static void decompile(void) { int b; char *s; col = 0; prefix = 0; modrmv = -1; /* No modrm byte yet */ sibv = -1; /* No SIB byte yet */ #if 0 opsize = 32; addrsize = 32; #endif ubufp = ubuf; /* Reset internal buffer */ insl = 0; /* Reset instruction length */ b = getbyte(); wordop = b & 1; must_do_size = do_size; s = opmap1[b]; /* Do primary decode */ if(s == 0) { /* Invalid instruction? ... */ uputchar('D'); /* ... then output byte define */ uputchar('B'); uputchar('\t'); uprintf("%02X", b); } else { ua_str(s); /* Valid instruction */ } fprintf(listfp, "%*s", 15 - col, " "); col = 15 + strlen(ubuf); do { uputchar(' '); col++; } while (col < 43); fprintf(listfp, "%s\n", ubuf); }
long unassemble(unsigned long addr, unsigned long offset) { char *str; int c, c2; int done = 0; gDisassemblyAddress = (word8*)(addr + offset); gDisassemblyOutputBuf[0] = 0; gDisassemblyOutputBufIndex = 0; // gDisassemblyOutputBufIndex += // sprintf(gDisassemblyOutputBuf + gDisassemblyOutputBufIndex, // "%04X ", ofs); prefix = 0; modrmv = sibv = -1; /* set modrm and sib flags */ opsize = addrsize = seg_size; col = 0; ubufp = ubuf; done_space = 0; instruction_length = 0; instruction_offset = offset; c = getbyte(); if (c == 0xc3 || c == 0xc2) // if ret instruction done = 1; wordop = c & 1; patch87 = 0; must_do_size = do_size; if (do_emul87) { if (c==0xcd) { /* wanna do emu '87 and ->ing to int? */ c2 = silent_getbyte(); if (c2 >= 0x34 && c2 <= 0x3E) patch87 = 1; /* emulated instruction! => must repatch two bytes */ silent_returnbyte((word8)c2); c -= 0x32; } } if ((str = opmap1[(unsigned char)c])==NULL) { /* invalid instruction? */ uputchar('d'); /* then output byte defines */ uputchar('b'); uputchar('\t'); uprintf(do_hex?"%02X":"%02Xh",c); } else { ua_str(str); /* valid instruction */ } gDisassemblyOutputBufIndex += sprintf_s(gDisassemblyOutputBuf + gDisassemblyOutputBufIndex, sizeof(gDisassemblyOutputBuf), "%*s", 15-col, " "); col = 15 + strlen(ubuf); do { uputchar(' '); col++; } while (col < 43); gDisassemblyOutputBufIndex += sprintf_s(gDisassemblyOutputBuf + gDisassemblyOutputBufIndex, sizeof(gDisassemblyOutputBuf), "%s", ubuf); return done ? 0 : (long)instruction_length; }
static void floating_point(int e1) { int esc = e1*8 + reg(modrm()); if (mod(modrm()) == 3) { if (fspecial[esc]) { if(fspecial[esc][0] && fspecial[esc][0][0] == '*') { ua_str(fspecial[esc][0]+1); } else { if(fspecial[esc][rm(modrm())]) ua_str(fspecial[esc][rm(modrm())]); } } else { ua_str(floatops[esc]); ua_str(" %EF"); } } else { ua_str(floatops[esc]); ua_str(" %EF"); } }
void do_sib(int m) { int s, i, b; s = ss(sib()); i = indx(sib()); b = base(sib()); switch (b) { case 0: ua_str("%p:[eax"); break; case 1: ua_str("%p:[ecx"); break; case 2: ua_str("%p:[edx"); break; case 3: ua_str("%p:[ebx"); break; case 4: ua_str("%p:[esp"); break; case 5: if (m == 0) { ua_str("%p:["); ohex('d', 4, 0, addrsize); } else ua_str("%p:[ebp"); break; case 6: ua_str("%p:[esi"); break; case 7: ua_str("%p:[edi"); break; } switch (i) { case 0: uprintf("+eax"); break; case 1: uprintf("+ecx"); break; case 2: uprintf("+edx"); break; case 3: uprintf("+ebx"); break; case 4: break; case 5: uprintf("+ebp"); break; case 6: uprintf("+esi"); break; case 7: uprintf("+edi"); break; } if (i != 4) switch (s) { case 0: uprintf(""); break; case 1: uprintf("*2"); break; case 2: uprintf("*4"); break; case 3: uprintf("*8"); break; } }
/*------------------------------------------------------------------------*/ static void do_sib(int m) { int s, i, b; s = SCALE(sib()); i = INDEX(sib()); b = BASE(sib()); switch (b) { /* pick base */ case 0: ua_str("%p:[eax"); break; case 1: ua_str("%p:[ecx"); break; case 2: ua_str("%p:[edx"); break; case 3: ua_str("%p:[ebx"); break; case 4: ua_str("%p:[esp"); break; case 5: if (m == 0) { ua_str("%p:["); //Flags already set outhex('d', 4, 0, addrsize, 0); } else { ua_str("%p:[ebp"); } break; case 6: ua_str("%p:[esi"); break; case 7: ua_str("%p:[edi"); break; } switch (i) { /* and index */ case 0: uprintf("+eax"); break; case 1: uprintf("+ecx"); break; case 2: uprintf("+edx"); break; case 3: uprintf("+ebx"); break; case 4: break; case 5: uprintf("+ebp"); break; case 6: uprintf("+esi"); break; case 7: uprintf("+edi"); break; } if (i != 4) switch (s) { /* and scale */ case 0: uprintf(""); break; case 1: uprintf("*2"); break; case 2: uprintf("*4"); break; case 3: uprintf("*8"); break; } }
static void do_sib(int m) { int s, i, b; s = SCALE(sib()); i = INDEX(sib()); b = BASE(sib()); switch(b) { /* Pick base */ case 0: ua_str("%p:[EAX"); break; case 1: ua_str("%p:[ECX"); break; case 2: ua_str("%p:[EDX"); break; case 3: ua_str("%p:[EBX"); break; case 4: ua_str("%p:[ESP"); break; case 5: if(m == 0) { ua_str("%p:["); outhex('d', 4, 0, addrsize, 0); } else { ua_str("%p:[EBP"); } break; case 6: ua_str("%p:[ESI"); break; case 7: ua_str("%p:[EDI"); break; } switch(i) { /* and index */ case 0: uprintf("+EAX"); break; case 1: uprintf("+ECX"); break; case 2: uprintf("+EDX"); break; case 3: uprintf("+EBX"); break; case 4: break; case 5: uprintf("+EBP"); break; case 6: uprintf("+ESI"); break; case 7: uprintf("+EDI"); break; } if(i != 4) { switch(s) { /* and scale */ case 0: uprintf(""); break; case 1: uprintf("*2"); break; case 2: uprintf("*4"); break; case 3: uprintf("*8"); break; } } }
//--------------------------------------------------------------------------- static BOOL INTUnassemble( void ) { char *str; BYTE c, c2; prefix = 0; modrmv = sibv = -1; /* set modrm and sib flags */ opsize = addrsize = (Info->Flags&DISASM_SEG_SIZE16?16:32); must_do_size = Info->Flags&DISASM_DO_SIZE; do_distance = Info->Flags&DISASM_DISTOUT; ubufp = NULL; patch87 = 0; c = getbyte(); wordop = c & 1; if (Info->Flags&DISASM_DO_EMUL87) { if (c==0xcd) { // wanna do emu '87 and ->ing to int? BOOL col = FALSE; c2 = Info->getbyte(&col); if ( col ) longjmp(reached_eof, 1); if (c2 >= 0x34 && c2 <= 0x3E) patch87 = 1; // emulated instruction! => must repatch two bytes Info->returnbyte(c2); c -= 0x32; } } if ( (str=GetOP(c)) == NULL ) { // invalid instruction? uprintf( "db\t%s",Info->HexDigit(c) ); SET_FLAG( Info->CurrentFlags,DISASM_FL_NOP ); } else // valid instruction ua_str(str); return Info->instruction_length > 0; }
static char *unasm(int segmentsize) { seg_size=segmentsize; prefix = 0; modrmv = sibv = -1; opsize = addrsize = seg_size; ubufp = ubuf; memset(ubuf,0,100); //sprintf(ubuf,"%04X:%08lX ",codeseg,codeoff); ubufp2=ubuf+COL_DUMP; ubufp2end=ubuf+COL_INST-2; ubufp=COL_INST+ubuf; ua_str(opmap1[getbyte()]); while(--ubufp>=ubuf) if(!*ubufp) *ubufp=' '; return(ubuf); }
static void floating_point(int e1) { int esc = e1*8 + REG(modrm()); if(MOD(modrm()) == 3) { if(fspecial[esc]) { if(fspecial[esc][0][0] == '*') { ua_str(fspecial[esc][0]+1); } else { ua_str(fspecial[esc][RM(modrm())]); } } else { ua_str(floatops[esc]); ua_str(" %EF"); } } else { ua_str(floatops[esc]); ua_str(" %EF"); } }
static void do_modrm(char subtype) { int mod = MOD(modrm()); int rm = RM(modrm()); int extend = (addrsize == 32) ? 4 : 2; if(mod == 3) { /* Specifies two registers */ reg_name(rm, subtype); return; } if(must_do_size) { if(wordop) { if(addrsize == 32 || opsize == 32) ua_str("DWORD@PTR@"); else ua_str("WORD@PTR@"); } else ua_str("BYTE@PTR@"); } if((mod == 0) && (rm == 5) && (addrsize == 32)) { /* Mem operand with 32 bit offset */ ua_str("%p:["); outhex('d', extend, 0, addrsize, 0); uputchar(']'); return; } if((mod == 0) && (rm == 6) && (addrsize == 16)) { /* 16 bit displacement */ ua_str("%p:["); outhex('w', extend, 0, addrsize, 0); uputchar(']'); return; } if((addrsize != 32) || (rm != 4)) ua_str("%p:["); if(addrsize == 16) { switch(rm) { case 0: uprintf("BX+SI"); break; case 1: uprintf("BX+DI"); break; case 2: uprintf("BP+SI"); break; case 3: uprintf("BP+DI"); break; case 4: uprintf("SI"); break; case 5: uprintf("DI"); break; case 6: uprintf("BP"); break; case 7: uprintf("BX"); break; } } else { switch(rm) { case 0: uprintf("EAX"); break; case 1: uprintf("ECX"); break; case 2: uprintf("EDX"); break; case 3: uprintf("EBX"); break; case 4: do_sib(mod); break; case 5: uprintf("EBP"); break; case 6: uprintf("ESI"); break; case 7: uprintf("EDI"); break; } } switch(mod) { case 1: outhex('b', extend, 1, addrsize, 0); break; case 2: outhex('v', extend, 1, addrsize, 1); break; } uputchar(']'); }
/* Main table driver */ static void percent( char type, char subtype ) { DWORD vofs; int extend = (addrsize == 32) ? 4 : 2; BYTE c; switch (type) { case 'A': /* direct address */ SET_FLAG( Info->CurrentFlags,DISASM_FL_CODE ); outhex(subtype, extend, 0, addrsize, 0); CLR_FLAG( Info->CurrentFlags,DISASM_FL_CODE ); break; case 'C': /* reg(r/m) picks control reg */ uprintf("C%d", REG(modrm())); must_do_size = 0; break; case 'D': /* reg(r/m) picks debug reg */ uprintf("D%d", REG(modrm())); must_do_size = 0; break; case 'E': /* r/m picks operand */ do_modrm(subtype); break; case 'G': /* reg(r/m) picks register */ if (subtype == 'F') /* 80*87 operand? */ reg_name(RM(modrm()), subtype); else reg_name(REG(modrm()), subtype); must_do_size = 0; break; case 'I': /* immed data */ SET_FLAG( Info->CurrentFlags,DISASM_FL_DATA ); outhex(subtype, 0, 0, opsize, 0); CLR_FLAG( Info->CurrentFlags,DISASM_FL_DATA ); break; case 'J': /* relative IP offset */ vofs = 0; switch(bytes(subtype)) { /* sizeof offset value */ case 1: vofs = (DWORD)getbyte(); break; case 2: vofs = (DWORD)getbyte(); vofs |= (DWORD)getbyte() << 8; vofs &= 0xFFFFu; break; case 4: vofs = (DWORD)getbyte(); /* yuk! */ vofs |= (DWORD)getbyte() << 8; vofs |= (DWORD)getbyte() << 16; vofs |= (DWORD)getbyte() << 24; break; } SET_FLAG( Info->CurrentFlags,DISASM_FL_CODE|DISASM_FL_OFFSET ); uprintf("%s", addr_to_hex(vofs + Info->instruction_length,1,bytes(subtype)) ); CLR_FLAG( Info->CurrentFlags,DISASM_FL_CODE|DISASM_FL_OFFSET ); break; case 'K': if (do_distance==0) break; switch (subtype) { case 'f': uprintf( Info->GetStringName(DISASM_ID_FAR) ); uputchar(' '); break; case 'n': uprintf( Info->GetStringName(DISASM_ID_NEAR) ); uputchar(' '); break; case 's': uprintf( Info->GetStringName(DISASM_ID_SHORT) ); uputchar(' '); break; } break; case 'M': /* r/m picks memory */ do_modrm(subtype); break; case 'O': /* offset only */ ua_str("%p:["); SET_FLAG( Info->CurrentFlags,DISASM_FL_REF ); outhex(subtype, extend, 0, addrsize, 0); CLR_FLAG( Info->CurrentFlags,DISASM_FL_REF ); uputchar(']'); break; case 'P': /* prefix byte (rh) */ ua_str("%p:"); break; case 'R': /* mod(r/m) picks register */ reg_name(REG(modrm()), subtype); /* rh */ must_do_size = 0; break; case 'S': /* reg(r/m) picks segment reg */ uputchar("ecsdfg"[REG(modrm())]); uputchar('s'); must_do_size = 0; break; case 'T': /* reg(r/m) picks T reg */ uprintf("tr%d", REG(modrm())); must_do_size = 0; break; case 'X': /* ds:si type operator */ uprintf("ds:["); if (addrsize == 32) uputchar('e'); uprintf("si]"); break; case 'Y': /* es:di type operator */ uprintf("es:["); if (addrsize == 32) uputchar('e'); uprintf("di]"); break; case '2': /* old [pop cs]! now indexes */ ua_str(second[getbyte()]); /* instructions in 386/486 */ break; case 'g': /* modrm group `subtype' (0--7) */ ua_str( GetOPGroup(subtype) ); break; case 'd': /* sizeof operand==dword? */ if (opsize == 32) uputchar('d'); uputchar(subtype); break; case 'w': /* insert explicit size specifier */ if (opsize == 32) uputchar('d'); else uputchar('w'); uputchar(subtype); break; case 'e': /* extended reg name */ if (opsize == 32) { if (subtype == 'w') uputchar('d'); else { uputchar('e'); uputchar(subtype); } } else uputchar(subtype); break; case 'f': /* '87 opcode */ floating_point(subtype-'0'); break; case 'j': if (addrsize==32 || opsize==32) /* both of them?! */ uputchar('e'); break; case 'p': /* prefix byte */ switch (subtype) { case 'c': case 'd': case 'e': case 'f': case 'g': case 's': prefix = subtype; c = getbyte(); wordop = c & 1; ua_str( GetOP(c) ); break; case ':': if (prefix) uprintf("%cs:", prefix); break; case ' ': c = getbyte(); wordop = c & 1; ua_str( GetOP(c) ); break; } break; case 's': /* size override */ switch (subtype) { case 'a': addrsize = 48 - addrsize; c = getbyte(); wordop = c & 1; ua_str( GetOP(c) ); break; case 'o': opsize = 48 - opsize; c = getbyte(); wordop = c & 1; ua_str( GetOP(c) ); break; } break; } }
/*------------------------------------------------------------------------*/ static void do_modrm(char subtype) { int mod = MOD(modrm()); int rm = RM(modrm()); int extend = (addrsize == 32) ? 4 : 2; /* specifies two registers */ if (mod == 3) { reg_name(rm, subtype); return; } if (must_do_size) { if (wordop) { if (addrsize==32 || opsize==32) /* then must specify size */ uprintf( Info->GetStringName(DISASM_ID_DWORD_PTR) ); else uprintf( Info->GetStringName(DISASM_ID_WORD_PTR) ); } else uprintf( Info->GetStringName(DISASM_ID_BYTE_PTR) ); uputchar(' '); } /* mem operand with 32 bit ofs */ if ((mod == 0) && (rm == 5) && (addrsize == 32)) { ua_str("%p:["); SET_FLAG( Info->CurrentFlags,DISASM_FL_REF ); outhex('d', extend, 0, addrsize, 0); CLR_FLAG( Info->CurrentFlags,DISASM_FL_REF ); uputchar(']'); } else /* 16 bit dsplcmnt */ if ((mod == 0) && (rm == 6) && (addrsize == 16)) { ua_str("%p:["); SET_FLAG( Info->CurrentFlags,DISASM_FL_REF ); outhex('w', extend, 0, addrsize, 0); CLR_FLAG( Info->CurrentFlags,DISASM_FL_REF ); uputchar(']'); } else { /*All other*/ if ( (addrsize != 32) || (rm != 4) ) ua_str("%p:["); SET_FLAG( Info->CurrentFlags,DISASM_FL_REF | DISASM_FL_REFADD ); if (addrsize == 16) switch (rm) { case 0: uprintf("bx+si"); break; case 1: uprintf("bx+di"); break; case 2: uprintf("bp+si"); break; case 3: uprintf("bp+di"); break; case 4: uprintf("si"); break; case 5: uprintf("di"); break; case 6: uprintf("bp"); break; case 7: uprintf("bx"); break; } else switch (rm) { case 0: uprintf("eax"); break; case 1: uprintf("ecx"); break; case 2: uprintf("edx"); break; case 3: uprintf("ebx"); break; case 4: do_sib(mod); break; case 5: uprintf("ebp"); break; case 6: uprintf("esi"); break; case 7: uprintf("edi"); break; } switch (mod) { case 1: outhex('b', extend, 1, addrsize, 0); break; case 2: outhex('v', extend, 1, addrsize, 1); break; } CLR_FLAG( Info->CurrentFlags,DISASM_FL_REF | DISASM_FL_REFADD ); uputchar(']'); } }
/* Main table driver */ static void percent(char type, char subtype) { int32 vofs; char *name; int extend = (addrsize == 32) ? 4 : 2; char c; switch (type) { case 'A': /* direct address */ outhex(subtype, extend, 0, addrsize, 0); break; case 'C': /* reg(r/m) picks control reg */ uprintf("C%d", REG(modrm())); must_do_size = 0; break; case 'D': /* reg(r/m) picks debug reg */ uprintf("D%d", REG(modrm())); must_do_size = 0; break; case 'E': /* r/m picks operand */ do_modrm(subtype); break; case 'G': /* reg(r/m) picks register */ if (subtype == 'F') /* 80*87 operand? */ reg_name(RM(modrm()), subtype); else reg_name(REG(modrm()), subtype); must_do_size = 0; break; case 'I': /* immed data */ outhex(subtype, 0, 0, opsize, 0); break; case 'J': /* relative IP offset */ switch(bytes(subtype)) { /* sizeof offset value */ case 1: vofs = (int8)getbyte(); break; case 2: vofs = getbyte(); vofs += getbyte()<<8; vofs = (int16)vofs; break; case 4: vofs = (word32)getbyte(); /* yuk! */ vofs |= (word32)getbyte() << 8; vofs |= (word32)getbyte() << 16; vofs |= (word32)getbyte() << 24; break; } name = addr_to_hex(vofs+instruction_offset,1); uprintf("%s", name); break; case 'K': if (do_distance==0) break; switch (subtype) { case 'f': ua_str("far "); break; case 'n': ua_str("near "); break; case 's': ua_str("short "); break; } break; case 'M': /* r/m picks memory */ do_modrm(subtype); break; case 'O': /* offset only */ ua_str("%p:["); outhex(subtype, extend, 0, addrsize, 0); uputchar(']'); break; case 'P': /* prefix byte (rh) */ ua_str("%p:"); break; case 'R': /* mod(r/m) picks register */ reg_name(REG(modrm()), subtype); /* rh */ must_do_size = 0; break; case 'S': /* reg(r/m) picks segment reg */ uputchar("ecsdfg"[REG(modrm())]); uputchar('s'); must_do_size = 0; break; case 'T': /* reg(r/m) picks T reg */ uprintf("tr%d", REG(modrm())); must_do_size = 0; break; case 'X': /* ds:si type operator */ uprintf("ds:["); if (addrsize == 32) uputchar('e'); uprintf("si]"); break; case 'Y': /* es:di type operator */ uprintf("es:["); if (addrsize == 32) uputchar('e'); uprintf("di]"); break; case '2': /* old [pop cs]! now indexes */ ua_str(second[getbyte()]); /* instructions in 386/486 */ break; case 'g': /* modrm group `subtype' (0--7) */ ua_str(groups[subtype-'0'][REG(modrm())]); break; case 'd': /* sizeof operand==dword? */ if (opsize == 32) uputchar('d'); uputchar(subtype); break; case 'w': /* insert explicit size specifier */ if (opsize == 32) uputchar('d'); else uputchar('w'); uputchar(subtype); break; case 'e': /* extended reg name */ if (opsize == 32) { if (subtype == 'w') uputchar('d'); else { uputchar('e'); uputchar(subtype); } } else uputchar(subtype); break; case 'f': /* '87 opcode */ floating_point(subtype-'0'); break; case 'j': if (addrsize==32 || opsize==32) /* both of them?! */ uputchar('e'); break; case 'p': /* prefix byte */ switch (subtype) { case 'c': case 'd': case 'e': case 'f': case 'g': case 's': prefix = subtype; c = getbyte(); wordop = c & 1; ua_str(opmap1[(unsigned char)c]); break; case ':': if (prefix) uprintf("%cs:", prefix); break; case ' ': c = getbyte(); wordop = c & 1; ua_str(opmap1[(unsigned char)c]); break; } break; case 's': /* size override */ switch (subtype) { case 'a': addrsize = 48 - addrsize; c = getbyte(); wordop = c & 1; ua_str(opmap1[(unsigned char)c]); /* ua_str(opmap1[getbyte()]); */ break; case 'o': opsize = 48 - opsize; c = getbyte(); wordop = c & 1; ua_str(opmap1[(unsigned char)c]); /* ua_str(opmap1[getbyte()]); */ break; } break; } }
static void percent(char type, char subtype) { unsigned int vofs = 0; char *name; int extend = (addrsize == 32) ? 4 : 2; unsigned char c; switch(type) { case 'A': /* Direct address */ outhex(subtype, extend, 0, addrsize, 0); break; case 'C': /* reg(r/m) picks control reg */ uprintf("CR%d", REG(modrm())); must_do_size = 0; break; case 'D': /* reg(r/m) picks debug reg */ uprintf("DR%d", REG(modrm())); must_do_size = 0; break; case 'E': /* r/m picks operand */ do_modrm(subtype); break; case 'G': /* reg(r/m) picks register */ if(subtype == 'f') reg_name(RM(modrm()), subtype); else reg_name(REG(modrm()), subtype); must_do_size = 0; break; case 'I': /* Immediate data */ outhex(subtype, 0, 0, opsize, 0); break; case 'J': /* Relative IP offset */ switch(bytes(subtype)) {/* Size of offset value */ case 1: vofs = (unsigned int) (signed char) getbyte(); break; case 2: vofs = getbyte(); vofs += getbyte() << 8; vofs = (unsigned int) (signed short) vofs; break; case 4: vofs = (unsigned int) getbyte(); vofs |= (unsigned int) getbyte() << 8; vofs |= (unsigned int) getbyte() << 16; vofs |= (unsigned int) getbyte() << 24; break; } name = addr_to_hex((int) (vofs + inst_offset)); uprintf("%s", name); break; case 'K': switch(subtype) { case 'f': ua_str("FAR@"); break; case 'n': ua_str("NEAR@"); break; case 's': ua_str("SHORT@"); break; } break; case 'M': /* r/m picks memory */ do_modrm(subtype); break; case 'O': /* Offset only */ ua_str("%p:["); outhex(subtype, extend, 0, addrsize, 0); uputchar(']'); break; case 'P': /* Prefix byte */ ua_str("%p:"); break; case 'R': /* mod(r/m) picks register */ reg_name(REG(modrm()), subtype); must_do_size = 0; break; case 'S': /* reg(r/m) picks segment register */ uputchar("ECSDFG"[REG(modrm())]); uputchar('S'); must_do_size = 0; break; case 'T': /* reg(r/m) picks T reg */ uprintf("TR%d", REG(modrm())); must_do_size = 0; break; case 'X': /* DS:SI type operator */ uprintf("DS:["); if(addrsize == 32) uputchar('E'); uprintf("SI]"); break; case 'Y': /* ES:DI type operator */ uprintf("ES:["); if(addrsize == 32) uputchar('E'); uprintf("DI]"); break; case '2': /* Extended decode with second byte */ ua_str(second[getbyte()]); break; case 'g': /* modrm group 'subtype' (0--7) */ ua_str(groups[subtype-'0'][REG(modrm())]); break; case 'd': /* Size of operand == dword? */ if(opsize == 32) uputchar('D'); uputchar(subtype);/* No real subtype; following char */ break; case 'w': /* Insert explicit size specifier */ if(opsize == 32) uputchar('D'); else uputchar('W'); uputchar(subtype);/* No real subtype; following char */ break; case 'e': /* Extended reg name */ if(opsize == 32) { if(subtype == 'w') uputchar('D'); else { uputchar('E'); uputchar(subtype); } } else uputchar(subtype); break; case 'f': /* 80x87 opcode */ floating_point(subtype-'0'); break; case 'j': if(addrsize == 32 || opsize == 32) /* both of them?! */ uputchar('E'); break; case 'p': /* Prefix byte */ switch(subtype) { case 'C': case 'D': case 'E': case 'F': case 'G': case 'S': prefix = subtype; c = getbyte(); wordop = c & 1; ua_str(opmap1[c]); break; case ':': if(prefix) uprintf("%cS:", prefix); break; case ' ': c = getbyte(); wordop = c & 1; ua_str(opmap1[c]); break; } break; case 's': /* Size override */ switch(subtype) { case 'a': addrsize = 48 - addrsize; c = getbyte(); wordop = c & 1; ua_str(opmap1[c]); /* ua_str(opmap1[getbyte()]); */ break; case 'o': opsize = 48 - opsize; c = getbyte(); wordop = c & 1; ua_str(opmap1[c]); /* ua_str(opmap1[getbyte()]); */ break; } break; } }
void do_modrm(char t) { int m = mod(modrm()); int r = rm(modrm()); int extend = (addrsize == 32) ? 4 : 2; if (m == 3) { reg_name(r, t); return; } switch(bytes(t)) { case 1 : ua_str("byte ptr "); break; case 2 : ua_str("word ptr "); break; case 4 : ua_str("dword ptr "); break; default : ua_str("?word ptr "); break; } if ((m == 0) && (r == 5) && (addrsize == 32)) { ua_str("%p:["); ohex('d', extend, 0, addrsize); uprintf("%c",']'); return; } if ((m == 0) && (r == 6) && (addrsize == 16)) { ua_str("%p:["); ohex('w', extend, 0, addrsize); uprintf("%c",']'); return; } if ((addrsize != 32) || (r != 4)) ua_str("%p:["); if (addrsize == 16) { switch (r) { case 0: uprintf("bx+si"); break; case 1: uprintf("bx+di"); break; case 2: uprintf("bp+si"); break; case 3: uprintf("bp+di"); break; case 4: uprintf("si"); break; case 5: uprintf("di"); break; case 6: uprintf("bp"); break; case 7: uprintf("bx"); break; } } else { switch (r) { case 0: uprintf("eax"); break; case 1: uprintf("ecx"); break; case 2: uprintf("edx"); break; case 3: uprintf("ebx"); break; case 4: do_sib(m); break; case 5: uprintf("ebp"); break; case 6: uprintf("esi"); break; case 7: uprintf("edi"); break; } } switch (m) { case 1: ohex('b', extend, 1, addrsize); break; case 2: uprintf("+"); ohex('v', extend, 1, addrsize); break; } uprintf("%c",']'); }
static void percent(char c, char t) { word32 vofs; long l; int extend = (addrsize == 32) ? 4 : 2; switch (c) { case 'A': ohex(t, extend, 0, addrsize); break; case 'C': uprintf("C%d", reg(modrm())); break; case 'D': uprintf("D%d", reg(modrm())); break; case 'E': do_modrm(t); break; case 'G': if (t == 'F') reg_name(rm(modrm()), t); else reg_name(reg(modrm()), t); break; case 'I': ohex(t, 0, 0, opsize); break; case 'J': switch (bytes(t)) { case 1: vofs = (int8)getbyte(); break; case 2: vofs = getbyte(); vofs += getbyte()<<8; vofs = (int16)vofs; break; case 4: vofs = (word32)getbyte(); vofs |= (word32)getbyte() << 8; vofs |= (word32)getbyte() << 16; vofs |= (word32)getbyte() << 24; break; } l=vofs+codeoff; if(l<0x10000L) uprintf("%s%04lx%s %c", hex1, l, hex2, (vofs & 0x80000000L) ? 0x18 : 0x19); else uprintf("%s%08lX%s %c", hex1, l, hex2, (vofs & 0x80000000L) ? 0x18 : 0x19); break; case 'M': do_modrm(t); break; case 'O': ua_str("%p:["); ohex(t, extend, 0, addrsize); uprintf("%c",']'); break; case 'R': reg_name(reg(modrm()), t); //do_modrm(t); break; case 'S': uprintf("%c","ecsdfg"[reg(modrm())]); uprintf("%c",'s'); break; case 'T': uprintf("tr%d", reg(modrm())); break; case 'X': uprintf("ds:["); if (addrsize == 32) uprintf("%c",'e'); uprintf("si]"); break; case 'Y': uprintf("es:["); if (addrsize == 32) uprintf("%c",'e'); uprintf("di]"); break; case '2': ua_str(second[getbyte()]); break; case 'e': if (opsize == 32) { if (t == 'w') uprintf("%c",'d'); else { uprintf("%c",'e'); uprintf("%c",t); } } else uprintf("%c",t); break; case 'f': floating_point(t-'0'); break; case 'g': ua_str(groups[t-'0'][reg(modrm())]); break; case 'p': switch (t) { case 'c': case 'd': case 'e': case 'f': case 'g': case 's': prefix = t; ua_str(opmap1[getbyte()]); break; case ':': if (prefix) uprintf("%cs:", prefix); break; case ' ': ua_str(opmap1[getbyte()]); break; } break; case 's': switch (t) { case 'a': addrsize = 48 - addrsize; ua_str(opmap1[getbyte()]); break; case 'o': opsize = 48 - opsize; ua_str(opmap1[getbyte()]); break; } break; } }
/*------------------------------------------------------------------------*/ static void do_modrm(char subtype) { int mod = MOD(modrm()); int rm = RM(modrm()); int extend = (addrsize == 32) ? 4 : 2; if (mod == 3) { /* specifies two registers */ reg_name(rm, subtype); return; } if (must_do_size) { if (wordop) { if (addrsize==32 || opsize==32) { /* then must specify size */ ua_str("dword ptr "); } else { ua_str("word ptr "); } } else { ua_str("byte ptr "); } } if ((mod == 0) && (rm == 5) && (addrsize == 32)) {/* mem operand with 32 bit ofs */ ua_str("%p:["); outhex('d', extend, 0, addrsize, 0); uputchar(']'); return; } if ((mod == 0) && (rm == 6) && (addrsize == 16)) { /* 16 bit dsplcmnt */ ua_str("%p:["); outhex('w', extend, 0, addrsize, 0); uputchar(']'); return; } if ((addrsize != 32) || (rm != 4)) ua_str("%p:["); if (addrsize == 16) { switch (rm) { case 0: uprintf("bx+si"); break; case 1: uprintf("bx+di"); break; case 2: uprintf("bp+si"); break; case 3: uprintf("bp+di"); break; case 4: uprintf("si"); break; case 5: uprintf("di"); break; case 6: uprintf("bp"); break; case 7: uprintf("bx"); break; } } else { switch (rm) { case 0: uprintf("eax"); break; case 1: uprintf("ecx"); break; case 2: uprintf("edx"); break; case 3: uprintf("ebx"); break; case 4: do_sib(mod); break; case 5: uprintf("ebp"); break; case 6: uprintf("esi"); break; case 7: uprintf("edi"); break; } } switch (mod) { case 1: outhex('b', extend, 1, addrsize, 0); break; case 2: outhex('v', extend, 1, addrsize, 1); break; } uputchar(']'); }