pfalcon
commented
6 years ago Yeah, I guess we can make <loader_plugin>.detect() return "ppc_32_le" or "ppc_32_be", default_plugins.py map that to default cpu plugin names, which will be just simple "dispatchers" which will instantiate Capstone disasm object with appropriate flags and pass it to _any_capstone.py.
maximumspatium
PowerPC CPU is capable of running in either little-endian or big-endian modes. The required mode is usually specified in the executable itself. ELF container, for example, uses EI_DATA field of the ELF header for that purpose, see here.
The precise endianness mode must be set before disassembling.
I therefore propose to extend the CPU plugin interface with a possibility to specify the required endian mode as well as a way to retrieve endianness from container loaders.
BTW, it's not clear how IDA processor modules deal with this requirement. It looks like there is no consistent way to specify/retrieve endianness information in IDA, see this discussion.