private static IEnumerable <X86Instruction> CreateRegOrMemTestInstructions(X86OpCode opcode, X86Mnemonic mnemonic, bool flippedOperands)
{
for (int operandType = 0; operandType < 3; operandType++)
{
for (int register2Index = 0; register2Index < 8; register2Index++)
{
for (int register1Index = 0; register1Index < 8; register1Index++)
{
var operand1 = new X86Operand(X86OperandUsage.BytePointer,
(X86Register)register1Index | X86Register.Eax);
var operand2 = new X86Operand(X86OperandUsage.Normal, (X86Register)register2Index);
var instruction = new X86Instruction()
{
OpCode = opcode,
Mnemonic = mnemonic,
};
if (flippedOperands)
{
instruction.Operand2 = operand1;
instruction.Operand1 = operand2;
}
else
{
instruction.Operand1 = operand1;
instruction.Operand2 = operand2;
}
switch (register1Index)
{
case 4: // esp
continue;
case 5: // ebp
if (operandType != 0)
{
continue;
}
operand1.Value = 0x1337u;
break;
}
switch (operandType)
{
case 1:
operand1.Offset = 1;
operand1.OffsetType = X86OffsetType.Short;
break;
case 2:
operand1.Offset = 0x1337;
operand1.OffsetType = X86OffsetType.Long;
break;
}
yield return(instruction);
}
}
}
}
/// <summary>
/// Build an Instruction Detail.
/// </summary>
/// <param name="disassembler">
/// A disassembler.
/// </param>
/// <param name="hInstruction">
/// An instruction handle.
/// </param>
internal override void Build(CapstoneDisassembler disassembler, NativeInstructionHandle hInstruction)
{
// ...
//
// Throws an exception if the operation fails.
base.Build(disassembler, hInstruction);
var nativeInstructionDetail = NativeCapstone.GetInstructionDetail <NativeX86InstructionDetail>(hInstruction).GetValueOrDefault();
this.AddressSize = nativeInstructionDetail.AddressSize;
this.AvxConditionCode = nativeInstructionDetail.AvxConditionCode;
this.AvxRoundingMode = nativeInstructionDetail.AvxRoundingMode;
this.AvxSuppressAllExceptions = nativeInstructionDetail.AvxSuppressAllExceptions;
this.Displacement = nativeInstructionDetail.Displacement;
this.EFlags = nativeInstructionDetail.Flag.EFlags;
this.Encoding = new X86Encoding(ref nativeInstructionDetail.Encoding);
this.FpuFlags = nativeInstructionDetail.Flag.FpuFlags;
this.ModRm = nativeInstructionDetail.ModRm;
this.Opcode = nativeInstructionDetail.Opcode;
this.Operands = X86Operand.Create(disassembler, ref nativeInstructionDetail);
this.Prefix = nativeInstructionDetail.Prefix;
this.Rex = nativeInstructionDetail.Rex;
this.Sib = nativeInstructionDetail.Sib;
this.SibBase = X86Register.TryCreate(disassembler, nativeInstructionDetail.SibBase);
this.SibIndex = X86Register.TryCreate(disassembler, nativeInstructionDetail.SibIndex);
this.SibScale = nativeInstructionDetail.SibScale;
this.SseConditionCode = nativeInstructionDetail.SseConditionCode;
this.XopConditionCode = nativeInstructionDetail.XopConditionCode;
}
private static IEnumerable <X86Instruction> CreateRegOrMemSibTestInstructions(X86OpCode opcode, X86Mnemonic mnemonic)
{
for (int operandType = 0; operandType < 3; operandType++)
{
for (int multiplier = 1; multiplier < 16; multiplier *= 2)
{
for (int scaledRegIndex = 0; scaledRegIndex < 8; scaledRegIndex++)
{
if (scaledRegIndex == 4)
{
continue;
}
var operand1 = new X86Operand(X86OperandUsage.BytePointer, X86Register.Eax,
new X86ScaledIndex((X86Register)scaledRegIndex | X86Register.Eax, multiplier));
var operand2 = new X86Operand(X86OperandUsage.Normal, X86Register.Al);
var instruction = new X86Instruction()
{
OpCode = opcode,
Mnemonic = mnemonic,
Operand1 = operand1,
Operand2 = operand2,
};
switch (operandType)
{
case 1:
operand1.Offset = 1;
operand1.OffsetType = X86OffsetType.Short;
break;
case 2:
operand1.Offset = 0x1337;
operand1.OffsetType = X86OffsetType.Long;
break;
}
yield return(instruction);
}
}
}
}
public string Translate(X86Operand operand)
{
switch (operand.Type)
{
case OperandTypes.Immediate:
return(TranslateImmediate(((ImmediateArgument)operand)));
case OperandTypes.Label:
return(TranslateLabel(((LabelArgument)operand)));
case OperandTypes.Register:
return(TranslateRegister(((RegisterArgument)operand)));
case OperandTypes.Memory:
return(TranslateMemory(((MemoryArgument)operand)));
}
//this should never happen
throw new UnknownInstructionException("-", operand.Line);
}
public static ulong GetAdressFromOperand(X86Instruction ins, X86Operand op)
{
ulong address = 0x0;
if (op.Type == X86OperandType.Immediate)
{
address = (ulong)op.Immediate;
}
else if (op.Type == X86OperandType.Memory)
{
if (op.Memory.Base == null)
{
address = (ulong)op.Memory.Displacement;
}
else if (op.Memory.Base.Id == X86RegisterId.X86_REG_RIP)
{
address = (ulong)(ins.Address + op.Memory.Displacement);
}
}
return(address);
}
public static UnitorType GetTypeLoaded(X86Instruction ins, UnitorModel model)
{
if (!ins.HasDetails)
{
return(null);
}
X86Operand[] operands = ins.Details.Operands;
if (operands.Length != 2)
{
return(null);
}
X86Operand register = operands[0]; // Future use for register type/method storage
X86Operand operand = operands[1];
ulong address = GetAdressFromOperand(ins, operand);
if (address == 0x0)
{
return(null);
}
return(model.Types.FirstOrDefault(t => t.TypeClassAddress == address));
}
private static IEnumerable <X86Instruction> Create3OperandsInstructions()
{
for (int reg1 = (int)X86Register.Eax; reg1 <= (int)X86Register.Edi; reg1++)
{
for (int reg2 = (int)X86Register.Eax; reg2 <= (int)X86Register.Edi; reg2++)
{
var operand1 = new X86Operand((X86Register)reg1);
var operand2 = new X86Operand(X86OperandUsage.DwordPointer, (X86Register)reg2);
if ((X86Register)operand2.Value == X86Register.Ebp)
{
operand2.Value = 0x1337u;
}
yield return(new X86Instruction
{
OpCode = X86OpCodes.IMul_Reg1632_RegOrMem1632_Imm1632,
Mnemonic = X86Mnemonic.Imul,
Operand1 = operand1,
Operand2 = operand2,
Operand3 = new X86Operand(1337u)
});
}
}
}