Minor refactorings

- `ZydisUtilsCalcAbsoluteTargetAddress` is now called `ZydisCalcAbsoluteAddress`
- `ZydisCalcAbsoluteAddress` does now handle `MEM` operands with absolute displacement values
This commit is contained in:
flobernd 2017-09-25 17:59:14 +02:00
parent 10a9765585
commit ded9d0e513
4 changed files with 39 additions and 44 deletions

View File

@ -157,7 +157,7 @@ typedef struct ZydisDecodedOperand_
ZydisBool isSigned;
/**
* @brief Signals, if the immediate value contains a relative offset. You can use
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address value.
* @c ZydisCalcAbsoluteAddress to determine the absolute address value.
*/
ZydisBool isRelative;
/**
@ -1251,8 +1251,7 @@ typedef struct ZydisDecodedInstruction_
ZydisBool isSigned;
/**
* @brief Signals, if the immediate value contains a relative offset. You can use
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address
* value.
* @c ZydisCalcAbsoluteAddress to determine the absolute address value.
*/
ZydisBool isRelative;
/**

View File

@ -45,17 +45,22 @@ extern "C" {
/* ============================================================================================== */
/**
* @brief Calculates the absolute target-address of an relative instruction operand.
* @brief Calculates the absolute target-address for the given instruction operand.
*
* @param instruction A pointer to the @c ZydisDecodedInstruction struct.
* @param operand A pointer to the @c ZydisDecodedOperand struct.
* @param address A pointer to the memory that receives the absolute target-address.
*
* @return A zydis status code
* @return A zydis status code.
*
* You should use this function in the following cases:
* - `IMM` operands with relative address (e.g. `JMP`, `CALL`, ...)
* - `MEM` operands with RIP/EIP-relative address (e.g. `MOV RAX, [RIP+0x12345678]`)
* - `MEM` operands with absolute address (e.g. `MOV RAX, [0x12345678]`)
* - The displacement needs to get truncated and zero extended
*/
ZYDIS_EXPORT ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(
const ZydisDecodedInstruction* instruction, const ZydisDecodedOperand* operand,
uint64_t* address);
ZYDIS_EXPORT ZydisStatus ZydisCalcAbsoluteAddress(const ZydisDecodedInstruction* instruction,
const ZydisDecodedOperand* operand, uint64_t* address);
/* ============================================================================================== */
/* Flags */
@ -68,7 +73,7 @@ ZYDIS_EXPORT ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(
* @param action The CPU-flag action.
* @param flags A pointer to the variable that receives the flag mask.
*
* @return A zydis status code
* @return A zydis status code.
*/
ZYDIS_EXPORT ZydisStatus ZydisGetAccessedFlagsByAction(const ZydisDecodedInstruction* instruction,
ZydisCPUFlagAction action, ZydisCPUFlagMask* flags);

View File

@ -157,40 +157,13 @@ static ZydisStatus ZydisFormatterFormatOperandMemIntel(const ZydisFormatter* for
(operand->mem.base == ZYDIS_REGISTER_RIP)) &&
(operand->mem.index == ZYDIS_REGISTER_NONE) && (operand->mem.scale == 0))
{
// Address operand
uint64_t address = 0;
ZydisBool absolute = ZYDIS_TRUE;
if (operand->mem.base == ZYDIS_REGISTER_NONE)
{
// MOFFS8/16/32/64
address = (uint64_t)operand->mem.disp.value;
switch (instruction->addressWidth)
{
case 16:
address &= 0xFFFF;
break;
case 32:
address &= 0xFFFFFFFF;
break;
case 64:
break;
default:
return ZYDIS_STATUS_INVALID_PARAMETER;
}
} else
{
// EIP/RIP-relative
// EIP/RIP-relative or absolute-displacement address operand
if ((formatter->addressFormat == ZYDIS_FORMATTER_ADDR_DEFAULT) ||
(formatter->addressFormat == ZYDIS_FORMATTER_ADDR_ABSOLUTE))
{
ZYDIS_CHECK(ZydisUtilsCalcAbsoluteTargetAddress(instruction, operand, &address));
} else
{
absolute = ZYDIS_FALSE;
}
}
if (absolute)
(formatter->addressFormat == ZYDIS_FORMATTER_ADDR_ABSOLUTE) ||
(operand->mem.base == ZYDIS_REGISTER_NONE))
{
uint64_t address;
ZYDIS_CHECK(ZydisCalcAbsoluteAddress(instruction, operand, &address));
ZYDIS_CHECK(formatter->funcPrintAddress(formatter, buffer, bufEnd - *buffer,
instruction, operand, address));
} else
@ -275,7 +248,7 @@ static ZydisStatus ZydisFormatterFormatOperandImmIntel(const ZydisFormatter* for
case ZYDIS_FORMATTER_ADDR_ABSOLUTE:
{
uint64_t address;
ZYDIS_CHECK(ZydisUtilsCalcAbsoluteTargetAddress(instruction, operand, &address));
ZYDIS_CHECK(ZydisCalcAbsoluteAddress(instruction, operand, &address));
return formatter->funcPrintAddress(formatter, buffer, bufferLen, instruction, operand,
address);
}

View File

@ -34,7 +34,7 @@
/* Exported functions */
/* ---------------------------------------------------------------------------------------------- */
ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(const ZydisDecodedInstruction* instruction,
ZydisStatus ZydisCalcAbsoluteAddress(const ZydisDecodedInstruction* instruction,
const ZydisDecodedOperand* operand, uint64_t* address)
{
if (!instruction || !operand || !address)
@ -59,6 +59,24 @@ ZydisStatus ZydisUtilsCalcAbsoluteTargetAddress(const ZydisDecodedInstruction* i
*address = (uint64_t)(instruction->instrPointer + operand->mem.disp.value);
return ZYDIS_STATUS_SUCCESS;
}
if ((operand->mem.base == ZYDIS_REGISTER_NONE) &&
(operand->mem.index == ZYDIS_REGISTER_NONE))
{
switch (instruction->addressWidth)
{
case 16:
*address = (uint64_t)operand->mem.disp.value & 0x000000000000FFFF;
return ZYDIS_STATUS_SUCCESS;
case 32:
*address = (uint64_t)operand->mem.disp.value & 0x00000000FFFFFFFF;
return ZYDIS_STATUS_SUCCESS;
case 64:
*address = (uint64_t)operand->mem.disp.value;
return ZYDIS_STATUS_SUCCESS;
default:
return ZYDIS_STATUS_INVALID_PARAMETER;
}
}
break;
case ZYDIS_OPERAND_TYPE_IMMEDIATE:
if (operand->imm.isSigned && operand->imm.isRelative)