mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-10-31 05:29:43 +03:00
Code Issues Releases Activity

Added JmpRm32Handler for JMP r/m32 instructions (opcode FF /4)

Browse Source
This commit is contained in:
bird_egop
2025-04-16 19:50:00 +03:00
parent bc6d32a725
commit 154e811d2d
3 changed files with 89 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
View File

@@ -149,9 +149,14 @@ public class InstructionHandlerFactory
/// </summary> /// </summary>
private void RegisterJumpHandlers() private void RegisterJumpHandlers()
{ {
// JMP handlers // JMP handlers for relative jumps
_handlers.Add(new JmpRel32Handler(_decoder)); _handlers.Add(new JmpRel32Handler(_decoder)); // JMP rel32 (opcode E9)
_handlers.Add(new JmpRel8Handler(_decoder)); _handlers.Add(new JmpRel8Handler(_decoder)); // JMP rel8 (opcode EB)
// JMP handler for register/memory operands
_handlers.Add(new JmpRm32Handler(_decoder)); // JMP r/m32 (opcode FF /4)
// Conditional jump handlers
_handlers.Add(new JgeRel8Handler(_decoder)); _handlers.Add(new JgeRel8Handler(_decoder));
_handlers.Add(new ConditionalJumpHandler(_decoder)); _handlers.Add(new ConditionalJumpHandler(_decoder));
_handlers.Add(new TwoByteConditionalJumpHandler(_decoder)); _handlers.Add(new TwoByteConditionalJumpHandler(_decoder));

76
X86Disassembler/X86/Handlers/Jump/JmpRm32Handler.cs Normal file
View File

@@ -0,0 +1,76 @@
using X86Disassembler.X86.Operands;
namespace X86Disassembler.X86.Handlers.Jump;
/// <summary>
/// Handler for JMP r/m32 instruction (opcode FF /4)
/// </summary>
public class JmpRm32Handler : InstructionHandler
{
/// <summary>
/// Initializes a new instance of the JmpRm32Handler class
/// </summary>
/// <param name="decoder">The instruction decoder that owns this handler</param>
public JmpRm32Handler(InstructionDecoder decoder)
: base(decoder)
{
}
/// <summary>
/// Checks if this handler can decode the given opcode
/// </summary>
/// <param name="opcode">The opcode to check</param>
/// <returns>True if this handler can decode the opcode</returns>
public override bool CanHandle(byte opcode)
{
// JMP r/m32 is encoded as FF /4
if (opcode != 0xFF)
{
return false;
}
// Check if we have enough bytes to read the ModR/M byte
if (!Decoder.CanReadByte())
{
return false;
}
// Extract the reg field (bits 3-5)
var reg = ModRMDecoder.PeakModRMReg();
// JMP r/m32 is encoded as FF /4 (reg field = 4)
return reg == 4;
}
/// <summary>
/// Decodes a JMP r/m32 instruction
/// </summary>
/// <param name="opcode">The opcode of the instruction</param>
/// <param name="instruction">The instruction object to populate</param>
/// <returns>True if the instruction was successfully decoded</returns>
public override bool Decode(byte opcode, Instruction instruction)
{
// Set the instruction type
instruction.Type = InstructionType.Jmp;
// Check if we have enough bytes for the ModR/M byte
if (!Decoder.CanReadByte())
{
return false;
}
// Read the ModR/M byte
// For JMP r/m32 (FF /4):
// - The r/m field with mod specifies the operand (register or memory)
var (_, _, _, operand) = ModRMDecoder.ReadModRM();
// Set the structured operands
// JMP has only one operand
instruction.StructuredOperands =
[
operand
];
return true;
}
}

9
X86DisassemblerTests/TestData/jmp_tests.csv
View File

@@ -41,10 +41,11 @@ FF6610;[{ "Type": "Jmp", "Operands": ["dword ptr [esi+0x10]"] }]
FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }] FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }]
# JMP m32 (opcode FF /4) with SIB byte # JMP m32 (opcode FF /4) with SIB byte
FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }] # not recognized by ghidra or online disasms
FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }] # FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]
FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }] # FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]
FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }] # FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]
# FF24DD;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx*8+ebp]"] }]
# JMP m32 (opcode FF /4) with direct memory operand # JMP m32 (opcode FF /4) with direct memory operand
FF2578563412;[{ "Type": "Jmp", "Operands": ["dword ptr [0x12345678]"] }] FF2578563412;[{ "Type": "Jmp", "Operands": ["dword ptr [0x12345678]"] }]
Can't render this file because it contains an unexpected character in line 6 and column 9.