New Instructions for VEX?

[AndyXan]

Hello guys,

a short question for vex. We're dealing a lot with Mach-O files, so basically arm64 and we often stumble upon instructions which can not be decoded.

Is it already possible to add new instructions to libvex or are their still problems with compiling vex for pyvex? If it is, where to start digging into this - if not, where are the problems and what has to be solved?

Being able to add new instructions is going to be one of the core features needed looking into the future.

Best regards, Andreas

[rhelmot]

Hi! I'm not sure what you're talking about with "problems compiling vex for pyvex" - this repository is our fork of vex which has been retrofitted to work well for angr.

Instructions can be added by adding the IR lifting code for them to priv/guest_$ARCH_toIR.c. It's a bit of a hefty file, but the main entry point is at the very bottom. Follow the control flow from there.

[zardus]

I would also say that it's worth checking if there are updates to upstream VEX first (and rebase our stuff on upstream) -- new instructions are added to VEX all the time.

My other comment is that it's probably better to upstream instructions to valgrind's VEX first, then rebase our stuff onto that.

[AndyXan]

Thanks for the response. A year ago, compiling vex for use with pyvex seemed harder ;) The instruction often missing during work with Mach-O is LDRSW

/* ---------------- LDR (literal, int reg) ---------------- /
/ 31 29 23 4
00 011 000 imm19 Rt LDR Wt, [PC + sxTo64(imm19 << 2)]
01 011 000 imm19 Rt LDR Xt, [PC + sxTo64(imm19 << 2)]
10 011 000 imm19 Rt LDRSW Xt, [PC + sxTo64(imm19 << 2)]
11 011 000 imm19 Rt prefetch [PC + sxTo64(imm19 << 2)]
Just handles the first two cases for now.
*/

Since it's not implemented in the Valgrind upstream anyway, we're going to add the instruction when there is some spare time in the future with a pull request to Valgrind or angr/vex

[zardus]

Sounds like a plan. In the meantime, check out the Oppologist exploration technique, which should be able to handle that instruction by running it in unicorn (as long as qemu supports it), at the cost of concretizing all data that it touches.

On Aug 25, 2017 1:17 AM, "Andreas" notifications@github.com wrote:

Thanks for the response. A year ago, compiling vex for use with pyvex seemed harder ;) The instruction often missing during work with Mach-O is LDRSW

/ ---------------- LDR (literal, int reg) ---------------- / / 31 29 23 4 00 011 000 imm19 Rt LDR Wt, [PC + sxTo64(imm19 << 2)] 01 011 000 imm19 Rt LDR Xt, [PC + sxTo64(imm19 << 2)] 10 011 000 imm19 Rt LDRSW Xt, [PC + sxTo64(imm19 << 2)] 11 011 000 imm19 Rt prefetch [PC + sxTo64(imm19 << 2)] Just handles the first two cases for now. /

Since it's not implemented in the Valgrind upstream anyway, we're going to add the instruction when there is some spare time in the future with a pull request to Valgrind or angr/vex

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/angr/vex/issues/11#issuecomment-324854227, or mute the thread https://github.com/notifications/unsubscribe-auth/ADSzl_-6cvzIDaQ95oCokoMC1z8HwX5qks5sboMdgaJpZM4PAenP .

[phros]

I added one missing instruction: https://github.com/angr/vex/pull/12

[AndyXan]

My colleague (phros) submitted the instruction to valgrind a few months ago. Until now there has no action been taken. Might take a while if it gets any attention at all. (https://bugs.kde.org/show_bug.cgi?id=384877)

As of now, we're maintaining the patch ourselves. However, since pandora's box has been opened by adding new vex ops, maybe a time will come were new instructions are also being added. /Closed

[zardus]

This time might be now, if the valgrind guys are dragging their feet. We could track it with a commit referencing that issue, so we know to drop it when it finally gets merged upstream. We're talking about the instruction from #12, right?

[phros]

Exactly, #12 is the instruction we are talking about. Thanks for your Feedback!