Rizin
unix-like reverse engineering framework and cli tools
analysis_avr.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2021-2022 RizinOrg <info@rizin.re>
2 // SPDX-FileCopyrightText: 2021-2022 deroad <wargio@libero.it>
3 // SPDX-License-Identifier: LGPL-3.0-only
4 
5 #include <rz_analysis.h>
6 
7 #include "../../asm/arch/avr/disassembler.h"
8 #include "../arch/avr/avr_esil.h"
9 #include "../arch/avr/avr_il.h"
10 
11 static void set_invalid_op(RzAnalysisOp *op, ut64 addr) {
12  // Unknown or invalid instruction.
13  op->family = RZ_ANALYSIS_OP_FAMILY_UNKNOWN;
14  op->type = RZ_ANALYSIS_OP_TYPE_ILL;
15  op->addr = addr;
16  op->nopcode = 1;
17  op->cycles = 1;
18  op->size = 2;
19  // set an esil trap to prevent the execution of it
20  rz_strbuf_set(&op->esil, "1,$");
21 }
22 
23 static void handle_skip_next_instruction(RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, bool big_endian, AVROp *aop) {
24  RzStrBuf sb = { 0 };
25  rz_strbuf_init(&sb);
26  if (len > 1 && avr_disassembler(buf, len, addr, big_endian, aop, &sb)) {
27  op->jump = op->addr + aop->size + 2;
28  op->fail = op->addr + 2;
29  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
30  }
31  rz_strbuf_fini(&sb);
32 }
33 
34 static int avr_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask) {
35  AVROp aop = { 0 };
36  AVROp next_op = { 0 };
37 
38  set_invalid_op(op, addr);
39 
40  RzStrBuf *sb = rz_strbuf_new("invalid");
41  if (len < 2 || avr_disassembler(buf, len, addr, analysis->big_endian, &aop, sb) < 1) {
42  op->mnemonic = rz_strbuf_drain(sb);
43  op->eob = true;
44  return -1;
45  }
46 
47  op->mnemonic = rz_strbuf_drain(sb);
48  op->size = aop.size;
49 
50  if (!op->mnemonic) {
51  return -1;
52  } else if (!strcmp(op->mnemonic, "invalid")) {
53  op->nopcode = true;
54  op->eob = true;
55  return -1;
56  }
57 
58  op->family = RZ_ANALYSIS_OP_FAMILY_CPU;
59  op->type = RZ_ANALYSIS_OP_TYPE_NULL;
60  op->cycles = aop.cycles;
61  switch (aop.mnemonic) {
62  case AVR_OP_ADIW:
63  op->val = aop.param[2]; // K
64  break;
65  case AVR_OP_ANDI:
66  op->val = aop.param[1]; // K
67  break;
68  case AVR_OP_BREAK:
69  op->type = RZ_ANALYSIS_OP_TYPE_TRAP;
70  break;
71  case AVR_OP_BRCC:
72  /* fall through */
73  case AVR_OP_BRCS:
74  /* fall through */
75  case AVR_OP_BREQ:
76  /* fall through */
77  case AVR_OP_BRGE:
78  /* fall through */
79  case AVR_OP_BRHC:
80  /* fall through */
81  case AVR_OP_BRHS:
82  /* fall through */
83  case AVR_OP_BRID:
84  /* fall through */
85  case AVR_OP_BRIE:
86  /* fall through */
87  case AVR_OP_BRLO:
88  /* fall through */
89  case AVR_OP_BRLT:
90  /* fall through */
91  case AVR_OP_BRMI:
92  /* fall through */
93  case AVR_OP_BRNE:
94  /* fall through */
95  case AVR_OP_BRPL:
96  /* fall through */
97  case AVR_OP_BRSH:
98  /* fall through */
99  case AVR_OP_BRTC:
100  /* fall through */
101  case AVR_OP_BRTS:
102  /* fall through */
103  case AVR_OP_BRVC:
104  /* fall through */
105  case AVR_OP_BRVS:
106  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
107  op->jump = aop.param[0]; // address
108  op->fail = addr + aop.size;
109  break;
110  case AVR_OP_CALL:
111  op->type = RZ_ANALYSIS_OP_TYPE_CALL;
112  op->jump = aop.param[0]; // address (hi 16 bits)
113  op->jump <<= 16;
114  op->jump |= aop.param[1]; // address (low 16 bits)
115  op->fail = addr + aop.size;
116  break;
117  case AVR_OP_CBI:
118  op->type = RZ_ANALYSIS_OP_TYPE_IO;
119  op->family = RZ_ANALYSIS_OP_FAMILY_IO;
120  op->type2 = 1;
121  op->val = aop.param[0]; // A
122  break;
123  case AVR_OP_CPSE:
124  // cpse skips the next instruction when Rr != Rd
125  handle_skip_next_instruction(op, addr, buf + aop.size, len - aop.size, analysis->big_endian, &next_op);
126  break;
127  case AVR_OP_DES:
128  op->family = RZ_ANALYSIS_OP_FAMILY_CRYPTO;
129  op->type = RZ_ANALYSIS_OP_TYPE_CRYPTO;
130  break;
131  case AVR_OP_EICALL:
132  op->type = RZ_ANALYSIS_OP_TYPE_ICALL;
133  break;
134  case AVR_OP_EIJMP:
135  op->type = RZ_ANALYSIS_OP_TYPE_IRJMP;
136  break;
137  case AVR_OP_IJMP:
138  op->type = RZ_ANALYSIS_OP_TYPE_IJMP;
139  break;
140  case AVR_OP_ICALL:
141  op->type = RZ_ANALYSIS_OP_TYPE_ICALL;
142  break;
143  case AVR_OP_IN:
144  op->type2 = 0;
145  op->val = op->mmio_address = aop.param[1]; // A
146  op->type = RZ_ANALYSIS_OP_TYPE_IO;
147  op->family = RZ_ANALYSIS_OP_FAMILY_IO;
148  break;
149  case AVR_OP_JMP:
150  op->type = RZ_ANALYSIS_OP_TYPE_JMP;
151  op->jump = aop.param[0]; // address (hi 16 bits)
152  op->jump <<= 16;
153  op->jump |= aop.param[1]; // address (low 16 bits)
154  break;
155  case AVR_OP_LDI:
156  op->val = aop.param[1]; // K
157  break;
158  case AVR_OP_LDS:
159  op->type = RZ_ANALYSIS_OP_TYPE_LOAD;
160  op->ptr = aop.param[1]; // K
161  break;
162  case AVR_OP_MOV:
163  /* fall through */
164  case AVR_OP_MOVW:
165  op->type = RZ_ANALYSIS_OP_TYPE_MOV;
166  break;
167  case AVR_OP_ORI:
168  op->val = aop.param[1]; // K
169  break;
170  case AVR_OP_OUT:
171  op->type2 = 1;
172  op->val = op->mmio_address = aop.param[0]; // A
173  op->type = RZ_ANALYSIS_OP_TYPE_IO;
174  op->family = RZ_ANALYSIS_OP_FAMILY_IO;
175  break;
176  case AVR_OP_RCALL:
177  op->type = RZ_ANALYSIS_OP_TYPE_CALL;
178  op->jump = aop.param[0]; // address
179  op->fail = addr + aop.size;
180  break;
181  case AVR_OP_RET:
182  op->eob = true;
183  op->type = RZ_ANALYSIS_OP_TYPE_RET;
184  break;
185  case AVR_OP_RETI:
186  op->eob = true;
187  op->family = RZ_ANALYSIS_OP_FAMILY_PRIV;
188  op->type = RZ_ANALYSIS_OP_TYPE_RET;
189  break;
190  case AVR_OP_RJMP:
191  op->type = RZ_ANALYSIS_OP_TYPE_JMP;
192  op->jump = aop.param[0]; // address
193  break;
194  case AVR_OP_SBCI:
195  /* fall through*/
196  case AVR_OP_SUBI:
197  op->val = aop.param[1]; // K
198  break;
199  case AVR_OP_SBI:
200  op->type2 = 1;
201  op->val = aop.param[0]; // A
202  op->type = RZ_ANALYSIS_OP_TYPE_IO;
203  op->family = RZ_ANALYSIS_OP_FAMILY_IO;
204  break;
205  case AVR_OP_SBIC:
206  // skip next instruction if bit in i/o register is clear
207  /* fall through*/
208  case AVR_OP_SBIS:
209  // skip next instruction if bit in i/o register is set
210  handle_skip_next_instruction(op, addr, buf + aop.size, len - aop.size, analysis->big_endian, &next_op);
211  op->type2 = 0;
212  op->val = aop.param[0]; // A
213  op->family = RZ_ANALYSIS_OP_FAMILY_IO;
214  break;
215  case AVR_OP_SBIW:
216  op->val = aop.param[2]; // K
217  break;
218  case AVR_OP_SBRC:
219  // skip next instruction if bit register is clear
220  /* fall through*/
221  case AVR_OP_SBRS:
222  // skip next instruction if bit register is set
223  handle_skip_next_instruction(op, addr, buf + aop.size, len - aop.size, analysis->big_endian, &next_op);
224  break;
225  case AVR_OP_STS:
226  op->type = RZ_ANALYSIS_OP_TYPE_STORE;
227  op->ptr = aop.param[0]; // K
228  break;
229  default:
230  break;
231  }
232 
233  // set RzIL
234  rz_avr_il_opcode(analysis, op, addr, &aop, &next_op);
235 
236  // process opcode
237  rz_avr_esil_opcode(analysis, op, addr, buf, len);
238 
239  return op->size;
240 }
241 
242 static char *get_reg_profile(RzAnalysis *analysis) {
243  const char *p =
244  "=PC pcl\n"
245  "=SN r24\n"
246  "=SP sp\n"
247  "=BP y\n"
248 
249  // explained in http://www.nongnu.org/avr-libc/user-manual/FAQ.html
250  // and http://www.avrfreaks.net/forum/function-calling-convention-gcc-generated-assembly-file
251  "=A0 r25\n"
252  "=A1 r24\n"
253  "=A2 r23\n"
254  "=A3 r22\n"
255  "=R0 r24\n"
256 
257  // PC: 16- or 22-bit program counter
258  // SP: 8- or 16-bit stack pointer
259  // SREG: 8-bit status register
260  // RAMPX, RAMPY, RAMPZ, RAMPD and EIND:
261  // 8bit registers x 32
262  "gpr r0 .8 0 0\n"
263  "gpr r1 .8 1 0\n"
264  "gpr r2 .8 2 0\n"
265  "gpr r3 .8 3 0\n"
266  "gpr r4 .8 4 0\n"
267  "gpr r5 .8 5 0\n"
268  "gpr r6 .8 6 0\n"
269  "gpr r7 .8 7 0\n"
270  "gpr r8 .8 8 0\n"
271  "gpr r9 .8 9 0\n"
272  "gpr r10 .8 10 0\n"
273  "gpr r11 .8 11 0\n"
274  "gpr r12 .8 12 0\n"
275  "gpr r13 .8 13 0\n"
276  "gpr r14 .8 14 0\n"
277  "gpr r15 .8 15 0\n"
278  "gpr r16 .8 16 0\n"
279  "gpr r17 .8 17 0\n"
280  "gpr r18 .8 18 0\n"
281  "gpr r19 .8 19 0\n"
282  "gpr r20 .8 20 0\n"
283  "gpr r21 .8 21 0\n"
284  "gpr r22 .8 22 0\n"
285  "gpr r23 .8 23 0\n"
286  "gpr r24 .8 24 0\n"
287  "gpr r25 .8 25 0\n"
288  "gpr r26 .8 26 0\n"
289  "gpr r27 .8 27 0\n"
290  "gpr r28 .8 28 0\n"
291  "gpr r29 .8 29 0\n"
292  "gpr r30 .8 30 0\n"
293  "gpr r31 .8 31 0\n"
294 
295  // 16 bit overlapped registers for memory addressing
296  "gpr x .16 26 0\n"
297  "gpr y .16 28 0\n"
298  "gpr z .16 30 0\n"
299  // program counter
300  // NOTE: program counter size in AVR depends on the CPU model. It seems that
301  // the PC may range from 16 bits to 22 bits.
302  "gpr pc .32 32 0\n"
303  "gpr pcl .16 32 0\n"
304  "gpr pch .16 34 0\n"
305  // special purpose registers
306  "gpr sp .16 36 0\n"
307  "gpr spl .8 36 0\n"
308  "gpr sph .8 37 0\n"
309  // status bit register (SREG)
310  "gpr sreg .8 38 0\n"
311  "gpr cf .1 38.0 0\n" // Carry. This is a borrow flag on subtracts.
312  "gpr zf .1 38.1 0\n" // Zero. Set to 1 when an arithmetic result is zero.
313  "gpr nf .1 38.2 0\n" // Negative. Set to a copy of the most significant bit of an arithmetic result.
314  "gpr vf .1 38.3 0\n" // Overflow flag. Set in case of two's complement overflow.
315  "gpr sf .1 38.4 0\n" // Sign flag. Unique to AVR, this is always (N ^ V) (xor), and shows the true sign of a comparison.
316  "gpr hf .1 38.5 0\n" // Half carry. This is an internal carry from additions and is used to support BCD arithmetic.
317  "gpr tf .1 38.6 0\n" // Bit copy. Special bit load and bit store instructions use this bit.
318  "gpr if .1 38.7 0\n" // Interrupt flag. Set when interrupts are enabled.
319  // 8bit segment registers to be added to X, Y, Z to get 24bit offsets
320  "gpr rampx .8 39 0\n"
321  "gpr rampy .8 40 0\n"
322  "gpr rampz .8 41 0\n"
323  "gpr rampd .8 42 0\n"
324  "gpr eind .8 43 0\n"
325  // memory mapping emulator registers
326  // _prog
327  // the program flash. It has its own address space.
328  // _ram
329  // _io
330  // start of the data addres space. It is the same address of IO,
331  // because IO is the first memory space addressable in the AVR.
332  // _sram
333  // start of the SRAM (this offset depends on IO size, and it is
334  // inside the _ram address space)
335  // _eeprom
336  // this is another address space, outside ram and flash
337  // _page
338  // this is the temporary page used by the SPM instruction. This
339  // memory is not directly addressable and it is used internally by
340  // the CPU when autoflashing.
341  "gpr _prog .32 44 0\n"
342  "gpr _page .32 48 0\n"
343  "gpr _eeprom .32 52 0\n"
344  "gpr _ram .32 56 0\n"
345  "gpr _io .32 56 0\n"
346  "gpr _sram .32 60 0\n"
347  // other important MCU registers
348  // spmcsr/spmcr
349  // Store Program Memory Control and Status Register (SPMCSR)
350  "gpr spmcsr .8 64 0\n";
351 
352  return strdup(p);
353 }
354 
355 static int archinfo(RzAnalysis *analysis, int q) {
356  if (q == RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE) {
357  return 4;
358  }
359  return 2;
360 }
361 
362 static ut8 *analysis_mask_avr(RzAnalysis *analysis, int size, const ut8 *data, ut64 at) {
363  RzAnalysisOp *op = NULL;
364  ut8 *ret = NULL;
365  AVROp aop = { 0 };
366  RzStrBuf sb = { 0 };
367  rz_strbuf_init(&sb);
368  int opsize = avr_disassembler(data, size, at, analysis->big_endian, &aop, &sb);
369  rz_strbuf_fini(&sb);
370 
371  if (opsize < 2 || !(ret = malloc(opsize))) {
372  rz_analysis_op_free(op);
373  return NULL;
374  }
375 
376  memset(ret, 0xff, opsize);
377 
378  if (aop.size == 4) {
379  // all the ops that consumes 4 bytes uses
380  // the last 2 bytes as addresses, therefore
381  // we need to mask them (i.e. set to zero)
382  ret[2] = 0;
383  ret[3] = 0;
384  }
385 
386  switch (aop.mnemonic) {
387  case AVR_OP_BRCC:
388  /* fall through */
389  case AVR_OP_BRCS:
390  /* fall through */
391  case AVR_OP_BREQ:
392  /* fall through */
393  case AVR_OP_BRGE:
394  /* fall through */
395  case AVR_OP_BRHC:
396  /* fall through */
397  case AVR_OP_BRHS:
398  /* fall through */
399  case AVR_OP_BRID:
400  /* fall through */
401  case AVR_OP_BRIE:
402  /* fall through */
403  case AVR_OP_BRLO:
404  /* fall through */
405  case AVR_OP_BRLT:
406  /* fall through */
407  case AVR_OP_BRMI:
408  /* fall through */
409  case AVR_OP_BRNE:
410  /* fall through */
411  case AVR_OP_BRPL:
412  /* fall through */
413  case AVR_OP_BRSH:
414  /* fall through */
415  case AVR_OP_BRTC:
416  /* fall through */
417  case AVR_OP_BRTS:
418  /* fall through */
419  case AVR_OP_BRVC:
420  /* fall through */
421  case AVR_OP_BRVS:
422  /* fall through */
423  case AVR_OP_CALL:
424  /* fall through */
425  case AVR_OP_CPSE:
426  /* fall through */
427  case AVR_OP_EIJMP:
428  /* fall through */
429  case AVR_OP_IJMP:
430  /* fall through */
431  case AVR_OP_JMP:
432  /* fall through */
433  case AVR_OP_RCALL:
434  /* fall through */
435  case AVR_OP_RJMP:
436  /* fall through */
437  case AVR_OP_SBIC:
438  /* fall through */
439  case AVR_OP_SBRC:
440  /* fall through */
441  case AVR_OP_LDS:
442  /* fall through */
443  case AVR_OP_STS:
444  // jump & load instructions needs to be masked
445  rz_write_ble16(ret, aop.mask, analysis->big_endian);
446  break;
447  default:
448  // assume all the other instructions as un-maskable
449  break;
450  }
451 
452  return ret;
453 }
454 
455 static int address_bits(RzAnalysis *analysis, int bits) {
456  return bits == 8 ? 16 : -1;
457 }
458 
459 RzAnalysisPlugin rz_analysis_plugin_avr = {
460  .name = "avr",
461  .desc = "AVR code analysis plugin",
462  .license = "LGPL3",
463  .arch = "avr",
464  .esil = true,
465  .archinfo = archinfo,
466  .bits = 8 | 16, // 24 big regs conflicts
467  .address_bits = address_bits,
468  .op = &avr_op,
469  .get_reg_profile = &get_reg_profile,
470  .esil_init = rz_avr_esil_init,
471  .esil_fini = rz_avr_esil_fini,
472  .il_config = rz_avr_il_config,
473  .analysis_mask = analysis_mask_avr,
474 };
475 
476 #ifndef RZ_PLUGIN_INCORE
477 RZ_API RzLibStruct rizin_plugin = {
478  .type = RZ_LIB_TYPE_ANALYSIS,
479  .data = &rz_analysis_plugin_avr,
480  .version = RZ_VERSION
481 };
482 #endif
len
size_t len
Definition: 6502dis.c:15
handle_skip_next_instruction
static void handle_skip_next_instruction(RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, bool big_endian, AVROp *aop)
Definition: analysis_avr.c:23
get_reg_profile
static char * get_reg_profile(RzAnalysis *analysis)
Definition: analysis_avr.c:242
set_invalid_op
static void set_invalid_op(RzAnalysisOp *op, ut64 addr)
Definition: analysis_avr.c:11
avr_op
static int avr_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len, RzAnalysisOpMask mask)
Definition: analysis_avr.c:34
rizin_plugin
RZ_API RzLibStruct rizin_plugin
Definition: analysis_avr.c:477
rz_analysis_plugin_avr
RzAnalysisPlugin rz_analysis_plugin_avr
Definition: analysis_avr.c:459
address_bits
static int address_bits(RzAnalysis *analysis, int bits)
Definition: analysis_avr.c:455
analysis_mask_avr
static ut8 * analysis_mask_avr(RzAnalysis *analysis, int size, const ut8 *data, ut64 at)
Definition: analysis_avr.c:362
archinfo
static int archinfo(RzAnalysis *analysis, int q)
Definition: analysis_avr.c:355
mask
#define mask()
Definition: analysis_h8300.c:39
avr_disassembler
ut32 avr_disassembler(const ut8 *buffer, const ut32 size, ut64 pc, bool be, AVROp *aop, RzStrBuf *sb)
Definition: disassembler.c:773
AVR_OP_BREAK
@ AVR_OP_BREAK
Definition: disassembler.h:20
AVR_OP_BRNE
@ AVR_OP_BRNE
Definition: disassembler.h:30
AVR_OP_IJMP
@ AVR_OP_IJMP
Definition: disassembler.h:64
AVR_OP_BRSH
@ AVR_OP_BRSH
Definition: disassembler.h:32
AVR_OP_CBI
@ AVR_OP_CBI
Definition: disassembler.h:39
AVR_OP_SBCI
@ AVR_OP_SBCI
Definition: disassembler.h:97
AVR_OP_BRGE
@ AVR_OP_BRGE
Definition: disassembler.h:22
AVR_OP_ADIW
@ AVR_OP_ADIW
Definition: disassembler.h:13
AVR_OP_CPSE
@ AVR_OP_CPSE
Definition: disassembler.h:53
AVR_OP_SBRC
@ AVR_OP_SBRC
Definition: disassembler.h:102
AVR_OP_BRPL
@ AVR_OP_BRPL
Definition: disassembler.h:31
AVR_OP_BRLT
@ AVR_OP_BRLT
Definition: disassembler.h:28
AVR_OP_MOVW
@ AVR_OP_MOVW
Definition: disassembler.h:79
AVR_OP_BRCS
@ AVR_OP_BRCS
Definition: disassembler.h:19
AVR_OP_MOV
@ AVR_OP_MOV
Definition: disassembler.h:78
AVR_OP_BRTS
@ AVR_OP_BRTS
Definition: disassembler.h:34
AVR_OP_LDI
@ AVR_OP_LDI
Definition: disassembler.h:73
AVR_OP_ORI
@ AVR_OP_ORI
Definition: disassembler.h:86
AVR_OP_BRCC
@ AVR_OP_BRCC
Definition: disassembler.h:18
AVR_OP_LDS
@ AVR_OP_LDS
Definition: disassembler.h:74
AVR_OP_RJMP
@ AVR_OP_RJMP
Definition: disassembler.h:93
AVR_OP_STS
@ AVR_OP_STS
Definition: disassembler.h:117
AVR_OP_BRLO
@ AVR_OP_BRLO
Definition: disassembler.h:27
AVR_OP_SBIC
@ AVR_OP_SBIC
Definition: disassembler.h:99
AVR_OP_BRIE
@ AVR_OP_BRIE
Definition: disassembler.h:26
AVR_OP_BRTC
@ AVR_OP_BRTC
Definition: disassembler.h:33
AVR_OP_ICALL
@ AVR_OP_ICALL
Definition: disassembler.h:63
AVR_OP_SBIW
@ AVR_OP_SBIW
Definition: disassembler.h:101
AVR_OP_OUT
@ AVR_OP_OUT
Definition: disassembler.h:87
AVR_OP_RETI
@ AVR_OP_RETI
Definition: disassembler.h:92
AVR_OP_BREQ
@ AVR_OP_BREQ
Definition: disassembler.h:21
AVR_OP_ANDI
@ AVR_OP_ANDI
Definition: disassembler.h:15
AVR_OP_BRMI
@ AVR_OP_BRMI
Definition: disassembler.h:29
AVR_OP_BRHS
@ AVR_OP_BRHS
Definition: disassembler.h:24
AVR_OP_EIJMP
@ AVR_OP_EIJMP
Definition: disassembler.h:57
AVR_OP_BRHC
@ AVR_OP_BRHC
Definition: disassembler.h:23
AVR_OP_SBIS
@ AVR_OP_SBIS
Definition: disassembler.h:100
AVR_OP_SBI
@ AVR_OP_SBI
Definition: disassembler.h:98
AVR_OP_RET
@ AVR_OP_RET
Definition: disassembler.h:91
AVR_OP_BRVS
@ AVR_OP_BRVS
Definition: disassembler.h:36
AVR_OP_BRID
@ AVR_OP_BRID
Definition: disassembler.h:25
AVR_OP_SBRS
@ AVR_OP_SBRS
Definition: disassembler.h:103
AVR_OP_EICALL
@ AVR_OP_EICALL
Definition: disassembler.h:56
AVR_OP_BRVC
@ AVR_OP_BRVC
Definition: disassembler.h:35
AVR_OP_DES
@ AVR_OP_DES
Definition: disassembler.h:55
AVR_OP_IN
@ AVR_OP_IN
Definition: disassembler.h:65
AVR_OP_CALL
@ AVR_OP_CALL
Definition: disassembler.h:38
AVR_OP_SUBI
@ AVR_OP_SUBI
Definition: disassembler.h:119
AVR_OP_RCALL
@ AVR_OP_RCALL
Definition: disassembler.h:90
AVR_OP_JMP
@ AVR_OP_JMP
Definition: disassembler.h:67
rz_avr_esil_fini
RZ_IPI int rz_avr_esil_fini(RzAnalysisEsil *esil)
Definition: avr_esil.c:1632
rz_avr_esil_opcode
RZ_IPI void rz_avr_esil_opcode(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *buf, int len)
Definition: avr_esil.c:1636
rz_avr_esil_init
RZ_IPI int rz_avr_esil_init(RzAnalysisEsil *esil)
Definition: avr_esil.c:1619
rz_avr_il_config
RZ_IPI RzAnalysisILConfig * rz_avr_il_config(RZ_NONNULL RzAnalysis *analysis)
Definition: avr_il.c:3156
rz_avr_il_opcode
RZ_IPI bool rz_avr_il_opcode(RzAnalysis *analysis, RzAnalysisOp *op, ut64 pc, AVROp *aop, AVROp *next_op)
Definition: avr_il.c:3143
sb
static SblHeader sb
Definition: bin_mbn.c:26
bits
int bits(struct state *s, int need)
Definition: blast.c:72
RZ_API
#define RZ_API
Definition: core_plugin_example.c:36
NULL
#define NULL
Definition: cris-opc.c:27
size
voidpf void uLong size
Definition: ioapi.h:138
buf
voidpf void * buf
Definition: ioapi.h:138
ut8
uint8_t ut8
Definition: lh5801.h:11
memset
return memset(p, 0, total)
p
void * p
Definition: libc.cpp:67
malloc
void * malloc(size_t size)
Definition: malloc.c:123
strdup
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
rz_analysis_op_free
RZ_API void rz_analysis_op_free(void *op)
Definition: op.c:61
rz_analysis.h
RZ_ANALYSIS_OP_FAMILY_CRYPTO
@ RZ_ANALYSIS_OP_FAMILY_CRYPTO
Definition: rz_analysis.h:317
RZ_ANALYSIS_OP_FAMILY_UNKNOWN
@ RZ_ANALYSIS_OP_FAMILY_UNKNOWN
Definition: rz_analysis.h:311
RZ_ANALYSIS_OP_FAMILY_PRIV
@ RZ_ANALYSIS_OP_FAMILY_PRIV
Definition: rz_analysis.h:316
RZ_ANALYSIS_OP_FAMILY_CPU
@ RZ_ANALYSIS_OP_FAMILY_CPU
Definition: rz_analysis.h:312
RZ_ANALYSIS_OP_FAMILY_IO
@ RZ_ANALYSIS_OP_FAMILY_IO
Definition: rz_analysis.h:321
RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE
#define RZ_ANALYSIS_ARCHINFO_MAX_OP_SIZE
Definition: rz_analysis.h:99
RzAnalysisOpMask
RzAnalysisOpMask
Definition: rz_analysis.h:439
RZ_ANALYSIS_OP_TYPE_ICALL
@ RZ_ANALYSIS_OP_TYPE_ICALL
Definition: rz_analysis.h:381
RZ_ANALYSIS_OP_TYPE_LOAD
@ RZ_ANALYSIS_OP_TYPE_LOAD
Definition: rz_analysis.h:416
RZ_ANALYSIS_OP_TYPE_CRYPTO
@ RZ_ANALYSIS_OP_TYPE_CRYPTO
Definition: rz_analysis.h:430
RZ_ANALYSIS_OP_TYPE_JMP
@ RZ_ANALYSIS_OP_TYPE_JMP
Definition: rz_analysis.h:368
RZ_ANALYSIS_OP_TYPE_IJMP
@ RZ_ANALYSIS_OP_TYPE_IJMP
Definition: rz_analysis.h:371
RZ_ANALYSIS_OP_TYPE_IO
@ RZ_ANALYSIS_OP_TYPE_IO
Definition: rz_analysis.h:403
RZ_ANALYSIS_OP_TYPE_NULL
@ RZ_ANALYSIS_OP_TYPE_NULL
Definition: rz_analysis.h:367
RZ_ANALYSIS_OP_TYPE_TRAP
@ RZ_ANALYSIS_OP_TYPE_TRAP
Definition: rz_analysis.h:392
RZ_ANALYSIS_OP_TYPE_CALL
@ RZ_ANALYSIS_OP_TYPE_CALL
Definition: rz_analysis.h:378
RZ_ANALYSIS_OP_TYPE_STORE
@ RZ_ANALYSIS_OP_TYPE_STORE
Definition: rz_analysis.h:415
RZ_ANALYSIS_OP_TYPE_IRJMP
@ RZ_ANALYSIS_OP_TYPE_IRJMP
Definition: rz_analysis.h:372
RZ_ANALYSIS_OP_TYPE_CJMP
@ RZ_ANALYSIS_OP_TYPE_CJMP
Definition: rz_analysis.h:373
RZ_ANALYSIS_OP_TYPE_MOV
@ RZ_ANALYSIS_OP_TYPE_MOV
Definition: rz_analysis.h:390
RZ_ANALYSIS_OP_TYPE_ILL
@ RZ_ANALYSIS_OP_TYPE_ILL
Definition: rz_analysis.h:387
RZ_ANALYSIS_OP_TYPE_RET
@ RZ_ANALYSIS_OP_TYPE_RET
Definition: rz_analysis.h:385
rz_write_ble16
static void rz_write_ble16(void *dest, ut16 val, bool big_endian)
Definition: rz_endian.h:532
RZ_LIB_TYPE_ANALYSIS
@ RZ_LIB_TYPE_ANALYSIS
Definition: rz_lib.h:73
rz_strbuf_drain
RZ_API RZ_OWN char * rz_strbuf_drain(RzStrBuf *sb)
Definition: strbuf.c:342
rz_strbuf_set
RZ_API const char * rz_strbuf_set(RzStrBuf *sb, const char *s)
Definition: strbuf.c:153
rz_strbuf_fini
RZ_API void rz_strbuf_fini(RzStrBuf *sb)
Definition: strbuf.c:365
rz_strbuf_new
RZ_API RzStrBuf * rz_strbuf_new(const char *s)
Definition: strbuf.c:8
rz_strbuf_init
RZ_API void rz_strbuf_init(RzStrBuf *sb)
Definition: strbuf.c:33
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
avr_opcode_t
Definition: disassembler.h:128
avr_opcode_t::size
ut16 size
Definition: disassembler.h:133
avr_opcode_t::mask
ut16 mask
Definition: disassembler.h:130
avr_opcode_t::param
ut16 param[4]
Definition: disassembler.h:131
avr_opcode_t::cycles
ut16 cycles
Definition: disassembler.h:132
avr_opcode_t::mnemonic
AVROpMnem mnemonic
Definition: disassembler.h:129
rz_analysis_op_t
Definition: rz_analysis.h:811
rz_analysis_plugin_t
Definition: rz_analysis.h:1233
rz_analysis_plugin_t::version
const char * version
Definition: rz_analysis.h:1239
rz_analysis_plugin_t::name
const char * name
Definition: rz_analysis.h:1234
rz_analysis_t
Definition: rz_analysis.h:553
rz_analysis_t::big_endian
int big_endian
Definition: rz_analysis.h:558
rz_lib_struct_t
Definition: rz_lib.h:57
rz_lib_struct_t::type
int type
Definition: rz_lib.h:58
op
Definition: dis.c:32
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
addr
static int addr
Definition: z80asm.c:58