vas vas; // Vector Arrangement Specifier 358 | arm64_vess vess; // Vector Element Size Specifier 359 | struct { 360 | arm64_shifter type; // shifter type of this operand 361 | unsigned int value; // shifter value of this operand 362 | } shift; 363 | arm64_extender ext; // extender type of this operand 364 | arm64_op_type type; // operand type 365 | union { 366 | unsigned int reg; // register value for REG operand 367 | int64_t imm; // immediate value, or index for C-IMM or IMM operand 368 | double fp; // floating point value for FP operand 369 | arm64_op_mem mem; // base/index/scale/disp value for MEM operand 370 | arm64_pstate pstate; // PState field of MSR instruction. 371 | unsigned int sys; // IC/DC/AT/TLBI operation (see arm64_ic_op, arm64_dc_op, arm64_at_op, arm64_tlbi_op) 372 | arm64_prefetch_op prefetch; // PRFM operation. 373 | arm64_barrier_op barrier; // Memory barrier operation (ISB/DMB/DSB instructions). 374 | }; 375 | } cs_arm64_op; 376 | 377 | // Instruction structure 378 | typedef struct cs_arm64 { 379 | arm64_cc cc; // conditional code for this insn 380 | bool update_flags; // does this insn update flags? 381 | bool writeback; // does this insn request writeback? 'True' means 'yes' 382 | 383 | // Number of operands of this instruction, 384 | // or 0 when instruction has no operand. 385 | uint8_t op_count; 386 | 387 | cs_arm64_op operands[8]; // operands for this instruction. 388 | } cs_arm64; 389 | 390 | //> ARM64 registers 391 | typedef enum arm64_reg { 392 | ARM64_REG_INVALID = 0, 393 | 394 | ARM64_REG_X29, 395 | ARM64_REG_X30, 396 | ARM64_REG_NZCV, 397 | ARM64_REG_SP, 398 | ARM64_REG_WSP, 399 | ARM64_REG_WZR, 400 | ARM64_REG_XZR, 401 | ARM64_REG_B0, 402 | ARM64_REG_B1, 403 | ARM64_REG_B2, 404 | ARM64_REG_B3, 405 | ARM64_REG_B4, 406 | ARM64_REG_B5, 407 | ARM64_REG_B6, 408 | ARM64_REG_B7, 409 | ARM64_REG_B8, 410 | ARM64_REG_B9, 411 | ARM64_REG_B10, 412 | ARM64_REG_B11, 413 | ARM64_REG_B12, 414 | ARM64_REG_B13, 415 | ARM64_REG_B14, 416 | ARM64_REG_B15, 417 | ARM64_REG_B16, 418 | ARM64_REG_B17, 419 | ARM64_REG_B18, 420 | ARM64_REG_B19, 421 | ARM64_REG_B20, 422 | ARM64_REG_B21, 423 | ARM64_REG_B22, 424 | ARM64_REG_B23, 425 | ARM64_REG_B24, 426 | ARM64_REG_B25, 427 | ARM64_REG_B26, 428 | ARM64_REG_B27, 429 | ARM64_REG_B28, 430 | ARM64_REG_B29, 431 | ARM64_REG_B30, 432 | ARM64_REG_B31, 433 | ARM64_REG_D0, 434 | ARM64_REG_D1, 435 | ARM64_REG_D2, 436 | ARM64_REG_D3, 437 | ARM64_REG_D4, 438 | ARM64_REG_D5, 439 | ARM64_REG_D6, 440 | ARM64_REG_D7, 441 | ARM64_REG_D8, 442 | ARM64_REG_D9, 443 | ARM64_REG_D10, 444 | ARM64_REG_D11, 445 | ARM64_REG_D12, 446 | ARM64_REG_D13, 447 | ARM64_REG_D14, 448 | ARM64_REG_D15, 449 | ARM64_REG_D16, 450 | ARM64_REG_D17, 451 | ARM64_REG_D18, 452 | ARM64_REG_D19, 453 | ARM64_REG_D20, 454 | ARM64_REG_D21, 455 | ARM64_REG_D22, 456 | ARM64_REG_D23, 457 | ARM64_REG_D24, 458 | ARM64_REG_D25, 459 | ARM64_REG_D26, 460 | ARM64_REG_D27, 461 | ARM64_REG_D28, 462 | ARM64_REG_D29, 463 | ARM64_REG_D30, 464 | ARM64_REG_D31, 465 | ARM64_REG_H0, 466 | ARM64_REG_H1, 467 | ARM64_REG_H2, 468 | ARM64_REG_H3, 469 | ARM64_REG_H4, 470 | ARM64_REG_H5, 471 | ARM64_REG_H6, 472 | ARM64_REG_H7, 473 | ARM64_REG_H8, 474 | ARM64_REG_H9, 475 | ARM64_REG_H10, 476 | ARM64_REG_H11, 477 | ARM64_REG_H12, 478 | ARM64_REG_H13, 479 | ARM64_REG_H14, 480 | ARM64_REG_H15, 481 | ARM64_REG_H16, 482 | ARM64_REG_H17, 483 | ARM64_REG_H18, 484 | ARM64_REG_H19, 485 | ARM64_REG_H20, 486 | ARM64_REG_H21, 487 | ARM64_REG_H22, 488 | ARM64_REG_H23, 489 | ARM64_REG_H24, 490 | ARM64_REG_H25, 491 | ARM64_REG_H26, 492 | ARM64_REG_H27, 493 | ARM64_REG_H28, 494 | ARM64_REG_H29, 495 | ARM64_REG_H30, 496 | ARM64_REG_H31, 497 | ARM64_REG_Q0, 498 | ARM64_REG_Q1, 499 | ARM64_REG_Q2, 500 | ARM64_REG_Q3, 501 | ARM64_REG_Q4, 502 | ARM64_REG_Q5, 503 | ARM64_REG_Q6, 504 | ARM64_REG_Q7, 505 | ARM64_REG_Q8, 506 | ARM64_REG_Q9, 507 | ARM64_REG_Q10, 508 | ARM64_REG_Q11, 509 | ARM64_REG_Q12, 510 | ARM64_REG_Q13, 511 | ARM64_REG_Q14, 512 | ARM64_REG_Q15, 513 | ARM64_REG_Q16, 514 | ARM64_REG_Q17, 515 | ARM64_REG_Q18, 516 | ARM64_REG_Q19, 517 | ARM64_REG_Q20, 518 | ARM64_REG_Q21, 519 | ARM64_REG_Q22, 520 | ARM64_REG_Q23, 521 | ARM64_REG_Q24, 522 | ARM64_REG_Q25, 523 | ARM64_REG_Q26, 524 | ARM64_REG_Q27, 525 | ARM64_REG_Q28, 526 | ARM64_REG_Q29, 527 | ARM64_REG_Q30, 528 | ARM64_REG_Q31, 529 | ARM64_REG_S0, 530 | ARM64_REG_S1, 531 | ARM64_REG_S2, 532 | ARM64_REG_S3, 533 | ARM64_REG_S4, 534 | ARM64_REG_S5, 535 | ARM64_REG_S6, 536 | ARM64_REG_S7, 537 | ARM64_REG_S8, 538 | ARM64_REG_S9, 539 | ARM64_REG_S10, 540 | ARM64_REG_S11, 541 | ARM64_REG_S12, 542 | ARM64_REG_S13, 543 | ARM64_REG_S14, 544 | ARM64_REG_S15, 545 | ARM64_REG_S16, 546 | ARM64_REG_S17, 547 | ARM64_REG_S18, 548 | ARM64_REG_S19, 549 | ARM64_REG_S20, 550 | ARM64_REG_S21, 551 | ARM64_REG_S22, 552 | ARM64_REG_S23, 553 | ARM64_REG_S24, 554 | ARM64_REG_S25, 555 | ARM64_REG_S26, 556 | ARM64_REG_S27, 557 | ARM64_REG_S28, 558 | ARM64_REG_S29, 559 | ARM64_REG_S30, 560 | ARM64_REG_S31, 561 | ARM64_REG_W0, 562 | ARM64_REG_W1, 563 | ARM64_REG_W2, 564 | ARM64_REG_W3, 565 | ARM64_REG_W4, 566 | ARM64_REG_W5, 567 | ARM64_REG_W6, 568 | ARM64_REG_W7, 569 | ARM64_REG_W8, 570 | ARM64_REG_W9, 571 | ARM64_REG_W10, 572 | ARM64_REG_W11, 573 | ARM64_REG_W12, 574 | ARM64_REG_W13, 575 | ARM64_REG_W14, 576 | ARM64_REG_W15, 577 | ARM64_REG_W16, 578 | ARM64_REG_W17, 579 | ARM64_REG_W18, 580 | ARM64_REG_W19, 581 | ARM64_REG_W20, 582 | ARM64_REG_W21, 583 | ARM64_REG_W22, 584 | ARM64_REG_W23, 585 | ARM64_REG_W24, 586 | ARM64_REG_W25, 587 | ARM64_REG_W26, 588 | ARM64_REG_W27, 589 | ARM64_REG_W28, 590 | ARM64_REG_W29, 591 | ARM64_REG_W30, 592 | ARM64_REG_X0, 593 | ARM64_REG_X1, 594 | ARM64_REG_X2, 595 | ARM64_REG_X3, 596 | ARM64_REG_X4, 597 | ARM64_REG_X5, 598 | ARM64_REG_X6, 599 | ARM64_REG_X7, 600 | ARM64_REG_X8, 601 | ARM64_REG_X9, 602 | ARM64_REG_X10, 603 | ARM64_REG_X11, 604 | ARM64_REG_X12, 605 | ARM64_REG_X13, 606 | ARM64_REG_X14, 607 | ARM64_REG_X15, 608 | ARM64_REG_X16, 609 | ARM64_REG_X17, 610 | ARM64_REG_X18, 611 | ARM64_REG_X19, 612 | ARM64_REG_X20, 613 | ARM64_REG_X21, 614 | ARM64_REG_X22, 615 | ARM64_REG_X23, 616 | ARM64_REG_X24, 617 | ARM64_REG_X25, 618 | ARM64_REG_X26, 619 | ARM64_REG_X27, 620 | ARM64_REG_X28, 621 | 622 | ARM64_REG_V0, 623 | ARM64_REG_V1, 624 | ARM64_REG_V2, 625 | ARM64_REG_V3, 626 | ARM64_REG_V4, 627 | ARM64_REG_V5, 628 | ARM64_REG_V6, 629 | ARM64_REG_V7, 630 | ARM64_REG_V8, 631 | ARM64_REG_V9, 632 | ARM64_REG_V10, 633 | ARM64_REG_V11, 634 | ARM64_REG_V12, 635 | ARM64_REG_V13, 636 | ARM64_REG_V14, 637 | ARM64_REG_V15, 638 | ARM64_REG_V16, 639 | ARM64_REG_V17, 640 | ARM64_REG_V18, 641 | ARM64_REG_V19, 642 | ARM64_REG_V20, 643 | ARM64_REG_V21, 644 | ARM64_REG_V22, 645 | ARM64_REG_V23, 646 | ARM64_REG_V24, 647 | ARM64_REG_V25, 648 | ARM64_REG_V26, 649 | ARM64_REG_V27, 650 | ARM64_REG_V28, 651 | ARM64_REG_V29, 652 | ARM64_REG_V30, 653 | ARM64_REG_V31, 654 | 655 | ARM64_REG_ENDING, // <-- mark the end of the list of registers 656 | 657 | //> alias registers 658 | 659 | ARM64_REG_IP1 = ARM64_REG_X16, 660 | ARM64_REG_IP0 = ARM64_REG_X17, 661 | ARM64_REG_FP = ARM64_REG_X29, 662 | ARM64_REG_LR = ARM64_REG_X30, 663 | } arm64_reg; 664 | 665 | //> ARM64 instruction 666 | typedef enum arm64_insn { 667 | ARM64_INS_INVALID = 0, 668 | 669 | ARM64_INS_ABS, 670 | ARM64_INS_ADC, 671 | ARM64_INS_ADDHN, 672 | ARM64_INS_ADDHN2, 673 | ARM64_INS_ADDP, 674 | ARM64_INS_ADD, 675 | ARM64_INS_ADDV, 676 | ARM64_INS_ADR, 677 | ARM64_INS_ADRP, 678 | ARM64_INS_AESD, 679 | ARM64_INS_AESE, 680 | ARM64_INS_AESIMC, 681 | ARM64_INS_AESMC, 682 | ARM64_INS_AND, 683 | ARM64_INS_ASR, 684 | ARM64_INS_B, 685 | ARM64_INS_BFM, 686 | ARM64_INS_BIC, 687 | ARM64_INS_BIF, 688 | ARM64_INS_BIT, 689 | ARM64_INS_BL, 690 | ARM64_INS_BLR, 691 | ARM64_INS_BR, 692 | ARM64_INS_BRK, 693 | ARM64_INS_BSL, 694 | ARM64_INS_CBNZ, 695 | ARM64_INS_CBZ, 696 | ARM64_INS_CCMN, 697 | ARM64_INS_CCMP, 698 | ARM64_INS_CLREX, 699 | ARM64_INS_CLS, 700 | ARM64_INS_CLZ, 701 | ARM64_INS_CMEQ, 702 | ARM64_INS_CMGE, 703 | ARM64_INS_CMGT, 704 | ARM64_INS_CMHI, 705 | ARM64_INS_CMHS, 706 | ARM64_INS_CMLE, 707 | ARM64_INS_CMLT, 708 | ARM64_INS_CMTST, 709 | ARM64_INS_CNT, 710 | ARM64_INS_MOV, 711 | ARM64_INS_CRC32B, 712 | ARM64_INS_CRC32CB, 713 | ARM64_INS_CRC32CH, 714 | ARM64_INS_CRC32CW, 715 | ARM64_INS_CRC32CX, 716 | ARM64_INS_CRC32H, 717 | ARM64_INS_CRC32W, 718 | ARM64_INS_CRC32X, 719 | ARM64_INS_CSEL, 720 | ARM64_INS_CSINC, 721 | ARM64_INS_CSINV, 722 | ARM64_INS_CSNEG, 723 | ARM64_INS_DCPS1, 724 | ARM64_INS_DCPS2, 725 | ARM64_INS_DCPS3, 726 | ARM64_INS_DMB, 727 | ARM64_INS_DRPS, 728 | ARM64_INS_DSB, 729 | ARM64_INS_DUP, 730 | ARM64_INS_EON, 731 | ARM64_INS_EOR, 732 | ARM64_INS_ERET, 733 | ARM64_INS_EXTR, 734 | ARM64_INS_EXT, 735 | ARM64_INS_FABD, 736 | ARM64_INS_FABS, 737 | ARM64_INS_FACGE, 738 | ARM64_INS_FACGT, 739 | ARM64_INS_FADD, 740 | ARM64_INS_FADDP, 741 | ARM64_INS_FCCMP, 742 | ARM64_INS_FCCMPE, 743 | ARM64_INS_FCMEQ, 744 | ARM64_INS_FCMGE, 745 | ARM64_INS_FCMGT, 746 | ARM64_INS_FCMLE, 747 | ARM64_INS_FCMLT, 748 | ARM64_INS_FCMP, 749 | ARM64_INS_FCMPE, 750 | ARM64_INS_FCSEL, 751 | ARM64_INS_FCVTAS, 752 | ARM64_INS_FCVTAU, 753 | ARM64_INS_FCVT, 754 | ARM64_INS_FCVTL, 755 | ARM64_INS_FCVTL2, 756 | ARM64_INS_FCVTMS, 757 | ARM64_INS_FCVTMU, 758 | ARM64_INS_FCVTNS, 759 | ARM64_INS_FCVTNU, 760 | ARM64_INS_FCVTN, 761 | ARM64_INS_FCVTN2, 762 | ARM64_INS_FCVTPS, 763 | ARM64_INS_FCVTPU, 764 | ARM64_INS_FCVTXN, 765 | ARM64_INS_FCVTXN2, 766 | ARM64_INS_FCVTZS, 767 | ARM64_INS_FCVTZU, 768 | ARM64_INS_FDIV, 769 | ARM64_INS_FMADD, 770 | ARM64_INS_FMAX, 771 | ARM64_INS_FMAXNM, 772 | ARM64_INS_FMAXNMP, 773 | ARM64_INS_FMAXNMV, 774 | ARM64_INS_FMAXP, 775 | ARM64_INS_FMAXV, 776 | ARM64_INS_FMIN, 777 | ARM64_INS_FMINNM, 778 | ARM64_INS_FMINNMP, 779 | ARM64_INS_FMINNMV, 780 | ARM64_INS_FMINP, 781 | ARM64_INS_FMINV, 782 | ARM64_INS_FMLA, 783 | ARM64_INS_FMLS, 784 | ARM64_INS_FMOV, 785 | ARM64_INS_FMSUB, 786 | ARM64_INS_FMUL, 787 | ARM64_INS_FMULX, 788 | ARM64_INS_FNEG, 789 | ARM64_INS_FNMADD, 790 | ARM64_INS_FNMSUB, 791 | ARM64_INS_FNMUL, 792 | ARM64_INS_FRECPE, 793 | ARM64_INS_FRECPS, 794 | ARM64_INS_FRECPX, 795 | ARM64_INS_FRINTA, 796 | ARM64_INS_FRINTI, 797 | ARM64_INS_FRINTM, 798 | ARM64_INS_FRINTN, 799 | ARM64_INS_FRINTP, 800 | ARM64_INS_FRINTX, 801 | ARM64_INS_FRINTZ, 802 | ARM64_INS_FRSQRTE, 803 | ARM64_INS_FRSQRTS, 804 | ARM64_INS_FSQRT, 805 | ARM64_INS_FSUB, 806 | ARM64_INS_HINT, 807 | ARM64_INS_HLT, 808 | ARM64_INS_HVC, 809 | ARM64_INS_INS, 810 | 811 | ARM64_INS_ISB, 812 | ARM64_INS_LD1, 813 | ARM64_INS_LD1R, 814 | ARM64_INS_LD2R, 815 | ARM64_INS_LD2, 816 | ARM64_INS_LD3R, 817 | ARM64_INS_LD3, 818 | ARM64_INS_LD4, 819 | ARM64_INS_LD4R, 820 | 821 | ARM64_INS_LDARB, 822 | ARM64_INS_LDARH, 823 | ARM64_INS_LDAR, 824 | ARM64_INS_LDAXP, 825 | ARM64_INS_LDAXRB, 826 | ARM64_INS_LDAXRH, 827 | ARM64_INS_LDAXR, 828 | ARM64_INS_LDNP, 829 | ARM64_INS_LDP, 830 | ARM64_INS_LDPSW, 831 | ARM64_INS_LDRB, 832 | ARM64_INS_LDR, 833 | ARM64_INS_LDRH, 834 | ARM64_INS_LDRSB, 835 | ARM64_INS_LDRSH, 836 | ARM64_INS_LDRSW, 837 | ARM64_INS_LDTRB, 838 | ARM64_INS_LDTRH, 839 | ARM64_INS_LDTRSB, 840 | 841 | ARM64_INS_LDTRSH, 842 | ARM64_INS_LDTRSW, 843 | ARM64_INS_LDTR, 844 | ARM64_INS_LDURB, 845 | ARM64_INS_LDUR, 846 | ARM64_INS_LDURH, 847 | ARM64_INS_LDURSB, 848 | ARM64_INS_LDURSH, 849 | ARM64_INS_LDURSW, 850 | ARM64_INS_LDXP, 851 | ARM64_INS_LDXRB, 852 | ARM64_INS_LDXRH, 853 | ARM64_INS_LDXR, 854 | ARM64_INS_LSL, 855 | ARM64_INS_LSR, 856 | ARM64_INS_MADD, 857 | ARM64_INS_MLA, 858 | ARM64_INS_MLS, 859 | ARM64_INS_MOVI, 860 | ARM64_INS_MOVK, 861 | ARM64_INS_MOVN, 862 | ARM64_INS_MOVZ, 863 | ARM64_INS_MRS, 864 | ARM64_INS_MSR, 865 | ARM64_INS_MSUB, 866 | ARM64_INS_MUL, 867 | ARM64_INS_MVNI, 868 | ARM64_INS_NEG, 869 | ARM64_INS_NOT, 870 | ARM64_INS_ORN, 871 | ARM64_INS_ORR, 872 | ARM64_INS_PMULL2, 873 | ARM64_INS_PMULL, 874 | ARM64_INS_PMUL, 875 | ARM64_INS_PRFM, 876 | ARM64_INS_PRFUM, 877 | ARM64_INS_RADDHN, 878 | ARM64_INS_RADDHN2, 879 | ARM64_INS_RBIT, 880 | ARM64_INS_RET, 881 | ARM64_INS_REV16, 882 | ARM64_INS_REV32, 883 | ARM64_INS_REV64, 884 | ARM64_INS_REV, 885 | ARM64_INS_ROR, 886 | ARM64_INS_RSHRN2, 887 | ARM64_INS_RSHRN, 888 | ARM64_INS_RSUBHN, 889 | ARM64_INS_RSUBHN2, 890 | ARM64_INS_SABAL2, 891 | ARM64_INS_SABAL, 892 | 893 | ARM64_INS_SABA, 894 | ARM64_INS_SABDL2, 895 | ARM64_INS_SABDL, 896 | ARM64_INS_SABD, 897 | ARM64_INS_SADALP, 898 | ARM64_INS_SADDLP, 899 | ARM64_INS_SADDLV, 900 | ARM64_INS_SADDL2, 901 | ARM64_INS_SADDL, 902 | ARM64_INS_SADDW2, 903 | ARM64_INS_SADDW, 904 | ARM64_INS_SBC, 905 | ARM64_INS_SBFM, 906 | ARM64_INS_SCVTF, 907 | ARM64_INS_SDIV, 908 | ARM64_INS_SHA1C, 909 | ARM64_INS_SHA1H, 910 | ARM64_INS_SHA1M, 911 | ARM64_INS_SHA1P, 912 | ARM64_INS_SHA1SU0, 913 | ARM64_INS_SHA1SU1, 914 | ARM64_INS_SHA256H2, 915 | ARM64_INS_SHA256H, 916 | ARM64_INS_SHA256SU0, 917 | ARM64_INS_SHA256SU1, 918 | ARM64_INS_SHADD, 919 | ARM64_INS_SHLL2, 920 | ARM64_INS_SHLL, 921 | ARM64_INS_SHL, 922 | ARM64_INS_SHRN2, 923 | ARM64_INS_SHRN, 924 | ARM64_INS_SHSUB, 925 | ARM64_INS_SLI, 926 | ARM64_INS_SMADDL, 927 | ARM64_INS_SMAXP, 928 | ARM64_INS_SMAXV, 929 | ARM64_INS_SMAX, 930 | ARM64_INS_SMC, 931 | ARM64_INS_SMINP, 932 | ARM64_INS_SMINV, 933 | ARM64_INS_SMIN, 934 | ARM64_INS_SMLAL2, 935 | ARM64_INS_SMLAL, 936 | ARM64_INS_SMLSL2, 937 | ARM64_INS_SMLSL, 938 | ARM64_INS_SMOV, 939 | ARM64_INS_SMSUBL, 940 | ARM64_INS_SMULH, 941 | ARM64_INS_SMULL2, 942 | ARM64_INS_SMULL, 943 | ARM64_INS_SQABS, 944 | ARM64_INS_SQADD, 945 | ARM64_INS_SQDMLAL, 946 | ARM64_INS_SQDMLAL2, 947 | ARM64_INS_SQDMLSL, 948 | ARM64_INS_SQDMLSL2, 949 | ARM64_INS_SQDMULH, 950 | ARM64_INS_SQDMULL, 951 | ARM64_INS_SQDMULL2, 952 | ARM64_INS_SQNEG, 953 | ARM64_INS_SQRDMULH, 954 | ARM64_INS_SQRSHL, 955 | ARM64_INS_SQRSHRN, 956 | ARM64_INS_SQRSHRN2, 957 | ARM64_INS_SQRSHRUN, 958 | ARM64_INS_SQRSHRUN2, 959 | ARM64_INS_SQSHLU, 960 | ARM64_INS_SQSHL, 961 | ARM64_INS_SQSHRN, 962 | ARM64_INS_SQSHRN2, 963 | ARM64_INS_SQSHRUN, 964 | ARM64_INS_SQSHRUN2, 965 | ARM64_INS_SQSUB, 966 | ARM64_INS_SQXTN2, 967 | ARM64_INS_SQXTN, 968 | ARM64_INS_SQXTUN2, 969 | ARM64_INS_SQXTUN, 970 | ARM64_INS_SRHADD, 971 | ARM64_INS_SRI, 972 | ARM64_INS_SRSHL, 973 | ARM64_INS_SRSHR, 974 | ARM64_INS_SRSRA, 975 | ARM64_INS_SSHLL2, 976 | ARM64_INS_SSHLL, 977 | ARM64_INS_SSHL, 978 | ARM64_INS_SSHR, 979 | ARM64_INS_SSRA, 980 | ARM64_INS_SSUBL2, 981 | ARM64_INS_SSUBL, 982 | ARM64_INS_SSUBW2, 983 | ARM64_INS_SSUBW, 984 | ARM64_INS_ST1, 985 | ARM64_INS_ST2, 986 | ARM64_INS_ST3, 987 | ARM64_INS_ST4, 988 | ARM64_INS_STLRB, 989 | ARM64_INS_STLRH, 990 | ARM64_INS_STLR, 991 | ARM64_INS_STLXP, 992 | ARM64_INS_STLXRB, 993 | ARM64_INS_STLXRH, 994 | ARM64_INS_STLXR, 995 | ARM64_INS_STNP, 996 | ARM64_INS_STP, 997 | ARM64_INS_STRB, 998 | ARM64_INS_STR, 999 | ARM64_INS_STRH, 1000 | ARM64_INS_STTRB, 1001 | ARM64_INS_STTRH, 1002 | ARM64_INS_STTR, 1003 | ARM64_INS_STURB, 1004 | ARM64_INS_STUR, 1005 | ARM64_INS_STURH, 1006 | ARM64_INS_STXP, 1007 | ARM64_INS_STXRB, 1008 | ARM64_INS_STXRH, 1009 | ARM64_INS_STXR, 1010 | ARM64_INS_SUBHN, 1011 | ARM64_INS_SUBHN2, 1012 | ARM64_INS_SUB, 1013 | ARM64_INS_SUQADD, 1014 | ARM64_INS_SVC, 1015 | ARM64_INS_SYSL, 1016 | ARM64_INS_SYS, 1017 | ARM64_INS_TBL, 1018 | ARM64_INS_TBNZ, 1019 | ARM64_INS_TBX, 1020 | ARM64_INS_TBZ, 1021 | ARM64_INS_TRN1, 1022 | ARM64_INS_TRN2, 1023 | ARM64_INS_UABAL2, 1024 | ARM64_INS_UABAL, 1025 | ARM64_INS_UABA, 1026 | ARM64_INS_UABDL2, 1027 | ARM64_INS_UABDL, 1028 | ARM64_INS_UABD, 1029 | ARM64_INS_UADALP, 1030 | ARM64_INS_UADDLP, 1031 | ARM64_INS_UADDLV, 1032 | ARM64_INS_UADDL2, 1033 | ARM64_INS_UADDL, 1034 | ARM64_INS_UADDW2, 1035 | ARM64_INS_UADDW, 1036 | ARM64_INS_UBFM, 1037 | ARM64_INS_UCVTF, 1038 | ARM64_INS_UDIV, 1039 | ARM64_INS_UHADD, 1040 | ARM64_INS_UHSUB, 1041 | ARM64_INS_UMADDL, 1042 | ARM64_INS_UMAXP, 1043 | ARM64_INS_UMAXV, 1044 | ARM64_INS_UMAX, 1045 | ARM64_INS_UMINP, 1046 | ARM64_INS_UMINV, 1047 | ARM64_INS_UMIN, 1048 | ARM64_INS_UMLAL2, 1049 | ARM64_INS_UMLAL, 1050 | ARM64_INS_UMLSL2, 1051 | ARM64_INS_UMLSL, 1052 | ARM64_INS_UMOV, 1053 | ARM64_INS_UMSUBL, 1054 | ARM64_INS_UMULH, 1055 | ARM64_INS_UMULL2, 1056 | ARM64_INS_UMULL, 1057 | ARM64_INS_UQADD, 1058 | ARM64_INS_UQRSHL, 1059 | ARM64_INS_UQRSHRN, 1060 | ARM64_INS_UQRSHRN2, 1061 | ARM64_INS_UQSHL, 1062 | ARM64_INS_UQSHRN, 1063 | ARM64_INS_UQSHRN2, 1064 | ARM64_INS_UQSUB, 1065 | ARM64_INS_UQXTN2, 1066 | ARM64_INS_UQXTN, 1067 | ARM64_INS_URECPE, 1068 | ARM64_INS_URHADD, 1069 | ARM64_INS_URSHL, 1070 | ARM64_INS_URSHR, 1071 | ARM64_INS_URSQRTE, 1072 | ARM64_INS_URSRA, 1073 | ARM64_INS_USHLL2, 1074 | ARM64_INS_USHLL, 1075 | ARM64_INS_USHL, 1076 | ARM64_INS_USHR, 1077 | ARM64_INS_USQADD, 1078 | ARM64_INS_USRA, 1079 | ARM64_INS_USUBL2, 1080 | ARM64_INS_USUBL, 1081 | ARM64_INS_USUBW2, 1082 | ARM64_INS_USUBW, 1083 | ARM64_INS_UZP1, 1084 | ARM64_INS_UZP2, 1085 | ARM64_INS_XTN2, 1086 | ARM64_INS_XTN, 1087 | ARM64_INS_ZIP1, 1088 | ARM64_INS_ZIP2, 1089 | 1090 | // alias insn 1091 | ARM64_INS_MNEG, 1092 | ARM64_INS_UMNEGL, 1093 | ARM64_INS_SMNEGL, 1094 | ARM64_INS_NOP, 1095 | ARM64_INS_YIELD, 1096 | ARM64_INS_WFE, 1097 | ARM64_INS_WFI, 1098 | ARM64_INS_SEV, 1099 | ARM64_INS_SEVL, 1100 | ARM64_INS_NGC, 1101 | ARM64_INS_SBFIZ, 1102 | ARM64_INS_UBFIZ, 1103 | ARM64_INS_SBFX, 1104 | ARM64_INS_UBFX, 1105 | ARM64_INS_BFI, 1106 | ARM64_INS_BFXIL, 1107 | ARM64_INS_CMN, 1108 | ARM64_INS_MVN, 1109 | ARM64_INS_TST, 1110 | ARM64_INS_CSET, 1111 | ARM64_INS_CINC, 1112 | ARM64_INS_CSETM, 1113 | ARM64_INS_CINV, 1114 | ARM64_INS_CNEG, 1115 | ARM64_INS_SXTB, 1116 | ARM64_INS_SXTH, 1117 | ARM64_INS_SXTW, 1118 | ARM64_INS_CMP, 1119 | ARM64_INS_UXTB, 1120 | ARM64_INS_UXTH, 1121 | ARM64_INS_UXTW, 1122 | ARM64_INS_IC, 1123 | ARM64_INS_DC, 1124 | ARM64_INS_AT, 1125 | ARM64_INS_TLBI, 1126 | 1127 | ARM64_INS_ENDING, // <-- mark the end of the list of insn 1128 | } arm64_insn; 1129 | 1130 | //> Group of ARM64 instructions 1131 | typedef enum arm64_insn_group { 1132 | ARM64_GRP_INVALID = 0, // = CS_GRP_INVALID 1133 | 1134 | //> Generic groups 1135 | // all jump instructions (conditional+direct+indirect jumps) 1136 | ARM64_GRP_JUMP, // = CS_GRP_JUMP 1137 | 1138 | //> Architecture-specific groups 1139 | ARM64_GRP_CRYPTO = 128, 1140 | ARM64_GRP_FPARMV8, 1141 | ARM64_GRP_NEON, 1142 | ARM64_GRP_CRC, 1143 | 1144 | ARM64_GRP_ENDING, // <-- mark the end of the list of groups 1145 | } arm64_insn_group; 1146 | 1147 | #ifdef __cplusplus 1148 | } 1149 | #endif 1150 | 1151 | #endif 1152 | -------------------------------------------------------------------------------- /src/capstone/capstone.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ENGINE_H 2 | #define CAPSTONE_ENGINE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include 13 | #if defined(CAPSTONE_HAS_OSXKERNEL) 14 | #include 15 | #else 16 | #include 17 | #include 18 | #endif 19 | 20 | #include "platform.h" 21 | 22 | #ifdef _MSC_VER 23 | #pragma warning(disable:4201) 24 | #pragma warning(disable:4100) 25 | #ifdef CAPSTONE_SHARED 26 | #define CAPSTONE_EXPORT __declspec(dllexport) 27 | #else // defined(CAPSTONE_STATIC) 28 | #define CAPSTONE_EXPORT 29 | #endif 30 | #else 31 | #ifdef __GNUC__ 32 | #define CAPSTONE_EXPORT __attribute__((visibility("default"))) 33 | #else 34 | #define CAPSTONE_EXPORT 35 | #endif 36 | #endif 37 | 38 | #ifdef __GNUC__ 39 | #define CAPSTONE_DEPRECATED __attribute__((deprecated)) 40 | #elif defined(_MSC_VER) 41 | #define CAPSTONE_DEPRECATED __declspec(deprecated) 42 | #else 43 | #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") 44 | #define CAPSTONE_DEPRECATED 45 | #endif 46 | 47 | // Capstone API version 48 | #define CS_API_MAJOR 3 49 | #define CS_API_MINOR 0 50 | 51 | // Macro to create combined version which can be compared to 52 | // result of cs_version() API. 53 | #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) 54 | 55 | // Handle using with all API 56 | typedef size_t csh; 57 | 58 | // Architecture type 59 | typedef enum cs_arch { 60 | CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) 61 | CS_ARCH_ARM64, // ARM-64, also called AArch64 62 | CS_ARCH_MIPS, // Mips architecture 63 | CS_ARCH_X86, // X86 architecture (including x86 & x86-64) 64 | CS_ARCH_PPC, // PowerPC architecture 65 | CS_ARCH_SPARC, // Sparc architecture 66 | CS_ARCH_SYSZ, // SystemZ architecture 67 | CS_ARCH_XCORE, // XCore architecture 68 | CS_ARCH_MAX, 69 | CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() 70 | } cs_arch; 71 | 72 | // Support value to verify diet mode of the engine. 73 | // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled 74 | // in diet mode. 75 | #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) 76 | 77 | // Support value to verify X86 reduce mode of the engine. 78 | // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled 79 | // in X86 reduce mode. 80 | #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) 81 | 82 | // Mode type 83 | typedef enum cs_mode { 84 | CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) 85 | CS_MODE_ARM = 0, // 32-bit ARM 86 | CS_MODE_16 = 1 << 1, // 16-bit mode (X86) 87 | CS_MODE_32 = 1 << 2, // 32-bit mode (X86) 88 | CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) 89 | CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 90 | CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series 91 | CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM 92 | CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) 93 | CS_MODE_MIPS3 = 1 << 5, // Mips III ISA 94 | CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA 95 | CS_MODE_MIPSGP64 = 1 << 7, // General Purpose Registers are 64-bit wide (MIPS) 96 | CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) 97 | CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode 98 | CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) 99 | CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) 100 | } cs_mode; 101 | 102 | typedef void* (*cs_malloc_t)(size_t size); 103 | typedef void* (*cs_calloc_t)(size_t nmemb, size_t size); 104 | typedef void* (*cs_realloc_t)(void *ptr, size_t size); 105 | typedef void (*cs_free_t)(void *ptr); 106 | typedef int (*cs_vsnprintf_t)(char *str, size_t size, const char *format, va_list ap); 107 | 108 | 109 | // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() 110 | // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). 111 | typedef struct cs_opt_mem { 112 | cs_malloc_t malloc; 113 | cs_calloc_t calloc; 114 | cs_realloc_t realloc; 115 | cs_free_t free; 116 | cs_vsnprintf_t vsnprintf; 117 | } cs_opt_mem; 118 | 119 | // Runtime option for the disassembled engine 120 | typedef enum cs_opt_type { 121 | CS_OPT_SYNTAX = 1, // Assembly output syntax 122 | CS_OPT_DETAIL, // Break down instruction structure into details 123 | CS_OPT_MODE, // Change engine's mode at run-time 124 | CS_OPT_MEM, // User-defined dynamic memory related functions 125 | CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. 126 | CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option 127 | } cs_opt_type; 128 | 129 | // Runtime option value (associated with option type above) 130 | typedef enum cs_opt_value { 131 | CS_OPT_OFF = 0, // Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. 132 | CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 133 | CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). 134 | CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 135 | CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). 136 | CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) 137 | } cs_opt_value; 138 | 139 | //> Common instruction operand types - to be consistent across all architectures. 140 | typedef enum cs_op_type { 141 | CS_OP_INVALID = 0, // uninitialized/invalid operand. 142 | CS_OP_REG, // Register operand. 143 | CS_OP_IMM, // Immediate operand. 144 | CS_OP_MEM, // Memory operand. 145 | CS_OP_FP, // Floating-Point operand. 146 | } cs_op_type; 147 | 148 | //> Common instruction groups - to be consistent across all architectures. 149 | typedef enum cs_group_type { 150 | CS_GRP_INVALID = 0, // uninitialized/invalid group. 151 | CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) 152 | CS_GRP_CALL, // all call instructions 153 | CS_GRP_RET, // all return instructions 154 | CS_GRP_INT, // all interrupt instructions (int+syscall) 155 | CS_GRP_IRET, // all interrupt return instructions 156 | } cs_group_type; 157 | 158 | /* 159 | User-defined callback function for SKIPDATA option. 160 | See tests/test_skipdata.c for sample code demonstrating this API. 161 | 162 | @code: the input buffer containing code to be disassembled. 163 | This is the same buffer passed to cs_disasm(). 164 | @code_size: size (in bytes) of the above @code buffer. 165 | @offset: the position of the currently-examining byte in the input 166 | buffer @code mentioned above. 167 | @user_data: user-data passed to cs_option() via @user_data field in 168 | cs_opt_skipdata struct below. 169 | 170 | @return: return number of bytes to skip, or 0 to immediately stop disassembling. 171 | */ 172 | typedef size_t (*cs_skipdata_cb_t)(const uint8_t *code, size_t code_size, size_t offset, void *user_data); 173 | 174 | // User-customized setup for SKIPDATA option 175 | typedef struct cs_opt_skipdata { 176 | // Capstone considers data to skip as special "instructions". 177 | // User can specify the string for this instruction's "mnemonic" here. 178 | // By default (if @mnemonic is NULL), Capstone use ".byte". 179 | const char *mnemonic; 180 | 181 | // User-defined callback function to be called when Capstone hits data. 182 | // If the returned value from this callback is positive (>0), Capstone 183 | // will skip exactly that number of bytes & continue. Otherwise, if 184 | // the callback returns 0, Capstone stops disassembling and returns 185 | // immediately from cs_disasm() 186 | // NOTE: if this callback pointer is NULL, Capstone would skip a number 187 | // of bytes depending on architectures, as following: 188 | // Arm: 2 bytes (Thumb mode) or 4 bytes. 189 | // Arm64: 4 bytes. 190 | // Mips: 4 bytes. 191 | // PowerPC: 4 bytes. 192 | // Sparc: 4 bytes. 193 | // SystemZ: 2 bytes. 194 | // X86: 1 bytes. 195 | // XCore: 2 bytes. 196 | cs_skipdata_cb_t callback; // default value is NULL 197 | 198 | // User-defined data to be passed to @callback function pointer. 199 | void *user_data; 200 | } cs_opt_skipdata; 201 | 202 | 203 | #include "arm.h" 204 | #include "arm64.h" 205 | #include "mips.h" 206 | #include "ppc.h" 207 | #include "sparc.h" 208 | #include "systemz.h" 209 | #include "x86.h" 210 | #include "xcore.h" 211 | 212 | // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 213 | typedef struct cs_detail { 214 | uint8_t regs_read[12]; // list of implicit registers read by this insn 215 | uint8_t regs_read_count; // number of implicit registers read by this insn 216 | 217 | uint8_t regs_write[20]; // list of implicit registers modified by this insn 218 | uint8_t regs_write_count; // number of implicit registers modified by this insn 219 | 220 | uint8_t groups[8]; // list of group this instruction belong to 221 | uint8_t groups_count; // number of groups this insn belongs to 222 | 223 | // Architecture-specific instruction info 224 | union { 225 | cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 226 | cs_arm64 arm64; // ARM64 architecture (aka AArch64) 227 | cs_arm arm; // ARM architecture (including Thumb/Thumb2) 228 | cs_mips mips; // MIPS architecture 229 | cs_ppc ppc; // PowerPC architecture 230 | cs_sparc sparc; // Sparc architecture 231 | cs_sysz sysz; // SystemZ architecture 232 | cs_xcore xcore; // XCore architecture 233 | }; 234 | } cs_detail; 235 | 236 | // Detail information of disassembled instruction 237 | typedef struct cs_insn { 238 | // Instruction ID (basically a numeric ID for the instruction mnemonic) 239 | // Find the instruction id in the '[ARCH]_insn' enum in the header file 240 | // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 241 | // 'x86_insn' in x86.h for X86, etc... 242 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 243 | // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. 244 | unsigned int id; 245 | 246 | // Address (EIP) of this instruction 247 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 248 | uint64_t address; 249 | 250 | // Size of this instruction 251 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 252 | uint16_t size; 253 | // Machine bytes of this instruction, with number of bytes indicated by @size above 254 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 255 | uint8_t bytes[16]; 256 | 257 | // Ascii text of instruction mnemonic 258 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 259 | char mnemonic[32]; 260 | 261 | // Ascii text of instruction operands 262 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 263 | char op_str[160]; 264 | 265 | // Pointer to cs_detail. 266 | // NOTE: detail pointer is only valid when both requirements below are met: 267 | // (1) CS_OP_DETAIL = CS_OPT_ON 268 | // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 269 | // 270 | // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 271 | // is not NULL, its content is still irrelevant. 272 | cs_detail *detail; 273 | } cs_insn; 274 | 275 | 276 | // Calculate the offset of a disassembled instruction in its buffer, given its position 277 | // in its array of disassembled insn 278 | // NOTE: this macro works with position (>=1), not index 279 | #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) 280 | 281 | 282 | // All type of errors encountered by Capstone API. 283 | // These are values returned by cs_errno() 284 | typedef enum cs_err { 285 | CS_ERR_OK = 0, // No error: everything was fine 286 | CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 287 | CS_ERR_ARCH, // Unsupported architecture: cs_open() 288 | CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() 289 | CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() 290 | CS_ERR_MODE, // Invalid/unsupported mode: cs_open() 291 | CS_ERR_OPTION, // Invalid/unsupported option: cs_option() 292 | CS_ERR_DETAIL, // Information is unavailable because detail option is OFF 293 | CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) 294 | CS_ERR_VERSION, // Unsupported version (bindings) 295 | CS_ERR_DIET, // Access irrelevant data in "diet" engine 296 | CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode 297 | CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) 298 | CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) 299 | } cs_err; 300 | 301 | /* 302 | Return combined API version & major and minor version numbers. 303 | 304 | @major: major number of API version 305 | @minor: minor number of API version 306 | 307 | @return hexical number as (major << 8 | minor), which encodes both 308 | major & minor versions. 309 | NOTE: This returned value can be compared with version number made 310 | with macro CS_MAKE_VERSION 311 | 312 | For example, second API version would return 1 in @major, and 1 in @minor 313 | The return value would be 0x0101 314 | 315 | NOTE: if you only care about returned value, but not major and minor values, 316 | set both @major & @minor arguments to NULL. 317 | */ 318 | CAPSTONE_EXPORT 319 | unsigned int cs_version(int *major, int *minor); 320 | 321 | 322 | /* 323 | This API can be used to either ask for archs supported by this library, 324 | or check to see if the library was compile with 'diet' option (or called 325 | in 'diet' mode). 326 | 327 | To check if a particular arch is supported by this library, set @query to 328 | arch mode (CS_ARCH_* value). 329 | To verify if this library supports all the archs, use CS_ARCH_ALL. 330 | 331 | To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 332 | 333 | @return True if this library supports the given arch, or in 'diet' mode. 334 | */ 335 | CAPSTONE_EXPORT 336 | bool cs_support(int query); 337 | 338 | /* 339 | Initialize CS handle: this must be done before any usage of CS. 340 | 341 | @arch: architecture type (CS_ARCH_*) 342 | @mode: hardware mode. This is combined of CS_MODE_* 343 | @handle: pointer to handle, which will be updated at return time 344 | 345 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 346 | for detailed error). 347 | */ 348 | CAPSTONE_EXPORT 349 | cs_err cs_open(cs_arch arch, cs_mode mode, csh *handle); 350 | 351 | /* 352 | Close CS handle: MUST do to release the handle when it is not used anymore. 353 | NOTE: this must be only called when there is no longer usage of Capstone, 354 | not even access to cs_insn array. The reason is the this API releases some 355 | cached memory, thus access to any Capstone API after cs_close() might crash 356 | your application. 357 | 358 | In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 359 | 360 | @handle: pointer to a handle returned by cs_open() 361 | 362 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 363 | for detailed error). 364 | */ 365 | CAPSTONE_EXPORT 366 | cs_err cs_close(csh *handle); 367 | 368 | /* 369 | Set option for disassembling engine at runtime 370 | 371 | @handle: handle returned by cs_open() 372 | @type: type of option to be set 373 | @value: option value corresponding with @type 374 | 375 | @return: CS_ERR_OK on success, or other value on failure. 376 | Refer to cs_err enum for detailed error. 377 | 378 | NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 379 | so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 380 | even before cs_open() 381 | */ 382 | CAPSTONE_EXPORT 383 | cs_err cs_option(csh handle, cs_opt_type type, size_t value); 384 | 385 | /* 386 | Report the last error number when some API function fail. 387 | Like glibc's errno, cs_errno might not retain its old value once accessed. 388 | 389 | @handle: handle returned by cs_open() 390 | 391 | @return: error code of cs_err enum type (CS_ERR_*, see above) 392 | */ 393 | CAPSTONE_EXPORT 394 | cs_err cs_errno(csh handle); 395 | 396 | 397 | /* 398 | Return a string describing given error code. 399 | 400 | @code: error code (see CS_ERR_* above) 401 | 402 | @return: returns a pointer to a string that describes the error code 403 | passed in the argument @code 404 | */ 405 | CAPSTONE_EXPORT 406 | const char *cs_strerror(cs_err code); 407 | 408 | /* 409 | Disassemble binary code, given the code buffer, size, address and number 410 | of instructions to be decoded. 411 | This API dynamically allocate memory to contain disassembled instruction. 412 | Resulted instructions will be put into @*insn 413 | 414 | NOTE 1: this API will automatically determine memory needed to contain 415 | output disassembled instructions in @insn. 416 | 417 | NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 418 | 419 | NOTE 3: for system with scarce memory to be dynamically allocated such as 420 | OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 421 | cs_disasm(). The reason is that with cs_disasm(), based on limited available 422 | memory, we have to calculate in advance how many instructions to be disassembled, 423 | which complicates things. This is especially troublesome for the case @count=0, 424 | when cs_disasm() runs uncontrollably (until either end of input buffer, or 425 | when it encounters an invalid instruction). 426 | 427 | @handle: handle returned by cs_open() 428 | @code: buffer containing raw binary code to be disassembled. 429 | @code_size: size of the above code buffer. 430 | @address: address of the first instruction in given raw code buffer. 431 | @insn: array of instructions filled in by this API. 432 | NOTE: @insn will be allocated by this function, and should be freed 433 | with cs_free() API. 434 | @count: number of instructions to be disassembled, or 0 to get all of them 435 | 436 | @return: the number of successfully disassembled instructions, 437 | or 0 if this function failed to disassemble the given code 438 | 439 | On failure, call cs_errno() for error code. 440 | */ 441 | CAPSTONE_EXPORT 442 | size_t cs_disasm(csh handle, 443 | const uint8_t *code, size_t code_size, 444 | uint64_t address, 445 | size_t count, 446 | cs_insn **insn); 447 | 448 | /* 449 | Deprecated function - to be retired in the next version! 450 | Use cs_disasm() instead of cs_disasm_ex() 451 | */ 452 | CAPSTONE_EXPORT 453 | CAPSTONE_DEPRECATED 454 | size_t cs_disasm_ex(csh handle, 455 | const uint8_t *code, size_t code_size, 456 | uint64_t address, 457 | size_t count, 458 | cs_insn **insn); 459 | 460 | /* 461 | Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 462 | 463 | @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 464 | @count: number of cs_insn structures returned by cs_disasm(), or 1 465 | to free memory allocated by cs_malloc(). 466 | */ 467 | CAPSTONE_EXPORT 468 | void cs_free(cs_insn *insn, size_t count); 469 | 470 | 471 | /* 472 | Allocate memory for 1 instruction to be used by cs_disasm_iter(). 473 | 474 | @handle: handle returned by cs_open() 475 | 476 | NOTE: when no longer in use, you can reclaim the memory allocated for 477 | this instruction with cs_free(insn, 1) 478 | */ 479 | CAPSTONE_EXPORT 480 | cs_insn *cs_malloc(csh handle); 481 | 482 | /* 483 | Fast API to disassemble binary code, given the code buffer, size, address 484 | and number of instructions to be decoded. 485 | This API put the resulted instruction into a given cache in @insn. 486 | See tests/test_iter.c for sample code demonstrating this API. 487 | 488 | NOTE 1: this API will update @code, @size & @address to point to the next 489 | instruction in the input buffer. Therefore, it is convenient to use 490 | cs_disasm_iter() inside a loop to quickly iterate all the instructions. 491 | While decoding one instruction at a time can also be achieved with 492 | cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 493 | faster on random input. 494 | 495 | NOTE 2: the cache in @insn can be created with cs_malloc() API. 496 | 497 | NOTE 3: for system with scarce memory to be dynamically allocated such as 498 | OS kernel or firmware, this API is recommended over cs_disasm(), which 499 | allocates memory based on the number of instructions to be disassembled. 500 | The reason is that with cs_disasm(), based on limited available memory, 501 | we have to calculate in advance how many instructions to be disassembled, 502 | which complicates things. This is especially troublesome for the case 503 | @count=0, when cs_disasm() runs uncontrollably (until either end of input 504 | buffer, or when it encounters an invalid instruction). 505 | 506 | @handle: handle returned by cs_open() 507 | @code: buffer containing raw binary code to be disassembled 508 | @code_size: size of above code 509 | @address: address of the first insn in given raw code buffer 510 | @insn: pointer to instruction to be filled in by this API. 511 | 512 | @return: true if this API successfully decode 1 instruction, 513 | or false otherwise. 514 | 515 | On failure, call cs_errno() for error code. 516 | */ 517 | CAPSTONE_EXPORT 518 | bool cs_disasm_iter(csh handle, 519 | const uint8_t **code, size_t *size, 520 | uint64_t *address, cs_insn *insn); 521 | 522 | /* 523 | Return friendly name of register in a string. 524 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, 525 | x86.h for X86, ...) 526 | 527 | WARN: when in 'diet' mode, this API is irrelevant because engine does not 528 | store register name. 529 | 530 | @handle: handle returned by cs_open() 531 | @reg_id: register id 532 | 533 | @return: string name of the register, or NULL if @reg_id is invalid. 534 | */ 535 | CAPSTONE_EXPORT 536 | const char *cs_reg_name(csh handle, unsigned int reg_id); 537 | 538 | /* 539 | Return friendly name of an instruction in a string. 540 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 541 | 542 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 543 | store instruction name. 544 | 545 | @handle: handle returned by cs_open() 546 | @insn_id: instruction id 547 | 548 | @return: string name of the instruction, or NULL if @insn_id is invalid. 549 | */ 550 | CAPSTONE_EXPORT 551 | const char *cs_insn_name(csh handle, unsigned int insn_id); 552 | 553 | /* 554 | Return friendly name of a group id (that an instruction can belong to) 555 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 556 | 557 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 558 | store group name. 559 | 560 | @handle: handle returned by cs_open() 561 | @group_id: group id 562 | 563 | @return: string name of the group, or NULL if @group_id is invalid. 564 | */ 565 | CAPSTONE_EXPORT 566 | const char *cs_group_name(csh handle, unsigned int group_id); 567 | 568 | /* 569 | Check if a disassembled instruction belong to a particular group. 570 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 571 | Internally, this simply verifies if @group_id matches any member of insn->groups array. 572 | 573 | NOTE: this API is only valid when detail option is ON (which is OFF by default). 574 | 575 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 576 | update @groups array. 577 | 578 | @handle: handle returned by cs_open() 579 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 580 | @group_id: group that you want to check if this instruction belong to. 581 | 582 | @return: true if this instruction indeed belongs to aboved group, or false otherwise. 583 | */ 584 | CAPSTONE_EXPORT 585 | bool cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); 586 | 587 | /* 588 | Check if a disassembled instruction IMPLICITLY used a particular register. 589 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 590 | Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 591 | 592 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 593 | 594 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 595 | update @regs_read array. 596 | 597 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 598 | @reg_id: register that you want to check if this instruction used it. 599 | 600 | @return: true if this instruction indeed implicitly used aboved register, or false otherwise. 601 | */ 602 | CAPSTONE_EXPORT 603 | bool cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); 604 | 605 | /* 606 | Check if a disassembled instruction IMPLICITLY modified a particular register. 607 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 608 | Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 609 | 610 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 611 | 612 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 613 | update @regs_write array. 614 | 615 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 616 | @reg_id: register that you want to check if this instruction modified it. 617 | 618 | @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. 619 | */ 620 | CAPSTONE_EXPORT 621 | bool cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); 622 | 623 | /* 624 | Count the number of operands of a given type. 625 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 626 | 627 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 628 | 629 | @handle: handle returned by cs_open() 630 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 631 | @op_type: Operand type to be found. 632 | 633 | @return: number of operands of given type @op_type in instruction @insn, 634 | or -1 on failure. 635 | */ 636 | CAPSTONE_EXPORT 637 | int cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); 638 | 639 | /* 640 | Retrieve the position of operand of given type in .operands[] array. 641 | Later, the operand can be accessed using the returned position. 642 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 643 | 644 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 645 | 646 | @handle: handle returned by cs_open() 647 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 648 | @op_type: Operand type to be found. 649 | @position: position of the operand to be found. This must be in the range 650 | [1, cs_op_count(handle, insn, op_type)] 651 | 652 | @return: index of operand of given type @op_type in .operands[] array 653 | in instruction @insn, or -1 on failure. 654 | */ 655 | CAPSTONE_EXPORT 656 | int cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, 657 | unsigned int position); 658 | 659 | #ifdef __cplusplus 660 | } 661 | #endif 662 | 663 | #endif 664 | -------------------------------------------------------------------------------- /src/capstone/mips.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_MIPS_H 2 | #define CAPSTONE_MIPS_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC MIPS toolchain has a default macro called "mips" which breaks 15 | // compilation 16 | #undef mips 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Operand type for instruction's operands 23 | typedef enum mips_op_type { 24 | MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 25 | MIPS_OP_REG, // = CS_OP_REG (Register operand). 26 | MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand). 27 | MIPS_OP_MEM, // = CS_OP_MEM (Memory operand). 28 | } mips_op_type; 29 | 30 | // Instruction's operand referring to memory 31 | // This is associated with MIPS_OP_MEM operand type above 32 | typedef struct mips_op_mem { 33 | unsigned int base; // base register 34 | int64_t disp; // displacement/offset value 35 | } mips_op_mem; 36 | 37 | // Instruction operand 38 | typedef struct cs_mips_op { 39 | mips_op_type type; // operand type 40 | union { 41 | unsigned int reg; // register value for REG operand 42 | int64_t imm; // immediate value for IMM operand 43 | mips_op_mem mem; // base/index/scale/disp value for MEM operand 44 | }; 45 | } cs_mips_op; 46 | 47 | // Instruction structure 48 | typedef struct cs_mips { 49 | // Number of operands of this instruction, 50 | // or 0 when instruction has no operand. 51 | uint8_t op_count; 52 | cs_mips_op operands[8]; // operands for this instruction. 53 | } cs_mips; 54 | 55 | //> MIPS registers 56 | typedef enum mips_reg { 57 | MIPS_REG_INVALID = 0, 58 | //> General purpose registers 59 | MIPS_REG_0, 60 | MIPS_REG_1, 61 | MIPS_REG_2, 62 | MIPS_REG_3, 63 | MIPS_REG_4, 64 | MIPS_REG_5, 65 | MIPS_REG_6, 66 | MIPS_REG_7, 67 | MIPS_REG_8, 68 | MIPS_REG_9, 69 | MIPS_REG_10, 70 | MIPS_REG_11, 71 | MIPS_REG_12, 72 | MIPS_REG_13, 73 | MIPS_REG_14, 74 | MIPS_REG_15, 75 | MIPS_REG_16, 76 | MIPS_REG_17, 77 | MIPS_REG_18, 78 | MIPS_REG_19, 79 | MIPS_REG_20, 80 | MIPS_REG_21, 81 | MIPS_REG_22, 82 | MIPS_REG_23, 83 | MIPS_REG_24, 84 | MIPS_REG_25, 85 | MIPS_REG_26, 86 | MIPS_REG_27, 87 | MIPS_REG_28, 88 | MIPS_REG_29, 89 | MIPS_REG_30, 90 | MIPS_REG_31, 91 | 92 | //> DSP registers 93 | MIPS_REG_DSPCCOND, 94 | MIPS_REG_DSPCARRY, 95 | MIPS_REG_DSPEFI, 96 | MIPS_REG_DSPOUTFLAG, 97 | MIPS_REG_DSPOUTFLAG16_19, 98 | MIPS_REG_DSPOUTFLAG20, 99 | MIPS_REG_DSPOUTFLAG21, 100 | MIPS_REG_DSPOUTFLAG22, 101 | MIPS_REG_DSPOUTFLAG23, 102 | MIPS_REG_DSPPOS, 103 | MIPS_REG_DSPSCOUNT, 104 | 105 | //> ACC registers 106 | MIPS_REG_AC0, 107 | MIPS_REG_AC1, 108 | MIPS_REG_AC2, 109 | MIPS_REG_AC3, 110 | 111 | //> COP registers 112 | MIPS_REG_CC0, 113 | MIPS_REG_CC1, 114 | MIPS_REG_CC2, 115 | MIPS_REG_CC3, 116 | MIPS_REG_CC4, 117 | MIPS_REG_CC5, 118 | MIPS_REG_CC6, 119 | MIPS_REG_CC7, 120 | 121 | //> FPU registers 122 | MIPS_REG_F0, 123 | MIPS_REG_F1, 124 | MIPS_REG_F2, 125 | MIPS_REG_F3, 126 | MIPS_REG_F4, 127 | MIPS_REG_F5, 128 | MIPS_REG_F6, 129 | MIPS_REG_F7, 130 | MIPS_REG_F8, 131 | MIPS_REG_F9, 132 | MIPS_REG_F10, 133 | MIPS_REG_F11, 134 | MIPS_REG_F12, 135 | MIPS_REG_F13, 136 | MIPS_REG_F14, 137 | MIPS_REG_F15, 138 | MIPS_REG_F16, 139 | MIPS_REG_F17, 140 | MIPS_REG_F18, 141 | MIPS_REG_F19, 142 | MIPS_REG_F20, 143 | MIPS_REG_F21, 144 | MIPS_REG_F22, 145 | MIPS_REG_F23, 146 | MIPS_REG_F24, 147 | MIPS_REG_F25, 148 | MIPS_REG_F26, 149 | MIPS_REG_F27, 150 | MIPS_REG_F28, 151 | MIPS_REG_F29, 152 | MIPS_REG_F30, 153 | MIPS_REG_F31, 154 | 155 | MIPS_REG_FCC0, 156 | MIPS_REG_FCC1, 157 | MIPS_REG_FCC2, 158 | MIPS_REG_FCC3, 159 | MIPS_REG_FCC4, 160 | MIPS_REG_FCC5, 161 | MIPS_REG_FCC6, 162 | MIPS_REG_FCC7, 163 | 164 | //> AFPR128 165 | MIPS_REG_W0, 166 | MIPS_REG_W1, 167 | MIPS_REG_W2, 168 | MIPS_REG_W3, 169 | MIPS_REG_W4, 170 | MIPS_REG_W5, 171 | MIPS_REG_W6, 172 | MIPS_REG_W7, 173 | MIPS_REG_W8, 174 | MIPS_REG_W9, 175 | MIPS_REG_W10, 176 | MIPS_REG_W11, 177 | MIPS_REG_W12, 178 | MIPS_REG_W13, 179 | MIPS_REG_W14, 180 | MIPS_REG_W15, 181 | MIPS_REG_W16, 182 | MIPS_REG_W17, 183 | MIPS_REG_W18, 184 | MIPS_REG_W19, 185 | MIPS_REG_W20, 186 | MIPS_REG_W21, 187 | MIPS_REG_W22, 188 | MIPS_REG_W23, 189 | MIPS_REG_W24, 190 | MIPS_REG_W25, 191 | MIPS_REG_W26, 192 | MIPS_REG_W27, 193 | MIPS_REG_W28, 194 | MIPS_REG_W29, 195 | MIPS_REG_W30, 196 | MIPS_REG_W31, 197 | 198 | MIPS_REG_HI, 199 | MIPS_REG_LO, 200 | 201 | MIPS_REG_P0, 202 | MIPS_REG_P1, 203 | MIPS_REG_P2, 204 | 205 | MIPS_REG_MPL0, 206 | MIPS_REG_MPL1, 207 | MIPS_REG_MPL2, 208 | 209 | MIPS_REG_ENDING, // <-- mark the end of the list or registers 210 | 211 | // alias registers 212 | MIPS_REG_ZERO = MIPS_REG_0, 213 | MIPS_REG_AT = MIPS_REG_1, 214 | MIPS_REG_V0 = MIPS_REG_2, 215 | MIPS_REG_V1 = MIPS_REG_3, 216 | MIPS_REG_A0 = MIPS_REG_4, 217 | MIPS_REG_A1 = MIPS_REG_5, 218 | MIPS_REG_A2 = MIPS_REG_6, 219 | MIPS_REG_A3 = MIPS_REG_7, 220 | MIPS_REG_T0 = MIPS_REG_8, 221 | MIPS_REG_T1 = MIPS_REG_9, 222 | MIPS_REG_T2 = MIPS_REG_10, 223 | MIPS_REG_T3 = MIPS_REG_11, 224 | MIPS_REG_T4 = MIPS_REG_12, 225 | MIPS_REG_T5 = MIPS_REG_13, 226 | MIPS_REG_T6 = MIPS_REG_14, 227 | MIPS_REG_T7 = MIPS_REG_15, 228 | MIPS_REG_S0 = MIPS_REG_16, 229 | MIPS_REG_S1 = MIPS_REG_17, 230 | MIPS_REG_S2 = MIPS_REG_18, 231 | MIPS_REG_S3 = MIPS_REG_19, 232 | MIPS_REG_S4 = MIPS_REG_20, 233 | MIPS_REG_S5 = MIPS_REG_21, 234 | MIPS_REG_S6 = MIPS_REG_22, 235 | MIPS_REG_S7 = MIPS_REG_23, 236 | MIPS_REG_T8 = MIPS_REG_24, 237 | MIPS_REG_T9 = MIPS_REG_25, 238 | MIPS_REG_K0 = MIPS_REG_26, 239 | MIPS_REG_K1 = MIPS_REG_27, 240 | MIPS_REG_GP = MIPS_REG_28, 241 | MIPS_REG_SP = MIPS_REG_29, 242 | MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30, 243 | MIPS_REG_RA = MIPS_REG_31, 244 | 245 | MIPS_REG_HI0 = MIPS_REG_AC0, 246 | MIPS_REG_HI1 = MIPS_REG_AC1, 247 | MIPS_REG_HI2 = MIPS_REG_AC2, 248 | MIPS_REG_HI3 = MIPS_REG_AC3, 249 | 250 | MIPS_REG_LO0 = MIPS_REG_HI0, 251 | MIPS_REG_LO1 = MIPS_REG_HI1, 252 | MIPS_REG_LO2 = MIPS_REG_HI2, 253 | MIPS_REG_LO3 = MIPS_REG_HI3, 254 | } mips_reg; 255 | 256 | //> MIPS instruction 257 | typedef enum mips_insn { 258 | MIPS_INS_INVALID = 0, 259 | 260 | MIPS_INS_ABSQ_S, 261 | MIPS_INS_ADD, 262 | MIPS_INS_ADDIUPC, 263 | MIPS_INS_ADDQH, 264 | MIPS_INS_ADDQH_R, 265 | MIPS_INS_ADDQ, 266 | MIPS_INS_ADDQ_S, 267 | MIPS_INS_ADDSC, 268 | MIPS_INS_ADDS_A, 269 | MIPS_INS_ADDS_S, 270 | MIPS_INS_ADDS_U, 271 | MIPS_INS_ADDUH, 272 | MIPS_INS_ADDUH_R, 273 | MIPS_INS_ADDU, 274 | MIPS_INS_ADDU_S, 275 | MIPS_INS_ADDVI, 276 | MIPS_INS_ADDV, 277 | MIPS_INS_ADDWC, 278 | MIPS_INS_ADD_A, 279 | MIPS_INS_ADDI, 280 | MIPS_INS_ADDIU, 281 | MIPS_INS_ALIGN, 282 | MIPS_INS_ALUIPC, 283 | MIPS_INS_AND, 284 | MIPS_INS_ANDI, 285 | MIPS_INS_APPEND, 286 | MIPS_INS_ASUB_S, 287 | MIPS_INS_ASUB_U, 288 | MIPS_INS_AUI, 289 | MIPS_INS_AUIPC, 290 | MIPS_INS_AVER_S, 291 | MIPS_INS_AVER_U, 292 | MIPS_INS_AVE_S, 293 | MIPS_INS_AVE_U, 294 | MIPS_INS_BADDU, 295 | MIPS_INS_BAL, 296 | MIPS_INS_BALC, 297 | MIPS_INS_BALIGN, 298 | MIPS_INS_BC, 299 | MIPS_INS_BC0F, 300 | MIPS_INS_BC0FL, 301 | MIPS_INS_BC0T, 302 | MIPS_INS_BC0TL, 303 | MIPS_INS_BC1EQZ, 304 | MIPS_INS_BC1F, 305 | MIPS_INS_BC1FL, 306 | MIPS_INS_BC1NEZ, 307 | MIPS_INS_BC1T, 308 | MIPS_INS_BC1TL, 309 | MIPS_INS_BC2EQZ, 310 | MIPS_INS_BC2F, 311 | MIPS_INS_BC2FL, 312 | MIPS_INS_BC2NEZ, 313 | MIPS_INS_BC2T, 314 | MIPS_INS_BC2TL, 315 | MIPS_INS_BC3F, 316 | MIPS_INS_BC3FL, 317 | MIPS_INS_BC3T, 318 | MIPS_INS_BC3TL, 319 | MIPS_INS_BCLRI, 320 | MIPS_INS_BCLR, 321 | MIPS_INS_BEQ, 322 | MIPS_INS_BEQC, 323 | MIPS_INS_BEQL, 324 | MIPS_INS_BEQZALC, 325 | MIPS_INS_BEQZC, 326 | MIPS_INS_BGEC, 327 | MIPS_INS_BGEUC, 328 | MIPS_INS_BGEZ, 329 | MIPS_INS_BGEZAL, 330 | MIPS_INS_BGEZALC, 331 | MIPS_INS_BGEZALL, 332 | MIPS_INS_BGEZALS, 333 | MIPS_INS_BGEZC, 334 | MIPS_INS_BGEZL, 335 | MIPS_INS_BGTZ, 336 | MIPS_INS_BGTZALC, 337 | MIPS_INS_BGTZC, 338 | MIPS_INS_BGTZL, 339 | MIPS_INS_BINSLI, 340 | MIPS_INS_BINSL, 341 | MIPS_INS_BINSRI, 342 | MIPS_INS_BINSR, 343 | MIPS_INS_BITREV, 344 | MIPS_INS_BITSWAP, 345 | MIPS_INS_BLEZ, 346 | MIPS_INS_BLEZALC, 347 | MIPS_INS_BLEZC, 348 | MIPS_INS_BLEZL, 349 | MIPS_INS_BLTC, 350 | MIPS_INS_BLTUC, 351 | MIPS_INS_BLTZ, 352 | MIPS_INS_BLTZAL, 353 | MIPS_INS_BLTZALC, 354 | MIPS_INS_BLTZALL, 355 | MIPS_INS_BLTZALS, 356 | MIPS_INS_BLTZC, 357 | MIPS_INS_BLTZL, 358 | MIPS_INS_BMNZI, 359 | MIPS_INS_BMNZ, 360 | MIPS_INS_BMZI, 361 | MIPS_INS_BMZ, 362 | MIPS_INS_BNE, 363 | MIPS_INS_BNEC, 364 | MIPS_INS_BNEGI, 365 | MIPS_INS_BNEG, 366 | MIPS_INS_BNEL, 367 | MIPS_INS_BNEZALC, 368 | MIPS_INS_BNEZC, 369 | MIPS_INS_BNVC, 370 | MIPS_INS_BNZ, 371 | MIPS_INS_BOVC, 372 | MIPS_INS_BPOSGE32, 373 | MIPS_INS_BREAK, 374 | MIPS_INS_BSELI, 375 | MIPS_INS_BSEL, 376 | MIPS_INS_BSETI, 377 | MIPS_INS_BSET, 378 | MIPS_INS_BZ, 379 | MIPS_INS_BEQZ, 380 | MIPS_INS_B, 381 | MIPS_INS_BNEZ, 382 | MIPS_INS_BTEQZ, 383 | MIPS_INS_BTNEZ, 384 | MIPS_INS_CACHE, 385 | MIPS_INS_CEIL, 386 | MIPS_INS_CEQI, 387 | MIPS_INS_CEQ, 388 | MIPS_INS_CFC1, 389 | MIPS_INS_CFCMSA, 390 | MIPS_INS_CINS, 391 | MIPS_INS_CINS32, 392 | MIPS_INS_CLASS, 393 | MIPS_INS_CLEI_S, 394 | MIPS_INS_CLEI_U, 395 | MIPS_INS_CLE_S, 396 | MIPS_INS_CLE_U, 397 | MIPS_INS_CLO, 398 | MIPS_INS_CLTI_S, 399 | MIPS_INS_CLTI_U, 400 | MIPS_INS_CLT_S, 401 | MIPS_INS_CLT_U, 402 | MIPS_INS_CLZ, 403 | MIPS_INS_CMPGDU, 404 | MIPS_INS_CMPGU, 405 | MIPS_INS_CMPU, 406 | MIPS_INS_CMP, 407 | MIPS_INS_COPY_S, 408 | MIPS_INS_COPY_U, 409 | MIPS_INS_CTC1, 410 | MIPS_INS_CTCMSA, 411 | MIPS_INS_CVT, 412 | MIPS_INS_C, 413 | MIPS_INS_CMPI, 414 | MIPS_INS_DADD, 415 | MIPS_INS_DADDI, 416 | MIPS_INS_DADDIU, 417 | MIPS_INS_DADDU, 418 | MIPS_INS_DAHI, 419 | MIPS_INS_DALIGN, 420 | MIPS_INS_DATI, 421 | MIPS_INS_DAUI, 422 | MIPS_INS_DBITSWAP, 423 | MIPS_INS_DCLO, 424 | MIPS_INS_DCLZ, 425 | MIPS_INS_DDIV, 426 | MIPS_INS_DDIVU, 427 | MIPS_INS_DERET, 428 | MIPS_INS_DEXT, 429 | MIPS_INS_DEXTM, 430 | MIPS_INS_DEXTU, 431 | MIPS_INS_DI, 432 | MIPS_INS_DINS, 433 | MIPS_INS_DINSM, 434 | MIPS_INS_DINSU, 435 | MIPS_INS_DIV, 436 | MIPS_INS_DIVU, 437 | MIPS_INS_DIV_S, 438 | MIPS_INS_DIV_U, 439 | MIPS_INS_DLSA, 440 | MIPS_INS_DMFC0, 441 | MIPS_INS_DMFC1, 442 | MIPS_INS_DMFC2, 443 | MIPS_INS_DMOD, 444 | MIPS_INS_DMODU, 445 | MIPS_INS_DMTC0, 446 | MIPS_INS_DMTC1, 447 | MIPS_INS_DMTC2, 448 | MIPS_INS_DMUH, 449 | MIPS_INS_DMUHU, 450 | MIPS_INS_DMUL, 451 | MIPS_INS_DMULT, 452 | MIPS_INS_DMULTU, 453 | MIPS_INS_DMULU, 454 | MIPS_INS_DOTP_S, 455 | MIPS_INS_DOTP_U, 456 | MIPS_INS_DPADD_S, 457 | MIPS_INS_DPADD_U, 458 | MIPS_INS_DPAQX_SA, 459 | MIPS_INS_DPAQX_S, 460 | MIPS_INS_DPAQ_SA, 461 | MIPS_INS_DPAQ_S, 462 | MIPS_INS_DPAU, 463 | MIPS_INS_DPAX, 464 | MIPS_INS_DPA, 465 | MIPS_INS_DPOP, 466 | MIPS_INS_DPSQX_SA, 467 | MIPS_INS_DPSQX_S, 468 | MIPS_INS_DPSQ_SA, 469 | MIPS_INS_DPSQ_S, 470 | MIPS_INS_DPSUB_S, 471 | MIPS_INS_DPSUB_U, 472 | MIPS_INS_DPSU, 473 | MIPS_INS_DPSX, 474 | MIPS_INS_DPS, 475 | MIPS_INS_DROTR, 476 | MIPS_INS_DROTR32, 477 | MIPS_INS_DROTRV, 478 | MIPS_INS_DSBH, 479 | MIPS_INS_DSHD, 480 | MIPS_INS_DSLL, 481 | MIPS_INS_DSLL32, 482 | MIPS_INS_DSLLV, 483 | MIPS_INS_DSRA, 484 | MIPS_INS_DSRA32, 485 | MIPS_INS_DSRAV, 486 | MIPS_INS_DSRL, 487 | MIPS_INS_DSRL32, 488 | MIPS_INS_DSRLV, 489 | MIPS_INS_DSUB, 490 | MIPS_INS_DSUBU, 491 | MIPS_INS_EHB, 492 | MIPS_INS_EI, 493 | MIPS_INS_ERET, 494 | MIPS_INS_EXT, 495 | MIPS_INS_EXTP, 496 | MIPS_INS_EXTPDP, 497 | MIPS_INS_EXTPDPV, 498 | MIPS_INS_EXTPV, 499 | MIPS_INS_EXTRV_RS, 500 | MIPS_INS_EXTRV_R, 501 | MIPS_INS_EXTRV_S, 502 | MIPS_INS_EXTRV, 503 | MIPS_INS_EXTR_RS, 504 | MIPS_INS_EXTR_R, 505 | MIPS_INS_EXTR_S, 506 | MIPS_INS_EXTR, 507 | MIPS_INS_EXTS, 508 | MIPS_INS_EXTS32, 509 | MIPS_INS_ABS, 510 | MIPS_INS_FADD, 511 | MIPS_INS_FCAF, 512 | MIPS_INS_FCEQ, 513 | MIPS_INS_FCLASS, 514 | MIPS_INS_FCLE, 515 | MIPS_INS_FCLT, 516 | MIPS_INS_FCNE, 517 | MIPS_INS_FCOR, 518 | MIPS_INS_FCUEQ, 519 | MIPS_INS_FCULE, 520 | MIPS_INS_FCULT, 521 | MIPS_INS_FCUNE, 522 | MIPS_INS_FCUN, 523 | MIPS_INS_FDIV, 524 | MIPS_INS_FEXDO, 525 | MIPS_INS_FEXP2, 526 | MIPS_INS_FEXUPL, 527 | MIPS_INS_FEXUPR, 528 | MIPS_INS_FFINT_S, 529 | MIPS_INS_FFINT_U, 530 | MIPS_INS_FFQL, 531 | MIPS_INS_FFQR, 532 | MIPS_INS_FILL, 533 | MIPS_INS_FLOG2, 534 | MIPS_INS_FLOOR, 535 | MIPS_INS_FMADD, 536 | MIPS_INS_FMAX_A, 537 | MIPS_INS_FMAX, 538 | MIPS_INS_FMIN_A, 539 | MIPS_INS_FMIN, 540 | MIPS_INS_MOV, 541 | MIPS_INS_FMSUB, 542 | MIPS_INS_FMUL, 543 | MIPS_INS_MUL, 544 | MIPS_INS_NEG, 545 | MIPS_INS_FRCP, 546 | MIPS_INS_FRINT, 547 | MIPS_INS_FRSQRT, 548 | MIPS_INS_FSAF, 549 | MIPS_INS_FSEQ, 550 | MIPS_INS_FSLE, 551 | MIPS_INS_FSLT, 552 | MIPS_INS_FSNE, 553 | MIPS_INS_FSOR, 554 | MIPS_INS_FSQRT, 555 | MIPS_INS_SQRT, 556 | MIPS_INS_FSUB, 557 | MIPS_INS_SUB, 558 | MIPS_INS_FSUEQ, 559 | MIPS_INS_FSULE, 560 | MIPS_INS_FSULT, 561 | MIPS_INS_FSUNE, 562 | MIPS_INS_FSUN, 563 | MIPS_INS_FTINT_S, 564 | MIPS_INS_FTINT_U, 565 | MIPS_INS_FTQ, 566 | MIPS_INS_FTRUNC_S, 567 | MIPS_INS_FTRUNC_U, 568 | MIPS_INS_HADD_S, 569 | MIPS_INS_HADD_U, 570 | MIPS_INS_HSUB_S, 571 | MIPS_INS_HSUB_U, 572 | MIPS_INS_ILVEV, 573 | MIPS_INS_ILVL, 574 | MIPS_INS_ILVOD, 575 | MIPS_INS_ILVR, 576 | MIPS_INS_INS, 577 | MIPS_INS_INSERT, 578 | MIPS_INS_INSV, 579 | MIPS_INS_INSVE, 580 | MIPS_INS_J, 581 | MIPS_INS_JAL, 582 | MIPS_INS_JALR, 583 | MIPS_INS_JALRS, 584 | MIPS_INS_JALS, 585 | MIPS_INS_JALX, 586 | MIPS_INS_JIALC, 587 | MIPS_INS_JIC, 588 | MIPS_INS_JR, 589 | MIPS_INS_JRADDIUSP, 590 | MIPS_INS_JRC, 591 | MIPS_INS_JALRC, 592 | MIPS_INS_LB, 593 | MIPS_INS_LBUX, 594 | MIPS_INS_LBU, 595 | MIPS_INS_LD, 596 | MIPS_INS_LDC1, 597 | MIPS_INS_LDC2, 598 | MIPS_INS_LDC3, 599 | MIPS_INS_LDI, 600 | MIPS_INS_LDL, 601 | MIPS_INS_LDPC, 602 | MIPS_INS_LDR, 603 | MIPS_INS_LDXC1, 604 | MIPS_INS_LH, 605 | MIPS_INS_LHX, 606 | MIPS_INS_LHU, 607 | MIPS_INS_LL, 608 | MIPS_INS_LLD, 609 | MIPS_INS_LSA, 610 | MIPS_INS_LUXC1, 611 | MIPS_INS_LUI, 612 | MIPS_INS_LW, 613 | MIPS_INS_LWC1, 614 | MIPS_INS_LWC2, 615 | MIPS_INS_LWC3, 616 | MIPS_INS_LWL, 617 | MIPS_INS_LWPC, 618 | MIPS_INS_LWR, 619 | MIPS_INS_LWUPC, 620 | MIPS_INS_LWU, 621 | MIPS_INS_LWX, 622 | MIPS_INS_LWXC1, 623 | MIPS_INS_LI, 624 | MIPS_INS_MADD, 625 | MIPS_INS_MADDF, 626 | MIPS_INS_MADDR_Q, 627 | MIPS_INS_MADDU, 628 | MIPS_INS_MADDV, 629 | MIPS_INS_MADD_Q, 630 | MIPS_INS_MAQ_SA, 631 | MIPS_INS_MAQ_S, 632 | MIPS_INS_MAXA, 633 | MIPS_INS_MAXI_S, 634 | MIPS_INS_MAXI_U, 635 | MIPS_INS_MAX_A, 636 | MIPS_INS_MAX, 637 | MIPS_INS_MAX_S, 638 | MIPS_INS_MAX_U, 639 | MIPS_INS_MFC0, 640 | MIPS_INS_MFC1, 641 | MIPS_INS_MFC2, 642 | MIPS_INS_MFHC1, 643 | MIPS_INS_MFHI, 644 | MIPS_INS_MFLO, 645 | MIPS_INS_MINA, 646 | MIPS_INS_MINI_S, 647 | MIPS_INS_MINI_U, 648 | MIPS_INS_MIN_A, 649 | MIPS_INS_MIN, 650 | MIPS_INS_MIN_S, 651 | MIPS_INS_MIN_U, 652 | MIPS_INS_MOD, 653 | MIPS_INS_MODSUB, 654 | MIPS_INS_MODU, 655 | MIPS_INS_MOD_S, 656 | MIPS_INS_MOD_U, 657 | MIPS_INS_MOVE, 658 | MIPS_INS_MOVF, 659 | MIPS_INS_MOVN, 660 | MIPS_INS_MOVT, 661 | MIPS_INS_MOVZ, 662 | MIPS_INS_MSUB, 663 | MIPS_INS_MSUBF, 664 | MIPS_INS_MSUBR_Q, 665 | MIPS_INS_MSUBU, 666 | MIPS_INS_MSUBV, 667 | MIPS_INS_MSUB_Q, 668 | MIPS_INS_MTC0, 669 | MIPS_INS_MTC1, 670 | MIPS_INS_MTC2, 671 | MIPS_INS_MTHC1, 672 | MIPS_INS_MTHI, 673 | MIPS_INS_MTHLIP, 674 | MIPS_INS_MTLO, 675 | MIPS_INS_MTM0, 676 | MIPS_INS_MTM1, 677 | MIPS_INS_MTM2, 678 | MIPS_INS_MTP0, 679 | MIPS_INS_MTP1, 680 | MIPS_INS_MTP2, 681 | MIPS_INS_MUH, 682 | MIPS_INS_MUHU, 683 | MIPS_INS_MULEQ_S, 684 | MIPS_INS_MULEU_S, 685 | MIPS_INS_MULQ_RS, 686 | MIPS_INS_MULQ_S, 687 | MIPS_INS_MULR_Q, 688 | MIPS_INS_MULSAQ_S, 689 | MIPS_INS_MULSA, 690 | MIPS_INS_MULT, 691 | MIPS_INS_MULTU, 692 | MIPS_INS_MULU, 693 | MIPS_INS_MULV, 694 | MIPS_INS_MUL_Q, 695 | MIPS_INS_MUL_S, 696 | MIPS_INS_NLOC, 697 | MIPS_INS_NLZC, 698 | MIPS_INS_NMADD, 699 | MIPS_INS_NMSUB, 700 | MIPS_INS_NOR, 701 | MIPS_INS_NORI, 702 | MIPS_INS_NOT, 703 | MIPS_INS_OR, 704 | MIPS_INS_ORI, 705 | MIPS_INS_PACKRL, 706 | MIPS_INS_PAUSE, 707 | MIPS_INS_PCKEV, 708 | MIPS_INS_PCKOD, 709 | MIPS_INS_PCNT, 710 | MIPS_INS_PICK, 711 | MIPS_INS_POP, 712 | MIPS_INS_PRECEQU, 713 | MIPS_INS_PRECEQ, 714 | MIPS_INS_PRECEU, 715 | MIPS_INS_PRECRQU_S, 716 | MIPS_INS_PRECRQ, 717 | MIPS_INS_PRECRQ_RS, 718 | MIPS_INS_PRECR, 719 | MIPS_INS_PRECR_SRA, 720 | MIPS_INS_PRECR_SRA_R, 721 | MIPS_INS_PREF, 722 | MIPS_INS_PREPEND, 723 | MIPS_INS_RADDU, 724 | MIPS_INS_RDDSP, 725 | MIPS_INS_RDHWR, 726 | MIPS_INS_REPLV, 727 | MIPS_INS_REPL, 728 | MIPS_INS_RINT, 729 | MIPS_INS_ROTR, 730 | MIPS_INS_ROTRV, 731 | MIPS_INS_ROUND, 732 | MIPS_INS_SAT_S, 733 | MIPS_INS_SAT_U, 734 | MIPS_INS_SB, 735 | MIPS_INS_SC, 736 | MIPS_INS_SCD, 737 | MIPS_INS_SD, 738 | MIPS_INS_SDBBP, 739 | MIPS_INS_SDC1, 740 | MIPS_INS_SDC2, 741 | MIPS_INS_SDC3, 742 | MIPS_INS_SDL, 743 | MIPS_INS_SDR, 744 | MIPS_INS_SDXC1, 745 | MIPS_INS_SEB, 746 | MIPS_INS_SEH, 747 | MIPS_INS_SELEQZ, 748 | MIPS_INS_SELNEZ, 749 | MIPS_INS_SEL, 750 | MIPS_INS_SEQ, 751 | MIPS_INS_SEQI, 752 | MIPS_INS_SH, 753 | MIPS_INS_SHF, 754 | MIPS_INS_SHILO, 755 | MIPS_INS_SHILOV, 756 | MIPS_INS_SHLLV, 757 | MIPS_INS_SHLLV_S, 758 | MIPS_INS_SHLL, 759 | MIPS_INS_SHLL_S, 760 | MIPS_INS_SHRAV, 761 | MIPS_INS_SHRAV_R, 762 | MIPS_INS_SHRA, 763 | MIPS_INS_SHRA_R, 764 | MIPS_INS_SHRLV, 765 | MIPS_INS_SHRL, 766 | MIPS_INS_SLDI, 767 | MIPS_INS_SLD, 768 | MIPS_INS_SLL, 769 | MIPS_INS_SLLI, 770 | MIPS_INS_SLLV, 771 | MIPS_INS_SLT, 772 | MIPS_INS_SLTI, 773 | MIPS_INS_SLTIU, 774 | MIPS_INS_SLTU, 775 | MIPS_INS_SNE, 776 | MIPS_INS_SNEI, 777 | MIPS_INS_SPLATI, 778 | MIPS_INS_SPLAT, 779 | MIPS_INS_SRA, 780 | MIPS_INS_SRAI, 781 | MIPS_INS_SRARI, 782 | MIPS_INS_SRAR, 783 | MIPS_INS_SRAV, 784 | MIPS_INS_SRL, 785 | MIPS_INS_SRLI, 786 | MIPS_INS_SRLRI, 787 | MIPS_INS_SRLR, 788 | MIPS_INS_SRLV, 789 | MIPS_INS_SSNOP, 790 | MIPS_INS_ST, 791 | MIPS_INS_SUBQH, 792 | MIPS_INS_SUBQH_R, 793 | MIPS_INS_SUBQ, 794 | MIPS_INS_SUBQ_S, 795 | MIPS_INS_SUBSUS_U, 796 | MIPS_INS_SUBSUU_S, 797 | MIPS_INS_SUBS_S, 798 | MIPS_INS_SUBS_U, 799 | MIPS_INS_SUBUH, 800 | MIPS_INS_SUBUH_R, 801 | MIPS_INS_SUBU, 802 | MIPS_INS_SUBU_S, 803 | MIPS_INS_SUBVI, 804 | MIPS_INS_SUBV, 805 | MIPS_INS_SUXC1, 806 | MIPS_INS_SW, 807 | MIPS_INS_SWC1, 808 | MIPS_INS_SWC2, 809 | MIPS_INS_SWC3, 810 | MIPS_INS_SWL, 811 | MIPS_INS_SWR, 812 | MIPS_INS_SWXC1, 813 | MIPS_INS_SYNC, 814 | MIPS_INS_SYSCALL, 815 | MIPS_INS_TEQ, 816 | MIPS_INS_TEQI, 817 | MIPS_INS_TGE, 818 | MIPS_INS_TGEI, 819 | MIPS_INS_TGEIU, 820 | MIPS_INS_TGEU, 821 | MIPS_INS_TLBP, 822 | MIPS_INS_TLBR, 823 | MIPS_INS_TLBWI, 824 | MIPS_INS_TLBWR, 825 | MIPS_INS_TLT, 826 | MIPS_INS_TLTI, 827 | MIPS_INS_TLTIU, 828 | MIPS_INS_TLTU, 829 | MIPS_INS_TNE, 830 | MIPS_INS_TNEI, 831 | MIPS_INS_TRUNC, 832 | MIPS_INS_V3MULU, 833 | MIPS_INS_VMM0, 834 | MIPS_INS_VMULU, 835 | MIPS_INS_VSHF, 836 | MIPS_INS_WAIT, 837 | MIPS_INS_WRDSP, 838 | MIPS_INS_WSBH, 839 | MIPS_INS_XOR, 840 | MIPS_INS_XORI, 841 | 842 | //> some alias instructions 843 | MIPS_INS_NOP, 844 | MIPS_INS_NEGU, 845 | 846 | //> special instructions 847 | MIPS_INS_JALR_HB, // jump and link with Hazard Barrier 848 | MIPS_INS_JR_HB, // jump register with Hazard Barrier 849 | 850 | MIPS_INS_ENDING, 851 | } mips_insn; 852 | 853 | //> Group of MIPS instructions 854 | typedef enum mips_insn_group { 855 | MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID 856 | 857 | //> Generic groups 858 | // all jump instructions (conditional+direct+indirect jumps) 859 | MIPS_GRP_JUMP, // = CS_GRP_JUMP 860 | 861 | //> Architecture-specific groups 862 | MIPS_GRP_BITCOUNT = 128, 863 | MIPS_GRP_DSP, 864 | MIPS_GRP_DSPR2, 865 | MIPS_GRP_FPIDX, 866 | MIPS_GRP_MSA, 867 | MIPS_GRP_MIPS32R2, 868 | MIPS_GRP_MIPS64, 869 | MIPS_GRP_MIPS64R2, 870 | MIPS_GRP_SEINREG, 871 | MIPS_GRP_STDENC, 872 | MIPS_GRP_SWAP, 873 | MIPS_GRP_MICROMIPS, 874 | MIPS_GRP_MIPS16MODE, 875 | MIPS_GRP_FP64BIT, 876 | MIPS_GRP_NONANSFPMATH, 877 | MIPS_GRP_NOTFP64BIT, 878 | MIPS_GRP_NOTINMICROMIPS, 879 | MIPS_GRP_NOTNACL, 880 | MIPS_GRP_NOTMIPS32R6, 881 | MIPS_GRP_NOTMIPS64R6, 882 | MIPS_GRP_CNMIPS, 883 | MIPS_GRP_MIPS32, 884 | MIPS_GRP_MIPS32R6, 885 | MIPS_GRP_MIPS64R6, 886 | MIPS_GRP_MIPS2, 887 | MIPS_GRP_MIPS3, 888 | MIPS_GRP_MIPS3_32, 889 | MIPS_GRP_MIPS3_32R2, 890 | MIPS_GRP_MIPS4_32, 891 | MIPS_GRP_MIPS4_32R2, 892 | MIPS_GRP_MIPS5_32R2, 893 | MIPS_GRP_GP32BIT, 894 | MIPS_GRP_GP64BIT, 895 | 896 | MIPS_GRP_ENDING, 897 | } mips_insn_group; 898 | 899 | #ifdef __cplusplus 900 | } 901 | #endif 902 | 903 | #endif 904 | -------------------------------------------------------------------------------- /src/capstone/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | // handle C99 issue (for pre-2013 VisualStudio) 5 | #ifndef CAPSTONE_PLATFORM_H 6 | #define CAPSTONE_PLATFORM_H 7 | 8 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 9 | // MSVC 10 | 11 | // stdbool.h 12 | #if (_MSC_VER < 1800) 13 | #ifndef __cplusplus 14 | typedef unsigned char bool; 15 | #define false 0 16 | #define true 1 17 | #endif 18 | 19 | #else 20 | // VisualStudio 2013+ -> C99 is supported 21 | #include 22 | #endif 23 | 24 | #else // not MSVC -> C99 is supported 25 | #include 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /src/capstone/ppc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_PPC_H 2 | #define CAPSTONE_PPC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> PPC branch codes for some branch instructions 19 | typedef enum ppc_bc { 20 | PPC_BC_INVALID = 0, 21 | PPC_BC_LT = (0 << 5) | 12, 22 | PPC_BC_LE = (1 << 5) | 4, 23 | PPC_BC_EQ = (2 << 5) | 12, 24 | PPC_BC_GE = (0 << 5) | 4, 25 | PPC_BC_GT = (1 << 5) | 12, 26 | PPC_BC_NE = (2 << 5) | 4, 27 | PPC_BC_UN = (3 << 5) | 12, 28 | PPC_BC_NU = (3 << 5) | 4, 29 | 30 | // extra conditions 31 | PPC_BC_SO = (4 << 5) | 12, // summary overflow 32 | PPC_BC_NS = (4 << 5) | 4, // not summary overflow 33 | } ppc_bc; 34 | 35 | //> PPC branch hint for some branch instructions 36 | typedef enum ppc_bh { 37 | PPC_BH_INVALID = 0, // no hint 38 | PPC_BH_PLUS, // PLUS hint 39 | PPC_BH_MINUS, // MINUS hint 40 | } ppc_bh; 41 | 42 | //> PPC registers 43 | typedef enum ppc_reg { 44 | PPC_REG_INVALID = 0, 45 | 46 | PPC_REG_CARRY, 47 | PPC_REG_CC, 48 | PPC_REG_CR0, 49 | PPC_REG_CR1, 50 | PPC_REG_CR2, 51 | PPC_REG_CR3, 52 | PPC_REG_CR4, 53 | PPC_REG_CR5, 54 | PPC_REG_CR6, 55 | PPC_REG_CR7, 56 | PPC_REG_CTR, 57 | PPC_REG_F0, 58 | PPC_REG_F1, 59 | PPC_REG_F2, 60 | PPC_REG_F3, 61 | PPC_REG_F4, 62 | PPC_REG_F5, 63 | PPC_REG_F6, 64 | PPC_REG_F7, 65 | PPC_REG_F8, 66 | PPC_REG_F9, 67 | PPC_REG_F10, 68 | PPC_REG_F11, 69 | PPC_REG_F12, 70 | PPC_REG_F13, 71 | PPC_REG_F14, 72 | PPC_REG_F15, 73 | PPC_REG_F16, 74 | PPC_REG_F17, 75 | PPC_REG_F18, 76 | PPC_REG_F19, 77 | PPC_REG_F20, 78 | PPC_REG_F21, 79 | PPC_REG_F22, 80 | PPC_REG_F23, 81 | PPC_REG_F24, 82 | PPC_REG_F25, 83 | PPC_REG_F26, 84 | PPC_REG_F27, 85 | PPC_REG_F28, 86 | PPC_REG_F29, 87 | PPC_REG_F30, 88 | PPC_REG_F31, 89 | PPC_REG_LR, 90 | PPC_REG_R0, 91 | PPC_REG_R1, 92 | PPC_REG_R2, 93 | PPC_REG_R3, 94 | PPC_REG_R4, 95 | PPC_REG_R5, 96 | PPC_REG_R6, 97 | PPC_REG_R7, 98 | PPC_REG_R8, 99 | PPC_REG_R9, 100 | PPC_REG_R10, 101 | PPC_REG_R11, 102 | PPC_REG_R12, 103 | PPC_REG_R13, 104 | PPC_REG_R14, 105 | PPC_REG_R15, 106 | PPC_REG_R16, 107 | PPC_REG_R17, 108 | PPC_REG_R18, 109 | PPC_REG_R19, 110 | PPC_REG_R20, 111 | PPC_REG_R21, 112 | PPC_REG_R22, 113 | PPC_REG_R23, 114 | PPC_REG_R24, 115 | PPC_REG_R25, 116 | PPC_REG_R26, 117 | PPC_REG_R27, 118 | PPC_REG_R28, 119 | PPC_REG_R29, 120 | PPC_REG_R30, 121 | PPC_REG_R31, 122 | PPC_REG_V0, 123 | PPC_REG_V1, 124 | PPC_REG_V2, 125 | PPC_REG_V3, 126 | PPC_REG_V4, 127 | PPC_REG_V5, 128 | PPC_REG_V6, 129 | PPC_REG_V7, 130 | PPC_REG_V8, 131 | PPC_REG_V9, 132 | PPC_REG_V10, 133 | PPC_REG_V11, 134 | PPC_REG_V12, 135 | PPC_REG_V13, 136 | PPC_REG_V14, 137 | PPC_REG_V15, 138 | PPC_REG_V16, 139 | PPC_REG_V17, 140 | PPC_REG_V18, 141 | PPC_REG_V19, 142 | PPC_REG_V20, 143 | PPC_REG_V21, 144 | PPC_REG_V22, 145 | PPC_REG_V23, 146 | PPC_REG_V24, 147 | PPC_REG_V25, 148 | PPC_REG_V26, 149 | PPC_REG_V27, 150 | PPC_REG_V28, 151 | PPC_REG_V29, 152 | PPC_REG_V30, 153 | PPC_REG_V31, 154 | PPC_REG_VRSAVE, 155 | PPC_REG_VS0, 156 | PPC_REG_VS1, 157 | PPC_REG_VS2, 158 | PPC_REG_VS3, 159 | PPC_REG_VS4, 160 | PPC_REG_VS5, 161 | PPC_REG_VS6, 162 | PPC_REG_VS7, 163 | PPC_REG_VS8, 164 | PPC_REG_VS9, 165 | PPC_REG_VS10, 166 | PPC_REG_VS11, 167 | PPC_REG_VS12, 168 | PPC_REG_VS13, 169 | PPC_REG_VS14, 170 | PPC_REG_VS15, 171 | PPC_REG_VS16, 172 | PPC_REG_VS17, 173 | PPC_REG_VS18, 174 | PPC_REG_VS19, 175 | PPC_REG_VS20, 176 | PPC_REG_VS21, 177 | PPC_REG_VS22, 178 | PPC_REG_VS23, 179 | PPC_REG_VS24, 180 | PPC_REG_VS25, 181 | PPC_REG_VS26, 182 | PPC_REG_VS27, 183 | PPC_REG_VS28, 184 | PPC_REG_VS29, 185 | PPC_REG_VS30, 186 | PPC_REG_VS31, 187 | PPC_REG_VS32, 188 | PPC_REG_VS33, 189 | PPC_REG_VS34, 190 | PPC_REG_VS35, 191 | PPC_REG_VS36, 192 | PPC_REG_VS37, 193 | PPC_REG_VS38, 194 | PPC_REG_VS39, 195 | PPC_REG_VS40, 196 | PPC_REG_VS41, 197 | PPC_REG_VS42, 198 | PPC_REG_VS43, 199 | PPC_REG_VS44, 200 | PPC_REG_VS45, 201 | PPC_REG_VS46, 202 | PPC_REG_VS47, 203 | PPC_REG_VS48, 204 | PPC_REG_VS49, 205 | PPC_REG_VS50, 206 | PPC_REG_VS51, 207 | PPC_REG_VS52, 208 | PPC_REG_VS53, 209 | PPC_REG_VS54, 210 | PPC_REG_VS55, 211 | PPC_REG_VS56, 212 | PPC_REG_VS57, 213 | PPC_REG_VS58, 214 | PPC_REG_VS59, 215 | PPC_REG_VS60, 216 | PPC_REG_VS61, 217 | PPC_REG_VS62, 218 | PPC_REG_VS63, 219 | 220 | // extra registers for PPCMapping.c 221 | PPC_REG_RM, 222 | PPC_REG_CTR8, 223 | PPC_REG_LR8, 224 | PPC_REG_CR1EQ, 225 | 226 | PPC_REG_ENDING, // <-- mark the end of the list of registers 227 | } ppc_reg; 228 | 229 | //> Operand type for instruction's operands 230 | typedef enum ppc_op_type { 231 | PPC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 232 | PPC_OP_REG, // = CS_OP_REG (Register operand). 233 | PPC_OP_IMM, // = CS_OP_IMM (Immediate operand). 234 | PPC_OP_MEM, // = CS_OP_MEM (Memory operand). 235 | PPC_OP_CRX = 64, // Condition Register field 236 | } ppc_op_type; 237 | 238 | // Instruction's operand referring to memory 239 | // This is associated with PPC_OP_MEM operand type above 240 | typedef struct ppc_op_mem { 241 | ppc_reg base; // base register 242 | int32_t disp; // displacement/offset value 243 | } ppc_op_mem; 244 | 245 | typedef struct ppc_op_crx { 246 | unsigned int scale; 247 | ppc_reg reg; 248 | ppc_bc cond; 249 | } ppc_op_crx; 250 | 251 | // Instruction operand 252 | typedef struct cs_ppc_op { 253 | ppc_op_type type; // operand type 254 | union { 255 | ppc_reg reg; // register value for REG operand 256 | int32_t imm; // immediate value for IMM operand 257 | ppc_op_mem mem; // base/disp value for MEM operand 258 | ppc_op_crx crx; // operand with condition register 259 | }; 260 | } cs_ppc_op; 261 | 262 | // Instruction structure 263 | typedef struct cs_ppc { 264 | // branch code for branch instructions 265 | ppc_bc bc; 266 | 267 | // branch hint for branch instructions 268 | ppc_bh bh; 269 | 270 | // if update_cr0 = True, then this 'dot' insn updates CR0 271 | bool update_cr0; 272 | 273 | // Number of operands of this instruction, 274 | // or 0 when instruction has no operand. 275 | uint8_t op_count; 276 | cs_ppc_op operands[8]; // operands for this instruction. 277 | } cs_ppc; 278 | 279 | 280 | //> PPC instruction 281 | typedef enum ppc_insn { 282 | PPC_INS_INVALID = 0, 283 | 284 | PPC_INS_ADD, 285 | PPC_INS_ADDC, 286 | PPC_INS_ADDE, 287 | PPC_INS_ADDI, 288 | PPC_INS_ADDIC, 289 | PPC_INS_ADDIS, 290 | PPC_INS_ADDME, 291 | PPC_INS_ADDZE, 292 | PPC_INS_AND, 293 | PPC_INS_ANDC, 294 | PPC_INS_ANDIS, 295 | PPC_INS_ANDI, 296 | PPC_INS_B, 297 | PPC_INS_BA, 298 | PPC_INS_BC, 299 | PPC_INS_BCCTR, 300 | PPC_INS_BCCTRL, 301 | PPC_INS_BCL, 302 | PPC_INS_BCLR, 303 | PPC_INS_BCLRL, 304 | PPC_INS_BCTR, 305 | PPC_INS_BCTRL, 306 | PPC_INS_BDNZ, 307 | PPC_INS_BDNZA, 308 | PPC_INS_BDNZL, 309 | PPC_INS_BDNZLA, 310 | PPC_INS_BDNZLR, 311 | PPC_INS_BDNZLRL, 312 | PPC_INS_BDZ, 313 | PPC_INS_BDZA, 314 | PPC_INS_BDZL, 315 | PPC_INS_BDZLA, 316 | PPC_INS_BDZLR, 317 | PPC_INS_BDZLRL, 318 | PPC_INS_BL, 319 | PPC_INS_BLA, 320 | PPC_INS_BLR, 321 | PPC_INS_BLRL, 322 | PPC_INS_BRINC, 323 | PPC_INS_CMPD, 324 | PPC_INS_CMPDI, 325 | PPC_INS_CMPLD, 326 | PPC_INS_CMPLDI, 327 | PPC_INS_CMPLW, 328 | PPC_INS_CMPLWI, 329 | PPC_INS_CMPW, 330 | PPC_INS_CMPWI, 331 | PPC_INS_CNTLZD, 332 | PPC_INS_CNTLZW, 333 | PPC_INS_CREQV, 334 | PPC_INS_CRXOR, 335 | PPC_INS_CRAND, 336 | PPC_INS_CRANDC, 337 | PPC_INS_CRNAND, 338 | PPC_INS_CRNOR, 339 | PPC_INS_CROR, 340 | PPC_INS_CRORC, 341 | PPC_INS_DCBA, 342 | PPC_INS_DCBF, 343 | PPC_INS_DCBI, 344 | PPC_INS_DCBST, 345 | PPC_INS_DCBT, 346 | PPC_INS_DCBTST, 347 | PPC_INS_DCBZ, 348 | PPC_INS_DCBZL, 349 | PPC_INS_DCCCI, 350 | PPC_INS_DIVD, 351 | PPC_INS_DIVDU, 352 | PPC_INS_DIVW, 353 | PPC_INS_DIVWU, 354 | PPC_INS_DSS, 355 | PPC_INS_DSSALL, 356 | PPC_INS_DST, 357 | PPC_INS_DSTST, 358 | PPC_INS_DSTSTT, 359 | PPC_INS_DSTT, 360 | PPC_INS_EIEIO, 361 | PPC_INS_EQV, 362 | PPC_INS_EVABS, 363 | PPC_INS_EVADDIW, 364 | PPC_INS_EVADDSMIAAW, 365 | PPC_INS_EVADDSSIAAW, 366 | PPC_INS_EVADDUMIAAW, 367 | PPC_INS_EVADDUSIAAW, 368 | PPC_INS_EVADDW, 369 | PPC_INS_EVAND, 370 | PPC_INS_EVANDC, 371 | PPC_INS_EVCMPEQ, 372 | PPC_INS_EVCMPGTS, 373 | PPC_INS_EVCMPGTU, 374 | PPC_INS_EVCMPLTS, 375 | PPC_INS_EVCMPLTU, 376 | PPC_INS_EVCNTLSW, 377 | PPC_INS_EVCNTLZW, 378 | PPC_INS_EVDIVWS, 379 | PPC_INS_EVDIVWU, 380 | PPC_INS_EVEQV, 381 | PPC_INS_EVEXTSB, 382 | PPC_INS_EVEXTSH, 383 | PPC_INS_EVLDD, 384 | PPC_INS_EVLDDX, 385 | PPC_INS_EVLDH, 386 | PPC_INS_EVLDHX, 387 | PPC_INS_EVLDW, 388 | PPC_INS_EVLDWX, 389 | PPC_INS_EVLHHESPLAT, 390 | PPC_INS_EVLHHESPLATX, 391 | PPC_INS_EVLHHOSSPLAT, 392 | PPC_INS_EVLHHOSSPLATX, 393 | PPC_INS_EVLHHOUSPLAT, 394 | PPC_INS_EVLHHOUSPLATX, 395 | PPC_INS_EVLWHE, 396 | PPC_INS_EVLWHEX, 397 | PPC_INS_EVLWHOS, 398 | PPC_INS_EVLWHOSX, 399 | PPC_INS_EVLWHOU, 400 | PPC_INS_EVLWHOUX, 401 | PPC_INS_EVLWHSPLAT, 402 | PPC_INS_EVLWHSPLATX, 403 | PPC_INS_EVLWWSPLAT, 404 | PPC_INS_EVLWWSPLATX, 405 | PPC_INS_EVMERGEHI, 406 | PPC_INS_EVMERGEHILO, 407 | PPC_INS_EVMERGELO, 408 | PPC_INS_EVMERGELOHI, 409 | PPC_INS_EVMHEGSMFAA, 410 | PPC_INS_EVMHEGSMFAN, 411 | PPC_INS_EVMHEGSMIAA, 412 | PPC_INS_EVMHEGSMIAN, 413 | PPC_INS_EVMHEGUMIAA, 414 | PPC_INS_EVMHEGUMIAN, 415 | PPC_INS_EVMHESMF, 416 | PPC_INS_EVMHESMFA, 417 | PPC_INS_EVMHESMFAAW, 418 | PPC_INS_EVMHESMFANW, 419 | PPC_INS_EVMHESMI, 420 | PPC_INS_EVMHESMIA, 421 | PPC_INS_EVMHESMIAAW, 422 | PPC_INS_EVMHESMIANW, 423 | PPC_INS_EVMHESSF, 424 | PPC_INS_EVMHESSFA, 425 | PPC_INS_EVMHESSFAAW, 426 | PPC_INS_EVMHESSFANW, 427 | PPC_INS_EVMHESSIAAW, 428 | PPC_INS_EVMHESSIANW, 429 | PPC_INS_EVMHEUMI, 430 | PPC_INS_EVMHEUMIA, 431 | PPC_INS_EVMHEUMIAAW, 432 | PPC_INS_EVMHEUMIANW, 433 | PPC_INS_EVMHEUSIAAW, 434 | PPC_INS_EVMHEUSIANW, 435 | PPC_INS_EVMHOGSMFAA, 436 | PPC_INS_EVMHOGSMFAN, 437 | PPC_INS_EVMHOGSMIAA, 438 | PPC_INS_EVMHOGSMIAN, 439 | PPC_INS_EVMHOGUMIAA, 440 | PPC_INS_EVMHOGUMIAN, 441 | PPC_INS_EVMHOSMF, 442 | PPC_INS_EVMHOSMFA, 443 | PPC_INS_EVMHOSMFAAW, 444 | PPC_INS_EVMHOSMFANW, 445 | PPC_INS_EVMHOSMI, 446 | PPC_INS_EVMHOSMIA, 447 | PPC_INS_EVMHOSMIAAW, 448 | PPC_INS_EVMHOSMIANW, 449 | PPC_INS_EVMHOSSF, 450 | PPC_INS_EVMHOSSFA, 451 | PPC_INS_EVMHOSSFAAW, 452 | PPC_INS_EVMHOSSFANW, 453 | PPC_INS_EVMHOSSIAAW, 454 | PPC_INS_EVMHOSSIANW, 455 | PPC_INS_EVMHOUMI, 456 | PPC_INS_EVMHOUMIA, 457 | PPC_INS_EVMHOUMIAAW, 458 | PPC_INS_EVMHOUMIANW, 459 | PPC_INS_EVMHOUSIAAW, 460 | PPC_INS_EVMHOUSIANW, 461 | PPC_INS_EVMRA, 462 | PPC_INS_EVMWHSMF, 463 | PPC_INS_EVMWHSMFA, 464 | PPC_INS_EVMWHSMI, 465 | PPC_INS_EVMWHSMIA, 466 | PPC_INS_EVMWHSSF, 467 | PPC_INS_EVMWHSSFA, 468 | PPC_INS_EVMWHUMI, 469 | PPC_INS_EVMWHUMIA, 470 | PPC_INS_EVMWLSMIAAW, 471 | PPC_INS_EVMWLSMIANW, 472 | PPC_INS_EVMWLSSIAAW, 473 | PPC_INS_EVMWLSSIANW, 474 | PPC_INS_EVMWLUMI, 475 | PPC_INS_EVMWLUMIA, 476 | PPC_INS_EVMWLUMIAAW, 477 | PPC_INS_EVMWLUMIANW, 478 | PPC_INS_EVMWLUSIAAW, 479 | PPC_INS_EVMWLUSIANW, 480 | PPC_INS_EVMWSMF, 481 | PPC_INS_EVMWSMFA, 482 | PPC_INS_EVMWSMFAA, 483 | PPC_INS_EVMWSMFAN, 484 | PPC_INS_EVMWSMI, 485 | PPC_INS_EVMWSMIA, 486 | PPC_INS_EVMWSMIAA, 487 | PPC_INS_EVMWSMIAN, 488 | PPC_INS_EVMWSSF, 489 | PPC_INS_EVMWSSFA, 490 | PPC_INS_EVMWSSFAA, 491 | PPC_INS_EVMWSSFAN, 492 | PPC_INS_EVMWUMI, 493 | PPC_INS_EVMWUMIA, 494 | PPC_INS_EVMWUMIAA, 495 | PPC_INS_EVMWUMIAN, 496 | PPC_INS_EVNAND, 497 | PPC_INS_EVNEG, 498 | PPC_INS_EVNOR, 499 | PPC_INS_EVOR, 500 | PPC_INS_EVORC, 501 | PPC_INS_EVRLW, 502 | PPC_INS_EVRLWI, 503 | PPC_INS_EVRNDW, 504 | PPC_INS_EVSLW, 505 | PPC_INS_EVSLWI, 506 | PPC_INS_EVSPLATFI, 507 | PPC_INS_EVSPLATI, 508 | PPC_INS_EVSRWIS, 509 | PPC_INS_EVSRWIU, 510 | PPC_INS_EVSRWS, 511 | PPC_INS_EVSRWU, 512 | PPC_INS_EVSTDD, 513 | PPC_INS_EVSTDDX, 514 | PPC_INS_EVSTDH, 515 | PPC_INS_EVSTDHX, 516 | PPC_INS_EVSTDW, 517 | PPC_INS_EVSTDWX, 518 | PPC_INS_EVSTWHE, 519 | PPC_INS_EVSTWHEX, 520 | PPC_INS_EVSTWHO, 521 | PPC_INS_EVSTWHOX, 522 | PPC_INS_EVSTWWE, 523 | PPC_INS_EVSTWWEX, 524 | PPC_INS_EVSTWWO, 525 | PPC_INS_EVSTWWOX, 526 | PPC_INS_EVSUBFSMIAAW, 527 | PPC_INS_EVSUBFSSIAAW, 528 | PPC_INS_EVSUBFUMIAAW, 529 | PPC_INS_EVSUBFUSIAAW, 530 | PPC_INS_EVSUBFW, 531 | PPC_INS_EVSUBIFW, 532 | PPC_INS_EVXOR, 533 | PPC_INS_EXTSB, 534 | PPC_INS_EXTSH, 535 | PPC_INS_EXTSW, 536 | PPC_INS_FABS, 537 | PPC_INS_FADD, 538 | PPC_INS_FADDS, 539 | PPC_INS_FCFID, 540 | PPC_INS_FCFIDS, 541 | PPC_INS_FCFIDU, 542 | PPC_INS_FCFIDUS, 543 | PPC_INS_FCMPU, 544 | PPC_INS_FCPSGN, 545 | PPC_INS_FCTID, 546 | PPC_INS_FCTIDUZ, 547 | PPC_INS_FCTIDZ, 548 | PPC_INS_FCTIW, 549 | PPC_INS_FCTIWUZ, 550 | PPC_INS_FCTIWZ, 551 | PPC_INS_FDIV, 552 | PPC_INS_FDIVS, 553 | PPC_INS_FMADD, 554 | PPC_INS_FMADDS, 555 | PPC_INS_FMR, 556 | PPC_INS_FMSUB, 557 | PPC_INS_FMSUBS, 558 | PPC_INS_FMUL, 559 | PPC_INS_FMULS, 560 | PPC_INS_FNABS, 561 | PPC_INS_FNEG, 562 | PPC_INS_FNMADD, 563 | PPC_INS_FNMADDS, 564 | PPC_INS_FNMSUB, 565 | PPC_INS_FNMSUBS, 566 | PPC_INS_FRE, 567 | PPC_INS_FRES, 568 | PPC_INS_FRIM, 569 | PPC_INS_FRIN, 570 | PPC_INS_FRIP, 571 | PPC_INS_FRIZ, 572 | PPC_INS_FRSP, 573 | PPC_INS_FRSQRTE, 574 | PPC_INS_FRSQRTES, 575 | PPC_INS_FSEL, 576 | PPC_INS_FSQRT, 577 | PPC_INS_FSQRTS, 578 | PPC_INS_FSUB, 579 | PPC_INS_FSUBS, 580 | PPC_INS_ICBI, 581 | PPC_INS_ICCCI, 582 | PPC_INS_ISEL, 583 | PPC_INS_ISYNC, 584 | PPC_INS_LA, 585 | PPC_INS_LBZ, 586 | PPC_INS_LBZU, 587 | PPC_INS_LBZUX, 588 | PPC_INS_LBZX, 589 | PPC_INS_LD, 590 | PPC_INS_LDARX, 591 | PPC_INS_LDBRX, 592 | PPC_INS_LDU, 593 | PPC_INS_LDUX, 594 | PPC_INS_LDX, 595 | PPC_INS_LFD, 596 | PPC_INS_LFDU, 597 | PPC_INS_LFDUX, 598 | PPC_INS_LFDX, 599 | PPC_INS_LFIWAX, 600 | PPC_INS_LFIWZX, 601 | PPC_INS_LFS, 602 | PPC_INS_LFSU, 603 | PPC_INS_LFSUX, 604 | PPC_INS_LFSX, 605 | PPC_INS_LHA, 606 | PPC_INS_LHAU, 607 | PPC_INS_LHAUX, 608 | PPC_INS_LHAX, 609 | PPC_INS_LHBRX, 610 | PPC_INS_LHZ, 611 | PPC_INS_LHZU, 612 | PPC_INS_LHZUX, 613 | PPC_INS_LHZX, 614 | PPC_INS_LI, 615 | PPC_INS_LIS, 616 | PPC_INS_LMW, 617 | PPC_INS_LSWI, 618 | PPC_INS_LVEBX, 619 | PPC_INS_LVEHX, 620 | PPC_INS_LVEWX, 621 | PPC_INS_LVSL, 622 | PPC_INS_LVSR, 623 | PPC_INS_LVX, 624 | PPC_INS_LVXL, 625 | PPC_INS_LWA, 626 | PPC_INS_LWARX, 627 | PPC_INS_LWAUX, 628 | PPC_INS_LWAX, 629 | PPC_INS_LWBRX, 630 | PPC_INS_LWZ, 631 | PPC_INS_LWZU, 632 | PPC_INS_LWZUX, 633 | PPC_INS_LWZX, 634 | PPC_INS_LXSDX, 635 | PPC_INS_LXVD2X, 636 | PPC_INS_LXVDSX, 637 | PPC_INS_LXVW4X, 638 | PPC_INS_MBAR, 639 | PPC_INS_MCRF, 640 | PPC_INS_MFCR, 641 | PPC_INS_MFCTR, 642 | PPC_INS_MFDCR, 643 | PPC_INS_MFFS, 644 | PPC_INS_MFLR, 645 | PPC_INS_MFMSR, 646 | PPC_INS_MFOCRF, 647 | PPC_INS_MFSPR, 648 | PPC_INS_MFSR, 649 | PPC_INS_MFSRIN, 650 | PPC_INS_MFTB, 651 | PPC_INS_MFVSCR, 652 | PPC_INS_MSYNC, 653 | PPC_INS_MTCRF, 654 | PPC_INS_MTCTR, 655 | PPC_INS_MTDCR, 656 | PPC_INS_MTFSB0, 657 | PPC_INS_MTFSB1, 658 | PPC_INS_MTFSF, 659 | PPC_INS_MTLR, 660 | PPC_INS_MTMSR, 661 | PPC_INS_MTMSRD, 662 | PPC_INS_MTOCRF, 663 | PPC_INS_MTSPR, 664 | PPC_INS_MTSR, 665 | PPC_INS_MTSRIN, 666 | PPC_INS_MTVSCR, 667 | PPC_INS_MULHD, 668 | PPC_INS_MULHDU, 669 | PPC_INS_MULHW, 670 | PPC_INS_MULHWU, 671 | PPC_INS_MULLD, 672 | PPC_INS_MULLI, 673 | PPC_INS_MULLW, 674 | PPC_INS_NAND, 675 | PPC_INS_NEG, 676 | PPC_INS_NOP, 677 | PPC_INS_ORI, 678 | PPC_INS_NOR, 679 | PPC_INS_OR, 680 | PPC_INS_ORC, 681 | PPC_INS_ORIS, 682 | PPC_INS_POPCNTD, 683 | PPC_INS_POPCNTW, 684 | PPC_INS_RFCI, 685 | PPC_INS_RFDI, 686 | PPC_INS_RFI, 687 | PPC_INS_RFID, 688 | PPC_INS_RFMCI, 689 | PPC_INS_RLDCL, 690 | PPC_INS_RLDCR, 691 | PPC_INS_RLDIC, 692 | PPC_INS_RLDICL, 693 | PPC_INS_RLDICR, 694 | PPC_INS_RLDIMI, 695 | PPC_INS_RLWIMI, 696 | PPC_INS_RLWINM, 697 | PPC_INS_RLWNM, 698 | PPC_INS_SC, 699 | PPC_INS_SLBIA, 700 | PPC_INS_SLBIE, 701 | PPC_INS_SLBMFEE, 702 | PPC_INS_SLBMTE, 703 | PPC_INS_SLD, 704 | PPC_INS_SLW, 705 | PPC_INS_SRAD, 706 | PPC_INS_SRADI, 707 | PPC_INS_SRAW, 708 | PPC_INS_SRAWI, 709 | PPC_INS_SRD, 710 | PPC_INS_SRW, 711 | PPC_INS_STB, 712 | PPC_INS_STBU, 713 | PPC_INS_STBUX, 714 | PPC_INS_STBX, 715 | PPC_INS_STD, 716 | PPC_INS_STDBRX, 717 | PPC_INS_STDCX, 718 | PPC_INS_STDU, 719 | PPC_INS_STDUX, 720 | PPC_INS_STDX, 721 | PPC_INS_STFD, 722 | PPC_INS_STFDU, 723 | PPC_INS_STFDUX, 724 | PPC_INS_STFDX, 725 | PPC_INS_STFIWX, 726 | PPC_INS_STFS, 727 | PPC_INS_STFSU, 728 | PPC_INS_STFSUX, 729 | PPC_INS_STFSX, 730 | PPC_INS_STH, 731 | PPC_INS_STHBRX, 732 | PPC_INS_STHU, 733 | PPC_INS_STHUX, 734 | PPC_INS_STHX, 735 | PPC_INS_STMW, 736 | PPC_INS_STSWI, 737 | PPC_INS_STVEBX, 738 | PPC_INS_STVEHX, 739 | PPC_INS_STVEWX, 740 | PPC_INS_STVX, 741 | PPC_INS_STVXL, 742 | PPC_INS_STW, 743 | PPC_INS_STWBRX, 744 | PPC_INS_STWCX, 745 | PPC_INS_STWU, 746 | PPC_INS_STWUX, 747 | PPC_INS_STWX, 748 | PPC_INS_STXSDX, 749 | PPC_INS_STXVD2X, 750 | PPC_INS_STXVW4X, 751 | PPC_INS_SUBF, 752 | PPC_INS_SUBFC, 753 | PPC_INS_SUBFE, 754 | PPC_INS_SUBFIC, 755 | PPC_INS_SUBFME, 756 | PPC_INS_SUBFZE, 757 | PPC_INS_SYNC, 758 | PPC_INS_TD, 759 | PPC_INS_TDI, 760 | PPC_INS_TLBIA, 761 | PPC_INS_TLBIE, 762 | PPC_INS_TLBIEL, 763 | PPC_INS_TLBIVAX, 764 | PPC_INS_TLBLD, 765 | PPC_INS_TLBLI, 766 | PPC_INS_TLBRE, 767 | PPC_INS_TLBSX, 768 | PPC_INS_TLBSYNC, 769 | PPC_INS_TLBWE, 770 | PPC_INS_TRAP, 771 | PPC_INS_TW, 772 | PPC_INS_TWI, 773 | PPC_INS_VADDCUW, 774 | PPC_INS_VADDFP, 775 | PPC_INS_VADDSBS, 776 | PPC_INS_VADDSHS, 777 | PPC_INS_VADDSWS, 778 | PPC_INS_VADDUBM, 779 | PPC_INS_VADDUBS, 780 | PPC_INS_VADDUHM, 781 | PPC_INS_VADDUHS, 782 | PPC_INS_VADDUWM, 783 | PPC_INS_VADDUWS, 784 | PPC_INS_VAND, 785 | PPC_INS_VANDC, 786 | PPC_INS_VAVGSB, 787 | PPC_INS_VAVGSH, 788 | PPC_INS_VAVGSW, 789 | PPC_INS_VAVGUB, 790 | PPC_INS_VAVGUH, 791 | PPC_INS_VAVGUW, 792 | PPC_INS_VCFSX, 793 | PPC_INS_VCFUX, 794 | PPC_INS_VCMPBFP, 795 | PPC_INS_VCMPEQFP, 796 | PPC_INS_VCMPEQUB, 797 | PPC_INS_VCMPEQUH, 798 | PPC_INS_VCMPEQUW, 799 | PPC_INS_VCMPGEFP, 800 | PPC_INS_VCMPGTFP, 801 | PPC_INS_VCMPGTSB, 802 | PPC_INS_VCMPGTSH, 803 | PPC_INS_VCMPGTSW, 804 | PPC_INS_VCMPGTUB, 805 | PPC_INS_VCMPGTUH, 806 | PPC_INS_VCMPGTUW, 807 | PPC_INS_VCTSXS, 808 | PPC_INS_VCTUXS, 809 | PPC_INS_VEXPTEFP, 810 | PPC_INS_VLOGEFP, 811 | PPC_INS_VMADDFP, 812 | PPC_INS_VMAXFP, 813 | PPC_INS_VMAXSB, 814 | PPC_INS_VMAXSH, 815 | PPC_INS_VMAXSW, 816 | PPC_INS_VMAXUB, 817 | PPC_INS_VMAXUH, 818 | PPC_INS_VMAXUW, 819 | PPC_INS_VMHADDSHS, 820 | PPC_INS_VMHRADDSHS, 821 | PPC_INS_VMINFP, 822 | PPC_INS_VMINSB, 823 | PPC_INS_VMINSH, 824 | PPC_INS_VMINSW, 825 | PPC_INS_VMINUB, 826 | PPC_INS_VMINUH, 827 | PPC_INS_VMINUW, 828 | PPC_INS_VMLADDUHM, 829 | PPC_INS_VMRGHB, 830 | PPC_INS_VMRGHH, 831 | PPC_INS_VMRGHW, 832 | PPC_INS_VMRGLB, 833 | PPC_INS_VMRGLH, 834 | PPC_INS_VMRGLW, 835 | PPC_INS_VMSUMMBM, 836 | PPC_INS_VMSUMSHM, 837 | PPC_INS_VMSUMSHS, 838 | PPC_INS_VMSUMUBM, 839 | PPC_INS_VMSUMUHM, 840 | PPC_INS_VMSUMUHS, 841 | PPC_INS_VMULESB, 842 | PPC_INS_VMULESH, 843 | PPC_INS_VMULEUB, 844 | PPC_INS_VMULEUH, 845 | PPC_INS_VMULOSB, 846 | PPC_INS_VMULOSH, 847 | PPC_INS_VMULOUB, 848 | PPC_INS_VMULOUH, 849 | PPC_INS_VNMSUBFP, 850 | PPC_INS_VNOR, 851 | PPC_INS_VOR, 852 | PPC_INS_VPERM, 853 | PPC_INS_VPKPX, 854 | PPC_INS_VPKSHSS, 855 | PPC_INS_VPKSHUS, 856 | PPC_INS_VPKSWSS, 857 | PPC_INS_VPKSWUS, 858 | PPC_INS_VPKUHUM, 859 | PPC_INS_VPKUHUS, 860 | PPC_INS_VPKUWUM, 861 | PPC_INS_VPKUWUS, 862 | PPC_INS_VREFP, 863 | PPC_INS_VRFIM, 864 | PPC_INS_VRFIN, 865 | PPC_INS_VRFIP, 866 | PPC_INS_VRFIZ, 867 | PPC_INS_VRLB, 868 | PPC_INS_VRLH, 869 | PPC_INS_VRLW, 870 | PPC_INS_VRSQRTEFP, 871 | PPC_INS_VSEL, 872 | PPC_INS_VSL, 873 | PPC_INS_VSLB, 874 | PPC_INS_VSLDOI, 875 | PPC_INS_VSLH, 876 | PPC_INS_VSLO, 877 | PPC_INS_VSLW, 878 | PPC_INS_VSPLTB, 879 | PPC_INS_VSPLTH, 880 | PPC_INS_VSPLTISB, 881 | PPC_INS_VSPLTISH, 882 | PPC_INS_VSPLTISW, 883 | PPC_INS_VSPLTW, 884 | PPC_INS_VSR, 885 | PPC_INS_VSRAB, 886 | PPC_INS_VSRAH, 887 | PPC_INS_VSRAW, 888 | PPC_INS_VSRB, 889 | PPC_INS_VSRH, 890 | PPC_INS_VSRO, 891 | PPC_INS_VSRW, 892 | PPC_INS_VSUBCUW, 893 | PPC_INS_VSUBFP, 894 | PPC_INS_VSUBSBS, 895 | PPC_INS_VSUBSHS, 896 | PPC_INS_VSUBSWS, 897 | PPC_INS_VSUBUBM, 898 | PPC_INS_VSUBUBS, 899 | PPC_INS_VSUBUHM, 900 | PPC_INS_VSUBUHS, 901 | PPC_INS_VSUBUWM, 902 | PPC_INS_VSUBUWS, 903 | PPC_INS_VSUM2SWS, 904 | PPC_INS_VSUM4SBS, 905 | PPC_INS_VSUM4SHS, 906 | PPC_INS_VSUM4UBS, 907 | PPC_INS_VSUMSWS, 908 | PPC_INS_VUPKHPX, 909 | PPC_INS_VUPKHSB, 910 | PPC_INS_VUPKHSH, 911 | PPC_INS_VUPKLPX, 912 | PPC_INS_VUPKLSB, 913 | PPC_INS_VUPKLSH, 914 | PPC_INS_VXOR, 915 | PPC_INS_WAIT, 916 | PPC_INS_WRTEE, 917 | PPC_INS_WRTEEI, 918 | PPC_INS_XOR, 919 | PPC_INS_XORI, 920 | PPC_INS_XORIS, 921 | PPC_INS_XSABSDP, 922 | PPC_INS_XSADDDP, 923 | PPC_INS_XSCMPODP, 924 | PPC_INS_XSCMPUDP, 925 | PPC_INS_XSCPSGNDP, 926 | PPC_INS_XSCVDPSP, 927 | PPC_INS_XSCVDPSXDS, 928 | PPC_INS_XSCVDPSXWS, 929 | PPC_INS_XSCVDPUXDS, 930 | PPC_INS_XSCVDPUXWS, 931 | PPC_INS_XSCVSPDP, 932 | PPC_INS_XSCVSXDDP, 933 | PPC_INS_XSCVUXDDP, 934 | PPC_INS_XSDIVDP, 935 | PPC_INS_XSMADDADP, 936 | PPC_INS_XSMADDMDP, 937 | PPC_INS_XSMAXDP, 938 | PPC_INS_XSMINDP, 939 | PPC_INS_XSMSUBADP, 940 | PPC_INS_XSMSUBMDP, 941 | PPC_INS_XSMULDP, 942 | PPC_INS_XSNABSDP, 943 | PPC_INS_XSNEGDP, 944 | PPC_INS_XSNMADDADP, 945 | PPC_INS_XSNMADDMDP, 946 | PPC_INS_XSNMSUBADP, 947 | PPC_INS_XSNMSUBMDP, 948 | PPC_INS_XSRDPI, 949 | PPC_INS_XSRDPIC, 950 | PPC_INS_XSRDPIM, 951 | PPC_INS_XSRDPIP, 952 | PPC_INS_XSRDPIZ, 953 | PPC_INS_XSREDP, 954 | PPC_INS_XSRSQRTEDP, 955 | PPC_INS_XSSQRTDP, 956 | PPC_INS_XSSUBDP, 957 | PPC_INS_XSTDIVDP, 958 | PPC_INS_XSTSQRTDP, 959 | PPC_INS_XVABSDP, 960 | PPC_INS_XVABSSP, 961 | PPC_INS_XVADDDP, 962 | PPC_INS_XVADDSP, 963 | PPC_INS_XVCMPEQDP, 964 | PPC_INS_XVCMPEQSP, 965 | PPC_INS_XVCMPGEDP, 966 | PPC_INS_XVCMPGESP, 967 | PPC_INS_XVCMPGTDP, 968 | PPC_INS_XVCMPGTSP, 969 | PPC_INS_XVCPSGNDP, 970 | PPC_INS_XVCPSGNSP, 971 | PPC_INS_XVCVDPSP, 972 | PPC_INS_XVCVDPSXDS, 973 | PPC_INS_XVCVDPSXWS, 974 | PPC_INS_XVCVDPUXDS, 975 | PPC_INS_XVCVDPUXWS, 976 | PPC_INS_XVCVSPDP, 977 | PPC_INS_XVCVSPSXDS, 978 | PPC_INS_XVCVSPSXWS, 979 | PPC_INS_XVCVSPUXDS, 980 | PPC_INS_XVCVSPUXWS, 981 | PPC_INS_XVCVSXDDP, 982 | PPC_INS_XVCVSXDSP, 983 | PPC_INS_XVCVSXWDP, 984 | PPC_INS_XVCVSXWSP, 985 | PPC_INS_XVCVUXDDP, 986 | PPC_INS_XVCVUXDSP, 987 | PPC_INS_XVCVUXWDP, 988 | PPC_INS_XVCVUXWSP, 989 | PPC_INS_XVDIVDP, 990 | PPC_INS_XVDIVSP, 991 | PPC_INS_XVMADDADP, 992 | PPC_INS_XVMADDASP, 993 | PPC_INS_XVMADDMDP, 994 | PPC_INS_XVMADDMSP, 995 | PPC_INS_XVMAXDP, 996 | PPC_INS_XVMAXSP, 997 | PPC_INS_XVMINDP, 998 | PPC_INS_XVMINSP, 999 | PPC_INS_XVMSUBADP, 1000 | PPC_INS_XVMSUBASP, 1001 | PPC_INS_XVMSUBMDP, 1002 | PPC_INS_XVMSUBMSP, 1003 | PPC_INS_XVMULDP, 1004 | PPC_INS_XVMULSP, 1005 | PPC_INS_XVNABSDP, 1006 | PPC_INS_XVNABSSP, 1007 | PPC_INS_XVNEGDP, 1008 | PPC_INS_XVNEGSP, 1009 | PPC_INS_XVNMADDADP, 1010 | PPC_INS_XVNMADDASP, 1011 | PPC_INS_XVNMADDMDP, 1012 | PPC_INS_XVNMADDMSP, 1013 | PPC_INS_XVNMSUBADP, 1014 | PPC_INS_XVNMSUBASP, 1015 | PPC_INS_XVNMSUBMDP, 1016 | PPC_INS_XVNMSUBMSP, 1017 | PPC_INS_XVRDPI, 1018 | PPC_INS_XVRDPIC, 1019 | PPC_INS_XVRDPIM, 1020 | PPC_INS_XVRDPIP, 1021 | PPC_INS_XVRDPIZ, 1022 | PPC_INS_XVREDP, 1023 | PPC_INS_XVRESP, 1024 | PPC_INS_XVRSPI, 1025 | PPC_INS_XVRSPIC, 1026 | PPC_INS_XVRSPIM, 1027 | PPC_INS_XVRSPIP, 1028 | PPC_INS_XVRSPIZ, 1029 | PPC_INS_XVRSQRTEDP, 1030 | PPC_INS_XVRSQRTESP, 1031 | PPC_INS_XVSQRTDP, 1032 | PPC_INS_XVSQRTSP, 1033 | PPC_INS_XVSUBDP, 1034 | PPC_INS_XVSUBSP, 1035 | PPC_INS_XVTDIVDP, 1036 | PPC_INS_XVTDIVSP, 1037 | PPC_INS_XVTSQRTDP, 1038 | PPC_INS_XVTSQRTSP, 1039 | PPC_INS_XXLAND, 1040 | PPC_INS_XXLANDC, 1041 | PPC_INS_XXLNOR, 1042 | PPC_INS_XXLOR, 1043 | PPC_INS_XXLXOR, 1044 | PPC_INS_XXMRGHW, 1045 | PPC_INS_XXMRGLW, 1046 | PPC_INS_XXPERMDI, 1047 | PPC_INS_XXSEL, 1048 | PPC_INS_XXSLDWI, 1049 | PPC_INS_XXSPLTW, 1050 | PPC_INS_BCA, 1051 | PPC_INS_BCLA, 1052 | 1053 | // extra & alias instructions 1054 | PPC_INS_SLWI, 1055 | PPC_INS_SRWI, 1056 | PPC_INS_SLDI, 1057 | 1058 | PPC_INS_BTA, 1059 | PPC_INS_CRSET, 1060 | PPC_INS_CRNOT, 1061 | PPC_INS_CRMOVE, 1062 | PPC_INS_CRCLR, 1063 | PPC_INS_MFBR0, 1064 | PPC_INS_MFBR1, 1065 | PPC_INS_MFBR2, 1066 | PPC_INS_MFBR3, 1067 | PPC_INS_MFBR4, 1068 | PPC_INS_MFBR5, 1069 | PPC_INS_MFBR6, 1070 | PPC_INS_MFBR7, 1071 | PPC_INS_MFXER, 1072 | PPC_INS_MFRTCU, 1073 | PPC_INS_MFRTCL, 1074 | PPC_INS_MFDSCR, 1075 | PPC_INS_MFDSISR, 1076 | PPC_INS_MFDAR, 1077 | PPC_INS_MFSRR2, 1078 | PPC_INS_MFSRR3, 1079 | PPC_INS_MFCFAR, 1080 | PPC_INS_MFAMR, 1081 | PPC_INS_MFPID, 1082 | PPC_INS_MFTBLO, 1083 | PPC_INS_MFTBHI, 1084 | PPC_INS_MFDBATU, 1085 | PPC_INS_MFDBATL, 1086 | PPC_INS_MFIBATU, 1087 | PPC_INS_MFIBATL, 1088 | PPC_INS_MFDCCR, 1089 | PPC_INS_MFICCR, 1090 | PPC_INS_MFDEAR, 1091 | PPC_INS_MFESR, 1092 | PPC_INS_MFSPEFSCR, 1093 | PPC_INS_MFTCR, 1094 | PPC_INS_MFASR, 1095 | PPC_INS_MFPVR, 1096 | PPC_INS_MFTBU, 1097 | PPC_INS_MTCR, 1098 | PPC_INS_MTBR0, 1099 | PPC_INS_MTBR1, 1100 | PPC_INS_MTBR2, 1101 | PPC_INS_MTBR3, 1102 | PPC_INS_MTBR4, 1103 | PPC_INS_MTBR5, 1104 | PPC_INS_MTBR6, 1105 | PPC_INS_MTBR7, 1106 | PPC_INS_MTXER, 1107 | PPC_INS_MTDSCR, 1108 | PPC_INS_MTDSISR, 1109 | PPC_INS_MTDAR, 1110 | PPC_INS_MTSRR2, 1111 | PPC_INS_MTSRR3, 1112 | PPC_INS_MTCFAR, 1113 | PPC_INS_MTAMR, 1114 | PPC_INS_MTPID, 1115 | PPC_INS_MTTBL, 1116 | PPC_INS_MTTBU, 1117 | PPC_INS_MTTBLO, 1118 | PPC_INS_MTTBHI, 1119 | PPC_INS_MTDBATU, 1120 | PPC_INS_MTDBATL, 1121 | PPC_INS_MTIBATU, 1122 | PPC_INS_MTIBATL, 1123 | PPC_INS_MTDCCR, 1124 | PPC_INS_MTICCR, 1125 | PPC_INS_MTDEAR, 1126 | PPC_INS_MTESR, 1127 | PPC_INS_MTSPEFSCR, 1128 | PPC_INS_MTTCR, 1129 | PPC_INS_NOT, 1130 | PPC_INS_MR, 1131 | PPC_INS_ROTLD, 1132 | PPC_INS_ROTLDI, 1133 | PPC_INS_CLRLDI, 1134 | PPC_INS_ROTLWI, 1135 | PPC_INS_CLRLWI, 1136 | PPC_INS_ROTLW, 1137 | PPC_INS_SUB, 1138 | PPC_INS_SUBC, 1139 | PPC_INS_LWSYNC, 1140 | PPC_INS_PTESYNC, 1141 | PPC_INS_TDLT, 1142 | PPC_INS_TDEQ, 1143 | PPC_INS_TDGT, 1144 | PPC_INS_TDNE, 1145 | PPC_INS_TDLLT, 1146 | PPC_INS_TDLGT, 1147 | PPC_INS_TDU, 1148 | PPC_INS_TDLTI, 1149 | PPC_INS_TDEQI, 1150 | PPC_INS_TDGTI, 1151 | PPC_INS_TDNEI, 1152 | PPC_INS_TDLLTI, 1153 | PPC_INS_TDLGTI, 1154 | PPC_INS_TDUI, 1155 | PPC_INS_TLBREHI, 1156 | PPC_INS_TLBRELO, 1157 | PPC_INS_TLBWEHI, 1158 | PPC_INS_TLBWELO, 1159 | PPC_INS_TWLT, 1160 | PPC_INS_TWEQ, 1161 | PPC_INS_TWGT, 1162 | PPC_INS_TWNE, 1163 | PPC_INS_TWLLT, 1164 | PPC_INS_TWLGT, 1165 | PPC_INS_TWU, 1166 | PPC_INS_TWLTI, 1167 | PPC_INS_TWEQI, 1168 | PPC_INS_TWGTI, 1169 | PPC_INS_TWNEI, 1170 | PPC_INS_TWLLTI, 1171 | PPC_INS_TWLGTI, 1172 | PPC_INS_TWUI, 1173 | PPC_INS_WAITRSV, 1174 | PPC_INS_WAITIMPL, 1175 | PPC_INS_XNOP, 1176 | PPC_INS_XVMOVDP, 1177 | PPC_INS_XVMOVSP, 1178 | PPC_INS_XXSPLTD, 1179 | PPC_INS_XXMRGHD, 1180 | PPC_INS_XXMRGLD, 1181 | PPC_INS_XXSWAPD, 1182 | PPC_INS_BT, 1183 | PPC_INS_BF, 1184 | PPC_INS_BDNZT, 1185 | PPC_INS_BDNZF, 1186 | PPC_INS_BDZF, 1187 | PPC_INS_BDZT, 1188 | PPC_INS_BFA, 1189 | PPC_INS_BDNZTA, 1190 | PPC_INS_BDNZFA, 1191 | PPC_INS_BDZTA, 1192 | PPC_INS_BDZFA, 1193 | PPC_INS_BTCTR, 1194 | PPC_INS_BFCTR, 1195 | PPC_INS_BTCTRL, 1196 | PPC_INS_BFCTRL, 1197 | PPC_INS_BTL, 1198 | PPC_INS_BFL, 1199 | PPC_INS_BDNZTL, 1200 | PPC_INS_BDNZFL, 1201 | PPC_INS_BDZTL, 1202 | PPC_INS_BDZFL, 1203 | PPC_INS_BTLA, 1204 | PPC_INS_BFLA, 1205 | PPC_INS_BDNZTLA, 1206 | PPC_INS_BDNZFLA, 1207 | PPC_INS_BDZTLA, 1208 | PPC_INS_BDZFLA, 1209 | PPC_INS_BTLR, 1210 | PPC_INS_BFLR, 1211 | PPC_INS_BDNZTLR, 1212 | PPC_INS_BDZTLR, 1213 | PPC_INS_BDZFLR, 1214 | PPC_INS_BTLRL, 1215 | PPC_INS_BFLRL, 1216 | PPC_INS_BDNZTLRL, 1217 | PPC_INS_BDNZFLRL, 1218 | PPC_INS_BDZTLRL, 1219 | PPC_INS_BDZFLRL, 1220 | 1221 | PPC_INS_ENDING, // <-- mark the end of the list of instructions 1222 | } ppc_insn; 1223 | 1224 | //> Group of PPC instructions 1225 | typedef enum ppc_insn_group { 1226 | PPC_GRP_INVALID = 0, // = CS_GRP_INVALID 1227 | 1228 | //> Generic groups 1229 | // all jump instructions (conditional+direct+indirect jumps) 1230 | PPC_GRP_JUMP, // = CS_GRP_JUMP 1231 | 1232 | //> Architecture-specific groups 1233 | PPC_GRP_ALTIVEC = 128, 1234 | PPC_GRP_MODE32, 1235 | PPC_GRP_MODE64, 1236 | PPC_GRP_BOOKE, 1237 | PPC_GRP_NOTBOOKE, 1238 | PPC_GRP_SPE, 1239 | PPC_GRP_VSX, 1240 | PPC_GRP_E500, 1241 | PPC_GRP_PPC4XX, 1242 | PPC_GRP_PPC6XX, 1243 | 1244 | PPC_GRP_ENDING, // <-- mark the end of the list of groups 1245 | } ppc_insn_group; 1246 | 1247 | #ifdef __cplusplus 1248 | } 1249 | #endif 1250 | 1251 | #endif 1252 | -------------------------------------------------------------------------------- /src/capstone/sparc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SPARC_H 2 | #define CAPSTONE_SPARC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC SPARC toolchain has a default macro called "sparc" which breaks 15 | // compilation 16 | #undef sparc 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's. 23 | typedef enum sparc_cc { 24 | SPARC_CC_INVALID = 0, // invalid CC (default) 25 | //> Integer condition codes 26 | SPARC_CC_ICC_A = 8+256, // Always 27 | SPARC_CC_ICC_N = 0+256, // Never 28 | SPARC_CC_ICC_NE = 9+256, // Not Equal 29 | SPARC_CC_ICC_E = 1+256, // Equal 30 | SPARC_CC_ICC_G = 10+256, // Greater 31 | SPARC_CC_ICC_LE = 2+256, // Less or Equal 32 | SPARC_CC_ICC_GE = 11+256, // Greater or Equal 33 | SPARC_CC_ICC_L = 3+256, // Less 34 | SPARC_CC_ICC_GU = 12+256, // Greater Unsigned 35 | SPARC_CC_ICC_LEU = 4+256, // Less or Equal Unsigned 36 | SPARC_CC_ICC_CC = 13+256, // Carry Clear/Great or Equal Unsigned 37 | SPARC_CC_ICC_CS = 5+256, // Carry Set/Less Unsigned 38 | SPARC_CC_ICC_POS = 14+256, // Positive 39 | SPARC_CC_ICC_NEG = 6+256, // Negative 40 | SPARC_CC_ICC_VC = 15+256, // Overflow Clear 41 | SPARC_CC_ICC_VS = 7+256, // Overflow Set 42 | 43 | //> Floating condition codes 44 | SPARC_CC_FCC_A = 8+16+256, // Always 45 | SPARC_CC_FCC_N = 0+16+256, // Never 46 | SPARC_CC_FCC_U = 7+16+256, // Unordered 47 | SPARC_CC_FCC_G = 6+16+256, // Greater 48 | SPARC_CC_FCC_UG = 5+16+256, // Unordered or Greater 49 | SPARC_CC_FCC_L = 4+16+256, // Less 50 | SPARC_CC_FCC_UL = 3+16+256, // Unordered or Less 51 | SPARC_CC_FCC_LG = 2+16+256, // Less or Greater 52 | SPARC_CC_FCC_NE = 1+16+256, // Not Equal 53 | SPARC_CC_FCC_E = 9+16+256, // Equal 54 | SPARC_CC_FCC_UE = 10+16+256, // Unordered or Equal 55 | SPARC_CC_FCC_GE = 11+16+256, // Greater or Equal 56 | SPARC_CC_FCC_UGE = 12+16+256, // Unordered or Greater or Equal 57 | SPARC_CC_FCC_LE = 13+16+256, // Less or Equal 58 | SPARC_CC_FCC_ULE = 14+16+256, // Unordered or Less or Equal 59 | SPARC_CC_FCC_O = 15+16+256, // Ordered 60 | } sparc_cc; 61 | 62 | //> Branch hint 63 | typedef enum sparc_hint { 64 | SPARC_HINT_INVALID = 0, // no hint 65 | SPARC_HINT_A = 1 << 0, // annul delay slot instruction 66 | SPARC_HINT_PT = 1 << 1, // branch taken 67 | SPARC_HINT_PN = 1 << 2, // branch NOT taken 68 | } sparc_hint; 69 | 70 | //> Operand type for instruction's operands 71 | typedef enum sparc_op_type { 72 | SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 73 | SPARC_OP_REG, // = CS_OP_REG (Register operand). 74 | SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand). 75 | SPARC_OP_MEM, // = CS_OP_MEM (Memory operand). 76 | } sparc_op_type; 77 | 78 | // Instruction's operand referring to memory 79 | // This is associated with SPARC_OP_MEM operand type above 80 | typedef struct sparc_op_mem { 81 | uint8_t base; // base register 82 | uint8_t index; // index register 83 | int32_t disp; // displacement/offset value 84 | } sparc_op_mem; 85 | 86 | // Instruction operand 87 | typedef struct cs_sparc_op { 88 | sparc_op_type type; // operand type 89 | union { 90 | unsigned int reg; // register value for REG operand 91 | int32_t imm; // immediate value for IMM operand 92 | sparc_op_mem mem; // base/disp value for MEM operand 93 | }; 94 | } cs_sparc_op; 95 | 96 | // Instruction structure 97 | typedef struct cs_sparc { 98 | sparc_cc cc; // code condition for this insn 99 | sparc_hint hint; // branch hint: encoding as bitwise OR of sparc_hint. 100 | // Number of operands of this instruction, 101 | // or 0 when instruction has no operand. 102 | uint8_t op_count; 103 | cs_sparc_op operands[4]; // operands for this instruction. 104 | } cs_sparc; 105 | 106 | //> SPARC registers 107 | typedef enum sparc_reg { 108 | SPARC_REG_INVALID = 0, 109 | 110 | SPARC_REG_F0, 111 | SPARC_REG_F1, 112 | SPARC_REG_F2, 113 | SPARC_REG_F3, 114 | SPARC_REG_F4, 115 | SPARC_REG_F5, 116 | SPARC_REG_F6, 117 | SPARC_REG_F7, 118 | SPARC_REG_F8, 119 | SPARC_REG_F9, 120 | SPARC_REG_F10, 121 | SPARC_REG_F11, 122 | SPARC_REG_F12, 123 | SPARC_REG_F13, 124 | SPARC_REG_F14, 125 | SPARC_REG_F15, 126 | SPARC_REG_F16, 127 | SPARC_REG_F17, 128 | SPARC_REG_F18, 129 | SPARC_REG_F19, 130 | SPARC_REG_F20, 131 | SPARC_REG_F21, 132 | SPARC_REG_F22, 133 | SPARC_REG_F23, 134 | SPARC_REG_F24, 135 | SPARC_REG_F25, 136 | SPARC_REG_F26, 137 | SPARC_REG_F27, 138 | SPARC_REG_F28, 139 | SPARC_REG_F29, 140 | SPARC_REG_F30, 141 | SPARC_REG_F31, 142 | SPARC_REG_F32, 143 | SPARC_REG_F34, 144 | SPARC_REG_F36, 145 | SPARC_REG_F38, 146 | SPARC_REG_F40, 147 | SPARC_REG_F42, 148 | SPARC_REG_F44, 149 | SPARC_REG_F46, 150 | SPARC_REG_F48, 151 | SPARC_REG_F50, 152 | SPARC_REG_F52, 153 | SPARC_REG_F54, 154 | SPARC_REG_F56, 155 | SPARC_REG_F58, 156 | SPARC_REG_F60, 157 | SPARC_REG_F62, 158 | SPARC_REG_FCC0, // Floating condition codes 159 | SPARC_REG_FCC1, 160 | SPARC_REG_FCC2, 161 | SPARC_REG_FCC3, 162 | SPARC_REG_FP, 163 | SPARC_REG_G0, 164 | SPARC_REG_G1, 165 | SPARC_REG_G2, 166 | SPARC_REG_G3, 167 | SPARC_REG_G4, 168 | SPARC_REG_G5, 169 | SPARC_REG_G6, 170 | SPARC_REG_G7, 171 | SPARC_REG_I0, 172 | SPARC_REG_I1, 173 | SPARC_REG_I2, 174 | SPARC_REG_I3, 175 | SPARC_REG_I4, 176 | SPARC_REG_I5, 177 | SPARC_REG_I7, 178 | SPARC_REG_ICC, // Integer condition codes 179 | SPARC_REG_L0, 180 | SPARC_REG_L1, 181 | SPARC_REG_L2, 182 | SPARC_REG_L3, 183 | SPARC_REG_L4, 184 | SPARC_REG_L5, 185 | SPARC_REG_L6, 186 | SPARC_REG_L7, 187 | SPARC_REG_O0, 188 | SPARC_REG_O1, 189 | SPARC_REG_O2, 190 | SPARC_REG_O3, 191 | SPARC_REG_O4, 192 | SPARC_REG_O5, 193 | SPARC_REG_O7, 194 | SPARC_REG_SP, 195 | SPARC_REG_Y, 196 | 197 | // special register 198 | SPARC_REG_XCC, 199 | 200 | SPARC_REG_ENDING, // <-- mark the end of the list of registers 201 | 202 | // extras 203 | SPARC_REG_O6 = SPARC_REG_SP, 204 | SPARC_REG_I6 = SPARC_REG_FP, 205 | } sparc_reg; 206 | 207 | //> SPARC instruction 208 | typedef enum sparc_insn { 209 | SPARC_INS_INVALID = 0, 210 | 211 | SPARC_INS_ADDCC, 212 | SPARC_INS_ADDX, 213 | SPARC_INS_ADDXCC, 214 | SPARC_INS_ADDXC, 215 | SPARC_INS_ADDXCCC, 216 | SPARC_INS_ADD, 217 | SPARC_INS_ALIGNADDR, 218 | SPARC_INS_ALIGNADDRL, 219 | SPARC_INS_ANDCC, 220 | SPARC_INS_ANDNCC, 221 | SPARC_INS_ANDN, 222 | SPARC_INS_AND, 223 | SPARC_INS_ARRAY16, 224 | SPARC_INS_ARRAY32, 225 | SPARC_INS_ARRAY8, 226 | SPARC_INS_B, 227 | SPARC_INS_JMP, 228 | SPARC_INS_BMASK, 229 | SPARC_INS_FB, 230 | SPARC_INS_BRGEZ, 231 | SPARC_INS_BRGZ, 232 | SPARC_INS_BRLEZ, 233 | SPARC_INS_BRLZ, 234 | SPARC_INS_BRNZ, 235 | SPARC_INS_BRZ, 236 | SPARC_INS_BSHUFFLE, 237 | SPARC_INS_CALL, 238 | SPARC_INS_CASX, 239 | SPARC_INS_CAS, 240 | SPARC_INS_CMASK16, 241 | SPARC_INS_CMASK32, 242 | SPARC_INS_CMASK8, 243 | SPARC_INS_CMP, 244 | SPARC_INS_EDGE16, 245 | SPARC_INS_EDGE16L, 246 | SPARC_INS_EDGE16LN, 247 | SPARC_INS_EDGE16N, 248 | SPARC_INS_EDGE32, 249 | SPARC_INS_EDGE32L, 250 | SPARC_INS_EDGE32LN, 251 | SPARC_INS_EDGE32N, 252 | SPARC_INS_EDGE8, 253 | SPARC_INS_EDGE8L, 254 | SPARC_INS_EDGE8LN, 255 | SPARC_INS_EDGE8N, 256 | SPARC_INS_FABSD, 257 | SPARC_INS_FABSQ, 258 | SPARC_INS_FABSS, 259 | SPARC_INS_FADDD, 260 | SPARC_INS_FADDQ, 261 | SPARC_INS_FADDS, 262 | SPARC_INS_FALIGNDATA, 263 | SPARC_INS_FAND, 264 | SPARC_INS_FANDNOT1, 265 | SPARC_INS_FANDNOT1S, 266 | SPARC_INS_FANDNOT2, 267 | SPARC_INS_FANDNOT2S, 268 | SPARC_INS_FANDS, 269 | SPARC_INS_FCHKSM16, 270 | SPARC_INS_FCMPD, 271 | SPARC_INS_FCMPEQ16, 272 | SPARC_INS_FCMPEQ32, 273 | SPARC_INS_FCMPGT16, 274 | SPARC_INS_FCMPGT32, 275 | SPARC_INS_FCMPLE16, 276 | SPARC_INS_FCMPLE32, 277 | SPARC_INS_FCMPNE16, 278 | SPARC_INS_FCMPNE32, 279 | SPARC_INS_FCMPQ, 280 | SPARC_INS_FCMPS, 281 | SPARC_INS_FDIVD, 282 | SPARC_INS_FDIVQ, 283 | SPARC_INS_FDIVS, 284 | SPARC_INS_FDMULQ, 285 | SPARC_INS_FDTOI, 286 | SPARC_INS_FDTOQ, 287 | SPARC_INS_FDTOS, 288 | SPARC_INS_FDTOX, 289 | SPARC_INS_FEXPAND, 290 | SPARC_INS_FHADDD, 291 | SPARC_INS_FHADDS, 292 | SPARC_INS_FHSUBD, 293 | SPARC_INS_FHSUBS, 294 | SPARC_INS_FITOD, 295 | SPARC_INS_FITOQ, 296 | SPARC_INS_FITOS, 297 | SPARC_INS_FLCMPD, 298 | SPARC_INS_FLCMPS, 299 | SPARC_INS_FLUSHW, 300 | SPARC_INS_FMEAN16, 301 | SPARC_INS_FMOVD, 302 | SPARC_INS_FMOVQ, 303 | SPARC_INS_FMOVRDGEZ, 304 | SPARC_INS_FMOVRQGEZ, 305 | SPARC_INS_FMOVRSGEZ, 306 | SPARC_INS_FMOVRDGZ, 307 | SPARC_INS_FMOVRQGZ, 308 | SPARC_INS_FMOVRSGZ, 309 | SPARC_INS_FMOVRDLEZ, 310 | SPARC_INS_FMOVRQLEZ, 311 | SPARC_INS_FMOVRSLEZ, 312 | SPARC_INS_FMOVRDLZ, 313 | SPARC_INS_FMOVRQLZ, 314 | SPARC_INS_FMOVRSLZ, 315 | SPARC_INS_FMOVRDNZ, 316 | SPARC_INS_FMOVRQNZ, 317 | SPARC_INS_FMOVRSNZ, 318 | SPARC_INS_FMOVRDZ, 319 | SPARC_INS_FMOVRQZ, 320 | SPARC_INS_FMOVRSZ, 321 | SPARC_INS_FMOVS, 322 | SPARC_INS_FMUL8SUX16, 323 | SPARC_INS_FMUL8ULX16, 324 | SPARC_INS_FMUL8X16, 325 | SPARC_INS_FMUL8X16AL, 326 | SPARC_INS_FMUL8X16AU, 327 | SPARC_INS_FMULD, 328 | SPARC_INS_FMULD8SUX16, 329 | SPARC_INS_FMULD8ULX16, 330 | SPARC_INS_FMULQ, 331 | SPARC_INS_FMULS, 332 | SPARC_INS_FNADDD, 333 | SPARC_INS_FNADDS, 334 | SPARC_INS_FNAND, 335 | SPARC_INS_FNANDS, 336 | SPARC_INS_FNEGD, 337 | SPARC_INS_FNEGQ, 338 | SPARC_INS_FNEGS, 339 | SPARC_INS_FNHADDD, 340 | SPARC_INS_FNHADDS, 341 | SPARC_INS_FNOR, 342 | SPARC_INS_FNORS, 343 | SPARC_INS_FNOT1, 344 | SPARC_INS_FNOT1S, 345 | SPARC_INS_FNOT2, 346 | SPARC_INS_FNOT2S, 347 | SPARC_INS_FONE, 348 | SPARC_INS_FONES, 349 | SPARC_INS_FOR, 350 | SPARC_INS_FORNOT1, 351 | SPARC_INS_FORNOT1S, 352 | SPARC_INS_FORNOT2, 353 | SPARC_INS_FORNOT2S, 354 | SPARC_INS_FORS, 355 | SPARC_INS_FPACK16, 356 | SPARC_INS_FPACK32, 357 | SPARC_INS_FPACKFIX, 358 | SPARC_INS_FPADD16, 359 | SPARC_INS_FPADD16S, 360 | SPARC_INS_FPADD32, 361 | SPARC_INS_FPADD32S, 362 | SPARC_INS_FPADD64, 363 | SPARC_INS_FPMERGE, 364 | SPARC_INS_FPSUB16, 365 | SPARC_INS_FPSUB16S, 366 | SPARC_INS_FPSUB32, 367 | SPARC_INS_FPSUB32S, 368 | SPARC_INS_FQTOD, 369 | SPARC_INS_FQTOI, 370 | SPARC_INS_FQTOS, 371 | SPARC_INS_FQTOX, 372 | SPARC_INS_FSLAS16, 373 | SPARC_INS_FSLAS32, 374 | SPARC_INS_FSLL16, 375 | SPARC_INS_FSLL32, 376 | SPARC_INS_FSMULD, 377 | SPARC_INS_FSQRTD, 378 | SPARC_INS_FSQRTQ, 379 | SPARC_INS_FSQRTS, 380 | SPARC_INS_FSRA16, 381 | SPARC_INS_FSRA32, 382 | SPARC_INS_FSRC1, 383 | SPARC_INS_FSRC1S, 384 | SPARC_INS_FSRC2, 385 | SPARC_INS_FSRC2S, 386 | SPARC_INS_FSRL16, 387 | SPARC_INS_FSRL32, 388 | SPARC_INS_FSTOD, 389 | SPARC_INS_FSTOI, 390 | SPARC_INS_FSTOQ, 391 | SPARC_INS_FSTOX, 392 | SPARC_INS_FSUBD, 393 | SPARC_INS_FSUBQ, 394 | SPARC_INS_FSUBS, 395 | SPARC_INS_FXNOR, 396 | SPARC_INS_FXNORS, 397 | SPARC_INS_FXOR, 398 | SPARC_INS_FXORS, 399 | SPARC_INS_FXTOD, 400 | SPARC_INS_FXTOQ, 401 | SPARC_INS_FXTOS, 402 | SPARC_INS_FZERO, 403 | SPARC_INS_FZEROS, 404 | SPARC_INS_JMPL, 405 | SPARC_INS_LDD, 406 | SPARC_INS_LD, 407 | SPARC_INS_LDQ, 408 | SPARC_INS_LDSB, 409 | SPARC_INS_LDSH, 410 | SPARC_INS_LDSW, 411 | SPARC_INS_LDUB, 412 | SPARC_INS_LDUH, 413 | SPARC_INS_LDX, 414 | SPARC_INS_LZCNT, 415 | SPARC_INS_MEMBAR, 416 | SPARC_INS_MOVDTOX, 417 | SPARC_INS_MOV, 418 | SPARC_INS_MOVRGEZ, 419 | SPARC_INS_MOVRGZ, 420 | SPARC_INS_MOVRLEZ, 421 | SPARC_INS_MOVRLZ, 422 | SPARC_INS_MOVRNZ, 423 | SPARC_INS_MOVRZ, 424 | SPARC_INS_MOVSTOSW, 425 | SPARC_INS_MOVSTOUW, 426 | SPARC_INS_MULX, 427 | SPARC_INS_NOP, 428 | SPARC_INS_ORCC, 429 | SPARC_INS_ORNCC, 430 | SPARC_INS_ORN, 431 | SPARC_INS_OR, 432 | SPARC_INS_PDIST, 433 | SPARC_INS_PDISTN, 434 | SPARC_INS_POPC, 435 | SPARC_INS_RD, 436 | SPARC_INS_RESTORE, 437 | SPARC_INS_RETT, 438 | SPARC_INS_SAVE, 439 | SPARC_INS_SDIVCC, 440 | SPARC_INS_SDIVX, 441 | SPARC_INS_SDIV, 442 | SPARC_INS_SETHI, 443 | SPARC_INS_SHUTDOWN, 444 | SPARC_INS_SIAM, 445 | SPARC_INS_SLLX, 446 | SPARC_INS_SLL, 447 | SPARC_INS_SMULCC, 448 | SPARC_INS_SMUL, 449 | SPARC_INS_SRAX, 450 | SPARC_INS_SRA, 451 | SPARC_INS_SRLX, 452 | SPARC_INS_SRL, 453 | SPARC_INS_STBAR, 454 | SPARC_INS_STB, 455 | SPARC_INS_STD, 456 | SPARC_INS_ST, 457 | SPARC_INS_STH, 458 | SPARC_INS_STQ, 459 | SPARC_INS_STX, 460 | SPARC_INS_SUBCC, 461 | SPARC_INS_SUBX, 462 | SPARC_INS_SUBXCC, 463 | SPARC_INS_SUB, 464 | SPARC_INS_SWAP, 465 | SPARC_INS_TADDCCTV, 466 | SPARC_INS_TADDCC, 467 | SPARC_INS_T, 468 | SPARC_INS_TSUBCCTV, 469 | SPARC_INS_TSUBCC, 470 | SPARC_INS_UDIVCC, 471 | SPARC_INS_UDIVX, 472 | SPARC_INS_UDIV, 473 | SPARC_INS_UMULCC, 474 | SPARC_INS_UMULXHI, 475 | SPARC_INS_UMUL, 476 | SPARC_INS_UNIMP, 477 | SPARC_INS_FCMPED, 478 | SPARC_INS_FCMPEQ, 479 | SPARC_INS_FCMPES, 480 | SPARC_INS_WR, 481 | SPARC_INS_XMULX, 482 | SPARC_INS_XMULXHI, 483 | SPARC_INS_XNORCC, 484 | SPARC_INS_XNOR, 485 | SPARC_INS_XORCC, 486 | SPARC_INS_XOR, 487 | 488 | // alias instructions 489 | SPARC_INS_RET, 490 | SPARC_INS_RETL, 491 | 492 | SPARC_INS_ENDING, // <-- mark the end of the list of instructions 493 | } sparc_insn; 494 | 495 | //> Group of SPARC instructions 496 | typedef enum sparc_insn_group { 497 | SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID 498 | 499 | //> Generic groups 500 | // all jump instructions (conditional+direct+indirect jumps) 501 | SPARC_GRP_JUMP, // = CS_GRP_JUMP 502 | 503 | //> Architecture-specific groups 504 | SPARC_GRP_HARDQUAD = 128, 505 | SPARC_GRP_V9, 506 | SPARC_GRP_VIS, 507 | SPARC_GRP_VIS2, 508 | SPARC_GRP_VIS3, 509 | SPARC_GRP_32BIT, 510 | SPARC_GRP_64BIT, 511 | 512 | SPARC_GRP_ENDING, // <-- mark the end of the list of groups 513 | } sparc_insn_group; 514 | 515 | #ifdef __cplusplus 516 | } 517 | #endif 518 | 519 | #endif 520 | -------------------------------------------------------------------------------- /src/capstone/systemz.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SYSTEMZ_H 2 | #define CAPSTONE_SYSTEMZ_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Enums corresponding to SystemZ condition codes 19 | typedef enum sysz_cc { 20 | SYSZ_CC_INVALID = 0, // invalid CC (default) 21 | 22 | SYSZ_CC_O, 23 | SYSZ_CC_H, 24 | SYSZ_CC_NLE, 25 | SYSZ_CC_L, 26 | SYSZ_CC_NHE, 27 | SYSZ_CC_LH, 28 | SYSZ_CC_NE, 29 | SYSZ_CC_E, 30 | SYSZ_CC_NLH, 31 | SYSZ_CC_HE, 32 | SYSZ_CC_NL, 33 | SYSZ_CC_LE, 34 | SYSZ_CC_NH, 35 | SYSZ_CC_NO, 36 | } sysz_cc; 37 | 38 | //> Operand type for instruction's operands 39 | typedef enum sysz_op_type { 40 | SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 41 | SYSZ_OP_REG, // = CS_OP_REG (Register operand). 42 | SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand). 43 | SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand). 44 | SYSZ_OP_ACREG = 64, // Access register operand. 45 | } sysz_op_type; 46 | 47 | // Instruction's operand referring to memory 48 | // This is associated with SYSZ_OP_MEM operand type above 49 | typedef struct sysz_op_mem { 50 | uint8_t base; // base register 51 | uint8_t index; // index register 52 | uint64_t length; // BDLAddr operand 53 | int64_t disp; // displacement/offset value 54 | } sysz_op_mem; 55 | 56 | // Instruction operand 57 | typedef struct cs_sysz_op { 58 | sysz_op_type type; // operand type 59 | union { 60 | unsigned int reg; // register value for REG operand 61 | int64_t imm; // immediate value for IMM operand 62 | sysz_op_mem mem; // base/disp value for MEM operand 63 | }; 64 | } cs_sysz_op; 65 | 66 | // Instruction structure 67 | typedef struct cs_sysz { 68 | sysz_cc cc; // Code condition 69 | // Number of operands of this instruction, 70 | // or 0 when instruction has no operand. 71 | uint8_t op_count; 72 | cs_sysz_op operands[6]; // operands for this instruction. 73 | } cs_sysz; 74 | 75 | //> SystemZ registers 76 | typedef enum sysz_reg { 77 | SYSZ_REG_INVALID = 0, 78 | 79 | SYSZ_REG_0, 80 | SYSZ_REG_1, 81 | SYSZ_REG_2, 82 | SYSZ_REG_3, 83 | SYSZ_REG_4, 84 | SYSZ_REG_5, 85 | SYSZ_REG_6, 86 | SYSZ_REG_7, 87 | SYSZ_REG_8, 88 | SYSZ_REG_9, 89 | SYSZ_REG_10, 90 | SYSZ_REG_11, 91 | SYSZ_REG_12, 92 | SYSZ_REG_13, 93 | SYSZ_REG_14, 94 | SYSZ_REG_15, 95 | SYSZ_REG_CC, 96 | SYSZ_REG_F0, 97 | SYSZ_REG_F1, 98 | SYSZ_REG_F2, 99 | SYSZ_REG_F3, 100 | SYSZ_REG_F4, 101 | SYSZ_REG_F5, 102 | SYSZ_REG_F6, 103 | SYSZ_REG_F7, 104 | SYSZ_REG_F8, 105 | SYSZ_REG_F9, 106 | SYSZ_REG_F10, 107 | SYSZ_REG_F11, 108 | SYSZ_REG_F12, 109 | SYSZ_REG_F13, 110 | SYSZ_REG_F14, 111 | SYSZ_REG_F15, 112 | 113 | SYSZ_REG_R0L, 114 | 115 | SYSZ_REG_ENDING, 116 | } sysz_reg; 117 | 118 | //> SystemZ instruction 119 | typedef enum sysz_insn { 120 | SYSZ_INS_INVALID = 0, 121 | 122 | SYSZ_INS_A, 123 | SYSZ_INS_ADB, 124 | SYSZ_INS_ADBR, 125 | SYSZ_INS_AEB, 126 | SYSZ_INS_AEBR, 127 | SYSZ_INS_AFI, 128 | SYSZ_INS_AG, 129 | SYSZ_INS_AGF, 130 | SYSZ_INS_AGFI, 131 | SYSZ_INS_AGFR, 132 | SYSZ_INS_AGHI, 133 | SYSZ_INS_AGHIK, 134 | SYSZ_INS_AGR, 135 | SYSZ_INS_AGRK, 136 | SYSZ_INS_AGSI, 137 | SYSZ_INS_AH, 138 | SYSZ_INS_AHI, 139 | SYSZ_INS_AHIK, 140 | SYSZ_INS_AHY, 141 | SYSZ_INS_AIH, 142 | SYSZ_INS_AL, 143 | SYSZ_INS_ALC, 144 | SYSZ_INS_ALCG, 145 | SYSZ_INS_ALCGR, 146 | SYSZ_INS_ALCR, 147 | SYSZ_INS_ALFI, 148 | SYSZ_INS_ALG, 149 | SYSZ_INS_ALGF, 150 | SYSZ_INS_ALGFI, 151 | SYSZ_INS_ALGFR, 152 | SYSZ_INS_ALGHSIK, 153 | SYSZ_INS_ALGR, 154 | SYSZ_INS_ALGRK, 155 | SYSZ_INS_ALHSIK, 156 | SYSZ_INS_ALR, 157 | SYSZ_INS_ALRK, 158 | SYSZ_INS_ALY, 159 | SYSZ_INS_AR, 160 | SYSZ_INS_ARK, 161 | SYSZ_INS_ASI, 162 | SYSZ_INS_AXBR, 163 | SYSZ_INS_AY, 164 | SYSZ_INS_BCR, 165 | SYSZ_INS_BRC, 166 | SYSZ_INS_BRCL, 167 | SYSZ_INS_CGIJ, 168 | SYSZ_INS_CGRJ, 169 | SYSZ_INS_CIJ, 170 | SYSZ_INS_CLGIJ, 171 | SYSZ_INS_CLGRJ, 172 | SYSZ_INS_CLIJ, 173 | SYSZ_INS_CLRJ, 174 | SYSZ_INS_CRJ, 175 | SYSZ_INS_BER, 176 | SYSZ_INS_JE, 177 | SYSZ_INS_JGE, 178 | SYSZ_INS_LOCE, 179 | SYSZ_INS_LOCGE, 180 | SYSZ_INS_LOCGRE, 181 | SYSZ_INS_LOCRE, 182 | SYSZ_INS_STOCE, 183 | SYSZ_INS_STOCGE, 184 | SYSZ_INS_BHR, 185 | SYSZ_INS_BHER, 186 | SYSZ_INS_JHE, 187 | SYSZ_INS_JGHE, 188 | SYSZ_INS_LOCHE, 189 | SYSZ_INS_LOCGHE, 190 | SYSZ_INS_LOCGRHE, 191 | SYSZ_INS_LOCRHE, 192 | SYSZ_INS_STOCHE, 193 | SYSZ_INS_STOCGHE, 194 | SYSZ_INS_JH, 195 | SYSZ_INS_JGH, 196 | SYSZ_INS_LOCH, 197 | SYSZ_INS_LOCGH, 198 | SYSZ_INS_LOCGRH, 199 | SYSZ_INS_LOCRH, 200 | SYSZ_INS_STOCH, 201 | SYSZ_INS_STOCGH, 202 | SYSZ_INS_CGIJNLH, 203 | SYSZ_INS_CGRJNLH, 204 | SYSZ_INS_CIJNLH, 205 | SYSZ_INS_CLGIJNLH, 206 | SYSZ_INS_CLGRJNLH, 207 | SYSZ_INS_CLIJNLH, 208 | SYSZ_INS_CLRJNLH, 209 | SYSZ_INS_CRJNLH, 210 | SYSZ_INS_CGIJE, 211 | SYSZ_INS_CGRJE, 212 | SYSZ_INS_CIJE, 213 | SYSZ_INS_CLGIJE, 214 | SYSZ_INS_CLGRJE, 215 | SYSZ_INS_CLIJE, 216 | SYSZ_INS_CLRJE, 217 | SYSZ_INS_CRJE, 218 | SYSZ_INS_CGIJNLE, 219 | SYSZ_INS_CGRJNLE, 220 | SYSZ_INS_CIJNLE, 221 | SYSZ_INS_CLGIJNLE, 222 | SYSZ_INS_CLGRJNLE, 223 | SYSZ_INS_CLIJNLE, 224 | SYSZ_INS_CLRJNLE, 225 | SYSZ_INS_CRJNLE, 226 | SYSZ_INS_CGIJH, 227 | SYSZ_INS_CGRJH, 228 | SYSZ_INS_CIJH, 229 | SYSZ_INS_CLGIJH, 230 | SYSZ_INS_CLGRJH, 231 | SYSZ_INS_CLIJH, 232 | SYSZ_INS_CLRJH, 233 | SYSZ_INS_CRJH, 234 | SYSZ_INS_CGIJNL, 235 | SYSZ_INS_CGRJNL, 236 | SYSZ_INS_CIJNL, 237 | SYSZ_INS_CLGIJNL, 238 | SYSZ_INS_CLGRJNL, 239 | SYSZ_INS_CLIJNL, 240 | SYSZ_INS_CLRJNL, 241 | SYSZ_INS_CRJNL, 242 | SYSZ_INS_CGIJHE, 243 | SYSZ_INS_CGRJHE, 244 | SYSZ_INS_CIJHE, 245 | SYSZ_INS_CLGIJHE, 246 | SYSZ_INS_CLGRJHE, 247 | SYSZ_INS_CLIJHE, 248 | SYSZ_INS_CLRJHE, 249 | SYSZ_INS_CRJHE, 250 | SYSZ_INS_CGIJNHE, 251 | SYSZ_INS_CGRJNHE, 252 | SYSZ_INS_CIJNHE, 253 | SYSZ_INS_CLGIJNHE, 254 | SYSZ_INS_CLGRJNHE, 255 | SYSZ_INS_CLIJNHE, 256 | SYSZ_INS_CLRJNHE, 257 | SYSZ_INS_CRJNHE, 258 | SYSZ_INS_CGIJL, 259 | SYSZ_INS_CGRJL, 260 | SYSZ_INS_CIJL, 261 | SYSZ_INS_CLGIJL, 262 | SYSZ_INS_CLGRJL, 263 | SYSZ_INS_CLIJL, 264 | SYSZ_INS_CLRJL, 265 | SYSZ_INS_CRJL, 266 | SYSZ_INS_CGIJNH, 267 | SYSZ_INS_CGRJNH, 268 | SYSZ_INS_CIJNH, 269 | SYSZ_INS_CLGIJNH, 270 | SYSZ_INS_CLGRJNH, 271 | SYSZ_INS_CLIJNH, 272 | SYSZ_INS_CLRJNH, 273 | SYSZ_INS_CRJNH, 274 | SYSZ_INS_CGIJLE, 275 | SYSZ_INS_CGRJLE, 276 | SYSZ_INS_CIJLE, 277 | SYSZ_INS_CLGIJLE, 278 | SYSZ_INS_CLGRJLE, 279 | SYSZ_INS_CLIJLE, 280 | SYSZ_INS_CLRJLE, 281 | SYSZ_INS_CRJLE, 282 | SYSZ_INS_CGIJNE, 283 | SYSZ_INS_CGRJNE, 284 | SYSZ_INS_CIJNE, 285 | SYSZ_INS_CLGIJNE, 286 | SYSZ_INS_CLGRJNE, 287 | SYSZ_INS_CLIJNE, 288 | SYSZ_INS_CLRJNE, 289 | SYSZ_INS_CRJNE, 290 | SYSZ_INS_CGIJLH, 291 | SYSZ_INS_CGRJLH, 292 | SYSZ_INS_CIJLH, 293 | SYSZ_INS_CLGIJLH, 294 | SYSZ_INS_CLGRJLH, 295 | SYSZ_INS_CLIJLH, 296 | SYSZ_INS_CLRJLH, 297 | SYSZ_INS_CRJLH, 298 | SYSZ_INS_BLR, 299 | SYSZ_INS_BLER, 300 | SYSZ_INS_JLE, 301 | SYSZ_INS_JGLE, 302 | SYSZ_INS_LOCLE, 303 | SYSZ_INS_LOCGLE, 304 | SYSZ_INS_LOCGRLE, 305 | SYSZ_INS_LOCRLE, 306 | SYSZ_INS_STOCLE, 307 | SYSZ_INS_STOCGLE, 308 | SYSZ_INS_BLHR, 309 | SYSZ_INS_JLH, 310 | SYSZ_INS_JGLH, 311 | SYSZ_INS_LOCLH, 312 | SYSZ_INS_LOCGLH, 313 | SYSZ_INS_LOCGRLH, 314 | SYSZ_INS_LOCRLH, 315 | SYSZ_INS_STOCLH, 316 | SYSZ_INS_STOCGLH, 317 | SYSZ_INS_JL, 318 | SYSZ_INS_JGL, 319 | SYSZ_INS_LOCL, 320 | SYSZ_INS_LOCGL, 321 | SYSZ_INS_LOCGRL, 322 | SYSZ_INS_LOCRL, 323 | SYSZ_INS_LOC, 324 | SYSZ_INS_LOCG, 325 | SYSZ_INS_LOCGR, 326 | SYSZ_INS_LOCR, 327 | SYSZ_INS_STOCL, 328 | SYSZ_INS_STOCGL, 329 | SYSZ_INS_BNER, 330 | SYSZ_INS_JNE, 331 | SYSZ_INS_JGNE, 332 | SYSZ_INS_LOCNE, 333 | SYSZ_INS_LOCGNE, 334 | SYSZ_INS_LOCGRNE, 335 | SYSZ_INS_LOCRNE, 336 | SYSZ_INS_STOCNE, 337 | SYSZ_INS_STOCGNE, 338 | SYSZ_INS_BNHR, 339 | SYSZ_INS_BNHER, 340 | SYSZ_INS_JNHE, 341 | SYSZ_INS_JGNHE, 342 | SYSZ_INS_LOCNHE, 343 | SYSZ_INS_LOCGNHE, 344 | SYSZ_INS_LOCGRNHE, 345 | SYSZ_INS_LOCRNHE, 346 | SYSZ_INS_STOCNHE, 347 | SYSZ_INS_STOCGNHE, 348 | SYSZ_INS_JNH, 349 | SYSZ_INS_JGNH, 350 | SYSZ_INS_LOCNH, 351 | SYSZ_INS_LOCGNH, 352 | SYSZ_INS_LOCGRNH, 353 | SYSZ_INS_LOCRNH, 354 | SYSZ_INS_STOCNH, 355 | SYSZ_INS_STOCGNH, 356 | SYSZ_INS_BNLR, 357 | SYSZ_INS_BNLER, 358 | SYSZ_INS_JNLE, 359 | SYSZ_INS_JGNLE, 360 | SYSZ_INS_LOCNLE, 361 | SYSZ_INS_LOCGNLE, 362 | SYSZ_INS_LOCGRNLE, 363 | SYSZ_INS_LOCRNLE, 364 | SYSZ_INS_STOCNLE, 365 | SYSZ_INS_STOCGNLE, 366 | SYSZ_INS_BNLHR, 367 | SYSZ_INS_JNLH, 368 | SYSZ_INS_JGNLH, 369 | SYSZ_INS_LOCNLH, 370 | SYSZ_INS_LOCGNLH, 371 | SYSZ_INS_LOCGRNLH, 372 | SYSZ_INS_LOCRNLH, 373 | SYSZ_INS_STOCNLH, 374 | SYSZ_INS_STOCGNLH, 375 | SYSZ_INS_JNL, 376 | SYSZ_INS_JGNL, 377 | SYSZ_INS_LOCNL, 378 | SYSZ_INS_LOCGNL, 379 | SYSZ_INS_LOCGRNL, 380 | SYSZ_INS_LOCRNL, 381 | SYSZ_INS_STOCNL, 382 | SYSZ_INS_STOCGNL, 383 | SYSZ_INS_BNOR, 384 | SYSZ_INS_JNO, 385 | SYSZ_INS_JGNO, 386 | SYSZ_INS_LOCNO, 387 | SYSZ_INS_LOCGNO, 388 | SYSZ_INS_LOCGRNO, 389 | SYSZ_INS_LOCRNO, 390 | SYSZ_INS_STOCNO, 391 | SYSZ_INS_STOCGNO, 392 | SYSZ_INS_BOR, 393 | SYSZ_INS_JO, 394 | SYSZ_INS_JGO, 395 | SYSZ_INS_LOCO, 396 | SYSZ_INS_LOCGO, 397 | SYSZ_INS_LOCGRO, 398 | SYSZ_INS_LOCRO, 399 | SYSZ_INS_STOCO, 400 | SYSZ_INS_STOCGO, 401 | SYSZ_INS_STOC, 402 | SYSZ_INS_STOCG, 403 | SYSZ_INS_BASR, 404 | SYSZ_INS_BR, 405 | SYSZ_INS_BRAS, 406 | SYSZ_INS_BRASL, 407 | SYSZ_INS_J, 408 | SYSZ_INS_JG, 409 | SYSZ_INS_BRCT, 410 | SYSZ_INS_BRCTG, 411 | SYSZ_INS_C, 412 | SYSZ_INS_CDB, 413 | SYSZ_INS_CDBR, 414 | SYSZ_INS_CDFBR, 415 | SYSZ_INS_CDGBR, 416 | SYSZ_INS_CDLFBR, 417 | SYSZ_INS_CDLGBR, 418 | SYSZ_INS_CEB, 419 | SYSZ_INS_CEBR, 420 | SYSZ_INS_CEFBR, 421 | SYSZ_INS_CEGBR, 422 | SYSZ_INS_CELFBR, 423 | SYSZ_INS_CELGBR, 424 | SYSZ_INS_CFDBR, 425 | SYSZ_INS_CFEBR, 426 | SYSZ_INS_CFI, 427 | SYSZ_INS_CFXBR, 428 | SYSZ_INS_CG, 429 | SYSZ_INS_CGDBR, 430 | SYSZ_INS_CGEBR, 431 | SYSZ_INS_CGF, 432 | SYSZ_INS_CGFI, 433 | SYSZ_INS_CGFR, 434 | SYSZ_INS_CGFRL, 435 | SYSZ_INS_CGH, 436 | SYSZ_INS_CGHI, 437 | SYSZ_INS_CGHRL, 438 | SYSZ_INS_CGHSI, 439 | SYSZ_INS_CGR, 440 | SYSZ_INS_CGRL, 441 | SYSZ_INS_CGXBR, 442 | SYSZ_INS_CH, 443 | SYSZ_INS_CHF, 444 | SYSZ_INS_CHHSI, 445 | SYSZ_INS_CHI, 446 | SYSZ_INS_CHRL, 447 | SYSZ_INS_CHSI, 448 | SYSZ_INS_CHY, 449 | SYSZ_INS_CIH, 450 | SYSZ_INS_CL, 451 | SYSZ_INS_CLC, 452 | SYSZ_INS_CLFDBR, 453 | SYSZ_INS_CLFEBR, 454 | SYSZ_INS_CLFHSI, 455 | SYSZ_INS_CLFI, 456 | SYSZ_INS_CLFXBR, 457 | SYSZ_INS_CLG, 458 | SYSZ_INS_CLGDBR, 459 | SYSZ_INS_CLGEBR, 460 | SYSZ_INS_CLGF, 461 | SYSZ_INS_CLGFI, 462 | SYSZ_INS_CLGFR, 463 | SYSZ_INS_CLGFRL, 464 | SYSZ_INS_CLGHRL, 465 | SYSZ_INS_CLGHSI, 466 | SYSZ_INS_CLGR, 467 | SYSZ_INS_CLGRL, 468 | SYSZ_INS_CLGXBR, 469 | SYSZ_INS_CLHF, 470 | SYSZ_INS_CLHHSI, 471 | SYSZ_INS_CLHRL, 472 | SYSZ_INS_CLI, 473 | SYSZ_INS_CLIH, 474 | SYSZ_INS_CLIY, 475 | SYSZ_INS_CLR, 476 | SYSZ_INS_CLRL, 477 | SYSZ_INS_CLST, 478 | SYSZ_INS_CLY, 479 | SYSZ_INS_CPSDR, 480 | SYSZ_INS_CR, 481 | SYSZ_INS_CRL, 482 | SYSZ_INS_CS, 483 | SYSZ_INS_CSG, 484 | SYSZ_INS_CSY, 485 | SYSZ_INS_CXBR, 486 | SYSZ_INS_CXFBR, 487 | SYSZ_INS_CXGBR, 488 | SYSZ_INS_CXLFBR, 489 | SYSZ_INS_CXLGBR, 490 | SYSZ_INS_CY, 491 | SYSZ_INS_DDB, 492 | SYSZ_INS_DDBR, 493 | SYSZ_INS_DEB, 494 | SYSZ_INS_DEBR, 495 | SYSZ_INS_DL, 496 | SYSZ_INS_DLG, 497 | SYSZ_INS_DLGR, 498 | SYSZ_INS_DLR, 499 | SYSZ_INS_DSG, 500 | SYSZ_INS_DSGF, 501 | SYSZ_INS_DSGFR, 502 | SYSZ_INS_DSGR, 503 | SYSZ_INS_DXBR, 504 | SYSZ_INS_EAR, 505 | SYSZ_INS_FIDBR, 506 | SYSZ_INS_FIDBRA, 507 | SYSZ_INS_FIEBR, 508 | SYSZ_INS_FIEBRA, 509 | SYSZ_INS_FIXBR, 510 | SYSZ_INS_FIXBRA, 511 | SYSZ_INS_FLOGR, 512 | SYSZ_INS_IC, 513 | SYSZ_INS_ICY, 514 | SYSZ_INS_IIHF, 515 | SYSZ_INS_IIHH, 516 | SYSZ_INS_IIHL, 517 | SYSZ_INS_IILF, 518 | SYSZ_INS_IILH, 519 | SYSZ_INS_IILL, 520 | SYSZ_INS_IPM, 521 | SYSZ_INS_L, 522 | SYSZ_INS_LA, 523 | SYSZ_INS_LAA, 524 | SYSZ_INS_LAAG, 525 | SYSZ_INS_LAAL, 526 | SYSZ_INS_LAALG, 527 | SYSZ_INS_LAN, 528 | SYSZ_INS_LANG, 529 | SYSZ_INS_LAO, 530 | SYSZ_INS_LAOG, 531 | SYSZ_INS_LARL, 532 | SYSZ_INS_LAX, 533 | SYSZ_INS_LAXG, 534 | SYSZ_INS_LAY, 535 | SYSZ_INS_LB, 536 | SYSZ_INS_LBH, 537 | SYSZ_INS_LBR, 538 | SYSZ_INS_LCDBR, 539 | SYSZ_INS_LCEBR, 540 | SYSZ_INS_LCGFR, 541 | SYSZ_INS_LCGR, 542 | SYSZ_INS_LCR, 543 | SYSZ_INS_LCXBR, 544 | SYSZ_INS_LD, 545 | SYSZ_INS_LDEB, 546 | SYSZ_INS_LDEBR, 547 | SYSZ_INS_LDGR, 548 | SYSZ_INS_LDR, 549 | SYSZ_INS_LDXBR, 550 | SYSZ_INS_LDXBRA, 551 | SYSZ_INS_LDY, 552 | SYSZ_INS_LE, 553 | SYSZ_INS_LEDBR, 554 | SYSZ_INS_LEDBRA, 555 | SYSZ_INS_LER, 556 | SYSZ_INS_LEXBR, 557 | SYSZ_INS_LEXBRA, 558 | SYSZ_INS_LEY, 559 | SYSZ_INS_LFH, 560 | SYSZ_INS_LG, 561 | SYSZ_INS_LGB, 562 | SYSZ_INS_LGBR, 563 | SYSZ_INS_LGDR, 564 | SYSZ_INS_LGF, 565 | SYSZ_INS_LGFI, 566 | SYSZ_INS_LGFR, 567 | SYSZ_INS_LGFRL, 568 | SYSZ_INS_LGH, 569 | SYSZ_INS_LGHI, 570 | SYSZ_INS_LGHR, 571 | SYSZ_INS_LGHRL, 572 | SYSZ_INS_LGR, 573 | SYSZ_INS_LGRL, 574 | SYSZ_INS_LH, 575 | SYSZ_INS_LHH, 576 | SYSZ_INS_LHI, 577 | SYSZ_INS_LHR, 578 | SYSZ_INS_LHRL, 579 | SYSZ_INS_LHY, 580 | SYSZ_INS_LLC, 581 | SYSZ_INS_LLCH, 582 | SYSZ_INS_LLCR, 583 | SYSZ_INS_LLGC, 584 | SYSZ_INS_LLGCR, 585 | SYSZ_INS_LLGF, 586 | SYSZ_INS_LLGFR, 587 | SYSZ_INS_LLGFRL, 588 | SYSZ_INS_LLGH, 589 | SYSZ_INS_LLGHR, 590 | SYSZ_INS_LLGHRL, 591 | SYSZ_INS_LLH, 592 | SYSZ_INS_LLHH, 593 | SYSZ_INS_LLHR, 594 | SYSZ_INS_LLHRL, 595 | SYSZ_INS_LLIHF, 596 | SYSZ_INS_LLIHH, 597 | SYSZ_INS_LLIHL, 598 | SYSZ_INS_LLILF, 599 | SYSZ_INS_LLILH, 600 | SYSZ_INS_LLILL, 601 | SYSZ_INS_LMG, 602 | SYSZ_INS_LNDBR, 603 | SYSZ_INS_LNEBR, 604 | SYSZ_INS_LNGFR, 605 | SYSZ_INS_LNGR, 606 | SYSZ_INS_LNR, 607 | SYSZ_INS_LNXBR, 608 | SYSZ_INS_LPDBR, 609 | SYSZ_INS_LPEBR, 610 | SYSZ_INS_LPGFR, 611 | SYSZ_INS_LPGR, 612 | SYSZ_INS_LPR, 613 | SYSZ_INS_LPXBR, 614 | SYSZ_INS_LR, 615 | SYSZ_INS_LRL, 616 | SYSZ_INS_LRV, 617 | SYSZ_INS_LRVG, 618 | SYSZ_INS_LRVGR, 619 | SYSZ_INS_LRVR, 620 | SYSZ_INS_LT, 621 | SYSZ_INS_LTDBR, 622 | SYSZ_INS_LTEBR, 623 | SYSZ_INS_LTG, 624 | SYSZ_INS_LTGF, 625 | SYSZ_INS_LTGFR, 626 | SYSZ_INS_LTGR, 627 | SYSZ_INS_LTR, 628 | SYSZ_INS_LTXBR, 629 | SYSZ_INS_LXDB, 630 | SYSZ_INS_LXDBR, 631 | SYSZ_INS_LXEB, 632 | SYSZ_INS_LXEBR, 633 | SYSZ_INS_LXR, 634 | SYSZ_INS_LY, 635 | SYSZ_INS_LZDR, 636 | SYSZ_INS_LZER, 637 | SYSZ_INS_LZXR, 638 | SYSZ_INS_MADB, 639 | SYSZ_INS_MADBR, 640 | SYSZ_INS_MAEB, 641 | SYSZ_INS_MAEBR, 642 | SYSZ_INS_MDB, 643 | SYSZ_INS_MDBR, 644 | SYSZ_INS_MDEB, 645 | SYSZ_INS_MDEBR, 646 | SYSZ_INS_MEEB, 647 | SYSZ_INS_MEEBR, 648 | SYSZ_INS_MGHI, 649 | SYSZ_INS_MH, 650 | SYSZ_INS_MHI, 651 | SYSZ_INS_MHY, 652 | SYSZ_INS_MLG, 653 | SYSZ_INS_MLGR, 654 | SYSZ_INS_MS, 655 | SYSZ_INS_MSDB, 656 | SYSZ_INS_MSDBR, 657 | SYSZ_INS_MSEB, 658 | SYSZ_INS_MSEBR, 659 | SYSZ_INS_MSFI, 660 | SYSZ_INS_MSG, 661 | SYSZ_INS_MSGF, 662 | SYSZ_INS_MSGFI, 663 | SYSZ_INS_MSGFR, 664 | SYSZ_INS_MSGR, 665 | SYSZ_INS_MSR, 666 | SYSZ_INS_MSY, 667 | SYSZ_INS_MVC, 668 | SYSZ_INS_MVGHI, 669 | SYSZ_INS_MVHHI, 670 | SYSZ_INS_MVHI, 671 | SYSZ_INS_MVI, 672 | SYSZ_INS_MVIY, 673 | SYSZ_INS_MVST, 674 | SYSZ_INS_MXBR, 675 | SYSZ_INS_MXDB, 676 | SYSZ_INS_MXDBR, 677 | SYSZ_INS_N, 678 | SYSZ_INS_NC, 679 | SYSZ_INS_NG, 680 | SYSZ_INS_NGR, 681 | SYSZ_INS_NGRK, 682 | SYSZ_INS_NI, 683 | SYSZ_INS_NIHF, 684 | SYSZ_INS_NIHH, 685 | SYSZ_INS_NIHL, 686 | SYSZ_INS_NILF, 687 | SYSZ_INS_NILH, 688 | SYSZ_INS_NILL, 689 | SYSZ_INS_NIY, 690 | SYSZ_INS_NR, 691 | SYSZ_INS_NRK, 692 | SYSZ_INS_NY, 693 | SYSZ_INS_O, 694 | SYSZ_INS_OC, 695 | SYSZ_INS_OG, 696 | SYSZ_INS_OGR, 697 | SYSZ_INS_OGRK, 698 | SYSZ_INS_OI, 699 | SYSZ_INS_OIHF, 700 | SYSZ_INS_OIHH, 701 | SYSZ_INS_OIHL, 702 | SYSZ_INS_OILF, 703 | SYSZ_INS_OILH, 704 | SYSZ_INS_OILL, 705 | SYSZ_INS_OIY, 706 | SYSZ_INS_OR, 707 | SYSZ_INS_ORK, 708 | SYSZ_INS_OY, 709 | SYSZ_INS_PFD, 710 | SYSZ_INS_PFDRL, 711 | SYSZ_INS_RISBG, 712 | SYSZ_INS_RISBHG, 713 | SYSZ_INS_RISBLG, 714 | SYSZ_INS_RLL, 715 | SYSZ_INS_RLLG, 716 | SYSZ_INS_RNSBG, 717 | SYSZ_INS_ROSBG, 718 | SYSZ_INS_RXSBG, 719 | SYSZ_INS_S, 720 | SYSZ_INS_SDB, 721 | SYSZ_INS_SDBR, 722 | SYSZ_INS_SEB, 723 | SYSZ_INS_SEBR, 724 | SYSZ_INS_SG, 725 | SYSZ_INS_SGF, 726 | SYSZ_INS_SGFR, 727 | SYSZ_INS_SGR, 728 | SYSZ_INS_SGRK, 729 | SYSZ_INS_SH, 730 | SYSZ_INS_SHY, 731 | SYSZ_INS_SL, 732 | SYSZ_INS_SLB, 733 | SYSZ_INS_SLBG, 734 | SYSZ_INS_SLBR, 735 | SYSZ_INS_SLFI, 736 | SYSZ_INS_SLG, 737 | SYSZ_INS_SLBGR, 738 | SYSZ_INS_SLGF, 739 | SYSZ_INS_SLGFI, 740 | SYSZ_INS_SLGFR, 741 | SYSZ_INS_SLGR, 742 | SYSZ_INS_SLGRK, 743 | SYSZ_INS_SLL, 744 | SYSZ_INS_SLLG, 745 | SYSZ_INS_SLLK, 746 | SYSZ_INS_SLR, 747 | SYSZ_INS_SLRK, 748 | SYSZ_INS_SLY, 749 | SYSZ_INS_SQDB, 750 | SYSZ_INS_SQDBR, 751 | SYSZ_INS_SQEB, 752 | SYSZ_INS_SQEBR, 753 | SYSZ_INS_SQXBR, 754 | SYSZ_INS_SR, 755 | SYSZ_INS_SRA, 756 | SYSZ_INS_SRAG, 757 | SYSZ_INS_SRAK, 758 | SYSZ_INS_SRK, 759 | SYSZ_INS_SRL, 760 | SYSZ_INS_SRLG, 761 | SYSZ_INS_SRLK, 762 | SYSZ_INS_SRST, 763 | SYSZ_INS_ST, 764 | SYSZ_INS_STC, 765 | SYSZ_INS_STCH, 766 | SYSZ_INS_STCY, 767 | SYSZ_INS_STD, 768 | SYSZ_INS_STDY, 769 | SYSZ_INS_STE, 770 | SYSZ_INS_STEY, 771 | SYSZ_INS_STFH, 772 | SYSZ_INS_STG, 773 | SYSZ_INS_STGRL, 774 | SYSZ_INS_STH, 775 | SYSZ_INS_STHH, 776 | SYSZ_INS_STHRL, 777 | SYSZ_INS_STHY, 778 | SYSZ_INS_STMG, 779 | SYSZ_INS_STRL, 780 | SYSZ_INS_STRV, 781 | SYSZ_INS_STRVG, 782 | SYSZ_INS_STY, 783 | SYSZ_INS_SXBR, 784 | SYSZ_INS_SY, 785 | SYSZ_INS_TM, 786 | SYSZ_INS_TMHH, 787 | SYSZ_INS_TMHL, 788 | SYSZ_INS_TMLH, 789 | SYSZ_INS_TMLL, 790 | SYSZ_INS_TMY, 791 | SYSZ_INS_X, 792 | SYSZ_INS_XC, 793 | SYSZ_INS_XG, 794 | SYSZ_INS_XGR, 795 | SYSZ_INS_XGRK, 796 | SYSZ_INS_XI, 797 | SYSZ_INS_XIHF, 798 | SYSZ_INS_XILF, 799 | SYSZ_INS_XIY, 800 | SYSZ_INS_XR, 801 | SYSZ_INS_XRK, 802 | SYSZ_INS_XY, 803 | 804 | SYSZ_INS_ENDING, // <-- mark the end of the list of instructions 805 | } sysz_insn; 806 | 807 | //> Group of SystemZ instructions 808 | typedef enum sysz_insn_group { 809 | SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID 810 | 811 | //> Generic groups 812 | // all jump instructions (conditional+direct+indirect jumps) 813 | SYSZ_GRP_JUMP, // = CS_GRP_JUMP 814 | 815 | //> Architecture-specific groups 816 | SYSZ_GRP_DISTINCTOPS = 128, 817 | SYSZ_GRP_FPEXTENSION, 818 | SYSZ_GRP_HIGHWORD, 819 | SYSZ_GRP_INTERLOCKEDACCESS1, 820 | SYSZ_GRP_LOADSTOREONCOND, 821 | 822 | SYSZ_GRP_ENDING, // <-- mark the end of the list of groups 823 | } sysz_insn_group; 824 | 825 | #ifdef __cplusplus 826 | } 827 | #endif 828 | 829 | #endif 830 | -------------------------------------------------------------------------------- /src/capstone/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Operand type for instruction's operands 19 | typedef enum xcore_op_type { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | // Instruction's operand referring to memory 27 | // This is associated with XCORE_OP_MEM operand type above 28 | typedef struct xcore_op_mem { 29 | uint8_t base; // base register 30 | uint8_t index; // index register 31 | int32_t disp; // displacement/offset value 32 | int direct; // +1: forward, -1: backward 33 | } xcore_op_mem; 34 | 35 | // Instruction operand 36 | typedef struct cs_xcore_op { 37 | xcore_op_type type; // operand type 38 | union { 39 | unsigned int reg; // register value for REG operand 40 | int32_t imm; // immediate value for IMM operand 41 | xcore_op_mem mem; // base/disp value for MEM operand 42 | }; 43 | } cs_xcore_op; 44 | 45 | // Instruction structure 46 | typedef struct cs_xcore { 47 | // Number of operands of this instruction, 48 | // or 0 when instruction has no operand. 49 | uint8_t op_count; 50 | cs_xcore_op operands[8]; // operands for this instruction. 51 | } cs_xcore; 52 | 53 | //> XCore registers 54 | typedef enum xcore_reg { 55 | XCORE_REG_INVALID = 0, 56 | 57 | XCORE_REG_CP, 58 | XCORE_REG_DP, 59 | XCORE_REG_LR, 60 | XCORE_REG_SP, 61 | XCORE_REG_R0, 62 | XCORE_REG_R1, 63 | XCORE_REG_R2, 64 | XCORE_REG_R3, 65 | XCORE_REG_R4, 66 | XCORE_REG_R5, 67 | XCORE_REG_R6, 68 | XCORE_REG_R7, 69 | XCORE_REG_R8, 70 | XCORE_REG_R9, 71 | XCORE_REG_R10, 72 | XCORE_REG_R11, 73 | 74 | //> pseudo registers 75 | XCORE_REG_PC, // pc 76 | 77 | // internal thread registers 78 | // see The-XMOS-XS1-Architecture(X7879A).pdf 79 | XCORE_REG_SCP, // save pc 80 | XCORE_REG_SSR, // save status 81 | XCORE_REG_ET, // exception type 82 | XCORE_REG_ED, // exception data 83 | XCORE_REG_SED, // save exception data 84 | XCORE_REG_KEP, // kernel entry pointer 85 | XCORE_REG_KSP, // kernel stack pointer 86 | XCORE_REG_ID, // thread ID 87 | 88 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 89 | } xcore_reg; 90 | 91 | //> XCore instruction 92 | typedef enum xcore_insn { 93 | XCORE_INS_INVALID = 0, 94 | 95 | XCORE_INS_ADD, 96 | XCORE_INS_ANDNOT, 97 | XCORE_INS_AND, 98 | XCORE_INS_ASHR, 99 | XCORE_INS_BAU, 100 | XCORE_INS_BITREV, 101 | XCORE_INS_BLA, 102 | XCORE_INS_BLAT, 103 | XCORE_INS_BL, 104 | XCORE_INS_BF, 105 | XCORE_INS_BT, 106 | XCORE_INS_BU, 107 | XCORE_INS_BRU, 108 | XCORE_INS_BYTEREV, 109 | XCORE_INS_CHKCT, 110 | XCORE_INS_CLRE, 111 | XCORE_INS_CLRPT, 112 | XCORE_INS_CLRSR, 113 | XCORE_INS_CLZ, 114 | XCORE_INS_CRC8, 115 | XCORE_INS_CRC32, 116 | XCORE_INS_DCALL, 117 | XCORE_INS_DENTSP, 118 | XCORE_INS_DGETREG, 119 | XCORE_INS_DIVS, 120 | XCORE_INS_DIVU, 121 | XCORE_INS_DRESTSP, 122 | XCORE_INS_DRET, 123 | XCORE_INS_ECALLF, 124 | XCORE_INS_ECALLT, 125 | XCORE_INS_EDU, 126 | XCORE_INS_EEF, 127 | XCORE_INS_EET, 128 | XCORE_INS_EEU, 129 | XCORE_INS_ENDIN, 130 | XCORE_INS_ENTSP, 131 | XCORE_INS_EQ, 132 | XCORE_INS_EXTDP, 133 | XCORE_INS_EXTSP, 134 | XCORE_INS_FREER, 135 | XCORE_INS_FREET, 136 | XCORE_INS_GETD, 137 | XCORE_INS_GET, 138 | XCORE_INS_GETN, 139 | XCORE_INS_GETR, 140 | XCORE_INS_GETSR, 141 | XCORE_INS_GETST, 142 | XCORE_INS_GETTS, 143 | XCORE_INS_INCT, 144 | XCORE_INS_INIT, 145 | XCORE_INS_INPW, 146 | XCORE_INS_INSHR, 147 | XCORE_INS_INT, 148 | XCORE_INS_IN, 149 | XCORE_INS_KCALL, 150 | XCORE_INS_KENTSP, 151 | XCORE_INS_KRESTSP, 152 | XCORE_INS_KRET, 153 | XCORE_INS_LADD, 154 | XCORE_INS_LD16S, 155 | XCORE_INS_LD8U, 156 | XCORE_INS_LDA16, 157 | XCORE_INS_LDAP, 158 | XCORE_INS_LDAW, 159 | XCORE_INS_LDC, 160 | XCORE_INS_LDW, 161 | XCORE_INS_LDIVU, 162 | XCORE_INS_LMUL, 163 | XCORE_INS_LSS, 164 | XCORE_INS_LSUB, 165 | XCORE_INS_LSU, 166 | XCORE_INS_MACCS, 167 | XCORE_INS_MACCU, 168 | XCORE_INS_MJOIN, 169 | XCORE_INS_MKMSK, 170 | XCORE_INS_MSYNC, 171 | XCORE_INS_MUL, 172 | XCORE_INS_NEG, 173 | XCORE_INS_NOT, 174 | XCORE_INS_OR, 175 | XCORE_INS_OUTCT, 176 | XCORE_INS_OUTPW, 177 | XCORE_INS_OUTSHR, 178 | XCORE_INS_OUTT, 179 | XCORE_INS_OUT, 180 | XCORE_INS_PEEK, 181 | XCORE_INS_REMS, 182 | XCORE_INS_REMU, 183 | XCORE_INS_RETSP, 184 | XCORE_INS_SETCLK, 185 | XCORE_INS_SET, 186 | XCORE_INS_SETC, 187 | XCORE_INS_SETD, 188 | XCORE_INS_SETEV, 189 | XCORE_INS_SETN, 190 | XCORE_INS_SETPSC, 191 | XCORE_INS_SETPT, 192 | XCORE_INS_SETRDY, 193 | XCORE_INS_SETSR, 194 | XCORE_INS_SETTW, 195 | XCORE_INS_SETV, 196 | XCORE_INS_SEXT, 197 | XCORE_INS_SHL, 198 | XCORE_INS_SHR, 199 | XCORE_INS_SSYNC, 200 | XCORE_INS_ST16, 201 | XCORE_INS_ST8, 202 | XCORE_INS_STW, 203 | XCORE_INS_SUB, 204 | XCORE_INS_SYNCR, 205 | XCORE_INS_TESTCT, 206 | XCORE_INS_TESTLCL, 207 | XCORE_INS_TESTWCT, 208 | XCORE_INS_TSETMR, 209 | XCORE_INS_START, 210 | XCORE_INS_WAITEF, 211 | XCORE_INS_WAITET, 212 | XCORE_INS_WAITEU, 213 | XCORE_INS_XOR, 214 | XCORE_INS_ZEXT, 215 | 216 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 217 | } xcore_insn; 218 | 219 | //> Group of XCore instructions 220 | typedef enum xcore_insn_group { 221 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 222 | 223 | //> Generic groups 224 | // all jump instructions (conditional+direct+indirect jumps) 225 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 226 | 227 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 228 | } xcore_insn_group; 229 | 230 | #ifdef __cplusplus 231 | } 232 | #endif 233 | 234 | #endif 235 | -------------------------------------------------------------------------------- /src/libcapstone.a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cocoahuke/mackextdump/fe8dd412b19f8419c21013664cf309eb4ecd4e8f/src/libcapstone.a -------------------------------------------------------------------------------- /src/main.m: -------------------------------------------------------------------------------- 1 | // 2 | // main.m 3 | // parseDisasmKexts_Mac 4 | // 5 | // Created by huke on 8/10/16. 6 | // Copyright (c) 2016 com.cocoahuke. All rights reserved. 7 | // 8 | 9 | //parseDisasmKexts_Mac解析intel x86_64架构的内核扩展,可以保存输出为一个文件在分析时参数 10 | 11 | #import 12 | #include "capstone/capstone.h" 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | uint64_t rax; 22 | uint64_t rbx; 23 | uint64_t rcx; 24 | uint64_t rdx; 25 | uint64_t rdi; 26 | uint64_t rsi; 27 | uint64_t rbp; 28 | uint64_t rsp; 29 | uint64_t r8; 30 | uint64_t r9; 31 | uint64_t r10; 32 | uint64_t r11; 33 | uint64_t r12; 34 | uint64_t r13; 35 | uint64_t r14; 36 | uint64_t r15; 37 | uint64_t rip; 38 | 39 | 40 | //machoH、文件相关函数 41 | uint64_t machoGetVMAddr(uint8_t firstPage[4096],char *segname,char *sectname); 42 | uint64_t machoGetFileAddr(uint8_t firstPage[4096],char *segname,char *sectname); 43 | uint64_t machoGetSize(uint8_t firstPage[4096],char *segname,char *sectname); 44 | uint64_t FilegetSize(char *file_path); 45 | 46 | //分析每个内核扩展中的ModInit函数,主要的分析汇编代码的函数 47 | void AnalysisModInitOfKEXT(void *bin); 48 | 49 | 50 | int64_t getMEMOPoffset(csh handle,const cs_insn *insn); //得到lea指令的内存偏移数 51 | int getMEMOPregister(csh handle,const cs_insn *insn); //得到lea指令的偏移寄存器 52 | 53 | int getFirstReg(csh handle,const cs_insn *insn); //得到第一个寄存器 54 | int getSecondReg(csh handle,const cs_insn *insn); //得到第二个寄存器 55 | 56 | uint64_t getSingleIMM(csh handle,const cs_insn *insn); //得到单条指令的立即数 57 | 58 | void* getMemFromAddrOfVM(void* bin,uint64_t CurFunc_FilebaseAddr,uint64_t CurFunc_VMbaseAddr,uint64_t cur_VMAddr);//转换汇编的虚拟内存地址,返回在内存中的实际内容 59 | 60 | uint64_t getfileoffFromAddrOfVM(uint64_t CurFunc_FilebaseAddr,uint64_t CurFunc_VMbaseAddr,uint64_t cur_VMAddr);//转换虚拟内存地址,返回文件中偏移地址 61 | //press here 62 | uint64_t* getActualVarFromRegName(uint64_t address,int RegName);//根据寄存器名字得到对应的变量 63 | 64 | //新しい函数 65 | void getName_ClassAndFunc_of_Cpp(char *cpp_name,char *res[2]); //解析函数名从编译后的C++名字,返回字符串数组指针[0]Class[1]func 具体看下面用法 66 | 67 | char *KextGetBundleID(void *bin); 68 | //传入每个KEXT的二进制,返回该KEXT的CFBundleID 69 | 70 | void ParseVtable(char *cn,uint64_t class_self,uint64_t class_super,void *bin,uint64_t VMaddr,uint64_t fileoff);//分析类的虚表 71 | 72 | NSMutableDictionary *kernel_exportSym; //k:引用内核符号地址 v:符号名 73 | NSMutableDictionary *exportSym; //正常符号表 //k:引用符号地址 v:符号名 74 | void parse_symbols(void *buf);//解析符号段 New:解析内核导出函数 75 | 76 | int check_PointerAddrInVM(uint64_t tar_addr);//检查指针指向位置是否在已分配的虚拟内存内,正确返回1 77 | 78 | //下面的变量在基础IO类中收集的信息,在这个程序中为全局变量 79 | 80 | char *cur_kext_path = NULL; 81 | 82 | void start(const char *path){ 83 | char *kext_path = (char*)path; 84 | cur_kext_path = kext_path; 85 | 86 | uint64_t kext_size = FilegetSize(kext_path); 87 | if(kext_size==0){ 88 | printf("FilegetSize Error\n"); 89 | exit(1); 90 | } 91 | 92 | void *kext_bin = malloc(kext_size); 93 | 94 | FILE *fp = fopen(kext_path,"ro"); 95 | if(fread(kext_bin,1,kext_size,fp)!=kext_size){ 96 | printf("read error\n"); 97 | exit(1); 98 | } 99 | fclose(fp); 100 | 101 | parse_symbols(kext_bin); 102 | 103 | if(!kernel_exportSym){free(kext_bin);return;} 104 | if(!exportSym){free(kext_bin);return;} 105 | 106 | AnalysisModInitOfKEXT(kext_bin); 107 | free(kext_bin); 108 | } 109 | 110 | void usage(){ 111 | printf("Usage: mackextdump [-s ] \n"); 112 | } 113 | 114 | int check_file_exist(char *path){ 115 | if(!access(path,F_OK)){ 116 | if(!access(path,R_OK)){ 117 | return 0; 118 | } 119 | return -1; 120 | } 121 | return -1; 122 | } 123 | 124 | int main(int argc, const char * argv[]) { 125 | 126 | const char *SINGLE_KEXT_EXEC_PATH = NULL; 127 | 128 | if(argc==1){ 129 | printf("wrong args\n");usage();exit(1); 130 | } 131 | 132 | for(int i=0;i=argc?nil:argv[i]; 138 | start(SINGLE_KEXT_EXEC_PATH); 139 | exit(1); 140 | } 141 | } 142 | 143 | NSFileManager *fm = [NSFileManager defaultManager]; 144 | NSString *ext_path = [NSString stringWithUTF8String:argv[argc-1]]; 145 | NSArray *kext_arr = [fm contentsOfDirectoryAtPath:ext_path error:nil]; 146 | if(!kext_arr){ 147 | printf("%s is a wrong path, please specify a Extensions folder that copy from /System/Library/Extensions\n",argv[argc-1]);exit(1); 148 | } 149 | for(int i=0;i<[kext_arr count];i++){ 150 | NSString *MacOSpath = [NSString stringWithFormat:@"%@/%@/Contents/MacOS",ext_path,kext_arr[i]]; 151 | if([fm fileExistsAtPath:MacOSpath]){ 152 | NSArray *exec_arr = [fm contentsOfDirectoryAtPath:MacOSpath error:nil]; 153 | NSString *exec_path = [NSString stringWithFormat:@"%@/%@",MacOSpath,exec_arr[0]]; 154 | start([exec_path UTF8String]); 155 | //NSLog(@"%d: %@",i,kext_arr[i]); 156 | } 157 | else{ 158 | //Doesn't have Macos folder 159 | } 160 | } 161 | 162 | return 0; 163 | } 164 | 165 | 166 | uint64_t machoGetVMAddr(uint8_t firstPage[4096],char *segname,char *sectname){ 167 | if(!segname){ 168 | printf("machoH missing segname,it must need segname\n"); 169 | exit(1); 170 | } 171 | 172 | struct fat_header* fileStartAsFat = (struct fat_header*)firstPage; 173 | if(fileStartAsFat->magic==FAT_CIGAM||fileStartAsFat->magic==FAT_MAGIC){ 174 | printf("machoH is fat\n"); 175 | return -1; 176 | } 177 | 178 | struct mach_header *mh = (struct mach_header*)firstPage; 179 | 180 | int is32 = 1; 181 | 182 | if(mh->magic==MH_MAGIC||mh->magic==MH_CIGAM){ 183 | is32 = 1; 184 | return 0; 185 | } 186 | else if(mh->magic==MH_MAGIC_64||mh->magic==MH_CIGAM_64){ 187 | is32 = 0; 188 | } 189 | 190 | const uint32_t cmd_count = mh->ncmds; 191 | struct load_command *cmds = (struct load_command*)((char*)firstPage+(is32?sizeof(struct mach_header):sizeof(struct mach_header_64))); 192 | struct load_command* cmd = cmds; 193 | for (uint32_t i = 0; i < cmd_count; ++i){ 194 | switch (cmd->cmd) { 195 | case LC_SEGMENT_64: 196 | { 197 | struct segment_command_64 *seg = (struct segment_command_64*)cmd; 198 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 199 | if(!sectname){ 200 | //如果没有sectname,代表该seg的VM起始地址 201 | return seg->vmaddr; 202 | } 203 | 204 | //匹配section 205 | const uint32_t sec_count = seg->nsects; 206 | struct section_64 *sec = (struct section_64*)((char*)seg + sizeof(struct segment_command_64)); 207 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 209 | return sec->addr; 210 | } 211 | sec = (struct section_64*)((char*)sec + sizeof(struct section_64)); 212 | } 213 | 214 | } 215 | 216 | } 217 | /*case LC_SEGMENT: 218 | { 219 | struct segment_command *seg = (struct segment_command*)cmd; 220 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 221 | if(!sectname){ 222 | //如果没有sectname,代表该seg的VM起始地址 223 | return seg->vmaddr; 224 | } 225 | 226 | //匹配section 227 | const uint32_t sec_count = seg->nsects; 228 | struct section *sec = (struct section*)((char*)seg + sizeof(struct segment_command)); 229 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 231 | return sec->addr; 232 | } 233 | sec = (struct section*)((char*)sec + sizeof(struct section)); 234 | } 235 | 236 | } 237 | 238 | }*/ 239 | break; 240 | } 241 | cmd = (struct load_command*)((char*)cmd + cmd->cmdsize); 242 | } 243 | return -1; 244 | } 245 | 246 | uint64_t machoGetFileAddr(uint8_t firstPage[4096],char *segname,char *sectname){ 247 | if(!segname){ 248 | printf("machoH missing segname,it must need segname\n"); 249 | exit(1); 250 | } 251 | 252 | struct fat_header* fileStartAsFat = (struct fat_header*)firstPage; 253 | if(fileStartAsFat->magic==FAT_CIGAM||fileStartAsFat->magic==FAT_MAGIC){ 254 | printf("machoH is fat\n"); 255 | return -1; 256 | } 257 | 258 | struct mach_header *mh = (struct mach_header*)firstPage; 259 | 260 | int is32 = 1; 261 | 262 | if(mh->magic==MH_MAGIC||mh->magic==MH_CIGAM){ 263 | is32 = 1; 264 | return 0; 265 | } 266 | else if(mh->magic==MH_MAGIC_64||mh->magic==MH_CIGAM_64){ 267 | is32 = 0; 268 | } 269 | 270 | const uint32_t cmd_count = mh->ncmds; 271 | struct load_command *cmds = (struct load_command*)((char*)firstPage+(is32?sizeof(struct mach_header):sizeof(struct mach_header_64))); 272 | struct load_command* cmd = cmds; 273 | for (uint32_t i = 0; i < cmd_count; ++i){ 274 | switch (cmd->cmd) { 275 | case LC_SEGMENT_64: 276 | { 277 | struct segment_command_64 *seg = (struct segment_command_64*)cmd; 278 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 279 | if(!sectname){ 280 | return seg->fileoff; 281 | } 282 | 283 | //匹配section 284 | const uint32_t sec_count = seg->nsects; 285 | struct section_64 *sec = (struct section_64*)((char*)seg + sizeof(struct segment_command_64)); 286 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 288 | return sec->offset; 289 | } 290 | sec = (struct section_64*)((char*)sec + sizeof(struct section_64)); 291 | } 292 | 293 | } 294 | 295 | } 296 | case LC_SEGMENT: 297 | { 298 | struct segment_command *seg = (struct segment_command*)cmd; 299 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 300 | if(!sectname){ 301 | return seg->fileoff; 302 | } 303 | 304 | //匹配section 305 | const uint32_t sec_count = seg->nsects; 306 | struct section *sec = (struct section*)((char*)seg + sizeof(struct segment_command)); 307 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 309 | return sec->offset; 310 | } 311 | sec = (struct section*)((char*)sec + sizeof(struct section)); 312 | } 313 | 314 | } 315 | 316 | } 317 | break; 318 | } 319 | cmd = (struct load_command*)((char*)cmd + cmd->cmdsize); 320 | } 321 | return -1; 322 | } 323 | 324 | uint64_t machoGetSize(uint8_t firstPage[4096],char *segname,char *sectname){ 325 | if(!segname){ 326 | printf("machoH missing segname,it must need segname\n"); 327 | exit(1); 328 | } 329 | 330 | struct fat_header* fileStartAsFat = (struct fat_header*)firstPage; 331 | if(fileStartAsFat->magic==FAT_CIGAM||fileStartAsFat->magic==FAT_MAGIC){ 332 | printf("machoH is fat\n"); 333 | return -1; 334 | } 335 | 336 | struct mach_header *mh = (struct mach_header*)firstPage; 337 | 338 | int is32 = 1; 339 | 340 | if(mh->magic==MH_MAGIC||mh->magic==MH_CIGAM){ 341 | is32 = 1; 342 | return 0; 343 | } 344 | else if(mh->magic==MH_MAGIC_64||mh->magic==MH_CIGAM_64){ 345 | is32 = 0; 346 | } 347 | 348 | const uint32_t cmd_count = mh->ncmds; 349 | struct load_command *cmds = (struct load_command*)((char*)firstPage+(is32?sizeof(struct mach_header):sizeof(struct mach_header_64))); 350 | struct load_command* cmd = cmds; 351 | for (uint32_t i = 0; i < cmd_count; ++i){ 352 | switch (cmd->cmd) { 353 | case LC_SEGMENT_64: 354 | { 355 | struct segment_command_64 *seg = (struct segment_command_64*)cmd; 356 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 357 | if(!sectname){ 358 | return seg->filesize; 359 | } 360 | 361 | //匹配section 362 | const uint32_t sec_count = seg->nsects; 363 | struct section_64 *sec = (struct section_64*)((char*)seg + sizeof(struct segment_command_64)); 364 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 366 | return sec->size; 367 | } 368 | sec = (struct section_64*)((char*)sec + sizeof(struct section_64)); 369 | } 370 | 371 | } 372 | 373 | } 374 | case LC_SEGMENT: 375 | { 376 | struct segment_command *seg = (struct segment_command*)cmd; 377 | if(memcmp(seg->segname,segname,strlen(seg->segname))==0){ 378 | if(!sectname){ 379 | return seg->filesize; 380 | } 381 | 382 | //匹配section 383 | const uint32_t sec_count = seg->nsects; 384 | struct section *sec = (struct section*)((char*)seg + sizeof(struct segment_command)); 385 | for(uint32_t ii = 0; ii sectname,sectname,strlen(sec->sectname))==0){ 387 | return sec->size; 388 | } 389 | sec = (struct section*)((char*)sec + sizeof(struct section)); 390 | } 391 | 392 | } 393 | 394 | } 395 | break; 396 | } 397 | cmd = (struct load_command*)((char*)cmd + cmd->cmdsize); 398 | } 399 | return -1; 400 | } 401 | 402 | uint64_t FilegetSize(char *file_path){ 403 | struct stat buf; 404 | if ( stat(file_path,&buf) < 0 ) 405 | { 406 | perror(file_path); 407 | exit(1); 408 | } 409 | return buf.st_size; 410 | } 411 | 412 | #pragma mark imp:分析每个内核扩展中的ModInit函数,主要的分析汇编代码的函数 413 | void AnalysisModInitOfKEXT(void *bin){ 414 | 415 | csh handle; 416 | cs_insn *insn; 417 | size_t count; 418 | 419 | if(cs_open(CS_ARCH_X86,CS_MODE_64|CS_MODE_LITTLE_ENDIAN,&handle)!=CS_ERR_OK){ 420 | printf("AnalysisModInitOfKEXT cs_open出错\n"); 421 | exit(1); 422 | } 423 | 424 | cs_option(handle,CS_OPT_DETAIL, CS_OPT_ON); 425 | 426 | uint64_t modInitVM = machoGetVMAddr(bin,"__DATA","__mod_init_func"); 427 | if(modInitVM==-1){ 428 | return; 429 | } 430 | uint64_t modInitFileoff = machoGetFileAddr(bin,"__DATA","__mod_init_func"); 431 | uint64_t modInitSize = machoGetSize(bin,"__DATA","__mod_init_func"); 432 | 433 | //printf("\ntotal %llu modInit in \n",modInitSize/8); 434 | 435 | char *cn = NULL; 436 | 437 | for(int ab=0;ab0){ 484 | //立即数给寄存器 485 | //eg. mov rax,0x4 486 | 487 | uint64_t imm = getSingleIMM(handle,&insn[j]); 488 | int first_reg = getFirstReg(handle,&insn[j]); 489 | 490 | uint64_t* xx = getActualVarFromRegName(insn[j].address,first_reg); 491 | if(!xx) 492 | return; 493 | if(xx){ 494 | *xx = imm; 495 | } 496 | 497 | }else{ 498 | //没有立即数 499 | int acount2 = cs_op_count(handle,&insn[j],ARM64_OP_MEM); 500 | if(acount2){ 501 | //一个寄存器读取一个地址处的值 502 | 503 | int mem_reg = getMEMOPregister(handle,&insn[j]); 504 | if(mem_reg==X86_REG_RIP){ 505 | //读取来自rip的偏移 506 | //eg. mov rdx, qword ptr [rip + 0x9c7] 507 | 508 | uint64_t mem_offset = getMEMOPoffset(handle,&insn[j]); 509 | int f_reg = getFirstReg(handle,&insn[j]); 510 | uint64_t vmaddr = insn[j+1].address + mem_offset; 511 | uint64_t *ref = getMemFromAddrOfVM(bin,modInitFileoff,modInitVM,vmaddr); 512 | uint64_t* xx = getActualVarFromRegName(insn[j].address,f_reg); 513 | if(!xx) 514 | return; 515 | if(xx){ 516 | *xx = *ref; 517 | } 518 | } 519 | //end of acount2 520 | } 521 | } 522 | } 523 | } 524 | 525 | 526 | #pragma mark KEXT_DEBUG:LEA OP 527 | if(strstr(insn[j].mnemonic,"lea")){ 528 | 529 | int first_reg = getFirstReg(handle,&insn[j]); 530 | 531 | int64_t offset = getMEMOPoffset(handle,&insn[j]); 532 | int offset_reg = getMEMOPregister(handle,&insn[j]); 533 | 534 | uint64_t lea_ref_vm; 535 | 536 | if(offset_reg==X86_REG_RIP){ 537 | int64_t cur_ip = insn[j+1].address; 538 | lea_ref_vm = cur_ip + offset; 539 | if(cn){ 540 | ParseVtable(cn,rdi,rcx,bin,lea_ref_vm,getfileoffFromAddrOfVM(curFunc_FilebaseAddr,curFunc_VMbaseAddr,lea_ref_vm)); 541 | cn = NULL; 542 | } 543 | 544 | } 545 | else{ 546 | uint64_t* offset_xx = getActualVarFromRegName(insn[j].address,offset_reg); 547 | if(!offset_xx) 548 | return; 549 | lea_ref_vm = *offset_xx + offset; 550 | } 551 | 552 | uint64_t* xx = getActualVarFromRegName(insn[j].address,first_reg); 553 | if(!xx) 554 | return; 555 | if(xx){ 556 | *xx = lea_ref_vm; 557 | } 558 | 559 | //uint64_t *lea_ref_mem = getMemFromAddrOfVM(bin,modInitFileoff,modInitVM,lea_ref_vm); 560 | } 561 | 562 | #pragma mark KEXT_DEBUG:CALL OP 563 | if(!strcmp(insn[j].mnemonic,"call")){ 564 | uint64_t jump_to = getSingleIMM(handle,&insn[j]); 565 | if(jump_to){ 566 | 567 | NSNumber *findkey = [NSNumber numberWithUnsignedLongLong:insn[j].address+1]; 568 | NSString *sym_name = [kernel_exportSym objectForKey:findkey]; 569 | if(sym_name&&[sym_name isEqualToString:@"__ZN11OSMetaClassC2EPKcPKS_j"]){ 570 | //意为调用OSMetaClass 571 | printf("(0x%llx)->OSMetaClass:OSMetaClass call 4 args list\n",insn[j].address); 572 | printf("rdi:0x%llx\n",rdi); 573 | char *rsi_classname = getMemFromAddrOfVM(bin,modInitFileoff,modInitVM,rsi); 574 | cn = rsi_classname; 575 | printf("rsi:%s\n",rsi_classname); 576 | printf("rdx:0x%llx\n",rdx); 577 | printf("rcx:0x%llx\n",rcx); 578 | 579 | //printf("vtable:0x%llx\n",ip_addr+ip_offset); 580 | 581 | 582 | 583 | // 584 | //printf("vtable:0x%llx\n",vtable_start); 585 | } 586 | } 587 | } 588 | 589 | #pragma mark KEXT_DEBUG:RET OP 590 | if(strstr(insn[j].mnemonic,"ret")){ 591 | break; 592 | } 593 | 594 | } 595 | cs_free(insn,count); 596 | 597 | } 598 | } 599 | 600 | //转换汇编的虚拟内存地址,返回在内存中的实际内容 601 | #pragma mark imp:转换汇编的虚拟内存地址,返回在内存中的实际内容 602 | void* getMemFromAddrOfVM(void* bin,uint64_t CurFunc_FilebaseAddr,uint64_t CurFunc_VMbaseAddr,uint64_t cur_VMAddr){ 603 | //这里以当前函数VM地址计算,而不是以该二进制最小的VM地址计算的原因是,虽然该二进制总共映射到VM的大小肯定就是文件中的size,但VM地址是可以不连续的,仅仅对于函数时连续的. 604 | uint64_t offset = cur_VMAddr - CurFunc_VMbaseAddr; 605 | //这里可以对offset增加判断,比如不能小于0 606 | return bin+CurFunc_FilebaseAddr+offset; 607 | } 608 | 609 | //转换虚拟内存地址,返回文件中偏移地址 610 | #pragma mark imp:转换虚拟内存地址,返回文件中偏移地址 611 | uint64_t getfileoffFromAddrOfVM(uint64_t CurFunc_FilebaseAddr,uint64_t CurFunc_VMbaseAddr,uint64_t cur_VMAddr){ 612 | return (uint64_t)((uint64_t)CurFunc_FilebaseAddr+((uint64_t)cur_VMAddr-(uint64_t)CurFunc_VMbaseAddr)); 613 | } 614 | 615 | //得到str/ldr指令的内存偏移数 616 | #pragma mark imp:得到str/ldr指令的内存偏移数 617 | int64_t getMEMOPoffset(csh handle,const cs_insn *insn){ 618 | int64_t offset; 619 | int acount = cs_op_count(handle,insn,X86_OP_MEM); 620 | if (acount) { 621 | if(acount>1) 622 | printf("getMEMOPoffset 多个偏移量\n"); 623 | for (int i = 1; i < acount + 1;/*i++*/) { 624 | int index = cs_op_index(handle,insn,X86_OP_MEM,i); 625 | offset = insn->detail->x86.operands[index].mem.disp; 626 | return offset; 627 | } 628 | } 629 | return 0; 630 | } 631 | 632 | //得到lea指令的偏移寄存器 633 | #pragma mark imp:得到lea指令的偏移寄存器 634 | int getMEMOPregister(csh handle,const cs_insn *insn){ 635 | uint32_t i,offset; 636 | int acount = cs_op_count(handle,insn,X86_OP_MEM); 637 | if (acount) { 638 | if(acount>1) 639 | printf("getMEMOPregister 多个偏移量\n"); 640 | for (i = 1; i < acount + 1;/*i++*/) { 641 | int index = cs_op_index(handle,insn,X86_OP_MEM,i); 642 | offset = insn->detail->x86.operands[index].mem.base; 643 | return offset; 644 | } 645 | } 646 | return 0; 647 | } 648 | 649 | //得到第一个寄存器 650 | #pragma mark imp:得到第一个寄存器 651 | int getFirstReg(csh handle,const cs_insn *insn){ 652 | int i,s_reg; 653 | int acount = cs_op_count(handle,insn,X86_OP_REG); 654 | if (acount) { 655 | for (i = 1; i < acount + 1;i++) { 656 | int index = cs_op_index(handle,insn,X86_OP_REG,i); 657 | if(i==1){ 658 | s_reg = insn->detail->x86.operands[index].reg; 659 | return s_reg; 660 | } 661 | } 662 | } 663 | return 0; 664 | } 665 | 666 | //得到第二个寄存器 667 | #pragma mark imp:得到第二个寄存器 668 | int getSecondReg(csh handle,const cs_insn *insn){ 669 | int i,s_reg; 670 | int acount = cs_op_count(handle,insn,X86_OP_REG); 671 | if (acount) { 672 | if(acount<2) 673 | printf("getSecondReg 少于一个寄存器\n"); 674 | for (i = 1; i < acount + 1;i++) { 675 | int index = cs_op_index(handle,insn,X86_OP_REG,i); 676 | if(i==2){ 677 | s_reg = insn->detail->x86.operands[index].reg; 678 | return s_reg; 679 | } 680 | } 681 | } 682 | return 0; 683 | } 684 | 685 | //得到单条指令的立即数 686 | #pragma mark imp:得到单条指令的立即数 687 | uint64_t getSingleIMM(csh handle,const cs_insn *insn){ 688 | int i; 689 | uint64_t imm; 690 | int acount = cs_op_count(handle,insn,X86_OP_IMM); 691 | if (acount) { 692 | if(acount>1) 693 | printf("getSingleIMM 多个立即数\n"); 694 | for (i = 1; i < acount + 1;/*i++*/) { 695 | int index = cs_op_index(handle,insn,X86_OP_IMM,i); 696 | imm = insn->detail->x86.operands[index].imm; 697 | return imm; 698 | } 699 | } 700 | return 0; 701 | } 702 | 703 | //检查指针指向位置是否在已分配的虚拟内存内,正确返回1 704 | #pragma mark imp:检查指针指向位置是否在已分配的虚拟内存内,正确返回1 705 | int check_PointerAddrInVM(uint64_t tar_addr) 706 | { 707 | //仅限使用64位程序,32位请修改 708 | int pid = 0; 709 | pid_for_task(mach_task_self(),&pid); 710 | 711 | vm_map_t task = 0; 712 | task_for_pid(mach_task_self(),pid,&task); 713 | 714 | int avai = 0; 715 | 716 | kern_return_t ret; 717 | vm_region_submap_info_data_64_t info; 718 | vm_size_t size; 719 | mach_msg_type_number_t info_count = VM_REGION_SUBMAP_INFO_COUNT_64; 720 | unsigned int depth = 0; 721 | vm_address_t addr = 0; 722 | while (1) { 723 | ret = vm_region_recurse_64(task, &addr, &size, &depth, (vm_region_info_t)&info, &info_count); 724 | 725 | if (ret != KERN_SUCCESS) 726 | break; 727 | if(addr>0x7fff00000000) 728 | break; 729 | if(tar_addr>=addr&&tar_addr<=addr+size){ 730 | avai = 1; 731 | } 732 | //printf("region 0x%lx - 0x%lx\n",addr,addr+size); 733 | addr = addr + size; 734 | } 735 | 736 | if(avai==1) 737 | return 1; 738 | else 739 | return 0; 740 | 741 | return 0; 742 | } 743 | 744 | //根据寄存器名字得到对应的变量 745 | #pragma mark imp:根据寄存器名字得到对应的变量 746 | uint64_t* getActualVarFromRegName(uint64_t address,int RegName){ 747 | switch (RegName) { 748 | case X86_REG_RAX: 749 | return &rax; 750 | break; 751 | case X86_REG_RBX: 752 | return &rbx; 753 | break; 754 | case X86_REG_RCX: 755 | return &rcx; 756 | break; 757 | case X86_REG_RDX: 758 | return &rdx; 759 | break; 760 | case X86_REG_RDI: 761 | return &rdi; 762 | break; 763 | case X86_REG_RSI: 764 | return &rsi; 765 | break; 766 | case X86_REG_RBP: 767 | return &rbp; 768 | break; 769 | case X86_REG_RSP: 770 | return &rsp; 771 | break; 772 | case X86_REG_R8: 773 | return &r8; 774 | break; 775 | case X86_REG_R9: 776 | return &r9; 777 | break; 778 | case X86_REG_R10: 779 | return &r10; 780 | break; 781 | case X86_REG_R11: 782 | return &r11; 783 | break; 784 | case X86_REG_R12: 785 | return &r12; 786 | break; 787 | case X86_REG_R13: 788 | return &r13; 789 | break; 790 | case X86_REG_R14: 791 | return &r14; 792 | break; 793 | case X86_REG_R15: 794 | return &r15; 795 | break; 796 | case X86_REG_RIP: 797 | return &rip; 798 | break; 799 | default: 800 | break; 801 | } 802 | #pragma mark USE_32Bit_Register 803 | switch (RegName) { 804 | case X86_REG_EAX: 805 | return &rax; 806 | break; 807 | case X86_REG_EBX: 808 | return &rbx; 809 | break; 810 | case X86_REG_ECX: 811 | return &rcx; 812 | break; 813 | case X86_REG_EDX: 814 | return &rdx; 815 | break; 816 | case X86_REG_EDI: 817 | return &rdi; 818 | break; 819 | case X86_REG_ESI: 820 | return &rsi; 821 | break; 822 | default: 823 | break; 824 | } 825 | printf("0x%llx getActualVarFromRegName 没有设置对应的寄存器\n",address); 826 | return NULL; 827 | } 828 | 829 | //解析符号段 830 | #pragma mark imp:解析符号段 831 | void parse_symbols(void *buf){ 832 | //记录所有调用的地址和函数名 833 | //对静态地址用0xff填充,eg. 类的函数虚表 834 | 835 | struct mach_header *mh = buf; 836 | 837 | //检测Fat 838 | struct fat_header* fileStartAsFat = (struct fat_header*)buf; 839 | if(fileStartAsFat->magic==FAT_CIGAM||fileStartAsFat->magic==FAT_MAGIC){ 840 | printf("is fat\n"); 841 | return; 842 | } 843 | 844 | //决定32/64位 845 | if(mh->magic==MH_MAGIC||mh->magic==MH_CIGAM){ 846 | printf("only support 64\n"); 847 | return; 848 | } 849 | 850 | kernel_exportSym = [NSMutableDictionary new]; 851 | exportSym = [NSMutableDictionary new]; 852 | NSMutableArray *tmp_symsname = [NSMutableArray new]; 853 | 854 | const uint32_t cmd_count = mh->ncmds; 855 | struct load_command *cmds = (struct load_command*)((char*)mh+sizeof(struct mach_header_64)); 856 | struct load_command* cmd = cmds; 857 | for (uint32_t i = 0; i < cmd_count; ++i){ 858 | switch (cmd->cmd) { 859 | case LC_SYMTAB:{ 860 | struct symtab_command *sym_cmd = (struct symtab_command*)cmd; 861 | uint32_t symoff = sym_cmd->symoff; 862 | uint32_t nsyms = sym_cmd->nsyms; 863 | uint32_t stroff = sym_cmd->stroff; 864 | uint32_t strsize = sym_cmd->strsize; 865 | 866 | for(int i =0;in_un.n_strx + stroff; 870 | [tmp_symsname addObject:[NSNumber numberWithUnsignedLongLong:(unsigned long)def_str]]; 871 | if(nn->n_value!=0){ 872 | [exportSym setObject:[NSString stringWithUTF8String:def_str] forKey:[NSNumber numberWithUnsignedLongLong:nn->n_value]]; 873 | } 874 | 875 | } 876 | } 877 | break; 878 | case LC_DYSYMTAB:{ 879 | 880 | struct dysymtab_command* dy_cmd = (struct dysymtab_command*)cmd; 881 | uint32_t extrefsymoff = dy_cmd->extreloff; 882 | uint32_t nextrel = dy_cmd->nextrel; 883 | 884 | for(int i=0;ir_pcrel==0){ 887 | memset((char*)buf+relo_info->r_address,0xff,sizeof(void*)); 888 | } 889 | else if(relo_info->r_extern){ 890 | char *def_str = (char*)[tmp_symsname[relo_info->r_symbolnum] unsignedLongLongValue]; 891 | [kernel_exportSym setObject:[NSString stringWithUTF8String:def_str] forKey:[NSNumber numberWithUnsignedLongLong:relo_info->r_address]]; 892 | } 893 | } 894 | //printf("patch %lu place for 0xff instead\n",(unsigned long)[tmp_symsname count]); 895 | 896 | } 897 | 898 | break; 899 | } 900 | cmd = (struct load_command*)((char*)cmd + cmd->cmdsize); 901 | } 902 | 903 | } 904 | 905 | #pragma mark imp:解析函数名从编译后的C++名字: 906 | void getName_ClassAndFunc_of_Cpp(char *cpp_name,char *res[2]){ 907 | 908 | if(!res){ 909 | printf("getName_ClassAndFunc_of_Cpp NULL arg: char **res[2]\n"); 910 | exit(1); 911 | } 912 | 913 | char *class_name=0,*func_name=0; 914 | 915 | NSString *orig_str = [NSString stringWithUTF8String:cpp_name]; 916 | NSString *tmpStr; 917 | NSScanner *scanner = [NSScanner scannerWithString:orig_str]; 918 | NSCharacterSet *num = [NSCharacterSet characterSetWithCharactersInString:@"0123456789"]; 919 | [scanner scanUpToCharactersFromSet:num intoString:NULL]; 920 | 921 | [scanner scanCharactersFromSet:num intoString:&tmpStr]; 922 | if(tmpStr){ 923 | //检查长度过滤出类名,裁剪原字符串 924 | size_t used_len = [scanner scanLocation]+[tmpStr integerValue]; 925 | if(used_len<=[orig_str length]){ 926 | class_name = (char*)[[orig_str substringWithRange:NSMakeRange([scanner scanLocation],[tmpStr integerValue])] UTF8String]; 927 | //printf("class_name: %s\n",class_name); 928 | orig_str = [orig_str substringWithRange:NSMakeRange(used_len,[orig_str length]-used_len)]; 929 | scanner = [NSScanner scannerWithString:orig_str]; 930 | [scanner scanUpToCharactersFromSet:num intoString:NULL]; 931 | } 932 | } 933 | 934 | if(class_name){ 935 | tmpStr = @""; 936 | [scanner scanCharactersFromSet:num intoString:&tmpStr]; 937 | if(tmpStr){ 938 | //检查长度过滤出函数名 939 | size_t used_len = [scanner scanLocation]+[tmpStr integerValue]; 940 | if(used_len<=[orig_str length]){ 941 | func_name = (char*)[[orig_str substringWithRange:NSMakeRange([scanner scanLocation],[tmpStr integerValue])] UTF8String]; 942 | //printf("func_name: %s\n",func_name); 943 | } 944 | } 945 | } 946 | 947 | if(class_name&&func_name){ 948 | res[0] = class_name; 949 | res[1] = func_name; 950 | return; 951 | //printf("class_name: %s\n",class_name); 952 | //printf("func_name: %s\n",func_name); 953 | } 954 | res[0] = 0; 955 | res[1] = 0; 956 | } 957 | 958 | #pragma mark imp://分析类的虚表 959 | void ParseVtable(char *cn,uint64_t class_self,uint64_t class_super,void *bin,uint64_t VMaddr,uint64_t fileoff){ 960 | //printf("lea:0x%llx %s\n",VMaddr,cn); 961 | 962 | //uint64_t __text_start = machoGetVMAddr(bin,"__TEXT","__text"); 963 | //uint64_t __text_end = __text_start + machoGetSize(bin,"__TEXT","__text"); 964 | 965 | uint64_t __const_start = machoGetVMAddr(bin,"__DATA","__const"); 966 | 967 | //uint64_t *class_self = (uint64_t*)rdi; 968 | //uint64_t ip_addr = insn[j+2].address; 969 | //int64_t ip_offset = getMEMOPoffset(handle,&insn[j+1]); 970 | 971 | uint64_t vtable_start = 0; 972 | 973 | for(uint64_t cur_addr = VMaddr;cur_addr>=__const_start;){ 974 | //这里是尝试在内存中找到自己类的地址的匹配 975 | uint64_t *check_curAddr = getMemFromAddrOfVM(bin,fileoff,VMaddr,cur_addr); 976 | if(!memcmp(check_curAddr,&class_self,sizeof(class_self))){ 977 | //找到啦~ じゃ保存起来 978 | vtable_start = cur_addr; 979 | 980 | //exit(1); 981 | break; 982 | } 983 | cur_addr = cur_addr - 0x8; 984 | } 985 | 986 | 987 | 988 | if(vtable_start){ 989 | for(int i=0x0;i<0x28;i=i+0x8){ 990 | uint64_t *check_curAddr = getMemFromAddrOfVM(bin,fileoff,VMaddr,vtable_start+i); 991 | if(check_PointerAddrInVM((uint64_t)check_curAddr)){ 992 | if(*check_curAddr==0x0){ 993 | vtable_start = vtable_start + i; 994 | for(int z=0x0;z<0x28;z=z+0x8){ 995 | uint64_t *check_non_empty = getMemFromAddrOfVM(bin,fileoff,VMaddr,vtable_start+z); 996 | if(check_PointerAddrInVM((uint64_t)check_non_empty)){ 997 | if(*check_non_empty!=0){ 998 | vtable_start = vtable_start + z; 999 | break; 1000 | } 1001 | } 1002 | } 1003 | break; 1004 | } 1005 | } 1006 | } 1007 | } 1008 | //end of if(vtable_start) 1009 | printf("vtable_start: 0x%llx\n",vtable_start); 1010 | 1011 | printf("\nvtable functions:\n"); 1012 | //尝试遍历虚表 1013 | for(uint64_t cur_addr = vtable_start;;cur_addr+=0x8){ 1014 | uint64_t *check_curAddr = getMemFromAddrOfVM(bin,fileoff,VMaddr,cur_addr); 1015 | if(*check_curAddr==0){ 1016 | break; 1017 | } 1018 | if(*check_curAddr!=0xffffffffffffffff){ 1019 | char *res[2]; 1020 | char *func_n = (char*)[[exportSym objectForKey:[NSNumber numberWithUnsignedLongLong:*check_curAddr]] UTF8String]; 1021 | if(func_n){ 1022 | getName_ClassAndFunc_of_Cpp((char*)func_n,res); 1023 | printf("%s_%s\n",res[0],res[1]); 1024 | } 1025 | } 1026 | } 1027 | } 1028 | 1029 | //传入每个KEXT的二进制,返回该KEXT的CFBundleID 1030 | #pragma mark imp:传入每个KEXT的二进制,返回该KEXT的CFBundleID 1031 | char *KextGetBundleID(void *bin){ 1032 | uint64_t dataSecStart = machoGetFileAddr(bin,"__DATA","__data"); 1033 | uint64_t dataSecSize = machoGetSize(bin,"__DATA","__data"); 1034 | 1035 | //printf("\n__DATA is 0x%llx-0x%llx\n",dataSecStart,dataSecStart+dataSecSize); 1036 | 1037 | char mh_Magic[] = {'c','o','m','.'}; 1038 | uint64_t per_mh = (uint64_t)memmem(bin+dataSecStart,dataSecSize,mh_Magic,0x4); 1039 | if(per_mh){ 1040 | return (char*)per_mh; 1041 | } 1042 | return "******WRONG_KEXT_NAME******"; 1043 | } --------------------------------------------------------------------------------