📄 decode.c
字号:
static void decode_a(struct ud* u, struct ud_operand *op){ if (u->opr_mode == 16) { /* seg16:off16 */ op->type = UD_OP_PTR; op->size = 32; op->lval.ptr.off = inp_uint16(u); op->lval.ptr.seg = inp_uint16(u); } else { /* seg16:off32 */ op->type = UD_OP_PTR; op->size = 48; op->lval.ptr.off = inp_uint32(u); op->lval.ptr.seg = inp_uint16(u); }}/* ----------------------------------------------------------------------------- * decode_gpr() - Returns decoded General Purpose Register * ----------------------------------------------------------------------------- */static enum ud_type decode_gpr(register struct ud* u, unsigned int s, unsigned char rm){ s = resolve_operand_size(u, s); switch (s) { case 64: return UD_R_RAX + rm; case SZ_DP: case 32: return UD_R_EAX + rm; case SZ_WP: case 16: return UD_R_AX + rm; case 8: if (u->dis_mode == 64 && u->pfx_rex) { if (rm >= 4) return UD_R_SPL + (rm-4); return UD_R_AL + rm; } else return UD_R_AL + rm; default: return 0; }}/* ----------------------------------------------------------------------------- * resolve_gpr64() - 64bit General Purpose Register-Selection. * ----------------------------------------------------------------------------- */static enum ud_type resolve_gpr64(struct ud* u, enum ud_operand_code gpr_op){ if (gpr_op >= OP_rAXr8 && gpr_op <= OP_rDIr15) gpr_op = (gpr_op - OP_rAXr8) | (REX_B(u->pfx_rex) << 3); else gpr_op = (gpr_op - OP_rAX); if (u->opr_mode == 16) return gpr_op + UD_R_AX; if (u->dis_mode == 32 || (u->opr_mode == 32 && ! (REX_W(u->pfx_rex) || u->default64))) { return gpr_op + UD_R_EAX; } return gpr_op + UD_R_RAX;}/* ----------------------------------------------------------------------------- * resolve_gpr32 () - 32bit General Purpose Register-Selection. * ----------------------------------------------------------------------------- */static enum ud_type resolve_gpr32(struct ud* u, enum ud_operand_code gpr_op){ gpr_op = gpr_op - OP_eAX; if (u->opr_mode == 16) return gpr_op + UD_R_AX; return gpr_op + UD_R_EAX;}/* ----------------------------------------------------------------------------- * resolve_reg() - Resolves the register type * ----------------------------------------------------------------------------- */static enum ud_type resolve_reg(struct ud* u, unsigned int type, unsigned char i){ switch (type) { case T_MMX : return UD_R_MM0 + (i & 7); case T_XMM : return UD_R_XMM0 + i; case T_CRG : return UD_R_CR0 + i; case T_DBG : return UD_R_DR0 + i; case T_SEG : return UD_R_ES + (i & 7); case T_NONE: default: return UD_NONE; }}/* ----------------------------------------------------------------------------- * decode_imm() - Decodes Immediate values. * ----------------------------------------------------------------------------- */static void decode_imm(struct ud* u, unsigned int s, struct ud_operand *op){ op->size = resolve_operand_size(u, s); op->type = UD_OP_IMM; switch (op->size) { case 8: op->lval.sbyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; case 64: op->lval.uqword = inp_uint64(u); break; default: return; }}/* ----------------------------------------------------------------------------- * decode_modrm() - Decodes ModRM Byte * ----------------------------------------------------------------------------- */static void decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s, unsigned char rm_type, struct ud_operand *opreg, unsigned char reg_size, unsigned char reg_type){ unsigned char mod, rm, reg; inp_next(u); /* get mod, r/m and reg fields */ mod = MODRM_MOD(inp_curr(u)); rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u)); reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u)); op->size = resolve_operand_size(u, s); /* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */ if (mod == 3) { op->type = UD_OP_REG; if (rm_type == T_GPR) op->base = decode_gpr(u, op->size, rm); else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7)); } /* else its memory addressing */ else { op->type = UD_OP_MEM; /* 64bit addressing */ if (u->adr_mode == 64) { op->base = UD_R_RAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && (rm & 7) == 5) { op->base = UD_R_RIP; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); /* special conditions for base reference */ if (op->index == UD_R_RSP) { op->index = UD_NONE; op->scale = UD_NONE; } if (op->base == UD_R_RBP || op->base == UD_R_R13) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 32-Bit addressing mode */ else if (u->adr_mode == 32) { /* get base */ op->base = UD_R_EAX + rm; /* get offset type */ if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 32; else if (mod == 0 && rm == 5) { op->base = UD_NONE; op->offset = 32; } else op->offset = 0; /* Scale-Index-Base (SIB) */ if ((rm & 7) == 4) { inp_next(u); op->scale = (1 << SIB_S(inp_curr(u))) & ~1; op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3)); op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3)); if (op->index == UD_R_ESP) { op->index = UD_NONE; op->scale = UD_NONE; } /* special condition for base reference */ if (op->base == UD_R_EBP) { if (mod == 0) op->base = UD_NONE; if (mod == 1) op->offset = 8; else op->offset = 32; } } } /* 16bit addressing mode */ else { switch (rm) { case 0: op->base = UD_R_BX; op->index = UD_R_SI; break; case 1: op->base = UD_R_BX; op->index = UD_R_DI; break; case 2: op->base = UD_R_BP; op->index = UD_R_SI; break; case 3: op->base = UD_R_BP; op->index = UD_R_DI; break; case 4: op->base = UD_R_SI; break; case 5: op->base = UD_R_DI; break; case 6: op->base = UD_R_BP; break; case 7: op->base = UD_R_BX; break; } if (mod == 0 && rm == 6) { op->offset= 16; op->base = UD_NONE; } else if (mod == 1) op->offset = 8; else if (mod == 2) op->offset = 16; } } /* extract offset, if any */ switch(op->offset) { case 8 : op->lval.ubyte = inp_uint8(u); break; case 16: op->lval.uword = inp_uint16(u); break; case 32: op->lval.udword = inp_uint32(u); break; case 64: op->lval.uqword = inp_uint64(u); break; default: break; } /* resolve register encoded in reg field */ if (opreg) { opreg->type = UD_OP_REG; opreg->size = resolve_operand_size(u, reg_size); if (reg_type == T_GPR) opreg->base = decode_gpr(u, opreg->size, reg); else opreg->base = resolve_reg(u, reg_type, reg); }}/* ----------------------------------------------------------------------------- * decode_o() - Decodes offset * ----------------------------------------------------------------------------- */static void decode_o(struct ud* u, unsigned int s, struct ud_operand *op){ switch (u->adr_mode) { case 64: op->offset = 64; op->lval.uqword = inp_uint64(u); break; case 32: op->offset = 32; op->lval.udword = inp_uint32(u); break; case 16: op->offset = 16; op->lval.uword = inp_uint16(u); break; default: return; } op->type = UD_OP_MEM; op->size = resolve_operand_size(u, s);}/* ----------------------------------------------------------------------------- * disasm_operands() - Disassembles Operands. * ----------------------------------------------------------------------------- */static int disasm_operands(register struct ud* u){ /* mopXt = map entry, operand X, type; */ enum ud_operand_code mop1t = u->itab_entry->operand1.type; enum ud_operand_code mop2t = u->itab_entry->operand2.type; enum ud_operand_code mop3t = u->itab_entry->operand3.type; /* mopXs = map entry, operand X, size */ unsigned int mop1s = u->itab_entry->operand1.size; unsigned int mop2s = u->itab_entry->operand2.size; unsigned int mop3s = u->itab_entry->operand3.size; /* iop = instruction operand */ register struct ud_operand* iop = u->operand; switch(mop1t) { case OP_A : decode_a(u, &(iop[0])); break; /* M[b] ... */ case OP_M : if (MODRM_MOD(inp_peek(u)) == 3) u->error= 1; /* E, G/P/V/I/CL/1/S */ case OP_E : if (mop2t == OP_G) { decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_GPR); if (mop3t == OP_I) decode_imm(u, mop3s, &(iop[2])); else if (mop3t == OP_CL) { iop[2].type = UD_OP_REG; iop[2].base = UD_R_CL; iop[2].size = 8; } } else if (mop2t == OP_P) decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_MMX); else if (mop2t == OP_V) decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_XMM); else if (mop2t == OP_S) decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_SEG); else { decode_modrm(u, &(iop[0]), mop1s, T_GPR, NULL, 0, T_NONE); if (mop2t == OP_CL) { iop[1].type = UD_OP_REG; iop[1].base = UD_R_CL; iop[1].size = 8; } else if (mop2t == OP_I1) { iop[1].type = UD_OP_CONST; u->operand[1].lval.udword = 1; } else if (mop2t == OP_I) { decode_imm(u, mop2s, &(iop[1])); } } break; /* G, E/PR[,I]/VR */ case OP_G : if (mop2t == OP_M) { if (MODRM_MOD(inp_peek(u)) == 3) u->error= 1; decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR); } else if (mop2t == OP_E) { decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR); if (mop3t == OP_I) decode_imm(u, mop3s, &(iop[2])); } else if (mop2t == OP_PR) { decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_GPR); if (mop3t == OP_I) decode_imm(u, mop3s, &(iop[2])); } else if (mop2t == OP_VR) { if (MODRM_MOD(inp_peek(u)) != 3) u->error = 1; decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR); } else if (mop2t == OP_W) decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR); break; /* AL..BH, I/O/DX */ case OP_AL : case OP_CL : case OP_DL : case OP_BL : case OP_AH : case OP_CH : case OP_DH : case OP_BH : iop[0].type = UD_OP_REG; iop[0].base = UD_R_AL + (mop1t - OP_AL); iop[0].size = 8; if (mop2t == OP_I) decode_imm(u, mop2s, &(iop[1])); else if (mop2t == OP_DX) { iop[1].type = UD_OP_REG; iop[1].base = UD_R_DX; iop[1].size = 16; } else if (mop2t == OP_O)⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -