zydis_wrapper: Final touch

- Comment out diff code in GUI
- Enable optimization
- A few more whitelist entries in the diff code
- A few fixes in the old tokenizer to be consistent with the new one in diffs
- Remove LICENSE and README now that the wrapper is part of the x64dbg core repo

src/gui/Src/BasicView/Disassembly.cpp

@@ -1496,6 +1496,11 @@ Instruction_t Disassembly::DisassembleAt(dsint rva)
     if(!mMemPage->read(wBuffer.data(), rva, wBuffer.size()))
         return Instruction_t();
 
+    return mDisasm->DisassembleAt((byte_t*)wBuffer.data(), wBuffer.size(), base, rva);
+
+    /* Zydis<->Capstone diff logic.
+     * TODO: Remove once transition is completed.
+
     auto zy_instr = mDisasm->DisassembleAt((byte_t*)wBuffer.data(), wBuffer.size(), base, rva);
     auto cs_instr = mCsDisasm->DisassembleAt((byte_t*)wBuffer.data(), wBuffer.size(), base, rva);
 
@@ -1552,6 +1557,20 @@ Instruction_t Disassembly::DisassembleAt(dsint rva)
             goto _exit;
         if(cs_instr.instStr.startsWith("fnstsw"))  // CS reports wrong 32 bit operand size (is 16)
             goto _exit;
+        if(cs_instr.instStr.startsWith("popaw")) // CS prints popaw, zydis popa (both ok)
+            goto _exit;
+        if(cs_instr.instStr.startsWith("lsl")) // CS thinks the 2. operand is 32 bit (it's 16)
+            goto _exit;
+        if(QRegExp("mov [cd]r\\d").exactMatch(cs_instr.instStr)) // CS fails to reject bad DR/CRs (that #UD, like dr4)
+            goto _exit;
+        if(QRegExp("v?comi(ps|pd|ss|sd).*").exactMatch(zy_instr.instStr)) // CS has wrong operand size
+            goto _exit;
+        if(QRegExp("v?cmp(ps|pd|ss|sd).*").exactMatch(zy_instr.instStr)) // CS uses pseudo-op notation, Zy prints cond as imm (both ok)
+            goto _exit;
+        if(cs_instr.dump.length() > 2 &&
+            cs_instr.dump[0] == '\x0f' &&
+            (cs_instr.dump[1] == '\x1a' || cs_instr.dump[1] == '\x1b')) // CS doesn't support MPX
+            goto _exit;
 
         auto insn_hex = cs_instr.dump.toHex().toStdString();
         auto cs = cs_instr.instStr.toStdString();
@@ -1579,8 +1598,9 @@ Instruction_t Disassembly::DisassembleAt(dsint rva)
         //__debugbreak();
     }
 
-_exit:
+    _exit:
     return zy_instr;
+    */
 }
 
 /**

src/gui/Src/Disassembler/cs_capstone_gui.cpp

@@ -525,13 +525,12 @@ bool CsCapstoneTokenizer::tokenizeMemOperand(const cs_x86_op & op)
     {
         switch(mem.base)
         {
-#ifdef _WIN64
         case X86_REG_RSP:
         case X86_REG_RBP:
-#else //x86
         case X86_REG_ESP:
         case X86_REG_EBP:
-#endif //_WIN64
+        case X86_REG_SP:
+        case X86_REG_BP:
             segmentText = "ss";
             break;
         default:
@@ -591,7 +590,7 @@ bool CsCapstoneTokenizer::tokenizeMemOperand(const cs_x86_op & op)
             CapstoneTokenizer::TokenValue value(op.size, duint(mem.disp));
             auto displacementType = DbgMemIsValidReadPtr(duint(mem.disp)) ? CapstoneTokenizer::TokenType::Address : CapstoneTokenizer::TokenType::Value;
             QString valueText;
-            if(mem.disp < 0)
+            if(mem.disp < 0 && prependPlus)
             {
                 operatorText = '-';
                 valueText = printValue(CapstoneTokenizer::TokenValue(op.size, duint(mem.disp * -1)), false, _maxModuleLength);

src/zydis_wrapper/LICENSE

@@ -1,23 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2016 x64dbg
-Copyright (c) 2017 Joel Höner <athre0z@zyantific.com>
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-

src/zydis_wrapper/README.md

@@ -1,4 +0,0 @@
-zydis x64dbg module
-===================
-
-A "capstone_wrapper" implementation with Zydis.

src/zydis_wrapper/zydis

@@ -1 +1 @@
-Subproject commit 38975c8d3d55e82cfda5f7e2bbe217ca59252866
+Subproject commit ded9d0e513a7a10e9e2636df6167d783cbe4b14d

src/zydis_wrapper/zydis_wrapper.cpp

@@ -48,9 +48,7 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
     mSuccess = false;
 
     // Decode instruction.
-    if(!ZYDIS_SUCCESS(ZydisDecoderDecodeBuffer(
-                          &mDecoder, data, size, addr, &mInstr
-                      )))
+    if(!ZYDIS_SUCCESS(ZydisDecoderDecodeBuffer(&mDecoder, data, size, addr, &mInstr)))
         return false;
 
     // Format it to human readable representation.
@@ -58,8 +56,7 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
                           &mFormatter,
                           const_cast<ZydisDecodedInstruction*>(&mInstr),
                           mInstrText,
-                          sizeof(mInstrText)
-                      )))
+                          sizeof(mInstrText))))
         return false;
 
     // Count explicit operands.
@@ -68,9 +65,17 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
     {
         auto & op = mInstr.operands[i];
 
-        // HACK (ath): Rebase IMM if relative (codebase expects it this way)
+        // Rebase IMM if relative and DISP if absolute (codebase expects it this way).
+        // Once, at some point in time, the disassembler is abstracted away more and more,
+        // we should probably refrain from hacking the Zydis data structure and perform
+        // such transformations in the getters instead.
         if(op.type == ZYDIS_OPERAND_TYPE_IMMEDIATE && op.imm.isRelative)
-            ZydisUtilsCalcAbsoluteTargetAddress(&mInstr, &op, &op.imm.value.u);
+            ZydisCalcAbsoluteAddress(&mInstr, &op, &op.imm.value.u);
+        else if(op.type == ZYDIS_OPERAND_TYPE_MEMORY &&
+                op.mem.base == ZYDIS_REGISTER_NONE &&
+                op.mem.index == ZYDIS_REGISTER_NONE &&
+                op.mem.disp.value != 0)
+            ZydisCalcAbsoluteAddress(&mInstr, &op, (uint64_t*)&op.mem.disp.value);
 
         if(op.visibility == ZYDIS_OPERAND_VISIBILITY_HIDDEN)
             break;
@@ -281,7 +286,6 @@ bool Zydis::IsBranchType(std::underlying_type_t<BranchType> bt) const
     return (bt & ref) != 0;
 }
 
-
 ZydisMnemonic Zydis::GetId() const
 {
     if(!Success())
@@ -588,7 +592,7 @@ size_t Zydis::BranchDestination() const
             || !mInstr.operands[0].imm.isRelative)
         return 0;
 
-    return mInstr.operands[0].imm.value.u;
+    return size_t(mInstr.operands[0].imm.value.u);
 }
 
 size_t Zydis::ResolveOpValue(int opindex, const std::function<size_t(ZydisRegister)> & resolveReg) const

src/zydis_wrapper/zydis_wrapper.vcxproj

@@ -125,7 +125,7 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
+      <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>