Andrei Vlad LUTAS
37a8c94bc7
Applied some of the syntax recomandations from https://cdrdv2.intel.com/v1/dl/getContent/817241 .
2 months ago
Andrei Vlad LUTAS
02cbe6a298
https://github.com/bitdefender/bddisasm/issues/87 - added missing `R` access for the `rIP` operand for `SYSCALL` instructions; added missing `SCS`, `rCX` and `rDX` operands for `SYSEXIT` instruction.
2 months ago
Andrei Vlad LUTAS
3df189f093
https://github.com/bitdefender/bddisasm/issues/87 - Fixed `CALL` instruction access for `rIP` operand - it must include read access, as the instruction pointer is saved on the stack.
2 months ago
Andrei Vlad LUTAS
fad9c7e35c
BDDISASM v2.1.0 release - please consult the CHANGELOG for details about the modifications.
2 months ago
Andrei Vlad LUTAS
f53cbc51e2
Added support for new Intel ISA, per Intel® Architecture Instruction Set Extensions and Future Features document #319433-049 (June 2023): AVX-NNI-INT16, SHA512, SM3, SM4, TSE.
9 months ago
BITDEFENDER\vlutas
096b583c25
Tiny comment fix.
11 months ago
BITDEFENDER\vlutas
124521beb5
Added support for Intel AMX-COMPLEX instructions.
1 year ago
BITDEFENDER\vlutas
ee6cdd6cb6
Switched to a more parsing-friendly format for the instructions database, where individual components are sepparated by a semicolon.
1 year ago
BITDEFENDER\vlutas
fc6059109d
Improved comments & improved vector length specifiers.
1 year ago
Ionel-Cristinel ANICHITEI
31457a0c02
Fix `clang-cl` and `mingw` builds
1 year ago
BITDEFENDER\vlutas
7a254037b0
Added support for AMD RMPQUERY instruction.
2 years ago
BITDEFENDER\vlutas
9ba1e6a2f9
Added support for new Intel instructions, per Intel ISA extensions document #319433-046 (September 2022): PREFETCHITI, RAO-INT, CMPCCXADD, WRMSRNS, MSRLIST, AMX-FP16, AVX-IFMA, AVX-NE-CONVERT, AVX-VNNI-INT8.
...
Multiple minor fixes to existing instructions.
Moved x86 decoding tests in a separate directory & improved the test script.
2 years ago
BITDEFENDER\vlutas
4596dbda51
Add copyright info when auto-generating files.
2 years ago
BITDEFENDER\vlutas
fe6a937f51
Switched to internally defined types.
...
WRUSSD and WRUSSQ cannot be executed when CPL != 0.
2 years ago
Eric Kilmer
68c7c4a066
Add missing sources to Makefile for bddisasm
2 years ago
BITDEFENDER\vlutas
63e3ee22a9
Fixed High8 handling in NdGetFullAccessMap.
2 years ago
BITDEFENDER\vlutas
c9d4dbca0f
Added missing modifications.
2 years ago
BITDEFENDER\vlutas
656916d92d
Added missing paranthesis.
3 years ago
BITDEFENDER\vlutas
433e723e07
Implemented a reverse oprand lookup table. It holds pointers to relevant operands inside INSTRUX, for quick lookup.
...
Moved helper functions in bdhelpers.c.
Added a dedicated BranchInfo field inside INSTRUX, containing the most relevant branch information.
3 years ago
BITDEFENDER\vlutas
412f065965
Moved the formatting function in a dedicated source file.
...
Added support for SIDT and RDTSC in bdshemu.
3 years ago
Andrei Vlad LUTAS
08096172cc
Multiple improvements
...
- New shemu flag - SHEMU_FLAG_SIDT, set when sheu encounters a SIDT in ring0.
- Added the CET Tracked flag to SYSCLAL, SYSENTER and INT n instructions.
- Fixed Do Not Track prefix recognition for CALL and JMP in long-mode.
- Fixed MONITOR and MONITORX implicit operands - the rAX register encodes a virtual address that will be used as the monitored range. That address is subject to a 1 byte load.
- Fixed RMPADJUST and RMPUPDATE implicit operands - the rAX register encodes a virtual address, and the rCX register encodes a virtual address of the RMP updated entry.
3 years ago
Andrei Vlad LUTAS
f6050661d5
Multiple improvements in bdshemu
...
Fixed an emulation bug for MOVZX and MOVSX instructions (https://github.com/bitdefender/bddisasm/issues/48 )
New shellcode flag - call tot Wow32 reserved.
New shellcode flag - heaven's gate.
New shellcode flag - stack-pivot.
Moved bdshemu tests in a password protected zip file, so it doesn't trigger AV detections.
3 years ago
Andrei Vlad LUTAS
76d92e73c2
Multiple changes
...
- Add support for AVX512-FP16 instructions, as per https://software.intel.com/content/www/us/en/develop/download/intel-avx512-fp16-architecture-specification.html
- Bug fix: zeroing with no masking is not supported, so return an error if we encounter such encodings
- Bug fix: ignore VEX/EVEX.W field outside 64 bit mode for some instructions
- Several other minor fixes and improvements
3 years ago
Andrei Vlad LUTAS
c3a6ea1c25
Updated SEAMCALL specs according to Intel® Trust Domain CPU Architectural Extensions 343754-002US May 2021.
3 years ago
Andrei Vlad LUTAS
d053de409f
Although not stated in the SDM, VMCALL, VMLAUNCH, VMRESUME and VMXOFF refuse any prefix (66, F3, F2).
3 years ago
Andrei Vlad LUTAS
072f6e059b
Build improvements
...
Exclude string constants from build if BDDISASM_NO_FORMAT is defined.
Use extern "C" when declaring the public bddisasm/bdshemu functions.
Include wmmintrin.h for AES intrinisics when building using LLVM/clang.
3 years ago
Andrei Vlad LUTAS
f7bf814bbc
Flag the rIP operand of conditional branches as being conditionally read/write instead of plain read/write.
...
Bypass self-writes option in bdshemu - if set, bdshemu will not proceed to commit modifications made by the shellcode to itself.
3 years ago
Ionel-Cristinel ANICHITEI
e7803bdf72
Implement nd_vsnprintf_s and nd_memset if possible
3 years ago
Andrei Vlad LUTAS
fccf11915d
Added support for Intel FRED and LKGS instructions.
3 years ago
Andrei Vlad LUTAS
37d47ef7e7
Display instruction bitfields support.
...
Using the `-bits` option, the various bits inside the EVEX, VEX, XOP, ModR/M and SIB can be displayed.
3 years ago
Andrei Vlad LUTAS
1eb1c9d0d2
Fixed https://github.com/bitdefender/bddisasm/issues/38 .
3 years ago
Andrei Vlad LUTAS
98ea9e1d9a
Fixed https://github.com/bitdefender/bddisasm/issues/34 , https://github.com/bitdefender/bddisasm/issues/35 , https://github.com/bitdefender/bddisasm/issues/36 and https://github.com/bitdefender/bddisasm/issues/37 .
3 years ago
Andrei Vlad LUTAS
e89f56289d
As per Intel SDM version 73 released in November 2020, make sure we don't decode 32-bit EVEX instructions that have EVEX.V' cleared, and 64-bit EVEX instructions that don't use EVEX.V' field, but have it cleared.
3 years ago
Andrei Vlad LUTAS
67da1892d4
Fetch the instruction bytes inside the Instrux when first entering NdDecode, and then use that buffer for further decoding.
3 years ago
Andrei Vlad LUTAS
58197cc518
Removed support for PCOMMIT and CL1INVMB (not implemented by any x86/x64 CPUs), and marked MOV to/from test registers as being invalid in long mode.
...
Fixed https://github.com/bitdefender/bddisasm/issues/24
Fixed https://github.com/bitdefender/bddisasm/issues/25
Fixed https://github.com/bitdefender/bddisasm/issues/26
4 years ago
Andrei Vlad LUTAS
bcf9a89d69
Fixed https://github.com/bitdefender/bddisasm/issues/22 and https://github.com/bitdefender/bddisasm/issues/23 .
4 years ago
Andrei Vlad LUTAS
e26971b4f0
Added missing Default 64 flag for the ENTER instruction.
...
On AMD, operand size is never forced to 64 bit - instead, it only defaults to 64 bit, which means that 0x66 can be used to encode 16 bit version of the instructions.
4 years ago
Andrei Vlad LUTAS
7a0fa449bc
Disassemble 4X90 as NOP as long as Rex.B is 0. Disassemble as XCHG only if Rex.B bit is set (promoting the use of R8 register).
4 years ago
Andrei Vlad LUTAS
9652450125
Added support for UINTR, HRESET and AVX-VNNI instructions, as per Intel® Architecture Instruction Set Extensions Programming Reference 41 (October 2020).
4 years ago
Andrei Vlad LUTAS
24ae7782d6
Fixed some static code check warnings.
4 years ago
Andrei Vlad LUTAS
4f8b030ddd
Added support for Intel Key Locker instructions, as per https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html .
4 years ago
Andrei Vlad LUTAS
33078e4670
Added support for TDX instructions, per https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-cpu-architectural-specification.pdf .
4 years ago
Andrei Vlad LUTAS
d61a6fa5dd
* INC/DEC do not modify the CF.
...
* Fixed FXSAVE64, PUSHAD and POPAD emulation - when explicit mnemonics were added for them, emulation support was not added, thus causing emulation to stop when encountering one of these.
4 years ago
Andrei Vlad LUTAS
ed564dba32
Specifically flag multi-byte NOP operands as not-accessed.
...
New capability - bddisasm can now be instructed whether to decode some instructions as NOPs are as MPX/CET/CLDEMOTE. This is the case for instructions that are mapped onto the wide NOP space: in that case, an encoding might be NOP if the feature is off, but might be something else (even #UD) if the feature is on.
Added NdDecodeWithContext API - this becomes the base decode API; it received the input information filled in a ND_CONTEXT structure, whih has to be initialized only once, and can be reused across calls. The NdInitContext function must be used to initialize the context, as it ensures backwards compatibility by filling new options with default values.
Improvements to the README file.
4 years ago
Andrei Vlad LUTAS
144baa5140
Renamed REG_* fields to NDR_*, so that we don't conflict with _GNU_SOURCES.
4 years ago
Ionel-Cristinel ANICHITEI
b0b7a67c8e
Add braces around the ND_INSTRUCTION.Operands initializer
4 years ago
Ionel-Cristinel ANICHITEI
a20db3ce54
Fix constants.h include path
4 years ago
Ionel-Cristinel ANICHITEI
11f1f548ff
Regenerate autogenerated files
4 years ago
Ionel-Cristinel ANICHITEI
049ecc0ab7
Don't use reserved identifiers for include guards
...
This fixes #5
4 years ago
Andrei KISARI
0d5d2a9625
Fixed include path.
4 years ago