diff --git a/X86Disassembler/X86/Handlers/And/AndAlImmHandler.cs b/X86Disassembler/X86/Handlers/And/AndAlImmHandler.cs
new file mode 100644
index 0000000..0f7d0dd
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndAlImmHandler.cs
@@ -0,0 +1,57 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND AL, imm8 instruction (0x24)
+///
+public class AndAlImmHandler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndAlImmHandler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndAlImmHandler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x24;
+ }
+
+ ///
+ /// Decodes an AND AL, imm8 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ // Read immediate value
+ if (position >= Length)
+ {
+ instruction.Operands = "al, ??";
+ return true;
+ }
+
+ // Read immediate value
+ byte imm8 = Decoder.ReadByte();
+
+ // Set operands
+ instruction.Operands = $"al, 0x{imm8:X2}";
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs b/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs
new file mode 100644
index 0000000..b797ff8
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs
@@ -0,0 +1,57 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND EAX, imm32 instruction (0x25)
+///
+public class AndEaxImmHandler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndEaxImmHandler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndEaxImmHandler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x25;
+ }
+
+ ///
+ /// Decodes an AND EAX, imm32 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ // Read immediate value
+ if (position + 3 >= Length)
+ {
+ instruction.Operands = "eax, ??";
+ return true;
+ }
+
+ // Read immediate value
+ uint imm32 = Decoder.ReadUInt32();
+
+ // Set operands
+ instruction.Operands = $"eax, 0x{imm32:X8}";
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndImmToRm32Handler.cs b/X86Disassembler/X86/Handlers/And/AndImmToRm32Handler.cs
new file mode 100644
index 0000000..5fef8d1
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndImmToRm32Handler.cs
@@ -0,0 +1,94 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r/m32, imm32 instruction (0x81 /4)
+///
+public class AndImmToRm32Handler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndImmToRm32Handler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndImmToRm32Handler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ if (opcode != 0x81)
+ {
+ return false;
+ }
+
+ // Check if we have enough bytes to read the ModR/M byte
+ int position = Decoder.GetPosition();
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte to check the reg field (bits 5-3)
+ byte modRM = CodeBuffer[position];
+ int reg = (modRM >> 3) & 0x7;
+
+ // reg = 4 means AND operation
+ return reg == 4;
+ }
+
+ ///
+ /// Decodes an AND r/m32, imm32 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Read immediate value
+ if (position + 3 >= Length)
+ {
+ // Incomplete instruction
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{rmRegName}, ??";
+ }
+ else
+ {
+ instruction.Operands = $"{memOperand}, ??";
+ }
+ return true;
+ }
+
+ // Read immediate value
+ uint imm32 = Decoder.ReadUInt32();
+
+ // Set operands
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{rmRegName}, 0x{imm32:X8}";
+ }
+ else
+ {
+ instruction.Operands = $"{memOperand}, 0x{imm32:X8}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndImmToRm32SignExtendedHandler.cs b/X86Disassembler/X86/Handlers/And/AndImmToRm32SignExtendedHandler.cs
new file mode 100644
index 0000000..72fced3
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndImmToRm32SignExtendedHandler.cs
@@ -0,0 +1,96 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r/m32, imm8 (sign-extended) instruction (0x83 /4)
+///
+public class AndImmToRm32SignExtendedHandler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndImmToRm32SignExtendedHandler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndImmToRm32SignExtendedHandler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ if (opcode != 0x83)
+ {
+ return false;
+ }
+
+ // Check if we have enough bytes to read the ModR/M byte
+ int position = Decoder.GetPosition();
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte to check the reg field (bits 5-3)
+ byte modRM = CodeBuffer[position];
+ int reg = (modRM >> 3) & 0x7;
+
+ // reg = 4 means AND operation
+ return reg == 4;
+ }
+
+ ///
+ /// Decodes an AND r/m32, imm8 (sign-extended) instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Read immediate value
+ if (position >= Length)
+ {
+ // Incomplete instruction
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{rmRegName}, ??";
+ }
+ else
+ {
+ instruction.Operands = $"{memOperand}, ??";
+ }
+ return true;
+ }
+
+ // Read and sign-extend the immediate value
+ byte imm8 = Decoder.ReadByte();
+ int signExtended = (sbyte)imm8;
+ uint imm32 = (uint)signExtended;
+
+ // Set operands
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{rmRegName}, 0x{imm32:X8}";
+ }
+ else
+ {
+ instruction.Operands = $"{memOperand}, 0x{imm32:X8}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndImmToRm8Handler.cs b/X86Disassembler/X86/Handlers/And/AndImmToRm8Handler.cs
new file mode 100644
index 0000000..3a18103
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndImmToRm8Handler.cs
@@ -0,0 +1,93 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r/m8, imm8 instruction (0x80 /4)
+///
+public class AndImmToRm8Handler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndImmToRm8Handler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndImmToRm8Handler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ if (opcode != 0x80)
+ {
+ return false;
+ }
+
+ // Check if we have enough bytes to read the ModR/M byte
+ int position = Decoder.GetPosition();
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte to check the reg field (bits 5-3)
+ byte modRM = CodeBuffer[position];
+ int reg = (modRM >> 3) & 0x7;
+
+ // reg = 4 means AND operation
+ return reg == 4;
+ }
+
+ ///
+ /// Decodes an AND r/m8, imm8 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Read immediate value
+ if (position >= Length)
+ {
+ // Incomplete instruction
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 8);
+ instruction.Operands = $"{rmRegName}, ??";
+ }
+ else
+ {
+ instruction.Operands = $"byte ptr {memOperand}, ??";
+ }
+ return true;
+ }
+
+ byte imm8 = Decoder.ReadByte();
+
+ // Set operands
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 8);
+ instruction.Operands = $"{rmRegName}, 0x{imm8:X2}";
+ }
+ else
+ {
+ instruction.Operands = $"byte ptr {memOperand}, 0x{imm8:X2}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndMemRegHandler.cs b/X86Disassembler/X86/Handlers/And/AndMemRegHandler.cs
new file mode 100644
index 0000000..4833a61
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndMemRegHandler.cs
@@ -0,0 +1,66 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r/m32, r32 instruction (0x21)
+///
+public class AndMemRegHandler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndMemRegHandler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndMemRegHandler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x21;
+ }
+
+ ///
+ /// Decodes an AND r/m32, r32 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Get register name
+ string regName = ModRMDecoder.GetRegisterName(reg, 32);
+
+ // For mod == 3, both operands are registers
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{rmRegName}, {regName}";
+ }
+ else // Memory operand
+ {
+ instruction.Operands = $"{memOperand}, {regName}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndR32Rm32Handler.cs b/X86Disassembler/X86/Handlers/And/AndR32Rm32Handler.cs
new file mode 100644
index 0000000..f1fd6e9
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndR32Rm32Handler.cs
@@ -0,0 +1,66 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r32, r/m32 instruction (0x23)
+///
+public class AndR32Rm32Handler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndR32Rm32Handler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndR32Rm32Handler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x23;
+ }
+
+ ///
+ /// Decodes an AND r32, r/m32 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Get register name
+ string regName = ModRMDecoder.GetRegisterName(reg, 32);
+
+ // For mod == 3, both operands are registers
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 32);
+ instruction.Operands = $"{regName}, {rmRegName}";
+ }
+ else // Memory operand
+ {
+ instruction.Operands = $"{regName}, {memOperand}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndR8Rm8Handler.cs b/X86Disassembler/X86/Handlers/And/AndR8Rm8Handler.cs
new file mode 100644
index 0000000..9bf12af
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndR8Rm8Handler.cs
@@ -0,0 +1,66 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r8, r/m8 instruction (0x22)
+///
+public class AndR8Rm8Handler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndR8Rm8Handler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndR8Rm8Handler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x22;
+ }
+
+ ///
+ /// Decodes an AND r8, r/m8 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Get register name
+ string regName = ModRMDecoder.GetRegisterName(reg, 8);
+
+ // For mod == 3, both operands are registers
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 8);
+ instruction.Operands = $"{regName}, {rmRegName}";
+ }
+ else // Memory operand
+ {
+ instruction.Operands = $"{regName}, byte ptr {memOperand}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/And/AndRm8R8Handler.cs b/X86Disassembler/X86/Handlers/And/AndRm8R8Handler.cs
new file mode 100644
index 0000000..9a27d53
--- /dev/null
+++ b/X86Disassembler/X86/Handlers/And/AndRm8R8Handler.cs
@@ -0,0 +1,66 @@
+namespace X86Disassembler.X86.Handlers.And;
+
+///
+/// Handler for AND r/m8, r8 instruction (0x20)
+///
+public class AndRm8R8Handler : InstructionHandler
+{
+ ///
+ /// Initializes a new instance of the AndRm8R8Handler class
+ ///
+ /// The buffer containing the code to decode
+ /// The instruction decoder that owns this handler
+ /// The length of the buffer
+ public AndRm8R8Handler(byte[] codeBuffer, InstructionDecoder decoder, int length)
+ : base(codeBuffer, decoder, length)
+ {
+ }
+
+ ///
+ /// Checks if this handler can decode the given opcode
+ ///
+ /// The opcode to check
+ /// True if this handler can decode the opcode
+ public override bool CanHandle(byte opcode)
+ {
+ return opcode == 0x20;
+ }
+
+ ///
+ /// Decodes an AND r/m8, r8 instruction
+ ///
+ /// The opcode of the instruction
+ /// The instruction object to populate
+ /// True if the instruction was successfully decoded
+ public override bool Decode(byte opcode, Instruction instruction)
+ {
+ // Set the mnemonic
+ instruction.Mnemonic = "and";
+
+ int position = Decoder.GetPosition();
+
+ if (position >= Length)
+ {
+ return false;
+ }
+
+ // Read the ModR/M byte
+ var (mod, reg, rm, memOperand) = ModRMDecoder.ReadModRM();
+
+ // Get register name
+ string regName = ModRMDecoder.GetRegisterName(reg, 8);
+
+ // For mod == 3, both operands are registers
+ if (mod == 3)
+ {
+ string rmRegName = ModRMDecoder.GetRegisterName(rm, 8);
+ instruction.Operands = $"{rmRegName}, {regName}";
+ }
+ else // Memory operand
+ {
+ instruction.Operands = $"byte ptr {memOperand}, {regName}";
+ }
+
+ return true;
+ }
+}
diff --git a/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs b/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
index 72fa622..2ad5a02 100644
--- a/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
+++ b/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
@@ -1,4 +1,5 @@
using X86Disassembler.X86.Handlers.Add;
+using X86Disassembler.X86.Handlers.And;
using X86Disassembler.X86.Handlers.ArithmeticImmediate;
using X86Disassembler.X86.Handlers.ArithmeticUnary;
using X86Disassembler.X86.Handlers.Call;
@@ -56,6 +57,7 @@ public class InstructionHandlerFactory
// Register handlers in order of priority (most specific first)
RegisterArithmeticImmediateHandlers(); // Group 1 instructions (including 0x83)
RegisterAddHandlers();
+ RegisterAndHandlers();
RegisterArithmeticUnaryHandlers();
RegisterCmpHandlers();
RegisterXorHandlers();
@@ -349,6 +351,24 @@ public class InstructionHandlerFactory
_handlers.Add(new PopRegHandler(_codeBuffer, _decoder, _length));
}
+ ///
+ /// Registers all And instruction handlers
+ ///
+ private void RegisterAndHandlers()
+ {
+ // Add AND handlers
+ _handlers.Add(new AndImmToRm8Handler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndImmToRm32Handler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndImmToRm32SignExtendedHandler(_codeBuffer, _decoder, _length));
+
+ _handlers.Add(new AndR8Rm8Handler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndRm8R8Handler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndR32Rm32Handler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndMemRegHandler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndAlImmHandler(_codeBuffer, _decoder, _length));
+ _handlers.Add(new AndEaxImmHandler(_codeBuffer, _decoder, _length));
+ }
+
///
/// Gets the handler that can decode the given opcode
///
diff --git a/X86DisassemblerTests/AdcInstructionTests.cs b/X86DisassemblerTests/AdcInstructionTests.cs
new file mode 100644
index 0000000..f6d4ab0
--- /dev/null
+++ b/X86DisassemblerTests/AdcInstructionTests.cs
@@ -0,0 +1,53 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+///
+/// Tests for ADC (Add with Carry) instruction handlers
+///
+public class AdcInstructionTests
+{
+ ///
+ /// Tests the AdcImmToRm32Handler for decoding ADC r/m32, imm32 instruction
+ ///
+ [Fact]
+ public void AdcImmToRm32Handler_DecodesAdcRm32Imm32_Correctly()
+ {
+ // Arrange
+ // ADC EAX, 0x12345678 (81 D0 78 56 34 12) - ModR/M byte D0 = 11 010 000 (mod=3, reg=2, rm=0)
+ // mod=3 means direct register addressing, reg=2 is the ADC opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x81, 0xD0, 0x78, 0x56, 0x34, 0x12 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("adc", instruction.Mnemonic);
+ Assert.Equal("eax, 0x12345678", instruction.Operands);
+ }
+
+ ///
+ /// Tests the AdcImmToRm32SignExtendedHandler for decoding ADC r/m32, imm8 instruction
+ ///
+ [Fact]
+ public void AdcImmToRm32SignExtendedHandler_DecodesAdcRm32Imm8_Correctly()
+ {
+ // Arrange
+ // ADC EAX, 0x42 (83 D0 42) - ModR/M byte D0 = 11 010 000 (mod=3, reg=2, rm=0)
+ // mod=3 means direct register addressing, reg=2 is the ADC opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x83, 0xD0, 0x42 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("adc", instruction.Mnemonic);
+ Assert.Equal("eax, 0x00000042", instruction.Operands);
+ }
+}
diff --git a/X86DisassemblerTests/AndInstructionTests.cs b/X86DisassemblerTests/AndInstructionTests.cs
new file mode 100644
index 0000000..d898287
--- /dev/null
+++ b/X86DisassemblerTests/AndInstructionTests.cs
@@ -0,0 +1,95 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+///
+/// Tests for AND instruction handlers
+///
+public class AndInstructionTests
+{
+ ///
+ /// Tests the AndImmWithRm32Handler for decoding AND r/m32, imm32 instruction
+ ///
+ [Fact]
+ public void AndImmWithRm32Handler_DecodesAndRm32Imm32_Correctly()
+ {
+ // Arrange
+ // AND EAX, 0x12345678 (81 E0 78 56 34 12) - ModR/M byte E0 = 11 100 000 (mod=3, reg=4, rm=0)
+ // mod=3 means direct register addressing, reg=4 is the AND opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x81, 0xE0, 0x78, 0x56, 0x34, 0x12 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("and", instruction.Mnemonic);
+ Assert.Equal("eax, 0x12345678", instruction.Operands);
+ }
+
+ ///
+ /// Tests the AndImmWithRm32SignExtendedHandler for decoding AND r/m32, imm8 instruction
+ ///
+ [Fact]
+ public void AndImmWithRm32SignExtendedHandler_DecodesAndRm32Imm8_Correctly()
+ {
+ // Arrange
+ // AND EAX, 0x42 (83 E0 42) - ModR/M byte E0 = 11 100 000 (mod=3, reg=4, rm=0)
+ // mod=3 means direct register addressing, reg=4 is the AND opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x83, 0xE0, 0x42 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("and", instruction.Mnemonic);
+ Assert.Equal("eax, 0x00000042", instruction.Operands);
+ }
+
+ ///
+ /// Tests the AND r32, r/m32 instruction
+ ///
+ [Fact]
+ public void And_DecodesAndR32Rm32_Correctly()
+ {
+ // Arrange
+ // AND EAX, ECX (23 C1) - ModR/M byte C1 = 11 000 001 (mod=3, reg=0, rm=1)
+ // mod=3 means direct register addressing, reg=0 is EAX, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0x23, 0xC1 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("and", instruction.Mnemonic);
+ Assert.Equal("eax, ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the AND r/m32, r32 instruction
+ ///
+ [Fact]
+ public void And_DecodesAndRm32R32_Correctly()
+ {
+ // Arrange
+ // AND ECX, EAX (21 C1) - ModR/M byte C1 = 11 000 001 (mod=3, reg=0, rm=1)
+ // mod=3 means direct register addressing, reg=0 is EAX, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0x21, 0xC1 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("and", instruction.Mnemonic);
+ Assert.Equal("ecx, eax", instruction.Operands);
+ }
+}
diff --git a/X86DisassemblerTests/ArithmeticUnaryTests.cs b/X86DisassemblerTests/ArithmeticUnaryTests.cs
new file mode 100644
index 0000000..b143faa
--- /dev/null
+++ b/X86DisassemblerTests/ArithmeticUnaryTests.cs
@@ -0,0 +1,137 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+///
+/// Tests for arithmetic unary operations (DIV, IDIV, MUL, IMUL, NEG, NOT)
+///
+public class ArithmeticUnaryTests
+{
+ ///
+ /// Tests the DivRm32Handler for decoding DIV r/m32 instruction
+ ///
+ [Fact]
+ public void DivRm32Handler_DecodesDivRm32_Correctly()
+ {
+ // Arrange
+ // DIV ECX (F7 F1) - ModR/M byte F1 = 11 110 001 (mod=3, reg=6, rm=1)
+ // mod=3 means direct register addressing, reg=6 is the DIV opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xF1 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("div", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the IdivRm32Handler for decoding IDIV r/m32 instruction
+ ///
+ [Fact]
+ public void IdivRm32Handler_DecodesIdivRm32_Correctly()
+ {
+ // Arrange
+ // IDIV ECX (F7 F9) - ModR/M byte F9 = 11 111 001 (mod=3, reg=7, rm=1)
+ // mod=3 means direct register addressing, reg=7 is the IDIV opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xF9 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("idiv", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the MulRm32Handler for decoding MUL r/m32 instruction
+ ///
+ [Fact]
+ public void MulRm32Handler_DecodesMulRm32_Correctly()
+ {
+ // Arrange
+ // MUL ECX (F7 E1) - ModR/M byte E1 = 11 100 001 (mod=3, reg=4, rm=1)
+ // mod=3 means direct register addressing, reg=4 is the MUL opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xE1 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("mul", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the ImulRm32Handler for decoding IMUL r/m32 instruction
+ ///
+ [Fact]
+ public void ImulRm32Handler_DecodesImulRm32_Correctly()
+ {
+ // Arrange
+ // IMUL ECX (F7 E9) - ModR/M byte E9 = 11 101 001 (mod=3, reg=5, rm=1)
+ // mod=3 means direct register addressing, reg=5 is the IMUL opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xE9 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("imul", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the NegRm32Handler for decoding NEG r/m32 instruction
+ ///
+ [Fact]
+ public void NegRm32Handler_DecodesNegRm32_Correctly()
+ {
+ // Arrange
+ // NEG ECX (F7 D9) - ModR/M byte D9 = 11 011 001 (mod=3, reg=3, rm=1)
+ // mod=3 means direct register addressing, reg=3 is the NEG opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xD9 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("neg", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+
+ ///
+ /// Tests the NotRm32Handler for decoding NOT r/m32 instruction
+ ///
+ [Fact]
+ public void NotRm32Handler_DecodesNotRm32_Correctly()
+ {
+ // Arrange
+ // NOT ECX (F7 D1) - ModR/M byte D1 = 11 010 001 (mod=3, reg=2, rm=1)
+ // mod=3 means direct register addressing, reg=2 is the NOT opcode extension, rm=1 is ECX
+ byte[] codeBuffer = new byte[] { 0xF7, 0xD1 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("not", instruction.Mnemonic);
+ Assert.Equal("ecx", instruction.Operands);
+ }
+}
diff --git a/X86DisassemblerTests/DebugHandlerRegistration.cs b/X86DisassemblerTests/DebugHandlerRegistration.cs
new file mode 100644
index 0000000..aa2b879
--- /dev/null
+++ b/X86DisassemblerTests/DebugHandlerRegistration.cs
@@ -0,0 +1,65 @@
+using System.Reflection;
+using System.Text;
+using X86Disassembler.X86;
+using X86Disassembler.X86.Handlers;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace X86DisassemblerTests;
+
+///
+/// Debug test to find missing handler registrations
+///
+public class DebugHandlerRegistration
+{
+ private readonly ITestOutputHelper _output;
+
+ public DebugHandlerRegistration(ITestOutputHelper output)
+ {
+ _output = output;
+ }
+
+ ///
+ /// Find which handlers are not registered in the factory
+ ///
+ [Fact]
+ public void FindMissingHandlers()
+ {
+ // Create a factory
+ byte[] codeBuffer = new byte[1];
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+ var sut = new InstructionHandlerFactory(codeBuffer, decoder, codeBuffer.Length);
+
+ // Get the handlers registered in the factory
+ var handlers = (List)sut.GetType()
+ .GetField("_handlers", BindingFlags.Instance | BindingFlags.NonPublic)!
+ .GetValue(sut)!;
+
+ // Get all handler types in the assembly
+ var handlerTypes = typeof(InstructionHandler).Assembly.GetExportedTypes()
+ .Where(x => x.IsAssignableTo(typeof(InstructionHandler)) && x is { IsAbstract: false, IsInterface: false })
+ .ToList();
+
+ // Find missing handlers
+ var missingHandlers = new StringBuilder();
+ foreach (var handlerType in handlerTypes)
+ {
+ if (!handlers.Any(x => x.GetType() == handlerType))
+ {
+ missingHandlers.AppendLine($"Missing handler: {handlerType.FullName}");
+ }
+ }
+
+ // Output missing handlers
+ if (missingHandlers.Length > 0)
+ {
+ _output.WriteLine("The following handlers are not registered in the factory:");
+ _output.WriteLine(missingHandlers.ToString());
+ Assert.False(true, "Missing handlers detected");
+ }
+ else
+ {
+ _output.WriteLine("All handlers are registered correctly.");
+ }
+ }
+}
diff --git a/X86DisassemblerTests/SbbInstructionTests.cs b/X86DisassemblerTests/SbbInstructionTests.cs
new file mode 100644
index 0000000..1e8bfb4
--- /dev/null
+++ b/X86DisassemblerTests/SbbInstructionTests.cs
@@ -0,0 +1,53 @@
+namespace X86DisassemblerTests;
+
+using System;
+using Xunit;
+using X86Disassembler.X86;
+
+///
+/// Tests for SBB (Subtract with Borrow) instruction handlers
+///
+public class SbbInstructionTests
+{
+ ///
+ /// Tests the SbbImmFromRm32Handler for decoding SBB r/m32, imm32 instruction
+ ///
+ [Fact]
+ public void SbbImmFromRm32Handler_DecodesSbbRm32Imm32_Correctly()
+ {
+ // Arrange
+ // SBB EAX, 0x12345678 (81 D8 78 56 34 12) - ModR/M byte D8 = 11 011 000 (mod=3, reg=3, rm=0)
+ // mod=3 means direct register addressing, reg=3 is the SBB opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x81, 0xD8, 0x78, 0x56, 0x34, 0x12 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("sbb", instruction.Mnemonic);
+ Assert.Equal("eax, 0x12345678", instruction.Operands);
+ }
+
+ ///
+ /// Tests the SbbImmFromRm32SignExtendedHandler for decoding SBB r/m32, imm8 instruction
+ ///
+ [Fact]
+ public void SbbImmFromRm32SignExtendedHandler_DecodesSbbRm32Imm8_Correctly()
+ {
+ // Arrange
+ // SBB EAX, 0x42 (83 D8 42) - ModR/M byte D8 = 11 011 000 (mod=3, reg=3, rm=0)
+ // mod=3 means direct register addressing, reg=3 is the SBB opcode extension, rm=0 is EAX
+ byte[] codeBuffer = new byte[] { 0x83, 0xD8, 0x42 };
+ var decoder = new InstructionDecoder(codeBuffer, codeBuffer.Length);
+
+ // Act
+ var instruction = decoder.DecodeInstruction();
+
+ // Assert
+ Assert.NotNull(instruction);
+ Assert.Equal("sbb", instruction.Mnemonic);
+ Assert.Equal("eax, 0x00000042", instruction.Operands);
+ }
+}