def end(self): """Do post-loop iterator code""" if self.mode == CTR: self.code.add(x86_64.loop(self.start_label)) elif self.mode == DEC: # branch if r_count is not zero (CR) # Note that this relies on someone (e.g. cleanup()) setting the # condition register properly. if self.step_size() == 1: self.code.add(x86_64.jnz(self.start_label)) else: self.code.add(x86_64.cmp(self.r_count, 0)) self.code.add(x86_64.jg(self.start_label)) elif self.mode == INC: if self.external_stop: if isinstance(self.r_count, memory.MemRef) and isinstance( self.r_stop, memory.MemRef): if self.r_clobber == None: raise Exception( 'Must specify clobber_reg if count and stop values are both stored in memory.' ) #self.code.add(x86_64.push(registers.rax)) #if self.r_count.base != registers.rsp: # self.code.add(x86_64.mov(registers.rax, self.r_count)) #else: # oldm = self.r_count # m = memory.MemRef(oldm.base, oldm.disp+8, oldm.index, oldm.scale, oldm.data_size) # self.code.add(x86_64.mov(registers.rax, m)) #if self.r_stop.base != registers.rsp: # self.code.add(x86_64.cmp(registers.rax, self.r_stop)) #else: # oldm = self.r_stop # m = memory.MemRef(oldm.base, oldm.disp+8, oldm.index, oldm.scale, oldm.data_size) # self.code.add(x86_64.cmp(registers.rax, m)) #self.code.add(x86_64.pop(registers.rax)) else: self.code.add(x86_64.mov(self.r_clobber, self.r_count)) self.code.add(x86_64.cmp(self.r_clobber, self.r_stop)) else: self.code.add(x86_64.cmp(self.r_count, self.r_stop)) else: self.code.add(x86_64.cmp(self.r_count, self.n)) self.code.add(x86_64.jnge(self.start_label)) return
def end(self): """Do post-loop iterator code""" if self.mode == CTR: self.code.add(x86_64.loop(self.start_label)) elif self.mode == DEC: # branch if r_count is not zero (CR) # Note that this relies on someone (e.g. cleanup()) setting the # condition register properly. if self.step_size() == 1: self.code.add(x86_64.jnz(self.start_label)) else: self.code.add(x86_64.cmp(self.r_count, 0)) self.code.add(x86_64.jg(self.start_label)) elif self.mode == INC: if self.external_stop: if isinstance(self.r_count, memory.MemRef) and isinstance(self.r_stop, memory.MemRef): if self.r_clobber == None: raise Exception('Must specify clobber_reg if count and stop values are both stored in memory.') #self.code.add(x86_64.push(registers.rax)) #if self.r_count.base != registers.rsp: # self.code.add(x86_64.mov(registers.rax, self.r_count)) #else: # oldm = self.r_count # m = memory.MemRef(oldm.base, oldm.disp+8, oldm.index, oldm.scale, oldm.data_size) # self.code.add(x86_64.mov(registers.rax, m)) #if self.r_stop.base != registers.rsp: # self.code.add(x86_64.cmp(registers.rax, self.r_stop)) #else: # oldm = self.r_stop # m = memory.MemRef(oldm.base, oldm.disp+8, oldm.index, oldm.scale, oldm.data_size) # self.code.add(x86_64.cmp(registers.rax, m)) #self.code.add(x86_64.pop(registers.rax)) else: self.code.add(x86_64.mov(self.r_clobber, self.r_count)) self.code.add(x86_64.cmp(self.r_clobber, self.r_stop)) else: self.code.add(x86_64.cmp(self.r_count, self.r_stop)) else: self.code.add(x86_64.cmp(self.r_count, self.n)) self.code.add(x86_64.jnge(self.start_label)) return
def Test(): verify(x86.xor(ebx, eax), [0x31, 0xC3]) verify(x86.add(ebx, ebx), [0x01, 0xdb]) verify(x86.add(ebx, r13d), [0x44, 0x01, 0xeb]) verify(x86.add(r13d, ebx), [0x41, 0x01, 0xdd]) verify(x86.xor(rax, r15), [0x4c, 0x31, 0xf8]) verify(x86.xor(r15, rax), [0x49, 0x31, 0xc7]) verify(x86.xor(r13, r13), [0x4d, 0x31, 0xed]) verify(x86.mov(rax, 0xDEADDEADBEEFl), [0x48, 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r11, 0xDEADDEADBEEFl), [0x49, 0xbb, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r12, 0xDEADDEADBEEFl), [0x49, 0xbc, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r13, 0xDEADDEADBEEFl), [0x49, 0xbd, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r14, 0xDEADDEADBEEFl), [0x49, 0xbe, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r15, 0xDEADDEADBEEFl), [0x49, 0xbf, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.add(r15, 0xBEEF), [0x49, 0x81, 0xc7, 0xef, 0xbe, 0x00, 0x00]) verify(x86.add(r8, 0xA), [0x49, 0x83, 0xc0, 0x0a]) verify(x86.mov(r8, MemRef(rbx, 3)), [0x4c, 0x8b, 0x43, 0x03]) verify(x86.mov(rax, MemRef(r9, 3)), [0x49, 0x8b, 0x41, 0x03]) verify(x86.mov(rcx, MemRef(rsp)), [0x48, 0x8b, 0x0c, 0x24]) verify(x86.mov(rbx, MemRef(rsp)), [0x48, 0x8b, 0x1c, 0x24]) verify(x86.mov(rdx, MemRef(rbp, 64)), [0x48, 0x8b, 0x55, 0x40]) verify(x86.mov(rdi, MemRef(rbp)), [0x48, 0x8b, 0x7d, 0x00]) verify(x86.mov(rdx, MemRef(rax, 64, r10, 4)), [0x4a, 0x8b, 0x54, 0x90, 0x40]) verify(x86.mov(rdx, MemRef(r14, 24, rbx, 2)), [0x49, 0x8b, 0x54, 0x5e, 0x18]) verify(x86.add(MemRef(rsp), 16), [0x48, 0x83, 0x04, 0x24, 0x10]) verify(x86.add(MemRef(rsp), r15), [0x4c, 0x01, 0x3c, 0x24]) verify(x86.call(MemRef(r12)), [0x41, 0xff, 0x14, 0x24]) verify(x86.cmpxchg8b(MemRef(rax)), [0x0f, 0xc7, 0x08]) verify(x86.cmpxchg8b(MemRef(r8)), [0x41, 0x0f, 0xc7, 0x08]) verify(x86.cmpxchg16b(MemRef(rax, data_size = 128)), [0x48, 0x0f, 0xc7, 0x08]) verify(x86.cmpxchg16b(MemRef(r8, data_size = 128)), [0x49, 0x0f, 0xc7, 0x08]) verify(x86.add(MemRef(rbp), 5), [0x48, 0x83, 0x45, 0x00, 0x05]) verify(x86.add(MemRef(rbp), 0x1EADBEEF), [0x48, 0x81, 0x45, 0x00, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.call(MemRef(rdx)), [0xff, 0x12]) verify(x86.dec(rax), [0x48, 0xff, 0xc8]) verify(x86.dec(MemRef(rax)), [0x48, 0xff, 0x08]) verify(x86.dec(MemRef(r15)), [0x49, 0xff, 0x0f]) verify(x86.div(rax), [0x48, 0xf7, 0xf0]) verify(x86.div(r13), [0x49, 0xf7, 0xf5]) verify(x86.div(MemRef(rax)), [0x48, 0xf7, 0x30]) verify(x86.div(MemRef(r13)), [0x49, 0xf7, 0x75, 0x00]) verify(x86.jmp(rax), [0x48, 0xff, 0xe0]) verify(x86.jmp(MemRef(r13)), [0x41, 0xff, 0x65, 0x00]) verify(x86.jmp(MemRef(rax)), [0xff, 0x20]) verify(x86.lea(rdx, MemRef(r14, 24, rbx, 2, data_size = None)), [0x49, 0x8d, 0x54, 0x5e, 0x18]) verify(x86.loop(-4), [0xe2, 0xfc]) verify(x86.mov(r13, -0x1EADBEEFDEADBEEF), [0x49, 0xbd, 0x11, 0x41, 0x52, 0x21, 0x10, 0x41, 0x52, 0xe1]) verify(x86.shld(rax, r15, cl), [0x4c, 0x0f, 0xa5, 0xf8]) verify(x86.movd(xmm8, r15), [0x66, 0x4d, 0x0f, 0x6e, 0xc7]) verify(x86.addpd(xmm11, xmm10), [0x66, 0x45, 0x0f, 0x58, 0xda]) verify(x86.addpd(xmm11, MemRef(rdx, data_size = 128)), [0x66, 0x44, 0x0f, 0x58, 0x1a]) verify(x86.cmpxchg8b(MemRef(eax)), [0x67, 0x0f, 0xc7, 0x08]) verify(x86.mov(r8, MemRef(ebx, 3)), [0x67, 0x4c, 0x8b, 0x43, 0x03]) verify(x86.mov(rax, MemRef(r9d, 3)), [0x67, 0x49, 0x8b, 0x41, 0x03]) verify(x86.mov(rdx, MemRef(ebp, 64)), [0x67, 0x48, 0x8b, 0x55, 0x40]) verify(x86.mov(rdx, MemRef(eax, 64, r10d, 4)), [0x67, 0x4a, 0x8b, 0x54, 0x90, 0x40]) verify(x86.mov(rdx, MemRef(r14d, 24, ebx, 2)), [0x67, 0x49, 0x8b, 0x54, 0x5e, 0x18]) verify(x86.add(MemRef(rbp, data_size = 32), 5), [0x83, 0x45, 0x00, 0x05]) verify(x86.add(MemRef(rbp, data_size = 32), 0x1EADBEEF), [0x81, 0x45, 0x00, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.add(ebp, 8), [0x83, 0xc5, 0x08]) verify(x86.add(r15d, 8), [0x41, 0x83, 0xc7, 0x08]) verify(x86.add(r15d, 0x1EADBEEF), [0x41, 0x81, 0xc7, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.mov(r8d, 0x1EADBEEF), [0x41, 0xb8, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.add(ax, r9w), [0x66, 0x44, 0x01, 0xc8]) verify(x86.add(eax, r9d), [0x44, 0x01, 0xc8]) verify(x86.add(rax, MemRef(rbp, -8)), [0x48, 0x03, 0x45, 0xf8]) verify(x86.cmplepd(xmm11, xmm10), [0x66, 0x45, 0x0f, 0xc2, 0xda, 0x02]) verify(x86.pextrw(eax, xmm7, 2), [0x66, 0x0f, 0xc5, 0xc7, 0x02]) verify(x86.mov(rax, MemRef(rip, 128)), [0x48, 0x8b, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(MemRef(rip, 128), rax), [0x48, 0x89, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(eax, MemRef(rip, 128, data_size = 32)), [0x8b, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(rax,MemRef(128)), [0x48, 0x8b, 0x04, 0x25, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(rax,MemRef(rbp)), [0x48, 0x8b, 0x45, 0x00]) verify(x86.mov(rbx,MemRef(rbp, index = rdx, scale=2)), [0x48, 0x8b, 0x5c, 0x55, 0x00]) verify(x86.mov(rbx,MemRef(rdi, index = rdx, scale=2)), [0x48, 0x8b, 0x1c, 0x57]) verify(x86.mov(rbx,MemRef(rsp, index = rdx, scale=2)), [0x48, 0x8b, 0x1c, 0x54]) verify(x86.mov(rax,MemRef(rbp, 0, index = rdx, scale=2)), [0x48, 0x8b, 0x44, 0x55, 0x00]) verify(x86.mov(eax,MemRef(ebp, data_size = 32)), [0x67, 0x8b, 0x45, 0x00]) verify(x86.and_(al,bl), [0x20, 0xd8]) verify(x86.and_(al,ch), [0x20, 0xe8]) verify(x86.and_(al,sil), [0x40, 0x20, 0xf0]) verify(x86.and_(al,spl), [0x40, 0x20, 0xe0]) verify(x86.and_(bpl,MemRef(rax, data_size = 8)), [0x40, 0x22, 0x28]) verify(x86.invlpg(MemRef(rax, data_size = 8)), [0x0F, 0x01, 0x38]) verify(x86.rdtscp(), [0x0F, 0x01, 0xF9]) verify(x86.cmove(rcx, rdx), [0x48, 0x0F, 0x44, 0xCA]) verify(x86.cmove(ecx, edx), [0x0F, 0x44, 0xCA]) verify(x86.cmove(cx, dx), [0x66, 0x0F, 0x44, 0xCA]) verify(x86.shld(rax, rbx, cl), [0x48, 0x0F, 0xA5, 0xD8]) verify(x86.shld(eax, ebx, cl), [0x0F, 0xA5, 0xD8]) verify(x86.shld(ax, bx, cl), [0x66, 0x0F, 0xA5, 0xD8]) verify(x86.shld(rax, rbx, 4), [0x48, 0x0F, 0xA4, 0xD8, 0x04]) verify(x86.shld(eax, ebx, 4), [0x0F, 0xA4, 0xD8, 0x04]) verify(x86.shld(ax, bx, 4), [0x66, 0x0F, 0xA4, 0xD8, 0x04]) verify(x86.imul(rax, rdx, 0x100000), [0x48, 0x69, 0xC2, 0x00, 0x00, 0x10, 0x00]) verify(x86.imul(rax, rdx, 0x10), [0x48, 0x6B, 0xC2, 0x10]) verify(x86.imul(eax, edx, 0x100000), [0x69, 0xC2, 0x00, 0x00, 0x10, 0x00]) verify(x86.imul(ax, dx, 0x1000), [0x66, 0x69, 0xC2, 0x00, 0x10]) verify(x86.shl(rax, 1), [0x48, 0xD1, 0xE0]) verify(x86.add(eax, 1), [0x83, 0xC0, 0x01]) verify(x86.mov(r15, 4), [0x49, 0xC7, 0xC7, 0x04, 0x00, 0x00, 0x00]) print verify(x86.cvtss2si(r9d, xmm0), [0xf3, 0x44, 0x0f, 0x2d, 0xc8]) verify(x86.cvttsd2si(r9d, xmm0), [0xf2, 0x44, 0x0f, 0x2c, 0xc8]) verify(x86.cvttss2si(r9d, xmm0), [0xf3, 0x44, 0x0f, 0x2c, 0xc8]) verify(x86.movmskpd(eax,xmm9), [0x66, 0x41, 0x0F, 0x50, 0xC1]) verify(x86.pmovmskb(eax,xmm9), [0x66, 0x41, 0x0F, 0xD7, 0xC1]) verify(x86.pextrw(ebx, xmm12, 4), [0x66, 0x41, 0x0F, 0xC5, 0xDC, 0x04]) verify(x86.pinsrw(xmm12, ebx, 4), [0x66, 0x44, 0x0F, 0xC4, 0xE3, 0x04]) verify(x86.movd(ecx,xmm5), [0x66, 0x0F, 0x7E, 0xE9]) verify(x86.movd(xmm5,edx), [0x66, 0x0F, 0x6E, 0xEA]) verify(x86.movd(xmm5,rdx), [0x66, 0x48, 0x0F, 0x6E, 0xEA]) print verify(x86.cvtsi2sd(xmm0, r9), [0xF3, 0x49, 0x0F, 0x2A, 0xC1]) verify(x86.cvtss2si(r9, xmm0), [0xF3, 0x4C, 0x0F, 0x2D, 0xC8]) verify(x86.cvttsd2si(r9, xmm0), [0xF2, 0x4C, 0x0F, 0x2C, 0xC8]) verify(x86.cvttss2si(r9, xmm0), [0xF3, 0x4C, 0x0F, 0x2C, 0xC8]) verify(x86.movd(rcx,xmm5), [0x66, 0x48, 0x0F, 0x7E, 0xE9]) verify(x86.movd(xmm5,rdx), [0x66, 0x48, 0x0F, 0x6E, 0xEA]) print verify(x86.pmovmskb(eax,mm1), [0x0F, 0xD7, 0xC1]) verify(x86.pmovmskb(rax,mm1), [0x48, 0x0F, 0xD7, 0xC1]) verify(x86.movd(rcx,mm5), [0x48, 0x0F, 0x7E, 0xE9]) verify(x86.movd(mm5,rdx), [0x48, 0x0F, 0x6E, 0xEA]) return
def Test(): code = env.InstructionStream() proc = env.Processor() params = env.ExecParams() params.p1 = 3 mr32 = MemRef(rbp, 16, data_size=32) mr8 = MemRef(rbp, 16, data_size=8) lbl1 = code.get_label("lbl1") lbl2 = code.get_label("lbl2") code.add(x86.xor(rax, rax)) code.add(x86.cmp(rax, 1)) code.add(x86.jne(lbl1)) code.add(x86.ud2()) code.add(x86.ud2()) code.add(lbl1) code.add(x86.cmp(rax, 1)) code.add(x86.je(lbl2)) code.add(x86.add(rax, 12)) code.add(lbl2) # printer.PrintInstructionStream(code, printer.x86_64_Nasm(function_name="foobar")) ret = proc.execute(code) print "ret", ret assert (ret == 12) print "W00T" code.reset() code.add(x86.xor(rax, rax)) code.add(x86.cmp(rax, 1)) code.add(x86.jne(28)) code.add(x86.ud2()) code.add(x86.ud2()) code.add(x86.cmp(eax, 1)) code.add(x86.je(37)) code.add(x86.add(rax, 12)) code.print_code(hex=True, pro=True, epi=True) print "a" ret = proc.execute(code) print "b" print "ret", ret assert (ret == 12) print "w00t 2" code.reset() call_lbl = code.get_label("call_fn") code.add(x86.xor(rax, rax)) code.add(x86.call(call_lbl)) code.add(x86.jmp(code.lbl_epilogue)) code.add(x86.mov(rax, 75)) code.add(x86.mov(rax, 42)) code.add(call_lbl) code.add(x86.mov(rax, 15)) code.add(x86.ret()) code.print_code() ret = proc.execute(code) print "ret", ret assert (ret == 15) code.reset() fwd_lbl = code.get_label("FORWARD") bck_lbl = code.get_label("BACKWARD") code.add(x86.xor(rax, rax)) code.add(bck_lbl) code.add(x86.cmp(rax, 1)) code.add(x86.jne(fwd_lbl)) for i in xrange(0, 65): code.add(x86.pop(r15)) code.add(fwd_lbl) ret = proc.execute(code, mode='int') assert (ret == 0) code.reset() loop_lbl = code.get_label("LOOP") out_lbl = code.get_label("OUT") skip_lbl = code.get_label("SKIP") code.add(x86.xor(rax, rax)) code.add(loop_lbl) for i in range(0, 1): for i in xrange(0, 24): code.add(x86.add(r15, MemRef(rsp, 4))) code.add(x86.add(rax, 4)) code.add(x86.cmp(rax, 20)) code.add(x86.je(out_lbl)) for i in xrange(0, 24): code.add(x86.add(r15, MemRef(rsp, 4))) code.add(x86.cmp(rax, 32)) code.add(x86.jne(loop_lbl)) code.add(out_lbl) code.add(x86.jmp(skip_lbl)) for i in xrange(0, 2): code.add(x86.add(r15, MemRef(rsp, 4))) code.add(skip_lbl) ret = proc.execute(code, mode='int') print "ret", ret assert (ret == 20) code.reset() loop_lbl = code.get_label("LOOP") else_lbl = code.get_label("ELSE") finish_lbl = code.get_label("finish") code.add(x86.mov(rax, 0)) code.add(x86.mov(rdx, 0)) code.add(loop_lbl) code.add(x86.add(rax, 1)) code.add(x86.cmp(rax, 16)) code.add(x86.jge(finish_lbl)) code.add(x86.add(rdx, rax)) code.add(x86.mov(r8, rdx)) code.add(x86.and_(r8, 0x1)) code.add(x86.jnz(else_lbl)) code.add(x86.add(rdx, 1)) code.add(x86.jmp(loop_lbl)) code.add(else_lbl) code.add(x86.add(rdx, r8)) code.add(x86.jmp(loop_lbl)) code.add(finish_lbl) code.add(x86.mov(rax, rdx)) ret = proc.execute(code, mode='int') print "ret", ret assert (ret == 135) code.reset() loop_lbl = code.get_label("LOOP") code.add(x86.xor(rax, rax)) code.add(x86.xor(rcx, rcx)) code.add(x86.mov(rdx, 1)) code.add(loop_lbl) code.add(x86.inc(rax)) code.add(x86.cmp(rax, 7)) code.add(x86.cmove(rcx, rdx)) code.add(x86.jrcxz(loop_lbl)) code.print_code(hex=True) ret = proc.execute(code, mode='int') print "ret", ret assert (ret == 7) code.reset() code.add(x86.mov(rax, MemRef(rbp, 16))) code.add(x86.xor(rbx, rbx)) code.add(x86.mov(rbx, -1)) code.add(x86.mov(cl, 1)) code.add(x86.shld(rax, rbx, cl)) code.print_code(hex=True) ret = proc.execute(code, params=params, mode='int') print "ret", ret assert (ret == 7) # code.reset() # code.add(x86.add(eax, 200)) # code.add(x86.xor(eax, eax)) # code.add(x86.add(al, 32)) # code.add(x86.add(bl, 32)) # code.add(x86.xor(bl, bl)) # code.add(x86.mov(mr8, al)) # code.add(x86.add(mr32, 0)) # code.add(x86.mov(eax, mr32)) # code.add(x86.mov(al, mr8)) # # code.add(x86.imul(ax, ax, 4)) # code.add(x86.imul(eax, ebx, 10)) # code.add(x86.mov(cx, 1232)) # code.add(x86.sub(ax, cx)) # code.add(x86.xor(eax,eax)) # code.add(x86.mov(eax,ebx)) # code.add(x86.clc()) # code.add(x86.rcl(eax, 1)) # code.add(x86.rcr(eax, 1)) # #ret = proc.execute(code, debug = True, params = params) # id1 = proc.execute(code, params = params, mode = 'int', async = True) # id2 = proc.execute(code, params = params, mode = 'int', async = True) # ret = proc.execute(code, params = params, mode = 'int') # print "Return main thread: %d" % (ret) # assert(ret == 1280) # ret = proc.join(id1) # print "Return thread 1: %d" % (ret) # assert(ret == 1280) # ret = proc.join(id2) # print "Return thread 2: %d" % (ret) # assert(ret == 1280) code.reset() code.add(x86.fldpi()) code.add(x86.pxor(xmm0, xmm0)) code.add(x86.fld1()) code.add(x86.fadd(st0, st0)) code.add(x86.fmulp()) code.add(x86.fsin()) code.add(x86.fcos()) code.add(x86.fld1()) code.add(x86.fyl2xp1()) # x86_64 now uses xmm0 to return floats, not st0. So here, just make room # on the stack, convert the FP result to an int and store it on the stack, # then pop it into rax, the int return register. code.add(x86.push(rax)) code.add(x86.fistp(MemRef(rsp))) code.add(x86.pop(rax)) code.print_code(hex=True) ret = proc.execute(code, params=params, mode='int') assert (ret == 1) print "Return main thread: %d" % (ret) code.reset() lbl_ok = code.get_label("OK") code.add(x86.emms()) code.add(x86.movd(xmm0, mr32)) code.add(x86.mov(ebx, mr32)) code.add(x86.cmp(ebx, 3)) code.add(x86.je(lbl_ok)) code.add(x86.movd(eax, xmm0)) code.add(x86.cmp(eax, 3)) code.add(x86.je(lbl_ok)) code.add(x86.ud2()) code.add(lbl_ok) code.add(x86.xor(eax, eax)) code.add(x86.movd(xmm1, ebx)) code.add(x86.paddq(xmm0, xmm1)) code.add(x86.pextrw(ecx, xmm0, 0)) code.add(x86.pinsrw(mm1, ecx, 0)) code.add(x86.movq2dq(xmm0, mm1)) code.add(x86.movdq2q(mm2, xmm0)) code.add(x86.movd(edx, mm2)) code.add(x86.movd(xmm5, edx)) code.add(x86.movd(ecx, xmm5)) code.add(x86.pinsrw(xmm6, ecx, 0)) code.add(x86.movd(eax, xmm6)) code.print_code(hex=True) ret = proc.execute(code, params=params, mode='int') print "Return main thread: %d" % (ret) assert (ret == 6) code.reset() # Test immediate size encodings code.add(x86.add(eax, 300)) code.add(x86.add(ax, 300)) code.add(x86.add(ax, 30)) code.add(x86.mov(eax, 16)) code.add(x86.mov(eax, 300)) code.reset() code.add(x86.add(eax, 0xDEADBEEF)) code.add(x86.add(ebx, 0xDEADBEEF)) code.print_code(hex=True) # Try the LOCK prefix code.reset() code.add(x86.xor(eax, eax)) code.add(x86.add(mr32, eax)) code.add(x86.add(mr32, eax, lock=True)) #code.print_code(hex = True) proc.execute(code, params=params) code.reset() code.add(x86.mov(edx, 0x1234)) code.add(x86.mov(eax, 0xFFFF)) code.add(x86.xchg(edx, eax)) code.print_code(hex=True) ret = proc.execute(code, params=params) print "ret:", ret assert (ret == 0x1234) code.reset() code.add(x86.mov(rax, rsp)) code.add(x86.pushfq()) code.add(x86.sub(rax, rsp)) code.add(x86.add(rsp, rax)) code.print_code(hex=True) ret = proc.execute(code, params=params) print "ret:", ret assert (ret == 8) code.reset() data = extarray.extarray('H', xrange(0, 16)) # code.add(x86.push(rdi)) code.add(x86.mov(rdi, data.buffer_info()[0])) code.add(x86.movaps(xmm1, MemRef(rdi, data_size=128))) code.add(x86.pextrw(rax, xmm1, 0)) code.add(x86.pextrw(rbx, xmm1, 1)) code.add(x86.pextrw(rcx, xmm1, 2)) code.add(x86.pextrw(rdx, xmm1, 3)) code.add(x86.shl(rbx, 16)) code.add(x86.shl(rcx, 32)) code.add(x86.shl(rdx, 48)) code.add(x86.or_(rax, rbx)) code.add(x86.or_(rax, rcx)) code.add(x86.or_(rax, rdx)) # code.add(x86.pop(rdi)) code.print_code(hex=True) ret = proc.execute(code, mode='int') print "ret %x" % ret assert (ret == 0x0003000200010000) code.reset() L1 = code.get_label("L1") code.add(x86.xor(rax, rax)) code.add(x86.mov(rcx, 3)) code.add(L1) code.add(x86.add(rax, 1)) code.add(x86.loop(L1)) code.print_code(hex=True) ret = proc.execute(code, mode='int') print "ret %x" % ret assert (ret == 0x03) return
def Test(): verify(x86.xor(ebx, eax), [0x31, 0xC3]) verify(x86.add(ebx, ebx), [0x01, 0xdb]) verify(x86.add(ebx, r13d), [0x44, 0x01, 0xeb]) verify(x86.add(r13d, ebx), [0x41, 0x01, 0xdd]) verify(x86.xor(rax, r15), [0x4c, 0x31, 0xf8]) verify(x86.xor(r15, rax), [0x49, 0x31, 0xc7]) verify(x86.xor(r13, r13), [0x4d, 0x31, 0xed]) verify(x86.mov(rax, 0xDEADDEADBEEFl), [0x48, 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r11, 0xDEADDEADBEEFl), [0x49, 0xbb, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r12, 0xDEADDEADBEEFl), [0x49, 0xbc, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r13, 0xDEADDEADBEEFl), [0x49, 0xbd, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r14, 0xDEADDEADBEEFl), [0x49, 0xbe, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.mov(r15, 0xDEADDEADBEEFl), [0x49, 0xbf, 0xef, 0xbe, 0xad, 0xde, 0xad, 0xde, 0x00, 0x00]) verify(x86.add(r15, 0xBEEF), [0x49, 0x81, 0xc7, 0xef, 0xbe, 0x00, 0x00]) verify(x86.add(r8, 0xA), [0x49, 0x83, 0xc0, 0x0a]) verify(x86.mov(r8, MemRef(rbx, 3)), [0x4c, 0x8b, 0x43, 0x03]) verify(x86.mov(rax, MemRef(r9, 3)), [0x49, 0x8b, 0x41, 0x03]) verify(x86.mov(rcx, MemRef(rsp)), [0x48, 0x8b, 0x0c, 0x24]) verify(x86.mov(rbx, MemRef(rsp)), [0x48, 0x8b, 0x1c, 0x24]) verify(x86.mov(rdx, MemRef(rbp, 64)), [0x48, 0x8b, 0x55, 0x40]) verify(x86.mov(rdi, MemRef(rbp)), [0x48, 0x8b, 0x7d, 0x00]) verify(x86.mov(rdx, MemRef(rax, 64, r10, 4)), [0x4a, 0x8b, 0x54, 0x90, 0x40]) verify(x86.mov(rdx, MemRef(r14, 24, rbx, 2)), [0x49, 0x8b, 0x54, 0x5e, 0x18]) verify(x86.add(MemRef(rsp), 16), [0x48, 0x83, 0x04, 0x24, 0x10]) verify(x86.add(MemRef(rsp), r15), [0x4c, 0x01, 0x3c, 0x24]) verify(x86.call(MemRef(r12)), [0x41, 0xff, 0x14, 0x24]) verify(x86.cmpxchg8b(MemRef(rax)), [0x0f, 0xc7, 0x08]) verify(x86.cmpxchg8b(MemRef(r8)), [0x41, 0x0f, 0xc7, 0x08]) verify(x86.cmpxchg16b(MemRef(rax, data_size=128)), [0x48, 0x0f, 0xc7, 0x08]) verify(x86.cmpxchg16b(MemRef(r8, data_size=128)), [0x49, 0x0f, 0xc7, 0x08]) verify(x86.add(MemRef(rbp), 5), [0x48, 0x83, 0x45, 0x00, 0x05]) verify(x86.add(MemRef(rbp), 0x1EADBEEF), [0x48, 0x81, 0x45, 0x00, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.call(MemRef(rdx)), [0xff, 0x12]) verify(x86.dec(rax), [0x48, 0xff, 0xc8]) verify(x86.dec(MemRef(rax)), [0x48, 0xff, 0x08]) verify(x86.dec(MemRef(r15)), [0x49, 0xff, 0x0f]) verify(x86.div(rax), [0x48, 0xf7, 0xf0]) verify(x86.div(r13), [0x49, 0xf7, 0xf5]) verify(x86.div(MemRef(rax)), [0x48, 0xf7, 0x30]) verify(x86.div(MemRef(r13)), [0x49, 0xf7, 0x75, 0x00]) verify(x86.jmp(rax), [0x48, 0xff, 0xe0]) verify(x86.jmp(MemRef(r13)), [0x41, 0xff, 0x65, 0x00]) verify(x86.jmp(MemRef(rax)), [0xff, 0x20]) verify(x86.lea(rdx, MemRef(r14, 24, rbx, 2, data_size=None)), [0x49, 0x8d, 0x54, 0x5e, 0x18]) verify(x86.loop(-4), [0xe2, 0xfc]) verify(x86.mov(r13, -0x1EADBEEFDEADBEEF), [0x49, 0xbd, 0x11, 0x41, 0x52, 0x21, 0x10, 0x41, 0x52, 0xe1]) verify(x86.shld(rax, r15, cl), [0x4c, 0x0f, 0xa5, 0xf8]) verify(x86.movd(xmm8, r15), [0x66, 0x4d, 0x0f, 0x6e, 0xc7]) verify(x86.addpd(xmm11, xmm10), [0x66, 0x45, 0x0f, 0x58, 0xda]) verify(x86.addpd(xmm11, MemRef(rdx, data_size=128)), [0x66, 0x44, 0x0f, 0x58, 0x1a]) verify(x86.cmpxchg8b(MemRef(eax)), [0x67, 0x0f, 0xc7, 0x08]) verify(x86.mov(r8, MemRef(ebx, 3)), [0x67, 0x4c, 0x8b, 0x43, 0x03]) verify(x86.mov(rax, MemRef(r9d, 3)), [0x67, 0x49, 0x8b, 0x41, 0x03]) verify(x86.mov(rdx, MemRef(ebp, 64)), [0x67, 0x48, 0x8b, 0x55, 0x40]) verify(x86.mov(rdx, MemRef(eax, 64, r10d, 4)), [0x67, 0x4a, 0x8b, 0x54, 0x90, 0x40]) verify(x86.mov(rdx, MemRef(r14d, 24, ebx, 2)), [0x67, 0x49, 0x8b, 0x54, 0x5e, 0x18]) verify(x86.add(MemRef(rbp, data_size=32), 5), [0x83, 0x45, 0x00, 0x05]) verify(x86.add(MemRef(rbp, data_size=32), 0x1EADBEEF), [0x81, 0x45, 0x00, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.add(ebp, 8), [0x83, 0xc5, 0x08]) verify(x86.add(r15d, 8), [0x41, 0x83, 0xc7, 0x08]) verify(x86.add(r15d, 0x1EADBEEF), [0x41, 0x81, 0xc7, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.mov(r8d, 0x1EADBEEF), [0x41, 0xb8, 0xef, 0xbe, 0xad, 0x1e]) verify(x86.add(ax, r9w), [0x66, 0x44, 0x01, 0xc8]) verify(x86.add(eax, r9d), [0x44, 0x01, 0xc8]) verify(x86.add(rax, MemRef(rbp, -8)), [0x48, 0x03, 0x45, 0xf8]) verify(x86.cmplepd(xmm11, xmm10), [0x66, 0x45, 0x0f, 0xc2, 0xda, 0x02]) verify(x86.pextrw(eax, xmm7, 2), [0x66, 0x0f, 0xc5, 0xc7, 0x02]) verify(x86.mov(rax, MemRef(rip, 128)), [0x48, 0x8b, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(MemRef(rip, 128), rax), [0x48, 0x89, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(eax, MemRef(rip, 128, data_size=32)), [0x8b, 0x05, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(rax, MemRef(128)), [0x48, 0x8b, 0x04, 0x25, 0x80, 0x00, 0x00, 0x00]) verify(x86.mov(rax, MemRef(rbp)), [0x48, 0x8b, 0x45, 0x00]) verify(x86.mov(rbx, MemRef(rbp, index=rdx, scale=2)), [0x48, 0x8b, 0x5c, 0x55, 0x00]) verify(x86.mov(rbx, MemRef(rdi, index=rdx, scale=2)), [0x48, 0x8b, 0x1c, 0x57]) verify(x86.mov(rbx, MemRef(rsp, index=rdx, scale=2)), [0x48, 0x8b, 0x1c, 0x54]) verify(x86.mov(rax, MemRef(rbp, 0, index=rdx, scale=2)), [0x48, 0x8b, 0x44, 0x55, 0x00]) verify(x86.mov(eax, MemRef(ebp, data_size=32)), [0x67, 0x8b, 0x45, 0x00]) verify(x86.and_(al, bl), [0x20, 0xd8]) verify(x86.and_(al, ch), [0x20, 0xe8]) verify(x86.and_(al, sil), [0x40, 0x20, 0xf0]) verify(x86.and_(al, spl), [0x40, 0x20, 0xe0]) verify(x86.and_(bpl, MemRef(rax, data_size=8)), [0x40, 0x22, 0x28]) verify(x86.invlpg(MemRef(rax, data_size=8)), [0x0F, 0x01, 0x38]) verify(x86.rdtscp(), [0x0F, 0x01, 0xF9]) verify(x86.cmove(rcx, rdx), [0x48, 0x0F, 0x44, 0xCA]) verify(x86.cmove(ecx, edx), [0x0F, 0x44, 0xCA]) verify(x86.cmove(cx, dx), [0x66, 0x0F, 0x44, 0xCA]) verify(x86.shld(rax, rbx, cl), [0x48, 0x0F, 0xA5, 0xD8]) verify(x86.shld(eax, ebx, cl), [0x0F, 0xA5, 0xD8]) verify(x86.shld(ax, bx, cl), [0x66, 0x0F, 0xA5, 0xD8]) verify(x86.shld(rax, rbx, 4), [0x48, 0x0F, 0xA4, 0xD8, 0x04]) verify(x86.shld(eax, ebx, 4), [0x0F, 0xA4, 0xD8, 0x04]) verify(x86.shld(ax, bx, 4), [0x66, 0x0F, 0xA4, 0xD8, 0x04]) verify(x86.imul(rax, rdx, 0x100000), [0x48, 0x69, 0xC2, 0x00, 0x00, 0x10, 0x00]) verify(x86.imul(rax, rdx, 0x10), [0x48, 0x6B, 0xC2, 0x10]) verify(x86.imul(eax, edx, 0x100000), [0x69, 0xC2, 0x00, 0x00, 0x10, 0x00]) verify(x86.imul(ax, dx, 0x1000), [0x66, 0x69, 0xC2, 0x00, 0x10]) verify(x86.shl(rax, 1), [0x48, 0xD1, 0xE0]) verify(x86.add(eax, 1), [0x83, 0xC0, 0x01]) verify(x86.mov(r15, 4), [0x49, 0xC7, 0xC7, 0x04, 0x00, 0x00, 0x00]) print verify(x86.cvtss2si(r9d, xmm0), [0xf3, 0x44, 0x0f, 0x2d, 0xc8]) verify(x86.cvttsd2si(r9d, xmm0), [0xf2, 0x44, 0x0f, 0x2c, 0xc8]) verify(x86.cvttss2si(r9d, xmm0), [0xf3, 0x44, 0x0f, 0x2c, 0xc8]) verify(x86.movmskpd(eax, xmm9), [0x66, 0x41, 0x0F, 0x50, 0xC1]) verify(x86.pmovmskb(eax, xmm9), [0x66, 0x41, 0x0F, 0xD7, 0xC1]) verify(x86.pextrw(ebx, xmm12, 4), [0x66, 0x41, 0x0F, 0xC5, 0xDC, 0x04]) verify(x86.pinsrw(xmm12, ebx, 4), [0x66, 0x44, 0x0F, 0xC4, 0xE3, 0x04]) verify(x86.movd(ecx, xmm5), [0x66, 0x0F, 0x7E, 0xE9]) verify(x86.movd(xmm5, edx), [0x66, 0x0F, 0x6E, 0xEA]) verify(x86.movd(xmm5, rdx), [0x66, 0x48, 0x0F, 0x6E, 0xEA]) print verify(x86.cvtsi2sd(xmm0, r9), [0xF3, 0x49, 0x0F, 0x2A, 0xC1]) verify(x86.cvtss2si(r9, xmm0), [0xF3, 0x4C, 0x0F, 0x2D, 0xC8]) verify(x86.cvttsd2si(r9, xmm0), [0xF2, 0x4C, 0x0F, 0x2C, 0xC8]) verify(x86.cvttss2si(r9, xmm0), [0xF3, 0x4C, 0x0F, 0x2C, 0xC8]) verify(x86.movd(rcx, xmm5), [0x66, 0x48, 0x0F, 0x7E, 0xE9]) verify(x86.movd(xmm5, rdx), [0x66, 0x48, 0x0F, 0x6E, 0xEA]) print verify(x86.pmovmskb(eax, mm1), [0x0F, 0xD7, 0xC1]) verify(x86.pmovmskb(rax, mm1), [0x48, 0x0F, 0xD7, 0xC1]) verify(x86.movd(rcx, mm5), [0x48, 0x0F, 0x7E, 0xE9]) verify(x86.movd(mm5, rdx), [0x48, 0x0F, 0x6E, 0xEA]) return