hexcore-capstone 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +26 -0
- package/README.md +191 -0
- package/binding.gyp +168 -0
- package/deps/capstone/LEB128.h +38 -0
- package/deps/capstone/MCDisassembler.h +14 -0
- package/deps/capstone/MCFixedLenDisassembler.h +32 -0
- package/deps/capstone/MCInst.c +270 -0
- package/deps/capstone/MCInst.h +165 -0
- package/deps/capstone/MCInstrDesc.c +41 -0
- package/deps/capstone/MCInstrDesc.h +167 -0
- package/deps/capstone/MCRegisterInfo.c +151 -0
- package/deps/capstone/MCRegisterInfo.h +116 -0
- package/deps/capstone/Mapping.c +254 -0
- package/deps/capstone/Mapping.h +174 -0
- package/deps/capstone/MathExtras.h +442 -0
- package/deps/capstone/SStream.c +181 -0
- package/deps/capstone/SStream.h +40 -0
- package/deps/capstone/arch/AArch64/AArch64AddressingModes.h +945 -0
- package/deps/capstone/arch/AArch64/AArch64BaseInfo.c +77 -0
- package/deps/capstone/arch/AArch64/AArch64BaseInfo.h +585 -0
- package/deps/capstone/arch/AArch64/AArch64Disassembler.c +2280 -0
- package/deps/capstone/arch/AArch64/AArch64Disassembler.h +18 -0
- package/deps/capstone/arch/AArch64/AArch64GenAsmWriter.inc +26589 -0
- package/deps/capstone/arch/AArch64/AArch64GenDisassemblerTables.inc +27322 -0
- package/deps/capstone/arch/AArch64/AArch64GenInstrInfo.inc +13194 -0
- package/deps/capstone/arch/AArch64/AArch64GenRegisterInfo.inc +3814 -0
- package/deps/capstone/arch/AArch64/AArch64GenRegisterName.inc +714 -0
- package/deps/capstone/arch/AArch64/AArch64GenRegisterV.inc +673 -0
- package/deps/capstone/arch/AArch64/AArch64GenSubtargetInfo.inc +229 -0
- package/deps/capstone/arch/AArch64/AArch64GenSystemOperands.inc +2863 -0
- package/deps/capstone/arch/AArch64/AArch64GenSystemOperands_enum.inc +21 -0
- package/deps/capstone/arch/AArch64/AArch64InstPrinter.c +3029 -0
- package/deps/capstone/arch/AArch64/AArch64InstPrinter.h +28 -0
- package/deps/capstone/arch/AArch64/AArch64Mapping.c +883 -0
- package/deps/capstone/arch/AArch64/AArch64Mapping.h +43 -0
- package/deps/capstone/arch/AArch64/AArch64MappingInsn.inc +37790 -0
- package/deps/capstone/arch/AArch64/AArch64MappingInsnName.inc +1282 -0
- package/deps/capstone/arch/AArch64/AArch64MappingInsnOp.inc +26994 -0
- package/deps/capstone/arch/AArch64/AArch64Module.c +44 -0
- package/deps/capstone/arch/AArch64/AArch64Module.h +12 -0
- package/deps/capstone/arch/ARM/ARMAddressingModes.h +698 -0
- package/deps/capstone/arch/ARM/ARMBaseInfo.h +486 -0
- package/deps/capstone/arch/ARM/ARMDisassembler.c +5763 -0
- package/deps/capstone/arch/ARM/ARMDisassembler.h +18 -0
- package/deps/capstone/arch/ARM/ARMGenAsmWriter.inc +9545 -0
- package/deps/capstone/arch/ARM/ARMGenDisassemblerTables.inc +15185 -0
- package/deps/capstone/arch/ARM/ARMGenInstrInfo.inc +6632 -0
- package/deps/capstone/arch/ARM/ARMGenRegisterInfo.inc +2102 -0
- package/deps/capstone/arch/ARM/ARMGenRegisterName.inc +231 -0
- package/deps/capstone/arch/ARM/ARMGenRegisterName_digit.inc +231 -0
- package/deps/capstone/arch/ARM/ARMGenSubtargetInfo.inc +162 -0
- package/deps/capstone/arch/ARM/ARMGenSystemRegister.inc +270 -0
- package/deps/capstone/arch/ARM/ARMInstPrinter.c +3364 -0
- package/deps/capstone/arch/ARM/ARMInstPrinter.h +43 -0
- package/deps/capstone/arch/ARM/ARMMapping.c +551 -0
- package/deps/capstone/arch/ARM/ARMMapping.h +40 -0
- package/deps/capstone/arch/ARM/ARMMappingInsn.inc +18772 -0
- package/deps/capstone/arch/ARM/ARMMappingInsnName.inc +475 -0
- package/deps/capstone/arch/ARM/ARMMappingInsnOp.inc +10729 -0
- package/deps/capstone/arch/ARM/ARMModule.c +63 -0
- package/deps/capstone/arch/ARM/ARMModule.h +12 -0
- package/deps/capstone/arch/BPF/BPFConstants.h +88 -0
- package/deps/capstone/arch/BPF/BPFDisassembler.c +464 -0
- package/deps/capstone/arch/BPF/BPFDisassembler.h +27 -0
- package/deps/capstone/arch/BPF/BPFInstPrinter.c +285 -0
- package/deps/capstone/arch/BPF/BPFInstPrinter.h +16 -0
- package/deps/capstone/arch/BPF/BPFMapping.c +513 -0
- package/deps/capstone/arch/BPF/BPFMapping.h +21 -0
- package/deps/capstone/arch/BPF/BPFModule.c +34 -0
- package/deps/capstone/arch/BPF/BPFModule.h +12 -0
- package/deps/capstone/arch/EVM/EVMDisassembler.c +379 -0
- package/deps/capstone/arch/EVM/EVMDisassembler.h +12 -0
- package/deps/capstone/arch/EVM/EVMInstPrinter.c +20 -0
- package/deps/capstone/arch/EVM/EVMInstPrinter.h +17 -0
- package/deps/capstone/arch/EVM/EVMMapping.c +344 -0
- package/deps/capstone/arch/EVM/EVMMapping.h +8 -0
- package/deps/capstone/arch/EVM/EVMMappingInsn.inc +259 -0
- package/deps/capstone/arch/EVM/EVMModule.c +33 -0
- package/deps/capstone/arch/EVM/EVMModule.h +12 -0
- package/deps/capstone/arch/M680X/M680XDisassembler.c +2307 -0
- package/deps/capstone/arch/M680X/M680XDisassembler.h +17 -0
- package/deps/capstone/arch/M680X/M680XDisassemblerInternals.h +57 -0
- package/deps/capstone/arch/M680X/M680XInstPrinter.c +360 -0
- package/deps/capstone/arch/M680X/M680XInstPrinter.h +25 -0
- package/deps/capstone/arch/M680X/M680XModule.c +77 -0
- package/deps/capstone/arch/M680X/M680XModule.h +12 -0
- package/deps/capstone/arch/M680X/cpu12.inc +335 -0
- package/deps/capstone/arch/M680X/hcs08.inc +60 -0
- package/deps/capstone/arch/M680X/hd6301.inc +15 -0
- package/deps/capstone/arch/M680X/hd6309.inc +259 -0
- package/deps/capstone/arch/M680X/insn_props.inc +367 -0
- package/deps/capstone/arch/M680X/m6800.inc +277 -0
- package/deps/capstone/arch/M680X/m6801.inc +39 -0
- package/deps/capstone/arch/M680X/m6805.inc +277 -0
- package/deps/capstone/arch/M680X/m6808.inc +91 -0
- package/deps/capstone/arch/M680X/m6809.inc +352 -0
- package/deps/capstone/arch/M680X/m6811.inc +105 -0
- package/deps/capstone/arch/M68K/M68KDisassembler.c +3668 -0
- package/deps/capstone/arch/M68K/M68KDisassembler.h +30 -0
- package/deps/capstone/arch/M68K/M68KInstPrinter.c +387 -0
- package/deps/capstone/arch/M68K/M68KInstPrinter.h +21 -0
- package/deps/capstone/arch/M68K/M68KInstructionTable.inc +65540 -0
- package/deps/capstone/arch/M68K/M68KModule.c +42 -0
- package/deps/capstone/arch/M68K/M68KModule.h +12 -0
- package/deps/capstone/arch/MOS65XX/MOS65XXDisassembler.c +544 -0
- package/deps/capstone/arch/MOS65XX/MOS65XXDisassembler.h +22 -0
- package/deps/capstone/arch/MOS65XX/MOS65XXDisassemblerInternals.h +23 -0
- package/deps/capstone/arch/MOS65XX/MOS65XXModule.c +79 -0
- package/deps/capstone/arch/MOS65XX/MOS65XXModule.h +12 -0
- package/deps/capstone/arch/MOS65XX/instruction_info.inc +106 -0
- package/deps/capstone/arch/MOS65XX/m6502.inc +256 -0
- package/deps/capstone/arch/MOS65XX/m65816.inc +256 -0
- package/deps/capstone/arch/MOS65XX/m65c02.inc +256 -0
- package/deps/capstone/arch/MOS65XX/mw65c02.inc +256 -0
- package/deps/capstone/arch/Mips/MipsDisassembler.c +1794 -0
- package/deps/capstone/arch/Mips/MipsDisassembler.h +16 -0
- package/deps/capstone/arch/Mips/MipsGenAsmWriter.inc +5725 -0
- package/deps/capstone/arch/Mips/MipsGenDisassemblerTables.inc +6942 -0
- package/deps/capstone/arch/Mips/MipsGenInstrInfo.inc +1805 -0
- package/deps/capstone/arch/Mips/MipsGenRegisterInfo.inc +1679 -0
- package/deps/capstone/arch/Mips/MipsGenSubtargetInfo.inc +52 -0
- package/deps/capstone/arch/Mips/MipsInstPrinter.c +424 -0
- package/deps/capstone/arch/Mips/MipsInstPrinter.h +25 -0
- package/deps/capstone/arch/Mips/MipsMapping.c +1070 -0
- package/deps/capstone/arch/Mips/MipsMapping.h +25 -0
- package/deps/capstone/arch/Mips/MipsMappingInsn.inc +9315 -0
- package/deps/capstone/arch/Mips/MipsModule.c +52 -0
- package/deps/capstone/arch/Mips/MipsModule.h +12 -0
- package/deps/capstone/arch/PowerPC/PPCDisassembler.c +627 -0
- package/deps/capstone/arch/PowerPC/PPCDisassembler.h +17 -0
- package/deps/capstone/arch/PowerPC/PPCGenAsmWriter.inc +11451 -0
- package/deps/capstone/arch/PowerPC/PPCGenDisassemblerTables.inc +6886 -0
- package/deps/capstone/arch/PowerPC/PPCGenInstrInfo.inc +4772 -0
- package/deps/capstone/arch/PowerPC/PPCGenRegisterInfo.inc +1122 -0
- package/deps/capstone/arch/PowerPC/PPCGenRegisterName.inc +278 -0
- package/deps/capstone/arch/PowerPC/PPCGenSubtargetInfo.inc +90 -0
- package/deps/capstone/arch/PowerPC/PPCInstPrinter.c +1238 -0
- package/deps/capstone/arch/PowerPC/PPCInstPrinter.h +15 -0
- package/deps/capstone/arch/PowerPC/PPCMapping.c +570 -0
- package/deps/capstone/arch/PowerPC/PPCMapping.h +40 -0
- package/deps/capstone/arch/PowerPC/PPCMappingInsn.inc +13220 -0
- package/deps/capstone/arch/PowerPC/PPCMappingInsnName.inc +1731 -0
- package/deps/capstone/arch/PowerPC/PPCModule.c +45 -0
- package/deps/capstone/arch/PowerPC/PPCModule.h +12 -0
- package/deps/capstone/arch/PowerPC/PPCPredicates.h +62 -0
- package/deps/capstone/arch/RISCV/RISCVBaseInfo.h +106 -0
- package/deps/capstone/arch/RISCV/RISCVDisassembler.c +433 -0
- package/deps/capstone/arch/RISCV/RISCVDisassembler.h +18 -0
- package/deps/capstone/arch/RISCV/RISCVGenAsmWriter.inc +2651 -0
- package/deps/capstone/arch/RISCV/RISCVGenDisassemblerTables.inc +1776 -0
- package/deps/capstone/arch/RISCV/RISCVGenInsnNameMaps.inc +275 -0
- package/deps/capstone/arch/RISCV/RISCVGenInstrInfo.inc +470 -0
- package/deps/capstone/arch/RISCV/RISCVGenRegisterInfo.inc +426 -0
- package/deps/capstone/arch/RISCV/RISCVGenSubtargetInfo.inc +33 -0
- package/deps/capstone/arch/RISCV/RISCVInstPrinter.c +447 -0
- package/deps/capstone/arch/RISCV/RISCVInstPrinter.h +24 -0
- package/deps/capstone/arch/RISCV/RISCVMapping.c +366 -0
- package/deps/capstone/arch/RISCV/RISCVMapping.h +22 -0
- package/deps/capstone/arch/RISCV/RISCVMappingInsn.inc +1635 -0
- package/deps/capstone/arch/RISCV/RISCVModule.c +42 -0
- package/deps/capstone/arch/RISCV/RISCVModule.h +12 -0
- package/deps/capstone/arch/SH/SHDisassembler.c +2221 -0
- package/deps/capstone/arch/SH/SHDisassembler.h +19 -0
- package/deps/capstone/arch/SH/SHInsnTable.inc +66 -0
- package/deps/capstone/arch/SH/SHInstPrinter.c +438 -0
- package/deps/capstone/arch/SH/SHInstPrinter.h +23 -0
- package/deps/capstone/arch/SH/SHModule.c +39 -0
- package/deps/capstone/arch/SH/SHModule.h +12 -0
- package/deps/capstone/arch/SH/mktable.rb +390 -0
- package/deps/capstone/arch/Sparc/Sparc.h +63 -0
- package/deps/capstone/arch/Sparc/SparcDisassembler.c +500 -0
- package/deps/capstone/arch/Sparc/SparcDisassembler.h +17 -0
- package/deps/capstone/arch/Sparc/SparcGenAsmWriter.inc +5709 -0
- package/deps/capstone/arch/Sparc/SparcGenDisassemblerTables.inc +2028 -0
- package/deps/capstone/arch/Sparc/SparcGenInstrInfo.inc +514 -0
- package/deps/capstone/arch/Sparc/SparcGenRegisterInfo.inc +451 -0
- package/deps/capstone/arch/Sparc/SparcGenSubtargetInfo.inc +27 -0
- package/deps/capstone/arch/Sparc/SparcInstPrinter.c +446 -0
- package/deps/capstone/arch/Sparc/SparcInstPrinter.h +17 -0
- package/deps/capstone/arch/Sparc/SparcMapping.c +665 -0
- package/deps/capstone/arch/Sparc/SparcMapping.h +34 -0
- package/deps/capstone/arch/Sparc/SparcMappingInsn.inc +2643 -0
- package/deps/capstone/arch/Sparc/SparcModule.c +45 -0
- package/deps/capstone/arch/Sparc/SparcModule.h +12 -0
- package/deps/capstone/arch/SystemZ/SystemZDisassembler.c +484 -0
- package/deps/capstone/arch/SystemZ/SystemZDisassembler.h +17 -0
- package/deps/capstone/arch/SystemZ/SystemZGenAsmWriter.inc +11575 -0
- package/deps/capstone/arch/SystemZ/SystemZGenDisassemblerTables.inc +10262 -0
- package/deps/capstone/arch/SystemZ/SystemZGenInsnNameMaps.inc +2348 -0
- package/deps/capstone/arch/SystemZ/SystemZGenInstrInfo.inc +2820 -0
- package/deps/capstone/arch/SystemZ/SystemZGenRegisterInfo.inc +741 -0
- package/deps/capstone/arch/SystemZ/SystemZGenSubtargetInfo.inc +49 -0
- package/deps/capstone/arch/SystemZ/SystemZInstPrinter.c +433 -0
- package/deps/capstone/arch/SystemZ/SystemZInstPrinter.h +15 -0
- package/deps/capstone/arch/SystemZ/SystemZMCTargetDesc.c +195 -0
- package/deps/capstone/arch/SystemZ/SystemZMCTargetDesc.h +51 -0
- package/deps/capstone/arch/SystemZ/SystemZMapping.c +479 -0
- package/deps/capstone/arch/SystemZ/SystemZMapping.h +23 -0
- package/deps/capstone/arch/SystemZ/SystemZMappingInsn.inc +14175 -0
- package/deps/capstone/arch/SystemZ/SystemZModule.c +44 -0
- package/deps/capstone/arch/SystemZ/SystemZModule.h +12 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c +628 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xDisassembler.h +19 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xGenAsmWriter.inc +684 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xGenDisassemblerTables.inc +1352 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xGenInstrInfo.inc +298 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xGenRegisterInfo.inc +277 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xInstPrinter.c +572 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xInstPrinter.h +15 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xMapping.c +1926 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xMapping.h +26 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xModule.c +39 -0
- package/deps/capstone/arch/TMS320C64x/TMS320C64xModule.h +12 -0
- package/deps/capstone/arch/TriCore/TriCore.td +134 -0
- package/deps/capstone/arch/TriCore/TriCoreCallingConv.td +61 -0
- package/deps/capstone/arch/TriCore/TriCoreDisassembler.c +1655 -0
- package/deps/capstone/arch/TriCore/TriCoreDisassembler.h +18 -0
- package/deps/capstone/arch/TriCore/TriCoreGenAsmWriter.inc +3691 -0
- package/deps/capstone/arch/TriCore/TriCoreGenCSFeatureName.inc +22 -0
- package/deps/capstone/arch/TriCore/TriCoreGenCSMappingInsn.inc +8938 -0
- package/deps/capstone/arch/TriCore/TriCoreGenCSMappingInsnName.inc +404 -0
- package/deps/capstone/arch/TriCore/TriCoreGenCSMappingInsnOp.inc +7994 -0
- package/deps/capstone/arch/TriCore/TriCoreGenCSOpGroup.inc +32 -0
- package/deps/capstone/arch/TriCore/TriCoreGenDisassemblerTables.inc +4044 -0
- package/deps/capstone/arch/TriCore/TriCoreGenInstrInfo.inc +2693 -0
- package/deps/capstone/arch/TriCore/TriCoreGenRegisterInfo.inc +295 -0
- package/deps/capstone/arch/TriCore/TriCoreGenSubtargetInfo.inc +40 -0
- package/deps/capstone/arch/TriCore/TriCoreInstPrinter.c +488 -0
- package/deps/capstone/arch/TriCore/TriCoreInstrFormats.td +773 -0
- package/deps/capstone/arch/TriCore/TriCoreInstrInfo.td +1873 -0
- package/deps/capstone/arch/TriCore/TriCoreLinkage.h +21 -0
- package/deps/capstone/arch/TriCore/TriCoreMapping.c +241 -0
- package/deps/capstone/arch/TriCore/TriCoreMapping.h +32 -0
- package/deps/capstone/arch/TriCore/TriCoreModule.c +44 -0
- package/deps/capstone/arch/TriCore/TriCoreModule.h +11 -0
- package/deps/capstone/arch/TriCore/TriCoreRegisterInfo.td +153 -0
- package/deps/capstone/arch/WASM/WASMDisassembler.c +1009 -0
- package/deps/capstone/arch/WASM/WASMDisassembler.h +12 -0
- package/deps/capstone/arch/WASM/WASMInstPrinter.c +47 -0
- package/deps/capstone/arch/WASM/WASMInstPrinter.h +18 -0
- package/deps/capstone/arch/WASM/WASMMapping.c +333 -0
- package/deps/capstone/arch/WASM/WASMMapping.h +9 -0
- package/deps/capstone/arch/WASM/WASMModule.c +33 -0
- package/deps/capstone/arch/WASM/WASMModule.h +12 -0
- package/deps/capstone/arch/X86/X86ATTInstPrinter.c +997 -0
- package/deps/capstone/arch/X86/X86BaseInfo.h +50 -0
- package/deps/capstone/arch/X86/X86Disassembler.c +1033 -0
- package/deps/capstone/arch/X86/X86Disassembler.h +28 -0
- package/deps/capstone/arch/X86/X86DisassemblerDecoder.c +2358 -0
- package/deps/capstone/arch/X86/X86DisassemblerDecoder.h +725 -0
- package/deps/capstone/arch/X86/X86DisassemblerDecoderCommon.h +483 -0
- package/deps/capstone/arch/X86/X86GenAsmWriter.inc +49199 -0
- package/deps/capstone/arch/X86/X86GenAsmWriter1.inc +33196 -0
- package/deps/capstone/arch/X86/X86GenAsmWriter1_reduce.inc +2531 -0
- package/deps/capstone/arch/X86/X86GenAsmWriter_reduce.inc +2855 -0
- package/deps/capstone/arch/X86/X86GenDisassemblerTables.inc +112961 -0
- package/deps/capstone/arch/X86/X86GenDisassemblerTables2.inc +102151 -0
- package/deps/capstone/arch/X86/X86GenDisassemblerTables_reduce.inc +28047 -0
- package/deps/capstone/arch/X86/X86GenDisassemblerTables_reduce2.inc +18827 -0
- package/deps/capstone/arch/X86/X86GenInstrInfo.inc +15158 -0
- package/deps/capstone/arch/X86/X86GenInstrInfo_reduce.inc +1564 -0
- package/deps/capstone/arch/X86/X86GenRegisterInfo.inc +1549 -0
- package/deps/capstone/arch/X86/X86GenRegisterName.inc +292 -0
- package/deps/capstone/arch/X86/X86GenRegisterName1.inc +291 -0
- package/deps/capstone/arch/X86/X86ImmSize.inc +335 -0
- package/deps/capstone/arch/X86/X86InstPrinter.h +26 -0
- package/deps/capstone/arch/X86/X86InstPrinterCommon.c +116 -0
- package/deps/capstone/arch/X86/X86InstPrinterCommon.h +16 -0
- package/deps/capstone/arch/X86/X86IntelInstPrinter.c +1061 -0
- package/deps/capstone/arch/X86/X86Lookup16.inc +16874 -0
- package/deps/capstone/arch/X86/X86Lookup16_reduce.inc +2308 -0
- package/deps/capstone/arch/X86/X86Mapping.c +2266 -0
- package/deps/capstone/arch/X86/X86Mapping.h +96 -0
- package/deps/capstone/arch/X86/X86MappingInsn.inc +105977 -0
- package/deps/capstone/arch/X86/X86MappingInsnName.inc +1527 -0
- package/deps/capstone/arch/X86/X86MappingInsnName_reduce.inc +348 -0
- package/deps/capstone/arch/X86/X86MappingInsnOp.inc +75700 -0
- package/deps/capstone/arch/X86/X86MappingInsnOp_reduce.inc +7729 -0
- package/deps/capstone/arch/X86/X86MappingInsn_reduce.inc +10819 -0
- package/deps/capstone/arch/X86/X86MappingReg.inc +280 -0
- package/deps/capstone/arch/X86/X86Module.c +94 -0
- package/deps/capstone/arch/X86/X86Module.h +12 -0
- package/deps/capstone/arch/XCore/XCoreDisassembler.c +794 -0
- package/deps/capstone/arch/XCore/XCoreDisassembler.h +17 -0
- package/deps/capstone/arch/XCore/XCoreGenAsmWriter.inc +772 -0
- package/deps/capstone/arch/XCore/XCoreGenDisassemblerTables.inc +853 -0
- package/deps/capstone/arch/XCore/XCoreGenInstrInfo.inc +267 -0
- package/deps/capstone/arch/XCore/XCoreGenRegisterInfo.inc +110 -0
- package/deps/capstone/arch/XCore/XCoreInstPrinter.c +250 -0
- package/deps/capstone/arch/XCore/XCoreInstPrinter.h +18 -0
- package/deps/capstone/arch/XCore/XCoreMapping.c +297 -0
- package/deps/capstone/arch/XCore/XCoreMapping.h +26 -0
- package/deps/capstone/arch/XCore/XCoreMappingInsn.inc +1287 -0
- package/deps/capstone/arch/XCore/XCoreModule.c +41 -0
- package/deps/capstone/arch/XCore/XCoreModule.h +12 -0
- package/deps/capstone/cs.c +1664 -0
- package/deps/capstone/cs_priv.h +101 -0
- package/deps/capstone/cs_simple_types.h +886 -0
- package/deps/capstone/include/capstone/arm.h +991 -0
- package/deps/capstone/include/capstone/arm64.h +3159 -0
- package/deps/capstone/include/capstone/bpf.h +209 -0
- package/deps/capstone/include/capstone/capstone.h +875 -0
- package/deps/capstone/include/capstone/evm.h +188 -0
- package/deps/capstone/include/capstone/m680x.h +537 -0
- package/deps/capstone/include/capstone/m68k.h +613 -0
- package/deps/capstone/include/capstone/mips.h +956 -0
- package/deps/capstone/include/capstone/mos65xx.h +204 -0
- package/deps/capstone/include/capstone/platform.h +122 -0
- package/deps/capstone/include/capstone/ppc.h +2108 -0
- package/deps/capstone/include/capstone/riscv.h +531 -0
- package/deps/capstone/include/capstone/sh.h +465 -0
- package/deps/capstone/include/capstone/sparc.h +520 -0
- package/deps/capstone/include/capstone/systemz.h +2601 -0
- package/deps/capstone/include/capstone/tms320c64x.h +359 -0
- package/deps/capstone/include/capstone/tricore.h +567 -0
- package/deps/capstone/include/capstone/wasm.h +250 -0
- package/deps/capstone/include/capstone/x86.h +1986 -0
- package/deps/capstone/include/capstone/xcore.h +235 -0
- package/deps/capstone/include/platform.h +110 -0
- package/deps/capstone/include/windowsce/intrin.h +12 -0
- package/deps/capstone/include/windowsce/stdint.h +133 -0
- package/deps/capstone/utils.c +140 -0
- package/deps/capstone/utils.h +54 -0
- package/index.d.ts +448 -0
- package/index.js +64 -0
- package/index.mjs +25 -0
- package/package.json +82 -0
- package/prebuilds/win32-x64/hexcore-capstone.node +0 -0
- package/src/capstone_wrapper.cpp +910 -0
- package/src/capstone_wrapper.h +147 -0
- package/src/disasm_async_worker.h +215 -0
- package/src/main.cpp +145 -0
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/* Capstone Disassembly Engine */
|
|
2
|
+
/* By Dang Hoang Vu <danghvu@gmail.com> 2013 */
|
|
3
|
+
|
|
4
|
+
#ifdef CAPSTONE_HAS_ARM
|
|
5
|
+
|
|
6
|
+
#include "../../cs_priv.h"
|
|
7
|
+
#include "../../MCRegisterInfo.h"
|
|
8
|
+
#include "ARMDisassembler.h"
|
|
9
|
+
#include "ARMInstPrinter.h"
|
|
10
|
+
#include "ARMMapping.h"
|
|
11
|
+
#include "ARMModule.h"
|
|
12
|
+
|
|
13
|
+
cs_err ARM_global_init(cs_struct *ud)
|
|
14
|
+
{
|
|
15
|
+
MCRegisterInfo *mri;
|
|
16
|
+
mri = cs_mem_malloc(sizeof(*mri));
|
|
17
|
+
|
|
18
|
+
ARM_init(mri);
|
|
19
|
+
ARM_getRegName(ud, 0); // use default get_regname
|
|
20
|
+
|
|
21
|
+
ud->printer = ARM_printInst;
|
|
22
|
+
ud->printer_info = mri;
|
|
23
|
+
ud->reg_name = ARM_reg_name;
|
|
24
|
+
ud->insn_id = ARM_get_insn_id;
|
|
25
|
+
ud->insn_name = ARM_insn_name;
|
|
26
|
+
ud->group_name = ARM_group_name;
|
|
27
|
+
ud->post_printer = ARM_post_printer;
|
|
28
|
+
#ifndef CAPSTONE_DIET
|
|
29
|
+
ud->reg_access = ARM_reg_access;
|
|
30
|
+
#endif
|
|
31
|
+
|
|
32
|
+
if (ud->mode & CS_MODE_THUMB)
|
|
33
|
+
ud->disasm = Thumb_getInstruction;
|
|
34
|
+
else
|
|
35
|
+
ud->disasm = ARM_getInstruction;
|
|
36
|
+
|
|
37
|
+
return CS_ERR_OK;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
cs_err ARM_option(cs_struct *handle, cs_opt_type type, size_t value)
|
|
41
|
+
{
|
|
42
|
+
switch(type) {
|
|
43
|
+
case CS_OPT_MODE:
|
|
44
|
+
if (value & CS_MODE_THUMB)
|
|
45
|
+
handle->disasm = Thumb_getInstruction;
|
|
46
|
+
else
|
|
47
|
+
handle->disasm = ARM_getInstruction;
|
|
48
|
+
|
|
49
|
+
handle->mode = (cs_mode)value;
|
|
50
|
+
|
|
51
|
+
break;
|
|
52
|
+
case CS_OPT_SYNTAX:
|
|
53
|
+
ARM_getRegName(handle, (int)value);
|
|
54
|
+
handle->syntax = (int)value;
|
|
55
|
+
break;
|
|
56
|
+
default:
|
|
57
|
+
break;
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
return CS_ERR_OK;
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
#endif
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/* Capstone Disassembly Engine */
|
|
2
|
+
/* By Travis Finkenauer <tmfinken@gmail.com>, 2018 */
|
|
3
|
+
|
|
4
|
+
#ifndef CS_ARM_MODULE_H
|
|
5
|
+
#define CS_ARM_MODULE_H
|
|
6
|
+
|
|
7
|
+
#include "../../utils.h"
|
|
8
|
+
|
|
9
|
+
cs_err ARM_global_init(cs_struct *ud);
|
|
10
|
+
cs_err ARM_option(cs_struct *handle, cs_opt_type type, size_t value);
|
|
11
|
+
|
|
12
|
+
#endif
|
|
@@ -0,0 +1,88 @@
|
|
|
1
|
+
/* Capstone Disassembly Engine */
|
|
2
|
+
/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
|
|
3
|
+
|
|
4
|
+
/* This file defines constants and macros used for parsing a BPF instruction */
|
|
5
|
+
|
|
6
|
+
#ifndef CS_BPF_CONSTANTS_H
|
|
7
|
+
#define CS_BPF_CONSTANTS_H
|
|
8
|
+
|
|
9
|
+
#define BPF_CLASS(code) ((code) & 0x7)
|
|
10
|
+
|
|
11
|
+
///< Instruction classes
|
|
12
|
+
#define BPF_CLASS_LD 0x00
|
|
13
|
+
#define BPF_CLASS_LDX 0x01
|
|
14
|
+
#define BPF_CLASS_ST 0x02
|
|
15
|
+
#define BPF_CLASS_STX 0x03
|
|
16
|
+
#define BPF_CLASS_ALU 0x04
|
|
17
|
+
#define BPF_CLASS_JMP 0x05
|
|
18
|
+
#define BPF_CLASS_RET 0x06 ///< cBPF only
|
|
19
|
+
#define BPF_CLASS_MISC 0x07 ///< cBPF only
|
|
20
|
+
#define BPF_CLASS_ALU64 0x07 ///< eBPF only
|
|
21
|
+
|
|
22
|
+
#define BPF_OP(code) ((code) & 0xf0)
|
|
23
|
+
|
|
24
|
+
///< Types of ALU instruction
|
|
25
|
+
#define BPF_ALU_ADD 0x00
|
|
26
|
+
#define BPF_ALU_SUB 0x10
|
|
27
|
+
#define BPF_ALU_MUL 0x20
|
|
28
|
+
#define BPF_ALU_DIV 0x30
|
|
29
|
+
#define BPF_ALU_OR 0x40
|
|
30
|
+
#define BPF_ALU_AND 0x50
|
|
31
|
+
#define BPF_ALU_LSH 0x60
|
|
32
|
+
#define BPF_ALU_RSH 0x70
|
|
33
|
+
#define BPF_ALU_NEG 0x80
|
|
34
|
+
#define BPF_ALU_MOD 0x90
|
|
35
|
+
#define BPF_ALU_XOR 0xa0
|
|
36
|
+
#define BPF_ALU_MOV 0xb0 ///< eBPF only: mov reg to reg
|
|
37
|
+
#define BPF_ALU_ARSH 0xc0 ///< eBPF only: sign extending shift right
|
|
38
|
+
#define BPF_ALU_END 0xd0 ///< eBPF only: endianness conversion
|
|
39
|
+
|
|
40
|
+
///< Types of jmp instruction
|
|
41
|
+
#define BPF_JUMP_JA 0x00 ///< goto
|
|
42
|
+
#define BPF_JUMP_JEQ 0x10 ///< '=='
|
|
43
|
+
#define BPF_JUMP_JGT 0x20 ///< unsigned '>'
|
|
44
|
+
#define BPF_JUMP_JGE 0x30 ///< unsigned '>='
|
|
45
|
+
#define BPF_JUMP_JSET 0x40 ///< '&'
|
|
46
|
+
#define BPF_JUMP_JNE 0x50 ///< eBPF only: '!=' */
|
|
47
|
+
#define BPF_JUMP_JSGT 0x60 ///< eBPF only: signed '>'
|
|
48
|
+
#define BPF_JUMP_JSGE 0x70 ///< eBPF only: signed '>='
|
|
49
|
+
#define BPF_JUMP_CALL 0x80 ///< eBPF only: function call
|
|
50
|
+
#define BPF_JUMP_EXIT 0x90 ///< eBPF only: exit
|
|
51
|
+
#define BPF_JUMP_JLT 0xa0 ///< eBPF only: unsigned '<'
|
|
52
|
+
#define BPF_JUMP_JLE 0xb0 ///< eBPF only: unsigned '<='
|
|
53
|
+
#define BPF_JUMP_JSLT 0xc0 ///< eBPF only: signed '<'
|
|
54
|
+
#define BPF_JUMP_JSLE 0xd0 ///< eBPF only: signed '<='
|
|
55
|
+
|
|
56
|
+
#define BPF_SRC(code) ((code) & 0x08)
|
|
57
|
+
#define BPF_RVAL(code) ((code) & 0x18) /* cBPF only: for return types */
|
|
58
|
+
///< Source operand
|
|
59
|
+
#define BPF_SRC_K 0x00
|
|
60
|
+
#define BPF_SRC_X 0x08
|
|
61
|
+
#define BPF_SRC_A 0x10 /* cBPF only */
|
|
62
|
+
|
|
63
|
+
#define BPF_SRC_LITTLE BPF_SRC_K
|
|
64
|
+
#define BPF_SRC_BIG BPF_SRC_X
|
|
65
|
+
|
|
66
|
+
#define BPF_SIZE(code) ((code) & 0x18)
|
|
67
|
+
///< Size modifier
|
|
68
|
+
#define BPF_SIZE_W 0x00 ///< word
|
|
69
|
+
#define BPF_SIZE_H 0x08 ///< half word
|
|
70
|
+
#define BPF_SIZE_B 0x10 ///< byte
|
|
71
|
+
#define BPF_SIZE_DW 0x18 ///< eBPF only: double word
|
|
72
|
+
|
|
73
|
+
#define BPF_MODE(code) ((code) & 0xe0)
|
|
74
|
+
///< Mode modifier
|
|
75
|
+
#define BPF_MODE_IMM 0x00 ///< used for 32-bit mov in cBPF and 64-bit in eBPF
|
|
76
|
+
#define BPF_MODE_ABS 0x20
|
|
77
|
+
#define BPF_MODE_IND 0x40
|
|
78
|
+
#define BPF_MODE_MEM 0x60
|
|
79
|
+
#define BPF_MODE_LEN 0x80 ///< cBPF only, reserved in eBPF
|
|
80
|
+
#define BPF_MODE_MSH 0xa0 ///< cBPF only, reserved in eBPF
|
|
81
|
+
#define BPF_MODE_XADD 0xc0 ///< eBPF only: exclusive add
|
|
82
|
+
|
|
83
|
+
#define BPF_MISCOP(code) ((code) & 0x80)
|
|
84
|
+
///< Operation of misc
|
|
85
|
+
#define BPF_MISCOP_TAX 0x00
|
|
86
|
+
#define BPF_MISCOP_TXA 0x80
|
|
87
|
+
|
|
88
|
+
#endif
|
|
@@ -0,0 +1,464 @@
|
|
|
1
|
+
/* Capstone Disassembly Engine */
|
|
2
|
+
/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
|
|
3
|
+
|
|
4
|
+
#ifdef CAPSTONE_HAS_BPF
|
|
5
|
+
|
|
6
|
+
#include <string.h>
|
|
7
|
+
#include <stddef.h> // offsetof macro
|
|
8
|
+
|
|
9
|
+
#include "BPFConstants.h"
|
|
10
|
+
#include "BPFDisassembler.h"
|
|
11
|
+
#include "BPFMapping.h"
|
|
12
|
+
#include "../../cs_priv.h"
|
|
13
|
+
|
|
14
|
+
static uint16_t read_u16(cs_struct *ud, const uint8_t *code)
|
|
15
|
+
{
|
|
16
|
+
if (MODE_IS_BIG_ENDIAN(ud->mode))
|
|
17
|
+
return (((uint16_t)code[0] << 8) | code[1]);
|
|
18
|
+
else
|
|
19
|
+
return (((uint16_t)code[1] << 8) | code[0]);
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
static uint32_t read_u32(cs_struct *ud, const uint8_t *code)
|
|
23
|
+
{
|
|
24
|
+
if (MODE_IS_BIG_ENDIAN(ud->mode))
|
|
25
|
+
return ((uint32_t)read_u16(ud, code) << 16) | read_u16(ud, code + 2);
|
|
26
|
+
else
|
|
27
|
+
return ((uint32_t)read_u16(ud, code + 2) << 16) | read_u16(ud, code);
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
///< Malloc bpf_internal, also checks if code_len is large enough.
|
|
31
|
+
static bpf_internal *alloc_bpf_internal(size_t code_len)
|
|
32
|
+
{
|
|
33
|
+
bpf_internal *bpf;
|
|
34
|
+
|
|
35
|
+
if (code_len < 8)
|
|
36
|
+
return NULL;
|
|
37
|
+
bpf = cs_mem_malloc(sizeof(bpf_internal));
|
|
38
|
+
if (bpf == NULL)
|
|
39
|
+
return NULL;
|
|
40
|
+
/* default value */
|
|
41
|
+
bpf->insn_size = 8;
|
|
42
|
+
return bpf;
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
///< Fetch a cBPF structure from code
|
|
46
|
+
static bpf_internal* fetch_cbpf(cs_struct *ud, const uint8_t *code,
|
|
47
|
+
size_t code_len)
|
|
48
|
+
{
|
|
49
|
+
bpf_internal *bpf;
|
|
50
|
+
|
|
51
|
+
bpf = alloc_bpf_internal(code_len);
|
|
52
|
+
if (bpf == NULL)
|
|
53
|
+
return NULL;
|
|
54
|
+
|
|
55
|
+
bpf->op = read_u16(ud, code);
|
|
56
|
+
bpf->jt = code[2];
|
|
57
|
+
bpf->jf = code[3];
|
|
58
|
+
bpf->k = read_u32(ud, code + 4);
|
|
59
|
+
return bpf;
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
///< Fetch an eBPF structure from code
|
|
63
|
+
static bpf_internal* fetch_ebpf(cs_struct *ud, const uint8_t *code,
|
|
64
|
+
size_t code_len)
|
|
65
|
+
{
|
|
66
|
+
bpf_internal *bpf;
|
|
67
|
+
|
|
68
|
+
bpf = alloc_bpf_internal(code_len);
|
|
69
|
+
if (bpf == NULL)
|
|
70
|
+
return NULL;
|
|
71
|
+
|
|
72
|
+
bpf->op = (uint16_t)code[0];
|
|
73
|
+
bpf->dst = code[1] & 0xf;
|
|
74
|
+
bpf->src = (code[1] & 0xf0) >> 4;
|
|
75
|
+
|
|
76
|
+
// eBPF has one 16-byte instruction: BPF_LD | BPF_DW | BPF_IMM,
|
|
77
|
+
// in this case imm is combined with the next block's imm.
|
|
78
|
+
if (bpf->op == (BPF_CLASS_LD | BPF_SIZE_DW | BPF_MODE_IMM)) {
|
|
79
|
+
if (code_len < 16) {
|
|
80
|
+
cs_mem_free(bpf);
|
|
81
|
+
return NULL;
|
|
82
|
+
}
|
|
83
|
+
bpf->k = read_u32(ud, code + 4) | (((uint64_t)read_u32(ud, code + 12)) << 32);
|
|
84
|
+
bpf->insn_size = 16;
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
bpf->offset = read_u16(ud, code + 2);
|
|
88
|
+
bpf->k = read_u32(ud, code + 4);
|
|
89
|
+
}
|
|
90
|
+
return bpf;
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
#define CHECK_READABLE_REG(ud, reg) do { \
|
|
94
|
+
if (! ((reg) >= BPF_REG_R0 && (reg) <= BPF_REG_R10)) \
|
|
95
|
+
return false; \
|
|
96
|
+
} while (0)
|
|
97
|
+
|
|
98
|
+
#define CHECK_WRITABLE_REG(ud, reg) do { \
|
|
99
|
+
if (! ((reg) >= BPF_REG_R0 && (reg) < BPF_REG_R10)) \
|
|
100
|
+
return false; \
|
|
101
|
+
} while (0)
|
|
102
|
+
|
|
103
|
+
#define CHECK_READABLE_AND_PUSH(ud, MI, r) do { \
|
|
104
|
+
CHECK_READABLE_REG(ud, r + BPF_REG_R0); \
|
|
105
|
+
MCOperand_CreateReg0(MI, r + BPF_REG_R0); \
|
|
106
|
+
} while (0)
|
|
107
|
+
|
|
108
|
+
#define CHECK_WRITABLE_AND_PUSH(ud, MI, r) do { \
|
|
109
|
+
CHECK_WRITABLE_REG(ud, r + BPF_REG_R0); \
|
|
110
|
+
MCOperand_CreateReg0(MI, r + BPF_REG_R0); \
|
|
111
|
+
} while (0)
|
|
112
|
+
|
|
113
|
+
static bool decodeLoad(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
114
|
+
{
|
|
115
|
+
if (!EBPF_MODE(ud)) {
|
|
116
|
+
/*
|
|
117
|
+
* +-----+-----------+--------------------+
|
|
118
|
+
* | ldb | [k] | [x+k] |
|
|
119
|
+
* | ldh | [k] | [x+k] |
|
|
120
|
+
* +-----+-----------+--------------------+
|
|
121
|
+
*/
|
|
122
|
+
if (BPF_SIZE(bpf->op) == BPF_SIZE_DW)
|
|
123
|
+
return false;
|
|
124
|
+
if (BPF_SIZE(bpf->op) == BPF_SIZE_B || BPF_SIZE(bpf->op) == BPF_SIZE_H) {
|
|
125
|
+
/* no ldx */
|
|
126
|
+
if (BPF_CLASS(bpf->op) != BPF_CLASS_LD)
|
|
127
|
+
return false;
|
|
128
|
+
/* can only be BPF_ABS and BPF_IND */
|
|
129
|
+
if (BPF_MODE(bpf->op) == BPF_MODE_ABS) {
|
|
130
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
131
|
+
return true;
|
|
132
|
+
}
|
|
133
|
+
else if (BPF_MODE(bpf->op) == BPF_MODE_IND) {
|
|
134
|
+
MCOperand_CreateReg0(MI, BPF_REG_X);
|
|
135
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
136
|
+
return true;
|
|
137
|
+
}
|
|
138
|
+
return false;
|
|
139
|
+
}
|
|
140
|
+
/*
|
|
141
|
+
* +-----+----+------+------+-----+-------+
|
|
142
|
+
* | ld | #k | #len | M[k] | [k] | [x+k] |
|
|
143
|
+
* +-----+----+------+------+-----+-------+
|
|
144
|
+
* | ldx | #k | #len | M[k] | 4*([k]&0xf) |
|
|
145
|
+
* +-----+----+------+------+-------------+
|
|
146
|
+
*/
|
|
147
|
+
switch (BPF_MODE(bpf->op)) {
|
|
148
|
+
default:
|
|
149
|
+
break;
|
|
150
|
+
case BPF_MODE_IMM:
|
|
151
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
152
|
+
return true;
|
|
153
|
+
case BPF_MODE_LEN:
|
|
154
|
+
return true;
|
|
155
|
+
case BPF_MODE_MEM:
|
|
156
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
157
|
+
return true;
|
|
158
|
+
}
|
|
159
|
+
if (BPF_CLASS(bpf->op) == BPF_CLASS_LD) {
|
|
160
|
+
if (BPF_MODE(bpf->op) == BPF_MODE_ABS) {
|
|
161
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
162
|
+
return true;
|
|
163
|
+
}
|
|
164
|
+
else if (BPF_MODE(bpf->op) == BPF_MODE_IND) {
|
|
165
|
+
MCOperand_CreateReg0(MI, BPF_REG_X);
|
|
166
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
167
|
+
return true;
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
else { /* LDX */
|
|
171
|
+
if (BPF_MODE(bpf->op) == BPF_MODE_MSH) {
|
|
172
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
173
|
+
return true;
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
return false;
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
/* eBPF mode */
|
|
180
|
+
/*
|
|
181
|
+
* - IMM: lddw dst, imm64
|
|
182
|
+
* - ABS: ld{w,h,b,dw} [k]
|
|
183
|
+
* - IND: ld{w,h,b,dw} [src+k]
|
|
184
|
+
* - MEM: ldx{w,h,b,dw} dst, [src+off]
|
|
185
|
+
*/
|
|
186
|
+
if (BPF_CLASS(bpf->op) == BPF_CLASS_LD) {
|
|
187
|
+
switch (BPF_MODE(bpf->op)) {
|
|
188
|
+
case BPF_MODE_IMM:
|
|
189
|
+
if (bpf->op != (BPF_CLASS_LD | BPF_SIZE_DW | BPF_MODE_IMM))
|
|
190
|
+
return false;
|
|
191
|
+
CHECK_WRITABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
192
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
193
|
+
return true;
|
|
194
|
+
case BPF_MODE_ABS:
|
|
195
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
196
|
+
return true;
|
|
197
|
+
case BPF_MODE_IND:
|
|
198
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
199
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
200
|
+
return true;
|
|
201
|
+
}
|
|
202
|
+
return false;
|
|
203
|
+
|
|
204
|
+
}
|
|
205
|
+
/* LDX */
|
|
206
|
+
if (BPF_MODE(bpf->op) == BPF_MODE_MEM) {
|
|
207
|
+
CHECK_WRITABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
208
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
209
|
+
MCOperand_CreateImm0(MI, bpf->offset);
|
|
210
|
+
return true;
|
|
211
|
+
}
|
|
212
|
+
return false;
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
static bool decodeStore(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
216
|
+
{
|
|
217
|
+
/* in cBPF, only BPF_ST* | BPF_MEM | BPF_W is valid
|
|
218
|
+
* while in eBPF:
|
|
219
|
+
* - BPF_STX | BPF_XADD | BPF_{W,DW}
|
|
220
|
+
* - BPF_ST* | BPF_MEM | BPF_{W,H,B,DW}
|
|
221
|
+
* are valid
|
|
222
|
+
*/
|
|
223
|
+
if (!EBPF_MODE(ud)) {
|
|
224
|
+
/* can only store to M[] */
|
|
225
|
+
if (bpf->op != (BPF_CLASS(bpf->op) | BPF_MODE_MEM | BPF_SIZE_W))
|
|
226
|
+
return false;
|
|
227
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
228
|
+
return true;
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
/* eBPF */
|
|
232
|
+
|
|
233
|
+
if (BPF_MODE(bpf->op) == BPF_MODE_XADD) {
|
|
234
|
+
if (BPF_CLASS(bpf->op) != BPF_CLASS_STX)
|
|
235
|
+
return false;
|
|
236
|
+
if (BPF_SIZE(bpf->op) != BPF_SIZE_W && BPF_SIZE(bpf->op) != BPF_SIZE_DW)
|
|
237
|
+
return false;
|
|
238
|
+
/* xadd [dst + off], src */
|
|
239
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
240
|
+
MCOperand_CreateImm0(MI, bpf->offset);
|
|
241
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
242
|
+
return true;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
if (BPF_MODE(bpf->op) != BPF_MODE_MEM)
|
|
246
|
+
return false;
|
|
247
|
+
|
|
248
|
+
/* st [dst + off], src */
|
|
249
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
250
|
+
MCOperand_CreateImm0(MI, bpf->offset);
|
|
251
|
+
if (BPF_CLASS(bpf->op) == BPF_CLASS_ST)
|
|
252
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
253
|
+
else
|
|
254
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
255
|
+
return true;
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
static bool decodeALU(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
259
|
+
{
|
|
260
|
+
/* Set MI->Operands */
|
|
261
|
+
|
|
262
|
+
/* cBPF */
|
|
263
|
+
if (!EBPF_MODE(ud)) {
|
|
264
|
+
if (BPF_OP(bpf->op) > BPF_ALU_XOR)
|
|
265
|
+
return false;
|
|
266
|
+
/* cBPF's NEG has no operands */
|
|
267
|
+
if (BPF_OP(bpf->op) == BPF_ALU_NEG)
|
|
268
|
+
return true;
|
|
269
|
+
if (BPF_SRC(bpf->op) == BPF_SRC_K)
|
|
270
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
271
|
+
else /* BPF_SRC_X */
|
|
272
|
+
MCOperand_CreateReg0(MI, BPF_REG_X);
|
|
273
|
+
return true;
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
/* eBPF */
|
|
277
|
+
|
|
278
|
+
if (BPF_OP(bpf->op) > BPF_ALU_END)
|
|
279
|
+
return false;
|
|
280
|
+
/* ALU64 class doesn't have ENDian */
|
|
281
|
+
/* ENDian's imm must be one of 16, 32, 64 */
|
|
282
|
+
if (BPF_OP(bpf->op) == BPF_ALU_END) {
|
|
283
|
+
if (BPF_CLASS(bpf->op) == BPF_CLASS_ALU64)
|
|
284
|
+
return false;
|
|
285
|
+
if (bpf->k != 16 && bpf->k != 32 && bpf->k != 64)
|
|
286
|
+
return false;
|
|
287
|
+
}
|
|
288
|
+
|
|
289
|
+
/* - op dst, imm
|
|
290
|
+
* - op dst, src
|
|
291
|
+
* - neg dst
|
|
292
|
+
* - le<imm> dst
|
|
293
|
+
*/
|
|
294
|
+
/* every ALU instructions have dst op */
|
|
295
|
+
CHECK_WRITABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
296
|
+
|
|
297
|
+
/* special cases */
|
|
298
|
+
if (BPF_OP(bpf->op) == BPF_ALU_NEG)
|
|
299
|
+
return true;
|
|
300
|
+
if (BPF_OP(bpf->op) == BPF_ALU_END) {
|
|
301
|
+
/* bpf->k must be one of 16, 32, 64 */
|
|
302
|
+
MCInst_setOpcode(MI, MCInst_getOpcode(MI) | ((uint32_t)bpf->k << 4));
|
|
303
|
+
return true;
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
/* normal cases */
|
|
307
|
+
if (BPF_SRC(bpf->op) == BPF_SRC_K) {
|
|
308
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
309
|
+
}
|
|
310
|
+
else { /* BPF_SRC_X */
|
|
311
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
312
|
+
}
|
|
313
|
+
return true;
|
|
314
|
+
}
|
|
315
|
+
|
|
316
|
+
static bool decodeJump(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
317
|
+
{
|
|
318
|
+
/* cBPF and eBPF are very different in class jump */
|
|
319
|
+
if (!EBPF_MODE(ud)) {
|
|
320
|
+
if (BPF_OP(bpf->op) > BPF_JUMP_JSET)
|
|
321
|
+
return false;
|
|
322
|
+
|
|
323
|
+
/* ja is a special case of jumps */
|
|
324
|
+
if (BPF_OP(bpf->op) == BPF_JUMP_JA) {
|
|
325
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
326
|
+
return true;
|
|
327
|
+
}
|
|
328
|
+
|
|
329
|
+
if (BPF_SRC(bpf->op) == BPF_SRC_K)
|
|
330
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
331
|
+
else /* BPF_SRC_X */
|
|
332
|
+
MCOperand_CreateReg0(MI, BPF_REG_X);
|
|
333
|
+
MCOperand_CreateImm0(MI, bpf->jt);
|
|
334
|
+
MCOperand_CreateImm0(MI, bpf->jf);
|
|
335
|
+
}
|
|
336
|
+
else {
|
|
337
|
+
if (BPF_OP(bpf->op) > BPF_JUMP_JSLE)
|
|
338
|
+
return false;
|
|
339
|
+
|
|
340
|
+
/* No operands for exit */
|
|
341
|
+
if (BPF_OP(bpf->op) == BPF_JUMP_EXIT)
|
|
342
|
+
return bpf->op == (BPF_CLASS_JMP | BPF_JUMP_EXIT);
|
|
343
|
+
if (BPF_OP(bpf->op) == BPF_JUMP_CALL) {
|
|
344
|
+
if (bpf->op == (BPF_CLASS_JMP | BPF_JUMP_CALL)) {
|
|
345
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
346
|
+
return true;
|
|
347
|
+
}
|
|
348
|
+
if (bpf->op == (BPF_CLASS_JMP | BPF_JUMP_CALL | BPF_SRC_X)) {
|
|
349
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->k);
|
|
350
|
+
return true;
|
|
351
|
+
}
|
|
352
|
+
return false;
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
/* ja is a special case of jumps */
|
|
356
|
+
if (BPF_OP(bpf->op) == BPF_JUMP_JA) {
|
|
357
|
+
if (BPF_SRC(bpf->op) != BPF_SRC_K)
|
|
358
|
+
return false;
|
|
359
|
+
MCOperand_CreateImm0(MI, bpf->offset);
|
|
360
|
+
return true;
|
|
361
|
+
}
|
|
362
|
+
|
|
363
|
+
/* <j> dst, src, +off */
|
|
364
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->dst);
|
|
365
|
+
if (BPF_SRC(bpf->op) == BPF_SRC_K)
|
|
366
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
367
|
+
else
|
|
368
|
+
CHECK_READABLE_AND_PUSH(ud, MI, bpf->src);
|
|
369
|
+
MCOperand_CreateImm0(MI, bpf->offset);
|
|
370
|
+
}
|
|
371
|
+
return true;
|
|
372
|
+
}
|
|
373
|
+
|
|
374
|
+
static bool decodeReturn(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
375
|
+
{
|
|
376
|
+
/* Here only handles the BPF_RET class in cBPF */
|
|
377
|
+
switch (BPF_RVAL(bpf->op)) {
|
|
378
|
+
case BPF_SRC_K:
|
|
379
|
+
MCOperand_CreateImm0(MI, bpf->k);
|
|
380
|
+
return true;
|
|
381
|
+
case BPF_SRC_X:
|
|
382
|
+
MCOperand_CreateReg0(MI, BPF_REG_X);
|
|
383
|
+
return true;
|
|
384
|
+
case BPF_SRC_A:
|
|
385
|
+
MCOperand_CreateReg0(MI, BPF_REG_A);
|
|
386
|
+
return true;
|
|
387
|
+
}
|
|
388
|
+
return false;
|
|
389
|
+
}
|
|
390
|
+
|
|
391
|
+
static bool decodeMISC(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
392
|
+
{
|
|
393
|
+
uint16_t op = bpf->op ^ BPF_CLASS_MISC;
|
|
394
|
+
return op == BPF_MISCOP_TAX || op == BPF_MISCOP_TXA;
|
|
395
|
+
}
|
|
396
|
+
|
|
397
|
+
///< 1. Check if the instruction is valid
|
|
398
|
+
///< 2. Set MI->opcode
|
|
399
|
+
///< 3. Set MI->Operands
|
|
400
|
+
static bool getInstruction(cs_struct *ud, MCInst *MI, bpf_internal *bpf)
|
|
401
|
+
{
|
|
402
|
+
cs_detail *detail;
|
|
403
|
+
|
|
404
|
+
detail = MI->flat_insn->detail;
|
|
405
|
+
// initialize detail
|
|
406
|
+
if (detail) {
|
|
407
|
+
memset(detail, 0, offsetof(cs_detail, bpf) + sizeof(cs_bpf));
|
|
408
|
+
}
|
|
409
|
+
|
|
410
|
+
MCInst_clear(MI);
|
|
411
|
+
MCInst_setOpcode(MI, bpf->op);
|
|
412
|
+
|
|
413
|
+
switch (BPF_CLASS(bpf->op)) {
|
|
414
|
+
default: /* should never happen */
|
|
415
|
+
return false;
|
|
416
|
+
case BPF_CLASS_LD:
|
|
417
|
+
case BPF_CLASS_LDX:
|
|
418
|
+
return decodeLoad(ud, MI, bpf);
|
|
419
|
+
case BPF_CLASS_ST:
|
|
420
|
+
case BPF_CLASS_STX:
|
|
421
|
+
return decodeStore(ud, MI, bpf);
|
|
422
|
+
case BPF_CLASS_ALU:
|
|
423
|
+
return decodeALU(ud, MI, bpf);
|
|
424
|
+
case BPF_CLASS_JMP:
|
|
425
|
+
return decodeJump(ud, MI, bpf);
|
|
426
|
+
case BPF_CLASS_RET:
|
|
427
|
+
/* eBPF doesn't have this class */
|
|
428
|
+
if (EBPF_MODE(ud))
|
|
429
|
+
return false;
|
|
430
|
+
return decodeReturn(ud, MI, bpf);
|
|
431
|
+
case BPF_CLASS_MISC:
|
|
432
|
+
/* case BPF_CLASS_ALU64: */
|
|
433
|
+
if (EBPF_MODE(ud))
|
|
434
|
+
return decodeALU(ud, MI, bpf);
|
|
435
|
+
else
|
|
436
|
+
return decodeMISC(ud, MI, bpf);
|
|
437
|
+
}
|
|
438
|
+
}
|
|
439
|
+
|
|
440
|
+
bool BPF_getInstruction(csh ud, const uint8_t *code, size_t code_len,
|
|
441
|
+
MCInst *instr, uint16_t *size, uint64_t address, void *info)
|
|
442
|
+
{
|
|
443
|
+
cs_struct *cs;
|
|
444
|
+
bpf_internal *bpf;
|
|
445
|
+
|
|
446
|
+
cs = (cs_struct*)ud;
|
|
447
|
+
if (EBPF_MODE(cs))
|
|
448
|
+
bpf = fetch_ebpf(cs, code, code_len);
|
|
449
|
+
else
|
|
450
|
+
bpf = fetch_cbpf(cs, code, code_len);
|
|
451
|
+
if (bpf == NULL)
|
|
452
|
+
return false;
|
|
453
|
+
if (!getInstruction(cs, instr, bpf)) {
|
|
454
|
+
cs_mem_free(bpf);
|
|
455
|
+
return false;
|
|
456
|
+
}
|
|
457
|
+
|
|
458
|
+
*size = bpf->insn_size;
|
|
459
|
+
cs_mem_free(bpf);
|
|
460
|
+
|
|
461
|
+
return true;
|
|
462
|
+
}
|
|
463
|
+
|
|
464
|
+
#endif
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
/* Capstone Disassembly Engine */
|
|
2
|
+
/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
|
|
3
|
+
|
|
4
|
+
#ifndef CS_BPF_DISASSEMBLER_H
|
|
5
|
+
#define CS_BPF_DISASSEMBLER_H
|
|
6
|
+
|
|
7
|
+
#include "../../MCInst.h"
|
|
8
|
+
|
|
9
|
+
typedef struct bpf_internal {
|
|
10
|
+
uint16_t op;
|
|
11
|
+
uint64_t k;
|
|
12
|
+
/* for cBPF */
|
|
13
|
+
uint8_t jt;
|
|
14
|
+
uint8_t jf;
|
|
15
|
+
/* for eBPF */
|
|
16
|
+
uint8_t dst;
|
|
17
|
+
uint8_t src;
|
|
18
|
+
uint16_t offset;
|
|
19
|
+
|
|
20
|
+
/* length of this bpf instruction */
|
|
21
|
+
uint8_t insn_size;
|
|
22
|
+
} bpf_internal;
|
|
23
|
+
|
|
24
|
+
bool BPF_getInstruction(csh ud, const uint8_t *code, size_t code_len,
|
|
25
|
+
MCInst *instr, uint16_t *size, uint64_t address, void *info);
|
|
26
|
+
|
|
27
|
+
#endif
|