Skip to content

arch

Architecture module

ArchARM

Bases: QuokkaArch

ArchARM definition

Source code in quokka/analysis/arch.py
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
class ArchARM(QuokkaArch):  # type: ignore
    """ArchARM definition"""

    (
        cc,
        cpsflag,
        cpsmode,
        grps,
        insts,
        mb,
        op,
        regs,
        setend,
        sft,
        sysreg,
        vd,
    ) = make_enums(
        capstone_module=capstone.arm_const,
        items=[
            "CC",
            "CPSFLAG",
            "CPSMODE",
            "GRP",
            "INS",
            "MB",
            "OP",
            "REG",
            "SETEND",
            "SFT",
            "SYSREG",
            "VECTORDATA",
        ],
        blacklist=["ENDING", "R13", "R14", "R15", "R9", "R10", "R11", "R12"],
        flags_enums=["SYSREG"],
    )

    address_size = 32
    compared_mnemonics = [
        insts.CBNZ,
        insts.CMP,
        insts.CBZ,
        insts.CMN,
    ]

    frame_pointer = regs.FP
    stack_pointer = regs.SP
    inst_pointer = regs.PC

ArchARM64

Bases: QuokkaArch

Arch Arm64 definition

Source code in quokka/analysis/arch.py
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
class ArchARM64(QuokkaArch):  # type: ignore
    """Arch Arm64 definition"""

    (
        at,
        barrier,
        cc,
        dc,
        ext,
        grp,
        ic,
        insts,
        op,
        prfm,
        pstate,
        regs,
        sft,
        sysreg,
        tlbi,
        vas,
        vess,
    ) = make_enums(
        capstone_module=capstone.arm64_const,
        items=[
            "AT",
            "BARRIER",
            "CC",
            "DC",
            "EXT",
            "GRP",
            "IC",
            "INS",
            "OP",
            "PRFM",
            "PSTATE",
            "REG",
            "SFT",
            "SYSREG",
            "TLBI",
            "VAS",
            "VESS",
        ],
        blacklist=["ENDING", "X16", "X17", "X29", "X30"],
        flags_enums=[],
    )

    address_size = 64
    compared_mnemonics = [
        insts.CBZ,
        insts.CBNZ,
        insts.CMP,
        insts.CCMN,
        insts.CCMP,
        insts.CMN,
        insts.TBZ,
        insts.TBNZ,
    ]

    frame_pointer = regs.FP
    stack_pointer = regs.SP  # TODO(dm)!
    inst_pointer = regs.X28

ArchARMThumb

Bases: ArchARM

Arch Arm Thumb definition

Source code in quokka/analysis/arch.py
165
166
167
168
class ArchARMThumb(ArchARM):  # type: ignore
    """Arch Arm Thumb definition"""

    thumb: bool = True

ArchEnum

Bases: IntEnum

Enum identifying various architectures. The integer values are based on capstone enum.

Source code in quokka/analysis/arch.py
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
class ArchEnum(IntEnum):
    """
    Enum identifying various architectures. The integer
    values are based on capstone enum.
    """

    UNKNOWN = capstone.CS_ARCH_ALL
    ARM = capstone.CS_ARCH_ARM
    ARM64 = capstone.CS_ARCH_ARM64
    EVM = capstone.CS_ARCH_EVM
    M680X = capstone.CS_ARCH_M680X
    M68K = capstone.CS_ARCH_M68K
    MIPS = capstone.CS_ARCH_MIPS
    PPC = capstone.CS_ARCH_PPC
    SPARC = capstone.CS_ARCH_SPARC
    SYSZ = capstone.CS_ARCH_SYSZ
    TMS320C64X = capstone.CS_ARCH_TMS320C64X
    X86 = capstone.CS_ARCH_X86
    XCORE = capstone.CS_ARCH_XCORE

ArchMIPS

Bases: QuokkaArch

Arch MIPS definition

Source code in quokka/analysis/arch.py
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
class ArchMIPS(QuokkaArch):  # type: ignore
    """Arch MIPS definition"""

    (
        grps,
        insts,
        op,
        regs,
    ) = make_enums(
        capstone_module=capstone.mips_const,
        items=[
            "GRP",
            "INS",
            "OP",
            "REG",
        ],
        blacklist=["ENDING", "INVALID"],
        flags_enums=[],
    )

    compared_mnemonics = [
        insts.CMP,
        insts.CMPI,
        insts.CMPU,
        insts.CMPGU,
        insts.CMPGDU,
    ]

    address_size = 32

    frame_pointer = regs.FP  # R30
    stack_pointer = regs.SP  # R29
    inst_pointer = regs.PC   # REG_PC

ArchMIPS64

Bases: ArchMIPS

Arch MIPS64 definition

Source code in quokka/analysis/arch.py
269
270
271
272
class ArchMIPS64(ArchMIPS):  # type: ignore
    """Arch MIPS64 definition"""

    address_size = 64

ArchPPC

Bases: QuokkaArch

Arch PPC definition

Source code in quokka/analysis/arch.py
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
class ArchPPC(QuokkaArch):  # type: ignore
    """Arch PPC definition"""

    (
        bc,
        bh,
        grps,
        insts,
        op,
        regs,
    ) = make_enums(
        capstone_module=capstone.ppc_const,
        items=[
            "BC",
            "BH",
            "GRP",
            "INS",
            "OP",
            "REG",
        ],
        blacklist=["ENDING", "INVALID"],
        flags_enums=[],
    )

    compared_mnemonics = [
        insts.CMPB,
        insts.CMPD,
        insts.CMPDI,
        insts.CMPLD,
        insts.CMPLW,
        insts.CMPW,
        insts.CMPWI,
    ]

    address_size = 32

    frame_pointer = regs.R1  #
    stack_pointer = regs.R1  # GPR1
    inst_pointer = regs.CTR

ArchPPC64

Bases: ArchPPC

Arch PPC64 definition

Source code in quokka/analysis/arch.py
316
317
318
319
class ArchPPC64(ArchPPC):  # type: ignore
    """Arch PPC64 definition"""

    address_size = 64

ArchX64

Bases: ArchX86

Arch X64 definition

Source code in quokka/analysis/arch.py
106
107
108
109
110
111
112
113
class ArchX64(ArchX86):  # type: ignore
    """Arch X64 definition"""

    address_size = 64

    frame_pointer = ArchX86.regs.RBP
    stack_pointer = ArchX86.regs.RSP
    inst_pointer = ArchX86.regs.RIP

ArchX86

Bases: QuokkaArch

Arch X86 definition

Source code in quokka/analysis/arch.py
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
class ArchX86(QuokkaArch):  # type: ignore
    """Arch X86 definition"""

    address_size = 32

    regs, insts, groups, prefixes, optypes, _flags_state = make_enums(
        capstone_module=capstone.x86_const,
        items=["REG", "INS", "GRP", "PREFIX", "OP", "EFLAGS"],
        blacklist=["ENDING"],
        flags_enums=["EFLAGS"],
    )

    compared_mnemonics = [insts.CMP, insts.TEST]

    frame_pointer = regs.EBP
    stack_pointer = regs.ESP
    inst_pointer = regs.EIP

QuokkaArch

Base class for a QuokkaArch

Source code in quokka/analysis/arch.py
78
79
80
81
82
83
84
class QuokkaArch:
    """Base class for a QuokkaArch"""

    address_size: int
    compared_mnemonics: List[str]
    stack_pointer: RegType
    inst_pointer: RegType

make_enums(capstone_module, items, blacklist, flags_enums)

Make enums from capstone module

Dynamically generate enums from capstone constants

Parameters:

Name Type Description Default
capstone_module ModuleType

Capstone module

required
items List[str]

Name of enums

required
blacklist List[str]

Fields to not consider

required
flags_enums List[str]

List of flag enums

required

Returns:

Type Description
List

A list of IntEnum/IntFlag

Source code in quokka/analysis/arch.py
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
def make_enums(
    capstone_module: ModuleType, items: List[str], blacklist: List[str], flags_enums: List[str]
) -> List:
    """Make enums from capstone module

    Dynamically generate enums from capstone constants

    Arguments:
        capstone_module: Capstone module
        items: Name of enums
        blacklist: Fields to not consider
        flags_enums: List of flag enums

    Returns:
        A list of IntEnum/IntFlag
    """
    data = collections.defaultdict(dict)
    for key, val in getattr(capstone_module, "__dict__").items():
        _, cat, name = key.split("_", maxsplit=2)
        if name not in blacklist:
            name = "_" + name if "0" <= name[0] <= "9" else name
            data[cat][name] = val

    return [
        IntEnum(x, names=data[x], module=__name__)
        if x not in flags_enums
        else IntFlag(x, names=data[x], module=__name__)
        for x in items
        if x
    ]