Register name not found via translate_register_name

[frapik99]

Hi,
analysing a project I encountered the following assembly instruction:

0x901e774:	or	ah, 0x10

This was translated into:

09 | ------ IMark(0x901e774, 3, 0) ------
10 | t4 = GET:I8(9)
11 | t2 = Or8(t4,0x10)
12 | PUT(cc_op) = 0x0000000d
13 | t13 = 8Uto32(t2)
14 | PUT(cc_dep1) = t13
15 | PUT(cc_dep2) = 0x00000000
16 | PUT(cc_ndep) = 0x00000000
17 | PUT(9) = t2

I suspect for some reason the ah register was not found so also the pp() function prints the output in that way.

I tried to obtain the right register name using source = self.project.arch.translate_register_name(instruction.data.offset, 8) but I have always 9 as result. For all the other instructions all was correct. Any idea on how to fix it?

Thanks

[zardus]

Register names are resolved using this dict: https://github.com/angr/archinfo/blob/master/archinfo/arch_x86.py#L127

It looks like we don't have the partial registers there ah, al, etc. Adding them to that dict (and sending a PR!) should get them to display.

[rhelmot]

I would like to point out that we definitely supported those at some point, and I'm pretty sure this being broken is the fault of a recent commit by @ltfish, if you wanna go through the archinfo history. He was fixing some other problem related to ah and al, so it's important we not regress on that.

…

On Tue, Apr 25, 2017 at 4:07 AM Yan ***@***.***> wrote: Register names are resolved using this dict: https://github.com/angr/archinfo/blob/master/archinfo/arch_x86.py#L127 It looks like we don't have the partial registers there ah, al, etc. Adding them to that dict (and sending a PR!) should get them to display. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#119 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACYg9Yl_Iwc3t523I8b25q8LxfGw7Znvks5rzdQHgaJpZM4NFYTW> .

[ltfish]

This issue has been fixed by my commit to archinfo (see here). You want to use the latest version of both PyVEX and archinfo.

Here is an example output from IPython with the latest version of everything from GitHub:

In [1]: import angr

In [2]: import archinfo

In [3]: block = angr.block.Block(addr=0, arch=archinfo.ArchX86(), byte_string="\x80\xcc\x10")

In [4]: block.vex.pp()
IRSB {
   t0:Ity_I8 t1:Ity_I8 t2:Ity_I8 t3:Ity_I32 t4:Ity_I32

   00 | ------ IMark(0x0, 3, 0) ------
   01 | t2 = GET:I8(ah)
   02 | t0 = Or8(t2,0x10)
   03 | PUT(cc_op) = 0x0000000d
   04 | t3 = 8Uto32(t0)
   05 | PUT(cc_dep1) = t3
   06 | PUT(cc_dep2) = 0x00000000
   07 | PUT(cc_ndep) = 0x00000000
   08 | PUT(ah) = t0
   NEXT: PUT(eip) = 0x00000003; Ijk_Boring
}