1 /*
2 operands.c
3
4 diStorm3 - Powerful disassembler for X86/AMD64
5 http://ragestorm.net/distorm/
6 distorm at gmail dot com
7 Copyright (C) 2003-2012 Gil Dabah
8
9 This program is free software: you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation, either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>
21 */
22
23
24 #include "config.h"
25 #include "operands.h"
26 #include "x86defs.h"
27 #include "insts.h"
28 #include "../include/mnemonics.h"
29
30
31 /* Maps a register to its register-class mask. */
32 uint16_t _REGISTERTORCLASS[] = /* Based on _RegisterType enumeration! */
33 {RM_AX, RM_CX, RM_DX, RM_BX, RM_SP, RM_BP, RM_SI, RM_DI, 0, 0, 0, 0, 0, 0, 0, 0,
34 RM_AX, RM_CX, RM_DX, RM_BX, RM_SP, RM_BP, RM_SI, RM_DI, 0, 0, 0, 0, 0, 0, 0, 0,
35 RM_AX, RM_CX, RM_DX, RM_BX, RM_SP, RM_BP, RM_SI, RM_DI, 0, 0, 0, 0, 0, 0, 0, 0,
36 RM_AX, RM_CX, RM_DX, RM_BX, RM_AX, RM_CX, RM_DX, RM_BX, 0, 0, 0, 0, 0, 0, 0, 0,
37 RM_SP, RM_BP, RM_SI, RM_DI,
38 0, 0, 0, 0, 0, 0,
39 0,
40 RM_FPU, RM_FPU, RM_FPU, RM_FPU, RM_FPU, RM_FPU, RM_FPU, RM_FPU,
41 RM_MMX, RM_MMX, RM_MMX, RM_MMX, RM_MMX, RM_MMX, RM_MMX, RM_MMX,
42 RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE, RM_SSE,
43 RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX, RM_AVX,
44 RM_CR, 0, RM_CR, RM_CR, RM_CR, 0, 0, 0, RM_CR,
45 RM_DR, RM_DR, RM_DR, RM_DR, 0, 0, RM_DR, RM_DR
46 };
47
48 typedef enum {OPERAND_SIZE_NONE = 0, OPERAND_SIZE8, OPERAND_SIZE16, OPERAND_SIZE32, OPERAND_SIZE64, OPERAND_SIZE80, OPERAND_SIZE128, OPERAND_SIZE256} _OperandSizeType;
49 static uint16_t _OPSIZETOINT[] = {0, 8, 16, 32, 64, 80, 128, 256};
50
51 /* A helper function to fix the 8 bits register if REX is used (to support SIL, DIL, etc). */
operands_fix_8bit_rex_base(unsigned int reg)52 static unsigned int _FASTCALL_ operands_fix_8bit_rex_base(unsigned int reg)
53 {
54 if ((reg >= 4) && (reg < 8)) return reg + REGS8_REX_BASE - 4;
55 return reg + REGS8_BASE;
56 }
57
58 /* A helper function to set operand's type and size. */
operands_set_ts(_Operand * op,_OperandType type,uint16_t size)59 static void _FASTCALL_ operands_set_ts(_Operand* op, _OperandType type, uint16_t size)
60 {
61 op->type = type;
62 op->size = size;
63 }
64
65 /* A helper function to set operand's type, size and index. */
operands_set_tsi(_Operand * op,_OperandType type,uint16_t size,unsigned int index)66 static void _FASTCALL_ operands_set_tsi(_Operand* op, _OperandType type, uint16_t size, unsigned int index)
67 {
68 op->type = type;
69 op->index = (uint8_t)index;
70 op->size = size;
71 }
72
73 /* A helper function to read an unsigned integer from the stream safely. */
read_stream_safe_uint(_CodeInfo * ci,void * result,unsigned int size)74 static int _FASTCALL_ read_stream_safe_uint(_CodeInfo* ci, void* result, unsigned int size)
75 {
76 ci->codeLen -= size;
77 if (ci->codeLen < 0) return FALSE;
78 switch (size)
79 {
80 case 1: *(uint8_t*)result = *(uint8_t*)ci->code; break;
81 case 2: *(uint16_t*)result = RUSHORT(ci->code); break;
82 case 4: *(uint32_t*)result = RULONG(ci->code); break;
83 case 8: *(uint64_t*)result = RULLONG(ci->code); break;
84 }
85 ci->code += size;
86 return TRUE;
87 }
88
89 /* A helper function to read a signed integer from the stream safely. */
read_stream_safe_sint(_CodeInfo * ci,int64_t * result,unsigned int size)90 static int _FASTCALL_ read_stream_safe_sint(_CodeInfo* ci, int64_t* result, unsigned int size)
91 {
92 ci->codeLen -= size;
93 if (ci->codeLen < 0) return FALSE;
94 switch (size)
95 {
96 case 1: *result = *(int8_t*)ci->code; break;
97 case 2: *result = RSHORT(ci->code); break;
98 case 4: *result = RLONG(ci->code); break;
99 case 8: *result = RLLONG(ci->code); break;
100 }
101 ci->code += size;
102 return TRUE;
103 }
104
105 /*
106 * SIB decoding is the most confusing part when decoding IA-32 instructions.
107 * This explanation should clear up some stuff.
108 *
109 * ! When base == 5, use EBP as the base register !
110 * if (rm == 4) {
111 * if mod == 01, decode SIB byte and ALSO read a 8 bits displacement.
112 * if mod == 10, decode SIB byte and ALSO read a 32 bits displacement.
113 * if mod == 11 <-- EXCEPTION, this is a general-purpose register and mustn't lead to SIB decoding!
114 * ; So far so good, now the confusing part comes in with mod == 0 and base=5, but no worry.
115 * if (mod == 00) {
116 * decode SIB byte WITHOUT any displacement.
117 * EXCEPTION!!! when base == 5, read a 32 bits displacement, but this time DO NOT use (EBP) BASE at all!
118 * }
119 *
120 * NOTE: base could specify None (no base register) if base==5 and mod==0, but then you also need DISP32.
121 * }
122 */
operands_extract_sib(_DInst * di,_OperandNumberType opNum,_PrefixState * ps,_DecodeType effAdrSz,unsigned int sib,unsigned int mod)123 static void operands_extract_sib(_DInst* di, _OperandNumberType opNum,
124 _PrefixState* ps, _DecodeType effAdrSz,
125 unsigned int sib, unsigned int mod)
126 {
127 unsigned int scale = 0, index = 0, base = 0;
128 unsigned int vrex = ps->vrex;
129 uint8_t* pIndex = NULL;
130
131 _Operand* op = &di->ops[opNum];
132
133 /*
134 * SIB bits:
135 * |7---6-5----3-2---0|
136 * |SCALE| INDEX| BASE|
137 * |------------------|
138 */
139 scale = (sib >> 6) & 3;
140 index = (sib >> 3) & 7;
141 base = sib & 7;
142
143 /*
144 * The following fields: base/index/scale/disp8/32 are ALL optional by specific rules!
145 * The idea here is to keep the indirection as a simple-memory type.
146 * Because the base is optional, and we might be left with only one index.
147 * So even if there's a base but no index, or vice versa, we end up with one index register.
148 */
149
150 /* In 64 bits the REX prefix might affect the index of the SIB byte. */
151 if (vrex & PREFIX_EX_X) {
152 ps->usedPrefixes |= INST_PRE_REX;
153 index += EX_GPR_BASE;
154 }
155
156 if (index == 4) { /* No index is used. Use SMEM. */
157 op->type = O_SMEM;
158 pIndex = &op->index;
159 } else {
160 op->type = O_MEM;
161 pIndex = &di->base;
162 /* No base, unless it is updated below. E.G: [EAX*4] has no base reg. */
163 }
164
165 if (base != 5) {
166 if (vrex & PREFIX_EX_B) ps->usedPrefixes |= INST_PRE_REX;
167 *pIndex = effAdrSz == Decode64Bits ? REGS64_BASE : REGS32_BASE;
168 *pIndex += (uint8_t)(base + ((vrex & PREFIX_EX_B) ? EX_GPR_BASE : 0));
169 } else if (mod != 0) {
170 /*
171 * if base == 5 then you have to decode according to MOD.
172 * mod(00) - disp32.
173 * mod(01) - disp8 + rBP
174 * mod(10) - disp32 + rBP
175 * mod(11) - not possible, it's a general-purpose register.
176 */
177
178 if (vrex & PREFIX_EX_B) ps->usedPrefixes |= INST_PRE_REX;
179 if (effAdrSz == Decode64Bits) *pIndex = REGS64_BASE + 5 + ((vrex & PREFIX_EX_B) ? EX_GPR_BASE : 0);
180 else *pIndex = REGS32_BASE + 5 + ((vrex & PREFIX_EX_B) ? EX_GPR_BASE : 0);
181 } else if (index == 4) {
182 /* 32bits displacement only. */
183 op->type = O_DISP;
184 return;
185 }
186
187 if (index != 4) { /* In 64 bits decoding mode, if index == R12, it's valid! */
188 if (effAdrSz == Decode64Bits) op->index = (uint8_t)(REGS64_BASE + index);
189 else op->index = (uint8_t)(REGS32_BASE + index);
190 di->scale = scale != 0 ? (1 << scale) : 0;
191 }
192 }
193
194 /*
195 * This seems to be the hardest part in decoding the operands.
196 * If you take a look carefully at Table 2-2. 32-Bit Addressing Forms with the ModR/M Byte,
197 * you will understand it's easy to decode the operands.
198
199 * First we check the DT, so we can decide according to which Table in the documentation we are supposed to decode.
200 * Then we follow the specific table whether it's 16 bits or 32/64 bits.
201
202 * Don't forget that Operand Size AND Address Size prefixes may change the decoding!
203
204 * Some instructions force the use of RM16 or other specific types, so take it into account.
205 */
operands_extract_modrm(_CodeInfo * ci,_DInst * di,_OpType type,_OperandNumberType opNum,_PrefixState * ps,_DecodeType effOpSz,_DecodeType effAdrSz,int * lockableInstruction,unsigned int mod,unsigned int rm,_iflags instFlags)206 static int operands_extract_modrm(_CodeInfo* ci,
207 _DInst* di, _OpType type,
208 _OperandNumberType opNum, _PrefixState* ps,
209 _DecodeType effOpSz, _DecodeType effAdrSz,
210 int* lockableInstruction, unsigned int mod, unsigned int rm,
211 _iflags instFlags)
212 {
213 unsigned int vrex = ps->vrex, sib = 0, base = 0;
214 _Operand* op = &di->ops[opNum];
215 uint16_t size = 0;
216
217 if (mod == 3) {
218 /*
219 * General-purpose register is handled the same way in 16/32/64 bits decoding modes.
220 * NOTE!! that we have to override the size of the register, since it was set earlier as Memory and not Register!
221 */
222 op->type = O_REG;
223 /* Start with original size which was set earlier, some registers have same size of memory and depend on it. */
224 size = op->size;
225 switch(type)
226 {
227 case OT_RFULL_M16:
228 case OT_RM_FULL:
229 switch (effOpSz)
230 {
231 case Decode16Bits:
232 ps->usedPrefixes |= INST_PRE_OP_SIZE;
233 if (vrex & PREFIX_EX_B) {
234 ps->usedPrefixes |= INST_PRE_REX;
235 rm += EX_GPR_BASE;
236 }
237 size = 16;
238 rm += REGS16_BASE;
239 break;
240 case Decode32Bits:
241 ps->usedPrefixes |= INST_PRE_OP_SIZE;
242 if (vrex & PREFIX_EX_B) {
243 ps->usedPrefixes |= INST_PRE_REX;
244 rm += EX_GPR_BASE;
245 }
246 size = 32;
247 rm += REGS32_BASE;
248 break;
249 case Decode64Bits:
250 /* A fix for SMSW RAX which use the REX prefix. */
251 if (type == OT_RFULL_M16) ps->usedPrefixes |= INST_PRE_REX;
252 /* CALL NEAR/PUSH/POP defaults to 64 bits. --> INST_64BITS, REX isn't required, thus ignored anyways. */
253 if (instFlags & INST_PRE_REX) ps->usedPrefixes |= INST_PRE_REX;
254 /* Include REX if used for REX.B. */
255 if (vrex & PREFIX_EX_B) {
256 ps->usedPrefixes |= INST_PRE_REX;
257 rm += EX_GPR_BASE;
258 }
259 size = 64;
260 rm += REGS64_BASE;
261 break;
262 }
263 break;
264 case OT_R32_64_M8:
265 /* FALL THROUGH, decode 32 or 64 bits register. */
266 case OT_R32_64_M16:
267 /* FALL THROUGH, decode 32 or 64 bits register. */
268 case OT_RM32_64: /* Take care specifically in MOVNTI/MOVD/CVT's instructions, making it _REG64 with REX or if they are promoted. */
269 if (vrex & PREFIX_EX_B) {
270 ps->usedPrefixes |= INST_PRE_REX;
271 rm += EX_GPR_BASE;
272 }
273 /* Is it a promoted instruction? (only INST_64BITS is set and REX isn't required.) */
274 if ((ci->dt == Decode64Bits) && ((instFlags & (INST_64BITS | INST_PRE_REX)) == INST_64BITS)) {
275 size = 64;
276 rm += REGS64_BASE;
277 break;
278 }
279 /* Give a chance to REX.W. Because if it was a promoted instruction we don't care about REX.W anyways. */
280 if (vrex & PREFIX_EX_W) {
281 ps->usedPrefixes |= INST_PRE_REX;
282 size = 64;
283 rm += REGS64_BASE;
284 } else {
285 size = 32;
286 rm += REGS32_BASE;
287 }
288 break;
289 case OT_RM16_32: /* Used only with MOVZXD instruction to support 16 bits operand. */
290 if (vrex & PREFIX_EX_B) {
291 ps->usedPrefixes |= INST_PRE_REX;
292 rm += EX_GPR_BASE;
293 }
294 /* Is it 16 bits operand size? */
295 if (ps->decodedPrefixes & INST_PRE_OP_SIZE) {
296 ps->usedPrefixes |= INST_PRE_OP_SIZE;
297 size = 16;
298 rm += REGS16_BASE;
299 } else {
300 size = 32;
301 rm += REGS32_BASE;
302 }
303 break;
304 case OT_RM16:
305 if (vrex & PREFIX_EX_B) {
306 ps->usedPrefixes |= INST_PRE_REX;
307 rm += EX_GPR_BASE;
308 }
309 rm += REGS16_BASE;
310 break;
311 case OT_RM8:
312 if (ps->prefixExtType == PET_REX) {
313 ps->usedPrefixes |= INST_PRE_REX;
314 rm = operands_fix_8bit_rex_base(rm + ((vrex & PREFIX_EX_B) ? EX_GPR_BASE : 0));
315 } else rm += REGS8_BASE;
316 break;
317 case OT_MM32:
318 case OT_MM64:
319 /* MMX doesn't support extended registers. */
320 size = 64;
321 rm += MMXREGS_BASE;
322 break;
323
324 case OT_XMM16:
325 case OT_XMM32:
326 case OT_XMM64:
327 case OT_XMM128:
328 if (vrex & PREFIX_EX_B) {
329 ps->usedPrefixes |= INST_PRE_REX;
330 rm += EX_GPR_BASE;
331 }
332 size = 128;
333 rm += SSEREGS_BASE;
334 break;
335
336 case OT_RM32:
337 case OT_R32_M8:
338 case OT_R32_M16:
339 if (vrex & PREFIX_EX_B) {
340 ps->usedPrefixes |= INST_PRE_REX;
341 rm += EX_GPR_BASE;
342 }
343 size = 32;
344 rm += REGS32_BASE;
345 break;
346
347 case OT_YMM256:
348 if (vrex & PREFIX_EX_B) rm += EX_GPR_BASE;
349 rm += AVXREGS_BASE;
350 break;
351 case OT_YXMM64_256:
352 case OT_YXMM128_256:
353 if (vrex & PREFIX_EX_B) rm += EX_GPR_BASE;
354 if (vrex & PREFIX_EX_L) {
355 size = 256;
356 rm += AVXREGS_BASE;
357 } else {
358 size = 128;
359 rm += SSEREGS_BASE;
360 }
361 break;
362 case OT_WXMM32_64:
363 case OT_LXMM64_128:
364 if (vrex & PREFIX_EX_B) rm += EX_GPR_BASE;
365 size = 128;
366 rm += SSEREGS_BASE;
367 break;
368
369 case OT_WRM32_64:
370 case OT_REG32_64_M8:
371 case OT_REG32_64_M16:
372 if (vrex & PREFIX_EX_B) rm += EX_GPR_BASE;
373 if (vrex & PREFIX_EX_W) {
374 size = 64;
375 rm += REGS64_BASE;
376 } else {
377 size = 32;
378 rm += REGS32_BASE;
379 }
380 break;
381
382 default: return FALSE;
383 }
384 op->size = size;
385 op->index = (uint8_t)rm;
386 return TRUE;
387 }
388
389 /* Memory indirection decoding ahead:) */
390
391 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
392 if (lockableInstruction && (ps->decodedPrefixes & INST_PRE_LOCK)) *lockableInstruction = TRUE;
393
394 if (effAdrSz == Decode16Bits) {
395 /* Decoding according to Table 2-1. (16 bits) */
396 if ((mod == 0) && (rm == 6)) {
397 /* 6 is a special case - only 16 bits displacement. */
398 op->type = O_DISP;
399 di->dispSize = 16;
400 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int16_t))) return FALSE;
401 } else {
402 /*
403 * Create the O_MEM for 16 bits indirection that requires 2 registers, E.G: [BS+SI].
404 * or create O_SMEM for a single register indirection, E.G: [BP].
405 */
406 static uint8_t MODS[] = {R_BX, R_BX, R_BP, R_BP, R_SI, R_DI, R_BP, R_BX};
407 static uint8_t MODS2[] = {R_SI, R_DI, R_SI, R_DI};
408 if (rm < 4) {
409 op->type = O_MEM;
410 di->base = MODS[rm];
411 op->index = MODS2[rm];
412 } else {
413 op->type = O_SMEM;
414 op->index = MODS[rm];
415 }
416
417 if (mod == 1) { /* 8 bits displacement + indirection */
418 di->dispSize = 8;
419 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int8_t))) return FALSE;
420 } else if (mod == 2) { /* 16 bits displacement + indirection */
421 di->dispSize = 16;
422 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int16_t))) return FALSE;
423 }
424 }
425
426 if ((rm == 2) || (rm == 3) || ((rm == 6) && (mod != 0))) {
427 /* BP's default segment is SS, so ignore it. */
428 prefixes_use_segment(INST_PRE_SS, ps, ci->dt, di);
429 } else {
430 /* Ignore default DS segment. */
431 prefixes_use_segment(INST_PRE_DS, ps, ci->dt, di);
432 }
433 } else { /* Decode32Bits or Decode64Bits! */
434 /* Remember that from a 32/64 bits ModR/M byte a SIB byte could follow! */
435 if ((mod == 0) && (rm == 5)) {
436
437 /* 5 is a special case - only 32 bits displacement, or RIP relative. */
438 di->dispSize = 32;
439 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int32_t))) return FALSE;
440
441 if (ci->dt == Decode64Bits) {
442 /* In 64 bits decoding mode depsite of the address size, a RIP-relative address it is. */
443 op->type = O_SMEM;
444 op->index = R_RIP;
445 di->flags |= FLAG_RIP_RELATIVE;
446 } else {
447 /* Absolute address: */
448 op->type = O_DISP;
449 }
450 } else {
451 if (rm == 4) {
452 /* 4 is a special case - SIB byte + disp8/32 follows! */
453 /* Read SIB byte. */
454 if (!read_stream_safe_uint(ci, &sib, sizeof(int8_t))) return FALSE;
455 operands_extract_sib(di, opNum, ps, effAdrSz, sib, mod);
456 } else {
457 op->type = O_SMEM;
458 if (vrex & PREFIX_EX_B) {
459 ps->usedPrefixes |= INST_PRE_REX;
460 rm += EX_GPR_BASE;
461 }
462
463 if (effAdrSz == Decode64Bits) op->index = (uint8_t)(REGS64_BASE + rm);
464 else op->index = (uint8_t)(REGS32_BASE + rm);
465 }
466
467 if (mod == 1) {
468 di->dispSize = 8;
469 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int8_t))) return FALSE;
470 } else if ((mod == 2) || ((sib & 7) == 5)) { /* If there is no BASE, read DISP32! */
471 di->dispSize = 32;
472 if (!read_stream_safe_sint(ci, (int64_t*)&di->disp, sizeof(int32_t))) return FALSE;
473 }
474 }
475
476 /* Get the base register. */
477 base = op->index;
478 if (di->base != R_NONE) base = di->base;
479 else if (di->scale >= 2) base = 0; /* If it's only an index but got scale, it's still DS. */
480 /* Default for EBP/ESP is SS segment. 64 bits mode ignores DS anyway. */
481 if ((base == R_EBP) || (base == R_ESP)) prefixes_use_segment(INST_PRE_SS, ps, ci->dt, di);
482 else prefixes_use_segment(INST_PRE_DS, ps, ci->dt, di);
483 }
484
485 return TRUE;
486 }
487
488
489 /*
490 * This function is reponsible to textually format a required operand according to its type.
491 * It is vital to understand that there are other operands than what the ModR/M byte specifies.
492
493 * Only by decoding the operands of an instruction which got a LOCK prefix, we could tell whether it may use the LOCK prefix.
494 * According to Intel, LOCK prefix must precede some specific instructions AND in their memory destination operand form (which means first operand).
495 * LOCK INC EAX, would generate an exception, but LOCK INC [EAX] is alright.
496 * Also LOCK ADD BX, [BP] would generate an exception.
497
498 * Return code:
499 * TRUE - continue parsing the instruction and its operands, everything went right 'till now.
500 * FALSE - not enough bytes, or invalid operands.
501 */
502
operands_extract(_CodeInfo * ci,_DInst * di,_InstInfo * ii,_iflags instFlags,_OpType type,_OperandNumberType opNum,unsigned int modrm,_PrefixState * ps,_DecodeType effOpSz,_DecodeType effAdrSz,int * lockableInstruction)503 int operands_extract(_CodeInfo* ci, _DInst* di, _InstInfo* ii,
504 _iflags instFlags, _OpType type, _OperandNumberType opNum,
505 unsigned int modrm, _PrefixState* ps, _DecodeType effOpSz,
506 _DecodeType effAdrSz, int* lockableInstruction)
507 {
508 int ret = 0;
509 unsigned int mod = 0, reg = 0, rm = 0, vexV = ps->vexV;
510 unsigned int vrex = ps->vrex, typeHandled = TRUE;
511 _Operand* op = &di->ops[opNum];
512
513 /* Used to indicate the size of the MEMORY INDIRECTION only. */
514 _OperandSizeType opSize = OPERAND_SIZE_NONE;
515
516 /*
517 * ModRM bits:
518 * |7-6-5--------3-2-0|
519 * |MOD|REG/OPCODE|RM |
520 * |------------------|
521 */
522 mod = (modrm >> 6) & 3; /* Mode(register-indirection, disp8+reg+indirection, disp16+reg+indirection, general-purpose register) */
523 reg = (modrm >> 3) & 7; /* Register(could be part of the opcode itself or general-purpose register) */
524 rm = modrm & 7; /* Specifies which general-purpose register or disp+reg to use. */
525
526 /* -- Memory Indirection Operands (that cannot be a general purpose register) -- */
527 switch (type)
528 {
529 case OT_MEM64_128: /* Used only by CMPXCHG8/16B. */
530 /* Make a specific check when the type is OT_MEM64_128 since the lockable CMPXCHG8B uses this one... */
531 if (lockableInstruction && (ps->decodedPrefixes & INST_PRE_LOCK)) *lockableInstruction = TRUE;
532 if (effOpSz == Decode64Bits) {
533 ps->usedPrefixes |= INST_PRE_REX;
534 opSize = OPERAND_SIZE128;
535 } else opSize = OPERAND_SIZE64;
536 break;
537 case OT_MEM32: opSize = OPERAND_SIZE32; break;
538 case OT_MEM32_64:
539 /* Used by MOVNTI. Default size is 32bits, 64bits with REX. */
540 if (effOpSz == Decode64Bits) {
541 ps->usedPrefixes |= INST_PRE_REX;
542 opSize = OPERAND_SIZE64;
543 } else opSize = OPERAND_SIZE32;
544 break;
545 case OT_MEM64: opSize = OPERAND_SIZE64; break;
546 case OT_MEM128: opSize = OPERAND_SIZE128; break;
547 case OT_MEM16_FULL: /* The size indicates about the second item of the pair. */
548 switch (effOpSz)
549 {
550 case Decode16Bits:
551 ps->usedPrefixes |= INST_PRE_OP_SIZE;
552 opSize = OPERAND_SIZE16;
553 break;
554 case Decode32Bits:
555 ps->usedPrefixes |= INST_PRE_OP_SIZE;
556 opSize = OPERAND_SIZE32;
557 break;
558 case Decode64Bits:
559 /* Mark usage of REX only if it was required. */
560 if ((instFlags & (INST_64BITS | INST_PRE_REX)) == (INST_64BITS | INST_PRE_REX)) ps->usedPrefixes |= INST_PRE_REX;
561 opSize = OPERAND_SIZE64;
562 break;
563 }
564 break;
565 case OT_MEM16_3264: /* The size indicates about the second item of the pair. */
566 if (ci->dt == Decode64Bits) opSize = OPERAND_SIZE64;
567 else opSize = OPERAND_SIZE32;
568 break;
569 case OT_MEM_OPT:
570 /* Since the MEM is optional, only when mod != 3, then return true as if the operand was alright. */
571 if (mod == 0x3) return TRUE;
572 break;
573 case OT_FPUM16: opSize = OPERAND_SIZE16; break;
574 case OT_FPUM32: opSize = OPERAND_SIZE32; break;
575 case OT_FPUM64: opSize = OPERAND_SIZE64; break;
576 case OT_FPUM80: opSize = OPERAND_SIZE80; break;
577 case OT_LMEM128_256:
578 if (vrex & PREFIX_EX_L) opSize = OPERAND_SIZE256;
579 else opSize = OPERAND_SIZE128;
580 break;
581 case OT_MEM: /* Size is unknown, but still handled. */ break;
582 default: typeHandled = FALSE; break;
583 }
584 if (typeHandled) {
585 /* All of the above types can't use a general-purpose register (a MOD of 3)!. */
586 if (mod == 0x3) {
587 if (lockableInstruction) *lockableInstruction = FALSE;
588 return FALSE;
589 }
590 op->size = _OPSIZETOINT[opSize];
591 ret = operands_extract_modrm(ci, di, type, opNum, ps, effOpSz, effAdrSz, lockableInstruction, mod, rm, instFlags);
592 if ((op->type == O_REG) || (op->type == O_SMEM) || (op->type == O_MEM)) {
593 di->usedRegistersMask |= _REGISTERTORCLASS[op->index];
594 }
595 return ret;
596 }
597
598 /* -- Memory Indirection Operands (that can be a register) -- */
599 typeHandled = TRUE;
600 switch (type)
601 {
602 case OT_RM_FULL:
603 ps->usedPrefixes |= INST_PRE_OP_SIZE;
604 /* PUSH/JMP/CALL are automatically promoted to 64 bits! */
605 if (effOpSz == Decode32Bits) {
606 opSize = OPERAND_SIZE32;
607 break;
608 } else if (effOpSz == Decode64Bits) {
609 /* Mark usage of REX only if it was required. */
610 if ((instFlags & INST_64BITS) == 0) ps->usedPrefixes |= INST_PRE_REX;
611 opSize = OPERAND_SIZE64;
612 break;
613 }
614 /* FALL THROUGH BECAUSE dt==Decoded16Bits @-<----*/
615 case OT_RM16:
616 /* If we got here not from OT_RM16, then the prefix was used. */
617 if (type != OT_RM16) ps->usedPrefixes |= INST_PRE_OP_SIZE;
618 opSize = OPERAND_SIZE16;
619 break;
620 case OT_RM32_64:
621 /* The default size is 32, which can be 64 with a REX only. */
622 if (effOpSz == Decode64Bits) {
623 opSize = OPERAND_SIZE64;
624 /* Mark REX prefix as used if non-promoted instruction. */
625 if ((instFlags & (INST_64BITS | INST_PRE_REX)) == (INST_64BITS | INST_PRE_REX)) {
626 ps->usedPrefixes |= INST_PRE_REX;
627 }
628 } else opSize = OPERAND_SIZE32;
629 break;
630 case OT_RM16_32:
631 /* Ignore REX, it's either 32 or 16 bits RM. */
632 if (ps->decodedPrefixes & INST_PRE_OP_SIZE) {
633 ps->usedPrefixes |= INST_PRE_OP_SIZE;
634 /* Assume: We are in 64bits when we have this operand used. */
635 opSize = OPERAND_SIZE16;
636 } else opSize = OPERAND_SIZE32;
637 break;
638 case OT_WXMM32_64:
639 case OT_WRM32_64:
640 if (vrex & PREFIX_EX_W) opSize = OPERAND_SIZE64;
641 else opSize = OPERAND_SIZE32;
642 break;
643 case OT_YXMM64_256:
644 if (vrex & PREFIX_EX_L) opSize = OPERAND_SIZE256;
645 else opSize = OPERAND_SIZE64;
646 break;
647 case OT_YXMM128_256:
648 if (vrex & PREFIX_EX_L) opSize = OPERAND_SIZE256;
649 else opSize = OPERAND_SIZE128;
650 break;
651 case OT_LXMM64_128:
652 if (vrex & PREFIX_EX_L) opSize = OPERAND_SIZE128;
653 else opSize = OPERAND_SIZE64;
654 break;
655 case OT_RFULL_M16:
656 ps->usedPrefixes |= INST_PRE_OP_SIZE;
657 opSize = OPERAND_SIZE16;
658 break;
659
660 case OT_RM8:
661 case OT_R32_M8:
662 case OT_R32_64_M8:
663 case OT_REG32_64_M8:
664 opSize = OPERAND_SIZE8;
665 break;
666
667 case OT_XMM16:
668 case OT_R32_M16:
669 case OT_R32_64_M16:
670 case OT_REG32_64_M16:
671 opSize = OPERAND_SIZE16;
672 break;
673
674 case OT_RM32:
675 case OT_MM32:
676 case OT_XMM32:
677 opSize = OPERAND_SIZE32;
678 break;
679
680 case OT_MM64:
681 case OT_XMM64:
682 opSize = OPERAND_SIZE64;
683 break;
684
685 case OT_XMM128: opSize = OPERAND_SIZE128; break;
686 case OT_YMM256: opSize = OPERAND_SIZE256; break;
687 default: typeHandled = FALSE; break;
688 }
689 if (typeHandled) {
690 /* Fill size of memory dereference for operand. */
691 op->size = _OPSIZETOINT[opSize];
692 ret = operands_extract_modrm(ci, di, type, opNum, ps, effOpSz, effAdrSz, lockableInstruction, mod, rm, instFlags);
693 if ((op->type == O_REG) || (op->type == O_SMEM) || (op->type == O_MEM)) {
694 di->usedRegistersMask |= _REGISTERTORCLASS[op->index];
695 }
696 return ret;
697 }
698
699 /* Simple operand type (no ModRM byte). */
700 switch (type)
701 {
702 case OT_IMM8:
703 operands_set_ts(op, O_IMM, 8);
704 if (!read_stream_safe_uint(ci, &di->imm.byte, sizeof(int8_t))) return FALSE;
705 break;
706 case OT_IMM_FULL: /* 16, 32 or 64, depends on prefixes. */
707 if (effOpSz == Decode16Bits) {
708 ps->usedPrefixes |= INST_PRE_OP_SIZE;
709 /* FALL THROUGH */
710 case OT_IMM16: /* Force 16 bits imm. */
711 operands_set_ts(op, O_IMM, 16);
712 if (!read_stream_safe_uint(ci, &di->imm.word, sizeof(int16_t))) return FALSE;
713 break;
714 /*
715 * Extension: MOV imm64, requires REX.
716 * Make sure it needs the REX.
717 * REX must be present because op size function takes it into consideration.
718 */
719 } else if ((effOpSz == Decode64Bits) &&
720 ((instFlags & (INST_64BITS | INST_PRE_REX)) == (INST_64BITS | INST_PRE_REX))) {
721 ps->usedPrefixes |= INST_PRE_REX;
722
723 operands_set_ts(op, O_IMM, 64);
724 if (!read_stream_safe_uint(ci, &di->imm.qword, sizeof(int64_t))) return FALSE;
725 break;
726 } else ps->usedPrefixes |= INST_PRE_OP_SIZE;
727 /* FALL THROUGH BECAUSE dt==Decoded32Bits @-<----*/
728 case OT_IMM32:
729 op->type = O_IMM;
730 if (ci->dt == Decode64Bits) {
731 /* Imm32 is sign extended to 64 bits! */
732 op->size = 64;
733 di->flags |= FLAG_IMM_SIGNED;
734 if (!read_stream_safe_sint(ci, &di->imm.sqword, sizeof(int32_t))) return FALSE;
735 } else {
736 op->size = 32;
737 if (!read_stream_safe_uint(ci, &di->imm.dword, sizeof(int32_t))) return FALSE;
738 }
739 break;
740 case OT_SEIMM8: /* Sign extended immediate. */
741 /*
742 * PUSH SEIMM8 can be prefixed by operand size:
743 * Input stream: 66, 6a, 55
744 * 64bits DT: push small 55
745 * 32bits DT: push small 55
746 * 16bits DT: push large 55
747 * small/large indicates the size of the eSP pointer advancement.
748 * Check the instFlags (ii->flags) if it can be operand-size-prefixed and if the prefix exists.
749 */
750 op->type = O_IMM;
751 if ((instFlags & INST_PRE_OP_SIZE) && (ps->decodedPrefixes & INST_PRE_OP_SIZE)) {
752 ps->usedPrefixes |= INST_PRE_OP_SIZE;
753 switch (ci->dt)
754 {
755 case Decode16Bits: op->size = 32; break;
756 case Decode32Bits:
757 case Decode64Bits:
758 op->size = 16;
759 break;
760 }
761 } else op->size = 8;
762 di->flags |= FLAG_IMM_SIGNED;
763 if (!read_stream_safe_sint(ci, &di->imm.sqword, sizeof(int8_t))) return FALSE;
764 break;
765 case OT_IMM16_1:
766 operands_set_ts(op, O_IMM1, 16);
767 if (!read_stream_safe_uint(ci, &di->imm.ex.i1, sizeof(int16_t))) return FALSE;
768 break;
769 case OT_IMM8_1:
770 operands_set_ts(op, O_IMM1, 8);
771 if (!read_stream_safe_uint(ci, &di->imm.ex.i1, sizeof(int8_t))) return FALSE;
772 break;
773 case OT_IMM8_2:
774 operands_set_ts(op, O_IMM2, 8);
775 if (!read_stream_safe_uint(ci, &di->imm.ex.i2, sizeof(int8_t))) return FALSE;
776 break;
777 case OT_REG8:
778 operands_set_ts(op, O_REG, 8);
779 if (ps->prefixExtType) {
780 /*
781 * If REX prefix is valid then we will have to use low bytes.
782 * This is a PASSIVE behaviour changer of REX prefix, it affects operands even if its value is 0x40 !
783 */
784 ps->usedPrefixes |= INST_PRE_REX;
785 op->index = (uint8_t)operands_fix_8bit_rex_base(reg + ((vrex & PREFIX_EX_R) ? EX_GPR_BASE : 0));
786 } else op->index = (uint8_t)(REGS8_BASE + reg);
787 break;
788 case OT_REG16:
789 operands_set_tsi(op, O_REG, 16, REGS16_BASE + reg);
790 break;
791 case OT_REG_FULL:
792 switch (effOpSz)
793 {
794 case Decode16Bits:
795 ps->usedPrefixes |= INST_PRE_OP_SIZE;
796 if (vrex & PREFIX_EX_R) {
797 ps->usedPrefixes |= INST_PRE_REX;
798 reg += EX_GPR_BASE;
799 }
800 operands_set_tsi(op, O_REG, 16, REGS16_BASE + reg);
801 break;
802 case Decode32Bits:
803 if (vrex & PREFIX_EX_R) {
804 ps->usedPrefixes |= INST_PRE_REX;
805 reg += EX_GPR_BASE;
806 } else ps->usedPrefixes |= INST_PRE_OP_SIZE;
807 operands_set_tsi(op, O_REG, 32, REGS32_BASE + reg);
808 break;
809 case Decode64Bits: /* rex must be presented. */
810 ps->usedPrefixes |= INST_PRE_REX;
811 operands_set_tsi(op, O_REG, 64, REGS64_BASE + reg + ((vrex & PREFIX_EX_R) ? EX_GPR_BASE : 0));
812 break;
813 }
814 break;
815 case OT_REG32:
816 if (vrex & PREFIX_EX_R) {
817 ps->usedPrefixes |= INST_PRE_REX;
818 reg += EX_GPR_BASE;
819 }
820 operands_set_tsi(op, O_REG, 32, REGS32_BASE + reg);
821 break;
822 case OT_REG32_64: /* Handle CVT's, MOVxX and MOVNTI instructions which could be extended to 64 bits registers with REX. */
823 if (vrex & PREFIX_EX_R) {
824 ps->usedPrefixes |= INST_PRE_REX;
825 reg += EX_GPR_BASE;
826 }
827
828 /* Is it a promoted instruction? (only INST_64BITS is set and REX isn't required.) */
829 if ((ci->dt == Decode64Bits) && ((instFlags & (INST_64BITS | INST_PRE_REX)) == INST_64BITS)) {
830 operands_set_tsi(op, O_REG, 64, REGS64_BASE + reg);
831 break;
832 }
833 /* Give a chance to REX.W. Because if it was a promoted instruction we don't care about REX.W anyways. */
834 if (vrex & PREFIX_EX_W) {
835 ps->usedPrefixes |= INST_PRE_REX;
836 operands_set_tsi(op, O_REG, 64, REGS64_BASE + reg);
837 } else operands_set_tsi(op, O_REG, 32, REGS32_BASE + reg);
838 break;
839 case OT_FREG32_64_RM: /* Force decoding mode. Used for MOV CR(n)/DR(n) which defaults to 64 bits operand size in 64 bits. */
840 if (vrex & PREFIX_EX_B) {
841 ps->usedPrefixes |= INST_PRE_REX;
842 rm += EX_GPR_BASE;
843 }
844
845 if (ci->dt == Decode64Bits) operands_set_tsi(op, O_REG, 64, REGS64_BASE + rm);
846 else operands_set_tsi(op, O_REG, 32, REGS32_BASE + rm);
847 break;
848 case OT_MM: /* MMX register */
849 operands_set_tsi(op, O_REG, 64, MMXREGS_BASE + reg);
850 break;
851 case OT_MM_RM: /* MMX register, this time from the RM field */
852 operands_set_tsi(op, O_REG, 64, MMXREGS_BASE + rm);
853 break;
854 case OT_REGXMM0: /* Implicit XMM0 operand. */
855 reg = 0;
856 vrex = 0;
857 /* FALL THROUGH */
858 case OT_XMM: /* SSE register */
859 if (vrex & PREFIX_EX_R) {
860 ps->usedPrefixes |= INST_PRE_REX;
861 reg += EX_GPR_BASE;
862 }
863 operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + reg);
864 break;
865 case OT_XMM_RM: /* SSE register, this time from the RM field */
866 if (vrex & PREFIX_EX_B) {
867 ps->usedPrefixes |= INST_PRE_REX;
868 rm += EX_GPR_BASE;
869 }
870 operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + rm);
871 break;
872 case OT_CREG:
873 /*
874 * Don't parse if the reg exceeds the bounds of the array.
875 * Most of the CR's are not implemented, so if there's no matching string, the operand is invalid.
876 */
877 if (vrex & PREFIX_EX_R) {
878 ps->usedPrefixes |= INST_PRE_REX;
879 reg += EX_GPR_BASE;
880 } else if ((ci->dt == Decode32Bits) && (ps->decodedPrefixes & INST_PRE_LOCK)) {
881 /*
882 * NOTE: In 32 bits decoding mode,
883 * if the lock prefix is set before MOV CR(n) it will become the 4th bit of the REG field like REX.R in 64 bits.
884 */
885 reg += EX_GPR_BASE;
886 ps->usedPrefixes |= INST_PRE_LOCK;
887 }
888 /* Ignore some registers which do not exist. */
889 if ((reg >= CREGS_MAX) || (reg == 1) || ((reg >= 5) && (reg <= 7))) return FALSE;
890
891 op->type = O_REG;
892 if (ci->dt == Decode64Bits) op->size = 64;
893 else op->size = 32;
894 op->index = (uint8_t)(CREGS_BASE + reg);
895 break;
896 case OT_DREG:
897 /*
898 * In 64 bits there are 16 debug registers.
899 * but accessing any of dr8-15 which aren't implemented will cause an #ud.
900 */
901 if ((reg == 4) || (reg == 5) || (vrex & PREFIX_EX_R)) return FALSE;
902
903 op->type = O_REG;
904 if (ci->dt == Decode64Bits) op->size = 64;
905 else op->size = 32;
906 op->index = (uint8_t)(DREGS_BASE + reg);
907 break;
908 case OT_SREG: /* Works with REG16 only! */
909 /* If lockableInstruction pointer is non-null we know it's the first operand. */
910 if (lockableInstruction && (reg == 1)) return FALSE; /* Can't MOV CS, <REG>. */
911 /*Don't parse if the reg exceeds the bounds of the array. */
912 if (reg <= SEG_REGS_MAX - 1) operands_set_tsi(op, O_REG, 16, SREGS_BASE + reg);
913 else return FALSE;
914 break;
915 case OT_SEG:
916 op->type = O_REG;
917 /* Size of reg is always 16, it's up to caller to zero extend it to operand size. */
918 op->size = 16;
919 ps->usedPrefixes |= INST_PRE_OP_SIZE;
920 /*
921 * Extract the SEG from ii->flags this time!!!
922 * Check whether an operand size prefix is used.
923 */
924 switch (instFlags & INST_PRE_SEGOVRD_MASK)
925 {
926 case INST_PRE_ES: op->index = R_ES; break;
927 case INST_PRE_CS: op->index = R_CS; break;
928 case INST_PRE_SS: op->index = R_SS; break;
929 case INST_PRE_DS: op->index = R_DS; break;
930 case INST_PRE_FS: op->index = R_FS; break;
931 case INST_PRE_GS: op->index = R_GS; break;
932 }
933 break;
934 case OT_ACC8:
935 operands_set_tsi(op, O_REG, 8, R_AL);
936 break;
937 case OT_ACC16:
938 operands_set_tsi(op, O_REG, 16, R_AX);
939 break;
940 case OT_ACC_FULL_NOT64: /* No REX.W support for IN/OUT. */
941 vrex &= ~PREFIX_EX_W;
942 case OT_ACC_FULL:
943 if (effOpSz == Decode16Bits) {
944 ps->usedPrefixes |= INST_PRE_OP_SIZE;
945 operands_set_tsi(op, O_REG, 16, R_AX);
946 } else if (effOpSz == Decode32Bits) {
947 ps->usedPrefixes |= INST_PRE_OP_SIZE;
948 operands_set_tsi(op, O_REG, 32, R_EAX);
949 } else { /* Decode64Bits */
950 /* Only non-promoted instructions need REX in order to decode in 64 bits. */
951 /* MEM-OFFSET MOV's are NOT automatically promoted to 64 bits. */
952 if (~instFlags & INST_64BITS) {
953 ps->usedPrefixes |= INST_PRE_REX;
954 }
955 operands_set_tsi(op, O_REG, 64, R_RAX);
956 }
957 break;
958 case OT_PTR16_FULL:
959 /* ptr16:full - full is size of operand size to read, therefore Operand Size Prefix affects this. So we need to handle it. */
960 if (effOpSz == Decode16Bits) {
961 ps->usedPrefixes |= INST_PRE_OP_SIZE;
962 ci->codeLen -= sizeof(int16_t)*2;
963 if (ci->codeLen < 0) return FALSE;
964
965 operands_set_ts(op, O_PTR, 16);
966 di->imm.ptr.off = RUSHORT(ci->code); /* Read offset first. */
967 di->imm.ptr.seg = RUSHORT((ci->code + sizeof(int16_t))); /* And read segment. */
968
969 ci->code += sizeof(int16_t)*2;
970 } else { /* Decode32Bits, for Decode64Bits this instruction is invalid. */
971 ps->usedPrefixes |= INST_PRE_OP_SIZE;
972 ci->codeLen -= sizeof(int32_t) + sizeof(int16_t);
973 if (ci->codeLen < 0) return FALSE;
974
975 operands_set_ts(op, O_PTR, 32);
976 di->imm.ptr.off = RULONG(ci->code); /* Read 32bits offset this time. */
977 di->imm.ptr.seg = RUSHORT((ci->code + sizeof(int32_t))); /* And read segment, 16 bits. */
978
979 ci->code += sizeof(int32_t) + sizeof(int16_t);
980 }
981 break;
982 case OT_RELCB:
983 case OT_RELC_FULL:
984
985 if (type == OT_RELCB) {
986 operands_set_ts(op, O_PC, 8);
987 if (!read_stream_safe_sint(ci, &di->imm.sqword, sizeof(int8_t))) return FALSE;
988 } else { /* OT_RELC_FULL */
989
990 /* Yep, operand size prefix affects relc also. */
991 ps->usedPrefixes |= INST_PRE_OP_SIZE;
992 if (effOpSz == Decode16Bits) {
993 operands_set_ts(op, O_PC, 16);
994 if (!read_stream_safe_sint(ci, &di->imm.sqword, sizeof(int16_t))) return FALSE;
995 } else { /* Decode32Bits or Decode64Bits = for now they are the same */
996 operands_set_ts(op, O_PC, 32);
997 if (!read_stream_safe_sint(ci, &di->imm.sqword, sizeof(int32_t))) return FALSE;
998 }
999 }
1000
1001 /* Support for hint, see if there's a segment override. */
1002 if ((ii->opcodeId >= I_JO) && (ii->opcodeId <= I_JG)) {
1003 if (ps->decodedPrefixes & INST_PRE_CS) {
1004 ps->usedPrefixes |= INST_PRE_CS;
1005 di->flags |= FLAG_HINT_NOT_TAKEN;
1006 } else if (ps->decodedPrefixes & INST_PRE_DS) {
1007 ps->usedPrefixes |= INST_PRE_DS;
1008 di->flags |= FLAG_HINT_TAKEN;
1009 }
1010 }
1011 break;
1012 case OT_MOFFS8:
1013 op->size = 8;
1014 /* FALL THROUGH, size won't be changed. */
1015 case OT_MOFFS_FULL:
1016 op->type = O_DISP;
1017 if (op->size == 0) {
1018 /* Calculate size of operand (same as ACC size). */
1019 switch (effOpSz)
1020 {
1021 case Decode16Bits: op->size = 16; break;
1022 case Decode32Bits: op->size = 32; break;
1023 case Decode64Bits: op->size = 64; break;
1024 }
1025 }
1026
1027 prefixes_use_segment(INST_PRE_DS, ps, ci->dt, di);
1028
1029 /*
1030 * Just a pointer to a BYTE, WORD, DWORD, QWORD. Works only with ACC8/16/32/64 respectively.
1031 * MOV [0x1234], AL ; MOV AX, [0x1234] ; MOV EAX, [0x1234], note that R/E/AX will be chosen by OT_ACC_FULL.
1032 */
1033 if (effAdrSz == Decode16Bits) {
1034 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1035
1036 di->dispSize = 16;
1037 if (!read_stream_safe_uint(ci, &di->disp, sizeof(int16_t))) return FALSE;
1038 } else if (effAdrSz == Decode32Bits) {
1039 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1040
1041 di->dispSize = 32;
1042 if (!read_stream_safe_uint(ci, &di->disp, sizeof(int32_t))) return FALSE;
1043 } else { /* Decode64Bits */
1044 di->dispSize = 64;
1045 if (!read_stream_safe_uint(ci, &di->disp, sizeof(int64_t))) return FALSE;
1046 }
1047 break;
1048 case OT_CONST1:
1049 operands_set_ts(op, O_IMM, 8);
1050 di->imm.byte = 1;
1051 break;
1052 case OT_REGCL:
1053 operands_set_tsi(op, O_REG, 8, R_CL);
1054 break;
1055
1056 case OT_FPU_SI:
1057 /* Low 3 bits specify the REG, similar to the MODR/M byte reg. */
1058 operands_set_tsi(op, O_REG, 32, FPUREGS_BASE + (*(ci->code-1) & 7));
1059 break;
1060 case OT_FPU_SSI:
1061 operands_set_tsi(op, O_REG, 32, R_ST0);
1062 operands_set_tsi(op + 1, O_REG, 32, FPUREGS_BASE + (*(ci->code-1) & 7));
1063 break;
1064 case OT_FPU_SIS:
1065 operands_set_tsi(op, O_REG, 32, FPUREGS_BASE + (*(ci->code-1) & 7));
1066 operands_set_tsi(op + 1, O_REG, 32, R_ST0);
1067 break;
1068
1069 /*
1070 * Special treatment for Instructions-Block:
1071 * INC/DEC (only 16/32 bits) /PUSH/POP/XCHG instructions, which get their REG from their own binary code.
1072
1073 * Notice these instructions are 1 or 2 byte long,
1074 * code points after the byte which represents the instruction itself,
1075 * thus, even if the instructions are 2 bytes long it will read its last byte which contains the REG info.
1076 */
1077 case OT_IB_RB:
1078 /* Low 3 bits specify the REG, similar to the MODR/M byte reg. */
1079 operands_set_ts(op, O_REG, 8);
1080 reg = *(ci->code-1) & 7;
1081 if (vrex & PREFIX_EX_B) {
1082 ps->usedPrefixes |= INST_PRE_REX;
1083 op->index = (uint8_t)operands_fix_8bit_rex_base(reg + EX_GPR_BASE);
1084 } else if (ps->prefixExtType == PET_REX) {
1085 ps->usedPrefixes |= INST_PRE_REX;
1086 op->index = (uint8_t)operands_fix_8bit_rex_base(reg);
1087 } else op->index = (uint8_t)(REGS8_BASE + reg);
1088 break;
1089 case OT_IB_R_FULL:
1090 reg = *(ci->code-1) & 7;
1091 switch (effOpSz)
1092 {
1093 case Decode16Bits:
1094 ps->usedPrefixes |= INST_PRE_OP_SIZE;
1095 if (vrex & PREFIX_EX_B) {
1096 ps->usedPrefixes |= INST_PRE_REX;
1097 reg += EX_GPR_BASE;
1098 }
1099 operands_set_tsi(op, O_REG, 16, REGS16_BASE + reg);
1100 break;
1101 case Decode32Bits:
1102 if (vrex & PREFIX_EX_B) {
1103 ps->usedPrefixes |= INST_PRE_REX;
1104 reg += EX_GPR_BASE;
1105 } else ps->usedPrefixes |= INST_PRE_OP_SIZE;
1106 operands_set_tsi(op, O_REG, 32, REGS32_BASE + reg);
1107 break;
1108 case Decode64Bits:
1109 /*
1110 * Automatically promoted instruction can drop REX prefix if not required.
1111 * PUSH/POP defaults to 64 bits. --> INST_64BITS
1112 * MOV imm64 / BSWAP requires REX.W to be 64 bits --> INST_64BITS | INST_PRE_REX
1113 */
1114 if ((instFlags & INST_64BITS) && ((instFlags & INST_PRE_REX) == 0)) {
1115 if (vrex & PREFIX_EX_B) {
1116 ps->usedPrefixes |= INST_PRE_REX;
1117 reg += EX_GPR_BASE;
1118 }
1119 } else {
1120 ps->usedPrefixes |= INST_PRE_REX;
1121 reg += (vrex & PREFIX_EX_B) ? EX_GPR_BASE : 0;
1122 }
1123 operands_set_tsi(op, O_REG, 64, REGS64_BASE + reg);
1124 break;
1125 }
1126 break;
1127
1128 /*
1129 * Special treatment for repeatable instructions.
1130
1131 * We want the following output:
1132 * If there's only the REP/NZ prefix, we won't output anything (All operands are implicit).
1133 * If there's an operand size prefix, we will change the suffix letter of the mnemonic, which specifies the size of operand to the required one.
1134 * If there's a segment override prefix, we will output the segment and the used index register (EDI/ESI).
1135 * If there's an address size prefix, we will output the (segment if needed and) the used and inverted index register (DI/SI).
1136
1137 * Example:
1138 * :: Decoding in 16 bits mode! ::
1139 * AD ~ LODSW
1140 * 66 AD ~ LODSD
1141 * F3 AC ~ REP LODSB
1142 * F3 66 AD ~ REP LODSD
1143 * F3 3E AC ~ REP LODS BYTE DS:[SI]
1144 * F3 67 AD ~ REP LODS WORD [ESI]
1145
1146 * The basic form of a repeatable instruction has its operands hidden and has a suffix letter
1147 * which implies on the size of operation being done.
1148 * Therefore, we cannot change the mnemonic here when we encounter another prefix and its not the decoder's responsibility to do so.
1149 * That's why the caller is responsible to add the suffix letter if no other prefixes are used.
1150 * And all we are doing here is formatting the operand correctly.
1151 */
1152 case OT_REGI_ESI:
1153 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1154
1155 op->type = O_SMEM;
1156
1157 /* This might be a 16, 32 or 64 bits instruction, depends on the decoding mode. */
1158 if (instFlags & INST_16BITS) {
1159 ps->usedPrefixes |= INST_PRE_OP_SIZE;
1160
1161 if (effOpSz == Decode16Bits) op->size = 16;
1162 else if ((effOpSz == Decode64Bits) && (instFlags & INST_64BITS)) {
1163 ps->usedPrefixes |= INST_PRE_REX;
1164 op->size = 64;
1165 } else op->size = 32;
1166 } else op->size = 8;
1167
1168 /*
1169 * Clear segment in case OT_REGI_EDI was parsed earlier,
1170 * DS can be overridden and therefore has precedence.
1171 */
1172 di->segment = 0;
1173 prefixes_use_segment(INST_PRE_DS, ps, ci->dt, di);
1174
1175 if (effAdrSz == Decode16Bits) op->index = R_SI;
1176 else if (effAdrSz == Decode32Bits) op->index = R_ESI;
1177 else op->index = R_RSI;
1178 break;
1179 case OT_REGI_EDI:
1180 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1181
1182 op->type = O_SMEM;
1183
1184 /* This might be a 16 or 32 bits instruction, depends on the decoding mode. */
1185 if (instFlags & INST_16BITS) {
1186 ps->usedPrefixes |= INST_PRE_OP_SIZE;
1187
1188 if (effOpSz == Decode16Bits) op->size = 16;
1189 else if ((effOpSz == Decode64Bits) && (instFlags & INST_64BITS)) {
1190 ps->usedPrefixes |= INST_PRE_REX;
1191 op->size = 64;
1192 } else op->size = 32;
1193 } else op->size = 8;
1194
1195 /* Note: The [rDI] operand can't be prefixed by a segment override, therefore we don't set usedPrefixes. */
1196 if ((opNum == ONT_1) && (ci->dt != Decode64Bits)) di->segment = R_ES | SEGMENT_DEFAULT; /* No ES in 64 bits mode. */
1197
1198 if (effAdrSz == Decode16Bits) op->index = R_DI;
1199 else if (effAdrSz == Decode32Bits) op->index = R_EDI;
1200 else op->index = R_RDI;
1201 break;
1202
1203 /* Used for In/Out instructions varying forms. */
1204 case OT_REGDX:
1205 /* Simple single IN/OUT instruction. */
1206 operands_set_tsi(op, O_REG, 16, R_DX);
1207 break;
1208
1209 /* Used for INVLPGA instruction. */
1210 case OT_REGECX:
1211 operands_set_tsi(op, O_REG, 32, R_ECX);
1212 break;
1213 case OT_REGI_EBXAL:
1214 /* XLAT BYTE [rBX + AL] */
1215 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1216
1217 prefixes_use_segment(INST_PRE_DS, ps, ci->dt, di);
1218
1219 /* Size of deref is always 8 for xlat. */
1220 operands_set_tsi(op, O_MEM, 8, R_AL);
1221
1222 if (effAdrSz == Decode16Bits) di->base = R_BX;
1223 else if (effAdrSz == Decode32Bits) di->base = R_EBX;
1224 else {
1225 ps->usedPrefixes |= INST_PRE_REX;
1226 di->base = R_RBX;
1227 }
1228 break;
1229 case OT_REGI_EAX:
1230 /*
1231 * Implicit rAX as memory indirection operand. Used by AMD's SVM instructions.
1232 * Since this is a memory indirection, the default address size in 64bits decoding mode is 64.
1233 */
1234
1235 if (effAdrSz == Decode64Bits) operands_set_tsi(op, O_SMEM, 64, R_RAX);
1236 else if (effAdrSz == Decode32Bits) {
1237 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1238 operands_set_tsi(op, O_SMEM, 32, R_EAX);
1239 } else {
1240 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
1241 operands_set_tsi(op, O_SMEM, 16, R_AX);
1242 }
1243 break;
1244 case OT_VXMM:
1245 operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + vexV);
1246 break;
1247 case OT_XMM_IMM:
1248 ci->codeLen -= sizeof(int8_t);
1249 if (ci->codeLen < 0) return FALSE;
1250
1251 if (ci->dt == Decode32Bits) reg = (*ci->code >> 4) & 0x7;
1252 else reg = (*ci->code >> 4) & 0xf;
1253 operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + reg);
1254
1255 ci->code += sizeof(int8_t);
1256 break;
1257 case OT_YXMM:
1258 if (vrex & PREFIX_EX_R) reg += EX_GPR_BASE;
1259 if (ps->vrex & PREFIX_EX_L) operands_set_tsi(op, O_REG, 256, AVXREGS_BASE + reg);
1260 else operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + reg);
1261 break;
1262 case OT_YXMM_IMM:
1263 ci->codeLen -= sizeof(int8_t);
1264 if (ci->codeLen < 0) return FALSE;
1265
1266 if (ci->dt == Decode32Bits) reg = (*ci->code >> 4) & 0x7;
1267 else reg = (*ci->code >> 4) & 0xf;
1268
1269 if (ps->vrex & PREFIX_EX_L) operands_set_tsi(op, O_REG, 256, AVXREGS_BASE + reg);
1270 else operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + reg);
1271
1272 ci->code += sizeof(int8_t);
1273 break;
1274 case OT_YMM:
1275 if (vrex & PREFIX_EX_R) reg += EX_GPR_BASE;
1276 operands_set_tsi(op, O_REG, 256, AVXREGS_BASE + reg);
1277 break;
1278 case OT_VYMM:
1279 operands_set_tsi(op, O_REG, 256, AVXREGS_BASE + vexV);
1280 break;
1281 case OT_VYXMM:
1282 if (ps->vrex & PREFIX_EX_L) operands_set_tsi(op, O_REG, 256, AVXREGS_BASE + vexV);
1283 else operands_set_tsi(op, O_REG, 128, SSEREGS_BASE + vexV);
1284 break;
1285 case OT_WREG32_64:
1286 if (vrex & PREFIX_EX_R) reg += EX_GPR_BASE;
1287 if (ps->vrex & PREFIX_EX_W) operands_set_tsi(op, O_REG, 64, REGS64_BASE + reg);
1288 else operands_set_tsi(op, O_REG, 32, REGS32_BASE + reg);
1289 break;
1290 default: return FALSE;
1291 }
1292
1293 if ((op->type == O_REG) || (op->type == O_SMEM) || (op->type == O_MEM)) {
1294 di->usedRegistersMask |= _REGISTERTORCLASS[op->index];
1295 }
1296
1297 return TRUE;
1298 }
1299