diff options
| -rw-r--r-- | 3p/sst/x86.c | 194 | ||||
| -rw-r--r-- | 3p/sst/x86.h | 1140 | ||||
| -rw-r--r-- | LICENSE | 26 | ||||
| -rw-r--r-- | Makefile | 34 | ||||
| -rw-r--r-- | README | 14 | ||||
| -rw-r--r-- | api.c | 166 | ||||
| -rw-r--r-- | api.h | 204 | ||||
| -rw-r--r-- | compile_flags.txt | 18 | ||||
| -rw-r--r-- | hook.c | 216 | ||||
| -rw-r--r-- | hook.h | 18 | ||||
| -rw-r--r-- | intdef.h | 54 | ||||
| -rw-r--r-- | log.h | 50 | ||||
| -rw-r--r-- | main.c | 140 | ||||
| -rw-r--r-- | os.h | 50 |
14 files changed, 1162 insertions, 1162 deletions
diff --git a/3p/sst/x86.c b/3p/sst/x86.c index 2bd59a6..6f69dcf 100644 --- a/3p/sst/x86.c +++ b/3p/sst/x86.c @@ -1,97 +1,97 @@ -/*
- * Copyright © 2024 Michael Smith <mikesmiffy128@gmail.com>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "../../intdef.h"
-#include "x86.h"
-
-static int mrmsib(const u8 *p, int addrlen) {
- // I won't lie: I thought I almost understood this, but after Bill walked me
- // through correcting a bunch of wrong cases I now realise that I don't
- // really understand it at all. If it helps, I used this as a reference:
- // https://github.com/Nomade040/length-disassembler/blob/e8b34546/ldisasm.cpp#L14
- // But it's confusingly-written enough that the code I wrote before didn't
- // work, so with any luck nobody will need to refer to it again and this is
- // actually correct now. Fingers crossed.
- if (addrlen == 4 || *p & 0xC0) {
- int sib = addrlen == 4 && *p < 0xC0 && (*p & 7) == 4;
- switch (*p & 0xC0) {
- // disp8
- case 0x40: return 2 + sib;
- // disp16/32
- case 0:
- if ((*p & 7) != 5) {
- // disp8/32 via SIB
- if (sib && (p[1] & 7) == 5) return *p & 0x40 ? 3 : 6;
- return 1 + sib;
- }
- case 0x80: return 1 + addrlen + sib;
- }
- }
- if (addrlen == 2 && (*p & 0xC7) == 0x06) return 3;
- return 1; // note: include the mrm itself in the byte count
-}
-
-int x86_len(const void *insn_) {
-#define CASES(name, _) case name:
- const u8 *insn = insn_;
- int pfxlen = 0, addrlen = 4, operandlen = 4;
-
-p: switch (*insn) {
- case X86_PFX_ADSZ: addrlen = 2; goto P; // bit dumb sorry
- case X86_PFX_OPSZ: operandlen = 2;
-P: X86_SEG_PREFIXES(CASES)
- case X86_PFX_LOCK: case X86_PFX_REPN: case X86_PFX_REP:
- // instruction can only be 15 bytes. this could go over, oh well,
- // just don't want to loop for 8 million years
- if (++pfxlen == 14) return -1;
- ++insn;
- goto p;
- }
-
- switch (*insn) {
- X86_OPS_1BYTE_NO(CASES) return pfxlen + 1;
- X86_OPS_1BYTE_I8(CASES) operandlen = 1;
- X86_OPS_1BYTE_IW(CASES) return pfxlen + 1 + operandlen;
- X86_OPS_1BYTE_IWI(CASES) return pfxlen + 1 + addrlen;
- X86_OPS_1BYTE_I16(CASES) return pfxlen + 3;
- X86_OPS_1BYTE_MRM(CASES) return pfxlen + 1 + mrmsib(insn + 1, addrlen);
- X86_OPS_1BYTE_MRM_I8(CASES) operandlen = 1;
- X86_OPS_1BYTE_MRM_IW(CASES)
- return pfxlen + 1 + operandlen + mrmsib(insn + 1, addrlen);
- case X86_ENTER: return pfxlen + 4;
- case X86_CRAZY8: operandlen = 1;
- case X86_CRAZYW:
- if ((insn[1] & 0x38) >= 0x10) operandlen = 0;
- return pfxlen + 1 + operandlen + mrmsib(insn + 1, addrlen);
- case X86_2BYTE: ++insn; goto b2;
- }
- return -1;
-
-b2: switch (*insn) {
- // we don't support any 3 byte ops for now, implement if ever needed...
- case X86_3BYTE1: case X86_3BYTE2: case X86_3DNOW: return -1;
- X86_OPS_2BYTE_NO(CASES) return pfxlen + 2;
- X86_OPS_2BYTE_IW(CASES) return pfxlen + 2 + operandlen;
- X86_OPS_2BYTE_MRM(CASES) return pfxlen + 2 + mrmsib(insn + 1, addrlen);
- X86_OPS_2BYTE_MRM_I8(CASES) operandlen = 1;
- return pfxlen + 2 + operandlen + mrmsib(insn + 1, addrlen);
- }
-
- return -1;
-#undef CASES
-}
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+/* + * Copyright © 2024 Michael Smith <mikesmiffy128@gmail.com> + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#include "../../intdef.h" +#include "x86.h" + +static int mrmsib(const u8 *p, int addrlen) { + // I won't lie: I thought I almost understood this, but after Bill walked me + // through correcting a bunch of wrong cases I now realise that I don't + // really understand it at all. If it helps, I used this as a reference: + // https://github.com/Nomade040/length-disassembler/blob/e8b34546/ldisasm.cpp#L14 + // But it's confusingly-written enough that the code I wrote before didn't + // work, so with any luck nobody will need to refer to it again and this is + // actually correct now. Fingers crossed. + if (addrlen == 4 || *p & 0xC0) { + int sib = addrlen == 4 && *p < 0xC0 && (*p & 7) == 4; + switch (*p & 0xC0) { + // disp8 + case 0x40: return 2 + sib; + // disp16/32 + case 0: + if ((*p & 7) != 5) { + // disp8/32 via SIB + if (sib && (p[1] & 7) == 5) return *p & 0x40 ? 3 : 6; + return 1 + sib; + } + case 0x80: return 1 + addrlen + sib; + } + } + if (addrlen == 2 && (*p & 0xC7) == 0x06) return 3; + return 1; // note: include the mrm itself in the byte count +} + +int x86_len(const void *insn_) { +#define CASES(name, _) case name: + const u8 *insn = insn_; + int pfxlen = 0, addrlen = 4, operandlen = 4; + +p: switch (*insn) { + case X86_PFX_ADSZ: addrlen = 2; goto P; // bit dumb sorry + case X86_PFX_OPSZ: operandlen = 2; +P: X86_SEG_PREFIXES(CASES) + case X86_PFX_LOCK: case X86_PFX_REPN: case X86_PFX_REP: + // instruction can only be 15 bytes. this could go over, oh well, + // just don't want to loop for 8 million years + if (++pfxlen == 14) return -1; + ++insn; + goto p; + } + + switch (*insn) { + X86_OPS_1BYTE_NO(CASES) return pfxlen + 1; + X86_OPS_1BYTE_I8(CASES) operandlen = 1; + X86_OPS_1BYTE_IW(CASES) return pfxlen + 1 + operandlen; + X86_OPS_1BYTE_IWI(CASES) return pfxlen + 1 + addrlen; + X86_OPS_1BYTE_I16(CASES) return pfxlen + 3; + X86_OPS_1BYTE_MRM(CASES) return pfxlen + 1 + mrmsib(insn + 1, addrlen); + X86_OPS_1BYTE_MRM_I8(CASES) operandlen = 1; + X86_OPS_1BYTE_MRM_IW(CASES) + return pfxlen + 1 + operandlen + mrmsib(insn + 1, addrlen); + case X86_ENTER: return pfxlen + 4; + case X86_CRAZY8: operandlen = 1; + case X86_CRAZYW: + if ((insn[1] & 0x38) >= 0x10) operandlen = 0; + return pfxlen + 1 + operandlen + mrmsib(insn + 1, addrlen); + case X86_2BYTE: ++insn; goto b2; + } + return -1; + +b2: switch (*insn) { + // we don't support any 3 byte ops for now, implement if ever needed... + case X86_3BYTE1: case X86_3BYTE2: case X86_3DNOW: return -1; + X86_OPS_2BYTE_NO(CASES) return pfxlen + 2; + X86_OPS_2BYTE_IW(CASES) return pfxlen + 2 + operandlen; + X86_OPS_2BYTE_MRM(CASES) return pfxlen + 2 + mrmsib(insn + 1, addrlen); + X86_OPS_2BYTE_MRM_I8(CASES) operandlen = 1; + return pfxlen + 2 + operandlen + mrmsib(insn + 1, addrlen); + } + + return -1; +#undef CASES +} + +// vi: sw=4 ts=4 noet tw=80 cc=80 diff --git a/3p/sst/x86.h b/3p/sst/x86.h index 414e197..b4df9c8 100644 --- a/3p/sst/x86.h +++ b/3p/sst/x86.h @@ -1,570 +1,570 @@ -/*
- * Copyright © 2024 Michael Smith <mikesmiffy128@gmail.com>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef INC_X86_H
-#define INC_X86_H
-
-/*
- * Opcode-based X86 instruction analysis. In other words, *NOT* a disassembler.
- * Only cares about the instructions we expect to see in basic 32-bit userspace
- * functions; there's no kernel-mode instructions, no SSE 3+, no AVX, no REX,
- * EVEX, yadda yadda.
- */
-
-// XXX: no BOUND (0x62): ambiguous with EVEX prefix - can't be arsed!
-// XXX: no LES (0xC4) or DES (0xC5) either for similar reasons. better to report
-// an unknown instruction than to potentially misinterpret an AVX thing.
-// these are all legacy instructions that won't really be used much anyway.
-
-/* Instruction prefixes: segments */
-#define X86_SEG_PREFIXES(X) \
- X(X86_PFX_ES, 0x26) \
- X(X86_PFX_CS, 0x2E) \
- X(X86_PFX_SS, 0x36) \
- X(X86_PFX_DS, 0x3E) \
- X(X86_PFX_FS, 0x64) \
- X(X86_PFX_GS, 0x65)
-
-/* Instruction prefixes: operations */
-#define X86_OP_PREFIXES(X) \
- X(X86_PFX_OPSZ, 0x66) \
- X(X86_PFX_ADSZ, 0x67) \
- X(X86_PFX_LOCK, 0xF0) \
- X(X86_PFX_REPN, 0xF2) \
- X(X86_PFX_REP, 0xF3)
-
-/* All instruction prefixes */
-#define X86_PREFIXES(X) X86_SEG_PREFIXES(X) X86_OP_PREFIXES(X)
-
-/* Single-byte opcodes with no operands */
-#define X86_OPS_1BYTE_NO(X) \
- X(X86_PUSHES, 0x06) \
- X(X86_POPES, 0x07) \
- X(X86_PUSHCS, 0x0E) \
- X(X86_PUSHSS, 0x16) \
- X(X86_POPSS, 0x17) \
- X(X86_PUSHDS, 0x1E) \
- X(X86_POPDS, 0x1F) \
- X(X86_DAA, 0x27) \
- X(X86_DAS, 0x2F) \
- X(X86_AAA, 0x37) \
- X(X86_AAS, 0x3F) \
- X(X86_INCEAX, 0x40) \
- X(X86_INCECX, 0x41) \
- X(X86_INCEDX, 0x42) \
- X(X86_INCEBX, 0x43) \
- X(X86_INCESP, 0x44) \
- X(X86_INCEBP, 0x45) \
- X(X86_INCESI, 0x46) \
- X(X86_INCEDI, 0x47) \
- X(X86_DECEAX, 0x48) \
- X(X86_DECECX, 0x49) \
- X(X86_DECEDX, 0x4A) \
- X(X86_DECEBX, 0x4B) \
- X(X86_DECESP, 0x4C) \
- X(X86_DECEBP, 0x4D) \
- X(X86_DECESI, 0x4E) \
- X(X86_DECEDI, 0x4F) \
- X(X86_PUSHEAX, 0x50) \
- X(X86_PUSHECX, 0x51) \
- X(X86_PUSHEDX, 0x52) \
- X(X86_PUSHEBX, 0x53) \
- X(X86_PUSHESP, 0x54) \
- X(X86_PUSHEBP, 0x55) \
- X(X86_PUSHESI, 0x56) \
- X(X86_PUSHEDI, 0x57) \
- X(X86_POPEAX, 0x58) \
- X(X86_POPECX, 0x59) \
- X(X86_POPEDX, 0x5A) \
- X(X86_POPEBX, 0x5B) \
- X(X86_POPESP, 0x5C) \
- X(X86_POPEBP, 0x5D) \
- X(X86_POPESI, 0x5E) \
- X(X86_POPEDI, 0x5F) \
- X(X86_PUSHA, 0x60) \
- X(X86_POPA, 0x61) \
- X(X86_NOP, 0x90) \
- X(X86_XCHGECXEAX, 0x91) \
- X(X86_XCHGEDXEAX, 0x92) \
- X(X86_XCHGEBXEAX, 0x93) \
- X(X86_XCHGESPEAX, 0x94) \
- X(X86_XCHGEBPEAX, 0x95) \
- X(X86_XCHGESIEAX, 0x96) \
- X(X86_XCHGEDIEAX, 0x97) \
- X(X86_CWDE, 0x98) \
- X(X86_CDQ, 0x99) \
- X(X86_WAIT, 0x9B) \
- X(X86_PUSHF, 0x9C) \
- X(X86_POPF, 0x9D) \
- X(X86_SAHF, 0x9E) \
- X(X86_LAHF, 0x9F) \
- X(X86_MOVS8, 0xA4) \
- X(X86_MOVSW, 0xA5) \
- X(X86_CMPS8, 0xA6) \
- X(X86_CMPSW, 0xA7) \
- X(X86_STOS8, 0xAA) \
- X(X86_STOSD, 0xAB) \
- X(X86_LODS8, 0xAC) \
- X(X86_LODSD, 0xAD) \
- X(X86_SCAS8, 0xAE) \
- X(X86_SCASD, 0xAF) \
- X(X86_RET, 0xC3) \
- X(X86_LEAVE, 0xC9) \
- X(X86_RETF, 0xCB) \
- X(X86_INT3, 0xCC) \
- X(X86_INTO, 0xCE) \
- X(X86_XLAT, 0xD7) \
- X(X86_CMC, 0xF5) \
- X(X86_CLC, 0xF8) \
- X(X86_STC, 0xF9) \
- X(X86_CLI, 0xFA) \
- X(X86_STI, 0xFB) \
- X(X86_CLD, 0xFC) \
- X(X86_STD, 0xFD)
-
-/* Single-byte opcodes with a 1-byte immediate operand */
-#define X86_OPS_1BYTE_I8(X) \
- X(X86_ADDALI, 0x04) \
- X(X86_ORALI, 0x0C) \
- X(X86_ADCALI, 0x14) \
- X(X86_SBBALI, 0x1C) \
- X(X86_ANDALI, 0x24) \
- X(X86_SUBALI, 0x2C) \
- X(X86_XORALI, 0x34) \
- X(X86_CMPALI, 0x3C) \
- X(X86_PUSHI8, 0x6A) \
- X(X86_TESTALI, 0xA8) \
- X(X86_JO, 0x70) \
- X(X86_JNO, 0x71) \
- X(X86_JB, 0x72) /* AKA JC */ \
- X(X86_JNB, 0x73) /* AKA JNC */ \
- X(X86_JZ, 0x74) /* AKA JE */ \
- X(X86_JNZ, 0x75) /* AKA JNZ */ \
- X(X86_JNA, 0x76) /* AKA JBE */ \
- X(X86_JA, 0x77) /* AKA JNBE */ \
- X(X86_JS, 0x78) \
- X(X86_JNS, 0x79) \
- X(X86_JP, 0x7A) \
- X(X86_JNP, 0x7B) \
- X(X86_JL, 0x7C) /* AKA JNGE */ \
- X(X86_JNL, 0x7D) /* AKA JGE */ \
- X(X86_JNG, 0x7E) /* AKA JLE */ \
- X(X86_JG, 0x7F) /* AKA JNLE */ \
- X(X86_MOVALI, 0xB0) \
- X(X86_MOVCLI, 0xB1) \
- X(X86_MOVDLI, 0xB2) \
- X(X86_MOVBLI, 0xB3) \
- X(X86_MOVAHI, 0xB4) \
- X(X86_MOVCHI, 0xB5) \
- X(X86_MOVDHI, 0xB6) \
- X(X86_MOVBHI, 0xB7) \
- X(X86_INT, 0xCD) \
- X(X86_AMX, 0xD4) /* Note: D4 0A is referred to as AAM */ \
- X(X86_ADX, 0xD5) /* Note: D4 0A is referred to as AAD */ \
- X(X86_LOOPNZ, 0xE0) /* AKA LOOPNE */ \
- X(X86_LOOPZ, 0xE1) /* AKA LOOPE */ \
- X(X86_LOOP, 0xE2) \
- X(X86_JCXZ, 0xE3) \
- X(X86_JMPI8, 0xEB)
-
-/* Single-byte opcodes with a word-sized immediate operand */
-#define X86_OPS_1BYTE_IW(X) \
- X(X86_ADDEAXI, 0x05) \
- X(X86_OREAXI, 0x0D) \
- X(X86_ADCEAXI, 0x15) \
- X(X86_SBBEAXI, 0x1D) \
- X(X86_ANDEAXI, 0x25) \
- X(X86_SUBEAXI, 0x2D) \
- X(X86_XOREAXI, 0x35) \
- X(X86_CMPEAXI, 0x3D) \
- X(X86_PUSHIW, 0x68) \
- X(X86_TESTEAXI, 0xA9) \
- X(X86_MOVEAXI, 0xB8) \
- X(X86_MOVECXI, 0xB9) \
- X(X86_MOVEDXI, 0xBA) \
- X(X86_MOVEBXI, 0xBB) \
- X(X86_MOVESPI, 0xBC) \
- X(X86_MOVEBPI, 0xBD) \
- X(X86_MOVESII, 0xBE) \
- X(X86_MOVEDII, 0xBF) \
- X(X86_CALL, 0xE8) \
- X(X86_JMPIW, 0xE9)
-
-/* Single-byte opcodes with a word-sized immediate operand (indirect) */
-#define X86_OPS_1BYTE_IWI(X) \
- X(X86_MOVALII, 0xA0) /* From offset (indirect) */ \
- X(X86_MOVEAXII, 0xA1) /* From offset (indirect) */ \
- X(X86_MOVIIAL, 0xA2) /* To offset (indirect) */ \
- X(X86_MOVIIEAX, 0xA3) /* To offset (indirect) */ \
-
-/* Single-byte opcodes with 16-bit immediate operands, regardless of prefixes */
-#define X86_OPS_1BYTE_I16(X) \
- X(X86_RETI16, 0xC2) \
- X(X86_RETFI16, 0xCA)
-
-/*
- * Single-byte opcodes with a ModRM. `MR` in a name means the ModRM is the
- * destination, `RM` means it's the source.
- */
-#define X86_OPS_1BYTE_MRM(X) \
- X(X86_ADDMR8, 0x00) \
- X(X86_ADDMRW, 0x01) \
- X(X86_ADDRM8, 0x02) \
- X(X86_ADDRMW, 0x03) \
- X(X86_ORMR8, 0x08) \
- X(X86_ORMRW, 0x09) \
- X(X86_ORRM8, 0x0A) \
- X(X86_ORRMW, 0x0B) \
- X(X86_ADCMR8, 0x10) \
- X(X86_ADCMRW, 0x11) \
- X(X86_ADCRM8, 0x12) \
- X(X86_ADCRMW, 0x13) \
- X(X86_SBBMR8, 0x18) \
- X(X86_SBBMRW, 0x19) \
- X(X86_SBBRM8, 0x1A) \
- X(X86_SBBRMW, 0x1B) \
- X(X86_ANDMR8, 0x20) \
- X(X86_ANDMRW, 0x21) \
- X(X86_ANDRM8, 0x22) \
- X(X86_ANDRMW, 0x23) \
- X(X86_SUBMR8, 0x28) \
- X(X86_SUBMRW, 0x29) \
- X(X86_SUBRM8, 0x2A) \
- X(X86_SUBRMW, 0x2B) \
- X(X86_XORMR8, 0x30) \
- X(X86_XORMRW, 0x31) \
- X(X86_XORRM8, 0x32) \
- X(X86_XORRMW, 0x33) \
- X(X86_CMPMR8, 0x38) \
- X(X86_CMPMRW, 0x39) \
- X(X86_CMPRM8, 0x3A) \
- X(X86_CMPRMW, 0x3B) \
- X(X86_ARPL, 0x63) \
- X(X86_TESTMR8, 0x84) \
- X(X86_TESTMRW, 0x85) \
- X(X86_XCHGMR8, 0x86) \
- X(X86_XCHGMRW, 0x87) \
- X(X86_MOVMR8, 0x88) \
- X(X86_MOVMRW, 0x89) \
- X(X86_MOVRM8, 0x8A) \
- X(X86_MOVRMW, 0x8B) \
- X(X86_MOVMS, 0x8C) /* Load 4 bytes from segment register */ \
- X(X86_LEA, 0x8D) \
- X(X86_MOVSM, 0x8E) /* Store 4 bytes to segment register */ \
- X(X86_POPM, 0x8F) \
- X(X86_SHIFTM18, 0xD0) /* Shift/roll by 1 place */ \
- X(X86_SHIFTM1W, 0xD1) /* Shift/roll by 1 place */ \
- X(X86_SHIFTMCL8, 0xD2) /* Shift/roll by CL places */ \
- X(X86_SHIFTMCLW, 0xD3) /* Shift/roll by CL places */ \
- X(X86_FLTBLK1, 0xD8) /* Various float ops (1/8) */ \
- X(X86_FLTBLK2, 0xD9) /* Various float ops (2/8) */ \
- X(X86_FLTBLK3, 0xDA) /* Various float ops (3/8) */ \
- X(X86_FLTBLK4, 0xDB) /* Various float ops (4/8) */ \
- X(X86_FLTBLK5, 0xDC) /* Various float ops (5/8) */ \
- X(X86_FLTBLK6, 0xDD) /* Various float ops (6/8) */ \
- X(X86_FLTBLK7, 0xDE) /* Various float ops (7/8) */ \
- X(X86_FLTBLK8, 0xDF) /* Various float ops (8/8) */ \
- X(X86_MISCM8, 0xFE) /* Only documented for MRM.reg in {0, 1} */ \
- X(X86_MISCMW, 0xFF)
-
-/* Single-byte opcodes with a ModRM and a 1-byte immediate operand */
-#define X86_OPS_1BYTE_MRM_I8(X) \
- X(X86_IMULMI8, 0x6B) /* 3-operand multiply */ \
- X(X86_ALUMI8, 0x80) /* ALU op in MRM.reg, from immediate */ \
- X(X86_ALUMI8X, 0x82) /* ALU op in MRM.reg, from immediate, redundant?? */ \
- X(X86_ALUMI8S, 0x83) /* ALU op in MRM.reg, from immediate, sign-extend */ \
- X(X86_SHIFTMI8, 0xC0) /* Shift/roll by imm8 places */ \
- X(X86_SHIFTMIW, 0xC1) /* Shift/roll by imm8 places */ \
- X(X86_MOVMI8, 0xC6) /* Note: RM.reg must be 0 */
-
-/* Single-byte opcodes with a ModRM and a word-sized immediate operand */
-#define X86_OPS_1BYTE_MRM_IW(X) \
- X(X86_IMULMIW, 0x69) /* 3-operand multiply */ \
- X(X86_ALUMIW, 0x81) /* ALU op in MRM.reg, from immediate */ \
- X(X86_MOVMIW, 0xC7) /* Note: MRM.reg must be 0 */
-
-/* All single-byte x86 instructions */
-#define X86_OPS_1BYTE(X) \
- X86_OPS_1BYTE_NO(X) \
- X86_OPS_1BYTE_I8(X) \
- X86_OPS_1BYTE_IW(X) \
- X86_OPS_1BYTE_IWI(X) \
- X86_OPS_1BYTE_I16(X) \
- X86_OPS_1BYTE_MRM(X) \
- X86_OPS_1BYTE_MRM_I8(X) \
- X86_OPS_1BYTE_MRM_IW(X) \
- X(X86_ENTER, 0xC8) /* Dumb special case insn: imm16 followed by imm8 */ \
- X(X86_CRAZY8, 0xF6) /* CRAZY reg-encoded block, has imm8 IFF reg < 2 */ \
- X(X86_CRAZYW, 0xF7) /* CRAZY reg-encoded block, has imm32/16 IFF reg < 2 */
-
-/* Second bytes of opcodes with no operands */
-#define X86_OPS_2BYTE_NO(X) \
- X(X86_2B_RDTSC, 0x31) \
- X(X86_2B_RDPMD, 0x33) \
- X(X86_2B_SYSENTER, 0x34) \
- X(X86_2B_PUSHFS, 0xA0) \
- X(X86_2B_POPFS, 0xA1) \
- X(X86_2B_CPUID, 0xA2) \
- X(X86_2B_PUSHGS, 0xA8) \
- X(X86_2B_POPGS, 0xA9) \
- X(X86_2B_RSM, 0xAA) \
- X(X86_2B_BSWAPEAX, 0xC8) \
- X(X86_2B_BSWAPECX, 0xC9) \
- X(X86_2B_BSWAPEDX, 0xCA) \
- X(X86_2B_BSWAPEBX, 0xCB) \
- X(X86_2B_BSWAPESP, 0xCC) \
- X(X86_2B_BSWAPEBP, 0xCD) \
- X(X86_2B_BSWAPESI, 0xCE) \
- X(X86_2B_BSWAPEDI, 0xCF) \
- /* MMX instruction */ \
- X(X86_2B_EMMS, 0x77)
-
-/* Second bytes of opcodes with a word-sized immediate operand */
-#define X86_OPS_2BYTE_IW(X) \
- X(X86_2B_JOII, 0x80) /* From offset (indirect) */ \
- X(X86_2B_JNOII, 0x81) /* From offset (indirect) */ \
- X(X86_2B_JBII, 0x82) /* AKA JC; from offset (indirect) */ \
- X(X86_2B_JNBII, 0x83) /* AKA JNC; from offset (indirect) */ \
- X(X86_2B_JZII, 0x84) /* AKA JE; from offset (indirect) */ \
- X(X86_2B_JNZII, 0x85) /* AKA JNZ; from offset (indirect) */ \
- X(X86_2B_JNAII, 0x86) /* AKA JBE; from offset (indirect) */ \
- X(X86_2B_JAII, 0x87) /* AKA JNBE; from offset (indirect) */ \
- X(X86_2B_JSII, 0x88) /* From offset (indirect) */ \
- X(X86_2B_JNSII, 0x89) /* From offset (indirect) */ \
- X(X86_2B_JPII, 0x8A) /* From offset (indirect) */ \
- X(X86_2B_JNPII, 0x8B) /* From offset (indirect) */ \
- X(X86_2B_JLII, 0x8C) /* AKA JNGE; from offset (indirect) */ \
- X(X86_2B_JNLII, 0x8D) /* AKA JGE; from offset (indirect) */ \
- X(X86_2B_JNGII, 0x8E) /* AKA JLE; from offset (indirect) */ \
- X(X86_2B_JGII, 0x8F) /* AKA JNLE; from offset (indirect) */
-
-/* Second bytes of opcodes with a ModRM */
-#define X86_OPS_2BYTE_MRM(X) \
- X(X86_2B_NOP, 0x0D) /* Variable length NOP (3-9 with prefix) */ \
- X(X86_2B_HINTS1, 0x18) /* Prefetch and hint-nop block 1/8 */ \
- X(X86_2B_HINTS2, 0x19) /* Prefetch and hint-nop block 2/8 */ \
- X(X86_2B_HINTS3, 0x1A) /* Prefetch and hint-nop block 3/8 */ \
- X(X86_2B_HINTS4, 0x1B) /* Prefetch and hint-nop block 4/8 */ \
- X(X86_2B_HINTS5, 0x1C) /* Prefetch and hint-nop block 5/8 */ \
- X(X86_2B_HINTS6, 0x1D) /* Prefetch and hint-nop block 6/8 */ \
- X(X86_2B_HINTS7, 0x1E) /* Prefetch and hint-nop block 7/8 */ \
- X(X86_2B_HINTS8, 0x1F) /* Prefetch and hint-nop block 8/8 */ \
- X(X86_2B_CMOVO, 0x40) \
- X(X86_2B_CMOVNO, 0x41) \
- X(X86_2B_CMOVB, 0x42) /* AKA CMOVC */ \
- X(X86_2B_CMOVNB, 0x43) /* AKA CMOVNC */ \
- X(X86_2B_CMOVZ, 0x44) /* AKA CMOVE */ \
- X(X86_2B_CMOVNZ, 0x45) /* AKA CMOVNE */ \
- X(X86_2B_CMOVNA, 0x46) /* AKA CMOVBE */ \
- X(X86_2B_CMOVA, 0x47) /* AKA CMOVNBE */ \
- X(X86_2B_CMOVS, 0x48) \
- X(X86_2B_CMOVNS, 0x49) \
- X(X86_2B_CMOVP, 0x4A) \
- X(X86_2B_CMOVNP, 0x4B) \
- X(X86_2B_CMOVL, 0x4C) /* AKA CMOVNGE */ \
- X(X86_2B_CMOVNL, 0x4D) /* AKA CMOVGE */ \
- X(X86_2B_CMOVNG, 0x4E) /* AKA CMOVLE */ \
- X(X86_2B_CMOVG, 0x4F) /* AKA CMOVNLE */ \
- X(X86_2B_SETO, 0x90) \
- X(X86_2B_SETNO, 0x91) \
- X(X86_2B_SETB, 0x92) /* AKA SETC */ \
- X(X86_2B_SETNB, 0x93) /* AKA SETNC */ \
- X(X86_2B_SETZ, 0x94) /* AKA SETE */ \
- X(X86_2B_SETNZ, 0x95) /* AKA SETNZ */ \
- X(X86_2B_SETNA, 0x96) /* AKA SETBE */ \
- X(X86_2B_SETA, 0x97) /* AKA SETNBE */ \
- X(X86_2B_SETS, 0x98) \
- X(X86_2B_SETNS, 0x99) \
- X(X86_2B_SETP, 0x9A) \
- X(X86_2B_SETNP, 0x9B) \
- X(X86_2B_SETL, 0x9C) /* AKA SETNGE */ \
- X(X86_2B_SETNL, 0x9D) /* AKA SETGE */ \
- X(X86_2B_SETNG, 0x9E) /* AKA SETLE */ \
- X(X86_2B_SETG, 0x9F) /* AKA SETNLE */ \
- X(X86_2B_BTMR, 0xA3) \
- X(X86_2B_SHLDMRCL, 0xA5) \
- X(X86_2B_BTS, 0xAB) \
- X(X86_2B_SHRDMRCL, 0xAD) \
- X(X86_2B_MISC, 0xAE) /* Float env stuff, memory fences */ \
- X(X86_2B_IMUL, 0xAF) \
- X(X86_2B_CMPXCHG8, 0xB0) \
- X(X86_2B_CMPXCHGW, 0xB1) \
- X(X86_2B_MOVZX8, 0xB6) \
- X(X86_2B_MOVZXW, 0xB7) \
- X(X86_2B_POPCNT, 0xB8) \
- X(X86_2B_BTCRM, 0xBB) \
- X(X86_2B_BSF, 0xBC) \
- X(X86_2B_BSR, 0xBD) \
- X(X86_2B_MOVSX8, 0xBE) \
- X(X86_2B_MOVSXW, 0xBF) \
- X(X86_2B_XADDRM8, 0xC0) \
- X(X86_2B_XADDRMW, 0xC1) \
- /* NOTE: this one is actually a block with some VMX stuff too; it's only
- CMPXCHG64 (CMPXCHG8B if you prefer) if MRM.reg = 1, but naming it this
- way seemed more useful since it's what you'll see in normal userspace
- programs, which is what we're interested in. */ \
- X(X86_2B_CMPXCHG64, 0xC7) \
- /* -- MMX/SSE1/SSE2 instructions -- */ \
- /* XXX: some of the naming here isn't totally perfect */ \
- X(X86_2B_MOVRM128, 0x10) /* MOVUPS/MOVSS/MOVUPD/MOVD via prefix */ \
- X(X86_2B_MOVMR128, 0x11) /* MOVUPS/MOVSS/MOVUPD/MOVD via prefix */ \
- X(X86_2B_MOVLRM, 0x12) /* MOV(H)LPS/MOVLPD/MOVDDUP/MOVSLDUP */ \
- X(X86_2B_MOVLMR, 0x13) /* MOVLP{S,D} */ \
- X(X86_2B_UNPCKL, 0x14) /* UNPCKLP{S,D} */ \
- X(X86_2B_UNPCKH, 0x15) /* UNPCKHPS/UNPCKHPD */ \
- X(X86_2B_MOVHRM, 0x16) /* MOV(L)HPS/MOVHPD/MOVSHDUP */ \
- X(X86_2B_MOVHMR, 0x17) /* MOVHPS/MOVHPD */ \
- X(X86_2B_MOVARM, 0x28) /* MOVAP{S,D} via prefix */ \
- X(X86_2B_MOVAMR, 0x29) /* MOVAP{S,D} */ \
- X(X86_2B_CVTIF64, 0x2A) /* CVTxI2x{S,D} */ \
- X(X86_2B_MOVNT, 0x2B) /* MOVNTP{S,D} */ \
- X(X86_2B_CVTFT64, 0x2C) /* CVTTx{S,D}2xI */ \
- X(X86_2B_CVTFI64, 0x2D) /* CVTx{S,D}2xI */ \
- X(X86_2B_UCOMI, 0x2E) /* UCOMIS{S,D} */ \
- X(X86_2B_COMI, 0x2F) /* COMIS{S,D} */ \
- X(X86_2B_MOVMSK, 0x50) /* MOVMSDKP{S,D} */ \
- X(X86_2B_SQRT, 0x51) /* SQRT{P,S}{S,D} */ \
- X(X86_2B_RSQRT, 0x52) /* RSQRT{P,S}{S,D} */ \
- X(X86_2B_RCP, 0x53) /* RCP{P,S}S */ \
- X(X86_2B_AND, 0x54) /* ANDP{S,D} */ \
- X(X86_2B_ANDN, 0x55) /* ANDNP{S,D} */ \
- X(X86_2B_OR, 0x56) /* ORP{S,D} */ \
- X(X86_2B_XOR, 0x57) /* XORP{S,D} */ \
- X(X86_2B_ADD, 0x58) /* ADD{P,S}{S,D} */ \
- X(X86_2B_MUL, 0x59) /* MUL{P,S}{S,D} */ \
- X(X86_2B_CVTFF128, 0x5A) /* CVTxS2xD/CVTxS2xS */ \
- X(X86_2B_CVTFI128, 0x5B) /* CVTDQ2PS/CVTPS2DQ/CVTTPS2DQ */ \
- X(X86_2B_SUB, 0x5C) /* SUB{P,S}{S,D} */ \
- X(X86_2B_DIV, 0x5D) /* DIV{P,S}{S,D} */ \
- X(X86_2B_MIN, 0x5E) /* MIN{P,S}{S,D} */ \
- X(X86_2B_MAX, 0x5F) /* MAX{P,S}{S,D} */ \
- X(X86_2B_PUNPCKLBW, 0x60) \
- X(X86_2B_PUNPCKLBD, 0x61) \
- X(X86_2B_PUNPCKLDQ, 0x62) \
- X(X86_2B_PACKSSWB, 0x63) \
- X(X86_2B_PCMPGTB, 0x64) \
- X(X86_2B_PCMPGTW, 0x65) \
- X(X86_2B_PCMPGTD, 0x66) \
- X(X86_2B_PACKUSWB, 0x67) \
- X(X86_2B_PUNPCKHBW, 0x68) \
- X(X86_2B_PUNPCKHWD, 0x69) \
- X(X86_2B_PUNPCKHDQ, 0x6A) \
- X(X86_2B_PACKSSDW, 0x6B) \
- X(X86_2B_PUNPCKLQDQ, 0x6C) \
- X(X86_2B_PUNPCKHQDQ, 0x6D) \
- X(X86_2B_MOVDRM, 0x6E) \
- X(X86_2B_MOVQRM, 0x6F) /* MOVQ/MOVDQA/MOVDQU */ \
- X(X86_2B_PCMPEQB, 0x74) \
- X(X86_2B_PCMPEQW, 0x75) \
- X(X86_2B_PCMPEQD, 0x76) \
- X(X86_2B_MOVDMR, 0x7E) \
- X(X86_2B_MOVQMR, 0x7F) \
- X(X86_2B_MOVNTI, 0xC3) \
- X(X86_2B_ADDSUB, 0xD0) /* ADDSUBP{S,D} */ \
- X(X86_2B_PSRLW, 0xD1) \
- X(X86_2B_PSRLD, 0xD2) \
- X(X86_2B_PSRLQ, 0xD3) \
- X(X86_2B_PADDQ, 0xD4) \
- X(X86_2B_PMULLW, 0xD5) \
- X(X86_2B_MOVQRR, 0xD6) /* MOVQ(m,r)/MOVQ2DQ/MOVQ2DQ based on prefix */ \
- X(X86_2B_PMOVMSKB, 0xD7) /* MOVQ2DQ/MOVDQ2Q */ \
- X(X86_2B_PSUBUSB, 0xD8) \
- X(X86_2B_PSUBUSW, 0xD9) \
- X(X86_2B_PMINUB, 0xDA) \
- X(X86_2B_PAND, 0xDB) \
- X(X86_2B_PADDUSB, 0xDC) \
- X(X86_2B_PADDUSW, 0xDD) \
- X(X86_2B_PMAXUB, 0xDE) \
- X(X86_2B_PANDN, 0xDF) \
- X(X86_2B_PAVGB, 0xE0) \
- X(X86_2B_PSRAW, 0xE1) \
- X(X86_2B_PSRAD, 0xE2) \
- X(X86_2B_PAVGW, 0xE3) \
- X(X86_2B_PMULHUW, 0xE4) \
- X(X86_2B_PMULHW, 0xE5) \
- X(X86_2B_CVTQ, 0xE6) /* CVTPD2DQ/CVTTPD2DQ/CVTDQ2PD */ \
- X(X86_2B_MOVNTQ, 0xE7) \
- X(X86_2B_PSUBSB, 0xE8) \
- X(X86_2B_PSUBSW, 0xE9) \
- X(X86_2B_PMINSB, 0xEA) \
- X(X86_2B_PMINSW, 0xEB) \
- X(X86_2B_PADDSB, 0xEC) \
- X(X86_2B_PADDSW, 0xED) \
- X(X86_2B_PMAXSW, 0xEE) \
- X(X86_2B_PXOR, 0xEF) \
- X(X86_2B_LDDQU, 0xF0) \
- X(X86_2B_PSLLW, 0xF1) \
- X(X86_2B_PSLLD, 0xF2) \
- X(X86_2B_PSLLQ, 0xF3) \
- X(X86_2B_PMULUDQ, 0xF4) \
- X(X86_2B_PMADDWD, 0xF5) \
- X(X86_2B_PSABDW, 0xF6) \
- X(X86_2B_MASKMOVQ, 0xF7) \
- X(X86_2B_PSUBB, 0xF8) \
- X(X86_2B_PSUBW, 0xF9) \
- X(X86_2B_PSUBD, 0xFA) \
- X(X86_2B_PSUBQ, 0xFB) \
- X(X86_2B_PADDB, 0xFC) \
- X(X86_2B_PADDW, 0xFD) \
- X(X86_2B_PADDD, 0xFE)
-
-/* Second bytes of opcodes with a ModRM and a 1-byte immediate operand */
-#define X86_OPS_2BYTE_MRM_I8(X) \
- X(X86_2B_SHLDMRI, 0xA4) \
- X(X86_2B_SHRDMRI, 0xAC) \
- X(X86_2B_BTXMI, 0xBA) /* BT/BTS/BTR/BTC depending on MRM.reg (4-7) */ \
- /* -- MMX/SSE1/SSE2 instructions -- */ \
- X(X86_2B_PSHUF, 0x70) /* PSHUFW/PSHUFLW/PSHUFHW/PSHUFD via MRM.reg */ \
- X(X86_2B_PSWI, 0x71) /* PSRLW/PSRAW/PSLLW via MRM.reg */ \
- X(X86_2B_PSDI, 0x72) /* PSRLD/PSRAD/PSLLD via MRM.reg */ \
- X(X86_2B_PSQI, 0x73) /* PSRLQ/PSRAQ/PSLLQ via MRM.reg */ \
- X(X86_2B_CMPSI, 0xC2) /* CMP{P,S}{S,D} via prefix */ \
- X(X86_2B_PINSRW, 0xC4) \
- X(X86_2B_PEXTRW, 0xC5) \
- X(X86_2B_SHUF, 0xC6) /* SHUFP{S,D} */ \
-
-#define X86_OPS_2BYTE(X) \
- X86_OPS_2BYTE_NO(X) \
- X86_OPS_2BYTE_IW(X) \
- X86_OPS_2BYTE_MRM(X) \
- X86_OPS_2BYTE_MRM_I8(X)
-
-#define _X86_ENUM(name, value) name = value,
-enum {
- X86_PREFIXES(_X86_ENUM)
- X86_OPS_1BYTE(_X86_ENUM)
- X86_2BYTE = 0x0F, /* First byte of a 2- or 3-byte opcode */
- X86_OPS_2BYTE(_X86_ENUM)
- X86_3BYTE1 = 0x38, /* One of the two second bytes of a three-byte opcode */
- X86_3BYTE2 = 0x3A, /* The other second byte of a three-byte opcode */
- X86_3DNOW = 0x0F /* The second byte of a three-byte 3DNow! opcode */
-};
-#undef _X86_ENUM
-
-/*
- * Returns the length of an instruction, or -1 if it's a "known unknown" or
- * invalid instruction. Doesn't handle unknown unknowns: may explode or hang on
- * arbitrary untrusted data. Also doesn't handle, among other things, 3DNow!,
- * SSE, MMX, AVX, and such. Aims to be small and fast rather than comprehensive.
- */
-int x86_len(const void *insn);
-
-/* Constructs a ModRM byte, assuming the parameters are all in range. */
-#define X86_MODRM(mod, reg, rm) (unsigned char)((mod) << 6 | (reg) << 3 | rm)
-
-#endif
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+/* + * Copyright © 2024 Michael Smith <mikesmiffy128@gmail.com> + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef INC_X86_H +#define INC_X86_H + +/* + * Opcode-based X86 instruction analysis. In other words, *NOT* a disassembler. + * Only cares about the instructions we expect to see in basic 32-bit userspace + * functions; there's no kernel-mode instructions, no SSE 3+, no AVX, no REX, + * EVEX, yadda yadda. + */ + +// XXX: no BOUND (0x62): ambiguous with EVEX prefix - can't be arsed! +// XXX: no LES (0xC4) or DES (0xC5) either for similar reasons. better to report +// an unknown instruction than to potentially misinterpret an AVX thing. +// these are all legacy instructions that won't really be used much anyway. + +/* Instruction prefixes: segments */ +#define X86_SEG_PREFIXES(X) \ + X(X86_PFX_ES, 0x26) \ + X(X86_PFX_CS, 0x2E) \ + X(X86_PFX_SS, 0x36) \ + X(X86_PFX_DS, 0x3E) \ + X(X86_PFX_FS, 0x64) \ + X(X86_PFX_GS, 0x65) + +/* Instruction prefixes: operations */ +#define X86_OP_PREFIXES(X) \ + X(X86_PFX_OPSZ, 0x66) \ + X(X86_PFX_ADSZ, 0x67) \ + X(X86_PFX_LOCK, 0xF0) \ + X(X86_PFX_REPN, 0xF2) \ + X(X86_PFX_REP, 0xF3) + +/* All instruction prefixes */ +#define X86_PREFIXES(X) X86_SEG_PREFIXES(X) X86_OP_PREFIXES(X) + +/* Single-byte opcodes with no operands */ +#define X86_OPS_1BYTE_NO(X) \ + X(X86_PUSHES, 0x06) \ + X(X86_POPES, 0x07) \ + X(X86_PUSHCS, 0x0E) \ + X(X86_PUSHSS, 0x16) \ + X(X86_POPSS, 0x17) \ + X(X86_PUSHDS, 0x1E) \ + X(X86_POPDS, 0x1F) \ + X(X86_DAA, 0x27) \ + X(X86_DAS, 0x2F) \ + X(X86_AAA, 0x37) \ + X(X86_AAS, 0x3F) \ + X(X86_INCEAX, 0x40) \ + X(X86_INCECX, 0x41) \ + X(X86_INCEDX, 0x42) \ + X(X86_INCEBX, 0x43) \ + X(X86_INCESP, 0x44) \ + X(X86_INCEBP, 0x45) \ + X(X86_INCESI, 0x46) \ + X(X86_INCEDI, 0x47) \ + X(X86_DECEAX, 0x48) \ + X(X86_DECECX, 0x49) \ + X(X86_DECEDX, 0x4A) \ + X(X86_DECEBX, 0x4B) \ + X(X86_DECESP, 0x4C) \ + X(X86_DECEBP, 0x4D) \ + X(X86_DECESI, 0x4E) \ + X(X86_DECEDI, 0x4F) \ + X(X86_PUSHEAX, 0x50) \ + X(X86_PUSHECX, 0x51) \ + X(X86_PUSHEDX, 0x52) \ + X(X86_PUSHEBX, 0x53) \ + X(X86_PUSHESP, 0x54) \ + X(X86_PUSHEBP, 0x55) \ + X(X86_PUSHESI, 0x56) \ + X(X86_PUSHEDI, 0x57) \ + X(X86_POPEAX, 0x58) \ + X(X86_POPECX, 0x59) \ + X(X86_POPEDX, 0x5A) \ + X(X86_POPEBX, 0x5B) \ + X(X86_POPESP, 0x5C) \ + X(X86_POPEBP, 0x5D) \ + X(X86_POPESI, 0x5E) \ + X(X86_POPEDI, 0x5F) \ + X(X86_PUSHA, 0x60) \ + X(X86_POPA, 0x61) \ + X(X86_NOP, 0x90) \ + X(X86_XCHGECXEAX, 0x91) \ + X(X86_XCHGEDXEAX, 0x92) \ + X(X86_XCHGEBXEAX, 0x93) \ + X(X86_XCHGESPEAX, 0x94) \ + X(X86_XCHGEBPEAX, 0x95) \ + X(X86_XCHGESIEAX, 0x96) \ + X(X86_XCHGEDIEAX, 0x97) \ + X(X86_CWDE, 0x98) \ + X(X86_CDQ, 0x99) \ + X(X86_WAIT, 0x9B) \ + X(X86_PUSHF, 0x9C) \ + X(X86_POPF, 0x9D) \ + X(X86_SAHF, 0x9E) \ + X(X86_LAHF, 0x9F) \ + X(X86_MOVS8, 0xA4) \ + X(X86_MOVSW, 0xA5) \ + X(X86_CMPS8, 0xA6) \ + X(X86_CMPSW, 0xA7) \ + X(X86_STOS8, 0xAA) \ + X(X86_STOSD, 0xAB) \ + X(X86_LODS8, 0xAC) \ + X(X86_LODSD, 0xAD) \ + X(X86_SCAS8, 0xAE) \ + X(X86_SCASD, 0xAF) \ + X(X86_RET, 0xC3) \ + X(X86_LEAVE, 0xC9) \ + X(X86_RETF, 0xCB) \ + X(X86_INT3, 0xCC) \ + X(X86_INTO, 0xCE) \ + X(X86_XLAT, 0xD7) \ + X(X86_CMC, 0xF5) \ + X(X86_CLC, 0xF8) \ + X(X86_STC, 0xF9) \ + X(X86_CLI, 0xFA) \ + X(X86_STI, 0xFB) \ + X(X86_CLD, 0xFC) \ + X(X86_STD, 0xFD) + +/* Single-byte opcodes with a 1-byte immediate operand */ +#define X86_OPS_1BYTE_I8(X) \ + X(X86_ADDALI, 0x04) \ + X(X86_ORALI, 0x0C) \ + X(X86_ADCALI, 0x14) \ + X(X86_SBBALI, 0x1C) \ + X(X86_ANDALI, 0x24) \ + X(X86_SUBALI, 0x2C) \ + X(X86_XORALI, 0x34) \ + X(X86_CMPALI, 0x3C) \ + X(X86_PUSHI8, 0x6A) \ + X(X86_TESTALI, 0xA8) \ + X(X86_JO, 0x70) \ + X(X86_JNO, 0x71) \ + X(X86_JB, 0x72) /* AKA JC */ \ + X(X86_JNB, 0x73) /* AKA JNC */ \ + X(X86_JZ, 0x74) /* AKA JE */ \ + X(X86_JNZ, 0x75) /* AKA JNZ */ \ + X(X86_JNA, 0x76) /* AKA JBE */ \ + X(X86_JA, 0x77) /* AKA JNBE */ \ + X(X86_JS, 0x78) \ + X(X86_JNS, 0x79) \ + X(X86_JP, 0x7A) \ + X(X86_JNP, 0x7B) \ + X(X86_JL, 0x7C) /* AKA JNGE */ \ + X(X86_JNL, 0x7D) /* AKA JGE */ \ + X(X86_JNG, 0x7E) /* AKA JLE */ \ + X(X86_JG, 0x7F) /* AKA JNLE */ \ + X(X86_MOVALI, 0xB0) \ + X(X86_MOVCLI, 0xB1) \ + X(X86_MOVDLI, 0xB2) \ + X(X86_MOVBLI, 0xB3) \ + X(X86_MOVAHI, 0xB4) \ + X(X86_MOVCHI, 0xB5) \ + X(X86_MOVDHI, 0xB6) \ + X(X86_MOVBHI, 0xB7) \ + X(X86_INT, 0xCD) \ + X(X86_AMX, 0xD4) /* Note: D4 0A is referred to as AAM */ \ + X(X86_ADX, 0xD5) /* Note: D4 0A is referred to as AAD */ \ + X(X86_LOOPNZ, 0xE0) /* AKA LOOPNE */ \ + X(X86_LOOPZ, 0xE1) /* AKA LOOPE */ \ + X(X86_LOOP, 0xE2) \ + X(X86_JCXZ, 0xE3) \ + X(X86_JMPI8, 0xEB) + +/* Single-byte opcodes with a word-sized immediate operand */ +#define X86_OPS_1BYTE_IW(X) \ + X(X86_ADDEAXI, 0x05) \ + X(X86_OREAXI, 0x0D) \ + X(X86_ADCEAXI, 0x15) \ + X(X86_SBBEAXI, 0x1D) \ + X(X86_ANDEAXI, 0x25) \ + X(X86_SUBEAXI, 0x2D) \ + X(X86_XOREAXI, 0x35) \ + X(X86_CMPEAXI, 0x3D) \ + X(X86_PUSHIW, 0x68) \ + X(X86_TESTEAXI, 0xA9) \ + X(X86_MOVEAXI, 0xB8) \ + X(X86_MOVECXI, 0xB9) \ + X(X86_MOVEDXI, 0xBA) \ + X(X86_MOVEBXI, 0xBB) \ + X(X86_MOVESPI, 0xBC) \ + X(X86_MOVEBPI, 0xBD) \ + X(X86_MOVESII, 0xBE) \ + X(X86_MOVEDII, 0xBF) \ + X(X86_CALL, 0xE8) \ + X(X86_JMPIW, 0xE9) + +/* Single-byte opcodes with a word-sized immediate operand (indirect) */ +#define X86_OPS_1BYTE_IWI(X) \ + X(X86_MOVALII, 0xA0) /* From offset (indirect) */ \ + X(X86_MOVEAXII, 0xA1) /* From offset (indirect) */ \ + X(X86_MOVIIAL, 0xA2) /* To offset (indirect) */ \ + X(X86_MOVIIEAX, 0xA3) /* To offset (indirect) */ \ + +/* Single-byte opcodes with 16-bit immediate operands, regardless of prefixes */ +#define X86_OPS_1BYTE_I16(X) \ + X(X86_RETI16, 0xC2) \ + X(X86_RETFI16, 0xCA) + +/* + * Single-byte opcodes with a ModRM. `MR` in a name means the ModRM is the + * destination, `RM` means it's the source. + */ +#define X86_OPS_1BYTE_MRM(X) \ + X(X86_ADDMR8, 0x00) \ + X(X86_ADDMRW, 0x01) \ + X(X86_ADDRM8, 0x02) \ + X(X86_ADDRMW, 0x03) \ + X(X86_ORMR8, 0x08) \ + X(X86_ORMRW, 0x09) \ + X(X86_ORRM8, 0x0A) \ + X(X86_ORRMW, 0x0B) \ + X(X86_ADCMR8, 0x10) \ + X(X86_ADCMRW, 0x11) \ + X(X86_ADCRM8, 0x12) \ + X(X86_ADCRMW, 0x13) \ + X(X86_SBBMR8, 0x18) \ + X(X86_SBBMRW, 0x19) \ + X(X86_SBBRM8, 0x1A) \ + X(X86_SBBRMW, 0x1B) \ + X(X86_ANDMR8, 0x20) \ + X(X86_ANDMRW, 0x21) \ + X(X86_ANDRM8, 0x22) \ + X(X86_ANDRMW, 0x23) \ + X(X86_SUBMR8, 0x28) \ + X(X86_SUBMRW, 0x29) \ + X(X86_SUBRM8, 0x2A) \ + X(X86_SUBRMW, 0x2B) \ + X(X86_XORMR8, 0x30) \ + X(X86_XORMRW, 0x31) \ + X(X86_XORRM8, 0x32) \ + X(X86_XORRMW, 0x33) \ + X(X86_CMPMR8, 0x38) \ + X(X86_CMPMRW, 0x39) \ + X(X86_CMPRM8, 0x3A) \ + X(X86_CMPRMW, 0x3B) \ + X(X86_ARPL, 0x63) \ + X(X86_TESTMR8, 0x84) \ + X(X86_TESTMRW, 0x85) \ + X(X86_XCHGMR8, 0x86) \ + X(X86_XCHGMRW, 0x87) \ + X(X86_MOVMR8, 0x88) \ + X(X86_MOVMRW, 0x89) \ + X(X86_MOVRM8, 0x8A) \ + X(X86_MOVRMW, 0x8B) \ + X(X86_MOVMS, 0x8C) /* Load 4 bytes from segment register */ \ + X(X86_LEA, 0x8D) \ + X(X86_MOVSM, 0x8E) /* Store 4 bytes to segment register */ \ + X(X86_POPM, 0x8F) \ + X(X86_SHIFTM18, 0xD0) /* Shift/roll by 1 place */ \ + X(X86_SHIFTM1W, 0xD1) /* Shift/roll by 1 place */ \ + X(X86_SHIFTMCL8, 0xD2) /* Shift/roll by CL places */ \ + X(X86_SHIFTMCLW, 0xD3) /* Shift/roll by CL places */ \ + X(X86_FLTBLK1, 0xD8) /* Various float ops (1/8) */ \ + X(X86_FLTBLK2, 0xD9) /* Various float ops (2/8) */ \ + X(X86_FLTBLK3, 0xDA) /* Various float ops (3/8) */ \ + X(X86_FLTBLK4, 0xDB) /* Various float ops (4/8) */ \ + X(X86_FLTBLK5, 0xDC) /* Various float ops (5/8) */ \ + X(X86_FLTBLK6, 0xDD) /* Various float ops (6/8) */ \ + X(X86_FLTBLK7, 0xDE) /* Various float ops (7/8) */ \ + X(X86_FLTBLK8, 0xDF) /* Various float ops (8/8) */ \ + X(X86_MISCM8, 0xFE) /* Only documented for MRM.reg in {0, 1} */ \ + X(X86_MISCMW, 0xFF) + +/* Single-byte opcodes with a ModRM and a 1-byte immediate operand */ +#define X86_OPS_1BYTE_MRM_I8(X) \ + X(X86_IMULMI8, 0x6B) /* 3-operand multiply */ \ + X(X86_ALUMI8, 0x80) /* ALU op in MRM.reg, from immediate */ \ + X(X86_ALUMI8X, 0x82) /* ALU op in MRM.reg, from immediate, redundant?? */ \ + X(X86_ALUMI8S, 0x83) /* ALU op in MRM.reg, from immediate, sign-extend */ \ + X(X86_SHIFTMI8, 0xC0) /* Shift/roll by imm8 places */ \ + X(X86_SHIFTMIW, 0xC1) /* Shift/roll by imm8 places */ \ + X(X86_MOVMI8, 0xC6) /* Note: RM.reg must be 0 */ + +/* Single-byte opcodes with a ModRM and a word-sized immediate operand */ +#define X86_OPS_1BYTE_MRM_IW(X) \ + X(X86_IMULMIW, 0x69) /* 3-operand multiply */ \ + X(X86_ALUMIW, 0x81) /* ALU op in MRM.reg, from immediate */ \ + X(X86_MOVMIW, 0xC7) /* Note: MRM.reg must be 0 */ + +/* All single-byte x86 instructions */ +#define X86_OPS_1BYTE(X) \ + X86_OPS_1BYTE_NO(X) \ + X86_OPS_1BYTE_I8(X) \ + X86_OPS_1BYTE_IW(X) \ + X86_OPS_1BYTE_IWI(X) \ + X86_OPS_1BYTE_I16(X) \ + X86_OPS_1BYTE_MRM(X) \ + X86_OPS_1BYTE_MRM_I8(X) \ + X86_OPS_1BYTE_MRM_IW(X) \ + X(X86_ENTER, 0xC8) /* Dumb special case insn: imm16 followed by imm8 */ \ + X(X86_CRAZY8, 0xF6) /* CRAZY reg-encoded block, has imm8 IFF reg < 2 */ \ + X(X86_CRAZYW, 0xF7) /* CRAZY reg-encoded block, has imm32/16 IFF reg < 2 */ + +/* Second bytes of opcodes with no operands */ +#define X86_OPS_2BYTE_NO(X) \ + X(X86_2B_RDTSC, 0x31) \ + X(X86_2B_RDPMD, 0x33) \ + X(X86_2B_SYSENTER, 0x34) \ + X(X86_2B_PUSHFS, 0xA0) \ + X(X86_2B_POPFS, 0xA1) \ + X(X86_2B_CPUID, 0xA2) \ + X(X86_2B_PUSHGS, 0xA8) \ + X(X86_2B_POPGS, 0xA9) \ + X(X86_2B_RSM, 0xAA) \ + X(X86_2B_BSWAPEAX, 0xC8) \ + X(X86_2B_BSWAPECX, 0xC9) \ + X(X86_2B_BSWAPEDX, 0xCA) \ + X(X86_2B_BSWAPEBX, 0xCB) \ + X(X86_2B_BSWAPESP, 0xCC) \ + X(X86_2B_BSWAPEBP, 0xCD) \ + X(X86_2B_BSWAPESI, 0xCE) \ + X(X86_2B_BSWAPEDI, 0xCF) \ + /* MMX instruction */ \ + X(X86_2B_EMMS, 0x77) + +/* Second bytes of opcodes with a word-sized immediate operand */ +#define X86_OPS_2BYTE_IW(X) \ + X(X86_2B_JOII, 0x80) /* From offset (indirect) */ \ + X(X86_2B_JNOII, 0x81) /* From offset (indirect) */ \ + X(X86_2B_JBII, 0x82) /* AKA JC; from offset (indirect) */ \ + X(X86_2B_JNBII, 0x83) /* AKA JNC; from offset (indirect) */ \ + X(X86_2B_JZII, 0x84) /* AKA JE; from offset (indirect) */ \ + X(X86_2B_JNZII, 0x85) /* AKA JNZ; from offset (indirect) */ \ + X(X86_2B_JNAII, 0x86) /* AKA JBE; from offset (indirect) */ \ + X(X86_2B_JAII, 0x87) /* AKA JNBE; from offset (indirect) */ \ + X(X86_2B_JSII, 0x88) /* From offset (indirect) */ \ + X(X86_2B_JNSII, 0x89) /* From offset (indirect) */ \ + X(X86_2B_JPII, 0x8A) /* From offset (indirect) */ \ + X(X86_2B_JNPII, 0x8B) /* From offset (indirect) */ \ + X(X86_2B_JLII, 0x8C) /* AKA JNGE; from offset (indirect) */ \ + X(X86_2B_JNLII, 0x8D) /* AKA JGE; from offset (indirect) */ \ + X(X86_2B_JNGII, 0x8E) /* AKA JLE; from offset (indirect) */ \ + X(X86_2B_JGII, 0x8F) /* AKA JNLE; from offset (indirect) */ + +/* Second bytes of opcodes with a ModRM */ +#define X86_OPS_2BYTE_MRM(X) \ + X(X86_2B_NOP, 0x0D) /* Variable length NOP (3-9 with prefix) */ \ + X(X86_2B_HINTS1, 0x18) /* Prefetch and hint-nop block 1/8 */ \ + X(X86_2B_HINTS2, 0x19) /* Prefetch and hint-nop block 2/8 */ \ + X(X86_2B_HINTS3, 0x1A) /* Prefetch and hint-nop block 3/8 */ \ + X(X86_2B_HINTS4, 0x1B) /* Prefetch and hint-nop block 4/8 */ \ + X(X86_2B_HINTS5, 0x1C) /* Prefetch and hint-nop block 5/8 */ \ + X(X86_2B_HINTS6, 0x1D) /* Prefetch and hint-nop block 6/8 */ \ + X(X86_2B_HINTS7, 0x1E) /* Prefetch and hint-nop block 7/8 */ \ + X(X86_2B_HINTS8, 0x1F) /* Prefetch and hint-nop block 8/8 */ \ + X(X86_2B_CMOVO, 0x40) \ + X(X86_2B_CMOVNO, 0x41) \ + X(X86_2B_CMOVB, 0x42) /* AKA CMOVC */ \ + X(X86_2B_CMOVNB, 0x43) /* AKA CMOVNC */ \ + X(X86_2B_CMOVZ, 0x44) /* AKA CMOVE */ \ + X(X86_2B_CMOVNZ, 0x45) /* AKA CMOVNE */ \ + X(X86_2B_CMOVNA, 0x46) /* AKA CMOVBE */ \ + X(X86_2B_CMOVA, 0x47) /* AKA CMOVNBE */ \ + X(X86_2B_CMOVS, 0x48) \ + X(X86_2B_CMOVNS, 0x49) \ + X(X86_2B_CMOVP, 0x4A) \ + X(X86_2B_CMOVNP, 0x4B) \ + X(X86_2B_CMOVL, 0x4C) /* AKA CMOVNGE */ \ + X(X86_2B_CMOVNL, 0x4D) /* AKA CMOVGE */ \ + X(X86_2B_CMOVNG, 0x4E) /* AKA CMOVLE */ \ + X(X86_2B_CMOVG, 0x4F) /* AKA CMOVNLE */ \ + X(X86_2B_SETO, 0x90) \ + X(X86_2B_SETNO, 0x91) \ + X(X86_2B_SETB, 0x92) /* AKA SETC */ \ + X(X86_2B_SETNB, 0x93) /* AKA SETNC */ \ + X(X86_2B_SETZ, 0x94) /* AKA SETE */ \ + X(X86_2B_SETNZ, 0x95) /* AKA SETNZ */ \ + X(X86_2B_SETNA, 0x96) /* AKA SETBE */ \ + X(X86_2B_SETA, 0x97) /* AKA SETNBE */ \ + X(X86_2B_SETS, 0x98) \ + X(X86_2B_SETNS, 0x99) \ + X(X86_2B_SETP, 0x9A) \ + X(X86_2B_SETNP, 0x9B) \ + X(X86_2B_SETL, 0x9C) /* AKA SETNGE */ \ + X(X86_2B_SETNL, 0x9D) /* AKA SETGE */ \ + X(X86_2B_SETNG, 0x9E) /* AKA SETLE */ \ + X(X86_2B_SETG, 0x9F) /* AKA SETNLE */ \ + X(X86_2B_BTMR, 0xA3) \ + X(X86_2B_SHLDMRCL, 0xA5) \ + X(X86_2B_BTS, 0xAB) \ + X(X86_2B_SHRDMRCL, 0xAD) \ + X(X86_2B_MISC, 0xAE) /* Float env stuff, memory fences */ \ + X(X86_2B_IMUL, 0xAF) \ + X(X86_2B_CMPXCHG8, 0xB0) \ + X(X86_2B_CMPXCHGW, 0xB1) \ + X(X86_2B_MOVZX8, 0xB6) \ + X(X86_2B_MOVZXW, 0xB7) \ + X(X86_2B_POPCNT, 0xB8) \ + X(X86_2B_BTCRM, 0xBB) \ + X(X86_2B_BSF, 0xBC) \ + X(X86_2B_BSR, 0xBD) \ + X(X86_2B_MOVSX8, 0xBE) \ + X(X86_2B_MOVSXW, 0xBF) \ + X(X86_2B_XADDRM8, 0xC0) \ + X(X86_2B_XADDRMW, 0xC1) \ + /* NOTE: this one is actually a block with some VMX stuff too; it's only + CMPXCHG64 (CMPXCHG8B if you prefer) if MRM.reg = 1, but naming it this + way seemed more useful since it's what you'll see in normal userspace + programs, which is what we're interested in. */ \ + X(X86_2B_CMPXCHG64, 0xC7) \ + /* -- MMX/SSE1/SSE2 instructions -- */ \ + /* XXX: some of the naming here isn't totally perfect */ \ + X(X86_2B_MOVRM128, 0x10) /* MOVUPS/MOVSS/MOVUPD/MOVD via prefix */ \ + X(X86_2B_MOVMR128, 0x11) /* MOVUPS/MOVSS/MOVUPD/MOVD via prefix */ \ + X(X86_2B_MOVLRM, 0x12) /* MOV(H)LPS/MOVLPD/MOVDDUP/MOVSLDUP */ \ + X(X86_2B_MOVLMR, 0x13) /* MOVLP{S,D} */ \ + X(X86_2B_UNPCKL, 0x14) /* UNPCKLP{S,D} */ \ + X(X86_2B_UNPCKH, 0x15) /* UNPCKHPS/UNPCKHPD */ \ + X(X86_2B_MOVHRM, 0x16) /* MOV(L)HPS/MOVHPD/MOVSHDUP */ \ + X(X86_2B_MOVHMR, 0x17) /* MOVHPS/MOVHPD */ \ + X(X86_2B_MOVARM, 0x28) /* MOVAP{S,D} via prefix */ \ + X(X86_2B_MOVAMR, 0x29) /* MOVAP{S,D} */ \ + X(X86_2B_CVTIF64, 0x2A) /* CVTxI2x{S,D} */ \ + X(X86_2B_MOVNT, 0x2B) /* MOVNTP{S,D} */ \ + X(X86_2B_CVTFT64, 0x2C) /* CVTTx{S,D}2xI */ \ + X(X86_2B_CVTFI64, 0x2D) /* CVTx{S,D}2xI */ \ + X(X86_2B_UCOMI, 0x2E) /* UCOMIS{S,D} */ \ + X(X86_2B_COMI, 0x2F) /* COMIS{S,D} */ \ + X(X86_2B_MOVMSK, 0x50) /* MOVMSDKP{S,D} */ \ + X(X86_2B_SQRT, 0x51) /* SQRT{P,S}{S,D} */ \ + X(X86_2B_RSQRT, 0x52) /* RSQRT{P,S}{S,D} */ \ + X(X86_2B_RCP, 0x53) /* RCP{P,S}S */ \ + X(X86_2B_AND, 0x54) /* ANDP{S,D} */ \ + X(X86_2B_ANDN, 0x55) /* ANDNP{S,D} */ \ + X(X86_2B_OR, 0x56) /* ORP{S,D} */ \ + X(X86_2B_XOR, 0x57) /* XORP{S,D} */ \ + X(X86_2B_ADD, 0x58) /* ADD{P,S}{S,D} */ \ + X(X86_2B_MUL, 0x59) /* MUL{P,S}{S,D} */ \ + X(X86_2B_CVTFF128, 0x5A) /* CVTxS2xD/CVTxS2xS */ \ + X(X86_2B_CVTFI128, 0x5B) /* CVTDQ2PS/CVTPS2DQ/CVTTPS2DQ */ \ + X(X86_2B_SUB, 0x5C) /* SUB{P,S}{S,D} */ \ + X(X86_2B_DIV, 0x5D) /* DIV{P,S}{S,D} */ \ + X(X86_2B_MIN, 0x5E) /* MIN{P,S}{S,D} */ \ + X(X86_2B_MAX, 0x5F) /* MAX{P,S}{S,D} */ \ + X(X86_2B_PUNPCKLBW, 0x60) \ + X(X86_2B_PUNPCKLBD, 0x61) \ + X(X86_2B_PUNPCKLDQ, 0x62) \ + X(X86_2B_PACKSSWB, 0x63) \ + X(X86_2B_PCMPGTB, 0x64) \ + X(X86_2B_PCMPGTW, 0x65) \ + X(X86_2B_PCMPGTD, 0x66) \ + X(X86_2B_PACKUSWB, 0x67) \ + X(X86_2B_PUNPCKHBW, 0x68) \ + X(X86_2B_PUNPCKHWD, 0x69) \ + X(X86_2B_PUNPCKHDQ, 0x6A) \ + X(X86_2B_PACKSSDW, 0x6B) \ + X(X86_2B_PUNPCKLQDQ, 0x6C) \ + X(X86_2B_PUNPCKHQDQ, 0x6D) \ + X(X86_2B_MOVDRM, 0x6E) \ + X(X86_2B_MOVQRM, 0x6F) /* MOVQ/MOVDQA/MOVDQU */ \ + X(X86_2B_PCMPEQB, 0x74) \ + X(X86_2B_PCMPEQW, 0x75) \ + X(X86_2B_PCMPEQD, 0x76) \ + X(X86_2B_MOVDMR, 0x7E) \ + X(X86_2B_MOVQMR, 0x7F) \ + X(X86_2B_MOVNTI, 0xC3) \ + X(X86_2B_ADDSUB, 0xD0) /* ADDSUBP{S,D} */ \ + X(X86_2B_PSRLW, 0xD1) \ + X(X86_2B_PSRLD, 0xD2) \ + X(X86_2B_PSRLQ, 0xD3) \ + X(X86_2B_PADDQ, 0xD4) \ + X(X86_2B_PMULLW, 0xD5) \ + X(X86_2B_MOVQRR, 0xD6) /* MOVQ(m,r)/MOVQ2DQ/MOVQ2DQ based on prefix */ \ + X(X86_2B_PMOVMSKB, 0xD7) /* MOVQ2DQ/MOVDQ2Q */ \ + X(X86_2B_PSUBUSB, 0xD8) \ + X(X86_2B_PSUBUSW, 0xD9) \ + X(X86_2B_PMINUB, 0xDA) \ + X(X86_2B_PAND, 0xDB) \ + X(X86_2B_PADDUSB, 0xDC) \ + X(X86_2B_PADDUSW, 0xDD) \ + X(X86_2B_PMAXUB, 0xDE) \ + X(X86_2B_PANDN, 0xDF) \ + X(X86_2B_PAVGB, 0xE0) \ + X(X86_2B_PSRAW, 0xE1) \ + X(X86_2B_PSRAD, 0xE2) \ + X(X86_2B_PAVGW, 0xE3) \ + X(X86_2B_PMULHUW, 0xE4) \ + X(X86_2B_PMULHW, 0xE5) \ + X(X86_2B_CVTQ, 0xE6) /* CVTPD2DQ/CVTTPD2DQ/CVTDQ2PD */ \ + X(X86_2B_MOVNTQ, 0xE7) \ + X(X86_2B_PSUBSB, 0xE8) \ + X(X86_2B_PSUBSW, 0xE9) \ + X(X86_2B_PMINSB, 0xEA) \ + X(X86_2B_PMINSW, 0xEB) \ + X(X86_2B_PADDSB, 0xEC) \ + X(X86_2B_PADDSW, 0xED) \ + X(X86_2B_PMAXSW, 0xEE) \ + X(X86_2B_PXOR, 0xEF) \ + X(X86_2B_LDDQU, 0xF0) \ + X(X86_2B_PSLLW, 0xF1) \ + X(X86_2B_PSLLD, 0xF2) \ + X(X86_2B_PSLLQ, 0xF3) \ + X(X86_2B_PMULUDQ, 0xF4) \ + X(X86_2B_PMADDWD, 0xF5) \ + X(X86_2B_PSABDW, 0xF6) \ + X(X86_2B_MASKMOVQ, 0xF7) \ + X(X86_2B_PSUBB, 0xF8) \ + X(X86_2B_PSUBW, 0xF9) \ + X(X86_2B_PSUBD, 0xFA) \ + X(X86_2B_PSUBQ, 0xFB) \ + X(X86_2B_PADDB, 0xFC) \ + X(X86_2B_PADDW, 0xFD) \ + X(X86_2B_PADDD, 0xFE) + +/* Second bytes of opcodes with a ModRM and a 1-byte immediate operand */ +#define X86_OPS_2BYTE_MRM_I8(X) \ + X(X86_2B_SHLDMRI, 0xA4) \ + X(X86_2B_SHRDMRI, 0xAC) \ + X(X86_2B_BTXMI, 0xBA) /* BT/BTS/BTR/BTC depending on MRM.reg (4-7) */ \ + /* -- MMX/SSE1/SSE2 instructions -- */ \ + X(X86_2B_PSHUF, 0x70) /* PSHUFW/PSHUFLW/PSHUFHW/PSHUFD via MRM.reg */ \ + X(X86_2B_PSWI, 0x71) /* PSRLW/PSRAW/PSLLW via MRM.reg */ \ + X(X86_2B_PSDI, 0x72) /* PSRLD/PSRAD/PSLLD via MRM.reg */ \ + X(X86_2B_PSQI, 0x73) /* PSRLQ/PSRAQ/PSLLQ via MRM.reg */ \ + X(X86_2B_CMPSI, 0xC2) /* CMP{P,S}{S,D} via prefix */ \ + X(X86_2B_PINSRW, 0xC4) \ + X(X86_2B_PEXTRW, 0xC5) \ + X(X86_2B_SHUF, 0xC6) /* SHUFP{S,D} */ \ + +#define X86_OPS_2BYTE(X) \ + X86_OPS_2BYTE_NO(X) \ + X86_OPS_2BYTE_IW(X) \ + X86_OPS_2BYTE_MRM(X) \ + X86_OPS_2BYTE_MRM_I8(X) + +#define _X86_ENUM(name, value) name = value, +enum { + X86_PREFIXES(_X86_ENUM) + X86_OPS_1BYTE(_X86_ENUM) + X86_2BYTE = 0x0F, /* First byte of a 2- or 3-byte opcode */ + X86_OPS_2BYTE(_X86_ENUM) + X86_3BYTE1 = 0x38, /* One of the two second bytes of a three-byte opcode */ + X86_3BYTE2 = 0x3A, /* The other second byte of a three-byte opcode */ + X86_3DNOW = 0x0F /* The second byte of a three-byte 3DNow! opcode */ +}; +#undef _X86_ENUM + +/* + * Returns the length of an instruction, or -1 if it's a "known unknown" or + * invalid instruction. Doesn't handle unknown unknowns: may explode or hang on + * arbitrary untrusted data. Also doesn't handle, among other things, 3DNow!, + * SSE, MMX, AVX, and such. Aims to be small and fast rather than comprehensive. + */ +int x86_len(const void *insn); + +/* Constructs a ModRM byte, assuming the parameters are all in range. */ +#define X86_MODRM(mod, reg, rm) (unsigned char)((mod) << 6 | (reg) << 3 | rm) + +#endif + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,13 +1,13 @@ -Copyright (c) 2024 Matthew Wozniak <me@woz.blue>
-
-Permission to use, copy, modify, and/or distribute this software for any purpose
-with or without fee is hereby granted, provided that the above copyright notice
-and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
-TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
-THIS SOFTWARE.
+Copyright (c) 2024 Matthew Wozniak <me@woz.blue> + +Permission to use, copy, modify, and/or distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright notice +and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND +FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS +OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER +TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF +THIS SOFTWARE. @@ -1,17 +1,17 @@ -CC = clang
-OBJS = main.o api.o 3p/sst/x86.o hook.o
-WARNINGS=-Wall -Wpedantic -Wextra -Wno-gnu-zero-variadic-macro-arguments \
- -D_CRT_SECURE_NO_WARNINGS
-CFLAGS:=$(CFLAGS) -m32 -flto -I3p -std=c23
-
-all: rt.exe
-rt.exe: $(OBJS)
- $(CC) -fuse-ld=lld $(CFLAGS) $(LDFLAGS) $(OBJS) -o rt.exe
-
-%.o: %.c
- $(CC) -c $(WARNINGS) $(CFLAGS) $< -o $@
-
-clean:
- rm -f *.o 3p/sst/*.o *.exe *.pdb
-
-rebuild: clean all
+CC = clang +OBJS = main.o api.o 3p/sst/x86.o hook.o +WARNINGS=-Wall -Wpedantic -Wextra -Wno-gnu-zero-variadic-macro-arguments \ + -D_CRT_SECURE_NO_WARNINGS +CFLAGS:=$(CFLAGS) -m32 -flto -I3p -std=c23 + +all: rt.exe +rt.exe: $(OBJS) + $(CC) -fuse-ld=lld $(CFLAGS) $(LDFLAGS) $(OBJS) -o rt.exe + +%.o: %.c + $(CC) -c $(WARNINGS) $(CFLAGS) $< -o $@ + +clean: + rm -f *.o 3p/sst/*.o *.exe *.pdb + +rebuild: clean all @@ -1,7 +1,7 @@ -rendertools
------------
-
-orange box engine demo renderer
-
-usage:
- rt -w <width> -h <height> -g <game> -r <fps> path/to/demo.dem
+rendertools +----------- + +orange box engine demo renderer + +usage: + rt -w <width> -h <height> -g <game> -r <fps> path/to/demo.dem @@ -1,83 +1,83 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#define NO_EXTERNS
-#include "api.h"
-#undef NO_EXTERNS
-#include "os.h"
-#include "log.h"
-#include "sst/x86.h"
-
-struct engserver *engserver = NULL;
-struct engclient *engclient = NULL;
-struct engineapi *engineapi = NULL;
-struct enginetools *enginetools = NULL;
-struct demoplayer *demoplayer = NULL;
-struct videomode **videomode = NULL;
-struct movieinfo *movieinfo = NULL;
-void (*cbuf_addtext)(char *) = NULL;
-
-// TODO: should this be split up?
-
-bool api_init(void) {
- void *engine_dll = os_dlhandle("engine");
- createinterface_func engine_factory =
- (createinterface_func)os_dlsym(engine_dll, "CreateInterface");
- if (!engine_factory) bail("couldn't get engine factory");
- engserver = engine_factory(VENGINE_SERVER_INTERFACE_VERSION, NULL);
- if (!engserver) bail("couldn't get IVEngineServer from engine");
- engclient = engine_factory(VENGINE_CLIENT_INTERFACE_VERSION, NULL);
- if (!engclient) bail("couldn't get IVEngineClient from engine");
- engineapi = engine_factory(VENGINE_LAUNCHER_INTERFACE_VERSION, NULL);
- if (!engineapi) bail("couldn't get IEngineAPI from engine");
- enginetools = engine_factory(VENGINE_TOOL_INTERFACE_VERSION, NULL);
- if (!engineapi) bail("couldn't get IEngineTools from engine");
-
- // find cbuf_addtext
- const u8 *instr = (const u8 *)engserver->vt->server_command;
- // ServerCommand() calls a few small functions before Cbuf_AddText but they
- // get inlined. look for 'push esi' and then a call.
- for (const u8 *p = instr; p - instr < 64;) {
- if (*p == X86_PUSHESI && *++p == X86_CALL) {
- // jump is relative to after the instruction
- cbuf_addtext = (void (*)(char *))(p + 5 + *(i32 *)(p + 1));
- }
- int l = x86_len(p);
- if (l == -1)
- bail("invalid instruction looking for cbuf_addtext");
- p += l;
- }
- if (!cbuf_addtext) bail("couldn't find cbuf_addtext");
-
- // find demoplayer
- instr = (const u8 *)engclient->vt->is_playing_demo;
- // CEngineClient::IsPlayingDemo is a wrapper around a demoplayer call
- // The first thing it does should be load a ptr to demoplayer into ECX
- if (instr[0] != X86_MOVRMW || instr[1] != X86_MODRM(0, 1, 5))
- bail("couldn't get demoplayer");
- demoplayer = **(struct demoplayer ***)(instr + 2);
- debug("demoplayer = %p", (void *)demoplayer);
-
- // find videomode
- // CEngineAPI::SetEngineWindow calls videomode->SetGameWindow after
- // detaching the current window with another vcall. Look for the second one.
- // This, like the demoplayer, is a pointer. Mind the double dereference.
- instr = (const u8 *)engineapi->vt->set_engine_window;
- int mov_ecx_counter = 0;
- for (const u8 *p = instr; p - instr < 64;) {
- if (p[0] == X86_MOVRMW && p[1] == X86_MODRM(0, 1, 5)
- && ++mov_ecx_counter == 2) {
- videomode = *(struct videomode ***)(p + 2);
- break;
- }
- int l = x86_len(p);
- if (l == -1)
- bail("invalid instruction looking for videomode");
- p += l;
- }
- debug("videomode = %p", (void *)videomode);
-
- return true;
-}
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#define NO_EXTERNS +#include "api.h" +#undef NO_EXTERNS +#include "os.h" +#include "log.h" +#include "sst/x86.h" + +struct engserver *engserver = NULL; +struct engclient *engclient = NULL; +struct engineapi *engineapi = NULL; +struct enginetools *enginetools = NULL; +struct demoplayer *demoplayer = NULL; +struct videomode **videomode = NULL; +struct movieinfo *movieinfo = NULL; +void (*cbuf_addtext)(char *) = NULL; + +// TODO: should this be split up? + +bool api_init(void) { + void *engine_dll = os_dlhandle("engine"); + createinterface_func engine_factory = + (createinterface_func)os_dlsym(engine_dll, "CreateInterface"); + if (!engine_factory) bail("couldn't get engine factory"); + engserver = engine_factory(VENGINE_SERVER_INTERFACE_VERSION, NULL); + if (!engserver) bail("couldn't get IVEngineServer from engine"); + engclient = engine_factory(VENGINE_CLIENT_INTERFACE_VERSION, NULL); + if (!engclient) bail("couldn't get IVEngineClient from engine"); + engineapi = engine_factory(VENGINE_LAUNCHER_INTERFACE_VERSION, NULL); + if (!engineapi) bail("couldn't get IEngineAPI from engine"); + enginetools = engine_factory(VENGINE_TOOL_INTERFACE_VERSION, NULL); + if (!engineapi) bail("couldn't get IEngineTools from engine"); + + // find cbuf_addtext + const u8 *instr = (const u8 *)engserver->vt->server_command; + // ServerCommand() calls a few small functions before Cbuf_AddText but they + // get inlined. look for 'push esi' and then a call. + for (const u8 *p = instr; p - instr < 64;) { + if (*p == X86_PUSHESI && *++p == X86_CALL) { + // jump is relative to after the instruction + cbuf_addtext = (void (*)(char *))(p + 5 + *(i32 *)(p + 1)); + } + int l = x86_len(p); + if (l == -1) + bail("invalid instruction looking for cbuf_addtext"); + p += l; + } + if (!cbuf_addtext) bail("couldn't find cbuf_addtext"); + + // find demoplayer + instr = (const u8 *)engclient->vt->is_playing_demo; + // CEngineClient::IsPlayingDemo is a wrapper around a demoplayer call + // The first thing it does should be load a ptr to demoplayer into ECX + if (instr[0] != X86_MOVRMW || instr[1] != X86_MODRM(0, 1, 5)) + bail("couldn't get demoplayer"); + demoplayer = **(struct demoplayer ***)(instr + 2); + debug("demoplayer = %p", (void *)demoplayer); + + // find videomode + // CEngineAPI::SetEngineWindow calls videomode->SetGameWindow after + // detaching the current window with another vcall. Look for the second one. + // This, like the demoplayer, is a pointer. Mind the double dereference. + instr = (const u8 *)engineapi->vt->set_engine_window; + int mov_ecx_counter = 0; + for (const u8 *p = instr; p - instr < 64;) { + if (p[0] == X86_MOVRMW && p[1] == X86_MODRM(0, 1, 5) + && ++mov_ecx_counter == 2) { + videomode = *(struct videomode ***)(p + 2); + break; + } + int l = x86_len(p); + if (l == -1) + bail("invalid instruction looking for videomode"); + p += l; + } + debug("videomode = %p", (void *)videomode); + + return true; +} + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,102 +1,102 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#ifndef ENGINEAPI_H
-#define ENGINEAPI_H
-
-#define VENGINE_SERVER_INTERFACE_VERSION "VEngineServer021"
-#define VENGINE_CLIENT_INTERFACE_VERSION "VEngineClient013"
-#define VENGINE_LAUNCHER_INTERFACE_VERSION "VENGINE_LAUNCHER_API_VERSION004"
-#define VENGINE_TOOL_INTERFACE_VERSION "VENGINETOOL003"
-
-#include "intdef.h"
-
-typedef void * (*createinterface_func)(const char *name, int *ret);
-
-struct engserver {
- struct {
- usize _pad[36];
- void (*__thiscall server_command)(struct engserver *this, const char *str);
- } *vt;
-};
-
-struct engclient {
- struct {
- usize _pad[75];
- void (*__thiscall is_playing_demo)(struct engclient *this);
- } *vt;
-};
-
-struct engineapi {
- struct {
- usize _pad[7];
- void *set_engine_window;
- } *vt;
-};
-
-struct enginetools {
- struct {
- usize _pad[64];
- void *is_recording_movie;
- } *vt;
-};
-
-struct movieinfo {
- char name[256];
- int curframe;
- int type;
- int jpeg_quality;
-};
-
-struct videomode {
- struct {
- usize _pad[22];
- void (*__thiscall write_movie_frame)(struct videomode *this,
- struct movieinfo *info);
- } *vt;
-};
-
-struct demoplayer {
- struct {
- void *_destructor;
- void * (*__thiscall get_demo_file)(struct demoplayer *this);
- int (*__thiscall get_playback_tick)(struct demoplayer *this);
- int (*__thiscall get_total_ticks)(struct demoplayer *this);
- void *_whatisthisihavenoidea; // TODO
- bool (*__thiscall start_playback)(struct demoplayer *this,
- const char *filename, bool as_time_demo);
- bool (*__thiscall is_playing_back)(struct demoplayer *this);
- bool (*__thiscall is_playback_paused)(struct demoplayer *this);
- bool (*__thiscall is_playing_time_demo)(struct demoplayer *this);
- bool (*__thiscall is_skipping)(struct demoplayer *this);
- bool (*__thiscall can_skip_backwards)(struct demoplayer *this);
- void (*__thiscall set_playback_time_scale)(struct demoplayer *this,
- float timescale);
- float (*__thiscall get_playback_time_scale)(struct demoplayer *this);
- void (*__thiscall pause_playback)(struct demoplayer *this,
- float seconds);
- void (*__thiscall skip_to_tick)(struct demoplayer *this, int tick,
- bool relative, bool pause);
- void (*__thiscall resume_playback)(struct demoplayer *this);
- void (*__thiscall stop_playback)(struct demoplayer *this);
- void (*__thiscall interpolate_viewpoint)(struct demoplayer *this);
- } *vt;
-};
-
-#ifndef NO_EXTERNS
-extern struct engserver *engserver;
-extern struct engclient *engclient;
-extern struct engineapi *engineapi;
-extern struct enginetools *enginetools;
-extern struct demoplayer *demoplayer;
-extern struct videomode **videomode;
-extern struct movieinfo *movieinfo;
-extern void (*cbuf_addtext)(char *);
-#endif
-
-// initializes required engine apis. returns false on error.
-bool api_init(void);
-
-#endif
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#ifndef ENGINEAPI_H +#define ENGINEAPI_H + +#define VENGINE_SERVER_INTERFACE_VERSION "VEngineServer021" +#define VENGINE_CLIENT_INTERFACE_VERSION "VEngineClient013" +#define VENGINE_LAUNCHER_INTERFACE_VERSION "VENGINE_LAUNCHER_API_VERSION004" +#define VENGINE_TOOL_INTERFACE_VERSION "VENGINETOOL003" + +#include "intdef.h" + +typedef void * (*createinterface_func)(const char *name, int *ret); + +struct engserver { + struct { + usize _pad[36]; + void (*__thiscall server_command)(struct engserver *this, const char *str); + } *vt; +}; + +struct engclient { + struct { + usize _pad[75]; + void (*__thiscall is_playing_demo)(struct engclient *this); + } *vt; +}; + +struct engineapi { + struct { + usize _pad[7]; + void *set_engine_window; + } *vt; +}; + +struct enginetools { + struct { + usize _pad[64]; + void *is_recording_movie; + } *vt; +}; + +struct movieinfo { + char name[256]; + int curframe; + int type; + int jpeg_quality; +}; + +struct videomode { + struct { + usize _pad[22]; + void (*__thiscall write_movie_frame)(struct videomode *this, + struct movieinfo *info); + } *vt; +}; + +struct demoplayer { + struct { + void *_destructor; + void * (*__thiscall get_demo_file)(struct demoplayer *this); + int (*__thiscall get_playback_tick)(struct demoplayer *this); + int (*__thiscall get_total_ticks)(struct demoplayer *this); + void *_whatisthisihavenoidea; // TODO + bool (*__thiscall start_playback)(struct demoplayer *this, + const char *filename, bool as_time_demo); + bool (*__thiscall is_playing_back)(struct demoplayer *this); + bool (*__thiscall is_playback_paused)(struct demoplayer *this); + bool (*__thiscall is_playing_time_demo)(struct demoplayer *this); + bool (*__thiscall is_skipping)(struct demoplayer *this); + bool (*__thiscall can_skip_backwards)(struct demoplayer *this); + void (*__thiscall set_playback_time_scale)(struct demoplayer *this, + float timescale); + float (*__thiscall get_playback_time_scale)(struct demoplayer *this); + void (*__thiscall pause_playback)(struct demoplayer *this, + float seconds); + void (*__thiscall skip_to_tick)(struct demoplayer *this, int tick, + bool relative, bool pause); + void (*__thiscall resume_playback)(struct demoplayer *this); + void (*__thiscall stop_playback)(struct demoplayer *this); + void (*__thiscall interpolate_viewpoint)(struct demoplayer *this); + } *vt; +}; + +#ifndef NO_EXTERNS +extern struct engserver *engserver; +extern struct engclient *engclient; +extern struct engineapi *engineapi; +extern struct enginetools *enginetools; +extern struct demoplayer *demoplayer; +extern struct videomode **videomode; +extern struct movieinfo *movieinfo; +extern void (*cbuf_addtext)(char *); +#endif + +// initializes required engine apis. returns false on error. +bool api_init(void); + +#endif + +// vi: sw=4 ts=4 noet tw=80 cc=80 diff --git a/compile_flags.txt b/compile_flags.txt index 4cb8bb9..118e065 100644 --- a/compile_flags.txt +++ b/compile_flags.txt @@ -1,9 +1,9 @@ --target
-i686-pc-windows-msvc
--include
-stdbool.h
--I3p
--Wpedantic
--Wextra
--std=c23
--Wno-gnu-zero-variadic-macro-arguments
+-target +i686-pc-windows-msvc +-include +stdbool.h +-I3p +-Wpedantic +-Wextra +-std=c23 +-Wno-gnu-zero-variadic-macro-arguments @@ -1,108 +1,108 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Michael Smith <mikesmiffy128@gmail.com>
-// SPDX-FileCopyrightText: 2022 Willian Henrique <wsimanbrazil@yahoo.com.br>
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#include <string.h>
-
-#include "3p/sst/x86.h"
-
-#include "intdef.h"
-#include "log.h"
-#include "os.h"
-
-#ifdef _WIN32
-// try to avoid pulling in all of Windows.h for this... (redundant dllimport
-// avoids warnings in hook.test.c where Windows.h is included via test.h)
-__declspec(dllimport) int __stdcall FlushInstructionCache(
- void *, const void *, usize);
-#endif
-
-// Warning: half-arsed hacky implementation (because that's all we really need)
-// Almost certainly breaks in some weird cases. Oh well! Most of the time,
-// vtable hooking is more reliable, this is only for, uh, emergencies.
-
-__attribute__((aligned(4096))) static uchar trampolines[4096];
-static uchar *nexttrampoline = trampolines;
-
-bool hook_init(void) {
- return os_mprot(trampolines, sizeof(trampolines), PAGE_EXECUTE_READWRITE);
-}
-
-static inline void iflush(void *p, int len) {
-#if defined(_WIN32)
- // -1 is the current process, and it's a constant in the WDK, so it's
- // assumed we can safely avoid the useless GetCurrentProcess call
- FlushInstructionCache((void *)-1, p, len);
-#elif defined(__GNUC__)
- __builtin___clear_cache((char *)p, (char *)p + len);
-#else
- warn("no way to clear instruction cache!");
-#endif
-}
-
-void *hook_inline(void *func_, void *target) {
- uchar *func = func_;
- // dumb hack: if we hit some thunk that immediately jumps elsewhere (which
- // seems common for win32 API functions), hook the underlying thing instead.
- while (*func == X86_JMPIW) func += *(i32 *)(func + 1) + 5;
- if (!os_mprot(func, 5, PAGE_EXECUTE_READWRITE)) return 0;
- int len = 0;
- for (;;) {
- // FIXME: these cases may result in somewhat dodgy error messaging. They
- // shouldn't happen anyway though. Maybe if we're confident we just
- // compile 'em out of release builds some day, but that sounds a little
- // scary. For now preferring confusing messages over crashes, I guess.
- if (func[len] == X86_CALL) {
- warn("can't trampoline call instructions\n");
- return 0;
- }
- int ilen = x86_len(func + len);
- if (ilen == -1) {
- warn("unknown or invalid instruction\n");
- return 0;
- }
- len += ilen;
- if (len >= 5) break;
- if (func[len] == X86_JMPIW) {
- warn("can't trampoline jmp instructions\n");
- return 0;
- }
- }
- // for simplicity, just bump alloc the trampoline. no need to free anyway
- if (nexttrampoline - trampolines > (int)sizeof(trampolines) - len - 6) {
- warn("out of trampoline space\n");
- return 0;
- }
- uchar *trampoline = nexttrampoline;
- nexttrampoline += len + 6; // NOT thread-safe. we don't need that anyway!
- *trampoline++ = len; // stick length in front for quicker unhooking
- memcpy(trampoline, func, len);
- trampoline[len] = X86_JMPIW;
- u32 diff = func - (trampoline + 5); // goto the continuation
- memcpy(trampoline + len + 1, &diff, 4);
- diff = (uchar *)target - (func + 5); // goto the hook target
- func[0] = X86_JMPIW;
- memcpy(func + 1, &diff, 4);
- iflush(func, 5);
- return trampoline;
-}
-
-void unhook_inline(void *orig) {
- uchar *p = orig;
- int len = p[-1];
- int off = *(i32 *)(p + len + 1);
- uchar *q = p + off + 5;
- memcpy(q, p, 5); // XXX: not atomic atm! (does any of it even need to be?)
- iflush(q, 5);
-}
-
-void *hook_dllapi(const char *module, const char *name, void *target) {
- void *func = os_dlsym(os_dlopen(module), name);
- debug("%s = %p", name, func);
- if (!func) warn("couldn't find function %s in %s", name, module);
- else return hook_inline(func, target);
- return NULL;
-}
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Michael Smith <mikesmiffy128@gmail.com> +// SPDX-FileCopyrightText: 2022 Willian Henrique <wsimanbrazil@yahoo.com.br> +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#include <string.h> + +#include "3p/sst/x86.h" + +#include "intdef.h" +#include "log.h" +#include "os.h" + +#ifdef _WIN32 +// try to avoid pulling in all of Windows.h for this... (redundant dllimport +// avoids warnings in hook.test.c where Windows.h is included via test.h) +__declspec(dllimport) int __stdcall FlushInstructionCache( + void *, const void *, usize); +#endif + +// Warning: half-arsed hacky implementation (because that's all we really need) +// Almost certainly breaks in some weird cases. Oh well! Most of the time, +// vtable hooking is more reliable, this is only for, uh, emergencies. + +__attribute__((aligned(4096))) static uchar trampolines[4096]; +static uchar *nexttrampoline = trampolines; + +bool hook_init(void) { + return os_mprot(trampolines, sizeof(trampolines), PAGE_EXECUTE_READWRITE); +} + +static inline void iflush(void *p, int len) { +#if defined(_WIN32) + // -1 is the current process, and it's a constant in the WDK, so it's + // assumed we can safely avoid the useless GetCurrentProcess call + FlushInstructionCache((void *)-1, p, len); +#elif defined(__GNUC__) + __builtin___clear_cache((char *)p, (char *)p + len); +#else + warn("no way to clear instruction cache!"); +#endif +} + +void *hook_inline(void *func_, void *target) { + uchar *func = func_; + // dumb hack: if we hit some thunk that immediately jumps elsewhere (which + // seems common for win32 API functions), hook the underlying thing instead. + while (*func == X86_JMPIW) func += *(i32 *)(func + 1) + 5; + if (!os_mprot(func, 5, PAGE_EXECUTE_READWRITE)) return 0; + int len = 0; + for (;;) { + // FIXME: these cases may result in somewhat dodgy error messaging. They + // shouldn't happen anyway though. Maybe if we're confident we just + // compile 'em out of release builds some day, but that sounds a little + // scary. For now preferring confusing messages over crashes, I guess. + if (func[len] == X86_CALL) { + warn("can't trampoline call instructions\n"); + return 0; + } + int ilen = x86_len(func + len); + if (ilen == -1) { + warn("unknown or invalid instruction\n"); + return 0; + } + len += ilen; + if (len >= 5) break; + if (func[len] == X86_JMPIW) { + warn("can't trampoline jmp instructions\n"); + return 0; + } + } + // for simplicity, just bump alloc the trampoline. no need to free anyway + if (nexttrampoline - trampolines > (int)sizeof(trampolines) - len - 6) { + warn("out of trampoline space\n"); + return 0; + } + uchar *trampoline = nexttrampoline; + nexttrampoline += len + 6; // NOT thread-safe. we don't need that anyway! + *trampoline++ = len; // stick length in front for quicker unhooking + memcpy(trampoline, func, len); + trampoline[len] = X86_JMPIW; + u32 diff = func - (trampoline + 5); // goto the continuation + memcpy(trampoline + len + 1, &diff, 4); + diff = (uchar *)target - (func + 5); // goto the hook target + func[0] = X86_JMPIW; + memcpy(func + 1, &diff, 4); + iflush(func, 5); + return trampoline; +} + +void unhook_inline(void *orig) { + uchar *p = orig; + int len = p[-1]; + int off = *(i32 *)(p + len + 1); + uchar *q = p + off + 5; + memcpy(q, p, 5); // XXX: not atomic atm! (does any of it even need to be?) + iflush(q, 5); +} + +void *hook_dllapi(const char *module, const char *name, void *target) { + void *func = os_dlsym(os_dlopen(module), name); + debug("%s = %p", name, func); + if (!func) warn("couldn't find function %s in %s", name, module); + else return hook_inline(func, target); + return NULL; +} + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,9 +1,9 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-bool hook_init(void);
-void *hook_inline(void *func, void *target);
-void unhook_inline(void *orig);
-void *hook_dllapi(const char *module, const char *name, void *target);
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +bool hook_init(void); +void *hook_inline(void *func, void *target); +void unhook_inline(void *orig); +void *hook_dllapi(const char *module, const char *name, void *target); + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,27 +1,27 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#ifndef INTDEF_H
-#define INTDEF_H
-
-typedef unsigned char uchar;
-typedef unsigned short ushort;
-typedef unsigned int uint;
-typedef unsigned long ulong;
-typedef long long vlong;
-typedef unsigned long long uvlong;
-
-typedef ulong usize;
-typedef long isize;
-typedef uchar u8;
-typedef char i8;
-typedef ushort u16;
-typedef short i16;
-typedef uint u32;
-typedef int i32;
-typedef uvlong u64;
-typedef vlong i64;
-
-#endif
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#ifndef INTDEF_H +#define INTDEF_H + +typedef unsigned char uchar; +typedef unsigned short ushort; +typedef unsigned int uint; +typedef unsigned long ulong; +typedef long long vlong; +typedef unsigned long long uvlong; + +typedef ulong usize; +typedef long isize; +typedef uchar u8; +typedef char i8; +typedef ushort u16; +typedef short i16; +typedef uint u32; +typedef int i32; +typedef uvlong u64; +typedef vlong i64; + +#endif + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,25 +1,25 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#include <stdio.h>
-
-#define die(fmt, ...) {\
- fprintf(stderr, "err: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__); \
- exit(1); \
-}
-
-#define bail(fmt, ...) {\
- fprintf(stderr, "err: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__); \
- return false; \
-}
-
-#define warn(fmt, ...) \
- fprintf(stderr, "warn: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__)
-
-#define info(fmt, ...) \
- fprintf(stderr, "info: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__)
-
-#define debug(fmt, ...) \
- fprintf(stderr, "dbg: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__)
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#include <stdio.h> + +#define die(fmt, ...) {\ + fprintf(stderr, "err: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__); \ + exit(1); \ +} + +#define bail(fmt, ...) {\ + fprintf(stderr, "err: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__); \ + return false; \ +} + +#define warn(fmt, ...) \ + fprintf(stderr, "warn: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__) + +#define info(fmt, ...) \ + fprintf(stderr, "info: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__) + +#define debug(fmt, ...) \ + fprintf(stderr, "dbg: %s: " fmt "\n", __func__ __VA_OPT__(,) __VA_ARGS__) + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,70 +1,70 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#include "api.h"
-#include "hook.h"
-#include "log.h"
-#include "os.h"
-
-#include <stddef.h>
-#define WIN32_LEAN_AND_MEAN
-#include <Windows.h>
-
-void (*orig_cbuf_addtext)(char *);
-void hook_cbuf_addtext(char *str) {
- orig_cbuf_addtext(str);
- // this is the last thing that happens when the game is opened
- if (!strcmp(str, "exec modsettings.cfg mod\n")) {
- }
-}
-
-char *cmdline;
-char WINAPI *hook_GetCommandLineA(void) {
- return cmdline;
-}
-
-void *(WINAPI *orig_LoadLibraryExA)(const char *, void *, int);
-void WINAPI *hook_LoadLibraryExA(const char *filename, void *hfile, int flags) {
- // if the dll is already loaded, don't run our code again
- if (os_dlhandle(filename))
- return orig_LoadLibraryExA(filename, hfile, flags);
- void *ret = orig_LoadLibraryExA(filename, hfile, flags);
- if (!ret) return ret;
- // cut down to basename for display
- const char *basename = filename;
- for (const char *p = filename; *p; p++)
- if (*p == '\\') basename = p + 1;
-
- if (!strcmp(basename, "engine.dll")) {
- if (!api_init()) die("couldn't get apis");
- orig_cbuf_addtext = (void (*)(char *))
- hook_inline((void *)cbuf_addtext, (void *)hook_cbuf_addtext);
- }
- return ret;
-}
-
-typedef int (*LauncherMain_t)(void *instance, void *prev_inst, char *cmdline,
- int cmd_show);
-
-int main(void/* int argc, char **argv */) {
- SetDllDirectoryA("bin/");
-
- // TODO: make this changeable by the user
- cmdline = "hl2.exe -console -w 1280 -h 720 -window -high -dxlevel 95";
-
- hook_init();
- orig_LoadLibraryExA = (typeof(orig_LoadLibraryExA))hook_dllapi("kernel32",
- "LoadLibraryExA", (void *)hook_LoadLibraryExA);
- hook_dllapi("kernel32", "GetCommandLineA", (void *)hook_GetCommandLineA);
-
- info("GetCommandLineA() = %s", GetCommandLineA());
-
- void *launcher_dll = os_dlopen("launcher");
- LauncherMain_t launcher_main =
- (LauncherMain_t)os_dlsym(launcher_dll, "LauncherMain");
-
- if (!launcher_main) die("couldn't open launcher");
- launcher_main(NULL, NULL, cmdline, 0);
-}
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#include "api.h" +#include "hook.h" +#include "log.h" +#include "os.h" + +#include <stddef.h> +#define WIN32_LEAN_AND_MEAN +#include <Windows.h> + +void (*orig_cbuf_addtext)(char *); +void hook_cbuf_addtext(char *str) { + orig_cbuf_addtext(str); + // this is the last thing that happens when the game is opened + if (!strcmp(str, "exec modsettings.cfg mod\n")) { + } +} + +char *cmdline; +char WINAPI *hook_GetCommandLineA(void) { + return cmdline; +} + +void *(WINAPI *orig_LoadLibraryExA)(const char *, void *, int); +void WINAPI *hook_LoadLibraryExA(const char *filename, void *hfile, int flags) { + // if the dll is already loaded, don't run our code again + if (os_dlhandle(filename)) + return orig_LoadLibraryExA(filename, hfile, flags); + void *ret = orig_LoadLibraryExA(filename, hfile, flags); + if (!ret) return ret; + // cut down to basename for display + const char *basename = filename; + for (const char *p = filename; *p; p++) + if (*p == '\\') basename = p + 1; + + if (!strcmp(basename, "engine.dll")) { + if (!api_init()) die("couldn't get apis"); + orig_cbuf_addtext = (void (*)(char *)) + hook_inline((void *)cbuf_addtext, (void *)hook_cbuf_addtext); + } + return ret; +} + +typedef int (*LauncherMain_t)(void *instance, void *prev_inst, char *cmdline, + int cmd_show); + +int main(void/* int argc, char **argv */) { + SetDllDirectoryA("bin/"); + + // TODO: make this changeable by the user + cmdline = "hl2.exe -console -w 1280 -h 720 -window -high -dxlevel 95"; + + hook_init(); + orig_LoadLibraryExA = (typeof(orig_LoadLibraryExA))hook_dllapi("kernel32", + "LoadLibraryExA", (void *)hook_LoadLibraryExA); + hook_dllapi("kernel32", "GetCommandLineA", (void *)hook_GetCommandLineA); + + info("GetCommandLineA() = %s", GetCommandLineA()); + + void *launcher_dll = os_dlopen("launcher"); + LauncherMain_t launcher_main = + (LauncherMain_t)os_dlsym(launcher_dll, "LauncherMain"); + + if (!launcher_main) die("couldn't open launcher"); + launcher_main(NULL, NULL, cmdline, 0); +} + +// vi: sw=4 ts=4 noet tw=80 cc=80 @@ -1,25 +1,25 @@ -// SPDX-License-Identifier: ISC
-// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue>
-
-#ifndef OS_H
-#define OS_H
-
-#include <Windows.h>
-#include "intdef.h"
-
-/* This is really just here because Windows API functions are ugly. Maybe this
- * will be cross platform one day... */
-
-#define os_dlopen LoadLibraryA
-#define os_dlsym (void *)GetProcAddress
-#define os_dlhandle GetModuleHandleA
-#define os_dlclose FreeLibrary
-
-inline bool os_mprot(void *mem, int len, int mode) {
- ulong old;
- return !!VirtualProtect(mem, len, mode, &old);
-}
-
-#endif
-
-// vi: sw=4 ts=4 noet tw=80 cc=80
+// SPDX-License-Identifier: ISC +// SPDX-FileCopyrightText: 2024 Matthew Wozniak <me@woz.blue> + +#ifndef OS_H +#define OS_H + +#include <Windows.h> +#include "intdef.h" + +/* This is really just here because Windows API functions are ugly. Maybe this + * will be cross platform one day... */ + +#define os_dlopen LoadLibraryA +#define os_dlsym (void *)GetProcAddress +#define os_dlhandle GetModuleHandleA +#define os_dlclose FreeLibrary + +inline bool os_mprot(void *mem, int len, int mode) { + ulong old; + return !!VirtualProtect(mem, len, mode, &old); +} + +#endif + +// vi: sw=4 ts=4 noet tw=80 cc=80 |