zydis_wrapper: Cleaned up branch types

- Remove unused semantic groups
- Improve handling of “far” in tokenizer

src/gui/Src/Disassembler/capstone_gui.cpp

@@ -399,27 +399,25 @@ bool CapstoneTokenizer::tokenizeMnemonic()
     QString mnemonic = QString(_cp.Mnemonic().c_str());
     _mnemonicType = TokenType::MnemonicNormal;
 
-    if(_cp.IsBranchType(Zydis::BTFarCall | Zydis::BTFarJmp))
-    {
+    if(_cp.IsBranchType(Zydis::BTFar))
         mnemonic += " far";
-    }
 
     if(isNop)
         _mnemonicType = TokenType::MnemonicNop;
-    else if(_cp.IsCall())
-        _mnemonicType = TokenType::MnemonicCall;
-    else if(_cp.IsBranchType(Zydis::BTCondJmp | Zydis::BTLoop | Zydis::BTXbegin))
-        _mnemonicType = TokenType::MnemonicCondJump;
-    else if(_cp.IsBranchType(Zydis::BTUncondJmp | Zydis::BTXabort))
-        _mnemonicType = TokenType::MnemonicUncondJump;
     else if(_cp.IsInt3())
         _mnemonicType = TokenType::MnemonicInt3;
-    else if(_cp.IsUnusual())
-        _mnemonicType = TokenType::MnemonicUnusual;
-    else if(_cp.IsRet())
+    else if(_cp.IsBranchType(Zydis::BTCallSem))
+        _mnemonicType = TokenType::MnemonicCall;
+    else if(_cp.IsBranchType(Zydis::BTCondJmpSem))
+        _mnemonicType = TokenType::MnemonicCondJump;
+    else if(_cp.IsBranchType(Zydis::BTUncondJmpSem))
+        _mnemonicType = TokenType::MnemonicUncondJump;
+    else if(_cp.IsBranchType(Zydis::BTRetSem))
         _mnemonicType = TokenType::MnemonicRet;
     else if(_cp.IsPushPop())
         _mnemonicType = TokenType::MnemonicPushPop;
+    else if(_cp.IsUnusual())
+        _mnemonicType = TokenType::MnemonicUnusual;
 
     return tokenizeMnemonic(_mnemonicType, mnemonic);;
 }

src/zydis_wrapper/zydis_wrapper.cpp

@@ -216,15 +216,13 @@ bool Zydis::IsBranchType(std::underlying_type_t<BranchType> bt) const
     switch(mInstr.mnemonic)
     {
     case ZYDIS_MNEMONIC_RET:
-        ref = BTRet;
+        ref = (mInstr.attributes & ZYDIS_ATTRIB_IS_FAR_BRANCH) ? BTFarRet : BTRet;
         break;
     case ZYDIS_MNEMONIC_CALL:
-        ref = (op0.elementType == ZYDIS_ELEMENT_TYPE_STRUCT ||
-               op0.type == ZYDIS_OPERAND_TYPE_POINTER) ? BTFarCall : BTCall;
+        ref = (mInstr.attributes & ZYDIS_ATTRIB_IS_FAR_BRANCH) ? BTFarCall : BTCall;
         break;
     case ZYDIS_MNEMONIC_JMP:
-        ref = (op0.elementType == ZYDIS_ELEMENT_TYPE_STRUCT ||
-               op0.type == ZYDIS_OPERAND_TYPE_POINTER) ? BTFarJmp : BTUncondJmp;
+        ref = (mInstr.attributes & ZYDIS_ATTRIB_IS_FAR_BRANCH) ? BTFarJmp : BTUncondJmp;
         break;
     case ZYDIS_MNEMONIC_JB:
     case ZYDIS_MNEMONIC_JBE:
@@ -266,6 +264,11 @@ bool Zydis::IsBranchType(std::underlying_type_t<BranchType> bt) const
     case ZYDIS_MNEMONIC_INT1:
         ref = BTInt1;
         break;
+    case ZYDIS_MNEMONIC_IRET:
+    case ZYDIS_MNEMONIC_IRETD:
+    case ZYDIS_MNEMONIC_IRETQ:
+        ref = BTIret;
+        break;
     case ZYDIS_MNEMONIC_XBEGIN:
         ref = BTXbegin;
         break;

src/zydis_wrapper/zydis_wrapper.h

@@ -53,37 +53,37 @@ public:
     void RegInfo(uint8_t info[ZYDIS_REGISTER_MAX_VALUE + 1]) const;
     const char* FlagName(ZydisCPUFlag flag) const;
 
-    enum BranchType : uint16_t
+    enum BranchType : uint32_t
     {
         // Basic types.
         BTRet          = 1 << 0,
         BTCall         = 1 << 1,
         BTFarCall      = 1 << 2,
-        BTSyscall      = 1 << 3, // Also sysenter
-        BTSysret       = 1 << 4, // Also sysexit
-        BTInt          = 1 << 5,
-        BTInt3         = 1 << 6,
-        BTInt1         = 1 << 7,
-        BTIret         = 1 << 8,
-        BTCondJmp      = 1 << 9,
-        BTUncondJmp    = 1 << 10,
-        BTFarJmp       = 1 << 11,
-        BTXbegin       = 1 << 12,
-        BTXabort       = 1 << 13,
-        BTRsm          = 1 << 14,
-        BTLoop         = 1 << 15,
+        BTFarRet       = 1 << 3,
+        BTSyscall      = 1 << 4, // Also sysenter
+        BTSysret       = 1 << 5, // Also sysexit
+        BTInt          = 1 << 6,
+        BTInt3         = 1 << 7,
+        BTInt1         = 1 << 8,
+        BTIret         = 1 << 9,
+        BTCondJmp      = 1 << 10,
+        BTUncondJmp    = 1 << 11,
+        BTFarJmp       = 1 << 12,
+        BTXbegin       = 1 << 13,
+        BTXabort       = 1 << 14,
+        BTRsm          = 1 << 15,
+        BTLoop         = 1 << 16,
 
         BTJmp          = BTCondJmp | BTUncondJmp,
 
         // Semantic groups (behaves like XX).
-        BTCallSem      = BTCall | BTSyscall | BTInt,
-        BTRetSem       = BTRet | BTSysret | BTIret | BTRsm | BTXabort,
-        BTIntSem       = BTInt | BTInt1 | BTInt3 | BTSyscall,
-        BTIretSem      = BTIret | BTSysret,
-        BTJmpSem       = BTJmp | BTLoop,
+        BTCallSem      = BTCall | BTFarCall | BTSyscall | BTInt,
+        BTRetSem       = BTRet | BTSysret | BTIret | BTFarRet| BTRsm,
+        BTCondJmpSem   = BTCondJmp | BTLoop | BTXbegin,
+        BTUncondJmpSem = BTUncondJmp | BTFarJmp | BTXabort,
 
         BTRtm          = BTXabort | BTXbegin,
-        BTCtxSwitch    = BTIntSem | BTIretSem | BTRsm | BTFarCall | BTFarJmp,
+        BTFar          = BTFarCall | BTFarJmp | BTFarRet,
 
         BTAny          = std::underlying_type_t<BranchType>(-1)
     };
@@ -91,11 +91,11 @@ public:
     bool IsBranchType(std::underlying_type_t<BranchType> bt) const;
 
     // Shortcuts.
-    bool IsRet() const { return IsBranchType(BTRet);    }
-    bool IsCall() const { return IsBranchType(BTCall);   }
-    bool IsJump() const { return IsBranchType(BTJmp);    }
-    bool IsLoop() const { return IsBranchType(BTLoop);   }
-    bool IsInt3() const { return IsBranchType(BTInt3);   }
+    bool IsRet() const { return IsBranchType(BTRet); }
+    bool IsCall() const { return IsBranchType(BTCall); }
+    bool IsJump() const { return IsBranchType(BTJmp); }
+    bool IsLoop() const { return IsBranchType(BTLoop); }
+    bool IsInt3() const { return IsBranchType(BTInt3); }
 private:
     static ZydisDecoder mDecoder;
     static ZydisFormatter mFormatter;