/* -----------------------------------------------------------------------------
* decode.c
*
* Copyright (c) 2005, 2006, Vivek Mohan <vivek@sig9.com>
* All rights reserved. See LICENSE
* -----------------------------------------------------------------------------
*/
#include <assert.h>
#include <string.h>
#include "types.h"
#include "itab.h"
#include "input.h"
#include "decode.h"
/* The max number of prefixes to an instruction */
#define MAX_PREFIXES 15
static struct ud_itab_entry ie_invalid = { UD_Iinvalid, O_NONE, O_NONE, O_NONE, P_none };
static struct ud_itab_entry ie_pause = { UD_Ipause, O_NONE, O_NONE, O_NONE, P_none };
static struct ud_itab_entry ie_nop = { UD_Inop, O_NONE, O_NONE, O_NONE, P_none };
/* Looks up mnemonic code in the mnemonic string table
* Returns NULL if the mnemonic code is invalid
*/
const char * ud_lookup_mnemonic( enum ud_mnemonic_code c )
{
if ( c < UD_Id3vil )
return ud_mnemonics_str[ c ];
return NULL;
}
/* Extracts instruction prefixes.
*/
static int get_prefixes( struct ud* u )
{
unsigned int have_pfx = 1;
unsigned int i;
uint8_t curr;
/* if in error state, bail out */
if ( u->error )
return -1;
/* keep going as long as there are prefixes available */
for ( i = 0; have_pfx ; ++i ) {
/* Get next byte. */
inp_next(u);
if ( u->error )
return -1;
curr = inp_curr( u );
/* rex prefixes in 64bit mode */
if ( u->dis_mode == 64 && ( curr & 0xF0 ) == 0x40 ) {
u->pfx_rex = curr;
} else {
switch ( curr )
{
case 0x2E :
u->pfx_seg = UD_R_CS;
u->pfx_rex = 0;
break;
case 0x36 :
u->pfx_seg = UD_R_SS;
u->pfx_rex = 0;
break;
case 0x3E :
u->pfx_seg = UD_R_DS;
u->pfx_rex = 0;
break;
case 0x26 :
u->pfx_seg = UD_R_ES;
u->pfx_rex = 0;
break;
case 0x64 :
u->pfx_seg = UD_R_FS;
u->pfx_rex = 0;
break;
case 0x65 :
u->pfx_seg = UD_R_GS;
u->pfx_rex = 0;
break;
case 0x67 : /* adress-size override prefix */
u->pfx_adr = 0x67;
u->pfx_rex = 0;
break;
case 0xF0 :
u->pfx_lock = 0xF0;
u->pfx_rex = 0;
break;
case 0x66:
/* the 0x66 sse prefix is only effective if no other sse prefix
* has already been specified.
*/
if ( !u->pfx_insn ) u->pfx_insn = 0x66;
u->pfx_opr = 0x66;
u->pfx_rex = 0;
break;
case 0xF2:
u->pfx_insn = 0xF2;
u->pfx_repne = 0xF2;
u->pfx_rex = 0;
break;
case 0xF3:
u->pfx_insn = 0xF3;
u->pfx_rep = 0xF3;
u->pfx_repe = 0xF3;
u->pfx_rex = 0;
break;
default :
/* No more prefixes */
have_pfx = 0;
break;
}
}
/* check if we reached max instruction length */
if ( i + 1 == MAX_INSN_LENGTH ) {
u->error = 1;
break;
}
}
/* return status */
if ( u->error )
return -1;
/* rewind back one byte in stream, since the above loop
* stops with a non-prefix byte.
*/
inp_back(u);
/* speculatively determine the effective operand mode,
* based on the prefixes and the current disassembly
* mode. This may be inaccurate, but useful for mode
* dependent decoding.
*/
if ( u->dis_mode == 64 ) {
u->opr_mode = REX_W( u->pfx_rex ) ? 64 : ( ( u->pfx_opr ) ? 16 : 32 ) ;
u->adr_mode = ( u->pfx_adr ) ? 32 : 64;
} else if ( u->dis_mode == 32 ) {
u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
} else if ( u->dis_mode == 16 ) {
u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
}
return 0;
}
/* Searches the instruction tables for the right entry.
*/
static int search_itab( struct ud * u )
{
struct ud_itab_entry * e = NULL;
enum ud_itab_index table;
uint8_t peek;
uint8_t did_peek = 0;
uint8_t curr;
uint8_t index;
/* if in state of error, return */
if ( u->error )
return -1;
/* get first byte of opcode. */
inp_next(u);
if ( u->error )
return -1;
curr = inp_curr(u);
/* resolve xchg, nop, pause crazyness */
if ( 0x90 == curr ) {
if ( !( u->dis_mode == 64 && REX_B( u->pfx_rex ) ) ) {
if ( u->pfx_rep ) {
u->pfx_rep = 0;
e = & ie_pause;
} else {
e = & ie_nop;
}
goto found_entry;
}
}
/* get top-level table */
if ( 0x0F == curr ) {
table = ITAB__0F;
curr = inp_next(u);
if ( u->error )
return -1;
/* 2byte opcodes can be modified by 0x66, F3, and F2 prefixes */
if ( 0x66 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSE66__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSE66__0F;
u->pfx_opr = 0;
}
} else if ( 0xF2 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSEF2__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSEF2__0F;
u->pfx_repne = 0;
}
} else if ( 0xF3 == u->pfx_insn ) {
if ( ud_itab_list[ ITAB__PFX_SSEF3__0F ][ curr ].mnemonic != UD_Iinvalid ) {
table = ITAB__PFX_SSEF3__0F;
u->pfx_repe = 0;
u->pfx_rep = 0;
}
}
/* pick an instruction from the 1byte table */
} else {
table = ITAB__1BYTE;
}
index = curr;
search:
e = & ud_itab_list[ table ][ index ];
/* if mnemonic constant is a standard instruction constant
* our search is over.
*/
if ( e->mnemonic < UD_Id3vil ) {
if ( e->mnemonic == UD_Iinvalid ) {
if ( did_peek ) {
inp_next( u ); if ( u->error ) return -1;
}
goto found_entry;
}
goto found_entry;
}
table = e->prefix;
switch ( e->mnemonic )
{
case UD_Igrp_reg:
peek = inp_peek( u );
did_peek = 1;
index = MODRM_REG( peek );
break;
case UD_Igrp_mod:
peek = inp_peek( u );
did_peek = 1;
index = MODRM_MOD( peek );
if ( index == 3 )
index = ITAB__MOD_INDX__11;
else
index = ITAB__MOD_INDX__NOT_11;
break;
case UD_Igrp_rm:
curr = inp_next( u );
did_peek = 0;
if ( u->error )
return -1;
index = MODRM_RM( curr );
break;
case UD_Igrp_x87:
curr = inp_next( u );
did_peek = 0;
if ( u->error )
return -1;
index = curr - 0xC0;
break;
case UD_Igrp_osize:
if ( u->opr_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->opr_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_asize:
if ( u->adr_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->adr_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_mode:
if ( u->dis_mode == 64 )
index = ITAB__MODE_INDX__64;
else if ( u->dis_mode == 32 )
index = ITAB__MODE_INDX__32;
else
index = ITAB__MODE_INDX__16;
break;
case UD_Igrp_vendor:
if ( u->vendor == UD_VENDOR_INTEL )
index = ITAB__VENDOR_INDX__INTEL;
else if ( u->vendor == UD_VENDOR_AMD )
index = ITAB__VENDOR_INDX__AMD;
else
assert( !"unrecognized vendor id" ); break;
case UD_Id3vil:
assert( !"invalid instruction mnemonic constant Id3vil" ); break;
default:
assert( !"invalid instruction mnemonic constant" ); break;
}
goto search;
found_entry:
u->itab_entry = e;
u->mnemonic = u->itab_entry->mnemonic;
return 0;
}
static unsigned int resolve_operand_size( const struct ud * u, unsigned int s )
{
switch ( s )
{
case SZ_V:
return ( u->opr_mode );
case SZ_Z:
return ( u->opr_mode == 16 ) ? 16 : 32;
case SZ_P:
return ( u->opr_mode == 16 ) ? SZ_WP : SZ_DP;
case SZ_MDQ:
return ( u->opr_mode == 16 ) ? 32 : u->opr_mode;
case SZ_RDQ:
return ( u->dis_mode == 64 ) ? 64 : 32;
default:
return s;
}
}
static int resolve_mnemonic( struct ud* u )
{
/* far/near flags */
u->br_far = 0;
u->br_near = 0;
/* readjust operand sizes for call/jmp instrcutions */
if ( u->mnemonic == UD_Icall || u->mnemonic == UD_Ijmp ) {
/* WP: 16bit pointer */
if ( u->operand[ 0 ].size == SZ_WP ) {
u->operand[ 0 ].size = 16;
u->br_far = 1;
u->br_near= 0;
/* DP: 32bit pointer */
} else if ( u->operand[ 0 ].size == SZ_DP ) {
u->operand[ 0 ].size = 32;
u->br_far = 1;
u->br_near= 0;
} else {
u->br_far = 0;
u->br_near= 1;
}
/* resolve 3dnow weirdness. */
} else if ( u->mnemonic == UD_I3dnow ) {
u->mnemonic = ud_itab_list[ ITAB__3DNOW ][ inp_curr( u ) ].mnemonic;
}
/* SWAPGS is only valid in 64bits mode */
if ( u->mnemonic == UD_Iswapgs && u->dis_mode != 64 ) {
u->error = 1;
return -1;
}
return 0;
}
/* -----------------------------------------------------------------------------
* decode_a()- Decodes operands of the type seg:offset
* -----------------------------------------------------------------------------
*/
static void
decode_a(struct ud* u, struct ud_operand *op)
{
if (u->opr_mode == 16) {
/* seg16:off16 */
op->type = UD_OP_PTR;
op->size = 32;
op->lval.ptr.off = inp_uint16(u);
op->lval.ptr.seg = inp_uint16(u);
} else {
/* seg16:off32 */
op->type = UD_OP_PTR;
op->size = 48;
op->lval.ptr.off = inp_uint32(u);
op->lval.ptr.seg = inp_uint16(u);
}
}
/* -----------------------------------------------------------------------------
* decode_gpr() - Returns decoded General Purpose Register
* -----------------------------------------------------------------------------
*/
static enum ud_type
decode_gpr(register struct ud* u, unsigned int s, unsigned char rm)
{
s = resolve_operand_size(u, s);
switch (s) {
case 64:
return UD_R_RAX + rm;
case SZ_DP:
case 32:
return UD_R_EAX + rm;
case SZ_WP:
case 16:
return UD_R_AX + rm;
case 8:
if (u->dis_mode == 64 && u->pfx_rex) {
if (rm >= 4)
return UD_R_SPL + (rm-4);
return UD_R_AL + rm;
} else return UD_R_AL + rm;
default:
return 0;
}
}
/* -----------------------------------------------------------------------------
* resolve_gpr64() - 64bit General Purpose Register-Selection.
* -----------------------------------------------------------------------------
*/
static enum ud_type
resolve_gpr64(struct ud* u, enum ud_operand_code gpr_op)
{
if (gpr_op >= OP_rAXr8 && gpr_op <= OP_rDIr15)
gpr_op = (gpr_op - OP_rAXr8) | (REX_B(u->pfx_rex) << 3);
else gpr_op = (gpr_op - OP_rAX);
if (u->opr_mode == 16)
return gpr_op + UD_R_AX;
if (u->dis_mode == 32 ||
(u->opr_mode == 32 && ! (REX_W(u->pfx_rex) || u->default64))) {
return gpr_op + UD_R_EAX;
}
return gpr_op + UD_R_RAX;
}
/* -----------------------------------------------------------------------------
* resolve_gpr32 () - 32bit General Purpose Register-Selection.
* -----------------------------------------------------------------------------
*/
static enum ud_type
resolve_gpr32(struct ud* u, enum ud_operand_code gpr_op)
{
gpr_op = gpr_op - OP_eAX;
if (u->opr_mode == 16)
return gpr_op + UD_R_AX;
return gpr_op + UD_R_EAX;
}
/* -----------------------------------------------------------------------------
* resolve_reg() - Resolves the register type
* -----------------------------------------------------------------------------
*/
static enum ud_type
resolve_reg(struct ud* u, unsigned int type, unsigned char i)
{
switch (type) {
case T_MMX : return UD_R_MM0 + (i & 7);
case T_XMM : return UD_R_XMM0 + i;
case T_CRG : return UD_R_CR0 + i;
case T_DBG : return UD_R_DR0 + i;
case T_SEG : return UD_R_ES + (i & 7);
case T_NONE:
default: return UD_NONE;
}
}
/* -----------------------------------------------------------------------------
* decode_imm() - Decodes Immediate values.
* -----------------------------------------------------------------------------
*/
static void
decode_imm(struct ud* u, unsigned int s, struct ud_operand *op)
{
op->size = resolve_operand_size(u, s);
op->type = UD_OP_IMM;
switch (op->size) {
case 8: op->lval.sbyte = inp_uint8(u); break;
case 16: op->lval.uword = inp_uint16(u); break;
case 32: op->lval.udword = inp_uint32(u); break;
case 64: op->lval.uqword = inp_uint64(u); break;
default: return;
}
}
/* -----------------------------------------------------------------------------
* decode_modrm() - Decodes ModRM Byte
* -----------------------------------------------------------------------------
*/
static void
decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s,
unsigned char rm_type, struct ud_operand *opreg,
unsigned char reg_size, unsigned char reg_type)
{
unsigned char mod, rm, reg;
inp_next(u);
/* get mod, r/m and reg fields */
mod = MODRM_MOD(inp_curr(u));
rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u));
reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u));
op->size = resolve_operand_size(u, s);
/* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */
if (mod == 3) {
op->type = UD_OP_REG;
if (rm_type == T_GPR)
op->base = decode_gpr(u, op->size, rm);
else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7));
}
/* else its memory addressing */
else {
op->type = UD_OP_MEM;
/* 64bit addressing */
if (u->adr_mode == 64) {
op->base = UD_R_RAX + rm;
/* get offset type */
if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 32;
else if (mod == 0 && (rm & 7) == 5) {
op->base = UD_R_RIP;
op->offset = 32;
} else op->offset = 0;
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
/* special conditions for base reference */
if (op->index == UD_R_RSP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
if (op->base == UD_R_RBP || op->base == UD_R_R13) {
if (mod == 0)
op->base = UD_NONE;
if (mod == 1)
op->offset = 8;
else op->offset = 32;
}
}
}
/* 32-Bit addressing mode */
else if (u->adr_mode == 32) {
/* get base */
op->base = UD_R_EAX + rm;
/* get offset type */
if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 32;
else if (mod == 0 && rm == 5) {
op->base = UD_NONE;
op->offset = 32;
} else op->offset = 0;
/* Scale-Index-Base (SIB) */
if ((rm & 7) == 4) {
inp_next(u);
op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
if (op->index == UD_R_ESP) {
op->index = UD_NONE;
op->scale = UD_NONE;
}
/* special condition for base reference */
if (op->base == UD_R_EBP) {
if (mod == 0)
op->base = UD_NONE;
if (mod == 1)
op->offset = 8;
else op->offset = 32;
}
}
}
/* 16bit addressing mode */
else {
switch (rm) {
case 0: op->base = UD_R_BX; op->index = UD_R_SI; break;
case 1: op->base = UD_R_BX; op->index = UD_R_DI; break;
case 2: op->base = UD_R_BP; op->index = UD_R_SI; break;
case 3: op->base = UD_R_BP; op->index = UD_R_DI; break;
case 4: op->base = UD_R_SI; break;
case 5: op->base = UD_R_DI; break;
case 6: op->base = UD_R_BP; break;
case 7: op->base = UD_R_BX; break;
}
if (mod == 0 && rm == 6) {
op->offset= 16;
op->base = UD_NONE;
}
else if (mod == 1)
op->offset = 8;
else if (mod == 2)
op->offset = 16;
}
}
/* extract offset, if any */
switch(op->offset) {
case 8 : op->lval.ubyte = inp_uint8(u); break;
case 16: op->lval.uword = inp_uint16(u); break;
case 32: op->lval.udword = inp_uint32(u); break;
case 64: op->lval.uqword = inp_uint64(u); break;
default: break;
}
/* resolve register encoded in reg field */
if (opreg) {
opreg->type = UD_OP_REG;
opreg->size = resolve_operand_size(u, reg_size);
if (reg_type == T_GPR)
opreg->base = decode_gpr(u, opreg->size, reg);
else opreg->base = resolve_reg(u, reg_type, reg);
}
}
/* -----------------------------------------------------------------------------
* decode_o() - Decodes offset
* -----------------------------------------------------------------------------
*/
static void
decode_o(struct ud* u, unsigned int s, struct ud_operand *op)
{
switch (u->adr_mode) {
case 64:
op->offset = 64;
op->lval.uqword = inp_uint64(u);
break;
case 32:
op->offset = 32;
op->lval.udword = inp_uint32(u);
break;
case 16:
op->offset = 16;
op->lval.uword = inp_uint16(u);
break;
default:
return;
}
op->type = UD_OP_MEM;
op->size = resolve_operand_size(u, s);
}
/* -----------------------------------------------------------------------------
* disasm_operands() - Disassembles Operands.
* -----------------------------------------------------------------------------
*/
static int disasm_operands(register struct ud* u)
{
/* mopXt = map entry, operand X, type; */
enum ud_operand_code mop1t = u->itab_entry->operand1.type;
enum ud_operand_code mop2t = u->itab_entry->operand2.type;
enum ud_operand_code mop3t = u->itab_entry->operand3.type;
/* mopXs = map entry, operand X, size */
unsigned int mop1s = u->itab_entry->operand1.size;
unsigned int mop2s = u->itab_entry->operand2.size;
unsigned int mop3s = u->itab_entry->operand3.size;
/* iop = instruction operand */
register struct ud_operand* iop = u->operand;
switch(mop1t) {
case OP_A :
decode_a(u, &(iop[0]));
break;
/* M[b] ... */
case OP_M :
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
/* E, G/P/V/I/CL/1/S */
case OP_E :
if (mop2t == OP_G) {
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
else if (mop3t == OP_CL) {
iop[2].type = UD_OP_REG;
iop[2].base = UD_R_CL;
iop[2].size = 8;
}
}
else if (mop2t == OP_P)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_MMX);
else if (mop2t == OP_V)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_XMM);
else if (mop2t == OP_S)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_SEG);
else {
decode_modrm(u, &(iop[0]), mop1s, T_GPR, NULL, 0, T_NONE);
if (mop2t == OP_CL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_CL;
iop[1].size = 8;
} else if (mop2t == OP_I1) {
iop[1].type = UD_OP_CONST;
u->operand[1].lval.udword = 1;
} else if (mop2t == OP_I) {
decode_imm(u, mop2s, &(iop[1]));
}
}
break;
/* G, E/PR[,I]/VR */
case OP_G :
if (mop2t == OP_M) {
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_PR) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_GPR);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_VR) {
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
} else if (mop2t == OP_W)
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
break;
/* AL..BH, I/O/DX */
case OP_AL : case OP_CL : case OP_DL : case OP_BL :
case OP_AH : case OP_CH : case OP_DH : case OP_BH :
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_AL + (mop1t - OP_AL);
iop[0].size = 8;
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t == OP_DX) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_DX;
iop[1].size = 16;
}
else if (mop2t == OP_O)
decode_o(u, mop2s, &(iop[1]));
break;
/* rAX[r8]..rDI[r15], I/rAX..rDI/O */
case OP_rAXr8 : case OP_rCXr9 : case OP_rDXr10 : case OP_rBXr11 :
case OP_rSPr12: case OP_rBPr13: case OP_rSIr14 : case OP_rDIr15 :
case OP_rAX : case OP_rCX : case OP_rDX : case OP_rBX :
case OP_rSP : case OP_rBP : case OP_rSI : case OP_rDI :
iop[0].type = UD_OP_REG;
iop[0].base = resolve_gpr64(u, mop1t);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t >= OP_rAX && mop2t <= OP_rDI) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr64(u, mop2t);
}
else if (mop2t == OP_O) {
decode_o(u, mop2s, &(iop[1]));
iop[0].size = resolve_operand_size(u, mop2s);
}
break;
/* AL[r8b]..BH[r15b], I */
case OP_ALr8b : case OP_CLr9b : case OP_DLr10b : case OP_BLr11b :
case OP_AHr12b: case OP_CHr13b: case OP_DHr14b : case OP_BHr15b :
{
ud_type_t gpr = (mop1t - OP_ALr8b) + UD_R_AL +
(REX_B(u->pfx_rex) << 3);
if (UD_R_AH <= gpr && u->pfx_rex)
gpr = gpr + 4;
iop[0].type = UD_OP_REG;
iop[0].base = gpr;
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
}
/* eAX..eDX, DX/I */
case OP_eAX : case OP_eCX : case OP_eDX : case OP_eBX :
case OP_eSP : case OP_eBP : case OP_eSI : case OP_eDI :
iop[0].type = UD_OP_REG;
iop[0].base = resolve_gpr32(u, mop1t);
if (mop2t == OP_DX) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_DX;
iop[1].size = 16;
} else if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* ES..GS */
case OP_ES : case OP_CS : case OP_DS :
case OP_SS : case OP_FS : case OP_GS :
/* in 64bits mode, only fs and gs are allowed */
if (u->dis_mode == 64)
if (mop1t != OP_FS && mop1t != OP_GS)
u->error= 1;
iop[0].type = UD_OP_REG;
iop[0].base = (mop1t - OP_ES) + UD_R_ES;
iop[0].size = 16;
break;
/* J */
case OP_J :
decode_imm(u, mop1s, &(iop[0]));
iop[0].type = UD_OP_JIMM;
break ;
/* PR, I */
case OP_PR:
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[0]), mop1s, T_MMX, NULL, 0, T_NONE);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* VR, I */
case OP_VR:
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[0]), mop1s, T_XMM, NULL, 0, T_NONE);
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
break;
/* P, Q[,I]/W/E[,I],VR */
case OP_P :
if (mop2t == OP_Q) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_MMX);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_W) {
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
} else if (mop2t == OP_VR) {
if (MODRM_MOD(inp_peek(u)) != 3)
u->error = 1;
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_MMX);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
}
break;
/* R, C/D */
case OP_R :
if (mop2t == OP_C)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_CRG);
else if (mop2t == OP_D)
decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_DBG);
break;
/* C, R */
case OP_C :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_CRG);
break;
/* D, R */
case OP_D :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_DBG);
break;
/* Q, P */
case OP_Q :
decode_modrm(u, &(iop[0]), mop1s, T_MMX, &(iop[1]), mop2s, T_MMX);
break;
/* S, E */
case OP_S :
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_SEG);
break;
/* W, V */
case OP_W :
decode_modrm(u, &(iop[0]), mop1s, T_XMM, &(iop[1]), mop2s, T_XMM);
break;
/* V, W[,I]/Q/M/E */
case OP_V :
if (mop2t == OP_W) {
/* special cases for movlps and movhps */
if (MODRM_MOD(inp_peek(u)) == 3) {
if (u->mnemonic == UD_Imovlps)
u->mnemonic = UD_Imovhlps;
else
if (u->mnemonic == UD_Imovhps)
u->mnemonic = UD_Imovlhps;
}
decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_XMM);
if (mop3t == OP_I)
decode_imm(u, mop3s, &(iop[2]));
} else if (mop2t == OP_Q)
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
else if (mop2t == OP_M) {
if (MODRM_MOD(inp_peek(u)) == 3)
u->error= 1;
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
} else if (mop2t == OP_E) {
decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
} else if (mop2t == OP_PR) {
decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
}
break;
/* DX, eAX/AL */
case OP_DX :
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_DX;
iop[0].size = 16;
if (mop2t == OP_eAX) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr32(u, mop2t);
} else if (mop2t == OP_AL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_AL;
iop[1].size = 8;
}
break;
/* I, I/AL/eAX */
case OP_I :
decode_imm(u, mop1s, &(iop[0]));
if (mop2t == OP_I)
decode_imm(u, mop2s, &(iop[1]));
else if (mop2t == OP_AL) {
iop[1].type = UD_OP_REG;
iop[1].base = UD_R_AL;
iop[1].size = 16;
} else if (mop2t == OP_eAX) {
iop[1].type = UD_OP_REG;
iop[1].base = resolve_gpr32(u, mop2t);
}
break;
/* O, AL/eAX */
case OP_O :
decode_o(u, mop1s, &(iop[0]));
iop[1].type = UD_OP_REG;
iop[1].size = resolve_operand_size(u, mop1s);
if (mop2t == OP_AL)
iop[1].base = UD_R_AL;
else if (mop2t == OP_eAX)
iop[1].base = resolve_gpr32(u, mop2t);
else if (mop2t == OP_rAX)
iop[1].base = resolve_gpr64(u, mop2t);
break;
/* 3 */
case OP_I3 :
iop[0].type = UD_OP_CONST;
iop[0].lval.sbyte = 3;
break;
/* ST(n), ST(n) */
case OP_ST0 : case OP_ST1 : case OP_ST2 : case OP_ST3 :
case OP_ST4 : case OP_ST5 : case OP_ST6 : case OP_ST7 :
iop[0].type = UD_OP_REG;
iop[0].base = (mop1t-OP_ST0) + UD_R_ST0;
iop[0].size = 0;
if (mop2t >= OP_ST0 && mop2t <= OP_ST7) {
iop[1].type = UD_OP_REG;
iop[1].base = (mop2t-OP_ST0) + UD_R_ST0;
iop[1].size = 0;
}
break;
/* AX */
case OP_AX:
iop[0].type = UD_OP_REG;
iop[0].base = UD_R_AX;
iop[0].size = 16;
break;
/* none */
default :
iop[0].type = iop[1].type = iop[2].type = UD_NONE;
}
return 0;
}
/* -----------------------------------------------------------------------------
* clear_insn() - clear instruction pointer
* -----------------------------------------------------------------------------
*/
static int clear_insn(register struct ud* u)
{
u->error = 0;
u->pfx_seg = 0;
u->pfx_opr = 0;
u->pfx_adr = 0;
u->pfx_lock = 0;
u->pfx_repne = 0;
u->pfx_rep = 0;
u->pfx_repe = 0;
u->pfx_seg = 0;
u->pfx_rex = 0;
u->pfx_insn = 0;
u->mnemonic = UD_Inone;
u->itab_entry = NULL;
memset( &u
->operand
[ 0 ], 0, sizeof( struct ud_operand
) ); memset( &u
->operand
[ 1 ], 0, sizeof( struct ud_operand
) ); memset( &u
->operand
[ 2 ], 0, sizeof( struct ud_operand
) );
return 0;
}
static int do_mode( struct ud* u )
{
/* if in error state, bail out */
if ( u->error ) return -1;
/* propagate perfix effects */
if ( u->dis_mode == 64 ) { /* set 64bit-mode flags */
/* Check validity of instruction m64 */
if ( P_INV64( u->itab_entry->prefix ) ) {
u->error = 1;
return -1;
}
/* effective rex prefix is the effective mask for the
* instruction hard-coded in the opcode map.
*/
u->pfx_rex = ( u->pfx_rex & 0x40 ) |
( u->pfx_rex & REX_PFX_MASK( u->itab_entry->prefix ) );
/* whether this instruction has a default operand size of
* 64bit, also hardcoded into the opcode map.
*/
u->default64 = P_DEF64( u->itab_entry->prefix );
/* calculate effective operand size */
if ( REX_W( u->pfx_rex ) ) {
u->opr_mode = 64;
} else if ( u->pfx_opr ) {
u->opr_mode = 16;
} else {
/* unless the default opr size of instruction is 64,
* the effective operand size in the absence of rex.w
* prefix is 32.
*/
u->opr_mode = ( u->default64 ) ? 64 : 32;
}
/* calculate effective address size */
u->adr_mode = (u->pfx_adr) ? 32 : 64;
} else if ( u->dis_mode == 32 ) { /* set 32bit-mode flags */
u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
} else if ( u->dis_mode == 16 ) { /* set 16bit-mode flags */
u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
}
/* These flags determine which operand to apply the operand size
* cast to.
*/
u->c1 = ( P_C1( u->itab_entry->prefix ) ) ? 1 : 0;
u->c2 = ( P_C2( u->itab_entry->prefix ) ) ? 1 : 0;
u->c3 = ( P_C3( u->itab_entry->prefix ) ) ? 1 : 0;
/* set flags for implicit addressing */
u->implicit_addr = P_IMPADDR( u->itab_entry->prefix );
return 0;
}
static int gen_hex( struct ud *u )
{
unsigned int i;
unsigned char *src_ptr = inp_sess( u );
char* src_hex;
/* bail out if in error stat. */
if ( u->error ) return -1;
/* output buffer pointe */
src_hex = ( char* ) u->insn_hexcode;
/* for each byte used to decode instruction */
for ( i = 0; i < u->inp_ctr; ++i, ++src_ptr) {
sprintf( src_hex
, "%02x", *src_ptr
& 0xFF ); src_hex += 2;
}
return 0;
}
/* =============================================================================
* ud_decode() - Instruction decoder. Returns the number of bytes decoded.
* =============================================================================
*/
unsigned int ud_decode( struct ud* u )
{
inp_start(u);
if ( clear_insn( u ) ) {
; /* error */
} else if ( get_prefixes( u ) != 0 ) {
; /* error */
} else if ( search_itab( u ) != 0 ) {
; /* error */
} else if ( do_mode( u ) != 0 ) {
; /* error */
} else if ( disasm_operands( u ) != 0 ) {
; /* error */
} else if ( resolve_mnemonic( u ) != 0 ) {
; /* error */
}
/* Handle decode error. */
if ( u->error ) {
/* clear out the decode data. */
clear_insn( u );
/* mark the sequence of bytes as invalid. */
u->itab_entry = & ie_invalid;
u->mnemonic = u->itab_entry->mnemonic;
}
u->insn_offset = u->pc; /* set offset of instruction */
u->insn_fill = 0; /* set translation buffer index to 0 */
u->pc += u->inp_ctr; /* move program counter by bytes decoded */
gen_hex( u ); /* generate hex code */
/* return number of bytes disassembled. */
return u->inp_ctr;
}
/* vim:cindent
* vim:ts=4
* vim:sw=4
* vim:expandtab
*/