Skip to content

regs ¤

Reading register value from the inferior, and provides a standardized interface to registers like "sp" and "pc".

Classes:

Attributes:

arm_cpsr_flags module-attribute ¤

arm_cpsr_flags = BitFlags(
    [
        ("N", 31),
        ("Z", 30),
        ("C", 29),
        ("V", 28),
        ("Q", 27),
        ("J", 24),
        ("T", 5),
        ("E", 9),
        ("A", 8),
        ("I", 7),
        ("F", 6),
    ]
)

arm_xpsr_flags module-attribute ¤

arm_xpsr_flags = BitFlags(
    [("N", 31), ("Z", 30), ("C", 29), ("V", 28), ("Q", 27), ("T", 24)]
)

aarch64_cpsr_flags module-attribute ¤

aarch64_cpsr_flags = BitFlags(
    [
        ("N", 31),
        ("Z", 30),
        ("C", 29),
        ("V", 28),
        ("Q", 27),
        ("PAN", 22),
        ("IL", 20),
        ("D", 9),
        ("A", 8),
        ("I", 7),
        ("F", 6),
        ("EL", 2),
        ("SP", 0),
    ]
)

aarch64_sctlr_flags module-attribute ¤

aarch64_sctlr_flags = BitFlags(
    [
        ("TIDCP", 63),
        ("SPINTMASK", 62),
        ("NMI", 61),
        ("EPAN", 57),
        ("ATA0", 43),
        ("ATA0", 42),
        ("TCF", (40, 2)),
        ("TCF0", (38, 2)),
        ("ITFSB", 37),
        ("BT1", 36),
        ("BT0", 35),
        ("EnIA", 31),
        ("EnIB", 30),
        ("EnDA", 27),
        ("UCI", 26),
        ("EE", 25),
        ("E0E", 24),
        ("SPAN", 23),
        ("TSCXT", 20),
        ("WXN", 19),
        ("nTWE", 18),
        ("nTWI", 16),
        ("UCT", 15),
        ("DZE", 14),
        ("EnDB", 13),
        ("I", 12),
        ("UMA", 9),
        ("SED", 8),
        ("ITD", 7),
        ("nAA", 6),
        ("CP15BEN", 5),
        ("SA0", 4),
        ("SA", 3),
        ("C", 2),
        ("A", 1),
        ("M", 0),
    ]
)

aarch64_tcr_flags module-attribute ¤

aarch64_tcr_flags = BitFlags(
    [("TG1", (30, 31)), ("T1SZ", (16, 21)), ("TG0", (14, 15)), ("T0SZ", (0, 5))]
)

aarch64_scr_flags module-attribute ¤

aarch64_scr_flags = BitFlags(
    [("HCE", 8), ("SMD", 7), ("EA", 3), ("FIQ", 2), ("IRQ", 1), ("NS", 0)]
)

aarch64_mmfr_flags module-attribute ¤

aarch64_mmfr_flags = BitFlags([('VARange', (16, 19))])

arm module-attribute ¤

arm = RegisterSet(
    retaddr=(Reg("lr", 4),),
    flags={"cpsr": arm_cpsr_flags},
    gpr=(
        Reg("r0", 4),
        Reg("r1", 4),
        Reg("r2", 4),
        Reg("r3", 4),
        Reg("r4", 4),
        Reg("r5", 4),
        Reg("r6", 4),
        Reg("r7", 4),
        Reg("r8", 4),
        Reg("r9", 4),
        Reg("r10", 4),
        Reg("r11", 4),
        Reg("r12", 4),
    ),
    args=("r0", "r1", "r2", "r3"),
    retval="r0",
)

armcm module-attribute ¤

armcm = RegisterSet(
    retaddr=(Reg("lr", 4),),
    flags={"xpsr": arm_xpsr_flags},
    gpr=(
        Reg("r0", 4),
        Reg("r1", 4),
        Reg("r2", 4),
        Reg("r3", 4),
        Reg("r4", 4),
        Reg("r5", 4),
        Reg("r6", 4),
        Reg("r7", 4),
        Reg("r8", 4),
        Reg("r9", 4),
        Reg("r10", 4),
        Reg("r11", 4),
        Reg("r12", 4),
    ),
    args=("r0", "r1", "r2", "r3"),
    retval="r0",
)

aarch64 module-attribute ¤

aarch64 = RegisterSet(
    retaddr=(Reg("lr", 8),),
    flags={"cpsr": aarch64_cpsr_flags},
    extra_flags={
        "scr_el3": aarch64_scr_flags,
        "sctlr": aarch64_sctlr_flags,
        "sctlr_el2": aarch64_sctlr_flags,
        "sctlr_el3": aarch64_sctlr_flags,
        "spsr_el1": aarch64_cpsr_flags,
        "spsr_el2": aarch64_cpsr_flags,
        "spsr_el3": aarch64_cpsr_flags,
        "tcr_el1": aarch64_tcr_flags,
        "id_aa64mmfr2_el1": aarch64_mmfr_flags,
        "ttbr0_el1": BitFlags(),
        "ttbr1_el1": BitFlags(),
    },
    frame=Reg("x29", 8, subregisters=(Reg("w29", 4, zero_extend_writes=True),)),
    gpr=(
        Reg("x0", 8, subregisters=(Reg("w0", 4, zero_extend_writes=True),)),
        Reg("x1", 8, subregisters=(Reg("w1", 4, zero_extend_writes=True),)),
        Reg("x2", 8, subregisters=(Reg("w2", 4, zero_extend_writes=True),)),
        Reg("x3", 8, subregisters=(Reg("w3", 4, zero_extend_writes=True),)),
        Reg("x4", 8, subregisters=(Reg("w4", 4, zero_extend_writes=True),)),
        Reg("x5", 8, subregisters=(Reg("w5", 4, zero_extend_writes=True),)),
        Reg("x6", 8, subregisters=(Reg("w6", 4, zero_extend_writes=True),)),
        Reg("x7", 8, subregisters=(Reg("w7", 4, zero_extend_writes=True),)),
        Reg("x8", 8, subregisters=(Reg("w8", 4, zero_extend_writes=True),)),
        Reg("x9", 8, subregisters=(Reg("w9", 4, zero_extend_writes=True),)),
        Reg("x10", 8, subregisters=(Reg("w10", 4, zero_extend_writes=True),)),
        Reg("x11", 8, subregisters=(Reg("w11", 4, zero_extend_writes=True),)),
        Reg("x12", 8, subregisters=(Reg("w12", 4, zero_extend_writes=True),)),
        Reg("x13", 8, subregisters=(Reg("w13", 4, zero_extend_writes=True),)),
        Reg("x14", 8, subregisters=(Reg("w14", 4, zero_extend_writes=True),)),
        Reg("x15", 8, subregisters=(Reg("w15", 4, zero_extend_writes=True),)),
        Reg("x16", 8, subregisters=(Reg("w16", 4, zero_extend_writes=True),)),
        Reg("x17", 8, subregisters=(Reg("w17", 4, zero_extend_writes=True),)),
        Reg("x18", 8, subregisters=(Reg("w18", 4, zero_extend_writes=True),)),
        Reg("x19", 8, subregisters=(Reg("w19", 4, zero_extend_writes=True),)),
        Reg("x20", 8, subregisters=(Reg("w20", 4, zero_extend_writes=True),)),
        Reg("x21", 8, subregisters=(Reg("w21", 4, zero_extend_writes=True),)),
        Reg("x22", 8, subregisters=(Reg("w22", 4, zero_extend_writes=True),)),
        Reg("x23", 8, subregisters=(Reg("w23", 4, zero_extend_writes=True),)),
        Reg("x24", 8, subregisters=(Reg("w24", 4, zero_extend_writes=True),)),
        Reg("x25", 8, subregisters=(Reg("w25", 4, zero_extend_writes=True),)),
        Reg("x26", 8, subregisters=(Reg("w26", 4, zero_extend_writes=True),)),
        Reg("x27", 8, subregisters=(Reg("w27", 4, zero_extend_writes=True),)),
        Reg("x28", 8, subregisters=(Reg("w28", 4, zero_extend_writes=True),)),
    ),
    args=("x0", "x1", "x2", "x3"),
    retval="x0",
)

x86flags module-attribute ¤

x86flags = {
    "eflags": BitFlags(
        [
            ("CF", 0),
            ("PF", 2),
            ("AF", 4),
            ("ZF", 6),
            ("SF", 7),
            ("IF", 9),
            ("DF", 10),
            ("OF", 11),
            ("AC", 18),
        ]
    )
}

amd64_kernel module-attribute ¤

amd64_kernel = KernelRegisterSet(
    segments=SegmentRegisters(["cs", "ss", "ds", "es", "fs", "gs"]),
    controls={
        "cr0": BitFlags([("PE", 0), ("WP", 16), ("PG", 31)]),
        "cr3": AddressingRegister("cr3", False),
        "cr4": BitFlags(
            [
                ("UMIP", 11),
                ("FSGSBASE", 16),
                ("SMEP", 20),
                ("SMAP", 21),
                ("PKE", 22),
                ("CET", 23),
                ("PKS", 24),
            ]
        ),
    },
    msrs={
        "efer": BitFlags([("NXE", 11)]),
        "gs_base": AddressingRegister("gs_base", True),
        "fs_base": AddressingRegister("fs_base", True),
    },
)

amd64 module-attribute ¤

amd64 = RegisterSet(
    pc=Reg("rip"),
    stack=Reg(
        "rsp",
        8,
        subregisters=(
            Reg("esp", 4, 0, zero_extend_writes=True),
            Reg("sp", 2, 0),
            Reg("spl", 1, 0),
        ),
    ),
    frame=Reg(
        "rbp",
        8,
        subregisters=(
            Reg("ebp", 4, 0, zero_extend_writes=True),
            Reg("bp", 2, 0),
            Reg("bpl", 1, 0),
        ),
    ),
    flags=x86flags,
    gpr=(
        Reg(
            "rax",
            8,
            subregisters=(
                Reg("eax", 4, 0, zero_extend_writes=True),
                Reg("ax", 2, 0),
                Reg("ah", 1, 1),
                Reg("al", 1, 0),
            ),
        ),
        Reg(
            "rbx",
            8,
            subregisters=(
                Reg("ebx", 4, 0, zero_extend_writes=True),
                Reg("bx", 2, 0),
                Reg("bh", 1, 1),
                Reg("bl", 1, 0),
            ),
        ),
        Reg(
            "rcx",
            8,
            subregisters=(
                Reg("ecx", 4, 0, zero_extend_writes=True),
                Reg("cx", 2, 0),
                Reg("ch", 1, 1),
                Reg("cl", 1, 0),
            ),
        ),
        Reg(
            "rdx",
            8,
            subregisters=(
                Reg("edx", 4, 0, zero_extend_writes=True),
                Reg("dx", 2, 0),
                Reg("dh", 1, 1),
                Reg("dl", 1, 0),
            ),
        ),
        Reg(
            "rdi",
            8,
            subregisters=(
                Reg("edi", 4, 0, zero_extend_writes=True),
                Reg("di", 2, 0),
                Reg("dil", 1, 0),
            ),
        ),
        Reg(
            "rsi",
            8,
            subregisters=(
                Reg("esi", 4, 0, zero_extend_writes=True),
                Reg("si", 2, 0),
                Reg("sil", 1, 0),
            ),
        ),
        Reg(
            "r8",
            8,
            subregisters=(
                Reg("r8d", 4, 0, zero_extend_writes=True),
                Reg("r8w", 2, 0),
                Reg("r8b", 1, 0),
            ),
        ),
        Reg(
            "r9",
            8,
            subregisters=(
                Reg("r9d", 4, 0, zero_extend_writes=True),
                Reg("r9w", 2, 0),
                Reg("r9b", 1, 0),
            ),
        ),
        Reg(
            "r10",
            8,
            subregisters=(
                Reg("r10d", 4, 0, zero_extend_writes=True),
                Reg("r10w", 2, 0),
                Reg("r10b", 1, 0),
            ),
        ),
        Reg(
            "r11",
            8,
            subregisters=(
                Reg("r11d", 4, 0, zero_extend_writes=True),
                Reg("r11w", 2, 0),
                Reg("r11b", 1, 0),
            ),
        ),
        Reg(
            "r12",
            8,
            subregisters=(
                Reg("r12d", 4, 0, zero_extend_writes=True),
                Reg("r12w", 2, 0),
                Reg("r12b", 1, 0),
            ),
        ),
        Reg(
            "r13",
            8,
            subregisters=(
                Reg("r13d", 4, 0, zero_extend_writes=True),
                Reg("r13w", 2, 0),
                Reg("r13b", 1, 0),
            ),
        ),
        Reg(
            "r14",
            8,
            subregisters=(
                Reg("r14d", 4, 0, zero_extend_writes=True),
                Reg("r14w", 2, 0),
                Reg("r14b", 1, 0),
            ),
        ),
        Reg(
            "r15",
            8,
            subregisters=(
                Reg("r15d", 4, 0, zero_extend_writes=True),
                Reg("r15w", 2, 0),
                Reg("r15b", 1, 0),
            ),
        ),
    ),
    misc=("cs", "ss", "ds", "es", "fs", "gs", "fs_base", "gs_base", "ip"),
    kernel=amd64_kernel,
    args=("rdi", "rsi", "rdx", "rcx", "r8", "r9"),
    retval="rax",
)

i386 module-attribute ¤

i386 = RegisterSet(
    pc=Reg("eip"),
    stack=Reg("esp", 4, subregisters=(Reg("sp", 2, 0),)),
    frame=Reg("ebp", 4, subregisters=(Reg("bp", 2, 0),)),
    flags=x86flags,
    gpr=(
        Reg(
            "eax",
            4,
            subregisters=(Reg("ax", 2, 0), Reg("ah", 1, 1), Reg("al", 1, 0)),
        ),
        Reg(
            "ebx",
            4,
            subregisters=(Reg("bx", 2, 0), Reg("bh", 1, 1), Reg("bl", 1, 0)),
        ),
        Reg(
            "ecx",
            4,
            subregisters=(Reg("cx", 2, 0), Reg("ch", 1, 1), Reg("cl", 1, 0)),
        ),
        Reg(
            "edx",
            4,
            subregisters=(Reg("dx", 2, 0), Reg("dh", 1, 1), Reg("dl", 1, 0)),
        ),
        Reg("edi", 4, subregisters=(Reg("di", 2, 0),)),
        Reg("esi", 4, subregisters=(Reg("si", 2, 0),)),
    ),
    misc=("cs", "ss", "ds", "es", "fs", "gs", "fs_base", "gs_base", "ip"),
    retval="eax",
)

powerpc module-attribute ¤

powerpc = RegisterSet(
    retaddr=(Reg("lr"),),
    flags={"msr": BitFlags(), "xer": BitFlags()},
    gpr=(
        Reg("r0"),
        Reg("r1"),
        Reg("r2"),
        Reg("r3"),
        Reg("r4"),
        Reg("r5"),
        Reg("r6"),
        Reg("r7"),
        Reg("r8"),
        Reg("r9"),
        Reg("r10"),
        Reg("r11"),
        Reg("r12"),
        Reg("r13"),
        Reg("r14"),
        Reg("r15"),
        Reg("r16"),
        Reg("r17"),
        Reg("r18"),
        Reg("r19"),
        Reg("r20"),
        Reg("r21"),
        Reg("r22"),
        Reg("r23"),
        Reg("r24"),
        Reg("r25"),
        Reg("r26"),
        Reg("r27"),
        Reg("r28"),
        Reg("r29"),
        Reg("r30"),
        Reg("r31"),
        Reg("cr"),
        Reg("ctr"),
    ),
    args=("r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"),
    retval="r3",
)

sparc module-attribute ¤

sparc = RegisterSet(
    stack=Reg("sp"),
    frame=Reg("fp"),
    retaddr=(Reg("i7"),),
    flags={"psr": BitFlags()},
    gpr=(
        Reg("g1"),
        Reg("g2"),
        Reg("g3"),
        Reg("g4"),
        Reg("g5"),
        Reg("g6"),
        Reg("g7"),
        Reg("o0"),
        Reg("o1"),
        Reg("o2"),
        Reg("o3"),
        Reg("o4"),
        Reg("o5"),
        Reg("o7"),
        Reg("l0"),
        Reg("l1"),
        Reg("l2"),
        Reg("l3"),
        Reg("l4"),
        Reg("l5"),
        Reg("l6"),
        Reg("l7"),
        Reg("i0"),
        Reg("i1"),
        Reg("i2"),
        Reg("i3"),
        Reg("i4"),
        Reg("i5"),
    ),
    args=("i0", "i1", "i2", "i3", "i4", "i5"),
    retval="o0",
)

mips module-attribute ¤

mips = RegisterSet(
    frame=Reg("fp"),
    retaddr=(Reg("ra"),),
    gpr=(
        Reg("v0"),
        Reg("v1"),
        Reg("a0"),
        Reg("a1"),
        Reg("a2"),
        Reg("a3"),
        Reg("t0"),
        Reg("t1"),
        Reg("t2"),
        Reg("t3"),
        Reg("t4"),
        Reg("t5"),
        Reg("t6"),
        Reg("t7"),
        Reg("t8"),
        Reg("t9"),
        Reg("s0"),
        Reg("s1"),
        Reg("s2"),
        Reg("s3"),
        Reg("s4"),
        Reg("s5"),
        Reg("s6"),
        Reg("s7"),
        Reg("s8"),
        Reg("gp"),
    ),
    args=("a0", "a1", "a2", "a3"),
    retval="v0",
)

riscv module-attribute ¤

riscv = RegisterSet(
    pc=Reg("pc"),
    stack=Reg("sp"),
    retaddr=(Reg("ra"),),
    gpr=(
        Reg("gp"),
        Reg("tp"),
        Reg("t0"),
        Reg("t1"),
        Reg("t2"),
        Reg("s0"),
        Reg("s1"),
        Reg("a0"),
        Reg("a1"),
        Reg("a2"),
        Reg("a3"),
        Reg("a4"),
        Reg("a5"),
        Reg("a6"),
        Reg("a7"),
        Reg("s2"),
        Reg("s3"),
        Reg("s4"),
        Reg("s5"),
        Reg("s6"),
        Reg("s7"),
        Reg("s8"),
        Reg("s9"),
        Reg("s10"),
        Reg("s11"),
        Reg("t3"),
        Reg("t4"),
        Reg("t5"),
        Reg("t6"),
    ),
    args=("a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7"),
    retval="a0",
)

loongarch64 module-attribute ¤

loongarch64 = RegisterSet(
    pc=Reg("pc"),
    stack=Reg("sp"),
    frame=Reg("fp"),
    retaddr=(Reg("ra"),),
    gpr=(
        Reg("a0"),
        Reg("a1"),
        Reg("a2"),
        Reg("a3"),
        Reg("a4"),
        Reg("a5"),
        Reg("a6"),
        Reg("a7"),
        Reg("t0"),
        Reg("t1"),
        Reg("t2"),
        Reg("t3"),
        Reg("t4"),
        Reg("t5"),
        Reg("t6"),
        Reg("t7"),
        Reg("t8"),
        Reg("s0"),
        Reg("s1"),
        Reg("s2"),
        Reg("s3"),
        Reg("s4"),
        Reg("s5"),
        Reg("s6"),
        Reg("s7"),
        Reg("s8"),
    ),
    args=("a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7"),
    misc=("tp", "r21"),
)

s390x module-attribute ¤

s390x = RegisterSet(
    pc=Reg("pc"),
    retaddr=(Reg("r14"),),
    stack=Reg("r15"),
    flags={"pswm": BitFlags()},
    gpr=(
        Reg("r0"),
        Reg("r1"),
        Reg("r2"),
        Reg("r3"),
        Reg("r4"),
        Reg("r5"),
        Reg("r6"),
        Reg("r7"),
        Reg("r8"),
        Reg("r9"),
        Reg("r10"),
        Reg("r11"),
        Reg("r12"),
        Reg("r13"),
    ),
    args=("r2", "r3", "r4", "r5", "r6"),
    retval="r2",
)

reg_sets module-attribute ¤

reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {
    "i386": i386,
    "i8086": i386,
    "x86-64": amd64,
    "rv32": riscv,
    "rv64": riscv,
    "mips": mips,
    "sparc": sparc,
    "arm": arm,
    "armcm": armcm,
    "aarch64": aarch64,
    "powerpc": powerpc,
    "loongarch64": loongarch64,
    "s390x": s390x,
}

RegisterContextProtocol ¤

Bases: Protocol

Methods:

flag_register_context ¤

flag_register_context(reg: str, bit_flags: BitFlags) -> str | None

addressing_register_context ¤

addressing_register_context(reg: str, is_virtual: bool) -> str | None

segment_registers_context ¤

segment_registers_context(regs: list[str]) -> str | None

VisitableRegister ¤

Bases: Protocol

Methods:

context ¤

context(rc: RegisterContextProtocol) -> str | None

BitFlags ¤

BitFlags(flags: list[tuple[str, int | tuple[int, int]]] = [])

Bases: VisitableRegister

Methods:

Attributes:

  • regname (str) –
  • flags (OrderedDict[str, int | tuple[int, int]]) –
  • value (int) –

regname instance-attribute ¤

regname: str = ''

flags instance-attribute ¤

flags: OrderedDict[str, int | tuple[int, int]] = OrderedDict()

value instance-attribute ¤

value: int = 0

__getattr__ ¤

__getattr__(name: str)

__getitem__ ¤

__getitem__(key: str) -> int

__setitem__ ¤

__setitem__(key: str, value: int) -> None

__delitem__ ¤

__delitem__(key: str)

__iter__ ¤

__iter__()

__len__ ¤

__len__()

__repr__ ¤

__repr__()

update ¤

update(regname: str) -> None

context ¤

context(rc: RegisterContextProtocol) -> str | None

AddressingRegister ¤

AddressingRegister(reg: str, is_virtual: bool)

Bases: VisitableRegister

Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase

Methods:

Attributes:

reg instance-attribute ¤

reg: str = reg

value instance-attribute ¤

value: int = 0

is_virtual instance-attribute ¤

is_virtual: bool = is_virtual

update ¤

update(regname: str) -> None

context ¤

context(rc: RegisterContextProtocol) -> str | None

SegmentRegisters ¤

SegmentRegisters(regs: list[str])

Bases: VisitableRegister

Represents the x86 segment register set

Methods:

Attributes:

  • regs (list[str]) –

regs instance-attribute ¤

regs: list[str] = regs

context ¤

context(rc: RegisterContextProtocol) -> str | None

KernelRegisterSet ¤

KernelRegisterSet(
    segments: SegmentRegisters,
    controls: dict[str, BitFlags | AddressingRegister] = {},
    msrs: dict[str, BitFlags | AddressingRegister] = {},
)

additional registers that are useful when pwning kernels used only for x86-64 for now

Attributes:

segments instance-attribute ¤

segments: SegmentRegisters = segments

controls instance-attribute ¤

controls: dict[str, BitFlags | AddressingRegister] = controls

msrs instance-attribute ¤

msrs: dict[str, BitFlags | AddressingRegister] = msrs

UnicornRegisterWrite dataclass ¤

UnicornRegisterWrite(name: str, force_write: bool)

Represent a register to write to the Unicorn emulator.

Attributes:

name instance-attribute ¤

name: str

force_write instance-attribute ¤

force_write: bool

Reg dataclass ¤

Reg(
    name: str,
    size: int | None = None,
    offset: int = 0,
    zero_extend_writes: bool = False,
    subregisters: tuple[Reg, ...] = (),
    mask: int | None = None,
)

Methods:

Attributes:

  • name (str) –
  • size (int | None) –

    Register width in bytes. None if the register size is arch.ptrsize

  • offset (int) –

    Relevant for subregisters - the offset of this register in the main register

  • zero_extend_writes (bool) –

    Upon writing a value to this subregister, are the higher bits of the full register zeroed out?

  • subregisters (tuple[Reg, ...]) –

    Bitmask for register. None if the register size is arch.ptrsize

  • mask (int | None) –

name instance-attribute ¤

name: str

size class-attribute instance-attribute ¤

size: int | None = None

Register width in bytes. None if the register size is arch.ptrsize

offset class-attribute instance-attribute ¤

offset: int = 0

Relevant for subregisters - the offset of this register in the main register

zero_extend_writes class-attribute instance-attribute ¤

zero_extend_writes: bool = False

Upon writing a value to this subregister, are the higher bits of the full register zeroed out?

subregisters class-attribute instance-attribute ¤

subregisters: tuple[Reg, ...] = ()

Bitmask for register. None if the register size is arch.ptrsize

mask class-attribute instance-attribute ¤

mask: int | None = None

__post_init__ ¤

__post_init__() -> None

RegisterSet ¤

RegisterSet(
    pc: Reg = Reg("pc"),
    stack: Reg = Reg("sp"),
    frame: Reg | None = None,
    retaddr: tuple[Reg, ...] = (),
    flags: dict[str, BitFlags] = {},
    extra_flags: dict[str, BitFlags] = {},
    gpr: tuple[Reg, ...] = (),
    misc: tuple[str, ...] = (),
    args: tuple[str, ...] = (),
    kernel: KernelRegisterSet | None = None,
    retval: str | None = None,
)

Methods:

Attributes:

  • pc (str) –

    Program counter register

  • stack (str) –

    Stack pointer register

  • frame (str | None) –

    Frame pointer register

  • retaddr (tuple[str, ...]) –

    Return address register

  • flags (dict[str, BitFlags]) –

    Maps name of flag register (eflags, cpsr) to a structure detailing what the bits mean

  • extra_flags
  • gpr (tuple[str, ...]) –

    List of native-size general-purpose registers

  • misc (tuple[str, ...]) –

    List of miscellaneous, valid registers

  • args (tuple[str, ...]) –

    Register-based arguments for most common ABI

  • retval (str | None) –

    Return value register

  • kernel (KernelRegisterSet | None) –

    Extra registers for kernel debugging

  • reg_definitions (dict[str, Reg]) –

    Map of register name to Reg objects containing information on the register

  • full_register_lookup (dict[str, Reg]) –

    Map of register name to the full register it resides in.

  • common (list[str]) –

    Common registers which should be displayed in the register context

  • emulated_regs_order (list[UnicornRegisterWrite]) –
  • all (set[str]) –

    All valid registers

  • special_aliases (dict[str, str]) –

    Contains two values:

pc instance-attribute ¤

pc: str = name

Program counter register

stack instance-attribute ¤

stack: str = name

Stack pointer register

frame class-attribute instance-attribute ¤

frame: str | None = name if frame else None

Frame pointer register

retaddr instance-attribute ¤

retaddr: tuple[str, ...] = tuple((name) for x in retaddr)

Return address register

flags instance-attribute ¤

flags: dict[str, BitFlags] = flags

Maps name of flag register (eflags, cpsr) to a structure detailing what the bits mean

extra_flags instance-attribute ¤

extra_flags = extra_flags

gpr instance-attribute ¤

gpr: tuple[str, ...] = tuple((name) for x in gpr)

List of native-size general-purpose registers

misc instance-attribute ¤

misc: tuple[str, ...] = misc

List of miscellaneous, valid registers

args instance-attribute ¤

args: tuple[str, ...] = args

Register-based arguments for most common ABI

retval instance-attribute ¤

retval: str | None = retval

Return value register

kernel instance-attribute ¤

kernel: KernelRegisterSet | None = kernel

Extra registers for kernel debugging

reg_definitions instance-attribute ¤

reg_definitions: dict[str, Reg] = {}

Map of register name to Reg objects containing information on the register

full_register_lookup instance-attribute ¤

full_register_lookup: dict[str, Reg] = {}

Map of register name to the full register it resides in. Example mapping: "eax" -> Reg("rax")

A full size register maps to itself.

common class-attribute instance-attribute ¤

common: list[str] = []

Common registers which should be displayed in the register context

emulated_regs_order instance-attribute ¤

emulated_regs_order: list[UnicornRegisterWrite] = []

all instance-attribute ¤

all: set[str] = (
    set(misc)
    | set(flags)
    | set(extra_flags)
    | set(retaddr)
    | set(common)
    | set(all_subregisters)
)

All valid registers

special_aliases instance-attribute ¤

special_aliases: dict[str, str] = {}

Contains two values: - "sp" -> stack pointer register name - "pc" -> instruction pointer register name

resolve_aliases ¤

resolve_aliases(reg: str) -> str

Convert "sp" and "pc" to the real architectural registers. For all others, returns reg

__contains__ ¤

__contains__(reg: str) -> bool

__iter__ ¤

__iter__() -> Iterator[str]

PseudoEmulatedRegisterFile ¤

PseudoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)

This class represents a set of registers that can be written, read, and invalidated.

The aim is to allow some manual dynamic/static analysis without the need for a full emulator.

The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has "eax", "ax", "ah", and "al" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.

Methods:

Attributes:

  • register_set (RegisterSet) –
  • ptrsize (int) –
  • masks (defaultdict[str, int]) –

    Map of register name to bitmask indicating what bits of the register we know the value of.

  • values (defaultdict[str, int]) –

    Map of register to the value we know it to have.

register_set instance-attribute ¤

register_set: RegisterSet = register_set

ptrsize instance-attribute ¤

ptrsize: int = ptrsize

masks instance-attribute ¤

masks: defaultdict[str, int] = defaultdict(int)

Map of register name to bitmask indicating what bits of the register we know the value of.

Example: { "rax": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the "ax" register. Any attempt to read any other bits returns None. In this case, we can read from "ax", "ah", and "al", but not "eax" or "rax".

values instance-attribute ¤

values: defaultdict[str, int] = defaultdict(int)

Map of register to the value we know it to have.

write_register ¤

write_register(
    reg: str,
    value: int,
    source_width: int | None = None,
    sign_extend: bool = False,
) -> None

source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.

Examples:

movsbl EAX, AL // sign extend 1 byte register to 4 byte register movzbl EAX, AL // zero extend

Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.

read_register ¤

read_register(reg: str) -> int | None

invalidate_all_registers ¤

invalidate_all_registers() -> None

invalidate_register ¤

invalidate_register(reg: str) -> None

Invalidate the bits that a write to this register would override.

This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.

__repr__ ¤

__repr__() -> str