1 /*
2 decoder.c
3
4 diStorm3 - Powerful disassembler for X86/AMD64
5 http://ragestorm.net/distorm/
6 distorm at gmail dot com
7 Copyright (C) 2003-2012 Gil Dabah
8
9 This program is free software: you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation, either version 3 of the License, or
12 (at your option) any later version.
13
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
18
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>
21 */
22
23
24 #include "decoder.h"
25 #include "instructions.h"
26 #include "insts.h"
27 #include "prefix.h"
28 #include "x86defs.h"
29 #include "operands.h"
30 #include "insts.h"
31 #include "../include/mnemonics.h"
32
33
34 /* Instruction Prefixes - Opcode - ModR/M - SIB - Displacement - Immediate */
35
decode_get_effective_addr_size(_DecodeType dt,_iflags decodedPrefixes)36 static _DecodeType decode_get_effective_addr_size(_DecodeType dt, _iflags decodedPrefixes)
37 {
38 /*
39 * This table is to map from the current decoding mode to an effective address size:
40 * Decode16 -> Decode32
41 * Decode32 -> Decode16
42 * Decode64 -> Decode32
43 */
44 static _DecodeType AddrSizeTable[] = {Decode32Bits, Decode16Bits, Decode32Bits};
45
46 /* Switch to non default mode if prefix exists, only for ADDRESS SIZE. */
47 if (decodedPrefixes & INST_PRE_ADDR_SIZE) dt = AddrSizeTable[dt];
48 return dt;
49 }
50
decode_get_effective_op_size(_DecodeType dt,_iflags decodedPrefixes,unsigned int rex,_iflags instFlags)51 static _DecodeType decode_get_effective_op_size(_DecodeType dt, _iflags decodedPrefixes, unsigned int rex, _iflags instFlags)
52 {
53 /*
54 * This table is to map from the current decoding mode to an effective operand size:
55 * Decode16 -> Decode32
56 * Decode32 -> Decode16
57 * Decode64 -> Decode16
58 * Not that in 64bits it's a bit more complicated, because of REX and promoted instructions.
59 */
60 static _DecodeType OpSizeTable[] = {Decode32Bits, Decode16Bits, Decode16Bits};
61
62 if (decodedPrefixes & INST_PRE_OP_SIZE) return OpSizeTable[dt];
63
64 if (dt == Decode64Bits) {
65 /*
66 * REX Prefix toggles data size to 64 bits.
67 * Operand size prefix toggles data size to 16.
68 * Default data size is 32 bits.
69 * Promoted instructions are 64 bits if they don't require a REX perfix.
70 * Non promoted instructions are 64 bits if the REX prefix exists.
71 */
72 /* Automatically promoted instructions have only INST_64BITS SET! */
73 if (((instFlags & (INST_64BITS | INST_PRE_REX)) == INST_64BITS) ||
74 /* Other instructions in 64 bits can be promoted only with a REX prefix. */
75 ((decodedPrefixes & INST_PRE_REX) && (rex & PREFIX_EX_W))) dt = Decode64Bits;
76 else dt = Decode32Bits; /* Default. */
77 }
78 return dt;
79 }
80
decode_inst(_CodeInfo * ci,_PrefixState * ps,_DInst * di)81 static _DecodeResult decode_inst(_CodeInfo* ci, _PrefixState* ps, _DInst* di)
82 {
83 /* Remember whether the instruction is privileged. */
84 uint16_t privilegedFlag = 0;
85
86 /* The ModR/M byte of the current instruction. */
87 unsigned int modrm = 0;
88
89 /* The REX/VEX prefix byte value. */
90 unsigned int vrex = ps->vrex;
91
92 /*
93 * Backup original input, so we can use it later if a problem occurs
94 * (like not enough data for decoding, invalid opcode, etc).
95 */
96 const uint8_t* startCode = ci->code;
97
98 /* Holds the info about the current found instruction. */
99 _InstInfo* ii = NULL;
100 _InstSharedInfo* isi = NULL;
101
102 /* Used only for special CMP instructions which have pseudo opcodes suffix. */
103 unsigned char cmpType = 0;
104
105 /*
106 * Indicates whether it is right to LOCK the instruction by decoding its first operand.
107 * Only then you know if it's ok to output the LOCK prefix's text...
108 * Used for first operand only.
109 */
110 int lockable = FALSE;
111
112 /* Calcualte (and cache) effective-operand-size and effective-address-size only once. */
113 _DecodeType effOpSz, effAdrSz;
114 _iflags instFlags;
115
116 ii = inst_lookup(ci, ps);
117 if (ii == NULL) goto _Undecodable;
118 isi = &InstSharedInfoTable[ii->sharedIndex];
119 instFlags = FlagsTable[isi->flagsIndex];
120
121 /* Copy the privileged bit and remove it from the opcodeId field ASAP. */
122 privilegedFlag = ii->opcodeId & OPCODE_ID_PRIVILEGED;
123 ii->opcodeId &= ~OPCODE_ID_PRIVILEGED;
124
125 /*
126 * If both REX and OpSize are available we will have to disable the OpSize, because REX has precedence.
127 * However, only if REX.W is set !
128 * We had to wait with this test, since the operand size may be a mandatory prefix,
129 * and we know it only after prefetching.
130 */
131 if ((ps->prefixExtType == PET_REX) &&
132 (ps->decodedPrefixes & INST_PRE_OP_SIZE) &&
133 (!ps->isOpSizeMandatory) &&
134 (vrex & PREFIX_EX_W)) {
135 ps->decodedPrefixes &= ~INST_PRE_OP_SIZE;
136 prefixes_ignore(ps, PFXIDX_OP_SIZE);
137 }
138
139 /*
140 * In this point we know the instruction we are about to decode and its operands (unless, it's an invalid one!),
141 * so it makes it the right time for decoding-type suitability testing.
142 * Which practically means, don't allow 32 bits instructions in 16 bits decoding mode, but do allow
143 * 16 bits instructions in 32 bits decoding mode, of course...
144
145 * NOTE: Make sure the instruction set for 32 bits has explicitly this specfic flag set.
146 * NOTE2: Make sure the instruction set for 64 bits has explicitly this specfic flag set.
147
148 * If this is the case, drop what we've got and restart all over after DB'ing that byte.
149
150 * Though, don't drop an instruction which is also supported in 16 and 32 bits.
151 */
152
153 /* ! ! ! DISABLED UNTIL FURTHER NOTICE ! ! ! Decode16Bits CAN NOW DECODE 32 BITS INSTRUCTIONS ! ! !*/
154 /* if (ii && (dt == Decode16Bits) && (instFlags & INST_32BITS) && (~instFlags & INST_16BITS)) ii = NULL; */
155
156 /* Drop instructions which are invalid in 64 bits. */
157 if ((ci->dt == Decode64Bits) && (instFlags & INST_INVALID_64BITS)) goto _Undecodable;
158
159 /* If it's only a 64 bits instruction drop it in other decoding modes. */
160 if ((ci->dt != Decode64Bits) && (instFlags & INST_64BITS_FETCH)) goto _Undecodable;
161
162 if (instFlags & INST_MODRM_REQUIRED) {
163 /* If the ModRM byte is not part of the opcode, skip the last byte code, so code points now to ModRM. */
164 if (~instFlags & INST_MODRM_INCLUDED) {
165 ci->code++;
166 if (--ci->codeLen < 0) goto _Undecodable;
167 }
168 modrm = *ci->code;
169
170 /* Some instructions enforce that reg=000, so validate that. (Specifically EXTRQ). */
171 if ((instFlags & INST_FORCE_REG0) && (((modrm >> 3) & 7) != 0)) goto _Undecodable;
172 /* Some instructions enforce that mod=11, so validate that. */
173 if ((instFlags & INST_MODRR_REQUIRED) && (modrm < INST_DIVIDED_MODRM)) goto _Undecodable;
174 }
175
176 ci->code++; /* Skip the last byte we just read (either last opcode's byte code or a ModRM). */
177
178 /* Cache the effective operand-size and address-size. */
179 effOpSz = decode_get_effective_op_size(ci->dt, ps->decodedPrefixes, vrex, instFlags);
180 effAdrSz = decode_get_effective_addr_size(ci->dt, ps->decodedPrefixes);
181
182 memset(di, 0, sizeof(_DInst));
183 di->base = R_NONE;
184
185 /*
186 * Try to extract the next operand only if the latter exists.
187 * For example, if there is not first operand, no reason to try to extract second operand...
188 * I decided that a for-break is better for readability in this specific case than goto.
189 * Note: do-while with a constant 0 makes the compiler warning about it.
190 */
191 for (;;) {
192 if (isi->d != OT_NONE) {
193 if (!operands_extract(ci, di, ii, instFlags, (_OpType)isi->d, ONT_1, modrm, ps, effOpSz, effAdrSz, &lockable)) goto _Undecodable;
194 } else break;
195
196 if (isi->s != OT_NONE) {
197 if (!operands_extract(ci, di, ii, instFlags, (_OpType)isi->s, ONT_2, modrm, ps, effOpSz, effAdrSz, NULL)) goto _Undecodable;
198 } else break;
199
200 /* Use third operand, only if the flags says this InstInfo requires it. */
201 if (instFlags & INST_USE_OP3) {
202 if (!operands_extract(ci, di, ii, instFlags, (_OpType)((_InstInfoEx*)ii)->op3, ONT_3, modrm, ps, effOpSz, effAdrSz, NULL)) goto _Undecodable;
203 } else break;
204
205 /* Support for a fourth operand is added for (i.e:) INSERTQ instruction. */
206 if (instFlags & INST_USE_OP4) {
207 if (!operands_extract(ci, di, ii, instFlags, (_OpType)((_InstInfoEx*)ii)->op4, ONT_4, modrm, ps, effOpSz, effAdrSz, NULL)) goto _Undecodable;
208 }
209 break;
210 } /* Continue here after all operands were extracted. */
211
212 /* If it were a 3DNow! instruction, we will have to find the instruction itself now that we got its operands extracted. */
213 if (instFlags & INST_3DNOW_FETCH) {
214 ii = inst_lookup_3dnow(ci);
215 if (ii == NULL) goto _Undecodable;
216 isi = &InstSharedInfoTable[ii->sharedIndex];
217 instFlags = FlagsTable[isi->flagsIndex];
218 }
219
220 /* Check whether pseudo opcode is needed, only for CMP instructions: */
221 if (instFlags & INST_PSEUDO_OPCODE) {
222 if (--ci->codeLen < 0) goto _Undecodable;
223 cmpType = *ci->code;
224 ci->code++;
225 if (instFlags & INST_PRE_VEX) {
226 /* AVX Comparison type must be between 0 to 32, otherwise Reserved. */
227 if (cmpType >= INST_VCMP_MAX_RANGE) goto _Undecodable;
228 } else {
229 /* SSE Comparison type must be between 0 to 8, otherwise Reserved. */
230 if (cmpType >= INST_CMP_MAX_RANGE) goto _Undecodable;
231 }
232 }
233
234 /*
235 * There's a limit of 15 bytes on instruction length. The only way to violate
236 * this limit is by putting redundant prefixes before an instruction.
237 * start points to first prefix if any, otherwise it points to instruction first byte.
238 */
239 if ((ci->code - ps->start) > INST_MAXIMUM_SIZE) goto _Undecodable; /* Drop instruction. */
240
241 /*
242 * If we reached here the instruction was fully decoded, we located the instruction in the DB and extracted operands.
243 * Use the correct mnemonic according to the DT.
244 * If we are in 32 bits decoding mode it doesn't necessarily mean we will choose mnemonic2, alas,
245 * it means that if there is a mnemonic2, it will be used.
246 */
247
248 /* Start with prefix LOCK. */
249 if ((lockable == TRUE) && (instFlags & INST_PRE_LOCK)) {
250 ps->usedPrefixes |= INST_PRE_LOCK;
251 di->flags |= FLAG_LOCK;
252 } else if ((instFlags & INST_PRE_REPNZ) && (ps->decodedPrefixes & INST_PRE_REPNZ)) {
253 ps->usedPrefixes |= INST_PRE_REPNZ;
254 di->flags |= FLAG_REPNZ;
255 } else if ((instFlags & INST_PRE_REP) && (ps->decodedPrefixes & INST_PRE_REP)) {
256 ps->usedPrefixes |= INST_PRE_REP;
257 di->flags |= FLAG_REP;
258 }
259
260 /* If it's JeCXZ the ADDR_SIZE prefix affects them. */
261 if ((instFlags & (INST_PRE_ADDR_SIZE | INST_USE_EXMNEMONIC)) == (INST_PRE_ADDR_SIZE | INST_USE_EXMNEMONIC)) {
262 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
263 if (effAdrSz == Decode16Bits) di->opcode = ii->opcodeId;
264 else if (effAdrSz == Decode32Bits) di->opcode = ((_InstInfoEx*)ii)->opcodeId2;
265 /* Ignore REX.W in 64bits, JECXZ is promoted. */
266 else /* Decode64Bits */ di->opcode = ((_InstInfoEx*)ii)->opcodeId3;
267 }
268
269 /* LOOPxx instructions are also native instruction, but they are special case ones, ADDR_SIZE prefix affects them. */
270 else if ((instFlags & (INST_PRE_ADDR_SIZE | INST_NATIVE)) == (INST_PRE_ADDR_SIZE | INST_NATIVE)) {
271 di->opcode = ii->opcodeId;
272
273 /* If LOOPxx gets here from 64bits, it must be Decode32Bits because Address Size perfix is set. */
274 ps->usedPrefixes |= INST_PRE_ADDR_SIZE;
275 }
276 /*
277 * Note:
278 * If the instruction is prefixed by operand size we will format it in the non-default decoding mode!
279 * So there might be a situation that an instruction of 32 bit gets formatted in 16 bits decoding mode.
280 * Both ways should end up with a correct and expected formatting of the text.
281 */
282 else if (effOpSz == Decode16Bits) { /* Decode16Bits */
283
284 /* Set operand size. */
285 FLAG_SET_OPSIZE(di, Decode16Bits);
286
287 /*
288 * If it's a special instruction which has two mnemonics, then use the 16 bits one + update usedPrefixes.
289 * Note: use 16 bits mnemonic if that instruction supports 32 bit or 64 bit explicitly.
290 */
291 if ((instFlags & INST_USE_EXMNEMONIC) && ((instFlags & (INST_32BITS | INST_64BITS)) == 0)) ps->usedPrefixes |= INST_PRE_OP_SIZE;
292 di->opcode = ii->opcodeId;
293 } else if (effOpSz == Decode32Bits) { /* Decode32Bits */
294
295 /* Set operand size. */
296 FLAG_SET_OPSIZE(di, Decode32Bits);
297
298 /* Give a chance for special mnemonic instruction in 32 bits decoding. */
299 if (instFlags & INST_USE_EXMNEMONIC) {
300 ps->usedPrefixes |= INST_PRE_OP_SIZE;
301 /* Is it a special instruction which has another mnemonic for mod=11 ? */
302 if (instFlags & INST_MNEMONIC_MODRM_BASED) {
303 if (modrm >= INST_DIVIDED_MODRM) di->opcode = ii->opcodeId;
304 else di->opcode = ((_InstInfoEx*)ii)->opcodeId2;
305 } else di->opcode = ((_InstInfoEx*)ii)->opcodeId2;
306 } else di->opcode = ii->opcodeId;
307 } else { /* Decode64Bits, note that some instructions might be decoded in Decode32Bits above. */
308
309 /* Set operand size. */
310 FLAG_SET_OPSIZE(di, Decode64Bits);
311
312 if (instFlags & (INST_USE_EXMNEMONIC | INST_USE_EXMNEMONIC2)) {
313 /*
314 * We shouldn't be here for MODRM based mnemonics with a MOD=11,
315 * because they must not use REX (otherwise it will get to the wrong instruction which share same opcode).
316 * See XRSTOR and XSAVEOPT.
317 */
318 if ((instFlags & INST_MNEMONIC_MODRM_BASED) && (modrm >= INST_DIVIDED_MODRM)) goto _Undecodable;
319
320 /* Use third mnemonic, for 64 bits. */
321 if ((instFlags & INST_USE_EXMNEMONIC2) && (vrex & PREFIX_EX_W)) {
322 ps->usedPrefixes |= INST_PRE_REX;
323 di->opcode = ((_InstInfoEx*)ii)->opcodeId3;
324 } else di->opcode = ((_InstInfoEx*)ii)->opcodeId2; /* Use second mnemonic. */
325 } else di->opcode = ii->opcodeId;
326 }
327
328 /* If it's a native instruction use OpSize Prefix. */
329 if ((instFlags & INST_NATIVE) && (ps->decodedPrefixes & INST_PRE_OP_SIZE)) ps->usedPrefixes |= INST_PRE_OP_SIZE;
330
331 /* Check VEX mnemonics: */
332 if ((instFlags & INST_PRE_VEX) &&
333 (((((_InstInfoEx*)ii)->flagsEx & INST_MNEMONIC_VEXW_BASED) && (vrex & PREFIX_EX_W)) ||
334 ((((_InstInfoEx*)ii)->flagsEx & INST_MNEMONIC_VEXL_BASED) && (vrex & PREFIX_EX_L)))) {
335 di->opcode = ((_InstInfoEx*)ii)->opcodeId2;
336 }
337
338 /* Or is it a special CMP instruction which needs a pseudo opcode suffix ? */
339 if (instFlags & INST_PSEUDO_OPCODE) {
340 /*
341 * The opcodeId is the offset to the FIRST pseudo compare mnemonic,
342 * we will have to fix it so it offsets into the corrected mnemonic.
343 * Therefore, we use another table to fix the offset.
344 */
345 if (instFlags & INST_PRE_VEX) {
346 /* Use the AVX pesudo compare mnemonics table. */
347 di->opcode = ii->opcodeId + VCmpMnemonicOffsets[cmpType];
348 } else {
349 /* Use the SSE psuedo compare mnemonics table. */
350 di->opcode = ii->opcodeId + CmpMnemonicOffsets[cmpType];
351 }
352 }
353
354 /*
355 * Store the address size inside the flags.
356 * This is necessary for the caller to know the size of rSP when using PUSHA for example.
357 */
358 FLAG_SET_ADDRSIZE(di, effAdrSz);
359
360 /* Copy DST_WR flag. */
361 if (instFlags & INST_DST_WR) di->flags |= FLAG_DST_WR;
362
363 /* Set the unused prefixes mask. */
364 di->unusedPrefixesMask = prefixes_set_unused_mask(ps);
365
366 /* Fix privileged. Assumes the privilegedFlag is 0x8000 only. */
367 di->flags |= privilegedFlag;
368
369 /* Copy instruction meta. */
370 di->meta = isi->meta;
371 if (di->segment == 0) di->segment = R_NONE;
372
373 /* Take into account the O_MEM base register for the mask. */
374 if (di->base != R_NONE) di->usedRegistersMask |= _REGISTERTORCLASS[di->base];
375
376 /* Copy CPU affected flags. */
377 di->modifiedFlagsMask = isi->modifiedFlags;
378 di->testedFlagsMask = isi->testedFlags;
379 di->undefinedFlagsMask = isi->undefinedFlags;
380
381 /* Calculate the size of the instruction we've just decoded. */
382 di->size = (uint8_t)((ci->code - startCode) & 0xff);
383 return DECRES_SUCCESS;
384
385 _Undecodable: /* If the instruction couldn't be decoded for some reason, drop the first byte. */
386 memset(di, 0, sizeof(_DInst));
387 di->base = R_NONE;
388
389 di->size = 1;
390 /* Clean prefixes just in case... */
391 ps->usedPrefixes = 0;
392
393 /* Special case for WAIT instruction: If it's dropped, you have to return a valid instruction! */
394 if (*startCode == INST_WAIT_INDEX) {
395 di->opcode = I_WAIT;
396 META_SET_ISC(di, ISC_INTEGER);
397 return DECRES_SUCCESS;
398 }
399
400 /* Mark that we didn't manage to decode the instruction well, caller will drop it. */
401 return DECRES_INPUTERR;
402 }
403
404 /*
405 * decode_internal
406 *
407 * supportOldIntr - Since now we work with new structure instead of the old _DecodedInst, we are still interested in backward compatibility.
408 * So although, the array is now of type _DInst, we want to read it in jumps of the old array element's size.
409 * This is in order to save memory allocation for conversion between the new and the old structures.
410 * It really means we can do the conversion in-place now.
411 */
decode_internal(_CodeInfo * _ci,int supportOldIntr,_DInst result[],unsigned int maxResultCount,unsigned int * usedInstructionsCount)412 _DecodeResult decode_internal(_CodeInfo* _ci, int supportOldIntr, _DInst result[], unsigned int maxResultCount, unsigned int* usedInstructionsCount)
413 {
414 _PrefixState ps;
415 unsigned int prefixSize;
416 _CodeInfo ci;
417
418 _OffsetType codeOffset = _ci->codeOffset;
419 const uint8_t* code = _ci->code;
420 int codeLen = _ci->codeLen;
421
422 /*
423 * This is used for printing only, it is the real offset of where the whole instruction begins.
424 * We need this variable in addition to codeOffset, because prefixes might change the real offset an instruction begins at.
425 * So we keep track of both.
426 */
427 _OffsetType startInstOffset = 0;
428
429 const uint8_t* p;
430
431 /* Current working decoded instruction in results. */
432 unsigned int nextPos = 0;
433 _DInst *pdi = NULL;
434
435 _OffsetType addrMask = (_OffsetType)-1;
436
437 _DecodeResult decodeResult;
438
439 #ifdef DISTORM_LIGHT
440 supportOldIntr; /* Unreferenced. */
441 #endif
442
443 if (_ci->features & DF_MAXIMUM_ADDR32) addrMask = 0xffffffff;
444 else if (_ci->features & DF_MAXIMUM_ADDR16) addrMask = 0xffff;
445
446 /* No entries are used yet. */
447 *usedInstructionsCount = 0;
448 ci.dt = _ci->dt;
449 _ci->nextOffset = codeOffset;
450
451 /* Decode instructions as long as we have what to decode/enough room in entries. */
452 while (codeLen > 0) {
453
454 /* startInstOffset holds the displayed offset of current instruction. */
455 startInstOffset = codeOffset;
456
457 memset(&ps, 0, (size_t)((char*)&ps.pfxIndexer[0] - (char*)&ps));
458 memset(ps.pfxIndexer, PFXIDX_NONE, sizeof(int) * PFXIDX_MAX);
459 ps.start = code;
460 ps.last = code;
461 prefixSize = 0;
462
463 if (prefixes_is_valid(*code, ci.dt)) {
464 prefixes_decode(code, codeLen, &ps, ci.dt);
465 /* Count prefixes, start points to first prefix. */
466 prefixSize = (unsigned int)(ps.last - ps.start);
467 /*
468 * It might be that we will just notice that we ran out of bytes, or only prefixes
469 * so we will have to drop everything and halt.
470 * Also take into consideration of flow control instruction filter.
471 */
472 codeLen -= prefixSize;
473 if ((codeLen == 0) || (prefixSize == INST_MAXIMUM_SIZE)) {
474 if (~_ci->features & DF_RETURN_FC_ONLY) {
475 /* Make sure there is enough room. */
476 if (nextPos + (ps.last - code) > maxResultCount) return DECRES_MEMORYERR;
477
478 for (p = code; p < ps.last; p++, startInstOffset++) {
479 /* Use next entry. */
480 #ifndef DISTORM_LIGHT
481 if (supportOldIntr) {
482 pdi = (_DInst*)((char*)result + nextPos * sizeof(_DecodedInst));
483 }
484 else
485 #endif /* DISTORM_LIGHT */
486 {
487 pdi = &result[nextPos];
488 }
489 nextPos++;
490 memset(pdi, 0, sizeof(_DInst));
491
492 pdi->flags = FLAG_NOT_DECODABLE;
493 pdi->imm.byte = *p;
494 pdi->size = 1;
495 pdi->addr = startInstOffset & addrMask;
496 }
497 *usedInstructionsCount = nextPos; /* Include them all. */
498 }
499 if (codeLen == 0) break; /* Bye bye, out of bytes. */
500 }
501 code += prefixSize;
502 codeOffset += prefixSize;
503
504 /* If we got only prefixes continue to next instruction. */
505 if (prefixSize == INST_MAXIMUM_SIZE) continue;
506 }
507
508 /*
509 * Now we decode the instruction and only then we do further prefixes handling.
510 * This is because the instruction could not be decoded at all, or an instruction requires
511 * a mandatory prefix, or some of the prefixes were useless, etc...
512
513 * Even if there were a mandatory prefix, we already took into account its size as a normal prefix.
514 * so prefixSize includes that, and the returned size in pdi is simply the size of the real(=without prefixes) instruction.
515 */
516 if (ci.dt == Decode64Bits) {
517 if (ps.decodedPrefixes & INST_PRE_REX) {
518 /* REX prefix must precede first byte of instruction. */
519 if (ps.rexPos != (code - 1)) {
520 ps.decodedPrefixes &= ~INST_PRE_REX;
521 ps.prefixExtType = PET_NONE;
522 prefixes_ignore(&ps, PFXIDX_REX);
523 }
524 /*
525 * We will disable operand size prefix,
526 * if it exists only after decoding the instruction, since it might be a mandatory prefix.
527 * This will be done after calling inst_lookup in decode_inst.
528 */
529 }
530 /* In 64 bits, segment overrides of CS, DS, ES and SS are ignored. So don't take'em into account. */
531 if (ps.decodedPrefixes & INST_PRE_SEGOVRD_MASK32) {
532 ps.decodedPrefixes &= ~INST_PRE_SEGOVRD_MASK32;
533 prefixes_ignore(&ps, PFXIDX_SEG);
534 }
535 }
536
537 /* Make sure there is at least one more entry to use, for the upcoming instruction. */
538 if (nextPos + 1 > maxResultCount) return DECRES_MEMORYERR;
539 #ifndef DISTORM_LIGHT
540 if (supportOldIntr) {
541 pdi = (_DInst*)((char*)result + nextPos * sizeof(_DecodedInst));
542 }
543 else
544 #endif /* DISTORM_LIGHT */
545 {
546 pdi = &result[nextPos];
547 }
548 nextPos++;
549
550 /*
551 * The reason we copy these two again is because we have to keep track on the input ourselves.
552 * There might be a case when an instruction is invalid, and then it will be counted as one byte only.
553 * But that instruction already read a byte or two from the stream and only then returned the error.
554 * Thus, we end up unsynchronized on the stream.
555 * This way, we are totally safe, because we keep track after the call to decode_inst, using the returned size.
556 */
557 ci.code = code;
558 ci.codeLen = codeLen;
559 /* Nobody uses codeOffset in the decoder itself, so spare it. */
560
561 decodeResult = decode_inst(&ci, &ps, pdi);
562
563 /* See if we need to filter this instruction. */
564 if ((_ci->features & DF_RETURN_FC_ONLY) && (META_GET_FC(pdi->meta) == FC_NONE)) decodeResult = DECRES_FILTERED;
565
566 /* Set address to the beginning of the instruction. */
567 pdi->addr = startInstOffset & addrMask;
568 /* pdi->disp &= addrMask; */
569
570 if ((decodeResult == DECRES_INPUTERR) && (ps.decodedPrefixes & INST_PRE_VEX)) {
571 if (ps.prefixExtType == PET_VEX3BYTES) {
572 prefixSize -= 2;
573 codeLen += 2;
574 } else if (ps.prefixExtType == PET_VEX2BYTES) {
575 prefixSize -= 1;
576 codeLen += 1;
577 }
578 ps.last = ps.start + prefixSize - 1;
579 code = ps.last + 1;
580 codeOffset = startInstOffset + prefixSize;
581 } else {
582 /* Advance to next instruction. */
583 codeLen -= pdi->size;
584 codeOffset += pdi->size;
585 code += pdi->size;
586
587 /* Instruction's size should include prefixes. */
588 pdi->size += (uint8_t)prefixSize;
589 }
590
591 /* Drop all prefixes and the instruction itself, because the instruction wasn't successfully decoded. */
592 if ((decodeResult == DECRES_INPUTERR) && (~_ci->features & DF_RETURN_FC_ONLY)) {
593 nextPos--; /* Undo last result. */
594 if ((prefixSize + 1) > 0) { /* 1 for the first instruction's byte. */
595 if ((nextPos + prefixSize + 1) > maxResultCount) return DECRES_MEMORYERR;
596
597 for (p = ps.start; p < ps.last + 1; p++, startInstOffset++) {
598 /* Use next entry. */
599 #ifndef DISTORM_LIGHT
600 if (supportOldIntr) {
601 pdi = (_DInst*)((char*)result + nextPos * sizeof(_DecodedInst));
602 }
603 else
604 #endif /* DISTORM_LIGHT */
605 {
606 pdi = &result[nextPos];
607 }
608 nextPos++;
609
610 memset(pdi, 0, sizeof(_DInst));
611 pdi->flags = FLAG_NOT_DECODABLE;
612 pdi->imm.byte = *p;
613 pdi->size = 1;
614 pdi->addr = startInstOffset & addrMask;
615 }
616 }
617 } else if (decodeResult == DECRES_FILTERED) nextPos--; /* Return it to pool, since it was filtered. */
618
619 /* Alright, the caller can read, at least, up to this one. */
620 *usedInstructionsCount = nextPos;
621 /* Fix next offset. */
622 _ci->nextOffset = codeOffset;
623
624 /* Check whether we need to stop on any flow control instruction. */
625 if ((decodeResult == DECRES_SUCCESS) && (_ci->features & DF_STOP_ON_FLOW_CONTROL)) {
626 if (((_ci->features & DF_STOP_ON_CALL) && (META_GET_FC(pdi->meta) == FC_CALL)) ||
627 ((_ci->features & DF_STOP_ON_RET) && (META_GET_FC(pdi->meta) == FC_RET)) ||
628 ((_ci->features & DF_STOP_ON_SYS) && (META_GET_FC(pdi->meta) == FC_SYS)) ||
629 ((_ci->features & DF_STOP_ON_UNC_BRANCH) && (META_GET_FC(pdi->meta) == FC_UNC_BRANCH)) ||
630 ((_ci->features & DF_STOP_ON_CND_BRANCH) && (META_GET_FC(pdi->meta) == FC_CND_BRANCH)) ||
631 ((_ci->features & DF_STOP_ON_INT) && (META_GET_FC(pdi->meta) == FC_INT)) ||
632 ((_ci->features & DF_STOP_ON_CMOV) && (META_GET_FC(pdi->meta) == FC_CMOV)))
633 return DECRES_SUCCESS;
634 }
635 }
636
637 return DECRES_SUCCESS;
638 }
639