ghidra/Ghidra/Processors/PowerPC/data/ppc64-r2CallStubs.xml

<patternlist>
  <!-- 
  	This file contains all known call stub (i.e., thunk) patterns which
  	utilize a propagated r2 register value in determining the thunked function
  	to which any given call stub branches.
  	
  	NOTES: 
  		1. Each pattern must account for all instructions contained within the stub.
  		2. Only 4-byte instructions are supported (due to pattern flipping for little endian use)
  -->
  <pattern>
     <data>
     	0x3d82....	# addis	r12,r2,0x####
     	0xf84100..  # std	r2,0x##(r1)
     	0xe96c....  # ld		r11,0x####(r12)
     	0x7d6903a6  # mtspr	CTR,r11
     	0xe84c....  # ld		r2,0x####(r12)
     	0xe96c....  # ld		r11,0x####(r12)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0xe962....  # ld		r11,0x####(r2)
     	0x7d6903a6  # mtspr	CTR,r11
     	0xe962....  # ld		r11,0x####(r2)
     	0xe842....  # ld		r2,0x####(r2)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0xe982....	# ld		r12,0x####(r2)
     	0x7d8903a6	# mtspr	CTR,r12
     	0x4e800420	# bctr
     </data>
  </pattern>
  <!-- It is possible that the patterns below always appear inline and not used as a thunk -->
  <pattern> 
     <data>
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x7d8903a6	# mtspr	CTR,r12
     	0xe84b....	# ld		r2,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x396b....	# addi	r11,r11,0x####
     	0x7d8903a6	# mtspr	CTR,r12
     	0xe84b....	# ld		r2,0x####(r11)
     	0xe96b....	# ld		r11,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x7d8903a6	# mtspr	CTR,r12
     	0x7d826278	# xor	r2,r12,r12
     	0x7d6b1214	# add	r11,r11,r2
     	0xe84b....	# ld		r2,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x396b....	# addi	r11,r11,0x####
     	0x7d8903a6	# mtspr	CTR,r12
     	0x7d826278	# xor	r2,r12,r12
     	0x7d6b1214	# add	r11,r11,r2
     	0xe84b....	# ld		r2,0x####(r11)
     	0xe96b....	# ld		r11,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x7d8903a6	# mtspr	CTR,r12
     	0xe84b....	# ld		r2,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x396b....	# addi	r11,r11,0x####
     	0x7d8903a6	# mtspr	CTR,r12
     	0xe84b....	# ld		r2,0x####(r11)
     	0xe96b....	# ld		r11,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x7d8903a6	# mtspr	CTR,r12
     	0x7d826278	# xor	r2,r12,r12
     	0x7d6b1214	# add	r11,r11,r2
     	0xe84b....	# ld		r2,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf84100..  # std	r2,0x##(r1)
     	0x3d62....	# addis	r11,r2,0x####
     	0xe98b....	# ld		r12,0x####(r11)
     	0x396b....	# addi	r11,r11,0x####
     	0x7d8903a6	# mtspr	CTR,r12
     	0x7d826278	# xor	r2,r12,r12
     	0x7d6b1214	# add	r11,r11,r2
     	0xe84b....	# ld		r2,0x####(r11)
     	0xe96b....	# ld		r11,0x####(r11)
     	0x4e800420	# bctr
     </data>
  </pattern>
     <!-- 
     	The case where call stub performs conditional bnectr followed 
     	by relative branch is omitted since this is not a valid thunk
     	scenario.
     -->
  <pattern>
     <data>
	 	0x3d820000	# addis r12,r2,0x####
	 	0xe98c0000	# ld		r12,0x####(r12)
	 	0x7d8903a6	# mtspr	CTR,r12
	 	0x4e800420	# bctr
     </data>
  </pattern>
  <pattern>
     <data>
     	0xf8410000	# std   r2,0x####(r1) 
	 	0x3d820000	# addis r12,r2,0x####
	 	0xe98c0000	# ld		r12,0x####(r12)
	 	0x7d8903a6	# mtspr	CTR,r12
	 	0x4e800420	# bctr
     </data>
  </pattern>
</patternlist>