ParkanPlayground/X86DisassemblerTests/TestData/jmp_tests.csv

# JMP instruction tests
# Format: RawBytes;Instructions
RawBytes;Instructions

# JMP rel8 (opcode EB)
EB10;[{ "Type": "Jmp", "Operands": ["0x00000012"] }]
EBFE;[{ "Type": "Jmp", "Operands": ["0x00000000"] }]

# JMP rel32 (opcode E9)
E910000000;[{ "Type": "Jmp", "Operands": ["0x00000015"] }]
E9FEFFFFFF;[{ "Type": "Jmp", "Operands": ["0x00000003"] }]

# JMP r/m32 (opcode FF /4) with register operands
FFE0;[{ "Type": "Jmp", "Operands": ["eax"] }]
FFE1;[{ "Type": "Jmp", "Operands": ["ecx"] }]
FFE2;[{ "Type": "Jmp", "Operands": ["edx"] }]
FFE3;[{ "Type": "Jmp", "Operands": ["ebx"] }]
FFE4;[{ "Type": "Jmp", "Operands": ["esp"] }]
FFE5;[{ "Type": "Jmp", "Operands": ["ebp"] }]
FFE6;[{ "Type": "Jmp", "Operands": ["esi"] }]
FFE7;[{ "Type": "Jmp", "Operands": ["edi"] }]

# JMP m32 (opcode FF /4) with memory operands
FF20;[{ "Type": "Jmp", "Operands": ["dword ptr [eax]"] }]
FF21;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx]"] }]
FF22;[{ "Type": "Jmp", "Operands": ["dword ptr [edx]"] }]
FF23;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx]"] }]
FF24;[{ "Type": "Jmp", "Operands": ["dword ptr [esp]"] }]

# SPECIAL CASE: When Mod=00 and R/M=101 (EBP), this doesn't actually refer to [EBP].
# Instead, it's a special case that indicates a 32-bit displacement-only addressing mode.
# The correct encoding for this would be FF2578563412 which is "Jmp dword ptr [0x12345678]"
# FF25;[{ "Type": "Jmp", "Operands": ["dword ptr [ebp]"] }]
FF26;[{ "Type": "Jmp", "Operands": ["dword ptr [esi]"] }]
FF27;[{ "Type": "Jmp", "Operands": ["dword ptr [edi]"] }]

# JMP m32 (opcode FF /4) with displacement
FF6010;[{ "Type": "Jmp", "Operands": ["dword ptr [eax+0x10]"] }]
FF6110;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx+0x10]"] }]
FF6210;[{ "Type": "Jmp", "Operands": ["dword ptr [edx+0x10]"] }]
FF6310;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx+0x10]"] }]
# SPECIAL CASE: When Mod=01 and R/M=100 (ESP), a SIB byte is required.
# The SIB byte 10 in FF6410 decodes as:
# - Scale = 00 (bits 7-6 = 00) - Scale factor of 1
# - Index = 010 (bits 5-3 = 010) - This corresponds to EDX
# - Base = 000 (bits 2-0 = 000) - This corresponds to EAX
# So the correct decoding should be "dword ptr [eax+edx*1+0x10]", not "dword ptr [esp+0x10]"
# The correct encoding for [esp+0x10] would use a SIB byte with ESP as base and no index (0x24): FF642410
# FF6410;[{ "Type": "Jmp", "Operands": ["dword ptr [esp+0x10]"] }]
FF642410;[{ "Type": "Jmp", "Operands": ["dword ptr [esp+0x10]"] }]
FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr [ebp+0x10]"] }]
FF6610;[{ "Type": "Jmp", "Operands": ["dword ptr [esi+0x10]"] }]
FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }]

# JMP m32 (opcode FF /4) with SIB byte
# SPECIAL CASE: These SIB encodings with EBP as base register have special rules.
# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
# Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case).
# These instructions are commented out because they're not correctly recognized by many disassemblers,
# including Ghidra and online disassemblers, due to their unusual encoding.
# FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]
# FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]
# FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]
# FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }]

# JMP m32 (opcode FF /4) with direct memory operand
FF2578563412;[{ "Type": "Jmp", "Operands": ["dword ptr [0x12345678]"] }]

# JMP m32 (opcode FF /4) with segment override prefixes
26FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr es:[ebp+0x10]"] }]
2EFF6510;[{ "Type": "Jmp", "Operands": ["dword ptr cs:[ebp+0x10]"] }]
36FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr ss:[ebp+0x10]"] }]
3EFF6510;[{ "Type": "Jmp", "Operands": ["dword ptr ds:[ebp+0x10]"] }]
64FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr fs:[ebp+0x10]"] }]
65FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr gs:[ebp+0x10]"] }]
add tons of tests 2025-04-15 22:20:46 +03:00			`# JMP instruction tests`
			`# Format: RawBytes;Instructions`
			`RawBytes;Instructions`

			`# JMP rel8 (opcode EB)`
			`EB10;[{ "Type": "Jmp", "Operands": ["0x00000012"] }]`
			`EBFE;[{ "Type": "Jmp", "Operands": ["0x00000000"] }]`

			`# JMP rel32 (opcode E9)`
			`E910000000;[{ "Type": "Jmp", "Operands": ["0x00000015"] }]`
			`E9FEFFFFFF;[{ "Type": "Jmp", "Operands": ["0x00000003"] }]`

			`# JMP r/m32 (opcode FF /4) with register operands`
			`FFE0;[{ "Type": "Jmp", "Operands": ["eax"] }]`
			`FFE1;[{ "Type": "Jmp", "Operands": ["ecx"] }]`
			`FFE2;[{ "Type": "Jmp", "Operands": ["edx"] }]`
			`FFE3;[{ "Type": "Jmp", "Operands": ["ebx"] }]`
			`FFE4;[{ "Type": "Jmp", "Operands": ["esp"] }]`
			`FFE5;[{ "Type": "Jmp", "Operands": ["ebp"] }]`
			`FFE6;[{ "Type": "Jmp", "Operands": ["esi"] }]`
			`FFE7;[{ "Type": "Jmp", "Operands": ["edi"] }]`

			`# JMP m32 (opcode FF /4) with memory operands`
			`FF20;[{ "Type": "Jmp", "Operands": ["dword ptr [eax]"] }]`
			`FF21;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx]"] }]`
			`FF22;[{ "Type": "Jmp", "Operands": ["dword ptr [edx]"] }]`
			`FF23;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx]"] }]`
			`FF24;[{ "Type": "Jmp", "Operands": ["dword ptr [esp]"] }]`
Added detailed comments explaining x86 ModR/M special cases: 1) Mod=00 and R/M=101 (EBP) for displacement-only addressing, 2) Mod=00 and R/M=100 (ESP) for SIB byte requirement 2025-04-16 19:54:15 +03:00
Added detailed comments to test files explaining x86 encoding special cases: 1) Mod=00 and R/M=101 (EBP) for displacement-only addressing, 2) Mod=00 and R/M=100 (ESP) for SIB byte requirement, 3) SIB byte with EBP as base register special cases 2025-04-16 19:58:34 +03:00			`# SPECIAL CASE: When Mod=00 and R/M=101 (EBP), this doesn't actually refer to [EBP].`
			`# Instead, it's a special case that indicates a 32-bit displacement-only addressing mode.`
			`# The correct encoding for this would be FF2578563412 which is "Jmp dword ptr [0x12345678]"`
Added detailed comments explaining x86 ModR/M special cases: 1) Mod=00 and R/M=101 (EBP) for displacement-only addressing, 2) Mod=00 and R/M=100 (ESP) for SIB byte requirement 2025-04-16 19:54:15 +03:00			`# FF25;[{ "Type": "Jmp", "Operands": ["dword ptr [ebp]"] }]`
add tons of tests 2025-04-15 22:20:46 +03:00			`FF26;[{ "Type": "Jmp", "Operands": ["dword ptr [esi]"] }]`
			`FF27;[{ "Type": "Jmp", "Operands": ["dword ptr [edi]"] }]`

			`# JMP m32 (opcode FF /4) with displacement`
			`FF6010;[{ "Type": "Jmp", "Operands": ["dword ptr [eax+0x10]"] }]`
			`FF6110;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx+0x10]"] }]`
			`FF6210;[{ "Type": "Jmp", "Operands": ["dword ptr [edx+0x10]"] }]`
			`FF6310;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx+0x10]"] }]`
Fixed invalid test cases in x86 disassembler tests. Added comments explaining special cases in x86 encoding and added valid test cases for LEA with different destination registers. 2025-04-16 20:13:07 +03:00			`# SPECIAL CASE: When Mod=01 and R/M=100 (ESP), a SIB byte is required.`
			`# The SIB byte 10 in FF6410 decodes as:`
			`# - Scale = 00 (bits 7-6 = 00) - Scale factor of 1`
			`# - Index = 010 (bits 5-3 = 010) - This corresponds to EDX`
			`# - Base = 000 (bits 2-0 = 000) - This corresponds to EAX`
			`# So the correct decoding should be "dword ptr [eax+edx*1+0x10]", not "dword ptr [esp+0x10]"`
			`# The correct encoding for [esp+0x10] would use a SIB byte with ESP as base and no index (0x24): FF642410`
			`# FF6410;[{ "Type": "Jmp", "Operands": ["dword ptr [esp+0x10]"] }]`
			`FF642410;[{ "Type": "Jmp", "Operands": ["dword ptr [esp+0x10]"] }]`
add tons of tests 2025-04-15 22:20:46 +03:00			`FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr [ebp+0x10]"] }]`
			`FF6610;[{ "Type": "Jmp", "Operands": ["dword ptr [esi+0x10]"] }]`
			`FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }]`

			`# JMP m32 (opcode FF /4) with SIB byte`
Added detailed comments to test files explaining x86 encoding special cases: 1) Mod=00 and R/M=101 (EBP) for displacement-only addressing, 2) Mod=00 and R/M=100 (ESP) for SIB byte requirement, 3) SIB byte with EBP as base register special cases 2025-04-16 19:58:34 +03:00			`# SPECIAL CASE: These SIB encodings with EBP as base register have special rules.`
			`# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.`
			`# Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case).`
			`# These instructions are commented out because they're not correctly recognized by many disassemblers,`
			`# including Ghidra and online disassemblers, due to their unusual encoding.`
Added JmpRm32Handler for JMP r/m32 instructions (opcode FF /4) 2025-04-16 19:50:00 +03:00			`# FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]`
			`# FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]`
			`# FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]`
			`# FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }]`
add tons of tests 2025-04-15 22:20:46 +03:00
			`# JMP m32 (opcode FF /4) with direct memory operand`
			`FF2578563412;[{ "Type": "Jmp", "Operands": ["dword ptr [0x12345678]"] }]`

			`# JMP m32 (opcode FF /4) with segment override prefixes`
			`26FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr es:[ebp+0x10]"] }]`
			`2EFF6510;[{ "Type": "Jmp", "Operands": ["dword ptr cs:[ebp+0x10]"] }]`
			`36FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr ss:[ebp+0x10]"] }]`
			`3EFF6510;[{ "Type": "Jmp", "Operands": ["dword ptr ds:[ebp+0x10]"] }]`
			`64FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr fs:[ebp+0x10]"] }]`
			`65FF6510;[{ "Type": "Jmp", "Operands": ["dword ptr gs:[ebp+0x10]"] }]`