x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Minor refactorings 

- `ZydisUtilsCalcAbsoluteTargetAddress` is now called `ZydisCalcAbsoluteAddress`
- `ZydisCalcAbsoluteAddress` does now handle `MEM` operands with absolute displacement values
This commit is contained in:
flobernd 2017-09-25 17:59:14 +02:00
parent 10a9765585
commit ded9d0e513
4 changed files with 39 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/Zydis/DecoderTypes.h
View File

@ -157,7 +157,7 @@ typedef struct ZydisDecodedOperand_
ZydisBool isSigned; ZydisBool isSigned;
/** /**
* @brief Signals, if the immediate value contains a relative offset. You can use * @brief Signals, if the immediate value contains a relative offset. You can use
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address value. * @c ZydisCalcAbsoluteAddress to determine the absolute address value.
*/ */
ZydisBool isRelative; ZydisBool isRelative;
/** /**
@ -1251,8 +1251,7 @@ typedef struct ZydisDecodedInstruction_
ZydisBool isSigned; ZydisBool isSigned;
/** /**
* @brief Signals, if the immediate value contains a relative offset. You can use * @brief Signals, if the immediate value contains a relative offset. You can use
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address * @c ZydisCalcAbsoluteAddress to determine the absolute address value.
* value.
*/ */
ZydisBool isRelative; ZydisBool isRelative;
/** /**

17
include/Zydis/Utils.h
View File

@ -45,17 +45,22 @@ extern "C" {
/* ============================================================================================== */ /* ============================================================================================== */
/** /**
* @brief Calculates the absolute target-address of an relative instruction operand. * @brief Calculates the absolute target-address for the given instruction operand.
* *
* @param instruction A pointer to the @c ZydisDecodedInstruction struct. * @param instruction A pointer to the @c ZydisDecodedInstruction struct.
* @param operand A pointer to the @c ZydisDecodedOperand struct. * @param operand A pointer to the @c ZydisDecodedOperand struct.
* @param address A pointer to the memory that receives the absolute target-address. * @param address A pointer to the memory that receives the absolute target-address.
* *
* @return A zydis status code * @return A zydis status code.
*
* You should use this function in the following cases:
* - `IMM` operands with relative address (e.g. `JMP`, `CALL`, ...)
* - `MEM` operands with RIP/EIP-relative address (e.g. `MOV RAX, [RIP+0x12345678]`)
* - `MEM` operands with absolute address (e.g. `MOV RAX, [0x12345678]`)
* - The displacement needs to get truncated and zero extended
*/ */
ZYDIS_EXPORT ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress( ZYDIS_EXPORT ZydisStatus ZydisCalcAbsoluteAddress(const ZydisDecodedInstruction* instruction,
const ZydisDecodedInstruction* instruction, const ZydisDecodedOperand* operand, const ZydisDecodedOperand* operand, uint64_t* address);
uint64_t* address);
/* ============================================================================================== */ /* ============================================================================================== */
/* Flags */ /* Flags */
@ -68,7 +73,7 @@ ZYDIS_EXPORT ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(
* @param action The CPU-flag action. * @param action The CPU-flag action.
* @param flags A pointer to the variable that receives the flag mask. * @param flags A pointer to the variable that receives the flag mask.
* *
* @return A zydis status code * @return A zydis status code.
*/ */
ZYDIS_EXPORT ZydisStatus ZydisGetAccessedFlagsByAction(const ZydisDecodedInstruction* instruction, ZYDIS_EXPORT ZydisStatus ZydisGetAccessedFlagsByAction(const ZydisDecodedInstruction* instruction,
ZydisCPUFlagAction action, ZydisCPUFlagMask* flags); ZydisCPUFlagAction action, ZydisCPUFlagMask* flags);

41
src/Formatter.c
View File

@ -157,40 +157,13 @@ static ZydisStatus ZydisFormatterFormatOperandMemIntel(const ZydisFormatter* for
(operand->mem.base == ZYDIS_REGISTER_RIP)) && (operand->mem.base == ZYDIS_REGISTER_RIP)) &&
(operand->mem.index == ZYDIS_REGISTER_NONE) && (operand->mem.scale == 0)) (operand->mem.index == ZYDIS_REGISTER_NONE) && (operand->mem.scale == 0))
{ {
// Address operand // EIP/RIP-relative or absolute-displacement address operand
uint64_t address = 0; if ((formatter->addressFormat == ZYDIS_FORMATTER_ADDR_DEFAULT) ||
ZydisBool absolute = ZYDIS_TRUE; (formatter->addressFormat == ZYDIS_FORMATTER_ADDR_ABSOLUTE) ||
if (operand->mem.base == ZYDIS_REGISTER_NONE) (operand->mem.base == ZYDIS_REGISTER_NONE))
{
// MOFFS8/16/32/64
address = (uint64_t)operand->mem.disp.value;
switch (instruction->addressWidth)
{
case 16:
address &= 0xFFFF;
break;
case 32:
address &= 0xFFFFFFFF;
break;
case 64:
break;
default:
return ZYDIS_STATUS_INVALID_PARAMETER;
}
} else
{
// EIP/RIP-relative
if ((formatter->addressFormat == ZYDIS_FORMATTER_ADDR_DEFAULT) ||
(formatter->addressFormat == ZYDIS_FORMATTER_ADDR_ABSOLUTE))
{
ZYDIS_CHECK(ZydisUtilsCalcAbsoluteTargetAddress(instruction, operand, &address));
} else
{
absolute = ZYDIS_FALSE;
}
}
if (absolute)
{ {
uint64_t address;
ZYDIS_CHECK(ZydisCalcAbsoluteAddress(instruction, operand, &address));
ZYDIS_CHECK(formatter->funcPrintAddress(formatter, buffer, bufEnd - *buffer, ZYDIS_CHECK(formatter->funcPrintAddress(formatter, buffer, bufEnd - *buffer,
instruction, operand, address)); instruction, operand, address));
} else } else
@ -275,7 +248,7 @@ static ZydisStatus ZydisFormatterFormatOperandImmIntel(const ZydisFormatter* for
case ZYDIS_FORMATTER_ADDR_ABSOLUTE: case ZYDIS_FORMATTER_ADDR_ABSOLUTE:
{ {
uint64_t address; uint64_t address;
ZYDIS_CHECK(ZydisUtilsCalcAbsoluteTargetAddress(instruction, operand, &address)); ZYDIS_CHECK(ZydisCalcAbsoluteAddress(instruction, operand, &address));
return formatter->funcPrintAddress(formatter, buffer, bufferLen, instruction, operand, return formatter->funcPrintAddress(formatter, buffer, bufferLen, instruction, operand,
address); address);
} }

20
src/Utils.c
View File

@ -34,7 +34,7 @@
/* Exported functions */ /* Exported functions */
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(const ZydisDecodedInstruction* instruction, ZydisStatus ZydisCalcAbsoluteAddress(const ZydisDecodedInstruction* instruction,
const ZydisDecodedOperand* operand, uint64_t* address) const ZydisDecodedOperand* operand, uint64_t* address)
{ {
if (!instruction || !operand || !address) if (!instruction || !operand || !address)
@ -59,6 +59,24 @@ ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(const ZydisDecodedInstruction* i
*address = (uint64_t)(instruction->instrPointer + operand->mem.disp.value); *address = (uint64_t)(instruction->instrPointer + operand->mem.disp.value);
return ZYDIS_STATUS_SUCCESS; return ZYDIS_STATUS_SUCCESS;
} }
if ((operand->mem.base == ZYDIS_REGISTER_NONE) &&
(operand->mem.index == ZYDIS_REGISTER_NONE))
{
switch (instruction->addressWidth)
{
case 16:
*address = (uint64_t)operand->mem.disp.value & 0x000000000000FFFF;
return ZYDIS_STATUS_SUCCESS;
case 32:
*address = (uint64_t)operand->mem.disp.value & 0x00000000FFFFFFFF;
return ZYDIS_STATUS_SUCCESS;
case 64:
*address = (uint64_t)operand->mem.disp.value;
return ZYDIS_STATUS_SUCCESS;
default:
return ZYDIS_STATUS_INVALID_PARAMETER;
}
}
break; break;
case ZYDIS_OPERAND_TYPE_IMMEDIATE: case ZYDIS_OPERAND_TYPE_IMMEDIATE:
if (operand->imm.isSigned && operand->imm.isRelative) if (operand->imm.isSigned && operand->imm.isRelative)