def set_mode(self, mode):
        if mode == UC_MODE_32:
            self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32)
            self.reg_rsp = UC_X86_REG_ESP
            self.reg_rbp = UC_X86_REG_EBP
            self.reg_rip = UC_X86_REG_EIP
        elif mode == UC_MODE_64:
            self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
            self.reg_rsp = UC_X86_REG_RSP
            self.reg_rbp = UC_X86_REG_RBP
            self.reg_rip = UC_X86_REG_RIP
        elif mode == UC_MODE_16:
            self.md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
            self.reg_rsp = UC_X86_REG_SP
            self.reg_rbp = UC_X86_REG_BP
            self.reg_rip = UC_X86_REG_IP
        else:
            raise Exception('Unknown x86 mode: %d' % mode)
        self.mode = mode 

def _checkCode(self, rawCode):
        md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
        md.detail = True

        checkJmp = True
        for i in md.disasm(rawCode, 0):
            # Check for JUMPs and CALLs before the first PUSH/RET.
            if checkJmp and len(i.groups) > 0:
                # Group check if available
                if hasattr(capstone.x86, 'X86_GRP_CALL') and hasattr(capstone.x86, 'X86_GRP_RET'):
                    if capstone.x86.X86_GRP_CALL in i.groups or capstone.x86.X86_GRP_JUMP in i.groups:
                        self._suspiciousBehaviour.append('JMP or CALL before relocation')
                        checkJmp = False
                    elif capstone.x86.X86_GRP_RET in i.groups:
                        # Stop search after the first PUSH/RET
                        checkJmp = False
                # Manual check in case capstone version doesn't support CALL and RET groups
                else:
                    if i.mnemonic[0] == 'j' or i.mnemonic == 'call':
                        self._suspiciousBehaviour.append('JMP or CALL before relocation')
                        checkJmp = False
                    elif i.mnemonic[:3] == 'ret':
                        # Stop search after the first PUSH/RET
                        checkJmp = False

            # Check for unknown interrupt
            if i.mnemonic == 'int' and i.bytes[1] not in (0x10, 0x13, 0x18, 0x1a):
                self._suspiciousBehaviour.append('Unknown Interrupt : {0:#x}'.format(i.bytes[1])) 

def _checkCode(self, code):
        md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
        md.detail = True
        for i in md.disasm(code, 0):
            # Check for unknown interrupt
            if i.mnemonic == 'int' and i.bytes[1] not in (0x10, 0x13, 0x18, 0x1a):
                self._suspiciousBehaviour.append('Unknown Interrupt : {0:#x}'.format(i.bytes[1])) 

def _checkCode(self, code):
        md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_16)
        md.detail = True
        for i in md.disasm(code, 0):
            # Check for unknown interrupt
            if i.mnemonic == 'int' and i.bytes[1] not in (0x10, 0x13, 0x18, 0x1a):
                self._suspiciousBehaviour.append('Unknown Interrupt : {0:#x}'.format(i.bytes[1]))