ULONG
ParseFltMemory(PUCHAR inString,
PUCHAR *outString,
POPTBLENTRY pEntry,
PULONG poffset)
{
ULONG instruction;
ULONG Fa;
ULONG Rb;
ULONG disp;
Fa = GetFltReg(inString, &inString);
if (!TestCharacter(inString, &inString, ','))
error(OPERAND);
disp = GetValue(inString, &inString, TRUE, WIDTH_MEM_DISP);
if (!TestCharacter(inString, &inString, '('))
error(OPERAND);
Rb = GetIntReg(inString, &inString);
if (!TestCharacter(inString, &inString, ')'))
error(OPERAND);
if (!TestCharacter(inString, &inString, '\0'))
error(EXTRACHARS);
instruction = OPCODE(pEntry->opCode) +
REG_A(Fa) +
REG_B(Rb) +
MEM_DISP(disp);
return(instruction);
}
BOOL
FIsIndirectJump(
BYTE * rgbBuffer,
DWORD cbBuff,
HTHDX hthd,
UOFFSET uoffset,
UOFFSET * lpuoffThunkDest,
LPDWORD lpdwThunkSize
)
{
// Alpha indirect (Dll Import) thunk looks like this:
// 0x277f0000 ldah t12, IAT(zero) // t12=r27
// 0xa37b0000 ldl t12, IAT(pv)
// 0x6bfb0000 jmp $31, (t12)
//
// Alpha Long BSR thunk looks like this:
// 0x279f0000, ldah at, hi_addr(zero)
// 0x239c0000, lda at, lo_addr(at)
// 0x6bfc0000, jmp $31, (at)
// 0x00000000 halt (maintain 16 byte align and puke if execute)
if (cbBuff >= 16) {
DWORD *Inst = (DWORD *)rgbBuffer;
DWORD ThunkSize = 0;
if ((OPCODE(*(Inst+0)) == 0x277f) &&
(OPCODE(*(Inst+1)) == 0xa37b) &&
(*(Inst+2) == 0x6bfb0000))
{
/* DLL Import case */
ThunkSize = 12;
}
else
if ((OPCODE(*(Inst+0)) == 0x279f) &&
(OPCODE(*(Inst+1)) == 0xa39c) &&
(*(Inst+2) == 0x6bfc0000) &&
(*(Inst+3) == 0x00000000))
{
/* Long BSR Case */
ThunkSize = 16;
}
if (ThunkSize) {
DWORD64 Address;
Address = (MEM_DISP(*(Inst+0)) << 16) + MEM_DISP(*(Inst+1));
if ( DbgReadMemory (
hthd->hprc,
Address,
lpuoffThunkDest,
sizeof(UOFFSET),
NULL) )
{
*lpdwThunkSize = ThunkSize;
return TRUE;
}
}
}
return FALSE;
}
