1
0
mirror of https://github.com/bitdefender/bddisasm.git synced 2025-01-03 11:50:55 +00:00

Display instruction bitfields support.

Using the `-bits` option, the various bits inside the EVEX, VEX, XOP, ModR/M and SIB can be displayed.
This commit is contained in:
Andrei Vlad LUTAS 2021-02-19 11:10:41 +02:00
parent 1eb1c9d0d2
commit 37d47ef7e7
2 changed files with 68 additions and 4 deletions

View File

@ -4892,13 +4892,13 @@ NdToText(
switch (pOp->Info.Memory.DispSize) switch (pOp->Info.Memory.DispSize)
{ {
case 1: case 1:
normDisp = ((disp & 0x80) ? ~((uint8_t)disp) + 1ULL : disp) & 0xFF; normDisp = ((disp & 0x80) ? ~disp + 1ULL : disp) & 0xFF;
break; break;
case 2: case 2:
normDisp = ((disp & 0x8000) ? ~((uint16_t)disp) + 1ULL : disp) & 0xFFFF; normDisp = ((disp & 0x8000) ? ~disp + 1ULL : disp) & 0xFFFF;
break; break;
case 4: case 4:
normDisp = ((disp & 0x80000000) ? ~((uint32_t)disp) + 1ULL : disp) & 0xFFFFFFFF; normDisp = ((disp & 0x80000000) ? ~disp + 1ULL : disp) & 0xFFFFFFFF;
break; break;
default: default:
normDisp = disp; normDisp = disp;

View File

@ -27,6 +27,7 @@ typedef struct _DISASM_OPTIONS
char *Target; // If in search mode, this indicates the instruction to be searched for. char *Target; // If in search mode, this indicates the instruction to be searched for.
BOOLEAN Highlight; // Highlight instruction components, if true. BOOLEAN Highlight; // Highlight instruction components, if true.
BOOLEAN ExtendedInfo; // Display extended instruction info, if true. BOOLEAN ExtendedInfo; // Display extended instruction info, if true.
BOOLEAN BitFields; // Display the various bitfields inside the instruction, if true.
BOOLEAN Stats; // Display disassembly stats (clocks / instruction, instructions / second), if true. BOOLEAN Stats; // Display disassembly stats (clocks / instruction, instructions / second), if true.
BOOLEAN Search; // Search for the Target instruction in the provided buffer. BOOLEAN Search; // Search for the Target instruction in the provided buffer.
BOOLEAN Print; // Print instruction disassembly, if true. BOOLEAN Print; // Print instruction disassembly, if true.
@ -1029,6 +1030,62 @@ print_instruction(
printf("\n"); printf("\n");
} }
if (Options->BitFields)
{
printf(" Instruction bit fields:\n");
if (Instrux->HasEvex)
{
printf(" EVEX: 0x%02x 0x%02x 0x%02x 0x%02x > mm: %d, R': %d, B: %d, X: %d, R: %d, pp: %d, "
"vvvv: %d, W: %d, aaa: %d, V': %d, b: %d, L'L: %d, z: %d\n",
Instrux->Evex.Evex[0], Instrux->Evex.Evex[1], Instrux->Evex.Evex[2], Instrux->Evex.Evex[3],
Instrux->Evex.m, Instrux->Evex.rp, Instrux->Evex.b, Instrux->Evex.x, Instrux->Evex.r, Instrux->Evex.p,
Instrux->Evex.v, Instrux->Evex.w, Instrux->Evex.a, Instrux->Evex.vp, Instrux->Evex.bm, Instrux->Evex.l,
Instrux->Evex.z);
}
if (Instrux->HasVex)
{
if (Instrux->VexMode == ND_VEXM_2B)
{
printf(" VEX2: 0x%02x 0x%02x > pp: %d, L: %d, vvvv: %d, R: %d\n",
Instrux->Vex2.Vex[0], Instrux->Vex2.Vex[1], Instrux->Vex2.p, Instrux->Vex2.l, Instrux->Vex2.v,
Instrux->Vex2.r);
}
else
{
printf(" VEX3: 0x%02x 0x%02x 0x%02x > m-mmmm: %d, B: %d, X: %d, R: %d, pp: %d, L: %d, vvvv: %d, W: %d\n",
Instrux->Vex3.Vex[0], Instrux->Vex3.Vex[1], Instrux->Vex3.Vex[2], Instrux->Vex3.m, Instrux->Vex3.b,
Instrux->Vex3.x, Instrux->Vex3.r, Instrux->Vex3.p, Instrux->Vex3.l, Instrux->Vex3.v, Instrux->Vex3.w);
}
}
if (Instrux->HasXop)
{
printf(" XOP: 0x%02x 0x%02x 0x%02x > m: %d, B: %d, X: %d, R: %d, p: %d, L: %d, v: %d, W: %d\n",
Instrux->Xop.Xop[0], Instrux->Xop.Xop[1], Instrux->Xop.Xop[2], Instrux->Xop.m, Instrux->Xop.b,
Instrux->Xop.x, Instrux->Xop.r, Instrux->Xop.p, Instrux->Xop.l, Instrux->Xop.v, Instrux->Xop.w);
}
if (Instrux->HasRex)
{
printf(" REX: 0x%02x > B: %d, X: %d, R: %d, W: %d\n",
Instrux->Rex.Rex, Instrux->Rex.b, Instrux->Rex.x, Instrux->Rex.r, Instrux->Rex.w);
}
if (Instrux->HasModRm)
{
printf(" ModR/M: 0x%02x > mod: %d, reg: %d, rm: %d\n",
Instrux->ModRm.ModRm, Instrux->ModRm.mod, Instrux->ModRm.reg, Instrux->ModRm.rm);
}
if (Instrux->HasSib)
{
printf(" SIB: 0x%02x > scale: %d, index: %d, base: %d\n",
Instrux->Sib.Sib, Instrux->Sib.scale, Instrux->Sib.index, Instrux->Sib.base);
}
}
} }
@ -1628,7 +1685,7 @@ int main(
DWORD fsize, offset; DWORD fsize, offset;
SIZE_T rip; SIZE_T rip;
char text[ND_MIN_BUF_SIZE], *fname, *target, *shemuCtxFname; char text[ND_MIN_BUF_SIZE], *fname, *target, *shemuCtxFname;
BYTE mode, print, highlight, fmode, hmode, stats, exi, vend, feat, search, isShemu, isShemuCtxf, isKernel; BYTE mode, print, highlight, fmode, hmode, stats, exi, vend, feat, search, isShemu, isShemuCtxf, isKernel, bitfields;
INT ret, i; INT ret, i;
BYTE hexbuf[256], *buffer; BYTE hexbuf[256], *buffer;
DISASM_OPTIONS options; DISASM_OPTIONS options;
@ -1657,6 +1714,7 @@ int main(
isShemu = 0; isShemu = 0;
isShemuCtxf = 0; isShemuCtxf = 0;
isKernel = 0; isKernel = 0;
bitfields = 0;
if (NULL == argv) if (NULL == argv)
{ {
@ -1692,6 +1750,7 @@ int main(
printf(" Examples of valid command line register naming: \"RegRax\" ; \"rax\" ; \"reg_rax\"\n"); printf(" Examples of valid command line register naming: \"RegRax\" ; \"rax\" ; \"reg_rax\"\n");
printf(" -k specify kernel mode for shemu emulation. Ignore if shemu is not specified.\n"); printf(" -k specify kernel mode for shemu emulation. Ignore if shemu is not specified.\n");
printf(" -hl highlight instruction parts:\n"); printf(" -hl highlight instruction parts:\n");
printf(" -bits display the instruction bit fields");
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),
FOREGROUND_BLUE|FOREGROUND_GREEN|FOREGROUND_RED|FOREGROUND_INTENSITY); FOREGROUND_BLUE|FOREGROUND_GREEN|FOREGROUND_RED|FOREGROUND_INTENSITY);
printf(" light white prefixes\n"); printf(" light white prefixes\n");
@ -1881,6 +1940,10 @@ int main(
return -1; return -1;
} }
} }
else if (0 == strcmp(argv[i], "-bits"))
{
bitfields = 1;
}
else else
{ {
printf("Unknown option: '%s'\n", argv[i]); printf("Unknown option: '%s'\n", argv[i]);
@ -1968,6 +2031,7 @@ int main(
options.Buffer = buffer; options.Buffer = buffer;
options.Size = fsize; options.Size = fsize;
options.ExtendedInfo = exi; options.ExtendedInfo = exi;
options.BitFields = bitfields;
options.Highlight = highlight; options.Highlight = highlight;
options.Mode = mode; options.Mode = mode;
options.Ring = isKernel ? 0 : 3; options.Ring = isKernel ? 0 : 3;