RubyGems - metasm - Versions diffs - 1.0.3 → 1.0.4 - Mend

metasm 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +3 -0
data.tar.gz.sig +0 -0
data/Gemfile +3 -2
data/metasm.gemspec +3 -2
data/metasm.rb +4 -1
data/metasm/compile_c.rb +2 -2
data/metasm/cpu/arc/decode.rb +0 -21
data/metasm/cpu/arc/main.rb +4 -4
data/metasm/cpu/arm/decode.rb +1 -5
data/metasm/cpu/arm/main.rb +3 -3
data/metasm/cpu/arm64/decode.rb +2 -6
data/metasm/cpu/arm64/main.rb +5 -5
data/metasm/cpu/bpf/decode.rb +3 -35
data/metasm/cpu/bpf/main.rb +5 -5
data/metasm/cpu/bpf/render.rb +1 -12
data/metasm/cpu/cy16/decode.rb +0 -6
data/metasm/cpu/cy16/main.rb +3 -3
data/metasm/cpu/cy16/render.rb +0 -11
data/metasm/cpu/dalvik/decode.rb +4 -26
data/metasm/cpu/dalvik/main.rb +20 -2
data/metasm/cpu/dalvik/opcodes.rb +3 -2
data/metasm/cpu/{mips/compile_c.rb → ebpf.rb} +5 -2
data/metasm/cpu/ebpf/debug.rb +61 -0
data/metasm/cpu/ebpf/decode.rb +142 -0
data/metasm/cpu/ebpf/main.rb +58 -0
data/metasm/cpu/ebpf/opcodes.rb +97 -0
data/metasm/cpu/ebpf/render.rb +36 -0
data/metasm/cpu/ia32/debug.rb +39 -1
data/metasm/cpu/ia32/decode.rb +111 -90
data/metasm/cpu/ia32/decompile.rb +45 -37
data/metasm/cpu/ia32/main.rb +10 -0
data/metasm/cpu/ia32/parse.rb +6 -0
data/metasm/cpu/mcs51/decode.rb +1 -1
data/metasm/cpu/mcs51/main.rb +11 -0
data/metasm/cpu/mips/decode.rb +8 -18
data/metasm/cpu/mips/main.rb +3 -3
data/metasm/cpu/mips/opcodes.rb +1 -1
data/metasm/cpu/msp430/decode.rb +2 -6
data/metasm/cpu/msp430/main.rb +3 -3
data/metasm/cpu/openrisc.rb +11 -0
data/metasm/cpu/openrisc/debug.rb +106 -0
data/metasm/cpu/openrisc/decode.rb +182 -0
data/metasm/cpu/openrisc/decompile.rb +350 -0
data/metasm/cpu/openrisc/main.rb +70 -0
data/metasm/cpu/openrisc/opcodes.rb +109 -0
data/metasm/cpu/openrisc/render.rb +37 -0
data/metasm/cpu/ppc/decode.rb +0 -25
data/metasm/cpu/ppc/main.rb +6 -6
data/metasm/cpu/ppc/opcodes.rb +3 -4
data/metasm/cpu/python/decode.rb +0 -20
data/metasm/cpu/python/main.rb +1 -1
data/metasm/cpu/sh4/decode.rb +2 -6
data/metasm/cpu/sh4/main.rb +25 -23
data/metasm/cpu/st20/decode.rb +0 -7
data/metasm/cpu/webasm.rb +11 -0
data/metasm/cpu/webasm/debug.rb +31 -0
data/metasm/cpu/webasm/decode.rb +321 -0
data/metasm/cpu/webasm/decompile.rb +386 -0
data/metasm/cpu/webasm/encode.rb +104 -0
data/metasm/cpu/webasm/main.rb +81 -0
data/metasm/cpu/webasm/opcodes.rb +214 -0
data/metasm/cpu/x86_64/compile_c.rb +13 -9
data/metasm/cpu/x86_64/parse.rb +1 -1
data/metasm/cpu/z80/decode.rb +0 -27
data/metasm/cpu/z80/main.rb +3 -3
data/metasm/cpu/z80/render.rb +0 -11
data/metasm/debug.rb +43 -8
data/metasm/decode.rb +62 -14
data/metasm/decompile.rb +793 -466
data/metasm/disassemble.rb +188 -131
data/metasm/disassemble_api.rb +30 -17
data/metasm/dynldr.rb +2 -2
data/metasm/encode.rb +8 -2
data/metasm/exe_format/autoexe.rb +2 -0
data/metasm/exe_format/coff.rb +21 -3
data/metasm/exe_format/coff_decode.rb +12 -0
data/metasm/exe_format/coff_encode.rb +6 -3
data/metasm/exe_format/dex.rb +13 -3
data/metasm/exe_format/elf.rb +12 -2
data/metasm/exe_format/elf_decode.rb +59 -1
data/metasm/exe_format/main.rb +2 -0
data/metasm/exe_format/mz.rb +1 -0
data/metasm/exe_format/pe.rb +25 -3
data/metasm/exe_format/wasm.rb +402 -0
data/metasm/gui/dasm_decomp.rb +171 -95
data/metasm/gui/dasm_graph.rb +61 -2
data/metasm/gui/dasm_hex.rb +2 -2
data/metasm/gui/dasm_main.rb +45 -19
data/metasm/gui/debug.rb +13 -4
data/metasm/gui/gtk.rb +12 -4
data/metasm/main.rb +108 -103
data/metasm/os/emulator.rb +175 -0
data/metasm/os/main.rb +11 -6
data/metasm/parse.rb +23 -12
data/metasm/parse_c.rb +189 -135
data/metasm/preprocessor.rb +16 -1
data/misc/openrisc-parser.rb +79 -0
data/samples/dasm-plugins/scanxrefs.rb +6 -4
data/samples/dasm-plugins/selfmodify.rb +8 -8
data/samples/dbg-plugins/trace_func.rb +1 -1
data/samples/disassemble-gui.rb +14 -3
data/samples/emubios.rb +251 -0
data/samples/emudbg.rb +127 -0
data/samples/lindebug.rb +79 -78
data/samples/metasm-shell.rb +8 -8
data/tests/all.rb +1 -1
data/tests/expression.rb +2 -0
data/tests/graph_layout.rb +1 -1
data/tests/ia32.rb +1 -0
data/tests/mips.rb +1 -1
data/tests/preprocessor.rb +18 -0
metadata +124 -6
metadata.gz.sig +0 -0

data/metasm/cpu/openrisc/decompile.rb ADDED

@@ -0,0 +1,350 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/openrisc/main'
+module Metasm
+class OpenRisc
+	# temporarily setup dasm.address_binding so that backtracking
+	# stack-related offsets resolve in :frameptr (relative to func start)
+	def decompile_makestackvars(dasm, funcstart, blocks)
+		oldfuncbd = dasm.address_binding[funcstart]
+		dasm.address_binding[funcstart] = { :r1 => :frameptr }
+		blocks.each { |block| yield block }
+		dasm.address_binding[funcstart] = oldfuncbd if oldfuncbd
+	end
+	# add di-specific registry written/accessed
+	def decompile_func_finddeps_di(dcmp, func, di, a, w)
+		a << abi_funcall[:retval] if di.instruction.to_s == 'jr r9' and (not func.type.kind_of?(C::BaseType) or func.type.type.name != :void)	# standard ABI
+	end
+	# list of register symbols
+	def register_symbols
+		@dbg_register_list ||= (1..31).to_a.map { |i| "r#{i}".to_sym }
+	end
+	# returns a hash { :retval => r, :changed => [] }
+	def abi_funcall
+		{ :retval => :r11, :changed => [3, 4, 5, 6, 7, 8, 11, 12, 13, 15, 17, 19, 21, 23, 25, 27, 29, 31].map { |n| "r#{n}".to_sym }, :args => [:r3, :r4, :r5, :r6, :r7, :r8] }
+	end
+	# list variable dependency for each block, remove useless writes
+	# returns { blockaddr => [list of vars that are needed by a following block] }
+	def decompile_func_finddeps(dcmp, blocks, func)
+		deps_r = {} ; deps_w = {} ; deps_to = {}
+		deps_subfunc = {}	# things read/written by subfuncs
+		# find read/writes by each block
+		blocks.each { |b, to|
+			deps_r[b] = [] ; deps_w[b] = [] ; deps_to[b] = to
+			deps_subfunc[b] = []
+			blk = dcmp.dasm.decoded[b].block
+			blk.list.each { |di|
+				a = di.backtrace_binding.values
+				w = []
+				di.backtrace_binding.keys.each { |k|
+					case k
+					when ::Symbol; w |= [k]
+					else a |= Expression[k].externals	# if dword [eax] <- 42, eax is read
+					end
+				}
+				decompile_func_finddeps_di(dcmp, func, di, a, w)
+				deps_r[b] |= a.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown] - deps_w[b]
+				deps_w[b] |= w.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown]
+			}
+			subfunccall = false
+			blk.each_to_normal { |t|
+				t = dcmp.backtrace_target(t, blk.list.last.address)
+				next if not t = dcmp.c_parser.toplevel.symbol[t]
+				t.type = C::Function.new(C::BaseType.new(:int)) if not t.type.kind_of?(C::Function)	# XXX this may seem a bit extreme, and yes, it is.
+				subfunccall = true
+				t.type.args.to_a.each { |arg|
+					if reg = arg.has_attribute('register')
+						deps_subfunc[b] |= [reg.to_sym]
+					end
+				}
+			}
+			if subfunccall	# last block instr == subfunction call
+				deps_r[b] |= deps_subfunc[b] - deps_w[b]
+				deps_w[b] |= abi_funcall[:changed]
+			end
+		}
+		bt = blocks.transpose
+		roots = bt[0] - bt[1].flatten	# XXX jmp 1stblock ?
+		# find regs read and never written (must have been set by caller and are part of the func ABI)
+		uninitialized = lambda { |b, r, done|
+			if not deps_r[b]
+			elsif deps_r[b].include?(r)
+				blk = dcmp.dasm.decoded[b].block
+				bw = []
+				rdi = blk.list.find { |di|
+					a = di.backtrace_binding.values
+					w = []
+					di.backtrace_binding.keys.each { |k|
+						case k
+						when ::Symbol; w |= [k]
+						else a |= Expression[k].externals	# if dword [eax] <- 42, eax is read
+						end
+					}
+					decompile_func_finddeps_di(dcmp, func, di, a, w)
+					next true if (a.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown] - bw).include?(r)
+					bw |= w.map { |ee| Expression[ee].externals.grep(::Symbol) }.flatten - [:unknown]
+					false
+				}
+				if decompile_func_abi_fcallret(r, rdi, blk)
+					func.type.type = C::BaseType.new(:void)
+					false
+				elsif rdi and rdi.backtrace_binding[r]
+					false	# mov al, 42 ; ret  -> don't regarg eax
+				else
+					true
+				end
+			elsif deps_w[b].include?(r)
+			else
+				done << b
+				(deps_to[b] - done).find { |tb| uninitialized[tb, r, done] }
+			end
+		}
+		regargs = []
+		register_symbols.each { |r|
+			if roots.find { |root| uninitialized[root, r, []] }
+				regargs << r
+			end
+		}
+		# TODO honor user-defined prototype if available (eg no, really, eax is not read in this function returning al)
+		regargs.sort_by { |r| r.to_s }.each { |r|
+			a = C::Variable.new(r.to_s, C::BaseType.new(:int, :unsigned))
+			a.add_attribute("register(#{r})")
+			func.type.args << a
+		}
+		# remove writes from a block if no following block read the value
+		dw = {}
+		deps_w.each { |b, deps|
+			dw[b] = deps.reject { |dep|
+				ret = true
+				done = []
+				todo = deps_to[b].dup
+				while a = todo.pop
+					next if done.include?(a)
+					done << a
+					if not deps_r[a] or deps_r[a].include?(dep)
+						ret = false
+						break
+					elsif not deps_w[a].include?(dep)
+						todo.concat deps_to[a]
+					end
+				end
+				ret
+			}
+		}
+		dw
+	end
+	# return true if r is the implicit register read made by the subfunction return instruction to symbolize the return value ABI
+	def decompile_func_abi_fcallret(r, rdi, blk)
+		rdi ||= blk.list[-1-@delay_slot]
+		return if not rdi
+		r == abi_funcall[:retval] and rdi.instruction.to_s == 'jr r9'
+	end
+	def decompile_blocks(dcmp, myblocks, deps, func, nextaddr = nil)
+		scope = func.initializer
+		func.type.args.each { |a| scope.symbol[a.name] = a }
+		stmts = scope.statements
+		blocks_toclean = myblocks.dup
+		func_entry = myblocks.first[0]
+		until myblocks.empty?
+			b, to = myblocks.shift
+			if l = dcmp.dasm.get_label_at(b)
+				stmts << C::Label.new(l)
+			end
+			# list of assignments [[dest reg, expr assigned]]
+			ops = []
+			# reg binding (reg => value, values.externals = regs at block start)
+			binding = {}
+			# Expr => CExpr
+			ce  = lambda { |*e| dcmp.decompile_cexpr(Expression[Expression[*e].reduce], scope) }
+			# Expr => Expr.bind(binding) => CExpr
+			ceb = lambda { |*e| ce[Expression[*e].bind(binding)] }
+			# dumps a CExprs that implements an assignment to a reg (uses ops[], patches op => [reg, nil])
+			commit = lambda {
+				deps[b].map { |k|
+					[k, ops.rindex(ops.reverse.find { |r, v| r == k })]
+				}.sort_by { |k, i| i.to_i }.each { |k, i|
+					next if not i or not binding[k]
+					e = k
+					final = []
+					ops[0..i].reverse_each { |r, v|
+						final << r if not v
+						e = Expression[e].bind(r => v).reduce if not final.include?(r)
+					}
+					ops[i][1] = nil
+					binding.delete k
+					stmts << ce[k, :'=', e] if k != e
+				}
+			}
+			# returns an array to use as funcall arguments
+			get_func_args = lambda { |di, f|
+				# XXX see remarks in #finddeps
+				args_todo = f.type.args.to_a.dup
+				args = []
+				args_abi = abi_funcall[:args].dup
+				args_todo.each { |a_|
+					if r = a_.has_attribute_var('register')
+						args << Expression[r.to_sym]
+						args_abi.delete r.to_sym
+					else
+						args << Expression[args_abi.shift]
+					end
+				}
+				if f.type.varargs
+					nargs = 1
+					if f.type.args.last.type.pointer?
+						# check if last arg is a fmtstring
+						bt = dcmp.dasm.backtrace(args.last, di.block.list.last.address, :snapshot_addr => func_entry, :include_start => true)
+						if bt.length == 1 and s = dcmp.dasm.get_section_at(bt.first)
+							fmt = s[0].read(512)
+							fmt = fmt.unpack('v*').pack('C*') if dcmp.sizeof(f.type.args.last.type.untypedef.type) == 2
+							if fmt.index(?\0)
+								fmt = fmt[0...fmt.index(?\0)]
+								nargs = fmt.gsub('%%', '').count('%')	# XXX %.*s etc..
+							end
+						end
+					end
+					bt = dcmp.dasm.backtrace(:r1, di.block.list.last.address, :snapshot_addr => func_entry, :include_start => true)
+					stackoff = Expression[bt, :-, :r1].bind(:r1 => :frameptr).reduce rescue nil
+					if stackoff and nargs > 0
+						nargs.times {
+							args << Indirection[[:frameptr, :+, stackoff], @size/8]
+							stackoff += @size/8
+						}
+					end
+				end
+				args.map { |e| ceb[e] }
+			}
+			# go !
+			di_list = dcmp.dasm.decoded[b].block.list.dup
+			if di_list[-2] and di_list[-2].opcode.props[:setip] and @delay_slot > 0
+				di_list[-1], di_list[-2] = di_list[-2], di_list[-1]
+			end
+			di_list.each { |di|
+				if di.opcode.props[:setip] and not di.opcode.props[:stopexec]
+					# conditional jump
+					commit[]
+					n = dcmp.backtrace_target(get_xrefs_x(dcmp.dasm, di).first, di.address)
+					if di.opcode.name == /bfeq/
+						cc = ceb[:flag]
+					else
+						cc = ceb[:!, :flag]
+					end
+					# XXX switch/indirect/multiple jmp
+					stmts << C::If.new(C::CExpression[cc], C::Goto.new(n))
+					to.delete dcmp.dasm.normalize(n)
+					next
+				end
+				if di.instruction.to_s == 'jr r9'
+					commit[]
+					ret = C::CExpression[ceb[abi_funcall[:retval]]] unless func.type.type.kind_of?(C::BaseType) and func.type.type.name == :void
+					stmts << C::Return.new(ret)
+				elsif di.opcode.name == 'jal' or di.opcode.name == 'jalr'
+					n = dcmp.backtrace_target(get_xrefs_x(dcmp.dasm, di).first, di.address)
+					args = []
+					if f = dcmp.c_parser.toplevel.symbol[n] and f.type.kind_of?(C::Function) and f.type.args
+						args = get_func_args[di, f]
+					end
+					commit[]
+					#next if not di.block.to_subfuncret
+					if not n.kind_of?(::String) or (f and not f.type.kind_of?(C::Function))
+						# indirect funcall
+						fptr = ceb[n]
+						binding.delete n
+						proto = C::Function.new(C::BaseType.new(:int))
+						proto = f.type if f and f.type.kind_of?(C::Function)
+						f = C::CExpression[[fptr], C::Pointer.new(proto)]
+					elsif not f
+						# internal functions are predeclared, so this one is extern
+						f = C::Variable.new
+						f.name = n
+						f.type = C::Function.new(C::BaseType.new(:int))
+						if dcmp.recurse > 0
+							dcmp.c_parser.toplevel.symbol[n] = f
+							dcmp.c_parser.toplevel.statements << C::Declaration.new(f)
+						end
+					end
+					commit[]
+					binding.delete abi_funcall[:retval]
+					e = C::CExpression[f, :funcall, args]
+					e = C::CExpression[ce[abi_funcall[:retval]], :'=', e, f.type.type] if deps[b].include?(abi_funcall[:retval]) and f.type.type != C::BaseType.new(:void)
+					stmts << e
+				else
+					bd = get_fwdemu_binding(di)
+					if di.backtrace_binding[:incomplete_binding]
+						commit[]
+						stmts << C::Asm.new(di.instruction.to_s, nil, nil, nil, nil, nil)
+					else
+						update = {}
+						bd.each { |k, v|
+							if k.kind_of?(::Symbol) and not deps[b].include?(k)
+								ops << [k, v]
+								update[k] = Expression[Expression[v].bind(binding).reduce]
+							else
+								stmts << ceb[k, :'=', v]
+								stmts.pop if stmts.last.kind_of?(C::Variable)	# [:eflag_s, :=, :unknown].reduce
+							end
+						}
+						binding.update update
+					end
+				end
+			}
+			commit[]
+			case to.length
+			when 0
+				if not myblocks.empty? and (dcmp.dasm.decoded[b].block.list[-1-@delay_slot].instruction.to_s != 'jr r9' rescue true)
+					puts "  block #{Expression[b]} has no to and don't end in ret"
+				end
+			when 1
+				if (myblocks.empty? ? nextaddr != to[0] : myblocks.first.first != to[0])
+					stmts << C::Goto.new(dcmp.dasm.auto_label_at(to[0], 'unknown_goto'))
+				end
+			else
+				puts "  block #{Expression[b]} with multiple to"
+			end
+		end
+		# cleanup di.bt_binding (we set :frameptr etc in those, this may confuse the dasm)
+		blocks_toclean.each { |b_, to_|
+			dcmp.dasm.decoded[b_].block.list.each { |di|
+				di.backtrace_binding = nil
+			}
+		}
+	end
+	def decompile_check_abi(dcmp, entry, func)
+		a = func.type.args || []
+		# TODO check abi_funcall[:args], dont delete r4 __unused if r5 is used
+		a.delete_if { |arg| arg.has_attribute_var('register') and arg.has_attribute('unused') }
+	end
+end
+end

data/metasm/cpu/openrisc/main.rb ADDED

@@ -0,0 +1,70 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/main'
+module Metasm
+class OpenRisc < CPU
+	class Reg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(di=nil)
+			if @v != 0 or not di or di.instruction.args[0].object_id == self.object_id
+				"r#@v".to_sym
+			else
+				# r0 is always 0, but we still return :r0 when writing to it (ie its the 1st instr arg)
+				Expression[0]
+			end
+		end
+	end
+	class FpReg
+		attr_accessor :v
+		def initialize(v)
+			@v = v
+		end
+		def symbolic(di=nil) ; "f#@v".to_sym ; end
+	end
+	class Memref
+		attr_accessor :base, :offset, :msz
+		def initialize(base, offset, msz)
+			@base = base
+			@offset = offset
+			@msz = msz
+		end
+		def symbolic(di)
+			p = Expression[@base.symbolic] if base
+			p = Expression[p, :+, @offset] if offset
+			Indirection[p.reduce, @msz, (di.address if di)]
+		end
+	end
+	def initialize(family = :latest, endianness = :big, delay_slot = 1)
+		super()
+		@endianness = endianness
+		@size = 32
+		@family = family
+		@delay_slot = delay_slot
+	end
+	def init_opcode_list
+		send("init_#@family")
+		@opcode_list
+	end
+	def delay_slot(di=nil)
+		@delay_slot
+	end
+end
+end

data/metasm/cpu/openrisc/opcodes.rb ADDED

@@ -0,0 +1,109 @@
+#    This file is part of Metasm, the Ruby assembly manipulation suite
+#    Copyright (C) 2006-2009 Yoann GUILLOT
+#
+#    Licence is LGPL, see LICENCE in the top-level directory
+require 'metasm/cpu/openrisc/main'
+module Metasm
+# https://github.com/s-macke/jor1k/blob/master/js/worker/or1k/safecpu.js
+class OpenRisc
+	def addop(name, bin, *args)
+		o = Opcode.new name, bin
+		args.each { |a|
+			o.bin_mask = a if a.kind_of?(Integer)
+			o.args << a if @valid_args[a]
+			o.props.update a if a.kind_of?(::Hash)
+		}
+		@opcode_list << o
+	end
+	def init_or1k
+		@opcode_list = []
+		@valid_args = [ :rA, :rB, :rD, :fA, :fB, :fD, :disp26, :uimm16, :simm16, :uimm5, :rA_simm16, :rA_smoo ].inject({}) { |h, a| h.update a => true }
+		@fields_off = { :rD => 21, :rA => 16, :rB => 11, :disp26 => 0, :uimm16 => 0, :simm16 => 0, :uimm5 => 0, :smoo => 0 }
+		@fields_mask = { :rD => 0x1F, :rA => 0x1F, :rB => 0x1F, :disp26 => 0x3FFFFFF, :simm16 => 0xFFFF, :uimm16 => 0xFFFF, :uimm5 => 0x1F, :smoo => 0x3E007FF }
+		addop 'j',     0x0000_0000, 0x03FF_FFFF, :disp26, :setip => true, :stopexec => true
+		addop 'jal',   0x0400_0000, 0x03FF_FFFF, :disp26, :setip => true, :stopexec => true, :saveip => true
+		addop 'bnf',   0x0C00_0000, 0x03FF_FFFF, :disp26, :setip => true	# branch if not flag
+		addop 'bf',    0x1000_0000, 0x03FF_FFFF, :disp26, :setip => true
+		addop 'nop',   0x1400_0000, 0x03FF_FFFF
+		addop 'movhi', 0x1800_0000, 0x03FE_FFFF, :rD, :uimm16
+		addop 'macrc', 0x1801_0000, 0x03FE_FFFF
+		addop 'trap',  0x2100_0000, 0x0000_FFFF
+		addop 'sys',   0x2000_0000, 0x03FF_FFFF		# args ?
+		addop 'rfe',   0x2400_0000, 0x03FF_FFFF
+		addop 'jr',    0x4400_0000, 0x03FF_FFFF, :rB, :setip => true, :stopexec => true
+		addop 'jalr',  0x4800_0000, 0x03FF_FFFF, :rB, :setip => true, :stopexec => true, :saveip => true
+		addop 'lwa',   0x6C00_0000, 0x03FF_FFFF, :rD, :rA_simm16
+		addop 'lwz',   0x8400_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 4
+		addop 'lbz',   0x8C00_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 1
+		addop 'lbs',   0x9000_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 1	# lbz + sign-expand byte
+		addop 'lhz',   0x9400_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 2
+		addop 'lhs',   0x9800_0000, 0x03FF_FFFF, :rD, :rA_simm16, :memsz => 2
+		addop 'add',   0x9C00_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'and',   0xA400_0000, 0x03FF_FFFF, :rD, :rA, :uimm16
+		addop 'or',    0xA800_0000, 0x03FF_FFFF, :rD, :rA, :uimm16
+		addop 'xor',   0xAC00_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'mfspr', 0xB400_0000, 0x03FF_FFFF, :rD, :rA, :simm16
+		addop 'shl',   0xB800_0000, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'ror',   0xB800_0040, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'sar',   0xB800_0080, 0x03FF_FF3F, :rD, :rA, :uimm5
+		addop 'sfeq',  0xBC00_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfne',  0xBC20_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfgtu', 0xBC40_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfgeu', 0xBC60_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfltu', 0xBC80_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfleu', 0xBCA0_0000, 0x001F_FFFF, :rA, :uimm16
+		addop 'sfgts', 0xBD40_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfges', 0xBD60_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sflts', 0xBD80_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'sfles', 0xBDA0_0000, 0x001F_FFFF, :rA, :simm16
+		addop 'mtspr', 0xC000_0000, 0x03FF_FFFF, :rA_smoo, :rB		# smoo = (ins & 0x7ff) | ((ins >> 10) & 0xf800) ; setspr((rA|smoo), rB)
+		addop 'add',   0xC800_0000, 0x03FF_FF00, :fD, :fA, :fB		# FPU
+		addop 'sub',   0xC800_0001, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'mul',   0xC800_0002, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'div',   0xC800_0003, 0x03FF_FF00, :fD, :fA, :fB
+		addop 'itof',  0xC800_0004, 0x03FF_FF00, :fD, :rA
+		addop 'ftoi',  0xC800_0005, 0x03FF_FF00, :rD, :fA
+		addop 'madd',  0xC800_0007, 0x03FF_FF00, :fD, :fA, :fB		# fD += fA*fB
+		addop 'sfeq',  0xC800_0008, 0x03FF_FF00, :fA, :fB
+		addop 'sfne',  0xC800_0009, 0x03FF_FF00, :fA, :fB
+		addop 'sfgt',  0xC800_000A, 0x03FF_FF00, :fA, :fB
+		addop 'sfge',  0xC800_000B, 0x03FF_FF00, :fA, :fB
+		addop 'sflt',  0xC800_000C, 0x03FF_FF00, :fA, :fB
+		addop 'sfle',  0xC800_000D, 0x03FF_FF00, :fA, :fB
+		addop 'swa',   0xCC00_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 4	# sw + setf(ra_smoo == current_EA ?)
+		addop 'sw',    0xD400_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 4
+		addop 'sb',    0xD800_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 1
+		addop 'sh',    0xDC00_0000, 0x03FF_FFFF, :rA_smoo, :rB, :memsz => 2
+		addop 'add',   0xE000_0000, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'sub',   0xE000_0002, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'and',   0xE000_0003, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'or',    0xE000_0004, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'xor',   0xE000_0005, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'shl',   0xE000_0008, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'ff1',   0xE000_000F, 0x03FF_FC30, :rD, :rA, :rB	# find first bit == 1
+		addop 'shr',   0xE000_0048, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'sar',   0xE000_0088, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'fl1',   0xE000_010F, 0x03FF_FC30, :rD, :rA, :rB	# find last bit
+		addop 'mul',   0xE000_0306, 0x03FF_FC30, :rD, :rA, :rB	# signed multiply ?
+		addop 'div',   0xE000_0309, 0x03FF_FC30, :rD, :rA, :rB
+		addop 'divu',  0xE000_030A, 0x03FF_FC30, :rD, :rA, :rB	# rD = rA&0xffffffff / rB&0xffffffff
+		addop 'sfeq',  0xE400_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfne',  0xE420_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgtu', 0xE440_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgeu', 0xE460_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfltu', 0xE480_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfleu', 0xE4A0_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfgts', 0xE540_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfges', 0xE560_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sflts', 0xE580_0000, 0x001F_FFFF, :rA, :rB
+		addop 'sfles', 0xE5A0_0000, 0x001F_FFFF, :rA, :rB
+	end
+	alias init_latest init_or1k
+end
+end