![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to disasm.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / mstools / samples / sdktools / image / drwatson / i386|
Return to disasm.c CVS log | Up to [WindowsNT SDKs] / mstools / samples / sdktools / image / drwatson / i386 |
1.1 ! root 1: /*++ ! 2: ! 3: Copyright (c) 1993 Microsoft Corporation ! 4: ! 5: Module Name: ! 6: ! 7: disasm.c ! 8: ! 9: Abstract: ! 10: ! 11: This file provides support disassembly ( x86 ). ! 12: ! 13: Author: ! 14: ! 15: Gerd Immeyer 19-Oct-1989 ! 16: Wesley Witt (wesw) 1-May-1993 ( ported from ntsd to drwatson) ! 17: ! 18: Environment: ! 19: ! 20: User Mode ! 21: ! 22: --*/ ! 23: ! 24: #include <windows.h> ! 25: #include <stddef.h> ! 26: #include <string.h> ! 27: #include "regs.h" ! 28: #include "disasm.h" ! 29: #include "drwatson.h" ! 30: #include "proto.h" ! 31: ! 32: /***** macros and defines *****/ ! 33: ! 34: #define BIT20(b) (b & 0x07) ! 35: #define BIT53(b) (b >> 3 & 0x07) ! 36: #define BIT76(b) (b >> 6 & 0x03) ! 37: #define MAXL 16 ! 38: #define MAXOPLEN 10 ! 39: ! 40: #define OBOFFSET 26 ! 41: #define OBOPERAND 34 ! 42: #define OBLINEEND 77 ! 43: ! 44: /***** static tables and variables *****/ ! 45: ! 46: static char regtab[] = "alcldlblahchdhbhaxcxdxbxspbpsidi"; /* reg table */ ! 47: static char *mrmtb16[] = { "bx+si", /* modRM string table (16-bit) */ ! 48: "bx+di", ! 49: "bp+si", ! 50: "bp+di", ! 51: "si", ! 52: "di", ! 53: "bp", ! 54: "bx" ! 55: }; ! 56: ! 57: static char *mrmtb32[] = { "eax", /* modRM string table (32-bit) */ ! 58: "ecx", ! 59: "edx", ! 60: "ebx", ! 61: "esp", ! 62: "ebp", ! 63: "esi", ! 64: "edi" ! 65: }; ! 66: ! 67: static char seg16[8] = { REGDS, REGDS, REGSS, REGSS, ! 68: REGDS, REGDS, REGSS, REGDS }; ! 69: static char reg16[8] = { REGEBX, REGEBX, REGEBP, REGEBP, ! 70: REGESI, REGEDI, REGEBP, REGEBX }; ! 71: static char reg16_2[4] = { REGESI, REGEDI, REGESI, REGEDI }; ! 72: ! 73: static char seg32[8] = { REGDS, REGDS, REGDS, REGDS, ! 74: REGSS, REGSS, REGDS, REGDS }; ! 75: static char reg32[8] = { REGEAX, REGECX, REGEDX, REGEBX, ! 76: REGESP, REGEBP, REGESI, REGEDI }; ! 77: ! 78: static char sregtab[] = "ecsdfg"; // first letter of ES, CS, SS, DS, FS, GS ! 79: ! 80: char hexdigit[] = { '0', '1', '2', '3', '4', '5', '6', '7', ! 81: '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; ! 82: ! 83: static int mod; /* mod of mod/rm byte */ ! 84: static int rm; /* rm of mod/rm byte */ ! 85: static int ttt; /* return reg value (of mod/rm) */ ! 86: static unsigned char *pMem; /* current position in instruction */ ! 87: static int mode_32; /* local addressing mode indicator */ ! 88: static int opsize_32; /* operand size flag */ ! 89: ! 90: ULONG EAaddr[2]; // offset of effective address ! 91: static int EAsize[2]; // size of effective address item ! 92: static char *pchEAseg[2]; // normal segment for operand ! 93: ! 94: int G_mode_32 = 1; /* global address mode indicator */ ! 95: ! 96: static BOOLEAN fMovX; // indicates a MOVSX or MOVZX ! 97: ! 98: // internal function definitions ! 99: ! 100: BOOLEAN disasm(PDEBUGPACKET, PULONG, PUCHAR, BOOLEAN); ! 101: void DIdoModrm(PDEBUGPACKET dp,char **, int, BOOLEAN); ! 102: ! 103: void OutputHexString(char **, char *, int); ! 104: void OutputHexValue(char **, char *, int, int); ! 105: void OutputHexCode(char **, char *, int); ! 106: void OutputString(char **, char *); ! 107: void OutputSymbol(PDEBUGPACKET, char **, char *, int, int); ! 108: ! 109: void GetNextOffset(PDEBUGPACKET, PULONG, BOOLEAN); ! 110: void OutputHexAddr(PUCHAR *, ULONG); ! 111: USHORT GetSegRegValue(PDEBUGPACKET,int); ! 112: ! 113: /**** disasm - disassemble an 80x86/80x87 instruction ! 114: * ! 115: * Input: ! 116: * pOffset = pointer to offset to start disassembly ! 117: * fEAout = if set, include EA (effective address) ! 118: * ! 119: * Output: ! 120: * pOffset = pointer to offset of next instruction ! 121: * pchDst = pointer to result string ! 122: * ! 123: ***************************************************************************/ ! 124: ! 125: BOOLEAN ! 126: disasm( PDEBUGPACKET dp, PULONG pOffset, PUCHAR pchDst, BOOLEAN fEAout ) ! 127: { ! 128: int opcode; /* current opcode */ ! 129: int olen = 2; /* operand length */ ! 130: int alen = 2; /* address length */ ! 131: int end = FALSE; /* end of instruction flag */ ! 132: int mrm = FALSE; /* indicator that modrm is generated*/ ! 133: unsigned char *action; /* action for operand interpretation*/ ! 134: long tmp; /* temporary storage field */ ! 135: int indx; /* temporary index */ ! 136: int action2; /* secondary action */ ! 137: int instlen; /* instruction length */ ! 138: int cBytes; // bytes read into instr buffer ! 139: int segOvr = 0; /* segment override opcode */ ! 140: char membuf[MAXL]; /* current instruction buffer */ ! 141: char *pEAlabel = ""; // optional label for operand ! 142: ! 143: char *pchResultBuf = pchDst; // working copy of pchDst pointer ! 144: char RepPrefixBuffer[32]; // rep prefix buffer ! 145: char *pchRepPrefixBuf = RepPrefixBuffer; // pointer to prefix buffer ! 146: char OpcodeBuffer[8]; // opcode buffer ! 147: char *pchOpcodeBuf = OpcodeBuffer; // pointer to opcode buffer ! 148: char OperandBuffer[80]; // operand buffer ! 149: char *pchOperandBuf = OperandBuffer; // pointer to operand buffer ! 150: char ModrmBuffer[80]; // modRM buffer ! 151: char *pchModrmBuf = ModrmBuffer; // pointer to modRM buffer ! 152: char EABuffer[42]; // effective address buffer ! 153: char *pchEABuf = EABuffer; // pointer to EA buffer ! 154: ! 155: int obOpcode = OBOFFSET; ! 156: int obOpcodeMin; ! 157: int obOpcodeMax; ! 158: ! 159: int obOperand = OBOPERAND; ! 160: int obOperandMin; ! 161: int obOperandMax; ! 162: ! 163: int cbOpcode; ! 164: int cbOperand; ! 165: int cbOffset; ! 166: int cbEAddr; ! 167: ! 168: int fTwoLines = FALSE; ! 169: ! 170: fMovX = FALSE; ! 171: EAsize[0] = EAsize[1] = 0; // no effective address ! 172: pchEAseg[0] = dszDS_; ! 173: pchEAseg[1] = dszES_; ! 174: ! 175: mode_32 = opsize_32 = (G_mode_32 == 1); /* local addressing mode */ ! 176: olen = alen = (1 + mode_32) << 1; // set operand/address lengths ! 177: // 2 for 16-bit and 4 for 32-bit ! 178: ! 179: OutputHexAddr(&pchResultBuf, *pOffset); ! 180: ! 181: *pchResultBuf++ = ' '; ! 182: ! 183: ReadProcessMemory( dp->hProcess, ! 184: (LPVOID)*pOffset, ! 185: (LPVOID)membuf, ! 186: MAXL, ! 187: &cBytes ! 188: ); ! 189: ! 190: /* move full inst to local buffer */ ! 191: pMem = membuf; /* point to begin of instruction */ ! 192: opcode = *pMem++; /* get opcode */ ! 193: OutputString(&pchOpcodeBuf, distbl[opcode].instruct); ! 194: action = actiontbl + distbl[opcode].opr; /* get operand action */ ! 195: ! 196: /***** loop through all operand actions *****/ ! 197: ! 198: do { ! 199: action2 = (*action) & 0xc0; ! 200: switch((*action++) & 0x3f) { ! 201: case ALT: /* alter the opcode if 32-bit */ ! 202: if (opsize_32) { ! 203: indx = *action++; ! 204: pchOpcodeBuf = &OpcodeBuffer[indx]; ! 205: if (indx == 0) ! 206: OutputString(&pchOpcodeBuf, dszCWDE); ! 207: else { ! 208: *pchOpcodeBuf++ = 'd'; ! 209: if (indx == 1) ! 210: *pchOpcodeBuf++ = 'q'; ! 211: } ! 212: } ! 213: break; ! 214: ! 215: case STROP: ! 216: // compute size of operands in indx ! 217: // also if dword operands, change fifth ! 218: // opcode letter from 'w' to 'd'. ! 219: ! 220: if (opcode & 1) { ! 221: if (opsize_32) { ! 222: indx = 4; ! 223: OpcodeBuffer[4] = 'd'; ! 224: } ! 225: else ! 226: indx = 2; ! 227: } ! 228: else ! 229: indx = 1; ! 230: ! 231: if (*action & 1) { ! 232: if (fEAout) { ! 233: EAaddr[0] = GetRegValue(dp, REGESI); ! 234: EAsize[0] = indx; ! 235: } ! 236: } ! 237: if (*action++ & 2) { ! 238: if (fEAout) { ! 239: EAaddr[1] = GetRegValue(dp, REGEDI); ! 240: EAsize[1] = indx; ! 241: } ! 242: } ! 243: break; ! 244: ! 245: case CHR: /* insert a character */ ! 246: *pchOperandBuf++ = *action++; ! 247: break; ! 248: ! 249: case CREG: /* set debug, test or control reg */ ! 250: if ((opcode - 231) & 0x04) // remove bias from opcode ! 251: *pchOperandBuf++ = 't'; ! 252: else if ((opcode - 231) & 0x01) ! 253: *pchOperandBuf++ = 'd'; ! 254: else ! 255: *pchOperandBuf++ = 'c'; ! 256: *pchOperandBuf++ = 'r'; ! 257: *pchOperandBuf++ = (char)('0' + ttt); ! 258: break; ! 259: ! 260: case SREG2: /* segment register */ ! 261: ttt = BIT53(opcode); // set value to fall through ! 262: ! 263: case SREG3: /* segment register */ ! 264: *pchOperandBuf++ = sregtab[ttt]; // reg is part of modrm ! 265: *pchOperandBuf++ = 's'; ! 266: break; ! 267: ! 268: case BRSTR: /* get index to register string */ ! 269: ttt = *action++; /* from action table */ ! 270: goto BREGlabel; ! 271: ! 272: case BOREG: /* byte register (in opcode) */ ! 273: ttt = BIT20(opcode); /* register is part of opcode */ ! 274: goto BREGlabel; ! 275: ! 276: case ALSTR: ! 277: ttt = 0; /* point to AL register */ ! 278: BREGlabel: ! 279: case BREG: /* general register */ ! 280: *pchOperandBuf++ = regtab[ttt * 2]; ! 281: *pchOperandBuf++ = regtab[ttt * 2 + 1]; ! 282: break; ! 283: ! 284: case WRSTR: /* get index to register string */ ! 285: ttt = *action++; /* from action table */ ! 286: goto WREGlabel; ! 287: ! 288: case VOREG: /* register is part of opcode */ ! 289: ttt = BIT20(opcode); ! 290: goto VREGlabel; ! 291: ! 292: case AXSTR: ! 293: ttt = 0; /* point to eAX register */ ! 294: VREGlabel: ! 295: case VREG: /* general register */ ! 296: if (opsize_32) /* test for 32bit mode */ ! 297: *pchOperandBuf++ = 'e'; ! 298: WREGlabel: ! 299: case WREG: /* register is word size */ ! 300: *pchOperandBuf++ = regtab[ttt * 2 + 16]; ! 301: *pchOperandBuf++ = regtab[ttt * 2 + 17]; ! 302: break; ! 303: ! 304: case IST_ST: ! 305: OutputString(&pchOperandBuf, "st(0),st"); ! 306: *(pchOperandBuf - 5) += rm; ! 307: break; ! 308: ! 309: case ST_IST: ! 310: OutputString(&pchOperandBuf, "st,"); ! 311: case IST: ! 312: OutputString(&pchOperandBuf, "st(0)"); ! 313: *(pchOperandBuf - 2) += rm; ! 314: break; ! 315: ! 316: case xBYTE: /* set instruction to byte only */ ! 317: EAsize[0] = 1; ! 318: pEAlabel = "byte ptr "; ! 319: break; ! 320: ! 321: case VAR: ! 322: if (opsize_32) ! 323: goto DWORDlabel; ! 324: ! 325: case xWORD: ! 326: EAsize[0] = 2; ! 327: pEAlabel = "word ptr "; ! 328: break; ! 329: ! 330: case EDWORD: ! 331: opsize_32 = 1; // for control reg move, use eRegs ! 332: case xDWORD: ! 333: DWORDlabel: ! 334: EAsize[0] = 4; ! 335: pEAlabel = "dword ptr "; ! 336: break; ! 337: ! 338: case QWORD: ! 339: EAsize[0] = 8; ! 340: pEAlabel = "qword ptr "; ! 341: break; ! 342: ! 343: case TTBYTE: ! 344: EAsize[0] = 10; ! 345: pEAlabel = "tbyte ptr "; ! 346: break; ! 347: ! 348: case FARPTR: ! 349: if (opsize_32) { ! 350: EAsize[0] = 6; ! 351: pEAlabel = "fword ptr "; ! 352: } ! 353: else { ! 354: EAsize[0] = 4; ! 355: pEAlabel = "dword ptr "; ! 356: } ! 357: break; ! 358: ! 359: case LMODRM: // output modRM data type ! 360: if (mod != 3) ! 361: OutputString(&pchOperandBuf, pEAlabel); ! 362: else ! 363: EAsize[0] = 0; ! 364: ! 365: case MODRM: /* output modrm string */ ! 366: if (segOvr) /* in case of segment override */ ! 367: OutputString(&pchOperandBuf, distbl[segOvr].instruct); ! 368: *pchModrmBuf = '\0'; ! 369: OutputString(&pchOperandBuf, ModrmBuffer); ! 370: break; ! 371: ! 372: case ADDRP: /* address pointer */ ! 373: OutputHexString(&pchOperandBuf, pMem + olen, 2); // segment ! 374: *pchOperandBuf++ = ':'; ! 375: OutputSymbol(dp, &pchOperandBuf, pMem, olen, segOvr); ! 376: pMem += olen + 2; ! 377: break; ! 378: ! 379: case REL8: /* relative address 8-bit */ ! 380: if (opcode == 0xe3 && mode_32) { ! 381: pchOpcodeBuf = OpcodeBuffer; ! 382: OutputString(&pchOpcodeBuf, dszJECXZ); ! 383: } ! 384: tmp = (long)*(char *)pMem++; /* get the 8-bit rel offset */ ! 385: goto DoRelDispl; ! 386: ! 387: case REL16: /* relative address 16-/32-bit */ ! 388: tmp = 0; ! 389: memmove(&tmp,pMem,sizeof(long)); ! 390: pMem += alen; /* skip over offset */ ! 391: DoRelDispl: ! 392: tmp += *pOffset + (pMem - membuf); /* calculate address */ ! 393: OutputSymbol(dp, &pchOperandBuf, (char *) &tmp, alen, segOvr); ! 394: // address ! 395: break; ! 396: ! 397: case UBYTE: // unsigned byte for int/in/out ! 398: OutputHexString(&pchOperandBuf, pMem, 1); // ubyte ! 399: pMem++; ! 400: break; ! 401: ! 402: case IB: /* operand is immediate byte */ ! 403: if ((opcode & ~1) == 0xd4) { // postop for AAD/AAM is 0x0a ! 404: if (*pMem++ != 0x0a) // test post-opcode byte ! 405: OutputString(&pchOperandBuf, dszRESERVED); ! 406: break; ! 407: } ! 408: olen = 1; /* set operand length */ ! 409: goto DoImmed; ! 410: ! 411: case IW: /* operand is immediate word */ ! 412: olen = 2; /* set operand length */ ! 413: ! 414: case IV: /* operand is word or dword */ ! 415: DoImmed: ! 416: OutputHexValue(&pchOperandBuf, pMem, olen, FALSE); ! 417: pMem += olen; ! 418: break; ! 419: ! 420: case OFFS: /* operand is offset */ ! 421: EAsize[0] = (opcode & 1) ? olen : 1; ! 422: ! 423: if (segOvr) /* in case of segment override */ ! 424: OutputString(&pchOperandBuf, distbl[segOvr].instruct); ! 425: ! 426: *pchOperandBuf++ = '['; ! 427: OutputSymbol(dp,&pchOperandBuf, pMem, alen, segOvr); // offset ! 428: pMem += alen; ! 429: *pchOperandBuf++ = ']'; ! 430: break; ! 431: ! 432: case GROUP: /* operand is of group 1,2,4,6 or 8 */ ! 433: /* output opcode symbol */ ! 434: OutputString(&pchOpcodeBuf, group[*action++][ttt]); ! 435: break; ! 436: ! 437: case GROUPT: /* operand is of group 3,5 or 7 */ ! 438: indx = *action; /* get indx into group from action */ ! 439: goto doGroupT; ! 440: ! 441: case EGROUPT: /* x87 ESC (D8-DF) group index */ ! 442: indx = BIT20(opcode) * 2; /* get group index from opcode */ ! 443: if (mod == 3) { /* some operand variations exists */ ! 444: /* for x87 and mod == 3 */ ! 445: ++indx; /* take the next group table entry */ ! 446: if (indx == 3) { /* for x87 ESC==D9 and mod==3 */ ! 447: if (ttt > 3) { /* for those D9 instructions */ ! 448: indx = 12 + ttt; /* offset index to table by 12 */ ! 449: ttt = rm; /* set secondary index to rm */ ! 450: } ! 451: } ! 452: else if (indx == 7) { /* for x87 ESC==DB and mod==3 */ ! 453: if (ttt == 4) /* only valid if ttt==4 */ ! 454: ttt = rm; /* set secondary group table index */ ! 455: else ! 456: ttt = 7; /* no an x87 instruction */ ! 457: } ! 458: } ! 459: doGroupT: ! 460: /* handle group with different types of operands */ ! 461: ! 462: OutputString(&pchOpcodeBuf, groupt[indx][ttt].instruct); ! 463: action = actiontbl + groupt[indx][ttt].opr; ! 464: /* get new action */ ! 465: break; ! 466: ! 467: case OPC0F: /* secondary opcode table (opcode 0F) */ ! 468: opcode = *pMem++; /* get real opcode */ ! 469: fMovX = (BOOLEAN)(opcode == 0xBF || opcode == 0xB7); ! 470: if (opcode < 7) /* for the first 7 opcodes */ ! 471: opcode += 256; /* point begin of secondary opcode tab. */ ! 472: else if (opcode > 0x1f && opcode < 0x27) ! 473: opcode += 231; /* adjust for non-existing opcodes */ ! 474: else if (opcode > 0x2f && opcode < 0x33) ! 475: opcode += 222; /* adjust for non-existing opcodes */ ! 476: else if (opcode > 0x7e && opcode < 0xd0) ! 477: opcode += 148; /* adjust for non-existing opcodes */ ! 478: else ! 479: opcode = 260; /* all non-existing opcodes */ ! 480: goto getNxtByte1; ! 481: ! 482: case ADR_OVR: /* address override */ ! 483: mode_32 = !G_mode_32; /* override addressing mode */ ! 484: alen = (mode_32 + 1) << 1; /* toggle address length */ ! 485: goto getNxtByte; ! 486: ! 487: case OPR_OVR: /* operand size override */ ! 488: opsize_32 = !G_mode_32; /* override operand size */ ! 489: olen = (opsize_32 + 1) << 1; /* toggle operand length */ ! 490: goto getNxtByte; ! 491: ! 492: case SEG_OVR: /* handle segment override */ ! 493: segOvr = opcode; /* save segment override opcode */ ! 494: pchOpcodeBuf = OpcodeBuffer; // restart the opcode string ! 495: goto getNxtByte; ! 496: ! 497: case REP: /* handle rep/lock prefixes */ ! 498: *pchOpcodeBuf = '\0'; ! 499: if (pchRepPrefixBuf != RepPrefixBuffer) ! 500: *pchRepPrefixBuf++ = ' '; ! 501: OutputString(&pchRepPrefixBuf, OpcodeBuffer); ! 502: pchOpcodeBuf = OpcodeBuffer; ! 503: getNxtByte: ! 504: opcode = *pMem++; /* next byte is opcode */ ! 505: getNxtByte1: ! 506: action = actiontbl + distbl[opcode].opr; ! 507: OutputString(&pchOpcodeBuf, distbl[opcode].instruct); ! 508: ! 509: default: /* opcode has no operand */ ! 510: break; ! 511: } ! 512: switch (action2) { /* secondary action */ ! 513: case MRM: /* generate modrm for later use */ ! 514: if (!mrm) { /* ignore if it has been generated */ ! 515: DIdoModrm(dp, &pchModrmBuf, segOvr, fEAout); ! 516: /* generate modrm */ ! 517: mrm = TRUE; /* remember its generation */ ! 518: } ! 519: break; ! 520: ! 521: case COM: /* insert a comma after operand */ ! 522: *pchOperandBuf++ = ','; ! 523: break; ! 524: ! 525: case END: /* end of instruction */ ! 526: end = TRUE; ! 527: break; ! 528: } ! 529: } while (!end); /* loop til end of instruction */ ! 530: ! 531: /***** prepare disassembled instruction for output *****/ ! 532: ! 533: instlen = pMem - membuf; ! 534: ! 535: if (instlen < cBytes) ! 536: cBytes = instlen; ! 537: ! 538: OutputHexCode(&pchResultBuf, membuf, cBytes); ! 539: ! 540: if (instlen > cBytes) { ! 541: *pchResultBuf++ = '?'; ! 542: *pchResultBuf++ = '?'; ! 543: (*pOffset)++; // point past unread byte ! 544: } ! 545: ! 546: *pOffset += instlen; /* set instruction length */ ! 547: ! 548: if (instlen > cBytes) { ! 549: do ! 550: *pchResultBuf++ = ' '; ! 551: while (pchResultBuf < pchDst + OBOFFSET); ! 552: OutputString(&pchResultBuf, "???"); ! 553: *pchResultBuf++ = '\0'; ! 554: return FALSE; ! 555: } ! 556: ! 557: // if fEAout is set, build each EA with trailing space in EABuf ! 558: // point back over final trailing space if buffer nonnull ! 559: ! 560: if (fEAout) { ! 561: ! 562: for (indx = 0; indx < 2; indx++) ! 563: if (EAsize[indx]) { ! 564: OutputString(&pchEABuf, segOvr ? distbl[segOvr].instruct ! 565: : pchEAseg[indx]); ! 566: OutputHexAddr(&pchEABuf, EAaddr[indx]); ! 567: *pchEABuf++ = '='; ! 568: ! 569: ReadProcessMemory( dp->hProcess, ! 570: (LPVOID)EAaddr[indx], ! 571: (LPVOID)membuf, ! 572: EAsize[indx], ! 573: &tmp ! 574: ); ! 575: ! 576: if (tmp == EAsize[indx]) ! 577: OutputHexString(&pchEABuf, (char *)membuf, ! 578: EAsize[indx]); ! 579: else ! 580: while (EAsize[indx]--) { ! 581: *pchEABuf++ = '?'; ! 582: *pchEABuf++ = '?'; ! 583: } ! 584: *pchEABuf++ = ' '; ! 585: } ! 586: if (pchEABuf != EABuffer) ! 587: pchEABuf--; ! 588: } ! 589: ! 590: // compute lengths of component strings. ! 591: // if the rep string is nonnull, ! 592: // add the opcode string length to the operand ! 593: // make the rep string the opcode string ! 594: ! 595: cbOffset = pchResultBuf - pchDst; ! 596: cbOperand = pchOperandBuf - OperandBuffer; ! 597: cbOpcode = pchOpcodeBuf - OpcodeBuffer; ! 598: if (pchRepPrefixBuf != RepPrefixBuffer) { ! 599: cbOperand += cbOpcode + (cbOperand != 0); ! 600: cbOpcode = pchRepPrefixBuf - RepPrefixBuffer; ! 601: } ! 602: cbEAddr = pchEABuf - EABuffer; ! 603: ! 604: // for really long strings, where the opcode and operand ! 605: // will not fit on a 77-character line, make two lines ! 606: // with the opcode on offset 0 on the second line with ! 607: // the operand following after one space ! 608: ! 609: if (cbOpcode + cbOperand > OBLINEEND - 1) { ! 610: fTwoLines = TRUE; ! 611: obOpcode = 0; ! 612: obOperand = cbOpcode + 1; ! 613: } ! 614: else { ! 615: ! 616: // compute the minimum and maximum offset values for ! 617: // opcode and operand strings. ! 618: // if strings are nonnull, add extra for separating space ! 619: ! 620: obOpcodeMin = cbOffset + 1; ! 621: obOperandMin = obOpcodeMin + cbOpcode + 1; ! 622: obOperandMax = OBLINEEND - cbEAddr - (cbEAddr != 0) - cbOperand; ! 623: obOpcodeMax = obOperandMax - (cbOperand != 0) - cbOpcode; ! 624: ! 625: // if minimum offset is more than the maximum, the strings ! 626: // will not fit on one line. recompute the min/max ! 627: // values with no offset and EA strings. ! 628: ! 629: if (obOpcodeMin > obOpcodeMax) { ! 630: fTwoLines = TRUE; ! 631: obOpcodeMin = 0; ! 632: obOperandMin = cbOpcode + 1; ! 633: obOperandMax = OBLINEEND - cbOperand; ! 634: obOpcodeMax = obOperandMax - (cbOperand != 0) - cbOpcode; ! 635: } ! 636: ! 637: // compute the opcode and operand offsets. set offset as ! 638: // close to the default values as possible. ! 639: ! 640: if (obOpcodeMin > OBOFFSET) ! 641: obOpcode = obOpcodeMin; ! 642: else if (obOpcodeMax < OBOFFSET) ! 643: obOpcode = obOpcodeMax; ! 644: ! 645: obOperandMin = obOpcode + cbOpcode + 1; ! 646: ! 647: if (obOperandMin > OBOPERAND) ! 648: obOperand = obOperandMin; ! 649: else if (obOperandMax < OBOPERAND) ! 650: obOperand = obOperandMax; ! 651: } ! 652: ! 653: // build the resultant string with the offsets computed ! 654: ! 655: // if two lines are to be output, ! 656: // append the EAddr string ! 657: // output a new line and reset the pointer ! 658: ! 659: if (fTwoLines) { ! 660: if (pchEABuf != EABuffer) { ! 661: do ! 662: *pchResultBuf++ = ' '; ! 663: while (pchResultBuf < pchDst + OBLINEEND - cbEAddr); ! 664: *pchEABuf = '\0'; ! 665: OutputString(&pchResultBuf, EABuffer); ! 666: } ! 667: pchDst = pchResultBuf; ! 668: } ! 669: ! 670: // output rep, opcode, and operand strings ! 671: ! 672: do ! 673: *pchResultBuf++ = ' '; ! 674: while (pchResultBuf < pchDst + obOpcode); ! 675: ! 676: if (pchRepPrefixBuf != RepPrefixBuffer) { ! 677: *pchRepPrefixBuf = '\0'; ! 678: OutputString(&pchResultBuf, RepPrefixBuffer); ! 679: do ! 680: *pchResultBuf++ = ' '; ! 681: while (pchResultBuf < pchDst + obOperand); ! 682: } ! 683: ! 684: *pchOpcodeBuf = '\0'; ! 685: OutputString(&pchResultBuf, OpcodeBuffer); ! 686: ! 687: if (pchOperandBuf != OperandBuffer) { ! 688: do ! 689: *pchResultBuf++ = ' '; ! 690: while (pchResultBuf < pchDst + obOperand); ! 691: *pchOperandBuf = '\0'; ! 692: OutputString(&pchResultBuf, OperandBuffer); ! 693: } ! 694: ! 695: // if one line is to be output, append the EAddr string ! 696: ! 697: if (!fTwoLines && pchEABuf != EABuffer) { ! 698: *pchEABuf = '\0'; ! 699: do ! 700: *pchResultBuf++ = ' '; ! 701: while (pchResultBuf < pchDst + OBLINEEND - cbEAddr); ! 702: OutputString(&pchResultBuf, EABuffer); ! 703: } ! 704: ! 705: *pchResultBuf = '\0'; ! 706: return TRUE; ! 707: } ! 708: ! 709: /*...........................internal function..............................*/ ! 710: /* */ ! 711: /* generate a mod/rm string */ ! 712: /* */ ! 713: ! 714: void ! 715: DIdoModrm (PDEBUGPACKET dp, char **ppchBuf, int segOvr, BOOLEAN fEAout) ! 716: { ! 717: int mrm; /* modrm byte */ ! 718: char *src; /* source string */ ! 719: int sib; ! 720: int ss; ! 721: int ind; ! 722: int oldrm; ! 723: ! 724: mrm = *pMem++; /* get the mrm byte from instruction */ ! 725: mod = BIT76(mrm); /* get mod */ ! 726: ttt = BIT53(mrm); /* get reg - used outside routine */ ! 727: rm = BIT20(mrm); /* get rm */ ! 728: ! 729: if (mod == 3) { /* register only mode */ ! 730: src = ®tab[rm * 2]; /* point to 16-bit register */ ! 731: if (EAsize[0] > 1) { ! 732: src += 16; /* point to 16-bit register */ ! 733: if (opsize_32 && !fMovX) ! 734: *(*ppchBuf)++ = 'e'; /* make it a 32-bit register */ ! 735: } ! 736: *(*ppchBuf)++ = *src++; /* copy register name */ ! 737: *(*ppchBuf)++ = *src; ! 738: EAsize[0] = 0; // no EA value to output ! 739: return; ! 740: } ! 741: ! 742: if (mode_32) { /* 32-bit addressing mode */ ! 743: oldrm = rm; ! 744: if (rm == 4) { /* rm == 4 implies sib byte */ ! 745: sib = *pMem++; /* get s_i_b byte */ ! 746: rm = BIT20(sib); /* return base */ ! 747: } ! 748: ! 749: *(*ppchBuf)++ = '['; ! 750: if (mod == 0 && rm == 5) { ! 751: OutputSymbol(dp,ppchBuf, pMem, 4, segOvr); // offset ! 752: pMem += 4; ! 753: } ! 754: else { ! 755: if (fEAout) { ! 756: if (segOvr) { ! 757: EAaddr[0] = GetRegValue(dp, reg32[rm]); ! 758: pchEAseg[0] = distbl[segOvr].instruct; ! 759: } ! 760: else if (reg32[rm] == REGEBP || reg32[rm] == REGESP) { ! 761: EAaddr[0] = GetRegValue(dp, reg32[rm]); ! 762: pchEAseg[0] = dszSS_; ! 763: } ! 764: else ! 765: EAaddr[0] = GetRegValue(dp, reg32[rm]); ! 766: } ! 767: OutputString(ppchBuf, mrmtb32[rm]); ! 768: } ! 769: ! 770: if (oldrm == 4) { // finish processing sib ! 771: ind = BIT53(sib); ! 772: if (ind != 4) { ! 773: *(*ppchBuf)++ = '+'; ! 774: OutputString(ppchBuf, mrmtb32[ind]); ! 775: ss = 1 << BIT76(sib); ! 776: if (ss != 1) { ! 777: *(*ppchBuf)++ = '*'; ! 778: *(*ppchBuf)++ = (char)(ss + '0'); ! 779: } ! 780: if (fEAout) ! 781: EAaddr[0] = GetRegValue(dp, reg32[ind]); ! 782: } ! 783: } ! 784: } ! 785: else { // 16-bit addressing mode ! 786: *(*ppchBuf)++ = '['; ! 787: if (mod == 0 && rm == 6) { ! 788: OutputSymbol(dp,ppchBuf, pMem, 2, segOvr); // 16-bit offset ! 789: pMem += 2; ! 790: } ! 791: else { ! 792: if (fEAout) { ! 793: if (segOvr) { ! 794: EAaddr[0] = GetRegValue(dp, reg16[rm]); ! 795: pchEAseg[0] = distbl[segOvr].instruct; ! 796: } ! 797: else if (reg16[rm] == REGEBP) { ! 798: EAaddr[0] = GetRegValue(dp, reg16[rm]); ! 799: pchEAseg[0] = dszSS_; ! 800: } ! 801: else ! 802: EAaddr[0] = GetRegValue(dp, reg16[rm]); ! 803: if (rm < 4) ! 804: EAaddr[0] += GetRegValue(dp, reg16_2[rm]); ! 805: } ! 806: OutputString(ppchBuf, mrmtb16[rm]); ! 807: } ! 808: } ! 809: ! 810: // output any displacement ! 811: ! 812: if (mod == 1) { ! 813: if (fEAout) ! 814: EAaddr[0] += (ULONG)pMem; ! 815: OutputHexValue(ppchBuf, pMem, 1, TRUE); ! 816: pMem++; ! 817: } ! 818: else if (mod == 2) { ! 819: long tmp = 0; ! 820: if (mode_32) { ! 821: memmove(&tmp,pMem,sizeof(long)); ! 822: if (fEAout) ! 823: EAaddr[0] += (ULONG)tmp; ! 824: OutputHexValue(ppchBuf, pMem, 4, TRUE); ! 825: pMem += 4; ! 826: } ! 827: else { ! 828: memmove(&tmp,pMem,sizeof(short)); ! 829: if (fEAout) ! 830: EAaddr[0] += tmp; ! 831: OutputHexValue(ppchBuf, pMem, 2, TRUE); ! 832: pMem += 2; ! 833: } ! 834: } ! 835: ! 836: if (!mode_32 && fEAout) { ! 837: EAaddr[0] &= 0xffff; ! 838: EAaddr[1] &= 0xffff; ! 839: } ! 840: ! 841: *(*ppchBuf)++ = ']'; ! 842: } ! 843: ! 844: /*** OutputHexValue - output hex value ! 845: * ! 846: * Purpose: ! 847: * Output the value pointed by *ppchBuf of the specified ! 848: * length. The value is treated as signed and leading ! 849: * zeroes are not printed. The string is prefaced by a ! 850: * '+' or '-' sign as appropriate. ! 851: * ! 852: * Input: ! 853: * *ppchBuf - pointer to text buffer to fill ! 854: * *pchMemBuf - pointer to memory buffer to extract value ! 855: * length - length in bytes of value (1, 2, and 4 supported) ! 856: * fDisp - set if displacement to output '+' ! 857: * ! 858: * Output: ! 859: * *ppchBuf - pointer updated to next text character ! 860: * ! 861: *************************************************************************/ ! 862: ! 863: void OutputHexValue (char **ppchBuf, char *pchMemBuf, int length, int fDisp) ! 864: { ! 865: long value; ! 866: int index; ! 867: char digit[8]; ! 868: ! 869: value = 0; ! 870: if (length == 1) ! 871: value = (long)(*(char *)pchMemBuf); ! 872: else if (length == 2) ! 873: memmove(&value,pchMemBuf,2); ! 874: else ! 875: memmove(&value,pchMemBuf,sizeof(long)); ! 876: ! 877: length <<= 1; // shift once to get hex length ! 878: ! 879: if (value != 0 || !fDisp) { ! 880: if (fDisp) ! 881: if (value < 0 && length == 2) { // use neg value for byte ! 882: value = -value; // displacement ! 883: *(*ppchBuf)++ = '-'; ! 884: } ! 885: else ! 886: *(*ppchBuf)++ = '+'; ! 887: ! 888: *(*ppchBuf)++ = '0'; ! 889: *(*ppchBuf)++ = 'x'; ! 890: for (index = length - 1; index != -1; index--) { ! 891: digit[index] = (char)(value & 0xf); ! 892: value >>= 4; ! 893: } ! 894: index = 0; ! 895: while (digit[index] == 0 && index < length - 1) ! 896: index++; ! 897: while (index < length) ! 898: *(*ppchBuf)++ = hexdigit[digit[index++]]; ! 899: } ! 900: } ! 901: ! 902: /*** OutputHexString - output hex string ! 903: * ! 904: * Purpose: ! 905: * Output the value pointed by *ppchMemBuf of the specified ! 906: * length. The value is treated as unsigned and leading ! 907: * zeroes are printed. ! 908: * ! 909: * Input: ! 910: * *ppchBuf - pointer to text buffer to fill ! 911: * *pchValue - pointer to memory buffer to extract value ! 912: * length - length in bytes of value ! 913: * ! 914: * Output: ! 915: * *ppchBuf - pointer updated to next text character ! 916: * *ppchMemBuf - pointer update to next memory byte ! 917: * ! 918: *************************************************************************/ ! 919: ! 920: void ! 921: OutputHexString (char **ppchBuf, char *pchValue, int length) ! 922: { ! 923: unsigned char chMem; ! 924: ! 925: pchValue += length; ! 926: while (length--) { ! 927: chMem = *--pchValue; ! 928: *(*ppchBuf)++ = hexdigit[chMem >> 4]; ! 929: *(*ppchBuf)++ = hexdigit[chMem & 0x0f]; ! 930: } ! 931: } ! 932: ! 933: /*** OutputHexCode - output hex code ! 934: * ! 935: * Purpose: ! 936: * Output the code pointed by pchMemBuf of the specified ! 937: * length. The value is treated as unsigned and leading ! 938: * zeroes are printed. This differs from OutputHexString ! 939: * in that bytes are printed from low to high addresses. ! 940: * ! 941: * Input: ! 942: * *ppchBuf - pointer to text buffer to fill ! 943: * pchMemBuf - pointer to memory buffer to extract value ! 944: * length - length in bytes of value ! 945: * ! 946: * Output: ! 947: * *ppchBuf - pointer updated to next text character ! 948: * ! 949: *************************************************************************/ ! 950: ! 951: void ! 952: OutputHexCode (char **ppchBuf, char *pchMemBuf, int length) ! 953: { ! 954: unsigned char chMem; ! 955: ! 956: while (length--) { ! 957: chMem = *pchMemBuf++; ! 958: *(*ppchBuf)++ = hexdigit[chMem >> 4]; ! 959: *(*ppchBuf)++ = hexdigit[chMem & 0x0f]; ! 960: } ! 961: } ! 962: ! 963: /*** OutputString - output string ! 964: * ! 965: * Purpose: ! 966: * Copy the string into the buffer pointed by *ppBuf. ! 967: * ! 968: * Input: ! 969: * *pStr - pointer to string ! 970: * ! 971: * Output: ! 972: * *ppBuf points to next character in buffer. ! 973: * ! 974: *************************************************************************/ ! 975: ! 976: void ! 977: OutputString (char **ppBuf, char *pStr) ! 978: { ! 979: while (*pStr) ! 980: *(*ppBuf)++ = *pStr++; ! 981: } ! 982: ! 983: /*** OutputSymbol - output symbolic value ! 984: * ! 985: * Purpose: ! 986: * Output the value in outvalue into the buffer ! 987: * pointed by *pBuf. Express the value as a ! 988: * symbol plus displacment, if possible. ! 989: * ! 990: * Input: ! 991: * *ppBuf - pointer to text buffer to fill ! 992: * *pValue - pointer to memory buffer to extract value ! 993: * length - length in bytes of value ! 994: * ! 995: * Output: ! 996: * *ppBuf - pointer updated to next text character ! 997: * ! 998: *************************************************************************/ ! 999: ! 1000: void ! 1001: OutputSymbol (PDEBUGPACKET dp, char **ppBuf, char *pValue, int length, int segOvr) ! 1002: { ! 1003: ULONG displacement; ! 1004: ULONG value; ! 1005: PSYMBOL sym; ! 1006: char *szSymName; ! 1007: ! 1008: value = 0; ! 1009: if (length == 1) ! 1010: value = (long)(*(char *)pValue); ! 1011: else if (length == 2) ! 1012: memmove(&value,pValue,sizeof(short)); ! 1013: else ! 1014: memmove(&value,pValue,sizeof(long)); ! 1015: ! 1016: EAaddr[0] = value; ! 1017: ! 1018: sym = GetSymFromAddrAllContexts( value, &displacement, dp ); ! 1019: if (sym) { ! 1020: szSymName = UnDName( &sym->szName[1] ); ! 1021: OutputString(ppBuf, szSymName); ! 1022: OutputHexValue(ppBuf, (char *)&displacement, length, TRUE); ! 1023: *(*ppBuf)++ = ' '; ! 1024: *(*ppBuf)++ = '('; ! 1025: OutputHexString(ppBuf, pValue, length); ! 1026: *(*ppBuf)++ = ')'; ! 1027: } ! 1028: else ! 1029: OutputHexString(ppBuf, pValue, length); ! 1030: } ! 1031: ! 1032: /*** X86GetNextOffset - compute offset for trace or step ! 1033: * ! 1034: * Purpose: ! 1035: * From a limited disassembly of the instruction pointed ! 1036: * by the FIR register, compute the offset of the next ! 1037: * instruction for either a trace or step operation. ! 1038: * ! 1039: * Input: ! 1040: * fStep - TRUE if step offset returned - FALSE for trace offset ! 1041: * ! 1042: * Returns: ! 1043: * step or trace offset if input is TRUE or FALSE, respectively ! 1044: * -1 returned for trace flag to be used ! 1045: * ! 1046: *************************************************************************/ ! 1047: ! 1048: void ! 1049: GetNextOffset (PDEBUGPACKET dp, PULONG pcaddr, BOOLEAN fStep) ! 1050: { ! 1051: int mode_32; ! 1052: int opsize_32; ! 1053: int cBytes; ! 1054: char membuf[MAXL]; // current instruction buffer ! 1055: ULONG addrReturn; ! 1056: USHORT retAddr[3]; // return address buffer ! 1057: char *pMem; ! 1058: UCHAR opcode; ! 1059: int fPrefix = TRUE; ! 1060: int fRepPrefix = FALSE; ! 1061: int ttt; ! 1062: int rm; ! 1063: ULONG instroffset; ! 1064: ! 1065: // read instruction stream bytes into membuf and set mode and ! 1066: // opcode size flags ! 1067: ! 1068: *pcaddr = GetRegValue(dp,REGEIP); ! 1069: instroffset = *pcaddr; ! 1070: G_mode_32 = TRUE; ! 1071: mode_32 = opsize_32 = (G_mode_32 == 1); /* local addressing mode */ ! 1072: ReadProcessMemory( dp->hProcess, ! 1073: (LPVOID)*pcaddr, ! 1074: (LPVOID)membuf, ! 1075: MAXL, ! 1076: &cBytes ! 1077: ); ! 1078: /* move full inst to local buffer */ ! 1079: pMem = membuf; /* point to begin of instruction */ ! 1080: ! 1081: // read and process any prefixes first ! 1082: ! 1083: do { ! 1084: opcode = (UCHAR)*pMem++; /* get opcode */ ! 1085: if (opcode == 0x66) ! 1086: opsize_32 = !G_mode_32; ! 1087: else if (opcode == 0x67) ! 1088: mode_32 = !G_mode_32; ! 1089: else if ((opcode & ~1) == 0xf2) ! 1090: fRepPrefix = TRUE; ! 1091: else if (opcode != 0xf0 && (opcode & ~0x18) != 0x26 ! 1092: && (opcode & ~1) != 0x64) ! 1093: fPrefix = FALSE; ! 1094: } ! 1095: while (fPrefix); ! 1096: ! 1097: // for instructions that alter the TF (trace flag), return the ! 1098: // offset of the next instruction despite the flag of fStep ! 1099: ! 1100: if (((opcode & ~0x3) == 0x9c)) ! 1101: // 9c-9f, pushf, popf, sahf, lahf ! 1102: ; ! 1103: ! 1104: else if (opcode == 0xcf) { // cf - iret - get RA from stack ! 1105: ! 1106: addrReturn = GetRegValue(dp, REGESP); ! 1107: ReadProcessMemory( dp->hProcess, ! 1108: (LPVOID)addrReturn, ! 1109: (LPVOID)retAddr, ! 1110: sizeof(retAddr), ! 1111: NULL ! 1112: ); ! 1113: ! 1114: *pcaddr = retAddr[2]; ! 1115: return; ! 1116: } ! 1117: ! 1118: // repeated string/port instructions ! 1119: ! 1120: if (opcode == 0xe8) // near direct jump ! 1121: pMem += (1 + opsize_32) * 2; ! 1122: ! 1123: else if (opcode == 0x9a) // far direct jump ! 1124: pMem += (2 + opsize_32) * 2; ! 1125: ! 1126: else if (opcode == 0xcd || ! 1127: (opcode >= 0xe0 && opcode <= 0xe2)) // loop / int nn instrs ! 1128: pMem++; ! 1129: ! 1130: else if (opcode == 0xff) { // indirect call - compute length ! 1131: opcode = *pMem++; // get modRM ! 1132: ttt = BIT53(opcode); ! 1133: if ((ttt & ~1) == 2) { ! 1134: mod = BIT76(opcode); ! 1135: if (mod != 3) { // nonregister operand ! 1136: rm = BIT20(opcode); ! 1137: if (mode_32) { ! 1138: if (rm == 4) ! 1139: rm = BIT20(*pMem++); // get base from SIB ! 1140: if (mod == 0) { ! 1141: if (rm == 5) ! 1142: pMem += 4; // long direct address ! 1143: } // else register ! 1144: else if (mod == 1) ! 1145: pMem++; // register with byte offset ! 1146: else ! 1147: pMem += 4; // register with long offset ! 1148: } ! 1149: else { // 16-bit mode ! 1150: if (mod == 0) { ! 1151: if (rm == 6) ! 1152: pMem += 2; // short direct address ! 1153: } ! 1154: else ! 1155: pMem += mod; // reg, byte, word offset ! 1156: } ! 1157: } ! 1158: } ! 1159: else ! 1160: instroffset = (ULONG)-1; // 0xff, but not call ! 1161: } ! 1162: ! 1163: else if (!((fRepPrefix && ((opcode & ~3) == 0x6c || ! 1164: (opcode & ~3) == 0xa4 || ! 1165: (opcode & ~1) == 0xaa || ! 1166: (opcode & ~3) == 0xac)) || ! 1167: opcode == 0xcc || opcode == 0xce)) ! 1168: instroffset = (ULONG)-1; // not repeated string op ! 1169: // or int 3 / into ! 1170: ! 1171: // if not enough bytes were read for instruction parse, ! 1172: // just give up and trace the instruction ! 1173: ! 1174: if (cBytes < pMem - membuf) ! 1175: instroffset = (ULONG)-1; ! 1176: ! 1177: // if not tracing, compute the new instruction offset ! 1178: ! 1179: if (instroffset != (ULONG)-1) ! 1180: instroffset += pMem - membuf; ! 1181: ! 1182: *pcaddr = instroffset; ! 1183: } ! 1184: ! 1185: void ! 1186: OutputHexAddr (PUCHAR *ppBuffer, ULONG offset) ! 1187: { ! 1188: OutputHexString(ppBuffer, (char *)&offset, sizeof(ULONG)); ! 1189: } ! 1190: ! 1191: USHORT ! 1192: GetSegRegValue (PDEBUGPACKET dp, int segOpcode) ! 1193: { ! 1194: ULONG regnum; ! 1195: ! 1196: switch (segOpcode) { ! 1197: case 0x26: ! 1198: regnum = REGES; ! 1199: break; ! 1200: case 0x2e: ! 1201: regnum = REGCS; ! 1202: break; ! 1203: case 0x36: ! 1204: regnum = REGSS; ! 1205: break; ! 1206: case 0x64: ! 1207: regnum = REGFS; ! 1208: break; ! 1209: case 0x65: ! 1210: regnum = REGGS; ! 1211: break; ! 1212: case 0x3e: ! 1213: default: ! 1214: regnum = REGDS; ! 1215: } ! 1216: ! 1217: return (USHORT)GetRegValue(dp,regnum); ! 1218: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.