Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

instruction semantics #2

Closed
aquynh opened this issue Mar 10, 2015 · 2 comments
Closed

instruction semantics #2

aquynh opened this issue Mar 10, 2015 · 2 comments

Comments

@aquynh
Copy link
Contributor

aquynh commented Mar 10, 2015

you can take advantage of some advanced API of Capstone to check the semantics of instructions.
since instructions are classified in groups, you can do in Python:

  • check if an instruction is a RETURN instruction with:
    if i.group(CS_GRP_RET):
    ....
  • check if an instruction is a kind of JUMP instruction with:
    if i.group(CS_GRP_JUMP):
    ....

there are few more type of groups such as CS_GRP_CALL, CS_GRP_IRET, etc.
see __init__.py & x86_const.py for more info.
@ghost
Copy link

ghost commented Mar 10, 2015

I didn't know this, thank you. I will add it.

@aquynh
Copy link
Contributor Author

aquynh commented Mar 11, 2015

if you find anything wrong on the group information (such as an instruction belongs to a wrong group, or group is totally missing), please report.

thanks.

@ghost ghost closed this as completed Mar 12, 2015
ghost pushed a commit that referenced this issue May 1, 2015
arch/arm: shifts not only in memory access
81a4173 
Before only shifts were interpreted with this : [r, lsl #1].
But we can have also this :
lsrne r3, r3, #4
andeq sb, ip, r0, lsr #2
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aquynh