/* -----------------------------------------------------------------------------
* resolve_gpr64() - 64bit General Purpose Register-Selection.
* -----------------------------------------------------------------------------
*/
static enum ud_type
resolve_gpr64(struct ud* u, enum ud_operand_code gpr_op)
{
if (gpr_op >= OP_rAXr8 && gpr_op <= OP_rDIr15)
gpr_op = (gpr_op - OP_rAXr8) | (REX_B(u->pfx_rex) << 3);
else gpr_op = (gpr_op - OP_rAX);
if (u->opr_mode == 16)
return gpr_op + UD_R_AX;
if (u->dis_mode == 32 ||
(u->opr_mode == 32 && ! (REX_W(u->pfx_rex) || u->default64))) {
return gpr_op + UD_R_EAX;
}
return gpr_op + UD_R_RAX;
}
/* -----------------------------------------------------------------------------
* decode_operands() - Disassembles Operands.
* -----------------------------------------------------------------------------
*/
static int
decode_operand(struct ud *u,
struct ud_operand *operand,
enum ud_operand_code type,
unsigned int size)
{
switch (type) {
case OP_A :
decode_a(u, operand);
break;
case OP_MR:
if (MODRM_MOD(modrm(u)) == 3) {
decode_modrm_rm(u, operand, T_GPR,
size == SZ_DY ? SZ_MDQ : SZ_V);
} else if (size == SZ_WV) {
decode_modrm_rm( u, operand, T_GPR, SZ_W);
} else if (size == SZ_BV) {
decode_modrm_rm( u, operand, T_GPR, SZ_B);
} else if (size == SZ_DY) {
decode_modrm_rm( u, operand, T_GPR, SZ_D);
} else {
assert(!"unexpected size");
}
break;
case OP_M:
if (MODRM_MOD(modrm(u)) == 3) {
u->error = 1;
}
/* intended fall through */
case OP_E:
decode_modrm_rm(u, operand, T_GPR, size);
break;
break;
case OP_G:
decode_modrm_reg(u, operand, T_GPR, size);
break;
case OP_I:
decode_imm(u, size, operand);
break;
case OP_I1:
operand->type = UD_OP_CONST;
operand->lval.udword = 1;
break;
case OP_PR:
if (MODRM_MOD(modrm(u)) != 3) {
u->error = 1;
}
decode_modrm_rm(u, operand, T_MMX, size);
break;
case OP_P:
decode_modrm_reg(u, operand, T_MMX, size);
break;
case OP_VR:
if (MODRM_MOD(modrm(u)) != 3) {
u->error = 1;
}
/* intended fall through */
case OP_W:
decode_modrm_rm(u, operand, T_XMM, size);
break;
case OP_V:
decode_modrm_reg(u, operand, T_XMM, size);
break;
case OP_S:
decode_modrm_reg(u, operand, T_SEG, size);
break;
case OP_AL:
case OP_CL:
case OP_DL:
case OP_BL:
case OP_AH:
case OP_CH:
case OP_DH:
case OP_BH:
operand->type = UD_OP_REG;
operand->base = UD_R_AL + (type - OP_AL);
operand->size = 8;
break;
case OP_DX:
operand->type = UD_OP_REG;
operand->base = UD_R_DX;
operand->size = 16;
break;
case OP_O:
decode_o(u, size, operand);
break;
case OP_rAXr8:
case OP_rCXr9:
case OP_rDXr10:
case OP_rBXr11:
case OP_rSPr12:
case OP_rBPr13:
case OP_rSIr14:
case OP_rDIr15:
case OP_rAX:
case OP_rCX:
case OP_rDX:
case OP_rBX:
case OP_rSP:
case OP_rBP:
case OP_rSI:
case OP_rDI:
operand->type = UD_OP_REG;
operand->base = resolve_gpr64(u, type, &operand->size);
break;
case OP_ALr8b:
case OP_CLr9b:
case OP_DLr10b:
case OP_BLr11b:
case OP_AHr12b:
case OP_CHr13b:
case OP_DHr14b:
case OP_BHr15b: {
ud_type_t gpr = (type - OP_ALr8b) + UD_R_AL
+ (REX_B(u->pfx_rex) << 3);
if (UD_R_AH <= gpr && u->pfx_rex) {
gpr = gpr + 4;
}
operand->type = UD_OP_REG;
operand->base = gpr;
break;
}
case OP_eAX:
case OP_eCX:
case OP_eDX:
case OP_eBX:
case OP_eSP:
case OP_eBP:
case OP_eSI:
case OP_eDI:
operand->type = UD_OP_REG;
operand->base = resolve_gpr32(u, type);
operand->size = u->opr_mode == 16 ? 16 : 32;
break;
case OP_ES:
case OP_CS:
case OP_DS:
case OP_SS:
case OP_FS:
case OP_GS:
/* in 64bits mode, only fs and gs are allowed */
if (u->dis_mode == 64) {
if (type != OP_FS && type != OP_GS) {
u->error= 1;
}
}
operand->type = UD_OP_REG;
operand->base = (type - OP_ES) + UD_R_ES;
operand->size = 16;
break;
case OP_J :
decode_imm(u, size, operand);
operand->type = UD_OP_JIMM;
break ;
case OP_Q:
decode_modrm_rm(u, operand, T_MMX, size);
break;
case OP_R :
decode_modrm_rm(u, operand, T_GPR, size);
break;
case OP_C:
decode_modrm_reg(u, operand, T_CRG, size);
break;
case OP_D:
decode_modrm_reg(u, operand, T_DBG, size);
break;
case OP_I3 :
operand->type = UD_OP_CONST;
operand->lval.sbyte = 3;
break;
case OP_ST0:
case OP_ST1:
case OP_ST2:
case OP_ST3:
case OP_ST4:
case OP_ST5:
case OP_ST6:
case OP_ST7:
operand->type = UD_OP_REG;
operand->base = (type - OP_ST0) + UD_R_ST0;
operand->size = 0;
break;
case OP_AX:
operand->type = UD_OP_REG;
operand->base = UD_R_AX;
operand->size = 16;
break;
default :
operand->type = UD_NONE;
break;
}
return 0;
}
/*
* decode_modrm_rm
*
* Decodes rm field of mod/rm byte
*
*/
static void
decode_modrm_rm(struct ud *u,
struct ud_operand *op,
unsigned char type,
unsigned int size)
{
unsigned char mod, rm, reg;
/* get mod, r/m and reg fields */
mod = MODRM_MOD(modrm(u));
rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(modrm(u));
reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(modrm(u));
op->size = resolve_operand_size(u, size);
/*
* If mod is 11b, then the modrm.rm specifies a register.
*
*/
if (mod == 3) {
op->type = UD_OP_REG;
if (type == T_GPR) {
op->base = decode_gpr(u, op->size, rm);
} else {
op->base = resolve_reg(u, type, (REX_B(u->pfx_rex) << 3) | (rm & 7));
}
return;
}
/*
* !11 => Memory Address
*/
op->type = UD_OP_MEM;
if (u->adr_mode == 64) {
op->base = UD_R_RAX + rm;
if (mod == 1) {
op->offset = 8;
} else if (mod == 2) {
op->offset = 32;
} else if (mod == 0 && (rm & 7) == 5) {
op->base = UD_R_RIP;
op->offset = 32;
} else {
op->offset = 0;
}
/*
* Scale-Index-Base (SIB)
*/
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
/* special conditions for base reference */
if (op->index == UD_R_RSP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
if (op->base == UD_R_RBP || op->base == UD_R_R13) {
if (mod == 0) {
op->base = UD_NONE;
}
if (mod == 1) {
op->offset = 8;
} else {
op->offset = 32;
}
}
}
} else if (u->adr_mode == 32) {
op->base = UD_R_EAX + rm;
if (mod == 1) {
op->offset = 8;
} else if (mod == 2) {
op->offset = 32;
} else if (mod == 0 && rm == 5) {
op->base = UD_NONE;
op->offset = 32;
} else {
op->offset = 0;
}
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
if (op->index == UD_R_ESP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
/* special condition for base reference */
if (op->base == UD_R_EBP) {
if (mod == 0) {
op->base = UD_NONE;
}
if (mod == 1) {
op->offset = 8;
} else {
op->offset = 32;
}
}
}
} else {
const unsigned int bases[] = { UD_R_BX, UD_R_BX, UD_R_BP, UD_R_BP,
UD_R_SI, UD_R_DI, UD_R_BP, UD_R_BX };
const unsigned int indices[] = { UD_R_SI, UD_R_DI, UD_R_SI, UD_R_DI,
UD_NONE, UD_NONE, UD_NONE, UD_NONE };
op->base = bases[rm & 7];
op->index = indices[rm & 7];
if (mod == 0 && rm == 6) {
op->offset= 16;
op->base = UD_NONE;
} else if (mod == 1) {
op->offset = 8;
} else if (mod == 2) {
op->offset = 16;
}
}
/*
* extract offset, if any
*/
switch (op->offset) {
case 8 : op->lval.ubyte = inp_uint8(u); break;
case 16: op->lval.uword = inp_uint16(u); break;
case 32: op->lval.udword = inp_uint32(u); break;
case 64: op->lval.uqword = inp_uint64(u); break;
default: break;
}
}
/* -----------------------------------------------------------------------------
* decode_operands() - Disassembles Operands.
* -----------------------------------------------------------------------------
*/
static int
decode_operand(struct ud *u,
struct ud_operand *operand,
enum ud_operand_code type,
unsigned int size)
{
operand->_oprcode = type;
switch (type) {
case OP_A :
decode_a(u, operand);
break;
case OP_MR:
decode_modrm_rm(u, operand, REGCLASS_GPR,
MODRM_MOD(modrm(u)) == 3 ?
Mx_reg_size(size) : Mx_mem_size(size));
break;
case OP_F:
u->br_far = 1;
/* intended fall through */
case OP_M:
if (MODRM_MOD(modrm(u)) == 3) {
UDERR(u, "expected modrm.mod != 3\n");
}
/* intended fall through */
case OP_E:
decode_modrm_rm(u, operand, REGCLASS_GPR, size);
break;
case OP_G:
decode_modrm_reg(u, operand, REGCLASS_GPR, size);
break;
case OP_sI:
case OP_I:
decode_imm(u, size, operand);
break;
case OP_I1:
operand->type = UD_OP_CONST;
operand->lval.udword = 1;
break;
case OP_N:
if (MODRM_MOD(modrm(u)) != 3) {
UDERR(u, "expected modrm.mod == 3\n");
}
/* intended fall through */
case OP_Q:
decode_modrm_rm(u, operand, REGCLASS_MMX, size);
break;
case OP_P:
decode_modrm_reg(u, operand, REGCLASS_MMX, size);
break;
case OP_U:
if (MODRM_MOD(modrm(u)) != 3) {
UDERR(u, "expected modrm.mod == 3\n");
}
/* intended fall through */
case OP_W:
decode_modrm_rm(u, operand, REGCLASS_XMM, size);
break;
case OP_V:
decode_modrm_reg(u, operand, REGCLASS_XMM, size);
break;
case OP_MU:
decode_modrm_rm(u, operand, REGCLASS_XMM,
MODRM_MOD(modrm(u)) == 3 ?
Mx_reg_size(size) : Mx_mem_size(size));
break;
case OP_S:
decode_modrm_reg(u, operand, REGCLASS_SEG, size);
break;
case OP_O:
decode_moffset(u, size, operand);
break;
case OP_R0:
case OP_R1:
case OP_R2:
case OP_R3:
case OP_R4:
case OP_R5:
case OP_R6:
case OP_R7:
decode_reg(u, operand, REGCLASS_GPR,
(REX_B(u->pfx_rex) << 3) | (type - OP_R0), size);
break;
case OP_AL:
case OP_AX:
case OP_eAX:
case OP_rAX:
decode_reg(u, operand, REGCLASS_GPR, 0, size);
break;
case OP_CL:
case OP_CX:
case OP_eCX:
decode_reg(u, operand, REGCLASS_GPR, 1, size);
break;
case OP_DL:
case OP_DX:
case OP_eDX:
decode_reg(u, operand, REGCLASS_GPR, 2, size);
break;
case OP_ES:
case OP_CS:
case OP_DS:
case OP_SS:
case OP_FS:
case OP_GS:
/* in 64bits mode, only fs and gs are allowed */
if (u->dis_mode == 64) {
if (type != OP_FS && type != OP_GS) {
UDERR(u, "invalid segment register in 64bits\n");
}
}
operand->type = UD_OP_REG;
operand->base = (type - OP_ES) + UD_R_ES;
operand->size = 16;
break;
case OP_J :
decode_imm(u, size, operand);
operand->type = UD_OP_JIMM;
break ;
case OP_R :
if (MODRM_MOD(modrm(u)) != 3) {
UDERR(u, "expected modrm.mod == 3\n");
}
decode_modrm_rm(u, operand, REGCLASS_GPR, size);
break;
case OP_C:
decode_modrm_reg(u, operand, REGCLASS_CR, size);
break;
case OP_D:
decode_modrm_reg(u, operand, REGCLASS_DB, size);
break;
case OP_I3 :
operand->type = UD_OP_CONST;
operand->lval.sbyte = 3;
break;
case OP_ST0:
case OP_ST1:
case OP_ST2:
case OP_ST3:
case OP_ST4:
case OP_ST5:
case OP_ST6:
case OP_ST7:
operand->type = UD_OP_REG;
operand->base = (type - OP_ST0) + UD_R_ST0;
operand->size = 80;
break;
default :
break;
}
return 0;
}
/*
* decode_modrm_rm
*
* Decodes rm field of mod/rm byte
*
*/
static void
decode_modrm_rm(struct ud *u,
struct ud_operand *op,
unsigned char type, /* register type */
unsigned int size) /* operand size */
{
size_t offset = 0;
unsigned char mod, rm;
/* get mod, r/m and reg fields */
mod = MODRM_MOD(modrm(u));
rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(modrm(u));
/*
* If mod is 11b, then the modrm.rm specifies a register.
*
*/
if (mod == 3) {
decode_reg(u, op, type, rm, size);
return;
}
/*
* !11b => Memory Address
*/
op->type = UD_OP_MEM;
op->size = resolve_operand_size(u, size);
if (u->adr_mode == 64) {
op->base = UD_R_RAX + rm;
if (mod == 1) {
offset = 8;
} else if (mod == 2) {
offset = 32;
} else if (mod == 0 && (rm & 7) == 5) {
op->base = UD_R_RIP;
offset = 32;
} else {
offset = 0;
}
/*
* Scale-Index-Base (SIB)
*/
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
/* special conditions for base reference */
if (op->index == UD_R_RSP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
if (op->base == UD_R_RBP || op->base == UD_R_R13) {
if (mod == 0) {
op->base = UD_NONE;
}
if (mod == 1) {
offset = 8;
} else {
offset = 32;
}
}
}
} else if (u->adr_mode == 32) {
op->base = UD_R_EAX + rm;
if (mod == 1) {
offset = 8;
} else if (mod == 2) {
offset = 32;
} else if (mod == 0 && rm == 5) {
op->base = UD_NONE;
offset = 32;
} else {
offset = 0;
}
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
if (op->index == UD_R_ESP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
/* special condition for base reference */
if (op->base == UD_R_EBP) {
if (mod == 0) {
op->base = UD_NONE;
}
if (mod == 1) {
offset = 8;
} else {
offset = 32;
}
}
}
} else {
const unsigned int bases[] = { UD_R_BX, UD_R_BX, UD_R_BP, UD_R_BP,
UD_R_SI, UD_R_DI, UD_R_BP, UD_R_BX };
const unsigned int indices[] = { UD_R_SI, UD_R_DI, UD_R_SI, UD_R_DI,
UD_NONE, UD_NONE, UD_NONE, UD_NONE };
op->base = bases[rm & 7];
op->index = indices[rm & 7];
if (mod == 0 && rm == 6) {
offset = 16;
op->base = UD_NONE;
} else if (mod == 1) {
offset = 8;
} else if (mod == 2) {
offset = 16;
}
}
if (offset) {
decode_mem_disp(u, offset, op);
}
}
/* -----------------------------------------------------------------------------
* disasm_operands() - Disassembles Operands.
* -----------------------------------------------------------------------------
*/
static int disasm_operands(register struct ud* u)
{
/* mopXt = map entry, operand X, type; */
enum ud_operand_code mop1t = u->itab_entry->operand1.type;
enum ud_operand_code mop2t = u->itab_entry->operand2.type;
enum ud_operand_code mop3t = u->itab_entry->operand3.type;
/* mopXs = map entry, operand X, size */
unsigned int mop1s = u->itab_entry->operand1.size;
unsigned int mop2s = u->itab_entry->operand2.size;
unsigned int mop3s = u->itab_entry->operand3.size;
/* iop = instruction operand */
register struct ud_operand* iop = u->operand;
switch(mop1t) {
case OP_A :
decode_a(u, &(iop[0]));
break;
/* M[b] ... */
case OP_M :
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
/* E, G/P/V/I/CL/1/S */
case OP_E :
if (mop2t == OP_G) {
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
else if (mop3t == OP_CL) {
iop[2].type = UD_OP_REG;
iop[2].base = UD_R_CL;
iop[2].size = 8;
}
}
else if (mop2t == OP_P)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_MMX);
else if (mop2t == OP_V)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_XMM);
else if (mop2t == OP_S)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_SEG);
else {
decode_modrm(u, &(iop[0]), mop1s, T_GPR, NULL, 0, T_NONE);
if (mop2t == OP_CL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_CL;
iop[1].size = 8;
} else if (mop2t == OP_I1) {
iop[1].type = UD_OP_CONST;
u->operand[1].lval.udword = 1;
} else if (mop2t == OP_I) {
decode_imm(u, mop2s, &(iop[1]));
}
}
break;
/* G, E/PR[,I]/VR */
case OP_G :
if (mop2t == OP_M) {
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_PR) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_VR) {
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
} else if (mop2t == OP_W)
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
break;
/* AL..BH, I/O/DX */
case OP_AL : case OP_CL : case OP_DL : case OP_BL :
case OP_AH : case OP_CH : case OP_DH : case OP_BH :
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_AL + (mop1t - OP_AL);
iop[0].size = 8;
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t == OP_DX) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_DX;
iop[1].size = 16;
}
else if (mop2t == OP_O)
decode_o(u, mop2s, &(iop[1]));
break;
/* rAX[r8]..rDI[r15], I/rAX..rDI/O */
case OP_rAXr8 : case OP_rCXr9 : case OP_rDXr10 : case OP_rBXr11 :
case OP_rSPr12: case OP_rBPr13: case OP_rSIr14 : case OP_rDIr15 :
case OP_rAX : case OP_rCX : case OP_rDX : case OP_rBX :
case OP_rSP : case OP_rBP : case OP_rSI : case OP_rDI :
iop[0].type = UD_OP_REG;
iop[0].base = resolve_gpr64(u, mop1t);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t >= OP_rAX && mop2t <= OP_rDI) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr64(u, mop2t);
}
else if (mop2t == OP_O) {
decode_o(u, mop2s, &(iop[1]));
iop[0].size = (uint8_t)resolve_operand_size(u, mop2s);
}
break;
/* AL[r8b]..BH[r15b], I */
case OP_ALr8b : case OP_CLr9b : case OP_DLr10b : case OP_BLr11b :
case OP_AHr12b: case OP_CHr13b: case OP_DHr14b : case OP_BHr15b :
{
ud_type_t gpr = (mop1t - OP_ALr8b) + UD_R_AL +
(REX_B(u->pfx_rex) << 3);
if (UD_R_AH <= gpr && u->pfx_rex)
gpr = gpr + 4;
iop[0].type = UD_OP_REG;
iop[0].base = gpr;
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
}
/* eAX..eDX, DX/I */
case OP_eAX : case OP_eCX : case OP_eDX : case OP_eBX :
case OP_eSP : case OP_eBP : case OP_eSI : case OP_eDI :
iop[0].type = UD_OP_REG;
iop[0].base = resolve_gpr32(u, mop1t);
if (mop2t == OP_DX) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_DX;
iop[1].size = 16;
} else if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* ES..GS */
case OP_ES : case OP_CS : case OP_DS :
case OP_SS : case OP_FS : case OP_GS :
/* in 64bits mode, only fs and gs are allowed */
if (u->dis_mode == 64)
if (mop1t != OP_FS && mop1t != OP_GS)
u->error= 1;
iop[0].type = UD_OP_REG;
iop[0].base = (mop1t - OP_ES) + UD_R_ES;
iop[0].size = 16;
break;
/* J */
case OP_J :
decode_imm(u, mop1s, &(iop[0]));
iop[0].type = UD_OP_JIMM;
break ;
/* PR, I */
case OP_PR:
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[0]), mop1s, T_MMX, NULL, 0, T_NONE);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* VR, I */
case OP_VR:
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[0]), mop1s, T_XMM, NULL, 0, T_NONE);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* P, Q[,I]/W/E[,I],VR */
case OP_P :
if (mop2t == OP_Q) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_MMX);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_W) {
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
} else if (mop2t == OP_VR) {
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_MMX);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
}
break;
/* R, C/D */
case OP_R :
if (mop2t == OP_C)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_CRG);
else if (mop2t == OP_D)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_DBG);
break;
/* C, R */
case OP_C :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_CRG);
break;
/* D, R */
case OP_D :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_DBG);
break;
/* Q, P */
case OP_Q :
decode_modrm(u, &(iop[0]), mop1s, T_MMX, &(iop[1]), mop2s, T_MMX);
break;
/* S, E */
case OP_S :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_SEG);
break;
/* W, V */
case OP_W :
decode_modrm(u, &(iop[0]), mop1s, T_XMM, &(iop[1]), mop2s, T_XMM);
break;
/* V, W[,I]/Q/M/E */
case OP_V :
if (mop2t == OP_W) {
/* special cases for movlps and movhps */
if (MODRM_MOD(inp_peek(u)) == 3) {
if (u->mnemonic == UD_Imovlps)
u->mnemonic = UD_Imovhlps;
else
if (u->mnemonic == UD_Imovhps)
u->mnemonic = UD_Imovlhps;
}
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_XMM);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_Q)
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
else if (mop2t == OP_M) {
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
} else if (mop2t == OP_PR) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
}
break;
/* DX, eAX/AL */
case OP_DX :
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_DX;
iop[0].size = 16;
if (mop2t == OP_eAX) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr32(u, mop2t);
} else if (mop2t == OP_AL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_AL;
iop[1].size = 8;
}
break;
/* I, I/AL/eAX */
case OP_I :
decode_imm(u, mop1s, &(iop[0]));
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t == OP_AL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_AL;
iop[1].size = 16;
} else if (mop2t == OP_eAX) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr32(u, mop2t);
}
break;
/* O, AL/eAX */
case OP_O :
decode_o(u, mop1s, &(iop[0]));
iop[1].type = UD_OP_REG;
iop[1].size = (uint8_t)resolve_operand_size(u, mop1s);
if (mop2t == OP_AL)
iop[1].base = UD_R_AL;
else if (mop2t == OP_eAX)
iop[1].base = resolve_gpr32(u, mop2t);
else if (mop2t == OP_rAX)
iop[1].base = resolve_gpr64(u, mop2t);
break;
/* 3 */
case OP_I3 :
iop[0].type = UD_OP_CONST;
iop[0].lval.sbyte = 3;
break;
/* ST(n), ST(n) */
case OP_ST0 : case OP_ST1 : case OP_ST2 : case OP_ST3 :
case OP_ST4 : case OP_ST5 : case OP_ST6 : case OP_ST7 :
iop[0].type = UD_OP_REG;
iop[0].base = (mop1t-OP_ST0) + UD_R_ST0;
iop[0].size = 0;
if (mop2t >= OP_ST0 && mop2t <= OP_ST7) {
iop[1].type = UD_OP_REG;
iop[1].base = (mop2t-OP_ST0) + UD_R_ST0;
iop[1].size = 0;
}
break;
/* AX */
case OP_AX:
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_AX;
iop[0].size = 16;
break;
/* none */
default :
iop[0].type = iop[1].type = iop[2].type = UD_NONE;
}
return 0;
}
/* -----------------------------------------------------------------------------
* decode_modrm() - Decodes ModRM Byte
* -----------------------------------------------------------------------------
*/
static void
decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s,
unsigned char rm_type, struct ud_operand *opreg,
unsigned int reg_size, unsigned char reg_type)
{
unsigned char mod, rm, reg;
inp_next(u);
/* get mod, r/m and reg fields */
mod = MODRM_MOD(inp_curr(u));
rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u));
reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u));
op->size = (uint8_t) resolve_operand_size(u, s);
/* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */
if (mod == 3) {
op->type = UD_OP_REG;
if (rm_type == T_GPR)
op->base = decode_gpr(u, op->size, rm);
else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7));
}
/* else its memory addressing */
else {
op->type = UD_OP_MEM;
/* 64bit addressing */
if (u->adr_mode == 64) {
op->base = UD_R_RAX + rm;
/* get offset type */
if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 32;
else if (mod == 0 && (rm & 7) == 5) {
op->base = UD_R_RIP;
op->offset = 32;
} else op->offset = 0;
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
/* special conditions for base reference */
if (op->index == UD_R_RSP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
if (op->base == UD_R_RBP || op->base == UD_R_R13) {
if (mod == 0)
op->base = UD_NONE;
if (mod == 1)
op->offset = 8;
else op->offset = 32;
}
}
}
/* 32-Bit addressing mode */
else if (u->adr_mode == 32) {
/* get base */
op->base = UD_R_EAX + rm;
/* get offset type */
if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 32;
else if (mod == 0 && rm == 5) {
op->base = UD_NONE;
op->offset = 32;
} else op->offset = 0;
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
if (op->index == UD_R_ESP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
/* special condition for base reference */
if (op->base == UD_R_EBP) {
if (mod == 0)
op->base = UD_NONE;
if (mod == 1)
op->offset = 8;
else op->offset = 32;
}
}
}
/* 16bit addressing mode */
else {
switch (rm) {
case 0: op->base = UD_R_BX; op->index = UD_R_SI; break;
case 1: op->base = UD_R_BX; op->index = UD_R_DI; break;
case 2: op->base = UD_R_BP; op->index = UD_R_SI; break;
case 3: op->base = UD_R_BP; op->index = UD_R_DI; break;
case 4: op->base = UD_R_SI; break;
case 5: op->base = UD_R_DI; break;
case 6: op->base = UD_R_BP; break;
case 7: op->base = UD_R_BX; break;
}
if (mod == 0 && rm == 6) {
op->offset= 16;
op->base = UD_NONE;
}
else if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 16;
}
}
/* extract offset, if any */
switch(op->offset) {
case 8 : op->lval.ubyte = inp_uint8(u); break;
case 16: op->lval.uword = inp_uint16(u); break;
case 32: op->lval.udword = inp_uint32(u); break;
default: break;
}
/* resolve register encoded in reg field */
if (opreg) {
opreg->type = UD_OP_REG;
opreg->size = (uint8_t)resolve_operand_size(u, reg_size);
if (reg_type == T_GPR)
opreg->base = decode_gpr(u, opreg->size, reg);
else opreg->base = resolve_reg(u, reg_type, reg);
}
}
/* Searches the instruction tables for the right entry.
*/
static int search_itab( struct ud * u )
{
struct ud_itab_entry * e = NULL;
enum ud_itab_index table;
uint8_t peek;
uint8_t did_peek = 0;
uint8_t curr;
uint8_t index;
/* if in state of error, return */
if ( u->error )
return -1;
/* get first byte of opcode. */
inp_next(u);
if ( u->error )
return -1;
curr = inp_curr(u);
/* resolve xchg, nop, pause crazyness */
if ( 0x90 == curr ) {
if ( !( u->dis_mode == 64 && REX_B( u->pfx_rex ) ) ) {
if ( u->pfx_rep ) {
u->pfx_rep = 0;
e = & ie_pause;
} else {
e = & ie_nop;
}
goto found_entry;
}
}
/* get top-level table */
if ( 0x0F == curr ) {
table = ITAB__0F;
curr = inp_next(u);
if ( u->error )
return -1;
/* 2byte opcodes can be modified by 0x66, F3, and F2 prefixes */
if ( 0x66 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSE66__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSE66__0F;
u->pfx_opr = 0;
}
} else if ( 0xF2 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSEF2__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSEF2__0F;
u->pfx_repne = 0;
}
} else if ( 0xF3 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSEF3__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSEF3__0F;
u->pfx_repe = 0;
u->pfx_rep = 0;
}
}
/* pick an instruction from the 1byte table */
} else {
table = ITAB__1BYTE;
}
index = curr;
search:
e = & ud_itab_list[ table ][ index ];
/* if mnemonic constant is a standard instruction constant
* our search is over.
*/
if ( e->mnemonic < UD_Id3vil ) {
if ( e->mnemonic == UD_Iinvalid ) {
if ( did_peek ) {
inp_next( u ); if ( u->error ) return -1;
}
goto found_entry;
}
goto found_entry;
}
table = e->prefix;
switch ( e->mnemonic )
{
case UD_Igrp_reg:
peek = inp_peek( u );
did_peek = 1;
index = MODRM_REG( peek );
break;
case UD_Igrp_mod:
peek = inp_peek( u );
did_peek = 1;
index = MODRM_MOD( peek );
if ( index == 3 )
index = ITAB__MOD_INDX__11;
else
index = ITAB__MOD_INDX__NOT_11;
break;
case UD_Igrp_rm:
curr = inp_next( u );
did_peek = 0;
if ( u->error )
return -1;
index = MODRM_RM( curr );
break;
case UD_Igrp_x87:
curr = inp_next( u );
did_peek = 0;
if ( u->error )
return -1;
index = curr - 0xC0;
break;
case UD_Igrp_osize:
if ( u->opr_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->opr_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_asize:
if ( u->adr_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->adr_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_mode:
if ( u->dis_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->dis_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_vendor:
if ( u->vendor == UD_VENDOR_INTEL )
index = ITAB__VENDOR_INDX__INTEL;
else if ( u->vendor == UD_VENDOR_AMD )
index = ITAB__VENDOR_INDX__AMD;
/* else */
/* assert( !"unrecognized vendor id" ); */
break;
case UD_Id3vil:
/* assert( !"invalid instruction mnemonic constant Id3vil" ); */
break;
default:
/* assert( !"invalid instruction mnemonic constant" ); */
break;
}
goto search;
found_entry:
u->itab_entry = e;
u->mnemonic = u->itab_entry->mnemonic;
return 0;
}