diff options
| -rw-r--r-- | miasm/arch/x86/arch.py | 19 | ||||
| -rw-r--r-- | miasm/arch/x86/sem.py | 42 | ||||
| -rw-r--r-- | test/arch/x86/arch.py | 20 |
3 files changed, 80 insertions, 1 deletions
diff --git a/miasm/arch/x86/arch.py b/miasm/arch/x86/arch.py index a82fac02..3053301a 100644 --- a/miasm/arch/x86/arch.py +++ b/miasm/arch/x86/arch.py @@ -3212,6 +3212,14 @@ class bs_mem(object): self.value = v return v != 0b11 +class bs_reg(object): + def encode(self): + return self.value == 0b11 + + def decode(self, v): + self.value = v + return v == 0b11 + d_imm64 = bs(l=0, fname="imm64") d_eax = bs(l=0, cls=(bs_eax, ), fname='eax') @@ -3239,6 +3247,7 @@ msegoff = bs(l=16, cls=(bs_msegoff,), fname="mseg") movoff = bs(l=0, cls=(bs_movoff,), fname="off") mod = bs(l=2, fname="mod") mod_mem = bs(l=2, cls=(bs_mem,), fname="mod") +mod_reg = bs(l=2, cls=(bs_reg,), fname="mod") rmreg = bs(l=3, cls=(x86_rm_reg, ), order =1, fname = "reg") reg = bs(l=3, cls=(x86_reg, ), order =1, fname = "reg") @@ -3721,7 +3730,7 @@ addop("lgs", [bs8(0x0f), bs8(0xb5)] + rmmod(rmreg, rm_arg_x=rm_mem, modrm=mod_me addop("lgdt", [bs8(0x0f), bs8(0x01)] + rmmod(d2, modrm=mod_mem)) addop("lidt", [bs8(0x0f), bs8(0x01)] + rmmod(d3, modrm=mod_mem)) -addop("lfence", [bs8(0x0f), bs8(0xae), bs8(0xe8)]) +addop("lfence", [bs8(0x0f), bs8(0xae), bs8(0xe8), no_xmm_pref]) addop("mfence", [bs8(0x0f), bs8(0xae), bs8(0xf0)]) addop("sfence", [bs8(0x0f), bs8(0xae), bs8(0xf8)]) @@ -4620,6 +4629,14 @@ addop("maskmovdqu", [bs8(0x0f), bs8(0xf7), pref_66] + addop("emms", [bs8(0x0f), bs8(0x77)]) +addop("incssp", [pref_f3, bs8(0x0f), bs8(0xae)] + rmmod(d5)) +addop("rdssp", [pref_f3, bs8(0x0f), bs8(0x1e)] + rmmod(d1, modrm=mod_reg)) +addop("saveprevssp", [pref_f3, bs8(0x0f), bs8(0x01), bs8(0xea)]) +addop("rstorssp", [pref_f3, bs8(0x0f), bs8(0x01)] + rmmod(d5, rm_arg_xmm, modrm=mod_mem)) +addop("wrss", [bs8(0x0f), bs8(0x38), bs8(0xf6)] + rmmod(rmreg, rm_arg), [rm_arg, rmreg]) +addop("wruss", [pref_66, bs8(0x0f), bs8(0x38), bs8(0xf5)] + rmmod(rmreg, rm_arg), [rm_arg, rmreg]) +addop("setssbsy", [pref_f3, bs8(0x0f), bs8(0x01), bs8(0xe8)]) +addop("clrssbsy", [pref_f3, bs8(0x0f), bs8(0xae)] + rmmod(d6, rm_arg_xmm)) addop("endbr64", [pref_f3, bs8(0x0f), bs8(0x1e), bs8(0xfa)]) addop("endbr32", [pref_f3, bs8(0x0f), bs8(0x1e), bs8(0xfb)]) diff --git a/miasm/arch/x86/sem.py b/miasm/arch/x86/sem.py index b924c44f..1af9359e 100644 --- a/miasm/arch/x86/sem.py +++ b/miasm/arch/x86/sem.py @@ -4981,6 +4981,38 @@ def emms(ir, instr): # Implemented as a NOP return [], [] +def incssp(ir, instr, dst): + # Implemented as a NOP + return [], [] + +def rdssp(ir, instr, dst): + # Implemented as a NOP + return [], [] + +def saveprevssp(ir, instr): + # Implemented as a NOP + return [], [] + +def rstorssp(ir, instr, dst): + # Implemented as a NOP + return [], [] + +def wrss(ir, instr, src, dst): + # Implemented as a NOP + return [], [] + +def wruss(ir, instr, src, dst): + # Implemented as a NOP + return [], [] + +def setssbsy(ir, instr): + # Implemented as a NOP + return [], [] + +def clrssbsy(ir, instr, dst): + # Implemented as a NOP + return [], [] + def endbr64(ir, instr): # Implemented as a NOP return [], [] @@ -5635,6 +5667,16 @@ mnemo_func = {'mov': mov, "movmskpd": movmskpd, "stmxcsr": stmxcsr, "ldmxcsr": ldmxcsr, + + # CET (Control-flow Enforcement Technology) + "incssp": incssp, + "rdssp": rdssp, + "saveprevssp": saveprevssp, + "rstorssp": rstorssp, + "wrss": wrss, + "wruss": wruss, + "setssbsy": setssbsy, + "clrssbsy": clrssbsy, "endbr64": endbr64, "endbr32": endbr32, } diff --git a/test/arch/x86/arch.py b/test/arch/x86/arch.py index 202ecac5..68a14036 100644 --- a/test/arch/x86/arch.py +++ b/test/arch/x86/arch.py @@ -3097,6 +3097,26 @@ reg_tests = [ (m32, "00000000 EMMS", "0f77"), + (m64, "00000000 INCSSP RAX", + "f3480faee8"), + (m64, "00000000 INCSSP EAX", + "f30faee8"), + (m64, "00000000 RDSSP EAX", + "f30f1ec8"), + (m64, "00000000 RDSSP RAX", + "f3480f1ec8"), + (m64, "00000000 SAVEPREVSSP", + "f30f01ea"), + (m64, "00000000 RSTORSSP XMMWORD PTR [RAX]", + "f30f0128"), + (m64, "00000000 WRSS QWORD PTR [0x1234], RDX", + "480f38f6142534120000"), + (m64, "00000000 WRUSS DWORD PTR [EAX], EAX", + "67660f38f500"), + (m64, "00000000 SETSSBSY", + "f30f01e8"), + (m64, "00000000 CLRSSBSY XMMWORD PTR [RAX]", + "f30fae30"), (m64, "00000000 ENDBR64", "f30f1efa"), (m32, "00000000 ENDBR32", |