New analysis module for find_float_consts

[disinvite]

Moving the find_float_consts search into its own module. Same performance improvements from #70. (I'm working on the thunk piece separately.)

Instead of having all analysis on the binary jammed into PEImage, put the relevant stuff in its own module that calls functions on the image.

I think all the review comments are addressed from that previous PR, and we now have some rudimentary tests targeted to just this analysis function. We still have the TODO to use more sections than just .text and .rdata but we are better suited to add the new function when it is ready. (#75)

The module is just under analysis for now. Thoughts on x86-specific or PE-specific sub-modules?

As for the floating point instructions: this is hopefully now better explained in the code and comments. You can run this excerpt to see the candidate instructions:

from capstone import Cs, CS_ARCH_X86, CS_MODE_32
disassembler = Cs(CS_ARCH_X86, CS_MODE_32)

deadbeef = b"\xef\xbe\xad\xde"
for opcode in range(0xd8, 0xe0):
    for ext in range(256):
        code = bytearray([opcode, ext, *deadbeef])
        inst = next(disassembler.disasm(code, 0), None)
        if inst and "deadbeef" in inst.op_str:
            print(f"{opcode:02x} {ext:02x}   {inst.mnemonic:10} {inst.op_str}")
    print()

That's all of them that operate on a single address. We can ignore anything that stores a value since those pointers are not constants. We also don't care about things that set or load status registers on the FPU. I ignored integer instructions like fiadd for now but we may want them later. We actually wound up targeting fewer instructions than before.

[madebr]

I'm not sure what python version is required, but I think you can run regular expressions on memoryviews.

[disinvite]

Thanks! Per PEP 688 the common type for bytes and memoryview is collections.abc.Buffer, so I used that here.

[disinvite]

Ah. 3.12 only.

[disinvite]

To clarify: it works with both bytes and memoryview, we just can't use the preferred type hint until 3.12. For now it's just bytes which mypy accepts.

[madebr]

Does this check also test write-able data sections?
e.g. code that does;

float g_Gravity = 9.8f;
void set_gravity(float g) { g_Gravity = g; }

[disinvite]

It would not identify 9.8f if the value is in a writable section. If it were never modified (and in .rdata) then we would return it, but the correct behavior is to add the variable annotations first and then not replace g_Gravity with EntityType.FLOAT.

[jonschz]

The readability has improved greatly, thanks! I took a brief look and couldn't find any regressions.