public void BwIndexInMemoryAddress() { // samples of switch statement emitted // by the Microsoft VC compiler var ebp = m.Frame.EnsureRegister(Registers.ebp); var eax = m.Frame.EnsureRegister(Registers.eax); var edx = m.Frame.EnsureRegister(Registers.edx); // cmp [ebp-66],1D m.Assign(SCZO, m.Cond(m.ISub(m.Mem32(m.ISub(ebp, 0xC4)), 0x1D))); var block0 = m.CurrentBlock; m.BranchIf(new TestCondition(ConditionCode.UGT, SCZO), "default"); // mov edx,[ebp-66] // movzx eax,byte ptr [edx + 0x10000] // jmp [eax + 0x12000] m.Assign(edx, m.Mem32(m.ISub(ebp, 0xC4))); m.Assign(eax, m.Convert(m.Mem8(m.IAdd(edx, 0x10000)), PrimitiveType.Byte, PrimitiveType.Word32)); var xfer = new RtlGoto(m.Mem32(m.IAdd(eax, 0x12000)), InstrClass.Transfer); var block1 = m.CurrentBlock; var bw = new Backwalker <Block, Instruction>(host, xfer, expSimp); var ret = bw.BackwalkInstructions(Registers.eax, block1); Assert.AreEqual("None", bw.Index.ToString()); Assert.AreEqual("Mem0[ebp - 0xC4<32>:word32]", bw.IndexExpression.ToString()); Assert.AreEqual(4, bw.JumpSize); Assert.IsTrue(ret); ret = bw.BackwalkInstructions(null, block0); }
public void Rl_FlagGroup_keep_cond_alive() { var grf = f.EnsureFlagGroup(program.Architecture.GetFlagGroup(0x7)); var edx = f.EnsureRegister(Registers.edx); rl.IdentifierLiveness.Grf = 0x7; // grf is live, forcing the cond(edx) to be live as well m.Assign(grf, m.Cond(edx)).Accept(rl); Assert.AreEqual(" edx", Dump(rl.IdentifierLiveness)); }
public void ConditionOf_Valid() { var id = m.Register(3); var e = m.Cond(id); ctx.Setup(c => c.GetValue(id)).Returns(id); var subst = new Substitutor(ctx.Object); var e2 = e.Accept(subst); Assert.AreEqual("cond(r3)", e2.ToString()); }
public void ConditionOf_Valid() { var id = m.Register(3); var e = m.Cond(id); ctx.Expect(c => c.GetValue(Arg <Identifier> .Is.Same(id))).Return(id); ctx.Replay(); var subst = new Substitutor(ctx); var e2 = e.Accept(subst); Assert.AreEqual("cond(r3)", e2.ToString()); }
public void FindCond() { m.Assign(ax, m.IAdd(ax, cx)); m.Assign(SCZ, m.Cond(ax)); var block = m.CurrentBlock; m.Return(); var cm = rw.FindConditionOf(block.Statements, 0, ax); Assert.AreEqual("SCZ", cm.FlagGroup.ToString()); Assert.AreEqual(1, cm.StatementIndex); }
public void VpLoop() { var b = new ProgramBuilder(); b.Add("main", m => { var r = m.Reg32("r0", 0); var zf = m.Flags("Z"); m.Label("l0000"); m.Store(r, 0); m.Assign(r, m.ISub(r, 4)); m.Assign(zf, m.Cond(r)); m.BranchCc(ConditionCode.NE, "l0000"); m.Label("l0001"); m.Assign(r, 42); m.Label("l0002"); m.Store(r, 12); m.Assign(r, m.ISub(r, 4)); m.BranchIf(m.Eq0(r), "l0002"); m.Return(); }); RunFileTest(b.BuildProgram(), "Analysis/VpLoop.txt"); }
public void CceSetnz() { Identifier r = Reg32("r"); Identifier Z = FlagGroup("Z"); Identifier f = Reg32("f"); Statement stmZ = new Statement(0, m.Assign(Z, m.Cond(m.ISub(r, 0))), null); ssaIds[Z].DefStatement = stmZ; Statement stmF = new Statement(0, m.Assign(f, m.Test(ConditionCode.NE, Z)), null); ssaIds[f].DefStatement = stmF; ssaIds[Z].Uses.Add(stmF); Given_ConditionCodeEliminator(); cce.Transform(); Assert.AreEqual("f = r != 0x00000000", stmF.Instruction.ToString()); }
public void TrashFlagProcedure() { p.Add("main", m => { var eax = m.Frame.EnsureRegister(Registers.eax); m.Assign(eax, m.IAdd(eax, 4)); m.Assign(m.Flags("SZCO"), m.Cond(eax)); m.Return(); }); var sExp = @"main SCZO eax ax al ah const eax:<invalid> main_entry esp:fp l1 esp:fp main_exit eax:eax + 0x00000004 esp:fp"; RunTest(p, sExp); }
public void BwReg_00121() { var d0 = m.Reg32("d0", 0); var d3 = m.Reg32("d3", 3); var a5 = m.Reg32("a5", 5); var v38 = m.Temp(PrimitiveType.Word16, "v38"); var v39 = m.Temp(PrimitiveType.Byte, "v39"); var v40 = m.Temp(PrimitiveType.Word16, "v40"); var VZN = m.Flags("VZN"); var ZN = m.Flags("ZN"); var C = m.Flags("C"); var V = m.Flags("V"); var CVZN = m.Flags("CVZN"); var CVZNX = m.Flags("CVZNX"); m.Assign(d0, d3); m.Assign(CVZN, m.Cond(d0)); m.Assign(v38, m.And(m.Cast(PrimitiveType.Word16, d0), 0xF0)); m.Assign(d0, m.Dpb(d0, v38, 0)); m.Assign(ZN, m.Cond(v38)); m.Assign(C, false); m.Assign(V, false); m.Assign(v39, m.Shl(m.Cast(PrimitiveType.Byte, d0), 2)); m.Assign(d0, m.Dpb(d0, v39, 0)); m.Assign(CVZNX, m.Cond(v39)); m.Assign(v40, m.ISub(m.Cast(PrimitiveType.Word16, d0), 44)); m.Assign(CVZN, m.Cond(v40)); m.BranchIf(m.Test(ConditionCode.GT, VZN), "lDefault"); m.Assign(a5, m.LoadDw(m.IAdd(Address.Ptr32(0x0000C046), d0))); var xfer = new RtlCall(a5, 4, RtlClass.Transfer); var bw = new Backwalker(host, xfer, expSimp); Assert.IsTrue(bw.CanBackwalk()); Assert.AreEqual("a5", bw.Index.Name); bw.BackWalk(m.Block); Assert.AreEqual("v40", bw.IndexExpression.ToString()); }
public void BwIndexInMemoryAddress() { // samples of switch statement emitted // by the Microsoft VC compiler var ebp = m.Frame.EnsureRegister(Registers.ebp); var eax = m.Frame.EnsureRegister(Registers.eax); var edx = m.Frame.EnsureRegister(Registers.edx); var dl = m.Frame.EnsureRegister(Registers.dl); var SCZO = m.Frame.EnsureFlagGroup((uint)(FlagM.SF | FlagM.CF | FlagM.ZF | FlagM.OF), "SCZO", PrimitiveType.Byte); // cmp [ebp-66],1D m.Assign(SCZO, m.Cond(m.ISub(m.LoadDw(m.ISub(ebp, 0xC4)), 0x1D))); var block0 = m.CurrentBlock; m.BranchIf(new TestCondition(ConditionCode.UGT, SCZO), "default"); // mov edx,[ebp-66] // movzx eax,byte ptr [edx + 0x10000] // jmp [eax + 0x12000] m.Assign(edx, m.LoadDw(m.ISub(ebp, 0xC4))); m.Assign(eax, m.Cast(PrimitiveType.Word32, m.LoadB(m.IAdd(edx, 0x10000)))); var block1 = m.CurrentBlock; var bw = new Backwalker(host, new RtlGoto(m.LoadDw(m.IAdd(eax, 0x12000)), RtlClass.Transfer), expSimp); var ret = bw.BackwalkInstructions(Registers.eax, block1); Assert.AreEqual("None", bw.Index.ToString()); Assert.AreEqual("Mem0[ebp - 0x000000C4:word32]", bw.IndexExpression.ToString()); Assert.AreEqual(4, bw.JumpSize); Assert.IsTrue(ret); ret = bw.BackwalkInstructions(null, block0); }
public void Larw_FindCond() { Block block = null; RunTest(m => { m.Assign(ax, m.IAdd(ax, cx)); m.Assign(SCZ, m.Cond(ax)); block = m.CurrentBlock; m.Return(); }); var ax_3 = GetId("ax_3"); var cm = rw.FindConditionOf(block.Statements, 0, ax_3); Assert.AreEqual("SCZ_4", cm.FlagGroup.ToString()); Assert.AreEqual("SCZ_4 = cond(ax_3)", cm.Statement.ToString()); }
public void StrAnls_r00237() { //byte fn0800_0541(byte al, selector ds) var ds = m.Temp(PrimitiveType.SegmentSelector, "ds"); var cx_10 = m.Temp(PrimitiveType.Word16, "cx_10"); var si_12 = m.Temp(PrimitiveType.Word16, "si_12"); var ah_13 = m.Temp(PrimitiveType.Byte, "al_13"); var al_43 = m.Temp(PrimitiveType.Byte, "al_43"); var Z_26 = m.Temp(PrimitiveType.Byte, "Z_26"); m.Assign(cx_10, 20000); m.Label("l0800_0544"); m.Assign(si_12, 0x8E8A); m.Assign(ah_13, 0x00); m.Label("l0800_054A"); m.Assign(si_12, m.IAdd(si_12, 0x01)); m.BranchIf(m.Eq0(m.SegMem8(ds, si_12)), "l0800_0557"); m.Label("l0800_054F"); m.Assign(ah_13, 0x01); m.Assign(Z_26, m.Cond(m.ISub(si_12, m.SegMem16(ds, m.Word16(0x8F0B))))); m.BranchIf(m.Ne(si_12, m.SegMem16(ds, m.Word16(0x8F0B))), "l0800_055F"); m.Label("l0800_0557"); m.Assign(Z_26, m.Cond(m.ISub(si_12, 0x8F0A))); m.BranchIf(m.Eq(si_12, 0x8F0A), "l0800_055F"); m.Label("l0800_055D"); m.Goto("l0800_054A"); m.Label("l0800_055F"); m.BranchIf(Z_26, "l0800_0578"); m.Label("l0800_0561"); m.SegStore(ds, m.Word16(0x8F0B), si_12); m.Assign(al_43, m.SegMem8(ds, m.ISub(si_12, 0x8E31))); m.BranchIf(m.Eq0(al_43), "l0800_0576"); m.Label("l0800_0571"); m.BranchIf(m.Ge(al_43, 0x00), "l0800_0575"); m.Label("l0800_0573"); m.Assign(al_43, 0x00); m.Label("l0800_0575"); m.Return(al_43); m.Label("l0800_0576"); m.Goto("l0800_0583"); m.Label("l0800_0578"); m.BranchIf(m.Ne0(ah_13), "l0800_0583"); m.Label("l0800_057D"); m.SegStore(ds, m.Word16(0x8F0B), m.Byte(0)); m.Label("l0800_0583"); m.Assign(cx_10, m.ISub(cx_10, 0x01)); m.BranchIf(m.Ne0(cx_10), "l0800_0544"); m.Label("l0800_0585"); m.Return(m.Byte(0x00)); var sExp = #region Expected @" cx_10 = 20000; do { si_12 = 0x8E8A; al_13 = 0x00; do { si_12 = si_12 + 0x01; if (Mem0[ds:si_12:byte] != 0x00) { al_13 = 0x01; Z_26 = cond(si_12 - Mem0[ds:0x8F0B:word16]); if (si_12 != Mem0[ds:0x8F0B:word16]) break; } Z_26 = cond(si_12 - 0x8F0A); } while (si_12 != 0x8F0A); if (!Z_26) { Mem0[ds:0x8F0B:word16] = si_12; al_43 = Mem0[ds:si_12 - 0x8E31:byte]; if (al_43 != 0x00) { if (al_43 < 0x00) al_43 = 0x00; return al_43; } } else if (al_13 == 0x00) Mem0[ds:0x8F0B:byte] = 0x00; cx_10 = cx_10 - 0x01; } while (cx_10 != 0x00); return 0x00; "; #endregion RunTest(sExp, m.Procedure); }