/* OpenIDA - Outil d'analyse de fichiers binaires * processor.c - gestion de l'architecture x86 * * Copyright (C) 2008 Cyrille Bagard * * This file is part of OpenIDA. * * OpenIDA is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * OpenIDA is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Foobar. If not, see . */ #include "processor.h" #include "../processor-int.h" #include "opcodes.h" /* Définition du processeur de la x86 (instance) */ struct _GX86Processor { GArchProcessor parent; /* Instance parente */ }; /* Définition du processeur de la x86 (classe) */ struct _GX86ProcessorClass { GArchProcessorClass parent; /* Classe parente */ }; /* Initialise la classe des lignes de descriptions initiales. */ static void g_x86_processor_class_init(GX86ProcessorClass *); /* Initialise la classe des lignes de descriptions initiales. */ static void g_x86_processor_init(GX86Processor *); /* Décode une instruction dans un flux de données. */ static GArchInstruction *g_x86_processor_decode_instruction(const GX86Processor *, const bin_t *, off_t *, off_t, vmpa_t); /* Indique le type défini par la GLib pour le processeur x86. */ G_DEFINE_TYPE(GX86Processor, g_x86_processor, G_TYPE_ARCH_PROCESSOR); /****************************************************************************** * * * Paramètres : klass = classe à initialiser. * * * * Description : Initialise la classe des lignes de descriptions initiales. * * * * Retour : - * * * * Remarques : - * * * ******************************************************************************/ static void g_x86_processor_class_init(GX86ProcessorClass *klass) { } /****************************************************************************** * * * Paramètres : proc = instance à initialiser. * * * * Description : Initialise la classe des lignes de descriptions initiales. * * * * Retour : - * * * * Remarques : - * * * ******************************************************************************/ static void g_x86_processor_init(GX86Processor *proc) { GArchProcessor *parent; /* Instance parente */ parent = G_ARCH_PROCESSOR(proc); parent->endianness = SRE_BIG; parent->memsize = MDS_32_BITS; parent->decode = (decode_instruction_fc)g_x86_processor_decode_instruction; } /****************************************************************************** * * * Paramètres : - * * * * Description : Crée le support de l'architecture x86. * * * * Retour : Architecture mise en place. * * * * Remarques : - * * * ******************************************************************************/ GArchProcessor *g_x86_processor_new(void) { GArchProcessor *result; /* Structure à retourner */ result = g_object_new(G_TYPE_X86_PROCESSOR, NULL); return result; } /****************************************************************************** * * * Paramètres : proc = architecture visée par la consultation. * * prefix = bascule à consulter. * * * * Description : Fournit la taille supplantée des opérandes pour x86. * * * * Retour : Taille d'opérande (16 ou 32 bits). * * * * Remarques : - * * * ******************************************************************************/ AsmOperandSize g_x86_processor_get_operand_size(const GX86Processor *proc, X86Prefix prefix) { AsmOperandSize result; /* Taille à renvoyer */ /* FIXME */ if (prefix & XPX_OPERAND_SIZE_OVERRIDE) result = (AOS_32_BITS/*proc->operand_size*/ == AOS_32_BITS ? AOS_16_BITS : AOS_32_BITS); else result = AOS_32_BITS/*proc->operand_size*/; return result; } /****************************************************************************** * * * Paramètres : proc = architecture visée par la procédure. * * data = flux de données à analyser. * * pos = position courante dans ce flux. [OUT] * * len = taille totale des données à analyser. * * addr = adresse virtuelle de l'instruction. * * * * Description : Décode une instruction dans un flux de données. * * * * Retour : Instruction mise en place. * * * * Remarques : - * * * ******************************************************************************/ static GArchInstruction *g_x86_processor_decode_instruction(const GX86Processor *proc, const bin_t *data, off_t *pos, off_t len, vmpa_t addr) { GArchInstruction *result; /* Instruction à renvoyer */ X86Prefix prefix; /* Préfixes avec l'instr. */ bool care; /* Traitement des opcodes */ X86Opcodes id; /* Identifiant d'instruction */ id = x86_guess_next_instruction(data, *pos, len, &prefix, &care); if (prefix & XPX_TWO_BYTES) { (*pos)++; addr++; } if (prefix & XPX_OPERAND_SIZE_OVERRIDE) (*pos)++; if (id != XOP_COUNT && !care) (*pos)++; switch (id) { case XOP_ADD_RM8_R8: result = x86_read_instr_add_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_ADD_RM1632_R1632: result = x86_read_instr_add_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_ADD_R8_RM8: result = x86_read_instr_add_r8_rm8(data, pos, len, addr, prefix, proc); break; case XOP_ADD_R1632_RM1632: result = x86_read_instr_add_r1632_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_ADD_AL_IMM8: result = x86_read_instr_add_al_imm8(data, pos, len, addr, prefix, proc); break; case XOP_ADD_E_AX_IMM1632: result = x86_read_instr_add_e_ax_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_OR_R8_RM8: result = x86_read_instr_or_r8_rm8(data, pos, len, addr, prefix, proc); break; case XOP_OR_AL_IMM8: result = x86_read_instr_or_al_imm8(data, pos, len, addr, prefix, proc); break; case XOP_JLE_REL1632: result = x86_read_instr_jle_rel1632(data, pos, len, addr, prefix, proc); break; case XOP_MOVZX_R1632_RM8: result = x86_read_instr_movzx_r1632_rm8(data, pos, len, addr, prefix, proc); break; case XOP_MOVSX_R1632_RM8: result = x86_read_instr_movsx_r1632_rm8(data, pos, len, addr, prefix, proc); break; case XOP_ADC_RM8_R8: result = x86_read_instr_adc_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_AND_RM8_R8: result = x86_read_instr_and_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_SUB_RM1632_R1632: result = x86_read_instr_sub_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_SUB_R8_RM8: result = x86_read_instr_sub_r8_rm8(data, pos, len, addr, prefix, proc); break; case XOP_SUB_AL_IMM8: result = x86_read_instr_sub_al_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SUB_E_AX_IMM1632: result = x86_read_instr_sub_e_ax_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_XOR_RM8_R8: result = x86_read_instr_xor_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_XOR_RM1632_R1632: result = x86_read_instr_xor_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_XOR_R8_RM8: result = x86_read_instr_xor_r8_rm8(data, pos, len, addr, prefix, proc); break; case XOP_XOR_R1632_RM1632: result = x86_read_instr_xor_r1632_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_XOR_AL_IMM8: result = x86_read_instr_xor_al_imm8(data, pos, len, addr, prefix, proc); break; case XOP_XOR_E_AX_IMM1632: result = x86_read_instr_xor_e_ax_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_CMP_RM1632_R1632: result = x86_read_instr_cmp_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_INC_E_AX: case XOP_INC_E_CX: case XOP_INC_E_DX: case XOP_INC_E_BX: case XOP_INC_E_SP: case XOP_INC_E_BP: case XOP_INC_E_SI: case XOP_INC_E_DI: result = x86_read_instr_inc_r1632(data, pos, len, addr, prefix, proc); break; case XOP_DEC_E_AX: case XOP_DEC_E_CX: case XOP_DEC_E_DX: case XOP_DEC_E_BX: case XOP_DEC_E_SP: case XOP_DEC_E_BP: case XOP_DEC_E_SI: case XOP_DEC_E_DI: result = x86_read_instr_dec_r1632(data, pos, len, addr, prefix, proc); break; case XOP_PUSH_E_AX: case XOP_PUSH_E_CX: case XOP_PUSH_E_DX: case XOP_PUSH_E_BX: case XOP_PUSH_E_SP: case XOP_PUSH_E_BP: case XOP_PUSH_E_SI: case XOP_PUSH_E_DI: result = x86_read_instr_push_r1632(data, pos, len, addr, prefix, proc); break; case XOP_POP_E_AX: case XOP_POP_E_CX: case XOP_POP_E_DX: case XOP_POP_E_BX: case XOP_POP_E_SP: case XOP_POP_E_BP: case XOP_POP_E_SI: case XOP_POP_E_DI: result = x86_read_instr_pop_r1632(data, pos, len, addr, prefix, proc); break; case XOP_PUSH_IMM1632: result = x86_read_instr_push_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_IMUL_RM1632_IMM8: result = x86_read_instr_imul_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_JO_REL8: result = x86_read_instr_jo_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNO_REL8: result = x86_read_instr_jno_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JB_REL8: result = x86_read_instr_jb_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNB_REL8: result = x86_read_instr_jnb_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JE_REL8: result = x86_read_instr_je_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNE_REL8: result = x86_read_instr_jne_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNA_REL8: result = x86_read_instr_jna_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JA_REL8: result = x86_read_instr_ja_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JS_REL8: result = x86_read_instr_js_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNS_REL8: result = x86_read_instr_jns_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JP_REL8: result = x86_read_instr_jp_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNP_REL8: result = x86_read_instr_jnp_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JL_REL8: result = x86_read_instr_jl_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNL_REL8: result = x86_read_instr_jnl_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JNG_REL8: result = x86_read_instr_jng_rel8(data, pos, len, addr, prefix, proc); break; case XOP_JG_REL8: result = x86_read_instr_jg_rel8(data, pos, len, addr, prefix, proc); break; case XOP_ADD_RM8_IMM8: result = x86_read_instr_add_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_OR_RM8_IMM8: result = x86_read_instr_or_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_ADC_RM8_IMM8: result = x86_read_instr_adc_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SBB_RM8_IMM8: result = x86_read_instr_sbb_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_AND_RM8_IMM8: result = x86_read_instr_and_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SUB_RM8_IMM8: result = x86_read_instr_sub_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_XOR_RM8_IMM8: result = x86_read_instr_xor_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_CMP_RM8_IMM8: result = x86_read_instr_cmp_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_ADD_RM1632_IMM1632: result = x86_read_instr_add_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_OR_RM1632_IMM1632: result = x86_read_instr_or_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_ADC_RM1632_IMM1632: result = x86_read_instr_adc_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_SBB_RM1632_IMM1632: result = x86_read_instr_sbb_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_AND_RM1632_IMM1632: result = x86_read_instr_and_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_SUB_RM1632_IMM1632: result = x86_read_instr_sub_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_XOR_RM1632_IMM1632: result = x86_read_instr_xor_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_CMP_RM1632_IMM1632: result = x86_read_instr_cmp_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_ADD_RM1632_IMM8: result = x86_read_instr_add_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_OR_RM1632_IMM8: result = x86_read_instr_or_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_ADC_RM1632_IMM8: result = x86_read_instr_adc_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SBB_RM1632_IMM8: result = x86_read_instr_sbb_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_AND_RM1632_IMM8: result = x86_read_instr_and_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SUB_RM1632_IMM8: result = x86_read_instr_sub_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_XOR_RM1632_IMM8: result = x86_read_instr_xor_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_CMP_RM1632_IMM8: result = x86_read_instr_cmp_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_TEST_RM8_R8: result = x86_read_instr_test_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_TEST_RM1632_R1632: result = x86_read_instr_test_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_MOV_RM8_R8: result = x86_read_instr_mov_rm8_r8(data, pos, len, addr, prefix, proc); break; case XOP_MOV_RM1632_R1632: result = x86_read_instr_mov_rm1632_r1632(data, pos, len, addr, prefix, proc); break; case XOP_MOV_R1632_RM1632: result = x86_read_instr_mov_r1632_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_LEA_R1632_M: result = x86_read_instr_lea_r1632_m(data, pos, len, addr, prefix, proc); break; case XOP_NOP: result = x86_read_instr_nop(data, pos, len, addr, prefix, proc); break; case XOP_XCHG_R1632_E_AX: case XOP_XCHG_R1632_E_CX: case XOP_XCHG_R1632_E_DX: case XOP_XCHG_R1632_E_BX: case XOP_XCHG_R1632_E_SP: case XOP_XCHG_R1632_E_BP: case XOP_XCHG_R1632_E_SI: case XOP_XCHG_R1632_E_DI: result = x86_read_instr_xchg_r1632_e_ax(data, pos, len, addr, prefix, proc); break; case XOP_MOV_AL_MOFFS8: result = x86_read_instr_mov_al_moffs8(data, pos, len, addr, prefix, proc); break; case XOP_MOV_E_AX_MOFFS1632: result = x86_read_instr_mov_e_ax_moffs1632(data, pos, len, addr, prefix, proc); break; case XOP_MOV_MOFFS8_AL: result = x86_read_instr_mov_moffs8_al(data, pos, len, addr, prefix, proc); break; case XOP_MOV_MOFFS1632_E_AX: result = x86_read_instr_mov_moffs1632_e_ax(data, pos, len, addr, prefix, proc); break; case XOP_TEST_AL_IMM8: result = x86_read_instr_test_al_imm8(data, pos, len, addr, prefix, proc); break; case XOP_TEST_E_AX_IMM1632: result = x86_read_instr_test_e_ax_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_SCAS_AL_M8: result = x86_read_instr_scas_al_m8(data, pos, len, addr, prefix, proc); break; case XOP_MOV_AL_IMM8: case XOP_MOV_CL_IMM8: case XOP_MOV_DL_IMM8: case XOP_MOV_BL_IMM8: case XOP_MOV_AH_IMM8: case XOP_MOV_CH_IMM8: case XOP_MOV_DH_IMM8: case XOP_MOV_BH_IMM8: result = x86_read_instr_mov_r8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_MOV_E_AX_IMM1632: case XOP_MOV_E_CX_IMM1632: case XOP_MOV_E_DX_IMM1632: case XOP_MOV_E_BX_IMM1632: case XOP_MOV_E_SP_IMM1632: case XOP_MOV_E_BP_IMM1632: case XOP_MOV_E_SI_IMM1632: case XOP_MOV_E_DI_IMM1632: result = x86_read_instr_mov_r1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_ROL_RM1632_IMM8: result = x86_read_instr_rol_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_ROR_RM1632_IMM8: result = x86_read_instr_ror_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_RCL_RM1632_IMM8: result = x86_read_instr_rcl_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_RCR_RM1632_IMM8: result = x86_read_instr_rcr_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SHL_RM1632_IMM8: result = x86_read_instr_shl_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SHR_RM1632_IMM8: result = x86_read_instr_shr_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SAL_RM1632_IMM8: result = x86_read_instr_sal_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SAR_RM1632_IMM8: result = x86_read_instr_sar_rm1632_imm8(data, pos, len, addr, prefix, proc); break; case XOP_RET: result = x86_read_instr_ret(data, pos, len, addr, prefix, proc); break; case XOP_MOV_RM8_IMM8: result = x86_read_instr_mov_rm8_imm8(data, pos, len, addr, prefix, proc); break; case XOP_MOV_RM1632_IMM1632: result = x86_read_instr_mov_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_LEAVE: result = x86_read_instr_leave(data, pos, len, addr, prefix, proc); break; case XOP_INT_3: result = x86_read_instr_int_3(data, pos, len, addr, prefix, proc); break; case XOP_INT: result = x86_read_instr_int_imm8(data, pos, len, addr, prefix, proc); break; case XOP_SHL_RM1632_CL: result = x86_read_instr_shl_rm1632_cl(data, pos, len, addr, prefix, proc); break; case XOP_CALL_REL1632: result = x86_read_instr_call_rel1632(data, pos, len, addr, prefix, proc); break; case XOP_JMP_REL1632: result = x86_read_instr_jmp_rel1632(data, pos, len, addr, prefix, proc); break; case XOP_JMP_REL8: result = x86_read_instr_jmp_rel8(data, pos, len, addr, prefix, proc); break; case XOP_HLT: result = x86_read_instr_hlt(data, pos, len, addr, prefix, proc); break; case XOP_TEST_RM1632_IMM1632: case XOP_TEST_RM1632_IMM1632_BIS: result = x86_read_instr_test_rm1632_imm1632(data, pos, len, addr, prefix, proc); break; case XOP_NOT_RM1632: result = x86_read_instr_not_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_IMUL_RM1632: result = x86_read_instr_imul_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_CLD: result = x86_read_instr_cld(data, pos, len, addr, prefix, proc); break; case XOP_CALL_RM1632: result = x86_read_instr_call_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_JMP_RM1632: result = x86_read_instr_jmp_rm1632(data, pos, len, addr, prefix, proc); break; case XOP_PUSH_RM1632: result = x86_read_instr_push_rm1632(data, pos, len, addr, prefix, proc); break; default: result = NULL; break; } if (result != NULL) g_x86_instruction_set_prefixes(G_X86_INSTRUCTION(result), prefix); return result; }