15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Copyright (c) 2007, Google Inc. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * All rights reserved. 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Redistribution and use in source and binary forms, with or without 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * modification, are permitted provided that the following conditions are 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * met: 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * * Redistributions of source code must retain the above copyright 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * notice, this list of conditions and the following disclaimer. 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * * Redistributions in binary form must reproduce the above 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * copyright notice, this list of conditions and the following disclaimer 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * in the documentation and/or other materials provided with the 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * distribution. 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * * Neither the name of Google Inc. nor the names of its 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * contributors may be used to endorse or promote products derived from 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * this software without specific prior written permission. 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * --- 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Author: Joi Sigurdsson 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) * Implementation of MiniDisassembler. 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) */ 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "mini_disassembler.h" 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace sidestep { 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)MiniDisassembler::MiniDisassembler(bool operand_default_is_32_bits, 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool address_default_is_32_bits) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : operand_default_is_32_bits_(operand_default_is_32_bits), 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_default_is_32_bits_(address_default_is_32_bits) { 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)MiniDisassembler::MiniDisassembler() 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : operand_default_is_32_bits_(true), 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_default_is_32_bits_(true) { 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::Disassemble( 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* start_byte, 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int& instruction_bytes) { 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Clean up any state from previous invocations. 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) Initialize(); 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Start by processing any prefixes. 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* current_byte = start_byte; 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int size = 0; 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InstructionType instruction_type = ProcessPrefixes(current_byte, size); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (IT_UNKNOWN == instruction_type) 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type; 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte += size; 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size = 0; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: We have stripped all prefixes, and the operand_is_32_bits_ 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and address_is_32_bits_ flags are correctly set. 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type = ProcessOpcode(current_byte, 0, size); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Check for error processing instruction 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if ((IT_UNKNOWN == instruction_type_) || (IT_UNUSED == instruction_type_)) { 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_UNKNOWN; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte += size; 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: operand_bytes_ indicates the total size of operands 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // specified by the opcode and/or ModR/M byte and/or SIB byte. 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // pCurrentByte points to the first byte after the ModR/M byte, or after 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the SIB byte if it is present (i.e. the first byte of any operands 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // encoded in the instruction). 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We get the total length of any prefixes, the opcode, and the ModR/M and 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SIB bytes if present, by taking the difference of the original starting 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // address and the current byte (which points to the first byte of the 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands if present, or to the first byte of the next instruction if 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // they are not). Adding the count of bytes in the operands encoded in 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the instruction gives us the full length of the instruction in bytes. 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_bytes += operand_bytes_ + (current_byte - start_byte); 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Return the instruction type, which was set by ProcessOpcode(). 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void MiniDisassembler::Initialize() { 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_32_bits_ = operand_default_is_32_bits_; 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_is_32_bits_ = address_default_is_32_bits_; 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef _M_X64 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_default_support_64_bits_ = true; 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#else 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_default_support_64_bits_ = false; 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_64_bits_ = false; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ = 0; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = false; 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) should_decode_modrm_ = false; 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNKNOWN; 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f2_prefix_ = false; 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f3_prefix_ = false; 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_66_prefix_ = false; 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::ProcessPrefixes(unsigned char* start_byte, 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int& size) { 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) InstructionType instruction_type = IT_GENERIC; 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Opcode& opcode = s_ia32_opcode_map_[0].table_[*start_byte]; 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (opcode.type_) { 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX_ADDRESS: 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) address_is_32_bits_ = !address_default_is_32_bits_; 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) goto nochangeoperand; 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX_OPERAND: 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_32_bits_ = !operand_default_is_32_bits_; 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nochangeoperand: 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case IT_PREFIX: 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (0xF2 == (*start_byte)) 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f2_prefix_ = true; 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (0xF3 == (*start_byte)) 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_f3_prefix_ = true; 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (0x66 == (*start_byte)) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) got_66_prefix_ = true; 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (operand_default_support_64_bits_ && (*start_byte) & 0x48) 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_is_64_bits_ = true; 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type = opcode.type_; 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size ++; 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we got a prefix, so add one and check next byte 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessPrefixes(start_byte + 1, size); 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; // not a prefix byte 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type; 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)InstructionType MiniDisassembler::ProcessOpcode(unsigned char* start_byte, 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int table_index, 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int& size) { 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const OpcodeTable& table = s_ia32_opcode_map_[table_index]; // Get our table 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char current_byte = (*start_byte) >> table.shift_; 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) current_byte = current_byte & table.mask_; // Mask out the bits we will use 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Check whether the byte we have is inside the table we have. 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (current_byte < table.min_lim_ || current_byte > table.max_lim_) { 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNKNOWN; 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Opcode& opcode = table.table_[current_byte]; 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (IT_UNUSED == opcode.type_) { 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This instruction is not used by the IA-32 ISA, so we indicate 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // this to the user. Probably means that we were pointed to 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // a byte in memory that was not the start of an instruction. 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = IT_UNUSED; 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (IT_REFERENCE == opcode.type_) { 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We are looking at an opcode that has more bytes (or is continued 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // in the ModR/M byte). Recursively find the opcode definition in 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the table for the opcode's next byte. 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOpcode(start_byte + 1, opcode.table_index_, size); 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return instruction_type_; 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SpecificOpcode* specific_opcode = (SpecificOpcode*)&opcode; 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (opcode.is_prefix_dependent_) { 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (got_f2_prefix_ && opcode.opcode_if_f2_prefix_.mnemonic_ != 0) { 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_f2_prefix_; 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (got_f3_prefix_ && opcode.opcode_if_f3_prefix_.mnemonic_ != 0) { 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_f3_prefix_; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else if (got_66_prefix_ && opcode.opcode_if_66_prefix_.mnemonic_ != 0) { 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) specific_opcode = &opcode.opcode_if_66_prefix_; 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Inv: The opcode type is known. 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) instruction_type_ = specific_opcode->type_; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Let's process the operand types to see if we have any immediate 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands, and/or a ModR/M byte. 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_dest_); 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_source_); 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessOperand(specific_opcode->flag_aux_); 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Inv: We have processed the opcode and incremented operand_bytes_ 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // by the number of bytes of any operands specified by the opcode 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // that are stored in the instruction (not registers etc.). Now 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we need to return the total number of bytes for the opcode and 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // for the ModR/M or SIB bytes if they are present. 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (table.mask_ != 0xff) { 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (have_modrm_) { 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // we're looking at a ModR/M byte so we're not going to 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // count that into the opcode size 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessModrm(start_byte, size); 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // need to count the ModR/M byte even if it's just being 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // used for opcode extension 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (have_modrm_) { 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The ModR/M byte is the next byte. 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ProcessModrm(start_byte + 1, size); 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return IT_GENERIC; 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessOperand(int flag_operand) { 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool succeeded = true; 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (AM_NOT_USED == flag_operand) 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return succeeded; 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Decide what to do based on the addressing mode. 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (flag_operand & AM_MASK) { 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // No ModR/M byte indicated by these addressing modes, and no 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // additional (e.g. immediate) parameters. 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_A: // Direct address 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_F: // EFLAGS register 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_X: // Memory addressed by the DS:SI register pair 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_Y: // Memory addressed by the ES:DI register pair 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_IMPLICIT: // Parameter is implicit, occupies no space in 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // instruction 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // There is a ModR/M byte but it does not necessarily need 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to be decoded. 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_C: // reg field of ModR/M selects a control register 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_D: // reg field of ModR/M selects a debug register 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_G: // reg field of ModR/M selects a general register 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_P: // reg field of ModR/M selects an MMX register 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_R: // mod field of ModR/M may refer only to a general register 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_S: // reg field of ModR/M selects a segment register 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_T: // reg field of ModR/M selects a test register 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_V: // reg field of ModR/M selects a 128-bit XMM register 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = true; 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // In these addressing modes, there is a ModR/M byte and it needs to be 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // decoded. No other (e.g. immediate) params than indicated in ModR/M. 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_E: // Operand is either a general-purpose register or memory, 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // specified by ModR/M byte 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_M: // ModR/M byte will refer only to memory 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_Q: // Operand is either an MMX register or memory (complex 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // evaluation), specified by ModR/M byte 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_W: // Operand is either a 128-bit XMM register or memory (complex 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // eval), specified by ModR/M byte 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) have_modrm_ = true; 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) should_decode_modrm_ = true; 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // These addressing modes specify an immediate or an offset value 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // directly, so we need to look at the operand type to see how many 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // bytes. 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_I: // Immediate data. 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_J: // Jump to offset. 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case AM_O: // Operand is at offset. 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (flag_operand & OT_MASK) { 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_B: // Byte regardless of operand-size attribute. 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_C: // Byte or word, depending on operand-size attribute. 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_32_bits_) 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_D: // Doubleword, regardless of operand-size attribute. 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_DQ: // Double-quadword, regardless of operand-size attribute. 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_QUAD_WORD; 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_P: // 32-bit or 48-bit pointer, depending on operand-size 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // attribute. 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_32_bits_) 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_48_BIT_POINTER; 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_32_BIT_POINTER; 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PS: // 128-bit packed single-precision floating-point data. 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_128_BIT_PACKED_SINGLE_PRECISION_FLOATING; 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_Q: // Quadword, regardless of operand-size attribute. 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_QUAD_WORD; 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_S: // 6-byte pseudo-descriptor. 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_PSEUDO_DESCRIPTOR; 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SD: // Scalar Double-Precision Floating-Point Value 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PD: // Unaligned packed double-precision floating point value 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_PRECISION_FLOATING; 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SS: 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Scalar element of a 128-bit packed single-precision 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // floating data. 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We simply return enItUnknown since we don't have to support 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // floating point 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) succeeded = false; 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_V: // Word, doubleword or quadword, depending on operand-size 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // attribute. 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (operand_is_64_bits_ && flag_operand & AM_I && 3285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) flag_operand & IOS_64) 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_QUAD_WORD; 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else if (operand_is_32_bits_) 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 3325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_W: // Word, regardless of operand-size attribute. 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_WORD; 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Can safely ignore these. 3405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_A: // Two one-word operands in memory or two double-word 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // operands in memory 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_PI: // Quadword MMX technology register (e.g. mm0) 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case OT_SI: // Doubleword integer register (e.g., eax) 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return succeeded; 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessModrm(unsigned char* start_byte, 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int& size) { 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If we don't need to decode, we just return the size of the ModR/M 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // byte (there is never a SIB byte in this case). 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!should_decode_modrm_) { 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // We never care about the reg field, only the combination of the mod 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // and r/m fields, so let's start by packing those fields together into 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 5 bits. 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char modrm = (*start_byte); 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char mod = modrm & 0xC0; // mask out top two bits to get mod field 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm = modrm & 0x07; // mask out bottom 3 bits to get r/m field 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) mod = mod >> 3; // shift the mod field to the right place 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm = mod | modrm; // combine the r/m and mod fields as discussed 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) mod = mod >> 3; // shift the mod field to bits 2..0 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: modrm contains the mod field in bits 4..3 and the r/m field 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // in bits 2..0, and mod contains the mod field in bits 2..0 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ModrmEntry* modrm_entry = 0; 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (address_is_32_bits_) 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm_entry = &s_ia32_modrm_map_[modrm]; 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) else 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) modrm_entry = &s_ia16_modrm_map_[modrm]; 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Invariant: modrm_entry points to information that we need to decode 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the ModR/M byte. 3885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Add to the count of operand bytes, if the ModR/M byte indicates 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // that some operands are encoded in the instruction. 3915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (modrm_entry->is_encoded_in_instruction_) 3925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += modrm_entry->operand_size_; 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Process the SIB byte if necessary, and return the count 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // of ModR/M and SIB bytes. 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (modrm_entry->use_sib_byte_) { 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 3985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ProcessSib(start_byte + 1, mod, size); 3995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 4005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 4015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool MiniDisassembler::ProcessSib(unsigned char* start_byte, 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char mod, 4075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int& size) { 4085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // get the mod field from the 2..0 bits of the SIB byte 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char sib_base = (*start_byte) & 0x07; 4105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (0x05 == sib_base) { 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (mod) { 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x00: // mod == 00 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x02: // mod == 10 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_DOUBLE_WORD; 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x01: // mod == 01 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) operand_bytes_ += OS_BYTE; 4185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 4195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case 0x03: // mod == 11 4205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // According to the IA-32 docs, there does not seem to be a disp 4215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // value for this value of mod 4225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 4235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 4245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) size++; 4285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return true; 4295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; // namespace sidestep 432