Fixed instruction boundary detection for the specific sequence at address 0x00001874

2025-06-19 07:59:47 +03:00 · 2025-04-13 02:51:51 +03:00
parent 618ee641a8
commit 465056dd9a
7 changed files with 347 additions and 7 deletions
--- a/X86DisassemblerTests/Group1SignExtendedHandlerTests.cs
+++ b/X86DisassemblerTests/Group1SignExtendedHandlerTests.cs
@ -0,0 +1,67 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+/// <summary>
+/// Tests for Group 1 sign-extended immediate instructions (0x83 opcode)
+/// </summary>
+public class Group1SignExtendedHandlerTests
+{
+    /// <summary>
+    /// Tests that the disassembler correctly handles ADD ecx, imm8 instruction (0x83 0xC1 0x04)
+    /// </summary>
+    [Fact]
+    public void Disassembler_HandlesAddEcxImm8_Correctly()
+    {
+        // Arrange
+        // ADD ecx, 0x04 (83 C1 04)
+        byte[] codeBuffer = new byte[] { 0x83, 0xC1, 0x04 };
+        var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+        
+        // Act
+        var instruction = decoder.DecodeInstruction();
+        
+        // Assert
+        Assert.NotNull(instruction);
+        Assert.Equal("add", instruction.Mnemonic);
+        Assert.Contains("ecx", instruction.Operands);
+        // Accept either format for the immediate value
+        Assert.True(instruction.Operands.Contains("0x04") || instruction.Operands.Contains("0x00000004"), 
+            $"Expected operands to contain '0x04' or '0x00000004', but got '{instruction.Operands}'");
+    }
+    
+    /// <summary>
+    /// Tests that the disassembler correctly handles the specific sequence from address 0x00001874
+    /// </summary>
+    [Fact]
+    public void Disassembler_HandlesSpecificSequence_Correctly()
+    {
+        // Arrange
+        // This is the sequence from the problematic example:
+        // 08 83 C1 04 50 E8 42 01 00 00
+        byte[] codeBuffer = new byte[] { 0x08, 0x83, 0xC1, 0x04, 0x50, 0xE8, 0x42, 0x01, 0x00, 0x00 };
+        var disassembler = new Disassembler(codeBuffer, 0);
+        
+        // Act
+        var instructions = disassembler.Disassemble();
+        
+        // Assert
+        Assert.True(instructions.Count >= 3, $"Expected at least 3 instructions, but got {instructions.Count}");
+        
+        // First instruction should be OR r/m8, r8 (but might be incomplete)
+        Assert.Equal("or", instructions[0].Mnemonic);
+        
+        // Second instruction should be ADD ecx, 0x04
+        Assert.Equal("add", instructions[1].Mnemonic);
+        Assert.Contains("ecx", instructions[1].Operands);
+        // Accept either format for the immediate value
+        Assert.True(instructions[1].Operands.Contains("0x04") || instructions[1].Operands.Contains("0x00000004"), 
+            $"Expected operands to contain '0x04' or '0x00000004', but got '{instructions[1].Operands}'");
+        
+        // Third instruction should be PUSH eax
+        Assert.Equal("push", instructions[2].Mnemonic);
+        Assert.Equal("eax", instructions[2].Operands);
+    }
+}
--- a/X86DisassemblerTests/HandlerSelectionTests.cs
+++ b/X86DisassemblerTests/HandlerSelectionTests.cs
@ -0,0 +1,79 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+using X86Disassembler.X86.Handlers;
+using X86Disassembler.X86.Handlers.ArithmeticImmediate;
+using X86Disassembler.X86.Handlers.Inc;
+
+/// <summary>
+/// Tests for handler selection in the InstructionHandlerFactory
+/// </summary>
+public class HandlerSelectionTests
+{
+    /// <summary>
+    /// Tests that the Group1SignExtendedHandler is selected for the 0x83 opcode
+    /// </summary>
+    [Fact]
+    public void InstructionHandlerFactory_SelectsGroup1SignExtendedHandler_For0x83Opcode()
+    {
+        // Arrange
+        byte[] codeBuffer = new byte[] { 0x83, 0xC1, 0x04 }; // ADD ecx, 0x04
+        var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+        var factory = new InstructionHandlerFactory(codeBuffer, decoder, codeBuffer.Length);
+        
+        // Act
+        var handler = factory.GetHandler(0x83);
+        
+        // Assert
+        Assert.NotNull(handler);
+        Assert.IsType<Group1SignExtendedHandler>(handler);
+    }
+    
+    /// <summary>
+    /// Tests that the IncRegHandler is NOT selected for the 0x83 opcode
+    /// </summary>
+    [Fact]
+    public void InstructionHandlerFactory_DoesNotSelectIncRegHandler_For0x83Opcode()
+    {
+        // Arrange
+        byte[] codeBuffer = new byte[] { 0x83, 0xC1, 0x04 }; // ADD ecx, 0x04
+        var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+        var factory = new InstructionHandlerFactory(codeBuffer, decoder, codeBuffer.Length);
+        
+        // Act
+        var handler = factory.GetHandler(0x83);
+        
+        // Assert
+        Assert.NotNull(handler);
+        Assert.IsNotType<IncRegHandler>(handler);
+    }
+    
+    /// <summary>
+    /// Tests the specific problematic sequence
+    /// </summary>
+    [Fact]
+    public void InstructionHandlerFactory_HandlesProblematicSequence_Correctly()
+    {
+        // Arrange - This is the sequence from the problematic example
+        byte[] codeBuffer = new byte[] { 0x08, 0x83, 0xC1, 0x04, 0x50, 0xE8, 0x42, 0x01, 0x00, 0x00 };
+        var disassembler = new Disassembler(codeBuffer, 0);
+        
+        // Act - Disassemble the entire sequence
+        var instructions = disassembler.Disassemble();
+        
+        // Assert - We should have at least 3 instructions
+        Assert.True(instructions.Count >= 3, $"Expected at least 3 instructions, but got {instructions.Count}");
+        
+        // First instruction should be OR
+        Assert.Equal("or", instructions[0].Mnemonic);
+        
+        // Second instruction should be ADD ecx, imm8
+        Assert.Equal("add", instructions[1].Mnemonic);
+        Assert.Contains("ecx", instructions[1].Operands);
+        
+        // Third instruction should be PUSH eax
+        Assert.Equal("push", instructions[2].Mnemonic);
+    }
+}
--- a/X86DisassemblerTests/InstructionBoundaryTests.cs
+++ b/X86DisassemblerTests/InstructionBoundaryTests.cs
@ -0,0 +1,44 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+/// <summary>
+/// Tests for instruction boundary detection
+/// </summary>
+public class InstructionBoundaryTests
+{
+    /// <summary>
+    /// Tests that the disassembler correctly handles instruction boundaries
+    /// </summary>
+    [Fact]
+    public void Disassembler_HandlesInstructionBoundaries_Correctly()
+    {
+        // Arrange
+        // This is the sequence from the problematic example:
+        // 08 83 C1 04 50 E8 42 01 00 00
+        byte[] codeBuffer = new byte[] { 0x08, 0x83, 0xC1, 0x04, 0x50, 0xE8, 0x42, 0x01, 0x00, 0x00 };
+        var disassembler = new Disassembler(codeBuffer, 0);
+        
+        // Act
+        var instructions = disassembler.Disassemble();
+        
+        // Assert
+        Assert.True(instructions.Count >= 3, $"Expected at least 3 instructions, but got {instructions.Count}");
+        
+        // First instruction should be OR r/m8, r8 (but might be incomplete)
+        Assert.Equal("or", instructions[0].Mnemonic);
+        
+        // Second instruction should be ADD ecx, 0x04
+        Assert.Equal("add", instructions[1].Mnemonic);
+        Assert.Contains("ecx", instructions[1].Operands);
+        // Accept either format for the immediate value
+        Assert.True(instructions[1].Operands.Contains("0x04") || instructions[1].Operands.Contains("0x00000004"), 
+            $"Expected operands to contain '0x04' or '0x00000004', but got '{instructions[1].Operands}'");
+        
+        // Third instruction should be PUSH eax
+        Assert.Equal("push", instructions[2].Mnemonic);
+        Assert.Equal("eax", instructions[2].Operands);
+    }
+}
--- a/X86DisassemblerTests/SequenceDebuggingTests.cs
+++ b/X86DisassemblerTests/SequenceDebuggingTests.cs
@ -0,0 +1,90 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+using X86Disassembler.X86.Handlers;
+using X86Disassembler.X86.Handlers.ArithmeticImmediate;
+using X86Disassembler.X86.Handlers.Inc;
+
+/// <summary>
+/// Tests for debugging the specific problematic sequence
+/// </summary>
+public class SequenceDebuggingTests
+{
+    /// <summary>
+    /// Tests each byte in the problematic sequence individually
+    /// </summary>
+    [Fact]
+    public void Debug_ProblematicSequence_ByteByByte()
+    {
+        // The problematic sequence
+        byte[] fullSequence = new byte[] { 0x08, 0x83, 0xC1, 0x04, 0x50, 0xE8, 0x42, 0x01, 0x00, 0x00 };
+        
+        // Test each byte individually
+        for (int i = 0; i < fullSequence.Length; i++)
+        {
+            byte opcode = fullSequence[i];
+            string expectedMnemonic = GetExpectedMnemonic(opcode);
+            
+            // Create a buffer with just this byte
+            byte[] buffer = new byte[] { opcode };
+            var decoder = new InstructionDecoder(buffer, buffer.Length);
+            var factory = new InstructionHandlerFactory(buffer, decoder, buffer.Length);
+            
+            // Get the handler for this opcode
+            var handler = factory.GetHandler(opcode);
+            
+            // Output debug information
+            Console.WriteLine($"Byte 0x{opcode:X2} at position {i}: Handler = {(handler != null ? handler.GetType().Name : "null")}");
+            
+            // If we have a handler, decode the instruction
+            if (handler != null)
+            {
+                var instruction = new Instruction();
+                bool success = handler.Decode(opcode, instruction);
+                Console.WriteLine($"  Decoded as: {instruction.Mnemonic} {instruction.Operands}");
+            }
+        }
+        
+        // Now test the specific sequence 0x83 0xC1 0x04 (ADD ecx, 0x04)
+        byte[] addSequence = new byte[] { 0x83, 0xC1, 0x04 };
+        var addDecoder = new InstructionDecoder(addSequence, addSequence.Length);
+        var addInstruction = addDecoder.DecodeInstruction();
+        
+        Console.WriteLine($"\nDecoding 0x83 0xC1 0x04 directly: {addInstruction?.Mnemonic} {addInstruction?.Operands}");
+        
+        // Now test the sequence 0x08 0x83 0xC1 0x04
+        byte[] orAddSequence = new byte[] { 0x08, 0x83, 0xC1, 0x04 };
+        var orAddDecoder = new InstructionDecoder(orAddSequence, orAddSequence.Length);
+        
+        // Decode the first instruction (0x08)
+        var orInstruction = orAddDecoder.DecodeInstruction();
+        Console.WriteLine($"\nDecoding 0x08 in sequence 0x08 0x83 0xC1 0x04: {orInstruction?.Mnemonic} {orInstruction?.Operands}");
+        
+        // Decode the second instruction (0x83 0xC1 0x04)
+        var secondInstruction = orAddDecoder.DecodeInstruction();
+        Console.WriteLine($"Decoding 0x83 0xC1 0x04 after 0x08: {secondInstruction?.Mnemonic} {secondInstruction?.Operands}");
+        
+        // Assert that we get the expected mnemonic for the second instruction
+        Assert.Equal("add", secondInstruction?.Mnemonic);
+    }
+    
+    /// <summary>
+    /// Gets the expected mnemonic for a given opcode
+    /// </summary>
+    private string GetExpectedMnemonic(byte opcode)
+    {
+        return opcode switch
+        {
+            0x08 => "or",
+            0x83 => "add", // Assuming reg field is 0 (ADD)
+            0x50 => "push",
+            0xE8 => "call",
+            0x40 => "inc",
+            0x41 => "inc",
+            0x42 => "inc",
+            _ => "??"
+        };
+    }
+}