以前读cs的笔记:https://bbs.pediy.com/thread-258473.htm
class _cs_insn(ctypes.Structure):
_fields_ = (
('id', ctypes.c_uint),
('address', ctypes.c_uint64),
('size', ctypes.c_uint16),
('bytes', ctypes.c_ubyte * 16),
('mnemonic', ctypes.c_char * 32),
('op_str', ctypes.c_char * 160),
('detail', ctypes.POINTER(_cs_detail)),
)
class _cs_detail(ctypes.Structure):
_fields_ = (
('regs_read', ctypes.c_uint16 * 12),
('regs_read_count', ctypes.c_ubyte),
('regs_write', ctypes.c_uint16 * 20),
('regs_write_count', ctypes.c_ubyte),
('groups', ctypes.c_ubyte * 8),
('groups_count', ctypes.c_ubyte),
('arch', _cs_arch),
)
class _cs_arch(ctypes.Union):
_fields_ = (
('arm64', arm64.CsArm64),
('arm', arm.CsArm),
('m68k', m68k.CsM68K),
('mips', mips.CsMips),
('x86', x86.CsX86),
('ppc', ppc.CsPpc),
('sparc', sparc.CsSparc),
('sysz', systemz.CsSysz),
('xcore', xcore.CsXcore),
('tms320c64x', tms320c64x.CsTMS320C64x),
('m680x', m680x.CsM680x),
('evm', evm.CsEvm),
)
/// Instruction structure
typedef struct cs_arm {
bool usermode; ///< User-mode registers to be loaded (for LDM/STM instructions)
int vector_size; ///< Scalar size for vector instructions
arm_vectordata_type vector_data; ///< Data type for elements of vector instructions
arm_cpsmode_type cps_mode; ///< CPS mode for CPS instruction
arm_cpsflag_type cps_flag; ///< CPS mode for CPS instruction
arm_cc cc; ///< conditional code for this insn
bool update_flags; ///< does this insn update flags?
bool writeback; ///< does this insn write-back?
arm_mem_barrier mem_barrier; ///< Option for some memory barrier instructions
/// Number of operands of this instruction,
/// or 0 when instruction has no operand.
uint8_t op_count;
cs_arm_op operands[36]; ///< operands for this instruction.
} cs_arm;
typedef enum arm_cc {
ARM_CC_INVALID = 0,
ARM_CC_EQ, ///< Equal Equal
ARM_CC_NE, ///< Not equal Not equal, or unordered
ARM_CC_HS, ///< Carry set >, ==, or unordered
ARM_CC_LO, ///< Carry clear Less than
ARM_CC_MI, ///< Minus, negative Less than
ARM_CC_PL, ///< Plus, positive or zero >, ==, or unordered
ARM_CC_VS, ///< Overflow Unordered
ARM_CC_VC, ///< No overflow Not unordered
ARM_CC_HI, ///< Unsigned higher Greater than, or unordered
ARM_CC_LS, ///< Unsigned lower or same Less than or equal
ARM_CC_GE, ///< Greater than or equal Greater than or equal
ARM_CC_LT, ///< Less than Less than, or unordered
ARM_CC_GT, ///< Greater than Greater than
ARM_CC_LE, ///< Less than or equal <, ==, or unordered
ARM_CC_AL ///< Always (unconditional) Always (unconditional)
} arm_cc;
/// Instruction operand
typedef struct cs_arm_op {
int vector_index; ///< Vector Index for some vector operands (or -1 if irrelevant)
struct {
arm_shifter type;
unsigned int value;
} shift;
arm_op_type type; ///< operand type
union {
int reg; ///< register value for REG/SYSREG operand
int32_t imm; ///< immediate value for C-IMM, P-IMM or IMM operand
double fp; ///< floating point value for FP operand
arm_op_mem mem; ///< base/index/scale/disp value for MEM operand
arm_setend_type setend; ///< SETEND instruction's operand type
};
/// in some instructions, an operand can be subtracted or added to
/// the base register,
/// if TRUE, this operand is subtracted. otherwise, it is added.
bool subtracted;
/// How is this operand accessed? (READ, WRITE or READ|WRITE)
/// This field is combined of cs_ac_type.
/// NOTE: this field is irrelevant if engine is compiled in DIET mode.
uint8_t access;
/// Neon lane index for NEON instructions (or -1 if irrelevant)
int8_t neon_lane;
} cs_arm_op;
