Instructions¶
As promised - we arrive to discuss the instruction objects. Instruction objects represent the actual assembly code of each line.
>>> line = sark.Line()
>>> insn = line.insn
>>> print line
[00417555] mov ecx, [eax+8]
>>> print insn.mnem
mov
>>> print insn.operands
[<Operand(n=0, text='ecx')>, <Operand(n=1, text='[eax+8]')>]
Out of their members,
Member | Usage |
---|---|
operands | list of operands |
mnem | opcode mnemonic |
has_reg | is a reg used in the instruction |
regs | the registers used in the instruction |
Instruction.operands
is the most interesting one.
Operands¶
Each operand provides the means to analyze individual operands in the code.
>>> print insn.operands[1]
<Operand(n=1, text='[eax+8]')>
>>> print "{0.reg} + {0.offset}".format(insn.operands[1])
eax + 8
Member | Usage |
---|---|
n | operand index in instruction |
type | numeric type a-la IDA SDK |
size | data size of the operand |
is_read | is the operand read from |
is_write | is the operand written to |
reg | the register used in the operand |
text | the operand text, as displayed in IDA |
base | the base register in an
address-phrase of the form
[base + index * scale + offset] |
index | the index register in a phrase |
scale | the scale in a phrase |
offset | the offset in a phrase |
Getting Instructions¶
The best way to retrieve instruction objects is using the .insn
member of sark.Line
.