From d475231a63ceebdaef4250c0f6d4b82c6f614149 Mon Sep 17 00:00:00 2001 From: flobernd Date: Tue, 20 Jun 2017 22:44:37 +0200 Subject: [PATCH] Fixed decoding of implicit "1" immediate (ROL, ROR, RCL, ...) --- include/Zydis/InstructionInfo.h | 1 - include/Zydis/Internal/InstructionTable.h | 1 + include/Zydis/Internal/OperandDefinitions.inc | 8 ++++---- src/Decoder.c | 8 +++++++- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/include/Zydis/InstructionInfo.h b/include/Zydis/InstructionInfo.h index 10fba65..c395e5f 100644 --- a/include/Zydis/InstructionInfo.h +++ b/include/Zydis/InstructionInfo.h @@ -121,7 +121,6 @@ enum ZydisOperandEncodings ZYDIS_OPERAND_ENCODING_DISP16_32_64, ZYDIS_OPERAND_ENCODING_DISP32_32_64, ZYDIS_OPERAND_ENCODING_DISP16_32_32, - ZYDIS_OPERAND_ENCODING_UIMM_CONST1, ZYDIS_OPERAND_ENCODING_UIMM8, ZYDIS_OPERAND_ENCODING_UIMM16, ZYDIS_OPERAND_ENCODING_UIMM32, diff --git a/include/Zydis/Internal/InstructionTable.h b/include/Zydis/Internal/InstructionTable.h index 9e8a4d3..714cef1 100644 --- a/include/Zydis/Internal/InstructionTable.h +++ b/include/Zydis/Internal/InstructionTable.h @@ -175,6 +175,7 @@ enum ZydisSemanticOperandTypes ZYDIS_SEMANTIC_OPTYPE_UNUSED, ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_MEM, + ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1, ZYDIS_SEMANTIC_OPTYPE_GPR8, ZYDIS_SEMANTIC_OPTYPE_GPR16, ZYDIS_SEMANTIC_OPTYPE_GPR32, diff --git a/include/Zydis/Internal/OperandDefinitions.inc b/include/Zydis/Internal/OperandDefinitions.inc index 3c57305..143d886 100644 --- a/include/Zydis/Internal/OperandDefinitions.inc +++ b/include/Zydis/Internal/OperandDefinitions.inc @@ -5313,13 +5313,13 @@ const ZydisOperandDefinition operandDefinitions[] = /*14BE*/ { ZYDIS_SEMANTIC_OPTYPE_MMX, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 8, 8, 8 }, ZYDIS_IELEMENT_TYPE_UINT16, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_REG } }, /*14BF*/ { ZYDIS_SEMANTIC_OPTYPE_MMX, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 4, 4, 4 }, ZYDIS_IELEMENT_TYPE_UINT16, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, /*14C0*/ { ZYDIS_SEMANTIC_OPTYPE_MEM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, - /*14C1*/ { ZYDIS_SEMANTIC_OPTYPE_IMM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_UIMM_CONST1 } }, + /*14C1*/ { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_NONE } }, /*14C2*/ { ZYDIS_SEMANTIC_OPTYPE_GPR8, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, - /*14C3*/ { ZYDIS_SEMANTIC_OPTYPE_IMM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_UIMM_CONST1 } }, + /*14C3*/ { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_NONE } }, /*14C4*/ { ZYDIS_SEMANTIC_OPTYPE_MEM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 2, 4, 8 }, ZYDIS_IELEMENT_TYPE_INT, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, - /*14C5*/ { ZYDIS_SEMANTIC_OPTYPE_IMM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_UIMM_CONST1 } }, + /*14C5*/ { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_NONE } }, /*14C6*/ { ZYDIS_SEMANTIC_OPTYPE_GPR16_32_64, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, - /*14C7*/ { ZYDIS_SEMANTIC_OPTYPE_IMM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_UIMM_CONST1 } }, + /*14C7*/ { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_NONE } }, /*14C8*/ { ZYDIS_SEMANTIC_OPTYPE_MEM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_UINT8, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, /*14C9*/ { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_CL } } } }, /*14CA*/ { ZYDIS_SEMANTIC_OPTYPE_GPR8, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READWRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, diff --git a/src/Decoder.c b/src/Decoder.c index db19aa0..cbe63d0 100644 --- a/src/Decoder.c +++ b/src/Decoder.c @@ -1464,6 +1464,13 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_MEM: ZydisDecodeOperandImplicitMemory(context, &info->operands[i], operand); break; + case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1: + info->operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE; + info->operands[i].size = 8; + info->operands[i].imm.value.ubyte = 1; + info->operands[i].imm.isSigned = ZYDIS_FALSE; + info->operands[i].imm.isRelative = ZYDIS_FALSE; + break; default: break; } @@ -1760,7 +1767,6 @@ static ZydisStatus ZydisDecodeOperands(ZydisDecoderContext* context, ZydisInstru case ZYDIS_SEMANTIC_OPTYPE_IMM: ZYDIS_ASSERT((immId == 0) || (immId == 1)); info->operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE; - //ZYDIS_ASSERT(operand->size[context->eoszIndex]); info->operands[i].size = operand->size[context->eoszIndex] * 8; info->operands[i].imm.value.uqword = info->details.imm[immId].value.uqword; info->operands[i].imm.isSigned = info->details.imm[immId].isSigned;