1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
use yaxpeax_x86::protected_mode::{InstDecoder, Operand, RegSpec};
use yaxpeax_x86::MemoryAccessSize;
#[test]
fn register_widths() {
assert_eq!(Operand::Register { reg: RegSpec::esp() }.width(), Some(4));
assert_eq!(Operand::Register { reg: RegSpec::sp() }.width(), Some(2));
assert_eq!(Operand::Register { reg: RegSpec::cl() }.width(), Some(1));
assert_eq!(Operand::Register { reg: RegSpec::ch() }.width(), Some(1));
assert_eq!(Operand::Register { reg: RegSpec::gs() }.width(), Some(2));
}
#[test]
fn memory_widths() {
// the register operand directly doesn't report a size - it comes from the `Instruction` for
// which this is an operand.
assert_eq!(Operand::MemDeref { base: RegSpec::esp() }.width(), None);
fn mem_size_of(data: &[u8]) -> MemoryAccessSize {
let decoder = InstDecoder::default();
decoder.decode_slice(data).unwrap().mem_size().unwrap()
}
// and checking the memory size direcly reports correct names
assert_eq!(mem_size_of(&[0x32, 0x00]).size_name(), "byte");
assert_eq!(mem_size_of(&[0x66, 0x33, 0x00]).size_name(), "word");
assert_eq!(mem_size_of(&[0x33, 0x00]).size_name(), "dword");
// "maskmovq mm0, mm1"
assert_eq!(mem_size_of(&[0x0f, 0xf7, 0xc1]).size_name(), "qword");
assert_eq!(mem_size_of(&[0x67, 0x0f, 0xf7, 0xc1]).size_name(), "qword");
// "maskmovdqu xmm0, xmm1"
assert_eq!(mem_size_of(&[0x66, 0x0f, 0xf7, 0xc1]).size_name(), "xmmword");
assert_eq!(mem_size_of(&[0x67, 0x66, 0x0f, 0xf7, 0xc1]).size_name(), "xmmword");
// "vmaskmovdqu xmm0, xmm1"
assert_eq!(mem_size_of(&[0xc4, 0xe1, 0x79, 0xf7, 0xc1]).size_name(), "xmmword");
assert_eq!(mem_size_of(&[0x67, 0xc4, 0xe1, 0x79, 0xf7, 0xc1]).size_name(), "xmmword");
}
#[test]
fn test_implied_memory_width() {
fn mem_size_of(data: &[u8]) -> Option<u8> {
let decoder = InstDecoder::default();
decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size()
}
// test push, pop, call, and ret
assert_eq!(mem_size_of(&[0xc3]), Some(4));
assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(4));
assert_eq!(mem_size_of(&[0x50]), Some(4));
assert_eq!(mem_size_of(&[0x58]), Some(4));
assert_eq!(mem_size_of(&[0x66, 0x50]), Some(4));
assert_eq!(mem_size_of(&[0x66, 0x58]), Some(4));
assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(4));
assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2));
// unlike 64-bit mode, operand-size prefixed call and jump do have a different size: they read
// two bytes.
assert_eq!(mem_size_of(&[0x66, 0xff, 0x10]), Some(2));
assert_eq!(mem_size_of(&[0x66, 0xff, 0x20]), Some(2));
// pushf
assert_eq!(mem_size_of(&[0x9c]), Some(4));
// popf
assert_eq!(mem_size_of(&[0x9d]), Some(4));
// leave
assert_eq!(mem_size_of(&[0xc9]), Some(4));
// xlat
assert_eq!(mem_size_of(&[0xd7]), Some(1));
// push fs
assert_eq!(mem_size_of(&[0x0f, 0xa0]), Some(4));
// pop fs
assert_eq!(mem_size_of(&[0x0f, 0xa1]), Some(4));
// push gs
assert_eq!(mem_size_of(&[0x0f, 0xa8]), Some(4));
// pop gs
assert_eq!(mem_size_of(&[0x0f, 0xa9]), Some(4));
// callf 0xcf23:0x2d62
assert_eq!(mem_size_of(&[0x9a, 0x62, 0x2d, 0x00, 0x00, 0x23, 0xcf]), Some(6));
assert_eq!(mem_size_of(&[0x66, 0x9a, 0x62, 0x2d, 0x23, 0xcf]), Some(4));
}
|
