mirrors/ParkanPlayground
0
Fork 0
mirror of https://github.com/sampletext32/ParkanPlayground.git synced 2025-05-21 21:01:17 +03:00
Code Issues Releases Activity

remove more special cases. use standardized api

Browse Source
This commit is contained in:
bird_egop 2025-04-14 01:52:33 +03:00
parent c9e854a663
commit 157171fa90
7 changed files with 247 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

296
X86Disassembler/X86/Disassembler.cs
View File

@ -61,6 +61,140 @@ public class Disassembler
}; };
} }
/// <summary>
/// Handles the special case of segment override prefixes followed by FF 75 XX (PUSH dword ptr [ebp+XX])
/// </summary>
/// <param name="decoder">The instruction decoder</param>
/// <param name="position">The current position in the buffer</param>
/// <returns>The special instruction, or null if not applicable</returns>
private Instruction? HandleSegmentPushSpecialCase(InstructionDecoder decoder, int position)
{
// Check if we have the pattern: segment prefix + FF 75 XX
if (position + 3 < _length &&
IsSegmentOverridePrefix(_codeBuffer[position]) &&
_codeBuffer[position + 1] == 0xFF &&
_codeBuffer[position + 2] == 0x75)
{
byte segmentPrefix = _codeBuffer[position];
byte displacement = _codeBuffer[position + 3];
// Create a special instruction for this case
string segmentName = GetSegmentOverrideName(segmentPrefix);
Instruction specialInstruction = new Instruction
{
Address = _baseAddress + (uint)position,
Mnemonic = "push",
Operands = $"dword ptr {segmentName}:[ebp+0x{displacement:X2}]",
RawBytes = new byte[] { segmentPrefix, 0xFF, 0x75, displacement }
};
// Skip past this instruction
decoder.SetPosition(position + 4);
return specialInstruction;
}
return null;
}
/// <summary>
/// Handles the special case of segment override prefixes
/// </summary>
/// <param name="decoder">The instruction decoder</param>
/// <param name="position">The current position in the buffer</param>
/// <returns>The instruction with segment override, or null if not applicable</returns>
private Instruction? HandleSegmentOverridePrefix(InstructionDecoder decoder, int position)
{
// If the current byte is a segment override prefix and we have at least 2 bytes
if (position + 1 < _length && IsSegmentOverridePrefix(_codeBuffer[position]))
{
// Save the current position to restore it later if needed
int savedPosition = position;
// Decode the instruction normally
Instruction? prefixedInstruction = decoder.DecodeInstruction();
// If decoding failed or produced more than one instruction, try again with special handling
if (prefixedInstruction == null || prefixedInstruction.Operands == "??")
{
// Restore the position
decoder.SetPosition(savedPosition);
// Get the segment override prefix
byte segmentPrefix = _codeBuffer[position++];
// Skip the prefix and decode the rest of the instruction
decoder.SetPosition(position);
// Decode the instruction without the prefix
Instruction? baseInstruction = decoder.DecodeInstruction();
if (baseInstruction != null)
{
// Apply the segment override prefix manually
string segmentOverride = GetSegmentOverrideName(segmentPrefix);
// Apply the segment override to the operands
if (baseInstruction.Operands.Contains("["))
{
baseInstruction.Operands = baseInstruction.Operands.Replace("[", $"{segmentOverride}:[");
}
// Update the raw bytes to include the prefix
byte[] newRawBytes = new byte[baseInstruction.RawBytes.Length + 1];
newRawBytes[0] = segmentPrefix;
Array.Copy(baseInstruction.RawBytes, 0, newRawBytes, 1, baseInstruction.RawBytes.Length);
baseInstruction.RawBytes = newRawBytes;
// Adjust the instruction address to include the base address
baseInstruction.Address = (uint)(savedPosition) + _baseAddress;
return baseInstruction;
}
}
else
{
// Adjust the instruction address to include the base address
prefixedInstruction.Address += _baseAddress;
return prefixedInstruction;
}
}
return null;
}
/// <summary>
/// Handles the special case for the problematic sequence 0x08 0x83 0xC1 0x04
/// </summary>
/// <param name="decoder">The instruction decoder</param>
/// <param name="position">The current position in the buffer</param>
/// <returns>The special instruction, or null if not applicable</returns>
private Instruction? HandleSpecialSequence(InstructionDecoder decoder, int position)
{
// Special case for the problematic sequence 0x08 0x83 0xC1 0x04
if (position == 0 && _length >= 4 &&
_codeBuffer[0] == 0x08 && _codeBuffer[1] == 0x83 &&
_codeBuffer[2] == 0xC1 && _codeBuffer[3] == 0x04)
{
// Handle the first instruction (0x08) - OR instruction with incomplete operands
Instruction orInstruction = new Instruction
{
Address = _baseAddress,
Mnemonic = "or",
Operands = "??",
RawBytes = new byte[] { 0x08 }
};
// Advance the position to the next instruction
decoder.SetPosition(1);
return orInstruction;
}
return null;
}
/// <summary> /// <summary>
/// Disassembles the code buffer and returns the disassembled instructions /// Disassembles the code buffer and returns the disassembled instructions
/// </summary> /// </summary>
@ -78,157 +212,37 @@ public class Disassembler
int position = decoder.GetPosition(); int position = decoder.GetPosition();
// Check if we've reached the end of the buffer // Check if we've reached the end of the buffer
if (position >= _length) if (!decoder.CanReadByte())
{ {
break; break;
} }
// Special case for segment override prefixes followed by FF 75 XX (PUSH dword ptr [ebp+XX]) // If no special case applies, decode normally
if (position + 3 < _length &&
IsSegmentOverridePrefix(_codeBuffer[position]) &&
_codeBuffer[position + 1] == 0xFF &&
_codeBuffer[position + 2] == 0x75)
{
byte segmentPrefix = _codeBuffer[position];
byte displacement = _codeBuffer[position + 3];
// Create a special instruction for this case
string segmentName = GetSegmentOverrideName(segmentPrefix);
Instruction specialInstruction = new Instruction
{
Address = _baseAddress + (uint)position,
Mnemonic = "push",
Operands = $"dword ptr {segmentName}:[ebp+0x{displacement:X2}]",
RawBytes = new byte[] { segmentPrefix, 0xFF, 0x75, displacement }
};
instructions.Add(specialInstruction);
// Skip past this instruction
decoder.SetPosition(position + 4);
// Continue with the next instruction
continue;
}
// Special case for segment override prefixes
// If the current byte is a segment override prefix and we have at least 2 bytes
if (position + 1 < _length && IsSegmentOverridePrefix(_codeBuffer[position]))
{
// Save the current position to restore it later if needed
int savedPosition = position;
// Decode the instruction normally
Instruction? prefixedInstruction = decoder.DecodeInstruction();
// If decoding failed or produced more than one instruction, try again with special handling
if (prefixedInstruction == null || prefixedInstruction.Operands == "??")
{
// Restore the position
decoder.SetPosition(savedPosition);
// Get the segment override prefix
byte segmentPrefix = _codeBuffer[position++];
// Skip the prefix and decode the rest of the instruction
decoder.SetPosition(position);
// Decode the instruction without the prefix
Instruction? baseInstruction = decoder.DecodeInstruction();
if (baseInstruction != null)
{
// Apply the segment override prefix manually
string segmentOverride = GetSegmentOverrideName(segmentPrefix);
// Apply the segment override to the operands
if (baseInstruction.Operands.Contains("["))
{
baseInstruction.Operands = baseInstruction.Operands.Replace("[", $"{segmentOverride}:[");
}
// Update the raw bytes to include the prefix
byte[] newRawBytes = new byte[baseInstruction.RawBytes.Length + 1];
newRawBytes[0] = segmentPrefix;
Array.Copy(baseInstruction.RawBytes, 0, newRawBytes, 1, baseInstruction.RawBytes.Length);
baseInstruction.RawBytes = newRawBytes;
// Adjust the instruction address to include the base address
baseInstruction.Address = (uint)(savedPosition) + _baseAddress;
// Add the instruction to the list
instructions.Add(baseInstruction);
// Continue with the next instruction
continue;
}
}
// If we got here, the normal decoding worked fine
if (prefixedInstruction != null)
{
// Adjust the instruction address to include the base address
prefixedInstruction.Address += _baseAddress;
// Add the instruction to the list
instructions.Add(prefixedInstruction);
}
// Continue with the next instruction
continue;
}
// Special case for the problematic sequence 0x08 0x83 0xC1 0x04
// If we're at position 0 and have at least 4 bytes, and the sequence matches
if (position == 0 && _length >= 4 &&
_codeBuffer[0] == 0x08 && _codeBuffer[1] == 0x83 &&
_codeBuffer[2] == 0xC1 && _codeBuffer[3] == 0x04)
{
// Handle the first instruction (0x08) - OR instruction with incomplete operands
Instruction orInstruction = new Instruction
{
Address = _baseAddress,
Mnemonic = "or",
Operands = "??",
RawBytes = new byte[] { 0x08 }
};
instructions.Add(orInstruction);
// Advance the position to the next instruction
decoder.SetPosition(1);
// Handle the second instruction (0x83 0xC1 0x04) - ADD ecx, 0x04
Instruction addInstruction = new Instruction
{
Address = _baseAddress + 1,
Mnemonic = "add",
Operands = "ecx, 0x00000004",
RawBytes = new byte[] { 0x83, 0xC1, 0x04 }
};
instructions.Add(addInstruction);
// Advance the position past the ADD instruction
decoder.SetPosition(4);
// Continue with the next instruction
continue;
}
// Decode the next instruction normally
Instruction? instruction = decoder.DecodeInstruction(); Instruction? instruction = decoder.DecodeInstruction();
// Check if decoding failed if (instruction != null)
if (instruction == null)
{ {
break; // Adjust the instruction address to include the base address
instruction.Address += _baseAddress;
// Add the instruction to the list
instructions.Add(instruction);
} }
else
{
// If decoding failed, create a dummy instruction for the unknown byte
byte unknownByte = decoder.ReadByte();
// Adjust the instruction address to include the base address Instruction dummyInstruction = new Instruction
instruction.Address += _baseAddress; {
Address = _baseAddress + (uint)position,
Mnemonic = "db", // Define Byte directive
Operands = $"0x{unknownByte:X2}",
RawBytes = new byte[] { unknownByte }
};
// Add the instruction to the list instructions.Add(dummyInstruction);
instructions.Add(instruction); }
} }
return instructions; return instructions;

30
X86Disassembler/X86/Handlers/Call/CallRm32Handler.cs
View File

@ -1,7 +1,7 @@
namespace X86Disassembler.X86.Handlers.Call; namespace X86Disassembler.X86.Handlers.Call;
/// <summary> /// <summary>
/// Handler for CALL r/m32 instruction (0xFF /2) /// Handler for CALL r/m32 instruction (FF /2)
/// </summary> /// </summary>
public class CallRm32Handler : InstructionHandler public class CallRm32Handler : InstructionHandler
{ {
@ -23,7 +23,26 @@ public class CallRm32Handler : InstructionHandler
/// <returns>True if this handler can decode the opcode</returns> /// <returns>True if this handler can decode the opcode</returns>
public override bool CanHandle(byte opcode) public override bool CanHandle(byte opcode)
{ {
return opcode == 0xFF; // CALL r/m32 is encoded as FF /2
if (opcode != 0xFF)
{
return false;
}
// Check if we have enough bytes to read the ModR/M byte
if (!Decoder.CanReadByte())
{
return false;
}
// Peek at the ModR/M byte without advancing the position
byte modRM = CodeBuffer[Decoder.GetPosition()];
// Extract the reg field (bits 3-5)
byte reg = (byte)((modRM & 0x38) >> 3);
// CALL r/m32 is encoded as FF /2 (reg field = 2)
return reg == 2;
} }
/// <summary> /// <summary>
@ -34,6 +53,7 @@ public class CallRm32Handler : InstructionHandler
/// <returns>True if the instruction was successfully decoded</returns> /// <returns>True if the instruction was successfully decoded</returns>
public override bool Decode(byte opcode, Instruction instruction) public override bool Decode(byte opcode, Instruction instruction)
{ {
// Check if we have enough bytes for the ModR/M byte
if (!Decoder.CanReadByte()) if (!Decoder.CanReadByte())
{ {
return false; return false;
@ -42,12 +62,6 @@ public class CallRm32Handler : InstructionHandler
// Read the ModR/M byte // Read the ModR/M byte
var (mod, reg, rm, destOperand) = ModRMDecoder.ReadModRM(); var (mod, reg, rm, destOperand) = ModRMDecoder.ReadModRM();
// CALL r/m32 is encoded as FF /2
if (reg != RegisterIndex.C)
{
return false;
}
// Set the mnemonic // Set the mnemonic
instruction.Mnemonic = "call"; instruction.Mnemonic = "call";

18
X86Disassembler/X86/Handlers/Cmp/CmpImmWithRm32Handler.cs
View File

@ -50,36 +50,26 @@ public class CmpImmWithRm32Handler : InstructionHandler
// Read the ModR/M byte // Read the ModR/M byte
var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM(); var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
// Get the position after decoding the ModR/M byte // Read the immediate value
int position = Decoder.GetPosition();
// Check if we have enough bytes for the immediate value
if (!Decoder.CanReadUInt()) if (!Decoder.CanReadUInt())
{ {
return false; // Not enough bytes for the immediate value return false;
} }
// Read the immediate value
uint imm32 = Decoder.ReadUInt32(); uint imm32 = Decoder.ReadUInt32();
// Format the destination operand based on addressing mode // Format the destination operand based on addressing mode
string destOperand;
if (mod == 3) // Register addressing mode if (mod == 3) // Register addressing mode
{ {
// Get 32-bit register name // Get 32-bit register name
destOperand = ModRMDecoder.GetRegisterName(rm, 32); memOperand = ModRMDecoder.GetRegisterName(rm, 32);
}
else // Memory addressing mode
{
// Memory operand already includes dword ptr prefix
destOperand = memOperand;
} }
// Format the immediate value // Format the immediate value
string immStr = $"0x{imm32:X8}"; string immStr = $"0x{imm32:X8}";
// Set the operands // Set the operands
instruction.Operands = $"{destOperand}, {immStr}"; instruction.Operands = $"{memOperand}, {immStr}";
return true; return true;
} }

2
X86Disassembler/X86/Handlers/Cmp/CmpImmWithRm32SignExtendedHandler.cs
View File

@ -48,8 +48,6 @@ public class CmpImmWithRm32SignExtendedHandler : InstructionHandler
// Set the mnemonic // Set the mnemonic
instruction.Mnemonic = "cmp"; instruction.Mnemonic = "cmp";
int position = Decoder.GetPosition();
if (!Decoder.CanReadByte()) if (!Decoder.CanReadByte())
{ {
return false; return false;

3
X86Disassembler/X86/Handlers/Cmp/CmpImmWithRm8Handler.cs
View File

@ -51,9 +51,6 @@ public class CmpImmWithRm8Handler : InstructionHandler
// Read the ModR/M byte // Read the ModR/M byte
var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM(); var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
// Get the position after decoding the ModR/M byte
int position = Decoder.GetPosition();
// Check if we have enough bytes for the immediate value // Check if we have enough bytes for the immediate value
if (!Decoder.CanReadByte()) if (!Decoder.CanReadByte())
{ {

28
X86Disassembler/X86/InstructionDecoder.cs
View File

@ -50,7 +50,7 @@ public class InstructionDecoder
/// <returns>The decoded instruction, or null if the decoding failed</returns> /// <returns>The decoded instruction, or null if the decoding failed</returns>
public Instruction? DecodeInstruction() public Instruction? DecodeInstruction()
{ {
if (_position >= _length) if (!CanReadByte())
{ {
return null; return null;
} }
@ -64,11 +64,11 @@ public class InstructionDecoder
// Create a new instruction // Create a new instruction
Instruction instruction = new Instruction Instruction instruction = new Instruction
{ {
Address = (uint)startPosition, Address = (uint) startPosition,
}; };
// Handle prefixes // Handle prefixes
while (_position < _length) while (CanReadByte())
{ {
byte prefix = _codeBuffer[_position]; byte prefix = _codeBuffer[_position];
@ -82,7 +82,7 @@ public class InstructionDecoder
} }
} }
if (_position >= _length) if (!CanReadByte())
{ {
// If we reached the end of the buffer while processing prefixes, // If we reached the end of the buffer while processing prefixes,
// create an instruction with just the prefix information // create an instruction with just the prefix information
@ -103,7 +103,7 @@ public class InstructionDecoder
} }
// Read the opcode // Read the opcode
byte opcode = _codeBuffer[_position++]; byte opcode = ReadByte();
// Get a handler for the opcode // Get a handler for the opcode
var handler = _handlerFactory.GetHandler(opcode); var handler = _handlerFactory.GetHandler(opcode);
@ -128,11 +128,17 @@ public class InstructionDecoder
instruction.Operands = _prefixDecoder.ApplySegmentOverride(instruction.Operands); instruction.Operands = _prefixDecoder.ApplySegmentOverride(instruction.Operands);
} }
} }
else
{
instruction.Mnemonic = "Handler Not Found For opcode: " + opcode;
instruction.Operands = "??";
handlerSuccess = true;
}
// If no handler is found or decoding fails, create a default instruction // If no handler is found or decoding fails, create a default instruction
if (!handlerSuccess) if (!handlerSuccess)
{ {
instruction.Mnemonic = OpcodeMap.GetMnemonic(opcode); instruction.Mnemonic = $"Handler {handler?.GetType().Name} failed for opcode. " + OpcodeMap.GetMnemonic(opcode);
instruction.Operands = "??"; instruction.Operands = "??";
} }
@ -280,7 +286,7 @@ public class InstructionDecoder
return 0; return 0;
} }
ushort value = (ushort)(_codeBuffer[_position] | (_codeBuffer[_position + 1] << 8)); ushort value = (ushort) (_codeBuffer[_position] | (_codeBuffer[_position + 1] << 8));
_position += 2; _position += 2;
return value; return value;
} }
@ -296,10 +302,10 @@ public class InstructionDecoder
return 0; return 0;
} }
uint value = (uint)(_codeBuffer[_position] | uint value = (uint) (_codeBuffer[_position] |
(_codeBuffer[_position + 1] << 8) | (_codeBuffer[_position + 1] << 8) |
(_codeBuffer[_position + 2] << 16) | (_codeBuffer[_position + 2] << 16) |
(_codeBuffer[_position + 3] << 24)); (_codeBuffer[_position + 3] << 24));
_position += 4; _position += 4;
return value; return value;
} }

30
X86DisassemblerTests/InstructionTests/HandlerSelectionTests.cs
View File

@ -16,7 +16,7 @@ public class HandlerSelectionTests
public void InstructionHandlerFactory_DoesNotSelectIncRegHandler_For0x83Opcode() public void InstructionHandlerFactory_DoesNotSelectIncRegHandler_For0x83Opcode()
{ {
// Arrange // Arrange
byte[] codeBuffer = new byte[] { 0x83, 0xC1, 0x04 }; // ADD ecx, 0x04 byte[] codeBuffer = new byte[] {0x83, 0xC1, 0x04}; // ADD ecx, 0x04
var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length); var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
var factory = new InstructionHandlerFactory(codeBuffer, decoder, codeBuffer.Length); var factory = new InstructionHandlerFactory(codeBuffer, decoder, codeBuffer.Length);
@ -27,32 +27,4 @@ public class HandlerSelectionTests
Assert.NotNull(handler); Assert.NotNull(handler);
Assert.IsNotType<IncRegHandler>(handler); Assert.IsNotType<IncRegHandler>(handler);
} }
/// <summary>
/// Tests the specific problematic sequence
/// </summary>
[Fact]
public void InstructionHandlerFactory_HandlesProblematicSequence_Correctly()
{
// Arrange - This is the sequence from the problematic example
byte[] codeBuffer = new byte[] { 0x08, 0x83, 0xC1, 0x04, 0x50, 0xE8, 0x42, 0x01, 0x00, 0x00 };
var disassembler = new Disassembler(codeBuffer, 0);
// Act - Disassemble the entire sequence
var instructions = disassembler.Disassemble();
// Assert - We should have at least 3 instructions
Assert.True(instructions.Count >= 3, $"Expected at least 3 instructions, but got {instructions.Count}");
// First instruction should be OR
Assert.Equal("or", instructions[0].Mnemonic);
// Second instruction should be ADD ecx, imm8
Assert.Equal("add", instructions[1].Mnemonic);
Assert.Equal("ecx, 0x00000004", instructions[1].Operands);
// Third instruction should be PUSH eax
Assert.Equal("push", instructions[2].Mnemonic);
Assert.Equal("eax", instructions[2].Operands);
}
} }