diff options
| author | iximeow <me@iximeow.net> | 2021-08-21 12:13:01 -0700 |
|---|---|---|
| committer | iximeow <me@iximeow.net> | 2021-08-21 12:13:01 -0700 |
| commit | cef4feeaf9c64e03a6728f267750ac2fb32eb9ff (patch) | |
| tree | dcfc974ad5d1beffe629138aebdfa92fbf7f90a5 | |
| parent | 4612215ddc98dabaffedc36f6fe402bb9f04119a (diff) | |
report memory sizes for push, pop, call, ret
these instructions had memory sizes reported for the operand, if it was
a memory operand, but for versions with non-memory operands the decoded
`Instruction` would imply that non memory access would happen at all.
now, decoded instructions in these cases will report a more useful
memory size.
| -rw-r--r-- | src/lib.rs | 7 | ||||
| -rw-r--r-- | src/long_mode/mod.rs | 32 | ||||
| -rw-r--r-- | src/protected_mode/mod.rs | 28 | ||||
| -rw-r--r-- | src/real_mode/mod.rs | 29 | ||||
| -rw-r--r-- | test/long_mode/operand.rs | 18 | ||||
| -rw-r--r-- | test/protected_mode/operand.rs | 18 | ||||
| -rw-r--r-- | test/real_mode/mod.rs | 3 | ||||
| -rw-r--r-- | test/real_mode/operand.rs | 20 |
8 files changed, 151 insertions, 4 deletions
@@ -185,3 +185,10 @@ impl core::fmt::Display for MemoryAccessSize { f.write_str(self.size_name()) } } + +#[cfg(feature = "fmt")] +impl core::fmt::Debug for MemoryAccessSize { + fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result { + core::fmt::Display::fmt(self, f) + } +} diff --git a/src/long_mode/mod.rs b/src/long_mode/mod.rs index 039d550..a01e854 100644 --- a/src/long_mode/mod.rs +++ b/src/long_mode/mod.rs @@ -7396,6 +7396,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if immsz == 0 { instruction.operands[0] = OperandSpec::ImmI8; } else { + if instruction.opcode == Opcode::CALL { + instruction.mem_size = 8; + } instruction.operands[0] = OperandSpec::ImmI32; } instruction.operand_count = 1; @@ -7420,6 +7423,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe }; instruction.regs[0] = RegSpec::from_parts(reg, instruction.prefixes.rex_unchecked().b(), bank); + instruction.mem_size = 8; instruction.operand_count = 1; } 1 => { @@ -7615,12 +7619,27 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if instruction.operands[0] == OperandSpec::RegMMM { if opcode == Opcode::CALL || opcode == Opcode::JMP { instruction.regs[1].bank = RegisterBank::Q; + if opcode == Opcode::CALL { + instruction.mem_size = 8; + } + } else if opcode == Opcode::PUSH || opcode == Opcode::POP { + if instruction.prefixes.operand_size() { + instruction.mem_size = 2; + } else { + instruction.mem_size = 8; + } } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF { return Err(DecodeError::InvalidOperand); } } else { - if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP { + if opcode == Opcode::CALL || opcode == Opcode::JMP { instruction.mem_size = 8; + } else if opcode == Opcode::PUSH || opcode == Opcode::POP { + if instruction.prefixes.operand_size() { + instruction.mem_size = 2; + } else { + instruction.mem_size = 8; + } } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF { instruction.mem_size = 10; } @@ -7749,6 +7768,12 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if instruction.opcode == Opcode::Invalid { return Err(DecodeError::InvalidOpcode); } + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 8; + } else if instruction.opcode == Opcode::RETF { + instruction.mem_size = 10; + } + // TODO: leave? instruction.operands[0] = OperandSpec::Nothing; instruction.operand_count = 0; return Ok(()); @@ -9273,6 +9298,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y instruction.imm = read_imm_unsigned(words, 2)?; instruction.operands[0] = OperandSpec::ImmU16; + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 8; + } else { + instruction.mem_size = 10; + } instruction.operand_count = 1; } OperandCode::ModRM_0x0f00 => { diff --git a/src/protected_mode/mod.rs b/src/protected_mode/mod.rs index a06af4c..8381d68 100644 --- a/src/protected_mode/mod.rs +++ b/src/protected_mode/mod.rs @@ -7235,6 +7235,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe }; instruction.regs[0] = RegSpec::from_parts(reg, bank); + instruction.mem_size = 4; instruction.operand_count = 1; } 1 => { @@ -7328,6 +7329,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if immsz == 0 { instruction.operands[0] = OperandSpec::ImmI8; } else { + if instruction.opcode == Opcode::CALL { + instruction.mem_size = 4; + } instruction.operands[0] = OperandSpec::ImmI32; } instruction.operand_count = 1; @@ -7505,12 +7509,21 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if instruction.operands[0] == OperandSpec::RegMMM { if opcode == Opcode::CALL || opcode == Opcode::JMP { instruction.regs[1].bank = RegisterBank::D; + if opcode == Opcode::CALL { + instruction.mem_size = 4; + } } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF { return Err(DecodeError::InvalidOperand); } } else { - if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP { + if opcode == Opcode::CALL || opcode == Opcode::JMP { instruction.mem_size = 4; + } else if opcode == Opcode::PUSH || opcode == Opcode::POP { + if instruction.prefixes.operand_size() { + instruction.mem_size = 2; + } else { + instruction.mem_size = 4; + } } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF { instruction.mem_size = 6; } @@ -7653,6 +7666,14 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe instruction.operand_count = 1; } 28 => { + if instruction.opcode == Opcode::Invalid { + return Err(DecodeError::InvalidOpcode); + } + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 4; + } else { + instruction.mem_size = 6; + } instruction.operands[0] = OperandSpec::Nothing; instruction.operand_count = 0; return Ok(()); @@ -9132,6 +9153,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y instruction.imm = read_imm_unsigned(words, 2)?; instruction.operands[0] = OperandSpec::ImmU16; + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 4; + } else { + instruction.mem_size = 6; + } instruction.operand_count = 1; } OperandCode::ModRM_0x0f00 => { diff --git a/src/real_mode/mod.rs b/src/real_mode/mod.rs index fbfc687..548c42e 100644 --- a/src/real_mode/mod.rs +++ b/src/real_mode/mod.rs @@ -7236,6 +7236,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe }; instruction.regs[0] = RegSpec::from_parts(reg, bank); + instruction.mem_size = 2; instruction.operand_count = 1; } 1 => { @@ -7329,6 +7330,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if immsz == 0 { instruction.operands[0] = OperandSpec::ImmI8; } else { + if instruction.opcode == Opcode::CALL { + instruction.mem_size = 2; + } instruction.operands[0] = OperandSpec::ImmI32; } instruction.operand_count = 1; @@ -7506,11 +7510,19 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe if instruction.operands[0] == OperandSpec::RegMMM { // in real mode, `xed` reports that operand-size does in fact override from word to // dword. unlikely larger modes, operand-size can't shrink the call operand down. - if opcode == Opcode::CALLF || opcode == Opcode::JMPF { + if opcode == Opcode::CALL { + instruction.mem_size = 2; + } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF { return Err(DecodeError::InvalidOperand); } } else { - if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP { + if opcode == Opcode::CALL || opcode == Opcode::JMP { + if instruction.prefixes.operand_size() { + instruction.mem_size = 4; + } else { + instruction.mem_size = 2; + } + } else if opcode == Opcode::PUSH || opcode == Opcode::POP { if instruction.prefixes.operand_size() { instruction.mem_size = 4; } else { @@ -7658,6 +7670,14 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe instruction.operand_count = 1; } 28 => { + if instruction.opcode == Opcode::Invalid { + return Err(DecodeError::InvalidOpcode); + } + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 2; + } else { + instruction.mem_size = 4; + } instruction.operands[0] = OperandSpec::Nothing; instruction.operand_count = 0; return Ok(()); @@ -9140,6 +9160,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y instruction.imm = read_imm_unsigned(words, 2)?; instruction.operands[0] = OperandSpec::ImmU16; + if instruction.opcode == Opcode::RETURN { + instruction.mem_size = 2; + } else { + instruction.mem_size = 4; + } instruction.operand_count = 1; } OperandCode::ModRM_0x0f00 => { diff --git a/test/long_mode/operand.rs b/test/long_mode/operand.rs index 7be8d82..4cdaf35 100644 --- a/test/long_mode/operand.rs +++ b/test/long_mode/operand.rs @@ -28,3 +28,21 @@ fn memory_widths() { assert_eq!(mem_size_of(&[0x33, 0x00]).size_name(), "dword"); assert_eq!(mem_size_of(&[0x48, 0x33, 0x00]).size_name(), "qword"); } + +#[test] +fn test_implied_memory_width() { + fn mem_size_of(data: &[u8]) -> Option<u8> { + let decoder = InstDecoder::default(); + decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size() + } + + // test push, pop, call, and ret + assert_eq!(mem_size_of(&[0xc3]), Some(8)); + assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(8)); + assert_eq!(mem_size_of(&[0x50]), Some(8)); + assert_eq!(mem_size_of(&[0x58]), Some(8)); + assert_eq!(mem_size_of(&[0x66, 0x50]), Some(8)); + assert_eq!(mem_size_of(&[0x66, 0x58]), Some(8)); + assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(8)); + assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2)); +} diff --git a/test/protected_mode/operand.rs b/test/protected_mode/operand.rs index fd850da..a114e69 100644 --- a/test/protected_mode/operand.rs +++ b/test/protected_mode/operand.rs @@ -26,3 +26,21 @@ fn memory_widths() { assert_eq!(mem_size_of(&[0x66, 0x33, 0x00]).size_name(), "word"); assert_eq!(mem_size_of(&[0x33, 0x00]).size_name(), "dword"); } + +#[test] +fn test_implied_memory_width() { + fn mem_size_of(data: &[u8]) -> Option<u8> { + let decoder = InstDecoder::default(); + decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size() + } + + // test push, pop, call, and ret + assert_eq!(mem_size_of(&[0xc3]), Some(4)); + assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(4)); + assert_eq!(mem_size_of(&[0x50]), Some(4)); + assert_eq!(mem_size_of(&[0x58]), Some(4)); + assert_eq!(mem_size_of(&[0x66, 0x50]), Some(4)); + assert_eq!(mem_size_of(&[0x66, 0x58]), Some(4)); + assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(4)); + assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2)); +} diff --git a/test/real_mode/mod.rs b/test/real_mode/mod.rs index 6005f07..8543fae 100644 --- a/test/real_mode/mod.rs +++ b/test/real_mode/mod.rs @@ -1,3 +1,5 @@ +mod operand; + use std::fmt::Write; use yaxpeax_arch::{AddressBase, Decoder, U8Reader, LengthedInstruction}; @@ -17892,6 +17894,7 @@ fn test_real_mode() { test_display(&[0xff, 0x08], "dec word [bx + si]"); test_display(&[0xff, 0x15], "call word [di]"); test_display(&[0x67, 0xff, 0x15, 0x12, 0x12, 0x12, 0x12], "call word [0x12121212]"); + // note that this call only writes two bytes, and only moves sp by two. test_display(&[0x66, 0xff, 0x15], "call dword [di]"); test_display(&[0xff, 0x18], "callf dword [bx + si]"); test_display(&[0xff, 0x24], "jmp word [si]"); diff --git a/test/real_mode/operand.rs b/test/real_mode/operand.rs new file mode 100644 index 0000000..e037fee --- /dev/null +++ b/test/real_mode/operand.rs @@ -0,0 +1,20 @@ +use yaxpeax_x86::real_mode::{InstDecoder, Operand, RegSpec}; +use yaxpeax_x86::MemoryAccessSize; + +#[test] +fn test_implied_memory_width() { + fn mem_size_of(data: &[u8]) -> Option<u8> { + let decoder = InstDecoder::default(); + decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size() + } + + // test push, pop, call, and ret + assert_eq!(mem_size_of(&[0xc3]), Some(2)); + assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(2)); + assert_eq!(mem_size_of(&[0x50]), Some(2)); + assert_eq!(mem_size_of(&[0x58]), Some(2)); + assert_eq!(mem_size_of(&[0x66, 0x50]), Some(2)); + assert_eq!(mem_size_of(&[0x66, 0x58]), Some(2)); + assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(2)); + assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(4)); +} |