zelos.api.regs_api module

class zelos.api.regs_api.RegsApi(zelos)

Bases: object

Allows accessing registers directly by their name.

Methods also exist for accessing registers that hold the instruction, stack, and frame pointers in a platform agnostic way, as well as functions for manipulating the stack.

from zelos import Zelos, HookType

# 32 bit x86 binary
z = Zelos("binary_to_emulate")

# Increment the starting address by 2
z.regs.eip = z.regs.eip + 2

# A platform agnostic way of adjusting the Instruction Pointer
z.regs.setIP(z.regs.getIP() + 2)
getIP() → int

Returns the platform-agnostic instruction pointer. On x86, this returns the value of the EIP register. On ARM, this returns the value of register R15. On MIPS, this returns the value of the PC register.

setIP(new_ip: int) → None

Sets the instruction pointer. On x86, this sets the value of the EIP register. On ARM, this sets the value of register R15. On MIPS this sets the value of the PC register.

getSP() → int

Returns the platform-agnostic stack pointer. On x86, this returns the value of the ESP register. On ARM, this returns the value of register R13. On MIPS, this returns the value of the SP register.

setSP(new_sp: int) → None

Sets the stack pointer. On x86, this sets the value of the ESP register. On ARM, this sets the value of register R13. On MIPS this sets the value of the SP register.

getFP() → int

Returns the platform-agnostic frame pointer. On x86, this returns the value of the EBP register. On ARM, this returns the value of register R11. On MIPS, this returns the value of register $30.

setFP(new_fp: int) → None

Sets the frame pointer. On x86, this sets the value of the EBP register. On ARM, this sets the value of register R11. On MIPS this sets the value of register $30.

getstack(offset: int) → int

Returns data that is offset * word_size bytes from the top of the stack.

setstack(offset: int, val: int) → None

Sets data that is offset * word_size bytes from the top of the stack.

popstack() → int

Pop an item from the top of the stack.

pushstack(data: int) → None

Push an item to the top of the stack.