LyScript AI

Appearance

Register interface

In assembly, registers are small storage units located inside the CPU that are used to temporarily store data, addresses, or control information. The main function of registers is to provide fast data access and operations when the CPU executes instructions. Registers play a very important role in assembly because they directly participate in the execution of instructions and data processing, providing underlying control over computer hardware.

LyScript provides standardized APIs for accessing and modifying register values. These API interfaces encapsulate operations to access registers, allowing users to directly use these functions to read and modify register values.

Universal Register

get_register

By passing in the register name to read the parameters of the corresponding general-purpose register, it supports debugging registers (such as DR0-DR7), x86 general-purpose registers and their variants (such as EAX/AX/AH/AL, etc.), special registers (such as CIP, CFLAGS, etc.), and 64 bit dedicated registers (such as R8-R15 and their variants). When successful, it returns a dictionary containing register name, value (decimal/hexadecimal), platform, and other information. When failed, it returns false.

The available register range for this method includes the following:

  • DR0, DR1, DR2, DR3, DR6, DR7
  • EAX, AX, AH, AL
  • EBX, BX, BH, BL
  • ECX, CX, CH, CL
  • EDX, DX, DH, DL
  • EDI, DI
  • ESI, SI
  • EBP, BP
  • ESP, SP
  • EIP, RAX, RBX, RCX, RDX, RSI, SIL, RDI, DIL, RBP, BPL, RSP, SPL, RIP
  • CIP, CSP, CAX, CBX, CCX, CDX, CDI, CSI, CBP, CFLAGS

For 64 bits, a register set has been added as follows:

  • R8, R8D, R8W, R8B
  • R9, R9D, R9W, R9B
  • R10, R10D, R10W, R10B
  • R11, R11D, R11W, R11B
  • R12, R12D, R12W, R12B
  • R13, R13D, R13W, R13B
  • R14, R14D, R14W, R14B
  • R15, R15D, R15W, R15B
python
>>> eax = debugger.get_register("eax")
>>> ax = debugger.get_register("ax")
>>> ah = debugger.get_register("ah")
>>>
>>> eax
{
    'message': 'Registervalueretrievedsuccessfully',
    'register_name': 'EAX',
    'register_index': 6,
    'value_decimal': 0,
    'value_hex': '0x00000000',
    'platform': 'x86'
}
>> ax
{
    'message': 'Registervalueretrievedsuccessfully',
    'register_name': 'AX',
    'register_index': 7,
    'value_decimal': 0,
    'value_hex': '0x00000000',
    'platform': 'x86'
}
>> ah
{
    'message': 'Registervalueretrievedsuccessfully',
    'register_name': 'AH',
    'register_index': 8,
    'value_decimal': 0,
    'value_hex': '0x00000000',
    'platform': 'x86'
}

set_register

By passing in the register name and value (supporting decimal and hexadecimal formats), the parameters of the corresponding general-purpose register can be set. It supports debugging registers (such as DR0-DR7), x86 general-purpose registers and their variants (such as EAX/AX/AH/AL, etc.), special registers (such as CIP, CFLAGS, etc.), and 64 bit dedicated registers (such as R8-R15 and their variants). When successful, a dictionary containing register name, setting value (decimal/hexadecimal), platform and other information will be returned. When failed, false will be returned.

python
>>> eax = debugger.get_register("eax")
>>> eax
{
    'message': 'Registervalueretrievedsuccessfully',
    'register_name': 'EAX',
    'register_index': 6,
    'value_decimal': 0,
    'value_hex': '0x00000000',
    'platform': 'x86'
}
>> debugger.set_register("eax",0x100)
{
    'message': 'Registervaluesetsuccessfully',
    'register_name': 'EAX',
    'register_index': 6,
    'set_value_decimal': 256,
    'set_value_hex': '0x00000100',
    'platform': 'x86'
}
>> debugger.set_register("eax",1024)
{
    'message': 'Registervaluesetsuccessfully',
    'register_name': 'EAX',
    'register_index': 6,
    'set_value_decimal': 1024,
    'set_value_hex': '0x00000400',
    'platform': 'x86'
}

Flag Register

Flag register is a special type of register in computer architecture that stores state information and flag bits generated during processor operations. Flag registers are typically used to store various condition codes that record the result or state of the most recent arithmetic or logical operation. Programs can use the status information of flag registers to make conditional judgments, control program flow, and implement various algorithms and logical operations. Flag registers are an important component of computer architecture, which have a significant impact on the execution of instructions and the correctness of programs.

get_flag_register

Read the status of the corresponding flag register by passing in the name of the flag register, supporting commonly used flag registers in x86/x64 architecture (such as ZF, PF, SF, etc.). When successful, return a dictionary containing flag status (whether set), flag name, index, description, platform, and other information. If failed, return false.

The available range of flag registers for this method includes the following:

ZF (Zero Flag): Set the result to zero PF (Parity Flag): Set when the number of 1s in the result is even SF (Sign Flag): Set when the result is negative (highest bit is 1) CF (Carry Flag): Set when unsigned operation generates carry or borrow OF (Overflow Flag): Set when the signed operation result exceeds the representation range AF (Auxiliary Carry Flag): Set when performing a carry or borrow operation from the lower 4 bits to the higher 4 bits DF (Direction Flag): Controls the direction of string operation instructions, processing from high address to low address when set to 1 IF (Interrupt Enable Flag): Allow CPU to respond to maskable interrupts when set to 1

python
>>> zf = debugger.get_flag_register("zf")
>>> zf
{
    'is_set': True,
    'flag_name': 'ZF',
    'flag_index': 0,
    'description': 'ZeroFlag(ZF): Setifresultiszero',
    'message': 'ZFflagisset',
    'platform': 'x86'
}
>>>
>>> pf = debugger.get_flag_register("pf")
>>> pf
{
    'is_set': True,
    'flag_name': 'PF',
    'flag_index': 3,
    'description': 'ParityFlag(PF): Setifnumberof1sinresultiseven',
    'message': 'PFflagisset',
    'platform': 'x86'
}

set_flag_register

By passing in the name and setting value of the flag register (1 indicates setting the flag, 0 indicates clearing the flag), the state of the corresponding flag register can be modified. It supports commonly used flag registers in x86/x64 architecture (such as OF, TF, ZF, etc.). When successful, a dictionary containing the operation result, flag name, index, description, current state, setting value, platform and other information will be returned. If failed, false will be returned.

python
>>> zf = debugger.set_flag_register("of",1)
>>> zf
{
    'message': 'OFflagsetsuccessfully',
    'flag_name': 'OF',
    'flag_index': 1,
    'description': 'OverflowFlag(OF): Setifarithmeticoverflowoccurs',
    'is_set': True,
    'set_value': 1,
    'platform': 'x86'
}
>>>
>>> tf = debugger.set_flag_register("tf",0)
>>> tf
{
    'message': 'TFflagclearedsuccessfully',
    'flag_name': 'TF',
    'flag_index': 5,
    'description': 'TrapFlag(TF): Settoenablesingle-stepdebugging',
    'is_set': False,
    'set_value': 0,
    'platform': 'x86'
}

Automation component developed for x64dbg debugger

Copyright © 2022-2025 LyShark Security Team