1 /* udis86 - libudis86/decode.c
3 * Copyright (c) 2002-2009 Vivek Thampi
6 * Redistribution and use in source and binary forms, with or without modification,
7 * are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
19 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
22 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 #ifndef __UD_STANDALONE__
28 #endif /* __UD_STANDALONE__ */
35 /* The max number of prefixes to an instruction */
36 #define MAX_PREFIXES 15
38 static struct ud_itab_entry ie_invalid = { UD_Iinvalid, O_NONE, O_NONE, O_NONE, P_none };
39 static struct ud_itab_entry ie_pause = { UD_Ipause, O_NONE, O_NONE, O_NONE, P_none };
40 static struct ud_itab_entry ie_nop = { UD_Inop, O_NONE, O_NONE, O_NONE, P_none };
43 /* Looks up mnemonic code in the mnemonic string table
44 * Returns NULL if the mnemonic code is invalid
46 const char * ud_lookup_mnemonic( enum ud_mnemonic_code c )
49 return ud_mnemonics_str[ c ];
54 /* Extracts instruction prefixes.
56 static int get_prefixes( struct ud* u )
58 unsigned int have_pfx = 1;
62 /* if in error state, bail out */
66 /* keep going as long as there are prefixes available */
67 for ( i = 0; have_pfx ; ++i ) {
75 /* rex prefixes in 64bit mode */
76 if ( u->dis_mode == 64 && ( curr & 0xF0 ) == 0x40 ) {
102 u->pfx_seg = UD_R_GS;
105 case 0x67 : /* adress-size override prefix */
114 /* the 0x66 sse prefix is only effective if no other sse prefix
115 * has already been specified.
117 if ( !u->pfx_insn ) u->pfx_insn = 0x66;
133 /* No more prefixes */
139 /* check if we reached max instruction length */
140 if ( i + 1 == MAX_INSN_LENGTH ) {
150 /* rewind back one byte in stream, since the above loop
151 * stops with a non-prefix byte.
155 /* speculatively determine the effective operand mode,
156 * based on the prefixes and the current disassembly
157 * mode. This may be inaccurate, but useful for mode
158 * dependent decoding.
160 if ( u->dis_mode == 64 ) {
161 u->opr_mode = REX_W( u->pfx_rex ) ? 64 : ( ( u->pfx_opr ) ? 16 : 32 ) ;
162 u->adr_mode = ( u->pfx_adr ) ? 32 : 64;
163 } else if ( u->dis_mode == 32 ) {
164 u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
165 u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
166 } else if ( u->dis_mode == 16 ) {
167 u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
168 u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
175 /* Searches the instruction tables for the right entry.
177 static int search_itab( struct ud * u )
179 struct ud_itab_entry * e = NULL;
180 enum ud_itab_index table;
182 uint8_t did_peek = 0;
186 /* if in state of error, return */
190 /* get first byte of opcode. */
196 /* resolve xchg, nop, pause crazyness */
197 if ( 0x90 == curr ) {
198 if ( !( u->dis_mode == 64 && REX_B( u->pfx_rex ) ) ) {
209 /* get top-level table */
210 if ( 0x0F == curr ) {
216 /* 2byte opcodes can be modified by 0x66, F3, and F2 prefixes */
217 if ( 0x66 == u->pfx_insn ) {
218 if ( ud_itab_list[ ITAB__PFX_SSE66__0F ][ curr ].mnemonic != UD_Iinvalid ) {
219 table = ITAB__PFX_SSE66__0F;
222 } else if ( 0xF2 == u->pfx_insn ) {
223 if ( ud_itab_list[ ITAB__PFX_SSEF2__0F ][ curr ].mnemonic != UD_Iinvalid ) {
224 table = ITAB__PFX_SSEF2__0F;
227 } else if ( 0xF3 == u->pfx_insn ) {
228 if ( ud_itab_list[ ITAB__PFX_SSEF3__0F ][ curr ].mnemonic != UD_Iinvalid ) {
229 table = ITAB__PFX_SSEF3__0F;
234 /* pick an instruction from the 1byte table */
243 e = & ud_itab_list[ table ][ index ];
245 /* if mnemonic constant is a standard instruction constant
246 * our search is over.
249 if ( e->mnemonic < UD_Id3vil ) {
250 if ( e->mnemonic == UD_Iinvalid ) {
252 inp_next( u ); if ( u->error ) return -1;
261 switch ( e->mnemonic )
264 peek = inp_peek( u );
266 index = MODRM_REG( peek );
270 peek = inp_peek( u );
272 index = MODRM_MOD( peek );
274 index = ITAB__MOD_INDX__11;
276 index = ITAB__MOD_INDX__NOT_11;
280 curr = inp_next( u );
284 index = MODRM_RM( curr );
288 curr = inp_next( u );
296 curr = inp_next( u );
304 if ( u->opr_mode == 64 )
305 index = ITAB__MODE_INDX__64;
306 else if ( u->opr_mode == 32 )
307 index = ITAB__MODE_INDX__32;
309 index = ITAB__MODE_INDX__16;
313 if ( u->adr_mode == 64 )
314 index = ITAB__MODE_INDX__64;
315 else if ( u->adr_mode == 32 )
316 index = ITAB__MODE_INDX__32;
318 index = ITAB__MODE_INDX__16;
322 if ( u->dis_mode == 64 )
323 index = ITAB__MODE_INDX__64;
324 else if ( u->dis_mode == 32 )
325 index = ITAB__MODE_INDX__32;
327 index = ITAB__MODE_INDX__16;
331 if ( u->vendor == UD_VENDOR_INTEL )
332 index = ITAB__VENDOR_INDX__INTEL;
333 else if ( u->vendor == UD_VENDOR_AMD )
334 index = ITAB__VENDOR_INDX__AMD;
335 else if ( u->vendor == UD_VENDOR_ANY )
336 index = ITAB__VENDOR_INDX__ANY;
355 u->mnemonic = u->itab_entry->mnemonic;
361 static unsigned int resolve_operand_size( const struct ud * u, unsigned int s )
366 return ( u->opr_mode );
368 return ( u->opr_mode == 16 ) ? 16 : 32;
370 return ( u->opr_mode == 16 ) ? SZ_WP : SZ_DP;
372 return ( u->opr_mode == 16 ) ? 32 : u->opr_mode;
374 return ( u->dis_mode == 64 ) ? 64 : 32;
381 static int resolve_mnemonic( struct ud* u )
386 /* readjust operand sizes for call/jmp instrcutions */
387 if ( u->mnemonic == UD_Icall || u->mnemonic == UD_Ijmp ) {
388 /* WP: 16bit pointer */
389 if ( u->operand[ 0 ].size == SZ_WP ) {
390 u->operand[ 0 ].size = 16;
393 /* DP: 32bit pointer */
394 } else if ( u->operand[ 0 ].size == SZ_DP ) {
395 u->operand[ 0 ].size = 32;
402 /* resolve 3dnow weirdness. */
403 } else if ( u->mnemonic == UD_I3dnow ) {
404 u->mnemonic = ud_itab_list[ ITAB__3DNOW ][ inp_curr( u ) ].mnemonic;
406 /* SWAPGS is only valid in 64bits mode */
407 if ( u->mnemonic == UD_Iswapgs && u->dis_mode != 64 ) {
416 /* -----------------------------------------------------------------------------
417 * decode_a()- Decodes operands of the type seg:offset
418 * -----------------------------------------------------------------------------
421 decode_a(struct ud* u, struct ud_operand *op)
423 if (u->opr_mode == 16) {
425 op->type = UD_OP_PTR;
427 op->lval.ptr.off = inp_uint16(u);
428 op->lval.ptr.seg = inp_uint16(u);
431 op->type = UD_OP_PTR;
433 op->lval.ptr.off = inp_uint32(u);
434 op->lval.ptr.seg = inp_uint16(u);
438 /* -----------------------------------------------------------------------------
439 * decode_gpr() - Returns decoded General Purpose Register
440 * -----------------------------------------------------------------------------
443 decode_gpr(register struct ud* u, unsigned int s, unsigned char rm)
445 s = resolve_operand_size(u, s);
449 return UD_R_RAX + rm;
452 return UD_R_EAX + rm;
457 if (u->dis_mode == 64 && u->pfx_rex) {
459 return UD_R_SPL + (rm-4);
461 } else return UD_R_AL + rm;
467 /* -----------------------------------------------------------------------------
468 * resolve_gpr64() - 64bit General Purpose Register-Selection.
469 * -----------------------------------------------------------------------------
472 resolve_gpr64(struct ud* u, enum ud_operand_code gpr_op)
474 if (gpr_op >= OP_rAXr8 && gpr_op <= OP_rDIr15)
475 gpr_op = (gpr_op - OP_rAXr8) | (REX_B(u->pfx_rex) << 3);
476 else gpr_op = (gpr_op - OP_rAX);
478 if (u->opr_mode == 16)
479 return gpr_op + UD_R_AX;
480 if (u->dis_mode == 32 ||
481 (u->opr_mode == 32 && ! (REX_W(u->pfx_rex) || u->default64))) {
482 return gpr_op + UD_R_EAX;
485 return gpr_op + UD_R_RAX;
488 /* -----------------------------------------------------------------------------
489 * resolve_gpr32 () - 32bit General Purpose Register-Selection.
490 * -----------------------------------------------------------------------------
493 resolve_gpr32(struct ud* u, enum ud_operand_code gpr_op)
495 gpr_op = gpr_op - OP_eAX;
497 if (u->opr_mode == 16)
498 return gpr_op + UD_R_AX;
500 return gpr_op + UD_R_EAX;
503 /* -----------------------------------------------------------------------------
504 * resolve_reg() - Resolves the register type
505 * -----------------------------------------------------------------------------
508 resolve_reg(struct ud* u, unsigned int type, unsigned char i)
511 case T_MMX : return UD_R_MM0 + (i & 7);
512 case T_XMM : return UD_R_XMM0 + i;
513 case T_CRG : return UD_R_CR0 + i;
514 case T_DBG : return UD_R_DR0 + i;
515 case T_SEG : return UD_R_ES + (i & 7);
517 default: return UD_NONE;
521 /* -----------------------------------------------------------------------------
522 * decode_imm() - Decodes Immediate values.
523 * -----------------------------------------------------------------------------
526 decode_imm(struct ud* u, unsigned int s, struct ud_operand *op)
528 op->size = resolve_operand_size(u, s);
529 op->type = UD_OP_IMM;
532 case 8: op->lval.sbyte = inp_uint8(u); break;
533 case 16: op->lval.uword = inp_uint16(u); break;
534 case 32: op->lval.udword = inp_uint32(u); break;
535 case 64: op->lval.uqword = inp_uint64(u); break;
540 /* -----------------------------------------------------------------------------
541 * decode_modrm() - Decodes ModRM Byte
542 * -----------------------------------------------------------------------------
545 decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s,
546 unsigned char rm_type, struct ud_operand *opreg,
547 unsigned char reg_size, unsigned char reg_type)
549 unsigned char mod, rm, reg;
553 /* get mod, r/m and reg fields */
554 mod = MODRM_MOD(inp_curr(u));
555 rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u));
556 reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u));
558 op->size = resolve_operand_size(u, s);
560 /* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */
562 op->type = UD_OP_REG;
563 if (rm_type == T_GPR)
564 op->base = decode_gpr(u, op->size, rm);
565 else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7));
567 /* else its memory addressing */
569 op->type = UD_OP_MEM;
571 /* 64bit addressing */
572 if (u->adr_mode == 64) {
574 op->base = UD_R_RAX + rm;
576 /* get offset type */
581 else if (mod == 0 && (rm & 7) == 5) {
584 } else op->offset = 0;
586 /* Scale-Index-Base (SIB) */
590 op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
591 op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
592 op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
594 /* special conditions for base reference */
595 if (op->index == UD_R_RSP) {
600 if (op->base == UD_R_RBP || op->base == UD_R_R13) {
605 else op->offset = 32;
610 /* 32-Bit addressing mode */
611 else if (u->adr_mode == 32) {
614 op->base = UD_R_EAX + rm;
616 /* get offset type */
621 else if (mod == 0 && rm == 5) {
624 } else op->offset = 0;
626 /* Scale-Index-Base (SIB) */
630 op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
631 op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
632 op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
634 if (op->index == UD_R_ESP) {
639 /* special condition for base reference */
640 if (op->base == UD_R_EBP) {
645 else op->offset = 32;
650 /* 16bit addressing mode */
653 case 0: op->base = UD_R_BX; op->index = UD_R_SI; break;
654 case 1: op->base = UD_R_BX; op->index = UD_R_DI; break;
655 case 2: op->base = UD_R_BP; op->index = UD_R_SI; break;
656 case 3: op->base = UD_R_BP; op->index = UD_R_DI; break;
657 case 4: op->base = UD_R_SI; break;
658 case 5: op->base = UD_R_DI; break;
659 case 6: op->base = UD_R_BP; break;
660 case 7: op->base = UD_R_BX; break;
663 if (mod == 0 && rm == 6) {
674 /* extract offset, if any */
676 case 8 : op->lval.ubyte = inp_uint8(u); break;
677 case 16: op->lval.uword = inp_uint16(u); break;
678 case 32: op->lval.udword = inp_uint32(u); break;
679 case 64: op->lval.uqword = inp_uint64(u); break;
683 /* resolve register encoded in reg field */
685 opreg->type = UD_OP_REG;
686 opreg->size = resolve_operand_size(u, reg_size);
687 if (reg_type == T_GPR)
688 opreg->base = decode_gpr(u, opreg->size, reg);
689 else opreg->base = resolve_reg(u, reg_type, reg);
693 /* -----------------------------------------------------------------------------
694 * decode_o() - Decodes offset
695 * -----------------------------------------------------------------------------
698 decode_o(struct ud* u, unsigned int s, struct ud_operand *op)
700 switch (u->adr_mode) {
703 op->lval.uqword = inp_uint64(u);
707 op->lval.udword = inp_uint32(u);
711 op->lval.uword = inp_uint16(u);
716 op->type = UD_OP_MEM;
717 op->size = resolve_operand_size(u, s);
720 /* -----------------------------------------------------------------------------
721 * disasm_operands() - Disassembles Operands.
722 * -----------------------------------------------------------------------------
724 static int disasm_operands(register struct ud* u)
728 /* mopXt = map entry, operand X, type; */
729 enum ud_operand_code mop1t = u->itab_entry->operand1.type;
730 enum ud_operand_code mop2t = u->itab_entry->operand2.type;
731 enum ud_operand_code mop3t = u->itab_entry->operand3.type;
733 /* mopXs = map entry, operand X, size */
734 unsigned int mop1s = u->itab_entry->operand1.size;
735 unsigned int mop2s = u->itab_entry->operand2.size;
736 unsigned int mop3s = u->itab_entry->operand3.size;
738 /* iop = instruction operand */
739 register struct ud_operand* iop = u->operand;
744 decode_a(u, &(iop[0]));
749 if (MODRM_MOD(inp_peek(u)) == 3)
751 /* E, G/P/V/I/CL/1/S */
754 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_GPR);
756 decode_imm(u, mop3s, &(iop[2]));
757 else if (mop3t == OP_CL) {
758 iop[2].type = UD_OP_REG;
759 iop[2].base = UD_R_CL;
763 else if (mop2t == OP_P)
764 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_MMX);
765 else if (mop2t == OP_V)
766 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_XMM);
767 else if (mop2t == OP_S)
768 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_SEG);
770 decode_modrm(u, &(iop[0]), mop1s, T_GPR, NULL, 0, T_NONE);
771 if (mop2t == OP_CL) {
772 iop[1].type = UD_OP_REG;
773 iop[1].base = UD_R_CL;
775 } else if (mop2t == OP_I1) {
776 iop[1].type = UD_OP_CONST;
777 u->operand[1].lval.udword = 1;
778 } else if (mop2t == OP_I) {
779 decode_imm(u, mop2s, &(iop[1]));
787 if (MODRM_MOD(inp_peek(u)) == 3)
789 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
790 } else if (mop2t == OP_E) {
791 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
793 decode_imm(u, mop3s, &(iop[2]));
794 } else if (mop2t == OP_PR) {
795 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_GPR);
797 decode_imm(u, mop3s, &(iop[2]));
798 } else if (mop2t == OP_VR) {
799 if (MODRM_MOD(inp_peek(u)) != 3)
801 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
802 } else if (mop2t == OP_W)
803 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
807 case OP_AL : case OP_CL : case OP_DL : case OP_BL :
808 case OP_AH : case OP_CH : case OP_DH : case OP_BH :
810 iop[0].type = UD_OP_REG;
811 iop[0].base = UD_R_AL + (mop1t - OP_AL);
815 decode_imm(u, mop2s, &(iop[1]));
816 else if (mop2t == OP_DX) {
817 iop[1].type = UD_OP_REG;
818 iop[1].base = UD_R_DX;
821 else if (mop2t == OP_O)
822 decode_o(u, mop2s, &(iop[1]));
825 /* rAX[r8]..rDI[r15], I/rAX..rDI/O */
826 case OP_rAXr8 : case OP_rCXr9 : case OP_rDXr10 : case OP_rBXr11 :
827 case OP_rSPr12: case OP_rBPr13: case OP_rSIr14 : case OP_rDIr15 :
828 case OP_rAX : case OP_rCX : case OP_rDX : case OP_rBX :
829 case OP_rSP : case OP_rBP : case OP_rSI : case OP_rDI :
831 iop[0].type = UD_OP_REG;
832 iop[0].base = resolve_gpr64(u, mop1t);
835 decode_imm(u, mop2s, &(iop[1]));
836 else if (mop2t >= OP_rAX && mop2t <= OP_rDI) {
837 iop[1].type = UD_OP_REG;
838 iop[1].base = resolve_gpr64(u, mop2t);
840 else if (mop2t == OP_O) {
841 decode_o(u, mop2s, &(iop[1]));
842 iop[0].size = resolve_operand_size(u, mop2s);
846 /* AL[r8b]..BH[r15b], I */
847 case OP_ALr8b : case OP_CLr9b : case OP_DLr10b : case OP_BLr11b :
848 case OP_AHr12b: case OP_CHr13b: case OP_DHr14b : case OP_BHr15b :
850 ud_type_t gpr = (mop1t - OP_ALr8b) + UD_R_AL +
851 (REX_B(u->pfx_rex) << 3);
852 if (UD_R_AH <= gpr && u->pfx_rex)
854 iop[0].type = UD_OP_REG;
857 decode_imm(u, mop2s, &(iop[1]));
862 case OP_eAX : case OP_eCX : case OP_eDX : case OP_eBX :
863 case OP_eSP : case OP_eBP : case OP_eSI : case OP_eDI :
864 iop[0].type = UD_OP_REG;
865 iop[0].base = resolve_gpr32(u, mop1t);
866 if (mop2t == OP_DX) {
867 iop[1].type = UD_OP_REG;
868 iop[1].base = UD_R_DX;
870 } else if (mop2t == OP_I)
871 decode_imm(u, mop2s, &(iop[1]));
875 case OP_ES : case OP_CS : case OP_DS :
876 case OP_SS : case OP_FS : case OP_GS :
878 /* in 64bits mode, only fs and gs are allowed */
879 if (u->dis_mode == 64)
880 if (mop1t != OP_FS && mop1t != OP_GS)
882 iop[0].type = UD_OP_REG;
883 iop[0].base = (mop1t - OP_ES) + UD_R_ES;
890 decode_imm(u, mop1s, &(iop[0]));
891 iop[0].type = UD_OP_JIMM;
896 if (MODRM_MOD(inp_peek(u)) != 3)
898 decode_modrm(u, &(iop[0]), mop1s, T_MMX, NULL, 0, T_NONE);
900 decode_imm(u, mop2s, &(iop[1]));
905 if (MODRM_MOD(inp_peek(u)) != 3)
907 decode_modrm(u, &(iop[0]), mop1s, T_XMM, NULL, 0, T_NONE);
909 decode_imm(u, mop2s, &(iop[1]));
912 /* P, Q[,I]/W/E[,I],VR */
915 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_MMX);
917 decode_imm(u, mop3s, &(iop[2]));
918 } else if (mop2t == OP_W) {
919 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
920 } else if (mop2t == OP_VR) {
921 if (MODRM_MOD(inp_peek(u)) != 3)
923 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
924 } else if (mop2t == OP_E) {
925 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_MMX);
927 decode_imm(u, mop3s, &(iop[2]));
934 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_CRG);
935 else if (mop2t == OP_D)
936 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_DBG);
941 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_CRG);
946 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_DBG);
951 decode_modrm(u, &(iop[0]), mop1s, T_MMX, &(iop[1]), mop2s, T_MMX);
956 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_SEG);
961 decode_modrm(u, &(iop[0]), mop1s, T_XMM, &(iop[1]), mop2s, T_XMM);
967 /* special cases for movlps and movhps */
968 if (MODRM_MOD(inp_peek(u)) == 3) {
969 if (u->mnemonic == UD_Imovlps)
970 u->mnemonic = UD_Imovhlps;
972 if (u->mnemonic == UD_Imovhps)
973 u->mnemonic = UD_Imovlhps;
975 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_XMM);
977 decode_imm(u, mop3s, &(iop[2]));
978 } else if (mop2t == OP_Q)
979 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
980 else if (mop2t == OP_M) {
981 if (MODRM_MOD(inp_peek(u)) == 3)
983 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
984 } else if (mop2t == OP_E) {
985 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
986 } else if (mop2t == OP_PR) {
987 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
993 iop[0].type = UD_OP_REG;
994 iop[0].base = UD_R_DX;
997 if (mop2t == OP_eAX) {
998 iop[1].type = UD_OP_REG;
999 iop[1].base = resolve_gpr32(u, mop2t);
1000 } else if (mop2t == OP_AL) {
1001 iop[1].type = UD_OP_REG;
1002 iop[1].base = UD_R_AL;
1010 decode_imm(u, mop1s, &(iop[0]));
1012 decode_imm(u, mop2s, &(iop[1]));
1013 else if (mop2t == OP_AL) {
1014 iop[1].type = UD_OP_REG;
1015 iop[1].base = UD_R_AL;
1017 } else if (mop2t == OP_eAX) {
1018 iop[1].type = UD_OP_REG;
1019 iop[1].base = resolve_gpr32(u, mop2t);
1025 decode_o(u, mop1s, &(iop[0]));
1026 iop[1].type = UD_OP_REG;
1027 iop[1].size = resolve_operand_size(u, mop1s);
1029 iop[1].base = UD_R_AL;
1030 else if (mop2t == OP_eAX)
1031 iop[1].base = resolve_gpr32(u, mop2t);
1032 else if (mop2t == OP_rAX)
1033 iop[1].base = resolve_gpr64(u, mop2t);
1038 iop[0].type = UD_OP_CONST;
1039 iop[0].lval.sbyte = 3;
1043 case OP_ST0 : case OP_ST1 : case OP_ST2 : case OP_ST3 :
1044 case OP_ST4 : case OP_ST5 : case OP_ST6 : case OP_ST7 :
1046 iop[0].type = UD_OP_REG;
1047 iop[0].base = (mop1t-OP_ST0) + UD_R_ST0;
1050 if (mop2t >= OP_ST0 && mop2t <= OP_ST7) {
1051 iop[1].type = UD_OP_REG;
1052 iop[1].base = (mop2t-OP_ST0) + UD_R_ST0;
1059 iop[0].type = UD_OP_REG;
1060 iop[0].base = UD_R_AX;
1066 iop[0].type = iop[1].type = iop[2].type = UD_NONE;
1072 /* -----------------------------------------------------------------------------
1073 * clear_insn() - clear instruction pointer
1074 * -----------------------------------------------------------------------------
1076 static int clear_insn(register struct ud* u)
1089 u->mnemonic = UD_Inone;
1090 u->itab_entry = NULL;
1092 memset( &u->operand[ 0 ], 0, sizeof( struct ud_operand ) );
1093 memset( &u->operand[ 1 ], 0, sizeof( struct ud_operand ) );
1094 memset( &u->operand[ 2 ], 0, sizeof( struct ud_operand ) );
1099 static int do_mode( struct ud* u )
1101 /* if in error state, bail out */
1102 if ( u->error ) return -1;
1104 /* propagate perfix effects */
1105 if ( u->dis_mode == 64 ) { /* set 64bit-mode flags */
1107 /* Check validity of instruction m64 */
1108 if ( P_INV64( u->itab_entry->prefix ) ) {
1113 /* effective rex prefix is the effective mask for the
1114 * instruction hard-coded in the opcode map.
1116 u->pfx_rex = ( u->pfx_rex & 0x40 ) |
1117 ( u->pfx_rex & REX_PFX_MASK( u->itab_entry->prefix ) );
1119 /* whether this instruction has a default operand size of
1120 * 64bit, also hardcoded into the opcode map.
1122 u->default64 = P_DEF64( u->itab_entry->prefix );
1123 /* calculate effective operand size */
1124 if ( REX_W( u->pfx_rex ) ) {
1126 } else if ( u->pfx_opr ) {
1129 /* unless the default opr size of instruction is 64,
1130 * the effective operand size in the absence of rex.w
1133 u->opr_mode = ( u->default64 ) ? 64 : 32;
1136 /* calculate effective address size */
1137 u->adr_mode = (u->pfx_adr) ? 32 : 64;
1138 } else if ( u->dis_mode == 32 ) { /* set 32bit-mode flags */
1139 u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
1140 u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
1141 } else if ( u->dis_mode == 16 ) { /* set 16bit-mode flags */
1142 u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
1143 u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
1146 /* These flags determine which operand to apply the operand size
1149 u->c1 = ( P_C1( u->itab_entry->prefix ) ) ? 1 : 0;
1150 u->c2 = ( P_C2( u->itab_entry->prefix ) ) ? 1 : 0;
1151 u->c3 = ( P_C3( u->itab_entry->prefix ) ) ? 1 : 0;
1153 /* set flags for implicit addressing */
1154 u->implicit_addr = P_IMPADDR( u->itab_entry->prefix );
1159 static int gen_hex( struct ud *u )
1162 unsigned char *src_ptr = inp_sess( u );
1165 /* bail out if in error stat. */
1166 if ( u->error ) return -1;
1167 /* output buffer pointe */
1168 src_hex = ( char* ) u->insn_hexcode;
1169 /* for each byte used to decode instruction */
1170 for ( i = 0; i < u->inp_ctr; ++i, ++src_ptr) {
1171 sprintf( src_hex, "%02x", *src_ptr & 0xFF );
1177 /* =============================================================================
1178 * ud_decode() - Instruction decoder. Returns the number of bytes decoded.
1179 * =============================================================================
1181 unsigned int ud_decode( struct ud* u )
1185 if ( clear_insn( u ) ) {
1187 } else if ( get_prefixes( u ) != 0 ) {
1189 } else if ( search_itab( u ) != 0 ) {
1191 } else if ( do_mode( u ) != 0 ) {
1193 } else if ( disasm_operands( u ) != 0 ) {
1195 } else if ( resolve_mnemonic( u ) != 0 ) {
1199 /* Handle decode error. */
1201 /* clear out the decode data. */
1203 /* mark the sequence of bytes as invalid. */
1204 u->itab_entry = & ie_invalid;
1205 u->mnemonic = u->itab_entry->mnemonic;
1208 u->insn_offset = u->pc; /* set offset of instruction */
1209 u->insn_fill = 0; /* set translation buffer index to 0 */
1210 u->pc += u->inp_ctr; /* move program counter by bytes decoded */
1211 gen_hex( u ); /* generate hex code */
1213 /* return number of bytes disassembled. */