How to use reil - 10 common examples
To help you get started, we’ve selected a few reil examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
c01db33f / reil / x86 / sse.py View on Github 
def _x86_psub(ctx, i, part_size):
a_id, b_id, dst_id = vex_opnds(i)
a = operand.get(ctx, i, a_id)
b = operand.get(ctx, i, b_id)
size = min(a.size, b.size)
part_count = size // part_size
a_parts = unpack(ctx, a, part_size)[:part_count]
if a == b:
b_parts = a_parts
else:
b_parts = unpack(ctx, b, part_size)[:part_count]
parts = []
for j in range(0, part_count):
tmp = ctx.tmp(part_size)
ctx.emit( sub_ (a_parts[j], b_parts[j], tmp))
parts.append(tmp)def x86_lods(ctx, i, size):
src = ctx.source
value = ctx.tmp(size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( ldm_ (src, value))
if size == 8:
operand.set_register(ctx, i, 'al', value)
elif size == 16:
operand.set_register(ctx, i, 'ax', value)
elif size == 32:
operand.set_register(ctx, i, 'eax', value)
else:
operand.set_register(ctx, i, 'rax', value)
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit('set')
ctx.emit( str_ (src, ctx.source))
if i.mnemonic.startswith('rep'):
rep_epilogue(ctx, i)value = ctx.tmp(size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( ldm_ (src, value))
if size == 8:
operand.set_register(ctx, i, 'al', value)
elif size == 16:
operand.set_register(ctx, i, 'ax', value)
elif size == 32:
operand.set_register(ctx, i, 'eax', value)
else:
operand.set_register(ctx, i, 'rax', value)
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit('set')
ctx.emit( str_ (src, ctx.source))
if i.mnemonic.startswith('rep'):
rep_epilogue(ctx, i)def x86_lods(ctx, i, size):
src = ctx.source
value = ctx.tmp(size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( ldm_ (src, value))
if size == 8:
operand.set_register(ctx, i, 'al', value)
elif size == 16:
operand.set_register(ctx, i, 'ax', value)
elif size == 32:
operand.set_register(ctx, i, 'eax', value)
else:
operand.set_register(ctx, i, 'rax', value)
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit('set')
ctx.emit( str_ (src, ctx.source))def x86_lods(ctx, i, size):
src = ctx.source
value = ctx.tmp(size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( ldm_ (src, value))
if size == 8:
operand.set_register(ctx, i, 'al', value)
elif size == 16:
operand.set_register(ctx, i, 'ax', value)
elif size == 32:
operand.set_register(ctx, i, 'eax', value)
else:
operand.set_register(ctx, i, 'rax', value)
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (src, imm(value.size // 8, ctx.word_size), src))
ctx.emit('set')
ctx.emit( str_ (src, ctx.source))
if i.mnemonic.startswith('rep'):
rep_epilogue(ctx, i)def x86_movs(ctx, i, size):
# This is to handle the mnemonic overload (SSE movsd) for 'move scalar
# double-precision floating-point value' since capstone doesn't
# distinguish. That instruction is just a mov into/from the SSE
# registers.
if not operand.is_memory(ctx, i, 0) or not operand.is_memory(ctx, i, 1):
# so basically, if one of the operands is not a memory address, then we
# know that this is the SSE version, which x86_mov can handle.
return x86_mov(ctx, i)
value = ctx.tmp(size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( ldm_ (ctx.source, value))
ctx.emit( stm_ (value, ctx.destination))
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (ctx.destination, imm(value.size // 8, ctx.word_size), ctx.destination))
ctx.emit( add_ (ctx.source, imm(value.size // 8, ctx.word_size), ctx.source))
ctx.emit( jcc_ (imm(1, 8), 'done'))def arm_push(ctx, i):
for op in i.operands:
value = operand.get(ctx, i, 0)
ctx.emit( sub_ (ctx.stack_ptr,
imm(ctx.word_size // 8, ctx.word_size),
ctx.stack_ptr))
if value.size != ctx.word_size:
prev_value = value
value = ctx.tmp(ctx.word_size)
ctx.emit( sex_ (prev_value, value))
ctx.emit( stm_ (value, ctx.stack_ptr))b = r(ctx.accumulator.name, size)
value = ctx.tmp(size)
result = ctx.tmp(size * 2)
address = ctx.tmp(a.size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
ctx.emit( str_ (a, address))
# read the value
ctx.emit( ldm_ (address, value))
# do the comparison and set flags
ctx.emit( sub_ (value, b, result))
arithmetic._sub_set_flags(ctx, a, b, result)
# do the increment/decrement
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (address, imm(value.size // 8, ctx.word_size), address))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (address, imm(value.size // 8, ctx.word_size), address))
ctx.emit('set')
ctx.emit( str_ (address, ctx.destination))
if i.mnemonic.startswith('rep'):
rep_epilogue(ctx, i)value2 = ctx.tmp(size)
address2 = ctx.tmp(src.size)
if i.mnemonic.startswith('rep'):
rep_prologue(ctx, i)
# read the values
ctx.emit( str_ (src, address1))
ctx.emit( ldm_ (address1, value1))
ctx.emit( str_ (dst, address2))
ctx.emit( ldm_ (address2, value2))
# do the comparison and set flags
ctx.emit( sub_ (value1, value2, result))
arithmetic._sub_set_flags(ctx, value1, value2, result)
# do the increment/decrement
ctx.emit( jcc_ (r('df', 8), 'decrement'))
ctx.emit('increment')
ctx.emit( add_ (address1, imm(size // 8, ctx.word_size), address1))
ctx.emit( add_ (address2, imm(size // 8, ctx.word_size), address2))
ctx.emit( jcc_ (imm(1, 8), 'set'))
ctx.emit('decrement')
ctx.emit( sub_ (address1, imm(size // 8, ctx.word_size), address1))
ctx.emit( sub_ (address2, imm(size // 8, ctx.word_size), address2))
ctx.emit('set')
ctx.emit( str_ (address1, ctx.source))
ctx.emit( str_ (address2, ctx.destination))
if i.mnemonic.startswith('rep'):
rep_epilogue(ctx, i)part_count = size // (part_size * 2)
a_parts = unpack(ctx, a, part_size)[:part_count]
if a == b:
b_parts = a_parts
else:
b_parts = unpack(ctx, b, part_size)[:part_count]
parts = []
for j in range(0, part_count):
parts.append(a_parts[j])
parts.append(b_parts[j])
value = pack(ctx, parts)
operand.set(ctx, i, 0, value)
Popular reil functions
- reil.arm.operand
- reil.arm.operand.get
- reil.arm.operand.set
- reil.arm64.operand.get
- reil.definitions.Instruction
- reil.native.Instruction
- reil.x86.arithmetic
- reil.x86.conditional
- reil.x86.conditional.condition
- reil.x86.memory.x86_mov
- reil.x86.operand
- reil.x86.operand.get
- reil.x86.operand.get_address
- reil.x86.operand.get_register
- reil.x86.operand.get_size
- reil.x86.operand.is_memory
- reil.x86.operand.set
- reil.x86.operand.set_register
- reil.x86.translator.translate