Skip to content

x86 ¤

Classes:

Attributes:

groups module-attribute ¤

groups = {v: _Efor (k, v) in items() if startswith('X86_GRP_')}

ops module-attribute ¤

ops = {v: _5for (k, v) in items() if startswith('X86_OP_')}

regs module-attribute ¤

regs = {v: _Bfor (k, v) in items() if startswith('X86_REG_')}

access module-attribute ¤

access = {v: _Nfor (k, v) in items() if startswith('CS_AC_')}

X86_MATH_INSTRUCTIONS module-attribute ¤

X86_MATH_INSTRUCTIONS = {
    X86_INS_ADD: "+",
    X86_INS_SUB: "-",
    X86_INS_AND: "&",
    X86_INS_OR: "|",
}

X86DisassemblyAssistant ¤

X86DisassemblyAssistant(architecture)

Bases: DisassemblyAssistant

Methods:

Attributes:

annotation_handlers instance-attribute ¤

annotation_handlers: dict[
    int, Callable[[PwndbgInstruction, Emulator], None]
] = {
    X86_INS_MOV: handle_mov,
    X86_INS_MOVABS: handle_mov,
    X86_INS_MOVZX: handle_mov,
    X86_INS_MOVD: handle_mov,
    X86_INS_MOVQ: handle_mov,
    X86_INS_MOVSXD: handle_mov,
    X86_INS_MOVSX: handle_mov,
    X86_INS_MOVAPS: handle_vmovaps,
    X86_INS_VMOVAPS: handle_vmovaps,
    X86_INS_LEA: handle_lea,
    X86_INS_XCHG: handle_xchg,
    X86_INS_POP: handle_pop,
    X86_INS_CMP: _common_cmp_annotator_builder("eflags", "-"),
    X86_INS_TEST: _common_cmp_annotator_builder("eflags", "&"),
    X86_INS_XOR: handle_xor,
    X86_INS_INC: handle_inc,
    X86_INS_DEC: handle_dec,
}

architecture instance-attribute ¤

architecture: PWNDBG_SUPPORTED_ARCHITECTURES_TYPE = architecture

op_handlers instance-attribute ¤

op_handlers: dict[
    int, Callable[[PwndbgInstruction, EnhancedOperand, Emulator], int | None]
] = {
    CS_OP_IMM: _parse_immediate,
    CS_OP_REG: _parse_register,
    CS_OP_MEM: _parse_memory,
}

op_names instance-attribute ¤

op_names: dict[
    int, Callable[[PwndbgInstruction, EnhancedOperand], str | None]
] = {
    CS_OP_IMM: _immediate_string,
    CS_OP_REG: _register_string,
    CS_OP_MEM: _memory_string,
}

handle_mov ¤

handle_mov(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_vmovaps ¤

handle_vmovaps(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_lea ¤

handle_lea(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_xchg ¤

handle_xchg(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_pop ¤

handle_pop(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_xor ¤

handle_xor(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_inc ¤

handle_inc(instruction: PwndbgInstruction, emu: Emulator) -> None

handle_dec ¤

handle_dec(instruction: PwndbgInstruction, emu: Emulator) -> None

memory_string_with_components_resolved ¤

memory_string_with_components_resolved(
    instruction: PwndbgInstruction, op: EnhancedOperand
)

enhance ¤

enhance(instruction: PwndbgInstruction, emu: Emulator = None) -> None

Enhance the instruction - resolving branch targets, conditionals, and adding annotations

This is the only public method that should be called on this object externally.

can_reason_about_process_state ¤

can_reason_about_process_state(instruction: PwndbgInstruction) -> bool

Determine if the program counter of the process equals the address of the instruction being enhanced. If so, it means we can safely reason and read from registers and memory to enhance values that we can add to the annotation string. This becomes relevent when NOT emulating, and is meant to allow more details when the PC is at the instruction being enhanced

dump ¤

dump(instruction: PwndbgInstruction)

Debug-only method.