ScratchABit icon indicating copy to clipboard operation
ScratchABit copied to clipboard

Published 20 hours ago verified publisher icon pfalcon

Add support for different endianness

Open maximumspatium opened this issue 7 years ago • 2 comments

PowerPC CPU is capable of running in either little-endian or big-endian modes. The required mode is usually specified in the executable itself. ELF container, for example, uses EI_DATA field of the ELF header for that purpose, see here.

The precise endianness mode must be set before disassembling.

I therefore propose to extend the CPU plugin interface with a possibility to specify the required endian mode as well as a way to retrieve endianness from container loaders.

BTW, it's not clear how IDA processor modules deal with this requirement. It looks like there is no consistent way to specify/retrieve endianness information in IDA, see this discussion.

maximumspatium avatar Feb 03 '18 17:02 maximumspatium

Yeah, I guess we can make <loader_plugin>.detect() return "ppc_32_le" or "ppc_32_be", default_plugins.py map that to default cpu plugin names, which will be just simple "dispatchers" which will instantiate Capstone disasm object with appropriate flags and pass it to _any_capstone.py.

pfalcon avatar Feb 04 '18 19:02 pfalcon

Formatting data sections doesn't work as expected for big-endian ELF files. The "d" command assumes all data to be little-endian. To be fixed.

maximumspatium avatar Feb 14 '18 20:02 maximumspatium