RubyGems - metasm - Versions diffs - 1.0.0 - Mend

metasm 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (192) hide show

data/BUGS +11 -0
data/CREDITS +17 -0
data/README +270 -0
data/TODO +114 -0
data/doc/code_organisation.txt +146 -0
data/doc/const_missing.txt +16 -0
data/doc/core_classes.txt +75 -0
data/doc/feature_list.txt +53 -0
data/doc/index.txt +59 -0
data/doc/install_notes.txt +170 -0
data/doc/style.css +3 -0
data/doc/use_cases.txt +18 -0
data/lib/metasm.rb +80 -0
data/lib/metasm/arm.rb +12 -0
data/lib/metasm/arm/debug.rb +39 -0
data/lib/metasm/arm/decode.rb +167 -0
data/lib/metasm/arm/encode.rb +77 -0
data/lib/metasm/arm/main.rb +75 -0
data/lib/metasm/arm/opcodes.rb +177 -0
data/lib/metasm/arm/parse.rb +130 -0
data/lib/metasm/arm/render.rb +55 -0
data/lib/metasm/compile_c.rb +1457 -0
data/lib/metasm/dalvik.rb +8 -0
data/lib/metasm/dalvik/decode.rb +196 -0
data/lib/metasm/dalvik/main.rb +60 -0
data/lib/metasm/dalvik/opcodes.rb +366 -0
data/lib/metasm/decode.rb +213 -0
data/lib/metasm/decompile.rb +2659 -0
data/lib/metasm/disassemble.rb +2068 -0
data/lib/metasm/disassemble_api.rb +1280 -0
data/lib/metasm/dynldr.rb +1329 -0
data/lib/metasm/encode.rb +333 -0
data/lib/metasm/exe_format/a_out.rb +194 -0
data/lib/metasm/exe_format/autoexe.rb +82 -0
data/lib/metasm/exe_format/bflt.rb +189 -0
data/lib/metasm/exe_format/coff.rb +455 -0
data/lib/metasm/exe_format/coff_decode.rb +901 -0
data/lib/metasm/exe_format/coff_encode.rb +1078 -0
data/lib/metasm/exe_format/dex.rb +457 -0
data/lib/metasm/exe_format/dol.rb +145 -0
data/lib/metasm/exe_format/elf.rb +923 -0
data/lib/metasm/exe_format/elf_decode.rb +979 -0
data/lib/metasm/exe_format/elf_encode.rb +1375 -0
data/lib/metasm/exe_format/macho.rb +827 -0
data/lib/metasm/exe_format/main.rb +228 -0
data/lib/metasm/exe_format/mz.rb +164 -0
data/lib/metasm/exe_format/nds.rb +172 -0
data/lib/metasm/exe_format/pe.rb +437 -0
data/lib/metasm/exe_format/serialstruct.rb +246 -0
data/lib/metasm/exe_format/shellcode.rb +114 -0
data/lib/metasm/exe_format/xcoff.rb +167 -0
data/lib/metasm/gui.rb +23 -0
data/lib/metasm/gui/cstruct.rb +373 -0
data/lib/metasm/gui/dasm_coverage.rb +199 -0
data/lib/metasm/gui/dasm_decomp.rb +369 -0
data/lib/metasm/gui/dasm_funcgraph.rb +103 -0
data/lib/metasm/gui/dasm_graph.rb +1354 -0
data/lib/metasm/gui/dasm_hex.rb +543 -0
data/lib/metasm/gui/dasm_listing.rb +599 -0
data/lib/metasm/gui/dasm_main.rb +906 -0
data/lib/metasm/gui/dasm_opcodes.rb +291 -0
data/lib/metasm/gui/debug.rb +1228 -0
data/lib/metasm/gui/gtk.rb +884 -0
data/lib/metasm/gui/qt.rb +495 -0
data/lib/metasm/gui/win32.rb +3004 -0
data/lib/metasm/gui/x11.rb +621 -0
data/lib/metasm/ia32.rb +14 -0
data/lib/metasm/ia32/compile_c.rb +1523 -0
data/lib/metasm/ia32/debug.rb +193 -0
data/lib/metasm/ia32/decode.rb +1167 -0
data/lib/metasm/ia32/decompile.rb +564 -0
data/lib/metasm/ia32/encode.rb +314 -0
data/lib/metasm/ia32/main.rb +233 -0
data/lib/metasm/ia32/opcodes.rb +872 -0
data/lib/metasm/ia32/parse.rb +327 -0
data/lib/metasm/ia32/render.rb +91 -0
data/lib/metasm/main.rb +1193 -0
data/lib/metasm/mips.rb +11 -0
data/lib/metasm/mips/compile_c.rb +7 -0
data/lib/metasm/mips/decode.rb +253 -0
data/lib/metasm/mips/encode.rb +51 -0
data/lib/metasm/mips/main.rb +72 -0
data/lib/metasm/mips/opcodes.rb +443 -0
data/lib/metasm/mips/parse.rb +51 -0
data/lib/metasm/mips/render.rb +43 -0
data/lib/metasm/os/gnu_exports.rb +270 -0
data/lib/metasm/os/linux.rb +1112 -0
data/lib/metasm/os/main.rb +1686 -0
data/lib/metasm/os/remote.rb +527 -0
data/lib/metasm/os/windows.rb +2027 -0
data/lib/metasm/os/windows_exports.rb +745 -0
data/lib/metasm/parse.rb +876 -0
data/lib/metasm/parse_c.rb +3938 -0
data/lib/metasm/pic16c/decode.rb +42 -0
data/lib/metasm/pic16c/main.rb +17 -0
data/lib/metasm/pic16c/opcodes.rb +68 -0
data/lib/metasm/ppc.rb +11 -0
data/lib/metasm/ppc/decode.rb +264 -0
data/lib/metasm/ppc/decompile.rb +251 -0
data/lib/metasm/ppc/encode.rb +51 -0
data/lib/metasm/ppc/main.rb +129 -0
data/lib/metasm/ppc/opcodes.rb +410 -0
data/lib/metasm/ppc/parse.rb +52 -0
data/lib/metasm/preprocessor.rb +1277 -0
data/lib/metasm/render.rb +130 -0
data/lib/metasm/sh4.rb +8 -0
data/lib/metasm/sh4/decode.rb +336 -0
data/lib/metasm/sh4/main.rb +292 -0
data/lib/metasm/sh4/opcodes.rb +381 -0
data/lib/metasm/x86_64.rb +12 -0
data/lib/metasm/x86_64/compile_c.rb +1025 -0
data/lib/metasm/x86_64/debug.rb +59 -0
data/lib/metasm/x86_64/decode.rb +268 -0
data/lib/metasm/x86_64/encode.rb +264 -0
data/lib/metasm/x86_64/main.rb +135 -0
data/lib/metasm/x86_64/opcodes.rb +118 -0
data/lib/metasm/x86_64/parse.rb +68 -0
data/misc/bottleneck.rb +61 -0
data/misc/cheader-findpppath.rb +58 -0
data/misc/hexdiff.rb +74 -0
data/misc/hexdump.rb +55 -0
data/misc/metasm-all.rb +13 -0
data/misc/objdiff.rb +47 -0
data/misc/objscan.rb +40 -0
data/misc/pdfparse.rb +661 -0
data/misc/ppc_pdf2oplist.rb +192 -0
data/misc/tcp_proxy_hex.rb +84 -0
data/misc/txt2html.rb +440 -0
data/samples/a.out.rb +31 -0
data/samples/asmsyntax.rb +77 -0
data/samples/bindiff.rb +555 -0
data/samples/compilation-steps.rb +49 -0
data/samples/cparser_makestackoffset.rb +55 -0
data/samples/dasm-backtrack.rb +38 -0
data/samples/dasmnavig.rb +318 -0
data/samples/dbg-apihook.rb +228 -0
data/samples/dbghelp.rb +143 -0
data/samples/disassemble-gui.rb +102 -0
data/samples/disassemble.rb +133 -0
data/samples/dump_upx.rb +95 -0
data/samples/dynamic_ruby.rb +1929 -0
data/samples/elf_list_needed.rb +46 -0
data/samples/elf_listexports.rb +33 -0
data/samples/elfencode.rb +25 -0
data/samples/exeencode.rb +128 -0
data/samples/factorize-headers-elfimports.rb +77 -0
data/samples/factorize-headers-peimports.rb +109 -0
data/samples/factorize-headers.rb +43 -0
data/samples/gdbclient.rb +583 -0
data/samples/generate_libsigs.rb +102 -0
data/samples/hotfix_gtk_dbg.rb +59 -0
data/samples/install_win_env.rb +78 -0
data/samples/lindebug.rb +924 -0
data/samples/linux_injectsyscall.rb +95 -0
data/samples/machoencode.rb +31 -0
data/samples/metasm-shell.rb +91 -0
data/samples/pe-hook.rb +69 -0
data/samples/pe-ia32-cpuid.rb +203 -0
data/samples/pe-mips.rb +35 -0
data/samples/pe-shutdown.rb +78 -0
data/samples/pe-testrelocs.rb +51 -0
data/samples/pe-testrsrc.rb +24 -0
data/samples/pe_listexports.rb +31 -0
data/samples/peencode.rb +19 -0
data/samples/peldr.rb +494 -0
data/samples/preprocess-flatten.rb +19 -0
data/samples/r0trace.rb +308 -0
data/samples/rubstop.rb +399 -0
data/samples/scan_pt_gnu_stack.rb +54 -0
data/samples/scanpeexports.rb +62 -0
data/samples/shellcode-c.rb +40 -0
data/samples/shellcode-dynlink.rb +146 -0
data/samples/source.asm +34 -0
data/samples/struct_offset.rb +47 -0
data/samples/testpe.rb +32 -0
data/samples/testraw.rb +45 -0
data/samples/win32genloader.rb +132 -0
data/samples/win32hooker-advanced.rb +169 -0
data/samples/win32hooker.rb +96 -0
data/samples/win32livedasm.rb +33 -0
data/samples/win32remotescan.rb +133 -0
data/samples/wintrace.rb +92 -0
data/tests/all.rb +8 -0
data/tests/dasm.rb +39 -0
data/tests/dynldr.rb +35 -0
data/tests/encodeddata.rb +132 -0
data/tests/ia32.rb +82 -0
data/tests/mips.rb +116 -0
data/tests/parse_c.rb +239 -0
data/tests/preprocessor.rb +269 -0
data/tests/x86_64.rb +62 -0
metadata +255 -0

data/lib/metasm/ia32/encode.rb ADDED

@@ -0,0 +1,314 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/ia32/opcodes'
+require 'metasm/encode'
+module Metasm
+class Ia32
+	class InvalidModRM < Exception ; end
+	class ModRM
+		# returns the byte representing the register encoded as modrm
+		# works with Reg/SimdReg
+		def self.encode_reg(reg, mregval = 0)
+			0xc0 | (mregval << 3) | reg.val
+		end
+		# The argument is an integer representing the 'reg' field of the mrm
+		#
+		# caller is responsible for setting the adsz
+		# returns an array, 1 element per possible immediate size (for un-reduce()able Expression)
+		def encode(reg = 0, endianness = :little)
+			reg = reg.val if reg.kind_of? Argument
+			case @adsz
+			when 16; encode16(reg, endianness)
+			when 32; encode32(reg, endianness)
+			end
+		end
+		private
+		def encode16(reg, endianness)
+			if not b
+				# imm only
+				return [EncodedData.new << (6 | (reg << 3)) << @imm.encode(:u16, endianness)]
+			end
+			imm = @imm.reduce if self.imm
+			imm = nil if imm == 0
+			ret = EncodedData.new
+			ret <<
+			case [@b.val, (@i.val if i)]
+			when [3, 6], [6, 3]; 0
+			when [3, 7], [7, 3]; 1
+			when [5, 6], [6, 5]; 2
+			when [5, 7], [7, 5]; 3
+			when [6, nil]; 4
+			when [7, nil]; 5
+			when [5, nil]
+				imm ||= 0
+				6
+			when [3, nil]; 7
+			else raise InvalidModRM, 'invalid modrm16'
+			end
+			# add bits in the first octet of ret.data (1.9 compatibility layer)
+			or_bits = lambda { |v|	# rape me
+				if ret.data[0].kind_of? Integer
+					ret.data[0] |= v
+				else
+					ret.data[0] = (ret.data[0].unpack('C').first | v).chr
+				end
+			}
+			or_bits[reg << 3]
+			if imm
+				case Expression.in_range?(imm, :i8)
+				when true
+					or_bits[1 << 6]
+					[ret << Expression.encode_imm(imm, :i8, endianness)]
+				when false
+					or_bits[2 << 6]
+					[ret << Expression.encode_imm(imm, :a16, endianness)]
+				when nil
+					rets = ret.dup
+					or_bits[1<<6]
+					ret << @imm.encode(:i8, endianness)
+					ret, rets = rets, ret	# or_bits uses ret
+					or_bits[2<<6]
+					ret << @imm.encode(:a16, endianness)
+					[ret, rets]
+				end
+			else
+				[ret]
+			end
+		end
+		def encode32(reg, endianness)
+			# 0 => [ [0      ], [1      ], [2      ], [3      ], [:sib      ], [:i32   ], [6      ], [7      ] ], \
+			# 1 => [ [0, :i8 ], [1, :i8 ], [2, :i8 ], [3, :i8 ], [:sib, :i8 ], [5, :i8 ], [6, :i8 ], [7, :i8 ] ], \
+			# 2 => [ [0, :i32], [1, :i32], [2, :i32], [3, :i32], [:sib, :i32], [5, :i32], [6, :i32], [7, :i32] ]
+			#
+			# b => 0  1  2  3  4  5+i|i 6  7
+			# i => 0  1  2  3 nil   5   6  7
+			ret = EncodedData.new << (reg << 3)
+			# add bits in the first octet of ret.data (1.9 compatibility layer)
+			or_bits = lambda { |v|	# rape me
+				if ret.data[0].kind_of? Integer
+					ret.data[0] |= v
+				else
+					ret.data[0] = (ret.data[0].unpack('C').first | v).chr
+				end
+			}
+			if not self.b and not self.i
+				or_bits[5]
+				[ret << @imm.encode(:a32, endianness)]
+			elsif not self.b and self.s != 1
+				# sib with no b
+				raise EncodeError, "Invalid ModRM #{self}" if @i.val == 4
+				or_bits[4]
+				s = {8=>3, 4=>2, 2=>1}[@s]
+				imm = self.imm || Expression[0]
+				fu = (s << 6) | (@i.val << 3) | 5
+				fu = fu.chr if s >= 2	# rb1.9 encoding fix
+				[ret << fu << imm.encode(:a32, endianness)]
+			else
+				imm = @imm.reduce if self.imm
+				imm = nil if imm == 0
+				if not self.i or (not self.b and self.s == 1)
+					# no sib byte (except for [esp])
+					b = self.b || self.i
+					or_bits[b.val]
+					ret << 0x24 if b.val == 4
+				else
+					# sib
+					or_bits[4]
+					i, b = @i, @b
+					b, i = i, b if @s == 1 and (i.val == 4 or b.val == 5)
+					raise EncodeError, "Invalid ModRM #{self}" if i.val == 4
+					s = {8=>3, 4=>2, 2=>1, 1=>0}[@s]
+					fu = (s << 6) | (i.val << 3) | b.val
+					fu = fu.chr if s >= 2	# rb1.9 encoding fix
+					ret << fu
+				end
+				imm ||= 0 if b.val == 5
+				if imm
+					case Expression.in_range?(imm, :i8)
+					when true
+						or_bits[1<<6]
+						[ret << Expression.encode_imm(imm, :i8, endianness)]
+					when false
+						or_bits[2<<6]
+						[ret << Expression.encode_imm(imm, :a32, endianness)]
+					when nil
+						rets = ret.dup
+						or_bits[1<<6]
+						ret << @imm.encode(:i8, endianness)
+						rets, ret = ret, rets	# or_bits[] modifies ret directly
+						or_bits[2<<6]
+						ret << @imm.encode(:a32, endianness)
+						[ret, rets]
+					end
+				else
+					[ret]
+				end
+			end
+		end
+	end
+	class Farptr
+		def encode(endianness, atype)
+			@addr.encode(atype, endianness) << @seg.encode(:u16, endianness)
+		end
+	end
+	# returns all forms of the encoding of instruction i using opcode op
+	# program may be used to create a new label for relative jump/call
+	def encode_instr_op(program, i, op)
+		base      = op.bin.dup
+		oi        = op.args.zip(i.args)
+		set_field = lambda { |f, v|
+			v ||= 0		# ST => ST(0)
+			fld = op.fields[f]
+			base[fld[0]] |= v << fld[1]
+		}
+		size = i.prefix[:sz] || @size
+		#
+		# handle prefixes and bit fields
+		#
+		pfx = i.prefix.map { |k, v|
+			case k
+			when :jmp;  {:jmp => 0x3e, :nojmp => 0x2e}[v]
+			when :lock; 0xf0
+			when :rep;  {'repnz' => 0xf2, 'repz' => 0xf3, 'rep' => 0xf2}[v] # TODO
+			end
+		}.compact.pack 'C*'
+		pfx << op.props[:needpfx] if op.props[:needpfx]
+		if op.name == 'movsx' or op.name == 'movzx'
+			pfx << 0x66 if size == 48-i.args[0].sz
+		else
+			opsz = op.props[:argsz]
+			oi.each { |oa, ia|
+				case oa
+				when :reg, :reg_eax, :modrm, :modrmA, :mrm_imm
+					raise EncodeError, "Incompatible arg size in #{i}" if ia.sz and opsz and opsz != ia.sz
+					opsz = ia.sz
+				end
+			}
+			pfx << 0x66 if (not op.props[:argsz] or opsz != op.props[:argsz]) and (
+				(opsz and size == 48 - opsz) or (op.props[:opsz] and op.props[:opsz] != size))
+			if op.props[:opsz] and size == 48 - op.props[:opsz]
+				opsz = op.props[:opsz]
+			end
+		end
+		opsz ||= size
+		if op.props[:adsz] and size == 48 - op.props[:adsz]
+			pfx << 0x67
+			adsz = 48 - size
+		end
+		adsz ||= size
+		# addrsize override / segment override
+		if mrm = i.args.grep(ModRM).first
+			if not op.props[:adsz] and ((mrm.b and mrm.b.sz != adsz) or (mrm.i and mrm.i.sz != adsz))
+				pfx << 0x67
+				adsz = 48 - adsz
+			end
+			pfx << [0x26, 0x2E, 0x36, 0x3E, 0x64, 0x65][mrm.seg.val] if mrm.seg
+		end
+		#
+		# encode embedded arguments
+		#
+		postponed = []
+		oi.each { |oa, ia|
+			case oa
+			when :reg, :seg3, :seg3A, :seg2, :seg2A, :eeec, :eeed, :regfp, :regmmx, :regxmm
+				# field arg
+				set_field[oa, ia.val]
+				pfx << 0x66 if oa == :regmmx and op.props[:xmmx] and ia.sz == 128
+			when :imm_val1, :imm_val3, :reg_cl, :reg_eax, :reg_dx, :regfp0
+				# implicit
+			else
+				postponed << [oa, ia]
+			end
+		}
+		if !(op.args & [:modrm, :modrmA, :modrmxmm, :modrmmmx]).empty?
+			# reg field of modrm
+			regval = (base[-1] >> 3) & 7
+			base.pop
+		end
+		# convert label name for jmp/call/loop to relative offset
+		if op.props[:setip] and op.name[0, 3] != 'ret' and i.args.first.kind_of? Expression
+			postlabel = program.new_label('post'+op.name)
+			target = postponed.first[1]
+			target = target.rexpr if target.kind_of? Expression and target.op == :+ and not target.lexpr
+			postponed.first[1] = Expression[target, :-, postlabel]
+		end
+		#
+		# append other arguments
+		#
+		ret = EncodedData.new(pfx + base.pack('C*'))
+		postponed.each { |oa, ia|
+			case oa
+			when :farptr; ed = ia.encode(@endianness, "a#{opsz}".to_sym)
+			when :modrm, :modrmA, :modrmmmx, :modrmxmm
+				if ia.kind_of? ModRM
+					ed = ia.encode(regval, @endianness)
+					if ed.kind_of?(::Array)
+						if ed.length > 1
+							# we know that no opcode can have more than 1 modrm
+							ary = []
+							ed.each { |m|
+								ary << (ret.dup << m)
+							}
+							ret = ary
+							next
+						else
+							ed = ed.first
+						end
+					end
+				else
+					ed = ModRM.encode_reg(ia, regval)
+				end
+			when :mrm_imm; ed = ia.imm.encode("a#{adsz}".to_sym, @endianness)
+			when :i8, :u8, :u16; ed = ia.encode(oa, @endianness)
+			when :i; ed = ia.encode("a#{opsz}".to_sym, @endianness)
+			else raise SyntaxError, "Internal error: want to encode field #{oa.inspect} as arg in #{i}"
+			end
+			if ret.kind_of?(::Array)
+				ret.each { |e| e << ed }
+			else
+				ret << ed
+			end
+		}
+		# we know that no opcode with setip accept both modrm and immediate arg, so ret is not an ::Array
+		ret.add_export(postlabel, ret.virtsize) if postlabel
+		ret
+	end
+end
+end

data/lib/metasm/ia32/main.rb ADDED

@@ -0,0 +1,233 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+# The ia32 aka x86 CPU
+# currently limited to 16 and 32bit modes
+class Ia32 < CPU
+	# some ruby magic to declare classes with index -> name association (registers)
+	class Argument
+		class << self
+			# for subclasses
+			attr_accessor :i_to_s, :s_to_i
+		end
+		private
+		# index -> name, name -> index
+		def self.simple_map(a)
+			# { 1 => 'dr1' }
+			@i_to_s = Hash[*a.flatten]
+			# { 'dr1' => 1 }
+			@s_to_i = @i_to_s.invert
+			class_eval {
+				attr_accessor :val
+				def initialize(v)
+					raise Exception, "invalid #{self.class} #{v}" unless self.class.i_to_s[v]
+					@val = v
+				end
+				def self.from_str(s) new(@s_to_i[s]) end
+			}
+		end
+		# size -> (index -> name), name -> [index, size]
+		def self.double_map(h)
+			# { 32 => { 1 => 'ecx' } }
+			@i_to_s = h
+			# { 'ecx' => [1, 32] }
+			@s_to_i = {} ; @i_to_s.each { |sz, hh| hh.each_with_index { |r, i| @s_to_i[r] = [i, sz] } }
+			class_eval {
+				attr_accessor :val, :sz
+				def initialize(v, sz)
+					raise Exception, "invalid #{self.class} #{sz}/#{v}" unless self.class.i_to_s[sz] and self.class.i_to_s[sz][v]
+					@val = v
+					@sz = sz
+				end
+				def self.from_str(s)
+					raise "Bad #{name} #{s.inspect}" if not x = @s_to_i[s]
+					new(*x)
+				end
+			}
+		end
+	end
+	# segment register: es, cs, ss, ds, fs, gs and the theoretical segr6/7
+	class SegReg < Argument
+		simple_map((0..7).zip(%w(es cs ss ds fs gs segr6 segr7)))
+	end
+	# debug register (dr0..dr3, dr6, dr7), and theoretical dr4/5
+	class DbgReg < Argument
+		simple_map((0..7).map { |i| [i, "dr#{i}"] })
+	end
+	# control register (cr0, cr2, cr3, cr4) and theoretical cr1/5/6/7
+	class CtrlReg < Argument
+		simple_map((0..7).map { |i| [i, "cr#{i}"] })
+	end
+	# floating point registers
+	class FpReg < Argument
+		simple_map((0..7).map { |i| [i, "ST(#{i})"] } << [nil, 'ST'])
+	end
+	# a single operation multiple data register (mm0..mm7, xmm0..xmm7)
+	class SimdReg < Argument
+		double_map  64 => (0..7).map { |n| "mm#{n}" },
+			   128 => (0..7).map { |n| "xmm#{n}" }
+		def symbolic(di=nil) ; to_s.to_sym end
+	end
+	# general purpose registers, all sizes
+	class Reg < Argument
+		double_map  8 => %w{ al  cl  dl  bl  ah  ch  dh  bh},
+			   16 => %w{ ax  cx  dx  bx  sp  bp  si  di},
+			   32 => %w{eax ecx edx ebx esp ebp esi edi}
+		Sym = @i_to_s[32].map { |s| s.to_sym }
+		# returns a symbolic representation of the register:
+		# eax => :eax
+		# cx => :ecx & 0xffff
+		# ah => (:eax >> 8) & 0xff
+		def symbolic(di=nil)
+			s = Sym[@val]
+			if @sz == 8 and to_s[-1] == ?h
+				Expression[[Sym[@val-4], :>>, 8], :&, 0xff]
+			elsif @sz == 8
+				Expression[s, :&, 0xff]
+			elsif @sz == 16
+				Expression[s, :&, 0xffff]
+			else
+				s
+			end
+		end
+		# checks if two registers have bits in common
+		def share?(other)
+			other.val % (other.sz >> 1) == @val % (@sz >> 1) and (other.sz != @sz or @sz != 8 or other.val == @val)
+		end
+	end
+	# a far pointer
+	# an immediate (numeric) pointer and an immediate segment selector
+	class Farptr < Argument
+		attr_accessor :seg, :addr
+		def initialize(seg, addr)
+			@seg, @addr = seg, addr
+		end
+	end
+	# ModRM represents indirections in x86 (eg dword ptr [eax+4*ebx+12h])
+	class ModRM < Argument
+		# valid combinaisons for a modrm
+		# ints are reg indexes, symbols are immediates, except :sib
+		Sum = {
+		    16 => {
+			0 => [ [3, 6], [3, 7], [5, 6], [5, 7], [6], [7], [:i16], [3] ],
+			1 => [ [3, 6, :i8 ], [3, 7, :i8 ], [5, 6, :i8 ], [5, 7, :i8 ], [6, :i8 ], [7, :i8 ], [5, :i8 ], [3, :i8 ] ],
+			2 => [ [3, 6, :i16], [3, 7, :i16], [5, 6, :i16], [5, 7, :i16], [6, :i16], [7, :i16], [5, :i16], [3, :i16] ]
+		    },
+		    32 => {
+			0 => [ [0], [1], [2], [3], [:sib], [:i32], [6], [7] ],
+			1 => [ [0, :i8 ], [1, :i8 ], [2, :i8 ], [3, :i8 ], [:sib, :i8 ], [5, :i8 ], [6, :i8 ], [7, :i8 ] ],
+			2 => [ [0, :i32], [1, :i32], [2, :i32], [3, :i32], [:sib, :i32], [5, :i32], [6, :i32], [7, :i32] ]
+		    }
+		}
+		attr_accessor :adsz, :sz
+		attr_accessor :seg
+		attr_accessor :s, :i, :b, :imm
+		# creates a new ModRM with the specified attributes:
+		# - adsz (16/32), sz (8/16/32: byte ptr, word ptr, dword ptr)
+		# - s, i, b, imm
+		# - segment selector override
+		def initialize(adsz, sz, s, i, b, imm, seg = nil)
+			@adsz, @sz = adsz, sz
+			@s, @i = s, i if i
+			@b = b if b
+			@imm = imm if imm
+			@seg = seg if seg
+		end
+		# returns the symbolic representation of the ModRM (ie an Indirection)
+		# segment selectors are represented as eg "segment_base_fs"
+		# not present when same as implicit (ds:edx, ss:esp)
+		def symbolic(di=nil)
+			p = nil
+			p = Expression[p, :+, @b.symbolic(di)] if b
+			p = Expression[p, :+, [@s, :*, @i.symbolic(di)]] if i
+			p = Expression[p, :+, @imm] if imm
+			p = Expression["segment_base_#@seg", :+, p] if seg and seg.val != ((b && (@b.val == 4 || @b.val == 5)) ? 2 : 3)
+			Indirection[p.reduce, @sz/8, (di.address if di)]
+		end
+	end
+	# Create a new instance of an Ia32 cpu
+	# arguments (any order)
+	# - size in bits (16, 32) [32]
+	# - instruction set (386, 486, pentium...) [latest]
+	# - endianness [:little]
+	def initialize(*a)
+		super()
+		@size = (a & [16, 32]).first || 32
+		a.delete @size
+		@endianness = (a & [:big, :little]).first || :little
+		a.delete @endianness
+		@family = a.pop || :latest
+		raise "Invalid arguments #{a.inspect}" if not a.empty?
+		raise "Invalid Ia32 family #{@family.inspect}" if not respond_to?("init_#@family")
+	end
+	# wrapper to transparently forward Ia32.new(64) to X86_64.new
+	def self.new(*a)
+		return X86_64.new(*a) if a.include? 64 and self == Ia32
+		super(*a)
+	end
+	# initializes the @opcode_list according to @family
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+	# defines some preprocessor macros to say who we are:
+	# _M_IX86 = 500, _X86_, __i386__
+	# pass any value in nodefine to just call super w/o defining anything of our own
+	def tune_prepro(pp, nodefine = false)
+		super(pp)
+		return if nodefine
+		pp.define_weak('_M_IX86', 500)
+		pp.define_weak('_X86_')
+		pp.define_weak('__i386__')
+	end
+	# returns a Reg object if the arg is a valid register (eg 'ax' => Reg.new(0, 16))
+	# returns nil if str is invalid
+	def str_to_reg(str)
+		Reg.from_str(str) if Reg.s_to_i.has_key? str
+	end
+	def shortname
+		"ia32#{'_16' if @size == 16}#{'_be' if @endianness == :big}"
+	end
+end
+X86 = Ia32
+end