x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Added `ZYDIS_ATTRIB_IS_FAR_BRANCH` attribute for far JMP/CALL/RET instructions

This commit is contained in:
flobernd 2017-09-23 18:26:48 +02:00
parent 9222f80b97
commit 6315e29aa5
5 changed files with 1883 additions and 1871 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/Zydis/DecoderTypes.h
View File

@ -222,6 +222,12 @@ typedef uint64_t ZydisInstructionAttributes;
* Priviliged instructions are any instructions that require a current ring level below 3. * Priviliged instructions are any instructions that require a current ring level below 3.
*/ */
#define ZYDIS_ATTRIB_IS_PRIVILEGED 0x0000000000000100 // (1 << 8) #define ZYDIS_ATTRIB_IS_PRIVILEGED 0x0000000000000100 // (1 << 8)
/**
* @brief The instruction is a far JMP/CALL/RET.
*/
#define ZYDIS_ATTRIB_IS_FAR_BRANCH 0x0000001000000000 // (1 << 36) // TODO: rebase
/** /**
* @brief The instruction accepts the lock prefix (0xF0). * @brief The instruction accepts the lock prefix (0xF0).
*/ */
@ -346,11 +352,11 @@ typedef uint64_t ZydisInstructionAttributes;
/** /**
* @brief The instruction has the operand-size prefix (0x66). * @brief The instruction has the operand-size prefix (0x66).
*/ */
#define ZYDIS_ATTRIB_HAS_OPERANDSIZE 0x0000000400000000 // (1 << 34) #define ZYDIS_ATTRIB_HAS_OPERANDSIZE 0x0000000400000000 // (1 << 34) // TODO: rename
/** /**
* @brief The instruction has the address-size prefix (0x67). * @brief The instruction has the address-size prefix (0x67).
*/ */
#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000000800000000 // (1 << 35) #define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000000800000000 // (1 << 35) // TODO: rename
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
/* R/E/FLAGS info */ /* R/E/FLAGS info */

4
src/Decoder.c
View File

@ -2030,6 +2030,10 @@ static void ZydisSetAttributes(ZydisDecoderContext* context, ZydisDecodedInstruc
{ {
instruction->attributes |= ZYDIS_ATTRIB_IS_PRIVILEGED; instruction->attributes |= ZYDIS_ATTRIB_IS_PRIVILEGED;
} }
if (def->isFarBranch)
{
instruction->attributes |= ZYDIS_ATTRIB_IS_FAR_BRANCH;
}
if (def->acceptsLock) if (def->acceptsLock)
{ {
instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_LOCK; instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_LOCK;

3738
src/Generated/InstructionDefinitions.inc
View File

File diff suppressed because it is too large Load Diff

1
src/Generated/OperandDefinitions.inc
View File

@ -6240,6 +6240,7 @@ const ZydisOperandDefinition operandDefinitions[] =
{ ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_DS } } } }, { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_DS } } } },
{ ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_FS } } } }, { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_FS } } } },
{ ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_GS } } } }, { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_GS } } } },
{ ZYDIS_SEMANTIC_OPTYPE_MEM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_INT64, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } },
{ ZYDIS_SEMANTIC_OPTYPE_GPR32_32_64, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, { ZYDIS_SEMANTIC_OPTYPE_GPR32_32_64, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } },
{ ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_ES } } } }, { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_ES } } } },
{ ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_CS } } } }, { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_CS } } } },

1
src/SharedData.h
View File

@ -572,6 +572,7 @@ typedef struct ZydisInstructionDefinitionDEFAULT_
{ {
ZYDIS_INSTRUCTION_DEFINITION_BASE; ZYDIS_INSTRUCTION_DEFINITION_BASE;
ZydisBool isPrivileged ZYDIS_BITFIELD( 1); ZydisBool isPrivileged ZYDIS_BITFIELD( 1);
ZydisBool isFarBranch ZYDIS_BITFIELD( 1);
ZydisBool acceptsLock ZYDIS_BITFIELD( 1); ZydisBool acceptsLock ZYDIS_BITFIELD( 1);
ZydisBool acceptsREP ZYDIS_BITFIELD( 1); ZydisBool acceptsREP ZYDIS_BITFIELD( 1);
ZydisBool acceptsREPEREPZ ZYDIS_BITFIELD( 1); ZydisBool acceptsREPEREPZ ZYDIS_BITFIELD( 1);