diff options
Diffstat (limited to 'miasm2/arch')
| -rw-r--r-- | miasm2/arch/msp430/ctype.py | 68 | ||||
| -rw-r--r-- | miasm2/arch/x86/arch.py | 110 | ||||
| -rw-r--r-- | miasm2/arch/x86/regs.py | 3 | ||||
| -rw-r--r-- | miasm2/arch/x86/sem.py | 113 |
4 files changed, 270 insertions, 24 deletions
diff --git a/miasm2/arch/msp430/ctype.py b/miasm2/arch/msp430/ctype.py new file mode 100644 index 00000000..adb0a953 --- /dev/null +++ b/miasm2/arch/msp430/ctype.py @@ -0,0 +1,68 @@ +from miasm2.core.objc import CLeafTypes, ObjCDecl, PADDING_TYPE_NAME +from miasm2.core.ctypesmngr import CTypeId, CTypePtr + + +class CTypeMSP430_unk(CLeafTypes): + """Define C types sizes/alignement for msp430 architecture""" + + obj_pad = ObjCDecl(PADDING_TYPE_NAME, 1, 1) # __padding__ is size 1/align 1 + + obj_char = ObjCDecl("char", 1, 1) + obj_short = ObjCDecl("short", 2, 2) + obj_int = ObjCDecl("int", 2, 2) + obj_long = ObjCDecl("long", 2, 2) + + obj_uchar = ObjCDecl("uchar", 1, 1) + obj_ushort = ObjCDecl("ushort", 2, 2) + obj_uint = ObjCDecl("uint", 2, 2) + obj_ulong = ObjCDecl("ulong", 2, 2) + + obj_void = ObjCDecl("void", 1, 1) + + obj_enum = ObjCDecl("enum", 2, 2) + + obj_float = ObjCDecl("float", 4, 4) + obj_double = ObjCDecl("double", 8, 8) + obj_ldouble = ObjCDecl("ldouble", 16, 16) + + def __init__(self): + self.types = { + CTypeId(PADDING_TYPE_NAME): self.obj_pad, + + CTypeId('char'): self.obj_char, + CTypeId('short'): self.obj_short, + CTypeId('int'): self.obj_int, + CTypeId('void'): self.obj_void, + CTypeId('long',): self.obj_long, + CTypeId('float'): self.obj_float, + CTypeId('double'): self.obj_double, + + CTypeId('signed', 'char'): self.obj_char, + CTypeId('unsigned', 'char'): self.obj_uchar, + + CTypeId('short', 'int'): self.obj_short, + CTypeId('signed', 'short'): self.obj_short, + CTypeId('signed', 'short', 'int'): self.obj_short, + CTypeId('unsigned', 'short'): self.obj_ushort, + CTypeId('unsigned', 'short', 'int'): self.obj_ushort, + + CTypeId('unsigned', ): self.obj_uint, + CTypeId('unsigned', 'int'): self.obj_uint, + CTypeId('signed', 'int'): self.obj_int, + + CTypeId('long', 'int'): self.obj_long, + CTypeId('long', 'long'): self.obj_long, + CTypeId('long', 'long', 'int'): self.obj_long, + CTypeId('signed', 'long', 'long'): self.obj_long, + CTypeId('unsigned', 'long', 'long'): self.obj_ulong, + CTypeId('signed', 'long', 'long', 'int'): self.obj_long, + CTypeId('unsigned', 'long', 'long', 'int'): self.obj_ulong, + + CTypeId('signed', 'long'): self.obj_long, + CTypeId('unsigned', 'long'): self.obj_ulong, + CTypeId('signed', 'long', 'int'): self.obj_long, + CTypeId('unsigned', 'long', 'int'): self.obj_ulong, + + CTypeId('long', 'double'): self.obj_ldouble, + CTypePtr(CTypeId('void')): self.obj_uint, + } diff --git a/miasm2/arch/x86/arch.py b/miasm2/arch/x86/arch.py index 6725f5bc..13c06ae6 100644 --- a/miasm2/arch/x86/arch.py +++ b/miasm2/arch/x86/arch.py @@ -134,7 +134,7 @@ RBRACK = Suppress("]") dbreg = Group(gpregs16.parser | gpregs32.parser | gpregs64.parser) gpreg = (gpregs08.parser | gpregs08_64.parser | gpregs16.parser | gpregs32.parser | gpregs64.parser | gpregs_xmm.parser | - gpregs_mm.parser) + gpregs_mm.parser | gpregs_bnd.parser) def reg2exprid(r): @@ -304,7 +304,8 @@ rmarg = Group(gpregs08.parser | gpregs32.parser | gpregs64.parser | gpregs_mm.parser | - gpregs_xmm.parser + gpregs_xmm.parser | + gpregs_bnd.parser ).setParseAction(getreg) rmarg |= deref_mem @@ -1712,8 +1713,10 @@ def test_addr_size(ptr, size): SIZE2XMMREG = {64:gpregs_mm, 128:gpregs_xmm} +SIZE2BNDREG = {64:gpregs_mm, + 128:gpregs_bnd} -def parse_mem(expr, parent, w8, sx=0, xmm=0, mm=0): +def parse_mem(expr, parent, w8, sx=0, xmm=0, mm=0, bnd=0): dct_expr = {} opmode = parent.v_opmode() if expr.is_mem_segm() and expr.arg.args[0].is_int(): @@ -1780,17 +1783,23 @@ def parse_mem(expr, parent, w8, sx=0, xmm=0, mm=0): out = [dct_expr] return out, segm, True -def expr2modrm(expr, parent, w8, sx=0, xmm=0, mm=0): +def expr2modrm(expr, parent, w8, sx=0, xmm=0, mm=0, bnd=0): dct_expr = {f_isad : False} - if mm or xmm: + if mm or xmm or bnd: if mm and expr.size != 64: return None, None, False elif xmm and expr.size != 128: return None, None, False + elif bnd and expr.size != 128: + return None, None, False if isinstance(expr, ExprId): - selreg = SIZE2XMMREG[expr.size] + if bnd: + size2reg = SIZE2BNDREG + else: + size2reg = SIZE2XMMREG + selreg = size2reg[expr.size] if not expr in selreg.expr: return None, None, False i = selreg.expr.index(expr) @@ -1828,6 +1837,13 @@ def expr2modrm(expr, parent, w8, sx=0, xmm=0, mm=0): return [dct_expr], None, True else: return None, None, False + if bnd: + if expr in gpregs_bnd.expr: + i = gpregs_bnd.expr.index(expr) + dct_expr[i] = 1 + return [dct_expr], None, True + else: + return None, None, False if mm: if expr in gpregs_mm.expr: i = gpregs_mm.expr.index(expr) @@ -1858,9 +1874,9 @@ def expr2modrm(expr, parent, w8, sx=0, xmm=0, mm=0): return None, None, False dct_expr[i] = 1 return [dct_expr], None, True - return parse_mem(expr, parent, w8, sx, xmm, mm) + return parse_mem(expr, parent, w8, sx, xmm, mm, bnd) -def modrm2expr(modrm, parent, w8, sx=0, xmm=0, mm=0): +def modrm2expr(modrm, parent, w8, sx=0, xmm=0, mm=0, bnd=0): o = [] if not modrm[f_isad]: modrm_k = [x[0] for x in modrm.iteritems() if x[1] == 1] @@ -1879,6 +1895,8 @@ def modrm2expr(modrm, parent, w8, sx=0, xmm=0, mm=0): expr = gpregs_xmm.expr[modrm_k] elif mm: expr = gpregs_mm.expr[modrm_k] + elif bnd: + expr = gpregs_bnd.expr[modrm_k] elif opmode == 8 and (parent.v_opmode() == 64 or parent.rex_p.value == 1): expr = gpregs08_64.expr[modrm_k] else: @@ -1907,6 +1925,8 @@ def modrm2expr(modrm, parent, w8, sx=0, xmm=0, mm=0): opmode = 128 elif mm: opmode = 64 + elif bnd: + opmode = 128 expr = ExprMem(expr, size=opmode) return expr @@ -2326,11 +2346,12 @@ class x86_rm_mm(x86_rm_m80): msize = 64 is_mm = True is_xmm = False + is_bnd = False def decode(self, v): p = self.parent xx = self.get_modrm() - expr = modrm2expr(xx, p, 0, 0, self.is_xmm, self.is_mm) + expr = modrm2expr(xx, p, 0, 0, self.is_xmm, self.is_mm, self.is_bnd) if isinstance(expr, ExprMem): if self.msize is None: return False @@ -2356,7 +2377,8 @@ class x86_rm_mm(x86_rm_m80): elif self.is_mm: expr = ExprMem(expr.arg, 64) - v_cand, segm, ok = expr2modrm(expr, p, 0, 0, self.is_xmm, self.is_mm) + v_cand, segm, ok = expr2modrm(expr, p, 0, 0, self.is_xmm, self.is_mm, + self.is_bnd) for x in self.gen_cand(v_cand, p.v_admode()): yield x @@ -2382,6 +2404,11 @@ class x86_rm_xmm_m64(x86_rm_mm): is_mm = False is_xmm = True +class x86_rm_xmm_m128(x86_rm_mm): + msize = 128 + is_mm = False + is_xmm = True + class x86_rm_xmm_reg(x86_rm_mm): msize = None @@ -2393,6 +2420,35 @@ class x86_rm_mm_reg(x86_rm_mm): is_mm = True is_xmm = False + +class x86_rm_bnd(x86_rm_mm): + msize = 128 + is_mm = False + is_xmm = False + is_bnd = True + + +class x86_rm_bnd_reg(x86_rm_mm): + msize = None + is_mm = False + is_xmm = False + is_bnd = True + + +class x86_rm_bnd_m64(x86_rm_mm): + msize = 64 + is_mm = False + is_xmm = False + is_bnd = True + + +class x86_rm_bnd_m128(x86_rm_mm): + msize = 128 + is_mm = False + is_xmm = False + is_bnd = True + + class x86_rm_reg_noarg(object): prio = default_prio + 1 @@ -2511,6 +2567,9 @@ class x86_rm_reg_mm(x86_rm_reg_noarg, m_arg): class x86_rm_reg_xmm(x86_rm_reg_mm): selreg = gpregs_xmm +class x86_rm_reg_bnd(x86_rm_reg_mm): + selreg = gpregs_bnd + class x86_rm_reg(x86_rm_reg_noarg, m_arg): pass @@ -3196,6 +3255,7 @@ drreg = bs(l=3, cls=(x86_rm_dr, ), order =1, fname = "reg") mm_reg = bs(l=3, cls=(x86_rm_reg_mm, ), order =1, fname = "reg") xmm_reg = bs(l=3, cls=(x86_rm_reg_xmm, ), order =1, fname = "reg") +bnd_reg = bs(l=3, cls=(x86_rm_reg_bnd, ), order =1, fname = "reg") fltreg = bs(l=3, cls=(x86_rm_flt, ), order =1, fname = "reg") @@ -3226,8 +3286,15 @@ rm_arg_mm_reg = bs(l=0, cls=(x86_rm_mm_reg,), fname='rmarg') rm_arg_xmm = bs(l=0, cls=(x86_rm_xmm,), fname='rmarg') rm_arg_xmm_m32 = bs(l=0, cls=(x86_rm_xmm_m32,), fname='rmarg') rm_arg_xmm_m64 = bs(l=0, cls=(x86_rm_xmm_m64,), fname='rmarg') +rm_arg_xmm_m128 = bs(l=0, cls=(x86_rm_xmm_m128,), fname='rmarg') rm_arg_xmm_reg = bs(l=0, cls=(x86_rm_xmm_reg,), fname='rmarg') +rm_arg_bnd = bs(l=0, cls=(x86_rm_bnd,), fname='rmarg') +rm_arg_bnd_m64 = bs(l=0, cls=(x86_rm_bnd_m64,), fname='rmarg') +rm_arg_bnd_m128 = bs(l=0, cls=(x86_rm_bnd_m128,), fname='rmarg') +rm_arg_bnd_reg = bs(l=0, cls=(x86_rm_bnd_reg,), fname='rmarg') + + swapargs = bs_swapargs(l=1, fname="swap", mn_mod=range(1 << 1)) @@ -3353,6 +3420,17 @@ addop("and", [bs("100000"), se, w8] + rmmod(d4, rm_arg_w8) + [d_imm]) addop("and", [bs("001000"), swapargs, w8] + rmmod(rmreg, rm_arg_w8), [rm_arg_w8, rmreg]) +addop("bndmov", [bs8(0x0f), bs8(0x1a), pref_66, bs_modeno64] + + rmmod(bnd_reg, rm_arg_bnd_m64), [bnd_reg, rm_arg_bnd_m64]) +addop("bndmov", [bs8(0x0f), bs8(0x1a), pref_66, bs_mode64] + + rmmod(bnd_reg, rm_arg_bnd_m128), [bnd_reg, rm_arg_bnd_m128]) +addop("bndmov", [bs8(0x0f), bs8(0x1b), pref_66, bs_modeno64] + + rmmod(bnd_reg, rm_arg_bnd_m64), [rm_arg_bnd_m64, bnd_reg]) +addop("bndmov", [bs8(0x0f), bs8(0x1b), pref_66, bs_mode64] + + rmmod(bnd_reg, rm_arg_bnd_m128), [rm_arg_bnd_m128, bnd_reg]) + + + addop("bsf", [bs8(0x0f), bs8(0xbc)] + rmmod(rmreg)) addop("bsr", [bs8(0x0f), bs8(0xbd), mod, rmreg, rm, sib_scale, sib_index, sib_base, disp, rm_arg]) @@ -3645,6 +3723,8 @@ addop("lgdt", [bs8(0x0f), bs8(0x01)] + rmmod(d2, modrm=mod_mem)) addop("lidt", [bs8(0x0f), bs8(0x01)] + rmmod(d3, modrm=mod_mem)) addop("lfence", [bs8(0x0f), bs8(0xae), bs8(0xe8)]) +addop("mfence", [bs8(0x0f), bs8(0xae), bs8(0xf0)]) +addop("sfence", [bs8(0x0f), bs8(0xae), bs8(0xf8)]) addop("leave", [bs8(0xc9), stk]) @@ -4138,6 +4218,11 @@ addop("cvttsd2si",[bs8(0x0f), bs8(0x2c), pref_f2] addop("cvttss2si",[bs8(0x0f), bs8(0x2c), pref_f3] + rmmod(reg, rm_arg_xmm_m32)) +addop("palignr", [bs8(0x0f), bs8(0x73), bs8(0x0f), no_xmm_pref] + + rmmod(mm_reg, rm_arg_mm_m64) + [u08], [mm_reg, rm_arg_mm_m64, u08]) +addop("palignr", [bs8(0x0f), bs8(0x3a), bs8(0x0f), pref_66] + + rmmod(xmm_reg, rm_arg_xmm_m128) + [u08], [xmm_reg, rm_arg_xmm_m128, u08]) + addop("psrlq", [bs8(0x0f), bs8(0x73), no_xmm_pref] + rmmod(d2, rm_arg_mm) + [u08], [rm_arg_mm, u08]) addop("psrlq", [bs8(0x0f), bs8(0x73), pref_66] + @@ -4249,6 +4334,11 @@ addop("pcmpeqd", [bs8(0x0f), bs8(0x76), no_xmm_pref] + addop("pcmpeqd", [bs8(0x0f), bs8(0x76), pref_66] + rmmod(xmm_reg, rm_arg_xmm)) +addop("pcmpgtb", [bs8(0x0f), bs8(0x64), no_xmm_pref] + + rmmod(mm_reg, rm_arg_mm)) +addop("pcmpgtb", [bs8(0x0f), bs8(0x64), pref_66] + + rmmod(xmm_reg, rm_arg_xmm)) + addop("pcmpgtd", [bs8(0x0f), bs8(0x66), no_xmm_pref] + rmmod(mm_reg, rm_arg_mm)) addop("pcmpgtd", [bs8(0x0f), bs8(0x66), pref_66] + diff --git a/miasm2/arch/x86/regs.py b/miasm2/arch/x86/regs.py index 5db75e37..cb7e0d7b 100644 --- a/miasm2/arch/x86/regs.py +++ b/miasm2/arch/x86/regs.py @@ -40,6 +40,8 @@ regs_xmm_expr = [ExprId(x, 128) for x in regs_xmm_str] regs_mm_str = ["MM%d" % i for i in xrange(16)] regs_mm_expr = [ExprId(x, 64) for x in regs_mm_str] +regs_bnd_str = ["BND%d" % i for i in xrange(4)] +regs_bnd_expr = [ExprId(x, 128) for x in regs_bnd_str] gpregs08 = reg_info(regs08_str, regs08_expr) gpregs08_64 = reg_info(regs08_64_str, regs08_64_expr) @@ -49,6 +51,7 @@ gpregs64 = reg_info(regs64_str, regs64_expr) gpregs_xmm = reg_info(regs_xmm_str, regs_xmm_expr) gpregs_mm = reg_info(regs_mm_str, regs_mm_expr) +gpregs_bnd = reg_info(regs_bnd_str, regs_bnd_expr) r08_eax = reg_info([regs08_str[0]], [regs08_expr[0]]) r16_eax = reg_info([regs16_str[0]], [regs16_expr[0]]) diff --git a/miasm2/arch/x86/sem.py b/miasm2/arch/x86/sem.py index 81da8107..56aca1c2 100644 --- a/miasm2/arch/x86/sem.py +++ b/miasm2/arch/x86/sem.py @@ -2626,11 +2626,34 @@ def nop(_, instr, a=None): return [], [] +def prefetch0(_, instr, src=None): + # see 4-198 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + + +def prefetch1(_, instr, src=None): + # see 4-198 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + + +def prefetch2(_, instr, src=None): + # see 4-198 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + + def prefetchw(_, instr, src=None): # see 4-201 on this documentation # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf return [], [] +def prefetchnta(_, instr, src=None): + # see 4-201 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + def lfence(_, instr, src=None): # see 3-485 on this documentation @@ -2638,6 +2661,18 @@ def lfence(_, instr, src=None): return [], [] +def mfence(_, instr, src=None): + # see 3-516 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + + +def sfence(_, instr, src=None): + # see 3-356 on this documentation + # https://www-ssl.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf + return [], [] + + def ud2(_, instr, src=None): e = [m2_expr.ExprAff(exception_flags, m2_expr.ExprInt( EXCEPT_ILLEGAL_INSN, exception_flags.size))] @@ -3245,23 +3280,17 @@ def xorps(_, instr, dst, src): def rdmsr(ir, instr): - msr_addr = m2_expr.ExprId('MSR') + m2_expr.ExprInt( - 0, - 8) * mRCX[instr.mode][:32] + msr_addr = m2_expr.ExprId('MSR', 64) + m2_expr.ExprInt(8, 64) * mRCX[32].zeroExtend(64) e = [] - e.append( - m2_expr.ExprAff(mRAX[instr.mode][:32], ir.ExprMem(msr_addr, 32))) - e.append(m2_expr.ExprAff(mRDX[instr.mode][:32], m2_expr.ExprMem( - msr_addr + m2_expr.ExprInt(4, msr_addr.size), 32))) + e.append(m2_expr.ExprAff(mRAX[32], ir.ExprMem(msr_addr, 32))) + e.append(m2_expr.ExprAff(mRDX[32], ir.ExprMem(msr_addr + m2_expr.ExprInt(4, 64), 32))) return e, [] def wrmsr(ir, instr): - msr_addr = m2_expr.ExprId('MSR') + m2_expr.ExprInt( - 8, - 32) * mRCX[instr.mode][:32] + msr_addr = m2_expr.ExprId('MSR', 64) + m2_expr.ExprInt(8, 64) * mRCX[32].zeroExtend(64) e = [] - src = m2_expr.ExprCompose(mRAX[instr.mode][:32], mRDX[instr.mode][:32]) + src = m2_expr.ExprCompose(mRAX[32], mRDX[32]) e.append(m2_expr.ExprAff(ir.ExprMem(msr_addr, 64), src)) return e, [] @@ -3647,6 +3676,21 @@ def ucomiss(_, instr, src1, src2): return e, [] +def ucomisd(_, instr, src1, src2): + e = [] + e.append(m2_expr.ExprAff(zf, m2_expr.ExprOp( + 'ucomisd_zf', src1[:64], src2[:64]))) + e.append(m2_expr.ExprAff(pf, m2_expr.ExprOp( + 'ucomisd_pf', src1[:64], src2[:64]))) + e.append(m2_expr.ExprAff(cf, m2_expr.ExprOp( + 'ucomisd_cf', src1[:64], src2[:64]))) + + e.append(m2_expr.ExprAff(of, m2_expr.ExprInt(0, 1))) + e.append(m2_expr.ExprAff(af, m2_expr.ExprInt(0, 1))) + e.append(m2_expr.ExprAff(nf, m2_expr.ExprInt(0, 1))) + + return e, [] + def pshufb(_, instr, dst, src): e = [] @@ -3749,6 +3793,16 @@ def pslldq(_, instr, dst, src): return [m2_expr.ExprAff(dst, dst << m2_expr.ExprInt(8 * count, dst.size))], [] +def psrldq(_, instr, dst, src): + assert src.is_int() + e = [] + count = int(src) + if count > 15: + return [m2_expr.ExprAff(dst, m2_expr.ExprInt(0, dst.size))], [] + else: + return [m2_expr.ExprAff(dst, dst >> m2_expr.ExprInt(8 * count, dst.size))], [] + + def iret(ir, instr): """IRET implementation XXX: only support "no-privilege change" @@ -4090,6 +4144,29 @@ def smsw(ir, instr, dst): return e, [] +def bndmov(ir, instr, dst, src): + # Implemented as a NOP, because BND side effects are not yet supported + return [], [] + +def palignr(ir, instr, dst, src, imm): + # dst.src >> imm * 8 [:dst.size] + + shift = int(imm) * 8 + if shift == 0: + result = src + elif shift == src.size: + result = dst + elif shift > src.size: + result = dst >> m2_expr.ExprInt(shift - src.size, dst.size) + else: + # shift < src.size + result = m2_expr.ExprCompose( + src[shift:], + dst[:shift], + ) + + return [m2_expr.ExprAff(dst, result)], [] + mnemo_func = {'mov': mov, 'xchg': xchg, @@ -4263,8 +4340,14 @@ mnemo_func = {'mov': mov, 'fcomip': fcomip, 'nop': nop, 'ud2': ud2, + 'prefetch0': prefetch0, + 'prefetch1': prefetch1, + 'prefetch2': prefetch2, 'prefetchw': prefetchw, + 'prefetchnta': prefetchnta, 'lfence': lfence, + 'mfence': mfence, + 'sfence': sfence, 'fnop': nop, # XXX 'hlt': hlt, 'rdtsc': rdtsc, @@ -4439,9 +4522,7 @@ mnemo_func = {'mov': mov, "cvttss2si": cvttss2si, - - - + "bndmov": bndmov, @@ -4449,6 +4530,7 @@ mnemo_func = {'mov': mov, "movss": movss, "ucomiss": ucomiss, + "ucomisd": ucomisd, # # MMX/AVX/SSE operations @@ -4520,6 +4602,9 @@ mnemo_func = {'mov': mov, "pslld": pslld, "psllq": psllq, "pslldq": pslldq, + "psrldq": psrldq, + + "palignr": palignr, "pmaxub": pmaxub, "pmaxuw": pmaxuw, |