Closed bkreider closed 8 months ago
In terms of the minimal ability to decode PPC instructions, I think that it might be very easy. The key place is this match
statement:
https://github.com/pkgw/elfx86exts/blob/master/src/main.rs#L239
Assuming that both libraries support PPC (I'd be surprised if they didn't), basically all you'd need to do is to add a case that maps the correct object
architecture(s) enum variants to the correct Capstone ones.
To actually get useful analysis, you'd then need to write one or more new describe_group_ppc*
functions in analogy with the existing functions for the other architectures. This might be more or less complicated depending on the specifics of the kind of analysis that makes sense for PPC.
Thank you for that response. You can close this issue. I don't know Rust, but that code is very readable and makes sense to me.
I'm working on building conda packages for Power10 (ppc64le) and wanted to inspect them to verify the binaries are using Power10 extensions where possible. It's not critical, but it was a "nice to have" for my project. Thanks again!
Great! I would hope that this kind of project would be a nice way to start learning a bit of Rust if that's something that you're interested in. I'm happy to offer a little advice if needed. (One that I'll offer preemptively: cargo doc --open
is great for this kind of thing!)
How hard to add PowerPC (ppc64le) inspection?
I think capstone supports ppc. I'm totally new to this, but is that extremely difficult? Should I figure out how to use the python bindings to capstone instead?