-
-
Notifications
You must be signed in to change notification settings - Fork 53
ModRM
ModRM class is the representation of a Mod R/M byte. Objects of this class is usually retrieved as part of an Instr object.
For construction, we need the individual parts that form the Mod R/M byte, which then become properties. Alternatively the constructor can be called with the Mod R/M byte (number or hex string) itself to extract the parts.
Syntax:
new ModRM(mode, regop, regmem)
new ModRM(byte)Once the object is created, the following properties & functions become available.
| Property name | Description |
|---|---|
Mode |
Mode number. Values are one of the following: 0 => Ptr with no displacement. 1 => Ptr with byte displacement. 2 => Ptr with dword/word displacement. 3 => Both arguments are Register. |
RegO |
Either a Register, it's Index or an operation number (between 0 and 7). |
RegM |
Either a Register, it's Index or a memory operand indicator. |
Data |
The complete Mod R/M byte as a number or hex string depending on how the object was constructed. |
Allows for modification of the object's members and update the Data member.
Use null for keeping any member intact.
Syntax:
<obj>.update(mode, regop, regmem)| Argument | Description |
|---|---|
mode |
The new Mode value. If null, the existing Mode is kept intact. |
regop |
The new RegO register/value. If null, the existing RegO is kept intact. |
regmem |
The new RegM register/value. If null, the existing RegM is kept intact. |
Retrieves the RegMem and RegOp members as Register objects. Works best when the ModRM object is part of an extracted Instr.
Syntax:
<obj>.getReg(section, [bitsize])| Argument | Description |
|---|---|
section |
Should be either M for RegMem or O for RegOp
|
bitsize |
Optional bit size of the register. Default is 32
|
Returns: Either the estimated/extracted register or
nullin case something went wrong
Override of toString function for obtaining all the details of the object as a string. Useful for debugging.
Syntax;
<obj>.toString()This function is automatically invoked when the object is used in a string context. For e.g. with the Debug function.