1 #include <stdlib.h>
2 #include <string.h>
3
4 #include "ia32_invariant.h"
5 #include "ia32_insn.h"
6 #include "ia32_settings.h"
7
8 extern ia32_table_desc_t *ia32_tables;
9 extern ia32_settings_t ia32_settings;
10
11 extern size_t ia32_table_lookup( unsigned char *buf, size_t buf_len,
12 unsigned int table, ia32_insn_t **raw_insn,
13 unsigned int *prefixes );
14
15
16 /* -------------------------------- ModR/M, SIB */
17 /* Convenience flags */
18 #define MODRM_EA 1 /* ModR/M is an effective addr */
19 #define MODRM_reg 2 /* ModR/M is a register */
20
21 /* ModR/M flags */
22 #define MODRM_RM_SIB 0x04 /* R/M == 100 */
23 #define MODRM_RM_NOREG 0x05 /* R/B == 101 */
24 /* if (MODRM.MOD_NODISP && MODRM.RM_NOREG) then just disp32 */
25 #define MODRM_MOD_NODISP 0x00 /* mod == 00 */
26 #define MODRM_MOD_DISP8 0x01 /* mod == 01 */
27 #define MODRM_MOD_DISP32 0x02 /* mod == 10 */
28 #define MODRM_MOD_NOEA 0x03 /* mod == 11 */
29 /* 16-bit modrm flags */
30 #define MOD16_MOD_NODISP 0
31 #define MOD16_MOD_DISP8 1
32 #define MOD16_MOD_DISP16 2
33 #define MOD16_MOD_REG 3
34
35 #define MOD16_RM_BXSI 0
36 #define MOD16_RM_BXDI 1
37 #define MOD16_RM_BPSI 2
38 #define MOD16_RM_BPDI 3
39 #define MOD16_RM_SI 4
40 #define MOD16_RM_DI 5
41 #define MOD16_RM_BP 6
42 #define MOD16_RM_BX 7
43
44 /* SIB flags */
45 #define SIB_INDEX_NONE 0x04
46 #define SIB_BASE_EBP 0x05
47 #define SIB_SCALE_NOBASE 0x00
48
49 /* Convenience struct for modR/M bitfield */
50 struct modRM_byte {
51 unsigned int mod : 2;
52 unsigned int reg : 3;
53 unsigned int rm : 3;
54 };
55
56 /* Convenience struct for SIB bitfield */
57 struct SIB_byte {
58 unsigned int scale : 2;
59 unsigned int index : 3;
60 unsigned int base : 3;
61 };
62
63 #ifdef WIN32
byte_decode(unsigned char b,struct modRM_byte * modrm)64 static void byte_decode(unsigned char b, struct modRM_byte *modrm) {
65 #else
66 static inline void byte_decode(unsigned char b, struct modRM_byte *modrm) {
67 #endif
68 /* generic bitfield-packing routine */
69
70 modrm->mod = b >> 6; /* top 2 bits */
71 modrm->reg = (b & 56) >> 3; /* middle 3 bits */
72 modrm->rm = b & 7; /* bottom 3 bits */
73 }
74 static int ia32_invariant_modrm( unsigned char *in, unsigned char *out,
75 unsigned int mode_16, x86_invariant_op_t *op) {
76 struct modRM_byte modrm;
77 struct SIB_byte sib;
78 unsigned char *c, *cin;
79 unsigned short *s;
80 unsigned int *i;
81 int size = 0; /* modrm byte is already counted */
82
83
84 byte_decode(*in, &modrm); /* get bitfields */
85
86 out[0] = in[0]; /* save modrm byte */
87 cin = &in[1];
88 c = &out[1];
89 s = (unsigned short *)&out[1];
90 i = (unsigned int *)&out[1];
91
92 op->type = op_expression;
93 op->flags |= op_pointer;
94 if ( ! mode_16 && modrm.rm == MODRM_RM_SIB &&
95 modrm.mod != MODRM_MOD_NOEA ) {
96 size ++;
97 byte_decode(*cin, (struct modRM_byte *)(void*)&sib);
98
99 out[1] = in[1]; /* save sib byte */
100 cin = &in[2];
101 c = &out[2];
102 s = (unsigned short *)&out[2];
103 i = (unsigned int *)&out[2];
104
105 if ( sib.base == SIB_BASE_EBP && ! modrm.mod ) {
106 /* disp 32 is variant! */
107 memset( i, X86_WILDCARD_BYTE, 4 );
108 size += 4;
109 }
110 }
111
112 if (! modrm.mod && modrm.rm == 101) {
113 if ( mode_16 ) { /* straight RVA in disp */
114 memset( s, X86_WILDCARD_BYTE, 2 );
115 size += 2;
116 } else {
117 memset( i, X86_WILDCARD_BYTE, 2 );
118 size += 4;
119 }
120 } else if (modrm.mod && modrm.mod < 3) {
121 if (modrm.mod == MODRM_MOD_DISP8) { /* offset in disp */
122 *c = *cin;
123 size += 1;
124 } else if ( mode_16 ) {
125 *s = (* ((unsigned short *) cin));
126 size += 2;
127 } else {
128 *i = (*((unsigned int *) cin));
129 size += 4;
130 }
131 } else if ( modrm.mod == 3 ) {
132 op->type = op_register;
133 op->flags &= ~op_pointer;
134 }
135
136 return (size);
137 }
138
139
140 static int ia32_decode_invariant( unsigned char *buf, size_t buf_len,
141 ia32_insn_t *t, unsigned char *out,
142 unsigned int prefixes, x86_invariant_t *inv) {
143
144 unsigned int addr_size, op_size, mode_16;
145 unsigned int op_flags[3] = { t->dest_flag, t->src_flag, t->aux_flag };
146 int x, type, bytes = 0, size = 0, modrm = 0;
147
148 /* set addressing mode */
149 if (ia32_settings.options & opt_16_bit) {
150 op_size = ( prefixes & PREFIX_OP_SIZE ) ? 4 : 2;
151 addr_size = ( prefixes & PREFIX_ADDR_SIZE ) ? 4 : 2;
152 mode_16 = ( prefixes & PREFIX_ADDR_SIZE ) ? 0 : 1;
153 } else {
154 op_size = ( prefixes & PREFIX_OP_SIZE ) ? 2 : 4;
155 addr_size = ( prefixes & PREFIX_ADDR_SIZE ) ? 2 : 4;
156 mode_16 = ( prefixes & PREFIX_ADDR_SIZE ) ? 1 : 0;
157 }
158
159 for (x = 0; x < 3; x++) {
160 inv->operands[x].access = (enum x86_op_access)
161 OP_PERM(op_flags[x]);
162 inv->operands[x].flags = (enum x86_op_flags)
163 (OP_FLAGS(op_flags[x]) >> 12);
164
165 switch (op_flags[x] & OPTYPE_MASK) {
166 case OPTYPE_c:
167 size = (op_size == 4) ? 2 : 1;
168 break;
169 case OPTYPE_a: case OPTYPE_v:
170 size = (op_size == 4) ? 4 : 2;
171 break;
172 case OPTYPE_p:
173 size = (op_size == 4) ? 6 : 4;
174 break;
175 case OPTYPE_b:
176 size = 1;
177 break;
178 case OPTYPE_w:
179 size = 2;
180 break;
181 case OPTYPE_d: case OPTYPE_fs: case OPTYPE_fd:
182 case OPTYPE_fe: case OPTYPE_fb: case OPTYPE_fv:
183 case OPTYPE_si: case OPTYPE_fx:
184 size = 4;
185 break;
186 case OPTYPE_s:
187 size = 6;
188 break;
189 case OPTYPE_q: case OPTYPE_pi:
190 size = 8;
191 break;
192 case OPTYPE_dq: case OPTYPE_ps: case OPTYPE_ss:
193 case OPTYPE_pd: case OPTYPE_sd:
194 size = 16;
195 break;
196 case OPTYPE_m:
197 size = (addr_size == 4) ? 4 : 2;
198 break;
199 default:
200 break;
201 }
202
203 type = op_flags[x] & ADDRMETH_MASK;
204 switch (type) {
205 case ADDRMETH_E: case ADDRMETH_M: case ADDRMETH_Q:
206 case ADDRMETH_R: case ADDRMETH_W:
207 modrm = 1;
208 bytes += ia32_invariant_modrm( buf, out,
209 mode_16, &inv->operands[x]);
210 break;
211 case ADDRMETH_C: case ADDRMETH_D: case ADDRMETH_G:
212 case ADDRMETH_P: case ADDRMETH_S: case ADDRMETH_T:
213 case ADDRMETH_V:
214 inv->operands[x].type = op_register;
215 modrm = 1;
216 break;
217 case ADDRMETH_A: case ADDRMETH_O:
218 /* pad with xF4's */
219 memset( &out[bytes + modrm], X86_WILDCARD_BYTE,
220 size );
221 bytes += size;
222 inv->operands[x].type = op_offset;
223 if ( type == ADDRMETH_O ) {
224 inv->operands[x].flags |= op_signed |
225 op_pointer;
226 }
227 break;
228 case ADDRMETH_I: case ADDRMETH_J:
229 /* grab imm value */
230 if ((op_flags[x] & OPTYPE_MASK) == OPTYPE_v) {
231 /* assume this is an address */
232 memset( &out[bytes + modrm],
233 X86_WILDCARD_BYTE, size );
234 } else {
235 memcpy( &out[bytes + modrm],
236 &buf[bytes + modrm], size );
237 }
238
239 bytes += size;
240 if ( type == ADDRMETH_J ) {
241 if ( size == 1 ) {
242 inv->operands[x].type =
243 op_relative_near;
244 } else {
245 inv->operands[x].type =
246 op_relative_far;
247 }
248 inv->operands[x].flags |= op_signed;
249 } else {
250 inv->operands[x].type = op_immediate;
251 }
252 break;
253 case ADDRMETH_F:
254 inv->operands[x].type = op_register;
255 break;
256 case ADDRMETH_X:
257 inv->operands[x].flags |= op_signed |
258 op_pointer | op_ds_seg | op_string;
259 break;
260 case ADDRMETH_Y:
261 inv->operands[x].flags |= op_signed |
262 op_pointer | op_es_seg | op_string;
263 break;
264 case ADDRMETH_RR:
265 inv->operands[x].type = op_register;
266 break;
267 case ADDRMETH_II:
268 inv->operands[x].type = op_immediate;
269 break;
270 default:
271 inv->operands[x].type = op_unused;
272 break;
273 }
274 }
275
276 return (bytes + modrm);
277 }
278
279 size_t ia32_disasm_invariant( unsigned char * buf, size_t buf_len,
280 x86_invariant_t *inv ) {
281 ia32_insn_t *raw_insn = NULL;
282 unsigned int prefixes;
283 unsigned int type;
284 size_t size;
285
286 /* Perform recursive table lookup starting with main table (0) */
287 size = ia32_table_lookup( buf, buf_len, 0, &raw_insn, &prefixes );
288 if ( size == INVALID_INSN || size > buf_len ) {
289 /* TODO: set errno */
290 return 0;
291 }
292
293 /* copy opcode bytes to buffer */
294 memcpy( inv->bytes, buf, size );
295
296 /* set mnemonic type and group */
297 type = raw_insn->mnem_flag & ~INS_FLAG_MASK;
298 inv->group = (enum x86_insn_group) (INS_GROUP(type)) >> 12;
299 inv->type = (enum x86_insn_type) INS_TYPE(type);
300
301 /* handle operands */
302 size += ia32_decode_invariant( buf + size, buf_len - size, raw_insn,
303 &buf[size - 1], prefixes, inv );
304
305 inv->size = size;
306
307 return size; /* return size of instruction in bytes */
308 }
309
310 size_t ia32_disasm_size( unsigned char *buf, size_t buf_len ) {
311 x86_invariant_t inv = { {0} };
312 return( ia32_disasm_invariant( buf, buf_len, &inv ) );
313 }
314