static void decode_reg(struct ud *u, struct ud_operand *opr, int type, int num, int size) { int reg; size = resolve_operand_size(u, size); switch (type) { case REGCLASS_GPR : reg = decode_gpr(u, size, num); break; case REGCLASS_MMX : reg = UD_R_MM0 + (num & 7); break; case REGCLASS_XMM : reg = UD_R_XMM0 + num; break; case REGCLASS_CR : reg = UD_R_CR0 + num; break; case REGCLASS_DB : reg = UD_R_DR0 + num; break; case REGCLASS_SEG : { /* * Only 6 segment registers, anything else is an error. */ if ((num & 7) > 5) { UDERR(u, "invalid segment register value\n"); return; } else { reg = UD_R_ES + (num & 7); } break; } default: UD_ASSERT(!"invalid register type"); return; } opr->type = UD_OP_REG; opr->base = reg; opr->size = size; }
/* * decode_modrm_reg * * Decodes reg field of mod/rm byte * */ static void decode_modrm_reg(struct ud *u, struct ud_operand *operand, unsigned int type, unsigned int size) { uint8_t reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(modrm(u)); operand->type = UD_OP_REG; operand->size = resolve_operand_size(u, size); if (type == T_GPR) { operand->base = decode_gpr(u, operand->size, reg); } else { operand->base = resolve_reg(u, type, reg); } }
/* * decode_modrm_rm * * Decodes rm field of mod/rm byte * */ static void decode_modrm_rm(struct ud *u, struct ud_operand *op, unsigned char type, unsigned int size) { unsigned char mod, rm, reg; /* get mod, r/m and reg fields */ mod = MODRM_MOD(modrm(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(modrm(u)); reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(modrm(u)); op->size = resolve_operand_size(u, size); /* * If mod is 11b, then the modrm.rm specifies a register. * */ if (mod == 3) { op->type = UD_OP_REG; if (type == T_GPR) { op->base = decode_gpr(u, op->size, rm); } else { op->base = resolve_reg(u, type, (REX_B(u->pfx_rex) << 3) | (rm & 7)); } return; } /* * !11 => Memory Address */ op->type = UD_OP_MEM; if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 32; } else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; op->offset = 32; } else { op->offset = 0; } /* * Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { op->offset = 8; } else { op->offset = 32; } } } } else if (u->adr_mode == 32) { op->base = UD_R_EAX + rm; if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 32; } else if (mod == 0 && rm == 5) { op->base = UD_NONE; op->offset = 32; } else { op->offset = 0; } /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) { op->base = UD_NONE; } if (mod == 1) { op->offset = 8; } else { op->offset = 32; } } } } else { const unsigned int bases[] = { UD_R_BX, UD_R_BX, UD_R_BP, UD_R_BP, UD_R_SI, UD_R_DI, UD_R_BP, UD_R_BX }; const unsigned int indices[] = { UD_R_SI, UD_R_DI, UD_R_SI, UD_R_DI, UD_NONE, UD_NONE, UD_NONE, UD_NONE }; op->base = bases[rm & 7]; op->index = indices[rm & 7]; if (mod == 0 && rm == 6) { op->offset= 16; op->base = UD_NONE; } else if (mod == 1) { op->offset = 8; } else if (mod == 2) { op->offset = 16; } } /* * extract offset, if any */ switch (op->offset) { case 8 : op->lval.ubyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; case 64: op->lval.uqword = inp_uint64(u); break; default: break; } }
/* ----------------------------------------------------------------------------- * decode_modrm() - Decodes ModRM Byte * ----------------------------------------------------------------------------- */ static void decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s, unsigned char rm_type, struct ud_operand *opreg, unsigned int reg_size, unsigned char reg_type) { unsigned char mod, rm, reg; inp_next(u); /* get mod, r/m and reg fields */ mod = MODRM_MOD(inp_curr(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u)); reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u)); op->size = (uint8_t) resolve_operand_size(u, s); /* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */ if (mod == 3) { op->type = UD_OP_REG; if (rm_type == T_GPR) op->base = decode_gpr(u, op->size, rm); else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7)); } /* else its memory addressing */ else { op->type = UD_OP_MEM; /* 64bit addressing */ if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 32-Bit addressing mode */ else if (u->adr_mode == 32) { /* get base */ op->base = UD_R_EAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && rm == 5) { op->base = UD_NONE; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 16bit addressing mode */ else { switch (rm) { case 0: op->base = UD_R_BX; op->index = UD_R_SI; break; case 1: op->base = UD_R_BX; op->index = UD_R_DI; break; case 2: op->base = UD_R_BP; op->index = UD_R_SI; break; case 3: op->base = UD_R_BP; op->index = UD_R_DI; break; case 4: op->base = UD_R_SI; break; case 5: op->base = UD_R_DI; break; case 6: op->base = UD_R_BP; break; case 7: op->base = UD_R_BX; break; } if (mod == 0 && rm == 6) { op->offset= 16; op->base = UD_NONE; } else if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 16; } } /* extract offset, if any */ switch(op->offset) { case 8 : op->lval.ubyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; default: break; } /* resolve register encoded in reg field */ if (opreg) { opreg->type = UD_OP_REG; opreg->size = (uint8_t)resolve_operand_size(u, reg_size); if (reg_type == T_GPR) opreg->base = decode_gpr(u, opreg->size, reg); else opreg->base = resolve_reg(u, reg_type, reg); } }