-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathappendix.py
87 lines (78 loc) · 3.31 KB
/
appendix.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# asm_opcode_cols = [i[len("asm_commands_"):]
# for i in df.columns if "asm_commands" in i]
# print(asm_opcode_cols)
# http://mathemainzel.info/files/x86asmref.html
# 不同语法,相同语义 refer from http://ref.x86asm.net/
x86_opcode = {
'call': 'Procedure Call',
'cld': 'Clear Direction Flag',
'cli': 'Clear Interrupt Flag',
'cmc': 'Complement Carry Flag',
'cmp': 'Compare',
'test': 'Test For Bit Pattern', # Logical Compare
'cdq': 'Convert Double to Quad',
'cwd': 'Convert Word to Doubleword',
'add': 'Arithmetic Addition', 'daa': 'Decimal Adjust for Addition',
'faddp': 'Add and Pop',
'inc': 'Increment',
'dec': 'Decrement',
'imul': 'Signed Multiply', 'mul': 'Unsigned Multiply',
'sub': 'Subtract', 'sbb': 'Subtract with Borrow', 'dd': 'Decimal Adjust for Subtraction', # ?
'dw': 'Divide', # ?
'fdiv': 'Divide', 'fdivr': 'Reverse Divide',
'endp': 'Make Stack Frame', # entry and exit to procedures.
# f列全都是浮点指令floating point instructions
'fchs': 'Change Sign',
'fistp': 'Store Integer and Pop', 'fstp': 'Store Floating Point Value and Pop',
'fld': 'Load Floating Point Value',
'fword': 'Store x87 FPU Control Word', # ?
'fxch': 'Exchange Register Contents',
# 有一个叫jop代码复用攻击
'jmp': 'Unconditional Jump', # 都类似 成对相反 One Opcode, More Syntaxes
'je': 'Jump Equal / Jump Zero', 'jz': 'Jump Equal / Jump Zero', # 无 2,5,8
'jg': 'Jump Greater / Jump Not Less or Equal',
'jl': 'Jump Less / Jump Not Greater or Equal',
'jb': 'Jump Below / Jump Not Above or Equal',
'jnb': 'Jump Above or Equal / Jump on Not Below',
'jno': 'Jump Not Overflow',
'jo': 'Jump on Overflow',
'lea': 'Load Effective Address',
'mov': 'Move Byte or Word',
# I/O两个类似操作
'in': 'Input Byte or Word From Port', 'ins': 'Input String from Port',
'out': 'Output Data to Port', 'outs': 'Output String to Port',
# 逻辑操作
'not': 'One\'s Compliment Negation',
'or': 'Inclusive Logical OR',
'xor': 'Exclusive OR',
'pop': 'Pop Word off Stack',
'push': 'Push Word onto Stack',
# Rotate 循环操作应该很重要,而已软件一般都是有很多循环
'rcl': 'Rotate Through Carry Left', 'rcr': 'Rotate Through Carry Right', 'rol': 'Rotate Left', 'ror': 'Rotate Right',
'rep': 'Repeat String Operation',
'ret': 'Return From Procedure',
# Shift
'sal': 'Shift Arithmetic Left / Shift Logical Left', 'shl': 'Shift Logical Left', 'sar': 'Shift Arithmetic Right', 'shr': 'Shift Logical Right',
'scas': 'Scan String',
'stos': 'Store String',
'sidt': 'Store Interrupt Descriptor Table', # sidt在 2,5 类中都没有出现
'stc': 'Set Carry',
'std': 'Set Direction Flag',
'sti': 'Set Interrupt Flag',
'wait': 'Event Wait',
'xchg': 'Exchange',
}
opcode_synonyms_dict = {
'jump': ['je', 'jz'],
'inp': ['in', 'ins'],
'oup': ['out', 'outs'],
'store_pop': ['fistp', 'fstp'],
# 'jmp':['jg','jl','jb','jnb','jno','jo'],
'add': ['faddp', 'add', 'daa'],
'substract': ['sub', 'sbb'],
'multipy': ['imul', 'mul'],
'divide': ['dd', 'dw', 'fdiv', 'fdivr'],
'shiftr': ['shr', 'sar'],
'shiftl': ['sal', 'shl']
}
# 可以发现很多opcode语义成对相反或相似