├── .github └── FUNDING.yml ├── .gitignore ├── LICENSE ├── README.md ├── Release └── anticuckoo.exe ├── anticuckoo.cpp ├── anticuckoo.h ├── anticuckoo.sln ├── anticuckoo.vcxproj ├── anticuckoo.vcxproj.filters ├── capstone ├── capstone.lib └── include │ ├── arm.h │ ├── arm64.h │ ├── capstone.h │ ├── mips.h │ ├── platform.h │ ├── ppc.h │ ├── sparc.h │ ├── systemz.h │ ├── x86.h │ └── xcore.h ├── main.cpp ├── misc.cpp ├── misc.h ├── poc_exe.h ├── stdafx.cpp ├── stdafx.h └── targetver.h /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [therealdreg] 4 | patreon: dreg 5 | custom: ["https://www.paypal.me/therealdreg", "https://www.paypal.me/therealdreg"] 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | winxprelease 2 | poc.exe 3 | *.suo 4 | *.user 5 | *.userosscache 6 | *.sln.docstates 7 | [Dd]ebug/ 8 | *_i.c 9 | *_p.c 10 | *_i.h 11 | *.ilk 12 | *.meta 13 | *.obj 14 | *.pch 15 | *.pdb 16 | *.pgc 17 | *.pgd 18 | *.rsp 19 | *.sbr 20 | *.tlb 21 | *.tli 22 | *.tlh 23 | *.tmp 24 | anticuckoo.i-* 25 | *.tmp_proj 26 | *.log 27 | *.vspscc 28 | *.vssscc 29 | .builds 30 | *.pidb 31 | *.svclog 32 | *.scc 33 | ipch/ 34 | *.aps 35 | *.ncb 36 | *.opensdf 37 | *.sdf 38 | *.cachefile 39 | *.psess 40 | *.vsp 41 | *.vspx 42 | *.tlog 43 | *.dtct -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 David Reguera Garcia aka Dreg 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # anticuckoo 2 | A tool to detect and crash Cuckoo Sandbox. Tested in [Cuckoo Sandbox Official](http://www.cuckoosandbox.org/) and [Accuvant's Cuckoo version](https://github.com/brad-accuvant/cuckoo-modified). 3 | 4 | Please, consider make a donation: https://github.com/sponsors/therealdreg 5 | 6 | Anticuckoo can also detect other sandbox like FireEye (-c2): 7 | 8 | ![ScreenShot](https://github.com/David-Reguera-Garcia-Dreg/anticuckoo/blob/images/fireyee.png) 9 | 10 | [Reddit / netsec discussion about anticuckoo.](https://www.reddit.com/r/netsec/comments/3atvmb/anticuckoo_a_tool_to_detect_and_crash_cuckoo/) 11 | 12 | ## Features 13 | 14 | * [Detection](#cuckoo-detection): 15 | * Cuckoo hooks detection (all kind of cuckoo hooks). 16 | * Suspicius data in own memory (without APIs, page per page scanning). 17 | * [Crash (Execute with arguments)](#cuckoo-crash) (out of a sandbox these args dont crash the program): 18 | * -c1: Modify the RET N instruction of a hooked API with a higher value. Next call to API pushing more args into stack. If the hooked API is called from the Cuckoo's HookHandler the program crash because it only pushes the real API args then the modified RET N instruction corrupt the HookHandler's stack. 19 | * -c2: Cuckoomon run threads inside the process, when the tool detects new threads crash!. 20 | * -c3: Crashing when detects hook handler activity in the old stack area. 21 | 22 | The overkill methods can be useful. For example using the overkill methods you have two features in one: detection/crash and "a kind of Sleep" (Cuckoomon bypass long Sleeps calls). 23 | 24 | Crash POCs is only a demostration. A real malware can be use this code to detect cuckoo without crashing it, ex only check the exception, esp etc and after make useless code. 25 | 26 | [TODO list](#todo) 27 | 28 | ### Cuckoo Detection 29 | 30 | Submit Release/anticuckoo.exe to analysis in Cuckoo Sandbox. Check the screenshots (console output). Also you can check Accesed Files in Sumary: 31 | 32 | ![ScreenShot](https://github.com/David-Reguera-Garcia-Dreg/anticuckoo/blob/images/anticuckoo.png) 33 | 34 | Accesed Files in Sumary (django web): 35 | 36 | ![ScreenShot](https://github.com/David-Reguera-Garcia-Dreg/anticuckoo/blob/images/Sumary.png) 37 | 38 | ### Cuckoo Crash 39 | 40 | Specify in submit options the crash argument, ex **-c1** (via django web): 41 | 42 | ![ScreenShot](https://github.com/David-Reguera-Garcia-Dreg/anticuckoo/blob/images/cuckooarguments.png) 43 | 44 | And check **Screenshots/connect via RDP/whatson connection** to verify the crash. Ex **-c1** via RDP: 45 | 46 | ![Screenshot](https://github.com/David-Reguera-Garcia-Dreg/anticuckoo/blob/images/cuckoocrash.png) 47 | 48 | ## TODO 49 | * Python process & agent.py detection - 70% DONE 50 | * Improve hook detection checking correct bytes in well known places (Ex Native APIs always have the same signatures etc.). 51 | * Cuckoo's TLS entry detection. 52 | 53 | New ideas & PRs are wellcome. 54 | 55 | ## Referenced by 56 | 57 | * Evasive Malware Understanding Deceptive and Self-Defending Threats by Kyle Cucci https://nostarch.com/evasive-malware 58 | * Stealthy, Hypervisor-based Malware Analysis - Tamas K Lengyel: https://www.slideshare.net/tklengyel/stealthy-hypervisorbased-malware-analysis 59 | * Brad Spengler (grsecurity) nice words: https://github.com/brad-sp/community-modified/commit/29587d691242a9ba890877f623fdf2447fe4336f 60 | * Reddit / netsec discussion about anticuckoo: https://www.reddit.com/r/netsec/comments/3atvmb/anticuckoo_a_tool_to_detect_and_crash_cuckoo/ 61 | * Multiple Instance Learning for Malware Classification - Jan Stiborek, Tomáš Pevný, Martin Rehák: https://arxiv.org/pdf/1705.02268.pdf 62 | * To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild - Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dharmdasani, Haikuo Yin, Stevens Le Blondk, Damon McCoy, Kirill Levchenko: http://damonmccoy.com/papers/rat-sp17.pdf 63 | * Hack&Beers Cadiz Análisis de Malware Cuckoo Sandbox - Mario Alberto Parra Alonso: https://www.slideshare.net/MarioAlbertoParraAlo/hackbeers-cadiz-anlisis-de-malware-cuckoo-sandbox 64 | * Defense in Depth: Detonation Technologies: http://blog.inquest.net/blog/2018/03/12/defense-in-depth-detonation-technologies/ 65 | * Dynamic Reconfiguration of Intrusion Detection Systems - Jan Stiborek: https://dspace.cvut.cz/bitstream/handle/10467/73562/Disertace_Stiborek_2017.pdf 66 | * New Dynamic Bypass Technique Working in Certain Environments Only: https://asec.ahnlab.com/en/16540/ 67 | -------------------------------------------------------------------------------- /Release/anticuckoo.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/therealdreg/anticuckoo/5bf5d012a8034122428c34c28f9a07d2bbd8930c/Release/anticuckoo.exe -------------------------------------------------------------------------------- /anticuckoo.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "anticuckoo.h" 3 | #include "poc_exe.h" 4 | 5 | // TODO: make more .cpp and .h files for all this... 6 | 7 | int AntiCuckoo(int argc, _TCHAR* argv[]) 8 | { 9 | verbose = false; 10 | bool found; 11 | 12 | OutInfo( 13 | "Anticukoo %s\n" 14 | "By David Reguera Garcia aka Dreg - Dreg@fr33project.org\n" 15 | "http://www.fr33project.org/\n" 16 | "\n" 17 | "Crash parameters:\n" 18 | " -c1: Crashing modifying RET instruction\n" 19 | " -c2: Crashing when detects unhk thread\n" 20 | " -c3: Crashing when detects hk activity in the old stack area\n" 21 | "-\n" 22 | , 23 | VERSION_STRING_EXTENDED 24 | ); 25 | 26 | if (argc == 2) 27 | { 28 | if (_tcscmp(argv[1], TEXT("-c1")) == 0) 29 | return StackRetCrash(); 30 | 31 | if (_tcscmp(argv[1], TEXT("-c2")) == 0) 32 | return UnhkThreadCrash(); 33 | 34 | if (_tcscmp(argv[1], TEXT("-c3")) == 0) 35 | return HKActivOldStackCrash(); 36 | } 37 | 38 | OutInfo("Detecting cuckoo..."); 39 | 40 | //TODO: make a table here 41 | if (Hooks(&found) == 0) 42 | { 43 | OutInfo("Hooks %s", found ? "FOUND" : "NOT FOUND"); 44 | if (found) 45 | Report("Hooks"); 46 | } 47 | 48 | if (SuspiciusDataInMyMemory(&found) == 0) 49 | { 50 | OutInfo("SuspiciusDataInMyMemory %s", found ? "FOUND" :"NOT FOUND"); 51 | if (found) 52 | Report("SuspiciusDataInMyMemory"); 53 | } 54 | 55 | return 0; 56 | } 57 | 58 | void * GetCurrentThreadBaseStack() 59 | { 60 | __asm 61 | { 62 | MOV EAX, DWORD PTR FS : [18h]; 63 | MOV EAX, DWORD PTR[EAX+8] 64 | } 65 | } 66 | 67 | inline void * GetCurrentThreadESP() 68 | { 69 | __asm 70 | { 71 | MOV EAX, ESP 72 | } 73 | } 74 | 75 | void * WINAPI OwnGetProcAddress(HMODULE module, char * proc_name) 76 | { 77 | IMAGE_EXPORT_DIRECTORY * export_dir; 78 | IMAGE_NT_HEADERS32 * nt_headers; 79 | void * address = NULL; 80 | DWORD * address_of_names; 81 | 82 | // casting hell x) 83 | 84 | nt_headers = (IMAGE_NT_HEADERS32 *)(((char *)module) + ((IMAGE_DOS_HEADER *)module)->e_lfanew); 85 | 86 | export_dir = (IMAGE_EXPORT_DIRECTORY *)(((char *)module) + nt_headers->OptionalHeader.DataDirectory[0].VirtualAddress); 87 | 88 | address_of_names = (DWORD *)(((char *)module) + export_dir->AddressOfNames); 89 | 90 | for (unsigned int i = 0; i < export_dir->NumberOfNames; i++) 91 | { 92 | if (memcmp(((char *)module) + (*address_of_names), proc_name, strlen(proc_name) + 1) == 0) 93 | { 94 | WORD ord = *(((WORD *)(((char *)module) + export_dir->AddressOfNameOrdinals)) + i); 95 | 96 | address = (void *)(((char *)module) + *(((DWORD *)(((char *)module) + export_dir->AddressOfFunctions)) + ord)); 97 | 98 | break; 99 | } 100 | address_of_names++; 101 | } 102 | 103 | return address; 104 | } 105 | 106 | int HKActivOldStackCrash(void) 107 | { 108 | NtCreateFile_t NtCreateFile_f; 109 | OBJECT_ATTRIBUTES obj_attr = { 0 }; 110 | UNICODE_STRING name_file = { 0 }; 111 | IO_STATUS_BLOCK status_block = { 0 }; 112 | RtlInitUnicodeString_t RtlInitUnicodeString_f = (RtlInitUnicodeString_t)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")), "RtlInitUnicodeString"); 113 | HANDLE file_handle = 0; 114 | DWORD * stack_base = (DWORD *)GetCurrentThreadBaseStack(); 115 | bool cuckoo = true; 116 | DWORD number_garbage_stack = 0; 117 | DWORD last_esp; 118 | 119 | OutInfo("Crashing when detects hk activity in the old stack area\n"); 120 | 121 | if (GetModuleHandle(TEXT("apphelp.dll")) != NULL) 122 | { 123 | OutInfo("apphelp.dll detected, using OwnGetProcAddress..."); 124 | NtCreateFile_f = (NtCreateFile_t)OwnGetProcAddress(GetModuleHandle(TEXT("ntdll.dll")), "NtCreateFile"); 125 | OutInfo("NtCreateFile = 0x%08X", NtCreateFile_f); 126 | } 127 | else 128 | NtCreateFile_f = (NtCreateFile_t)GetProcAddress(GetModuleHandle(TEXT("ntdll.dll")), "NtCreateFile"); 129 | 130 | if (NtCreateFile_f == NULL) 131 | { 132 | Error("GetProcAddress NtCreateFile!"); 133 | return -1; 134 | } 135 | 136 | if (RtlInitUnicodeString_f == NULL) 137 | { 138 | Error("GetProcAddress RtlInitUnicodeString!"); 139 | return -1; 140 | } 141 | 142 | OutInfo( 143 | "GetCurrentThreadBaseStack: 0x%08X\nNtCreateFile: 0x%08X - RtlInitUnicodeString_f: 0x%08X\n", 144 | (DWORD)stack_base, NtCreateFile_f, RtlInitUnicodeString_f 145 | ); 146 | 147 | RtlInitUnicodeString_f(&name_file, L"\\DosDevices\\C:\\crap.txt"); 148 | 149 | InitializeObjectAttributes(&obj_attr, &name_file, OBJ_CASE_INSENSITIVE, NULL, NULL); 150 | 151 | __asm 152 | { 153 | // very ugly ASM here, is very easy improve it, but I want know copy pasters in the wild.. :-) 154 | XOR ECX, ECX; 155 | 156 | push_create_file_args: 157 | PUSH 0; 158 | PUSH 0; 159 | PUSH FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT; 160 | PUSH FILE_OPEN_IF; 161 | PUSH 0; 162 | PUSH FILE_ATTRIBUTE_NORMAL; 163 | PUSH 0; 164 | 165 | LEA EAX, status_block; 166 | PUSH EAX; 167 | 168 | LEA EAX, obj_attr; 169 | PUSH EAX; 170 | 171 | PUSH FILE_APPEND_DATA | SYNCHRONIZE; 172 | 173 | LEA EAX, file_handle; 174 | PUSH EAX; 175 | 176 | INC ECX; 177 | 178 | CMP ECX, 1 179 | jz push_create_file_args 180 | 181 | MOV EAX, ESP 182 | fill_stack: 183 | PUSH 0FAFAFAFAh; 184 | CMP ESP, stack_base; 185 | JNE fill_stack; 186 | MOV ESP, EAX; 187 | 188 | CALL NtCreateFile_f; 189 | 190 | XOR ECX, ECX; 191 | loop_tg: 192 | CMP ECX, 2Ch; 193 | jz end_loop_tg; 194 | LEA EAX, [ESP - 2Ch + ECX]; 195 | LEA EBX, [ESP + ECX]; 196 | 197 | MOV ESI, [EAX]; 198 | MOV DWORD PTR [EAX], 0FAFAFAFAh; 199 | MOV EDI, [EBX]; 200 | ADD ECX, 4 201 | CMP ESI, EDI; 202 | JZ loop_tg; // this mean some hook handler activity after the call to the real API... 203 | JMP error_fd; 204 | 205 | end_loop_tg: 206 | LEA EAX, [ESP+2Ch]; 207 | MOV ESP, stack_base; 208 | XOR ECX, ECX 209 | 210 | loop_ngds: 211 | POP EBX; 212 | CMP EBX, 0FAFAFAFAh; 213 | JZ NOT_INC_ECX; 214 | INC ECX; 215 | NOT_INC_ECX: 216 | CMP ESP, EAX; 217 | JNZ loop_ngds; 218 | 219 | SUB ECX, 11; 220 | CMP ECX, 4h; 221 | JG error_fd; 222 | 223 | MOV cuckoo, 0; 224 | 225 | error_fd: 226 | MOV number_garbage_stack, ECX 227 | mov last_esp, esp; 228 | 229 | } 230 | 231 | if (cuckoo) 232 | { 233 | OutInfo("CUCKOOMON detected!! garbage in stack: %d, esp: 0x%08X\n Crashing....\n", number_garbage_stack, last_esp); 234 | fflush(stdout); 235 | // very ugly cast here: 236 | ((void(*)(void))NULL)(); 237 | } 238 | else 239 | OutInfo("No CUCKOOMON detected!!\n"); 240 | 241 | return 0; 242 | } 243 | 244 | DWORD WINAPI RunCreatePocExeThread(void * data) 245 | { 246 | ResumeThread(*((HANDLE*)data)); 247 | 248 | return 0; 249 | } 250 | 251 | int UnhkThreadCrash(void) 252 | { 253 | // TODO: refactor this bullshit, and add more checks. 254 | OutInfo("Crashing when detects unhk thread"); 255 | 256 | STARTUPINFO si = { 0 }; 257 | PROCESS_INFORMATION pi = { 0 }; 258 | HANDLE file; 259 | DWORD bytes_written; 260 | vector tids; 261 | 262 | system("taskkill /F /im poc.exe 2> NUL"); 263 | DeleteFile(TEXT("poc.exe")); 264 | file = CreateFile( 265 | TEXT("poc.exe"), 266 | GENERIC_WRITE, 267 | 0, 268 | NULL, 269 | CREATE_ALWAYS, 270 | FILE_ATTRIBUTE_NORMAL, 271 | NULL 272 | ); 273 | 274 | if (file == INVALID_HANDLE_VALUE) 275 | { 276 | Error("CreateFile"); 277 | return -1; 278 | } 279 | 280 | if ( 281 | WriteFile( 282 | file, 283 | exe_poc, 284 | sizeof(exe_poc), 285 | &bytes_written, 286 | NULL 287 | ) 288 | == 289 | 0 290 | ) 291 | { 292 | Error("WriteFile"); 293 | return -1; 294 | } 295 | 296 | if (bytes_written != sizeof(exe_poc)) 297 | { 298 | Error("bytes_written error"); 299 | return -1; 300 | } 301 | 302 | FlushFileBuffers(file); 303 | CloseHandle(file); 304 | 305 | if ( 306 | CreateProcess( 307 | TEXT("poc.exe"), 308 | NULL, 309 | NULL, 310 | NULL, 311 | FALSE, 312 | CREATE_NEW_CONSOLE | CREATE_SUSPENDED, 313 | NULL, 314 | NULL, 315 | &si, 316 | &pi 317 | ) 318 | == 319 | 0 320 | ) 321 | { 322 | return -1; 323 | } 324 | 325 | RunCreatePocExeThread(&(pi.hThread)); 326 | 327 | int i = 0; 328 | OutInfo("Detecting new TIDs in the remote single thread process, wait aprox 60 seconds!"); 329 | do 330 | { 331 | HANDLE snapshot_handle = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, pi.dwProcessId); 332 | if (snapshot_handle != INVALID_HANDLE_VALUE) 333 | { 334 | THREADENTRY32 thread_entry; 335 | thread_entry.dwSize = sizeof(thread_entry); 336 | if (Thread32First(snapshot_handle, &thread_entry)) 337 | { 338 | do 339 | { 340 | if (thread_entry.th32OwnerProcessID == pi.dwProcessId) 341 | { 342 | if (find(tids.begin(), tids.end(), thread_entry.th32ThreadID) == tids.end()) 343 | { 344 | tids.push_back(thread_entry.th32ThreadID); 345 | OutInfo("\nNew TID detected!: 0x%X", thread_entry.th32ThreadID); 346 | } 347 | 348 | if (tids.size() > 2) 349 | { 350 | OutInfo("New threads in a single thread process! maybe a unhk thread detector, Crashing...\n"); 351 | fflush(stdout); 352 | // very ugly cast here: 353 | ((void(*)(void))NULL)(); 354 | } 355 | } 356 | } while (Thread32Next(snapshot_handle, &thread_entry)); 357 | } 358 | 359 | CloseHandle(snapshot_handle); 360 | } 361 | printf("."); 362 | Sleep(1000); 363 | } while (i++ < 60); 364 | 365 | TerminateProcess(pi.hProcess, 0); 366 | DeleteFile(TEXT("poc.exe")); 367 | 368 | OutInfo("\nCongratz! NOT CUCKOOMON HERE!!"); 369 | 370 | return 0; 371 | } 372 | 373 | #define STACK_RET_CRASH_API_NAME "DeleteFileA" 374 | #define STACK_RET_CRASH_API_RET_VALUE 0x04 375 | 376 | #define STACK_RET_CRASH_NEW_RET_VALUE 0x40 377 | 378 | int StackRetCrash(void) 379 | { 380 | csh handle; 381 | cs_insn *insn; 382 | size_t count; 383 | char instruction_out[MAX_PATH]; 384 | void * api = (void *)GetProcAddress(GetModuleHandleW(L"kernelbase.dll"), STACK_RET_CRASH_API_NAME); 385 | 386 | if (api == NULL) 387 | { 388 | api = (void *)GetProcAddress(GetModuleHandleW(L"kernel32.dll"), STACK_RET_CRASH_API_NAME); 389 | if (api == NULL) 390 | { 391 | Error("Get API address: %s", STACK_RET_CRASH_API_NAME); 392 | return -1; 393 | } 394 | } 395 | void * addr_to_call = (void*)api; 396 | 397 | OutInfo("Crashing modifying RET instruction in: %s", STACK_RET_CRASH_API_NAME); 398 | if (cs_open(CS_ARCH_X86, CS_MODE_32, &handle) != CS_ERR_OK) 399 | return -1; 400 | 401 | cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); 402 | 403 | // TODO: refactorize this crap.. (I know, I know, a lot of this kind comments xD) 404 | do 405 | { 406 | count = cs_disasm(handle, (const uint8_t *)api, 20, (uint64_t)api, 1, &insn); 407 | if (count == 1) 408 | { 409 | GetInstructionOut(instruction_out, sizeof(instruction_out), insn); 410 | OutInfo("%s", instruction_out); 411 | 412 | api = (void *)((char *)api + insn->size); 413 | if (insn->size == 3 && insn->bytes[0] == 0xC2 && insn->bytes[1] == STACK_RET_CRASH_API_RET_VALUE && insn->bytes[2] == 0x00) 414 | { 415 | DWORD old_protect; 416 | OutInfo("ret 0x%02X detected at: 0x%08X! changing page rights...", STACK_RET_CRASH_API_RET_VALUE, (DWORD)insn->address); 417 | if (!VirtualProtect((LPVOID)insn->address, 3, PAGE_EXECUTE_READWRITE, &old_protect)) 418 | { 419 | Error("VirtualProtect"); 420 | return -1; // TODO: fix cs_ mem leaks... 421 | } 422 | OutInfo("Writing 0x%02X value in ret instruction...", STACK_RET_CRASH_NEW_RET_VALUE); 423 | ((unsigned char *)insn->address)[1] = STACK_RET_CRASH_NEW_RET_VALUE; 424 | OutInfo("Disasembling new ret instruction:"); 425 | count = cs_disasm(handle, (const uint8_t *)insn->address, insn->size, (uint64_t)insn->address, 1, &insn); 426 | if (count == 1) 427 | { 428 | GetInstructionOut(instruction_out, sizeof(instruction_out), insn); 429 | OutInfo("%s", instruction_out); 430 | if (insn->size == 3 && insn->bytes[0] == 0xC2 && insn->bytes[1] == STACK_RET_CRASH_NEW_RET_VALUE && insn->bytes[2] == 0x00) 431 | { 432 | DWORD new_protect; 433 | OutInfo("New ret instruction is OK!"); 434 | OutInfo("Restoring old page rights..."); 435 | if (!VirtualProtect((LPVOID)insn->address, 3, old_protect, &new_protect)) 436 | Error("VirtualProtect old rights"); 437 | 438 | OutInfo("Crashing, if %s - 0x%08X is hooked and called from other handler", STACK_RET_CRASH_API_NAME, addr_to_call); 439 | OutInfo("Pushing %d DWORDs and calling to API...", STACK_RET_CRASH_NEW_RET_VALUE / 4); 440 | for (int x = 0; x < STACK_RET_CRASH_NEW_RET_VALUE; x += 4) 441 | { 442 | __asm 443 | { 444 | push 0; 445 | } 446 | } 447 | 448 | __asm 449 | { 450 | call addr_to_call; 451 | } 452 | 453 | OutInfo("Congratz! NOT CUCKOOMON HERE!!"); 454 | 455 | //TODO: restore orig instruction (possible problems ex C runtime calls to modifyied API etc...) 456 | 457 | return 0; 458 | } 459 | else 460 | { 461 | Error("Bad new instruction!"); 462 | return -1; 463 | } 464 | } 465 | else 466 | { 467 | Error("Disasembling new ret instruction"); 468 | return -1; 469 | } 470 | } 471 | cs_free(insn, count); 472 | } 473 | else 474 | { 475 | Error("Failed to disassemble given code!\n"); 476 | return -1; 477 | } 478 | } while (1); 479 | 480 | cs_close(&handle); 481 | 482 | return 0; 483 | } 484 | 485 | int GetInstructionOut(char * out_str, size_t out_str_size, cs_insn *insn) 486 | { 487 | char HEX_BYTE[3]; 488 | 489 | memset(out_str, 0, out_str_size); 490 | sprintf_s(out_str, out_str_size, "0x%08X: %s %s | 0x", (DWORD)insn->address, insn->mnemonic, insn->op_str); 491 | for (int i = 0; i < insn->size; i++) 492 | { 493 | memset(HEX_BYTE, 0, sizeof(HEX_BYTE)); 494 | sprintf_s(HEX_BYTE, sizeof(HEX_BYTE), "%02X", insn->bytes[i]); 495 | strcat_s(out_str, out_str_size, HEX_BYTE); 496 | } 497 | 498 | return 0; 499 | } 500 | 501 | int Hooks(bool * found) 502 | { 503 | API_TABLE_t api_table[] = 504 | { 505 | API_TABLE_ENTRY_KERNEL32(CreateDirectoryExW), 506 | 507 | API_TABLE_ENTRY_NTDLL(NtQueryDirectoryFile), 508 | API_TABLE_ENTRY_NTDLL(NtDeleteFile), 509 | API_TABLE_ENTRY_NTDLL(NtWriteFile), 510 | API_TABLE_ENTRY_NTDLL(NtReadFile), 511 | API_TABLE_ENTRY_NTDLL(NtCreateFile), 512 | API_TABLE_ENTRY_NTDLL(NtSetInformationFile) 513 | }; 514 | 515 | *found = false; 516 | 517 | OutInfo("Searching cuckoo hooks"); 518 | 519 | for (int i = 0; i < ARRAYSIZE(api_table); i++) 520 | { 521 | if (api_table[i].need_resolv == true) 522 | { 523 | api_table[i].api_addr = NULL; 524 | api_table[i].api_addr = (unsigned char *) GetProcAddress(LoadLibraryA(api_table[i].lib_name), api_table[i].api_name); 525 | } 526 | if (api_table[i].api_addr != NULL) 527 | { 528 | OutInfo("Checking 0x%08X %s (S: 0x%016llX)", api_table[i].api_addr, api_table[i].api_name, *((DWORD64 *)api_table[i].api_addr)); 529 | CheckHook(found, api_table[i].api_addr); 530 | } 531 | } 532 | 533 | return 0; 534 | } 535 | 536 | int CheckHook(bool * found, unsigned char * address) 537 | { 538 | *found = true; 539 | //TODO: make a table here 540 | if (address[0] == 0xE9) 541 | { 542 | OutInfo("hook_api_jmp_direct Detected!"); 543 | Report("hook_api_jmp_direct"); 544 | } 545 | else if (address[0] == 0x90 && address[1] == 0xE9) 546 | { 547 | OutInfo("hook_api_nop_jmp_direct Detected!"); 548 | Report("hook_api_nop_jmp_direct"); 549 | } 550 | else if (address[0] == 0x8B && address[1] == 0xFF && address[2] == 0xE9) 551 | { 552 | OutInfo("hook_api_hotpatch_jmp_direct Detected!"); 553 | Report("hook_api_hotpatch_jmp_direct"); 554 | } 555 | else if (address[0] == 0x68 && address[5] == 0xC3) 556 | { 557 | OutInfo("hook_api_push_retn Detected!"); 558 | Report("hook_api_push_retn"); 559 | } 560 | else if (address[0] == 0x90 && address[1] == 0x68 && address[6] == 0xC3) 561 | { 562 | OutInfo("hook_api_nop_push_retn Detected!"); 563 | Report("hook_api_nop_push_retn"); 564 | } 565 | else if (address[0] == 0xFF && address[1] == 0x25) 566 | { 567 | OutInfo("hook_api_jmp_indirect Detected!"); 568 | Report("hook_api_jmp_indirect"); 569 | } 570 | else if (address[0] == 0x8B && address[1] == 0xFF && address[2] == 0xFF && address[3] == 0x25) 571 | { 572 | OutInfo("hook_api_hotpatch_jmp_indirect Detected!"); 573 | Report("hook_api_hotpatch_jmp_indirect"); 574 | } 575 | else if (address[0] == 0xB8 && address[5] == 0xFF && address[6] == 0xE0) 576 | { 577 | OutInfo("hook_api_mov_eax_jmp_eax Detected!"); 578 | Report("hook_api_mov_eax_jmp_eax"); 579 | } 580 | else if (address[0] == 0xB8 && address[5] == 0x50 && address[6] == 0xC3) 581 | { 582 | OutInfo("hook_api_mov_eax_push_retn Detected!"); 583 | Report("hook_api_mov_eax_push_retn"); 584 | } 585 | else if (address[0] == 0xA1 && address[5] == 0xFF && address[6] == 0xE0) 586 | { 587 | OutInfo("hook_api_mov_eax_indirect_jmp_eax Detected!"); 588 | Report("hook_api_mov_eax_indirect_jmp_eax"); 589 | } 590 | else if (address[0] == 0xA1 && address[5] == 0x50 && address[6] == 0xC3) 591 | { 592 | OutInfo("hook_api_mov_eax_indirect_jmp_eax Detected!"); 593 | Report("hook_api_mov_eax_indirect_jmp_eax"); 594 | } 595 | else if (address[0] == 0x90 && address[1] == 0x90 && address[3] == 0xE9) 596 | { 597 | OutInfo("hook_api_special_jmp Detected!"); 598 | Report("hook_api_special_jmp"); 599 | } 600 | else if (address[5] == 0xFF && address[6] == 0x25) 601 | { 602 | OutInfo("hook_api_native_jmp_indirect Detected!"); 603 | Report("hook_api_native_jmp_indirect"); 604 | } 605 | else 606 | { 607 | *found = false; 608 | } 609 | 610 | return 0; 611 | } 612 | 613 | int SuspiciusDataInMyMemory(bool * found) 614 | { 615 | // TODO: HASH STUFF HERE TO REMOVE _CTRL CRAP. 616 | DATA_ENTRY_t suspicius_data[] = 617 | { 618 | DATA_SUSP_ENTRY_STRING("cuckoomon"), 619 | DATA_SUSP_ENTRY_STRING("New_NtDeleteFile"), 620 | DATA_SUSP_ENTRY_STRING("retaddr-check"), 621 | DATA_SUSP_ENTRY_STRING("HookHandle"), 622 | DATA_SUSP_ENTRY_STRING("nhook detection"), 623 | DATA_SUSP_ENTRY_STRING("distorm"), 624 | DATA_SUSP_ENTRY_STRING("capstone"), 625 | DATA_SUSP_ENTRY_STRING("Cuckoo") 626 | }; 627 | char * actual_addr = (char *)0; 628 | bool found_or_endmemory = false; 629 | bool exception_ex = false; 630 | * found = false; 631 | 632 | OutInfo("Searching suspicius data in my memory, this method is slow, be patient: "); 633 | 634 | // TODO: refactorize this bullshit.. 635 | do 636 | { 637 | // TODO: a try - except for each data entry. Now if there is an exception in any data entry: i == 0 (and this is a little crap). 638 | for (int i = 0; i < ARRAYSIZE(suspicius_data); i++) 639 | { 640 | __try 641 | { 642 | if (actual_addr != suspicius_data[i].data && memcmp(suspicius_data[i].data, actual_addr, suspicius_data[i].size) == 0) 643 | { 644 | __try 645 | { 646 | if (memcmp(actual_addr + suspicius_data[i].size, SUSP_CTRL_STRING, sizeof(SUSP_CTRL_STRING)) != 0) 647 | { 648 | char buff[255]; 649 | memset(buff, 0, sizeof(buff)); 650 | __try 651 | { 652 | for (int j = 0; actual_addr[j] != 0 && j < sizeof(buff) - 1; j++) 653 | { 654 | buff[j] = actual_addr[j]; 655 | if (!isprint(buff[j])) 656 | buff[j] = ' '; 657 | } 658 | } 659 | __except (filterExceptionExecuteHandler(GetExceptionCode(), GetExceptionInformation())) 660 | { 661 | } 662 | * found = true; 663 | OutInfo("\nSuspicius string found at: 0x%08X!: %.*s\n Fragment found: %s", actual_addr, suspicius_data[i].size, suspicius_data[i].data, buff); 664 | Report("Suspicius_string_found_%.*s", suspicius_data[i].size, suspicius_data[i].data); 665 | memset(buff, 0, sizeof(buff)); 666 | actual_addr += suspicius_data[i].size; 667 | exception_ex = true; 668 | } 669 | } 670 | __except (filterExceptionExecuteHandler(GetExceptionCode(), GetExceptionInformation())) 671 | { 672 | } 673 | } 674 | } 675 | __except (filterExceptionExecuteHandler(GetExceptionCode(), GetExceptionInformation())) 676 | { 677 | exception_ex = true; 678 | 679 | if ((DWORD)actual_addr >= ((DWORD)GetModuleHandleExW & 0xFFFFF000)) // TODO: Get better the end addr directly from PEB.... 680 | found_or_endmemory = true; 681 | else 682 | { 683 | i = -1; // very dirty xD 684 | actual_addr += PAGE_SIZE; 685 | actual_addr = (char *)((DWORD)actual_addr & 0xFFFFF000); 686 | printf("\b\b\b\b\b\b\b\b\b\b0x%08X", actual_addr); 687 | } 688 | } 689 | } 690 | if (exception_ex == false) 691 | actual_addr++; 692 | exception_ex = false; 693 | } while (found_or_endmemory == false); 694 | OutInfo(""); 695 | 696 | return 0; 697 | } 698 | 699 | int filterExceptionExecuteHandler(int code, PEXCEPTION_POINTERS ex) 700 | { 701 | return EXCEPTION_EXECUTE_HANDLER; 702 | } 703 | 704 | #define EXT_REPORT ".dtct" 705 | 706 | void Report(char * format, ...) 707 | { 708 | FILE * file; 709 | char file_name[MAX_PATH]; 710 | va_list args; 711 | va_start(args, format); 712 | 713 | memset(file_name, 0, sizeof(file_name)); 714 | vsprintf_s(file_name, sizeof(file_name), format, args); 715 | strcat_s(file_name, sizeof(file_name), EXT_REPORT); 716 | fopen_s(&file, file_name, "wb+"); 717 | if (file != NULL) 718 | { 719 | fputs(file_name, file); 720 | fclose(file); 721 | } 722 | va_end(args); 723 | } 724 | -------------------------------------------------------------------------------- /anticuckoo.h: -------------------------------------------------------------------------------- 1 | #ifndef _ANTICUCKOO_H__ 2 | #define _ANTICUCKOO_H__ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include "misc.h" 10 | 11 | using namespace std; 12 | #define VERSION_STRING_EXTENDED "1.1 alpha" 13 | 14 | #define SUSP_CTRL_STRING "_CTRL" 15 | #define DATA_SUSP_ENTRY_STRING(instring) {instring SUSP_CTRL_STRING, sizeof(instring) - 1} 16 | 17 | #define API_TABLE_ENTRY_NTDLL(name) {NULL, #name, "ntdll.dll", true} 18 | #define API_TABLE_ENTRY_KERNEL32(name) {(unsigned char *)name, #name, "kernel32.dll", false} 19 | 20 | typedef struct 21 | { 22 | unsigned char * api_addr; 23 | char * api_name; 24 | char * lib_name; 25 | bool need_resolv; 26 | } API_TABLE_t; 27 | 28 | typedef struct _UNICODE_STRING 29 | { 30 | WORD Length; 31 | WORD MaximumLength; 32 | WORD * Buffer; 33 | } UNICODE_STRING, *PUNICODE_STRING; 34 | 35 | typedef struct _OBJECT_ATTRIBUTES 36 | { 37 | ULONG Length; 38 | PVOID RootDirectory; 39 | PUNICODE_STRING ObjectName; 40 | ULONG Attributes; 41 | PVOID SecurityDescriptor; 42 | PVOID SecurityQualityOfService; 43 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; 44 | 45 | typedef struct _IO_STATUS_BLOCK 46 | { 47 | union 48 | { 49 | LONG Status; 50 | PVOID Pointer; 51 | }; 52 | ULONG Information; 53 | } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 54 | 55 | #define InitializeObjectAttributes( p, n, a, r, s ) { \ 56 | (p)->Length = sizeof( OBJECT_ATTRIBUTES ); \ 57 | (p)->RootDirectory = r; \ 58 | (p)->Attributes = a; \ 59 | (p)->ObjectName = n; \ 60 | (p)->SecurityDescriptor = s; \ 61 | (p)->SecurityQualityOfService = NULL; \ 62 | } 63 | 64 | typedef NTSTATUS(WINAPI *NtCreateFile_t)( 65 | __out PHANDLE FileHandle, 66 | __in ACCESS_MASK DesiredAccess, 67 | __in POBJECT_ATTRIBUTES ObjectAttributes, 68 | __out PIO_STATUS_BLOCK IoStatusBlock, 69 | __in_opt PLARGE_INTEGER AllocationSize, 70 | __in ULONG FileAttributes, 71 | __in ULONG ShareAccess, 72 | __in ULONG CreateDisposition, 73 | __in ULONG CreateOptions, 74 | __in PVOID EaBuffer, 75 | __in ULONG EaLength 76 | ); 77 | 78 | #define OBJ_CASE_INSENSITIVE 0x00000040L 79 | #define FILE_OPEN_IF 0x00000003 80 | #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 81 | #define FILE_NON_DIRECTORY_FILE 0x00000040 82 | 83 | typedef NTSTATUS(WINAPI *RtlInitUnicodeString_t)(PUNICODE_STRING dst_str, PCWSTR src_str); 84 | 85 | int AntiCuckoo(int argc, _TCHAR* argv[]); 86 | int SuspiciusDataInMyMemory(bool * found); 87 | int filterExceptionExecuteHandler(int code, PEXCEPTION_POINTERS ex); 88 | void Report(char * format, ...); 89 | int Hooks(bool * found); 90 | int CheckHook(bool * found, unsigned char * address); 91 | int StackRetCrash(void); 92 | int UnhkThreadCrash(void); 93 | int GetInstructionOut(char * out_str, size_t out_str_size, cs_insn *insn); 94 | int HKActivOldStackCrash(void); 95 | 96 | 97 | 98 | #endif /* _ANTICUCKOO_H__ */ -------------------------------------------------------------------------------- /anticuckoo.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.31101.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "anticuckoo", "anticuckoo.vcxproj", "{2128A98E-D340-4899-B940-2E354C241CDB}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Release|Win32 = Release|Win32 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {2128A98E-D340-4899-B940-2E354C241CDB}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {2128A98E-D340-4899-B940-2E354C241CDB}.Debug|Win32.Build.0 = Debug|Win32 16 | {2128A98E-D340-4899-B940-2E354C241CDB}.Release|Win32.ActiveCfg = Release|Win32 17 | {2128A98E-D340-4899-B940-2E354C241CDB}.Release|Win32.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /anticuckoo.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {2128A98E-D340-4899-B940-2E354C241CDB} 15 | Win32Proj 16 | anticuckoo 17 | 18 | 19 | 20 | Application 21 | true 22 | v120 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v120 29 | true 30 | Unicode 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | $(VC_IncludePath);$(WindowsSDK_IncludePath);capstone\include 45 | 46 | 47 | false 48 | $(VC_IncludePath);$(WindowsSDK_IncludePath);capstone\include 49 | 50 | 51 | 52 | Use 53 | Level3 54 | Disabled 55 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 56 | true 57 | MultiThreadedDebug 58 | false 59 | 60 | 61 | Console 62 | true 63 | RequireAdministrator 64 | capstone\capstone.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) 65 | 66 | 67 | 68 | 69 | Level3 70 | Use 71 | MaxSpeed 72 | true 73 | true 74 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 75 | true 76 | MultiThreaded 77 | false 78 | 79 | 80 | Console 81 | true 82 | true 83 | true 84 | RequireAdministrator 85 | capstone\capstone.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | Create 104 | Create 105 | 106 | 107 | 108 | 109 | 110 | -------------------------------------------------------------------------------- /anticuckoo.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | 38 | 39 | Source Files 40 | 41 | 42 | Source Files 43 | 44 | 45 | Source Files 46 | 47 | 48 | Source Files 49 | 50 | 51 | -------------------------------------------------------------------------------- /capstone/capstone.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/therealdreg/anticuckoo/5bf5d012a8034122428c34c28f9a07d2bbd8930c/capstone/capstone.lib -------------------------------------------------------------------------------- /capstone/include/arm.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM_H 2 | #define CAPSTONE_ARM_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM shift type 19 | typedef enum arm_shifter { 20 | ARM_SFT_INVALID = 0, 21 | ARM_SFT_ASR, // shift with immediate const 22 | ARM_SFT_LSL, // shift with immediate const 23 | ARM_SFT_LSR, // shift with immediate const 24 | ARM_SFT_ROR, // shift with immediate const 25 | ARM_SFT_RRX, // shift with immediate const 26 | ARM_SFT_ASR_REG, // shift with register 27 | ARM_SFT_LSL_REG, // shift with register 28 | ARM_SFT_LSR_REG, // shift with register 29 | ARM_SFT_ROR_REG, // shift with register 30 | ARM_SFT_RRX_REG, // shift with register 31 | } arm_shifter; 32 | 33 | //> ARM condition code 34 | typedef enum arm_cc { 35 | ARM_CC_INVALID = 0, 36 | ARM_CC_EQ, // Equal Equal 37 | ARM_CC_NE, // Not equal Not equal, or unordered 38 | ARM_CC_HS, // Carry set >, ==, or unordered 39 | ARM_CC_LO, // Carry clear Less than 40 | ARM_CC_MI, // Minus, negative Less than 41 | ARM_CC_PL, // Plus, positive or zero >, ==, or unordered 42 | ARM_CC_VS, // Overflow Unordered 43 | ARM_CC_VC, // No overflow Not unordered 44 | ARM_CC_HI, // Unsigned higher Greater than, or unordered 45 | ARM_CC_LS, // Unsigned lower or same Less than or equal 46 | ARM_CC_GE, // Greater than or equal Greater than or equal 47 | ARM_CC_LT, // Less than Less than, or unordered 48 | ARM_CC_GT, // Greater than Greater than 49 | ARM_CC_LE, // Less than or equal <, ==, or unordered 50 | ARM_CC_AL // Always (unconditional) Always (unconditional) 51 | } arm_cc; 52 | 53 | typedef enum arm_sysreg { 54 | //> Special registers for MSR 55 | ARM_SYSREG_INVALID = 0, 56 | 57 | // SPSR* registers can be OR combined 58 | ARM_SYSREG_SPSR_C = 1, 59 | ARM_SYSREG_SPSR_X = 2, 60 | ARM_SYSREG_SPSR_S = 4, 61 | ARM_SYSREG_SPSR_F = 8, 62 | 63 | // CPSR* registers can be OR combined 64 | ARM_SYSREG_CPSR_C = 16, 65 | ARM_SYSREG_CPSR_X = 32, 66 | ARM_SYSREG_CPSR_S = 64, 67 | ARM_SYSREG_CPSR_F = 128, 68 | 69 | // independent registers 70 | ARM_SYSREG_APSR = 256, 71 | ARM_SYSREG_APSR_G, 72 | ARM_SYSREG_APSR_NZCVQ, 73 | ARM_SYSREG_APSR_NZCVQG, 74 | 75 | ARM_SYSREG_IAPSR, 76 | ARM_SYSREG_IAPSR_G, 77 | ARM_SYSREG_IAPSR_NZCVQG, 78 | 79 | ARM_SYSREG_EAPSR, 80 | ARM_SYSREG_EAPSR_G, 81 | ARM_SYSREG_EAPSR_NZCVQG, 82 | 83 | ARM_SYSREG_XPSR, 84 | ARM_SYSREG_XPSR_G, 85 | ARM_SYSREG_XPSR_NZCVQG, 86 | 87 | ARM_SYSREG_IPSR, 88 | ARM_SYSREG_EPSR, 89 | ARM_SYSREG_IEPSR, 90 | 91 | ARM_SYSREG_MSP, 92 | ARM_SYSREG_PSP, 93 | ARM_SYSREG_PRIMASK, 94 | ARM_SYSREG_BASEPRI, 95 | ARM_SYSREG_BASEPRI_MAX, 96 | ARM_SYSREG_FAULTMASK, 97 | ARM_SYSREG_CONTROL, 98 | } arm_sysreg; 99 | 100 | //> The memory barrier constants map directly to the 4-bit encoding of 101 | //> the option field for Memory Barrier operations. 102 | typedef enum arm_mem_barrier { 103 | ARM_MB_INVALID = 0, 104 | ARM_MB_RESERVED_0, 105 | ARM_MB_OSHLD, 106 | ARM_MB_OSHST, 107 | ARM_MB_OSH, 108 | ARM_MB_RESERVED_4, 109 | ARM_MB_NSHLD, 110 | ARM_MB_NSHST, 111 | ARM_MB_NSH, 112 | ARM_MB_RESERVED_8, 113 | ARM_MB_ISHLD, 114 | ARM_MB_ISHST, 115 | ARM_MB_ISH, 116 | ARM_MB_RESERVED_12, 117 | ARM_MB_LD, 118 | ARM_MB_ST, 119 | ARM_MB_SY, 120 | } arm_mem_barrier; 121 | 122 | //> Operand type for instruction's operands 123 | typedef enum arm_op_type { 124 | ARM_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 125 | ARM_OP_REG, // = CS_OP_REG (Register operand). 126 | ARM_OP_IMM, // = CS_OP_IMM (Immediate operand). 127 | ARM_OP_MEM, // = CS_OP_MEM (Memory operand). 128 | ARM_OP_FP, // = CS_OP_FP (Floating-Point operand). 129 | ARM_OP_CIMM = 64, // C-Immediate (coprocessor registers) 130 | ARM_OP_PIMM, // P-Immediate (coprocessor registers) 131 | ARM_OP_SETEND, // operand for SETEND instruction 132 | ARM_OP_SYSREG, // MSR/MSR special register operand 133 | } arm_op_type; 134 | 135 | //> Operand type for SETEND instruction 136 | typedef enum arm_setend_type { 137 | ARM_SETEND_INVALID = 0, // Uninitialized. 138 | ARM_SETEND_BE, // BE operand. 139 | ARM_SETEND_LE, // LE operand 140 | } arm_setend_type; 141 | 142 | typedef enum arm_cpsmode_type { 143 | ARM_CPSMODE_INVALID = 0, 144 | ARM_CPSMODE_IE = 2, 145 | ARM_CPSMODE_ID = 3 146 | } arm_cpsmode_type; 147 | 148 | //> Operand type for SETEND instruction 149 | typedef enum arm_cpsflag_type { 150 | ARM_CPSFLAG_INVALID = 0, 151 | ARM_CPSFLAG_F = 1, 152 | ARM_CPSFLAG_I = 2, 153 | ARM_CPSFLAG_A = 4, 154 | ARM_CPSFLAG_NONE = 16, // no flag 155 | } arm_cpsflag_type; 156 | 157 | //> Data type for elements of vector instructions. 158 | typedef enum arm_vectordata_type { 159 | ARM_VECTORDATA_INVALID = 0, 160 | 161 | // Integer type 162 | ARM_VECTORDATA_I8, 163 | ARM_VECTORDATA_I16, 164 | ARM_VECTORDATA_I32, 165 | ARM_VECTORDATA_I64, 166 | 167 | // Signed integer type 168 | ARM_VECTORDATA_S8, 169 | ARM_VECTORDATA_S16, 170 | ARM_VECTORDATA_S32, 171 | ARM_VECTORDATA_S64, 172 | 173 | // Unsigned integer type 174 | ARM_VECTORDATA_U8, 175 | ARM_VECTORDATA_U16, 176 | ARM_VECTORDATA_U32, 177 | ARM_VECTORDATA_U64, 178 | 179 | // Data type for VMUL/VMULL 180 | ARM_VECTORDATA_P8, 181 | 182 | // Floating type 183 | ARM_VECTORDATA_F32, 184 | ARM_VECTORDATA_F64, 185 | 186 | // Convert float <-> float 187 | ARM_VECTORDATA_F16F64, // f16.f64 188 | ARM_VECTORDATA_F64F16, // f64.f16 189 | ARM_VECTORDATA_F32F16, // f32.f16 190 | ARM_VECTORDATA_F16F32, // f32.f16 191 | ARM_VECTORDATA_F64F32, // f64.f32 192 | ARM_VECTORDATA_F32F64, // f32.f64 193 | 194 | // Convert integer <-> float 195 | ARM_VECTORDATA_S32F32, // s32.f32 196 | ARM_VECTORDATA_U32F32, // u32.f32 197 | ARM_VECTORDATA_F32S32, // f32.s32 198 | ARM_VECTORDATA_F32U32, // f32.u32 199 | ARM_VECTORDATA_F64S16, // f64.s16 200 | ARM_VECTORDATA_F32S16, // f32.s16 201 | ARM_VECTORDATA_F64S32, // f64.s32 202 | ARM_VECTORDATA_S16F64, // s16.f64 203 | ARM_VECTORDATA_S16F32, // s16.f64 204 | ARM_VECTORDATA_S32F64, // s32.f64 205 | ARM_VECTORDATA_U16F64, // u16.f64 206 | ARM_VECTORDATA_U16F32, // u16.f32 207 | ARM_VECTORDATA_U32F64, // u32.f64 208 | ARM_VECTORDATA_F64U16, // f64.u16 209 | ARM_VECTORDATA_F32U16, // f32.u16 210 | ARM_VECTORDATA_F64U32, // f64.u32 211 | } arm_vectordata_type; 212 | 213 | // Instruction's operand referring to memory 214 | // This is associated with ARM_OP_MEM operand type above 215 | typedef struct arm_op_mem { 216 | unsigned int base; // base register 217 | unsigned int index; // index register 218 | int scale; // scale for index register (can be 1, or -1) 219 | int disp; // displacement/offset value 220 | } arm_op_mem; 221 | 222 | // Instruction operand 223 | typedef struct cs_arm_op { 224 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 225 | struct { 226 | arm_shifter type; 227 | unsigned int value; 228 | } shift; 229 | arm_op_type type; // operand type 230 | union { 231 | unsigned int reg; // register value for REG/SYSREG operand 232 | int32_t imm; // immediate value for C-IMM, P-IMM or IMM operand 233 | double fp; // floating point value for FP operand 234 | arm_op_mem mem; // base/index/scale/disp value for MEM operand 235 | arm_setend_type setend; // SETEND instruction's operand type 236 | }; 237 | // in some instructions, an operand can be subtracted or added to 238 | // the base register, 239 | bool subtracted; // if TRUE, this operand is subtracted. otherwise, it is added. 240 | } cs_arm_op; 241 | 242 | // Instruction structure 243 | typedef struct cs_arm { 244 | bool usermode; // User-mode registers to be loaded (for LDM/STM instructions) 245 | int vector_size; // Scalar size for vector instructions 246 | arm_vectordata_type vector_data; // Data type for elements of vector instructions 247 | arm_cpsmode_type cps_mode; // CPS mode for CPS instruction 248 | arm_cpsflag_type cps_flag; // CPS mode for CPS instruction 249 | arm_cc cc; // conditional code for this insn 250 | bool update_flags; // does this insn update flags? 251 | bool writeback; // does this insn write-back? 252 | arm_mem_barrier mem_barrier; // Option for some memory barrier instructions 253 | 254 | // Number of operands of this instruction, 255 | // or 0 when instruction has no operand. 256 | uint8_t op_count; 257 | 258 | cs_arm_op operands[36]; // operands for this instruction. 259 | } cs_arm; 260 | 261 | //> ARM registers 262 | typedef enum arm_reg { 263 | ARM_REG_INVALID = 0, 264 | ARM_REG_APSR, 265 | ARM_REG_APSR_NZCV, 266 | ARM_REG_CPSR, 267 | ARM_REG_FPEXC, 268 | ARM_REG_FPINST, 269 | ARM_REG_FPSCR, 270 | ARM_REG_FPSCR_NZCV, 271 | ARM_REG_FPSID, 272 | ARM_REG_ITSTATE, 273 | ARM_REG_LR, 274 | ARM_REG_PC, 275 | ARM_REG_SP, 276 | ARM_REG_SPSR, 277 | ARM_REG_D0, 278 | ARM_REG_D1, 279 | ARM_REG_D2, 280 | ARM_REG_D3, 281 | ARM_REG_D4, 282 | ARM_REG_D5, 283 | ARM_REG_D6, 284 | ARM_REG_D7, 285 | ARM_REG_D8, 286 | ARM_REG_D9, 287 | ARM_REG_D10, 288 | ARM_REG_D11, 289 | ARM_REG_D12, 290 | ARM_REG_D13, 291 | ARM_REG_D14, 292 | ARM_REG_D15, 293 | ARM_REG_D16, 294 | ARM_REG_D17, 295 | ARM_REG_D18, 296 | ARM_REG_D19, 297 | ARM_REG_D20, 298 | ARM_REG_D21, 299 | ARM_REG_D22, 300 | ARM_REG_D23, 301 | ARM_REG_D24, 302 | ARM_REG_D25, 303 | ARM_REG_D26, 304 | ARM_REG_D27, 305 | ARM_REG_D28, 306 | ARM_REG_D29, 307 | ARM_REG_D30, 308 | ARM_REG_D31, 309 | ARM_REG_FPINST2, 310 | ARM_REG_MVFR0, 311 | ARM_REG_MVFR1, 312 | ARM_REG_MVFR2, 313 | ARM_REG_Q0, 314 | ARM_REG_Q1, 315 | ARM_REG_Q2, 316 | ARM_REG_Q3, 317 | ARM_REG_Q4, 318 | ARM_REG_Q5, 319 | ARM_REG_Q6, 320 | ARM_REG_Q7, 321 | ARM_REG_Q8, 322 | ARM_REG_Q9, 323 | ARM_REG_Q10, 324 | ARM_REG_Q11, 325 | ARM_REG_Q12, 326 | ARM_REG_Q13, 327 | ARM_REG_Q14, 328 | ARM_REG_Q15, 329 | ARM_REG_R0, 330 | ARM_REG_R1, 331 | ARM_REG_R2, 332 | ARM_REG_R3, 333 | ARM_REG_R4, 334 | ARM_REG_R5, 335 | ARM_REG_R6, 336 | ARM_REG_R7, 337 | ARM_REG_R8, 338 | ARM_REG_R9, 339 | ARM_REG_R10, 340 | ARM_REG_R11, 341 | ARM_REG_R12, 342 | ARM_REG_S0, 343 | ARM_REG_S1, 344 | ARM_REG_S2, 345 | ARM_REG_S3, 346 | ARM_REG_S4, 347 | ARM_REG_S5, 348 | ARM_REG_S6, 349 | ARM_REG_S7, 350 | ARM_REG_S8, 351 | ARM_REG_S9, 352 | ARM_REG_S10, 353 | ARM_REG_S11, 354 | ARM_REG_S12, 355 | ARM_REG_S13, 356 | ARM_REG_S14, 357 | ARM_REG_S15, 358 | ARM_REG_S16, 359 | ARM_REG_S17, 360 | ARM_REG_S18, 361 | ARM_REG_S19, 362 | ARM_REG_S20, 363 | ARM_REG_S21, 364 | ARM_REG_S22, 365 | ARM_REG_S23, 366 | ARM_REG_S24, 367 | ARM_REG_S25, 368 | ARM_REG_S26, 369 | ARM_REG_S27, 370 | ARM_REG_S28, 371 | ARM_REG_S29, 372 | ARM_REG_S30, 373 | ARM_REG_S31, 374 | 375 | ARM_REG_ENDING, // <-- mark the end of the list or registers 376 | 377 | //> alias registers 378 | ARM_REG_R13 = ARM_REG_SP, 379 | ARM_REG_R14 = ARM_REG_LR, 380 | ARM_REG_R15 = ARM_REG_PC, 381 | 382 | ARM_REG_SB = ARM_REG_R9, 383 | ARM_REG_SL = ARM_REG_R10, 384 | ARM_REG_FP = ARM_REG_R11, 385 | ARM_REG_IP = ARM_REG_R12, 386 | } arm_reg; 387 | 388 | //> ARM instruction 389 | typedef enum arm_insn { 390 | ARM_INS_INVALID = 0, 391 | 392 | ARM_INS_ADC, 393 | ARM_INS_ADD, 394 | ARM_INS_ADR, 395 | ARM_INS_AESD, 396 | ARM_INS_AESE, 397 | ARM_INS_AESIMC, 398 | ARM_INS_AESMC, 399 | ARM_INS_AND, 400 | ARM_INS_BFC, 401 | ARM_INS_BFI, 402 | ARM_INS_BIC, 403 | ARM_INS_BKPT, 404 | ARM_INS_BL, 405 | ARM_INS_BLX, 406 | ARM_INS_BX, 407 | ARM_INS_BXJ, 408 | ARM_INS_B, 409 | ARM_INS_CDP, 410 | ARM_INS_CDP2, 411 | ARM_INS_CLREX, 412 | ARM_INS_CLZ, 413 | ARM_INS_CMN, 414 | ARM_INS_CMP, 415 | ARM_INS_CPS, 416 | ARM_INS_CRC32B, 417 | ARM_INS_CRC32CB, 418 | ARM_INS_CRC32CH, 419 | ARM_INS_CRC32CW, 420 | ARM_INS_CRC32H, 421 | ARM_INS_CRC32W, 422 | ARM_INS_DBG, 423 | ARM_INS_DMB, 424 | ARM_INS_DSB, 425 | ARM_INS_EOR, 426 | ARM_INS_VMOV, 427 | ARM_INS_FLDMDBX, 428 | ARM_INS_FLDMIAX, 429 | ARM_INS_VMRS, 430 | ARM_INS_FSTMDBX, 431 | ARM_INS_FSTMIAX, 432 | ARM_INS_HINT, 433 | ARM_INS_HLT, 434 | ARM_INS_ISB, 435 | ARM_INS_LDA, 436 | ARM_INS_LDAB, 437 | ARM_INS_LDAEX, 438 | ARM_INS_LDAEXB, 439 | ARM_INS_LDAEXD, 440 | ARM_INS_LDAEXH, 441 | ARM_INS_LDAH, 442 | ARM_INS_LDC2L, 443 | ARM_INS_LDC2, 444 | ARM_INS_LDCL, 445 | ARM_INS_LDC, 446 | ARM_INS_LDMDA, 447 | ARM_INS_LDMDB, 448 | ARM_INS_LDM, 449 | ARM_INS_LDMIB, 450 | ARM_INS_LDRBT, 451 | ARM_INS_LDRB, 452 | ARM_INS_LDRD, 453 | ARM_INS_LDREX, 454 | ARM_INS_LDREXB, 455 | ARM_INS_LDREXD, 456 | ARM_INS_LDREXH, 457 | ARM_INS_LDRH, 458 | ARM_INS_LDRHT, 459 | ARM_INS_LDRSB, 460 | ARM_INS_LDRSBT, 461 | ARM_INS_LDRSH, 462 | ARM_INS_LDRSHT, 463 | ARM_INS_LDRT, 464 | ARM_INS_LDR, 465 | ARM_INS_MCR, 466 | ARM_INS_MCR2, 467 | ARM_INS_MCRR, 468 | ARM_INS_MCRR2, 469 | ARM_INS_MLA, 470 | ARM_INS_MLS, 471 | ARM_INS_MOV, 472 | ARM_INS_MOVT, 473 | ARM_INS_MOVW, 474 | ARM_INS_MRC, 475 | ARM_INS_MRC2, 476 | ARM_INS_MRRC, 477 | ARM_INS_MRRC2, 478 | ARM_INS_MRS, 479 | ARM_INS_MSR, 480 | ARM_INS_MUL, 481 | ARM_INS_MVN, 482 | ARM_INS_ORR, 483 | ARM_INS_PKHBT, 484 | ARM_INS_PKHTB, 485 | ARM_INS_PLDW, 486 | ARM_INS_PLD, 487 | ARM_INS_PLI, 488 | ARM_INS_QADD, 489 | ARM_INS_QADD16, 490 | ARM_INS_QADD8, 491 | ARM_INS_QASX, 492 | ARM_INS_QDADD, 493 | ARM_INS_QDSUB, 494 | ARM_INS_QSAX, 495 | ARM_INS_QSUB, 496 | ARM_INS_QSUB16, 497 | ARM_INS_QSUB8, 498 | ARM_INS_RBIT, 499 | ARM_INS_REV, 500 | ARM_INS_REV16, 501 | ARM_INS_REVSH, 502 | ARM_INS_RFEDA, 503 | ARM_INS_RFEDB, 504 | ARM_INS_RFEIA, 505 | ARM_INS_RFEIB, 506 | ARM_INS_RSB, 507 | ARM_INS_RSC, 508 | ARM_INS_SADD16, 509 | ARM_INS_SADD8, 510 | ARM_INS_SASX, 511 | ARM_INS_SBC, 512 | ARM_INS_SBFX, 513 | ARM_INS_SDIV, 514 | ARM_INS_SEL, 515 | ARM_INS_SETEND, 516 | ARM_INS_SHA1C, 517 | ARM_INS_SHA1H, 518 | ARM_INS_SHA1M, 519 | ARM_INS_SHA1P, 520 | ARM_INS_SHA1SU0, 521 | ARM_INS_SHA1SU1, 522 | ARM_INS_SHA256H, 523 | ARM_INS_SHA256H2, 524 | ARM_INS_SHA256SU0, 525 | ARM_INS_SHA256SU1, 526 | ARM_INS_SHADD16, 527 | ARM_INS_SHADD8, 528 | ARM_INS_SHASX, 529 | ARM_INS_SHSAX, 530 | ARM_INS_SHSUB16, 531 | ARM_INS_SHSUB8, 532 | ARM_INS_SMC, 533 | ARM_INS_SMLABB, 534 | ARM_INS_SMLABT, 535 | ARM_INS_SMLAD, 536 | ARM_INS_SMLADX, 537 | ARM_INS_SMLAL, 538 | ARM_INS_SMLALBB, 539 | ARM_INS_SMLALBT, 540 | ARM_INS_SMLALD, 541 | ARM_INS_SMLALDX, 542 | ARM_INS_SMLALTB, 543 | ARM_INS_SMLALTT, 544 | ARM_INS_SMLATB, 545 | ARM_INS_SMLATT, 546 | ARM_INS_SMLAWB, 547 | ARM_INS_SMLAWT, 548 | ARM_INS_SMLSD, 549 | ARM_INS_SMLSDX, 550 | ARM_INS_SMLSLD, 551 | ARM_INS_SMLSLDX, 552 | ARM_INS_SMMLA, 553 | ARM_INS_SMMLAR, 554 | ARM_INS_SMMLS, 555 | ARM_INS_SMMLSR, 556 | ARM_INS_SMMUL, 557 | ARM_INS_SMMULR, 558 | ARM_INS_SMUAD, 559 | ARM_INS_SMUADX, 560 | ARM_INS_SMULBB, 561 | ARM_INS_SMULBT, 562 | ARM_INS_SMULL, 563 | ARM_INS_SMULTB, 564 | ARM_INS_SMULTT, 565 | ARM_INS_SMULWB, 566 | ARM_INS_SMULWT, 567 | ARM_INS_SMUSD, 568 | ARM_INS_SMUSDX, 569 | ARM_INS_SRSDA, 570 | ARM_INS_SRSDB, 571 | ARM_INS_SRSIA, 572 | ARM_INS_SRSIB, 573 | ARM_INS_SSAT, 574 | ARM_INS_SSAT16, 575 | ARM_INS_SSAX, 576 | ARM_INS_SSUB16, 577 | ARM_INS_SSUB8, 578 | ARM_INS_STC2L, 579 | ARM_INS_STC2, 580 | ARM_INS_STCL, 581 | ARM_INS_STC, 582 | ARM_INS_STL, 583 | ARM_INS_STLB, 584 | ARM_INS_STLEX, 585 | ARM_INS_STLEXB, 586 | ARM_INS_STLEXD, 587 | ARM_INS_STLEXH, 588 | ARM_INS_STLH, 589 | ARM_INS_STMDA, 590 | ARM_INS_STMDB, 591 | ARM_INS_STM, 592 | ARM_INS_STMIB, 593 | ARM_INS_STRBT, 594 | ARM_INS_STRB, 595 | ARM_INS_STRD, 596 | ARM_INS_STREX, 597 | ARM_INS_STREXB, 598 | ARM_INS_STREXD, 599 | ARM_INS_STREXH, 600 | ARM_INS_STRH, 601 | ARM_INS_STRHT, 602 | ARM_INS_STRT, 603 | ARM_INS_STR, 604 | ARM_INS_SUB, 605 | ARM_INS_SVC, 606 | ARM_INS_SWP, 607 | ARM_INS_SWPB, 608 | ARM_INS_SXTAB, 609 | ARM_INS_SXTAB16, 610 | ARM_INS_SXTAH, 611 | ARM_INS_SXTB, 612 | ARM_INS_SXTB16, 613 | ARM_INS_SXTH, 614 | ARM_INS_TEQ, 615 | ARM_INS_TRAP, 616 | ARM_INS_TST, 617 | ARM_INS_UADD16, 618 | ARM_INS_UADD8, 619 | ARM_INS_UASX, 620 | ARM_INS_UBFX, 621 | ARM_INS_UDF, 622 | ARM_INS_UDIV, 623 | ARM_INS_UHADD16, 624 | ARM_INS_UHADD8, 625 | ARM_INS_UHASX, 626 | ARM_INS_UHSAX, 627 | ARM_INS_UHSUB16, 628 | ARM_INS_UHSUB8, 629 | ARM_INS_UMAAL, 630 | ARM_INS_UMLAL, 631 | ARM_INS_UMULL, 632 | ARM_INS_UQADD16, 633 | ARM_INS_UQADD8, 634 | ARM_INS_UQASX, 635 | ARM_INS_UQSAX, 636 | ARM_INS_UQSUB16, 637 | ARM_INS_UQSUB8, 638 | ARM_INS_USAD8, 639 | ARM_INS_USADA8, 640 | ARM_INS_USAT, 641 | ARM_INS_USAT16, 642 | ARM_INS_USAX, 643 | ARM_INS_USUB16, 644 | ARM_INS_USUB8, 645 | ARM_INS_UXTAB, 646 | ARM_INS_UXTAB16, 647 | ARM_INS_UXTAH, 648 | ARM_INS_UXTB, 649 | ARM_INS_UXTB16, 650 | ARM_INS_UXTH, 651 | ARM_INS_VABAL, 652 | ARM_INS_VABA, 653 | ARM_INS_VABDL, 654 | ARM_INS_VABD, 655 | ARM_INS_VABS, 656 | ARM_INS_VACGE, 657 | ARM_INS_VACGT, 658 | ARM_INS_VADD, 659 | ARM_INS_VADDHN, 660 | ARM_INS_VADDL, 661 | ARM_INS_VADDW, 662 | ARM_INS_VAND, 663 | ARM_INS_VBIC, 664 | ARM_INS_VBIF, 665 | ARM_INS_VBIT, 666 | ARM_INS_VBSL, 667 | ARM_INS_VCEQ, 668 | ARM_INS_VCGE, 669 | ARM_INS_VCGT, 670 | ARM_INS_VCLE, 671 | ARM_INS_VCLS, 672 | ARM_INS_VCLT, 673 | ARM_INS_VCLZ, 674 | ARM_INS_VCMP, 675 | ARM_INS_VCMPE, 676 | ARM_INS_VCNT, 677 | ARM_INS_VCVTA, 678 | ARM_INS_VCVTB, 679 | ARM_INS_VCVT, 680 | ARM_INS_VCVTM, 681 | ARM_INS_VCVTN, 682 | ARM_INS_VCVTP, 683 | ARM_INS_VCVTT, 684 | ARM_INS_VDIV, 685 | ARM_INS_VDUP, 686 | ARM_INS_VEOR, 687 | ARM_INS_VEXT, 688 | ARM_INS_VFMA, 689 | ARM_INS_VFMS, 690 | ARM_INS_VFNMA, 691 | ARM_INS_VFNMS, 692 | ARM_INS_VHADD, 693 | ARM_INS_VHSUB, 694 | ARM_INS_VLD1, 695 | ARM_INS_VLD2, 696 | ARM_INS_VLD3, 697 | ARM_INS_VLD4, 698 | ARM_INS_VLDMDB, 699 | ARM_INS_VLDMIA, 700 | ARM_INS_VLDR, 701 | ARM_INS_VMAXNM, 702 | ARM_INS_VMAX, 703 | ARM_INS_VMINNM, 704 | ARM_INS_VMIN, 705 | ARM_INS_VMLA, 706 | ARM_INS_VMLAL, 707 | ARM_INS_VMLS, 708 | ARM_INS_VMLSL, 709 | ARM_INS_VMOVL, 710 | ARM_INS_VMOVN, 711 | ARM_INS_VMSR, 712 | ARM_INS_VMUL, 713 | ARM_INS_VMULL, 714 | ARM_INS_VMVN, 715 | ARM_INS_VNEG, 716 | ARM_INS_VNMLA, 717 | ARM_INS_VNMLS, 718 | ARM_INS_VNMUL, 719 | ARM_INS_VORN, 720 | ARM_INS_VORR, 721 | ARM_INS_VPADAL, 722 | ARM_INS_VPADDL, 723 | ARM_INS_VPADD, 724 | ARM_INS_VPMAX, 725 | ARM_INS_VPMIN, 726 | ARM_INS_VQABS, 727 | ARM_INS_VQADD, 728 | ARM_INS_VQDMLAL, 729 | ARM_INS_VQDMLSL, 730 | ARM_INS_VQDMULH, 731 | ARM_INS_VQDMULL, 732 | ARM_INS_VQMOVUN, 733 | ARM_INS_VQMOVN, 734 | ARM_INS_VQNEG, 735 | ARM_INS_VQRDMULH, 736 | ARM_INS_VQRSHL, 737 | ARM_INS_VQRSHRN, 738 | ARM_INS_VQRSHRUN, 739 | ARM_INS_VQSHL, 740 | ARM_INS_VQSHLU, 741 | ARM_INS_VQSHRN, 742 | ARM_INS_VQSHRUN, 743 | ARM_INS_VQSUB, 744 | ARM_INS_VRADDHN, 745 | ARM_INS_VRECPE, 746 | ARM_INS_VRECPS, 747 | ARM_INS_VREV16, 748 | ARM_INS_VREV32, 749 | ARM_INS_VREV64, 750 | ARM_INS_VRHADD, 751 | ARM_INS_VRINTA, 752 | ARM_INS_VRINTM, 753 | ARM_INS_VRINTN, 754 | ARM_INS_VRINTP, 755 | ARM_INS_VRINTR, 756 | ARM_INS_VRINTX, 757 | ARM_INS_VRINTZ, 758 | ARM_INS_VRSHL, 759 | ARM_INS_VRSHRN, 760 | ARM_INS_VRSHR, 761 | ARM_INS_VRSQRTE, 762 | ARM_INS_VRSQRTS, 763 | ARM_INS_VRSRA, 764 | ARM_INS_VRSUBHN, 765 | ARM_INS_VSELEQ, 766 | ARM_INS_VSELGE, 767 | ARM_INS_VSELGT, 768 | ARM_INS_VSELVS, 769 | ARM_INS_VSHLL, 770 | ARM_INS_VSHL, 771 | ARM_INS_VSHRN, 772 | ARM_INS_VSHR, 773 | ARM_INS_VSLI, 774 | ARM_INS_VSQRT, 775 | ARM_INS_VSRA, 776 | ARM_INS_VSRI, 777 | ARM_INS_VST1, 778 | ARM_INS_VST2, 779 | ARM_INS_VST3, 780 | ARM_INS_VST4, 781 | ARM_INS_VSTMDB, 782 | ARM_INS_VSTMIA, 783 | ARM_INS_VSTR, 784 | ARM_INS_VSUB, 785 | ARM_INS_VSUBHN, 786 | ARM_INS_VSUBL, 787 | ARM_INS_VSUBW, 788 | ARM_INS_VSWP, 789 | ARM_INS_VTBL, 790 | ARM_INS_VTBX, 791 | ARM_INS_VCVTR, 792 | ARM_INS_VTRN, 793 | ARM_INS_VTST, 794 | ARM_INS_VUZP, 795 | ARM_INS_VZIP, 796 | ARM_INS_ADDW, 797 | ARM_INS_ASR, 798 | ARM_INS_DCPS1, 799 | ARM_INS_DCPS2, 800 | ARM_INS_DCPS3, 801 | ARM_INS_IT, 802 | ARM_INS_LSL, 803 | ARM_INS_LSR, 804 | ARM_INS_ASRS, 805 | ARM_INS_LSRS, 806 | ARM_INS_ORN, 807 | ARM_INS_ROR, 808 | ARM_INS_RRX, 809 | ARM_INS_SUBS, 810 | ARM_INS_SUBW, 811 | ARM_INS_TBB, 812 | ARM_INS_TBH, 813 | ARM_INS_CBNZ, 814 | ARM_INS_CBZ, 815 | ARM_INS_MOVS, 816 | ARM_INS_POP, 817 | ARM_INS_PUSH, 818 | 819 | // special instructions 820 | ARM_INS_NOP, 821 | ARM_INS_YIELD, 822 | ARM_INS_WFE, 823 | ARM_INS_WFI, 824 | ARM_INS_SEV, 825 | ARM_INS_SEVL, 826 | ARM_INS_VPUSH, 827 | ARM_INS_VPOP, 828 | 829 | ARM_INS_ENDING, // <-- mark the end of the list of instructions 830 | } arm_insn; 831 | 832 | //> Group of ARM instructions 833 | typedef enum arm_insn_group { 834 | ARM_GRP_INVALID = 0, // = CS_GRP_INVALID 835 | 836 | //> Generic groups 837 | // all jump instructions (conditional+direct+indirect jumps) 838 | ARM_GRP_JUMP, // = CS_GRP_JUMP 839 | 840 | //> Architecture-specific groups 841 | ARM_GRP_CRYPTO = 128, 842 | ARM_GRP_DATABARRIER, 843 | ARM_GRP_DIVIDE, 844 | ARM_GRP_FPARMV8, 845 | ARM_GRP_MULTPRO, 846 | ARM_GRP_NEON, 847 | ARM_GRP_T2EXTRACTPACK, 848 | ARM_GRP_THUMB2DSP, 849 | ARM_GRP_TRUSTZONE, 850 | ARM_GRP_V4T, 851 | ARM_GRP_V5T, 852 | ARM_GRP_V5TE, 853 | ARM_GRP_V6, 854 | ARM_GRP_V6T2, 855 | ARM_GRP_V7, 856 | ARM_GRP_V8, 857 | ARM_GRP_VFP2, 858 | ARM_GRP_VFP3, 859 | ARM_GRP_VFP4, 860 | ARM_GRP_ARM, 861 | ARM_GRP_MCLASS, 862 | ARM_GRP_NOTMCLASS, 863 | ARM_GRP_THUMB, 864 | ARM_GRP_THUMB1ONLY, 865 | ARM_GRP_THUMB2, 866 | ARM_GRP_PREV8, 867 | ARM_GRP_FPVMLX, 868 | ARM_GRP_MULOPS, 869 | ARM_GRP_CRC, 870 | ARM_GRP_DPVFP, 871 | ARM_GRP_V6M, 872 | 873 | ARM_GRP_ENDING, 874 | } arm_insn_group; 875 | 876 | #ifdef __cplusplus 877 | } 878 | #endif 879 | 880 | #endif 881 | -------------------------------------------------------------------------------- /capstone/include/arm64.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ARM64_H 2 | #define CAPSTONE_ARM64_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> ARM64 shift type 19 | typedef enum arm64_shifter { 20 | ARM64_SFT_INVALID = 0, 21 | ARM64_SFT_LSL = 1, 22 | ARM64_SFT_MSL = 2, 23 | ARM64_SFT_LSR = 3, 24 | ARM64_SFT_ASR = 4, 25 | ARM64_SFT_ROR = 5, 26 | } arm64_shifter; 27 | 28 | //> ARM64 extender type 29 | typedef enum arm64_extender { 30 | ARM64_EXT_INVALID = 0, 31 | ARM64_EXT_UXTB = 1, 32 | ARM64_EXT_UXTH = 2, 33 | ARM64_EXT_UXTW = 3, 34 | ARM64_EXT_UXTX = 4, 35 | ARM64_EXT_SXTB = 5, 36 | ARM64_EXT_SXTH = 6, 37 | ARM64_EXT_SXTW = 7, 38 | ARM64_EXT_SXTX = 8, 39 | } arm64_extender; 40 | 41 | //> ARM64 condition code 42 | typedef enum arm64_cc { 43 | ARM64_CC_INVALID = 0, 44 | ARM64_CC_EQ = 1, // Equal 45 | ARM64_CC_NE = 2, // Not equal: Not equal, or unordered 46 | ARM64_CC_HS = 3, // Unsigned higher or same: >, ==, or unordered 47 | ARM64_CC_LO = 4, // Unsigned lower or same: Less than 48 | ARM64_CC_MI = 5, // Minus, negative: Less than 49 | ARM64_CC_PL = 6, // Plus, positive or zero: >, ==, or unordered 50 | ARM64_CC_VS = 7, // Overflow: Unordered 51 | ARM64_CC_VC = 8, // No overflow: Ordered 52 | ARM64_CC_HI = 9, // Unsigned higher: Greater than, or unordered 53 | ARM64_CC_LS = 10, // Unsigned lower or same: Less than or equal 54 | ARM64_CC_GE = 11, // Greater than or equal: Greater than or equal 55 | ARM64_CC_LT = 12, // Less than: Less than, or unordered 56 | ARM64_CC_GT = 13, // Signed greater than: Greater than 57 | ARM64_CC_LE = 14, // Signed less than or equal: <, ==, or unordered 58 | ARM64_CC_AL = 15, // Always (unconditional): Always (unconditional) 59 | ARM64_CC_NV = 16, // Always (unconditional): Always (unconditional) 60 | // Note the NV exists purely to disassemble 0b1111. Execution 61 | // is "always". 62 | } arm64_cc; 63 | 64 | //> System registers 65 | typedef enum arm64_mrs_reg { 66 | //> System registers for MRS 67 | ARM64_SYSREG_INVALID = 0, 68 | ARM64_SYSREG_MDCCSR_EL0 = 0x9808, // 10 011 0000 0001 000 69 | ARM64_SYSREG_DBGDTRRX_EL0 = 0x9828, // 10 011 0000 0101 000 70 | ARM64_SYSREG_MDRAR_EL1 = 0x8080, // 10 000 0001 0000 000 71 | ARM64_SYSREG_OSLSR_EL1 = 0x808c, // 10 000 0001 0001 100 72 | ARM64_SYSREG_DBGAUTHSTATUS_EL1 = 0x83f6, // 10 000 0111 1110 110 73 | ARM64_SYSREG_PMCEID0_EL0 = 0xdce6, // 11 011 1001 1100 110 74 | ARM64_SYSREG_PMCEID1_EL0 = 0xdce7, // 11 011 1001 1100 111 75 | ARM64_SYSREG_MIDR_EL1 = 0xc000, // 11 000 0000 0000 000 76 | ARM64_SYSREG_CCSIDR_EL1 = 0xc800, // 11 001 0000 0000 000 77 | ARM64_SYSREG_CLIDR_EL1 = 0xc801, // 11 001 0000 0000 001 78 | ARM64_SYSREG_CTR_EL0 = 0xd801, // 11 011 0000 0000 001 79 | ARM64_SYSREG_MPIDR_EL1 = 0xc005, // 11 000 0000 0000 101 80 | ARM64_SYSREG_REVIDR_EL1 = 0xc006, // 11 000 0000 0000 110 81 | ARM64_SYSREG_AIDR_EL1 = 0xc807, // 11 001 0000 0000 111 82 | ARM64_SYSREG_DCZID_EL0 = 0xd807, // 11 011 0000 0000 111 83 | ARM64_SYSREG_ID_PFR0_EL1 = 0xc008, // 11 000 0000 0001 000 84 | ARM64_SYSREG_ID_PFR1_EL1 = 0xc009, // 11 000 0000 0001 001 85 | ARM64_SYSREG_ID_DFR0_EL1 = 0xc00a, // 11 000 0000 0001 010 86 | ARM64_SYSREG_ID_AFR0_EL1 = 0xc00b, // 11 000 0000 0001 011 87 | ARM64_SYSREG_ID_MMFR0_EL1 = 0xc00c, // 11 000 0000 0001 100 88 | ARM64_SYSREG_ID_MMFR1_EL1 = 0xc00d, // 11 000 0000 0001 101 89 | ARM64_SYSREG_ID_MMFR2_EL1 = 0xc00e, // 11 000 0000 0001 110 90 | ARM64_SYSREG_ID_MMFR3_EL1 = 0xc00f, // 11 000 0000 0001 111 91 | ARM64_SYSREG_ID_ISAR0_EL1 = 0xc010, // 11 000 0000 0010 000 92 | ARM64_SYSREG_ID_ISAR1_EL1 = 0xc011, // 11 000 0000 0010 001 93 | ARM64_SYSREG_ID_ISAR2_EL1 = 0xc012, // 11 000 0000 0010 010 94 | ARM64_SYSREG_ID_ISAR3_EL1 = 0xc013, // 11 000 0000 0010 011 95 | ARM64_SYSREG_ID_ISAR4_EL1 = 0xc014, // 11 000 0000 0010 100 96 | ARM64_SYSREG_ID_ISAR5_EL1 = 0xc015, // 11 000 0000 0010 101 97 | ARM64_SYSREG_ID_A64PFR0_EL1 = 0xc020, // 11 000 0000 0100 000 98 | ARM64_SYSREG_ID_A64PFR1_EL1 = 0xc021, // 11 000 0000 0100 001 99 | ARM64_SYSREG_ID_A64DFR0_EL1 = 0xc028, // 11 000 0000 0101 000 100 | ARM64_SYSREG_ID_A64DFR1_EL1 = 0xc029, // 11 000 0000 0101 001 101 | ARM64_SYSREG_ID_A64AFR0_EL1 = 0xc02c, // 11 000 0000 0101 100 102 | ARM64_SYSREG_ID_A64AFR1_EL1 = 0xc02d, // 11 000 0000 0101 101 103 | ARM64_SYSREG_ID_A64ISAR0_EL1 = 0xc030, // 11 000 0000 0110 000 104 | ARM64_SYSREG_ID_A64ISAR1_EL1 = 0xc031, // 11 000 0000 0110 001 105 | ARM64_SYSREG_ID_A64MMFR0_EL1 = 0xc038, // 11 000 0000 0111 000 106 | ARM64_SYSREG_ID_A64MMFR1_EL1 = 0xc039, // 11 000 0000 0111 001 107 | ARM64_SYSREG_MVFR0_EL1 = 0xc018, // 11 000 0000 0011 000 108 | ARM64_SYSREG_MVFR1_EL1 = 0xc019, // 11 000 0000 0011 001 109 | ARM64_SYSREG_MVFR2_EL1 = 0xc01a, // 11 000 0000 0011 010 110 | ARM64_SYSREG_RVBAR_EL1 = 0xc601, // 11 000 1100 0000 001 111 | ARM64_SYSREG_RVBAR_EL2 = 0xe601, // 11 100 1100 0000 001 112 | ARM64_SYSREG_RVBAR_EL3 = 0xf601, // 11 110 1100 0000 001 113 | ARM64_SYSREG_ISR_EL1 = 0xc608, // 11 000 1100 0001 000 114 | ARM64_SYSREG_CNTPCT_EL0 = 0xdf01, // 11 011 1110 0000 001 115 | ARM64_SYSREG_CNTVCT_EL0 = 0xdf02, // 11 011 1110 0000 010 116 | 117 | // Trace registers 118 | ARM64_SYSREG_TRCSTATR = 0x8818, // 10 001 0000 0011 000 119 | ARM64_SYSREG_TRCIDR8 = 0x8806, // 10 001 0000 0000 110 120 | ARM64_SYSREG_TRCIDR9 = 0x880e, // 10 001 0000 0001 110 121 | ARM64_SYSREG_TRCIDR10 = 0x8816, // 10 001 0000 0010 110 122 | ARM64_SYSREG_TRCIDR11 = 0x881e, // 10 001 0000 0011 110 123 | ARM64_SYSREG_TRCIDR12 = 0x8826, // 10 001 0000 0100 110 124 | ARM64_SYSREG_TRCIDR13 = 0x882e, // 10 001 0000 0101 110 125 | ARM64_SYSREG_TRCIDR0 = 0x8847, // 10 001 0000 1000 111 126 | ARM64_SYSREG_TRCIDR1 = 0x884f, // 10 001 0000 1001 111 127 | ARM64_SYSREG_TRCIDR2 = 0x8857, // 10 001 0000 1010 111 128 | ARM64_SYSREG_TRCIDR3 = 0x885f, // 10 001 0000 1011 111 129 | ARM64_SYSREG_TRCIDR4 = 0x8867, // 10 001 0000 1100 111 130 | ARM64_SYSREG_TRCIDR5 = 0x886f, // 10 001 0000 1101 111 131 | ARM64_SYSREG_TRCIDR6 = 0x8877, // 10 001 0000 1110 111 132 | ARM64_SYSREG_TRCIDR7 = 0x887f, // 10 001 0000 1111 111 133 | ARM64_SYSREG_TRCOSLSR = 0x888c, // 10 001 0001 0001 100 134 | ARM64_SYSREG_TRCPDSR = 0x88ac, // 10 001 0001 0101 100 135 | ARM64_SYSREG_TRCDEVAFF0 = 0x8bd6, // 10 001 0111 1010 110 136 | ARM64_SYSREG_TRCDEVAFF1 = 0x8bde, // 10 001 0111 1011 110 137 | ARM64_SYSREG_TRCLSR = 0x8bee, // 10 001 0111 1101 110 138 | ARM64_SYSREG_TRCAUTHSTATUS = 0x8bf6, // 10 001 0111 1110 110 139 | ARM64_SYSREG_TRCDEVARCH = 0x8bfe, // 10 001 0111 1111 110 140 | ARM64_SYSREG_TRCDEVID = 0x8b97, // 10 001 0111 0010 111 141 | ARM64_SYSREG_TRCDEVTYPE = 0x8b9f, // 10 001 0111 0011 111 142 | ARM64_SYSREG_TRCPIDR4 = 0x8ba7, // 10 001 0111 0100 111 143 | ARM64_SYSREG_TRCPIDR5 = 0x8baf, // 10 001 0111 0101 111 144 | ARM64_SYSREG_TRCPIDR6 = 0x8bb7, // 10 001 0111 0110 111 145 | ARM64_SYSREG_TRCPIDR7 = 0x8bbf, // 10 001 0111 0111 111 146 | ARM64_SYSREG_TRCPIDR0 = 0x8bc7, // 10 001 0111 1000 111 147 | ARM64_SYSREG_TRCPIDR1 = 0x8bcf, // 10 001 0111 1001 111 148 | ARM64_SYSREG_TRCPIDR2 = 0x8bd7, // 10 001 0111 1010 111 149 | ARM64_SYSREG_TRCPIDR3 = 0x8bdf, // 10 001 0111 1011 111 150 | ARM64_SYSREG_TRCCIDR0 = 0x8be7, // 10 001 0111 1100 111 151 | ARM64_SYSREG_TRCCIDR1 = 0x8bef, // 10 001 0111 1101 111 152 | ARM64_SYSREG_TRCCIDR2 = 0x8bf7, // 10 001 0111 1110 111 153 | ARM64_SYSREG_TRCCIDR3 = 0x8bff, // 10 001 0111 1111 111 154 | 155 | // GICv3 registers 156 | ARM64_SYSREG_ICC_IAR1_EL1 = 0xc660, // 11 000 1100 1100 000 157 | ARM64_SYSREG_ICC_IAR0_EL1 = 0xc640, // 11 000 1100 1000 000 158 | ARM64_SYSREG_ICC_HPPIR1_EL1 = 0xc662, // 11 000 1100 1100 010 159 | ARM64_SYSREG_ICC_HPPIR0_EL1 = 0xc642, // 11 000 1100 1000 010 160 | ARM64_SYSREG_ICC_RPR_EL1 = 0xc65b, // 11 000 1100 1011 011 161 | ARM64_SYSREG_ICH_VTR_EL2 = 0xe659, // 11 100 1100 1011 001 162 | ARM64_SYSREG_ICH_EISR_EL2 = 0xe65b, // 11 100 1100 1011 011 163 | ARM64_SYSREG_ICH_ELSR_EL2 = 0xe65d, // 11 100 1100 1011 101 164 | } arm64_sysreg; 165 | 166 | typedef enum arm64_msr_reg { 167 | //> System registers for MSR 168 | ARM64_SYSREG_DBGDTRTX_EL0 = 0x9828, // 10 011 0000 0101 000 169 | ARM64_SYSREG_OSLAR_EL1 = 0x8084, // 10 000 0001 0000 100 170 | ARM64_SYSREG_PMSWINC_EL0 = 0xdce4, // 11 011 1001 1100 100 171 | 172 | // Trace Registers 173 | ARM64_SYSREG_TRCOSLAR = 0x8884, // 10 001 0001 0000 100 174 | ARM64_SYSREG_TRCLAR = 0x8be6, // 10 001 0111 1100 110 175 | 176 | // GICv3 registers 177 | ARM64_SYSREG_ICC_EOIR1_EL1 = 0xc661, // 11 000 1100 1100 001 178 | ARM64_SYSREG_ICC_EOIR0_EL1 = 0xc641, // 11 000 1100 1000 001 179 | ARM64_SYSREG_ICC_DIR_EL1 = 0xc659, // 11 000 1100 1011 001 180 | ARM64_SYSREG_ICC_SGI1R_EL1 = 0xc65d, // 11 000 1100 1011 101 181 | ARM64_SYSREG_ICC_ASGI1R_EL1 = 0xc65e, // 11 000 1100 1011 110 182 | ARM64_SYSREG_ICC_SGI0R_EL1 = 0xc65f, // 11 000 1100 1011 111 183 | } arm64_msr_reg; 184 | 185 | //> System PState Field (MSR instruction) 186 | typedef enum arm64_pstate { 187 | ARM64_PSTATE_INVALID = 0, 188 | ARM64_PSTATE_SPSEL = 0x05, 189 | ARM64_PSTATE_DAIFSET = 0x1e, 190 | ARM64_PSTATE_DAIFCLR = 0x1f 191 | } arm64_pstate; 192 | 193 | //> Vector arrangement specifier (for FloatingPoint/Advanced SIMD insn) 194 | typedef enum arm64_vas { 195 | ARM64_VAS_INVALID = 0, 196 | ARM64_VAS_8B, 197 | ARM64_VAS_16B, 198 | ARM64_VAS_4H, 199 | ARM64_VAS_8H, 200 | ARM64_VAS_2S, 201 | ARM64_VAS_4S, 202 | ARM64_VAS_1D, 203 | ARM64_VAS_2D, 204 | ARM64_VAS_1Q, 205 | } arm64_vas; 206 | 207 | //> Vector element size specifier 208 | typedef enum arm64_vess { 209 | ARM64_VESS_INVALID = 0, 210 | ARM64_VESS_B, 211 | ARM64_VESS_H, 212 | ARM64_VESS_S, 213 | ARM64_VESS_D, 214 | } arm64_vess; 215 | 216 | //> Memory barrier operands 217 | typedef enum arm64_barrier_op { 218 | ARM64_BARRIER_INVALID = 0, 219 | ARM64_BARRIER_OSHLD = 0x1, 220 | ARM64_BARRIER_OSHST = 0x2, 221 | ARM64_BARRIER_OSH = 0x3, 222 | ARM64_BARRIER_NSHLD = 0x5, 223 | ARM64_BARRIER_NSHST = 0x6, 224 | ARM64_BARRIER_NSH = 0x7, 225 | ARM64_BARRIER_ISHLD = 0x9, 226 | ARM64_BARRIER_ISHST = 0xa, 227 | ARM64_BARRIER_ISH = 0xb, 228 | ARM64_BARRIER_LD = 0xd, 229 | ARM64_BARRIER_ST = 0xe, 230 | ARM64_BARRIER_SY = 0xf 231 | } arm64_barrier_op; 232 | 233 | //> Operand type for instruction's operands 234 | typedef enum arm64_op_type { 235 | ARM64_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 236 | ARM64_OP_REG, // = CS_OP_REG (Register operand). 237 | ARM64_OP_IMM, // = CS_OP_IMM (Immediate operand). 238 | ARM64_OP_MEM, // = CS_OP_MEM (Memory operand). 239 | ARM64_OP_FP, // = CS_OP_FP (Floating-Point operand). 240 | ARM64_OP_CIMM = 64, // C-Immediate 241 | ARM64_OP_REG_MRS, // MRS register operand. 242 | ARM64_OP_REG_MSR, // MSR register operand. 243 | ARM64_OP_PSTATE, // PState operand. 244 | ARM64_OP_SYS, // SYS operand for IC/DC/AT/TLBI instructions. 245 | ARM64_OP_PREFETCH, // Prefetch operand (PRFM). 246 | ARM64_OP_BARRIER, // Memory barrier operand (ISB/DMB/DSB instructions). 247 | } arm64_op_type; 248 | 249 | //> TLBI operations 250 | typedef enum arm64_tlbi_op { 251 | ARM64_TLBI_INVALID = 0, 252 | ARM64_TLBI_VMALLE1IS, 253 | ARM64_TLBI_VAE1IS, 254 | ARM64_TLBI_ASIDE1IS, 255 | ARM64_TLBI_VAAE1IS, 256 | ARM64_TLBI_VALE1IS, 257 | ARM64_TLBI_VAALE1IS, 258 | ARM64_TLBI_ALLE2IS, 259 | ARM64_TLBI_VAE2IS, 260 | ARM64_TLBI_ALLE1IS, 261 | ARM64_TLBI_VALE2IS, 262 | ARM64_TLBI_VMALLS12E1IS, 263 | ARM64_TLBI_ALLE3IS, 264 | ARM64_TLBI_VAE3IS, 265 | ARM64_TLBI_VALE3IS, 266 | ARM64_TLBI_IPAS2E1IS, 267 | ARM64_TLBI_IPAS2LE1IS, 268 | ARM64_TLBI_IPAS2E1, 269 | ARM64_TLBI_IPAS2LE1, 270 | ARM64_TLBI_VMALLE1, 271 | ARM64_TLBI_VAE1, 272 | ARM64_TLBI_ASIDE1, 273 | ARM64_TLBI_VAAE1, 274 | ARM64_TLBI_VALE1, 275 | ARM64_TLBI_VAALE1, 276 | ARM64_TLBI_ALLE2, 277 | ARM64_TLBI_VAE2, 278 | ARM64_TLBI_ALLE1, 279 | ARM64_TLBI_VALE2, 280 | ARM64_TLBI_VMALLS12E1, 281 | ARM64_TLBI_ALLE3, 282 | ARM64_TLBI_VAE3, 283 | ARM64_TLBI_VALE3, 284 | } arm64_tlbi_op; 285 | 286 | //> AT operations 287 | typedef enum arm64_at_op { 288 | ARM64_AT_S1E1R, 289 | ARM64_AT_S1E1W, 290 | ARM64_AT_S1E0R, 291 | ARM64_AT_S1E0W, 292 | ARM64_AT_S1E2R, 293 | ARM64_AT_S1E2W, 294 | ARM64_AT_S12E1R, 295 | ARM64_AT_S12E1W, 296 | ARM64_AT_S12E0R, 297 | ARM64_AT_S12E0W, 298 | ARM64_AT_S1E3R, 299 | ARM64_AT_S1E3W, 300 | } arm64_at_op; 301 | 302 | //> DC operations 303 | typedef enum arm64_dc_op { 304 | ARM64_DC_INVALID = 0, 305 | ARM64_DC_ZVA, 306 | ARM64_DC_IVAC, 307 | ARM64_DC_ISW, 308 | ARM64_DC_CVAC, 309 | ARM64_DC_CSW, 310 | ARM64_DC_CVAU, 311 | ARM64_DC_CIVAC, 312 | ARM64_DC_CISW, 313 | } arm64_dc_op; 314 | 315 | //> IC operations 316 | typedef enum arm64_ic_op { 317 | ARM64_IC_INVALID = 0, 318 | ARM64_IC_IALLUIS, 319 | ARM64_IC_IALLU, 320 | ARM64_IC_IVAU, 321 | } arm64_ic_op; 322 | 323 | //> Prefetch operations (PRFM) 324 | typedef enum arm64_prefetch_op { 325 | ARM64_PRFM_INVALID = 0, 326 | ARM64_PRFM_PLDL1KEEP = 0x00 + 1, 327 | ARM64_PRFM_PLDL1STRM = 0x01 + 1, 328 | ARM64_PRFM_PLDL2KEEP = 0x02 + 1, 329 | ARM64_PRFM_PLDL2STRM = 0x03 + 1, 330 | ARM64_PRFM_PLDL3KEEP = 0x04 + 1, 331 | ARM64_PRFM_PLDL3STRM = 0x05 + 1, 332 | ARM64_PRFM_PLIL1KEEP = 0x08 + 1, 333 | ARM64_PRFM_PLIL1STRM = 0x09 + 1, 334 | ARM64_PRFM_PLIL2KEEP = 0x0a + 1, 335 | ARM64_PRFM_PLIL2STRM = 0x0b + 1, 336 | ARM64_PRFM_PLIL3KEEP = 0x0c + 1, 337 | ARM64_PRFM_PLIL3STRM = 0x0d + 1, 338 | ARM64_PRFM_PSTL1KEEP = 0x10 + 1, 339 | ARM64_PRFM_PSTL1STRM = 0x11 + 1, 340 | ARM64_PRFM_PSTL2KEEP = 0x12 + 1, 341 | ARM64_PRFM_PSTL2STRM = 0x13 + 1, 342 | ARM64_PRFM_PSTL3KEEP = 0x14 + 1, 343 | ARM64_PRFM_PSTL3STRM = 0x15 + 1, 344 | } arm64_prefetch_op; 345 | 346 | // Instruction's operand referring to memory 347 | // This is associated with ARM64_OP_MEM operand type above 348 | typedef struct arm64_op_mem { 349 | unsigned int base; // base register 350 | unsigned int index; // index register 351 | int32_t disp; // displacement/offset value 352 | } arm64_op_mem; 353 | 354 | // Instruction operand 355 | typedef struct cs_arm64_op { 356 | int vector_index; // Vector Index for some vector operands (or -1 if irrelevant) 357 | arm64_vas vas; // Vector Arrangement Specifier 358 | arm64_vess vess; // Vector Element Size Specifier 359 | struct { 360 | arm64_shifter type; // shifter type of this operand 361 | unsigned int value; // shifter value of this operand 362 | } shift; 363 | arm64_extender ext; // extender type of this operand 364 | arm64_op_type type; // operand type 365 | union { 366 | unsigned int reg; // register value for REG operand 367 | int64_t imm; // immediate value, or index for C-IMM or IMM operand 368 | double fp; // floating point value for FP operand 369 | arm64_op_mem mem; // base/index/scale/disp value for MEM operand 370 | arm64_pstate pstate; // PState field of MSR instruction. 371 | unsigned int sys; // IC/DC/AT/TLBI operation (see arm64_ic_op, arm64_dc_op, arm64_at_op, arm64_tlbi_op) 372 | arm64_prefetch_op prefetch; // PRFM operation. 373 | arm64_barrier_op barrier; // Memory barrier operation (ISB/DMB/DSB instructions). 374 | }; 375 | } cs_arm64_op; 376 | 377 | // Instruction structure 378 | typedef struct cs_arm64 { 379 | arm64_cc cc; // conditional code for this insn 380 | bool update_flags; // does this insn update flags? 381 | bool writeback; // does this insn request writeback? 'True' means 'yes' 382 | 383 | // Number of operands of this instruction, 384 | // or 0 when instruction has no operand. 385 | uint8_t op_count; 386 | 387 | cs_arm64_op operands[8]; // operands for this instruction. 388 | } cs_arm64; 389 | 390 | //> ARM64 registers 391 | typedef enum arm64_reg { 392 | ARM64_REG_INVALID = 0, 393 | 394 | ARM64_REG_X29, 395 | ARM64_REG_X30, 396 | ARM64_REG_NZCV, 397 | ARM64_REG_SP, 398 | ARM64_REG_WSP, 399 | ARM64_REG_WZR, 400 | ARM64_REG_XZR, 401 | ARM64_REG_B0, 402 | ARM64_REG_B1, 403 | ARM64_REG_B2, 404 | ARM64_REG_B3, 405 | ARM64_REG_B4, 406 | ARM64_REG_B5, 407 | ARM64_REG_B6, 408 | ARM64_REG_B7, 409 | ARM64_REG_B8, 410 | ARM64_REG_B9, 411 | ARM64_REG_B10, 412 | ARM64_REG_B11, 413 | ARM64_REG_B12, 414 | ARM64_REG_B13, 415 | ARM64_REG_B14, 416 | ARM64_REG_B15, 417 | ARM64_REG_B16, 418 | ARM64_REG_B17, 419 | ARM64_REG_B18, 420 | ARM64_REG_B19, 421 | ARM64_REG_B20, 422 | ARM64_REG_B21, 423 | ARM64_REG_B22, 424 | ARM64_REG_B23, 425 | ARM64_REG_B24, 426 | ARM64_REG_B25, 427 | ARM64_REG_B26, 428 | ARM64_REG_B27, 429 | ARM64_REG_B28, 430 | ARM64_REG_B29, 431 | ARM64_REG_B30, 432 | ARM64_REG_B31, 433 | ARM64_REG_D0, 434 | ARM64_REG_D1, 435 | ARM64_REG_D2, 436 | ARM64_REG_D3, 437 | ARM64_REG_D4, 438 | ARM64_REG_D5, 439 | ARM64_REG_D6, 440 | ARM64_REG_D7, 441 | ARM64_REG_D8, 442 | ARM64_REG_D9, 443 | ARM64_REG_D10, 444 | ARM64_REG_D11, 445 | ARM64_REG_D12, 446 | ARM64_REG_D13, 447 | ARM64_REG_D14, 448 | ARM64_REG_D15, 449 | ARM64_REG_D16, 450 | ARM64_REG_D17, 451 | ARM64_REG_D18, 452 | ARM64_REG_D19, 453 | ARM64_REG_D20, 454 | ARM64_REG_D21, 455 | ARM64_REG_D22, 456 | ARM64_REG_D23, 457 | ARM64_REG_D24, 458 | ARM64_REG_D25, 459 | ARM64_REG_D26, 460 | ARM64_REG_D27, 461 | ARM64_REG_D28, 462 | ARM64_REG_D29, 463 | ARM64_REG_D30, 464 | ARM64_REG_D31, 465 | ARM64_REG_H0, 466 | ARM64_REG_H1, 467 | ARM64_REG_H2, 468 | ARM64_REG_H3, 469 | ARM64_REG_H4, 470 | ARM64_REG_H5, 471 | ARM64_REG_H6, 472 | ARM64_REG_H7, 473 | ARM64_REG_H8, 474 | ARM64_REG_H9, 475 | ARM64_REG_H10, 476 | ARM64_REG_H11, 477 | ARM64_REG_H12, 478 | ARM64_REG_H13, 479 | ARM64_REG_H14, 480 | ARM64_REG_H15, 481 | ARM64_REG_H16, 482 | ARM64_REG_H17, 483 | ARM64_REG_H18, 484 | ARM64_REG_H19, 485 | ARM64_REG_H20, 486 | ARM64_REG_H21, 487 | ARM64_REG_H22, 488 | ARM64_REG_H23, 489 | ARM64_REG_H24, 490 | ARM64_REG_H25, 491 | ARM64_REG_H26, 492 | ARM64_REG_H27, 493 | ARM64_REG_H28, 494 | ARM64_REG_H29, 495 | ARM64_REG_H30, 496 | ARM64_REG_H31, 497 | ARM64_REG_Q0, 498 | ARM64_REG_Q1, 499 | ARM64_REG_Q2, 500 | ARM64_REG_Q3, 501 | ARM64_REG_Q4, 502 | ARM64_REG_Q5, 503 | ARM64_REG_Q6, 504 | ARM64_REG_Q7, 505 | ARM64_REG_Q8, 506 | ARM64_REG_Q9, 507 | ARM64_REG_Q10, 508 | ARM64_REG_Q11, 509 | ARM64_REG_Q12, 510 | ARM64_REG_Q13, 511 | ARM64_REG_Q14, 512 | ARM64_REG_Q15, 513 | ARM64_REG_Q16, 514 | ARM64_REG_Q17, 515 | ARM64_REG_Q18, 516 | ARM64_REG_Q19, 517 | ARM64_REG_Q20, 518 | ARM64_REG_Q21, 519 | ARM64_REG_Q22, 520 | ARM64_REG_Q23, 521 | ARM64_REG_Q24, 522 | ARM64_REG_Q25, 523 | ARM64_REG_Q26, 524 | ARM64_REG_Q27, 525 | ARM64_REG_Q28, 526 | ARM64_REG_Q29, 527 | ARM64_REG_Q30, 528 | ARM64_REG_Q31, 529 | ARM64_REG_S0, 530 | ARM64_REG_S1, 531 | ARM64_REG_S2, 532 | ARM64_REG_S3, 533 | ARM64_REG_S4, 534 | ARM64_REG_S5, 535 | ARM64_REG_S6, 536 | ARM64_REG_S7, 537 | ARM64_REG_S8, 538 | ARM64_REG_S9, 539 | ARM64_REG_S10, 540 | ARM64_REG_S11, 541 | ARM64_REG_S12, 542 | ARM64_REG_S13, 543 | ARM64_REG_S14, 544 | ARM64_REG_S15, 545 | ARM64_REG_S16, 546 | ARM64_REG_S17, 547 | ARM64_REG_S18, 548 | ARM64_REG_S19, 549 | ARM64_REG_S20, 550 | ARM64_REG_S21, 551 | ARM64_REG_S22, 552 | ARM64_REG_S23, 553 | ARM64_REG_S24, 554 | ARM64_REG_S25, 555 | ARM64_REG_S26, 556 | ARM64_REG_S27, 557 | ARM64_REG_S28, 558 | ARM64_REG_S29, 559 | ARM64_REG_S30, 560 | ARM64_REG_S31, 561 | ARM64_REG_W0, 562 | ARM64_REG_W1, 563 | ARM64_REG_W2, 564 | ARM64_REG_W3, 565 | ARM64_REG_W4, 566 | ARM64_REG_W5, 567 | ARM64_REG_W6, 568 | ARM64_REG_W7, 569 | ARM64_REG_W8, 570 | ARM64_REG_W9, 571 | ARM64_REG_W10, 572 | ARM64_REG_W11, 573 | ARM64_REG_W12, 574 | ARM64_REG_W13, 575 | ARM64_REG_W14, 576 | ARM64_REG_W15, 577 | ARM64_REG_W16, 578 | ARM64_REG_W17, 579 | ARM64_REG_W18, 580 | ARM64_REG_W19, 581 | ARM64_REG_W20, 582 | ARM64_REG_W21, 583 | ARM64_REG_W22, 584 | ARM64_REG_W23, 585 | ARM64_REG_W24, 586 | ARM64_REG_W25, 587 | ARM64_REG_W26, 588 | ARM64_REG_W27, 589 | ARM64_REG_W28, 590 | ARM64_REG_W29, 591 | ARM64_REG_W30, 592 | ARM64_REG_X0, 593 | ARM64_REG_X1, 594 | ARM64_REG_X2, 595 | ARM64_REG_X3, 596 | ARM64_REG_X4, 597 | ARM64_REG_X5, 598 | ARM64_REG_X6, 599 | ARM64_REG_X7, 600 | ARM64_REG_X8, 601 | ARM64_REG_X9, 602 | ARM64_REG_X10, 603 | ARM64_REG_X11, 604 | ARM64_REG_X12, 605 | ARM64_REG_X13, 606 | ARM64_REG_X14, 607 | ARM64_REG_X15, 608 | ARM64_REG_X16, 609 | ARM64_REG_X17, 610 | ARM64_REG_X18, 611 | ARM64_REG_X19, 612 | ARM64_REG_X20, 613 | ARM64_REG_X21, 614 | ARM64_REG_X22, 615 | ARM64_REG_X23, 616 | ARM64_REG_X24, 617 | ARM64_REG_X25, 618 | ARM64_REG_X26, 619 | ARM64_REG_X27, 620 | ARM64_REG_X28, 621 | 622 | ARM64_REG_V0, 623 | ARM64_REG_V1, 624 | ARM64_REG_V2, 625 | ARM64_REG_V3, 626 | ARM64_REG_V4, 627 | ARM64_REG_V5, 628 | ARM64_REG_V6, 629 | ARM64_REG_V7, 630 | ARM64_REG_V8, 631 | ARM64_REG_V9, 632 | ARM64_REG_V10, 633 | ARM64_REG_V11, 634 | ARM64_REG_V12, 635 | ARM64_REG_V13, 636 | ARM64_REG_V14, 637 | ARM64_REG_V15, 638 | ARM64_REG_V16, 639 | ARM64_REG_V17, 640 | ARM64_REG_V18, 641 | ARM64_REG_V19, 642 | ARM64_REG_V20, 643 | ARM64_REG_V21, 644 | ARM64_REG_V22, 645 | ARM64_REG_V23, 646 | ARM64_REG_V24, 647 | ARM64_REG_V25, 648 | ARM64_REG_V26, 649 | ARM64_REG_V27, 650 | ARM64_REG_V28, 651 | ARM64_REG_V29, 652 | ARM64_REG_V30, 653 | ARM64_REG_V31, 654 | 655 | ARM64_REG_ENDING, // <-- mark the end of the list of registers 656 | 657 | //> alias registers 658 | 659 | ARM64_REG_IP1 = ARM64_REG_X16, 660 | ARM64_REG_IP0 = ARM64_REG_X17, 661 | ARM64_REG_FP = ARM64_REG_X29, 662 | ARM64_REG_LR = ARM64_REG_X30, 663 | } arm64_reg; 664 | 665 | //> ARM64 instruction 666 | typedef enum arm64_insn { 667 | ARM64_INS_INVALID = 0, 668 | 669 | ARM64_INS_ABS, 670 | ARM64_INS_ADC, 671 | ARM64_INS_ADDHN, 672 | ARM64_INS_ADDHN2, 673 | ARM64_INS_ADDP, 674 | ARM64_INS_ADD, 675 | ARM64_INS_ADDV, 676 | ARM64_INS_ADR, 677 | ARM64_INS_ADRP, 678 | ARM64_INS_AESD, 679 | ARM64_INS_AESE, 680 | ARM64_INS_AESIMC, 681 | ARM64_INS_AESMC, 682 | ARM64_INS_AND, 683 | ARM64_INS_ASR, 684 | ARM64_INS_B, 685 | ARM64_INS_BFM, 686 | ARM64_INS_BIC, 687 | ARM64_INS_BIF, 688 | ARM64_INS_BIT, 689 | ARM64_INS_BL, 690 | ARM64_INS_BLR, 691 | ARM64_INS_BR, 692 | ARM64_INS_BRK, 693 | ARM64_INS_BSL, 694 | ARM64_INS_CBNZ, 695 | ARM64_INS_CBZ, 696 | ARM64_INS_CCMN, 697 | ARM64_INS_CCMP, 698 | ARM64_INS_CLREX, 699 | ARM64_INS_CLS, 700 | ARM64_INS_CLZ, 701 | ARM64_INS_CMEQ, 702 | ARM64_INS_CMGE, 703 | ARM64_INS_CMGT, 704 | ARM64_INS_CMHI, 705 | ARM64_INS_CMHS, 706 | ARM64_INS_CMLE, 707 | ARM64_INS_CMLT, 708 | ARM64_INS_CMTST, 709 | ARM64_INS_CNT, 710 | ARM64_INS_MOV, 711 | ARM64_INS_CRC32B, 712 | ARM64_INS_CRC32CB, 713 | ARM64_INS_CRC32CH, 714 | ARM64_INS_CRC32CW, 715 | ARM64_INS_CRC32CX, 716 | ARM64_INS_CRC32H, 717 | ARM64_INS_CRC32W, 718 | ARM64_INS_CRC32X, 719 | ARM64_INS_CSEL, 720 | ARM64_INS_CSINC, 721 | ARM64_INS_CSINV, 722 | ARM64_INS_CSNEG, 723 | ARM64_INS_DCPS1, 724 | ARM64_INS_DCPS2, 725 | ARM64_INS_DCPS3, 726 | ARM64_INS_DMB, 727 | ARM64_INS_DRPS, 728 | ARM64_INS_DSB, 729 | ARM64_INS_DUP, 730 | ARM64_INS_EON, 731 | ARM64_INS_EOR, 732 | ARM64_INS_ERET, 733 | ARM64_INS_EXTR, 734 | ARM64_INS_EXT, 735 | ARM64_INS_FABD, 736 | ARM64_INS_FABS, 737 | ARM64_INS_FACGE, 738 | ARM64_INS_FACGT, 739 | ARM64_INS_FADD, 740 | ARM64_INS_FADDP, 741 | ARM64_INS_FCCMP, 742 | ARM64_INS_FCCMPE, 743 | ARM64_INS_FCMEQ, 744 | ARM64_INS_FCMGE, 745 | ARM64_INS_FCMGT, 746 | ARM64_INS_FCMLE, 747 | ARM64_INS_FCMLT, 748 | ARM64_INS_FCMP, 749 | ARM64_INS_FCMPE, 750 | ARM64_INS_FCSEL, 751 | ARM64_INS_FCVTAS, 752 | ARM64_INS_FCVTAU, 753 | ARM64_INS_FCVT, 754 | ARM64_INS_FCVTL, 755 | ARM64_INS_FCVTL2, 756 | ARM64_INS_FCVTMS, 757 | ARM64_INS_FCVTMU, 758 | ARM64_INS_FCVTNS, 759 | ARM64_INS_FCVTNU, 760 | ARM64_INS_FCVTN, 761 | ARM64_INS_FCVTN2, 762 | ARM64_INS_FCVTPS, 763 | ARM64_INS_FCVTPU, 764 | ARM64_INS_FCVTXN, 765 | ARM64_INS_FCVTXN2, 766 | ARM64_INS_FCVTZS, 767 | ARM64_INS_FCVTZU, 768 | ARM64_INS_FDIV, 769 | ARM64_INS_FMADD, 770 | ARM64_INS_FMAX, 771 | ARM64_INS_FMAXNM, 772 | ARM64_INS_FMAXNMP, 773 | ARM64_INS_FMAXNMV, 774 | ARM64_INS_FMAXP, 775 | ARM64_INS_FMAXV, 776 | ARM64_INS_FMIN, 777 | ARM64_INS_FMINNM, 778 | ARM64_INS_FMINNMP, 779 | ARM64_INS_FMINNMV, 780 | ARM64_INS_FMINP, 781 | ARM64_INS_FMINV, 782 | ARM64_INS_FMLA, 783 | ARM64_INS_FMLS, 784 | ARM64_INS_FMOV, 785 | ARM64_INS_FMSUB, 786 | ARM64_INS_FMUL, 787 | ARM64_INS_FMULX, 788 | ARM64_INS_FNEG, 789 | ARM64_INS_FNMADD, 790 | ARM64_INS_FNMSUB, 791 | ARM64_INS_FNMUL, 792 | ARM64_INS_FRECPE, 793 | ARM64_INS_FRECPS, 794 | ARM64_INS_FRECPX, 795 | ARM64_INS_FRINTA, 796 | ARM64_INS_FRINTI, 797 | ARM64_INS_FRINTM, 798 | ARM64_INS_FRINTN, 799 | ARM64_INS_FRINTP, 800 | ARM64_INS_FRINTX, 801 | ARM64_INS_FRINTZ, 802 | ARM64_INS_FRSQRTE, 803 | ARM64_INS_FRSQRTS, 804 | ARM64_INS_FSQRT, 805 | ARM64_INS_FSUB, 806 | ARM64_INS_HINT, 807 | ARM64_INS_HLT, 808 | ARM64_INS_HVC, 809 | ARM64_INS_INS, 810 | 811 | ARM64_INS_ISB, 812 | ARM64_INS_LD1, 813 | ARM64_INS_LD1R, 814 | ARM64_INS_LD2R, 815 | ARM64_INS_LD2, 816 | ARM64_INS_LD3R, 817 | ARM64_INS_LD3, 818 | ARM64_INS_LD4, 819 | ARM64_INS_LD4R, 820 | 821 | ARM64_INS_LDARB, 822 | ARM64_INS_LDARH, 823 | ARM64_INS_LDAR, 824 | ARM64_INS_LDAXP, 825 | ARM64_INS_LDAXRB, 826 | ARM64_INS_LDAXRH, 827 | ARM64_INS_LDAXR, 828 | ARM64_INS_LDNP, 829 | ARM64_INS_LDP, 830 | ARM64_INS_LDPSW, 831 | ARM64_INS_LDRB, 832 | ARM64_INS_LDR, 833 | ARM64_INS_LDRH, 834 | ARM64_INS_LDRSB, 835 | ARM64_INS_LDRSH, 836 | ARM64_INS_LDRSW, 837 | ARM64_INS_LDTRB, 838 | ARM64_INS_LDTRH, 839 | ARM64_INS_LDTRSB, 840 | 841 | ARM64_INS_LDTRSH, 842 | ARM64_INS_LDTRSW, 843 | ARM64_INS_LDTR, 844 | ARM64_INS_LDURB, 845 | ARM64_INS_LDUR, 846 | ARM64_INS_LDURH, 847 | ARM64_INS_LDURSB, 848 | ARM64_INS_LDURSH, 849 | ARM64_INS_LDURSW, 850 | ARM64_INS_LDXP, 851 | ARM64_INS_LDXRB, 852 | ARM64_INS_LDXRH, 853 | ARM64_INS_LDXR, 854 | ARM64_INS_LSL, 855 | ARM64_INS_LSR, 856 | ARM64_INS_MADD, 857 | ARM64_INS_MLA, 858 | ARM64_INS_MLS, 859 | ARM64_INS_MOVI, 860 | ARM64_INS_MOVK, 861 | ARM64_INS_MOVN, 862 | ARM64_INS_MOVZ, 863 | ARM64_INS_MRS, 864 | ARM64_INS_MSR, 865 | ARM64_INS_MSUB, 866 | ARM64_INS_MUL, 867 | ARM64_INS_MVNI, 868 | ARM64_INS_NEG, 869 | ARM64_INS_NOT, 870 | ARM64_INS_ORN, 871 | ARM64_INS_ORR, 872 | ARM64_INS_PMULL2, 873 | ARM64_INS_PMULL, 874 | ARM64_INS_PMUL, 875 | ARM64_INS_PRFM, 876 | ARM64_INS_PRFUM, 877 | ARM64_INS_RADDHN, 878 | ARM64_INS_RADDHN2, 879 | ARM64_INS_RBIT, 880 | ARM64_INS_RET, 881 | ARM64_INS_REV16, 882 | ARM64_INS_REV32, 883 | ARM64_INS_REV64, 884 | ARM64_INS_REV, 885 | ARM64_INS_ROR, 886 | ARM64_INS_RSHRN2, 887 | ARM64_INS_RSHRN, 888 | ARM64_INS_RSUBHN, 889 | ARM64_INS_RSUBHN2, 890 | ARM64_INS_SABAL2, 891 | ARM64_INS_SABAL, 892 | 893 | ARM64_INS_SABA, 894 | ARM64_INS_SABDL2, 895 | ARM64_INS_SABDL, 896 | ARM64_INS_SABD, 897 | ARM64_INS_SADALP, 898 | ARM64_INS_SADDLP, 899 | ARM64_INS_SADDLV, 900 | ARM64_INS_SADDL2, 901 | ARM64_INS_SADDL, 902 | ARM64_INS_SADDW2, 903 | ARM64_INS_SADDW, 904 | ARM64_INS_SBC, 905 | ARM64_INS_SBFM, 906 | ARM64_INS_SCVTF, 907 | ARM64_INS_SDIV, 908 | ARM64_INS_SHA1C, 909 | ARM64_INS_SHA1H, 910 | ARM64_INS_SHA1M, 911 | ARM64_INS_SHA1P, 912 | ARM64_INS_SHA1SU0, 913 | ARM64_INS_SHA1SU1, 914 | ARM64_INS_SHA256H2, 915 | ARM64_INS_SHA256H, 916 | ARM64_INS_SHA256SU0, 917 | ARM64_INS_SHA256SU1, 918 | ARM64_INS_SHADD, 919 | ARM64_INS_SHLL2, 920 | ARM64_INS_SHLL, 921 | ARM64_INS_SHL, 922 | ARM64_INS_SHRN2, 923 | ARM64_INS_SHRN, 924 | ARM64_INS_SHSUB, 925 | ARM64_INS_SLI, 926 | ARM64_INS_SMADDL, 927 | ARM64_INS_SMAXP, 928 | ARM64_INS_SMAXV, 929 | ARM64_INS_SMAX, 930 | ARM64_INS_SMC, 931 | ARM64_INS_SMINP, 932 | ARM64_INS_SMINV, 933 | ARM64_INS_SMIN, 934 | ARM64_INS_SMLAL2, 935 | ARM64_INS_SMLAL, 936 | ARM64_INS_SMLSL2, 937 | ARM64_INS_SMLSL, 938 | ARM64_INS_SMOV, 939 | ARM64_INS_SMSUBL, 940 | ARM64_INS_SMULH, 941 | ARM64_INS_SMULL2, 942 | ARM64_INS_SMULL, 943 | ARM64_INS_SQABS, 944 | ARM64_INS_SQADD, 945 | ARM64_INS_SQDMLAL, 946 | ARM64_INS_SQDMLAL2, 947 | ARM64_INS_SQDMLSL, 948 | ARM64_INS_SQDMLSL2, 949 | ARM64_INS_SQDMULH, 950 | ARM64_INS_SQDMULL, 951 | ARM64_INS_SQDMULL2, 952 | ARM64_INS_SQNEG, 953 | ARM64_INS_SQRDMULH, 954 | ARM64_INS_SQRSHL, 955 | ARM64_INS_SQRSHRN, 956 | ARM64_INS_SQRSHRN2, 957 | ARM64_INS_SQRSHRUN, 958 | ARM64_INS_SQRSHRUN2, 959 | ARM64_INS_SQSHLU, 960 | ARM64_INS_SQSHL, 961 | ARM64_INS_SQSHRN, 962 | ARM64_INS_SQSHRN2, 963 | ARM64_INS_SQSHRUN, 964 | ARM64_INS_SQSHRUN2, 965 | ARM64_INS_SQSUB, 966 | ARM64_INS_SQXTN2, 967 | ARM64_INS_SQXTN, 968 | ARM64_INS_SQXTUN2, 969 | ARM64_INS_SQXTUN, 970 | ARM64_INS_SRHADD, 971 | ARM64_INS_SRI, 972 | ARM64_INS_SRSHL, 973 | ARM64_INS_SRSHR, 974 | ARM64_INS_SRSRA, 975 | ARM64_INS_SSHLL2, 976 | ARM64_INS_SSHLL, 977 | ARM64_INS_SSHL, 978 | ARM64_INS_SSHR, 979 | ARM64_INS_SSRA, 980 | ARM64_INS_SSUBL2, 981 | ARM64_INS_SSUBL, 982 | ARM64_INS_SSUBW2, 983 | ARM64_INS_SSUBW, 984 | ARM64_INS_ST1, 985 | ARM64_INS_ST2, 986 | ARM64_INS_ST3, 987 | ARM64_INS_ST4, 988 | ARM64_INS_STLRB, 989 | ARM64_INS_STLRH, 990 | ARM64_INS_STLR, 991 | ARM64_INS_STLXP, 992 | ARM64_INS_STLXRB, 993 | ARM64_INS_STLXRH, 994 | ARM64_INS_STLXR, 995 | ARM64_INS_STNP, 996 | ARM64_INS_STP, 997 | ARM64_INS_STRB, 998 | ARM64_INS_STR, 999 | ARM64_INS_STRH, 1000 | ARM64_INS_STTRB, 1001 | ARM64_INS_STTRH, 1002 | ARM64_INS_STTR, 1003 | ARM64_INS_STURB, 1004 | ARM64_INS_STUR, 1005 | ARM64_INS_STURH, 1006 | ARM64_INS_STXP, 1007 | ARM64_INS_STXRB, 1008 | ARM64_INS_STXRH, 1009 | ARM64_INS_STXR, 1010 | ARM64_INS_SUBHN, 1011 | ARM64_INS_SUBHN2, 1012 | ARM64_INS_SUB, 1013 | ARM64_INS_SUQADD, 1014 | ARM64_INS_SVC, 1015 | ARM64_INS_SYSL, 1016 | ARM64_INS_SYS, 1017 | ARM64_INS_TBL, 1018 | ARM64_INS_TBNZ, 1019 | ARM64_INS_TBX, 1020 | ARM64_INS_TBZ, 1021 | ARM64_INS_TRN1, 1022 | ARM64_INS_TRN2, 1023 | ARM64_INS_UABAL2, 1024 | ARM64_INS_UABAL, 1025 | ARM64_INS_UABA, 1026 | ARM64_INS_UABDL2, 1027 | ARM64_INS_UABDL, 1028 | ARM64_INS_UABD, 1029 | ARM64_INS_UADALP, 1030 | ARM64_INS_UADDLP, 1031 | ARM64_INS_UADDLV, 1032 | ARM64_INS_UADDL2, 1033 | ARM64_INS_UADDL, 1034 | ARM64_INS_UADDW2, 1035 | ARM64_INS_UADDW, 1036 | ARM64_INS_UBFM, 1037 | ARM64_INS_UCVTF, 1038 | ARM64_INS_UDIV, 1039 | ARM64_INS_UHADD, 1040 | ARM64_INS_UHSUB, 1041 | ARM64_INS_UMADDL, 1042 | ARM64_INS_UMAXP, 1043 | ARM64_INS_UMAXV, 1044 | ARM64_INS_UMAX, 1045 | ARM64_INS_UMINP, 1046 | ARM64_INS_UMINV, 1047 | ARM64_INS_UMIN, 1048 | ARM64_INS_UMLAL2, 1049 | ARM64_INS_UMLAL, 1050 | ARM64_INS_UMLSL2, 1051 | ARM64_INS_UMLSL, 1052 | ARM64_INS_UMOV, 1053 | ARM64_INS_UMSUBL, 1054 | ARM64_INS_UMULH, 1055 | ARM64_INS_UMULL2, 1056 | ARM64_INS_UMULL, 1057 | ARM64_INS_UQADD, 1058 | ARM64_INS_UQRSHL, 1059 | ARM64_INS_UQRSHRN, 1060 | ARM64_INS_UQRSHRN2, 1061 | ARM64_INS_UQSHL, 1062 | ARM64_INS_UQSHRN, 1063 | ARM64_INS_UQSHRN2, 1064 | ARM64_INS_UQSUB, 1065 | ARM64_INS_UQXTN2, 1066 | ARM64_INS_UQXTN, 1067 | ARM64_INS_URECPE, 1068 | ARM64_INS_URHADD, 1069 | ARM64_INS_URSHL, 1070 | ARM64_INS_URSHR, 1071 | ARM64_INS_URSQRTE, 1072 | ARM64_INS_URSRA, 1073 | ARM64_INS_USHLL2, 1074 | ARM64_INS_USHLL, 1075 | ARM64_INS_USHL, 1076 | ARM64_INS_USHR, 1077 | ARM64_INS_USQADD, 1078 | ARM64_INS_USRA, 1079 | ARM64_INS_USUBL2, 1080 | ARM64_INS_USUBL, 1081 | ARM64_INS_USUBW2, 1082 | ARM64_INS_USUBW, 1083 | ARM64_INS_UZP1, 1084 | ARM64_INS_UZP2, 1085 | ARM64_INS_XTN2, 1086 | ARM64_INS_XTN, 1087 | ARM64_INS_ZIP1, 1088 | ARM64_INS_ZIP2, 1089 | 1090 | // alias insn 1091 | ARM64_INS_MNEG, 1092 | ARM64_INS_UMNEGL, 1093 | ARM64_INS_SMNEGL, 1094 | ARM64_INS_NOP, 1095 | ARM64_INS_YIELD, 1096 | ARM64_INS_WFE, 1097 | ARM64_INS_WFI, 1098 | ARM64_INS_SEV, 1099 | ARM64_INS_SEVL, 1100 | ARM64_INS_NGC, 1101 | ARM64_INS_SBFIZ, 1102 | ARM64_INS_UBFIZ, 1103 | ARM64_INS_SBFX, 1104 | ARM64_INS_UBFX, 1105 | ARM64_INS_BFI, 1106 | ARM64_INS_BFXIL, 1107 | ARM64_INS_CMN, 1108 | ARM64_INS_MVN, 1109 | ARM64_INS_TST, 1110 | ARM64_INS_CSET, 1111 | ARM64_INS_CINC, 1112 | ARM64_INS_CSETM, 1113 | ARM64_INS_CINV, 1114 | ARM64_INS_CNEG, 1115 | ARM64_INS_SXTB, 1116 | ARM64_INS_SXTH, 1117 | ARM64_INS_SXTW, 1118 | ARM64_INS_CMP, 1119 | ARM64_INS_UXTB, 1120 | ARM64_INS_UXTH, 1121 | ARM64_INS_UXTW, 1122 | ARM64_INS_IC, 1123 | ARM64_INS_DC, 1124 | ARM64_INS_AT, 1125 | ARM64_INS_TLBI, 1126 | 1127 | ARM64_INS_ENDING, // <-- mark the end of the list of insn 1128 | } arm64_insn; 1129 | 1130 | //> Group of ARM64 instructions 1131 | typedef enum arm64_insn_group { 1132 | ARM64_GRP_INVALID = 0, // = CS_GRP_INVALID 1133 | 1134 | //> Generic groups 1135 | // all jump instructions (conditional+direct+indirect jumps) 1136 | ARM64_GRP_JUMP, // = CS_GRP_JUMP 1137 | 1138 | //> Architecture-specific groups 1139 | ARM64_GRP_CRYPTO = 128, 1140 | ARM64_GRP_FPARMV8, 1141 | ARM64_GRP_NEON, 1142 | ARM64_GRP_CRC, 1143 | 1144 | ARM64_GRP_ENDING, // <-- mark the end of the list of groups 1145 | } arm64_insn_group; 1146 | 1147 | #ifdef __cplusplus 1148 | } 1149 | #endif 1150 | 1151 | #endif 1152 | -------------------------------------------------------------------------------- /capstone/include/capstone.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_ENGINE_H 2 | #define CAPSTONE_ENGINE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include 13 | #if defined(CAPSTONE_HAS_OSXKERNEL) 14 | #include 15 | #else 16 | #include 17 | #include 18 | #endif 19 | 20 | #include "platform.h" 21 | 22 | #ifdef _MSC_VER 23 | #pragma warning(disable:4201) 24 | #pragma warning(disable:4100) 25 | #ifdef CAPSTONE_SHARED 26 | #define CAPSTONE_EXPORT __declspec(dllexport) 27 | #else // defined(CAPSTONE_STATIC) 28 | #define CAPSTONE_EXPORT 29 | #endif 30 | #else 31 | #ifdef __GNUC__ 32 | #define CAPSTONE_EXPORT __attribute__((visibility("default"))) 33 | #else 34 | #define CAPSTONE_EXPORT 35 | #endif 36 | #endif 37 | 38 | #ifdef __GNUC__ 39 | #define CAPSTONE_DEPRECATED __attribute__((deprecated)) 40 | #elif defined(_MSC_VER) 41 | #define CAPSTONE_DEPRECATED __declspec(deprecated) 42 | #else 43 | #pragma message("WARNING: You need to implement CAPSTONE_DEPRECATED for this compiler") 44 | #define CAPSTONE_DEPRECATED 45 | #endif 46 | 47 | // Capstone API version 48 | #define CS_API_MAJOR 3 49 | #define CS_API_MINOR 0 50 | 51 | // Macro to create combined version which can be compared to 52 | // result of cs_version() API. 53 | #define CS_MAKE_VERSION(major, minor) ((major << 8) + minor) 54 | 55 | // Handle using with all API 56 | typedef size_t csh; 57 | 58 | // Architecture type 59 | typedef enum cs_arch { 60 | CS_ARCH_ARM = 0, // ARM architecture (including Thumb, Thumb-2) 61 | CS_ARCH_ARM64, // ARM-64, also called AArch64 62 | CS_ARCH_MIPS, // Mips architecture 63 | CS_ARCH_X86, // X86 architecture (including x86 & x86-64) 64 | CS_ARCH_PPC, // PowerPC architecture 65 | CS_ARCH_SPARC, // Sparc architecture 66 | CS_ARCH_SYSZ, // SystemZ architecture 67 | CS_ARCH_XCORE, // XCore architecture 68 | CS_ARCH_MAX, 69 | CS_ARCH_ALL = 0xFFFF, // All architectures - for cs_support() 70 | } cs_arch; 71 | 72 | // Support value to verify diet mode of the engine. 73 | // If cs_support(CS_SUPPORT_DIET) return True, the engine was compiled 74 | // in diet mode. 75 | #define CS_SUPPORT_DIET (CS_ARCH_ALL + 1) 76 | 77 | // Support value to verify X86 reduce mode of the engine. 78 | // If cs_support(CS_SUPPORT_X86_REDUCE) return True, the engine was compiled 79 | // in X86 reduce mode. 80 | #define CS_SUPPORT_X86_REDUCE (CS_ARCH_ALL + 2) 81 | 82 | // Mode type 83 | typedef enum cs_mode { 84 | CS_MODE_LITTLE_ENDIAN = 0, // little-endian mode (default mode) 85 | CS_MODE_ARM = 0, // 32-bit ARM 86 | CS_MODE_16 = 1 << 1, // 16-bit mode (X86) 87 | CS_MODE_32 = 1 << 2, // 32-bit mode (X86) 88 | CS_MODE_64 = 1 << 3, // 64-bit mode (X86, PPC) 89 | CS_MODE_THUMB = 1 << 4, // ARM's Thumb mode, including Thumb-2 90 | CS_MODE_MCLASS = 1 << 5, // ARM's Cortex-M series 91 | CS_MODE_V8 = 1 << 6, // ARMv8 A32 encodings for ARM 92 | CS_MODE_MICRO = 1 << 4, // MicroMips mode (MIPS) 93 | CS_MODE_MIPS3 = 1 << 5, // Mips III ISA 94 | CS_MODE_MIPS32R6 = 1 << 6, // Mips32r6 ISA 95 | CS_MODE_MIPSGP64 = 1 << 7, // General Purpose Registers are 64-bit wide (MIPS) 96 | CS_MODE_V9 = 1 << 4, // SparcV9 mode (Sparc) 97 | CS_MODE_BIG_ENDIAN = 1 << 31, // big-endian mode 98 | CS_MODE_MIPS32 = CS_MODE_32, // Mips32 ISA (Mips) 99 | CS_MODE_MIPS64 = CS_MODE_64, // Mips64 ISA (Mips) 100 | } cs_mode; 101 | 102 | typedef void* (*cs_malloc_t)(size_t size); 103 | typedef void* (*cs_calloc_t)(size_t nmemb, size_t size); 104 | typedef void* (*cs_realloc_t)(void *ptr, size_t size); 105 | typedef void (*cs_free_t)(void *ptr); 106 | typedef int (*cs_vsnprintf_t)(char *str, size_t size, const char *format, va_list ap); 107 | 108 | 109 | // User-defined dynamic memory related functions: malloc/calloc/realloc/free/vsnprintf() 110 | // By default, Capstone uses system's malloc(), calloc(), realloc(), free() & vsnprintf(). 111 | typedef struct cs_opt_mem { 112 | cs_malloc_t malloc; 113 | cs_calloc_t calloc; 114 | cs_realloc_t realloc; 115 | cs_free_t free; 116 | cs_vsnprintf_t vsnprintf; 117 | } cs_opt_mem; 118 | 119 | // Runtime option for the disassembled engine 120 | typedef enum cs_opt_type { 121 | CS_OPT_SYNTAX = 1, // Assembly output syntax 122 | CS_OPT_DETAIL, // Break down instruction structure into details 123 | CS_OPT_MODE, // Change engine's mode at run-time 124 | CS_OPT_MEM, // User-defined dynamic memory related functions 125 | CS_OPT_SKIPDATA, // Skip data when disassembling. Then engine is in SKIPDATA mode. 126 | CS_OPT_SKIPDATA_SETUP, // Setup user-defined function for SKIPDATA option 127 | } cs_opt_type; 128 | 129 | // Runtime option value (associated with option type above) 130 | typedef enum cs_opt_value { 131 | CS_OPT_OFF = 0, // Turn OFF an option - default option of CS_OPT_DETAIL, CS_OPT_SKIPDATA. 132 | CS_OPT_ON = 3, // Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA). 133 | CS_OPT_SYNTAX_DEFAULT = 0, // Default asm syntax (CS_OPT_SYNTAX). 134 | CS_OPT_SYNTAX_INTEL, // X86 Intel asm syntax - default on X86 (CS_OPT_SYNTAX). 135 | CS_OPT_SYNTAX_ATT, // X86 ATT asm syntax (CS_OPT_SYNTAX). 136 | CS_OPT_SYNTAX_NOREGNAME, // Prints register name with only number (CS_OPT_SYNTAX) 137 | } cs_opt_value; 138 | 139 | //> Common instruction operand types - to be consistent across all architectures. 140 | typedef enum cs_op_type { 141 | CS_OP_INVALID = 0, // uninitialized/invalid operand. 142 | CS_OP_REG, // Register operand. 143 | CS_OP_IMM, // Immediate operand. 144 | CS_OP_MEM, // Memory operand. 145 | CS_OP_FP, // Floating-Point operand. 146 | } cs_op_type; 147 | 148 | //> Common instruction groups - to be consistent across all architectures. 149 | typedef enum cs_group_type { 150 | CS_GRP_INVALID = 0, // uninitialized/invalid group. 151 | CS_GRP_JUMP, // all jump instructions (conditional+direct+indirect jumps) 152 | CS_GRP_CALL, // all call instructions 153 | CS_GRP_RET, // all return instructions 154 | CS_GRP_INT, // all interrupt instructions (int+syscall) 155 | CS_GRP_IRET, // all interrupt return instructions 156 | } cs_group_type; 157 | 158 | /* 159 | User-defined callback function for SKIPDATA option. 160 | See tests/test_skipdata.c for sample code demonstrating this API. 161 | 162 | @code: the input buffer containing code to be disassembled. 163 | This is the same buffer passed to cs_disasm(). 164 | @code_size: size (in bytes) of the above @code buffer. 165 | @offset: the position of the currently-examining byte in the input 166 | buffer @code mentioned above. 167 | @user_data: user-data passed to cs_option() via @user_data field in 168 | cs_opt_skipdata struct below. 169 | 170 | @return: return number of bytes to skip, or 0 to immediately stop disassembling. 171 | */ 172 | typedef size_t (*cs_skipdata_cb_t)(const uint8_t *code, size_t code_size, size_t offset, void *user_data); 173 | 174 | // User-customized setup for SKIPDATA option 175 | typedef struct cs_opt_skipdata { 176 | // Capstone considers data to skip as special "instructions". 177 | // User can specify the string for this instruction's "mnemonic" here. 178 | // By default (if @mnemonic is NULL), Capstone use ".byte". 179 | const char *mnemonic; 180 | 181 | // User-defined callback function to be called when Capstone hits data. 182 | // If the returned value from this callback is positive (>0), Capstone 183 | // will skip exactly that number of bytes & continue. Otherwise, if 184 | // the callback returns 0, Capstone stops disassembling and returns 185 | // immediately from cs_disasm() 186 | // NOTE: if this callback pointer is NULL, Capstone would skip a number 187 | // of bytes depending on architectures, as following: 188 | // Arm: 2 bytes (Thumb mode) or 4 bytes. 189 | // Arm64: 4 bytes. 190 | // Mips: 4 bytes. 191 | // PowerPC: 4 bytes. 192 | // Sparc: 4 bytes. 193 | // SystemZ: 2 bytes. 194 | // X86: 1 bytes. 195 | // XCore: 2 bytes. 196 | cs_skipdata_cb_t callback; // default value is NULL 197 | 198 | // User-defined data to be passed to @callback function pointer. 199 | void *user_data; 200 | } cs_opt_skipdata; 201 | 202 | 203 | #include "arm.h" 204 | #include "arm64.h" 205 | #include "mips.h" 206 | #include "ppc.h" 207 | #include "sparc.h" 208 | #include "systemz.h" 209 | #include "x86.h" 210 | #include "xcore.h" 211 | 212 | // NOTE: All information in cs_detail is only available when CS_OPT_DETAIL = CS_OPT_ON 213 | typedef struct cs_detail { 214 | uint8_t regs_read[12]; // list of implicit registers read by this insn 215 | uint8_t regs_read_count; // number of implicit registers read by this insn 216 | 217 | uint8_t regs_write[20]; // list of implicit registers modified by this insn 218 | uint8_t regs_write_count; // number of implicit registers modified by this insn 219 | 220 | uint8_t groups[8]; // list of group this instruction belong to 221 | uint8_t groups_count; // number of groups this insn belongs to 222 | 223 | // Architecture-specific instruction info 224 | union { 225 | cs_x86 x86; // X86 architecture, including 16-bit, 32-bit & 64-bit mode 226 | cs_arm64 arm64; // ARM64 architecture (aka AArch64) 227 | cs_arm arm; // ARM architecture (including Thumb/Thumb2) 228 | cs_mips mips; // MIPS architecture 229 | cs_ppc ppc; // PowerPC architecture 230 | cs_sparc sparc; // Sparc architecture 231 | cs_sysz sysz; // SystemZ architecture 232 | cs_xcore xcore; // XCore architecture 233 | }; 234 | } cs_detail; 235 | 236 | // Detail information of disassembled instruction 237 | typedef struct cs_insn { 238 | // Instruction ID (basically a numeric ID for the instruction mnemonic) 239 | // Find the instruction id in the '[ARCH]_insn' enum in the header file 240 | // of corresponding architecture, such as 'arm_insn' in arm.h for ARM, 241 | // 'x86_insn' in x86.h for X86, etc... 242 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 243 | // NOTE: in Skipdata mode, "data" instruction has 0 for this id field. 244 | unsigned int id; 245 | 246 | // Address (EIP) of this instruction 247 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 248 | uint64_t address; 249 | 250 | // Size of this instruction 251 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 252 | uint16_t size; 253 | // Machine bytes of this instruction, with number of bytes indicated by @size above 254 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 255 | uint8_t bytes[16]; 256 | 257 | // Ascii text of instruction mnemonic 258 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 259 | char mnemonic[32]; 260 | 261 | // Ascii text of instruction operands 262 | // This information is available even when CS_OPT_DETAIL = CS_OPT_OFF 263 | char op_str[160]; 264 | 265 | // Pointer to cs_detail. 266 | // NOTE: detail pointer is only valid when both requirements below are met: 267 | // (1) CS_OP_DETAIL = CS_OPT_ON 268 | // (2) Engine is not in Skipdata mode (CS_OP_SKIPDATA option set to CS_OPT_ON) 269 | // 270 | // NOTE 2: when in Skipdata mode, or when detail mode is OFF, even if this pointer 271 | // is not NULL, its content is still irrelevant. 272 | cs_detail *detail; 273 | } cs_insn; 274 | 275 | 276 | // Calculate the offset of a disassembled instruction in its buffer, given its position 277 | // in its array of disassembled insn 278 | // NOTE: this macro works with position (>=1), not index 279 | #define CS_INSN_OFFSET(insns, post) (insns[post - 1].address - insns[0].address) 280 | 281 | 282 | // All type of errors encountered by Capstone API. 283 | // These are values returned by cs_errno() 284 | typedef enum cs_err { 285 | CS_ERR_OK = 0, // No error: everything was fine 286 | CS_ERR_MEM, // Out-Of-Memory error: cs_open(), cs_disasm(), cs_disasm_iter() 287 | CS_ERR_ARCH, // Unsupported architecture: cs_open() 288 | CS_ERR_HANDLE, // Invalid handle: cs_op_count(), cs_op_index() 289 | CS_ERR_CSH, // Invalid csh argument: cs_close(), cs_errno(), cs_option() 290 | CS_ERR_MODE, // Invalid/unsupported mode: cs_open() 291 | CS_ERR_OPTION, // Invalid/unsupported option: cs_option() 292 | CS_ERR_DETAIL, // Information is unavailable because detail option is OFF 293 | CS_ERR_MEMSETUP, // Dynamic memory management uninitialized (see CS_OPT_MEM) 294 | CS_ERR_VERSION, // Unsupported version (bindings) 295 | CS_ERR_DIET, // Access irrelevant data in "diet" engine 296 | CS_ERR_SKIPDATA, // Access irrelevant data for "data" instruction in SKIPDATA mode 297 | CS_ERR_X86_ATT, // X86 AT&T syntax is unsupported (opt-out at compile time) 298 | CS_ERR_X86_INTEL, // X86 Intel syntax is unsupported (opt-out at compile time) 299 | } cs_err; 300 | 301 | /* 302 | Return combined API version & major and minor version numbers. 303 | 304 | @major: major number of API version 305 | @minor: minor number of API version 306 | 307 | @return hexical number as (major << 8 | minor), which encodes both 308 | major & minor versions. 309 | NOTE: This returned value can be compared with version number made 310 | with macro CS_MAKE_VERSION 311 | 312 | For example, second API version would return 1 in @major, and 1 in @minor 313 | The return value would be 0x0101 314 | 315 | NOTE: if you only care about returned value, but not major and minor values, 316 | set both @major & @minor arguments to NULL. 317 | */ 318 | CAPSTONE_EXPORT 319 | unsigned int cs_version(int *major, int *minor); 320 | 321 | 322 | /* 323 | This API can be used to either ask for archs supported by this library, 324 | or check to see if the library was compile with 'diet' option (or called 325 | in 'diet' mode). 326 | 327 | To check if a particular arch is supported by this library, set @query to 328 | arch mode (CS_ARCH_* value). 329 | To verify if this library supports all the archs, use CS_ARCH_ALL. 330 | 331 | To check if this library is in 'diet' mode, set @query to CS_SUPPORT_DIET. 332 | 333 | @return True if this library supports the given arch, or in 'diet' mode. 334 | */ 335 | CAPSTONE_EXPORT 336 | bool cs_support(int query); 337 | 338 | /* 339 | Initialize CS handle: this must be done before any usage of CS. 340 | 341 | @arch: architecture type (CS_ARCH_*) 342 | @mode: hardware mode. This is combined of CS_MODE_* 343 | @handle: pointer to handle, which will be updated at return time 344 | 345 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 346 | for detailed error). 347 | */ 348 | CAPSTONE_EXPORT 349 | cs_err cs_open(cs_arch arch, cs_mode mode, csh *handle); 350 | 351 | /* 352 | Close CS handle: MUST do to release the handle when it is not used anymore. 353 | NOTE: this must be only called when there is no longer usage of Capstone, 354 | not even access to cs_insn array. The reason is the this API releases some 355 | cached memory, thus access to any Capstone API after cs_close() might crash 356 | your application. 357 | 358 | In fact,this API invalidate @handle by ZERO out its value (i.e *handle = 0). 359 | 360 | @handle: pointer to a handle returned by cs_open() 361 | 362 | @return CS_ERR_OK on success, or other value on failure (refer to cs_err enum 363 | for detailed error). 364 | */ 365 | CAPSTONE_EXPORT 366 | cs_err cs_close(csh *handle); 367 | 368 | /* 369 | Set option for disassembling engine at runtime 370 | 371 | @handle: handle returned by cs_open() 372 | @type: type of option to be set 373 | @value: option value corresponding with @type 374 | 375 | @return: CS_ERR_OK on success, or other value on failure. 376 | Refer to cs_err enum for detailed error. 377 | 378 | NOTE: in the case of CS_OPT_MEM, handle's value can be anything, 379 | so that cs_option(handle, CS_OPT_MEM, value) can (i.e must) be called 380 | even before cs_open() 381 | */ 382 | CAPSTONE_EXPORT 383 | cs_err cs_option(csh handle, cs_opt_type type, size_t value); 384 | 385 | /* 386 | Report the last error number when some API function fail. 387 | Like glibc's errno, cs_errno might not retain its old value once accessed. 388 | 389 | @handle: handle returned by cs_open() 390 | 391 | @return: error code of cs_err enum type (CS_ERR_*, see above) 392 | */ 393 | CAPSTONE_EXPORT 394 | cs_err cs_errno(csh handle); 395 | 396 | 397 | /* 398 | Return a string describing given error code. 399 | 400 | @code: error code (see CS_ERR_* above) 401 | 402 | @return: returns a pointer to a string that describes the error code 403 | passed in the argument @code 404 | */ 405 | CAPSTONE_EXPORT 406 | const char *cs_strerror(cs_err code); 407 | 408 | /* 409 | Disassemble binary code, given the code buffer, size, address and number 410 | of instructions to be decoded. 411 | This API dynamically allocate memory to contain disassembled instruction. 412 | Resulted instructions will be put into @*insn 413 | 414 | NOTE 1: this API will automatically determine memory needed to contain 415 | output disassembled instructions in @insn. 416 | 417 | NOTE 2: caller must free the allocated memory itself to avoid memory leaking. 418 | 419 | NOTE 3: for system with scarce memory to be dynamically allocated such as 420 | OS kernel or firmware, the API cs_disasm_iter() might be a better choice than 421 | cs_disasm(). The reason is that with cs_disasm(), based on limited available 422 | memory, we have to calculate in advance how many instructions to be disassembled, 423 | which complicates things. This is especially troublesome for the case @count=0, 424 | when cs_disasm() runs uncontrollably (until either end of input buffer, or 425 | when it encounters an invalid instruction). 426 | 427 | @handle: handle returned by cs_open() 428 | @code: buffer containing raw binary code to be disassembled. 429 | @code_size: size of the above code buffer. 430 | @address: address of the first instruction in given raw code buffer. 431 | @insn: array of instructions filled in by this API. 432 | NOTE: @insn will be allocated by this function, and should be freed 433 | with cs_free() API. 434 | @count: number of instructions to be disassembled, or 0 to get all of them 435 | 436 | @return: the number of successfully disassembled instructions, 437 | or 0 if this function failed to disassemble the given code 438 | 439 | On failure, call cs_errno() for error code. 440 | */ 441 | CAPSTONE_EXPORT 442 | size_t cs_disasm(csh handle, 443 | const uint8_t *code, size_t code_size, 444 | uint64_t address, 445 | size_t count, 446 | cs_insn **insn); 447 | 448 | /* 449 | Deprecated function - to be retired in the next version! 450 | Use cs_disasm() instead of cs_disasm_ex() 451 | */ 452 | CAPSTONE_EXPORT 453 | CAPSTONE_DEPRECATED 454 | size_t cs_disasm_ex(csh handle, 455 | const uint8_t *code, size_t code_size, 456 | uint64_t address, 457 | size_t count, 458 | cs_insn **insn); 459 | 460 | /* 461 | Free memory allocated by cs_malloc() or cs_disasm() (argument @insn) 462 | 463 | @insn: pointer returned by @insn argument in cs_disasm() or cs_malloc() 464 | @count: number of cs_insn structures returned by cs_disasm(), or 1 465 | to free memory allocated by cs_malloc(). 466 | */ 467 | CAPSTONE_EXPORT 468 | void cs_free(cs_insn *insn, size_t count); 469 | 470 | 471 | /* 472 | Allocate memory for 1 instruction to be used by cs_disasm_iter(). 473 | 474 | @handle: handle returned by cs_open() 475 | 476 | NOTE: when no longer in use, you can reclaim the memory allocated for 477 | this instruction with cs_free(insn, 1) 478 | */ 479 | CAPSTONE_EXPORT 480 | cs_insn *cs_malloc(csh handle); 481 | 482 | /* 483 | Fast API to disassemble binary code, given the code buffer, size, address 484 | and number of instructions to be decoded. 485 | This API put the resulted instruction into a given cache in @insn. 486 | See tests/test_iter.c for sample code demonstrating this API. 487 | 488 | NOTE 1: this API will update @code, @size & @address to point to the next 489 | instruction in the input buffer. Therefore, it is convenient to use 490 | cs_disasm_iter() inside a loop to quickly iterate all the instructions. 491 | While decoding one instruction at a time can also be achieved with 492 | cs_disasm(count=1), some benchmarks shown that cs_disasm_iter() can be 30% 493 | faster on random input. 494 | 495 | NOTE 2: the cache in @insn can be created with cs_malloc() API. 496 | 497 | NOTE 3: for system with scarce memory to be dynamically allocated such as 498 | OS kernel or firmware, this API is recommended over cs_disasm(), which 499 | allocates memory based on the number of instructions to be disassembled. 500 | The reason is that with cs_disasm(), based on limited available memory, 501 | we have to calculate in advance how many instructions to be disassembled, 502 | which complicates things. This is especially troublesome for the case 503 | @count=0, when cs_disasm() runs uncontrollably (until either end of input 504 | buffer, or when it encounters an invalid instruction). 505 | 506 | @handle: handle returned by cs_open() 507 | @code: buffer containing raw binary code to be disassembled 508 | @code_size: size of above code 509 | @address: address of the first insn in given raw code buffer 510 | @insn: pointer to instruction to be filled in by this API. 511 | 512 | @return: true if this API successfully decode 1 instruction, 513 | or false otherwise. 514 | 515 | On failure, call cs_errno() for error code. 516 | */ 517 | CAPSTONE_EXPORT 518 | bool cs_disasm_iter(csh handle, 519 | const uint8_t **code, size_t *size, 520 | uint64_t *address, cs_insn *insn); 521 | 522 | /* 523 | Return friendly name of register in a string. 524 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, 525 | x86.h for X86, ...) 526 | 527 | WARN: when in 'diet' mode, this API is irrelevant because engine does not 528 | store register name. 529 | 530 | @handle: handle returned by cs_open() 531 | @reg_id: register id 532 | 533 | @return: string name of the register, or NULL if @reg_id is invalid. 534 | */ 535 | CAPSTONE_EXPORT 536 | const char *cs_reg_name(csh handle, unsigned int reg_id); 537 | 538 | /* 539 | Return friendly name of an instruction in a string. 540 | Find the instruction id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 541 | 542 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 543 | store instruction name. 544 | 545 | @handle: handle returned by cs_open() 546 | @insn_id: instruction id 547 | 548 | @return: string name of the instruction, or NULL if @insn_id is invalid. 549 | */ 550 | CAPSTONE_EXPORT 551 | const char *cs_insn_name(csh handle, unsigned int insn_id); 552 | 553 | /* 554 | Return friendly name of a group id (that an instruction can belong to) 555 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 556 | 557 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 558 | store group name. 559 | 560 | @handle: handle returned by cs_open() 561 | @group_id: group id 562 | 563 | @return: string name of the group, or NULL if @group_id is invalid. 564 | */ 565 | CAPSTONE_EXPORT 566 | const char *cs_group_name(csh handle, unsigned int group_id); 567 | 568 | /* 569 | Check if a disassembled instruction belong to a particular group. 570 | Find the group id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 571 | Internally, this simply verifies if @group_id matches any member of insn->groups array. 572 | 573 | NOTE: this API is only valid when detail option is ON (which is OFF by default). 574 | 575 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 576 | update @groups array. 577 | 578 | @handle: handle returned by cs_open() 579 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 580 | @group_id: group that you want to check if this instruction belong to. 581 | 582 | @return: true if this instruction indeed belongs to aboved group, or false otherwise. 583 | */ 584 | CAPSTONE_EXPORT 585 | bool cs_insn_group(csh handle, const cs_insn *insn, unsigned int group_id); 586 | 587 | /* 588 | Check if a disassembled instruction IMPLICITLY used a particular register. 589 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 590 | Internally, this simply verifies if @reg_id matches any member of insn->regs_read array. 591 | 592 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 593 | 594 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 595 | update @regs_read array. 596 | 597 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 598 | @reg_id: register that you want to check if this instruction used it. 599 | 600 | @return: true if this instruction indeed implicitly used aboved register, or false otherwise. 601 | */ 602 | CAPSTONE_EXPORT 603 | bool cs_reg_read(csh handle, const cs_insn *insn, unsigned int reg_id); 604 | 605 | /* 606 | Check if a disassembled instruction IMPLICITLY modified a particular register. 607 | Find the register id from header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 608 | Internally, this simply verifies if @reg_id matches any member of insn->regs_write array. 609 | 610 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 611 | 612 | WARN: when in 'diet' mode, this API is irrelevant because the engine does not 613 | update @regs_write array. 614 | 615 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 616 | @reg_id: register that you want to check if this instruction modified it. 617 | 618 | @return: true if this instruction indeed implicitly modified aboved register, or false otherwise. 619 | */ 620 | CAPSTONE_EXPORT 621 | bool cs_reg_write(csh handle, const cs_insn *insn, unsigned int reg_id); 622 | 623 | /* 624 | Count the number of operands of a given type. 625 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 626 | 627 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 628 | 629 | @handle: handle returned by cs_open() 630 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 631 | @op_type: Operand type to be found. 632 | 633 | @return: number of operands of given type @op_type in instruction @insn, 634 | or -1 on failure. 635 | */ 636 | CAPSTONE_EXPORT 637 | int cs_op_count(csh handle, const cs_insn *insn, unsigned int op_type); 638 | 639 | /* 640 | Retrieve the position of operand of given type in .operands[] array. 641 | Later, the operand can be accessed using the returned position. 642 | Find the operand type in header file of corresponding architecture (arm.h for ARM, x86.h for X86, ...) 643 | 644 | NOTE: this API is only valid when detail option is ON (which is OFF by default) 645 | 646 | @handle: handle returned by cs_open() 647 | @insn: disassembled instruction structure received from cs_disasm() or cs_disasm_iter() 648 | @op_type: Operand type to be found. 649 | @position: position of the operand to be found. This must be in the range 650 | [1, cs_op_count(handle, insn, op_type)] 651 | 652 | @return: index of operand of given type @op_type in .operands[] array 653 | in instruction @insn, or -1 on failure. 654 | */ 655 | CAPSTONE_EXPORT 656 | int cs_op_index(csh handle, const cs_insn *insn, unsigned int op_type, 657 | unsigned int position); 658 | 659 | #ifdef __cplusplus 660 | } 661 | #endif 662 | 663 | #endif 664 | -------------------------------------------------------------------------------- /capstone/include/mips.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_MIPS_H 2 | #define CAPSTONE_MIPS_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC MIPS toolchain has a default macro called "mips" which breaks 15 | // compilation 16 | #undef mips 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Operand type for instruction's operands 23 | typedef enum mips_op_type { 24 | MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 25 | MIPS_OP_REG, // = CS_OP_REG (Register operand). 26 | MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand). 27 | MIPS_OP_MEM, // = CS_OP_MEM (Memory operand). 28 | } mips_op_type; 29 | 30 | // Instruction's operand referring to memory 31 | // This is associated with MIPS_OP_MEM operand type above 32 | typedef struct mips_op_mem { 33 | unsigned int base; // base register 34 | int64_t disp; // displacement/offset value 35 | } mips_op_mem; 36 | 37 | // Instruction operand 38 | typedef struct cs_mips_op { 39 | mips_op_type type; // operand type 40 | union { 41 | unsigned int reg; // register value for REG operand 42 | int64_t imm; // immediate value for IMM operand 43 | mips_op_mem mem; // base/index/scale/disp value for MEM operand 44 | }; 45 | } cs_mips_op; 46 | 47 | // Instruction structure 48 | typedef struct cs_mips { 49 | // Number of operands of this instruction, 50 | // or 0 when instruction has no operand. 51 | uint8_t op_count; 52 | cs_mips_op operands[8]; // operands for this instruction. 53 | } cs_mips; 54 | 55 | //> MIPS registers 56 | typedef enum mips_reg { 57 | MIPS_REG_INVALID = 0, 58 | //> General purpose registers 59 | MIPS_REG_0, 60 | MIPS_REG_1, 61 | MIPS_REG_2, 62 | MIPS_REG_3, 63 | MIPS_REG_4, 64 | MIPS_REG_5, 65 | MIPS_REG_6, 66 | MIPS_REG_7, 67 | MIPS_REG_8, 68 | MIPS_REG_9, 69 | MIPS_REG_10, 70 | MIPS_REG_11, 71 | MIPS_REG_12, 72 | MIPS_REG_13, 73 | MIPS_REG_14, 74 | MIPS_REG_15, 75 | MIPS_REG_16, 76 | MIPS_REG_17, 77 | MIPS_REG_18, 78 | MIPS_REG_19, 79 | MIPS_REG_20, 80 | MIPS_REG_21, 81 | MIPS_REG_22, 82 | MIPS_REG_23, 83 | MIPS_REG_24, 84 | MIPS_REG_25, 85 | MIPS_REG_26, 86 | MIPS_REG_27, 87 | MIPS_REG_28, 88 | MIPS_REG_29, 89 | MIPS_REG_30, 90 | MIPS_REG_31, 91 | 92 | //> DSP registers 93 | MIPS_REG_DSPCCOND, 94 | MIPS_REG_DSPCARRY, 95 | MIPS_REG_DSPEFI, 96 | MIPS_REG_DSPOUTFLAG, 97 | MIPS_REG_DSPOUTFLAG16_19, 98 | MIPS_REG_DSPOUTFLAG20, 99 | MIPS_REG_DSPOUTFLAG21, 100 | MIPS_REG_DSPOUTFLAG22, 101 | MIPS_REG_DSPOUTFLAG23, 102 | MIPS_REG_DSPPOS, 103 | MIPS_REG_DSPSCOUNT, 104 | 105 | //> ACC registers 106 | MIPS_REG_AC0, 107 | MIPS_REG_AC1, 108 | MIPS_REG_AC2, 109 | MIPS_REG_AC3, 110 | 111 | //> COP registers 112 | MIPS_REG_CC0, 113 | MIPS_REG_CC1, 114 | MIPS_REG_CC2, 115 | MIPS_REG_CC3, 116 | MIPS_REG_CC4, 117 | MIPS_REG_CC5, 118 | MIPS_REG_CC6, 119 | MIPS_REG_CC7, 120 | 121 | //> FPU registers 122 | MIPS_REG_F0, 123 | MIPS_REG_F1, 124 | MIPS_REG_F2, 125 | MIPS_REG_F3, 126 | MIPS_REG_F4, 127 | MIPS_REG_F5, 128 | MIPS_REG_F6, 129 | MIPS_REG_F7, 130 | MIPS_REG_F8, 131 | MIPS_REG_F9, 132 | MIPS_REG_F10, 133 | MIPS_REG_F11, 134 | MIPS_REG_F12, 135 | MIPS_REG_F13, 136 | MIPS_REG_F14, 137 | MIPS_REG_F15, 138 | MIPS_REG_F16, 139 | MIPS_REG_F17, 140 | MIPS_REG_F18, 141 | MIPS_REG_F19, 142 | MIPS_REG_F20, 143 | MIPS_REG_F21, 144 | MIPS_REG_F22, 145 | MIPS_REG_F23, 146 | MIPS_REG_F24, 147 | MIPS_REG_F25, 148 | MIPS_REG_F26, 149 | MIPS_REG_F27, 150 | MIPS_REG_F28, 151 | MIPS_REG_F29, 152 | MIPS_REG_F30, 153 | MIPS_REG_F31, 154 | 155 | MIPS_REG_FCC0, 156 | MIPS_REG_FCC1, 157 | MIPS_REG_FCC2, 158 | MIPS_REG_FCC3, 159 | MIPS_REG_FCC4, 160 | MIPS_REG_FCC5, 161 | MIPS_REG_FCC6, 162 | MIPS_REG_FCC7, 163 | 164 | //> AFPR128 165 | MIPS_REG_W0, 166 | MIPS_REG_W1, 167 | MIPS_REG_W2, 168 | MIPS_REG_W3, 169 | MIPS_REG_W4, 170 | MIPS_REG_W5, 171 | MIPS_REG_W6, 172 | MIPS_REG_W7, 173 | MIPS_REG_W8, 174 | MIPS_REG_W9, 175 | MIPS_REG_W10, 176 | MIPS_REG_W11, 177 | MIPS_REG_W12, 178 | MIPS_REG_W13, 179 | MIPS_REG_W14, 180 | MIPS_REG_W15, 181 | MIPS_REG_W16, 182 | MIPS_REG_W17, 183 | MIPS_REG_W18, 184 | MIPS_REG_W19, 185 | MIPS_REG_W20, 186 | MIPS_REG_W21, 187 | MIPS_REG_W22, 188 | MIPS_REG_W23, 189 | MIPS_REG_W24, 190 | MIPS_REG_W25, 191 | MIPS_REG_W26, 192 | MIPS_REG_W27, 193 | MIPS_REG_W28, 194 | MIPS_REG_W29, 195 | MIPS_REG_W30, 196 | MIPS_REG_W31, 197 | 198 | MIPS_REG_HI, 199 | MIPS_REG_LO, 200 | 201 | MIPS_REG_P0, 202 | MIPS_REG_P1, 203 | MIPS_REG_P2, 204 | 205 | MIPS_REG_MPL0, 206 | MIPS_REG_MPL1, 207 | MIPS_REG_MPL2, 208 | 209 | MIPS_REG_ENDING, // <-- mark the end of the list or registers 210 | 211 | // alias registers 212 | MIPS_REG_ZERO = MIPS_REG_0, 213 | MIPS_REG_AT = MIPS_REG_1, 214 | MIPS_REG_V0 = MIPS_REG_2, 215 | MIPS_REG_V1 = MIPS_REG_3, 216 | MIPS_REG_A0 = MIPS_REG_4, 217 | MIPS_REG_A1 = MIPS_REG_5, 218 | MIPS_REG_A2 = MIPS_REG_6, 219 | MIPS_REG_A3 = MIPS_REG_7, 220 | MIPS_REG_T0 = MIPS_REG_8, 221 | MIPS_REG_T1 = MIPS_REG_9, 222 | MIPS_REG_T2 = MIPS_REG_10, 223 | MIPS_REG_T3 = MIPS_REG_11, 224 | MIPS_REG_T4 = MIPS_REG_12, 225 | MIPS_REG_T5 = MIPS_REG_13, 226 | MIPS_REG_T6 = MIPS_REG_14, 227 | MIPS_REG_T7 = MIPS_REG_15, 228 | MIPS_REG_S0 = MIPS_REG_16, 229 | MIPS_REG_S1 = MIPS_REG_17, 230 | MIPS_REG_S2 = MIPS_REG_18, 231 | MIPS_REG_S3 = MIPS_REG_19, 232 | MIPS_REG_S4 = MIPS_REG_20, 233 | MIPS_REG_S5 = MIPS_REG_21, 234 | MIPS_REG_S6 = MIPS_REG_22, 235 | MIPS_REG_S7 = MIPS_REG_23, 236 | MIPS_REG_T8 = MIPS_REG_24, 237 | MIPS_REG_T9 = MIPS_REG_25, 238 | MIPS_REG_K0 = MIPS_REG_26, 239 | MIPS_REG_K1 = MIPS_REG_27, 240 | MIPS_REG_GP = MIPS_REG_28, 241 | MIPS_REG_SP = MIPS_REG_29, 242 | MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30, 243 | MIPS_REG_RA = MIPS_REG_31, 244 | 245 | MIPS_REG_HI0 = MIPS_REG_AC0, 246 | MIPS_REG_HI1 = MIPS_REG_AC1, 247 | MIPS_REG_HI2 = MIPS_REG_AC2, 248 | MIPS_REG_HI3 = MIPS_REG_AC3, 249 | 250 | MIPS_REG_LO0 = MIPS_REG_HI0, 251 | MIPS_REG_LO1 = MIPS_REG_HI1, 252 | MIPS_REG_LO2 = MIPS_REG_HI2, 253 | MIPS_REG_LO3 = MIPS_REG_HI3, 254 | } mips_reg; 255 | 256 | //> MIPS instruction 257 | typedef enum mips_insn { 258 | MIPS_INS_INVALID = 0, 259 | 260 | MIPS_INS_ABSQ_S, 261 | MIPS_INS_ADD, 262 | MIPS_INS_ADDIUPC, 263 | MIPS_INS_ADDQH, 264 | MIPS_INS_ADDQH_R, 265 | MIPS_INS_ADDQ, 266 | MIPS_INS_ADDQ_S, 267 | MIPS_INS_ADDSC, 268 | MIPS_INS_ADDS_A, 269 | MIPS_INS_ADDS_S, 270 | MIPS_INS_ADDS_U, 271 | MIPS_INS_ADDUH, 272 | MIPS_INS_ADDUH_R, 273 | MIPS_INS_ADDU, 274 | MIPS_INS_ADDU_S, 275 | MIPS_INS_ADDVI, 276 | MIPS_INS_ADDV, 277 | MIPS_INS_ADDWC, 278 | MIPS_INS_ADD_A, 279 | MIPS_INS_ADDI, 280 | MIPS_INS_ADDIU, 281 | MIPS_INS_ALIGN, 282 | MIPS_INS_ALUIPC, 283 | MIPS_INS_AND, 284 | MIPS_INS_ANDI, 285 | MIPS_INS_APPEND, 286 | MIPS_INS_ASUB_S, 287 | MIPS_INS_ASUB_U, 288 | MIPS_INS_AUI, 289 | MIPS_INS_AUIPC, 290 | MIPS_INS_AVER_S, 291 | MIPS_INS_AVER_U, 292 | MIPS_INS_AVE_S, 293 | MIPS_INS_AVE_U, 294 | MIPS_INS_BADDU, 295 | MIPS_INS_BAL, 296 | MIPS_INS_BALC, 297 | MIPS_INS_BALIGN, 298 | MIPS_INS_BC, 299 | MIPS_INS_BC0F, 300 | MIPS_INS_BC0FL, 301 | MIPS_INS_BC0T, 302 | MIPS_INS_BC0TL, 303 | MIPS_INS_BC1EQZ, 304 | MIPS_INS_BC1F, 305 | MIPS_INS_BC1FL, 306 | MIPS_INS_BC1NEZ, 307 | MIPS_INS_BC1T, 308 | MIPS_INS_BC1TL, 309 | MIPS_INS_BC2EQZ, 310 | MIPS_INS_BC2F, 311 | MIPS_INS_BC2FL, 312 | MIPS_INS_BC2NEZ, 313 | MIPS_INS_BC2T, 314 | MIPS_INS_BC2TL, 315 | MIPS_INS_BC3F, 316 | MIPS_INS_BC3FL, 317 | MIPS_INS_BC3T, 318 | MIPS_INS_BC3TL, 319 | MIPS_INS_BCLRI, 320 | MIPS_INS_BCLR, 321 | MIPS_INS_BEQ, 322 | MIPS_INS_BEQC, 323 | MIPS_INS_BEQL, 324 | MIPS_INS_BEQZALC, 325 | MIPS_INS_BEQZC, 326 | MIPS_INS_BGEC, 327 | MIPS_INS_BGEUC, 328 | MIPS_INS_BGEZ, 329 | MIPS_INS_BGEZAL, 330 | MIPS_INS_BGEZALC, 331 | MIPS_INS_BGEZALL, 332 | MIPS_INS_BGEZALS, 333 | MIPS_INS_BGEZC, 334 | MIPS_INS_BGEZL, 335 | MIPS_INS_BGTZ, 336 | MIPS_INS_BGTZALC, 337 | MIPS_INS_BGTZC, 338 | MIPS_INS_BGTZL, 339 | MIPS_INS_BINSLI, 340 | MIPS_INS_BINSL, 341 | MIPS_INS_BINSRI, 342 | MIPS_INS_BINSR, 343 | MIPS_INS_BITREV, 344 | MIPS_INS_BITSWAP, 345 | MIPS_INS_BLEZ, 346 | MIPS_INS_BLEZALC, 347 | MIPS_INS_BLEZC, 348 | MIPS_INS_BLEZL, 349 | MIPS_INS_BLTC, 350 | MIPS_INS_BLTUC, 351 | MIPS_INS_BLTZ, 352 | MIPS_INS_BLTZAL, 353 | MIPS_INS_BLTZALC, 354 | MIPS_INS_BLTZALL, 355 | MIPS_INS_BLTZALS, 356 | MIPS_INS_BLTZC, 357 | MIPS_INS_BLTZL, 358 | MIPS_INS_BMNZI, 359 | MIPS_INS_BMNZ, 360 | MIPS_INS_BMZI, 361 | MIPS_INS_BMZ, 362 | MIPS_INS_BNE, 363 | MIPS_INS_BNEC, 364 | MIPS_INS_BNEGI, 365 | MIPS_INS_BNEG, 366 | MIPS_INS_BNEL, 367 | MIPS_INS_BNEZALC, 368 | MIPS_INS_BNEZC, 369 | MIPS_INS_BNVC, 370 | MIPS_INS_BNZ, 371 | MIPS_INS_BOVC, 372 | MIPS_INS_BPOSGE32, 373 | MIPS_INS_BREAK, 374 | MIPS_INS_BSELI, 375 | MIPS_INS_BSEL, 376 | MIPS_INS_BSETI, 377 | MIPS_INS_BSET, 378 | MIPS_INS_BZ, 379 | MIPS_INS_BEQZ, 380 | MIPS_INS_B, 381 | MIPS_INS_BNEZ, 382 | MIPS_INS_BTEQZ, 383 | MIPS_INS_BTNEZ, 384 | MIPS_INS_CACHE, 385 | MIPS_INS_CEIL, 386 | MIPS_INS_CEQI, 387 | MIPS_INS_CEQ, 388 | MIPS_INS_CFC1, 389 | MIPS_INS_CFCMSA, 390 | MIPS_INS_CINS, 391 | MIPS_INS_CINS32, 392 | MIPS_INS_CLASS, 393 | MIPS_INS_CLEI_S, 394 | MIPS_INS_CLEI_U, 395 | MIPS_INS_CLE_S, 396 | MIPS_INS_CLE_U, 397 | MIPS_INS_CLO, 398 | MIPS_INS_CLTI_S, 399 | MIPS_INS_CLTI_U, 400 | MIPS_INS_CLT_S, 401 | MIPS_INS_CLT_U, 402 | MIPS_INS_CLZ, 403 | MIPS_INS_CMPGDU, 404 | MIPS_INS_CMPGU, 405 | MIPS_INS_CMPU, 406 | MIPS_INS_CMP, 407 | MIPS_INS_COPY_S, 408 | MIPS_INS_COPY_U, 409 | MIPS_INS_CTC1, 410 | MIPS_INS_CTCMSA, 411 | MIPS_INS_CVT, 412 | MIPS_INS_C, 413 | MIPS_INS_CMPI, 414 | MIPS_INS_DADD, 415 | MIPS_INS_DADDI, 416 | MIPS_INS_DADDIU, 417 | MIPS_INS_DADDU, 418 | MIPS_INS_DAHI, 419 | MIPS_INS_DALIGN, 420 | MIPS_INS_DATI, 421 | MIPS_INS_DAUI, 422 | MIPS_INS_DBITSWAP, 423 | MIPS_INS_DCLO, 424 | MIPS_INS_DCLZ, 425 | MIPS_INS_DDIV, 426 | MIPS_INS_DDIVU, 427 | MIPS_INS_DERET, 428 | MIPS_INS_DEXT, 429 | MIPS_INS_DEXTM, 430 | MIPS_INS_DEXTU, 431 | MIPS_INS_DI, 432 | MIPS_INS_DINS, 433 | MIPS_INS_DINSM, 434 | MIPS_INS_DINSU, 435 | MIPS_INS_DIV, 436 | MIPS_INS_DIVU, 437 | MIPS_INS_DIV_S, 438 | MIPS_INS_DIV_U, 439 | MIPS_INS_DLSA, 440 | MIPS_INS_DMFC0, 441 | MIPS_INS_DMFC1, 442 | MIPS_INS_DMFC2, 443 | MIPS_INS_DMOD, 444 | MIPS_INS_DMODU, 445 | MIPS_INS_DMTC0, 446 | MIPS_INS_DMTC1, 447 | MIPS_INS_DMTC2, 448 | MIPS_INS_DMUH, 449 | MIPS_INS_DMUHU, 450 | MIPS_INS_DMUL, 451 | MIPS_INS_DMULT, 452 | MIPS_INS_DMULTU, 453 | MIPS_INS_DMULU, 454 | MIPS_INS_DOTP_S, 455 | MIPS_INS_DOTP_U, 456 | MIPS_INS_DPADD_S, 457 | MIPS_INS_DPADD_U, 458 | MIPS_INS_DPAQX_SA, 459 | MIPS_INS_DPAQX_S, 460 | MIPS_INS_DPAQ_SA, 461 | MIPS_INS_DPAQ_S, 462 | MIPS_INS_DPAU, 463 | MIPS_INS_DPAX, 464 | MIPS_INS_DPA, 465 | MIPS_INS_DPOP, 466 | MIPS_INS_DPSQX_SA, 467 | MIPS_INS_DPSQX_S, 468 | MIPS_INS_DPSQ_SA, 469 | MIPS_INS_DPSQ_S, 470 | MIPS_INS_DPSUB_S, 471 | MIPS_INS_DPSUB_U, 472 | MIPS_INS_DPSU, 473 | MIPS_INS_DPSX, 474 | MIPS_INS_DPS, 475 | MIPS_INS_DROTR, 476 | MIPS_INS_DROTR32, 477 | MIPS_INS_DROTRV, 478 | MIPS_INS_DSBH, 479 | MIPS_INS_DSHD, 480 | MIPS_INS_DSLL, 481 | MIPS_INS_DSLL32, 482 | MIPS_INS_DSLLV, 483 | MIPS_INS_DSRA, 484 | MIPS_INS_DSRA32, 485 | MIPS_INS_DSRAV, 486 | MIPS_INS_DSRL, 487 | MIPS_INS_DSRL32, 488 | MIPS_INS_DSRLV, 489 | MIPS_INS_DSUB, 490 | MIPS_INS_DSUBU, 491 | MIPS_INS_EHB, 492 | MIPS_INS_EI, 493 | MIPS_INS_ERET, 494 | MIPS_INS_EXT, 495 | MIPS_INS_EXTP, 496 | MIPS_INS_EXTPDP, 497 | MIPS_INS_EXTPDPV, 498 | MIPS_INS_EXTPV, 499 | MIPS_INS_EXTRV_RS, 500 | MIPS_INS_EXTRV_R, 501 | MIPS_INS_EXTRV_S, 502 | MIPS_INS_EXTRV, 503 | MIPS_INS_EXTR_RS, 504 | MIPS_INS_EXTR_R, 505 | MIPS_INS_EXTR_S, 506 | MIPS_INS_EXTR, 507 | MIPS_INS_EXTS, 508 | MIPS_INS_EXTS32, 509 | MIPS_INS_ABS, 510 | MIPS_INS_FADD, 511 | MIPS_INS_FCAF, 512 | MIPS_INS_FCEQ, 513 | MIPS_INS_FCLASS, 514 | MIPS_INS_FCLE, 515 | MIPS_INS_FCLT, 516 | MIPS_INS_FCNE, 517 | MIPS_INS_FCOR, 518 | MIPS_INS_FCUEQ, 519 | MIPS_INS_FCULE, 520 | MIPS_INS_FCULT, 521 | MIPS_INS_FCUNE, 522 | MIPS_INS_FCUN, 523 | MIPS_INS_FDIV, 524 | MIPS_INS_FEXDO, 525 | MIPS_INS_FEXP2, 526 | MIPS_INS_FEXUPL, 527 | MIPS_INS_FEXUPR, 528 | MIPS_INS_FFINT_S, 529 | MIPS_INS_FFINT_U, 530 | MIPS_INS_FFQL, 531 | MIPS_INS_FFQR, 532 | MIPS_INS_FILL, 533 | MIPS_INS_FLOG2, 534 | MIPS_INS_FLOOR, 535 | MIPS_INS_FMADD, 536 | MIPS_INS_FMAX_A, 537 | MIPS_INS_FMAX, 538 | MIPS_INS_FMIN_A, 539 | MIPS_INS_FMIN, 540 | MIPS_INS_MOV, 541 | MIPS_INS_FMSUB, 542 | MIPS_INS_FMUL, 543 | MIPS_INS_MUL, 544 | MIPS_INS_NEG, 545 | MIPS_INS_FRCP, 546 | MIPS_INS_FRINT, 547 | MIPS_INS_FRSQRT, 548 | MIPS_INS_FSAF, 549 | MIPS_INS_FSEQ, 550 | MIPS_INS_FSLE, 551 | MIPS_INS_FSLT, 552 | MIPS_INS_FSNE, 553 | MIPS_INS_FSOR, 554 | MIPS_INS_FSQRT, 555 | MIPS_INS_SQRT, 556 | MIPS_INS_FSUB, 557 | MIPS_INS_SUB, 558 | MIPS_INS_FSUEQ, 559 | MIPS_INS_FSULE, 560 | MIPS_INS_FSULT, 561 | MIPS_INS_FSUNE, 562 | MIPS_INS_FSUN, 563 | MIPS_INS_FTINT_S, 564 | MIPS_INS_FTINT_U, 565 | MIPS_INS_FTQ, 566 | MIPS_INS_FTRUNC_S, 567 | MIPS_INS_FTRUNC_U, 568 | MIPS_INS_HADD_S, 569 | MIPS_INS_HADD_U, 570 | MIPS_INS_HSUB_S, 571 | MIPS_INS_HSUB_U, 572 | MIPS_INS_ILVEV, 573 | MIPS_INS_ILVL, 574 | MIPS_INS_ILVOD, 575 | MIPS_INS_ILVR, 576 | MIPS_INS_INS, 577 | MIPS_INS_INSERT, 578 | MIPS_INS_INSV, 579 | MIPS_INS_INSVE, 580 | MIPS_INS_J, 581 | MIPS_INS_JAL, 582 | MIPS_INS_JALR, 583 | MIPS_INS_JALRS, 584 | MIPS_INS_JALS, 585 | MIPS_INS_JALX, 586 | MIPS_INS_JIALC, 587 | MIPS_INS_JIC, 588 | MIPS_INS_JR, 589 | MIPS_INS_JRADDIUSP, 590 | MIPS_INS_JRC, 591 | MIPS_INS_JALRC, 592 | MIPS_INS_LB, 593 | MIPS_INS_LBUX, 594 | MIPS_INS_LBU, 595 | MIPS_INS_LD, 596 | MIPS_INS_LDC1, 597 | MIPS_INS_LDC2, 598 | MIPS_INS_LDC3, 599 | MIPS_INS_LDI, 600 | MIPS_INS_LDL, 601 | MIPS_INS_LDPC, 602 | MIPS_INS_LDR, 603 | MIPS_INS_LDXC1, 604 | MIPS_INS_LH, 605 | MIPS_INS_LHX, 606 | MIPS_INS_LHU, 607 | MIPS_INS_LL, 608 | MIPS_INS_LLD, 609 | MIPS_INS_LSA, 610 | MIPS_INS_LUXC1, 611 | MIPS_INS_LUI, 612 | MIPS_INS_LW, 613 | MIPS_INS_LWC1, 614 | MIPS_INS_LWC2, 615 | MIPS_INS_LWC3, 616 | MIPS_INS_LWL, 617 | MIPS_INS_LWPC, 618 | MIPS_INS_LWR, 619 | MIPS_INS_LWUPC, 620 | MIPS_INS_LWU, 621 | MIPS_INS_LWX, 622 | MIPS_INS_LWXC1, 623 | MIPS_INS_LI, 624 | MIPS_INS_MADD, 625 | MIPS_INS_MADDF, 626 | MIPS_INS_MADDR_Q, 627 | MIPS_INS_MADDU, 628 | MIPS_INS_MADDV, 629 | MIPS_INS_MADD_Q, 630 | MIPS_INS_MAQ_SA, 631 | MIPS_INS_MAQ_S, 632 | MIPS_INS_MAXA, 633 | MIPS_INS_MAXI_S, 634 | MIPS_INS_MAXI_U, 635 | MIPS_INS_MAX_A, 636 | MIPS_INS_MAX, 637 | MIPS_INS_MAX_S, 638 | MIPS_INS_MAX_U, 639 | MIPS_INS_MFC0, 640 | MIPS_INS_MFC1, 641 | MIPS_INS_MFC2, 642 | MIPS_INS_MFHC1, 643 | MIPS_INS_MFHI, 644 | MIPS_INS_MFLO, 645 | MIPS_INS_MINA, 646 | MIPS_INS_MINI_S, 647 | MIPS_INS_MINI_U, 648 | MIPS_INS_MIN_A, 649 | MIPS_INS_MIN, 650 | MIPS_INS_MIN_S, 651 | MIPS_INS_MIN_U, 652 | MIPS_INS_MOD, 653 | MIPS_INS_MODSUB, 654 | MIPS_INS_MODU, 655 | MIPS_INS_MOD_S, 656 | MIPS_INS_MOD_U, 657 | MIPS_INS_MOVE, 658 | MIPS_INS_MOVF, 659 | MIPS_INS_MOVN, 660 | MIPS_INS_MOVT, 661 | MIPS_INS_MOVZ, 662 | MIPS_INS_MSUB, 663 | MIPS_INS_MSUBF, 664 | MIPS_INS_MSUBR_Q, 665 | MIPS_INS_MSUBU, 666 | MIPS_INS_MSUBV, 667 | MIPS_INS_MSUB_Q, 668 | MIPS_INS_MTC0, 669 | MIPS_INS_MTC1, 670 | MIPS_INS_MTC2, 671 | MIPS_INS_MTHC1, 672 | MIPS_INS_MTHI, 673 | MIPS_INS_MTHLIP, 674 | MIPS_INS_MTLO, 675 | MIPS_INS_MTM0, 676 | MIPS_INS_MTM1, 677 | MIPS_INS_MTM2, 678 | MIPS_INS_MTP0, 679 | MIPS_INS_MTP1, 680 | MIPS_INS_MTP2, 681 | MIPS_INS_MUH, 682 | MIPS_INS_MUHU, 683 | MIPS_INS_MULEQ_S, 684 | MIPS_INS_MULEU_S, 685 | MIPS_INS_MULQ_RS, 686 | MIPS_INS_MULQ_S, 687 | MIPS_INS_MULR_Q, 688 | MIPS_INS_MULSAQ_S, 689 | MIPS_INS_MULSA, 690 | MIPS_INS_MULT, 691 | MIPS_INS_MULTU, 692 | MIPS_INS_MULU, 693 | MIPS_INS_MULV, 694 | MIPS_INS_MUL_Q, 695 | MIPS_INS_MUL_S, 696 | MIPS_INS_NLOC, 697 | MIPS_INS_NLZC, 698 | MIPS_INS_NMADD, 699 | MIPS_INS_NMSUB, 700 | MIPS_INS_NOR, 701 | MIPS_INS_NORI, 702 | MIPS_INS_NOT, 703 | MIPS_INS_OR, 704 | MIPS_INS_ORI, 705 | MIPS_INS_PACKRL, 706 | MIPS_INS_PAUSE, 707 | MIPS_INS_PCKEV, 708 | MIPS_INS_PCKOD, 709 | MIPS_INS_PCNT, 710 | MIPS_INS_PICK, 711 | MIPS_INS_POP, 712 | MIPS_INS_PRECEQU, 713 | MIPS_INS_PRECEQ, 714 | MIPS_INS_PRECEU, 715 | MIPS_INS_PRECRQU_S, 716 | MIPS_INS_PRECRQ, 717 | MIPS_INS_PRECRQ_RS, 718 | MIPS_INS_PRECR, 719 | MIPS_INS_PRECR_SRA, 720 | MIPS_INS_PRECR_SRA_R, 721 | MIPS_INS_PREF, 722 | MIPS_INS_PREPEND, 723 | MIPS_INS_RADDU, 724 | MIPS_INS_RDDSP, 725 | MIPS_INS_RDHWR, 726 | MIPS_INS_REPLV, 727 | MIPS_INS_REPL, 728 | MIPS_INS_RINT, 729 | MIPS_INS_ROTR, 730 | MIPS_INS_ROTRV, 731 | MIPS_INS_ROUND, 732 | MIPS_INS_SAT_S, 733 | MIPS_INS_SAT_U, 734 | MIPS_INS_SB, 735 | MIPS_INS_SC, 736 | MIPS_INS_SCD, 737 | MIPS_INS_SD, 738 | MIPS_INS_SDBBP, 739 | MIPS_INS_SDC1, 740 | MIPS_INS_SDC2, 741 | MIPS_INS_SDC3, 742 | MIPS_INS_SDL, 743 | MIPS_INS_SDR, 744 | MIPS_INS_SDXC1, 745 | MIPS_INS_SEB, 746 | MIPS_INS_SEH, 747 | MIPS_INS_SELEQZ, 748 | MIPS_INS_SELNEZ, 749 | MIPS_INS_SEL, 750 | MIPS_INS_SEQ, 751 | MIPS_INS_SEQI, 752 | MIPS_INS_SH, 753 | MIPS_INS_SHF, 754 | MIPS_INS_SHILO, 755 | MIPS_INS_SHILOV, 756 | MIPS_INS_SHLLV, 757 | MIPS_INS_SHLLV_S, 758 | MIPS_INS_SHLL, 759 | MIPS_INS_SHLL_S, 760 | MIPS_INS_SHRAV, 761 | MIPS_INS_SHRAV_R, 762 | MIPS_INS_SHRA, 763 | MIPS_INS_SHRA_R, 764 | MIPS_INS_SHRLV, 765 | MIPS_INS_SHRL, 766 | MIPS_INS_SLDI, 767 | MIPS_INS_SLD, 768 | MIPS_INS_SLL, 769 | MIPS_INS_SLLI, 770 | MIPS_INS_SLLV, 771 | MIPS_INS_SLT, 772 | MIPS_INS_SLTI, 773 | MIPS_INS_SLTIU, 774 | MIPS_INS_SLTU, 775 | MIPS_INS_SNE, 776 | MIPS_INS_SNEI, 777 | MIPS_INS_SPLATI, 778 | MIPS_INS_SPLAT, 779 | MIPS_INS_SRA, 780 | MIPS_INS_SRAI, 781 | MIPS_INS_SRARI, 782 | MIPS_INS_SRAR, 783 | MIPS_INS_SRAV, 784 | MIPS_INS_SRL, 785 | MIPS_INS_SRLI, 786 | MIPS_INS_SRLRI, 787 | MIPS_INS_SRLR, 788 | MIPS_INS_SRLV, 789 | MIPS_INS_SSNOP, 790 | MIPS_INS_ST, 791 | MIPS_INS_SUBQH, 792 | MIPS_INS_SUBQH_R, 793 | MIPS_INS_SUBQ, 794 | MIPS_INS_SUBQ_S, 795 | MIPS_INS_SUBSUS_U, 796 | MIPS_INS_SUBSUU_S, 797 | MIPS_INS_SUBS_S, 798 | MIPS_INS_SUBS_U, 799 | MIPS_INS_SUBUH, 800 | MIPS_INS_SUBUH_R, 801 | MIPS_INS_SUBU, 802 | MIPS_INS_SUBU_S, 803 | MIPS_INS_SUBVI, 804 | MIPS_INS_SUBV, 805 | MIPS_INS_SUXC1, 806 | MIPS_INS_SW, 807 | MIPS_INS_SWC1, 808 | MIPS_INS_SWC2, 809 | MIPS_INS_SWC3, 810 | MIPS_INS_SWL, 811 | MIPS_INS_SWR, 812 | MIPS_INS_SWXC1, 813 | MIPS_INS_SYNC, 814 | MIPS_INS_SYSCALL, 815 | MIPS_INS_TEQ, 816 | MIPS_INS_TEQI, 817 | MIPS_INS_TGE, 818 | MIPS_INS_TGEI, 819 | MIPS_INS_TGEIU, 820 | MIPS_INS_TGEU, 821 | MIPS_INS_TLBP, 822 | MIPS_INS_TLBR, 823 | MIPS_INS_TLBWI, 824 | MIPS_INS_TLBWR, 825 | MIPS_INS_TLT, 826 | MIPS_INS_TLTI, 827 | MIPS_INS_TLTIU, 828 | MIPS_INS_TLTU, 829 | MIPS_INS_TNE, 830 | MIPS_INS_TNEI, 831 | MIPS_INS_TRUNC, 832 | MIPS_INS_V3MULU, 833 | MIPS_INS_VMM0, 834 | MIPS_INS_VMULU, 835 | MIPS_INS_VSHF, 836 | MIPS_INS_WAIT, 837 | MIPS_INS_WRDSP, 838 | MIPS_INS_WSBH, 839 | MIPS_INS_XOR, 840 | MIPS_INS_XORI, 841 | 842 | //> some alias instructions 843 | MIPS_INS_NOP, 844 | MIPS_INS_NEGU, 845 | 846 | //> special instructions 847 | MIPS_INS_JALR_HB, // jump and link with Hazard Barrier 848 | MIPS_INS_JR_HB, // jump register with Hazard Barrier 849 | 850 | MIPS_INS_ENDING, 851 | } mips_insn; 852 | 853 | //> Group of MIPS instructions 854 | typedef enum mips_insn_group { 855 | MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID 856 | 857 | //> Generic groups 858 | // all jump instructions (conditional+direct+indirect jumps) 859 | MIPS_GRP_JUMP, // = CS_GRP_JUMP 860 | 861 | //> Architecture-specific groups 862 | MIPS_GRP_BITCOUNT = 128, 863 | MIPS_GRP_DSP, 864 | MIPS_GRP_DSPR2, 865 | MIPS_GRP_FPIDX, 866 | MIPS_GRP_MSA, 867 | MIPS_GRP_MIPS32R2, 868 | MIPS_GRP_MIPS64, 869 | MIPS_GRP_MIPS64R2, 870 | MIPS_GRP_SEINREG, 871 | MIPS_GRP_STDENC, 872 | MIPS_GRP_SWAP, 873 | MIPS_GRP_MICROMIPS, 874 | MIPS_GRP_MIPS16MODE, 875 | MIPS_GRP_FP64BIT, 876 | MIPS_GRP_NONANSFPMATH, 877 | MIPS_GRP_NOTFP64BIT, 878 | MIPS_GRP_NOTINMICROMIPS, 879 | MIPS_GRP_NOTNACL, 880 | MIPS_GRP_NOTMIPS32R6, 881 | MIPS_GRP_NOTMIPS64R6, 882 | MIPS_GRP_CNMIPS, 883 | MIPS_GRP_MIPS32, 884 | MIPS_GRP_MIPS32R6, 885 | MIPS_GRP_MIPS64R6, 886 | MIPS_GRP_MIPS2, 887 | MIPS_GRP_MIPS3, 888 | MIPS_GRP_MIPS3_32, 889 | MIPS_GRP_MIPS3_32R2, 890 | MIPS_GRP_MIPS4_32, 891 | MIPS_GRP_MIPS4_32R2, 892 | MIPS_GRP_MIPS5_32R2, 893 | MIPS_GRP_GP32BIT, 894 | MIPS_GRP_GP64BIT, 895 | 896 | MIPS_GRP_ENDING, 897 | } mips_insn_group; 898 | 899 | #ifdef __cplusplus 900 | } 901 | #endif 902 | 903 | #endif 904 | -------------------------------------------------------------------------------- /capstone/include/platform.h: -------------------------------------------------------------------------------- 1 | /* Capstone Disassembly Engine */ 2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */ 3 | 4 | // handle C99 issue (for pre-2013 VisualStudio) 5 | #ifndef CAPSTONE_PLATFORM_H 6 | #define CAPSTONE_PLATFORM_H 7 | 8 | #if !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64)) 9 | // MSVC 10 | 11 | // stdbool.h 12 | #if (_MSC_VER < 1800) 13 | #ifndef __cplusplus 14 | typedef unsigned char bool; 15 | #define false 0 16 | #define true 1 17 | #endif 18 | 19 | #else 20 | // VisualStudio 2013+ -> C99 is supported 21 | #include 22 | #endif 23 | 24 | #else // not MSVC -> C99 is supported 25 | #include 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /capstone/include/ppc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_PPC_H 2 | #define CAPSTONE_PPC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2013-2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> PPC branch codes for some branch instructions 19 | typedef enum ppc_bc { 20 | PPC_BC_INVALID = 0, 21 | PPC_BC_LT = (0 << 5) | 12, 22 | PPC_BC_LE = (1 << 5) | 4, 23 | PPC_BC_EQ = (2 << 5) | 12, 24 | PPC_BC_GE = (0 << 5) | 4, 25 | PPC_BC_GT = (1 << 5) | 12, 26 | PPC_BC_NE = (2 << 5) | 4, 27 | PPC_BC_UN = (3 << 5) | 12, 28 | PPC_BC_NU = (3 << 5) | 4, 29 | 30 | // extra conditions 31 | PPC_BC_SO = (4 << 5) | 12, // summary overflow 32 | PPC_BC_NS = (4 << 5) | 4, // not summary overflow 33 | } ppc_bc; 34 | 35 | //> PPC branch hint for some branch instructions 36 | typedef enum ppc_bh { 37 | PPC_BH_INVALID = 0, // no hint 38 | PPC_BH_PLUS, // PLUS hint 39 | PPC_BH_MINUS, // MINUS hint 40 | } ppc_bh; 41 | 42 | //> Operand type for instruction's operands 43 | typedef enum ppc_op_type { 44 | PPC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 45 | PPC_OP_REG, // = CS_OP_REG (Register operand). 46 | PPC_OP_IMM, // = CS_OP_IMM (Immediate operand). 47 | PPC_OP_MEM, // = CS_OP_MEM (Memory operand). 48 | PPC_OP_CRX = 64, // Condition Register field 49 | } ppc_op_type; 50 | 51 | // Instruction's operand referring to memory 52 | // This is associated with PPC_OP_MEM operand type above 53 | typedef struct ppc_op_mem { 54 | unsigned int base; // base register 55 | int32_t disp; // displacement/offset value 56 | } ppc_op_mem; 57 | 58 | typedef struct ppc_op_crx { 59 | unsigned int scale; 60 | unsigned int reg; 61 | ppc_bc cond; 62 | } ppc_op_crx; 63 | 64 | // Instruction operand 65 | typedef struct cs_ppc_op { 66 | ppc_op_type type; // operand type 67 | union { 68 | unsigned int reg; // register value for REG operand 69 | int32_t imm; // immediate value for IMM operand 70 | ppc_op_mem mem; // base/disp value for MEM operand 71 | ppc_op_crx crx; // operand with condition register 72 | }; 73 | } cs_ppc_op; 74 | 75 | // Instruction structure 76 | typedef struct cs_ppc { 77 | // branch code for branch instructions 78 | ppc_bc bc; 79 | 80 | // branch hint for branch instructions 81 | ppc_bh bh; 82 | 83 | // if update_cr0 = True, then this 'dot' insn updates CR0 84 | bool update_cr0; 85 | 86 | // Number of operands of this instruction, 87 | // or 0 when instruction has no operand. 88 | uint8_t op_count; 89 | cs_ppc_op operands[8]; // operands for this instruction. 90 | } cs_ppc; 91 | 92 | //> PPC registers 93 | typedef enum ppc_reg { 94 | PPC_REG_INVALID = 0, 95 | 96 | PPC_REG_CARRY, 97 | PPC_REG_CC, 98 | PPC_REG_CR0, 99 | PPC_REG_CR1, 100 | PPC_REG_CR2, 101 | PPC_REG_CR3, 102 | PPC_REG_CR4, 103 | PPC_REG_CR5, 104 | PPC_REG_CR6, 105 | PPC_REG_CR7, 106 | PPC_REG_CTR, 107 | PPC_REG_F0, 108 | PPC_REG_F1, 109 | PPC_REG_F2, 110 | PPC_REG_F3, 111 | PPC_REG_F4, 112 | PPC_REG_F5, 113 | PPC_REG_F6, 114 | PPC_REG_F7, 115 | PPC_REG_F8, 116 | PPC_REG_F9, 117 | PPC_REG_F10, 118 | PPC_REG_F11, 119 | PPC_REG_F12, 120 | PPC_REG_F13, 121 | PPC_REG_F14, 122 | PPC_REG_F15, 123 | PPC_REG_F16, 124 | PPC_REG_F17, 125 | PPC_REG_F18, 126 | PPC_REG_F19, 127 | PPC_REG_F20, 128 | PPC_REG_F21, 129 | PPC_REG_F22, 130 | PPC_REG_F23, 131 | PPC_REG_F24, 132 | PPC_REG_F25, 133 | PPC_REG_F26, 134 | PPC_REG_F27, 135 | PPC_REG_F28, 136 | PPC_REG_F29, 137 | PPC_REG_F30, 138 | PPC_REG_F31, 139 | PPC_REG_LR, 140 | PPC_REG_R0, 141 | PPC_REG_R1, 142 | PPC_REG_R2, 143 | PPC_REG_R3, 144 | PPC_REG_R4, 145 | PPC_REG_R5, 146 | PPC_REG_R6, 147 | PPC_REG_R7, 148 | PPC_REG_R8, 149 | PPC_REG_R9, 150 | PPC_REG_R10, 151 | PPC_REG_R11, 152 | PPC_REG_R12, 153 | PPC_REG_R13, 154 | PPC_REG_R14, 155 | PPC_REG_R15, 156 | PPC_REG_R16, 157 | PPC_REG_R17, 158 | PPC_REG_R18, 159 | PPC_REG_R19, 160 | PPC_REG_R20, 161 | PPC_REG_R21, 162 | PPC_REG_R22, 163 | PPC_REG_R23, 164 | PPC_REG_R24, 165 | PPC_REG_R25, 166 | PPC_REG_R26, 167 | PPC_REG_R27, 168 | PPC_REG_R28, 169 | PPC_REG_R29, 170 | PPC_REG_R30, 171 | PPC_REG_R31, 172 | PPC_REG_V0, 173 | PPC_REG_V1, 174 | PPC_REG_V2, 175 | PPC_REG_V3, 176 | PPC_REG_V4, 177 | PPC_REG_V5, 178 | PPC_REG_V6, 179 | PPC_REG_V7, 180 | PPC_REG_V8, 181 | PPC_REG_V9, 182 | PPC_REG_V10, 183 | PPC_REG_V11, 184 | PPC_REG_V12, 185 | PPC_REG_V13, 186 | PPC_REG_V14, 187 | PPC_REG_V15, 188 | PPC_REG_V16, 189 | PPC_REG_V17, 190 | PPC_REG_V18, 191 | PPC_REG_V19, 192 | PPC_REG_V20, 193 | PPC_REG_V21, 194 | PPC_REG_V22, 195 | PPC_REG_V23, 196 | PPC_REG_V24, 197 | PPC_REG_V25, 198 | PPC_REG_V26, 199 | PPC_REG_V27, 200 | PPC_REG_V28, 201 | PPC_REG_V29, 202 | PPC_REG_V30, 203 | PPC_REG_V31, 204 | PPC_REG_VRSAVE, 205 | PPC_REG_VS0, 206 | PPC_REG_VS1, 207 | PPC_REG_VS2, 208 | PPC_REG_VS3, 209 | PPC_REG_VS4, 210 | PPC_REG_VS5, 211 | PPC_REG_VS6, 212 | PPC_REG_VS7, 213 | PPC_REG_VS8, 214 | PPC_REG_VS9, 215 | PPC_REG_VS10, 216 | PPC_REG_VS11, 217 | PPC_REG_VS12, 218 | PPC_REG_VS13, 219 | PPC_REG_VS14, 220 | PPC_REG_VS15, 221 | PPC_REG_VS16, 222 | PPC_REG_VS17, 223 | PPC_REG_VS18, 224 | PPC_REG_VS19, 225 | PPC_REG_VS20, 226 | PPC_REG_VS21, 227 | PPC_REG_VS22, 228 | PPC_REG_VS23, 229 | PPC_REG_VS24, 230 | PPC_REG_VS25, 231 | PPC_REG_VS26, 232 | PPC_REG_VS27, 233 | PPC_REG_VS28, 234 | PPC_REG_VS29, 235 | PPC_REG_VS30, 236 | PPC_REG_VS31, 237 | PPC_REG_VS32, 238 | PPC_REG_VS33, 239 | PPC_REG_VS34, 240 | PPC_REG_VS35, 241 | PPC_REG_VS36, 242 | PPC_REG_VS37, 243 | PPC_REG_VS38, 244 | PPC_REG_VS39, 245 | PPC_REG_VS40, 246 | PPC_REG_VS41, 247 | PPC_REG_VS42, 248 | PPC_REG_VS43, 249 | PPC_REG_VS44, 250 | PPC_REG_VS45, 251 | PPC_REG_VS46, 252 | PPC_REG_VS47, 253 | PPC_REG_VS48, 254 | PPC_REG_VS49, 255 | PPC_REG_VS50, 256 | PPC_REG_VS51, 257 | PPC_REG_VS52, 258 | PPC_REG_VS53, 259 | PPC_REG_VS54, 260 | PPC_REG_VS55, 261 | PPC_REG_VS56, 262 | PPC_REG_VS57, 263 | PPC_REG_VS58, 264 | PPC_REG_VS59, 265 | PPC_REG_VS60, 266 | PPC_REG_VS61, 267 | PPC_REG_VS62, 268 | PPC_REG_VS63, 269 | 270 | // extra registers for PPCMapping.c 271 | PPC_REG_RM, 272 | PPC_REG_CTR8, 273 | PPC_REG_LR8, 274 | PPC_REG_CR1EQ, 275 | 276 | PPC_REG_ENDING, // <-- mark the end of the list of registers 277 | } ppc_reg; 278 | 279 | //> PPC instruction 280 | typedef enum ppc_insn { 281 | PPC_INS_INVALID = 0, 282 | 283 | PPC_INS_ADD, 284 | PPC_INS_ADDC, 285 | PPC_INS_ADDE, 286 | PPC_INS_ADDI, 287 | PPC_INS_ADDIC, 288 | PPC_INS_ADDIS, 289 | PPC_INS_ADDME, 290 | PPC_INS_ADDZE, 291 | PPC_INS_AND, 292 | PPC_INS_ANDC, 293 | PPC_INS_ANDIS, 294 | PPC_INS_ANDI, 295 | PPC_INS_B, 296 | PPC_INS_BA, 297 | PPC_INS_BC, 298 | PPC_INS_BCCTR, 299 | PPC_INS_BCCTRL, 300 | PPC_INS_BCL, 301 | PPC_INS_BCLR, 302 | PPC_INS_BCLRL, 303 | PPC_INS_BCTR, 304 | PPC_INS_BCTRL, 305 | PPC_INS_BDNZ, 306 | PPC_INS_BDNZA, 307 | PPC_INS_BDNZL, 308 | PPC_INS_BDNZLA, 309 | PPC_INS_BDNZLR, 310 | PPC_INS_BDNZLRL, 311 | PPC_INS_BDZ, 312 | PPC_INS_BDZA, 313 | PPC_INS_BDZL, 314 | PPC_INS_BDZLA, 315 | PPC_INS_BDZLR, 316 | PPC_INS_BDZLRL, 317 | PPC_INS_BL, 318 | PPC_INS_BLA, 319 | PPC_INS_BLR, 320 | PPC_INS_BLRL, 321 | PPC_INS_BRINC, 322 | PPC_INS_CMPD, 323 | PPC_INS_CMPDI, 324 | PPC_INS_CMPLD, 325 | PPC_INS_CMPLDI, 326 | PPC_INS_CMPLW, 327 | PPC_INS_CMPLWI, 328 | PPC_INS_CMPW, 329 | PPC_INS_CMPWI, 330 | PPC_INS_CNTLZD, 331 | PPC_INS_CNTLZW, 332 | PPC_INS_CREQV, 333 | PPC_INS_CRXOR, 334 | PPC_INS_CRAND, 335 | PPC_INS_CRANDC, 336 | PPC_INS_CRNAND, 337 | PPC_INS_CRNOR, 338 | PPC_INS_CROR, 339 | PPC_INS_CRORC, 340 | PPC_INS_DCBA, 341 | PPC_INS_DCBF, 342 | PPC_INS_DCBI, 343 | PPC_INS_DCBST, 344 | PPC_INS_DCBT, 345 | PPC_INS_DCBTST, 346 | PPC_INS_DCBZ, 347 | PPC_INS_DCBZL, 348 | PPC_INS_DCCCI, 349 | PPC_INS_DIVD, 350 | PPC_INS_DIVDU, 351 | PPC_INS_DIVW, 352 | PPC_INS_DIVWU, 353 | PPC_INS_DSS, 354 | PPC_INS_DSSALL, 355 | PPC_INS_DST, 356 | PPC_INS_DSTST, 357 | PPC_INS_DSTSTT, 358 | PPC_INS_DSTT, 359 | PPC_INS_EIEIO, 360 | PPC_INS_EQV, 361 | PPC_INS_EVABS, 362 | PPC_INS_EVADDIW, 363 | PPC_INS_EVADDSMIAAW, 364 | PPC_INS_EVADDSSIAAW, 365 | PPC_INS_EVADDUMIAAW, 366 | PPC_INS_EVADDUSIAAW, 367 | PPC_INS_EVADDW, 368 | PPC_INS_EVAND, 369 | PPC_INS_EVANDC, 370 | PPC_INS_EVCMPEQ, 371 | PPC_INS_EVCMPGTS, 372 | PPC_INS_EVCMPGTU, 373 | PPC_INS_EVCMPLTS, 374 | PPC_INS_EVCMPLTU, 375 | PPC_INS_EVCNTLSW, 376 | PPC_INS_EVCNTLZW, 377 | PPC_INS_EVDIVWS, 378 | PPC_INS_EVDIVWU, 379 | PPC_INS_EVEQV, 380 | PPC_INS_EVEXTSB, 381 | PPC_INS_EVEXTSH, 382 | PPC_INS_EVLDD, 383 | PPC_INS_EVLDDX, 384 | PPC_INS_EVLDH, 385 | PPC_INS_EVLDHX, 386 | PPC_INS_EVLDW, 387 | PPC_INS_EVLDWX, 388 | PPC_INS_EVLHHESPLAT, 389 | PPC_INS_EVLHHESPLATX, 390 | PPC_INS_EVLHHOSSPLAT, 391 | PPC_INS_EVLHHOSSPLATX, 392 | PPC_INS_EVLHHOUSPLAT, 393 | PPC_INS_EVLHHOUSPLATX, 394 | PPC_INS_EVLWHE, 395 | PPC_INS_EVLWHEX, 396 | PPC_INS_EVLWHOS, 397 | PPC_INS_EVLWHOSX, 398 | PPC_INS_EVLWHOU, 399 | PPC_INS_EVLWHOUX, 400 | PPC_INS_EVLWHSPLAT, 401 | PPC_INS_EVLWHSPLATX, 402 | PPC_INS_EVLWWSPLAT, 403 | PPC_INS_EVLWWSPLATX, 404 | PPC_INS_EVMERGEHI, 405 | PPC_INS_EVMERGEHILO, 406 | PPC_INS_EVMERGELO, 407 | PPC_INS_EVMERGELOHI, 408 | PPC_INS_EVMHEGSMFAA, 409 | PPC_INS_EVMHEGSMFAN, 410 | PPC_INS_EVMHEGSMIAA, 411 | PPC_INS_EVMHEGSMIAN, 412 | PPC_INS_EVMHEGUMIAA, 413 | PPC_INS_EVMHEGUMIAN, 414 | PPC_INS_EVMHESMF, 415 | PPC_INS_EVMHESMFA, 416 | PPC_INS_EVMHESMFAAW, 417 | PPC_INS_EVMHESMFANW, 418 | PPC_INS_EVMHESMI, 419 | PPC_INS_EVMHESMIA, 420 | PPC_INS_EVMHESMIAAW, 421 | PPC_INS_EVMHESMIANW, 422 | PPC_INS_EVMHESSF, 423 | PPC_INS_EVMHESSFA, 424 | PPC_INS_EVMHESSFAAW, 425 | PPC_INS_EVMHESSFANW, 426 | PPC_INS_EVMHESSIAAW, 427 | PPC_INS_EVMHESSIANW, 428 | PPC_INS_EVMHEUMI, 429 | PPC_INS_EVMHEUMIA, 430 | PPC_INS_EVMHEUMIAAW, 431 | PPC_INS_EVMHEUMIANW, 432 | PPC_INS_EVMHEUSIAAW, 433 | PPC_INS_EVMHEUSIANW, 434 | PPC_INS_EVMHOGSMFAA, 435 | PPC_INS_EVMHOGSMFAN, 436 | PPC_INS_EVMHOGSMIAA, 437 | PPC_INS_EVMHOGSMIAN, 438 | PPC_INS_EVMHOGUMIAA, 439 | PPC_INS_EVMHOGUMIAN, 440 | PPC_INS_EVMHOSMF, 441 | PPC_INS_EVMHOSMFA, 442 | PPC_INS_EVMHOSMFAAW, 443 | PPC_INS_EVMHOSMFANW, 444 | PPC_INS_EVMHOSMI, 445 | PPC_INS_EVMHOSMIA, 446 | PPC_INS_EVMHOSMIAAW, 447 | PPC_INS_EVMHOSMIANW, 448 | PPC_INS_EVMHOSSF, 449 | PPC_INS_EVMHOSSFA, 450 | PPC_INS_EVMHOSSFAAW, 451 | PPC_INS_EVMHOSSFANW, 452 | PPC_INS_EVMHOSSIAAW, 453 | PPC_INS_EVMHOSSIANW, 454 | PPC_INS_EVMHOUMI, 455 | PPC_INS_EVMHOUMIA, 456 | PPC_INS_EVMHOUMIAAW, 457 | PPC_INS_EVMHOUMIANW, 458 | PPC_INS_EVMHOUSIAAW, 459 | PPC_INS_EVMHOUSIANW, 460 | PPC_INS_EVMRA, 461 | PPC_INS_EVMWHSMF, 462 | PPC_INS_EVMWHSMFA, 463 | PPC_INS_EVMWHSMI, 464 | PPC_INS_EVMWHSMIA, 465 | PPC_INS_EVMWHSSF, 466 | PPC_INS_EVMWHSSFA, 467 | PPC_INS_EVMWHUMI, 468 | PPC_INS_EVMWHUMIA, 469 | PPC_INS_EVMWLSMIAAW, 470 | PPC_INS_EVMWLSMIANW, 471 | PPC_INS_EVMWLSSIAAW, 472 | PPC_INS_EVMWLSSIANW, 473 | PPC_INS_EVMWLUMI, 474 | PPC_INS_EVMWLUMIA, 475 | PPC_INS_EVMWLUMIAAW, 476 | PPC_INS_EVMWLUMIANW, 477 | PPC_INS_EVMWLUSIAAW, 478 | PPC_INS_EVMWLUSIANW, 479 | PPC_INS_EVMWSMF, 480 | PPC_INS_EVMWSMFA, 481 | PPC_INS_EVMWSMFAA, 482 | PPC_INS_EVMWSMFAN, 483 | PPC_INS_EVMWSMI, 484 | PPC_INS_EVMWSMIA, 485 | PPC_INS_EVMWSMIAA, 486 | PPC_INS_EVMWSMIAN, 487 | PPC_INS_EVMWSSF, 488 | PPC_INS_EVMWSSFA, 489 | PPC_INS_EVMWSSFAA, 490 | PPC_INS_EVMWSSFAN, 491 | PPC_INS_EVMWUMI, 492 | PPC_INS_EVMWUMIA, 493 | PPC_INS_EVMWUMIAA, 494 | PPC_INS_EVMWUMIAN, 495 | PPC_INS_EVNAND, 496 | PPC_INS_EVNEG, 497 | PPC_INS_EVNOR, 498 | PPC_INS_EVOR, 499 | PPC_INS_EVORC, 500 | PPC_INS_EVRLW, 501 | PPC_INS_EVRLWI, 502 | PPC_INS_EVRNDW, 503 | PPC_INS_EVSLW, 504 | PPC_INS_EVSLWI, 505 | PPC_INS_EVSPLATFI, 506 | PPC_INS_EVSPLATI, 507 | PPC_INS_EVSRWIS, 508 | PPC_INS_EVSRWIU, 509 | PPC_INS_EVSRWS, 510 | PPC_INS_EVSRWU, 511 | PPC_INS_EVSTDD, 512 | PPC_INS_EVSTDDX, 513 | PPC_INS_EVSTDH, 514 | PPC_INS_EVSTDHX, 515 | PPC_INS_EVSTDW, 516 | PPC_INS_EVSTDWX, 517 | PPC_INS_EVSTWHE, 518 | PPC_INS_EVSTWHEX, 519 | PPC_INS_EVSTWHO, 520 | PPC_INS_EVSTWHOX, 521 | PPC_INS_EVSTWWE, 522 | PPC_INS_EVSTWWEX, 523 | PPC_INS_EVSTWWO, 524 | PPC_INS_EVSTWWOX, 525 | PPC_INS_EVSUBFSMIAAW, 526 | PPC_INS_EVSUBFSSIAAW, 527 | PPC_INS_EVSUBFUMIAAW, 528 | PPC_INS_EVSUBFUSIAAW, 529 | PPC_INS_EVSUBFW, 530 | PPC_INS_EVSUBIFW, 531 | PPC_INS_EVXOR, 532 | PPC_INS_EXTSB, 533 | PPC_INS_EXTSH, 534 | PPC_INS_EXTSW, 535 | PPC_INS_FABS, 536 | PPC_INS_FADD, 537 | PPC_INS_FADDS, 538 | PPC_INS_FCFID, 539 | PPC_INS_FCFIDS, 540 | PPC_INS_FCFIDU, 541 | PPC_INS_FCFIDUS, 542 | PPC_INS_FCMPU, 543 | PPC_INS_FCPSGN, 544 | PPC_INS_FCTID, 545 | PPC_INS_FCTIDUZ, 546 | PPC_INS_FCTIDZ, 547 | PPC_INS_FCTIW, 548 | PPC_INS_FCTIWUZ, 549 | PPC_INS_FCTIWZ, 550 | PPC_INS_FDIV, 551 | PPC_INS_FDIVS, 552 | PPC_INS_FMADD, 553 | PPC_INS_FMADDS, 554 | PPC_INS_FMR, 555 | PPC_INS_FMSUB, 556 | PPC_INS_FMSUBS, 557 | PPC_INS_FMUL, 558 | PPC_INS_FMULS, 559 | PPC_INS_FNABS, 560 | PPC_INS_FNEG, 561 | PPC_INS_FNMADD, 562 | PPC_INS_FNMADDS, 563 | PPC_INS_FNMSUB, 564 | PPC_INS_FNMSUBS, 565 | PPC_INS_FRE, 566 | PPC_INS_FRES, 567 | PPC_INS_FRIM, 568 | PPC_INS_FRIN, 569 | PPC_INS_FRIP, 570 | PPC_INS_FRIZ, 571 | PPC_INS_FRSP, 572 | PPC_INS_FRSQRTE, 573 | PPC_INS_FRSQRTES, 574 | PPC_INS_FSEL, 575 | PPC_INS_FSQRT, 576 | PPC_INS_FSQRTS, 577 | PPC_INS_FSUB, 578 | PPC_INS_FSUBS, 579 | PPC_INS_ICBI, 580 | PPC_INS_ICCCI, 581 | PPC_INS_ISEL, 582 | PPC_INS_ISYNC, 583 | PPC_INS_LA, 584 | PPC_INS_LBZ, 585 | PPC_INS_LBZU, 586 | PPC_INS_LBZUX, 587 | PPC_INS_LBZX, 588 | PPC_INS_LD, 589 | PPC_INS_LDARX, 590 | PPC_INS_LDBRX, 591 | PPC_INS_LDU, 592 | PPC_INS_LDUX, 593 | PPC_INS_LDX, 594 | PPC_INS_LFD, 595 | PPC_INS_LFDU, 596 | PPC_INS_LFDUX, 597 | PPC_INS_LFDX, 598 | PPC_INS_LFIWAX, 599 | PPC_INS_LFIWZX, 600 | PPC_INS_LFS, 601 | PPC_INS_LFSU, 602 | PPC_INS_LFSUX, 603 | PPC_INS_LFSX, 604 | PPC_INS_LHA, 605 | PPC_INS_LHAU, 606 | PPC_INS_LHAUX, 607 | PPC_INS_LHAX, 608 | PPC_INS_LHBRX, 609 | PPC_INS_LHZ, 610 | PPC_INS_LHZU, 611 | PPC_INS_LHZUX, 612 | PPC_INS_LHZX, 613 | PPC_INS_LI, 614 | PPC_INS_LIS, 615 | PPC_INS_LMW, 616 | PPC_INS_LSWI, 617 | PPC_INS_LVEBX, 618 | PPC_INS_LVEHX, 619 | PPC_INS_LVEWX, 620 | PPC_INS_LVSL, 621 | PPC_INS_LVSR, 622 | PPC_INS_LVX, 623 | PPC_INS_LVXL, 624 | PPC_INS_LWA, 625 | PPC_INS_LWARX, 626 | PPC_INS_LWAUX, 627 | PPC_INS_LWAX, 628 | PPC_INS_LWBRX, 629 | PPC_INS_LWZ, 630 | PPC_INS_LWZU, 631 | PPC_INS_LWZUX, 632 | PPC_INS_LWZX, 633 | PPC_INS_LXSDX, 634 | PPC_INS_LXVD2X, 635 | PPC_INS_LXVDSX, 636 | PPC_INS_LXVW4X, 637 | PPC_INS_MBAR, 638 | PPC_INS_MCRF, 639 | PPC_INS_MFCR, 640 | PPC_INS_MFCTR, 641 | PPC_INS_MFDCR, 642 | PPC_INS_MFFS, 643 | PPC_INS_MFLR, 644 | PPC_INS_MFMSR, 645 | PPC_INS_MFOCRF, 646 | PPC_INS_MFSPR, 647 | PPC_INS_MFSR, 648 | PPC_INS_MFSRIN, 649 | PPC_INS_MFTB, 650 | PPC_INS_MFVSCR, 651 | PPC_INS_MSYNC, 652 | PPC_INS_MTCRF, 653 | PPC_INS_MTCTR, 654 | PPC_INS_MTDCR, 655 | PPC_INS_MTFSB0, 656 | PPC_INS_MTFSB1, 657 | PPC_INS_MTFSF, 658 | PPC_INS_MTLR, 659 | PPC_INS_MTMSR, 660 | PPC_INS_MTMSRD, 661 | PPC_INS_MTOCRF, 662 | PPC_INS_MTSPR, 663 | PPC_INS_MTSR, 664 | PPC_INS_MTSRIN, 665 | PPC_INS_MTVSCR, 666 | PPC_INS_MULHD, 667 | PPC_INS_MULHDU, 668 | PPC_INS_MULHW, 669 | PPC_INS_MULHWU, 670 | PPC_INS_MULLD, 671 | PPC_INS_MULLI, 672 | PPC_INS_MULLW, 673 | PPC_INS_NAND, 674 | PPC_INS_NEG, 675 | PPC_INS_NOP, 676 | PPC_INS_ORI, 677 | PPC_INS_NOR, 678 | PPC_INS_OR, 679 | PPC_INS_ORC, 680 | PPC_INS_ORIS, 681 | PPC_INS_POPCNTD, 682 | PPC_INS_POPCNTW, 683 | PPC_INS_RFCI, 684 | PPC_INS_RFDI, 685 | PPC_INS_RFI, 686 | PPC_INS_RFID, 687 | PPC_INS_RFMCI, 688 | PPC_INS_RLDCL, 689 | PPC_INS_RLDCR, 690 | PPC_INS_RLDIC, 691 | PPC_INS_RLDICL, 692 | PPC_INS_RLDICR, 693 | PPC_INS_RLDIMI, 694 | PPC_INS_RLWIMI, 695 | PPC_INS_RLWINM, 696 | PPC_INS_RLWNM, 697 | PPC_INS_SC, 698 | PPC_INS_SLBIA, 699 | PPC_INS_SLBIE, 700 | PPC_INS_SLBMFEE, 701 | PPC_INS_SLBMTE, 702 | PPC_INS_SLD, 703 | PPC_INS_SLW, 704 | PPC_INS_SRAD, 705 | PPC_INS_SRADI, 706 | PPC_INS_SRAW, 707 | PPC_INS_SRAWI, 708 | PPC_INS_SRD, 709 | PPC_INS_SRW, 710 | PPC_INS_STB, 711 | PPC_INS_STBU, 712 | PPC_INS_STBUX, 713 | PPC_INS_STBX, 714 | PPC_INS_STD, 715 | PPC_INS_STDBRX, 716 | PPC_INS_STDCX, 717 | PPC_INS_STDU, 718 | PPC_INS_STDUX, 719 | PPC_INS_STDX, 720 | PPC_INS_STFD, 721 | PPC_INS_STFDU, 722 | PPC_INS_STFDUX, 723 | PPC_INS_STFDX, 724 | PPC_INS_STFIWX, 725 | PPC_INS_STFS, 726 | PPC_INS_STFSU, 727 | PPC_INS_STFSUX, 728 | PPC_INS_STFSX, 729 | PPC_INS_STH, 730 | PPC_INS_STHBRX, 731 | PPC_INS_STHU, 732 | PPC_INS_STHUX, 733 | PPC_INS_STHX, 734 | PPC_INS_STMW, 735 | PPC_INS_STSWI, 736 | PPC_INS_STVEBX, 737 | PPC_INS_STVEHX, 738 | PPC_INS_STVEWX, 739 | PPC_INS_STVX, 740 | PPC_INS_STVXL, 741 | PPC_INS_STW, 742 | PPC_INS_STWBRX, 743 | PPC_INS_STWCX, 744 | PPC_INS_STWU, 745 | PPC_INS_STWUX, 746 | PPC_INS_STWX, 747 | PPC_INS_STXSDX, 748 | PPC_INS_STXVD2X, 749 | PPC_INS_STXVW4X, 750 | PPC_INS_SUBF, 751 | PPC_INS_SUBFC, 752 | PPC_INS_SUBFE, 753 | PPC_INS_SUBFIC, 754 | PPC_INS_SUBFME, 755 | PPC_INS_SUBFZE, 756 | PPC_INS_SYNC, 757 | PPC_INS_TD, 758 | PPC_INS_TDI, 759 | PPC_INS_TLBIA, 760 | PPC_INS_TLBIE, 761 | PPC_INS_TLBIEL, 762 | PPC_INS_TLBIVAX, 763 | PPC_INS_TLBLD, 764 | PPC_INS_TLBLI, 765 | PPC_INS_TLBRE, 766 | PPC_INS_TLBSX, 767 | PPC_INS_TLBSYNC, 768 | PPC_INS_TLBWE, 769 | PPC_INS_TRAP, 770 | PPC_INS_TW, 771 | PPC_INS_TWI, 772 | PPC_INS_VADDCUW, 773 | PPC_INS_VADDFP, 774 | PPC_INS_VADDSBS, 775 | PPC_INS_VADDSHS, 776 | PPC_INS_VADDSWS, 777 | PPC_INS_VADDUBM, 778 | PPC_INS_VADDUBS, 779 | PPC_INS_VADDUHM, 780 | PPC_INS_VADDUHS, 781 | PPC_INS_VADDUWM, 782 | PPC_INS_VADDUWS, 783 | PPC_INS_VAND, 784 | PPC_INS_VANDC, 785 | PPC_INS_VAVGSB, 786 | PPC_INS_VAVGSH, 787 | PPC_INS_VAVGSW, 788 | PPC_INS_VAVGUB, 789 | PPC_INS_VAVGUH, 790 | PPC_INS_VAVGUW, 791 | PPC_INS_VCFSX, 792 | PPC_INS_VCFUX, 793 | PPC_INS_VCMPBFP, 794 | PPC_INS_VCMPEQFP, 795 | PPC_INS_VCMPEQUB, 796 | PPC_INS_VCMPEQUH, 797 | PPC_INS_VCMPEQUW, 798 | PPC_INS_VCMPGEFP, 799 | PPC_INS_VCMPGTFP, 800 | PPC_INS_VCMPGTSB, 801 | PPC_INS_VCMPGTSH, 802 | PPC_INS_VCMPGTSW, 803 | PPC_INS_VCMPGTUB, 804 | PPC_INS_VCMPGTUH, 805 | PPC_INS_VCMPGTUW, 806 | PPC_INS_VCTSXS, 807 | PPC_INS_VCTUXS, 808 | PPC_INS_VEXPTEFP, 809 | PPC_INS_VLOGEFP, 810 | PPC_INS_VMADDFP, 811 | PPC_INS_VMAXFP, 812 | PPC_INS_VMAXSB, 813 | PPC_INS_VMAXSH, 814 | PPC_INS_VMAXSW, 815 | PPC_INS_VMAXUB, 816 | PPC_INS_VMAXUH, 817 | PPC_INS_VMAXUW, 818 | PPC_INS_VMHADDSHS, 819 | PPC_INS_VMHRADDSHS, 820 | PPC_INS_VMINFP, 821 | PPC_INS_VMINSB, 822 | PPC_INS_VMINSH, 823 | PPC_INS_VMINSW, 824 | PPC_INS_VMINUB, 825 | PPC_INS_VMINUH, 826 | PPC_INS_VMINUW, 827 | PPC_INS_VMLADDUHM, 828 | PPC_INS_VMRGHB, 829 | PPC_INS_VMRGHH, 830 | PPC_INS_VMRGHW, 831 | PPC_INS_VMRGLB, 832 | PPC_INS_VMRGLH, 833 | PPC_INS_VMRGLW, 834 | PPC_INS_VMSUMMBM, 835 | PPC_INS_VMSUMSHM, 836 | PPC_INS_VMSUMSHS, 837 | PPC_INS_VMSUMUBM, 838 | PPC_INS_VMSUMUHM, 839 | PPC_INS_VMSUMUHS, 840 | PPC_INS_VMULESB, 841 | PPC_INS_VMULESH, 842 | PPC_INS_VMULEUB, 843 | PPC_INS_VMULEUH, 844 | PPC_INS_VMULOSB, 845 | PPC_INS_VMULOSH, 846 | PPC_INS_VMULOUB, 847 | PPC_INS_VMULOUH, 848 | PPC_INS_VNMSUBFP, 849 | PPC_INS_VNOR, 850 | PPC_INS_VOR, 851 | PPC_INS_VPERM, 852 | PPC_INS_VPKPX, 853 | PPC_INS_VPKSHSS, 854 | PPC_INS_VPKSHUS, 855 | PPC_INS_VPKSWSS, 856 | PPC_INS_VPKSWUS, 857 | PPC_INS_VPKUHUM, 858 | PPC_INS_VPKUHUS, 859 | PPC_INS_VPKUWUM, 860 | PPC_INS_VPKUWUS, 861 | PPC_INS_VREFP, 862 | PPC_INS_VRFIM, 863 | PPC_INS_VRFIN, 864 | PPC_INS_VRFIP, 865 | PPC_INS_VRFIZ, 866 | PPC_INS_VRLB, 867 | PPC_INS_VRLH, 868 | PPC_INS_VRLW, 869 | PPC_INS_VRSQRTEFP, 870 | PPC_INS_VSEL, 871 | PPC_INS_VSL, 872 | PPC_INS_VSLB, 873 | PPC_INS_VSLDOI, 874 | PPC_INS_VSLH, 875 | PPC_INS_VSLO, 876 | PPC_INS_VSLW, 877 | PPC_INS_VSPLTB, 878 | PPC_INS_VSPLTH, 879 | PPC_INS_VSPLTISB, 880 | PPC_INS_VSPLTISH, 881 | PPC_INS_VSPLTISW, 882 | PPC_INS_VSPLTW, 883 | PPC_INS_VSR, 884 | PPC_INS_VSRAB, 885 | PPC_INS_VSRAH, 886 | PPC_INS_VSRAW, 887 | PPC_INS_VSRB, 888 | PPC_INS_VSRH, 889 | PPC_INS_VSRO, 890 | PPC_INS_VSRW, 891 | PPC_INS_VSUBCUW, 892 | PPC_INS_VSUBFP, 893 | PPC_INS_VSUBSBS, 894 | PPC_INS_VSUBSHS, 895 | PPC_INS_VSUBSWS, 896 | PPC_INS_VSUBUBM, 897 | PPC_INS_VSUBUBS, 898 | PPC_INS_VSUBUHM, 899 | PPC_INS_VSUBUHS, 900 | PPC_INS_VSUBUWM, 901 | PPC_INS_VSUBUWS, 902 | PPC_INS_VSUM2SWS, 903 | PPC_INS_VSUM4SBS, 904 | PPC_INS_VSUM4SHS, 905 | PPC_INS_VSUM4UBS, 906 | PPC_INS_VSUMSWS, 907 | PPC_INS_VUPKHPX, 908 | PPC_INS_VUPKHSB, 909 | PPC_INS_VUPKHSH, 910 | PPC_INS_VUPKLPX, 911 | PPC_INS_VUPKLSB, 912 | PPC_INS_VUPKLSH, 913 | PPC_INS_VXOR, 914 | PPC_INS_WAIT, 915 | PPC_INS_WRTEE, 916 | PPC_INS_WRTEEI, 917 | PPC_INS_XOR, 918 | PPC_INS_XORI, 919 | PPC_INS_XORIS, 920 | PPC_INS_XSABSDP, 921 | PPC_INS_XSADDDP, 922 | PPC_INS_XSCMPODP, 923 | PPC_INS_XSCMPUDP, 924 | PPC_INS_XSCPSGNDP, 925 | PPC_INS_XSCVDPSP, 926 | PPC_INS_XSCVDPSXDS, 927 | PPC_INS_XSCVDPSXWS, 928 | PPC_INS_XSCVDPUXDS, 929 | PPC_INS_XSCVDPUXWS, 930 | PPC_INS_XSCVSPDP, 931 | PPC_INS_XSCVSXDDP, 932 | PPC_INS_XSCVUXDDP, 933 | PPC_INS_XSDIVDP, 934 | PPC_INS_XSMADDADP, 935 | PPC_INS_XSMADDMDP, 936 | PPC_INS_XSMAXDP, 937 | PPC_INS_XSMINDP, 938 | PPC_INS_XSMSUBADP, 939 | PPC_INS_XSMSUBMDP, 940 | PPC_INS_XSMULDP, 941 | PPC_INS_XSNABSDP, 942 | PPC_INS_XSNEGDP, 943 | PPC_INS_XSNMADDADP, 944 | PPC_INS_XSNMADDMDP, 945 | PPC_INS_XSNMSUBADP, 946 | PPC_INS_XSNMSUBMDP, 947 | PPC_INS_XSRDPI, 948 | PPC_INS_XSRDPIC, 949 | PPC_INS_XSRDPIM, 950 | PPC_INS_XSRDPIP, 951 | PPC_INS_XSRDPIZ, 952 | PPC_INS_XSREDP, 953 | PPC_INS_XSRSQRTEDP, 954 | PPC_INS_XSSQRTDP, 955 | PPC_INS_XSSUBDP, 956 | PPC_INS_XSTDIVDP, 957 | PPC_INS_XSTSQRTDP, 958 | PPC_INS_XVABSDP, 959 | PPC_INS_XVABSSP, 960 | PPC_INS_XVADDDP, 961 | PPC_INS_XVADDSP, 962 | PPC_INS_XVCMPEQDP, 963 | PPC_INS_XVCMPEQSP, 964 | PPC_INS_XVCMPGEDP, 965 | PPC_INS_XVCMPGESP, 966 | PPC_INS_XVCMPGTDP, 967 | PPC_INS_XVCMPGTSP, 968 | PPC_INS_XVCPSGNDP, 969 | PPC_INS_XVCPSGNSP, 970 | PPC_INS_XVCVDPSP, 971 | PPC_INS_XVCVDPSXDS, 972 | PPC_INS_XVCVDPSXWS, 973 | PPC_INS_XVCVDPUXDS, 974 | PPC_INS_XVCVDPUXWS, 975 | PPC_INS_XVCVSPDP, 976 | PPC_INS_XVCVSPSXDS, 977 | PPC_INS_XVCVSPSXWS, 978 | PPC_INS_XVCVSPUXDS, 979 | PPC_INS_XVCVSPUXWS, 980 | PPC_INS_XVCVSXDDP, 981 | PPC_INS_XVCVSXDSP, 982 | PPC_INS_XVCVSXWDP, 983 | PPC_INS_XVCVSXWSP, 984 | PPC_INS_XVCVUXDDP, 985 | PPC_INS_XVCVUXDSP, 986 | PPC_INS_XVCVUXWDP, 987 | PPC_INS_XVCVUXWSP, 988 | PPC_INS_XVDIVDP, 989 | PPC_INS_XVDIVSP, 990 | PPC_INS_XVMADDADP, 991 | PPC_INS_XVMADDASP, 992 | PPC_INS_XVMADDMDP, 993 | PPC_INS_XVMADDMSP, 994 | PPC_INS_XVMAXDP, 995 | PPC_INS_XVMAXSP, 996 | PPC_INS_XVMINDP, 997 | PPC_INS_XVMINSP, 998 | PPC_INS_XVMSUBADP, 999 | PPC_INS_XVMSUBASP, 1000 | PPC_INS_XVMSUBMDP, 1001 | PPC_INS_XVMSUBMSP, 1002 | PPC_INS_XVMULDP, 1003 | PPC_INS_XVMULSP, 1004 | PPC_INS_XVNABSDP, 1005 | PPC_INS_XVNABSSP, 1006 | PPC_INS_XVNEGDP, 1007 | PPC_INS_XVNEGSP, 1008 | PPC_INS_XVNMADDADP, 1009 | PPC_INS_XVNMADDASP, 1010 | PPC_INS_XVNMADDMDP, 1011 | PPC_INS_XVNMADDMSP, 1012 | PPC_INS_XVNMSUBADP, 1013 | PPC_INS_XVNMSUBASP, 1014 | PPC_INS_XVNMSUBMDP, 1015 | PPC_INS_XVNMSUBMSP, 1016 | PPC_INS_XVRDPI, 1017 | PPC_INS_XVRDPIC, 1018 | PPC_INS_XVRDPIM, 1019 | PPC_INS_XVRDPIP, 1020 | PPC_INS_XVRDPIZ, 1021 | PPC_INS_XVREDP, 1022 | PPC_INS_XVRESP, 1023 | PPC_INS_XVRSPI, 1024 | PPC_INS_XVRSPIC, 1025 | PPC_INS_XVRSPIM, 1026 | PPC_INS_XVRSPIP, 1027 | PPC_INS_XVRSPIZ, 1028 | PPC_INS_XVRSQRTEDP, 1029 | PPC_INS_XVRSQRTESP, 1030 | PPC_INS_XVSQRTDP, 1031 | PPC_INS_XVSQRTSP, 1032 | PPC_INS_XVSUBDP, 1033 | PPC_INS_XVSUBSP, 1034 | PPC_INS_XVTDIVDP, 1035 | PPC_INS_XVTDIVSP, 1036 | PPC_INS_XVTSQRTDP, 1037 | PPC_INS_XVTSQRTSP, 1038 | PPC_INS_XXLAND, 1039 | PPC_INS_XXLANDC, 1040 | PPC_INS_XXLNOR, 1041 | PPC_INS_XXLOR, 1042 | PPC_INS_XXLXOR, 1043 | PPC_INS_XXMRGHW, 1044 | PPC_INS_XXMRGLW, 1045 | PPC_INS_XXPERMDI, 1046 | PPC_INS_XXSEL, 1047 | PPC_INS_XXSLDWI, 1048 | PPC_INS_XXSPLTW, 1049 | PPC_INS_BCA, 1050 | PPC_INS_BCLA, 1051 | 1052 | // extra & alias instructions 1053 | PPC_INS_SLWI, 1054 | PPC_INS_SRWI, 1055 | PPC_INS_SLDI, 1056 | 1057 | PPC_INS_BTA, 1058 | PPC_INS_CRSET, 1059 | PPC_INS_CRNOT, 1060 | PPC_INS_CRMOVE, 1061 | PPC_INS_CRCLR, 1062 | PPC_INS_MFBR0, 1063 | PPC_INS_MFBR1, 1064 | PPC_INS_MFBR2, 1065 | PPC_INS_MFBR3, 1066 | PPC_INS_MFBR4, 1067 | PPC_INS_MFBR5, 1068 | PPC_INS_MFBR6, 1069 | PPC_INS_MFBR7, 1070 | PPC_INS_MFXER, 1071 | PPC_INS_MFRTCU, 1072 | PPC_INS_MFRTCL, 1073 | PPC_INS_MFDSCR, 1074 | PPC_INS_MFDSISR, 1075 | PPC_INS_MFDAR, 1076 | PPC_INS_MFSRR2, 1077 | PPC_INS_MFSRR3, 1078 | PPC_INS_MFCFAR, 1079 | PPC_INS_MFAMR, 1080 | PPC_INS_MFPID, 1081 | PPC_INS_MFTBLO, 1082 | PPC_INS_MFTBHI, 1083 | PPC_INS_MFDBATU, 1084 | PPC_INS_MFDBATL, 1085 | PPC_INS_MFIBATU, 1086 | PPC_INS_MFIBATL, 1087 | PPC_INS_MFDCCR, 1088 | PPC_INS_MFICCR, 1089 | PPC_INS_MFDEAR, 1090 | PPC_INS_MFESR, 1091 | PPC_INS_MFSPEFSCR, 1092 | PPC_INS_MFTCR, 1093 | PPC_INS_MFASR, 1094 | PPC_INS_MFPVR, 1095 | PPC_INS_MFTBU, 1096 | PPC_INS_MTCR, 1097 | PPC_INS_MTBR0, 1098 | PPC_INS_MTBR1, 1099 | PPC_INS_MTBR2, 1100 | PPC_INS_MTBR3, 1101 | PPC_INS_MTBR4, 1102 | PPC_INS_MTBR5, 1103 | PPC_INS_MTBR6, 1104 | PPC_INS_MTBR7, 1105 | PPC_INS_MTXER, 1106 | PPC_INS_MTDSCR, 1107 | PPC_INS_MTDSISR, 1108 | PPC_INS_MTDAR, 1109 | PPC_INS_MTSRR2, 1110 | PPC_INS_MTSRR3, 1111 | PPC_INS_MTCFAR, 1112 | PPC_INS_MTAMR, 1113 | PPC_INS_MTPID, 1114 | PPC_INS_MTTBL, 1115 | PPC_INS_MTTBU, 1116 | PPC_INS_MTTBLO, 1117 | PPC_INS_MTTBHI, 1118 | PPC_INS_MTDBATU, 1119 | PPC_INS_MTDBATL, 1120 | PPC_INS_MTIBATU, 1121 | PPC_INS_MTIBATL, 1122 | PPC_INS_MTDCCR, 1123 | PPC_INS_MTICCR, 1124 | PPC_INS_MTDEAR, 1125 | PPC_INS_MTESR, 1126 | PPC_INS_MTSPEFSCR, 1127 | PPC_INS_MTTCR, 1128 | PPC_INS_NOT, 1129 | PPC_INS_MR, 1130 | PPC_INS_ROTLD, 1131 | PPC_INS_ROTLDI, 1132 | PPC_INS_CLRLDI, 1133 | PPC_INS_ROTLWI, 1134 | PPC_INS_CLRLWI, 1135 | PPC_INS_ROTLW, 1136 | PPC_INS_SUB, 1137 | PPC_INS_SUBC, 1138 | PPC_INS_LWSYNC, 1139 | PPC_INS_PTESYNC, 1140 | PPC_INS_TDLT, 1141 | PPC_INS_TDEQ, 1142 | PPC_INS_TDGT, 1143 | PPC_INS_TDNE, 1144 | PPC_INS_TDLLT, 1145 | PPC_INS_TDLGT, 1146 | PPC_INS_TDU, 1147 | PPC_INS_TDLTI, 1148 | PPC_INS_TDEQI, 1149 | PPC_INS_TDGTI, 1150 | PPC_INS_TDNEI, 1151 | PPC_INS_TDLLTI, 1152 | PPC_INS_TDLGTI, 1153 | PPC_INS_TDUI, 1154 | PPC_INS_TLBREHI, 1155 | PPC_INS_TLBRELO, 1156 | PPC_INS_TLBWEHI, 1157 | PPC_INS_TLBWELO, 1158 | PPC_INS_TWLT, 1159 | PPC_INS_TWEQ, 1160 | PPC_INS_TWGT, 1161 | PPC_INS_TWNE, 1162 | PPC_INS_TWLLT, 1163 | PPC_INS_TWLGT, 1164 | PPC_INS_TWU, 1165 | PPC_INS_TWLTI, 1166 | PPC_INS_TWEQI, 1167 | PPC_INS_TWGTI, 1168 | PPC_INS_TWNEI, 1169 | PPC_INS_TWLLTI, 1170 | PPC_INS_TWLGTI, 1171 | PPC_INS_TWUI, 1172 | PPC_INS_WAITRSV, 1173 | PPC_INS_WAITIMPL, 1174 | PPC_INS_XNOP, 1175 | PPC_INS_XVMOVDP, 1176 | PPC_INS_XVMOVSP, 1177 | PPC_INS_XXSPLTD, 1178 | PPC_INS_XXMRGHD, 1179 | PPC_INS_XXMRGLD, 1180 | PPC_INS_XXSWAPD, 1181 | PPC_INS_BT, 1182 | PPC_INS_BF, 1183 | PPC_INS_BDNZT, 1184 | PPC_INS_BDNZF, 1185 | PPC_INS_BDZF, 1186 | PPC_INS_BDZT, 1187 | PPC_INS_BFA, 1188 | PPC_INS_BDNZTA, 1189 | PPC_INS_BDNZFA, 1190 | PPC_INS_BDZTA, 1191 | PPC_INS_BDZFA, 1192 | PPC_INS_BTCTR, 1193 | PPC_INS_BFCTR, 1194 | PPC_INS_BTCTRL, 1195 | PPC_INS_BFCTRL, 1196 | PPC_INS_BTL, 1197 | PPC_INS_BFL, 1198 | PPC_INS_BDNZTL, 1199 | PPC_INS_BDNZFL, 1200 | PPC_INS_BDZTL, 1201 | PPC_INS_BDZFL, 1202 | PPC_INS_BTLA, 1203 | PPC_INS_BFLA, 1204 | PPC_INS_BDNZTLA, 1205 | PPC_INS_BDNZFLA, 1206 | PPC_INS_BDZTLA, 1207 | PPC_INS_BDZFLA, 1208 | PPC_INS_BTLR, 1209 | PPC_INS_BFLR, 1210 | PPC_INS_BDNZTLR, 1211 | PPC_INS_BDZTLR, 1212 | PPC_INS_BDZFLR, 1213 | PPC_INS_BTLRL, 1214 | PPC_INS_BFLRL, 1215 | PPC_INS_BDNZTLRL, 1216 | PPC_INS_BDNZFLRL, 1217 | PPC_INS_BDZTLRL, 1218 | PPC_INS_BDZFLRL, 1219 | 1220 | PPC_INS_ENDING, // <-- mark the end of the list of instructions 1221 | } ppc_insn; 1222 | 1223 | //> Group of PPC instructions 1224 | typedef enum ppc_insn_group { 1225 | PPC_GRP_INVALID = 0, // = CS_GRP_INVALID 1226 | 1227 | //> Generic groups 1228 | // all jump instructions (conditional+direct+indirect jumps) 1229 | PPC_GRP_JUMP, // = CS_GRP_JUMP 1230 | 1231 | //> Architecture-specific groups 1232 | PPC_GRP_ALTIVEC = 128, 1233 | PPC_GRP_MODE32, 1234 | PPC_GRP_MODE64, 1235 | PPC_GRP_BOOKE, 1236 | PPC_GRP_NOTBOOKE, 1237 | PPC_GRP_SPE, 1238 | PPC_GRP_VSX, 1239 | PPC_GRP_E500, 1240 | PPC_GRP_PPC4XX, 1241 | PPC_GRP_PPC6XX, 1242 | 1243 | PPC_GRP_ENDING, // <-- mark the end of the list of groups 1244 | } ppc_insn_group; 1245 | 1246 | #ifdef __cplusplus 1247 | } 1248 | #endif 1249 | 1250 | #endif 1251 | -------------------------------------------------------------------------------- /capstone/include/sparc.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SPARC_H 2 | #define CAPSTONE_SPARC_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | // GCC SPARC toolchain has a default macro called "sparc" which breaks 15 | // compilation 16 | #undef sparc 17 | 18 | #ifdef _MSC_VER 19 | #pragma warning(disable:4201) 20 | #endif 21 | 22 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's. 23 | typedef enum sparc_cc { 24 | SPARC_CC_INVALID = 0, // invalid CC (default) 25 | //> Integer condition codes 26 | SPARC_CC_ICC_A = 8+256, // Always 27 | SPARC_CC_ICC_N = 0+256, // Never 28 | SPARC_CC_ICC_NE = 9+256, // Not Equal 29 | SPARC_CC_ICC_E = 1+256, // Equal 30 | SPARC_CC_ICC_G = 10+256, // Greater 31 | SPARC_CC_ICC_LE = 2+256, // Less or Equal 32 | SPARC_CC_ICC_GE = 11+256, // Greater or Equal 33 | SPARC_CC_ICC_L = 3+256, // Less 34 | SPARC_CC_ICC_GU = 12+256, // Greater Unsigned 35 | SPARC_CC_ICC_LEU = 4+256, // Less or Equal Unsigned 36 | SPARC_CC_ICC_CC = 13+256, // Carry Clear/Great or Equal Unsigned 37 | SPARC_CC_ICC_CS = 5+256, // Carry Set/Less Unsigned 38 | SPARC_CC_ICC_POS = 14+256, // Positive 39 | SPARC_CC_ICC_NEG = 6+256, // Negative 40 | SPARC_CC_ICC_VC = 15+256, // Overflow Clear 41 | SPARC_CC_ICC_VS = 7+256, // Overflow Set 42 | 43 | //> Floating condition codes 44 | SPARC_CC_FCC_A = 8+16+256, // Always 45 | SPARC_CC_FCC_N = 0+16+256, // Never 46 | SPARC_CC_FCC_U = 7+16+256, // Unordered 47 | SPARC_CC_FCC_G = 6+16+256, // Greater 48 | SPARC_CC_FCC_UG = 5+16+256, // Unordered or Greater 49 | SPARC_CC_FCC_L = 4+16+256, // Less 50 | SPARC_CC_FCC_UL = 3+16+256, // Unordered or Less 51 | SPARC_CC_FCC_LG = 2+16+256, // Less or Greater 52 | SPARC_CC_FCC_NE = 1+16+256, // Not Equal 53 | SPARC_CC_FCC_E = 9+16+256, // Equal 54 | SPARC_CC_FCC_UE = 10+16+256, // Unordered or Equal 55 | SPARC_CC_FCC_GE = 11+16+256, // Greater or Equal 56 | SPARC_CC_FCC_UGE = 12+16+256, // Unordered or Greater or Equal 57 | SPARC_CC_FCC_LE = 13+16+256, // Less or Equal 58 | SPARC_CC_FCC_ULE = 14+16+256, // Unordered or Less or Equal 59 | SPARC_CC_FCC_O = 15+16+256, // Ordered 60 | } sparc_cc; 61 | 62 | //> Branch hint 63 | typedef enum sparc_hint { 64 | SPARC_HINT_INVALID = 0, // no hint 65 | SPARC_HINT_A = 1 << 0, // annul delay slot instruction 66 | SPARC_HINT_PT = 1 << 1, // branch taken 67 | SPARC_HINT_PN = 1 << 2, // branch NOT taken 68 | } sparc_hint; 69 | 70 | //> Operand type for instruction's operands 71 | typedef enum sparc_op_type { 72 | SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 73 | SPARC_OP_REG, // = CS_OP_REG (Register operand). 74 | SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand). 75 | SPARC_OP_MEM, // = CS_OP_MEM (Memory operand). 76 | } sparc_op_type; 77 | 78 | // Instruction's operand referring to memory 79 | // This is associated with SPARC_OP_MEM operand type above 80 | typedef struct sparc_op_mem { 81 | uint8_t base; // base register 82 | uint8_t index; // index register 83 | int32_t disp; // displacement/offset value 84 | } sparc_op_mem; 85 | 86 | // Instruction operand 87 | typedef struct cs_sparc_op { 88 | sparc_op_type type; // operand type 89 | union { 90 | unsigned int reg; // register value for REG operand 91 | int32_t imm; // immediate value for IMM operand 92 | sparc_op_mem mem; // base/disp value for MEM operand 93 | }; 94 | } cs_sparc_op; 95 | 96 | // Instruction structure 97 | typedef struct cs_sparc { 98 | sparc_cc cc; // code condition for this insn 99 | sparc_hint hint; // branch hint: encoding as bitwise OR of sparc_hint. 100 | // Number of operands of this instruction, 101 | // or 0 when instruction has no operand. 102 | uint8_t op_count; 103 | cs_sparc_op operands[4]; // operands for this instruction. 104 | } cs_sparc; 105 | 106 | //> SPARC registers 107 | typedef enum sparc_reg { 108 | SPARC_REG_INVALID = 0, 109 | 110 | SPARC_REG_F0, 111 | SPARC_REG_F1, 112 | SPARC_REG_F2, 113 | SPARC_REG_F3, 114 | SPARC_REG_F4, 115 | SPARC_REG_F5, 116 | SPARC_REG_F6, 117 | SPARC_REG_F7, 118 | SPARC_REG_F8, 119 | SPARC_REG_F9, 120 | SPARC_REG_F10, 121 | SPARC_REG_F11, 122 | SPARC_REG_F12, 123 | SPARC_REG_F13, 124 | SPARC_REG_F14, 125 | SPARC_REG_F15, 126 | SPARC_REG_F16, 127 | SPARC_REG_F17, 128 | SPARC_REG_F18, 129 | SPARC_REG_F19, 130 | SPARC_REG_F20, 131 | SPARC_REG_F21, 132 | SPARC_REG_F22, 133 | SPARC_REG_F23, 134 | SPARC_REG_F24, 135 | SPARC_REG_F25, 136 | SPARC_REG_F26, 137 | SPARC_REG_F27, 138 | SPARC_REG_F28, 139 | SPARC_REG_F29, 140 | SPARC_REG_F30, 141 | SPARC_REG_F31, 142 | SPARC_REG_F32, 143 | SPARC_REG_F34, 144 | SPARC_REG_F36, 145 | SPARC_REG_F38, 146 | SPARC_REG_F40, 147 | SPARC_REG_F42, 148 | SPARC_REG_F44, 149 | SPARC_REG_F46, 150 | SPARC_REG_F48, 151 | SPARC_REG_F50, 152 | SPARC_REG_F52, 153 | SPARC_REG_F54, 154 | SPARC_REG_F56, 155 | SPARC_REG_F58, 156 | SPARC_REG_F60, 157 | SPARC_REG_F62, 158 | SPARC_REG_FCC0, // Floating condition codes 159 | SPARC_REG_FCC1, 160 | SPARC_REG_FCC2, 161 | SPARC_REG_FCC3, 162 | SPARC_REG_FP, 163 | SPARC_REG_G0, 164 | SPARC_REG_G1, 165 | SPARC_REG_G2, 166 | SPARC_REG_G3, 167 | SPARC_REG_G4, 168 | SPARC_REG_G5, 169 | SPARC_REG_G6, 170 | SPARC_REG_G7, 171 | SPARC_REG_I0, 172 | SPARC_REG_I1, 173 | SPARC_REG_I2, 174 | SPARC_REG_I3, 175 | SPARC_REG_I4, 176 | SPARC_REG_I5, 177 | SPARC_REG_I7, 178 | SPARC_REG_ICC, // Integer condition codes 179 | SPARC_REG_L0, 180 | SPARC_REG_L1, 181 | SPARC_REG_L2, 182 | SPARC_REG_L3, 183 | SPARC_REG_L4, 184 | SPARC_REG_L5, 185 | SPARC_REG_L6, 186 | SPARC_REG_L7, 187 | SPARC_REG_O0, 188 | SPARC_REG_O1, 189 | SPARC_REG_O2, 190 | SPARC_REG_O3, 191 | SPARC_REG_O4, 192 | SPARC_REG_O5, 193 | SPARC_REG_O7, 194 | SPARC_REG_SP, 195 | SPARC_REG_Y, 196 | 197 | // special register 198 | SPARC_REG_XCC, 199 | 200 | SPARC_REG_ENDING, // <-- mark the end of the list of registers 201 | 202 | // extras 203 | SPARC_REG_O6 = SPARC_REG_SP, 204 | SPARC_REG_I6 = SPARC_REG_FP, 205 | } sparc_reg; 206 | 207 | //> SPARC instruction 208 | typedef enum sparc_insn { 209 | SPARC_INS_INVALID = 0, 210 | 211 | SPARC_INS_ADDCC, 212 | SPARC_INS_ADDX, 213 | SPARC_INS_ADDXCC, 214 | SPARC_INS_ADDXC, 215 | SPARC_INS_ADDXCCC, 216 | SPARC_INS_ADD, 217 | SPARC_INS_ALIGNADDR, 218 | SPARC_INS_ALIGNADDRL, 219 | SPARC_INS_ANDCC, 220 | SPARC_INS_ANDNCC, 221 | SPARC_INS_ANDN, 222 | SPARC_INS_AND, 223 | SPARC_INS_ARRAY16, 224 | SPARC_INS_ARRAY32, 225 | SPARC_INS_ARRAY8, 226 | SPARC_INS_B, 227 | SPARC_INS_JMP, 228 | SPARC_INS_BMASK, 229 | SPARC_INS_FB, 230 | SPARC_INS_BRGEZ, 231 | SPARC_INS_BRGZ, 232 | SPARC_INS_BRLEZ, 233 | SPARC_INS_BRLZ, 234 | SPARC_INS_BRNZ, 235 | SPARC_INS_BRZ, 236 | SPARC_INS_BSHUFFLE, 237 | SPARC_INS_CALL, 238 | SPARC_INS_CASX, 239 | SPARC_INS_CAS, 240 | SPARC_INS_CMASK16, 241 | SPARC_INS_CMASK32, 242 | SPARC_INS_CMASK8, 243 | SPARC_INS_CMP, 244 | SPARC_INS_EDGE16, 245 | SPARC_INS_EDGE16L, 246 | SPARC_INS_EDGE16LN, 247 | SPARC_INS_EDGE16N, 248 | SPARC_INS_EDGE32, 249 | SPARC_INS_EDGE32L, 250 | SPARC_INS_EDGE32LN, 251 | SPARC_INS_EDGE32N, 252 | SPARC_INS_EDGE8, 253 | SPARC_INS_EDGE8L, 254 | SPARC_INS_EDGE8LN, 255 | SPARC_INS_EDGE8N, 256 | SPARC_INS_FABSD, 257 | SPARC_INS_FABSQ, 258 | SPARC_INS_FABSS, 259 | SPARC_INS_FADDD, 260 | SPARC_INS_FADDQ, 261 | SPARC_INS_FADDS, 262 | SPARC_INS_FALIGNDATA, 263 | SPARC_INS_FAND, 264 | SPARC_INS_FANDNOT1, 265 | SPARC_INS_FANDNOT1S, 266 | SPARC_INS_FANDNOT2, 267 | SPARC_INS_FANDNOT2S, 268 | SPARC_INS_FANDS, 269 | SPARC_INS_FCHKSM16, 270 | SPARC_INS_FCMPD, 271 | SPARC_INS_FCMPEQ16, 272 | SPARC_INS_FCMPEQ32, 273 | SPARC_INS_FCMPGT16, 274 | SPARC_INS_FCMPGT32, 275 | SPARC_INS_FCMPLE16, 276 | SPARC_INS_FCMPLE32, 277 | SPARC_INS_FCMPNE16, 278 | SPARC_INS_FCMPNE32, 279 | SPARC_INS_FCMPQ, 280 | SPARC_INS_FCMPS, 281 | SPARC_INS_FDIVD, 282 | SPARC_INS_FDIVQ, 283 | SPARC_INS_FDIVS, 284 | SPARC_INS_FDMULQ, 285 | SPARC_INS_FDTOI, 286 | SPARC_INS_FDTOQ, 287 | SPARC_INS_FDTOS, 288 | SPARC_INS_FDTOX, 289 | SPARC_INS_FEXPAND, 290 | SPARC_INS_FHADDD, 291 | SPARC_INS_FHADDS, 292 | SPARC_INS_FHSUBD, 293 | SPARC_INS_FHSUBS, 294 | SPARC_INS_FITOD, 295 | SPARC_INS_FITOQ, 296 | SPARC_INS_FITOS, 297 | SPARC_INS_FLCMPD, 298 | SPARC_INS_FLCMPS, 299 | SPARC_INS_FLUSHW, 300 | SPARC_INS_FMEAN16, 301 | SPARC_INS_FMOVD, 302 | SPARC_INS_FMOVQ, 303 | SPARC_INS_FMOVRDGEZ, 304 | SPARC_INS_FMOVRQGEZ, 305 | SPARC_INS_FMOVRSGEZ, 306 | SPARC_INS_FMOVRDGZ, 307 | SPARC_INS_FMOVRQGZ, 308 | SPARC_INS_FMOVRSGZ, 309 | SPARC_INS_FMOVRDLEZ, 310 | SPARC_INS_FMOVRQLEZ, 311 | SPARC_INS_FMOVRSLEZ, 312 | SPARC_INS_FMOVRDLZ, 313 | SPARC_INS_FMOVRQLZ, 314 | SPARC_INS_FMOVRSLZ, 315 | SPARC_INS_FMOVRDNZ, 316 | SPARC_INS_FMOVRQNZ, 317 | SPARC_INS_FMOVRSNZ, 318 | SPARC_INS_FMOVRDZ, 319 | SPARC_INS_FMOVRQZ, 320 | SPARC_INS_FMOVRSZ, 321 | SPARC_INS_FMOVS, 322 | SPARC_INS_FMUL8SUX16, 323 | SPARC_INS_FMUL8ULX16, 324 | SPARC_INS_FMUL8X16, 325 | SPARC_INS_FMUL8X16AL, 326 | SPARC_INS_FMUL8X16AU, 327 | SPARC_INS_FMULD, 328 | SPARC_INS_FMULD8SUX16, 329 | SPARC_INS_FMULD8ULX16, 330 | SPARC_INS_FMULQ, 331 | SPARC_INS_FMULS, 332 | SPARC_INS_FNADDD, 333 | SPARC_INS_FNADDS, 334 | SPARC_INS_FNAND, 335 | SPARC_INS_FNANDS, 336 | SPARC_INS_FNEGD, 337 | SPARC_INS_FNEGQ, 338 | SPARC_INS_FNEGS, 339 | SPARC_INS_FNHADDD, 340 | SPARC_INS_FNHADDS, 341 | SPARC_INS_FNOR, 342 | SPARC_INS_FNORS, 343 | SPARC_INS_FNOT1, 344 | SPARC_INS_FNOT1S, 345 | SPARC_INS_FNOT2, 346 | SPARC_INS_FNOT2S, 347 | SPARC_INS_FONE, 348 | SPARC_INS_FONES, 349 | SPARC_INS_FOR, 350 | SPARC_INS_FORNOT1, 351 | SPARC_INS_FORNOT1S, 352 | SPARC_INS_FORNOT2, 353 | SPARC_INS_FORNOT2S, 354 | SPARC_INS_FORS, 355 | SPARC_INS_FPACK16, 356 | SPARC_INS_FPACK32, 357 | SPARC_INS_FPACKFIX, 358 | SPARC_INS_FPADD16, 359 | SPARC_INS_FPADD16S, 360 | SPARC_INS_FPADD32, 361 | SPARC_INS_FPADD32S, 362 | SPARC_INS_FPADD64, 363 | SPARC_INS_FPMERGE, 364 | SPARC_INS_FPSUB16, 365 | SPARC_INS_FPSUB16S, 366 | SPARC_INS_FPSUB32, 367 | SPARC_INS_FPSUB32S, 368 | SPARC_INS_FQTOD, 369 | SPARC_INS_FQTOI, 370 | SPARC_INS_FQTOS, 371 | SPARC_INS_FQTOX, 372 | SPARC_INS_FSLAS16, 373 | SPARC_INS_FSLAS32, 374 | SPARC_INS_FSLL16, 375 | SPARC_INS_FSLL32, 376 | SPARC_INS_FSMULD, 377 | SPARC_INS_FSQRTD, 378 | SPARC_INS_FSQRTQ, 379 | SPARC_INS_FSQRTS, 380 | SPARC_INS_FSRA16, 381 | SPARC_INS_FSRA32, 382 | SPARC_INS_FSRC1, 383 | SPARC_INS_FSRC1S, 384 | SPARC_INS_FSRC2, 385 | SPARC_INS_FSRC2S, 386 | SPARC_INS_FSRL16, 387 | SPARC_INS_FSRL32, 388 | SPARC_INS_FSTOD, 389 | SPARC_INS_FSTOI, 390 | SPARC_INS_FSTOQ, 391 | SPARC_INS_FSTOX, 392 | SPARC_INS_FSUBD, 393 | SPARC_INS_FSUBQ, 394 | SPARC_INS_FSUBS, 395 | SPARC_INS_FXNOR, 396 | SPARC_INS_FXNORS, 397 | SPARC_INS_FXOR, 398 | SPARC_INS_FXORS, 399 | SPARC_INS_FXTOD, 400 | SPARC_INS_FXTOQ, 401 | SPARC_INS_FXTOS, 402 | SPARC_INS_FZERO, 403 | SPARC_INS_FZEROS, 404 | SPARC_INS_JMPL, 405 | SPARC_INS_LDD, 406 | SPARC_INS_LD, 407 | SPARC_INS_LDQ, 408 | SPARC_INS_LDSB, 409 | SPARC_INS_LDSH, 410 | SPARC_INS_LDSW, 411 | SPARC_INS_LDUB, 412 | SPARC_INS_LDUH, 413 | SPARC_INS_LDX, 414 | SPARC_INS_LZCNT, 415 | SPARC_INS_MEMBAR, 416 | SPARC_INS_MOVDTOX, 417 | SPARC_INS_MOV, 418 | SPARC_INS_MOVRGEZ, 419 | SPARC_INS_MOVRGZ, 420 | SPARC_INS_MOVRLEZ, 421 | SPARC_INS_MOVRLZ, 422 | SPARC_INS_MOVRNZ, 423 | SPARC_INS_MOVRZ, 424 | SPARC_INS_MOVSTOSW, 425 | SPARC_INS_MOVSTOUW, 426 | SPARC_INS_MULX, 427 | SPARC_INS_NOP, 428 | SPARC_INS_ORCC, 429 | SPARC_INS_ORNCC, 430 | SPARC_INS_ORN, 431 | SPARC_INS_OR, 432 | SPARC_INS_PDIST, 433 | SPARC_INS_PDISTN, 434 | SPARC_INS_POPC, 435 | SPARC_INS_RD, 436 | SPARC_INS_RESTORE, 437 | SPARC_INS_RETT, 438 | SPARC_INS_SAVE, 439 | SPARC_INS_SDIVCC, 440 | SPARC_INS_SDIVX, 441 | SPARC_INS_SDIV, 442 | SPARC_INS_SETHI, 443 | SPARC_INS_SHUTDOWN, 444 | SPARC_INS_SIAM, 445 | SPARC_INS_SLLX, 446 | SPARC_INS_SLL, 447 | SPARC_INS_SMULCC, 448 | SPARC_INS_SMUL, 449 | SPARC_INS_SRAX, 450 | SPARC_INS_SRA, 451 | SPARC_INS_SRLX, 452 | SPARC_INS_SRL, 453 | SPARC_INS_STBAR, 454 | SPARC_INS_STB, 455 | SPARC_INS_STD, 456 | SPARC_INS_ST, 457 | SPARC_INS_STH, 458 | SPARC_INS_STQ, 459 | SPARC_INS_STX, 460 | SPARC_INS_SUBCC, 461 | SPARC_INS_SUBX, 462 | SPARC_INS_SUBXCC, 463 | SPARC_INS_SUB, 464 | SPARC_INS_SWAP, 465 | SPARC_INS_TADDCCTV, 466 | SPARC_INS_TADDCC, 467 | SPARC_INS_T, 468 | SPARC_INS_TSUBCCTV, 469 | SPARC_INS_TSUBCC, 470 | SPARC_INS_UDIVCC, 471 | SPARC_INS_UDIVX, 472 | SPARC_INS_UDIV, 473 | SPARC_INS_UMULCC, 474 | SPARC_INS_UMULXHI, 475 | SPARC_INS_UMUL, 476 | SPARC_INS_UNIMP, 477 | SPARC_INS_FCMPED, 478 | SPARC_INS_FCMPEQ, 479 | SPARC_INS_FCMPES, 480 | SPARC_INS_WR, 481 | SPARC_INS_XMULX, 482 | SPARC_INS_XMULXHI, 483 | SPARC_INS_XNORCC, 484 | SPARC_INS_XNOR, 485 | SPARC_INS_XORCC, 486 | SPARC_INS_XOR, 487 | 488 | // alias instructions 489 | SPARC_INS_RET, 490 | SPARC_INS_RETL, 491 | 492 | SPARC_INS_ENDING, // <-- mark the end of the list of instructions 493 | } sparc_insn; 494 | 495 | //> Group of SPARC instructions 496 | typedef enum sparc_insn_group { 497 | SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID 498 | 499 | //> Generic groups 500 | // all jump instructions (conditional+direct+indirect jumps) 501 | SPARC_GRP_JUMP, // = CS_GRP_JUMP 502 | 503 | //> Architecture-specific groups 504 | SPARC_GRP_HARDQUAD = 128, 505 | SPARC_GRP_V9, 506 | SPARC_GRP_VIS, 507 | SPARC_GRP_VIS2, 508 | SPARC_GRP_VIS3, 509 | SPARC_GRP_32BIT, 510 | SPARC_GRP_64BIT, 511 | 512 | SPARC_GRP_ENDING, // <-- mark the end of the list of groups 513 | } sparc_insn_group; 514 | 515 | #ifdef __cplusplus 516 | } 517 | #endif 518 | 519 | #endif 520 | -------------------------------------------------------------------------------- /capstone/include/systemz.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_SYSTEMZ_H 2 | #define CAPSTONE_SYSTEMZ_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Enums corresponding to SystemZ condition codes 19 | typedef enum sysz_cc { 20 | SYSZ_CC_INVALID = 0, // invalid CC (default) 21 | 22 | SYSZ_CC_O, 23 | SYSZ_CC_H, 24 | SYSZ_CC_NLE, 25 | SYSZ_CC_L, 26 | SYSZ_CC_NHE, 27 | SYSZ_CC_LH, 28 | SYSZ_CC_NE, 29 | SYSZ_CC_E, 30 | SYSZ_CC_NLH, 31 | SYSZ_CC_HE, 32 | SYSZ_CC_NL, 33 | SYSZ_CC_LE, 34 | SYSZ_CC_NH, 35 | SYSZ_CC_NO, 36 | } sysz_cc; 37 | 38 | //> Operand type for instruction's operands 39 | typedef enum sysz_op_type { 40 | SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 41 | SYSZ_OP_REG, // = CS_OP_REG (Register operand). 42 | SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand). 43 | SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand). 44 | SYSZ_OP_ACREG = 64, // Access register operand. 45 | } sysz_op_type; 46 | 47 | // Instruction's operand referring to memory 48 | // This is associated with SYSZ_OP_MEM operand type above 49 | typedef struct sysz_op_mem { 50 | uint8_t base; // base register 51 | uint8_t index; // index register 52 | uint64_t length; // BDLAddr operand 53 | int64_t disp; // displacement/offset value 54 | } sysz_op_mem; 55 | 56 | // Instruction operand 57 | typedef struct cs_sysz_op { 58 | sysz_op_type type; // operand type 59 | union { 60 | unsigned int reg; // register value for REG operand 61 | int64_t imm; // immediate value for IMM operand 62 | sysz_op_mem mem; // base/disp value for MEM operand 63 | }; 64 | } cs_sysz_op; 65 | 66 | // Instruction structure 67 | typedef struct cs_sysz { 68 | sysz_cc cc; // Code condition 69 | // Number of operands of this instruction, 70 | // or 0 when instruction has no operand. 71 | uint8_t op_count; 72 | cs_sysz_op operands[6]; // operands for this instruction. 73 | } cs_sysz; 74 | 75 | //> SystemZ registers 76 | typedef enum sysz_reg { 77 | SYSZ_REG_INVALID = 0, 78 | 79 | SYSZ_REG_0, 80 | SYSZ_REG_1, 81 | SYSZ_REG_2, 82 | SYSZ_REG_3, 83 | SYSZ_REG_4, 84 | SYSZ_REG_5, 85 | SYSZ_REG_6, 86 | SYSZ_REG_7, 87 | SYSZ_REG_8, 88 | SYSZ_REG_9, 89 | SYSZ_REG_10, 90 | SYSZ_REG_11, 91 | SYSZ_REG_12, 92 | SYSZ_REG_13, 93 | SYSZ_REG_14, 94 | SYSZ_REG_15, 95 | SYSZ_REG_CC, 96 | SYSZ_REG_F0, 97 | SYSZ_REG_F1, 98 | SYSZ_REG_F2, 99 | SYSZ_REG_F3, 100 | SYSZ_REG_F4, 101 | SYSZ_REG_F5, 102 | SYSZ_REG_F6, 103 | SYSZ_REG_F7, 104 | SYSZ_REG_F8, 105 | SYSZ_REG_F9, 106 | SYSZ_REG_F10, 107 | SYSZ_REG_F11, 108 | SYSZ_REG_F12, 109 | SYSZ_REG_F13, 110 | SYSZ_REG_F14, 111 | SYSZ_REG_F15, 112 | 113 | SYSZ_REG_R0L, 114 | 115 | SYSZ_REG_ENDING, 116 | } sysz_reg; 117 | 118 | //> SystemZ instruction 119 | typedef enum sysz_insn { 120 | SYSZ_INS_INVALID = 0, 121 | 122 | SYSZ_INS_A, 123 | SYSZ_INS_ADB, 124 | SYSZ_INS_ADBR, 125 | SYSZ_INS_AEB, 126 | SYSZ_INS_AEBR, 127 | SYSZ_INS_AFI, 128 | SYSZ_INS_AG, 129 | SYSZ_INS_AGF, 130 | SYSZ_INS_AGFI, 131 | SYSZ_INS_AGFR, 132 | SYSZ_INS_AGHI, 133 | SYSZ_INS_AGHIK, 134 | SYSZ_INS_AGR, 135 | SYSZ_INS_AGRK, 136 | SYSZ_INS_AGSI, 137 | SYSZ_INS_AH, 138 | SYSZ_INS_AHI, 139 | SYSZ_INS_AHIK, 140 | SYSZ_INS_AHY, 141 | SYSZ_INS_AIH, 142 | SYSZ_INS_AL, 143 | SYSZ_INS_ALC, 144 | SYSZ_INS_ALCG, 145 | SYSZ_INS_ALCGR, 146 | SYSZ_INS_ALCR, 147 | SYSZ_INS_ALFI, 148 | SYSZ_INS_ALG, 149 | SYSZ_INS_ALGF, 150 | SYSZ_INS_ALGFI, 151 | SYSZ_INS_ALGFR, 152 | SYSZ_INS_ALGHSIK, 153 | SYSZ_INS_ALGR, 154 | SYSZ_INS_ALGRK, 155 | SYSZ_INS_ALHSIK, 156 | SYSZ_INS_ALR, 157 | SYSZ_INS_ALRK, 158 | SYSZ_INS_ALY, 159 | SYSZ_INS_AR, 160 | SYSZ_INS_ARK, 161 | SYSZ_INS_ASI, 162 | SYSZ_INS_AXBR, 163 | SYSZ_INS_AY, 164 | SYSZ_INS_BCR, 165 | SYSZ_INS_BRC, 166 | SYSZ_INS_BRCL, 167 | SYSZ_INS_CGIJ, 168 | SYSZ_INS_CGRJ, 169 | SYSZ_INS_CIJ, 170 | SYSZ_INS_CLGIJ, 171 | SYSZ_INS_CLGRJ, 172 | SYSZ_INS_CLIJ, 173 | SYSZ_INS_CLRJ, 174 | SYSZ_INS_CRJ, 175 | SYSZ_INS_BER, 176 | SYSZ_INS_JE, 177 | SYSZ_INS_JGE, 178 | SYSZ_INS_LOCE, 179 | SYSZ_INS_LOCGE, 180 | SYSZ_INS_LOCGRE, 181 | SYSZ_INS_LOCRE, 182 | SYSZ_INS_STOCE, 183 | SYSZ_INS_STOCGE, 184 | SYSZ_INS_BHR, 185 | SYSZ_INS_BHER, 186 | SYSZ_INS_JHE, 187 | SYSZ_INS_JGHE, 188 | SYSZ_INS_LOCHE, 189 | SYSZ_INS_LOCGHE, 190 | SYSZ_INS_LOCGRHE, 191 | SYSZ_INS_LOCRHE, 192 | SYSZ_INS_STOCHE, 193 | SYSZ_INS_STOCGHE, 194 | SYSZ_INS_JH, 195 | SYSZ_INS_JGH, 196 | SYSZ_INS_LOCH, 197 | SYSZ_INS_LOCGH, 198 | SYSZ_INS_LOCGRH, 199 | SYSZ_INS_LOCRH, 200 | SYSZ_INS_STOCH, 201 | SYSZ_INS_STOCGH, 202 | SYSZ_INS_CGIJNLH, 203 | SYSZ_INS_CGRJNLH, 204 | SYSZ_INS_CIJNLH, 205 | SYSZ_INS_CLGIJNLH, 206 | SYSZ_INS_CLGRJNLH, 207 | SYSZ_INS_CLIJNLH, 208 | SYSZ_INS_CLRJNLH, 209 | SYSZ_INS_CRJNLH, 210 | SYSZ_INS_CGIJE, 211 | SYSZ_INS_CGRJE, 212 | SYSZ_INS_CIJE, 213 | SYSZ_INS_CLGIJE, 214 | SYSZ_INS_CLGRJE, 215 | SYSZ_INS_CLIJE, 216 | SYSZ_INS_CLRJE, 217 | SYSZ_INS_CRJE, 218 | SYSZ_INS_CGIJNLE, 219 | SYSZ_INS_CGRJNLE, 220 | SYSZ_INS_CIJNLE, 221 | SYSZ_INS_CLGIJNLE, 222 | SYSZ_INS_CLGRJNLE, 223 | SYSZ_INS_CLIJNLE, 224 | SYSZ_INS_CLRJNLE, 225 | SYSZ_INS_CRJNLE, 226 | SYSZ_INS_CGIJH, 227 | SYSZ_INS_CGRJH, 228 | SYSZ_INS_CIJH, 229 | SYSZ_INS_CLGIJH, 230 | SYSZ_INS_CLGRJH, 231 | SYSZ_INS_CLIJH, 232 | SYSZ_INS_CLRJH, 233 | SYSZ_INS_CRJH, 234 | SYSZ_INS_CGIJNL, 235 | SYSZ_INS_CGRJNL, 236 | SYSZ_INS_CIJNL, 237 | SYSZ_INS_CLGIJNL, 238 | SYSZ_INS_CLGRJNL, 239 | SYSZ_INS_CLIJNL, 240 | SYSZ_INS_CLRJNL, 241 | SYSZ_INS_CRJNL, 242 | SYSZ_INS_CGIJHE, 243 | SYSZ_INS_CGRJHE, 244 | SYSZ_INS_CIJHE, 245 | SYSZ_INS_CLGIJHE, 246 | SYSZ_INS_CLGRJHE, 247 | SYSZ_INS_CLIJHE, 248 | SYSZ_INS_CLRJHE, 249 | SYSZ_INS_CRJHE, 250 | SYSZ_INS_CGIJNHE, 251 | SYSZ_INS_CGRJNHE, 252 | SYSZ_INS_CIJNHE, 253 | SYSZ_INS_CLGIJNHE, 254 | SYSZ_INS_CLGRJNHE, 255 | SYSZ_INS_CLIJNHE, 256 | SYSZ_INS_CLRJNHE, 257 | SYSZ_INS_CRJNHE, 258 | SYSZ_INS_CGIJL, 259 | SYSZ_INS_CGRJL, 260 | SYSZ_INS_CIJL, 261 | SYSZ_INS_CLGIJL, 262 | SYSZ_INS_CLGRJL, 263 | SYSZ_INS_CLIJL, 264 | SYSZ_INS_CLRJL, 265 | SYSZ_INS_CRJL, 266 | SYSZ_INS_CGIJNH, 267 | SYSZ_INS_CGRJNH, 268 | SYSZ_INS_CIJNH, 269 | SYSZ_INS_CLGIJNH, 270 | SYSZ_INS_CLGRJNH, 271 | SYSZ_INS_CLIJNH, 272 | SYSZ_INS_CLRJNH, 273 | SYSZ_INS_CRJNH, 274 | SYSZ_INS_CGIJLE, 275 | SYSZ_INS_CGRJLE, 276 | SYSZ_INS_CIJLE, 277 | SYSZ_INS_CLGIJLE, 278 | SYSZ_INS_CLGRJLE, 279 | SYSZ_INS_CLIJLE, 280 | SYSZ_INS_CLRJLE, 281 | SYSZ_INS_CRJLE, 282 | SYSZ_INS_CGIJNE, 283 | SYSZ_INS_CGRJNE, 284 | SYSZ_INS_CIJNE, 285 | SYSZ_INS_CLGIJNE, 286 | SYSZ_INS_CLGRJNE, 287 | SYSZ_INS_CLIJNE, 288 | SYSZ_INS_CLRJNE, 289 | SYSZ_INS_CRJNE, 290 | SYSZ_INS_CGIJLH, 291 | SYSZ_INS_CGRJLH, 292 | SYSZ_INS_CIJLH, 293 | SYSZ_INS_CLGIJLH, 294 | SYSZ_INS_CLGRJLH, 295 | SYSZ_INS_CLIJLH, 296 | SYSZ_INS_CLRJLH, 297 | SYSZ_INS_CRJLH, 298 | SYSZ_INS_BLR, 299 | SYSZ_INS_BLER, 300 | SYSZ_INS_JLE, 301 | SYSZ_INS_JGLE, 302 | SYSZ_INS_LOCLE, 303 | SYSZ_INS_LOCGLE, 304 | SYSZ_INS_LOCGRLE, 305 | SYSZ_INS_LOCRLE, 306 | SYSZ_INS_STOCLE, 307 | SYSZ_INS_STOCGLE, 308 | SYSZ_INS_BLHR, 309 | SYSZ_INS_JLH, 310 | SYSZ_INS_JGLH, 311 | SYSZ_INS_LOCLH, 312 | SYSZ_INS_LOCGLH, 313 | SYSZ_INS_LOCGRLH, 314 | SYSZ_INS_LOCRLH, 315 | SYSZ_INS_STOCLH, 316 | SYSZ_INS_STOCGLH, 317 | SYSZ_INS_JL, 318 | SYSZ_INS_JGL, 319 | SYSZ_INS_LOCL, 320 | SYSZ_INS_LOCGL, 321 | SYSZ_INS_LOCGRL, 322 | SYSZ_INS_LOCRL, 323 | SYSZ_INS_LOC, 324 | SYSZ_INS_LOCG, 325 | SYSZ_INS_LOCGR, 326 | SYSZ_INS_LOCR, 327 | SYSZ_INS_STOCL, 328 | SYSZ_INS_STOCGL, 329 | SYSZ_INS_BNER, 330 | SYSZ_INS_JNE, 331 | SYSZ_INS_JGNE, 332 | SYSZ_INS_LOCNE, 333 | SYSZ_INS_LOCGNE, 334 | SYSZ_INS_LOCGRNE, 335 | SYSZ_INS_LOCRNE, 336 | SYSZ_INS_STOCNE, 337 | SYSZ_INS_STOCGNE, 338 | SYSZ_INS_BNHR, 339 | SYSZ_INS_BNHER, 340 | SYSZ_INS_JNHE, 341 | SYSZ_INS_JGNHE, 342 | SYSZ_INS_LOCNHE, 343 | SYSZ_INS_LOCGNHE, 344 | SYSZ_INS_LOCGRNHE, 345 | SYSZ_INS_LOCRNHE, 346 | SYSZ_INS_STOCNHE, 347 | SYSZ_INS_STOCGNHE, 348 | SYSZ_INS_JNH, 349 | SYSZ_INS_JGNH, 350 | SYSZ_INS_LOCNH, 351 | SYSZ_INS_LOCGNH, 352 | SYSZ_INS_LOCGRNH, 353 | SYSZ_INS_LOCRNH, 354 | SYSZ_INS_STOCNH, 355 | SYSZ_INS_STOCGNH, 356 | SYSZ_INS_BNLR, 357 | SYSZ_INS_BNLER, 358 | SYSZ_INS_JNLE, 359 | SYSZ_INS_JGNLE, 360 | SYSZ_INS_LOCNLE, 361 | SYSZ_INS_LOCGNLE, 362 | SYSZ_INS_LOCGRNLE, 363 | SYSZ_INS_LOCRNLE, 364 | SYSZ_INS_STOCNLE, 365 | SYSZ_INS_STOCGNLE, 366 | SYSZ_INS_BNLHR, 367 | SYSZ_INS_JNLH, 368 | SYSZ_INS_JGNLH, 369 | SYSZ_INS_LOCNLH, 370 | SYSZ_INS_LOCGNLH, 371 | SYSZ_INS_LOCGRNLH, 372 | SYSZ_INS_LOCRNLH, 373 | SYSZ_INS_STOCNLH, 374 | SYSZ_INS_STOCGNLH, 375 | SYSZ_INS_JNL, 376 | SYSZ_INS_JGNL, 377 | SYSZ_INS_LOCNL, 378 | SYSZ_INS_LOCGNL, 379 | SYSZ_INS_LOCGRNL, 380 | SYSZ_INS_LOCRNL, 381 | SYSZ_INS_STOCNL, 382 | SYSZ_INS_STOCGNL, 383 | SYSZ_INS_BNOR, 384 | SYSZ_INS_JNO, 385 | SYSZ_INS_JGNO, 386 | SYSZ_INS_LOCNO, 387 | SYSZ_INS_LOCGNO, 388 | SYSZ_INS_LOCGRNO, 389 | SYSZ_INS_LOCRNO, 390 | SYSZ_INS_STOCNO, 391 | SYSZ_INS_STOCGNO, 392 | SYSZ_INS_BOR, 393 | SYSZ_INS_JO, 394 | SYSZ_INS_JGO, 395 | SYSZ_INS_LOCO, 396 | SYSZ_INS_LOCGO, 397 | SYSZ_INS_LOCGRO, 398 | SYSZ_INS_LOCRO, 399 | SYSZ_INS_STOCO, 400 | SYSZ_INS_STOCGO, 401 | SYSZ_INS_STOC, 402 | SYSZ_INS_STOCG, 403 | SYSZ_INS_BASR, 404 | SYSZ_INS_BR, 405 | SYSZ_INS_BRAS, 406 | SYSZ_INS_BRASL, 407 | SYSZ_INS_J, 408 | SYSZ_INS_JG, 409 | SYSZ_INS_BRCT, 410 | SYSZ_INS_BRCTG, 411 | SYSZ_INS_C, 412 | SYSZ_INS_CDB, 413 | SYSZ_INS_CDBR, 414 | SYSZ_INS_CDFBR, 415 | SYSZ_INS_CDGBR, 416 | SYSZ_INS_CDLFBR, 417 | SYSZ_INS_CDLGBR, 418 | SYSZ_INS_CEB, 419 | SYSZ_INS_CEBR, 420 | SYSZ_INS_CEFBR, 421 | SYSZ_INS_CEGBR, 422 | SYSZ_INS_CELFBR, 423 | SYSZ_INS_CELGBR, 424 | SYSZ_INS_CFDBR, 425 | SYSZ_INS_CFEBR, 426 | SYSZ_INS_CFI, 427 | SYSZ_INS_CFXBR, 428 | SYSZ_INS_CG, 429 | SYSZ_INS_CGDBR, 430 | SYSZ_INS_CGEBR, 431 | SYSZ_INS_CGF, 432 | SYSZ_INS_CGFI, 433 | SYSZ_INS_CGFR, 434 | SYSZ_INS_CGFRL, 435 | SYSZ_INS_CGH, 436 | SYSZ_INS_CGHI, 437 | SYSZ_INS_CGHRL, 438 | SYSZ_INS_CGHSI, 439 | SYSZ_INS_CGR, 440 | SYSZ_INS_CGRL, 441 | SYSZ_INS_CGXBR, 442 | SYSZ_INS_CH, 443 | SYSZ_INS_CHF, 444 | SYSZ_INS_CHHSI, 445 | SYSZ_INS_CHI, 446 | SYSZ_INS_CHRL, 447 | SYSZ_INS_CHSI, 448 | SYSZ_INS_CHY, 449 | SYSZ_INS_CIH, 450 | SYSZ_INS_CL, 451 | SYSZ_INS_CLC, 452 | SYSZ_INS_CLFDBR, 453 | SYSZ_INS_CLFEBR, 454 | SYSZ_INS_CLFHSI, 455 | SYSZ_INS_CLFI, 456 | SYSZ_INS_CLFXBR, 457 | SYSZ_INS_CLG, 458 | SYSZ_INS_CLGDBR, 459 | SYSZ_INS_CLGEBR, 460 | SYSZ_INS_CLGF, 461 | SYSZ_INS_CLGFI, 462 | SYSZ_INS_CLGFR, 463 | SYSZ_INS_CLGFRL, 464 | SYSZ_INS_CLGHRL, 465 | SYSZ_INS_CLGHSI, 466 | SYSZ_INS_CLGR, 467 | SYSZ_INS_CLGRL, 468 | SYSZ_INS_CLGXBR, 469 | SYSZ_INS_CLHF, 470 | SYSZ_INS_CLHHSI, 471 | SYSZ_INS_CLHRL, 472 | SYSZ_INS_CLI, 473 | SYSZ_INS_CLIH, 474 | SYSZ_INS_CLIY, 475 | SYSZ_INS_CLR, 476 | SYSZ_INS_CLRL, 477 | SYSZ_INS_CLST, 478 | SYSZ_INS_CLY, 479 | SYSZ_INS_CPSDR, 480 | SYSZ_INS_CR, 481 | SYSZ_INS_CRL, 482 | SYSZ_INS_CS, 483 | SYSZ_INS_CSG, 484 | SYSZ_INS_CSY, 485 | SYSZ_INS_CXBR, 486 | SYSZ_INS_CXFBR, 487 | SYSZ_INS_CXGBR, 488 | SYSZ_INS_CXLFBR, 489 | SYSZ_INS_CXLGBR, 490 | SYSZ_INS_CY, 491 | SYSZ_INS_DDB, 492 | SYSZ_INS_DDBR, 493 | SYSZ_INS_DEB, 494 | SYSZ_INS_DEBR, 495 | SYSZ_INS_DL, 496 | SYSZ_INS_DLG, 497 | SYSZ_INS_DLGR, 498 | SYSZ_INS_DLR, 499 | SYSZ_INS_DSG, 500 | SYSZ_INS_DSGF, 501 | SYSZ_INS_DSGFR, 502 | SYSZ_INS_DSGR, 503 | SYSZ_INS_DXBR, 504 | SYSZ_INS_EAR, 505 | SYSZ_INS_FIDBR, 506 | SYSZ_INS_FIDBRA, 507 | SYSZ_INS_FIEBR, 508 | SYSZ_INS_FIEBRA, 509 | SYSZ_INS_FIXBR, 510 | SYSZ_INS_FIXBRA, 511 | SYSZ_INS_FLOGR, 512 | SYSZ_INS_IC, 513 | SYSZ_INS_ICY, 514 | SYSZ_INS_IIHF, 515 | SYSZ_INS_IIHH, 516 | SYSZ_INS_IIHL, 517 | SYSZ_INS_IILF, 518 | SYSZ_INS_IILH, 519 | SYSZ_INS_IILL, 520 | SYSZ_INS_IPM, 521 | SYSZ_INS_L, 522 | SYSZ_INS_LA, 523 | SYSZ_INS_LAA, 524 | SYSZ_INS_LAAG, 525 | SYSZ_INS_LAAL, 526 | SYSZ_INS_LAALG, 527 | SYSZ_INS_LAN, 528 | SYSZ_INS_LANG, 529 | SYSZ_INS_LAO, 530 | SYSZ_INS_LAOG, 531 | SYSZ_INS_LARL, 532 | SYSZ_INS_LAX, 533 | SYSZ_INS_LAXG, 534 | SYSZ_INS_LAY, 535 | SYSZ_INS_LB, 536 | SYSZ_INS_LBH, 537 | SYSZ_INS_LBR, 538 | SYSZ_INS_LCDBR, 539 | SYSZ_INS_LCEBR, 540 | SYSZ_INS_LCGFR, 541 | SYSZ_INS_LCGR, 542 | SYSZ_INS_LCR, 543 | SYSZ_INS_LCXBR, 544 | SYSZ_INS_LD, 545 | SYSZ_INS_LDEB, 546 | SYSZ_INS_LDEBR, 547 | SYSZ_INS_LDGR, 548 | SYSZ_INS_LDR, 549 | SYSZ_INS_LDXBR, 550 | SYSZ_INS_LDXBRA, 551 | SYSZ_INS_LDY, 552 | SYSZ_INS_LE, 553 | SYSZ_INS_LEDBR, 554 | SYSZ_INS_LEDBRA, 555 | SYSZ_INS_LER, 556 | SYSZ_INS_LEXBR, 557 | SYSZ_INS_LEXBRA, 558 | SYSZ_INS_LEY, 559 | SYSZ_INS_LFH, 560 | SYSZ_INS_LG, 561 | SYSZ_INS_LGB, 562 | SYSZ_INS_LGBR, 563 | SYSZ_INS_LGDR, 564 | SYSZ_INS_LGF, 565 | SYSZ_INS_LGFI, 566 | SYSZ_INS_LGFR, 567 | SYSZ_INS_LGFRL, 568 | SYSZ_INS_LGH, 569 | SYSZ_INS_LGHI, 570 | SYSZ_INS_LGHR, 571 | SYSZ_INS_LGHRL, 572 | SYSZ_INS_LGR, 573 | SYSZ_INS_LGRL, 574 | SYSZ_INS_LH, 575 | SYSZ_INS_LHH, 576 | SYSZ_INS_LHI, 577 | SYSZ_INS_LHR, 578 | SYSZ_INS_LHRL, 579 | SYSZ_INS_LHY, 580 | SYSZ_INS_LLC, 581 | SYSZ_INS_LLCH, 582 | SYSZ_INS_LLCR, 583 | SYSZ_INS_LLGC, 584 | SYSZ_INS_LLGCR, 585 | SYSZ_INS_LLGF, 586 | SYSZ_INS_LLGFR, 587 | SYSZ_INS_LLGFRL, 588 | SYSZ_INS_LLGH, 589 | SYSZ_INS_LLGHR, 590 | SYSZ_INS_LLGHRL, 591 | SYSZ_INS_LLH, 592 | SYSZ_INS_LLHH, 593 | SYSZ_INS_LLHR, 594 | SYSZ_INS_LLHRL, 595 | SYSZ_INS_LLIHF, 596 | SYSZ_INS_LLIHH, 597 | SYSZ_INS_LLIHL, 598 | SYSZ_INS_LLILF, 599 | SYSZ_INS_LLILH, 600 | SYSZ_INS_LLILL, 601 | SYSZ_INS_LMG, 602 | SYSZ_INS_LNDBR, 603 | SYSZ_INS_LNEBR, 604 | SYSZ_INS_LNGFR, 605 | SYSZ_INS_LNGR, 606 | SYSZ_INS_LNR, 607 | SYSZ_INS_LNXBR, 608 | SYSZ_INS_LPDBR, 609 | SYSZ_INS_LPEBR, 610 | SYSZ_INS_LPGFR, 611 | SYSZ_INS_LPGR, 612 | SYSZ_INS_LPR, 613 | SYSZ_INS_LPXBR, 614 | SYSZ_INS_LR, 615 | SYSZ_INS_LRL, 616 | SYSZ_INS_LRV, 617 | SYSZ_INS_LRVG, 618 | SYSZ_INS_LRVGR, 619 | SYSZ_INS_LRVR, 620 | SYSZ_INS_LT, 621 | SYSZ_INS_LTDBR, 622 | SYSZ_INS_LTEBR, 623 | SYSZ_INS_LTG, 624 | SYSZ_INS_LTGF, 625 | SYSZ_INS_LTGFR, 626 | SYSZ_INS_LTGR, 627 | SYSZ_INS_LTR, 628 | SYSZ_INS_LTXBR, 629 | SYSZ_INS_LXDB, 630 | SYSZ_INS_LXDBR, 631 | SYSZ_INS_LXEB, 632 | SYSZ_INS_LXEBR, 633 | SYSZ_INS_LXR, 634 | SYSZ_INS_LY, 635 | SYSZ_INS_LZDR, 636 | SYSZ_INS_LZER, 637 | SYSZ_INS_LZXR, 638 | SYSZ_INS_MADB, 639 | SYSZ_INS_MADBR, 640 | SYSZ_INS_MAEB, 641 | SYSZ_INS_MAEBR, 642 | SYSZ_INS_MDB, 643 | SYSZ_INS_MDBR, 644 | SYSZ_INS_MDEB, 645 | SYSZ_INS_MDEBR, 646 | SYSZ_INS_MEEB, 647 | SYSZ_INS_MEEBR, 648 | SYSZ_INS_MGHI, 649 | SYSZ_INS_MH, 650 | SYSZ_INS_MHI, 651 | SYSZ_INS_MHY, 652 | SYSZ_INS_MLG, 653 | SYSZ_INS_MLGR, 654 | SYSZ_INS_MS, 655 | SYSZ_INS_MSDB, 656 | SYSZ_INS_MSDBR, 657 | SYSZ_INS_MSEB, 658 | SYSZ_INS_MSEBR, 659 | SYSZ_INS_MSFI, 660 | SYSZ_INS_MSG, 661 | SYSZ_INS_MSGF, 662 | SYSZ_INS_MSGFI, 663 | SYSZ_INS_MSGFR, 664 | SYSZ_INS_MSGR, 665 | SYSZ_INS_MSR, 666 | SYSZ_INS_MSY, 667 | SYSZ_INS_MVC, 668 | SYSZ_INS_MVGHI, 669 | SYSZ_INS_MVHHI, 670 | SYSZ_INS_MVHI, 671 | SYSZ_INS_MVI, 672 | SYSZ_INS_MVIY, 673 | SYSZ_INS_MVST, 674 | SYSZ_INS_MXBR, 675 | SYSZ_INS_MXDB, 676 | SYSZ_INS_MXDBR, 677 | SYSZ_INS_N, 678 | SYSZ_INS_NC, 679 | SYSZ_INS_NG, 680 | SYSZ_INS_NGR, 681 | SYSZ_INS_NGRK, 682 | SYSZ_INS_NI, 683 | SYSZ_INS_NIHF, 684 | SYSZ_INS_NIHH, 685 | SYSZ_INS_NIHL, 686 | SYSZ_INS_NILF, 687 | SYSZ_INS_NILH, 688 | SYSZ_INS_NILL, 689 | SYSZ_INS_NIY, 690 | SYSZ_INS_NR, 691 | SYSZ_INS_NRK, 692 | SYSZ_INS_NY, 693 | SYSZ_INS_O, 694 | SYSZ_INS_OC, 695 | SYSZ_INS_OG, 696 | SYSZ_INS_OGR, 697 | SYSZ_INS_OGRK, 698 | SYSZ_INS_OI, 699 | SYSZ_INS_OIHF, 700 | SYSZ_INS_OIHH, 701 | SYSZ_INS_OIHL, 702 | SYSZ_INS_OILF, 703 | SYSZ_INS_OILH, 704 | SYSZ_INS_OILL, 705 | SYSZ_INS_OIY, 706 | SYSZ_INS_OR, 707 | SYSZ_INS_ORK, 708 | SYSZ_INS_OY, 709 | SYSZ_INS_PFD, 710 | SYSZ_INS_PFDRL, 711 | SYSZ_INS_RISBG, 712 | SYSZ_INS_RISBHG, 713 | SYSZ_INS_RISBLG, 714 | SYSZ_INS_RLL, 715 | SYSZ_INS_RLLG, 716 | SYSZ_INS_RNSBG, 717 | SYSZ_INS_ROSBG, 718 | SYSZ_INS_RXSBG, 719 | SYSZ_INS_S, 720 | SYSZ_INS_SDB, 721 | SYSZ_INS_SDBR, 722 | SYSZ_INS_SEB, 723 | SYSZ_INS_SEBR, 724 | SYSZ_INS_SG, 725 | SYSZ_INS_SGF, 726 | SYSZ_INS_SGFR, 727 | SYSZ_INS_SGR, 728 | SYSZ_INS_SGRK, 729 | SYSZ_INS_SH, 730 | SYSZ_INS_SHY, 731 | SYSZ_INS_SL, 732 | SYSZ_INS_SLB, 733 | SYSZ_INS_SLBG, 734 | SYSZ_INS_SLBR, 735 | SYSZ_INS_SLFI, 736 | SYSZ_INS_SLG, 737 | SYSZ_INS_SLBGR, 738 | SYSZ_INS_SLGF, 739 | SYSZ_INS_SLGFI, 740 | SYSZ_INS_SLGFR, 741 | SYSZ_INS_SLGR, 742 | SYSZ_INS_SLGRK, 743 | SYSZ_INS_SLL, 744 | SYSZ_INS_SLLG, 745 | SYSZ_INS_SLLK, 746 | SYSZ_INS_SLR, 747 | SYSZ_INS_SLRK, 748 | SYSZ_INS_SLY, 749 | SYSZ_INS_SQDB, 750 | SYSZ_INS_SQDBR, 751 | SYSZ_INS_SQEB, 752 | SYSZ_INS_SQEBR, 753 | SYSZ_INS_SQXBR, 754 | SYSZ_INS_SR, 755 | SYSZ_INS_SRA, 756 | SYSZ_INS_SRAG, 757 | SYSZ_INS_SRAK, 758 | SYSZ_INS_SRK, 759 | SYSZ_INS_SRL, 760 | SYSZ_INS_SRLG, 761 | SYSZ_INS_SRLK, 762 | SYSZ_INS_SRST, 763 | SYSZ_INS_ST, 764 | SYSZ_INS_STC, 765 | SYSZ_INS_STCH, 766 | SYSZ_INS_STCY, 767 | SYSZ_INS_STD, 768 | SYSZ_INS_STDY, 769 | SYSZ_INS_STE, 770 | SYSZ_INS_STEY, 771 | SYSZ_INS_STFH, 772 | SYSZ_INS_STG, 773 | SYSZ_INS_STGRL, 774 | SYSZ_INS_STH, 775 | SYSZ_INS_STHH, 776 | SYSZ_INS_STHRL, 777 | SYSZ_INS_STHY, 778 | SYSZ_INS_STMG, 779 | SYSZ_INS_STRL, 780 | SYSZ_INS_STRV, 781 | SYSZ_INS_STRVG, 782 | SYSZ_INS_STY, 783 | SYSZ_INS_SXBR, 784 | SYSZ_INS_SY, 785 | SYSZ_INS_TM, 786 | SYSZ_INS_TMHH, 787 | SYSZ_INS_TMHL, 788 | SYSZ_INS_TMLH, 789 | SYSZ_INS_TMLL, 790 | SYSZ_INS_TMY, 791 | SYSZ_INS_X, 792 | SYSZ_INS_XC, 793 | SYSZ_INS_XG, 794 | SYSZ_INS_XGR, 795 | SYSZ_INS_XGRK, 796 | SYSZ_INS_XI, 797 | SYSZ_INS_XIHF, 798 | SYSZ_INS_XILF, 799 | SYSZ_INS_XIY, 800 | SYSZ_INS_XR, 801 | SYSZ_INS_XRK, 802 | SYSZ_INS_XY, 803 | 804 | SYSZ_INS_ENDING, // <-- mark the end of the list of instructions 805 | } sysz_insn; 806 | 807 | //> Group of SystemZ instructions 808 | typedef enum sysz_insn_group { 809 | SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID 810 | 811 | //> Generic groups 812 | // all jump instructions (conditional+direct+indirect jumps) 813 | SYSZ_GRP_JUMP, // = CS_GRP_JUMP 814 | 815 | //> Architecture-specific groups 816 | SYSZ_GRP_DISTINCTOPS = 128, 817 | SYSZ_GRP_FPEXTENSION, 818 | SYSZ_GRP_HIGHWORD, 819 | SYSZ_GRP_INTERLOCKEDACCESS1, 820 | SYSZ_GRP_LOADSTOREONCOND, 821 | 822 | SYSZ_GRP_ENDING, // <-- mark the end of the list of groups 823 | } sysz_insn_group; 824 | 825 | #ifdef __cplusplus 826 | } 827 | #endif 828 | 829 | #endif 830 | -------------------------------------------------------------------------------- /capstone/include/xcore.h: -------------------------------------------------------------------------------- 1 | #ifndef CAPSTONE_XCORE_H 2 | #define CAPSTONE_XCORE_H 3 | 4 | /* Capstone Disassembly Engine */ 5 | /* By Nguyen Anh Quynh , 2014 */ 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include "platform.h" 13 | 14 | #ifdef _MSC_VER 15 | #pragma warning(disable:4201) 16 | #endif 17 | 18 | //> Operand type for instruction's operands 19 | typedef enum xcore_op_type { 20 | XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized). 21 | XCORE_OP_REG, // = CS_OP_REG (Register operand). 22 | XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand). 23 | XCORE_OP_MEM, // = CS_OP_MEM (Memory operand). 24 | } xcore_op_type; 25 | 26 | // Instruction's operand referring to memory 27 | // This is associated with XCORE_OP_MEM operand type above 28 | typedef struct xcore_op_mem { 29 | uint8_t base; // base register 30 | uint8_t index; // index register 31 | int32_t disp; // displacement/offset value 32 | int direct; // +1: forward, -1: backward 33 | } xcore_op_mem; 34 | 35 | // Instruction operand 36 | typedef struct cs_xcore_op { 37 | xcore_op_type type; // operand type 38 | union { 39 | unsigned int reg; // register value for REG operand 40 | int32_t imm; // immediate value for IMM operand 41 | xcore_op_mem mem; // base/disp value for MEM operand 42 | }; 43 | } cs_xcore_op; 44 | 45 | // Instruction structure 46 | typedef struct cs_xcore { 47 | // Number of operands of this instruction, 48 | // or 0 when instruction has no operand. 49 | uint8_t op_count; 50 | cs_xcore_op operands[8]; // operands for this instruction. 51 | } cs_xcore; 52 | 53 | //> XCore registers 54 | typedef enum xcore_reg { 55 | XCORE_REG_INVALID = 0, 56 | 57 | XCORE_REG_CP, 58 | XCORE_REG_DP, 59 | XCORE_REG_LR, 60 | XCORE_REG_SP, 61 | XCORE_REG_R0, 62 | XCORE_REG_R1, 63 | XCORE_REG_R2, 64 | XCORE_REG_R3, 65 | XCORE_REG_R4, 66 | XCORE_REG_R5, 67 | XCORE_REG_R6, 68 | XCORE_REG_R7, 69 | XCORE_REG_R8, 70 | XCORE_REG_R9, 71 | XCORE_REG_R10, 72 | XCORE_REG_R11, 73 | 74 | //> pseudo registers 75 | XCORE_REG_PC, // pc 76 | 77 | // internal thread registers 78 | // see The-XMOS-XS1-Architecture(X7879A).pdf 79 | XCORE_REG_SCP, // save pc 80 | XCORE_REG_SSR, // save status 81 | XCORE_REG_ET, // exception type 82 | XCORE_REG_ED, // exception data 83 | XCORE_REG_SED, // save exception data 84 | XCORE_REG_KEP, // kernel entry pointer 85 | XCORE_REG_KSP, // kernel stack pointer 86 | XCORE_REG_ID, // thread ID 87 | 88 | XCORE_REG_ENDING, // <-- mark the end of the list of registers 89 | } xcore_reg; 90 | 91 | //> XCore instruction 92 | typedef enum xcore_insn { 93 | XCORE_INS_INVALID = 0, 94 | 95 | XCORE_INS_ADD, 96 | XCORE_INS_ANDNOT, 97 | XCORE_INS_AND, 98 | XCORE_INS_ASHR, 99 | XCORE_INS_BAU, 100 | XCORE_INS_BITREV, 101 | XCORE_INS_BLA, 102 | XCORE_INS_BLAT, 103 | XCORE_INS_BL, 104 | XCORE_INS_BF, 105 | XCORE_INS_BT, 106 | XCORE_INS_BU, 107 | XCORE_INS_BRU, 108 | XCORE_INS_BYTEREV, 109 | XCORE_INS_CHKCT, 110 | XCORE_INS_CLRE, 111 | XCORE_INS_CLRPT, 112 | XCORE_INS_CLRSR, 113 | XCORE_INS_CLZ, 114 | XCORE_INS_CRC8, 115 | XCORE_INS_CRC32, 116 | XCORE_INS_DCALL, 117 | XCORE_INS_DENTSP, 118 | XCORE_INS_DGETREG, 119 | XCORE_INS_DIVS, 120 | XCORE_INS_DIVU, 121 | XCORE_INS_DRESTSP, 122 | XCORE_INS_DRET, 123 | XCORE_INS_ECALLF, 124 | XCORE_INS_ECALLT, 125 | XCORE_INS_EDU, 126 | XCORE_INS_EEF, 127 | XCORE_INS_EET, 128 | XCORE_INS_EEU, 129 | XCORE_INS_ENDIN, 130 | XCORE_INS_ENTSP, 131 | XCORE_INS_EQ, 132 | XCORE_INS_EXTDP, 133 | XCORE_INS_EXTSP, 134 | XCORE_INS_FREER, 135 | XCORE_INS_FREET, 136 | XCORE_INS_GETD, 137 | XCORE_INS_GET, 138 | XCORE_INS_GETN, 139 | XCORE_INS_GETR, 140 | XCORE_INS_GETSR, 141 | XCORE_INS_GETST, 142 | XCORE_INS_GETTS, 143 | XCORE_INS_INCT, 144 | XCORE_INS_INIT, 145 | XCORE_INS_INPW, 146 | XCORE_INS_INSHR, 147 | XCORE_INS_INT, 148 | XCORE_INS_IN, 149 | XCORE_INS_KCALL, 150 | XCORE_INS_KENTSP, 151 | XCORE_INS_KRESTSP, 152 | XCORE_INS_KRET, 153 | XCORE_INS_LADD, 154 | XCORE_INS_LD16S, 155 | XCORE_INS_LD8U, 156 | XCORE_INS_LDA16, 157 | XCORE_INS_LDAP, 158 | XCORE_INS_LDAW, 159 | XCORE_INS_LDC, 160 | XCORE_INS_LDW, 161 | XCORE_INS_LDIVU, 162 | XCORE_INS_LMUL, 163 | XCORE_INS_LSS, 164 | XCORE_INS_LSUB, 165 | XCORE_INS_LSU, 166 | XCORE_INS_MACCS, 167 | XCORE_INS_MACCU, 168 | XCORE_INS_MJOIN, 169 | XCORE_INS_MKMSK, 170 | XCORE_INS_MSYNC, 171 | XCORE_INS_MUL, 172 | XCORE_INS_NEG, 173 | XCORE_INS_NOT, 174 | XCORE_INS_OR, 175 | XCORE_INS_OUTCT, 176 | XCORE_INS_OUTPW, 177 | XCORE_INS_OUTSHR, 178 | XCORE_INS_OUTT, 179 | XCORE_INS_OUT, 180 | XCORE_INS_PEEK, 181 | XCORE_INS_REMS, 182 | XCORE_INS_REMU, 183 | XCORE_INS_RETSP, 184 | XCORE_INS_SETCLK, 185 | XCORE_INS_SET, 186 | XCORE_INS_SETC, 187 | XCORE_INS_SETD, 188 | XCORE_INS_SETEV, 189 | XCORE_INS_SETN, 190 | XCORE_INS_SETPSC, 191 | XCORE_INS_SETPT, 192 | XCORE_INS_SETRDY, 193 | XCORE_INS_SETSR, 194 | XCORE_INS_SETTW, 195 | XCORE_INS_SETV, 196 | XCORE_INS_SEXT, 197 | XCORE_INS_SHL, 198 | XCORE_INS_SHR, 199 | XCORE_INS_SSYNC, 200 | XCORE_INS_ST16, 201 | XCORE_INS_ST8, 202 | XCORE_INS_STW, 203 | XCORE_INS_SUB, 204 | XCORE_INS_SYNCR, 205 | XCORE_INS_TESTCT, 206 | XCORE_INS_TESTLCL, 207 | XCORE_INS_TESTWCT, 208 | XCORE_INS_TSETMR, 209 | XCORE_INS_START, 210 | XCORE_INS_WAITEF, 211 | XCORE_INS_WAITET, 212 | XCORE_INS_WAITEU, 213 | XCORE_INS_XOR, 214 | XCORE_INS_ZEXT, 215 | 216 | XCORE_INS_ENDING, // <-- mark the end of the list of instructions 217 | } xcore_insn; 218 | 219 | //> Group of XCore instructions 220 | typedef enum xcore_insn_group { 221 | XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID 222 | 223 | //> Generic groups 224 | // all jump instructions (conditional+direct+indirect jumps) 225 | XCORE_GRP_JUMP, // = CS_GRP_JUMP 226 | 227 | XCORE_GRP_ENDING, // <-- mark the end of the list of groups 228 | } xcore_insn_group; 229 | 230 | #ifdef __cplusplus 231 | } 232 | #endif 233 | 234 | #endif 235 | -------------------------------------------------------------------------------- /main.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "anticuckoo.h" 3 | 4 | int _tmain(int argc, _TCHAR* argv[]) 5 | { 6 | int returnf; 7 | 8 | returnf = AntiCuckoo(argc, argv); 9 | system("pause"); 10 | 11 | return returnf == 0 ? 0 : 1; 12 | } 13 | -------------------------------------------------------------------------------- /misc.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "misc.h" 3 | 4 | bool verbose = false; -------------------------------------------------------------------------------- /misc.h: -------------------------------------------------------------------------------- 1 | #ifndef _MISC_H__ 2 | #define _MISC_H__ 3 | 4 | #define PAGE_SIZE 4096 5 | 6 | typedef struct 7 | { 8 | char * data; 9 | size_t size; 10 | } DATA_ENTRY_t; 11 | 12 | #define Error(format,...) fprintf(stderr, "Error: " format "\n", __VA_ARGS__); 13 | #define Warning(format,...) printf("Warning: " format "\n", __VA_ARGS__); 14 | #define OutInfo(format,...) printf(format "\n", __VA_ARGS__); 15 | 16 | extern bool verbose; 17 | 18 | #endif /* _MISC_H__ */ -------------------------------------------------------------------------------- /poc_exe.h: -------------------------------------------------------------------------------- 1 | #ifndef _POC_EXE_H__ 2 | #define _POC_EXE_H__ 3 | unsigned char exe_poc[] = 4 | { 5 | 0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 6 | 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 7 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 8 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xB0, 0x00, 0x00, 0x00, 9 | 0x0E, 0x1F, 0xBA, 0x0E, 0x00, 0xB4, 0x09, 0xCD, 0x21, 0xB8, 0x01, 0x4C, 0xCD, 0x21, 0x54, 0x68, 10 | 0x69, 0x73, 0x20, 0x70, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x20, 0x63, 0x61, 0x6E, 0x6E, 0x6F, 11 | 0x74, 0x20, 0x62, 0x65, 0x20, 0x72, 0x75, 0x6E, 0x20, 0x69, 0x6E, 0x20, 0x44, 0x4F, 0x53, 0x20, 12 | 0x6D, 0x6F, 0x64, 0x65, 0x2E, 0x0D, 0x0D, 0x0A, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 13 | 0xBD, 0x0F, 0xCB, 0xDA, 0xF9, 0x6E, 0xA5, 0x89, 0xF9, 0x6E, 0xA5, 0x89, 0xF9, 0x6E, 0xA5, 0x89, 14 | 0x77, 0x71, 0xB6, 0x89, 0xFD, 0x6E, 0xA5, 0x89, 0x05, 0x4E, 0xB7, 0x89, 0xF8, 0x6E, 0xA5, 0x89, 15 | 0x52, 0x69, 0x63, 0x68, 0xF9, 0x6E, 0xA5, 0x89, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 16 | 0x50, 0x45, 0x00, 0x00, 0x4C, 0x01, 0x02, 0x00, 0xDB, 0x66, 0xCF, 0x55, 0x00, 0x00, 0x00, 0x00, 17 | 0x00, 0x00, 0x00, 0x00, 0xE0, 0x00, 0x0F, 0x01, 0x0B, 0x01, 0x05, 0x0C, 0x00, 0x02, 0x00, 0x00, 18 | 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 19 | 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 20 | 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 21 | 0x00, 0x30, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x4D, 0x1E, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 22 | 0x00, 0x00, 0x10, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x10, 0x00, 0x00, 23 | 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 24 | 0x08, 0x20, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 25 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 26 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 27 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 28 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 29 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 30 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 31 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2E, 0x74, 0x65, 0x78, 0x74, 0x00, 0x00, 0x00, 32 | 0x12, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 33 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x60, 34 | 0x2E, 0x72, 0x64, 0x61, 0x74, 0x61, 0x00, 0x00, 0x4E, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 35 | 0x00, 0x02, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 36 | 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 37 | 0x68, 0x88, 0x13, 0x00, 0x00, 0xE8, 0x02, 0x00, 0x00, 0x00, 0xEB, 0xF4, 0xFF, 0x25, 0x00, 0x20, 38 | 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 39 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 40 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 41 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 42 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 43 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 44 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 45 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 46 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 47 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 48 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 49 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 50 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 51 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 52 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 53 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 54 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 55 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 56 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 57 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 58 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 59 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 60 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 61 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 62 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 63 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 64 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 65 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 66 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 67 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 68 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 69 | 0x38, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 70 | 0x00, 0x00, 0x00, 0x00, 0x40, 0x20, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 71 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 72 | 0x38, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xB7, 0x02, 0x53, 0x6C, 0x65, 0x65, 0x70, 0x00, 73 | 0x6B, 0x65, 0x72, 0x6E, 0x65, 0x6C, 0x33, 0x32, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x00, 74 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 75 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 76 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 77 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 78 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 79 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 80 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 81 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 82 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 83 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 84 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 85 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 86 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 87 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 88 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 89 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 90 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 91 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 92 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 93 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 94 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 95 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 96 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 97 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 98 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 99 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 100 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 101 | }; 102 | 103 | #endif /* _POC_EXE_H__ */ -------------------------------------------------------------------------------- /stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // anticuckoo.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | --------------------------------------------------------------------------------