search

rdbo / libmem

Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External) (Assembler/Disassembler)
GNU Affero General Public License v3.0
737 stars 89 forks source link

Include Capstone's detail in `lm_inst_t` #208

Open rdbo opened 2 months ago

rdbo commented 2 months ago

One way that seems possible to achieve this is by using a union:

typedef struct {
        // ...
        union {
                lm_detail_x86 x86;
                lm_detail_aarch64 aarch64;
                // ...
        } detail;
} lm_inst_t;
rdbo commented 2 months ago

For reference, this is capstone's cs_detail:

typedef struct cs_detail {
    uint16_t regs_read[12]; ///< list of implicit registers read by this insn
    uint8_t regs_read_count; ///< number of implicit registers read by this insn

    uint16_t regs_write[20]; ///< list of implicit registers modified by this insn
    uint8_t regs_write_count; ///< number of implicit registers modified by this insn

    uint8_t groups[8]; ///< list of group this instruction belong to
    uint8_t groups_count; ///< number of groups this insn belongs to

    /// Architecture-specific instruction info
    union {
        cs_x86 x86;     ///< X86 architecture, including 16-bit, 32-bit & 64-bit mode
        cs_arm64 arm64; ///< ARM64 architecture (aka AArch64)
        cs_arm arm;     ///< ARM architecture (including Thumb/Thumb2)
        cs_m68k m68k;   ///< M68K architecture
        cs_mips mips;   ///< MIPS architecture
        cs_ppc ppc;     ///< PowerPC architecture
        cs_sparc sparc; ///< Sparc architecture
        cs_sysz sysz;   ///< SystemZ architecture
        cs_xcore xcore; ///< XCore architecture
        cs_tms320c64x tms320c64x;  ///< TMS320C64x architecture
        cs_m680x m680x; ///< M680X architecture
        cs_evm evm;     ///< Ethereum architecture
    };
} cs_detail;
rdbo commented 2 months ago

It might be worth it shipping some of capstone's header in libmem to avoid re-exporting all this stuff.

rdbo commented 2 months ago

This will be added post 5.0

rdbo commented 2 months ago

If this will be added, perhaps it should be opt-in From https://www.capstone-engine.org/lang_c.html:

3. More architecture-independent internal data of the disassembled instruction
By default, Capstone do not generate details for disassembled instruction. If we want information such as implicit registers read/written or semantic groups that this instruction belongs to, we need to explicitly turn this option on, like in the sample code below.

csh handle;

cs_open(CS_ARCH_X86, CS_MODE_64, &handle);
cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON); // turn ON detail feature with CS_OPT_ON

However, keep in mind that producing details costs more memory, complicates the internal operations and slows down the engine a bit, so only do that if needed. If this is no longer desired, we can always reset the engine back to default state at run-time with similar method.