arno/bddisasm
1
0
Fork 0
mirror of https://github.com/bitdefender/bddisasm.git synced 2025-04-01 03:55:46 +00:00
Code Issues Releases Wiki Activity

Moved the formatting function in a dedicated source file.

Browse Source 
Added support for SIDT and RDTSC in bdshemu.
This commit is contained in:
BITDEFENDER\vlutas 2021-10-19 17:33:15 +03:00
parent 38592edf31
commit 412f065965
9 changed files with 1098 additions and 1049 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CMakeLists.txt
View File

@ -96,6 +96,7 @@ add_library(
bddisasm STATIC bddisasm STATIC
bddisasm/crt.c bddisasm/crt.c
bddisasm/bddisasm.c bddisasm/bddisasm.c
bddisasm/bdformat.c
# Add the headers so they will show up in IDEs. # Add the headers so they will show up in IDEs.
bddisasm/include/instructions.h bddisasm/include/instructions.h
bddisasm/include/mnemonics.h bddisasm/include/mnemonics.h

1047
bddisasm/bddisasm.c
View File

File diff suppressed because it is too large Load Diff

1
bddisasm/bddisasm.vcxproj
View File

@ -420,6 +420,7 @@
</Lib> </Lib>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="bdformat.c" />
<ClCompile Include="crt.c" /> <ClCompile Include="crt.c" />
<ClCompile Include="bddisasm.c"> <ClCompile Include="bddisasm.c">
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='ReleaseKernel|Win32'">NotUsing</PrecompiledHeader> <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='ReleaseKernel|Win32'">NotUsing</PrecompiledHeader>

3
bddisasm/bddisasm.vcxproj.filters
View File

@ -27,6 +27,9 @@
<ClCompile Include="bddisasm.c"> <ClCompile Include="bddisasm.c">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="bdformat.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="include\instructions.h"> <ClInclude Include="include\instructions.h">

1050
bddisasm/bdformat.c Normal file
View File

File diff suppressed because it is too large Load Diff

7
bddisasm/include/nd_crt.h
View File

@ -90,4 +90,11 @@ extern void *nd_memset(void *s, int c, size_t n);
#define nd_memzero(Dest, Size) nd_memset((Dest), 0, (Size)) #define nd_memzero(Dest, Size) nd_memset((Dest), 0, (Size))
// Handy macros.
#define RET_EQ(x, y, z) if ((x) == (y)) { return (z); }
#define RET_GE(x, y, z) if ((x) >= (y)) { return (z); }
#define RET_GT(x, y, z) if ((x) > (y)) { return (z); }
#endif // ND_CRT_H #endif // ND_CRT_H

36
bdshemu/bdshemu.c
View File

@ -1693,8 +1693,18 @@ ShemuPrintContext(
Context->Registers.RegR8, Context->Registers.RegR9, Context->Registers.RegR10, Context->Registers.RegR11); Context->Registers.RegR8, Context->Registers.RegR9, Context->Registers.RegR10, Context->Registers.RegR11);
shemu_printf(Context, " R12 = 0x%016llx R13 = 0x%016llx R14 = 0x%016llx R15 = 0x%016llx\n", shemu_printf(Context, " R12 = 0x%016llx R13 = 0x%016llx R14 = 0x%016llx R15 = 0x%016llx\n",
Context->Registers.RegR12, Context->Registers.RegR13, Context->Registers.RegR14, Context->Registers.RegR15); Context->Registers.RegR12, Context->Registers.RegR13, Context->Registers.RegR14, Context->Registers.RegR15);
shemu_printf(Context, " RIP = 0x%016llx RFLAGS = 0x%016llx\n", shemu_printf(Context, " RIP = 0x%016llx RFLAGS = 0x%016llx ",
Context->Registers.RegRip, Context->Registers.RegFlags); Context->Registers.RegRip, Context->Registers.RegFlags);
shemu_printf(Context, " CF:%d PF:%d AF:%d ZF:%d SF:%d TF:%d IF:%d DF:%d OF:%d\n",
GET_FLAG(Context, NDR_RFLAG_CF),
GET_FLAG(Context, NDR_RFLAG_PF),
GET_FLAG(Context, NDR_RFLAG_AF),
GET_FLAG(Context, NDR_RFLAG_ZF),
GET_FLAG(Context, NDR_RFLAG_SF),
GET_FLAG(Context, NDR_RFLAG_TF),
GET_FLAG(Context, NDR_RFLAG_IF),
GET_FLAG(Context, NDR_RFLAG_DF),
GET_FLAG(Context, NDR_RFLAG_OF));
shemu_printf(Context, "Emulating: 0x%016llx %s\n", Context->Registers.RegRip, text); shemu_printf(Context, "Emulating: 0x%016llx %s\n", Context->Registers.RegRip, text);
} }
@ -1711,6 +1721,7 @@ ShemuEmulate(
SHEMU_VALUE res = { 0 }, dst = { 0 }, src = { 0 }, rcx = { 0 }, aux = { 0 }; SHEMU_VALUE res = { 0 }, dst = { 0 }, src = { 0 }, rcx = { 0 }, aux = { 0 };
bool stop = false, cf; bool stop = false, cf;
uint16_t cs = 0; uint16_t cs = 0;
uint64_t tsc = 0x1248fe7a5c30;
if (NULL == Context) if (NULL == Context)
{ {
@ -1753,6 +1764,8 @@ ShemuEmulate(
uint64_t rip; uint64_t rip;
uint32_t i; uint32_t i;
tsc++;
// Reset all the operands to 0. // Reset all the operands to 0.
nd_memzero(&dst, sizeof(dst)); nd_memzero(&dst, sizeof(dst));
nd_memzero(&src, sizeof(src)); nd_memzero(&src, sizeof(src));
@ -3058,6 +3071,17 @@ check_far_branch:
stop = true; stop = true;
break; break;
case ND_INS_SIDT:
if (Context->Ring == 0)
{
// Flag this only in ring0, as we treat the SHEMU_FLAG_SIDT as a ring0 specific indicator - it can be
// used to locate the kernel image.
Context->Flags |= SHEMU_FLAG_SIDT;
}
stop = true;
break;
case ND_INS_AESIMC: case ND_INS_AESIMC:
case ND_INS_AESDEC: case ND_INS_AESDEC:
case ND_INS_AESDECLAST: case ND_INS_AESDECLAST:
@ -3096,6 +3120,16 @@ check_far_branch:
break; break;
} }
case ND_INS_RDTSC:
src.Size = 4;
// Set EAX to lower 32 bits.
src.Value.Dwords[0] = tsc & 0xFFFFFFFF;
SET_OP(Context, 0, &src);
// Set EDX to upper 32 bits.
src.Value.Dwords[0] = tsc >> 32;
SET_OP(Context, 1, &src);
break;
default: default:
return SHEMU_ABORT_UNSUPPORTED_INSTRUX; return SHEMU_ABORT_UNSUPPORTED_INSTRUX;

BIN
bdshemu_test/bdshemu_test.zip
View File

Binary file not shown.

2
inc/version.h
View File

@ -7,6 +7,6 @@
#define DISASM_VERSION_MAJOR 1 #define DISASM_VERSION_MAJOR 1
#define DISASM_VERSION_MINOR 34 #define DISASM_VERSION_MINOR 34
#define DISASM_VERSION_REVISION 4 #define DISASM_VERSION_REVISION 5
#endif // DISASM_VER_H #endif // DISASM_VER_H