rizinorg · XVilka · Nov 8, 2024 · Nov 8, 2024
@@ -867,62 +867,6 @@ static bool esil_xoreq(RzAnalysisEsil *esil) {
 	return ret;
 }
 
-#if 0
-static int esil_interrupt_linux_i386(RzAnalysisEsil *esil) { 		//move this into a plugin
-	ut32 sn, ret = 0;
-	char *usn = rz_analysis_esil_pop (esil);
-	if (usn) {
-		sn = (ut32) rz_num_get (NULL, usn);
-	} else sn = 0x80;
-
-	if (sn == 3) {
-		// trap
-		esil->trap = RZ_ANALYSIS_TRAP_BREAKPOINT;
-		esil->trap_code = 3;
-		return -1;
-	}
-
-	if (sn != 0x80) {
-		RZ_LOG_ERROR("Interrupt 0x%x not handled.\n", sn);
-		esil->trap = RZ_ANALYSIS_TRAP_UNHANDLED;
-		esil->trap_code = sn;
-		return -1;
-	}
-#undef r
-#define r(x) rz_reg_getv(esil->analysis->reg, "##x##")
-#undef rs
-#define rs(x, y) rz_reg_setv(esil->analysis->reg, "##x##", y)
-	switch (r(eax)) {
-	case 1:
-		printf ("exit(%d)\n", (int)r(ebx));
-		rs(eax, -1);
-		// never return. stop execution somehow, throw an exception
-		break;
-	case 3:
-		ret = r(edx);
-		printf ("ret:%d = read(fd:%"PFMT64d", ptr:0x%08"PFMT64x", len:%"PFMT64d")\n",
-			(int)ret, r(ebx), r(ecx), r(edx));
-		rs(eax, ret);
-		break;
-	case 4:
-		ret = r(edx);
-		printf ("ret:%d = write(fd:%"PFMT64d", ptr:0x%08"PFMT64x", len:%"PFMT64d")\n",
-			(int)ret, r(ebx), r(ecx), r(edx));
-		rs(eax, ret);
-		break;
-	case 5:
-		ret = -1;
-		printf ("fd:%d = open(file:0x%08"PFMT64x", mode:%"PFMT64d", perm:%"PFMT64d")\n",
-			(int)ret, r(ebx), r(ecx), r(edx));
-		rs(eax, ret);
-		break;
-	}
-#undef r
-#undef rs
-	return 0;
-}
-#endif
-
 static bool esil_trap(RzAnalysisEsil *esil) {
 	ut64 s, d;
 	if (popRN(esil, &s) && popRN(esil, &d)) {
@@ -980,64 +924,25 @@ static bool esil_cmp(RzAnalysisEsil *esil) {
 	return ret;
 }
 
-#if 0
-x86 documentation:
-CF - carry flag -- Set on high-order bit carry or borrow; cleared otherwise
-	num>>63
-PF - parity flag
-	(num&0xff)
-    Set if low-order eight bits of result contain an even number of "1" bits; cleared otherwise
-ZF - zero flags
-    Set if result is zero; cleared otherwise
-	zf = num?0:1;
-SF - sign flag
-    Set equal to high-order bit of result (0 if positive 1 if negative)
-	sf = ((st64)num)<0)?1:0;
-OF - overflow flag
-	if (a>0&&b>0 && (a+b)<0)
-    Set if result is too large a positive number or too small a negative number (excluding sign bit) to fit in destination operand; cleared otherwise
-
-JBE: CF = 1 || ZF = 1
-
-#endif
-
 /*
- * Expects a string in the stack. Each char of the string represents a CPU flag.
- * Those relations are associated by the CPU itself and are used to move values
- * from the internal ESIL into the RzReg instance.
- *
- * For example:
- *   zco,?=     # update zf, cf and of
+ * x86 documentation:
+ * CF - carry flag -- Set on high-order bit carry or borrow; cleared otherwise
+ * 	num>>63
+ * PF - parity flag
+ * 	(num&0xff)
+ *     Set if low-order eight bits of result contain an even number of "1" bits; cleared otherwise
+ * ZF - zero flags
+ *     Set if result is zero; cleared otherwise
+ * 	zf = num?0:1;
+ * SF - sign flag
+ *     Set equal to high-order bit of result (0 if positive 1 if negative)
+ * 	sf = ((st64)num)<0)?1:0;
+ * OF - overflow flag
+ * 	if (a>0&&b>0 && (a+b)<0)
+ *     Set if result is too large a positive number or too small a negative number (excluding sign bit) to fit in destination operand; cleared otherwise
  *
- * If we want to update the esil value of a specific flag we use the =? command
- *
- *    zf,z,=?    # esil[zf] = rz_reg[zf]
- *
- * Defining new cpu flags
+ * JBE: CF = 1 || ZF = 1
  */
-#if 0
-static int esil_ifset(RzAnalysisEsil *esil) {
-	char *s, *src = rz_analysis_esil_pop (esil);
-	for (s=src; *s; s++) {
-		switch (*s) {
-		case 'z':
-			rz_analysis_esil_reg_write (esil, "zf", RZ_BIT_CHK(&esil->flags, FLG(ZERO)));
-			break;
-		case 'c':
-			rz_analysis_esil_reg_write (esil, "cf", RZ_BIT_CHK(&esil->flags, FLG(CARRY)));
-			break;
-		case 'o':
-			rz_analysis_esil_reg_write (esil, "of", RZ_BIT_CHK(&esil->flags, FLG(OVERFLOW)));
-			break;
-		case 'p':
-			rz_analysis_esil_reg_write (esil, "pf", RZ_BIT_CHK(&esil->flags, FLG(PARITY)));
-			break;
-		}
-	}
-	free (src);
-	return 0;
-}
-#endif
 
 static bool esil_if(RzAnalysisEsil *esil) {
 	bool ret = false;

@@ -58,12 +58,6 @@ RZ_API int rz_analysis_esil_fire_interrupt(RzAnalysisEsil *esil, ut32 intr_num)
 		return false;
 	}
 	RzAnalysisEsilInterrupt *intr = ht_up_find(esil->interrupts, intr_num, NULL);
-#if 0
-	// we don't want this warning
-	if (!intr) {
-		RZ_LOG_WARN("no interrupt handler registered for 0x%x\n", intr_num);
-	}
-#endif
 	return (intr && intr->handler && intr->handler->cb) ? intr->handler->cb(esil, intr_num, intr->user) : false;
 }
 

@@ -227,14 +227,7 @@ static bool is_delta_pointer_table(ReadAhead *ra, RzAnalysis *analysis, ut64 add
 			*casetbl_addr += omov_aop.disp;
 		}
 	}
-#if 0
-	// required for the last jmptbl.. but seems to work without it and breaks other tests
-	if (mov_aop.type && mov_aop.ptr) {
-		*jmptbl_addr += mov_aop.ptr;
-		// absjmptbl
-		lea_ptr = mov_aop.ptr;
-	}
-#endif
+
 	/* check if jump table contains valid deltas */
 	read_ahead(ra, analysis, *jmptbl_addr, (ut8 *)&jmptbl, 64);
 	for (i = 0; i < 3; i++) {
@@ -479,21 +472,19 @@ static const char *retpoline_reg(RzAnalysis *analysis, ut64 addr) {
 			return thunk + strlen(token);
 		}
 	}
-#if 0
-// TODO: implement following code analysis check for stripped binaries:
-// 1) op(addr).type == CALL
-// 2) call_dest = op(addr).addr
-// 3) op(call_dest).type == STORE
-// 4) op(call_dest + op(call_dest).size).type == RET
-[0x00000a65]> pid 6
-0x00000a65  sym.__x86_indirect_thunk_rax:
-0x00000a65  .------- e807000000  call 0xa71
-0x00000a6a  |              f390  pause
-0x00000a6c  |            0faee8  lfence
-0x00000a6f  |              ebf9  jmp 0xa6a
-0x00000a71  `---->     48890424  mov qword [rsp], rax
-0x00000a75                   c3  ret
-#endif
+	// TODO: implement following code analysis check for stripped binaries:
+	// 1) op(addr).type == CALL
+	// 2) call_dest = op(addr).addr
+	// 3) op(call_dest).type == STORE
+	// 4) op(call_dest + op(call_dest).size).type == RET
+	// [0x00000a65]> pid 6
+	// 0x00000a65  sym.__x86_indirect_thunk_rax:
+	// 0x00000a65  .------- e807000000  call 0xa71
+	// 0x00000a6a  |              f390  pause
+	// 0x00000a6c  |            0faee8  lfence
+	// 0x00000a6f  |              ebf9  jmp 0xa6a
+	// 0x00000a71  `---->     48890424  mov qword [rsp], rax
+	// 0x00000a75                   c3  ret
 	return NULL;
 }
 

@@ -380,16 +380,16 @@ RZ_IPI int rz_arm_cs_analysis_op_32_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 a
 		rz_strbuf_setf(&op->esil, "%s,$", ARG(0));
 		break;
 	case ARM_INS_PUSH:
-#if 0
-PUSH { r4, r5, r6, r7, lr }
-4,sp,-=,lr,sp,=[4],
-4,sp,-=,r7,sp,=[4],
-4,sp,-=,r6,sp,=[4],
-4,sp,-=,r5,sp,=[4],
-4,sp,-=,r4,sp,=[4]
-
-20,sp,-=,lr,r7,r6,r5,r4,5,sp,=[*]
-#endif
+		/*
+		 * PUSH { r4, r5, r6, r7, lr }
+		 * 4,sp,-=,lr,sp,=[4],
+		 * 4,sp,-=,r7,sp,=[4],
+		 * 4,sp,-=,r6,sp,=[4],
+		 * 4,sp,-=,r5,sp,=[4],
+		 * 4,sp,-=,r4,sp,=[4]
+		 *
+		 * 20,sp,-=,lr,r7,r6,r5,r4,5,sp,=[*]
+		 */
 		rz_strbuf_appendf(&op->esil, "%d,sp,-=,",
 			4 * insn->detail->arm.op_count);
 		for (i = insn->detail->arm.op_count; i > 0; i--) {
@@ -485,10 +485,8 @@ PUSH { r4, r5, r6, r7, lr }
 		}
 		break;
 	case ARM_INS_POP:
-#if 0
-POP { r4,r5, r6}
-r6,r5,r4,3,sp,[*],12,sp,+=
-#endif
+		// POP { r4,r5, r6}
+		// r6,r5,r4,3,sp,[*],12,sp,+=
 		for (i = insn->detail->arm.op_count; i > 0; i--) {
 			rz_strbuf_appendf(&op->esil, "%s,", REG(i - 1));
 		}

@@ -417,18 +417,6 @@ RZ_IPI int rz_arm_cs_analysis_op_64_esil(RzAnalysis *a, RzAnalysisOp *op, ut64 a
 			const char *r0 = REG64(0);
 			const char *r1 = REG64(1);
 			int size = REGSIZE64(1);
-#if 0
-		rz_strbuf_setf (&op->esil,
-			"0,%s,=,"                        // dst = 0
-			"%d,"                            // initial counter = size
-			"DUP,"                           // counter: size -> 0 (repeat here)
-				"DUP,1,SWAP,-,8,*,"          // counter to bits in source
-					"DUP,0xff,<<,%s,&,>>,"   // src byte moved to LSB
-				"SWAP,%d,-,8,*,"             // invert counter, calc dst bit
-				"SWAP,<<,%s,|=,"             // shift left to there and insert
-			"4,REPEAT",                      // goto 5th instruction
-			r0, size, r1, size, r0);
-#endif
 			if (size == 8) {
 				rz_strbuf_setf(&op->esil,
 					"56,0xff,%s,&,<<,tmp,=,"