/* * decode_ext() * * Decode opcode extensions (if any) */ static int decode_ext(struct ud *u, uint16_t ptr) { uint8_t idx = 0; if ((ptr & 0x8000) == 0) { return decode_insn(u, ptr); } u->le = &ud_lookup_table_list[(~0x8000 & ptr)]; if (u->le->type == UD_TAB__OPC_3DNOW) { return decode_3dnow(u); } switch (u->le->type) { case UD_TAB__OPC_MOD: /* !11 = 0, 11 = 1 */ idx = (MODRM_MOD(modrm(u)) + 1) / 4; break; /* disassembly mode/operand size/address size based tables. * 16 = 0,, 32 = 1, 64 = 2 */ case UD_TAB__OPC_MODE: idx = u->dis_mode / 32; break; case UD_TAB__OPC_OSIZE: idx = eff_opr_mode(u->dis_mode, REX_W(u->pfx_rex), u->pfx_opr) / 32; break; case UD_TAB__OPC_ASIZE: idx = eff_adr_mode(u->dis_mode, u->pfx_adr) / 32; break; case UD_TAB__OPC_X87: idx = modrm(u) - 0xC0; break; case UD_TAB__OPC_VENDOR: if (u->vendor == UD_VENDOR_ANY) { /* choose a valid entry */ idx = (u->le->table[idx] != 0) ? 0 : 1; } else if (u->vendor == UD_VENDOR_AMD) { idx = 0; } else { idx = 1; } break; case UD_TAB__OPC_RM: idx = MODRM_RM(modrm(u)); break; case UD_TAB__OPC_REG: idx = MODRM_REG(modrm(u)); break; case UD_TAB__OPC_SSE: return decode_ssepfx(u); default: assert(!"not reached"); break; } return decode_ext(u, u->le->table[idx]); }
int32_t emu_cpu_parse(struct emu_cpu *c) { if (c->repeat_current_instr == true) { return 0; } /* TODO make unstatic for threadsafety */ uint8_t byte; uint8_t *opcode; uint32_t ret; c->instr.prefixes = 0; // logDebug(c->emu,"decoding\n"); // emu_cpu_debug_print(c); uint8_t dis[32]; uint32_t readOk = emu_memory_read_block(c->mem,c->eip,dis,32); if(readOk != 0){ //dzzie 5.14.11 emu_strerror_set(c->emu,"emu_parse no memory found at 0x%x\n", c->eip); emu_errno_set(c->emu, EOPNOTSUPP); return -1; } uint32_t expected_instr_size = 0; if( CPU_DEBUG_FLAG_ISSET(c, instruction_string ) || CPU_DEBUG_FLAG_ISSET(c, instruction_size ) ) { expected_instr_size = dasm_print_instruction(c->eip,dis,0,c->instr_string); } uint32_t eip_before = c->eip; uint32_t eip_after = 0; /* reset the instruction source and track infos, maybe move to a fn and call the fn instead? */ c->instr.source.has_cond_pos = 0; /*c->instr.track.init.eflags = 0; memset(c->instr.track.init.reg, 0, sizeof(uint32_t) * 8); c->instr.track.init.fpu = 0; c->instr.track.need.eflags = 0; memset(c->instr.track.need.reg, 0, sizeof(uint32_t) * 8); c->instr.track.need.fpu = 0; */ while( 1 ) { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; c->cpu_instr_info = &ii_onebyte[byte]; if( c->cpu_instr_info->function == prefix_fn ) { c->instr.prefixes |= prefix_map[byte]; continue; } else { c->instr.opc = byte; if( c->cpu_instr_info->format.fpu_info == 0 ) { c->instr.is_fpu = 0; c->instr.cpu.opc = c->instr.opc; c->instr.cpu.prefixes = c->instr.prefixes; if( c->instr.cpu.opc == 0x0f ) { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; c->instr.cpu.opc_2nd = byte; opcode = &c->instr.cpu.opc_2nd; c->cpu_instr_info = &ii_twobyte[byte]; } else { opcode = &c->instr.cpu.opc; } if ( c->cpu_instr_info->function == 0 ) { if( c->instr.cpu.opc == 0x0f ) emu_strerror_set(c->emu,"opcode 0f %02x not supported\n", c->instr.cpu.opc_2nd); else emu_strerror_set(c->emu,"opcode %02x not supported\n", c->instr.cpu.opc); emu_errno_set(c->emu, EOPNOTSUPP); /* int y=0; for (y=0;y<expected_instr_size;y++) { printf("%02x ", dis[y]); } printf("\n"); */ return -1; } c->instr.cpu.w_bit = *opcode & 1; c->instr.cpu.s_bit = (*opcode >> 1) & 1; /* mod r/m byte? sib/disp */ if( c->cpu_instr_info->format.modrm_byte != 0 ) { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; c->instr.cpu.modrm.mod = MODRM_MOD(byte); c->instr.cpu.modrm.opc = MODRM_REGOPC(byte); c->instr.cpu.modrm.rm = MODRM_RM(byte); if( c->cpu_instr_info->format.modrm_byte == II_MOD_REG_RM || c->cpu_instr_info->format.modrm_byte == II_MOD_YYY_RM || c->cpu_instr_info->format.modrm_byte == II_XX_REG1_REG2) /* cases with possible sib/disp*/ { if( c->instr.cpu.modrm.mod != 3 ) { if( c->instr.cpu.modrm.rm != 4 && !(c->instr.cpu.modrm.mod == 0 && c->instr.cpu.modrm.rm == 5) ) { c->instr.cpu.modrm.ea = c->reg[c->instr.cpu.modrm.rm]; //TRACK_NEED_REG32(c->instr, c->instr.cpu.modrm.rm); } else c->instr.cpu.modrm.ea = 0; if( c->instr.cpu.modrm.rm == 4 ) /* sib byte present */ { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; c->instr.cpu.modrm.sib.base = SIB_BASE(byte); c->instr.cpu.modrm.sib.scale = SIB_SCALE(byte); c->instr.cpu.modrm.sib.index = SIB_INDEX(byte); if( c->instr.cpu.modrm.sib.base != 5 ) { c->instr.cpu.modrm.ea += c->reg[c->instr.cpu.modrm.sib.base]; //TRACK_NEED_REG32(c->instr, c->instr.cpu.modrm.sib.base); } else if( c->instr.cpu.modrm.mod != 0 ) { c->instr.cpu.modrm.ea += c->reg[ebp]; //TRACK_NEED_REG32(c->instr, ebp); } if( c->instr.cpu.modrm.sib.index != 4 ) { c->instr.cpu.modrm.ea += c->reg[c->instr.cpu.modrm.sib.index] * scalem[c->instr.cpu.modrm.sib.scale]; //TRACK_NEED_REG32(c->instr, c->instr.cpu.modrm.sib.index); } } if( c->instr.cpu.modrm.mod == 1 ) /* disp8 */ { ret = emu_memory_read_byte(c->mem, c->eip++, &c->instr.cpu.modrm.disp.s8); if( ret != 0 ) return ret; c->instr.cpu.modrm.ea += (int8_t)c->instr.cpu.modrm.disp.s8; } else if( c->instr.cpu.modrm.mod == 2 || (c->instr.cpu.modrm.mod == 0 && c->instr.cpu.modrm.rm == 5) ) /* disp32 */ { ret = emu_memory_read_dword(c->mem, c->eip, &c->instr.cpu.modrm.disp.s32); c->eip += 4; if( ret != 0 ) return ret; c->instr.cpu.modrm.ea += c->instr.cpu.modrm.disp.s32; } } } } /* */ c->instr.cpu.operand_size = 0; if( c->cpu_instr_info->format.imm_data == II_IMM8 || c->cpu_instr_info->format.disp_data == II_DISP8 ) c->instr.cpu.operand_size = OPSIZE_8; else if( c->cpu_instr_info->format.imm_data == II_IMM16 || c->cpu_instr_info->format.disp_data == II_DISP16 ) c->instr.cpu.operand_size = OPSIZE_16; else if( c->cpu_instr_info->format.imm_data == II_IMM32 || c->cpu_instr_info->format.disp_data == II_DISP32 ) c->instr.cpu.operand_size = OPSIZE_32; else if( c->cpu_instr_info->format.imm_data == II_IMM || c->cpu_instr_info->format.disp_data == II_DISPF || (c->cpu_instr_info->format.type && !c->instr.cpu.modrm.opc)) { if( c->cpu_instr_info->format.w_bit == 1 && c->instr.cpu.w_bit == 0 ) c->instr.cpu.operand_size = OPSIZE_8; else { if( c->instr.cpu.prefixes & PREFIX_OPSIZE ) c->instr.cpu.operand_size = OPSIZE_16; else c->instr.cpu.operand_size = OPSIZE_32; } } /* imm */ if( c->cpu_instr_info->format.imm_data != 0 || (c->cpu_instr_info->format.type && !c->instr.cpu.modrm.opc)) { if( c->instr.cpu.operand_size == OPSIZE_32 ) { ret = emu_memory_read_dword(c->mem, c->eip, &c->instr.cpu.imm); c->eip += 4; } else if( c->instr.cpu.operand_size == OPSIZE_8 ) { ret = emu_memory_read_byte(c->mem, c->eip++, c->instr.cpu.imm8); } else if( c->instr.cpu.operand_size == OPSIZE_16 ) { ret = emu_memory_read_word(c->mem, c->eip, c->instr.cpu.imm16); c->eip += 2; } if( ret != 0 ) return ret; } /* disp */ if( c->cpu_instr_info->format.disp_data != 0 ) { if( c->instr.cpu.operand_size == OPSIZE_32 ) { uint32_t disp32; ret = emu_memory_read_dword(c->mem, c->eip, &disp32); c->instr.cpu.disp = (int32_t)disp32; c->eip += 4; } else if( c->instr.cpu.operand_size == OPSIZE_16 ) { uint16_t disp16; ret = emu_memory_read_word(c->mem, c->eip, &disp16); c->instr.cpu.disp = (int16_t)disp16; c->eip += 2; } else if( c->instr.cpu.operand_size == OPSIZE_8 ) { uint8_t disp8; ret = emu_memory_read_byte(c->mem, c->eip++, &disp8); c->instr.cpu.disp = (int8_t)disp8; } if( ret != 0 ) return ret; } /* TODO level type ... */ } else /* fpu */ { /* this is a minimal parser without exact decomposition * into all fields. instead it determines the length of * the instruction and ignores pretty much everything else * except for a few explicitly implemented instructions. */ c->instr.is_fpu = 1; c->instr.fpu.prefixes = c->instr.prefixes; c->instr.fpu.fpu_data[0] = c->instr.opc; ret = emu_memory_read_byte(c->mem, c->eip++, &c->instr.fpu.fpu_data[1]); if( ret != 0 ) return ret; if( FPU_MOD(c->instr.fpu.fpu_data) != 3 ) /* intel pdf page 36 */ { /* trivial case, one register is ea */ if( FPU_RM(c->instr.fpu.fpu_data) != 4 && !(FPU_MOD(c->instr.fpu.fpu_data) == 0 && FPU_RM(c->instr.fpu.fpu_data) == 5) ) c->instr.fpu.ea = c->reg[FPU_RM(c->instr.fpu.fpu_data)]; else c->instr.fpu.ea = 0; /* sib byte */ if( FPU_RM(c->instr.fpu.fpu_data) == 4 ) { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; if( SIB_BASE(byte) != 5 ) { c->instr.fpu.ea += c->reg[SIB_BASE(byte)]; } else if( FPU_MOD(c->instr.fpu.fpu_data) != 0 ) { c->instr.fpu.ea += c->reg[ebp]; } if( SIB_INDEX(byte) != 4 ) { c->instr.fpu.ea += c->reg[SIB_INDEX(byte)] * scalem[SIB_SCALE(byte)]; } } /* modrm */ if( FPU_MOD(c->instr.fpu.fpu_data) == 1 ) { ret = emu_memory_read_byte(c->mem, c->eip++, &byte); if( ret != 0 ) return ret; c->instr.fpu.ea += (int8_t)byte; } else if( FPU_MOD(c->instr.fpu.fpu_data) == 2 || (FPU_MOD(c->instr.fpu.fpu_data) == 0 && FPU_RM(c->instr.fpu.fpu_data) == 5) ) { uint32_t dword; ret = emu_memory_read_dword(c->mem, c->eip, &dword); c->eip += 4; if( ret != 0 ) return ret; c->instr.fpu.ea += dword; } } /*c->instr.fpu.last_instr = c->last_fpu_instr;*/ c->last_fpu_instr[1] = c->last_fpu_instr[0]; c->last_fpu_instr[0] = eip_before; } // logDebug(c->emu,"\n"); eip_after = c->eip; if ( CPU_DEBUG_FLAG_ISSET(c, instruction_size ) && eip_after - eip_before != expected_instr_size) { logDebug(c->emu, "broken instr.cpu size %i %i\n", eip_after - eip_before, expected_instr_size); return -1; } /* the default normal position is behind the instruction, specific instructions as call jmp set their * norm position */ if ( c->instr.is_fpu == 0 ) { SOURCE_NORM_POS(c->instr, c->eip); } else { SOURCE_NORM_POS(c->instr, c->eip); } break; }
/* * decode_modrm_rm * * Decodes rm field of mod/rm byte * */ static void decode_modrm_rm(struct ud *u, struct ud_operand *op, unsigned char type, unsigned int size) { unsigned char mod, rm, reg; /* get mod, r/m and reg fields */ mod = MODRM_MOD(modrm(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(modrm(u)); reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(modrm(u)); op->size = resolve_operand_size(u, size); /* * If mod is 11b, then the modrm.rm specifies a register. * */ if (mod == 3) { op->type = UD_OP_REG; if (type == T_GPR) { op->base = decode_gpr(u, op->size, rm); } else { op->base = resolve_reg(u, type, (REX_B(u->pfx_rex) << 3) | (rm & 7)); } return; } /* * !11 => Memory Address */ op->type = UD_OP_MEM; if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 32; } else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; op->offset = 32; } else { op->offset = 0; } /* * Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { op->offset = 8; } else { op->offset = 32; } } } } else if (u->adr_mode == 32) { op->base = UD_R_EAX + rm; if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 32; } else if (mod == 0 && rm == 5) { op->base = UD_NONE; op->offset = 32; } else { op->offset = 0; } /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { op->offset = 8; } else { op->offset = 32; } } } } else { const unsigned int bases[] = { UD_R_BX, UD_R_BX, UD_R_BP, UD_R_BP, UD_R_SI, UD_R_DI, UD_R_BP, UD_R_BX }; const unsigned int indices[] = { UD_R_SI, UD_R_DI, UD_R_SI, UD_R_DI, UD_NONE, UD_NONE, UD_NONE, UD_NONE }; op->base = bases[rm & 7]; op->index = indices[rm & 7]; if (mod == 0 && rm == 6) { op->offset= 16; op->base = UD_NONE; } else if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 16; } } /* * extract offset, if any */ switch (op->offset) { case 8 : op->lval.ubyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; case 64: op->lval.uqword = inp_uint64(u); break; default: break; } }
/* * decode_modrm_rm * * Decodes rm field of mod/rm byte * */ static void decode_modrm_rm(struct ud *u, struct ud_operand *op, unsigned char type, /* register type */ unsigned int size) /* operand size */ { size_t offset = 0; unsigned char mod, rm; /* get mod, r/m and reg fields */ mod = MODRM_MOD(modrm(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(modrm(u)); /* * If mod is 11b, then the modrm.rm specifies a register. * */ if (mod == 3) { decode_reg(u, op, type, rm, size); return; } /* * !11b => Memory Address */ op->type = UD_OP_MEM; op->size = resolve_operand_size(u, size); if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; if (mod == 1) { offset = 8; } else if (mod == 2) { offset = 32; } else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; offset = 32; } else { offset = 0; } /* * Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { offset = 8; } else { offset = 32; } } } } else if (u->adr_mode == 32) { op->base = UD_R_EAX + rm; if (mod == 1) { offset = 8; } else if (mod == 2) { offset = 32; } else if (mod == 0 && rm == 5) { op->base = UD_NONE; offset = 32; } else { offset = 0; } /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { offset = 8; } else { offset = 32; } } } } else { const unsigned int bases[] = { UD_R_BX, UD_R_BX, UD_R_BP, UD_R_BP, UD_R_SI, UD_R_DI, UD_R_BP, UD_R_BX }; const unsigned int indices[] = { UD_R_SI, UD_R_DI, UD_R_SI, UD_R_DI, UD_NONE, UD_NONE, UD_NONE, UD_NONE }; op->base = bases[rm & 7]; op->index = indices[rm & 7]; if (mod == 0 && rm == 6) { offset = 16; op->base = UD_NONE; } else if (mod == 1) { offset = 8; } else if (mod == 2) { offset = 16; } } if (offset) { decode_mem_disp(u, offset, op); } }
/* ----------------------------------------------------------------------------- * decode_modrm() - Decodes ModRM Byte * ----------------------------------------------------------------------------- */ static void decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s, unsigned char rm_type, struct ud_operand *opreg, unsigned int reg_size, unsigned char reg_type) { unsigned char mod, rm, reg; inp_next(u); /* get mod, r/m and reg fields */ mod = MODRM_MOD(inp_curr(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u)); reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u)); op->size = (uint8_t) resolve_operand_size(u, s); /* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */ if (mod == 3) { op->type = UD_OP_REG; if (rm_type == T_GPR) op->base = decode_gpr(u, op->size, rm); else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7)); } /* else its memory addressing */ else { op->type = UD_OP_MEM; /* 64bit addressing */ if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 32-Bit addressing mode */ else if (u->adr_mode == 32) { /* get base */ op->base = UD_R_EAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && rm == 5) { op->base = UD_NONE; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 16bit addressing mode */ else { switch (rm) { case 0: op->base = UD_R_BX; op->index = UD_R_SI; break; case 1: op->base = UD_R_BX; op->index = UD_R_DI; break; case 2: op->base = UD_R_BP; op->index = UD_R_SI; break; case 3: op->base = UD_R_BP; op->index = UD_R_DI; break; case 4: op->base = UD_R_SI; break; case 5: op->base = UD_R_DI; break; case 6: op->base = UD_R_BP; break; case 7: op->base = UD_R_BX; break; } if (mod == 0 && rm == 6) { op->offset= 16; op->base = UD_NONE; } else if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 16; } } /* extract offset, if any */ switch(op->offset) { case 8 : op->lval.ubyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; default: break; } /* resolve register encoded in reg field */ if (opreg) { opreg->type = UD_OP_REG; opreg->size = (uint8_t)resolve_operand_size(u, reg_size); if (reg_type == T_GPR) opreg->base = decode_gpr(u, opreg->size, reg); else opreg->base = resolve_reg(u, reg_type, reg); } }
/* Searches the instruction tables for the right entry. */ static int search_itab( struct ud * u ) { struct ud_itab_entry * e = NULL; enum ud_itab_index table; uint8_t peek; uint8_t did_peek = 0; uint8_t curr; uint8_t index; /* if in state of error, return */ if ( u->error ) return -1; /* get first byte of opcode. */ inp_next(u); if ( u->error ) return -1; curr = inp_curr(u); /* resolve xchg, nop, pause crazyness */ if ( 0x90 == curr ) { if ( !( u->dis_mode == 64 && REX_B( u->pfx_rex ) ) ) { if ( u->pfx_rep ) { u->pfx_rep = 0; e = & ie_pause; } else { e = & ie_nop; } goto found_entry; } } /* get top-level table */ if ( 0x0F == curr ) { table = ITAB__0F; curr = inp_next(u); if ( u->error ) return -1; /* 2byte opcodes can be modified by 0x66, F3, and F2 prefixes */ if ( 0x66 == u->pfx_insn ) { if ( ud_itab_list[ ITAB__PFX_SSE66__0F ][ curr ].mnemonic != UD_Iinvalid ) { table = ITAB__PFX_SSE66__0F; u->pfx_opr = 0; } } else if ( 0xF2 == u->pfx_insn ) { if ( ud_itab_list[ ITAB__PFX_SSEF2__0F ][ curr ].mnemonic != UD_Iinvalid ) { table = ITAB__PFX_SSEF2__0F; u->pfx_repne = 0; } } else if ( 0xF3 == u->pfx_insn ) { if ( ud_itab_list[ ITAB__PFX_SSEF3__0F ][ curr ].mnemonic != UD_Iinvalid ) { table = ITAB__PFX_SSEF3__0F; u->pfx_repe = 0; u->pfx_rep = 0; } } /* pick an instruction from the 1byte table */ } else { table = ITAB__1BYTE; } index = curr; search: e = & ud_itab_list[ table ][ index ]; /* if mnemonic constant is a standard instruction constant * our search is over. */ if ( e->mnemonic < UD_Id3vil ) { if ( e->mnemonic == UD_Iinvalid ) { if ( did_peek ) { inp_next( u ); if ( u->error ) return -1; } goto found_entry; } goto found_entry; } table = e->prefix; switch ( e->mnemonic ) { case UD_Igrp_reg: peek = inp_peek( u ); did_peek = 1; index = MODRM_REG( peek ); break; case UD_Igrp_mod: peek = inp_peek( u ); did_peek = 1; index = MODRM_MOD( peek ); if ( index == 3 ) index = ITAB__MOD_INDX__11; else index = ITAB__MOD_INDX__NOT_11; break; case UD_Igrp_rm: curr = inp_next( u ); did_peek = 0; if ( u->error ) return -1; index = MODRM_RM( curr ); break; case UD_Igrp_x87: curr = inp_next( u ); did_peek = 0; if ( u->error ) return -1; index = curr - 0xC0; break; case UD_Igrp_osize: if ( u->opr_mode == 64 ) index = ITAB__MODE_INDX__64; else if ( u->opr_mode == 32 ) index = ITAB__MODE_INDX__32; else index = ITAB__MODE_INDX__16; break; case UD_Igrp_asize: if ( u->adr_mode == 64 ) index = ITAB__MODE_INDX__64; else if ( u->adr_mode == 32 ) index = ITAB__MODE_INDX__32; else index = ITAB__MODE_INDX__16; break; case UD_Igrp_mode: if ( u->dis_mode == 64 ) index = ITAB__MODE_INDX__64; else if ( u->dis_mode == 32 ) index = ITAB__MODE_INDX__32; else index = ITAB__MODE_INDX__16; break; case UD_Igrp_vendor: if ( u->vendor == UD_VENDOR_INTEL ) index = ITAB__VENDOR_INDX__INTEL; else if ( u->vendor == UD_VENDOR_AMD ) index = ITAB__VENDOR_INDX__AMD; /* else */ /* assert( !"unrecognized vendor id" ); */ break; case UD_Id3vil: /* assert( !"invalid instruction mnemonic constant Id3vil" ); */ break; default: /* assert( !"invalid instruction mnemonic constant" ); */ break; } goto search; found_entry: u->itab_entry = e; u->mnemonic = u->itab_entry->mnemonic; return 0; }