in_script.txt

当前支持 16-bit, 32-bit and 64-bit 的二进制文件

	asgn(x86_of, _x86_adc_of(arg(0), arg(1)), x86_cf);
	asgn(x86_af, _x86_adc_af(trunc$byte(arg(0)), trunc$byte(arg(1))), x86_cf);
	asgn(x86_cf, _x86_adc_cf(arg(0), arg(1)), x86_cf);
	asgn(arg(0), add(add(arg(0), arg(1)), zx$argsize_0(tmp(old_cf))));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ sbb ! size_same
: 80 /3 mem_rm:8,imm_imm:8 ! fx_lockable
: 82 /3 mem_rm:8,imm_imm:8 ! fx_lockable,xasm_skip
: 81 /3 mem_rm:osz,imm_imm:osz_old ! fx_lockable
: 83 /3 mem_rm:osz,imm_imm:osz_old ! fx_lockable,sx_yes
: 18 /r mem_rm:8,reg_r:8 ! fx_lockable
: 1a /r reg_r:8,mem_rm:8 ! fx_lockable
: 19 /r mem_rm:osz,reg_r:osz ! fx_lockable
: 1b /r reg_r:osz,mem_rm:osz ! fx_lockable
: 1c reg_r:8:0,imm_imm:8
: 1d reg_r:osz:0,imm_imm:osz_old
	asgn(tmp(old_cf), x86_cf);
	asgn(x86_of, _x86_sbb_of(arg(0), arg(1)), x86_cf);
	asgn(x86_af, _x86_sbb_af(trunc$byte(arg(0)), trunc$byte(arg(1))), x86_cf);
	asgn(x86_cf, _x86_sbb_cf(arg(0), arg(1)), x86_cf);
	asgn(arg(0), sub(sub(arg(0), arg(1)), zx$argsize_0(tmp(old_cf))));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ and ! size_same
: 80 /4 mem_rm:8,imm_imm:8 ! fx_lockable
: 82 /4 mem_rm:8,imm_imm:8 ! fx_lockable,xasm_skip
: 81 /4 mem_rm:osz,imm_imm:osz_old ! fx_lockable
: 83 /4 mem_rm:osz,imm_imm:osz_old ! fx_lockable,sx_yes
: 20 /r mem_rm:8,reg_r:8 ! fx_lockable
: 22 /r reg_r:8,mem_rm:8 ! fx_lockable
: 21 /r mem_rm:osz,reg_r:osz ! fx_lockable
: 23 /r reg_r:osz,mem_rm:osz ! fx_lockable
: 24 reg_r:8:0,imm_imm:8
: 25 reg_r:osz:0,imm_imm:osz_old
	asgn(x86_of, 0);
	asgn(x86_af, undefined);
	asgn(x86_cf, 0);
	asgn(arg(0), bitand(arg(0), arg(1)));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ sub ! size_same
: 80 /5 mem_rm:8,imm_imm:8 ! fx_lockable
: 82 /5 mem_rm:8,imm_imm:8 ! fx_lockable,xasm_skip
: 81 /5 mem_rm:osz,imm_imm:osz_old ! fx_lockable
: 83 /5 mem_rm:osz,imm_imm:osz_old ! fx_lockable,sx_yes
: 28 /r mem_rm:8,reg_r:8 ! fx_lockable
: 2a /r reg_r:8,mem_rm:8 ! fx_lockable
: 29 /r mem_rm:osz,reg_r:osz ! fx_lockable
: 2b /r reg_r:osz,mem_rm:osz ! fx_lockable
: 2c reg_r:8:0,imm_imm:8
: 2d reg_r:osz:0,imm_imm:osz_old
	asgn(x86_of, _x86_sub_of(arg(0), arg(1)));
	asgn(x86_af, _x86_sub_af(trunc$byte(arg(0)), trunc$byte(arg(1))));
	asgn(x86_cf, _x86_sub_cf(arg(0), arg(1)));
	asgn(arg(0), sub(arg(0), arg(1)));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ xor ! size_same
: 80 /6 mem_rm:8,imm_imm:8 ! fx_lockable
: 82 /6 mem_rm:8,imm_imm:8 ! fx_lockable,xasm_skip
: 81 /6 mem_rm:osz,imm_imm:osz_old ! fx_lockable
: 83 /6 mem_rm:osz,imm_imm:osz_old ! fx_lockable,sx_yes
: 30 /r mem_rm:8,reg_r:8 ! fx_lockable
: 32 /r reg_r:8,mem_rm:8 ! fx_lockable
: 31 /r mem_rm:osz,reg_r:osz ! fx_lockable
: 33 /r reg_r:osz,mem_rm:osz ! fx_lockable
: 34 reg_r:8:0,imm_imm:8
: 35 reg_r:osz:0,imm_imm:osz_old
	asgn(x86_of, 0);
	asgn(x86_af, undefined);
	asgn(x86_cf, 0);
	asgn(arg(0), bitxor(arg(0), arg(1)));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ cmp ! size_same
: 80 /7 mem_rm:8,imm_imm:8
: 82 /7 mem_rm:8,imm_imm:8 ! xasm_skip
: 81 /7 mem_rm:osz,imm_imm:osz_old
: 83 /7 mem_rm:osz,imm_imm:osz_old ! sx_yes
: 38 /r mem_rm:8,reg_r:8
: 3a /r reg_r:8,mem_rm:8
: 39 /r mem_rm:osz,reg_r:osz
: 3b /r reg_r:osz,mem_rm:osz
: 3c reg_r:8:0,imm_imm:8
: 3d reg_r:osz:0,imm_imm:osz_old
	asgn(x86_of, _x86_sub_of(arg(0), arg(1)));
	asgn(x86_af, _x86_sub_af(trunc$byte(arg(0)), trunc$byte(arg(1))));
	asgn(x86_cf, _x86_sub_cf(arg(0), arg(1)));
	asgn(tmp(result), sub(arg(0), arg(1)));
	asgn(x86_sf, sign(tmp(result)));
	asgn(x86_zf, is_zero(tmp(result)));
	asgn(x86_pf, _x86_parity(trunc$byte(tmp(result))));

# -- end arithmatic opcodes ---

# -- begin shift/rotate opcodes ---

# note: we specify 8 bits for shift/rotate count. in truth, only the low 5 or 6 bits are used.

$ rol ! size_same
: c0 /0 mem_rm:8,imm_imm:8
: c1 /0 mem_rm:osz,imm_imm:8
: d0 /0 mem_rm:8,imm_implict8:8:1
: d1 /0 mem_rm:osz,imm_implict8:8:1
: d2 /0 mem_rm:8,reg_r:8:1
: d3 /0 mem_rm:osz,reg_r:8:1
	asgn(x86_of, _x86_rol_of(arg(0), arg(1)));
	asgn(x86_af, _x86_rol_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_rol_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_rol_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_rol_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_rol_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_rol(arg(0), arg(1)));

$ ror ! size_same
: c0 /1 mem_rm:8,imm_imm:8
: c1 /1 mem_rm:osz,imm_imm:8
: d0 /1 mem_rm:8,imm_implict8:8:1
: d1 /1 mem_rm:osz,imm_implict8:8:1
: d2 /1 mem_rm:8,reg_r:8:1
: d3 /1 mem_rm:osz,reg_r:8:1
	asgn(x86_of, _x86_ror_of(arg(0), arg(1)));
	asgn(x86_af, _x86_ror_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_ror_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_ror_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_ror_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_ror_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_ror(arg(0), arg(1)));

$ rcl ! size_same
: c0 /2 mem_rm:8,imm_imm:8
: c1 /2 mem_rm:osz,imm_imm:8
: d0 /2 mem_rm:8,imm_implict8:8:1
: d1 /2 mem_rm:osz,imm_implict8:8:1
: d2 /2 mem_rm:8,reg_r:8:1
: d3 /2 mem_rm:osz,reg_r:8:1
	asgn(tmp(in_cf), x86_cf);
	asgn(x86_of, _x86_rcl_of(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_af, _x86_rcl_af(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_cf, _x86_rcl_cf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_sf, _x86_rcl_sf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_zf, _x86_rcl_zf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_pf, _x86_rcl_pf(arg(0), arg(1), tmp(in_cf)));
	asgn(arg(0), _x86_rcl(arg(0), arg(1), tmp(in_cf)));

$ rcr ! size_same
: c0 /3 mem_rm:8,imm_imm:8
: c1 /3 mem_rm:osz,imm_imm:8
: d0 /3 mem_rm:8,imm_implict8:8:1
: d1 /3 mem_rm:osz,imm_implict8:8:1
: d2 /3 mem_rm:8,reg_r:8:1
: d3 /3 mem_rm:osz,reg_r:8:1
	asgn(tmp(in_cf), x86_cf);
	asgn(x86_of, _x86_rcr_of(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_af, _x86_rcr_af(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_cf, _x86_rcr_cf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_sf, _x86_rcr_sf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_zf, _x86_rcr_zf(arg(0), arg(1), tmp(in_cf)));
	asgn(x86_pf, _x86_rcr_pf(arg(0), arg(1), tmp(in_cf)));
	asgn(arg(0), _x86_rcr(arg(0), arg(1), tmp(in_cf)));

$ shl ! size_same
: c0 /4 mem_rm:8,imm_imm:8
: c1 /4 mem_rm:osz,imm_imm:8
: d0 /4 mem_rm:8,imm_implict8:8:1
: d1 /4 mem_rm:osz,imm_implict8:8:1
: d2 /4 mem_rm:8,reg_r:8:1
: d3 /4 mem_rm:osz,reg_r:8:1
	asgn(x86_of, _x86_shl_of(arg(0), arg(1)));
	asgn(x86_af, _x86_shl_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_shl_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_shl_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_shl_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_shl_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_shl(arg(0), arg(1)));

$ shr ! size_same
: c0 /5 mem_rm:8,imm_imm:8
: c1 /5 mem_rm:osz,imm_imm:8
: d0 /5 mem_rm:8,imm_implict8:8:1
: d1 /5 mem_rm:osz,imm_implict8:8:1
: d2 /5 mem_rm:8,reg_r:8:1
: d3 /5 mem_rm:osz,reg_r:8:1
	asgn(x86_of, _x86_ushr_of(arg(0), arg(1)));
	asgn(x86_af, _x86_ushr_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_ushr_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_ushr_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_ushr_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_ushr_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_ushr(arg(0), arg(1)));

$ _sal ! size_same
	write("shl");
	space();
	write_args();
: c0 /6 mem_rm:8,imm_imm:8 ! xasm_skip
: c1 /6 mem_rm:osz,imm_imm:8 ! xasm_skip
: d0 /6 mem_rm:8,imm_implict8:8:1 ! xasm_skip
: d1 /6 mem_rm:osz,imm_implict8:8:1 ! xasm_skip
: d2 /6 mem_rm:8,reg_r:8:1 ! xasm_skip
: d3 /6 mem_rm:osz,reg_r:8:1 ! xasm_skip
	asgn(x86_of, _x86_shl_of(arg(0), arg(1)));
	asgn(x86_af, _x86_shl_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_shl_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_shl_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_shl_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_shl_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_shl(arg(0), arg(1)));

$ sar ! size_same
: c0 /7 mem_rm:8,imm_imm:8
: c1 /7 mem_rm:osz,imm_imm:8
: d0 /7 mem_rm:8,imm_implict8:8:1
: d1 /7 mem_rm:osz,imm_implict8:8:1
: d2 /7 mem_rm:8,reg_r:8:1
: d3 /7 mem_rm:osz,reg_r:8:1
	asgn(x86_of, _x86_sshr_of(arg(0), arg(1)));
	asgn(x86_af, _x86_sshr_af(arg(0), arg(1)));
	asgn(x86_cf, _x86_sshr_cf(arg(0), arg(1)));
	asgn(x86_sf, _x86_sshr_sf(arg(0), arg(1)));
	asgn(x86_zf, _x86_sshr_zf(arg(0), arg(1)));
	asgn(x86_pf, _x86_sshr_pf(arg(0), arg(1)));
	asgn(arg(0), _x86_sshr(arg(0), arg(1)));

# -- end shift/rotate opcodes ---

$ inc
: 40 reg_basecode:osz ! o_no64
: fe /0 mem_rm:8 ! fx_lockable
: ff /0 mem_rm:osz ! fx_lockable
	asgn(x86_of, _x86_add_of(arg(0), 1));
	asgn(x86_af, _x86_add_af(trunc$byte(arg(0)), 1));
	asgn(arg(0), add(arg(0), 1));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

$ dec
: 48 reg_basecode:osz ! o_no64
: fe /1 mem_rm:8 ! fx_lockable
: ff /1 mem_rm:osz ! fx_lockable
	asgn(x86_of, _x86_sub_of(arg(0), 1));
	asgn(x86_af, _x86_sub_af(trunc$byte(arg(0)), 1));
	asgn(arg(0), sub(arg(0), 1));
	asgn(x86_sf, sign(arg(0)));
	asgn(x86_zf, is_zero(arg(0)));
	asgn(x86_pf, _x86_parity(trunc$byte(arg(0))));

# this was implemented -- now is unhandled.
# -> [seg reg] xlatb
$ _xlat
	write_seg_reg();	// if not 7
	write("xlatb");
: d7 mem_xs:8

# --- begin string instructions ---

# arguments given here matches disassembly by msdev.
# actually, when is rsi/rdi instead of esi/edi or si/di used? is it the operand size? i imagine it's
# the address size.
# now wait a minute. address size defaults to 32 bits without a rex, correct? if so, uses esi/edi in 64 bit
# mode by default, right???
# believe it or not, it works like this: address size is 64 bits, use 67 for 32-bit not 16-bit address size.
# a16 is impossible in 64-bit mode.

# print suffixes here (instead of arguments), and sometimes a segment register prefix.

$ _ins
	write_rep();		// if present
	write("ins");
	write_size_suffix(argsize_lo(0));
: 6c mem_strd:8,reg_r:16:2 ! fx_rep
: 6d mem_strd:osz_old,reg_r:16:2 ! fx_rep

$ _outs
	write_seg_reg();
	write_rep();		// if present
	write("outs");
	write_size_suffix(argsize_lo(1));
: 6e reg_r:16:2,mem_strs:8 ! fx_rep
: 6f reg_r:16:2,mem_strs:osz_old ! fx_rep

$ _movs ! size_same
	write_seg_reg();
	write_rep();		// if present
	write("movs");
	write_size_suffix(argsize_lo(0));
: a4 mem_strd:8,mem_strs:8 ! fx_rep
: a5 mem_strd:osz,mem_strs:osz ! fx_rep

$ _cmps ! size_same
	write_seg_reg();
	write_repcc();		// if present
	write("cmps");
	write_size_suffix(argsize_lo(0));
: a6 mem_strs:8,mem_strd:8 ! fx_rep
: a7 mem_strs:osz,mem_strd:osz ! fx_rep

$ _stos ! size_same
	write_rep();		// if present
	write("stos");
	write_size_suffix(argsize_lo(0));
: aa mem_strd:8 ! fx_rep
: ab mem_strd:osz ! fx_rep

$ _lods ! size_same
	write_seg_reg();
	write_rep();		// if present
	write("lods");		// is rep lods useful?
	write_size_suffix(argsize_lo(0));
: ac mem_strs:8 ! fx_rep
: ad mem_strs:osz ! fx_rep

$ _scas ! size_same
	write_repcc();		// if present
	write("scas");
	write_size_suffix(argsize_lo(0));
: ae mem_strd:8 ! fx_rep
: af mem_strd:osz ! fx_rep

# --- end string instructions ---

# fixme -- is push ss valid in 64bit mode?
#       -- according to Intel, default operand size is 64 bits in 64 bit mode.
#       -- a 66 override causes 16 bit operation which may misalign the stack.
$ _pushsr
	write_size();
	write("push");
	space();
	write_args();
: 6 reg_sr:16:0 ! o_no64
: e reg_sr:16:1 ! o_no64
: 16 reg_sr:16:2 ! o_no64
: 1e reg_sr:16:3 ! o_no64
: 0f a0 reg_sr:16:4 ! o_is64
: 0f a8 reg_sr:16:5 ! o_is64

$ _popsr
	write_size();
	write("pop");
	space();
	write_args();
: 7 reg_sr:16:0 ! o_no64
: 17 reg_sr:16:2 ! o_no64
: 1f reg_sr:16:3 ! o_no64
: 0f a1 reg_sr:16:4 ! o_is64
: 0f a9 reg_sr:16:5 ! o_is64

$ push
: 50 reg_basecode:osz ! o_is64
: 68 imm_imm:osz_old ! o_is64
: 6a imm_imm:osz_old ! o_is64,sx_yes
: ff /6 mem_rm:osz_old ! o_is64
	asgn(stack$osz(0), arg(0));

$ pop
: 58 reg_basecode:osz ! o_is64
# note: for intel 486, 8f /1..7 is the same as 8f /0 according to opcodelist.txt.
# debug.exe reports the same thing but my cpu recognizes only /0 so we'll use that.
: 8f /0 mem_rm:osz ! o_is64
	asgn(arg(0), stack$osz(0));

# NOTE: With _movsr, when it's a memory operand it's always 16-bits. But, if it's a register,
# and it's a destination, it has size osz. (If it's a source, the processor ignores the upper
# 16 bits).
$ _movsr
	write("mov");
	space();
	write_args();
: 8c /0 mem_rm:osz,reg_sr:16:0 ! mod_3
: 8c /1 mem_rm:osz,reg_sr:16:1 ! mod_3
: 8c /2 mem_rm:osz,reg_sr:16:2 ! mod_3
: 8c /3 mem_rm:osz,reg_sr:16:3 ! mod_3
: 8c /4 mem_rm:osz,reg_sr:16:4 ! mod_3
: 8c /5 mem_rm:osz,reg_sr:16:5 ! mod_3
: 8c /0 mem_rm:16,reg_sr:16:0 ! mod_mem
: 8c /1 mem_rm:16,reg_sr:16:1 ! mod_mem
: 8c /2 mem_rm:16,reg_sr:16:2 ! mod_mem
: 8c /3 mem_rm:16,reg_sr:16:3 ! mod_mem
: 8c /4 mem_rm:16,reg_sr:16:4 ! mod_mem
: 8c /5 mem_rm:16,reg_sr:16:5 ! mod_mem
: 8e /0 reg_sr:16:0,mem_rm:16
: 8e /2 reg_sr:16:2,mem_rm:16
: 8e /3 reg_sr:16:3,mem_rm:16
: 8e /4 reg_sr:16:4,mem_rm:16
: 8e /5 reg_sr:16:5,mem_rm:16

$ _pusha
	write("pusha");
	write_size_suffix(get_osz());
: 60 void ! o_no64

$ _popa
	write("popa");
	write_size_suffix(get_osz());
: 61 void ! o_no64

$ _pushf
	write("pushf");
	write_size_suffix(get_osz());
: 9c void

$ _popf
	write("popf");
	write_size_suffix(get_osz());
: 9d void

# fixme -- why is this is64 ?
$ _jcc ! ctrlxfer_yes
	// instead of e.g. o32 jmp target should we do e.g. jmp dword short target ?
	write_size();
	write("j");
	write_cc(argvalue(1));