Opdis 1.3.0

data/module/Opdis.h

@@ -0,0 +1,89 @@
+/* Opdis.h
+ * Copyright 2010 Thoughtgang <http://www.thoughtgang.org>
+ * Written by TG Community Developers <community@thoughtgang.org>
+ * Released under the GNU Public License, version 3.
+ * See http://www.gnu.org/licenses/gpl.txt for details.
+ */
+
+#ifndef OPDIS_RB_OPDIS_H
+#define OPDIS_RB_OPDIS_H
+
+/* method names */
+#define DIS_METHOD_DISASM "ext_disassemble"
+#define DIS_METHOD_usage "ext_usage"
+
+/* attribute names */
+#define DIS_ATTR_DECODER "insn_decoder"
+#define DIS_ATTR_HANDLER "addr_tracker"
+#define DIS_ATTR_RESOLVER "resolver"
+#define DIS_ATTR_DEBUG "debug"
+#define DIS_ATTR_SYNTAX "syntax"
+#define DIS_ATTR_ARCH "arch"
+#define DIS_ATTR_OPTS "opcodes_options"
+
+/* argument (hash) names */
+#define DIS_ARG_DECODER DIS_ATTR_DECODER 
+#define DIS_ARG_HANDLER DIS_ATTR_HANDLER
+#define DIS_ARG_RESOLVER DIS_ATTR_RESOLVER
+#define DIS_ARG_SYNTAX "syntax"
+#define DIS_ARG_DEBUG "debug"
+#define DIS_ARG_OPTIONS "options"
+#define DIS_ARG_STRATEGY "strategy"
+#define DIS_ARG_ARCH "arch"
+#define DIS_ARG_VMA "vma"
+#define DIS_ARG_OFFSET "offset"
+#define DIS_ARG_LEN "length"
+#define DIS_ARG_BUFVMA "buffer_vma"
+
+/* constants */
+#define DIS_ERR_BOUNDS_NAME "ERROR_BOUNDS"
+#define DIS_ERR_BOUNDS "Bounds exceeded"
+#define DIS_ERR_INVALID_NAME "ERROR_INVALID_INSN"
+#define DIS_ERR_INVALID "Invalid instruction"
+#define DIS_ERR_DECODE_NAME "ERROR_DECODE_INSN"
+#define DIS_ERR_DECODE "Decoder error"
+#define DIS_ERR_BFD_NAME "ERROR_BFD"
+#define DIS_ERR_BFD "Bfd error"
+#define DIS_ERR_MAX_NAME "ERROR_MAX_ITEMS"
+#define DIS_ERR_MAX "Max insn items error"
+#define DIS_ERR_UNK "Unknown error"
+
+#define DIS_STRAT_SINGLE_NAME "STRATEGY_SINGLE"
+#define DIS_STRAT_SINGLE "single-instruction"
+#define DIS_STRAT_LINEAR_NAME "STRATEGY_LINEAR"
+#define DIS_STRAT_LINEAR "linear"
+#define DIS_STRAT_CFLOW_NAME "STRATEGY_CFLOW"
+#define DIS_STRAT_CFLOW "control-flow"
+#define DIS_STRAT_SYMBOL_NAME "STRATEGY_SYMBOL"
+#define DIS_STRAT_SYMBOL "bfd-symbol"
+#define DIS_STRAT_SECTION_NAME "STRATEGY_SECTION"
+#define DIS_STRAT_SECTION "bfd-section"
+#define DIS_STRAT_ENTRY_NAME "STRATEGY_ENTRY"
+#define DIS_STRAT_ENTRY "bfd-entry"
+
+#define DIS_CONST_STRATEGIES "STRATEGIES"
+
+#define DIS_CONST_ARCHES "architectures"
+
+#define DIS_SYNTAX_ATT "att"
+#define DIS_SYNTAX_INTEL "intel"
+
+#define DIS_CONST_SYNTAXES "SYNTAXES"
+
+/* Output */
+
+#define OUT_ATTR_ERRORS "errors"
+#define OUT_METHOD_CONTAIN "containing"
+
+/* BFD */
+#define BFD_TGT_PATH "Bfd::Target"
+#define BFD_SEC_PATH "Bfd::Section"
+#define BFD_SYM_PATH "Bfd::Symbol"
+
+#define OPDIS_MODULE_NAME "Opdis"
+#define OPDIS_DISASM_CLASS_NAME "Disassembler"
+#define OPDIS_OUTPUT_CLASS_NAME "Disassembly"
+
+void Init_OpdisExt();
+
+#endif

data/module/extconf.rb

@@ -0,0 +1,126 @@
+#!/usr/bin/env ruby1.9
+# Opdis Ruby extension config file
+# Copyright 2010 Thoughtgang <http://www.thoughtgang.org>
+# Options:
+#   --with-bfd-dir=path_to_binutils_install_base (/usr)
+#   --with-bfd-include=path_to_bfd.h (/usr/include)
+#   --with-bfd-lib=path_to_libbfd.so (/usr/lib)
+#   --with-opcodes-dir=path_to_binutils_install_base (/usr)
+#   --with-opcodes-include=path_to_dis-asm.h (/usr/include)
+#   --with-opcodes-lib=path_to_libopcodes.so (/usr/lib)
+#   --with-opdis-dir=path_to_opdis_install_base (/usr/local)
+#   --with-opdis-include=path_to_opdis_include_dir (/usr/local/include)
+#   --with-opdis-lib=path_to_libopdis.so (/usr/local/lib)
+#   --with-opdis=path_to_opdis_source_tree
+#   --with-objdump=path_to_objdump_binary (objdump)
+# See README for more info.
+
+require 'mkmf'
+
+def require_header(name)
+  have_header(name) or raise "Missing header file #{name}"
+end
+
+def require_library(name, func) 
+  have_library(name, func) or raise "Missing library #{name}"
+end
+
+def require_opdis_header(name, opdis_base)
+  return require_header(name) if not opdis_base
+
+  dirs = [opdis_base, opdis_base + "/opdis", opdis_base + "/include"]
+  find_header(name, *dirs) or raise "#{name} not found in #{dirs}"
+end
+
+def require_opdis_library(name, func, opdis_base)
+  return require_library(name, func) if not opdis_base
+
+  dirs = [opdis_base, opdis_base + "/lib", opdis_base + '/dist',
+          opdis_base + '/dist/.libs']
+  find_library(name, func, *dirs) or raise "#{name} not found in #{dirs}"
+end
+
+# ----------------------------------------------------------------------
+# BFD
+
+# allow user to specify specific binutils distro
+dir_config('binutils')
+
+require_header('bfd.h')
+require_library('bfd', 'bfd_init')
+
+# ----------------------------------------------------------------------
+# OPCODES
+
+# allow user to override libopcodes
+dir_config('opcodes')
+
+require_header('dis-asm.h')
+require_library('opcodes', 'init_disassemble_info')
+
+# ----------------------------------------------------------------------
+# OPDIS
+
+dir_config('opdis')
+
+# allow pointing to source code repo
+opdis_base=with_config('opdis')
+
+require_opdis_header('opdis/opdis.h', opdis_base)
+require_opdis_header('opdis/model.h', opdis_base)
+require_opdis_header('opdis/metadata.h', opdis_base)
+require_opdis_library('opdis', 'opdis_init', opdis_base)
+
+# ----------------------------------------------------------------------
+# Architectures supported by binutils
+# These have to be specified on the command line, as binutils does not
+# provide any clue as to which architectures it has been compiled for
+# on the local machine.
+# NOTE: These were compiled from the list of architectures in bfd.h .
+
+  ARCH= %w[ m32c alpha arc arm avr bfin cr16 cris crx d10v d30v
+            dlx h8300 h8500 hppa i370 i386 i860 i960 ia64 ip2k fr30
+            lm32 m32r m68k m88k maxq mt microblaze msp430 ns32k mcore
+            mep mips mmix mn10200 mn10300 openrisc or32 pdp11 pj
+            powerpc rs6000 s390 score sh sparc spu tic30 tic4x tic54x
+            tic80 v850 w65 xstormy16 xc16x xtensa z80 z8k vax frv
+            moxie iq2000 m32c ]
+
+# Define all architecture options
+ARCH.each { |a| with_config( "ARCH_#{a.upcase}" ) }
+
+# ----------------------------------------------------------------------
+# Detect architectures supported locally
+
+SEEN_ARCH = []
+def handle_bfd_arch( line )
+  arch = line.strip
+  if ARCH.include?(arch) and not SEEN_ARCH.include?(arch)
+    puts "Adding architecture '#{arch}'"
+    SEEN_ARCH << arch
+    $CPPFLAGS += " -DARCH_#{arch.upcase}"
+  end
+end
+
+# allow user to override the objump binary using --with-objdump=path
+objdump_bin = with_config('objdump', 'objdump')
+
+# use objdump -i to get supported architectures
+`#{objdump_bin} -i`.split("\n").each { |line| handle_bfd_arch(line) }
+
+# default to i386 if objdump failed to run or no architectures were found
+$CPPFLAGS += " -DARCH_I386" if SEEN_ARCH.length == 0
+
+# ----------------------------------------------------------------------
+# Compatibility flags
+
+if RUBY_VERSION =~ /1.8/ then
+        $CPPFLAGS += " -DRUBY_18"
+elsif RUBY_VERSION =~ /1.9/ then
+        $CPPFLAGS += " -DRUBY_19"
+end
+
+# ----------------------------------------------------------------------
+# Makefile
+
+create_makefile('OpdisExt')

data/module/rdoc_input/Callbacks.rb

@@ -0,0 +1,143 @@
+#!/usr/bin/env ruby1.9
+# :title: Opdis::Callbacks
+=begin rdoc
+=Opdis Callbacks
+<i>Copyright 2010 Thoughtgang <http://www.thoughtgang.org></i>
+
+= Opdis Callback Routines
+
+== Summary
+
+libopdis uses callback functions to override its default behavior. The
+OpdisExt extension provides stubs that allow Ruby objects to be used
+for these callbacks.
+
+== Contact
+Support:: community@thoughtgang.org
+Project:: http://rubyforge.org/projects/opdis/ 
+=end
+
+module Opdis
+
+# ----------------------------------------------------------------------
+=begin rdoc
+An object responsible for filling an Opdis::Instruction object based on the
+output of libopcodes.
+=end
+  class InstructionDecoder
+
+=begin rdoc
+Fill an Opdis::Instruction object based on the information supplied by
+libopcodes.
+
+The <i>insn</i> argument is an Opdis::Instruction object to be filled by this 
+method. Depending on the InstructionDecoder object, it may have been 
+partially filled by a previous Decoder (e.g. the GenericDecoder and one of the
+X86Decoders).
+
+The <i>hash</i> argument contains the output of libopcodes and has the following
+members:
+
+:vma:: The virtual memory address of the instruction.
+:offset:: The offset of the instruction into the target buffer.
+:size:: The size of the instruction in bytes.
+:buffer:: An array containing the bytes in the instruction.
+:items:: An array of the instruction strings generated by libopcodes.
+:raw_insn:: The complete instruction string (ASCII_ as generated by libopcodes. 
+:branch_delay:: The number of instructions that will execute before the branch
+takes effect. 
+This is not always set by libopcodes.
+:data_size:: The size of the data reference in the instruction. 
+This is not always set by libopcodes.
+:type:: The type of the instruction (e.g. non-branch, branch type, etc).
+This is not always set by libopcodes.
+:target:: The target address of a branch or dereference.
+This is not always set by libopcodes.
+:target2:: The second target address of a branch or dereference.
+This is not always set by libopcodes.
+
+InstructionDecoder#decode will invoke opdis_default_decoder to fill
+architecture-independent members such as Instruction#vma and Instruction#ascii.
+
+This method must return success or failure. Failure will result in an 
+error message being added to Disassembly.errors.
+=end
+    def decode( insn, hash )
+      true
+    end
+
+  end
+
+# ----------------------------------------------------------------------
+=begin rdoc
+A decoder for disassembled AT&T syntax x86 instructions.
+=end
+  class X86Decoder < InstructionDecoder
+
+=begin rdoc
+See InstructionDecoder#decode.
+This will invoke opdis default x86 decoder with AT&T syntax.
+=end
+    def decode( insn, hash )
+      true
+    end
+
+  end
+
+# ----------------------------------------------------------------------
+=begin rdoc
+A decoder for disassembled Intel syntax x86 instructions.
+=end
+  class X86IntelDecoder < InstructionDecoder
+
+=begin rdoc
+See InstructionDecoder#decode.
+This will invoke opdis default x86 decoder with Intel syntax.
+=end
+    def decode( insn, hash )
+      true
+    end
+
+  end
+
+# ----------------------------------------------------------------------
+=begin rdoc
+An object for determining whether an address has been encountered.
+
+This is used to prevent endless loops in control-flow analysis.
+=end
+  class VisitedAddressTracker
+
+=begin rdoc
+Return <i>true</i> if the address at Instruction.vma has been encountered,
+false otherwise.
+
+VisitedAddressTracker#visited? will invoke the Opdis default visited address 
+handler, which uses an AVL tree to store visited addresses.
+=end
+    def visited?( insn )
+    end
+
+  end
+
+# ----------------------------------------------------------------------
+=begin rdoc
+An object for determine the VMA referred to by the target operand of a
+branch instruction, if possible.
+=end
+  class AddressResolver
+
+=begin rdoc
+Return the VMA (e.g. the contents of a register, or the contents pointed
+to by an address expression) for the target operand of the instruction. 
+Return <i>nil</i> if there is no target operand, or the operand VMA cannot
+be determined.
+
+AddressResolver#resolve will invoke the default Opdis resolver, which returns 
+<i>nil</i> regardless of operand value.
+=end
+    def resolve( insn )
+    end
+
+  end
+end

data/module/rdoc_input/Model.rb

@@ -0,0 +1,636 @@
+#!/usr/bin/env ruby1.9
+# :title: Opdis::DataModel
+=begin rdoc
+=Opdis Data Model
+<i>Copyright 2010 Thoughtgang <http://www.thoughtgang.org></i>
+
+= Opdis Data Model
+
+== Summary
+
+The Opdis data model provides a representation for Instruction and Opdis
+objects that supports more sophisticated analyses than simple string
+compares. The original strings produced by libopcodes are also made
+available for 'raw' processing.
+
+==Contact
+Support:: community@thoughtgang.org
+Project:: http://rubyforge.org/projects/opdis/ 
+=end
+
+
+module Opdis
+
+=begin rdoc
+A disassembled instruction.
+
+The Instruction object contains information which may not be made available by
+the decoder. The libopcodes disassembler generates a list of ASCII strings
+which the decoder converts to Instruction objects. The generic decoder
+(see InstructionDecoder) fills the <i>status</i>, <i>vma</i>, <i>size</i>, 
+<i>bytes</i>, and <i>ascii</i> members.
+
+Use the <i>status</i> member to determine how much information the decoder
+was able to produce. DECODE_BASIC indicates that the generic decoder has
+filled the fields mentioned above. DECODE MNEMONIC and DECODE_OPERANDS
+indicate that the decoder has successfully identified the mnemonic and
+the operands of the instruction, respectively; this means that the
+<i>prefixes</i>, <i>mnemonic</i>, <i>operands</i>, <i>srce</i>, <i>dest</i>,
+and <i>target</i> members have been filled, though the Operand objects in
+<i>operands</i> will only have their <i>ascii</i> member filled. 
+DECODE_MNEMONIC_FLAGS and DECODE_OPERAND_FLAGS indicate that instruction
+and operand metadata have been filled.
+=end
+  class Instruction
+
+=begin rdoc
+The decoding status of an instruction. This will be DECODE_INVALID or any
+combination of DECODE_BASIC, DECODE_MNEMONIC, DECODE_OPERANDS,
+DECODE_MNEMONIC_FLAGS, and DECODE_OPERAND_FLAGS -- depending on how much
+work the instruction decoder performed successfully.
+=end
+    attr_accessor :status
+
+=begin rdoc
+Virtual Memory Address. The in-memory address of the instruction.
+=end
+    attr_reader :vma
+
+=begin rdoc
+The size of the instruction in bytes.
+=end
+    attr_reader :size
+
+=begin rdoc
+An array containing the bytes of the instruction.
+=end
+    attr_reader :bytes
+
+=begin rdoc
+The target operand of a branch instruction, or <i>nil</i>.
+=end
+    attr_reader :target
+
+=begin rdoc
+The destination (write) operand of an instruction, or <i>nil</i>.
+=end
+    attr_reader :dest
+
+=begin rdoc
+The first source (read) operand of an instruction, or <i>nil</i>.
+=end
+    attr_reader :src
+
+=begin rdoc
+The category or high-level type of the instruction. This will be one of
+CAT_CFLOW, CAT_STACK, CAT_LOADSTORE, CAT_TEST, CAT_MATH, CAT_BIT, CAT_IO,
+CAT_TRAP, CAT_PRIV, CAT_NOP, or <i>nil</i> if the instruction category is
+unknown.
+=end
+    attr_accessor :category
+
+=begin rdoc
+The category-specific flags for the instruction. This is generally used
+to encode a specific instruction type, e.g. FLG_JMP for an unconditional
+jump instruction, or FLG_POP for a stack pop instruction.
+=end
+    attr_reader :flags
+
+=begin rdoc
+The Instruction Set Architecture of the instruction. This is a subset of the
+full CPU architecture ISA. 
+    ISA_GEN, ISA_FPU, ISA_GPU, ISA_SIMD, ISA_VM
+=end
+    attr_accessor :isa
+
+=begin rdoc
+Array of instruction prefix strings.
+=end
+    attr_reader :prefixes
+
+=begin rdoc
+Array of Opdis::Operand objects..
+=end
+    attr_reader :operands
+
+=begin rdoc
+Instruction mnemonic string.
+=end
+    attr_accessor :mnemonic
+
+=begin rdoc
+Comment string generated by libopcodes.
+=end
+    attr_accessor :comment
+
+=begin rdoc
+Invalid instruction.
+=end
+    DECODE_INVALID='invalid'
+=begin rdoc
+Basic instruction decoding has been performed. This means that the <i>vma</i>,
+<i>size</i>, <i>bytes</i>, and <i>ascii</i> members are valid.
+=end
+    DECODE_BASIC='basic'
+=begin rdoc
+Instruction mnemonic has been decoded. This means that the <i>prefixes</i> and
+<i>mnemonic</i> members are valid.
+=end
+    DECODE_MNEMONIC='mnemonic'
+=begin rdoc
+Basic operand decoding has been performed. This means that the <i>src</i>,
+<i>dest</i>, and <i>target</i> members are valid. The <i>operands</i> valid
+has been filled with Operand objects whose <i>ascii</i> member is valid.
+=end
+    DECODE_OPERANDS='operands'
+=begin rdoc
+Instruction metadata has been decoded. This means that the Instruction
+<i>isa</i>, <i>category</i>, and <i>flags</i> members are valid.
+=end
+    DECODE_MNEMONIC_FLAGS='mnemonic flags'
+=begin rdoc
+Operand metadata has been decoded. This means that the <i>operands</i> field
+is filled with objects derived from Operand, whose members are all valid.
+=end
+    DECODE_OPERAND_FLAGS='operand flags'
+
+=begin rdoc
+General-purpose instruction set. The default ISA for all instructions.
+=end
+    ISA_GEN='general'
+=begin rdoc
+Floating-point instruction set.
+=end
+    ISA_FPU='fpu'
+=begin rdoc
+Graphics card instruction set.
+=end
+    ISA_GPU='gpu'
+=begin rdoc
+SIMD (single instruction, multiple data) instruction set. Examples include
+MMX, SSE, SSE2, SSE3, Altivec, and 3DNow! instructions.
+=end
+    ISA_SIMD='simd'
+=begin rdoc
+Virtual Machine or virtualization (hypervisor) extensions.
+=end
+    ISA_VM='vm'
+    
+=begin rdoc
+Unrecognized instruction.
+=end
+    CAT_UNKNOWN='unknown'
+=begin rdoc
+Control flow (jump, call, return) instruction.
+=end
+    CAT_CFLOW='control-flow'
+=begin rdoc
+Stack manipulation (push, pop) instruction.
+=end
+    CAT_STACK='stack'
+=begin rdoc
+Load/store (move) instruction.
+=end
+    CAT_LOADSTORE='load/store'
+=begin rdoc
+Test or compare instruction.
+=end
+    CAT_TEST='test'
+=begin rdoc
+Mathematical (add, sub, mul, etc) instruction.
+=end
+    CAT_MATH='mathematic'
+=begin rdoc
+Logical (and, or, xor, not, etc) instruction.
+=end
+    CAT_BIT='bitwise'
+=begin rdoc
+Input/output (i.e. port read/write) instruction.
+=end
+    CAT_IO='i/o'
+=begin rdoc
+Trap or interrupt instruction.
+=end
+    CAT_TRAP='trap'
+=begin rdoc
+Privileged (ring0) or system management instruction.
+=end
+    CAT_PRIV='privileged'
+=begin rdoc
+No-operation instruction.
+=end
+    CAT_NOP='no-op'
+
+=begin rdoc
+Call a procedure.
+=end
+    FLG_CALL='call'
+=begin rdoc
+Conditionally call a procedure.
+=end
+    FLG_CALLCC='conditional call'
+=begin rdoc
+Jump to an address.
+=end
+    FLG_JMP='jump'
+=begin rdoc
+Conditionally jump to an address.
+=end
+    FLG_JMPCC='conditional jump'
+=begin rdoc
+Return from a procedure.
+=end
+    FLG_RET='return'
+=begin rdoc
+Push onto the stack.
+=end
+    FLG_PUSH='push'
+=begin rdoc
+Pop from the stack.
+=end
+    FLG_POP='pop'
+=begin rdoc
+Enter a stack frame.
+=end
+    FLG_FRAME='enter frame'
+=begin rdoc
+Leave a stack frame.
+=end
+    FLG_UNFRAME='leave frame'
+=begin rdoc
+Logical AND operation.
+=end
+    FLG_AND='bitwise and'
+=begin rdoc
+Lofical OR operation.
+=end
+    FLG_OR='bitwise or'
+=begin rdoc
+Logical XOR operation.
+=end
+    FLG_XOR='bitwise xor'
+=begin rdoc
+Logical NOT operation.
+=end
+    FLG_NOT='bitwise not'
+=begin rdoc
+Logical (no carry) shift left.
+=end
+    FLG_LSL='logical shift left'
+=begin rdoc
+Logical (no carry) shift right.
+=end
+    FLG_LSR='logical shift right'
+=begin rdoc
+Arithmetic (with carry) shift left.
+=end
+    FLG_ASL='arithmetic shift left'
+=begin rdoc
+Arithmetic (with carry) shift right.
+=end
+    FLG_ASR='arithmetic shift right'
+=begin rdoc
+Logical (no carry) rotate left.
+=end
+    FLG_ROL='rotate left'
+=begin rdoc
+Logical (no carry) rotate right.
+=end
+    FLG_ROR='rotate right'
+=begin rdoc
+Arithmetic (with carry) rotate left.
+=end
+    FLG_RCL='rotate carry left'
+=begin rdoc
+Arithmetic (with carry) rotate right.
+=end
+    FLG_RCR='rotate carry right'
+=begin rdoc
+Read from I/O port.
+=end
+    FLG_IN='input from port'
+=begin rdoc
+Write to I/O port.
+=end
+    FLG_OUT='output to port'
+
+=begin rdoc
+Returns true if the instruction is a branch (is a CALL, CALLCC, JMP, or
+JMPCC). This is only reliable if <i>status</i> includes DECODE_MNEMONIC_FLAGS.
+=end
+    def branch?
+    end
+
+=begin rdoc
+Returns true if execution falls through to the next instruction. This is true
+in all cases except JMP and RET. This is only reliable if <i>status</i> 
+includes DECODE_MNEMONIC_FLAGS.
+=end
+    def fallthrough?
+    end
+
+=begin rdoc
+Returns the <i>ascii</i> field if the instruction.
+=end
+    def to_s
+    end
+  end
+
+=begin rdoc
+An instruction operand. A properly-decoded instruction will have Operand
+subclasses in its <i>operands</i> array; the Operand base class is used only
+when the operand strings have been identified by the decoder but not
+processed.
+=end
+  class Operand
+
+=begin rdoc
+Metadata containing additional information about the operand
+=end
+    attr_accessor :flags
+
+=begin rdoc
+The size in bytes of the data referenced by the instruction, or <i>nil</i> if
+not known.
+=end
+    attr_accessor :data_size
+
+=begin rdoc
+The string for the operand returned by libopcodes.
+=end
+    attr_accessor :ascii
+
+=begin rdoc
+Operand is read by instruction.
+=end
+    FLG_R='r'
+=begin rdoc
+Operand is written to by instruction.
+=end
+    FLG_W='w'
+=begin rdoc
+Operand is executed (jumped to) by instruction.
+=end
+    FLG_X='x'
+=begin rdoc
+=end
+    FLG_SIGNED='signed'
+=begin rdoc
+=end
+    FLG_ADDR='address'
+=begin rdoc
+=end
+    FLG_INDIRECT='indirect address'
+
+=begin rdoc
+Returns the <i>ascii</i> field.
+=end
+    def to_s
+    end
+  end
+
+=begin rdoc
+A numeric value explicitly encoded in the bytes of the instruction.
+=end
+  class ImmediateOperand < Operand
+
+=begin rdoc
+The immediate value, interpreted as signed or unsigned based on whether
+Operand#flags includes FLG_SIGNED.
+=end
+    attr_accessor :value
+
+=begin rdoc
+The immediate value interpreted as a signed integer.
+=end
+    attr_accessor :signed
+
+=begin rdoc
+The immediate value interpreted as an unsigned integer.
+=end
+    attr_accessor :unsigned
+
+=begin rdoc
+The immediate value interpreted as a VMA.
+=end
+    attr_accessor :vma
+  end
+
+=begin rdoc
+An address expression such as an Intel Effective Address. This generally
+takes the form of
+
+base + (index * scale) + disp
+
+where <b>base</b> and <b>index</b> are registers, <b>scale</b> is a power of
+two, <b>disp</b> is an immediate value, and <b>*</b> is a "shift operation"
+(generally arithmetic shift left).
+=end
+  class AddressExpressionOperand < Operand
+
+=begin rdoc
+The shift algorithm used by the expression. This is one of SHIFT_ASL,
+SHIFT_LSL, SHIFT_LSR, SHIFT_ROR, or SHIFT_RRX. The default is SHIFT_ASL;
+the other algorithms apply to the ARM architecture.
+=end
+    attr_accessor :shift
+
+=begin rdoc
+The scale factor of the expression. This must be a power of two; the default
+scale value is <b>1</b>.
+=end
+    attr_accessor :scale
+
+=begin rdoc
+A Register object for the <b>index</b> value of the expression, or <i>nil</i> if
+the expression does not use an index value.
+=end
+    attr_accessor :index
+
+=begin rdoc
+A Register object for the <b>base</b> value of the expression, or <i>nil</i> if
+the expression does not use an base value.
+=end
+    attr_accessor :base
+
+=begin rdoc
+A numeric value or an AbsoluteAddress object for the displacement of the 
+expression, or <i>nil</i> if the expression does not use a displacement.
+=end
+    attr_accessor :displacement
+
+=begin rdoc
+Logical (no carry) shift left.
+=end
+    SHIFT_LSL='lsl'
+=begin rdoc
+Logical (no carry) shift right.
+=end
+    SHIFT_LSR='lsr'
+=begin rdoc
+Arithmetic (carry) shift left.
+=end
+    SHIFT_ASL='asl'
+=begin rdoc
+Logical (no carry) rotate right.
+=end
+    SHIFT_ROR='ror'
+=begin rdoc
+=end
+    SHIFT_RRX='rrx'
+  end
+
+=begin rdoc
+A segmented address consisting of a base (segment) register and a displacement
+or offset. In Intel notation, these take the form <b>segment:offset</b>.
+=end
+  class AbsoluteAddress
+
+=begin rdoc
+A Register object for the segment or base of the absolute address.
+=end
+    attr_accessor :segment
+
+=begin rdoc
+An immediate value for the offset or displacement of the absolute address.
+=end
+    attr_accessor :offset
+  end
+
+=begin rdoc
+An AbsoluteAddress operand.
+
+See AbsoluteAddress class.
+=end
+  class AbsoluteAddressOperand < Operand
+
+    attr_accessor :segment, :offset
+
+  end
+
+=begin rdoc
+A CPU register.
+=end
+  class Register
+
+=begin rdoc
+A numeric ID for the register. Registers with the same ID but different names
+are aliases of each other.
+=end
+    attr_reader :id
+
+=begin rdoc
+The size of the register in bytes.
+=end
+    attr_reader :size
+
+=begin rdoc
+The name or mnemonic for the register.
+=end
+    attr_reader :name
+
+=begin rdoc
+Metadata describing the purpose or general use of the register.
+=end
+    attr_accessor :purpose
+
+=begin rdoc
+A general-purpose register.
+=end
+    FLG_GEN='general purpose'
+=begin rdoc
+A floating-point register.
+=end
+    FLG_FPU='fpu'
+=begin rdoc
+A register on the graphics card.
+=end
+    FLG_GPU='gpu'
+=begin rdoc
+An SIMD register.
+=end
+    FLG_SIMD='simd'
+=begin rdoc
+A system register for task management.
+=end
+    FLG_TASK='task mgt'
+=begin rdoc
+A system register for memory management.
+=end
+    FLG_MEM='memory mgt'
+=begin rdoc
+A system register providing debugger support.
+=end
+    FLG_DBG='debug'
+=begin rdoc
+The program counter or instruction pointer.
+=end
+    FLG_PC='pc'
+=begin rdoc
+The flags or condition code register.
+=end
+    FLG_FLAGS='flags'
+=begin rdoc
+The stack pointer.
+=end
+    FLG_STACK='stack'
+=begin rdoc
+The frame pointer.
+=end
+    FLG_FRAME='stack frame'
+=begin rdoc
+A memory segment register.
+=end
+    FLG_SEG='segment'
+=begin rdoc
+The (virtual) zero register.
+=end
+    FLG_Z='zero'
+=begin rdoc
+A register used for incoming arguments inside a procedure.
+=end
+    FLG_IN='args in'
+=begin rdoc
+A register used for outgoing arguments in a procedure call.
+=end
+    FLG_OUT='args out'
+=begin rdoc
+A register used for local variables inside a procedure.
+=end
+    FLG_LOCALS='locals'
+=begin rdoc
+A register used for a return value from a procedure call.
+=end
+    FLG_RET='return'
+  end
+
+=begin rdoc
+A register operand.
+
+See Register class.
+=end
+  class RegisterOperand < Operand
+
+    attr_reader :id, :size,:name
+    attr_accessor :purpose
+
+    FLG_GEN='general purpose'
+    FLG_FPU='fpu'
+    FLG_GPU='gpu'
+    FLG_SIMD='simd'
+    FLG_TASK='task mgt'
+    FLG_MEM='memory mgt'
+    FLG_DBG='debug'
+    FLG_PC='pc'
+    FLG_FLAGS='flags'
+    FLG_STACK='stack'
+    FLG_FRAME='stack frame'
+    FLG_SEG='segment'
+    FLG_Z='zero'
+    FLG_IN='args in'
+    FLG_OUT='args out'
+    FLG_LOCALS='locals'
+    FLG_RET='return'
+  end
+
+end