mirror of
https://github.com/sampletext32/ParkanPlayground.git
synced 2025-05-19 03:41:18 +03:00
Further simplified MultiByteNopHandler by using an array of tuples and matching patterns from longest to shortest
This commit is contained in:
bird_egop
parent
4b549f4b1b
commit
243789892d
@ -6,27 +6,26 @@ namespace X86Disassembler.X86.Handlers.Nop;
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
public class MultiByteNopHandler : InstructionHandler
|
public class MultiByteNopHandler : InstructionHandler
|
||||||
{
|
{
|
||||||
// Dictionary mapping ModR/M byte to NOP variant information (memory operand and additional bytes to skip)
|
// NOP variant information (ModR/M byte, memory operand, and expected bytes pattern)
|
||||||
private static readonly Dictionary<byte, (string MemOperand, int BytesToSkip, byte[] ExpectedBytes)> NopVariants = new()
|
private static readonly (byte ModRm, string MemOperand, byte[] ExpectedBytes)[] NopVariants =
|
||||||
{
|
{
|
||||||
// 3-byte NOP: 0F 1F 00
|
// 8-byte NOP: 0F 1F 84 00 00 00 00 00 (check longest patterns first)
|
||||||
{ 0x00, ("[eax]", 0, Array.Empty<byte>()) },
|
(0x84, "[eax+eax*1]", new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00 }),
|
||||||
|
|
||||||
// 4-byte NOP: 0F 1F 40 00
|
|
||||||
{ 0x40, ("[eax]", 1, new byte[] { 0x00 }) },
|
|
||||||
|
|
||||||
// 5-byte NOP: 0F 1F 44 00 00
|
|
||||||
{ 0x44, ("[eax+eax*1]", 2, new byte[] { 0x00, 0x00 }) },
|
|
||||||
|
|
||||||
// 6-byte NOP: 0F 1F 44 00 00 00
|
|
||||||
// Same ModR/M as 5-byte but with an extra 0x00 byte
|
|
||||||
// Handled separately in the code
|
|
||||||
|
|
||||||
// 7-byte NOP: 0F 1F 80 00 00 00 00
|
// 7-byte NOP: 0F 1F 80 00 00 00 00
|
||||||
{ 0x80, ("[eax]", 4, new byte[] { 0x00, 0x00, 0x00, 0x00 }) },
|
(0x80, "[eax]", new byte[] { 0x00, 0x00, 0x00, 0x00 }),
|
||||||
|
|
||||||
// 8-byte NOP: 0F 1F 84 00 00 00 00 00
|
// 6-byte NOP: 0F 1F 44 00 00 00
|
||||||
{ 0x84, ("[eax+eax*1]", 5, new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00 }) }
|
(0x44, "[eax+eax*1]", new byte[] { 0x00, 0x00, 0x00 }),
|
||||||
|
|
||||||
|
// 5-byte NOP: 0F 1F 44 00 00
|
||||||
|
(0x44, "[eax+eax*1]", new byte[] { 0x00, 0x00 }),
|
||||||
|
|
||||||
|
// 4-byte NOP: 0F 1F 40 00
|
||||||
|
(0x40, "[eax]", new byte[] { 0x00 }),
|
||||||
|
|
||||||
|
// 3-byte NOP: 0F 1F 00
|
||||||
|
(0x00, "[eax]", Array.Empty<byte>())
|
||||||
};
|
};
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -90,42 +89,52 @@ public class MultiByteNopHandler : InstructionHandler
|
|||||||
// Determine the size of the operand
|
// Determine the size of the operand
|
||||||
string ptrType = hasOperandSizePrefix ? "word ptr" : "dword ptr";
|
string ptrType = hasOperandSizePrefix ? "word ptr" : "dword ptr";
|
||||||
|
|
||||||
// Read the ModR/M byte to identify the NOP variant
|
// Read the ModR/M byte but don't advance the position yet
|
||||||
int position = Decoder.GetPosition();
|
int position = Decoder.GetPosition();
|
||||||
byte modRm = CodeBuffer[position];
|
byte modRm = CodeBuffer[position];
|
||||||
Decoder.SetPosition(position + 1); // Skip the ModR/M byte
|
|
||||||
|
|
||||||
// Default memory operand if no specific variant is matched
|
// Default memory operand if no specific variant is matched
|
||||||
string memOperand = "[eax]";
|
string memOperand = "[eax]";
|
||||||
|
int bytesToSkip = 1; // Skip at least the ModR/M byte
|
||||||
|
|
||||||
// Check for the 6-byte NOP special case (0x44 with 3 zero bytes)
|
// Try to find a matching NOP variant (we check longest patterns first)
|
||||||
if (modRm == 0x44 && position + 3 < Length &&
|
foreach (var (variantModRm, operand, expectedBytes) in NopVariants)
|
||||||
CodeBuffer[position + 1] == 0x00 &&
|
|
||||||
CodeBuffer[position + 2] == 0x00 &&
|
|
||||||
CodeBuffer[position + 3] == 0x00)
|
|
||||||
{
|
{
|
||||||
memOperand = "[eax+eax*1]";
|
// Skip if ModR/M doesn't match
|
||||||
Decoder.SetPosition(position + 4); // Skip the SIB, displacement, and extra byte
|
if (variantModRm != modRm)
|
||||||
}
|
|
||||||
// Look up the NOP variant in the dictionary
|
|
||||||
else if (NopVariants.TryGetValue(modRm, out var variant))
|
|
||||||
{
|
{
|
||||||
// Check if we have enough bytes and if they match the expected pattern
|
continue;
|
||||||
bool isValidVariant = position + variant.BytesToSkip < Length;
|
|
||||||
|
|
||||||
// Verify all expected bytes match
|
|
||||||
for (int i = 0; i < variant.ExpectedBytes.Length && isValidVariant; i++)
|
|
||||||
{
|
|
||||||
isValidVariant = isValidVariant && CodeBuffer[position + 1 + i] == variant.ExpectedBytes[i];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isValidVariant)
|
// Check if we have enough bytes for this pattern
|
||||||
|
if (position + expectedBytes.Length >= Length)
|
||||||
{
|
{
|
||||||
memOperand = variant.MemOperand;
|
continue;
|
||||||
Decoder.SetPosition(position + variant.BytesToSkip + 1); // +1 for ModR/M byte already skipped
|
}
|
||||||
|
|
||||||
|
// Check if the expected bytes match
|
||||||
|
bool isMatch = true;
|
||||||
|
for (int i = 0; i < expectedBytes.Length; i++)
|
||||||
|
{
|
||||||
|
if (position + i + 1 >= Length || CodeBuffer[position + i + 1] != expectedBytes[i])
|
||||||
|
{
|
||||||
|
isMatch = false;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If we found a match, use it and stop checking
|
||||||
|
if (isMatch)
|
||||||
|
{
|
||||||
|
memOperand = operand;
|
||||||
|
bytesToSkip = 1 + expectedBytes.Length; // ModR/M byte + additional bytes
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Skip the bytes we've processed
|
||||||
|
Decoder.SetPosition(position + bytesToSkip);
|
||||||
|
|
||||||
// Set the operands with the appropriate size prefix
|
// Set the operands with the appropriate size prefix
|
||||||
instruction.Operands = $"{ptrType} {memOperand}";
|
instruction.Operands = $"{ptrType} {memOperand}";
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user