forked from bsdphk/PyRevEng
-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes
61 lines (47 loc) · 1.39 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Sun Mar 25 06:29:34 UTC 2012
Pseudo-language, inspired by Halvar Flake BH 2004:
(oper, src, dst)
oper:
string
globale namespace
per CPU pfx'ed by "cpu::"
src:
tuple
dst:
str -> register
None -> no effects
True -> side-effects
A register cannot be a src if it is a dst.
Sun Nov 27 18:08:19 UTC 2011
Non-contig functions normal in M$ compiler output
bh-asia-02-halvarflake.pdf
Sun Nov 27 18:08:19 UTC 2011
XXX: m68000 DBF instruction has no flow ?
---------------
p -- pyreveng instance
General container for a reverse engineering task,
to make it possible to have multiple such in a
single program program
p::todo()
A task-list facility for serializing
work-points, rather than relying on deep
recursion to track code.
p::study()
A facility for having code study partial
results, attempting to divine or deduce
further points of attack.
p.m -- memory instance
The bits we are working on.
p.t -- tree instance
A hierarchial dissection of the tree into component
parts and structures.
p.c[] -- array of disassemblers
One image can contain multiple kinds of code to be
disassembled, typically CPU instructions and some
kind of interpreted bytecode.
p.c[].g -- graph instance
Flow-control resolution for particular language
domain.
r(p) -- renderer
Formats or otherwise presents the completed
reverse-engineering