├── .gitattributes ├── .gitignore ├── .gitmodules ├── CaptainHook.h ├── CaptainHook.sln ├── CaptainHook ├── CaptainHook.cpp ├── CaptainHook.h ├── CaptainHook.vcxproj ├── CaptainHook.vcxproj.filters ├── CaptainHook_for_include.h ├── Utils.h ├── VectoredHandler.cpp ├── VectoredHandler.h └── include │ ├── arm.h │ ├── arm64.h │ ├── capstone.h │ ├── mips.h │ ├── platform.h │ ├── ppc.h │ ├── sparc.h │ ├── systemz.h │ ├── x86.h │ └── xcore.h ├── LICENSE └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | *.h linguist-language=C++ 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | [Xx]64/ 19 | [Xx]86/ 20 | [Bb]uild/ 21 | bld/ 22 | [Bb]in/ 23 | [Oo]bj/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | # Uncomment if you have tasks that create the project's static files in wwwroot 28 | #wwwroot/ 29 | 30 | # MSTest test Results 31 | [Tt]est[Rr]esult*/ 32 | [Bb]uild[Ll]og.* 33 | 34 | # NUNIT 35 | *.VisualState.xml 36 | TestResult.xml 37 | 38 | # Build Results of an ATL Project 39 | [Dd]ebugPS/ 40 | [Rr]eleasePS/ 41 | dlldata.c 42 | 43 | # DNX 44 | project.lock.json 45 | artifacts/ 46 | 47 | *_i.c 48 | *_p.c 49 | *_i.h 50 | *.ilk 51 | *.meta 52 | *.obj 53 | *.pch 54 | *.pdb 55 | *.pgc 56 | *.pgd 57 | *.rsp 58 | *.sbr 59 | *.tlb 60 | *.tli 61 | *.tlh 62 | *.tmp 63 | *.tmp_proj 64 | *.log 65 | *.vspscc 66 | *.vssscc 67 | .builds 68 | *.pidb 69 | *.svclog 70 | *.scc 71 | 72 | # Chutzpah Test files 73 | _Chutzpah* 74 | 75 | # Visual C++ cache files 76 | ipch/ 77 | *.aps 78 | *.ncb 79 | *.opendb 80 | *.opensdf 81 | *.sdf 82 | *.cachefile 83 | *.VC.db 84 | 85 | # Visual Studio profiler 86 | *.psess 87 | *.vsp 88 | *.vspx 89 | *.sap 90 | 91 | # TFS 2012 Local Workspace 92 | $tf/ 93 | 94 | # Guidance Automation Toolkit 95 | *.gpState 96 | 97 | # ReSharper is a .NET coding add-in 98 | _ReSharper*/ 99 | *.[Rr]e[Ss]harper 100 | *.DotSettings.user 101 | 102 | # JustCode is a .NET coding add-in 103 | .JustCode 104 | 105 | # TeamCity is a build add-in 106 | _TeamCity* 107 | 108 | # DotCover is a Code Coverage Tool 109 | *.dotCover 110 | 111 | # NCrunch 112 | _NCrunch_* 113 | .*crunch*.local.xml 114 | nCrunchTemp_* 115 | 116 | # MightyMoose 117 | *.mm.* 118 | AutoTest.Net/ 119 | 120 | # Web workbench (sass) 121 | .sass-cache/ 122 | 123 | # Installshield output folder 124 | [Ee]xpress/ 125 | 126 | # DocProject is a documentation generator add-in 127 | DocProject/buildhelp/ 128 | DocProject/Help/*.HxT 129 | DocProject/Help/*.HxC 130 | DocProject/Help/*.hhc 131 | DocProject/Help/*.hhk 132 | DocProject/Help/*.hhp 133 | DocProject/Help/Html2 134 | DocProject/Help/html 135 | 136 | # Click-Once directory 137 | publish/ 138 | 139 | # Publish Web Output 140 | *.[Pp]ublish.xml 141 | *.azurePubxml 142 | 143 | # TODO: Un-comment the next line if you do not want to checkin 144 | # your web deploy settings because they may include unencrypted 145 | # passwords 146 | #*.pubxml 147 | *.publishproj 148 | 149 | # NuGet Packages 150 | *.nupkg 151 | # The packages folder can be ignored because of Package Restore 152 | **/packages/* 153 | # except build/, which is used as an MSBuild target. 154 | !**/packages/build/ 155 | # Uncomment if necessary however generally it will be regenerated when needed 156 | #!**/packages/repositories.config 157 | # NuGet v3's project.json files produces more ignoreable files 158 | *.nuget.props 159 | *.nuget.targets 160 | 161 | # Microsoft Azure Build Output 162 | csx/ 163 | *.build.csdef 164 | 165 | # Microsoft Azure Emulator 166 | ecf/ 167 | rcf/ 168 | 169 | # Microsoft Azure ApplicationInsights config file 170 | ApplicationInsights.config 171 | 172 | # Windows Store app package directory 173 | AppPackages/ 174 | BundleArtifacts/ 175 | 176 | # Visual Studio cache files 177 | # files ending in .cache can be ignored 178 | *.[Cc]ache 179 | # but keep track of directories ending in .cache 180 | !*.[Cc]ache/ 181 | 182 | # Others 183 | ClientBin/ 184 | [Ss]tyle[Cc]op.* 185 | ~$* 186 | *~ 187 | *.dbmdl 188 | *.dbproj.schemaview 189 | *.pfx 190 | *.publishsettings 191 | node_modules/ 192 | orleans.codegen.cs 193 | 194 | # RIA/Silverlight projects 195 | Generated_Code/ 196 | 197 | # Backup & report files from converting an old project file 198 | # to a newer Visual Studio version. Backup files are not needed, 199 | # because we have git ;-) 200 | _UpgradeReport_Files/ 201 | Backup*/ 202 | UpgradeLog*.XML 203 | UpgradeLog*.htm 204 | 205 | # SQL Server files 206 | *.mdf 207 | *.ldf 208 | 209 | # Business Intelligence projects 210 | *.rdl.data 211 | *.bim.layout 212 | *.bim_*.settings 213 | 214 | # Microsoft Fakes 215 | FakesAssemblies/ 216 | 217 | # GhostDoc plugin setting file 218 | *.GhostDoc.xml 219 | 220 | # Node.js Tools for Visual Studio 221 | .ntvs_analysis.dat 222 | 223 | # Visual Studio 6 build log 224 | *.plg 225 | 226 | # Visual Studio 6 workspace options file 227 | *.opt 228 | 229 | # Visual Studio LightSwitch build output 230 | **/*.HTMLClient/GeneratedArtifacts 231 | **/*.DesktopClient/GeneratedArtifacts 232 | **/*.DesktopClient/ModelManifest.xml 233 | **/*.Server/GeneratedArtifacts 234 | **/*.Server/ModelManifest.xml 235 | _Pvt_Extensions 236 | 237 | # LightSwitch generated files 238 | GeneratedArtifacts/ 239 | ModelManifest.xml 240 | 241 | # Paket dependency manager 242 | .paket/paket.exe 243 | 244 | # FAKE - F# Make 245 | .fake/ -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "CaptainHook/capstone"] 2 | path = CaptainHook/capstone 3 | url = https://github.com/aquynh/capstone.git 4 | -------------------------------------------------------------------------------- /CaptainHook.h: -------------------------------------------------------------------------------- 1 | #ifndef __CAPTAINHOOK_H__ 2 | #define __CAPTAINHOOK_H__ 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #pragma pack(1) 9 | class CaptainHook { 10 | 11 | private: 12 | void *pvSrc; 13 | void *pvDst; 14 | 15 | void *pVectorHandle; 16 | void *pvTargetTemplate; 17 | void *pFunctionChain; 18 | unsigned int uiFuncitonChainSize; 19 | unsigned int uiFuncitonChainCounter; 20 | unsigned int CaptainHook::GetAddressForSafeHook(unsigned int uiHookLen); 21 | unsigned int CaptainHook::GetAlignedOpcodeForHook(unsigned int uiHookLen); 22 | unsigned int CaptainHook::BuildX86Hook(unsigned int uiSizeOfStolenOpcode); 23 | unsigned int CaptainHook::BuildX64Hook(unsigned int uiSizeOfStolenOpcode); 24 | void *CaptainHook::CreateDistanceForLongJmpWithUpDirection(void *aFrom, void *aTo); 25 | unsigned int CaptainHook::bSafeInitAndVerifyUserPointer(void **ppvSrc, void *pvDst); 26 | unsigned int CaptainHook::AnalyzeStartOfCodeForSafePatch(void *pInsn, unsigned int nCount, unsigned int uiHookLen); 27 | public: 28 | CaptainHook::CaptainHook(); 29 | CaptainHook::~CaptainHook(); 30 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst); 31 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst); 32 | 33 | }; 34 | #pragma pack() 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | #endif /* __CAPTAINHOOK_H__ */ 40 | -------------------------------------------------------------------------------- /CaptainHook.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.31101.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CaptainHook", "CaptainHook\CaptainHook.vcxproj", "{E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Debug|Win32.Build.0 = Debug|Win32 18 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Debug|x64.ActiveCfg = Debug|x64 19 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Debug|x64.Build.0 = Debug|x64 20 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Release|Win32.ActiveCfg = Release|Win32 21 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Release|Win32.Build.0 = Release|Win32 22 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Release|x64.ActiveCfg = Release|x64 23 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /CaptainHook/CaptainHook.cpp: -------------------------------------------------------------------------------- 1 | #pragma optimize("", off) 2 | 3 | /* 4 | @image : CaptainHook 5 | @author : shmuelyr 6 | ***************************************************************** 7 | ******** linker command line needed the following tags ********** 8 | ****** /D "CAPSTONE_HAS_X86" /D "CAPSTONE_USE_SYS_DYN_MEM" ****** 9 | ***************************************************************** 10 | */ 11 | 12 | #include "CaptainHook.h" 13 | 14 | /* 15 | * 16 | CaptainHook constructor just init internal inf 17 | ------------------------------------------------ 18 | */ 19 | CaptainHook::CaptainHook() { 20 | 21 | this->uiInternalCounter = 0; 22 | this->pVectorHandle = AddVectoredExceptionHandler(1, (PVECTORED_EXCEPTION_HANDLER)HardwareBreakPointManager); 23 | if (!this->pVectorHandle) { 24 | 25 | // add operation 26 | } 27 | } 28 | 29 | /* 30 | * 31 | ~CaptainHook destructor remove all your hooks 32 | ------------------------------------------------ 33 | */ 34 | CaptainHook::~CaptainHook() { 35 | 36 | RemoveVectoredExceptionHandler(this->pVectorHandle); 37 | 38 | for each (HOOK_INF Function in this->FunctionList) { 39 | 40 | if ((Function.pOriginalFunction != 0) && (Function.pEmulatedFunction)) { 41 | 42 | memcpy( 43 | (void *)Function.pOriginalFunction, 44 | (void *)Function.pEmulatedFunction, 45 | Function.uiHookSize); 46 | 47 | VirtualFree( 48 | Function.pEmulatedFunction, 49 | Function.uiGlobalSize, 50 | MEM_DECOMMIT); 51 | } 52 | } 53 | this->FunctionList.~vector(); 54 | this->DisabledPGHookList.~vector(); 55 | g_VectorHandlerList.~vector(); 56 | } 57 | 58 | /* 59 | * 60 | * @param1: point to source function that will hook 61 | * @param2: point to dest finction that whill chain to source 62 | ------------------------------------------------ 63 | AddInlineHook instert inline hook without HookId 64 | */ 65 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst) { 66 | 67 | unsigned int uiId; 68 | return this->AddInlineHook(ppvSrc, pvDst, &uiId); 69 | } 70 | 71 | /* 72 | * 73 | * @param1: point to source function that will hook 74 | * @param2: point to dest finction that whill chain to source 75 | ------------------------------------------------ 76 | AddPageGuardHook set memory protection on the first line(whole page..) and build a hook without HookId 77 | */ 78 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst) { 79 | 80 | unsigned int uiHookId; 81 | return AddPageGuardHook(ppvSrc, pvDst, &uiHookId); 82 | } 83 | 84 | /* 85 | * 86 | * @param1: point to source function that will hook 87 | * @param2: point to dest finction that whill chain to source 88 | * @param3: point to HookId (unsigned int type) 89 | ------------------------------------------------ 90 | AddInlineHook instert inline hook and give you back an HookId 91 | */ 92 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId) { 93 | 94 | HOOK_INF HookInf; 95 | unsigned long ulOldProtect; 96 | unsigned int uiSizeOfStolenOpcode; 97 | 98 | if (bVerifyUserPointer(ppvSrc, pvDst)) return CH_USER_POINTER_ERR; 99 | 100 | uiSizeOfStolenOpcode = CalcAlignedSizeForHook(*ppvSrc, JMP_HOOKTYPE_LEN); 101 | 102 | if (uiSizeOfStolenOpcode == ERR_CANNOT_RESOLVE_ASM) { 103 | 104 | return CH_CAPSTONE_ASM_ERR; 105 | } 106 | else if (uiSizeOfStolenOpcode == 0) { 107 | 108 | return 0; 109 | } 110 | 111 | HookInf.uiId = this->uiInternalCounter; 112 | HookInf.uiHookSize = uiSizeOfStolenOpcode; 113 | HookInf.pDestFunction = (unsigned char *)pvDst; 114 | HookInf.pOriginalFunction = (unsigned char *)*ppvSrc; 115 | HookInf.uiGlobalSize = uiSizeOfStolenOpcode + JMP_TRAMPOLINE_LEN; 116 | HookInf.pEmulatedFunction = (unsigned char *)VirtualAlloc(NULL, HookInf.uiGlobalSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); 117 | 118 | if (VirtualProtect(*ppvSrc, uiSizeOfStolenOpcode, PAGE_EXECUTE_READWRITE, &ulOldProtect) == 0) { 119 | 120 | VirtualFree(HookInf.pEmulatedFunction, HookInf.uiGlobalSize, MEM_DECOMMIT); 121 | return CH_VIRTUALPROTECT_ERR; 122 | } 123 | if (HookInf.pEmulatedFunction == 0) return CH_ALLOC_ERR; 124 | memcpy(HookInf.pEmulatedFunction, *ppvSrc, uiSizeOfStolenOpcode); 125 | 126 | *puiHookId = HookInf.uiId; 127 | this->uiInternalCounter++; 128 | this->FunctionList.push_back(HookInf); 129 | 130 | #if defined(_M_X64) || defined(__amd64__) 131 | 132 | BuildX64Hook(&HookInf); 133 | #elif _WIN32 134 | 135 | BuildX86Hook(&HookInf); 136 | #endif 137 | 138 | 139 | // redirect template function to emulated code. 140 | *(addr *)ppvSrc = (addr)HookInf.pEmulatedFunction; 141 | if (FlushInstructionCache(GetCurrentProcess(), *ppvSrc, uiSizeOfStolenOpcode)) return CH_SUCCESS; 142 | else return GetLastError(); 143 | } 144 | 145 | /* 146 | * 147 | * @param1: point to source function that will hook 148 | * @param2: point to dest finction that whill chain to source 149 | ------------------------------------------------ 150 | AddPageGuardHook set memory protection on the first line(whole page..) build a hook and give you back an HookId 151 | */ 152 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId) { 153 | 154 | unsigned long ulOldProtect; 155 | VECTOREXCPTION_RESOLVED HookInf; 156 | 157 | if (bVerifyUserPointer(ppvSrc, pvDst)) return CH_USER_POINTER_ERR; 158 | if (this->pVectorHandle == NULL) return CH_VECTOR_HANDLE_ERR; 159 | 160 | HookInf.uiHookId = this->uiInternalCounter; 161 | HookInf.pfnOriginalFunction = (addr)*ppvSrc; 162 | HookInf.pfnHookedFunction = (addr)pvDst; 163 | 164 | g_VectorHandlerList.push_back(HookInf); 165 | 166 | if (!VirtualProtect(*ppvSrc, 4, PAGE_GUARD | PAGE_EXECUTE_READWRITE, &ulOldProtect)) { 167 | 168 | g_VectorHandlerList.pop_back(); 169 | return CH_VPROTECT_ERR; 170 | } 171 | this->uiInternalCounter++; 172 | return CH_SUCCESS; 173 | } 174 | 175 | /* 176 | 177 | */ 178 | unsigned int CaptainHook::DisableHook(unsigned int uiHookId) { 179 | 180 | for each(HOOK_INF Function in this->FunctionList) { 181 | 182 | if (Function.uiId == uiHookId) { 183 | 184 | memcpy( 185 | (void *)Function.pOriginalFunction, 186 | (void *)Function.pEmulatedFunction, 187 | Function.uiHookSize); 188 | 189 | return 0; 190 | } 191 | } 192 | 193 | for ( 194 | unsigned int uiIndex = 0; uiIndex < g_VectorHandlerList.size(); uiIndex++) { 195 | 196 | if (g_VectorHandlerList[uiIndex].uiHookId == uiHookId) { 197 | 198 | this->DisabledPGHookList.push_back(g_VectorHandlerList[uiIndex]); 199 | g_VectorHandlerList.erase(g_VectorHandlerList.begin() + uiIndex); 200 | } 201 | } 202 | } 203 | 204 | /* 205 | 206 | */ 207 | unsigned int CaptainHook::EnableHook(unsigned int uiHookId) { 208 | 209 | for each(HOOK_INF Function in this->FunctionList) { 210 | 211 | if (Function.uiId == uiHookId) { 212 | 213 | memcpy( 214 | (void *)Function.pEmulatedFunction, 215 | (void *)Function.pOriginalFunction, 216 | Function.uiHookSize); 217 | 218 | return 0; 219 | } 220 | } 221 | 222 | for ( 223 | unsigned int uiIndex = 0; uiIndex < this->DisabledPGHookList.size(); uiIndex++) { 224 | 225 | if (this->DisabledPGHookList[uiIndex].uiHookId == uiHookId) { 226 | 227 | g_VectorHandlerList.push_back(this->DisabledPGHookList[uiIndex]); 228 | this->DisabledPGHookList.erase(this->DisabledPGHookList.begin() + uiIndex); 229 | } 230 | } 231 | } 232 | 233 | /* 234 | * 235 | * @param1: point to source function that will hook 236 | * @param2: point to dest finction that whill chain to source 237 | ------------------------------------------------ 238 | this function just verify if userpointer is valid or not 239 | */ 240 | unsigned int CaptainHook::bVerifyUserPointer(void **ppvSrc, void *pvDst) { 241 | 242 | unsigned char ucTester; 243 | __try { 244 | 245 | ucTester = *(unsigned char *)ppvSrc; 246 | ucTester = *(unsigned char *)pvDst; 247 | } 248 | __except (TRUE) { 249 | 250 | return CH_USER_POINTER_ERR; 251 | } 252 | return CH_SUCCESS; 253 | } 254 | 255 | /* 256 | * 257 | * @param1: point to source function that will hook 258 | * @param2: hook type 259 | ------------------------------------------------ 260 | CalcAlignedSizeForHook return how many opcode should steal 261 | */ 262 | unsigned int CaptainHook::CalcAlignedSizeForHook(void *pvSrc, unsigned int uiHookLen) { 263 | 264 | csh cshHandle; 265 | cs_insn *pInsn; 266 | unsigned int uiCount; 267 | unsigned int uiByteCounter; 268 | 269 | uiByteCounter = 0; 270 | if (cs_open(CS_ARCH_X86, ARCH_MODE, &cshHandle) != CS_ERR_OK) { 271 | 272 | return ERR_CANNOT_RESOLVE_ASM; 273 | } 274 | uiCount = (unsigned int)cs_disasm(cshHandle, (unsigned char *)pvSrc, 0x50, 0x100, 0, &pInsn); 275 | if (uiCount > 0) { 276 | 277 | unsigned char *pucBytes = pInsn->bytes; 278 | for (unsigned int uiIndex = 0; uiIndex < uiCount; uiIndex++) { 279 | 280 | if (pucBytes[uiIndex] == 0xeb) { // jmp 281 | 282 | /* right now this flow isnt handled */ 283 | cs_free(pInsn, uiCount); 284 | cs_close(&cshHandle); 285 | return 0; 286 | } 287 | else if ((pucBytes[uiIndex] >= 0x70) && (pucBytes[uiIndex] <= 0x7f)) { // !jz/nz/g/ng etc. 288 | 289 | /* right now this flow isnt handled */ 290 | cs_free(pInsn, uiCount); 291 | cs_close(&cshHandle); 292 | return 0; 293 | } 294 | else { 295 | 296 | uiByteCounter += pInsn[uiIndex].size; 297 | if (uiByteCounter >= uiHookLen) { 298 | 299 | cs_free(pInsn, uiCount); 300 | cs_close(&cshHandle); 301 | return uiByteCounter; 302 | } 303 | } 304 | } 305 | } 306 | else { 307 | 308 | cs_close(&cshHandle); 309 | return ERR_CANNOT_RESOLVE_ASM; 310 | } 311 | } 312 | 313 | /* 314 | * 315 | * @param1: point to HOOK_INF strunt contains information about your hook 316 | ------------------------------------------------ 317 | BuildX86Hook just build x86 inline hook 318 | */ 319 | unsigned int CaptainHook::BuildX86Hook(HOOK_INF *pFunction) { 320 | 321 | // build trampoline from hookchain to real code. 322 | *((unsigned char *)pFunction->pEmulatedFunction + pFunction->uiHookSize) = LONG_JMP; 323 | *((unsigned int *)((unsigned char *)pFunction->pEmulatedFunction + pFunction->uiHookSize + 1)) = (unsigned int)pFunction->pOriginalFunction - (unsigned int)pFunction->pEmulatedFunction - 5; 324 | 325 | // build trampoline from real code to hook function. 326 | *(unsigned char *)pFunction->pOriginalFunction = LONG_JMP; 327 | *((unsigned int *)((unsigned char *)pFunction->pOriginalFunction + 1)) = (unsigned int)pFunction->pDestFunction - (unsigned int)pFunction->pOriginalFunction - 5; 328 | 329 | 330 | return CH_SUCCESS; 331 | } 332 | 333 | /* 334 | * 335 | * @param1: point to HOOK_INF strunt contains information about your hook 336 | ------------------------------------------------ 337 | BuildX86Hook just build x64 inline hook 338 | */ 339 | unsigned int CaptainHook::BuildX64Hook(HOOK_INF *pFunction) { 340 | 341 | /* 342 | * hook type for x64: 343 | * push 0 344 | * mov dword ptr ds:[rsp], (pvDst 0xffffffff) 345 | * mov dword ptr ds:[rsp + 4], (pvDst >> 0x20) 346 | * ret 347 | */ 348 | 349 | // build trampoline from hookchain to real code. 350 | *(unsigned short *)(pFunction->pEmulatedFunction + pFunction->uiHookSize) = PUSH_0; 351 | *(unsigned short *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 2) = MOV_RSP & 0xffff; 352 | *(unsigned char *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 4) = MOV_RSP >> 0x10; 353 | *(unsigned int *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 5) = (unsigned int)(((unsigned long long)pFunction->pOriginalFunction + pFunction->uiHookSize) & 0xffffffff); 354 | *(unsigned int *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 9) = MOV_RSP4; 355 | *(unsigned int *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 13) = (unsigned int)(((unsigned long long)pFunction->pOriginalFunction + pFunction->uiHookSize) >> 0x20); 356 | *(unsigned char *)(pFunction->pEmulatedFunction + pFunction->uiHookSize + 17) = RET; 357 | 358 | // build trampoline from real code to hook function. 359 | *(unsigned short *)((unsigned char *)pFunction->pOriginalFunction) = PUSH_0; 360 | *(unsigned short *)((unsigned char *)pFunction->pOriginalFunction + 2) = MOV_RSP & 0xffff; 361 | *((unsigned char *)pFunction->pOriginalFunction + 4) = MOV_RSP >> 0x10; 362 | *(unsigned int *)((unsigned char *)pFunction->pOriginalFunction + 5) = (unsigned int)(((unsigned long long)(unsigned char *)pFunction->pDestFunction) & 0xffffffff); 363 | *(unsigned int *)((unsigned char *)pFunction->pOriginalFunction + 9) = MOV_RSP4; 364 | *(unsigned int *)((unsigned char *)pFunction->pOriginalFunction + 13) = (unsigned int)(((unsigned long long)(unsigned char *)pFunction->pDestFunction) >> 0x20); 365 | *(unsigned char *)((unsigned char *)pFunction->pOriginalFunction + 17) = RET; 366 | 367 | return CH_SUCCESS; 368 | } 369 | -------------------------------------------------------------------------------- /CaptainHook/CaptainHook.h: -------------------------------------------------------------------------------- 1 | #ifndef __CAPTAINHOOK_H__ 2 | #define __CAPTAINHOOK_H__ 3 | 4 | #include "Utils.h" 5 | #include "VectoredHandler.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | typedef enum CH_ERROR { 12 | 13 | CH_SUCCESS, 14 | CH_USER_POINTER_ERR, 15 | CH_VECTOR_HANDLE_ERR, 16 | Ch_MAX_GUARDPAGE_ERR, 17 | CH_VPROTECT_ERR, 18 | CH_CAPSTONE_ASM_ERR, 19 | CH_ALLOC_ERR, 20 | CH_VIRTUALPROTECT_ERR, 21 | }; 22 | typedef struct _HOOK_INF { 23 | 24 | unsigned char *pOriginalFunction; 25 | unsigned char *pEmulatedFunction; 26 | unsigned char *pDestFunction; 27 | unsigned int uiHookSize; 28 | unsigned int uiId; 29 | unsigned int uiGlobalSize; 30 | } HOOK_INF, *PHOOK_INF; 31 | 32 | #pragma pack(1) 33 | class CaptainHook { 34 | 35 | private: 36 | 37 | void *pVectorHandle; 38 | unsigned int uiInternalCounter; 39 | std::vector FunctionList; 40 | std::vector DisabledPGHookList; 41 | unsigned int CaptainHook::BuildX86Hook(HOOK_INF *pFunction); 42 | unsigned int CaptainHook::BuildX64Hook(HOOK_INF *pFunction); 43 | unsigned int CaptainHook::bVerifyUserPointer(void **ppvSrc, void *pvDst); 44 | unsigned int CaptainHook::CalcAlignedSizeForHook(void *pvSrc, unsigned int uiHookLen); 45 | 46 | public: 47 | CaptainHook::CaptainHook(); 48 | CaptainHook::~CaptainHook(); 49 | unsigned int CaptainHook::DisableHook(unsigned int uiHookId); 50 | unsigned int CaptainHook::EnableHook(unsigned int uiHookId); 51 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst); 52 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst); 53 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId); 54 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId); 55 | 56 | }; 57 | #pragma pack() 58 | 59 | #ifdef __cplusplus 60 | } 61 | #endif 62 | #endif /* __CAPTAINHOOK_H__ */ 63 | -------------------------------------------------------------------------------- /CaptainHook/CaptainHook.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {E95A7AC3-1B52-4E37-8C6F-D23CE3B840E0} 23 | Win32Proj 24 | CaptainHook 25 | 26 | 27 | 28 | StaticLibrary 29 | true 30 | v120 31 | Unicode 32 | 33 | 34 | StaticLibrary 35 | true 36 | v120 37 | Unicode 38 | 39 | 40 | StaticLibrary 41 | false 42 | v120 43 | true 44 | Unicode 45 | 46 | 47 | StaticLibrary 48 | false 49 | v120 50 | true 51 | Unicode 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | Level3 75 | Disabled 76 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) 77 | capstone\include;%(AdditionalIncludeDirectories) 78 | 79 | 80 | Windows 81 | true 82 | 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) 91 | capstone\include;%(AdditionalIncludeDirectories) 92 | 93 | 94 | Windows 95 | true 96 | 97 | 98 | 99 | 100 | Level3 101 | 102 | 103 | MaxSpeed 104 | true 105 | true 106 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) 107 | capstone\include;%(AdditionalIncludeDirectories) 108 | /D "CAPSTONE_HAS_X86" /D "CAPSTONE_USE_SYS_DYN_MEM" %(AdditionalOptions) 109 | 110 | 111 | Windows 112 | true 113 | true 114 | true 115 | 116 | 117 | 118 | 119 | Level3 120 | 121 | 122 | MaxSpeed 123 | true 124 | true 125 | WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) 126 | capstone\include;%(AdditionalIncludeDirectories) 127 | /D "CAPSTONE_HAS_X86" /D "CAPSTONE_USE_SYS_DYN_MEM" %(AdditionalOptions) 128 | 129 | 130 | Windows 131 | true 132 | true 133 | true 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | -------------------------------------------------------------------------------- /CaptainHook/CaptainHook.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {eb030151-d6f8-4d4d-ad6e-512b3397a015} 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files\capstone 37 | 38 | 39 | Source Files\capstone 40 | 41 | 42 | Source Files\capstone 43 | 44 | 45 | Source Files\capstone 46 | 47 | 48 | Source Files\capstone 49 | 50 | 51 | Source Files\capstone 52 | 53 | 54 | Source Files\capstone 55 | 56 | 57 | Source Files\capstone 58 | 59 | 60 | Source Files\capstone 61 | 62 | 63 | Source Files\capstone 64 | 65 | 66 | Source Files\capstone 67 | 68 | 69 | Source Files\capstone 70 | 71 | 72 | Source Files\capstone 73 | 74 | 75 | Source Files\capstone 76 | 77 | 78 | Source Files\capstone 79 | 80 | 81 | Source Files\capstone 82 | 83 | 84 | Source Files\capstone 85 | 86 | 87 | Source Files\capstone 88 | 89 | 90 | Source Files\capstone 91 | 92 | 93 | Source Files\capstone 94 | 95 | 96 | Source Files\capstone 97 | 98 | 99 | Source Files\capstone 100 | 101 | 102 | Source Files\capstone 103 | 104 | 105 | Source Files\capstone 106 | 107 | 108 | Source Files\capstone 109 | 110 | 111 | Source Files\capstone 112 | 113 | 114 | Source Files\capstone 115 | 116 | 117 | Source Files\capstone 118 | 119 | 120 | Source Files\capstone 121 | 122 | 123 | Source Files\capstone 124 | 125 | 126 | Source Files\capstone 127 | 128 | 129 | Source Files\capstone 130 | 131 | 132 | Source Files\capstone 133 | 134 | 135 | Source Files\capstone 136 | 137 | 138 | Source Files\capstone 139 | 140 | 141 | Source Files\capstone 142 | 143 | 144 | Source Files\capstone 145 | 146 | 147 | Source Files\capstone 148 | 149 | 150 | Source Files\capstone 151 | 152 | 153 | Source Files\capstone 154 | 155 | 156 | Source Files\capstone 157 | 158 | 159 | Source Files\capstone 160 | 161 | 162 | Source Files 163 | 164 | 165 | -------------------------------------------------------------------------------- /CaptainHook/CaptainHook_for_include.h: -------------------------------------------------------------------------------- 1 | #ifndef __CAPTAINHOOK_H__ 2 | #define __CAPTAINHOOK_H__ 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | typedef enum CH_ERROR { 9 | 10 | CH_SUCCESS, 11 | CH_USER_POINTER_ERR, 12 | CH_VECTOR_HANDLE_ERR, 13 | Ch_MAX_GUARDPAGE_ERR, 14 | CH_VPROTECT_ERR, 15 | CH_CAPSTONE_ASM_ERR, 16 | CH_ALLOC_ERR, 17 | CH_VIRTUALPROTECT_ERR, 18 | }; 19 | typedef struct _HOOK_INF { 20 | 21 | unsigned char *pOriginalFunction; 22 | unsigned char *pEmulatedFunction; 23 | unsigned char *pDestFunction; 24 | unsigned int uiHookSize; 25 | unsigned int uiId; 26 | unsigned int uiGlobalSize; 27 | } HOOK_INF, *PHOOK_INF; 28 | 29 | #pragma pack(1) 30 | class CaptainHook { 31 | 32 | private: 33 | 34 | void *pVectorHandle; 35 | unsigned int uiInternalCounter; 36 | std::vector FunctionList; 37 | std::vector DisabledPGHookList; 38 | unsigned int CaptainHook::BuildX86Hook(HOOK_INF *pFunction); 39 | unsigned int CaptainHook::BuildX64Hook(HOOK_INF *pFunction); 40 | unsigned int CaptainHook::bVerifyUserPointer(void **ppvSrc, void *pvDst); 41 | unsigned int CaptainHook::CalcAlignedSizeForHook(void *pvSrc, unsigned int uiHookLen); 42 | 43 | public: 44 | CaptainHook::CaptainHook(); 45 | CaptainHook::~CaptainHook(); 46 | unsigned int CaptainHook::DisableHook(unsigned int uiHookId); 47 | unsigned int CaptainHook::EnableHook(unsigned int uiHookId); 48 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst); 49 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst); 50 | unsigned int CaptainHook::AddInlineHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId); 51 | unsigned int CaptainHook::AddPageGuardHook(void **ppvSrc, void *pvDst, unsigned int *puiHookId); 52 | 53 | }; 54 | #pragma pack() 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | #endif /* __CAPTAINHOOK_H__ */ 60 | -------------------------------------------------------------------------------- /CaptainHook/Utils.h: -------------------------------------------------------------------------------- 1 | #ifndef __UTILS_H__ 2 | #define __UTILS_H__ 3 | 4 | #include 5 | #include 6 | #include "capstone\include\capstone.h" 7 | 8 | #define LONG_JMP 0xe9 9 | #define PUSH_0 0x006a 10 | #define MOV_RSP 0x2404c7 11 | #define MOV_RSP4 0x042444c7 12 | #define RET 0xc3 13 | 14 | #define LEN_JMPABS 5 15 | #define LEN_PUSH_RAX 1 16 | #define LEN_MOVABS 10 17 | #define LEN_JMP_RAX 2 18 | 19 | #define ERR_SUCCESS 0 20 | #define ERR_ERROR 1 21 | #define ERR_CANNOT_RESOLVE_ASM 0xffffffff 22 | #define HOOK_TYPE_NOT_SUPPORTED -2 23 | 24 | #ifdef __cplusplus 25 | extern "C" { 26 | #endif 27 | 28 | #if defined(_M_X64) || defined(__amd64__) 29 | 30 | typedef unsigned long long addr; 31 | #define ARCH_MODE CS_MODE_64 32 | #elif _WIN32 33 | 34 | typedef unsigned long addr; 35 | #define ARCH_MODE CS_MODE_32 36 | #endif 37 | 38 | enum HookLen{ 39 | #if defined(_M_X64) || defined(__amd64__) 40 | 41 | JMP_HOOKTYPE_LEN = 18, 42 | #elif _WIN32 43 | 44 | JMP_HOOKTYPE_LEN = LEN_JMPABS, 45 | JMP_TRAMPOLINE_LEN = LEN_JMPABS, 46 | #endif 47 | PG_HOOKTYPE_LEN = 1 48 | }; /* HookLen */ 49 | 50 | enum HookType { 51 | 52 | JMP_TYPE = 0, 53 | }; 54 | 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif /*__UTILS_H__*/ 61 | -------------------------------------------------------------------------------- /CaptainHook/VectoredHandler.cpp: -------------------------------------------------------------------------------- 1 | #include "VectoredHandler.h" 2 | 3 | /*Init Global data*/ 4 | std::vector g_VectorHandlerList; 5 | 6 | long HardwareBreakPointManager(PEXCEPTION_POINTERS pExceptionInfo) { 7 | 8 | if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION) { 9 | 10 | #if defined(_M_X64) || defined(__amd64__) 11 | 12 | addr aCurrentLocation = pExceptionInfo->ContextRecord->Rip 13 | #elif _WIN32 14 | 15 | addr aCurrentLocation = pExceptionInfo->ContextRecord->Eip; 16 | #endif 17 | for each(VECTOREXCPTION_RESOLVED Function in g_VectorHandlerList) { 18 | 19 | if (((addr)(Function.pfnOriginalFunction) == aCurrentLocation) && Function.pfnHookedFunction) { 20 | 21 | #if defined(_M_X64) || defined(__amd64__) 22 | 23 | pExceptionInfo->ContextRecord->Rip = Function.pfnHookedFunction; 24 | #elif _WIN32 25 | 26 | pExceptionInfo->ContextRecord->Eip = Function.pfnHookedFunction; 27 | #endif 28 | break; 29 | } 30 | } 31 | pExceptionInfo->ContextRecord->EFlags |= 0x100; // set trap flag 32 | return EXCEPTION_CONTINUE_EXECUTION; 33 | } 34 | else if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP) { 35 | 36 | unsigned long ulOldProtect; 37 | 38 | for each(VECTOREXCPTION_RESOLVED Function in g_VectorHandlerList) { 39 | 40 | if (Function.pfnOriginalFunction) { 41 | 42 | VirtualProtect((void *)Function.pfnOriginalFunction, 4, PAGE_GUARD | PAGE_EXECUTE_READWRITE, &ulOldProtect); 43 | } 44 | } 45 | return EXCEPTION_CONTINUE_EXECUTION; 46 | } 47 | else return EXCEPTION_CONTINUE_SEARCH; 48 | } 49 | 50 | -------------------------------------------------------------------------------- /CaptainHook/VectoredHandler.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef __VECTOREDHANDLER_H__ 3 | #define __VECTOREDHANDLER_H__ 4 | 5 | #include 6 | #include "Utils.h" 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | typedef struct _VECTOREXCPTION_RESOLVED { 13 | 14 | unsigned int uiHookId; 15 | addr pfnOriginalFunction; 16 | addr pfnHookedFunction; 17 | 18 | } VECTOREXCPTION_RESOLVED, *PVECTOREXCPTION_RESOLVED; 19 | 20 | extern std::vector g_VectorHandlerList; 21 | 22 | long HardwareBreakPointManager(PEXCEPTION_POINTERS pExceptionInfo); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | 28 | #endif /* __VECTOREDHANDLER_H__ */ 29 | -------------------------------------------------------------------------------- /CaptainHook/include/arm.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM_H 2 | #define CAPSTONE_ARM_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM shift type 19 | typedef enum arm_shifter { 20 | ARM_SFT_INVALID = 0, 21 | ARM_SFT_ASR, // shift with immediate const 22 | ARM_SFT_LSL, // shift with immediate const 23 | ARM_SFT_LSR, // shift with immediate const 24 | ARM_SFT_ROR, // shift with immediate const 25 | ARM_SFT_RRX, // shift with immediate const 26 | ARM_SFT_ASR_REG, // shift with register 27 | ARM_SFT_LSL_REG, // shift with register 28 | ARM_SFT_LSR_REG, // shift with register 29 | ARM_SFT_ROR_REG, // shift with register 30 | ARM_SFT_RRX_REG, // shift with register 31 | } arm_shifter; 32 | 33 | //> ARM condition code 34 | typedef enum arm_cc { 35 | ARM_CC_INVALID = 0, 36 | ARM_CC_EQ, // Equal Equal 37 | ARM_CC_NE, // Not equal Not equal, or unordered 38 | ARM_CC_HS, // Carry set >, ==, or unordered 39 | ARM_CC_LO, // Carry clear Less than 40 | ARM_CC_MI, // Minus, negative Less than 41 | ARM_CC_PL, // Plus, positive or zero >, ==, or unordered 42 | ARM_CC_VS, // Overflow Unordered 43 | ARM_CC_VC, // No overflow Not unordered 44 | ARM_CC_HI, // Unsigned higher Greater than, or unordered 45 | ARM_CC_LS, // Unsigned lower or same Less than or equal 46 | ARM_CC_GE, // Greater than or equal Greater than or equal 47 | ARM_CC_LT, // Less than Less than, or unordered 48 | ARM_CC_GT, // Greater than Greater than 49 | ARM_CC_LE, // Less than or equal <, ==, or unordered 50 | ARM_CC_AL // Always (unconditional) Always (unconditional) 51 | } arm_cc; 52 | 53 | typedef enum arm_sysreg { 54 | //> Special registers for MSR 55 | ARM_SYSREG_INVALID = 0, 56 | 57 | // SPSR* registers can be OR combined 58 | ARM_SYSREG_SPSR_C = 1, 59 | ARM_SYSREG_SPSR_X = 2, 60 | ARM_SYSREG_SPSR_S = 4, 61 | ARM_SYSREG_SPSR_F = 8, 62 | 63 | // CPSR* registers can be OR combined 64 | ARM_SYSREG_CPSR_C = 16, 65 | ARM_SYSREG_CPSR_X = 32, 66 | ARM_SYSREG_CPSR_S = 64, 67 | ARM_SYSREG_CPSR_F = 128, 68 | 69 | // independent registers 70 | ARM_SYSREG_APSR = 256, 71 | ARM_SYSREG_APSR_G, 72 | ARM_SYSREG_APSR_NZCVQ, 73 | ARM_SYSREG_APSR_NZCVQG, 74 | 75 | ARM_SYSREG_IAPSR, 76 | ARM_SYSREG_IAPSR_G, 77 | ARM_SYSREG_IAPSR_NZCVQG, 78 | 79 | ARM_SYSREG_EAPSR, 80 | ARM_SYSREG_EAPSR_G, 81 | ARM_SYSREG_EAPSR_NZCVQG, 82 | 83 | ARM_SYSREG_XPSR, 84 | ARM_SYSREG_XPSR_G, 85 | ARM_SYSREG_XPSR_NZCVQG, 86 | 87 | ARM_SYSREG_IPSR, 88 | ARM_SYSREG_EPSR, 89 | ARM_SYSREG_IEPSR, 90 | 91 | ARM_SYSREG_MSP, 92 | ARM_SYSREG_PSP, 93 | ARM_SYSREG_PRIMASK, 94 | ARM_SYSREG_BASEPRI, 95 | ARM_SYSREG_BASEPRI_MAX, 96 | ARM_SYSREG_FAULTMASK, 97 | ARM_SYSREG_CONTROL, 98 | } arm_sysreg; 99 | 100 | //> The memory barrier constants map directly to the 4-bit encoding of 101 | //> the option field for Memory Barrier operations. 102 | typedef enum arm_mem_barrier { 103 | ARM_MB_INVALID = 0, 104 | ARM_MB_RESERVED_0, 105 | ARM_MB_OSHLD, 106 | ARM_MB_OSHST, 107 | ARM_MB_OSH, 108 | ARM_MB_RESERVED_4, 109 | ARM_MB_NSHLD, 110 | ARM_MB_NSHST, 111 | ARM_MB_NSH, 112 | ARM_MB_RESERVED_8, 113 | ARM_MB_ISHLD, 114 | ARM_MB_ISHST, 115 | ARM_MB_ISH, 116 | ARM_MB_RESERVED_12, 117 | ARM_MB_LD, 118 | ARM_MB_ST, 119 | ARM_MB_SY, 120 | } arm_mem_barrier; 121 | 122 | //> Operand type for instruction's operands 123 | typedef enum arm_op_type { 124 | ARM_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 125 | ARM_OP_REG, // = CS_OP_REG (Register operand). 126 | ARM_OP_IMM, // = CS_OP_IMM (Immediate operand). 127 | ARM_OP_MEM, // = CS_OP_MEM (Memory operand). 128 | ARM_OP_FP, // = CS_OP_FP (Floating-Point operand). 129 | ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers) 130 | ARM_OP_PIMM, // P-Immediate (coprocessor registers) 131 | ARM_OP_SETEND, // operand for SETEND instruction 132 | ARM_OP_SYSREG, // MSR/MSR special register operand 133 | } arm_op_type; 134 | 135 | //> Operand type for SETEND instruction 136 | typedef enum arm_setend_type { 137 | ARM_SETEND_INVALID = 0, // Uninitialized. 138 | ARM_SETEND_BE, // BE operand. 139 | ARM_SETEND_LE, // LE operand 140 | } arm_setend_type; 141 | 142 | typedef enum arm_cpsmode_type { 143 | ARM_CPSMODE_INVALID = 0, 144 | ARM_CPSMODE_IE = 2, 145 | ARM_CPSMODE_ID = 3 146 | } arm_cpsmode_type; 147 | 148 | //> Operand type for SETEND instruction 149 | typedef enum arm_cpsflag_type { 150 | ARM_CPSFLAG_INVALID = 0, 151 | ARM_CPSFLAG_F = 1, 152 | ARM_CPSFLAG_I = 2, 153 | ARM_CPSFLAG_A = 4, 154 | ARM_CPSFLAG_NONE = 16, // no flag 155 | } arm_cpsflag_type; 156 | 157 | //> Data type for elements of vector instructions. 158 | typedef enum arm_vectordata_type { 159 | ARM_VECTORDATA_INVALID = 0, 160 | 161 | // Integer type 162 | ARM_VECTORDATA_I8, 163 | ARM_VECTORDATA_I16, 164 | ARM_VECTORDATA_I32, 165 | ARM_VECTORDATA_I64, 166 | 167 | // Signed integer type 168 | ARM_VECTORDATA_S8, 169 | ARM_VECTORDATA_S16, 170 | ARM_VECTORDATA_S32, 171 | ARM_VECTORDATA_S64, 172 | 173 | // Unsigned integer type 174 | ARM_VECTORDATA_U8, 175 | ARM_VECTORDATA_U16, 176 | ARM_VECTORDATA_U32, 177 | ARM_VECTORDATA_U64, 178 | 179 | // Data type for VMUL/VMULL 180 | ARM_VECTORDATA_P8, 181 | 182 | // Floating type 183 | ARM_VECTORDATA_F32, 184 | ARM_VECTORDATA_F64, 185 | 186 | // Convert float <-> float 187 | ARM_VECTORDATA_F16F64, // f16.f64 188 | ARM_VECTORDATA_F64F16, // f64.f16 189 | ARM_VECTORDATA_F32F16, // f32.f16 190 | ARM_VECTORDATA_F16F32, // f32.f16 191 | ARM_VECTORDATA_F64F32, // f64.f32 192 | ARM_VECTORDATA_F32F64, // f32.f64 193 | 194 | // Convert integer <-> float 195 | ARM_VECTORDATA_S32F32, // s32.f32 196 | ARM_VECTORDATA_U32F32, // u32.f32 197 | ARM_VECTORDATA_F32S32, // f32.s32 198 | ARM_VECTORDATA_F32U32, // f32.u32 199 | ARM_VECTORDATA_F64S16, // f64.s16 200 | ARM_VECTORDATA_F32S16, // f32.s16 201 | ARM_VECTORDATA_F64S32, // f64.s32 202 | ARM_VECTORDATA_S16F64, // s16.f64 203 | ARM_VECTORDATA_S16F32, // s16.f64 204 | ARM_VECTORDATA_S32F64, // s32.f64 205 | ARM_VECTORDATA_U16F64, // u16.f64 206 | ARM_VECTORDATA_U16F32, // u16.f32 207 | ARM_VECTORDATA_U32F64, // u32.f64 208 | ARM_VECTORDATA_F64U16, // f64.u16 209 | ARM_VECTORDATA_F32U16, // f32.u16 210 | ARM_VECTORDATA_F64U32, // f64.u32 211 | } arm_vectordata_type; 212 | 213 | // Instruction's operand referring to memory 214 | // This is associated with ARM_OP_MEM operand type above 215 | typedef struct arm_op_mem { 216 | unsigned int base; // base register 217 | unsigned int index; // index register 218 | int scale; // scale for index register (can be 1, or -1) 219 | int disp; // displacement/offset value 220 | } arm_op_mem; 221 | 222 | // Instruction operand 223 | typedef struct cs_arm_op { 224 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 225 | struct { 226 | arm_shifter type; 227 | unsigned int value; 228 | } shift; 229 | arm_op_type type; // operand type 230 | union { 231 | unsigned int reg; // register value for REG/SYSREG operand 232 | int32_t imm; // immediate value for C-IMM, P-IMM or IMM operand 233 | double fp; // floating point value for FP operand 234 | arm_op_mem mem; // base/index/scale/disp value for MEM operand 235 | arm_setend_type setend; // SETEND instruction's operand type 236 | }; 237 | // in some instructions, an operand can be subtracted or added to 238 | // the base register, 239 | bool subtracted; // if TRUE, this operand is subtracted. otherwise, it is added. 240 | } cs_arm_op; 241 | 242 | // Instruction structure 243 | typedef struct cs_arm { 244 | bool usermode; // User-mode registers to be loaded (for LDM/STM instructions) 245 | int vector_size; // Scalar size for vector instructions 246 | arm_vectordata_type vector_data; // Data type for elements of vector instructions 247 | arm_cpsmode_type cps_mode; // CPS mode for CPS instruction 248 | arm_cpsflag_type cps_flag; // CPS mode for CPS instruction 249 | arm_cc cc; // conditional code for this insn 250 | bool update_flags; // does this insn update flags? 251 | bool writeback; // does this insn write-back? 252 | arm_mem_barrier mem_barrier; // Option for some memory barrier instructions 253 | 254 | // Number of operands of this instruction, 255 | // or 0 when instruction has no operand. 256 | uint8_t op_count; 257 | 258 | cs_arm_op operands[36]; // operands for this instruction. 259 | } cs_arm; 260 | 261 | //> ARM registers 262 | typedef enum arm_reg { 263 | ARM_REG_INVALID = 0, 264 | ARM_REG_APSR, 265 | ARM_REG_APSR_NZCV, 266 | ARM_REG_CPSR, 267 | ARM_REG_FPEXC, 268 | ARM_REG_FPINST, 269 | ARM_REG_FPSCR, 270 | ARM_REG_FPSCR_NZCV, 271 | ARM_REG_FPSID, 272 | ARM_REG_ITSTATE, 273 | ARM_REG_LR, 274 | ARM_REG_PC, 275 | ARM_REG_SP, 276 | ARM_REG_SPSR, 277 | ARM_REG_D0, 278 | ARM_REG_D1, 279 | ARM_REG_D2, 280 | ARM_REG_D3, 281 | ARM_REG_D4, 282 | ARM_REG_D5, 283 | ARM_REG_D6, 284 | ARM_REG_D7, 285 | ARM_REG_D8, 286 | ARM_REG_D9, 287 | ARM_REG_D10, 288 | ARM_REG_D11, 289 | ARM_REG_D12, 290 | ARM_REG_D13, 291 | ARM_REG_D14, 292 | ARM_REG_D15, 293 | ARM_REG_D16, 294 | ARM_REG_D17, 295 | ARM_REG_D18, 296 | ARM_REG_D19, 297 | ARM_REG_D20, 298 | ARM_REG_D21, 299 | ARM_REG_D22, 300 | ARM_REG_D23, 301 | ARM_REG_D24, 302 | ARM_REG_D25, 303 | ARM_REG_D26, 304 | ARM_REG_D27, 305 | ARM_REG_D28, 306 | ARM_REG_D29, 307 | ARM_REG_D30, 308 | ARM_REG_D31, 309 | ARM_REG_FPINST2, 310 | ARM_REG_MVFR0, 311 | ARM_REG_MVFR1, 312 | ARM_REG_MVFR2, 313 | ARM_REG_Q0, 314 | ARM_REG_Q1, 315 | ARM_REG_Q2, 316 | ARM_REG_Q3, 317 | ARM_REG_Q4, 318 | ARM_REG_Q5, 319 | ARM_REG_Q6, 320 | ARM_REG_Q7, 321 | ARM_REG_Q8, 322 | ARM_REG_Q9, 323 | ARM_REG_Q10, 324 | ARM_REG_Q11, 325 | ARM_REG_Q12, 326 | ARM_REG_Q13, 327 | ARM_REG_Q14, 328 | ARM_REG_Q15, 329 | ARM_REG_R0, 330 | ARM_REG_R1, 331 | ARM_REG_R2, 332 | ARM_REG_R3, 333 | ARM_REG_R4, 334 | ARM_REG_R5, 335 | ARM_REG_R6, 336 | ARM_REG_R7, 337 | ARM_REG_R8, 338 | ARM_REG_R9, 339 | ARM_REG_R10, 340 | ARM_REG_R11, 341 | ARM_REG_R12, 342 | ARM_REG_S0, 343 | ARM_REG_S1, 344 | ARM_REG_S2, 345 | ARM_REG_S3, 346 | ARM_REG_S4, 347 | ARM_REG_S5, 348 | ARM_REG_S6, 349 | ARM_REG_S7, 350 | ARM_REG_S8, 351 | ARM_REG_S9, 352 | ARM_REG_S10, 353 | ARM_REG_S11, 354 | ARM_REG_S12, 355 | ARM_REG_S13, 356 | ARM_REG_S14, 357 | ARM_REG_S15, 358 | ARM_REG_S16, 359 | ARM_REG_S17, 360 | ARM_REG_S18, 361 | ARM_REG_S19, 362 | ARM_REG_S20, 363 | ARM_REG_S21, 364 | ARM_REG_S22, 365 | ARM_REG_S23, 366 | ARM_REG_S24, 367 | ARM_REG_S25, 368 | ARM_REG_S26, 369 | ARM_REG_S27, 370 | ARM_REG_S28, 371 | ARM_REG_S29, 372 | ARM_REG_S30, 373 | ARM_REG_S31, 374 | 375 | ARM_REG_ENDING, // <-- mark the end of the list or registers 376 | 377 | //> alias registers 378 | ARM_REG_R13 = ARM_REG_SP, 379 | ARM_REG_R14 = ARM_REG_LR, 380 | ARM_REG_R15 = ARM_REG_PC, 381 | 382 | ARM_REG_SB = ARM_REG_R9, 383 | ARM_REG_SL = ARM_REG_R10, 384 | ARM_REG_FP = ARM_REG_R11, 385 | ARM_REG_IP = ARM_REG_R12, 386 | } arm_reg; 387 | 388 | //> ARM instruction 389 | typedef enum arm_insn { 390 | ARM_INS_INVALID = 0, 391 | 392 | ARM_INS_ADC, 393 | ARM_INS_ADD, 394 | ARM_INS_ADR, 395 | ARM_INS_AESD, 396 | ARM_INS_AESE, 397 | ARM_INS_AESIMC, 398 | ARM_INS_AESMC, 399 | ARM_INS_AND, 400 | ARM_INS_BFC, 401 | ARM_INS_BFI, 402 | ARM_INS_BIC, 403 | ARM_INS_BKPT, 404 | ARM_INS_BL, 405 | ARM_INS_BLX, 406 | ARM_INS_BX, 407 | ARM_INS_BXJ, 408 | ARM_INS_B, 409 | ARM_INS_CDP, 410 | ARM_INS_CDP2, 411 | ARM_INS_CLREX, 412 | ARM_INS_CLZ, 413 | ARM_INS_CMN, 414 | ARM_INS_CMP, 415 | ARM_INS_CPS, 416 | ARM_INS_CRC32B, 417 | ARM_INS_CRC32CB, 418 | ARM_INS_CRC32CH, 419 | ARM_INS_CRC32CW, 420 | ARM_INS_CRC32H, 421 | ARM_INS_CRC32W, 422 | ARM_INS_DBG, 423 | ARM_INS_DMB, 424 | ARM_INS_DSB, 425 | ARM_INS_EOR, 426 | ARM_INS_VMOV, 427 | ARM_INS_FLDMDBX, 428 | ARM_INS_FLDMIAX, 429 | ARM_INS_VMRS, 430 | ARM_INS_FSTMDBX, 431 | ARM_INS_FSTMIAX, 432 | ARM_INS_HINT, 433 | ARM_INS_HLT, 434 | ARM_INS_ISB, 435 | ARM_INS_LDA, 436 | ARM_INS_LDAB, 437 | ARM_INS_LDAEX, 438 | ARM_INS_LDAEXB, 439 | ARM_INS_LDAEXD, 440 | ARM_INS_LDAEXH, 441 | ARM_INS_LDAH, 442 | ARM_INS_LDC2L, 443 | ARM_INS_LDC2, 444 | ARM_INS_LDCL, 445 | ARM_INS_LDC, 446 | ARM_INS_LDMDA, 447 | ARM_INS_LDMDB, 448 | ARM_INS_LDM, 449 | ARM_INS_LDMIB, 450 | ARM_INS_LDRBT, 451 | ARM_INS_LDRB, 452 | ARM_INS_LDRD, 453 | ARM_INS_LDREX, 454 | ARM_INS_LDREXB, 455 | ARM_INS_LDREXD, 456 | ARM_INS_LDREXH, 457 | ARM_INS_LDRH, 458 | ARM_INS_LDRHT, 459 | ARM_INS_LDRSB, 460 | ARM_INS_LDRSBT, 461 | ARM_INS_LDRSH, 462 | ARM_INS_LDRSHT, 463 | ARM_INS_LDRT, 464 | ARM_INS_LDR, 465 | ARM_INS_MCR, 466 | ARM_INS_MCR2, 467 | ARM_INS_MCRR, 468 | ARM_INS_MCRR2, 469 | ARM_INS_MLA, 470 | ARM_INS_MLS, 471 | ARM_INS_MOV, 472 | ARM_INS_MOVT, 473 | ARM_INS_MOVW, 474 | ARM_INS_MRC, 475 | ARM_INS_MRC2, 476 | ARM_INS_MRRC, 477 | ARM_INS_MRRC2, 478 | ARM_INS_MRS, 479 | ARM_INS_MSR, 480 | ARM_INS_MUL, 481 | ARM_INS_MVN, 482 | ARM_INS_ORR, 483 | ARM_INS_PKHBT, 484 | ARM_INS_PKHTB, 485 | ARM_INS_PLDW, 486 | ARM_INS_PLD, 487 | ARM_INS_PLI, 488 | ARM_INS_QADD, 489 | ARM_INS_QADD16, 490 | ARM_INS_QADD8, 491 | ARM_INS_QASX, 492 | ARM_INS_QDADD, 493 | ARM_INS_QDSUB, 494 | ARM_INS_QSAX, 495 | ARM_INS_QSUB, 496 | ARM_INS_QSUB16, 497 | ARM_INS_QSUB8, 498 | ARM_INS_RBIT, 499 | ARM_INS_REV, 500 | ARM_INS_REV16, 501 | ARM_INS_REVSH, 502 | ARM_INS_RFEDA, 503 | ARM_INS_RFEDB, 504 | ARM_INS_RFEIA, 505 | ARM_INS_RFEIB, 506 | ARM_INS_RSB, 507 | ARM_INS_RSC, 508 | ARM_INS_SADD16, 509 | ARM_INS_SADD8, 510 | ARM_INS_SASX, 511 | ARM_INS_SBC, 512 | ARM_INS_SBFX, 513 | ARM_INS_SDIV, 514 | ARM_INS_SEL, 515 | ARM_INS_SETEND, 516 | ARM_INS_SHA1C, 517 | ARM_INS_SHA1H, 518 | ARM_INS_SHA1M, 519 | ARM_INS_SHA1P, 520 | ARM_INS_SHA1SU0, 521 | ARM_INS_SHA1SU1, 522 | ARM_INS_SHA256H, 523 | ARM_INS_SHA256H2, 524 | ARM_INS_SHA256SU0, 525 | ARM_INS_SHA256SU1, 526 | ARM_INS_SHADD16, 527 | ARM_INS_SHADD8, 528 | ARM_INS_SHASX, 529 | ARM_INS_SHSAX, 530 | ARM_INS_SHSUB16, 531 | ARM_INS_SHSUB8, 532 | ARM_INS_SMC, 533 | ARM_INS_SMLABB, 534 | ARM_INS_SMLABT, 535 | ARM_INS_SMLAD, 536 | ARM_INS_SMLADX, 537 | ARM_INS_SMLAL, 538 | ARM_INS_SMLALBB, 539 | ARM_INS_SMLALBT, 540 | ARM_INS_SMLALD, 541 | ARM_INS_SMLALDX, 542 | ARM_INS_SMLALTB, 543 | ARM_INS_SMLALTT, 544 | ARM_INS_SMLATB, 545 | ARM_INS_SMLATT, 546 | ARM_INS_SMLAWB, 547 | ARM_INS_SMLAWT, 548 | ARM_INS_SMLSD, 549 | ARM_INS_SMLSDX, 550 | ARM_INS_SMLSLD, 551 | ARM_INS_SMLSLDX, 552 | ARM_INS_SMMLA, 553 | ARM_INS_SMMLAR, 554 | ARM_INS_SMMLS, 555 | ARM_INS_SMMLSR, 556 | ARM_INS_SMMUL, 557 | ARM_INS_SMMULR, 558 | ARM_INS_SMUAD, 559 | ARM_INS_SMUADX, 560 | ARM_INS_SMULBB, 561 | ARM_INS_SMULBT, 562 | ARM_INS_SMULL, 563 | ARM_INS_SMULTB, 564 | ARM_INS_SMULTT, 565 | ARM_INS_SMULWB, 566 | ARM_INS_SMULWT, 567 | ARM_INS_SMUSD, 568 | ARM_INS_SMUSDX, 569 | ARM_INS_SRSDA, 570 | ARM_INS_SRSDB, 571 | ARM_INS_SRSIA, 572 | ARM_INS_SRSIB, 573 | ARM_INS_SSAT, 574 | ARM_INS_SSAT16, 575 | ARM_INS_SSAX, 576 | ARM_INS_SSUB16, 577 | ARM_INS_SSUB8, 578 | ARM_INS_STC2L, 579 | ARM_INS_STC2, 580 | ARM_INS_STCL, 581 | ARM_INS_STC, 582 | ARM_INS_STL, 583 | ARM_INS_STLB, 584 | ARM_INS_STLEX, 585 | ARM_INS_STLEXB, 586 | ARM_INS_STLEXD, 587 | ARM_INS_STLEXH, 588 | ARM_INS_STLH, 589 | ARM_INS_STMDA, 590 | ARM_INS_STMDB, 591 | ARM_INS_STM, 592 | ARM_INS_STMIB, 593 | ARM_INS_STRBT, 594 | ARM_INS_STRB, 595 | ARM_INS_STRD, 596 | ARM_INS_STREX, 597 | ARM_INS_STREXB, 598 | ARM_INS_STREXD, 599 | ARM_INS_STREXH, 600 | ARM_INS_STRH, 601 | ARM_INS_STRHT, 602 | ARM_INS_STRT, 603 | ARM_INS_STR, 604 | ARM_INS_SUB, 605 | ARM_INS_SVC, 606 | ARM_INS_SWP, 607 | ARM_INS_SWPB, 608 | ARM_INS_SXTAB, 609 | ARM_INS_SXTAB16, 610 | ARM_INS_SXTAH, 611 | ARM_INS_SXTB, 612 | ARM_INS_SXTB16, 613 | ARM_INS_SXTH, 614 | ARM_INS_TEQ, 615 | ARM_INS_TRAP, 616 | ARM_INS_TST, 617 | ARM_INS_UADD16, 618 | ARM_INS_UADD8, 619 | ARM_INS_UASX, 620 | ARM_INS_UBFX, 621 | ARM_INS_UDF, 622 | ARM_INS_UDIV, 623 | ARM_INS_UHADD16, 624 | ARM_INS_UHADD8, 625 | ARM_INS_UHASX, 626 | ARM_INS_UHSAX, 627 | ARM_INS_UHSUB16, 628 | ARM_INS_UHSUB8, 629 | ARM_INS_UMAAL, 630 | ARM_INS_UMLAL, 631 | ARM_INS_UMULL, 632 | ARM_INS_UQADD16, 633 | ARM_INS_UQADD8, 634 | ARM_INS_UQASX, 635 | ARM_INS_UQSAX, 636 | ARM_INS_UQSUB16, 637 | ARM_INS_UQSUB8, 638 | ARM_INS_USAD8, 639 | ARM_INS_USADA8, 640 | ARM_INS_USAT, 641 | ARM_INS_USAT16, 642 | ARM_INS_USAX, 643 | ARM_INS_USUB16, 644 | ARM_INS_USUB8, 645 | ARM_INS_UXTAB, 646 | ARM_INS_UXTAB16, 647 | ARM_INS_UXTAH, 648 | ARM_INS_UXTB, 649 | ARM_INS_UXTB16, 650 | ARM_INS_UXTH, 651 | ARM_INS_VABAL, 652 | ARM_INS_VABA, 653 | ARM_INS_VABDL, 654 | ARM_INS_VABD, 655 | ARM_INS_VABS, 656 | ARM_INS_VACGE, 657 | ARM_INS_VACGT, 658 | ARM_INS_VADD, 659 | ARM_INS_VADDHN, 660 | ARM_INS_VADDL, 661 | ARM_INS_VADDW, 662 | ARM_INS_VAND, 663 | ARM_INS_VBIC, 664 | ARM_INS_VBIF, 665 | ARM_INS_VBIT, 666 | ARM_INS_VBSL, 667 | ARM_INS_VCEQ, 668 | ARM_INS_VCGE, 669 | ARM_INS_VCGT, 670 | ARM_INS_VCLE, 671 | ARM_INS_VCLS, 672 | ARM_INS_VCLT, 673 | ARM_INS_VCLZ, 674 | ARM_INS_VCMP, 675 | ARM_INS_VCMPE, 676 | ARM_INS_VCNT, 677 | ARM_INS_VCVTA, 678 | ARM_INS_VCVTB, 679 | ARM_INS_VCVT, 680 | ARM_INS_VCVTM, 681 | ARM_INS_VCVTN, 682 | ARM_INS_VCVTP, 683 | ARM_INS_VCVTT, 684 | ARM_INS_VDIV, 685 | ARM_INS_VDUP, 686 | ARM_INS_VEOR, 687 | ARM_INS_VEXT, 688 | ARM_INS_VFMA, 689 | ARM_INS_VFMS, 690 | ARM_INS_VFNMA, 691 | ARM_INS_VFNMS, 692 | ARM_INS_VHADD, 693 | ARM_INS_VHSUB, 694 | ARM_INS_VLD1, 695 | ARM_INS_VLD2, 696 | ARM_INS_VLD3, 697 | ARM_INS_VLD4, 698 | ARM_INS_VLDMDB, 699 | ARM_INS_VLDMIA, 700 | ARM_INS_VLDR, 701 | ARM_INS_VMAXNM, 702 | ARM_INS_VMAX, 703 | ARM_INS_VMINNM, 704 | ARM_INS_VMIN, 705 | ARM_INS_VMLA, 706 | ARM_INS_VMLAL, 707 | ARM_INS_VMLS, 708 | ARM_INS_VMLSL, 709 | ARM_INS_VMOVL, 710 | ARM_INS_VMOVN, 711 | ARM_INS_VMSR, 712 | ARM_INS_VMUL, 713 | ARM_INS_VMULL, 714 | ARM_INS_VMVN, 715 | ARM_INS_VNEG, 716 | ARM_INS_VNMLA, 717 | ARM_INS_VNMLS, 718 | ARM_INS_VNMUL, 719 | ARM_INS_VORN, 720 | ARM_INS_VORR, 721 | ARM_INS_VPADAL, 722 | ARM_INS_VPADDL, 723 | ARM_INS_VPADD, 724 | ARM_INS_VPMAX, 725 | ARM_INS_VPMIN, 726 | ARM_INS_VQABS, 727 | ARM_INS_VQADD, 728 | ARM_INS_VQDMLAL, 729 | ARM_INS_VQDMLSL, 730 | ARM_INS_VQDMULH, 731 | ARM_INS_VQDMULL, 732 | ARM_INS_VQMOVUN, 733 | ARM_INS_VQMOVN, 734 | ARM_INS_VQNEG, 735 | ARM_INS_VQRDMULH, 736 | ARM_INS_VQRSHL, 737 | ARM_INS_VQRSHRN, 738 | ARM_INS_VQRSHRUN, 739 | ARM_INS_VQSHL, 740 | ARM_INS_VQSHLU, 741 | ARM_INS_VQSHRN, 742 | ARM_INS_VQSHRUN, 743 | ARM_INS_VQSUB, 744 | ARM_INS_VRADDHN, 745 | ARM_INS_VRECPE, 746 | ARM_INS_VRECPS, 747 | ARM_INS_VREV16, 748 | ARM_INS_VREV32, 749 | ARM_INS_VREV64, 750 | ARM_INS_VRHADD, 751 | ARM_INS_VRINTA, 752 | ARM_INS_VRINTM, 753 | ARM_INS_VRINTN, 754 | ARM_INS_VRINTP, 755 | ARM_INS_VRINTR, 756 | ARM_INS_VRINTX, 757 | ARM_INS_VRINTZ, 758 | ARM_INS_VRSHL, 759 | ARM_INS_VRSHRN, 760 | ARM_INS_VRSHR, 761 | ARM_INS_VRSQRTE, 762 | ARM_INS_VRSQRTS, 763 | ARM_INS_VRSRA, 764 | ARM_INS_VRSUBHN, 765 | ARM_INS_VSELEQ, 766 | ARM_INS_VSELGE, 767 | ARM_INS_VSELGT, 768 | ARM_INS_VSELVS, 769 | ARM_INS_VSHLL, 770 | ARM_INS_VSHL, 771 | ARM_INS_VSHRN, 772 | ARM_INS_VSHR, 773 | ARM_INS_VSLI, 774 | ARM_INS_VSQRT, 775 | ARM_INS_VSRA, 776 | ARM_INS_VSRI, 777 | ARM_INS_VST1, 778 | ARM_INS_VST2, 779 | ARM_INS_VST3, 780 | ARM_INS_VST4, 781 | ARM_INS_VSTMDB, 782 | ARM_INS_VSTMIA, 783 | ARM_INS_VSTR, 784 | ARM_INS_VSUB, 785 | ARM_INS_VSUBHN, 786 | ARM_INS_VSUBL, 787 | ARM_INS_VSUBW, 788 | ARM_INS_VSWP, 789 | ARM_INS_VTBL, 790 | ARM_INS_VTBX, 791 | ARM_INS_VCVTR, 792 | ARM_INS_VTRN, 793 | ARM_INS_VTST, 794 | ARM_INS_VUZP, 795 | ARM_INS_VZIP, 796 | ARM_INS_ADDW, 797 | ARM_INS_ASR, 798 | ARM_INS_DCPS1, 799 | ARM_INS_DCPS2, 800 | ARM_INS_DCPS3, 801 | ARM_INS_IT, 802 | ARM_INS_LSL, 803 | ARM_INS_LSR, 804 | ARM_INS_ASRS, 805 | ARM_INS_LSRS, 806 | ARM_INS_ORN, 807 | ARM_INS_ROR, 808 | ARM_INS_RRX, 809 | ARM_INS_SUBS, 810 | ARM_INS_SUBW, 811 | ARM_INS_TBB, 812 | ARM_INS_TBH, 813 | ARM_INS_CBNZ, 814 | ARM_INS_CBZ, 815 | ARM_INS_MOVS, 816 | ARM_INS_POP, 817 | ARM_INS_PUSH, 818 | 819 | // special instructions 820 | ARM_INS_NOP, 821 | ARM_INS_YIELD, 822 | ARM_INS_WFE, 823 | ARM_INS_WFI, 824 | ARM_INS_SEV, 825 | ARM_INS_SEVL, 826 | ARM_INS_VPUSH, 827 | ARM_INS_VPOP, 828 | 829 | ARM_INS_ENDING, // <-- mark the end of the list of instructions 830 | } arm_insn; 831 | 832 | //> Group of ARM instructions 833 | typedef enum arm_insn_group { 834 | ARM_GRP_INVALID = 0, // = CS_GRP_INVALID 835 | 836 | //> Generic groups 837 | // all jump instructions (conditional+direct+indirect jumps) 838 | ARM_GRP_JUMP, // = CS_GRP_JUMP 839 | 840 | //> Architecture-specific groups 841 | ARM_GRP_CRYPTO = 128, 842 | ARM_GRP_DATABARRIER, 843 | ARM_GRP_DIVIDE, 844 | ARM_GRP_FPARMV8, 845 | ARM_GRP_MULTPRO, 846 | ARM_GRP_NEON, 847 | ARM_GRP_T2EXTRACTPACK, 848 | ARM_GRP_THUMB2DSP, 849 | ARM_GRP_TRUSTZONE, 850 | ARM_GRP_V4T, 851 | ARM_GRP_V5T, 852 | ARM_GRP_V5TE, 853 | ARM_GRP_V6, 854 | ARM_GRP_V6T2, 855 | ARM_GRP_V7, 856 | ARM_GRP_V8, 857 | ARM_GRP_VFP2, 858 | ARM_GRP_VFP3, 859 | ARM_GRP_VFP4, 860 | ARM_GRP_ARM, 861 | ARM_GRP_MCLASS, 862 | ARM_GRP_NOTMCLASS, 863 | ARM_GRP_THUMB, 864 | ARM_GRP_THUMB1ONLY, 865 | ARM_GRP_THUMB2, 866 | ARM_GRP_PREV8, 867 | ARM_GRP_FPVMLX, 868 | ARM_GRP_MULOPS, 869 | ARM_GRP_CRC, 870 | ARM_GRP_DPVFP, 871 | ARM_GRP_V6M, 872 | 873 | ARM_GRP_ENDING, 874 | } arm_insn_group; 875 | 876 | #ifdef __cplusplus 877 | } 878 | #endif 879 | 880 | #endif 881 | -------------------------------------------------------------------------------- /CaptainHook/include/arm64.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM64_H 2 | #define CAPSTONE_ARM64_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM64 shift type 19 | typedef enum arm64_shifter { 20 | ARM64_SFT_INVALID = 0, 21 | ARM64_SFT_LSL = 1, 22 | ARM64_SFT_MSL = 2, 23 | ARM64_SFT_LSR = 3, 24 | ARM64_SFT_ASR = 4, 25 | ARM64_SFT_ROR = 5, 26 | } arm64_shifter; 27 | 28 | //> ARM64 extender type 29 | typedef enum arm64_extender { 30 | ARM64_EXT_INVALID = 0, 31 | ARM64_EXT_UXTB = 1, 32 | ARM64_EXT_UXTH = 2, 33 | ARM64_EXT_UXTW = 3, 34 | ARM64_EXT_UXTX = 4, 35 | ARM64_EXT_SXTB = 5, 36 | ARM64_EXT_SXTH = 6, 37 | ARM64_EXT_SXTW = 7, 38 | ARM64_EXT_SXTX = 8, 39 | } arm64_extender; 40 | 41 | //> ARM64 condition code 42 | typedef enum arm64_cc { 43 | ARM64_CC_INVALID = 0, 44 | ARM64_CC_EQ = 1, // Equal 45 | ARM64_CC_NE = 2, // Not equal: Not equal, or unordered 46 | ARM64_CC_HS = 3, // Unsigned higher or same: >, ==, or unordered 47 | ARM64_CC_LO = 4, // Unsigned lower or same: Less than 48 | ARM64_CC_MI = 5, // Minus, negative: Less than 49 | ARM64_CC_PL = 6, // Plus, positive or zero: >, ==, or unordered 50 | ARM64_CC_VS = 7, // Overflow: Unordered 51 | ARM64_CC_VC = 8, // No overflow: Ordered 52 | ARM64_CC_HI = 9, // Unsigned higher: Greater than, or unordered 53 | ARM64_CC_LS = 10, // Unsigned lower or same: Less than or equal 54 | ARM64_CC_GE = 11, // Greater than or equal: Greater than or equal 55 | ARM64_CC_LT = 12, // Less than: Less than, or unordered 56 | ARM64_CC_GT = 13, // Signed greater than: Greater than 57 | ARM64_CC_LE = 14, // Signed less than or equal: <, ==, or unordered 58 | ARM64_CC_AL = 15, // Always (unconditional): Always (unconditional) 59 | ARM64_CC_NV = 16, // Always (unconditional): Always (unconditional) 60 | // Note the NV exists purely to disassemble 0b1111. Execution 61 | // is "always". 62 | } arm64_cc; 63 | 64 | //> System registers 65 | typedef enum arm64_mrs_reg { 66 | //> System registers for MRS 67 | ARM64_SYSREG_INVALID = 0, 68 | ARM64_SYSREG_MDCCSR_EL0 = 0x9808, // 10 011 0000 0001 000 69 | ARM64_SYSREG_DBGDTRRX_EL0 = 0x9828, // 10 011 0000 0101 000 70 | ARM64_SYSREG_MDRAR_EL1 = 0x8080, // 10 000 0001 0000 000 71 | ARM64_SYSREG_OSLSR_EL1 = 0x808c, // 10 000 0001 0001 100 72 | ARM64_SYSREG_DBGAUTHSTATUS_EL1 = 0x83f6, // 10 000 0111 1110 110 73 | ARM64_SYSREG_PMCEID0_EL0 = 0xdce6, // 11 011 1001 1100 110 74 | ARM64_SYSREG_PMCEID1_EL0 = 0xdce7, // 11 011 1001 1100 111 75 | ARM64_SYSREG_MIDR_EL1 = 0xc000, // 11 000 0000 0000 000 76 | ARM64_SYSREG_CCSIDR_EL1 = 0xc800, // 11 001 0000 0000 000 77 | ARM64_SYSREG_CLIDR_EL1 = 0xc801, // 11 001 0000 0000 001 78 | ARM64_SYSREG_CTR_EL0 = 0xd801, // 11 011 0000 0000 001 79 | ARM64_SYSREG_MPIDR_EL1 = 0xc005, // 11 000 0000 0000 101 80 | ARM64_SYSREG_REVIDR_EL1 = 0xc006, // 11 000 0000 0000 110 81 | ARM64_SYSREG_AIDR_EL1 = 0xc807, // 11 001 0000 0000 111 82 | ARM64_SYSREG_DCZID_EL0 = 0xd807, // 11 011 0000 0000 111 83 | ARM64_SYSREG_ID_PFR0_EL1 = 0xc008, // 11 000 0000 0001 000 84 | ARM64_SYSREG_ID_PFR1_EL1 = 0xc009, // 11 000 0000 0001 001 85 | ARM64_SYSREG_ID_DFR0_EL1 = 0xc00a, // 11 000 0000 0001 010 86 | ARM64_SYSREG_ID_AFR0_EL1 = 0xc00b, // 11 000 0000 0001 011 87 | ARM64_SYSREG_ID_MMFR0_EL1 = 0xc00c, // 11 000 0000 0001 100 88 | ARM64_SYSREG_ID_MMFR1_EL1 = 0xc00d, // 11 000 0000 0001 101 89 | ARM64_SYSREG_ID_MMFR2_EL1 = 0xc00e, // 11 000 0000 0001 110 90 | ARM64_SYSREG_ID_MMFR3_EL1 = 0xc00f, // 11 000 0000 0001 111 91 | ARM64_SYSREG_ID_ISAR0_EL1 = 0xc010, // 11 000 0000 0010 000 92 | ARM64_SYSREG_ID_ISAR1_EL1 = 0xc011, // 11 000 0000 0010 001 93 | ARM64_SYSREG_ID_ISAR2_EL1 = 0xc012, // 11 000 0000 0010 010 94 | ARM64_SYSREG_ID_ISAR3_EL1 = 0xc013, // 11 000 0000 0010 011 95 | ARM64_SYSREG_ID_ISAR4_EL1 = 0xc014, // 11 000 0000 0010 100 96 | ARM64_SYSREG_ID_ISAR5_EL1 = 0xc015, // 11 000 0000 0010 101 97 | ARM64_SYSREG_ID_A64PFR0_EL1 = 0xc020, // 11 000 0000 0100 000 98 | ARM64_SYSREG_ID_A64PFR1_EL1 = 0xc021, // 11 000 0000 0100 001 99 | ARM64_SYSREG_ID_A64DFR0_EL1 = 0xc028, // 11 000 0000 0101 000 100 | ARM64_SYSREG_ID_A64DFR1_EL1 = 0xc029, // 11 000 0000 0101 001 101 | ARM64_SYSREG_ID_A64AFR0_EL1 = 0xc02c, // 11 000 0000 0101 100 102 | ARM64_SYSREG_ID_A64AFR1_EL1 = 0xc02d, // 11 000 0000 0101 101 103 | ARM64_SYSREG_ID_A64ISAR0_EL1 = 0xc030, // 11 000 0000 0110 000 104 | ARM64_SYSREG_ID_A64ISAR1_EL1 = 0xc031, // 11 000 0000 0110 001 105 | ARM64_SYSREG_ID_A64MMFR0_EL1 = 0xc038, // 11 000 0000 0111 000 106 | ARM64_SYSREG_ID_A64MMFR1_EL1 = 0xc039, // 11 000 0000 0111 001 107 | ARM64_SYSREG_MVFR0_EL1 = 0xc018, // 11 000 0000 0011 000 108 | ARM64_SYSREG_MVFR1_EL1 = 0xc019, // 11 000 0000 0011 001 109 | ARM64_SYSREG_MVFR2_EL1 = 0xc01a, // 11 000 0000 0011 010 110 | ARM64_SYSREG_RVBAR_EL1 = 0xc601, // 11 000 1100 0000 001 111 | ARM64_SYSREG_RVBAR_EL2 = 0xe601, // 11 100 1100 0000 001 112 | ARM64_SYSREG_RVBAR_EL3 = 0xf601, // 11 110 1100 0000 001 113 | ARM64_SYSREG_ISR_EL1 = 0xc608, // 11 000 1100 0001 000 114 | ARM64_SYSREG_CNTPCT_EL0 = 0xdf01, // 11 011 1110 0000 001 115 | ARM64_SYSREG_CNTVCT_EL0 = 0xdf02, // 11 011 1110 0000 010 116 | 117 | // Trace registers 118 | ARM64_SYSREG_TRCSTATR = 0x8818, // 10 001 0000 0011 000 119 | ARM64_SYSREG_TRCIDR8 = 0x8806, // 10 001 0000 0000 110 120 | ARM64_SYSREG_TRCIDR9 = 0x880e, // 10 001 0000 0001 110 121 | ARM64_SYSREG_TRCIDR10 = 0x8816, // 10 001 0000 0010 110 122 | ARM64_SYSREG_TRCIDR11 = 0x881e, // 10 001 0000 0011 110 123 | ARM64_SYSREG_TRCIDR12 = 0x8826, // 10 001 0000 0100 110 124 | ARM64_SYSREG_TRCIDR13 = 0x882e, // 10 001 0000 0101 110 125 | ARM64_SYSREG_TRCIDR0 = 0x8847, // 10 001 0000 1000 111 126 | ARM64_SYSREG_TRCIDR1 = 0x884f, // 10 001 0000 1001 111 127 | ARM64_SYSREG_TRCIDR2 = 0x8857, // 10 001 0000 1010 111 128 | ARM64_SYSREG_TRCIDR3 = 0x885f, // 10 001 0000 1011 111 129 | ARM64_SYSREG_TRCIDR4 = 0x8867, // 10 001 0000 1100 111 130 | ARM64_SYSREG_TRCIDR5 = 0x886f, // 10 001 0000 1101 111 131 | ARM64_SYSREG_TRCIDR6 = 0x8877, // 10 001 0000 1110 111 132 | ARM64_SYSREG_TRCIDR7 = 0x887f, // 10 001 0000 1111 111 133 | ARM64_SYSREG_TRCOSLSR = 0x888c, // 10 001 0001 0001 100 134 | ARM64_SYSREG_TRCPDSR = 0x88ac, // 10 001 0001 0101 100 135 | ARM64_SYSREG_TRCDEVAFF0 = 0x8bd6, // 10 001 0111 1010 110 136 | ARM64_SYSREG_TRCDEVAFF1 = 0x8bde, // 10 001 0111 1011 110 137 | ARM64_SYSREG_TRCLSR = 0x8bee, // 10 001 0111 1101 110 138 | ARM64_SYSREG_TRCAUTHSTATUS = 0x8bf6, // 10 001 0111 1110 110 139 | ARM64_SYSREG_TRCDEVARCH = 0x8bfe, // 10 001 0111 1111 110 140 | ARM64_SYSREG_TRCDEVID = 0x8b97, // 10 001 0111 0010 111 141 | ARM64_SYSREG_TRCDEVTYPE = 0x8b9f, // 10 001 0111 0011 111 142 | ARM64_SYSREG_TRCPIDR4 = 0x8ba7, // 10 001 0111 0100 111 143 | ARM64_SYSREG_TRCPIDR5 = 0x8baf, // 10 001 0111 0101 111 144 | ARM64_SYSREG_TRCPIDR6 = 0x8bb7, // 10 001 0111 0110 111 145 | ARM64_SYSREG_TRCPIDR7 = 0x8bbf, // 10 001 0111 0111 111 146 | ARM64_SYSREG_TRCPIDR0 = 0x8bc7, // 10 001 0111 1000 111 147 | ARM64_SYSREG_TRCPIDR1 = 0x8bcf, // 10 001 0111 1001 111 148 | ARM64_SYSREG_TRCPIDR2 = 0x8bd7, // 10 001 0111 1010 111 149 | ARM64_SYSREG_TRCPIDR3 = 0x8bdf, // 10 001 0111 1011 111 150 | ARM64_SYSREG_TRCCIDR0 = 0x8be7, // 10 001 0111 1100 111 151 | ARM64_SYSREG_TRCCIDR1 = 0x8bef, // 10 001 0111 1101 111 152 | ARM64_SYSREG_TRCCIDR2 = 0x8bf7, // 10 001 0111 1110 111 153 | ARM64_SYSREG_TRCCIDR3 = 0x8bff, // 10 001 0111 1111 111 154 | 155 | // GICv3 registers 156 | ARM64_SYSREG_ICC_IAR1_EL1 = 0xc660, // 11 000 1100 1100 000 157 | ARM64_SYSREG_ICC_IAR0_EL1 = 0xc640, // 11 000 1100 1000 000 158 | ARM64_SYSREG_ICC_HPPIR1_EL1 = 0xc662, // 11 000 1100 1100 010 159 | ARM64_SYSREG_ICC_HPPIR0_EL1 = 0xc642, // 11 000 1100 1000 010 160 | ARM64_SYSREG_ICC_RPR_EL1 = 0xc65b, // 11 000 1100 1011 011 161 | ARM64_SYSREG_ICH_VTR_EL2 = 0xe659, // 11 100 1100 1011 001 162 | ARM64_SYSREG_ICH_EISR_EL2 = 0xe65b, // 11 100 1100 1011 011 163 | ARM64_SYSREG_ICH_ELSR_EL2 = 0xe65d, // 11 100 1100 1011 101 164 | } arm64_sysreg; 165 | 166 | typedef enum arm64_msr_reg { 167 | //> System registers for MSR 168 | ARM64_SYSREG_DBGDTRTX_EL0 = 0x9828, // 10 011 0000 0101 000 169 | ARM64_SYSREG_OSLAR_EL1 = 0x8084, // 10 000 0001 0000 100 170 | ARM64_SYSREG_PMSWINC_EL0 = 0xdce4, // 11 011 1001 1100 100 171 | 172 | // Trace Registers 173 | ARM64_SYSREG_TRCOSLAR = 0x8884, // 10 001 0001 0000 100 174 | ARM64_SYSREG_TRCLAR = 0x8be6, // 10 001 0111 1100 110 175 | 176 | // GICv3 registers 177 | ARM64_SYSREG_ICC_EOIR1_EL1 = 0xc661, // 11 000 1100 1100 001 178 | ARM64_SYSREG_ICC_EOIR0_EL1 = 0xc641, // 11 000 1100 1000 001 179 | ARM64_SYSREG_ICC_DIR_EL1 = 0xc659, // 11 000 1100 1011 001 180 | ARM64_SYSREG_ICC_SGI1R_EL1 = 0xc65d, // 11 000 1100 1011 101 181 | ARM64_SYSREG_ICC_ASGI1R_EL1 = 0xc65e, // 11 000 1100 1011 110 182 | ARM64_SYSREG_ICC_SGI0R_EL1 = 0xc65f, // 11 000 1100 1011 111 183 | } arm64_msr_reg; 184 | 185 | //> System PState Field (MSR instruction) 186 | typedef enum arm64_pstate { 187 | ARM64_PSTATE_INVALID = 0, 188 | ARM64_PSTATE_SPSEL = 0x05, 189 | ARM64_PSTATE_DAIFSET = 0x1e, 190 | ARM64_PSTATE_DAIFCLR = 0x1f 191 | } arm64_pstate; 192 | 193 | //> Vector arrangement specifier (for FloatingPoint/Advanced SIMD insn) 194 | typedef enum arm64_vas { 195 | ARM64_VAS_INVALID = 0, 196 | ARM64_VAS_8B, 197 | ARM64_VAS_16B, 198 | ARM64_VAS_4H, 199 | ARM64_VAS_8H, 200 | ARM64_VAS_2S, 201 | ARM64_VAS_4S, 202 | ARM64_VAS_1D, 203 | ARM64_VAS_2D, 204 | ARM64_VAS_1Q, 205 | } arm64_vas; 206 | 207 | //> Vector element size specifier 208 | typedef enum arm64_vess { 209 | ARM64_VESS_INVALID = 0, 210 | ARM64_VESS_B, 211 | ARM64_VESS_H, 212 | ARM64_VESS_S, 213 | ARM64_VESS_D, 214 | } arm64_vess; 215 | 216 | //> Memory barrier operands 217 | typedef enum arm64_barrier_op { 218 | ARM64_BARRIER_INVALID = 0, 219 | ARM64_BARRIER_OSHLD = 0x1, 220 | ARM64_BARRIER_OSHST = 0x2, 221 | ARM64_BARRIER_OSH = 0x3, 222 | ARM64_BARRIER_NSHLD = 0x5, 223 | ARM64_BARRIER_NSHST = 0x6, 224 | ARM64_BARRIER_NSH = 0x7, 225 | ARM64_BARRIER_ISHLD = 0x9, 226 | ARM64_BARRIER_ISHST = 0xa, 227 | ARM64_BARRIER_ISH = 0xb, 228 | ARM64_BARRIER_LD = 0xd, 229 | ARM64_BARRIER_ST = 0xe, 230 | ARM64_BARRIER_SY = 0xf 231 | } arm64_barrier_op; 232 | 233 | //> Operand type for instruction's operands 234 | typedef enum arm64_op_type { 235 | ARM64_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 236 | ARM64_OP_REG, // = CS_OP_REG (Register operand). 237 | ARM64_OP_IMM, // = CS_OP_IMM (Immediate operand). 238 | ARM64_OP_MEM, // = CS_OP_MEM (Memory operand). 239 | ARM64_OP_FP, // = CS_OP_FP (Floating-Point operand). 240 | ARM64_OP_CIMM = 64, // C-Immediate 241 | ARM64_OP_REG_MRS, // MRS register operand. 242 | ARM64_OP_REG_MSR, // MSR register operand. 243 | ARM64_OP_PSTATE, // PState operand. 244 | ARM64_OP_SYS, // SYS operand for IC/DC/AT/TLBI instructions. 245 | ARM64_OP_PREFETCH, // Prefetch operand (PRFM). 246 | ARM64_OP_BARRIER, // Memory barrier operand (ISB/DMB/DSB instructions). 247 | } arm64_op_type; 248 | 249 | //> TLBI operations 250 | typedef enum arm64_tlbi_op { 251 | ARM64_TLBI_INVALID = 0, 252 | ARM64_TLBI_VMALLE1IS, 253 | ARM64_TLBI_VAE1IS, 254 | ARM64_TLBI_ASIDE1IS, 255 | ARM64_TLBI_VAAE1IS, 256 | ARM64_TLBI_VALE1IS, 257 | ARM64_TLBI_VAALE1IS, 258 | ARM64_TLBI_ALLE2IS, 259 | ARM64_TLBI_VAE2IS, 260 | ARM64_TLBI_ALLE1IS, 261 | ARM64_TLBI_VALE2IS, 262 | ARM64_TLBI_VMALLS12E1IS, 263 | ARM64_TLBI_ALLE3IS, 264 | ARM64_TLBI_VAE3IS, 265 | ARM64_TLBI_VALE3IS, 266 | ARM64_TLBI_IPAS2E1IS, 267 | ARM64_TLBI_IPAS2LE1IS, 268 | ARM64_TLBI_IPAS2E1, 269 | ARM64_TLBI_IPAS2LE1, 270 | ARM64_TLBI_VMALLE1, 271 | ARM64_TLBI_VAE1, 272 | ARM64_TLBI_ASIDE1, 273 | ARM64_TLBI_VAAE1, 274 | ARM64_TLBI_VALE1, 275 | ARM64_TLBI_VAALE1, 276 | ARM64_TLBI_ALLE2, 277 | ARM64_TLBI_VAE2, 278 | ARM64_TLBI_ALLE1, 279 | ARM64_TLBI_VALE2, 280 | ARM64_TLBI_VMALLS12E1, 281 | ARM64_TLBI_ALLE3, 282 | ARM64_TLBI_VAE3, 283 | ARM64_TLBI_VALE3, 284 | } arm64_tlbi_op; 285 | 286 | //> AT operations 287 | typedef enum arm64_at_op { 288 | ARM64_AT_S1E1R, 289 | ARM64_AT_S1E1W, 290 | ARM64_AT_S1E0R, 291 | ARM64_AT_S1E0W, 292 | ARM64_AT_S1E2R, 293 | ARM64_AT_S1E2W, 294 | ARM64_AT_S12E1R, 295 | ARM64_AT_S12E1W, 296 | ARM64_AT_S12E0R, 297 | ARM64_AT_S12E0W, 298 | ARM64_AT_S1E3R, 299 | ARM64_AT_S1E3W, 300 | } arm64_at_op; 301 | 302 | //> DC operations 303 | typedef enum arm64_dc_op { 304 | ARM64_DC_INVALID = 0, 305 | ARM64_DC_ZVA, 306 | ARM64_DC_IVAC, 307 | ARM64_DC_ISW, 308 | ARM64_DC_CVAC, 309 | ARM64_DC_CSW, 310 | ARM64_DC_CVAU, 311 | ARM64_DC_CIVAC, 312 | ARM64_DC_CISW, 313 | } arm64_dc_op; 314 | 315 | //> IC operations 316 | typedef enum arm64_ic_op { 317 | ARM64_IC_INVALID = 0, 318 | ARM64_IC_IALLUIS, 319 | ARM64_IC_IALLU, 320 | ARM64_IC_IVAU, 321 | } arm64_ic_op; 322 | 323 | //> Prefetch operations (PRFM) 324 | typedef enum arm64_prefetch_op { 325 | ARM64_PRFM_INVALID = 0, 326 | ARM64_PRFM_PLDL1KEEP = 0x00 + 1, 327 | ARM64_PRFM_PLDL1STRM = 0x01 + 1, 328 | ARM64_PRFM_PLDL2KEEP = 0x02 + 1, 329 | ARM64_PRFM_PLDL2STRM = 0x03 + 1, 330 | ARM64_PRFM_PLDL3KEEP = 0x04 + 1, 331 | ARM64_PRFM_PLDL3STRM = 0x05 + 1, 332 | ARM64_PRFM_PLIL1KEEP = 0x08 + 1, 333 | ARM64_PRFM_PLIL1STRM = 0x09 + 1, 334 | ARM64_PRFM_PLIL2KEEP = 0x0a + 1, 335 | ARM64_PRFM_PLIL2STRM = 0x0b + 1, 336 | ARM64_PRFM_PLIL3KEEP = 0x0c + 1, 337 | ARM64_PRFM_PLIL3STRM = 0x0d + 1, 338 | ARM64_PRFM_PSTL1KEEP = 0x10 + 1, 339 | ARM64_PRFM_PSTL1STRM = 0x11 + 1, 340 | ARM64_PRFM_PSTL2KEEP = 0x12 + 1, 341 | ARM64_PRFM_PSTL2STRM = 0x13 + 1, 342 | ARM64_PRFM_PSTL3KEEP = 0x14 + 1, 343 | ARM64_PRFM_PSTL3STRM = 0x15 + 1, 344 | } arm64_prefetch_op; 345 | 346 | // Instruction's operand referring to memory 347 | // This is associated with ARM64_OP_MEM operand type above 348 | typedef struct arm64_op_mem { 349 | unsigned int base; // base register 350 | unsigned int index; // index register 351 | int32_t disp; // displacement/offset value 352 | } arm64_op_mem; 353 | 354 | // Instruction operand 355 | typedef struct cs_arm64_op { 356 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 357 | arm64_vas vas; // Vector Arrangement Specifier 358 | arm64_vess vess; // Vector Element Size Specifier 359 | struct { 360 | arm64_shifter type; // shifter type of this operand 361 | unsigned int value; // shifter value of this operand 362 | } shift; 363 | arm64_extender ext; // extender type of this operand 364 | arm64_op_type type; // operand type 365 | union { 366 | unsigned int reg; // register value for REG operand 367 | int64_t imm; // immediate value, or index for C-IMM or IMM operand 368 | double fp; // floating point value for FP operand 369 | arm64_op_mem mem; // base/index/scale/disp value for MEM operand 370 | arm64_pstate pstate; // PState field of MSR instruction. 371 | unsigned int sys; // IC/DC/AT/TLBI operation (see arm64_ic_op, arm64_dc_op, arm64_at_op, arm64_tlbi_op) 372 | arm64_prefetch_op prefetch; // PRFM operation. 373 | arm64_barrier_op barrier; // Memory barrier operation (ISB/DMB/DSB instructions). 374 | }; 375 | } cs_arm64_op; 376 | 377 | // Instruction structure 378 | typedef struct cs_arm64 { 379 | arm64_cc cc; // conditional code for this insn 380 | bool update_flags; // does this insn update flags? 381 | bool writeback; // does this insn request writeback? 'True' means 'yes' 382 | 383 | // Number of operands of this instruction, 384 | // or 0 when instruction has no operand. 385 | uint8_t op_count; 386 | 387 | cs_arm64_op operands[8]; // operands for this instruction. 388 | } cs_arm64; 389 | 390 | //> ARM64 registers 391 | typedef enum arm64_reg { 392 | ARM64_REG_INVALID = 0, 393 | 394 | ARM64_REG_X29, 395 | ARM64_REG_X30, 396 | ARM64_REG_NZCV, 397 | ARM64_REG_SP, 398 | ARM64_REG_WSP, 399 | ARM64_REG_WZR, 400 | ARM64_REG_XZR, 401 | ARM64_REG_B0, 402 | ARM64_REG_B1, 403 | ARM64_REG_B2, 404 | ARM64_REG_B3, 405 | ARM64_REG_B4, 406 | ARM64_REG_B5, 407 | ARM64_REG_B6, 408 | ARM64_REG_B7, 409 | ARM64_REG_B8, 410 | ARM64_REG_B9, 411 | ARM64_REG_B10, 412 | ARM64_REG_B11, 413 | ARM64_REG_B12, 414 | ARM64_REG_B13, 415 | ARM64_REG_B14, 416 | ARM64_REG_B15, 417 | ARM64_REG_B16, 418 | ARM64_REG_B17, 419 | ARM64_REG_B18, 420 | ARM64_REG_B19, 421 | ARM64_REG_B20, 422 | ARM64_REG_B21, 423 | ARM64_REG_B22, 424 | ARM64_REG_B23, 425 | ARM64_REG_B24, 426 | ARM64_REG_B25, 427 | ARM64_REG_B26, 428 | ARM64_REG_B27, 429 | ARM64_REG_B28, 430 | ARM64_REG_B29, 431 | ARM64_REG_B30, 432 | ARM64_REG_B31, 433 | ARM64_REG_D0, 434 | ARM64_REG_D1, 435 | ARM64_REG_D2, 436 | ARM64_REG_D3, 437 | ARM64_REG_D4, 438 | ARM64_REG_D5, 439 | ARM64_REG_D6, 440 | ARM64_REG_D7, 441 | ARM64_REG_D8, 442 | ARM64_REG_D9, 443 | ARM64_REG_D10, 444 | ARM64_REG_D11, 445 | ARM64_REG_D12, 446 | ARM64_REG_D13, 447 | ARM64_REG_D14, 448 | ARM64_REG_D15, 449 | ARM64_REG_D16, 450 | ARM64_REG_D17, 451 | ARM64_REG_D18, 452 | ARM64_REG_D19, 453 | ARM64_REG_D20, 454 | ARM64_REG_D21, 455 | ARM64_REG_D22, 456 | ARM64_REG_D23, 457 | ARM64_REG_D24, 458 | ARM64_REG_D25, 459 | ARM64_REG_D26, 460 | ARM64_REG_D27, 461 | ARM64_REG_D28, 462 | ARM64_REG_D29, 463 | ARM64_REG_D30, 464 | ARM64_REG_D31, 465 | ARM64_REG_H0, 466 | ARM64_REG_H1, 467 | ARM64_REG_H2, 468 | ARM64_REG_H3, 469 | ARM64_REG_H4, 470 | ARM64_REG_H5, 471 | ARM64_REG_H6, 472 | ARM64_REG_H7, 473 | ARM64_REG_H8, 474 | ARM64_REG_H9, 475 | ARM64_REG_H10, 476 | ARM64_REG_H11, 477 | ARM64_REG_H12, 478 | ARM64_REG_H13, 479 | ARM64_REG_H14, 480 | ARM64_REG_H15, 481 | ARM64_REG_H16, 482 | ARM64_REG_H17, 483 | ARM64_REG_H18, 484 | ARM64_REG_H19, 485 | ARM64_REG_H20, 486 | ARM64_REG_H21, 487 | ARM64_REG_H22, 488 | ARM64_REG_H23, 489 | ARM64_REG_H24, 490 | ARM64_REG_H25, 491 | ARM64_REG_H26, 492 | ARM64_REG_H27, 493 | ARM64_REG_H28, 494 | ARM64_REG_H29, 495 | ARM64_REG_H30, 496 | ARM64_REG_H31, 497 | ARM64_REG_Q0, 498 | ARM64_REG_Q1, 499 | ARM64_REG_Q2, 500 | ARM64_REG_Q3, 501 | ARM64_REG_Q4, 502 | ARM64_REG_Q5, 503 | ARM64_REG_Q6, 504 | ARM64_REG_Q7, 505 | ARM64_REG_Q8, 506 | ARM64_REG_Q9, 507 | ARM64_REG_Q10, 508 | ARM64_REG_Q11, 509 | ARM64_REG_Q12, 510 | ARM64_REG_Q13, 511 | ARM64_REG_Q14, 512 | ARM64_REG_Q15, 513 | ARM64_REG_Q16, 514 | ARM64_REG_Q17, 515 | ARM64_REG_Q18, 516 | ARM64_REG_Q19, 517 | ARM64_REG_Q20, 518 | ARM64_REG_Q21, 519 | ARM64_REG_Q22, 520 | ARM64_REG_Q23, 521 | ARM64_REG_Q24, 522 | ARM64_REG_Q25, 523 | ARM64_REG_Q26, 524 | ARM64_REG_Q27, 525 | ARM64_REG_Q28, 526 | ARM64_REG_Q29, 527 | ARM64_REG_Q30, 528 | ARM64_REG_Q31, 529 | ARM64_REG_S0, 530 | ARM64_REG_S1, 531 | ARM64_REG_S2, 532 | ARM64_REG_S3, 533 | ARM64_REG_S4, 534 | ARM64_REG_S5, 535 | ARM64_REG_S6, 536 | ARM64_REG_S7, 537 | ARM64_REG_S8, 538 | ARM64_REG_S9, 539 | ARM64_REG_S10, 540 | ARM64_REG_S11, 541 | ARM64_REG_S12, 542 | ARM64_REG_S13, 543 | ARM64_REG_S14, 544 | ARM64_REG_S15, 545 | ARM64_REG_S16, 546 | ARM64_REG_S17, 547 | ARM64_REG_S18, 548 | ARM64_REG_S19, 549 | ARM64_REG_S20, 550 | ARM64_REG_S21, 551 | ARM64_REG_S22, 552 | ARM64_REG_S23, 553 | ARM64_REG_S24, 554 | ARM64_REG_S25, 555 | ARM64_REG_S26, 556 | ARM64_REG_S27, 557 | ARM64_REG_S28, 558 | ARM64_REG_S29, 559 | ARM64_REG_S30, 560 | ARM64_REG_S31, 561 | ARM64_REG_W0, 562 | ARM64_REG_W1, 563 | ARM64_REG_W2, 564 | ARM64_REG_W3, 565 | ARM64_REG_W4, 566 | ARM64_REG_W5, 567 | ARM64_REG_W6, 568 | ARM64_REG_W7, 569 | ARM64_REG_W8, 570 | ARM64_REG_W9, 571 | ARM64_REG_W10, 572 | ARM64_REG_W11, 573 | ARM64_REG_W12, 574 | ARM64_REG_W13, 575 | ARM64_REG_W14, 576 | ARM64_REG_W15, 577 | ARM64_REG_W16, 578 | ARM64_REG_W17, 579 | ARM64_REG_W18, 580 | ARM64_REG_W19, 581 | ARM64_REG_W20, 582 | ARM64_REG_W21, 583 | ARM64_REG_W22, 584 | ARM64_REG_W23, 585 | ARM64_REG_W24, 586 | ARM64_REG_W25, 587 | ARM64_REG_W26, 588 | ARM64_REG_W27, 589 | ARM64_REG_W28, 590 | ARM64_REG_W29, 591 | ARM64_REG_W30, 592 | ARM64_REG_X0, 593 | ARM64_REG_X1, 594 | ARM64_REG_X2, 595 | ARM64_REG_X3, 596 | ARM64_REG_X4, 597 | ARM64_REG_X5, 598 | ARM64_REG_X6, 599 | ARM64_REG_X7, 600 | ARM64_REG_X8, 601 | ARM64_REG_X9, 602 | ARM64_REG_X10, 603 | ARM64_REG_X11, 604 | ARM64_REG_X12, 605 | ARM64_REG_X13, 606 | ARM64_REG_X14, 607 | ARM64_REG_X15, 608 | ARM64_REG_X16, 609 | ARM64_REG_X17, 610 | ARM64_REG_X18, 611 | ARM64_REG_X19, 612 | ARM64_REG_X20, 613 | ARM64_REG_X21, 614 | ARM64_REG_X22, 615 | ARM64_REG_X23, 616 | ARM64_REG_X24, 617 | ARM64_REG_X25, 618 | ARM64_REG_X26, 619 | ARM64_REG_X27, 620 | ARM64_REG_X28, 621 | 622 | ARM64_REG_V0, 623 | ARM64_REG_V1, 624 | ARM64_REG_V2, 625 | ARM64_REG_V3, 626 | ARM64_REG_V4, 627 | ARM64_REG_V5, 628 | ARM64_REG_V6, 629 | ARM64_REG_V7, 630 | ARM64_REG_V8, 631 | ARM64_REG_V9, 632 | ARM64_REG_V10, 633 | ARM64_REG_V11, 634 | ARM64_REG_V12, 635 | ARM64_REG_V13, 636 | ARM64_REG_V14, 637 | ARM64_REG_V15, 638 | ARM64_REG_V16, 639 | ARM64_REG_V17, 640 | ARM64_REG_V18, 641 | ARM64_REG_V19, 642 | ARM64_REG_V20, 643 | ARM64_REG_V21, 644 | ARM64_REG_V22, 645 | ARM64_REG_V23, 646 | ARM64_REG_V24, 647 | ARM64_REG_V25, 648 | ARM64_REG_V26, 649 | ARM64_REG_V27, 650 | ARM64_REG_V28, 651 | ARM64_REG_V29, 652 | ARM64_REG_V30, 653 | ARM64_REG_V31, 654 | 655 | ARM64_REG_ENDING, // <-- mark the end of the list of registers 656 | 657 | //> alias registers 658 | 659 | ARM64_REG_IP1 = ARM64_REG_X16, 660 | ARM64_REG_IP0 = ARM64_REG_X17, 661 | ARM64_REG_FP = ARM64_REG_X29, 662 | ARM64_REG_LR = ARM64_REG_X30, 663 | } arm64_reg; 664 | 665 | //> ARM64 instruction 666 | typedef enum arm64_insn { 667 | ARM64_INS_INVALID = 0, 668 | 669 | ARM64_INS_ABS, 670 | ARM64_INS_ADC, 671 | ARM64_INS_ADDHN, 672 | ARM64_INS_ADDHN2, 673 | ARM64_INS_ADDP, 674 | ARM64_INS_ADD, 675 | ARM64_INS_ADDV, 676 | ARM64_INS_ADR, 677 | ARM64_INS_ADRP, 678 | ARM64_INS_AESD, 679 | ARM64_INS_AESE, 680 | ARM64_INS_AESIMC, 681 | ARM64_INS_AESMC, 682 | ARM64_INS_AND, 683 | ARM64_INS_ASR, 684 | ARM64_INS_B, 685 | ARM64_INS_BFM, 686 | ARM64_INS_BIC, 687 | ARM64_INS_BIF, 688 | ARM64_INS_BIT, 689 | ARM64_INS_BL, 690 | ARM64_INS_BLR, 691 | ARM64_INS_BR, 692 | ARM64_INS_BRK, 693 | ARM64_INS_BSL, 694 | ARM64_INS_CBNZ, 695 | ARM64_INS_CBZ, 696 | ARM64_INS_CCMN, 697 | ARM64_INS_CCMP, 698 | ARM64_INS_CLREX, 699 | ARM64_INS_CLS, 700 | ARM64_INS_CLZ, 701 | ARM64_INS_CMEQ, 702 | ARM64_INS_CMGE, 703 | ARM64_INS_CMGT, 704 | ARM64_INS_CMHI, 705 | ARM64_INS_CMHS, 706 | ARM64_INS_CMLE, 707 | ARM64_INS_CMLT, 708 | ARM64_INS_CMTST, 709 | ARM64_INS_CNT, 710 | ARM64_INS_MOV, 711 | ARM64_INS_CRC32B, 712 | ARM64_INS_CRC32CB, 713 | ARM64_INS_CRC32CH, 714 | ARM64_INS_CRC32CW, 715 | ARM64_INS_CRC32CX, 716 | ARM64_INS_CRC32H, 717 | ARM64_INS_CRC32W, 718 | ARM64_INS_CRC32X, 719 | ARM64_INS_CSEL, 720 | ARM64_INS_CSINC, 721 | ARM64_INS_CSINV, 722 | ARM64_INS_CSNEG, 723 | ARM64_INS_DCPS1, 724 | ARM64_INS_DCPS2, 725 | ARM64_INS_DCPS3, 726 | ARM64_INS_DMB, 727 | ARM64_INS_DRPS, 728 | ARM64_INS_DSB, 729 | ARM64_INS_DUP, 730 | ARM64_INS_EON, 731 | ARM64_INS_EOR, 732 | ARM64_INS_ERET, 733 | ARM64_INS_EXTR, 734 | ARM64_INS_EXT, 735 | ARM64_INS_FABD, 736 | ARM64_INS_FABS, 737 | ARM64_INS_FACGE, 738 | ARM64_INS_FACGT, 739 | ARM64_INS_FADD, 740 | ARM64_INS_FADDP, 741 | ARM64_INS_FCCMP, 742 | ARM64_INS_FCCMPE, 743 | ARM64_INS_FCMEQ, 744 | ARM64_INS_FCMGE, 745 | ARM64_INS_FCMGT, 746 | ARM64_INS_FCMLE, 747 | ARM64_INS_FCMLT, 748 | ARM64_INS_FCMP, 749 | ARM64_INS_FCMPE, 750 | ARM64_INS_FCSEL, 751 | ARM64_INS_FCVTAS, 752 | ARM64_INS_FCVTAU, 753 | ARM64_INS_FCVT, 754 | ARM64_INS_FCVTL, 755 | ARM64_INS_FCVTL2, 756 | ARM64_INS_FCVTMS, 757 | ARM64_INS_FCVTMU, 758 | ARM64_INS_FCVTNS, 759 | ARM64_INS_FCVTNU, 760 | ARM64_INS_FCVTN, 761 | ARM64_INS_FCVTN2, 762 | ARM64_INS_FCVTPS, 763 | ARM64_INS_FCVTPU, 764 | ARM64_INS_FCVTXN, 765 | ARM64_INS_FCVTXN2, 766 | ARM64_INS_FCVTZS, 767 | ARM64_INS_FCVTZU, 768 | ARM64_INS_FDIV, 769 | ARM64_INS_FMADD, 770 | ARM64_INS_FMAX, 771 | ARM64_INS_FMAXNM, 772 | ARM64_INS_FMAXNMP, 773 | ARM64_INS_FMAXNMV, 774 | ARM64_INS_FMAXP, 775 | ARM64_INS_FMAXV, 776 | ARM64_INS_FMIN, 777 | ARM64_INS_FMINNM, 778 | ARM64_INS_FMINNMP, 779 | ARM64_INS_FMINNMV, 780 | ARM64_INS_FMINP, 781 | ARM64_INS_FMINV, 782 | ARM64_INS_FMLA, 783 | ARM64_INS_FMLS, 784 | ARM64_INS_FMOV, 785 | ARM64_INS_FMSUB, 786 | ARM64_INS_FMUL, 787 | ARM64_INS_FMULX, 788 | ARM64_INS_FNEG, 789 | ARM64_INS_FNMADD, 790 | ARM64_INS_FNMSUB, 791 | ARM64_INS_FNMUL, 792 | ARM64_INS_FRECPE, 793 | ARM64_INS_FRECPS, 794 | ARM64_INS_FRECPX, 795 | ARM64_INS_FRINTA, 796 | ARM64_INS_FRINTI, 797 | ARM64_INS_FRINTM, 798 | ARM64_INS_FRINTN, 799 | ARM64_INS_FRINTP, 800 | ARM64_INS_FRINTX, 801 | ARM64_INS_FRINTZ, 802 | ARM64_INS_FRSQRTE, 803 | ARM64_INS_FRSQRTS, 804 | ARM64_INS_FSQRT, 805 | ARM64_INS_FSUB, 806 | ARM64_INS_HINT, 807 | ARM64_INS_HLT, 808 | ARM64_INS_HVC, 809 | ARM64_INS_INS, 810 | 811 | ARM64_INS_ISB, 812 | ARM64_INS_LD1, 813 | ARM64_INS_LD1R, 814 | ARM64_INS_LD2R, 815 | ARM64_INS_LD2, 816 | ARM64_INS_LD3R, 817 | ARM64_INS_LD3, 818 | ARM64_INS_LD4, 819 | ARM64_INS_LD4R, 820 | 821 | ARM64_INS_LDARB, 822 | ARM64_INS_LDARH, 823 | ARM64_INS_LDAR, 824 | ARM64_INS_LDAXP, 825 | ARM64_INS_LDAXRB, 826 | ARM64_INS_LDAXRH, 827 | ARM64_INS_LDAXR, 828 | ARM64_INS_LDNP, 829 | ARM64_INS_LDP, 830 | ARM64_INS_LDPSW, 831 | ARM64_INS_LDRB, 832 | ARM64_INS_LDR, 833 | ARM64_INS_LDRH, 834 | ARM64_INS_LDRSB, 835 | ARM64_INS_LDRSH, 836 | ARM64_INS_LDRSW, 837 | ARM64_INS_LDTRB, 838 | ARM64_INS_LDTRH, 839 | ARM64_INS_LDTRSB, 840 | 841 | ARM64_INS_LDTRSH, 842 | ARM64_INS_LDTRSW, 843 | ARM64_INS_LDTR, 844 | ARM64_INS_LDURB, 845 | ARM64_INS_LDUR, 846 | ARM64_INS_LDURH, 847 | ARM64_INS_LDURSB, 848 | ARM64_INS_LDURSH, 849 | ARM64_INS_LDURSW, 850 | ARM64_INS_LDXP, 851 | ARM64_INS_LDXRB, 852 | ARM64_INS_LDXRH, 853 | ARM64_INS_LDXR, 854 | ARM64_INS_LSL, 855 | ARM64_INS_LSR, 856 | ARM64_INS_MADD, 857 | ARM64_INS_MLA, 858 | ARM64_INS_MLS, 859 | ARM64_INS_MOVI, 860 | ARM64_INS_MOVK, 861 | ARM64_INS_MOVN, 862 | ARM64_INS_MOVZ, 863 | ARM64_INS_MRS, 864 | ARM64_INS_MSR, 865 | ARM64_INS_MSUB, 866 | ARM64_INS_MUL, 867 | ARM64_INS_MVNI, 868 | ARM64_INS_NEG, 869 | ARM64_INS_NOT, 870 | ARM64_INS_ORN, 871 | ARM64_INS_ORR, 872 | ARM64_INS_PMULL2, 873 | ARM64_INS_PMULL, 874 | ARM64_INS_PMUL, 875 | ARM64_INS_PRFM, 876 | ARM64_INS_PRFUM, 877 | ARM64_INS_RADDHN, 878 | ARM64_INS_RADDHN2, 879 | ARM64_INS_RBIT, 880 | ARM64_INS_RET, 881 | ARM64_INS_REV16, 882 | ARM64_INS_REV32, 883 | ARM64_INS_REV64, 884 | ARM64_INS_REV, 885 | ARM64_INS_ROR, 886 | ARM64_INS_RSHRN2, 887 | ARM64_INS_RSHRN, 888 | ARM64_INS_RSUBHN, 889 | ARM64_INS_RSUBHN2, 890 | ARM64_INS_SABAL2, 891 | ARM64_INS_SABAL, 892 | 893 | ARM64_INS_SABA, 894 | ARM64_INS_SABDL2, 895 | ARM64_INS_SABDL, 896 | ARM64_INS_SABD, 897 | ARM64_INS_SADALP, 898 | ARM64_INS_SADDLP, 899 | ARM64_INS_SADDLV, 900 | ARM64_INS_SADDL2, 901 | ARM64_INS_SADDL, 902 | ARM64_INS_SADDW2, 903 | ARM64_INS_SADDW, 904 | ARM64_INS_SBC, 905 | ARM64_INS_SBFM, 906 | ARM64_INS_SCVTF, 907 | ARM64_INS_SDIV, 908 | ARM64_INS_SHA1C, 909 | ARM64_INS_SHA1H, 910 | ARM64_INS_SHA1M, 911 | ARM64_INS_SHA1P, 912 | ARM64_INS_SHA1SU0, 913 | ARM64_INS_SHA1SU1, 914 | ARM64_INS_SHA256H2, 915 | ARM64_INS_SHA256H, 916 | ARM64_INS_SHA256SU0, 917 | ARM64_INS_SHA256SU1, 918 | ARM64_INS_SHADD, 919 | ARM64_INS_SHLL2, 920 | ARM64_INS_SHLL, 921 | ARM64_INS_SHL, 922 | ARM64_INS_SHRN2, 923 | ARM64_INS_SHRN, 924 | ARM64_INS_SHSUB, 925 | ARM64_INS_SLI, 926 | ARM64_INS_SMADDL, 927 | ARM64_INS_SMAXP, 928 | ARM64_INS_SMAXV, 929 | ARM64_INS_SMAX, 930 | ARM64_INS_SMC, 931 | ARM64_INS_SMINP, 932 | ARM64_INS_SMINV, 933 | ARM64_INS_SMIN, 934 | ARM64_INS_SMLAL2, 935 | ARM64_INS_SMLAL, 936 | ARM64_INS_SMLSL2, 937 | ARM64_INS_SMLSL, 938 | ARM64_INS_SMOV, 939 | ARM64_INS_SMSUBL, 940 | ARM64_INS_SMULH, 941 | ARM64_INS_SMULL2, 942 | ARM64_INS_SMULL, 943 | ARM64_INS_SQABS, 944 | ARM64_INS_SQADD, 945 | ARM64_INS_SQDMLAL, 946 | ARM64_INS_SQDMLAL2, 947 | ARM64_INS_SQDMLSL, 948 | ARM64_INS_SQDMLSL2, 949 | ARM64_INS_SQDMULH, 950 | ARM64_INS_SQDMULL, 951 | ARM64_INS_SQDMULL2, 952 | ARM64_INS_SQNEG, 953 | ARM64_INS_SQRDMULH, 954 | ARM64_INS_SQRSHL, 955 | ARM64_INS_SQRSHRN, 956 | ARM64_INS_SQRSHRN2, 957 | ARM64_INS_SQRSHRUN, 958 | ARM64_INS_SQRSHRUN2, 959 | ARM64_INS_SQSHLU, 960 | ARM64_INS_SQSHL, 961 | ARM64_INS_SQSHRN, 962 | ARM64_INS_SQSHRN2, 963 | ARM64_INS_SQSHRUN, 964 | ARM64_INS_SQSHRUN2, 965 | ARM64_INS_SQSUB, 966 | ARM64_INS_SQXTN2, 967 | ARM64_INS_SQXTN, 968 | ARM64_INS_SQXTUN2, 969 | ARM64_INS_SQXTUN, 970 | ARM64_INS_SRHADD, 971 | ARM64_INS_SRI, 972 | ARM64_INS_SRSHL, 973 | ARM64_INS_SRSHR, 974 | ARM64_INS_SRSRA, 975 | ARM64_INS_SSHLL2, 976 | ARM64_INS_SSHLL, 977 | ARM64_INS_SSHL, 978 | ARM64_INS_SSHR, 979 | ARM64_INS_SSRA, 980 | ARM64_INS_SSUBL2, 981 | ARM64_INS_SSUBL, 982 | ARM64_INS_SSUBW2, 983 | ARM64_INS_SSUBW, 984 | ARM64_INS_ST1, 985 | ARM64_INS_ST2, 986 | ARM64_INS_ST3, 987 | ARM64_INS_ST4, 988 | ARM64_INS_STLRB, 989 | ARM64_INS_STLRH, 990 | ARM64_INS_STLR, 991 | ARM64_INS_STLXP, 992 | ARM64_INS_STLXRB, 993 | ARM64_INS_STLXRH, 994 | ARM64_INS_STLXR, 995 | ARM64_INS_STNP, 996 | ARM64_INS_STP, 997 | ARM64_INS_STRB, 998 | ARM64_INS_STR, 999 | ARM64_INS_STRH, 1000 | ARM64_INS_STTRB, 1001 | ARM64_INS_STTRH, 1002 | ARM64_INS_STTR, 1003 | ARM64_INS_STURB, 1004 | ARM64_INS_STUR, 1005 | ARM64_INS_STURH, 1006 | ARM64_INS_STXP, 1007 | ARM64_INS_STXRB, 1008 | ARM64_INS_STXRH, 1009 | ARM64_INS_STXR, 1010 | ARM64_INS_SUBHN, 1011 | ARM64_INS_SUBHN2, 1012 | ARM64_INS_SUB, 1013 | ARM64_INS_SUQADD, 1014 | ARM64_INS_SVC, 1015 | ARM64_INS_SYSL, 1016 | ARM64_INS_SYS, 1017 | ARM64_INS_TBL, 1018 | ARM64_INS_TBNZ, 1019 | ARM64_INS_TBX, 1020 | ARM64_INS_TBZ, 1021 | ARM64_INS_TRN1, 1022 | ARM64_INS_TRN2, 1023 | ARM64_INS_UABAL2, 1024 | ARM64_INS_UABAL, 1025 | ARM64_INS_UABA, 1026 | ARM64_INS_UABDL2, 1027 | ARM64_INS_UABDL, 1028 | ARM64_INS_UABD, 1029 | ARM64_INS_UADALP, 1030 | ARM64_INS_UADDLP, 1031 | ARM64_INS_UADDLV, 1032 | ARM64_INS_UADDL2, 1033 | ARM64_INS_UADDL, 1034 | ARM64_INS_UADDW2, 1035 | ARM64_INS_UADDW, 1036 | ARM64_INS_UBFM, 1037 | ARM64_INS_UCVTF, 1038 | ARM64_INS_UDIV, 1039 | ARM64_INS_UHADD, 1040 | ARM64_INS_UHSUB, 1041 | ARM64_INS_UMADDL, 1042 | ARM64_INS_UMAXP, 1043 | ARM64_INS_UMAXV, 1044 | ARM64_INS_UMAX, 1045 | ARM64_INS_UMINP, 1046 | ARM64_INS_UMINV, 1047 | ARM64_INS_UMIN, 1048 | ARM64_INS_UMLAL2, 1049 | ARM64_INS_UMLAL, 1050 | ARM64_INS_UMLSL2, 1051 | ARM64_INS_UMLSL, 1052 | ARM64_INS_UMOV, 1053 | ARM64_INS_UMSUBL, 1054 | ARM64_INS_UMULH, 1055 | ARM64_INS_UMULL2, 1056 | ARM64_INS_UMULL, 1057 | ARM64_INS_UQADD, 1058 | ARM64_INS_UQRSHL, 1059 | ARM64_INS_UQRSHRN, 1060 | ARM64_INS_UQRSHRN2, 1061 | ARM64_INS_UQSHL, 1062 | ARM64_INS_UQSHRN, 1063 | ARM64_INS_UQSHRN2, 1064 | ARM64_INS_UQSUB, 1065 | ARM64_INS_UQXTN2, 1066 | ARM64_INS_UQXTN, 1067 | ARM64_INS_URECPE, 1068 | ARM64_INS_URHADD, 1069 | ARM64_INS_URSHL, 1070 | ARM64_INS_URSHR, 1071 | ARM64_INS_URSQRTE, 1072 | ARM64_INS_URSRA, 1073 | ARM64_INS_USHLL2, 1074 | ARM64_INS_USHLL, 1075 | ARM64_INS_USHL, 1076 | ARM64_INS_USHR, 1077 | ARM64_INS_USQADD, 1078 | ARM64_INS_USRA, 1079 | ARM64_INS_USUBL2, 1080 | ARM64_INS_USUBL, 1081 | ARM64_INS_USUBW2, 1082 | ARM64_INS_USUBW, 1083 | ARM64_INS_UZP1, 1084 | ARM64_INS_UZP2, 1085 | ARM64_INS_XTN2, 1086 | ARM64_INS_XTN, 1087 | ARM64_INS_ZIP1, 1088 | ARM64_INS_ZIP2, 1089 | 1090 | // alias insn 1091 | ARM64_INS_MNEG, 1092 | ARM64_INS_UMNEGL, 1093 | ARM64_INS_SMNEGL, 1094 | ARM64_INS_NOP, 1095 | ARM64_INS_YIELD, 1096 | ARM64_INS_WFE, 1097 | ARM64_INS_WFI, 1098 | ARM64_INS_SEV, 1099 | ARM64_INS_SEVL, 1100 | ARM64_INS_NGC, 1101 | ARM64_INS_SBFIZ, 1102 | ARM64_INS_UBFIZ, 1103 | ARM64_INS_SBFX, 1104 | ARM64_INS_UBFX, 1105 | ARM64_INS_BFI, 1106 | ARM64_INS_BFXIL, 1107 | ARM64_INS_CMN, 1108 | ARM64_INS_MVN, 1109 | ARM64_INS_TST, 1110 | ARM64_INS_CSET, 1111 | ARM64_INS_CINC, 1112 | ARM64_INS_CSETM, 1113 | ARM64_INS_CINV, 1114 | ARM64_INS_CNEG, 1115 | ARM64_INS_SXTB, 1116 | ARM64_INS_SXTH, 1117 | ARM64_INS_SXTW, 1118 | ARM64_INS_CMP, 1119 | ARM64_INS_UXTB, 1120 | ARM64_INS_UXTH, 1121 | ARM64_INS_UXTW, 1122 | ARM64_INS_IC, 1123 | ARM64_INS_DC, 1124 | ARM64_INS_AT, 1125 | ARM64_INS_TLBI, 1126 | 1127 | ARM64_INS_ENDING, // <-- mark the end of the list of insn 1128 | } arm64_insn; 1129 | 1130 | //> Group of ARM64 instructions 1131 | typedef enum arm64_insn_group { 1132 | ARM64_GRP_INVALID = 0, // = CS_GRP_INVALID 1133 | 1134 | //> Generic groups 1135 | // all jump instructions (conditional+direct+indirect jumps) 1136 | ARM64_GRP_JUMP, // = CS_GRP_JUMP 1137 | 1138 | //> Architecture-specific groups 1139 | ARM64_GRP_CRYPTO = 128, 1140 | ARM64_GRP_FPARMV8, 1141 | ARM64_GRP_NEON, 1142 | ARM64_GRP_CRC, 1143 | 1144 | ARM64_GRP_ENDING, // <-- mark the end of the list of groups 1145 | } arm64_insn_group; 1146 | 1147 | #ifdef __cplusplus 1148 | } 1149 | #endif 1150 | 1151 | #endif 1152 | -------------------------------------------------------------------------------- /CaptainHook/include/capstone.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ENGINE_H 2 | #define CAPSTONE_ENGINE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include 13 | #if defined(CAPSTONE_HAS_OSXKERNEL) 14 | #include 15 | #else 16 | #include 17 | #include 18 | #endif 19 | 20 | #include "platform.h" 21 | 22 | #ifdef _MSC_VER 23 | #pragma warning(disable:4201) 24 | #pragma warning(disable:4100) 25 | #ifdef CAPSTONE_SHARED 26 | #define CAPSTONE_EXPORT __declspec(dllexport) 27 | #else // defined(CAPSTONE_STATIC) 28 | #define CAPSTONE_EXPORT 29 | #endif 30 | #else 31 | #ifdef __GNUC__ 32 | #define CAPSTONE_EXPORT __attribute__((visibility("default"))) 33 | #else 34 | #define CAPSTONE_EXPORT 35 | #endif 36 | #endif 37 | 38 | #ifdef __GNUC__ 39 | #define CAPSTONE_DEPRECATED __attribute__((deprecated)) 40 | #elif defined(_MSC_VER) 41 | #define CAPSTONE_DEPRECATED __declspec(deprecated) 42 | #else 43 | #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") 44 | #define CAPSTONE_DEPRECATED 45 | #endif 46 | 47 | // Capstone API version 48 | #define CS_API_MAJOR 3 49 | #define CS_API_MINOR 0 50 | 51 | // Macro to create combined version which can be compared to 52 | // result of cs_version() API. 53 | #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) 54 | 55 | // Handle using with all API 56 | typedef size_t csh; 57 | 58 | // Architecture type 59 | typedef enum cs_arch { 60 | CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) 61 | CS_ARCH_ARM64, // ARM-64, also called AArch64 62 | CS_ARCH_MIPS, // Mips architecture 63 | CS_ARCH_X86, // X86 architecture (including x86 & x86-64) 64 | CS_ARCH_PPC, // PowerPC architecture 65 | CS_ARCH_SPARC, // Sparc architecture 66 | CS_ARCH_SYSZ, // SystemZ architecture 67 | CS_ARCH_XCORE, // XCore architecture 68 | CS_ARCH_MAX, 69 | CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() 70 | } cs_arch; 71 | 72 | // Support value to verify diet mode of the engine. 73 | // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled 74 | // in diet mode. 75 | #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) 76 | 77 | // Support value to verify X86 reduce mode of the engine. 78 | // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled 79 | // in X86 reduce mode. 80 | #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) 81 | 82 | // Mode type 83 | typedef enum cs_mode { 84 | CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) 85 | CS_MODE_ARM = 0, // 32-bit ARM 86 | CS_MODE_16 = 1 << 1, // 16-bit mode (X86) 87 | CS_MODE_32 = 1 << 2, // 32-bit mode (X86) 88 | CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) 89 | CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 90 | CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series 91 | CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM 92 | CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) 93 | CS_MODE_MIPS3 = 1 << 5, // Mips III ISA 94 | CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA 95 | CS_MODE_MIPSGP64 = 1 << 7, // General Purpose Registers are 64-bit wide (MIPS) 96 | CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) 97 | CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode 98 | CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) 99 | CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) 100 | } cs_mode; 101 | 102 | typedef void* (*cs_malloc_t)(size_t size); 103 | typedef void* (*cs_calloc_t)(size_t nmemb, size_t size); 104 | typedef void* (*cs_realloc_t)(void *ptr, size_t size); 105 | typedef void (*cs_free_t)(void *ptr); 106 | typedef int (*cs_vsnprintf_t)(char *str, size_t size, const char *format, va_list ap); 107 | 108 | 109 | // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() 110 | // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). 111 | typedef struct cs_opt_mem { 112 | cs_malloc_t malloc; 113 | cs_calloc_t calloc; 114 | cs_realloc_t realloc; 115 | cs_free_t free; 116 | cs_vsnprintf_t vsnprintf; 117 | } cs_opt_mem; 118 | 119 | // Runtime option for the disassembled engine 120 | typedef enum cs_opt_type { 121 | CS_OPT_SYNTAX = 1, // Assembly output syntax 122 | CS_OPT_DETAIL, // Break down instruction structure into details 123 | CS_OPT_MODE, // Change engine's mode at run-time 124 | CS_OPT_MEM, // User-defined dynamic memory related functions 125 | CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. 126 | CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option 127 | } cs_opt_type; 128 | 129 | // Runtime option value (associated with option type above) 130 | typedef enum cs_opt_value { 131 | CS_OPT_OFF = 0, // Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. 132 | CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 133 | CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). 134 | CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 135 | CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). 136 | CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) 137 | } cs_opt_value; 138 | 139 | //> Common instruction operand types - to be consistent across all architectures. 140 | typedef enum cs_op_type { 141 | CS_OP_INVALID = 0, // uninitialized/invalid operand. 142 | CS_OP_REG, // Register operand. 143 | CS_OP_IMM, // Immediate operand. 144 | CS_OP_MEM, // Memory operand. 145 | CS_OP_FP, // Floating-Point operand. 146 | } cs_op_type; 147 | 148 | //> Common instruction groups - to be consistent across all architectures. 149 | typedef enum cs_group_type { 150 | CS_GRP_INVALID = 0, // uninitialized/invalid group. 151 | CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) 152 | CS_GRP_CALL, // all call instructions 153 | CS_GRP_RET, // all return instructions 154 | CS_GRP_INT, // all interrupt instructions (int+syscall) 155 | CS_GRP_IRET, // all interrupt return instructions 156 | } cs_group_type; 157 | 158 | /* 159 | User-defined callback function for SKIPDATA option. 160 | See tests/test_skipdata.c for sample code demonstrating this API. 161 | 162 | @code: the input buffer containing code to be disassembled. 163 | This is the same buffer passed to cs_disasm(). 164 | @code_size: size (in bytes) of the above @code buffer. 165 | @offset: the position of the currently-examining byte in the input 166 | buffer @code mentioned above. 167 | @user_data: user-data passed to cs_option() via @user_data field in 168 | cs_opt_skipdata struct below. 169 | 170 | @return: return number of bytes to skip, or 0 to immediately stop disassembling. 171 | */ 172 | typedef size_t (*cs_skipdata_cb_t)(const uint8_t *code, size_t code_size, size_t offset, void *user_data); 173 | 174 | // User-customized setup for SKIPDATA option 175 | typedef struct cs_opt_skipdata { 176 | // Capstone considers data to skip as special "instructions". 177 | // User can specify the string for this instruction's "mnemonic" here. 178 | // By default (if @mnemonic is NULL), Capstone use ".byte". 179 | const char *mnemonic; 180 | 181 | // User-defined callback function to be called when Capstone hits data. 182 | // If the returned value from this callback is positive (>0), Capstone 183 | // will skip exactly that number of bytes & continue. Otherwise, if 184 | // the callback returns 0, Capstone stops disassembling and returns 185 | // immediately from cs_disasm() 186 | // NOTE: if this callback pointer is NULL, Capstone would skip a number 187 | // of bytes depending on architectures, as following: 188 | // Arm: 2 bytes (Thumb mode) or 4 bytes. 189 | // Arm64: 4 bytes. 190 | // Mips: 4 bytes. 191 | // PowerPC: 4 bytes. 192 | // Sparc: 4 bytes. 193 | // SystemZ: 2 bytes. 194 | // X86: 1 bytes. 195 | // XCore: 2 bytes. 196 | cs_skipdata_cb_t callback; // default value is NULL 197 | 198 | // User-defined data to be passed to @callback function pointer. 199 | void *user_data; 200 | } cs_opt_skipdata; 201 | 202 | 203 | #include "arm.h" 204 | #include "arm64.h" 205 | #include "mips.h" 206 | #include "ppc.h" 207 | #include "sparc.h" 208 | #include "systemz.h" 209 | #include "x86.h" 210 | #include "xcore.h" 211 | 212 | // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 213 | typedef struct cs_detail { 214 | uint8_t regs_read[12]; // list of implicit registers read by this insn 215 | uint8_t regs_read_count; // number of implicit registers read by this insn 216 | 217 | uint8_t regs_write[20]; // list of implicit registers modified by this insn 218 | uint8_t regs_write_count; // number of implicit registers modified by this insn 219 | 220 | uint8_t groups[8]; // list of group this instruction belong to 221 | uint8_t groups_count; // number of groups this insn belongs to 222 | 223 | // Architecture-specific instruction info 224 | union { 225 | cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 226 | cs_arm64 arm64; // ARM64 architecture (aka AArch64) 227 | cs_arm arm; // ARM architecture (including Thumb/Thumb2) 228 | cs_mips mips; // MIPS architecture 229 | cs_ppc ppc; // PowerPC architecture 230 | cs_sparc sparc; // Sparc architecture 231 | cs_sysz sysz; // SystemZ architecture 232 | cs_xcore xcore; // XCore architecture 233 | }; 234 | } cs_detail; 235 | 236 | // Detail information of disassembled instruction 237 | typedef struct cs_insn { 238 | // Instruction ID (basically a numeric ID for the instruction mnemonic) 239 | // Find the instruction id in the '[ARCH]_insn' enum in the header file 240 | // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 241 | // 'x86_insn' in x86.h for X86, etc... 242 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 243 | // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. 244 | unsigned int id; 245 | 246 | // Address (EIP) of this instruction 247 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 248 | uint64_t address; 249 | 250 | // Size of this instruction 251 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 252 | uint16_t size; 253 | // Machine bytes of this instruction, with number of bytes indicated by @size above 254 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 255 | uint8_t bytes[16]; 256 | 257 | // Ascii text of instruction mnemonic 258 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 259 | char mnemonic[32]; 260 | 261 | // Ascii text of instruction operands 262 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 263 | char op_str[160]; 264 | 265 | // Pointer to cs_detail. 266 | // NOTE: detail pointer is only valid when both requirements below are met: 267 | // (1) CS_OP_DETAIL = CS_OPT_ON 268 | // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 269 | // 270 | // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 271 | // is not NULL, its content is still irrelevant. 272 | cs_detail *detail; 273 | } cs_insn; 274 | 275 | 276 | // Calculate the offset of a disassembled instruction in its buffer, given its position 277 | // in its array of disassembled insn 278 | // NOTE: this macro works with position (>=1), not index 279 | #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) 280 | 281 | 282 | // All type of errors encountered by Capstone API. 283 | // These are values returned by cs_errno() 284 | typedef enum cs_err { 285 | CS_ERR_OK = 0, // No error: everything was fine 286 | CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 287 | CS_ERR_ARCH, // Unsupported architecture: cs_open() 288 | CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() 289 | CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() 290 | CS_ERR_MODE, // Invalid/unsupported mode: cs_open() 291 | CS_ERR_OPTION, // Invalid/unsupported option: cs_option() 292 | CS_ERR_DETAIL, // Information is unavailable because detail option is OFF 293 | CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) 294 | CS_ERR_VERSION, // Unsupported version (bindings) 295 | CS_ERR_DIET, // Access irrelevant data in "diet" engine 296 | CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode 297 | CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) 298 | CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) 299 | } cs_err; 300 | 301 | /* 302 | Return combined API version & major and minor version numbers. 303 | 304 | @major: major number of API version 305 | @minor: minor number of API version 306 | 307 | @return hexical number as (major << 8 | minor), which encodes both 308 | major & minor versions. 309 | NOTE: This returned value can be compared with version number made 310 | with macro CS_MAKE_VERSION 311 | 312 | For example, second API version would return 1 in @major, and 1 in @minor 313 | The return value would be 0x0101 314 | 315 | NOTE: if you only care about returned value, but not major and minor values, 316 | set both @major & @minor arguments to NULL. 317 | */ 318 | CAPSTONE_EXPORT 319 | unsigned int cs_version(int *major, int *minor); 320 | 321 | 322 | /* 323 | This API can be used to either ask for archs supported by this library, 324 | or check to see if the library was compile with 'diet' option (or called 325 | in 'diet' mode). 326 | 327 | To check if a particular arch is supported by this library, set @query to 328 | arch mode (CS_ARCH_* value). 329 | To verify if this library supports all the archs, use CS_ARCH_ALL. 330 | 331 | To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 332 | 333 | @return True if this library supports the given arch, or in 'diet' mode. 334 | */ 335 | CAPSTONE_EXPORT 336 | bool cs_support(int query); 337 | 338 | /* 339 | Initialize CS handle: this must be done before any usage of CS. 340 | 341 | @arch: architecture type (CS_ARCH_*) 342 | @mode: hardware mode. This is combined of CS_MODE_* 343 | @handle: pointer to handle, which will be updated at return time 344 | 345 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 346 | for detailed error). 347 | */ 348 | CAPSTONE_EXPORT 349 | cs_err cs_open(cs_arch arch, cs_mode mode, csh *handle); 350 | 351 | /* 352 | Close CS handle: MUST do to release the handle when it is not used anymore. 353 | NOTE: this must be only called when there is no longer usage of Capstone, 354 | not even access to cs_insn array. The reason is the this API releases some 355 | cached memory, thus access to any Capstone API after cs_close() might crash 356 | your application. 357 | 358 | In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 359 | 360 | @handle: pointer to a handle returned by cs_open() 361 | 362 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 363 | for detailed error). 364 | */ 365 | CAPSTONE_EXPORT 366 | cs_err cs_close(csh *handle); 367 | 368 | /* 369 | Set option for disassembling engine at runtime 370 | 371 | @handle: handle returned by cs_open() 372 | @type: type of option to be set 373 | @value: option value corresponding with @type 374 | 375 | @return: CS_ERR_OK on success, or other value on failure. 376 | Refer to cs_err enum for detailed error. 377 | 378 | NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 379 | so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 380 | even before cs_open() 381 | */ 382 | CAPSTONE_EXPORT 383 | cs_err cs_option(csh handle, cs_opt_type type, size_t value); 384 | 385 | /* 386 | Report the last error number when some API function fail. 387 | Like glibc's errno, cs_errno might not retain its old value once accessed. 388 | 389 | @handle: handle returned by cs_open() 390 | 391 | @return: error code of cs_err enum type (CS_ERR_*, see above) 392 | */ 393 | CAPSTONE_EXPORT 394 | cs_err cs_errno(csh handle); 395 | 396 | 397 | /* 398 | Return a string describing given error code. 399 | 400 | @code: error code (see CS_ERR_* above) 401 | 402 | @return: returns a pointer to a string that describes the error code 403 | passed in the argument @code 404 | */ 405 | CAPSTONE_EXPORT 406 | const char *cs_strerror(cs_err code); 407 | 408 | /* 409 | Disassemble binary code, given the code buffer, size, address and number 410 | of instructions to be decoded. 411 | This API dynamically allocate memory to contain disassembled instruction. 412 | Resulted instructions will be put into @*insn 413 | 414 | NOTE 1: this API will automatically determine memory needed to contain 415 | output disassembled instructions in @insn. 416 | 417 | NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 418 | 419 | NOTE 3: for system with scarce memory to be dynamically allocated such as 420 | OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 421 | cs_disasm(). The reason is that with cs_disasm(), based on limited available 422 | memory, we have to calculate in advance how many instructions to be disassembled, 423 | which complicates things. This is especially troublesome for the case @count=0, 424 | when cs_disasm() runs uncontrollably (until either end of input buffer, or 425 | when it encounters an invalid instruction). 426 | 427 | @handle: handle returned by cs_open() 428 | @code: buffer containing raw binary code to be disassembled. 429 | @code_size: size of the above code buffer. 430 | @address: address of the first instruction in given raw code buffer. 431 | @insn: array of instructions filled in by this API. 432 | NOTE: @insn will be allocated by this function, and should be freed 433 | with cs_free() API. 434 | @count: number of instructions to be disassembled, or 0 to get all of them 435 | 436 | @return: the number of successfully disassembled instructions, 437 | or 0 if this function failed to disassemble the given code 438 | 439 | On failure, call cs_errno() for error code. 440 | */ 441 | CAPSTONE_EXPORT 442 | size_t cs_disasm(csh handle, 443 | const uint8_t *code, size_t code_size, 444 | uint64_t address, 445 | size_t count, 446 | cs_insn **insn); 447 | 448 | /* 449 | Deprecated function - to be retired in the next version! 450 | Use cs_disasm() instead of cs_disasm_ex() 451 | */ 452 | CAPSTONE_EXPORT 453 | CAPSTONE_DEPRECATED 454 | size_t cs_disasm_ex(csh handle, 455 | const uint8_t *code, size_t code_size, 456 | uint64_t address, 457 | size_t count, 458 | cs_insn **insn); 459 | 460 | /* 461 | Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 462 | 463 | @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 464 | @count: number of cs_insn structures returned by cs_disasm(), or 1 465 | to free memory allocated by cs_malloc(). 466 | */ 467 | CAPSTONE_EXPORT 468 | void cs_free(cs_insn *insn, size_t count); 469 | 470 | 471 | /* 472 | Allocate memory for 1 instruction to be used by cs_disasm_iter(). 473 | 474 | @handle: handle returned by cs_open() 475 | 476 | NOTE: when no longer in use, you can reclaim the memory allocated for 477 | this instruction with cs_free(insn, 1) 478 | */ 479 | CAPSTONE_EXPORT 480 | cs_insn *cs_malloc(csh handle); 481 | 482 | /* 483 | Fast API to disassemble binary code, given the code buffer, size, address 484 | and number of instructions to be decoded. 485 | This API put the resulted instruction into a given cache in @insn. 486 | See tests/test_iter.c for sample code demonstrating this API. 487 | 488 | NOTE 1: this API will update @code, @size & @address to point to the next 489 | instruction in the input buffer. Therefore, it is convenient to use 490 | cs_disasm_iter() inside a loop to quickly iterate all the instructions. 491 | While decoding one instruction at a time can also be achieved with 492 | cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 493 | faster on random input. 494 | 495 | NOTE 2: the cache in @insn can be created with cs_malloc() API. 496 | 497 | NOTE 3: for system with scarce memory to be dynamically allocated such as 498 | OS kernel or firmware, this API is recommended over cs_disasm(), which 499 | allocates memory based on the number of instructions to be disassembled. 500 | The reason is that with cs_disasm(), based on limited available memory, 501 | we have to calculate in advance how many instructions to be disassembled, 502 | which complicates things. This is especially troublesome for the case 503 | @count=0, when cs_disasm() runs uncontrollably (until either end of input 504 | buffer, or when it encounters an invalid instruction). 505 | 506 | @handle: handle returned by cs_open() 507 | @code: buffer containing raw binary code to be disassembled 508 | @code_size: size of above code 509 | @address: address of the first insn in given raw code buffer 510 | @insn: pointer to instruction to be filled in by this API. 511 | 512 | @return: true if this API successfully decode 1 instruction, 513 | or false otherwise. 514 | 515 | On failure, call cs_errno() for error code. 516 | */ 517 | CAPSTONE_EXPORT 518 | bool cs_disasm_iter(csh handle, 519 | const uint8_t **code, size_t *size, 520 | uint64_t *address, cs_insn *insn); 521 | 522 | /* 523 | Return friendly name of register in a string. 524 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, 525 | x86.h for X86, ...) 526 | 527 | WARN: when in 'diet' mode, this API is irrelevant because engine does not 528 | store register name. 529 | 530 | @handle: handle returned by cs_open() 531 | @reg_id: register id 532 | 533 | @return: string name of the register, or NULL if @reg_id is invalid. 534 | */ 535 | CAPSTONE_EXPORT 536 | const char *cs_reg_name(csh handle, unsigned int reg_id); 537 | 538 | /* 539 | Return friendly name of an instruction in a string. 540 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 541 | 542 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 543 | store instruction name. 544 | 545 | @handle: handle returned by cs_open() 546 | @insn_id: instruction id 547 | 548 | @return: string name of the instruction, or NULL if @insn_id is invalid. 549 | */ 550 | CAPSTONE_EXPORT 551 | const char *cs_insn_name(csh handle, unsigned int insn_id); 552 | 553 | /* 554 | Return friendly name of a group id (that an instruction can belong to) 555 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 556 | 557 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 558 | store group name. 559 | 560 | @handle: handle returned by cs_open() 561 | @group_id: group id 562 | 563 | @return: string name of the group, or NULL if @group_id is invalid. 564 | */ 565 | CAPSTONE_EXPORT 566 | const char *cs_group_name(csh handle, unsigned int group_id); 567 | 568 | /* 569 | Check if a disassembled instruction belong to a particular group. 570 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 571 | Internally, this simply verifies if @group_id matches any member of insn->groups array. 572 | 573 | NOTE: this API is only valid when detail option is ON (which is OFF by default). 574 | 575 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 576 | update @groups array. 577 | 578 | @handle: handle returned by cs_open() 579 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 580 | @group_id: group that you want to check if this instruction belong to. 581 | 582 | @return: true if this instruction indeed belongs to aboved group, or false otherwise. 583 | */ 584 | CAPSTONE_EXPORT 585 | bool cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); 586 | 587 | /* 588 | Check if a disassembled instruction IMPLICITLY used a particular register. 589 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 590 | Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 591 | 592 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 593 | 594 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 595 | update @regs_read array. 596 | 597 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 598 | @reg_id: register that you want to check if this instruction used it. 599 | 600 | @return: true if this instruction indeed implicitly used aboved register, or false otherwise. 601 | */ 602 | CAPSTONE_EXPORT 603 | bool cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); 604 | 605 | /* 606 | Check if a disassembled instruction IMPLICITLY modified a particular register. 607 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 608 | Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 609 | 610 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 611 | 612 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 613 | update @regs_write array. 614 | 615 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 616 | @reg_id: register that you want to check if this instruction modified it. 617 | 618 | @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. 619 | */ 620 | CAPSTONE_EXPORT 621 | bool cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); 622 | 623 | /* 624 | Count the number of operands of a given type. 625 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 626 | 627 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 628 | 629 | @handle: handle returned by cs_open() 630 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 631 | @op_type: Operand type to be found. 632 | 633 | @return: number of operands of given type @op_type in instruction @insn, 634 | or -1 on failure. 635 | */ 636 | CAPSTONE_EXPORT 637 | int cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); 638 | 639 | /* 640 | Retrieve the position of operand of given type in .operands[] array. 641 | Later, the operand can be accessed using the returned position. 642 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 643 | 644 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 645 | 646 | @handle: handle returned by cs_open() 647 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 648 | @op_type: Operand type to be found. 649 | @position: position of the operand to be found. This must be in the range 650 | [1, cs_op_count(handle, insn, op_type)] 651 | 652 | @return: index of operand of given type @op_type in .operands[] array 653 | in instruction @insn, or -1 on failure. 654 | */ 655 | CAPSTONE_EXPORT 656 | int cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, 657 | unsigned int position); 658 | 659 | #ifdef __cplusplus 660 | } 661 | #endif 662 | 663 | #endif 664 | -------------------------------------------------------------------------------- /CaptainHook/include/mips.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_MIPS_H 2 | #define CAPSTONE_MIPS_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC MIPS toolchain has a default macro called "mips" which breaks 15 | // compilation 16 | #undef mips 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Operand type for instruction's operands 23 | typedef enum mips_op_type { 24 | MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 25 | MIPS_OP_REG, // = CS_OP_REG (Register operand). 26 | MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand). 27 | MIPS_OP_MEM, // = CS_OP_MEM (Memory operand). 28 | } mips_op_type; 29 | 30 | // Instruction's operand referring to memory 31 | // This is associated with MIPS_OP_MEM operand type above 32 | typedef struct mips_op_mem { 33 | unsigned int base; // base register 34 | int64_t disp; // displacement/offset value 35 | } mips_op_mem; 36 | 37 | // Instruction operand 38 | typedef struct cs_mips_op { 39 | mips_op_type type; // operand type 40 | union { 41 | unsigned int reg; // register value for REG operand 42 | int64_t imm; // immediate value for IMM operand 43 | mips_op_mem mem; // base/index/scale/disp value for MEM operand 44 | }; 45 | } cs_mips_op; 46 | 47 | // Instruction structure 48 | typedef struct cs_mips { 49 | // Number of operands of this instruction, 50 | // or 0 when instruction has no operand. 51 | uint8_t op_count; 52 | cs_mips_op operands[8]; // operands for this instruction. 53 | } cs_mips; 54 | 55 | //> MIPS registers 56 | typedef enum mips_reg { 57 | MIPS_REG_INVALID = 0, 58 | //> General purpose registers 59 | MIPS_REG_0, 60 | MIPS_REG_1, 61 | MIPS_REG_2, 62 | MIPS_REG_3, 63 | MIPS_REG_4, 64 | MIPS_REG_5, 65 | MIPS_REG_6, 66 | MIPS_REG_7, 67 | MIPS_REG_8, 68 | MIPS_REG_9, 69 | MIPS_REG_10, 70 | MIPS_REG_11, 71 | MIPS_REG_12, 72 | MIPS_REG_13, 73 | MIPS_REG_14, 74 | MIPS_REG_15, 75 | MIPS_REG_16, 76 | MIPS_REG_17, 77 | MIPS_REG_18, 78 | MIPS_REG_19, 79 | MIPS_REG_20, 80 | MIPS_REG_21, 81 | MIPS_REG_22, 82 | MIPS_REG_23, 83 | MIPS_REG_24, 84 | MIPS_REG_25, 85 | MIPS_REG_26, 86 | MIPS_REG_27, 87 | MIPS_REG_28, 88 | MIPS_REG_29, 89 | MIPS_REG_30, 90 | MIPS_REG_31, 91 | 92 | //> DSP registers 93 | MIPS_REG_DSPCCOND, 94 | MIPS_REG_DSPCARRY, 95 | MIPS_REG_DSPEFI, 96 | MIPS_REG_DSPOUTFLAG, 97 | MIPS_REG_DSPOUTFLAG16_19, 98 | MIPS_REG_DSPOUTFLAG20, 99 | MIPS_REG_DSPOUTFLAG21, 100 | MIPS_REG_DSPOUTFLAG22, 101 | MIPS_REG_DSPOUTFLAG23, 102 | MIPS_REG_DSPPOS, 103 | MIPS_REG_DSPSCOUNT, 104 | 105 | //> ACC registers 106 | MIPS_REG_AC0, 107 | MIPS_REG_AC1, 108 | MIPS_REG_AC2, 109 | MIPS_REG_AC3, 110 | 111 | //> COP registers 112 | MIPS_REG_CC0, 113 | MIPS_REG_CC1, 114 | MIPS_REG_CC2, 115 | MIPS_REG_CC3, 116 | MIPS_REG_CC4, 117 | MIPS_REG_CC5, 118 | MIPS_REG_CC6, 119 | MIPS_REG_CC7, 120 | 121 | //> FPU registers 122 | MIPS_REG_F0, 123 | MIPS_REG_F1, 124 | MIPS_REG_F2, 125 | MIPS_REG_F3, 126 | MIPS_REG_F4, 127 | MIPS_REG_F5, 128 | MIPS_REG_F6, 129 | MIPS_REG_F7, 130 | MIPS_REG_F8, 131 | MIPS_REG_F9, 132 | MIPS_REG_F10, 133 | MIPS_REG_F11, 134 | MIPS_REG_F12, 135 | MIPS_REG_F13, 136 | MIPS_REG_F14, 137 | MIPS_REG_F15, 138 | MIPS_REG_F16, 139 | MIPS_REG_F17, 140 | MIPS_REG_F18, 141 | MIPS_REG_F19, 142 | MIPS_REG_F20, 143 | MIPS_REG_F21, 144 | MIPS_REG_F22, 145 | MIPS_REG_F23, 146 | MIPS_REG_F24, 147 | MIPS_REG_F25, 148 | MIPS_REG_F26, 149 | MIPS_REG_F27, 150 | MIPS_REG_F28, 151 | MIPS_REG_F29, 152 | MIPS_REG_F30, 153 | MIPS_REG_F31, 154 | 155 | MIPS_REG_FCC0, 156 | MIPS_REG_FCC1, 157 | MIPS_REG_FCC2, 158 | MIPS_REG_FCC3, 159 | MIPS_REG_FCC4, 160 | MIPS_REG_FCC5, 161 | MIPS_REG_FCC6, 162 | MIPS_REG_FCC7, 163 | 164 | //> AFPR128 165 | MIPS_REG_W0, 166 | MIPS_REG_W1, 167 | MIPS_REG_W2, 168 | MIPS_REG_W3, 169 | MIPS_REG_W4, 170 | MIPS_REG_W5, 171 | MIPS_REG_W6, 172 | MIPS_REG_W7, 173 | MIPS_REG_W8, 174 | MIPS_REG_W9, 175 | MIPS_REG_W10, 176 | MIPS_REG_W11, 177 | MIPS_REG_W12, 178 | MIPS_REG_W13, 179 | MIPS_REG_W14, 180 | MIPS_REG_W15, 181 | MIPS_REG_W16, 182 | MIPS_REG_W17, 183 | MIPS_REG_W18, 184 | MIPS_REG_W19, 185 | MIPS_REG_W20, 186 | MIPS_REG_W21, 187 | MIPS_REG_W22, 188 | MIPS_REG_W23, 189 | MIPS_REG_W24, 190 | MIPS_REG_W25, 191 | MIPS_REG_W26, 192 | MIPS_REG_W27, 193 | MIPS_REG_W28, 194 | MIPS_REG_W29, 195 | MIPS_REG_W30, 196 | MIPS_REG_W31, 197 | 198 | MIPS_REG_HI, 199 | MIPS_REG_LO, 200 | 201 | MIPS_REG_P0, 202 | MIPS_REG_P1, 203 | MIPS_REG_P2, 204 | 205 | MIPS_REG_MPL0, 206 | MIPS_REG_MPL1, 207 | MIPS_REG_MPL2, 208 | 209 | MIPS_REG_ENDING, // <-- mark the end of the list or registers 210 | 211 | // alias registers 212 | MIPS_REG_ZERO = MIPS_REG_0, 213 | MIPS_REG_AT = MIPS_REG_1, 214 | MIPS_REG_V0 = MIPS_REG_2, 215 | MIPS_REG_V1 = MIPS_REG_3, 216 | MIPS_REG_A0 = MIPS_REG_4, 217 | MIPS_REG_A1 = MIPS_REG_5, 218 | MIPS_REG_A2 = MIPS_REG_6, 219 | MIPS_REG_A3 = MIPS_REG_7, 220 | MIPS_REG_T0 = MIPS_REG_8, 221 | MIPS_REG_T1 = MIPS_REG_9, 222 | MIPS_REG_T2 = MIPS_REG_10, 223 | MIPS_REG_T3 = MIPS_REG_11, 224 | MIPS_REG_T4 = MIPS_REG_12, 225 | MIPS_REG_T5 = MIPS_REG_13, 226 | MIPS_REG_T6 = MIPS_REG_14, 227 | MIPS_REG_T7 = MIPS_REG_15, 228 | MIPS_REG_S0 = MIPS_REG_16, 229 | MIPS_REG_S1 = MIPS_REG_17, 230 | MIPS_REG_S2 = MIPS_REG_18, 231 | MIPS_REG_S3 = MIPS_REG_19, 232 | MIPS_REG_S4 = MIPS_REG_20, 233 | MIPS_REG_S5 = MIPS_REG_21, 234 | MIPS_REG_S6 = MIPS_REG_22, 235 | MIPS_REG_S7 = MIPS_REG_23, 236 | MIPS_REG_T8 = MIPS_REG_24, 237 | MIPS_REG_T9 = MIPS_REG_25, 238 | MIPS_REG_K0 = MIPS_REG_26, 239 | MIPS_REG_K1 = MIPS_REG_27, 240 | MIPS_REG_GP = MIPS_REG_28, 241 | MIPS_REG_SP = MIPS_REG_29, 242 | MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30, 243 | MIPS_REG_RA = MIPS_REG_31, 244 | 245 | MIPS_REG_HI0 = MIPS_REG_AC0, 246 | MIPS_REG_HI1 = MIPS_REG_AC1, 247 | MIPS_REG_HI2 = MIPS_REG_AC2, 248 | MIPS_REG_HI3 = MIPS_REG_AC3, 249 | 250 | MIPS_REG_LO0 = MIPS_REG_HI0, 251 | MIPS_REG_LO1 = MIPS_REG_HI1, 252 | MIPS_REG_LO2 = MIPS_REG_HI2, 253 | MIPS_REG_LO3 = MIPS_REG_HI3, 254 | } mips_reg; 255 | 256 | //> MIPS instruction 257 | typedef enum mips_insn { 258 | MIPS_INS_INVALID = 0, 259 | 260 | MIPS_INS_ABSQ_S, 261 | MIPS_INS_ADD, 262 | MIPS_INS_ADDIUPC, 263 | MIPS_INS_ADDQH, 264 | MIPS_INS_ADDQH_R, 265 | MIPS_INS_ADDQ, 266 | MIPS_INS_ADDQ_S, 267 | MIPS_INS_ADDSC, 268 | MIPS_INS_ADDS_A, 269 | MIPS_INS_ADDS_S, 270 | MIPS_INS_ADDS_U, 271 | MIPS_INS_ADDUH, 272 | MIPS_INS_ADDUH_R, 273 | MIPS_INS_ADDU, 274 | MIPS_INS_ADDU_S, 275 | MIPS_INS_ADDVI, 276 | MIPS_INS_ADDV, 277 | MIPS_INS_ADDWC, 278 | MIPS_INS_ADD_A, 279 | MIPS_INS_ADDI, 280 | MIPS_INS_ADDIU, 281 | MIPS_INS_ALIGN, 282 | MIPS_INS_ALUIPC, 283 | MIPS_INS_AND, 284 | MIPS_INS_ANDI, 285 | MIPS_INS_APPEND, 286 | MIPS_INS_ASUB_S, 287 | MIPS_INS_ASUB_U, 288 | MIPS_INS_AUI, 289 | MIPS_INS_AUIPC, 290 | MIPS_INS_AVER_S, 291 | MIPS_INS_AVER_U, 292 | MIPS_INS_AVE_S, 293 | MIPS_INS_AVE_U, 294 | MIPS_INS_BADDU, 295 | MIPS_INS_BAL, 296 | MIPS_INS_BALC, 297 | MIPS_INS_BALIGN, 298 | MIPS_INS_BC, 299 | MIPS_INS_BC0F, 300 | MIPS_INS_BC0FL, 301 | MIPS_INS_BC0T, 302 | MIPS_INS_BC0TL, 303 | MIPS_INS_BC1EQZ, 304 | MIPS_INS_BC1F, 305 | MIPS_INS_BC1FL, 306 | MIPS_INS_BC1NEZ, 307 | MIPS_INS_BC1T, 308 | MIPS_INS_BC1TL, 309 | MIPS_INS_BC2EQZ, 310 | MIPS_INS_BC2F, 311 | MIPS_INS_BC2FL, 312 | MIPS_INS_BC2NEZ, 313 | MIPS_INS_BC2T, 314 | MIPS_INS_BC2TL, 315 | MIPS_INS_BC3F, 316 | MIPS_INS_BC3FL, 317 | MIPS_INS_BC3T, 318 | MIPS_INS_BC3TL, 319 | MIPS_INS_BCLRI, 320 | MIPS_INS_BCLR, 321 | MIPS_INS_BEQ, 322 | MIPS_INS_BEQC, 323 | MIPS_INS_BEQL, 324 | MIPS_INS_BEQZALC, 325 | MIPS_INS_BEQZC, 326 | MIPS_INS_BGEC, 327 | MIPS_INS_BGEUC, 328 | MIPS_INS_BGEZ, 329 | MIPS_INS_BGEZAL, 330 | MIPS_INS_BGEZALC, 331 | MIPS_INS_BGEZALL, 332 | MIPS_INS_BGEZALS, 333 | MIPS_INS_BGEZC, 334 | MIPS_INS_BGEZL, 335 | MIPS_INS_BGTZ, 336 | MIPS_INS_BGTZALC, 337 | MIPS_INS_BGTZC, 338 | MIPS_INS_BGTZL, 339 | MIPS_INS_BINSLI, 340 | MIPS_INS_BINSL, 341 | MIPS_INS_BINSRI, 342 | MIPS_INS_BINSR, 343 | MIPS_INS_BITREV, 344 | MIPS_INS_BITSWAP, 345 | MIPS_INS_BLEZ, 346 | MIPS_INS_BLEZALC, 347 | MIPS_INS_BLEZC, 348 | MIPS_INS_BLEZL, 349 | MIPS_INS_BLTC, 350 | MIPS_INS_BLTUC, 351 | MIPS_INS_BLTZ, 352 | MIPS_INS_BLTZAL, 353 | MIPS_INS_BLTZALC, 354 | MIPS_INS_BLTZALL, 355 | MIPS_INS_BLTZALS, 356 | MIPS_INS_BLTZC, 357 | MIPS_INS_BLTZL, 358 | MIPS_INS_BMNZI, 359 | MIPS_INS_BMNZ, 360 | MIPS_INS_BMZI, 361 | MIPS_INS_BMZ, 362 | MIPS_INS_BNE, 363 | MIPS_INS_BNEC, 364 | MIPS_INS_BNEGI, 365 | MIPS_INS_BNEG, 366 | MIPS_INS_BNEL, 367 | MIPS_INS_BNEZALC, 368 | MIPS_INS_BNEZC, 369 | MIPS_INS_BNVC, 370 | MIPS_INS_BNZ, 371 | MIPS_INS_BOVC, 372 | MIPS_INS_BPOSGE32, 373 | MIPS_INS_BREAK, 374 | MIPS_INS_BSELI, 375 | MIPS_INS_BSEL, 376 | MIPS_INS_BSETI, 377 | MIPS_INS_BSET, 378 | MIPS_INS_BZ, 379 | MIPS_INS_BEQZ, 380 | MIPS_INS_B, 381 | MIPS_INS_BNEZ, 382 | MIPS_INS_BTEQZ, 383 | MIPS_INS_BTNEZ, 384 | MIPS_INS_CACHE, 385 | MIPS_INS_CEIL, 386 | MIPS_INS_CEQI, 387 | MIPS_INS_CEQ, 388 | MIPS_INS_CFC1, 389 | MIPS_INS_CFCMSA, 390 | MIPS_INS_CINS, 391 | MIPS_INS_CINS32, 392 | MIPS_INS_CLASS, 393 | MIPS_INS_CLEI_S, 394 | MIPS_INS_CLEI_U, 395 | MIPS_INS_CLE_S, 396 | MIPS_INS_CLE_U, 397 | MIPS_INS_CLO, 398 | MIPS_INS_CLTI_S, 399 | MIPS_INS_CLTI_U, 400 | MIPS_INS_CLT_S, 401 | MIPS_INS_CLT_U, 402 | MIPS_INS_CLZ, 403 | MIPS_INS_CMPGDU, 404 | MIPS_INS_CMPGU, 405 | MIPS_INS_CMPU, 406 | MIPS_INS_CMP, 407 | MIPS_INS_COPY_S, 408 | MIPS_INS_COPY_U, 409 | MIPS_INS_CTC1, 410 | MIPS_INS_CTCMSA, 411 | MIPS_INS_CVT, 412 | MIPS_INS_C, 413 | MIPS_INS_CMPI, 414 | MIPS_INS_DADD, 415 | MIPS_INS_DADDI, 416 | MIPS_INS_DADDIU, 417 | MIPS_INS_DADDU, 418 | MIPS_INS_DAHI, 419 | MIPS_INS_DALIGN, 420 | MIPS_INS_DATI, 421 | MIPS_INS_DAUI, 422 | MIPS_INS_DBITSWAP, 423 | MIPS_INS_DCLO, 424 | MIPS_INS_DCLZ, 425 | MIPS_INS_DDIV, 426 | MIPS_INS_DDIVU, 427 | MIPS_INS_DERET, 428 | MIPS_INS_DEXT, 429 | MIPS_INS_DEXTM, 430 | MIPS_INS_DEXTU, 431 | MIPS_INS_DI, 432 | MIPS_INS_DINS, 433 | MIPS_INS_DINSM, 434 | MIPS_INS_DINSU, 435 | MIPS_INS_DIV, 436 | MIPS_INS_DIVU, 437 | MIPS_INS_DIV_S, 438 | MIPS_INS_DIV_U, 439 | MIPS_INS_DLSA, 440 | MIPS_INS_DMFC0, 441 | MIPS_INS_DMFC1, 442 | MIPS_INS_DMFC2, 443 | MIPS_INS_DMOD, 444 | MIPS_INS_DMODU, 445 | MIPS_INS_DMTC0, 446 | MIPS_INS_DMTC1, 447 | MIPS_INS_DMTC2, 448 | MIPS_INS_DMUH, 449 | MIPS_INS_DMUHU, 450 | MIPS_INS_DMUL, 451 | MIPS_INS_DMULT, 452 | MIPS_INS_DMULTU, 453 | MIPS_INS_DMULU, 454 | MIPS_INS_DOTP_S, 455 | MIPS_INS_DOTP_U, 456 | MIPS_INS_DPADD_S, 457 | MIPS_INS_DPADD_U, 458 | MIPS_INS_DPAQX_SA, 459 | MIPS_INS_DPAQX_S, 460 | MIPS_INS_DPAQ_SA, 461 | MIPS_INS_DPAQ_S, 462 | MIPS_INS_DPAU, 463 | MIPS_INS_DPAX, 464 | MIPS_INS_DPA, 465 | MIPS_INS_DPOP, 466 | MIPS_INS_DPSQX_SA, 467 | MIPS_INS_DPSQX_S, 468 | MIPS_INS_DPSQ_SA, 469 | MIPS_INS_DPSQ_S, 470 | MIPS_INS_DPSUB_S, 471 | MIPS_INS_DPSUB_U, 472 | MIPS_INS_DPSU, 473 | MIPS_INS_DPSX, 474 | MIPS_INS_DPS, 475 | MIPS_INS_DROTR, 476 | MIPS_INS_DROTR32, 477 | MIPS_INS_DROTRV, 478 | MIPS_INS_DSBH, 479 | MIPS_INS_DSHD, 480 | MIPS_INS_DSLL, 481 | MIPS_INS_DSLL32, 482 | MIPS_INS_DSLLV, 483 | MIPS_INS_DSRA, 484 | MIPS_INS_DSRA32, 485 | MIPS_INS_DSRAV, 486 | MIPS_INS_DSRL, 487 | MIPS_INS_DSRL32, 488 | MIPS_INS_DSRLV, 489 | MIPS_INS_DSUB, 490 | MIPS_INS_DSUBU, 491 | MIPS_INS_EHB, 492 | MIPS_INS_EI, 493 | MIPS_INS_ERET, 494 | MIPS_INS_EXT, 495 | MIPS_INS_EXTP, 496 | MIPS_INS_EXTPDP, 497 | MIPS_INS_EXTPDPV, 498 | MIPS_INS_EXTPV, 499 | MIPS_INS_EXTRV_RS, 500 | MIPS_INS_EXTRV_R, 501 | MIPS_INS_EXTRV_S, 502 | MIPS_INS_EXTRV, 503 | MIPS_INS_EXTR_RS, 504 | MIPS_INS_EXTR_R, 505 | MIPS_INS_EXTR_S, 506 | MIPS_INS_EXTR, 507 | MIPS_INS_EXTS, 508 | MIPS_INS_EXTS32, 509 | MIPS_INS_ABS, 510 | MIPS_INS_FADD, 511 | MIPS_INS_FCAF, 512 | MIPS_INS_FCEQ, 513 | MIPS_INS_FCLASS, 514 | MIPS_INS_FCLE, 515 | MIPS_INS_FCLT, 516 | MIPS_INS_FCNE, 517 | MIPS_INS_FCOR, 518 | MIPS_INS_FCUEQ, 519 | MIPS_INS_FCULE, 520 | MIPS_INS_FCULT, 521 | MIPS_INS_FCUNE, 522 | MIPS_INS_FCUN, 523 | MIPS_INS_FDIV, 524 | MIPS_INS_FEXDO, 525 | MIPS_INS_FEXP2, 526 | MIPS_INS_FEXUPL, 527 | MIPS_INS_FEXUPR, 528 | MIPS_INS_FFINT_S, 529 | MIPS_INS_FFINT_U, 530 | MIPS_INS_FFQL, 531 | MIPS_INS_FFQR, 532 | MIPS_INS_FILL, 533 | MIPS_INS_FLOG2, 534 | MIPS_INS_FLOOR, 535 | MIPS_INS_FMADD, 536 | MIPS_INS_FMAX_A, 537 | MIPS_INS_FMAX, 538 | MIPS_INS_FMIN_A, 539 | MIPS_INS_FMIN, 540 | MIPS_INS_MOV, 541 | MIPS_INS_FMSUB, 542 | MIPS_INS_FMUL, 543 | MIPS_INS_MUL, 544 | MIPS_INS_NEG, 545 | MIPS_INS_FRCP, 546 | MIPS_INS_FRINT, 547 | MIPS_INS_FRSQRT, 548 | MIPS_INS_FSAF, 549 | MIPS_INS_FSEQ, 550 | MIPS_INS_FSLE, 551 | MIPS_INS_FSLT, 552 | MIPS_INS_FSNE, 553 | MIPS_INS_FSOR, 554 | MIPS_INS_FSQRT, 555 | MIPS_INS_SQRT, 556 | MIPS_INS_FSUB, 557 | MIPS_INS_SUB, 558 | MIPS_INS_FSUEQ, 559 | MIPS_INS_FSULE, 560 | MIPS_INS_FSULT, 561 | MIPS_INS_FSUNE, 562 | MIPS_INS_FSUN, 563 | MIPS_INS_FTINT_S, 564 | MIPS_INS_FTINT_U, 565 | MIPS_INS_FTQ, 566 | MIPS_INS_FTRUNC_S, 567 | MIPS_INS_FTRUNC_U, 568 | MIPS_INS_HADD_S, 569 | MIPS_INS_HADD_U, 570 | MIPS_INS_HSUB_S, 571 | MIPS_INS_HSUB_U, 572 | MIPS_INS_ILVEV, 573 | MIPS_INS_ILVL, 574 | MIPS_INS_ILVOD, 575 | MIPS_INS_ILVR, 576 | MIPS_INS_INS, 577 | MIPS_INS_INSERT, 578 | MIPS_INS_INSV, 579 | MIPS_INS_INSVE, 580 | MIPS_INS_J, 581 | MIPS_INS_JAL, 582 | MIPS_INS_JALR, 583 | MIPS_INS_JALRS, 584 | MIPS_INS_JALS, 585 | MIPS_INS_JALX, 586 | MIPS_INS_JIALC, 587 | MIPS_INS_JIC, 588 | MIPS_INS_JR, 589 | MIPS_INS_JRADDIUSP, 590 | MIPS_INS_JRC, 591 | MIPS_INS_JALRC, 592 | MIPS_INS_LB, 593 | MIPS_INS_LBUX, 594 | MIPS_INS_LBU, 595 | MIPS_INS_LD, 596 | MIPS_INS_LDC1, 597 | MIPS_INS_LDC2, 598 | MIPS_INS_LDC3, 599 | MIPS_INS_LDI, 600 | MIPS_INS_LDL, 601 | MIPS_INS_LDPC, 602 | MIPS_INS_LDR, 603 | MIPS_INS_LDXC1, 604 | MIPS_INS_LH, 605 | MIPS_INS_LHX, 606 | MIPS_INS_LHU, 607 | MIPS_INS_LL, 608 | MIPS_INS_LLD, 609 | MIPS_INS_LSA, 610 | MIPS_INS_LUXC1, 611 | MIPS_INS_LUI, 612 | MIPS_INS_LW, 613 | MIPS_INS_LWC1, 614 | MIPS_INS_LWC2, 615 | MIPS_INS_LWC3, 616 | MIPS_INS_LWL, 617 | MIPS_INS_LWPC, 618 | MIPS_INS_LWR, 619 | MIPS_INS_LWUPC, 620 | MIPS_INS_LWU, 621 | MIPS_INS_LWX, 622 | MIPS_INS_LWXC1, 623 | MIPS_INS_LI, 624 | MIPS_INS_MADD, 625 | MIPS_INS_MADDF, 626 | MIPS_INS_MADDR_Q, 627 | MIPS_INS_MADDU, 628 | MIPS_INS_MADDV, 629 | MIPS_INS_MADD_Q, 630 | MIPS_INS_MAQ_SA, 631 | MIPS_INS_MAQ_S, 632 | MIPS_INS_MAXA, 633 | MIPS_INS_MAXI_S, 634 | MIPS_INS_MAXI_U, 635 | MIPS_INS_MAX_A, 636 | MIPS_INS_MAX, 637 | MIPS_INS_MAX_S, 638 | MIPS_INS_MAX_U, 639 | MIPS_INS_MFC0, 640 | MIPS_INS_MFC1, 641 | MIPS_INS_MFC2, 642 | MIPS_INS_MFHC1, 643 | MIPS_INS_MFHI, 644 | MIPS_INS_MFLO, 645 | MIPS_INS_MINA, 646 | MIPS_INS_MINI_S, 647 | MIPS_INS_MINI_U, 648 | MIPS_INS_MIN_A, 649 | MIPS_INS_MIN, 650 | MIPS_INS_MIN_S, 651 | MIPS_INS_MIN_U, 652 | MIPS_INS_MOD, 653 | MIPS_INS_MODSUB, 654 | MIPS_INS_MODU, 655 | MIPS_INS_MOD_S, 656 | MIPS_INS_MOD_U, 657 | MIPS_INS_MOVE, 658 | MIPS_INS_MOVF, 659 | MIPS_INS_MOVN, 660 | MIPS_INS_MOVT, 661 | MIPS_INS_MOVZ, 662 | MIPS_INS_MSUB, 663 | MIPS_INS_MSUBF, 664 | MIPS_INS_MSUBR_Q, 665 | MIPS_INS_MSUBU, 666 | MIPS_INS_MSUBV, 667 | MIPS_INS_MSUB_Q, 668 | MIPS_INS_MTC0, 669 | MIPS_INS_MTC1, 670 | MIPS_INS_MTC2, 671 | MIPS_INS_MTHC1, 672 | MIPS_INS_MTHI, 673 | MIPS_INS_MTHLIP, 674 | MIPS_INS_MTLO, 675 | MIPS_INS_MTM0, 676 | MIPS_INS_MTM1, 677 | MIPS_INS_MTM2, 678 | MIPS_INS_MTP0, 679 | MIPS_INS_MTP1, 680 | MIPS_INS_MTP2, 681 | MIPS_INS_MUH, 682 | MIPS_INS_MUHU, 683 | MIPS_INS_MULEQ_S, 684 | MIPS_INS_MULEU_S, 685 | MIPS_INS_MULQ_RS, 686 | MIPS_INS_MULQ_S, 687 | MIPS_INS_MULR_Q, 688 | MIPS_INS_MULSAQ_S, 689 | MIPS_INS_MULSA, 690 | MIPS_INS_MULT, 691 | MIPS_INS_MULTU, 692 | MIPS_INS_MULU, 693 | MIPS_INS_MULV, 694 | MIPS_INS_MUL_Q, 695 | MIPS_INS_MUL_S, 696 | MIPS_INS_NLOC, 697 | MIPS_INS_NLZC, 698 | MIPS_INS_NMADD, 699 | MIPS_INS_NMSUB, 700 | MIPS_INS_NOR, 701 | MIPS_INS_NORI, 702 | MIPS_INS_NOT, 703 | MIPS_INS_OR, 704 | MIPS_INS_ORI, 705 | MIPS_INS_PACKRL, 706 | MIPS_INS_PAUSE, 707 | MIPS_INS_PCKEV, 708 | MIPS_INS_PCKOD, 709 | MIPS_INS_PCNT, 710 | MIPS_INS_PICK, 711 | MIPS_INS_POP, 712 | MIPS_INS_PRECEQU, 713 | MIPS_INS_PRECEQ, 714 | MIPS_INS_PRECEU, 715 | MIPS_INS_PRECRQU_S, 716 | MIPS_INS_PRECRQ, 717 | MIPS_INS_PRECRQ_RS, 718 | MIPS_INS_PRECR, 719 | MIPS_INS_PRECR_SRA, 720 | MIPS_INS_PRECR_SRA_R, 721 | MIPS_INS_PREF, 722 | MIPS_INS_PREPEND, 723 | MIPS_INS_RADDU, 724 | MIPS_INS_RDDSP, 725 | MIPS_INS_RDHWR, 726 | MIPS_INS_REPLV, 727 | MIPS_INS_REPL, 728 | MIPS_INS_RINT, 729 | MIPS_INS_ROTR, 730 | MIPS_INS_ROTRV, 731 | MIPS_INS_ROUND, 732 | MIPS_INS_SAT_S, 733 | MIPS_INS_SAT_U, 734 | MIPS_INS_SB, 735 | MIPS_INS_SC, 736 | MIPS_INS_SCD, 737 | MIPS_INS_SD, 738 | MIPS_INS_SDBBP, 739 | MIPS_INS_SDC1, 740 | MIPS_INS_SDC2, 741 | MIPS_INS_SDC3, 742 | MIPS_INS_SDL, 743 | MIPS_INS_SDR, 744 | MIPS_INS_SDXC1, 745 | MIPS_INS_SEB, 746 | MIPS_INS_SEH, 747 | MIPS_INS_SELEQZ, 748 | MIPS_INS_SELNEZ, 749 | MIPS_INS_SEL, 750 | MIPS_INS_SEQ, 751 | MIPS_INS_SEQI, 752 | MIPS_INS_SH, 753 | MIPS_INS_SHF, 754 | MIPS_INS_SHILO, 755 | MIPS_INS_SHILOV, 756 | MIPS_INS_SHLLV, 757 | MIPS_INS_SHLLV_S, 758 | MIPS_INS_SHLL, 759 | MIPS_INS_SHLL_S, 760 | MIPS_INS_SHRAV, 761 | MIPS_INS_SHRAV_R, 762 | MIPS_INS_SHRA, 763 | MIPS_INS_SHRA_R, 764 | MIPS_INS_SHRLV, 765 | MIPS_INS_SHRL, 766 | MIPS_INS_SLDI, 767 | MIPS_INS_SLD, 768 | MIPS_INS_SLL, 769 | MIPS_INS_SLLI, 770 | MIPS_INS_SLLV, 771 | MIPS_INS_SLT, 772 | MIPS_INS_SLTI, 773 | MIPS_INS_SLTIU, 774 | MIPS_INS_SLTU, 775 | MIPS_INS_SNE, 776 | MIPS_INS_SNEI, 777 | MIPS_INS_SPLATI, 778 | MIPS_INS_SPLAT, 779 | MIPS_INS_SRA, 780 | MIPS_INS_SRAI, 781 | MIPS_INS_SRARI, 782 | MIPS_INS_SRAR, 783 | MIPS_INS_SRAV, 784 | MIPS_INS_SRL, 785 | MIPS_INS_SRLI, 786 | MIPS_INS_SRLRI, 787 | MIPS_INS_SRLR, 788 | MIPS_INS_SRLV, 789 | MIPS_INS_SSNOP, 790 | MIPS_INS_ST, 791 | MIPS_INS_SUBQH, 792 | MIPS_INS_SUBQH_R, 793 | MIPS_INS_SUBQ, 794 | MIPS_INS_SUBQ_S, 795 | MIPS_INS_SUBSUS_U, 796 | MIPS_INS_SUBSUU_S, 797 | MIPS_INS_SUBS_S, 798 | MIPS_INS_SUBS_U, 799 | MIPS_INS_SUBUH, 800 | MIPS_INS_SUBUH_R, 801 | MIPS_INS_SUBU, 802 | MIPS_INS_SUBU_S, 803 | MIPS_INS_SUBVI, 804 | MIPS_INS_SUBV, 805 | MIPS_INS_SUXC1, 806 | MIPS_INS_SW, 807 | MIPS_INS_SWC1, 808 | MIPS_INS_SWC2, 809 | MIPS_INS_SWC3, 810 | MIPS_INS_SWL, 811 | MIPS_INS_SWR, 812 | MIPS_INS_SWXC1, 813 | MIPS_INS_SYNC, 814 | MIPS_INS_SYSCALL, 815 | MIPS_INS_TEQ, 816 | MIPS_INS_TEQI, 817 | MIPS_INS_TGE, 818 | MIPS_INS_TGEI, 819 | MIPS_INS_TGEIU, 820 | MIPS_INS_TGEU, 821 | MIPS_INS_TLBP, 822 | MIPS_INS_TLBR, 823 | MIPS_INS_TLBWI, 824 | MIPS_INS_TLBWR, 825 | MIPS_INS_TLT, 826 | MIPS_INS_TLTI, 827 | MIPS_INS_TLTIU, 828 | MIPS_INS_TLTU, 829 | MIPS_INS_TNE, 830 | MIPS_INS_TNEI, 831 | MIPS_INS_TRUNC, 832 | MIPS_INS_V3MULU, 833 | MIPS_INS_VMM0, 834 | MIPS_INS_VMULU, 835 | MIPS_INS_VSHF, 836 | MIPS_INS_WAIT, 837 | MIPS_INS_WRDSP, 838 | MIPS_INS_WSBH, 839 | MIPS_INS_XOR, 840 | MIPS_INS_XORI, 841 | 842 | //> some alias instructions 843 | MIPS_INS_NOP, 844 | MIPS_INS_NEGU, 845 | 846 | //> special instructions 847 | MIPS_INS_JALR_HB, // jump and link with Hazard Barrier 848 | MIPS_INS_JR_HB, // jump register with Hazard Barrier 849 | 850 | MIPS_INS_ENDING, 851 | } mips_insn; 852 | 853 | //> Group of MIPS instructions 854 | typedef enum mips_insn_group { 855 | MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID 856 | 857 | //> Generic groups 858 | // all jump instructions (conditional+direct+indirect jumps) 859 | MIPS_GRP_JUMP, // = CS_GRP_JUMP 860 | 861 | //> Architecture-specific groups 862 | MIPS_GRP_BITCOUNT = 128, 863 | MIPS_GRP_DSP, 864 | MIPS_GRP_DSPR2, 865 | MIPS_GRP_FPIDX, 866 | MIPS_GRP_MSA, 867 | MIPS_GRP_MIPS32R2, 868 | MIPS_GRP_MIPS64, 869 | MIPS_GRP_MIPS64R2, 870 | MIPS_GRP_SEINREG, 871 | MIPS_GRP_STDENC, 872 | MIPS_GRP_SWAP, 873 | MIPS_GRP_MICROMIPS, 874 | MIPS_GRP_MIPS16MODE, 875 | MIPS_GRP_FP64BIT, 876 | MIPS_GRP_NONANSFPMATH, 877 | MIPS_GRP_NOTFP64BIT, 878 | MIPS_GRP_NOTINMICROMIPS, 879 | MIPS_GRP_NOTNACL, 880 | MIPS_GRP_NOTMIPS32R6, 881 | MIPS_GRP_NOTMIPS64R6, 882 | MIPS_GRP_CNMIPS, 883 | MIPS_GRP_MIPS32, 884 | MIPS_GRP_MIPS32R6, 885 | MIPS_GRP_MIPS64R6, 886 | MIPS_GRP_MIPS2, 887 | MIPS_GRP_MIPS3, 888 | MIPS_GRP_MIPS3_32, 889 | MIPS_GRP_MIPS3_32R2, 890 | MIPS_GRP_MIPS4_32, 891 | MIPS_GRP_MIPS4_32R2, 892 | MIPS_GRP_MIPS5_32R2, 893 | MIPS_GRP_GP32BIT, 894 | MIPS_GRP_GP64BIT, 895 | 896 | MIPS_GRP_ENDING, 897 | } mips_insn_group; 898 | 899 | #ifdef __cplusplus 900 | } 901 | #endif 902 | 903 | #endif 904 | -------------------------------------------------------------------------------- /CaptainHook/include/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | // handle C99 issue (for pre-2013 VisualStudio) 5 | #ifndef CAPSTONE_PLATFORM_H 6 | #define CAPSTONE_PLATFORM_H 7 | 8 | #if !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 9 | // MSVC 10 | 11 | // stdbool.h 12 | #if (_MSC_VER < 1800) 13 | #ifndef __cplusplus 14 | typedef unsigned char bool; 15 | #define false 0 16 | #define true 1 17 | #endif 18 | 19 | #else 20 | // VisualStudio 2013+ -> C99 is supported 21 | #include 22 | #endif 23 | 24 | #else // not MSVC -> C99 is supported 25 | #include 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /CaptainHook/include/ppc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_PPC_H 2 | #define CAPSTONE_PPC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> PPC branch codes for some branch instructions 19 | typedef enum ppc_bc { 20 | PPC_BC_INVALID = 0, 21 | PPC_BC_LT = (0 << 5) | 12, 22 | PPC_BC_LE = (1 << 5) | 4, 23 | PPC_BC_EQ = (2 << 5) | 12, 24 | PPC_BC_GE = (0 << 5) | 4, 25 | PPC_BC_GT = (1 << 5) | 12, 26 | PPC_BC_NE = (2 << 5) | 4, 27 | PPC_BC_UN = (3 << 5) | 12, 28 | PPC_BC_NU = (3 << 5) | 4, 29 | 30 | // extra conditions 31 | PPC_BC_SO = (4 << 5) | 12, // summary overflow 32 | PPC_BC_NS = (4 << 5) | 4, // not summary overflow 33 | } ppc_bc; 34 | 35 | //> PPC branch hint for some branch instructions 36 | typedef enum ppc_bh { 37 | PPC_BH_INVALID = 0, // no hint 38 | PPC_BH_PLUS, // PLUS hint 39 | PPC_BH_MINUS, // MINUS hint 40 | } ppc_bh; 41 | 42 | //> Operand type for instruction's operands 43 | typedef enum ppc_op_type { 44 | PPC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 45 | PPC_OP_REG, // = CS_OP_REG (Register operand). 46 | PPC_OP_IMM, // = CS_OP_IMM (Immediate operand). 47 | PPC_OP_MEM, // = CS_OP_MEM (Memory operand). 48 | PPC_OP_CRX = 64, // Condition Register field 49 | } ppc_op_type; 50 | 51 | // Instruction's operand referring to memory 52 | // This is associated with PPC_OP_MEM operand type above 53 | typedef struct ppc_op_mem { 54 | unsigned int base; // base register 55 | int32_t disp; // displacement/offset value 56 | } ppc_op_mem; 57 | 58 | typedef struct ppc_op_crx { 59 | unsigned int scale; 60 | unsigned int reg; 61 | ppc_bc cond; 62 | } ppc_op_crx; 63 | 64 | // Instruction operand 65 | typedef struct cs_ppc_op { 66 | ppc_op_type type; // operand type 67 | union { 68 | unsigned int reg; // register value for REG operand 69 | int32_t imm; // immediate value for IMM operand 70 | ppc_op_mem mem; // base/disp value for MEM operand 71 | ppc_op_crx crx; // operand with condition register 72 | }; 73 | } cs_ppc_op; 74 | 75 | // Instruction structure 76 | typedef struct cs_ppc { 77 | // branch code for branch instructions 78 | ppc_bc bc; 79 | 80 | // branch hint for branch instructions 81 | ppc_bh bh; 82 | 83 | // if update_cr0 = True, then this 'dot' insn updates CR0 84 | bool update_cr0; 85 | 86 | // Number of operands of this instruction, 87 | // or 0 when instruction has no operand. 88 | uint8_t op_count; 89 | cs_ppc_op operands[8]; // operands for this instruction. 90 | } cs_ppc; 91 | 92 | //> PPC registers 93 | typedef enum ppc_reg { 94 | PPC_REG_INVALID = 0, 95 | 96 | PPC_REG_CARRY, 97 | PPC_REG_CC, 98 | PPC_REG_CR0, 99 | PPC_REG_CR1, 100 | PPC_REG_CR2, 101 | PPC_REG_CR3, 102 | PPC_REG_CR4, 103 | PPC_REG_CR5, 104 | PPC_REG_CR6, 105 | PPC_REG_CR7, 106 | PPC_REG_CTR, 107 | PPC_REG_F0, 108 | PPC_REG_F1, 109 | PPC_REG_F2, 110 | PPC_REG_F3, 111 | PPC_REG_F4, 112 | PPC_REG_F5, 113 | PPC_REG_F6, 114 | PPC_REG_F7, 115 | PPC_REG_F8, 116 | PPC_REG_F9, 117 | PPC_REG_F10, 118 | PPC_REG_F11, 119 | PPC_REG_F12, 120 | PPC_REG_F13, 121 | PPC_REG_F14, 122 | PPC_REG_F15, 123 | PPC_REG_F16, 124 | PPC_REG_F17, 125 | PPC_REG_F18, 126 | PPC_REG_F19, 127 | PPC_REG_F20, 128 | PPC_REG_F21, 129 | PPC_REG_F22, 130 | PPC_REG_F23, 131 | PPC_REG_F24, 132 | PPC_REG_F25, 133 | PPC_REG_F26, 134 | PPC_REG_F27, 135 | PPC_REG_F28, 136 | PPC_REG_F29, 137 | PPC_REG_F30, 138 | PPC_REG_F31, 139 | PPC_REG_LR, 140 | PPC_REG_R0, 141 | PPC_REG_R1, 142 | PPC_REG_R2, 143 | PPC_REG_R3, 144 | PPC_REG_R4, 145 | PPC_REG_R5, 146 | PPC_REG_R6, 147 | PPC_REG_R7, 148 | PPC_REG_R8, 149 | PPC_REG_R9, 150 | PPC_REG_R10, 151 | PPC_REG_R11, 152 | PPC_REG_R12, 153 | PPC_REG_R13, 154 | PPC_REG_R14, 155 | PPC_REG_R15, 156 | PPC_REG_R16, 157 | PPC_REG_R17, 158 | PPC_REG_R18, 159 | PPC_REG_R19, 160 | PPC_REG_R20, 161 | PPC_REG_R21, 162 | PPC_REG_R22, 163 | PPC_REG_R23, 164 | PPC_REG_R24, 165 | PPC_REG_R25, 166 | PPC_REG_R26, 167 | PPC_REG_R27, 168 | PPC_REG_R28, 169 | PPC_REG_R29, 170 | PPC_REG_R30, 171 | PPC_REG_R31, 172 | PPC_REG_V0, 173 | PPC_REG_V1, 174 | PPC_REG_V2, 175 | PPC_REG_V3, 176 | PPC_REG_V4, 177 | PPC_REG_V5, 178 | PPC_REG_V6, 179 | PPC_REG_V7, 180 | PPC_REG_V8, 181 | PPC_REG_V9, 182 | PPC_REG_V10, 183 | PPC_REG_V11, 184 | PPC_REG_V12, 185 | PPC_REG_V13, 186 | PPC_REG_V14, 187 | PPC_REG_V15, 188 | PPC_REG_V16, 189 | PPC_REG_V17, 190 | PPC_REG_V18, 191 | PPC_REG_V19, 192 | PPC_REG_V20, 193 | PPC_REG_V21, 194 | PPC_REG_V22, 195 | PPC_REG_V23, 196 | PPC_REG_V24, 197 | PPC_REG_V25, 198 | PPC_REG_V26, 199 | PPC_REG_V27, 200 | PPC_REG_V28, 201 | PPC_REG_V29, 202 | PPC_REG_V30, 203 | PPC_REG_V31, 204 | PPC_REG_VRSAVE, 205 | PPC_REG_VS0, 206 | PPC_REG_VS1, 207 | PPC_REG_VS2, 208 | PPC_REG_VS3, 209 | PPC_REG_VS4, 210 | PPC_REG_VS5, 211 | PPC_REG_VS6, 212 | PPC_REG_VS7, 213 | PPC_REG_VS8, 214 | PPC_REG_VS9, 215 | PPC_REG_VS10, 216 | PPC_REG_VS11, 217 | PPC_REG_VS12, 218 | PPC_REG_VS13, 219 | PPC_REG_VS14, 220 | PPC_REG_VS15, 221 | PPC_REG_VS16, 222 | PPC_REG_VS17, 223 | PPC_REG_VS18, 224 | PPC_REG_VS19, 225 | PPC_REG_VS20, 226 | PPC_REG_VS21, 227 | PPC_REG_VS22, 228 | PPC_REG_VS23, 229 | PPC_REG_VS24, 230 | PPC_REG_VS25, 231 | PPC_REG_VS26, 232 | PPC_REG_VS27, 233 | PPC_REG_VS28, 234 | PPC_REG_VS29, 235 | PPC_REG_VS30, 236 | PPC_REG_VS31, 237 | PPC_REG_VS32, 238 | PPC_REG_VS33, 239 | PPC_REG_VS34, 240 | PPC_REG_VS35, 241 | PPC_REG_VS36, 242 | PPC_REG_VS37, 243 | PPC_REG_VS38, 244 | PPC_REG_VS39, 245 | PPC_REG_VS40, 246 | PPC_REG_VS41, 247 | PPC_REG_VS42, 248 | PPC_REG_VS43, 249 | PPC_REG_VS44, 250 | PPC_REG_VS45, 251 | PPC_REG_VS46, 252 | PPC_REG_VS47, 253 | PPC_REG_VS48, 254 | PPC_REG_VS49, 255 | PPC_REG_VS50, 256 | PPC_REG_VS51, 257 | PPC_REG_VS52, 258 | PPC_REG_VS53, 259 | PPC_REG_VS54, 260 | PPC_REG_VS55, 261 | PPC_REG_VS56, 262 | PPC_REG_VS57, 263 | PPC_REG_VS58, 264 | PPC_REG_VS59, 265 | PPC_REG_VS60, 266 | PPC_REG_VS61, 267 | PPC_REG_VS62, 268 | PPC_REG_VS63, 269 | 270 | // extra registers for PPCMapping.c 271 | PPC_REG_RM, 272 | PPC_REG_CTR8, 273 | PPC_REG_LR8, 274 | PPC_REG_CR1EQ, 275 | 276 | PPC_REG_ENDING, // <-- mark the end of the list of registers 277 | } ppc_reg; 278 | 279 | //> PPC instruction 280 | typedef enum ppc_insn { 281 | PPC_INS_INVALID = 0, 282 | 283 | PPC_INS_ADD, 284 | PPC_INS_ADDC, 285 | PPC_INS_ADDE, 286 | PPC_INS_ADDI, 287 | PPC_INS_ADDIC, 288 | PPC_INS_ADDIS, 289 | PPC_INS_ADDME, 290 | PPC_INS_ADDZE, 291 | PPC_INS_AND, 292 | PPC_INS_ANDC, 293 | PPC_INS_ANDIS, 294 | PPC_INS_ANDI, 295 | PPC_INS_B, 296 | PPC_INS_BA, 297 | PPC_INS_BC, 298 | PPC_INS_BCCTR, 299 | PPC_INS_BCCTRL, 300 | PPC_INS_BCL, 301 | PPC_INS_BCLR, 302 | PPC_INS_BCLRL, 303 | PPC_INS_BCTR, 304 | PPC_INS_BCTRL, 305 | PPC_INS_BDNZ, 306 | PPC_INS_BDNZA, 307 | PPC_INS_BDNZL, 308 | PPC_INS_BDNZLA, 309 | PPC_INS_BDNZLR, 310 | PPC_INS_BDNZLRL, 311 | PPC_INS_BDZ, 312 | PPC_INS_BDZA, 313 | PPC_INS_BDZL, 314 | PPC_INS_BDZLA, 315 | PPC_INS_BDZLR, 316 | PPC_INS_BDZLRL, 317 | PPC_INS_BL, 318 | PPC_INS_BLA, 319 | PPC_INS_BLR, 320 | PPC_INS_BLRL, 321 | PPC_INS_BRINC, 322 | PPC_INS_CMPD, 323 | PPC_INS_CMPDI, 324 | PPC_INS_CMPLD, 325 | PPC_INS_CMPLDI, 326 | PPC_INS_CMPLW, 327 | PPC_INS_CMPLWI, 328 | PPC_INS_CMPW, 329 | PPC_INS_CMPWI, 330 | PPC_INS_CNTLZD, 331 | PPC_INS_CNTLZW, 332 | PPC_INS_CREQV, 333 | PPC_INS_CRXOR, 334 | PPC_INS_CRAND, 335 | PPC_INS_CRANDC, 336 | PPC_INS_CRNAND, 337 | PPC_INS_CRNOR, 338 | PPC_INS_CROR, 339 | PPC_INS_CRORC, 340 | PPC_INS_DCBA, 341 | PPC_INS_DCBF, 342 | PPC_INS_DCBI, 343 | PPC_INS_DCBST, 344 | PPC_INS_DCBT, 345 | PPC_INS_DCBTST, 346 | PPC_INS_DCBZ, 347 | PPC_INS_DCBZL, 348 | PPC_INS_DCCCI, 349 | PPC_INS_DIVD, 350 | PPC_INS_DIVDU, 351 | PPC_INS_DIVW, 352 | PPC_INS_DIVWU, 353 | PPC_INS_DSS, 354 | PPC_INS_DSSALL, 355 | PPC_INS_DST, 356 | PPC_INS_DSTST, 357 | PPC_INS_DSTSTT, 358 | PPC_INS_DSTT, 359 | PPC_INS_EIEIO, 360 | PPC_INS_EQV, 361 | PPC_INS_EVABS, 362 | PPC_INS_EVADDIW, 363 | PPC_INS_EVADDSMIAAW, 364 | PPC_INS_EVADDSSIAAW, 365 | PPC_INS_EVADDUMIAAW, 366 | PPC_INS_EVADDUSIAAW, 367 | PPC_INS_EVADDW, 368 | PPC_INS_EVAND, 369 | PPC_INS_EVANDC, 370 | PPC_INS_EVCMPEQ, 371 | PPC_INS_EVCMPGTS, 372 | PPC_INS_EVCMPGTU, 373 | PPC_INS_EVCMPLTS, 374 | PPC_INS_EVCMPLTU, 375 | PPC_INS_EVCNTLSW, 376 | PPC_INS_EVCNTLZW, 377 | PPC_INS_EVDIVWS, 378 | PPC_INS_EVDIVWU, 379 | PPC_INS_EVEQV, 380 | PPC_INS_EVEXTSB, 381 | PPC_INS_EVEXTSH, 382 | PPC_INS_EVLDD, 383 | PPC_INS_EVLDDX, 384 | PPC_INS_EVLDH, 385 | PPC_INS_EVLDHX, 386 | PPC_INS_EVLDW, 387 | PPC_INS_EVLDWX, 388 | PPC_INS_EVLHHESPLAT, 389 | PPC_INS_EVLHHESPLATX, 390 | PPC_INS_EVLHHOSSPLAT, 391 | PPC_INS_EVLHHOSSPLATX, 392 | PPC_INS_EVLHHOUSPLAT, 393 | PPC_INS_EVLHHOUSPLATX, 394 | PPC_INS_EVLWHE, 395 | PPC_INS_EVLWHEX, 396 | PPC_INS_EVLWHOS, 397 | PPC_INS_EVLWHOSX, 398 | PPC_INS_EVLWHOU, 399 | PPC_INS_EVLWHOUX, 400 | PPC_INS_EVLWHSPLAT, 401 | PPC_INS_EVLWHSPLATX, 402 | PPC_INS_EVLWWSPLAT, 403 | PPC_INS_EVLWWSPLATX, 404 | PPC_INS_EVMERGEHI, 405 | PPC_INS_EVMERGEHILO, 406 | PPC_INS_EVMERGELO, 407 | PPC_INS_EVMERGELOHI, 408 | PPC_INS_EVMHEGSMFAA, 409 | PPC_INS_EVMHEGSMFAN, 410 | PPC_INS_EVMHEGSMIAA, 411 | PPC_INS_EVMHEGSMIAN, 412 | PPC_INS_EVMHEGUMIAA, 413 | PPC_INS_EVMHEGUMIAN, 414 | PPC_INS_EVMHESMF, 415 | PPC_INS_EVMHESMFA, 416 | PPC_INS_EVMHESMFAAW, 417 | PPC_INS_EVMHESMFANW, 418 | PPC_INS_EVMHESMI, 419 | PPC_INS_EVMHESMIA, 420 | PPC_INS_EVMHESMIAAW, 421 | PPC_INS_EVMHESMIANW, 422 | PPC_INS_EVMHESSF, 423 | PPC_INS_EVMHESSFA, 424 | PPC_INS_EVMHESSFAAW, 425 | PPC_INS_EVMHESSFANW, 426 | PPC_INS_EVMHESSIAAW, 427 | PPC_INS_EVMHESSIANW, 428 | PPC_INS_EVMHEUMI, 429 | PPC_INS_EVMHEUMIA, 430 | PPC_INS_EVMHEUMIAAW, 431 | PPC_INS_EVMHEUMIANW, 432 | PPC_INS_EVMHEUSIAAW, 433 | PPC_INS_EVMHEUSIANW, 434 | PPC_INS_EVMHOGSMFAA, 435 | PPC_INS_EVMHOGSMFAN, 436 | PPC_INS_EVMHOGSMIAA, 437 | PPC_INS_EVMHOGSMIAN, 438 | PPC_INS_EVMHOGUMIAA, 439 | PPC_INS_EVMHOGUMIAN, 440 | PPC_INS_EVMHOSMF, 441 | PPC_INS_EVMHOSMFA, 442 | PPC_INS_EVMHOSMFAAW, 443 | PPC_INS_EVMHOSMFANW, 444 | PPC_INS_EVMHOSMI, 445 | PPC_INS_EVMHOSMIA, 446 | PPC_INS_EVMHOSMIAAW, 447 | PPC_INS_EVMHOSMIANW, 448 | PPC_INS_EVMHOSSF, 449 | PPC_INS_EVMHOSSFA, 450 | PPC_INS_EVMHOSSFAAW, 451 | PPC_INS_EVMHOSSFANW, 452 | PPC_INS_EVMHOSSIAAW, 453 | PPC_INS_EVMHOSSIANW, 454 | PPC_INS_EVMHOUMI, 455 | PPC_INS_EVMHOUMIA, 456 | PPC_INS_EVMHOUMIAAW, 457 | PPC_INS_EVMHOUMIANW, 458 | PPC_INS_EVMHOUSIAAW, 459 | PPC_INS_EVMHOUSIANW, 460 | PPC_INS_EVMRA, 461 | PPC_INS_EVMWHSMF, 462 | PPC_INS_EVMWHSMFA, 463 | PPC_INS_EVMWHSMI, 464 | PPC_INS_EVMWHSMIA, 465 | PPC_INS_EVMWHSSF, 466 | PPC_INS_EVMWHSSFA, 467 | PPC_INS_EVMWHUMI, 468 | PPC_INS_EVMWHUMIA, 469 | PPC_INS_EVMWLSMIAAW, 470 | PPC_INS_EVMWLSMIANW, 471 | PPC_INS_EVMWLSSIAAW, 472 | PPC_INS_EVMWLSSIANW, 473 | PPC_INS_EVMWLUMI, 474 | PPC_INS_EVMWLUMIA, 475 | PPC_INS_EVMWLUMIAAW, 476 | PPC_INS_EVMWLUMIANW, 477 | PPC_INS_EVMWLUSIAAW, 478 | PPC_INS_EVMWLUSIANW, 479 | PPC_INS_EVMWSMF, 480 | PPC_INS_EVMWSMFA, 481 | PPC_INS_EVMWSMFAA, 482 | PPC_INS_EVMWSMFAN, 483 | PPC_INS_EVMWSMI, 484 | PPC_INS_EVMWSMIA, 485 | PPC_INS_EVMWSMIAA, 486 | PPC_INS_EVMWSMIAN, 487 | PPC_INS_EVMWSSF, 488 | PPC_INS_EVMWSSFA, 489 | PPC_INS_EVMWSSFAA, 490 | PPC_INS_EVMWSSFAN, 491 | PPC_INS_EVMWUMI, 492 | PPC_INS_EVMWUMIA, 493 | PPC_INS_EVMWUMIAA, 494 | PPC_INS_EVMWUMIAN, 495 | PPC_INS_EVNAND, 496 | PPC_INS_EVNEG, 497 | PPC_INS_EVNOR, 498 | PPC_INS_EVOR, 499 | PPC_INS_EVORC, 500 | PPC_INS_EVRLW, 501 | PPC_INS_EVRLWI, 502 | PPC_INS_EVRNDW, 503 | PPC_INS_EVSLW, 504 | PPC_INS_EVSLWI, 505 | PPC_INS_EVSPLATFI, 506 | PPC_INS_EVSPLATI, 507 | PPC_INS_EVSRWIS, 508 | PPC_INS_EVSRWIU, 509 | PPC_INS_EVSRWS, 510 | PPC_INS_EVSRWU, 511 | PPC_INS_EVSTDD, 512 | PPC_INS_EVSTDDX, 513 | PPC_INS_EVSTDH, 514 | PPC_INS_EVSTDHX, 515 | PPC_INS_EVSTDW, 516 | PPC_INS_EVSTDWX, 517 | PPC_INS_EVSTWHE, 518 | PPC_INS_EVSTWHEX, 519 | PPC_INS_EVSTWHO, 520 | PPC_INS_EVSTWHOX, 521 | PPC_INS_EVSTWWE, 522 | PPC_INS_EVSTWWEX, 523 | PPC_INS_EVSTWWO, 524 | PPC_INS_EVSTWWOX, 525 | PPC_INS_EVSUBFSMIAAW, 526 | PPC_INS_EVSUBFSSIAAW, 527 | PPC_INS_EVSUBFUMIAAW, 528 | PPC_INS_EVSUBFUSIAAW, 529 | PPC_INS_EVSUBFW, 530 | PPC_INS_EVSUBIFW, 531 | PPC_INS_EVXOR, 532 | PPC_INS_EXTSB, 533 | PPC_INS_EXTSH, 534 | PPC_INS_EXTSW, 535 | PPC_INS_FABS, 536 | PPC_INS_FADD, 537 | PPC_INS_FADDS, 538 | PPC_INS_FCFID, 539 | PPC_INS_FCFIDS, 540 | PPC_INS_FCFIDU, 541 | PPC_INS_FCFIDUS, 542 | PPC_INS_FCMPU, 543 | PPC_INS_FCPSGN, 544 | PPC_INS_FCTID, 545 | PPC_INS_FCTIDUZ, 546 | PPC_INS_FCTIDZ, 547 | PPC_INS_FCTIW, 548 | PPC_INS_FCTIWUZ, 549 | PPC_INS_FCTIWZ, 550 | PPC_INS_FDIV, 551 | PPC_INS_FDIVS, 552 | PPC_INS_FMADD, 553 | PPC_INS_FMADDS, 554 | PPC_INS_FMR, 555 | PPC_INS_FMSUB, 556 | PPC_INS_FMSUBS, 557 | PPC_INS_FMUL, 558 | PPC_INS_FMULS, 559 | PPC_INS_FNABS, 560 | PPC_INS_FNEG, 561 | PPC_INS_FNMADD, 562 | PPC_INS_FNMADDS, 563 | PPC_INS_FNMSUB, 564 | PPC_INS_FNMSUBS, 565 | PPC_INS_FRE, 566 | PPC_INS_FRES, 567 | PPC_INS_FRIM, 568 | PPC_INS_FRIN, 569 | PPC_INS_FRIP, 570 | PPC_INS_FRIZ, 571 | PPC_INS_FRSP, 572 | PPC_INS_FRSQRTE, 573 | PPC_INS_FRSQRTES, 574 | PPC_INS_FSEL, 575 | PPC_INS_FSQRT, 576 | PPC_INS_FSQRTS, 577 | PPC_INS_FSUB, 578 | PPC_INS_FSUBS, 579 | PPC_INS_ICBI, 580 | PPC_INS_ICCCI, 581 | PPC_INS_ISEL, 582 | PPC_INS_ISYNC, 583 | PPC_INS_LA, 584 | PPC_INS_LBZ, 585 | PPC_INS_LBZU, 586 | PPC_INS_LBZUX, 587 | PPC_INS_LBZX, 588 | PPC_INS_LD, 589 | PPC_INS_LDARX, 590 | PPC_INS_LDBRX, 591 | PPC_INS_LDU, 592 | PPC_INS_LDUX, 593 | PPC_INS_LDX, 594 | PPC_INS_LFD, 595 | PPC_INS_LFDU, 596 | PPC_INS_LFDUX, 597 | PPC_INS_LFDX, 598 | PPC_INS_LFIWAX, 599 | PPC_INS_LFIWZX, 600 | PPC_INS_LFS, 601 | PPC_INS_LFSU, 602 | PPC_INS_LFSUX, 603 | PPC_INS_LFSX, 604 | PPC_INS_LHA, 605 | PPC_INS_LHAU, 606 | PPC_INS_LHAUX, 607 | PPC_INS_LHAX, 608 | PPC_INS_LHBRX, 609 | PPC_INS_LHZ, 610 | PPC_INS_LHZU, 611 | PPC_INS_LHZUX, 612 | PPC_INS_LHZX, 613 | PPC_INS_LI, 614 | PPC_INS_LIS, 615 | PPC_INS_LMW, 616 | PPC_INS_LSWI, 617 | PPC_INS_LVEBX, 618 | PPC_INS_LVEHX, 619 | PPC_INS_LVEWX, 620 | PPC_INS_LVSL, 621 | PPC_INS_LVSR, 622 | PPC_INS_LVX, 623 | PPC_INS_LVXL, 624 | PPC_INS_LWA, 625 | PPC_INS_LWARX, 626 | PPC_INS_LWAUX, 627 | PPC_INS_LWAX, 628 | PPC_INS_LWBRX, 629 | PPC_INS_LWZ, 630 | PPC_INS_LWZU, 631 | PPC_INS_LWZUX, 632 | PPC_INS_LWZX, 633 | PPC_INS_LXSDX, 634 | PPC_INS_LXVD2X, 635 | PPC_INS_LXVDSX, 636 | PPC_INS_LXVW4X, 637 | PPC_INS_MBAR, 638 | PPC_INS_MCRF, 639 | PPC_INS_MFCR, 640 | PPC_INS_MFCTR, 641 | PPC_INS_MFDCR, 642 | PPC_INS_MFFS, 643 | PPC_INS_MFLR, 644 | PPC_INS_MFMSR, 645 | PPC_INS_MFOCRF, 646 | PPC_INS_MFSPR, 647 | PPC_INS_MFSR, 648 | PPC_INS_MFSRIN, 649 | PPC_INS_MFTB, 650 | PPC_INS_MFVSCR, 651 | PPC_INS_MSYNC, 652 | PPC_INS_MTCRF, 653 | PPC_INS_MTCTR, 654 | PPC_INS_MTDCR, 655 | PPC_INS_MTFSB0, 656 | PPC_INS_MTFSB1, 657 | PPC_INS_MTFSF, 658 | PPC_INS_MTLR, 659 | PPC_INS_MTMSR, 660 | PPC_INS_MTMSRD, 661 | PPC_INS_MTOCRF, 662 | PPC_INS_MTSPR, 663 | PPC_INS_MTSR, 664 | PPC_INS_MTSRIN, 665 | PPC_INS_MTVSCR, 666 | PPC_INS_MULHD, 667 | PPC_INS_MULHDU, 668 | PPC_INS_MULHW, 669 | PPC_INS_MULHWU, 670 | PPC_INS_MULLD, 671 | PPC_INS_MULLI, 672 | PPC_INS_MULLW, 673 | PPC_INS_NAND, 674 | PPC_INS_NEG, 675 | PPC_INS_NOP, 676 | PPC_INS_ORI, 677 | PPC_INS_NOR, 678 | PPC_INS_OR, 679 | PPC_INS_ORC, 680 | PPC_INS_ORIS, 681 | PPC_INS_POPCNTD, 682 | PPC_INS_POPCNTW, 683 | PPC_INS_RFCI, 684 | PPC_INS_RFDI, 685 | PPC_INS_RFI, 686 | PPC_INS_RFID, 687 | PPC_INS_RFMCI, 688 | PPC_INS_RLDCL, 689 | PPC_INS_RLDCR, 690 | PPC_INS_RLDIC, 691 | PPC_INS_RLDICL, 692 | PPC_INS_RLDICR, 693 | PPC_INS_RLDIMI, 694 | PPC_INS_RLWIMI, 695 | PPC_INS_RLWINM, 696 | PPC_INS_RLWNM, 697 | PPC_INS_SC, 698 | PPC_INS_SLBIA, 699 | PPC_INS_SLBIE, 700 | PPC_INS_SLBMFEE, 701 | PPC_INS_SLBMTE, 702 | PPC_INS_SLD, 703 | PPC_INS_SLW, 704 | PPC_INS_SRAD, 705 | PPC_INS_SRADI, 706 | PPC_INS_SRAW, 707 | PPC_INS_SRAWI, 708 | PPC_INS_SRD, 709 | PPC_INS_SRW, 710 | PPC_INS_STB, 711 | PPC_INS_STBU, 712 | PPC_INS_STBUX, 713 | PPC_INS_STBX, 714 | PPC_INS_STD, 715 | PPC_INS_STDBRX, 716 | PPC_INS_STDCX, 717 | PPC_INS_STDU, 718 | PPC_INS_STDUX, 719 | PPC_INS_STDX, 720 | PPC_INS_STFD, 721 | PPC_INS_STFDU, 722 | PPC_INS_STFDUX, 723 | PPC_INS_STFDX, 724 | PPC_INS_STFIWX, 725 | PPC_INS_STFS, 726 | PPC_INS_STFSU, 727 | PPC_INS_STFSUX, 728 | PPC_INS_STFSX, 729 | PPC_INS_STH, 730 | PPC_INS_STHBRX, 731 | PPC_INS_STHU, 732 | PPC_INS_STHUX, 733 | PPC_INS_STHX, 734 | PPC_INS_STMW, 735 | PPC_INS_STSWI, 736 | PPC_INS_STVEBX, 737 | PPC_INS_STVEHX, 738 | PPC_INS_STVEWX, 739 | PPC_INS_STVX, 740 | PPC_INS_STVXL, 741 | PPC_INS_STW, 742 | PPC_INS_STWBRX, 743 | PPC_INS_STWCX, 744 | PPC_INS_STWU, 745 | PPC_INS_STWUX, 746 | PPC_INS_STWX, 747 | PPC_INS_STXSDX, 748 | PPC_INS_STXVD2X, 749 | PPC_INS_STXVW4X, 750 | PPC_INS_SUBF, 751 | PPC_INS_SUBFC, 752 | PPC_INS_SUBFE, 753 | PPC_INS_SUBFIC, 754 | PPC_INS_SUBFME, 755 | PPC_INS_SUBFZE, 756 | PPC_INS_SYNC, 757 | PPC_INS_TD, 758 | PPC_INS_TDI, 759 | PPC_INS_TLBIA, 760 | PPC_INS_TLBIE, 761 | PPC_INS_TLBIEL, 762 | PPC_INS_TLBIVAX, 763 | PPC_INS_TLBLD, 764 | PPC_INS_TLBLI, 765 | PPC_INS_TLBRE, 766 | PPC_INS_TLBSX, 767 | PPC_INS_TLBSYNC, 768 | PPC_INS_TLBWE, 769 | PPC_INS_TRAP, 770 | PPC_INS_TW, 771 | PPC_INS_TWI, 772 | PPC_INS_VADDCUW, 773 | PPC_INS_VADDFP, 774 | PPC_INS_VADDSBS, 775 | PPC_INS_VADDSHS, 776 | PPC_INS_VADDSWS, 777 | PPC_INS_VADDUBM, 778 | PPC_INS_VADDUBS, 779 | PPC_INS_VADDUHM, 780 | PPC_INS_VADDUHS, 781 | PPC_INS_VADDUWM, 782 | PPC_INS_VADDUWS, 783 | PPC_INS_VAND, 784 | PPC_INS_VANDC, 785 | PPC_INS_VAVGSB, 786 | PPC_INS_VAVGSH, 787 | PPC_INS_VAVGSW, 788 | PPC_INS_VAVGUB, 789 | PPC_INS_VAVGUH, 790 | PPC_INS_VAVGUW, 791 | PPC_INS_VCFSX, 792 | PPC_INS_VCFUX, 793 | PPC_INS_VCMPBFP, 794 | PPC_INS_VCMPEQFP, 795 | PPC_INS_VCMPEQUB, 796 | PPC_INS_VCMPEQUH, 797 | PPC_INS_VCMPEQUW, 798 | PPC_INS_VCMPGEFP, 799 | PPC_INS_VCMPGTFP, 800 | PPC_INS_VCMPGTSB, 801 | PPC_INS_VCMPGTSH, 802 | PPC_INS_VCMPGTSW, 803 | PPC_INS_VCMPGTUB, 804 | PPC_INS_VCMPGTUH, 805 | PPC_INS_VCMPGTUW, 806 | PPC_INS_VCTSXS, 807 | PPC_INS_VCTUXS, 808 | PPC_INS_VEXPTEFP, 809 | PPC_INS_VLOGEFP, 810 | PPC_INS_VMADDFP, 811 | PPC_INS_VMAXFP, 812 | PPC_INS_VMAXSB, 813 | PPC_INS_VMAXSH, 814 | PPC_INS_VMAXSW, 815 | PPC_INS_VMAXUB, 816 | PPC_INS_VMAXUH, 817 | PPC_INS_VMAXUW, 818 | PPC_INS_VMHADDSHS, 819 | PPC_INS_VMHRADDSHS, 820 | PPC_INS_VMINFP, 821 | PPC_INS_VMINSB, 822 | PPC_INS_VMINSH, 823 | PPC_INS_VMINSW, 824 | PPC_INS_VMINUB, 825 | PPC_INS_VMINUH, 826 | PPC_INS_VMINUW, 827 | PPC_INS_VMLADDUHM, 828 | PPC_INS_VMRGHB, 829 | PPC_INS_VMRGHH, 830 | PPC_INS_VMRGHW, 831 | PPC_INS_VMRGLB, 832 | PPC_INS_VMRGLH, 833 | PPC_INS_VMRGLW, 834 | PPC_INS_VMSUMMBM, 835 | PPC_INS_VMSUMSHM, 836 | PPC_INS_VMSUMSHS, 837 | PPC_INS_VMSUMUBM, 838 | PPC_INS_VMSUMUHM, 839 | PPC_INS_VMSUMUHS, 840 | PPC_INS_VMULESB, 841 | PPC_INS_VMULESH, 842 | PPC_INS_VMULEUB, 843 | PPC_INS_VMULEUH, 844 | PPC_INS_VMULOSB, 845 | PPC_INS_VMULOSH, 846 | PPC_INS_VMULOUB, 847 | PPC_INS_VMULOUH, 848 | PPC_INS_VNMSUBFP, 849 | PPC_INS_VNOR, 850 | PPC_INS_VOR, 851 | PPC_INS_VPERM, 852 | PPC_INS_VPKPX, 853 | PPC_INS_VPKSHSS, 854 | PPC_INS_VPKSHUS, 855 | PPC_INS_VPKSWSS, 856 | PPC_INS_VPKSWUS, 857 | PPC_INS_VPKUHUM, 858 | PPC_INS_VPKUHUS, 859 | PPC_INS_VPKUWUM, 860 | PPC_INS_VPKUWUS, 861 | PPC_INS_VREFP, 862 | PPC_INS_VRFIM, 863 | PPC_INS_VRFIN, 864 | PPC_INS_VRFIP, 865 | PPC_INS_VRFIZ, 866 | PPC_INS_VRLB, 867 | PPC_INS_VRLH, 868 | PPC_INS_VRLW, 869 | PPC_INS_VRSQRTEFP, 870 | PPC_INS_VSEL, 871 | PPC_INS_VSL, 872 | PPC_INS_VSLB, 873 | PPC_INS_VSLDOI, 874 | PPC_INS_VSLH, 875 | PPC_INS_VSLO, 876 | PPC_INS_VSLW, 877 | PPC_INS_VSPLTB, 878 | PPC_INS_VSPLTH, 879 | PPC_INS_VSPLTISB, 880 | PPC_INS_VSPLTISH, 881 | PPC_INS_VSPLTISW, 882 | PPC_INS_VSPLTW, 883 | PPC_INS_VSR, 884 | PPC_INS_VSRAB, 885 | PPC_INS_VSRAH, 886 | PPC_INS_VSRAW, 887 | PPC_INS_VSRB, 888 | PPC_INS_VSRH, 889 | PPC_INS_VSRO, 890 | PPC_INS_VSRW, 891 | PPC_INS_VSUBCUW, 892 | PPC_INS_VSUBFP, 893 | PPC_INS_VSUBSBS, 894 | PPC_INS_VSUBSHS, 895 | PPC_INS_VSUBSWS, 896 | PPC_INS_VSUBUBM, 897 | PPC_INS_VSUBUBS, 898 | PPC_INS_VSUBUHM, 899 | PPC_INS_VSUBUHS, 900 | PPC_INS_VSUBUWM, 901 | PPC_INS_VSUBUWS, 902 | PPC_INS_VSUM2SWS, 903 | PPC_INS_VSUM4SBS, 904 | PPC_INS_VSUM4SHS, 905 | PPC_INS_VSUM4UBS, 906 | PPC_INS_VSUMSWS, 907 | PPC_INS_VUPKHPX, 908 | PPC_INS_VUPKHSB, 909 | PPC_INS_VUPKHSH, 910 | PPC_INS_VUPKLPX, 911 | PPC_INS_VUPKLSB, 912 | PPC_INS_VUPKLSH, 913 | PPC_INS_VXOR, 914 | PPC_INS_WAIT, 915 | PPC_INS_WRTEE, 916 | PPC_INS_WRTEEI, 917 | PPC_INS_XOR, 918 | PPC_INS_XORI, 919 | PPC_INS_XORIS, 920 | PPC_INS_XSABSDP, 921 | PPC_INS_XSADDDP, 922 | PPC_INS_XSCMPODP, 923 | PPC_INS_XSCMPUDP, 924 | PPC_INS_XSCPSGNDP, 925 | PPC_INS_XSCVDPSP, 926 | PPC_INS_XSCVDPSXDS, 927 | PPC_INS_XSCVDPSXWS, 928 | PPC_INS_XSCVDPUXDS, 929 | PPC_INS_XSCVDPUXWS, 930 | PPC_INS_XSCVSPDP, 931 | PPC_INS_XSCVSXDDP, 932 | PPC_INS_XSCVUXDDP, 933 | PPC_INS_XSDIVDP, 934 | PPC_INS_XSMADDADP, 935 | PPC_INS_XSMADDMDP, 936 | PPC_INS_XSMAXDP, 937 | PPC_INS_XSMINDP, 938 | PPC_INS_XSMSUBADP, 939 | PPC_INS_XSMSUBMDP, 940 | PPC_INS_XSMULDP, 941 | PPC_INS_XSNABSDP, 942 | PPC_INS_XSNEGDP, 943 | PPC_INS_XSNMADDADP, 944 | PPC_INS_XSNMADDMDP, 945 | PPC_INS_XSNMSUBADP, 946 | PPC_INS_XSNMSUBMDP, 947 | PPC_INS_XSRDPI, 948 | PPC_INS_XSRDPIC, 949 | PPC_INS_XSRDPIM, 950 | PPC_INS_XSRDPIP, 951 | PPC_INS_XSRDPIZ, 952 | PPC_INS_XSREDP, 953 | PPC_INS_XSRSQRTEDP, 954 | PPC_INS_XSSQRTDP, 955 | PPC_INS_XSSUBDP, 956 | PPC_INS_XSTDIVDP, 957 | PPC_INS_XSTSQRTDP, 958 | PPC_INS_XVABSDP, 959 | PPC_INS_XVABSSP, 960 | PPC_INS_XVADDDP, 961 | PPC_INS_XVADDSP, 962 | PPC_INS_XVCMPEQDP, 963 | PPC_INS_XVCMPEQSP, 964 | PPC_INS_XVCMPGEDP, 965 | PPC_INS_XVCMPGESP, 966 | PPC_INS_XVCMPGTDP, 967 | PPC_INS_XVCMPGTSP, 968 | PPC_INS_XVCPSGNDP, 969 | PPC_INS_XVCPSGNSP, 970 | PPC_INS_XVCVDPSP, 971 | PPC_INS_XVCVDPSXDS, 972 | PPC_INS_XVCVDPSXWS, 973 | PPC_INS_XVCVDPUXDS, 974 | PPC_INS_XVCVDPUXWS, 975 | PPC_INS_XVCVSPDP, 976 | PPC_INS_XVCVSPSXDS, 977 | PPC_INS_XVCVSPSXWS, 978 | PPC_INS_XVCVSPUXDS, 979 | PPC_INS_XVCVSPUXWS, 980 | PPC_INS_XVCVSXDDP, 981 | PPC_INS_XVCVSXDSP, 982 | PPC_INS_XVCVSXWDP, 983 | PPC_INS_XVCVSXWSP, 984 | PPC_INS_XVCVUXDDP, 985 | PPC_INS_XVCVUXDSP, 986 | PPC_INS_XVCVUXWDP, 987 | PPC_INS_XVCVUXWSP, 988 | PPC_INS_XVDIVDP, 989 | PPC_INS_XVDIVSP, 990 | PPC_INS_XVMADDADP, 991 | PPC_INS_XVMADDASP, 992 | PPC_INS_XVMADDMDP, 993 | PPC_INS_XVMADDMSP, 994 | PPC_INS_XVMAXDP, 995 | PPC_INS_XVMAXSP, 996 | PPC_INS_XVMINDP, 997 | PPC_INS_XVMINSP, 998 | PPC_INS_XVMSUBADP, 999 | PPC_INS_XVMSUBASP, 1000 | PPC_INS_XVMSUBMDP, 1001 | PPC_INS_XVMSUBMSP, 1002 | PPC_INS_XVMULDP, 1003 | PPC_INS_XVMULSP, 1004 | PPC_INS_XVNABSDP, 1005 | PPC_INS_XVNABSSP, 1006 | PPC_INS_XVNEGDP, 1007 | PPC_INS_XVNEGSP, 1008 | PPC_INS_XVNMADDADP, 1009 | PPC_INS_XVNMADDASP, 1010 | PPC_INS_XVNMADDMDP, 1011 | PPC_INS_XVNMADDMSP, 1012 | PPC_INS_XVNMSUBADP, 1013 | PPC_INS_XVNMSUBASP, 1014 | PPC_INS_XVNMSUBMDP, 1015 | PPC_INS_XVNMSUBMSP, 1016 | PPC_INS_XVRDPI, 1017 | PPC_INS_XVRDPIC, 1018 | PPC_INS_XVRDPIM, 1019 | PPC_INS_XVRDPIP, 1020 | PPC_INS_XVRDPIZ, 1021 | PPC_INS_XVREDP, 1022 | PPC_INS_XVRESP, 1023 | PPC_INS_XVRSPI, 1024 | PPC_INS_XVRSPIC, 1025 | PPC_INS_XVRSPIM, 1026 | PPC_INS_XVRSPIP, 1027 | PPC_INS_XVRSPIZ, 1028 | PPC_INS_XVRSQRTEDP, 1029 | PPC_INS_XVRSQRTESP, 1030 | PPC_INS_XVSQRTDP, 1031 | PPC_INS_XVSQRTSP, 1032 | PPC_INS_XVSUBDP, 1033 | PPC_INS_XVSUBSP, 1034 | PPC_INS_XVTDIVDP, 1035 | PPC_INS_XVTDIVSP, 1036 | PPC_INS_XVTSQRTDP, 1037 | PPC_INS_XVTSQRTSP, 1038 | PPC_INS_XXLAND, 1039 | PPC_INS_XXLANDC, 1040 | PPC_INS_XXLNOR, 1041 | PPC_INS_XXLOR, 1042 | PPC_INS_XXLXOR, 1043 | PPC_INS_XXMRGHW, 1044 | PPC_INS_XXMRGLW, 1045 | PPC_INS_XXPERMDI, 1046 | PPC_INS_XXSEL, 1047 | PPC_INS_XXSLDWI, 1048 | PPC_INS_XXSPLTW, 1049 | PPC_INS_BCA, 1050 | PPC_INS_BCLA, 1051 | 1052 | // extra & alias instructions 1053 | PPC_INS_SLWI, 1054 | PPC_INS_SRWI, 1055 | PPC_INS_SLDI, 1056 | 1057 | PPC_INS_BTA, 1058 | PPC_INS_CRSET, 1059 | PPC_INS_CRNOT, 1060 | PPC_INS_CRMOVE, 1061 | PPC_INS_CRCLR, 1062 | PPC_INS_MFBR0, 1063 | PPC_INS_MFBR1, 1064 | PPC_INS_MFBR2, 1065 | PPC_INS_MFBR3, 1066 | PPC_INS_MFBR4, 1067 | PPC_INS_MFBR5, 1068 | PPC_INS_MFBR6, 1069 | PPC_INS_MFBR7, 1070 | PPC_INS_MFXER, 1071 | PPC_INS_MFRTCU, 1072 | PPC_INS_MFRTCL, 1073 | PPC_INS_MFDSCR, 1074 | PPC_INS_MFDSISR, 1075 | PPC_INS_MFDAR, 1076 | PPC_INS_MFSRR2, 1077 | PPC_INS_MFSRR3, 1078 | PPC_INS_MFCFAR, 1079 | PPC_INS_MFAMR, 1080 | PPC_INS_MFPID, 1081 | PPC_INS_MFTBLO, 1082 | PPC_INS_MFTBHI, 1083 | PPC_INS_MFDBATU, 1084 | PPC_INS_MFDBATL, 1085 | PPC_INS_MFIBATU, 1086 | PPC_INS_MFIBATL, 1087 | PPC_INS_MFDCCR, 1088 | PPC_INS_MFICCR, 1089 | PPC_INS_MFDEAR, 1090 | PPC_INS_MFESR, 1091 | PPC_INS_MFSPEFSCR, 1092 | PPC_INS_MFTCR, 1093 | PPC_INS_MFASR, 1094 | PPC_INS_MFPVR, 1095 | PPC_INS_MFTBU, 1096 | PPC_INS_MTCR, 1097 | PPC_INS_MTBR0, 1098 | PPC_INS_MTBR1, 1099 | PPC_INS_MTBR2, 1100 | PPC_INS_MTBR3, 1101 | PPC_INS_MTBR4, 1102 | PPC_INS_MTBR5, 1103 | PPC_INS_MTBR6, 1104 | PPC_INS_MTBR7, 1105 | PPC_INS_MTXER, 1106 | PPC_INS_MTDSCR, 1107 | PPC_INS_MTDSISR, 1108 | PPC_INS_MTDAR, 1109 | PPC_INS_MTSRR2, 1110 | PPC_INS_MTSRR3, 1111 | PPC_INS_MTCFAR, 1112 | PPC_INS_MTAMR, 1113 | PPC_INS_MTPID, 1114 | PPC_INS_MTTBL, 1115 | PPC_INS_MTTBU, 1116 | PPC_INS_MTTBLO, 1117 | PPC_INS_MTTBHI, 1118 | PPC_INS_MTDBATU, 1119 | PPC_INS_MTDBATL, 1120 | PPC_INS_MTIBATU, 1121 | PPC_INS_MTIBATL, 1122 | PPC_INS_MTDCCR, 1123 | PPC_INS_MTICCR, 1124 | PPC_INS_MTDEAR, 1125 | PPC_INS_MTESR, 1126 | PPC_INS_MTSPEFSCR, 1127 | PPC_INS_MTTCR, 1128 | PPC_INS_NOT, 1129 | PPC_INS_MR, 1130 | PPC_INS_ROTLD, 1131 | PPC_INS_ROTLDI, 1132 | PPC_INS_CLRLDI, 1133 | PPC_INS_ROTLWI, 1134 | PPC_INS_CLRLWI, 1135 | PPC_INS_ROTLW, 1136 | PPC_INS_SUB, 1137 | PPC_INS_SUBC, 1138 | PPC_INS_LWSYNC, 1139 | PPC_INS_PTESYNC, 1140 | PPC_INS_TDLT, 1141 | PPC_INS_TDEQ, 1142 | PPC_INS_TDGT, 1143 | PPC_INS_TDNE, 1144 | PPC_INS_TDLLT, 1145 | PPC_INS_TDLGT, 1146 | PPC_INS_TDU, 1147 | PPC_INS_TDLTI, 1148 | PPC_INS_TDEQI, 1149 | PPC_INS_TDGTI, 1150 | PPC_INS_TDNEI, 1151 | PPC_INS_TDLLTI, 1152 | PPC_INS_TDLGTI, 1153 | PPC_INS_TDUI, 1154 | PPC_INS_TLBREHI, 1155 | PPC_INS_TLBRELO, 1156 | PPC_INS_TLBWEHI, 1157 | PPC_INS_TLBWELO, 1158 | PPC_INS_TWLT, 1159 | PPC_INS_TWEQ, 1160 | PPC_INS_TWGT, 1161 | PPC_INS_TWNE, 1162 | PPC_INS_TWLLT, 1163 | PPC_INS_TWLGT, 1164 | PPC_INS_TWU, 1165 | PPC_INS_TWLTI, 1166 | PPC_INS_TWEQI, 1167 | PPC_INS_TWGTI, 1168 | PPC_INS_TWNEI, 1169 | PPC_INS_TWLLTI, 1170 | PPC_INS_TWLGTI, 1171 | PPC_INS_TWUI, 1172 | PPC_INS_WAITRSV, 1173 | PPC_INS_WAITIMPL, 1174 | PPC_INS_XNOP, 1175 | PPC_INS_XVMOVDP, 1176 | PPC_INS_XVMOVSP, 1177 | PPC_INS_XXSPLTD, 1178 | PPC_INS_XXMRGHD, 1179 | PPC_INS_XXMRGLD, 1180 | PPC_INS_XXSWAPD, 1181 | PPC_INS_BT, 1182 | PPC_INS_BF, 1183 | PPC_INS_BDNZT, 1184 | PPC_INS_BDNZF, 1185 | PPC_INS_BDZF, 1186 | PPC_INS_BDZT, 1187 | PPC_INS_BFA, 1188 | PPC_INS_BDNZTA, 1189 | PPC_INS_BDNZFA, 1190 | PPC_INS_BDZTA, 1191 | PPC_INS_BDZFA, 1192 | PPC_INS_BTCTR, 1193 | PPC_INS_BFCTR, 1194 | PPC_INS_BTCTRL, 1195 | PPC_INS_BFCTRL, 1196 | PPC_INS_BTL, 1197 | PPC_INS_BFL, 1198 | PPC_INS_BDNZTL, 1199 | PPC_INS_BDNZFL, 1200 | PPC_INS_BDZTL, 1201 | PPC_INS_BDZFL, 1202 | PPC_INS_BTLA, 1203 | PPC_INS_BFLA, 1204 | PPC_INS_BDNZTLA, 1205 | PPC_INS_BDNZFLA, 1206 | PPC_INS_BDZTLA, 1207 | PPC_INS_BDZFLA, 1208 | PPC_INS_BTLR, 1209 | PPC_INS_BFLR, 1210 | PPC_INS_BDNZTLR, 1211 | PPC_INS_BDZTLR, 1212 | PPC_INS_BDZFLR, 1213 | PPC_INS_BTLRL, 1214 | PPC_INS_BFLRL, 1215 | PPC_INS_BDNZTLRL, 1216 | PPC_INS_BDNZFLRL, 1217 | PPC_INS_BDZTLRL, 1218 | PPC_INS_BDZFLRL, 1219 | 1220 | PPC_INS_ENDING, // <-- mark the end of the list of instructions 1221 | } ppc_insn; 1222 | 1223 | //> Group of PPC instructions 1224 | typedef enum ppc_insn_group { 1225 | PPC_GRP_INVALID = 0, // = CS_GRP_INVALID 1226 | 1227 | //> Generic groups 1228 | // all jump instructions (conditional+direct+indirect jumps) 1229 | PPC_GRP_JUMP, // = CS_GRP_JUMP 1230 | 1231 | //> Architecture-specific groups 1232 | PPC_GRP_ALTIVEC = 128, 1233 | PPC_GRP_MODE32, 1234 | PPC_GRP_MODE64, 1235 | PPC_GRP_BOOKE, 1236 | PPC_GRP_NOTBOOKE, 1237 | PPC_GRP_SPE, 1238 | PPC_GRP_VSX, 1239 | PPC_GRP_E500, 1240 | PPC_GRP_PPC4XX, 1241 | PPC_GRP_PPC6XX, 1242 | 1243 | PPC_GRP_ENDING, // <-- mark the end of the list of groups 1244 | } ppc_insn_group; 1245 | 1246 | #ifdef __cplusplus 1247 | } 1248 | #endif 1249 | 1250 | #endif 1251 | -------------------------------------------------------------------------------- /CaptainHook/include/sparc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SPARC_H 2 | #define CAPSTONE_SPARC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC SPARC toolchain has a default macro called "sparc" which breaks 15 | // compilation 16 | #undef sparc 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's. 23 | typedef enum sparc_cc { 24 | SPARC_CC_INVALID = 0, // invalid CC (default) 25 | //> Integer condition codes 26 | SPARC_CC_ICC_A = 8+256, // Always 27 | SPARC_CC_ICC_N = 0+256, // Never 28 | SPARC_CC_ICC_NE = 9+256, // Not Equal 29 | SPARC_CC_ICC_E = 1+256, // Equal 30 | SPARC_CC_ICC_G = 10+256, // Greater 31 | SPARC_CC_ICC_LE = 2+256, // Less or Equal 32 | SPARC_CC_ICC_GE = 11+256, // Greater or Equal 33 | SPARC_CC_ICC_L = 3+256, // Less 34 | SPARC_CC_ICC_GU = 12+256, // Greater Unsigned 35 | SPARC_CC_ICC_LEU = 4+256, // Less or Equal Unsigned 36 | SPARC_CC_ICC_CC = 13+256, // Carry Clear/Great or Equal Unsigned 37 | SPARC_CC_ICC_CS = 5+256, // Carry Set/Less Unsigned 38 | SPARC_CC_ICC_POS = 14+256, // Positive 39 | SPARC_CC_ICC_NEG = 6+256, // Negative 40 | SPARC_CC_ICC_VC = 15+256, // Overflow Clear 41 | SPARC_CC_ICC_VS = 7+256, // Overflow Set 42 | 43 | //> Floating condition codes 44 | SPARC_CC_FCC_A = 8+16+256, // Always 45 | SPARC_CC_FCC_N = 0+16+256, // Never 46 | SPARC_CC_FCC_U = 7+16+256, // Unordered 47 | SPARC_CC_FCC_G = 6+16+256, // Greater 48 | SPARC_CC_FCC_UG = 5+16+256, // Unordered or Greater 49 | SPARC_CC_FCC_L = 4+16+256, // Less 50 | SPARC_CC_FCC_UL = 3+16+256, // Unordered or Less 51 | SPARC_CC_FCC_LG = 2+16+256, // Less or Greater 52 | SPARC_CC_FCC_NE = 1+16+256, // Not Equal 53 | SPARC_CC_FCC_E = 9+16+256, // Equal 54 | SPARC_CC_FCC_UE = 10+16+256, // Unordered or Equal 55 | SPARC_CC_FCC_GE = 11+16+256, // Greater or Equal 56 | SPARC_CC_FCC_UGE = 12+16+256, // Unordered or Greater or Equal 57 | SPARC_CC_FCC_LE = 13+16+256, // Less or Equal 58 | SPARC_CC_FCC_ULE = 14+16+256, // Unordered or Less or Equal 59 | SPARC_CC_FCC_O = 15+16+256, // Ordered 60 | } sparc_cc; 61 | 62 | //> Branch hint 63 | typedef enum sparc_hint { 64 | SPARC_HINT_INVALID = 0, // no hint 65 | SPARC_HINT_A = 1 << 0, // annul delay slot instruction 66 | SPARC_HINT_PT = 1 << 1, // branch taken 67 | SPARC_HINT_PN = 1 << 2, // branch NOT taken 68 | } sparc_hint; 69 | 70 | //> Operand type for instruction's operands 71 | typedef enum sparc_op_type { 72 | SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 73 | SPARC_OP_REG, // = CS_OP_REG (Register operand). 74 | SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand). 75 | SPARC_OP_MEM, // = CS_OP_MEM (Memory operand). 76 | } sparc_op_type; 77 | 78 | // Instruction's operand referring to memory 79 | // This is associated with SPARC_OP_MEM operand type above 80 | typedef struct sparc_op_mem { 81 | uint8_t base; // base register 82 | uint8_t index; // index register 83 | int32_t disp; // displacement/offset value 84 | } sparc_op_mem; 85 | 86 | // Instruction operand 87 | typedef struct cs_sparc_op { 88 | sparc_op_type type; // operand type 89 | union { 90 | unsigned int reg; // register value for REG operand 91 | int32_t imm; // immediate value for IMM operand 92 | sparc_op_mem mem; // base/disp value for MEM operand 93 | }; 94 | } cs_sparc_op; 95 | 96 | // Instruction structure 97 | typedef struct cs_sparc { 98 | sparc_cc cc; // code condition for this insn 99 | sparc_hint hint; // branch hint: encoding as bitwise OR of sparc_hint. 100 | // Number of operands of this instruction, 101 | // or 0 when instruction has no operand. 102 | uint8_t op_count; 103 | cs_sparc_op operands[4]; // operands for this instruction. 104 | } cs_sparc; 105 | 106 | //> SPARC registers 107 | typedef enum sparc_reg { 108 | SPARC_REG_INVALID = 0, 109 | 110 | SPARC_REG_F0, 111 | SPARC_REG_F1, 112 | SPARC_REG_F2, 113 | SPARC_REG_F3, 114 | SPARC_REG_F4, 115 | SPARC_REG_F5, 116 | SPARC_REG_F6, 117 | SPARC_REG_F7, 118 | SPARC_REG_F8, 119 | SPARC_REG_F9, 120 | SPARC_REG_F10, 121 | SPARC_REG_F11, 122 | SPARC_REG_F12, 123 | SPARC_REG_F13, 124 | SPARC_REG_F14, 125 | SPARC_REG_F15, 126 | SPARC_REG_F16, 127 | SPARC_REG_F17, 128 | SPARC_REG_F18, 129 | SPARC_REG_F19, 130 | SPARC_REG_F20, 131 | SPARC_REG_F21, 132 | SPARC_REG_F22, 133 | SPARC_REG_F23, 134 | SPARC_REG_F24, 135 | SPARC_REG_F25, 136 | SPARC_REG_F26, 137 | SPARC_REG_F27, 138 | SPARC_REG_F28, 139 | SPARC_REG_F29, 140 | SPARC_REG_F30, 141 | SPARC_REG_F31, 142 | SPARC_REG_F32, 143 | SPARC_REG_F34, 144 | SPARC_REG_F36, 145 | SPARC_REG_F38, 146 | SPARC_REG_F40, 147 | SPARC_REG_F42, 148 | SPARC_REG_F44, 149 | SPARC_REG_F46, 150 | SPARC_REG_F48, 151 | SPARC_REG_F50, 152 | SPARC_REG_F52, 153 | SPARC_REG_F54, 154 | SPARC_REG_F56, 155 | SPARC_REG_F58, 156 | SPARC_REG_F60, 157 | SPARC_REG_F62, 158 | SPARC_REG_FCC0, // Floating condition codes 159 | SPARC_REG_FCC1, 160 | SPARC_REG_FCC2, 161 | SPARC_REG_FCC3, 162 | SPARC_REG_FP, 163 | SPARC_REG_G0, 164 | SPARC_REG_G1, 165 | SPARC_REG_G2, 166 | SPARC_REG_G3, 167 | SPARC_REG_G4, 168 | SPARC_REG_G5, 169 | SPARC_REG_G6, 170 | SPARC_REG_G7, 171 | SPARC_REG_I0, 172 | SPARC_REG_I1, 173 | SPARC_REG_I2, 174 | SPARC_REG_I3, 175 | SPARC_REG_I4, 176 | SPARC_REG_I5, 177 | SPARC_REG_I7, 178 | SPARC_REG_ICC, // Integer condition codes 179 | SPARC_REG_L0, 180 | SPARC_REG_L1, 181 | SPARC_REG_L2, 182 | SPARC_REG_L3, 183 | SPARC_REG_L4, 184 | SPARC_REG_L5, 185 | SPARC_REG_L6, 186 | SPARC_REG_L7, 187 | SPARC_REG_O0, 188 | SPARC_REG_O1, 189 | SPARC_REG_O2, 190 | SPARC_REG_O3, 191 | SPARC_REG_O4, 192 | SPARC_REG_O5, 193 | SPARC_REG_O7, 194 | SPARC_REG_SP, 195 | SPARC_REG_Y, 196 | 197 | // special register 198 | SPARC_REG_XCC, 199 | 200 | SPARC_REG_ENDING, // <-- mark the end of the list of registers 201 | 202 | // extras 203 | SPARC_REG_O6 = SPARC_REG_SP, 204 | SPARC_REG_I6 = SPARC_REG_FP, 205 | } sparc_reg; 206 | 207 | //> SPARC instruction 208 | typedef enum sparc_insn { 209 | SPARC_INS_INVALID = 0, 210 | 211 | SPARC_INS_ADDCC, 212 | SPARC_INS_ADDX, 213 | SPARC_INS_ADDXCC, 214 | SPARC_INS_ADDXC, 215 | SPARC_INS_ADDXCCC, 216 | SPARC_INS_ADD, 217 | SPARC_INS_ALIGNADDR, 218 | SPARC_INS_ALIGNADDRL, 219 | SPARC_INS_ANDCC, 220 | SPARC_INS_ANDNCC, 221 | SPARC_INS_ANDN, 222 | SPARC_INS_AND, 223 | SPARC_INS_ARRAY16, 224 | SPARC_INS_ARRAY32, 225 | SPARC_INS_ARRAY8, 226 | SPARC_INS_B, 227 | SPARC_INS_JMP, 228 | SPARC_INS_BMASK, 229 | SPARC_INS_FB, 230 | SPARC_INS_BRGEZ, 231 | SPARC_INS_BRGZ, 232 | SPARC_INS_BRLEZ, 233 | SPARC_INS_BRLZ, 234 | SPARC_INS_BRNZ, 235 | SPARC_INS_BRZ, 236 | SPARC_INS_BSHUFFLE, 237 | SPARC_INS_CALL, 238 | SPARC_INS_CASX, 239 | SPARC_INS_CAS, 240 | SPARC_INS_CMASK16, 241 | SPARC_INS_CMASK32, 242 | SPARC_INS_CMASK8, 243 | SPARC_INS_CMP, 244 | SPARC_INS_EDGE16, 245 | SPARC_INS_EDGE16L, 246 | SPARC_INS_EDGE16LN, 247 | SPARC_INS_EDGE16N, 248 | SPARC_INS_EDGE32, 249 | SPARC_INS_EDGE32L, 250 | SPARC_INS_EDGE32LN, 251 | SPARC_INS_EDGE32N, 252 | SPARC_INS_EDGE8, 253 | SPARC_INS_EDGE8L, 254 | SPARC_INS_EDGE8LN, 255 | SPARC_INS_EDGE8N, 256 | SPARC_INS_FABSD, 257 | SPARC_INS_FABSQ, 258 | SPARC_INS_FABSS, 259 | SPARC_INS_FADDD, 260 | SPARC_INS_FADDQ, 261 | SPARC_INS_FADDS, 262 | SPARC_INS_FALIGNDATA, 263 | SPARC_INS_FAND, 264 | SPARC_INS_FANDNOT1, 265 | SPARC_INS_FANDNOT1S, 266 | SPARC_INS_FANDNOT2, 267 | SPARC_INS_FANDNOT2S, 268 | SPARC_INS_FANDS, 269 | SPARC_INS_FCHKSM16, 270 | SPARC_INS_FCMPD, 271 | SPARC_INS_FCMPEQ16, 272 | SPARC_INS_FCMPEQ32, 273 | SPARC_INS_FCMPGT16, 274 | SPARC_INS_FCMPGT32, 275 | SPARC_INS_FCMPLE16, 276 | SPARC_INS_FCMPLE32, 277 | SPARC_INS_FCMPNE16, 278 | SPARC_INS_FCMPNE32, 279 | SPARC_INS_FCMPQ, 280 | SPARC_INS_FCMPS, 281 | SPARC_INS_FDIVD, 282 | SPARC_INS_FDIVQ, 283 | SPARC_INS_FDIVS, 284 | SPARC_INS_FDMULQ, 285 | SPARC_INS_FDTOI, 286 | SPARC_INS_FDTOQ, 287 | SPARC_INS_FDTOS, 288 | SPARC_INS_FDTOX, 289 | SPARC_INS_FEXPAND, 290 | SPARC_INS_FHADDD, 291 | SPARC_INS_FHADDS, 292 | SPARC_INS_FHSUBD, 293 | SPARC_INS_FHSUBS, 294 | SPARC_INS_FITOD, 295 | SPARC_INS_FITOQ, 296 | SPARC_INS_FITOS, 297 | SPARC_INS_FLCMPD, 298 | SPARC_INS_FLCMPS, 299 | SPARC_INS_FLUSHW, 300 | SPARC_INS_FMEAN16, 301 | SPARC_INS_FMOVD, 302 | SPARC_INS_FMOVQ, 303 | SPARC_INS_FMOVRDGEZ, 304 | SPARC_INS_FMOVRQGEZ, 305 | SPARC_INS_FMOVRSGEZ, 306 | SPARC_INS_FMOVRDGZ, 307 | SPARC_INS_FMOVRQGZ, 308 | SPARC_INS_FMOVRSGZ, 309 | SPARC_INS_FMOVRDLEZ, 310 | SPARC_INS_FMOVRQLEZ, 311 | SPARC_INS_FMOVRSLEZ, 312 | SPARC_INS_FMOVRDLZ, 313 | SPARC_INS_FMOVRQLZ, 314 | SPARC_INS_FMOVRSLZ, 315 | SPARC_INS_FMOVRDNZ, 316 | SPARC_INS_FMOVRQNZ, 317 | SPARC_INS_FMOVRSNZ, 318 | SPARC_INS_FMOVRDZ, 319 | SPARC_INS_FMOVRQZ, 320 | SPARC_INS_FMOVRSZ, 321 | SPARC_INS_FMOVS, 322 | SPARC_INS_FMUL8SUX16, 323 | SPARC_INS_FMUL8ULX16, 324 | SPARC_INS_FMUL8X16, 325 | SPARC_INS_FMUL8X16AL, 326 | SPARC_INS_FMUL8X16AU, 327 | SPARC_INS_FMULD, 328 | SPARC_INS_FMULD8SUX16, 329 | SPARC_INS_FMULD8ULX16, 330 | SPARC_INS_FMULQ, 331 | SPARC_INS_FMULS, 332 | SPARC_INS_FNADDD, 333 | SPARC_INS_FNADDS, 334 | SPARC_INS_FNAND, 335 | SPARC_INS_FNANDS, 336 | SPARC_INS_FNEGD, 337 | SPARC_INS_FNEGQ, 338 | SPARC_INS_FNEGS, 339 | SPARC_INS_FNHADDD, 340 | SPARC_INS_FNHADDS, 341 | SPARC_INS_FNOR, 342 | SPARC_INS_FNORS, 343 | SPARC_INS_FNOT1, 344 | SPARC_INS_FNOT1S, 345 | SPARC_INS_FNOT2, 346 | SPARC_INS_FNOT2S, 347 | SPARC_INS_FONE, 348 | SPARC_INS_FONES, 349 | SPARC_INS_FOR, 350 | SPARC_INS_FORNOT1, 351 | SPARC_INS_FORNOT1S, 352 | SPARC_INS_FORNOT2, 353 | SPARC_INS_FORNOT2S, 354 | SPARC_INS_FORS, 355 | SPARC_INS_FPACK16, 356 | SPARC_INS_FPACK32, 357 | SPARC_INS_FPACKFIX, 358 | SPARC_INS_FPADD16, 359 | SPARC_INS_FPADD16S, 360 | SPARC_INS_FPADD32, 361 | SPARC_INS_FPADD32S, 362 | SPARC_INS_FPADD64, 363 | SPARC_INS_FPMERGE, 364 | SPARC_INS_FPSUB16, 365 | SPARC_INS_FPSUB16S, 366 | SPARC_INS_FPSUB32, 367 | SPARC_INS_FPSUB32S, 368 | SPARC_INS_FQTOD, 369 | SPARC_INS_FQTOI, 370 | SPARC_INS_FQTOS, 371 | SPARC_INS_FQTOX, 372 | SPARC_INS_FSLAS16, 373 | SPARC_INS_FSLAS32, 374 | SPARC_INS_FSLL16, 375 | SPARC_INS_FSLL32, 376 | SPARC_INS_FSMULD, 377 | SPARC_INS_FSQRTD, 378 | SPARC_INS_FSQRTQ, 379 | SPARC_INS_FSQRTS, 380 | SPARC_INS_FSRA16, 381 | SPARC_INS_FSRA32, 382 | SPARC_INS_FSRC1, 383 | SPARC_INS_FSRC1S, 384 | SPARC_INS_FSRC2, 385 | SPARC_INS_FSRC2S, 386 | SPARC_INS_FSRL16, 387 | SPARC_INS_FSRL32, 388 | SPARC_INS_FSTOD, 389 | SPARC_INS_FSTOI, 390 | SPARC_INS_FSTOQ, 391 | SPARC_INS_FSTOX, 392 | SPARC_INS_FSUBD, 393 | SPARC_INS_FSUBQ, 394 | SPARC_INS_FSUBS, 395 | SPARC_INS_FXNOR, 396 | SPARC_INS_FXNORS, 397 | SPARC_INS_FXOR, 398 | SPARC_INS_FXORS, 399 | SPARC_INS_FXTOD, 400 | SPARC_INS_FXTOQ, 401 | SPARC_INS_FXTOS, 402 | SPARC_INS_FZERO, 403 | SPARC_INS_FZEROS, 404 | SPARC_INS_JMPL, 405 | SPARC_INS_LDD, 406 | SPARC_INS_LD, 407 | SPARC_INS_LDQ, 408 | SPARC_INS_LDSB, 409 | SPARC_INS_LDSH, 410 | SPARC_INS_LDSW, 411 | SPARC_INS_LDUB, 412 | SPARC_INS_LDUH, 413 | SPARC_INS_LDX, 414 | SPARC_INS_LZCNT, 415 | SPARC_INS_MEMBAR, 416 | SPARC_INS_MOVDTOX, 417 | SPARC_INS_MOV, 418 | SPARC_INS_MOVRGEZ, 419 | SPARC_INS_MOVRGZ, 420 | SPARC_INS_MOVRLEZ, 421 | SPARC_INS_MOVRLZ, 422 | SPARC_INS_MOVRNZ, 423 | SPARC_INS_MOVRZ, 424 | SPARC_INS_MOVSTOSW, 425 | SPARC_INS_MOVSTOUW, 426 | SPARC_INS_MULX, 427 | SPARC_INS_NOP, 428 | SPARC_INS_ORCC, 429 | SPARC_INS_ORNCC, 430 | SPARC_INS_ORN, 431 | SPARC_INS_OR, 432 | SPARC_INS_PDIST, 433 | SPARC_INS_PDISTN, 434 | SPARC_INS_POPC, 435 | SPARC_INS_RD, 436 | SPARC_INS_RESTORE, 437 | SPARC_INS_RETT, 438 | SPARC_INS_SAVE, 439 | SPARC_INS_SDIVCC, 440 | SPARC_INS_SDIVX, 441 | SPARC_INS_SDIV, 442 | SPARC_INS_SETHI, 443 | SPARC_INS_SHUTDOWN, 444 | SPARC_INS_SIAM, 445 | SPARC_INS_SLLX, 446 | SPARC_INS_SLL, 447 | SPARC_INS_SMULCC, 448 | SPARC_INS_SMUL, 449 | SPARC_INS_SRAX, 450 | SPARC_INS_SRA, 451 | SPARC_INS_SRLX, 452 | SPARC_INS_SRL, 453 | SPARC_INS_STBAR, 454 | SPARC_INS_STB, 455 | SPARC_INS_STD, 456 | SPARC_INS_ST, 457 | SPARC_INS_STH, 458 | SPARC_INS_STQ, 459 | SPARC_INS_STX, 460 | SPARC_INS_SUBCC, 461 | SPARC_INS_SUBX, 462 | SPARC_INS_SUBXCC, 463 | SPARC_INS_SUB, 464 | SPARC_INS_SWAP, 465 | SPARC_INS_TADDCCTV, 466 | SPARC_INS_TADDCC, 467 | SPARC_INS_T, 468 | SPARC_INS_TSUBCCTV, 469 | SPARC_INS_TSUBCC, 470 | SPARC_INS_UDIVCC, 471 | SPARC_INS_UDIVX, 472 | SPARC_INS_UDIV, 473 | SPARC_INS_UMULCC, 474 | SPARC_INS_UMULXHI, 475 | SPARC_INS_UMUL, 476 | SPARC_INS_UNIMP, 477 | SPARC_INS_FCMPED, 478 | SPARC_INS_FCMPEQ, 479 | SPARC_INS_FCMPES, 480 | SPARC_INS_WR, 481 | SPARC_INS_XMULX, 482 | SPARC_INS_XMULXHI, 483 | SPARC_INS_XNORCC, 484 | SPARC_INS_XNOR, 485 | SPARC_INS_XORCC, 486 | SPARC_INS_XOR, 487 | 488 | // alias instructions 489 | SPARC_INS_RET, 490 | SPARC_INS_RETL, 491 | 492 | SPARC_INS_ENDING, // <-- mark the end of the list of instructions 493 | } sparc_insn; 494 | 495 | //> Group of SPARC instructions 496 | typedef enum sparc_insn_group { 497 | SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID 498 | 499 | //> Generic groups 500 | // all jump instructions (conditional+direct+indirect jumps) 501 | SPARC_GRP_JUMP, // = CS_GRP_JUMP 502 | 503 | //> Architecture-specific groups 504 | SPARC_GRP_HARDQUAD = 128, 505 | SPARC_GRP_V9, 506 | SPARC_GRP_VIS, 507 | SPARC_GRP_VIS2, 508 | SPARC_GRP_VIS3, 509 | SPARC_GRP_32BIT, 510 | SPARC_GRP_64BIT, 511 | 512 | SPARC_GRP_ENDING, // <-- mark the end of the list of groups 513 | } sparc_insn_group; 514 | 515 | #ifdef __cplusplus 516 | } 517 | #endif 518 | 519 | #endif 520 | -------------------------------------------------------------------------------- /CaptainHook/include/systemz.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SYSTEMZ_H 2 | #define CAPSTONE_SYSTEMZ_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Enums corresponding to SystemZ condition codes 19 | typedef enum sysz_cc { 20 | SYSZ_CC_INVALID = 0, // invalid CC (default) 21 | 22 | SYSZ_CC_O, 23 | SYSZ_CC_H, 24 | SYSZ_CC_NLE, 25 | SYSZ_CC_L, 26 | SYSZ_CC_NHE, 27 | SYSZ_CC_LH, 28 | SYSZ_CC_NE, 29 | SYSZ_CC_E, 30 | SYSZ_CC_NLH, 31 | SYSZ_CC_HE, 32 | SYSZ_CC_NL, 33 | SYSZ_CC_LE, 34 | SYSZ_CC_NH, 35 | SYSZ_CC_NO, 36 | } sysz_cc; 37 | 38 | //> Operand type for instruction's operands 39 | typedef enum sysz_op_type { 40 | SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 41 | SYSZ_OP_REG, // = CS_OP_REG (Register operand). 42 | SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand). 43 | SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand). 44 | SYSZ_OP_ACREG = 64, // Access register operand. 45 | } sysz_op_type; 46 | 47 | // Instruction's operand referring to memory 48 | // This is associated with SYSZ_OP_MEM operand type above 49 | typedef struct sysz_op_mem { 50 | uint8_t base; // base register 51 | uint8_t index; // index register 52 | uint64_t length; // BDLAddr operand 53 | int64_t disp; // displacement/offset value 54 | } sysz_op_mem; 55 | 56 | // Instruction operand 57 | typedef struct cs_sysz_op { 58 | sysz_op_type type; // operand type 59 | union { 60 | unsigned int reg; // register value for REG operand 61 | int64_t imm; // immediate value for IMM operand 62 | sysz_op_mem mem; // base/disp value for MEM operand 63 | }; 64 | } cs_sysz_op; 65 | 66 | // Instruction structure 67 | typedef struct cs_sysz { 68 | sysz_cc cc; // Code condition 69 | // Number of operands of this instruction, 70 | // or 0 when instruction has no operand. 71 | uint8_t op_count; 72 | cs_sysz_op operands[6]; // operands for this instruction. 73 | } cs_sysz; 74 | 75 | //> SystemZ registers 76 | typedef enum sysz_reg { 77 | SYSZ_REG_INVALID = 0, 78 | 79 | SYSZ_REG_0, 80 | SYSZ_REG_1, 81 | SYSZ_REG_2, 82 | SYSZ_REG_3, 83 | SYSZ_REG_4, 84 | SYSZ_REG_5, 85 | SYSZ_REG_6, 86 | SYSZ_REG_7, 87 | SYSZ_REG_8, 88 | SYSZ_REG_9, 89 | SYSZ_REG_10, 90 | SYSZ_REG_11, 91 | SYSZ_REG_12, 92 | SYSZ_REG_13, 93 | SYSZ_REG_14, 94 | SYSZ_REG_15, 95 | SYSZ_REG_CC, 96 | SYSZ_REG_F0, 97 | SYSZ_REG_F1, 98 | SYSZ_REG_F2, 99 | SYSZ_REG_F3, 100 | SYSZ_REG_F4, 101 | SYSZ_REG_F5, 102 | SYSZ_REG_F6, 103 | SYSZ_REG_F7, 104 | SYSZ_REG_F8, 105 | SYSZ_REG_F9, 106 | SYSZ_REG_F10, 107 | SYSZ_REG_F11, 108 | SYSZ_REG_F12, 109 | SYSZ_REG_F13, 110 | SYSZ_REG_F14, 111 | SYSZ_REG_F15, 112 | 113 | SYSZ_REG_R0L, 114 | 115 | SYSZ_REG_ENDING, 116 | } sysz_reg; 117 | 118 | //> SystemZ instruction 119 | typedef enum sysz_insn { 120 | SYSZ_INS_INVALID = 0, 121 | 122 | SYSZ_INS_A, 123 | SYSZ_INS_ADB, 124 | SYSZ_INS_ADBR, 125 | SYSZ_INS_AEB, 126 | SYSZ_INS_AEBR, 127 | SYSZ_INS_AFI, 128 | SYSZ_INS_AG, 129 | SYSZ_INS_AGF, 130 | SYSZ_INS_AGFI, 131 | SYSZ_INS_AGFR, 132 | SYSZ_INS_AGHI, 133 | SYSZ_INS_AGHIK, 134 | SYSZ_INS_AGR, 135 | SYSZ_INS_AGRK, 136 | SYSZ_INS_AGSI, 137 | SYSZ_INS_AH, 138 | SYSZ_INS_AHI, 139 | SYSZ_INS_AHIK, 140 | SYSZ_INS_AHY, 141 | SYSZ_INS_AIH, 142 | SYSZ_INS_AL, 143 | SYSZ_INS_ALC, 144 | SYSZ_INS_ALCG, 145 | SYSZ_INS_ALCGR, 146 | SYSZ_INS_ALCR, 147 | SYSZ_INS_ALFI, 148 | SYSZ_INS_ALG, 149 | SYSZ_INS_ALGF, 150 | SYSZ_INS_ALGFI, 151 | SYSZ_INS_ALGFR, 152 | SYSZ_INS_ALGHSIK, 153 | SYSZ_INS_ALGR, 154 | SYSZ_INS_ALGRK, 155 | SYSZ_INS_ALHSIK, 156 | SYSZ_INS_ALR, 157 | SYSZ_INS_ALRK, 158 | SYSZ_INS_ALY, 159 | SYSZ_INS_AR, 160 | SYSZ_INS_ARK, 161 | SYSZ_INS_ASI, 162 | SYSZ_INS_AXBR, 163 | SYSZ_INS_AY, 164 | SYSZ_INS_BCR, 165 | SYSZ_INS_BRC, 166 | SYSZ_INS_BRCL, 167 | SYSZ_INS_CGIJ, 168 | SYSZ_INS_CGRJ, 169 | SYSZ_INS_CIJ, 170 | SYSZ_INS_CLGIJ, 171 | SYSZ_INS_CLGRJ, 172 | SYSZ_INS_CLIJ, 173 | SYSZ_INS_CLRJ, 174 | SYSZ_INS_CRJ, 175 | SYSZ_INS_BER, 176 | SYSZ_INS_JE, 177 | SYSZ_INS_JGE, 178 | SYSZ_INS_LOCE, 179 | SYSZ_INS_LOCGE, 180 | SYSZ_INS_LOCGRE, 181 | SYSZ_INS_LOCRE, 182 | SYSZ_INS_STOCE, 183 | SYSZ_INS_STOCGE, 184 | SYSZ_INS_BHR, 185 | SYSZ_INS_BHER, 186 | SYSZ_INS_JHE, 187 | SYSZ_INS_JGHE, 188 | SYSZ_INS_LOCHE, 189 | SYSZ_INS_LOCGHE, 190 | SYSZ_INS_LOCGRHE, 191 | SYSZ_INS_LOCRHE, 192 | SYSZ_INS_STOCHE, 193 | SYSZ_INS_STOCGHE, 194 | SYSZ_INS_JH, 195 | SYSZ_INS_JGH, 196 | SYSZ_INS_LOCH, 197 | SYSZ_INS_LOCGH, 198 | SYSZ_INS_LOCGRH, 199 | SYSZ_INS_LOCRH, 200 | SYSZ_INS_STOCH, 201 | SYSZ_INS_STOCGH, 202 | SYSZ_INS_CGIJNLH, 203 | SYSZ_INS_CGRJNLH, 204 | SYSZ_INS_CIJNLH, 205 | SYSZ_INS_CLGIJNLH, 206 | SYSZ_INS_CLGRJNLH, 207 | SYSZ_INS_CLIJNLH, 208 | SYSZ_INS_CLRJNLH, 209 | SYSZ_INS_CRJNLH, 210 | SYSZ_INS_CGIJE, 211 | SYSZ_INS_CGRJE, 212 | SYSZ_INS_CIJE, 213 | SYSZ_INS_CLGIJE, 214 | SYSZ_INS_CLGRJE, 215 | SYSZ_INS_CLIJE, 216 | SYSZ_INS_CLRJE, 217 | SYSZ_INS_CRJE, 218 | SYSZ_INS_CGIJNLE, 219 | SYSZ_INS_CGRJNLE, 220 | SYSZ_INS_CIJNLE, 221 | SYSZ_INS_CLGIJNLE, 222 | SYSZ_INS_CLGRJNLE, 223 | SYSZ_INS_CLIJNLE, 224 | SYSZ_INS_CLRJNLE, 225 | SYSZ_INS_CRJNLE, 226 | SYSZ_INS_CGIJH, 227 | SYSZ_INS_CGRJH, 228 | SYSZ_INS_CIJH, 229 | SYSZ_INS_CLGIJH, 230 | SYSZ_INS_CLGRJH, 231 | SYSZ_INS_CLIJH, 232 | SYSZ_INS_CLRJH, 233 | SYSZ_INS_CRJH, 234 | SYSZ_INS_CGIJNL, 235 | SYSZ_INS_CGRJNL, 236 | SYSZ_INS_CIJNL, 237 | SYSZ_INS_CLGIJNL, 238 | SYSZ_INS_CLGRJNL, 239 | SYSZ_INS_CLIJNL, 240 | SYSZ_INS_CLRJNL, 241 | SYSZ_INS_CRJNL, 242 | SYSZ_INS_CGIJHE, 243 | SYSZ_INS_CGRJHE, 244 | SYSZ_INS_CIJHE, 245 | SYSZ_INS_CLGIJHE, 246 | SYSZ_INS_CLGRJHE, 247 | SYSZ_INS_CLIJHE, 248 | SYSZ_INS_CLRJHE, 249 | SYSZ_INS_CRJHE, 250 | SYSZ_INS_CGIJNHE, 251 | SYSZ_INS_CGRJNHE, 252 | SYSZ_INS_CIJNHE, 253 | SYSZ_INS_CLGIJNHE, 254 | SYSZ_INS_CLGRJNHE, 255 | SYSZ_INS_CLIJNHE, 256 | SYSZ_INS_CLRJNHE, 257 | SYSZ_INS_CRJNHE, 258 | SYSZ_INS_CGIJL, 259 | SYSZ_INS_CGRJL, 260 | SYSZ_INS_CIJL, 261 | SYSZ_INS_CLGIJL, 262 | SYSZ_INS_CLGRJL, 263 | SYSZ_INS_CLIJL, 264 | SYSZ_INS_CLRJL, 265 | SYSZ_INS_CRJL, 266 | SYSZ_INS_CGIJNH, 267 | SYSZ_INS_CGRJNH, 268 | SYSZ_INS_CIJNH, 269 | SYSZ_INS_CLGIJNH, 270 | SYSZ_INS_CLGRJNH, 271 | SYSZ_INS_CLIJNH, 272 | SYSZ_INS_CLRJNH, 273 | SYSZ_INS_CRJNH, 274 | SYSZ_INS_CGIJLE, 275 | SYSZ_INS_CGRJLE, 276 | SYSZ_INS_CIJLE, 277 | SYSZ_INS_CLGIJLE, 278 | SYSZ_INS_CLGRJLE, 279 | SYSZ_INS_CLIJLE, 280 | SYSZ_INS_CLRJLE, 281 | SYSZ_INS_CRJLE, 282 | SYSZ_INS_CGIJNE, 283 | SYSZ_INS_CGRJNE, 284 | SYSZ_INS_CIJNE, 285 | SYSZ_INS_CLGIJNE, 286 | SYSZ_INS_CLGRJNE, 287 | SYSZ_INS_CLIJNE, 288 | SYSZ_INS_CLRJNE, 289 | SYSZ_INS_CRJNE, 290 | SYSZ_INS_CGIJLH, 291 | SYSZ_INS_CGRJLH, 292 | SYSZ_INS_CIJLH, 293 | SYSZ_INS_CLGIJLH, 294 | SYSZ_INS_CLGRJLH, 295 | SYSZ_INS_CLIJLH, 296 | SYSZ_INS_CLRJLH, 297 | SYSZ_INS_CRJLH, 298 | SYSZ_INS_BLR, 299 | SYSZ_INS_BLER, 300 | SYSZ_INS_JLE, 301 | SYSZ_INS_JGLE, 302 | SYSZ_INS_LOCLE, 303 | SYSZ_INS_LOCGLE, 304 | SYSZ_INS_LOCGRLE, 305 | SYSZ_INS_LOCRLE, 306 | SYSZ_INS_STOCLE, 307 | SYSZ_INS_STOCGLE, 308 | SYSZ_INS_BLHR, 309 | SYSZ_INS_JLH, 310 | SYSZ_INS_JGLH, 311 | SYSZ_INS_LOCLH, 312 | SYSZ_INS_LOCGLH, 313 | SYSZ_INS_LOCGRLH, 314 | SYSZ_INS_LOCRLH, 315 | SYSZ_INS_STOCLH, 316 | SYSZ_INS_STOCGLH, 317 | SYSZ_INS_JL, 318 | SYSZ_INS_JGL, 319 | SYSZ_INS_LOCL, 320 | SYSZ_INS_LOCGL, 321 | SYSZ_INS_LOCGRL, 322 | SYSZ_INS_LOCRL, 323 | SYSZ_INS_LOC, 324 | SYSZ_INS_LOCG, 325 | SYSZ_INS_LOCGR, 326 | SYSZ_INS_LOCR, 327 | SYSZ_INS_STOCL, 328 | SYSZ_INS_STOCGL, 329 | SYSZ_INS_BNER, 330 | SYSZ_INS_JNE, 331 | SYSZ_INS_JGNE, 332 | SYSZ_INS_LOCNE, 333 | SYSZ_INS_LOCGNE, 334 | SYSZ_INS_LOCGRNE, 335 | SYSZ_INS_LOCRNE, 336 | SYSZ_INS_STOCNE, 337 | SYSZ_INS_STOCGNE, 338 | SYSZ_INS_BNHR, 339 | SYSZ_INS_BNHER, 340 | SYSZ_INS_JNHE, 341 | SYSZ_INS_JGNHE, 342 | SYSZ_INS_LOCNHE, 343 | SYSZ_INS_LOCGNHE, 344 | SYSZ_INS_LOCGRNHE, 345 | SYSZ_INS_LOCRNHE, 346 | SYSZ_INS_STOCNHE, 347 | SYSZ_INS_STOCGNHE, 348 | SYSZ_INS_JNH, 349 | SYSZ_INS_JGNH, 350 | SYSZ_INS_LOCNH, 351 | SYSZ_INS_LOCGNH, 352 | SYSZ_INS_LOCGRNH, 353 | SYSZ_INS_LOCRNH, 354 | SYSZ_INS_STOCNH, 355 | SYSZ_INS_STOCGNH, 356 | SYSZ_INS_BNLR, 357 | SYSZ_INS_BNLER, 358 | SYSZ_INS_JNLE, 359 | SYSZ_INS_JGNLE, 360 | SYSZ_INS_LOCNLE, 361 | SYSZ_INS_LOCGNLE, 362 | SYSZ_INS_LOCGRNLE, 363 | SYSZ_INS_LOCRNLE, 364 | SYSZ_INS_STOCNLE, 365 | SYSZ_INS_STOCGNLE, 366 | SYSZ_INS_BNLHR, 367 | SYSZ_INS_JNLH, 368 | SYSZ_INS_JGNLH, 369 | SYSZ_INS_LOCNLH, 370 | SYSZ_INS_LOCGNLH, 371 | SYSZ_INS_LOCGRNLH, 372 | SYSZ_INS_LOCRNLH, 373 | SYSZ_INS_STOCNLH, 374 | SYSZ_INS_STOCGNLH, 375 | SYSZ_INS_JNL, 376 | SYSZ_INS_JGNL, 377 | SYSZ_INS_LOCNL, 378 | SYSZ_INS_LOCGNL, 379 | SYSZ_INS_LOCGRNL, 380 | SYSZ_INS_LOCRNL, 381 | SYSZ_INS_STOCNL, 382 | SYSZ_INS_STOCGNL, 383 | SYSZ_INS_BNOR, 384 | SYSZ_INS_JNO, 385 | SYSZ_INS_JGNO, 386 | SYSZ_INS_LOCNO, 387 | SYSZ_INS_LOCGNO, 388 | SYSZ_INS_LOCGRNO, 389 | SYSZ_INS_LOCRNO, 390 | SYSZ_INS_STOCNO, 391 | SYSZ_INS_STOCGNO, 392 | SYSZ_INS_BOR, 393 | SYSZ_INS_JO, 394 | SYSZ_INS_JGO, 395 | SYSZ_INS_LOCO, 396 | SYSZ_INS_LOCGO, 397 | SYSZ_INS_LOCGRO, 398 | SYSZ_INS_LOCRO, 399 | SYSZ_INS_STOCO, 400 | SYSZ_INS_STOCGO, 401 | SYSZ_INS_STOC, 402 | SYSZ_INS_STOCG, 403 | SYSZ_INS_BASR, 404 | SYSZ_INS_BR, 405 | SYSZ_INS_BRAS, 406 | SYSZ_INS_BRASL, 407 | SYSZ_INS_J, 408 | SYSZ_INS_JG, 409 | SYSZ_INS_BRCT, 410 | SYSZ_INS_BRCTG, 411 | SYSZ_INS_C, 412 | SYSZ_INS_CDB, 413 | SYSZ_INS_CDBR, 414 | SYSZ_INS_CDFBR, 415 | SYSZ_INS_CDGBR, 416 | SYSZ_INS_CDLFBR, 417 | SYSZ_INS_CDLGBR, 418 | SYSZ_INS_CEB, 419 | SYSZ_INS_CEBR, 420 | SYSZ_INS_CEFBR, 421 | SYSZ_INS_CEGBR, 422 | SYSZ_INS_CELFBR, 423 | SYSZ_INS_CELGBR, 424 | SYSZ_INS_CFDBR, 425 | SYSZ_INS_CFEBR, 426 | SYSZ_INS_CFI, 427 | SYSZ_INS_CFXBR, 428 | SYSZ_INS_CG, 429 | SYSZ_INS_CGDBR, 430 | SYSZ_INS_CGEBR, 431 | SYSZ_INS_CGF, 432 | SYSZ_INS_CGFI, 433 | SYSZ_INS_CGFR, 434 | SYSZ_INS_CGFRL, 435 | SYSZ_INS_CGH, 436 | SYSZ_INS_CGHI, 437 | SYSZ_INS_CGHRL, 438 | SYSZ_INS_CGHSI, 439 | SYSZ_INS_CGR, 440 | SYSZ_INS_CGRL, 441 | SYSZ_INS_CGXBR, 442 | SYSZ_INS_CH, 443 | SYSZ_INS_CHF, 444 | SYSZ_INS_CHHSI, 445 | SYSZ_INS_CHI, 446 | SYSZ_INS_CHRL, 447 | SYSZ_INS_CHSI, 448 | SYSZ_INS_CHY, 449 | SYSZ_INS_CIH, 450 | SYSZ_INS_CL, 451 | SYSZ_INS_CLC, 452 | SYSZ_INS_CLFDBR, 453 | SYSZ_INS_CLFEBR, 454 | SYSZ_INS_CLFHSI, 455 | SYSZ_INS_CLFI, 456 | SYSZ_INS_CLFXBR, 457 | SYSZ_INS_CLG, 458 | SYSZ_INS_CLGDBR, 459 | SYSZ_INS_CLGEBR, 460 | SYSZ_INS_CLGF, 461 | SYSZ_INS_CLGFI, 462 | SYSZ_INS_CLGFR, 463 | SYSZ_INS_CLGFRL, 464 | SYSZ_INS_CLGHRL, 465 | SYSZ_INS_CLGHSI, 466 | SYSZ_INS_CLGR, 467 | SYSZ_INS_CLGRL, 468 | SYSZ_INS_CLGXBR, 469 | SYSZ_INS_CLHF, 470 | SYSZ_INS_CLHHSI, 471 | SYSZ_INS_CLHRL, 472 | SYSZ_INS_CLI, 473 | SYSZ_INS_CLIH, 474 | SYSZ_INS_CLIY, 475 | SYSZ_INS_CLR, 476 | SYSZ_INS_CLRL, 477 | SYSZ_INS_CLST, 478 | SYSZ_INS_CLY, 479 | SYSZ_INS_CPSDR, 480 | SYSZ_INS_CR, 481 | SYSZ_INS_CRL, 482 | SYSZ_INS_CS, 483 | SYSZ_INS_CSG, 484 | SYSZ_INS_CSY, 485 | SYSZ_INS_CXBR, 486 | SYSZ_INS_CXFBR, 487 | SYSZ_INS_CXGBR, 488 | SYSZ_INS_CXLFBR, 489 | SYSZ_INS_CXLGBR, 490 | SYSZ_INS_CY, 491 | SYSZ_INS_DDB, 492 | SYSZ_INS_DDBR, 493 | SYSZ_INS_DEB, 494 | SYSZ_INS_DEBR, 495 | SYSZ_INS_DL, 496 | SYSZ_INS_DLG, 497 | SYSZ_INS_DLGR, 498 | SYSZ_INS_DLR, 499 | SYSZ_INS_DSG, 500 | SYSZ_INS_DSGF, 501 | SYSZ_INS_DSGFR, 502 | SYSZ_INS_DSGR, 503 | SYSZ_INS_DXBR, 504 | SYSZ_INS_EAR, 505 | SYSZ_INS_FIDBR, 506 | SYSZ_INS_FIDBRA, 507 | SYSZ_INS_FIEBR, 508 | SYSZ_INS_FIEBRA, 509 | SYSZ_INS_FIXBR, 510 | SYSZ_INS_FIXBRA, 511 | SYSZ_INS_FLOGR, 512 | SYSZ_INS_IC, 513 | SYSZ_INS_ICY, 514 | SYSZ_INS_IIHF, 515 | SYSZ_INS_IIHH, 516 | SYSZ_INS_IIHL, 517 | SYSZ_INS_IILF, 518 | SYSZ_INS_IILH, 519 | SYSZ_INS_IILL, 520 | SYSZ_INS_IPM, 521 | SYSZ_INS_L, 522 | SYSZ_INS_LA, 523 | SYSZ_INS_LAA, 524 | SYSZ_INS_LAAG, 525 | SYSZ_INS_LAAL, 526 | SYSZ_INS_LAALG, 527 | SYSZ_INS_LAN, 528 | SYSZ_INS_LANG, 529 | SYSZ_INS_LAO, 530 | SYSZ_INS_LAOG, 531 | SYSZ_INS_LARL, 532 | SYSZ_INS_LAX, 533 | SYSZ_INS_LAXG, 534 | SYSZ_INS_LAY, 535 | SYSZ_INS_LB, 536 | SYSZ_INS_LBH, 537 | SYSZ_INS_LBR, 538 | SYSZ_INS_LCDBR, 539 | SYSZ_INS_LCEBR, 540 | SYSZ_INS_LCGFR, 541 | SYSZ_INS_LCGR, 542 | SYSZ_INS_LCR, 543 | SYSZ_INS_LCXBR, 544 | SYSZ_INS_LD, 545 | SYSZ_INS_LDEB, 546 | SYSZ_INS_LDEBR, 547 | SYSZ_INS_LDGR, 548 | SYSZ_INS_LDR, 549 | SYSZ_INS_LDXBR, 550 | SYSZ_INS_LDXBRA, 551 | SYSZ_INS_LDY, 552 | SYSZ_INS_LE, 553 | SYSZ_INS_LEDBR, 554 | SYSZ_INS_LEDBRA, 555 | SYSZ_INS_LER, 556 | SYSZ_INS_LEXBR, 557 | SYSZ_INS_LEXBRA, 558 | SYSZ_INS_LEY, 559 | SYSZ_INS_LFH, 560 | SYSZ_INS_LG, 561 | SYSZ_INS_LGB, 562 | SYSZ_INS_LGBR, 563 | SYSZ_INS_LGDR, 564 | SYSZ_INS_LGF, 565 | SYSZ_INS_LGFI, 566 | SYSZ_INS_LGFR, 567 | SYSZ_INS_LGFRL, 568 | SYSZ_INS_LGH, 569 | SYSZ_INS_LGHI, 570 | SYSZ_INS_LGHR, 571 | SYSZ_INS_LGHRL, 572 | SYSZ_INS_LGR, 573 | SYSZ_INS_LGRL, 574 | SYSZ_INS_LH, 575 | SYSZ_INS_LHH, 576 | SYSZ_INS_LHI, 577 | SYSZ_INS_LHR, 578 | SYSZ_INS_LHRL, 579 | SYSZ_INS_LHY, 580 | SYSZ_INS_LLC, 581 | SYSZ_INS_LLCH, 582 | SYSZ_INS_LLCR, 583 | SYSZ_INS_LLGC, 584 | SYSZ_INS_LLGCR, 585 | SYSZ_INS_LLGF, 586 | SYSZ_INS_LLGFR, 587 | SYSZ_INS_LLGFRL, 588 | SYSZ_INS_LLGH, 589 | SYSZ_INS_LLGHR, 590 | SYSZ_INS_LLGHRL, 591 | SYSZ_INS_LLH, 592 | SYSZ_INS_LLHH, 593 | SYSZ_INS_LLHR, 594 | SYSZ_INS_LLHRL, 595 | SYSZ_INS_LLIHF, 596 | SYSZ_INS_LLIHH, 597 | SYSZ_INS_LLIHL, 598 | SYSZ_INS_LLILF, 599 | SYSZ_INS_LLILH, 600 | SYSZ_INS_LLILL, 601 | SYSZ_INS_LMG, 602 | SYSZ_INS_LNDBR, 603 | SYSZ_INS_LNEBR, 604 | SYSZ_INS_LNGFR, 605 | SYSZ_INS_LNGR, 606 | SYSZ_INS_LNR, 607 | SYSZ_INS_LNXBR, 608 | SYSZ_INS_LPDBR, 609 | SYSZ_INS_LPEBR, 610 | SYSZ_INS_LPGFR, 611 | SYSZ_INS_LPGR, 612 | SYSZ_INS_LPR, 613 | SYSZ_INS_LPXBR, 614 | SYSZ_INS_LR, 615 | SYSZ_INS_LRL, 616 | SYSZ_INS_LRV, 617 | SYSZ_INS_LRVG, 618 | SYSZ_INS_LRVGR, 619 | SYSZ_INS_LRVR, 620 | SYSZ_INS_LT, 621 | SYSZ_INS_LTDBR, 622 | SYSZ_INS_LTEBR, 623 | SYSZ_INS_LTG, 624 | SYSZ_INS_LTGF, 625 | SYSZ_INS_LTGFR, 626 | SYSZ_INS_LTGR, 627 | SYSZ_INS_LTR, 628 | SYSZ_INS_LTXBR, 629 | SYSZ_INS_LXDB, 630 | SYSZ_INS_LXDBR, 631 | SYSZ_INS_LXEB, 632 | SYSZ_INS_LXEBR, 633 | SYSZ_INS_LXR, 634 | SYSZ_INS_LY, 635 | SYSZ_INS_LZDR, 636 | SYSZ_INS_LZER, 637 | SYSZ_INS_LZXR, 638 | SYSZ_INS_MADB, 639 | SYSZ_INS_MADBR, 640 | SYSZ_INS_MAEB, 641 | SYSZ_INS_MAEBR, 642 | SYSZ_INS_MDB, 643 | SYSZ_INS_MDBR, 644 | SYSZ_INS_MDEB, 645 | SYSZ_INS_MDEBR, 646 | SYSZ_INS_MEEB, 647 | SYSZ_INS_MEEBR, 648 | SYSZ_INS_MGHI, 649 | SYSZ_INS_MH, 650 | SYSZ_INS_MHI, 651 | SYSZ_INS_MHY, 652 | SYSZ_INS_MLG, 653 | SYSZ_INS_MLGR, 654 | SYSZ_INS_MS, 655 | SYSZ_INS_MSDB, 656 | SYSZ_INS_MSDBR, 657 | SYSZ_INS_MSEB, 658 | SYSZ_INS_MSEBR, 659 | SYSZ_INS_MSFI, 660 | SYSZ_INS_MSG, 661 | SYSZ_INS_MSGF, 662 | SYSZ_INS_MSGFI, 663 | SYSZ_INS_MSGFR, 664 | SYSZ_INS_MSGR, 665 | SYSZ_INS_MSR, 666 | SYSZ_INS_MSY, 667 | SYSZ_INS_MVC, 668 | SYSZ_INS_MVGHI, 669 | SYSZ_INS_MVHHI, 670 | SYSZ_INS_MVHI, 671 | SYSZ_INS_MVI, 672 | SYSZ_INS_MVIY, 673 | SYSZ_INS_MVST, 674 | SYSZ_INS_MXBR, 675 | SYSZ_INS_MXDB, 676 | SYSZ_INS_MXDBR, 677 | SYSZ_INS_N, 678 | SYSZ_INS_NC, 679 | SYSZ_INS_NG, 680 | SYSZ_INS_NGR, 681 | SYSZ_INS_NGRK, 682 | SYSZ_INS_NI, 683 | SYSZ_INS_NIHF, 684 | SYSZ_INS_NIHH, 685 | SYSZ_INS_NIHL, 686 | SYSZ_INS_NILF, 687 | SYSZ_INS_NILH, 688 | SYSZ_INS_NILL, 689 | SYSZ_INS_NIY, 690 | SYSZ_INS_NR, 691 | SYSZ_INS_NRK, 692 | SYSZ_INS_NY, 693 | SYSZ_INS_O, 694 | SYSZ_INS_OC, 695 | SYSZ_INS_OG, 696 | SYSZ_INS_OGR, 697 | SYSZ_INS_OGRK, 698 | SYSZ_INS_OI, 699 | SYSZ_INS_OIHF, 700 | SYSZ_INS_OIHH, 701 | SYSZ_INS_OIHL, 702 | SYSZ_INS_OILF, 703 | SYSZ_INS_OILH, 704 | SYSZ_INS_OILL, 705 | SYSZ_INS_OIY, 706 | SYSZ_INS_OR, 707 | SYSZ_INS_ORK, 708 | SYSZ_INS_OY, 709 | SYSZ_INS_PFD, 710 | SYSZ_INS_PFDRL, 711 | SYSZ_INS_RISBG, 712 | SYSZ_INS_RISBHG, 713 | SYSZ_INS_RISBLG, 714 | SYSZ_INS_RLL, 715 | SYSZ_INS_RLLG, 716 | SYSZ_INS_RNSBG, 717 | SYSZ_INS_ROSBG, 718 | SYSZ_INS_RXSBG, 719 | SYSZ_INS_S, 720 | SYSZ_INS_SDB, 721 | SYSZ_INS_SDBR, 722 | SYSZ_INS_SEB, 723 | SYSZ_INS_SEBR, 724 | SYSZ_INS_SG, 725 | SYSZ_INS_SGF, 726 | SYSZ_INS_SGFR, 727 | SYSZ_INS_SGR, 728 | SYSZ_INS_SGRK, 729 | SYSZ_INS_SH, 730 | SYSZ_INS_SHY, 731 | SYSZ_INS_SL, 732 | SYSZ_INS_SLB, 733 | SYSZ_INS_SLBG, 734 | SYSZ_INS_SLBR, 735 | SYSZ_INS_SLFI, 736 | SYSZ_INS_SLG, 737 | SYSZ_INS_SLBGR, 738 | SYSZ_INS_SLGF, 739 | SYSZ_INS_SLGFI, 740 | SYSZ_INS_SLGFR, 741 | SYSZ_INS_SLGR, 742 | SYSZ_INS_SLGRK, 743 | SYSZ_INS_SLL, 744 | SYSZ_INS_SLLG, 745 | SYSZ_INS_SLLK, 746 | SYSZ_INS_SLR, 747 | SYSZ_INS_SLRK, 748 | SYSZ_INS_SLY, 749 | SYSZ_INS_SQDB, 750 | SYSZ_INS_SQDBR, 751 | SYSZ_INS_SQEB, 752 | SYSZ_INS_SQEBR, 753 | SYSZ_INS_SQXBR, 754 | SYSZ_INS_SR, 755 | SYSZ_INS_SRA, 756 | SYSZ_INS_SRAG, 757 | SYSZ_INS_SRAK, 758 | SYSZ_INS_SRK, 759 | SYSZ_INS_SRL, 760 | SYSZ_INS_SRLG, 761 | SYSZ_INS_SRLK, 762 | SYSZ_INS_SRST, 763 | SYSZ_INS_ST, 764 | SYSZ_INS_STC, 765 | SYSZ_INS_STCH, 766 | SYSZ_INS_STCY, 767 | SYSZ_INS_STD, 768 | SYSZ_INS_STDY, 769 | SYSZ_INS_STE, 770 | SYSZ_INS_STEY, 771 | SYSZ_INS_STFH, 772 | SYSZ_INS_STG, 773 | SYSZ_INS_STGRL, 774 | SYSZ_INS_STH, 775 | SYSZ_INS_STHH, 776 | SYSZ_INS_STHRL, 777 | SYSZ_INS_STHY, 778 | SYSZ_INS_STMG, 779 | SYSZ_INS_STRL, 780 | SYSZ_INS_STRV, 781 | SYSZ_INS_STRVG, 782 | SYSZ_INS_STY, 783 | SYSZ_INS_SXBR, 784 | SYSZ_INS_SY, 785 | SYSZ_INS_TM, 786 | SYSZ_INS_TMHH, 787 | SYSZ_INS_TMHL, 788 | SYSZ_INS_TMLH, 789 | SYSZ_INS_TMLL, 790 | SYSZ_INS_TMY, 791 | SYSZ_INS_X, 792 | SYSZ_INS_XC, 793 | SYSZ_INS_XG, 794 | SYSZ_INS_XGR, 795 | SYSZ_INS_XGRK, 796 | SYSZ_INS_XI, 797 | SYSZ_INS_XIHF, 798 | SYSZ_INS_XILF, 799 | SYSZ_INS_XIY, 800 | SYSZ_INS_XR, 801 | SYSZ_INS_XRK, 802 | SYSZ_INS_XY, 803 | 804 | SYSZ_INS_ENDING, // <-- mark the end of the list of instructions 805 | } sysz_insn; 806 | 807 | //> Group of SystemZ instructions 808 | typedef enum sysz_insn_group { 809 | SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID 810 | 811 | //> Generic groups 812 | // all jump instructions (conditional+direct+indirect jumps) 813 | SYSZ_GRP_JUMP, // = CS_GRP_JUMP 814 | 815 | //> Architecture-specific groups 816 | SYSZ_GRP_DISTINCTOPS = 128, 817 | SYSZ_GRP_FPEXTENSION, 818 | SYSZ_GRP_HIGHWORD, 819 | SYSZ_GRP_INTERLOCKEDACCESS1, 820 | SYSZ_GRP_LOADSTOREONCOND, 821 | 822 | SYSZ_GRP_ENDING, // <-- mark the end of the list of groups 823 | } sysz_insn_group; 824 | 825 | #ifdef __cplusplus 826 | } 827 | #endif 828 | 829 | #endif 830 | -------------------------------------------------------------------------------- /CaptainHook/include/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Operand type for instruction's operands 19 | typedef enum xcore_op_type { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | // Instruction's operand referring to memory 27 | // This is associated with XCORE_OP_MEM operand type above 28 | typedef struct xcore_op_mem { 29 | uint8_t base; // base register 30 | uint8_t index; // index register 31 | int32_t disp; // displacement/offset value 32 | int direct; // +1: forward, -1: backward 33 | } xcore_op_mem; 34 | 35 | // Instruction operand 36 | typedef struct cs_xcore_op { 37 | xcore_op_type type; // operand type 38 | union { 39 | unsigned int reg; // register value for REG operand 40 | int32_t imm; // immediate value for IMM operand 41 | xcore_op_mem mem; // base/disp value for MEM operand 42 | }; 43 | } cs_xcore_op; 44 | 45 | // Instruction structure 46 | typedef struct cs_xcore { 47 | // Number of operands of this instruction, 48 | // or 0 when instruction has no operand. 49 | uint8_t op_count; 50 | cs_xcore_op operands[8]; // operands for this instruction. 51 | } cs_xcore; 52 | 53 | //> XCore registers 54 | typedef enum xcore_reg { 55 | XCORE_REG_INVALID = 0, 56 | 57 | XCORE_REG_CP, 58 | XCORE_REG_DP, 59 | XCORE_REG_LR, 60 | XCORE_REG_SP, 61 | XCORE_REG_R0, 62 | XCORE_REG_R1, 63 | XCORE_REG_R2, 64 | XCORE_REG_R3, 65 | XCORE_REG_R4, 66 | XCORE_REG_R5, 67 | XCORE_REG_R6, 68 | XCORE_REG_R7, 69 | XCORE_REG_R8, 70 | XCORE_REG_R9, 71 | XCORE_REG_R10, 72 | XCORE_REG_R11, 73 | 74 | //> pseudo registers 75 | XCORE_REG_PC, // pc 76 | 77 | // internal thread registers 78 | // see The-XMOS-XS1-Architecture(X7879A).pdf 79 | XCORE_REG_SCP, // save pc 80 | XCORE_REG_SSR, // save status 81 | XCORE_REG_ET, // exception type 82 | XCORE_REG_ED, // exception data 83 | XCORE_REG_SED, // save exception data 84 | XCORE_REG_KEP, // kernel entry pointer 85 | XCORE_REG_KSP, // kernel stack pointer 86 | XCORE_REG_ID, // thread ID 87 | 88 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 89 | } xcore_reg; 90 | 91 | //> XCore instruction 92 | typedef enum xcore_insn { 93 | XCORE_INS_INVALID = 0, 94 | 95 | XCORE_INS_ADD, 96 | XCORE_INS_ANDNOT, 97 | XCORE_INS_AND, 98 | XCORE_INS_ASHR, 99 | XCORE_INS_BAU, 100 | XCORE_INS_BITREV, 101 | XCORE_INS_BLA, 102 | XCORE_INS_BLAT, 103 | XCORE_INS_BL, 104 | XCORE_INS_BF, 105 | XCORE_INS_BT, 106 | XCORE_INS_BU, 107 | XCORE_INS_BRU, 108 | XCORE_INS_BYTEREV, 109 | XCORE_INS_CHKCT, 110 | XCORE_INS_CLRE, 111 | XCORE_INS_CLRPT, 112 | XCORE_INS_CLRSR, 113 | XCORE_INS_CLZ, 114 | XCORE_INS_CRC8, 115 | XCORE_INS_CRC32, 116 | XCORE_INS_DCALL, 117 | XCORE_INS_DENTSP, 118 | XCORE_INS_DGETREG, 119 | XCORE_INS_DIVS, 120 | XCORE_INS_DIVU, 121 | XCORE_INS_DRESTSP, 122 | XCORE_INS_DRET, 123 | XCORE_INS_ECALLF, 124 | XCORE_INS_ECALLT, 125 | XCORE_INS_EDU, 126 | XCORE_INS_EEF, 127 | XCORE_INS_EET, 128 | XCORE_INS_EEU, 129 | XCORE_INS_ENDIN, 130 | XCORE_INS_ENTSP, 131 | XCORE_INS_EQ, 132 | XCORE_INS_EXTDP, 133 | XCORE_INS_EXTSP, 134 | XCORE_INS_FREER, 135 | XCORE_INS_FREET, 136 | XCORE_INS_GETD, 137 | XCORE_INS_GET, 138 | XCORE_INS_GETN, 139 | XCORE_INS_GETR, 140 | XCORE_INS_GETSR, 141 | XCORE_INS_GETST, 142 | XCORE_INS_GETTS, 143 | XCORE_INS_INCT, 144 | XCORE_INS_INIT, 145 | XCORE_INS_INPW, 146 | XCORE_INS_INSHR, 147 | XCORE_INS_INT, 148 | XCORE_INS_IN, 149 | XCORE_INS_KCALL, 150 | XCORE_INS_KENTSP, 151 | XCORE_INS_KRESTSP, 152 | XCORE_INS_KRET, 153 | XCORE_INS_LADD, 154 | XCORE_INS_LD16S, 155 | XCORE_INS_LD8U, 156 | XCORE_INS_LDA16, 157 | XCORE_INS_LDAP, 158 | XCORE_INS_LDAW, 159 | XCORE_INS_LDC, 160 | XCORE_INS_LDW, 161 | XCORE_INS_LDIVU, 162 | XCORE_INS_LMUL, 163 | XCORE_INS_LSS, 164 | XCORE_INS_LSUB, 165 | XCORE_INS_LSU, 166 | XCORE_INS_MACCS, 167 | XCORE_INS_MACCU, 168 | XCORE_INS_MJOIN, 169 | XCORE_INS_MKMSK, 170 | XCORE_INS_MSYNC, 171 | XCORE_INS_MUL, 172 | XCORE_INS_NEG, 173 | XCORE_INS_NOT, 174 | XCORE_INS_OR, 175 | XCORE_INS_OUTCT, 176 | XCORE_INS_OUTPW, 177 | XCORE_INS_OUTSHR, 178 | XCORE_INS_OUTT, 179 | XCORE_INS_OUT, 180 | XCORE_INS_PEEK, 181 | XCORE_INS_REMS, 182 | XCORE_INS_REMU, 183 | XCORE_INS_RETSP, 184 | XCORE_INS_SETCLK, 185 | XCORE_INS_SET, 186 | XCORE_INS_SETC, 187 | XCORE_INS_SETD, 188 | XCORE_INS_SETEV, 189 | XCORE_INS_SETN, 190 | XCORE_INS_SETPSC, 191 | XCORE_INS_SETPT, 192 | XCORE_INS_SETRDY, 193 | XCORE_INS_SETSR, 194 | XCORE_INS_SETTW, 195 | XCORE_INS_SETV, 196 | XCORE_INS_SEXT, 197 | XCORE_INS_SHL, 198 | XCORE_INS_SHR, 199 | XCORE_INS_SSYNC, 200 | XCORE_INS_ST16, 201 | XCORE_INS_ST8, 202 | XCORE_INS_STW, 203 | XCORE_INS_SUB, 204 | XCORE_INS_SYNCR, 205 | XCORE_INS_TESTCT, 206 | XCORE_INS_TESTLCL, 207 | XCORE_INS_TESTWCT, 208 | XCORE_INS_TSETMR, 209 | XCORE_INS_START, 210 | XCORE_INS_WAITEF, 211 | XCORE_INS_WAITET, 212 | XCORE_INS_WAITEU, 213 | XCORE_INS_XOR, 214 | XCORE_INS_ZEXT, 215 | 216 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 217 | } xcore_insn; 218 | 219 | //> Group of XCore instructions 220 | typedef enum xcore_insn_group { 221 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 222 | 223 | //> Generic groups 224 | // all jump instructions (conditional+direct+indirect jumps) 225 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 226 | 227 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 228 | } xcore_insn_group; 229 | 230 | #ifdef __cplusplus 231 | } 232 | #endif 233 | 234 | #endif 235 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CaptainHook (version 2.1 beta) 2 | 3 | **this one isnt release, plz download from [here](https://github.com/shmuelyr/CaptainHook/releases)** 4 | 5 | CaptainHook is a hook framework for x86/x64 arch, it's based on [capstone](https://github.com/aquynh/capstone) disassembler engine. 6 | CaptainHook is easy to use, and very friendly. 7 | The hook engine is much like MS Detours, so why to choose it? 8 | * it supports x64 (Detours x64 is commerical - $10,000~). 9 | * CaptainHook will know where to locate your hook in real time, the engine analyzes the code, and finds if small API redirection (Wow64 hook on kernelbase for example or some minimal JMP table redirection[particularly common in packed/protected code]) was occurred, and locate your hook in safe area. 10 | * in the next release, CaptainHook will contain an engine for jmp/conditional jmp repair - if your hook corrupts sensitive code. 11 | 12 | ## whats new? 13 | * Disable/Eneble hook at runtime, without remove them. 14 | * some fix in the design of the code and the class. 15 | 16 | code example: 17 | ```c++ 18 | 19 | #include "CaptainHook.h" 20 | #pragma comment(lib, "CaptainHook.lib") 21 | 22 | void (__fastcall *CH_OriginalFunction_1)(...) = OriginalFunction_1; 23 | void (__stdcall *CH_OriginalFunction_2)(...) = OriginalFunction_2; 24 | void (__fastcall *CH_OriginalFunction_3)(...) = OriginalFunction_3; 25 | void (__fastcall *CH_OriginalFunction_4)(...) = OriginalFunction_4; 26 | 27 | int main() { 28 | 29 | unsigned int uiHookId1, uiHookId2; 30 | CaptainHook *pChook = new CaptainHook(); 31 | if (!pChook) return 0; 32 | 33 | pChook->AddInlineHook(&(void *&)CH_OriginalFunction_1, HookedOriginalFunction_1); 34 | pChook->AddPageGuardHook(&(void *&)CH_OriginalFunction_2, HookedOriginalFunction_2); 35 | 36 | pChook->AddInlineHook(&(void *&)CH_OriginalFunction_3, HookedOriginalFunction_3, &uiHookId1); 37 | pChook->AddPageGuardHook(&(void *&)CH_OriginalFunction_4, HookedOriginalFunction_4, &uiHookId2); 38 | /* 39 | : 40 | */ 41 | pChook->DisableHook(uiHookId1); 42 | /* 43 | : 44 | */ 45 | pChook->EnableHook(uiHookId1); 46 | /* 47 | : 48 | */ 49 | pChook->~CaptainHook(); // this function clean all the hook(s). 50 | return 0; 51 | } 52 | ``` 53 | CaptainHook.h for include is just [this](https://github.com/shmuelyr/CaptainHook/blob/master/CaptainHook/CaptainHook_for_include.h) file 54 | 55 | ### how to build? 56 | ```shell 57 | > git clone --recursive https://github.com/shmuelyr/CaptainHook.git 58 | > cd CaptainHook 59 | > "C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Tools\vsvars32.bat" 60 | > msbuild.exe 61 | ``` 62 | 63 | ### in the next version: 64 | * IAT hooking, for dll function. 65 | * hooking with hardware breakpoint. 66 | 67 | ### Full example: 68 | ```c++ 69 | 70 | #include 71 | #include "CaptainHook.h" 72 | 73 | #pragma comment(lib, "CaptainHook.lib") 74 | 75 | int(__stdcall *CH_OriginalMessageBoxA) 76 | (HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) = MessageBoxA; 77 | int __stdcall MyMessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType) { 78 | 79 | return CH_OriginalMessageBoxA(hWnd, "HOOK", "HOOK", uType); 80 | } 81 | 82 | int WinMain(HINSTANCE hIns, HINSTANCE hPrev, LPSTR lpCmdLine, int cCmdShow) { 83 | 84 | unsigned int uiHookId; 85 | CaptainHook *pChook = new CaptainHook(); 86 | pChook->AddPageGuardHook(&(void *&)CH_OriginalMessageBoxA, MyMessageBoxA, &uiHookId); 87 | MessageBoxA(NULL, "test", "test", MB_OK); 88 | pChook->DisableHook(uiHookId); 89 | MessageBoxA(NULL, "test", "test", MB_OK); 90 | pChook->EnableHook(uiHookId); 91 | MessageBoxA(NULL, "test", "test", MB_OK); 92 | return 0; 93 | } 94 | ``` 95 | 96 | 97 | Happy Hooking! 98 | --------------------------------------------------------------------------------