├── README.md ├── arm64 ├── aarch64_pac │ ├── makefile │ └── aarch64_pac.cpp ├── aarch64_move │ ├── makefile │ └── aarch64_move.cpp ├── prologue.py ├── Simp7.py └── Simp.py ├── arm32 └── zpair.py ├── tarjan.py ├── cmp_ccmp.c ├── hnight7.py └── hnight.py /README.md: -------------------------------------------------------------------------------- 1 | An amalgam of [mostly useless] IDA Pro/HexRays plugins, mainly targeted at ARM processors. 2 | -------------------------------------------------------------------------------- /arm64/aarch64_pac/makefile: -------------------------------------------------------------------------------- 1 | PROC=aarch64_pac 2 | include ../plugin.mak 3 | 4 | # MAKEDEP dependency list ------------------ 5 | $(F)aarch64_pac$(O) : $(I)segregs.hpp $(I)bitrange.hpp $(I)bytes.hpp $(I)fpro.h \ 6 | $(I)funcs.hpp $(I)ida.hpp $(I)idp.hpp $(I)kernwin.hpp \ 7 | $(I)lines.hpp $(I)llong.hpp $(I)loader.hpp $(I)nalt.hpp \ 8 | $(I)netnode.hpp $(I)pro.h $(I)segment.hpp $(I)ua.hpp \ 9 | $(I)xref.hpp aarch64_pac.cpp 10 | -------------------------------------------------------------------------------- /arm64/aarch64_move/makefile: -------------------------------------------------------------------------------- 1 | PROC=aarch64_move 2 | include ../plugin.mak 3 | 4 | # MAKEDEP dependency list ------------------ 5 | $(F)aarch64_move$(O) : $(I)segregs.hpp $(I)bitrange.hpp $(I)bytes.hpp $(I)fpro.h \ 6 | $(I)funcs.hpp $(I)ida.hpp $(I)idp.hpp $(I)kernwin.hpp \ 7 | $(I)lines.hpp $(I)llong.hpp $(I)loader.hpp $(I)nalt.hpp \ 8 | $(I)netnode.hpp $(I)pro.h $(I)segment.hpp $(I)ua.hpp \ 9 | $(I)xref.hpp aarch64_move.cpp 10 | -------------------------------------------------------------------------------- /arm32/zpair.py: -------------------------------------------------------------------------------- 1 | # Fix Thumb-2 movw/movt offsets for zero-based binaries (no ADD PC) 2 | # 3 | # Copyright (c) 2017 xerub 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | import idaapi 19 | import idc 20 | 21 | DISTANCE = 4 22 | 23 | CODE = 2 24 | DATA = 3 25 | 26 | def get_segments_of_type(attr): 27 | segs = [] 28 | seg = FirstSeg() 29 | while seg != BADADDR: 30 | if GetSegmentAttr(seg, SEGATTR_TYPE) == attr: 31 | segs.append(seg) 32 | seg = NextSeg(seg) 33 | return segs 34 | 35 | def doit(seg_start, low, high): 36 | seg_end = SegEnd(seg_start) 37 | 38 | for funcea in Functions(seg_start, seg_end): 39 | functionName = GetFunctionName(funcea) 40 | for (startea, endea) in Chunks(funcea): 41 | for head in Heads(startea, endea): 42 | #print functionName, ":", hex(head), ":", GetDisasm(head) 43 | i1 = Dword(head) 44 | if (i1 & 0x8000FBF0) == 0xF240: 45 | reg = (i1 >> 24) & 0xF 46 | tail = head + 4 47 | while tail <= head + 4 + DISTANCE: 48 | i2 = Dword(tail) 49 | if (i2 & 0x8000FBF0) == 0xF2C0 and (i2 >> 24) & 0xF == reg: 50 | lo = i1 & 0xFFFF 51 | hi = (i1 >> 16) & 0xFFFF 52 | val1 = ((lo & 0xF) << 12) | ((lo & 0x0400) << 1) | ((hi & 0x7000) >> 4) | (hi & 0xFF) 53 | lo = i2 & 0xFFFF 54 | hi = (i2 >> 16) & 0xFFFF 55 | val2 = ((lo & 0xF) << 12) | ((lo & 0x0400) << 1) | ((hi & 0x7000) >> 4) | (hi & 0xFF) 56 | val = val1 | (val2 << 16) 57 | if val >= low and val <= high: 58 | if tail > head + 4: 59 | #print "0x%x-0x%x R%d = 0x%x" % (head, tail, reg, val) 60 | OpOffEx(head, 1, REF_LOW16, val, 0, 0) 61 | OpOffEx(tail, 1, REF_HIGH16, val, 0, 0) 62 | else: 63 | #print "0x%x+0x%x R%d = 0x%x" % (head, tail, reg, val) 64 | OpOff(head, 1, 0) 65 | break 66 | if ((i2 >> 8) & 0xF8) > 0xE0: 67 | tail = tail + 2 68 | tail = tail + 2 69 | 70 | 71 | code = get_segments_of_type(CODE) 72 | if len(code) > 0: 73 | doit(code[0], GetLongPrm(INF_LOW_OFF), GetLongPrm(INF_HIGH_OFF)) 74 | -------------------------------------------------------------------------------- /tarjan.py: -------------------------------------------------------------------------------- 1 | # SCC IDA script 2 | # 3 | # Copyright (c) 2015 xerub 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | 18 | import idautils 19 | import idc 20 | import idaapi 21 | 22 | 23 | def strongly_connected_components(graph): 24 | """ 25 | Tarjan's Algorithm (named for its discoverer, Robert Tarjan) is a graph theory algorithm 26 | for finding the strongly connected components of a graph. 27 | 28 | Based on: http://en.wikipedia.org/wiki/Tarjan%27s_strongly_connected_components_algorithm 29 | """ 30 | 31 | index_counter = [0] 32 | stack = [] 33 | lowlinks = {} 34 | index = {} 35 | result = [] 36 | 37 | def strongconnect(node): 38 | # set the depth index for this node to the smallest unused index 39 | index[node] = index_counter[0] 40 | lowlinks[node] = index_counter[0] 41 | index_counter[0] += 1 42 | stack.append(node) 43 | 44 | # Consider successors of `node` 45 | try: 46 | successors = graph[node] 47 | except: 48 | successors = [] 49 | for successor in successors: 50 | if successor not in lowlinks: 51 | # Successor has not yet been visited; recurse on it 52 | strongconnect(successor) 53 | lowlinks[node] = min(lowlinks[node],lowlinks[successor]) 54 | elif successor in stack: 55 | # the successor is in the stack and hence in the current strongly connected component (SCC) 56 | lowlinks[node] = min(lowlinks[node],index[successor]) 57 | 58 | # If `node` is a root node, pop the stack and generate an SCC 59 | if lowlinks[node] == index[node]: 60 | connected_component = [] 61 | 62 | while True: 63 | successor = stack.pop() 64 | connected_component.append(successor) 65 | if successor == node: break 66 | component = tuple(connected_component) 67 | # storing the result 68 | #result.append(component) 69 | if len(component) > 1 or node in successors: result.append(component) 70 | 71 | for node in graph: 72 | if node not in lowlinks: 73 | strongconnect(node) 74 | 75 | return result 76 | 77 | 78 | def get_succ(func_start): 79 | succ = set() 80 | for h in idautils.FuncItems(func_start): 81 | for r in idautils.XrefsFrom(h, 0): 82 | if r.type == fl_CF or r.type == fl_CN: 83 | #print hex(h), "-->", hex(r.to) 84 | succ.add(r.to) 85 | return succ 86 | 87 | 88 | graph = {} 89 | 90 | print "+graph" 91 | for f in idautils.Functions(): 92 | sux = get_succ(f) 93 | if sux: 94 | graph[f] = sux 95 | 96 | print "+tarjan" 97 | result = strongly_connected_components(graph) 98 | 99 | print "+done" 100 | for r in result: 101 | for f in r: 102 | print(Name(f)), 103 | print "-" 104 | -------------------------------------------------------------------------------- /arm64/prologue.py: -------------------------------------------------------------------------------- 1 | # Fix clang function prologues 2 | # WARNING: this WILL patch bytes in the database 3 | # 4 | # Copyright (c) 2015 xerub 5 | # 6 | # This program is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 2 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program. If not, see . 18 | 19 | # convert this: 20 | #__text:0000000100004730 FA 67 BB A9 STP X26, X25, [SP,#-0x50]! 21 | #__text:0000000100004734 F8 5F 01 A9 STP X24, X23, [SP,#0x10] 22 | #__text:0000000100004738 F6 57 02 A9 STP X22, X21, [SP,#0x20] 23 | #__text:000000010000473C F4 4F 03 A9 STP X20, X19, [SP,#0x30] 24 | #__text:0000000100004740 FD 7B 04 A9 STP X29, X30, [SP,#0x40] 25 | #__text:0000000100004744 FD 03 01 91 ADD X29, SP, #0x40 26 | # 27 | # to this: 28 | #__text:0000000100004730 FD 7B BF A9 STP X29, X30, [SP,#-0x10]! 29 | #__text:0000000100004734 FD 03 00 91 MOV X29, SP 30 | #__text:0000000100004738 F4 4F BF A9 STP X20, X19, [SP,#-0x10]! 31 | #__text:000000010000473C F6 57 BF A9 STP X22, X21, [SP,#-0x10]! 32 | #__text:0000000100004740 F8 5F BF A9 STP X24, X23, [SP,#-0x10]! 33 | #__text:0000000100004744 FA 67 BF A9 STP X26, X25, [SP,#-0x10]! 34 | 35 | import idaapi 36 | import idc 37 | 38 | CODE = 2 39 | DATA = 3 40 | 41 | def get_segments_of_type(attr): 42 | segs = [] 43 | seg = FirstSeg() 44 | while seg != BADADDR: 45 | if GetSegmentAttr(seg, SEGATTR_TYPE) == attr: 46 | segs.append(seg) 47 | seg = NextSeg(seg) 48 | return segs 49 | 50 | def doit(seg_start): 51 | seg_end = SegEnd(seg_start) 52 | 53 | ea = seg_start 54 | while ea < seg_end: 55 | d = Dword(ea) 56 | if (d & 0xFFC003FF) == 0x910003FD: 57 | # add x29, sp, #imm 58 | delta = (d >> 10) & 0xFFF 59 | if delta != 0 and (delta & 0xF) == 0: 60 | prev_ea = ea - 4 61 | prev_imm = delta + 0x10 62 | insns = [] 63 | 64 | while prev_ea >= seg_start: 65 | prev = Dword(prev_ea) 66 | 67 | imm = (prev >> 15) & 0x7F 68 | if imm > 63: 69 | imm -= 128 70 | imm *= 8 71 | 72 | if (prev & 0xFFC003E0) == 0xA90003E0 and prev_imm == imm + 0x10 and imm > 0: 73 | # stp x, y, [sp,#imm] 74 | insns.append([prev & 0x7c1f, imm, False]) 75 | elif (prev & 0xFFC003E0) == 0xA98003E0 and delta + imm + 0x10 == 0: 76 | # stp x, y, [sp,#-imm]! 77 | insns.append([prev & 0x7c1f, imm, True]) 78 | break 79 | else: 80 | break 81 | 82 | prev_imm = imm 83 | prev_ea -= 4 84 | 85 | if len(insns) != 0 and insns[-1][2] == True and insns[0][0] == 0x781D: 86 | print "fixing BP frame at %x: 0x%x" % (prev_ea, delta) 87 | startf = prev_ea 88 | 89 | first = True 90 | for elt in insns: 91 | PatchDword(prev_ea, 0xA9BF03E0 | elt[0]) 92 | if first: 93 | first = False 94 | prev_ea += 4 95 | PatchDword(prev_ea, 0x910003FD) 96 | prev_ea += 4 97 | 98 | DelFunction(startf) 99 | MakeFunction(startf, BADADDR) 100 | 101 | ea += 4 102 | 103 | code = get_segments_of_type(CODE) 104 | if len(code) > 0: 105 | doit(code[0]) 106 | -------------------------------------------------------------------------------- /arm64/Simp7.py: -------------------------------------------------------------------------------- 1 | # AArch64 mov simplifier IDA7 plugin 2 | # 3 | # Copyright (c) 2015, 2017 xerub 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | # 18 | # based on Rolf Rolles x86 deobfuscator http://www.msreverseengineering.com 19 | 20 | import idaapi 21 | import idc 22 | 23 | ARM64_MOVE_I = idaapi.ARM_mov 24 | 25 | def dump_cmd(insn): 26 | print "cs = %lx" % insn.cs 27 | print "ip = %lx" % insn.ip 28 | print "ea = %lx" % insn.ea 29 | print "itype = %lx" % insn.itype 30 | print "size = %lx" % insn.size 31 | print "auxpref = %lx" % insn.auxpref 32 | print "segpref = %x" % ord(insn.segpref) 33 | print "insnpref = %x" % ord(insn.insnpref) 34 | print "flags = %lx" % insn.flags 35 | 36 | def dump_op(op): 37 | print "n = %lx" % op.n 38 | print "type = %lx" % op.type 39 | print "offb = %lx" % op.offb 40 | print "offo = %lx" % op.offo 41 | print "flags = %lx" % op.flags 42 | print "dtyp = %lx" % op.dtype 43 | print "reg = %lx" % op.reg 44 | print "phrase = %lx" % op.phrase 45 | print "value = %lx" % op.value 46 | print "addr = %lx" % op.addr 47 | print "specval = %lx" % op.specval 48 | print "specflag1 = %lx" % op.specflag1 49 | print "specflag2 = %lx" % op.specflag2 50 | print "specflag3 = %lx" % op.specflag3 51 | print "specflag4 = %lx" % op.specflag4 52 | 53 | def HighestSetBit(N, imm): 54 | i = N - 1 55 | while i >= 0: 56 | if imm & (1 << i): 57 | return i 58 | i -= 1 59 | return -1 60 | 61 | def ZeroExtendOnes(M, N): # zero extend M ones to N width 62 | return (1 << M) - 1 63 | 64 | def RORZeroExtendOnes(M, N, R): 65 | val = ZeroExtendOnes(M, N) 66 | return ((val >> R) & ((1 << (N - R)) - 1)) | ((val & ((1 << R) - 1)) << (N - R)) 67 | 68 | def Replicate(val, bits): 69 | ret = val 70 | shift = bits 71 | while shift < 64: # XXX actually, it is either 32 or 64 72 | ret |= (val << shift) 73 | shift += bits 74 | return ret 75 | 76 | def DecodeBitMasks(immN, imms, immr, immediate): 77 | len = HighestSetBit(7, (immN << 6) | (~imms & 0x3F)) 78 | if len < 1: 79 | return None 80 | levels = ZeroExtendOnes(len, 6) 81 | if immediate and (imms & levels) == levels: 82 | return None 83 | S = imms & levels 84 | R = immr & levels 85 | esize = 1 << len 86 | return Replicate(RORZeroExtendOnes(S + 1, esize, R), esize) 87 | 88 | def DecodeMov(opcode, total, first): 89 | # opc 90 | o = (opcode >> 29) & 3 91 | # constant 92 | k = (opcode >> 23) & 0x3F 93 | 94 | if k == 0x24 and o == 1: # MOV (bitmask imm) <=> ORR (immediate) 95 | # sf 96 | s = (opcode >> 31) & 1 97 | # N 98 | N = (opcode >> 22) & 1 99 | if s == 0 and N != 0: 100 | return None 101 | # rn 102 | rn = (opcode >> 5) & 0x1F 103 | if rn == 31: 104 | imms = (opcode >> 10) & 0x3F 105 | immr = (opcode >> 16) & 0x3F 106 | return DecodeBitMasks(N, imms, immr, True) 107 | elif k == 0x25: # MOVN/MOVZ/MOVK 108 | # sf 109 | s = (opcode >> 31) & 1 110 | # hw 111 | h = (opcode >> 21) & 3 112 | # imm16 113 | i = (opcode >> 5) & 0xFFFF 114 | if s == 0 and h > 1: 115 | return None 116 | h *= 16 117 | i <<= h 118 | if o == 0: # MOVN 119 | return ~i 120 | elif o == 2: # MOVZ 121 | return i 122 | elif o == 3 and not first: # MOVK 123 | return (total & ~(0xFFFF << h)) | i 124 | elif (k | 1) == 0x23 and not first: # ADD (immediate) 125 | # shift 126 | h = (opcode >> 22) & 3 127 | if h > 1: 128 | return None 129 | # rn 130 | rd = opcode & 0x1F 131 | rn = (opcode >> 5) & 0x1F 132 | if rd != rn: 133 | return None 134 | # imm12 135 | i = (opcode >> 10) & 0xFFF 136 | h *= 12 137 | i <<= h 138 | if o & 2: # SUB 139 | return total - i 140 | else: # ADD 141 | return total + i 142 | 143 | return None 144 | 145 | def check_mov_sequence(ea): 146 | oldea = ea 147 | reg = -1 148 | total = 0 149 | is64 = False 150 | while idaapi.getseg(ea).use64(): 151 | d = idaapi.get_dword(ea) 152 | # reg 153 | r = d & 0x1F 154 | if reg >= 0 and reg != r: 155 | break 156 | newval = DecodeMov(d, total, reg < 0) 157 | if newval is None: 158 | break 159 | if reg >= 0 and idaapi.get_first_fcref_to(ea) != idaapi.BADADDR: 160 | break 161 | if (d >> 31) & 1: 162 | is64 = True 163 | total = newval 164 | reg = r 165 | ea += 4 166 | return ea - oldea, reg, is64, total 167 | 168 | def is_my_mov(insn): 169 | if insn.itype == ARM64_MOVE_I and insn.flags == idaapi.INSN_MACRO and insn.size > 4: 170 | return True 171 | return False 172 | 173 | class simpA64Hook(idaapi.IDP_Hooks): 174 | def __init__(self): 175 | idaapi.IDP_Hooks.__init__(self) 176 | self.n = idaapi.netnode("$ A64 Simplifier",0,1) 177 | 178 | def ev_ana_insn(self, insn): 179 | len, reg, is64, imm = check_mov_sequence(insn.ea) 180 | if len > 4: 181 | #print "0x%x: MOV/MOVK %c%d, #0x%x" % (insn.ea, 'X' if is64 else 'W', reg, imm) 182 | #dump_cmd(insn) 183 | #dump_op(insn.Op1) 184 | #dump_op(insn.Op2) 185 | insn.itype = ARM64_MOVE_I 186 | insn.segpref = 14 # ARM Condition = ALways 187 | insn.Op1.type = idaapi.o_reg 188 | insn.Op1.dtype = idaapi.dt_qword if is64 else idaapi.dt_dword 189 | insn.Op1.reg = reg + 129 # Use Wn/Xn registers instead of Rn 190 | insn.Op2.type = idaapi.o_imm 191 | insn.Op2.dtype = idaapi.dt_qword if is64 else idaapi.dt_dword 192 | insn.Op2.value = imm 193 | insn.flags = idaapi.INSN_MACRO 194 | insn.size = len 195 | return True 196 | return False 197 | 198 | def ev_out_mnem(self, ctx): # totally optional 199 | if is_my_mov(ctx.insn): 200 | ctx.out_custom_mnem("MOVE", idaapi.get_inf_structure().indent) 201 | return 1 202 | return 0 203 | 204 | class simpa64_t(idaapi.plugin_t): 205 | flags = idaapi.PLUGIN_PROC 206 | comment = "Simplifier" 207 | wanted_hotkey = "Alt-Z" 208 | help = "Runs transparently" 209 | wanted_name = "simpa64" 210 | hook = None 211 | enabled = 1 212 | 213 | def init(self): 214 | self.hook = None 215 | if idaapi.ph_get_id() != idaapi.PLFM_ARM or idaapi.BADADDR <= 0xFFFFFFFF: 216 | return idaapi.PLUGIN_SKIP 217 | 218 | self.hook = simpA64Hook() 219 | flag = self.hook.n.altval(0) 220 | if flag: 221 | self.enabled = flag - 1 222 | print "%s is %sabled" % (self.wanted_name, "en" if self.enabled else "dis") 223 | if self.enabled: 224 | self.hook.hook() 225 | return idaapi.PLUGIN_KEEP 226 | 227 | def run(self, arg): 228 | print "%sabling %s" % ("dis" if self.enabled else "en", self.wanted_name) 229 | if self.enabled: 230 | self.hook.unhook() 231 | else: 232 | self.hook.hook() 233 | self.enabled = self.enabled ^ 1 234 | self.hook.n.altset(0, self.enabled + 1) 235 | idc.Refresh() 236 | 237 | def term(self): 238 | if self.hook: 239 | self.hook.unhook() 240 | 241 | def PLUGIN_ENTRY(): 242 | return simpa64_t() 243 | -------------------------------------------------------------------------------- /cmp_ccmp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * cmp/ccmp 3 | * 4 | * Copyright (c) 2015 xerub 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | /* 12 | CMP A, B 13 | CCMP C, D, NZCV, COND1 14 | B.COND2 label 15 | 16 | nzcv = cmp(A, B); 17 | if (COND1(nzcv)) { 18 | nzcv = cmp(C, D); 19 | } else { 20 | nzcv = NZCV 21 | } 22 | if (COND2(nzcv)) { 23 | goto label 24 | } 25 | 26 | if (COND1(A, B)) { 27 | if (COND2(C, D)) { 28 | goto label 29 | } 30 | } else { 31 | if (COND2(NZCV)) { 32 | goto label 33 | } 34 | } 35 | */ 36 | 37 | #define FLAG_N (1 << 3) 38 | #define FLAG_Z (1 << 2) 39 | #define FLAG_C (1 << 1) 40 | #define FLAG_V (1 << 0) 41 | 42 | struct condition_t { 43 | const char *name; 44 | unsigned int mask; 45 | unsigned int result1; 46 | unsigned int result2; 47 | int inverse; 48 | char *templ; 49 | } tab[] = { 50 | /* flags tested (mask) (must equal this) (or this) */ 51 | { "eq", FLAG_Z, FLAG_Z, FLAG_Z, 0, "%s == %s" }, 52 | { "ne", FLAG_Z, FLAG_Z, FLAG_Z, 1, "%s != %s" }, 53 | { "cs", FLAG_C, FLAG_C, FLAG_C, 0, "(unsigned)%s >= %s" }, 54 | { "cc", FLAG_C, FLAG_C, FLAG_C, 1, "(unsigned)%s < %s" }, 55 | { "hi", FLAG_Z | FLAG_C, FLAG_C, FLAG_C, 0, "(unsigned)%s > %s" }, 56 | { "ls", FLAG_Z | FLAG_C, FLAG_C, FLAG_C, 1, "(unsigned)%s <= %s" }, 57 | { "ge", FLAG_N | FLAG_V, FLAG_N|FLAG_V, 0, 0, "(signed)%s >= %s" }, 58 | { "lt", FLAG_N | FLAG_V, FLAG_N|FLAG_V, 0, 1, "(signed)%s < %s" }, 59 | { "gt", FLAG_N | FLAG_Z | FLAG_V, FLAG_N|FLAG_V, 0, 0, "(signed)%s > %s" }, 60 | { "le", FLAG_N | FLAG_Z | FLAG_V, FLAG_N|FLAG_V, 0, 1, "(signed)%s <= %s" }, 61 | { NULL, 0, 0, 0, 0, NULL } 62 | }; 63 | 64 | /* 65 | eq Equal. Z==1 66 | ne Not equal. Z==0 67 | cs/hs Unsigned higher or same (or carry set). C==1 68 | cc/lo Unsigned lower (or carry clear). C==0 69 | mi Negative. The mnemonic stands for "minus". N==1 70 | pl Positive or zero. The mnemonic stands for "plus". N==0 71 | vs Signed overflow. The mnemonic stands for "V set". V==1 72 | vc No signed overflow. The mnemonic stands for "V clear". V==0 73 | hi Unsigned higher. (C==1) && (Z==0) 74 | ls Unsigned lower or same. (C==0) || (Z==1) 75 | ge Signed greater than or equal. N==V 76 | lt Signed less than. N!=V 77 | gt Signed greater than. (Z==0) && (N==V) 78 | le Signed less than or equal. (Z==1) || (N!=V) 79 | */ 80 | 81 | static const struct condition_t * 82 | flipcond(const struct condition_t *c) 83 | { 84 | if (c->inverse) { 85 | return --c; 86 | } 87 | return ++c; 88 | } 89 | 90 | static const struct condition_t * 91 | getcond(const char *name) 92 | { 93 | struct condition_t *c; 94 | for (c = tab; c->name; c++) { 95 | if (!strcasecmp(c->name, name)) { 96 | return c; 97 | } 98 | } 99 | return NULL; 100 | } 101 | 102 | static int 103 | evalcond(const char *name, unsigned int nzcv) 104 | { 105 | struct condition_t *c; 106 | for (c = tab; c->name; c++) { 107 | if (!strcasecmp(c->name, name)) { 108 | /* found condition */ 109 | unsigned int r = nzcv & c->mask; 110 | int result = (r == c->result1 || r == c->result2); 111 | if (result ^ c->inverse) { 112 | return 1; 113 | } 114 | return 0; 115 | } 116 | } 117 | return -1; 118 | } 119 | 120 | static int 121 | pr1(const char *A, 122 | const char *B, 123 | const char *C, 124 | const char *D, 125 | unsigned int NZCV, 126 | const char *COND1, 127 | const char *COND2, 128 | const char *label) 129 | { 130 | const struct condition_t *c1 = getcond(COND1); 131 | const struct condition_t *c2 = getcond(COND2); 132 | int e = evalcond(COND2, NZCV); 133 | assert(c1 && c2 && e >= 0); 134 | 135 | printf("if ("); 136 | printf(c1->templ, A, B); 137 | printf(") {\n"); 138 | 139 | printf("\tif ("); 140 | printf(c2->templ, C, D); 141 | printf(") {\n"); 142 | printf("\t\tgoto %s;\n", label); 143 | printf("\t}\n"); 144 | if (e) { 145 | printf("} else {\n"); 146 | printf("\tgoto %s;\n", label); 147 | } 148 | 149 | printf("}\n"); 150 | 151 | return 0; 152 | } 153 | 154 | static int 155 | qr1(const char *A, 156 | const char *B, 157 | const char *C, 158 | const char *D, 159 | unsigned int NZCV, 160 | const char *COND1, 161 | const char *COND2, 162 | const char *label) 163 | { 164 | const struct condition_t *c1 = getcond(COND1); 165 | const struct condition_t *c2 = getcond(COND2); 166 | int e = evalcond(COND2, NZCV); 167 | assert(c1 && c2 && e >= 0); 168 | 169 | printf("if ("); 170 | if (e) { 171 | c1 = flipcond(c1); 172 | printf(c1->templ, A, B); 173 | printf(" || "); 174 | } else { 175 | printf(c1->templ, A, B); 176 | printf(" && "); 177 | } 178 | printf(c2->templ, C, D); 179 | printf(") goto %s;\n", label); 180 | 181 | return 0; 182 | } 183 | 184 | int 185 | main(void) 186 | { 187 | /* 188 | CMP W12, W9 189 | CCMP W2, #0, #0, HI 190 | B.EQ label 191 | */ 192 | pr1("W12", "W9", "W2", "0", 0, "HI", "EQ", "label"); 193 | printf("-\n"); 194 | qr1("W12", "W9", "W2", "0", 0, "HI", "EQ", "label"); 195 | printf("==\n"); 196 | 197 | /* 198 | CMP W11, #0x80 199 | CCMP W11, #0x1F, #0, NE 200 | B.CC label 201 | */ 202 | pr1("W11", "0x80", "W11", "0x1F", 0, "NE", "CC", "label"); 203 | printf("-\n"); 204 | qr1("W11", "0x80", "W11", "0x1F", 0, "NE", "CC", "label"); 205 | printf("==\n"); 206 | return 0; 207 | } 208 | -------------------------------------------------------------------------------- /arm64/Simp.py: -------------------------------------------------------------------------------- 1 | # AArch64 mov simplifier IDA plugin 2 | # 3 | # Copyright (c) 2015 xerub 4 | # 5 | # This program is free software; you can redistribute it and/or modify 6 | # it under the terms of the GNU General Public License as published by 7 | # the Free Software Foundation; either version 2 of the License, or 8 | # (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program. If not, see . 17 | # 18 | # based on Rolf Rolles x86 deobfuscator http://www.msreverseengineering.com 19 | 20 | import idaapi 21 | import idc 22 | 23 | ARM64_MOVE_I = idaapi.ARM_mov 24 | 25 | def dump_cmd(cmd): 26 | print "cs = %lx" % cmd.cs 27 | print "ip = %lx" % cmd.ip 28 | print "ea = %lx" % cmd.ea 29 | print "itype = %lx" % cmd.itype 30 | print "size = %lx" % cmd.size 31 | print "auxpref = %lx" % cmd.auxpref 32 | print "segpref = %lx" % cmd.segpref 33 | print "insnpref = %lx" % cmd.insnpref 34 | print "flags = %lx" % cmd.flags 35 | 36 | def dump_op(op): 37 | print "n = %lx" % op.n 38 | print "type = %lx" % op.type 39 | print "offb = %lx" % op.offb 40 | print "offo = %lx" % op.offo 41 | print "flags = %lx" % op.flags 42 | print "dtyp = %lx" % op.dtyp 43 | print "reg = %lx" % op.reg 44 | print "phrase = %lx" % op.phrase 45 | print "value = %lx" % op.value 46 | print "addr = %lx" % op.addr 47 | print "specval = %lx" % op.specval 48 | print "specflag1 = %lx" % op.specflag1 49 | print "specflag2 = %lx" % op.specflag2 50 | print "specflag3 = %lx" % op.specflag3 51 | print "specflag4 = %lx" % op.specflag4 52 | 53 | def HighestSetBit(N, imm): 54 | i = N - 1 55 | while i >= 0: 56 | if imm & (1 << i): 57 | return i 58 | i -= 1 59 | return -1 60 | 61 | def ZeroExtendOnes(M, N): # zero extend M ones to N width 62 | return (1 << M) - 1 63 | 64 | def RORZeroExtendOnes(M, N, R): 65 | val = ZeroExtendOnes(M, N) 66 | return ((val >> R) & ((1 << (N - R)) - 1)) | ((val & ((1 << R) - 1)) << (N - R)) 67 | 68 | def Replicate(val, bits): 69 | ret = val 70 | shift = bits 71 | while shift < 64: # XXX actually, it is either 32 or 64 72 | ret |= (val << shift) 73 | shift += bits 74 | return ret 75 | 76 | def DecodeBitMasks(immN, imms, immr, immediate): 77 | len = HighestSetBit(7, (immN << 6) | (~imms & 0x3F)) 78 | if len < 1: 79 | return None 80 | levels = ZeroExtendOnes(len, 6) 81 | if immediate and (imms & levels) == levels: 82 | return None 83 | S = imms & levels 84 | R = immr & levels 85 | esize = 1 << len 86 | return Replicate(RORZeroExtendOnes(S + 1, esize, R), esize) 87 | 88 | def DecodeMov(opcode, total, first): 89 | # opc 90 | o = (opcode >> 29) & 3 91 | # constant 92 | k = (opcode >> 23) & 0x3F 93 | 94 | if k == 0x24 and o == 1: # MOV (bitmask imm) <=> ORR (immediate) 95 | # sf 96 | s = (opcode >> 31) & 1 97 | # N 98 | N = (opcode >> 22) & 1 99 | if s == 0 and N != 0: 100 | return None 101 | # rn 102 | rn = (opcode >> 5) & 0x1F 103 | if rn == 31: 104 | imms = (opcode >> 10) & 0x3F 105 | immr = (opcode >> 16) & 0x3F 106 | return DecodeBitMasks(N, imms, immr, True) 107 | elif k == 0x25: # MOVN/MOVZ/MOVK 108 | # sf 109 | s = (opcode >> 31) & 1 110 | # hw 111 | h = (opcode >> 21) & 3 112 | # imm16 113 | i = (opcode >> 5) & 0xFFFF 114 | if s == 0 and h > 1: 115 | return None 116 | h *= 16 117 | i <<= h 118 | if o == 0: # MOVN 119 | return ~i 120 | elif o == 2: # MOVZ 121 | return i 122 | elif o == 3 and not first: # MOVK 123 | return (total & ~(0xFFFF << h)) | i 124 | elif (k | 1) == 0x23 and not first: # ADD (immediate) 125 | # shift 126 | h = (opcode >> 22) & 3 127 | if h > 1: 128 | return None 129 | # rn 130 | rd = opcode & 0x1F 131 | rn = (opcode >> 5) & 0x1F 132 | if rd != rn: 133 | return None 134 | # imm12 135 | i = (opcode >> 10) & 0xFFF 136 | h *= 12 137 | i <<= h 138 | if o & 2: # SUB 139 | return total - i 140 | else: # ADD 141 | return total + i 142 | 143 | return None 144 | 145 | def check_mov_sequence(ea): 146 | oldea = ea 147 | reg = -1 148 | total = 0 149 | is64 = False 150 | while idaapi.getseg(ea).use64(): 151 | d = idaapi.get_long(ea) 152 | # reg 153 | r = d & 0x1F 154 | if reg >= 0 and reg != r: 155 | break 156 | newval = DecodeMov(d, total, reg < 0) 157 | if newval is None: 158 | break 159 | if reg >= 0 and idaapi.get_first_fcref_to(ea) != idaapi.BADADDR: 160 | break 161 | if (d >> 31) & 1: 162 | is64 = True 163 | total = newval 164 | reg = r 165 | ea += 4 166 | return ea - oldea, reg, is64, total 167 | 168 | def is_my_mov(cmd): 169 | if cmd.itype == ARM64_MOVE_I and cmd.flags == idaapi.INSN_MACRO and cmd.size > 4: 170 | return True 171 | return False 172 | 173 | def check_ubfm_shift(ea): 174 | if idaapi.getseg(ea).use64(): 175 | opcode = idaapi.get_long(ea) 176 | # opc 177 | o = (opcode >> 29) & 3 178 | # constant 179 | k = (opcode >> 23) & 0x3F 180 | if (o & 1) == 0 and k == 0x26: 181 | # sf 182 | s = (opcode >> 31) & 1 183 | # N 184 | N = (opcode >> 22) & 1 185 | if s == N: 186 | # imm 187 | imms = (opcode >> 10) & 0x3F 188 | immr = (opcode >> 16) & 0x3F 189 | mask = 0x1F | ((s & N) << 5) 190 | if imms == mask: 191 | return idaapi.ARM_lsr if o else idaapi.ARM_asr, opcode, s, immr 192 | elif immr == imms + 1: 193 | return idaapi.ARM_lsl if o else idaapi.ARM_null, opcode, s, mask - imms 194 | return idaapi.ARM_null, 0, 0, 0 195 | 196 | class simpA64Hook(idaapi.IDP_Hooks): 197 | def __init__(self): 198 | idaapi.IDP_Hooks.__init__(self) 199 | self.n = idaapi.netnode("$ A64 Simplifier",0,1) 200 | 201 | def custom_ana(self): 202 | len, reg, is64, imm = check_mov_sequence(idaapi.cmd.ea) 203 | if len > 4: 204 | #print "0x%x: MOV/MOVK %c%d, #0x%x" % (idaapi.cmd.ea, 'X' if is64 else 'W', reg, imm) 205 | #dump_cmd(idaapi.cmd) 206 | #dump_op(idaapi.cmd.Op1) 207 | #dump_op(idaapi.cmd.Op2) 208 | idaapi.cmd.itype = ARM64_MOVE_I 209 | idaapi.cmd.segpref = 14 # ARM Condition = ALways 210 | idaapi.cmd.Op1.type = idaapi.o_reg 211 | idaapi.cmd.Op1.dtyp = idaapi.dt_qword if is64 else idaapi.dt_dword 212 | idaapi.cmd.Op1.reg = reg + 129 # Use Wn/Xn registers instead of Rn 213 | idaapi.cmd.Op2.type = idaapi.o_imm 214 | idaapi.cmd.Op2.dtyp = idaapi.dt_qword if is64 else idaapi.dt_dword 215 | idaapi.cmd.Op2.value = imm 216 | idaapi.cmd.flags = idaapi.INSN_MACRO 217 | idaapi.cmd.size = len 218 | return True 219 | insn, regs, is64, shift = check_ubfm_shift(idaapi.cmd.ea) 220 | if insn != idaapi.ARM_null: 221 | idaapi.cmd.itype = insn 222 | idaapi.cmd.segpref = 14 223 | idaapi.cmd.Op1.type = idaapi.o_reg 224 | idaapi.cmd.Op1.dtyp = idaapi.dt_qword if is64 else idaapi.dt_dword 225 | idaapi.cmd.Op1.reg = (regs & 0x1F) + 129 226 | idaapi.cmd.Op2.type = idaapi.o_reg 227 | idaapi.cmd.Op2.dtyp = idaapi.dt_qword if is64 else idaapi.dt_dword 228 | idaapi.cmd.Op2.reg = ((regs >> 5) & 0x1F) + 129 229 | idaapi.cmd.Op3.type = idaapi.o_imm 230 | idaapi.cmd.Op3.dtyp = idaapi.dt_qword if is64 else idaapi.dt_dword 231 | idaapi.cmd.Op3.value = shift 232 | idaapi.cmd.size = 4 233 | return True 234 | return False 235 | 236 | def custom_mnem(self): # totally optional 237 | if is_my_mov(idaapi.cmd): 238 | return "MOVE" 239 | return None 240 | 241 | # def custom_out(self): # XXX ida would just append .EQ 242 | # if is_my_mov(idaapi.cmd): 243 | # buf = idaapi.init_output_buffer(1024) 244 | # idaapi.OutMnem(16, "") 245 | # idaapi.out_one_operand(0) 246 | # idaapi.out_symbol(',') 247 | # idaapi.OutChar(' ') 248 | # idaapi.out_one_operand(1) 249 | # idaapi.term_output_buffer() 250 | # idaapi.MakeLine(buf) 251 | # return True 252 | # return False 253 | 254 | # def custom_outop(self, op): # XXX ida would just use Rn 255 | # if is_my_mov(idaapi.cmd) and op.type == idaapi.o_reg: 256 | # idaapi.out_register("%c%d" % ('X' if op.dtyp == idaapi.dt_qword else 'W', op.reg)) 257 | # return True 258 | # return False 259 | 260 | class simpa64_t(idaapi.plugin_t): 261 | flags = idaapi.PLUGIN_PROC 262 | comment = "Simplifier" 263 | wanted_hotkey = "Alt-Z" 264 | help = "Runs transparently" 265 | wanted_name = "simpa64" 266 | hook = None 267 | enabled = 1 268 | 269 | def init(self): 270 | self.hook = None 271 | if idaapi.ph_get_id() != idaapi.PLFM_ARM or idaapi.BADADDR <= 0xFFFFFFFF: 272 | return idaapi.PLUGIN_SKIP 273 | 274 | self.hook = simpA64Hook() 275 | flag = self.hook.n.altval(0) 276 | if flag: 277 | self.enabled = flag - 1 278 | print "%s is %sabled" % (self.wanted_name, "en" if self.enabled else "dis") 279 | if self.enabled: 280 | self.hook.hook() 281 | return idaapi.PLUGIN_KEEP 282 | 283 | def run(self, arg): 284 | print "%sabling %s" % ("dis" if self.enabled else "en", self.wanted_name) 285 | if self.enabled: 286 | self.hook.unhook() 287 | else: 288 | self.hook.hook() 289 | self.enabled = self.enabled ^ 1 290 | self.hook.n.altset(0, self.enabled + 1) 291 | idc.Refresh() 292 | 293 | def term(self): 294 | if self.hook: 295 | self.hook.unhook() 296 | 297 | def PLUGIN_ENTRY(): 298 | return simpa64_t() 299 | -------------------------------------------------------------------------------- /arm64/aarch64_move/aarch64_move.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * AArch64 MOV simplifier IDA plugin 3 | * 4 | * Copyright (c) 2016-2017 xerub 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License version 8 | * 2 as published by the Free Software Foundation. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | * 18 | * based on Rolf Rolles x86 deobfuscator http://www.msreverseengineering.com 19 | * Augmenting IDA UI with your own actions: http://www.hexblog.com/?p=886 20 | */ 21 | 22 | 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | #include 30 | 31 | #define MAGIC_ACTIVATED 2 32 | #define MAGIC_DEACTIVATED 1 33 | 34 | #define ARM64_MOVE_I ARM_mov 35 | 36 | inline bool is_arm64_ea(ea_t ea) 37 | { 38 | segment_t *seg = getseg(ea); 39 | return seg != NULL && seg->use64(); 40 | } 41 | 42 | static int HighestSetBit(int N, uint32_t imm) 43 | { 44 | int i; 45 | for (i = N - 1; i >= 0; i--) { 46 | if (imm & (1 << i)) { 47 | return i; 48 | } 49 | } 50 | return -1; 51 | } 52 | 53 | static uint64_t ZeroExtendOnes(unsigned M, unsigned N) // zero extend M ones to N width 54 | { 55 | (void)N; 56 | return ((uint64_t)1 << M) - 1; 57 | } 58 | 59 | static uint64_t RORZeroExtendOnes(unsigned M, unsigned N, unsigned R) 60 | { 61 | uint64_t val = ZeroExtendOnes(M, N); 62 | if (R == 0) { 63 | return val; 64 | } 65 | return ((val >> R) & (((uint64_t)1 << (N - R)) - 1)) | ((val & (((uint64_t)1 << R) - 1)) << (N - R)); 66 | } 67 | 68 | static uint64_t Replicate(uint64_t val, unsigned bits) 69 | { 70 | uint64_t ret = val; 71 | unsigned shift; 72 | for (shift = bits; shift < 64; shift += bits) { // XXX actually, it is either 32 or 64 73 | ret |= (val << shift); 74 | } 75 | return ret; 76 | } 77 | 78 | static int DecodeBitMasks(unsigned immN, unsigned imms, unsigned immr, int immediate, uint64_t *newval) 79 | { 80 | unsigned levels, S, R, esize; 81 | int len = HighestSetBit(7, (immN << 6) | (~imms & 0x3F)); 82 | if (len < 1) { 83 | return -1; 84 | } 85 | levels = ZeroExtendOnes(len, 6); 86 | if (immediate && (imms & levels) == levels) { 87 | return -1; 88 | } 89 | S = imms & levels; 90 | R = immr & levels; 91 | esize = 1 << len; 92 | *newval = Replicate(RORZeroExtendOnes(S + 1, esize, R), esize); 93 | return 0; 94 | } 95 | 96 | static int DecodeMov(uint32_t opcode, uint64_t total, uint64_t *newval, uint64_t inmask, uint64_t *outmask) 97 | { 98 | unsigned s = (opcode >> 31) & 1; 99 | unsigned o = (opcode >> 29) & 3; 100 | unsigned k = (opcode >> 23) & 0x3F; 101 | unsigned rn, rd; 102 | uint64_t i; 103 | 104 | if (k == 0x24 && o == 1) { // MOV (bitmask imm) <=> ORR (immediate) 105 | unsigned N = (opcode >> 22) & 1; 106 | if (s == 0 && N != 0) { 107 | return -1; 108 | } 109 | rn = (opcode >> 5) & 0x1F; 110 | if (rn == 31) { 111 | unsigned imms = (opcode >> 10) & 0x3F; 112 | unsigned immr = (opcode >> 16) & 0x3F; 113 | *outmask = -1ULL; 114 | return DecodeBitMasks(N, imms, immr, 1, newval); 115 | } 116 | } else if (k == 0x25) { // MOVN/MOVZ/MOVK 117 | unsigned h = (opcode >> 21) & 3; 118 | if (s == 0 && h > 1) { 119 | return -1; 120 | } 121 | i = (opcode >> 5) & 0xFFFF; 122 | h *= 16; 123 | i <<= h; 124 | if (o == 0) { // MOVN 125 | *outmask = -1ULL; 126 | *newval = ~i; 127 | if (s == 0) { 128 | *newval &= 0xFFFFFFFF; 129 | } 130 | return 0; 131 | } else if (o == 2) { // MOVZ 132 | *outmask = -1ULL; 133 | *newval = i; 134 | return 0; 135 | } else if (o == 3) { // MOVK 136 | uint64_t mask = (uint64_t)0xFFFF << h; 137 | if (s == 0) { 138 | inmask |= ~0xFFFFFFFFULL; 139 | } 140 | *outmask = inmask | mask; 141 | *newval = (total & ~mask) | i; 142 | return 0; 143 | } 144 | } else if ((k | 1) == 0x23) { // ADD (immediate) 145 | unsigned h = (opcode >> 22) & 3; 146 | if (h > 1) { 147 | return -1; 148 | } 149 | if (inmask != -1ULL && (inmask != 0xFFFFFFFF || s)) { 150 | return -1; 151 | } 152 | rd = opcode & 0x1F; 153 | rn = (opcode >> 5) & 0x1F; 154 | if (rd != rn) { 155 | return -1; 156 | } 157 | i = (opcode >> 10) & 0xFFF; 158 | h *= 12; 159 | i <<= h; 160 | if (o & 2) { // SUB 161 | total -= i; 162 | } else { // ADD 163 | total += i; 164 | } 165 | if (s == 0) { 166 | total &= 0xFFFFFFFF; 167 | } 168 | *outmask = -1ULL; 169 | *newval = total; 170 | return 0; 171 | } 172 | 173 | return -1; 174 | } 175 | 176 | static size_t check_mov_sequence(ea_t ea, int *_reg, int *_is64, uint64_t *_imm) 177 | { 178 | ea_t oldea; 179 | int reg = -1; 180 | int is64 = 0; 181 | uint64_t total = 0; 182 | uint64_t inmask = 0; 183 | for (oldea = ea; is_arm64_ea(ea); ea += 4) { 184 | uint64_t newval = 0; 185 | uint64_t outmask = 0; 186 | uint32_t d = get_dword(ea); 187 | int r = d & 0x1F; 188 | if (reg >= 0 && reg != r) { 189 | break; 190 | } 191 | if (DecodeMov(d, total, &newval, inmask, &outmask) < 0) { 192 | break; 193 | } 194 | if (reg >= 0 && get_first_fcref_to(ea) != BADADDR) { 195 | break; 196 | } 197 | if ((d >> 31) & 1) { 198 | is64 = 1; 199 | } 200 | total = newval; 201 | inmask = outmask; 202 | reg = r; 203 | } 204 | if (inmask != -1ULL) { 205 | return 0; 206 | } 207 | *_reg = reg; 208 | *_is64 = is64; 209 | *_imm = total; 210 | return ea - oldea; 211 | } 212 | 213 | static size_t ana(insn_t *insn) 214 | { 215 | uint64_t imm; 216 | int reg, is64; 217 | size_t sz = check_mov_sequence(insn->ea, ®, &is64, &imm); 218 | if (sz > 4) { 219 | insn->itype = ARM64_MOVE_I; 220 | insn->segpref = 14; // ARM Condition = ALways 221 | insn->Op1.type = o_reg; 222 | insn->Op1.reg = reg + 129; // Use Wn/Xn registers instead of Rn 223 | insn->Op1.dtype = is64 ? dt_qword : dt_dword; 224 | insn->Op2.type = o_imm; 225 | insn->Op2.value = imm; 226 | insn->Op2.dtype = is64 ? dt_qword : dt_dword; 227 | insn->flags = INSN_MACRO; 228 | return sz; 229 | } 230 | return 0; 231 | } 232 | 233 | static long idaapi aarch64_extension_callback(void * user_data, int event_id, va_list va) 234 | { 235 | switch (event_id) { 236 | case processor_t::ev_ana_insn: { 237 | insn_t *insn = va_arg(va, insn_t *); 238 | size_t length = ana(insn); 239 | if (length) { 240 | insn->size = (uint16)length; 241 | return length; 242 | } 243 | } 244 | break; 245 | case processor_t::ev_out_mnem: { /* totally optional */ 246 | outctx_t *ctx = va_arg(va, outctx_t *); 247 | const insn_t *insn = &ctx->insn; 248 | if (0) { 249 | unsigned i; 250 | printf("cs:ip = 0x%llx:0x%llx\n", insn->cs, insn->ip); 251 | printf("ea = 0x%llx\n", insn->ea); 252 | printf("itype = 0x%x\n", insn->itype); 253 | printf("size = 0x%x\n", insn->size); 254 | printf("auxpref = 0x%x\n", insn->auxpref); 255 | printf("segpref = 0x%x\n", insn->segpref); 256 | printf("insnpref = 0x%x\n", insn->insnpref); 257 | printf("flags = 0x%x\n", insn->flags); 258 | for (i = 0; i < UA_MAXOP; i++) { 259 | printf("\tn = 0x%x\n", insn->ops[i].n); 260 | printf("\ttype = 0x%x\n", insn->ops[i].type); 261 | printf("\toffb/offo = 0x%x/0x%x\n", insn->ops[i].offb, insn->ops[i].offo); 262 | printf("\tflags = 0x%x\n", insn->ops[i].flags); 263 | printf("\tdtyp = 0x%x\n", insn->ops[i].dtype); 264 | printf("\treg = 0x%x\n", insn->ops[i].reg); 265 | printf("\tvalue = 0x%llx\n", insn->ops[i].value); 266 | printf("\taddr = 0x%llx\n", insn->ops[i].addr); 267 | printf("\tspecval = 0x%llx\n", insn->ops[i].specval); 268 | printf("\tspecflag[1..4] = 0x%x, 0x%x, 0x%x, 0x%x\n", insn->ops[i].specflag1, insn->ops[i].specflag2, insn->ops[i].specflag3, insn->ops[i].specflag4); 269 | } 270 | printf("---\n"); 271 | } 272 | if (insn->itype == ARM64_MOVE_I && insn->flags == INSN_MACRO && insn->size > 4) { 273 | ctx->out_custom_mnem("MOVE", inf.indent); 274 | return 2; 275 | } 276 | } 277 | break; 278 | } 279 | return 0; 280 | } 281 | 282 | static bool enabled = false; 283 | static netnode aarch64_node; 284 | static const char node_name[] = "$ A64 Simplifier"; 285 | 286 | int idaapi init(void) 287 | { 288 | if (ph.id != PLFM_ARM) return PLUGIN_SKIP; 289 | addon_info_t *addon = new(addon_info_t); 290 | addon->id = "org.xerub.mov"; 291 | addon->name = "AArch64 MOV"; 292 | addon->producer = "xerub"; 293 | addon->url = "xerub@protonmail.com"; 294 | addon->version = "7.0"; 295 | register_addon(addon); 296 | aarch64_node.create(node_name); 297 | enabled = aarch64_node.altval(0) != MAGIC_DEACTIVATED; 298 | if (enabled) { 299 | hook_to_notification_point(HT_IDP, aarch64_extension_callback, NULL); 300 | msg("AArch64 MOV simplifier is enabled\n"); 301 | return PLUGIN_KEEP; 302 | } 303 | return PLUGIN_OK; 304 | } 305 | 306 | 307 | void idaapi term(void) 308 | { 309 | unhook_from_notification_point(HT_IDP, aarch64_extension_callback); 310 | } 311 | 312 | bool idaapi run(size_t /*arg*/) 313 | { 314 | if (enabled) { 315 | unhook_from_notification_point(HT_IDP, aarch64_extension_callback); 316 | } else { 317 | hook_to_notification_point(HT_IDP, aarch64_extension_callback, NULL); 318 | } 319 | enabled = !enabled; 320 | aarch64_node.create(node_name); 321 | aarch64_node.altset(0, enabled ? MAGIC_ACTIVATED : MAGIC_DEACTIVATED); 322 | info("AUTOHIDE NONE\n" "AArch64 MOV simplifier is now %sabled", enabled ? "en" : "dis"); 323 | refresh_idaview_anyway(); 324 | return true; 325 | } 326 | 327 | //-------------------------------------------------------------------------- 328 | 329 | plugin_t PLUGIN = { 330 | IDP_INTERFACE_VERSION, 331 | PLUGIN_PROC, 332 | init, 333 | term, 334 | run, 335 | "AArch64 MOV simplifier", // comment 336 | "Runs transparently", // help 337 | "Aarch64 MOV", // name 338 | "Alt-Z" // hotkey 339 | }; 340 | -------------------------------------------------------------------------------- /arm64/aarch64_pac/aarch64_pac.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * AArch64 8.3-A Pointer Authentication extension 3 | * 4 | * Copyright (c) 2018 xerub 5 | * 6 | * This program is free software; you can redistribute it and/or 7 | * modify it under the terms of the GNU General Public License version 8 | * 2 as published by the Free Software Foundation. 9 | * 10 | * This program is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * You should have received a copy of the GNU General Public License 16 | * along with this program. If not, see . 17 | */ 18 | 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | 28 | /* 29 | * Fix for decompiler analysis: 30 | * Copyright (c) 2018 Eloi Benoist-Vanderbeken - Synacktiv 31 | * https://github.com/Synacktiv/kernelcache-laundering/blob/master/aarch64_pac.py 32 | */ 33 | #define CONVERT_INSN 1 34 | 35 | #ifdef CONVERT_INSN 36 | #define ARM64_PAC_I ARM_hlt // op1=io, op2=in, op3=in 37 | #else 38 | #define ARM64_PAC_I ARM_hint // op1=in 39 | #endif 40 | 41 | inline bool is_arm64_ea(ea_t ea) 42 | { 43 | segment_t *seg = getseg(ea); 44 | return seg != NULL && seg->use64(); 45 | } 46 | 47 | enum PAC { 48 | pac_NONE, 49 | pac_PACIASP, pac_PACIBSP, pac_AUTIASP, pac_AUTIBSP, 50 | pac_PACIAZ, pac_PACIBZ, pac_AUTIAZ, pac_AUTIBZ, 51 | pac_PACIA1716, pac_PACIB1716, pac_AUTIA1716, pac_AUTIB1716, 52 | pac_PACIA, pac_PACIB, pac_PACDA, pac_PACDB, pac_AUTIA, pac_AUTIB, pac_AUTDA, pac_AUTDB, 53 | pac_PACIZA, pac_PACIZB, pac_PACDZA, pac_PACDZB, pac_AUTIZA, pac_AUTIZB, pac_AUTDZA, pac_AUTDZB, 54 | pac_PACGA, 55 | pac_XPACLRI, 56 | pac_XPACI, pac_XPACD, 57 | pac_RETAA, pac_RETAB, 58 | pac_BRAA, pac_BRAB, pac_BRAAZ, pac_BRABZ, pac_BLRAA, pac_BLRAB, pac_BLRAAZ, pac_BLRABZ, 59 | pac_ERETAA, pac_ERETAB, 60 | pac_LDRAA, pac_LDRAB, 61 | }; 62 | 63 | static const char *pac_tab[] = { 64 | "PACIASP", "PACIBSP", "AUTIASP", "AUTIBSP", 65 | "PACIAZ", "PACIBZ", "AUTIAZ", "AUTIBZ", 66 | "PACIA1716", "PACIB1716", "AUTIA1716", "AUTIB1716", 67 | "PACIA", "PACIB", "PACDA", "PACDB", "AUTIA", "AUTIB", "AUTDA", "AUTDB", 68 | "PACIZA", "PACIZB", "PACDZA", "PACDZB", "AUTIZA", "AUTIZB", "AUTDZA", "AUTDZB", 69 | "PACGA", 70 | "XPACLRI", 71 | "XPACI", "XPACD", 72 | "RETAA", "RETAB", 73 | "BRAA", "BRAB", "BRAAZ", "BRABZ", "BLRAA", "BLRAB", "BLRAAZ", "BLRABZ", 74 | "ERETAA", "ERETAB", 75 | "LDRAA", "LDRAB", 76 | }; 77 | 78 | static size_t ana(insn_t *insn) 79 | { 80 | ea_t ea = insn->ea; 81 | if (is_arm64_ea(ea)) { 82 | unsigned d = get_32bit(ea); 83 | if ((d & 0xffffc000) == 0xdac10000) { 84 | int m = (d >> 10) & 7; 85 | int Z = (d >> 13) & 1; 86 | int Xn = (d >> 5) & 0x1F; 87 | int Xd = d & 0x1F; 88 | if (Z == 0) { 89 | insn->itype = ARM64_PAC_I; 90 | insn->segpref = 14; 91 | insn->Op1.type = o_reg; 92 | insn->Op1.reg = Xd + 129; 93 | insn->Op1.dtype = dt_qword; 94 | insn->Op2.type = o_reg; 95 | insn->Op2.reg = Xn + 129; 96 | insn->Op2.dtype = dt_qword; 97 | insn->Op2.flags = OF_SHOW; 98 | #ifdef CONVERT_INSN 99 | insn->Op3 = insn->Op1; 100 | insn->Op3.flags = 0; 101 | #endif 102 | insn->insnpref = pac_PACIA + m; 103 | return 4; 104 | } else if (Xn == 31) { 105 | insn->itype = ARM64_PAC_I; 106 | insn->segpref = 14; 107 | insn->Op1.type = o_reg; 108 | insn->Op1.reg = Xd + 129; 109 | insn->Op1.dtype = dt_qword; 110 | #ifdef CONVERT_INSN 111 | insn->Op2 = insn->Op1; 112 | insn->Op2.flags = 0; 113 | #endif 114 | insn->insnpref = pac_PACIZA + m; 115 | return 4; 116 | } 117 | } 118 | if ((d & 0xfffffd1f) == 0xd503211f) { 119 | int m = (d >> 6) & 3; 120 | int CRm = (d >> 9) & 1; 121 | int op2 = (d >> 5) & 1; 122 | if (CRm == 0) { 123 | insn->itype = ARM64_PAC_I; 124 | insn->segpref = 14; 125 | #ifdef CONVERT_INSN 126 | insn->Op1.type = o_reg; 127 | insn->Op1.reg = 17 + 129; 128 | insn->Op1.dtype = dt_qword; 129 | insn->Op1.flags = 0; 130 | insn->Op2.type = o_reg; 131 | insn->Op2.reg = 16 + 129; 132 | insn->Op2.dtype = dt_qword; 133 | insn->Op2.flags = 0; 134 | insn->Op3 = insn->Op1; 135 | #else 136 | insn->Op1.type = o_void; 137 | #endif 138 | insn->insnpref = pac_PACIA1716 + m; 139 | return 4; 140 | } else if (op2) { 141 | insn->itype = ARM64_PAC_I; 142 | insn->segpref = 14; 143 | #ifdef CONVERT_INSN 144 | insn->Op1.type = o_reg; 145 | insn->Op1.reg = 30 + 129; 146 | insn->Op1.dtype = dt_qword; 147 | insn->Op1.flags = 0; 148 | insn->Op2.type = o_reg; 149 | insn->Op2.reg = 31 + 129; 150 | insn->Op2.dtype = dt_qword; 151 | insn->Op2.flags = 0; 152 | insn->Op3 = insn->Op1; 153 | #else 154 | insn->Op1.type = o_void; 155 | #endif 156 | insn->insnpref = pac_PACIASP + m; 157 | return 4; 158 | } else { 159 | insn->itype = ARM64_PAC_I; 160 | insn->segpref = 14; 161 | #ifdef CONVERT_INSN 162 | insn->Op1.type = o_reg; 163 | insn->Op1.reg = 30 + 129; 164 | insn->Op1.dtype = dt_qword; 165 | insn->Op1.flags = 0; 166 | insn->Op2 = insn->Op1; 167 | #else 168 | insn->Op1.type = o_void; 169 | #endif 170 | insn->insnpref = pac_PACIAZ + m; 171 | return 4; 172 | } 173 | } 174 | if ((d & 0xffe0fc00) == 0x9ac03000) { 175 | int Xm = (d >> 16) & 0x1F; 176 | int Xn = (d >> 5) & 0x1F; 177 | int Xd = d & 0x1F; 178 | insn->itype = ARM64_PAC_I; 179 | insn->segpref = 14; 180 | insn->Op1.type = o_reg; 181 | insn->Op1.reg = Xd + 129; 182 | insn->Op1.dtype = dt_qword; 183 | insn->Op2.type = o_reg; 184 | insn->Op2.reg = Xn + 129; 185 | insn->Op2.dtype = dt_qword; 186 | insn->Op3.type = o_reg; 187 | insn->Op3.reg = Xm + 129; 188 | insn->Op3.dtype = dt_qword; 189 | insn->insnpref = pac_PACGA; 190 | return 4; 191 | } 192 | if ((d & 0xfffffbe0) == 0xdac143e0) { 193 | int D = (d >> 10) & 1; 194 | int Xd = d & 0x1F; 195 | insn->itype = ARM64_PAC_I; 196 | insn->segpref = 14; 197 | insn->Op1.type = o_reg; 198 | insn->Op1.reg = Xd + 129; 199 | insn->Op1.dtype = dt_qword; 200 | #ifdef CONVERT_INSN 201 | insn->Op2 = insn->Op1; 202 | insn->Op2.flags = 0; 203 | #endif 204 | insn->insnpref = pac_XPACI + D; 205 | return 4; 206 | } 207 | if (d == 0xd50320ff) { 208 | insn->itype = ARM64_PAC_I; 209 | insn->segpref = 14; 210 | #ifdef CONVERT_INSN 211 | insn->Op1.type = o_reg; 212 | insn->Op1.reg = 30 + 129; 213 | insn->Op1.dtype = dt_qword; 214 | insn->Op1.flags = 0; 215 | insn->Op2 = insn->Op1; 216 | #else 217 | insn->Op1.type = o_void; 218 | #endif 219 | insn->insnpref = pac_XPACLRI; 220 | return 4; 221 | } 222 | if ((d & 0xfffffbff) == 0xd65f0bff) { 223 | int M = (d >> 10) & 1; 224 | insn->insnpref = pac_RETAA + M; 225 | insn->itype = ARM_ret; 226 | insn->segpref = 14; 227 | insn->Op1.type = o_reg; 228 | insn->Op1.reg = 30 + 129; 229 | insn->Op1.dtype = dt_qword; 230 | insn->Op1.flags = 0; 231 | return 4; 232 | } 233 | if ((d & 0xfedff800) == 0xd61f0800) { 234 | int is_blr = (d >> 19) & 4; 235 | int Z = (d >> 24) & 1; 236 | int M = (d >> 10) & 1; 237 | int Xn = (d >> 5) & 0x1F; 238 | int Xm = d & 0x1F; 239 | if (Z == 0 && Xm == 31) { 240 | insn->itype = is_blr ? ARM_blr : ARM_br; 241 | insn->segpref = 14; 242 | insn->Op1.type = o_reg; 243 | insn->Op1.reg = Xn + 129; 244 | insn->Op1.dtype = dt_qword; 245 | insn->insnpref = pac_BRAAZ + M + is_blr; 246 | return 4; 247 | } else if (Z) { 248 | insn->itype = is_blr ? ARM_blr : ARM_br; 249 | insn->segpref = 14; 250 | insn->Op1.type = o_reg; 251 | insn->Op1.reg = Xn + 129; 252 | insn->Op1.dtype = dt_qword; 253 | insn->Op2.type = o_reg; 254 | insn->Op2.reg = Xm + 129; 255 | insn->Op2.dtype = dt_qword; 256 | insn->Op2.flags = OF_SHOW; 257 | insn->insnpref = pac_BRAA + M + is_blr; 258 | return 4; 259 | } 260 | } 261 | if ((d & 0xfffffbff) == 0xd69f0bff) { 262 | int M = (d >> 10) & 1; 263 | insn->insnpref = pac_ERETAA + M; 264 | insn->itype = ARM_eret; 265 | insn->segpref = 14; 266 | return 4; 267 | } 268 | if ((d & 0xff200400) == 0xf8200400) { 269 | int M = (d >> 23) & 1; 270 | int imm10 = ((d & 0x400000) << 9) | ((d & 0x1ff000) << 10); 271 | int offset = imm10 >> 19; 272 | int W = (d >> 11) & 1; 273 | int Xn = (d >> 5) & 0x1F; 274 | int Xt = d & 0x1F; 275 | insn->itype = ARM_ldr; 276 | insn->segpref = 14; 277 | insn->Op1.type = o_reg; 278 | insn->Op1.reg = Xt + 129; 279 | insn->Op1.dtype = dt_qword; 280 | insn->Op2.type = o_displ; 281 | insn->Op2.reg = Xn + 129; 282 | insn->Op2.dtype = dt_qword; 283 | insn->Op2.addr = offset; 284 | if (W) { 285 | insn->auxpref = 0x20; 286 | } 287 | insn->insnpref = pac_LDRAA + M; 288 | return 4; 289 | } 290 | } 291 | return 0; 292 | } 293 | 294 | static long idaapi aarch64_extension_callback(void * user_data, int event_id, va_list va) 295 | { 296 | switch (event_id) { 297 | case processor_t::ev_ana_insn: { 298 | insn_t *insn = va_arg(va, insn_t *); 299 | size_t length = ana(insn); 300 | if (length) { 301 | insn->size = (uint16)length; 302 | return length; 303 | } 304 | } 305 | break; 306 | case processor_t::ev_out_mnem: { 307 | outctx_t *ctx = va_arg(va, outctx_t *); 308 | const insn_t *insn = &ctx->insn; 309 | if (insn->insnpref) { 310 | int pri = insn->itype; 311 | int sec = insn->insnpref; 312 | const int indent = 16; 313 | if (pri == ARM64_PAC_I && sec >= pac_PACIASP && sec <= pac_XPACD) { 314 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 315 | return 2; 316 | } 317 | if (pri == ARM_ret && sec >= pac_RETAA && sec <= pac_RETAB) { 318 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 319 | return 2; 320 | } 321 | if (pri == ARM_br && sec >= pac_BRAA && sec <= pac_BRABZ) { 322 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 323 | return 2; 324 | } 325 | if (pri == ARM_blr && sec >= pac_BLRAA && sec <= pac_BLRABZ) { 326 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 327 | return 2; 328 | } 329 | if (pri == ARM_eret && sec >= pac_ERETAA && sec <= pac_ERETAB) { 330 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 331 | return 2; 332 | } 333 | if (pri == ARM_ldr && sec >= pac_LDRAA && sec <= pac_LDRAB) { 334 | ctx->out_custom_mnem(pac_tab[sec - 1], indent); 335 | return 2; 336 | } 337 | } 338 | } 339 | break; 340 | } 341 | return 0; 342 | } 343 | 344 | static bool enabled = true; 345 | 346 | int idaapi init(void) 347 | { 348 | if (ph.id != PLFM_ARM) return PLUGIN_SKIP; 349 | addon_info_t *addon = new(addon_info_t); 350 | addon->id = "org.xerub.pac"; 351 | addon->name = "AArch64 PAC"; 352 | addon->producer = "xerub"; 353 | addon->url = "xerub@protonmail.com"; 354 | addon->version = "7.0"; 355 | register_addon(addon); 356 | if (enabled) { 357 | hook_to_notification_point(HT_IDP, aarch64_extension_callback, NULL); 358 | msg("AArch64 PAC extension is enabled\n"); 359 | return PLUGIN_KEEP; 360 | } 361 | return PLUGIN_OK; 362 | } 363 | 364 | 365 | void idaapi term(void) 366 | { 367 | unhook_from_notification_point(HT_IDP, aarch64_extension_callback); 368 | } 369 | 370 | bool idaapi run(size_t /*arg*/) 371 | { 372 | if (enabled) { 373 | unhook_from_notification_point(HT_IDP, aarch64_extension_callback); 374 | } else { 375 | hook_to_notification_point(HT_IDP, aarch64_extension_callback, NULL); 376 | } 377 | enabled = !enabled; 378 | info("AUTOHIDE NONE\n" "AArch64 PAC extension is now %sabled", enabled ? "en" : "dis"); 379 | refresh_idaview_anyway(); 380 | return true; 381 | } 382 | 383 | //-------------------------------------------------------------------------- 384 | 385 | plugin_t PLUGIN = { 386 | IDP_INTERFACE_VERSION, 387 | PLUGIN_PROC, 388 | init, 389 | term, 390 | run, 391 | "ARM v8.3-A Pointer Authentication extension", // comment 392 | "Runs transparently", // help 393 | "Aarch64 PAC", // name 394 | "Ctrl-Alt-Shift-A" // hotkey 395 | }; 396 | -------------------------------------------------------------------------------- /hnight7.py: -------------------------------------------------------------------------------- 1 | # Print ARM sysregs using symbolic names. 2 | # 3 | # Copyright (c) 2017 xerub. All rights reserved 4 | 5 | import idautils 6 | import idaapi 7 | import idc 8 | 9 | import traceback 10 | 11 | hexnight_cb_info = None 12 | hexnight_cb = None 13 | 14 | # generated from capstone/arch/AArch64/AArch64BaseInfo.h 15 | regs64 = { 16 | # Apple specific 17 | 0xc780 : "HID0", 18 | 0xc781 : "EHID0", 19 | 0xc788 : "HID1", 20 | 0xc790 : "HID2", 21 | 0xc798 : "HID3", 22 | 0xc799 : "EHID3", 23 | 0xc7a0 : "HID4", 24 | 0xc7a8 : "HID5", 25 | 0xc7a9 : "EHID5", 26 | 0xc7b0 : "HID6", 27 | 0xc7b8 : "HID7", 28 | 0xc7c0 : "HID8", 29 | 0xc7c8 : "HID9", 30 | 0xc7d0 : "HID10", 31 | 0xc7e8 : "HID11", 32 | 0xc7d8 : "HID11", 33 | 0xc7d9 : "EHID11", 34 | 0xefa0 : "CYC_CFG", 35 | 0xefb0 : "ACC_OVRD", 36 | 0xefa8 : "CYC_OVRD", 37 | 0xdf80 : "LSU_ERR_STS", 38 | 0xdf90 : "E_LSU_ERR_STS", 39 | 0xdf88 : "LSU_ERR_CTL", 40 | 0xf780 : "MMU_ERR_STS", 41 | 0xf790 : "E_MMU_ERR_STS", 42 | 0xdfc0 : "L2C_ERR_STS", 43 | 0xdfc8 : "L2C_ERR_ADR", 44 | 0xdfd0 : "L2C_ERR_INF", 45 | 0xe784 : "MIGSTS_EL1", 46 | 0xe793 : "KTRR_LOWER_EL1", 47 | 0xe794 : "KTRR_UPPER_EL1", 48 | 0xe792 : "KTRR_LOCK_EL1", 49 | # end of Apple specific 50 | # Op0 Op1 CRn CRm Op2 51 | 0x9808 : "MDCCSR_EL0", # 10 011 0000 0001 000 52 | 0x9828 : "DBGDTRRX_EL0", # 10 011 0000 0101 000 53 | 0x8080 : "MDRAR_EL1", # 10 000 0001 0000 000 54 | 0x808c : "OSLSR_EL1", # 10 000 0001 0001 100 55 | 0x83f6 : "DBGAUTHSTATUS_EL1", # 10 000 0111 1110 110 56 | 0xdce6 : "PMCEID0_EL0", # 11 011 1001 1100 110 57 | 0xdce7 : "PMCEID1_EL0", # 11 011 1001 1100 111 58 | 0xc000 : "MIDR_EL1", # 11 000 0000 0000 000 59 | 0xc800 : "CCSIDR_EL1", # 11 001 0000 0000 000 60 | 0xc801 : "CLIDR_EL1", # 11 001 0000 0000 001 61 | 0xd801 : "CTR_EL0", # 11 011 0000 0000 001 62 | 0xc005 : "MPIDR_EL1", # 11 000 0000 0000 101 63 | 0xc006 : "REVIDR_EL1", # 11 000 0000 0000 110 64 | 0xc807 : "AIDR_EL1", # 11 001 0000 0000 111 65 | 0xd807 : "DCZID_EL0", # 11 011 0000 0000 111 66 | 0xc008 : "ID_PFR0_EL1", # 11 000 0000 0001 000 67 | 0xc009 : "ID_PFR1_EL1", # 11 000 0000 0001 001 68 | 0xc00a : "ID_DFR0_EL1", # 11 000 0000 0001 010 69 | 0xc00b : "ID_AFR0_EL1", # 11 000 0000 0001 011 70 | 0xc00c : "ID_MMFR0_EL1", # 11 000 0000 0001 100 71 | 0xc00d : "ID_MMFR1_EL1", # 11 000 0000 0001 101 72 | 0xc00e : "ID_MMFR2_EL1", # 11 000 0000 0001 110 73 | 0xc00f : "ID_MMFR3_EL1", # 11 000 0000 0001 111 74 | 0xc010 : "ID_ISAR0_EL1", # 11 000 0000 0010 000 75 | 0xc011 : "ID_ISAR1_EL1", # 11 000 0000 0010 001 76 | 0xc012 : "ID_ISAR2_EL1", # 11 000 0000 0010 010 77 | 0xc013 : "ID_ISAR3_EL1", # 11 000 0000 0010 011 78 | 0xc014 : "ID_ISAR4_EL1", # 11 000 0000 0010 100 79 | 0xc015 : "ID_ISAR5_EL1", # 11 000 0000 0010 101 80 | 0xc020 : "ID_A64PFR0_EL1", # 11 000 0000 0100 000 81 | 0xc021 : "ID_A64PFR1_EL1", # 11 000 0000 0100 001 82 | 0xc028 : "ID_A64DFR0_EL1", # 11 000 0000 0101 000 83 | 0xc029 : "ID_A64DFR1_EL1", # 11 000 0000 0101 001 84 | 0xc02c : "ID_A64AFR0_EL1", # 11 000 0000 0101 100 85 | 0xc02d : "ID_A64AFR1_EL1", # 11 000 0000 0101 101 86 | 0xc030 : "ID_A64ISAR0_EL1", # 11 000 0000 0110 000 87 | 0xc031 : "ID_A64ISAR1_EL1", # 11 000 0000 0110 001 88 | 0xc038 : "ID_A64MMFR0_EL1", # 11 000 0000 0111 000 89 | 0xc039 : "ID_A64MMFR1_EL1", # 11 000 0000 0111 001 90 | 0xc018 : "MVFR0_EL1", # 11 000 0000 0011 000 91 | 0xc019 : "MVFR1_EL1", # 11 000 0000 0011 001 92 | 0xc01a : "MVFR2_EL1", # 11 000 0000 0011 010 93 | 0xc601 : "RVBAR_EL1", # 11 000 1100 0000 001 94 | 0xe601 : "RVBAR_EL2", # 11 100 1100 0000 001 95 | 0xf601 : "RVBAR_EL3", # 11 110 1100 0000 001 96 | 0xc608 : "ISR_EL1", # 11 000 1100 0001 000 97 | 0xdf01 : "CNTPCT_EL0", # 11 011 1110 0000 001 98 | 0xdf02 : "CNTVCT_EL0", # 11 011 1110 0000 010 99 | 0x8818 : "TRCSTATR", # 10 001 0000 0011 000 100 | 0x8806 : "TRCIDR8", # 10 001 0000 0000 110 101 | 0x880e : "TRCIDR9", # 10 001 0000 0001 110 102 | 0x8816 : "TRCIDR10", # 10 001 0000 0010 110 103 | 0x881e : "TRCIDR11", # 10 001 0000 0011 110 104 | 0x8826 : "TRCIDR12", # 10 001 0000 0100 110 105 | 0x882e : "TRCIDR13", # 10 001 0000 0101 110 106 | 0x8847 : "TRCIDR0", # 10 001 0000 1000 111 107 | 0x884f : "TRCIDR1", # 10 001 0000 1001 111 108 | 0x8857 : "TRCIDR2", # 10 001 0000 1010 111 109 | 0x885f : "TRCIDR3", # 10 001 0000 1011 111 110 | 0x8867 : "TRCIDR4", # 10 001 0000 1100 111 111 | 0x886f : "TRCIDR5", # 10 001 0000 1101 111 112 | 0x8877 : "TRCIDR6", # 10 001 0000 1110 111 113 | 0x887f : "TRCIDR7", # 10 001 0000 1111 111 114 | 0x888c : "TRCOSLSR", # 10 001 0001 0001 100 115 | 0x88ac : "TRCPDSR", # 10 001 0001 0101 100 116 | 0x8bd6 : "TRCDEVAFF0", # 10 001 0111 1010 110 117 | 0x8bde : "TRCDEVAFF1", # 10 001 0111 1011 110 118 | 0x8bee : "TRCLSR", # 10 001 0111 1101 110 119 | 0x8bf6 : "TRCAUTHSTATUS", # 10 001 0111 1110 110 120 | 0x8bfe : "TRCDEVARCH", # 10 001 0111 1111 110 121 | 0x8b97 : "TRCDEVID", # 10 001 0111 0010 111 122 | 0x8b9f : "TRCDEVTYPE", # 10 001 0111 0011 111 123 | 0x8ba7 : "TRCPIDR4", # 10 001 0111 0100 111 124 | 0x8baf : "TRCPIDR5", # 10 001 0111 0101 111 125 | 0x8bb7 : "TRCPIDR6", # 10 001 0111 0110 111 126 | 0x8bbf : "TRCPIDR7", # 10 001 0111 0111 111 127 | 0x8bc7 : "TRCPIDR0", # 10 001 0111 1000 111 128 | 0x8bcf : "TRCPIDR1", # 10 001 0111 1001 111 129 | 0x8bd7 : "TRCPIDR2", # 10 001 0111 1010 111 130 | 0x8bdf : "TRCPIDR3", # 10 001 0111 1011 111 131 | 0x8be7 : "TRCCIDR0", # 10 001 0111 1100 111 132 | 0x8bef : "TRCCIDR1", # 10 001 0111 1101 111 133 | 0x8bf7 : "TRCCIDR2", # 10 001 0111 1110 111 134 | 0x8bff : "TRCCIDR3", # 10 001 0111 1111 111 135 | 0xc660 : "ICC_IAR1_EL1", # 11 000 1100 1100 000 136 | 0xc640 : "ICC_IAR0_EL1", # 11 000 1100 1000 000 137 | 0xc662 : "ICC_HPPIR1_EL1", # 11 000 1100 1100 010 138 | 0xc642 : "ICC_HPPIR0_EL1", # 11 000 1100 1000 010 139 | 0xc65b : "ICC_RPR_EL1", # 11 000 1100 1011 011 140 | 0xe659 : "ICH_VTR_EL2", # 11 100 1100 1011 001 141 | 0xe65b : "ICH_EISR_EL2", # 11 100 1100 1011 011 142 | 0xe65d : "ICH_ELSR_EL2", # 11 100 1100 1011 101 143 | 0x9828 : "DBGDTRTX_EL0", # 10 011 0000 0101 000 144 | 0x8084 : "OSLAR_EL1", # 10 000 0001 0000 100 145 | 0xdce4 : "PMSWINC_EL0", # 11 011 1001 1100 100 146 | 0x8884 : "TRCOSLAR", # 10 001 0001 0000 100 147 | 0x8be6 : "TRCLAR", # 10 001 0111 1100 110 148 | 0xc661 : "ICC_EOIR1_EL1", # 11 000 1100 1100 001 149 | 0xc641 : "ICC_EOIR0_EL1", # 11 000 1100 1000 001 150 | 0xc659 : "ICC_DIR_EL1", # 11 000 1100 1011 001 151 | 0xc65d : "ICC_SGI1R_EL1", # 11 000 1100 1011 101 152 | 0xc65e : "ICC_ASGI1R_EL1", # 11 000 1100 1011 110 153 | 0xc65f : "ICC_SGI0R_EL1", # 11 000 1100 1011 111 154 | 0x8002 : "OSDTRRX_EL1", # 10 000 0000 0000 010 155 | 0x801a : "OSDTRTX_EL1", # 10 000 0000 0011 010 156 | 0x9000 : "TEECR32_EL1", # 10 010 0000 0000 000 157 | 0x8010 : "MDCCINT_EL1", # 10 000 0000 0010 000 158 | 0x8012 : "MDSCR_EL1", # 10 000 0000 0010 010 159 | 0x9820 : "DBGDTR_EL0", # 10 011 0000 0100 000 160 | 0x8032 : "OSECCR_EL1", # 10 000 0000 0110 010 161 | 0xa038 : "DBGVCR32_EL2", # 10 100 0000 0111 000 162 | 0x8004 : "DBGBVR0_EL1", # 10 000 0000 0000 100 163 | 0x800c : "DBGBVR1_EL1", # 10 000 0000 0001 100 164 | 0x8014 : "DBGBVR2_EL1", # 10 000 0000 0010 100 165 | 0x801c : "DBGBVR3_EL1", # 10 000 0000 0011 100 166 | 0x8024 : "DBGBVR4_EL1", # 10 000 0000 0100 100 167 | 0x802c : "DBGBVR5_EL1", # 10 000 0000 0101 100 168 | 0x8034 : "DBGBVR6_EL1", # 10 000 0000 0110 100 169 | 0x803c : "DBGBVR7_EL1", # 10 000 0000 0111 100 170 | 0x8044 : "DBGBVR8_EL1", # 10 000 0000 1000 100 171 | 0x804c : "DBGBVR9_EL1", # 10 000 0000 1001 100 172 | 0x8054 : "DBGBVR10_EL1", # 10 000 0000 1010 100 173 | 0x805c : "DBGBVR11_EL1", # 10 000 0000 1011 100 174 | 0x8064 : "DBGBVR12_EL1", # 10 000 0000 1100 100 175 | 0x806c : "DBGBVR13_EL1", # 10 000 0000 1101 100 176 | 0x8074 : "DBGBVR14_EL1", # 10 000 0000 1110 100 177 | 0x807c : "DBGBVR15_EL1", # 10 000 0000 1111 100 178 | 0x8005 : "DBGBCR0_EL1", # 10 000 0000 0000 101 179 | 0x800d : "DBGBCR1_EL1", # 10 000 0000 0001 101 180 | 0x8015 : "DBGBCR2_EL1", # 10 000 0000 0010 101 181 | 0x801d : "DBGBCR3_EL1", # 10 000 0000 0011 101 182 | 0x8025 : "DBGBCR4_EL1", # 10 000 0000 0100 101 183 | 0x802d : "DBGBCR5_EL1", # 10 000 0000 0101 101 184 | 0x8035 : "DBGBCR6_EL1", # 10 000 0000 0110 101 185 | 0x803d : "DBGBCR7_EL1", # 10 000 0000 0111 101 186 | 0x8045 : "DBGBCR8_EL1", # 10 000 0000 1000 101 187 | 0x804d : "DBGBCR9_EL1", # 10 000 0000 1001 101 188 | 0x8055 : "DBGBCR10_EL1", # 10 000 0000 1010 101 189 | 0x805d : "DBGBCR11_EL1", # 10 000 0000 1011 101 190 | 0x8065 : "DBGBCR12_EL1", # 10 000 0000 1100 101 191 | 0x806d : "DBGBCR13_EL1", # 10 000 0000 1101 101 192 | 0x8075 : "DBGBCR14_EL1", # 10 000 0000 1110 101 193 | 0x807d : "DBGBCR15_EL1", # 10 000 0000 1111 101 194 | 0x8006 : "DBGWVR0_EL1", # 10 000 0000 0000 110 195 | 0x800e : "DBGWVR1_EL1", # 10 000 0000 0001 110 196 | 0x8016 : "DBGWVR2_EL1", # 10 000 0000 0010 110 197 | 0x801e : "DBGWVR3_EL1", # 10 000 0000 0011 110 198 | 0x8026 : "DBGWVR4_EL1", # 10 000 0000 0100 110 199 | 0x802e : "DBGWVR5_EL1", # 10 000 0000 0101 110 200 | 0x8036 : "DBGWVR6_EL1", # 10 000 0000 0110 110 201 | 0x803e : "DBGWVR7_EL1", # 10 000 0000 0111 110 202 | 0x8046 : "DBGWVR8_EL1", # 10 000 0000 1000 110 203 | 0x804e : "DBGWVR9_EL1", # 10 000 0000 1001 110 204 | 0x8056 : "DBGWVR10_EL1", # 10 000 0000 1010 110 205 | 0x805e : "DBGWVR11_EL1", # 10 000 0000 1011 110 206 | 0x8066 : "DBGWVR12_EL1", # 10 000 0000 1100 110 207 | 0x806e : "DBGWVR13_EL1", # 10 000 0000 1101 110 208 | 0x8076 : "DBGWVR14_EL1", # 10 000 0000 1110 110 209 | 0x807e : "DBGWVR15_EL1", # 10 000 0000 1111 110 210 | 0x8007 : "DBGWCR0_EL1", # 10 000 0000 0000 111 211 | 0x800f : "DBGWCR1_EL1", # 10 000 0000 0001 111 212 | 0x8017 : "DBGWCR2_EL1", # 10 000 0000 0010 111 213 | 0x801f : "DBGWCR3_EL1", # 10 000 0000 0011 111 214 | 0x8027 : "DBGWCR4_EL1", # 10 000 0000 0100 111 215 | 0x802f : "DBGWCR5_EL1", # 10 000 0000 0101 111 216 | 0x8037 : "DBGWCR6_EL1", # 10 000 0000 0110 111 217 | 0x803f : "DBGWCR7_EL1", # 10 000 0000 0111 111 218 | 0x8047 : "DBGWCR8_EL1", # 10 000 0000 1000 111 219 | 0x804f : "DBGWCR9_EL1", # 10 000 0000 1001 111 220 | 0x8057 : "DBGWCR10_EL1", # 10 000 0000 1010 111 221 | 0x805f : "DBGWCR11_EL1", # 10 000 0000 1011 111 222 | 0x8067 : "DBGWCR12_EL1", # 10 000 0000 1100 111 223 | 0x806f : "DBGWCR13_EL1", # 10 000 0000 1101 111 224 | 0x8077 : "DBGWCR14_EL1", # 10 000 0000 1110 111 225 | 0x807f : "DBGWCR15_EL1", # 10 000 0000 1111 111 226 | 0x9080 : "TEEHBR32_EL1", # 10 010 0001 0000 000 227 | 0x809c : "OSDLR_EL1", # 10 000 0001 0011 100 228 | 0x80a4 : "DBGPRCR_EL1", # 10 000 0001 0100 100 229 | 0x83c6 : "DBGCLAIMSET_EL1", # 10 000 0111 1000 110 230 | 0x83ce : "DBGCLAIMCLR_EL1", # 10 000 0111 1001 110 231 | 0xd000 : "CSSELR_EL1", # 11 010 0000 0000 000 232 | 0xe000 : "VPIDR_EL2", # 11 100 0000 0000 000 233 | 0xe005 : "VMPIDR_EL2", # 11 100 0000 0000 101 234 | 0xc082 : "CPACR_EL1", # 11 000 0001 0000 010 235 | 0xc080 : "SCTLR_EL1", # 11 000 0001 0000 000 236 | 0xe080 : "SCTLR_EL2", # 11 100 0001 0000 000 237 | 0xf080 : "SCTLR_EL3", # 11 110 0001 0000 000 238 | 0xc081 : "ACTLR_EL1", # 11 000 0001 0000 001 239 | 0xe081 : "ACTLR_EL2", # 11 100 0001 0000 001 240 | 0xf081 : "ACTLR_EL3", # 11 110 0001 0000 001 241 | 0xe088 : "HCR_EL2", # 11 100 0001 0001 000 242 | 0xf088 : "SCR_EL3", # 11 110 0001 0001 000 243 | 0xe089 : "MDCR_EL2", # 11 100 0001 0001 001 244 | 0xf089 : "SDER32_EL3", # 11 110 0001 0001 001 245 | 0xe08a : "CPTR_EL2", # 11 100 0001 0001 010 246 | 0xf08a : "CPTR_EL3", # 11 110 0001 0001 010 247 | 0xe08b : "HSTR_EL2", # 11 100 0001 0001 011 248 | 0xe08f : "HACR_EL2", # 11 100 0001 0001 111 249 | 0xf099 : "MDCR_EL3", # 11 110 0001 0011 001 250 | 0xc100 : "TTBR0_EL1", # 11 000 0010 0000 000 251 | 0xe100 : "TTBR0_EL2", # 11 100 0010 0000 000 252 | 0xf100 : "TTBR0_EL3", # 11 110 0010 0000 000 253 | 0xc101 : "TTBR1_EL1", # 11 000 0010 0000 001 254 | 0xc102 : "TCR_EL1", # 11 000 0010 0000 010 255 | 0xe102 : "TCR_EL2", # 11 100 0010 0000 010 256 | 0xf102 : "TCR_EL3", # 11 110 0010 0000 010 257 | 0xe108 : "VTTBR_EL2", # 11 100 0010 0001 000 258 | 0xe10a : "VTCR_EL2", # 11 100 0010 0001 010 259 | 0xe180 : "DACR32_EL2", # 11 100 0011 0000 000 260 | 0xc200 : "SPSR_EL1", # 11 000 0100 0000 000 261 | 0xe200 : "SPSR_EL2", # 11 100 0100 0000 000 262 | 0xf200 : "SPSR_EL3", # 11 110 0100 0000 000 263 | 0xc201 : "ELR_EL1", # 11 000 0100 0000 001 264 | 0xe201 : "ELR_EL2", # 11 100 0100 0000 001 265 | 0xf201 : "ELR_EL3", # 11 110 0100 0000 001 266 | 0xc208 : "SP_EL0", # 11 000 0100 0001 000 267 | 0xe208 : "SP_EL1", # 11 100 0100 0001 000 268 | 0xf208 : "SP_EL2", # 11 110 0100 0001 000 269 | 0xc210 : "SPSel", # 11 000 0100 0010 000 270 | 0xda10 : "NZCV", # 11 011 0100 0010 000 271 | 0xda11 : "DAIF", # 11 011 0100 0010 001 272 | 0xc212 : "CurrentEL", # 11 000 0100 0010 010 273 | 0xe218 : "SPSR_irq", # 11 100 0100 0011 000 274 | 0xe219 : "SPSR_abt", # 11 100 0100 0011 001 275 | 0xe21a : "SPSR_und", # 11 100 0100 0011 010 276 | 0xe21b : "SPSR_fiq", # 11 100 0100 0011 011 277 | 0xda20 : "FPCR", # 11 011 0100 0100 000 278 | 0xda21 : "FPSR", # 11 011 0100 0100 001 279 | 0xda28 : "DSPSR_EL0", # 11 011 0100 0101 000 280 | 0xda29 : "DLR_EL0", # 11 011 0100 0101 001 281 | 0xe281 : "IFSR32_EL2", # 11 100 0101 0000 001 282 | 0xc288 : "AFSR0_EL1", # 11 000 0101 0001 000 283 | 0xe288 : "AFSR0_EL2", # 11 100 0101 0001 000 284 | 0xf288 : "AFSR0_EL3", # 11 110 0101 0001 000 285 | 0xc289 : "AFSR1_EL1", # 11 000 0101 0001 001 286 | 0xe289 : "AFSR1_EL2", # 11 100 0101 0001 001 287 | 0xf289 : "AFSR1_EL3", # 11 110 0101 0001 001 288 | 0xc290 : "ESR_EL1", # 11 000 0101 0010 000 289 | 0xe290 : "ESR_EL2", # 11 100 0101 0010 000 290 | 0xf290 : "ESR_EL3", # 11 110 0101 0010 000 291 | 0xe298 : "FPEXC32_EL2", # 11 100 0101 0011 000 292 | 0xc300 : "FAR_EL1", # 11 000 0110 0000 000 293 | 0xe300 : "FAR_EL2", # 11 100 0110 0000 000 294 | 0xf300 : "FAR_EL3", # 11 110 0110 0000 000 295 | 0xe304 : "HPFAR_EL2", # 11 100 0110 0000 100 296 | 0xc3a0 : "PAR_EL1", # 11 000 0111 0100 000 297 | 0xdce0 : "PMCR_EL0", # 11 011 1001 1100 000 298 | 0xdce1 : "PMCNTENSET_EL0", # 11 011 1001 1100 001 299 | 0xdce2 : "PMCNTENCLR_EL0", # 11 011 1001 1100 010 300 | 0xdce3 : "PMOVSCLR_EL0", # 11 011 1001 1100 011 301 | 0xdce5 : "PMSELR_EL0", # 11 011 1001 1100 101 302 | 0xdce8 : "PMCCNTR_EL0", # 11 011 1001 1101 000 303 | 0xdce9 : "PMXEVTYPER_EL0", # 11 011 1001 1101 001 304 | 0xdcea : "PMXEVCNTR_EL0", # 11 011 1001 1101 010 305 | 0xdcf0 : "PMUSERENR_EL0", # 11 011 1001 1110 000 306 | 0xc4f1 : "PMINTENSET_EL1", # 11 000 1001 1110 001 307 | 0xc4f2 : "PMINTENCLR_EL1", # 11 000 1001 1110 010 308 | 0xdcf3 : "PMOVSSET_EL0", # 11 011 1001 1110 011 309 | 0xc510 : "MAIR_EL1", # 11 000 1010 0010 000 310 | 0xe510 : "MAIR_EL2", # 11 100 1010 0010 000 311 | 0xf510 : "MAIR_EL3", # 11 110 1010 0010 000 312 | 0xc518 : "AMAIR_EL1", # 11 000 1010 0011 000 313 | 0xe518 : "AMAIR_EL2", # 11 100 1010 0011 000 314 | 0xf518 : "AMAIR_EL3", # 11 110 1010 0011 000 315 | 0xc600 : "VBAR_EL1", # 11 000 1100 0000 000 316 | 0xe600 : "VBAR_EL2", # 11 100 1100 0000 000 317 | 0xf600 : "VBAR_EL3", # 11 110 1100 0000 000 318 | 0xc602 : "RMR_EL1", # 11 000 1100 0000 010 319 | 0xe602 : "RMR_EL2", # 11 100 1100 0000 010 320 | 0xf602 : "RMR_EL3", # 11 110 1100 0000 010 321 | 0xc681 : "CONTEXTIDR_EL1", # 11 000 1101 0000 001 322 | 0xde82 : "TPIDR_EL0", # 11 011 1101 0000 010 323 | 0xe682 : "TPIDR_EL2", # 11 100 1101 0000 010 324 | 0xf682 : "TPIDR_EL3", # 11 110 1101 0000 010 325 | 0xde83 : "TPIDRRO_EL0", # 11 011 1101 0000 011 326 | 0xc684 : "TPIDR_EL1", # 11 000 1101 0000 100 327 | 0xdf00 : "CNTFRQ_EL0", # 11 011 1110 0000 000 328 | 0xe703 : "CNTVOFF_EL2", # 11 100 1110 0000 011 329 | 0xc708 : "CNTKCTL_EL1", # 11 000 1110 0001 000 330 | 0xe708 : "CNTHCTL_EL2", # 11 100 1110 0001 000 331 | 0xdf10 : "CNTP_TVAL_EL0", # 11 011 1110 0010 000 332 | 0xe710 : "CNTHP_TVAL_EL2", # 11 100 1110 0010 000 333 | 0xff10 : "CNTPS_TVAL_EL1", # 11 111 1110 0010 000 334 | 0xdf11 : "CNTP_CTL_EL0", # 11 011 1110 0010 001 335 | 0xe711 : "CNTHP_CTL_EL2", # 11 100 1110 0010 001 336 | 0xff11 : "CNTPS_CTL_EL1", # 11 111 1110 0010 001 337 | 0xdf12 : "CNTP_CVAL_EL0", # 11 011 1110 0010 010 338 | 0xe712 : "CNTHP_CVAL_EL2", # 11 100 1110 0010 010 339 | 0xff12 : "CNTPS_CVAL_EL1", # 11 111 1110 0010 010 340 | 0xdf18 : "CNTV_TVAL_EL0", # 11 011 1110 0011 000 341 | 0xdf19 : "CNTV_CTL_EL0", # 11 011 1110 0011 001 342 | 0xdf1a : "CNTV_CVAL_EL0", # 11 011 1110 0011 010 343 | 0xdf40 : "PMEVCNTR0_EL0", # 11 011 1110 1000 000 344 | 0xdf41 : "PMEVCNTR1_EL0", # 11 011 1110 1000 001 345 | 0xdf42 : "PMEVCNTR2_EL0", # 11 011 1110 1000 010 346 | 0xdf43 : "PMEVCNTR3_EL0", # 11 011 1110 1000 011 347 | 0xdf44 : "PMEVCNTR4_EL0", # 11 011 1110 1000 100 348 | 0xdf45 : "PMEVCNTR5_EL0", # 11 011 1110 1000 101 349 | 0xdf46 : "PMEVCNTR6_EL0", # 11 011 1110 1000 110 350 | 0xdf47 : "PMEVCNTR7_EL0", # 11 011 1110 1000 111 351 | 0xdf48 : "PMEVCNTR8_EL0", # 11 011 1110 1001 000 352 | 0xdf49 : "PMEVCNTR9_EL0", # 11 011 1110 1001 001 353 | 0xdf4a : "PMEVCNTR10_EL0", # 11 011 1110 1001 010 354 | 0xdf4b : "PMEVCNTR11_EL0", # 11 011 1110 1001 011 355 | 0xdf4c : "PMEVCNTR12_EL0", # 11 011 1110 1001 100 356 | 0xdf4d : "PMEVCNTR13_EL0", # 11 011 1110 1001 101 357 | 0xdf4e : "PMEVCNTR14_EL0", # 11 011 1110 1001 110 358 | 0xdf4f : "PMEVCNTR15_EL0", # 11 011 1110 1001 111 359 | 0xdf50 : "PMEVCNTR16_EL0", # 11 011 1110 1010 000 360 | 0xdf51 : "PMEVCNTR17_EL0", # 11 011 1110 1010 001 361 | 0xdf52 : "PMEVCNTR18_EL0", # 11 011 1110 1010 010 362 | 0xdf53 : "PMEVCNTR19_EL0", # 11 011 1110 1010 011 363 | 0xdf54 : "PMEVCNTR20_EL0", # 11 011 1110 1010 100 364 | 0xdf55 : "PMEVCNTR21_EL0", # 11 011 1110 1010 101 365 | 0xdf56 : "PMEVCNTR22_EL0", # 11 011 1110 1010 110 366 | 0xdf57 : "PMEVCNTR23_EL0", # 11 011 1110 1010 111 367 | 0xdf58 : "PMEVCNTR24_EL0", # 11 011 1110 1011 000 368 | 0xdf59 : "PMEVCNTR25_EL0", # 11 011 1110 1011 001 369 | 0xdf5a : "PMEVCNTR26_EL0", # 11 011 1110 1011 010 370 | 0xdf5b : "PMEVCNTR27_EL0", # 11 011 1110 1011 011 371 | 0xdf5c : "PMEVCNTR28_EL0", # 11 011 1110 1011 100 372 | 0xdf5d : "PMEVCNTR29_EL0", # 11 011 1110 1011 101 373 | 0xdf5e : "PMEVCNTR30_EL0", # 11 011 1110 1011 110 374 | 0xdf7f : "PMCCFILTR_EL0", # 11 011 1110 1111 111 375 | 0xdf60 : "PMEVTYPER0_EL0", # 11 011 1110 1100 000 376 | 0xdf61 : "PMEVTYPER1_EL0", # 11 011 1110 1100 001 377 | 0xdf62 : "PMEVTYPER2_EL0", # 11 011 1110 1100 010 378 | 0xdf63 : "PMEVTYPER3_EL0", # 11 011 1110 1100 011 379 | 0xdf64 : "PMEVTYPER4_EL0", # 11 011 1110 1100 100 380 | 0xdf65 : "PMEVTYPER5_EL0", # 11 011 1110 1100 101 381 | 0xdf66 : "PMEVTYPER6_EL0", # 11 011 1110 1100 110 382 | 0xdf67 : "PMEVTYPER7_EL0", # 11 011 1110 1100 111 383 | 0xdf68 : "PMEVTYPER8_EL0", # 11 011 1110 1101 000 384 | 0xdf69 : "PMEVTYPER9_EL0", # 11 011 1110 1101 001 385 | 0xdf6a : "PMEVTYPER10_EL0", # 11 011 1110 1101 010 386 | 0xdf6b : "PMEVTYPER11_EL0", # 11 011 1110 1101 011 387 | 0xdf6c : "PMEVTYPER12_EL0", # 11 011 1110 1101 100 388 | 0xdf6d : "PMEVTYPER13_EL0", # 11 011 1110 1101 101 389 | 0xdf6e : "PMEVTYPER14_EL0", # 11 011 1110 1101 110 390 | 0xdf6f : "PMEVTYPER15_EL0", # 11 011 1110 1101 111 391 | 0xdf70 : "PMEVTYPER16_EL0", # 11 011 1110 1110 000 392 | 0xdf71 : "PMEVTYPER17_EL0", # 11 011 1110 1110 001 393 | 0xdf72 : "PMEVTYPER18_EL0", # 11 011 1110 1110 010 394 | 0xdf73 : "PMEVTYPER19_EL0", # 11 011 1110 1110 011 395 | 0xdf74 : "PMEVTYPER20_EL0", # 11 011 1110 1110 100 396 | 0xdf75 : "PMEVTYPER21_EL0", # 11 011 1110 1110 101 397 | 0xdf76 : "PMEVTYPER22_EL0", # 11 011 1110 1110 110 398 | 0xdf77 : "PMEVTYPER23_EL0", # 11 011 1110 1110 111 399 | 0xdf78 : "PMEVTYPER24_EL0", # 11 011 1110 1111 000 400 | 0xdf79 : "PMEVTYPER25_EL0", # 11 011 1110 1111 001 401 | 0xdf7a : "PMEVTYPER26_EL0", # 11 011 1110 1111 010 402 | 0xdf7b : "PMEVTYPER27_EL0", # 11 011 1110 1111 011 403 | 0xdf7c : "PMEVTYPER28_EL0", # 11 011 1110 1111 100 404 | 0xdf7d : "PMEVTYPER29_EL0", # 11 011 1110 1111 101 405 | 0xdf7e : "PMEVTYPER30_EL0", # 11 011 1110 1111 110 406 | 0x8808 : "TRCPRGCTLR", # 10 001 0000 0001 000 407 | 0x8810 : "TRCPROCSELR", # 10 001 0000 0010 000 408 | 0x8820 : "TRCCONFIGR", # 10 001 0000 0100 000 409 | 0x8830 : "TRCAUXCTLR", # 10 001 0000 0110 000 410 | 0x8840 : "TRCEVENTCTL0R", # 10 001 0000 1000 000 411 | 0x8848 : "TRCEVENTCTL1R", # 10 001 0000 1001 000 412 | 0x8858 : "TRCSTALLCTLR", # 10 001 0000 1011 000 413 | 0x8860 : "TRCTSCTLR", # 10 001 0000 1100 000 414 | 0x8868 : "TRCSYNCPR", # 10 001 0000 1101 000 415 | 0x8870 : "TRCCCCTLR", # 10 001 0000 1110 000 416 | 0x8878 : "TRCBBCTLR", # 10 001 0000 1111 000 417 | 0x8801 : "TRCTRACEIDR", # 10 001 0000 0000 001 418 | 0x8809 : "TRCQCTLR", # 10 001 0000 0001 001 419 | 0x8802 : "TRCVICTLR", # 10 001 0000 0000 010 420 | 0x880a : "TRCVIIECTLR", # 10 001 0000 0001 010 421 | 0x8812 : "TRCVISSCTLR", # 10 001 0000 0010 010 422 | 0x881a : "TRCVIPCSSCTLR", # 10 001 0000 0011 010 423 | 0x8842 : "TRCVDCTLR", # 10 001 0000 1000 010 424 | 0x884a : "TRCVDSACCTLR", # 10 001 0000 1001 010 425 | 0x8852 : "TRCVDARCCTLR", # 10 001 0000 1010 010 426 | 0x8804 : "TRCSEQEVR0", # 10 001 0000 0000 100 427 | 0x880c : "TRCSEQEVR1", # 10 001 0000 0001 100 428 | 0x8814 : "TRCSEQEVR2", # 10 001 0000 0010 100 429 | 0x8834 : "TRCSEQRSTEVR", # 10 001 0000 0110 100 430 | 0x883c : "TRCSEQSTR", # 10 001 0000 0111 100 431 | 0x8844 : "TRCEXTINSELR", # 10 001 0000 1000 100 432 | 0x8805 : "TRCCNTRLDVR0", # 10 001 0000 0000 101 433 | 0x880d : "TRCCNTRLDVR1", # 10 001 0000 0001 101 434 | 0x8815 : "TRCCNTRLDVR2", # 10 001 0000 0010 101 435 | 0x881d : "TRCCNTRLDVR3", # 10 001 0000 0011 101 436 | 0x8825 : "TRCCNTCTLR0", # 10 001 0000 0100 101 437 | 0x882d : "TRCCNTCTLR1", # 10 001 0000 0101 101 438 | 0x8835 : "TRCCNTCTLR2", # 10 001 0000 0110 101 439 | 0x883d : "TRCCNTCTLR3", # 10 001 0000 0111 101 440 | 0x8845 : "TRCCNTVR0", # 10 001 0000 1000 101 441 | 0x884d : "TRCCNTVR1", # 10 001 0000 1001 101 442 | 0x8855 : "TRCCNTVR2", # 10 001 0000 1010 101 443 | 0x885d : "TRCCNTVR3", # 10 001 0000 1011 101 444 | 0x8807 : "TRCIMSPEC0", # 10 001 0000 0000 111 445 | 0x880f : "TRCIMSPEC1", # 10 001 0000 0001 111 446 | 0x8817 : "TRCIMSPEC2", # 10 001 0000 0010 111 447 | 0x881f : "TRCIMSPEC3", # 10 001 0000 0011 111 448 | 0x8827 : "TRCIMSPEC4", # 10 001 0000 0100 111 449 | 0x882f : "TRCIMSPEC5", # 10 001 0000 0101 111 450 | 0x8837 : "TRCIMSPEC6", # 10 001 0000 0110 111 451 | 0x883f : "TRCIMSPEC7", # 10 001 0000 0111 111 452 | 0x8890 : "TRCRSCTLR2", # 10 001 0001 0010 000 453 | 0x8898 : "TRCRSCTLR3", # 10 001 0001 0011 000 454 | 0x88a0 : "TRCRSCTLR4", # 10 001 0001 0100 000 455 | 0x88a8 : "TRCRSCTLR5", # 10 001 0001 0101 000 456 | 0x88b0 : "TRCRSCTLR6", # 10 001 0001 0110 000 457 | 0x88b8 : "TRCRSCTLR7", # 10 001 0001 0111 000 458 | 0x88c0 : "TRCRSCTLR8", # 10 001 0001 1000 000 459 | 0x88c8 : "TRCRSCTLR9", # 10 001 0001 1001 000 460 | 0x88d0 : "TRCRSCTLR10", # 10 001 0001 1010 000 461 | 0x88d8 : "TRCRSCTLR11", # 10 001 0001 1011 000 462 | 0x88e0 : "TRCRSCTLR12", # 10 001 0001 1100 000 463 | 0x88e8 : "TRCRSCTLR13", # 10 001 0001 1101 000 464 | 0x88f0 : "TRCRSCTLR14", # 10 001 0001 1110 000 465 | 0x88f8 : "TRCRSCTLR15", # 10 001 0001 1111 000 466 | 0x8881 : "TRCRSCTLR16", # 10 001 0001 0000 001 467 | 0x8889 : "TRCRSCTLR17", # 10 001 0001 0001 001 468 | 0x8891 : "TRCRSCTLR18", # 10 001 0001 0010 001 469 | 0x8899 : "TRCRSCTLR19", # 10 001 0001 0011 001 470 | 0x88a1 : "TRCRSCTLR20", # 10 001 0001 0100 001 471 | 0x88a9 : "TRCRSCTLR21", # 10 001 0001 0101 001 472 | 0x88b1 : "TRCRSCTLR22", # 10 001 0001 0110 001 473 | 0x88b9 : "TRCRSCTLR23", # 10 001 0001 0111 001 474 | 0x88c1 : "TRCRSCTLR24", # 10 001 0001 1000 001 475 | 0x88c9 : "TRCRSCTLR25", # 10 001 0001 1001 001 476 | 0x88d1 : "TRCRSCTLR26", # 10 001 0001 1010 001 477 | 0x88d9 : "TRCRSCTLR27", # 10 001 0001 1011 001 478 | 0x88e1 : "TRCRSCTLR28", # 10 001 0001 1100 001 479 | 0x88e9 : "TRCRSCTLR29", # 10 001 0001 1101 001 480 | 0x88f1 : "TRCRSCTLR30", # 10 001 0001 1110 001 481 | 0x88f9 : "TRCRSCTLR31", # 10 001 0001 1111 001 482 | 0x8882 : "TRCSSCCR0", # 10 001 0001 0000 010 483 | 0x888a : "TRCSSCCR1", # 10 001 0001 0001 010 484 | 0x8892 : "TRCSSCCR2", # 10 001 0001 0010 010 485 | 0x889a : "TRCSSCCR3", # 10 001 0001 0011 010 486 | 0x88a2 : "TRCSSCCR4", # 10 001 0001 0100 010 487 | 0x88aa : "TRCSSCCR5", # 10 001 0001 0101 010 488 | 0x88b2 : "TRCSSCCR6", # 10 001 0001 0110 010 489 | 0x88ba : "TRCSSCCR7", # 10 001 0001 0111 010 490 | 0x88c2 : "TRCSSCSR0", # 10 001 0001 1000 010 491 | 0x88ca : "TRCSSCSR1", # 10 001 0001 1001 010 492 | 0x88d2 : "TRCSSCSR2", # 10 001 0001 1010 010 493 | 0x88da : "TRCSSCSR3", # 10 001 0001 1011 010 494 | 0x88e2 : "TRCSSCSR4", # 10 001 0001 1100 010 495 | 0x88ea : "TRCSSCSR5", # 10 001 0001 1101 010 496 | 0x88f2 : "TRCSSCSR6", # 10 001 0001 1110 010 497 | 0x88fa : "TRCSSCSR7", # 10 001 0001 1111 010 498 | 0x8883 : "TRCSSPCICR0", # 10 001 0001 0000 011 499 | 0x888b : "TRCSSPCICR1", # 10 001 0001 0001 011 500 | 0x8893 : "TRCSSPCICR2", # 10 001 0001 0010 011 501 | 0x889b : "TRCSSPCICR3", # 10 001 0001 0011 011 502 | 0x88a3 : "TRCSSPCICR4", # 10 001 0001 0100 011 503 | 0x88ab : "TRCSSPCICR5", # 10 001 0001 0101 011 504 | 0x88b3 : "TRCSSPCICR6", # 10 001 0001 0110 011 505 | 0x88bb : "TRCSSPCICR7", # 10 001 0001 0111 011 506 | 0x88a4 : "TRCPDCR", # 10 001 0001 0100 100 507 | 0x8900 : "TRCACVR0", # 10 001 0010 0000 000 508 | 0x8910 : "TRCACVR1", # 10 001 0010 0010 000 509 | 0x8920 : "TRCACVR2", # 10 001 0010 0100 000 510 | 0x8930 : "TRCACVR3", # 10 001 0010 0110 000 511 | 0x8940 : "TRCACVR4", # 10 001 0010 1000 000 512 | 0x8950 : "TRCACVR5", # 10 001 0010 1010 000 513 | 0x8960 : "TRCACVR6", # 10 001 0010 1100 000 514 | 0x8970 : "TRCACVR7", # 10 001 0010 1110 000 515 | 0x8901 : "TRCACVR8", # 10 001 0010 0000 001 516 | 0x8911 : "TRCACVR9", # 10 001 0010 0010 001 517 | 0x8921 : "TRCACVR10", # 10 001 0010 0100 001 518 | 0x8931 : "TRCACVR11", # 10 001 0010 0110 001 519 | 0x8941 : "TRCACVR12", # 10 001 0010 1000 001 520 | 0x8951 : "TRCACVR13", # 10 001 0010 1010 001 521 | 0x8961 : "TRCACVR14", # 10 001 0010 1100 001 522 | 0x8971 : "TRCACVR15", # 10 001 0010 1110 001 523 | 0x8902 : "TRCACATR0", # 10 001 0010 0000 010 524 | 0x8912 : "TRCACATR1", # 10 001 0010 0010 010 525 | 0x8922 : "TRCACATR2", # 10 001 0010 0100 010 526 | 0x8932 : "TRCACATR3", # 10 001 0010 0110 010 527 | 0x8942 : "TRCACATR4", # 10 001 0010 1000 010 528 | 0x8952 : "TRCACATR5", # 10 001 0010 1010 010 529 | 0x8962 : "TRCACATR6", # 10 001 0010 1100 010 530 | 0x8972 : "TRCACATR7", # 10 001 0010 1110 010 531 | 0x8903 : "TRCACATR8", # 10 001 0010 0000 011 532 | 0x8913 : "TRCACATR9", # 10 001 0010 0010 011 533 | 0x8923 : "TRCACATR10", # 10 001 0010 0100 011 534 | 0x8933 : "TRCACATR11", # 10 001 0010 0110 011 535 | 0x8943 : "TRCACATR12", # 10 001 0010 1000 011 536 | 0x8953 : "TRCACATR13", # 10 001 0010 1010 011 537 | 0x8963 : "TRCACATR14", # 10 001 0010 1100 011 538 | 0x8973 : "TRCACATR15", # 10 001 0010 1110 011 539 | 0x8904 : "TRCDVCVR0", # 10 001 0010 0000 100 540 | 0x8924 : "TRCDVCVR1", # 10 001 0010 0100 100 541 | 0x8944 : "TRCDVCVR2", # 10 001 0010 1000 100 542 | 0x8964 : "TRCDVCVR3", # 10 001 0010 1100 100 543 | 0x8905 : "TRCDVCVR4", # 10 001 0010 0000 101 544 | 0x8925 : "TRCDVCVR5", # 10 001 0010 0100 101 545 | 0x8945 : "TRCDVCVR6", # 10 001 0010 1000 101 546 | 0x8965 : "TRCDVCVR7", # 10 001 0010 1100 101 547 | 0x8906 : "TRCDVCMR0", # 10 001 0010 0000 110 548 | 0x8926 : "TRCDVCMR1", # 10 001 0010 0100 110 549 | 0x8946 : "TRCDVCMR2", # 10 001 0010 1000 110 550 | 0x8966 : "TRCDVCMR3", # 10 001 0010 1100 110 551 | 0x8907 : "TRCDVCMR4", # 10 001 0010 0000 111 552 | 0x8927 : "TRCDVCMR5", # 10 001 0010 0100 111 553 | 0x8947 : "TRCDVCMR6", # 10 001 0010 1000 111 554 | 0x8967 : "TRCDVCMR7", # 10 001 0010 1100 111 555 | 0x8980 : "TRCCIDCVR0", # 10 001 0011 0000 000 556 | 0x8990 : "TRCCIDCVR1", # 10 001 0011 0010 000 557 | 0x89a0 : "TRCCIDCVR2", # 10 001 0011 0100 000 558 | 0x89b0 : "TRCCIDCVR3", # 10 001 0011 0110 000 559 | 0x89c0 : "TRCCIDCVR4", # 10 001 0011 1000 000 560 | 0x89d0 : "TRCCIDCVR5", # 10 001 0011 1010 000 561 | 0x89e0 : "TRCCIDCVR6", # 10 001 0011 1100 000 562 | 0x89f0 : "TRCCIDCVR7", # 10 001 0011 1110 000 563 | 0x8981 : "TRCVMIDCVR0", # 10 001 0011 0000 001 564 | 0x8991 : "TRCVMIDCVR1", # 10 001 0011 0010 001 565 | 0x89a1 : "TRCVMIDCVR2", # 10 001 0011 0100 001 566 | 0x89b1 : "TRCVMIDCVR3", # 10 001 0011 0110 001 567 | 0x89c1 : "TRCVMIDCVR4", # 10 001 0011 1000 001 568 | 0x89d1 : "TRCVMIDCVR5", # 10 001 0011 1010 001 569 | 0x89e1 : "TRCVMIDCVR6", # 10 001 0011 1100 001 570 | 0x89f1 : "TRCVMIDCVR7", # 10 001 0011 1110 001 571 | 0x8982 : "TRCCIDCCTLR0", # 10 001 0011 0000 010 572 | 0x898a : "TRCCIDCCTLR1", # 10 001 0011 0001 010 573 | 0x8992 : "TRCVMIDCCTLR0", # 10 001 0011 0010 010 574 | 0x899a : "TRCVMIDCCTLR1", # 10 001 0011 0011 010 575 | 0x8b84 : "TRCITCTRL", # 10 001 0111 0000 100 576 | 0x8bc6 : "TRCCLAIMSET", # 10 001 0111 1000 110 577 | 0x8bce : "TRCCLAIMCLR", # 10 001 0111 1001 110 578 | 0xc663 : "ICC_BPR1_EL1", # 11 000 1100 1100 011 579 | 0xc643 : "ICC_BPR0_EL1", # 11 000 1100 1000 011 580 | 0xc230 : "ICC_PMR_EL1", # 11 000 0100 0110 000 581 | 0xc664 : "ICC_CTLR_EL1", # 11 000 1100 1100 100 582 | 0xf664 : "ICC_CTLR_EL3", # 11 110 1100 1100 100 583 | 0xc665 : "ICC_SRE_EL1", # 11 000 1100 1100 101 584 | 0xe64d : "ICC_SRE_EL2", # 11 100 1100 1001 101 585 | 0xf665 : "ICC_SRE_EL3", # 11 110 1100 1100 101 586 | 0xc666 : "ICC_IGRPEN0_EL1", # 11 000 1100 1100 110 587 | 0xc667 : "ICC_IGRPEN1_EL1", # 11 000 1100 1100 111 588 | 0xf667 : "ICC_IGRPEN1_EL3", # 11 110 1100 1100 111 589 | 0xc668 : "ICC_SEIEN_EL1", # 11 000 1100 1101 000 590 | 0xc644 : "ICC_AP0R0_EL1", # 11 000 1100 1000 100 591 | 0xc645 : "ICC_AP0R1_EL1", # 11 000 1100 1000 101 592 | 0xc646 : "ICC_AP0R2_EL1", # 11 000 1100 1000 110 593 | 0xc647 : "ICC_AP0R3_EL1", # 11 000 1100 1000 111 594 | 0xc648 : "ICC_AP1R0_EL1", # 11 000 1100 1001 000 595 | 0xc649 : "ICC_AP1R1_EL1", # 11 000 1100 1001 001 596 | 0xc64a : "ICC_AP1R2_EL1", # 11 000 1100 1001 010 597 | 0xc64b : "ICC_AP1R3_EL1", # 11 000 1100 1001 011 598 | 0xe640 : "ICH_AP0R0_EL2", # 11 100 1100 1000 000 599 | 0xe641 : "ICH_AP0R1_EL2", # 11 100 1100 1000 001 600 | 0xe642 : "ICH_AP0R2_EL2", # 11 100 1100 1000 010 601 | 0xe643 : "ICH_AP0R3_EL2", # 11 100 1100 1000 011 602 | 0xe648 : "ICH_AP1R0_EL2", # 11 100 1100 1001 000 603 | 0xe649 : "ICH_AP1R1_EL2", # 11 100 1100 1001 001 604 | 0xe64a : "ICH_AP1R2_EL2", # 11 100 1100 1001 010 605 | 0xe64b : "ICH_AP1R3_EL2", # 11 100 1100 1001 011 606 | 0xe658 : "ICH_HCR_EL2", # 11 100 1100 1011 000 607 | 0xe65a : "ICH_MISR_EL2", # 11 100 1100 1011 010 608 | 0xe65f : "ICH_VMCR_EL2", # 11 100 1100 1011 111 609 | 0xe64c : "ICH_VSEIR_EL2", # 11 100 1100 1001 100 610 | 0xe660 : "ICH_LR0_EL2", # 11 100 1100 1100 000 611 | 0xe661 : "ICH_LR1_EL2", # 11 100 1100 1100 001 612 | 0xe662 : "ICH_LR2_EL2", # 11 100 1100 1100 010 613 | 0xe663 : "ICH_LR3_EL2", # 11 100 1100 1100 011 614 | 0xe664 : "ICH_LR4_EL2", # 11 100 1100 1100 100 615 | 0xe665 : "ICH_LR5_EL2", # 11 100 1100 1100 101 616 | 0xe666 : "ICH_LR6_EL2", # 11 100 1100 1100 110 617 | 0xe667 : "ICH_LR7_EL2", # 11 100 1100 1100 111 618 | 0xe668 : "ICH_LR8_EL2", # 11 100 1100 1101 000 619 | 0xe669 : "ICH_LR9_EL2", # 11 100 1100 1101 001 620 | 0xe66a : "ICH_LR10_EL2", # 11 100 1100 1101 010 621 | 0xe66b : "ICH_LR11_EL2", # 11 100 1100 1101 011 622 | 0xe66c : "ICH_LR12_EL2", # 11 100 1100 1101 100 623 | 0xe66d : "ICH_LR13_EL2", # 11 100 1100 1101 101 624 | 0xe66e : "ICH_LR14_EL2", # 11 100 1100 1101 110 625 | 0xe66f : "ICH_LR15_EL2", # 11 100 1100 1101 111 626 | 0xff90 : "CPM_IOACC_CTL_EL3" 627 | } 628 | 629 | # generated from https://github.com/gdelugre/ida-arm-system-highlight 630 | regs32 = { 631 | # cpnum Op1 CRn CRm Op2 632 | # 1111 111 1111 1111 111 633 | 0x38000 : "DBGDIDR", 634 | 0x38002 : "DBGDTRRX", 635 | 0x38004 : "DBGBVR0", 636 | 0x38005 : "DBGBCR0", 637 | 0x38006 : "DBGWVR0", 638 | 0x38007 : "DBGWCR0", 639 | 0x38008 : "DBGDSCR", 640 | 0x3800c : "DBGBVR1", 641 | 0x3800d : "DBGBCR1", 642 | 0x3800e : "DBGWVR1", 643 | 0x3800f : "DBGWCR1", 644 | 0x38012 : "DBGDSCR", 645 | 0x38014 : "DBGBVR2", 646 | 0x38015 : "DBGBCR2", 647 | 0x38016 : "DBGWVR2", 648 | 0x38017 : "DBGWCR2", 649 | 0x3801a : "DBGDTRTX", 650 | 0x3801c : "DBGBVR3", 651 | 0x3801d : "DBGBCR3", 652 | 0x3801e : "DBGWVR3", 653 | 0x3801f : "DBGWCR3", 654 | 0x38021 : "DBGBXVR0", 655 | 0x38024 : "DBGBVR4", 656 | 0x38025 : "DBGBCR4", 657 | 0x38028 : "DBGDTRRX", 658 | 0x38029 : "DBGBXVR1", 659 | 0x3802c : "DBGBVR5", 660 | 0x3802d : "DBGBCR5", 661 | 0x38030 : "DBGWFAR", 662 | 0x38038 : "DBGVCR", 663 | 0x38080 : "DBGDRAR", 664 | 0x38084 : "DBGOSLAR", 665 | 0x38084 : "DBGOSLSR", 666 | 0x3809c : "DBGOSDLR", 667 | 0x380a4 : "DBGPRCR", 668 | 0x38100 : "DBGDSAR", 669 | 0x38387 : "DBGDEVID2", 670 | 0x3838f : "DBGDEVID1", 671 | 0x383f6 : "DBGAUTHSTATUS", 672 | 0x38397 : "DBGDEVID", 673 | 0x3c000 : "MIDR", 674 | 0x3c001 : "CTR", 675 | 0x3c002 : "TCMTR", 676 | 0x3c003 : "TLBTR", 677 | 0x3c004 : "MIDR", 678 | 0x3c005 : "MPIDR", 679 | 0x3c006 : "REVIDR", 680 | 0x3c007 : "MIDR", 681 | 0x3c008 : "ID_PFR0", 682 | 0x3c009 : "ID_PFR1", 683 | 0x3c00a : "ID_DFR0", 684 | 0x3c00b : "ID_AFR0", 685 | 0x3c00c : "ID_MMFR0", 686 | 0x3c00d : "ID_MMFR1", 687 | 0x3c00e : "ID_MMFR2", 688 | 0x3c00f : "ID_MMFR3", 689 | 0x3c010 : "ID_ISAR0", 690 | 0x3c011 : "ID_ISAR1", 691 | 0x3c012 : "ID_ISAR2", 692 | 0x3c013 : "ID_ISAR3", 693 | 0x3c014 : "ID_ISAR4", 694 | 0x3c015 : "ID_ISAR5", 695 | 0x3c800 : "CCSIDR", 696 | 0x3c801 : "CLIDR", 697 | 0x3c807 : "AIDR", 698 | 0x3d000 : "CCSELR", 699 | 0x3e000 : "VPIDR", 700 | 0x3e005 : "VMPIDR", 701 | 0x3c080 : "SCTLR", 702 | 0x3c081 : "ACTLR", 703 | 0x3c082 : "CPACR", 704 | 0x3c088 : "SCR", 705 | 0x3c089 : "SDER", 706 | 0x3c08a : "NSACR", 707 | 0x3e080 : "HSCTLR", 708 | 0x3e081 : "HACTLR", 709 | 0x3e088 : "HCR", 710 | 0x3e089 : "HDCR", 711 | 0x3e08a : "HCPTR", 712 | 0x3e08b : "HSTR", 713 | 0x3e08f : "HACR", 714 | 0x3c510 : "MAIR0", 715 | 0x3c511 : "MAIR1", 716 | 0x3c518 : "AMAIR0", 717 | 0x3c519 : "AMAIR1", 718 | 0x3e510 : "HMAIR0", 719 | 0x3e511 : "HMAIR1", 720 | 0x3e518 : "HAMAIR0", 721 | 0x3e519 : "HAMAIR1", 722 | 0x3c600 : "VBAR", 723 | 0x3c601 : "MVBAR", 724 | 0x3c608 : "ISR", 725 | 0x3e600 : "HVBAR", 726 | 0x3c680 : "FCSEIDR", 727 | 0x3c681 : "CONTEXTIDR", 728 | 0x3c682 : "TPIDRURW", 729 | 0x3c683 : "TPIDRURO", 730 | 0x3c684 : "TPIDRPRW", 731 | 0x3e682 : "HTPIDR", 732 | 0x3c700 : "CNTFRQ", 733 | 0x3c780 : "IL1Data0", 734 | 0x3c781 : "IL1Data1", 735 | 0x3c782 : "IL1Data2", 736 | 0x3c788 : "DL1Data0", 737 | 0x3c789 : "DL1Data1", 738 | 0x3c78a : "DL1Data2", 739 | 0x3c7e1 : "CCNT", 740 | 0x3c7e2 : "PMN0", 741 | 0x3c7e3 : "PMN1", 742 | 0x3c7a0 : "RAMINDEX", 743 | 0x3cf80 : "L2ACTLR", 744 | 0x3cf83 : "L2FPR", 745 | 0x3e780 : "CBAR", 746 | 0x3c100 : "TTBR0", 747 | 0x3c101 : "TTBR1", 748 | 0x3e102 : "HTCR", 749 | 0x3e10a : "VTCR", 750 | 0x3c180 : "DACR", 751 | 0x3c280 : "DFSR", 752 | 0x3c281 : "IFSR", 753 | 0x3c288 : "ADFSR", 754 | 0x3c288 : "AIFSR", 755 | 0x3e288 : "HADFSR", 756 | 0x3e289 : "HAIFSR", 757 | 0x3e290 : "HSR", 758 | 0x3c300 : "DFAR", 759 | 0x3c302 : "IFAR", 760 | 0x3e300 : "HDFAR", 761 | 0x3e302 : "HIFAR", 762 | 0x3e304 : "HPFAR", 763 | 0x3c384 : "NOP", 764 | 0x3c388 : "ICIALLUIS", 765 | 0x3c38e : "BPIALLIS", 766 | 0x3c3d1 : "DCCMVAC", 767 | 0x3c3d2 : "DCCSW", 768 | 0x3c3d4 : "CP15DSB", 769 | 0x3c3d5 : "CP15DMB", 770 | 0x3c3d9 : "DCCMVAU", 771 | 0x3c3e9 : "NOP", 772 | 0x3c3f1 : "DCCIMVAC", 773 | 0x3c3f2 : "DCCISW", 774 | 0x3c3a0 : "PAR", 775 | 0x3c3a8 : "ICIALLU", 776 | 0x3c3a9 : "ICIMVAU", 777 | 0x3c3ac : "CP15ISB", 778 | 0x3c3ae : "BPIALL", 779 | 0x3c3af : "BPIMVA", 780 | 0x3c3b1 : "DCIMVAC", 781 | 0x3c3b2 : "DCISW", 782 | 0x3c3c0 : "ATS1CPR", 783 | 0x3c3c1 : "ATS1CPW", 784 | 0x3c3c2 : "ATS1CUR", 785 | 0x3c3c3 : "ATS1CUW", 786 | 0x3c3c4 : "ATS12NSOPR", 787 | 0x3c3c5 : "ATS12NSOPW", 788 | 0x3c3c6 : "ATS12NSOUR", 789 | 0x3c3c7 : "ATS12NSOUW", 790 | 0x3e3c0 : "ATS1HR", 791 | 0x3e3c1 : "ATS1HR", 792 | 0x3c418 : "TLBIALLIS", 793 | 0x3c419 : "TLBIMVAIS", 794 | 0x3c41a : "TLBIASIDIS", 795 | 0x3c41b : "TLBIMVAAIS", 796 | 0x3c428 : "ITLBIALL", 797 | 0x3c429 : "ITLBIMVA", 798 | 0x3c42a : "ITLBIASID", 799 | 0x3c430 : "DTLBIALL", 800 | 0x3c431 : "DTLBIMVA", 801 | 0x3c432 : "DTLBIASID", 802 | 0x3c438 : "TLBIALL", 803 | 0x3c439 : "TLBIMVA", 804 | 0x3c43a : "TLBIASID", 805 | 0x3c43b : "TLBIMVAA", 806 | 0x3e418 : "TLBIALLHIS", 807 | 0x3e419 : "TLBIMVAHIS", 808 | 0x3e41c : "TLBIALLNSNHIS", 809 | 0x3e438 : "TLBIALLH", 810 | 0x3e439 : "TLBIMVAH", 811 | 0x3e43c : "TLBIALLNSNH", 812 | 0x3c4e0 : "PMCR", 813 | 0x3c4e1 : "PMNCNTENSET", 814 | 0x3c4e2 : "PMNCNTENCLR", 815 | 0x3c4e3 : "PMOVSR", 816 | 0x3c4e4 : "PMSWINC", 817 | 0x3c4e5 : "PMSELR", 818 | 0x3c4e6 : "PMCEID0", 819 | 0x3c4e7 : "PMCEID1", 820 | 0x3c4e8 : "PMCCNTR", 821 | 0x3c4e9 : "PMXEVTYPER", 822 | 0x3c4ea : "PMXEVCNTR", 823 | 0x3c4f0 : "PMUSERENR", 824 | 0x3c4f1 : "PMINTENSET", 825 | 0x3c4f2 : "PMINTENCLR", 826 | 0x3c4f3 : "PMOVSSET", 827 | 0x3cc82 : "L2CTLR", 828 | 0x3cc83 : "L2ECTLR", 829 | } 830 | 831 | shifts = [ 14, 11, 7, 3, 0 ] 832 | shiftz = [ 14, 11, -1, 7, 3, 0 ] 833 | 834 | inttype = None 835 | 836 | class cblock_visitor_t(idaapi.ctree_visitor_t): 837 | def __init__(self): 838 | idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST) 839 | return 840 | 841 | def visit_expr(self, expr): 842 | try: 843 | if expr.op == idaapi.cot_call and expr.x.op == idaapi.cot_helper: 844 | #print idaapi.tag_remove(expr.x.print1(None)) 845 | if expr.x.helper == "ARM64_SYSREG" and len(expr.a) == 5: # and idaapi.getseg(expr.ea).use64(): 846 | reg = 0 847 | for j, i in enumerate(expr.a): 848 | if i.type != inttype: 849 | break 850 | #print i.n.value(i.type) 851 | reg = reg | (i.numval() << shifts[j]) 852 | else: 853 | if reg in regs64.keys(): 854 | n = idaapi.cexpr_t() 855 | n.op = idaapi.cot_helper 856 | n.helper = regs64[reg] 857 | n.exflags = idaapi.EXFL_ALONE 858 | expr.cleanup() 859 | expr.replace_by(n) 860 | #print "ok" 861 | elif expr.x.helper == "__mrc" and len(expr.a) == 5: # and not idaapi.getseg(expr.ea).use64(): 862 | reg = 0 863 | for j, i in enumerate(expr.a): 864 | if i.type != inttype: 865 | break 866 | reg = reg | (i.numval() << shifts[j]) 867 | else: 868 | if reg in regs32.keys(): 869 | n = idaapi.cexpr_t() 870 | n.op = idaapi.cot_helper 871 | n.helper = regs32[reg] 872 | n.exflags = idaapi.EXFL_ALONE 873 | #expr.x.helper = "_ReadSystemReg" 874 | while len(expr.a) > 1: 875 | expr.a.pop_back() 876 | expr.a[0].cleanup() 877 | expr.a[0].replace_by(n) 878 | elif expr.x.helper == "__mcr" and len(expr.a) == 6: # and not idaapi.getseg(expr.ea).use64(): 879 | reg = 0 880 | for j, i in enumerate(expr.a): 881 | if shiftz[j] < 0: 882 | continue 883 | if i.type != inttype: 884 | break 885 | reg = reg | (i.numval() << shiftz[j]) 886 | else: 887 | if reg in regs32.keys(): 888 | n = idaapi.cexpr_t() 889 | n.op = idaapi.cot_helper 890 | n.helper = regs32[reg] 891 | n.exflags = idaapi.EXFL_ALONE 892 | #expr.x.helper = "_WriteSystemReg" 893 | expr.a[1] = expr.a[2] 894 | while len(expr.a) > 2: 895 | expr.a.pop_back() 896 | expr.a[0].cleanup() 897 | expr.a[0].replace_by(n) 898 | print "ok" 899 | except: 900 | traceback.print_exc() 901 | return 0 902 | 903 | class hexrays_callback_info(object): 904 | def __init__(self): 905 | return 906 | 907 | def event_callback(self, event, *args): 908 | try: 909 | if event == idaapi.hxe_maturity: 910 | cfunc, maturity = args 911 | if maturity == idaapi.CMAT_FINAL: 912 | cbv = cblock_visitor_t() 913 | cbv.apply_to(cfunc.body, None) 914 | #cfunc.verify(idaapi.FORBID_UNUSED_LABELS, True); 915 | except: 916 | traceback.print_exc() 917 | return 0 918 | 919 | def remove(): 920 | if hexnight_cb: 921 | idaapi.remove_hexrays_callback(hexnight_cb) 922 | 923 | class HexHNightPlugin_t(idaapi.plugin_t): 924 | flags = idaapi.PLUGIN_HIDE 925 | comment = "show symbolic names for ARM sysregs in Pseudocode-View" 926 | help = "Runs transparently" 927 | wanted_name = "HexNight" 928 | wanted_hotkey = "" 929 | 930 | def init(self): 931 | # Some initialization 932 | global hexnight_cb_info, hexnight_cb, inttype 933 | 934 | if idaapi.init_hexrays_plugin() and idaapi.ph_get_id() == idaapi.PLFM_ARM: 935 | inttype = idaapi.get_int_type_by_width_and_sign(4, True) 936 | hexnight_cb_info = hexrays_callback_info() 937 | hexnight_cb = hexnight_cb_info.event_callback 938 | if idaapi.install_hexrays_callback(hexnight_cb): 939 | print "Hexnight plugin installed" 940 | addon = idaapi.addon_info_t(); 941 | addon.id = "org.xerub.hexnight"; 942 | addon.name = "Hexnight"; 943 | addon.producer = "xerub"; 944 | addon.url = "https://twitter.com/xerub"; 945 | addon.version = "7.0"; 946 | idaapi.register_addon( addon ); 947 | return idaapi.PLUGIN_KEEP 948 | print "Hexnight plugin failed" 949 | return idaapi.PLUGIN_SKIP 950 | 951 | def run(self, arg=0): 952 | return 953 | 954 | def term(self): 955 | remove() 956 | 957 | def PLUGIN_ENTRY(): 958 | return HexHNightPlugin_t() 959 | -------------------------------------------------------------------------------- /hnight.py: -------------------------------------------------------------------------------- 1 | # Print ARM sysregs using symbolic names. 2 | # 3 | # Copyright (c) 2017 xerub. All rights reserved 4 | 5 | import idautils 6 | import idaapi 7 | import idc 8 | 9 | import traceback 10 | 11 | hexnight_cb_info = None 12 | hexnight_cb = None 13 | 14 | # generated from capstone/arch/AArch64/AArch64BaseInfo.h 15 | regs64 = { 16 | # Apple specific 17 | 0xc780 : "HID0", 18 | 0xc781 : "EHID0", 19 | 0xc788 : "HID1", 20 | 0xc790 : "HID2", 21 | 0xc798 : "HID3", 22 | 0xc799 : "EHID3", 23 | 0xc7a0 : "HID4", 24 | 0xc7a8 : "HID5", 25 | 0xc7a9 : "EHID5", 26 | 0xc7b0 : "HID6", 27 | 0xc7b8 : "HID7", 28 | 0xc7c0 : "HID8", 29 | 0xc7c8 : "HID9", 30 | 0xc7d0 : "HID10", 31 | 0xc7e8 : "HID11", 32 | 0xc7d8 : "HID11", 33 | 0xc7d9 : "EHID11", 34 | 0xefa0 : "CYC_CFG", 35 | 0xefb0 : "ACC_OVRD", 36 | 0xefa8 : "CYC_OVRD", 37 | 0xdf80 : "LSU_ERR_STS", 38 | 0xdf90 : "E_LSU_ERR_STS", 39 | 0xdf88 : "LSU_ERR_CTL", 40 | 0xf780 : "MMU_ERR_STS", 41 | 0xf790 : "E_MMU_ERR_STS", 42 | 0xdfc0 : "L2C_ERR_STS", 43 | 0xdfc8 : "L2C_ERR_ADR", 44 | 0xdfd0 : "L2C_ERR_INF", 45 | 0xe784 : "MIGSTS_EL1", 46 | 0xe793 : "KTRR_LOWER_EL1", 47 | 0xe794 : "KTRR_UPPER_EL1", 48 | 0xe792 : "KTRR_LOCK_EL1", 49 | # end of Apple specific 50 | # Op0 Op1 CRn CRm Op2 51 | 0x9808 : "MDCCSR_EL0", # 10 011 0000 0001 000 52 | 0x9828 : "DBGDTRRX_EL0", # 10 011 0000 0101 000 53 | 0x8080 : "MDRAR_EL1", # 10 000 0001 0000 000 54 | 0x808c : "OSLSR_EL1", # 10 000 0001 0001 100 55 | 0x83f6 : "DBGAUTHSTATUS_EL1", # 10 000 0111 1110 110 56 | 0xdce6 : "PMCEID0_EL0", # 11 011 1001 1100 110 57 | 0xdce7 : "PMCEID1_EL0", # 11 011 1001 1100 111 58 | 0xc000 : "MIDR_EL1", # 11 000 0000 0000 000 59 | 0xc800 : "CCSIDR_EL1", # 11 001 0000 0000 000 60 | 0xc801 : "CLIDR_EL1", # 11 001 0000 0000 001 61 | 0xd801 : "CTR_EL0", # 11 011 0000 0000 001 62 | 0xc005 : "MPIDR_EL1", # 11 000 0000 0000 101 63 | 0xc006 : "REVIDR_EL1", # 11 000 0000 0000 110 64 | 0xc807 : "AIDR_EL1", # 11 001 0000 0000 111 65 | 0xd807 : "DCZID_EL0", # 11 011 0000 0000 111 66 | 0xc008 : "ID_PFR0_EL1", # 11 000 0000 0001 000 67 | 0xc009 : "ID_PFR1_EL1", # 11 000 0000 0001 001 68 | 0xc00a : "ID_DFR0_EL1", # 11 000 0000 0001 010 69 | 0xc00b : "ID_AFR0_EL1", # 11 000 0000 0001 011 70 | 0xc00c : "ID_MMFR0_EL1", # 11 000 0000 0001 100 71 | 0xc00d : "ID_MMFR1_EL1", # 11 000 0000 0001 101 72 | 0xc00e : "ID_MMFR2_EL1", # 11 000 0000 0001 110 73 | 0xc00f : "ID_MMFR3_EL1", # 11 000 0000 0001 111 74 | 0xc010 : "ID_ISAR0_EL1", # 11 000 0000 0010 000 75 | 0xc011 : "ID_ISAR1_EL1", # 11 000 0000 0010 001 76 | 0xc012 : "ID_ISAR2_EL1", # 11 000 0000 0010 010 77 | 0xc013 : "ID_ISAR3_EL1", # 11 000 0000 0010 011 78 | 0xc014 : "ID_ISAR4_EL1", # 11 000 0000 0010 100 79 | 0xc015 : "ID_ISAR5_EL1", # 11 000 0000 0010 101 80 | 0xc020 : "ID_A64PFR0_EL1", # 11 000 0000 0100 000 81 | 0xc021 : "ID_A64PFR1_EL1", # 11 000 0000 0100 001 82 | 0xc028 : "ID_A64DFR0_EL1", # 11 000 0000 0101 000 83 | 0xc029 : "ID_A64DFR1_EL1", # 11 000 0000 0101 001 84 | 0xc02c : "ID_A64AFR0_EL1", # 11 000 0000 0101 100 85 | 0xc02d : "ID_A64AFR1_EL1", # 11 000 0000 0101 101 86 | 0xc030 : "ID_A64ISAR0_EL1", # 11 000 0000 0110 000 87 | 0xc031 : "ID_A64ISAR1_EL1", # 11 000 0000 0110 001 88 | 0xc038 : "ID_A64MMFR0_EL1", # 11 000 0000 0111 000 89 | 0xc039 : "ID_A64MMFR1_EL1", # 11 000 0000 0111 001 90 | 0xc018 : "MVFR0_EL1", # 11 000 0000 0011 000 91 | 0xc019 : "MVFR1_EL1", # 11 000 0000 0011 001 92 | 0xc01a : "MVFR2_EL1", # 11 000 0000 0011 010 93 | 0xc601 : "RVBAR_EL1", # 11 000 1100 0000 001 94 | 0xe601 : "RVBAR_EL2", # 11 100 1100 0000 001 95 | 0xf601 : "RVBAR_EL3", # 11 110 1100 0000 001 96 | 0xc608 : "ISR_EL1", # 11 000 1100 0001 000 97 | 0xdf01 : "CNTPCT_EL0", # 11 011 1110 0000 001 98 | 0xdf02 : "CNTVCT_EL0", # 11 011 1110 0000 010 99 | 0x8818 : "TRCSTATR", # 10 001 0000 0011 000 100 | 0x8806 : "TRCIDR8", # 10 001 0000 0000 110 101 | 0x880e : "TRCIDR9", # 10 001 0000 0001 110 102 | 0x8816 : "TRCIDR10", # 10 001 0000 0010 110 103 | 0x881e : "TRCIDR11", # 10 001 0000 0011 110 104 | 0x8826 : "TRCIDR12", # 10 001 0000 0100 110 105 | 0x882e : "TRCIDR13", # 10 001 0000 0101 110 106 | 0x8847 : "TRCIDR0", # 10 001 0000 1000 111 107 | 0x884f : "TRCIDR1", # 10 001 0000 1001 111 108 | 0x8857 : "TRCIDR2", # 10 001 0000 1010 111 109 | 0x885f : "TRCIDR3", # 10 001 0000 1011 111 110 | 0x8867 : "TRCIDR4", # 10 001 0000 1100 111 111 | 0x886f : "TRCIDR5", # 10 001 0000 1101 111 112 | 0x8877 : "TRCIDR6", # 10 001 0000 1110 111 113 | 0x887f : "TRCIDR7", # 10 001 0000 1111 111 114 | 0x888c : "TRCOSLSR", # 10 001 0001 0001 100 115 | 0x88ac : "TRCPDSR", # 10 001 0001 0101 100 116 | 0x8bd6 : "TRCDEVAFF0", # 10 001 0111 1010 110 117 | 0x8bde : "TRCDEVAFF1", # 10 001 0111 1011 110 118 | 0x8bee : "TRCLSR", # 10 001 0111 1101 110 119 | 0x8bf6 : "TRCAUTHSTATUS", # 10 001 0111 1110 110 120 | 0x8bfe : "TRCDEVARCH", # 10 001 0111 1111 110 121 | 0x8b97 : "TRCDEVID", # 10 001 0111 0010 111 122 | 0x8b9f : "TRCDEVTYPE", # 10 001 0111 0011 111 123 | 0x8ba7 : "TRCPIDR4", # 10 001 0111 0100 111 124 | 0x8baf : "TRCPIDR5", # 10 001 0111 0101 111 125 | 0x8bb7 : "TRCPIDR6", # 10 001 0111 0110 111 126 | 0x8bbf : "TRCPIDR7", # 10 001 0111 0111 111 127 | 0x8bc7 : "TRCPIDR0", # 10 001 0111 1000 111 128 | 0x8bcf : "TRCPIDR1", # 10 001 0111 1001 111 129 | 0x8bd7 : "TRCPIDR2", # 10 001 0111 1010 111 130 | 0x8bdf : "TRCPIDR3", # 10 001 0111 1011 111 131 | 0x8be7 : "TRCCIDR0", # 10 001 0111 1100 111 132 | 0x8bef : "TRCCIDR1", # 10 001 0111 1101 111 133 | 0x8bf7 : "TRCCIDR2", # 10 001 0111 1110 111 134 | 0x8bff : "TRCCIDR3", # 10 001 0111 1111 111 135 | 0xc660 : "ICC_IAR1_EL1", # 11 000 1100 1100 000 136 | 0xc640 : "ICC_IAR0_EL1", # 11 000 1100 1000 000 137 | 0xc662 : "ICC_HPPIR1_EL1", # 11 000 1100 1100 010 138 | 0xc642 : "ICC_HPPIR0_EL1", # 11 000 1100 1000 010 139 | 0xc65b : "ICC_RPR_EL1", # 11 000 1100 1011 011 140 | 0xe659 : "ICH_VTR_EL2", # 11 100 1100 1011 001 141 | 0xe65b : "ICH_EISR_EL2", # 11 100 1100 1011 011 142 | 0xe65d : "ICH_ELSR_EL2", # 11 100 1100 1011 101 143 | 0x9828 : "DBGDTRTX_EL0", # 10 011 0000 0101 000 144 | 0x8084 : "OSLAR_EL1", # 10 000 0001 0000 100 145 | 0xdce4 : "PMSWINC_EL0", # 11 011 1001 1100 100 146 | 0x8884 : "TRCOSLAR", # 10 001 0001 0000 100 147 | 0x8be6 : "TRCLAR", # 10 001 0111 1100 110 148 | 0xc661 : "ICC_EOIR1_EL1", # 11 000 1100 1100 001 149 | 0xc641 : "ICC_EOIR0_EL1", # 11 000 1100 1000 001 150 | 0xc659 : "ICC_DIR_EL1", # 11 000 1100 1011 001 151 | 0xc65d : "ICC_SGI1R_EL1", # 11 000 1100 1011 101 152 | 0xc65e : "ICC_ASGI1R_EL1", # 11 000 1100 1011 110 153 | 0xc65f : "ICC_SGI0R_EL1", # 11 000 1100 1011 111 154 | 0x8002 : "OSDTRRX_EL1", # 10 000 0000 0000 010 155 | 0x801a : "OSDTRTX_EL1", # 10 000 0000 0011 010 156 | 0x9000 : "TEECR32_EL1", # 10 010 0000 0000 000 157 | 0x8010 : "MDCCINT_EL1", # 10 000 0000 0010 000 158 | 0x8012 : "MDSCR_EL1", # 10 000 0000 0010 010 159 | 0x9820 : "DBGDTR_EL0", # 10 011 0000 0100 000 160 | 0x8032 : "OSECCR_EL1", # 10 000 0000 0110 010 161 | 0xa038 : "DBGVCR32_EL2", # 10 100 0000 0111 000 162 | 0x8004 : "DBGBVR0_EL1", # 10 000 0000 0000 100 163 | 0x800c : "DBGBVR1_EL1", # 10 000 0000 0001 100 164 | 0x8014 : "DBGBVR2_EL1", # 10 000 0000 0010 100 165 | 0x801c : "DBGBVR3_EL1", # 10 000 0000 0011 100 166 | 0x8024 : "DBGBVR4_EL1", # 10 000 0000 0100 100 167 | 0x802c : "DBGBVR5_EL1", # 10 000 0000 0101 100 168 | 0x8034 : "DBGBVR6_EL1", # 10 000 0000 0110 100 169 | 0x803c : "DBGBVR7_EL1", # 10 000 0000 0111 100 170 | 0x8044 : "DBGBVR8_EL1", # 10 000 0000 1000 100 171 | 0x804c : "DBGBVR9_EL1", # 10 000 0000 1001 100 172 | 0x8054 : "DBGBVR10_EL1", # 10 000 0000 1010 100 173 | 0x805c : "DBGBVR11_EL1", # 10 000 0000 1011 100 174 | 0x8064 : "DBGBVR12_EL1", # 10 000 0000 1100 100 175 | 0x806c : "DBGBVR13_EL1", # 10 000 0000 1101 100 176 | 0x8074 : "DBGBVR14_EL1", # 10 000 0000 1110 100 177 | 0x807c : "DBGBVR15_EL1", # 10 000 0000 1111 100 178 | 0x8005 : "DBGBCR0_EL1", # 10 000 0000 0000 101 179 | 0x800d : "DBGBCR1_EL1", # 10 000 0000 0001 101 180 | 0x8015 : "DBGBCR2_EL1", # 10 000 0000 0010 101 181 | 0x801d : "DBGBCR3_EL1", # 10 000 0000 0011 101 182 | 0x8025 : "DBGBCR4_EL1", # 10 000 0000 0100 101 183 | 0x802d : "DBGBCR5_EL1", # 10 000 0000 0101 101 184 | 0x8035 : "DBGBCR6_EL1", # 10 000 0000 0110 101 185 | 0x803d : "DBGBCR7_EL1", # 10 000 0000 0111 101 186 | 0x8045 : "DBGBCR8_EL1", # 10 000 0000 1000 101 187 | 0x804d : "DBGBCR9_EL1", # 10 000 0000 1001 101 188 | 0x8055 : "DBGBCR10_EL1", # 10 000 0000 1010 101 189 | 0x805d : "DBGBCR11_EL1", # 10 000 0000 1011 101 190 | 0x8065 : "DBGBCR12_EL1", # 10 000 0000 1100 101 191 | 0x806d : "DBGBCR13_EL1", # 10 000 0000 1101 101 192 | 0x8075 : "DBGBCR14_EL1", # 10 000 0000 1110 101 193 | 0x807d : "DBGBCR15_EL1", # 10 000 0000 1111 101 194 | 0x8006 : "DBGWVR0_EL1", # 10 000 0000 0000 110 195 | 0x800e : "DBGWVR1_EL1", # 10 000 0000 0001 110 196 | 0x8016 : "DBGWVR2_EL1", # 10 000 0000 0010 110 197 | 0x801e : "DBGWVR3_EL1", # 10 000 0000 0011 110 198 | 0x8026 : "DBGWVR4_EL1", # 10 000 0000 0100 110 199 | 0x802e : "DBGWVR5_EL1", # 10 000 0000 0101 110 200 | 0x8036 : "DBGWVR6_EL1", # 10 000 0000 0110 110 201 | 0x803e : "DBGWVR7_EL1", # 10 000 0000 0111 110 202 | 0x8046 : "DBGWVR8_EL1", # 10 000 0000 1000 110 203 | 0x804e : "DBGWVR9_EL1", # 10 000 0000 1001 110 204 | 0x8056 : "DBGWVR10_EL1", # 10 000 0000 1010 110 205 | 0x805e : "DBGWVR11_EL1", # 10 000 0000 1011 110 206 | 0x8066 : "DBGWVR12_EL1", # 10 000 0000 1100 110 207 | 0x806e : "DBGWVR13_EL1", # 10 000 0000 1101 110 208 | 0x8076 : "DBGWVR14_EL1", # 10 000 0000 1110 110 209 | 0x807e : "DBGWVR15_EL1", # 10 000 0000 1111 110 210 | 0x8007 : "DBGWCR0_EL1", # 10 000 0000 0000 111 211 | 0x800f : "DBGWCR1_EL1", # 10 000 0000 0001 111 212 | 0x8017 : "DBGWCR2_EL1", # 10 000 0000 0010 111 213 | 0x801f : "DBGWCR3_EL1", # 10 000 0000 0011 111 214 | 0x8027 : "DBGWCR4_EL1", # 10 000 0000 0100 111 215 | 0x802f : "DBGWCR5_EL1", # 10 000 0000 0101 111 216 | 0x8037 : "DBGWCR6_EL1", # 10 000 0000 0110 111 217 | 0x803f : "DBGWCR7_EL1", # 10 000 0000 0111 111 218 | 0x8047 : "DBGWCR8_EL1", # 10 000 0000 1000 111 219 | 0x804f : "DBGWCR9_EL1", # 10 000 0000 1001 111 220 | 0x8057 : "DBGWCR10_EL1", # 10 000 0000 1010 111 221 | 0x805f : "DBGWCR11_EL1", # 10 000 0000 1011 111 222 | 0x8067 : "DBGWCR12_EL1", # 10 000 0000 1100 111 223 | 0x806f : "DBGWCR13_EL1", # 10 000 0000 1101 111 224 | 0x8077 : "DBGWCR14_EL1", # 10 000 0000 1110 111 225 | 0x807f : "DBGWCR15_EL1", # 10 000 0000 1111 111 226 | 0x9080 : "TEEHBR32_EL1", # 10 010 0001 0000 000 227 | 0x809c : "OSDLR_EL1", # 10 000 0001 0011 100 228 | 0x80a4 : "DBGPRCR_EL1", # 10 000 0001 0100 100 229 | 0x83c6 : "DBGCLAIMSET_EL1", # 10 000 0111 1000 110 230 | 0x83ce : "DBGCLAIMCLR_EL1", # 10 000 0111 1001 110 231 | 0xd000 : "CSSELR_EL1", # 11 010 0000 0000 000 232 | 0xe000 : "VPIDR_EL2", # 11 100 0000 0000 000 233 | 0xe005 : "VMPIDR_EL2", # 11 100 0000 0000 101 234 | 0xc082 : "CPACR_EL1", # 11 000 0001 0000 010 235 | 0xc080 : "SCTLR_EL1", # 11 000 0001 0000 000 236 | 0xe080 : "SCTLR_EL2", # 11 100 0001 0000 000 237 | 0xf080 : "SCTLR_EL3", # 11 110 0001 0000 000 238 | 0xc081 : "ACTLR_EL1", # 11 000 0001 0000 001 239 | 0xe081 : "ACTLR_EL2", # 11 100 0001 0000 001 240 | 0xf081 : "ACTLR_EL3", # 11 110 0001 0000 001 241 | 0xe088 : "HCR_EL2", # 11 100 0001 0001 000 242 | 0xf088 : "SCR_EL3", # 11 110 0001 0001 000 243 | 0xe089 : "MDCR_EL2", # 11 100 0001 0001 001 244 | 0xf089 : "SDER32_EL3", # 11 110 0001 0001 001 245 | 0xe08a : "CPTR_EL2", # 11 100 0001 0001 010 246 | 0xf08a : "CPTR_EL3", # 11 110 0001 0001 010 247 | 0xe08b : "HSTR_EL2", # 11 100 0001 0001 011 248 | 0xe08f : "HACR_EL2", # 11 100 0001 0001 111 249 | 0xf099 : "MDCR_EL3", # 11 110 0001 0011 001 250 | 0xc100 : "TTBR0_EL1", # 11 000 0010 0000 000 251 | 0xe100 : "TTBR0_EL2", # 11 100 0010 0000 000 252 | 0xf100 : "TTBR0_EL3", # 11 110 0010 0000 000 253 | 0xc101 : "TTBR1_EL1", # 11 000 0010 0000 001 254 | 0xc102 : "TCR_EL1", # 11 000 0010 0000 010 255 | 0xe102 : "TCR_EL2", # 11 100 0010 0000 010 256 | 0xf102 : "TCR_EL3", # 11 110 0010 0000 010 257 | 0xe108 : "VTTBR_EL2", # 11 100 0010 0001 000 258 | 0xe10a : "VTCR_EL2", # 11 100 0010 0001 010 259 | 0xe180 : "DACR32_EL2", # 11 100 0011 0000 000 260 | 0xc200 : "SPSR_EL1", # 11 000 0100 0000 000 261 | 0xe200 : "SPSR_EL2", # 11 100 0100 0000 000 262 | 0xf200 : "SPSR_EL3", # 11 110 0100 0000 000 263 | 0xc201 : "ELR_EL1", # 11 000 0100 0000 001 264 | 0xe201 : "ELR_EL2", # 11 100 0100 0000 001 265 | 0xf201 : "ELR_EL3", # 11 110 0100 0000 001 266 | 0xc208 : "SP_EL0", # 11 000 0100 0001 000 267 | 0xe208 : "SP_EL1", # 11 100 0100 0001 000 268 | 0xf208 : "SP_EL2", # 11 110 0100 0001 000 269 | 0xc210 : "SPSel", # 11 000 0100 0010 000 270 | 0xda10 : "NZCV", # 11 011 0100 0010 000 271 | 0xda11 : "DAIF", # 11 011 0100 0010 001 272 | 0xc212 : "CurrentEL", # 11 000 0100 0010 010 273 | 0xe218 : "SPSR_irq", # 11 100 0100 0011 000 274 | 0xe219 : "SPSR_abt", # 11 100 0100 0011 001 275 | 0xe21a : "SPSR_und", # 11 100 0100 0011 010 276 | 0xe21b : "SPSR_fiq", # 11 100 0100 0011 011 277 | 0xda20 : "FPCR", # 11 011 0100 0100 000 278 | 0xda21 : "FPSR", # 11 011 0100 0100 001 279 | 0xda28 : "DSPSR_EL0", # 11 011 0100 0101 000 280 | 0xda29 : "DLR_EL0", # 11 011 0100 0101 001 281 | 0xe281 : "IFSR32_EL2", # 11 100 0101 0000 001 282 | 0xc288 : "AFSR0_EL1", # 11 000 0101 0001 000 283 | 0xe288 : "AFSR0_EL2", # 11 100 0101 0001 000 284 | 0xf288 : "AFSR0_EL3", # 11 110 0101 0001 000 285 | 0xc289 : "AFSR1_EL1", # 11 000 0101 0001 001 286 | 0xe289 : "AFSR1_EL2", # 11 100 0101 0001 001 287 | 0xf289 : "AFSR1_EL3", # 11 110 0101 0001 001 288 | 0xc290 : "ESR_EL1", # 11 000 0101 0010 000 289 | 0xe290 : "ESR_EL2", # 11 100 0101 0010 000 290 | 0xf290 : "ESR_EL3", # 11 110 0101 0010 000 291 | 0xe298 : "FPEXC32_EL2", # 11 100 0101 0011 000 292 | 0xc300 : "FAR_EL1", # 11 000 0110 0000 000 293 | 0xe300 : "FAR_EL2", # 11 100 0110 0000 000 294 | 0xf300 : "FAR_EL3", # 11 110 0110 0000 000 295 | 0xe304 : "HPFAR_EL2", # 11 100 0110 0000 100 296 | 0xc3a0 : "PAR_EL1", # 11 000 0111 0100 000 297 | 0xdce0 : "PMCR_EL0", # 11 011 1001 1100 000 298 | 0xdce1 : "PMCNTENSET_EL0", # 11 011 1001 1100 001 299 | 0xdce2 : "PMCNTENCLR_EL0", # 11 011 1001 1100 010 300 | 0xdce3 : "PMOVSCLR_EL0", # 11 011 1001 1100 011 301 | 0xdce5 : "PMSELR_EL0", # 11 011 1001 1100 101 302 | 0xdce8 : "PMCCNTR_EL0", # 11 011 1001 1101 000 303 | 0xdce9 : "PMXEVTYPER_EL0", # 11 011 1001 1101 001 304 | 0xdcea : "PMXEVCNTR_EL0", # 11 011 1001 1101 010 305 | 0xdcf0 : "PMUSERENR_EL0", # 11 011 1001 1110 000 306 | 0xc4f1 : "PMINTENSET_EL1", # 11 000 1001 1110 001 307 | 0xc4f2 : "PMINTENCLR_EL1", # 11 000 1001 1110 010 308 | 0xdcf3 : "PMOVSSET_EL0", # 11 011 1001 1110 011 309 | 0xc510 : "MAIR_EL1", # 11 000 1010 0010 000 310 | 0xe510 : "MAIR_EL2", # 11 100 1010 0010 000 311 | 0xf510 : "MAIR_EL3", # 11 110 1010 0010 000 312 | 0xc518 : "AMAIR_EL1", # 11 000 1010 0011 000 313 | 0xe518 : "AMAIR_EL2", # 11 100 1010 0011 000 314 | 0xf518 : "AMAIR_EL3", # 11 110 1010 0011 000 315 | 0xc600 : "VBAR_EL1", # 11 000 1100 0000 000 316 | 0xe600 : "VBAR_EL2", # 11 100 1100 0000 000 317 | 0xf600 : "VBAR_EL3", # 11 110 1100 0000 000 318 | 0xc602 : "RMR_EL1", # 11 000 1100 0000 010 319 | 0xe602 : "RMR_EL2", # 11 100 1100 0000 010 320 | 0xf602 : "RMR_EL3", # 11 110 1100 0000 010 321 | 0xc681 : "CONTEXTIDR_EL1", # 11 000 1101 0000 001 322 | 0xde82 : "TPIDR_EL0", # 11 011 1101 0000 010 323 | 0xe682 : "TPIDR_EL2", # 11 100 1101 0000 010 324 | 0xf682 : "TPIDR_EL3", # 11 110 1101 0000 010 325 | 0xde83 : "TPIDRRO_EL0", # 11 011 1101 0000 011 326 | 0xc684 : "TPIDR_EL1", # 11 000 1101 0000 100 327 | 0xdf00 : "CNTFRQ_EL0", # 11 011 1110 0000 000 328 | 0xe703 : "CNTVOFF_EL2", # 11 100 1110 0000 011 329 | 0xc708 : "CNTKCTL_EL1", # 11 000 1110 0001 000 330 | 0xe708 : "CNTHCTL_EL2", # 11 100 1110 0001 000 331 | 0xdf10 : "CNTP_TVAL_EL0", # 11 011 1110 0010 000 332 | 0xe710 : "CNTHP_TVAL_EL2", # 11 100 1110 0010 000 333 | 0xff10 : "CNTPS_TVAL_EL1", # 11 111 1110 0010 000 334 | 0xdf11 : "CNTP_CTL_EL0", # 11 011 1110 0010 001 335 | 0xe711 : "CNTHP_CTL_EL2", # 11 100 1110 0010 001 336 | 0xff11 : "CNTPS_CTL_EL1", # 11 111 1110 0010 001 337 | 0xdf12 : "CNTP_CVAL_EL0", # 11 011 1110 0010 010 338 | 0xe712 : "CNTHP_CVAL_EL2", # 11 100 1110 0010 010 339 | 0xff12 : "CNTPS_CVAL_EL1", # 11 111 1110 0010 010 340 | 0xdf18 : "CNTV_TVAL_EL0", # 11 011 1110 0011 000 341 | 0xdf19 : "CNTV_CTL_EL0", # 11 011 1110 0011 001 342 | 0xdf1a : "CNTV_CVAL_EL0", # 11 011 1110 0011 010 343 | 0xdf40 : "PMEVCNTR0_EL0", # 11 011 1110 1000 000 344 | 0xdf41 : "PMEVCNTR1_EL0", # 11 011 1110 1000 001 345 | 0xdf42 : "PMEVCNTR2_EL0", # 11 011 1110 1000 010 346 | 0xdf43 : "PMEVCNTR3_EL0", # 11 011 1110 1000 011 347 | 0xdf44 : "PMEVCNTR4_EL0", # 11 011 1110 1000 100 348 | 0xdf45 : "PMEVCNTR5_EL0", # 11 011 1110 1000 101 349 | 0xdf46 : "PMEVCNTR6_EL0", # 11 011 1110 1000 110 350 | 0xdf47 : "PMEVCNTR7_EL0", # 11 011 1110 1000 111 351 | 0xdf48 : "PMEVCNTR8_EL0", # 11 011 1110 1001 000 352 | 0xdf49 : "PMEVCNTR9_EL0", # 11 011 1110 1001 001 353 | 0xdf4a : "PMEVCNTR10_EL0", # 11 011 1110 1001 010 354 | 0xdf4b : "PMEVCNTR11_EL0", # 11 011 1110 1001 011 355 | 0xdf4c : "PMEVCNTR12_EL0", # 11 011 1110 1001 100 356 | 0xdf4d : "PMEVCNTR13_EL0", # 11 011 1110 1001 101 357 | 0xdf4e : "PMEVCNTR14_EL0", # 11 011 1110 1001 110 358 | 0xdf4f : "PMEVCNTR15_EL0", # 11 011 1110 1001 111 359 | 0xdf50 : "PMEVCNTR16_EL0", # 11 011 1110 1010 000 360 | 0xdf51 : "PMEVCNTR17_EL0", # 11 011 1110 1010 001 361 | 0xdf52 : "PMEVCNTR18_EL0", # 11 011 1110 1010 010 362 | 0xdf53 : "PMEVCNTR19_EL0", # 11 011 1110 1010 011 363 | 0xdf54 : "PMEVCNTR20_EL0", # 11 011 1110 1010 100 364 | 0xdf55 : "PMEVCNTR21_EL0", # 11 011 1110 1010 101 365 | 0xdf56 : "PMEVCNTR22_EL0", # 11 011 1110 1010 110 366 | 0xdf57 : "PMEVCNTR23_EL0", # 11 011 1110 1010 111 367 | 0xdf58 : "PMEVCNTR24_EL0", # 11 011 1110 1011 000 368 | 0xdf59 : "PMEVCNTR25_EL0", # 11 011 1110 1011 001 369 | 0xdf5a : "PMEVCNTR26_EL0", # 11 011 1110 1011 010 370 | 0xdf5b : "PMEVCNTR27_EL0", # 11 011 1110 1011 011 371 | 0xdf5c : "PMEVCNTR28_EL0", # 11 011 1110 1011 100 372 | 0xdf5d : "PMEVCNTR29_EL0", # 11 011 1110 1011 101 373 | 0xdf5e : "PMEVCNTR30_EL0", # 11 011 1110 1011 110 374 | 0xdf7f : "PMCCFILTR_EL0", # 11 011 1110 1111 111 375 | 0xdf60 : "PMEVTYPER0_EL0", # 11 011 1110 1100 000 376 | 0xdf61 : "PMEVTYPER1_EL0", # 11 011 1110 1100 001 377 | 0xdf62 : "PMEVTYPER2_EL0", # 11 011 1110 1100 010 378 | 0xdf63 : "PMEVTYPER3_EL0", # 11 011 1110 1100 011 379 | 0xdf64 : "PMEVTYPER4_EL0", # 11 011 1110 1100 100 380 | 0xdf65 : "PMEVTYPER5_EL0", # 11 011 1110 1100 101 381 | 0xdf66 : "PMEVTYPER6_EL0", # 11 011 1110 1100 110 382 | 0xdf67 : "PMEVTYPER7_EL0", # 11 011 1110 1100 111 383 | 0xdf68 : "PMEVTYPER8_EL0", # 11 011 1110 1101 000 384 | 0xdf69 : "PMEVTYPER9_EL0", # 11 011 1110 1101 001 385 | 0xdf6a : "PMEVTYPER10_EL0", # 11 011 1110 1101 010 386 | 0xdf6b : "PMEVTYPER11_EL0", # 11 011 1110 1101 011 387 | 0xdf6c : "PMEVTYPER12_EL0", # 11 011 1110 1101 100 388 | 0xdf6d : "PMEVTYPER13_EL0", # 11 011 1110 1101 101 389 | 0xdf6e : "PMEVTYPER14_EL0", # 11 011 1110 1101 110 390 | 0xdf6f : "PMEVTYPER15_EL0", # 11 011 1110 1101 111 391 | 0xdf70 : "PMEVTYPER16_EL0", # 11 011 1110 1110 000 392 | 0xdf71 : "PMEVTYPER17_EL0", # 11 011 1110 1110 001 393 | 0xdf72 : "PMEVTYPER18_EL0", # 11 011 1110 1110 010 394 | 0xdf73 : "PMEVTYPER19_EL0", # 11 011 1110 1110 011 395 | 0xdf74 : "PMEVTYPER20_EL0", # 11 011 1110 1110 100 396 | 0xdf75 : "PMEVTYPER21_EL0", # 11 011 1110 1110 101 397 | 0xdf76 : "PMEVTYPER22_EL0", # 11 011 1110 1110 110 398 | 0xdf77 : "PMEVTYPER23_EL0", # 11 011 1110 1110 111 399 | 0xdf78 : "PMEVTYPER24_EL0", # 11 011 1110 1111 000 400 | 0xdf79 : "PMEVTYPER25_EL0", # 11 011 1110 1111 001 401 | 0xdf7a : "PMEVTYPER26_EL0", # 11 011 1110 1111 010 402 | 0xdf7b : "PMEVTYPER27_EL0", # 11 011 1110 1111 011 403 | 0xdf7c : "PMEVTYPER28_EL0", # 11 011 1110 1111 100 404 | 0xdf7d : "PMEVTYPER29_EL0", # 11 011 1110 1111 101 405 | 0xdf7e : "PMEVTYPER30_EL0", # 11 011 1110 1111 110 406 | 0x8808 : "TRCPRGCTLR", # 10 001 0000 0001 000 407 | 0x8810 : "TRCPROCSELR", # 10 001 0000 0010 000 408 | 0x8820 : "TRCCONFIGR", # 10 001 0000 0100 000 409 | 0x8830 : "TRCAUXCTLR", # 10 001 0000 0110 000 410 | 0x8840 : "TRCEVENTCTL0R", # 10 001 0000 1000 000 411 | 0x8848 : "TRCEVENTCTL1R", # 10 001 0000 1001 000 412 | 0x8858 : "TRCSTALLCTLR", # 10 001 0000 1011 000 413 | 0x8860 : "TRCTSCTLR", # 10 001 0000 1100 000 414 | 0x8868 : "TRCSYNCPR", # 10 001 0000 1101 000 415 | 0x8870 : "TRCCCCTLR", # 10 001 0000 1110 000 416 | 0x8878 : "TRCBBCTLR", # 10 001 0000 1111 000 417 | 0x8801 : "TRCTRACEIDR", # 10 001 0000 0000 001 418 | 0x8809 : "TRCQCTLR", # 10 001 0000 0001 001 419 | 0x8802 : "TRCVICTLR", # 10 001 0000 0000 010 420 | 0x880a : "TRCVIIECTLR", # 10 001 0000 0001 010 421 | 0x8812 : "TRCVISSCTLR", # 10 001 0000 0010 010 422 | 0x881a : "TRCVIPCSSCTLR", # 10 001 0000 0011 010 423 | 0x8842 : "TRCVDCTLR", # 10 001 0000 1000 010 424 | 0x884a : "TRCVDSACCTLR", # 10 001 0000 1001 010 425 | 0x8852 : "TRCVDARCCTLR", # 10 001 0000 1010 010 426 | 0x8804 : "TRCSEQEVR0", # 10 001 0000 0000 100 427 | 0x880c : "TRCSEQEVR1", # 10 001 0000 0001 100 428 | 0x8814 : "TRCSEQEVR2", # 10 001 0000 0010 100 429 | 0x8834 : "TRCSEQRSTEVR", # 10 001 0000 0110 100 430 | 0x883c : "TRCSEQSTR", # 10 001 0000 0111 100 431 | 0x8844 : "TRCEXTINSELR", # 10 001 0000 1000 100 432 | 0x8805 : "TRCCNTRLDVR0", # 10 001 0000 0000 101 433 | 0x880d : "TRCCNTRLDVR1", # 10 001 0000 0001 101 434 | 0x8815 : "TRCCNTRLDVR2", # 10 001 0000 0010 101 435 | 0x881d : "TRCCNTRLDVR3", # 10 001 0000 0011 101 436 | 0x8825 : "TRCCNTCTLR0", # 10 001 0000 0100 101 437 | 0x882d : "TRCCNTCTLR1", # 10 001 0000 0101 101 438 | 0x8835 : "TRCCNTCTLR2", # 10 001 0000 0110 101 439 | 0x883d : "TRCCNTCTLR3", # 10 001 0000 0111 101 440 | 0x8845 : "TRCCNTVR0", # 10 001 0000 1000 101 441 | 0x884d : "TRCCNTVR1", # 10 001 0000 1001 101 442 | 0x8855 : "TRCCNTVR2", # 10 001 0000 1010 101 443 | 0x885d : "TRCCNTVR3", # 10 001 0000 1011 101 444 | 0x8807 : "TRCIMSPEC0", # 10 001 0000 0000 111 445 | 0x880f : "TRCIMSPEC1", # 10 001 0000 0001 111 446 | 0x8817 : "TRCIMSPEC2", # 10 001 0000 0010 111 447 | 0x881f : "TRCIMSPEC3", # 10 001 0000 0011 111 448 | 0x8827 : "TRCIMSPEC4", # 10 001 0000 0100 111 449 | 0x882f : "TRCIMSPEC5", # 10 001 0000 0101 111 450 | 0x8837 : "TRCIMSPEC6", # 10 001 0000 0110 111 451 | 0x883f : "TRCIMSPEC7", # 10 001 0000 0111 111 452 | 0x8890 : "TRCRSCTLR2", # 10 001 0001 0010 000 453 | 0x8898 : "TRCRSCTLR3", # 10 001 0001 0011 000 454 | 0x88a0 : "TRCRSCTLR4", # 10 001 0001 0100 000 455 | 0x88a8 : "TRCRSCTLR5", # 10 001 0001 0101 000 456 | 0x88b0 : "TRCRSCTLR6", # 10 001 0001 0110 000 457 | 0x88b8 : "TRCRSCTLR7", # 10 001 0001 0111 000 458 | 0x88c0 : "TRCRSCTLR8", # 10 001 0001 1000 000 459 | 0x88c8 : "TRCRSCTLR9", # 10 001 0001 1001 000 460 | 0x88d0 : "TRCRSCTLR10", # 10 001 0001 1010 000 461 | 0x88d8 : "TRCRSCTLR11", # 10 001 0001 1011 000 462 | 0x88e0 : "TRCRSCTLR12", # 10 001 0001 1100 000 463 | 0x88e8 : "TRCRSCTLR13", # 10 001 0001 1101 000 464 | 0x88f0 : "TRCRSCTLR14", # 10 001 0001 1110 000 465 | 0x88f8 : "TRCRSCTLR15", # 10 001 0001 1111 000 466 | 0x8881 : "TRCRSCTLR16", # 10 001 0001 0000 001 467 | 0x8889 : "TRCRSCTLR17", # 10 001 0001 0001 001 468 | 0x8891 : "TRCRSCTLR18", # 10 001 0001 0010 001 469 | 0x8899 : "TRCRSCTLR19", # 10 001 0001 0011 001 470 | 0x88a1 : "TRCRSCTLR20", # 10 001 0001 0100 001 471 | 0x88a9 : "TRCRSCTLR21", # 10 001 0001 0101 001 472 | 0x88b1 : "TRCRSCTLR22", # 10 001 0001 0110 001 473 | 0x88b9 : "TRCRSCTLR23", # 10 001 0001 0111 001 474 | 0x88c1 : "TRCRSCTLR24", # 10 001 0001 1000 001 475 | 0x88c9 : "TRCRSCTLR25", # 10 001 0001 1001 001 476 | 0x88d1 : "TRCRSCTLR26", # 10 001 0001 1010 001 477 | 0x88d9 : "TRCRSCTLR27", # 10 001 0001 1011 001 478 | 0x88e1 : "TRCRSCTLR28", # 10 001 0001 1100 001 479 | 0x88e9 : "TRCRSCTLR29", # 10 001 0001 1101 001 480 | 0x88f1 : "TRCRSCTLR30", # 10 001 0001 1110 001 481 | 0x88f9 : "TRCRSCTLR31", # 10 001 0001 1111 001 482 | 0x8882 : "TRCSSCCR0", # 10 001 0001 0000 010 483 | 0x888a : "TRCSSCCR1", # 10 001 0001 0001 010 484 | 0x8892 : "TRCSSCCR2", # 10 001 0001 0010 010 485 | 0x889a : "TRCSSCCR3", # 10 001 0001 0011 010 486 | 0x88a2 : "TRCSSCCR4", # 10 001 0001 0100 010 487 | 0x88aa : "TRCSSCCR5", # 10 001 0001 0101 010 488 | 0x88b2 : "TRCSSCCR6", # 10 001 0001 0110 010 489 | 0x88ba : "TRCSSCCR7", # 10 001 0001 0111 010 490 | 0x88c2 : "TRCSSCSR0", # 10 001 0001 1000 010 491 | 0x88ca : "TRCSSCSR1", # 10 001 0001 1001 010 492 | 0x88d2 : "TRCSSCSR2", # 10 001 0001 1010 010 493 | 0x88da : "TRCSSCSR3", # 10 001 0001 1011 010 494 | 0x88e2 : "TRCSSCSR4", # 10 001 0001 1100 010 495 | 0x88ea : "TRCSSCSR5", # 10 001 0001 1101 010 496 | 0x88f2 : "TRCSSCSR6", # 10 001 0001 1110 010 497 | 0x88fa : "TRCSSCSR7", # 10 001 0001 1111 010 498 | 0x8883 : "TRCSSPCICR0", # 10 001 0001 0000 011 499 | 0x888b : "TRCSSPCICR1", # 10 001 0001 0001 011 500 | 0x8893 : "TRCSSPCICR2", # 10 001 0001 0010 011 501 | 0x889b : "TRCSSPCICR3", # 10 001 0001 0011 011 502 | 0x88a3 : "TRCSSPCICR4", # 10 001 0001 0100 011 503 | 0x88ab : "TRCSSPCICR5", # 10 001 0001 0101 011 504 | 0x88b3 : "TRCSSPCICR6", # 10 001 0001 0110 011 505 | 0x88bb : "TRCSSPCICR7", # 10 001 0001 0111 011 506 | 0x88a4 : "TRCPDCR", # 10 001 0001 0100 100 507 | 0x8900 : "TRCACVR0", # 10 001 0010 0000 000 508 | 0x8910 : "TRCACVR1", # 10 001 0010 0010 000 509 | 0x8920 : "TRCACVR2", # 10 001 0010 0100 000 510 | 0x8930 : "TRCACVR3", # 10 001 0010 0110 000 511 | 0x8940 : "TRCACVR4", # 10 001 0010 1000 000 512 | 0x8950 : "TRCACVR5", # 10 001 0010 1010 000 513 | 0x8960 : "TRCACVR6", # 10 001 0010 1100 000 514 | 0x8970 : "TRCACVR7", # 10 001 0010 1110 000 515 | 0x8901 : "TRCACVR8", # 10 001 0010 0000 001 516 | 0x8911 : "TRCACVR9", # 10 001 0010 0010 001 517 | 0x8921 : "TRCACVR10", # 10 001 0010 0100 001 518 | 0x8931 : "TRCACVR11", # 10 001 0010 0110 001 519 | 0x8941 : "TRCACVR12", # 10 001 0010 1000 001 520 | 0x8951 : "TRCACVR13", # 10 001 0010 1010 001 521 | 0x8961 : "TRCACVR14", # 10 001 0010 1100 001 522 | 0x8971 : "TRCACVR15", # 10 001 0010 1110 001 523 | 0x8902 : "TRCACATR0", # 10 001 0010 0000 010 524 | 0x8912 : "TRCACATR1", # 10 001 0010 0010 010 525 | 0x8922 : "TRCACATR2", # 10 001 0010 0100 010 526 | 0x8932 : "TRCACATR3", # 10 001 0010 0110 010 527 | 0x8942 : "TRCACATR4", # 10 001 0010 1000 010 528 | 0x8952 : "TRCACATR5", # 10 001 0010 1010 010 529 | 0x8962 : "TRCACATR6", # 10 001 0010 1100 010 530 | 0x8972 : "TRCACATR7", # 10 001 0010 1110 010 531 | 0x8903 : "TRCACATR8", # 10 001 0010 0000 011 532 | 0x8913 : "TRCACATR9", # 10 001 0010 0010 011 533 | 0x8923 : "TRCACATR10", # 10 001 0010 0100 011 534 | 0x8933 : "TRCACATR11", # 10 001 0010 0110 011 535 | 0x8943 : "TRCACATR12", # 10 001 0010 1000 011 536 | 0x8953 : "TRCACATR13", # 10 001 0010 1010 011 537 | 0x8963 : "TRCACATR14", # 10 001 0010 1100 011 538 | 0x8973 : "TRCACATR15", # 10 001 0010 1110 011 539 | 0x8904 : "TRCDVCVR0", # 10 001 0010 0000 100 540 | 0x8924 : "TRCDVCVR1", # 10 001 0010 0100 100 541 | 0x8944 : "TRCDVCVR2", # 10 001 0010 1000 100 542 | 0x8964 : "TRCDVCVR3", # 10 001 0010 1100 100 543 | 0x8905 : "TRCDVCVR4", # 10 001 0010 0000 101 544 | 0x8925 : "TRCDVCVR5", # 10 001 0010 0100 101 545 | 0x8945 : "TRCDVCVR6", # 10 001 0010 1000 101 546 | 0x8965 : "TRCDVCVR7", # 10 001 0010 1100 101 547 | 0x8906 : "TRCDVCMR0", # 10 001 0010 0000 110 548 | 0x8926 : "TRCDVCMR1", # 10 001 0010 0100 110 549 | 0x8946 : "TRCDVCMR2", # 10 001 0010 1000 110 550 | 0x8966 : "TRCDVCMR3", # 10 001 0010 1100 110 551 | 0x8907 : "TRCDVCMR4", # 10 001 0010 0000 111 552 | 0x8927 : "TRCDVCMR5", # 10 001 0010 0100 111 553 | 0x8947 : "TRCDVCMR6", # 10 001 0010 1000 111 554 | 0x8967 : "TRCDVCMR7", # 10 001 0010 1100 111 555 | 0x8980 : "TRCCIDCVR0", # 10 001 0011 0000 000 556 | 0x8990 : "TRCCIDCVR1", # 10 001 0011 0010 000 557 | 0x89a0 : "TRCCIDCVR2", # 10 001 0011 0100 000 558 | 0x89b0 : "TRCCIDCVR3", # 10 001 0011 0110 000 559 | 0x89c0 : "TRCCIDCVR4", # 10 001 0011 1000 000 560 | 0x89d0 : "TRCCIDCVR5", # 10 001 0011 1010 000 561 | 0x89e0 : "TRCCIDCVR6", # 10 001 0011 1100 000 562 | 0x89f0 : "TRCCIDCVR7", # 10 001 0011 1110 000 563 | 0x8981 : "TRCVMIDCVR0", # 10 001 0011 0000 001 564 | 0x8991 : "TRCVMIDCVR1", # 10 001 0011 0010 001 565 | 0x89a1 : "TRCVMIDCVR2", # 10 001 0011 0100 001 566 | 0x89b1 : "TRCVMIDCVR3", # 10 001 0011 0110 001 567 | 0x89c1 : "TRCVMIDCVR4", # 10 001 0011 1000 001 568 | 0x89d1 : "TRCVMIDCVR5", # 10 001 0011 1010 001 569 | 0x89e1 : "TRCVMIDCVR6", # 10 001 0011 1100 001 570 | 0x89f1 : "TRCVMIDCVR7", # 10 001 0011 1110 001 571 | 0x8982 : "TRCCIDCCTLR0", # 10 001 0011 0000 010 572 | 0x898a : "TRCCIDCCTLR1", # 10 001 0011 0001 010 573 | 0x8992 : "TRCVMIDCCTLR0", # 10 001 0011 0010 010 574 | 0x899a : "TRCVMIDCCTLR1", # 10 001 0011 0011 010 575 | 0x8b84 : "TRCITCTRL", # 10 001 0111 0000 100 576 | 0x8bc6 : "TRCCLAIMSET", # 10 001 0111 1000 110 577 | 0x8bce : "TRCCLAIMCLR", # 10 001 0111 1001 110 578 | 0xc663 : "ICC_BPR1_EL1", # 11 000 1100 1100 011 579 | 0xc643 : "ICC_BPR0_EL1", # 11 000 1100 1000 011 580 | 0xc230 : "ICC_PMR_EL1", # 11 000 0100 0110 000 581 | 0xc664 : "ICC_CTLR_EL1", # 11 000 1100 1100 100 582 | 0xf664 : "ICC_CTLR_EL3", # 11 110 1100 1100 100 583 | 0xc665 : "ICC_SRE_EL1", # 11 000 1100 1100 101 584 | 0xe64d : "ICC_SRE_EL2", # 11 100 1100 1001 101 585 | 0xf665 : "ICC_SRE_EL3", # 11 110 1100 1100 101 586 | 0xc666 : "ICC_IGRPEN0_EL1", # 11 000 1100 1100 110 587 | 0xc667 : "ICC_IGRPEN1_EL1", # 11 000 1100 1100 111 588 | 0xf667 : "ICC_IGRPEN1_EL3", # 11 110 1100 1100 111 589 | 0xc668 : "ICC_SEIEN_EL1", # 11 000 1100 1101 000 590 | 0xc644 : "ICC_AP0R0_EL1", # 11 000 1100 1000 100 591 | 0xc645 : "ICC_AP0R1_EL1", # 11 000 1100 1000 101 592 | 0xc646 : "ICC_AP0R2_EL1", # 11 000 1100 1000 110 593 | 0xc647 : "ICC_AP0R3_EL1", # 11 000 1100 1000 111 594 | 0xc648 : "ICC_AP1R0_EL1", # 11 000 1100 1001 000 595 | 0xc649 : "ICC_AP1R1_EL1", # 11 000 1100 1001 001 596 | 0xc64a : "ICC_AP1R2_EL1", # 11 000 1100 1001 010 597 | 0xc64b : "ICC_AP1R3_EL1", # 11 000 1100 1001 011 598 | 0xe640 : "ICH_AP0R0_EL2", # 11 100 1100 1000 000 599 | 0xe641 : "ICH_AP0R1_EL2", # 11 100 1100 1000 001 600 | 0xe642 : "ICH_AP0R2_EL2", # 11 100 1100 1000 010 601 | 0xe643 : "ICH_AP0R3_EL2", # 11 100 1100 1000 011 602 | 0xe648 : "ICH_AP1R0_EL2", # 11 100 1100 1001 000 603 | 0xe649 : "ICH_AP1R1_EL2", # 11 100 1100 1001 001 604 | 0xe64a : "ICH_AP1R2_EL2", # 11 100 1100 1001 010 605 | 0xe64b : "ICH_AP1R3_EL2", # 11 100 1100 1001 011 606 | 0xe658 : "ICH_HCR_EL2", # 11 100 1100 1011 000 607 | 0xe65a : "ICH_MISR_EL2", # 11 100 1100 1011 010 608 | 0xe65f : "ICH_VMCR_EL2", # 11 100 1100 1011 111 609 | 0xe64c : "ICH_VSEIR_EL2", # 11 100 1100 1001 100 610 | 0xe660 : "ICH_LR0_EL2", # 11 100 1100 1100 000 611 | 0xe661 : "ICH_LR1_EL2", # 11 100 1100 1100 001 612 | 0xe662 : "ICH_LR2_EL2", # 11 100 1100 1100 010 613 | 0xe663 : "ICH_LR3_EL2", # 11 100 1100 1100 011 614 | 0xe664 : "ICH_LR4_EL2", # 11 100 1100 1100 100 615 | 0xe665 : "ICH_LR5_EL2", # 11 100 1100 1100 101 616 | 0xe666 : "ICH_LR6_EL2", # 11 100 1100 1100 110 617 | 0xe667 : "ICH_LR7_EL2", # 11 100 1100 1100 111 618 | 0xe668 : "ICH_LR8_EL2", # 11 100 1100 1101 000 619 | 0xe669 : "ICH_LR9_EL2", # 11 100 1100 1101 001 620 | 0xe66a : "ICH_LR10_EL2", # 11 100 1100 1101 010 621 | 0xe66b : "ICH_LR11_EL2", # 11 100 1100 1101 011 622 | 0xe66c : "ICH_LR12_EL2", # 11 100 1100 1101 100 623 | 0xe66d : "ICH_LR13_EL2", # 11 100 1100 1101 101 624 | 0xe66e : "ICH_LR14_EL2", # 11 100 1100 1101 110 625 | 0xe66f : "ICH_LR15_EL2", # 11 100 1100 1101 111 626 | 0xff90 : "CPM_IOACC_CTL_EL3" 627 | } 628 | 629 | # generated from https://github.com/gdelugre/ida-arm-system-highlight 630 | regs32 = { 631 | # cpnum Op1 CRn CRm Op2 632 | # 1111 111 1111 1111 111 633 | 0x38000 : "DBGDIDR", 634 | 0x38002 : "DBGDTRRX", 635 | 0x38004 : "DBGBVR0", 636 | 0x38005 : "DBGBCR0", 637 | 0x38006 : "DBGWVR0", 638 | 0x38007 : "DBGWCR0", 639 | 0x38008 : "DBGDSCR", 640 | 0x3800c : "DBGBVR1", 641 | 0x3800d : "DBGBCR1", 642 | 0x3800e : "DBGWVR1", 643 | 0x3800f : "DBGWCR1", 644 | 0x38012 : "DBGDSCR", 645 | 0x38014 : "DBGBVR2", 646 | 0x38015 : "DBGBCR2", 647 | 0x38016 : "DBGWVR2", 648 | 0x38017 : "DBGWCR2", 649 | 0x3801a : "DBGDTRTX", 650 | 0x3801c : "DBGBVR3", 651 | 0x3801d : "DBGBCR3", 652 | 0x3801e : "DBGWVR3", 653 | 0x3801f : "DBGWCR3", 654 | 0x38021 : "DBGBXVR0", 655 | 0x38024 : "DBGBVR4", 656 | 0x38025 : "DBGBCR4", 657 | 0x38028 : "DBGDTRRX", 658 | 0x38029 : "DBGBXVR1", 659 | 0x3802c : "DBGBVR5", 660 | 0x3802d : "DBGBCR5", 661 | 0x38030 : "DBGWFAR", 662 | 0x38038 : "DBGVCR", 663 | 0x38080 : "DBGDRAR", 664 | 0x38084 : "DBGOSLAR", 665 | 0x38084 : "DBGOSLSR", 666 | 0x3809c : "DBGOSDLR", 667 | 0x380a4 : "DBGPRCR", 668 | 0x38100 : "DBGDSAR", 669 | 0x38387 : "DBGDEVID2", 670 | 0x3838f : "DBGDEVID1", 671 | 0x383f6 : "DBGAUTHSTATUS", 672 | 0x38397 : "DBGDEVID", 673 | 0x3c000 : "MIDR", 674 | 0x3c001 : "CTR", 675 | 0x3c002 : "TCMTR", 676 | 0x3c003 : "TLBTR", 677 | 0x3c004 : "MIDR", 678 | 0x3c005 : "MPIDR", 679 | 0x3c006 : "REVIDR", 680 | 0x3c007 : "MIDR", 681 | 0x3c008 : "ID_PFR0", 682 | 0x3c009 : "ID_PFR1", 683 | 0x3c00a : "ID_DFR0", 684 | 0x3c00b : "ID_AFR0", 685 | 0x3c00c : "ID_MMFR0", 686 | 0x3c00d : "ID_MMFR1", 687 | 0x3c00e : "ID_MMFR2", 688 | 0x3c00f : "ID_MMFR3", 689 | 0x3c010 : "ID_ISAR0", 690 | 0x3c011 : "ID_ISAR1", 691 | 0x3c012 : "ID_ISAR2", 692 | 0x3c013 : "ID_ISAR3", 693 | 0x3c014 : "ID_ISAR4", 694 | 0x3c015 : "ID_ISAR5", 695 | 0x3c800 : "CCSIDR", 696 | 0x3c801 : "CLIDR", 697 | 0x3c807 : "AIDR", 698 | 0x3d000 : "CCSELR", 699 | 0x3e000 : "VPIDR", 700 | 0x3e005 : "VMPIDR", 701 | 0x3c080 : "SCTLR", 702 | 0x3c081 : "ACTLR", 703 | 0x3c082 : "CPACR", 704 | 0x3c088 : "SCR", 705 | 0x3c089 : "SDER", 706 | 0x3c08a : "NSACR", 707 | 0x3e080 : "HSCTLR", 708 | 0x3e081 : "HACTLR", 709 | 0x3e088 : "HCR", 710 | 0x3e089 : "HDCR", 711 | 0x3e08a : "HCPTR", 712 | 0x3e08b : "HSTR", 713 | 0x3e08f : "HACR", 714 | 0x3c510 : "MAIR0", 715 | 0x3c511 : "MAIR1", 716 | 0x3c518 : "AMAIR0", 717 | 0x3c519 : "AMAIR1", 718 | 0x3e510 : "HMAIR0", 719 | 0x3e511 : "HMAIR1", 720 | 0x3e518 : "HAMAIR0", 721 | 0x3e519 : "HAMAIR1", 722 | 0x3c600 : "VBAR", 723 | 0x3c601 : "MVBAR", 724 | 0x3c608 : "ISR", 725 | 0x3e600 : "HVBAR", 726 | 0x3c680 : "FCSEIDR", 727 | 0x3c681 : "CONTEXTIDR", 728 | 0x3c682 : "TPIDRURW", 729 | 0x3c683 : "TPIDRURO", 730 | 0x3c684 : "TPIDRPRW", 731 | 0x3e682 : "HTPIDR", 732 | 0x3c700 : "CNTFRQ", 733 | 0x3c780 : "IL1Data0", 734 | 0x3c781 : "IL1Data1", 735 | 0x3c782 : "IL1Data2", 736 | 0x3c788 : "DL1Data0", 737 | 0x3c789 : "DL1Data1", 738 | 0x3c78a : "DL1Data2", 739 | 0x3c7e1 : "CCNT", 740 | 0x3c7e2 : "PMN0", 741 | 0x3c7e3 : "PMN1", 742 | 0x3c7a0 : "RAMINDEX", 743 | 0x3cf80 : "L2ACTLR", 744 | 0x3cf83 : "L2FPR", 745 | 0x3e780 : "CBAR", 746 | 0x3c100 : "TTBR0", 747 | 0x3c101 : "TTBR1", 748 | 0x3e102 : "HTCR", 749 | 0x3e10a : "VTCR", 750 | 0x3c180 : "DACR", 751 | 0x3c280 : "DFSR", 752 | 0x3c281 : "IFSR", 753 | 0x3c288 : "ADFSR", 754 | 0x3c288 : "AIFSR", 755 | 0x3e288 : "HADFSR", 756 | 0x3e289 : "HAIFSR", 757 | 0x3e290 : "HSR", 758 | 0x3c300 : "DFAR", 759 | 0x3c302 : "IFAR", 760 | 0x3e300 : "HDFAR", 761 | 0x3e302 : "HIFAR", 762 | 0x3e304 : "HPFAR", 763 | 0x3c384 : "NOP", 764 | 0x3c388 : "ICIALLUIS", 765 | 0x3c38e : "BPIALLIS", 766 | 0x3c3d1 : "DCCMVAC", 767 | 0x3c3d2 : "DCCSW", 768 | 0x3c3d4 : "CP15DSB", 769 | 0x3c3d5 : "CP15DMB", 770 | 0x3c3d9 : "DCCMVAU", 771 | 0x3c3e9 : "NOP", 772 | 0x3c3f1 : "DCCIMVAC", 773 | 0x3c3f2 : "DCCISW", 774 | 0x3c3a0 : "PAR", 775 | 0x3c3a8 : "ICIALLU", 776 | 0x3c3a9 : "ICIMVAU", 777 | 0x3c3ac : "CP15ISB", 778 | 0x3c3ae : "BPIALL", 779 | 0x3c3af : "BPIMVA", 780 | 0x3c3b1 : "DCIMVAC", 781 | 0x3c3b2 : "DCISW", 782 | 0x3c3c0 : "ATS1CPR", 783 | 0x3c3c1 : "ATS1CPW", 784 | 0x3c3c2 : "ATS1CUR", 785 | 0x3c3c3 : "ATS1CUW", 786 | 0x3c3c4 : "ATS12NSOPR", 787 | 0x3c3c5 : "ATS12NSOPW", 788 | 0x3c3c6 : "ATS12NSOUR", 789 | 0x3c3c7 : "ATS12NSOUW", 790 | 0x3e3c0 : "ATS1HR", 791 | 0x3e3c1 : "ATS1HR", 792 | 0x3c418 : "TLBIALLIS", 793 | 0x3c419 : "TLBIMVAIS", 794 | 0x3c41a : "TLBIASIDIS", 795 | 0x3c41b : "TLBIMVAAIS", 796 | 0x3c428 : "ITLBIALL", 797 | 0x3c429 : "ITLBIMVA", 798 | 0x3c42a : "ITLBIASID", 799 | 0x3c430 : "DTLBIALL", 800 | 0x3c431 : "DTLBIMVA", 801 | 0x3c432 : "DTLBIASID", 802 | 0x3c438 : "TLBIALL", 803 | 0x3c439 : "TLBIMVA", 804 | 0x3c43a : "TLBIASID", 805 | 0x3c43b : "TLBIMVAA", 806 | 0x3e418 : "TLBIALLHIS", 807 | 0x3e419 : "TLBIMVAHIS", 808 | 0x3e41c : "TLBIALLNSNHIS", 809 | 0x3e438 : "TLBIALLH", 810 | 0x3e439 : "TLBIMVAH", 811 | 0x3e43c : "TLBIALLNSNH", 812 | 0x3c4e0 : "PMCR", 813 | 0x3c4e1 : "PMNCNTENSET", 814 | 0x3c4e2 : "PMNCNTENCLR", 815 | 0x3c4e3 : "PMOVSR", 816 | 0x3c4e4 : "PMSWINC", 817 | 0x3c4e5 : "PMSELR", 818 | 0x3c4e6 : "PMCEID0", 819 | 0x3c4e7 : "PMCEID1", 820 | 0x3c4e8 : "PMCCNTR", 821 | 0x3c4e9 : "PMXEVTYPER", 822 | 0x3c4ea : "PMXEVCNTR", 823 | 0x3c4f0 : "PMUSERENR", 824 | 0x3c4f1 : "PMINTENSET", 825 | 0x3c4f2 : "PMINTENCLR", 826 | 0x3c4f3 : "PMOVSSET", 827 | 0x3cc82 : "L2CTLR", 828 | 0x3cc83 : "L2ECTLR", 829 | } 830 | 831 | shifts = [ 14, 11, 7, 3, 0 ] 832 | shiftz = [ 14, 11, -1, 7, 3, 0 ] 833 | 834 | inttype = None 835 | myenum64 = None 836 | myenum32 = None 837 | 838 | class cblock_visitor_t(idaapi.ctree_visitor_t): 839 | def __init__(self): 840 | idaapi.ctree_visitor_t.__init__(self, idaapi.CV_FAST) 841 | return 842 | 843 | def visit_expr(self, expr): 844 | try: 845 | if expr.op == idaapi.cot_call and expr.x.op == idaapi.cot_helper: 846 | #print idaapi.tag_remove(expr.x.print1(None)) 847 | if expr.x.helper == "ARM64_SYSREG" and len(expr.a) == 5: # and idaapi.getseg(expr.ea).use64(): 848 | reg = 0 849 | for j, i in enumerate(expr.a): 850 | if i.type != inttype: 851 | break 852 | #print i.n.value(i.type) 853 | reg = reg | (i.numval() << shifts[j]) 854 | else: 855 | if reg in regs64.keys(): 856 | # apparently, we cannot change the name 857 | # so remove all params but the first one, 858 | # make it symbolic, and set its value accordingly 859 | while len(expr.a) > 1: 860 | expr.a.pop_back() 861 | expr.a[0].n.nf.flags = idaapi.enumflag() 862 | expr.a[0].n.nf.serial = 0 863 | expr.a[0].n.nf.type_name = self.mkenu64() 864 | expr.a[0].n._value = reg 865 | #print "ok" 866 | if expr.x.helper == "__mrc" and len(expr.a) == 5: # and not idaapi.getseg(expr.ea).use64(): 867 | reg = 0 868 | for j, i in enumerate(expr.a): 869 | if i.type != inttype: 870 | break 871 | reg = reg | (i.numval() << shifts[j]) 872 | else: 873 | if reg in regs32.keys(): 874 | while len(expr.a) > 1: 875 | expr.a.pop_back() 876 | expr.a[0].n.nf.flags = idaapi.enumflag() 877 | expr.a[0].n.nf.serial = 0 878 | expr.a[0].n.nf.type_name = self.mkenu32() 879 | expr.a[0].n._value = reg 880 | if expr.x.helper == "__mcr" and len(expr.a) == 6: # and not idaapi.getseg(expr.ea).use64(): 881 | reg = 0 882 | for j, i in enumerate(expr.a): 883 | if shiftz[j] < 0: 884 | continue 885 | if i.type != inttype: 886 | break 887 | reg = reg | (i.numval() << shiftz[j]) 888 | else: 889 | if reg in regs32.keys(): 890 | while len(expr.a) > 3: 891 | expr.a.pop_back() 892 | expr.a[1] = expr.a[2] 893 | expr.a.pop_back() 894 | expr.a[0].n.nf.flags = idaapi.enumflag() 895 | expr.a[0].n.nf.serial = 0 896 | expr.a[0].n.nf.type_name = self.mkenu32() 897 | expr.a[0].n._value = reg 898 | except: 899 | traceback.print_exc() 900 | return 0 901 | 902 | def mkenu64(self): 903 | global myenum64 904 | if myenum64 is None: 905 | myenum64 = "ARM64_SYSREG_aenum" 906 | enu = idaapi.add_enum(0, myenum64, 0) 907 | for i in regs64.keys(): 908 | idaapi.add_enum_member(enu, regs64[i], i) 909 | return myenum64 910 | 911 | def mkenu32(self): 912 | global myenum32 913 | if myenum32 is None: 914 | myenum32 = "ARM32_SYSREG_aenum" 915 | enu = idaapi.add_enum(0, myenum32, 0) 916 | for i in regs32.keys(): 917 | idaapi.add_enum_member(enu, regs32[i], i) 918 | return myenum32 919 | 920 | class hexrays_callback_info(object): 921 | def __init__(self): 922 | return 923 | 924 | def event_callback(self, event, *args): 925 | try: 926 | if event == idaapi.hxe_maturity: 927 | cfunc, maturity = args 928 | if maturity == idaapi.CMAT_BUILT: 929 | cbv = cblock_visitor_t() 930 | cbv.apply_to(cfunc.body, None) 931 | except: 932 | traceback.print_exc() 933 | return 0 934 | 935 | def remove(): 936 | if hexnight_cb: 937 | idaapi.remove_hexrays_callback(hexnight_cb) 938 | 939 | class HexHNightPlugin_t(idaapi.plugin_t): 940 | flags = idaapi.PLUGIN_HIDE 941 | comment = "show symbolic names for ARM sysregs in Pseudocode-View" 942 | help = "Runs transparently" 943 | wanted_name = "HexNight" 944 | wanted_hotkey = "" 945 | 946 | def init(self): 947 | # Some initialization 948 | global hexnight_cb_info, hexnight_cb, inttype 949 | 950 | if idaapi.init_hexrays_plugin() and idaapi.ph_get_id() == idaapi.PLFM_ARM: 951 | inttype = idaapi.get_int_type_by_width_and_sign(4, True) 952 | hexnight_cb_info = hexrays_callback_info() 953 | hexnight_cb = hexnight_cb_info.event_callback 954 | if idaapi.install_hexrays_callback(hexnight_cb): 955 | print "Hexnight plugin installed" 956 | addon = idaapi.addon_info_t(); 957 | addon.id = "org.xerub.hexnight"; 958 | addon.name = "Hexnight"; 959 | addon.producer = "xerub"; 960 | addon.url = "https://twitter.com/xerub"; 961 | addon.version = "6.95"; 962 | idaapi.register_addon( addon ); 963 | return idaapi.PLUGIN_KEEP 964 | print "Hexnight plugin failed" 965 | return idaapi.PLUGIN_SKIP 966 | 967 | def run(self, arg=0): 968 | return 969 | 970 | def term(self): 971 | remove() 972 | 973 | def PLUGIN_ENTRY(): 974 | return HexHNightPlugin_t() 975 | --------------------------------------------------------------------------------