← Back to branch summary

~ubuntu-branches/ubuntu/maverick/radare/maverick

« back to all changes in this revision

Viewing changes to src/arch/x86/code.c

  • Committer: Bazaar Package Importer
  • Author(s): SevenMachines
  • Date: 2010-09-07 15:44:27 UTC
  • mfrom: (1.1.3 upstream) (2.1.4 sid)
  • Revision ID: james.westby@ubuntu.com-20100907154427-37u92vu12tqabqqz
Tags: 1:1.5.2-3ubuntu1
https://launchpad.net/bugs/621016
https://launchpad.net/bugs/618809
* Merge from debian testing (LP: #621016)
* debian/control:
     + libvala-dev transition to libval-0.10-dev (LP: #618809) 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/arch/x86/code.c
44
44
 
45
45
// NOTE: bytes should be at least 16 bytes!
46
46
// XXX addr should be off_t for 64 love
47
 
int arch_x86_aop(u64 addr, const u8 *bytes, struct aop_t *aop)
 
47
int arch_x86_aop(ut64 addr, const u8 *bytes, struct aop_t *aop)
48
48
{
49
49
        if (aop == NULL)
50
50
                return dislen((unsigned char *)bytes, 64);
61
61
                case 0x46:
62
62
                case 0x55:
63
63
                        /* mov -0xc(%ebp, %eax */
64
 
                        aop->ref = (u64)(int)(-((char)bytes[2]));
 
64
                        aop->ref = (ut64)(int)(-((char)bytes[2]));
65
65
                        aop->stackop = AOP_STACK_LOCAL_GET;
66
66
                        break;
67
67
 
68
68
                case 0x95:
69
69
                        if (bytes[2]==0xe0) { // ebp
70
 
                                aop->ref = (u64)(-((int)(bytes[3]+(bytes[4]<<8)+(bytes[5]<<16)+(bytes[6]<<24))));
 
70
                                aop->ref = (ut64)(-((int)(bytes[3]+(bytes[4]<<8)+(bytes[5]<<16)+(bytes[6]<<24))));
71
71
                                aop->stackop = AOP_STACK_LOCAL_GET;
72
72
                        }
73
73
                        //aop->ref = -(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24));
74
74
                        break;
75
75
                case 0xbd:
76
 
                        aop->ref = (u64)(-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
 
76
                        aop->ref = (ut64)(-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
77
77
                        //aop->ref = -(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24));
78
78
                        aop->stackop = AOP_STACK_LOCAL_GET;
79
79
                        break;
86
86
                case 0x4d: //  894de0          mov [ebp-0x20], ecx 
87
87
                case 0x55:
88
88
                        aop->stackop = AOP_STACK_LOCAL_SET;
89
 
                        aop->ref = (u64)-((char)bytes[2]);
 
89
                        aop->ref = (ut64)-((char)bytes[2]);
90
90
                        break;
91
91
                case 0x85:
92
92
                        aop->stackop = AOP_STACK_LOCAL_SET;
93
 
                        aop->ref = (u64)-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24)));
 
93
                        aop->ref = (ut64)-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24)));
94
94
                        break;
95
95
                case 0x75:
96
96
                        aop->stackop = AOP_STACK_LOCAL_GET;
97
 
                        aop->ref = (u64)(bytes[2]); //+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24));
 
97
                        aop->ref = (ut64)(bytes[2]); //+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24));
98
98
                        break;
99
99
                }
100
100
                aop->type   = AOP_TYPE_MOV;
103
103
        case 0xf4: // hlt
104
104
                aop->type   = AOP_TYPE_RET;
105
105
                aop->length = 1;
106
 
                //aop->eob = 1;
 
106
                aop->eob = 1;
107
107
                break;
108
108
        case 0xc3: // ret
109
109
        case 0xc2: // ret + 2 bytes
116
116
        //case 0xea: // far jmp
117
117
        // TODO moar
118
118
        case 0x3b: //cmp
119
 
                aop->ref = (u64)(-((char)bytes[2]));
 
119
                aop->ref = (ut64)(-((char)bytes[2]));
120
120
                aop->stackop = AOP_STACK_LOCAL_GET;
121
121
        case 0x39:
122
122
        case 0x3c:
132
132
        case 0x0f: // 3 byte nop
133
133
                //0fbe55ff        movsx edx, byte [ebp-0x1]
134
134
                if (bytes[1]==0xbe) {
135
 
                        aop->ref = (u64)(int)(-((char)bytes[3]));
 
135
                        aop->ref = (ut64)(int)(-((char)bytes[3]));
136
136
                        aop->stackop = AOP_STACK_LOCAL_GET;
137
137
                } else
138
138
                if (bytes[1]==0x31) {
208
208
                        aop->type = AOP_TYPE_PUSH;
209
209
                        aop->stackop = AOP_STACK_ARG_GET;
210
210
                        aop->ref = 0LL;
211
 
                        aop->ref = (u64)(((char)(bytes[2])));
 
211
                        aop->ref = (ut64)(((char)(bytes[2])));
212
212
                } else
213
213
                if (bytes[1]== 0x45) {
214
214
                        aop->type = AOP_TYPE_ADD;
215
215
                        aop->stackop = AOP_STACK_LOCAL_SET;
216
 
                        aop->ref = (u64)(-((char)bytes[2]));
 
216
                        aop->ref = (ut64)(-((char)bytes[2]));
217
217
                } else
218
218
                if (bytes[1]>=0x50 && bytes[1]<=0x6f) {
219
219
                        aop->type = AOP_TYPE_UJMP;
226
226
                        aop->jump   = vm_arch_x86_regs[VM_X86_EAX+bytes[1]-0xd0];
227
227
                        aop->fail   = addr+2;
228
228
                } else
 
229
                if (bytes[1]>=0xd8 && bytes[1]<=0xdf) {
 
230
                        aop->type = AOP_TYPE_CALL;
 
231
                        aop->length = 2;
 
232
                        aop->eob    = 1;
 
233
                        aop->jump   = vm_arch_x86_regs[VM_X86_EAX+bytes[1]-0xd8];
 
234
                        aop->fail   = addr+2;
 
235
                } else
229
236
                if (bytes[1]>=0xe0 && bytes[1]<=0xe7) {
230
237
                        aop->type = AOP_TYPE_UJMP;
231
238
                        aop->length = 2;
232
 
                        aop->jump   = vm_arch_x86_regs[VM_X86_EAX+bytes[1]-0xd0];
233
 
                        aop->eob    = 1;
 
239
                        aop->jump   = vm_arch_x86_regs[VM_X86_EAX+bytes[1]-0xe0];
 
240
                        aop->eob    = 1;
 
241
                } else
 
242
                if (bytes[1]>=0xe8 && bytes[1]<=0xef) {
 
243
                        aop->type = AOP_TYPE_UJMP;
 
244
                        aop->length = 2;
 
245
                        aop->jump   = vm_arch_x86_regs[VM_X86_EAX+bytes[1]-0xe8];
 
246
                        aop->eob    = 1;
 
247
                } else
 
248
                if (bytes[1]>=0xf0 && bytes[1]<=0xf7) {
 
249
                        aop->type = AOP_TYPE_UPUSH;
 
250
                        aop->ref = bytes[0]-0xf0; // TODO value of register here! get_offset
234
251
                }
235
252
                break;
236
253
        case 0x50:
244
261
        case 0x58:
245
262
        case 0x59:
246
263
                aop->type = AOP_TYPE_UPUSH;
247
 
                aop->ref = 0; // TODO value of register here! get_offset
 
264
                aop->ref = bytes[0]-0x50; //0; // TODO value of register here! get_offset
248
265
                break;
249
266
        case 0x5a:
250
267
        case 0x5b:
272
289
        case 0x83:
273
290
                switch(bytes[1]) {
274
291
                case 0xe4: // and
275
 
                        aop->value = (u64)(unsigned char)bytes[2];
 
292
                        aop->value = (ut64)(unsigned char)bytes[2];
276
293
                        aop->type = AOP_TYPE_AND;
277
294
                        break;
278
295
                case 0xc4:
279
296
                        /* inc $0x????????, $esp*/
280
 
                        aop->value = -(u64)(unsigned char)bytes[2];
 
297
                        aop->value = -(ut64)(unsigned char)bytes[2];
281
298
                        aop->stackop = AOP_STACK_INCSTACK;
282
299
                        break;
283
300
                case 0xec:
284
301
                        /* sub $0x????????, $esp*/
285
 
                        aop->value = (u64)(unsigned char)bytes[2];
 
302
                        aop->value = (ut64)(unsigned char)bytes[2];
286
303
                        aop->stackop = AOP_STACK_INCSTACK;
287
304
                        break;
288
305
                case 0xbd: /* 837dfc02        cmp dword [ebp-0x4], 0x2 */
302
319
                case 0x7d: /* 837dfc02        cmp dword [ebp-0x4], 0x2 */
303
320
                        if ((char)bytes[2]>0) {
304
321
                                aop->stackop = AOP_STACK_ARG_GET;
305
 
                                aop->value = (u64)(char)bytes[2];
 
322
                                aop->value = (ut64)(char)bytes[2];
306
323
                        } else {
307
324
                                aop->stackop = AOP_STACK_LOCAL_GET;
308
 
                                aop->value = (u64)-(char)bytes[2];
 
325
                                aop->value = (ut64)-(char)bytes[2];
309
326
                        }
310
327
                        aop->type = AOP_TYPE_CMP;
311
328
                        break;
314
331
        case 0x8d:
315
332
                /* LEA */
316
333
                if (bytes[1] == 0x85) {
317
 
                        aop->ref = (u64)(-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
 
334
                        aop->ref = (ut64)(-((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
318
335
                        aop->stackop = AOP_STACK_LOCAL_GET;
319
336
                }
320
337
                aop->type =AOP_TYPE_MOV;
324
341
                switch(bytes[1]) {
325
342
                case 0x85:
326
343
                        aop->stackop = AOP_STACK_LOCAL_SET;
327
 
                        //aop->ref = (u64)(((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
 
344
                        //aop->ref = (ut64)(((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24))));
328
345
                        aop->ref = ((int)(bytes[2]+(bytes[3]<<8)+(bytes[4]<<16)+(bytes[5]<<24)));
329
346
                        break;
330
347
                        //c785 e4fbffff 00. mov dword [ebp+0xfffffbe4], 0x0
331
348
                case 0x45:
332
349
                        aop->stackop = AOP_STACK_LOCAL_SET;
333
 
                        aop->ref = (u64)(-((char)bytes[2]));
 
350
                        aop->ref = (ut64)(-((char)bytes[2]));
334
351
                        break;
335
352
                case 0x04:
336
353
                        // c7042496850408    dword [esp] = 0x8048596 ; LOL
337
 
                        aop->ref = (u64)(((int)(bytes[3]+(bytes[4]<<8)+(bytes[5]<<16)+(bytes[6]<<24))));
 
354
                        aop->ref = (ut64)(((int)(bytes[3]+(bytes[4]<<8)+(bytes[5]<<16)+(bytes[6]<<24))));
338
355
                        break;
339
356
                }
340
357
                aop->type = AOP_TYPE_STORE;
355
372
        case 0xa1: // mov eax, [addr]
356
373
                aop->type = AOP_TYPE_MOV;
357
374
                vm_arch_x86_regs[VM_X86_EAX] = addr+bytes[1]+(bytes[2]<<8)+(bytes[3]<<16)+(bytes[4]<<24);
358
 
                radare_read_at((u64)vm_arch_x86_regs[VM_X86_EAX], (unsigned char *)&(vm_arch_x86_regs[VM_X86_EAX]), 4);
 
375
                radare_read_at((ut64)vm_arch_x86_regs[VM_X86_EAX], (unsigned char *)&(vm_arch_x86_regs[VM_X86_EAX]), 4);
359
376
                break;
360
377
                
361
378
        // roll to a switch range case