596b1f5·Author: Alexandro Sanchez·Closed by: dennisaa·2017-06-30
Description
Support for address-taken and switch detection passes on PowerPC (32-bits).
One thing you might want to check: I added an id member to Instruction as the new passes need to detect patterns. While I don't like the idea of having Capstone-specific constants there, I don't think there's an alternative (plus, there's already Capstone constants in the Operand class)
I've tested it with a collection of binaries and it works fine, and I was able to detect switch statements when the jumptable-address word constants are part of the code before applying relocations. Unfortunately, that seems not to be the case. Usually the code looks like:
lis rN, 0
addis rN, rN, 0
And applying relocations replace those 0s by the corresponding .entry@ha, .entry@l. Probably we could use BFD to solve that, although I haven't heard many good things about relocation support on BFD. I'll look how it goes and update the PR is appropriate (ETA: 1 day).
One question: How easy would it be to cross-compile your test collection into ARM, MIPS, PPC? It could save me some time.
Support for address-taken and switch detection passes on PowerPC (32-bits).
One thing you might want to check: I added an
idmember toInstructionas the new passes need to detect patterns. While I don't like the idea of having Capstone-specific constants there, I don't think there's an alternative (plus, there's already Capstone constants in the Operand class)I've tested it with a collection of binaries and it works fine, and I was able to detect switch statements when the jumptable-address word constants are part of the code before applying relocations. Unfortunately, that seems not to be the case. Usually the code looks like:
lis rN, 0 addis rN, rN, 0And applying relocations replace those
0s by the corresponding.entry@ha,.entry@l. Probably we could use BFD to solve that, although I haven't heard many good things about relocation support on BFD. I'll look how it goes and update the PR is appropriate (ETA: 1 day).One question: How easy would it be to cross-compile your test collection into ARM, MIPS, PPC? It could save me some time.