search

keystone-engine / keystone

Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
http://www.keystone-engine.org
GNU General Public License v2.0
2.23k stars 448 forks source link

Keystone Not Assembling Powerpc #566

Open elbee-cyber opened 8 months ago

elbee-cyber commented 8 months ago

It seems that keystone is not assembling basically any powerpc64 instruction (beyond nops and some instructions which do not read/write memory including registers) eg:

md = Ks(KS_ARCH_PPC, KS_MODE_PPC64 | KS_MODE_BIG_ENDIAN)
print(md.asm(bytes("ld r0,16(r1)", 'utf8'), as_bytes=True))
print(md.asm(bytes("addi r10,r2,235", 'utf8'), as_bytes=True))
print(md.asm(bytes("xori r9,r9,65280", 'utf8'), as_bytes=True))

All instructions result in an Invalid operand (KS_ERR_ASM_INVALIDOPERAND)

I've also noticed this issue in virtually every tool that uses keystone, here's another example from gdb-gef: image

I've noticed the same issue for ppc32: image

TheN00bBuilder commented 7 months ago

Have this issue as well. This is something new as well because less than a year ago, I was able to use it to assemble PowerPC.

I'm going to attempt to make a patch for it soon, once I diagnose the issue.

TheN00bBuilder commented 1 month ago

Just tried to do this with PowerPC 32-bit earlier and I'm having the same issue still. Haven't forgotten, will take a look soon.

cnkizy commented 2 weeks ago

@elbee-cyber friend hello, through reverse engineering, I found that the author seems to have modified the ppc syntax, due to the characteristics of ppc architecture instructions, the author deliberately omitted the letter r, should be in order to do a better match with other plug-ins, so you should modify as follows:

print(md.asm(bytes("ld 0,16(1)", 'utf8'), as_bytes=True))
print(md.asm(bytes("addi 10,2,235", 'utf8'), as_bytes=True))
print(md.asm(bytes("xori 9,9,65280", 'utf8'), as_bytes=True))