Decoder.c
1 /*************************************************************************************************** 2 3 Zyan Disassembler Library (Zydis) 4 5 Original Author : Florian Bernd 6 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in all 15 * copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 * SOFTWARE. 24 25 ***************************************************************************************************/ 26 27 // ReSharper disable CppClangTidyClangDiagnosticImplicitFallthrough 28 // ReSharper disable CppClangTidyClangDiagnosticSwitchEnum 29 // ReSharper disable CppClangTidyClangDiagnosticCoveredSwitchDefault 30 31 // Temporarily disabled due to a LLVM issue: 32 // ReSharper disable CppClangTidyBugproneNarrowingConversions 33 34 #include <Zycore/LibC.h> 35 #include <Zydis/Decoder.h> 36 #include <Zydis/Status.h> 37 #include <Zydis/Internal/DecoderData.h> 38 #include <Zydis/Internal/SharedData.h> 39 40 /* ============================================================================================== */ 41 /* Internal enums and types */ 42 /* ============================================================================================== */ 43 44 /* ---------------------------------------------------------------------------------------------- */ 45 /* Decoder context */ 46 /* ---------------------------------------------------------------------------------------------- */ 47 48 /** 49 * Defines the `ZydisDecoderState` struct. 50 */ 51 typedef struct ZydisDecoderState_ 52 { 53 /** 54 * A pointer to the `ZydisDecoder` instance. 55 */ 56 const ZydisDecoder* decoder; 57 /** 58 * A pointer to the `ZydisDecoderContext` struct. 59 */ 60 ZydisDecoderContext* context; 61 /** 62 * The input buffer. 63 */ 64 const ZyanU8* buffer; 65 /** 66 * The input buffer length. 67 */ 68 ZyanUSize buffer_len; 69 /** 70 * Prefix information. 71 */ 72 struct 73 { 74 /** 75 * Signals, if the instruction has a `LOCK` prefix (`F0`). 76 * 77 * This prefix originally belongs to group 1, but separating it from the other ones makes 78 * parsing easier for us later. 79 */ 80 ZyanBool has_lock; 81 /** 82 * The effective prefix of group 1 (either `F2` or `F3`). 83 */ 84 ZyanU8 group1; 85 /** 86 * The effective prefix of group 2 (`2E`, `36`, `3E`, `26`, `64` or `65`). 87 */ 88 ZyanU8 group2; 89 /** 90 * The effective segment prefix. 91 */ 92 ZyanU8 effective_segment; 93 /** 94 * The prefix that should be treated as the mandatory-prefix, if the 95 * current instruction needs one. 96 * 97 * The last `F3`/`F2` prefix has precedence over previous ones and 98 * `F3`/`F2` in general have precedence over `66`. 99 */ 100 ZyanU8 mandatory_candidate; 101 /** 102 * The offset of the effective `LOCK` prefix. 103 */ 104 ZyanU8 offset_lock; 105 /** 106 * The offset of the effective prefix in group 1. 107 */ 108 ZyanU8 offset_group1; 109 /** 110 * The offset of the effective prefix in group 2. 111 */ 112 ZyanU8 offset_group2; 113 /** 114 * The offset of the operand-size override prefix (`66`). 115 * 116 * This is the only prefix in group 3. 117 */ 118 ZyanU8 offset_osz_override; 119 /** 120 * The offset of the address-size override prefix (`67`). 121 * 122 * This is the only prefix in group 4. 123 */ 124 ZyanU8 offset_asz_override; 125 /** 126 * The offset of the effective segment prefix. 127 */ 128 ZyanU8 offset_segment; 129 /** 130 * The offset of the mandatory-candidate prefix. 131 */ 132 ZyanU8 offset_mandatory; 133 /** 134 * The offset of a possible `CET` `no-lock` prefix. 135 */ 136 ZyanI8 offset_notrack; 137 } prefixes; 138 } ZydisDecoderState; 139 140 /* ---------------------------------------------------------------------------------------------- */ 141 /* Register encoding */ 142 /* ---------------------------------------------------------------------------------------------- */ 143 144 /** 145 * Defines the `ZydisRegisterEncoding` enum. 146 */ 147 typedef enum ZydisRegisterEncoding_ 148 { 149 ZYDIS_REG_ENCODING_INVALID, 150 /** 151 * The register-id is encoded as part of the opcode (bits [3..0]). 152 * 153 * Possible extension by: 154 * - `REX.B` 155 */ 156 ZYDIS_REG_ENCODING_OPCODE, 157 /** 158 * The register-id is encoded in `modrm.reg`. 159 * 160 * Possible extension by: 161 * - `.R` 162 * - `.R'` (vector only, EVEX/MVEX) 163 */ 164 ZYDIS_REG_ENCODING_REG, 165 /** 166 * The register-id is encoded in `.vvvv`. 167 * 168 * Possible extension by: 169 * - `.v'` (vector only, EVEX/MVEX). 170 */ 171 ZYDIS_REG_ENCODING_NDSNDD, 172 /** 173 * The register-id is encoded in `modrm.rm`. 174 * 175 * Possible extension by: 176 * - `.B` 177 * - `.X` (vector only, EVEX/MVEX)` 178 */ 179 ZYDIS_REG_ENCODING_RM, 180 /** 181 * The register-id is encoded in `modrm.rm` or `sib.base` (if `SIB` is present). 182 * 183 * Possible extension by: 184 * - `.B` 185 */ 186 ZYDIS_REG_ENCODING_BASE, 187 /** 188 * The register-id is encoded in `sib.index`. 189 * 190 * Possible extension by: 191 * - `.X` 192 */ 193 ZYDIS_REG_ENCODING_INDEX, 194 /** 195 * The register-id is encoded in `sib.index`. 196 * 197 * Possible extension by: 198 * - `.X` 199 * - `.V'` (vector only, EVEX/MVEX) 200 */ 201 ZYDIS_REG_ENCODING_VIDX, 202 /** 203 * The register-id is encoded in an additional 8-bit immediate value. 204 * 205 * Bits [7:4] in 64-bit mode with possible extension by bit [3] (vector only), bits [7:5] for 206 * all other modes. 207 */ 208 ZYDIS_REG_ENCODING_IS4, 209 /** 210 * The register-id is encoded in `EVEX.aaa/MVEX.kkk`. 211 */ 212 ZYDIS_REG_ENCODING_MASK, 213 214 /** 215 * Maximum value of this enum. 216 */ 217 ZYDIS_REG_ENCODING_MAX_VALUE = ZYDIS_REG_ENCODING_MASK, 218 /** 219 * The minimum number of bits required to represent all values of this enum. 220 */ 221 ZYDIS_REG_ENCODING_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_REG_ENCODING_MAX_VALUE) 222 } ZydisRegisterEncoding; 223 224 /* ---------------------------------------------------------------------------------------------- */ 225 226 /* ============================================================================================== */ 227 /* Internal functions */ 228 /* ============================================================================================== */ 229 230 /* ---------------------------------------------------------------------------------------------- */ 231 /* Input helper functions */ 232 /* ---------------------------------------------------------------------------------------------- */ 233 234 /** 235 * Reads one byte from the current read-position of the input data-source. 236 * 237 * @param state A pointer to the `ZydisDecoderState` struct. 238 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 239 * @param value A pointer to the memory that receives the byte from the input data-source. 240 * 241 * @return A zyan status code. 242 * 243 * This function may fail, if the `ZYDIS_MAX_INSTRUCTION_LENGTH` limit got exceeded, or no more 244 * data is available. 245 */ 246 static ZyanStatus ZydisInputPeek(ZydisDecoderState* state, 247 ZydisDecodedInstruction* instruction, ZyanU8* value) 248 { 249 ZYAN_ASSERT(state); 250 ZYAN_ASSERT(instruction); 251 ZYAN_ASSERT(value); 252 253 if (instruction->length >= ZYDIS_MAX_INSTRUCTION_LENGTH) 254 { 255 return ZYDIS_STATUS_INSTRUCTION_TOO_LONG; 256 } 257 258 if (state->buffer_len > 0) 259 { 260 *value = state->buffer[0]; 261 return ZYAN_STATUS_SUCCESS; 262 } 263 264 return ZYDIS_STATUS_NO_MORE_DATA; 265 } 266 267 /** 268 * Increases the read-position of the input data-source by one byte. 269 * 270 * @param state A pointer to the `ZydisDecoderState` instance 271 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 272 * 273 * This function is supposed to get called ONLY after a successful call of `ZydisInputPeek`. 274 * 275 * This function increases the `length` field of the `ZydisDecodedInstruction` struct by one. 276 */ 277 static void ZydisInputSkip(ZydisDecoderState* state, ZydisDecodedInstruction* instruction) 278 { 279 ZYAN_ASSERT(state); 280 ZYAN_ASSERT(instruction); 281 ZYAN_ASSERT(instruction->length < ZYDIS_MAX_INSTRUCTION_LENGTH); 282 283 ++instruction->length; 284 ++state->buffer; 285 --state->buffer_len; 286 } 287 288 /** 289 * Reads one byte from the current read-position of the input data-source and increases 290 * the read-position by one byte afterwards. 291 * 292 * @param state A pointer to the `ZydisDecoderState` struct. 293 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 294 * @param value A pointer to the memory that receives the byte from the input data-source. 295 * 296 * @return A zyan status code. 297 * 298 * This function acts like a subsequent call of `ZydisInputPeek` and `ZydisInputSkip`. 299 */ 300 static ZyanStatus ZydisInputNext(ZydisDecoderState* state, 301 ZydisDecodedInstruction* instruction, ZyanU8* value) 302 { 303 ZYAN_ASSERT(state); 304 ZYAN_ASSERT(instruction); 305 ZYAN_ASSERT(value); 306 307 if (instruction->length >= ZYDIS_MAX_INSTRUCTION_LENGTH) 308 { 309 return ZYDIS_STATUS_INSTRUCTION_TOO_LONG; 310 } 311 312 if (state->buffer_len > 0) 313 { 314 *value = state->buffer++[0]; 315 ++instruction->length; 316 --state->buffer_len; 317 return ZYAN_STATUS_SUCCESS; 318 } 319 320 return ZYDIS_STATUS_NO_MORE_DATA; 321 } 322 323 /** 324 * Reads a variable amount of bytes from the current read-position of the input 325 * data-source and increases the read-position by specified amount of bytes afterwards. 326 * 327 * @param state A pointer to the `ZydisDecoderState` struct. 328 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 329 * @param value A pointer to the memory that receives the byte from the input 330 * data-source. 331 * @param number_of_bytes The number of bytes to read from the input data-source. 332 * 333 * @return A zyan status code. 334 * 335 * This function acts like a subsequent call of `ZydisInputPeek` and `ZydisInputSkip`. 336 */ 337 static ZyanStatus ZydisInputNextBytes(ZydisDecoderState* state, 338 ZydisDecodedInstruction* instruction, ZyanU8* value, ZyanU8 number_of_bytes) 339 { 340 ZYAN_ASSERT(state); 341 ZYAN_ASSERT(instruction); 342 ZYAN_ASSERT(value); 343 344 if (instruction->length + number_of_bytes > ZYDIS_MAX_INSTRUCTION_LENGTH) 345 { 346 return ZYDIS_STATUS_INSTRUCTION_TOO_LONG; 347 } 348 349 if (state->buffer_len >= number_of_bytes) 350 { 351 instruction->length += number_of_bytes; 352 353 ZYAN_MEMCPY(value, state->buffer, number_of_bytes); 354 state->buffer += number_of_bytes; 355 state->buffer_len -= number_of_bytes; 356 357 return ZYAN_STATUS_SUCCESS; 358 } 359 360 return ZYDIS_STATUS_NO_MORE_DATA; 361 } 362 363 /* ---------------------------------------------------------------------------------------------- */ 364 /* Decode functions */ 365 /* ---------------------------------------------------------------------------------------------- */ 366 367 /** 368 * Decodes the `REX`-prefix. 369 * 370 * @param context A pointer to the `ZydisDecoderContext` struct. 371 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 372 * @param data The `REX` byte. 373 */ 374 static void ZydisDecodeREX(ZydisDecoderContext* context, ZydisDecodedInstruction* instruction, 375 ZyanU8 data) 376 { 377 ZYAN_ASSERT(instruction); 378 ZYAN_ASSERT((data & 0xF0) == 0x40); 379 380 instruction->attributes |= ZYDIS_ATTRIB_HAS_REX; 381 instruction->raw.rex.W = (data >> 3) & 0x01; 382 instruction->raw.rex.R = (data >> 2) & 0x01; 383 instruction->raw.rex.X = (data >> 1) & 0x01; 384 instruction->raw.rex.B = (data >> 0) & 0x01; 385 386 // Update internal fields 387 context->vector_unified.W = instruction->raw.rex.W; 388 context->vector_unified.R = instruction->raw.rex.R; 389 context->vector_unified.X = instruction->raw.rex.X; 390 context->vector_unified.B = instruction->raw.rex.B; 391 } 392 393 /** 394 * Decodes the `XOP`-prefix. 395 * 396 * @param context A pointer to the `ZydisDecoderContext` struct. 397 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 398 * @param data The `XOP` bytes. 399 * 400 * @return A zyan status code. 401 */ 402 static ZyanStatus ZydisDecodeXOP(ZydisDecoderContext* context, 403 ZydisDecodedInstruction* instruction, const ZyanU8 data[3]) 404 { 405 ZYAN_ASSERT(instruction); 406 ZYAN_ASSERT(data[0] == 0x8F); 407 ZYAN_ASSERT(((data[1] >> 0) & 0x1F) >= 8); 408 ZYAN_ASSERT(instruction->raw.xop.offset == instruction->length - 3); 409 410 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_REAL_16) 411 { 412 // XOP is invalid in 16-bit real mode 413 return ZYDIS_STATUS_DECODING_ERROR; 414 } 415 416 instruction->attributes |= ZYDIS_ATTRIB_HAS_XOP; 417 instruction->raw.xop.R = (data[1] >> 7) & 0x01; 418 instruction->raw.xop.X = (data[1] >> 6) & 0x01; 419 instruction->raw.xop.B = (data[1] >> 5) & 0x01; 420 instruction->raw.xop.m_mmmm = (data[1] >> 0) & 0x1F; 421 422 if ((instruction->raw.xop.m_mmmm < 0x08) || (instruction->raw.xop.m_mmmm > 0x0A)) 423 { 424 // Invalid according to the AMD documentation 425 return ZYDIS_STATUS_INVALID_MAP; 426 } 427 428 instruction->raw.xop.W = (data[2] >> 7) & 0x01; 429 instruction->raw.xop.vvvv = (data[2] >> 3) & 0x0F; 430 instruction->raw.xop.L = (data[2] >> 2) & 0x01; 431 instruction->raw.xop.pp = (data[2] >> 0) & 0x03; 432 433 // Update internal fields 434 context->vector_unified.W = instruction->raw.xop.W; 435 context->vector_unified.R = 0x01 & ~instruction->raw.xop.R; 436 context->vector_unified.X = 0x01 & ~instruction->raw.xop.X; 437 context->vector_unified.B = 0x01 & ~instruction->raw.xop.B; 438 context->vector_unified.L = instruction->raw.xop.L; 439 context->vector_unified.LL = instruction->raw.xop.L; 440 context->vector_unified.vvvv = (0x0F & ~instruction->raw.xop.vvvv); 441 442 return ZYAN_STATUS_SUCCESS; 443 } 444 445 /** 446 * Decodes the `VEX`-prefix. 447 * 448 * @param context A pointer to the `ZydisDecoderContext` struct. 449 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 450 * @param data The `VEX` bytes. 451 * 452 * @return A zyan status code. 453 */ 454 static ZyanStatus ZydisDecodeVEX(ZydisDecoderContext* context, 455 ZydisDecodedInstruction* instruction, const ZyanU8 data[3]) 456 { 457 ZYAN_ASSERT(instruction); 458 ZYAN_ASSERT((data[0] == 0xC4) || (data[0] == 0xC5)); 459 460 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_REAL_16) 461 { 462 // VEX is invalid in 16-bit real mode 463 return ZYDIS_STATUS_DECODING_ERROR; 464 } 465 466 instruction->attributes |= ZYDIS_ATTRIB_HAS_VEX; 467 switch (data[0]) 468 { 469 case 0xC4: 470 ZYAN_ASSERT(instruction->raw.vex.offset == instruction->length - 3); 471 instruction->raw.vex.size = 3; 472 instruction->raw.vex.R = (data[1] >> 7) & 0x01; 473 instruction->raw.vex.X = (data[1] >> 6) & 0x01; 474 instruction->raw.vex.B = (data[1] >> 5) & 0x01; 475 instruction->raw.vex.m_mmmm = (data[1] >> 0) & 0x1F; 476 instruction->raw.vex.W = (data[2] >> 7) & 0x01; 477 instruction->raw.vex.vvvv = (data[2] >> 3) & 0x0F; 478 instruction->raw.vex.L = (data[2] >> 2) & 0x01; 479 instruction->raw.vex.pp = (data[2] >> 0) & 0x03; 480 break; 481 case 0xC5: 482 ZYAN_ASSERT(instruction->raw.vex.offset == instruction->length - 2); 483 instruction->raw.vex.size = 2; 484 instruction->raw.vex.R = (data[1] >> 7) & 0x01; 485 instruction->raw.vex.X = 1; 486 instruction->raw.vex.B = 1; 487 instruction->raw.vex.m_mmmm = 1; 488 instruction->raw.vex.W = 0; 489 instruction->raw.vex.vvvv = (data[1] >> 3) & 0x0F; 490 instruction->raw.vex.L = (data[1] >> 2) & 0x01; 491 instruction->raw.vex.pp = (data[1] >> 0) & 0x03; 492 break; 493 default: 494 ZYAN_UNREACHABLE; 495 } 496 497 // Map 0 is only valid for some KNC instructions 498 #ifdef ZYDIS_DISABLE_KNC 499 if ((instruction->raw.vex.m_mmmm == 0) || (instruction->raw.vex.m_mmmm > 0x03)) 500 #else 501 if (instruction->raw.vex.m_mmmm > 0x03) 502 #endif 503 { 504 // Invalid according to the intel documentation 505 return ZYDIS_STATUS_INVALID_MAP; 506 } 507 508 // Update internal fields 509 context->vector_unified.W = instruction->raw.vex.W; 510 context->vector_unified.R = 0x01 & ~instruction->raw.vex.R; 511 context->vector_unified.X = 0x01 & ~instruction->raw.vex.X; 512 context->vector_unified.B = 0x01 & ~instruction->raw.vex.B; 513 context->vector_unified.L = instruction->raw.vex.L; 514 context->vector_unified.LL = instruction->raw.vex.L; 515 context->vector_unified.vvvv = (0x0F & ~instruction->raw.vex.vvvv); 516 517 return ZYAN_STATUS_SUCCESS; 518 } 519 520 #ifndef ZYDIS_DISABLE_AVX512 521 /** 522 * Decodes the `EVEX`-prefix. 523 * 524 * @param context A pointer to the `ZydisDecoderContext` struct. 525 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 526 * @param data The `EVEX` bytes. 527 * 528 * @return A zyan status code. 529 */ 530 static ZyanStatus ZydisDecodeEVEX(ZydisDecoderContext* context, 531 ZydisDecodedInstruction* instruction, const ZyanU8 data[4]) 532 { 533 ZYAN_ASSERT(instruction); 534 ZYAN_ASSERT(data[0] == 0x62); 535 ZYAN_ASSERT(instruction->raw.evex.offset == instruction->length - 4); 536 537 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_REAL_16) 538 { 539 // EVEX is invalid in 16-bit real mode 540 return ZYDIS_STATUS_DECODING_ERROR; 541 } 542 543 instruction->attributes |= ZYDIS_ATTRIB_HAS_EVEX; 544 instruction->raw.evex.R = (data[1] >> 7) & 0x01; 545 instruction->raw.evex.X = (data[1] >> 6) & 0x01; 546 instruction->raw.evex.B = (data[1] >> 5) & 0x01; 547 instruction->raw.evex.R2 = (data[1] >> 4) & 0x01; 548 549 if (data[1] & 0x08) 550 { 551 // Invalid according to the intel documentation 552 return ZYDIS_STATUS_MALFORMED_EVEX; 553 } 554 555 instruction->raw.evex.mmm = (data[1] >> 0) & 0x07; 556 557 if ((instruction->raw.evex.mmm == 0x00) || 558 (instruction->raw.evex.mmm == 0x04) || 559 (instruction->raw.evex.mmm == 0x07)) 560 { 561 // Invalid according to the intel documentation 562 return ZYDIS_STATUS_INVALID_MAP; 563 } 564 565 instruction->raw.evex.W = (data[2] >> 7) & 0x01; 566 instruction->raw.evex.vvvv = (data[2] >> 3) & 0x0F; 567 568 ZYAN_ASSERT(((data[2] >> 2) & 0x01) == 0x01); 569 570 instruction->raw.evex.pp = (data[2] >> 0) & 0x03; 571 instruction->raw.evex.z = (data[3] >> 7) & 0x01; 572 instruction->raw.evex.L2 = (data[3] >> 6) & 0x01; 573 instruction->raw.evex.L = (data[3] >> 5) & 0x01; 574 instruction->raw.evex.b = (data[3] >> 4) & 0x01; 575 instruction->raw.evex.V2 = (data[3] >> 3) & 0x01; 576 577 if (!instruction->raw.evex.V2 && 578 (instruction->machine_mode != ZYDIS_MACHINE_MODE_LONG_64)) 579 { 580 return ZYDIS_STATUS_MALFORMED_EVEX; 581 } 582 583 instruction->raw.evex.aaa = (data[3] >> 0) & 0x07; 584 585 if (instruction->raw.evex.z && !instruction->raw.evex.aaa) 586 { 587 return ZYDIS_STATUS_INVALID_MASK; // TODO: Dedicated status code 588 } 589 590 // Update internal fields 591 context->vector_unified.W = instruction->raw.evex.W; 592 context->vector_unified.R = 0x01 & ~instruction->raw.evex.R; 593 context->vector_unified.X = 0x01 & ~instruction->raw.evex.X; 594 context->vector_unified.B = 0x01 & ~instruction->raw.evex.B; 595 context->vector_unified.LL = (data[3] >> 5) & 0x03; 596 context->vector_unified.R2 = 0x01 & ~instruction->raw.evex.R2; 597 context->vector_unified.V2 = 0x01 & ~instruction->raw.evex.V2; 598 context->vector_unified.vvvv = 0x0F & ~instruction->raw.evex.vvvv; 599 context->vector_unified.mask = instruction->raw.evex.aaa; 600 601 if (!instruction->raw.evex.V2 && (instruction->machine_mode != ZYDIS_MACHINE_MODE_LONG_64)) 602 { 603 return ZYDIS_STATUS_MALFORMED_EVEX; 604 } 605 if (!instruction->raw.evex.b && (context->vector_unified.LL == 3)) 606 { 607 // LL = 3 is only valid for instructions with embedded rounding control 608 return ZYDIS_STATUS_MALFORMED_EVEX; 609 } 610 611 return ZYAN_STATUS_SUCCESS; 612 } 613 #endif 614 615 #ifndef ZYDIS_DISABLE_KNC 616 /** 617 * Decodes the `MVEX`-prefix. 618 * 619 * @param context A pointer to the `ZydisDecoderContext` struct. 620 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 621 * @param data The `MVEX` bytes. 622 * 623 * @return A zyan status code. 624 */ 625 static ZyanStatus ZydisDecodeMVEX(ZydisDecoderContext* context, 626 ZydisDecodedInstruction* instruction, const ZyanU8 data[4]) 627 { 628 ZYAN_ASSERT(instruction); 629 ZYAN_ASSERT(data[0] == 0x62); 630 ZYAN_ASSERT(instruction->raw.mvex.offset == instruction->length - 4); 631 632 if (instruction->machine_mode != ZYDIS_MACHINE_MODE_LONG_64) 633 { 634 // MVEX is only valid in 64-bit mode 635 return ZYDIS_STATUS_DECODING_ERROR; 636 } 637 638 instruction->attributes |= ZYDIS_ATTRIB_HAS_MVEX; 639 instruction->raw.mvex.R = (data[1] >> 7) & 0x01; 640 instruction->raw.mvex.X = (data[1] >> 6) & 0x01; 641 instruction->raw.mvex.B = (data[1] >> 5) & 0x01; 642 instruction->raw.mvex.R2 = (data[1] >> 4) & 0x01; 643 instruction->raw.mvex.mmmm = (data[1] >> 0) & 0x0F; 644 645 if (instruction->raw.mvex.mmmm > 0x03) 646 { 647 // Invalid according to the intel documentation 648 return ZYDIS_STATUS_INVALID_MAP; 649 } 650 651 instruction->raw.mvex.W = (data[2] >> 7) & 0x01; 652 instruction->raw.mvex.vvvv = (data[2] >> 3) & 0x0F; 653 654 ZYAN_ASSERT(((data[2] >> 2) & 0x01) == 0x00); 655 656 instruction->raw.mvex.pp = (data[2] >> 0) & 0x03; 657 instruction->raw.mvex.E = (data[3] >> 7) & 0x01; 658 instruction->raw.mvex.SSS = (data[3] >> 4) & 0x07; 659 instruction->raw.mvex.V2 = (data[3] >> 3) & 0x01; 660 instruction->raw.mvex.kkk = (data[3] >> 0) & 0x07; 661 662 // Update internal fields 663 context->vector_unified.W = instruction->raw.mvex.W; 664 context->vector_unified.R = 0x01 & ~instruction->raw.mvex.R; 665 context->vector_unified.X = 0x01 & ~instruction->raw.mvex.X; 666 context->vector_unified.B = 0x01 & ~instruction->raw.mvex.B; 667 context->vector_unified.R2 = 0x01 & ~instruction->raw.mvex.R2; 668 context->vector_unified.V2 = 0x01 & ~instruction->raw.mvex.V2; 669 context->vector_unified.LL = 2; 670 context->vector_unified.vvvv = 0x0F & ~instruction->raw.mvex.vvvv; 671 context->vector_unified.mask = instruction->raw.mvex.kkk; 672 673 return ZYAN_STATUS_SUCCESS; 674 } 675 #endif 676 677 /** 678 * Decodes the `ModRM`-byte. 679 * 680 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 681 * @param data The `ModRM` byte. 682 */ 683 static void ZydisDecodeModRM(ZydisDecodedInstruction* instruction, ZyanU8 data) 684 { 685 ZYAN_ASSERT(instruction); 686 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_MODRM)); 687 ZYAN_ASSERT(instruction->raw.modrm.offset == instruction->length - 1); 688 689 instruction->attributes |= ZYDIS_ATTRIB_HAS_MODRM; 690 instruction->raw.modrm.mod = (data >> 6) & 0x03; 691 instruction->raw.modrm.reg = (data >> 3) & 0x07; 692 instruction->raw.modrm.rm = (data >> 0) & 0x07; 693 } 694 695 /** 696 * Decodes the `SIB`-byte. 697 * 698 * @param instruction A pointer to the `ZydisDecodedInstruction` struct 699 * @param data The `SIB` byte. 700 */ 701 static void ZydisDecodeSIB(ZydisDecodedInstruction* instruction, ZyanU8 data) 702 { 703 ZYAN_ASSERT(instruction); 704 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MODRM); 705 ZYAN_ASSERT(instruction->raw.modrm.rm == 4); 706 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_SIB)); 707 ZYAN_ASSERT(instruction->raw.sib.offset == instruction->length - 1); 708 709 instruction->attributes |= ZYDIS_ATTRIB_HAS_SIB; 710 instruction->raw.sib.scale = (data >> 6) & 0x03; 711 instruction->raw.sib.index = (data >> 3) & 0x07; 712 instruction->raw.sib.base = (data >> 0) & 0x07; 713 } 714 715 /* ---------------------------------------------------------------------------------------------- */ 716 717 /** 718 * Reads a displacement value. 719 * 720 * @param state A pointer to the `ZydisDecoderState` struct. 721 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 722 * @param size The physical size of the displacement value. 723 * 724 * @return A zyan status code. 725 */ 726 static ZyanStatus ZydisReadDisplacement(ZydisDecoderState* state, 727 ZydisDecodedInstruction* instruction, ZyanU8 size) 728 { 729 ZYAN_ASSERT(state); 730 ZYAN_ASSERT(instruction); 731 ZYAN_ASSERT(instruction->raw.disp.size == 0); 732 733 instruction->raw.disp.size = size; 734 instruction->raw.disp.offset = instruction->length; 735 736 switch (size) 737 { 738 case 8: 739 { 740 ZyanU8 value; 741 ZYAN_CHECK(ZydisInputNext(state, instruction, &value)); 742 instruction->raw.disp.value = *(ZyanI8*)&value; 743 break; 744 } 745 case 16: 746 { 747 ZyanU16 value; 748 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 2)); 749 instruction->raw.disp.value = *(ZyanI16*)&value; 750 break; 751 } 752 case 32: 753 { 754 ZyanU32 value; 755 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 4)); 756 instruction->raw.disp.value = *(ZyanI32*)&value; 757 break; 758 } 759 case 64: 760 { 761 ZyanU64 value; 762 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 8)); 763 instruction->raw.disp.value = *(ZyanI64*)&value; 764 break; 765 } 766 default: 767 ZYAN_UNREACHABLE; 768 } 769 770 // TODO: Fix endianess on big-endian systems 771 772 return ZYAN_STATUS_SUCCESS; 773 } 774 775 /** 776 * Reads an immediate value. 777 * 778 * @param state A pointer to the `ZydisDecoderState` struct. 779 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 780 * @param id The immediate id (either `0` or `1`). 781 * @param size The physical size of the immediate value. 782 * @param is_signed Signals, if the immediate value is signed. 783 * @param is_relative Signals, if the immediate value is a relative offset. 784 * 785 * @return A zyan status code. 786 */ 787 static ZyanStatus ZydisReadImmediate(ZydisDecoderState* state, 788 ZydisDecodedInstruction* instruction, ZyanU8 id, ZyanU8 size, ZyanBool is_signed, 789 ZyanBool is_relative) 790 { 791 ZYAN_ASSERT(state); 792 ZYAN_ASSERT(instruction); 793 ZYAN_ASSERT((id == 0) || (id == 1)); 794 ZYAN_ASSERT(is_signed || !is_relative); 795 ZYAN_ASSERT(instruction->raw.imm[id].size == 0); 796 797 instruction->raw.imm[id].size = size; 798 instruction->raw.imm[id].offset = instruction->length; 799 instruction->raw.imm[id].is_signed = is_signed; 800 instruction->raw.imm[id].is_relative = is_relative; 801 switch (size) 802 { 803 case 8: 804 { 805 ZyanU8 value; 806 ZYAN_CHECK(ZydisInputNext(state, instruction, &value)); 807 if (is_signed) 808 { 809 instruction->raw.imm[id].value.s = (ZyanI8)value; 810 } else 811 { 812 instruction->raw.imm[id].value.u = value; 813 } 814 break; 815 } 816 case 16: 817 { 818 ZyanU16 value; 819 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 2)); 820 if (is_signed) 821 { 822 instruction->raw.imm[id].value.s = (ZyanI16)value; 823 } else 824 { 825 instruction->raw.imm[id].value.u = value; 826 } 827 break; 828 } 829 case 32: 830 { 831 ZyanU32 value; 832 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 4)); 833 if (is_signed) 834 { 835 instruction->raw.imm[id].value.s = (ZyanI32)value; 836 } else 837 { 838 instruction->raw.imm[id].value.u = value; 839 } 840 break; 841 } 842 case 64: 843 { 844 ZyanU64 value; 845 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, (ZyanU8*)&value, 8)); 846 if (is_signed) 847 { 848 instruction->raw.imm[id].value.s = (ZyanI64)value; 849 } else 850 { 851 instruction->raw.imm[id].value.u = value; 852 } 853 break; 854 } 855 default: 856 ZYAN_UNREACHABLE; 857 } 858 859 // TODO: Fix endianess on big-endian systems 860 861 return ZYAN_STATUS_SUCCESS; 862 } 863 864 /* ---------------------------------------------------------------------------------------------- */ 865 /* Semantic instruction decoding */ 866 /* ---------------------------------------------------------------------------------------------- */ 867 868 #ifndef ZYDIS_MINIMAL_MODE 869 /** 870 * Calculates the register-id for a specific register-encoding and register-class. 871 * 872 * @param context A pointer to the `ZydisDecoderContext` struct. 873 * @param instruction A pointer to the ` ZydisDecodedInstruction` struct. 874 * @param encoding The register-encoding. 875 * @param register_class The register-class. 876 * 877 * @return A zyan status code. 878 * 879 * This function calculates the register-id by combining different fields and flags of previously 880 * decoded structs. 881 */ 882 static ZyanU8 ZydisCalcRegisterId(const ZydisDecoderContext* context, 883 const ZydisDecodedInstruction* instruction, ZydisRegisterEncoding encoding, 884 ZydisRegisterClass register_class) 885 { 886 ZYAN_ASSERT(context); 887 ZYAN_ASSERT(instruction); 888 889 // TODO: Combine OPCODE and IS4 in `ZydisPopulateRegisterIds` and get rid of this 890 // TODO: function entirely 891 892 switch (encoding) 893 { 894 case ZYDIS_REG_ENCODING_REG: 895 return context->reg_info.id_reg; 896 case ZYDIS_REG_ENCODING_NDSNDD: 897 return context->reg_info.id_ndsndd; 898 case ZYDIS_REG_ENCODING_RM: 899 return context->reg_info.id_rm; 900 case ZYDIS_REG_ENCODING_BASE: 901 return context->reg_info.id_base; 902 case ZYDIS_REG_ENCODING_INDEX: 903 case ZYDIS_REG_ENCODING_VIDX: 904 return context->reg_info.id_index; 905 case ZYDIS_REG_ENCODING_OPCODE: 906 { 907 ZYAN_ASSERT((register_class == ZYDIS_REGCLASS_GPR8) || 908 (register_class == ZYDIS_REGCLASS_GPR16) || 909 (register_class == ZYDIS_REGCLASS_GPR32) || 910 (register_class == ZYDIS_REGCLASS_GPR64)); 911 ZyanU8 value = (instruction->opcode & 0x0F); 912 if (value > 7) 913 { 914 value = value - 8; 915 } 916 if (instruction->machine_mode != ZYDIS_MACHINE_MODE_LONG_64) 917 { 918 return value; 919 } 920 return value | (context->vector_unified.B << 3); 921 } 922 case ZYDIS_REG_ENCODING_IS4: 923 { 924 if (instruction->machine_mode != ZYDIS_MACHINE_MODE_LONG_64) 925 { 926 return (instruction->raw.imm[0].value.u >> 4) & 0x07; 927 } 928 ZyanU8 value = (instruction->raw.imm[0].value.u >> 4) & 0x0F; 929 // We have to check the instruction-encoding, because the extension by bit [3] is only 930 // valid for EVEX and MVEX instructions 931 if ((instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || 932 (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX)) 933 { 934 switch (register_class) 935 { 936 case ZYDIS_REGCLASS_XMM: 937 case ZYDIS_REGCLASS_YMM: 938 case ZYDIS_REGCLASS_ZMM: 939 value |= ((instruction->raw.imm[0].value.u & 0x08) << 1); 940 default: 941 break; 942 } 943 } 944 return value; 945 } 946 case ZYDIS_REG_ENCODING_MASK: 947 return context->vector_unified.mask; 948 default: 949 ZYAN_UNREACHABLE; 950 } 951 } 952 #endif 953 954 #ifndef ZYDIS_MINIMAL_MODE 955 /** 956 * Sets the operand-size and element-specific information for the given operand. 957 * 958 * @param context A pointer to the `ZydisDecoderContext` struct. 959 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 960 * @param operand A pointer to the `ZydisDecodedOperand` struct. 961 * @param definition A pointer to the `ZydisOperandDefinition` struct. 962 */ 963 static void ZydisSetOperandSizeAndElementInfo(const ZydisDecoderContext* context, 964 const ZydisDecodedInstruction* instruction, ZydisDecodedOperand* operand, 965 const ZydisOperandDefinition* definition) 966 { 967 ZYAN_ASSERT(context); 968 ZYAN_ASSERT(instruction); 969 ZYAN_ASSERT(operand); 970 ZYAN_ASSERT(definition); 971 972 // Operand size 973 switch (operand->type) 974 { 975 case ZYDIS_OPERAND_TYPE_REGISTER: 976 { 977 if (definition->size[context->eosz_index]) 978 { 979 operand->size = definition->size[context->eosz_index] * 8; 980 } else 981 { 982 operand->size = ZydisRegisterGetWidth(instruction->machine_mode, 983 operand->reg.value); 984 } 985 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 986 operand->element_size = operand->size; 987 break; 988 } 989 case ZYDIS_OPERAND_TYPE_MEMORY: 990 switch (instruction->encoding) 991 { 992 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 993 case ZYDIS_INSTRUCTION_ENCODING_3DNOW: 994 case ZYDIS_INSTRUCTION_ENCODING_XOP: 995 case ZYDIS_INSTRUCTION_ENCODING_VEX: 996 if (operand->mem.type == ZYDIS_MEMOP_TYPE_AGEN) 997 { 998 ZYAN_ASSERT(definition->size[context->eosz_index] == 0); 999 operand->size = instruction->address_width; 1000 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1001 } else 1002 { 1003 ZYAN_ASSERT(definition->size[context->eosz_index] || 1004 (instruction->meta.category == ZYDIS_CATEGORY_AMX_TILE)); 1005 operand->size = definition->size[context->eosz_index] * 8; 1006 } 1007 break; 1008 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 1009 #ifndef ZYDIS_DISABLE_AVX512 1010 if (definition->size[context->eosz_index]) 1011 { 1012 // Operand size is hardcoded 1013 operand->size = definition->size[context->eosz_index] * 8; 1014 } else 1015 { 1016 // Operand size depends on the tuple-type, the element-size and the number of 1017 // elements 1018 ZYAN_ASSERT(instruction->avx.vector_length); 1019 ZYAN_ASSERT(context->evex.element_size); 1020 switch (context->evex.tuple_type) 1021 { 1022 case ZYDIS_TUPLETYPE_FV: 1023 if (instruction->avx.broadcast.mode) 1024 { 1025 operand->size = context->evex.element_size; 1026 } else 1027 { 1028 operand->size = instruction->avx.vector_length; 1029 } 1030 break; 1031 case ZYDIS_TUPLETYPE_HV: 1032 if (instruction->avx.broadcast.mode) 1033 { 1034 operand->size = context->evex.element_size; 1035 } else 1036 { 1037 operand->size = (ZyanU16)instruction->avx.vector_length / 2; 1038 } 1039 break; 1040 case ZYDIS_TUPLETYPE_QUARTER: 1041 if (instruction->avx.broadcast.mode) 1042 { 1043 operand->size = context->evex.element_size; 1044 } 1045 else 1046 { 1047 operand->size = (ZyanU16)instruction->avx.vector_length / 4; 1048 } 1049 break; 1050 default: 1051 ZYAN_UNREACHABLE; 1052 } 1053 } 1054 ZYAN_ASSERT(operand->size); 1055 #else 1056 ZYAN_UNREACHABLE; 1057 #endif 1058 break; 1059 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 1060 #ifndef ZYDIS_DISABLE_KNC 1061 if (definition->size[context->eosz_index]) 1062 { 1063 // Operand size is hardcoded 1064 operand->size = definition->size[context->eosz_index] * 8; 1065 } else 1066 { 1067 ZYAN_ASSERT(definition->element_type == ZYDIS_IELEMENT_TYPE_VARIABLE); 1068 ZYAN_ASSERT(instruction->avx.vector_length == 512); 1069 1070 switch (instruction->avx.conversion.mode) 1071 { 1072 case ZYDIS_CONVERSION_MODE_INVALID: 1073 operand->size = 512; 1074 switch (context->mvex.functionality) 1075 { 1076 case ZYDIS_MVEX_FUNC_SF_32: 1077 case ZYDIS_MVEX_FUNC_SF_32_BCST_4TO16: 1078 case ZYDIS_MVEX_FUNC_UF_32: 1079 case ZYDIS_MVEX_FUNC_DF_32: 1080 operand->element_type = ZYDIS_ELEMENT_TYPE_FLOAT32; 1081 operand->element_size = 32; 1082 break; 1083 case ZYDIS_MVEX_FUNC_SF_32_BCST: 1084 operand->size = 256; 1085 operand->element_type = ZYDIS_ELEMENT_TYPE_FLOAT32; 1086 operand->element_size = 32; 1087 break; 1088 case ZYDIS_MVEX_FUNC_SI_32: 1089 case ZYDIS_MVEX_FUNC_SI_32_BCST_4TO16: 1090 case ZYDIS_MVEX_FUNC_UI_32: 1091 case ZYDIS_MVEX_FUNC_DI_32: 1092 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1093 operand->element_size = 32; 1094 break; 1095 case ZYDIS_MVEX_FUNC_SI_32_BCST: 1096 operand->size = 256; 1097 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1098 operand->element_size = 32; 1099 break; 1100 case ZYDIS_MVEX_FUNC_SF_64: 1101 case ZYDIS_MVEX_FUNC_UF_64: 1102 case ZYDIS_MVEX_FUNC_DF_64: 1103 operand->element_type = ZYDIS_ELEMENT_TYPE_FLOAT64; 1104 operand->element_size = 64; 1105 break; 1106 case ZYDIS_MVEX_FUNC_SI_64: 1107 case ZYDIS_MVEX_FUNC_UI_64: 1108 case ZYDIS_MVEX_FUNC_DI_64: 1109 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1110 operand->element_size = 64; 1111 break; 1112 default: 1113 ZYAN_UNREACHABLE; 1114 } 1115 break; 1116 case ZYDIS_CONVERSION_MODE_FLOAT16: 1117 operand->size = 256; 1118 operand->element_type = ZYDIS_ELEMENT_TYPE_FLOAT16; 1119 operand->element_size = 16; 1120 break; 1121 case ZYDIS_CONVERSION_MODE_SINT16: 1122 operand->size = 256; 1123 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1124 operand->element_size = 16; 1125 break; 1126 case ZYDIS_CONVERSION_MODE_UINT16: 1127 operand->size = 256; 1128 operand->element_type = ZYDIS_ELEMENT_TYPE_UINT; 1129 operand->element_size = 16; 1130 break; 1131 case ZYDIS_CONVERSION_MODE_SINT8: 1132 operand->size = 128; 1133 operand->element_type = ZYDIS_ELEMENT_TYPE_INT; 1134 operand->element_size = 8; 1135 break; 1136 case ZYDIS_CONVERSION_MODE_UINT8: 1137 operand->size = 128; 1138 operand->element_type = ZYDIS_ELEMENT_TYPE_UINT; 1139 operand->element_size = 8; 1140 break; 1141 default: 1142 ZYAN_UNREACHABLE; 1143 } 1144 1145 switch (instruction->avx.broadcast.mode) 1146 { 1147 case ZYDIS_BROADCAST_MODE_INVALID: 1148 // Nothing to do here 1149 break; 1150 case ZYDIS_BROADCAST_MODE_1_TO_8: 1151 case ZYDIS_BROADCAST_MODE_1_TO_16: 1152 operand->size = operand->element_size; 1153 break; 1154 case ZYDIS_BROADCAST_MODE_4_TO_8: 1155 case ZYDIS_BROADCAST_MODE_4_TO_16: 1156 operand->size = operand->element_size * 4; 1157 break; 1158 default: 1159 ZYAN_UNREACHABLE; 1160 } 1161 } 1162 #else 1163 ZYAN_UNREACHABLE; 1164 #endif 1165 break; 1166 default: 1167 ZYAN_UNREACHABLE; 1168 } 1169 break; 1170 case ZYDIS_OPERAND_TYPE_POINTER: 1171 ZYAN_ASSERT((instruction->raw.imm[0].size == 16) || 1172 (instruction->raw.imm[0].size == 32)); 1173 ZYAN_ASSERT( instruction->raw.imm[1].size == 16); 1174 operand->size = instruction->raw.imm[0].size + instruction->raw.imm[1].size; 1175 break; 1176 case ZYDIS_OPERAND_TYPE_IMMEDIATE: 1177 operand->size = definition->size[context->eosz_index] * 8; 1178 break; 1179 default: 1180 ZYAN_UNREACHABLE; 1181 } 1182 1183 // Element-type and -size 1184 if (definition->element_type && (definition->element_type != ZYDIS_IELEMENT_TYPE_VARIABLE)) 1185 { 1186 ZydisGetElementInfo(definition->element_type, &operand->element_type, 1187 &operand->element_size); 1188 if (!operand->element_size) 1189 { 1190 // The element size is the same as the operand size. This is used for single element 1191 // scaling operands 1192 operand->element_size = operand->size; 1193 } 1194 } 1195 1196 // Element count 1197 if (operand->element_size && operand->size && (operand->element_type != ZYDIS_ELEMENT_TYPE_CC)) 1198 { 1199 operand->element_count = operand->size / operand->element_size; 1200 } else 1201 { 1202 operand->element_count = 1; 1203 } 1204 } 1205 #endif 1206 1207 #ifndef ZYDIS_MINIMAL_MODE 1208 /** 1209 * Decodes an register-operand. 1210 * 1211 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 1212 * @param operand A pointer to the `ZydisDecodedOperand` struct. 1213 * @param register_class The register class. 1214 * @param register_id The register id. 1215 * 1216 * @return A zyan status code. 1217 */ 1218 static ZyanStatus ZydisDecodeOperandRegister(const ZydisDecodedInstruction* instruction, 1219 ZydisDecodedOperand* operand, ZydisRegisterClass register_class, ZyanU8 register_id) 1220 { 1221 ZYAN_ASSERT(instruction); 1222 ZYAN_ASSERT(operand); 1223 1224 operand->type = ZYDIS_OPERAND_TYPE_REGISTER; 1225 1226 if (register_class == ZYDIS_REGCLASS_GPR8) 1227 { 1228 if ((instruction->attributes & ZYDIS_ATTRIB_HAS_REX) && (register_id >= 4)) 1229 { 1230 operand->reg.value = ZYDIS_REGISTER_SPL + (register_id - 4); 1231 } else 1232 { 1233 operand->reg.value = ZYDIS_REGISTER_AL + register_id; 1234 } 1235 } else 1236 { 1237 operand->reg.value = ZydisRegisterEncode(register_class, register_id); 1238 ZYAN_ASSERT(operand->reg.value); 1239 /*if (!operand->reg.value) 1240 { 1241 return ZYAN_STATUS_BAD_REGISTER; 1242 }*/ 1243 } 1244 1245 return ZYAN_STATUS_SUCCESS; 1246 } 1247 #endif 1248 1249 #ifndef ZYDIS_MINIMAL_MODE 1250 /** 1251 * Decodes a memory operand. 1252 * 1253 * @param context A pointer to the `ZydisDecoderContext` struct. 1254 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 1255 * @param operand A pointer to the `ZydisDecodedOperand` struct. 1256 * @param vidx_register_class The register-class to use as the index register-class for 1257 * instructions with `VSIB` addressing. 1258 * 1259 * @return A zyan status code. 1260 */ 1261 static ZyanStatus ZydisDecodeOperandMemory(const ZydisDecoderContext* context, 1262 const ZydisDecodedInstruction* instruction, ZydisDecodedOperand* operand, 1263 ZydisRegisterClass vidx_register_class) 1264 { 1265 ZYAN_ASSERT(context); 1266 ZYAN_ASSERT(instruction); 1267 ZYAN_ASSERT(operand); 1268 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MODRM); 1269 ZYAN_ASSERT(instruction->raw.modrm.mod != 3); 1270 ZYAN_ASSERT(!vidx_register_class || ((instruction->raw.modrm.rm == 4) && 1271 ((instruction->address_width == 32) || (instruction->address_width == 64)))); 1272 1273 operand->type = ZYDIS_OPERAND_TYPE_MEMORY; 1274 operand->mem.type = ZYDIS_MEMOP_TYPE_MEM; 1275 1276 const ZyanU8 modrm_rm = instruction->raw.modrm.rm; 1277 ZyanU8 displacement_size = 0; 1278 switch (instruction->address_width) 1279 { 1280 case 16: 1281 { 1282 static const ZydisRegister bases[] = 1283 { 1284 ZYDIS_REGISTER_BX, ZYDIS_REGISTER_BX, ZYDIS_REGISTER_BP, ZYDIS_REGISTER_BP, 1285 ZYDIS_REGISTER_SI, ZYDIS_REGISTER_DI, ZYDIS_REGISTER_BP, ZYDIS_REGISTER_BX 1286 }; 1287 static const ZydisRegister indices[] = 1288 { 1289 ZYDIS_REGISTER_SI, ZYDIS_REGISTER_DI, ZYDIS_REGISTER_SI, ZYDIS_REGISTER_DI, 1290 ZYDIS_REGISTER_NONE, ZYDIS_REGISTER_NONE, ZYDIS_REGISTER_NONE, ZYDIS_REGISTER_NONE 1291 }; 1292 operand->mem.base = bases[modrm_rm]; 1293 operand->mem.index = indices[modrm_rm]; 1294 operand->mem.scale = (operand->mem.index == ZYDIS_REGISTER_NONE) ? 0 : 1; 1295 switch (instruction->raw.modrm.mod) 1296 { 1297 case 0: 1298 if (modrm_rm == 6) 1299 { 1300 displacement_size = 16; 1301 operand->mem.base = ZYDIS_REGISTER_NONE; 1302 } 1303 break; 1304 case 1: 1305 displacement_size = 8; 1306 break; 1307 case 2: 1308 displacement_size = 16; 1309 break; 1310 default: 1311 ZYAN_UNREACHABLE; 1312 } 1313 break; 1314 } 1315 case 32: 1316 { 1317 operand->mem.base = ZYDIS_REGISTER_EAX + ZydisCalcRegisterId(context, instruction, 1318 ZYDIS_REG_ENCODING_BASE, ZYDIS_REGCLASS_GPR32); 1319 switch (instruction->raw.modrm.mod) 1320 { 1321 case 0: 1322 if (modrm_rm == 5) 1323 { 1324 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 1325 { 1326 operand->mem.base = ZYDIS_REGISTER_EIP; 1327 } else 1328 { 1329 operand->mem.base = ZYDIS_REGISTER_NONE; 1330 } 1331 displacement_size = 32; 1332 } 1333 break; 1334 case 1: 1335 displacement_size = 8; 1336 break; 1337 case 2: 1338 displacement_size = 32; 1339 break; 1340 default: 1341 ZYAN_UNREACHABLE; 1342 } 1343 if (modrm_rm == 4) 1344 { 1345 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_SIB); 1346 operand->mem.index = 1347 ZydisRegisterEncode(vidx_register_class ? vidx_register_class : ZYDIS_REGCLASS_GPR32, 1348 ZydisCalcRegisterId(context, instruction, 1349 vidx_register_class ? ZYDIS_REG_ENCODING_VIDX : ZYDIS_REG_ENCODING_INDEX, 1350 vidx_register_class ? vidx_register_class : ZYDIS_REGCLASS_GPR32)); 1351 operand->mem.scale = (1 << instruction->raw.sib.scale); 1352 if (operand->mem.index == ZYDIS_REGISTER_ESP) 1353 { 1354 operand->mem.index = ZYDIS_REGISTER_NONE; 1355 operand->mem.scale = 0; 1356 } 1357 if (operand->mem.base == ZYDIS_REGISTER_EBP) 1358 { 1359 if (instruction->raw.modrm.mod == 0) 1360 { 1361 operand->mem.base = ZYDIS_REGISTER_NONE; 1362 } 1363 displacement_size = (instruction->raw.modrm.mod == 1) ? 8 : 32; 1364 } 1365 } else 1366 { 1367 operand->mem.index = ZYDIS_REGISTER_NONE; 1368 operand->mem.scale = 0; 1369 } 1370 break; 1371 } 1372 case 64: 1373 { 1374 operand->mem.base = ZYDIS_REGISTER_RAX + ZydisCalcRegisterId(context, instruction, 1375 ZYDIS_REG_ENCODING_BASE, ZYDIS_REGCLASS_GPR64); 1376 switch (instruction->raw.modrm.mod) 1377 { 1378 case 0: 1379 if (modrm_rm == 5) 1380 { 1381 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 1382 { 1383 operand->mem.base = ZYDIS_REGISTER_RIP; 1384 } else 1385 { 1386 operand->mem.base = ZYDIS_REGISTER_NONE; 1387 } 1388 displacement_size = 32; 1389 } 1390 break; 1391 case 1: 1392 displacement_size = 8; 1393 break; 1394 case 2: 1395 displacement_size = 32; 1396 break; 1397 default: 1398 ZYAN_UNREACHABLE; 1399 } 1400 if ((modrm_rm & 0x07) == 4) 1401 { 1402 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_SIB); 1403 operand->mem.index = 1404 ZydisRegisterEncode(vidx_register_class ? vidx_register_class : ZYDIS_REGCLASS_GPR64, 1405 ZydisCalcRegisterId(context, instruction, 1406 vidx_register_class ? ZYDIS_REG_ENCODING_VIDX : ZYDIS_REG_ENCODING_INDEX, 1407 vidx_register_class ? vidx_register_class : ZYDIS_REGCLASS_GPR64)); 1408 operand->mem.scale = (1 << instruction->raw.sib.scale); 1409 if (operand->mem.index == ZYDIS_REGISTER_RSP) 1410 { 1411 operand->mem.index = ZYDIS_REGISTER_NONE; 1412 operand->mem.scale = 0; 1413 } 1414 if ((operand->mem.base == ZYDIS_REGISTER_RBP) || 1415 (operand->mem.base == ZYDIS_REGISTER_R13)) 1416 { 1417 if (instruction->raw.modrm.mod == 0) 1418 { 1419 operand->mem.base = ZYDIS_REGISTER_NONE; 1420 } 1421 displacement_size = (instruction->raw.modrm.mod == 1) ? 8 : 32; 1422 } 1423 } else 1424 { 1425 operand->mem.index = ZYDIS_REGISTER_NONE; 1426 operand->mem.scale = 0; 1427 } 1428 break; 1429 } 1430 default: 1431 ZYAN_UNREACHABLE; 1432 } 1433 if (displacement_size) 1434 { 1435 ZYAN_ASSERT(instruction->raw.disp.size == displacement_size); 1436 operand->mem.disp.has_displacement = ZYAN_TRUE; 1437 operand->mem.disp.value = instruction->raw.disp.value; 1438 } 1439 return ZYAN_STATUS_SUCCESS; 1440 } 1441 #endif 1442 1443 #ifndef ZYDIS_MINIMAL_MODE 1444 /** 1445 * Decodes an implicit register operand. 1446 * 1447 * @param decoder A pointer to the `ZydisDecoder` instance. 1448 * @param context A pointer to the `ZydisDecoderContext` struct. 1449 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 1450 * @param operand A pointer to the `ZydisDecodedOperand` struct. 1451 * @param definition A pointer to the `ZydisOperandDefinition` struct. 1452 */ 1453 static void ZydisDecodeOperandImplicitRegister(const ZydisDecoder* decoder, 1454 const ZydisDecoderContext* context, const ZydisDecodedInstruction* instruction, 1455 ZydisDecodedOperand* operand, const ZydisOperandDefinition* definition) 1456 { 1457 ZYAN_ASSERT(context); 1458 ZYAN_ASSERT(instruction); 1459 ZYAN_ASSERT(operand); 1460 ZYAN_ASSERT(definition); 1461 1462 operand->type = ZYDIS_OPERAND_TYPE_REGISTER; 1463 1464 switch (definition->op.reg.type) 1465 { 1466 case ZYDIS_IMPLREG_TYPE_STATIC: 1467 operand->reg.value = definition->op.reg.reg.reg; 1468 break; 1469 case ZYDIS_IMPLREG_TYPE_GPR_OSZ: 1470 { 1471 static const ZydisRegisterClass lookup[3] = 1472 { 1473 ZYDIS_REGCLASS_GPR16, 1474 ZYDIS_REGCLASS_GPR32, 1475 ZYDIS_REGCLASS_GPR64 1476 }; 1477 operand->reg.value = 1478 ZydisRegisterEncode(lookup[context->eosz_index], definition->op.reg.reg.id); 1479 break; 1480 } 1481 case ZYDIS_IMPLREG_TYPE_GPR_ASZ: 1482 operand->reg.value = ZydisRegisterEncode( 1483 (instruction->address_width == 16) ? ZYDIS_REGCLASS_GPR16 : 1484 (instruction->address_width == 32) ? ZYDIS_REGCLASS_GPR32 : ZYDIS_REGCLASS_GPR64, 1485 definition->op.reg.reg.id); 1486 break; 1487 case ZYDIS_IMPLREG_TYPE_IP_ASZ: 1488 operand->reg.value = 1489 (instruction->address_width == 16) ? ZYDIS_REGISTER_IP : 1490 (instruction->address_width == 32) ? ZYDIS_REGISTER_EIP : ZYDIS_REGISTER_RIP; 1491 break; 1492 case ZYDIS_IMPLREG_TYPE_GPR_SSZ: 1493 operand->reg.value = ZydisRegisterEncode( 1494 (decoder->stack_width == ZYDIS_STACK_WIDTH_16) ? ZYDIS_REGCLASS_GPR16 : 1495 (decoder->stack_width == ZYDIS_STACK_WIDTH_32) ? ZYDIS_REGCLASS_GPR32 : 1496 ZYDIS_REGCLASS_GPR64, 1497 definition->op.reg.reg.id); 1498 break; 1499 case ZYDIS_IMPLREG_TYPE_IP_SSZ: 1500 operand->reg.value = 1501 (decoder->stack_width == ZYDIS_STACK_WIDTH_16) ? ZYDIS_REGISTER_EIP : 1502 (decoder->stack_width == ZYDIS_STACK_WIDTH_32) ? ZYDIS_REGISTER_EIP : 1503 ZYDIS_REGISTER_RIP; 1504 break; 1505 case ZYDIS_IMPLREG_TYPE_FLAGS_SSZ: 1506 operand->reg.value = 1507 (decoder->stack_width == ZYDIS_STACK_WIDTH_16) ? ZYDIS_REGISTER_FLAGS : 1508 (decoder->stack_width == ZYDIS_STACK_WIDTH_32) ? ZYDIS_REGISTER_EFLAGS : 1509 ZYDIS_REGISTER_RFLAGS; 1510 break; 1511 default: 1512 ZYAN_UNREACHABLE; 1513 } 1514 } 1515 #endif 1516 1517 #ifndef ZYDIS_MINIMAL_MODE 1518 /** 1519 * Decodes an implicit memory operand. 1520 * 1521 * @param decoder A pointer to the `ZydisDecoder` instance. 1522 * @param context A pointer to the `ZydisDecoderContext` struct. 1523 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 1524 * @param operand A pointer to the `ZydisDecodedOperand` struct. 1525 * @param definition A pointer to the `ZydisOperandDefinition` struct. 1526 */ 1527 static void ZydisDecodeOperandImplicitMemory(const ZydisDecoder* decoder, 1528 const ZydisDecoderContext* context, const ZydisDecodedInstruction* instruction, 1529 ZydisDecodedOperand* operand, const ZydisOperandDefinition* definition) 1530 { 1531 ZYAN_ASSERT(context); 1532 ZYAN_ASSERT(operand); 1533 ZYAN_ASSERT(definition); 1534 1535 static const ZydisRegisterClass lookup[3] = 1536 { 1537 ZYDIS_REGCLASS_GPR16, 1538 ZYDIS_REGCLASS_GPR32, 1539 ZYDIS_REGCLASS_GPR64 1540 }; 1541 1542 operand->type = ZYDIS_OPERAND_TYPE_MEMORY; 1543 operand->mem.type = ZYDIS_MEMOP_TYPE_MEM; 1544 1545 switch (definition->op.mem.base) 1546 { 1547 case ZYDIS_IMPLMEM_BASE_AGPR_REG: 1548 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 1549 ZydisCalcRegisterId(context, instruction, ZYDIS_REG_ENCODING_REG, 1550 lookup[context->easz_index])); 1551 break; 1552 case ZYDIS_IMPLMEM_BASE_AGPR_RM: 1553 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 1554 ZydisCalcRegisterId(context, instruction, ZYDIS_REG_ENCODING_RM, 1555 lookup[context->easz_index])); 1556 break; 1557 case ZYDIS_IMPLMEM_BASE_AAX: 1558 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 0); 1559 break; 1560 case ZYDIS_IMPLMEM_BASE_ADX: 1561 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 2); 1562 break; 1563 case ZYDIS_IMPLMEM_BASE_ABX: 1564 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 3); 1565 break; 1566 case ZYDIS_IMPLMEM_BASE_ASI: 1567 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 6); 1568 break; 1569 case ZYDIS_IMPLMEM_BASE_ADI: 1570 operand->mem.base = ZydisRegisterEncode(lookup[context->easz_index], 7); 1571 break; 1572 case ZYDIS_IMPLMEM_BASE_SSP: 1573 operand->mem.base = ZydisRegisterEncode(lookup[decoder->stack_width], 4); 1574 break; 1575 case ZYDIS_IMPLMEM_BASE_SBP: 1576 operand->mem.base = ZydisRegisterEncode(lookup[decoder->stack_width], 5); 1577 break; 1578 default: 1579 ZYAN_UNREACHABLE; 1580 } 1581 1582 if (definition->op.mem.seg) 1583 { 1584 operand->mem.segment = 1585 ZydisRegisterEncode(ZYDIS_REGCLASS_SEGMENT, definition->op.mem.seg - 1); 1586 ZYAN_ASSERT(operand->mem.segment); 1587 } 1588 } 1589 #endif 1590 1591 #ifndef ZYDIS_MINIMAL_MODE 1592 ZyanStatus ZydisDecodeOperands(const ZydisDecoder* decoder, const ZydisDecoderContext* context, 1593 const ZydisDecodedInstruction* instruction, ZydisDecodedOperand* operands, ZyanU8 operand_count) 1594 { 1595 ZYAN_ASSERT(decoder); 1596 ZYAN_ASSERT(context); 1597 ZYAN_ASSERT(context->definition); 1598 ZYAN_ASSERT(instruction); 1599 ZYAN_ASSERT(operands); 1600 ZYAN_ASSERT(operand_count); 1601 ZYAN_ASSERT(operand_count <= instruction->operand_count); 1602 1603 const ZydisInstructionDefinition* definition = context->definition; 1604 const ZydisOperandDefinition* operand = ZydisGetOperandDefinitions(definition); 1605 1606 ZYAN_MEMSET(operands, 0, sizeof(ZydisDecodedOperand) * operand_count); 1607 1608 ZyanU8 imm_id = 0; 1609 for (ZyanU8 i = 0; i < operand_count; ++i) 1610 { 1611 ZydisRegisterClass register_class = ZYDIS_REGCLASS_INVALID; 1612 1613 operands[i].id = i; 1614 operands[i].visibility = operand->visibility; 1615 operands[i].actions = operand->actions; 1616 ZYAN_ASSERT(!(operand->actions & 1617 ZYDIS_OPERAND_ACTION_READ & ZYDIS_OPERAND_ACTION_CONDREAD) || 1618 (operand->actions & ZYDIS_OPERAND_ACTION_READ) ^ 1619 (operand->actions & ZYDIS_OPERAND_ACTION_CONDREAD)); 1620 ZYAN_ASSERT(!(operand->actions & 1621 ZYDIS_OPERAND_ACTION_WRITE & ZYDIS_OPERAND_ACTION_CONDWRITE) || 1622 (operand->actions & ZYDIS_OPERAND_ACTION_WRITE) ^ 1623 (operand->actions & ZYDIS_OPERAND_ACTION_CONDWRITE)); 1624 1625 // Implicit operands 1626 switch (operand->type) 1627 { 1628 case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG: 1629 ZydisDecodeOperandImplicitRegister(decoder, context, instruction, &operands[i], operand); 1630 break; 1631 case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_MEM: 1632 ZydisDecodeOperandImplicitMemory(decoder, context, instruction, &operands[i], operand); 1633 break; 1634 case ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_IMM1: 1635 operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE; 1636 operands[i].size = 8; 1637 operands[i].imm.value.u = 1; 1638 operands[i].imm.is_signed = ZYAN_FALSE; 1639 operands[i].imm.is_relative = ZYAN_FALSE; 1640 break; 1641 default: 1642 break; 1643 } 1644 if (operands[i].type) 1645 { 1646 goto FinalizeOperand; 1647 } 1648 1649 operands[i].encoding = operand->op.encoding; 1650 1651 // Register operands 1652 switch (operand->type) 1653 { 1654 case ZYDIS_SEMANTIC_OPTYPE_GPR8: 1655 register_class = ZYDIS_REGCLASS_GPR8; 1656 break; 1657 case ZYDIS_SEMANTIC_OPTYPE_GPR16: 1658 register_class = ZYDIS_REGCLASS_GPR16; 1659 break; 1660 case ZYDIS_SEMANTIC_OPTYPE_GPR32: 1661 register_class = ZYDIS_REGCLASS_GPR32; 1662 break; 1663 case ZYDIS_SEMANTIC_OPTYPE_GPR64: 1664 register_class = ZYDIS_REGCLASS_GPR64; 1665 break; 1666 case ZYDIS_SEMANTIC_OPTYPE_GPR16_32_64: 1667 ZYAN_ASSERT((instruction->operand_width == 16) || (instruction->operand_width == 32) || 1668 (instruction->operand_width == 64)); 1669 register_class = 1670 (instruction->operand_width == 16) ? ZYDIS_REGCLASS_GPR16 : ( 1671 (instruction->operand_width == 32) ? ZYDIS_REGCLASS_GPR32 : ZYDIS_REGCLASS_GPR64); 1672 break; 1673 case ZYDIS_SEMANTIC_OPTYPE_GPR32_32_64: 1674 ZYAN_ASSERT((instruction->operand_width == 16) || (instruction->operand_width == 32) || 1675 (instruction->operand_width == 64)); 1676 register_class = 1677 (instruction->operand_width == 16) ? ZYDIS_REGCLASS_GPR32 : ( 1678 (instruction->operand_width == 32) ? ZYDIS_REGCLASS_GPR32 : ZYDIS_REGCLASS_GPR64); 1679 break; 1680 case ZYDIS_SEMANTIC_OPTYPE_GPR16_32_32: 1681 ZYAN_ASSERT((instruction->operand_width == 16) || (instruction->operand_width == 32) || 1682 (instruction->operand_width == 64)); 1683 register_class = 1684 (instruction->operand_width == 16) ? ZYDIS_REGCLASS_GPR16 : ZYDIS_REGCLASS_GPR32; 1685 break; 1686 case ZYDIS_SEMANTIC_OPTYPE_GPR_ASZ: 1687 ZYAN_ASSERT((instruction->address_width == 16) || (instruction->address_width == 32) || 1688 (instruction->address_width == 64)); 1689 register_class = 1690 (instruction->address_width == 16) ? ZYDIS_REGCLASS_GPR16 : ( 1691 (instruction->address_width == 32) ? ZYDIS_REGCLASS_GPR32 : ZYDIS_REGCLASS_GPR64); 1692 break; 1693 case ZYDIS_SEMANTIC_OPTYPE_FPR: 1694 register_class = ZYDIS_REGCLASS_X87; 1695 break; 1696 case ZYDIS_SEMANTIC_OPTYPE_MMX: 1697 register_class = ZYDIS_REGCLASS_MMX; 1698 break; 1699 case ZYDIS_SEMANTIC_OPTYPE_XMM: 1700 register_class = ZYDIS_REGCLASS_XMM; 1701 break; 1702 case ZYDIS_SEMANTIC_OPTYPE_YMM: 1703 register_class = ZYDIS_REGCLASS_YMM; 1704 break; 1705 case ZYDIS_SEMANTIC_OPTYPE_ZMM: 1706 register_class = ZYDIS_REGCLASS_ZMM; 1707 break; 1708 case ZYDIS_SEMANTIC_OPTYPE_TMM: 1709 register_class = ZYDIS_REGCLASS_TMM; 1710 break; 1711 case ZYDIS_SEMANTIC_OPTYPE_BND: 1712 register_class = ZYDIS_REGCLASS_BOUND; 1713 break; 1714 case ZYDIS_SEMANTIC_OPTYPE_SREG: 1715 register_class = ZYDIS_REGCLASS_SEGMENT; 1716 break; 1717 case ZYDIS_SEMANTIC_OPTYPE_CR: 1718 register_class = ZYDIS_REGCLASS_CONTROL; 1719 break; 1720 case ZYDIS_SEMANTIC_OPTYPE_DR: 1721 register_class = ZYDIS_REGCLASS_DEBUG; 1722 break; 1723 case ZYDIS_SEMANTIC_OPTYPE_MASK: 1724 register_class = ZYDIS_REGCLASS_MASK; 1725 break; 1726 default: 1727 break; 1728 } 1729 if (register_class) 1730 { 1731 switch (operand->op.encoding) 1732 { 1733 case ZYDIS_OPERAND_ENCODING_MODRM_REG: 1734 ZYAN_CHECK( 1735 ZydisDecodeOperandRegister( 1736 instruction, &operands[i], register_class, 1737 ZydisCalcRegisterId( 1738 context, instruction, ZYDIS_REG_ENCODING_REG, register_class))); 1739 break; 1740 case ZYDIS_OPERAND_ENCODING_MODRM_RM: 1741 ZYAN_CHECK( 1742 ZydisDecodeOperandRegister( 1743 instruction, &operands[i], register_class, 1744 ZydisCalcRegisterId( 1745 context, instruction, ZYDIS_REG_ENCODING_RM, register_class))); 1746 break; 1747 case ZYDIS_OPERAND_ENCODING_OPCODE: 1748 ZYAN_CHECK( 1749 ZydisDecodeOperandRegister( 1750 instruction, &operands[i], register_class, 1751 ZydisCalcRegisterId( 1752 context, instruction, ZYDIS_REG_ENCODING_OPCODE, register_class))); 1753 break; 1754 case ZYDIS_OPERAND_ENCODING_NDSNDD: 1755 ZYAN_CHECK( 1756 ZydisDecodeOperandRegister( 1757 instruction, &operands[i], register_class, 1758 ZydisCalcRegisterId( 1759 context, instruction, ZYDIS_REG_ENCODING_NDSNDD, register_class))); 1760 break; 1761 case ZYDIS_OPERAND_ENCODING_MASK: 1762 ZYAN_CHECK( 1763 ZydisDecodeOperandRegister( 1764 instruction, &operands[i], register_class, 1765 ZydisCalcRegisterId( 1766 context, instruction, ZYDIS_REG_ENCODING_MASK, register_class))); 1767 break; 1768 case ZYDIS_OPERAND_ENCODING_IS4: 1769 ZYAN_CHECK( 1770 ZydisDecodeOperandRegister( 1771 instruction, &operands[i], register_class, 1772 ZydisCalcRegisterId( 1773 context, instruction, ZYDIS_REG_ENCODING_IS4, register_class))); 1774 break; 1775 default: 1776 ZYAN_UNREACHABLE; 1777 } 1778 1779 if (operand->is_multisource4) 1780 { 1781 operands[i].attributes |= ZYDIS_OATTRIB_IS_MULTISOURCE4; 1782 } 1783 1784 goto FinalizeOperand; 1785 } 1786 1787 // Memory operands 1788 switch (operand->type) 1789 { 1790 case ZYDIS_SEMANTIC_OPTYPE_MEM: 1791 ZYAN_CHECK( 1792 ZydisDecodeOperandMemory( 1793 context, instruction, &operands[i], ZYDIS_REGCLASS_INVALID)); 1794 break; 1795 case ZYDIS_SEMANTIC_OPTYPE_MEM_VSIBX: 1796 ZYAN_CHECK( 1797 ZydisDecodeOperandMemory( 1798 context, instruction, &operands[i], ZYDIS_REGCLASS_XMM)); 1799 operands[i].mem.type = ZYDIS_MEMOP_TYPE_VSIB; 1800 break; 1801 case ZYDIS_SEMANTIC_OPTYPE_MEM_VSIBY: 1802 ZYAN_CHECK( 1803 ZydisDecodeOperandMemory( 1804 context, instruction, &operands[i], ZYDIS_REGCLASS_YMM)); 1805 operands[i].mem.type = ZYDIS_MEMOP_TYPE_VSIB; 1806 break; 1807 case ZYDIS_SEMANTIC_OPTYPE_MEM_VSIBZ: 1808 ZYAN_CHECK( 1809 ZydisDecodeOperandMemory( 1810 context, instruction, &operands[i], ZYDIS_REGCLASS_ZMM)); 1811 operands[i].mem.type = ZYDIS_MEMOP_TYPE_VSIB; 1812 break; 1813 case ZYDIS_SEMANTIC_OPTYPE_PTR: 1814 ZYAN_ASSERT((instruction->raw.imm[0].size == 16) || 1815 (instruction->raw.imm[0].size == 32)); 1816 ZYAN_ASSERT(instruction->raw.imm[1].size == 16); 1817 operands[i].type = ZYDIS_OPERAND_TYPE_POINTER; 1818 operands[i].ptr.offset = (ZyanU32)instruction->raw.imm[0].value.u; 1819 operands[i].ptr.segment = (ZyanU16)instruction->raw.imm[1].value.u; 1820 break; 1821 case ZYDIS_SEMANTIC_OPTYPE_AGEN: 1822 operands[i].actions = 0; // TODO: Remove after generator update 1823 ZYAN_CHECK( 1824 ZydisDecodeOperandMemory( 1825 context, instruction, &operands[i], ZYDIS_REGCLASS_INVALID)); 1826 operands[i].mem.type = ZYDIS_MEMOP_TYPE_AGEN; 1827 break; 1828 case ZYDIS_SEMANTIC_OPTYPE_MOFFS: 1829 ZYAN_ASSERT(instruction->raw.disp.size); 1830 operands[i].type = ZYDIS_OPERAND_TYPE_MEMORY; 1831 operands[i].mem.type = ZYDIS_MEMOP_TYPE_MEM; 1832 operands[i].mem.disp.has_displacement = ZYAN_TRUE; 1833 operands[i].mem.disp.value = instruction->raw.disp.value; 1834 break; 1835 case ZYDIS_SEMANTIC_OPTYPE_MIB: 1836 operands[i].actions = 0; // TODO: Remove after generator update 1837 ZYAN_CHECK( 1838 ZydisDecodeOperandMemory( 1839 context, instruction, &operands[i], ZYDIS_REGCLASS_INVALID)); 1840 operands[i].mem.type = ZYDIS_MEMOP_TYPE_MIB; 1841 break; 1842 default: 1843 break; 1844 } 1845 if (operands[i].type) 1846 { 1847 #if !defined(ZYDIS_DISABLE_AVX512) || !defined(ZYDIS_DISABLE_KNC) 1848 // Handle compressed 8-bit displacement 1849 if (((instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || 1850 (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX)) && 1851 (instruction->raw.disp.size == 8)) 1852 { 1853 operands[i].mem.disp.value *= context->cd8_scale; 1854 } 1855 #endif 1856 1857 goto FinalizeOperand; 1858 } 1859 1860 // Immediate operands 1861 switch (operand->type) 1862 { 1863 case ZYDIS_SEMANTIC_OPTYPE_REL: 1864 ZYAN_ASSERT(instruction->raw.imm[imm_id].is_relative); 1865 ZYAN_FALLTHROUGH; 1866 case ZYDIS_SEMANTIC_OPTYPE_IMM: 1867 ZYAN_ASSERT((imm_id == 0) || (imm_id == 1)); 1868 operands[i].type = ZYDIS_OPERAND_TYPE_IMMEDIATE; 1869 operands[i].size = operand->size[context->eosz_index] * 8; 1870 if (operand->op.encoding == ZYDIS_OPERAND_ENCODING_IS4) 1871 { 1872 // The upper half of the 8-bit immediate is used to encode a register specifier 1873 ZYAN_ASSERT(instruction->raw.imm[imm_id].size == 8); 1874 operands[i].imm.value.u = (ZyanU8)instruction->raw.imm[imm_id].value.u & 0x0F; 1875 } 1876 else 1877 { 1878 operands[i].imm.value.u = instruction->raw.imm[imm_id].value.u; 1879 } 1880 operands[i].imm.is_signed = instruction->raw.imm[imm_id].is_signed; 1881 operands[i].imm.is_relative = instruction->raw.imm[imm_id].is_relative; 1882 ++imm_id; 1883 break; 1884 default: 1885 break; 1886 } 1887 ZYAN_ASSERT(operands[i].type == ZYDIS_OPERAND_TYPE_IMMEDIATE); 1888 1889 FinalizeOperand: 1890 // Set segment-register for memory operands 1891 if (operands[i].type == ZYDIS_OPERAND_TYPE_MEMORY) 1892 { 1893 if (!operand->ignore_seg_override && 1894 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_CS) 1895 { 1896 operands[i].mem.segment = ZYDIS_REGISTER_CS; 1897 } 1898 else 1899 if (!operand->ignore_seg_override && 1900 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_SS) 1901 { 1902 operands[i].mem.segment = ZYDIS_REGISTER_SS; 1903 } 1904 else 1905 if (!operand->ignore_seg_override && 1906 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_DS) 1907 { 1908 operands[i].mem.segment = ZYDIS_REGISTER_DS; 1909 } 1910 else 1911 if (!operand->ignore_seg_override && 1912 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_ES) 1913 { 1914 operands[i].mem.segment = ZYDIS_REGISTER_ES; 1915 } 1916 else 1917 if (!operand->ignore_seg_override && 1918 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_FS) 1919 { 1920 operands[i].mem.segment = ZYDIS_REGISTER_FS; 1921 } 1922 else 1923 if (!operand->ignore_seg_override && 1924 instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_GS) 1925 { 1926 operands[i].mem.segment = ZYDIS_REGISTER_GS; 1927 } 1928 else 1929 { 1930 if (operands[i].mem.segment == ZYDIS_REGISTER_NONE) 1931 { 1932 if ((operands[i].mem.base == ZYDIS_REGISTER_RSP) || 1933 (operands[i].mem.base == ZYDIS_REGISTER_RBP) || 1934 (operands[i].mem.base == ZYDIS_REGISTER_ESP) || 1935 (operands[i].mem.base == ZYDIS_REGISTER_EBP) || 1936 (operands[i].mem.base == ZYDIS_REGISTER_SP) || 1937 (operands[i].mem.base == ZYDIS_REGISTER_BP)) 1938 { 1939 operands[i].mem.segment = ZYDIS_REGISTER_SS; 1940 } 1941 else 1942 { 1943 operands[i].mem.segment = ZYDIS_REGISTER_DS; 1944 } 1945 } 1946 } 1947 } 1948 1949 ZydisSetOperandSizeAndElementInfo(context, instruction, &operands[i], operand); 1950 ++operand; 1951 } 1952 1953 #if !defined(ZYDIS_DISABLE_AVX512) || !defined(ZYDIS_DISABLE_KNC) 1954 // Fix operand-action for EVEX/MVEX instructions with merge-mask 1955 if (instruction->avx.mask.mode == ZYDIS_MASK_MODE_MERGING) 1956 { 1957 ZYAN_ASSERT(operand_count >= 1); 1958 switch (operands[0].actions) 1959 { 1960 case ZYDIS_OPERAND_ACTION_WRITE: 1961 if (operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY) 1962 { 1963 operands[0].actions = ZYDIS_OPERAND_ACTION_CONDWRITE; 1964 } 1965 else 1966 { 1967 operands[0].actions = ZYDIS_OPERAND_ACTION_READ_CONDWRITE; 1968 } 1969 break; 1970 case ZYDIS_OPERAND_ACTION_READWRITE: 1971 operands[0].actions = ZYDIS_OPERAND_ACTION_READ_CONDWRITE; 1972 break; 1973 default: 1974 break; 1975 } 1976 } 1977 #endif 1978 1979 return ZYAN_STATUS_SUCCESS; 1980 } 1981 #endif 1982 1983 /* ---------------------------------------------------------------------------------------------- */ 1984 1985 #ifndef ZYDIS_MINIMAL_MODE 1986 /** 1987 * Sets attributes for the given instruction. 1988 * 1989 * @param state A pointer to the `ZydisDecoderState` struct. 1990 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 1991 * @param definition A pointer to the `ZydisInstructionDefinition` struct. 1992 */ 1993 static void ZydisSetAttributes(ZydisDecoderState* state, ZydisDecodedInstruction* instruction, 1994 const ZydisInstructionDefinition* definition) 1995 { 1996 ZYAN_ASSERT(state); 1997 ZYAN_ASSERT(instruction); 1998 ZYAN_ASSERT(definition); 1999 2000 if (definition->cpu_state != ZYDIS_RW_ACTION_NONE) 2001 { 2002 static const ZydisInstructionAttributes mapping[ZYDIS_RW_ACTION_MAX_VALUE + 1] = 2003 { 2004 /* NONE */ 0, 2005 /* READ */ ZYDIS_ATTRIB_CPU_STATE_CR, 2006 /* WRITE */ ZYDIS_ATTRIB_CPU_STATE_CW, 2007 /* READWRITE */ ZYDIS_ATTRIB_CPU_STATE_CR | ZYDIS_ATTRIB_CPU_STATE_CW 2008 }; 2009 ZYAN_ASSERT(definition->cpu_state < ZYAN_ARRAY_LENGTH(mapping)); 2010 instruction->attributes |= mapping[definition->cpu_state]; 2011 } 2012 2013 if (definition->fpu_state != ZYDIS_RW_ACTION_NONE) 2014 { 2015 static const ZydisInstructionAttributes mapping[ZYDIS_RW_ACTION_MAX_VALUE + 1] = 2016 { 2017 /* NONE */ 0, 2018 /* READ */ ZYDIS_ATTRIB_FPU_STATE_CR, 2019 /* WRITE */ ZYDIS_ATTRIB_FPU_STATE_CW, 2020 /* READWRITE */ ZYDIS_ATTRIB_FPU_STATE_CR | ZYDIS_ATTRIB_FPU_STATE_CW 2021 }; 2022 ZYAN_ASSERT(definition->fpu_state < ZYAN_ARRAY_LENGTH(mapping)); 2023 instruction->attributes |= mapping[definition->fpu_state]; 2024 } 2025 2026 if (definition->xmm_state != ZYDIS_RW_ACTION_NONE) 2027 { 2028 static const ZydisInstructionAttributes mapping[ZYDIS_RW_ACTION_MAX_VALUE + 1] = 2029 { 2030 /* NONE */ 0, 2031 /* READ */ ZYDIS_ATTRIB_XMM_STATE_CR, 2032 /* WRITE */ ZYDIS_ATTRIB_XMM_STATE_CW, 2033 /* READWRITE */ ZYDIS_ATTRIB_XMM_STATE_CR | ZYDIS_ATTRIB_XMM_STATE_CW 2034 }; 2035 ZYAN_ASSERT(definition->xmm_state < ZYAN_ARRAY_LENGTH(mapping)); 2036 instruction->attributes |= mapping[definition->xmm_state]; 2037 } 2038 2039 switch (instruction->encoding) 2040 { 2041 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 2042 { 2043 const ZydisInstructionDefinitionLEGACY* def = 2044 (const ZydisInstructionDefinitionLEGACY*)definition; 2045 2046 if (def->is_privileged) 2047 { 2048 instruction->attributes |= ZYDIS_ATTRIB_IS_PRIVILEGED; 2049 } 2050 if (def->accepts_LOCK) 2051 { 2052 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_LOCK; 2053 if (state->prefixes.has_lock) 2054 { 2055 instruction->attributes |= ZYDIS_ATTRIB_HAS_LOCK; 2056 instruction->raw.prefixes[state->prefixes.offset_lock].type = 2057 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2058 } 2059 } 2060 if (def->accepts_REP) 2061 { 2062 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_REP; 2063 } 2064 if (def->accepts_REPEREPZ) 2065 { 2066 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_REPE; 2067 } 2068 if (def->accepts_REPNEREPNZ) 2069 { 2070 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_REPNE; 2071 } 2072 if (def->accepts_BOUND) 2073 { 2074 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_BND; 2075 } 2076 if (def->accepts_XACQUIRE) 2077 { 2078 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_XACQUIRE; 2079 } 2080 if (def->accepts_XRELEASE) 2081 { 2082 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_XRELEASE; 2083 } 2084 if (def->accepts_hle_without_lock) 2085 { 2086 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_HLE_WITHOUT_LOCK; 2087 } 2088 2089 switch (state->prefixes.group1) 2090 { 2091 case 0xF2: 2092 if (instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_REPNE) 2093 { 2094 instruction->attributes |= ZYDIS_ATTRIB_HAS_REPNE; 2095 break; 2096 } 2097 if (instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_XACQUIRE) 2098 { 2099 if ((instruction->attributes & ZYDIS_ATTRIB_HAS_LOCK) || 2100 (def->accepts_hle_without_lock)) 2101 { 2102 instruction->attributes |= ZYDIS_ATTRIB_HAS_XACQUIRE; 2103 break; 2104 } 2105 } 2106 if (state->decoder->decoder_mode[ZYDIS_DECODER_MODE_MPX] && 2107 instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_BND) 2108 { 2109 instruction->attributes |= ZYDIS_ATTRIB_HAS_BND; 2110 break; 2111 } 2112 break; 2113 case 0xF3: 2114 if (instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_REP) 2115 { 2116 instruction->attributes |= ZYDIS_ATTRIB_HAS_REP; 2117 break; 2118 } 2119 if (instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_REPE) 2120 { 2121 instruction->attributes |= ZYDIS_ATTRIB_HAS_REPE; 2122 break; 2123 } 2124 if (instruction->attributes & ZYDIS_ATTRIB_ACCEPTS_XRELEASE) 2125 { 2126 if ((instruction->attributes & ZYDIS_ATTRIB_HAS_LOCK) || 2127 (def->accepts_hle_without_lock)) 2128 { 2129 instruction->attributes |= ZYDIS_ATTRIB_HAS_XRELEASE; 2130 break; 2131 } 2132 } 2133 break; 2134 default: 2135 break; 2136 } 2137 if ((instruction->raw.prefixes[state->prefixes.offset_group1].type == 2138 ZYDIS_PREFIX_TYPE_IGNORED) && 2139 (instruction->attributes & ( 2140 ZYDIS_ATTRIB_HAS_REP | ZYDIS_ATTRIB_HAS_REPE | ZYDIS_ATTRIB_HAS_REPNE | 2141 ZYDIS_ATTRIB_HAS_BND | ZYDIS_ATTRIB_HAS_XACQUIRE | ZYDIS_ATTRIB_HAS_XRELEASE))) 2142 { 2143 instruction->raw.prefixes[state->prefixes.offset_group1].type = 2144 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2145 } 2146 2147 if (def->accepts_branch_hints) 2148 { 2149 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_BRANCH_HINTS; 2150 switch (state->prefixes.group2) 2151 { 2152 case 0x2E: 2153 instruction->attributes |= ZYDIS_ATTRIB_HAS_BRANCH_NOT_TAKEN; 2154 instruction->raw.prefixes[state->prefixes.offset_group2].type = 2155 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2156 break; 2157 case 0x3E: 2158 instruction->attributes |= ZYDIS_ATTRIB_HAS_BRANCH_TAKEN; 2159 instruction->raw.prefixes[state->prefixes.offset_group2].type = 2160 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2161 break; 2162 default: 2163 break; 2164 } 2165 } 2166 2167 if (def->accepts_NOTRACK) 2168 { 2169 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_NOTRACK; 2170 if (state->decoder->decoder_mode[ZYDIS_DECODER_MODE_CET] && 2171 (state->prefixes.offset_notrack >= 0)) 2172 { 2173 instruction->attributes |= ZYDIS_ATTRIB_HAS_NOTRACK; 2174 instruction->raw.prefixes[state->prefixes.offset_notrack].type = 2175 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2176 } 2177 } 2178 2179 if (def->accepts_segment && !def->accepts_branch_hints) 2180 { 2181 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_SEGMENT; 2182 if (state->prefixes.effective_segment && 2183 !(instruction->attributes & ZYDIS_ATTRIB_HAS_NOTRACK)) 2184 { 2185 switch (state->prefixes.effective_segment) 2186 { 2187 case 0x2E: 2188 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_CS; 2189 break; 2190 case 0x36: 2191 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_SS; 2192 break; 2193 case 0x3E: 2194 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_DS; 2195 break; 2196 case 0x26: 2197 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_ES; 2198 break; 2199 case 0x64: 2200 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_FS; 2201 break; 2202 case 0x65: 2203 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_GS; 2204 break; 2205 default: 2206 ZYAN_UNREACHABLE; 2207 } 2208 } 2209 if (instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT) 2210 { 2211 instruction->raw.prefixes[state->prefixes.offset_segment].type = 2212 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2213 } 2214 } 2215 2216 break; 2217 } 2218 case ZYDIS_INSTRUCTION_ENCODING_3DNOW: 2219 case ZYDIS_INSTRUCTION_ENCODING_XOP: 2220 case ZYDIS_INSTRUCTION_ENCODING_VEX: 2221 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 2222 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 2223 if (definition->accepts_segment) 2224 { 2225 instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_SEGMENT; 2226 if (state->prefixes.effective_segment) 2227 { 2228 switch (state->prefixes.effective_segment) 2229 { 2230 case 0x2E: 2231 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_CS; 2232 break; 2233 case 0x36: 2234 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_SS; 2235 break; 2236 case 0x3E: 2237 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_DS; 2238 break; 2239 case 0x26: 2240 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_ES; 2241 break; 2242 case 0x64: 2243 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_FS; 2244 break; 2245 case 0x65: 2246 instruction->attributes |= ZYDIS_ATTRIB_HAS_SEGMENT_GS; 2247 break; 2248 default: 2249 ZYAN_UNREACHABLE; 2250 } 2251 } 2252 if (instruction->attributes & ZYDIS_ATTRIB_HAS_SEGMENT) 2253 { 2254 instruction->raw.prefixes[state->prefixes.offset_segment].type = 2255 ZYDIS_PREFIX_TYPE_EFFECTIVE; 2256 } 2257 } 2258 break; 2259 default: 2260 ZYAN_UNREACHABLE; 2261 } 2262 } 2263 #endif 2264 2265 #ifndef ZYDIS_MINIMAL_MODE 2266 /** 2267 * Sets AVX-specific information for the given instruction. 2268 * 2269 * @param context A pointer to the `ZydisDecoderContext` struct. 2270 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 2271 * @param definition A pointer to the `ZydisInstructionDefinition` struct. 2272 * 2273 * Information set for `XOP`: 2274 * - Vector Length 2275 * 2276 * Information set for `VEX`: 2277 * - Vector length 2278 * - Static broadcast-factor 2279 * 2280 * Information set for `EVEX`: 2281 * - Vector length 2282 * - Broadcast-factor (static and dynamic) 2283 * - Rounding-mode and SAE 2284 * - Mask mode 2285 * - Compressed 8-bit displacement scale-factor 2286 * 2287 * Information set for `MVEX`: 2288 * - Vector length 2289 * - Broadcast-factor (static and dynamic) 2290 * - Rounding-mode and SAE 2291 * - Swizzle- and conversion-mode 2292 * - Mask mode 2293 * - Eviction hint 2294 * - Compressed 8-bit displacement scale-factor 2295 */ 2296 static void ZydisSetAVXInformation(ZydisDecoderContext* context, 2297 ZydisDecodedInstruction* instruction, const ZydisInstructionDefinition* definition) 2298 { 2299 ZYAN_ASSERT(context); 2300 ZYAN_ASSERT(instruction); 2301 ZYAN_ASSERT(definition); 2302 2303 switch (instruction->encoding) 2304 { 2305 case ZYDIS_INSTRUCTION_ENCODING_XOP: 2306 { 2307 // Vector length 2308 static const ZyanU16 lookup[2] = 2309 { 2310 128, 2311 256 2312 }; 2313 ZYAN_ASSERT(context->vector_unified.LL < ZYAN_ARRAY_LENGTH(lookup)); 2314 instruction->avx.vector_length = lookup[context->vector_unified.LL]; 2315 break; 2316 } 2317 case ZYDIS_INSTRUCTION_ENCODING_VEX: 2318 { 2319 // Vector length 2320 static const ZyanU16 lookup[2] = 2321 { 2322 128, 2323 256 2324 }; 2325 ZYAN_ASSERT(context->vector_unified.LL < ZYAN_ARRAY_LENGTH(lookup)); 2326 instruction->avx.vector_length = lookup[context->vector_unified.LL]; 2327 2328 // Static broadcast-factor 2329 const ZydisInstructionDefinitionVEX* def = 2330 (const ZydisInstructionDefinitionVEX*)definition; 2331 if (def->broadcast) 2332 { 2333 instruction->avx.broadcast.is_static = ZYAN_TRUE; 2334 static ZydisBroadcastMode broadcasts[ZYDIS_VEX_STATIC_BROADCAST_MAX_VALUE + 1] = 2335 { 2336 ZYDIS_BROADCAST_MODE_INVALID, 2337 ZYDIS_BROADCAST_MODE_1_TO_2, 2338 ZYDIS_BROADCAST_MODE_1_TO_4, 2339 ZYDIS_BROADCAST_MODE_1_TO_8, 2340 ZYDIS_BROADCAST_MODE_1_TO_16, 2341 ZYDIS_BROADCAST_MODE_1_TO_32, 2342 ZYDIS_BROADCAST_MODE_2_TO_4 2343 }; 2344 instruction->avx.broadcast.mode = broadcasts[def->broadcast]; 2345 } 2346 break; 2347 } 2348 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 2349 { 2350 #ifndef ZYDIS_DISABLE_AVX512 2351 const ZydisInstructionDefinitionEVEX* def = 2352 (const ZydisInstructionDefinitionEVEX*)definition; 2353 2354 // Vector length 2355 ZyanU8 vector_length = context->vector_unified.LL; 2356 if (def->vector_length) 2357 { 2358 vector_length = def->vector_length - 1; 2359 } 2360 static const ZyanU16 lookup[3] = 2361 { 2362 128, 2363 256, 2364 512 2365 }; 2366 ZYAN_ASSERT(vector_length < ZYAN_ARRAY_LENGTH(lookup)); 2367 instruction->avx.vector_length = lookup[vector_length]; 2368 2369 context->evex.tuple_type = def->tuple_type; 2370 if (def->tuple_type) 2371 { 2372 ZYAN_ASSERT(instruction->raw.modrm.mod != 3); 2373 ZYAN_ASSERT(def->element_size); 2374 2375 // Element size 2376 static const ZyanU8 element_sizes[ZYDIS_IELEMENT_SIZE_MAX_VALUE + 1] = 2377 { 2378 0, 8, 16, 32, 64, 128 2379 }; 2380 ZYAN_ASSERT(def->element_size < ZYAN_ARRAY_LENGTH(element_sizes)); 2381 context->evex.element_size = element_sizes[def->element_size]; 2382 2383 // Compressed disp8 scale and broadcast-factor 2384 switch (def->tuple_type) 2385 { 2386 case ZYDIS_TUPLETYPE_FV: 2387 { 2388 const ZyanU8 evex_b = instruction->raw.evex.b; 2389 ZYAN_ASSERT(evex_b < 2); 2390 ZYAN_ASSERT(!evex_b || ((!context->vector_unified.W && (context->evex.element_size == 16 || 2391 context->evex.element_size == 32)) || 2392 ( context->vector_unified.W && context->evex.element_size == 64))); 2393 ZYAN_ASSERT(!evex_b || def->functionality == ZYDIS_EVEX_FUNC_BC); 2394 2395 static const ZyanU8 scales[2][3][3] = 2396 { 2397 /*B0*/ { /*16*/ { 16, 32, 64 }, /*32*/ { 16, 32, 64 }, /*64*/ { 16, 32, 64 } }, 2398 /*B1*/ { /*16*/ { 2, 2, 2 }, /*32*/ { 4, 4, 4 }, /*64*/ { 8, 8, 8 } } 2399 }; 2400 static const ZydisBroadcastMode broadcasts[2][3][3] = 2401 { 2402 /*B0*/ 2403 { 2404 /*16*/ 2405 { 2406 ZYDIS_BROADCAST_MODE_INVALID, 2407 ZYDIS_BROADCAST_MODE_INVALID, 2408 ZYDIS_BROADCAST_MODE_INVALID 2409 }, 2410 /*32*/ 2411 { 2412 ZYDIS_BROADCAST_MODE_INVALID, 2413 ZYDIS_BROADCAST_MODE_INVALID, 2414 ZYDIS_BROADCAST_MODE_INVALID 2415 }, 2416 /*64*/ 2417 { 2418 ZYDIS_BROADCAST_MODE_INVALID, 2419 ZYDIS_BROADCAST_MODE_INVALID, 2420 ZYDIS_BROADCAST_MODE_INVALID 2421 } 2422 }, 2423 /*B1*/ 2424 { 2425 /*16*/ 2426 { 2427 ZYDIS_BROADCAST_MODE_1_TO_8, 2428 ZYDIS_BROADCAST_MODE_1_TO_16, 2429 ZYDIS_BROADCAST_MODE_1_TO_32 2430 }, 2431 /*32*/ 2432 { 2433 ZYDIS_BROADCAST_MODE_1_TO_4, 2434 ZYDIS_BROADCAST_MODE_1_TO_8, 2435 ZYDIS_BROADCAST_MODE_1_TO_16 2436 }, 2437 /*64*/ 2438 { 2439 ZYDIS_BROADCAST_MODE_1_TO_2, 2440 ZYDIS_BROADCAST_MODE_1_TO_4, 2441 ZYDIS_BROADCAST_MODE_1_TO_8 2442 } 2443 } 2444 }; 2445 2446 const ZyanU8 size_index = context->evex.element_size >> 5; 2447 ZYAN_ASSERT(size_index < 3); 2448 2449 context->cd8_scale = scales[evex_b][size_index][vector_length]; 2450 instruction->avx.broadcast.mode = broadcasts[evex_b][size_index][vector_length]; 2451 break; 2452 } 2453 case ZYDIS_TUPLETYPE_HV: 2454 { 2455 const ZyanU8 evex_b = instruction->raw.evex.b; 2456 ZYAN_ASSERT(evex_b < 2); 2457 ZYAN_ASSERT(!context->vector_unified.W); 2458 ZYAN_ASSERT((context->evex.element_size == 16) || 2459 (context->evex.element_size == 32)); 2460 ZYAN_ASSERT(!evex_b || def->functionality == ZYDIS_EVEX_FUNC_BC); 2461 2462 static const ZyanU8 scales[2][2][3] = 2463 { 2464 /*B0*/ { /*16*/ { 8, 16, 32 }, /*32*/ { 8, 16, 32 } }, 2465 /*B1*/ { /*16*/ { 2, 2, 2 }, /*32*/ { 4, 4, 4 } } 2466 }; 2467 static const ZydisBroadcastMode broadcasts[2][2][3] = 2468 { 2469 /*B0*/ 2470 { 2471 /*16*/ 2472 { 2473 ZYDIS_BROADCAST_MODE_INVALID, 2474 ZYDIS_BROADCAST_MODE_INVALID, 2475 ZYDIS_BROADCAST_MODE_INVALID 2476 }, 2477 /*32*/ 2478 { 2479 ZYDIS_BROADCAST_MODE_INVALID, 2480 ZYDIS_BROADCAST_MODE_INVALID, 2481 ZYDIS_BROADCAST_MODE_INVALID 2482 } 2483 }, 2484 /*B1*/ 2485 { 2486 /*16*/ 2487 { 2488 ZYDIS_BROADCAST_MODE_1_TO_4, 2489 ZYDIS_BROADCAST_MODE_1_TO_8, 2490 ZYDIS_BROADCAST_MODE_1_TO_16 2491 }, 2492 /*32*/ 2493 { 2494 ZYDIS_BROADCAST_MODE_1_TO_2, 2495 ZYDIS_BROADCAST_MODE_1_TO_4, 2496 ZYDIS_BROADCAST_MODE_1_TO_8 2497 } 2498 } 2499 }; 2500 2501 const ZyanU8 size_index = context->evex.element_size >> 5; 2502 ZYAN_ASSERT(size_index < 3); 2503 2504 context->cd8_scale = scales[evex_b][size_index][vector_length]; 2505 instruction->avx.broadcast.mode = broadcasts[evex_b][size_index][vector_length]; 2506 break; 2507 } 2508 case ZYDIS_TUPLETYPE_FVM: 2509 { 2510 static const ZyanU8 scales[3] = 2511 { 2512 16, 32, 64 2513 }; 2514 context->cd8_scale = scales[vector_length]; 2515 break; 2516 } 2517 case ZYDIS_TUPLETYPE_GSCAT: 2518 switch (context->vector_unified.W) 2519 { 2520 case 0: 2521 ZYAN_ASSERT(context->evex.element_size == 32); 2522 break; 2523 case 1: 2524 ZYAN_ASSERT(context->evex.element_size == 64); 2525 break; 2526 default: 2527 ZYAN_UNREACHABLE; 2528 } 2529 ZYAN_FALLTHROUGH; 2530 case ZYDIS_TUPLETYPE_T1S: 2531 { 2532 static const ZyanU8 scales[6] = 2533 { 2534 /* */ 0, 2535 /* 8*/ 1, 2536 /* 16*/ 2, 2537 /* 32*/ 4, 2538 /* 64*/ 8, 2539 /*128*/ 16, 2540 }; 2541 ZYAN_ASSERT(def->element_size < ZYAN_ARRAY_LENGTH(scales)); 2542 context->cd8_scale = scales[def->element_size]; 2543 break; 2544 }; 2545 case ZYDIS_TUPLETYPE_T1F: 2546 { 2547 static const ZyanU8 scales[3] = 2548 { 2549 /* 16*/ 2, 2550 /* 32*/ 4, 2551 /* 64*/ 8 2552 }; 2553 2554 const ZyanU8 size_index = context->evex.element_size >> 5; 2555 ZYAN_ASSERT(size_index < 3); 2556 2557 context->cd8_scale = scales[size_index]; 2558 break; 2559 } 2560 case ZYDIS_TUPLETYPE_T1_4X: 2561 ZYAN_ASSERT(context->evex.element_size == 32); 2562 ZYAN_ASSERT(context->vector_unified.W == 0); 2563 context->cd8_scale = 16; 2564 break; 2565 case ZYDIS_TUPLETYPE_T2: 2566 switch (context->vector_unified.W) 2567 { 2568 case 0: 2569 ZYAN_ASSERT(context->evex.element_size == 32); 2570 context->cd8_scale = 8; 2571 break; 2572 case 1: 2573 ZYAN_ASSERT(context->evex.element_size == 64); 2574 ZYAN_ASSERT((instruction->avx.vector_length == 256) || 2575 (instruction->avx.vector_length == 512)); 2576 context->cd8_scale = 16; 2577 break; 2578 default: 2579 ZYAN_UNREACHABLE; 2580 } 2581 break; 2582 case ZYDIS_TUPLETYPE_T4: 2583 switch (context->vector_unified.W) 2584 { 2585 case 0: 2586 ZYAN_ASSERT(context->evex.element_size == 32); 2587 ZYAN_ASSERT((instruction->avx.vector_length == 256) || 2588 (instruction->avx.vector_length == 512)); 2589 context->cd8_scale = 16; 2590 break; 2591 case 1: 2592 ZYAN_ASSERT(context->evex.element_size == 64); 2593 ZYAN_ASSERT(instruction->avx.vector_length == 512); 2594 context->cd8_scale = 32; 2595 break; 2596 default: 2597 ZYAN_UNREACHABLE; 2598 } 2599 break; 2600 case ZYDIS_TUPLETYPE_T8: 2601 ZYAN_ASSERT(!context->vector_unified.W); 2602 ZYAN_ASSERT(instruction->avx.vector_length == 512); 2603 ZYAN_ASSERT(context->evex.element_size == 32); 2604 context->cd8_scale = 32; 2605 break; 2606 case ZYDIS_TUPLETYPE_HVM: 2607 { 2608 static const ZyanU8 scales[3] = 2609 { 2610 8, 16, 32 2611 }; 2612 context->cd8_scale = scales[vector_length]; 2613 break; 2614 } 2615 case ZYDIS_TUPLETYPE_QVM: 2616 { 2617 static const ZyanU8 scales[3] = 2618 { 2619 4, 8, 16 2620 }; 2621 context->cd8_scale = scales[vector_length]; 2622 break; 2623 } 2624 case ZYDIS_TUPLETYPE_OVM: 2625 { 2626 static const ZyanU8 scales[3] = 2627 { 2628 2, 4, 8 2629 }; 2630 context->cd8_scale = scales[vector_length]; 2631 break; 2632 } 2633 case ZYDIS_TUPLETYPE_M128: 2634 context->cd8_scale = 16; 2635 break; 2636 case ZYDIS_TUPLETYPE_DUP: 2637 { 2638 static const ZyanU8 scales[3] = 2639 { 2640 8, 32, 64 2641 }; 2642 context->cd8_scale = scales[vector_length]; 2643 break; 2644 } 2645 case ZYDIS_TUPLETYPE_QUARTER: 2646 { 2647 const ZyanU8 evex_b = instruction->raw.evex.b; 2648 ZYAN_ASSERT(evex_b < 2); 2649 ZYAN_ASSERT(!context->vector_unified.W); 2650 ZYAN_ASSERT(context->evex.element_size == 16); 2651 ZYAN_ASSERT(!evex_b || def->functionality == ZYDIS_EVEX_FUNC_BC); 2652 2653 static const ZyanU8 scales[2][3] = 2654 { 2655 /*B0*/ { 4, 8, 16 }, 2656 /*B1*/ { 2, 2, 2 } 2657 }; 2658 static const ZydisBroadcastMode broadcasts[2][3] = 2659 { 2660 /*B0*/ 2661 { 2662 ZYDIS_BROADCAST_MODE_INVALID, 2663 ZYDIS_BROADCAST_MODE_INVALID, 2664 ZYDIS_BROADCAST_MODE_INVALID 2665 }, 2666 /*B1*/ 2667 { 2668 ZYDIS_BROADCAST_MODE_1_TO_2, 2669 ZYDIS_BROADCAST_MODE_1_TO_4, 2670 ZYDIS_BROADCAST_MODE_1_TO_8 2671 } 2672 }; 2673 context->cd8_scale = scales[evex_b][vector_length]; 2674 instruction->avx.broadcast.mode = broadcasts[evex_b][vector_length]; 2675 break; 2676 } 2677 default: 2678 ZYAN_UNREACHABLE; 2679 } 2680 } else 2681 { 2682 ZYAN_ASSERT(instruction->raw.modrm.mod == 3); 2683 } 2684 2685 // Static broadcast-factor 2686 if (def->broadcast) 2687 { 2688 ZYAN_ASSERT(!instruction->avx.broadcast.mode); 2689 instruction->avx.broadcast.is_static = ZYAN_TRUE; 2690 static const ZydisBroadcastMode broadcasts[ZYDIS_EVEX_STATIC_BROADCAST_MAX_VALUE + 1] = 2691 { 2692 ZYDIS_BROADCAST_MODE_INVALID, 2693 ZYDIS_BROADCAST_MODE_1_TO_2, 2694 ZYDIS_BROADCAST_MODE_1_TO_4, 2695 ZYDIS_BROADCAST_MODE_1_TO_8, 2696 ZYDIS_BROADCAST_MODE_1_TO_16, 2697 ZYDIS_BROADCAST_MODE_1_TO_32, 2698 ZYDIS_BROADCAST_MODE_1_TO_64, 2699 ZYDIS_BROADCAST_MODE_2_TO_4, 2700 ZYDIS_BROADCAST_MODE_2_TO_8, 2701 ZYDIS_BROADCAST_MODE_2_TO_16, 2702 ZYDIS_BROADCAST_MODE_4_TO_8, 2703 ZYDIS_BROADCAST_MODE_4_TO_16, 2704 ZYDIS_BROADCAST_MODE_8_TO_16 2705 }; 2706 ZYAN_ASSERT(def->broadcast < ZYAN_ARRAY_LENGTH(broadcasts)); 2707 instruction->avx.broadcast.mode = broadcasts[def->broadcast]; 2708 } 2709 2710 // Rounding mode and SAE 2711 if (instruction->raw.evex.b) 2712 { 2713 switch (def->functionality) 2714 { 2715 case ZYDIS_EVEX_FUNC_INVALID: 2716 case ZYDIS_EVEX_FUNC_BC: 2717 // Noting to do here 2718 break; 2719 case ZYDIS_EVEX_FUNC_RC: 2720 instruction->avx.rounding.mode = ZYDIS_ROUNDING_MODE_RN + context->vector_unified.LL; 2721 ZYAN_FALLTHROUGH; 2722 case ZYDIS_EVEX_FUNC_SAE: 2723 instruction->avx.has_sae = ZYAN_TRUE; 2724 break; 2725 default: 2726 ZYAN_UNREACHABLE; 2727 } 2728 } 2729 2730 // Mask 2731 instruction->avx.mask.reg = ZYDIS_REGISTER_K0 + instruction->raw.evex.aaa; 2732 switch (def->mask_override) 2733 { 2734 case ZYDIS_MASK_OVERRIDE_DEFAULT: 2735 instruction->avx.mask.mode = ZYDIS_MASK_MODE_MERGING + instruction->raw.evex.z; 2736 break; 2737 case ZYDIS_MASK_OVERRIDE_ZEROING: 2738 instruction->avx.mask.mode = ZYDIS_MASK_MODE_ZEROING; 2739 break; 2740 case ZYDIS_MASK_OVERRIDE_CONTROL: 2741 instruction->avx.mask.mode = ZYDIS_MASK_MODE_CONTROL + instruction->raw.evex.z; 2742 break; 2743 default: 2744 ZYAN_UNREACHABLE; 2745 } 2746 if (!instruction->raw.evex.aaa) 2747 { 2748 instruction->avx.mask.mode = ZYDIS_MASK_MODE_DISABLED; 2749 } 2750 #else 2751 ZYAN_UNREACHABLE; 2752 #endif 2753 break; 2754 } 2755 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 2756 { 2757 #ifndef ZYDIS_DISABLE_KNC 2758 // Vector length 2759 instruction->avx.vector_length = 512; 2760 2761 const ZydisInstructionDefinitionMVEX* def = 2762 (const ZydisInstructionDefinitionMVEX*)definition; 2763 2764 // Static broadcast-factor 2765 ZyanU8 index = def->has_element_granularity; 2766 ZYAN_ASSERT(!index || !def->broadcast); 2767 if (!index && def->broadcast) 2768 { 2769 instruction->avx.broadcast.is_static = ZYAN_TRUE; 2770 switch (def->broadcast) 2771 { 2772 case ZYDIS_MVEX_STATIC_BROADCAST_1_TO_8: 2773 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_1_TO_8; 2774 index = 1; 2775 break; 2776 case ZYDIS_MVEX_STATIC_BROADCAST_1_TO_16: 2777 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_1_TO_16; 2778 index = 1; 2779 break; 2780 case ZYDIS_MVEX_STATIC_BROADCAST_4_TO_8: 2781 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_4_TO_8; 2782 index = 2; 2783 break; 2784 case ZYDIS_MVEX_STATIC_BROADCAST_4_TO_16: 2785 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_4_TO_16; 2786 index = 2; 2787 break; 2788 default: 2789 ZYAN_UNREACHABLE; 2790 } 2791 } 2792 2793 // Compressed disp8 scale and broadcast-factor 2794 switch (def->functionality) 2795 { 2796 case ZYDIS_MVEX_FUNC_IGNORED: 2797 case ZYDIS_MVEX_FUNC_INVALID: 2798 case ZYDIS_MVEX_FUNC_RC: 2799 case ZYDIS_MVEX_FUNC_SAE: 2800 case ZYDIS_MVEX_FUNC_SWIZZLE_32: 2801 case ZYDIS_MVEX_FUNC_SWIZZLE_64: 2802 // Nothing to do here 2803 break; 2804 case ZYDIS_MVEX_FUNC_F_32: 2805 case ZYDIS_MVEX_FUNC_I_32: 2806 case ZYDIS_MVEX_FUNC_F_64: 2807 case ZYDIS_MVEX_FUNC_I_64: 2808 context->cd8_scale = 64; 2809 break; 2810 case ZYDIS_MVEX_FUNC_SF_32: 2811 case ZYDIS_MVEX_FUNC_SF_32_BCST: 2812 case ZYDIS_MVEX_FUNC_SF_32_BCST_4TO16: 2813 case ZYDIS_MVEX_FUNC_UF_32: 2814 { 2815 static const ZyanU8 lookup[3][8] = 2816 { 2817 { 64, 4, 16, 32, 16, 16, 32, 32 }, 2818 { 4, 0, 0, 2, 1, 1, 2, 2 }, 2819 { 16, 0, 0, 8, 4, 4, 8, 8 } 2820 }; 2821 ZYAN_ASSERT(instruction->raw.mvex.SSS < ZYAN_ARRAY_LENGTH(lookup[index])); 2822 context->cd8_scale = lookup[index][instruction->raw.mvex.SSS]; 2823 break; 2824 } 2825 case ZYDIS_MVEX_FUNC_SI_32: 2826 case ZYDIS_MVEX_FUNC_UI_32: 2827 case ZYDIS_MVEX_FUNC_SI_32_BCST: 2828 case ZYDIS_MVEX_FUNC_SI_32_BCST_4TO16: 2829 { 2830 static const ZyanU8 lookup[3][8] = 2831 { 2832 { 64, 4, 16, 0, 16, 16, 32, 32 }, 2833 { 4, 0, 0, 0, 1, 1, 2, 2 }, 2834 { 16, 0, 0, 0, 4, 4, 8, 8 } 2835 }; 2836 ZYAN_ASSERT(instruction->raw.mvex.SSS < ZYAN_ARRAY_LENGTH(lookup[index])); 2837 context->cd8_scale = lookup[index][instruction->raw.mvex.SSS]; 2838 break; 2839 } 2840 case ZYDIS_MVEX_FUNC_SF_64: 2841 case ZYDIS_MVEX_FUNC_UF_64: 2842 case ZYDIS_MVEX_FUNC_SI_64: 2843 case ZYDIS_MVEX_FUNC_UI_64: 2844 { 2845 static const ZyanU8 lookup[3][3] = 2846 { 2847 { 64, 8, 32 }, 2848 { 8, 0, 0 }, 2849 { 32, 0, 0 } 2850 }; 2851 ZYAN_ASSERT(instruction->raw.mvex.SSS < ZYAN_ARRAY_LENGTH(lookup[index])); 2852 context->cd8_scale = lookup[index][instruction->raw.mvex.SSS]; 2853 break; 2854 } 2855 case ZYDIS_MVEX_FUNC_DF_32: 2856 case ZYDIS_MVEX_FUNC_DI_32: 2857 { 2858 static const ZyanU8 lookup[2][8] = 2859 { 2860 { 64, 0, 0, 32, 16, 16, 32, 32 }, 2861 { 4, 0, 0, 2, 1, 1, 2, 2 } 2862 }; 2863 ZYAN_ASSERT(index < 2); 2864 ZYAN_ASSERT(instruction->raw.mvex.SSS < ZYAN_ARRAY_LENGTH(lookup[index])); 2865 context->cd8_scale = lookup[index][instruction->raw.mvex.SSS]; 2866 break; 2867 } 2868 case ZYDIS_MVEX_FUNC_DF_64: 2869 case ZYDIS_MVEX_FUNC_DI_64: 2870 { 2871 static const ZyanU8 lookup[2][1] = 2872 { 2873 { 64 }, 2874 { 8 } 2875 }; 2876 ZYAN_ASSERT(index < 2); 2877 ZYAN_ASSERT(instruction->raw.mvex.SSS < ZYAN_ARRAY_LENGTH(lookup[index])); 2878 context->cd8_scale = lookup[index][instruction->raw.mvex.SSS]; 2879 break; 2880 } 2881 default: 2882 ZYAN_UNREACHABLE; 2883 } 2884 2885 // Rounding mode, sae, swizzle, convert 2886 context->mvex.functionality = def->functionality; 2887 switch (def->functionality) 2888 { 2889 case ZYDIS_MVEX_FUNC_IGNORED: 2890 case ZYDIS_MVEX_FUNC_INVALID: 2891 case ZYDIS_MVEX_FUNC_F_32: 2892 case ZYDIS_MVEX_FUNC_I_32: 2893 case ZYDIS_MVEX_FUNC_F_64: 2894 case ZYDIS_MVEX_FUNC_I_64: 2895 // Nothing to do here 2896 break; 2897 case ZYDIS_MVEX_FUNC_RC: 2898 instruction->avx.rounding.mode = ZYDIS_ROUNDING_MODE_RN + (instruction->raw.mvex.SSS & 3); 2899 ZYAN_FALLTHROUGH; 2900 case ZYDIS_MVEX_FUNC_SAE: 2901 if (instruction->raw.mvex.SSS >= 4) 2902 { 2903 instruction->avx.has_sae = ZYAN_TRUE; 2904 } 2905 break; 2906 case ZYDIS_MVEX_FUNC_SWIZZLE_32: 2907 case ZYDIS_MVEX_FUNC_SWIZZLE_64: 2908 instruction->avx.swizzle.mode = ZYDIS_SWIZZLE_MODE_DCBA + instruction->raw.mvex.SSS; 2909 break; 2910 case ZYDIS_MVEX_FUNC_SF_32: 2911 case ZYDIS_MVEX_FUNC_SF_32_BCST: 2912 case ZYDIS_MVEX_FUNC_SF_32_BCST_4TO16: 2913 switch (instruction->raw.mvex.SSS) 2914 { 2915 case 0: 2916 break; 2917 case 1: 2918 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_1_TO_16; 2919 break; 2920 case 2: 2921 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_4_TO_16; 2922 break; 2923 case 3: 2924 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_FLOAT16; 2925 break; 2926 case 4: 2927 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT8; 2928 break; 2929 case 5: 2930 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT8; 2931 break; 2932 case 6: 2933 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT16; 2934 break; 2935 case 7: 2936 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT16; 2937 break; 2938 default: 2939 ZYAN_UNREACHABLE; 2940 } 2941 break; 2942 case ZYDIS_MVEX_FUNC_SI_32: 2943 case ZYDIS_MVEX_FUNC_SI_32_BCST: 2944 case ZYDIS_MVEX_FUNC_SI_32_BCST_4TO16: 2945 switch (instruction->raw.mvex.SSS) 2946 { 2947 case 0: 2948 break; 2949 case 1: 2950 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_1_TO_16; 2951 break; 2952 case 2: 2953 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_4_TO_16; 2954 break; 2955 case 4: 2956 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT8; 2957 break; 2958 case 5: 2959 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT8; 2960 break; 2961 case 6: 2962 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT16; 2963 break; 2964 case 7: 2965 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT16; 2966 break; 2967 default: 2968 ZYAN_UNREACHABLE; 2969 } 2970 break; 2971 case ZYDIS_MVEX_FUNC_SF_64: 2972 case ZYDIS_MVEX_FUNC_SI_64: 2973 switch (instruction->raw.mvex.SSS) 2974 { 2975 case 0: 2976 break; 2977 case 1: 2978 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_1_TO_8; 2979 break; 2980 case 2: 2981 instruction->avx.broadcast.mode = ZYDIS_BROADCAST_MODE_4_TO_8; 2982 break; 2983 default: 2984 ZYAN_UNREACHABLE; 2985 } 2986 break; 2987 case ZYDIS_MVEX_FUNC_UF_32: 2988 case ZYDIS_MVEX_FUNC_DF_32: 2989 switch (instruction->raw.mvex.SSS) 2990 { 2991 case 0: 2992 break; 2993 case 3: 2994 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_FLOAT16; 2995 break; 2996 case 4: 2997 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT8; 2998 break; 2999 case 5: 3000 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT8; 3001 break; 3002 case 6: 3003 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT16; 3004 break; 3005 case 7: 3006 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT16; 3007 break; 3008 default: 3009 ZYAN_UNREACHABLE; 3010 } 3011 break; 3012 case ZYDIS_MVEX_FUNC_UF_64: 3013 case ZYDIS_MVEX_FUNC_DF_64: 3014 break; 3015 case ZYDIS_MVEX_FUNC_UI_32: 3016 case ZYDIS_MVEX_FUNC_DI_32: 3017 switch (instruction->raw.mvex.SSS) 3018 { 3019 case 0: 3020 break; 3021 case 4: 3022 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT8; 3023 break; 3024 case 5: 3025 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT8; 3026 break; 3027 case 6: 3028 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_UINT16; 3029 break; 3030 case 7: 3031 instruction->avx.conversion.mode = ZYDIS_CONVERSION_MODE_SINT16; 3032 break; 3033 default: 3034 ZYAN_UNREACHABLE; 3035 } 3036 break; 3037 case ZYDIS_MVEX_FUNC_UI_64: 3038 case ZYDIS_MVEX_FUNC_DI_64: 3039 break; 3040 default: 3041 ZYAN_UNREACHABLE; 3042 } 3043 3044 // Eviction hint 3045 if ((instruction->raw.modrm.mod != 3) && instruction->raw.mvex.E) 3046 { 3047 instruction->avx.has_eviction_hint = ZYAN_TRUE; 3048 } 3049 3050 // Mask 3051 instruction->avx.mask.mode = ZYDIS_MASK_MODE_MERGING; 3052 instruction->avx.mask.reg = ZYDIS_REGISTER_K0 + instruction->raw.mvex.kkk; 3053 #else 3054 ZYAN_UNREACHABLE; 3055 #endif 3056 break; 3057 } 3058 default: 3059 // Nothing to do here 3060 break; 3061 } 3062 } 3063 #endif 3064 3065 /* ---------------------------------------------------------------------------------------------- */ 3066 /* Physical instruction decoding */ 3067 /* ---------------------------------------------------------------------------------------------- */ 3068 3069 /** 3070 * Collects optional instruction prefixes. 3071 * 3072 * @param state A pointer to the `ZydisDecoderState` struct. 3073 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 3074 * 3075 * @return A zyan status code. 3076 * 3077 * This function sets the corresponding flag for each prefix and automatically decodes the last 3078 * `REX`-prefix (if exists). 3079 */ 3080 static ZyanStatus ZydisCollectOptionalPrefixes(ZydisDecoderState* state, 3081 ZydisDecodedInstruction* instruction) 3082 { 3083 ZYAN_ASSERT(state); 3084 ZYAN_ASSERT(instruction); 3085 ZYAN_ASSERT(instruction->raw.prefix_count == 0); 3086 3087 ZyanU8 rex = 0x00; 3088 ZyanU8 offset = 0; 3089 ZyanBool done = ZYAN_FALSE; 3090 do 3091 { 3092 ZyanU8 prefix_byte; 3093 ZYAN_CHECK(ZydisInputPeek(state, instruction, &prefix_byte)); 3094 switch (prefix_byte) 3095 { 3096 case 0xF0: 3097 state->prefixes.has_lock = ZYAN_TRUE; 3098 state->prefixes.offset_lock = offset; 3099 break; 3100 case 0xF2: 3101 ZYAN_FALLTHROUGH; 3102 case 0xF3: 3103 state->prefixes.group1 = prefix_byte; 3104 state->prefixes.mandatory_candidate = prefix_byte; 3105 state->prefixes.offset_group1 = offset; 3106 state->prefixes.offset_mandatory = offset; 3107 break; 3108 case 0x2E: 3109 ZYAN_FALLTHROUGH; 3110 case 0x36: 3111 ZYAN_FALLTHROUGH; 3112 case 0x3E: 3113 ZYAN_FALLTHROUGH; 3114 case 0x26: 3115 if (state->decoder->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 3116 { 3117 if ((prefix_byte == 0x3E) && 3118 (state->prefixes.effective_segment != 0x64) && 3119 (state->prefixes.effective_segment != 0x65)) 3120 { 3121 state->prefixes.offset_notrack = offset; 3122 } 3123 state->prefixes.group2 = prefix_byte; 3124 state->prefixes.offset_group2 = offset; 3125 break; 3126 } 3127 ZYAN_FALLTHROUGH; 3128 case 0x64: 3129 ZYAN_FALLTHROUGH; 3130 case 0x65: 3131 state->prefixes.group2 = prefix_byte; 3132 state->prefixes.offset_group2 = offset; 3133 state->prefixes.effective_segment = prefix_byte; 3134 state->prefixes.offset_segment = offset; 3135 state->prefixes.offset_notrack = -1; 3136 break; 3137 case 0x66: 3138 // context->prefixes.has_osz_override = ZYAN_TRUE; 3139 state->prefixes.offset_osz_override = offset; 3140 if (!state->prefixes.mandatory_candidate) 3141 { 3142 state->prefixes.mandatory_candidate = 0x66; 3143 state->prefixes.offset_mandatory = offset; 3144 } 3145 instruction->attributes |= ZYDIS_ATTRIB_HAS_OPERANDSIZE; 3146 break; 3147 case 0x67: 3148 // context->prefixes.has_asz_override = ZYAN_TRUE; 3149 state->prefixes.offset_asz_override = offset; 3150 instruction->attributes |= ZYDIS_ATTRIB_HAS_ADDRESSSIZE; 3151 break; 3152 default: 3153 if ((state->decoder->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) && 3154 (prefix_byte & 0xF0) == 0x40) 3155 { 3156 rex = prefix_byte; 3157 instruction->raw.rex.offset = offset; 3158 } else 3159 { 3160 done = ZYAN_TRUE; 3161 } 3162 break; 3163 } 3164 if (!done) 3165 { 3166 // Invalidate `REX`, if it's not the last legacy prefix 3167 if (rex && (rex != prefix_byte)) 3168 { 3169 rex = 0x00; 3170 instruction->raw.rex.offset = 0; 3171 } 3172 instruction->raw.prefixes[instruction->raw.prefix_count++].value = prefix_byte; 3173 ZydisInputSkip(state, instruction); 3174 ++offset; 3175 } 3176 } while (!done); 3177 3178 if (instruction->attributes & ZYDIS_ATTRIB_HAS_OPERANDSIZE) 3179 { 3180 instruction->raw.prefixes[state->prefixes.offset_osz_override].type = 3181 ZYDIS_PREFIX_TYPE_EFFECTIVE; 3182 } 3183 if (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) 3184 { 3185 instruction->raw.prefixes[state->prefixes.offset_asz_override].type = 3186 ZYDIS_PREFIX_TYPE_EFFECTIVE; 3187 } 3188 if (rex) 3189 { 3190 instruction->raw.prefixes[instruction->raw.rex.offset].type = ZYDIS_PREFIX_TYPE_EFFECTIVE; 3191 ZydisDecodeREX(state->context, instruction, rex); 3192 } 3193 if ((state->decoder->machine_mode != ZYDIS_MACHINE_MODE_LONG_64) && 3194 (state->prefixes.group2 == 0x3E)) 3195 { 3196 state->prefixes.offset_notrack = state->prefixes.offset_group2; 3197 } 3198 3199 return ZYAN_STATUS_SUCCESS; 3200 } 3201 3202 /** 3203 * Decodes optional instruction parts like the ModRM byte, the SIB byte and 3204 * additional displacements and/or immediate values. 3205 * 3206 * @param state A pointer to the `ZydisDecoderState` struct. 3207 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 3208 * @param info A pointer to the `ZydisInstructionEncodingInfo` struct. 3209 * 3210 * @return A zyan status code. 3211 */ 3212 static ZyanStatus ZydisDecodeOptionalInstructionParts(ZydisDecoderState* state, 3213 ZydisDecodedInstruction* instruction, const ZydisInstructionEncodingInfo* info) 3214 { 3215 ZYAN_ASSERT(state); 3216 ZYAN_ASSERT(instruction); 3217 ZYAN_ASSERT(info); 3218 3219 ZydisDecoderContext* context = state->context; 3220 3221 if (info->flags & ZYDIS_INSTR_ENC_FLAG_HAS_MODRM) 3222 { 3223 if (!instruction->raw.modrm.offset) 3224 { 3225 instruction->raw.modrm.offset = instruction->length; 3226 ZyanU8 modrm_byte; 3227 ZYAN_CHECK(ZydisInputNext(state, instruction, &modrm_byte)); 3228 ZydisDecodeModRM(instruction, modrm_byte); 3229 } 3230 3231 if (!(info->flags & ZYDIS_INSTR_ENC_FLAG_FORCE_REG_FORM)) 3232 { 3233 ZyanU8 has_sib = 0; 3234 ZyanU8 displacement_size = 0; 3235 switch (instruction->address_width) 3236 { 3237 case 16: 3238 switch (instruction->raw.modrm.mod) 3239 { 3240 case 0: 3241 if (instruction->raw.modrm.rm == 6) 3242 { 3243 displacement_size = 16; 3244 } 3245 break; 3246 case 1: 3247 displacement_size = 8; 3248 break; 3249 case 2: 3250 displacement_size = 16; 3251 break; 3252 case 3: 3253 break; 3254 default: 3255 ZYAN_UNREACHABLE; 3256 } 3257 break; 3258 case 32: 3259 case 64: 3260 has_sib = 3261 (instruction->raw.modrm.mod != 3) && (instruction->raw.modrm.rm == 4); 3262 switch (instruction->raw.modrm.mod) 3263 { 3264 case 0: 3265 if (instruction->raw.modrm.rm == 5) 3266 { 3267 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 3268 { 3269 instruction->attributes |= ZYDIS_ATTRIB_IS_RELATIVE; 3270 } 3271 displacement_size = 32; 3272 } 3273 break; 3274 case 1: 3275 displacement_size = 8; 3276 break; 3277 case 2: 3278 displacement_size = 32; 3279 break; 3280 case 3: 3281 break; 3282 default: 3283 ZYAN_UNREACHABLE; 3284 } 3285 break; 3286 default: 3287 ZYAN_UNREACHABLE; 3288 } 3289 if (has_sib) 3290 { 3291 instruction->raw.sib.offset = instruction->length; 3292 ZyanU8 sib_byte; 3293 ZYAN_CHECK(ZydisInputNext(state, instruction, &sib_byte)); 3294 ZydisDecodeSIB(instruction, sib_byte); 3295 if (instruction->raw.sib.base == 5) 3296 { 3297 displacement_size = (instruction->raw.modrm.mod == 1) ? 8 : 32; 3298 } 3299 } 3300 if (displacement_size) 3301 { 3302 ZYAN_CHECK(ZydisReadDisplacement(state, instruction, displacement_size)); 3303 } 3304 } 3305 3306 context->reg_info.is_mod_reg = (instruction->raw.modrm.mod == 3) || 3307 (info->flags & ZYDIS_INSTR_ENC_FLAG_FORCE_REG_FORM); 3308 } 3309 3310 if (info->flags & ZYDIS_INSTR_ENC_FLAG_HAS_DISP) 3311 { 3312 ZYAN_CHECK(ZydisReadDisplacement( 3313 state, instruction, info->disp.size[context->easz_index])); 3314 } 3315 3316 if (info->flags & ZYDIS_INSTR_ENC_FLAG_HAS_IMM0) 3317 { 3318 if (info->imm[0].is_relative) 3319 { 3320 instruction->attributes |= ZYDIS_ATTRIB_IS_RELATIVE; 3321 } 3322 ZYAN_CHECK(ZydisReadImmediate(state, instruction, 0, 3323 info->imm[0].size[context->eosz_index], info->imm[0].is_signed, 3324 info->imm[0].is_relative)); 3325 } 3326 3327 if (info->flags & ZYDIS_INSTR_ENC_FLAG_HAS_IMM1) 3328 { 3329 ZYAN_ASSERT(!(info->flags & ZYDIS_INSTR_ENC_FLAG_HAS_DISP)); 3330 ZYAN_CHECK(ZydisReadImmediate(state, instruction, 1, 3331 info->imm[1].size[context->eosz_index], info->imm[1].is_signed, 3332 info->imm[1].is_relative)); 3333 } 3334 3335 return ZYAN_STATUS_SUCCESS; 3336 } 3337 3338 /* ---------------------------------------------------------------------------------------------- */ 3339 3340 /** 3341 * Sets the effective operand size for the given instruction. 3342 * 3343 * @param context A pointer to the `ZydisDecoderContext` struct 3344 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 3345 * @param definition A pointer to the `ZydisInstructionDefinition` struct. 3346 */ 3347 static void ZydisSetEffectiveOperandWidth(ZydisDecoderContext* context, 3348 ZydisDecodedInstruction* instruction, const ZydisInstructionDefinition* definition) 3349 { 3350 ZYAN_ASSERT(context); 3351 ZYAN_ASSERT(instruction); 3352 ZYAN_ASSERT(definition); 3353 3354 static const ZyanU8 operand_size_map[8][8] = 3355 { 3356 // Default for most instructions 3357 { 3358 16, // 16 __ W0 3359 32, // 16 66 W0 3360 32, // 32 __ W0 3361 16, // 32 66 W0 3362 32, // 64 __ W0 3363 16, // 64 66 W0 3364 64, // 64 __ W1 3365 64 // 64 66 W1 3366 }, 3367 // Operand size is forced to 8-bit (this is done later to preserve the `eosz_index`) 3368 { 3369 16, // 16 __ W0 3370 32, // 16 66 W0 3371 32, // 32 __ W0 3372 16, // 32 66 W0 3373 32, // 64 __ W0 3374 16, // 64 66 W0 3375 64, // 64 __ W1 3376 64 // 64 66 W1 3377 }, 3378 // Operand size override 0x66 is ignored 3379 { 3380 16, // 16 __ W0 3381 16, // 16 66 W0 3382 32, // 32 __ W0 3383 32, // 32 66 W0 3384 32, // 64 __ W0 3385 32, // 64 66 W0 3386 64, // 64 __ W1 3387 64 // 64 66 W1 3388 }, 3389 // REX.W promotes to 32-bit instead of 64-bit 3390 { 3391 16, // 16 __ W0 3392 32, // 16 66 W0 3393 32, // 32 __ W0 3394 16, // 32 66 W0 3395 32, // 64 __ W0 3396 16, // 64 66 W0 3397 32, // 64 __ W1 3398 32 // 64 66 W1 3399 }, 3400 // Operand size defaults to 64-bit in 64-bit mode 3401 { 3402 16, // 16 __ W0 3403 32, // 16 66 W0 3404 32, // 32 __ W0 3405 16, // 32 66 W0 3406 64, // 64 __ W0 3407 16, // 64 66 W0 3408 64, // 64 __ W1 3409 64 // 64 66 W1 3410 }, 3411 // Operand size is forced to 64-bit in 64-bit mode 3412 { 3413 16, // 16 __ W0 3414 32, // 16 66 W0 3415 32, // 32 __ W0 3416 16, // 32 66 W0 3417 64, // 64 __ W0 3418 64, // 64 66 W0 3419 64, // 64 __ W1 3420 64 // 64 66 W1 3421 }, 3422 // Operand size is forced to 32-bit, if no REX.W is present. 3423 { 3424 32, // 16 __ W0 3425 32, // 16 66 W0 3426 32, // 32 __ W0 3427 32, // 32 66 W0 3428 32, // 64 __ W0 3429 32, // 64 66 W0 3430 64, // 64 __ W1 3431 64 // 64 66 W1 3432 }, 3433 // Operand size is forced to 64-bit in 64-bit mode and forced to 32-bit in all other modes. 3434 // This is used for e.g. `mov CR, GPR` and `mov GPR, CR`. 3435 { 3436 32, // 16 __ W0 3437 32, // 16 66 W0 3438 32, // 32 __ W0 3439 32, // 32 66 W0 3440 64, // 64 __ W0 3441 64, // 64 66 W0 3442 64, // 64 __ W1 3443 64 // 64 66 W1 3444 } 3445 }; 3446 3447 ZyanU8 index = (instruction->attributes & ZYDIS_ATTRIB_HAS_OPERANDSIZE) ? 1 : 0; 3448 if ((instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_COMPAT_32) || 3449 (instruction->machine_mode == ZYDIS_MACHINE_MODE_LEGACY_32)) 3450 { 3451 index += 2; 3452 } 3453 else if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 3454 { 3455 index += 4; 3456 index += (context->vector_unified.W & 0x01) << 1; 3457 } 3458 3459 ZYAN_ASSERT(definition->operand_size_map < ZYAN_ARRAY_LENGTH(operand_size_map)); 3460 ZYAN_ASSERT(index < ZYAN_ARRAY_LENGTH(operand_size_map[definition->operand_size_map])); 3461 3462 instruction->operand_width = operand_size_map[definition->operand_size_map][index]; 3463 context->eosz_index = instruction->operand_width >> 5; 3464 3465 // TODO: Cleanup code and remove hardcoded condition 3466 if (definition->operand_size_map == 1) 3467 { 3468 instruction->operand_width = 8; 3469 } 3470 } 3471 3472 /** 3473 * Sets the effective address width for the given instruction. 3474 * 3475 * @param context A pointer to the `ZydisDecoderContext` struct. 3476 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 3477 * @param definition A pointer to the `ZydisInstructionDefinition` struct. 3478 */ 3479 static void ZydisSetEffectiveAddressWidth(ZydisDecoderContext* context, 3480 ZydisDecodedInstruction* instruction, const ZydisInstructionDefinition* definition) 3481 { 3482 ZYAN_ASSERT(context); 3483 ZYAN_ASSERT(instruction); 3484 3485 static const ZyanU8 address_size_map[3][8] = 3486 { 3487 // Default for most instructions 3488 { 3489 16, // 16 __ 3490 32, // 16 67 3491 32, // 32 __ 3492 16, // 32 67 3493 64, // 64 __ 3494 32 // 64 67 3495 }, 3496 // The address-size override is ignored 3497 { 3498 16, // 16 __ 3499 16, // 16 67 3500 32, // 32 __ 3501 32, // 32 67 3502 64, // 64 __ 3503 64 // 64 67 3504 }, 3505 // The address-size is forced to 64-bit in 64-bit mode and 32-bit in non 64-bit mode. This 3506 // is used by e.g. `ENCLS`, `ENCLV`, `ENCLU`. 3507 { 3508 32, // 16 __ 3509 32, // 16 67 3510 32, // 32 __ 3511 32, // 32 67 3512 64, // 64 __ 3513 64 // 64 67 3514 } 3515 }; 3516 3517 ZyanU8 index = (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) ? 1 : 0; 3518 if ((instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_COMPAT_32) || 3519 (instruction->machine_mode == ZYDIS_MACHINE_MODE_LEGACY_32)) 3520 { 3521 index += 2; 3522 } 3523 else if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 3524 { 3525 index += 4; 3526 } 3527 3528 ZYAN_ASSERT(definition->address_size_map < ZYAN_ARRAY_LENGTH(address_size_map)); 3529 ZYAN_ASSERT(index < ZYAN_ARRAY_LENGTH(address_size_map[definition->address_size_map])); 3530 3531 instruction->address_width = address_size_map[definition->address_size_map][index]; 3532 context->easz_index = instruction->address_width >> 5; 3533 } 3534 3535 /* ---------------------------------------------------------------------------------------------- */ 3536 3537 static ZyanStatus ZydisNodeHandlerXOP(const ZydisDecodedInstruction* instruction, ZyanU16* index) 3538 { 3539 ZYAN_ASSERT(instruction); 3540 ZYAN_ASSERT(index); 3541 3542 switch (instruction->encoding) 3543 { 3544 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 3545 *index = 0; 3546 break; 3547 case ZYDIS_INSTRUCTION_ENCODING_XOP: 3548 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_XOP); 3549 *index = (instruction->raw.xop.m_mmmm - 0x08) + (instruction->raw.xop.pp * 3) + 1; 3550 break; 3551 default: 3552 ZYAN_UNREACHABLE; 3553 } 3554 return ZYAN_STATUS_SUCCESS; 3555 } 3556 3557 static ZyanStatus ZydisNodeHandlerVEX(const ZydisDecodedInstruction* instruction, ZyanU16* index) 3558 { 3559 ZYAN_ASSERT(instruction); 3560 ZYAN_ASSERT(index); 3561 3562 switch (instruction->encoding) 3563 { 3564 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 3565 *index = 0; 3566 break; 3567 case ZYDIS_INSTRUCTION_ENCODING_VEX: 3568 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX); 3569 *index = instruction->raw.vex.m_mmmm + (instruction->raw.vex.pp << 2) + 1; 3570 break; 3571 default: 3572 ZYAN_UNREACHABLE; 3573 } 3574 return ZYAN_STATUS_SUCCESS; 3575 } 3576 3577 static ZyanStatus ZydisNodeHandlerEMVEX(const ZydisDecodedInstruction* instruction, ZyanU16* index) 3578 { 3579 ZYAN_ASSERT(instruction); 3580 ZYAN_ASSERT(index); 3581 3582 switch (instruction->encoding) 3583 { 3584 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 3585 *index = 0; 3586 break; 3587 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 3588 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX); 3589 *index = instruction->raw.evex.mmm + (instruction->raw.evex.pp << 3) + 1; 3590 break; 3591 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 3592 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX); 3593 *index = instruction->raw.mvex.mmmm + (instruction->raw.mvex.pp << 2) + 33; 3594 break; 3595 default: 3596 ZYAN_UNREACHABLE; 3597 } 3598 return ZYAN_STATUS_SUCCESS; 3599 } 3600 3601 static ZyanStatus ZydisNodeHandlerOpcode(ZydisDecoderState* state, 3602 ZydisDecodedInstruction* instruction, ZyanU16* index) 3603 { 3604 ZYAN_ASSERT(state); 3605 ZYAN_ASSERT(instruction); 3606 ZYAN_ASSERT(index); 3607 3608 // Handle possible encoding-prefix and opcode-map changes 3609 switch (instruction->encoding) 3610 { 3611 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 3612 ZYAN_CHECK(ZydisInputNext(state, instruction, &instruction->opcode)); 3613 switch (instruction->opcode_map) 3614 { 3615 case ZYDIS_OPCODE_MAP_DEFAULT: 3616 switch (instruction->opcode) 3617 { 3618 case 0x0F: 3619 instruction->opcode_map = ZYDIS_OPCODE_MAP_0F; 3620 break; 3621 case 0xC4: 3622 case 0xC5: 3623 case 0x62: 3624 { 3625 ZyanU8 next_input; 3626 ZYAN_CHECK(ZydisInputPeek(state, instruction, &next_input)); 3627 if (((next_input & 0xF0) >= 0xC0) || 3628 (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64)) 3629 { 3630 if (instruction->attributes & ZYDIS_ATTRIB_HAS_REX) 3631 { 3632 return ZYDIS_STATUS_ILLEGAL_REX; 3633 } 3634 if (state->prefixes.has_lock) 3635 { 3636 return ZYDIS_STATUS_ILLEGAL_LOCK; 3637 } 3638 if (state->prefixes.mandatory_candidate) 3639 { 3640 return ZYDIS_STATUS_ILLEGAL_LEGACY_PFX; 3641 } 3642 ZyanU8 prefix_bytes[4] = { 0, 0, 0, 0 }; 3643 prefix_bytes[0] = instruction->opcode; 3644 switch (instruction->opcode) 3645 { 3646 case 0xC4: 3647 instruction->raw.vex.offset = instruction->length - 1; 3648 // Read additional 3-byte VEX-prefix data 3649 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX)); 3650 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, &prefix_bytes[1], 2)); 3651 break; 3652 case 0xC5: 3653 instruction->raw.vex.offset = instruction->length - 1; 3654 // Read additional 2-byte VEX-prefix data 3655 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX)); 3656 ZYAN_CHECK(ZydisInputNext(state, instruction, &prefix_bytes[1])); 3657 break; 3658 case 0x62: 3659 #if !defined(ZYDIS_DISABLE_AVX512) || !defined(ZYDIS_DISABLE_KNC) 3660 // Read additional EVEX/MVEX-prefix data 3661 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX)); 3662 ZYAN_ASSERT(!(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX)); 3663 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, &prefix_bytes[1], 3)); 3664 break; 3665 #else 3666 return ZYDIS_STATUS_DECODING_ERROR; 3667 #endif 3668 default: 3669 ZYAN_UNREACHABLE; 3670 } 3671 switch (instruction->opcode) 3672 { 3673 case 0xC4: 3674 case 0xC5: 3675 // Decode VEX-prefix 3676 instruction->encoding = ZYDIS_INSTRUCTION_ENCODING_VEX; 3677 ZYAN_CHECK(ZydisDecodeVEX(state->context, instruction, prefix_bytes)); 3678 instruction->opcode_map = 3679 ZYDIS_OPCODE_MAP_DEFAULT + instruction->raw.vex.m_mmmm; 3680 break; 3681 case 0x62: 3682 #if defined(ZYDIS_DISABLE_AVX512) && defined(ZYDIS_DISABLE_KNC) 3683 return ZYDIS_STATUS_DECODING_ERROR; 3684 #else 3685 switch ((prefix_bytes[2] >> 2) & 0x01) 3686 { 3687 case 0: 3688 #ifndef ZYDIS_DISABLE_KNC 3689 instruction->raw.mvex.offset = instruction->length - 4; 3690 // `KNC` instructions are only valid in 64-bit mode. 3691 // This condition catches the `MVEX` encoded ones to save a bunch of 3692 // `mode` filters in the data-tables. 3693 // `KNC` instructions with `VEX` encoding still require a `mode` filter. 3694 if (state->decoder->machine_mode != ZYDIS_MACHINE_MODE_LONG_64) 3695 { 3696 return ZYDIS_STATUS_DECODING_ERROR; 3697 } 3698 // Decode MVEX-prefix 3699 instruction->encoding = ZYDIS_INSTRUCTION_ENCODING_MVEX; 3700 ZYAN_CHECK(ZydisDecodeMVEX(state->context, instruction, prefix_bytes)); 3701 instruction->opcode_map = 3702 ZYDIS_OPCODE_MAP_DEFAULT + instruction->raw.mvex.mmmm; 3703 break; 3704 #else 3705 return ZYDIS_STATUS_DECODING_ERROR; 3706 #endif 3707 case 1: 3708 #ifndef ZYDIS_DISABLE_AVX512 3709 instruction->raw.evex.offset = instruction->length - 4; 3710 // Decode EVEX-prefix 3711 instruction->encoding = ZYDIS_INSTRUCTION_ENCODING_EVEX; 3712 ZYAN_CHECK(ZydisDecodeEVEX(state->context, instruction, prefix_bytes)); 3713 instruction->opcode_map = 3714 ZYDIS_OPCODE_MAP_DEFAULT + instruction->raw.evex.mmm; 3715 break; 3716 #else 3717 return ZYDIS_STATUS_DECODING_ERROR; 3718 #endif 3719 default: 3720 ZYAN_UNREACHABLE; 3721 } 3722 break; 3723 #endif 3724 default: 3725 ZYAN_UNREACHABLE; 3726 } 3727 } 3728 break; 3729 } 3730 case 0x8F: 3731 { 3732 ZyanU8 next_input; 3733 ZYAN_CHECK(ZydisInputPeek(state, instruction, &next_input)); 3734 if ((next_input & 0x1F) >= 8) 3735 { 3736 if (instruction->attributes & ZYDIS_ATTRIB_HAS_REX) 3737 { 3738 return ZYDIS_STATUS_ILLEGAL_REX; 3739 } 3740 if (state->prefixes.has_lock) 3741 { 3742 return ZYDIS_STATUS_ILLEGAL_LOCK; 3743 } 3744 if (state->prefixes.mandatory_candidate) 3745 { 3746 return ZYDIS_STATUS_ILLEGAL_LEGACY_PFX; 3747 } 3748 instruction->raw.xop.offset = instruction->length - 1; 3749 ZyanU8 prefixBytes[3] = { 0x8F, 0x00, 0x00 }; 3750 // Read additional xop-prefix data 3751 ZYAN_CHECK(ZydisInputNextBytes(state, instruction, &prefixBytes[1], 2)); 3752 // Decode xop-prefix 3753 instruction->encoding = ZYDIS_INSTRUCTION_ENCODING_XOP; 3754 ZYAN_CHECK(ZydisDecodeXOP(state->context, instruction, prefixBytes)); 3755 instruction->opcode_map = 3756 ZYDIS_OPCODE_MAP_XOP8 + instruction->raw.xop.m_mmmm - 0x08; 3757 } 3758 break; 3759 } 3760 default: 3761 break; 3762 } 3763 break; 3764 case ZYDIS_OPCODE_MAP_0F: 3765 switch (instruction->opcode) 3766 { 3767 case 0x0F: 3768 if (state->prefixes.has_lock) 3769 { 3770 return ZYDIS_STATUS_ILLEGAL_LOCK; 3771 } 3772 instruction->encoding = ZYDIS_INSTRUCTION_ENCODING_3DNOW; 3773 instruction->opcode_map = ZYDIS_OPCODE_MAP_0F0F; 3774 break; 3775 case 0x38: 3776 instruction->opcode_map = ZYDIS_OPCODE_MAP_0F38; 3777 break; 3778 case 0x3A: 3779 instruction->opcode_map = ZYDIS_OPCODE_MAP_0F3A; 3780 break; 3781 default: 3782 break; 3783 } 3784 break; 3785 case ZYDIS_OPCODE_MAP_0F38: 3786 case ZYDIS_OPCODE_MAP_0F3A: 3787 case ZYDIS_OPCODE_MAP_XOP8: 3788 case ZYDIS_OPCODE_MAP_XOP9: 3789 case ZYDIS_OPCODE_MAP_XOPA: 3790 // Nothing to do here 3791 break; 3792 default: 3793 ZYAN_UNREACHABLE; 3794 } 3795 break; 3796 case ZYDIS_INSTRUCTION_ENCODING_3DNOW: 3797 // All 3DNOW (0x0F 0x0F) instructions are using the same operand encoding. We just 3798 // decode a random (pi2fw) instruction and extract the actual opcode later. 3799 *index = 0x0C; 3800 return ZYAN_STATUS_SUCCESS; 3801 default: 3802 ZYAN_CHECK(ZydisInputNext(state, instruction, &instruction->opcode)); 3803 break; 3804 } 3805 3806 *index = instruction->opcode; 3807 return ZYAN_STATUS_SUCCESS; 3808 } 3809 3810 static ZyanStatus ZydisNodeHandlerMode(const ZydisDecodedInstruction* instruction, ZyanU16* index) 3811 { 3812 ZYAN_ASSERT(instruction); 3813 ZYAN_ASSERT(index); 3814 3815 switch (instruction->machine_mode) 3816 { 3817 case ZYDIS_MACHINE_MODE_LONG_COMPAT_16: 3818 case ZYDIS_MACHINE_MODE_LEGACY_16: 3819 case ZYDIS_MACHINE_MODE_REAL_16: 3820 *index = 0; 3821 break; 3822 case ZYDIS_MACHINE_MODE_LONG_COMPAT_32: 3823 case ZYDIS_MACHINE_MODE_LEGACY_32: 3824 *index = 1; 3825 break; 3826 case ZYDIS_MACHINE_MODE_LONG_64: 3827 *index = 2; 3828 break; 3829 default: 3830 ZYAN_UNREACHABLE; 3831 } 3832 return ZYAN_STATUS_SUCCESS; 3833 } 3834 3835 static ZyanStatus ZydisNodeHandlerModeCompact(const ZydisDecodedInstruction* instruction, 3836 ZyanU16* index) 3837 { 3838 ZYAN_ASSERT(instruction); 3839 ZYAN_ASSERT(index); 3840 3841 *index = (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) ? 0 : 1; 3842 return ZYAN_STATUS_SUCCESS; 3843 } 3844 3845 static ZyanStatus ZydisNodeHandlerModrmMod(ZydisDecoderState* state, 3846 ZydisDecodedInstruction* instruction, ZyanU16* index) 3847 { 3848 ZYAN_ASSERT(state); 3849 ZYAN_ASSERT(instruction); 3850 ZYAN_ASSERT(index); 3851 3852 if (!instruction->raw.modrm.offset) 3853 { 3854 instruction->raw.modrm.offset = instruction->length; 3855 ZyanU8 modrm_byte; 3856 ZYAN_CHECK(ZydisInputNext(state, instruction, &modrm_byte)); 3857 ZydisDecodeModRM(instruction, modrm_byte); 3858 } 3859 *index = instruction->raw.modrm.mod; 3860 return ZYAN_STATUS_SUCCESS; 3861 } 3862 3863 static ZyanStatus ZydisNodeHandlerModrmModCompact(ZydisDecoderState* state, 3864 ZydisDecodedInstruction* instruction, ZyanU16* index) 3865 { 3866 ZYAN_CHECK(ZydisNodeHandlerModrmMod(state, instruction, index)); 3867 *index = (*index == 0x3) ? 0 : 1; 3868 return ZYAN_STATUS_SUCCESS; 3869 } 3870 3871 static ZyanStatus ZydisNodeHandlerModrmReg(ZydisDecoderState* state, 3872 ZydisDecodedInstruction* instruction, ZyanU16* index) 3873 { 3874 ZYAN_ASSERT(state); 3875 ZYAN_ASSERT(instruction); 3876 ZYAN_ASSERT(index); 3877 3878 if (!instruction->raw.modrm.offset) 3879 { 3880 instruction->raw.modrm.offset = instruction->length; 3881 ZyanU8 modrm_byte; 3882 ZYAN_CHECK(ZydisInputNext(state, instruction, &modrm_byte)); 3883 ZydisDecodeModRM(instruction, modrm_byte); 3884 } 3885 *index = instruction->raw.modrm.reg; 3886 return ZYAN_STATUS_SUCCESS; 3887 } 3888 3889 static ZyanStatus ZydisNodeHandlerModrmRm(ZydisDecoderState* state, 3890 ZydisDecodedInstruction* instruction, ZyanU16* index) 3891 { 3892 ZYAN_ASSERT(state); 3893 ZYAN_ASSERT(instruction); 3894 ZYAN_ASSERT(index); 3895 3896 if (!instruction->raw.modrm.offset) 3897 { 3898 instruction->raw.modrm.offset = instruction->length; 3899 ZyanU8 modrm_byte; 3900 ZYAN_CHECK(ZydisInputNext(state, instruction, &modrm_byte)); 3901 ZydisDecodeModRM(instruction, modrm_byte); 3902 } 3903 *index = instruction->raw.modrm.rm; 3904 return ZYAN_STATUS_SUCCESS; 3905 } 3906 3907 static ZyanStatus ZydisNodeHandlerMandatoryPrefix(const ZydisDecoderState* state, 3908 ZydisDecodedInstruction* instruction, ZyanU16* index) 3909 { 3910 ZYAN_ASSERT(state); 3911 ZYAN_ASSERT(instruction); 3912 ZYAN_ASSERT(index); 3913 3914 switch (state->prefixes.mandatory_candidate) 3915 { 3916 case 0x66: 3917 instruction->raw.prefixes[state->prefixes.offset_mandatory].type = 3918 ZYDIS_PREFIX_TYPE_MANDATORY; 3919 instruction->attributes &= ~ZYDIS_ATTRIB_HAS_OPERANDSIZE; 3920 *index = 2; 3921 break; 3922 case 0xF3: 3923 instruction->raw.prefixes[state->prefixes.offset_mandatory].type = 3924 ZYDIS_PREFIX_TYPE_MANDATORY; 3925 *index = 3; 3926 break; 3927 case 0xF2: 3928 instruction->raw.prefixes[state->prefixes.offset_mandatory].type = 3929 ZYDIS_PREFIX_TYPE_MANDATORY; 3930 *index = 4; 3931 break; 3932 default: 3933 *index = 1; 3934 break; 3935 } 3936 // TODO: Consume prefix and make sure it's available again, if we need to fallback 3937 3938 return ZYAN_STATUS_SUCCESS; 3939 } 3940 3941 static ZyanStatus ZydisNodeHandlerOperandSize(const ZydisDecoderState* state, 3942 ZydisDecodedInstruction* instruction, ZyanU16* index) 3943 { 3944 ZYAN_ASSERT(state); 3945 ZYAN_ASSERT(instruction); 3946 ZYAN_ASSERT(index); 3947 3948 if ((instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) && 3949 (state->context->vector_unified.W)) 3950 { 3951 *index = 2; 3952 } else 3953 { 3954 if (instruction->attributes & ZYDIS_ATTRIB_HAS_OPERANDSIZE) 3955 { 3956 instruction->raw.prefixes[state->prefixes.offset_osz_override].type = 3957 ZYDIS_PREFIX_TYPE_EFFECTIVE; 3958 } 3959 switch (instruction->machine_mode) 3960 { 3961 case ZYDIS_MACHINE_MODE_LONG_COMPAT_16: 3962 case ZYDIS_MACHINE_MODE_LEGACY_16: 3963 case ZYDIS_MACHINE_MODE_REAL_16: 3964 *index = (instruction->attributes & ZYDIS_ATTRIB_HAS_OPERANDSIZE) ? 1 : 0; 3965 break; 3966 case ZYDIS_MACHINE_MODE_LONG_COMPAT_32: 3967 case ZYDIS_MACHINE_MODE_LEGACY_32: 3968 case ZYDIS_MACHINE_MODE_LONG_64: 3969 *index = (instruction->attributes & ZYDIS_ATTRIB_HAS_OPERANDSIZE) ? 0 : 1; 3970 break; 3971 default: 3972 ZYAN_UNREACHABLE; 3973 } 3974 } 3975 3976 return ZYAN_STATUS_SUCCESS; 3977 } 3978 3979 static ZyanStatus ZydisNodeHandlerAddressSize(ZydisDecodedInstruction* instruction, ZyanU16* index) 3980 { 3981 ZYAN_ASSERT(instruction); 3982 ZYAN_ASSERT(index); 3983 3984 /*if (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) 3985 { 3986 instruction->raw.prefixes[context->prefixes.offset_asz_override].type = 3987 ZYDIS_PREFIX_TYPE_EFFECTIVE; 3988 }*/ 3989 switch (instruction->machine_mode) 3990 { 3991 case ZYDIS_MACHINE_MODE_LONG_COMPAT_16: 3992 case ZYDIS_MACHINE_MODE_LEGACY_16: 3993 case ZYDIS_MACHINE_MODE_REAL_16: 3994 *index = (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) ? 1 : 0; 3995 break; 3996 case ZYDIS_MACHINE_MODE_LONG_COMPAT_32: 3997 case ZYDIS_MACHINE_MODE_LEGACY_32: 3998 *index = (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) ? 0 : 1; 3999 break; 4000 case ZYDIS_MACHINE_MODE_LONG_64: 4001 *index = (instruction->attributes & ZYDIS_ATTRIB_HAS_ADDRESSSIZE) ? 1 : 2; 4002 break; 4003 default: 4004 ZYAN_UNREACHABLE; 4005 } 4006 4007 return ZYAN_STATUS_SUCCESS; 4008 } 4009 4010 static ZyanStatus ZydisNodeHandlerVectorLength(const ZydisDecoderContext* context, 4011 const ZydisDecodedInstruction* instruction, ZyanU16* index) 4012 { 4013 ZYAN_ASSERT(context); 4014 ZYAN_ASSERT(instruction); 4015 ZYAN_ASSERT(index); 4016 4017 switch (instruction->encoding) 4018 { 4019 case ZYDIS_INSTRUCTION_ENCODING_XOP: 4020 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_XOP); 4021 break; 4022 case ZYDIS_INSTRUCTION_ENCODING_VEX: 4023 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX); 4024 break; 4025 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 4026 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX); 4027 break; 4028 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 4029 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX); 4030 break; 4031 default: 4032 ZYAN_UNREACHABLE; 4033 } 4034 4035 *index = context->vector_unified.LL; 4036 if (*index == 3) 4037 { 4038 return ZYDIS_STATUS_DECODING_ERROR; 4039 } 4040 return ZYAN_STATUS_SUCCESS; 4041 } 4042 4043 static ZyanStatus ZydisNodeHandlerRexW(const ZydisDecoderContext* context, 4044 const ZydisDecodedInstruction* instruction, ZyanU16* index) 4045 { 4046 ZYAN_ASSERT(context); 4047 ZYAN_ASSERT(instruction); 4048 ZYAN_ASSERT(index); 4049 4050 switch (instruction->encoding) 4051 { 4052 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 4053 // nothing to do here 4054 break; 4055 case ZYDIS_INSTRUCTION_ENCODING_XOP: 4056 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_XOP); 4057 break; 4058 case ZYDIS_INSTRUCTION_ENCODING_VEX: 4059 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX); 4060 break; 4061 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 4062 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX); 4063 break; 4064 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 4065 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX); 4066 break; 4067 default: 4068 ZYAN_UNREACHABLE; 4069 } 4070 *index = context->vector_unified.W; 4071 return ZYAN_STATUS_SUCCESS; 4072 } 4073 4074 static ZyanStatus ZydisNodeHandlerRexB(const ZydisDecoderContext* context, 4075 const ZydisDecodedInstruction* instruction, ZyanU16* index) 4076 { 4077 ZYAN_ASSERT(context); 4078 ZYAN_ASSERT(instruction); 4079 ZYAN_ASSERT(index); 4080 4081 switch (instruction->encoding) 4082 { 4083 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 4084 // nothing to do here 4085 break; 4086 case ZYDIS_INSTRUCTION_ENCODING_XOP: 4087 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_XOP); 4088 break; 4089 case ZYDIS_INSTRUCTION_ENCODING_VEX: 4090 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_VEX); 4091 break; 4092 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 4093 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX); 4094 break; 4095 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 4096 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX); 4097 break; 4098 default: 4099 ZYAN_UNREACHABLE; 4100 } 4101 *index = context->vector_unified.B; 4102 return ZYAN_STATUS_SUCCESS; 4103 } 4104 4105 #ifndef ZYDIS_DISABLE_AVX512 4106 static ZyanStatus ZydisNodeHandlerEvexB(const ZydisDecodedInstruction* instruction, ZyanU16* index) 4107 { 4108 ZYAN_ASSERT(instruction); 4109 ZYAN_ASSERT(index); 4110 4111 ZYAN_ASSERT(instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX); 4112 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_EVEX); 4113 *index = instruction->raw.evex.b; 4114 return ZYAN_STATUS_SUCCESS; 4115 } 4116 #endif 4117 4118 #ifndef ZYDIS_DISABLE_KNC 4119 static ZyanStatus ZydisNodeHandlerMvexE(const ZydisDecodedInstruction* instruction, ZyanU16* index) 4120 { 4121 ZYAN_ASSERT(instruction); 4122 ZYAN_ASSERT(index); 4123 4124 ZYAN_ASSERT(instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX); 4125 ZYAN_ASSERT(instruction->attributes & ZYDIS_ATTRIB_HAS_MVEX); 4126 *index = instruction->raw.mvex.E; 4127 return ZYAN_STATUS_SUCCESS; 4128 } 4129 #endif 4130 4131 /* ---------------------------------------------------------------------------------------------- */ 4132 4133 /** 4134 * Populates the internal register id fields for `REG`, `RM`, `NDSNDD`, `BASE` and `INDEX`/`VIDX` 4135 * encoded operands and performs sanity checks. 4136 * 4137 * @param context A pointer to the `ZydisDecoderContext` struct. 4138 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 4139 * @param def_reg The type definition for the `.reg` encoded operand. 4140 * @param def_rm The type definition for the `.rm` encoded operand. 4141 * @param def_ndsndd The type definition for the `.vvvv` encoded operand. 4142 * 4143 * @return A zyan status code. 4144 * 4145 * This function sets all unused register ids to `-1`. This rule does currently not apply to 4146 * `base` and `index`. 4147 * 4148 * Definition encoding: 4149 * - `def_reg` -> `ZydisRegisterKind` 4150 * - `def_ndsndd` -> `ZydisRegisterKind` 4151 * - `def_rm` -> `ZydisRegisterKind` (`.mod == 3`) or ZydisMemoryOperandType (`.mod != 3`) 4152 */ 4153 static ZyanStatus ZydisPopulateRegisterIds(ZydisDecoderContext* context, 4154 const ZydisDecodedInstruction* instruction, ZyanU8 def_reg, ZyanU8 def_rm, ZyanU8 def_ndsndd) 4155 { 4156 ZYAN_ASSERT(context); 4157 ZYAN_ASSERT(instruction); 4158 4159 const ZyanBool is_64_bit = (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64); 4160 const ZyanBool is_reg = context->reg_info.is_mod_reg; 4161 const ZyanBool has_sib = !is_reg && (instruction->raw.modrm.rm == 4); 4162 const ZyanBool has_vsib = has_sib && (def_rm == ZYDIS_MEMOP_TYPE_VSIB); 4163 4164 ZyanU8 id_reg = instruction->raw.modrm.reg; 4165 ZyanU8 id_rm = instruction->raw.modrm.rm; 4166 ZyanU8 id_ndsndd = is_64_bit ? context->vector_unified.vvvv : context->vector_unified.vvvv & 0x07; 4167 ZyanU8 id_base = has_sib ? instruction->raw.sib.base : instruction->raw.modrm.rm; 4168 ZyanU8 id_index = instruction->raw.sib.index; 4169 4170 if (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) 4171 { 4172 const ZyanBool is_emvex = (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || 4173 (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX); 4174 4175 // The `index` extension by `.v'` is only valid for VSIB operands 4176 const ZyanU8 vsib_v2 = has_vsib ? context->vector_unified.V2 : 0; 4177 // The `rm` extension by `.X` is only valid for EVEX/MVEX instructions 4178 const ZyanU8 evex_x = is_emvex ? context->vector_unified.X : 0; 4179 4180 id_reg |= (context->vector_unified.R2 << 4) | (context->vector_unified.R << 3); 4181 id_rm |= (evex_x << 4) | (context->vector_unified.B << 3); 4182 id_ndsndd |= (context->vector_unified.V2 << 4) ; 4183 id_base |= (context->vector_unified.B << 3); 4184 id_index |= (vsib_v2 << 4) | (context->vector_unified.X << 3); 4185 4186 // The masking emulates the actual CPU behavior and does not verify if the resulting ids 4187 // are actually valid for the given register kind. 4188 4189 static const ZyanU8 mask_reg[ZYDIS_REGKIND_MAX_VALUE + 1] = 4190 { 4191 /* INVALID */ 0, 4192 /* GPR */ (1 << 5) - 1, 4193 /* X87 */ (1 << 3) - 1, // ignore `.R`, ignore `.R'` 4194 /* MMX */ (1 << 3) - 1, // ignore `.R`, ignore `.R'` 4195 /* VR */ (1 << 5) - 1, 4196 /* TMM */ (1 << 5) - 1, 4197 /* SEGMENT */ (1 << 3) - 1, // ignore `.R`, ignore `.R'` 4198 /* TEST */ (1 << 3) - 1, // ignore `.R`, ignore `.R'` 4199 /* CONTROL */ (1 << 4) - 1, // ignore `.R'` 4200 /* DEBUG */ (1 << 4) - 1, // ignore `.R'` 4201 /* MASK */ (1 << 5) - 1, 4202 /* BOUND */ (1 << 4) - 1 // ignore `.R'` 4203 }; 4204 id_reg &= mask_reg[def_reg]; 4205 4206 static const ZyanU8 mask_rm[ZYDIS_REGKIND_MAX_VALUE + 1] = 4207 { 4208 /* INVALID */ 0, 4209 /* GPR */ (1 << 4) - 1, // ignore `.X` 4210 /* X87 */ (1 << 3) - 1, // ignore `.B`, ignore `.X` 4211 /* MMX */ (1 << 3) - 1, // ignore `.B`, ignore `.X` 4212 /* VR */ (1 << 5) - 1, 4213 /* TMM */ (1 << 4) - 1, // ignore `.X` 4214 /* SEGMENT */ (1 << 3) - 1, // ignore `.B`, ignore `.X` 4215 /* TEST */ (1 << 3) - 1, // ignore `.B`, ignore `.X` 4216 /* CONTROL */ (1 << 4) - 1, // ignore `.X` 4217 /* DEBUG */ (1 << 4) - 1, // ignore `.X` 4218 /* MASK */ (1 << 3) - 1, // ignore `.B`, ignore `.X` 4219 /* BOUND */ (1 << 4) - 1 // ignore `.X` 4220 }; 4221 id_rm &= (is_reg ? mask_rm[def_rm] : 0xFF); 4222 4223 // Commented out for future reference. Not required at the moment as it's always either 4224 // a "take all" or "take nothing" situation. 4225 4226 //static const ZyanU8 mask_ndsndd[ZYDIS_REGKIND_MAX_VALUE + 1] = 4227 //{ 4228 // /* INVALID */ 0, 4229 // /* GPR */ (1 << 5) - 1, 4230 // /* X87 */ 0, // never encoded in `.vvvv` 4231 // /* MMX */ 0, // never encoded in `.vvvv` 4232 // /* VR */ (1 << 5) - 1, 4233 // /* TMM */ (1 << 5) - 1, 4234 // /* SEGMENT */ 0, // never encoded in `.vvvv` 4235 // /* TEST */ 0, // never encoded in `.vvvv` 4236 // /* CONTROL */ 0, // never encoded in `.vvvv` 4237 // /* DEBUG */ 0, // never encoded in `.vvvv` 4238 // /* MASK */ (1 << 5) - 1, 4239 // /* BOUND */ 0 // never encoded in `.vvvv` 4240 //}; 4241 } 4242 4243 // Validate 4244 4245 // `.vvvv` is not allowed, if the instruction does not encode a NDS/NDD operand 4246 if (!def_ndsndd && context->vector_unified.vvvv) 4247 { 4248 return ZYDIS_STATUS_BAD_REGISTER; 4249 } 4250 // `.v'` is not allowed, if the instruction does not encode a NDS/NDD or VSIB operand 4251 if (!def_ndsndd && !has_vsib && context->vector_unified.V2) 4252 { 4253 return ZYDIS_STATUS_BAD_REGISTER; 4254 } 4255 4256 static const ZyanU8 available_regs[2][ZYDIS_REGKIND_MAX_VALUE + 1] = 4257 { 4258 // 16/32 bit mode 4259 { 4260 /* INVALID */ 255, 4261 /* GPR */ 8, 4262 /* X87 */ 8, 4263 /* MMX */ 8, 4264 /* VR */ 8, 4265 /* TMM */ 8, 4266 /* SEGMENT */ 6, 4267 /* TEST */ 8, 4268 /* CONTROL */ 8, 4269 /* DEBUG */ 8, 4270 /* MASK */ 8, 4271 /* BOUND */ 4 4272 }, 4273 // 64 bit mode 4274 { 4275 /* INVALID */ 255, 4276 /* GPR */ 16, 4277 /* X87 */ 8, 4278 /* MMX */ 8, 4279 /* VR */ 32, 4280 /* TMM */ 8, 4281 /* SEGMENT */ 6, 4282 /* TEST */ 8, 4283 /* CONTROL */ 16, 4284 // Attempts to reference DR8..DR15 result in undefined opcode (#UD) exceptions. DR4 and 4285 // DR5 are only valid, if the debug extension (DE) flag in CR4 is set. As we can't 4286 // check this at runtime we just allow them. 4287 /* DEBUG */ 8, 4288 /* MASK */ 8, 4289 /* BOUND */ 4 4290 } 4291 }; 4292 4293 if ((id_reg >= available_regs[is_64_bit][def_reg]) || 4294 (id_ndsndd >= available_regs[is_64_bit][def_ndsndd]) || 4295 (is_reg && (id_rm >= available_regs[is_64_bit][def_rm]))) 4296 { 4297 return ZYDIS_STATUS_BAD_REGISTER; 4298 } 4299 4300 ZyanI8 id_cr = -1; 4301 if (def_reg == ZYDIS_REGKIND_CONTROL) 4302 { 4303 id_cr = id_reg; 4304 } 4305 if (is_reg && (def_rm == ZYDIS_REGKIND_CONTROL)) 4306 { 4307 id_cr = id_rm; 4308 } 4309 if (id_cr >= 0) 4310 { 4311 // Attempts to reference CR1, CR5, CR6, CR7, and CR9..CR15 result in undefined opcode (#UD) 4312 // exceptions 4313 static const ZyanU8 lookup[16] = 4314 { 4315 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0 4316 }; 4317 ZYAN_ASSERT((ZyanUSize)id_cr < ZYAN_ARRAY_LENGTH(lookup)); 4318 if (!lookup[id_cr]) 4319 { 4320 return ZYDIS_STATUS_BAD_REGISTER; 4321 } 4322 } 4323 4324 // Assign to context 4325 4326 context->reg_info.id_reg = def_reg ? id_reg : -1; 4327 context->reg_info.id_rm = def_rm && is_reg ? id_rm : -1; 4328 context->reg_info.id_ndsndd = def_ndsndd ? id_ndsndd : -1; 4329 context->reg_info.id_base = id_base; // TODO: Set unused register to -1 as well 4330 context->reg_info.id_index = id_index; // TODO: Set unused register to -1 as well 4331 4332 return ZYAN_STATUS_SUCCESS; 4333 } 4334 4335 /** 4336 * Checks for certain post-decode error-conditions. 4337 * 4338 * @param state A pointer to the `ZydisDecoderState` struct. 4339 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 4340 * @param definition A pointer to the `ZydisInstructionDefinition` struct. 4341 * 4342 * @return A zyan status code. 4343 * 4344 * This function is called immediately after a valid instruction-definition was found. 4345 */ 4346 static ZyanStatus ZydisCheckErrorConditions(ZydisDecoderState* state, 4347 const ZydisDecodedInstruction* instruction, const ZydisInstructionDefinition* definition) 4348 { 4349 ZYAN_ASSERT(state); 4350 ZYAN_ASSERT(instruction); 4351 ZYAN_ASSERT(definition); 4352 4353 ZyanU8 def_reg = definition->op_reg; 4354 ZyanU8 def_rm = definition->op_rm; 4355 ZyanU8 def_ndsndd = ZYDIS_REGKIND_INVALID; 4356 ZyanBool is_gather = ZYAN_FALSE; 4357 ZyanBool no_source_dest_match = ZYAN_FALSE; 4358 ZyanBool no_source_source_match = ZYAN_FALSE; 4359 #if !defined(ZYDIS_DISABLE_AVX512) || !defined(ZYDIS_DISABLE_KNC) 4360 ZydisMaskPolicy mask_policy = ZYDIS_MASK_POLICY_INVALID; 4361 #endif 4362 4363 switch (instruction->encoding) 4364 { 4365 case ZYDIS_INSTRUCTION_ENCODING_LEGACY: 4366 { 4367 const ZydisInstructionDefinitionLEGACY* def = 4368 (const ZydisInstructionDefinitionLEGACY*)definition; 4369 4370 if (def->requires_protected_mode && 4371 (instruction->machine_mode == ZYDIS_MACHINE_MODE_REAL_16)) 4372 { 4373 return ZYDIS_STATUS_DECODING_ERROR; 4374 } 4375 4376 if (def->no_compat_mode && 4377 ((instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_COMPAT_16) || 4378 (instruction->machine_mode == ZYDIS_MACHINE_MODE_LONG_COMPAT_32))) 4379 { 4380 return ZYDIS_STATUS_DECODING_ERROR; 4381 } 4382 4383 if (state->prefixes.has_lock && !def->accepts_LOCK) 4384 { 4385 return ZYDIS_STATUS_ILLEGAL_LOCK; 4386 } 4387 break; 4388 } 4389 case ZYDIS_INSTRUCTION_ENCODING_3DNOW: 4390 { 4391 break; 4392 } 4393 case ZYDIS_INSTRUCTION_ENCODING_XOP: 4394 { 4395 const ZydisInstructionDefinitionXOP* def = 4396 (const ZydisInstructionDefinitionXOP*)definition; 4397 def_ndsndd = def->op_ndsndd; 4398 break; 4399 } 4400 case ZYDIS_INSTRUCTION_ENCODING_VEX: 4401 { 4402 const ZydisInstructionDefinitionVEX* def = 4403 (const ZydisInstructionDefinitionVEX*)definition; 4404 def_ndsndd = def->op_ndsndd; 4405 is_gather = def->is_gather; 4406 no_source_source_match = def->no_source_source_match; 4407 break; 4408 } 4409 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 4410 { 4411 #ifndef ZYDIS_DISABLE_AVX512 4412 const ZydisInstructionDefinitionEVEX* def = 4413 (const ZydisInstructionDefinitionEVEX*)definition; 4414 def_ndsndd = def->op_ndsndd; 4415 is_gather = def->is_gather; 4416 no_source_dest_match = def->no_source_dest_match; 4417 mask_policy = def->mask_policy; 4418 4419 // Check for invalid zero-mask 4420 if ((instruction->raw.evex.z) && (!def->accepts_zero_mask)) 4421 { 4422 return ZYDIS_STATUS_INVALID_MASK; // TODO: Dedicated status code 4423 } 4424 #else 4425 ZYAN_UNREACHABLE; 4426 #endif 4427 break; 4428 } 4429 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 4430 { 4431 #ifndef ZYDIS_DISABLE_KNC 4432 const ZydisInstructionDefinitionMVEX* def = 4433 (const ZydisInstructionDefinitionMVEX*)definition; 4434 def_ndsndd = def->op_ndsndd; 4435 is_gather = def->is_gather; 4436 mask_policy = def->mask_policy; 4437 4438 // Check for invalid MVEX.SSS values 4439 static const ZyanU8 lookup[26][8] = 4440 { 4441 // ZYDIS_MVEX_FUNC_IGNORED 4442 { 1, 1, 1, 1, 1, 1, 1, 1 }, 4443 // ZYDIS_MVEX_FUNC_INVALID 4444 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4445 // ZYDIS_MVEX_FUNC_RC 4446 { 1, 1, 1, 1, 1, 1, 1, 1 }, 4447 // ZYDIS_MVEX_FUNC_SAE 4448 { 1, 1, 1, 1, 1, 1, 1, 1 }, 4449 // ZYDIS_MVEX_FUNC_F_32 4450 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4451 // ZYDIS_MVEX_FUNC_I_32 4452 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4453 // ZYDIS_MVEX_FUNC_F_64 4454 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4455 // ZYDIS_MVEX_FUNC_I_64 4456 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4457 // ZYDIS_MVEX_FUNC_SWIZZLE_32 4458 { 1, 1, 1, 1, 1, 1, 1, 1 }, 4459 // ZYDIS_MVEX_FUNC_SWIZZLE_64 4460 { 1, 1, 1, 1, 1, 1, 1, 1 }, 4461 // ZYDIS_MVEX_FUNC_SF_32 4462 { 1, 1, 1, 1, 1, 0, 1, 1 }, 4463 // ZYDIS_MVEX_FUNC_SF_32_BCST 4464 { 1, 1, 1, 0, 0, 0, 0, 0 }, 4465 // ZYDIS_MVEX_FUNC_SF_32_BCST_4TO16 4466 { 1, 0, 1, 0, 0, 0, 0, 0 }, 4467 // ZYDIS_MVEX_FUNC_SF_64 4468 { 1, 1, 1, 0, 0, 0, 0, 0 }, 4469 // ZYDIS_MVEX_FUNC_SI_32 4470 { 1, 1, 1, 0, 1, 1, 1, 1 }, 4471 // ZYDIS_MVEX_FUNC_SI_32_BCST 4472 { 1, 1, 1, 0, 0, 0, 0, 0 }, 4473 // ZYDIS_MVEX_FUNC_SI_32_BCST_4TO16 4474 { 1, 0, 1, 0, 0, 0, 0, 0 }, 4475 // ZYDIS_MVEX_FUNC_SI_64 4476 { 1, 1, 1, 0, 0, 0, 0, 0 }, 4477 // ZYDIS_MVEX_FUNC_UF_32 4478 { 1, 0, 0, 1, 1, 1, 1, 1 }, 4479 // ZYDIS_MVEX_FUNC_UF_64 4480 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4481 // ZYDIS_MVEX_FUNC_UI_32 4482 { 1, 0, 0, 0, 1, 1, 1, 1 }, 4483 // ZYDIS_MVEX_FUNC_UI_64 4484 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4485 // ZYDIS_MVEX_FUNC_DF_32 4486 { 1, 0, 0, 1, 1, 1, 1, 1 }, 4487 // ZYDIS_MVEX_FUNC_DF_64 4488 { 1, 0, 0, 0, 0, 0, 0, 0 }, 4489 // ZYDIS_MVEX_FUNC_DI_32 4490 { 1, 0, 0, 0, 1, 1, 1, 1 }, 4491 // ZYDIS_MVEX_FUNC_DI_64 4492 { 1, 0, 0, 0, 0, 0, 0, 0 } 4493 }; 4494 ZYAN_ASSERT(def->functionality < ZYAN_ARRAY_LENGTH(lookup)); 4495 ZYAN_ASSERT(instruction->raw.mvex.SSS < 8); 4496 if (!lookup[def->functionality][instruction->raw.mvex.SSS]) 4497 { 4498 return ZYDIS_STATUS_DECODING_ERROR; 4499 } 4500 #else 4501 ZYAN_UNREACHABLE; 4502 #endif 4503 break; 4504 } 4505 default: 4506 ZYAN_UNREACHABLE; 4507 } 4508 4509 ZydisDecoderContext* context = state->context; 4510 const ZyanBool is_reg = context->reg_info.is_mod_reg; 4511 4512 ZyanU8 no_rip_rel = ZYAN_FALSE; 4513 ZyanU8 is_sr_dest_reg = ZYAN_FALSE; 4514 ZyanU8 is_sr_dest_rm = ZYAN_FALSE; 4515 if (def_reg) 4516 { 4517 is_sr_dest_reg = ZYDIS_OPDEF_GET_REG_HIGH_BIT(def_reg); 4518 def_reg = ZYDIS_OPDEF_GET_REG(def_reg); 4519 } 4520 if (def_rm) 4521 { 4522 if (is_reg) 4523 { 4524 is_sr_dest_rm = ZYDIS_OPDEF_GET_REG_HIGH_BIT(def_rm); 4525 def_rm = ZYDIS_OPDEF_GET_REG(def_rm); 4526 } 4527 else 4528 { 4529 no_rip_rel = ZYDIS_OPDEF_GET_MEM_HIGH_BIT(def_rm); 4530 def_rm = ZYDIS_OPDEF_GET_MEM(def_rm); 4531 } 4532 } 4533 4534 // Check RIP-relative memory addressing 4535 if (no_rip_rel) 4536 { 4537 const ZyanBool is_rip_rel = 4538 (state->decoder->machine_mode == ZYDIS_MACHINE_MODE_LONG_64) && 4539 (instruction->raw.modrm.mod == 0) && (instruction->raw.modrm.rm == 5); 4540 if (is_rip_rel) 4541 { 4542 return ZYDIS_STATUS_BAD_REGISTER; 4543 } 4544 } 4545 4546 // Populate- and validate register constraints 4547 ZYAN_CHECK(ZydisPopulateRegisterIds(context, instruction, def_reg, def_rm, def_ndsndd)); 4548 4549 // `ZYDIS_REGISTER_CS` is not allowed as `MOV` target 4550 if (is_sr_dest_reg && (context->reg_info.id_reg == 1)) 4551 { 4552 return ZYDIS_STATUS_BAD_REGISTER; 4553 } 4554 if (is_sr_dest_rm && (context->reg_info.id_rm == 1)) 4555 { 4556 return ZYDIS_STATUS_BAD_REGISTER; 4557 } 4558 4559 // Check gather registers 4560 if (is_gather) 4561 { 4562 // ZYAN_ASSERT(has_VSIB); 4563 ZYAN_ASSERT(instruction->raw.modrm.mod != 3); 4564 ZYAN_ASSERT(instruction->raw.modrm.rm == 4); 4565 4566 const ZyanU8 index = context->reg_info.id_index; 4567 ZyanU8 dest = context->reg_info.id_reg; 4568 ZyanU8 mask = 0xF0; 4569 4570 if (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_VEX) 4571 { 4572 ZYAN_ASSERT((def_reg == ZYDIS_REGKIND_VR) && 4573 (def_rm == ZYDIS_MEMOP_TYPE_VSIB) && 4574 (def_ndsndd == ZYDIS_REGKIND_VR)); 4575 mask = context->reg_info.id_ndsndd; 4576 } 4577 4578 if ((instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || 4579 (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_MVEX)) 4580 { 4581 ZYAN_ASSERT(((def_reg == ZYDIS_REGKIND_INVALID) || 4582 (def_reg == ZYDIS_REGKIND_VR)) && 4583 (def_rm == ZYDIS_MEMOP_TYPE_VSIB) && 4584 (def_ndsndd == ZYDIS_REGKIND_INVALID)); 4585 4586 // Some gather instructions (like `VGATHERPF0{D|Q}{PS|PD}`) do not have a destination 4587 // operand 4588 if (!def_reg) 4589 { 4590 dest = 0xF1; 4591 } 4592 } 4593 4594 // If any pair of the index, mask, or destination registers are the same, the instruction 4595 // results a UD fault 4596 if ((dest == index) || (dest == mask) || (index == mask)) 4597 { 4598 return ZYDIS_STATUS_BAD_REGISTER; 4599 } 4600 } 4601 4602 // Check if any source register matches the destination register 4603 if (no_source_dest_match) 4604 { 4605 ZYAN_ASSERT((instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_EVEX) || 4606 (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_VEX)); 4607 4608 const ZyanU8 dest = context->reg_info.id_reg; 4609 const ZyanU8 source1 = context->reg_info.id_ndsndd; 4610 const ZyanU8 source2 = context->reg_info.id_rm; 4611 4612 if ((dest == source1) || (is_reg && (dest == source2))) 4613 { 4614 return ZYDIS_STATUS_BAD_REGISTER; 4615 } 4616 } 4617 4618 // If any pair of the source or destination registers are the same, the instruction results a 4619 // UD fault 4620 if (no_source_source_match) // TODO: Find better name 4621 { 4622 ZYAN_ASSERT(instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_VEX); 4623 ZYAN_ASSERT(is_reg); 4624 4625 const ZyanU8 dest = context->reg_info.id_reg; 4626 const ZyanU8 source1 = context->reg_info.id_ndsndd; 4627 const ZyanU8 source2 = context->reg_info.id_rm; 4628 4629 if ((dest == source1) || (dest == source2) || (source1 == source2)) 4630 { 4631 return ZYDIS_STATUS_BAD_REGISTER; 4632 } 4633 } 4634 4635 #if !defined(ZYDIS_DISABLE_AVX512) || !defined(ZYDIS_DISABLE_KNC) 4636 // Check for invalid MASK registers 4637 switch (mask_policy) 4638 { 4639 case ZYDIS_MASK_POLICY_INVALID: 4640 case ZYDIS_MASK_POLICY_ALLOWED: 4641 // Nothing to do here 4642 break; 4643 case ZYDIS_MASK_POLICY_REQUIRED: 4644 if (!context->vector_unified.mask) 4645 { 4646 return ZYDIS_STATUS_INVALID_MASK; 4647 } 4648 break; 4649 case ZYDIS_MASK_POLICY_FORBIDDEN: 4650 if (context->vector_unified.mask) 4651 { 4652 return ZYDIS_STATUS_INVALID_MASK; 4653 } 4654 break; 4655 default: 4656 ZYAN_UNREACHABLE; 4657 } 4658 #endif 4659 4660 return ZYAN_STATUS_SUCCESS; 4661 } 4662 4663 /* ---------------------------------------------------------------------------------------------- */ 4664 4665 /** 4666 * Uses the decoder-tree to decode the current instruction. 4667 * 4668 * @param state A pointer to the `ZydisDecoderState` struct. 4669 * @param instruction A pointer to the `ZydisDecodedInstruction` struct. 4670 * 4671 * @return A zyan status code. 4672 */ 4673 static ZyanStatus ZydisDecodeInstruction(ZydisDecoderState* state, 4674 ZydisDecodedInstruction* instruction) 4675 { 4676 ZYAN_ASSERT(state); 4677 ZYAN_ASSERT(instruction); 4678 4679 // Iterate through the decoder tree 4680 const ZydisDecoderTreeNode* node = ZydisDecoderTreeGetRootNode(); 4681 const ZydisDecoderTreeNode* temp = ZYAN_NULL; 4682 ZydisDecoderTreeNodeType node_type; 4683 do 4684 { 4685 node_type = node->type; 4686 ZyanU16 index = 0; 4687 ZyanStatus status = 0; 4688 switch (node_type) 4689 { 4690 case ZYDIS_NODETYPE_INVALID: 4691 if (temp) 4692 { 4693 node = temp; 4694 temp = ZYAN_NULL; 4695 node_type = ZYDIS_NODETYPE_FILTER_MANDATORY_PREFIX; 4696 if (state->prefixes.mandatory_candidate != 0x00) 4697 { 4698 instruction->raw.prefixes[state->prefixes.offset_mandatory].type = 4699 ZYDIS_PREFIX_TYPE_IGNORED; 4700 } 4701 if (state->prefixes.mandatory_candidate == 0x66) 4702 { 4703 if (state->prefixes.offset_osz_override == 4704 state->prefixes.offset_mandatory) 4705 { 4706 instruction->raw.prefixes[state->prefixes.offset_mandatory].type = 4707 ZYDIS_PREFIX_TYPE_EFFECTIVE; 4708 } 4709 instruction->attributes |= ZYDIS_ATTRIB_HAS_OPERANDSIZE; 4710 } 4711 continue; 4712 } 4713 return ZYDIS_STATUS_DECODING_ERROR; 4714 case ZYDIS_NODETYPE_FILTER_XOP: 4715 status = ZydisNodeHandlerXOP(instruction, &index); 4716 break; 4717 case ZYDIS_NODETYPE_FILTER_VEX: 4718 status = ZydisNodeHandlerVEX(instruction, &index); 4719 break; 4720 case ZYDIS_NODETYPE_FILTER_EMVEX: 4721 status = ZydisNodeHandlerEMVEX(instruction, &index); 4722 break; 4723 case ZYDIS_NODETYPE_FILTER_OPCODE: 4724 status = ZydisNodeHandlerOpcode(state, instruction, &index); 4725 break; 4726 case ZYDIS_NODETYPE_FILTER_MODE: 4727 status = ZydisNodeHandlerMode(instruction, &index); 4728 break; 4729 case ZYDIS_NODETYPE_FILTER_MODE_COMPACT: 4730 status = ZydisNodeHandlerModeCompact(instruction, &index); 4731 break; 4732 case ZYDIS_NODETYPE_FILTER_MODRM_MOD: 4733 status = ZydisNodeHandlerModrmMod(state, instruction, &index); 4734 break; 4735 case ZYDIS_NODETYPE_FILTER_MODRM_MOD_COMPACT: 4736 status = ZydisNodeHandlerModrmModCompact(state, instruction, &index); 4737 break; 4738 case ZYDIS_NODETYPE_FILTER_MODRM_REG: 4739 status = ZydisNodeHandlerModrmReg(state, instruction, &index); 4740 break; 4741 case ZYDIS_NODETYPE_FILTER_MODRM_RM: 4742 status = ZydisNodeHandlerModrmRm(state, instruction, &index); 4743 break; 4744 case ZYDIS_NODETYPE_FILTER_PREFIX_GROUP1: 4745 index = state->prefixes.group1 ? 1 : 0; 4746 break; 4747 case ZYDIS_NODETYPE_FILTER_MANDATORY_PREFIX: 4748 status = ZydisNodeHandlerMandatoryPrefix(state, instruction, &index); 4749 temp = ZydisDecoderTreeGetChildNode(node, 0); 4750 // TODO: Return to this point, if index == 0 contains a value and the previous path 4751 // TODO: was not successful 4752 // TODO: Restore consumed prefix 4753 break; 4754 case ZYDIS_NODETYPE_FILTER_OPERAND_SIZE: 4755 status = ZydisNodeHandlerOperandSize(state, instruction, &index); 4756 break; 4757 case ZYDIS_NODETYPE_FILTER_ADDRESS_SIZE: 4758 status = ZydisNodeHandlerAddressSize(instruction, &index); 4759 break; 4760 case ZYDIS_NODETYPE_FILTER_VECTOR_LENGTH: 4761 status = ZydisNodeHandlerVectorLength(state->context, instruction, &index); 4762 break; 4763 case ZYDIS_NODETYPE_FILTER_REX_W: 4764 status = ZydisNodeHandlerRexW(state->context, instruction, &index); 4765 break; 4766 case ZYDIS_NODETYPE_FILTER_REX_B: 4767 status = ZydisNodeHandlerRexB(state->context, instruction, &index); 4768 break; 4769 #ifndef ZYDIS_DISABLE_AVX512 4770 case ZYDIS_NODETYPE_FILTER_EVEX_B: 4771 status = ZydisNodeHandlerEvexB(instruction, &index); 4772 break; 4773 #endif 4774 #ifndef ZYDIS_DISABLE_KNC 4775 case ZYDIS_NODETYPE_FILTER_MVEX_E: 4776 status = ZydisNodeHandlerMvexE(instruction, &index); 4777 break; 4778 #endif 4779 case ZYDIS_NODETYPE_FILTER_MODE_AMD: 4780 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_AMD_BRANCHES] ? 1 : 0; 4781 break; 4782 case ZYDIS_NODETYPE_FILTER_MODE_KNC: 4783 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_KNC] ? 1 : 0; 4784 break; 4785 case ZYDIS_NODETYPE_FILTER_MODE_MPX: 4786 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_MPX] ? 1 : 0; 4787 break; 4788 case ZYDIS_NODETYPE_FILTER_MODE_CET: 4789 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_CET] ? 1 : 0; 4790 break; 4791 case ZYDIS_NODETYPE_FILTER_MODE_LZCNT: 4792 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_LZCNT] ? 1 : 0; 4793 break; 4794 case ZYDIS_NODETYPE_FILTER_MODE_TZCNT: 4795 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_TZCNT] ? 1 : 0; 4796 break; 4797 case ZYDIS_NODETYPE_FILTER_MODE_WBNOINVD: 4798 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_WBNOINVD] ? 1 : 0; 4799 break; 4800 case ZYDIS_NODETYPE_FILTER_MODE_CLDEMOTE: 4801 index = state->decoder->decoder_mode[ZYDIS_DECODER_MODE_CLDEMOTE] ? 1 : 0; 4802 break; 4803 default: 4804 if (node_type & ZYDIS_NODETYPE_DEFINITION_MASK) 4805 { 4806 const ZydisInstructionDefinition* definition; 4807 ZydisGetInstructionDefinition(instruction->encoding, node->value, &definition); 4808 ZydisSetEffectiveOperandWidth(state->context, instruction, definition); 4809 ZydisSetEffectiveAddressWidth(state->context, instruction, definition); 4810 4811 const ZydisInstructionEncodingInfo* info; 4812 ZydisGetInstructionEncodingInfo(node, &info); 4813 ZYAN_CHECK(ZydisDecodeOptionalInstructionParts(state, instruction, info)); 4814 ZYAN_CHECK(ZydisCheckErrorConditions(state, instruction, definition)); 4815 4816 if (instruction->encoding == ZYDIS_INSTRUCTION_ENCODING_3DNOW) 4817 { 4818 // Get actual 3DNOW opcode and definition 4819 ZYAN_CHECK(ZydisInputNext(state, instruction, &instruction->opcode)); 4820 node = ZydisDecoderTreeGetRootNode(); 4821 node = ZydisDecoderTreeGetChildNode(node, 0x0F); 4822 node = ZydisDecoderTreeGetChildNode(node, 0x0F); 4823 node = ZydisDecoderTreeGetChildNode(node, instruction->opcode); 4824 if (node->type == ZYDIS_NODETYPE_INVALID) 4825 { 4826 return ZYDIS_STATUS_DECODING_ERROR; 4827 } 4828 ZYAN_ASSERT(node->type == ZYDIS_NODETYPE_FILTER_MODRM_MOD_COMPACT); 4829 node = ZydisDecoderTreeGetChildNode( 4830 node, (instruction->raw.modrm.mod == 0x3) ? 0 : 1); 4831 ZYAN_ASSERT(node->type & ZYDIS_NODETYPE_DEFINITION_MASK); 4832 ZydisGetInstructionDefinition(instruction->encoding, node->value, &definition); 4833 } 4834 4835 instruction->mnemonic = definition->mnemonic; 4836 4837 #ifndef ZYDIS_MINIMAL_MODE 4838 4839 instruction->operand_count = definition->operand_count; 4840 instruction->operand_count_visible = definition->operand_count_visible; 4841 state->context->definition = definition; 4842 4843 instruction->meta.category = definition->category; 4844 instruction->meta.isa_set = definition->isa_set; 4845 instruction->meta.isa_ext = definition->isa_ext; 4846 instruction->meta.branch_type = definition->branch_type; 4847 ZYAN_ASSERT((instruction->meta.branch_type == ZYDIS_BRANCH_TYPE_NONE) || 4848 ((instruction->meta.category == ZYDIS_CATEGORY_CALL) || 4849 (instruction->meta.category == ZYDIS_CATEGORY_COND_BR) || 4850 (instruction->meta.category == ZYDIS_CATEGORY_UNCOND_BR) || 4851 (instruction->meta.category == ZYDIS_CATEGORY_RET))); 4852 instruction->meta.exception_class = definition->exception_class; 4853 4854 if (!state->decoder->decoder_mode[ZYDIS_DECODER_MODE_MINIMAL]) 4855 { 4856 ZydisSetAttributes(state, instruction, definition); 4857 switch (instruction->encoding) 4858 { 4859 case ZYDIS_INSTRUCTION_ENCODING_XOP: 4860 case ZYDIS_INSTRUCTION_ENCODING_VEX: 4861 case ZYDIS_INSTRUCTION_ENCODING_EVEX: 4862 case ZYDIS_INSTRUCTION_ENCODING_MVEX: 4863 ZydisSetAVXInformation(state->context, instruction, definition); 4864 break; 4865 default: 4866 break; 4867 } 4868 4869 const ZydisDefinitionAccessedFlags* flags; 4870 if (ZydisGetAccessedFlags(definition, &flags)) 4871 { 4872 instruction->attributes |= ZYDIS_ATTRIB_CPUFLAG_ACCESS; 4873 } 4874 instruction->cpu_flags = &flags->cpu_flags; 4875 instruction->fpu_flags = &flags->fpu_flags; 4876 } 4877 4878 #endif 4879 4880 return ZYAN_STATUS_SUCCESS; 4881 } 4882 ZYAN_UNREACHABLE; 4883 } 4884 ZYAN_CHECK(status); 4885 node = ZydisDecoderTreeGetChildNode(node, index); 4886 } while ((node_type != ZYDIS_NODETYPE_INVALID) && !(node_type & ZYDIS_NODETYPE_DEFINITION_MASK)); 4887 return ZYAN_STATUS_SUCCESS; 4888 } 4889 4890 /* ---------------------------------------------------------------------------------------------- */ 4891 4892 /* ============================================================================================== */ 4893 /* Exported functions */ 4894 /* ============================================================================================== */ 4895 4896 ZyanStatus ZydisDecoderInit(ZydisDecoder* decoder, ZydisMachineMode machine_mode, 4897 ZydisStackWidth stack_width) 4898 { 4899 static const ZyanBool decoder_modes[ZYDIS_DECODER_MODE_MAX_VALUE + 1] = 4900 { 4901 #ifdef ZYDIS_MINIMAL_MODE 4902 ZYAN_TRUE , // ZYDIS_DECODER_MODE_MINIMAL 4903 #else 4904 ZYAN_FALSE, // ZYDIS_DECODER_MODE_MINIMAL 4905 #endif 4906 ZYAN_FALSE, // ZYDIS_DECODER_MODE_AMD_BRANCHES 4907 ZYAN_FALSE, // ZYDIS_DECODER_MODE_KNC 4908 ZYAN_TRUE , // ZYDIS_DECODER_MODE_MPX 4909 ZYAN_TRUE , // ZYDIS_DECODER_MODE_CET 4910 ZYAN_TRUE , // ZYDIS_DECODER_MODE_LZCNT 4911 ZYAN_TRUE , // ZYDIS_DECODER_MODE_TZCNT 4912 ZYAN_FALSE, // ZYDIS_DECODER_MODE_WBNOINVD 4913 ZYAN_TRUE // ZYDIS_DECODER_MODE_CLDEMOTE 4914 }; 4915 4916 if (!decoder) 4917 { 4918 return ZYAN_STATUS_INVALID_ARGUMENT; 4919 } 4920 switch (machine_mode) 4921 { 4922 case ZYDIS_MACHINE_MODE_LONG_64: 4923 if (stack_width != ZYDIS_STACK_WIDTH_64) 4924 { 4925 return ZYAN_STATUS_INVALID_ARGUMENT; 4926 } 4927 break; 4928 case ZYDIS_MACHINE_MODE_LONG_COMPAT_32: 4929 case ZYDIS_MACHINE_MODE_LONG_COMPAT_16: 4930 case ZYDIS_MACHINE_MODE_LEGACY_32: 4931 case ZYDIS_MACHINE_MODE_LEGACY_16: 4932 case ZYDIS_MACHINE_MODE_REAL_16: 4933 if ((stack_width != ZYDIS_STACK_WIDTH_16) && (stack_width != ZYDIS_STACK_WIDTH_32)) 4934 { 4935 return ZYAN_STATUS_INVALID_ARGUMENT; 4936 } 4937 break; 4938 default: 4939 return ZYAN_STATUS_INVALID_ARGUMENT; 4940 } 4941 4942 decoder->machine_mode = machine_mode; 4943 decoder->stack_width = stack_width; 4944 ZYAN_MEMCPY(&decoder->decoder_mode, &decoder_modes, sizeof(decoder_modes)); 4945 4946 return ZYAN_STATUS_SUCCESS; 4947 } 4948 4949 ZyanStatus ZydisDecoderEnableMode(ZydisDecoder* decoder, ZydisDecoderMode mode, ZyanBool enabled) 4950 { 4951 if (!decoder || ((ZyanUSize)mode > ZYDIS_DECODER_MODE_MAX_VALUE)) 4952 { 4953 return ZYAN_STATUS_INVALID_ARGUMENT; 4954 } 4955 4956 #ifdef ZYDIS_MINIMAL_MODE 4957 if ((mode == ZYDIS_DECODER_MODE_MINIMAL) && !enabled) 4958 { 4959 return ZYAN_STATUS_INVALID_OPERATION; 4960 } 4961 #endif 4962 4963 decoder->decoder_mode[mode] = enabled; 4964 4965 return ZYAN_STATUS_SUCCESS; 4966 } 4967 4968 ZyanStatus ZydisDecoderDecodeFull(const ZydisDecoder* decoder, 4969 const void* buffer, ZyanUSize length, ZydisDecodedInstruction* instruction, 4970 ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT]) 4971 { 4972 if (!decoder || !instruction || !buffer || !operands) 4973 { 4974 return ZYAN_STATUS_INVALID_ARGUMENT; 4975 } 4976 if (!length) 4977 { 4978 return ZYDIS_STATUS_NO_MORE_DATA; 4979 } 4980 if (decoder->decoder_mode[ZYDIS_DECODER_MODE_MINIMAL]) 4981 { 4982 return ZYAN_STATUS_MISSING_DEPENDENCY; // TODO: Introduce better status code 4983 } 4984 4985 ZydisDecoderContext context; 4986 ZYAN_CHECK(ZydisDecoderDecodeInstruction(decoder, &context, buffer, length, instruction)); 4987 ZYAN_CHECK(ZydisDecoderDecodeOperands(decoder, &context, instruction, operands, 4988 instruction->operand_count)); 4989 ZYAN_MEMSET(&operands[instruction->operand_count], 0, 4990 (ZYDIS_MAX_OPERAND_COUNT - instruction->operand_count) * sizeof(operands[0])); 4991 4992 return ZYAN_STATUS_SUCCESS; 4993 } 4994 4995 ZyanStatus ZydisDecoderDecodeInstruction(const ZydisDecoder* decoder, ZydisDecoderContext* context, 4996 const void* buffer, ZyanUSize length, ZydisDecodedInstruction* instruction) 4997 { 4998 if (!decoder || !instruction || !buffer) 4999 { 5000 return ZYAN_STATUS_INVALID_ARGUMENT; 5001 } 5002 5003 if (!length) 5004 { 5005 return ZYDIS_STATUS_NO_MORE_DATA; 5006 } 5007 5008 ZydisDecoderState state; 5009 ZYAN_MEMSET(&state, 0, sizeof(state)); 5010 state.decoder = decoder; 5011 state.buffer = (const ZyanU8*)buffer; 5012 state.buffer_len = length; 5013 state.prefixes.offset_notrack = -1; 5014 5015 ZydisDecoderContext default_context; 5016 if (!context) 5017 { 5018 // Use a fallback context if no custom one has been provided 5019 context = &default_context; 5020 } 5021 ZYAN_MEMSET(context, 0, sizeof(*context)); 5022 state.context = context; 5023 5024 ZYAN_MEMSET(instruction, 0, sizeof(*instruction)); 5025 instruction->machine_mode = decoder->machine_mode; 5026 instruction->stack_width = 16 << decoder->stack_width; 5027 5028 ZYAN_CHECK(ZydisCollectOptionalPrefixes(&state, instruction)); 5029 ZYAN_CHECK(ZydisDecodeInstruction(&state, instruction)); 5030 5031 instruction->raw.encoding2 = instruction->encoding; 5032 5033 return ZYAN_STATUS_SUCCESS; 5034 } 5035 5036 ZyanStatus ZydisDecoderDecodeOperands(const ZydisDecoder* decoder, 5037 const ZydisDecoderContext* context, const ZydisDecodedInstruction* instruction, 5038 ZydisDecodedOperand* operands, ZyanU8 operand_count) 5039 { 5040 #ifdef ZYDIS_MINIMAL_MODE 5041 5042 ZYAN_UNUSED(decoder); 5043 ZYAN_UNUSED(context); 5044 ZYAN_UNUSED(instruction); 5045 ZYAN_UNUSED(operands); 5046 ZYAN_UNUSED(operand_count); 5047 5048 return ZYAN_STATUS_MISSING_DEPENDENCY; // TODO: Introduce better status code 5049 5050 #else 5051 5052 if (!decoder || !context || !context->definition || !instruction || 5053 (operand_count && !operands) || (operand_count > ZYDIS_MAX_OPERAND_COUNT)) 5054 { 5055 return ZYAN_STATUS_INVALID_ARGUMENT; 5056 } 5057 5058 if (decoder->decoder_mode[ZYDIS_DECODER_MODE_MINIMAL]) 5059 { 5060 return ZYAN_STATUS_MISSING_DEPENDENCY; // TODO: Introduce better status code 5061 } 5062 5063 operand_count = ZYAN_MIN(operand_count, instruction->operand_count); 5064 if (!operand_count) 5065 { 5066 return ZYAN_STATUS_SUCCESS; 5067 } 5068 5069 return ZydisDecodeOperands(decoder, context, instruction, operands, operand_count); 5070 5071 #endif 5072 } 5073 5074 /* ============================================================================================== */