peperunas/binaryninja
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
aba2b82010
binaryninja/personal/docs/dev/bnil-llil.html

478 lines
28 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Vector 35 Inc">
<link rel="shortcut icon" href="../img/favicon.ico">
<title>BNIL Guide&#58; LLIL - Binary Ninja User Documentation</title>
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css">
<link href="../docs.css?1535411025" rel="stylesheet">
<script>
// Current page data
var mkdocs_page_name = "BNIL Guide&#58; LLIL";
var mkdocs_page_input_path = "dev/bnil-llil.md";
var mkdocs_page_url = "/dev/bnil-llil.html";
</script>
<script src="../js/jquery-2.1.1.min.js" defer></script>
<script src="../js/modernizr-2.8.3.min.js" defer></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/languages/cpp.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/languages/python.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-72420552-3', 'docs.binary.ninja');
ga('send', 'pageview');
</script>
</head>
<body class="wy-body-for-nav" role="document">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
<div class="wy-side-nav-search">
<a href="../index.html" class="icon icon-home"> Binary Ninja User Documentation</a>
<div role="search">
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" title="Type search term here" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1">
<a class="" href="../index.html">Home</a>
</li>
<li class="toctree-l1">
<a class="" href="../getting-started.html">Getting Started Guide</a>
</li>
<li class="toctree-l1">
<span class="caption-text">User Guide</span>
<ul class="subnav">
<li class="">
<a class="" href="../guide/plugins.html">Using and Writing Plugins</a>
</li>
<li class="">
<a class="" href="../guide/troubleshooting.html">Troubleshooting</a>
</li>
</ul>
</li>
<li class="toctree-l1">
<span class="caption-text">Developer Guide</span>
<ul class="subnav">
<li class="">
<a class="" href="documentation.html">Contributing Documentation</a>
</li>
<li class=" current">
<a class="current" href="bnil-llil.html">BNIL Guide&#58; LLIL</a>
<ul class="subnav">
<li class="toctree-l3"><a href="#binary-ninja-intermediate-language-series-part-1-low-level-il">Binary Ninja Intermediate Language Series, Part 1: Low Level IL</a></li>
<ul>
<li><a class="toctree-l4" href="#introduction-by-example">Introduction by example</a></li>
<li><a class="toctree-l4" href="#low-level-il-instructions">Low Level IL Instructions</a></li>
<li><a class="toctree-l4" href="#the-instructions">The Instructions</a></li>
</ul>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1">
<span class="caption-text">About</span>
<ul class="subnav">
<li class="">
<a class="" href="../about/license.html">License</a>
</li>
<li class="">
<a class="" href="../about/open-source.html">Open Source</a>
</li>
</ul>
</li>
</ul>
</div>
&nbsp;
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../index.html">Binary Ninja User Documentation</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../index.html">Docs</a> &raquo;</li>
<li>Developer Guide &raquo;</li>
<li>BNIL Guide&#58; LLIL</li>
<li class="wy-breadcrumbs-aside">
</li>
</ul>
<hr/>
</div>
<div role="main">
<div class="section">
<h1 id="binary-ninja-intermediate-language-series-part-1-low-level-il">Binary Ninja Intermediate Language Series, Part 1: Low Level IL<a class="headerlink" href="#binary-ninja-intermediate-language-series-part-1-low-level-il" title="Permanent link">&para;</a></h1>
<p>The Binary Ninja Intermediate Language (BNIL) is a semantic representation of the assembly language instructions for a native architecture in Binary Ninja. BNIL is actually a family of intermediate languages that work together to provide functionality at different abstraction layers. This developer guide is intended to cover some of the mechanics of the LLIL to distinguish it from the other ILs in the BNIL family. </p>
<p><img alt="BNIL-LLIL Selected" src="../img/BNIL.png" /></p>
<p>The Lifted IL is very similar to the LLIL and is primarily of interest for Architecture plugin authors. If you're writing an analysis plugin, you'll always want to be working at LLIL or higher. During each stage of the lifting process a number of transformations take place, and each layer of IL can have different instructions. Because of this, you can not rely on an instruction from one layer existing in another.</p>
<h2 id="introduction-by-example">Introduction by example<a class="headerlink" href="#introduction-by-example" title="Permanent link">&para;</a></h2>
<p>Since doing is the easiest way to learn let's start with a simple example binary and step through analyzing it using the python console. </p>
<p><img alt="Low Level IL Option &gt;" src="../img/llil_option.png" /></p>
<ul>
<li>Download <a href="../files/chal1">chal1</a> and open it with Binary Ninja</li>
<li>Next, bring up the <code>Low Level IL</code> view by clicking in the options pane at the bottom of the screen
(or alternatively, use the <code>i</code> key)</li>
<li>Navigate to main (<code>g</code>, then "main", or double-click it in the function list)</li>
<li>Finally, bring up the python console using: <code>~</code></li>
</ul>
<p>Next, enter the following in the console:</p>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; for block in current_function.low_level_il:
... for instr in block:
... print instr.address, instr.instr_index, instr
...
4196422 0 push(rbp)
4196423 1 rbp = rsp {var_8}
4196426 2 rsp = rsp - 0x110
4196433 3 rax = rbp - 0xc0 {var_c8}
...
</pre></div>
<p>This will print out all the LLIL instructions in the current function. How does this code work? </p>
<p>First we use the global magic variable <code>current_function</code> which gives us the python object <a href="http://api.binary.ninja/function.Function.html"><code>function.Function</code></a> for whatever function is currently selected in the UI. The variable is only usable from the python console, and shouldn't be used for headless plugins. In a script you can either use the function that was passed in if you <a href="https://api.binary.ninja/binaryninja.plugin-module.html#binaryninja.plugin.PluginCommand.register_for_function">registered your plugin</a> to handle functions, or you can compute the function based on <a href="https://api.binary.ninja/binaryninja.binaryview-module.html?highlight=get_functions_at#binaryninja.binaryview.BinaryView.get_functions_at">a specific address</a>, or maybe even just iterate over all the functions in a BinaryView (<code>for func in bv.functions:</code>).</p>
<p>Next we get the <a href="http://api.binary.ninja/binaryninja.lowlevelil.LowLevelILFunction.html"><code>lowlevelil.LowLevelILFunction</code></a> from the <code>Function</code> class: <code>current_function.low_level_il</code>. Iterating over the <code>LowLevelILFunction</code> class provides access to the <a href="http://api.binary.ninja/binaryninja.lowlevelil.LowLevelILBasicBlock.html"><code>lowlevelil.LowLevelILBasicBlock</code></a> classes for this function. Inside the loop we can now iterate over the <code>LowLevelILBasicBlock</code> class which provides access to the individual <a href="http://api.binary.ninja/binaryninja.lowlevelil.LowLevelILInstruction.html"><code>lowlevelil.LowLevelILInstruction</code></a> classes.</p>
<p>Finally, we can print out the attributes of the instruction. We first print out <code>address</code> which is the address of the corresponding assembly language instruction. Next, we print the <code>instr_index</code>, this you can think of as the address of the IL instruction. Since translating assembly language is a many-to-many relationship, we may see multiple IL instructions needed to represent a single assembly language instruction, and thus each IL instruction needs to have its own index separate from its address. Finally, we print out the instruction text.</p>
<p>In python, iterating over a class is a distinct operation from subscripting. This separation is used in the <code>LowLevelILFunction</code> class. If you iterate over a <code>LowLevelILFunction</code> you get a list of <code>LowLevelILBasicBlocks</code>, however if you subscript a <code>LowLevelILFunction</code> you actually get the <code>LowLevelILInstruction</code> whose <code>instr_index</code> corresponds to the subscript:</p>
<div class="codehilite"><pre><span></span><span class="o">&gt;&gt;&gt;</span> <span class="n">list</span><span class="p">(</span><span class="n">current_function</span><span class="p">.</span><span class="n">low_level_il</span><span class="p">)</span>
<span class="p">[</span><span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x0</span><span class="o">-</span><span class="mh">0x3f</span><span class="o">&gt;</span><span class="p">,</span> <span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x3f</span><span class="o">-</span><span class="mh">0x45</span><span class="o">&gt;</span><span class="p">,</span> <span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x45</span><span class="o">-</span><span class="mh">0x47</span><span class="o">&gt;</span><span class="p">,</span>
<span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x47</span><span class="o">-</span><span class="mh">0x53</span><span class="o">&gt;</span><span class="p">,</span> <span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x53</span><span class="o">-</span><span class="mh">0x57</span><span class="o">&gt;</span><span class="p">,</span> <span class="o">&lt;</span><span class="nl">block</span><span class="p">:</span> <span class="n">x86_64</span><span class="mh">@0x57</span><span class="o">-</span><span class="mh">0x5a</span><span class="o">&gt;</span><span class="p">]</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">type</span><span class="p">(</span><span class="n">current_function</span><span class="p">.</span><span class="n">low_level_il</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span>
<span class="o">&lt;</span><span class="k">class</span> <span class="err">&#39;</span><span class="n">binaryninja</span><span class="p">.</span><span class="n">lowlevelil</span><span class="p">.</span><span class="n">LowLevelILInstruction</span><span class="err">&#39;</span><span class="o">&gt;</span>
<span class="o">&gt;&gt;&gt;</span> <span class="n">current_function</span><span class="p">.</span><span class="n">low_level_il</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
<span class="o">&lt;</span><span class="nl">il</span><span class="p">:</span> <span class="n">push</span><span class="p">(</span><span class="n">rbp</span><span class="p">)</span><span class="o">&gt;</span>
</pre></div>
<h2 id="low-level-il-instructions">Low Level IL Instructions<a class="headerlink" href="#low-level-il-instructions" title="Permanent link">&para;</a></h2>
<p>Now that we've established how to access LLIL Functions, Blocks, and Instructions, let's focus in on the instructions themselves. LLIL instructions are infinite length and structured as an expression tree. An expression tree means that instruction operands can be composed of operation. Thus we can have an IL instruction like this:</p>
<div class="codehilite"><pre><span></span>eax = eax + ecx * 4
</pre></div>
<p>The tree for such an instruction would look like:</p>
<div class="codehilite"><pre><span></span> =
/ \
eax +
/ \
eax *
/ \
ecx 4
</pre></div>
<p>There are quite a few reasons that we chose to use expression trees that we won't go into in detail here, but suffice it to say lifting to this form and reading this form are both much easier than other forms.</p>
<p>Now let's get back to the examples. First let's pick an instruction to work with:</p>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr = current_function.low_level_il[2]
&gt;&gt;&gt; instr
&lt;il: rsp = rsp - 0x110&gt;
</pre></div>
<p>For the above instruction, we have a few operations we can perform:</p>
<ul>
<li><strong>address</strong> - returns the virtual address</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; hex(instr.address)
&#39;0x40084aL&#39;
</pre></div>
<ul>
<li><strong>dest</strong> - returns the destination operand</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.dest
&#39;rsp&#39;
</pre></div>
<ul>
<li><strong>function</strong> - returns the containing function</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.function
&lt;binaryninja.lowlevelil.LowLevelILFunction object at 0x111c79810&gt;
</pre></div>
<ul>
<li><strong>instr_index</strong> - returns the LLIL index</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.instr_index
2
</pre></div>
<ul>
<li><strong>operands</strong> - returns a list of all operands.</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.operands
[&#39;rsp&#39;, &lt;il: rsp - 0x110&gt;]
</pre></div>
<ul>
<li><strong>operation</strong> - returns the enumeration value of the current operation</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.operation
&lt;LowLevelILOperation.LLIL_SET_REG: 1&gt;
</pre></div>
<ul>
<li><strong>src</strong> - returns the source operand</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.src
&lt;il: rsp - 0x110&gt;
</pre></div>
<ul>
<li><strong>dest</strong> - returns the destination operand</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.dest
&#39;rsp&#39;
</pre></div>
<ul>
<li><strong>size</strong> - returns the size of the operation in bytes (in this case we have an 8 byte assigment)</li>
</ul>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; instr.size
8L
</pre></div>
<p>Now with some knowledge of the <code>LowLevelIL</code> class let's try to do something with it. Let's say our goal is to find all the times the register <code>rdx</code> is written to in the current function. This code is straight forward:</p>
<div class="codehilite"><pre><span></span>&gt;&gt;&gt; for block in current_function.low_level_il:
... for instr in block:
... if instr.operation == LowLevelILOperation.LLIL_SET_REG and instr.dest.name == &#39;rdx&#39;:
... print instr.address, instr.instr_index, instr
...
4196490 14 rdx = [rax].q
4196500 16 rdx = [rax + 8].q
4196511 18 rdx = [rax + 0x10].q
4196522 20 rdx = [rax + 0x18].q
4196533 22 rdx = [rax + 0x20].q
4196544 24 rdx = [rax + 0x28].q
4196798 77 rdx = [0x602090].q
</pre></div>
<h2 id="the-instructions">The Instructions<a class="headerlink" href="#the-instructions" title="Permanent link">&para;</a></h2>
<p>Going into gross detail on all the instructions is out of scope of this article, but we'll go over the different instructions types and speak generally about how they are used.</p>
<h3 id="registers-constants-flags">Registers, Constants &amp; Flags<a class="headerlink" href="#registers-constants-flags" title="Permanent link">&para;</a></h3>
<p>When parsing an instruction tree the terminals are registers, constants and flags. This provide the basis from which all instructions are built.</p>
<ul>
<li><strong><code>LLIL_REG</code></strong> - A register, terminal</li>
<li><strong><code>LLIL_CONST</code></strong> - A constant integer value, terminal</li>
<li><strong><code>LLIL_SET_REG</code></strong> - Sets a register to the results of the IL operation in <code>src</code> attribute.</li>
<li><strong><code>LLIL_SET_REG_SPLIT</code></strong> - Uses a pair of registers as one double sized register, setting both registers at once.</li>
<li><strong><code>LLIL_SET_FLAG</code></strong> - Sets the specified flag to the IL operation in <code>src</code> attribute.</li>
</ul>
<h3 id="memory-load-store">Memory Load &amp; Store<a class="headerlink" href="#memory-load-store" title="Permanent link">&para;</a></h3>
<p>Reading and writing memory is accomplished through the following instructions.</p>
<ul>
<li><strong><code>LLIL_LOAD</code></strong> - Load a value from memory.</li>
<li><strong><code>LLIL_STORE</code></strong> - Store a value to memory.</li>
<li><strong><code>LLIL_PUSH</code></strong> - Store value to stack; adjusting stack pointer by sizeof(value) after the store.</li>
<li><strong><code>LLIL_POP</code></strong> - Load value from stack; adjusting stack pointer by sizeof(value) after the store.</li>
</ul>
<h3 id="control-flow-conditionals">Control Flow &amp; Conditionals<a class="headerlink" href="#control-flow-conditionals" title="Permanent link">&para;</a></h3>
<p>Control flow transfering- and comparison instructions are straightforward enough, but one instruction that deserves more attention is the <code>if</code> instruction. To understand the <code>if</code> instruction we need to first understand the concept of labels.</p>
<p>Labels function much like they do in C code. They can be put anywhere in the emitted IL and serve as a destination for the <code>if</code> and <code>goto</code> instructions. Labels are required because one assembly language instruction can translate to multiple IL instructions, and you need to be able to branch to any of the emitted IL instructions. Let's consider the following x86 instruction <code>cmove</code> (Conditional move if equal flag is set):</p>
<div class="codehilite"><pre><span></span>test eax, eax
cmove eax, ebx
</pre></div>
<p>To translate this instruction to IL we have to first create true and false labels. Then we emit the <code>if</code> instruction, passing it the proper conditional and labels. Next we emit the true label, then we emit the set register instruction and a goto false label instruction. This results in the following output:</p>
<div class="codehilite"><pre><span></span>0 @ 00000002 if (eax == 0) then 1 else 3
1 @ 00000002 eax = ebx
2 @ 00000002 goto 3
</pre></div>
<p>As you can see from the above code, labels are really just used internaly and aren't explicitly marked. In addition to <code>if</code> and <code>goto</code>, the <code>jump_to</code> IL instruction is the only other instruction that operates on labels. The rest of the IL control flow instructions operate on addresses rather than labels, much like actual assembly language instructions. Note that an architecture plugin author should not be emitting <code>jump_to</code> IL instructions as those are generated by the analysis automatically. </p>
<ul>
<li><strong><code>LLIL_JUMP</code></strong> - Branch execution to the result of the IL operation.</li>
<li><strong><code>LLIL_JUMP_TO</code></strong> - Jump table construct, contains an expression and list of possible targets.</li>
<li><strong><code>LLIL_CALL</code></strong> - Branch execution to the result of the IL operation.</li>
<li><strong><code>LLIL_RET</code></strong> - Return execution to the caller.</li>
<li><strong><code>LLIL_NORET</code></strong> - Instruction emitted automatically after syscall or call instruction which cause the program to terminate.</li>
<li><strong><code>LLIL_IF</code></strong> - <code>If</code> provides conditional execution. If condition is true execution branches to the true label and false label otherwise.</li>
<li><strong><code>LLIL_GOTO</code></strong> - <code>Goto</code> is used to branch to an IL label, this is different than jump since jump can only jump to addresses.</li>
<li><strong><code>LLIL_FLAG_COND</code></strong> - Returns the flag condition expression for the specified flag condition.</li>
<li><strong><code>LLIL_CMP_E</code></strong> - equality</li>
<li><strong><code>LLIL_CMP_NE</code></strong> - not equal</li>
<li><strong><code>LLIL_CMP_SLT</code></strong> - signed less than</li>
<li><strong><code>LLIL_CMP_ULT</code></strong> - unsigned less than</li>
<li><strong><code>LLIL_CMP_SLE</code></strong> - signed less than or equal</li>
<li><strong><code>LLIL_CMP_ULE</code></strong> - unsigned less than or equal</li>
<li><strong><code>LLIL_CMP_SGE</code></strong> - signed greater than or equal</li>
<li><strong><code>LLIL_CMP_UGE</code></strong> - unsigned greater than or equal</li>
<li><strong><code>LLIL_CMP_SGT</code></strong> - signed greater than</li>
<li><strong><code>LLIL_CMP_UGT</code></strong> - unsigned greater than</li>
</ul>
<h3 id="the-arithmetic-logical-instructions">The Arithmetic &amp; Logical Instructions<a class="headerlink" href="#the-arithmetic-logical-instructions" title="Permanent link">&para;</a></h3>
<p>LLIL implements the most common arithmetic as well as a host of more complicated instruction which make translating from assembly much easier. Most arithmetic and logical instruction contain <code>left</code> and <code>right</code> attributes which can themselves be other IL instructions.</p>
<p>The double precision instruction multiply, divide, modulus instructions are particularly helpful for instruction sets like x86 whose output/input can be double the size of the input/output.</p>
<ul>
<li><strong><code>LLIL_ADD</code></strong> - Add</li>
<li><strong><code>LLIL_ADC</code></strong> - Add with carry</li>
<li><strong><code>LLIL_SUB</code></strong> - Subtract</li>
<li><strong><code>LLIL_SBB</code></strong> - Subtract with borrow</li>
<li><strong><code>LLIL_AND</code></strong> - Bitwise and</li>
<li><strong><code>LLIL_OR</code></strong> - Bitwise or</li>
<li><strong><code>LLIL_XOR</code></strong> - Exclusive or</li>
<li><strong><code>LLIL_LSL</code></strong> - Logical shift left</li>
<li><strong><code>LLIL_LSR</code></strong> - Logical shift right</li>
<li><strong><code>LLIL_ASR</code></strong> - Arithmetic shift right</li>
<li><strong><code>LLIL_ROL</code></strong> - Rotate left</li>
<li><strong><code>LLIL_RLC</code></strong> - Rotate left with carry</li>
<li><strong><code>LLIL_ROR</code></strong> - Rotate right</li>
<li><strong><code>LLIL_RRC</code></strong> - Rotate right with carry</li>
<li><strong><code>LLIL_MUL</code></strong> - Multiply single precision</li>
<li><strong><code>LLIL_MULU_DP</code></strong> - Unsigned multiply double precision </li>
<li><strong><code>LLIL_MULS_DP</code></strong> - Signed multiply double precision</li>
<li><strong><code>LLIL_DIVU</code></strong> - Unsigned divide single precision</li>
<li><strong><code>LLIL_DIVU_DP</code></strong> - Unsigned divide double precision</li>
<li><strong><code>LLIL_DIVS</code></strong> - Signed divide single precision</li>
<li><strong><code>LLIL_DIVS_DP</code></strong> - Signed divide double precision</li>
<li><strong><code>LLIL_MODU</code></strong> - Unsigned modulus single precision</li>
<li><strong><code>LLIL_MODU_DP</code></strong> - Unsigned modulus double precision</li>
<li><strong><code>LLIL_MODS</code></strong> - Signed modulus single precision</li>
<li><strong><code>LLIL_MODS_DP</code></strong> - Signed modulus double precision</li>
<li><strong><code>LLIL_NEG</code></strong> - Sign negation</li>
<li><strong><code>LLIL_NOT</code></strong> - Bitwise complement</li>
</ul>
<h3 id="special-instructions">Special instructions<a class="headerlink" href="#special-instructions" title="Permanent link">&para;</a></h3>
<p>The rest of the instructions are pretty much self-explanatory to anyone with familiarity with assembly languages.</p>
<ul>
<li><strong><code>LLIL_NOP</code></strong> - No operation</li>
<li><strong><code>LLIL_SX</code></strong> - Sign extend</li>
<li><strong><code>LLIL_ZX</code></strong> - Zero extend</li>
<li><strong><code>LLIL_SYSCALL</code></strong> - System call instruction</li>
<li><strong><code>LLIL_BP</code></strong> - Breakpoint instruction</li>
<li><strong><code>LLIL_TRAP</code></strong> - Trap instruction</li>
<li><strong><code>LLIL_UNDEF</code></strong> - Undefined instruction</li>
<li><strong><code>LLIL_UNIMPL</code></strong> - Unimplemented instruction</li>
<li><strong><code>LLIL_UNIMPL_MEM</code></strong> - Unimplemented memory access instruction</li>
</ul>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../about/license.html" class="btn btn-neutral float-right" title="License">Next <span class="icon icon-circle-arrow-right"></span></a>
<a href="documentation.html" class="btn btn-neutral" title="Contributing Documentation"><span class="icon icon-circle-arrow-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<!-- Copyright etc -->
<p>(<a href="https://creativecommons.org/licenses/by/3.0/">cc</a>) Vector 35 Inc</p>
</div>
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<div class="rst-versions" role="note" style="cursor: pointer">
<span class="rst-current-version" data-toggle="rst-current-version">
<span><a href="documentation.html" style="color: #fcfcfc;">&laquo; Previous</a></span>
<span style="margin-left: 15px"><a href="../about/license.html" style="color: #fcfcfc">Next &raquo;</a></span>
</span>
</div>
<script>var base_url = '..';</script>
<script src="../js/theme.js" defer></script>
<script src="../search/main.js" defer></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink