From f0b80c6ab55ede4f8ab8ede757f1f8951512affa Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Fri, 1 Aug 2008 21:08:17 +0000 Subject: Handled the 'leave' and 'ret' opcodes. git-svn-id: svn://svn.gna.org/svn/chrysalide/trunk@12 abbe820e-26c8-41b2-8c08-b7b2b41f8b0a --- ChangeLog | 18 ++++++++++++++ src/arch/x86/Makefile.am | 2 ++ src/arch/x86/instruction.h | 3 +++ src/arch/x86/op_leave.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++ src/arch/x86/op_ret.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++ src/arch/x86/opcodes.h | 6 +++++ src/arch/x86/processor.c | 5 +++- 7 files changed, 149 insertions(+), 1 deletion(-) create mode 100644 src/arch/x86/op_leave.c create mode 100644 src/arch/x86/op_ret.c diff --git a/ChangeLog b/ChangeLog index cf5fda7..66c77d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,21 @@ +2008-08-01 Cyrille Bagard + + * src/arch/x86/instruction.h: + Register the new opcodes. + + * src/arch/x86/Makefile.am: + Add op_(leave|ret).c to libarchx86_a_SOURCES. + + * src/arch/x86/opcodes.h: + Register the new opcodes. + + * src/arch/x86/op_leave.c: + * src/arch/x86/op_ret.c: + New entries: handle the 'leave' and 'ret' opcodes. + + * src/arch/x86/processor.c: + Register the new opcodes. Avoid wrong warning messages. + 2008-07-31 Cyrille Bagard * src/arch/operand.c: diff --git a/src/arch/x86/Makefile.am b/src/arch/x86/Makefile.am index da03534..0a32def 100644 --- a/src/arch/x86/Makefile.am +++ b/src/arch/x86/Makefile.am @@ -8,10 +8,12 @@ libarchx86_a_SOURCES = \ op_hlt.c \ op_inc.c \ op_int.c \ + op_leave.c \ op_nop.c \ op_mov.c \ op_pop.c \ op_push.c \ + op_ret.c \ opcodes.h \ operand.h operand.c \ processor.h processor.c diff --git a/src/arch/x86/instruction.h b/src/arch/x86/instruction.h index d88e971..af1c5bc 100644 --- a/src/arch/x86/instruction.h +++ b/src/arch/x86/instruction.h @@ -87,6 +87,9 @@ typedef enum _X86Opcodes X86_OP_MOV_SI, /* mov (0xbe) */ X86_OP_MOV_DI, /* mov (0xbf) */ + X86_OP_RET, /* ret (0xc3) */ + X86_OP_LEAVE, /* leave (0xc9) */ + X86_OP_INT, /* int (0xcd) */ X86_OP_CALL, /* call (0xe8) */ diff --git a/src/arch/x86/op_leave.c b/src/arch/x86/op_leave.c new file mode 100644 index 0000000..f0b67ed --- /dev/null +++ b/src/arch/x86/op_leave.c @@ -0,0 +1,58 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * op_leave.c - décodage de la préparation d'une sortie d'appel + * + * Copyright (C) 2008 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include + + +#include "../instruction-int.h" +#include "opcodes.h" + + + +/****************************************************************************** +* * +* Paramètres : data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* len = taille totale des données à analyser. * +* offset = adresse virtuelle de l'instruction. * +* proc = architecture ciblée par le désassemblage. * +* * +* Description : Décode une instruction de type 'leave'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +asm_x86_instr *read_instr_leave(const uint8_t *data, off_t *pos, off_t len, uint64_t offset, const asm_x86_processor *proc) +{ + asm_x86_instr *result; + + result = (asm_x86_instr *)calloc(1, sizeof(asm_x86_instr)); + + ASM_INSTRUCTION(result)->opcode = data[(*pos)++]; + + return result; + +} diff --git a/src/arch/x86/op_ret.c b/src/arch/x86/op_ret.c new file mode 100644 index 0000000..fa8b839 --- /dev/null +++ b/src/arch/x86/op_ret.c @@ -0,0 +1,58 @@ + +/* OpenIDA - Outil d'analyse de fichiers binaires + * op_ret.c - décodage de la sortie d'un appel + * + * Copyright (C) 2008 Cyrille Bagard + * + * This file is part of OpenIDA. + * + * OpenIDA is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * OpenIDA is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Foobar. If not, see . + */ + + +#include + + +#include "../instruction-int.h" +#include "opcodes.h" + + + +/****************************************************************************** +* * +* Paramètres : data = flux de données à analyser. * +* pos = position courante dans ce flux. [OUT] * +* len = taille totale des données à analyser. * +* offset = adresse virtuelle de l'instruction. * +* proc = architecture ciblée par le désassemblage. * +* * +* Description : Décode une instruction de type 'ret'. * +* * +* Retour : Instruction mise en place ou NULL. * +* * +* Remarques : - * +* * +******************************************************************************/ + +asm_x86_instr *read_instr_ret(const uint8_t *data, off_t *pos, off_t len, uint64_t offset, const asm_x86_processor *proc) +{ + asm_x86_instr *result; + + result = (asm_x86_instr *)calloc(1, sizeof(asm_x86_instr)); + + ASM_INSTRUCTION(result)->opcode = data[(*pos)++]; + + return result; + +} diff --git a/src/arch/x86/opcodes.h b/src/arch/x86/opcodes.h index 3efefaf..a75de7e 100644 --- a/src/arch/x86/opcodes.h +++ b/src/arch/x86/opcodes.h @@ -49,6 +49,9 @@ asm_x86_instr *read_instr_inc_1632(const uint8_t *, off_t *, off_t, uint64_t, co /* Décode une instruction de type 'int'. */ asm_x86_instr *read_instr_int(const uint8_t *, off_t *, off_t, uint64_t, const asm_x86_processor *); +/* Décode une instruction de type 'leave'. */ +asm_x86_instr *read_instr_leave(const uint8_t *, off_t *, off_t, uint64_t, const asm_x86_processor *); + /* Décode une instruction de type 'mov' (16 ou 32 bits). */ asm_x86_instr *read_instr_mov_to_1632(const uint8_t *, off_t *, off_t, uint64_t, const asm_x86_processor *); @@ -64,6 +67,9 @@ asm_x86_instr *read_instr_push_imm1632(const uint8_t *, off_t *, off_t, uint64_t /* Décode une instruction de type 'push' (16 ou 32 bits). */ asm_x86_instr *read_instr_push_reg1632(const uint8_t *, off_t *, off_t, uint64_t, const asm_x86_processor *); +/* Décode une instruction de type 'ret'. */ +asm_x86_instr *read_instr_ret(const uint8_t *, off_t *, off_t, uint64_t, const asm_x86_processor *); + #endif /* _ARCH_X86_OPCODES_H */ diff --git a/src/arch/x86/processor.c b/src/arch/x86/processor.c index 94f2a51..487e4a0 100644 --- a/src/arch/x86/processor.c +++ b/src/arch/x86/processor.c @@ -223,6 +223,9 @@ void x86_register_instructions(asm_x86_processor *proc) register_opcode(proc->opcodes[X86_OP_MOV_DI], 0x00, 0xbf, "mov", read_instr_mov_to_1632); + register_opcode(proc->opcodes[X86_OP_RET], 0x00, 0xc3, "ret", read_instr_ret); + register_opcode(proc->opcodes[X86_OP_LEAVE], 0x00, 0xc9, "leave", read_instr_leave); + register_opcode(proc->opcodes[X86_OP_INT], 0x00, 0xcd, "int", read_instr_int); @@ -314,7 +317,7 @@ asm_instr *x86_fetch_instruction(const asm_x86_processor *proc, const uint8_t *d { result = proc->opcodes[i].read(data, pos, len, offset, proc); if (result != NULL) result->type = i; - printf("err while decoding :: [0x%02hhx] 0x%02hhx\n", proc->opcodes[i].prefix, proc->opcodes[i].opcode); + else printf("err while decoding :: [0x%02hhx] 0x%02hhx\n", proc->opcodes[i].prefix, proc->opcodes[i].opcode); break; } -- cgit v0.11.2-87-g4458