From b4e1ae18e2b1cf136b345f85535ddeffb9f52869 Mon Sep 17 00:00:00 2001 From: Jin Kyu Song Date: Fri, 8 Nov 2013 13:31:58 -0800 Subject: MPX: Move BND prefix indication from bytecode to iflags As BND prefix validity check conflicts with jcc8 prefix, IF_BND is added for the instruction templates which can have bnd prefix for preserving the content of bound register. Signed-off-by: Jin Kyu Song --- assemble.c | 6 ++--- disasm.c | 7 +---- insns.dat | 91 +++++++++++++++++++++++++++++++------------------------------- insns.h | 1 + insns.pl | 1 - 5 files changed, 50 insertions(+), 56 deletions(-) diff --git a/assemble.c b/assemble.c index d62b930..e2e24c3 100644 --- a/assemble.c +++ b/assemble.c @@ -162,7 +162,6 @@ * \367 - address-size prefix (0x67) used as opcode extension * \370,\371 - match only if operand 0 meets byte jump criteria. * 370 is used for Jcc, 371 is used for JMP. - * \372 - BND prefix (0xF2 byte) used for preserving bnd0..3 * \373 - assemble 0x03 if bits==16, 0x05 if bits==32; * used for conditional jump over longer jump * \374 - this instruction takes an XMM VSIB memory EA @@ -1124,7 +1123,8 @@ static int64_t calcsize(int32_t segment, int64_t offset, int bits, length++; break; - case3(0370): + case 0370: + case 0371: break; case 0373: @@ -2244,7 +2244,7 @@ static enum match_result matches(const struct itemplate *itemp, /* * Check if BND prefix is allowed */ - if ((itemp->code[0] != 0372) && + if ((IF_BND & ~itemp->flags) && has_prefix(instruction, PPS_REP, P_BND)) return MERR_BADBND; diff --git a/disasm.c b/disasm.c index eace1e9..6498610 100644 --- a/disasm.c +++ b/disasm.c @@ -408,7 +408,7 @@ static int matches(const struct itemplate *t, uint8_t *data, return false; if (prefix->rep == 0xF2) - drep = P_REPNE; + drep = (t->flags & IF_BND ? P_BND : P_REPNE); else if (prefix->rep == 0xF3) drep = P_REP; @@ -862,11 +862,6 @@ static int matches(const struct itemplate *t, uint8_t *data, case 0371: break; - case 0372: - if (prefix->rep == 0xF2) - drep = P_BND; - break; - case 0374: eat = EA_XMMVSIB; break; diff --git a/insns.dat b/insns.dat index f60ea8e..4054090 100644 --- a/insns.dat +++ b/insns.dat @@ -276,22 +276,22 @@ CALL rm16 [m: o16 ff /2] 8086,NOLONG CALL rm32 [m: o32 ff /2] 386,NOLONG CALL rm64 [m: o64nw ff /2] X64 ; BND + CALL -CALL imm [i: bnd odf e8 rel] 8086,MPX -CALL imm|near [i: bnd odf e8 rel] 8086,ND,MPX -CALL imm16 [i: bnd o16 e8 rel] 8086,NOLONG,MPX -CALL imm16|near [i: bnd o16 e8 rel] 8086,ND,NOLONG,MPX -CALL imm32 [i: bnd o32 e8 rel] 386,NOLONG,MPX -CALL imm32|near [i: bnd o32 e8 rel] 386,ND,NOLONG,MPX -CALL imm64 [i: bnd o64nw e8 rel] X64,MPX -CALL imm64|near [i: bnd o64nw e8 rel] X64,ND,MPX -CALL mem|near [m: bnd odf ff /2] 8086,ND,MPX -CALL rm16|near [m: bnd o16 ff /2] 8086,NOLONG,ND,MPX -CALL rm32|near [m: bnd o32 ff /2] 386,NOLONG,ND,MPX -CALL rm64|near [m: bnd o64nw ff /2] X64,ND,MPX -CALL mem [m: bnd odf ff /2] 8086,MPX -CALL rm16 [m: bnd o16 ff /2] 8086,NOLONG,MPX -CALL rm32 [m: bnd o32 ff /2] 386,NOLONG,MPX -CALL rm64 [m: bnd o64nw ff /2] X64,MPX +CALL imm [i: odf e8 rel] 8086,MPX,BND +CALL imm|near [i: odf e8 rel] 8086,ND,MPX,BND +CALL imm16 [i: o16 e8 rel] 8086,NOLONG,MPX,BND +CALL imm16|near [i: o16 e8 rel] 8086,ND,NOLONG,MPX,BND +CALL imm32 [i: o32 e8 rel] 386,NOLONG,MPX,BND +CALL imm32|near [i: o32 e8 rel] 386,ND,NOLONG,MPX,BND +CALL imm64 [i: o64nw e8 rel] X64,MPX,BND +CALL imm64|near [i: o64nw e8 rel] X64,ND,MPX,BND +CALL mem|near [m: odf ff /2] 8086,ND,MPX,BND +CALL rm16|near [m: o16 ff /2] 8086,NOLONG,ND,MPX,BND +CALL rm32|near [m: o32 ff /2] 386,NOLONG,ND,MPX,BND +CALL rm64|near [m: o64nw ff /2] X64,ND,MPX,BND +CALL mem [m: odf ff /2] 8086,MPX,BND +CALL rm16 [m: o16 ff /2] 8086,NOLONG,MPX,BND +CALL rm32 [m: o32 ff /2] 386,NOLONG,MPX,BND +CALL rm64 [m: o64nw ff /2] X64,MPX,BND CBW void [ o16 98] 8086 CDQ void [ o32 99] 386 @@ -727,22 +727,22 @@ JMP rm16 [m: o16 ff /4] 8086,NOLONG JMP rm32 [m: o32 ff /4] 386,NOLONG JMP rm64 [m: o64nw ff /4] X64 ; BND + JMP -JMP imm [i: bnd odf e9 rel] 8086,MPX -JMP imm|near [i: bnd odf e9 rel] 8086,ND,MPX -JMP imm16 [i: bnd o16 e9 rel] 8086,NOLONG,MPX -JMP imm16|near [i: bnd o16 e9 rel] 8086,ND,NOLONG,MPX -JMP imm32 [i: bnd o32 e9 rel] 386,NOLONG,MPX -JMP imm32|near [i: bnd o32 e9 rel] 386,ND,NOLONG,MPX -JMP imm64 [i: bnd o64nw e9 rel] X64,MPX -JMP imm64|near [i: bnd o64nw e9 rel] X64,ND,MPX -JMP mem|near [m: bnd odf ff /4] 8086,ND,MPX -JMP rm16|near [m: bnd o16 ff /4] 8086,NOLONG,ND,MPX -JMP rm32|near [m: bnd o32 ff /4] 386,NOLONG,ND,MPX -JMP rm64|near [m: bnd o64nw ff /4] X64,ND,MPX -JMP mem [m: bnd odf ff /4] 8086,MPX -JMP rm16 [m: bnd o16 ff /4] 8086,NOLONG,MPX -JMP rm32 [m: bnd o32 ff /4] 386,NOLONG,MPX -JMP rm64 [m: bnd o64nw ff /4] X64,MPX +JMP imm [i: odf e9 rel] 8086,MPX,BND +JMP imm|near [i: odf e9 rel] 8086,ND,MPX,BND +JMP imm16 [i: o16 e9 rel] 8086,NOLONG,MPX,BND +JMP imm16|near [i: o16 e9 rel] 8086,ND,NOLONG,MPX,BND +JMP imm32 [i: o32 e9 rel] 386,NOLONG,MPX,BND +JMP imm32|near [i: o32 e9 rel] 386,ND,NOLONG,MPX,BND +JMP imm64 [i: o64nw e9 rel] X64,MPX,BND +JMP imm64|near [i: o64nw e9 rel] X64,ND,MPX,BND +JMP mem|near [m: odf ff /4] 8086,ND,MPX,BND +JMP rm16|near [m: o16 ff /4] 8086,NOLONG,ND,MPX,BND +JMP rm32|near [m: o32 ff /4] 386,NOLONG,ND,MPX,BND +JMP rm64|near [m: o64nw ff /4] X64,ND,MPX,BND +JMP mem [m: odf ff /4] 8086,MPX,BND +JMP rm16 [m: o16 ff /4] 8086,NOLONG,MPX,BND +JMP rm32 [m: o32 ff /4] 386,NOLONG,MPX,BND +JMP rm64 [m: o64nw ff /4] X64,MPX,BND JMPE imm [i: odf 0f b8 rel] IA64 JMPE imm16 [i: o16 0f b8 rel] IA64 @@ -1156,10 +1156,10 @@ RETF imm [i: ca iw] 8086,SW RETN void [ c3] 8086 RETN imm [i: c2 iw] 8086,SW ; BND + RET -RET void [ bnd c3] 8086,MPX -RET imm [i: bnd c2 iw] 8086,SW,MPX -RETN void [ bnd c3] 8086,MPX -RETN imm [i: bnd c2 iw] 8086,SW,MPX +RET void [ c3] 8086,MPX,BND +RET imm [i: c2 iw] 8086,SW,MPX,BND +RETN void [ c3] 8086,MPX,BND +RETN imm [i: c2 iw] 8086,SW,MPX,BND ROL rm8,unity [m-: d0 /0] 8086 ROL rm8,reg_cl [m-: d2 /0] 8086 @@ -1528,16 +1528,15 @@ Jcc imm [i: 0f 80+c rel] 386,ND Jcc imm [i: 71+c jlen e9 rel] 8086,ND Jcc imm [i: 70+c rel8] 8086 ; BND + Jcc -Jcc imm|near [i: bnd odf 0f 80+c rel] 386,MPX -Jcc imm16|near [i: bnd o16 0f 80+c rel] 386,NOLONG,MPX -Jcc imm32|near [i: bnd o32 0f 80+c rel] 386,NOLONG,MPX -Jcc imm64|near [i: bnd o64nw 0f 80+c rel] X64,MPX -Jcc imm|short [i: bnd 70+c rel8] 8086,ND,MPX -; TODO: check if bnd and jcc8 can be used together -;Jcc imm [i: bnd jcc8 70+c rel8] 8086,ND,MPX -Jcc imm [i: bnd 0f 80+c rel] 386,ND,MPX -Jcc imm [i: bnd 71+c jlen e9 rel] 8086,ND,MPX -Jcc imm [i: bnd 70+c rel8] 8086,MPX +Jcc imm|near [i: odf 0f 80+c rel] 386,MPX,BND +Jcc imm16|near [i: o16 0f 80+c rel] 386,NOLONG,MPX,BND +Jcc imm32|near [i: o32 0f 80+c rel] 386,NOLONG,MPX,BND +Jcc imm64|near [i: o64nw 0f 80+c rel] X64,MPX,BND +Jcc imm|short [i: 70+c rel8] 8086,ND,MPX,BND +Jcc imm [i: jcc8 70+c rel8] 8086,ND,MPX,BND +Jcc imm [i: 0f 80+c rel] 386,ND,MPX,BND +Jcc imm [i: 71+c jlen e9 rel] 8086,ND,MPX,BND +Jcc imm [i: 70+c rel8] 8086,MPX,BND SETcc mem [m: 0f 90+c /0] 386,SB SETcc reg8 [m: 0f 90+c /0] 386 diff --git a/insns.h b/insns.h index a170533..0320e8d 100644 --- a/insns.h +++ b/insns.h @@ -105,6 +105,7 @@ extern const uint8_t nasm_bytecodes[]; #define IF_LONG UINT64_C(0x00001000) /* long mode instruction */ #define IF_NOHLE UINT64_C(0x00002000) /* HLE prefixes forbidden */ #define IF_MIB UINT64_C(0x00004000) /* Disassemble with split EA */ +#define IF_BND UINT64_C(0x00008000) /* BND (0xF2) prefix available */ /* These flags are currently not used for anything - intended for insn set */ #define IF_UNDOC UINT64_C(0x8000000000) /* it's an undocumented instruction */ #define IF_HLE UINT64_C(0x4000000000) /* HACK NEED TO REORGANIZE THESE BITS */ diff --git a/insns.pl b/insns.pl index 2953a4d..8bd76ab 100755 --- a/insns.pl +++ b/insns.pl @@ -765,7 +765,6 @@ sub byte_code_compile($$) { 'resb' => 0340, 'jcc8' => 0370, # Match only if Jcc possible with single byte 'jmp8' => 0371, # Match only if JMP possible with single byte - 'bnd' => 0372, # BND (0xF2) prefix available 'jlen' => 0373, # Length of jump 'hlexr' => 0271, 'hlenl' => 0272, -- cgit v1.2.3