1 /* udis86 - libudis86/decode.c
3 * Copyright (c) 2002-2009 Vivek Thampi
6 * Redistribution and use in source and binary forms, with or without modification,
7 * are permitted provided that the following conditions are met:
9 * * Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * * Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
19 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
22 * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
24 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #ifndef __UD_STANDALONE__
34 #endif /* __UD_STANDALONE__ */
36 /* The max number of prefixes to an instruction */
37 #define MAX_PREFIXES 15
39 static struct ud_itab_entry ie_invalid = { UD_Iinvalid, O_NONE, O_NONE, O_NONE, P_none };
40 static struct ud_itab_entry ie_pause = { UD_Ipause, O_NONE, O_NONE, O_NONE, P_none };
41 static struct ud_itab_entry ie_nop = { UD_Inop, O_NONE, O_NONE, O_NONE, P_none };
44 /* Looks up mnemonic code in the mnemonic string table
45 * Returns NULL if the mnemonic code is invalid
47 const char * ud_lookup_mnemonic( enum ud_mnemonic_code c )
50 return ud_mnemonics_str[ c ];
55 /* Extracts instruction prefixes.
57 static int get_prefixes( struct ud* u )
59 unsigned int have_pfx = 1;
63 /* if in error state, bail out */
67 /* keep going as long as there are prefixes available */
68 for ( i = 0; have_pfx ; ++i ) {
76 /* rex prefixes in 64bit mode */
77 if ( u->dis_mode == 64 && ( curr & 0xF0 ) == 0x40 ) {
103 u->pfx_seg = UD_R_GS;
106 case 0x67 : /* adress-size override prefix */
115 /* the 0x66 sse prefix is only effective if no other sse prefix
116 * has already been specified.
118 if ( !u->pfx_insn ) u->pfx_insn = 0x66;
134 /* No more prefixes */
140 /* check if we reached max instruction length */
141 if ( i + 1 == MAX_INSN_LENGTH ) {
151 /* rewind back one byte in stream, since the above loop
152 * stops with a non-prefix byte.
156 /* speculatively determine the effective operand mode,
157 * based on the prefixes and the current disassembly
158 * mode. This may be inaccurate, but useful for mode
159 * dependent decoding.
161 if ( u->dis_mode == 64 ) {
162 u->opr_mode = REX_W( u->pfx_rex ) ? 64 : ( ( u->pfx_opr ) ? 16 : 32 ) ;
163 u->adr_mode = ( u->pfx_adr ) ? 32 : 64;
164 } else if ( u->dis_mode == 32 ) {
165 u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
166 u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
167 } else if ( u->dis_mode == 16 ) {
168 u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
169 u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
176 /* Searches the instruction tables for the right entry.
178 static int search_itab( struct ud * u )
180 struct ud_itab_entry * e = NULL;
181 enum ud_itab_index table;
183 uint8_t did_peek = 0;
187 /* if in state of error, return */
191 /* get first byte of opcode. */
197 /* resolve xchg, nop, pause crazyness */
198 if ( 0x90 == curr ) {
199 if ( !( u->dis_mode == 64 && REX_B( u->pfx_rex ) ) ) {
210 /* get top-level table */
211 if ( 0x0F == curr ) {
217 /* 2byte opcodes can be modified by 0x66, F3, and F2 prefixes */
218 if ( 0x66 == u->pfx_insn ) {
219 if ( ud_itab_list[ ITAB__PFX_SSE66__0F ][ curr ].mnemonic != UD_Iinvalid ) {
220 table = ITAB__PFX_SSE66__0F;
223 } else if ( 0xF2 == u->pfx_insn ) {
224 if ( ud_itab_list[ ITAB__PFX_SSEF2__0F ][ curr ].mnemonic != UD_Iinvalid ) {
225 table = ITAB__PFX_SSEF2__0F;
228 } else if ( 0xF3 == u->pfx_insn ) {
229 if ( ud_itab_list[ ITAB__PFX_SSEF3__0F ][ curr ].mnemonic != UD_Iinvalid ) {
230 table = ITAB__PFX_SSEF3__0F;
235 /* pick an instruction from the 1byte table */
244 e = & ud_itab_list[ table ][ index ];
246 /* if mnemonic constant is a standard instruction constant
247 * our search is over.
250 if ( e->mnemonic < UD_Id3vil ) {
251 if ( e->mnemonic == UD_Iinvalid ) {
253 inp_next( u ); if ( u->error ) return -1;
262 switch ( e->mnemonic )
265 peek = inp_peek( u );
267 index = MODRM_REG( peek );
271 peek = inp_peek( u );
273 index = MODRM_MOD( peek );
275 index = ITAB__MOD_INDX__11;
277 index = ITAB__MOD_INDX__NOT_11;
281 curr = inp_next( u );
285 index = MODRM_RM( curr );
289 curr = inp_next( u );
297 curr = inp_next( u );
305 if ( u->opr_mode == 64 )
306 index = ITAB__MODE_INDX__64;
307 else if ( u->opr_mode == 32 )
308 index = ITAB__MODE_INDX__32;
310 index = ITAB__MODE_INDX__16;
314 if ( u->adr_mode == 64 )
315 index = ITAB__MODE_INDX__64;
316 else if ( u->adr_mode == 32 )
317 index = ITAB__MODE_INDX__32;
319 index = ITAB__MODE_INDX__16;
323 if ( u->dis_mode == 64 )
324 index = ITAB__MODE_INDX__64;
325 else if ( u->dis_mode == 32 )
326 index = ITAB__MODE_INDX__32;
328 index = ITAB__MODE_INDX__16;
332 if ( u->vendor == UD_VENDOR_INTEL )
333 index = ITAB__VENDOR_INDX__INTEL;
334 else if ( u->vendor == UD_VENDOR_AMD )
335 index = ITAB__VENDOR_INDX__AMD;
336 else if ( u->vendor == UD_VENDOR_ANY )
337 index = ITAB__VENDOR_INDX__ANY;
356 u->mnemonic = u->itab_entry->mnemonic;
362 static unsigned int resolve_operand_size( const struct ud * u, unsigned int s )
367 return ( u->opr_mode );
369 return ( u->opr_mode == 16 ) ? 16 : 32;
371 return ( u->opr_mode == 16 ) ? SZ_WP : SZ_DP;
373 return ( u->opr_mode == 16 ) ? 32 : u->opr_mode;
375 return ( u->dis_mode == 64 ) ? 64 : 32;
382 static int resolve_mnemonic( struct ud* u )
387 /* readjust operand sizes for call/jmp instrcutions */
388 if ( u->mnemonic == UD_Icall || u->mnemonic == UD_Ijmp ) {
389 /* WP: 16bit pointer */
390 if ( u->operand[ 0 ].size == SZ_WP ) {
391 u->operand[ 0 ].size = 16;
394 /* DP: 32bit pointer */
395 } else if ( u->operand[ 0 ].size == SZ_DP ) {
396 u->operand[ 0 ].size = 32;
403 /* resolve 3dnow weirdness. */
404 } else if ( u->mnemonic == UD_I3dnow ) {
405 u->mnemonic = ud_itab_list[ ITAB__3DNOW ][ inp_curr( u ) ].mnemonic;
407 /* SWAPGS is only valid in 64bits mode */
408 if ( u->mnemonic == UD_Iswapgs && u->dis_mode != 64 ) {
417 /* -----------------------------------------------------------------------------
418 * decode_a()- Decodes operands of the type seg:offset
419 * -----------------------------------------------------------------------------
422 decode_a(struct ud* u, struct ud_operand *op)
424 if (u->opr_mode == 16) {
426 op->type = UD_OP_PTR;
428 op->lval.ptr.off = inp_uint16(u);
429 op->lval.ptr.seg = inp_uint16(u);
432 op->type = UD_OP_PTR;
434 op->lval.ptr.off = inp_uint32(u);
435 op->lval.ptr.seg = inp_uint16(u);
439 /* -----------------------------------------------------------------------------
440 * decode_gpr() - Returns decoded General Purpose Register
441 * -----------------------------------------------------------------------------
444 decode_gpr(register struct ud* u, unsigned int s, unsigned char rm)
446 s = resolve_operand_size(u, s);
450 return UD_R_RAX + rm;
453 return UD_R_EAX + rm;
458 if (u->dis_mode == 64 && u->pfx_rex) {
460 return UD_R_SPL + (rm-4);
462 } else return UD_R_AL + rm;
468 /* -----------------------------------------------------------------------------
469 * resolve_gpr64() - 64bit General Purpose Register-Selection.
470 * -----------------------------------------------------------------------------
473 resolve_gpr64(struct ud* u, enum ud_operand_code gpr_op)
475 if (gpr_op >= OP_rAXr8 && gpr_op <= OP_rDIr15)
476 gpr_op = (gpr_op - OP_rAXr8) | (REX_B(u->pfx_rex) << 3);
477 else gpr_op = (gpr_op - OP_rAX);
479 if (u->opr_mode == 16)
480 return gpr_op + UD_R_AX;
481 if (u->dis_mode == 32 ||
482 (u->opr_mode == 32 && ! (REX_W(u->pfx_rex) || u->default64))) {
483 return gpr_op + UD_R_EAX;
486 return gpr_op + UD_R_RAX;
489 /* -----------------------------------------------------------------------------
490 * resolve_gpr32 () - 32bit General Purpose Register-Selection.
491 * -----------------------------------------------------------------------------
494 resolve_gpr32(struct ud* u, enum ud_operand_code gpr_op)
496 gpr_op = gpr_op - OP_eAX;
498 if (u->opr_mode == 16)
499 return gpr_op + UD_R_AX;
501 return gpr_op + UD_R_EAX;
504 /* -----------------------------------------------------------------------------
505 * resolve_reg() - Resolves the register type
506 * -----------------------------------------------------------------------------
509 resolve_reg(struct ud* u, unsigned int type, unsigned char i)
512 case T_MMX : return UD_R_MM0 + (i & 7);
513 case T_XMM : return UD_R_XMM0 + i;
514 case T_CRG : return UD_R_CR0 + i;
515 case T_DBG : return UD_R_DR0 + i;
516 case T_SEG : return UD_R_ES + (i & 7);
518 default: return UD_NONE;
522 /* -----------------------------------------------------------------------------
523 * decode_imm() - Decodes Immediate values.
524 * -----------------------------------------------------------------------------
527 decode_imm(struct ud* u, unsigned int s, struct ud_operand *op)
529 op->size = resolve_operand_size(u, s);
530 op->type = UD_OP_IMM;
533 case 8: op->lval.sbyte = inp_uint8(u); break;
534 case 16: op->lval.uword = inp_uint16(u); break;
535 case 32: op->lval.udword = inp_uint32(u); break;
536 case 64: op->lval.uqword = inp_uint64(u); break;
541 /* -----------------------------------------------------------------------------
542 * decode_modrm() - Decodes ModRM Byte
543 * -----------------------------------------------------------------------------
546 decode_modrm(struct ud* u, struct ud_operand *op, unsigned int s,
547 unsigned char rm_type, struct ud_operand *opreg,
548 unsigned char reg_size, unsigned char reg_type)
550 unsigned char mod, rm, reg;
554 /* get mod, r/m and reg fields */
555 mod = MODRM_MOD(inp_curr(u));
556 rm = (REX_B(u->pfx_rex) << 3) | MODRM_RM(inp_curr(u));
557 reg = (REX_R(u->pfx_rex) << 3) | MODRM_REG(inp_curr(u));
559 op->size = resolve_operand_size(u, s);
561 /* if mod is 11b, then the UD_R_m specifies a gpr/mmx/sse/control/debug */
563 op->type = UD_OP_REG;
564 if (rm_type == T_GPR)
565 op->base = decode_gpr(u, op->size, rm);
566 else op->base = resolve_reg(u, rm_type, (REX_B(u->pfx_rex) << 3) | (rm&7));
568 /* else its memory addressing */
570 op->type = UD_OP_MEM;
572 /* 64bit addressing */
573 if (u->adr_mode == 64) {
575 op->base = UD_R_RAX + rm;
577 /* get offset type */
582 else if (mod == 0 && (rm & 7) == 5) {
585 } else op->offset = 0;
587 /* Scale-Index-Base (SIB) */
591 op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
592 op->index = UD_R_RAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
593 op->base = UD_R_RAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
595 /* special conditions for base reference */
596 if (op->index == UD_R_RSP) {
601 if (op->base == UD_R_RBP || op->base == UD_R_R13) {
606 else op->offset = 32;
611 /* 32-Bit addressing mode */
612 else if (u->adr_mode == 32) {
615 op->base = UD_R_EAX + rm;
617 /* get offset type */
622 else if (mod == 0 && rm == 5) {
625 } else op->offset = 0;
627 /* Scale-Index-Base (SIB) */
631 op->scale = (1 << SIB_S(inp_curr(u))) & ~1;
632 op->index = UD_R_EAX + (SIB_I(inp_curr(u)) | (REX_X(u->pfx_rex) << 3));
633 op->base = UD_R_EAX + (SIB_B(inp_curr(u)) | (REX_B(u->pfx_rex) << 3));
635 if (op->index == UD_R_ESP) {
640 /* special condition for base reference */
641 if (op->base == UD_R_EBP) {
646 else op->offset = 32;
651 /* 16bit addressing mode */
654 case 0: op->base = UD_R_BX; op->index = UD_R_SI; break;
655 case 1: op->base = UD_R_BX; op->index = UD_R_DI; break;
656 case 2: op->base = UD_R_BP; op->index = UD_R_SI; break;
657 case 3: op->base = UD_R_BP; op->index = UD_R_DI; break;
658 case 4: op->base = UD_R_SI; break;
659 case 5: op->base = UD_R_DI; break;
660 case 6: op->base = UD_R_BP; break;
661 case 7: op->base = UD_R_BX; break;
664 if (mod == 0 && rm == 6) {
675 /* extract offset, if any */
677 case 8 : op->lval.ubyte = inp_uint8(u); break;
678 case 16: op->lval.uword = inp_uint16(u); break;
679 case 32: op->lval.udword = inp_uint32(u); break;
680 case 64: op->lval.uqword = inp_uint64(u); break;
684 /* resolve register encoded in reg field */
686 opreg->type = UD_OP_REG;
687 opreg->size = resolve_operand_size(u, reg_size);
688 if (reg_type == T_GPR)
689 opreg->base = decode_gpr(u, opreg->size, reg);
690 else opreg->base = resolve_reg(u, reg_type, reg);
694 /* -----------------------------------------------------------------------------
695 * decode_o() - Decodes offset
696 * -----------------------------------------------------------------------------
699 decode_o(struct ud* u, unsigned int s, struct ud_operand *op)
701 switch (u->adr_mode) {
704 op->lval.uqword = inp_uint64(u);
708 op->lval.udword = inp_uint32(u);
712 op->lval.uword = inp_uint16(u);
717 op->type = UD_OP_MEM;
718 op->size = resolve_operand_size(u, s);
721 /* -----------------------------------------------------------------------------
722 * disasm_operands() - Disassembles Operands.
723 * -----------------------------------------------------------------------------
725 static int disasm_operands(register struct ud* u)
729 /* mopXt = map entry, operand X, type; */
730 enum ud_operand_code mop1t = u->itab_entry->operand1.type;
731 enum ud_operand_code mop2t = u->itab_entry->operand2.type;
732 enum ud_operand_code mop3t = u->itab_entry->operand3.type;
734 /* mopXs = map entry, operand X, size */
735 unsigned int mop1s = u->itab_entry->operand1.size;
736 unsigned int mop2s = u->itab_entry->operand2.size;
737 unsigned int mop3s = u->itab_entry->operand3.size;
739 /* iop = instruction operand */
740 register struct ud_operand* iop = u->operand;
745 decode_a(u, &(iop[0]));
750 if (MODRM_MOD(inp_peek(u)) == 3)
752 /* E, G/P/V/I/CL/1/S */
755 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_GPR);
757 decode_imm(u, mop3s, &(iop[2]));
758 else if (mop3t == OP_CL) {
759 iop[2].type = UD_OP_REG;
760 iop[2].base = UD_R_CL;
764 else if (mop2t == OP_P)
765 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_MMX);
766 else if (mop2t == OP_V)
767 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_XMM);
768 else if (mop2t == OP_S)
769 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_SEG);
771 decode_modrm(u, &(iop[0]), mop1s, T_GPR, NULL, 0, T_NONE);
772 if (mop2t == OP_CL) {
773 iop[1].type = UD_OP_REG;
774 iop[1].base = UD_R_CL;
776 } else if (mop2t == OP_I1) {
777 iop[1].type = UD_OP_CONST;
778 u->operand[1].lval.udword = 1;
779 } else if (mop2t == OP_I) {
780 decode_imm(u, mop2s, &(iop[1]));
788 if (MODRM_MOD(inp_peek(u)) == 3)
790 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
791 } else if (mop2t == OP_E) {
792 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_GPR);
794 decode_imm(u, mop3s, &(iop[2]));
795 } else if (mop2t == OP_PR) {
796 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_GPR);
798 decode_imm(u, mop3s, &(iop[2]));
799 } else if (mop2t == OP_VR) {
800 if (MODRM_MOD(inp_peek(u)) != 3)
802 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
803 } else if (mop2t == OP_W)
804 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_GPR);
808 case OP_AL : case OP_CL : case OP_DL : case OP_BL :
809 case OP_AH : case OP_CH : case OP_DH : case OP_BH :
811 iop[0].type = UD_OP_REG;
812 iop[0].base = UD_R_AL + (mop1t - OP_AL);
816 decode_imm(u, mop2s, &(iop[1]));
817 else if (mop2t == OP_DX) {
818 iop[1].type = UD_OP_REG;
819 iop[1].base = UD_R_DX;
822 else if (mop2t == OP_O)
823 decode_o(u, mop2s, &(iop[1]));
826 /* rAX[r8]..rDI[r15], I/rAX..rDI/O */
827 case OP_rAXr8 : case OP_rCXr9 : case OP_rDXr10 : case OP_rBXr11 :
828 case OP_rSPr12: case OP_rBPr13: case OP_rSIr14 : case OP_rDIr15 :
829 case OP_rAX : case OP_rCX : case OP_rDX : case OP_rBX :
830 case OP_rSP : case OP_rBP : case OP_rSI : case OP_rDI :
832 iop[0].type = UD_OP_REG;
833 iop[0].base = resolve_gpr64(u, mop1t);
836 decode_imm(u, mop2s, &(iop[1]));
837 else if (mop2t >= OP_rAX && mop2t <= OP_rDI) {
838 iop[1].type = UD_OP_REG;
839 iop[1].base = resolve_gpr64(u, mop2t);
841 else if (mop2t == OP_O) {
842 decode_o(u, mop2s, &(iop[1]));
843 iop[0].size = resolve_operand_size(u, mop2s);
847 /* AL[r8b]..BH[r15b], I */
848 case OP_ALr8b : case OP_CLr9b : case OP_DLr10b : case OP_BLr11b :
849 case OP_AHr12b: case OP_CHr13b: case OP_DHr14b : case OP_BHr15b :
851 ud_type_t gpr = (mop1t - OP_ALr8b) + UD_R_AL +
852 (REX_B(u->pfx_rex) << 3);
853 if (UD_R_AH <= gpr && u->pfx_rex)
855 iop[0].type = UD_OP_REG;
858 decode_imm(u, mop2s, &(iop[1]));
863 case OP_eAX : case OP_eCX : case OP_eDX : case OP_eBX :
864 case OP_eSP : case OP_eBP : case OP_eSI : case OP_eDI :
865 iop[0].type = UD_OP_REG;
866 iop[0].base = resolve_gpr32(u, mop1t);
867 if (mop2t == OP_DX) {
868 iop[1].type = UD_OP_REG;
869 iop[1].base = UD_R_DX;
871 } else if (mop2t == OP_I)
872 decode_imm(u, mop2s, &(iop[1]));
876 case OP_ES : case OP_CS : case OP_DS :
877 case OP_SS : case OP_FS : case OP_GS :
879 /* in 64bits mode, only fs and gs are allowed */
880 if (u->dis_mode == 64)
881 if (mop1t != OP_FS && mop1t != OP_GS)
883 iop[0].type = UD_OP_REG;
884 iop[0].base = (mop1t - OP_ES) + UD_R_ES;
891 decode_imm(u, mop1s, &(iop[0]));
892 iop[0].type = UD_OP_JIMM;
897 if (MODRM_MOD(inp_peek(u)) != 3)
899 decode_modrm(u, &(iop[0]), mop1s, T_MMX, NULL, 0, T_NONE);
901 decode_imm(u, mop2s, &(iop[1]));
906 if (MODRM_MOD(inp_peek(u)) != 3)
908 decode_modrm(u, &(iop[0]), mop1s, T_XMM, NULL, 0, T_NONE);
910 decode_imm(u, mop2s, &(iop[1]));
913 /* P, Q[,I]/W/E[,I],VR */
916 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_MMX);
918 decode_imm(u, mop3s, &(iop[2]));
919 } else if (mop2t == OP_W) {
920 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
921 } else if (mop2t == OP_VR) {
922 if (MODRM_MOD(inp_peek(u)) != 3)
924 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_MMX);
925 } else if (mop2t == OP_E) {
926 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_MMX);
928 decode_imm(u, mop3s, &(iop[2]));
935 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_CRG);
936 else if (mop2t == OP_D)
937 decode_modrm(u, &(iop[0]), mop1s, T_GPR, &(iop[1]), mop2s, T_DBG);
942 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_CRG);
947 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_DBG);
952 decode_modrm(u, &(iop[0]), mop1s, T_MMX, &(iop[1]), mop2s, T_MMX);
957 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_SEG);
962 decode_modrm(u, &(iop[0]), mop1s, T_XMM, &(iop[1]), mop2s, T_XMM);
968 /* special cases for movlps and movhps */
969 if (MODRM_MOD(inp_peek(u)) == 3) {
970 if (u->mnemonic == UD_Imovlps)
971 u->mnemonic = UD_Imovhlps;
973 if (u->mnemonic == UD_Imovhps)
974 u->mnemonic = UD_Imovlhps;
976 decode_modrm(u, &(iop[1]), mop2s, T_XMM, &(iop[0]), mop1s, T_XMM);
978 decode_imm(u, mop3s, &(iop[2]));
979 } else if (mop2t == OP_Q)
980 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
981 else if (mop2t == OP_M) {
982 if (MODRM_MOD(inp_peek(u)) == 3)
984 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
985 } else if (mop2t == OP_E) {
986 decode_modrm(u, &(iop[1]), mop2s, T_GPR, &(iop[0]), mop1s, T_XMM);
987 } else if (mop2t == OP_PR) {
988 decode_modrm(u, &(iop[1]), mop2s, T_MMX, &(iop[0]), mop1s, T_XMM);
994 iop[0].type = UD_OP_REG;
995 iop[0].base = UD_R_DX;
998 if (mop2t == OP_eAX) {
999 iop[1].type = UD_OP_REG;
1000 iop[1].base = resolve_gpr32(u, mop2t);
1001 } else if (mop2t == OP_AL) {
1002 iop[1].type = UD_OP_REG;
1003 iop[1].base = UD_R_AL;
1011 decode_imm(u, mop1s, &(iop[0]));
1013 decode_imm(u, mop2s, &(iop[1]));
1014 else if (mop2t == OP_AL) {
1015 iop[1].type = UD_OP_REG;
1016 iop[1].base = UD_R_AL;
1018 } else if (mop2t == OP_eAX) {
1019 iop[1].type = UD_OP_REG;
1020 iop[1].base = resolve_gpr32(u, mop2t);
1026 decode_o(u, mop1s, &(iop[0]));
1027 iop[1].type = UD_OP_REG;
1028 iop[1].size = resolve_operand_size(u, mop1s);
1030 iop[1].base = UD_R_AL;
1031 else if (mop2t == OP_eAX)
1032 iop[1].base = resolve_gpr32(u, mop2t);
1033 else if (mop2t == OP_rAX)
1034 iop[1].base = resolve_gpr64(u, mop2t);
1039 iop[0].type = UD_OP_CONST;
1040 iop[0].lval.sbyte = 3;
1044 case OP_ST0 : case OP_ST1 : case OP_ST2 : case OP_ST3 :
1045 case OP_ST4 : case OP_ST5 : case OP_ST6 : case OP_ST7 :
1047 iop[0].type = UD_OP_REG;
1048 iop[0].base = (mop1t-OP_ST0) + UD_R_ST0;
1051 if (mop2t >= OP_ST0 && mop2t <= OP_ST7) {
1052 iop[1].type = UD_OP_REG;
1053 iop[1].base = (mop2t-OP_ST0) + UD_R_ST0;
1060 iop[0].type = UD_OP_REG;
1061 iop[0].base = UD_R_AX;
1067 iop[0].type = iop[1].type = iop[2].type = UD_NONE;
1073 /* -----------------------------------------------------------------------------
1074 * clear_insn() - clear instruction pointer
1075 * -----------------------------------------------------------------------------
1077 static int clear_insn(register struct ud* u)
1090 u->mnemonic = UD_Inone;
1091 u->itab_entry = NULL;
1093 memset( &u->operand[ 0 ], 0, sizeof( struct ud_operand ) );
1094 memset( &u->operand[ 1 ], 0, sizeof( struct ud_operand ) );
1095 memset( &u->operand[ 2 ], 0, sizeof( struct ud_operand ) );
1100 static int do_mode( struct ud* u )
1102 /* if in error state, bail out */
1103 if ( u->error ) return -1;
1105 /* propagate perfix effects */
1106 if ( u->dis_mode == 64 ) { /* set 64bit-mode flags */
1108 /* Check validity of instruction m64 */
1109 if ( P_INV64( u->itab_entry->prefix ) ) {
1114 /* effective rex prefix is the effective mask for the
1115 * instruction hard-coded in the opcode map.
1117 u->pfx_rex = ( u->pfx_rex & 0x40 ) |
1118 ( u->pfx_rex & REX_PFX_MASK( u->itab_entry->prefix ) );
1120 /* whether this instruction has a default operand size of
1121 * 64bit, also hardcoded into the opcode map.
1123 u->default64 = P_DEF64( u->itab_entry->prefix );
1124 /* calculate effective operand size */
1125 if ( REX_W( u->pfx_rex ) ) {
1127 } else if ( u->pfx_opr ) {
1130 /* unless the default opr size of instruction is 64,
1131 * the effective operand size in the absence of rex.w
1134 u->opr_mode = ( u->default64 ) ? 64 : 32;
1137 /* calculate effective address size */
1138 u->adr_mode = (u->pfx_adr) ? 32 : 64;
1139 } else if ( u->dis_mode == 32 ) { /* set 32bit-mode flags */
1140 u->opr_mode = ( u->pfx_opr ) ? 16 : 32;
1141 u->adr_mode = ( u->pfx_adr ) ? 16 : 32;
1142 } else if ( u->dis_mode == 16 ) { /* set 16bit-mode flags */
1143 u->opr_mode = ( u->pfx_opr ) ? 32 : 16;
1144 u->adr_mode = ( u->pfx_adr ) ? 32 : 16;
1147 /* These flags determine which operand to apply the operand size
1150 u->c1 = ( P_C1( u->itab_entry->prefix ) ) ? 1 : 0;
1151 u->c2 = ( P_C2( u->itab_entry->prefix ) ) ? 1 : 0;
1152 u->c3 = ( P_C3( u->itab_entry->prefix ) ) ? 1 : 0;
1154 /* set flags for implicit addressing */
1155 u->implicit_addr = P_IMPADDR( u->itab_entry->prefix );
1160 static int gen_hex( struct ud *u )
1163 unsigned char *src_ptr = inp_sess( u );
1166 /* bail out if in error stat. */
1167 if ( u->error ) return -1;
1168 /* output buffer pointe */
1169 src_hex = ( char* ) u->insn_hexcode;
1170 /* for each byte used to decode instruction */
1171 for ( i = 0; i < u->inp_ctr; ++i, ++src_ptr) {
1172 sprintf( src_hex, "%02x", *src_ptr & 0xFF );
1178 /* =============================================================================
1179 * ud_decode() - Instruction decoder. Returns the number of bytes decoded.
1180 * =============================================================================
1182 unsigned int ud_decode( struct ud* u )
1186 if ( clear_insn( u ) ) {
1188 } else if ( get_prefixes( u ) != 0 ) {
1190 } else if ( search_itab( u ) != 0 ) {
1192 } else if ( do_mode( u ) != 0 ) {
1194 } else if ( disasm_operands( u ) != 0 ) {
1196 } else if ( resolve_mnemonic( u ) != 0 ) {
1200 /* Handle decode error. */
1202 /* clear out the decode data. */
1204 /* mark the sequence of bytes as invalid. */
1205 u->itab_entry = & ie_invalid;
1206 u->mnemonic = u->itab_entry->mnemonic;
1209 u->insn_offset = u->pc; /* set offset of instruction */
1210 u->insn_fill = 0; /* set translation buffer index to 0 */
1211 u->pc += u->inp_ctr; /* move program counter by bytes decoded */
1212 gen_hex( u ); /* generate hex code */
1214 /* return number of bytes disassembled. */
andersk / udis86.git / blob