diff options
| author | iximeow <me@iximeow.net> | 2021-08-21 13:13:26 -0700 | 
|---|---|---|
| committer | iximeow <me@iximeow.net> | 2021-08-21 13:15:46 -0700 | 
| commit | 9687a5af1d712da41992cba8d241ddef8bdc50ec (patch) | |
| tree | a17d37ad3096c86f7c0247ed08ef2ff5a9f27cf2 | |
| parent | cef4feeaf9c64e03a6728f267750ac2fb32eb9ff (diff) | |
clarify inaccurate 32/16-bit `call/jmp [mem]` mem_size
| -rw-r--r-- | src/protected_mode/mod.rs | 14 | ||||
| -rw-r--r-- | src/real_mode/mod.rs | 18 | ||||
| -rw-r--r-- | test/long_mode/operand.rs | 3 | ||||
| -rw-r--r-- | test/protected_mode/operand.rs | 4 | ||||
| -rw-r--r-- | test/real_mode/operand.rs | 7 | 
5 files changed, 34 insertions, 12 deletions
| diff --git a/src/protected_mode/mod.rs b/src/protected_mode/mod.rs index 8381d68..79eb1b1 100644 --- a/src/protected_mode/mod.rs +++ b/src/protected_mode/mod.rs @@ -4223,6 +4223,15 @@ impl Instruction {      /// the corresponding `MemoryAccessSize` may report that the size of accessed memory is      /// indeterminate; this is the case for `xsave/xrestor`-style instructions whose operation size      /// varies based on physical processor. +    /// +    /// ## NOTE +    /// +    /// the reported size is correct for displayed operand sizes (`word [ptr]` will have a +    /// `MemoryAccessSize` indicating two bytes) but is _not_ sufficient to describe all accesses +    /// of all instructions. the most notable exception is for operand-size-prefixed `call`, where +    /// `66ff10` is the instruction `call word [eax]`, but will push a four-byte `eip`. this same +    /// imprecision exists for `jmp word [mem]` as well. tools must account for these inconsistent +    /// sizes internally.      pub fn mem_size(&self) -> Option<MemoryAccessSize> {          if self.mem_size != 0 {              Some(MemoryAccessSize { size: self.mem_size }) @@ -7516,9 +7525,8 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe                      return Err(DecodeError::InvalidOperand);                  }              } else { -                if opcode == Opcode::CALL || opcode == Opcode::JMP { -                    instruction.mem_size = 4; -                } else if opcode == Opcode::PUSH || opcode == Opcode::POP { +                if opcode == Opcode::CALL || opcode == Opcode::JMP || +                    opcode == Opcode::PUSH || opcode == Opcode::POP {                      if instruction.prefixes.operand_size() {                          instruction.mem_size = 2;                      } else { diff --git a/src/real_mode/mod.rs b/src/real_mode/mod.rs index 548c42e..8a7e453 100644 --- a/src/real_mode/mod.rs +++ b/src/real_mode/mod.rs @@ -4223,6 +4223,15 @@ impl Instruction {      /// the corresponding `MemoryAccessSize` may report that the size of accessed memory is      /// indeterminate; this is the case for `xsave/xrestor`-style instructions whose operation size      /// varies based on physical processor. +    /// +    /// ## NOTE +    /// +    /// the reported size is correct for displayed operand sizes (`word [ptr]` will have a +    /// `MemoryAccessSize` indicating two bytes) but is _not_ sufficient to describe all accesses +    /// of all instructions. the most notable exception is for operand-size-prefixed `call`, where +    /// `66ff10` is the instruction `call dword [eax]`, but will push a four-byte `eip`. this same +    /// imprecision exists for `jmp dword [mem]` as well. tools must account for these inconsistent +    /// sizes internally.      pub fn mem_size(&self) -> Option<MemoryAccessSize> {          if self.mem_size != 0 {              Some(MemoryAccessSize { size: self.mem_size }) @@ -7516,13 +7525,8 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe                      return Err(DecodeError::InvalidOperand);                  }              } else { -                if opcode == Opcode::CALL || opcode == Opcode::JMP { -                    if instruction.prefixes.operand_size() { -                        instruction.mem_size = 4; -                    } else { -                        instruction.mem_size = 2; -                    } -                } else if opcode == Opcode::PUSH || opcode == Opcode::POP { +                if opcode == Opcode::CALL || opcode == Opcode::JMP || +                    opcode == Opcode::PUSH || opcode == Opcode::POP {                      if instruction.prefixes.operand_size() {                          instruction.mem_size = 4;                      } else { diff --git a/test/long_mode/operand.rs b/test/long_mode/operand.rs index 4cdaf35..a47e6c8 100644 --- a/test/long_mode/operand.rs +++ b/test/long_mode/operand.rs @@ -45,4 +45,7 @@ fn test_implied_memory_width() {      assert_eq!(mem_size_of(&[0x66, 0x58]), Some(8));      assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(8));      assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2)); +    // operand-size prefixed call and jump still reads 8 bytes (prefix ignored) +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x10]), Some(8)); +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x20]), Some(8));  } diff --git a/test/protected_mode/operand.rs b/test/protected_mode/operand.rs index a114e69..6eb9ba5 100644 --- a/test/protected_mode/operand.rs +++ b/test/protected_mode/operand.rs @@ -43,4 +43,8 @@ fn test_implied_memory_width() {      assert_eq!(mem_size_of(&[0x66, 0x58]), Some(4));      assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(4));      assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2)); +    // unlike 64-bit mode, operand-size prefixed call and jump do have a different size: they read +    // two bytes. +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x10]), Some(2)); +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x20]), Some(2));  } diff --git a/test/real_mode/operand.rs b/test/real_mode/operand.rs index e037fee..7f2b72e 100644 --- a/test/real_mode/operand.rs +++ b/test/real_mode/operand.rs @@ -1,5 +1,4 @@ -use yaxpeax_x86::real_mode::{InstDecoder, Operand, RegSpec}; -use yaxpeax_x86::MemoryAccessSize; +use yaxpeax_x86::real_mode::{InstDecoder};  #[test]  fn test_implied_memory_width() { @@ -17,4 +16,8 @@ fn test_implied_memory_width() {      assert_eq!(mem_size_of(&[0x66, 0x58]), Some(2));      assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(2));      assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(4)); +    // unlike 64-bit mode, operand-size prefixed call and jump do have a different size: they read +    // four bytes. +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x10]), Some(4)); +    assert_eq!(mem_size_of(&[0x66, 0xff, 0x20]), Some(4));  } | 
