Add /Af support for RAnalOpFamilyPriv for privileged instructions

- x86.cs only atm, capstone support is still wip

libr/anal/op.c

@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2010-2013 - pancake, nibble */
+/* radare - LGPL - Copyright 2010-2015 - pancake, nibble */
 
 #include <r_anal.h>
 #include <r_util.h>
@@ -129,8 +129,6 @@ R_API int r_anal_op_execute (RAnal *anal, RAnalOp *op) {
 
 R_API const char *r_anal_optype_to_string(int t) {
 	switch (t) {
-	case R_ANAL_OP_TYPE_PRIV  : return "privileged";
-	case R_ANAL_OP_TYPE_FPU   : return "fpu";
 	case R_ANAL_OP_TYPE_IO    : return "io";
 	case R_ANAL_OP_TYPE_ACMP  : return "acmp";
 	case R_ANAL_OP_TYPE_ADD   : return "add";
@@ -166,7 +164,7 @@ R_API const char *r_anal_optype_to_string(int t) {
 	case R_ANAL_OP_TYPE_STORE : return "store";
 	case R_ANAL_OP_TYPE_SUB   : return "sub";
 	case R_ANAL_OP_TYPE_SWI   : return "swi";
-	case R_ANAL_OP_TYPE_SWITCH : return "switch";
+	case R_ANAL_OP_TYPE_SWITCH: return "switch";
 	case R_ANAL_OP_TYPE_TRAP  : return "trap";
 	case R_ANAL_OP_TYPE_UCALL : return "ucall";
 	case R_ANAL_OP_TYPE_UCCALL: return "uccall";
@@ -176,7 +174,7 @@ R_API const char *r_anal_optype_to_string(int t) {
 	case R_ANAL_OP_TYPE_UPUSH : return "upush";
 	case R_ANAL_OP_TYPE_XCHG  : return "xchg";
 	case R_ANAL_OP_TYPE_XOR   : return "xor";
-	case R_ANAL_OP_TYPE_CASE:	return "case";
+	case R_ANAL_OP_TYPE_CASE  : return "case";
 	}
 	return "undefined";
 }

libr/anal/p/anal_x86_cs.c

@@ -5,6 +5,7 @@
 #include <capstone/capstone.h>
 #include <capstone/x86.h>
 
+#define HAVE_CSGRP_PRIVILEGE 1
 #define USE_ITER_API 0
 
 #if CS_API_MAJOR < 2
@@ -160,6 +161,7 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 		const char *bp = (a->bits==16)?"bp":
 			(a->bits==32)?"ebp":"rbp";
 		op->size = insn->size;
+		op->family = 0;
 		op->prefix = 0;
 		switch (insn->detail->x86.prefix[0]) {
 		case X86_PREFIX_REPNE:
@@ -219,42 +221,47 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 		case X86_INS_FXTRACT:
 		case X86_INS_FYL2X:
 		case X86_INS_FYL2XP1:
-		case X86_INS_FDIV:
-		case X86_INS_FIDIV:
-		case X86_INS_FDIVP:
-		case X86_INS_FDIVR:
-		case X86_INS_FIDIVR:
-		case X86_INS_FDIVRP:
 		case X86_INS_FISTTP:
 		case X86_INS_FIST:
 		case X86_INS_FISTP:
 		case X86_INS_FLDZ:
 		case X86_INS_FLD1:
 		case X86_INS_FLD:
-		case X86_INS_FMUL:
-		case X86_INS_FIMUL:
-		case X86_INS_FMULP:
 		case X86_INS_FSQRT:
 		case X86_INS_FST:
 		case X86_INS_FSTP:
 		case X86_INS_FSTPNCE:
 		case X86_INS_FXCH:
-		case X86_INS_FSUBR:
-		case X86_INS_FISUBR:
-		case X86_INS_FSUBRP:
-		case X86_INS_FSUB:
-		case X86_INS_FISUB:
-		case X86_INS_FSUBP:
 		case X86_INS_FTST:
 		case X86_INS_FUCOMPI:
 		case X86_INS_FUCOMI:
 		case X86_INS_FUCOMPP:
 		case X86_INS_FUCOMP:
 		case X86_INS_FUCOM:
-
-			op->type = R_ANAL_OP_TYPE_FPU;
+			op->type = R_ANAL_OP_TYPE_SUB;
+			op->family = R_ANAL_OP_FAMILY_FPU;
+			break;
+		case X86_INS_FDIV:
+		case X86_INS_FIDIV:
+		case X86_INS_FDIVP:
+		case X86_INS_FDIVR:
+		case X86_INS_FIDIVR:
+		case X86_INS_FDIVRP:
+		case X86_INS_FSUBR:
+		case X86_INS_FISUBR:
+		case X86_INS_FSUBRP:
+		case X86_INS_FSUB:
+		case X86_INS_FISUB:
+		case X86_INS_FSUBP:
+			op->type = R_ANAL_OP_TYPE_SUB;
+			op->family = R_ANAL_OP_FAMILY_FPU;
+			break;
+		case X86_INS_FMUL:
+		case X86_INS_FIMUL:
+		case X86_INS_FMULP:
+			op->type = R_ANAL_OP_TYPE_MUL;
+			op->family = R_ANAL_OP_FAMILY_FPU;
 			break;
-
 		case X86_INS_CLI:
 		case X86_INS_STI:
 		case X86_INS_CLC:
@@ -833,9 +840,16 @@ static int analop(RAnal *a, RAnalOp *op, ut64 addr, const ut8 *buf, int len) {
 			break;
 		}
 	}
-#if !USE_ITER_API
-	cs_free (insn, n);
+//#if X86_GRP_PRIVILEGE>0
+	if (insn) {
+#if HAVE_CSGRP_PRIVILEGE
+		if (cs_insn_group (handle, insn, X86_GRP_PRIVILEGE))
+			op->family = R_ANAL_OP_FAMILY_PRIV;
 #endif
+#if !USE_ITER_API
+		cs_free (insn, n);
+#endif
+	}
 	cs_close (&handle);
 	return op->size;
 }

libr/asm/p/asm_x86_nz.c

@@ -1261,6 +1261,20 @@ SETNP/SETPO - Set if No Parity / Set if Parity Odd (386+)
 		if (!strcmp (op, "popa") || !strcmp (op, "popad")) {
 			data[l++] = 0x61;
 		} else
+		if (!strcmp (op, "cli")) {
+			data[l++] = 0xfa;
+		} else
+		if (!strcmp (op, "sti")) {
+			data[l++] = 0xfb;
+		} else
+		if (!strcmp (op, "sysret")) {
+			data[l++] = 0x0f;
+			data[l++] = 0x07;
+		} else
+		if (!strcmp (op, "sysexit")) {
+			data[l++] = 0x0f;
+			data[l++] = 0x35;
+		} else
 		if (!strcmp (op, "nop")) {
 			data[l++] = 0x90;
 		}

libr/core/cmd_search.c

@@ -1027,14 +1027,20 @@ static void do_anal_search(RCore *core, struct search_parameters *param, const c
 	ut64 at;
 	ut8 *buf;
 	RAnalOp aop;
+	int chk_family = 0;
 	int i, ret, bsize = core->blocksize;
 	int kwidx = core->search->n_kws; //(int)r_config_get_i (core->config, "search.kwidx")-1;
-	int maxhits, count = 0;
+	int maxhits, match, count = 0;
 	if (bsize<64)
 		bsize=64;
 	if (!strncmp (param->mode, "dbg.", 4) || !strncmp(param->mode, "io.sections", 11))
 		param->boundaries = r_core_get_boundaries (core, param->mode, &param->from, &param->to);
 	else param->boundaries = NULL;
+
+	if (*input=='f') {
+		chk_family = 1;
+		input++;
+	}
 	if (*input=='?') {
 		r_cons_printf ("Usage: /A [type]\n");
 		for (i=0; i<64; i++) {
@@ -1060,9 +1066,23 @@ static void do_anal_search(RCore *core, struct search_parameters *param, const c
 		}
 		ret = r_anal_op (core->anal, &aop, at, buf+i, bsize-i);
 		if (ret) {
-			const char *type = r_anal_optype_to_string (aop.type);
-			if (!*input || strstr (input, type)) {
-				r_cons_printf ("0x%08"PFMT64x" - %d %s\n", at, ret, type);
+			match = 0;
+			if (chk_family) {
+				const char *fam = r_anal_op_family_to_string (aop.family);
+				if (fam)
+				if (!*input || strstr (input, fam)) {
+					match = 1;
+					r_cons_printf ("0x%08"PFMT64x" - %d %s\n", at, ret, fam);
+				}
+			} else {
+				const char *type = r_anal_optype_to_string (aop.type);
+				if (type)
+				if (!*input || strstr (input, type)) {
+					match = 1;
+					r_cons_printf ("0x%08"PFMT64x" - %d %s\n", at, ret, type);
+				}
+			}
+			if (match) {
 				if (*input && searchflags) {
 					char flag[64];
 					snprintf (flag, sizeof (flag), "%s%d_%d",
@@ -1465,7 +1485,16 @@ static int cmd_search(void *data, const char *input) {
 		} else r_core_anal_search (core, param.from, param.to, core->offset);
 		break;
 	case 'A':
-		do_anal_search (core, &param, input+1);
+		switch (input[1]) {
+		case 'f':
+		case '?':
+		case ' ':
+			do_anal_search (core, &param, input+1);
+			break;
+		default:
+			do_anal_search (core, &param, "?");
+			break;
+		}
 		dosearch = 0;
 		break;
 	case 'a': {

libr/include/r_anal.h

@@ -427,8 +427,10 @@ typedef enum {
 	R_ANAL_OP_TYPE_MOD   = 37,
 	R_ANAL_OP_TYPE_SWITCH = 38,
 	R_ANAL_OP_TYPE_CASE = 39,
+#if 0
 	R_ANAL_OP_TYPE_PRIV = 40, /* priviledged instruction */
 	R_ANAL_OP_TYPE_FPU = 41, /* floating point stuff */
+#endif
 } _RAnalOpType;
 
 /* TODO: what to do with signed/unsigned conditionals? */
@@ -613,7 +615,8 @@ typedef struct r_anal_op_t {
 	ut64 addr;      /* address */
 	ut64 type;      /* type of opcode */
 	ut64 prefix;    /* type of opcode prefix (rep,lock,..) */
-	ut64 type2; // used by java
+	ut64 type2;	/* used by java */
+	int group;      /* is fpu, is privileged, mmx, etc */
 	int stackop;    /* operation on stack? */
 	int cond;       /* condition type */
 	int size;       /* size in bytes of opcode */

shlr/Makefile

@@ -6,9 +6,9 @@ CS_VER=3.0
 CS_TAR=http://capstone-engine.org/download/$(CS_VER)/capstone-$(CS_VER).tgz
 CS_TAR=
 CS_URL=https://www.github.com/aquynh/capstone.git
-CS_UPD=20150307
+CS_UPD=20150308
 CS_BRA=next
-CS_TIP=8e343885be05b5bf68c067a646874224e7fd9e45
+CS_TIP=4dd0dcb9d44490963f5343e31dac1d27751c9f6d
 
 .PHONY: capstone-sync capstone-build all clean mrproper libgdbr libwind