x86dis.cc

功能较全面的反汇编器：反汇编器ht-2.0.15.tar.gz

		default: {assert(0);}
		}
		int s = esizeop(xop->size);
		sint64 addr = getoffset() + (codep - ocodep);
		switch (s) {
		case 1:
			op->imm = sint8(getbyte()) + addr + 1;
			break;
		case 2:
			op->imm = sint16(getword()) + addr + 2;
			break;
		case 4:
		case 8:
			op->imm = sint32(getdword()) + addr + 4;
			break;
		}
		break;
	}
	case TYPE_M: {
		/* ModR/M (memory only) */
		decode_modrm(op, xop->size, false, true, false, false, false);
		break;
	}
	case TYPE_MR: {
		/* ModR/M (memory only) */
		int modrm = getmodrm();
		int mod = mkmod(modrm);
		byte xopsize = xop->size;
		if (mod == 3) {
			xopsize = xop->extra;
		}
		decode_modrm(op, xopsize, (xopsize != SIZE_P), true, false, false, false);
		break;
	}
	case TYPE_O: {
		/* direct memory without ModR/M */
		op->type = X86_OPTYPE_MEM;
		op->size = esizeop(xop->size);
		op->mem.floatptr = isfloat(xop->size);
		op->mem.addrptr = isaddr(xop->size);
		op->mem.addrsize = insn.eaddrsize;
		op->mem.hasdisp = true;
		switch (insn.eaddrsize) {
		case X86_ADDRSIZE16:
			op->mem.disp = getword();
			break;
		case X86_ADDRSIZE32:
			op->mem.disp = getdword();
			break;
		case X86_ADDRSIZE64:
			op->mem.disp = getqword();
			break;
		default: {assert(0);}
		}
		op->mem.base = X86_REG_NO;
		op->mem.index = X86_REG_NO;
		op->mem.scale = 1;
		break;
	}
	case TYPE_P: {
		/* reg of ModR/M picks MMX register */
		if (is_xmm_op(&insn, xop->size)) {
			op->type = X86_OPTYPE_XMM;
			op->xmm = mkreg(getmodrm());
		} else {
			op->type = X86_OPTYPE_MMX;
			op->mmx = mkreg(getmodrm());
		}
		op->size = esizeop(xop->size);
		break;
	}
	case TYPE_PR: {
		/* rm of ModR/M picks MMX register */
		if (mkmod(getmodrm()) == 3) {
			if (is_xmm_op(&insn, xop->size)) {
				op->type = X86_OPTYPE_XMM;
				op->xmm = mkrm(getmodrm());
			} else {
				op->type = X86_OPTYPE_MMX;
				op->mmx = mkrm(getmodrm());
			}
			op->size = esizeop(xop->size);
		} else {
			invalidate();
		}
		break;
	}
	case TYPE_Q: {
		/* ModR/M (MMX reg or memory) */
		decode_modrm(op, xop->size, true, true, true, false, false);
		break;
	}
	case TYPE_R: {
		/* rm of ModR/M picks general register */
		op->type = X86_OPTYPE_REG;
		op->size = esizeop(xop->size);
		op->reg = mkrm(getmodrm());
		break;
	}
	case TYPE_Rx: {
		/* extra picks register */
		op->type = X86_OPTYPE_REG;
		op->size = esizeop(xop->size);
		op->reg = xop->extra | !!rexb(insn.rexprefix) << 3;
		break;
	}
	case TYPE_RXx: {
		/* extra picks register */
		op->type = X86_OPTYPE_REG;
		op->size = esizeop(xop->size);
		op->reg = xop->extra;
		break;
	}
	case TYPE_S: {
		/* reg of ModR/M picks segment register */
		op->type = X86_OPTYPE_SEG;
		op->size = esizeop(xop->size);
		op->seg = mkreg(getmodrm()) & 0x7;
		if (op->seg > 5) invalidate();
		break;
	}
	case TYPE_Sx: {
		/* extra picks segment register */
		op->type = X86_OPTYPE_SEG;
		op->size = esizeop(xop->size);
		op->seg = xop->extra;
		if (op->seg > 5) invalidate();
		break;
	}
	case TYPE_V: {
		/* reg of ModR/M picks XMM register */
		op->type = X86_OPTYPE_XMM;
		op->size = 16;
		op->xmm = mkreg(getmodrm());
		break;
	}
	case TYPE_VI: {
		/* bits 7-4 of imm picks XMM register */
		op->type = X86_OPTYPE_XMM;
		op->size = 16;
		op->xmm = getspecialimm() >> 4;
		break;
	}
	case TYPE_VV: {
		/* VEX.vvvv picks XMM register */
		op->type = X86_OPTYPE_XMM;
		op->size = 16;
		op->xmm = insn.vexprefix.vvvv;
		break;
	}
	case TYPE_Vx: {
		/* extra picks XMM register */
		op->type = X86_OPTYPE_XMM;
		op->size = 16;
		op->reg = xop->extra;
		break;
	}
	case TYPE_VR:
		/* rm of ModR/M picks XMM register */
		if (mkmod(getmodrm()) == 3) {
			op->type = X86_OPTYPE_XMM;
			op->size = esizeop(xop->size);
			op->xmm = mkrm(getmodrm());
		} else {
			invalidate();
		}
		break;
	case TYPE_W:
		/* ModR/M (XMM reg or memory) */
		decode_modrm(op, xop->size, true, true, false, true, false);
		break;
	case TYPE_VD:
		op->type = X86_OPTYPE_XMM;
		op->size = 16;
		op->reg = drexdest(getdrex());
		break;
	case TYPE_VS: 
		if (xop->info && oc0(getdrex())) {
			invalidate();
		}
		if (oc0(getdrex()) ^ xop->extra) {
			decode_modrm(op, xop->size, true, true, false, true, false);
		} else {
			op->type = X86_OPTYPE_XMM;
			op->size = 16;
			op->xmm = mkreg(getmodrm());
		}
		break;
	case TYPE_Y:
		/* reg of ModR/M picks XMM register */
		op->type = X86_OPTYPE_YMM;
		op->size = 32;
		op->ymm = mkreg(getmodrm());
		break;
	case TYPE_YV: {
		/* VEX.vvvv picks YMM register */
		op->type = X86_OPTYPE_YMM;
		op->size = 32;
		op->ymm = insn.vexprefix.vvvv;
		break;
	}
	case TYPE_YI:
		/* bits 7-4 of imm picks YMM register */
		op->type = X86_OPTYPE_YMM;
		op->size = 32;
		op->ymm = getspecialimm() >> 4;
		break;
	case TYPE_X:
		/* ModR/M (XMM reg or memory) */
		decode_modrm(op, xop->size, true, true, false, false, true);
		break;
	}
}

dis_insn *x86dis::duplicateInsn(dis_insn *disasm_insn)
{
	x86dis_insn *insn = ht_malloc(sizeof (x86dis_insn));
	*insn = *(x86dis_insn *)disasm_insn;
	return insn;
}

int x86dis::esizeop(uint c)
{
	switch (c) {
	case SIZE_B:
		return 1;
	case SIZE_W:
		return 2;
	case SIZE_D:
	case SIZE_S:
		return 4;
	case SIZE_Q:
	case SIZE_L:
		return 8;
	case SIZE_O:
		return 16;
	case SIZE_Y:
		return 32;
	case SIZE_T:
		return 10;
	case SIZE_V:
	case SIZE_BV:
	case SIZE_VV:
		switch (insn.eopsize) {
		case X86_OPSIZE16: return 2;
		case X86_OPSIZE32: return 4;
		case X86_OPSIZE64: return 8;
		default: {assert(0);}
		}
	case SIZE_R:
		if (insn.eopsize == X86_OPSIZE64) return 8; else return 4;
	case SIZE_U:
		if (insn.opsizeprefix == X86_PREFIX_OPSIZE) return 16; else return 8;
	case SIZE_Z:
		if (insn.opsizeprefix == X86_PREFIX_OPSIZE) return 8; else return 4;
	case SIZE_P:
		if (insn.eopsize == X86_OPSIZE16) return 4; else return 6;
	}
	return 0;
}

int x86dis::esizeop_ex(uint c)
{
	switch (c) {
	case SIZE_BV:
		return 1;
	case SIZE_VV:
		switch (insn.eopsize) {
		case X86_OPSIZE16: return 2;
		case X86_OPSIZE32:
		case X86_OPSIZE64: return 4;
		default: {assert(0);}
		}
	}
	return esizeop(c);
}

byte x86dis::getbyte()
{
	if (codep-ocodep+1 <= maxlen) {
		return *(codep++);
	} else {
		invalidate();
		return 0;
	}
}

uint16 x86dis::getword()
{
	if (codep-ocodep+2 <= maxlen) {
		uint16 w;
		w = codep[0] | (codep[1]<<8);
		codep += 2;
		return w;
	} else {
		invalidate();
		return 0;
	}
}

uint32 x86dis::getdword()
{
	if (codep-ocodep+4 <= maxlen) {
		uint32 w;
		w = codep[0] | codep[1]<<8 | codep[2]<<16 | codep[3]<<24;
		codep += 4;
		return w;
	} else {
		invalidate();
		return 0;
	}
}

uint64 x86dis::getqword()
{
	if (codep-ocodep+8 <= maxlen) {
		uint64 w;
		w = uint64(codep[0])<< 0 | uint64(codep[1])<< 8 | uint64(codep[2])<<16 | uint64(codep[3])<<24
		  | uint64(codep[4])<<32 | uint64(codep[5])<<40 | uint64(codep[6])<<48 | uint64(codep[7])<<56;
		codep += 8;
		return w;
	} else {
		invalidate();
		return 0;
	}
}

void x86dis::getOpcodeMetrics(int &min_length, int &max_length, int &min_look_ahead, int &avg_look_ahead, int &addr_align)
{
	min_length = 1;
	max_length = 15;
	min_look_ahead = 120;    // 1/2/3/4/5/6/8/10/12/15
	avg_look_ahead = 24;     // 1/2/3/4/6/8/12/24
	addr_align = 1;
}

uint64 x86dis::getoffset()
{
	return addr.addr32.offset;
}

void x86dis::filloffset(CPU_ADDR &addr, uint64 offset)
{
	addr.addr32.offset = offset;
}

uint32 x86dis::getdisp()
{
	if (have_disp) return disp;
	have_disp = true;
	int modrm = getmodrm();
	int mod = mkmod(modrm);
	if (mod == 3) return 0;
	int rm = mkrm(modrm);
	if (insn.eaddrsize == X86_ADDRSIZE16) {
		if (mod == 0 && rm == 6) {
			disp = getword();
		} else {
			switch (mod) {
			case 1:
				disp = getbyte();
				break;
			case 2:
				disp = getword();
				break;
			}
		}
	} else {
		if (mod == 0 && rm == 5) {
			disp = getdword();
		} else if (rm == 4) {
			int sib = getsib();
			int base = mkbase(sib);
			int d = mod;
			if ((base & 0x7) == 5 && mod == 0) {
				d = 2;
			}
			switch (d) {
			case 1:
				disp = getbyte();
				break;
			case 2:
				disp = getdword();
				break;
			}
		} else {
			switch (mod) {
			case 1:
				disp = getbyte();
				break;
			case 2:
				disp = getdword();
				break;
			}
		}
	}
	return disp;
}

int x86dis::getmodrm()
{
	if (modrm == -1) modrm = getbyte();
	return modrm;
}

int x86dis::getdrex()
{
	if (drex == -1) {
		getmodrm();
		int modrm = getmodrm();
		int mod = mkmod(modrm);
		int rm = mkrm(modrm);
		if (mod != 3 && (rm & 7) == 4) {
			getsib();
		}
		drex = getbyte();
		if (addrsize != X86_ADDRSIZE64) {
			drex &= 0x78;
		}
		insn.rexprefix = drex & 0x7;
	}
	return drex;
}

int x86dis::getspecialimm()
{
	if (special_imm == -1) special_imm = getbyte();
	return special_imm;
}

const char *x86dis::getName()
{
	return "x86/Disassembler";
}

int x86dis::getsib()
{
	if (sib == -1) sib = getbyte();
	return sib;
}

byte x86dis::getSize(dis_insn *disasm_insn)
{
	return ((x86dis_insn*)disasm_insn)->size;
}

void x86dis::invalidate()
{
	insn.invalid = true;
}

bool x86dis::isfloat(char c)
{
	switch (c) {
	case SIZE_S:
	case SIZE_L:
	case SIZE_T:
		return true;
	}
	return false;
}

bool x86dis::isaddr(char c)
{
	switch (c) {
	case SIZE_P:
		return true;
	}
	return false;
}

void x86dis::load(ObjectStream &f)
{
	Disassembler::load(f);
	opsize = (X86OpSize)GETX_INT32(f, "opsize");
	addrsize = (X86AddrSize)GETX_INT32(f, "addrsize");
	x86_insns = &x86_32_insns;
}

ObjectID x86dis::getObjectID() const
{
	return ATOM_DISASM_X86;
}

void x86dis::prefixes()
{
	insn.opsizeprefix = X86_PREFIX_NO;
	insn.lockprefix = X86_PREFIX_NO;
	insn.repprefix = X86_PREFIX_NO;
	insn.segprefix = X86_PREFIX_NO;
	insn.rexprefix = 0;
	while (codep - ocodep < 15) {
		c = getbyte();
		switch (c) {
		case 0x26:
			insn.segprefix = X86_PREFIX_ES;
			continue;
		case 0x2e:
			insn.segprefix = X86_PREFIX_CS;
			continue;
		case 0x36:
			insn.segprefix = X86_PREFIX_SS;
			continue;
		case 0x3e:
			insn.segprefix = X86_PREFIX_DS;
			continue;
		case 0x64:
			insn.segprefix = X86_PREFIX_FS;
			continue;
		case 0x65:
			insn.segprefix = X86_PREFIX_GS;
			continue;
		case 0x66:
			insn.opsizeprefix = X86_PREFIX_OPSIZE;
			insn.eopsize = (opsize == X86_OPSIZE16) ? X86_OPSIZE32 : X86_OPSIZE16;
			continue;
		case 0x67:
			insn.eaddrsize = (addrsize == X86_ADDRSIZE16) ? X86_ADDRSIZE32 : X86_ADDRSIZE16;
			continue;
		case 0xf0:
			insn.lockprefix = X86_PREFIX_LOCK;
			continue;
		case 0xf2:
			insn.repprefix = X86_PREFIX_REPNZ;
			continue;
		case 0xf3:
			insn.repprefix = X86_PREFIX_REPZ;
			continue;
		}

		/* no prefix found -> exit loop */
		break;
	}
}

static const char *regs(x86dis_insn *insn, int mode, int nr)
{
	if (insn->rexprefix) {
		return x86_64regs[mode][nr];
	} else {
		return x86_regs[mode][nr];
	}
}

void x86dis::str_op(char *opstr, int *opstrlen, x86dis_insn *insn, x86_insn_op *op, bool explicit_params)
{
	const char *cs_default = get_cs(e_cs_default);
	const char *cs_number = get_cs(e_cs_number);
	const char *cs_symbol = get_cs(e_cs_symbol);
	
	*opstrlen=0;
	switch (op->type) {
	case X86_OPTYPE_IMM: {
		CPU_ADDR a;
		filloffset(a, op->imm);
		int slen;
		char *s=(addr_sym_func) ? addr_sym_func(a, &slen, addr_sym_func_context) : NULL;
		if (s) {
			memcpy(opstr, s, slen);
			opstr[slen] = 0;
			*opstrlen = slen;
		} else {
			char *g = opstr;
			strcpy(g, cs_number); g += strlen(cs_number);
			switch (op->size) {
			case 1:
				hexd(&g, 2, options, op->imm);
				break;
			case 2:
				hexd(&g, 4, options, op->imm);
				break;
			case 4:
				hexd(&g, 8, options, op->imm);
				break;
			case 8:
				hexq(&g, 16, options, op->imm);
				break;
			}
			strcpy(g, cs_default); g += strlen(cs_default);
		}
		break;
	}
	case X86_OPTYPE_REG: {
		int j = -1;
		switch (op->size) {
		case 1: j = 0; break;
		case 2: j = 1; break;
		case 4: j = 2; break;
		case 8: j = 3; break;
		default: {assert(0);}
		}
		if (!insn->rexprefix) {
			sprintf(opstr, x86_regs[j][op->reg]);
		} else {
			sprintf(opstr, x86_64regs[j][op->reg]);
		}
		break;
	}
	case X86_OPTYPE_SEG:
		if (x86_segs[op->seg]) {
			sprintf(opstr, x86_segs[op->seg]);
		}
		break;
	case X86_OPTYPE_CRX:
		sprintf(opstr, "cr%d", op->crx);
		break;
	case X86_OPTYPE_DRX:
		sprintf(opstr, "dr%d", op->drx);
		break;
	case X86_OPTYPE_STX:
		if (op->stx) {
			sprintf(opstr, "st%s(%s%d%s)%s", 
				cs_symbol, cs_number, op->stx, 
				cs_symbol, cs_default);
		} else {
			strcpy(opstr, "st");
		}
		break;
	case X86_OPTYPE_MMX:
		sprintf(opstr, "mm%d", op->mmx);
		break;
	case X86_OPTYPE_XMM:
		sprintf(opstr, "xmm%d", op->xmm);
		break;
	case X86_OPTYPE_YMM:
		sprintf(opstr, "ymm%d", op->ymm);
		break;
	case X86_OPTYPE_MEM: {
		char *d=opstr;
		if (explicit_params) {
			if (op->mem.floatptr) {