arno
/
bddisasm
mirror of https://github.com/bitdefender/bddisasm.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added missing Default 64 flag for the ENTER instruction.

Browse Source 
On AMD, operand size is never forced to 64 bit - instead, it only defaults to 64 bit, which means that 0x66 can be used to encode 16 bit version of the instructions.
pull/29/head
Andrei Vlad LUTAS 4 years ago
parent 7a0fa449bc
commit e26971b4f0
8 changed files with 47 additions and 19 deletions
Show Stats Download Patch File Download Diff File

42
bddisasm/bddisasm.c
Unescape View File

@ -288,6 +288,23 @@ NdGetVersion(
*Revision = DISASM_VERSION_REVISION; *Revision = DISASM_VERSION_REVISION;
} }
//
// Do not use __TIME__ and __DATE__ macros when compiling against a kernel tree.
//
#if defined(__KERNEL__) && defined(__GNUC__)
if (NULL != BuildDate)
{
*BuildDate = NULL;
}
if (NULL != BuildTime)
{
*BuildTime = NULL;
}
#else
if (NULL != BuildDate) if (NULL != BuildDate)
{ {
*BuildDate = __DATE__; *BuildDate = __DATE__;
@ -297,6 +314,9 @@ NdGetVersion(
{ {
*BuildTime = __TIME__; *BuildTime = __TIME__;
} }
#endif
} }
#ifndef KERNEL_MODE #ifndef KERNEL_MODE
@ -3691,9 +3711,11 @@ NdGetEffectiveOpMode(
// Extract the flags. // Extract the flags.
width = (0 != Instrux->Exs.w) && !(Instrux->Attributes & ND_FLAG_WIG); width = (0 != Instrux->Exs.w) && !(Instrux->Attributes & ND_FLAG_WIG);
// In 64 bit mode, the operand is forced to 64 bit. Size-changing prefixes are ignored. // In 64 bit mode, the operand is forced to 64 bit. Size-changing prefixes are ignored.
f64 = 0 != (Instrux->Attributes & ND_FLAG_F64); f64 = 0 != (Instrux->Attributes & ND_FLAG_F64) && (ND_VEND_AMD != Instrux->VendMode);
// In 64 bit mode, the operand defaults to 64 bit No 32 bit form of the instruction exists. // In 64 bit mode, the operand defaults to 64 bit. No 32 bit form of the instruction exists. Note that on AMD,
d64 = 0 != (Instrux->Attributes & ND_FLAG_D64); // only default 64 bit operands exist, even for branches - no operand is forced to 64 bit.
d64 = (0 != (Instrux->Attributes & ND_FLAG_D64)) ||
(0 != (Instrux->Attributes & ND_FLAG_F64) && (ND_VEND_AMD == Instrux->VendMode));
// Check if 0x66 is indeed interpreted as a size changing prefix. Note that if 0x66 is a mandatory prefix, // Check if 0x66 is indeed interpreted as a size changing prefix. Note that if 0x66 is a mandatory prefix,
// then it won't be interpreted as a size changing prefix. However, there is an exception: MOVBE and CRC32 // then it won't be interpreted as a size changing prefix. However, there is an exception: MOVBE and CRC32
// have mandatory 0xF2, and 0x66 is in fact a size changing prefix. // have mandatory 0xF2, and 0x66 is in fact a size changing prefix.
@ -3770,8 +3792,9 @@ NdValidateInstruction(
if (ND_HAS_VSIB(Instrux) && Instrux->Category != ND_CAT_SCATTER) if (ND_HAS_VSIB(Instrux) && Instrux->Category != ND_CAT_SCATTER)
{ {
uint8_t usedVects[32] = { 0 }; uint8_t usedVects[32] = { 0 };
uint32_t i;
for (uint32_t i = 0; i < Instrux->OperandsCount; i++) for (i = 0; i < Instrux->OperandsCount; i++)
{ {
if (Instrux->Operands[i].Type == ND_OP_REG && Instrux->Operands[i].Info.Register.Type == ND_REG_SSE) if (Instrux->Operands[i].Type == ND_OP_REG && Instrux->Operands[i].Info.Register.Type == ND_REG_SSE)
{ {
@ -3903,6 +3926,7 @@ NdDecodeWithContext(
NDSTATUS status; NDSTATUS status;
PND_INSTRUCTION pIns; PND_INSTRUCTION pIns;
uint32_t opIndex; uint32_t opIndex;
size_t i;
// pre-init // pre-init
status = ND_STATUS_SUCCESS; status = ND_STATUS_SUCCESS;
@ -4000,7 +4024,7 @@ NdDecodeWithContext(
Instrux->TupleType = pIns->TupleType; Instrux->TupleType = pIns->TupleType;
// Copy the mnemonic, up until the NULL terminator. // Copy the mnemonic, up until the NULL terminator.
for (size_t i = 0; i < sizeof(Instrux->Mnemonic); i++) for (i = 0; i < sizeof(Instrux->Mnemonic); i++)
{ {
Instrux->Mnemonic[i] = gMnemonics[pIns->Mnemonic][i]; Instrux->Mnemonic[i] = gMnemonics[pIns->Mnemonic][i];
if (Instrux->Mnemonic[i] == 0) if (Instrux->Mnemonic[i] == 0)
@ -4858,13 +4882,13 @@ NdToText(
switch (pOp->Info.Memory.DispSize) switch (pOp->Info.Memory.DispSize)
{ {
case 1: case 1:
normDisp = ((disp & 0x80) ? ~((uint8_t)disp) + 1UL : disp) & 0xFF; normDisp = ((disp & 0x80) ? ~((uint8_t)disp) + 1ULL : disp) & 0xFF;
break; break;
case 2: case 2:
normDisp = ((disp & 0x8000) ? ~((uint16_t)disp) + 1UL : disp) & 0xFFFF; normDisp = ((disp & 0x8000) ? ~((uint16_t)disp) + 1ULL : disp) & 0xFFFF;
break; break;
case 4: case 4:
normDisp = ((disp & 0x80000000) ? ~((uint32_t)disp) + 1 : disp) & 0xFFFFFFFF; normDisp = ((disp & 0x80000000) ? ~((uint32_t)disp) + 1ULL : disp) & 0xFFFFFFFF;
break; break;
default: default:
normDisp = disp; normDisp = disp;
@ -4876,7 +4900,7 @@ NdToText(
// the normDisp is converted to a positive quantity, so no sign-extension is needed. // the normDisp is converted to a positive quantity, so no sign-extension is needed.
if (pOp->Info.Memory.HasCompDisp) if (pOp->Info.Memory.HasCompDisp)
{ {
normDisp = (uint32_t)normDisp * pOp->Info.Memory.CompDispSize; normDisp = (uint64_t)(uint32_t)normDisp * pOp->Info.Memory.CompDispSize;
} }
} }

2
bddisasm/include/instructions.h
Unescape View File

@ -3982,7 +3982,7 @@ const ND_INSTRUCTION gInstructions[2586] =
ND_INS_ENTER, ND_CAT_MISC, ND_SET_I186, 169, ND_INS_ENTER, ND_CAT_MISC, ND_SET_I186, 169,
0, 0,
ND_MOD_ANY, ND_MOD_ANY,
0, ND_OPS_CNT(2, 3), 0, 0, 0, 0, 0, 0, 0, 0, 0, ND_OPS_CNT(2, 3), 0, 0, 0, 0, 0, 0, ND_FLAG_D64, 0,
0, 0,
0, 0,
0, 0,

6
bddisasm_test/basic/stack_64.result
Unescape View File

@ -247,7 +247,7 @@
Segment: 2, Base: 4, Segment: 2, Base: 4,
000000000000002B c8100020 ENTER 0x0010, 0x20 000000000000002B c8100020 ENTER 0x0010, 0x20
DSIZE: 32, ASIZE: 64, VLEN: - DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: I186, Ins cat: MISC, CET tracked: no ISA Set: I186, Ins cat: MISC, CET tracked: no
Valid modes Valid modes
R0: yes, R1: yes, R2: yes, R3: yes R0: yes, R1: yes, R2: yes, R3: yes
@ -260,9 +260,9 @@
BND: no, BHINT: no, DNT: no BND: no, BHINT: no, DNT: no
Operand: 0, Acc: R-, Type: Immediate, Size: 2, RawSize: 2, Encoding: I Operand: 0, Acc: R-, Type: Immediate, Size: 2, RawSize: 2, Encoding: I
Operand: 1, Acc: R-, Type: Immediate, Size: 1, RawSize: 1, Encoding: I Operand: 1, Acc: R-, Type: Immediate, Size: 1, RawSize: 1, Encoding: I
Operand: 2, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 5, RegCount: 1 Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 5, RegCount: 1
Operand: 3, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 Operand: 3, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4, Segment: 2, Base: 4,
000000000000002F c9 LEAVE 000000000000002F c9 LEAVE

6
bddisasm_test/special/amx_64.result
Unescape View File

@ -197,7 +197,7 @@
Segment: 2, Base: 4, Segment: 2, Base: 4,
000000000000001E c8909090 ENTER 0x9090, 0x90 000000000000001E c8909090 ENTER 0x9090, 0x90
DSIZE: 32, ASIZE: 64, VLEN: - DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: I186, Ins cat: MISC, CET tracked: no ISA Set: I186, Ins cat: MISC, CET tracked: no
Valid modes Valid modes
R0: yes, R1: yes, R2: yes, R3: yes R0: yes, R1: yes, R2: yes, R3: yes
@ -210,9 +210,9 @@
BND: no, BHINT: no, DNT: no BND: no, BHINT: no, DNT: no
Operand: 0, Acc: R-, Type: Immediate, Size: 2, RawSize: 2, Encoding: I Operand: 0, Acc: R-, Type: Immediate, Size: 2, RawSize: 2, Encoding: I
Operand: 1, Acc: R-, Type: Immediate, Size: 1, RawSize: 1, Encoding: I Operand: 1, Acc: R-, Type: Immediate, Size: 1, RawSize: 1, Encoding: I
Operand: 2, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 5, RegCount: 1 Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 5, RegCount: 1
Operand: 3, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1 Operand: 3, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes, Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4, Segment: 2, Base: 4,
0000000000000022 90 NOP 0000000000000022 90 NOP

2
inc/bdshemu/bdshemu.h
Unescape View File

@ -6,7 +6,7 @@
#define BDSHEMU_H #define BDSHEMU_H
#include "bddisasm.h" #include "../bddisasm.h"
// //

4
inc/disasmtypes.h
Unescape View File

@ -9,6 +9,10 @@
# include <ntddk.h> # include <ntddk.h>
# include <Ntstrsafe.h> # include <Ntstrsafe.h>
#elif defined(__KERNEL__) && defined(__GNUC__)
# include <linux/types.h>
#else #else
# include <stddef.h> # include <stddef.h>

2
inc/version.h
Unescape View File

@ -7,6 +7,6 @@
#define DISASM_VERSION_MAJOR 1 #define DISASM_VERSION_MAJOR 1
#define DISASM_VERSION_MINOR 31 #define DISASM_VERSION_MINOR 31
#define DISASM_VERSION_REVISION 0 #define DISASM_VERSION_REVISION 1
#endif // DISASM_VER_H #endif // DISASM_VER_H

2
pybddisasm/setup.py
Unescape View File

@ -12,7 +12,7 @@ from setuptools import find_packages, setup, Command, Extension, Distribution
from codecs import open from codecs import open
VERSION = (0, 1, 3) VERSION = (0, 1, 3)
LIBRARY_VERSION = (1, 31, 0) LIBRARY_VERSION = (1, 31, 1)
LIBRARY_INSTRUX_SIZE = 864 LIBRARY_INSTRUX_SIZE = 864
packages = ['pybddisasm'] packages = ['pybddisasm']

Write Preview
Loading…
Cancel
Save