The Official Radare2 Book | страница 98

a,b,- b - a

a,b,/= b /= a

This approach is more readable, but it is less stack-friendly.

NOPs are represented as empty strings. As it was said previously, interrupts are marked by '$' command. For example, '0x80,$'. It delegates emulation from the ESIL machine to a callback which implements interrupt handler for a specific OS/kernel/platform.

Traps are implemented with the TRAP command. They are used to throw exceptions for invalid instructions, division by zero, memory read error, or any other needed by specific architectures.

Here is a list of some quick checks to retrieve information from an ESIL string. Relevant information will be probably found in the first expression of the list.

indexOf('[') -> have memory references

indexOf("=[") -> write in memory

indexOf("pc,=") -> modifies program counter (branch, jump, call)

indexOf("sp,=") -> modifies the stack (what if we found sp+= or sp-=?)

indexOf("=") -> retrieve src and dst

indexOf(":") -> unknown esil, raw opcode ahead

indexOf("$") -> accesses internal esil vm flags ex: $z

indexOf("$") -> syscall ex: 1,$

indexOf("TRAP") -> can trap

indexOf('++') -> has iterator

indexOf('--') -> count to zero

indexOf("?{") -> conditional

equalsTo("") -> empty string, aka nop (wrong, if we append pc+=x)

Common operations:

   • Check dstreg

   • Check srcreg

   • Get destinaion

   • Is jump

   • Is conditional

   • Evaluate

   • Is syscall

CPU flags are usually defined as single bit registers in the RReg profile. They are sometimes found under the 'flg' register type.

Properties of the VM variables:

   1. They have no predefined bit width. This way it should be easy to extend them to 128, 256 and 512 bits later, e.g. for MMX, SSE, AVX, Neon SIMD.

   2. There can be unbound number of variables. It is done for SSA-form compatibility.

   3. Register names have no specific syntax. They are just strings.

   4. Numbers can be specified in any base supported by RNum (dec, hex, oct, binary ...).

   5. Each ESIL backend should have an associated RReg profile to describe the ESIL register specs.

What to do with them? What about bit arithmetics if use variables instead of registers?

   1. ADD ("+")

   2. MUL ("*")

   3. SUB ("-")

   4. DIV ("/")

   5. MOD ("%")

   1. AND "&"

   2. OR "|"

   3. XOR "^"

   4. SHL "<<"

   5. SHR ">>"

   6. ROL "<<<"