-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathebpf.py
40 lines (27 loc) · 967 Bytes
/
ebpf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
from binaryninja.architecture import Architecture
from binaryninja.platform import Platform
from binaryninja.function import RegisterInfo, InstructionInfo
from .instr import decode, tT
REGS = [f'r{i}' for i in range(16)]
class EBPF(Architecture):
name = 'ebpf'
address_size = 8
max_instr_length = 16
regs = { r:RegisterInfo(r, 8) for r in REGS }
stack_pointer = 'r10'
def get_instruction_info(self, data, addr):
instr = decode(data, addr)
if instr is None:
return InstructionInfo(length=8)
return instr.info
def get_instruction_text(self, data, addr):
instr = decode(data, addr)
if instr is None:
return [tT('unk')], 8
return instr.text, instr.info.length
def get_instruction_low_level_il(self, data, addr, il):
instr = decode(data, addr)
if instr is None:
return 8
instr.llil(il)
return instr.info.length