From 28d3c6ec9c27609f011a164937a6315f0642f22f Mon Sep 17 00:00:00 2001 From: Ark444 Date: Tue, 27 Oct 2015 11:36:50 +0100 Subject: [PATCH 1/4] added ARM register management (avoiding a crash and displaying some of cpsr flags) --- gxf/cpu.py | 38 ++++++++++++++++++++++++++----------- gxf/extensions/registers.py | 12 ++++++++++++ 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/gxf/cpu.py b/gxf/cpu.py index 03b47a0..544c0fc 100644 --- a/gxf/cpu.py +++ b/gxf/cpu.py @@ -10,6 +10,13 @@ def get_addrsz(): class Registers(object): + # ARM specific + CPSR_V = 1 << 28 + CPSR_C = 1 << 29 + CPSR_Z = 1 << 30 + CPSR_N = 1 << 31 + + # x86(_64) specific EFLAGS_CF = 1 << 0 EFLAGS_PF = 1 << 2 EFLAGS_AF = 1 << 4 @@ -49,19 +56,28 @@ def __init__(self): sl = l.split(None, 2) self.regs[sl[0]] = int(sl[1], 0) - eflags = self.regs["eflags"] - self.flags = {} - self.flags["CF"] = bool(eflags & self.EFLAGS_CF) - self.flags["PF"] = bool(eflags & self.EFLAGS_PF) - self.flags["AF"] = bool(eflags & self.EFLAGS_AF) - self.flags["ZF"] = bool(eflags & self.EFLAGS_ZF) - self.flags["SF"] = bool(eflags & self.EFLAGS_SF) - self.flags["TF"] = bool(eflags & self.EFLAGS_TF) - self.flags["IF"] = bool(eflags & self.EFLAGS_IF) - self.flags["DF"] = bool(eflags & self.EFLAGS_DF) - self.flags["OF"] = bool(eflags & self.EFLAGS_OF) + if 'eflags' in self.regs: # x86 + eflags = self.regs["eflags"] + + self.flags["CF"] = bool(eflags & self.EFLAGS_CF) + self.flags["PF"] = bool(eflags & self.EFLAGS_PF) + self.flags["AF"] = bool(eflags & self.EFLAGS_AF) + self.flags["ZF"] = bool(eflags & self.EFLAGS_ZF) + self.flags["SF"] = bool(eflags & self.EFLAGS_SF) + self.flags["TF"] = bool(eflags & self.EFLAGS_TF) + self.flags["IF"] = bool(eflags & self.EFLAGS_IF) + self.flags["DF"] = bool(eflags & self.EFLAGS_DF) + self.flags["OF"] = bool(eflags & self.EFLAGS_OF) + else: # ARM + cpsr = self.regs["cpsr"] + + self.flags["N"] = bool(cpsr & self.CPSR_N) + self.flags["Z"] = bool(cpsr & self.CPSR_Z) + self.flags["V"] = bool(cpsr & self.CPSR_V) + self.flags["C"] = bool(cpsr & self.CPSR_C) + def get(self, reg): """ diff --git a/gxf/extensions/registers.py b/gxf/extensions/registers.py index a4578ce..98ca54c 100644 --- a/gxf/extensions/registers.py +++ b/gxf/extensions/registers.py @@ -38,6 +38,17 @@ def run(self, args): if reg == "eflags" or (len(reg) == 2 and reg[1] == "s"): continue + if reg == "cpsr": + print("%s%s%s%s%s %s" % ( + Formattable(((ttype, "%-4s" % reg),(Token.Comment, ": "))), + ['v','V'][regs.flags['V']], + ['c','C'][regs.flags['C']], + ['z','Z'][regs.flags['Z']], + ['n','N'][regs.flags['N']], + memory.refchain(val))) + continue + + if reg in tomark: ttype = Token.Name.Builtin elif reg in ("rdi", "rsi", "rdx", "rcx", "r8", "r9"): @@ -51,3 +62,4 @@ def run(self, args): Formattable(((ttype, "%-4s" % reg), (Token.Comment, ": "))), memory.refchain(val))) + From 5a432ed5ab45379bfe8bcbe377becb5188da38e6 Mon Sep 17 00:00:00 2001 From: Ark444 Date: Tue, 27 Oct 2015 11:46:59 +0100 Subject: [PATCH 2/4] indentation --- gxf/extensions/registers.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/gxf/extensions/registers.py b/gxf/extensions/registers.py index 98ca54c..edd35bd 100644 --- a/gxf/extensions/registers.py +++ b/gxf/extensions/registers.py @@ -39,13 +39,14 @@ def run(self, args): continue if reg == "cpsr": - print("%s%s%s%s%s %s" % ( - Formattable(((ttype, "%-4s" % reg),(Token.Comment, ": "))), - ['v','V'][regs.flags['V']], - ['c','C'][regs.flags['C']], - ['z','Z'][regs.flags['Z']], - ['n','N'][regs.flags['N']], - memory.refchain(val))) + print("%sN:%s Z:%s C:%s V:%s %s" % ( + Formattable(((ttype, "%-4s" % reg), + (Token.Comment, ": "))), + str(int(regs.flags['V'])), + str(int(regs.flags['C'])), + str(int(regs.flags['Z'])), + str(int(regs.flags['N'])), + memory.refchain(val))) continue From 029d3af4f389261f96641909a72d4f301d6e613c Mon Sep 17 00:00:00 2001 From: Ark444 Date: Tue, 27 Oct 2015 13:57:11 +0100 Subject: [PATCH 3/4] modified condition to be more logical --- gxf/cpu.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gxf/cpu.py b/gxf/cpu.py index 544c0fc..36672be 100644 --- a/gxf/cpu.py +++ b/gxf/cpu.py @@ -70,7 +70,7 @@ def __init__(self): self.flags["IF"] = bool(eflags & self.EFLAGS_IF) self.flags["DF"] = bool(eflags & self.EFLAGS_DF) self.flags["OF"] = bool(eflags & self.EFLAGS_OF) - else: # ARM + elif 'cpsr' in self.regs: # ARM cpsr = self.regs["cpsr"] self.flags["N"] = bool(cpsr & self.CPSR_N) From 5c18fe9a267fecffe62dff99be53de72069d202f Mon Sep 17 00:00:00 2001 From: Ark444 Date: Wed, 28 Oct 2015 19:57:29 +0100 Subject: [PATCH 4/4] removed cpsr register flag display, will work on making it behaving like it is for x86 (using the heading calculation) --- gxf/extensions/registers.py | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/gxf/extensions/registers.py b/gxf/extensions/registers.py index edd35bd..c231641 100644 --- a/gxf/extensions/registers.py +++ b/gxf/extensions/registers.py @@ -35,21 +35,9 @@ def run(self, args): tomark.extend(regs.impact.get(t, ())) for reg, val in regs.regs.items(): - if reg == "eflags" or (len(reg) == 2 and reg[1] == "s"): + if reg == "cpsr" or reg == "eflags" or (len(reg) == 2 and reg[1] == "s"): continue - if reg == "cpsr": - print("%sN:%s Z:%s C:%s V:%s %s" % ( - Formattable(((ttype, "%-4s" % reg), - (Token.Comment, ": "))), - str(int(regs.flags['V'])), - str(int(regs.flags['C'])), - str(int(regs.flags['Z'])), - str(int(regs.flags['N'])), - memory.refchain(val))) - continue - - if reg in tomark: ttype = Token.Name.Builtin elif reg in ("rdi", "rsi", "rdx", "rcx", "r8", "r9"):