RubyGems - metasm - Versions diffs - 1.0.3 → 1.0.4 - Mend

metasm 1.0.3 → 1.0.4

Files changed (114) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +3 -0
data.tar.gz.sig +0 -0
data/Gemfile +3 -2
data/metasm.gemspec +3 -2
data/metasm.rb +4 -1
data/metasm/compile_c.rb +2 -2
data/metasm/cpu/arc/decode.rb +0 -21
data/metasm/cpu/arc/main.rb +4 -4
data/metasm/cpu/arm/decode.rb +1 -5
data/metasm/cpu/arm/main.rb +3 -3
data/metasm/cpu/arm64/decode.rb +2 -6
data/metasm/cpu/arm64/main.rb +5 -5
data/metasm/cpu/bpf/decode.rb +3 -35
data/metasm/cpu/bpf/main.rb +5 -5
data/metasm/cpu/bpf/render.rb +1 -12
data/metasm/cpu/cy16/decode.rb +0 -6
data/metasm/cpu/cy16/main.rb +3 -3
data/metasm/cpu/cy16/render.rb +0 -11
data/metasm/cpu/dalvik/decode.rb +4 -26
data/metasm/cpu/dalvik/main.rb +20 -2
data/metasm/cpu/dalvik/opcodes.rb +3 -2
data/metasm/cpu/{mips/compile_c.rb → ebpf.rb} +5 -2
data/metasm/cpu/ebpf/debug.rb +61 -0
data/metasm/cpu/ebpf/decode.rb +142 -0
data/metasm/cpu/ebpf/main.rb +58 -0
data/metasm/cpu/ebpf/opcodes.rb +97 -0
data/metasm/cpu/ebpf/render.rb +36 -0
data/metasm/cpu/ia32/debug.rb +39 -1
data/metasm/cpu/ia32/decode.rb +111 -90
data/metasm/cpu/ia32/decompile.rb +45 -37
data/metasm/cpu/ia32/main.rb +10 -0
data/metasm/cpu/ia32/parse.rb +6 -0
data/metasm/cpu/mcs51/decode.rb +1 -1
data/metasm/cpu/mcs51/main.rb +11 -0
data/metasm/cpu/mips/decode.rb +8 -18
data/metasm/cpu/mips/main.rb +3 -3
data/metasm/cpu/mips/opcodes.rb +1 -1
data/metasm/cpu/msp430/decode.rb +2 -6
data/metasm/cpu/msp430/main.rb +3 -3
data/metasm/cpu/openrisc.rb +11 -0
data/metasm/cpu/openrisc/debug.rb +106 -0
data/metasm/cpu/openrisc/decode.rb +182 -0
data/metasm/cpu/openrisc/decompile.rb +350 -0
data/metasm/cpu/openrisc/main.rb +70 -0
data/metasm/cpu/openrisc/opcodes.rb +109 -0
data/metasm/cpu/openrisc/render.rb +37 -0
data/metasm/cpu/ppc/decode.rb +0 -25
data/metasm/cpu/ppc/main.rb +6 -6
data/metasm/cpu/ppc/opcodes.rb +3 -4
data/metasm/cpu/python/decode.rb +0 -20
data/metasm/cpu/python/main.rb +1 -1
data/metasm/cpu/sh4/decode.rb +2 -6
data/metasm/cpu/sh4/main.rb +25 -23
data/metasm/cpu/st20/decode.rb +0 -7
data/metasm/cpu/webasm.rb +11 -0
data/metasm/cpu/webasm/debug.rb +31 -0
data/metasm/cpu/webasm/decode.rb +321 -0
data/metasm/cpu/webasm/decompile.rb +386 -0
data/metasm/cpu/webasm/encode.rb +104 -0
data/metasm/cpu/webasm/main.rb +81 -0
data/metasm/cpu/webasm/opcodes.rb +214 -0
data/metasm/cpu/x86_64/compile_c.rb +13 -9
data/metasm/cpu/x86_64/parse.rb +1 -1
data/metasm/cpu/z80/decode.rb +0 -27
data/metasm/cpu/z80/main.rb +3 -3
data/metasm/cpu/z80/render.rb +0 -11
data/metasm/debug.rb +43 -8
data/metasm/decode.rb +62 -14
data/metasm/decompile.rb +793 -466
data/metasm/disassemble.rb +188 -131
data/metasm/disassemble_api.rb +30 -17
data/metasm/dynldr.rb +2 -2
data/metasm/encode.rb +8 -2
data/metasm/exe_format/autoexe.rb +2 -0
data/metasm/exe_format/coff.rb +21 -3
data/metasm/exe_format/coff_decode.rb +12 -0
data/metasm/exe_format/coff_encode.rb +6 -3
data/metasm/exe_format/dex.rb +13 -3
data/metasm/exe_format/elf.rb +12 -2
data/metasm/exe_format/elf_decode.rb +59 -1
data/metasm/exe_format/main.rb +2 -0
data/metasm/exe_format/mz.rb +1 -0
data/metasm/exe_format/pe.rb +25 -3
data/metasm/exe_format/wasm.rb +402 -0
data/metasm/gui/dasm_decomp.rb +171 -95
data/metasm/gui/dasm_graph.rb +61 -2
data/metasm/gui/dasm_hex.rb +2 -2
data/metasm/gui/dasm_main.rb +45 -19
data/metasm/gui/debug.rb +13 -4
data/metasm/gui/gtk.rb +12 -4
data/metasm/main.rb +108 -103
data/metasm/os/emulator.rb +175 -0
data/metasm/os/main.rb +11 -6
data/metasm/parse.rb +23 -12
data/metasm/parse_c.rb +189 -135
data/metasm/preprocessor.rb +16 -1
data/misc/openrisc-parser.rb +79 -0
data/samples/dasm-plugins/scanxrefs.rb +6 -4
data/samples/dasm-plugins/selfmodify.rb +8 -8
data/samples/dbg-plugins/trace_func.rb +1 -1
data/samples/disassemble-gui.rb +14 -3
data/samples/emubios.rb +251 -0
data/samples/emudbg.rb +127 -0
data/samples/lindebug.rb +79 -78
data/samples/metasm-shell.rb +8 -8
data/tests/all.rb +1 -1
data/tests/expression.rb +2 -0
data/tests/graph_layout.rb +1 -1
data/tests/ia32.rb +1 -0
data/tests/mips.rb +1 -1
data/tests/preprocessor.rb +18 -0
metadata +124 -6
metadata.gz.sig +0 -0

data/metasm/cpu/openrisc/decompile.rb ADDED

@@ -0,0 +1,350 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/openrisc/main'
+module Metasm
+class OpenRisc
+	# temporarily setup dasm.address_binding so that backtracking
+	# stack-related offsets resolve in :frameptr (relative to func start)
+	def decompile_makestackvars(dasm, funcstart, blocks)
+		oldfuncbd = dasm.address_binding[funcstart]
+		dasm.address_binding[funcstart] = { :r1 => :frameptr }
+		blocks.each { |block| yield block }
+		dasm.address_binding[funcstart] = oldfuncbd if oldfuncbd
+	end
+	# add di-specific registry written/accessed
+	def decompile_func_finddeps_di(dcmp, func, di, a, w)
+		a << abi_funcall[:retval] if di.instruction.to_s == 'jr r9' and (not func.type.kind_of?(C::BaseType) or func.type.type.name != :void)	# standard ABI
+	end
+	# list of register symbols
+	def register_symbols
+		@dbg_register_list ||= (1..31).to_a.map { |i| "r#{i}".to_sym }
+	end
+	# returns a hash { :retval => r, :changed => [] }
+	def abi_funcall
+		{ :retval => :r11, :changed => [3, 4, 5, 6, 7, 8, 11, 12, 13, 15, 17, 19, 21, 23, 25, 27, 29, 31].map { |n| "r#{n}".to_sym }, :args => [:r3, :r4, :r5, :r6, :r7, :r8] }
+	end
+	# list variable dependency for each block, remove useless writes
+	# returns { blockaddr => [list of vars that are needed by a following block] }
+	def decompile_func_finddeps(dcmp, blocks, func)
+		deps_r = {} ; deps_w = {} ; deps_to = {}
+		deps_subfunc = {}	# things read/written by subfuncs
+		# find read/writes by each block
+		blocks.each { |b, to|
+			deps_r[b] = [] ; deps_w[b] = [] ; deps_to[b] = to
+			deps_subfunc[b] = []
+			blk = dcmp.dasm.decoded[b].block
+			blk.list.each { |di|
+				a = di.backtrace_binding.values
+				w = []
+				di.backtrace_binding.keys.each { |k|
+					case k
+					when ::Symbol; w |= [k]
+					else a |= Expression[k].externals	# if dword [eax] <- 42, eax is read
+					end
+				}
+				decompile_func_finddeps_di(dcmp, func, di, a, w)
+				deps_r[b] |= a.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown] - deps_w[b]
+				deps_w[b] |= w.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown]
+			}
+			subfunccall = false
+			blk.each_to_normal { |t|
+				t = dcmp.backtrace_target(t, blk.list.last.address)
+				next if not t = dcmp.c_parser.toplevel.symbol[t]
+				t.type = C::Function.new(C::BaseType.new(:int)) if not t.type.kind_of?(C::Function)	# XXX this may seem a bit extreme, and yes, it is.
+				subfunccall = true
+				t.type.args.to_a.each { |arg|
+					if reg = arg.has_attribute('register')
+						deps_subfunc[b] |= [reg.to_sym]
+					end
+				}
+			}
+			if subfunccall	# last block instr == subfunction call
+				deps_r[b] |= deps_subfunc[b] - deps_w[b]
+				deps_w[b] |= abi_funcall[:changed]
+			end
+		}
+		bt = blocks.transpose
+		roots = bt[0] - bt[1].flatten	# XXX jmp 1stblock ?
+		# find regs read and never written (must have been set by caller and are part of the func ABI)
+		uninitialized = lambda { |b, r, done|
+			if not deps_r[b]
+			elsif deps_r[b].include?(r)
+				blk = dcmp.dasm.decoded[b].block
+				bw = []
+				rdi = blk.list.find { |di|
+					a = di.backtrace_binding.values
+					w = []
+					di.backtrace_binding.keys.each { |k|
+						case k
+						when ::Symbol; w |= [k]
+						else a |= Expression[k].externals	# if dword [eax] <- 42, eax is read
+						end
+					}
+					decompile_func_finddeps_di(dcmp, func, di, a, w)
+					next true if (a.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown] - bw).include?(r)
+					bw |= w.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown]
+					false
+				}
+				if decompile_func_abi_fcallret(r, rdi, blk)
+					func.type.type = C::BaseType.new(:void)
+					false
+				elsif rdi and rdi.backtrace_binding[r]
+					false	# mov al, 42 ; ret  -> don't regarg eax
+				else
+					true
+				end
+			elsif deps_w[b].include?(r)
+			else
+				done << b
+				(deps_to[b] - done).find { |tb| uninitialized[tb, r, done] }
+			end
+		}
+		regargs = []
+		register_symbols.each { |r|
+			if roots.find { |root| uninitialized[root, r, []] }
+				regargs << r
+			end
+		}
+		# TODO honor user-defined prototype if available (eg no, really, eax is not read in this function returning al)
+		regargs.sort_by { |r| r.to_s }.each { |r|
+			a = C::Variable.new(r.to_s, C::BaseType.new(:int, :unsigned))
+			a.add_attribute("register(#{r})")
+			func.type.args << a
+		}
+		# remove writes from a block if no following block read the value
+		dw = {}
+		deps_w.each { |b, deps|
+			dw[b] = deps.reject { |dep|
+				ret = true
+				done = []
+				todo = deps_to[b].dup
+				while a = todo.pop
+					next if done.include?(a)
+					done << a
+					if not deps_r[a] or deps_r[a].include?(dep)
+						ret = false
+						break
+					elsif not deps_w[a].include?(dep)
+						todo.concat deps_to[a]
+					end
+				end
+				ret
+			}
+		}
+		dw
+	end
+	# return true if r is the implicit register read made by the subfunction return instruction to symbolize the return value ABI
+	def decompile_func_abi_fcallret(r, rdi, blk)
+		rdi ||= blk.list[-1-@delay_slot]
+		return if not rdi
+		r == abi_funcall[:retval] and rdi.instruction.to_s == 'jr r9'
+	end
+	def decompile_blocks(dcmp, myblocks, deps, func, nextaddr = nil)
+		scope = func.initializer
+		func.type.args.each { |a| scope.symbol[a.name] = a }
+		stmts = scope.statements
+		blocks_toclean = myblocks.dup
+		func_entry = myblocks.first[0]
+		until myblocks.empty?
+			b, to = myblocks.shift
+			if l = dcmp.dasm.get_label_at(b)
+				stmts << C::Label.new(l)
+			end
+			# list of assignments [[dest reg, expr assigned]]
+			ops = []
+			# reg binding (reg => value, values.externals = regs at block start)
+			binding = {}
+			# Expr => CExpr
+			ce  = lambda { |*e| dcmp.decompile_cexpr(Expression[Expression[*e].reduce], scope) }
+			# Expr => Expr.bind(binding) => CExpr
+			ceb = lambda { |*e| ce[Expression[*e].bind(binding)] }
+			# dumps a CExprs that implements an assignment to a reg (uses ops[], patches op => [reg, nil])
+			commit = lambda {
+				deps[b].map { |k|
+					[k, ops.rindex(ops.reverse.find { |r, v| r == k })]
+				}.sort_by { |k, i| i.to_i }.each { |k, i|
+					next if not i or not binding[k]
+					e = k
+					final = []
+					ops[0..i].reverse_each { |r, v|
+						final << r if not v
+						e = Expression[e].bind(r => v).reduce if not final.include?(r)
+					}
+					ops[i][1] = nil
+					binding.delete k
+					stmts << ce[k, :'=', e] if k != e
+				}
+			}
+			# returns an array to use as funcall arguments
+			get_func_args = lambda { |di, f|
+				# XXX see remarks in #finddeps
+				args_todo = f.type.args.to_a.dup
+				args = []
+				args_abi = abi_funcall[:args].dup
+				args_todo.each { |a_|
+					if r = a_.has_attribute_var('register')
+						args << Expression[r.to_sym]
+						args_abi.delete r.to_sym
+					else
+						args << Expression[args_abi.shift]
+					end
+				}
+				if f.type.varargs
+					nargs = 1
+					if f.type.args.last.type.pointer?
+						# check if last arg is a fmtstring
+						bt = dcmp.dasm.backtrace(args.last, di.block.list.last.address, :snapshot_addr => func_entry, :include_start => true)
+						if bt.length == 1 and s = dcmp.dasm.get_section_at(bt.first)
+							fmt = s[0].read(512)
+							fmt = fmt.unpack('v*').pack('C*') if dcmp.sizeof(f.type.args.last.type.untypedef.type) == 2
+							if fmt.index(?\0)
+								fmt = fmt[0...fmt.index(?\0)]
+								nargs = fmt.gsub('%%', '').count('%')	# XXX %.*s etc..
+							end
+						end
+					end
+					bt = dcmp.dasm.backtrace(:r1, di.block.list.last.address, :snapshot_addr => func_entry, :include_start => true)
+					stackoff = Expression[bt, :-, :r1].bind(:r1 => :frameptr).reduce rescue nil
+					if stackoff and nargs > 0
+						nargs.times {
+							args << Indirection[[:frameptr, :+, stackoff], @size/8]
+							stackoff += @size/8
+						}
+					end
+				end
+				args.map { |e| ceb[e] }
+			}
+			# go !
+			di_list = dcmp.dasm.decoded[b].block.list.dup
+			if di_list[-2] and di_list[-2].opcode.props[:setip] and @delay_slot > 0
+				di_list[-1], di_list[-2] = di_list[-2], di_list[-1]
+			end
+			di_list.each { |di|
+				if di.opcode.props[:setip] and not di.opcode.props[:stopexec]
+					# conditional jump
+					commit[]
+					n = dcmp.backtrace_target(get_xrefs_x(dcmp.dasm, di).first, di.address)
+					if di.opcode.name == /bfeq/
+						cc = ceb[:flag]
+					else
+						cc = ceb[:!, :flag]
+					end
+					# XXX switch/indirect/multiple jmp
+					stmts << C::If.new(C::CExpression[cc], C::Goto.new(n))
+					to.delete dcmp.dasm.normalize(n)
+					next
+				end
+				if di.instruction.to_s == 'jr r9'
+					commit[]
+					ret = C::CExpression[ceb[abi_funcall[:retval]]] unless func.type.type.kind_of?(C::BaseType) and func.type.type.name == :void
+					stmts << C::Return.new(ret)
+				elsif di.opcode.name == 'jal' or di.opcode.name == 'jalr'
+					n = dcmp.backtrace_target(get_xrefs_x(dcmp.dasm, di).first, di.address)
+					args = []
+					if f = dcmp.c_parser.toplevel.symbol[n] and f.type.kind_of?(C::Function) and f.type.args
+						args = get_func_args[di, f]
+					end
+					commit[]
+					#next if not di.block.to_subfuncret
+					if not n.kind_of?(::String) or (f and not f.type.kind_of?(C::Function))
+						# indirect funcall
+						fptr = ceb[n]
+						binding.delete n
+						proto = C::Function.new(C::BaseType.new(:int))
+						proto = f.type if f and f.type.kind_of?(C::Function)
+						f = C::CExpression[[fptr], C::Pointer.new(proto)]
+					elsif not f
+						# internal functions are predeclared, so this one is extern
+						f = C::Variable.new
+						f.name = n
+						f.type = C::Function.new(C::BaseType.new(:int))
+						if dcmp.recurse > 0
+							dcmp.c_parser.toplevel.symbol[n] = f
+							dcmp.c_parser.toplevel.statements << C::Declaration.new(f)
+						end
+					end
+					commit[]
+					binding.delete abi_funcall[:retval]
+					e = C::CExpression[f, :funcall, args]
+					e = C::CExpression[ce[abi_funcall[:retval]], :'=', e, f.type.type] if deps[b].include?(abi_funcall[:retval]) and f.type.type != C::BaseType.new(:void)
+					stmts << e
+				else
+					bd = get_fwdemu_binding(di)
+					if di.backtrace_binding[:incomplete_binding]
+						commit[]
+						stmts << C::Asm.new(di.instruction.to_s, nil, nil, nil, nil, nil)
+					else
+						update = {}
+						bd.each { |k, v|
+							if k.kind_of?(::Symbol) and not deps[b].include?(k)
+								ops << [k, v]
+								update[k] = Expression[Expression[v].bind(binding).reduce]
+							else
+								stmts << ceb[k, :'=', v]
+								stmts.pop if stmts.last.kind_of?(C::Variable)	# [:eflag_s, :=, :unknown].reduce
+							end
+						}
+						binding.update update
+					end
+				end
+			}
+			commit[]
+			case to.length
+			when 0
+				if not myblocks.empty? and (dcmp.dasm.decoded[b].block.list[-1-@delay_slot].instruction.to_s != 'jr r9' rescue true)
+					puts "  block #{Expression[b]} has no to and don't end in ret"
+				end
+			when 1
+				if (myblocks.empty? ? nextaddr != to[0] : myblocks.first.first != to[0])
+					stmts << C::Goto.new(dcmp.dasm.auto_label_at(to[0], 'unknown_goto'))
+				end
+			else
+				puts "  block #{Expression[b]} with multiple to"
+			end
+		end
+		# cleanup di.bt_binding (we set :frameptr etc in those, this may confuse the dasm)
+		blocks_toclean.each { |b_, to_|
+			dcmp.dasm.decoded[b_].block.list.each { |di|
+				di.backtrace_binding = nil
+			}
+		}
+	end
+	def decompile_check_abi(dcmp, entry, func)
+		a = func.type.args || []
+		# TODO check abi_funcall[:args], dont delete r4 __unused if r5 is used
+		a.delete_if { |arg| arg.has_attribute_var('register') and arg.has_attribute('unused') }
+	end
+end
+end

data/metasm/cpu/openrisc/main.rb ADDED

@@ -0,0 +1,70 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class OpenRisc < CPU
+	class Reg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(di=nil)
+			if @v != 0 or not di or di.instruction.args[0].object_id == self.object_id
+				"r#@v".to_sym
+			else
+				# r0 is always 0, but we still return :r0 when writing to it (ie its the 1st instr arg)
+				Expression[0]
+			end
+		end
+	end
+	class FpReg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(di=nil) ; "f#@v".to_sym ; end
+	end
+	class Memref
+		attr_accessor :base, :offset, :msz
+		def initialize(base, offset, msz)
+			@base = base
+			@offset = offset
+			@msz = msz
+		end
+		def symbolic(di)
+			p = Expression[@base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p.reduce, @msz, (di.address if di)]
+		end
+	end
+	def initialize(family = :latest, endianness = :big, delay_slot = 1)
+		super()
+		@endianness = endianness
+		@size = 32
+		@family = family
+		@delay_slot = delay_slot
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+	def delay_slot(di=nil)
+		@delay_slot
+	end
+end
+end

data/metasm/cpu/openrisc/opcodes.rb ADDED

@@ -0,0 +1,109 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/openrisc/main'
+module Metasm
+# https://github.com/s-macke/jor1k/blob/master/js/worker/or1k/safecpu.js
+class OpenRisc
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.bin_mask = a if a.kind_of?(Integer)
+			o.args << a if @valid_args[a]
+			o.props.update a if a.kind_of?(::Hash)
+		}
+		@opcode_list << o
+	end
+	def init_or1k
+		@opcode_list = []
+		@valid_args = [ :rA, :rB, :rD, :fA, :fB, :fD, :disp26, :uimm16, :simm16, :uimm5, :rA_simm16, :rA_smoo ].inject({}) { |h, a| h.update a => true }
+		@fields_off = { :rD => 21, :rA => 16, :rB => 11, :disp26 => 0, :uimm16 => 0, :simm16 => 0, :uimm5 => 0, :smoo => 0 }
+		@fields_mask = { :rD => 0x1F, :rA => 0x1F, :rB => 0x1F, :disp26 => 0x3FFFFFF, :simm16 => 0xFFFF, :uimm16 => 0xFFFF, :uimm5 => 0x1F, :smoo => 0x3E007FF }
+		addop 'j',     0x0000_0000, 0x03FF_FFFF, :disp26, :setip => true, :stopexec => true
+		addop 'jal',   0x0400_0000, 0x03FF_FFFF, :disp26, :setip => true, :stopexec => true, :saveip => true
+		addop 'bnf',   0x0C00_0000, 0x03FF_FFFF, :disp26, :setip => true	# branch if not flag
+		addop 'bf',    0x1000_0000, 0x03FF_FFFF, :disp26, :setip => true
+		addop 'nop',   0x1400_0000, 0x03FF_FFFF
+		addop 'movhi', 0x1800_0000, 0x03FE_FFFF, :rD, :uimm16
+		addop 'macrc', 0x1801_0000, 0x03FE_FFFF
+		addop 'trap',  0x2100_0000, 0x0000_FFFF
+		addop 'sys',   0x2000_0000, 0x03FF_FFFF		# args ?
+		addop 'rfe',   0x2400_0000, 0x03FF_FFFF
+		addop 'jr',    0x4400_0000, 0x03FF_FFFF, :rB, :setip => true, :stopexec => true
+		addop 'jalr',  0x4800_0000, 0x03FF_FFFF, :rB, :setip => true, :stopexec => true, :saveip => true
+		addop 'lwa',   0x6C00_0000, 0x03FF_FFFF, :rD, :rA_simm16
+		addop 'lwz',   0x8400_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 4
+		addop 'lbz',   0x8C00_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 1
+		addop 'lbs',   0x9000_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 1	# lbz + sign-expand byte
+		addop 'lhz',   0x9400_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 2
+		addop 'lhs',   0x9800_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 2
+		addop 'add',   0x9C00_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'and',   0xA400_0000, 0x03FF_FFFF, :rD, :rA, :uimm16
+		addop 'or',    0xA800_0000, 0x03FF_FFFF, :rD, :rA, :uimm16
+		addop 'xor',   0xAC00_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'mfspr', 0xB400_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'shl',   0xB800_0000, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'ror',   0xB800_0040, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'sar',   0xB800_0080, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'sfeq',  0xBC00_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfne',  0xBC20_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfgtu', 0xBC40_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfgeu', 0xBC60_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfltu', 0xBC80_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfleu', 0xBCA0_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfgts', 0xBD40_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfges', 0xBD60_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sflts', 0xBD80_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfles', 0xBDA0_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'mtspr', 0xC000_0000, 0x03FF_FFFF, :rA_smoo, :rB		# smoo = (ins & 0x7ff) | ((ins >> 10) & 0xf800) ; setspr((rA|smoo), rB)
+		addop 'add',   0xC800_0000, 0x03FF_FF00, :fD, :fA, :fB		# FPU
+		addop 'sub',   0xC800_0001, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'mul',   0xC800_0002, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'div',   0xC800_0003, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'itof',  0xC800_0004, 0x03FF_FF00, :fD, :rA
+		addop 'ftoi',  0xC800_0005, 0x03FF_FF00, :rD, :fA
+		addop 'madd',  0xC800_0007, 0x03FF_FF00, :fD, :fA, :fB		# fD += fA*fB
+		addop 'sfeq',  0xC800_0008, 0x03FF_FF00, :fA, :fB
+		addop 'sfne',  0xC800_0009, 0x03FF_FF00, :fA, :fB
+		addop 'sfgt',  0xC800_000A, 0x03FF_FF00, :fA, :fB
+		addop 'sfge',  0xC800_000B, 0x03FF_FF00, :fA, :fB
+		addop 'sflt',  0xC800_000C, 0x03FF_FF00, :fA, :fB
+		addop 'sfle',  0xC800_000D, 0x03FF_FF00, :fA, :fB
+		addop 'swa',   0xCC00_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 4	# sw + setf(ra_smoo == current_EA ?)
+		addop 'sw',    0xD400_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 4
+		addop 'sb',    0xD800_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 1
+		addop 'sh',    0xDC00_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 2
+		addop 'add',   0xE000_0000, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'sub',   0xE000_0002, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'and',   0xE000_0003, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'or',    0xE000_0004, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'xor',   0xE000_0005, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'shl',   0xE000_0008, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'ff1',   0xE000_000F, 0x03FF_FC30, :rD, :rA, :rB	# find first bit == 1
+		addop 'shr',   0xE000_0048, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'sar',   0xE000_0088, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'fl1',   0xE000_010F, 0x03FF_FC30, :rD, :rA, :rB	# find last bit
+		addop 'mul',   0xE000_0306, 0x03FF_FC30, :rD, :rA, :rB	# signed multiply ?
+		addop 'div',   0xE000_0309, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'divu',  0xE000_030A, 0x03FF_FC30, :rD, :rA, :rB	# rD = rA&0xffffffff / rB&0xffffffff
+		addop 'sfeq',  0xE400_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfne',  0xE420_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgtu', 0xE440_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgeu', 0xE460_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfltu', 0xE480_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfleu', 0xE4A0_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgts', 0xE540_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfges', 0xE560_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sflts', 0xE580_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfles', 0xE5A0_0000, 0x001F_FFFF, :rA, :rB
+	end
+	alias init_latest init_or1k
+end
+end