fix #18

src/patcherex2/components/archinfo/aarch64.py

@@ -4,6 +4,7 @@ class Aarch64Info:
     jmp_asm = "b {dst}"
     jmp_size = 4
     call_asm = "bl {dst}"
+    pc_reg_names = ["pc", "ip"]
     save_context_asm = """
         sub sp, sp, #0x1f0
         stp x0, x1, [sp, #0x0]

src/patcherex2/components/archinfo/amd64.py

@@ -4,6 +4,7 @@ class Amd64Info:
     jmp_asm = "jmp {dst}"
     jmp_size = 6
     call_asm = "call {dst}"
+    pc_reg_names = ["rip"]
     save_context_asm = """
     push rax
     push rbx

src/patcherex2/components/archinfo/arm.py

@@ -4,6 +4,7 @@ class ArmInfo:
     jmp_asm = "b {dst}"
     jmp_size = 4
     call_asm = "bl {dst}"
+    pc_reg_names = ["pc", "r15", "ip"]
     save_context_asm = """
         push {r0-r11}
     """

src/patcherex2/components/archinfo/mips.py

@@ -5,6 +5,7 @@ class MipsInfo:
     # NOTE: keystone will always add nop for branch delay slot, so include it in size
     jmp_size = 8
     call_asm = "jal {dst}"
+    pc_reg_names = ["pc"]
     save_context_asm = """
     sub $sp, $sp, -124
     sw $ra, 120($sp)

src/patcherex2/components/archinfo/mips64.py

@@ -5,6 +5,7 @@ class Mips64Info:
     # NOTE: keystone will aldays add nop for branch delay slot, so include it in size
     jmp_size = 8
     call_asm = "jal {dst}"
+    pc_reg_names = ["pc"]
     save_context_asm = """
     sub $sp, $sp, -248
     sd $ra, 240($sp)

src/patcherex2/components/archinfo/ppc.py

@@ -4,6 +4,7 @@ class PpcInfo:
     jmp_asm = "b {dst}"
     jmp_size = 4
     call_asm = "bl {dst}"
+    pc_reg_names = []
     save_context_asm = """
     stwu r1, -0x80(r1)
     stmw r3, 0x8(r1)

src/patcherex2/components/archinfo/ppc64.py

@@ -4,6 +4,7 @@ class Ppc64Info:
     jmp_asm = "b {dst}"
     jmp_size = 4
     call_asm = "bl {dst}"
+    pc_reg_names = []
     save_context_asm = """
     stwu r1, -0x80(r1)
     stmw r3, 0x8(r1)

src/patcherex2/components/archinfo/ppc_vle.py

@@ -4,5 +4,6 @@ class PpcVleInfo:
     jmp_asm = "b {dst}"
     jmp_size = 4
     call_asm = "bl {dst}"
+    pc_reg_names = []
     save_context_asm = ""  # TODO
     restore_context_asm = ""  # TODO

src/patcherex2/components/archinfo/sparc.py

@@ -4,5 +4,6 @@ class SparcInfo:
     jmp_asm = "b {dst}\nnop"  # nop due to delay slot
     jmp_size = 8
     call_asm = "call {dst}"
+    pc_reg_names = ["pc"]
     save_context_asm = ""  # TODO
     restore_context_asm = ""  # TODO

src/patcherex2/components/archinfo/x86.py

@@ -4,6 +4,7 @@ class X86Info:
     jmp_asm = "jmp {dst}"
     jmp_size = 5
     call_asm = "call {dst}"
+    pc_reg_names = ["eip"]
     save_context_asm = """
     pusha
     """

src/patcherex2/components/utils/utils.py

@@ -1,4 +1,5 @@
 import logging
+import re
 from typing import Dict, Optional
 
 from ..allocation_managers.allocation_manager import MemoryFlag
@@ -128,6 +129,11 @@ def is_movable_instruction(self, addr: int) -> bool:
         is_thumb = self.p.binary_analyzer.is_thumb(addr)
         insn = self.p.binary_analyzer.get_instr_bytes_at(addr)
         asm = self.p.disassembler.disassemble(insn, addr, is_thumb=is_thumb)[0]
+        # if instruction use PC as a base register, it's not movable
+        tokens = re.split(r"\s|,|\[|\]", asm["op_str"])
+        tokens = list(filter(None, tokens))
+        if list(set(self.p.archinfo.pc_reg_names) & set(tokens)):
+            return False
         asm = self.p.disassembler.to_asm_string(asm)
         for addr in [0x0, 0x7F00000, 0xFE000000]:
             if self.p.assembler.assemble(asm, addr, is_thumb=is_thumb) != insn: