diff --git a/bddisasm/bddisasm.c b/bddisasm/bddisasm.c index 34f0f31..7b5e409 100644 --- a/bddisasm/bddisasm.c +++ b/bddisasm/bddisasm.c @@ -200,6 +200,8 @@ static const uint16_t gOperandMap[] = ND_OPE_S, // ND_OPT_MEM_rBX_AL (as used by XLAT) ND_OPE_S, // ND_OPT_MEM_rDI (as used by masked moves) ND_OPE_S, // ND_OPT_MEM_SHS + ND_OPE_S, // ND_OPT_MEM_SHSP + ND_OPE_S, // ND_OPT_MEM_SHS0 ND_OPE_S, // ND_OPT_CR_0 ND_OPE_S, // ND_OPT_IDTR @@ -1665,6 +1667,11 @@ NdParseOperand( } break; + case ND_OPS_12: + // SAVPREVSSP instruction reads/writes 4 + 8 bytes from the shadow stack. + size = 12; + break; + case ND_OPS_t: // Tile register. The actual size depends on how the TILECFG register has been programmed, but it can be // up to 1K in size. @@ -1940,7 +1947,7 @@ NdParseOperand( // The operand is the SSP register. operand->Type = ND_OP_REG; operand->Info.Register.Type = ND_REG_SSP; - operand->Info.Register.Size = (Instrux->OpMode == ND_OPSZ_64) ? ND_SIZE_64BIT : ND_SIZE_32BIT; + operand->Info.Register.Size = operand->Size; operand->Info.Register.Reg = 0; break; @@ -2686,7 +2693,11 @@ memory: } // Shadow Stack Access, if this is the case. - operand->Info.Memory.IsShadowStack = ND_HAS_SHS(Instrux); + if (ND_HAS_SHS(Instrux)) + { + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_EXPLICIT; + } break; @@ -2808,10 +2819,27 @@ memory: break; case ND_OPT_MEM_SHS: - // Shadow stack. + // Shadow stack access using the current SSP. + Instrux->MemoryAccess |= operand->Access.Access; + operand->Type = ND_OP_MEM; + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_SSP_LD_ST; + break; + + case ND_OPT_MEM_SHS0: + // Shadow stack access using the IA32_PL0_SSP. + Instrux->MemoryAccess |= operand->Access.Access; + operand->Type = ND_OP_MEM; + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_PL0_SSP; + break; + + case ND_OPT_MEM_SHSP: + // Shadow stack push/pop access. Instrux->MemoryAccess |= operand->Access.Access; operand->Type = ND_OP_MEM; operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_SSP_PUSH_POP; break; case ND_OPT_Z: diff --git a/bddisasm/include/instructions.h b/bddisasm/include/instructions.h index 2348ccb..b10c60e 100644 --- a/bddisasm/include/instructions.h +++ b/bddisasm/include/instructions.h @@ -1360,7 +1360,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_J, ND_OPS_z, ND_OPF_R, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:100 Instruction:"CALL Ev" Encoding:"0xFF /2"/"M" @@ -1375,7 +1375,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_E, ND_OPS_v, ND_OPF_R, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:101 Instruction:"CALLF Ap" Encoding:"0x9A cp"/"D" @@ -1391,7 +1391,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:102 Instruction:"CALLF Mp" Encoding:"0xFF /3:mem"/"M" @@ -1407,7 +1407,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:103 Instruction:"CBW" Encoding:"ds16 0x98"/"" @@ -5772,7 +5772,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:425 Instruction:"INT1" Encoding:"0xF1"/"" @@ -5803,7 +5803,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:427 Instruction:"INTO" Encoding:"0xCE"/"" @@ -5819,7 +5819,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:428 Instruction:"INVD" Encoding:"0x0F 0x08"/"" @@ -5926,7 +5926,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:436 Instruction:"IRETQ" Encoding:"ds64 0xCF"/"" @@ -5942,7 +5942,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:437 Instruction:"IRETW" Encoding:"ds16 0xCF"/"" @@ -5958,7 +5958,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:438 Instruction:"JBE Jz" Encoding:"0x0F 0x86 cz"/"D" @@ -15186,7 +15186,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1131 Instruction:"RETF" Encoding:"0xCB"/"" @@ -15201,7 +15201,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1132 Instruction:"RETN Iw" Encoding:"0xC2 iw"/"I" @@ -15217,7 +15217,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1133 Instruction:"RETN" Encoding:"0xC3"/"" @@ -15231,7 +15231,7 @@ const ND_INSTRUCTION gInstructions[2554] = 0, OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1134 Instruction:"RMPADJUST" Encoding:"0xF3 0x0F 0x01 /0xFE"/"" @@ -15808,8 +15808,8 @@ const ND_INSTRUCTION gInstructions[2554] = 0, 0, 0, - OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHS, ND_OPS_12, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1176 Instruction:"SBB Eb,Gb" Encoding:"0x18 /r"/"MR" @@ -16291,7 +16291,7 @@ const ND_INSTRUCTION gInstructions[2554] = 0, 0, 0, - OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHS0, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, @@ -17353,7 +17353,7 @@ const ND_INSTRUCTION gInstructions[2554] = { ND_INS_SYSCALL, ND_CAT_SYSCALL, ND_SET_AMD, 760, ND_MOD_R0|ND_MOD_R1|ND_MOD_R2|ND_MOD_R3|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX, - 0, 0, ND_OPS_CNT(0, 9), 0, 0, 0, 0, 0, 0, ND_FLAG_O64, ND_CFF_FSC, + 0, 0, ND_OPS_CNT(0, 10), 0, 0, 0, 0, 0, 0, ND_FLAG_F64|ND_FLAG_O64, ND_CFF_FSC, 0, 0, 0, @@ -17367,6 +17367,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:1290 Instruction:"SYSENTER" Encoding:"0x0F 0x34"/"" @@ -17392,7 +17393,7 @@ const ND_INSTRUCTION gInstructions[2554] = { ND_INS_SYSEXIT, ND_CAT_SYSRET, ND_SET_PPRO, 762, ND_MOD_R0|ND_MOD_SMM|ND_MOD_PROT|ND_MOD_COMPAT|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX, - 0, 0, ND_OPS_CNT(0, 4), 0, 0, 0, 0, 0, 0, 0, ND_CFF_SEP, + 0, 0, ND_OPS_CNT(0, 5), 0, 0, 0, 0, 0, 0, ND_FLAG_F64, ND_CFF_SEP, 0, 0, 0, @@ -17401,6 +17402,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:1292 Instruction:"SYSRET" Encoding:"o64 0x0F 0x07"/"" diff --git a/bddisasm/include/tabledefs.h b/bddisasm/include/tabledefs.h index 795f04e..6395a4f 100644 --- a/bddisasm/include/tabledefs.h +++ b/bddisasm/include/tabledefs.h @@ -300,6 +300,8 @@ typedef enum _ND_OPERAND_SIZE_SPEC ND_OPS_v3, ND_OPS_v4, ND_OPS_v8, + // 4 + 8 bytes accessed on the shadow stack by the SAVPREVSSP instruction. + ND_OPS_12, // MIB ND_OPS_mib, // VSIB sizes (for both the index and the accessed data). @@ -408,6 +410,8 @@ typedef enum _ND_OPERAND_TYPE_SPEC ND_OPT_MEM_rBX_AL, ND_OPT_MEM_rDI, ND_OPT_MEM_SHS, + ND_OPT_MEM_SHSP, + ND_OPT_MEM_SHS0, // Misc CR/XCR/MSR/SYS registers. ND_OPT_CR_0, diff --git a/bddisasm_test/basic/branch_16.result b/bddisasm_test/basic/branch_16.result index b014c57..ca9dde0 100644 --- a/bddisasm_test/basic/branch_16.result +++ b/bddisasm_test/basic/branch_16.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000003 ffd0 CALL ax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000005 66ffd0 CALL eax @@ -49,7 +49,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000008 ff17 CALL word ptr [bx] @@ -68,7 +68,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000000A 67ff13 CALL word ptr [ebx] @@ -87,7 +87,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000000D 67ff13 CALL word ptr [ebx] @@ -106,7 +106,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000010 6667ff13 CALL dword ptr [ebx] @@ -125,7 +125,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000014 ebfe JMP 0x14 @@ -246,7 +246,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000002C 669a000000102000 CALLF 0x0020:0x10000000 @@ -265,7 +265,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000034 ea00102000 JMPF 0x0020:0x1000 @@ -299,7 +299,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000041 67ff1b CALLF dword ptr [ebx] @@ -319,7 +319,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000044 ff1f CALLF dword ptr [bx] @@ -339,7 +339,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000046 6667ff1b CALLF fword ptr [ebx] @@ -359,7 +359,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004A 66ff1f CALLF fword ptr [bx] @@ -379,7 +379,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004D 67ff2b JMPF dword ptr [ebx] @@ -565,7 +565,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000068 cc INT3 @@ -586,7 +586,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000069 f1 INT1 @@ -641,7 +641,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000006C c22000 RETN 0x0020 @@ -660,7 +660,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: General Purpose, RegSize: 2, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000006F cb RETF @@ -678,7 +678,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000070 ca2000 RETF 0x0020 @@ -697,7 +697,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000073 cf IRETW @@ -718,7 +718,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000074 66cf IRETD @@ -739,6 +739,6 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, diff --git a/bddisasm_test/basic/branch_32.result b/bddisasm_test/basic/branch_32.result index 5d823e9..59e226f 100644 --- a/bddisasm_test/basic/branch_32.result +++ b/bddisasm_test/basic/branch_32.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000005 66ffd0 CALL ax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000008 ffd0 CALL eax @@ -49,7 +49,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000A 67ff17 CALL dword ptr [bx] @@ -68,7 +68,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000D ff13 CALL dword ptr [ebx] @@ -87,7 +87,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000F 66ff13 CALL word ptr [ebx] @@ -106,7 +106,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000012 ff13 CALL dword ptr [ebx] @@ -125,7 +125,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000014 ebfe JMP 0x14 @@ -246,7 +246,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000002B 9a000000102000 CALLF 0x0020:0x10000000 @@ -265,7 +265,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000032 66ea00102000 JMPF 0x0020:0x1000 @@ -299,7 +299,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003F 66ff1b CALLF dword ptr [ebx] @@ -319,7 +319,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000042 6667ff1f CALLF dword ptr [bx] @@ -339,7 +339,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000046 ff1b CALLF fword ptr [ebx] @@ -359,7 +359,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000048 67ff1f CALLF fword ptr [bx] @@ -379,7 +379,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004B 66ff2b JMPF dword ptr [ebx] @@ -565,7 +565,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000066 cc INT3 @@ -586,7 +586,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000067 f1 INT1 @@ -641,7 +641,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000006A c22000 RETN 0x0020 @@ -660,7 +660,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000006D cb RETF @@ -678,7 +678,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000006E ca2000 RETF 0x0020 @@ -697,7 +697,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000071 66cf IRETW @@ -718,7 +718,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000073 cf IRETD @@ -739,7 +739,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000074 0f34 SYSENTER @@ -781,4 +781,5 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1 Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 diff --git a/bddisasm_test/basic/branch_64.result b/bddisasm_test/basic/branch_64.result index e1b8a4e..ce49fed 100644 --- a/bddisasm_test/basic/branch_64.result +++ b/bddisasm_test/basic/branch_64.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000005 ffd0 CALL rax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000007 67ff13 CALL qword ptr [ebx] @@ -50,7 +50,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000000A ff13 CALL qword ptr [rbx] @@ -69,7 +69,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000000C ebfe JMP 0xc @@ -147,7 +147,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000018 ff1b CALLF fword ptr [rbx] @@ -167,7 +167,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000001A 48ff1b CALLF tbyte ptr [rbx] @@ -187,7 +187,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow stack: 3, 000000000000001D 66ff2b JMPF dword ptr [rbx] @@ -357,7 +357,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000034 cc INT3 @@ -378,7 +378,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000035 f1 INT1 @@ -433,7 +433,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000038 c22000 RETN 0x0020 @@ -452,7 +452,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003B cb RETF @@ -470,7 +470,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003C ca2000 RETF 0x0020 @@ -489,7 +489,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003F 66cf IRETW @@ -510,7 +510,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000041 cf IRETD @@ -531,11 +531,11 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000042 0f05 SYSCALL - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 64, ASIZE: 64, VLEN: - ISA Set: AMD, Ins cat: SYSCALL, CET tracked: no CPUID leaf: 0x80000001, reg: ecx, bit: 11 FLAGS access @@ -551,15 +551,16 @@ Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741695, RegCount: 1 Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741694, RegCount: 1 Operand: 2, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741692, RegCount: 1 - Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1 + Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1 Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 1, RegCount: 1 Operand: 5, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 11, RegCount: 1 - Operand: 6, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 - Operand: 7, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 8, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 6, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1 + Operand: 7, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 8, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Flags, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 9, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 0000000000000044 0f35 SYSEXIT - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 64, ASIZE: 64, VLEN: - ISA Set: PPRO, Ins cat: SYSRET, CET tracked: no CPUID leaf: 0x00000001, reg: edx, bit: 11 Valid modes @@ -570,8 +571,9 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1 + Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1 Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 - Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 - Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1 + Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 diff --git a/bddisasm_test/basic/cet_64 b/bddisasm_test/basic/cet_64 deleted file mode 100644 index 5c06046..0000000 Binary files a/bddisasm_test/basic/cet_64 and /dev/null differ diff --git a/bddisasm_test/basic/cet_64.asm b/bddisasm_test/basic/cet_64.asm deleted file mode 100644 index 2f42c49..0000000 --- a/bddisasm_test/basic/cet_64.asm +++ /dev/null @@ -1,13 +0,0 @@ - bits 64 - - db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP qword ptr [rax] - db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP - db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY - db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax - db 0xF3, 0x48, 0x0F, 0x1E, 0xC8 ; RDSSPQ rax - db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR32 - db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR64 - db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD dword ptr [rax], eax - db 0x66, 0x48, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSQ dword ptr [rax], rax - db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD dword ptr [rax], eax - db 0x48, 0x0F, 0x38, 0xF6, 0x00 ; WRSSQ dword ptr [rax], rax \ No newline at end of file diff --git a/bddisasm_test/basic/prefixes_64.result b/bddisasm_test/basic/prefixes_64.result index ac4554a..2f077ff 100644 --- a/bddisasm_test/basic/prefixes_64.result +++ b/bddisasm_test/basic/prefixes_64.result @@ -1277,6 +1277,6 @@ Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, diff --git a/bddisasm_test/cet/cet_32 b/bddisasm_test/cet/cet_32 new file mode 100644 index 0000000..a5e81e8 Binary files /dev/null and b/bddisasm_test/cet/cet_32 differ diff --git a/bddisasm_test/cet/cet_32.asm b/bddisasm_test/cet/cet_32.asm new file mode 100644 index 0000000..325be2a --- /dev/null +++ b/bddisasm_test/cet/cet_32.asm @@ -0,0 +1,12 @@ + bits 32 + + db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP [eax] + db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP + db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY + db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax + db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR64 + db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR32 + db 0xF3, 0x0F, 0xAE, 0x30 ; CLRSSBSY [rax] + db 0xF3, 0x0F, 0xAE, 0xE8 ; INCSSPD eax + db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD [rax], eax + db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD [rax], eax \ No newline at end of file diff --git a/bddisasm_test/basic/cet_64.result b/bddisasm_test/cet/cet_32.result similarity index 73% rename from bddisasm_test/basic/cet_64.result rename to bddisasm_test/cet/cet_32.result index 82d9436..70d8eff 100644 --- a/bddisasm_test/basic/cet_64.result +++ b/bddisasm_test/cet/cet_32.result @@ -1,5 +1,5 @@ -0000000000000000 f30f0128 RSTORSSP qword ptr [rax] - DSIZE: 32, ASIZE: 64, VLEN: - +0000000000000000 f30f0128 RSTORSSP qword ptr [eax] + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -10,11 +10,12 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes, + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, Segment: 3, Base: 0, + Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 0000000000000004 f30f01ea SAVEPREVSSP - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -25,12 +26,12 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 0, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 2, - Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 0000000000000008 f30f01e8 SETSSBSY - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -41,9 +42,12 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 4, + + Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 000000000000000C f30f1ec8 RDSSPD eax - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -57,8 +61,8 @@ Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 -0000000000000010 f3480f1ec8 RDSSPQ rax - DSIZE: 64, ASIZE: 64, VLEN: - +0000000000000010 f30f1efa ENDBR64 + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -69,11 +73,9 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 - Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 -0000000000000015 f30f1efa ENDBR64 - DSIZE: 32, ASIZE: 64, VLEN: - +0000000000000014 f30f1efb ENDBR32 + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -85,8 +87,8 @@ HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no -0000000000000019 f30f1efb ENDBR32 - DSIZE: 32, ASIZE: 64, VLEN: - +0000000000000018 f30fae30 CLRSSBSY qword ptr [eax] + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -97,25 +99,12 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - -000000000000001D 660f38f500 WRUSSD dword ptr [rax], eax - DSIZE: 32, ASIZE: 64, VLEN: - - ISA Set: CET, Ins cat: CET, CET tracked: no - CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 - Valid modes - R0: yes, R1: yes, R2: yes, R3: yes - Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes - SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes - Valid prefixes - REP: no, REPcc: no, LOCK: no - HLE: no, XACQUIRE only: no, XRELEASE only: no - BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow Stack: yes, + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, Segment: 3, Base: 0, - Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 -0000000000000022 66480f38f500 WRUSSQ qword ptr [rax], rax - DSIZE: 64, ASIZE: 64, VLEN: - +000000000000001C f30faee8 INCSSPD eax + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -126,12 +115,13 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes, - Segment: 3, Base: 0, - Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 0, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 2, + + Operand: 2, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 -0000000000000028 0f38f600 WRSSD dword ptr [rax], eax - DSIZE: 32, ASIZE: 64, VLEN: - +0000000000000020 660f38f500 WRUSSD dword ptr [eax], eax + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -142,12 +132,12 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow Stack: yes, + Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1, Segment: 3, Base: 0, Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 -000000000000002C 480f38f600 WRSSQ qword ptr [rax], rax - DSIZE: 64, ASIZE: 64, VLEN: - +0000000000000025 0f38f600 WRSSD dword ptr [eax], eax + DSIZE: 32, ASIZE: 32, VLEN: - ISA Set: CET, Ins cat: CET, CET tracked: no CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 Valid modes @@ -158,7 +148,7 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes, + Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1, Segment: 3, Base: 0, - Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 diff --git a/bddisasm_test/cet/cet_64 b/bddisasm_test/cet/cet_64 new file mode 100644 index 0000000..8ff730c Binary files /dev/null and b/bddisasm_test/cet/cet_64 differ diff --git a/bddisasm_test/cet/cet_64.asm b/bddisasm_test/cet/cet_64.asm new file mode 100644 index 0000000..5ca2fec --- /dev/null +++ b/bddisasm_test/cet/cet_64.asm @@ -0,0 +1,16 @@ + bits 64 + + db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP [rax] + db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP + db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY + db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax + db 0xF3, 0x48, 0x0F, 0x1E, 0xC8 ; RDSSPD rax + db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR64 + db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR32 + db 0xF3, 0x0F, 0xAE, 0x30 ; CLRSSBSY [rax] + db 0xF3, 0x0F, 0xAE, 0xE8 ; INCSSPD eax + db 0xF3, 0x48, 0x0F, 0xAE, 0xE8 ; INCSSPQ rax + db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD [rax], eax + db 0x66, 0x48, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSQ [rax], eax + db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD [rax], eax + db 0x48, 0x0F, 0x38, 0xF6, 0x00 ; WRSSQ [rax], eax \ No newline at end of file diff --git a/bddisasm_test/cet/cet_64.result b/bddisasm_test/cet/cet_64.result new file mode 100644 index 0000000..27bd28e --- /dev/null +++ b/bddisasm_test/cet/cet_64.result @@ -0,0 +1,218 @@ +0000000000000000 f30f0128 RSTORSSP qword ptr [rax] + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000004 f30f01ea SAVEPREVSSP + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 2, + + Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000008 f30f01e8 SETSSBSY + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 4, + + Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +000000000000000C f30f1ec8 RDSSPD eax + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000010 f3480f1ec8 RDSSPQ rax + DSIZE: 64, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000015 f30f1efa ENDBR64 + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + +0000000000000019 f30f1efb ENDBR32 + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + +000000000000001D f30fae30 CLRSSBSY qword ptr [rax] + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000021 f30faee8 INCSSPD eax + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 2, + + Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000025 f3480faee8 INCSSPQ rax + DSIZE: 64, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 1, Acc: R-, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow stack: 2, + + Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 + +000000000000002A 660f38f500 WRUSSD dword ptr [rax], eax + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + +000000000000002F 66480f38f500 WRUSSQ qword ptr [rax], rax + DSIZE: 64, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + +0000000000000035 0f38f600 WRSSD dword ptr [rax], eax + DSIZE: 32, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1 + +0000000000000039 480f38f600 WRSSQ qword ptr [rax], rax + DSIZE: 64, ASIZE: 64, VLEN: - + ISA Set: CET, Ins cat: CET, CET tracked: no + CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7 + Valid modes + R0: yes, R1: yes, R2: yes, R3: yes + Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes + SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes + Valid prefixes + REP: no, REPcc: no, LOCK: no + HLE: no, XACQUIRE only: no, XRELEASE only: no + BND: no, BHINT: no, DNT: no + Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1, + Segment: 3, Base: 0, + Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1 + diff --git a/bddisasm_test/special/only_32.result b/bddisasm_test/special/only_32.result index a97233d..be07ae8 100644 --- a/bddisasm_test/special/only_32.result +++ b/bddisasm_test/special/only_32.result @@ -285,7 +285,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000001D 90 NOP diff --git a/bddisasm_test/special/only_64.result b/bddisasm_test/special/only_64.result index c9b0ec0..e1e4fd7 100644 --- a/bddisasm_test/special/only_64.result +++ b/bddisasm_test/special/only_64.result @@ -55,7 +55,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741567, RegCount: 1 000000000000000B 0f05 SYSCALL - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 64, ASIZE: 64, VLEN: - ISA Set: AMD, Ins cat: SYSCALL, CET tracked: no CPUID leaf: 0x80000001, reg: ecx, bit: 11 FLAGS access @@ -71,12 +71,13 @@ Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741695, RegCount: 1 Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741694, RegCount: 1 Operand: 2, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741692, RegCount: 1 - Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1 + Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1 Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 1, RegCount: 1 Operand: 5, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 11, RegCount: 1 - Operand: 6, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 - Operand: 7, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 8, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 6, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1 + Operand: 7, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 8, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Flags, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 9, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 000000000000000D 0f07 SYSRET DSIZE: 32, ASIZE: 64, VLEN: - diff --git a/disasmtool/disasmtool.c b/disasmtool/disasmtool.c index 85a4132..bea2995 100644 --- a/disasmtool/disasmtool.c +++ b/disasmtool/disasmtool.c @@ -914,7 +914,7 @@ print_instruction( if (Instrux->Operands[i].Info.Memory.IsShadowStack) { - printf("Shadow Stack: yes, "); + printf("Shadow stack: %d, ", Instrux->Operands[i].Info.Memory.ShStkType); } if (Instrux->Operands[i].Info.Memory.HasCompDisp) diff --git a/inc/bddisasm.h b/inc/bddisasm.h index 2c9d3a7..4248f2b 100644 --- a/inc/bddisasm.h +++ b/inc/bddisasm.h @@ -758,6 +758,19 @@ typedef struct _ND_OPDESC_ADDRESS } ND_OPDESC_ADDRESS; +// +// Shadow stack access types. +// +typedef enum _ND_SHSTK_ACCESS +{ + ND_SHSTK_NONE = 0, + ND_SHSTK_EXPLICIT, // Explicit memory operand accessed as shadow stack. + ND_SHSTK_SSP_LD_ST, // Shadow Stack Pointer (SSP) used as base for addressing using conventional load/store. + ND_SHSTK_SSP_PUSH_POP, // Shadow Stack Pointer (SSP) used as base for addressing using push/pop. + ND_SHSTK_PL0_SSP, // Privilege 0 SSP (IA32_PL0_SSP) used (SETSSBSY). +} ND_SHSTK_ACCESS; + + // // Describes a memory operand. // @@ -775,7 +788,7 @@ typedef struct _ND_OPDESC_MEMORY bool IsStack:1; // TRUE if this is a stack op. Note that explicit stack accesses are not // included (eg: mov eax, [rsp] will NOT set IsStack). bool IsString:1; // TRUE for [RSI] and [RDI] operands inside string operations. - bool IsShadowStack:1; // TRUE if this is a shadow stack access. + bool IsShadowStack:1; // TRUE if this is a shadow stack access. Check out ShStkType for more info. bool IsDirect:1; // TRUE if direct addressing (MOV [...], EAX, 0xA3). bool IsBitbase:1; // TRUE if this is a bit base. Used for BT* instructions. The bitbase // stored in the second operand must be added to the linear address. @@ -791,6 +804,8 @@ typedef struct _ND_OPDESC_MEMORY uint8_t DispSize; // Displacement size. Max 4 bytes. uint8_t CompDispSize; // Compressed displacement size - 1, 2, 4, 8, 16, 32, 64. + uint8_t ShStkType; // Shadow stack access type. Check out ND_SHSTK_ACCESS. + struct { uint8_t IndexSize; // VSIB index size. diff --git a/isagenerator/disasmlib.py b/isagenerator/disasmlib.py index 615a08f..fbce3ad 100644 --- a/isagenerator/disasmlib.py +++ b/isagenerator/disasmlib.py @@ -197,6 +197,7 @@ valid_opsize = [ 'l', # Either a 64 bit or a 128 bit operand size (used by BNDMOV). 'rx', # 512 bytes extended state. 'cl', # 32/64/128 bytes - the size of one cache line. + '12', # 4 bytes (0) + 8 bytes (old SSP), used by SAVEPREVSSP. 't', # A tile register. The size varies dependning on execution environment, but can be as high as 1K. ] @@ -270,17 +271,21 @@ valid_impops = {# register size 'X87STATUS': ('X87STATUS', 'w'), # X87 status register. 'MXCSR' : ('MXCSR', 'd'), # MXCSR register. 'PKRU' : ('PKRU', 'd'), # PKRU register. - 'SSP' : ('SSP', 'yf'), # Shadow stack pointer. + 'SSP' : ('SSP', 'yf'), # Shadow stack pointer. 32 bit in protected/compat mode, 64 in long mode. # Implicit memory operands. 'pBXALb' : ('pBXAL', 'b'), # Implicit [RBX + AL], as used by XLAT. 'pDIq' : ('pDI', 'q'), # Implicit qword [RDI]. 'pDIdq' : ('pDI', 'dq'), # Implicit xmmword [RDI]. - 'SHS' : ('SHS', 'q'), # Shadow stack access, 1 qword (use by CET instructions). - 'SHS1' : ('SHS', 'v'), # Shadow stack access, 1 word. - 'SHS2' : ('SHS', 'v2'), # Shadow stack, 2 words. - 'SHS3' : ('SHS', 'v3'), # Shadow stack, 3 words. - 'SHS4' : ('SHS', 'v4'), # Shadow stack, 4 words. + # Implicit shadow stack accesses. + 'SHS' : ('SHS', 'q'), # Shadow stack (SSP) implicit access, 1 qword (use by CET instructions). + 'SHS0' : ('SHS0', 'q'), # Shadow stack (IA32_PL0_SSP) implicit access, 1 qword (use by CET instructions). + 'SHSI' : ('SHS', 'v2'), # Shadow stack load & discard, 2 elements (INCCSPD/INCSSPQ). + 'SHSS' : ('SHS', '12'), # Shadow stack read & store 4 + 8 bytes (SAVEPREVSSP). + 'SHS1' : ('SHSP', 'v'), # Shadow stack push/pop, 1 word. + 'SHS2' : ('SHSP', 'v2'), # Shadow stack push/pop, 2 words. + 'SHS3' : ('SHSP', 'v3'), # Shadow stack push/pop, 3 words. + 'SHS4' : ('SHSP', 'v4'), # Shadow stack push/pop, 4 words. } # If an operand type is not present here, than that operand is implicit & it's not encoded inside the instruction. diff --git a/isagenerator/generate_tables.py b/isagenerator/generate_tables.py index 796ae9b..d69f543 100644 --- a/isagenerator/generate_tables.py +++ b/isagenerator/generate_tables.py @@ -137,6 +137,8 @@ optype = { 'pBXAL' : 'ND_OPT_MEM_rBX_AL', 'pDI' : 'ND_OPT_MEM_rDI', 'SHS' : 'ND_OPT_MEM_SHS', + 'SHS0' : 'ND_OPT_MEM_SHS0', + 'SHSP' : 'ND_OPT_MEM_SHSP', # System registers, MSRs, XCRs, etc. 'GDTR' : 'ND_OPT_SYS_GDTR', @@ -222,6 +224,7 @@ opsize = { 'l' : 'ND_OPS_l', 'rx' : 'ND_OPS_rx', 'cl' : 'ND_OPS_cl', + '12' : 'ND_OPS_12', 't' : 'ND_OPS_t', } diff --git a/isagenerator/instructions/table_0F.dat b/isagenerator/instructions/table_0F.dat index cfd6876..9cbdc5e 100644 --- a/isagenerator/instructions/table_0F.dat +++ b/isagenerator/instructions/table_0F.dat @@ -39,7 +39,7 @@ ENCLU nil EAX,RBX,RCX,RDX [ NP 0x0F 0x01 /0 SERIALIZE nil nil [ NP 0x0F 0x01 /0xE8] s:SERIALIZE, t:MISC XSUSLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE8] s:TSXLDTRK, t:MISC XRESLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE9] s:TSXLDTRK, t:MISC -SAVEPREVSSP nil SHS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:W|RW, f:CF=t +SAVEPREVSSP nil SHSS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:RW|R, f:CF=t RDPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEE] s:PKU, t:MISC, w:W|W|R|R WRPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEF] s:PKU, t:MISC, w:R|R|R|W SWAPGS nil GSBASE,KGSBASE [ 0x0F 0x01 /0xF8] s:LONGMODE, t:SYSTEM, w:RW|RW, m:KERNEL|O64 @@ -59,7 +59,7 @@ STGI nil nil [ 0x0F 0x01 /0 CLGI nil nil [ 0x0F 0x01 /0xDD] s:SVM, t:SYSTEM, m:VMXROOT SKINIT nil EAX [ 0x0F 0x01 /0xDE] s:SVM, t:SYSTEM, w:R, m:VMXROOT INVLPGA nil rAX,ECX [ 0x0F 0x01 /0xDF] s:SVM, t:SYSTEM, w:R|R, m:VMXROOT -SETSSBSY nil SHS,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW +SETSSBSY nil SHS0,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW INVLPGB nil rAX,ECX,EDX [ 0x0F 0x01 /0xFE] s:INVLPGB, t:SYSTEM, w:R|R|R, m:NOREAL|KERNEL RMPADJUST nil RAX,RCX,RDX,Fv [ 0xF3 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL RMPUPDATE nil RAX,RCX,Fv [ 0xF2 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL @@ -71,7 +71,7 @@ LAR Gv,Rz Fv [ 0x0F 0x02 /r LSL Gv,Mw Fv [ 0x0F 0x03 /r:mem] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL LSL Gv,Rz Fv [ 0x0F 0x03 /r:reg] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL LOADALL nil BANK [ 0x0F 0x05] s:I486REAL, t:UNDOC, w:R -SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW, i:FSC, m:O64|NOSGX +SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv,SSP [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW|RW, a:F64, i:FSC, m:O64|NOSGX CLTS nil CR0 [ 0x0F 0x06] s:I286REAL, t:SYSTEM, w:W, m:KERNEL|NOV86 LOADALLD nil BANK [ 0x0F 0x07] s:I486REAL, t:UNDOC, w:R SYSRET nil STAR,SS,rCX,R11,CS,rIP,Fv [ o64 0x0F 0x07] s:AMD, t:SYSRET, w:R|W|R|R|W|W|W, i:FSC, m:KERNEL|O64 @@ -230,7 +230,7 @@ RDTSC nil EAX,EDX,TSC [ 0x0F 0x31] RDMSR nil EAX,EDX,ECX,MSR [ 0x0F 0x32] s:PENTIUMREAL, t:SYSTEM, w:W|W|R|R, m:KERNEL|NOV86, i:MSR RDPMC nil EAX,EDX,ECX,MSR [ 0x0F 0x33] s:RDPMC, t:SYSTEM, w:W|W|R|R, m:NOSGX SYSENTER nil SCS,SESP,SEIP,SS,sSP,CS,rIP,Fv [ 0x0F 0x34] s:PPRO, t:SYSCALL, w:R|R|R|W|W|W|W|W, i:SEP, f:IF=0, m:NOREAL|NOSGX -SYSEXIT nil SS,sSP,CS,rIP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W, i:SEP, m:KERNEL|NOREAL +SYSEXIT nil SS,sSP,CS,rIP,SSP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W|W, a:F64, i:SEP, m:KERNEL|NOREAL RDSHR Ed nil [ cyrix 0x0F 0x36 /r] s:CYRIX, t:SYSTEM, w:R GETSEC nil EAX,EBX [ NP 0x0F 0x37] s:SMX, t:SYSTEM, w:RCW|R, m:KERNEL|NOREAL|NOSGX WRSHR Ed nil [ cyrix 0x0F 0x37 /r] s:CYRIX, t:SYSTEM, w:W @@ -485,8 +485,8 @@ RDFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /0 RDGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /1:reg] s:RDWRFSGS, t:RDWRFSGS, w:W|R, m:O64 WRFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /2:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64 WRGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /3:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64 -INCSSPD Rd SHS2,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW -INCSSPQ Rq SHS2,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW +INCSSPD Rd SHSI,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW +INCSSPQ Rq SHSI,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW LFENCE nil nil [ NP 0x0F 0xAE /5:reg] s:SSE2, t:MISC UMONITOR mMb Fv [ 0xF3 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|W, f:WAITPKG, m:NOTSX UMWAIT Ry EDX,EAX [ 0xF2 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|R|R, m:NOTSX