BITDEFENDER\vlutas
7a254037b0
Added support for AMD RMPQUERY instruction.
2022-10-27 12:37:02 +03:00
BITDEFENDER\vlutas
9ba1e6a2f9
Added support for new Intel instructions, per Intel ISA extensions document #319433-046 (September 2022): PREFETCHITI, RAO-INT, CMPCCXADD, WRMSRNS, MSRLIST, AMX-FP16, AVX-IFMA, AVX-NE-CONVERT, AVX-VNNI-INT8.
...
Multiple minor fixes to existing instructions.
Moved x86 decoding tests in a separate directory & improved the test script.
2022-10-04 12:22:59 +03:00
BITDEFENDER\vlutas
47da322ea5
Improved upper bits handling for SSE/AVX operations.
...
Improved POPF handling when 16 bit operand size is used.
Fixed typo in PUNPCKLBW emulation.
2022-08-09 20:02:45 +03:00
BITDEFENDER\vlutas
2fc491d51d
Handle reserved bits in RFLAGS when setting the entire register value.
2022-08-08 12:02:00 +03:00
BITDEFENDER\vlutas
f62c8a2238
https://github.com/bitdefender/bddisasm/issues/70 - fixed OF setting on ROR.
2022-08-01 15:46:38 +03:00
BITDEFENDER\vlutas
d3fd900903
Fixed OF on SHL and SHR with one bit shifts.
2022-08-01 14:13:27 +03:00
BITDEFENDER\vlutas
bf81c647e3
Make sure all flags are set for CMPXCHG (this was left intentionally incomplete).
...
Make sure we clear upper bits of the 256/512 bit SSE register.
2022-07-19 11:03:17 +03:00
BITDEFENDER\vlutas
6dda2c122c
Make sure upper 32 bit of a CMOV destination register is cleared to 0 even if the condition is not satisfied
2022-07-16 12:21:46 +03:00
BITDEFENDER\vlutas
1805a9edec
Fixed flag setting for ADC, SBB, SAR and IMUL instructions.
2022-07-14 13:42:37 +03:00
BITDEFENDER\vlutas
fe6a937f51
Switched to internally defined types.
...
WRUSSD and WRUSSQ cannot be executed when CPL != 0.
2022-01-05 14:03:13 +02:00
BITDEFENDER\vlutas
63e3ee22a9
Fixed High8 handling in NdGetFullAccessMap.
2022-01-03 12:25:35 +02:00
BITDEFENDER\vlutas
2f50ce9b4e
Improved REG_ID macros - make sure we include block addressing and High8 designator in the reg ID. Alsom, make sure the register size fits in, since the new tile register can be 1K in size, which previously overflowed...
2021-12-03 12:44:57 +02:00
BITDEFENDER\vlutas
433e723e07
Implemented a reverse oprand lookup table. It holds pointers to relevant operands inside INSTRUX, for quick lookup.
...
Moved helper functions in bdhelpers.c.
Added a dedicated BranchInfo field inside INSTRUX, containing the most relevant branch information.
2021-11-02 11:22:22 +02:00
BITDEFENDER\vlutas
412f065965
Moved the formatting function in a dedicated source file.
...
Added support for SIDT and RDTSC in bdshemu.
2021-10-19 17:33:15 +03:00
Andrei Vlad LUTAS
08096172cc
Multiple improvements
...
- New shemu flag - SHEMU_FLAG_SIDT, set when sheu encounters a SIDT in ring0.
- Added the CET Tracked flag to SYSCLAL, SYSENTER and INT n instructions.
- Fixed Do Not Track prefix recognition for CALL and JMP in long-mode.
- Fixed MONITOR and MONITORX implicit operands - the rAX register encodes a virtual address that will be used as the monitored range. That address is subject to a 1 byte load.
- Fixed RMPADJUST and RMPUPDATE implicit operands - the rAX register encodes a virtual address, and the rCX register encodes a virtual address of the RMP updated entry.
2021-08-31 13:37:50 +03:00
Andrei Vlad LUTAS
5a617986b7
Added new shemu flag: SHEMU_FLAG_SUD_ACCESS is raised whenever the code accesses the SharedUserData page.
2021-08-16 12:34:41 +03:00
Andrei Vlad LUTAS
c8735b437a
Fixed NEG emulation - make sure flags are set.
2021-08-10 14:46:39 +03:00
Andrei Vlad LUTAS
f6050661d5
Multiple improvements in bdshemu
...
Fixed an emulation bug for MOVZX and MOVSX instructions (https://github.com/bitdefender/bddisasm/issues/48 )
New shellcode flag - call tot Wow32 reserved.
New shellcode flag - heaven's gate.
New shellcode flag - stack-pivot.
Moved bdshemu tests in a password protected zip file, so it doesn't trigger AV detections.
2021-08-10 11:43:51 +03:00
Andrei Vlad LUTAS
76d92e73c2
Multiple changes
...
- Add support for AVX512-FP16 instructions, as per https://software.intel.com/content/www/us/en/develop/download/intel-avx512-fp16-architecture-specification.html
- Bug fix: zeroing with no masking is not supported, so return an error if we encounter such encodings
- Bug fix: ignore VEX/EVEX.W field outside 64 bit mode for some instructions
- Several other minor fixes and improvements
2021-07-08 12:40:39 +03:00
Andrei Vlad LUTAS
c3a6ea1c25
Updated SEAMCALL specs according to Intel® Trust Domain CPU Architectural Extensions 343754-002US May 2021.
2021-05-31 13:34:52 +03:00
Andrei Vlad LUTAS
d053de409f
Although not stated in the SDM, VMCALL, VMLAUNCH, VMRESUME and VMXOFF refuse any prefix (66, F3, F2).
2021-05-31 10:42:26 +03:00
Andrei Vlad LUTAS
f7bf814bbc
Flag the rIP operand of conditional branches as being conditionally read/write instead of plain read/write.
...
Bypass self-writes option in bdshemu - if set, bdshemu will not proceed to commit modifications made by the shellcode to itself.
2021-05-17 09:04:34 +03:00
Anichitei Ionel-Cristinel
a0e5d8f905
Increment revision
2021-03-31 11:55:25 +03:00
Andrei Vlad LUTAS
fccf11915d
Added support for Intel FRED and LKGS instructions.
2021-03-15 14:05:44 +02:00
Andrei Vlad LUTAS
f7be5a7bbd
Incremented version.
2021-02-23 18:17:21 +02:00
Andrei Vlad LUTAS
1eb1c9d0d2
Fixed https://github.com/bitdefender/bddisasm/issues/38 .
2021-01-15 19:09:53 +02:00
Andrei Vlad LUTAS
98ea9e1d9a
Fixed https://github.com/bitdefender/bddisasm/issues/34 , https://github.com/bitdefender/bddisasm/issues/35 , https://github.com/bitdefender/bddisasm/issues/36 and https://github.com/bitdefender/bddisasm/issues/37 .
2021-01-11 11:10:04 +02:00
Andrei Vlad LUTAS
f8a3011a49
Added support for AESDEC, AESDECLAST and AESIMC emulation, using compiler intrinsics - they will be used only if the SHEMU_OPT_SUPPORT_AES is set (so the integrator can properly check for AES-NI support in hardware).
...
Fixed shemu option on Linux - make sure proper RIP is provided.
2020-12-04 10:52:56 +02:00
Andrei Vlad LUTAS
e89f56289d
As per Intel SDM version 73 released in November 2020, make sure we don't decode 32-bit EVEX instructions that have EVEX.V' cleared, and 64-bit EVEX instructions that don't use EVEX.V' field, but have it cleared.
2020-11-17 10:36:26 +02:00
Andrei Vlad LUTAS
58197cc518
Removed support for PCOMMIT and CL1INVMB (not implemented by any x86/x64 CPUs), and marked MOV to/from test registers as being invalid in long mode.
...
Fixed https://github.com/bitdefender/bddisasm/issues/24
Fixed https://github.com/bitdefender/bddisasm/issues/25
Fixed https://github.com/bitdefender/bddisasm/issues/26
2020-11-09 09:18:46 +02:00
Andrei Vlad LUTAS
bcf9a89d69
Fixed https://github.com/bitdefender/bddisasm/issues/22 and https://github.com/bitdefender/bddisasm/issues/23 .
2020-11-08 11:02:46 +02:00
Andrei Vlad LUTAS
e26971b4f0
Added missing Default 64 flag for the ENTER instruction.
...
On AMD, operand size is never forced to 64 bit - instead, it only defaults to 64 bit, which means that 0x66 can be used to encode 16 bit version of the instructions.
2020-11-06 14:19:22 +02:00
Andrei Vlad LUTAS
9652450125
Added support for UINTR, HRESET and AVX-VNNI instructions, as per Intel® Architecture Instruction Set Extensions Programming Reference 41 (October 2020).
2020-10-05 13:19:03 +03:00
Andrei Vlad LUTAS
4f8b030ddd
Added support for Intel Key Locker instructions, as per https://software.intel.com/content/www/us/en/develop/download/intel-key-locker-specification.html .
2020-09-16 11:56:05 +03:00
Andrei Vlad LUTAS
33078e4670
Added support for TDX instructions, per https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-cpu-architectural-specification.pdf .
2020-09-10 11:06:20 +03:00
Andrei Vlad LUTAS
ea28907359
Fix potential division error in bdshemu, when the destination operand is not large enough to hold the result.
2020-08-27 16:25:39 +03:00
Andrei Vlad LUTAS
1d43b7b1ba
Improved stack string detection heuristic: only consider registers which have been modified during emulation; registers which were provided as "input" can be ignored, as they most likely contain addresses or other data relevant to the emulated code. We are only interested in string dynamically built during our emulation.
2020-08-11 09:26:48 +03:00
Andrei Vlad LUTAS
ed564dba32
Specifically flag multi-byte NOP operands as not-accessed.
...
New capability - bddisasm can now be instructed whether to decode some instructions as NOPs are as MPX/CET/CLDEMOTE. This is the case for instructions that are mapped onto the wide NOP space: in that case, an encoding might be NOP if the feature is off, but might be something else (even #UD) if the feature is on.
Added NdDecodeWithContext API - this becomes the base decode API; it received the input information filled in a ND_CONTEXT structure, whih has to be initialized only once, and can be reused across calls. The NdInitContext function must be used to initialize the context, as it ensures backwards compatibility by filling new options with default values.
Improvements to the README file.
2020-07-30 11:07:14 +03:00
Andrei Vlad LUTAS
144baa5140
Renamed REG_* fields to NDR_*, so that we don't conflict with _GNU_SOURCES.
2020-07-29 11:05:27 +03:00
Ionel-Cristinel ANICHITEI
049ecc0ab7
Don't use reserved identifiers for include guards
...
This fixes #5
2020-07-27 16:51:16 +03:00
Andrei Vlad LUTAS
d622f56211
Added SERIAL flag to the SERIALIZE instruction.
...
CLWB memory operand is subject to load access checks, while CLDEMOTE does not access memory at all (similar to PREFETCH).
2020-07-25 20:32:06 +03:00
Andrei Vlad LUTAS
4b2f2aee66
Added dedicated Prefetch operand access type.
...
Internally, store the access type sepparately than the flags.
Dump conditional operand accesses with exi option too.
2020-07-25 17:16:35 +03:00
Andrei Vlad LUTAS
cfb0f97897
Truncate the output of a relative addressing if 0x67 prefix is used.
2020-07-23 15:31:05 +03:00
Andrei Vlad LUTAS
752bc626c4
Fixed RET with immediate - the immediate is not sign-extended.
...
Fixed VEX decoding in 32 bit mode - vex.vvvv bit 3 is simply ignored.
Fixed several FMA instructions decoding (L/W flag should be ignored).
Print the 64 bit immediate value in disassembly, instead of the raw immediate (note that the operand always contains the sign-extended, full immediate).
XBEGIN always uses 32/64 bit RIP size (0x66 does not affect its size).
Decode WBINVD even if it's preceded by 0x66/0xF2 prefixes.
Several mnemonic fixes (FXSAVE64, FXRSTOR64, PUSHA/PUSHAD...).
Properly decode VPERMIL2* instructions.
Fixed SSE register decoding when it is encoded in immediate.
Decode SCATTER instructions even though they use the VSIB index as source.
Some disp8 fixes (t1s -> t1s8/t1s16).
SYSCALL/SYSRET are decoded and executed in 32 bit compat modem, even though SDM states they are invalid.
RDPID uses 32/64 bit reg size, never 16.
Various other minor tweaks & fixes.
Re-generated the test files, and added some more, new tests.
2020-07-23 14:08:01 +03:00
Andrei Vlad LUTAS
8392c97f97
Use the documented byte granularity for cache-line accesses.
...
Fixed CET CPUID feature flag - split into CET_SS and CET_IBT.
2020-07-22 00:47:46 +03:00
Andrei Vlad LUTAS
811c3d0f7c
Fixed several issues with CET instructions specification - shadow stack and shadow stack pointer implicit operands were missing from SETSSBSY instruction, and flags access was missing from them.
2020-07-21 17:36:19 +03:00
Andrei Vlad LUTAS
698ba367a1
Initial commit.
2020-07-21 11:19:18 +03:00