diff options
| author | Vladislav HrĨka <41523109+nofiv@users.noreply.github.com> | 2019-02-07 22:43:43 +0100 |
|---|---|---|
| committer | serpilliere <serpilliere@users.noreply.github.com> | 2019-02-07 22:43:43 +0100 |
| commit | 4c8a61e8baa33cee185ff2b086c7b3094f99824e (patch) | |
| tree | d7bc7d94031a5b5dde5bf0c3fa1bba696dc8b54a | |
| parent | 5cfdeb7ab8d889232044bb93f2505cfb23c4f92f (diff) | |
| download | miasm-4c8a61e8baa33cee185ff2b086c7b3094f99824e.tar.gz miasm-4c8a61e8baa33cee185ff2b086c7b3094f99824e.zip | |
Support for REP instruction prefix (#956)
* Added function find_path_by_successors The function find_path_by_successors does the same as function find_path, but it searches the paths from src to dst, not vice versa like find_path, which might be more efficient in some cases. * Added support for REP instruction prefix Added support for REP instruction prefix * Added support for REP instruction prefix Added support for REP instruction prefix * Added support for REP prefix According to https://c9x.me/x86/html/file_module_x86_id_279.html 0xF3AD is REP LODSD and not REPE LODSD * Added REP instruction prefix support fix Added REP instruction prefix support fix * Added REP instruction prefix support fix Added REP instruction prefix support and REPNZ, REPZ aliases * Fix of adding REP instruction prefix Fixing https://github.com/cea-sec/miasm/pull/956#discussion_r253361754. I also put https://github.com/nofiv/miasm/edit/master/miasm2/arch/x86/arch.py#diff-f7dd74dede0a04f194dff140d0976b98L739 behind the loop since it seems to be serving similar purpose. * Fix of the added REP intruction prefix Fixing https://github.com/cea-sec/miasm/pull/956#discussion_r253361339 * Discard changes Creating another PR for this * Update arch.py
Diffstat (limited to '')
| -rw-r--r-- | miasm2/arch/x86/arch.py | 42 | ||||
| -rw-r--r-- | miasm2/arch/x86/sem.py | 4 | ||||
| -rw-r--r-- | test/arch/x86/arch.py | 2 |
3 files changed, 27 insertions, 21 deletions
diff --git a/miasm2/arch/x86/arch.py b/miasm2/arch/x86/arch.py index ef7b9ef6..b625647e 100644 --- a/miasm2/arch/x86/arch.py +++ b/miasm2/arch/x86/arch.py @@ -470,7 +470,7 @@ class instruction_x86(instruction): return self.name in ['CALL'] def dstflow2label(self, loc_db): - if self.additional_info.g1.value & 6 and self.name in repeat_mn: + if self.additional_info.g1.value & 14 and self.name in repeat_mn: return expr = self.args[0] if not expr.is_int(): @@ -512,7 +512,7 @@ class instruction_x86(instruction): return self.name in ['CALL'] def getdstflow(self, loc_db): - if self.additional_info.g1.value & 6 and self.name in repeat_mn: + if self.additional_info.g1.value & 14 and self.name in repeat_mn: addr = int(self.offset) loc_key = loc_db.get_or_create_offset_location(addr) return [ExprLoc(loc_key, self.v_opmode())] @@ -549,7 +549,10 @@ class instruction_x86(instruction): if self.additional_info.g1.value & 2: if getattr(self.additional_info.prefixed, 'default', "") != "\xF2": o = "REPNE %s" % o - if self.additional_info.g1.value & 4: + if self.additional_info.g1.value & 8: + if getattr(self.additional_info.prefixed, 'default', "") != "\xF3": + o = "REP %s" % o + elif self.additional_info.g1.value & 4: if getattr(self.additional_info.prefixed, 'default', "") != "\xF3": o = "REPE %s" % o return o @@ -677,12 +680,15 @@ class mn_x86(cls_mn): if prefix == "LOCK": pref |= 1 text = new_s - elif prefix == "REPNE": + elif prefix == "REPNE" or prefix == "REPNZ": pref |= 2 text = new_s - elif prefix == "REPE": + elif prefix == "REPE" or prefix == "REPZ": pref |= 4 text = new_s + elif prefix == "REP": + pref |= 8 + text = new_s c = super(mn_x86, cls).fromstring(text, loc_db, mode) c.additional_info.g1.value = pref return c @@ -713,7 +719,7 @@ class mn_x86(cls_mn): elif c == '\xf2': pre_dis_info['g1'] = 2 elif c == '\xf3': - pre_dis_info['g1'] = 4 + pre_dis_info['g1'] = 12 elif c == '\x2e': pre_dis_info['g2'] = 1 @@ -728,20 +734,20 @@ class mn_x86(cls_mn): elif c == '\x65': pre_dis_info['g2'] = 6 - elif mode == 64 and c in '@ABCDEFGHIJKLMNO': - x = ord(c) - pre_dis_info['rex_p'] = 1 - pre_dis_info['rex_w'] = (x >> 3) & 1 - pre_dis_info['rex_r'] = (x >> 2) & 1 - pre_dis_info['rex_x'] = (x >> 1) & 1 - pre_dis_info['rex_b'] = (x >> 0) & 1 - offset += 1 - break else: - c = '' break pre_dis_info['prefix'] += c offset += 1 + if mode == 64 and c in '@ABCDEFGHIJKLMNO': + x = ord(c) + pre_dis_info['rex_p'] = 1 + pre_dis_info['rex_w'] = (x >> 3) & 1 + pre_dis_info['rex_r'] = (x >> 2) & 1 + pre_dis_info['rex_x'] = (x >> 1) & 1 + pre_dis_info['rex_b'] = (x >> 0) & 1 + offset += 1 + elif pre_dis_info.get('g1', None) == 12 and c in ['\xa6', '\xa7', '\xae', '\xaf']: + pre_dis_info['g1'] = 4 return pre_dis_info, v, mode, offset, offset - offset_o @classmethod @@ -856,7 +862,7 @@ class mn_x86(cls_mn): if hasattr(self, 'no_xmm_pref'): return None v = "\xf2" + v - if self.g1.value & 4: + if self.g1.value & 12: if hasattr(self, 'no_xmm_pref'): return None v = "\xf3" + v @@ -895,7 +901,7 @@ class mn_x86(cls_mn): out = [] for c, v in candidates: if (hasattr(c, 'no_xmm_pref') and - (c.g1.value & 2 or c.g1.value & 4 or c.opmode)): + (c.g1.value & 2 or c.g1.value & 4 or c.g1.value & 8 or c.opmode)): continue if hasattr(c, "fopmode") and v_opmode(c) != c.fopmode.mode: continue diff --git a/miasm2/arch/x86/sem.py b/miasm2/arch/x86/sem.py index aa3da43d..794af2be 100644 --- a/miasm2/arch/x86/sem.py +++ b/miasm2/arch/x86/sem.py @@ -5679,9 +5679,9 @@ class ir_x86_16(IntermediateRepresentation): # end condition if zf_val is None: c_cond = cond_dec - elif instr.additional_info.g1.value & 2: # REPNE + elif instr.additional_info.g1.value & 2: # REPNE and REPNZ c_cond = cond_dec | zf - elif instr.additional_info.g1.value & 4: # REP + elif instr.additional_info.g1.value & 12: # REPE, REP and REPZ c_cond = cond_dec | (zf ^ m2_expr.ExprInt(1, 1)) # gen while diff --git a/test/arch/x86/arch.py b/test/arch/x86/arch.py index 36d6c2c8..d2204d77 100644 --- a/test/arch/x86/arch.py +++ b/test/arch/x86/arch.py @@ -2020,7 +2020,7 @@ reg_tests = [ "F2AE"), (m32, "00000000 REPE SCASB", "F3AE"), - (m32, "00000000 REPE LODSD", + (m32, "00000000 REP LODSD", "F3ad"), (m32, "00000000 RET", |