mirror of
https://github.com/sampletext32/ParkanPlayground.git
synced 2025-05-19 03:41:18 +03:00
Fixes to tests and ModRM + SIB
This commit is contained in:
bird_egop
parent
7c0e6d7f3a
commit
124493cd94
@ -23,7 +23,14 @@ public class AddEaxImmHandler : InstructionHandler
|
|||||||
/// <returns>True if this handler can decode the opcode</returns>
|
/// <returns>True if this handler can decode the opcode</returns>
|
||||||
public override bool CanHandle(byte opcode)
|
public override bool CanHandle(byte opcode)
|
||||||
{
|
{
|
||||||
return opcode == 0x05;
|
// ADD EAX, imm32 is encoded as 0x05 without 0x66 prefix
|
||||||
|
if (opcode != 0x05)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Only handle when the operand size prefix is NOT present
|
||||||
|
return !Decoder.HasOperandSizePrefix();
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|||||||
@ -23,7 +23,14 @@ public class AndEaxImmHandler : InstructionHandler
|
|||||||
/// <returns>True if this handler can decode the opcode</returns>
|
/// <returns>True if this handler can decode the opcode</returns>
|
||||||
public override bool CanHandle(byte opcode)
|
public override bool CanHandle(byte opcode)
|
||||||
{
|
{
|
||||||
return opcode == 0x25;
|
// AND EAX, imm32 is encoded as 0x25 without 0x66 prefix
|
||||||
|
if (opcode != 0x25)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Only handle when the operand size prefix is NOT present
|
||||||
|
return !Decoder.HasOperandSizePrefix();
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|||||||
@ -23,16 +23,19 @@ public class IdivRm32Handler : InstructionHandler
|
|||||||
/// <returns>True if this handler can decode the opcode</returns>
|
/// <returns>True if this handler can decode the opcode</returns>
|
||||||
public override bool CanHandle(byte opcode)
|
public override bool CanHandle(byte opcode)
|
||||||
{
|
{
|
||||||
|
// IDIV r/m32 is encoded as 0xF7 with reg field 7
|
||||||
if (opcode != 0xF7)
|
if (opcode != 0xF7)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
// Check if the reg field of the ModR/M byte is 7 (IDIV)
|
// Check if we can read the ModR/M byte
|
||||||
if (!Decoder.CanReadByte())
|
if (!Decoder.CanReadByte())
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
// Check if the reg field of the ModR/M byte is 7 (IDIV)
|
||||||
var reg = ModRMDecoder.PeakModRMReg();
|
var reg = ModRMDecoder.PeakModRMReg();
|
||||||
|
|
||||||
return reg == 7; // 7 = IDIV
|
// reg = 7 means IDIV operation
|
||||||
|
return reg == 7;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -54,7 +57,13 @@ public class IdivRm32Handler : InstructionHandler
|
|||||||
// Read the ModR/M byte
|
// Read the ModR/M byte
|
||||||
// For IDIV r/m32 (0xF7 /7):
|
// For IDIV r/m32 (0xF7 /7):
|
||||||
// - The r/m field with mod specifies the operand (register or memory)
|
// - The r/m field with mod specifies the operand (register or memory)
|
||||||
var (_, _, _, operand) = ModRMDecoder.ReadModRM();
|
var (mod, reg, rm, operand) = ModRMDecoder.ReadModRM();
|
||||||
|
|
||||||
|
// Verify that the reg field is 7 (IDIV)
|
||||||
|
if (reg != RegisterIndex.Di)
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Set the structured operands
|
// Set the structured operands
|
||||||
// IDIV has only one operand
|
// IDIV has only one operand
|
||||||
|
|||||||
@ -80,21 +80,22 @@ public class InstructionHandlerFactory
|
|||||||
RegisterImulHandlers(); // IMUL instructions
|
RegisterImulHandlers(); // IMUL instructions
|
||||||
RegisterDivHandlers(); // DIV instructions
|
RegisterDivHandlers(); // DIV instructions
|
||||||
RegisterIdivHandlers(); // IDIV instructions
|
RegisterIdivHandlers(); // IDIV instructions
|
||||||
RegisterDataTransferHandlers();
|
RegisterDataTransferHandlers(); // MOV, MOVZX, MOVSX
|
||||||
RegisterJumpHandlers();
|
RegisterJumpHandlers(); // JMP instructions
|
||||||
RegisterCallHandlers();
|
RegisterCallHandlers(); // CALL instructions
|
||||||
RegisterReturnHandlers();
|
RegisterReturnHandlers(); // RET instructions
|
||||||
RegisterDecHandlers();
|
RegisterDecHandlers(); // DEC instructions
|
||||||
RegisterIncHandlers(); // INC/DEC handlers after Group 1 handlers
|
RegisterIncHandlers(); // INC/DEC handlers after Group 1 handlers
|
||||||
RegisterPushHandlers();
|
RegisterPushHandlers(); // PUSH instructions
|
||||||
RegisterPopHandlers();
|
RegisterPopHandlers(); // POP instructions
|
||||||
RegisterLeaHandlers();
|
RegisterLeaHandlers(); // LEA instructions
|
||||||
RegisterFloatingPointHandlers();
|
RegisterFloatingPointHandlers(); // FPU instructions
|
||||||
RegisterStringHandlers();
|
RegisterStringHandlers(); // String instructions
|
||||||
RegisterMovHandlers();
|
RegisterMovHandlers(); // MOV instructions
|
||||||
RegisterSubHandlers(); // Register SUB handlers
|
RegisterSubHandlers(); // Register SUB handlers
|
||||||
RegisterNopHandlers(); // Register NOP handlers
|
RegisterNopHandlers(); // Register NOP handlers
|
||||||
RegisterBitHandlers(); // Register bit manipulation handlers
|
RegisterBitHandlers(); // Register bit manipulation handlers
|
||||||
|
RegisterAndHandlers(); // Register AND handlers
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -168,9 +169,9 @@ public class InstructionHandlerFactory
|
|||||||
_handlers.Add(new JmpRm32Handler(_decoder)); // JMP r/m32 (opcode FF /4)
|
_handlers.Add(new JmpRm32Handler(_decoder)); // JMP r/m32 (opcode FF /4)
|
||||||
|
|
||||||
// Conditional jump handlers
|
// Conditional jump handlers
|
||||||
_handlers.Add(new JgeRel8Handler(_decoder));
|
_handlers.Add(new JgeRel8Handler(_decoder)); // JGE rel8 (opcode 0F 8D)
|
||||||
_handlers.Add(new ConditionalJumpHandler(_decoder));
|
_handlers.Add(new ConditionalJumpHandler(_decoder)); // Short conditional jumps
|
||||||
_handlers.Add(new TwoByteConditionalJumpHandler(_decoder));
|
_handlers.Add(new TwoByteConditionalJumpHandler(_decoder)); // Long conditional jumps
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -179,12 +180,12 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterTestHandlers()
|
private void RegisterTestHandlers()
|
||||||
{
|
{
|
||||||
// TEST handlers
|
// TEST handlers
|
||||||
_handlers.Add(new TestImmWithRm32Handler(_decoder));
|
_handlers.Add(new TestImmWithRm32Handler(_decoder)); // TEST r/m32, imm32 (opcode A9)
|
||||||
_handlers.Add(new TestImmWithRm8Handler(_decoder));
|
_handlers.Add(new TestImmWithRm8Handler(_decoder)); // TEST r/m8, imm8 (opcode F6 /0)
|
||||||
_handlers.Add(new TestRegMem8Handler(_decoder));
|
_handlers.Add(new TestRegMem8Handler(_decoder)); // TEST r8, r/m8 (opcode 84 /0)
|
||||||
_handlers.Add(new TestRegMemHandler(_decoder));
|
_handlers.Add(new TestRegMemHandler(_decoder)); // TEST r32, r/m32 (opcode 85 /0)
|
||||||
_handlers.Add(new TestAlImmHandler(_decoder));
|
_handlers.Add(new TestAlImmHandler(_decoder)); // TEST AL, imm8 (opcode A8)
|
||||||
_handlers.Add(new TestEaxImmHandler(_decoder));
|
_handlers.Add(new TestEaxImmHandler(_decoder)); // TEST EAX, imm32 (opcode A9)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -243,7 +244,7 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterLeaHandlers()
|
private void RegisterLeaHandlers()
|
||||||
{
|
{
|
||||||
// Add Lea handlers
|
// Add Lea handlers
|
||||||
_handlers.Add(new LeaR32MHandler(_decoder));
|
_handlers.Add(new LeaR32MHandler(_decoder)); // LEA r32, m (opcode 8D)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -252,21 +253,21 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterCmpHandlers()
|
private void RegisterCmpHandlers()
|
||||||
{
|
{
|
||||||
// Add Cmp handlers for 32-bit operands
|
// Add Cmp handlers for 32-bit operands
|
||||||
_handlers.Add(new CmpR32Rm32Handler(_decoder));
|
_handlers.Add(new CmpR32Rm32Handler(_decoder)); // CMP r32, r/m32 (opcode 3B)
|
||||||
_handlers.Add(new CmpRm32R32Handler(_decoder));
|
_handlers.Add(new CmpRm32R32Handler(_decoder)); // CMP r/m32, r32 (opcode 39)
|
||||||
|
|
||||||
// Add Cmp handlers for 8-bit operands
|
// Add Cmp handlers for 8-bit operands
|
||||||
_handlers.Add(new CmpRm8R8Handler(_decoder)); // CMP r/m8, r8 (opcode 38)
|
_handlers.Add(new CmpRm8R8Handler(_decoder)); // CMP r/m8, r8 (opcode 38)
|
||||||
_handlers.Add(new CmpR8Rm8Handler(_decoder)); // CMP r8, r/m8 (opcode 3A)
|
_handlers.Add(new CmpR8Rm8Handler(_decoder)); // CMP r8, r/m8 (opcode 3A)
|
||||||
|
|
||||||
// Add Cmp handlers for immediate operands
|
// Add Cmp handlers for immediate operands
|
||||||
_handlers.Add(new CmpImmWithRm8Handler(_decoder));
|
_handlers.Add(new CmpImmWithRm8Handler(_decoder)); // CMP r/m8, imm8 (opcode 80 /7)
|
||||||
_handlers.Add(new CmpAlImmHandler(_decoder)); // CMP AL, imm8 (opcode 3C)
|
_handlers.Add(new CmpAlImmHandler(_decoder)); // CMP AL, imm8 (opcode 3C)
|
||||||
_handlers.Add(new CmpEaxImmHandler(_decoder)); // CMP EAX, imm32 (opcode 3D)
|
_handlers.Add(new CmpEaxImmHandler(_decoder)); // CMP EAX, imm32 (opcode 3D)
|
||||||
|
|
||||||
// Add CMP immediate handlers from ArithmeticImmediate namespace
|
// Add CMP immediate handlers from ArithmeticImmediate namespace
|
||||||
_handlers.Add(new CmpImmWithRm32Handler(_decoder));
|
_handlers.Add(new CmpImmWithRm32Handler(_decoder)); // CMP r/m32, imm32 (opcode 81 /7)
|
||||||
_handlers.Add(new CmpImmWithRm32SignExtendedHandler(_decoder));
|
_handlers.Add(new CmpImmWithRm32SignExtendedHandler(_decoder)); // CMP r/m32, imm8 (opcode 83 /7)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -275,7 +276,9 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterDecHandlers()
|
private void RegisterDecHandlers()
|
||||||
{
|
{
|
||||||
// Add Dec handlers
|
// Add Dec handlers
|
||||||
_handlers.Add(new DecRegHandler(_decoder));
|
_handlers.Add(new DecRegHandler(_decoder)); // DEC r/m8 (opcode FE)
|
||||||
|
|
||||||
|
// _handlers.Add(new DecMem8Handler(_decoder)); // DEC r/m16 (opcode FF /1) and DEC r/m32 (opcode FF /1)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -284,7 +287,9 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterIncHandlers()
|
private void RegisterIncHandlers()
|
||||||
{
|
{
|
||||||
// Add Inc handlers
|
// Add Inc handlers
|
||||||
_handlers.Add(new IncRegHandler(_decoder));
|
_handlers.Add(new IncRegHandler(_decoder)); // INC r/m8 (opcode FE)
|
||||||
|
|
||||||
|
// _handlers.Add(new IncMem8Handler(_decoder)); // INC r/m16 (opcode FF /0) and INC r/m32 (opcode FF /0)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -295,7 +300,8 @@ public class InstructionHandlerFactory
|
|||||||
// Add ADD register-to-register handlers (32-bit)
|
// Add ADD register-to-register handlers (32-bit)
|
||||||
_handlers.Add(new AddR32Rm32Handler(_decoder)); // ADD r32, r/m32 (opcode 03)
|
_handlers.Add(new AddR32Rm32Handler(_decoder)); // ADD r32, r/m32 (opcode 03)
|
||||||
_handlers.Add(new AddRm32R32Handler(_decoder)); // ADD r/m32, r32 (opcode 01)
|
_handlers.Add(new AddRm32R32Handler(_decoder)); // ADD r/m32, r32 (opcode 01)
|
||||||
_handlers.Add(new AddEaxImmHandler(_decoder)); // ADD EAX, imm32 (opcode 05)
|
_handlers.Add(new AddEaxImmHandler(_decoder)); // ADD EAX, imm32 (opcode 05 without 0x66 prefix)
|
||||||
|
_handlers.Add(new AddAxImmHandler(_decoder)); // ADD AX, imm16 (opcode 05 with 0x66 prefix)
|
||||||
|
|
||||||
// Add ADD register-to-register handlers (16-bit)
|
// Add ADD register-to-register handlers (16-bit)
|
||||||
_handlers.Add(new AddR16Rm16Handler(_decoder)); // ADD r16, r/m16 (opcode 03 with 0x66 prefix)
|
_handlers.Add(new AddR16Rm16Handler(_decoder)); // ADD r16, r/m16 (opcode 03 with 0x66 prefix)
|
||||||
@ -320,17 +326,17 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterDataTransferHandlers()
|
private void RegisterDataTransferHandlers()
|
||||||
{
|
{
|
||||||
// Add MOV handlers
|
// Add MOV handlers
|
||||||
_handlers.Add(new MovRegMemHandler(_decoder));
|
_handlers.Add(new MovRegMemHandler(_decoder)); // MOV r32, r/m32 (opcode 8B)
|
||||||
_handlers.Add(new MovMemRegHandler(_decoder));
|
_handlers.Add(new MovMemRegHandler(_decoder)); // MOV r/m32, r32 (opcode 89)
|
||||||
_handlers.Add(new MovRegImm32Handler(_decoder));
|
_handlers.Add(new MovRegImm32Handler(_decoder)); // MOV r32, imm32 (opcode B8 + register)
|
||||||
_handlers.Add(new MovRegImm8Handler(_decoder));
|
_handlers.Add(new MovRegImm8Handler(_decoder)); // MOV r32, imm8 (opcode B0 + register)
|
||||||
_handlers.Add(new MovEaxMoffsHandler(_decoder));
|
_handlers.Add(new MovEaxMoffsHandler(_decoder)); // MOV EAX, moffs32 (opcode A1)
|
||||||
_handlers.Add(new MovMoffsEaxHandler(_decoder));
|
_handlers.Add(new MovMoffsEaxHandler(_decoder)); // MOV moffs32, EAX (opcode A3)
|
||||||
_handlers.Add(new MovRm32Imm32Handler(_decoder));
|
_handlers.Add(new MovRm32Imm32Handler(_decoder)); // MOV r/m32, imm32 (opcode C7 /0)
|
||||||
_handlers.Add(new MovRm8Imm8Handler(_decoder));
|
_handlers.Add(new MovRm8Imm8Handler(_decoder)); // MOV r/m8, imm8 (opcode C6 /0)
|
||||||
|
|
||||||
// Add XCHG handlers
|
// Add XCHG handlers
|
||||||
_handlers.Add(new XchgEaxRegHandler(_decoder));
|
_handlers.Add(new XchgEaxRegHandler(_decoder)); // XCHG EAX, r32 (opcode 90 + register)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -339,15 +345,15 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterFloatingPointHandlers()
|
private void RegisterFloatingPointHandlers()
|
||||||
{
|
{
|
||||||
// Add Floating Point handlers
|
// Add Floating Point handlers
|
||||||
_handlers.Add(new FnstswHandler(_decoder));
|
_handlers.Add(new FnstswHandler(_decoder)); // FSTSW (opcode DF /7)
|
||||||
_handlers.Add(new Float32OperationHandler(_decoder));
|
_handlers.Add(new Float32OperationHandler(_decoder)); // Floating Point operations on 32-bit values
|
||||||
_handlers.Add(new LoadStoreControlHandler(_decoder));
|
_handlers.Add(new LoadStoreControlHandler(_decoder)); // Load and store control words (opcode D9 /0)
|
||||||
_handlers.Add(new Int32OperationHandler(_decoder));
|
_handlers.Add(new Int32OperationHandler(_decoder)); // Integer operations on 32-bit values
|
||||||
_handlers.Add(new LoadStoreInt32Handler(_decoder));
|
_handlers.Add(new LoadStoreInt32Handler(_decoder)); // Load and store 32-bit values
|
||||||
_handlers.Add(new Float64OperationHandler(_decoder));
|
_handlers.Add(new Float64OperationHandler(_decoder)); // Floating Point operations on 64-bit values
|
||||||
_handlers.Add(new LoadStoreFloat64Handler(_decoder));
|
_handlers.Add(new LoadStoreFloat64Handler(_decoder)); // Load and store 64-bit values
|
||||||
_handlers.Add(new Int16OperationHandler(_decoder));
|
_handlers.Add(new Int16OperationHandler(_decoder)); // Integer operations on 16-bit values
|
||||||
_handlers.Add(new LoadStoreInt16Handler(_decoder));
|
_handlers.Add(new LoadStoreInt16Handler(_decoder)); // Load and store 16-bit values
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -407,24 +413,29 @@ public class InstructionHandlerFactory
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Registers all And instruction handlers
|
/// Registers all AND instruction handlers
|
||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterAndHandlers()
|
private void RegisterAndHandlers()
|
||||||
{
|
{
|
||||||
// Add AND immediate handlers
|
// 16-bit handlers with operand size prefix (must come first)
|
||||||
_handlers.Add(new AndImmToRm8Handler(_decoder)); // AND r/m8, imm8 (opcode 80 /4)
|
_handlers.Add(new AndAxImmHandler(_decoder)); // AND AX, imm16 (opcode 25 with 0x66 prefix)
|
||||||
_handlers.Add(new AndImmToRm32Handler(_decoder)); // AND r/m32, imm32 (opcode 81 /4)
|
_handlers.Add(new AndImmToRm16Handler(_decoder)); // AND r/m16, imm16 (opcode 81 /4 with 0x66 prefix)
|
||||||
_handlers.Add(new AndImmToRm32SignExtendedHandler(_decoder)); // AND r/m32, imm8 (opcode 83 /4)
|
_handlers.Add(new AndImmToRm16SignExtendedHandler(_decoder)); // AND r/m16, imm8 (opcode 83 /4 with 0x66 prefix)
|
||||||
|
_handlers.Add(new AndRm16R16Handler(_decoder)); // AND r/m16, r16 (opcode 21 with 0x66 prefix)
|
||||||
// Add AND register handlers
|
_handlers.Add(new AndR16Rm16Handler(_decoder)); // AND r16, r/m16 (opcode 23 with 0x66 prefix)
|
||||||
|
|
||||||
|
// 8-bit handlers
|
||||||
|
_handlers.Add(new AndAlImmHandler(_decoder)); // AND AL, imm8 (opcode 24)
|
||||||
_handlers.Add(new AndR8Rm8Handler(_decoder)); // AND r8, r/m8 (opcode 22)
|
_handlers.Add(new AndR8Rm8Handler(_decoder)); // AND r8, r/m8 (opcode 22)
|
||||||
_handlers.Add(new AndRm8R8Handler(_decoder)); // AND r/m8, r8 (opcode 20)
|
_handlers.Add(new AndRm8R8Handler(_decoder)); // AND r/m8, r8 (opcode 20)
|
||||||
|
_handlers.Add(new AndImmToRm8Handler(_decoder)); // AND r/m8, imm8 (opcode 80 /4)
|
||||||
|
|
||||||
|
// 32-bit handlers
|
||||||
|
_handlers.Add(new AndEaxImmHandler(_decoder)); // AND EAX, imm32 (opcode 25 without 0x66 prefix)
|
||||||
_handlers.Add(new AndR32Rm32Handler(_decoder)); // AND r32, r/m32 (opcode 23)
|
_handlers.Add(new AndR32Rm32Handler(_decoder)); // AND r32, r/m32 (opcode 23)
|
||||||
_handlers.Add(new AndMemRegHandler(_decoder)); // AND r/m32, r32 (opcode 21)
|
_handlers.Add(new AndMemRegHandler(_decoder)); // AND r/m32, r32 (opcode 21)
|
||||||
|
_handlers.Add(new AndImmToRm32Handler(_decoder)); // AND r/m32, imm32 (opcode 81 /4)
|
||||||
// Add AND immediate with accumulator handlers
|
_handlers.Add(new AndImmToRm32SignExtendedHandler(_decoder)); // AND r/m32, imm8 (opcode 83 /4)
|
||||||
_handlers.Add(new AndAlImmHandler(_decoder)); // AND AL, imm8 (opcode 24)
|
|
||||||
_handlers.Add(new AndEaxImmHandler(_decoder)); // AND EAX, imm32 (opcode 25)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -435,23 +446,23 @@ public class InstructionHandlerFactory
|
|||||||
// Register SUB handlers
|
// Register SUB handlers
|
||||||
|
|
||||||
// 16-bit handlers with operand size prefix (must come first)
|
// 16-bit handlers with operand size prefix (must come first)
|
||||||
_handlers.Add(new SubAxImm16Handler(_decoder));
|
_handlers.Add(new SubAxImm16Handler(_decoder)); // SUB AX, imm16 (opcode 0x66 0x83 /5)
|
||||||
_handlers.Add(new SubImmFromRm16Handler(_decoder));
|
_handlers.Add(new SubImmFromRm16Handler(_decoder)); // SUB r/m16, imm16 (opcode 0x66 0x81 /5)
|
||||||
_handlers.Add(new SubImmFromRm16SignExtendedHandler(_decoder));
|
_handlers.Add(new SubImmFromRm16SignExtendedHandler(_decoder)); // SUB r/m16, imm8 (opcode 0x66 0x83 /5)
|
||||||
_handlers.Add(new SubRm16R16Handler(_decoder));
|
_handlers.Add(new SubRm16R16Handler(_decoder)); // SUB r/m16, r16 (opcode 0x66 0x29)
|
||||||
_handlers.Add(new SubR16Rm16Handler(_decoder));
|
_handlers.Add(new SubR16Rm16Handler(_decoder)); // SUB r16, r/m16 (opcode 0x66 0x2B)
|
||||||
|
|
||||||
// 32-bit handlers
|
// 32-bit handlers
|
||||||
_handlers.Add(new SubRm32R32Handler(_decoder));
|
_handlers.Add(new SubRm32R32Handler(_decoder)); // SUB r/m32, r32 (opcode 0x29)
|
||||||
_handlers.Add(new SubR32Rm32Handler(_decoder));
|
_handlers.Add(new SubR32Rm32Handler(_decoder)); // SUB r32, r/m32 (opcode 0x2B)
|
||||||
_handlers.Add(new SubImmFromRm32Handler(_decoder));
|
_handlers.Add(new SubImmFromRm32Handler(_decoder)); // SUB r/m32, imm32 (opcode 0x81 /5)
|
||||||
_handlers.Add(new SubImmFromRm32SignExtendedHandler(_decoder));
|
_handlers.Add(new SubImmFromRm32SignExtendedHandler(_decoder)); // SUB r/m32, imm8 (opcode 0x83 /5)
|
||||||
|
|
||||||
// 8-bit handlers
|
// 8-bit handlers
|
||||||
_handlers.Add(new SubRm8R8Handler(_decoder));
|
_handlers.Add(new SubRm8R8Handler(_decoder)); // SUB r/m8, r8 (opcode 0x28)
|
||||||
_handlers.Add(new SubR8Rm8Handler(_decoder));
|
_handlers.Add(new SubR8Rm8Handler(_decoder)); // SUB r8, r/m8 (opcode 0x2A)
|
||||||
_handlers.Add(new SubAlImm8Handler(_decoder));
|
_handlers.Add(new SubAlImm8Handler(_decoder)); // SUB AL, imm8 (opcode 0x2C)
|
||||||
_handlers.Add(new SubImmFromRm8Handler(_decoder));
|
_handlers.Add(new SubImmFromRm8Handler(_decoder)); // SUB r/m8, imm8 (opcode 0x80 /5)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -460,9 +471,9 @@ public class InstructionHandlerFactory
|
|||||||
private void RegisterNopHandlers()
|
private void RegisterNopHandlers()
|
||||||
{
|
{
|
||||||
// Register NOP handlers
|
// Register NOP handlers
|
||||||
_handlers.Add(new NopHandler(_decoder));
|
_handlers.Add(new NopHandler(_decoder)); // NOP (opcode 0x90)
|
||||||
_handlers.Add(new TwoByteNopHandler(_decoder));
|
_handlers.Add(new TwoByteNopHandler(_decoder)); // 2-byte NOP (opcode 0x66 0x90)
|
||||||
_handlers.Add(new MultiByteNopHandler(_decoder));
|
_handlers.Add(new MultiByteNopHandler(_decoder)); // Multi-byte NOP (opcode 0F 1F /0)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -491,16 +502,15 @@ public class InstructionHandlerFactory
|
|||||||
_handlers.Add(new BsrR32Rm32Handler(_decoder)); // BSR r32, r/m32 (0F BD)
|
_handlers.Add(new BsrR32Rm32Handler(_decoder)); // BSR r32, r/m32 (0F BD)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Registers all NEG instruction handlers
|
/// Registers all NEG instruction handlers
|
||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterNegHandlers()
|
private void RegisterNegHandlers()
|
||||||
{
|
{
|
||||||
// NEG r/m8 handler (F6 /3)
|
_handlers.Add(new NegRm8Handler(_decoder)); // NEG r/m8 handler (F6 /3)
|
||||||
_handlers.Add(new NegRm8Handler(_decoder));
|
_handlers.Add(new NegRm32Handler(_decoder)); // NEG r/m32 handler (F7 /3)
|
||||||
|
|
||||||
// NEG r/m32 handler (F7 /3)
|
|
||||||
_handlers.Add(new NegRm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -508,11 +518,8 @@ public class InstructionHandlerFactory
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterMulHandlers()
|
private void RegisterMulHandlers()
|
||||||
{
|
{
|
||||||
// MUL r/m8 handler (F6 /4)
|
_handlers.Add(new MulRm8Handler(_decoder)); // MUL r/m8 handler (F6 /4)
|
||||||
_handlers.Add(new MulRm8Handler(_decoder));
|
_handlers.Add(new MulRm32Handler(_decoder)); // MUL r/m32 handler (F7 /4)
|
||||||
|
|
||||||
// MUL r/m32 handler (F7 /4)
|
|
||||||
_handlers.Add(new MulRm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -520,11 +527,8 @@ public class InstructionHandlerFactory
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterNotHandlers()
|
private void RegisterNotHandlers()
|
||||||
{
|
{
|
||||||
// NOT r/m8 handler (F6 /2)
|
_handlers.Add(new NotRm8Handler(_decoder)); // NOT r/m8 handler (F6 /2)
|
||||||
_handlers.Add(new NotRm8Handler(_decoder));
|
_handlers.Add(new NotRm32Handler(_decoder)); // NOT r/m32 handler (F7 /2)
|
||||||
|
|
||||||
// NOT r/m32 handler (F7 /2)
|
|
||||||
_handlers.Add(new NotRm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -532,20 +536,12 @@ public class InstructionHandlerFactory
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterImulHandlers()
|
private void RegisterImulHandlers()
|
||||||
{
|
{
|
||||||
// IMUL r/m8 handler (F6 /5)
|
_handlers.Add(new ImulRm8Handler(_decoder)); // IMUL r/m8 handler (F6 /5)
|
||||||
_handlers.Add(new ImulRm8Handler(_decoder));
|
_handlers.Add(new ImulRm32Handler(_decoder)); // IMUL r/m32 handler (F7 /5)
|
||||||
|
|
||||||
// IMUL r/m32 handler (F7 /5)
|
_handlers.Add(new ImulR32Rm32Handler(_decoder)); // IMUL r32, r/m32 handler (0F AF /r)
|
||||||
_handlers.Add(new ImulRm32Handler(_decoder));
|
_handlers.Add(new ImulR32Rm32Imm8Handler(_decoder)); // IMUL r32, r/m32, imm8 handler (6B /r ib)
|
||||||
|
_handlers.Add(new ImulR32Rm32Imm32Handler(_decoder)); // IMUL r32, r/m32, imm32 handler (69 /r id)
|
||||||
// IMUL r32, r/m32 handler (0F AF /r)
|
|
||||||
_handlers.Add(new ImulR32Rm32Handler(_decoder));
|
|
||||||
|
|
||||||
// IMUL r32, r/m32, imm8 handler (6B /r ib)
|
|
||||||
_handlers.Add(new ImulR32Rm32Imm8Handler(_decoder));
|
|
||||||
|
|
||||||
// IMUL r32, r/m32, imm32 handler (69 /r id)
|
|
||||||
_handlers.Add(new ImulR32Rm32Imm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -553,11 +549,8 @@ public class InstructionHandlerFactory
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterDivHandlers()
|
private void RegisterDivHandlers()
|
||||||
{
|
{
|
||||||
// DIV r/m8 handler (F6 /6)
|
_handlers.Add(new DivRm8Handler(_decoder)); // DIV r/m8 handler (F6 /6)
|
||||||
_handlers.Add(new DivRm8Handler(_decoder));
|
_handlers.Add(new DivRm32Handler(_decoder)); // DIV r/m32 handler (F7 /6)
|
||||||
|
|
||||||
// DIV r/m32 handler (F7 /6)
|
|
||||||
_handlers.Add(new DivRm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -565,11 +558,8 @@ public class InstructionHandlerFactory
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
private void RegisterIdivHandlers()
|
private void RegisterIdivHandlers()
|
||||||
{
|
{
|
||||||
// IDIV r/m8 handler (F6 /7)
|
_handlers.Add(new IdivRm8Handler(_decoder)); // IDIV r/m8 handler (F6 /7)
|
||||||
_handlers.Add(new IdivRm8Handler(_decoder));
|
_handlers.Add(new IdivRm32Handler(_decoder)); // IDIV r/m32 handler (F7 /7)
|
||||||
|
|
||||||
// IDIV r/m32 handler (F7 /7)
|
|
||||||
_handlers.Add(new IdivRm32Handler(_decoder));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
|
|||||||
@ -43,7 +43,6 @@ public class InstructionDecoder
|
|||||||
|
|
||||||
// Create specialized decoders
|
// Create specialized decoders
|
||||||
_prefixDecoder = new PrefixDecoder();
|
_prefixDecoder = new PrefixDecoder();
|
||||||
new ModRMDecoder(this);
|
|
||||||
|
|
||||||
// Create the instruction handler factory
|
// Create the instruction handler factory
|
||||||
_handlerFactory = new InstructionHandlerFactory(_codeBuffer, this, _length);
|
_handlerFactory = new InstructionHandlerFactory(_codeBuffer, this, _length);
|
||||||
@ -101,7 +100,7 @@ public class InstructionDecoder
|
|||||||
|
|
||||||
Printer.WriteLine?.Invoke($"Resolved handler {handler?.GetType().Name}");
|
Printer.WriteLine?.Invoke($"Resolved handler {handler?.GetType().Name}");
|
||||||
|
|
||||||
bool handlerSuccess = false;
|
bool handlerSuccess;
|
||||||
|
|
||||||
// Try to decode with a handler first
|
// Try to decode with a handler first
|
||||||
if (handler != null)
|
if (handler != null)
|
||||||
@ -115,6 +114,11 @@ public class InstructionDecoder
|
|||||||
// Decode the instruction
|
// Decode the instruction
|
||||||
handlerSuccess = handler.Decode(opcode, instruction);
|
handlerSuccess = handler.Decode(opcode, instruction);
|
||||||
|
|
||||||
|
if (!handlerSuccess)
|
||||||
|
{
|
||||||
|
Printer.WriteLine?.Invoke($"Handler {handler.GetType().Name} failed!");
|
||||||
|
}
|
||||||
|
|
||||||
// Apply segment override prefix to the structured operands if needed
|
// Apply segment override prefix to the structured operands if needed
|
||||||
if (handlerSuccess && hasSegmentOverride)
|
if (handlerSuccess && hasSegmentOverride)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -77,7 +77,7 @@ public class ModRMDecoder
|
|||||||
if (_decoder.CanReadByte())
|
if (_decoder.CanReadByte())
|
||||||
{
|
{
|
||||||
byte sib = _decoder.ReadByte();
|
byte sib = _decoder.ReadByte();
|
||||||
return _sibDecoder.DecodeSIB(sib, 0, operandSize);
|
return _sibDecoder.DecodeSIB(sib, 0, operandSize, mod);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallback for incomplete data
|
// Fallback for incomplete data
|
||||||
@ -95,7 +95,7 @@ public class ModRMDecoder
|
|||||||
{
|
{
|
||||||
byte sib = _decoder.ReadByte();
|
byte sib = _decoder.ReadByte();
|
||||||
sbyte disp8 = (sbyte)(_decoder.CanReadByte() ? _decoder.ReadByte() : 0);
|
sbyte disp8 = (sbyte)(_decoder.CanReadByte() ? _decoder.ReadByte() : 0);
|
||||||
return _sibDecoder.DecodeSIB(sib, (uint)disp8, operandSize);
|
return _sibDecoder.DecodeSIB(sib, (uint)disp8, operandSize, mod);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallback for incomplete data
|
// Fallback for incomplete data
|
||||||
@ -108,6 +108,7 @@ public class ModRMDecoder
|
|||||||
sbyte disp8 = (sbyte)_decoder.ReadByte();
|
sbyte disp8 = (sbyte)_decoder.ReadByte();
|
||||||
|
|
||||||
// Always create a displacement memory operand for mod=1, even if displacement is 0
|
// Always create a displacement memory operand for mod=1, even if displacement is 0
|
||||||
|
// This ensures we show exactly what's encoded in the ModR/M byte
|
||||||
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, disp8, operandSize);
|
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, disp8, operandSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -123,7 +124,7 @@ public class ModRMDecoder
|
|||||||
{
|
{
|
||||||
byte sib = _decoder.ReadByte();
|
byte sib = _decoder.ReadByte();
|
||||||
uint disp32 = _decoder.ReadUInt32();
|
uint disp32 = _decoder.ReadUInt32();
|
||||||
return _sibDecoder.DecodeSIB(sib, disp32, operandSize);
|
return _sibDecoder.DecodeSIB(sib, disp32, operandSize, mod);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Fallback for incomplete data
|
// Fallback for incomplete data
|
||||||
@ -143,11 +144,7 @@ public class ModRMDecoder
|
|||||||
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
|
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only show displacement if it's not zero
|
// Always include the displacement, even if it's zero, to match the encoding
|
||||||
if (disp32 == 0)
|
|
||||||
{
|
|
||||||
return OperandFactory.CreateBaseRegisterMemoryOperand(rmIndex, operandSize);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Cast to long to preserve the unsigned value for large displacements
|
// Cast to long to preserve the unsigned value for large displacements
|
||||||
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
|
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
|
||||||
|
|||||||
@ -24,8 +24,9 @@ public class SIBDecoder
|
|||||||
/// <param name="sib">The SIB byte</param>
|
/// <param name="sib">The SIB byte</param>
|
||||||
/// <param name="displacement">The displacement value</param>
|
/// <param name="displacement">The displacement value</param>
|
||||||
/// <param name="operandSize">The size of the operand in bits (8, 16, 32, or 64)</param>
|
/// <param name="operandSize">The size of the operand in bits (8, 16, 32, or 64)</param>
|
||||||
|
/// <param name="mod">The mod field from the ModR/M byte</param>
|
||||||
/// <returns>The decoded SIB operand</returns>
|
/// <returns>The decoded SIB operand</returns>
|
||||||
public Operand DecodeSIB(byte sib, uint displacement, int operandSize)
|
public Operand DecodeSIB(byte sib, uint displacement, int operandSize, byte mod = 0)
|
||||||
{
|
{
|
||||||
// Extract fields from SIB byte
|
// Extract fields from SIB byte
|
||||||
byte scale = (byte)((sib & Constants.SIB_SCALE_MASK) >> 6);
|
byte scale = (byte)((sib & Constants.SIB_SCALE_MASK) >> 6);
|
||||||
@ -39,8 +40,8 @@ public class SIBDecoder
|
|||||||
// Special case: ESP/SP (4) in index field means no index register
|
// Special case: ESP/SP (4) in index field means no index register
|
||||||
if (index == RegisterIndex.Sp)
|
if (index == RegisterIndex.Sp)
|
||||||
{
|
{
|
||||||
// Special case: EBP/BP (5) in base field with no displacement means disp32 only
|
// Special case: EBP/BP (5) in base field with mod=00 means disp32 only
|
||||||
if (@base == RegisterIndex.Bp && displacement == 0)
|
if (@base == RegisterIndex.Bp && mod == 0)
|
||||||
{
|
{
|
||||||
if (_decoder.CanReadUInt())
|
if (_decoder.CanReadUInt())
|
||||||
{
|
{
|
||||||
@ -56,16 +57,12 @@ public class SIBDecoder
|
|||||||
}
|
}
|
||||||
|
|
||||||
// When index is ESP (no index), we just have a base register with optional displacement
|
// When index is ESP (no index), we just have a base register with optional displacement
|
||||||
if (displacement == 0)
|
// Always include the displacement, even if it's zero, to match the encoding
|
||||||
{
|
|
||||||
return OperandFactory.CreateBaseRegisterMemoryOperand(@base, operandSize);
|
|
||||||
}
|
|
||||||
|
|
||||||
return OperandFactory.CreateDisplacementMemoryOperand(@base, (int)displacement, operandSize);
|
return OperandFactory.CreateDisplacementMemoryOperand(@base, (int)displacement, operandSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Special case: EBP/BP (5) in base field with no displacement means disp32 only
|
// Special case: EBP/BP (5) in base field with mod=00 means disp32 only
|
||||||
if (@base == RegisterIndex.Bp && displacement == 0)
|
if (@base == RegisterIndex.Bp && mod == 0 && displacement == 0)
|
||||||
{
|
{
|
||||||
if (_decoder.CanReadUInt())
|
if (_decoder.CanReadUInt())
|
||||||
{
|
{
|
||||||
@ -98,6 +95,22 @@ public class SIBDecoder
|
|||||||
operandSize);
|
operandSize);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Special case: When base is EBP/BP and mod is 01 or 10
|
||||||
|
// This is a special case in x86 addressing.
|
||||||
|
if (@base == RegisterIndex.Bp && (mod == 1 || mod == 2))
|
||||||
|
{
|
||||||
|
int scaleFactorBp = 1 << scale; // 1, 2, 4, or 8
|
||||||
|
|
||||||
|
// Always include the displacement for EBP, even if it's zero
|
||||||
|
// This ensures we show exactly what's encoded in the ModR/M and SIB bytes
|
||||||
|
return OperandFactory.CreateScaledIndexMemoryOperand(
|
||||||
|
index,
|
||||||
|
scaleFactorBp,
|
||||||
|
@base,
|
||||||
|
(int)displacement,
|
||||||
|
operandSize);
|
||||||
|
}
|
||||||
|
|
||||||
// Normal case with base and index registers
|
// Normal case with base and index registers
|
||||||
int scaleFactor = 1 << scale; // 1, 2, 4, or 8
|
int scaleFactor = 1 << scale; // 1, 2, 4, or 8
|
||||||
|
|
||||||
|
|||||||
@ -111,9 +111,9 @@ public class XorInstructionTests
|
|||||||
|
|
||||||
// Check the first operand (AL)
|
// Check the first operand (AL)
|
||||||
var alOperand = instruction.StructuredOperands[0];
|
var alOperand = instruction.StructuredOperands[0];
|
||||||
Assert.IsType<RegisterOperand>(alOperand);
|
Assert.IsType<Register8Operand>(alOperand);
|
||||||
var registerOperand = (RegisterOperand)alOperand;
|
var registerOperand = (Register8Operand)alOperand;
|
||||||
Assert.Equal(RegisterIndex.A, registerOperand.Register);
|
Assert.Equal(RegisterIndex8.AL, registerOperand.Register);
|
||||||
Assert.Equal(8, registerOperand.Size); // Validate that it's an 8-bit register (AL)
|
Assert.Equal(8, registerOperand.Size); // Validate that it's an 8-bit register (AL)
|
||||||
|
|
||||||
// Check the second operand (immediate value)
|
// Check the second operand (immediate value)
|
||||||
|
|||||||
@ -4,7 +4,7 @@ RawBytes;Instructions
|
|||||||
04AA;[{ "Type": "Add", "Operands": ["al", "0xAA"] }]
|
04AA;[{ "Type": "Add", "Operands": ["al", "0xAA"] }]
|
||||||
80C1AA;[{ "Type": "Add", "Operands": ["cl", "0xAA"] }]
|
80C1AA;[{ "Type": "Add", "Operands": ["cl", "0xAA"] }]
|
||||||
8000AA;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "0xAA"] }]
|
8000AA;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "0xAA"] }]
|
||||||
805310AA;[{ "Type": "Add", "Operands": ["byte ptr [ebx+0x10]", "0xAA"] }]
|
804310AA;[{ "Type": "Add", "Operands": ["byte ptr [ebx+0x10]", "0xAA"] }]
|
||||||
00D8;[{ "Type": "Add", "Operands": ["al", "bl"] }]
|
00D8;[{ "Type": "Add", "Operands": ["al", "bl"] }]
|
||||||
0018;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "bl"] }]
|
0018;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "bl"] }]
|
||||||
0218;[{ "Type": "Add", "Operands": ["bl", "byte ptr [eax]"] }]
|
0218;[{ "Type": "Add", "Operands": ["bl", "byte ptr [eax]"] }]
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 4 and column 9.
|
@ -10,7 +10,7 @@ RawBytes;Instructions
|
|||||||
20D8;[{ "Type": "And", "Operands": ["al", "bl"] }]
|
20D8;[{ "Type": "And", "Operands": ["al", "bl"] }]
|
||||||
2018;[{ "Type": "And", "Operands": ["byte ptr [eax]", "bl"] }]
|
2018;[{ "Type": "And", "Operands": ["byte ptr [eax]", "bl"] }]
|
||||||
2218;[{ "Type": "And", "Operands": ["bl", "byte ptr [eax]"] }]
|
2218;[{ "Type": "And", "Operands": ["bl", "byte ptr [eax]"] }]
|
||||||
800488AA;[{ "Type": "And", "Operands": ["byte ptr [eax+ecx*4]", "0xAA"] }]
|
802488AA;[{ "Type": "And", "Operands": ["byte ptr [eax+ecx*4]", "0xAA"] }]
|
||||||
|
|
||||||
# 16-bit AND (with 66 prefix)
|
# 16-bit AND (with 66 prefix)
|
||||||
6625AA00;[{ "Type": "And", "Operands": ["ax", "0xAA"] }]
|
6625AA00;[{ "Type": "And", "Operands": ["ax", "0xAA"] }]
|
||||||
@ -22,7 +22,7 @@ RawBytes;Instructions
|
|||||||
6621D8;[{ "Type": "And", "Operands": ["ax", "bx"] }]
|
6621D8;[{ "Type": "And", "Operands": ["ax", "bx"] }]
|
||||||
662118;[{ "Type": "And", "Operands": ["word ptr [eax]", "bx"] }]
|
662118;[{ "Type": "And", "Operands": ["word ptr [eax]", "bx"] }]
|
||||||
662318;[{ "Type": "And", "Operands": ["bx", "word ptr [eax]"] }]
|
662318;[{ "Type": "And", "Operands": ["bx", "word ptr [eax]"] }]
|
||||||
66810488AA00;[{ "Type": "And", "Operands": ["word ptr [eax+ecx*4]", "0xAA"] }]
|
66812488AA00;[{ "Type": "And", "Operands": ["word ptr [eax+ecx*4]", "0xAA"] }]
|
||||||
|
|
||||||
# 32-bit AND
|
# 32-bit AND
|
||||||
25AA000000;[{ "Type": "And", "Operands": ["eax", "0xAA"] }]
|
25AA000000;[{ "Type": "And", "Operands": ["eax", "0xAA"] }]
|
||||||
@ -34,9 +34,9 @@ RawBytes;Instructions
|
|||||||
21D8;[{ "Type": "And", "Operands": ["eax", "ebx"] }]
|
21D8;[{ "Type": "And", "Operands": ["eax", "ebx"] }]
|
||||||
2118;[{ "Type": "And", "Operands": ["dword ptr [eax]", "ebx"] }]
|
2118;[{ "Type": "And", "Operands": ["dword ptr [eax]", "ebx"] }]
|
||||||
2318;[{ "Type": "And", "Operands": ["ebx", "dword ptr [eax]"] }]
|
2318;[{ "Type": "And", "Operands": ["ebx", "dword ptr [eax]"] }]
|
||||||
810488AA000000;[{ "Type": "And", "Operands": ["dword ptr [eax+ecx*4]", "0xAA"] }]
|
812488AA000000;[{ "Type": "And", "Operands": ["dword ptr [eax+ecx*4]", "0xAA"] }]
|
||||||
|
|
||||||
# Complex addressing modes
|
# Complex addressing modes
|
||||||
20A314285600;[{ "Type": "And", "Operands": ["byte ptr [ebx+0x562814]", "ah"] }]
|
20A314285600;[{ "Type": "And", "Operands": ["byte ptr [ebx+0x00562814]", "ah"] }]
|
||||||
6621B310203040;[{ "Type": "And", "Operands": ["word ptr [ebx+0x40302010]", "si"] }]
|
6621B310203040;[{ "Type": "And", "Operands": ["word ptr [ebx+0x40302010]", "si"] }]
|
||||||
230C8D10203040;[{ "Type": "And", "Operands": ["ecx", "dword ptr [ebp*4+0x40302010]"] }]
|
230CAD10203040;[{ "Type": "And", "Operands": ["ecx", "dword ptr [ebp*4+0x40302010]"] }]
|
||||||
|
Can't render this file because it contains an unexpected character in line 4 and column 9.
|
@ -31,4 +31,4 @@ F738;[{ "Type": "IDiv", "Operands": ["dword ptr [eax]"] }]
|
|||||||
|
|
||||||
# The correct encoding for "IDIV dword ptr [eax+0x10]" would be F74010 (with Mod=01, R/M=0 for EAX, disp8=0x10)
|
# The correct encoding for "IDIV dword ptr [eax+0x10]" would be F74010 (with Mod=01, R/M=0 for EAX, disp8=0x10)
|
||||||
# F73C2510000000;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
|
# F73C2510000000;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
|
||||||
F74010;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
|
F77810;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 9.
|
@ -37,7 +37,7 @@ RawBytes;Instructions
|
|||||||
8D47F0;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [edi-0x10]"] }]
|
8D47F0;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [edi-0x10]"] }]
|
||||||
|
|
||||||
# LEA r32, m (opcode 8D) with SIB byte (no displacement)
|
# LEA r32, m (opcode 8D) with SIB byte (no displacement)
|
||||||
8D0424;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [esp]"] }]
|
8D0424;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [esp+0x00]"] }]
|
||||||
|
|
||||||
# SPECIAL CASE: The following encodings with EBP as base register have special rules.
|
# SPECIAL CASE: The following encodings with EBP as base register have special rules.
|
||||||
# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
|
# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 9.
|
@ -7,8 +7,8 @@ RawBytes;Instructions
|
|||||||
8F01;[{ "Type": "Pop", "Operands": ["dword ptr [ecx]"] }]
|
8F01;[{ "Type": "Pop", "Operands": ["dword ptr [ecx]"] }]
|
||||||
8F02;[{ "Type": "Pop", "Operands": ["dword ptr [edx]"] }]
|
8F02;[{ "Type": "Pop", "Operands": ["dword ptr [edx]"] }]
|
||||||
8F03;[{ "Type": "Pop", "Operands": ["dword ptr [ebx]"] }]
|
8F03;[{ "Type": "Pop", "Operands": ["dword ptr [ebx]"] }]
|
||||||
8F0424;[{ "Type": "Pop", "Operands": ["dword ptr [esp]"] }]
|
8F0424;[{ "Type": "Pop", "Operands": ["dword ptr [esp+0x00]"] }]
|
||||||
88F4500;[{ "Type": "Pop", "Operands": ["dword ptr [ebp]"] }]
|
8F4500;[{ "Type": "Pop", "Operands": ["dword ptr [ebp+0x00]"] }]
|
||||||
8F06;[{ "Type": "Pop", "Operands": ["dword ptr [esi]"] }]
|
8F06;[{ "Type": "Pop", "Operands": ["dword ptr [esi]"] }]
|
||||||
8F07;[{ "Type": "Pop", "Operands": ["dword ptr [edi]"] }]
|
8F07;[{ "Type": "Pop", "Operands": ["dword ptr [edi]"] }]
|
||||||
|
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 9.
|
@ -7,8 +7,8 @@ FF30;[{ "Type": "Push", "Operands": ["dword ptr [eax]"] }]
|
|||||||
FF31;[{ "Type": "Push", "Operands": ["dword ptr [ecx]"] }]
|
FF31;[{ "Type": "Push", "Operands": ["dword ptr [ecx]"] }]
|
||||||
FF32;[{ "Type": "Push", "Operands": ["dword ptr [edx]"] }]
|
FF32;[{ "Type": "Push", "Operands": ["dword ptr [edx]"] }]
|
||||||
FF33;[{ "Type": "Push", "Operands": ["dword ptr [ebx]"] }]
|
FF33;[{ "Type": "Push", "Operands": ["dword ptr [ebx]"] }]
|
||||||
FF3424;[{ "Type": "Push", "Operands": ["dword ptr [esp]"] }]
|
FF3424;[{ "Type": "Push", "Operands": ["dword ptr [esp+0x00]"] }]
|
||||||
FF7500;[{ "Type": "Push", "Operands": ["dword ptr [ebp]"] }]
|
FF7500;[{ "Type": "Push", "Operands": ["dword ptr [ebp+0x00]"] }]
|
||||||
FF36;[{ "Type": "Push", "Operands": ["dword ptr [esi]"] }]
|
FF36;[{ "Type": "Push", "Operands": ["dword ptr [esi]"] }]
|
||||||
FF37;[{ "Type": "Push", "Operands": ["dword ptr [edi]"] }]
|
FF37;[{ "Type": "Push", "Operands": ["dword ptr [edi]"] }]
|
||||||
|
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 9.
|
@ -6,10 +6,10 @@ RawBytes;Instructions
|
|||||||
C3;[{ "Type": "Ret", "Operands": [] }]
|
C3;[{ "Type": "Ret", "Operands": [] }]
|
||||||
|
|
||||||
# RET imm16 (opcode C2) - Near return to calling procedure and pop imm16 bytes from stack
|
# RET imm16 (opcode C2) - Near return to calling procedure and pop imm16 bytes from stack
|
||||||
C20000;[{ "Type": "Ret", "Operands": ["0x0000"] }]
|
C20000;[{ "Type": "Ret", "Operands": ["0x00"] }]
|
||||||
C20400;[{ "Type": "Ret", "Operands": ["0x0004"] }]
|
C20400;[{ "Type": "Ret", "Operands": ["0x04"] }]
|
||||||
C20800;[{ "Type": "Ret", "Operands": ["0x0008"] }]
|
C20800;[{ "Type": "Ret", "Operands": ["0x08"] }]
|
||||||
C21000;[{ "Type": "Ret", "Operands": ["0x0010"] }]
|
C21000;[{ "Type": "Ret", "Operands": ["0x10"] }]
|
||||||
C2FFFF;[{ "Type": "Ret", "Operands": ["0xFFFF"] }]
|
C2FFFF;[{ "Type": "Ret", "Operands": ["0xFFFF"] }]
|
||||||
|
|
||||||
# RETF (opcode CB) - Far return to calling procedure
|
# RETF (opcode CB) - Far return to calling procedure
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 7.
|
@ -3,50 +3,50 @@
|
|||||||
RawBytes;Instructions
|
RawBytes;Instructions
|
||||||
|
|
||||||
# MOVS - Move string
|
# MOVS - Move string
|
||||||
A4;[{ "Type": "MovsB", "Operands": [] }]
|
A4;[{ "Type": "MovsB", "Operands": ["byte ptr es:[edi]", "byte ptr ds:[esi]"] }]
|
||||||
A5;[{ "Type": "MovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
A5;[{ "Type": "MovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
||||||
66A5;[{ "Type": "MovsW", "Operands": [] }]
|
66A5;[{ "Type": "MovsW", "Operands": ["word ptr es:[edi]", "byte ptr es:[esi]"] }]
|
||||||
|
|
||||||
# CMPS - Compare string
|
# CMPS - Compare string
|
||||||
A6;[{ "Type": "CmpsB", "Operands": [] }]
|
A6;[{ "Type": "CmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
|
||||||
A7;[{ "Type": "CmpsD", "Operands": [] }]
|
A7;[{ "Type": "CmpsD", "Operands": ["dword ptr es:[esi]", "dword ptr es:[edi]"] }]
|
||||||
66A7;[{ "Type": "CmpsW", "Operands": [] }]
|
66A7;[{ "Type": "CmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
|
||||||
|
|
||||||
# SCAS - Scan string
|
# SCAS - Scan string
|
||||||
AE;[{ "Type": "ScasB", "Operands": [] }]
|
AE;[{ "Type": "ScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
|
||||||
AF;[{ "Type": "ScasD", "Operands": [] }]
|
AF;[{ "Type": "ScasD", "Operands": ["eax", "dword ptr es:[edi]"] }]
|
||||||
66AF;[{ "Type": "ScasW", "Operands": [] }]
|
66AF;[{ "Type": "ScasW", "Operands": ["ax", "word ptr es:[edi]"] }]
|
||||||
|
|
||||||
# LODS - Load string
|
# LODS - Load string
|
||||||
AC;[{ "Type": "LodsB", "Operands": [] }]
|
AC;[{ "Type": "LodsB", "Operands": ["al", "byte ptr es:[esi]"] }]
|
||||||
AD;[{ "Type": "LodsD", "Operands": [] }]
|
AD;[{ "Type": "LodsD", "Operands": ["eax", "dword ptr es:[esi]"] }]
|
||||||
66AD;[{ "Type": "LodsW", "Operands": [] }]
|
66AD;[{ "Type": "LodsW", "Operands": ["ax", "byte ptr es:[esi]"] }]
|
||||||
|
|
||||||
# STOS - Store string
|
# STOS - Store string
|
||||||
AA;[{ "Type": "StosB", "Operands": [] }]
|
AA;[{ "Type": "StosB", "Operands": ["byte ptr es:[edi]", "al"] }]
|
||||||
AB;[{ "Type": "StosD", "Operands": [] }]
|
AB;[{ "Type": "StosD", "Operands": ["dword ptr es:[edi]", "eax"] }]
|
||||||
66AB;[{ "Type": "StosW", "Operands": [] }]
|
66AB;[{ "Type": "StosW", "Operands": ["word ptr es:[edi]", "ax"] }]
|
||||||
|
|
||||||
# REP prefix with string instructions
|
# REP prefix with string instructions
|
||||||
F3A4;[{ "Type": "RepMovsB", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
F3A4;[{ "Type": "RepMovsB", "Operands": ["byte ptr es:[edi]", "byte ptr ds:[esi]"] }]
|
||||||
F3A5;[{ "Type": "RepMovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
F3A5;[{ "Type": "RepMovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
||||||
F366A5;[{ "Type": "RepMovsW", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
|
F366A5;[{ "Type": "RepMovsW", "Operands": ["word ptr es:[edi]", "word ptr ds:[esi]"] }]
|
||||||
F3AA;[{ "Type": "RepStosB", "Operands": ["dword ptr es:[edi]"] }]
|
F3AA;[{ "Type": "RepStosB", "Operands": ["byte ptr es:[edi]", "al"] }]
|
||||||
F3AB;[{ "Type": "RepStosD", "Operands": ["dword ptr es:[edi]"] }]
|
F3AB;[{ "Type": "RepStosD", "Operands": ["dword ptr es:[edi]", "eax"] }]
|
||||||
F366AB;[{ "Type": "RepStosW", "Operands": ["dword ptr es:[edi]"] }]
|
F366AB;[{ "Type": "RepStosW", "Operands": ["word ptr es:[edi]", "ax"] }]
|
||||||
|
|
||||||
# REPE/REPZ prefix with string instructions
|
# REPE/REPZ prefix with string instructions
|
||||||
F3A6;[{ "Type": "RepeCmpsB", "Operands": [] }]
|
F3A6;[{ "Type": "RepeCmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
|
||||||
F3A7;[{ "Type": "RepeCmpsD", "Operands": [] }]
|
F3A7;[{ "Type": "RepeCmpsD", "Operands": ["dword ptr es:[esi]", "byte ptr es:[edi]"] }]
|
||||||
F366A7;[{ "Type": "RepeCmpsW", "Operands": [] }]
|
F366A7;[{ "Type": "RepeCmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
|
||||||
F3AE;[{ "Type": "RepScasB", "Operands": [] }]
|
F3AE;[{ "Type": "RepScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
|
||||||
F3AF;[{ "Type": "RepScasD", "Operands": [] }]
|
F3AF;[{ "Type": "RepScasD", "Operands": ["eax", "dword ptr es:[edi]"] }]
|
||||||
F366AF;[{ "Type": "RepScasW", "Operands": [] }]
|
F366AF;[{ "Type": "RepScasW", "Operands": ["ax", "word ptr es:[edi]"] }]
|
||||||
|
|
||||||
# REPNE/REPNZ prefix with string instructions
|
# REPNE/REPNZ prefix with string instructions
|
||||||
F2A6;[{ "Type": "RepneCmpsB", "Operands": [] }]
|
F2A6;[{ "Type": "RepneCmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
|
||||||
F2A7;[{ "Type": "RepneCmpsD", "Operands": [] }]
|
F2A7;[{ "Type": "RepneCmpsD", "Operands": ["dword ptr es:[esi]", "dword ptr es:[edi]"] }]
|
||||||
F266A7;[{ "Type": "RepneCmpsW", "Operands": [] }]
|
F266A7;[{ "Type": "RepneCmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
|
||||||
F2AE;[{ "Type": "RepneScasB", "Operands": [] }]
|
F2AE;[{ "Type": "RepneScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
|
||||||
F2AF;[{ "Type": "RepneScasD", "Operands": [] }]
|
F2AF;[{ "Type": "RepneScasD", "Operands": ["eax", "byte ptr es:[edi]"] }]
|
||||||
F266AF;[{ "Type": "RepneScasW", "Operands": [] }]
|
F266AF;[{ "Type": "RepneScasW", "Operands": ["eax", "byte ptr es:[edi]"] }]
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 7.
|
@ -21,4 +21,4 @@ F7C378563412;[{ "Type": "Test", "Operands": ["ebx", "0x12345678"] }]
|
|||||||
# TEST with memory operands
|
# TEST with memory operands
|
||||||
F60042;[{ "Type": "Test", "Operands": ["byte ptr [eax]", "0x42"] }]
|
F60042;[{ "Type": "Test", "Operands": ["byte ptr [eax]", "0x42"] }]
|
||||||
F70078563412;[{ "Type": "Test", "Operands": ["dword ptr [eax]", "0x12345678"] }]
|
F70078563412;[{ "Type": "Test", "Operands": ["dword ptr [eax]", "0x12345678"] }]
|
||||||
854510;[{ "Type": "Test", "Operands": ["dword ptr [eax+0x10]", "eax"] }]
|
854510;[{ "Type": "Test", "Operands": ["dword ptr [ebp+0x10]", "eax"] }]
|
||||||
|
|||||||
|
Can't render this file because it contains an unexpected character in line 6 and column 11.
|
Loading…
x
Reference in New Issue
Block a user