def annotate_content(self, node, content):
if node.obj.is_simprocedure or node.obj.is_syscall:
return
for k in content['data']:
ins = k['_ins']
if ins.group(capstone.CS_GRP_CALL):
caddr = ins.operands[0]
try:
addr = int(caddr.value.imm)
fm = self.project.kb.functions
fname = None
if addr in fm:
fname = fm[addr].name
if fname.find('_Z') == 0:
try:
fname = self.demangle([fname])[0]
except Exception as e:
pass
if fname:
if not ('comment' in k and 'content' in k['comment']):
k['comment'] = {
'content': "; "+ fname
}
else:
k['comment']['content'] += ", " + fname
k['comment']['color'] ='gray'
k['comment']['align'] = 'LEFT'
except:
pass
def is_call(i):
return i.group(CS_GRP_CALL) or i.id in JUMPS_LINK
def is_call(i):
return i.group(CS_GRP_CALL)
def instruction_from_cs_insn(csInsn, executable):
groups = []
if executable.architecture in (ARCHITECTURE.ARM, ARCHITECTURE.ARM_64):
if csInsn.mnemonic.startswith('bl'):
groups.append(Instruction.GRP_CALL)
elif csInsn.mnemonic.startswith('b'):
groups.append(Instruction.GRP_JUMP)
else:
if capstone.CS_GRP_JUMP in csInsn.groups:
groups.append(Instruction.GRP_JUMP)
if capstone.CS_GRP_CALL in csInsn.groups:
groups.append(Instruction.GRP_CALL)
instruction = Instruction(csInsn.address, csInsn.size, csInsn.bytes, csInsn.mnemonic, [], groups, csInsn, executable)
# We manually pull out the instruction details here so that capstone doesn't deepcopy everything which burns time
# and memory
detail = ctypes.cast(csInsn._raw.detail, ctypes.POINTER(capstone._cs_detail)).contents
if executable.architecture == ARCHITECTURE.X86 or executable.architecture == ARCHITECTURE.X86_64:
detail = detail.arch.x86
elif executable.architecture == ARCHITECTURE.ARM:
detail = detail.arch.arm
elif executable.architecture == ARCHITECTURE.ARM_64:
detail = detail.arch.arm64
operands = [operand_from_cs_op(detail.operands[i], instruction) for i in range(detail.op_count)]
instruction.operands = operands
return instruction
