diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2008-10-26 23:37:51 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2008-10-26 23:37:51 (GMT) |
| commit | 197933fdf469ab9b8897b33c51809c128f1e3c03 (patch) | |
| tree | 104d91be1a69d80eb4b59b247e4b719531bc7492 /src/arch/x86/processor.c | |
| parent | ac438e8ad47f267c9eb6f462eb5a7e2b5c017f26 (diff) | |
Completed support of the 0x81 and 0xc1 opcodes.
git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@37 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a
Diffstat (limited to 'src/arch/x86/processor.c')
| -rw-r--r-- | src/arch/x86/processor.c | 346 |
1 files changed, 195 insertions, 151 deletions
diff --git a/src/arch/x86/processor.c b/src/arch/x86/processor.c index 14f35bc..3fde754 100644 --- a/src/arch/x86/processor.c +++ b/src/arch/x86/processor.c @@ -41,11 +41,10 @@ typedef asm_x86_instr * (* read_instr) (const uint8_t *, off_t *, off_t, uint64_ /* Carte d'identité d'un opcode */ typedef struct _x86_opcode { - uint8_t prefix; /* préfixe eventuel */ + X86Prefix prefix; /* Préfixe(s) eventuel(s) */ uint8_t opcode; /* Opcode seul */ uint8_t op_ext; /* Extension de l'opcode */ - bool opt_prefix; /* Préfixe optionnel ? */ bool has_op_ext; /* Ext. à prendre en compte ? */ const char *name; /* Désignation humaine */ @@ -57,27 +56,61 @@ typedef struct _x86_opcode #define EXT_OPCODE_MASK 0x38 -#define register_opcode(target, _prefix, _opcode, _name, _read) \ + + + +#define register_opcode(target, _opcode, _name, _read) \ + do { \ + target.prefix = X86_PRE_NONE; \ + target.opcode = _opcode; \ + target.has_op_ext = false; \ + target.name = _name; \ + target.read = _read; \ + } while (0) + +#define register_opcode_1632(target, _opcode, _name, _read) \ do { \ - target.prefix = _prefix; \ + target.prefix = X86_PRE_OPSIZE; \ target.opcode = _opcode; \ - target.opt_prefix = (_prefix != 0x00); \ target.has_op_ext = false; \ target.name = _name; \ target.read = _read; \ } while (0) -#define register_opcode_with_ext(target, _prefix, _opcode, _ext, _name, _read) \ +#define register_opcode_with_ext(target, _opcode, _ext, _name, _read) \ do { \ - target.prefix = _prefix; \ + target.prefix = X86_PRE_NONE; \ target.opcode = _opcode; \ target.op_ext = _ext << 3; \ - target.opt_prefix = (_prefix != 0x00); \ target.has_op_ext = true; \ target.name = _name; \ target.read = _read; \ } while (0) +#define register_opcode_1632_with_ext(target, _opcode, _ext, _name, _read) \ + do { \ + target.prefix = X86_PRE_OPSIZE; \ + target.opcode = _opcode; \ + target.op_ext = _ext << 3; \ + target.has_op_ext = true; \ + target.name = _name; \ + target.read = _read; \ + } while (0) + +#define register_2b_opcode_1632(target, _opcode, _name, _read) \ + do { \ + target.prefix = X86_PRE_ESCAPE | X86_PRE_OPSIZE; \ + target.opcode = _opcode; \ + target.has_op_ext = false; \ + target.name = _name; \ + target.read = _read; \ + } while (0) + + + + + + @@ -205,127 +238,140 @@ AsmOperandSize switch_x86_operand_size_if_needed(const asm_x86_processor *proc, void x86_register_instructions(asm_x86_processor *proc) { - register_opcode(proc->opcodes[X86_OP_ADD_RM8_R8], 0x00, 0x00, "add", x86_read_instr_add_rm8_r8); - - register_opcode(proc->opcodes[X86_OP_SUB_R1632_RM1632], 0x66, 0x29, "sub", x86_read_instr_sub_r1632_from_rm1632); - - register_opcode(proc->opcodes[X86_OP_XOR_RM8_R8], 0x00, 0x30, "xor", x86_read_instr_xor_rm8_with_r8); - register_opcode(proc->opcodes[X86_OP_XOR_RM1632_R1632], 0x66, 0x31, "xor", x86_read_instr_xor_rm1632_with_r1632); - register_opcode(proc->opcodes[X86_OP_XOR_R8_RM8], 0x00, 0x32, "xor", x86_read_instr_xor_r8_with_rm8); - register_opcode(proc->opcodes[X86_OP_XOR_R1632_RM1632], 0x66, 0x33, "xor", x86_read_instr_xor_r1632_with_rm1632); - register_opcode(proc->opcodes[X86_OP_XOR_AL_IMM8], 0x00, 0x34, "xor", x86_read_instr_xor_al_with_imm8); - register_opcode(proc->opcodes[X86_OP_XOR_E_AX_IMM1632], 0x66, 0x35, "xor", x86_read_instr_xor_e_ax_with_imm1632); - - register_opcode(proc->opcodes[X86_OP_CMP_RM1632_R1632], 0x66, 0x39, "cmp", x86_read_instr_cmp_rm1632_with_r1632); - - register_opcode(proc->opcodes[X86_OP_INC_E_AX], 0x66, 0x40, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_CX], 0x66, 0x41, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_DX], 0x66, 0x42, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_BX], 0x66, 0x43, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_SP], 0x66, 0x44, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_BP], 0x66, 0x45, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_SI], 0x66, 0x46, "inc", x86_read_instr_inc_r1632); - register_opcode(proc->opcodes[X86_OP_INC_E_DI], 0x66, 0x47, "inc", x86_read_instr_inc_r1632); - - register_opcode(proc->opcodes[X86_OP_DEC_E_AX], 0x66, 0x48, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_CX], 0x66, 0x49, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_DX], 0x66, 0x4a, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_BX], 0x66, 0x4b, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_SP], 0x66, 0x4c, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_BP], 0x66, 0x4d, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_SI], 0x66, 0x4e, "dec", x86_read_instr_dec_r1632); - register_opcode(proc->opcodes[X86_OP_DEC_E_DI], 0x66, 0x4f, "dec", x86_read_instr_dec_r1632); - - register_opcode(proc->opcodes[X86_OP_PUSH_E_AX], 0x66, 0x50, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_CX], 0x66, 0x51, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_DX], 0x66, 0x52, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_BX], 0x66, 0x53, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_SP], 0x66, 0x54, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_BP], 0x66, 0x55, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_SI], 0x66, 0x56, "push", x86_read_instr_push_r1632); - register_opcode(proc->opcodes[X86_OP_PUSH_E_DI], 0x66, 0x57, "push", x86_read_instr_push_r1632); - - register_opcode(proc->opcodes[X86_OP_POP_E_AX], 0x66, 0x58, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_CX], 0x66, 0x59, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_DX], 0x66, 0x5a, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_BX], 0x66, 0x5b, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_SP], 0x66, 0x5c, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_BP], 0x66, 0x5d, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_SI], 0x66, 0x5e, "pop", x86_read_instr_pop_r1632); - register_opcode(proc->opcodes[X86_OP_POP_E_DI], 0x66, 0x5f, "pop", x86_read_instr_pop_r1632); + register_opcode(proc->opcodes[X86_OP_ADD_RM8_R8], 0x00, "add", x86_read_instr_add_rm8_r8); + + register_opcode_1632(proc->opcodes[X86_OP_SUB_R1632_RM1632], 0x29, "sub", x86_read_instr_sub_r1632_from_rm1632); + + register_opcode(proc->opcodes[X86_OP_XOR_RM8_R8], 0x30, "xor", x86_read_instr_xor_rm8_with_r8); + register_opcode_1632(proc->opcodes[X86_OP_XOR_RM1632_R1632], 0x31, "xor", x86_read_instr_xor_rm1632_with_r1632); + register_opcode(proc->opcodes[X86_OP_XOR_R8_RM8], 0x32, "xor", x86_read_instr_xor_r8_with_rm8); + register_opcode_1632(proc->opcodes[X86_OP_XOR_R1632_RM1632], 0x33, "xor", x86_read_instr_xor_r1632_with_rm1632); + register_opcode(proc->opcodes[X86_OP_XOR_AL_IMM8], 0x34, "xor", x86_read_instr_xor_al_with_imm8); + register_opcode_1632(proc->opcodes[X86_OP_XOR_E_AX_IMM1632], 0x35, "xor", x86_read_instr_xor_e_ax_with_imm1632); + + register_opcode_1632(proc->opcodes[X86_OP_CMP_RM1632_R1632], 0x39, "cmp", x86_read_instr_cmp_rm1632_with_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_INC_E_AX], 0x40, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_CX], 0x41, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_DX], 0x42, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_BX], 0x43, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_SP], 0x44, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_BP], 0x45, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_SI], 0x46, "inc", x86_read_instr_inc_r1632); + register_opcode_1632(proc->opcodes[X86_OP_INC_E_DI], 0x47, "inc", x86_read_instr_inc_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_AX], 0x48, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_CX], 0x49, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_DX], 0x4a, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_BX], 0x4b, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_SP], 0x4c, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_BP], 0x4d, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_SI], 0x4e, "dec", x86_read_instr_dec_r1632); + register_opcode_1632(proc->opcodes[X86_OP_DEC_E_DI], 0x4f, "dec", x86_read_instr_dec_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_AX], 0x50, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_CX], 0x51, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_DX], 0x52, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_BX], 0x53, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_SP], 0x54, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_BP], 0x55, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_SI], 0x56, "push", x86_read_instr_push_r1632); + register_opcode_1632(proc->opcodes[X86_OP_PUSH_E_DI], 0x57, "push", x86_read_instr_push_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_POP_E_AX], 0x58, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_CX], 0x59, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_DX], 0x5a, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_BX], 0x5b, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_SP], 0x5c, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_BP], 0x5d, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_SI], 0x5e, "pop", x86_read_instr_pop_r1632); + register_opcode_1632(proc->opcodes[X86_OP_POP_E_DI], 0x5f, "pop", x86_read_instr_pop_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_PUSH_IMM1632], 0x68, "push", x86_read_instr_push_imm1632); + + register_opcode(proc->opcodes[X86_OP_JE_8], 0x74, "je", x86_read_instr_je_8); + register_opcode(proc->opcodes[X86_OP_JNE_8], 0x75, "jne", x86_read_instr_jne_8); + + register_opcode_with_ext(proc->opcodes[X86_OP_XOR_RM8_IMM8], 0x80, 6, "xor", x86_read_instr_xor_rm8_with_imm8); + register_opcode_with_ext(proc->opcodes[X86_OP_CMP_RM8_IMM8], 0x80, 7, "cmp", x86_read_instr_cmp_rm8_with_imm8); + + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ADD_RM1632_IMM1632], 0x81, 0, "add", x86_read_instr_add_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_OR_RM1632_IMM1632], 0x81, 1, "or", x86_read_instr_or_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ADC_RM1632_IMM1632], 0x81, 2, "adc", x86_read_instr_adc_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SBB_RM1632_IMM1632], 0x81, 3, "sbb", x86_read_instr_sbb_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_AND_RM1632_IMM1632], 0x81, 4, "and", x86_read_instr_and_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SUB_RM1632_IMM1632], 0x81, 5, "sub", x86_read_instr_sub_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_XOR_RM1632_IMM1632], 0x81, 6, "xor", x86_read_instr_xor_rm1632_imm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_CMP_RM1632_IMM1632], 0x81, 7, "cmp", x86_read_instr_cmp_rm1632_imm1632); + + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ADD_RM1632_IMM8], 0x83, 0, "add", x86_read_instr_add_imm8_to_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_OR_RM1632_IMM8], 0x83, 1, "or", x86_read_instr_or_rm1632_with_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ADC_RM1632_IMM8], 0x83, 2, "adc", x86_read_instr_adc_imm8_to_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SBB_RM1632_IMM8], 0x83, 3, "sbb", x86_read_instr_sbb_rm1632_with_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_AND_RM1632_IMM8], 0x83, 4, "and", x86_read_instr_and_rm1632_with_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SUB_RM1632_IMM8], 0x83, 5, "sub", x86_read_instr_sub_imm8_from_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_XOR_RM1632_IMM8], 0x83, 6, "xor", x86_read_instr_xor_rm1632_with_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_CMP_RM1632_IMM8], 0x83, 7, "cmp", x86_read_instr_cmp_rm1632_with_imm8); + + register_opcode(proc->opcodes[X86_OP_TEST_RM8_R8], 0x84, "test", x86_read_instr_test_rm8_with_r8); + register_opcode_1632(proc->opcodes[X86_OP_TEST_RM1632_R1632], 0x85, "test", x86_read_instr_test_rm1632_with_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_MOV_RM1632_R1632], 0x89, "mov", x86_read_instr_mov_r1632_to_rm1632); + + register_opcode_1632(proc->opcodes[X86_OP_MOV_R1632_RM1632], 0x8b, "mov", x86_read_instr_mov_rm1632_to_r1632); + + register_opcode_1632(proc->opcodes[X86_OP_LEA], 0x8d, "lea", x86_read_instr_lea); + + register_opcode(proc->opcodes[X86_OP_NOP], 0x90, "nop", x86_read_instr_nop); + + register_opcode(proc->opcodes[X86_OP_MOV_MOFFS_TO_AL], 0xa0, "mov", x86_read_instr_mov_moffs8_to_al); + register_opcode_1632(proc->opcodes[X86_OP_MOV_MOFFS_TO_E_AX], 0xa1, "mov", x86_read_instr_mov_moffs1632_to_e_ax); + register_opcode(proc->opcodes[X86_OP_MOV_AL_TO_MOFFS], 0xa2, "mov", x86_read_instr_mov_al_to_moffs8); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_AX_TO_MOFFS], 0xa3, "mov", x86_read_instr_mov_e_ax_to_moffs1632); + + register_opcode(proc->opcodes[X86_OP_TEST_AL], 0xa8, "test", x86_read_instr_test_al); + register_opcode_1632(proc->opcodes[X86_OP_TEST_E_AX], 0xa9, "test", x86_read_instr_test_e_ax); + + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_AX], 0xb8, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_CX], 0xb9, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_DX], 0xba, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_BX], 0xbb, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_SP], 0xbc, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_BP], 0xbd, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_SI], 0xbe, "mov", x86_read_instr_mov_imm1632_to_r1632); + register_opcode_1632(proc->opcodes[X86_OP_MOV_E_DI], 0xbf, "mov", x86_read_instr_mov_imm1632_to_r1632); + + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ROL_RM1632_IMM8], 0xc1, 0, "rol", x86_read_instr_rol_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_ROR_RM1632_IMM8], 0xc1, 1, "ror", x86_read_instr_ror_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_RCL_RM1632_IMM8], 0xc1, 2, "rcl", x86_read_instr_rcl_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_RCR_RM1632_IMM8], 0xc1, 3, "rcr", x86_read_instr_rcr_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SHL_RM1632_IMM8], 0xc1, 4, "shl", x86_read_instr_shl_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SHR_RM1632_IMM8], 0xc1, 5, "shr", x86_read_instr_shr_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SAL_RM1632_IMM8], 0xc1, 6, "sal", x86_read_instr_sal_rm1632_imm8); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_SAR_RM1632_IMM8], 0xc1, 7, "sar", x86_read_instr_sar_rm1632_imm8); + + register_opcode(proc->opcodes[X86_OP_RET], 0xc3, "ret", x86_read_instr_ret); + + register_opcode(proc->opcodes[X86_OP_MOV_IMM8_TO_RM8], 0xc6, "mov", x86_read_instr_mov_imm8_to_rm8); + register_opcode_1632(proc->opcodes[X86_OP_MOV_IMM1632_TO_RM1632], 0xc7, "mov", x86_read_instr_mov_imm1632_to_rm1632); + + register_opcode(proc->opcodes[X86_OP_LEAVE], 0xc9, "leave", x86_read_instr_leave); + + register_opcode(proc->opcodes[X86_OP_INT], 0xcd, "int", x86_read_instr_int); - register_opcode(proc->opcodes[X86_OP_PUSH_IMM1632], 0x66, 0x68, "push", x86_read_instr_push_imm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_XOR_RM8_IMM8], 0x00, 0x80, 6, "xor", x86_read_instr_xor_rm8_with_imm8); - register_opcode_with_ext(proc->opcodes[X86_OP_CMP_RM8_IMM8], 0x00, 0x80, 7, "cmp", x86_read_instr_cmp_rm8_with_imm8); + register_opcode_1632(proc->opcodes[X86_OP_CALL_REL1632], 0xe8, "call", x86_read_instr_call_rel1632); + register_opcode_1632(proc->opcodes[X86_OP_JMP_REL1632], 0xe9, "jmp", x86_read_instr_jmp_rel1632); - register_opcode_with_ext(proc->opcodes[X86_OP_ADD_RM1632_IMM1632], 0x66, 0x81, 0, "add", x86_read_instr_add_imm1632_to_rm1632); + register_opcode(proc->opcodes[X86_OP_JMP_8], 0xeb, "jmp", x86_read_instr_jmp_8); - register_opcode_with_ext(proc->opcodes[X86_OP_XOR_RM1632_IMM1632], 0x66, 0x81, 6, "xor", x86_read_instr_xor_rm1632_with_imm1632); + register_opcode(proc->opcodes[X86_OP_HLT], 0xf4, "hlt", x86_read_instr_hlt); - register_opcode_with_ext(proc->opcodes[X86_OP_ADD_RM1632_IMM8], 0x66, 0x83, 0, "add", x86_read_instr_add_imm8_to_rm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_OR_RM1632_IMM8], 0x66, 0x83, 1, "or", x86_read_instr_or_rm1632_with_imm8); - register_opcode_with_ext(proc->opcodes[X86_OP_ADC_RM1632_IMM8], 0x66, 0x83, 2, "adc", x86_read_instr_adc_imm8_to_rm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_SBB_RM1632_IMM8], 0x66, 0x83, 3, "sbb", x86_read_instr_sbb_rm1632_with_imm8); - register_opcode_with_ext(proc->opcodes[X86_OP_AND_RM1632_IMM8], 0x66, 0x83, 4, "and", x86_read_instr_and_rm1632_with_imm8); - register_opcode_with_ext(proc->opcodes[X86_OP_SUB_RM1632_IMM8], 0x66, 0x83, 5, "sub", x86_read_instr_sub_imm8_from_rm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_XOR_RM1632_IMM8], 0x66, 0x83, 6, "xor", x86_read_instr_xor_rm1632_with_imm8); - register_opcode_with_ext(proc->opcodes[X86_OP_CMP_RM1632_IMM8], 0x66, 0x83, 7, "cmp", x86_read_instr_cmp_rm1632_with_imm8); - - register_opcode(proc->opcodes[X86_OP_JE_8], 0x00, 0x74, "je", x86_read_instr_je_8); - register_opcode(proc->opcodes[X86_OP_JNE_8], 0x00, 0x75, "jne", x86_read_instr_jne_8); - - register_opcode(proc->opcodes[X86_OP_TEST_RM8_R8], 0x00, 0x84, "test", x86_read_instr_test_rm8_with_r8); - register_opcode(proc->opcodes[X86_OP_TEST_RM1632_R1632], 0x66, 0x85, "test", x86_read_instr_test_rm1632_with_r1632); - - register_opcode(proc->opcodes[X86_OP_MOV_RM1632_R1632], 0x66, 0x89, "mov", x86_read_instr_mov_r1632_to_rm1632); - - register_opcode(proc->opcodes[X86_OP_MOV_R1632_RM1632], 0x66, 0x8b, "mov", x86_read_instr_mov_rm1632_to_r1632); - - register_opcode(proc->opcodes[X86_OP_LEA], 0x66, 0x8d, "lea", x86_read_instr_lea); - - register_opcode(proc->opcodes[X86_OP_NOP], 0x00, 0x90, "nop", x86_read_instr_nop); - - register_opcode(proc->opcodes[X86_OP_MOV_MOFFS_TO_AL], 0x00, 0xa0, "mov", x86_read_instr_mov_moffs8_to_al); - register_opcode(proc->opcodes[X86_OP_MOV_MOFFS_TO_E_AX], 0x66, 0xa1, "mov", x86_read_instr_mov_moffs1632_to_e_ax); - register_opcode(proc->opcodes[X86_OP_MOV_AL_TO_MOFFS], 0x00, 0xa2, "mov", x86_read_instr_mov_al_to_moffs8); - register_opcode(proc->opcodes[X86_OP_MOV_E_AX_TO_MOFFS], 0x66, 0xa3, "mov", x86_read_instr_mov_e_ax_to_moffs1632); - - register_opcode(proc->opcodes[X86_OP_TEST_AL], 0x00, 0xa8, "test", x86_read_instr_test_al); - register_opcode(proc->opcodes[X86_OP_TEST_E_AX], 0x66, 0xa9, "test", x86_read_instr_test_e_ax); - - register_opcode(proc->opcodes[X86_OP_MOV_E_AX], 0x66, 0xb8, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_CX], 0x66, 0xb9, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_DX], 0x66, 0xba, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_BX], 0x66, 0xbb, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_SP], 0x66, 0xbc, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_BP], 0x66, 0xbd, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_SI], 0x66, 0xbe, "mov", x86_read_instr_mov_imm1632_to_r1632); - register_opcode(proc->opcodes[X86_OP_MOV_E_DI], 0x66, 0xbf, "mov", x86_read_instr_mov_imm1632_to_r1632); - - register_opcode_with_ext(proc->opcodes[X86_OP_SAR_RM1632_IMM8], 0x66, 0xc1, 7, "sar", x86_read_instr_sar_rm1632_with_imm8); - - register_opcode(proc->opcodes[X86_OP_RET], 0x00, 0xc3, "ret", x86_read_instr_ret); - - register_opcode(proc->opcodes[X86_OP_MOV_IMM8_TO_RM8], 0x00, 0xc6, "mov", x86_read_instr_mov_imm8_to_rm8); - register_opcode(proc->opcodes[X86_OP_MOV_IMM1632_TO_RM1632], 0x66, 0xc7, "mov", x86_read_instr_mov_imm1632_to_rm1632); - - register_opcode(proc->opcodes[X86_OP_LEAVE], 0x00, 0xc9, "leave", x86_read_instr_leave); - - register_opcode(proc->opcodes[X86_OP_INT], 0x00, 0xcd, "int", x86_read_instr_int); - - - register_opcode(proc->opcodes[X86_OP_CALL_REL1632], 0x66, 0xe8, "call", x86_read_instr_call_rel1632); - register_opcode(proc->opcodes[X86_OP_JMP_REL1632], 0x66, 0xe9, "jmp", x86_read_instr_jmp_rel1632); - - register_opcode(proc->opcodes[X86_OP_JMP_8], 0x00, 0xeb, "jmp", x86_read_instr_jmp_8); - - register_opcode(proc->opcodes[X86_OP_HLT], 0x00, 0xf4, "hlt", x86_read_instr_hlt); - - register_opcode_with_ext(proc->opcodes[X86_OP_CALL_RM1632], 0x66, 0xff, 2, "call", x86_read_instr_call_rm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_JMP_RM1632], 0x66, 0xff, 4, "jmp", x86_read_instr_jmp_rm1632); - register_opcode_with_ext(proc->opcodes[X86_OP_PUSH_RM1632], 0x66, 0xff, 6, "push", x86_read_instr_push_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_CALL_RM1632], 0xff, 2, "call", x86_read_instr_call_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_JMP_RM1632], 0xff, 4, "jmp", x86_read_instr_jmp_rm1632); + register_opcode_1632_with_ext(proc->opcodes[X86_OP_PUSH_RM1632], 0xff, 6, "push", x86_read_instr_push_rm1632); + //register_2b_opcode_1632(proc->opcodes[X86_OP_MOVZX_R1632_RM8], 0xb6, "movzx", x86_read_instr_movzx_r1632_rm8); } @@ -351,48 +397,46 @@ void x86_register_instructions(asm_x86_processor *proc) asm_instr *x86_fetch_instruction(const asm_x86_processor *proc, const uint8_t *data, off_t *pos, off_t len, uint64_t offset) { asm_x86_instr *result; /* Résultat à faire remonter */ + X86Prefix prefix; /* Préfixe détecté */ X86Opcodes i; /* Boucle de parcours */ - off_t tmp; /* Tête de lecture */ - off_t old_pos; /* Sauvegarde de la position */ result = NULL; - for (i = 0; i < X86_OP_COUNT; i++) + prefix = X86_PRE_NONE; + + consume_prefix: + + switch (data[*pos]) { - if (proc->opcodes[i].prefix > 0 && data[*pos] == proc->opcodes[i].prefix && data[*pos + 1] == proc->opcodes[i].opcode) - { - tmp = *pos + 2; - goto find_instr; - } + case 0x66: + prefix |= X86_PRE_OPSIZE; + (*pos)++; + break; - if (proc->opcodes[i].opt_prefix && data[*pos] == proc->opcodes[i].opcode) - { - tmp = *pos + 1; - goto find_instr; - } + case 0x0f: + prefix |= X86_PRE_ESCAPE; + (*pos)++; + break; - if (proc->opcodes[i].prefix == 0x00 && data[*pos] == proc->opcodes[i].opcode) - { - tmp = *pos + 1; - goto find_instr; - } + default: + goto found_instr; + break; + + } - continue; + goto consume_prefix; - find_instr: + found_instr: - if (proc->opcodes[i].has_op_ext && (data[tmp] & EXT_OPCODE_MASK) != proc->opcodes[i].op_ext) - continue; + for (i = 0; i < X86_OP_COUNT; i++) + { + if ((prefix & proc->opcodes[i].prefix) != prefix) continue; - old_pos = *pos; + if (data[*pos] != proc->opcodes[i].opcode) continue; result = proc->opcodes[i].read(data, pos, len, offset, proc); if (result != NULL) result->type = i; - else - { - *pos = old_pos; - printf("err while x86 decoding at 0x%08llx :: [0x%02hhx] 0x%02hhx\n", offset, proc->opcodes[i].prefix, proc->opcodes[i].opcode); - } + break; } |