thumb working on capstone

middleware/qira_program.py

@@ -267,7 +267,14 @@ class Program:
         continue
       #print repr(d)
       if self.fb == 0x28:   # ARM
-        inst = d[d.rfind("  ")+2:]
+        inst = d[d.rfind("  ")+2:-1] #last bit now the thumb bit
+        thumb_flag = d[-1]
+        if thumb_flag == 't':
+          thumb = True
+        elif thumb_flag == 'n':
+          thumb = False
+        else:
+          print "*** Invalid thumb flag at end of instruction"
         #address = d.split()[0]
       elif self.fb == 0xb7:   # aarch64
         inst = d[d.rfind("     ")+5:]
@@ -324,7 +331,7 @@ class Program:
     #print "***",' '.join(eargs)
     os.execvp(eargs[0], eargs)
   
-  def disasm(self, raw, address):
+  def disasm(self, raw, address, thumb):
     default = {"repr": raw.encode("hex")}
     if qira_config.WITH_CAPSTONE:
       try:
@@ -334,12 +341,10 @@ class Program:
         elif arch == "x86-64":
           md = Cs(CS_ARCH_X86, CS_MODE_64)
         elif arch == "arm":
-          md = Cs(CS_ARCH_ARM, CS_MODE_THUMB)
-          # to switch between modes:
-          # new idea: use qemu to figure out which intructions are arm/thumb
-          # pick default choice based on 
-          # md.mode = CS_MODE_THUMB
-          # md.mode = CS_MODE_ARM
+          if thumb:
+            md = Cs(CS_ARCH_ARM, CS_MODE_THUMB)
+          else:
+            md = Cs(CS_ARCH_ARM, CS_MODE_ARM)
         elif arch == "aarch64":
           md = Cs(CS_ARCH_ARM64, CS_MODE_ARM)
         elif arch == "ppc":
@@ -350,7 +355,10 @@ class Program:
         #next: store different data based on type of operand
         #https://github.com/aquynh/capstone/blob/master/bindings/python/test_arm.py
         md.detail = True
-        i = md.disasm(raw, address).next()
+        try:
+          i = md.disasm(raw, address).next()
+        except StopIteration: #not a valid instruction
+          return default
         # should only be one instruction
         # may not need to track iset here
         # the repr field is a fallback representation of the instruction
@@ -368,7 +376,7 @@ class Program:
         return data
         #when ready, return data as json rather than static string
       except Exception, e:
-        #print "capstone disasm failed: {}".format(sys.exc_info()[0]), e
+        print "capstone disasm failed: {}".format(sys.exc_info()[0]), e
         return default
     else:
       return default

middleware/qira_webserver.py

@@ -285,10 +285,15 @@ def getinstructions(forknum, clnum, clstart, clend):
         rawins = trace.fetch_memory(i, rret['address'], rret['data'])
         if len(rawins) == rret['data']:
           raw = ''.join(map(lambda x: chr(x[1]), sorted(rawins.items())))
-          insdata = program.disasm(raw, rret['address'])
+          try:
+            thumb = program.tags[rret['address']]['thumb']
+          except KeyError:
+            thumb = False
+          insdata = program.disasm(raw, rret['address'], thumb)
         else:
           raise Exception("lack of swag")
       except Exception,e:
+        print "getinstructions failed: {}".format(sys.exc_info()[0]), e
         # fetch the instruction from the qemu dump
         insdata = {"repr": program.tags[rret['address']]['instruction']}
     else:

qemu_mods/disas.c

@@ -154,7 +154,6 @@ bfd_vma bfd_getb16 (const bfd_byte *addr)
 static int
 print_insn_thumb1(bfd_vma pc, disassemble_info *info)
 {
-  info->fprintf_func(info->stream, "t");
   return print_insn_arm(pc | 1, info);
 }
 #endif
@@ -324,6 +323,10 @@ void real_target_disas(FILE *out, CPUArchState *env, target_ulong code,
             fprintf(out, " }");
         }
 #endif
+  #ifdef TARGET_ARM
+  if (flags & 1) fprintf(out, "t");
+  else fprintf(out, "n");
+  #endif
 	fprintf(out, "\n");
 	if (count < 0)
 	    break;

qemu_mods/tci.c

@@ -468,6 +468,7 @@ void resize_change_buffer(size_t size);
 #define IS_MEM        0x20000000
 #define IS_START      0x10000000
 #define IS_SYSCALL    0x08000000
+#define IS_THUMB      0x04000000
 #define SIZE_MASK 0xFF
 
 #define FAKE_SYSCALL_LOADSEG 0x10001