x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Minor refactorings

This commit is contained in:
flobernd 2017-07-01 01:10:03 +02:00
parent 392c36c85f
commit ad8e5ce6a9
5 changed files with 118 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
include/Zydis/InstructionInfo.h
View File

@ -333,13 +333,7 @@ typedef struct ZydisOperandInfo_
/** /**
* @brief The displacement value * @brief The displacement value
*/ */
union int64_t value;
{
int8_t sbyte;
int16_t sword;
int32_t sdword;
int64_t sqword;
} value;
} disp; } disp;
} mem; } mem;
/** /**
@ -369,14 +363,8 @@ typedef struct ZydisOperandInfo_
*/ */
union union
{ {
int8_t sbyte; uint64_t u;
uint8_t ubyte; int64_t s;
int16_t sword;
uint16_t uword;
int32_t sdword;
uint32_t udword;
int64_t sqword;
uint64_t uqword;
} value; } value;
} imm; } imm;
} ZydisOperandInfo; } ZydisOperandInfo;
@ -687,6 +675,46 @@ typedef uint64_t ZydisInstructionAttributes;
*/ */
#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000001000000000 #define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000001000000000
/* ---------------------------------------------------------------------------------------------- */
/* SSE/AVX exception-class */
/* ---------------------------------------------------------------------------------------------- */
/**
* @brief Defines the @c ZydisExceptionClass datatype.
*/
typedef uint16_t ZydisExceptionClass;
/**
* @brief Values that represent exception-classes.
*/
enum ZydisExceptionClasses
{
ZYDIS_EXCEPTION_CLASS_NONE,
// TODO: SSE and AVX
ZYDIS_EXCEPTION_CLASS_E1,
ZYDIS_EXCEPTION_CLASS_E1NF,
ZYDIS_EXCEPTION_CLASS_E2,
ZYDIS_EXCEPTION_CLASS_E2NF,
ZYDIS_EXCEPTION_CLASS_E3,
ZYDIS_EXCEPTION_CLASS_E3NF,
ZYDIS_EXCEPTION_CLASS_E4,
ZYDIS_EXCEPTION_CLASS_E4NF,
ZYDIS_EXCEPTION_CLASS_E5,
ZYDIS_EXCEPTION_CLASS_E5NF,
ZYDIS_EXCEPTION_CLASS_E6,
ZYDIS_EXCEPTION_CLASS_E6NF,
ZYDIS_EXCEPTION_CLASS_E7NM,
ZYDIS_EXCEPTION_CLASS_E7NM128,
ZYDIS_EXCEPTION_CLASS_E9NF,
ZYDIS_EXCEPTION_CLASS_E10,
ZYDIS_EXCEPTION_CLASS_E10NF,
ZYDIS_EXCEPTION_CLASS_E11,
ZYDIS_EXCEPTION_CLASS_E12,
ZYDIS_EXCEPTION_CLASS_E12NP,
ZYDIS_EXCEPTION_CLASS_K20,
ZYDIS_EXCEPTION_CLASS_K21
};
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
/* AVX vector-length */ /* AVX vector-length */
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
@ -956,9 +984,6 @@ typedef struct ZydisInstructionInfo_
* @brief The AVX data-conversion mode (MVEX only). * @brief The AVX data-conversion mode (MVEX only).
*/ */
ZydisConversionMode conversionMode; ZydisConversionMode conversionMode;
// TODO: Remove SAE from the rounding-mode enum and always add it as extra value
/** /**
* @brief Signals, if the sae functionality is enabled for the instruction. * @brief Signals, if the sae functionality is enabled for the instruction.
*/ */
@ -967,7 +992,6 @@ typedef struct ZydisInstructionInfo_
* @brief Signals, if the instruction has a memory eviction-hint (MVEX only). * @brief Signals, if the instruction has a memory eviction-hint (MVEX only).
*/ */
ZydisBool hasEvictionHint; ZydisBool hasEvictionHint;
} avx; } avx;
/** /**
* @brief Extended info about different instruction-parts like ModRM, SIB or * @brief Extended info about different instruction-parts like ModRM, SIB or
@ -1278,22 +1302,16 @@ typedef struct ZydisInstructionInfo_
/** /**
* @brief The displacement value * @brief The displacement value
*/ */
union int64_t value;
{
int8_t sbyte;
int16_t sword;
int32_t sdword;
int64_t sqword;
} value;
/** /**
* @brief The physical displacement size, in bits. * @brief The physical displacement size, in bits.
*/ */
uint8_t dataSize; uint8_t size;
/** /**
* @brief The offset of the displacement data, relative to the beginning of the * @brief The offset of the displacement data, relative to the beginning of the
* instruction, in bytes. * instruction, in bytes.
*/ */
uint8_t dataOffset; uint8_t offset;
} disp; } disp;
/** /**
* @brief Detailed info about immediate-bytes. * @brief Detailed info about immediate-bytes.
@ -1315,24 +1333,18 @@ typedef struct ZydisInstructionInfo_
*/ */
union union
{ {
int8_t sbyte; uint64_t u;
uint8_t ubyte; int64_t s;
int16_t sword;
uint16_t uword;
int32_t sdword;
uint32_t udword;
int64_t sqword;
uint64_t uqword;
} value; } value;
/** /**
* @brief The physical immediate size, in bits. * @brief The physical immediate size, in bits.
*/ */
uint8_t dataSize; uint8_t size;
/** /**
* @brief The offset of the immediate data, relative to the beginning of the * @brief The offset of the immediate data, relative to the beginning of the
* instruction, in bytes. * instruction, in bytes.
*/ */
uint8_t dataOffset; uint8_t offset;
} imm[2]; } imm[2];
} details; } details;
/** /**

2
include/Zydis/Internal/InstructionDefinitions.inc
View File

@ -599,7 +599,7 @@ const ZydisInstructionDefinitionDEFAULT instructionDefinitionsDEFAULT[] =
/*0254*/ { ZYDIS_MNEMONIC_INSW, 3, 0x0967, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE }, /*0254*/ { ZYDIS_MNEMONIC_INSW, 3, 0x0967, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE },
/*0255*/ { ZYDIS_MNEMONIC_INSW, 2, 0x1342, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE }, /*0255*/ { ZYDIS_MNEMONIC_INSW, 2, 0x1342, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_TRUE },
/*0256*/ { ZYDIS_MNEMONIC_INT, 2, 0x1344, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE }, /*0256*/ { ZYDIS_MNEMONIC_INT, 2, 0x1344, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE },
/*0257*/ { ZYDIS_MNEMONIC_INT1, 0, 0x0000, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE }, /*0257*/ { ZYDIS_MNEMONIC_INT1, 1, 0x126F, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE },
/*0258*/ { ZYDIS_MNEMONIC_INT3, 1, 0x126F, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE }, /*0258*/ { ZYDIS_MNEMONIC_INT3, 1, 0x126F, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE },
/*0259*/ { ZYDIS_MNEMONIC_INTO, 1, 0x0912, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE }, /*0259*/ { ZYDIS_MNEMONIC_INTO, 1, 0x0912, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE },
/*025A*/ { ZYDIS_MNEMONIC_INVD, 0, 0x0000, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE }, /*025A*/ { ZYDIS_MNEMONIC_INVD, 0, 0x0000, 0x00, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE, ZYDIS_FALSE },

88
src/Decoder.c
View File

@ -468,6 +468,7 @@ static ZydisStatus ZydisDecodeVEX(ZydisDecoderContext* context, ZydisInstruction
ZYDIS_UNREACHABLE; ZYDIS_UNREACHABLE;
} }
// TODO: m_mmmm = 0 is only valid for some KNC instructions
if (info->details.vex.m_mmmm > 0x03) if (info->details.vex.m_mmmm > 0x03)
{ {
// Invalid according to the intel documentation // Invalid according to the intel documentation
@ -520,7 +521,6 @@ static ZydisStatus ZydisDecodeEVEX(ZydisDecoderContext* context, ZydisInstructio
info->details.evex.mm = (data[1] >> 0) & 0x03; info->details.evex.mm = (data[1] >> 0) & 0x03;
// TODO: Check if map = 0 is allowed for new EVEX instructions
if (info->details.evex.mm == 0x00) if (info->details.evex.mm == 0x00)
{ {
// Invalid according to the intel documentation // Invalid according to the intel documentation
@ -538,6 +538,12 @@ static ZydisStatus ZydisDecodeEVEX(ZydisDecoderContext* context, ZydisInstructio
info->details.evex.L = (data[3] >> 5) & 0x01; info->details.evex.L = (data[3] >> 5) & 0x01;
info->details.evex.b = (data[3] >> 4) & 0x01; info->details.evex.b = (data[3] >> 4) & 0x01;
info->details.evex.V2 = (data[3] >> 3) & 0x01; info->details.evex.V2 = (data[3] >> 3) & 0x01;
if (!info->details.evex.V2 && context->decoder->machineMode != ZYDIS_MACHINE_MODE_LONG_64)
{
return ZYDIS_STATUS_MALFORMED_EVEX;
}
info->details.evex.aaa = (data[3] >> 0) & 0x07; info->details.evex.aaa = (data[3] >> 0) & 0x07;
// Update internal fields // Update internal fields
@ -678,10 +684,10 @@ static ZydisStatus ZydisReadDisplacement(ZydisDecoderContext* context, ZydisInst
{ {
ZYDIS_ASSERT(context); ZYDIS_ASSERT(context);
ZYDIS_ASSERT(info); ZYDIS_ASSERT(info);
ZYDIS_ASSERT(info->details.disp.dataSize == 0); ZYDIS_ASSERT(info->details.disp.size == 0);
info->details.disp.dataSize = size; info->details.disp.size = size;
info->details.disp.dataOffset = info->length; info->details.disp.offset = info->length;
switch (size) switch (size)
{ {
@ -689,28 +695,28 @@ static ZydisStatus ZydisReadDisplacement(ZydisDecoderContext* context, ZydisInst
{ {
uint8_t value; uint8_t value;
ZYDIS_CHECK(ZydisInputNext(context, info, &value)); ZYDIS_CHECK(ZydisInputNext(context, info, &value));
info->details.disp.value.sqword = *(int8_t*)&value; info->details.disp.value = *(int8_t*)&value;
break; break;
} }
case 16: case 16:
{ {
uint16_t value; uint16_t value;
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 2)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 2));
info->details.disp.value.sqword = *(int16_t*)&value; info->details.disp.value = *(int16_t*)&value;
break; break;
} }
case 32: case 32:
{ {
uint32_t value; uint32_t value;
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 4)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 4));
info->details.disp.value.sqword = *(int32_t*)&value; info->details.disp.value = *(int32_t*)&value;
break; break;
} }
case 64: case 64:
{ {
uint64_t value; uint64_t value;
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 8)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 8));
info->details.disp.value.sqword = *(int64_t*)&value; info->details.disp.value = *(int64_t*)&value;
break; break;
} }
default: default:
@ -741,10 +747,10 @@ static ZydisStatus ZydisReadImmediate(ZydisDecoderContext* context, ZydisInstruc
ZYDIS_ASSERT(info); ZYDIS_ASSERT(info);
ZYDIS_ASSERT((id == 0) || (id == 1)); ZYDIS_ASSERT((id == 0) || (id == 1));
ZYDIS_ASSERT(isSigned || !isRelative); ZYDIS_ASSERT(isSigned || !isRelative);
ZYDIS_ASSERT(info->details.imm[id].dataSize == 0); ZYDIS_ASSERT(info->details.imm[id].size == 0);
info->details.imm[id].dataSize = size; info->details.imm[id].size = size;
info->details.imm[id].dataOffset = info->length; info->details.imm[id].offset = info->length;
info->details.imm[id].isSigned = isSigned; info->details.imm[id].isSigned = isSigned;
info->details.imm[id].isRelative = isRelative; info->details.imm[id].isRelative = isRelative;
switch (size) switch (size)
@ -755,10 +761,10 @@ static ZydisStatus ZydisReadImmediate(ZydisDecoderContext* context, ZydisInstruc
ZYDIS_CHECK(ZydisInputNext(context, info, &value)); ZYDIS_CHECK(ZydisInputNext(context, info, &value));
if (isSigned) if (isSigned)
{ {
info->details.imm[id].value.sqword = (int8_t)value; info->details.imm[id].value.s = (int8_t)value;
} else } else
{ {
info->details.imm[id].value.ubyte = value; info->details.imm[id].value.u = value;
} }
break; break;
} }
@ -768,10 +774,10 @@ static ZydisStatus ZydisReadImmediate(ZydisDecoderContext* context, ZydisInstruc
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 2)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 2));
if (isSigned) if (isSigned)
{ {
info->details.imm[id].value.sqword = (int16_t)value; info->details.imm[id].value.s = (int16_t)value;
} else } else
{ {
info->details.imm[id].value.uword = value; info->details.imm[id].value.u = value;
} }
break; break;
} }
@ -781,10 +787,10 @@ static ZydisStatus ZydisReadImmediate(ZydisDecoderContext* context, ZydisInstruc
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 4)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 4));
if (isSigned) if (isSigned)
{ {
info->details.imm[id].value.sqword = (int32_t)value; info->details.imm[id].value.s = (int32_t)value;
} else } else
{ {
info->details.imm[id].value.udword = value; info->details.imm[id].value.u = value;
} }
break; break;
} }
@ -794,10 +800,10 @@ static ZydisStatus ZydisReadImmediate(ZydisDecoderContext* context, ZydisInstruc
ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 8)); ZYDIS_CHECK(ZydisInputNextBytes(context, info, (uint8_t*)&value, 8));
if (isSigned) if (isSigned)
{ {
info->details.imm[id].value.sqword = (int64_t)value; info->details.imm[id].value.s = (int64_t)value;
} else } else
{ {
info->details.imm[id].value.uqword = value; info->details.imm[id].value.u = value;
} }
break; break;
} }
@ -880,7 +886,7 @@ static uint8_t ZydisCalcRegisterId(ZydisDecoderContext* context, ZydisInstructio
(registerClass == ZYDIS_REGCLASS_ZMM)); (registerClass == ZYDIS_REGCLASS_ZMM));
return info->details.sib.index; return info->details.sib.index;
case ZYDIS_REG_ENCODING_IS4: case ZYDIS_REG_ENCODING_IS4:
return (info->details.imm[0].value.ubyte >> 5) & 0x07; return (info->details.imm[0].value.u >> 5) & 0x07;
case ZYDIS_REG_ENCODING_MASK: case ZYDIS_REG_ENCODING_MASK:
return context->cache.mask; return context->cache.mask;
default: default:
@ -987,7 +993,7 @@ static uint8_t ZydisCalcRegisterId(ZydisDecoderContext* context, ZydisInstructio
return info->details.sib.index | (context->cache.X << 3) | (context->cache.V2 << 4); return info->details.sib.index | (context->cache.X << 3) | (context->cache.V2 << 4);
case ZYDIS_REG_ENCODING_IS4: case ZYDIS_REG_ENCODING_IS4:
{ {
uint8_t value = (info->details.imm[0].value.ubyte >> 4) & 0x0F; uint8_t value = (info->details.imm[0].value.u >> 4) & 0x0F;
// We have to check the instruction-encoding, because the extension by bit [3] is only // We have to check the instruction-encoding, because the extension by bit [3] is only
// valid for EVEX and MVEX instructions // valid for EVEX and MVEX instructions
if ((info->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || if ((info->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) ||
@ -998,7 +1004,7 @@ static uint8_t ZydisCalcRegisterId(ZydisDecoderContext* context, ZydisInstructio
case ZYDIS_REGCLASS_XMM: case ZYDIS_REGCLASS_XMM:
case ZYDIS_REGCLASS_YMM: case ZYDIS_REGCLASS_YMM:
case ZYDIS_REGCLASS_ZMM: case ZYDIS_REGCLASS_ZMM:
value |= (((info->details.imm[0].value.ubyte >> 3) & 0x01) << 4); value |= ((info->details.imm[0].value.u & 0x08) << 1);
default: default:
break; break;
} }
@ -1213,10 +1219,10 @@ static void ZydisSetOperandSizeAndElementInfo(ZydisDecoderContext* context,
} }
break; break;
case ZYDIS_OPERAND_TYPE_POINTER: case ZYDIS_OPERAND_TYPE_POINTER:
ZYDIS_ASSERT((info->details.imm[0].dataSize == 16) || ZYDIS_ASSERT((info->details.imm[0].size == 16) ||
(info->details.imm[0].dataSize == 32)); (info->details.imm[0].size == 32));
ZYDIS_ASSERT(info->details.imm[1].dataSize == 16); ZYDIS_ASSERT( info->details.imm[1].size == 16);
operand->size = info->details.imm[0].dataSize + info->details.imm[1].dataSize; operand->size = info->details.imm[0].size + info->details.imm[1].size;
break; break;
case ZYDIS_OPERAND_TYPE_IMMEDIATE: case ZYDIS_OPERAND_TYPE_IMMEDIATE:
operand->size = definition->size[context->eoszIndex] * 8; operand->size = definition->size[context->eoszIndex] * 8;
@ -1482,9 +1488,9 @@ static ZydisStatus ZydisDecodeOperandMemory(ZydisDecoderContext* context,
} }
if (displacementSize) if (displacementSize)
{ {
ZYDIS_ASSERT(info->details.disp.dataSize == displacementSize); ZYDIS_ASSERT(info->details.disp.size == displacementSize);
operand->mem.disp.hasDisplacement = ZYDIS_TRUE; operand->mem.disp.hasDisplacement = ZYDIS_TRUE;
operand->mem.disp.value.sqword = info->details.disp.value.sqword; operand->mem.disp.value = info->details.disp.value;
} }
return ZYDIS_STATUS_SUCCESS; return ZYDIS_STATUS_SUCCESS;
} }
@ -1700,7 +1706,7 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru
case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1: case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1:
info->operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE; info->operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE;
info->operands[i].size = 8; info->operands[i].size = 8;
info->operands[i].imm.value.ubyte = 1; info->operands[i].imm.value.u = 1;
info->operands[i].imm.isSigned = ZYDIS_FALSE; info->operands[i].imm.isSigned = ZYDIS_FALSE;
info->operands[i].imm.isRelative = ZYDIS_FALSE; info->operands[i].imm.isRelative = ZYDIS_FALSE;
break; break;
@ -1838,12 +1844,12 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru
ZydisDecodeOperandMemory(context, info, &info->operands[i], ZYDIS_REGCLASS_ZMM)); ZydisDecodeOperandMemory(context, info, &info->operands[i], ZYDIS_REGCLASS_ZMM));
break; break;
case ZYDIS_SEMANTIC_OPTYPE_PTR: case ZYDIS_SEMANTIC_OPTYPE_PTR:
ZYDIS_ASSERT((info->details.imm[0].dataSize == 16) || ZYDIS_ASSERT((info->details.imm[0].size == 16) ||
(info->details.imm[0].dataSize == 32)); (info->details.imm[0].size == 32));
ZYDIS_ASSERT(info->details.imm[1].dataSize == 16); ZYDIS_ASSERT( info->details.imm[1].size == 16);
info->operands[i].type = ZYDIS_OPERAND_TYPE_POINTER; info->operands[i].type = ZYDIS_OPERAND_TYPE_POINTER;
info->operands[i].ptr.offset = info->details.imm[0].value.sdword; info->operands[i].ptr.offset = (uint32_t)info->details.imm[0].value.u;
info->operands[i].ptr.segment = info->details.imm[1].value.uword; info->operands[i].ptr.segment = (uint16_t)info->details.imm[1].value.u;
break; break;
case ZYDIS_SEMANTIC_OPTYPE_AGEN: case ZYDIS_SEMANTIC_OPTYPE_AGEN:
info->operands[i].action = ZYDIS_OPERAND_ACTION_INVALID; info->operands[i].action = ZYDIS_OPERAND_ACTION_INVALID;
@ -1852,10 +1858,10 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru
ZydisDecodeOperandMemory(context, info, &info->operands[i], ZYDIS_REGISTER_NONE)); ZydisDecodeOperandMemory(context, info, &info->operands[i], ZYDIS_REGISTER_NONE));
break; break;
case ZYDIS_SEMANTIC_OPTYPE_MOFFS: case ZYDIS_SEMANTIC_OPTYPE_MOFFS:
ZYDIS_ASSERT(info->details.disp.dataSize); ZYDIS_ASSERT(info->details.disp.size);
info->operands[i].type = ZYDIS_OPERAND_TYPE_MEMORY; info->operands[i].type = ZYDIS_OPERAND_TYPE_MEMORY;
info->operands[i].mem.disp.hasDisplacement = ZYDIS_TRUE; info->operands[i].mem.disp.hasDisplacement = ZYDIS_TRUE;
info->operands[i].mem.disp.value.sqword = info->details.disp.value.sqword; info->operands[i].mem.disp.value = info->details.disp.value;
break; break;
default: default:
break; break;
@ -1865,9 +1871,9 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru
// Handle compressed 8-bit displacement // Handle compressed 8-bit displacement
if (((info->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || if (((info->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) ||
(info->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX)) && (info->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX)) &&
(info->details.disp.dataSize == 8)) (info->details.disp.size == 8))
{ {
info->operands[i].mem.disp.value.sqword *= info->avx.compressedDisp8Scale; info->operands[i].mem.disp.value *= info->avx.compressedDisp8Scale;
} }
goto FinalizeOperand; goto FinalizeOperand;
@ -1885,11 +1891,11 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru
if (operand->op.encoding == ZYDIS_OPERAND_ENCODING_IS4) if (operand->op.encoding == ZYDIS_OPERAND_ENCODING_IS4)
{ {
// The upper half of the 8-bit immediate is used to encode a register specifier // The upper half of the 8-bit immediate is used to encode a register specifier
ZYDIS_ASSERT(info->details.imm[immId].dataSize == 8); ZYDIS_ASSERT(info->details.imm[immId].size == 8);
info->operands[i].imm.value.ubyte = info->details.imm[immId].value.ubyte & 0x0F; info->operands[i].imm.value.u = (uint8_t)info->details.imm[immId].value.u & 0x0F;
} else } else
{ {
info->operands[i].imm.value.uqword = info->details.imm[immId].value.uqword; info->operands[i].imm.value.u = info->details.imm[immId].value.u;
} }
info->operands[i].imm.isSigned = info->details.imm[immId].isSigned; info->operands[i].imm.isSigned = info->details.imm[immId].isSigned;
info->operands[i].imm.isRelative = info->details.imm[immId].isRelative; info->operands[i].imm.isRelative = info->details.imm[immId].isRelative;

32
src/Formatter.c
View File

@ -282,7 +282,7 @@ static ZydisStatus ZydisFormatterFormatOperandMemIntel(const ZydisInstructionFor
if (operand->mem.base == ZYDIS_REGISTER_NONE) if (operand->mem.base == ZYDIS_REGISTER_NONE)
{ {
// MOFFS8/16/32/64 // MOFFS8/16/32/64
address = (uint64_t)operand->mem.disp.value.sqword; address = (uint64_t)operand->mem.disp.value;
} else } else
{ {
// EIP/RIP-relative // EIP/RIP-relative
@ -367,13 +367,13 @@ static ZydisStatus ZydisFormatterFormatOperandImmIntel(const ZydisInstructionFor
default: default:
return ZYDIS_STATUS_INVALID_PARAMETER; return ZYDIS_STATUS_INVALID_PARAMETER;
} }
if (printSignedHEX && (operand->imm.value.sqword < 0)) if (printSignedHEX && (operand->imm.value.s < 0))
{ {
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -operand->imm.value.sdword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -(int32_t)operand->imm.value.s);
} }
return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_STRBUF_APPEND_MODE_DEFAULT, return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_STRBUF_APPEND_MODE_DEFAULT,
"0x%02"PRIX32, operand->imm.value.sdword); "0x%02"PRIX32, (int32_t)operand->imm.value.s);
} }
// The immediate operand contains an actual ordinal value // The immediate operand contains an actual ordinal value
@ -413,24 +413,24 @@ static ZydisStatus ZydisFormatterPrintDisplacementIntel(const ZydisInstructionFo
return ZYDIS_STATUS_INVALID_PARAMETER; return ZYDIS_STATUS_INVALID_PARAMETER;
} }
if (operand->mem.disp.hasDisplacement && ((operand->mem.disp.value.sqword) || if (operand->mem.disp.hasDisplacement && ((operand->mem.disp.value) ||
((operand->mem.base == ZYDIS_REGISTER_NONE) && ((operand->mem.base == ZYDIS_REGISTER_NONE) &&
(operand->mem.index == ZYDIS_REGISTER_NONE)))) (operand->mem.index == ZYDIS_REGISTER_NONE))))
{ {
ZydisBool printSignedHEX = ZydisBool printSignedHEX =
(formatter->displacementFormat != ZYDIS_FORMATTER_DISP_HEX_UNSIGNED); (formatter->displacementFormat != ZYDIS_FORMATTER_DISP_HEX_UNSIGNED);
if (printSignedHEX && (operand->mem.disp.value.sqword < 0) && ( if (printSignedHEX && (operand->mem.disp.value < 0) && (
(operand->mem.base != ZYDIS_REGISTER_NONE) || (operand->mem.base != ZYDIS_REGISTER_NONE) ||
(operand->mem.index != ZYDIS_REGISTER_NONE))) (operand->mem.index != ZYDIS_REGISTER_NONE)))
{ {
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -operand->mem.disp.value.sdword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -operand->mem.disp.value);
} }
const char* sign = const char* sign =
((operand->mem.base == ZYDIS_REGISTER_NONE) && ((operand->mem.base == ZYDIS_REGISTER_NONE) &&
(operand->mem.index == ZYDIS_REGISTER_NONE)) ? "" : "+"; (operand->mem.index == ZYDIS_REGISTER_NONE)) ? "" : "+";
return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_STRBUF_APPEND_MODE_DEFAULT, return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_STRBUF_APPEND_MODE_DEFAULT,
"%s0x%02"PRIX32, sign, operand->mem.disp.value.sdword); "%s0x%02"PRIX32, sign, operand->mem.disp.value);
} }
return ZYDIS_STATUS_SUCCESS; return ZYDIS_STATUS_SUCCESS;
} }
@ -448,22 +448,22 @@ static ZydisStatus ZydisFormatterPrintImmediateIntel(const ZydisInstructionForma
{ {
printSignedHEX = operand->imm.isSigned; printSignedHEX = operand->imm.isSigned;
} }
if (printSignedHEX && (operand->imm.value.sqword < 0)) if (printSignedHEX && (operand->imm.value.s < 0))
{ {
switch (operand->size) switch (operand->size)
{ {
case 8: case 8:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX8, -operand->imm.value.sbyte); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX8, -(int8_t)operand->imm.value.s);
case 16: case 16:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX16, -operand->imm.value.sword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX16, -(int16_t)operand->imm.value.s);
case 32: case 32:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -operand->imm.value.sdword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX32, -(int32_t)operand->imm.value.s);
case 64: case 64:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX64, -operand->imm.value.sqword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "-0x%02"PRIX64, -operand->imm.value.s);
default: default:
return ZYDIS_STATUS_INVALID_PARAMETER; return ZYDIS_STATUS_INVALID_PARAMETER;
} }
@ -472,13 +472,13 @@ static ZydisStatus ZydisFormatterPrintImmediateIntel(const ZydisInstructionForma
{ {
case 16: case 16:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX16, operand->imm.value.uword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX16, (uint16_t)operand->imm.value.u);
case 32: case 32:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX32, operand->imm.value.udword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX32, (uint32_t)operand->imm.value.u);
case 64: case 64:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX64, operand->imm.value.uqword); ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "0x%02"PRIX64, operand->imm.value.u);
default: default:
return ZYDIS_STATUS_INVALID_PARAMETER; return ZYDIS_STATUS_INVALID_PARAMETER;
} }

7
src/Utils.c
View File

@ -51,20 +51,19 @@ ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(const ZydisInstructionInfo* info
} }
if (operand->mem.base == ZYDIS_REGISTER_EIP) if (operand->mem.base == ZYDIS_REGISTER_EIP)
{ {
*address = (uint64_t)((uint32_t)info->instrPointer + operand->mem.disp.value.sdword); *address = (uint64_t)((uint32_t)info->instrPointer + (uint32_t)operand->mem.disp.value);
return ZYDIS_STATUS_SUCCESS; return ZYDIS_STATUS_SUCCESS;
} }
if (operand->mem.base == ZYDIS_REGISTER_RIP) if (operand->mem.base == ZYDIS_REGISTER_RIP)
{ {
*address = *address = (uint64_t)(info->instrPointer + operand->mem.disp.value);
(uint64_t)(info->instrPointer + operand->mem.disp.value.sqword);
return ZYDIS_STATUS_SUCCESS; return ZYDIS_STATUS_SUCCESS;
} }
break; break;
case ZYDIS_OPERAND_TYPE_IMMEDIATE: case ZYDIS_OPERAND_TYPE_IMMEDIATE:
if (operand->imm.isSigned && operand->imm.isRelative) if (operand->imm.isSigned && operand->imm.isRelative)
{ {
*address = (uint64_t)((int64_t)info->instrPointer + operand->imm.value.sqword); *address = (uint64_t)((int64_t)info->instrPointer + operand->imm.value.s);
switch (info->machineMode) switch (info->machineMode)
{ {
case 16: case 16: