public static bool IsFlagOp(x86Operator Op)
{
return(Op == x86Operator.IsCarryFlagSet || Op == x86Operator.IsCarryFlagZero ||
Op == x86Operator.IsParityFlagSet || Op == x86Operator.IsParityFlagZero ||
Op == x86Operator.IsZeroFlagSet || Op == x86Operator.IsZeroFlagZero ||
Op == x86Operator.IsSignFlagSet || Op == x86Operator.IsSignFlagZero ||
Op == x86Operator.IsOverflowFlagSet || Op == x86Operator.IsOverflowFlagZero);
}
public static void Negate(ref Operator Op, ref x86Operator Op2)
{
if (Op == Operator.Unknown)
{
Op2 = Negate(Op2);
}
else
{
Op = Operators.Negate(Op);
}
}
public static bool IsConditionOp(x86Operator Op)
{
return(IsBitTestOp(Op) || IsFlagOp(Op) || Op == x86Operator.IsFinite ||
Op == x86Operator.IsInfinite || Op == x86Operator.IsNotNan || Op == x86Operator.IsNan);
}
public static bool IsBitTestOp(x86Operator Op)
{
return(Op == x86Operator.BitTestNonZero || Op == x86Operator.BitTestZero);
}
private x86Operator Read_Cx(byte b)
{
x86Operator _Operator = null;
if (b == 0xC0)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v == 6)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
switch (v)
{
case 0:
_Operator = new x86Operator(IntelOpcode.Rol);
break;
case 1:
_Operator = new x86Operator(IntelOpcode.Ror);
break;
case 2:
_Operator = new x86Operator(IntelOpcode.Rcl);
break;
case 3:
_Operator = new x86Operator(IntelOpcode.Rcr);
break;
case 4:
_Operator = new x86Operator(IntelOpcode.Shl);
break;
case 5:
_Operator = new x86Operator(IntelOpcode.Shr);
break;
case 7:
_Operator = new x86Operator(IntelOpcode.Sar);
break;
}
Length++;
_Operator.Destination = extractEb(b);
_Operator.Source = extractLb();
}
}
else if (b == 0xC1)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v == 6)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
switch (v)
{
case 0:
_Operator = new x86Operator(IntelOpcode.Rol);
break;
case 1:
_Operator = new x86Operator(IntelOpcode.Ror);
break;
case 2:
_Operator = new x86Operator(IntelOpcode.Rcl);
break;
case 3:
_Operator = new x86Operator(IntelOpcode.Rcr);
break;
case 4:
_Operator = new x86Operator(IntelOpcode.Shl);
break;
case 5:
_Operator = new x86Operator(IntelOpcode.Shr);
break;
case 7:
_Operator = new x86Operator(IntelOpcode.Sar);
break;
}
Length++;
_Operator.Destination = extractEv(b);
_Operator.Source = extractLb();
}
}
else if (b == 0xC3)
{
_Operator = new x86Operator(IntelOpcode.Ret);
}
else if (b == 0xC6)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v != 0)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
_Operator = new x86Operator(IntelOpcode.Mov);
Length++;
_Operator.Destination = extractEb(b);
_Operator.Source = extractLb();
}
}
else if (b == 0xC7)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v != 0)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
_Operator = new x86Operator(IntelOpcode.Mov);
Length++;
_Operator.Destination = extractEv(b);
_Operator.Source = extractLz();
}
}
else if (b == 0xC9)
{
_Operator = new x86Operator(IntelOpcode.Leave);
}
else if (b == 0xCC)
{
_Operator = new x86Operator(IntelOpcode.Int3);
}
else if (b == 0xCD)
{
_Operator = new x86Operator(IntelOpcode.Int);
_Operator.Source = extractLb();
}
else if (b < 0xD0)
{
}
else
{
throw new ArgumentException();
}
return _Operator;
}
private x86Operator Read_Ex(byte b)
{
x86Operator _Operator = null;
if (b == 0xE8)
{
_Operator = new x86Operator(IntelOpcode.Call);
_Operator.Source = extractLz();
}
else if (b == 0xE9)
{
_Operator = new x86Operator(IntelOpcode.Jmp);
_Operator.Source = extractLz();
}
else if (b == 0xEB)
{
_Operator = new x86Operator(IntelOpcode.Jmp);
_Operator.Source = extractLb();
}
else
{
}
return _Operator;
}
public static x86Operator Negate(x86Operator Op)
{
if (Op == x86Operator.BitTestZero)
{
return(x86Operator.BitTestNonZero);
}
else if (Op == x86Operator.BitTestNonZero)
{
return(x86Operator.BitTestZero);
}
else if (Op == x86Operator.IsNan)
{
return(x86Operator.IsNotNan);
}
else if (Op == x86Operator.IsNotNan)
{
return(x86Operator.IsNan);
}
else if (Op == x86Operator.IsInfinite)
{
return(x86Operator.IsFinite);
}
else if (Op == x86Operator.IsFinite)
{
return(x86Operator.IsInfinite);
}
else if (Op == x86Operator.IsCarryFlagSet)
{
return(x86Operator.IsCarryFlagZero);
}
else if (Op == x86Operator.IsCarryFlagZero)
{
return(x86Operator.IsCarryFlagSet);
}
else if (Op == x86Operator.IsParityFlagSet)
{
return(x86Operator.IsParityFlagZero);
}
else if (Op == x86Operator.IsParityFlagZero)
{
return(x86Operator.IsParityFlagSet);
}
else if (Op == x86Operator.IsZeroFlagSet)
{
return(x86Operator.IsZeroFlagZero);
}
else if (Op == x86Operator.IsZeroFlagZero)
{
return(x86Operator.IsZeroFlagSet);
}
else if (Op == x86Operator.IsSignFlagSet)
{
return(x86Operator.IsSignFlagZero);
}
else if (Op == x86Operator.IsSignFlagZero)
{
return(x86Operator.IsSignFlagSet);
}
else if (Op == x86Operator.IsOverflowFlagSet)
{
return(x86Operator.IsOverflowFlagZero);
}
else if (Op == x86Operator.IsOverflowFlagZero)
{
return(x86Operator.IsOverflowFlagSet);
}
else
{
throw new ApplicationException();
}
}
public static bool IsTwoOperandSSEOp(x86Operator Op)
{
return(IsMinMaxOp(Op));
}
private x86Operator Read_8x(byte b)
{
x86Operator _Operator = null;
long value;
if (b == 0x80)
{
b = Buffer[X];
Length++;
int reg = (b >> 3) & 0x7;
_Operator = new x86Operator(IntelOpcode.Add + reg, OperatorSize.Byte);
_Operator.Destination = extractEb(b);
value = (byte)Buffer[X];
Length++;
_Operator.Source = x86Operand.NewValue(value);
}
else if (b == 0x81)
{
b = Buffer[X];
Length++;
int reg = (b >> 3) & 0x7;
_Operator = new x86Operator(IntelOpcode.Add + reg, OperatorSize.DWord);
_Operator.Destination = extractEv(b);
_Operator.Source = extractLz();
}
else if (b == 0x82)
{
b = Buffer[X];
Length++;
int reg = (b >> 3) & 0x7;
_Operator = new x86Operator(IntelOpcode.Add + reg, OperatorSize.Byte);
_Operator.Destination = extractEb(b);
_Operator.Source = extractLb();
}
else if (b == 0x83)
{
b = Buffer[X];
Length++;
int reg = (b >> 3) & 0x7;
_Operator = new x86Operator(IntelOpcode.Add + reg, OperatorSize.DWord);
_Operator.Destination = extractEv(b);
_Operator.Source = extractLb();
}
else if (b < 0x88)
{
_Operator = new x86Operator(b < 0x86 ? IntelOpcode.Test : IntelOpcode.Xchg);
if ((b & 1) == 0)
{
b = Buffer[X];
Length++;
_Operator.Source = extractGb(b);
_Operator.Destination = extractEb(b);
}
else
{
b = Buffer[X];
Length++;
_Operator.Source = extractGv(b);
_Operator.Destination = extractEv(b);
}
}
else if (b == 0x88)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractGb(b);
_Operator.Destination = extractEb(b);
}
else if (b == 0x89)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractGv(b);
_Operator.Destination = extractEv(b);
}
else if (b == 0x8A)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractEb(b);
_Operator.Destination = extractGb(b);
}
else if (b == 0x8B)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractEv(b);
_Operator.Destination = extractGv(b);
}
else if (b == 0x8C)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractSw(b);
_Operator.Destination = extractEv(b);
}
else if (b == 0x8D)
{
_Operator = new x86Operator(IntelOpcode.Lea);
b = Buffer[X];
Length++;
_Operator.Source = extractMa(b);
_Operator.Destination = extractGv(b);
}
else if (b == 0x8E)
{
_Operator = new x86Operator(IntelOpcode.Mov);
b = Buffer[X];
Length++;
_Operator.Source = extractSw(b);
_Operator.Destination = extractEw(b);
}
else if (b == 0x8F)
{
b = Buffer[X];
Length++;
int reg = (b >> 3) & 0x7;
if (reg == 0)
{
_Operator = new x86Operator(IntelOpcode.Pop, OperatorSize.DWord);
_Operator.Source = extractEv(b);
}
else
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
}
else
throw new ArgumentException();
return _Operator;
}
/// <summary>
/// Diassemble all x86 instructions from 0x70 to 0x7F
/// </summary>
/// <param name="b">First byte of opcode</param>
/// <returns>The next x86 Operator</returns>
private x86Operator Read_7x(byte b)
{
x86Operator _Operator = null;
long value;
value = (byte)Buffer[X];
if (value >= 0xfe)
{
value -= 256;
}
if (value >= 0x80)
{
value |= 0xffffff00;
}
Length++;
_Operator = new x86Operator(IntelOpcode.Jo + (b & 0xF));
_Operator.Source = x86Operand.NewDisplacement(value + 2);
return _Operator;
}
private x86Operator Read_6x(byte b)
{
x86Operator _Operator = null;
if (b == 0x60)
{
_Operator = new x86Operator(IntelOpcode.Pusha);
}
else if (b == 0x61)
{
_Operator = new x86Operator(IntelOpcode.Popa);
}
else if (b == 0x62)
{
_Operator = new x86Operator(IntelOpcode.Bound);
b = Buffer[X];
Length++;
_Operator.Destination = extractMa(b);
_Operator.Source = extractGv(b);
if (_Operator.Destination == null)
{
Length--;
_Operator = new x86Operator(IntelOpcode.Bad);
}
}
else if (b == 0x63)
{
_Operator = new x86Operator(IntelOpcode.Arpl);
b = Buffer[X];
Length++;
_Operator.Destination = extractEw(b);
_Operator.Source = extractGw(b);
}
else if (b < 0x68)
{
}
else if (b == 0x68)
{
_Operator = new x86Operator(IntelOpcode.Push);
_Operator.Source = extractLz();
}
else if (b == 0x69)
{
_Operator = new x86Operator(IntelOpcode.IMul);
b = Buffer[X];
Length++;
_Operator.ThirdOpad = extractGv(b);
_Operator.Destination = extractEv(b);
_Operator.Source = extractLz();
}
else if (b == 0x6a)
{
_Operator = new x86Operator(IntelOpcode.Push);
_Operator.Source = extractLb();
}
else if (b == 0x6b)
{
_Operator = new x86Operator(IntelOpcode.IMul);
b = Buffer[X];
Length++;
_Operator.ThirdOpad = extractGv(b);
_Operator.Destination = extractEv(b);
_Operator.Source = extractLb();
}
else if (b == 0x6c)
{
_Operator = new x86Operator(IntelOpcode.Ins);
_Operator.Destination = extractLb();
_Operator.Source = extractLb();
}
else if (b < 0x70)
{
}
else
{
throw new ArgumentException();
}
return _Operator;
}
/// <summary>
/// Diassemble all x86 instructions from 0x50 to 0x5F
/// </summary>
/// <param name="b">First byte of opcode</param>
/// <returns>The next x86 Operator</returns>
private x86Operator Read_5x(byte b)
{
x86Operator _Operator = null;
_Operator = new x86Operator(b < 0x58 ? IntelOpcode.Push : IntelOpcode.Pop);
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Eax + (b & 0x7));
return _Operator;
}
/// <summary>
/// Diassemble all x86 instructions from 0x40 to 0x4F
/// </summary>
/// <param name="b">First byte of opcode</param>
/// <returns>The next x86 Operator</returns>
private x86Operator Read_4x(byte b)
{
x86Operator _Operator = null;
_Operator = new x86Operator(b < 0x48 ? IntelOpcode.Inc : IntelOpcode.Dec);
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Eax + (b & 0x7));
return _Operator;
}
private x86Operator Read_00_to_40(byte b)
{
x86Operator _Operator = null;
long value;
if ((b & 0x7) < 6)
{
_Operator = new x86Operator(IntelOpcode.Add + (b >> 3));
switch (b & 0x7)
{
case 0:
b = Buffer[X];
Length++;
_Operator.Destination = extractEb(b);
_Operator.Source = extractGb(b);
break;
case 1:
b = Buffer[X];
Length++;
_Operator.Destination = extractEv(b);
_Operator.Source = extractGv(b);
break;
case 2:
b = Buffer[X];
Length++;
_Operator.Destination = extractGb(b);
_Operator.Source = extractEb(b);
break;
case 3:
b = Buffer[X];
Length++;
_Operator.Destination = extractGv(b);
_Operator.Source = extractEv(b);
break;
case 4:
value = (byte)Buffer[X];
Length++;
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Al);
_Operator.Source = x86Operand.NewValue(value);
break;
case 5:
value = Buffer[X];
value |= (uint)Buffer[X + 1] << 8;
value |= (uint)Buffer[X + 2] << 16;
value |= (uint)Buffer[X + 3] << 24;
Length += 4;
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Eax);
_Operator.Source = x86Operand.NewValue(value);
break;
}
}
else if (b < 0x20)
{
_Operator = new x86Operator((b & 1) == 0 ? IntelOpcode.Push : IntelOpcode.Pop);
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Es + (b >> 3));
}
else if (b < 0x40)
{
if (b == 0x26)
{
_Operator = Read();
if (_Operator.OperatorCode < (int)IntelOpcode.Add)
{
_Operator = new x86Operator(IntelOpcode.Segment);
Length = 1;
}
_Operator.Segment = IntelRegister.Es;
}
}
else
throw new ArgumentException();
return _Operator;
}
private x86Operator Read_Fx(byte b)
{
x86Operator _Operator = null;
if (b == 0xF0)
{
_Operator = Read();
_Operator.Prefix = "lock";
}
else if (b == 0xF1)
{
_Operator = new x86Operator(IntelOpcode.Icebp);
}
else if (b == 0xF2)
{
_Operator = Read();
_Operator.Prefix = "repnz";
}
else if (b == 0xF3)
{
_Operator = Read();
_Operator.Prefix = "repz";
}
else if (b == 0xF4)
{
_Operator = new x86Operator(IntelOpcode.Hlt);
}
else if (b == 0xF5)
{
_Operator = new x86Operator(IntelOpcode.Cmc);
}
else if (b == 0xF6)
{
b = Buffer[X];
if (b == 0x8)
{
_Operator = new x86Operator(IntelOpcode.Bad);
return _Operator;
}
_Operator = new x86Operator(IntelOpcode.Test, OperatorSize.Byte);
Length++;
_Operator.Destination = extractEb(b);
_Operator.Source = extractLb();
}
else if (b == 0xF7)
{
b = Buffer[X];
if (b == 0x8)
{
_Operator = new x86Operator(IntelOpcode.Bad);
return _Operator;
}
_Operator = new x86Operator(IntelOpcode.Test, OperatorSize.DWord);
Length++;
_Operator.Destination = extractEv(b);
_Operator.Source = extractLz();
}
else if (b < 0xFE)
_Operator = new x86Operator(IntelOpcode.Clc + b - 0xF8);
else if (b == 0xFE)
{
b = Buffer[X];
if (((b >> 3) & 0x7) > 1)
{
_Operator = new x86Operator(IntelOpcode.Bad);
return _Operator;
}
_Operator = new x86Operator(IntelOpcode.Inc + ((b >> 3) & 0x1), OperatorSize.Byte);
Length++;
_Operator.Source = extractEb(b);
}
else if (b == 0xFF)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v == 7)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
Length++;
switch (v)
{
case 0:
_Operator = new x86Operator(IntelOpcode.Inc, OperatorSize.DWord);
_Operator.Source = extractEv(b);
break;
case 1:
_Operator = new x86Operator(IntelOpcode.Dec, OperatorSize.DWord);
_Operator.Source = extractEv(b);
break;
case 2:
_Operator = new x86Operator(IntelOpcode.Call);
_Operator.Source = extractEv(b);
break;
case 3:
_Operator = new x86Operator(IntelOpcode.Call);
_Operator.Source = extractEv(b);
break;
case 4:
_Operator = new x86Operator(IntelOpcode.Jmp);
_Operator.Source = extractEv(b);
break;
case 5:
_Operator = new x86Operator(IntelOpcode.Jmp);
_Operator.Source = extractMa(b);
break;
case 6:
_Operator = new x86Operator(IntelOpcode.Push, OperatorSize.DWord);
_Operator.Source = extractEv(b);
break;
}
}
}
else
{
}
return _Operator;
}
public static bool IsRoundOp(x86Operator Op)
{
return(Op == x86Operator.Round || Op == x86Operator.Floor ||
Op == x86Operator.Ceiling || Op == x86Operator.Truncate);
}
public static bool IsMinMaxOp(x86Operator Op)
{
return(Op == x86Operator.Max || Op == x86Operator.Min);
}
private x86Operator Read_9x(byte b)
{
x86Operator _Operator = null;
if (b == 0x90)
{
_Operator = new x86Operator(IntelOpcode.Nop);
}
else if (b < 0x98)
{
_Operator = new x86Operator(IntelOpcode.Xchg);
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Eax);
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Eax + b - 0x90);
}
else if (b < 0x9A)
{
_Operator = new x86Operator(IntelOpcode.Cwtl + b - 0x98);
}
else if (b == 0x9A)
{
_Operator = new x86Operator(IntelOpcode.LCall);
_Operator.Destination = extractLw();
_Operator.Source = extractLz();
}
else if (b == 0x9B)
{
_Operator = new x86Operator(IntelOpcode.FWait);
}
else if (b < 0xA0)
{
_Operator = new x86Operator(IntelOpcode.Pushf + b - 0x9C);
}
else
{
throw new ArgumentException();
}
return _Operator;
}
public static bool IsTwoOperandNumberOp(Operator Op, x86Operator x86Op)
{
return(Operators.IsRelEquality(Op) || Operators.IsBitArithmShift(Op) || IsTwoOperandSSEOp(x86Op));
}
private x86Operator Read_Ax(byte b)
{
x86Operator _Operator = null;
if (b == 0xA0)
{
_Operator = new x86Operator(IntelOpcode.Mov);
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Al);
_Operator.Source = extractOb();
}
else if (b == 0xA1)
{
_Operator = new x86Operator(IntelOpcode.Mov);
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Eax);
_Operator.Source = extractOz();
}
else if (b == 0xA2)
{
_Operator = new x86Operator(IntelOpcode.Mov);
_Operator.Destination = extractOb();
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Al);
}
else if (b == 0xA3)
{
_Operator = new x86Operator(IntelOpcode.Mov);
_Operator.Destination = extractOz();
_Operator.Source = x86Operand.NewRegister((int)IntelRegister.Eax);
}
else if (b == 0xA4)
{
_Operator = new x86Operator(IntelOpcode.Mov, OperatorSize.Byte);
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Eax);
_Operator.Source = extractOz();
}
else if (b < 0xb0)
{
}
else
{
throw new ArgumentException();
}
return _Operator;
}
private x86Operator Read_Bx(byte b)
{
x86Operator _Operator = null;
_Operator = new x86Operator(IntelOpcode.Mov);
_Operator.Destination = x86Operand.NewRegister((int)IntelRegister.Eax + b - 0xB8);
_Operator.Source = extractLz();
return _Operator;
}
private x86Operator Read_Dx(byte b)
{
x86Operator _Operator = null;
if (b == 0xD0)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v == 6)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
switch (v)
{
case 0:
_Operator = new x86Operator(IntelOpcode.Rol);
break;
case 1:
_Operator = new x86Operator(IntelOpcode.Ror);
break;
case 2:
_Operator = new x86Operator(IntelOpcode.Rcl);
break;
case 3:
_Operator = new x86Operator(IntelOpcode.Rcr);
break;
case 4:
_Operator = new x86Operator(IntelOpcode.Shl);
break;
case 5:
_Operator = new x86Operator(IntelOpcode.Shr);
break;
case 7:
_Operator = new x86Operator(IntelOpcode.Sar);
break;
}
Length++;
_Operator.Destination = extractEb(b);
_Operator.Source = x86Operand.NewValue(1);
}
}
else if (b == 0xD1)
{
b = Buffer[X];
int v = ((b >> 3) & 0x7);
if (v == 6)
{
_Operator = new x86Operator(IntelOpcode.Bad);
}
else
{
switch (v)
{
case 0:
_Operator = new x86Operator(IntelOpcode.Rol);
break;
case 1:
_Operator = new x86Operator(IntelOpcode.Ror);
break;
case 2:
_Operator = new x86Operator(IntelOpcode.Rcl);
break;
case 3:
_Operator = new x86Operator(IntelOpcode.Rcr);
break;
case 4:
_Operator = new x86Operator(IntelOpcode.Shl);
break;
case 5:
_Operator = new x86Operator(IntelOpcode.Shr);
break;
case 7:
_Operator = new x86Operator(IntelOpcode.Sar);
break;
}
Length++;
_Operator.Destination = extractEv(b);
_Operator.Source = x86Operand.NewValue(1);
}
}
else
{
}
return _Operator;
}
