1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
#pragma once
#include <sys/uio.h>
#include <capstone/capstone.h>
struct archinfo {
unsigned long progmctr;
unsigned long stackptr;
unsigned long bp_insn;
unsigned long bp_mask;
unsigned long bp_adjust;
int cs_arch;
int cs_mode;
unsigned cs_call;
unsigned wordsize;
};
extern void architecture_info(struct archinfo *ai, const struct iovec *regs);
/* Architecture Definitions */
#if defined(__x86_64__) || defined(i386) || defined(__i386__)
typedef union {
struct user_regs_64 {
unsigned long long int r15, r14, r13, r12, rbp, rbx, r11, r10, r9, r8,
rax, rcx, rdx, rsi, rdi, orig_rax, rip, cs, eflags, rsp,
ss, fs_base, gs_base, ds, es, fs, gs;
} x86_64;
struct user_regs_32 {
unsigned int ebx, ecx, edx, esi, edi, ebp, eax, xds, xes, xfs, xgs,
orig_eax, eip, xcs, eflags, esp, xss;
} x86_32;
} user_regs_t;
#define ARCH_X86
#define PROGMCTR_64 x86_64.rip
#define STACKPTR_64 x86_64.rsp
#define BREAKPOINT_INSN_64 0xccul
#define BREAKPOINT_MASK_64 0xfful
#define BREAKPOINT_ADJS_64 0x1
#define CAPSTONE_ARCH_64 CS_ARCH_X86
#define CAPSTONE_MODE_64 CS_MODE_64
#define CAPSTONE_CALL_64 X86_INS_CALL
#define WORDSIZE_64 8
#define PROGMCTR_32 x86_32.eip
#define STACKPTR_32 x86_32.esp
#define BREAKPOINT_INSN_32 0xccul
#define BREAKPOINT_MASK_32 0xfful
#define BREAKPOINT_ADJS_32 0x1
#define CAPSTONE_ARCH_32 CS_ARCH_X86
#define CAPSTONE_MODE_32 CS_MODE_32
#define CAPSTONE_CALL_32 X86_INS_CALL
#define WORDSIZE_32 4
#elif defined(__aarch64__) || defined(_M_ARM64)
typedef union {
struct user_regs_64 {
unsigned long long regs[31];
unsigned long long sp, pc, pstate;
} arm64;
struct user_regs_32 {
unsigned int x;
} arm32;
} user_regs_t;
#define ARCH_AARCH64
#define PROGMCTR_64 arm64.pc
#define STACKPTR_64 arm64.sp
#define BREAKPOINT_INSN_64 0xd4200000ul
#define BREAKPOINT_MASK_64 0xfffffffful
#define BREAKPOINT_ADJS_64 0x0
#define CAPSTONE_ARCH_64 CS_ARCH_ARM64
#define CAPSTONE_MODE_64 CS_MODE_ARM
#define CAPSTONE_CALL_64 ARM64_INS_BL
#define WORDSIZE_64 8
#define PROGMCTR_32 arm32.x
#define STACKPTR_32 arm32.x
#define BREAKPOINT_INSN_32 0
#define BREAKPOINT_MASK_32 0
#define BREAKPOINT_ADJS_32 0
#define CAPSTONE_ARCH_32 0
#define CAPSTONE_MODE_32 0
#define CAPSTONE_CALL_32 0
#define WORDSIZE_32 4
#else
#error Detected architecture is not supported!
#endif
|