keystone-engine/keystone

Keystone Not Assembling Powerpc

elbee-cyber opened this issue · 3 comments

It seems that keystone is not assembling basically any powerpc64 instruction (beyond nops and some instructions which do not read/write memory including registers)
eg:

md = Ks(KS_ARCH_PPC, KS_MODE_PPC64 | KS_MODE_BIG_ENDIAN)
print(md.asm(bytes("ld r0,16(r1)", 'utf8'), as_bytes=True))
print(md.asm(bytes("addi r10,r2,235", 'utf8'), as_bytes=True))
print(md.asm(bytes("xori r9,r9,65280", 'utf8'), as_bytes=True))

All instructions result in an Invalid operand (KS_ERR_ASM_INVALIDOPERAND)

I've also noticed this issue in virtually every tool that uses keystone, here's another example from gdb-gef:
image

I've noticed the same issue for ppc32:
image

Have this issue as well. This is something new as well because less than a year ago, I was able to use it to assemble PowerPC.

I'm going to attempt to make a patch for it soon, once I diagnose the issue.

Just tried to do this with PowerPC 32-bit earlier and I'm having the same issue still. Haven't forgotten, will take a look soon.

@elbee-cyber friend hello, through reverse engineering, I found that the author seems to have modified the ppc syntax, due to the characteristics of ppc architecture instructions, the author deliberately omitted the letter r, should be in order to do a better match with other plug-ins, so you should modify as follows:

print(md.asm(bytes("ld 0,16(1)", 'utf8'), as_bytes=True))
print(md.asm(bytes("addi 10,2,235", 'utf8'), as_bytes=True))
print(md.asm(bytes("xori 9,9,65280", 'utf8'), as_bytes=True))