Last active
January 30, 2024 11:26
-
-
Save oopsmishap/9493b93a47f26db3b93f28ffbeeb530b to your computer and use it in GitHub Desktop.
ZeusVM handler semantics extractor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "cells": [ | |
| { | |
| "cell_type": "code", | |
| "execution_count": 1, | |
| "id": "6878a815", | |
| "metadata": {}, | |
| "outputs": [], | |
| "source": [ | |
| "handler_names = {\n", | |
| " 4362945: '0_inc_pc_1',\n", | |
| " 4362972: '1_inc_pc_2',\n", | |
| " 4363002: '2_inc_pc_4',\n", | |
| " 4363035: '3_xor_data_imm_1',\n", | |
| " 4363077: '4_xor_data_imm_2',\n", | |
| " 4363123: '5_xor_data_imm_4',\n", | |
| " 4363167: '6_add_data_imm_1',\n", | |
| " 4363209: '7_add_data_imm_2',\n", | |
| " 4363255: '8_add_data_imm_4',\n", | |
| " 4363299: '9_sub_data_imm_1',\n", | |
| " 4363341: '10_sub_data_imm_2',\n", | |
| " 4363387: '11_sub_data_imm_4',\n", | |
| " 4363431: '12_rol_data_imm_1',\n", | |
| " 4363486: '13_rol_data_imm_2',\n", | |
| " 4363545: '14_rol_data_imm_4',\n", | |
| " 4363601: '15_ror_data_imm_1',\n", | |
| " 4363656: '16_ror_data_imm_2',\n", | |
| " 4363715: '17_ror_data_imm_4',\n", | |
| " 4363771: '18_not_data_1',\n", | |
| " 4363807: '19_not_data_2',\n", | |
| " 4363845: '20_not_data_4',\n", | |
| " 4363882: '21_shuffle_data_4',\n", | |
| " 4364228: '22_rc4_dec',\n", | |
| " 4363971: '23_set_counter_1',\n", | |
| " 4364009: '24_set_counter_2',\n", | |
| " 4364049: '25_set_counter_4',\n", | |
| " 4364088: '26_add_data_imm_2',\n", | |
| " 4364128: '27_loop_1',\n", | |
| " 4364177: '28_loop_2',\n", | |
| " 4364303: '29_store_reg_imm_1',\n", | |
| " 4364352: '30_store_reg_imm_2',\n", | |
| " 4364398: '31_store_reg_imm_4',\n", | |
| " 4364443: '32_mov_reg_reg_1',\n", | |
| " 4364496: '33_mov_reg_reg_2',\n", | |
| " 4364549: '34_mov_reg_reg_4',\n", | |
| " 4364601: '35_add_reg_reg_1',\n", | |
| " 4364656: '36_add_reg_reg_2',\n", | |
| " 4364711: '37_add_reg_reg_4',\n", | |
| " 4364911: '38_sub_reg_reg_1',\n", | |
| " 4364966: '39_sub_reg_reg_2',\n", | |
| " 4365021: '40_sub_reg_reg_4',\n", | |
| " 4365221: '41_xor_reg_reg_1',\n", | |
| " 4365276: '42_xor_reg_reg_2',\n", | |
| " 4365331: '43_xor_reg_reg_4',\n", | |
| " 4364765: '44_add_reg_imm_1',\n", | |
| " 4364816: '45_add_reg_imm_2',\n", | |
| " 4364864: '46_add_reg_imm_4',\n", | |
| " 4365075: '47_sub_reg_imm_1',\n", | |
| " 4365126: '48_sub_reg_imm_2',\n", | |
| " 4365174: '49_sub_reg_imm_4',\n", | |
| " 4365385: '50_xor_reg_imm_1',\n", | |
| " 4365436: '51_xor_reg_imm_2',\n", | |
| " 4365484: '52_xor_reg_imm_4',\n", | |
| " 4365837: '53_add_data_reg_1',\n", | |
| " 4365891: '54_add_data_reg_2',\n", | |
| " 4365948: '55_add_data_reg_4',\n", | |
| " 4366003: '56_sub_data_reg_1',\n", | |
| " 4366057: '57_sub_data_reg_2',\n", | |
| " 4366114: '58_sub_data_reg_4',\n", | |
| " 4366169: '59_xor_data_reg_1',\n", | |
| " 4366223: '60_xor_data_reg_2',\n", | |
| " 4366280: '61_xor_data_reg_4',\n", | |
| " 4365531: '62_mov_reg_data_1',\n", | |
| " 4365580: '63_mov_reg_data_2',\n", | |
| " 4365629: '64_mov_reg_data_4',\n", | |
| " 4365677: '65_mov_data_reg_1',\n", | |
| " 4365729: '66_mov_data_reg_2',\n", | |
| " 4365784: '67_mov_data_reg_4',\n", | |
| " 4363032: '68_exit',\n", | |
| "}" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "execution_count": 2, | |
| "id": "initial_id", | |
| "metadata": { | |
| "ExecuteTime": { | |
| "end_time": "2024-01-08T21:49:38.910670300Z", | |
| "start_time": "2024-01-08T21:49:38.888479800Z" | |
| }, | |
| "collapsed": true | |
| }, | |
| "outputs": [], | |
| "source": [ | |
| "# Based on: https://miasm.re/blog/2016/09/03/zeusvm_analysis.html\n", | |
| "\n", | |
| "from miasm.analysis.simplifier import IRCFGSimplifierSSA\n", | |
| "from miasm.core.asmblock import AsmCFG, disasmEngine, AsmBlock\n", | |
| "from miasm.core.locationdb import LocationDB, LocKey\n", | |
| "from miasm.analysis.machine import Machine\n", | |
| "from miasm.analysis.binary import Container\n", | |
| "from miasm.expression.expression import *\n", | |
| "from miasm.expression.simplifications import expr_simp\n", | |
| "from miasm.ir.symbexec import SymbolicExecutionEngine, SymbolicState\n", | |
| "from miasm.arch.x86 import regs\n", | |
| "from miasm.ir.ir import IRCFG\n", | |
| "from miasm.ir.symbexec import get_block\n", | |
| "from miasm.core.utils import upck32\n", | |
| "\n", | |
| "import os\n", | |
| "os.environ[\"PATH\"] += os.pathsep + 'C:\\\\Program Files\\\\Graphviz\\\\bin'\n", | |
| "\n", | |
| "# See: https://github.com/cea-sec/miasm/issues/1103#issuecomment-558300592\n", | |
| "# credits: @mrexodia\n", | |
| "class MySymbolicExecutionEngine(SymbolicExecutionEngine):\n", | |
| " def __init__(self, cont: Container, lifter, state=None):\n", | |
| " super().__init__(lifter, state=state)\n", | |
| " self.cont = cont\n", | |
| "\n", | |
| " def mem_read(self, expr_mem: ExprMem):\n", | |
| "\n", | |
| " if expr_mem in self.symbols:\n", | |
| " return self.symbols.read(expr_mem)\n", | |
| " \n", | |
| " if expr_mem.ptr.is_int():\n", | |
| " addr = expr_mem.ptr.arg\n", | |
| " size = expr_mem.size\n", | |
| " try:\n", | |
| " data = self.cont.bin_stream.getbytes(addr, size // 8)\n", | |
| " formats = {\n", | |
| " 8: \"<B\",\n", | |
| " 16: \"<H\",\n", | |
| " 32: \"<L\",\n", | |
| " 64: \"<Q\",\n", | |
| " }\n", | |
| " import struct\n", | |
| " value = struct.unpack(formats[size], data)[0]\n", | |
| " # print(f\" mem_read({expr_mem}) = {value:x} (concrete)\")\n", | |
| " return ExprInt(value, size)\n", | |
| " except IOError:\n", | |
| " pass\n", | |
| "\n", | |
| " # Fall back to original behavior\n", | |
| " result = super().mem_read(expr_mem)\n", | |
| "\n", | |
| " # if result.is_int():\n", | |
| " # print(f\" mem_read({expr_mem}) -> concrete {repr(result)}\")\n", | |
| " # else:\n", | |
| " # print(f\" mem_read({expr_mem}) -> symbolic({result})\")\n", | |
| " return result\n", | |
| "\n", | |
| " def mem_write(self, expr_mem: ExprMem, expr: Expr):\n", | |
| " # if expr.is_int():\n", | |
| " # print(f\"mem_write({expr_mem}) <- concrete {repr(expr)}\")\n", | |
| " # else:\n", | |
| " # print(f\"mem_write({expr_mem}) <- symbolic({expr})\")\n", | |
| " super().mem_write(expr_mem, expr)" | |
| ] | |
| }, | |
| { | |
| "cell_type": "code", | |
| "execution_count": 6, | |
| "id": "e13bd401", | |
| "metadata": {}, | |
| "outputs": [ | |
| { | |
| "name": "stdout", | |
| "output_type": "stream", | |
| "text": [ | |
| "handler: 0x4292c1 (0_inc_pc_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_1 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_1 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " OP_BYTE_1 = (OP_BYTE_1 ^ @8[PC] ^ 0xC7) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4292dc (1_inc_pc_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x45) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4292fa (2_inc_pc_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_4 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_4 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " OP_BYTE_4 = (OP_BYTE_1 ^ OP_BYTE_4 ^ 0x25) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42931b (3_xor_data_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x51) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = OP_BYTE_1 ^ @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = OP_BYTE_1 ^ @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429345 (4_xor_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x32) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] ^ {OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] ^ {OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429373 (5_xor_data_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_5 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_5 = (OP_BYTE_1 ^ OP_BYTE_5 ^ 0x7C) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] ^ {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_5 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] ^ {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42939f (6_add_data_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = OP_BYTE_1 + @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xB4) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = OP_BYTE_1 + @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4293c9 (7_add_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x16) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + {OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + {OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4293f7 (8_add_data_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_5 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_5 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_5 = (OP_BYTE_1 ^ OP_BYTE_5 ^ 0x2) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429423 (9_sub_data_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] + -OP_BYTE_1\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xC9) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] + -OP_BYTE_1\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42944d (10_sub_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0xF7) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42947b (11_sub_data_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_5 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_5 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_5 = (OP_BYTE_1 ^ OP_BYTE_5 ^ 0x71) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4294a7 (12_rol_data_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xC) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & (((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xC) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] <<< (OP_BYTE_1 & 0x7)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & (((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] <<< (OP_BYTE_1 & 0x7)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !(((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4294de (13_rol_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xFA) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] <<< ({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xFA) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] <<< ({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429519 (14_rol_data_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x57) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] <<< ({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x57) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] <<< ({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429551 (15_ror_data_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !(((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x98) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & (((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x98) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] >>> (OP_BYTE_1 & 0x7)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & (((OP_BYTE_1 & 0x7) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] >>> (OP_BYTE_1 & 0x7)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429588 (16_ror_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xD3) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] >>> ({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xD3) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] >>> ({OP_BYTE_1 & 0xF 0 8, 0x0 8 16} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4295c3 (17_ror_data_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xFB) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xFB) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] >>> ({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & ((({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F) == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] >>> ({OP_BYTE_1 & 0x1F 0 8, 0x0 8 32} & 0x1F)\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4295fb (18_not_data_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_1 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] ^ 0xFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_1 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_1 = (OP_BYTE_1 ^ @8[PC] ^ 0xFA) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] ^ 0xFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42961f (19_not_data_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_1 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] ^ 0xFFFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_1 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_1 = (OP_BYTE_1 ^ @8[PC] ^ 0x28) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] ^ 0xFFFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429645 (20_not_data_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_1 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_1 = (OP_BYTE_1 ^ @8[PC] ^ 0x4) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] ^ 0xFFFFFFFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_1 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x1\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] ^ 0xFFFFFFFF\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42966a (21_shuffle_data_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x2) & 0x3 0 8, 0x0 8 32}] = @32[DATA][8:16]\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x4) & 0x3 0 8, 0x0 8 32}] = @32[DATA][16:24]\n", | |
| " @8[DATA + {OP_BYTE_1 & 0x3 0 8, 0x0 8 32}] = @8[DATA]\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x6) & 0x3 0 8, 0x0 8 32}] = @32[DATA][24:32]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x82) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x2) & 0x3 0 8, 0x0 8 32}] = @32[DATA][8:16]\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x4) & 0x3 0 8, 0x0 8 32}] = @32[DATA][16:24]\n", | |
| " @8[DATA + {OP_BYTE_1 & 0x3 0 8, 0x0 8 32}] = @8[DATA]\n", | |
| " @8[DATA + {(OP_BYTE_1 >> 0x6) & 0x3 0 8, 0x0 8 32}] = @32[DATA][24:32]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4297c4 (22_rc4_dec)\n", | |
| "====================================\n", | |
| "Max count reached\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4296c3 (23_set_counter_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " COUNTER = {OP_BYTE_1 0 8, 0x0 8 32}\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x4E) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " COUNTER = {OP_BYTE_1 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4296e9 (24_set_counter_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " COUNTER = {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " COUNTER = {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32}\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x9D) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429711 (25_set_counter_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_5 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " COUNTER = {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_5 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x5\n", | |
| " COUNTER = {OP_BYTE_1 0 8, OP_BYTE_2 8 16, OP_BYTE_3 16 24, OP_BYTE_4 24 32}\n", | |
| " OP_BYTE_5 = (OP_BYTE_1 ^ OP_BYTE_5 ^ 0x61) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429738 (26_add_data_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = OP_BYTE_2[7:8]?(DATA + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0xFFFF 16 32},DATA + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32})\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " DATA = OP_BYTE_2[7:8]?(DATA + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0xFFFF 16 32},DATA + {OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32})\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x8F) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429760 (27_loop_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & ((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + -{OP_BYTE_1 0 8, 0x0 8 32} + 0x2\n", | |
| " COUNTER = COUNTER + 0xFFFFFFFF\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0) & !((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((COUNTER == 0x0) ^ 0x1) & (OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xF8) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_2 <s 0x0) & ((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + -{OP_BYTE_1 0 8, 0x0 8 32} + 0x2\n", | |
| " COUNTER = COUNTER + 0xFFFFFFFF\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xF8) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429791 (28_loop_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !((COUNTER == 0x0) ^ 0x1) & (OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x2C) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " (OP_BYTE_3 <s 0x0) & ((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32} + 0x3\n", | |
| " COUNTER = COUNTER + 0xFFFFFFFF\n", | |
| " OP_BYTE_3 = (OP_BYTE_1 ^ OP_BYTE_3 ^ 0x2C) & 0x7F\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0) & !((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0) & ((COUNTER == 0x0) ^ 0x1)\n", | |
| " Operation:\n", | |
| " PC = PC + -{OP_BYTE_1 0 8, OP_BYTE_2 8 16, 0x0 16 32} + 0x3\n", | |
| " COUNTER = COUNTER + 0xFFFFFFFF\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42980f (29_store_reg_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " REGX = {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " OP_BYTE_3 = (OP_BYTE_2 ^ OP_BYTE_3 ^ 0xB3) & 0x7F\n", | |
| " REGX = {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429840 (30_store_reg_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_4 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " REGX = {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_4 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " OP_BYTE_4 = (OP_BYTE_2 ^ OP_BYTE_4 ^ 0x9D) & 0x7F\n", | |
| " REGX = {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42986e (31_store_reg_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_6 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " OP_BYTE_6 = (OP_BYTE_2 ^ OP_BYTE_6 ^ 0xAF) & 0x7F\n", | |
| " REGX = {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_6 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " REGX = {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x42989b (32_mov_reg_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xD5) & 0x7F\n", | |
| " REGX = {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4298d0 (33_mov_reg_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x9D) & 0x7F\n", | |
| " REGX = {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429905 (34_mov_reg_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x4C) & 0x7F\n", | |
| " REGX = REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429939 (35_add_reg_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x1F) & 0x7F\n", | |
| " REGX = REGX + {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429970 (36_add_reg_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xC9) & 0x7F\n", | |
| " REGX = REGX + {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4299a7 (37_add_reg_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xE0) & 0x7F\n", | |
| " REGX = REGX + REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429a6f (38_sub_reg_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x75) & 0x7F\n", | |
| " REGX = REGX + -{REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + -{REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429aa6 (39_sub_reg_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x8B) & 0x7F\n", | |
| " REGX = REGX + -{REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + -{REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429add (40_sub_reg_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX + -REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xDD) & 0x7F\n", | |
| " REGX = REGX + -REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429ba5 (41_xor_reg_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x77) & 0x7F\n", | |
| " REGX = REGX ^ {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX ^ {REGY 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429bdc (42_xor_reg_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX ^ {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x79) & 0x7F\n", | |
| " REGX = REGX ^ {REGY 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429c13 (43_xor_reg_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = REGX ^ REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x6A) & 0x7F\n", | |
| " REGX = REGX ^ REGY\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x4299dd (44_add_reg_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " OP_BYTE_3 = (OP_BYTE_2 ^ OP_BYTE_3 ^ 0x49) & 0x7F\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429a10 (45_add_reg_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_4 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_4 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " OP_BYTE_4 = (OP_BYTE_2 ^ OP_BYTE_4 ^ 0xF3) & 0x7F\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429a40 (46_add_reg_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_6 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " OP_BYTE_6 = (OP_BYTE_2 ^ OP_BYTE_6 ^ 0x1C) & 0x7F\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_6 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " REGX = REGX + {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429b13 (47_sub_reg_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " OP_BYTE_3 = (OP_BYTE_2 ^ OP_BYTE_3 ^ 0x54) & 0x7F\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429b46 (48_sub_reg_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_4 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_4 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " OP_BYTE_4 = (OP_BYTE_2 ^ OP_BYTE_4 ^ 0x53) & 0x7F\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429b76 (49_sub_reg_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_6 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " OP_BYTE_6 = (OP_BYTE_2 ^ OP_BYTE_6 ^ 0x23) & 0x7F\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_6 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " REGX = REGX + -{OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429c49 (50_xor_reg_imm_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_3 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " OP_BYTE_3 = (OP_BYTE_2 ^ OP_BYTE_3 ^ 0x6E) & 0x7F\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_3 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x3\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429c7c (51_xor_reg_imm_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_4 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_4 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x4\n", | |
| " OP_BYTE_4 = (OP_BYTE_2 ^ OP_BYTE_4 ^ 0x9A) & 0x7F\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, OP_BYTE_3 8 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429cac (52_xor_reg_imm_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_6 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_6 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x6\n", | |
| " OP_BYTE_6 = (OP_BYTE_2 ^ OP_BYTE_6 ^ 0xD1) & 0x7F\n", | |
| " REGX = REGX ^ {OP_BYTE_2 0 8, OP_BYTE_3 8 16, OP_BYTE_4 16 24, OP_BYTE_5 24 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429e0d (53_add_data_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX + @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x46) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX + @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429e43 (54_add_data_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX + @16[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x32) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX + @16[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429e7c (55_add_data_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX + @32[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x3D) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX + @32[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429eb3 (56_sub_data_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x4) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = @8[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429ee9 (57_sub_data_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xDB) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = @16[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429f22 (58_sub_data_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xC6) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = @32[DATA] + -REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429f59 (59_xor_data_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x7D) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX ^ @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX ^ @8[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429f8f (60_xor_data_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX ^ @16[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x71) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX ^ @16[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429fc8 (61_xor_data_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX ^ @32[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x7A) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX ^ @32[DATA]\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429cdb (62_mov_reg_data_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = {@8[DATA] 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xBC) & 0x7F\n", | |
| " REGX = {@8[DATA] 0 8, 0x0 8 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429d0c (63_mov_reg_data_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = {@16[DATA] 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x3D) & 0x7F\n", | |
| " REGX = {@16[DATA] 0 16, 0x0 16 32}\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429d3d (64_mov_reg_data_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x9F) & 0x7F\n", | |
| " REGX = @32[DATA]\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " REGX = @32[DATA]\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429d6d (65_mov_data_reg_1)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x1\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x22) & 0x7F\n", | |
| " Memory:\n", | |
| " @8[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429da1 (66_mov_data_reg_2)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x2\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0xF8) & 0x7F\n", | |
| " Memory:\n", | |
| " @16[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429dd8 (67_mov_data_reg_4)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " !(OP_BYTE_2 <s 0x0)\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " OP_BYTE_2 <s 0x0\n", | |
| " Operation:\n", | |
| " PC = PC + 0x2\n", | |
| " DATA = DATA + 0x4\n", | |
| " OP_BYTE_2 = (OP_BYTE_1 ^ OP_BYTE_2 ^ 0x56) & 0x7F\n", | |
| " Memory:\n", | |
| " @32[DATA] = REGX\n", | |
| " Return value:\n", | |
| " 0x1\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n", | |
| "handler: 0x429318 (68_exit)\n", | |
| "====================================\n", | |
| "----- State -----\n", | |
| " Condition:\n", | |
| " 0x1\n", | |
| " Operation:\n", | |
| " Memory:\n", | |
| " Return value:\n", | |
| " 0x0\n", | |
| "----- End State -----\n", | |
| "\n", | |
| "====================================\n", | |
| "\n" | |
| ] | |
| } | |
| ], | |
| "source": [ | |
| "class MiasmWrapper:\n", | |
| " def __init__(self, filename):\n", | |
| " self.loc_db = LocationDB()\n", | |
| " self.cont: Container\n", | |
| " with open(filename, \"rb\") as f:\n", | |
| " self.cont = Container.from_stream(f, self.loc_db)\n", | |
| " self.machine = Machine(self.cont.arch)\n", | |
| " self.dis: disasmEngine = self.machine.dis_engine(self.cont.bin_stream, loc_db=self.loc_db)\n", | |
| " self.dis.follow_call = True\n", | |
| " self.sb = None\n", | |
| "\n", | |
| "\n", | |
| "class ZeusVM(MiasmWrapper):\n", | |
| " def __init__(self, filename, handler_array: int, handler_count: int = 69):\n", | |
| " super().__init__(filename)\n", | |
| " self.exprs = {}\n", | |
| " self.exprs_extra = {}\n", | |
| " self.handler_array = handler_array\n", | |
| " self.handler_count = handler_count\n", | |
| " self.ret_addr = None\n", | |
| " self.init_symbols = None\n", | |
| "\n", | |
| " def get_handler_table(self):\n", | |
| " return self.cont.bin_stream.getbytes(self.handler_array, self.handler_count*4)\n", | |
| "\n", | |
| " def setup_ctx(self):\n", | |
| " symbols_init = dict(regs.regs_init)\n", | |
| "\n", | |
| " self.init_symbols = symbols_init.items()\n", | |
| " self.ret_addr = ExprId(\"RET_ADDR\", 32)\n", | |
| " vm_pc_init = ExprId(\"PC\", 32)\n", | |
| "\n", | |
| " ecx_init = expr_simp(ExprMem(regs.ECX_init, 32))\n", | |
| " self.exprs[ecx_init] = vm_pc_init\n", | |
| "\n", | |
| " esp_init = expr_simp(ExprMem(regs.ESP_init - ExprInt(4, 32), 32))\n", | |
| " esp_init2 = expr_simp(regs.ESP_init - ExprInt(4, 32))\n", | |
| " self.exprs[esp_init] = self.ret_addr\n", | |
| " self.exprs[regs.ESP] = esp_init2\n", | |
| "\n", | |
| " data_init = expr_simp(ExprMem(regs.ECX_init + ExprInt(4, 32), 32))\n", | |
| " self.exprs[data_init] = ExprId(\"DATA\", 32)\n", | |
| "\n", | |
| " counter_init = expr_simp(ExprMem(regs.ECX_init + ExprInt(8, 32), 32))\n", | |
| " self.exprs[counter_init] = ExprId(\"COUNTER\", 32)\n", | |
| "\n", | |
| " for i in range(0, 16):\n", | |
| " reg_init = expr_simp(ExprMem(regs.ECX_init + ExprInt(4*(i+3), 32), 32))\n", | |
| " self.exprs[reg_init] = ExprId(f\"REG{i}\", 32)\n", | |
| "\n", | |
| " self.exprs_extra = dict(self.exprs)\n", | |
| "\n", | |
| " op_byte = ExprMem(vm_pc_init, 8)\n", | |
| " op_byte_s = ExprId(f\"INSN_BYTE\", 8)\n", | |
| "\n", | |
| " for i in range(1, 8):\n", | |
| " op_byte = ExprMem(expr_simp(vm_pc_init + ExprInt(i, 32)), 8)\n", | |
| " op_byte_s = ExprId(f\"OP_BYTE_{i}\", 8)\n", | |
| " self.sb.mem_write(op_byte, op_byte_s)\n", | |
| " self.exprs_extra[op_byte] = op_byte_s\n", | |
| "\n", | |
| " # registers == OP_BYTE_1[0:4] (REGX) and OP_BYTE_1[4:8] (REGY)\n", | |
| "\n", | |
| " base_regx = expr_simp(regs.ECX_init + (ExprCompose(ExprId('OP_BYTE_1', 8), ExprInt(0x0, 24)) & ExprInt(0xF, 32)) * ExprInt(4, 32) + ExprInt(0xC, 32)) \n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regx, 32))] = ExprId(\"REGX\", 32)\n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regx, 16))] = ExprId(\"REGX\", 16)\n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regx, 8))] = ExprId(\"REGX\", 8)\n", | |
| "\n", | |
| " base_regy = expr_simp(regs.ECX_init + (ExprCompose(ExprId('OP_BYTE_1', 8)[4:8], ExprInt(0x0, 28)) * ExprInt(4, 32)) + ExprInt(0xC, 32))\n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regy, 32))] = ExprId(\"REGY\", 32)\n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regy, 16))] = ExprId(\"REGY\", 16)\n", | |
| " self.exprs_extra[expr_simp(ExprMem(base_regy, 8))] = ExprId(\"REGY\", 8)\n", | |
| "\n", | |
| " for k, v in self.exprs.items():\n", | |
| " self.sb.symbols.write(k, v)\n", | |
| "\n", | |
| " def dump_handler_state(self, cond: Expr, ret_val: Expr = None):\n", | |
| " print(\"----- State -----\")\n", | |
| " out = {}\n", | |
| " expr: Expr\n", | |
| " for expr, value in sorted(self.sb.symbols.items()):\n", | |
| " if (expr, value) in self.init_symbols:\n", | |
| " continue\n", | |
| " if (expr, value) in self.exprs_extra:\n", | |
| " continue\n", | |
| " if expr in [regs.zf, regs.cf, regs.nf, regs.of, regs.pf, regs.af, self.sb.lifter.IRDst, regs.EIP]:\n", | |
| " continue\n", | |
| " expr_s = expr_simp(expr.replace_expr(self.exprs_extra))\n", | |
| " expr = expr_s\n", | |
| " value = expr_simp(value.replace_expr(self.exprs_extra))\n", | |
| " if expr == value:\n", | |
| " continue\n", | |
| " out[expr] = value\n", | |
| "\n", | |
| " out = sorted(out.items())\n", | |
| " x86_regs = []\n", | |
| " memory = []\n", | |
| " other = []\n", | |
| "\n", | |
| " for expr, value in out:\n", | |
| " if expr in regs.all_regs_ids:\n", | |
| " x86_regs.append((expr, value))\n", | |
| " elif isinstance(expr, ExprMem):\n", | |
| " memory.append((expr, value))\n", | |
| " else:\n", | |
| " other.append((expr, value))\n", | |
| " \n", | |
| " print(f\" Condition:\")\n", | |
| " print(f\" {expr_simp(cond)}\")\n", | |
| " print(\" Operation:\")\n", | |
| " for item in other:\n", | |
| " print(f\" {item[0]} = {item[1]}\")\n", | |
| " print(\" Memory:\")\n", | |
| " for item in memory:\n", | |
| " print(f\" {item[0]} = {item[1]}\")\n", | |
| " print(\" Return value:\")\n", | |
| " print(f\" {ret_val}\")\n", | |
| " print(\"----- End State -----\")\n", | |
| " print()\n", | |
| "\n", | |
| "\n", | |
| " def get_block(lifter, ircfg, mdis, addr):\n", | |
| " \"\"\"Get IRBlock at address @addr\"\"\"\n", | |
| " loc_key = ircfg.get_or_create_loc_key(addr)\n", | |
| " if not loc_key in ircfg.blocks:\n", | |
| " offset = mdis.loc_db.get_location_offset(loc_key)\n", | |
| " block = mdis.dis_block(offset)\n", | |
| " lifter.add_asmblock_to_ircfg(block, ircfg)\n", | |
| " irblock = ircfg.get_block(loc_key)\n", | |
| " if irblock is None:\n", | |
| " raise LookupError('No block found at that address: %s' % lifter.loc_db.pretty_str(loc_key))\n", | |
| " return irblock\n", | |
| " \n", | |
| "\n", | |
| " def lift_handler(self, handler_addr):\n", | |
| " lifter = self.machine.lifter(self.loc_db)\n", | |
| " my_regs = self.machine.mn.regs.regs_init\n", | |
| " \n", | |
| " self.sb = MySymbolicExecutionEngine(self.cont, lifter, my_regs)\n", | |
| " self.setup_ctx()\n", | |
| "\n", | |
| " state = self.sb.get_state()\n", | |
| " todo = set([(handler_addr, state, ExprInt(1, 1))])\n", | |
| "\n", | |
| " ircfg: IRCFG = lifter.new_ircfg()\n", | |
| "\n", | |
| " count = 20\n", | |
| " while todo and count > 0:\n", | |
| " count -= 1\n", | |
| " addr, state, cond = todo.pop()\n", | |
| " \n", | |
| " self.sb.set_state(state)\n", | |
| "\n", | |
| " block = None\n", | |
| "\n", | |
| " loc_key = ircfg.get_or_create_loc_key(addr)\n", | |
| " if not loc_key in ircfg.blocks:\n", | |
| " offset = self.dis.loc_db.get_location_offset(loc_key)\n", | |
| " block = self.dis.dis_block(offset)\n", | |
| " # print(block)\n", | |
| " lifter.add_asmblock_to_ircfg(block, ircfg)\n", | |
| " irblock = ircfg.get_block(loc_key)\n", | |
| " if irblock is None:\n", | |
| " raise LookupError('No block found at that address: %s' % lifter.loc_db.pretty_str(loc_key))\n", | |
| " \n", | |
| " # print(block)\n", | |
| "\n", | |
| " prev_state = self.sb.get_state()\n", | |
| "\n", | |
| " addr: Expr = self.sb.run_block_at(ircfg, addr)\n", | |
| " \n", | |
| " self.sb.del_mem_above_stack(self.sb.lifter.sp)\n", | |
| "\n", | |
| " if addr is self.ret_addr:\n", | |
| " # print(\"Return address reached\")\n", | |
| " ret_mn = expr_simp(self.sb.eval_expr(regs.EAX[:8]))\n", | |
| " # if ret_mn != ExprInt(1, 8):\n", | |
| " # print(f\"Suspicious return value: {ret_mn}\")\n", | |
| " self.dump_handler_state(cond, ret_mn)\n", | |
| " continue\n", | |
| " elif isinstance(addr, ExprCond):\n", | |
| " curr_cond = addr.cond\n", | |
| " if curr_cond.size != 1:\n", | |
| " curr_cond = ~ExprOp('==', curr_cond, ExprInt(0, curr_cond.size))\n", | |
| " todo.add((addr.src1, self.sb.get_state(), ExprOp('&', cond, curr_cond)))\n", | |
| " todo.add((addr.src2, self.sb.get_state(), ExprOp('&', cond, ExprOp('!', curr_cond))))\n", | |
| " continue\n", | |
| " elif addr.is_int() or addr.is_loc():\n", | |
| " # print(f\"PC is concrete: {addr}\")\n", | |
| " todo.add((addr, self.sb.get_state(), cond))\n", | |
| " else:\n", | |
| " raise NotImplementedError()\n", | |
| " if count == 0:\n", | |
| " print(\"Max count reached\")\n", | |
| "\n", | |
| " def extract_handler_addresses(self):\n", | |
| " handler_table = self.get_handler_table()\n", | |
| " handlers = []\n", | |
| " for i in range(0, len(handler_table), 4):\n", | |
| " handlers.append(upck32(handler_table[i:i+4]))\n", | |
| " return handlers\n", | |
| "\n", | |
| "\n", | |
| "filename = \"bin/zeus.bin\"\n", | |
| "zeus_handler_table_addr = 0x436020\n", | |
| "\n", | |
| "zeus = ZeusVM(filename, zeus_handler_table_addr)\n", | |
| "handlers = zeus.extract_handler_addresses()\n", | |
| "\n", | |
| "for i, handler in enumerate(handlers):\n", | |
| " print(f\"handler: 0x{handler:x} ({handler_names[handler]})\")\n", | |
| " print(\"====================================\")\n", | |
| " zeus.lift_handler(handler)\n", | |
| " print(\"====================================\")\n", | |
| " print()" | |
| ] | |
| } | |
| ], | |
| "metadata": { | |
| "kernelspec": { | |
| "display_name": "Python 3", | |
| "language": "python", | |
| "name": "python3" | |
| }, | |
| "language_info": { | |
| "codemirror_mode": { | |
| "name": "ipython", | |
| "version": 3 | |
| }, | |
| "file_extension": ".py", | |
| "mimetype": "text/x-python", | |
| "name": "python", | |
| "nbconvert_exporter": "python", | |
| "pygments_lexer": "ipython3", | |
| "version": "3.11.3" | |
| } | |
| }, | |
| "nbformat": 4, | |
| "nbformat_minor": 5 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment