From 9ff254366000ad2c0e907917f90ff66737039a11 Mon Sep 17 00:00:00 2001 From: Andrei Vlad LUTAS Date: Tue, 21 Jul 2020 22:29:59 +0300 Subject: [PATCH] Added the Shadow Stack Pointer operand to the SYSCALL and SYSEXIT instructions. Moved the CET test cases in dedicated folders. Improved shadow-stack operand reporting - a distinction can be made between push/pop shadow stack accesses, and other shadow stack accesses. A new field is now present in the memory information - the shadow stack access type, which indicates: explicit access, implicit via SSP, implicit push/pop via SSP or implicit via IA32_PL0_SSP. --- bddisasm/bddisasm.c | 34 ++- bddisasm/include/instructions.h | 40 ++-- bddisasm/include/tabledefs.h | 4 + bddisasm_test/basic/branch_16.result | 44 ++-- bddisasm_test/basic/branch_32.result | 45 ++-- bddisasm_test/basic/branch_64.result | 50 ++-- bddisasm_test/basic/cet_64 | Bin 49 -> 0 bytes bddisasm_test/basic/cet_64.asm | 13 -- bddisasm_test/basic/prefixes_64.result | 2 +- bddisasm_test/cet/cet_32 | Bin 0 -> 41 bytes bddisasm_test/cet/cet_32.asm | 12 + .../cet_64.result => cet/cet_32.result} | 76 +++--- bddisasm_test/cet/cet_64 | Bin 0 -> 62 bytes bddisasm_test/cet/cet_64.asm | 16 ++ bddisasm_test/cet/cet_64.result | 218 ++++++++++++++++++ bddisasm_test/special/only_32.result | 2 +- bddisasm_test/special/only_64.result | 11 +- disasmtool/disasmtool.c | 2 +- inc/bddisasm.h | 17 +- isagenerator/disasmlib.py | 17 +- isagenerator/generate_tables.py | 3 + isagenerator/instructions/table_0F.dat | 12 +- 22 files changed, 451 insertions(+), 167 deletions(-) delete mode 100644 bddisasm_test/basic/cet_64 delete mode 100644 bddisasm_test/basic/cet_64.asm create mode 100644 bddisasm_test/cet/cet_32 create mode 100644 bddisasm_test/cet/cet_32.asm rename bddisasm_test/{basic/cet_64.result => cet/cet_32.result} (73%) create mode 100644 bddisasm_test/cet/cet_64 create mode 100644 bddisasm_test/cet/cet_64.asm create mode 100644 bddisasm_test/cet/cet_64.result diff --git a/bddisasm/bddisasm.c b/bddisasm/bddisasm.c index 34f0f31..7b5e409 100644 --- a/bddisasm/bddisasm.c +++ b/bddisasm/bddisasm.c @@ -200,6 +200,8 @@ static const uint16_t gOperandMap[] = ND_OPE_S, // ND_OPT_MEM_rBX_AL (as used by XLAT) ND_OPE_S, // ND_OPT_MEM_rDI (as used by masked moves) ND_OPE_S, // ND_OPT_MEM_SHS + ND_OPE_S, // ND_OPT_MEM_SHSP + ND_OPE_S, // ND_OPT_MEM_SHS0 ND_OPE_S, // ND_OPT_CR_0 ND_OPE_S, // ND_OPT_IDTR @@ -1665,6 +1667,11 @@ NdParseOperand( } break; + case ND_OPS_12: + // SAVPREVSSP instruction reads/writes 4 + 8 bytes from the shadow stack. + size = 12; + break; + case ND_OPS_t: // Tile register. The actual size depends on how the TILECFG register has been programmed, but it can be // up to 1K in size. @@ -1940,7 +1947,7 @@ NdParseOperand( // The operand is the SSP register. operand->Type = ND_OP_REG; operand->Info.Register.Type = ND_REG_SSP; - operand->Info.Register.Size = (Instrux->OpMode == ND_OPSZ_64) ? ND_SIZE_64BIT : ND_SIZE_32BIT; + operand->Info.Register.Size = operand->Size; operand->Info.Register.Reg = 0; break; @@ -2686,7 +2693,11 @@ memory: } // Shadow Stack Access, if this is the case. - operand->Info.Memory.IsShadowStack = ND_HAS_SHS(Instrux); + if (ND_HAS_SHS(Instrux)) + { + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_EXPLICIT; + } break; @@ -2808,10 +2819,27 @@ memory: break; case ND_OPT_MEM_SHS: - // Shadow stack. + // Shadow stack access using the current SSP. + Instrux->MemoryAccess |= operand->Access.Access; + operand->Type = ND_OP_MEM; + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_SSP_LD_ST; + break; + + case ND_OPT_MEM_SHS0: + // Shadow stack access using the IA32_PL0_SSP. + Instrux->MemoryAccess |= operand->Access.Access; + operand->Type = ND_OP_MEM; + operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_PL0_SSP; + break; + + case ND_OPT_MEM_SHSP: + // Shadow stack push/pop access. Instrux->MemoryAccess |= operand->Access.Access; operand->Type = ND_OP_MEM; operand->Info.Memory.IsShadowStack = true; + operand->Info.Memory.ShStkType = ND_SHSTK_SSP_PUSH_POP; break; case ND_OPT_Z: diff --git a/bddisasm/include/instructions.h b/bddisasm/include/instructions.h index 2348ccb..b10c60e 100644 --- a/bddisasm/include/instructions.h +++ b/bddisasm/include/instructions.h @@ -1360,7 +1360,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_J, ND_OPS_z, ND_OPF_R, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:100 Instruction:"CALL Ev" Encoding:"0xFF /2"/"M" @@ -1375,7 +1375,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_E, ND_OPS_v, ND_OPF_R, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:101 Instruction:"CALLF Ap" Encoding:"0x9A cp"/"D" @@ -1391,7 +1391,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:102 Instruction:"CALLF Mp" Encoding:"0xFF /3:mem"/"M" @@ -1407,7 +1407,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:103 Instruction:"CBW" Encoding:"ds16 0x98"/"" @@ -5772,7 +5772,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:425 Instruction:"INT1" Encoding:"0xF1"/"" @@ -5803,7 +5803,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:427 Instruction:"INTO" Encoding:"0xCE"/"" @@ -5819,7 +5819,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:428 Instruction:"INVD" Encoding:"0x0F 0x08"/"" @@ -5926,7 +5926,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:436 Instruction:"IRETQ" Encoding:"ds64 0xCF"/"" @@ -5942,7 +5942,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:437 Instruction:"IRETW" Encoding:"ds16 0xCF"/"" @@ -5958,7 +5958,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:438 Instruction:"JBE Jz" Encoding:"0x0F 0x86 cz"/"D" @@ -15186,7 +15186,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1131 Instruction:"RETF" Encoding:"0xCB"/"" @@ -15201,7 +15201,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1132 Instruction:"RETN Iw" Encoding:"0xC2 iw"/"I" @@ -15217,7 +15217,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1133 Instruction:"RETN" Encoding:"0xC3"/"" @@ -15231,7 +15231,7 @@ const ND_INSTRUCTION gInstructions[2554] = 0, OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), - OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), + OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1134 Instruction:"RMPADJUST" Encoding:"0xF3 0x0F 0x01 /0xFE"/"" @@ -15808,8 +15808,8 @@ const ND_INSTRUCTION gInstructions[2554] = 0, 0, 0, - OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), - OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHS, ND_OPS_12, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_R, 0, 0), }, // Pos:1176 Instruction:"SBB Eb,Gb" Encoding:"0x18 /r"/"MR" @@ -16291,7 +16291,7 @@ const ND_INSTRUCTION gInstructions[2554] = 0, 0, 0, - OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_MEM_SHS0, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, @@ -17353,7 +17353,7 @@ const ND_INSTRUCTION gInstructions[2554] = { ND_INS_SYSCALL, ND_CAT_SYSCALL, ND_SET_AMD, 760, ND_MOD_R0|ND_MOD_R1|ND_MOD_R2|ND_MOD_R3|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX, - 0, 0, ND_OPS_CNT(0, 9), 0, 0, 0, 0, 0, 0, ND_FLAG_O64, ND_CFF_FSC, + 0, 0, ND_OPS_CNT(0, 10), 0, 0, 0, 0, 0, 0, ND_FLAG_F64|ND_FLAG_O64, ND_CFF_FSC, 0, 0, 0, @@ -17367,6 +17367,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0), }, // Pos:1290 Instruction:"SYSENTER" Encoding:"0x0F 0x34"/"" @@ -17392,7 +17393,7 @@ const ND_INSTRUCTION gInstructions[2554] = { ND_INS_SYSEXIT, ND_CAT_SYSRET, ND_SET_PPRO, 762, ND_MOD_R0|ND_MOD_SMM|ND_MOD_PROT|ND_MOD_COMPAT|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX, - 0, 0, ND_OPS_CNT(0, 4), 0, 0, 0, 0, 0, 0, 0, ND_CFF_SEP, + 0, 0, ND_OPS_CNT(0, 5), 0, 0, 0, 0, 0, 0, ND_FLAG_F64, ND_CFF_SEP, 0, 0, 0, @@ -17401,6 +17402,7 @@ const ND_INSTRUCTION gInstructions[2554] = OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), + OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_W, 0, 0), }, // Pos:1292 Instruction:"SYSRET" Encoding:"o64 0x0F 0x07"/"" diff --git a/bddisasm/include/tabledefs.h b/bddisasm/include/tabledefs.h index 795f04e..6395a4f 100644 --- a/bddisasm/include/tabledefs.h +++ b/bddisasm/include/tabledefs.h @@ -300,6 +300,8 @@ typedef enum _ND_OPERAND_SIZE_SPEC ND_OPS_v3, ND_OPS_v4, ND_OPS_v8, + // 4 + 8 bytes accessed on the shadow stack by the SAVPREVSSP instruction. + ND_OPS_12, // MIB ND_OPS_mib, // VSIB sizes (for both the index and the accessed data). @@ -408,6 +410,8 @@ typedef enum _ND_OPERAND_TYPE_SPEC ND_OPT_MEM_rBX_AL, ND_OPT_MEM_rDI, ND_OPT_MEM_SHS, + ND_OPT_MEM_SHSP, + ND_OPT_MEM_SHS0, // Misc CR/XCR/MSR/SYS registers. ND_OPT_CR_0, diff --git a/bddisasm_test/basic/branch_16.result b/bddisasm_test/basic/branch_16.result index b014c57..ca9dde0 100644 --- a/bddisasm_test/basic/branch_16.result +++ b/bddisasm_test/basic/branch_16.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000003 ffd0 CALL ax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000005 66ffd0 CALL eax @@ -49,7 +49,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000008 ff17 CALL word ptr [bx] @@ -68,7 +68,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000000A 67ff13 CALL word ptr [ebx] @@ -87,7 +87,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000000D 67ff13 CALL word ptr [ebx] @@ -106,7 +106,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000010 6667ff13 CALL dword ptr [ebx] @@ -125,7 +125,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000014 ebfe JMP 0x14 @@ -246,7 +246,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000002C 669a000000102000 CALLF 0x0020:0x10000000 @@ -265,7 +265,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000034 ea00102000 JMPF 0x0020:0x1000 @@ -299,7 +299,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000041 67ff1b CALLF dword ptr [ebx] @@ -319,7 +319,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000044 ff1f CALLF dword ptr [bx] @@ -339,7 +339,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000046 6667ff1b CALLF fword ptr [ebx] @@ -359,7 +359,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004A 66ff1f CALLF fword ptr [bx] @@ -379,7 +379,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004D 67ff2b JMPF dword ptr [ebx] @@ -565,7 +565,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000068 cc INT3 @@ -586,7 +586,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000069 f1 INT1 @@ -641,7 +641,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000006C c22000 RETN 0x0020 @@ -660,7 +660,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: General Purpose, RegSize: 2, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 000000000000006F cb RETF @@ -678,7 +678,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000070 ca2000 RETF 0x0020 @@ -697,7 +697,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000073 cf IRETW @@ -718,7 +718,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000074 66cf IRETD @@ -739,6 +739,6 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, diff --git a/bddisasm_test/basic/branch_32.result b/bddisasm_test/basic/branch_32.result index 5d823e9..59e226f 100644 --- a/bddisasm_test/basic/branch_32.result +++ b/bddisasm_test/basic/branch_32.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000005 66ffd0 CALL ax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000008 ffd0 CALL eax @@ -49,7 +49,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000A 67ff17 CALL dword ptr [bx] @@ -68,7 +68,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000D ff13 CALL dword ptr [ebx] @@ -87,7 +87,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000000F 66ff13 CALL word ptr [ebx] @@ -106,7 +106,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3, 0000000000000012 ff13 CALL dword ptr [ebx] @@ -125,7 +125,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000014 ebfe JMP 0x14 @@ -246,7 +246,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000002B 9a000000102000 CALLF 0x0020:0x10000000 @@ -265,7 +265,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000032 66ea00102000 JMPF 0x0020:0x1000 @@ -299,7 +299,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003F 66ff1b CALLF dword ptr [ebx] @@ -319,7 +319,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000042 6667ff1f CALLF dword ptr [bx] @@ -339,7 +339,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000046 ff1b CALLF fword ptr [ebx] @@ -359,7 +359,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000048 67ff1f CALLF fword ptr [bx] @@ -379,7 +379,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000004B 66ff2b JMPF dword ptr [ebx] @@ -565,7 +565,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000066 cc INT3 @@ -586,7 +586,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000067 f1 INT1 @@ -641,7 +641,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000006A c22000 RETN 0x0020 @@ -660,7 +660,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 000000000000006D cb RETF @@ -678,7 +678,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000006E ca2000 RETF 0x0020 @@ -697,7 +697,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000071 66cf IRETW @@ -718,7 +718,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000073 cf IRETD @@ -739,7 +739,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000074 0f34 SYSENTER @@ -781,4 +781,5 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1 Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1 diff --git a/bddisasm_test/basic/branch_64.result b/bddisasm_test/basic/branch_64.result index e1b8a4e..ce49fed 100644 --- a/bddisasm_test/basic/branch_64.result +++ b/bddisasm_test/basic/branch_64.result @@ -13,7 +13,7 @@ Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000005 ffd0 CALL rax @@ -31,7 +31,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000007 67ff13 CALL qword ptr [ebx] @@ -50,7 +50,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000000A ff13 CALL qword ptr [rbx] @@ -69,7 +69,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000000C ebfe JMP 0xc @@ -147,7 +147,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3, 0000000000000018 ff1b CALLF fword ptr [rbx] @@ -167,7 +167,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000001A 48ff1b CALLF tbyte ptr [rbx] @@ -187,7 +187,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 3, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow stack: 3, 000000000000001D 66ff2b JMPF dword ptr [rbx] @@ -357,7 +357,7 @@ Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000034 cc INT3 @@ -378,7 +378,7 @@ Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000035 f1 INT1 @@ -433,7 +433,7 @@ Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 0000000000000038 c22000 RETN 0x0020 @@ -452,7 +452,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003B cb RETF @@ -470,7 +470,7 @@ Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003C ca2000 RETF 0x0020 @@ -489,7 +489,7 @@ Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes, Segment: 2, Base: 4, - Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3, 000000000000003F 66cf IRETW @@ -510,7 +510,7 @@ Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3, 0000000000000041 cf IRETD @@ -531,11 +531,11 @@ Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes, Segment: 2, Base: 4, Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes, + Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3, 0000000000000042 0f05 SYSCALL - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 64, ASIZE: 64, VLEN: - ISA Set: AMD, Ins cat: SYSCALL, CET tracked: no CPUID leaf: 0x80000001, reg: ecx, bit: 11 FLAGS access @@ -551,15 +551,16 @@ Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741695, RegCount: 1 Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741694, RegCount: 1 Operand: 2, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741692, RegCount: 1 - Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1 + Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1 Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 1, RegCount: 1 Operand: 5, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 11, RegCount: 1 - Operand: 6, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 - Operand: 7, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 - Operand: 8, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 6, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1 + Operand: 7, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 8, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Flags, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 9, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 0000000000000044 0f35 SYSEXIT - DSIZE: 32, ASIZE: 64, VLEN: - + DSIZE: 64, ASIZE: 64, VLEN: - ISA Set: PPRO, Ins cat: SYSRET, CET tracked: no CPUID leaf: 0x00000001, reg: edx, bit: 11 Valid modes @@ -570,8 +571,9 @@ REP: no, REPcc: no, LOCK: no HLE: no, XACQUIRE only: no, XRELEASE only: no BND: no, BHINT: no, DNT: no - Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1 + Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1 Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 - Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1 - Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1 + Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1 + Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1 + Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1 diff --git a/bddisasm_test/basic/cet_64 b/bddisasm_test/basic/cet_64 deleted file mode 100644 index 5c060469f13d75095176608fea1ab5c5c65b8378..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 49 wcmey&X4pYatCzxd2AcjB`Lh~Ss|1;oG8_$|INqOperands[i].Info.Memory.IsShadowStack) { - printf("Shadow Stack: yes, "); + printf("Shadow stack: %d, ", Instrux->Operands[i].Info.Memory.ShStkType); } if (Instrux->Operands[i].Info.Memory.HasCompDisp) diff --git a/inc/bddisasm.h b/inc/bddisasm.h index 2c9d3a7..4248f2b 100644 --- a/inc/bddisasm.h +++ b/inc/bddisasm.h @@ -758,6 +758,19 @@ typedef struct _ND_OPDESC_ADDRESS } ND_OPDESC_ADDRESS; +// +// Shadow stack access types. +// +typedef enum _ND_SHSTK_ACCESS +{ + ND_SHSTK_NONE = 0, + ND_SHSTK_EXPLICIT, // Explicit memory operand accessed as shadow stack. + ND_SHSTK_SSP_LD_ST, // Shadow Stack Pointer (SSP) used as base for addressing using conventional load/store. + ND_SHSTK_SSP_PUSH_POP, // Shadow Stack Pointer (SSP) used as base for addressing using push/pop. + ND_SHSTK_PL0_SSP, // Privilege 0 SSP (IA32_PL0_SSP) used (SETSSBSY). +} ND_SHSTK_ACCESS; + + // // Describes a memory operand. // @@ -775,7 +788,7 @@ typedef struct _ND_OPDESC_MEMORY bool IsStack:1; // TRUE if this is a stack op. Note that explicit stack accesses are not // included (eg: mov eax, [rsp] will NOT set IsStack). bool IsString:1; // TRUE for [RSI] and [RDI] operands inside string operations. - bool IsShadowStack:1; // TRUE if this is a shadow stack access. + bool IsShadowStack:1; // TRUE if this is a shadow stack access. Check out ShStkType for more info. bool IsDirect:1; // TRUE if direct addressing (MOV [...], EAX, 0xA3). bool IsBitbase:1; // TRUE if this is a bit base. Used for BT* instructions. The bitbase // stored in the second operand must be added to the linear address. @@ -791,6 +804,8 @@ typedef struct _ND_OPDESC_MEMORY uint8_t DispSize; // Displacement size. Max 4 bytes. uint8_t CompDispSize; // Compressed displacement size - 1, 2, 4, 8, 16, 32, 64. + uint8_t ShStkType; // Shadow stack access type. Check out ND_SHSTK_ACCESS. + struct { uint8_t IndexSize; // VSIB index size. diff --git a/isagenerator/disasmlib.py b/isagenerator/disasmlib.py index 615a08f..fbce3ad 100644 --- a/isagenerator/disasmlib.py +++ b/isagenerator/disasmlib.py @@ -197,6 +197,7 @@ valid_opsize = [ 'l', # Either a 64 bit or a 128 bit operand size (used by BNDMOV). 'rx', # 512 bytes extended state. 'cl', # 32/64/128 bytes - the size of one cache line. + '12', # 4 bytes (0) + 8 bytes (old SSP), used by SAVEPREVSSP. 't', # A tile register. The size varies dependning on execution environment, but can be as high as 1K. ] @@ -270,17 +271,21 @@ valid_impops = {# register size 'X87STATUS': ('X87STATUS', 'w'), # X87 status register. 'MXCSR' : ('MXCSR', 'd'), # MXCSR register. 'PKRU' : ('PKRU', 'd'), # PKRU register. - 'SSP' : ('SSP', 'yf'), # Shadow stack pointer. + 'SSP' : ('SSP', 'yf'), # Shadow stack pointer. 32 bit in protected/compat mode, 64 in long mode. # Implicit memory operands. 'pBXALb' : ('pBXAL', 'b'), # Implicit [RBX + AL], as used by XLAT. 'pDIq' : ('pDI', 'q'), # Implicit qword [RDI]. 'pDIdq' : ('pDI', 'dq'), # Implicit xmmword [RDI]. - 'SHS' : ('SHS', 'q'), # Shadow stack access, 1 qword (use by CET instructions). - 'SHS1' : ('SHS', 'v'), # Shadow stack access, 1 word. - 'SHS2' : ('SHS', 'v2'), # Shadow stack, 2 words. - 'SHS3' : ('SHS', 'v3'), # Shadow stack, 3 words. - 'SHS4' : ('SHS', 'v4'), # Shadow stack, 4 words. + # Implicit shadow stack accesses. + 'SHS' : ('SHS', 'q'), # Shadow stack (SSP) implicit access, 1 qword (use by CET instructions). + 'SHS0' : ('SHS0', 'q'), # Shadow stack (IA32_PL0_SSP) implicit access, 1 qword (use by CET instructions). + 'SHSI' : ('SHS', 'v2'), # Shadow stack load & discard, 2 elements (INCCSPD/INCSSPQ). + 'SHSS' : ('SHS', '12'), # Shadow stack read & store 4 + 8 bytes (SAVEPREVSSP). + 'SHS1' : ('SHSP', 'v'), # Shadow stack push/pop, 1 word. + 'SHS2' : ('SHSP', 'v2'), # Shadow stack push/pop, 2 words. + 'SHS3' : ('SHSP', 'v3'), # Shadow stack push/pop, 3 words. + 'SHS4' : ('SHSP', 'v4'), # Shadow stack push/pop, 4 words. } # If an operand type is not present here, than that operand is implicit & it's not encoded inside the instruction. diff --git a/isagenerator/generate_tables.py b/isagenerator/generate_tables.py index 796ae9b..d69f543 100644 --- a/isagenerator/generate_tables.py +++ b/isagenerator/generate_tables.py @@ -137,6 +137,8 @@ optype = { 'pBXAL' : 'ND_OPT_MEM_rBX_AL', 'pDI' : 'ND_OPT_MEM_rDI', 'SHS' : 'ND_OPT_MEM_SHS', + 'SHS0' : 'ND_OPT_MEM_SHS0', + 'SHSP' : 'ND_OPT_MEM_SHSP', # System registers, MSRs, XCRs, etc. 'GDTR' : 'ND_OPT_SYS_GDTR', @@ -222,6 +224,7 @@ opsize = { 'l' : 'ND_OPS_l', 'rx' : 'ND_OPS_rx', 'cl' : 'ND_OPS_cl', + '12' : 'ND_OPS_12', 't' : 'ND_OPS_t', } diff --git a/isagenerator/instructions/table_0F.dat b/isagenerator/instructions/table_0F.dat index cfd6876..9cbdc5e 100644 --- a/isagenerator/instructions/table_0F.dat +++ b/isagenerator/instructions/table_0F.dat @@ -39,7 +39,7 @@ ENCLU nil EAX,RBX,RCX,RDX [ NP 0x0F 0x01 /0 SERIALIZE nil nil [ NP 0x0F 0x01 /0xE8] s:SERIALIZE, t:MISC XSUSLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE8] s:TSXLDTRK, t:MISC XRESLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE9] s:TSXLDTRK, t:MISC -SAVEPREVSSP nil SHS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:W|RW, f:CF=t +SAVEPREVSSP nil SHSS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:RW|R, f:CF=t RDPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEE] s:PKU, t:MISC, w:W|W|R|R WRPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEF] s:PKU, t:MISC, w:R|R|R|W SWAPGS nil GSBASE,KGSBASE [ 0x0F 0x01 /0xF8] s:LONGMODE, t:SYSTEM, w:RW|RW, m:KERNEL|O64 @@ -59,7 +59,7 @@ STGI nil nil [ 0x0F 0x01 /0 CLGI nil nil [ 0x0F 0x01 /0xDD] s:SVM, t:SYSTEM, m:VMXROOT SKINIT nil EAX [ 0x0F 0x01 /0xDE] s:SVM, t:SYSTEM, w:R, m:VMXROOT INVLPGA nil rAX,ECX [ 0x0F 0x01 /0xDF] s:SVM, t:SYSTEM, w:R|R, m:VMXROOT -SETSSBSY nil SHS,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW +SETSSBSY nil SHS0,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW INVLPGB nil rAX,ECX,EDX [ 0x0F 0x01 /0xFE] s:INVLPGB, t:SYSTEM, w:R|R|R, m:NOREAL|KERNEL RMPADJUST nil RAX,RCX,RDX,Fv [ 0xF3 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL RMPUPDATE nil RAX,RCX,Fv [ 0xF2 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL @@ -71,7 +71,7 @@ LAR Gv,Rz Fv [ 0x0F 0x02 /r LSL Gv,Mw Fv [ 0x0F 0x03 /r:mem] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL LSL Gv,Rz Fv [ 0x0F 0x03 /r:reg] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL LOADALL nil BANK [ 0x0F 0x05] s:I486REAL, t:UNDOC, w:R -SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW, i:FSC, m:O64|NOSGX +SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv,SSP [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW|RW, a:F64, i:FSC, m:O64|NOSGX CLTS nil CR0 [ 0x0F 0x06] s:I286REAL, t:SYSTEM, w:W, m:KERNEL|NOV86 LOADALLD nil BANK [ 0x0F 0x07] s:I486REAL, t:UNDOC, w:R SYSRET nil STAR,SS,rCX,R11,CS,rIP,Fv [ o64 0x0F 0x07] s:AMD, t:SYSRET, w:R|W|R|R|W|W|W, i:FSC, m:KERNEL|O64 @@ -230,7 +230,7 @@ RDTSC nil EAX,EDX,TSC [ 0x0F 0x31] RDMSR nil EAX,EDX,ECX,MSR [ 0x0F 0x32] s:PENTIUMREAL, t:SYSTEM, w:W|W|R|R, m:KERNEL|NOV86, i:MSR RDPMC nil EAX,EDX,ECX,MSR [ 0x0F 0x33] s:RDPMC, t:SYSTEM, w:W|W|R|R, m:NOSGX SYSENTER nil SCS,SESP,SEIP,SS,sSP,CS,rIP,Fv [ 0x0F 0x34] s:PPRO, t:SYSCALL, w:R|R|R|W|W|W|W|W, i:SEP, f:IF=0, m:NOREAL|NOSGX -SYSEXIT nil SS,sSP,CS,rIP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W, i:SEP, m:KERNEL|NOREAL +SYSEXIT nil SS,sSP,CS,rIP,SSP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W|W, a:F64, i:SEP, m:KERNEL|NOREAL RDSHR Ed nil [ cyrix 0x0F 0x36 /r] s:CYRIX, t:SYSTEM, w:R GETSEC nil EAX,EBX [ NP 0x0F 0x37] s:SMX, t:SYSTEM, w:RCW|R, m:KERNEL|NOREAL|NOSGX WRSHR Ed nil [ cyrix 0x0F 0x37 /r] s:CYRIX, t:SYSTEM, w:W @@ -485,8 +485,8 @@ RDFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /0 RDGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /1:reg] s:RDWRFSGS, t:RDWRFSGS, w:W|R, m:O64 WRFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /2:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64 WRGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /3:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64 -INCSSPD Rd SHS2,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW -INCSSPQ Rq SHS2,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW +INCSSPD Rd SHSI,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW +INCSSPQ Rq SHSI,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW LFENCE nil nil [ NP 0x0F 0xAE /5:reg] s:SSE2, t:MISC UMONITOR mMb Fv [ 0xF3 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|W, f:WAITPKG, m:NOTSX UMWAIT Ry EDX,EAX [ 0xF2 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|R|R, m:NOTSX