search

pkgw / elfx86exts

Decode binaries and print out which instruction set extensions they use. This program's name is a lie: it supports not just x86/ELF but also ARM64, MachO, and possibly more.
MIT License
206 stars 13 forks source link

[feature request] How hard to add PowerPC (ppc64le) inspection? #181

Closed bkreider closed 8 months ago

bkreider commented 8 months ago

How hard to add PowerPC (ppc64le) inspection?

I think capstone supports ppc. I'm totally new to this, but is that extremely difficult? Should I figure out how to use the python bindings to capstone instead?

pkgw commented 8 months ago

In terms of the minimal ability to decode PPC instructions, I think that it might be very easy. The key place is this match statement:

https://github.com/pkgw/elfx86exts/blob/master/src/main.rs#L239

Assuming that both libraries support PPC (I'd be surprised if they didn't), basically all you'd need to do is to add a case that maps the correct object architecture(s) enum variants to the correct Capstone ones.

To actually get useful analysis, you'd then need to write one or more new describe_group_ppc* functions in analogy with the existing functions for the other architectures. This might be more or less complicated depending on the specifics of the kind of analysis that makes sense for PPC.

bkreider commented 8 months ago

Thank you for that response. You can close this issue. I don't know Rust, but that code is very readable and makes sense to me.

I'm working on building conda packages for Power10 (ppc64le) and wanted to inspect them to verify the binaries are using Power10 extensions where possible. It's not critical, but it was a "nice to have" for my project. Thanks again!

pkgw commented 8 months ago

Great! I would hope that this kind of project would be a nice way to start learning a bit of Rust if that's something that you're interested in. I'm happy to offer a little advice if needed. (One that I'll offer preemptively: cargo doc --open is great for this kind of thing!)