Add CET instructions (#1003)

* Add CET instructions * Fix RDSSP
author: William Bruneau <william.bruneau@epfedu.fr> 2019-04-05 12:14:39 +0200
committer: serpilliere <serpilliere@users.noreply.github.com> 2019-04-05 12:14:39 +0200
commit: 57ab3d0fc327f23f995ea6000d1077c3f749ef20 (patch)
tree: 5cf423e257a8dafc7629a45e74ed7ec9401a227a
parent: d5ed94165c1143b75185ab80f330df1ca6d94b5a (diff)
download: miasm-57ab3d0fc327f23f995ea6000d1077c3f749ef20.tar.gz
miasm-57ab3d0fc327f23f995ea6000d1077c3f749ef20.zip
3 files changed, 80 insertions, 1 deletions
diff --git a/miasm/arch/x86/arch.py b/miasm/arch/x86/arch.py
index a82fac02..3053301a 100644
--- a/miasm/arch/x86/arch.py
+++ b/miasm/arch/x86/arch.py
@@ -3212,6 +3212,14 @@ class bs_mem(object):
         self.value = v
         return v != 0b11
 
+class bs_reg(object):
+    def encode(self):
+        return self.value == 0b11
+
+    def decode(self, v):
+        self.value = v
+        return v == 0b11
+
 d_imm64 = bs(l=0, fname="imm64")
 
 d_eax = bs(l=0, cls=(bs_eax, ), fname='eax')
@@ -3239,6 +3247,7 @@ msegoff = bs(l=16, cls=(bs_msegoff,), fname="mseg")
 movoff = bs(l=0, cls=(bs_movoff,), fname="off")
 mod = bs(l=2, fname="mod")
 mod_mem = bs(l=2, cls=(bs_mem,), fname="mod")
+mod_reg = bs(l=2, cls=(bs_reg,), fname="mod")
 
 rmreg = bs(l=3, cls=(x86_rm_reg, ), order =1, fname = "reg")
 reg = bs(l=3, cls=(x86_reg, ), order =1, fname = "reg")
@@ -3721,7 +3730,7 @@ addop("lgs", [bs8(0x0f), bs8(0xb5)] + rmmod(rmreg, rm_arg_x=rm_mem, modrm=mod_me
 addop("lgdt", [bs8(0x0f), bs8(0x01)] + rmmod(d2, modrm=mod_mem))
 addop("lidt", [bs8(0x0f), bs8(0x01)] + rmmod(d3, modrm=mod_mem))
 
-addop("lfence", [bs8(0x0f), bs8(0xae), bs8(0xe8)])
+addop("lfence", [bs8(0x0f), bs8(0xae), bs8(0xe8), no_xmm_pref])
 addop("mfence", [bs8(0x0f), bs8(0xae), bs8(0xf0)])
 addop("sfence", [bs8(0x0f), bs8(0xae), bs8(0xf8)])
 
@@ -4620,6 +4629,14 @@ addop("maskmovdqu", [bs8(0x0f), bs8(0xf7), pref_66] +
 
 addop("emms", [bs8(0x0f), bs8(0x77)])
 
+addop("incssp", [pref_f3, bs8(0x0f), bs8(0xae)] + rmmod(d5))
+addop("rdssp", [pref_f3, bs8(0x0f), bs8(0x1e)] + rmmod(d1, modrm=mod_reg))
+addop("saveprevssp", [pref_f3, bs8(0x0f), bs8(0x01), bs8(0xea)])
+addop("rstorssp", [pref_f3, bs8(0x0f), bs8(0x01)] + rmmod(d5, rm_arg_xmm, modrm=mod_mem))
+addop("wrss", [bs8(0x0f), bs8(0x38), bs8(0xf6)] + rmmod(rmreg, rm_arg), [rm_arg, rmreg])
+addop("wruss", [pref_66, bs8(0x0f), bs8(0x38), bs8(0xf5)] + rmmod(rmreg, rm_arg), [rm_arg, rmreg])
+addop("setssbsy", [pref_f3, bs8(0x0f), bs8(0x01), bs8(0xe8)])
+addop("clrssbsy", [pref_f3, bs8(0x0f), bs8(0xae)] + rmmod(d6, rm_arg_xmm))
 addop("endbr64", [pref_f3, bs8(0x0f), bs8(0x1e), bs8(0xfa)])
 addop("endbr32", [pref_f3, bs8(0x0f), bs8(0x1e), bs8(0xfb)])
 
diff --git a/miasm/arch/x86/sem.py b/miasm/arch/x86/sem.py
index b924c44f..1af9359e 100644
--- a/miasm/arch/x86/sem.py
+++ b/miasm/arch/x86/sem.py
@@ -4981,6 +4981,38 @@ def emms(ir, instr):
     # Implemented as a NOP
     return [], []
 
+def incssp(ir, instr, dst):
+    # Implemented as a NOP
+    return [], []
+
+def rdssp(ir, instr, dst):
+    # Implemented as a NOP
+    return [], []
+
+def saveprevssp(ir, instr):
+    # Implemented as a NOP
+    return [], []
+
+def rstorssp(ir, instr, dst):
+    # Implemented as a NOP
+    return [], []
+
+def wrss(ir, instr, src, dst):
+    # Implemented as a NOP
+    return [], []
+
+def wruss(ir, instr, src, dst):
+    # Implemented as a NOP
+    return [], []
+
+def setssbsy(ir, instr):
+    # Implemented as a NOP
+    return [], []
+
+def clrssbsy(ir, instr, dst):
+    # Implemented as a NOP
+    return [], []
+
 def endbr64(ir, instr):
     # Implemented as a NOP
     return [], []
@@ -5635,6 +5667,16 @@ mnemo_func = {'mov': mov,
               "movmskpd": movmskpd,
               "stmxcsr": stmxcsr,
               "ldmxcsr": ldmxcsr,
+
+              # CET (Control-flow Enforcement Technology)
+              "incssp": incssp,
+              "rdssp": rdssp,
+              "saveprevssp": saveprevssp,
+              "rstorssp": rstorssp,
+              "wrss": wrss,
+              "wruss": wruss,
+              "setssbsy": setssbsy,
+              "clrssbsy": clrssbsy,
               "endbr64": endbr64,
               "endbr32": endbr32,
               }
diff --git a/test/arch/x86/arch.py b/test/arch/x86/arch.py
index 202ecac5..68a14036 100644
--- a/test/arch/x86/arch.py
+++ b/test/arch/x86/arch.py
@@ -3097,6 +3097,26 @@ reg_tests = [
     (m32, "00000000    EMMS",
      "0f77"),
 
+    (m64, "00000000    INCSSP     RAX",
+     "f3480faee8"),
+    (m64, "00000000    INCSSP     EAX",
+     "f30faee8"),
+    (m64, "00000000    RDSSP      EAX",
+     "f30f1ec8"),
+    (m64, "00000000    RDSSP      RAX",
+     "f3480f1ec8"),
+    (m64, "00000000    SAVEPREVSSP",
+     "f30f01ea"),
+    (m64, "00000000    RSTORSSP   XMMWORD PTR [RAX]",
+     "f30f0128"),
+    (m64, "00000000    WRSS       QWORD PTR [0x1234], RDX",
+     "480f38f6142534120000"),
+    (m64, "00000000    WRUSS      DWORD PTR [EAX], EAX",
+     "67660f38f500"),
+    (m64, "00000000    SETSSBSY",
+     "f30f01e8"),
+    (m64, "00000000    CLRSSBSY   XMMWORD PTR [RAX]",
+     "f30fae30"),
     (m64, "00000000    ENDBR64",
      "f30f1efa"),
     (m32, "00000000    ENDBR32",
author	William Bruneau <william.bruneau@epfedu.fr>	2019-04-05 12:14:39 +0200
committer	serpilliere <serpilliere@users.noreply.github.com>	2019-04-05 12:14:39 +0200
commit	57ab3d0fc327f23f995ea6000d1077c3f749ef20 (patch)
tree	5cf423e257a8dafc7629a45e74ed7ec9401a227a
parent	d5ed94165c1143b75185ab80f330df1ca6d94b5a (diff)
download	miasm-57ab3d0fc327f23f995ea6000d1077c3f749ef20.tar.gz miasm-57ab3d0fc327f23f995ea6000d1077c3f749ef20.zip