| 1 | #include <stdio.h> |
|---|---|
| 2 | #include <stdlib.h> |
| 3 | #include <string.h> |
| 4 | #include "qword.h" |
| 5 | |
| 6 | #include "ia32_insn.h" |
| 7 | #include "ia32_opcode_tables.h" |
| 8 | |
| 9 | #include "ia32_reg.h" |
| 10 | #include "ia32_operand.h" |
| 11 | #include "ia32_implicit.h" |
| 12 | #include "ia32_settings.h" |
| 13 | |
| 14 | #include "libdis.h" |
| 15 | |
| 16 | extern ia32_table_desc_t ia32_tables[]; |
| 17 | extern ia32_settings_t ia32_settings; |
| 18 | |
| 19 | #define IS_SP( op ) (op->type == op_register && \ |
| 20 | (op->data.reg.id == REG_ESP_INDEX || \ |
| 21 | op->data.reg.alias == REG_ESP_INDEX) ) |
| 22 | #define IS_IMM( op ) (op->type == op_immediate ) |
| 23 | |
| 24 | #ifdef WIN32 |
| 25 | # define INLINE |
| 26 | #else |
| 27 | # define INLINE inline |
| 28 | #endif |
| 29 | |
| 30 | /* for calculating stack modification based on an operand */ |
| 31 | static INLINE int32_t long_from_operand( x86_op_t *op ) { |
| 32 | |
| 33 | if (! IS_IMM(op) ) { |
| 34 | return 0L; |
| 35 | } |
| 36 | |
| 37 | switch ( op->datatype ) { |
| 38 | case op_byte: |
| 39 | return (int32_t) op->data.sbyte; |
| 40 | case op_word: |
| 41 | return (int32_t) op->data.sword; |
| 42 | case op_qword: |
| 43 | return (int32_t) op->data.sqword; |
| 44 | case op_dword: |
| 45 | return op->data.sdword; |
| 46 | default: |
| 47 | /* these are not used in stack insn */ |
| 48 | break; |
| 49 | } |
| 50 | |
| 51 | return 0L; |
| 52 | } |
| 53 | |
| 54 | |
| 55 | /* determine what this insn does to the stack */ |
| 56 | static void ia32_stack_mod(x86_insn_t *insn) { |
| 57 | x86_op_t *dest, *src = NULL; |
| 58 | |
| 59 | if (! insn || ! insn->operands ) { |
| 60 | return; |
| 61 | } |
| 62 | |
| 63 | dest = &insn->operands->op; |
| 64 | if ( dest ) { |
| 65 | src = &insn->operands->next->op; |
| 66 | } |
| 67 | |
| 68 | insn->stack_mod = 0; |
| 69 | insn->stack_mod_val = 0; |
| 70 | |
| 71 | switch ( insn->type ) { |
| 72 | case insn_call: |
| 73 | case insn_callcc: |
| 74 | insn->stack_mod = 1; |
| 75 | insn->stack_mod_val = insn->addr_size * -1; |
| 76 | break; |
| 77 | case insn_push: |
| 78 | insn->stack_mod = 1; |
| 79 | insn->stack_mod_val = insn->addr_size * -1; |
| 80 | break; |
| 81 | case insn_return: |
| 82 | insn->stack_mod = 1; |
| 83 | insn->stack_mod_val = insn->addr_size; |
| 84 | case insn_int: case insn_intcc: |
| 85 | case insn_iret: |
| 86 | break; |
| 87 | case insn_pop: |
| 88 | insn->stack_mod = 1; |
| 89 | if (! IS_SP( dest ) ) { |
| 90 | insn->stack_mod_val = insn->op_size; |
| 91 | } /* else we don't know the stack change in a pop esp */ |
| 92 | break; |
| 93 | case insn_enter: |
| 94 | insn->stack_mod = 1; |
| 95 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 96 | break; |
| 97 | case insn_leave: |
| 98 | insn->stack_mod = 1; |
| 99 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 100 | break; |
| 101 | case insn_pushregs: |
| 102 | insn->stack_mod = 1; |
| 103 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 104 | break; |
| 105 | case insn_popregs: |
| 106 | insn->stack_mod = 1; |
| 107 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 108 | break; |
| 109 | case insn_pushflags: |
| 110 | insn->stack_mod = 1; |
| 111 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 112 | break; |
| 113 | case insn_popflags: |
| 114 | insn->stack_mod = 1; |
| 115 | insn->stack_mod_val = 0; /* TODO : FIX */ |
| 116 | break; |
| 117 | case insn_add: |
| 118 | if ( IS_SP( dest ) ) { |
| 119 | insn->stack_mod = 1; |
| 120 | insn->stack_mod_val = long_from_operand( src ); |
| 121 | } |
| 122 | break; |
| 123 | case insn_sub: |
| 124 | if ( IS_SP( dest ) ) { |
| 125 | insn->stack_mod = 1; |
| 126 | insn->stack_mod_val = long_from_operand( src ); |
| 127 | insn->stack_mod_val *= -1; |
| 128 | } |
| 129 | break; |
| 130 | case insn_inc: |
| 131 | if ( IS_SP( dest ) ) { |
| 132 | insn->stack_mod = 1; |
| 133 | insn->stack_mod_val = 1; |
| 134 | } |
| 135 | break; |
| 136 | case insn_dec: |
| 137 | if ( IS_SP( dest ) ) { |
| 138 | insn->stack_mod = 1; |
| 139 | insn->stack_mod_val = 1; |
| 140 | } |
| 141 | break; |
| 142 | case insn_mov: case insn_movcc: |
| 143 | case insn_xchg: case insn_xchgcc: |
| 144 | case insn_mul: case insn_div: |
| 145 | case insn_shl: case insn_shr: |
| 146 | case insn_rol: case insn_ror: |
| 147 | case insn_and: case insn_or: |
| 148 | case insn_not: case insn_neg: |
| 149 | case insn_xor: |
| 150 | if ( IS_SP( dest ) ) { |
| 151 | insn->stack_mod = 1; |
| 152 | } |
| 153 | break; |
| 154 | default: |
| 155 | break; |
| 156 | } |
| 157 | if (! strcmp("enter", insn->mnemonic) ) { |
| 158 | insn->stack_mod = 1; |
| 159 | } else if (! strcmp("leave", insn->mnemonic) ) { |
| 160 | insn->stack_mod = 1; |
| 161 | } |
| 162 | |
| 163 | /* for mov, etc we return 0 -- unknown stack mod */ |
| 164 | |
| 165 | return; |
| 166 | } |
| 167 | |
| 168 | /* get the cpu details for this insn from cpu flags int */ |
| 169 | static void ia32_handle_cpu( x86_insn_t *insn, unsigned int cpu ) { |
| 170 | insn->cpu = (enum x86_insn_cpu) CPU_MODEL(cpu); |
| 171 | insn->isa = (enum x86_insn_isa) (ISA_SUBSET(cpu)) >> 16; |
| 172 | return; |
| 173 | } |
| 174 | |
| 175 | /* handle mnemonic type and group */ |
| 176 | static void ia32_handle_mnemtype(x86_insn_t *insn, unsigned int mnemtype) { |
| 177 | unsigned int type = mnemtype & ~INS_FLAG_MASK; |
| 178 | insn->group = (enum x86_insn_group) (INS_GROUP(type)) >> 12; |
| 179 | insn->type = (enum x86_insn_type) INS_TYPE(type); |
| 180 | |
| 181 | return; |
| 182 | } |
| 183 | |
| 184 | static void ia32_handle_notes(x86_insn_t *insn, unsigned int notes) { |
| 185 | insn->note = (enum x86_insn_note) notes; |
| 186 | return; |
| 187 | } |
| 188 | |
| 189 | static void ia32_handle_eflags( x86_insn_t *insn, unsigned int eflags) { |
| 190 | unsigned int flags; |
| 191 | |
| 192 | /* handle flags effected */ |
| 193 | flags = INS_FLAGS_TEST(eflags); |
| 194 | /* handle weird OR cases */ |
| 195 | /* these are either JLE (ZF | SF<>OF) or JBE (CF | ZF) */ |
| 196 | if (flags & INS_TEST_OR) { |
| 197 | flags &= ~INS_TEST_OR; |
| 198 | if ( flags & INS_TEST_ZERO ) { |
| 199 | flags &= ~INS_TEST_ZERO; |
| 200 | if ( flags & INS_TEST_CARRY ) { |
| 201 | flags &= ~INS_TEST_CARRY ; |
| 202 | flags |= (int)insn_carry_or_zero_set; |
| 203 | } else if ( flags & INS_TEST_SFNEOF ) { |
| 204 | flags &= ~INS_TEST_SFNEOF; |
| 205 | flags |= (int)insn_zero_set_or_sign_ne_oflow; |
| 206 | } |
| 207 | } |
| 208 | } |
| 209 | insn->flags_tested = (enum x86_flag_status) flags; |
| 210 | |
| 211 | insn->flags_set = (enum x86_flag_status) INS_FLAGS_SET(eflags) >> 16; |
| 212 | |
| 213 | return; |
| 214 | } |
| 215 | |
| 216 | static void ia32_handle_prefix( x86_insn_t *insn, unsigned int prefixes ) { |
| 217 | |
| 218 | insn->prefix = (enum x86_insn_prefix) prefixes & PREFIX_MASK; // >> 20; |
| 219 | if (! (insn->prefix & PREFIX_PRINT_MASK) ) { |
| 220 | /* no printable prefixes */ |
| 221 | insn->prefix = insn_no_prefix; |
| 222 | } |
| 223 | |
| 224 | /* concat all prefix strings */ |
| 225 | if ( (unsigned int)insn->prefix & PREFIX_LOCK ) { |
| 226 | strncat(insn->prefix_string, "lock ", 32 - |
| 227 | strlen(insn->prefix_string)); |
| 228 | } |
| 229 | |
| 230 | if ( (unsigned int)insn->prefix & PREFIX_REPNZ ) { |
| 231 | strncat(insn->prefix_string, "repnz ", 32 - |
| 232 | strlen(insn->prefix_string)); |
| 233 | } else if ( (unsigned int)insn->prefix & PREFIX_REPZ ) { |
| 234 | strncat(insn->prefix_string, "repz ", 32 - |
| 235 | strlen(insn->prefix_string)); |
| 236 | } |
| 237 | |
| 238 | return; |
| 239 | } |
| 240 | |
| 241 | |
| 242 | static void reg_32_to_16( x86_op_t *op, x86_insn_t *insn, void *arg ) { |
| 243 | |
| 244 | /* if this is a 32-bit register and it is a general register ... */ |
| 245 | if ( op->type == op_register && op->data.reg.size == 4 && |
| 246 | (op->data.reg.type & reg_gen) ) { |
| 247 | /* WORD registers are 8 indices off from DWORD registers */ |
| 248 | ia32_handle_register( &(op->data.reg), |
| 249 | op->data.reg.id + 8 ); |
| 250 | } |
| 251 | } |
| 252 | |
| 253 | static void handle_insn_metadata( x86_insn_t *insn, ia32_insn_t *raw_insn ) { |
| 254 | ia32_handle_mnemtype( insn, raw_insn->mnem_flag ); |
| 255 | ia32_handle_notes( insn, raw_insn->notes ); |
| 256 | ia32_handle_eflags( insn, raw_insn->flags_effected ); |
| 257 | ia32_handle_cpu( insn, raw_insn->cpu ); |
| 258 | ia32_stack_mod( insn ); |
| 259 | } |
| 260 | |
| 261 | static size_t ia32_decode_insn( unsigned char *buf, size_t buf_len, |
| 262 | ia32_insn_t *raw_insn, x86_insn_t *insn, |
| 263 | unsigned int prefixes ) { |
| 264 | size_t size, op_size; |
| 265 | unsigned char modrm; |
| 266 | |
| 267 | /* this should never happen, but just in case... */ |
| 268 | if ( raw_insn->mnem_flag == INS_INVALID ) { |
| 269 | return 0; |
| 270 | } |
| 271 | |
| 272 | if (ia32_settings.options & opt_16_bit) { |
| 273 | insn->op_size = ( prefixes & PREFIX_OP_SIZE ) ? 4 : 2; |
| 274 | insn->addr_size = ( prefixes & PREFIX_ADDR_SIZE ) ? 4 : 2; |
| 275 | } else { |
| 276 | insn->op_size = ( prefixes & PREFIX_OP_SIZE ) ? 2 : 4; |
| 277 | insn->addr_size = ( prefixes & PREFIX_ADDR_SIZE ) ? 2 : 4; |
| 278 | } |
| 279 | |
| 280 | |
| 281 | /* ++++ 1. Copy mnemonic and mnemonic-flags to CODE struct */ |
| 282 | if ((ia32_settings.options & opt_att_mnemonics) && raw_insn->mnemonic_att[0]) { |
| 283 | strncpy( insn->mnemonic, raw_insn->mnemonic_att, 16 ); |
| 284 | } |
| 285 | else { |
| 286 | strncpy( insn->mnemonic, raw_insn->mnemonic, 16 ); |
| 287 | } |
| 288 | ia32_handle_prefix( insn, prefixes ); |
| 289 | |
| 290 | handle_insn_metadata( insn, raw_insn ); |
| 291 | |
| 292 | /* prefetch the next byte in case it is a modr/m byte -- saves |
| 293 | * worrying about whether the 'mod/rm' operand or the 'reg' operand |
| 294 | * occurs first */ |
| 295 | modrm = GET_BYTE( buf, buf_len ); |
| 296 | |
| 297 | /* ++++ 2. Decode Explicit Operands */ |
| 298 | /* Intel uses up to 3 explicit operands in its instructions; |
| 299 | * the first is 'dest', the second is 'src', and the third |
| 300 | * is an additional source value (usually an immediate value, |
| 301 | * e.g. in the MUL instructions). These three explicit operands |
| 302 | * are encoded in the opcode tables, even if they are not used |
| 303 | * by the instruction. Additional implicit operands are stored |
| 304 | * in a supplemental table and are handled later. */ |
| 305 | |
| 306 | op_size = ia32_decode_operand( buf, buf_len, insn, raw_insn->dest, |
| 307 | raw_insn->dest_flag, prefixes, modrm ); |
| 308 | /* advance buffer, increase size if necessary */ |
| 309 | buf += op_size; |
| 310 | buf_len -= op_size; |
| 311 | size = op_size; |
| 312 | |
| 313 | op_size = ia32_decode_operand( buf, buf_len, insn, raw_insn->src, |
| 314 | raw_insn->src_flag, prefixes, modrm ); |
| 315 | buf += op_size; |
| 316 | buf_len -= op_size; |
| 317 | size += op_size; |
| 318 | |
| 319 | op_size = ia32_decode_operand( buf, buf_len, insn, raw_insn->aux, |
| 320 | raw_insn->aux_flag, prefixes, modrm ); |
| 321 | size += op_size; |
| 322 | |
| 323 | |
| 324 | /* ++++ 3. Decode Implicit Operands */ |
| 325 | /* apply implicit operands */ |
| 326 | ia32_insn_implicit_ops( insn, raw_insn->implicit_ops ); |
| 327 | /* we have one small inelegant hack here, to deal with |
| 328 | * the two prefixes that have implicit operands. If Intel |
| 329 | * adds more, we'll change the algorithm to suit :) */ |
| 330 | if ( (prefixes & PREFIX_REPZ) || (prefixes & PREFIX_REPNZ) ) { |
| 331 | ia32_insn_implicit_ops( insn, IDX_IMPLICIT_REP ); |
| 332 | } |
| 333 | |
| 334 | |
| 335 | /* 16-bit hack: foreach operand, if 32-bit reg, make 16-bit reg */ |
| 336 | if ( insn->op_size == 2 ) { |
| 337 | x86_operand_foreach( insn, reg_32_to_16, NULL, op_any ); |
| 338 | } |
| 339 | |
| 340 | return size; |
| 341 | } |
| 342 | |
| 343 | |
| 344 | /* convenience routine */ |
| 345 | #define USES_MOD_RM(flag) \ |
| 346 | (flag == ADDRMETH_E || flag == ADDRMETH_M || flag == ADDRMETH_Q || \ |
| 347 | flag == ADDRMETH_W || flag == ADDRMETH_R) |
| 348 | |
| 349 | static int uses_modrm_flag( unsigned int flag ) { |
| 350 | unsigned int meth; |
| 351 | if ( flag == ARG_NONE ) { |
| 352 | return 0; |
| 353 | } |
| 354 | meth = (flag & ADDRMETH_MASK); |
| 355 | if ( USES_MOD_RM(meth) ) { |
| 356 | return 1; |
| 357 | } |
| 358 | |
| 359 | return 0; |
| 360 | } |
| 361 | |
| 362 | /* This routine performs the actual byte-by-byte opcode table lookup. |
| 363 | * Originally it was pretty simple: get a byte, adjust it to a proper |
| 364 | * index into the table, then check the table row at that index to |
| 365 | * determine what to do next. But is anything that simple with Intel? |
| 366 | * This is now a huge, convoluted mess, mostly of bitter comments. */ |
| 367 | /* buf: pointer to next byte to read from stream |
| 368 | * buf_len: length of buf |
| 369 | * table: index of table to use for lookups |
| 370 | * raw_insn: output pointer that receives opcode definition |
| 371 | * prefixes: output integer that is encoded with prefixes in insn |
| 372 | * returns : number of bytes consumed from stream during lookup */ |
| 373 | size_t ia32_table_lookup( unsigned char *buf, size_t buf_len, |
| 374 | unsigned int table, ia32_insn_t **raw_insn, |
| 375 | unsigned int *prefixes ) { |
| 376 | unsigned char *next, op = buf[0]; /* byte value -- 'opcode' */ |
| 377 | size_t size = 1, sub_size = 0, next_len; |
| 378 | ia32_table_desc_t *table_desc; |
| 379 | unsigned int subtable, prefix = 0, recurse_table = 0; |
| 380 | |
| 381 | table_desc = &ia32_tables[table]; |
| 382 | |
| 383 | op = GET_BYTE( buf, buf_len ); |
| 384 | |
| 385 | if ( table_desc->type == tbl_fpu && op > table_desc->maxlim) { |
| 386 | /* one of the fucking FPU tables out of the 00-BH range */ |
| 387 | /* OK,. this is a bit of a hack -- the proper way would |
| 388 | * have been to use subtables in the 00-BF FPU opcode tables, |
| 389 | * but that is rather wasteful of space... */ |
| 390 | table_desc = &ia32_tables[table +1]; |
| 391 | } |
| 392 | |
| 393 | /* PERFORM TABLE LOOKUP */ |
| 394 | |
| 395 | /* ModR/M trick: shift extension bits into lowest bits of byte */ |
| 396 | /* Note: non-ModR/M tables have a shift value of 0 */ |
| 397 | op >>= table_desc->shift; |
| 398 | |
| 399 | /* ModR/M trick: mask out high bits to turn extension into an index */ |
| 400 | /* Note: non-ModR/M tables have a mask value of 0xFF */ |
| 401 | op &= table_desc->mask; |
| 402 | |
| 403 | |
| 404 | /* Sparse table trick: check that byte is <= max value */ |
| 405 | /* Note: full (256-entry) tables have a maxlim of 155 */ |
| 406 | if ( op > table_desc->maxlim ) { |
| 407 | /* this is a partial table, truncated at the tail, |
| 408 | and op is out of range! */ |
| 409 | return INVALID_INSN; |
| 410 | } |
| 411 | |
| 412 | /* Sparse table trick: check that byte is >= min value */ |
| 413 | /* Note: full (256-entry) tables have a minlim of 0 */ |
| 414 | if ( table_desc->minlim > op ) { |
| 415 | /* this is a partial table, truncated at the head, |
| 416 | and op is out of range! */ |
| 417 | return INVALID_INSN; |
| 418 | } |
| 419 | /* adjust op to be an offset from table index 0 */ |
| 420 | op -= table_desc->minlim; |
| 421 | |
| 422 | /* Yay! 'op' is now fully adjusted to be an index into 'table' */ |
| 423 | *raw_insn = &(table_desc->table[op]); |
| 424 | //printf("BYTE %X TABLE %d OP %X\n", buf[0], table, op ); |
| 425 | |
| 426 | if ( (*raw_insn)->mnem_flag & INS_FLAG_PREFIX ) { |
| 427 | prefix = (*raw_insn)->mnem_flag & PREFIX_MASK; |
| 428 | } |
| 429 | |
| 430 | |
| 431 | /* handle escape to a multibyte/coproc/extension/etc table */ |
| 432 | /* NOTE: if insn is a prefix and has a subtable, then we |
| 433 | * only recurse if this is the first prefix byte -- |
| 434 | * that is, if *prefixes is 0. |
| 435 | * NOTE also that suffix tables are handled later */ |
| 436 | subtable = (*raw_insn)->table; |
| 437 | |
| 438 | if ( subtable && ia32_tables[subtable].type != tbl_suffix && |
| 439 | (! prefix || ! *prefixes) ) { |
| 440 | |
| 441 | if ( ia32_tables[subtable].type == tbl_ext_ext || |
| 442 | ia32_tables[subtable].type == tbl_fpu_ext ) { |
| 443 | /* opcode extension: reuse current byte in buffer */ |
| 444 | next = buf; |
| 445 | next_len = buf_len; |
| 446 | } else { |
| 447 | /* "normal" opcode: advance to next byte in buffer */ |
| 448 | if ( buf_len > 1 ) { |
| 449 | next = &buf[1]; |
| 450 | next_len = buf_len - 1; |
| 451 | } |
| 452 | else { |
| 453 | // buffer is truncated |
| 454 | return INVALID_INSN; |
| 455 | } |
| 456 | } |
| 457 | /* we encountered a multibyte opcode: recurse using the |
| 458 | * table specified in the opcode definition */ |
| 459 | sub_size = ia32_table_lookup( next, next_len, subtable, |
| 460 | raw_insn, prefixes ); |
| 461 | |
| 462 | /* SSE/prefix hack: if the original opcode def was a |
| 463 | * prefix that specified a subtable, and the subtable |
| 464 | * lookup returned a valid insn, then we have encountered |
| 465 | * an SSE opcode definition; otherwise, we pretend we |
| 466 | * never did the subtable lookup, and deal with the |
| 467 | * prefix normally later */ |
| 468 | if ( prefix && ( sub_size == INVALID_INSN || |
| 469 | INS_TYPE((*raw_insn)->mnem_flag) == INS_INVALID ) ) { |
| 470 | /* this is a prefix, not an SSE insn : |
| 471 | * lookup next byte in main table, |
| 472 | * subsize will be reset during the |
| 473 | * main table lookup */ |
| 474 | recurse_table = 1; |
| 475 | } else { |
| 476 | /* this is either a subtable (two-byte) insn |
| 477 | * or an invalid insn: either way, set prefix |
| 478 | * to NULL and end the opcode lookup */ |
| 479 | prefix = 0; |
| 480 | // short-circuit lookup on invalid insn |
| 481 | if (sub_size == INVALID_INSN) return INVALID_INSN; |
| 482 | } |
| 483 | } else if ( prefix ) { |
| 484 | recurse_table = 1; |
| 485 | } |
| 486 | |
| 487 | /* by default, we assume that we have the opcode definition, |
| 488 | * and there is no need to recurse on the same table, but |
| 489 | * if we do then a prefix was encountered... */ |
| 490 | if ( recurse_table ) { |
| 491 | /* this must have been a prefix: use the same table for |
| 492 | * lookup of the next byte */ |
| 493 | sub_size = ia32_table_lookup( &buf[1], buf_len - 1, table, |
| 494 | raw_insn, prefixes ); |
| 495 | |
| 496 | // short-circuit lookup on invalid insn |
| 497 | if (sub_size == INVALID_INSN) return INVALID_INSN; |
| 498 | |
| 499 | /* a bit of a hack for branch hints */ |
| 500 | if ( prefix & BRANCH_HINT_MASK ) { |
| 501 | if ( INS_GROUP((*raw_insn)->mnem_flag) == INS_EXEC ) { |
| 502 | /* segment override prefixes are invalid for |
| 503 | * all branch instructions, so delete them */ |
| 504 | prefix &= ~PREFIX_REG_MASK; |
| 505 | } else { |
| 506 | prefix &= ~BRANCH_HINT_MASK; |
| 507 | } |
| 508 | } |
| 509 | |
| 510 | /* apply prefix to instruction */ |
| 511 | |
| 512 | /* TODO: implement something enforcing prefix groups */ |
| 513 | (*prefixes) |= prefix; |
| 514 | } |
| 515 | |
| 516 | /* if this lookup was in a ModR/M table, then an opcode byte is |
| 517 | * NOT consumed: subtract accordingly. NOTE that if none of the |
| 518 | * operands used the ModR/M, then we need to consume the byte |
| 519 | * here, but ONLY in the 'top-level' opcode extension table */ |
| 520 | |
| 521 | if ( table_desc->type == tbl_ext_ext ) { |
| 522 | /* extensions-to-extensions never consume a byte */ |
| 523 | --size; |
| 524 | } else if ( (table_desc->type == tbl_extension || |
| 525 | table_desc->type == tbl_fpu || |
| 526 | table_desc->type == tbl_fpu_ext ) && |
| 527 | /* extensions that have an operand encoded in ModR/M |
| 528 | * never consume a byte */ |
| 529 | (uses_modrm_flag((*raw_insn)->dest_flag) || |
| 530 | uses_modrm_flag((*raw_insn)->src_flag) ) ) { |
| 531 | --size; |
| 532 | } |
| 533 | |
| 534 | size += sub_size; |
| 535 | |
| 536 | return size; |
| 537 | } |
| 538 | |
| 539 | static size_t handle_insn_suffix( unsigned char *buf, size_t buf_len, |
| 540 | ia32_insn_t *raw_insn, x86_insn_t * insn ) { |
| 541 | ia32_insn_t *sfx_insn; |
| 542 | size_t size; |
| 543 | unsigned int prefixes = 0; |
| 544 | |
| 545 | size = ia32_table_lookup( buf, buf_len, raw_insn->table, &sfx_insn, |
| 546 | &prefixes ); |
| 547 | if (size == INVALID_INSN || sfx_insn->mnem_flag == INS_INVALID ) { |
| 548 | return 0; |
| 549 | } |
| 550 | |
| 551 | strncpy( insn->mnemonic, sfx_insn->mnemonic, 16 ); |
| 552 | handle_insn_metadata( insn, sfx_insn ); |
| 553 | |
| 554 | return 1; |
| 555 | } |
| 556 | |
| 557 | /* invalid instructions are handled by returning 0 [error] from the |
| 558 | * function, setting the size of the insn to 1 byte, and copying |
| 559 | * the byte at the start of the invalid insn into the x86_insn_t. |
| 560 | * if the caller is saving the x86_insn_t for invalid instructions, |
| 561 | * instead of discarding them, this will maintain a consistent |
| 562 | * address space in the x86_insn_ts */ |
| 563 | |
| 564 | /* this function is called by the controlling disassembler, so its name and |
| 565 | * calling convention cannot be changed */ |
| 566 | /* buf points to the loc of the current opcode (start of the |
| 567 | * instruction) in the instruction stream. The instruction |
| 568 | * stream is assumed to be a buffer of bytes read directly |
| 569 | * from the file for the purpose of disassembly; a mem-mapped |
| 570 | * file is ideal for * this. |
| 571 | * insn points to a code structure to be filled by instr_decode |
| 572 | * returns the size of the decoded instruction in bytes */ |
| 573 | size_t ia32_disasm_addr( unsigned char * buf, size_t buf_len, |
| 574 | x86_insn_t *insn ) { |
| 575 | ia32_insn_t *raw_insn = NULL; |
| 576 | unsigned int prefixes = 0; |
| 577 | size_t size, sfx_size; |
| 578 | |
| 579 | if ( (ia32_settings.options & opt_ignore_nulls) && buf_len > 3 && |
| 580 | !buf[0] && !buf[1] && !buf[2] && !buf[3]) { |
| 581 | /* IF IGNORE_NULLS is set AND |
| 582 | * first 4 bytes in the intruction stream are NULL |
| 583 | * THEN return 0 (END_OF_DISASSEMBLY) */ |
| 584 | /* TODO: set errno */ |
| 585 | MAKE_INVALID( insn, buf ); |
| 586 | return 0; /* 4 00 bytes in a row? This isn't code! */ |
| 587 | } |
| 588 | |
| 589 | /* Perform recursive table lookup starting with main table (0) */ |
| 590 | size = ia32_table_lookup(buf, buf_len, idx_Main, &raw_insn, &prefixes); |
| 591 | if ( size == INVALID_INSN || size > buf_len || raw_insn->mnem_flag == INS_INVALID ) { |
| 592 | MAKE_INVALID( insn, buf ); |
| 593 | /* TODO: set errno */ |
| 594 | return 0; |
| 595 | } |
| 596 | |
| 597 | /* We now have the opcode itself figured out: we can decode |
| 598 | * the rest of the instruction. */ |
| 599 | size += ia32_decode_insn( &buf[size], buf_len - size, raw_insn, insn, |
| 600 | prefixes ); |
| 601 | if ( raw_insn->mnem_flag & INS_FLAG_SUFFIX ) { |
| 602 | /* AMD 3DNow! suffix -- get proper operand type here */ |
| 603 | sfx_size = handle_insn_suffix( &buf[size], buf_len - size, |
| 604 | raw_insn, insn ); |
| 605 | if (! sfx_size ) { |
| 606 | /* TODO: set errno */ |
| 607 | MAKE_INVALID( insn, buf ); |
| 608 | return 0; |
| 609 | } |
| 610 | |
| 611 | size += sfx_size; |
| 612 | } |
| 613 | |
| 614 | if (! size ) { |
| 615 | /* invalid insn */ |
| 616 | MAKE_INVALID( insn, buf ); |
| 617 | return 0; |
| 618 | } |
| 619 | |
| 620 | |
| 621 | insn->size = size; |
| 622 | return size; /* return size of instruction in bytes */ |
| 623 | } |
| 624 |
Generated on 2022-Feb-21 from project breakpad revision 20220221
Powered by 
Code Browser 2.1
Generator usage only permitted with license.