|
|
|
@ -5,10 +5,10 @@ XED_REG_ENUM VmOperandSizeToRegEnumBase(VM_OPERAND_SIZE_ENUM OperandSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
switch (OperandSize)
|
|
|
|
switch (OperandSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
case VM_OPSIZE_1: return XED_REG_GPR8_FIRST;
|
|
|
|
case VM_OPSIZE_8: return XED_REG_GPR8_FIRST;
|
|
|
|
case VM_OPSIZE_2: return XED_REG_GPR16_FIRST;
|
|
|
|
case VM_OPSIZE_16: return XED_REG_GPR16_FIRST;
|
|
|
|
case VM_OPSIZE_4: return XED_REG_GPR32_FIRST;
|
|
|
|
case VM_OPSIZE_32: return XED_REG_GPR32_FIRST;
|
|
|
|
case VM_OPSIZE_8: return XED_REG_GPR64_FIRST;
|
|
|
|
case VM_OPSIZE_64: return XED_REG_GPR64_FIRST;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return XED_REG_INVALID;
|
|
|
|
return XED_REG_INVALID;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -38,14 +38,14 @@ XED_REG_ENUM VmIRegToXReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
switch (IReg)
|
|
|
|
switch (IReg)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
case VM_IREG_0: return VmGetRegOfSize(XED_REG_RAX, OperandSize);
|
|
|
|
case VM_IREG_1: return VmGetRegOfSize(XED_REG_RAX, OperandSize);
|
|
|
|
case VM_IREG_1: return VmGetRegOfSize(XED_REG_RBX, OperandSize);
|
|
|
|
case VM_IREG_2: return VmGetRegOfSize(XED_REG_RBX, OperandSize);
|
|
|
|
case VM_IREG_2: return VmGetRegOfSize(XED_REG_RCX, OperandSize);
|
|
|
|
case VM_IREG_3: return VmGetRegOfSize(XED_REG_RCX, OperandSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return XED_REG_INVALID;
|
|
|
|
return XED_REG_INVALID;
|
|
|
|
|
|
|
|
|
|
|
|
//Less portable version.
|
|
|
|
//Less portable version.
|
|
|
|
/*if (OperandSize == VM_OPSIZE_1)
|
|
|
|
/*if (OperandSize == VM_OPSIZE_8)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
return (XED_REG_ENUM)(XED_REG_AL + IReg);
|
|
|
|
return (XED_REG_ENUM)(XED_REG_AL + IReg);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -77,7 +77,7 @@ PUCHAR VmHandlerPrologue(UINT InstructionSize, PUINT OutSize, XED_REG_ENUM Vip,
|
|
|
|
return XedEncodeInstructions(InstList, 3, OutSize);
|
|
|
|
return XedEncodeInstructions(InstList, 3, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
PUCHAR VmHandlerIRegLoadMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
@ -88,10 +88,14 @@ PUCHAR VmHandlerIRegLoadMem_B(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSiz
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[3];
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[3];
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0,0), 64));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0,0), 64));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemB(XED_REG_R8, OpSizeBits));
|
|
|
|
if (Load)
|
|
|
|
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemB(XED_REG_R8, OpSizeBits));
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemB(XED_REG_R8, OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
|
|
|
|
|
|
|
|
return XedEncodeInstructions(InstList, 3, OutSize);
|
|
|
|
return XedEncodeInstructions(InstList, 3, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PUCHAR VmHandlerIRegLoadMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
@ -104,83 +108,79 @@ PUCHAR VmHandlerIRegLoadMem_BO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSi
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 32));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 32));
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
if (Load)
|
|
|
|
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
return XedEncodeInstructions(InstList, 4, OutSize);
|
|
|
|
return XedEncodeInstructions(InstList, 4, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PUCHAR VmHandlerIRegLoadMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegMem_BIS(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* mov r8, qword ptr[rbp+r8*8]
|
|
|
|
* mov r8, qword ptr[rbp+r8*8]
|
|
|
|
* movzx r9, byte ptr[rdx+3]
|
|
|
|
* movzx r9, byte ptr[rdx+3]
|
|
|
|
* mov r9, qword ptr[rbp+r9*8]
|
|
|
|
|
|
|
|
* movzx r10, byte ptr[rdx+4] ;load scale value(unsigned)
|
|
|
|
* movzx r10, byte ptr[rdx+4] ;load scale value(unsigned)
|
|
|
|
* imul r9,r10
|
|
|
|
* imul r10, qword ptr[rbp+r9*8]
|
|
|
|
* mov (ireg), (size) ptr[r8+r9]
|
|
|
|
* mov (ireg), (size) ptr[r8+r10]
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[7];
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[6];
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8));
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R9), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8));
|
|
|
|
XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8));
|
|
|
|
XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R10), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10));
|
|
|
|
if (Load)
|
|
|
|
XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
return XedEncodeInstructions(InstList, 7, OutSize);
|
|
|
|
else
|
|
|
|
|
|
|
|
XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
|
|
|
|
return XedEncodeInstructions(InstList, 6, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PUCHAR VmHandlerIRegLoadMem_BISO(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegMem_BISD(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* movzx r8, byte ptr[rdx+2]
|
|
|
|
* movzx r8, byte ptr[rdx+2]
|
|
|
|
* mov r8, qword ptr[rbp+r8*8]
|
|
|
|
* mov r8, qword ptr[rbp+r8*8]
|
|
|
|
* movzx r9, byte ptr[rdx+3]
|
|
|
|
* movzx r9, byte ptr[rdx+3]
|
|
|
|
* mov r9, qword ptr[rbp+r9*8]
|
|
|
|
|
|
|
|
* movzx r10, byte ptr[rdx+4] ;load scale value(unsigned)
|
|
|
|
* movzx r10, byte ptr[rdx+4] ;load scale value(unsigned)
|
|
|
|
* imul r9, r10
|
|
|
|
* imul r10, qword ptr[rbp+r9*8]
|
|
|
|
* movsxd r10, dword ptr[rdx+5] ;load immediate displacement
|
|
|
|
* movsxd r9, dword ptr[rdx+5] ;load immediate displacement
|
|
|
|
* add r9, r10 ;add immediate displacement
|
|
|
|
* add r10, r9 ;add immediate displacement
|
|
|
|
* mov (ireg), (size) ptr[r8+r9]
|
|
|
|
* mov (ireg), (size) ptr[r8+r10]
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[9];
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[8];
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R8), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8));
|
|
|
|
XedInst2(&InstList[2], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(3, 8), 8));
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOV, 64, XedReg(XED_REG_R9), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[3], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8));
|
|
|
|
XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_MOVSX, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(4, 8), 8));
|
|
|
|
XedInst2(&InstList[4], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R10), XedMemBISD(XED_REG_RBP, XED_REG_R9, 8, XedDisp(0, 0), 64));
|
|
|
|
XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_IMUL, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10));
|
|
|
|
XedInst2(&InstList[5], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R9), XedMemBD(XED_REG_RDX, XedDisp(5, 8), 32));
|
|
|
|
XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_MOVSXD, 64, XedReg(XED_REG_R10), XedMemBD(XED_REG_RDX, XedDisp(5, 8), 32));
|
|
|
|
XedInst2(&InstList[6], XedGlobalMachineState, XED_ICLASS_ADD, 64, XedReg(XED_REG_R10), XedReg(XED_REG_R9));
|
|
|
|
XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_ADD, 64, XedReg(XED_REG_R9), XedReg(XED_REG_R10));
|
|
|
|
if (Load)
|
|
|
|
XedInst2(&InstList[8], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R9, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits));
|
|
|
|
return XedEncodeInstructions(InstList, 9, OutSize);
|
|
|
|
else
|
|
|
|
}
|
|
|
|
XedInst2(&InstList[7], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_R8, XED_REG_R10, 1, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
PUCHAR VmHandlerIRegLoadReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
|
|
|
|
* mov (ireg), (size) ptr[rbp+r8*8]
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
return XedEncodeInstructions(InstList, 8, OutSize);
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[2];
|
|
|
|
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits));
|
|
|
|
|
|
|
|
return XedEncodeInstructions(InstList, 2, OutSize);
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PUCHAR VmHandlerIRegStoreReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegReg(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, BOOL Load, PUINT OutSize)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* movzx r8,byte ptr[rdx+2]
|
|
|
|
* mov (size) ptr[rbp+r8*8], (ireg)
|
|
|
|
* mov (ireg), (size) ptr[rbp+r8*8]
|
|
|
|
*/
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
UINT OpSizeBits = VmOpSizeToBits(OperandSize);
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[2];
|
|
|
|
XED_ENCODER_INSTRUCTION InstList[2];
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOVZX, 64, XedReg(XED_REG_R8), XedMemBD(XED_REG_RDX, XedDisp(2, 8), 8));
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
if (Load)
|
|
|
|
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits));
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
XedInst2(&InstList[1], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedMemBISD(XED_REG_RBP, XED_REG_R8, 8, XedDisp(0, 0), OpSizeBits), XedReg(VmIRegToXReg(IReg, OperandSize)));
|
|
|
|
return XedEncodeInstructions(InstList, 2, OutSize);
|
|
|
|
return XedEncodeInstructions(InstList, 2, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
@ -194,3 +194,48 @@ PUCHAR VmHandlerIRegLoadImm(VM_IREG_ENUM IReg, VM_OPERAND_SIZE_ENUM OperandSize,
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBD(XED_REG_RDX, XedDisp(2, 8), OpSizeBits));
|
|
|
|
XedInst2(&InstList[0], XedGlobalMachineState, XED_ICLASS_MOV, OpSizeBits, XedReg(VmIRegToXReg(IReg, OperandSize)), XedMemBD(XED_REG_RDX, XedDisp(2, 8), OpSizeBits));
|
|
|
|
return XedEncodeInstructions(InstList, 1, OutSize);
|
|
|
|
return XedEncodeInstructions(InstList, 1, OutSize);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PUCHAR VmHandlerEncode1(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
XedInst1(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize)));
|
|
|
|
|
|
|
|
return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
PUCHAR VmHandlerEncode2(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, PUINT OutSize)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
XedInst2(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize1), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize1)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize2)));
|
|
|
|
|
|
|
|
return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
PUCHAR VmHandlerEncode3(XED_ICLASS_ENUM IClass, VM_OPERAND_SIZE_ENUM OperandSize1, VM_OPERAND_SIZE_ENUM OperandSize2, VM_OPERAND_SIZE_ENUM OperandSize3, PUINT OutSize)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
XedInst3(&InstList, XedGlobalMachineState, IClass, VmOpSizeToBits(OperandSize1), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize1)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize2)), XedReg(VmIRegToXReg(VM_IREG_3, OperandSize3)));
|
|
|
|
|
|
|
|
return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//
|
|
|
|
|
|
|
|
//PUCHAR VmHandlerMov(VM_OPERAND_SIZE_ENUM OperandSize, PUINT OutSize)
|
|
|
|
|
|
|
|
//{
|
|
|
|
|
|
|
|
// XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOV, VmOpSizeToBits(OperandSize), XedReg(VmIRegToXReg(VM_IREG_1, OperandSize)), XedReg(VmIRegToXReg(VM_IREG_2, OperandSize)));
|
|
|
|
|
|
|
|
// return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
//}
|
|
|
|
|
|
|
|
//PUCHAR VmHandlerMovsx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize)
|
|
|
|
|
|
|
|
//{
|
|
|
|
|
|
|
|
// XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVSX, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize)));
|
|
|
|
|
|
|
|
// return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
//}
|
|
|
|
|
|
|
|
//PUCHAR VmHandlerMovsxd(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize)
|
|
|
|
|
|
|
|
//{
|
|
|
|
|
|
|
|
// XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVSXD, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize)));
|
|
|
|
|
|
|
|
// return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
//}
|
|
|
|
|
|
|
|
//PUCHAR VmHandlerMovzx(VM_OPERAND_SIZE_ENUM NewOpSize, VM_OPERAND_SIZE_ENUM OriginalOpSize, PUINT OutSize)
|
|
|
|
|
|
|
|
//{
|
|
|
|
|
|
|
|
// XED_ENCODER_INSTRUCTION InstList;
|
|
|
|
|
|
|
|
// XedInst2(&InstList, XedGlobalMachineState, XED_ICLASS_MOVZX, VmOpSizeToBits(NewOpSize), XedReg(VmIRegToXReg(VM_IREG_1, NewOpSize)), XedReg(VmIRegToXReg(VM_IREG_2, OriginalOpSize)));
|
|
|
|
|
|
|
|
// return XedEncodeInstructions(&InstList, 1, OutSize);
|
|
|
|
|
|
|
|
//}
|
