archinfo — Arch Information Repository

archinfo is a collection of classes that contain architecture-specific information. It is useful for cross-architecture tools (such as pyvex).

Architectures

class archinfo.arch.Endness

Bases: object

Endness specifies the byte order for integer values

Variables

• LE – little endian, least significant byte is stored at lowest address

• BE – big endian, most significant byte is stored at lowest address

• ME – Middle-endian. Yep.

LE = 'Iend_LE'

BE = 'Iend_BE'

ME = 'Iend_ME'

class archinfo.arch.Register(name, size, vex_offset=None, vex_name=None, subregisters=None, alias_names=None, general_purpose=False, floating_point=False, vector=False, argument=False, persistent=False, default_value=None, linux_entry_value=None, concretize_unique=False, concrete=True, artificial=False)

Bases: object

A collection of information about a register. Each different architecture has its own list of registers, which is the base for all other register-related collections.

It is, just like for Arch object, assumed that the information is compatible with PyVEX.

Variables

• name (str) – The name of the register

• size (int) – The size of the register (in bytes)

• vex_offset (int) – The VEX offset used to identify this register

• vex_name (str) – The name libVEX uses to identify the register

• subregisters (list) – The list of subregisters in the form (name, offset from vex_offset, size)

• alias_names (tuple) – The list of possible alias names

• general_purpose (bool) – Whether this is a general purpose register

• floating_point (bool) – Whether this is a floating-point register

• vector (bool) – Whether this is a vector register

• argument (bool) – Whether this is an argument register

• persistent (bool) – Whether this is a persistent register

• default_value (tuple) – The offset of the instruction pointer in the register file

• linux_entry_value (int, str) – The offset of the instruction pointer in the register file

• concretize_unique (bool) – Whether this register should be concretized, if unique, at the end of each block

• concrete (bool) – Whether this register should be considered during the synchronization of the concrete execution of the process

• artificial (bool) – Whether this register is an artificial register added by VEX IR or other ILs.

class archinfo.arch.Arch(endness, instruction_endness=None)

Bases: object

A collection of information about a given architecture. This class should be subclasses for each different architecture, and then that subclass should be registered with the register_arch method.

A good number of assumptions are made that code is being processed under the VEX IR - for instance, it is expected the register file offsets are expected to match code generated by PyVEX.

Arches may be compared with == and !=.

Variables

• name (str) – The name of the arch

• bits (int) – The number of bits in a word

• vex_arch (str) – The VEX enum name used to identify this arch

• qemu_name (str) – The name used by QEMU to identify this arch

• ida_processor (str) – The processor string used by IDA to identify this arch

• triplet (str) – The triplet used to identify a linux system on this arch

• max_inst_bytes (int) – The maximum number of bytes in a single instruction

• ip_offset (int) – The offset of the instruction pointer in the register file

• sp_offset (int) – The offset of the stack pointer in the register file

• bp_offset (int) – The offset of the base pointer in the register file

• lr_offset (int) – The offset of the link register (return address) in the register file

• ret_offset (int) – The offset of the return value register in the register file

• vex_conditional_helpers (bool) – Whether libVEX will generate code to process the conditional flags for this arch using ccalls

• syscall_num_offset (int) – The offset in the register file where the syscall number is stored

• call_pushes_ret (bool) – Whether this arch’s call instruction causes a stack push

• stack_change (int) – The change to the stack pointer caused by a push instruction

• memory_endness (str) – The endness of memory, as a VEX enum

• register_endness (str) – The endness of registers, as a VEX enum. Should usually be same as above

• instruction_endness (str) – The endness of instructions stored in memory. In other words, this controls whether instructions are stored endian-flipped compared to their description in the ISA manual, and should be flipped when lifted. Iend_BE means “don’t flip” NOTE: Only used for non-libVEX lifters.

• sizeof (dict) – A mapping from C type to variable size in bits

• cs_arch – The Capstone arch value for this arch

• cs_mode – The Capstone mode value for this arch

• ks_arch – The Keystone arch value for this arch

• ks_mode – The Keystone mode value for this arch

• uc_arch – The Unicorn engine arch value for this arch

• uc_mode – The Unicorn engine mode value for this arch

• uc_const – The Unicorn engine constants module for this arch

• uc_prefix – The prefix used for variables in the Unicorn engine constants module

• function_prologs (list) – A list of regular expressions matching the bytes for common function prologues

• function_epilogs (list) – A list of regular expressions matching the bytes for common function epilogues

• ret_instruction (str) – The bytes for a return instruction

• nop_instruction (str) – The bytes for a nop instruction

• instruction_alignment (int) – The instruction alignment requirement

• default_register_values (list) – A weird listing describing how registers should be initialized for purposes of sanity

• entry_register_values (dict) – A mapping from register name to a description of the value that should be in it at program entry on linux

• default_symbolic_register (list) – Honestly, who knows what this is supposed to do. Fill it with the names of the general purpose registers.

• register_names (dict) – A mapping from register file offset to register name

• registers (dict) – A mapping from register name to a tuple of (register file offset, size in bytes)

• lib_paths (list) – A listing of common locations where shared libraries for this architecture may be found

• got_section_name (str) – The name of the GOT section in ELFs

• ld_linux_name (str) – The name of the linux dynamic loader program

• byte_width (int) – the number of bits in a byte.

• elf_tls (TLSArchInfo) – A description of how thread-local storage works

byte_width = 8

elf_tls = None

instruction_endness = 'Iend_BE'

copy()

Produce a copy of this instance of this arch.

get_register_by_name(reg_name)

Return the Register object associated with the given name. This includes subregisters.

For example, if you are operating in a platform-independent setting, and wish to address “whatever the stack pointer is” you could pass ‘sp’ here, and get Register(…r13…) back on an ARM platform.

get_default_reg_value(register)

struct_fmt(size=None, signed=False, endness=None)

Produce a format string for use in python’s struct module to decode a single word.

Parameters

• size (int) – The size in bytes to pack/unpack. Defaults to wordsize

• signed (bool) – Whether the data should be extracted signed/unsigned. Default unsigned

• endness (str) – The endian to use in packing/unpacking. Defaults to memory endness

Return str

A format string with an endness modifier and a single format character

sizeof = {}

property capstone

A Capstone instance for this arch

property keystone

A Keystone instance for this arch

property unicorn

A Unicorn engine instance for this arch

asm(string, addr=0, as_bytes=True, thumb=False)

Compile the assembly instruction represented by string using Keystone

Parameters

• string – The textual assembly instructions, separated by semicolons

• addr – The address at which the text should be assembled, to deal with PC-relative access. Default 0

• as_bytes – Set to False to return a list of integers instead of a python byte string

• thumb – If working with an ARM processor, set to True to assemble in thumb mode.

Returns

The assembled bytecode

disasm(bytestring, addr=0, thumb=False)

translate_dynamic_tag(tag)

translate_symbol_type(tag)

translate_register_name(offset, size=None)

get_base_register(offset, size=None)

Convert a register or sub-register to its base register’s offset.

Parameters

• offset (int) – The offset of the register to look up for.

• size (int) – Size of the register.

Returns

Offset and size of the base register, or None if no base register is found.

get_register_offset(name)

is_artificial_register(offset, size)

library_search_path(pedantic=False)

A list of paths in which to search for shared libraries.

m_addr(addr, *args, **kwargs)

Given the address of some code block, convert it to the address where this block is stored in memory. The memory address can also be referred to as the “real” address.

Parameters

addr – The address to convert.

Returns

The “real” address in memory.

Return type

int

x_addr(addr, *args, **kwargs)

Given the address of some code block, convert it to the value that should be assigned to the instruction pointer register in order to execute the code in that block.

Parameters

addr – The address to convert.

Returns

The “execution” address.

Return type

int

is_thumb(addr)

Return True, if the address is the THUMB address. False otherwise.

For non-ARM architectures this method always returns False.

Parameters

addr – The address to check.

Returns

Whether the given address is the THUMB address.

property vex_support

Whether the architecture is supported by VEX or not.

Returns

True if this Arch is supported by VEX, False otherwise.

Return type

bool

property unicorn_support

Whether the architecture is supported by Unicorn engine or not,

Returns

True if this Arch is supported by the Unicorn engine, False otherwise.

Return type

bool

property capstone_support

Whether the architecture is supported by the Capstone engine or not.

Returns

True if this Arch is supported by the Capstone engine, False otherwise.

Return type

bool

property keystone_support

Whether the architecture is supported by the Keystone engine or not.

Returns

True if this Arch is supported by the Keystone engine, False otherwise.

Return type

bool

address_types = (<class 'int'>,)

function_address_types = (<class 'int'>,)

name = None

vex_arch = None

qemu_name = None

ida_processor = None

linux_name = None

triplet = None

max_inst_bytes = None

ret_instruction = b''

nop_instruction = b''

instruction_alignment = None

ip_offset = None

sp_offset = None

bp_offset = None

ret_offset = None

lr_offset = None

vex_conditional_helpers = False

bits = None

memory_endness = 'Iend_LE'

register_endness = 'Iend_LE'

stack_change = None

cache_irsb = True

branch_delay_slot = False

function_prologs = {}

function_epilogs = {}

cs_arch = None

cs_mode = None

ks_arch = None

ks_mode = None

uc_arch = None

uc_mode = None

uc_const = None

uc_prefix = None

uc_regs = None

artificial_registers_offsets = None

artificial_registers = None

cpu_flag_register_offsets_and_bitmasks_map = None

reg_blacklist = None

reg_blacklist_offsets = None

vex_to_unicorn_map = None

vex_cc_regs = None

call_pushes_ret = False

initial_sp = 2147418112

call_sp_fix = 0

stack_size = 134217728

register_list = []

default_register_values = []

entry_register_values = {}

default_symbolic_registers = []

registers = {}

register_names = {}

argument_registers = {}

argument_register_positions = {}

persistent_regs = []

concretize_unique_registers = {}

lib_paths = []

reloc_s_a = []

reloc_b_a = []

reloc_s = []

reloc_copy = []

reloc_tls_mod_id = []

reloc_tls_doffset = []

reloc_tls_offset = []

dynamic_tag_translation = {}

symbol_type_translation = {}

got_section_name = ''

vex_archinfo = None

archinfo.arch.register_arch(regexes, bits, endness, my_arch)

Register a new architecture. Architectures are loaded by their string name using arch_from_id(), and this defines the mapping it uses to figure it out. Takes a list of regular expressions, and an Arch class as input.

Parameters

• regexes (list) – List of regular expressions (str or SRE_Pattern)

• bits (int) – The canonical “bits” of this architecture, ex. 32 or 64

• endness (str or None) – The “endness” of this architecture. Use Endness.LE, Endness.BE, Endness.ME, “any”, or None if the architecture has no intrinsic endianness.

• my_arch (class) –

Returns

None

exception archinfo.arch.ArchNotFound

Bases: Exception

archinfo.arch.arch_from_id(ident, endness='any', bits='') → archinfo.arch.Arch

Take our best guess at the arch referred to by the given identifier, and return an instance of its class.

You may optionally provide the endness and bits parameters (strings) to help this function out.

archinfo.arch.reverse_ends(string)

archinfo.arch.get_host_arch()

Return the arch of the machine we are currently running on.

class archinfo.arch_aarch64.ArchAArch64(endness='Iend_LE')

Bases: archinfo.arch.Arch

bits = 64

vex_arch = 'VexArchARM64'

name = 'AARCH64'

qemu_name = 'aarch64'

ida_processor = 'arm'

linux_name = 'aarch64'

triplet = 'aarch64-linux-gnueabihf'

max_inst_bytes = 4

ret_offset = 16

vex_conditional_helpers = True

syscall_num_offset = 80

call_pushes_ret = False

stack_change = -8

memory_endness = 'Iend_LE'

register_endness = 'Iend_LE'

instruction_endness = 'Iend_LE'

sizeof = {'int': 32, 'long': 64, 'long long': 64, 'short': 16}

cs_arch = 1

cs_mode = 0

uc_arch = 2

uc_mode = 0

uc_const = <module 'unicorn.arm64_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/arm64_const.py'>

uc_prefix = 'UC_ARM64_'

initial_sp = 576460752303357952

ret_instruction = b'\xc0\x03_\xd6'

nop_instruction = b'\x1f \x03\xd5'

function_prologs = {}

function_epilogs = {}

instruction_alignment = 4

register_list = [<Register x0>, <Register x1>, <Register x2>, <Register x3>, <Register x4>, <Register x5>, <Register x6>, <Register x7>, <Register x8>, <Register x9>, <Register x10>, <Register x11>, <Register x12>, <Register x13>, <Register x14>, <Register x15>, <Register x16>, <Register x17>, <Register x18>, <Register x19>, <Register x20>, <Register x21>, <Register x22>, <Register x23>, <Register x24>, <Register x25>, <Register x26>, <Register x27>, <Register x28>, <Register x29>, <Register x30>, <Register xsp>, <Register pc>, <Register cc_op>, <Register cc_dep1>, <Register cc_dep2>, <Register cc_ndep>, <Register tpidr_el0>, <Register q0>, <Register q1>, <Register q2>, <Register q3>, <Register q4>, <Register q5>, <Register q6>, <Register q7>, <Register q8>, <Register q9>, <Register q10>, <Register q11>, <Register q12>, <Register q13>, <Register q14>, <Register q15>, <Register q16>, <Register q17>, <Register q18>, <Register q19>, <Register q20>, <Register q21>, <Register q22>, <Register q23>, <Register q24>, <Register q25>, <Register q26>, <Register q27>, <Register q28>, <Register q29>, <Register q30>, <Register q31>, <Register qcflag>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register ip_at_syscall>, <Register fpcr>]

got_section_name = '.got'

ld_linux_name = 'ld-linux-aarch64.so.1'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=32, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=0, dtv_entry_offset=0)

class archinfo.arch_amd64.ArchAMD64(endness='Iend_LE')

Bases: archinfo.arch.Arch

property capstone_x86_syntax

The current syntax Capstone uses for x64. It can be ‘intel’ or ‘at&t’

property keystone_x86_syntax

The current syntax Keystone uses for x86. It can be ‘intel’, ‘at&t’, ‘nasm’, ‘masm’, ‘gas’ or ‘radix16’

bits = 64

vex_arch = 'VexArchAMD64'

vex_endness = 'VexEndnessLE'

name = 'AMD64'

qemu_name = 'x86_64'

ida_processor = 'metapc'

linux_name = 'x86_64'

triplet = 'x86_64-linux-gnu'

max_inst_bytes = 15

ret_offset = 16

vex_conditional_helpers = True

syscall_num_offset = 16

call_pushes_ret = True

stack_change = -8

initial_sp = 576460752303357952

call_sp_fix = -8

memory_endness = 'Iend_LE'

register_endness = 'Iend_LE'

sizeof = {'int': 32, 'long': 64, 'long long': 64, 'short': 16}

cs_arch = 3

cs_mode = 8

uc_arch = 4

uc_mode = 8

uc_const = <module 'unicorn.x86_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/x86_const.py'>

uc_prefix = 'UC_X86_'

function_prologs = [b'\xf3\x0f\x1e\xfa\\x55\\x48\\x89\\xe5', b'\xf3\x0f\x1e\xfa\\x48[\\x83,\\x81]\\xec[\\x00-\\xff]', b'\\x55\\x48\\x89\\xe5', b'\\x48[\\x83,\\x81]\\xec[\\x00-\\xff]']

function_epilogs = {b'([^\\x41][\\x50-\\x5f]{1}|\\x41[\\x50-\\x5f])\\xc3', b'\\x48[\\x83,\\x81]\\xc4([\\x00-\\xff]{1}|[\\x00-\\xff]{4})\\xc3', b'\\xc9\\xc3'}

ret_instruction = b'\xc3'

nop_instruction = b'\x90'

instruction_alignment = 1

register_list = [<Register rax>, <Register rcx>, <Register rdx>, <Register rbx>, <Register rsp>, <Register rbp>, <Register rsi>, <Register rdi>, <Register r8>, <Register r9>, <Register r10>, <Register r11>, <Register r12>, <Register r13>, <Register r14>, <Register r15>, <Register cc_op>, <Register cc_dep1>, <Register cc_dep2>, <Register cc_ndep>, <Register d>, <Register rip>, <Register ac>, <Register id>, <Register fs>, <Register sseround>, <Register cr0>, <Register cr2>, <Register cr3>, <Register cr4>, <Register cr8>, <Register ymm0>, <Register ymm1>, <Register ymm2>, <Register ymm3>, <Register ymm4>, <Register ymm5>, <Register ymm6>, <Register ymm7>, <Register ymm8>, <Register ymm9>, <Register ymm10>, <Register ymm11>, <Register ymm12>, <Register ymm13>, <Register ymm14>, <Register ymm15>, <Register ftop>, <Register fpreg>, <Register fptag>, <Register fpround>, <Register fc3210>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register gs>, <Register ip_at_syscall>]

symbol_type_translation = {10: 'STT_GNU_IFUNC', 'STT_LOOS': 'STT_GNU_IFUNC'}

got_section_name = '.got.plt'

ld_linux_name = 'ld-linux-x86-64.so.2'

elf_tls = TLSArchInfo(variant=2, tcbhead_size=704, head_offsets=[16], dtv_offsets=[8], pthread_offsets=[0], tp_offset=0, dtv_entry_offset=0)

archinfo.arch_arm.is_arm_arch(a)

archinfo.arch_arm.get_real_address_if_arm(arch, addr)

Obtain the real address of an instruction. ARM architectures are supported.

Parameters

• arch (Arch) – The Arch object.

• addr (int) – The instruction address.

Returns

The real address of an instruction.

Return type

int

class archinfo.arch_arm.ArchARM(endness='Iend_LE')

Bases: archinfo.arch.Arch

property capstone_thumb

property keystone_thumb

property unicorn_thumb

m_addr(addr, *args, **kwargs)

Given the address of some code block, convert it to the address where this block is stored in memory. The memory address can also be referred to as the “real” address.

For ARM-architecture, the “real” address is always even (has its lowest bit clear).

Parameters

addr – The address to convert.

Returns

The “real” address in memory.

Return type

int

x_addr(addr, thumb=None, *args, **kwargs)

Given the address of some code block, convert it to the value that should be assigned to the instruction pointer register in order to execute the code in that block.

Parameters

• addr – The address to convert.

• thumb – Set this parameter to True if you want to convert the address into the THUMB form. Set this parameter to False if you want to convert the address into the ARM form. Set this parameter to None (default) if you want to keep the address as is.

Returns

The “execution” address.

Return type

int

is_thumb(addr)

Return True, if the address is the THUMB address. False otherwise.

Parameters

addr – The address to check.

Returns

Whether the given address is the THUMB address.

bits = 32

vex_arch = 'VexArchARM'

name = 'ARMEL'

qemu_name = 'arm'

ida_processor = 'armb'

linux_name = 'arm'

triplet = 'arm-linux-gnueabihf'

max_inst_bytes = 4

ret_offset = 8

vex_conditional_helpers = True

syscall_num_offset = 36

call_pushes_ret = False

stack_change = -4

memory_endness = 'Iend_LE'

register_endness = 'Iend_LE'

sizeof = {'int': 32, 'long': 32, 'long long': 64, 'short': 16}

cs_arch = 0

cs_mode = 0

uc_arch = 1

uc_mode = 0

uc_mode_thumb = 16

uc_const = <module 'unicorn.arm_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/arm_const.py'>

uc_prefix = 'UC_ARM_'

ret_instruction = b'\x1e\xff/\xe1'

nop_instruction = b'\x00\x00\x00\x00'

function_prologs = {b'\\r\\xc0\\xa0\\xe1[\\x00-\\xff][\\x40-\\x7f\\xc0-\\xff]\\x2d\\xe9', b'\\r\\xc0\\xa0\\xe1\\x04\\xe0\\x2d\\xe5', b'\\x04\\xe0\\x2d\\xe5'}

thumb_prologs = {b'[\\x00-\\xff]\\x4b[\\x00-\\xff]\\x4a\\x7b\\x44\\x30\\xb5', b'[\\x00-\\xff]\\xb4\\x00\\xb5[\\x80-\\xff]\\xb0', b'[\\x00\\x08\\x10\\x30\\x38\\x70\\xf0\\xf8]\\xb5[\\x00-\\xff]\\x4c\\xa5\\x44', b'[\\x00\\x08\\x10\\x30\\x38\\x70\\xf0\\xf8]\\xb5[\\x03-\\x07\\x0c-\\x0f\\x1e-\\x1f]\\x46', b'[\\x00\\x10\\x30\\x70\\xf0][\\xb4\\xb5][\\x80-\\x8f\\xa3\\xa8]\\xb0', b'[\\x80-\\xff]\\xb0[\\x00-\\xff]\\x90', b'\\x08\\xb5\\x00[\\x22\\x23]', b'\\x2d\\xe9\\xb0\\x41', b'\\x2d\\xe9\\xf0[\\x41\\x43\\x46\\x47\\x4d\\x4f]', b'\\x2d\\xe9\\xf8[\\x43\\x46\\x4f]', b'\\x38\\xb5\\x40\\xf2\\x00\\x03\\xc0\\xf2\\x00\\x03', b'\\x80\\xb4[\\x80-\\xff]\\xb0'}

function_epilogs = {b'[\\x00-\\xff]{2}\\xbd\\xe8\\x1e\\xff\\x2f\\xe1\\x04\\xe0\\x9d\\xe4\\x1e\\xff\\x2f\\xe1'}

instruction_alignment = 2

register_list = [<Register r0>, <Register r1>, <Register r2>, <Register r3>, <Register r4>, <Register r5>, <Register r6>, <Register r7>, <Register r8>, <Register r9>, <Register r10>, <Register r11>, <Register r12>, <Register sp>, <Register lr>, <Register pc>, <Register cc_op>, <Register cc_dep1>, <Register cc_dep2>, <Register cc_ndep>, <Register qflag32>, <Register geflag0>, <Register geflag1>, <Register geflag2>, <Register geflag3>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register ip_at_syscall>, <Register d0>, <Register d1>, <Register d2>, <Register d3>, <Register d4>, <Register d5>, <Register d6>, <Register d7>, <Register d8>, <Register d9>, <Register d10>, <Register d11>, <Register d12>, <Register d13>, <Register d14>, <Register d15>, <Register d16>, <Register d17>, <Register d18>, <Register d19>, <Register d20>, <Register d21>, <Register d22>, <Register d23>, <Register d24>, <Register d25>, <Register d26>, <Register d27>, <Register d28>, <Register d29>, <Register d30>, <Register d31>, <Register fpscr>, <Register tpidruro>, <Register itstate>]

got_section_name = '.got'

ld_linux_name = 'ld-linux.so.3'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=8, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=0, dtv_entry_offset=0)

class archinfo.arch_arm.ArchARMHF(endness='Iend_LE')

Bases: archinfo.arch_arm.ArchARM

name = 'ARMHF'

triplet = 'arm-linux-gnueabihf'

ld_linux_name = 'ld-linux-armhf.so.3'

class archinfo.arch_arm.ArchARMEL(endness='Iend_LE')

Bases: archinfo.arch_arm.ArchARM

name = 'ARMEL'

triplet = 'arm-linux-gnueabi'

ld_linux_name = 'ld-linux.so.3'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=8, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=0, dtv_entry_offset=0)

class archinfo.arch_arm.ArchARMCortexM(*args, **kwargs)

Bases: archinfo.arch_arm.ArchARMEL

This is an architecture description for ARM Cortex-M microcontroller-class CPUs.

These CPUs have the following unusual / annoying distinctions from their relatives: - Explicitly only support the Thumb-2 instruction set. Executing with the T-bit off causes the processor to fault instantly - Always little-endian - Coprocessors? Nope, none of that rubbish - Well-known standard memory map across all devices - Rarely use an MPU, even though this does exist on some devices - A built-in “NVIC” (Nested Vectored Interrupt Controller) as part of the standard. - Standardized “blob format” including the IVT, with initial SP and entry prepended - Usually don’t run an OS (SimLinux? No thanks) - As part of the above, handle syscalls (SVC) instructions through an interrupt (now called PendSV) Uses its own fancy stack layout for this, which (UGH) varies by sub-sub-architecture - Some fancy instructions normally never seen in other uses of Thumb (CPSID, CPSIE, WFI, MRS.W, MSR.W) - New registers, namely: * FAULTMASK * PRIMASK * BASEPRI * CONTROL * SP, banked as PSP or MSP * PSR, now just one PSR, with a few meta-registers APSR, IPSR, and EPSR which take a chunk of that each

name = 'ARMCortexM'

triplet = 'arm-none-eabi'

function_prologs = {}

thumb_prologs = {b'[\\x00-\\xff]\\xb5', b'\\x2d\\xe9[\\x00-\\xff][\\x00-\\xff]'}

function_epilogs = {b'[\\x00-\\xff]\\xbd'}

register_list = [<Register r0>, <Register r1>, <Register r2>, <Register r3>, <Register r4>, <Register r5>, <Register r6>, <Register r7>, <Register r8>, <Register r9>, <Register r10>, <Register r11>, <Register r12>, <Register sp>, <Register lr>, <Register pc>, <Register cc_op>, <Register cc_dep1>, <Register cc_dep2>, <Register cc_ndep>, <Register qflag32>, <Register ip_at_syscall>, <Register d0>, <Register d1>, <Register d2>, <Register d3>, <Register d4>, <Register d5>, <Register d6>, <Register d7>, <Register d8>, <Register d9>, <Register d10>, <Register d11>, <Register d12>, <Register d13>, <Register d14>, <Register d15>, <Register fpscr>, <Register itstate>, <Register faultmask>, <Register basepri>, <Register primask>, <Register iepsr>, <Register control>]

cs_arch = 0

cs_mode = 48

uc_arch = 1

uc_mode = 16

uc_mode_thumb = 16

property capstone_thumb

property keystone_thumb

class archinfo.arch_avr.ArchAVR8(endness='Iend_LE')

Bases: archinfo.arch.Arch

bits = 32

vex_arch = None

name = 'AVR8'

qemu_name = 'avr'

linux_name = 'avr'

triplet = 'avr-linux-gnu'

max_inst_bytes = 4

instruction_alignment = 2

elf_tls = TLSArchInfo(variant=1, tcbhead_size=8, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=0, dtv_entry_offset=0)

class archinfo.arch_mips32.ArchMIPS32(endness='Iend_BE')

Bases: archinfo.arch.Arch

bits = 32

vex_arch = 'VexArchMIPS32'

name = 'MIPS32'

ida_processor = 'mipsb'

qemu_name = 'mipsel'

linux_name = 'mipsel'

triplet = 'mipsel-linux-gnu'

max_inst_bytes = 4

ret_offset = 16

syscall_num_offset = 16

call_pushes_ret = False

stack_change = -4

branch_delay_slot = True

sizeof = {'int': 32, 'long': 32, 'long long': 64, 'short': 16}

cs_arch = 2

cs_mode = 4

uc_arch = 3

uc_mode = 4

uc_const = <module 'unicorn.mips_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/mips_const.py'>

uc_prefix = 'UC_MIPS_'

function_prologs = {b'[\\x00-\\xff][\\x00-\\xff]\\x1c\\x3c[\\x00-\\xff][\\x00-\\xff]\\x9c\\x27', b'[\\x00-\\xff]\\xff\\xbd\\x27'}

function_epilogs = {b'[\\x00-\\xff]{2}\\xbf\\x8f([\\x00-\\xff]{4}){0,4}\\x08\\x00\\xe0\\x03'}

ret_instruction = b'\x08\x00\xe0\x03%\x08 \x00'

nop_instruction = b'\x00\x00\x00\x00'

instruction_alignment = 4

register_list = [<Register zero>, <Register at>, <Register v0>, <Register v1>, <Register a0>, <Register a1>, <Register a2>, <Register a3>, <Register t0>, <Register t1>, <Register t2>, <Register t3>, <Register t4>, <Register t5>, <Register t6>, <Register t7>, <Register s0>, <Register s1>, <Register s2>, <Register s3>, <Register s4>, <Register s5>, <Register s6>, <Register s7>, <Register t8>, <Register t9>, <Register k0>, <Register k1>, <Register gp>, <Register sp>, <Register s8>, <Register ra>, <Register pc>, <Register hi>, <Register lo>, <Register f0>, <Register f1>, <Register f2>, <Register f3>, <Register f4>, <Register f5>, <Register f6>, <Register f7>, <Register f8>, <Register f9>, <Register f10>, <Register f11>, <Register f12>, <Register f13>, <Register f14>, <Register f15>, <Register f16>, <Register f17>, <Register f18>, <Register f19>, <Register f20>, <Register f21>, <Register f22>, <Register f23>, <Register f24>, <Register f25>, <Register f26>, <Register f27>, <Register f28>, <Register f29>, <Register f30>, <Register f31>, <Register fir>, <Register fccr>, <Register fexr>, <Register fenr>, <Register fcsr>, <Register ulr>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register cond>, <Register dspcontrol>, <Register ac0>, <Register ac1>, <Register ac2>, <Register ac3>, <Register cp0_status>, <Register ip_at_syscall>]

dynamic_tag_translation = {1879048193: 'DT_MIPS_RLD_VERSION', 1879048194: 'DT_MIPS_TIME_STAMP', 1879048195: 'DT_MIPS_ICHECKSUM', 1879048196: 'DT_MIPS_IVERSION', 1879048197: 'DT_MIPS_FLAGS', 1879048198: 'DT_MIPS_BASE_ADDRESS', 1879048199: 'DT_MIPS_MSYM', 1879048200: 'DT_MIPS_CONFLICT', 1879048201: 'DT_MIPS_LIBLIST', 1879048202: 'DT_MIPS_LOCAL_GOTNO', 1879048203: 'DT_MIPS_CONFLICTNO', 1879048208: 'DT_MIPS_LIBLISTNO', 1879048209: 'DT_MIPS_SYMTABNO', 1879048210: 'DT_MIPS_UNREFEXTNO', 1879048211: 'DT_MIPS_GOTSYM', 1879048212: 'DT_MIPS_HIPAGENO', 1879048214: 'DT_MIPS_RLD_MAP', 1879048215: 'DT_MIPS_DELTA_CLASS', 1879048216: 'DT_MIPS_DELTA_CLASS_NO', 1879048217: 'DT_MIPS_DELTA_INSTANCE', 1879048218: 'DT_MIPS_DELTA_INSTANCE_NO', 1879048219: 'DT_MIPS_DELTA_RELOC', 1879048220: 'DT_MIPS_DELTA_RELOC_NO', 1879048221: 'DT_MIPS_DELTA_SYM', 1879048222: 'DT_MIPS_DELTA_SYM_NO', 1879048224: 'DT_MIPS_DELTA_CLASSSYM', 1879048225: 'DT_MIPS_DELTA_CLASSSYM_NO', 1879048226: 'DT_MIPS_CXX_FLAGS', 1879048227: 'DT_MIPS_PIXIE_INIT', 1879048228: 'DT_MIPS_SYMBOL_LIB', 1879048229: 'DT_MIPS_LOCALPAGE_GOTIDX', 1879048230: 'DT_MIPS_LOCAL_GOTIDX', 1879048231: 'DT_MIPS_HIDDEN_GOTIDX', 1879048232: 'DT_MIPS_PROTECTED_GOTIDX', 1879048233: 'DT_MIPS_OPTIONS', 1879048234: 'DT_MIPS_INTERFACE', 1879048235: 'DT_MIPS_DYNSTR_ALIGN', 1879048236: 'DT_MIPS_INTERFACE_SIZE', 1879048237: 'DT_MIPS_RLD_TEXT_RESOLVE_ADDR', 1879048238: 'DT_MIPS_PERF_SUFFIX', 1879048239: 'DT_MIPS_COMPACT_SIZE', 1879048240: 'DT_MIPS_GP_VALUE', 1879048241: 'DT_MIPS_AUX_DYNAMIC', 1879048242: 'DT_MIPS_PLTGOT'}

got_section_name = '.got'

ld_linux_name = 'ld.so.1'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=8, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=28672, dtv_entry_offset=32768)

class archinfo.arch_mips64.ArchMIPS64(endness='Iend_BE')

Bases: archinfo.arch.Arch

bits = 64

vex_arch = 'VexArchMIPS64'

name = 'MIPS64'

qemu_name = 'mips64el'

ida_processor = 'mips64'

linux_name = 'mips64el'

triplet = 'mips64el-linux-gnu'

max_inst_bytes = 4

ret_offset = 32

syscall_register_offset = 16

call_pushes_ret = False

stack_change = -8

branch_delay_slot = True

sizeof = {'int': 32, 'long': 64, 'long long': 64, 'short': 16}

cs_arch = 2

cs_mode = 8

uc_arch = 3

uc_mode = 8

uc_const = <module 'unicorn.mips_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/mips_const.py'>

uc_prefix = 'UC_MIPS_'

function_prologs = {}

function_epilogs = {}

ret_instruction = b'\x08\x00\xe0\x03%\x08 \x00'

nop_instruction = b'\x00\x00\x00\x00'

instruction_alignment = 4

register_list = [<Register zero>, <Register at>, <Register v0>, <Register v1>, <Register a0>, <Register a1>, <Register a2>, <Register a3>, <Register t0>, <Register t1>, <Register t2>, <Register t3>, <Register t4>, <Register t5>, <Register t6>, <Register t7>, <Register s0>, <Register s1>, <Register s2>, <Register s3>, <Register s4>, <Register s5>, <Register s6>, <Register s7>, <Register t8>, <Register t9>, <Register k0>, <Register k1>, <Register gp>, <Register sp>, <Register s8>, <Register ra>, <Register pc>, <Register hi>, <Register lo>, <Register f0>, <Register f1>, <Register f2>, <Register f3>, <Register f4>, <Register f5>, <Register f6>, <Register f7>, <Register f8>, <Register f9>, <Register f10>, <Register f11>, <Register f12>, <Register f13>, <Register f14>, <Register f15>, <Register f16>, <Register f17>, <Register f18>, <Register f19>, <Register f20>, <Register f21>, <Register f22>, <Register f23>, <Register f24>, <Register f25>, <Register f26>, <Register f27>, <Register f28>, <Register f29>, <Register f30>, <Register f31>, <Register fir>, <Register fccr>, <Register fexr>, <Register fenr>, <Register fcsr>, <Register cp0_status>, <Register ulr>, <Register emnote>, <Register cond>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register ip_at_syscall>]

dynamic_tag_translation = {1879048193: 'DT_MIPS_RLD_VERSION', 1879048197: 'DT_MIPS_FLAGS', 1879048198: 'DT_MIPS_BASE_ADDRESS', 1879048202: 'DT_MIPS_LOCAL_GOTNO', 1879048209: 'DT_MIPS_SYMTABNO', 1879048210: 'DT_MIPS_UNREFEXTNO', 1879048211: 'DT_MIPS_GOTSYM', 1879048214: 'DT_MIPS_RLD_MAP'}

got_section_name = '.got'

ld_linux_name = 'ld.so.1'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=16, head_offsets=[], dtv_offsets=[0], pthread_offsets=[], tp_offset=28672, dtv_entry_offset=32768)

class archinfo.arch_ppc32.ArchPPC32(endness='Iend_LE')

Bases: archinfo.arch.Arch

bits = 32

vex_arch = 'VexArchPPC32'

name = 'PPC32'

qemu_name = 'ppc'

ida_processor = 'ppc'

linux_name = 'ppc750'

triplet = 'powerpc-linux-gnu'

max_inst_bytes = 4

ret_offset = 28

syscall_num_offset = 16

call_pushes_ret = False

stack_change = -4

sizeof = {'int': 32, 'long': 32, 'long long': 64, 'short': 16}

cs_arch = 4

cs_mode = 4

ret_instruction = b' \x00\x80N'

nop_instruction = b'\x00\x00\x00`'

instruction_alignment = 4

register_list = [<Register gpr0>, <Register gpr1>, <Register gpr2>, <Register gpr3>, <Register gpr4>, <Register gpr5>, <Register gpr6>, <Register gpr7>, <Register gpr8>, <Register gpr9>, <Register gpr10>, <Register gpr11>, <Register gpr12>, <Register gpr13>, <Register gpr14>, <Register gpr15>, <Register gpr16>, <Register gpr17>, <Register gpr18>, <Register gpr19>, <Register gpr20>, <Register gpr21>, <Register gpr22>, <Register gpr23>, <Register gpr24>, <Register gpr25>, <Register gpr26>, <Register gpr27>, <Register gpr28>, <Register gpr29>, <Register gpr30>, <Register gpr31>, <Register vsr0>, <Register vsr1>, <Register vsr2>, <Register vsr3>, <Register vsr4>, <Register vsr5>, <Register vsr6>, <Register vsr7>, <Register vsr8>, <Register vsr9>, <Register vsr10>, <Register vsr11>, <Register vsr12>, <Register vsr13>, <Register vsr14>, <Register vsr15>, <Register vsr16>, <Register vsr17>, <Register vsr18>, <Register vsr19>, <Register vsr20>, <Register vsr21>, <Register vsr22>, <Register vsr23>, <Register vsr24>, <Register vsr25>, <Register vsr26>, <Register vsr27>, <Register vsr28>, <Register vsr29>, <Register vsr30>, <Register vsr31>, <Register vsr32>, <Register vsr33>, <Register vsr34>, <Register vsr35>, <Register vsr36>, <Register vsr37>, <Register vsr38>, <Register vsr39>, <Register vsr40>, <Register vsr41>, <Register vsr42>, <Register vsr43>, <Register vsr44>, <Register vsr45>, <Register vsr46>, <Register vsr47>, <Register vsr48>, <Register vsr49>, <Register vsr50>, <Register vsr51>, <Register vsr52>, <Register vsr53>, <Register vsr54>, <Register vsr55>, <Register vsr56>, <Register vsr57>, <Register vsr58>, <Register vsr59>, <Register vsr60>, <Register vsr61>, <Register vsr62>, <Register vsr63>, <Register cia>, <Register lr>, <Register ctr>, <Register xer_so>, <Register xer_ov>, <Register xer_ca>, <Register xer_bc>, <Register cr0_321>, <Register cr0_0>, <Register cr1_321>, <Register cr1_0>, <Register cr2_321>, <Register cr2_0>, <Register cr3_321>, <Register cr3_0>, <Register cr4_321>, <Register cr4_0>, <Register cr5_321>, <Register cr5_0>, <Register cr6_321>, <Register cr6_0>, <Register cr7_321>, <Register cr7_0>, <Register fpround>, <Register dfpround>, <Register c_fpcc>, <Register vrsave>, <Register vscr>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register nraddr_gpr2>, <Register redir_sp>, <Register redir_stack>, <Register ip_at_syscall>, <Register sprg3_ro>, <Register tfhar>, <Register texasr>, <Register tfiar>, <Register ppr>, <Register texasru>, <Register pspb>]

function_prologs = {b'[\\x00-\\xff]{2}\\x21\\x94\\xa6\\x02\\x08\\x7c'}

function_epilogs = {b'\\xa6\\x03[\\x00-\\xff]{2}([\\x00-\\xff]{4}){0,6}\\x20\\x00\\x80\\x4e'}

got_section_name = '.plt'

ld_linux_name = 'ld.so.1'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=52, head_offsets=[], dtv_offsets=[48], pthread_offsets=[], tp_offset=28672, dtv_entry_offset=32768)

class archinfo.arch_ppc64.ArchPPC64(endness='Iend_LE')

Bases: archinfo.arch.Arch

bits = 64

vex_arch = 'VexArchPPC64'

name = 'PPC64'

qemu_name = 'ppc64'

ida_processor = 'ppc64'

triplet = 'powerpc64le-linux-gnu'

linux_name = 'ppc750'

max_inst_bytes = 4

ret_offset = 40

syscall_num_offset = 16

call_pushes_ret = False

stack_change = -8

initial_sp = 18446744073692774400

sizeof = {'int': 32, 'long': 64, 'long long': 64, 'short': 16}

cs_arch = 4

cs_mode = 8

ret_instruction = b' \x00\x80N'

nop_instruction = b'\x00\x00\x00`'

instruction_alignment = 4

register_list = [<Register gpr0>, <Register gpr1>, <Register gpr2>, <Register gpr3>, <Register gpr4>, <Register gpr5>, <Register gpr6>, <Register gpr7>, <Register gpr8>, <Register gpr9>, <Register gpr10>, <Register gpr11>, <Register gpr12>, <Register gpr13>, <Register gpr14>, <Register gpr15>, <Register gpr16>, <Register gpr17>, <Register gpr18>, <Register gpr19>, <Register gpr20>, <Register gpr21>, <Register gpr22>, <Register gpr23>, <Register gpr24>, <Register gpr25>, <Register gpr26>, <Register gpr27>, <Register gpr28>, <Register gpr29>, <Register gpr30>, <Register gpr31>, <Register vsr0>, <Register vsr1>, <Register vsr2>, <Register vsr3>, <Register vsr4>, <Register vsr5>, <Register vsr6>, <Register vsr7>, <Register vsr8>, <Register vsr9>, <Register vsr10>, <Register vsr11>, <Register vsr12>, <Register vsr13>, <Register vsr14>, <Register vsr15>, <Register vsr16>, <Register vsr17>, <Register vsr18>, <Register vsr19>, <Register vsr20>, <Register vsr21>, <Register vsr22>, <Register vsr23>, <Register vsr24>, <Register vsr25>, <Register vsr26>, <Register vsr27>, <Register vsr28>, <Register vsr29>, <Register vsr30>, <Register vsr31>, <Register vsr32>, <Register vsr33>, <Register vsr34>, <Register vsr35>, <Register vsr36>, <Register vsr37>, <Register vsr38>, <Register vsr39>, <Register vsr40>, <Register vsr41>, <Register vsr42>, <Register vsr43>, <Register vsr44>, <Register vsr45>, <Register vsr46>, <Register vsr47>, <Register vsr48>, <Register vsr49>, <Register vsr50>, <Register vsr51>, <Register vsr52>, <Register vsr53>, <Register vsr54>, <Register vsr55>, <Register vsr56>, <Register vsr57>, <Register vsr58>, <Register vsr59>, <Register vsr60>, <Register vsr61>, <Register vsr62>, <Register vsr63>, <Register cia>, <Register lr>, <Register ctr>, <Register xer_so>, <Register xer_ov>, <Register xer_ca>, <Register xer_bc>, <Register cr0_321>, <Register cr0_0>, <Register cr1_321>, <Register cr1_0>, <Register cr2_321>, <Register cr2_0>, <Register cr3_321>, <Register cr3_0>, <Register cr4_321>, <Register cr4_0>, <Register cr5_321>, <Register cr5_0>, <Register cr6_321>, <Register cr6_0>, <Register cr7_321>, <Register cr7_0>, <Register fpround>, <Register dfpround>, <Register c_fpcc>, <Register vrsave>, <Register vscr>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register nraddr_gpr2>, <Register redir_sp>, <Register redir_stack>, <Register ip_at_syscall>, <Register sprg3_ro>, <Register tfhar>, <Register texasr>, <Register tfiar>, <Register ppr>, <Register texasru>, <Register pspb>]

dynamic_tag_translation = {1879048192: 'DT_PPC64_GLINK', 1879048193: 'DT_PPC64_OPD', 1879048194: 'DT_PPC64_OPDSZ', 1879048195: 'DT_PPC64_OPT'}

function_prologs = {b'[\\x00-\\xff]{2}\\x21\\x94\\xa6\\x02\\x08\\x7c'}

function_epilogs = {b'\\xa6\\x03[\\x00-\\xff]{2}([\\x00-\\xff]{4}){0,6}\\x20\\x00\\x80\\x4e'}

got_section_name = '.plt'

ld_linux_name = 'ld64.so.1'

elf_tls = TLSArchInfo(variant=1, tcbhead_size=92, head_offsets=[], dtv_offsets=[84], pthread_offsets=[], tp_offset=28672, dtv_entry_offset=32768)

class archinfo.arch_x86.ArchX86(endness='Iend_LE')

Bases: archinfo.arch.Arch

property capstone_x86_syntax

Get the current syntax Capstone uses for x86. It can be ‘intel’ or ‘at&t’

Returns

Capstone’s current x86 syntax

Return type

str

property keystone_x86_syntax

Get the current syntax Keystone uses for x86. It can be ‘intel’, ‘at&t’, ‘nasm’, ‘masm’, ‘gas’ or ‘radix16’

Returns

Keystone’s current x86 syntax

Return type

str

bits = 32

vex_arch = 'VexArchX86'

name = 'X86'

qemu_name = 'i386'

ida_processor = 'metapc'

linux_name = 'i386'

triplet = 'i386-linux-gnu'

max_inst_bytes = 15

call_sp_fix = -8

ret_offset = 8

vex_conditional_helpers = True

syscall_num_offset = 8

call_pushes_ret = True

stack_change = -4

memory_endness = 'Iend_LE'

register_endness = 'Iend_LE'

sizeof = {'int': 32, 'long': 32, 'long long': 64, 'short': 16}

cs_arch = 3

cs_mode = 4

uc_arch = 4

uc_mode = 4

uc_const = <module 'unicorn.x86_const' from '/home/vsts/work/1/s/angr_venv/lib/python3.6/site-packages/unicorn/x86_const.py'>

uc_prefix = 'UC_X86_'

function_prologs = [b'\xf3\x0f\x1e\xfb\\x8b\\xff\\x55\\x8b\\xec', b'\xf3\x0f\x1e\xfb\\x55\\x8b\\xec', b'\xf3\x0f\x1e\xfb\\x55\\x89\\xe5', b'\xf3\x0f\x1e\xfb\\x55\\x57\\x56', b'\xf3\x0f\x1e\xfb\\xb8[\\x00-\\xff]\\x00\\x00\\x00[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{0,7}\\x8b[\\x00-\\xff]{2}', b'\xf3\x0f\x1e\xfb[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{1,7}\\x83\\xec[\\x00-\\xff]{2,4}', b'\xf3\x0f\x1e\xfb[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{1,7}\\x8b[\\x00-\\xff]{2}', b'\xf3\x0f\x1e\xfb(\\x81|\\x83)\\xec', b'\\x8b\\xff\\x55\\x8b\\xec', b'\\x55\\x8b\\xec', b'\\x55\\x89\\xe5', b'\\x55\\x57\\x56', b'\\xb8[\\x00-\\xff]\\x00\\x00\\x00[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{0,7}\\x8b[\\x00-\\xff]{2}', b'[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{1,7}\\x83\\xec[\\x00-\\xff]{2,4}', b'[\\x50\\x51\\x52\\x53\\x55\\x56\\x57]{1,7}\\x8b[\\x00-\\xff]{2}', b'(\\x81|\\x83)\\xec']

function_epilogs = {b'([^\\x41][\\x50-\\x5f]{1}|\\x41[\\x50-\\x5f])\\xc3', b'[^\\x48][\\x83,\\x81]\\xc4([\\x00-\\xff]{1}|[\\x00-\\xff]{4})\\xc3', b'\\xc9\\xc3'}

ret_instruction = b'\xc3'

nop_instruction = b'\x90'

instruction_alignment = 1

register_list = [<Register eax>, <Register ecx>, <Register edx>, <Register ebx>, <Register esp>, <Register ebp>, <Register esi>, <Register edi>, <Register cc_op>, <Register cc_dep1>, <Register cc_dep2>, <Register cc_ndep>, <Register d>, <Register id>, <Register ac>, <Register eip>, <Register fpreg>, <Register fptag>, <Register fpround>, <Register fc3210>, <Register ftop>, <Register sseround>, <Register xmm0>, <Register xmm1>, <Register xmm2>, <Register xmm3>, <Register xmm4>, <Register xmm5>, <Register xmm6>, <Register xmm7>, <Register cs>, <Register ds>, <Register es>, <Register fs>, <Register gs>, <Register ss>, <Register ldt>, <Register gdt>, <Register emnote>, <Register cmstart>, <Register cmlen>, <Register nraddr>, <Register sc_class>, <Register ip_at_syscall>]

symbol_type_translation = {10: 'STT_GNU_IFUNC', 'STT_LOOS': 'STT_GNU_IFUNC'}

lib_paths = ['/lib32', '/usr/lib32']

got_section_name = '.got.plt'

ld_linux_name = 'ld-linux.so.2'

elf_tls = TLSArchInfo(variant=2, tcbhead_size=56, head_offsets=[8], dtv_offsets=[4], pthread_offsets=[0], tp_offset=0, dtv_entry_offset=0)

class archinfo.arch_soot.SootMethodDescriptor(class_name, name, params, soot_method=None, ret_type=None)

Bases: object

class_name

name

params

ret

address(block_idx=0, stmt_idx=0)

:return Address of the method. :rtype: SootAddressDescriptor

property fullname

return the full name of the method (class name + method name)

property symbolic

property is_loaded

True, if the method is loaded in CLE and thus infos about attrs, ret and exceptions are available.

Type

return

property attrs

property exceptions

property block_by_label

property addr

the soot address description of the entry point of the method

Type

return

matches_with_native_name(native_method)

The name of native methods are getting encoded, s.t. they translate into valid C function names. This method indicates if the name of the given native method matches the name of the soot method.

Returns

True, if name of soot method matches the mangled native name.

classmethod from_string(tstr)

classmethod from_soot_method(soot_method)

class archinfo.arch_soot.SootAddressDescriptor(method, block_idx, stmt_idx)

Bases: object

method

block_idx

stmt_idx

copy()

property symbolic

class archinfo.arch_soot.SootAddressTerminator

Bases: archinfo.arch_soot.SootAddressDescriptor

class archinfo.arch_soot.SootFieldDescriptor(class_name, name, type_)

Bases: object

class_name

name

type

class archinfo.arch_soot.SootClassDescriptor(name, soot_class=None)

Bases: object

name

property is_loaded

True, if the class is loaded in CLE and thus info about field, methods, … are available.

Type

return

property fields

property methods

property superclass_name

property type

class archinfo.arch_soot.SootNullConstant

Bases: object

class archinfo.arch_soot.SootArgument(value, type_, is_this_ref=False)

Bases: object

Typed Java argument.

Parameters

• value – Value of the argument

• type – Type of the argument

• is_this_ref – Indicates whether the argument represents the ‘this’ reference, i.e. the object on which an instance method is invoked.

value

type

is_this_ref

class archinfo.arch_soot.ArchSoot(endness='Iend_LE')

Bases: archinfo.arch.Arch

name = 'Soot'

vex_arch = None

qemu_name = None

bits = 64

address_types = (<class 'archinfo.arch_soot.SootAddressDescriptor'>,)

function_address_types = (<class 'archinfo.arch_soot.SootMethodDescriptor'>,)

sizeof = {'boolean': 8, 'byte': 8, 'char': 16, 'double': 64, 'float': 32, 'int': 32, 'long': 64, 'short': 16}

primitive_types = ['boolean', 'byte', 'char', 'short', 'int', 'long', 'float', 'double']

sig_dict = {'B': 'byte', 'C': 'char', 'D': 'double', 'F': 'float', 'I': 'int', 'J': 'long', 'S': 'short', 'V': 'void', 'Z': 'boolean'}

static decode_type_signature(type_sig)

static decode_parameter_list_signature(param_sig)

static decode_method_signature(method_sig)

library_search_path(pedantic=False)

Since Java is mostly system independent, we cannot return system specific paths.

Returns

empty list

class archinfo.arch_s390x.ArchS390X(endness='Iend_BE')

Bases: archinfo.arch.Arch

bits = 64

vex_arch = 'VexArchS390X'

name = 'S390X'

qemu_name = 's390x'

triplet = 's390x-linux-gnu'

linux_name = 's390'

max_inst_bytes = 6

ret_offset = 584

syscall_num_offset = 576

call_pushes_ret = False

stack_change = -8

initial_sp = 4398046511104

sizeof = {'int': 32, 'long': 64, 'long long': 64, 'short': 16}

cs_arch = 6

cs_mode = 2147483648

ret_instruction = b'\x07\xf4'

nop_instruction = b'\x07\x07'

instruction_alignment = 2

register_list = [<Register ia>, <Register r0>, <Register r1>, <Register r2>, <Register r3>, <Register r4>, <Register r5>, <Register r6>, <Register r7>, <Register r8>, <Register r9>, <Register r10>, <Register r11>, <Register r12>, <Register r13>, <Register r14>, <Register r15>, <Register v0>, <Register v1>, <Register v2>, <Register v3>, <Register v4>, <Register v5>, <Register v6>, <Register v7>, <Register v8>, <Register v9>, <Register v10>, <Register v11>, <Register v12>, <Register v13>, <Register v14>, <Register v15>, <Register v16>, <Register v17>, <Register v18>, <Register v19>, <Register v20>, <Register v21>, <Register v22>, <Register v23>, <Register v24>, <Register v25>, <Register v26>, <Register v27>, <Register v28>, <Register v29>, <Register v30>, <Register v31>, <Register a0>, <Register a1>, <Register a2>, <Register a3>, <Register a4>, <Register a5>, <Register a6>, <Register a7>, <Register a8>, <Register a9>, <Register a10>, <Register a11>, <Register a12>, <Register a13>, <Register a14>, <Register a15>, <Register nraddr>, <Register cmstart>, <Register cmlen>, <Register ip_at_syscall>, <Register emnote>]

function_prologs = {b'\\xeb.[\\xf0-\\xff]..\\x24'}

function_epilogs = {b'\\x07\\xf4'}

got_section_name = '.got'

ld_linux_name = 'ld64.so.1'

elf_tls = TLSArchInfo(variant=2, tcbhead_size=64, head_offsets=[0], dtv_offsets=[8], pthread_offsets=[16], tp_offset=0, dtv_entry_offset=0)

Utilities

class archinfo.tls.TLSArchInfo(variant, tcbhead_size, head_offsets, dtv_offsets, pthread_offsets, tp_offset, dtv_entry_offset)

Bases: tuple

Create new instance of TLSArchInfo(variant, tcbhead_size, head_offsets, dtv_offsets, pthread_offsets, tp_offset, dtv_entry_offset)

property dtv_entry_offset

Alias for field number 6

property dtv_offsets

Alias for field number 3

property head_offsets

Alias for field number 2

property pthread_offsets

Alias for field number 4

property tcbhead_size

Alias for field number 1

property tp_offset

Alias for field number 5

property variant

Alias for field number 0

Errors

exception archinfo.archerror.ArchError

Bases: Exception