1from abc import ABCMeta, abstractmethod 2 3import lldb 4import json, struct, signal 5 6 7class ScriptedProcess(metaclass=ABCMeta): 8 """ 9 The base class for a scripted process. 10 11 Most of the base class methods are `@abstractmethod` that need to be 12 overwritten by the inheriting class. 13 """ 14 15 capabilities = None 16 memory_regions = None 17 loaded_images = None 18 threads = None 19 metadata = None 20 21 @abstractmethod 22 def __init__(self, exe_ctx, args): 23 """Construct a scripted process. 24 25 Args: 26 exe_ctx (lldb.SBExecutionContext): The execution context for the scripted process. 27 args (lldb.SBStructuredData): A Dictionary holding arbitrary 28 key/value pairs used by the scripted process. 29 """ 30 target = None 31 self.target = None 32 self.args = None 33 self.arch = None 34 if isinstance(exe_ctx, lldb.SBExecutionContext): 35 target = exe_ctx.target 36 if isinstance(target, lldb.SBTarget) and target.IsValid(): 37 self.target = target 38 triple = self.target.triple 39 if triple: 40 self.arch = triple.split("-")[0] 41 self.dbg = target.GetDebugger() 42 if isinstance(args, lldb.SBStructuredData) and args.IsValid(): 43 self.args = args 44 self.threads = {} 45 self.loaded_images = [] 46 self.metadata = {} 47 self.capabilities = {} 48 self.pid = 42 49 50 def get_capabilities(self): 51 """Get a dictionary containing the process capabilities. 52 53 Returns: 54 Dict[str:bool]: The dictionary of capability, with the capability 55 name as the key and a boolean flag as the value. 56 The dictionary can be empty. 57 """ 58 return self.capabilities 59 60 def get_memory_region_containing_address(self, addr): 61 """Get the memory region for the scripted process, containing a 62 specific address. 63 64 Args: 65 addr (int): Address to look for in the scripted process memory 66 regions. 67 68 Returns: 69 lldb.SBMemoryRegionInfo: The memory region containing the address. 70 None if out of bounds. 71 """ 72 return None 73 74 def get_threads_info(self): 75 """Get the dictionary describing the process' Scripted Threads. 76 77 Returns: 78 Dict: The dictionary of threads, with the thread ID as the key and 79 a Scripted Thread instance as the value. 80 The dictionary can be empty. 81 """ 82 return self.threads 83 84 @abstractmethod 85 def read_memory_at_address(self, addr, size, error): 86 """Get a memory buffer from the scripted process at a certain address, 87 of a certain size. 88 89 Args: 90 addr (int): Address from which we should start reading. 91 size (int): Size of the memory to read. 92 error (lldb.SBError): Error object. 93 94 Returns: 95 lldb.SBData: An `lldb.SBData` buffer with the target byte size and 96 byte order storing the memory read. 97 """ 98 pass 99 100 def write_memory_at_address(self, addr, data, error): 101 """Write a buffer to the scripted process memory. 102 103 Args: 104 addr (int): Address from which we should start reading. 105 data (lldb.SBData): An `lldb.SBData` buffer to write to the process 106 memory. 107 error (lldb.SBError): Error object. 108 109 Returns: 110 size (int): Size of the memory to read. 111 """ 112 error.SetErrorString( 113 "%s doesn't support memory writes." % self.__class__.__name__ 114 ) 115 return 0 116 117 def get_loaded_images(self): 118 """Get the list of loaded images for the scripted process. 119 120 .. code-block:: python 121 122 scripted_image = { 123 uuid = "c6ea2b64-f77c-3d27-9528-74f507b9078b", 124 path = "/usr/lib/dyld" 125 load_addr = 0xbadc0ffee 126 } 127 128 Returns: 129 List[scripted_image]: A list of `scripted_image` dictionaries 130 containing for each entry the library UUID or its file path 131 and its load address. 132 None if the list is empty. 133 """ 134 return self.loaded_images 135 136 def get_process_id(self): 137 """Get the scripted process identifier. 138 139 Returns: 140 int: The scripted process identifier. 141 """ 142 return self.pid 143 144 def launch(self): 145 """Simulate the scripted process launch. 146 147 Returns: 148 lldb.SBError: An `lldb.SBError` with error code 0. 149 """ 150 return lldb.SBError() 151 152 def attach(self, attach_info): 153 """Simulate the scripted process attach. 154 155 Args: 156 attach_info (lldb.SBAttachInfo): The information related to the 157 process we're attaching to. 158 159 Returns: 160 lldb.SBError: An `lldb.SBError` with error code 0. 161 """ 162 return lldb.SBError() 163 164 def resume(self, should_stop=True): 165 """Simulate the scripted process resume. 166 167 Args: 168 should_stop (bool): If True, resume will also force the process 169 state to stopped after running it. 170 171 Returns: 172 lldb.SBError: An `lldb.SBError` with error code 0. 173 """ 174 process = self.target.GetProcess() 175 if not process: 176 error = lldb.SBError() 177 error.SetErrorString("Invalid process.") 178 return error 179 180 process.ForceScriptedState(lldb.eStateRunning) 181 if should_stop: 182 process.ForceScriptedState(lldb.eStateStopped) 183 return lldb.SBError() 184 185 @abstractmethod 186 def is_alive(self): 187 """Check if the scripted process is alive. 188 189 Returns: 190 bool: True if scripted process is alive. False otherwise. 191 """ 192 pass 193 194 @abstractmethod 195 def get_scripted_thread_plugin(self): 196 """Get scripted thread plugin name. 197 198 Returns: 199 str: Name of the scripted thread plugin. 200 """ 201 return None 202 203 def get_process_metadata(self): 204 """Get some metadata for the scripted process. 205 206 Returns: 207 Dict: A dictionary containing metadata for the scripted process. 208 None if the process as no metadata. 209 """ 210 return self.metadata 211 212 def create_breakpoint(self, addr, error): 213 """Create a breakpoint in the scripted process from an address. 214 This is mainly used with interactive scripted process debugging. 215 216 Args: 217 addr (int): Address at which the breakpoint should be set. 218 error (lldb.SBError): Error object. 219 220 Returns: 221 SBBreakpoint: A valid breakpoint object that was created a the specified 222 address. None if the breakpoint creation failed. 223 """ 224 error.SetErrorString( 225 "%s doesn't support creating breakpoints." % self.__class__.__name__ 226 ) 227 return False 228 229 230class ScriptedThread(metaclass=ABCMeta): 231 """ 232 The base class for a scripted thread. 233 234 Most of the base class methods are `@abstractmethod` that need to be 235 overwritten by the inheriting class. 236 """ 237 238 @abstractmethod 239 def __init__(self, process, args): 240 """Construct a scripted thread. 241 242 Args: 243 process (ScriptedProcess/lldb.SBProcess): The process owning this thread. 244 args (lldb.SBStructuredData): A Dictionary holding arbitrary 245 key/value pairs used by the scripted thread. 246 """ 247 self.target = None 248 self.originating_process = None 249 self.process = None 250 self.args = None 251 self.idx = 0 252 self.tid = 0 253 self.idx = None 254 self.name = None 255 self.queue = None 256 self.state = None 257 self.stop_reason = None 258 self.register_info = None 259 self.register_ctx = {} 260 self.frames = [] 261 self.extended_info = [] 262 263 if ( 264 isinstance(process, ScriptedProcess) 265 or isinstance(process, lldb.SBProcess) 266 and process.IsValid() 267 ): 268 self.target = process.target 269 self.originating_process = process 270 self.process = self.target.GetProcess() 271 self.get_register_info() 272 273 def get_thread_idx(self): 274 """Get the scripted thread index. 275 276 Returns: 277 int: The index of the scripted thread in the scripted process. 278 """ 279 return self.idx 280 281 def get_thread_id(self): 282 """Get the scripted thread identifier. 283 284 Returns: 285 int: The identifier of the scripted thread. 286 """ 287 return self.tid 288 289 def get_name(self): 290 """Get the scripted thread name. 291 292 Returns: 293 str: The name of the scripted thread. 294 """ 295 return self.name 296 297 def get_state(self): 298 """Get the scripted thread state type. 299 300 .. code-block:: python 301 302 eStateStopped, ///< Process or thread is stopped and can be examined. 303 eStateRunning, ///< Process or thread is running and can't be examined. 304 eStateStepping, ///< Process or thread is in the process of stepping and 305 /// can not be examined. 306 eStateCrashed, ///< Process or thread has crashed and can be examined. 307 308 Returns: 309 int: The state type of the scripted thread. 310 Returns lldb.eStateStopped by default. 311 """ 312 return lldb.eStateStopped 313 314 def get_queue(self): 315 """Get the scripted thread associated queue name. 316 This method is optional. 317 318 Returns: 319 str: The queue name associated with the scripted thread. 320 """ 321 return self.queue 322 323 @abstractmethod 324 def get_stop_reason(self): 325 """Get the dictionary describing the stop reason type with some data. 326 This method is optional. 327 328 Returns: 329 Dict: The dictionary holding the stop reason type and the possibly 330 the stop reason data. 331 """ 332 pass 333 334 def get_stackframes(self): 335 """Get the list of stack frames for the scripted thread. 336 337 .. code-block:: python 338 339 scripted_frame = { 340 idx = 0, 341 pc = 0xbadc0ffee 342 } 343 344 Returns: 345 List[scripted_frame]: A list of `scripted_frame` dictionaries 346 containing at least for each entry, the frame index and 347 the program counter value for that frame. 348 The list can be empty. 349 """ 350 return self.frames 351 352 def get_register_info(self): 353 if self.register_info is None: 354 self.register_info = dict() 355 if self.originating_process.arch == "x86_64": 356 self.register_info["sets"] = ["General Purpose Registers"] 357 self.register_info["registers"] = INTEL64_GPR 358 elif ( 359 "arm64" in self.originating_process.arch 360 or self.originating_process.arch == "aarch64" 361 ): 362 self.register_info["sets"] = ["General Purpose Registers"] 363 self.register_info["registers"] = ARM64_GPR 364 else: 365 raise ValueError("Unknown architecture", self.originating_process.arch) 366 return self.register_info 367 368 @abstractmethod 369 def get_register_context(self): 370 """Get the scripted thread register context 371 372 Returns: 373 str: A byte representing all register's value. 374 """ 375 pass 376 377 def get_extended_info(self): 378 """Get scripted thread extended information. 379 380 Returns: 381 List: A list containing the extended information for the scripted process. 382 None if the thread as no extended information. 383 """ 384 return self.extended_info 385 386 387class PassthroughScriptedProcess(ScriptedProcess): 388 driving_target = None 389 driving_process = None 390 391 def __init__(self, exe_ctx, args, launched_driving_process=True): 392 super().__init__(exe_ctx, args) 393 394 self.driving_target = None 395 self.driving_process = None 396 397 self.driving_target_idx = args.GetValueForKey("driving_target_idx") 398 if self.driving_target_idx and self.driving_target_idx.IsValid(): 399 idx = self.driving_target_idx.GetUnsignedIntegerValue(42) 400 self.driving_target = self.target.GetDebugger().GetTargetAtIndex(idx) 401 402 if launched_driving_process: 403 self.driving_process = self.driving_target.GetProcess() 404 for driving_thread in self.driving_process: 405 structured_data = lldb.SBStructuredData() 406 structured_data.SetFromJSON( 407 json.dumps( 408 { 409 "driving_target_idx": idx, 410 "thread_idx": driving_thread.GetIndexID(), 411 } 412 ) 413 ) 414 415 self.threads[driving_thread.GetThreadID()] = ( 416 PassthroughScriptedThread(self, structured_data) 417 ) 418 419 for module in self.driving_target.modules: 420 path = module.file.fullpath 421 load_addr = module.GetObjectFileHeaderAddress().GetLoadAddress( 422 self.driving_target 423 ) 424 self.loaded_images.append({"path": path, "load_addr": load_addr}) 425 426 def get_memory_region_containing_address(self, addr): 427 mem_region = lldb.SBMemoryRegionInfo() 428 error = self.driving_process.GetMemoryRegionInfo(addr, mem_region) 429 if error.Fail(): 430 return None 431 return mem_region 432 433 def read_memory_at_address(self, addr, size, error): 434 data = lldb.SBData() 435 bytes_read = self.driving_process.ReadMemory(addr, size, error) 436 437 if error.Fail(): 438 return data 439 440 data.SetDataWithOwnership( 441 error, 442 bytes_read, 443 self.driving_target.GetByteOrder(), 444 self.driving_target.GetAddressByteSize(), 445 ) 446 447 return data 448 449 def write_memory_at_address(self, addr, data, error): 450 return self.driving_process.WriteMemory( 451 addr, bytearray(data.uint8.all()), error 452 ) 453 454 def get_process_id(self): 455 return self.driving_process.GetProcessID() 456 457 def is_alive(self): 458 return True 459 460 def get_scripted_thread_plugin(self): 461 return f"{PassthroughScriptedThread.__module__}.{PassthroughScriptedThread.__name__}" 462 463 464class PassthroughScriptedThread(ScriptedThread): 465 def __init__(self, process, args): 466 super().__init__(process, args) 467 driving_target_idx = args.GetValueForKey("driving_target_idx") 468 thread_idx = args.GetValueForKey("thread_idx") 469 470 # TODO: Change to Walrus operator (:=) with oneline if assignment 471 # Requires python 3.8 472 val = thread_idx.GetUnsignedIntegerValue() 473 if val is not None: 474 self.idx = val 475 476 self.driving_target = None 477 self.driving_process = None 478 self.driving_thread = None 479 480 # TODO: Change to Walrus operator (:=) with oneline if assignment 481 # Requires python 3.8 482 val = driving_target_idx.GetUnsignedIntegerValue() 483 if val is not None: 484 self.driving_target = self.target.GetDebugger().GetTargetAtIndex(val) 485 self.driving_process = self.driving_target.GetProcess() 486 self.driving_thread = self.driving_process.GetThreadByIndexID(self.idx) 487 488 if self.driving_thread: 489 self.id = self.driving_thread.GetThreadID() 490 491 def get_thread_id(self): 492 return self.id 493 494 def get_name(self): 495 return f"{PassthroughScriptedThread.__name__}.thread-{self.idx}" 496 497 def get_stop_reason(self): 498 stop_reason = {"type": lldb.eStopReasonInvalid, "data": {}} 499 500 if ( 501 self.driving_thread 502 and self.driving_thread.IsValid() 503 and self.get_thread_id() == self.driving_thread.GetThreadID() 504 ): 505 stop_reason["type"] = lldb.eStopReasonNone 506 507 # TODO: Passthrough stop reason from driving process 508 if self.driving_thread.GetStopReason() != lldb.eStopReasonNone: 509 if "arm64" in self.originating_process.arch: 510 stop_reason["type"] = lldb.eStopReasonException 511 stop_reason["data"]["desc"] = ( 512 self.driving_thread.GetStopDescription(100) 513 ) 514 elif self.originating_process.arch == "x86_64": 515 stop_reason["type"] = lldb.eStopReasonSignal 516 stop_reason["data"]["signal"] = signal.SIGTRAP 517 else: 518 stop_reason["type"] = self.driving_thread.GetStopReason() 519 520 return stop_reason 521 522 def get_register_context(self): 523 if not self.driving_thread or self.driving_thread.GetNumFrames() == 0: 524 return None 525 frame = self.driving_thread.GetFrameAtIndex(0) 526 527 GPRs = None 528 registerSet = frame.registers # Returns an SBValueList. 529 for regs in registerSet: 530 if "general purpose" in regs.name.lower(): 531 GPRs = regs 532 break 533 534 if not GPRs: 535 return None 536 537 for reg in GPRs: 538 self.register_ctx[reg.name] = int(reg.value, base=16) 539 540 return struct.pack(f"{len(self.register_ctx)}Q", *self.register_ctx.values()) 541 542 543ARM64_GPR = [ 544 { 545 "name": "x0", 546 "bitsize": 64, 547 "offset": 0, 548 "encoding": "uint", 549 "format": "hex", 550 "set": 0, 551 "gcc": 0, 552 "dwarf": 0, 553 "generic": "arg0", 554 "alt-name": "arg0", 555 }, 556 { 557 "name": "x1", 558 "bitsize": 64, 559 "offset": 8, 560 "encoding": "uint", 561 "format": "hex", 562 "set": 0, 563 "gcc": 1, 564 "dwarf": 1, 565 "generic": "arg1", 566 "alt-name": "arg1", 567 }, 568 { 569 "name": "x2", 570 "bitsize": 64, 571 "offset": 16, 572 "encoding": "uint", 573 "format": "hex", 574 "set": 0, 575 "gcc": 2, 576 "dwarf": 2, 577 "generic": "arg2", 578 "alt-name": "arg2", 579 }, 580 { 581 "name": "x3", 582 "bitsize": 64, 583 "offset": 24, 584 "encoding": "uint", 585 "format": "hex", 586 "set": 0, 587 "gcc": 3, 588 "dwarf": 3, 589 "generic": "arg3", 590 "alt-name": "arg3", 591 }, 592 { 593 "name": "x4", 594 "bitsize": 64, 595 "offset": 32, 596 "encoding": "uint", 597 "format": "hex", 598 "set": 0, 599 "gcc": 4, 600 "dwarf": 4, 601 "generic": "arg4", 602 "alt-name": "arg4", 603 }, 604 { 605 "name": "x5", 606 "bitsize": 64, 607 "offset": 40, 608 "encoding": "uint", 609 "format": "hex", 610 "set": 0, 611 "gcc": 5, 612 "dwarf": 5, 613 "generic": "arg5", 614 "alt-name": "arg5", 615 }, 616 { 617 "name": "x6", 618 "bitsize": 64, 619 "offset": 48, 620 "encoding": "uint", 621 "format": "hex", 622 "set": 0, 623 "gcc": 6, 624 "dwarf": 6, 625 "generic": "arg6", 626 "alt-name": "arg6", 627 }, 628 { 629 "name": "x7", 630 "bitsize": 64, 631 "offset": 56, 632 "encoding": "uint", 633 "format": "hex", 634 "set": 0, 635 "gcc": 7, 636 "dwarf": 7, 637 "generic": "arg7", 638 "alt-name": "arg7", 639 }, 640 { 641 "name": "x8", 642 "bitsize": 64, 643 "offset": 64, 644 "encoding": "uint", 645 "format": "hex", 646 "set": 0, 647 "gcc": 8, 648 "dwarf": 8, 649 }, 650 { 651 "name": "x9", 652 "bitsize": 64, 653 "offset": 72, 654 "encoding": "uint", 655 "format": "hex", 656 "set": 0, 657 "gcc": 9, 658 "dwarf": 9, 659 }, 660 { 661 "name": "x10", 662 "bitsize": 64, 663 "offset": 80, 664 "encoding": "uint", 665 "format": "hex", 666 "set": 0, 667 "gcc": 10, 668 "dwarf": 10, 669 }, 670 { 671 "name": "x11", 672 "bitsize": 64, 673 "offset": 88, 674 "encoding": "uint", 675 "format": "hex", 676 "set": 0, 677 "gcc": 11, 678 "dwarf": 11, 679 }, 680 { 681 "name": "x12", 682 "bitsize": 64, 683 "offset": 96, 684 "encoding": "uint", 685 "format": "hex", 686 "set": 0, 687 "gcc": 12, 688 "dwarf": 12, 689 }, 690 { 691 "name": "x13", 692 "bitsize": 64, 693 "offset": 104, 694 "encoding": "uint", 695 "format": "hex", 696 "set": 0, 697 "gcc": 13, 698 "dwarf": 13, 699 }, 700 { 701 "name": "x14", 702 "bitsize": 64, 703 "offset": 112, 704 "encoding": "uint", 705 "format": "hex", 706 "set": 0, 707 "gcc": 14, 708 "dwarf": 14, 709 }, 710 { 711 "name": "x15", 712 "bitsize": 64, 713 "offset": 120, 714 "encoding": "uint", 715 "format": "hex", 716 "set": 0, 717 "gcc": 15, 718 "dwarf": 15, 719 }, 720 { 721 "name": "x16", 722 "bitsize": 64, 723 "offset": 128, 724 "encoding": "uint", 725 "format": "hex", 726 "set": 0, 727 "gcc": 16, 728 "dwarf": 16, 729 }, 730 { 731 "name": "x17", 732 "bitsize": 64, 733 "offset": 136, 734 "encoding": "uint", 735 "format": "hex", 736 "set": 0, 737 "gcc": 17, 738 "dwarf": 17, 739 }, 740 { 741 "name": "x18", 742 "bitsize": 64, 743 "offset": 144, 744 "encoding": "uint", 745 "format": "hex", 746 "set": 0, 747 "gcc": 18, 748 "dwarf": 18, 749 }, 750 { 751 "name": "x19", 752 "bitsize": 64, 753 "offset": 152, 754 "encoding": "uint", 755 "format": "hex", 756 "set": 0, 757 "gcc": 19, 758 "dwarf": 19, 759 }, 760 { 761 "name": "x20", 762 "bitsize": 64, 763 "offset": 160, 764 "encoding": "uint", 765 "format": "hex", 766 "set": 0, 767 "gcc": 20, 768 "dwarf": 20, 769 }, 770 { 771 "name": "x21", 772 "bitsize": 64, 773 "offset": 168, 774 "encoding": "uint", 775 "format": "hex", 776 "set": 0, 777 "gcc": 21, 778 "dwarf": 21, 779 }, 780 { 781 "name": "x22", 782 "bitsize": 64, 783 "offset": 176, 784 "encoding": "uint", 785 "format": "hex", 786 "set": 0, 787 "gcc": 22, 788 "dwarf": 22, 789 }, 790 { 791 "name": "x23", 792 "bitsize": 64, 793 "offset": 184, 794 "encoding": "uint", 795 "format": "hex", 796 "set": 0, 797 "gcc": 23, 798 "dwarf": 23, 799 }, 800 { 801 "name": "x24", 802 "bitsize": 64, 803 "offset": 192, 804 "encoding": "uint", 805 "format": "hex", 806 "set": 0, 807 "gcc": 24, 808 "dwarf": 24, 809 }, 810 { 811 "name": "x25", 812 "bitsize": 64, 813 "offset": 200, 814 "encoding": "uint", 815 "format": "hex", 816 "set": 0, 817 "gcc": 25, 818 "dwarf": 25, 819 }, 820 { 821 "name": "x26", 822 "bitsize": 64, 823 "offset": 208, 824 "encoding": "uint", 825 "format": "hex", 826 "set": 0, 827 "gcc": 26, 828 "dwarf": 26, 829 }, 830 { 831 "name": "x27", 832 "bitsize": 64, 833 "offset": 216, 834 "encoding": "uint", 835 "format": "hex", 836 "set": 0, 837 "gcc": 27, 838 "dwarf": 27, 839 }, 840 { 841 "name": "x28", 842 "bitsize": 64, 843 "offset": 224, 844 "encoding": "uint", 845 "format": "hex", 846 "set": 0, 847 "gcc": 28, 848 "dwarf": 28, 849 }, 850 { 851 "name": "x29", 852 "bitsize": 64, 853 "offset": 232, 854 "encoding": "uint", 855 "format": "hex", 856 "set": 0, 857 "gcc": 29, 858 "dwarf": 29, 859 "generic": "fp", 860 "alt-name": "fp", 861 }, 862 { 863 "name": "x30", 864 "bitsize": 64, 865 "offset": 240, 866 "encoding": "uint", 867 "format": "hex", 868 "set": 0, 869 "gcc": 30, 870 "dwarf": 30, 871 "generic": "lr", 872 "alt-name": "lr", 873 }, 874 { 875 "name": "sp", 876 "bitsize": 64, 877 "offset": 248, 878 "encoding": "uint", 879 "format": "hex", 880 "set": 0, 881 "gcc": 31, 882 "dwarf": 31, 883 "generic": "sp", 884 "alt-name": "sp", 885 }, 886 { 887 "name": "pc", 888 "bitsize": 64, 889 "offset": 256, 890 "encoding": "uint", 891 "format": "hex", 892 "set": 0, 893 "gcc": 32, 894 "dwarf": 32, 895 "generic": "pc", 896 "alt-name": "pc", 897 }, 898 { 899 "name": "cpsr", 900 "bitsize": 32, 901 "offset": 264, 902 "encoding": "uint", 903 "format": "hex", 904 "set": 0, 905 "gcc": 33, 906 "dwarf": 33, 907 }, 908] 909 910INTEL64_GPR = [ 911 { 912 "name": "rax", 913 "bitsize": 64, 914 "offset": 0, 915 "encoding": "uint", 916 "format": "hex", 917 "set": 0, 918 "gcc": 0, 919 "dwarf": 0, 920 }, 921 { 922 "name": "rbx", 923 "bitsize": 64, 924 "offset": 8, 925 "encoding": "uint", 926 "format": "hex", 927 "set": 0, 928 "gcc": 3, 929 "dwarf": 3, 930 }, 931 { 932 "name": "rcx", 933 "bitsize": 64, 934 "offset": 16, 935 "encoding": "uint", 936 "format": "hex", 937 "set": 0, 938 "gcc": 2, 939 "dwarf": 2, 940 "generic": "arg4", 941 "alt-name": "arg4", 942 }, 943 { 944 "name": "rdx", 945 "bitsize": 64, 946 "offset": 24, 947 "encoding": "uint", 948 "format": "hex", 949 "set": 0, 950 "gcc": 1, 951 "dwarf": 1, 952 "generic": "arg3", 953 "alt-name": "arg3", 954 }, 955 { 956 "name": "rdi", 957 "bitsize": 64, 958 "offset": 32, 959 "encoding": "uint", 960 "format": "hex", 961 "set": 0, 962 "gcc": 5, 963 "dwarf": 5, 964 "generic": "arg1", 965 "alt-name": "arg1", 966 }, 967 { 968 "name": "rsi", 969 "bitsize": 64, 970 "offset": 40, 971 "encoding": "uint", 972 "format": "hex", 973 "set": 0, 974 "gcc": 4, 975 "dwarf": 4, 976 "generic": "arg2", 977 "alt-name": "arg2", 978 }, 979 { 980 "name": "rbp", 981 "bitsize": 64, 982 "offset": 48, 983 "encoding": "uint", 984 "format": "hex", 985 "set": 0, 986 "gcc": 6, 987 "dwarf": 6, 988 "generic": "fp", 989 "alt-name": "fp", 990 }, 991 { 992 "name": "rsp", 993 "bitsize": 64, 994 "offset": 56, 995 "encoding": "uint", 996 "format": "hex", 997 "set": 0, 998 "gcc": 7, 999 "dwarf": 7, 1000 "generic": "sp", 1001 "alt-name": "sp", 1002 }, 1003 { 1004 "name": "r8", 1005 "bitsize": 64, 1006 "offset": 64, 1007 "encoding": "uint", 1008 "format": "hex", 1009 "set": 0, 1010 "gcc": 8, 1011 "dwarf": 8, 1012 "generic": "arg5", 1013 "alt-name": "arg5", 1014 }, 1015 { 1016 "name": "r9", 1017 "bitsize": 64, 1018 "offset": 72, 1019 "encoding": "uint", 1020 "format": "hex", 1021 "set": 0, 1022 "gcc": 9, 1023 "dwarf": 9, 1024 "generic": "arg6", 1025 "alt-name": "arg6", 1026 }, 1027 { 1028 "name": "r10", 1029 "bitsize": 64, 1030 "offset": 80, 1031 "encoding": "uint", 1032 "format": "hex", 1033 "set": 0, 1034 "gcc": 10, 1035 "dwarf": 10, 1036 }, 1037 { 1038 "name": "r11", 1039 "bitsize": 64, 1040 "offset": 88, 1041 "encoding": "uint", 1042 "format": "hex", 1043 "set": 0, 1044 "gcc": 11, 1045 "dwarf": 11, 1046 }, 1047 { 1048 "name": "r12", 1049 "bitsize": 64, 1050 "offset": 96, 1051 "encoding": "uint", 1052 "format": "hex", 1053 "set": 0, 1054 "gcc": 12, 1055 "dwarf": 12, 1056 }, 1057 { 1058 "name": "r13", 1059 "bitsize": 64, 1060 "offset": 104, 1061 "encoding": "uint", 1062 "format": "hex", 1063 "set": 0, 1064 "gcc": 13, 1065 "dwarf": 13, 1066 }, 1067 { 1068 "name": "r14", 1069 "bitsize": 64, 1070 "offset": 112, 1071 "encoding": "uint", 1072 "format": "hex", 1073 "set": 0, 1074 "gcc": 14, 1075 "dwarf": 14, 1076 }, 1077 { 1078 "name": "r15", 1079 "bitsize": 64, 1080 "offset": 120, 1081 "encoding": "uint", 1082 "format": "hex", 1083 "set": 0, 1084 "gcc": 15, 1085 "dwarf": 15, 1086 }, 1087 { 1088 "name": "rip", 1089 "bitsize": 64, 1090 "offset": 128, 1091 "encoding": "uint", 1092 "format": "hex", 1093 "set": 0, 1094 "gcc": 16, 1095 "dwarf": 16, 1096 "generic": "pc", 1097 "alt-name": "pc", 1098 }, 1099 { 1100 "name": "rflags", 1101 "bitsize": 64, 1102 "offset": 136, 1103 "encoding": "uint", 1104 "format": "hex", 1105 "set": 0, 1106 "generic": "flags", 1107 "alt-name": "flags", 1108 }, 1109 { 1110 "name": "cs", 1111 "bitsize": 64, 1112 "offset": 144, 1113 "encoding": "uint", 1114 "format": "hex", 1115 "set": 0, 1116 }, 1117 { 1118 "name": "fs", 1119 "bitsize": 64, 1120 "offset": 152, 1121 "encoding": "uint", 1122 "format": "hex", 1123 "set": 0, 1124 }, 1125 { 1126 "name": "gs", 1127 "bitsize": 64, 1128 "offset": 160, 1129 "encoding": "uint", 1130 "format": "hex", 1131 "set": 0, 1132 }, 1133] 1134 1135ARM64_GPR = [ 1136 { 1137 "name": "x0", 1138 "bitsize": 64, 1139 "offset": 0, 1140 "encoding": "uint", 1141 "format": "hex", 1142 "set": 0, 1143 "gcc": 0, 1144 "dwarf": 0, 1145 "generic": "arg0", 1146 "alt-name": "arg0", 1147 }, 1148 { 1149 "name": "x1", 1150 "bitsize": 64, 1151 "offset": 8, 1152 "encoding": "uint", 1153 "format": "hex", 1154 "set": 0, 1155 "gcc": 1, 1156 "dwarf": 1, 1157 "generic": "arg1", 1158 "alt-name": "arg1", 1159 }, 1160 { 1161 "name": "x2", 1162 "bitsize": 64, 1163 "offset": 16, 1164 "encoding": "uint", 1165 "format": "hex", 1166 "set": 0, 1167 "gcc": 2, 1168 "dwarf": 2, 1169 "generic": "arg2", 1170 "alt-name": "arg2", 1171 }, 1172 { 1173 "name": "x3", 1174 "bitsize": 64, 1175 "offset": 24, 1176 "encoding": "uint", 1177 "format": "hex", 1178 "set": 0, 1179 "gcc": 3, 1180 "dwarf": 3, 1181 "generic": "arg3", 1182 "alt-name": "arg3", 1183 }, 1184 { 1185 "name": "x4", 1186 "bitsize": 64, 1187 "offset": 32, 1188 "encoding": "uint", 1189 "format": "hex", 1190 "set": 0, 1191 "gcc": 4, 1192 "dwarf": 4, 1193 "generic": "arg4", 1194 "alt-name": "arg4", 1195 }, 1196 { 1197 "name": "x5", 1198 "bitsize": 64, 1199 "offset": 40, 1200 "encoding": "uint", 1201 "format": "hex", 1202 "set": 0, 1203 "gcc": 5, 1204 "dwarf": 5, 1205 "generic": "arg5", 1206 "alt-name": "arg5", 1207 }, 1208 { 1209 "name": "x6", 1210 "bitsize": 64, 1211 "offset": 48, 1212 "encoding": "uint", 1213 "format": "hex", 1214 "set": 0, 1215 "gcc": 6, 1216 "dwarf": 6, 1217 "generic": "arg6", 1218 "alt-name": "arg6", 1219 }, 1220 { 1221 "name": "x7", 1222 "bitsize": 64, 1223 "offset": 56, 1224 "encoding": "uint", 1225 "format": "hex", 1226 "set": 0, 1227 "gcc": 7, 1228 "dwarf": 7, 1229 "generic": "arg7", 1230 "alt-name": "arg7", 1231 }, 1232 { 1233 "name": "x8", 1234 "bitsize": 64, 1235 "offset": 64, 1236 "encoding": "uint", 1237 "format": "hex", 1238 "set": 0, 1239 "gcc": 8, 1240 "dwarf": 8, 1241 }, 1242 { 1243 "name": "x9", 1244 "bitsize": 64, 1245 "offset": 72, 1246 "encoding": "uint", 1247 "format": "hex", 1248 "set": 0, 1249 "gcc": 9, 1250 "dwarf": 9, 1251 }, 1252 { 1253 "name": "x10", 1254 "bitsize": 64, 1255 "offset": 80, 1256 "encoding": "uint", 1257 "format": "hex", 1258 "set": 0, 1259 "gcc": 10, 1260 "dwarf": 10, 1261 }, 1262 { 1263 "name": "x11", 1264 "bitsize": 64, 1265 "offset": 88, 1266 "encoding": "uint", 1267 "format": "hex", 1268 "set": 0, 1269 "gcc": 11, 1270 "dwarf": 11, 1271 }, 1272 { 1273 "name": "x12", 1274 "bitsize": 64, 1275 "offset": 96, 1276 "encoding": "uint", 1277 "format": "hex", 1278 "set": 0, 1279 "gcc": 12, 1280 "dwarf": 12, 1281 }, 1282 { 1283 "name": "x13", 1284 "bitsize": 64, 1285 "offset": 104, 1286 "encoding": "uint", 1287 "format": "hex", 1288 "set": 0, 1289 "gcc": 13, 1290 "dwarf": 13, 1291 }, 1292 { 1293 "name": "x14", 1294 "bitsize": 64, 1295 "offset": 112, 1296 "encoding": "uint", 1297 "format": "hex", 1298 "set": 0, 1299 "gcc": 14, 1300 "dwarf": 14, 1301 }, 1302 { 1303 "name": "x15", 1304 "bitsize": 64, 1305 "offset": 120, 1306 "encoding": "uint", 1307 "format": "hex", 1308 "set": 0, 1309 "gcc": 15, 1310 "dwarf": 15, 1311 }, 1312 { 1313 "name": "x16", 1314 "bitsize": 64, 1315 "offset": 128, 1316 "encoding": "uint", 1317 "format": "hex", 1318 "set": 0, 1319 "gcc": 16, 1320 "dwarf": 16, 1321 }, 1322 { 1323 "name": "x17", 1324 "bitsize": 64, 1325 "offset": 136, 1326 "encoding": "uint", 1327 "format": "hex", 1328 "set": 0, 1329 "gcc": 17, 1330 "dwarf": 17, 1331 }, 1332 { 1333 "name": "x18", 1334 "bitsize": 64, 1335 "offset": 144, 1336 "encoding": "uint", 1337 "format": "hex", 1338 "set": 0, 1339 "gcc": 18, 1340 "dwarf": 18, 1341 }, 1342 { 1343 "name": "x19", 1344 "bitsize": 64, 1345 "offset": 152, 1346 "encoding": "uint", 1347 "format": "hex", 1348 "set": 0, 1349 "gcc": 19, 1350 "dwarf": 19, 1351 }, 1352 { 1353 "name": "x20", 1354 "bitsize": 64, 1355 "offset": 160, 1356 "encoding": "uint", 1357 "format": "hex", 1358 "set": 0, 1359 "gcc": 20, 1360 "dwarf": 20, 1361 }, 1362 { 1363 "name": "x21", 1364 "bitsize": 64, 1365 "offset": 168, 1366 "encoding": "uint", 1367 "format": "hex", 1368 "set": 0, 1369 "gcc": 21, 1370 "dwarf": 21, 1371 }, 1372 { 1373 "name": "x22", 1374 "bitsize": 64, 1375 "offset": 176, 1376 "encoding": "uint", 1377 "format": "hex", 1378 "set": 0, 1379 "gcc": 22, 1380 "dwarf": 22, 1381 }, 1382 { 1383 "name": "x23", 1384 "bitsize": 64, 1385 "offset": 184, 1386 "encoding": "uint", 1387 "format": "hex", 1388 "set": 0, 1389 "gcc": 23, 1390 "dwarf": 23, 1391 }, 1392 { 1393 "name": "x24", 1394 "bitsize": 64, 1395 "offset": 192, 1396 "encoding": "uint", 1397 "format": "hex", 1398 "set": 0, 1399 "gcc": 24, 1400 "dwarf": 24, 1401 }, 1402 { 1403 "name": "x25", 1404 "bitsize": 64, 1405 "offset": 200, 1406 "encoding": "uint", 1407 "format": "hex", 1408 "set": 0, 1409 "gcc": 25, 1410 "dwarf": 25, 1411 }, 1412 { 1413 "name": "x26", 1414 "bitsize": 64, 1415 "offset": 208, 1416 "encoding": "uint", 1417 "format": "hex", 1418 "set": 0, 1419 "gcc": 26, 1420 "dwarf": 26, 1421 }, 1422 { 1423 "name": "x27", 1424 "bitsize": 64, 1425 "offset": 216, 1426 "encoding": "uint", 1427 "format": "hex", 1428 "set": 0, 1429 "gcc": 27, 1430 "dwarf": 27, 1431 }, 1432 { 1433 "name": "x28", 1434 "bitsize": 64, 1435 "offset": 224, 1436 "encoding": "uint", 1437 "format": "hex", 1438 "set": 0, 1439 "gcc": 28, 1440 "dwarf": 28, 1441 }, 1442 { 1443 "name": "x29", 1444 "bitsize": 64, 1445 "offset": 232, 1446 "encoding": "uint", 1447 "format": "hex", 1448 "set": 0, 1449 "gcc": 29, 1450 "dwarf": 29, 1451 "generic": "fp", 1452 "alt-name": "fp", 1453 }, 1454 { 1455 "name": "x30", 1456 "bitsize": 64, 1457 "offset": 240, 1458 "encoding": "uint", 1459 "format": "hex", 1460 "set": 0, 1461 "gcc": 30, 1462 "dwarf": 30, 1463 "generic": "lr", 1464 "alt-name": "lr", 1465 }, 1466 { 1467 "name": "sp", 1468 "bitsize": 64, 1469 "offset": 248, 1470 "encoding": "uint", 1471 "format": "hex", 1472 "set": 0, 1473 "gcc": 31, 1474 "dwarf": 31, 1475 "generic": "sp", 1476 "alt-name": "sp", 1477 }, 1478 { 1479 "name": "pc", 1480 "bitsize": 64, 1481 "offset": 256, 1482 "encoding": "uint", 1483 "format": "hex", 1484 "set": 0, 1485 "gcc": 32, 1486 "dwarf": 32, 1487 "generic": "pc", 1488 "alt-name": "pc", 1489 }, 1490 { 1491 "name": "cpsr", 1492 "bitsize": 32, 1493 "offset": 264, 1494 "encoding": "uint", 1495 "format": "hex", 1496 "set": 0, 1497 "gcc": 33, 1498 "dwarf": 33, 1499 }, 1500] 1501 1502INTEL64_GPR = [ 1503 { 1504 "name": "rax", 1505 "bitsize": 64, 1506 "offset": 0, 1507 "encoding": "uint", 1508 "format": "hex", 1509 "set": 0, 1510 "gcc": 0, 1511 "dwarf": 0, 1512 }, 1513 { 1514 "name": "rbx", 1515 "bitsize": 64, 1516 "offset": 8, 1517 "encoding": "uint", 1518 "format": "hex", 1519 "set": 0, 1520 "gcc": 3, 1521 "dwarf": 3, 1522 }, 1523 { 1524 "name": "rcx", 1525 "bitsize": 64, 1526 "offset": 16, 1527 "encoding": "uint", 1528 "format": "hex", 1529 "set": 0, 1530 "gcc": 2, 1531 "dwarf": 2, 1532 "generic": "arg4", 1533 "alt-name": "arg4", 1534 }, 1535 { 1536 "name": "rdx", 1537 "bitsize": 64, 1538 "offset": 24, 1539 "encoding": "uint", 1540 "format": "hex", 1541 "set": 0, 1542 "gcc": 1, 1543 "dwarf": 1, 1544 "generic": "arg3", 1545 "alt-name": "arg3", 1546 }, 1547 { 1548 "name": "rdi", 1549 "bitsize": 64, 1550 "offset": 32, 1551 "encoding": "uint", 1552 "format": "hex", 1553 "set": 0, 1554 "gcc": 5, 1555 "dwarf": 5, 1556 "generic": "arg1", 1557 "alt-name": "arg1", 1558 }, 1559 { 1560 "name": "rsi", 1561 "bitsize": 64, 1562 "offset": 40, 1563 "encoding": "uint", 1564 "format": "hex", 1565 "set": 0, 1566 "gcc": 4, 1567 "dwarf": 4, 1568 "generic": "arg2", 1569 "alt-name": "arg2", 1570 }, 1571 { 1572 "name": "rbp", 1573 "bitsize": 64, 1574 "offset": 48, 1575 "encoding": "uint", 1576 "format": "hex", 1577 "set": 0, 1578 "gcc": 6, 1579 "dwarf": 6, 1580 "generic": "fp", 1581 "alt-name": "fp", 1582 }, 1583 { 1584 "name": "rsp", 1585 "bitsize": 64, 1586 "offset": 56, 1587 "encoding": "uint", 1588 "format": "hex", 1589 "set": 0, 1590 "gcc": 7, 1591 "dwarf": 7, 1592 "generic": "sp", 1593 "alt-name": "sp", 1594 }, 1595 { 1596 "name": "r8", 1597 "bitsize": 64, 1598 "offset": 64, 1599 "encoding": "uint", 1600 "format": "hex", 1601 "set": 0, 1602 "gcc": 8, 1603 "dwarf": 8, 1604 "generic": "arg5", 1605 "alt-name": "arg5", 1606 }, 1607 { 1608 "name": "r9", 1609 "bitsize": 64, 1610 "offset": 72, 1611 "encoding": "uint", 1612 "format": "hex", 1613 "set": 0, 1614 "gcc": 9, 1615 "dwarf": 9, 1616 "generic": "arg6", 1617 "alt-name": "arg6", 1618 }, 1619 { 1620 "name": "r10", 1621 "bitsize": 64, 1622 "offset": 80, 1623 "encoding": "uint", 1624 "format": "hex", 1625 "set": 0, 1626 "gcc": 10, 1627 "dwarf": 10, 1628 }, 1629 { 1630 "name": "r11", 1631 "bitsize": 64, 1632 "offset": 88, 1633 "encoding": "uint", 1634 "format": "hex", 1635 "set": 0, 1636 "gcc": 11, 1637 "dwarf": 11, 1638 }, 1639 { 1640 "name": "r12", 1641 "bitsize": 64, 1642 "offset": 96, 1643 "encoding": "uint", 1644 "format": "hex", 1645 "set": 0, 1646 "gcc": 12, 1647 "dwarf": 12, 1648 }, 1649 { 1650 "name": "r13", 1651 "bitsize": 64, 1652 "offset": 104, 1653 "encoding": "uint", 1654 "format": "hex", 1655 "set": 0, 1656 "gcc": 13, 1657 "dwarf": 13, 1658 }, 1659 { 1660 "name": "r14", 1661 "bitsize": 64, 1662 "offset": 112, 1663 "encoding": "uint", 1664 "format": "hex", 1665 "set": 0, 1666 "gcc": 14, 1667 "dwarf": 14, 1668 }, 1669 { 1670 "name": "r15", 1671 "bitsize": 64, 1672 "offset": 120, 1673 "encoding": "uint", 1674 "format": "hex", 1675 "set": 0, 1676 "gcc": 15, 1677 "dwarf": 15, 1678 }, 1679 { 1680 "name": "rip", 1681 "bitsize": 64, 1682 "offset": 128, 1683 "encoding": "uint", 1684 "format": "hex", 1685 "set": 0, 1686 "gcc": 16, 1687 "dwarf": 16, 1688 "generic": "pc", 1689 "alt-name": "pc", 1690 }, 1691 { 1692 "name": "rflags", 1693 "bitsize": 64, 1694 "offset": 136, 1695 "encoding": "uint", 1696 "format": "hex", 1697 "set": 0, 1698 "generic": "flags", 1699 "alt-name": "flags", 1700 }, 1701 { 1702 "name": "cs", 1703 "bitsize": 64, 1704 "offset": 144, 1705 "encoding": "uint", 1706 "format": "hex", 1707 "set": 0, 1708 }, 1709 { 1710 "name": "fs", 1711 "bitsize": 64, 1712 "offset": 152, 1713 "encoding": "uint", 1714 "format": "hex", 1715 "set": 0, 1716 }, 1717 { 1718 "name": "gs", 1719 "bitsize": 64, 1720 "offset": 160, 1721 "encoding": "uint", 1722 "format": "hex", 1723 "set": 0, 1724 }, 1725] 1726