public X86State(X86State st) : base(st) { arch = st.arch; FpuStackItems = st.FpuStackItems; regs = (ulong[])st.regs.Clone(); valid = (bool []) st.valid.Clone(); }
public void OnBeforeCall_DecrementStackRegister() { var arch = new IntelArchitecture(ProcessorMode.Protected32); var state = new X86State(arch); var esp = CreateId(Registers.esp); state.SetRegister(Registers.esp, Constant.Word32(-4)); state.OnProcedureEntered(); var site = state.OnBeforeCall(esp, 4); Assert.AreEqual(4, site.SizeOfReturnAddressOnStack); Assert.AreEqual("0xFFFFFFFC", state.GetValue(esp).ToString()); }
public void Setup() { prog = new Program(); prog.Image = new LoadedImage(Address.Ptr32(0x10000), new byte[4]); var procAddress = Address.Ptr32(0x10000000); instr = new IntelInstruction(Opcode.nop, PrimitiveType.Word32, PrimitiveType.Word32) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); state = (X86State) arch.CreateProcessorState(); orw = new OperandRewriter32(arch, proc.Frame, new FakeRewriterHost(prog)); }
public void Simple() { var arch = new IntelArchitecture(ProcessorMode.Real); X86State st = new X86State(arch); st.SetRegister(Registers.cs, Constant.Word16(0xC00)); st.SetRegister(Registers.ax, Constant.Word16(0x1234)); Assert.IsTrue(!st.GetRegister(Registers.bx).IsValid); Assert.IsTrue(st.GetRegister(Registers.ax).IsValid); Assert.IsTrue(st.GetRegister(Registers.al).IsValid); Assert.AreEqual(0x34, st.GetRegister(Registers.al).ToUInt32()); Assert.IsTrue(st.GetRegister(Registers.ah).IsValid); Assert.AreEqual(0x12, st.GetRegister(Registers.ah).ToUInt32()); }
public void StackUnderflow_ReportError() { var arch = new IntelArchitecture(ProcessorMode.Protected32); string reportedError = null; var state = new X86State(arch) { ErrorListener = (err) => { reportedError = err; } }; state.OnProcedureEntered(); state.SetRegister(Registers.esp, Constant.Word32(-4)); // Push only 4 bytes var esp = CreateId(Registers.esp); var site = state.OnBeforeCall(esp, 4); state.OnAfterCall(esp, new ProcedureSignature { StackDelta = 16, // ...but pop 16 bytes }, new Decompiler.Evaluation.ExpressionSimplifier(state)); //$TODO: hm. Move simplification out of state. Assert.IsNotNull(reportedError); }
public Expression Transform(IntelInstruction instr, MachineOperand op, PrimitiveType opWidth, X86State state) { var reg = op as RegisterOperand; if (reg != null) return AluRegister(reg); var mem = op as MemoryOperand; if (mem != null) return CreateMemoryAccess(instr, mem, opWidth, state); var imm = op as ImmediateOperand; if (imm != null) return CreateConstant(imm, opWidth); var fpu = op as FpuOperand; if (fpu != null) return FpuRegister(fpu.StNumber, state); var addr = op as AddressOperand; if (addr != null) return addr.Address; throw new NotImplementedException(string.Format("Operand {0}", op)); }
public void Setup() { arch = new IntelArchitecture(ProcessorMode.Real); var image = new LoadedImage(Address.Ptr32(0x10000), new byte[4]); var prog = new Program( image, image.CreateImageMap(), arch, null); var procAddress = Address.Ptr32(0x10000000); instr = new IntelInstruction(Opcode.nop, PrimitiveType.Word16, PrimitiveType.Word16) { Address = procAddress, }; proc = Procedure.Create(procAddress, arch.CreateFrame()); orw = new OperandRewriter16(arch, proc.Frame, new FakeRewriterHost(prog)); state = (X86State)arch.CreateProcessorState(); }
public Constant ReplaceCodeSegment(RegisterStorage reg, X86State state) { if (reg == Registers.cs && arch.WordWidth == PrimitiveType.Word16) return state.GetRegister(reg); else return null; }
/// <summary> /// Changes the stack-relative address 'reg' into a frame-relative operand. /// If the register number is larger than the stack depth, then /// the register was passed on the stack when the function was called. /// </summary> /// <param name="reg"></param> /// <returns></returns> public Identifier FpuRegister(int reg, X86State state) { return frame.EnsureFpuStackVariable(reg - state.FpuStackItems, PrimitiveType.Real64); }
/// <summary> /// Memory accesses are translated into expressions. /// </summary> /// <param name="mem"></param> /// <param name="state"></param> /// <returns></returns> public Expression EffectiveAddressExpression(IntelInstruction instr, MemoryOperand mem, X86State state) { Expression eIndex = null; Expression eBase = null; Expression expr = null; PrimitiveType type = PrimitiveType.CreateWord(mem.Width.Size); bool ripRelative = false; if (mem.Base != RegisterStorage.None) { if (mem.Base == Registers.rip) { ripRelative = true; } else { eBase = AluRegister(mem.Base); if (expr != null) { expr = new BinaryExpression(Operator.IAdd, eBase.DataType, eBase, expr); } else { expr = eBase; } } } if (mem.Offset.IsValid) { if (ripRelative) { expr = instr.Address + (instr.Length + mem.Offset.ToInt64()); } else if (expr != null) { BinaryOperator op = Operator.IAdd; long l = mem.Offset.ToInt64(); if (l < 0 && l > -0x800) { l = -l; op = Operator.ISub; } DataType dt = (eBase != null) ? eBase.DataType : eIndex.DataType; Constant cOffset = Constant.Create(dt, l); expr = new BinaryExpression(op, dt, expr, cOffset); } else { expr = mem.Offset; } } if (mem.Index != RegisterStorage.None) { eIndex = AluRegister(mem.Index); if (mem.Scale != 0 && mem.Scale != 1) { eIndex = new BinaryExpression( Operator.IMul, eIndex.DataType, eIndex, Constant.Create(mem.Width, mem.Scale)); } expr = new BinaryExpression(Operator.IAdd, expr.DataType, expr, eIndex); } return expr; }
public Expression CreateMemoryAccess(IntelInstruction instr, MemoryOperand memoryOperand, X86State state) { return CreateMemoryAccess(instr, memoryOperand, memoryOperand.Width, state); }
public virtual Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return state.AddressFromSegOffset(seg, offset); }
public override Address MakeAddressFromSegOffset(X86State state, RegisterStorage seg, uint offset) { return Address.Ptr64(offset); }
private X86Rewriter CreateRewriter32(byte [] bytes) { state = new X86State(arch32); return new X86Rewriter(arch32, host, state, new LeImageReader(image, 0), new Frame(arch32.WordWidth)); }
public bool HasSameValues(X86State st2) { for (int i = 0; i < valid.Length; ++i) { if (valid[i] != st2.valid[i]) return false; if (valid[i]) { RegisterStorage reg = Registers.GetRegister(i); ulong u1 = (ulong)(regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); ulong u2 = (ulong)(st2.regs[reg.Number] & ((1UL << reg.DataType.BitSize) - 1UL)); if (u1 != u2) return false; } } return true; }
public void AreEqual() { var arch = new IntelArchitecture(ProcessorMode.Real); X86State st1 = new X86State(arch); X86State st2 = new X86State(arch); Assert.IsTrue(st1.HasSameValues(st2)); }
public Expression CreateMemoryAccess(IntelInstruction instr, MemoryOperand mem, DataType dt, X86State state) { var exp = ImportedProcedureName(instr.Address, mem.Width, mem); if (exp != null) return new ProcedureConstant(arch.PointerType, exp); Expression expr = EffectiveAddressExpression(instr, mem, state); if (IsSegmentedAccessRequired || (mem.DefaultSegment != Registers.ds && mem.DefaultSegment != Registers.ss)) { Expression seg = ReplaceCodeSegment(mem.DefaultSegment, state); if (seg == null) seg = AluRegister(mem.DefaultSegment); return new SegmentedAccess(MemoryIdentifier.GlobalMemory, seg, expr, dt); } else { return new MemoryAccess(MemoryIdentifier.GlobalMemory, expr, dt); } }
private X86Rewriter CreateRewriter32(X86Assembler m) { state = new X86State(arch32); return new X86Rewriter(arch32, host, state, m.GetImage().Image.CreateLeReader(0), new Frame(arch32.WordWidth)); }