Reading register value from the inferior, and provides a standardized interface to registers like "sp" and "pc".
Classes:
-
BitFlags– -
AddressingRegister–Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
-
SegmentRegisters–Represents the x86 segment register set
-
KernelRegisterSet–additional registers that are useful when pwning kernels
-
UnicornRegisterWrite–Represent a register to write to the Unicorn emulator.
-
Reg– -
RegisterSet– -
PsuedoEmulatedRegisterFile–This class represents a set of registers that can be written, read, and invalidated.
Attributes:
-
arm_cpsr_flags– -
arm_xpsr_flags– -
aarch64_cpsr_flags– -
aarch64_sctlr_flags– -
aarch64_scr_flags– -
arm– -
armcm– -
aarch64– -
x86flags– -
amd64_kernel– -
amd64– -
i386– -
powerpc– -
sparc– -
mips– -
riscv– -
loongarch64– -
s390x– -
reg_sets(dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet]) –
module-attribute ¤
arm_cpsr_flags = BitFlags(
[
("N", 31),
("Z", 30),
("C", 29),
("V", 28),
("Q", 27),
("J", 24),
("T", 5),
("E", 9),
("A", 8),
("I", 7),
("F", 6),
]
)
module-attribute ¤
arm_xpsr_flags = BitFlags(
[("N", 31), ("Z", 30), ("C", 29), ("V", 28), ("Q", 27), ("T", 24)]
)
module-attribute ¤
aarch64_cpsr_flags = BitFlags(
[
("N", 31),
("Z", 30),
("C", 29),
("V", 28),
("Q", 27),
("PAN", 22),
("IL", 20),
("D", 9),
("A", 8),
("I", 7),
("F", 6),
("EL", (2, 2)),
("SP", 0),
]
)
module-attribute ¤
aarch64_sctlr_flags = BitFlags(
[
("TIDCP", 63),
("SPINTMASK", 62),
("NMI", 61),
("EPAN", 57),
("ATA0", 43),
("ATA0", 42),
("TCF", (40, 2)),
("TCF0", (38, 2)),
("ITFSB", 37),
("BT1", 36),
("BT0", 35),
("EnIA", 31),
("EnIB", 30),
("EnDA", 27),
("UCI", 26),
("EE", 25),
("E0E", 24),
("SPAN", 23),
("TSCXT", 20),
("WXN", 19),
("nTWE", 18),
("nTWI", 16),
("UCT", 15),
("DZE", 14),
("EnDB", 13),
("I", 12),
("UMA", 9),
("SED", 8),
("ITD", 7),
("nAA", 6),
("CP15BEN", 5),
("SA0", 4),
("SA", 3),
("C", 2),
("A", 1),
("M", 0),
]
)
module-attribute ¤
aarch64_scr_flags = BitFlags(
[("HCE", 8), ("SMD", 7), ("EA", 3), ("FIQ", 2), ("IRQ", 1), ("NS", 0)]
)
module-attribute ¤
arm = RegisterSet(
retaddr=(Reg("lr", 4),),
flags={"cpsr": arm_cpsr_flags},
gpr=(
Reg("r0", 4),
Reg("r1", 4),
Reg("r2", 4),
Reg("r3", 4),
Reg("r4", 4),
Reg("r5", 4),
Reg("r6", 4),
Reg("r7", 4),
Reg("r8", 4),
Reg("r9", 4),
Reg("r10", 4),
Reg("r11", 4),
Reg("r12", 4),
),
args=("r0", "r1", "r2", "r3"),
retval="r0",
)
module-attribute ¤
armcm = RegisterSet(
retaddr=(Reg("lr", 4),),
flags={"xpsr": arm_xpsr_flags},
gpr=(
Reg("r0", 4),
Reg("r1", 4),
Reg("r2", 4),
Reg("r3", 4),
Reg("r4", 4),
Reg("r5", 4),
Reg("r6", 4),
Reg("r7", 4),
Reg("r8", 4),
Reg("r9", 4),
Reg("r10", 4),
Reg("r11", 4),
Reg("r12", 4),
),
args=("r0", "r1", "r2", "r3"),
retval="r0",
)
module-attribute ¤
aarch64 = RegisterSet(
retaddr=(Reg("lr", 8),),
flags={"cpsr": aarch64_cpsr_flags},
extra_flags={
"scr_el3": aarch64_scr_flags,
"sctlr": aarch64_sctlr_flags,
"sctlr_el2": aarch64_sctlr_flags,
"sctlr_el3": aarch64_sctlr_flags,
"spsr_el1": aarch64_cpsr_flags,
"spsr_el2": aarch64_cpsr_flags,
"spsr_el3": aarch64_cpsr_flags,
},
gpr=(
Reg("x0", 8, subregisters=(Reg("w0", 4, zero_extend_writes=True),)),
Reg("x1", 8, subregisters=(Reg("w1", 4, zero_extend_writes=True),)),
Reg("x2", 8, subregisters=(Reg("w2", 4, zero_extend_writes=True),)),
Reg("x3", 8, subregisters=(Reg("w3", 4, zero_extend_writes=True),)),
Reg("x4", 8, subregisters=(Reg("w4", 4, zero_extend_writes=True),)),
Reg("x5", 8, subregisters=(Reg("w5", 4, zero_extend_writes=True),)),
Reg("x6", 8, subregisters=(Reg("w6", 4, zero_extend_writes=True),)),
Reg("x7", 8, subregisters=(Reg("w7", 4, zero_extend_writes=True),)),
Reg("x8", 8, subregisters=(Reg("w8", 4, zero_extend_writes=True),)),
Reg("x9", 8, subregisters=(Reg("w9", 4, zero_extend_writes=True),)),
Reg("x10", 8, subregisters=(Reg("w10", 4, zero_extend_writes=True),)),
Reg("x11", 8, subregisters=(Reg("w11", 4, zero_extend_writes=True),)),
Reg("x12", 8, subregisters=(Reg("w12", 4, zero_extend_writes=True),)),
Reg("x13", 8, subregisters=(Reg("w13", 4, zero_extend_writes=True),)),
Reg("x14", 8, subregisters=(Reg("w14", 4, zero_extend_writes=True),)),
Reg("x15", 8, subregisters=(Reg("w15", 4, zero_extend_writes=True),)),
Reg("x16", 8, subregisters=(Reg("w16", 4, zero_extend_writes=True),)),
Reg("x17", 8, subregisters=(Reg("w17", 4, zero_extend_writes=True),)),
Reg("x18", 8, subregisters=(Reg("w18", 4, zero_extend_writes=True),)),
Reg("x19", 8, subregisters=(Reg("w19", 4, zero_extend_writes=True),)),
Reg("x20", 8, subregisters=(Reg("w20", 4, zero_extend_writes=True),)),
Reg("x21", 8, subregisters=(Reg("w21", 4, zero_extend_writes=True),)),
Reg("x22", 8, subregisters=(Reg("w22", 4, zero_extend_writes=True),)),
Reg("x23", 8, subregisters=(Reg("w23", 4, zero_extend_writes=True),)),
Reg("x24", 8, subregisters=(Reg("w24", 4, zero_extend_writes=True),)),
Reg("x25", 8, subregisters=(Reg("w25", 4, zero_extend_writes=True),)),
Reg("x26", 8, subregisters=(Reg("w26", 4, zero_extend_writes=True),)),
Reg("x27", 8, subregisters=(Reg("w27", 4, zero_extend_writes=True),)),
Reg("x28", 8, subregisters=(Reg("w28", 4, zero_extend_writes=True),)),
Reg("x29", 8, subregisters=(Reg("w29", 4, zero_extend_writes=True),)),
),
args=("x0", "x1", "x2", "x3"),
retval="x0",
)
module-attribute ¤
x86flags = {
"eflags": BitFlags(
[
("CF", 0),
("PF", 2),
("AF", 4),
("ZF", 6),
("SF", 7),
("IF", 9),
("DF", 10),
("OF", 11),
("AC", 18),
]
)
}
module-attribute ¤
amd64_kernel = KernelRegisterSet(
segments=SegmentRegisters(["cs", "ss", "ds", "es", "fs", "gs"]),
controls={
"cr0": BitFlags([("PE", 0), ("WP", 16), ("PG", 31)]),
"cr3": AddressingRegister("cr3", False),
"cr4": BitFlags(
[
("UMIP", 11),
("FSGSBASE", 16),
("SMEP", 20),
("SMAP", 21),
("PKE", 22),
("CET", 23),
("PKS", 24),
]
),
},
msrs={
"efer": BitFlags([("NXE", 11)]),
"gs_base": AddressingRegister("gs_base", True),
"fs_base": AddressingRegister("fs_base", True),
},
)
module-attribute ¤
amd64 = RegisterSet(
pc=Reg("rip"),
stack=Reg(
"rsp",
8,
subregisters=(
Reg("esp", 4, 0, zero_extend_writes=True),
Reg("sp", 2, 0),
Reg("spl", 1, 0),
),
),
frame=Reg(
"rbp",
8,
subregisters=(
Reg("ebp", 4, 0, zero_extend_writes=True),
Reg("bp", 2, 0),
Reg("bpl", 1, 0),
),
),
flags=x86flags,
gpr=(
Reg(
"rax",
8,
subregisters=(
Reg("eax", 4, 0, zero_extend_writes=True),
Reg("ax", 2, 0),
Reg("ah", 1, 1),
Reg("al", 1, 0),
),
),
Reg(
"rbx",
8,
subregisters=(
Reg("ebx", 4, 0, zero_extend_writes=True),
Reg("bx", 2, 0),
Reg("bh", 1, 1),
Reg("bl", 1, 0),
),
),
Reg(
"rcx",
8,
subregisters=(
Reg("ecx", 4, 0, zero_extend_writes=True),
Reg("cx", 2, 0),
Reg("ch", 1, 1),
Reg("cl", 1, 0),
),
),
Reg(
"rdx",
8,
subregisters=(
Reg("edx", 4, 0, zero_extend_writes=True),
Reg("dx", 2, 0),
Reg("dh", 1, 1),
Reg("dl", 1, 0),
),
),
Reg(
"rdi",
8,
subregisters=(
Reg("edi", 4, 0, zero_extend_writes=True),
Reg("di", 2, 0),
Reg("dil", 1, 0),
),
),
Reg(
"rsi",
8,
subregisters=(
Reg("esi", 4, 0, zero_extend_writes=True),
Reg("si", 2, 0),
Reg("sil", 1, 0),
),
),
Reg(
"r8",
8,
subregisters=(
Reg("r8d", 4, 0, zero_extend_writes=True),
Reg("r8w", 2, 0),
Reg("r8b", 1, 0),
),
),
Reg(
"r9",
8,
subregisters=(
Reg("r9d", 4, 0, zero_extend_writes=True),
Reg("r9w", 2, 0),
Reg("r9b", 1, 0),
),
),
Reg(
"r10",
8,
subregisters=(
Reg("r10d", 4, 0, zero_extend_writes=True),
Reg("r10w", 2, 0),
Reg("r10b", 1, 0),
),
),
Reg(
"r11",
8,
subregisters=(
Reg("r11d", 4, 0, zero_extend_writes=True),
Reg("r11w", 2, 0),
Reg("r11b", 1, 0),
),
),
Reg(
"r12",
8,
subregisters=(
Reg("r12d", 4, 0, zero_extend_writes=True),
Reg("r12w", 2, 0),
Reg("r12b", 1, 0),
),
),
Reg(
"r13",
8,
subregisters=(
Reg("r13d", 4, 0, zero_extend_writes=True),
Reg("r13w", 2, 0),
Reg("r13b", 1, 0),
),
),
Reg(
"r14",
8,
subregisters=(
Reg("r14d", 4, 0, zero_extend_writes=True),
Reg("r14w", 2, 0),
Reg("r14b", 1, 0),
),
),
Reg(
"r15",
8,
subregisters=(
Reg("r15d", 4, 0, zero_extend_writes=True),
Reg("r15w", 2, 0),
Reg("r15b", 1, 0),
),
),
),
misc=("cs", "ss", "ds", "es", "fs", "gs", "fs_base", "gs_base", "ip"),
kernel=amd64_kernel,
args=("rdi", "rsi", "rdx", "rcx", "r8", "r9"),
retval="rax",
)
module-attribute ¤
i386 = RegisterSet(
pc=Reg("eip"),
stack=Reg("esp", 4, subregisters=(Reg("sp", 2, 0),)),
frame=Reg("ebp", 4, subregisters=(Reg("bp", 2, 0),)),
flags=x86flags,
gpr=(
Reg(
"eax",
4,
subregisters=(Reg("ax", 2, 0), Reg("ah", 1, 1), Reg("al", 1, 0)),
),
Reg(
"ebx",
4,
subregisters=(Reg("bx", 2, 0), Reg("bh", 1, 1), Reg("bl", 1, 0)),
),
Reg(
"ecx",
4,
subregisters=(Reg("cx", 2, 0), Reg("ch", 1, 1), Reg("cl", 1, 0)),
),
Reg(
"edx",
4,
subregisters=(Reg("dx", 2, 0), Reg("dh", 1, 1), Reg("dl", 1, 0)),
),
Reg("edi", 4, subregisters=(Reg("di", 2, 0),)),
Reg("esi", 4, subregisters=(Reg("si", 2, 0),)),
),
misc=("cs", "ss", "ds", "es", "fs", "gs", "fs_base", "gs_base", "ip"),
retval="eax",
)
module-attribute ¤
powerpc = RegisterSet(
retaddr=(Reg("lr"),),
flags={"msr": BitFlags(), "xer": BitFlags()},
gpr=(
Reg("r0"),
Reg("r1"),
Reg("r2"),
Reg("r3"),
Reg("r4"),
Reg("r5"),
Reg("r6"),
Reg("r7"),
Reg("r8"),
Reg("r9"),
Reg("r10"),
Reg("r11"),
Reg("r12"),
Reg("r13"),
Reg("r14"),
Reg("r15"),
Reg("r16"),
Reg("r17"),
Reg("r18"),
Reg("r19"),
Reg("r20"),
Reg("r21"),
Reg("r22"),
Reg("r23"),
Reg("r24"),
Reg("r25"),
Reg("r26"),
Reg("r27"),
Reg("r28"),
Reg("r29"),
Reg("r30"),
Reg("r31"),
Reg("cr"),
Reg("ctr"),
),
args=("r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10"),
retval="r3",
)
module-attribute ¤
sparc = RegisterSet(
stack=Reg("sp"),
frame=Reg("fp"),
retaddr=(Reg("i7"),),
flags={"psr": BitFlags()},
gpr=(
Reg("g1"),
Reg("g2"),
Reg("g3"),
Reg("g4"),
Reg("g5"),
Reg("g6"),
Reg("g7"),
Reg("o0"),
Reg("o1"),
Reg("o2"),
Reg("o3"),
Reg("o4"),
Reg("o5"),
Reg("o7"),
Reg("l0"),
Reg("l1"),
Reg("l2"),
Reg("l3"),
Reg("l4"),
Reg("l5"),
Reg("l6"),
Reg("l7"),
Reg("i0"),
Reg("i1"),
Reg("i2"),
Reg("i3"),
Reg("i4"),
Reg("i5"),
),
args=("i0", "i1", "i2", "i3", "i4", "i5"),
retval="o0",
)
module-attribute ¤
mips = RegisterSet(
frame=Reg("fp"),
retaddr=(Reg("ra"),),
gpr=(
Reg("v0"),
Reg("v1"),
Reg("a0"),
Reg("a1"),
Reg("a2"),
Reg("a3"),
Reg("t0"),
Reg("t1"),
Reg("t2"),
Reg("t3"),
Reg("t4"),
Reg("t5"),
Reg("t6"),
Reg("t7"),
Reg("t8"),
Reg("t9"),
Reg("s0"),
Reg("s1"),
Reg("s2"),
Reg("s3"),
Reg("s4"),
Reg("s5"),
Reg("s6"),
Reg("s7"),
Reg("s8"),
Reg("gp"),
),
args=("a0", "a1", "a2", "a3"),
retval="v0",
)
module-attribute ¤
riscv = RegisterSet(
pc=Reg("pc"),
stack=Reg("sp"),
retaddr=(Reg("ra"),),
gpr=(
Reg("gp"),
Reg("tp"),
Reg("t0"),
Reg("t1"),
Reg("t2"),
Reg("s0"),
Reg("s1"),
Reg("a0"),
Reg("a1"),
Reg("a2"),
Reg("a3"),
Reg("a4"),
Reg("a5"),
Reg("a6"),
Reg("a7"),
Reg("s2"),
Reg("s3"),
Reg("s4"),
Reg("s5"),
Reg("s6"),
Reg("s7"),
Reg("s8"),
Reg("s9"),
Reg("s10"),
Reg("s11"),
Reg("t3"),
Reg("t4"),
Reg("t5"),
Reg("t6"),
),
args=("a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7"),
retval="a0",
)
module-attribute ¤
loongarch64 = RegisterSet(
pc=Reg("pc"),
stack=Reg("sp"),
frame=Reg("fp"),
retaddr=(Reg("ra"),),
gpr=(
Reg("a0"),
Reg("a1"),
Reg("a2"),
Reg("a3"),
Reg("a4"),
Reg("a5"),
Reg("a6"),
Reg("a7"),
Reg("t0"),
Reg("t1"),
Reg("t2"),
Reg("t3"),
Reg("t4"),
Reg("t5"),
Reg("t6"),
Reg("t7"),
Reg("t8"),
Reg("s0"),
Reg("s1"),
Reg("s2"),
Reg("s3"),
Reg("s4"),
Reg("s5"),
Reg("s6"),
Reg("s7"),
Reg("s8"),
),
args=("a0", "a1", "a2", "a3", "a4", "a5", "a6", "a7"),
misc=("tp", "r21"),
)
module-attribute ¤
s390x = RegisterSet(
pc=Reg("pc"),
retaddr=(Reg("r14"),),
stack=Reg("r15"),
flags={"pswm": BitFlags()},
gpr=(
Reg("r0"),
Reg("r1"),
Reg("r2"),
Reg("r3"),
Reg("r4"),
Reg("r5"),
Reg("r6"),
Reg("r7"),
Reg("r8"),
Reg("r9"),
Reg("r10"),
Reg("r11"),
Reg("r12"),
Reg("r13"),
),
args=("r2", "r3", "r4", "r5", "r6"),
retval="r2",
)
module-attribute ¤
reg_sets: dict[PWNDBG_SUPPORTED_ARCHITECTURES_TYPE, RegisterSet] = {
"i386": i386,
"i8086": i386,
"x86-64": amd64,
"rv32": riscv,
"rv64": riscv,
"mips": mips,
"sparc": sparc,
"arm": arm,
"armcm": armcm,
"aarch64": aarch64,
"powerpc": powerpc,
"loongarch64": loongarch64,
"s390x": s390x,
}
Methods:
-
__getattr__– -
__getitem__– -
__setitem__– -
__delitem__– -
__iter__– -
__len__– -
__repr__– -
update– -
context–
Attributes:
Represents a register that is used to store an address, e.g. cr3, gsbase, fsbase
Methods:
Attributes:
-
reg(str) – -
value(int) – -
is_virtual(bool) –
KernelRegisterSet(
segments: SegmentRegisters | None,
controls: dict[str, BitFlags | AddressingRegister] = {},
msrs: dict[str, BitFlags | AddressingRegister] = {},
)
additional registers that are useful when pwning kernels used only for x86-64 for now
Attributes:
-
segments(SegmentRegisters) – -
controls(dict[str, BitFlags | AddressingRegister]) – -
msrs(dict[str, BitFlags | AddressingRegister]) –
dataclass ¤
Represent a register to write to the Unicorn emulator.
Attributes:
-
name(str) – -
force_write(bool) –
dataclass ¤
Reg(
name: str,
size: int | None = None,
offset: int = 0,
zero_extend_writes: bool = False,
subregisters: tuple[Reg, ...] = (),
)
Attributes:
-
name(str) – -
size(int | None) –Register width in bytes. None if the register size is arch.ptrsize
-
offset(int) –Relevant for subregisters - the offset of this register in the main register
-
zero_extend_writes(bool) –Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
-
subregisters(tuple[Reg, ...]) –
class-attribute instance-attribute ¤
Register width in bytes. None if the register size is arch.ptrsize
class-attribute instance-attribute ¤
Relevant for subregisters - the offset of this register in the main register
class-attribute instance-attribute ¤
Upon writing a value to this subregister, are the higher bits of the full register zeroed out?
RegisterSet(
pc: Reg = Reg("pc"),
stack: Reg = Reg("sp"),
frame: Reg | None = None,
retaddr: tuple[Reg, ...] = (),
flags: dict[str, BitFlags] = {},
extra_flags: dict[str, BitFlags] = {},
gpr: tuple[Reg, ...] = (),
misc: tuple[str, ...] = (),
args: tuple[str, ...] = (),
kernel: KernelRegisterSet | None = None,
retval: str | None = None,
)
Methods:
-
__contains__– -
__iter__–
Attributes:
-
pc(str) – -
stack(str) – -
frame(str | None) – -
retaddr(tuple[str, ...]) – -
flags(dict[str, BitFlags]) – -
extra_flags– -
gpr(tuple[str, ...]) – -
misc(tuple[str, ...]) – -
args(tuple[str, ...]) – -
retval(str | None) – -
kernel(KernelRegisterSet | None) – -
reg_definitions(dict[str, Reg]) – -
full_register_lookup(dict[str, Reg]) – -
common(list[str]) – -
emulated_regs_order(list[UnicornRegisterWrite]) – -
all(set[str]) –
instance-attribute ¤
all: set[str] = (
set(misc)
| set(flags)
| set(extra_flags)
| set(retaddr)
| set(common)
| set(all_subregisters)
)
PsuedoEmulatedRegisterFile(register_set: RegisterSet, ptrsize: int)
This class represents a set of registers that can be written, read, and invalidated.
The aim is to allow some manual dynamic/static analysis without the need for a full emulator.
The implementation can handle the behavior of architectures with partial registers, such as x86 (Ex: rax has "eax", "ax", "ah", and "al" as subregisters) or AArch64 (Ex: X0 contains W0). Most of the complexity of the bitshifts and masks arise from the necessity to handle these cases.
Methods:
-
write_register–source_width is the byte width of the value's source.
-
read_register– -
invalidate_all_registers– -
invalidate_register–Invalidate the bits that a write to this register would override.
-
__repr__–
Attributes:
-
register_set(RegisterSet) – -
ptrsize(int) – -
masks(defaultdict[str, int]) –Map of register name to bitmask indicating what bits of the register we know the value of.
-
values(defaultdict[str, int]) –Map of register to the value we know it to have.
instance-attribute ¤
Map of register name to bitmask indicating what bits of the register we know the value of.
Example: { "rax": 0xFFFF } This indicates that in the RAX register, we only know the bottom 16 bits. This likely resulted from writing the "ax" register. Any attempt to read any other bits returns None. In this case, we can read from "ax", "ah", and "al", but not "eax" or "rax".
instance-attribute ¤
Map of register to the value we know it to have.
write_register(
reg: str,
value: int,
source_width: int | None = None,
sign_extend: bool = False,
) -> None
source_width is the byte width of the value's source. It should be specified when the source has a width shorter than the destination register.
Examples:
movsbl EAX, AL // sign extend 1 byte register to 4 byte register movzbl EAX, AL // zero extend
Source width would be 1, and in the first case sign_extend should be set to True. If sign_extend is False, we zero extend.
Invalidate the bits that a write to this register would override.
This can be used when we statically detect that a register is written, but we don't know the concrete value that is written so we have to invalidate any current knowledge of the register's bits.