flopz.arch.ia32 package

Submodules

flopz.arch.ia32.addressing module

class AddressExpression(base=None, index=None, scale=None, displacement=0)

Bases: object

Class to represent various arithmetic register combinations.

Combining registers through addition, subtraction or multiplication will result in an AddressExpression. Address Expressions are composed of a base register holding the base address, an index register and a scale added to the base address (+ scale * index), and a displacement value from the resulting address. Index and scale without a base or a base without index and scale are both valid, but one has to be set. A displacement is optional.

Parameters

base (Optional[IA32Register]) – The base register.
index (Optional[IA32Register]) – The index register.
scale (Optional[int]) – Scaling factor for the index register content. Can be 1, 2, 4 or 8.
displacement (int) – Signed offset from the address resulting from the other parameters( [base] + scale * [index]).

class IA32RegType(value)

Bases: enum.IntEnum

Enumerating the different register types in ia32 architectures.

EFLAGS = 2

EIP = 3

FPU = 4

GENERAL_PURPOSE = 0

MMX = 5

SEGMENT = 1

XMM = 6

class IA32Register(name, val, reg_type, bit_size, is_high=False)

Bases: flopz.arch.register.Register

Class to represent IA32 registers.

A little more differentiation options are needed for these registers as some can influence the presence of the REX byte. Additionally, a Descriptor is added to access the value.

Parameters

name (str) –
val (int) –
reg_type (IntEnum) –
bit_size (int) –

get_val()

is_high()

requires_rex()

Checks if the register requires a REX byte to be encodeable.

Some registers require a REX byte to be present in the instruction, even if no flags in the REX byte are set. This is needed because they share their encoded value with the high halves of the a, c, d & b registers and the presence of the REX byte is used to distinguish between the two cases.

val

Descriptor class to access IA32Register values.

For the IA32 architecture the high halves of the first four registers is possible for 8bit operand instructions. These are encoded as the encoding for the lower register value +4. This Descriptor handles the increase of the value if the targeted register is high.

class MemoryAddress(size, addr_expr)

Bases: flopz.arch.ia32.addressing.AddressExpression

Combines a AddressExpression with an operand size.

To be able to correctly address memory in IA32, not only is an address resulting from an AddressExpression necessary. As the instructions need to encode the operand size, this information is also required to fully create valid instructions.

Parameters

size (int) –
addr_expr (AddressExpression) –

get_encoding(opcode=None)

Returns the bytes that encode the MemoryAddress.

Returns the ModRM byte and optionally SIB and displacement bytes to encode the MemoryAddress. Also sets the necessary bits in the REX byte belonging to the opcode object if the ModRM or SIB encoding requires it.

Parameters: opcode (Optional[IA32Opcode]) –
Return type: Tuple[ModRM, Optional[SIB], Optional[Displacement]]

class MemoryAddressFactory

Bases: object

Combines a bitsize and an AddressExpression to form a MemoryAddress.

Used to add operand sizes to AddressExpressions with nice syntax. This class is added to the architecture as an attribute. This will allow to write instructions targeting memory addresses with a similar syntax like writing instructions that target the registers themselves.

class ValueDescriptor

Bases: object

Descriptor class to access IA32Register values.

For the IA32 architecture the high halves of the first four registers is possible for 8bit operand instructions. These are encoded as the encoding for the lower register value +4. This Descriptor handles the increase of the value if the targeted register is high.

flopz.arch.ia32.auto_instructions module

class AND(dst, src)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

dst (Union[IA32Register, MemoryAddress]) –
src (Union[IA32Register, MemoryAddress, int]) –

class Add(dst, src)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

dst (Union[IA32Register, MemoryAddress]) –
src (Union[IA32Register, MemoryAddress, int]) –

class IA32AutoInstruction

Bases: flopz.arch.auto_instruction.AutoInstruction

expand()

Return type: List[IA32Instruction]
Returns: Regular instructions.

class Jcc(cond, rel)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

cond (Cond) –
rel (int) –

class Jmp(addr)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters: addr (Union[IA32Register, MemoryAddress]) –

class Mov(dst, src): Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

class OR(dst, src)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

dst (Union[IA32Register, MemoryAddress]) –
src (Union[IA32Register, MemoryAddress, int]) –

class SAL(target, shift)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

target (Union[IA32Register, MemoryAddress]) –
shift (int) –

class SAR(target, shift)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

target (Union[IA32Register, MemoryAddress]) –
shift (int) –

class SHL(target, shift)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

target (Union[IA32Register, MemoryAddress]) –
shift (int) –

class SHR(target, shift)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

target (Union[IA32Register, MemoryAddress]) –
shift (int) –

class XOR(dst, src)

Bases: flopz.arch.ia32.auto_instructions.IA32AutoInstruction

Parameters

dst (Union[IA32Register, MemoryAddress]) –
src (Union[IA32Register, MemoryAddress, int]) –

flopz.arch.ia32.conditionals module

class Cond(value)

Bases: enum.IntEnum

An enumeration.

A = 7

AE = 3

B = 2

BE = 6

C = 2

E = 4

G = 15

GE = 13

L = 12

LE = 14

NA = 6

NAE = 2

NB = 3

NBE = 7

NC = 3

NE = 5

NG = 14

NGE = 12

NL = 13

NLE = 15

NO = 1

NP = 11

NS = 9

NZ = 5

O = 0

P = 10

PE = 10

PO = 11

RCXZ = 115

S = 8

Z = 4

flopz.arch.ia32.ia32_generic_arch module

class IA32GenericArchitecture(register_class=<class 'flopz.arch.ia32.addressing.IA32Register'>, mode=ProcessorMode.LONG)

Bases: flopz.arch.architecture.Architecture

Higher-level architecture for IA-32 processors.

Includes the general purpose (as 8, 16, 32 and 64 bit) and the segment registers as attributes.

flopz.arch.ia32.instruction_components module

class Displacement(displacement, byte_size)

Bases: object

Represents the Displacement of an IA32 instruction.

Parameters

displacement (int) –
byte_size (int) –

encode()

class ExtendableBitfieldDescriptor(flag)

Bases: object

Descriptor to handle access to the different fields of the ModRM or SIB byte.

As the fields can not be set or read without considering the flags in the REX bits, this descriptor will consider its given REX flag (r, x or b) when returning its value and will set the necessary flags in the flaglist when setting the value. Flags from the flaglist will then be applied by calls to ModRM or SIB’s set_needed_rexflags().

Parameters: flag (str) –

class IA32Opcode(opcode, opc_encoding=None, mandatory=None, op_size=64, mode=ProcessorMode.LONG, force_rex=False)

Bases: object

The opcode byte and optional prefixes and optional REX byte.

This class holds the effective opcode of the instruction. Sometimes instructions encode additional information in the 3 lsb of the opcode, which can be added as opc_encoding. Additionally, some instructions require a mandatory prefix or the instructions operand size requires prefixes that change the effective operand size, which this class will handle and encode correctly. Also handles access to the REX byte of the instruction. Therefore the opcode object can be given to ModRM or SIB inits so they can set required bits.

Parameters

opcode (int) –
opc_encoding (Optional[int]) –
mandatory (Optional[BitArray]) –
op_size (int) –
mode (ProcessorMode) –

encode(): Returns the BitArray that holding the opcode information can be combined with the other encodings to form the full instruction.

get_encoded(): Get the additional information encoded in the opcode.

set_rex_bit(bit, val=1)

Set or unset REX bits/flags.

Parameters: bit (str) –

class Immediate(value, byte_size)

Bases: object

Represents the Immediate value of an IA32 instruction.

Parameters

value (int) –
byte_size (int) –

encode()

class ModRM(mod=3, reg=0, rm=0, opcode=None)

Bases: object

Represents the ModRM byte of an IA32 instruction.

This byte includes the reg and rm fields and the 2 bit mode. The reg and rm fields hold the registers used for addressing (when no SIB is used). The mode is used to determine the addressing mode (3 for register-direct addressing, 0-2 for indirect addressing with different displacements). A rm of 4 with indirect addressing indicates a SIB byte is used to encode the addressing.

Parameters

mod (int) –
reg (int) –
rm (int) –
opcode (Optional[IA32Opcode]) –

encode()

reg

Descriptor to handle access to the different fields of the ModRM or SIB byte.

As the fields can not be set or read without considering the flags in the REX bits, this descriptor will consider its given REX flag (r, x or b) when returning its value and will set the necessary flags in the flaglist when setting the value. Flags from the flaglist will then be applied by calls to ModRM or SIB’s set_needed_rexflags().

rm

Descriptor to handle access to the different fields of the ModRM or SIB byte.

As the fields can not be set or read without considering the flags in the REX bits, this descriptor will consider its given REX flag (r, x or b) when returning its value and will set the necessary flags in the flaglist when setting the value. Flags from the flaglist will then be applied by calls to ModRM or SIB’s set_needed_rexflags().

set_needed_rexflags()

set_opcode(opcode)

Parameters: opcode (IA32Opcode) –

class REX(w=0, r=0, x=0, b=0)

Bases: object

The REX byte that optionally precedes the opcode byte.

The REX byte holds flag to extend the operand size of the instruction (w) and the values of the encoded registers (r register, x index, b base). Additionally the presence of the REX byte also switches from addressing the upper half of the first 4 registers to addressing spl-dil.

encode()

class SIB(scale=0, index=0, base=0, opcode=None)

Bases: object

Represents the SIB byte of an IA32 instruction.

This byte includes the 2 bit scale field and the base and index registers used for addressing. The base field holds the register that holds the base address, while the index field holds the index register. The actual scale is encoded as log2(scale), so the scale can be 1, 2, 4 or 8. If a displacement is present is dependant on the ModRM mod field. If the index is the stack pointer register this means no index is used. If the base is the base pointer register in mod 0, this means no base is used.

Parameters

scale (int) –
index (int) –
base (int) –
opcode (Optional[IA32Opcode]) –

base

Descriptor to handle access to the different fields of the ModRM or SIB byte.

As the fields can not be set or read without considering the flags in the REX bits, this descriptor will consider its given REX flag (r, x or b) when returning its value and will set the necessary flags in the flaglist when setting the value. Flags from the flaglist will then be applied by calls to ModRM or SIB’s set_needed_rexflags().

encode()

index

Descriptor to handle access to the different fields of the ModRM or SIB byte.

As the fields can not be set or read without considering the flags in the REX bits, this descriptor will consider its given REX flag (r, x or b) when returning its value and will set the necessary flags in the flaglist when setting the value. Flags from the flaglist will then be applied by calls to ModRM or SIB’s set_needed_rexflags().