15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Implementation of MiniDisassembler. 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef _WIN64 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#error The code in this file should not be used on 64-bit Windows. 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "sandbox/win/src/sidestep/mini_disassembler.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sidestep { 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)MiniDisassembler::MiniDisassembler(bool operand_default_is_32_bits, 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool address_default_is_32_bits) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : operand_default_is_32_bits_(operand_default_is_32_bits), 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_default_is_32_bits_(address_default_is_32_bits) { 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)MiniDisassembler::MiniDisassembler() 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : operand_default_is_32_bits_(true), 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_default_is_32_bits_(true) { 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::Disassemble( 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* start_byte, 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int* instruction_bytes) { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Clean up any state from previous invocations. 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Start by processing any prefixes. 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* current_byte = start_byte; 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int size = 0; 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InstructionType instruction_type = ProcessPrefixes(current_byte, &size); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (IT_UNKNOWN == instruction_type) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type; 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte += size; 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size = 0; 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: We have stripped all prefixes, and the operand_is_32_bits_ 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and address_is_32_bits_ flags are correctly set. 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type = ProcessOpcode(current_byte, 0, &size); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Check for error processing instruction 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if ((IT_UNKNOWN == instruction_type_) || (IT_UNUSED == instruction_type_)) { 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_UNKNOWN; 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte += size; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: operand_bytes_ indicates the total size of operands 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // specified by the opcode and/or ModR/M byte and/or SIB byte. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // pCurrentByte points to the first byte after the ModR/M byte, or after 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the SIB byte if it is present (i.e. the first byte of any operands 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // encoded in the instruction). 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We get the total length of any prefixes, the opcode, and the ModR/M and 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SIB bytes if present, by taking the difference of the original starting 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // address and the current byte (which points to the first byte of the 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands if present, or to the first byte of the next instruction if 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // they are not). Adding the count of bytes in the operands encoded in 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the instruction gives us the full length of the instruction in bytes. 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) *instruction_bytes += operand_bytes_ + (current_byte - start_byte); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Return the instruction type, which was set by ProcessOpcode(). 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void MiniDisassembler::Initialize() { 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_32_bits_ = operand_default_is_32_bits_; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_is_32_bits_ = address_default_is_32_bits_; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ = 0; 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = false; 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) should_decode_modrm_ = false; 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNKNOWN; 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f2_prefix_ = false; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f3_prefix_ = false; 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_66_prefix_ = false; 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::ProcessPrefixes(unsigned char* start_byte, 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int* size) { 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InstructionType instruction_type = IT_GENERIC; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Opcode& opcode = s_ia32_opcode_map_[0].table_[*start_byte]; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (opcode.type_) { 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX_ADDRESS: 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_is_32_bits_ = !address_default_is_32_bits_; 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) goto nochangeoperand; 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX_OPERAND: 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_32_bits_ = !operand_default_is_32_bits_; 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nochangeoperand: 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX: 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (0xF2 == (*start_byte)) 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f2_prefix_ = true; 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (0xF3 == (*start_byte)) 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f3_prefix_ = true; 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (0x66 == (*start_byte)) 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_66_prefix_ = true; 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type = opcode.type_; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we got a prefix, so add one and check next byte 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessPrefixes(start_byte + 1, size); 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; // not a prefix byte 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type; 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::ProcessOpcode(unsigned char* start_byte, 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int table_index, 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int* size) { 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const OpcodeTable& table = s_ia32_opcode_map_[table_index]; // Get our table 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char current_byte = (*start_byte) >> table.shift_; 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte = current_byte & table.mask_; // Mask out the bits we will use 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Check whether the byte we have is inside the table we have. 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (current_byte < table.min_lim_ || current_byte > table.max_lim_) { 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNKNOWN; 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Opcode& opcode = table.table_[current_byte]; 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (IT_UNUSED == opcode.type_) { 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This instruction is not used by the IA-32 ISA, so we indicate 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // this to the user. Probably means that we were pointed to 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // a byte in memory that was not the start of an instruction. 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNUSED; 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (IT_REFERENCE == opcode.type_) { 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We are looking at an opcode that has more bytes (or is continued 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // in the ModR/M byte). Recursively find the opcode definition in 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the table for the opcode's next byte. 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOpcode(start_byte + 1, opcode.table_index_, size); 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SpecificOpcode* specific_opcode = reinterpret_cast< 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SpecificOpcode*>(&opcode); 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (opcode.is_prefix_dependent_) { 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (got_f2_prefix_ && opcode.opcode_if_f2_prefix_.mnemonic_ != 0) { 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_f2_prefix_; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (got_f3_prefix_ && opcode.opcode_if_f3_prefix_.mnemonic_ != 0) { 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_f3_prefix_; 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (got_66_prefix_ && opcode.opcode_if_66_prefix_.mnemonic_ != 0) { 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_66_prefix_; 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Inv: The opcode type is known. 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = specific_opcode->type_; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Let's process the operand types to see if we have any immediate 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands, and/or a ModR/M byte. 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_dest_); 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_source_); 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_aux_); 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Inv: We have processed the opcode and incremented operand_bytes_ 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // by the number of bytes of any operands specified by the opcode 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // that are stored in the instruction (not registers etc.). Now 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we need to return the total number of bytes for the opcode and 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // for the ModR/M or SIB bytes if they are present. 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (table.mask_ != 0xff) { 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (have_modrm_) { 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we're looking at a ModR/M byte so we're not going to 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // count that into the opcode size 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessModrm(start_byte, size); 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // need to count the ModR/M byte even if it's just being 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // used for opcode extension 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (have_modrm_) { 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The ModR/M byte is the next byte. 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessModrm(start_byte + 1, size); 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessOperand(int flag_operand) { 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool succeeded = true; 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (AM_NOT_USED == flag_operand) 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return succeeded; 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Decide what to do based on the addressing mode. 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (flag_operand & AM_MASK) { 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // No ModR/M byte indicated by these addressing modes, and no 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // additional (e.g. immediate) parameters. 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_A: // Direct address 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_F: // EFLAGS register 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_X: // Memory addressed by the DS:SI register pair 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_Y: // Memory addressed by the ES:DI register pair 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_IMPLICIT: // Parameter is implicit, occupies no space in 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // instruction 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // There is a ModR/M byte but it does not necessarily need 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to be decoded. 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_C: // reg field of ModR/M selects a control register 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_D: // reg field of ModR/M selects a debug register 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_G: // reg field of ModR/M selects a general register 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_P: // reg field of ModR/M selects an MMX register 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_R: // mod field of ModR/M may refer only to a general register 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_S: // reg field of ModR/M selects a segment register 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_T: // reg field of ModR/M selects a test register 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_V: // reg field of ModR/M selects a 128-bit XMM register 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = true; 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // In these addressing modes, there is a ModR/M byte and it needs to be 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // decoded. No other (e.g. immediate) params than indicated in ModR/M. 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_E: // Operand is either a general-purpose register or memory, 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // specified by ModR/M byte 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_M: // ModR/M byte will refer only to memory 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_Q: // Operand is either an MMX register or memory (complex 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // evaluation), specified by ModR/M byte 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_W: // Operand is either a 128-bit XMM register or memory (complex 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // eval), specified by ModR/M byte 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = true; 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) should_decode_modrm_ = true; 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // These addressing modes specify an immediate or an offset value 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // directly, so we need to look at the operand type to see how many 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // bytes. 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_I: // Immediate data. 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_J: // Jump to offset. 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_O: // Operand is at offset. 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (flag_operand & OT_MASK) { 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_B: // Byte regardless of operand-size attribute. 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_C: // Byte or word, depending on operand-size attribute. 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_32_bits_) 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_D: // Doubleword, regardless of operand-size attribute. 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_DQ: // Double-quadword, regardless of operand-size attribute. 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_QUAD_WORD; 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_P: // 32-bit or 48-bit pointer, depending on operand-size 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // attribute. 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_32_bits_) 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_48_BIT_POINTER; 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_32_BIT_POINTER; 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PS: // 128-bit packed single-precision floating-point data. 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_128_BIT_PACKED_SINGLE_PRECISION_FLOATING; 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_Q: // Quadword, regardless of operand-size attribute. 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_QUAD_WORD; 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_S: // 6-byte pseudo-descriptor. 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_PSEUDO_DESCRIPTOR; 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SD: // Scalar Double-Precision Floating-Point Value 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PD: // Unaligned packed double-precision floating point value 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_PRECISION_FLOATING; 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SS: 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Scalar element of a 128-bit packed single-precision 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // floating data. 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We simply return enItUnknown since we don't have to support 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // floating point 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) succeeded = false; 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_V: // Word or doubleword, depending on operand-size attribute. 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_32_bits_) 2955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_W: // Word, regardless of operand-size attribute. 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Can safely ignore these. 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_A: // Two one-word operands in memory or two double-word 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands in memory 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PI: // Quadword MMX technology register (e.g. mm0) 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SI: // Doubleword integer register (e.g., eax) 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return succeeded; 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessModrm(unsigned char* start_byte, 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int* size) { 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If we don't need to decode, we just return the size of the ModR/M 3255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // byte (there is never a SIB byte in this case). 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!should_decode_modrm_) { 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 3285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We never care about the reg field, only the combination of the mod 3325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and r/m fields, so let's start by packing those fields together into 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 5 bits. 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char modrm = (*start_byte); 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char mod = modrm & 0xC0; // mask out top two bits to get mod field 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm = modrm & 0x07; // mask out bottom 3 bits to get r/m field 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) mod = mod >> 3; // shift the mod field to the right place 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm = mod | modrm; // combine the r/m and mod fields as discussed 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) mod = mod >> 3; // shift the mod field to bits 2..0 3405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: modrm contains the mod field in bits 4..3 and the r/m field 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // in bits 2..0, and mod contains the mod field in bits 2..0 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ModrmEntry* modrm_entry = 0; 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (address_is_32_bits_) 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm_entry = &s_ia32_modrm_map_[modrm]; 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm_entry = &s_ia16_modrm_map_[modrm]; 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: modrm_entry points to information that we need to decode 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the ModR/M byte. 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Add to the count of operand bytes, if the ModR/M byte indicates 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // that some operands are encoded in the instruction. 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (modrm_entry->is_encoded_in_instruction_) 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += modrm_entry->operand_size_; 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Process the SIB byte if necessary, and return the count 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // of ModR/M and SIB bytes. 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (modrm_entry->use_sib_byte_) { 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ProcessSib(start_byte + 1, mod, size); 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessSib(unsigned char* start_byte, 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char mod, 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int* size) { 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // get the mod field from the 2..0 bits of the SIB byte 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char sib_base = (*start_byte) & 0x07; 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (0x05 == sib_base) { 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (mod) { 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x00: // mod == 00 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x02: // mod == 10 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x01: // mod == 01 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x03: // mod == 11 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // According to the IA-32 docs, there does not seem to be a disp 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value for this value of mod 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) (*size)++; 3925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; // namespace sidestep 396