libmem icon indicating copy to clipboard operation
libmem copied to clipboard

Published 20 hours ago verified publisher icon rdbo

Include Capstone's detail in `lm_inst_t`

Open rdbo opened this issue 1 year ago • 4 comments

One way that seems possible to achieve this is by using a union:

typedef struct {
        // ...
        union {
                lm_detail_x86 x86;
                lm_detail_aarch64 aarch64;
                // ...
        } detail;
} lm_inst_t;

rdbo avatar Apr 06 '24 10:04 rdbo

For reference, this is capstone's cs_detail:

typedef struct cs_detail {
	uint16_t regs_read[12]; ///< list of implicit registers read by this insn
	uint8_t regs_read_count; ///< number of implicit registers read by this insn

	uint16_t regs_write[20]; ///< list of implicit registers modified by this insn
	uint8_t regs_write_count; ///< number of implicit registers modified by this insn

	uint8_t groups[8]; ///< list of group this instruction belong to
	uint8_t groups_count; ///< number of groups this insn belongs to

	/// Architecture-specific instruction info
	union {
		cs_x86 x86;     ///< X86 architecture, including 16-bit, 32-bit & 64-bit mode
		cs_arm64 arm64; ///< ARM64 architecture (aka AArch64)
		cs_arm arm;     ///< ARM architecture (including Thumb/Thumb2)
		cs_m68k m68k;   ///< M68K architecture
		cs_mips mips;   ///< MIPS architecture
		cs_ppc ppc;	    ///< PowerPC architecture
		cs_sparc sparc; ///< Sparc architecture
		cs_sysz sysz;   ///< SystemZ architecture
		cs_xcore xcore; ///< XCore architecture
		cs_tms320c64x tms320c64x;  ///< TMS320C64x architecture
		cs_m680x m680x; ///< M680X architecture
		cs_evm evm;	    ///< Ethereum architecture
	};
} cs_detail;

rdbo avatar Apr 06 '24 10:04 rdbo

It might be worth it shipping some of capstone's header in libmem to avoid re-exporting all this stuff.

rdbo avatar Apr 06 '24 10:04 rdbo

This will be added post 5.0

rdbo avatar Apr 08 '24 11:04 rdbo

If this will be added, perhaps it should be opt-in From https://www.capstone-engine.org/lang_c.html:

3. More architecture-independent internal data of the disassembled instruction
By default, Capstone do not generate details for disassembled instruction. If we want information such as implicit registers read/written or semantic groups that this instruction belongs to, we need to explicitly turn this option on, like in the sample code below.

csh handle;

cs_open(CS_ARCH_X86, CS_MODE_64, &handle);
cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); // turn ON detail feature with CS_OPT_ON

However, keep in mind that producing details costs more memory, complicates the internal operations and slows down the engine a bit, so only do that if needed. If this is no longer desired, we can always reset the engine back to default state at run-time with similar method.

rdbo avatar Apr 16 '24 20:04 rdbo