mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3158 lines
91 KiB
3158 lines
91 KiB
//----------------------------------------------------------------------------
|
|
//
|
|
// Disassembly portions of X86 machine implementation.
|
|
//
|
|
// Copyright (C) Microsoft Corporation, 2000-2001.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#include "ntsdp.hpp"
|
|
|
|
#include "i386_dis.h"
|
|
|
|
// See Get/SetRegVal comments in machine.hpp.
|
|
#define RegValError Do_not_use_GetSetRegVal_in_machine_implementations
|
|
#define GetRegVal(index, val) RegValError
|
|
#define GetRegVal32(index) RegValError
|
|
#define GetRegVal64(index) RegValError
|
|
#define SetRegVal(index, val) RegValError
|
|
#define SetRegVal32(index, val) RegValError
|
|
#define SetRegVal64(index, val) RegValError
|
|
|
|
UCHAR g_X86Int3[] = { 0xcc };
|
|
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// BaseX86MachineInfo methods.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
/***** macros and defines *****/
|
|
|
|
#define X86_CS_OVR 0x2e
|
|
|
|
#define BIT20(b) ((b) & 0x07)
|
|
#define BIT53(b) (((b) >> 3) & 0x07)
|
|
#define BIT76(b) (((b) >> 6) & 0x03)
|
|
#define MAXOPLEN 10
|
|
|
|
#define OBOFFSET (m_Ptr64 ? 35 : 26)
|
|
#define OBOPERAND (m_Ptr64 ? 43 : 34)
|
|
#define OBLINEEND (g_OutputWidth - 3)
|
|
|
|
/***** static tables and variables *****/
|
|
|
|
char* g_X86Reg8[] =
|
|
{
|
|
"al", "cl", "dl", "bl", "ah", "ch", "dh", "bh",
|
|
"r8b", "r9b", "r10b", "r11b", "r12b", "r13b", "r14b", "r15b"
|
|
};
|
|
char* g_Amd64ExtendedReg8[] =
|
|
{
|
|
"al", "cl", "dl", "bl", "spl", "bpl", "sil", "dil"
|
|
};
|
|
char* g_X86RegBase[] =
|
|
{
|
|
"ax", "cx", "dx", "bx", "sp", "bp", "si", "di",
|
|
"8", "9", "10", "11", "12", "13", "14", "15"
|
|
};
|
|
char *g_X86Mrm16[] =
|
|
{
|
|
"bx+si", "bx+di", "bp+si", "bp+di", "si", "di", "bp", "bx",
|
|
"r8w", "r9w", "r10w", "r11w", "r12w", "r13w", "r14w", "r15w"
|
|
};
|
|
char *g_X86Mrm32[] =
|
|
{
|
|
"eax", "ecx", "edx", "ebx", "esp", "ebp", "esi", "edi",
|
|
"r8d", "r9d", "r10d", "r11d", "r12d", "r13d", "r14d", "r15d"
|
|
};
|
|
char *g_X86Mrm64[] =
|
|
{
|
|
"rax", "rcx", "rdx", "rbx", "rsp", "rbp", "rsi", "rdi",
|
|
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"
|
|
};
|
|
|
|
UCHAR g_X86Reg16Idx[] =
|
|
{
|
|
X86_NBX, X86_NBX, X86_NBP, X86_NBP,
|
|
X86_NSI, X86_NDI, X86_NBP, X86_NBX,
|
|
};
|
|
UCHAR g_X86Reg16Idx2[] =
|
|
{
|
|
X86_NSI, X86_NDI, X86_NSI, X86_NDI
|
|
};
|
|
UCHAR g_X86RegIdx[] =
|
|
{
|
|
X86_NAX, X86_NCX, X86_NDX, X86_NBX,
|
|
X86_NSP, X86_NBP, X86_NSI, X86_NDI,
|
|
AMD64_R8, AMD64_R9, AMD64_R10, AMD64_R11,
|
|
AMD64_R12, AMD64_R13, AMD64_R14, AMD64_R15
|
|
};
|
|
|
|
static char sregtab[] = "ecsdfg"; // first letter of ES, CS, SS, DS, FS, GS
|
|
|
|
char* g_CompareIb[] = { "eq", "lt", "le", "unord", "ne", "nlt", "nle", "ord" };
|
|
|
|
char hexdigit[] = { '0', '1', '2', '3', '4', '5', '6', '7',
|
|
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
|
|
|
|
static int mod; /* mod of mod/rm byte */
|
|
static int rm; /* rm of mod/rm byte */
|
|
static int ttt; /* return reg value (of mod/rm) */
|
|
static unsigned char *pMem; /* current position in instruction */
|
|
|
|
ADDR EAaddr[2]; // offset of effective address
|
|
static int EAsize[2]; // size of effective address item
|
|
static char *pchEAseg[2]; // normal segment for operand
|
|
|
|
#define IPREL_MARKER "<-IPREL->"
|
|
|
|
BOOL g_X86ModrmHasIpRelOffset;
|
|
LONG g_X86IpRelOffset;
|
|
|
|
int g_SegAddrMode; /* global address size in bits */
|
|
int g_SegOpSize; /* global operand size in bits */
|
|
int g_AddrMode; /* local address size in bits */
|
|
int g_OpSize; /* operand size in bits */
|
|
|
|
int g_ExtendOpCode;
|
|
int g_ExtendAny;
|
|
int g_ExtendMrmReg;
|
|
int g_ExtendSibIndex;
|
|
int g_ExtendRm;
|
|
|
|
BOOL g_MovX; // Indicates a MOVSX or MOVZX.
|
|
BOOL g_MovSXD;
|
|
BOOL g_ForceMrmReg32; // M/RM register is always 32-bit.
|
|
BOOL g_MmRegEa; // Use mm? registers in reg-only EA.
|
|
BOOL g_XmmRegEa; // Use xmm? registers in reg-only EA.
|
|
BOOL g_ControlFlow; // Control flow instruction.
|
|
|
|
int g_RepPrefix;
|
|
|
|
enum
|
|
{
|
|
XMM_SS,
|
|
XMM_SD,
|
|
XMM_PS,
|
|
XMM_PD,
|
|
};
|
|
|
|
int g_XmmOpSize;
|
|
|
|
enum
|
|
{
|
|
JCC_EA_NONE,
|
|
// Branch must be no-branch + 1.
|
|
JCC_EA_NO_BRANCH,
|
|
JCC_EA_BRANCH,
|
|
};
|
|
|
|
// First entry are bits that must be zero, second
|
|
// and third entries are bit shifts for bits that must match.
|
|
ULONG g_JccCheckTable[][3] =
|
|
{
|
|
X86_BIT_FLAGOF, 0, 0, // JNO
|
|
X86_BIT_FLAGCF, 0, 0, // JNB
|
|
X86_BIT_FLAGZF, 0, 0, // JNZ
|
|
X86_BIT_FLAGCF | X86_BIT_FLAGZF, 0, 0, // JNBE
|
|
X86_BIT_FLAGSF, 0, 0, // JNS
|
|
X86_BIT_FLAGPF, 0, 0, // JNP
|
|
0, 7, 11, // JNL
|
|
X86_BIT_FLAGZF, 7, 11, // JNLE
|
|
};
|
|
|
|
// internal function definitions
|
|
|
|
void OutputHexString(char **, PUCHAR, int);
|
|
void OutputHexValue(char **, PUCHAR, int, int);
|
|
void OutputExHexValue(char **, PUCHAR, int, int);
|
|
void OutputHexCode(char **, PUCHAR, int);
|
|
void X86OutputString(char **, char *);
|
|
|
|
void OutputHexAddr(PSTR *, PADDR);
|
|
|
|
#define FormSelAddress(Addr, Sel, Off) \
|
|
FormAddr(Sel, Off, 0, Addr)
|
|
#define FormSegRegAddress(Addr, SegReg, Off) \
|
|
FormAddr(SegReg, Off, FORM_SEGREG, Addr)
|
|
|
|
void
|
|
GetSegAddrOpSizes(MachineInfo* Machine, PADDR Addr)
|
|
{
|
|
if ((Type(*Addr) & ADDR_1664) ||
|
|
((Type(*Addr) & ADDR_FLAT) &&
|
|
Machine->m_ExecTypes[0] == IMAGE_FILE_MACHINE_AMD64))
|
|
{
|
|
g_SegAddrMode = 64;
|
|
// X86-64 defaults to 32-bit operand sizes even in 64-bit code.
|
|
// Only the address size changes. An operand size prefix
|
|
// switches from 32- to 64-bit.
|
|
g_SegOpSize = 32;
|
|
}
|
|
else if (Type(*Addr) & (ADDR_V86 | ADDR_16))
|
|
{
|
|
g_SegAddrMode = 16;
|
|
g_SegOpSize = 16;
|
|
}
|
|
else
|
|
{
|
|
g_SegAddrMode = 32;
|
|
g_SegOpSize = 32;
|
|
}
|
|
|
|
g_AddrMode = g_SegAddrMode;
|
|
g_OpSize = g_SegOpSize;
|
|
}
|
|
|
|
void
|
|
OverrideAddrMode(void)
|
|
{
|
|
switch(g_SegAddrMode)
|
|
{
|
|
case 16:
|
|
g_AddrMode = 32;
|
|
break;
|
|
case 32:
|
|
g_AddrMode = 16;
|
|
break;
|
|
case 64:
|
|
g_AddrMode = 32;
|
|
break;
|
|
default:
|
|
DBG_ASSERT(FALSE);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void
|
|
OverrideOpSize(int OverrideOp)
|
|
{
|
|
switch(g_SegAddrMode)
|
|
{
|
|
case 16:
|
|
g_OpSize = 32;
|
|
break;
|
|
case 32:
|
|
g_OpSize = 16;
|
|
break;
|
|
case 64:
|
|
// X86-64 defaults to 32-bit operand sizes even in 64-bit code.
|
|
// Only the address size changes. A REX operand size prefix
|
|
// switches from 32- to 64-bit.
|
|
if (OverrideOp == 0x66)
|
|
{
|
|
g_OpSize = 16;
|
|
}
|
|
else if (OverrideOp & 8)
|
|
{
|
|
g_OpSize = 64;
|
|
}
|
|
break;
|
|
default:
|
|
DBG_ASSERT(FALSE);
|
|
break;
|
|
}
|
|
}
|
|
|
|
void
|
|
ExtendOps(int opcode)
|
|
{
|
|
// x86-64 uses these opcodes as the REX override.
|
|
OverrideOpSize(opcode);
|
|
|
|
g_ExtendOpCode = opcode;
|
|
g_ExtendAny = 8;
|
|
if (opcode & 1)
|
|
{
|
|
g_ExtendRm = 8;
|
|
}
|
|
if (opcode & 2)
|
|
{
|
|
g_ExtendSibIndex = 8;
|
|
}
|
|
if (opcode & 4)
|
|
{
|
|
g_ExtendMrmReg = 8;
|
|
}
|
|
}
|
|
|
|
void
|
|
IgnoreExtend(void)
|
|
{
|
|
//
|
|
// Resets any extensions that may have happened.
|
|
// The REX prefix must be the last
|
|
// prefix of an instruction and is ignored otherwise,
|
|
// so this reset is done when any prefix is encountered
|
|
// after the REX prefix. This should normally never
|
|
// happen but technically it's valid code so we should handle it.
|
|
//
|
|
|
|
if (g_ExtendOpCode)
|
|
{
|
|
WarnOut("REX prefix ignored\n");
|
|
|
|
if (g_ExtendOpCode & 8)
|
|
{
|
|
// Op size was changed so put it back. This
|
|
// is tricky since in theory an op size override
|
|
// prefix could also be present, but let's not
|
|
// worry about that for now.
|
|
g_OpSize = g_SegOpSize;
|
|
}
|
|
|
|
g_ExtendOpCode = 0;
|
|
g_ExtendAny = 0;
|
|
g_ExtendRm = 0;
|
|
g_ExtendSibIndex = 0;
|
|
g_ExtendMrmReg = 0;
|
|
}
|
|
}
|
|
|
|
struct AMD_3DNOW_OPSTR
|
|
{
|
|
PSTR Str;
|
|
UCHAR Opcode;
|
|
};
|
|
|
|
AMD_3DNOW_OPSTR g_Amd3DNowOpStr[] =
|
|
{
|
|
"pavgusb", 0xBF,
|
|
"pfadd", 0x9E,
|
|
"pfsub", 0x9A,
|
|
"pfsubr", 0xAA,
|
|
"pfacc", 0xAE,
|
|
"pfcmpge", 0x90,
|
|
"pfcmpgt", 0xA0,
|
|
"pfcmpeq", 0xB0,
|
|
"pfmin", 0x94,
|
|
"pfmax", 0xA4,
|
|
"pi2fd", 0x0D,
|
|
"pf2id", 0x1D,
|
|
"pfrcp", 0x96,
|
|
"pfrsqrt", 0x97,
|
|
"pfmul", 0xB4,
|
|
"pfrcpit1", 0xA6,
|
|
"pfrsqit1", 0xA7,
|
|
"pfrcpit2", 0xB6,
|
|
"pmulhrw", 0xB7,
|
|
"pf2iw", 0x1C,
|
|
"pfnacc", 0x8A,
|
|
"pfpnacc", 0x8E,
|
|
"pi2fw", 0x0C,
|
|
"pswapd", 0xBB,
|
|
};
|
|
|
|
PSTR
|
|
GetAmd3DNowOpString(UCHAR Opcode)
|
|
{
|
|
UCHAR i;
|
|
|
|
for (i = 0; i < sizeof(g_Amd3DNowOpStr) / sizeof(g_Amd3DNowOpStr[0]); i++)
|
|
{
|
|
if (g_Amd3DNowOpStr[i].Opcode == Opcode)
|
|
{
|
|
return g_Amd3DNowOpStr[i].Str;
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::Disassemble(PADDR paddr, PSTR pchDst, BOOL fEAout)
|
|
{
|
|
ULONG64 Offset = Off(*paddr);
|
|
int opcode; /* current opcode */
|
|
int olen = 2; /* operand length */
|
|
int alen = 2; /* address length */
|
|
int end = FALSE; /* end of instruction flag */
|
|
int mrm = FALSE; /* indicator that modrm is generated*/
|
|
unsigned char *action; /* action for operand interpretation*/
|
|
long tmp; /* temporary storage field */
|
|
int indx; /* temporary index */
|
|
int action2; /* secondary action */
|
|
int instlen; /* instruction length */
|
|
int cBytes; // bytes read into instr buffer
|
|
int segOvr = 0; /* segment override opcode */
|
|
UCHAR membuf[X86_MAX_INSTRUCTION_LEN]; /* current instruction buffer */
|
|
char *pEAlabel = ""; // optional label for operand
|
|
|
|
char *pchResultBuf = pchDst; // working copy of pchDst pointer
|
|
char RepPrefixBuffer[32]; // rep prefix buffer
|
|
char *pchRepPrefixBuf = RepPrefixBuffer; // pointer to prefix buffer
|
|
char OpcodeBuffer[16]; // opcode buffer
|
|
char *pchOpcodeBuf = OpcodeBuffer; // pointer to opcode buffer
|
|
char OperandBuffer[MAX_SYMBOL_LEN + 20]; // operand buffer
|
|
char *pchOperandBuf = OperandBuffer; // pointer to operand buffer
|
|
char ModrmBuffer[MAX_SYMBOL_LEN + 20]; // modRM buffer
|
|
char *pchModrmBuf = ModrmBuffer; // pointer to modRM buffer
|
|
char EABuffer[64]; // effective address buffer
|
|
char *pchEABuf = EABuffer; // pointer to EA buffer
|
|
|
|
int obOpcode = OBOFFSET;
|
|
int obOpcodeMin;
|
|
int obOpcodeMax;
|
|
|
|
int obOperand = OBOPERAND;
|
|
int obOperandMin;
|
|
int obOperandMax;
|
|
|
|
int cbOpcode;
|
|
int cbOperand;
|
|
int cbOffset;
|
|
int cbEAddr;
|
|
int fTwoLines = FALSE;
|
|
unsigned char BOPaction;
|
|
int subcode; /* bop subcode */
|
|
int JccEa;
|
|
LONGLONG Branch;
|
|
|
|
g_X86ModrmHasIpRelOffset = FALSE;
|
|
g_MovX = FALSE;
|
|
g_MovSXD = FALSE;
|
|
g_ForceMrmReg32 = FALSE;
|
|
g_MmRegEa = FALSE;
|
|
g_XmmRegEa = FALSE;
|
|
g_ControlFlow = FALSE;
|
|
EAsize[0] = EAsize[1] = 0; // no effective address
|
|
pchEAseg[0] = dszDS_;
|
|
pchEAseg[1] = dszES_;
|
|
g_RepPrefix = 0;
|
|
g_XmmOpSize = XMM_PS;
|
|
g_ExtendOpCode = 0;
|
|
g_ExtendAny = 0;
|
|
g_ExtendMrmReg = 0;
|
|
g_ExtendSibIndex = 0;
|
|
g_ExtendRm = 0;
|
|
JccEa = JCC_EA_NONE;
|
|
|
|
GetSegAddrOpSizes(this, paddr);
|
|
alen = g_AddrMode / 8;
|
|
olen = g_OpSize / 8;
|
|
|
|
OutputHexAddr(&pchResultBuf, paddr);
|
|
|
|
*pchResultBuf++ = ' ';
|
|
|
|
cBytes = (int)GetMemString(paddr, membuf, X86_MAX_INSTRUCTION_LEN);
|
|
/* move full inst to local buffer */
|
|
pMem = membuf; /* point to begin of instruction */
|
|
opcode = *pMem++; /* get opcode */
|
|
|
|
if ( opcode == 0xc4 && *pMem == 0xC4 )
|
|
{
|
|
pMem++;
|
|
X86OutputString(&pchOpcodeBuf,"BOP");
|
|
action = &BOPaction;
|
|
BOPaction = IB | END;
|
|
subcode = *pMem;
|
|
if ( subcode == 0x50 || subcode == 0x52 || subcode == 0x53 ||
|
|
subcode == 0x54 || subcode == 0x57 || subcode == 0x58 ||
|
|
subcode == 0x58 )
|
|
{
|
|
BOPaction = IW | END;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
X86OutputString(&pchOpcodeBuf, distbl[opcode].instruct);
|
|
action = actiontbl + distbl[opcode].opr; /* get operand action */
|
|
}
|
|
|
|
/***** loop through all operand actions *****/
|
|
|
|
do
|
|
{
|
|
action2 = (*action) & 0xc0;
|
|
switch((*action++) & 0x3f)
|
|
{
|
|
case ALT: /* alter the opcode if not 16-bit */
|
|
if (g_OpSize > 16)
|
|
{
|
|
indx = *action++;
|
|
pchOpcodeBuf = &OpcodeBuffer[indx];
|
|
if (indx == 0)
|
|
{
|
|
X86OutputString(&pchOpcodeBuf, g_OpSize == 32 ?
|
|
dszCWDE : dszCDQE);
|
|
}
|
|
else if (g_OpSize == 64)
|
|
{
|
|
*pchOpcodeBuf++ = 'q';
|
|
if (indx == 1)
|
|
{
|
|
*pchOpcodeBuf++ = 'o';
|
|
}
|
|
}
|
|
else
|
|
{
|
|
*pchOpcodeBuf++ = 'd';
|
|
if (indx == 1)
|
|
{
|
|
*pchOpcodeBuf++ = 'q';
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
case XMMSD: /* SSE-style opcode rewriting */
|
|
{
|
|
char ScalarOrPacked, SingleOrDouble;
|
|
char* DquOrQ, *DqOrQ, *SsdxOrUpsd, *CvtPd, *CvtPs;
|
|
char* MovQD6, *Shuf;
|
|
char* Scan;
|
|
|
|
g_MmRegEa = TRUE;
|
|
DquOrQ = "q";
|
|
DqOrQ = "q";
|
|
SsdxOrUpsd = "s?x";
|
|
CvtPd = NULL;
|
|
CvtPs = NULL;
|
|
MovQD6 = NULL;
|
|
switch(g_RepPrefix)
|
|
{
|
|
case X86_REPN:
|
|
// Scalar double operation.
|
|
ScalarOrPacked = 's';
|
|
SingleOrDouble = 'd';
|
|
CvtPd = "pd2dq";
|
|
MovQD6 = "dq2q";
|
|
Shuf = "lw";
|
|
g_XmmOpSize = XMM_SD;
|
|
// Assume there was no other lock/rep/etc.
|
|
pchRepPrefixBuf = RepPrefixBuffer;
|
|
break;
|
|
case X86_REP:
|
|
// Scalar single operation.
|
|
ScalarOrPacked = 's';
|
|
SingleOrDouble = 's';
|
|
CvtPd = "dq2pd";
|
|
CvtPs = "tps2dq";
|
|
MovQD6 = "q2dq";
|
|
Shuf = "hw";
|
|
g_XmmOpSize = XMM_SS;
|
|
// Assume there was no other lock/rep/etc.
|
|
pchRepPrefixBuf = RepPrefixBuffer;
|
|
break;
|
|
default:
|
|
// No rep prefix means packed single or double
|
|
// depending on operand size.
|
|
ScalarOrPacked = 'p';
|
|
SsdxOrUpsd = "up?";
|
|
if (g_OpSize == g_SegOpSize)
|
|
{
|
|
SingleOrDouble = 's';
|
|
CvtPs = "dq2ps";
|
|
Shuf = "w";
|
|
g_XmmOpSize = XMM_PS;
|
|
}
|
|
else
|
|
{
|
|
SingleOrDouble = 'd';
|
|
DqOrQ = "dq";
|
|
DquOrQ = "dqu";
|
|
CvtPd = "tpd2dq";
|
|
CvtPs = "ps2dq";
|
|
MovQD6 = "q";
|
|
Shuf = "d";
|
|
g_XmmRegEa = TRUE;
|
|
g_XmmOpSize = XMM_PD;
|
|
}
|
|
break;
|
|
}
|
|
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
while (*pchOpcodeBuf && *pchOpcodeBuf != ' ')
|
|
{
|
|
switch(*pchOpcodeBuf)
|
|
{
|
|
case ':':
|
|
*pchOpcodeBuf = ScalarOrPacked;
|
|
break;
|
|
case '?':
|
|
*pchOpcodeBuf = SingleOrDouble;
|
|
break;
|
|
case ',':
|
|
*pchOpcodeBuf = SingleOrDouble == 's' ? 'd' : 's';
|
|
break;
|
|
}
|
|
|
|
pchOpcodeBuf++;
|
|
}
|
|
|
|
switch(opcode)
|
|
{
|
|
case X86_MOVFREGMEM:
|
|
case X86_MOVFMEMREG:
|
|
// Append characters for MOVS[SD]X and MOVUP[SD].
|
|
strcpy(pchOpcodeBuf, SsdxOrUpsd);
|
|
if ((Scan = strchr(pchOpcodeBuf, '?')) != NULL)
|
|
{
|
|
*Scan = SingleOrDouble;
|
|
}
|
|
pchOpcodeBuf += strlen(pchOpcodeBuf);
|
|
break;
|
|
case X86_MOVNT:
|
|
// Append characters for MOVNTQ and MOVNTDQ.
|
|
X86OutputString(&pchOpcodeBuf, DqOrQ);
|
|
break;
|
|
case X86_MASKMOV:
|
|
// Append characters for MASKMOVQ and MASKMOVDQU.
|
|
X86OutputString(&pchOpcodeBuf, DquOrQ);
|
|
break;
|
|
case X86_CVTPD:
|
|
if (CvtPd == NULL)
|
|
{
|
|
// Invalid opcode.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszRESERVED);
|
|
action2 = END;
|
|
}
|
|
else
|
|
{
|
|
// Append characters for CVT<PD>.
|
|
X86OutputString(&pchOpcodeBuf, CvtPd);
|
|
}
|
|
break;
|
|
case X86_CVTPS:
|
|
if (CvtPs == NULL)
|
|
{
|
|
// Invalid opcode.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszRESERVED);
|
|
action2 = END;
|
|
}
|
|
else
|
|
{
|
|
// Append characters for CVT<PS>.
|
|
X86OutputString(&pchOpcodeBuf, CvtPs);
|
|
}
|
|
break;
|
|
case X86_MOVQ_D6:
|
|
if (MovQD6 == NULL)
|
|
{
|
|
// Invalid opcode.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszRESERVED);
|
|
action2 = END;
|
|
}
|
|
else
|
|
{
|
|
// Append characters for MOVQ D6 family.
|
|
X86OutputString(&pchOpcodeBuf, MovQD6);
|
|
}
|
|
break;
|
|
case X86_PSHUF:
|
|
// Append characters for PSHUF variants.
|
|
X86OutputString(&pchOpcodeBuf, Shuf);
|
|
break;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case AMD3DNOW: /* AMD 3DNow post-instruction byte */
|
|
{
|
|
PSTR OpStr;
|
|
|
|
// Get the trailing byte and look up
|
|
// the opcode string.
|
|
OpStr = GetAmd3DNowOpString(*pMem++);
|
|
if (OpStr == NULL)
|
|
{
|
|
// Not a defined 3DNow instruction.
|
|
// Leave the ??? in the opstring.
|
|
break;
|
|
}
|
|
|
|
// Update opstring to real text.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, OpStr);
|
|
}
|
|
break;
|
|
|
|
case STROP:
|
|
// compute size of operands in indx
|
|
// also if dword operands, change fifth
|
|
// opcode letter from 'w' to 'd'.
|
|
|
|
if (opcode & 1)
|
|
{
|
|
if (g_OpSize == 64)
|
|
{
|
|
indx = 8;
|
|
OpcodeBuffer[4] = 'q';
|
|
}
|
|
else if (g_OpSize == 32)
|
|
{
|
|
indx = 4;
|
|
OpcodeBuffer[4] = 'd';
|
|
}
|
|
else
|
|
{
|
|
indx = 2;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
indx = 1;
|
|
}
|
|
|
|
if (*action & 1)
|
|
{
|
|
if (fEAout)
|
|
{
|
|
if (g_AddrMode > 16)
|
|
{
|
|
FormSelAddress(&EAaddr[0], 0, GetReg64(X86_NSI));
|
|
}
|
|
else
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_DATA,
|
|
GetReg16(X86_NSI));
|
|
}
|
|
EAsize[0] = indx;
|
|
}
|
|
}
|
|
if (*action++ & 2)
|
|
{
|
|
if (fEAout)
|
|
{
|
|
if (g_AddrMode > 16)
|
|
{
|
|
FormSelAddress(&EAaddr[1], 0, GetReg64(X86_NDI));
|
|
}
|
|
else
|
|
{
|
|
FormSegRegAddress(&EAaddr[1], SEGREG_ES,
|
|
GetReg16(X86_NDI));
|
|
}
|
|
EAsize[1] = indx;
|
|
}
|
|
}
|
|
break;
|
|
|
|
case CHR: /* insert a character */
|
|
*pchOperandBuf++ = *action++;
|
|
break;
|
|
|
|
case CREG: /* set debug, test or control reg */
|
|
if (opcode & 0x04)
|
|
{
|
|
*pchOperandBuf++ = 't';
|
|
}
|
|
else if (opcode & 0x01)
|
|
{
|
|
*pchOperandBuf++ = 'd';
|
|
}
|
|
else
|
|
{
|
|
*pchOperandBuf++ = 'c';
|
|
}
|
|
*pchOperandBuf++ = 'r';
|
|
if (ttt >= 10)
|
|
{
|
|
*pchOperandBuf++ = (char)('0' + ttt / 10);
|
|
ttt %= 10;
|
|
}
|
|
*pchOperandBuf++ = (char)('0' + ttt);
|
|
break;
|
|
|
|
case SREG2: /* segment register */
|
|
ttt = BIT53(opcode); // set value to fall through
|
|
|
|
case SREG3: /* segment register */
|
|
*pchOperandBuf++ = sregtab[ttt]; // reg is part of modrm
|
|
*pchOperandBuf++ = 's';
|
|
break;
|
|
|
|
case BRSTR: /* get index to register string */
|
|
ttt = *action++; /* from action table */
|
|
goto BREGlabel;
|
|
|
|
case BOREG: /* byte register (in opcode) */
|
|
ttt = BIT20(opcode); /* register is part of opcode */
|
|
goto BREGlabel;
|
|
|
|
case ALSTR:
|
|
ttt = 0; /* point to AL register */
|
|
BREGlabel:
|
|
case BREG: /* general register */
|
|
if (g_ExtendAny && ttt < 8)
|
|
{
|
|
X86OutputString(&pchOperandBuf, g_Amd64ExtendedReg8[ttt]);
|
|
}
|
|
else
|
|
{
|
|
X86OutputString(&pchOperandBuf, g_X86Reg8[ttt]);
|
|
}
|
|
break;
|
|
|
|
case WRSTR: /* get index to register string */
|
|
ttt = *action++; /* from action table */
|
|
goto WREGlabel;
|
|
|
|
case VOREG: /* register is part of opcode */
|
|
if (m_ExecTypes[0] == IMAGE_FILE_MACHINE_AMD64 &&
|
|
opcode >= 0x40 && opcode <= 0x4f)
|
|
{
|
|
// Get rid of the inc/dec text as this
|
|
// isn't really an inc/dec.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
|
|
// Process the REX override.
|
|
ExtendOps(opcode);
|
|
olen = g_OpSize / 8;
|
|
action2 = 0;
|
|
goto getNxtByte;
|
|
}
|
|
|
|
ttt = BIT20(opcode) + g_ExtendRm;
|
|
goto VREGlabel;
|
|
|
|
case AXSTR:
|
|
ttt = 0; /* point to eAX register */
|
|
VREGlabel:
|
|
case VREG: /* general register */
|
|
if ((g_SegAddrMode == 64 &&
|
|
opcode >= 0x50 && opcode <= 0x5f) ||
|
|
ttt >= 8)
|
|
{
|
|
// Push/pops are always 64-bit in 64-bit segments.
|
|
*pchOperandBuf++ = 'r';
|
|
}
|
|
else if (g_OpSize == 32 ||
|
|
opcode == X86_PEXTRW ||
|
|
opcode == X86_PMOVMSKB)
|
|
{
|
|
*pchOperandBuf++ = 'e';
|
|
}
|
|
else if (g_OpSize == 64)
|
|
{
|
|
*pchOperandBuf++ = 'r';
|
|
}
|
|
WREGlabel:
|
|
case WREG: /* register is word size */
|
|
X86OutputString(&pchOperandBuf, g_X86RegBase[ttt]);
|
|
if (ttt >= 8)
|
|
{
|
|
if (g_OpSize == 32)
|
|
{
|
|
*pchOperandBuf++ = 'd';
|
|
}
|
|
else if (g_OpSize == 16)
|
|
{
|
|
*pchOperandBuf++ = 'w';
|
|
}
|
|
}
|
|
break;
|
|
|
|
case MMORWREG:
|
|
if (g_XmmOpSize == XMM_SS || g_XmmOpSize == XMM_SD)
|
|
{
|
|
goto VREGlabel;
|
|
}
|
|
// Fall through.
|
|
MMWREGlabel:
|
|
case MMWREG:
|
|
if (g_OpSize != g_SegOpSize &&
|
|
opcode != X86_CVTSPSD2SPI)
|
|
{
|
|
*pchOperandBuf++ = 'x';
|
|
}
|
|
*pchOperandBuf++ = 'm';
|
|
*pchOperandBuf++ = 'm';
|
|
if (ttt >= 10)
|
|
{
|
|
*pchOperandBuf++ = (char)('0' + ttt / 10);
|
|
ttt %= 10;
|
|
}
|
|
*pchOperandBuf++ = ttt + '0';
|
|
break;
|
|
|
|
case XORMMREG:
|
|
if (g_OpSize == g_SegOpSize)
|
|
{
|
|
goto MMWREGlabel;
|
|
}
|
|
// Fall through.
|
|
case XMMWREG:
|
|
if (opcode != X86_PSHUF || g_XmmOpSize != XMM_PS)
|
|
{
|
|
*pchOperandBuf++ = 'x';
|
|
}
|
|
*pchOperandBuf++ = 'm';
|
|
*pchOperandBuf++ = 'm';
|
|
if (ttt >= 10)
|
|
{
|
|
*pchOperandBuf++ = (char)('0' + ttt / 10);
|
|
ttt %= 10;
|
|
}
|
|
*pchOperandBuf++ = ttt + '0';
|
|
break;
|
|
|
|
case IST_ST:
|
|
X86OutputString(&pchOperandBuf, "st(0),st");
|
|
*(pchOperandBuf - 5) += (char)rm;
|
|
break;
|
|
|
|
case ST_IST:
|
|
X86OutputString(&pchOperandBuf, "st,");
|
|
case IST:
|
|
X86OutputString(&pchOperandBuf, "st(0)");
|
|
*(pchOperandBuf - 2) += (char)rm;
|
|
break;
|
|
|
|
case xBYTE: /* set instruction to byte only */
|
|
EAsize[0] = 1;
|
|
pEAlabel = "byte ptr ";
|
|
break;
|
|
|
|
case VAR:
|
|
if ((g_SegAddrMode == 64 || g_ExtendAny > 0) &&
|
|
opcode == 0x63)
|
|
{
|
|
// In AMD64 REX32 and 64-bit modes this instruction
|
|
// is MOVSXD r64, r/m32 instead of ARPL r/m, reg.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszMOVSXD);
|
|
action = &actiontbl[O_Reg_Modrm] + 1;
|
|
g_OpSize = 64;
|
|
g_MovSXD = TRUE;
|
|
goto DWORDlabel;
|
|
}
|
|
else if (opcode == 0xff)
|
|
{
|
|
UCHAR Extra = BIT53(*pMem);
|
|
if (Extra >= 2 && Extra <= 5)
|
|
{
|
|
g_ControlFlow = TRUE;
|
|
|
|
// On x86-64 control-flow operations default to
|
|
// 64-bit opsize.
|
|
if (g_SegAddrMode == 64)
|
|
{
|
|
if (g_OpSize == 32)
|
|
{
|
|
g_OpSize = 64;
|
|
}
|
|
}
|
|
}
|
|
else if (g_SegAddrMode == 64 && Extra == 6)
|
|
{
|
|
// Push/pops are always 64-bit in 64-bit segments.
|
|
g_OpSize = 64;
|
|
}
|
|
}
|
|
else if (g_SegAddrMode == 64 && opcode == 0x8f)
|
|
{
|
|
// Push/pops are always 64-bit in 64-bit segments.
|
|
g_OpSize = 64;
|
|
}
|
|
olen = g_OpSize / 8;
|
|
|
|
if (g_OpSize == 64)
|
|
{
|
|
goto QWORDlabel;
|
|
}
|
|
else if (g_OpSize == 32)
|
|
{
|
|
goto DWORDlabel;
|
|
}
|
|
|
|
case xWORD:
|
|
if (opcode == X86_PINSRW)
|
|
{
|
|
g_ForceMrmReg32 = TRUE;
|
|
}
|
|
EAsize[0] = 2;
|
|
pEAlabel = "word ptr ";
|
|
break;
|
|
|
|
case EDWORD:
|
|
// Control register opsize is mode-independent.
|
|
g_OpSize = g_SegAddrMode;
|
|
if (g_OpSize == 64)
|
|
{
|
|
goto QWORDlabel;
|
|
}
|
|
case xDWORD:
|
|
if (opcode == X86_MOVDQ_7E && g_RepPrefix == X86_REP)
|
|
{
|
|
// Switch to MOVQ xmm1, xmm2/m64.
|
|
pchRepPrefixBuf = RepPrefixBuffer;
|
|
*(pchOpcodeBuf - 1) = 'q';
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
g_XmmRegEa = TRUE;
|
|
action = &actiontbl[O_Sd_XmmReg_qModrm] + 2;
|
|
break;
|
|
}
|
|
// Fall through.
|
|
DWORDlabel:
|
|
EAsize[0] = 4;
|
|
pEAlabel = "dword ptr ";
|
|
break;
|
|
|
|
case XMMOWORD:
|
|
if (opcode == X86_PSHUF)
|
|
{
|
|
if (g_XmmOpSize == XMM_PS)
|
|
{
|
|
g_MmRegEa = TRUE;
|
|
goto QWORDlabel;
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
break;
|
|
}
|
|
}
|
|
|
|
g_XmmRegEa = TRUE;
|
|
if (opcode == X86_CVTPD)
|
|
{
|
|
if (g_XmmOpSize == XMM_SS)
|
|
{
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
}
|
|
break;
|
|
}
|
|
else if (opcode == X86_CVTPS)
|
|
{
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
break;
|
|
}
|
|
else if (opcode == X86_MOVQ_D6)
|
|
{
|
|
if (g_XmmOpSize == XMM_SD)
|
|
{
|
|
// Switch to MOVDQ2Q mm, xmm.
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
action = &actiontbl[O_MmReg_qModrm] + 1;
|
|
break;
|
|
}
|
|
}
|
|
else if (opcode == X86_MOVHLPS && g_XmmOpSize == XMM_PS &&
|
|
BIT76(*pMem) == 3)
|
|
{
|
|
// reg-reg form of MOVLPS is called MOVHLPS.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszMOVHLPS);
|
|
}
|
|
else if (opcode == X86_MOVLHPS && g_XmmOpSize == XMM_PS &&
|
|
BIT76(*pMem) == 3)
|
|
{
|
|
// reg-reg form of MOVHPS is called MOVLHPS.
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszMOVLHPS);
|
|
}
|
|
|
|
// Fall through.
|
|
|
|
OWORDlabel:
|
|
case OWORD:
|
|
switch(g_XmmOpSize)
|
|
{
|
|
case XMM_SS:
|
|
EAsize[0] = 4;
|
|
pEAlabel = "dword ptr ";
|
|
if (opcode == X86_MOVQ_D6)
|
|
{
|
|
// Switch to MOVQ xmm1, xmm2/m64.
|
|
g_XmmRegEa = FALSE;
|
|
action = &actiontbl[O_Sd_XmmReg_qModrm] + 1;
|
|
}
|
|
break;
|
|
case XMM_SD:
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
break;
|
|
default:
|
|
if (opcode == 0x112 || opcode == 0x113 ||
|
|
opcode == 0x116 || opcode == 0x117 ||
|
|
opcode == X86_MOVQ_D6 ||
|
|
(g_OpSize == g_SegOpSize &&
|
|
(opcode == 0x12c || opcode == X86_CVTSPSD2SPI ||
|
|
opcode == X86_CVTSPSD2SPSD)))
|
|
{
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
}
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case XMMXWORD:
|
|
g_XmmRegEa = TRUE;
|
|
if (g_OpSize == g_SegOpSize)
|
|
{
|
|
if (opcode == X86_MOVNT)
|
|
{
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 4;
|
|
pEAlabel = "dword ptr ";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (opcode == X86_MOVNT)
|
|
{
|
|
EAsize[0] = 16;
|
|
pEAlabel = "oword ptr ";
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
}
|
|
}
|
|
break;
|
|
|
|
case MMQWORD:
|
|
if (g_OpSize != g_SegOpSize &&
|
|
(opcode == X86_MOVDQA_MR || opcode == X86_MOVDQA_RM))
|
|
{
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszMOVDQA);
|
|
}
|
|
|
|
if (opcode == X86_CVTSPI2SPSD)
|
|
{
|
|
g_XmmRegEa = FALSE;
|
|
if (g_XmmOpSize == XMM_SS || g_XmmOpSize == XMM_SD)
|
|
{
|
|
g_MmRegEa = FALSE;
|
|
goto DWORDlabel;
|
|
}
|
|
}
|
|
else if (g_OpSize != g_SegOpSize)
|
|
{
|
|
goto OWORDlabel;
|
|
}
|
|
g_MmRegEa = TRUE;
|
|
QWORDlabel:
|
|
case QWORD:
|
|
EAsize[0] = 8;
|
|
pEAlabel = "qword ptr ";
|
|
break;
|
|
|
|
case TBYTE:
|
|
EAsize[0] = 10;
|
|
pEAlabel = "tbyte ptr ";
|
|
break;
|
|
|
|
case FARPTR:
|
|
g_ControlFlow = TRUE;
|
|
|
|
// On x86-64 control-flow operations default to
|
|
// 64-bit opsize.
|
|
if (g_SegAddrMode == 64)
|
|
{
|
|
if (g_OpSize == 32)
|
|
{
|
|
g_OpSize = 64;
|
|
}
|
|
}
|
|
|
|
switch(g_OpSize)
|
|
{
|
|
case 16:
|
|
EAsize[0] = 4;
|
|
pEAlabel = "dword ptr ";
|
|
break;
|
|
default:
|
|
EAsize[0] = 6;
|
|
pEAlabel = "fword ptr ";
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case LMODRM: // output modRM data type
|
|
if (mod != 3)
|
|
{
|
|
X86OutputString(&pchOperandBuf, pEAlabel);
|
|
}
|
|
else
|
|
{
|
|
EAsize[0] = 0;
|
|
}
|
|
|
|
case MODRM: /* output modrm string */
|
|
if (segOvr) /* in case of segment override */
|
|
{
|
|
X86OutputString(&pchOperandBuf, distbl[segOvr].instruct);
|
|
}
|
|
*pchModrmBuf = '\0';
|
|
X86OutputString(&pchOperandBuf, ModrmBuffer);
|
|
break;
|
|
|
|
case ADDRP: /* address pointer */
|
|
// segment
|
|
OutputHexString(&pchOperandBuf, pMem + olen, 2);
|
|
*pchOperandBuf++ = ':';
|
|
// offset
|
|
OutputSymbol(&pchOperandBuf, pMem, olen, segOvr);
|
|
pMem += olen + 2;
|
|
break;
|
|
|
|
case JCC8:
|
|
JccEa = ComputeJccEa(opcode, fEAout);
|
|
// Fall through.
|
|
case REL8: /* relative address 8-bit */
|
|
if (opcode == 0xe3 && g_AddrMode > 16)
|
|
{
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, g_AddrMode == 64 ?
|
|
dszJRCXZ : dszJECXZ);
|
|
}
|
|
Branch = *(char *)pMem++; /* get the 8-bit rel offset */
|
|
goto DoRelDispl;
|
|
|
|
case JCCX:
|
|
JccEa = ComputeJccEa(opcode, fEAout);
|
|
// Fall through.
|
|
case REL16: /* relative address 16-/32-bit */
|
|
switch(g_AddrMode)
|
|
{
|
|
case 16:
|
|
Branch = *(short UNALIGNED *)pMem;
|
|
pMem += 2;
|
|
break;
|
|
default:
|
|
Branch = *(long UNALIGNED *)pMem;
|
|
pMem += 4;
|
|
break;
|
|
}
|
|
DoRelDispl:
|
|
/* calculate address */
|
|
Branch += Offset + (pMem - membuf);
|
|
// rel8 and rel16 are only used in control-flow
|
|
// instructions so the target is always relative
|
|
// to CS. Pass in the CS override to force this.
|
|
OutputSymbol(&pchOperandBuf, (PUCHAR)&Branch, alen, X86_CS_OVR);
|
|
break;
|
|
|
|
case UBYTE: // unsigned byte for int/in/out
|
|
OutputHexString(&pchOperandBuf, pMem, 1); // ubyte
|
|
pMem++;
|
|
break;
|
|
|
|
case CMPIB:
|
|
// Immediate byte comparison encoding for CMP[SP][SD].
|
|
if (*pMem < 8)
|
|
{
|
|
X86OutputString(&pchOperandBuf, g_CompareIb[*pMem]);
|
|
pMem++;
|
|
}
|
|
else
|
|
{
|
|
olen = 1;
|
|
goto DoImmed;
|
|
}
|
|
break;
|
|
|
|
case IB: /* operand is immediate byte */
|
|
// postop for AAD/AAM is 0x0a
|
|
if ((opcode & ~1) == 0xd4)
|
|
{
|
|
// test post-opcode byte
|
|
if (*pMem++ != 0x0a)
|
|
{
|
|
X86OutputString(&pchOperandBuf, dszRESERVED);
|
|
}
|
|
break;
|
|
}
|
|
olen = 1; /* set operand length */
|
|
goto DoImmed;
|
|
|
|
case IW: /* operand is immediate word */
|
|
olen = 2; /* set operand length */
|
|
|
|
case IV: /* operand is word or dword */
|
|
DoImmed:
|
|
// AMD64 immediates are only 64-bit in the case of
|
|
// mov reg, immed. All other operations involving
|
|
// immediates stay 32-bit.
|
|
if (olen == 8 &&
|
|
(opcode < 0xb8 || opcode > 0xbf))
|
|
{
|
|
olen = 4;
|
|
}
|
|
OutputHexValue(&pchOperandBuf, pMem, olen, FALSE);
|
|
pMem += olen;
|
|
break;
|
|
|
|
case XB:
|
|
OutputExHexValue(&pchOperandBuf, pMem, 1, g_OpSize / 8);
|
|
pMem++;
|
|
break;
|
|
|
|
case OFFS: /* operand is offset */
|
|
EAsize[0] = (opcode & 1) ? olen : 1;
|
|
|
|
if (segOvr) /* in case of segment override */
|
|
{
|
|
X86OutputString(&pchOperandBuf, distbl[segOvr].instruct);
|
|
}
|
|
|
|
*pchOperandBuf++ = '[';
|
|
// offset
|
|
OutputSymbol(&pchOperandBuf, pMem, alen, segOvr);
|
|
pMem += alen;
|
|
*pchOperandBuf++ = ']';
|
|
break;
|
|
|
|
case X86_GROUP: /* operand is of group 1,2,4,6 or 8 */
|
|
/* output opcode symbol */
|
|
X86OutputString(&pchOpcodeBuf, group[*action++][ttt]);
|
|
break;
|
|
|
|
case GROUPT: /* operand is of group 3,5 or 7 */
|
|
indx = *action; /* get indx into group from action */
|
|
goto doGroupT;
|
|
|
|
case EGROUPT: /* x87 ESC (D8-DF) group index */
|
|
indx = BIT20(opcode) * 2; /* get group index from opcode */
|
|
/* some operand variations exist */
|
|
if (mod == 3)
|
|
{
|
|
/* for x87 and mod == 3 */
|
|
++indx; /* take the next group table entry */
|
|
if (indx == 3)
|
|
{
|
|
/* for x87 ESC==D9 and mod==3 */
|
|
if (ttt > 3)
|
|
{
|
|
/* for those D9 instructions */
|
|
indx = 12 + ttt; /* offset index to table by 12 */
|
|
ttt = rm; /* set secondary index to rm */
|
|
}
|
|
}
|
|
else if (indx == 7)
|
|
{
|
|
/* for x87 ESC==DB and mod==3 */
|
|
if (ttt == 4)
|
|
{
|
|
/* if ttt==4 */
|
|
ttt = rm; /* set secondary group table index */
|
|
}
|
|
else if ((ttt < 4) || (ttt > 4 && ttt < 7))
|
|
{
|
|
// adjust for pentium pro opcodes
|
|
indx = 24; /* offset index to table by 24*/
|
|
}
|
|
}
|
|
}
|
|
doGroupT:
|
|
/* handle group with different types of operands */
|
|
|
|
X86OutputString(&pchOpcodeBuf, groupt[indx][ttt].instruct);
|
|
action = actiontbl + groupt[indx][ttt].opr;
|
|
/* get new action */
|
|
break;
|
|
|
|
case OPC0F: /* secondary opcode table (opcode 0F) */
|
|
opcode = *pMem++; /* get real opcode */
|
|
g_MovX = (BOOL)(opcode == 0xBF || opcode == 0xB7);
|
|
// Point opcode into secondary opcode portion of table.
|
|
opcode += 256;
|
|
goto getNxtByte1;
|
|
|
|
case ADR_OVR: /* address override */
|
|
IgnoreExtend();
|
|
olen = g_OpSize / 8;
|
|
OverrideAddrMode();
|
|
alen = g_AddrMode / 8;
|
|
goto getNxtByte;
|
|
|
|
case OPR_OVR: /* operand size override */
|
|
IgnoreExtend();
|
|
OverrideOpSize(opcode);
|
|
olen = g_OpSize / 8;
|
|
goto getNxtByte;
|
|
|
|
case SEG_OVR: /* handle segment override */
|
|
IgnoreExtend();
|
|
olen = g_OpSize / 8;
|
|
segOvr = opcode; /* save segment override opcode */
|
|
pchOpcodeBuf = OpcodeBuffer; // restart the opcode string
|
|
goto getNxtByte;
|
|
|
|
case REP: /* handle rep/lock prefixes */
|
|
IgnoreExtend();
|
|
olen = g_OpSize / 8;
|
|
g_RepPrefix = opcode;
|
|
*pchOpcodeBuf = '\0';
|
|
if (pchRepPrefixBuf != RepPrefixBuffer)
|
|
{
|
|
*pchRepPrefixBuf++ = ' ';
|
|
}
|
|
X86OutputString(&pchRepPrefixBuf, OpcodeBuffer);
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
getNxtByte:
|
|
opcode = *pMem++; /* next byte is opcode */
|
|
getNxtByte1:
|
|
action = actiontbl + distbl[opcode].opr;
|
|
X86OutputString(&pchOpcodeBuf, distbl[opcode].instruct);
|
|
break;
|
|
|
|
case NOP:
|
|
if (opcode == X86_PAUSE && g_RepPrefix == X86_REP)
|
|
{
|
|
pchRepPrefixBuf = RepPrefixBuffer;
|
|
pchOpcodeBuf = OpcodeBuffer;
|
|
X86OutputString(&pchOpcodeBuf, dszPAUSE);
|
|
}
|
|
// Fall through.
|
|
default: /* opcode has no operand */
|
|
break;
|
|
}
|
|
|
|
/* secondary action */
|
|
switch (action2)
|
|
{
|
|
case MRM:
|
|
/* generate modrm for later use */
|
|
/* ignore if it has been generated */
|
|
if (!mrm)
|
|
{
|
|
/* generate modrm */
|
|
DIdoModrm(&pchModrmBuf, segOvr, fEAout);
|
|
mrm = TRUE; /* remember its generation */
|
|
}
|
|
break;
|
|
|
|
case COM: /* insert a comma after operand */
|
|
*pchOperandBuf++ = ',';
|
|
break;
|
|
|
|
case END: /* end of instruction */
|
|
end = TRUE;
|
|
break;
|
|
}
|
|
} while (!end); /* loop til end of instruction */
|
|
|
|
/***** prepare disassembled instruction for output *****/
|
|
|
|
// dprintf("EAaddr[] = %08lx\n", (ULONG)Flat(EAaddr[0]));
|
|
|
|
|
|
instlen = (int)(pMem - membuf);
|
|
|
|
if (instlen < cBytes)
|
|
{
|
|
cBytes = instlen;
|
|
}
|
|
|
|
OutputHexCode(&pchResultBuf, membuf, cBytes);
|
|
|
|
if (instlen > cBytes)
|
|
{
|
|
*pchResultBuf++ = '?';
|
|
*pchResultBuf++ = '?';
|
|
// point past unread byte
|
|
AddrAdd(paddr, 1);
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + OBOFFSET);
|
|
X86OutputString(&pchResultBuf, "???\n");
|
|
*pchResultBuf++ = '\0';
|
|
return FALSE;
|
|
}
|
|
|
|
AddrAdd(paddr, instlen);
|
|
|
|
PSTR Mark;
|
|
|
|
// Now that we know the complete size of the instruction
|
|
// we can correctly compute IP-relative absolute addresses.
|
|
*pchOperandBuf = 0;
|
|
if (g_X86ModrmHasIpRelOffset &&
|
|
(Mark = strstr(OperandBuffer, IPREL_MARKER)) != NULL)
|
|
{
|
|
PSTR TailFrom, TailTo;
|
|
ULONG64 IpRelAddr;
|
|
size_t TailLen;
|
|
|
|
// Move the tail of the string to the end of the buffer
|
|
// to make space.
|
|
TailFrom = Mark + sizeof(IPREL_MARKER) - 1;
|
|
TailLen = pchOperandBuf - TailFrom;
|
|
TailTo = OperandBuffer + (sizeof(OperandBuffer) - 1 - TailLen);
|
|
memmove(TailTo, TailFrom, TailLen);
|
|
|
|
// Compute the absolute address from the new IP
|
|
// and the offset and format it into the buffer.
|
|
IpRelAddr = Flat(*paddr) + g_X86IpRelOffset;
|
|
OutputSymbol(&Mark, (PUCHAR)&IpRelAddr, g_SegAddrMode == 64 ? 8 : 4,
|
|
X86_CS_OVR);
|
|
if (Mark < TailTo)
|
|
{
|
|
memmove(Mark, TailTo, TailLen);
|
|
pchOperandBuf = Mark + TailLen;
|
|
}
|
|
else if (Mark >= TailTo + TailLen)
|
|
{
|
|
pchOperandBuf = Mark;
|
|
}
|
|
else
|
|
{
|
|
pchOperandBuf = Mark + (TailLen - (Mark - TailTo));
|
|
}
|
|
}
|
|
|
|
// if fEAout is set, build each EA with trailing space in EABuf
|
|
// point back over final trailing space if buffer nonnull
|
|
|
|
if (fEAout)
|
|
{
|
|
for (indx = 0; indx < 2; indx++)
|
|
{
|
|
if (EAsize[indx])
|
|
{
|
|
X86OutputString(&pchEABuf, segOvr ? distbl[segOvr].instruct
|
|
: pchEAseg[indx]);
|
|
OutputHexAddr(&pchEABuf, &EAaddr[indx]);
|
|
*pchEABuf++ = '=';
|
|
tmp = GetMemString(&EAaddr[indx], membuf, EAsize[indx]);
|
|
if (tmp == EAsize[indx])
|
|
{
|
|
OutputHexString(&pchEABuf, membuf, EAsize[indx]);
|
|
}
|
|
else
|
|
{
|
|
while (EAsize[indx]--)
|
|
{
|
|
*pchEABuf++ = '?';
|
|
*pchEABuf++ = '?';
|
|
}
|
|
}
|
|
*pchEABuf++ = ' ';
|
|
}
|
|
}
|
|
|
|
if (pchEABuf != EABuffer)
|
|
{
|
|
pchEABuf--;
|
|
}
|
|
|
|
switch(JccEa)
|
|
{
|
|
case JCC_EA_NO_BRANCH:
|
|
X86OutputString(&pchEABuf, "[br=0]");
|
|
break;
|
|
case JCC_EA_BRANCH:
|
|
X86OutputString(&pchEABuf, "[br=1]");
|
|
break;
|
|
}
|
|
}
|
|
|
|
// compute lengths of component strings.
|
|
// if the rep string is nonnull,
|
|
// add the opcode string length to the operand
|
|
// make the rep string the opcode string
|
|
|
|
cbOffset = (int)(pchResultBuf - pchDst);
|
|
cbOperand = (int)(pchOperandBuf - OperandBuffer);
|
|
cbOpcode = (int)(pchOpcodeBuf - OpcodeBuffer);
|
|
if (pchRepPrefixBuf != RepPrefixBuffer)
|
|
{
|
|
cbOperand += cbOpcode + (cbOperand != 0);
|
|
cbOpcode = (int)(pchRepPrefixBuf - RepPrefixBuffer);
|
|
}
|
|
cbEAddr = (int)(pchEABuf - EABuffer);
|
|
|
|
// for really long strings, where the opcode and operand
|
|
// will not fit on a 77-character line, make two lines
|
|
// with the opcode on offset 0 on the second line with
|
|
// the operand following after one space
|
|
|
|
//if (cbOpcode + cbOperand > OBLINEEND - 1) {
|
|
// fTwoLines = TRUE;
|
|
// obOpcode = 0;
|
|
// obOperand = cbOpcode + 1;
|
|
// }
|
|
//else {
|
|
|
|
// compute the minimum and maximum offset values for
|
|
// opcode and operand strings.
|
|
// if strings are nonnull, add extra for separating space
|
|
|
|
obOpcodeMin = cbOffset + 1;
|
|
obOperandMin = obOpcodeMin + cbOpcode + 1;
|
|
obOperandMax = OBLINEEND - cbEAddr - (cbEAddr != 0) - cbOperand;
|
|
obOpcodeMax = obOperandMax - (cbOperand != 0) - cbOpcode;
|
|
|
|
// if minimum offset is more than the maximum, the strings
|
|
// will not fit on one line. recompute the min/max
|
|
// values with no offset and EA strings.
|
|
|
|
// if (obOpcodeMin > obOpcodeMax) {
|
|
// fTwoLines = TRUE;
|
|
// obOpcodeMin = 0;
|
|
// obOperandMin = cbOpcode + 1;
|
|
// obOperandMax = OBLINEEND - cbOperand;
|
|
// obOpcodeMax = obOperandMax - (cbOperand != 0) - cbOpcode;
|
|
// }
|
|
|
|
// compute the opcode and operand offsets. set offset as
|
|
// close to the default values as possible.
|
|
|
|
if (obOpcodeMin > OBOFFSET)
|
|
{
|
|
obOpcode = obOpcodeMin;
|
|
}
|
|
else if (obOpcodeMax < OBOFFSET)
|
|
{
|
|
obOpcode = obOpcodeMax;
|
|
}
|
|
|
|
obOperandMin = obOpcode + cbOpcode + 1;
|
|
|
|
if (obOperandMin > OBOPERAND)
|
|
{
|
|
obOperand = obOperandMin;
|
|
}
|
|
else if (obOperandMax < OBOPERAND)
|
|
{
|
|
obOperand = obOperandMax;
|
|
}
|
|
// }
|
|
|
|
// build the resultant string with the offsets computed
|
|
|
|
// if two lines are to be output,
|
|
// append the EAddr string
|
|
// output a new line and reset the pointer
|
|
|
|
if (fTwoLines)
|
|
{
|
|
if (pchEABuf != EABuffer)
|
|
{
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + OBLINEEND - cbEAddr);
|
|
*pchEABuf = '\0';
|
|
X86OutputString(&pchResultBuf, EABuffer);
|
|
}
|
|
*pchResultBuf++ = '\n';
|
|
pchDst = pchResultBuf;
|
|
}
|
|
|
|
// output rep, opcode, and operand strings
|
|
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + obOpcode);
|
|
|
|
if (pchRepPrefixBuf != RepPrefixBuffer)
|
|
{
|
|
*pchRepPrefixBuf = '\0';
|
|
X86OutputString(&pchResultBuf, RepPrefixBuffer);
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + obOperand);
|
|
}
|
|
|
|
*pchOpcodeBuf = '\0';
|
|
X86OutputString(&pchResultBuf, OpcodeBuffer);
|
|
|
|
if (pchOperandBuf != OperandBuffer)
|
|
{
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + obOperand);
|
|
*pchOperandBuf = '\0';
|
|
X86OutputString(&pchResultBuf, OperandBuffer);
|
|
}
|
|
|
|
// if one line is to be output, append the EAddr string
|
|
|
|
if (!fTwoLines && pchEABuf != EABuffer)
|
|
{
|
|
*pchEABuf = '\0';
|
|
do
|
|
{
|
|
*pchResultBuf++ = ' ';
|
|
} while (pchResultBuf < pchDst + OBLINEEND - cbEAddr);
|
|
X86OutputString(&pchResultBuf, EABuffer);
|
|
}
|
|
|
|
*pchResultBuf++ = '\n';
|
|
*pchResultBuf = '\0';
|
|
return TRUE;
|
|
}
|
|
|
|
void
|
|
BaseX86MachineInfo::GetNextOffset(BOOL StepOver,
|
|
PADDR NextAddr, PULONG NextMachine)
|
|
{
|
|
int cBytes;
|
|
UCHAR membuf[X86_MAX_INSTRUCTION_LEN]; // current instruction buffer
|
|
UCHAR *pMem;
|
|
UCHAR opcode;
|
|
int fPrefix = TRUE;
|
|
int fRepPrefix = FALSE;
|
|
int ttt;
|
|
int rm;
|
|
ULONG64 instroffset;
|
|
int subcode;
|
|
|
|
// NextMachine is always the same.
|
|
*NextMachine = m_ExecTypes[0];
|
|
|
|
// read instruction stream bytes into membuf and set mode and
|
|
// opcode size flags
|
|
|
|
GetPC(NextAddr);
|
|
instroffset = Flat(*NextAddr);
|
|
GetSegAddrOpSizes(this, NextAddr);
|
|
|
|
/* move full inst to local buffer */
|
|
cBytes = (int)GetMemString(NextAddr, membuf, X86_MAX_INSTRUCTION_LEN);
|
|
|
|
// Ensure that membuf is padded with innocuous bytes in
|
|
// the section that wasn't read.
|
|
if (cBytes < X86_MAX_INSTRUCTION_LEN)
|
|
{
|
|
memset(membuf + cBytes, 0xcc, X86_MAX_INSTRUCTION_LEN - cBytes);
|
|
}
|
|
|
|
/* point to begin of instruction */
|
|
pMem = membuf;
|
|
|
|
// read and process any prefixes first
|
|
|
|
do
|
|
{
|
|
opcode = *pMem++; /* get opcode */
|
|
if (opcode == 0x66)
|
|
{
|
|
OverrideOpSize(opcode);
|
|
}
|
|
else if (m_ExecTypes[0] == IMAGE_FILE_MACHINE_AMD64 &&
|
|
opcode >= 0x40 && opcode <= 0x4f)
|
|
{
|
|
ExtendOps(opcode);
|
|
}
|
|
else if (opcode == 0x67)
|
|
{
|
|
OverrideAddrMode();
|
|
}
|
|
else if ((opcode & ~1) == 0xf2)
|
|
{
|
|
fRepPrefix = TRUE;
|
|
}
|
|
else if (opcode != 0xf0 && (opcode & ~0x18) != 0x26 &&
|
|
(opcode & ~1) != 0x64)
|
|
{
|
|
fPrefix = FALSE;
|
|
}
|
|
} while (fPrefix);
|
|
|
|
// for instructions that alter the TF (trace flag), return the
|
|
// offset of the next instruction despite the flag of StepOver
|
|
|
|
if (((opcode & ~0x3) == 0x9c) && !g_WatchTrace)
|
|
{
|
|
// 9c-9f, pushf, popf, sahf, lahf
|
|
;
|
|
}
|
|
else if (opcode == 0xcf)
|
|
{
|
|
ULONG64 RetAddr[2];
|
|
ADDR Sp;
|
|
ULONG Seg;
|
|
|
|
// cf - iret - get RA from stack
|
|
FormSegRegAddress(&Sp, SEGREG_STACK, GetReg64(X86_NSP));
|
|
|
|
if (GetMemString(&Sp, RetAddr, g_SegAddrMode / 4) !=
|
|
(ULONG)g_SegAddrMode / 4)
|
|
{
|
|
error(MEMORY);
|
|
}
|
|
|
|
Seg = *(PUSHORT)((PUCHAR)RetAddr + g_SegAddrMode / 8);
|
|
switch(g_SegAddrMode)
|
|
{
|
|
case 16:
|
|
instroffset = EXTEND64(*(PUSHORT)RetAddr);
|
|
break;
|
|
case 32:
|
|
instroffset = EXTEND64(*(PULONG)RetAddr);
|
|
break;
|
|
case 64:
|
|
instroffset = RetAddr[0];
|
|
break;
|
|
}
|
|
|
|
FormSelAddress(NextAddr, Seg, instroffset);
|
|
ComputeFlatAddress(NextAddr, NULL);
|
|
return;
|
|
}
|
|
else if (opcode == 0xc4 && *pMem == 0xc4)
|
|
{
|
|
subcode = *(pMem+1);
|
|
if ( subcode == 0x50 ||
|
|
subcode == 0x52 ||
|
|
subcode == 0x53 ||
|
|
subcode == 0x54 ||
|
|
subcode == 0x57 ||
|
|
subcode == 0x58 ||
|
|
subcode == 0x5D )
|
|
{
|
|
pMem += 3;
|
|
}
|
|
else
|
|
{
|
|
pMem += 2;
|
|
}
|
|
}
|
|
else if (!StepOver)
|
|
{
|
|
// if tracing just return OFFSET_TRACE to trace
|
|
instroffset = OFFSET_TRACE;
|
|
}
|
|
else if (opcode == 0xe8)
|
|
{
|
|
// near direct jump
|
|
pMem += g_OpSize > 16 ? 4 : 2;
|
|
}
|
|
else if (opcode == 0x9a)
|
|
{
|
|
// far direct jump
|
|
pMem += g_OpSize > 16 ? 6 : 4;
|
|
}
|
|
else if (opcode == 0xcd ||
|
|
(opcode >= 0xe0 && opcode <= 0xe2))
|
|
{
|
|
// loop / int nn instrs
|
|
pMem++;
|
|
}
|
|
else if (opcode == 0xff)
|
|
{
|
|
// indirect call - compute length
|
|
opcode = *pMem++; // get modRM
|
|
ttt = BIT53(opcode);
|
|
if ((ttt & ~1) == 2)
|
|
{
|
|
mod = BIT76(opcode);
|
|
if (mod != 3)
|
|
{
|
|
// nonregister operand
|
|
rm = BIT20(opcode);
|
|
if (g_AddrMode > 16)
|
|
{
|
|
if (rm == 4)
|
|
{
|
|
rm = BIT20(*pMem++); // get base from SIB
|
|
}
|
|
if (mod == 0)
|
|
{
|
|
if (rm == 5)
|
|
{
|
|
pMem += 4; // long direct address
|
|
} // else register
|
|
}
|
|
else if (mod == 1)
|
|
{
|
|
pMem++; // register with byte offset
|
|
}
|
|
else
|
|
{
|
|
pMem += 4; // register with long offset
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// 16-bit mode
|
|
if (mod == 0)
|
|
{
|
|
if (rm == 6)
|
|
{
|
|
pMem += 2; // short direct address
|
|
}
|
|
}
|
|
else
|
|
{
|
|
pMem += mod; // reg, byte, word offset
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
instroffset = OFFSET_TRACE; // 0xff, but not call
|
|
}
|
|
}
|
|
else if (!((fRepPrefix && ((opcode & ~3) == 0x6c ||
|
|
(opcode & ~3) == 0xa4 ||
|
|
(opcode & ~1) == 0xaa ||
|
|
(opcode & ~3) == 0xac)) ||
|
|
opcode == 0xcc || opcode == 0xce))
|
|
{
|
|
instroffset = OFFSET_TRACE; // not repeated string op
|
|
} // or int 3 / into
|
|
|
|
// if not enough bytes were read for instruction parse,
|
|
// just give up and trace the instruction
|
|
|
|
if (cBytes < pMem - (PUCHAR)membuf)
|
|
{
|
|
instroffset = OFFSET_TRACE;
|
|
}
|
|
|
|
// if not tracing, compute the new instruction offset
|
|
|
|
if (instroffset != OFFSET_TRACE)
|
|
{
|
|
instroffset += pMem - (PUCHAR)membuf;
|
|
}
|
|
|
|
Flat(*NextAddr) = instroffset;
|
|
ComputeNativeAddress(NextAddr);
|
|
}
|
|
|
|
/*...........................internal function..............................*/
|
|
/* */
|
|
/* generate a mod/rm string */
|
|
/* */
|
|
|
|
void
|
|
BaseX86MachineInfo::DIdoModrm (char **ppchBuf, int segOvr, BOOL fEAout)
|
|
{
|
|
int mrm; /* modrm byte */
|
|
char *src; /* source string */
|
|
int sib;
|
|
int ss;
|
|
int ind;
|
|
int oldrm;
|
|
|
|
mrm = *pMem++; /* get the mrm byte from instruction */
|
|
mod = BIT76(mrm); /* get mod */
|
|
ttt = BIT53(mrm) + g_ExtendMrmReg; /* get reg - used outside routine */
|
|
rm = BIT20(mrm); /* get rm */
|
|
|
|
if (mod == 3)
|
|
{
|
|
rm += g_ExtendRm;
|
|
|
|
/* register only mode */
|
|
if (g_XmmRegEa)
|
|
{
|
|
*(*ppchBuf)++ = 'x';
|
|
*(*ppchBuf)++ = 'm';
|
|
*(*ppchBuf)++ = 'm';
|
|
if (rm >= 10)
|
|
{
|
|
*(*ppchBuf)++ = (char)('0' + rm / 10);
|
|
rm %= 10;
|
|
}
|
|
*(*ppchBuf)++ = rm + '0';
|
|
}
|
|
else if (g_MmRegEa)
|
|
{
|
|
*(*ppchBuf)++ = 'm';
|
|
*(*ppchBuf)++ = 'm';
|
|
*(*ppchBuf)++ = rm + '0';
|
|
}
|
|
else
|
|
{
|
|
if (EAsize[0] == 1)
|
|
{
|
|
/* point to 8-bit register */
|
|
if (g_ExtendAny && rm < 8)
|
|
{
|
|
src = g_Amd64ExtendedReg8[rm];
|
|
}
|
|
else
|
|
{
|
|
src = g_X86Reg8[rm];
|
|
}
|
|
X86OutputString(ppchBuf, src);
|
|
}
|
|
else
|
|
{
|
|
src = g_X86RegBase[rm];
|
|
if (g_ForceMrmReg32)
|
|
{
|
|
*(*ppchBuf)++ = 'e';
|
|
}
|
|
else if (g_OpSize > 16 && !g_MovX)
|
|
{
|
|
/* make it a 32- or 64-bit register */
|
|
*(*ppchBuf)++ = (rm >= 8 || g_OpSize == 64 && !g_MovSXD) ?
|
|
'r' : 'e';
|
|
}
|
|
X86OutputString(ppchBuf, src);
|
|
if (rm >= 8)
|
|
{
|
|
if (g_OpSize == 32)
|
|
{
|
|
*(*ppchBuf)++ = 'd';
|
|
}
|
|
else if (g_OpSize == 16)
|
|
{
|
|
*(*ppchBuf)++ = 'w';
|
|
}
|
|
}
|
|
|
|
if (g_ControlFlow && fEAout)
|
|
{
|
|
// This is a call/jmp through a register.
|
|
// Output a code symbol for the target.
|
|
ULONG64 Target = GetReg64(g_X86RegIdx[rm]);
|
|
*(*ppchBuf)++ = ' ';
|
|
*(*ppchBuf)++ = '{';
|
|
OutputSymbol(ppchBuf, (PUCHAR)&Target, g_OpSize / 8,
|
|
X86_CS_OVR);
|
|
*(*ppchBuf)++ = '}';
|
|
}
|
|
}
|
|
}
|
|
EAsize[0] = 0; // no EA value to output
|
|
return;
|
|
}
|
|
|
|
if (g_AddrMode == 64)
|
|
{
|
|
oldrm = rm;
|
|
if (rm == 4)
|
|
{
|
|
/* rm == 4 implies sib byte */
|
|
sib = *pMem++; /* get s_i_b byte */
|
|
rm = BIT20(sib);
|
|
}
|
|
|
|
*(*ppchBuf)++ = '[';
|
|
if (mod == 0 && rm == 5)
|
|
{
|
|
if (g_SegAddrMode == 64 && oldrm == 5)
|
|
{
|
|
// IP-relative 32-bit displacement. The
|
|
// displacement is relative to the IP of the
|
|
// next instruction, which can't be computed
|
|
// yet so just put in a marker for post-processing.
|
|
g_X86ModrmHasIpRelOffset = TRUE;
|
|
g_X86IpRelOffset = *(LONG UNALIGNED *)pMem;
|
|
X86OutputString(ppchBuf, IPREL_MARKER);
|
|
}
|
|
else
|
|
{
|
|
// Absolute 32-bit displacement.
|
|
OutputSymbol(ppchBuf, pMem, 4, segOvr);
|
|
}
|
|
|
|
pMem += 4;
|
|
}
|
|
else
|
|
{
|
|
rm += g_ExtendRm;
|
|
|
|
if (fEAout)
|
|
{
|
|
if (segOvr)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], GetSegReg(segOvr),
|
|
GetReg64(g_X86RegIdx[rm]));
|
|
pchEAseg[0] = distbl[segOvr].instruct;
|
|
}
|
|
else if (g_X86RegIdx[rm] == X86_NBP ||
|
|
g_X86RegIdx[rm] == X86_NSP)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_STACK,
|
|
GetReg64(g_X86RegIdx[rm]));
|
|
pchEAseg[0] = dszSS_;
|
|
}
|
|
else
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_DATA,
|
|
GetReg64(g_X86RegIdx[rm]));
|
|
}
|
|
}
|
|
X86OutputString(ppchBuf, g_X86Mrm64[rm]);
|
|
}
|
|
|
|
if (oldrm == 4)
|
|
{
|
|
// finish processing sib
|
|
ind = BIT53(sib);
|
|
if (ind != 4)
|
|
{
|
|
ind += g_ExtendSibIndex;
|
|
*(*ppchBuf)++ = '+';
|
|
X86OutputString(ppchBuf, g_X86Mrm64[ind]);
|
|
ss = 1 << BIT76(sib);
|
|
if (ss != 1)
|
|
{
|
|
*(*ppchBuf)++ = '*';
|
|
*(*ppchBuf)++ = (char)(ss + '0');
|
|
}
|
|
if (fEAout)
|
|
{
|
|
AddrAdd(&EAaddr[0], GetReg64(g_X86RegIdx[ind]) * ss);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else if (g_AddrMode == 32)
|
|
{
|
|
oldrm = rm;
|
|
if (rm == 4)
|
|
{
|
|
/* rm == 4 implies sib byte */
|
|
sib = *pMem++; /* get s_i_b byte */
|
|
rm = BIT20(sib);
|
|
}
|
|
|
|
*(*ppchBuf)++ = '[';
|
|
if (mod == 0 && rm == 5)
|
|
{
|
|
if (g_SegAddrMode == 64 && oldrm == 5)
|
|
{
|
|
// IP-relative 32-bit displacement. The
|
|
// displacement is relative to the IP of the
|
|
// next instruction, which can't be computed
|
|
// yet so just put in a marker for post-processing.
|
|
g_X86ModrmHasIpRelOffset = TRUE;
|
|
g_X86IpRelOffset = *(LONG UNALIGNED *)pMem;
|
|
X86OutputString(ppchBuf, IPREL_MARKER);
|
|
}
|
|
else
|
|
{
|
|
// Absolute 32-bit displacement.
|
|
OutputSymbol(ppchBuf, pMem, 4, segOvr);
|
|
}
|
|
|
|
pMem += 4;
|
|
}
|
|
else
|
|
{
|
|
rm += g_ExtendRm;
|
|
|
|
if (fEAout)
|
|
{
|
|
if (segOvr)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], GetSegReg(segOvr),
|
|
EXTEND64(GetReg32(g_X86RegIdx[rm])));
|
|
pchEAseg[0] = distbl[segOvr].instruct;
|
|
}
|
|
else if (g_X86RegIdx[rm] == X86_NBP ||
|
|
g_X86RegIdx[rm] == X86_NSP)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_STACK,
|
|
EXTEND64(GetReg32(g_X86RegIdx[rm])));
|
|
pchEAseg[0] = dszSS_;
|
|
}
|
|
else
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_DATA,
|
|
EXTEND64(GetReg32(g_X86RegIdx[rm])));
|
|
}
|
|
}
|
|
X86OutputString(ppchBuf, g_X86Mrm32[rm]);
|
|
}
|
|
|
|
if (oldrm == 4)
|
|
{
|
|
// finish processing sib
|
|
ind = BIT53(sib);
|
|
if (ind != 4)
|
|
{
|
|
ind += g_ExtendSibIndex;
|
|
*(*ppchBuf)++ = '+';
|
|
X86OutputString(ppchBuf, g_X86Mrm32[ind]);
|
|
ss = 1 << BIT76(sib);
|
|
if (ss != 1)
|
|
{
|
|
*(*ppchBuf)++ = '*';
|
|
*(*ppchBuf)++ = (char)(ss + '0');
|
|
}
|
|
if (fEAout)
|
|
{
|
|
AddrAdd(&EAaddr[0],
|
|
EXTEND64(GetReg32(g_X86RegIdx[ind])) * ss);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// 16-bit addressing mode
|
|
*(*ppchBuf)++ = '[';
|
|
if (mod == 0 && rm == 6)
|
|
{
|
|
OutputSymbol(ppchBuf, pMem, 2, segOvr); // 16-bit offset
|
|
pMem += 2;
|
|
}
|
|
else
|
|
{
|
|
if (fEAout)
|
|
{
|
|
if (segOvr)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], GetSegReg(segOvr),
|
|
GetReg16(g_X86Reg16Idx[rm]));
|
|
pchEAseg[0] = distbl[segOvr].instruct;
|
|
}
|
|
else if (g_X86Reg16Idx[rm] == X86_NBP)
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_STACK,
|
|
GetReg16(g_X86Reg16Idx[rm]));
|
|
pchEAseg[0] = dszSS_;
|
|
}
|
|
else
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], SEGREG_DATA,
|
|
GetReg16(g_X86Reg16Idx[rm]));
|
|
}
|
|
if (rm < 4)
|
|
{
|
|
AddrAdd(&EAaddr[0], GetReg16(g_X86Reg16Idx2[rm]));
|
|
}
|
|
}
|
|
X86OutputString(ppchBuf, g_X86Mrm16[rm]);
|
|
}
|
|
}
|
|
|
|
// output any displacement
|
|
|
|
if (mod == 1)
|
|
{
|
|
if (fEAout)
|
|
{
|
|
AddrAdd(&EAaddr[0], (long)*(char *)pMem);
|
|
}
|
|
OutputHexValue(ppchBuf, pMem, 1, TRUE);
|
|
pMem++;
|
|
}
|
|
else if (mod == 2)
|
|
{
|
|
long tmp = 0;
|
|
if (g_AddrMode > 16)
|
|
{
|
|
memmove(&tmp,pMem,sizeof(long));
|
|
if (fEAout)
|
|
{
|
|
AddrAdd(&EAaddr[0], tmp);
|
|
}
|
|
OutputHexValue(ppchBuf, pMem, 4, TRUE);
|
|
pMem += 4;
|
|
}
|
|
else
|
|
{
|
|
memmove(&tmp,pMem,sizeof(short));
|
|
if (fEAout)
|
|
{
|
|
AddrAdd(&EAaddr[0], tmp);
|
|
}
|
|
OutputHexValue(ppchBuf, pMem, 2, TRUE);
|
|
pMem += 2;
|
|
}
|
|
}
|
|
|
|
if (g_AddrMode == 16 && fEAout)
|
|
{
|
|
Off(EAaddr[0]) &= 0xffff;
|
|
NotFlat(EAaddr[0]);
|
|
Off(EAaddr[1]) &= 0xffff;
|
|
NotFlat(EAaddr[1]);
|
|
ComputeFlatAddress(&EAaddr[0], NULL);
|
|
ComputeFlatAddress(&EAaddr[1], NULL);
|
|
}
|
|
|
|
*(*ppchBuf)++ = ']';
|
|
|
|
// The value at the effective address may be pointing to an interesting
|
|
// symbol, as with indirect jumps or memory operations.
|
|
// If there's an EA and an exact symbol match, display
|
|
// the extra symbol.
|
|
if (fEAout)
|
|
{
|
|
DWORD64 symbol;
|
|
|
|
if (g_Target->ReadPointer(this, Flat(EAaddr[0]), &symbol) == S_OK)
|
|
{
|
|
char* pchBuf = *ppchBuf;
|
|
|
|
(*ppchBuf)++;
|
|
if (OutputExactSymbol(ppchBuf, (PUCHAR)&symbol,
|
|
m_Ptr64 ? 8 : 4, segOvr))
|
|
{
|
|
*pchBuf = '{';
|
|
*(*ppchBuf)++ = '}';
|
|
}
|
|
else
|
|
{
|
|
(*ppchBuf)--;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
LONGLONG
|
|
GetSignExtendedValue(int OpLen, PUCHAR Mem)
|
|
{
|
|
switch(OpLen)
|
|
{
|
|
case 1:
|
|
return *(char *)Mem;
|
|
case 2:
|
|
return *(short UNALIGNED *)Mem;
|
|
case 4:
|
|
return *(long UNALIGNED *)Mem;
|
|
case 8:
|
|
return *(LONGLONG UNALIGNED *)Mem;
|
|
}
|
|
|
|
DBG_ASSERT(FALSE);
|
|
return 0;
|
|
}
|
|
|
|
/*** OutputHexValue - output hex value
|
|
* 07-Jun-1999 -by- Andre Vachon
|
|
* Purpose:
|
|
* Output the value pointed by *ppchBuf of the specified
|
|
* length. The value is treated as signed and leading
|
|
* zeroes are not printed. The string is prefaced by a
|
|
* '+' or '-' sign as appropriate.
|
|
*
|
|
* Input:
|
|
* *ppchBuf - pointer to text buffer to fill
|
|
* *pchMemBuf - pointer to memory buffer to extract value
|
|
* length - length in bytes of value (1, 2, and 4 supported)
|
|
* fDisp - set if displacement to output '+'
|
|
*
|
|
* Output:
|
|
* *ppchBuf - pointer updated to next text character
|
|
*
|
|
*************************************************************************/
|
|
|
|
void
|
|
OutputHexValue (char **ppchBuf, PUCHAR pchMemBuf, int length, int fDisp)
|
|
{
|
|
LONGLONG value;
|
|
int index;
|
|
char digit[32];
|
|
|
|
value = GetSignExtendedValue(length, pchMemBuf);
|
|
|
|
length <<= 1; // shift once to get hex length
|
|
|
|
if (value != 0 || !fDisp)
|
|
{
|
|
if (fDisp)
|
|
{
|
|
// use neg value for byte displacement
|
|
// assume very large DWORDs are negative too
|
|
if (value < 0 &&
|
|
(length == 2 ||
|
|
((unsigned long)value & 0xff000000) == 0xff000000))
|
|
{
|
|
value = -value;
|
|
*(*ppchBuf)++ = '-';
|
|
}
|
|
else
|
|
{
|
|
*(*ppchBuf)++ = '+';
|
|
}
|
|
}
|
|
|
|
*(*ppchBuf)++ = '0';
|
|
*(*ppchBuf)++ = 'x';
|
|
for (index = length - 1; index != -1; index--)
|
|
{
|
|
digit[index] = (char)(value & 0xf);
|
|
value >>= 4;
|
|
}
|
|
index = 0;
|
|
while (digit[index] == 0 && index < length - 1)
|
|
{
|
|
index++;
|
|
}
|
|
while (index < length)
|
|
{
|
|
*(*ppchBuf)++ = hexdigit[digit[index++]];
|
|
}
|
|
}
|
|
}
|
|
|
|
void
|
|
OutputExHexValue(char **ppchBuf, PUCHAR pchMemBuf, int MemLen, int OpLen)
|
|
{
|
|
LONGLONG Value = GetSignExtendedValue(MemLen, pchMemBuf);
|
|
OutputHexValue(ppchBuf, (PUCHAR)&Value, OpLen, FALSE);
|
|
}
|
|
|
|
/*** OutputHexString - output hex string
|
|
*
|
|
* Purpose:
|
|
* Output the value pointed by *ppchMemBuf of the specified
|
|
* length. The value is treated as unsigned and leading
|
|
* zeroes are printed.
|
|
*
|
|
* Input:
|
|
* *ppchBuf - pointer to text buffer to fill
|
|
* *pchValue - pointer to memory buffer to extract value
|
|
* length - length in bytes of value
|
|
*
|
|
* Output:
|
|
* *ppchBuf - pointer updated to next text character
|
|
* *ppchMemBuf - pointer update to next memory byte
|
|
*
|
|
*************************************************************************/
|
|
|
|
void
|
|
OutputHexString (char **ppchBuf, PUCHAR pchValue, int length)
|
|
{
|
|
UCHAR chMem;
|
|
|
|
pchValue += length;
|
|
while (length--)
|
|
{
|
|
chMem = *--pchValue;
|
|
*(*ppchBuf)++ = hexdigit[chMem >> 4];
|
|
*(*ppchBuf)++ = hexdigit[chMem & 0x0f];
|
|
}
|
|
}
|
|
|
|
/*** OutputHexCode - output hex code
|
|
*
|
|
* Purpose:
|
|
* Output the code pointed by pchMemBuf of the specified
|
|
* length. The value is treated as unsigned and leading
|
|
* zeroes are printed. This differs from OutputHexString
|
|
* in that bytes are printed from low to high addresses.
|
|
*
|
|
* Input:
|
|
* *ppchBuf - pointer to text buffer to fill
|
|
* pchMemBuf - pointer to memory buffer to extract value
|
|
* length - length in bytes of value
|
|
*
|
|
* Output:
|
|
* *ppchBuf - pointer updated to next text character
|
|
*
|
|
*************************************************************************/
|
|
|
|
void OutputHexCode (char **ppchBuf, PUCHAR pchMemBuf, int length)
|
|
{
|
|
UCHAR chMem;
|
|
|
|
while (length--)
|
|
{
|
|
chMem = *pchMemBuf++;
|
|
*(*ppchBuf)++ = hexdigit[chMem >> 4];
|
|
*(*ppchBuf)++ = hexdigit[chMem & 0x0f];
|
|
}
|
|
}
|
|
|
|
/*** X86OutputString - output string
|
|
*
|
|
* Purpose:
|
|
* Copy the string into the buffer pointed by *ppBuf.
|
|
*
|
|
* Input:
|
|
* *pStr - pointer to string
|
|
*
|
|
* Output:
|
|
* *ppBuf points to next character in buffer.
|
|
*
|
|
*************************************************************************/
|
|
|
|
void
|
|
X86OutputString (
|
|
char **ppBuf,
|
|
char *pStr
|
|
)
|
|
{
|
|
while (*pStr)
|
|
{
|
|
*(*ppBuf)++ = *pStr++;
|
|
}
|
|
}
|
|
|
|
|
|
/*** OutputSymbol - output symbolic value
|
|
*
|
|
* Purpose:
|
|
* Output the value in outvalue into the buffer
|
|
* pointed by *pBuf. Express the value as a
|
|
* symbol plus displacment, if possible.
|
|
*
|
|
* Input:
|
|
* *ppBuf - pointer to text buffer to fill
|
|
* *pValue - pointer to memory buffer to extract value
|
|
* length - length in bytes of value
|
|
*
|
|
* Output:
|
|
* *ppBuf - pointer updated to next text character
|
|
*
|
|
*************************************************************************/
|
|
|
|
void
|
|
BaseX86MachineInfo::OutputSymbol (
|
|
char **ppBuf,
|
|
PUCHAR pValue,
|
|
int length,
|
|
int segOvr
|
|
)
|
|
{
|
|
CHAR chSymbol[MAX_SYMBOL_LEN];
|
|
ULONG64 displacement;
|
|
ULONG64 value;
|
|
|
|
value = 0;
|
|
memcpy(&value, pValue, length);
|
|
if (length == 4)
|
|
{
|
|
value = EXTEND64(value);
|
|
}
|
|
|
|
if (IS_CONTEXT_ACCESSIBLE())
|
|
{
|
|
FormSegRegAddress(&EAaddr[0], GetSegReg(segOvr), value);
|
|
value = Flat(EAaddr[0]);
|
|
}
|
|
|
|
GetSymbolStdCall(value, chSymbol, sizeof(chSymbol), &displacement, NULL);
|
|
if (chSymbol[0])
|
|
{
|
|
X86OutputString(ppBuf, chSymbol);
|
|
OutputHexValue(ppBuf, (PUCHAR)&displacement, length, TRUE);
|
|
*(*ppBuf)++ = ' ';
|
|
*(*ppBuf)++ = '(';
|
|
OutputHexString(ppBuf, pValue, length);
|
|
*(*ppBuf)++ = ')';
|
|
}
|
|
else
|
|
{
|
|
OutputHexString(ppBuf, pValue, length);
|
|
}
|
|
}
|
|
|
|
/*** OutputExactSymbol - Output symbolic value only for exact symbol
|
|
* matches.
|
|
*
|
|
*************************************************************************/
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::OutputExactSymbol (
|
|
char **ppBuf,
|
|
PUCHAR pValue,
|
|
int length,
|
|
int segOvr
|
|
)
|
|
{
|
|
CHAR chSymbol[MAX_SYMBOL_LEN];
|
|
ULONG64 displacement;
|
|
ULONG64 value;
|
|
|
|
value = 0;
|
|
memcpy(&value, pValue, length);
|
|
if (length == 4)
|
|
{
|
|
value = EXTEND64(value);
|
|
}
|
|
|
|
GetSymbolStdCall(value, chSymbol, sizeof(chSymbol), &displacement, NULL);
|
|
if (chSymbol[0] && displacement == 0)
|
|
{
|
|
X86OutputString(ppBuf, chSymbol);
|
|
OutputHexValue(ppBuf, (PUCHAR)&displacement, length, TRUE);
|
|
*(*ppBuf)++ = ' ';
|
|
*(*ppBuf)++ = '(';
|
|
OutputHexString(ppBuf, pValue, length);
|
|
*(*ppBuf)++ = ')';
|
|
return TRUE;
|
|
}
|
|
else
|
|
{
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
void
|
|
OutputHexAddr(PSTR *ppBuffer, PADDR paddr)
|
|
{
|
|
sprintAddr(ppBuffer, paddr);
|
|
// Remove trailing space.
|
|
(*ppBuffer)--;
|
|
**ppBuffer = 0;
|
|
}
|
|
|
|
ULONG
|
|
BaseX86MachineInfo::GetSegReg(int SegOpcode)
|
|
{
|
|
switch(SegOpcode)
|
|
{
|
|
case 0x26:
|
|
return SEGREG_ES;
|
|
case X86_CS_OVR:
|
|
return SEGREG_CODE;
|
|
case 0x36:
|
|
return SEGREG_STACK;
|
|
case 0x64:
|
|
return SEGREG_FS;
|
|
case 0x65:
|
|
return SEGREG_GS;
|
|
case 0x3e:
|
|
default:
|
|
return SEGREG_DATA;
|
|
}
|
|
}
|
|
|
|
int
|
|
BaseX86MachineInfo::ComputeJccEa(int Opcode, BOOL EaOut)
|
|
{
|
|
if (!EaOut)
|
|
{
|
|
return JCC_EA_NONE;
|
|
}
|
|
|
|
ULONG Flags;
|
|
int Branch;
|
|
|
|
if ((Opcode >= 0x70 && Opcode <= 0x7f) ||
|
|
(Opcode >= 0x180 && Opcode <= 0x18f))
|
|
{
|
|
int Table = (Opcode >> 1) & 7;
|
|
|
|
Flags = GetReg32(X86_NFL);
|
|
Branch = Opcode & 1;
|
|
if ((Flags & g_JccCheckTable[Table][0]) != 0 ||
|
|
((Flags >> g_JccCheckTable[Table][1]) & 1) !=
|
|
((Flags >> g_JccCheckTable[Table][2]) & 1))
|
|
{
|
|
Branch ^= 1;
|
|
}
|
|
|
|
return JCC_EA_NO_BRANCH + Branch;
|
|
}
|
|
else
|
|
{
|
|
ULONG64 Cx = GetReg64(X86_NCX);
|
|
switch(g_OpSize)
|
|
{
|
|
case 16:
|
|
Cx &= 0xffff;
|
|
break;
|
|
case 32:
|
|
Cx &= 0xffffffff;
|
|
break;
|
|
}
|
|
|
|
switch(Opcode)
|
|
{
|
|
case 0xe0: // LOOPNE.
|
|
Flags = GetReg32(X86_NFL);
|
|
Branch = (Flags & X86_BIT_FLAGZF) == 0 && Cx != 1 ?
|
|
JCC_EA_BRANCH : JCC_EA_NO_BRANCH;
|
|
break;
|
|
case 0xe1: // LOOPE.
|
|
Flags = GetReg32(X86_NFL);
|
|
Branch = (Flags & X86_BIT_FLAGZF) != 0 && Cx != 1 ?
|
|
JCC_EA_BRANCH : JCC_EA_NO_BRANCH;
|
|
break;
|
|
case 0xe2: // LOOP.
|
|
Branch = Cx == 1 ? JCC_EA_NO_BRANCH : JCC_EA_BRANCH;
|
|
break;
|
|
case 0xe3: // J*CXZ.
|
|
Branch = Cx == 0 ? JCC_EA_BRANCH : JCC_EA_NO_BRANCH;
|
|
break;
|
|
default:
|
|
DBG_ASSERT(FALSE);
|
|
Branch = JCC_EA_NONE;
|
|
break;
|
|
}
|
|
|
|
return Branch;
|
|
}
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::IsBreakpointInstruction(PADDR Addr)
|
|
{
|
|
UCHAR Instr[X86_INT3_LEN];
|
|
|
|
if (GetMemString(Addr, Instr, X86_INT3_LEN) != X86_INT3_LEN)
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
return !memcmp(Instr, g_X86Int3, X86_INT3_LEN);
|
|
}
|
|
|
|
HRESULT
|
|
BaseX86MachineInfo::InsertBreakpointInstruction(PUSER_DEBUG_SERVICES Services,
|
|
ULONG64 Process,
|
|
ULONG64 Offset,
|
|
PUCHAR SaveInstr,
|
|
PULONG64 ChangeStart,
|
|
PULONG ChangeLen)
|
|
{
|
|
if ((g_TargetMachineType != IMAGE_FILE_MACHINE_I386) &&
|
|
(g_Wow64exts != NULL))
|
|
{
|
|
PPROCESS_INFO ProcInfo = FindProcessByHandle(Process);
|
|
if (ProcInfo != NULL)
|
|
{
|
|
(*g_Wow64exts)(WOW64EXTS_FLUSH_CACHE_WITH_HANDLE,
|
|
(ULONG64)ProcInfo->Handle, Offset, X86_INT3_LEN);
|
|
}
|
|
}
|
|
|
|
*ChangeStart = Offset;
|
|
*ChangeLen = X86_INT3_LEN;
|
|
|
|
ULONG Done;
|
|
HRESULT Status;
|
|
|
|
Status = Services->ReadVirtual(Process, Offset, SaveInstr,
|
|
X86_INT3_LEN, &Done);
|
|
if (Status == S_OK && Done != X86_INT3_LEN)
|
|
{
|
|
Status = HRESULT_FROM_WIN32(ERROR_READ_FAULT);
|
|
}
|
|
|
|
if (Status == S_OK)
|
|
{
|
|
Status = Services->WriteVirtual(Process, Offset, g_X86Int3,
|
|
X86_INT3_LEN, &Done);
|
|
if (Status == S_OK && Done != X86_INT3_LEN)
|
|
{
|
|
Status = HRESULT_FROM_WIN32(ERROR_WRITE_FAULT);
|
|
}
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
HRESULT
|
|
BaseX86MachineInfo::RemoveBreakpointInstruction(PUSER_DEBUG_SERVICES Services,
|
|
ULONG64 Process,
|
|
ULONG64 Offset,
|
|
PUCHAR SaveInstr,
|
|
PULONG64 ChangeStart,
|
|
PULONG ChangeLen)
|
|
{
|
|
if ((g_TargetMachineType != IMAGE_FILE_MACHINE_I386) &&
|
|
(g_Wow64exts != NULL))
|
|
{
|
|
PPROCESS_INFO ProcInfo = FindProcessByHandle(Process);
|
|
if (ProcInfo != NULL)
|
|
{
|
|
(*g_Wow64exts)(WOW64EXTS_FLUSH_CACHE_WITH_HANDLE,
|
|
(ULONG64)ProcInfo->Handle, Offset, X86_INT3_LEN);
|
|
}
|
|
}
|
|
|
|
*ChangeStart = Offset;
|
|
*ChangeLen = X86_INT3_LEN;
|
|
|
|
ULONG Done;
|
|
HRESULT Status;
|
|
|
|
Status = Services->WriteVirtual(Process, Offset, SaveInstr,
|
|
X86_INT3_LEN, &Done);
|
|
if (Status == S_OK && Done != X86_INT3_LEN)
|
|
{
|
|
Status = HRESULT_FROM_WIN32(ERROR_WRITE_FAULT);
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
void
|
|
BaseX86MachineInfo::AdjustPCPastBreakpointInstruction(PADDR Addr,
|
|
ULONG BreakType)
|
|
{
|
|
if (BreakType == DEBUG_BREAKPOINT_CODE)
|
|
{
|
|
AddrAdd(Addr, X86_INT3_LEN);
|
|
SetPC(Addr);
|
|
}
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::IsCallDisasm(PCSTR Disasm)
|
|
{
|
|
return strstr(Disasm, " call") != NULL;
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::IsReturnDisasm(PCSTR Disasm)
|
|
{
|
|
return strstr(Disasm, " ret") != NULL ||
|
|
(IS_KERNEL_TARGET() && strstr(Disasm, " iretd") != NULL);
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::IsSystemCallDisasm(PCSTR Disasm)
|
|
{
|
|
return (strstr(Disasm, " int ") != NULL &&
|
|
strstr(Disasm, " 2e") != NULL) ||
|
|
strstr(Disasm, " sysenter") != NULL ||
|
|
strstr(Disasm, " syscall") != NULL;
|
|
}
|
|
|
|
BOOL
|
|
BaseX86MachineInfo::IsDelayInstruction(PADDR Addr)
|
|
{
|
|
// X86 does not have delay slots.
|
|
return FALSE;
|
|
}
|
|
|
|
void
|
|
BaseX86MachineInfo::GetEffectiveAddr(PADDR Addr)
|
|
{
|
|
*Addr = EAaddr[0];
|
|
}
|
|
|
|
void
|
|
BaseX86MachineInfo::IncrementBySmallestInstruction(PADDR Addr)
|
|
{
|
|
AddrAdd(Addr, 1);
|
|
}
|
|
|
|
void
|
|
BaseX86MachineInfo::DecrementBySmallestInstruction(PADDR Addr)
|
|
{
|
|
AddrSub(Addr, 1);
|
|
}
|
|
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// X86MachineInfo methods.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
HRESULT
|
|
X86MachineInfo::NewBreakpoint(DebugClient* Client,
|
|
ULONG Type,
|
|
ULONG Id,
|
|
Breakpoint** RetBp)
|
|
{
|
|
HRESULT Status;
|
|
|
|
switch(Type & (DEBUG_BREAKPOINT_CODE | DEBUG_BREAKPOINT_DATA))
|
|
{
|
|
case DEBUG_BREAKPOINT_CODE:
|
|
*RetBp = new CodeBreakpoint(Client, Id, IMAGE_FILE_MACHINE_I386);
|
|
Status = (*RetBp) ? S_OK : E_OUTOFMEMORY;
|
|
break;
|
|
case DEBUG_BREAKPOINT_DATA:
|
|
*RetBp = new X86DataBreakpoint(Client, Id, X86_CR4, X86_DR6, IMAGE_FILE_MACHINE_I386);
|
|
Status = (*RetBp) ? S_OK : E_OUTOFMEMORY;
|
|
break;
|
|
default:
|
|
// Unknown breakpoint type.
|
|
Status = E_NOINTERFACE;
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::InsertAllDataBreakpoints(void)
|
|
{
|
|
PPROCESS_INFO ProcessSave = g_CurrentProcess;
|
|
PTHREAD_INFO Thread;
|
|
|
|
// Update thread context for every thread.
|
|
|
|
g_CurrentProcess = g_ProcessHead;
|
|
while (g_CurrentProcess != NULL)
|
|
{
|
|
Thread = g_CurrentProcess->ThreadHead;
|
|
while (Thread != NULL)
|
|
{
|
|
ULONG Dr7Value;
|
|
|
|
BpOut("Thread %d data breaks %d\n",
|
|
Thread->UserId, Thread->NumDataBreaks);
|
|
|
|
ChangeRegContext(Thread);
|
|
|
|
// Start with all breaks turned off.
|
|
Dr7Value = GetIntReg(X86_DR7) & ~X86_DR7_CTRL_03_MASK;
|
|
|
|
if (Thread->NumDataBreaks > 0)
|
|
{
|
|
ULONG i;
|
|
|
|
for (i = 0; i < Thread->NumDataBreaks; i++)
|
|
{
|
|
X86DataBreakpoint* Bp =
|
|
(X86DataBreakpoint *)Thread->DataBreakBps[i];
|
|
|
|
ULONG64 Addr = Flat(*Bp->GetAddr());
|
|
BpOut(" dbp %d at %p\n", i, Addr);
|
|
if (g_DataBreakpointsChanged)
|
|
{
|
|
SetReg32(X86_DR0 + i, (ULONG)Addr);
|
|
}
|
|
// There are two enable bits per breakpoint
|
|
// and four len/rw bits so split up enables
|
|
// and len/rw when shifting into place.
|
|
Dr7Value |=
|
|
((Bp->m_Dr7Bits & 0xffff0000) << (i * 4)) |
|
|
((Bp->m_Dr7Bits & X86_DR7_ALL_ENABLES) << (i * 2));
|
|
}
|
|
|
|
// The kernel automatically clears DR6 when it
|
|
// processes a DBGKD_CONTROL_SET.
|
|
if (IS_USER_TARGET())
|
|
{
|
|
SetReg32(X86_DR6, 0);
|
|
}
|
|
|
|
// Set local exact match, which is effectively global on NT.
|
|
Dr7Value |= X86_DR7_LOCAL_EXACT_ENABLE;
|
|
}
|
|
|
|
BpOut(" thread %d DR7 %X\n", Thread->UserId, Dr7Value);
|
|
SetReg32(X86_DR7, Dr7Value);
|
|
|
|
Thread = Thread->Next;
|
|
}
|
|
|
|
g_CurrentProcess = g_CurrentProcess->Next;
|
|
}
|
|
|
|
g_CurrentProcess = ProcessSave;
|
|
if (g_CurrentProcess != NULL)
|
|
{
|
|
ChangeRegContext(g_CurrentProcess->CurrentThread);
|
|
}
|
|
else
|
|
{
|
|
ChangeRegContext(NULL);
|
|
}
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::RemoveAllDataBreakpoints(void)
|
|
{
|
|
SetReg32(X86_DR7, 0);
|
|
}
|
|
|
|
ULONG
|
|
X86MachineInfo::IsBreakpointOrStepException(PEXCEPTION_RECORD64 Record,
|
|
ULONG FirstChance,
|
|
PADDR BpAddr,
|
|
PADDR RelAddr)
|
|
{
|
|
if (Record->ExceptionCode == STATUS_BREAKPOINT ||
|
|
Record->ExceptionCode == STATUS_WX86_BREAKPOINT)
|
|
{
|
|
// Data breakpoints hit as STATUS_SINGLE_STEP so
|
|
// this can only be a code breakpoint.
|
|
if (IS_USER_TARGET() && FirstChance)
|
|
{
|
|
// Back up to the actual breakpoint instruction.
|
|
AddrSub(BpAddr, X86_INT3_LEN);
|
|
SetPC(BpAddr);
|
|
}
|
|
return EXBS_BREAKPOINT_CODE;
|
|
}
|
|
else if (Record->ExceptionCode == STATUS_SINGLE_STEP ||
|
|
Record->ExceptionCode == STATUS_WX86_SINGLE_STEP)
|
|
{
|
|
// XXX t-tcheng - Conversion for Dr6, Dr7 not implemented yet...
|
|
|
|
ULONG Dr6 = GetIntReg(X86_DR6);
|
|
ULONG Dr7 = GetIntReg(X86_DR7);
|
|
|
|
BpOut("X86 step: DR6 %X, DR7 %X\n", Dr6, Dr7);
|
|
|
|
// The single step bit should always be set if a data breakpoint
|
|
// is hit but also check the DR7 enables just in case.
|
|
if ((Dr6 & X86_DR6_SINGLE_STEP) || (Dr7 & X86_DR7_ALL_ENABLES) == 0 ||
|
|
(Dr6 & X86_DR6_BREAK_03) == 0)
|
|
{
|
|
// XXX drewb - The values in the last-branch MSRs are
|
|
// not helpful for unknown reasons. Leave this code
|
|
// off until we can determine whether there's a way
|
|
// to get the right branch source address.
|
|
#if 0
|
|
if (IS_REMOTE_KERNEL_TARGET() && m_SupportsBranchTrace)
|
|
{
|
|
ULONG64 LastIp;
|
|
|
|
if (NT_SUCCESS(DbgKdReadMsr(X86_MSR_LAST_BRANCH_FROM_IP,
|
|
&LastIp)))
|
|
{
|
|
// The branch may have come from a different
|
|
// segment. We could try and determine what
|
|
// code segment it was by reading the stack to
|
|
// get the saved CS value but it's not worth
|
|
// it right now.
|
|
FormAddr(SEGREG_CODE, LastIp,
|
|
FORM_CODE | FORM_SEGREG |
|
|
X86_FORM_VM86(GetIntReg(X86_EFL)),
|
|
RelAddr);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
// This is a true single step exception, not
|
|
// a data breakpoint.
|
|
return EXBS_STEP_INSTRUCTION;
|
|
}
|
|
else
|
|
{
|
|
// Some data breakpoint must be hit.
|
|
// There doesn't appear to be any way
|
|
// to get the faulting address so just leave the PC.
|
|
return EXBS_BREAKPOINT_DATA;
|
|
}
|
|
}
|
|
|
|
return EXBS_NONE;
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackFrameAddressesTitle(ULONG Flags)
|
|
{
|
|
PrintMultiPtrTitle("ChildEBP", 1);
|
|
PrintMultiPtrTitle("RetAddr", 1);
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackFrameAddresses(ULONG Flags,
|
|
PDEBUG_STACK_FRAME StackFrame)
|
|
{
|
|
dprintf("%s %s ",
|
|
FormatAddr64(StackFrame->FrameOffset),
|
|
FormatAddr64(StackFrame->ReturnOffset));
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackArgumentsTitle(ULONG Flags)
|
|
{
|
|
PrintMultiPtrTitle("Args to Child", 3);
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackArguments(ULONG Flags,
|
|
PDEBUG_STACK_FRAME StackFrame)
|
|
{
|
|
dprintf("%s %s %s ",
|
|
FormatAddr64(StackFrame->Params[0]),
|
|
FormatAddr64(StackFrame->Params[1]),
|
|
FormatAddr64(StackFrame->Params[2]));
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackCallSiteTitle(ULONG Flags)
|
|
{
|
|
}
|
|
|
|
void
|
|
X86MachineInfo::PrintStackCallSite(ULONG Flags,
|
|
PDEBUG_STACK_FRAME StackFrame,
|
|
CHAR SymBuf[],
|
|
DWORD64 Displacement,
|
|
USHORT StdCallArgs)
|
|
{
|
|
// Truncate the displacement to 32 bits since it can never be
|
|
// greater than 32 bit for X86, and we don't want addresses with no
|
|
// symbols to show up with the leading 0xfffffff
|
|
|
|
MachineInfo::PrintStackCallSite(Flags, StackFrame, SymBuf,
|
|
(DWORD64)(DWORD)Displacement, StdCallArgs);
|
|
|
|
if ((Flags & DEBUG_STACK_FUNCTION_INFO) &&
|
|
!StackFrame->FuncTableEntry)
|
|
{
|
|
if (StdCallArgs != 0xffff)
|
|
{
|
|
dprintf(" [Stdcall: %d]", StdCallArgs);
|
|
}
|
|
}
|
|
else if ((Flags & DEBUG_STACK_FUNCTION_INFO) &&
|
|
StackFrame->FuncTableEntry)
|
|
{
|
|
PFPO_DATA FpoData = (PFPO_DATA)StackFrame->FuncTableEntry;
|
|
switch(FpoData->cbFrame)
|
|
{
|
|
case FRAME_FPO:
|
|
if (FpoData->fHasSEH)
|
|
{
|
|
dprintf(" (FPO: [SEH])");
|
|
}
|
|
else
|
|
{
|
|
dprintf(" (FPO:");
|
|
if (FpoData->fUseBP)
|
|
{
|
|
dprintf(" [EBP 0x%s]",
|
|
FormatAddr64(SAVE_EBP(StackFrame)));
|
|
}
|
|
dprintf(" [%d,%d,%d])",
|
|
FpoData->cdwParams,
|
|
FpoData->cdwLocals,
|
|
FpoData->cbRegs);
|
|
}
|
|
break;
|
|
|
|
case FRAME_NONFPO:
|
|
dprintf(" (FPO: [Non-Fpo])" );
|
|
break;
|
|
|
|
case FRAME_TRAP:
|
|
if (!IS_KERNEL_TARGET())
|
|
{
|
|
goto UnknownFpo;
|
|
}
|
|
|
|
dprintf(" (FPO: [%d,%d] TrapFrame%s @ %s)",
|
|
FpoData->cdwParams,
|
|
FpoData->cdwLocals,
|
|
TRAP_EDITED(StackFrame) ? "" : "-EDITED",
|
|
FormatAddr64(SAVE_TRAP(StackFrame)));
|
|
break;
|
|
|
|
case FRAME_TSS:
|
|
if (!IS_KERNEL_TARGET())
|
|
{
|
|
goto UnknownFpo;
|
|
}
|
|
|
|
dprintf(" (FPO: TaskGate %lx:0)",
|
|
(ULONG)TRAP_TSS(StackFrame));
|
|
break;
|
|
|
|
default:
|
|
UnknownFpo:
|
|
dprintf(" (UNKNOWN FPO TYPE)");
|
|
break;
|
|
}
|
|
}
|
|
}
|