static void add_read_operands(xed_dot_graph_supp_t* gg, xed_decoded_inst_t* xedd, xed_dot_node_t* n) { xed_uint_t i, noperands; xed_reg_enum_t r; const xed_inst_t* xi = 0; xed_bool_t found = 0; xi = xed_decoded_inst_inst(xedd); noperands = xed_inst_noperands(xi); for( i=0; i < noperands ; i++) { int memop = -1; const xed_operand_t* op = xed_inst_operand(xi,i); xed_operand_enum_t opname = xed_operand_name(op); if (xed_operand_is_register(opname) || xed_operand_is_memory_addressing_register(opname)) { if (xed_operand_read(op)) { /* add edge to n */ r = xed_decoded_inst_get_reg(xedd, opname); found |= add_edge(gg, n, r, XED_DOT_EDGE_SOLID); } continue; } if (opname == XED_OPERAND_MEM0) memop = 0; else if (opname == XED_OPERAND_MEM1 ) memop = 1; if (memop != -1) { /* get reads of base/index regs, if any */ xed_reg_enum_t base, indx; base = xed_decoded_inst_get_base_reg(xedd,memop); indx = xed_decoded_inst_get_index_reg(xedd,memop); if (base != XED_REG_INVALID) found |= add_edge(gg, n, base, XED_DOT_EDGE_SOLID); indx = xed_decoded_inst_get_index_reg(xedd,memop); if (indx != XED_REG_INVALID) found |= add_edge(gg, n, indx, XED_DOT_EDGE_SOLID); } } /* for */ if (!found) { /* add an edge from start */ xed_dot_edge(gg->g, gg->start, n, XED_DOT_EDGE_SOLID); } }
void print_operands(xed_decoded_inst_t* xedd) { unsigned int i = 0; xed_inst_t const* const xi = xed_decoded_inst_inst(xedd); const unsigned int noperands = xed_inst_noperands(xi); for( i=0; i < noperands ; i++) { xed_operand_t const* op = xed_inst_operand(xi,i); xed_operand_enum_t op_name = xed_operand_name(op); if (xed_operand_is_register(op_name)) { xed_reg_enum_t reg = xed_decoded_inst_get_reg(xedd,op_name); xed_operand_action_enum_t rw = xed_operand_rw(op); printf("%2d: %5s %5s\n", i, xed_reg_enum_t2str(reg), xed_operand_action_enum_t2str(rw)); } } }
unwind_interval * process_and(xed_decoded_inst_t *xptr, const xed_inst_t *xi, interval_arg_t *iarg, mem_alloc m_alloc) { unwind_interval *next = iarg->current; const xed_operand_t* op0 = xed_inst_operand(xi,0); xed_operand_enum_t op0_name = xed_operand_name(op0); if (op0_name == XED_OPERAND_REG0) { xed_reg_enum_t reg0 = xed_decoded_inst_get_reg(xptr, op0_name); if (x86_isReg_SP(reg0) && UWI_RECIPE(iarg->current)->bp_status != BP_UNCHANGED) { //----------------------------------------------------------------------- // we are adjusting the stack pointer via 'and' instruction //----------------------------------------------------------------------- next = new_ui(iarg->ins + xed_decoded_inst_get_length(xptr), RA_BP_FRAME, UWI_RECIPE(iarg->current)->sp_ra_pos, UWI_RECIPE(iarg->current)->bp_ra_pos, UWI_RECIPE(iarg->current)->bp_status, UWI_RECIPE(iarg->current)->sp_bp_pos, UWI_RECIPE(iarg->current)->bp_bp_pos, iarg->current, m_alloc); } } return next; }
static PyObject *get_reg(instruction_t *self, PyObject *args) { int i; xed_decoded_inst_t *decoded_inst; xed_reg_enum_t reg; PyObject *r = NULL; if(PyArg_ParseTuple(args, "i", &i) == 0) goto _err; decoded_inst = self->decoded_inst; if(i <= XED_OPERAND_INVALID || i >= XED_OPERAND_LAST) { PyErr_SetString(PyExc_ValueError, "Invalid register"); goto _err; } reg = xed_decoded_inst_get_reg(decoded_inst, i); r = PyInt_FromLong(reg); _err: return r; }
unwind_interval * process_addsub(xed_decoded_inst_t *xptr, const xed_inst_t *xi, interval_arg_t *iarg) { highwatermark_t *hw_tmp = &(iarg->highwatermark); unwind_interval *next = iarg->current; const xed_operand_t* op0 = xed_inst_operand(xi,0); const xed_operand_t* op1 = xed_inst_operand(xi,1); xed_operand_enum_t op0_name = xed_operand_name(op0); if (op0_name == XED_OPERAND_REG0) { xed_reg_enum_t reg0 = xed_decoded_inst_get_reg(xptr, op0_name); if (x86_isReg_SP(reg0)) { //----------------------------------------------------------------------- // we are adjusting the stack pointer //----------------------------------------------------------------------- if (xed_operand_name(op1) == XED_OPERAND_IMM0) { int sign = (iclass_eq(xptr, XED_ICLASS_ADD)) ? -1 : 1; long immedv = sign * xed_decoded_inst_get_signed_immediate(xptr); ra_loc istatus = iarg->current->ra_status; if ((istatus == RA_STD_FRAME) && (immedv > 0) && (hw_tmp->state & HW_SP_DECREMENTED)) { //------------------------------------------------------------------- // if we are in a standard frame and we see a second subtract, // it is time to convert interval to a BP frame to minimize // the chance we get the wrong offset for the return address // in a routine that manipulates SP frequently (as in // leapfrog_mod_leapfrog_ in the SPEC CPU2006 benchmark // 459.GemsFDTD, when compiled with PGI 7.0.3 with high levels // of optimization). // // 9 December 2007 -- John Mellor-Crummey //------------------------------------------------------------------- } next = new_ui(iarg->ins + xed_decoded_inst_get_length(xptr), istatus, iarg->current->sp_ra_pos + immedv, iarg->current->bp_ra_pos, iarg->current->bp_status, iarg->current->sp_bp_pos + immedv, iarg->current->bp_bp_pos, iarg->current); if (immedv > 0) { if (HW_TEST_STATE(hw_tmp->state, 0, HW_SP_DECREMENTED)) { //----------------------------------------------------------------- // set the highwatermark and canonical interval upon seeing // the FIRST subtract from SP; take no action on subsequent // subtracts. // // test case: main in SPEC CPU2006 benchmark 470.lbm // contains multiple subtracts from SP when compiled with // PGI 7.0.3 with high levels of optimization. the first // subtract from SP is to set up the frame; subsequent ones // are to reserve space for arguments passed to functions. // // 9 December 2007 -- John Mellor-Crummey //----------------------------------------------------------------- hw_tmp->uwi = next; hw_tmp->succ_inst_ptr = iarg->ins + xed_decoded_inst_get_length(xptr); hw_tmp->state = HW_NEW_STATE(hw_tmp->state, HW_SP_DECREMENTED); iarg->canonical_interval = next; } } } else { if (iarg->current->ra_status != RA_BP_FRAME){ //------------------------------------------------------------------- // no immediate in add/subtract from stack pointer; switch to // BP_FRAME // // 9 December 2007 -- John Mellor-Crummey //------------------------------------------------------------------- next = new_ui(iarg->ins + xed_decoded_inst_get_length(xptr), RA_BP_FRAME, iarg->current->sp_ra_pos, iarg->current->bp_ra_pos, iarg->current->bp_status, iarg->current->sp_bp_pos, iarg->current->bp_bp_pos, iarg->current); iarg->bp_frames_found = true; } } } } return next; }
/* This is the central function Given a memory address, reads a bunch of memory bytes and calls the disassembler to obtain the information Then it stores the information into the eh EntryHeader */ void decode_address(uint32_t address, EntryHeader *eh, int ignore_taint) { unsigned char insn_buf[MAX_INSN_BYTES]; unsigned int is_stackpush = 0, is_stackpop = 0; unsigned int stackpushpop_acc = 0; if (xed2chris_regmapping[XED_REG_EAX][0] == 0) { init_xed2chris(); assert(xed2chris_regmapping[XED_REG_EAX][0] != 0); } /* Read memory from TEMU */ TEMU_read_mem(address, MAX_INSN_BYTES, insn_buf); /* Disassemble instruction buffer */ xed_decoded_inst_zero_set_mode(&xedd, &dstate); xed_error_enum_t xed_error = xed_decode(&xedd, STATIC_CAST(const xed_uint8_t*,insn_buf), MAX_INSN_BYTES); xed_bool_t okay = (xed_error == XED_ERROR_NONE); if (!okay) return; // Increase counters tstats.insn_counter_decoded++; int i; /* Clear out Entry header */ memset(eh, 0, sizeof(EntryHeader)); /* Copy the address and instruction size */ eh->address = address; eh->inst_size = xed_decoded_inst_get_length(&xedd); if (eh->inst_size > MAX_INSN_BYTES) eh->inst_size = MAX_INSN_BYTES; /* Copy instruction rawbytes */ memcpy(eh->rawbytes, insn_buf, eh->inst_size); /* Get the number of XED operands */ const xed_inst_t* xi = xed_decoded_inst_inst(&xedd); int xed_ops = xed_inst_noperands(xi); int op_idx = -1; /* Get the category of the instruction */ xed_category_enum_t category = xed_decoded_inst_get_category(&xedd); /* Iterate over the XED operands */ for(i = 0; i < xed_ops; i++) { if(op_idx >= MAX_NUM_OPERANDS) break; //assert(op_idx < MAX_NUM_OPERANDS); /* Get operand */ const xed_operand_t* op = xed_inst_operand(xi,i); xed_operand_enum_t op_name = xed_operand_name(op); switch(op_name) { /* Register */ case XED_OPERAND_REG0: case XED_OPERAND_REG1: case XED_OPERAND_REG2: case XED_OPERAND_REG3: case XED_OPERAND_REG4: case XED_OPERAND_REG5: case XED_OPERAND_REG6: case XED_OPERAND_REG7: case XED_OPERAND_REG8: case XED_OPERAND_REG9: case XED_OPERAND_REG10: case XED_OPERAND_REG11: case XED_OPERAND_REG12: case XED_OPERAND_REG13: case XED_OPERAND_REG14: case XED_OPERAND_REG15: { xed_reg_enum_t reg_id = xed_decoded_inst_get_reg(&xedd, op_name); int regnum = xed2chris_regmapping[reg_id][1]; // Special handling for Push if (reg_id == XED_REG_STACKPUSH) is_stackpush = 1; else if (reg_id == XED_REG_STACKPOP) is_stackpop = 1; if (-1 == regnum) break; else { op_idx++; eh->num_operands++; eh->operand[op_idx].type = TRegister; eh->operand[op_idx].addr = xed2chris_regmapping[reg_id][0]; eh->operand[op_idx].length = (uint8_t) xed_decoded_inst_operand_length (&xedd, i); eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); eh->operand[op_idx].value = TEMU_cpu_regs[regnum]; switch (eh->operand[op_idx].addr) { case ax_reg: case bx_reg: case cx_reg: case dx_reg: case bp_reg: case sp_reg: case si_reg: case di_reg: eh->operand[op_idx].value &= 0xFFFF; break; case al_reg: case bl_reg: case cl_reg: case dl_reg: eh->operand[op_idx].value &= 0xFF; break; case ah_reg: case bh_reg: case ch_reg: case dh_reg: eh->operand[op_idx].value = (eh->operand[i].value & 0xFF00) >> 8; break; default: break; } } if (ignore_taint == 0) set_operand_data(&(eh->operand[op_idx])); break; } /* Immediate */ case XED_OPERAND_IMM0: { op_idx++; eh->num_operands++; eh->operand[op_idx].type = TImmediate; eh->operand[op_idx].length = (uint8_t) xed_decoded_inst_operand_length (&xedd, i); eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); //xed_uint_t width = xed_decoded_inst_get_immediate_width(&xedd); if (xed_decoded_inst_get_immediate_is_signed(&xedd)) { xed_int32_t signed_imm_val = xed_decoded_inst_get_signed_immediate(&xedd); eh->operand[op_idx].value = (uint32_t) signed_imm_val; } else { xed_uint64_t unsigned_imm_val = xed_decoded_inst_get_unsigned_immediate(&xedd); eh->operand[op_idx].value = (uint32_t) unsigned_imm_val; } break; break; } /* Special immediate only used in ENTER instruction */ case XED_OPERAND_IMM1: { op_idx++; eh->num_operands++; eh->operand[op_idx].type = TImmediate; eh->operand[op_idx].length = (uint8_t) xed_decoded_inst_operand_length (&xedd, i); eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); xed_uint8_t unsigned_imm_val = xed_decoded_inst_get_second_immediate(&xedd); eh->operand[op_idx].value = (uint32_t) unsigned_imm_val; break; } /* Memory */ case XED_OPERAND_AGEN: case XED_OPERAND_MEM0: case XED_OPERAND_MEM1: { unsigned long base = 0; unsigned long index = 0; unsigned long scale = 1; unsigned long segbase = 0; unsigned short segsel = 0; unsigned long displacement = 0; unsigned int j; size_t remaining = 0; /* Set memory index */ int mem_idx = 0; if (op_name == XED_OPERAND_MEM1) mem_idx = 1; unsigned int memlen = xed_decoded_inst_operand_length (&xedd, i); for (j = 0; j < memlen; j+=4) { /* Initialization */ base = 0; index = 0; scale = 1; segbase = 0; segsel = 0; displacement = 0; remaining = memlen - j; op_idx++; if(op_idx >= MAX_NUM_OPERANDS) break; //assert(op_idx < MAX_NUM_OPERANDS); eh->num_operands++; eh->operand[op_idx].type = TMemLoc; eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); eh->operand[op_idx].length = remaining > 4 ? 4 : (uint8_t) remaining; // Get Segment register xed_reg_enum_t seg_regid = xed_decoded_inst_get_seg_reg(&xedd,mem_idx); if (seg_regid != XED_REG_INVALID) { const xed_operand_values_t *xopv = xed_decoded_inst_operands_const(&xedd); xed_bool_t default_segment = xed_operand_values_using_default_segment (xopv,mem_idx); if (!default_segment) { eh->num_operands++; int segmentreg = xed2chris_regmapping[seg_regid][0] - 100; segbase = TEMU_cpu_segs[segmentreg].base; segsel = TEMU_cpu_segs[segmentreg].selector; eh->memregs[op_idx][0].type = TRegister; eh->memregs[op_idx][0].length = 2; eh->memregs[op_idx][0].addr = xed2chris_regmapping[seg_regid][0]; eh->memregs[op_idx][0].access = (uint8_t) XED_OPERAND_ACTION_R; eh->memregs[op_idx][0].value = segsel; eh->memregs[op_idx][0].usage = memsegment; if (ignore_taint == 0) set_operand_data(&(eh->memregs[op_idx][0])); int dt; if (segsel & 0x4) // ldt dt = TEMU_cpu_ldt->base; else //gdt dt = TEMU_cpu_gdt->base; segsel = segsel >> 3; unsigned long segent = dt + 8 * segsel; unsigned char segdes[8]; TEMU_read_mem(segent, 8, segdes); #if 0 // debugging code to double check segbase value unsigned long segbasenew = segdes[2] + segdes[3] * 256 + segdes[4] * 256 * 256 + segdes[7] * 256 * 256 * 256; if (segbase != segbasenew) { term_printf("segbase unexpected: 0x%08lX v.s 0x%08lX\n", segbase, segbasenew); } #endif /* Segment descriptor is stored as a memory operand */ eh->num_operands+=2; eh->memregs[op_idx][3].type = TMemLoc; eh->memregs[op_idx][3].length = 4; eh->memregs[op_idx][3].addr = segent; eh->memregs[op_idx][3].access = (uint8_t) XED_OPERAND_ACTION_INVALID; eh->memregs[op_idx][3].value = *(uint32_t *) segdes; eh->memregs[op_idx][3].tainted = 0; eh->memregs[op_idx][3].usage = memsegent0; eh->memregs[op_idx][4].type = TMemLoc; eh->memregs[op_idx][4].length = 4; eh->memregs[op_idx][4].addr = segent + 4; eh->memregs[op_idx][4].access = (uint8_t) XED_OPERAND_ACTION_INVALID; eh->memregs[op_idx][4].value = *(uint32_t *) (segdes + 4); eh->memregs[op_idx][4].tainted = 0; eh->memregs[op_idx][4].usage = memsegent1; } } // Get Base register xed_reg_enum_t base_regid = xed_decoded_inst_get_base_reg(&xedd,mem_idx); if (base_regid != XED_REG_INVALID) { eh->num_operands++; int basereg = xed2chris_regmapping[base_regid][1]; base = TEMU_cpu_regs[basereg]; eh->memregs[op_idx][1].type = TRegister; eh->memregs[op_idx][1].addr = xed2chris_regmapping[base_regid][0]; eh->memregs[op_idx][1].length = 4; eh->memregs[op_idx][1].access = (uint8_t) XED_OPERAND_ACTION_R; eh->memregs[op_idx][1].value = base; eh->memregs[op_idx][1].usage = membase; if (ignore_taint == 0) set_operand_data(&(eh->memregs[op_idx][1])); } // Get Index register and Scale xed_reg_enum_t index_regid = xed_decoded_inst_get_index_reg(&xedd,mem_idx); if (mem_idx == 0 && index_regid != XED_REG_INVALID) { eh->num_operands++; int indexreg = xed2chris_regmapping[index_regid][1]; index = TEMU_cpu_regs[indexreg]; eh->memregs[op_idx][2].type = TRegister; eh->memregs[op_idx][2].addr = xed2chris_regmapping[index_regid][0]; eh->memregs[op_idx][2].length = 4; eh->memregs[op_idx][2].access = (uint8_t) XED_OPERAND_ACTION_R; eh->memregs[op_idx][2].value = index; eh->memregs[op_idx][2].usage = memindex; if (ignore_taint == 0) set_operand_data(&(eh->memregs[op_idx][2])); // Get Scale (AKA width) (only have a scale if the index exists) if (xed_decoded_inst_get_scale(&xedd,i) != 0) { scale = (unsigned long) xed_decoded_inst_get_scale(&xedd,mem_idx); } } // Get displacement (AKA offset) displacement = (unsigned long) xed_decoded_inst_get_memory_displacement (&xedd,mem_idx); // Fix displacement for: // 1) Any instruction that pushes into the stack, since ESP is // decremented before memory operand is written using ESP. // Affects: ENTER,PUSH,PUSHA,PUSHF,CALL if (is_stackpush) { stackpushpop_acc += eh->operand[op_idx].length; displacement = displacement - stackpushpop_acc -j; } // 2) Pop instructions where the // destination operand is a memory location that uses ESP // as base or index register. // The pop operations increments ESP and the written memory // location address needs to be adjusted. // Affects: pop (%esp) else if ((category == XED_CATEGORY_POP) && (!is_stackpop)) { if ((eh->memregs[op_idx][1].addr == esp_reg) || (eh->memregs[op_idx][2].addr == esp_reg)) { displacement = displacement + eh->operand[op_idx].length; } } // Calculate memory address accessed eh->operand[op_idx].addr = j + segbase + base + index * scale + displacement; // Special handling for LEA instructions if (op_name == XED_OPERAND_AGEN) { eh->operand[op_idx].type = TMemAddress; eh->operand[op_idx].length = 4; has_page_fault = 0; // LEA won't trigger page fault } else { has_page_fault = TEMU_read_mem(eh->operand[op_idx].addr, (int)(eh->operand[op_idx].length), (uint8_t *)&(eh->operand[op_idx].value)); } // Check if instruction accesses user memory // kernel_mem_start defined in shared/read_linux.c if ((eh->operand[op_idx].addr < kernel_mem_start) && (op_name != XED_OPERAND_AGEN)) { access_user_mem = 1; } if (ignore_taint == 0) set_operand_data(&(eh->operand[op_idx])); } break; } /* Jumps */ case XED_OPERAND_PTR: // pointer (always in conjunction with a IMM0) case XED_OPERAND_RELBR: { // branch displacements xed_uint_t disp = xed_decoded_inst_get_branch_displacement(&xedd); /* Displacement is from instruction end */ /* Adjust displacement with instruction size */ disp = disp + eh->inst_size; op_idx++; eh->num_operands++; eh->operand[op_idx].type = TJump; eh->operand[op_idx].length = 4; eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); eh->operand[op_idx].value = disp; break; } /* Floating point registers */ case XED_REG_X87CONTROL: case XED_REG_X87STATUS: case XED_REG_X87TOP: case XED_REG_X87TAG: case XED_REG_X87PUSH: case XED_REG_X87POP: case XED_REG_X87POP2: op_idx++; eh->num_operands++; eh->operand[op_idx].type = TFloatRegister; eh->operand[op_idx].length = 4; eh->operand[op_idx].access = (uint8_t) xed_operand_rw (op); default: break; } }
void print_operands(xed_decoded_inst_t* xedd) { unsigned int i, noperands; cout << "Operands" << endl; const xed_inst_t* xi = xed_decoded_inst_inst(xedd); noperands = xed_inst_noperands(xi); for( i=0; i < noperands ; i++) { const xed_operand_t* op = xed_inst_operand(xi,i); xed_operand_enum_t op_name = xed_operand_name(op); cout << i << " " << xed_operand_enum_t2str(op_name) << " "; switch(op_name) { case XED_OPERAND_AGEN: case XED_OPERAND_MEM0: case XED_OPERAND_MEM1: // we print memops in a different function break; case XED_OPERAND_PTR: // pointer (always in conjunction with a IMM0) case XED_OPERAND_RELBR: { // branch displacements xed_uint_t disp_bits = xed_decoded_inst_get_branch_displacement_width(xedd); if (disp_bits) { //cout << "BRANCH_DISPLACEMENT_BYTES= " << disp_bits << " "; xed_int32_t disp = xed_decoded_inst_get_branch_displacement(xedd); //cout << hex << setfill('0') << setw(8) << disp << setfill(' ') << dec; } } break; case XED_OPERAND_IMM0: { // immediates xed_uint_t width = xed_decoded_inst_get_immediate_width(xedd); if (xed_decoded_inst_get_immediate_is_signed(xedd)) { xed_int32_t x =xed_decoded_inst_get_signed_immediate(xedd); //cout << hex << setfill('0') << setw(8) << x << setfill(' ') << dec // << '(' << width << ')'; } else { xed_uint64_t x = xed_decoded_inst_get_unsigned_immediate(xedd); //cout << hex << setfill('0') << setw(16) << x << setfill(' ') << dec // << '(' << width << ')'; } break; } case XED_OPERAND_IMM1: { // immediates xed_uint8_t x = xed_decoded_inst_get_second_immediate(xedd); //cout << hex << setfill('0') << setw(2) << (int)x << setfill(' ') << dec; break; } case XED_OPERAND_REG0: case XED_OPERAND_REG1: case XED_OPERAND_REG2: case XED_OPERAND_REG3: case XED_OPERAND_REG4: case XED_OPERAND_REG5: case XED_OPERAND_REG6: case XED_OPERAND_REG7: case XED_OPERAND_REG8: case XED_OPERAND_REG9: case XED_OPERAND_REG10: case XED_OPERAND_REG11: case XED_OPERAND_REG12: case XED_OPERAND_REG13: case XED_OPERAND_REG14: case XED_OPERAND_REG15: { xed_reg_enum_t r = xed_decoded_inst_get_reg(xedd, op_name); cout << xed_operand_enum_t2str(op_name) << "=" << xed_reg_enum_t2str(r); break; } default: //cout << "[Not currently printing value of field " << xed_operand_enum_t2str(op_name) << ']'; break; } //cout << " " << xed_operand_visibility_enum_t2str(xed_operand_operand_visibility(op)) // << " / " << xed_operand_action_enum_t2str(xed_operand_rw(op)) // << " / " << xed_operand_width_enum_t2str(xed_operand_width(op)); //cout << " bytes=" << xed_decoded_inst_operand_length(xedd,i); //cout << endl; } }
void OfflineX86Code::disasm(FILE* file, TCA fileStartAddr, TCA codeStartAddr, uint64_t codeLen, const PerfEventsMap<TCA>& perfEvents, BCMappingInfo bcMappingInfo, bool printAddr /* =true */, bool printBinary /* =false */) { char codeStr[MAX_INSTR_ASM_LEN]; xed_uint8_t* code = (xed_uint8_t*) alloca(codeLen); xed_uint8_t* frontier; TCA ip; TCA r10val = 0; size_t currBC = 0; if (codeLen == 0) return; auto const offset = codeStartAddr - fileStartAddr; if (fseek(file, offset, SEEK_SET)) { error("disasm error: seeking file"); } size_t readLen = fread(code, codeLen, 1, file); if (readLen != 1) { error("Failed to read {} bytes at offset {} from code file due to {}", codeLen, offset, feof(file) ? "EOF" : "read error"); } xed_decoded_inst_t xedd; // Decode and print each instruction for (frontier = code, ip = codeStartAddr; frontier < code + codeLen; ) { xed_decoded_inst_zero_set_mode(&xedd, &xed_state); xed_decoded_inst_set_input_chip(&xedd, XED_CHIP_INVALID); xed_error_enum_t xed_error = xed_decode(&xedd, frontier, 15); if (xed_error != XED_ERROR_NONE) break; // Get disassembled instruction in codeStr if (!xed_format_context(xed_syntax, &xedd, codeStr, MAX_INSTR_ASM_LEN, (uint64_t)ip, nullptr #if XED_ENCODE_ORDER_MAX_ENTRIES != 28 // Newer version of XED library , 0 #endif )) { error("disasm error: xed_format_context failed"); } // Annotate the x86 with its bytecode. currBC = printBCMapping(bcMappingInfo, currBC, (TCA)ip); if (printAddr) printf("%14p: ", ip); uint32_t instrLen = xed_decoded_inst_get_length(&xedd); if (printBinary) { uint32_t i; for (i=0; i < instrLen; i++) { printf("%02X", frontier[i]); } for (; i < 16; i++) { printf(" "); } } // For calls, we try to figure out the destination symbol name. // We look both at relative branches and the pattern: // move r10, IMMEDIATE // call r10 xed_iclass_enum_t iclass = xed_decoded_inst_get_iclass(&xedd); string callDest = ""; if (iclass == XED_ICLASS_CALL_NEAR || iclass == XED_ICLASS_CALL_FAR) { const xed_inst_t *xi = xed_decoded_inst_inst(&xedd); always_assert(xed_inst_noperands(xi) >= 1); const xed_operand_t *opnd = xed_inst_operand(xi, 0); xed_operand_enum_t opndName = xed_operand_name(opnd); if (opndName == XED_OPERAND_RELBR) { if (xed_decoded_inst_get_branch_displacement_width(&xedd)) { xed_int32_t disp = xed_decoded_inst_get_branch_displacement(&xedd); TCA addr = ip + instrLen + disp; callDest = getSymbolName(addr); } } else if (opndName == XED_OPERAND_REG0) { if (xed_decoded_inst_get_reg(&xedd, opndName) == XED_REG_R10) { callDest = getSymbolName(r10val); } } } else if (iclass == XED_ICLASS_MOV) { // Look for moves into r10 and keep r10val updated const xed_inst_t* xi = xed_decoded_inst_inst(&xedd); always_assert(xed_inst_noperands(xi) >= 2); const xed_operand_t *destOpnd = xed_inst_operand(xi, 0); xed_operand_enum_t destOpndName = xed_operand_name(destOpnd); if (destOpndName == XED_OPERAND_REG0 && xed_decoded_inst_get_reg(&xedd, destOpndName) == XED_REG_R10) { const xed_operand_t *srcOpnd = xed_inst_operand(xi, 1); xed_operand_enum_t srcOpndName = xed_operand_name(srcOpnd); if (srcOpndName == XED_OPERAND_IMM0) { TCA addr = (TCA)xed_decoded_inst_get_unsigned_immediate(&xedd); r10val = addr; } } } if (!perfEvents.empty()) { printEventStats((TCA)ip, instrLen, perfEvents); } else { printf("%48s", ""); } printf("%s%s\n", codeStr, callDest.c_str()); frontier += instrLen; ip += instrLen; } }