def __get_loopcc_implicit_operand(arch_mode):
if arch_mode == ARCH_X86_MODE_32:
oprnd = X86RegisterOperand('ecx', 32)
elif arch_mode == ARCH_X86_MODE_64:
oprnd = X86RegisterOperand('rcx', 64)
return oprnd
def __get_source_register(arch_mode):
if arch_mode == ARCH_X86_MODE_32:
src_reg = X86RegisterOperand('esi', 32)
elif arch_mode == ARCH_X86_MODE_64:
src_reg = X86RegisterOperand('rsi', 64)
else:
raise Exception('Invalid architecture mode')
return src_reg
def __get_destination_register(arch_mode):
if arch_mode == ARCH_X86_MODE_32:
dst_reg = X86RegisterOperand('edi', 32)
elif arch_mode == ARCH_X86_MODE_64:
dst_reg = X86RegisterOperand('rdi', 64)
else:
raise Exception('Invalid architecture mode')
return dst_reg
def __get_cmpxchg_implicit_operand(size):
if size == 8:
oprnd = X86RegisterOperand('al', 8)
elif size == 16:
oprnd = X86RegisterOperand('ax', 16)
elif size == 32:
oprnd = X86RegisterOperand('eax', 32)
elif size == 64:
oprnd = X86RegisterOperand('rax', 64)
else:
raise Exception('Invalid operand size')
return oprnd
def __get_accumulator_register(size):
if size == 8:
accum_reg = X86RegisterOperand('al', 8)
elif size == 16:
accum_reg = X86RegisterOperand('ax', 16)
elif size == 32:
accum_reg = X86RegisterOperand('eax', 32)
elif size == 64:
accum_reg = X86RegisterOperand('rax', 64)
else:
raise Exception('Invalid size')
return accum_reg
def __get_counter_register(size):
# Define counter register.
if size == 8:
counter_reg = X86RegisterOperand('cl', 8)
elif size == 16:
counter_reg = X86RegisterOperand('cx', 16)
elif size == 32:
counter_reg = X86RegisterOperand('ecx', 32)
elif size == 64:
counter_reg = X86RegisterOperand('rcx', 64)
else:
raise Exception('Invalid size')
return counter_reg
def parse_operand(string, location, tokens):
"""Parse an x86 instruction operand.
"""
mod = " ".join(tokens.get("modifier", ""))
if "immediate" in tokens:
imm = parse_immediate("".join(tokens["immediate"]))
size = modifier_size.get(mod, None)
oprnd = X86ImmediateOperand(imm, size)
if "register" in tokens:
name = tokens["register"]
size = arch_info.registers_size[tokens["register"]]
oprnd = X86RegisterOperand(name, size)
if "memory" in tokens:
seg_reg = tokens.get("segment", None)
base_reg = tokens.get("base", None)
index_reg = tokens.get("index", None)
scale_imm = int(tokens.get("scale", "0x1"), 16)
displ_imm = int("".join(tokens.get("displacement", "0x0")), 16)
oprnd = X86MemoryOperand(seg_reg, base_reg, index_reg, scale_imm,
displ_imm)
oprnd.modifier = mod
if not oprnd.size and oprnd.modifier:
oprnd.size = modifier_size[oprnd.modifier]
return oprnd
def _translate_cdq(self, tb, instruction):
# Flags Affected
# None.
eax = X86RegisterOperand("eax", 32)
edx = X86RegisterOperand("edx", 32)
oprnd1 = tb.read(eax)
tmp0 = tb.temporal(64)
tmp1 = tb.temporal(32)
imm32 = tb.immediate(-32, 64)
tb.add(self._builder.gen_sext(oprnd1, tmp0))
tb.add(self._builder.gen_bsh(tmp0, imm32, tmp1))
tb.write(edx, tmp1) # if in 64 bit mode, it zeros the upper half of rdx.
def __get_cdqe_implicit_operands():
oprnd0 = X86RegisterOperand('eax', 32)
oprnd1 = X86RegisterOperand('rax', 64)
return oprnd0, oprnd1
def _translate_cmpxchg(self, tb, instruction):
# Flags Affected
# The ZF flag is set if the values in the destination operand
# and register AL, AX, or EAX are equal; otherwise it is
# cleared. The CF, PF, AF, SF, and OF flags are set according
# to the results of the comparison operation.
# Accumulator = AL, AX, EAX, or RAX depending on whether a byte,
# word, doubleword, or quadword comparison is being performed
# IF accumulator = DEST
# THEN
# ZF <- 1;
# DEST <- SRC;
# ELSE
# ZF <- 0;
# accumulator <- DEST;
# FI;
oprnd0 = tb.read(instruction.operands[0])
oprnd1 = tb.read(instruction.operands[1])
# Define immediate registers
end_addr = ReilImmediateOperand(
(instruction.address + instruction.size) << 8,
self._arch_info.address_size + 8)
# Define accum register.
if oprnd0.size == 8:
accum = ReilRegisterOperand("al", 8)
accum_x86 = X86RegisterOperand("al", 8)
elif oprnd0.size == 16:
accum = ReilRegisterOperand("ax", 16)
accum_x86 = X86RegisterOperand("ax", 16)
elif oprnd0.size == 32:
accum = ReilRegisterOperand("eax", 32)
accum_x86 = X86RegisterOperand("eax", 32)
elif oprnd0.size == 64:
accum = ReilRegisterOperand("rax", 64)
accum_x86 = X86RegisterOperand("rax", 64)
else:
raise Exception("Invalid operand size: %s" % oprnd0)
tmp0 = tb.temporal(oprnd0.size * 2)
one = tb.immediate(1, 1)
change_dst_lbl = Label('change_dst')
change_accum_lbl = Label('change_accum')
# Compare.
tb.add(self._builder.gen_sub(accum, oprnd0, tmp0))
# Update flags : CF, OF, SF, ZF, AF, PF
self._update_cf(tb, accum, oprnd0, tmp0)
self._update_of_sub(tb, accum, oprnd0, tmp0)
self._update_sf(tb, accum, oprnd0, tmp0)
self._update_zf(tb, accum, oprnd0, tmp0)
self._update_af_sub(tb, accum, oprnd0, tmp0)
self._update_pf(tb, accum, oprnd0, tmp0)
# Exchange
tb.add(self._builder.gen_jcc(tmp0, change_accum_lbl))
tb.add(change_dst_lbl)
tb.write(instruction.operands[0], oprnd1)
tb.add(self._builder.gen_jcc(one, end_addr))
tb.add(change_accum_lbl)
# tb.add(self._builder.gen_str(oprnd0, accum))
tb.write(accum_x86, oprnd0)
def _translate_lahf(self, tb, instruction):
# Operation
# IF 64-Bit Mode
# THEN
# IF CPUID.80000001H:ECX.LAHF-SAHF[bit 0] = 1;
# THEN AH <- RFLAGS(SF:ZF:0:AF:0:PF:1:CF);
# ELSE #UD;
# FI;
# ELSE
# AH <- EFLAGS(SF:ZF:0:AF:0:PF:1:CF);
# FI;
# Flags Affected
# None. The state of the flags in the EFLAGS register is not affected.
ah = X86RegisterOperand("ah", 8)
dst = tb.temporal(8)
tmp1 = tb.temporal(dst.size)
shl_one = tb.immediate(1, 8)
tb.add(self._builder.gen_str(tb.immediate(0, 8), dst))
# Store SF.
tb.add(self._builder.gen_str(self._flags["sf"], tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store ZF.
tb.add(self._builder.gen_str(self._flags["zf"], tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store 0.
tb.add(self._builder.gen_str(tb.immediate(0, 8), tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store AF.
tb.add(self._builder.gen_str(self._flags["af"], tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store 0.
tb.add(self._builder.gen_str(tb.immediate(0, 8), tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store PF.
tb.add(self._builder.gen_str(self._flags["pf"], tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store 1.
tb.add(self._builder.gen_str(tb.immediate(1, 8), tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
# Shift left.
tb.add(self._builder.gen_bsh(dst, shl_one, dst))
# Store CF.
tb.add(self._builder.gen_str(self._flags["cf"], tmp1))
tb.add(self._builder.gen_or(tmp1, dst, dst))
tb.write(ah, dst)
def __get_jecxz_implicit_operand():
oprnd = X86RegisterOperand('ecx', 32)
return oprnd
def __get_sahf_implicit_operand():
return X86RegisterOperand('ah', 8)
def __get_mul_implicit_operands(size):
if size == 8:
oprnd1 = X86RegisterOperand('al', 8)
result_low = X86RegisterOperand('al', 8)
result_high = X86RegisterOperand('ah', 8)
elif size == 16:
oprnd1 = X86RegisterOperand('ax', 16)
result_low = X86RegisterOperand('ax', 16)
result_high = X86RegisterOperand('dx', 16)
elif size == 32:
oprnd1 = X86RegisterOperand('eax', 32)
result_low = X86RegisterOperand('eax', 32)
result_high = X86RegisterOperand('edx', 32)
elif size == 64:
oprnd1 = X86RegisterOperand('rax', 64)
result_low = X86RegisterOperand('rax', 64)
result_high = X86RegisterOperand('rdx', 64)
return oprnd1, result_low, result_high