simuvex icon indicating copy to clipboard operation
simuvex copied to clipboard
verified publisher icon angr

Register name not found via translate_register_name

Open frapik99 opened this issue 8 years ago • 3 comments

Hi, analysing a project I encountered the following assembly instruction:

0x901e774:	or	ah, 0x10

This was translated into:

09 | ------ IMark(0x901e774, 3, 0) ------
10 | t4 = GET:I8(9)
11 | t2 = Or8(t4,0x10)
12 | PUT(cc_op) = 0x0000000d
13 | t13 = 8Uto32(t2)
14 | PUT(cc_dep1) = t13
15 | PUT(cc_dep2) = 0x00000000
16 | PUT(cc_ndep) = 0x00000000
17 | PUT(9) = t2

I suspect for some reason the ah register was not found so also the pp() function prints the output in that way.

I tried to obtain the right register name using source = self.project.arch.translate_register_name(instruction.data.offset, 8) but I have always 9 as result. For all the other instructions all was correct. Any idea on how to fix it?

Thanks

frapik99 avatar Apr 23 '17 11:04 frapik99

Register names are resolved using this dict: https://github.com/angr/archinfo/blob/master/archinfo/arch_x86.py#L127

It looks like we don't have the partial registers there ah, al, etc. Adding them to that dict (and sending a PR!) should get them to display.

zardus avatar Apr 25 '17 11:04 zardus

I would like to point out that we definitely supported those at some point, and I'm pretty sure this being broken is the fault of a recent commit by @ltfish, if you wanna go through the archinfo history. He was fixing some other problem related to ah and al, so it's important we not regress on that. On Tue, Apr 25, 2017 at 4:07 AM Yan [email protected] wrote:

Register names are resolved using this dict: https://github.com/angr/archinfo/blob/master/archinfo/arch_x86.py#L127

It looks like we don't have the partial registers there ah, al, etc. Adding them to that dict (and sending a PR!) should get them to display.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/angr/simuvex/issues/119#issuecomment-296996600, or mute the thread https://github.com/notifications/unsubscribe-auth/ACYg9Yl_Iwc3t523I8b25q8LxfGw7Znvks5rzdQHgaJpZM4NFYTW .

rhelmot avatar Apr 25 '17 19:04 rhelmot

This issue has been fixed by my commit to archinfo (see here). You want to use the latest version of both PyVEX and archinfo.

Here is an example output from IPython with the latest version of everything from GitHub:

In [1]: import angr

In [2]: import archinfo

In [3]: block = angr.block.Block(addr=0, arch=archinfo.ArchX86(), byte_string="\x80\xcc\x10")

In [4]: block.vex.pp()
IRSB {
   t0:Ity_I8 t1:Ity_I8 t2:Ity_I8 t3:Ity_I32 t4:Ity_I32

   00 | ------ IMark(0x0, 3, 0) ------
   01 | t2 = GET:I8(ah)
   02 | t0 = Or8(t2,0x10)
   03 | PUT(cc_op) = 0x0000000d
   04 | t3 = 8Uto32(t0)
   05 | PUT(cc_dep1) = t3
   06 | PUT(cc_dep2) = 0x00000000
   07 | PUT(cc_ndep) = 0x00000000
   08 | PUT(ah) = t0
   NEXT: PUT(eip) = 0x00000003; Ijk_Boring
}

ltfish avatar Apr 25 '17 21:04 ltfish