/* * decode_prefixes * * Extracts instruction prefixes. */ static int decode_prefixes(struct ud *u) { int done = 0; uint8_t curr, last = 0; UD_RETURN_ON_ERROR(u); do { last = curr; curr = inp_next(u); UD_RETURN_ON_ERROR(u); if (u->inp_ctr == MAX_INSN_LENGTH) { UD_RETURN_WITH_ERROR(u, "max instruction length"); } switch (curr) { case 0x2E: u->pfx_seg = UD_R_CS; break; case 0x36: u->pfx_seg = UD_R_SS; break; case 0x3E: u->pfx_seg = UD_R_DS; break; case 0x26: u->pfx_seg = UD_R_ES; break; case 0x64: u->pfx_seg = UD_R_FS; break; case 0x65: u->pfx_seg = UD_R_GS; break; case 0x67: /* adress-size override prefix */ u->pfx_adr = 0x67; break; case 0xF0: u->pfx_lock = 0xF0; break; case 0x66: u->pfx_opr = 0x66; break; case 0xF2: u->pfx_str = 0xf2; break; case 0xF3: u->pfx_str = 0xf3; break; default: /* consume if rex */ done = (u->dis_mode == 64 && (curr & 0xF0) == 0x40) ? 0 : 1; break; } } while (!done); /* rex prefixes in 64bit mode, must be the last prefix */ if (u->dis_mode == 64 && (last & 0xF0) == 0x40) { u->pfx_rex = last; } return 0; }
/* * decode_prefixes * * Extracts instruction prefixes. */ static int decode_prefixes(struct ud *u) { int done = 0; uint8_t curr; UD_RETURN_ON_ERROR(u); do { ud_inp_next(u); UD_RETURN_ON_ERROR(u); if (inp_len(u) == MAX_INSN_LENGTH) { UD_RETURN_WITH_ERROR(u, "max instruction length"); } curr = inp_curr(u); switch (curr) { case 0x2E : u->pfx_seg = UD_R_CS; break; case 0x36 : u->pfx_seg = UD_R_SS; break; case 0x3E : u->pfx_seg = UD_R_DS; break; case 0x26 : u->pfx_seg = UD_R_ES; break; case 0x64 : u->pfx_seg = UD_R_FS; break; case 0x65 : u->pfx_seg = UD_R_GS; break; case 0x67 : /* adress-size override prefix */ u->pfx_adr = 0x67; break; case 0xF0 : u->pfx_lock = 0xF0; break; case 0x66: u->pfx_opr = 0x66; break; case 0xF2: u->pfx_str = 0xf2; break; case 0xF3: u->pfx_str = 0xf3; break; default: done = 1; break; } } while (!done); if (u->dis_mode == 64 && (curr & 0xF0) == 0x40) { /* rex prefixes in 64bit mode, must be the last prefix */ u->pfx_rex = curr; } else { /* rewind back one byte in stream, since the above loop * stops with a non-prefix byte. */ inp_back(u); } return 0; }