#include #include #include #include #include #include "dat.h" #include "fns.h" #include "x86.h" typedef struct VMemReq VMemReq; struct VMemReq { QLock; uintptr va, len; void *buf; uintptr rc; int wr; }; static uintptr translateflat(uintptr va, uintptr *pa, int *perm) { if(sizeof(uintptr) != 4 && va >> 32 != 0) return 0; *pa = va; if(va == 0) return 0xFFFFFFFFUL; if(perm != 0) *perm = -1; return -va; } static uintptr translate32(uintptr va, uintptr *pa, int *perm) { void *pd, *pt; u32int pde, pte; if(sizeof(uintptr) != 4 && va >> 32 != 0) return -1; pd = gptr(rget("cr3") & ~0xfff, 4096); if(pd == nil) return 0; pde = GET32(pd, (va >> 22) * 4); if(perm != nil) *perm = pde; if((pde & 1) == 0) return 0; if((pde & 0x80) != 0 && (rget("cr4real") & Cr4Pse) != 0){ *pa = pde & 0xffc00000 | (uintptr)(pde & 0x3fe000) << 19 | va & 0x3fffff; return 0x400000 - (va & 0x3fffff); } pt = gptr(pde & ~0xfff, 4096); if(pt == nil) return 0; pte = GET32(pt, va >> 10 & 0xffc); if((pte & 1) == 0) return 0; if(perm != nil) *perm &= pte; *pa = pte & ~0xfff | va & 0xfff; return 0x1000 - (va & 0xfff); } static uintptr translatepae(uintptr, uintptr *, int *) { vmerror("PAE translation not implemented"); return 0; } static uintptr translate64(uintptr va, uintptr *pa, int *perm) { void *pml4, *pdp, *pd, *pt; u64int pml4e, pdpe, pde, pte; pml4 = gptr(rget("cr3") & 0xffffffffff000ULL, 4096); if(pml4 == nil) return 0; pml4e = GET64(pml4, (va & (511ULL<<39)) >> (39-3)); if(perm != nil) *perm = pml4e & 15; if((pml4e & 1) == 0) return 0; pdp = gptr(pml4e & 0xffffffffff000ULL, 4096); if(pdp == nil) return 0; pdpe = GET64(pdp, (va & (511ULL<<30)) >> (30-3)); if((pdpe & 1) == 0) return 0; if(perm != nil) *perm &= pdpe; if((pdpe & 0x80) != 0){ *pa = (pdpe & 0xfffffc0000000ULL) | (va & 0x3fffffffULL); return 0x40000000ULL - (va & 0x3fffffffULL); } pd = gptr(pdpe & 0xffffffffff000ULL, 4096); if(pd == nil) return 0; pde = GET64(pd, (va & (511ULL<<21)) >> (21-3)); if((pde & 1) == 0) return 0; if(perm != nil) *perm &= pde; if((pde & 0x80) != 0){ *pa = (pde & 0xfffffffe00000ULL) | (va & 0x1fffffULL); return 0x200000ULL - (va & 0x1fffffULL); } pt = gptr(pde & 0xffffffffff000ULL, 4096); if(pt == nil) return 0; pte = GET64(pt, (va & (511ULL<<12)) >> (12-3)); if((pte & 1) == 0) return 0; if(perm != nil) *perm &= pte; *pa = (pte & 0xffffffffff000ULL) | (va & 0xfffULL); return 0x1000ULL - (va & 0xfffULL); } static uintptr (* translator(void))(uintptr, uintptr *, int *) { uintptr cr0, cr4, efer; cr0 = rget("cr0real"); if((cr0 & Cr0Pg) == 0) return translateflat; efer = rget("efer"); if((efer & EferLme) != 0) return translate64; cr4 = rget("cr4real"); if((cr4 & Cr4Pae) != 0) return translatepae; return translate32; } static void vmemread0(void *aux) { VMemReq *req; uintptr va, pa, n, ok, pok; void *v; uintptr (*trans)(uintptr, uintptr *, int *); uchar *p; int wr; req = aux; va = req->va; n = req->len; p = req->buf; wr = req->wr; trans = translator(); while(n > 0){ ok = trans(va, &pa, nil); if(ok == 0) break; if(ok > n) ok = n; v = gptr(pa, 1); if(v == nil) break; pok = gavail(v); if(ok > pok) ok = pok; if(wr) memmove(v, p, ok); else memmove(p, v, ok); n -= ok; p += ok; va += ok; } req->rc = req->len - n; qunlock(req); } uintptr vmemread(void *buf, uintptr len, uintptr va) { VMemReq req; memset(&req, 0, sizeof(VMemReq)); req.wr = 0; req.buf = buf; req.len = len; req.va = va; qlock(&req); sendnotif(vmemread0, &req); qlock(&req); return req.rc; } uintptr vmemwrite(void *buf, uintptr len, uintptr va) { VMemReq req; memset(&req, 0, sizeof(VMemReq)); req.wr = 1; req.buf = buf; req.len = len; req.va = va; qlock(&req); sendnotif(vmemread0, &req); qlock(&req); return req.rc; } int x86access(int seg, uintptr addr0, int asz, uvlong *val, int sz, int acc, TLB *tlb) { int cpl; static char *baser[] = {"csbase", "dsbase", "esbase", "fsbase", "gsbase", "ssbase"}; static char *limitr[] = {"cslimit", "dslimit", "eslimit", "fslimit", "gslimit", "sslimit"}; static char *permr[] = {"csperm", "dsperm", "esperm", "fsperm", "gsperm", "ssperm"}; uvlong tval; u32int limit, perm; uintptr addr, base, szmax; int pperm, wp, i; uintptr pa[8], pav; uintptr l; uchar *ptr; Region *r; switch(asz){ case 2: addr0 = (u16int)addr0; break; case 4: addr0 = (u32int)addr0; break; case 8: break; default: vmerror("invalid asz=%d in x86access", asz); assert(0); } assert(seg < SEGMAX && (u8int)acc <= ACCX); addr = addr0; if(tlb != nil && tlb->asz == asz && tlb->seg == seg && tlb->acc == (u8int)acc && addr >= tlb->start && addr + sz >= addr && addr + sz < tlb->end){ ptr = tlb->base + addr; pa[0] = tlb->pabase + addr; r = tlb->reg; goto fast; } if(sizeof(uintptr) == 8 && asz == 8){ if(seg == SEGFS || seg == SEGGS) addr += rget(baser[seg]); if((u16int)(((u64int)addr >> 48) + 1) > 1){ gpf: if((acc & ACCSAFE) == 0){ vmdebug("gpf"); postexc("#gp", 0); } return -1; } if((vlong)addr >= 0) szmax = (1ULL<<48) - addr; else szmax = -addr; }else{ limit = rget(limitr[seg]); perm = rget(permr[seg]); if((perm & 0xc) == 0x4){ if((u32int)(addr + sz - 1) < addr || addr <= limit) goto limfault; szmax = (u32int)-addr; }else{ if((u64int)addr + sz - 1 >= limit){ limfault: if((acc & ACCSAFE) == 0){ vmdebug("limit fault"); postexc(seg == SEGSS ? "#ss" : "#gp", 0); } return -1; } szmax = limit - addr + 1; } if((perm & 0x10080) != 0x80) goto gpf; switch((u8int)acc){ case ACCR: if((perm & 0xa) == 8) goto gpf; break; case ACCW: if((perm & 0xa) != 2) goto gpf; break; case ACCX: if((perm & 8) == 0) goto gpf; break; } base = rget(baser[seg]); addr = (u32int)(addr + base); } cpl = rget("cs") & 3; wp = (rget("cr0real") & 1<<16) != 0; for(i = 0; i < sz; ){ pperm = 0; l = translator()(addr+i, &pav, &pperm); if(l == 0){ pf: if((acc & ACCSAFE) == 0){ vmdebug("page fault @ %#p", addr+i); postexc("#pf", pperm & 1 | ((u8int)acc == ACCW) << 1 | (cpl == 3) << 2 | ((u8int)acc == ACCX) << 4); rset("cr2", addr+i); } return -1; } if((cpl == 3 || wp) && (u8int)acc == ACCW && (pperm & 2) == 0) goto pf; if(cpl == 3 && (pperm & 4) == 0) goto pf; if(i == 0 && l < szmax) szmax = l; while(i < sz && l-- > 0) pa[i++] = pav++; } if(szmax >= sz){ r = regptr(pa[0]); if(r == nil || pa[0]+sz > r->end) goto slow; ptr = (uchar*)r->v + (pa[0] - r->start); if(tlb != nil){ l = gavail(ptr); if(l < szmax) szmax = l; tlb->asz = asz; tlb->seg = seg; tlb->acc = (u8int)acc; tlb->start = addr0; tlb->end = addr0 + szmax; tlb->reg = r; tlb->base = ptr - addr0; tlb->pabase = pa[0] - addr0; } fast: if(r->mmio != nil) r->mmio(pa[0], val, sz, (u8int)acc == ACCW); else if(acc == ACCW) switch(sz){ case 1: PUT8(ptr, 0, *val); break; case 2: PUT16(ptr, 0, *val); break; case 4: PUT32(ptr, 0, *val); break; case 8: PUT64(ptr, 0, *val); break; default: goto slow; } else switch(sz){ case 1: *val = GET8(ptr, 0); break; case 2: *val = GET16(ptr, 0); break; case 4: *val = GET32(ptr, 0); break; case 8: *val = GET64(ptr, 0); break; default: goto slow; } }else{ slow: if(acc != ACCW) *val = 0; for(i = 0; i < sz; i++){ r = regptr(pa[i]); if(r == nil) vmerror("x86access: access to unmapped address %#p", pa[i]); else if(acc == ACCW){ tval = GET8(val, i); if(r->mmio != nil) r->mmio(pa[i], &tval, 1, 1); else PUT8(r->v, pa[i] - r->start, tval); }else{ if(r->mmio != nil) r->mmio(pa[i], &tval, 1, 0); else tval = GET8(r->v, pa[i] - r->start); PUT8(val, i, tval); } } } return 0; } enum { ONOPE, OADC, OADD, OAND, OASZ, OCALL, OCMP, OCMPS, ODEC, OENTER, OEX, OIMUL, OINC, OINS, OLEAVE, OLOCK, OLODS, OMOV, OMOVS, OOR, OOSZ, OOUTS, OPOP, OPOPA, OPOPF, OPUSH, OPUSHA, OPUSHF, OREP, OREPNE, ORET, OSBB, OSCAS, OSEG, OSTOS, OSUB, OTEST, OXCHG, OXLAT, OXOR, OROL, OROR, ORCL, ORCR, OSHL, OSHR, OSAR, ONOT, ONEG, ODIV, OIDIV, OMUL, OJMP, }; static char *onames[] = { [ONOPE]"ONOPE", [OADC]"OADC", [OADD]"OADD", [OAND]"OAND", [OASZ]"OASZ", [OCALL]"OCALL", [OCMP]"OCMP", [OCMPS]"OCMPS", [ODEC]"ODEC", [OENTER]"OENTER", [OIMUL]"OIMUL", [OINC]"OINC", [OINS]"OINS", [OLEAVE]"OLEAVE", [OLOCK]"OLOCK", [OLODS]"OLODS", [OMOV]"OMOV", [OMOVS]"OMOVS", [OOR]"OOR", [OOSZ]"OOSZ", [OOUTS]"OOUTS", [OPOP]"OPOP", [OPOPA]"OPOPA", [OPOPF]"OPOPF", [OPUSH]"OPUSH", [OPUSHA]"OPUSHA", [OPUSHF]"OPUSHF", [OREP]"OREP", [OREPNE]"OREPNE", [ORET]"ORET", [OSBB]"OSBB", [OSCAS]"OSCAS", [OSEG]"OSEG", [OSTOS]"OSTOS", [OSUB]"OSUB", [OTEST]"OTEST", [OXCHG]"OXCHG", [OXLAT]"OXLAT", [OXOR]"OXOR", [OEX]"OEX", [OROL]"OROL", [OROR]"OROR", [ORCL]"ORCL", [ORCR]"ORCR", [OSHL]"OSHL", [OSHR]"OSHR", [OSAR]"OSAR", [ONOT]"ONOT", [ONEG]"ONEG", [ODIV]"ODIV", [OIDIV]"OIDIV", [OMUL]"OMUL", [OJMP]"OJMP" }; #define enumconv(x,buf,tab) ((x)= sizeof(step.bytes)){ if((acc & ACCSAFE) == 0){ vmerror("x86step: instruction too long (pc=%#p)", step.pc); postexc("#ud", NOERRC); } return -1; } if(x86access(SEGCS, step.npc, step.mode, &v, 1, ACCX|acc, &step.tlb) < 0){ vmerror("x86step: fault while trying to load %#p, shouldn't happen", step.pc); return -1; } step.npc++; step.bytes[step.nbytes++] = v; return (u8int)v; } static int fetch16(int acc) { int r0, r1; if(r0 = fetch8(acc), r0 < 0) return -1; if(r1 = fetch8(acc), r1 < 0) return -1; return r0 | r1 << 8; } static vlong fetch32(int acc) { int r0, r1, r2, r3; if(r0 = fetch8(acc), r0 < 0) return -1; if(r1 = fetch8(acc), r1 < 0) return -1; if(r2 = fetch8(acc), r2 < 0) return -1; if(r3 = fetch8(acc), r3 < 0) return -1; return r0 | r1 << 8 | r2 << 16 | r3 << 24; } static int fetch64(int acc, uvlong *p) { vlong r0, r1; if(r0 = fetch32(acc), r0 < 0) return -1; if(r1 = fetch32(acc), r1 < 0) return -1; *p = r0 | r1 << 32; return 0; } static long machread(int, void *vb, long n, vlong soff) { uvlong o; o = soff; if(o < step.pc) return 0; if(o >= step.pc+step.nbytes) return 0; if(n > step.pc+step.nbytes-o) n = step.pc+step.nbytes-o; memmove(vb, step.bytes+(o-step.pc), n); return n; } static void giveup(void) { static Map *m; char buf[128]; char *p, *e; extern Machdata i386mach; int i, rc; if(m == nil){ m = newmap(nil, 1); setmap(m, -1, 0, -1, 0, "text"); m->seg[0].read = machread; } p = buf; e = buf + sizeof(buf); while(fetch8(ACCSAFE) >= 0) ; if(rc = i386mach.das(m, step.pc, 0, buf, sizeof(buf)), rc >= 0){ p += strlen(buf); p = seprint(p, e, " # "); }else rc = step.nbytes; for(i = 0; i < rc; i++) p = seprint(p, e, "%.2x ", step.bytes[i]); vmerror("x86step: unimplemented instruction %s", buf); } static int grab(void) { int op; int rc; vlong vrc; u32int inf; u32int *tab; again: op = fetch8(0); if(op < 0) return -1; inf = optab[op]; if(inf == 0){ giveup(); return -1; } switch((u8int)inf){ case OLOCK: step.flags |= INSLOCK; goto again; case OREP: step.flags |= INSREP; goto again; case OREPNE: step.flags |= INSREPNE; goto again; case OOSZ: step.flags |= INSOSZ; step.osz = step.osz == 2 ? 4 : 2; goto again; case OASZ: step.flags |= INSASZ; step.asz = step.asz == 2 ? 4 : 2; goto again; case OSEG: step.seg = inf >> 8; goto again; } step.opcode = op; if((u8int)(inf >> 8) >= AMODRM || (u8int)(inf >> 16) >= AMODRM || inf == OEX){ rc = fetch8(0); if(rc < 0) return -1; step.modrm = rc; step.flags |= INSMODRM; if(step.asz != 2 && (step.modrm & 0x07) == 0x04 && step.modrm < 0xc0){ rc = fetch8(0); if(rc < 0) return -1; step.sib = rc; step.flags |= INSSIB; } switch(step.modrm >> 6){ case 1: rc = fetch8(0); if(rc < 0) return -1; step.disp = (s8int)rc; step.flags |= INSDISP8; break; case 0: if((step.modrm & 7) != (step.asz == 2) + 5 && (step.sib & 7) != 5) break; /* wet floor */ case 2: if(step.asz == 2){ rc = fetch16(0); if(rc < 0) return -1; step.disp = (s16int)rc; step.flags |= INSDISP16; }else{ vrc = fetch32(0); if(vrc < 0) return -1; step.disp = (s32int)vrc; step.flags |= INSDISP32; } break; } } if(inf == OEX){ switch(op){ case 0x80: case 0x82: tab = optab80; break; case 0x81: tab = optab81; break; case 0x83: tab = optab83; break; case 0x8f: tab = optab8F; break; case 0xc0: tab = optabC0; break; case 0xc1: tab = optabC1; break; case 0xd0: tab = optabD0; break; case 0xd1: tab = optabD1; break; case 0xd2: tab = optabD2; break; case 0xd3: tab = optabD3; break; case 0xc6: tab = optabC6; break; case 0xc7: tab = optabC7; break; case 0xf6: tab = optabF6; break; case 0xf7: tab = optabF7; break; case 0xfe: tab = optabFE; break; case 0xff: tab = optabFF; break; default: tab = nil; } if(tab == nil || (inf = tab[step.modrm >> 3 & 7]) == 0){ giveup(); return -1; } } if(((u8int)(inf >> 8) & 0xf0) == AIMM){ rc = inf >> 8 & 0xf; imm: switch(rc){ case 0: rc = fetch8(0); if(rc < 0) return -1; step.imm = rc; step.flags |= INSIMM8; break; case 2: switch(step.osz){ case 2: rc = fetch16(0); if(rc < 0) return -1; step.imm = rc; step.flags |= INSIMM16; break; case 4: case 8: vrc = fetch32(0); if(vrc < 0) return -1; step.imm = vrc; step.flags |= INSIMM32; break; } break; default: vmerror("x86step: grab: immediate size=%d, shouldn't happen", rc); giveup(); return -1; } }else if((u8int)(inf >> 16 & 0xf0) == AIMM){ rc = inf >> 16 & 0xf; goto imm; } if(((u8int)(inf >> 8) & 0xf0) == AOb || (u8int)(inf >> 16 & 0xf0) == AOb) switch(step.asz){ case 2: rc = fetch16(0); if(rc < 0) return -1; step.disp = rc; step.flags |= INSDISP16; break; case 4: vrc = fetch32(0); if(vrc < 0) return -1; step.disp = vrc; step.flags |= INSDISP32; break; case 8: if(fetch64(0, (uvlong *) &step.disp) < 0) return -1; step.flags |= INSDISP64; break; } step.inf = inf; return 0; } static void decreg(Oper *o, int n, int sz) { o->type = OPREG; o->sz = sz; if(sz == 1 && n >= 4){ o->addr = n ^ 0x14; o->val = (u8int)(rget(x86reg[n&3]) >> 8); }else{ o->addr = n; o->val = rgetsz(x86reg[n], sz); } } static void decmodrm(Oper *o, int sz) { u8int mod, m; mod = step.modrm >> 6; m = step.modrm & 7; if(mod == 3){ decreg(o, m, sz); return; } o->type = OPMEM; o->sz = sz; if(step.asz == 2){ switch(m){ case 0: o->addr = rget(RBX) + rget(RSI); break; case 1: o->addr = rget(RBX) + rget(RDI); break; case 2: o->addr = rget(RBP) + rget(RSI); break; case 3: o->addr = rget(RBX) + rget(RDI); break; case 4: o->addr = rget(RSI); break; case 5: o->addr = rget(RDI); break; case 6: o->addr = mod == 0 ? 0 : rget(RBP); break; case 7: o->addr = rget(RBX); break; } o->addr = (u16int)(o->addr + step.disp); if(step.seg < 0) if(m == 6 && mod != 0) step.seg = SEGSS; else step.seg = SEGDS; return; } if(m != 4){ if((step.modrm & 0xc7) == 5) o->addr = 0; else o->addr = rget(x86reg[m]); o->addr = (u32int)(o->addr + step.disp); if(step.seg < 0) if(m == 5 && mod != 0) step.seg = SEGSS; else step.seg = SEGDS; return; } if((step.sib >> 3 & 7) != 4) o->addr = rget(x86reg[step.sib >> 3 & 7]); else o->addr = 0; o->addr <<= step.sib >> 6; if((step.sib & 7) != 5 || mod != 0) o->addr += rget(x86reg[step.sib & 7]); o->addr = (u32int)(o->addr + step.disp); if(step.seg < 0) if((step.sib & 7) == 4 || (step.sib & 7) == 5 && mod != 0) step.seg = SEGSS; else step.seg = SEGDS; } static int parseoper(void) { int i; u8int f; Oper *o; u8int sizes[4] = {1, step.osz, step.osz == 8 ? 4 : step.osz, 2}; for(i = 0; i < 2; i++){ f = step.inf >> 8 * (i + 1); o = &step.op[i]; switch(f & 0xf0){ case AGPRb: case AGPRv: case AGPRz: o->type = OPREG; o->addr = f & 0xf; o->val = rget(x86reg[f & 0xf]); o->sz = sizes[(f >> 4) - 1]; break; case ASEG: o->type = OPSEG; o->addr = f & 0xf; o->val = rget(x86segreg[f & 0xf]); o->sz = 2; break; case AOb: o->type = OPMEM; o->addr = step.disp; o->sz = sizes[f & 0xf]; if(step.seg < 0) step.seg = SEGDS; break; case AIMM: o->type = OPIMM; o->val = step.imm; o->sz = sizes[f & 0xf]; break; case AEb: decmodrm(o, sizes[f & 0xf]); break; case A1: o->type = OPIMM; o->val = 1; o->sz = 1; break; case AGb: decreg(o, step.modrm >> 3 & 7, sizes[f & 0xf]); break; } } return 0; } static int opwrite(Oper *o, uvlong v) { char *n; switch(o->type){ case OPREG: n = x86reg[o->addr & 0xf]; if((o->addr & 0x10) != 0) rset(n, rget(n) & ~0xff00ULL | (u8int)v << 8); else rsetsz(n, v, o->sz); return 0; case OPMEM: if(x86access(step.seg, o->addr, step.asz, &v, o->sz, ACCW, &step.tlb) < 0) return -1; return 0; case OPSEG: giveup(); return -1; default: vmerror("x86step: opwrite: unhandled o->type==%d, shouldn't happen", o->type); giveup(); return -1; } } static int opread(Oper *o, uvlong *v) { switch(o->type){ case OPREG: case OPSEG: case OPIMM: *v = o->val; return 0; case OPMEM: if(x86access(step.seg, o->addr, step.asz, v, o->sz, ACCR, &step.tlb) < 0) return -1; return 0; default: vmerror("x86step: opread: unhandled o->type==%d, shouldn't happen", o->type); giveup(); return -1; } } static vlong alu(int op, vlong a, int asz, vlong b, int bsz, uvlong *flags) { vlong c; vlong amsk, sbit; u32int flout; u8int p; flout = 0; amsk = (-1ULL)>>64-8*asz; sbit = 1<<8*asz-1; b = b << 64 - 8*bsz >> 64 - 8*bsz; switch(op){ case OADD: case OADC: c = (a & amsk) + (b & amsk); if(op == OADC) c += *flags & 1; if((~(a ^ b) & (a ^ c) & 1<= 0x10) flout |= AF; goto addsub; case OSUB: case OSBB: case OCMP: c = (a & amsk) - (b & amsk); if(op == OSBB) c -= *flags & 1; if(((a ^ b) & (a ^ c) & 1<> 4) < 0) flout |= PF; break; case OAND: c = a & b; goto logic; case OOR: c = a | b; goto logic; case OXOR: c = a ^ b; goto logic; default: vmerror("x86step: alu: unhandled case op==%d, shouldn't happen", op); return 0; } *flags ^= (*flags ^ flout) & (CF|SF|ZF|OF|AF|PF); return c & amsk; } static int opcstring(void) { int sz, srcseg, rc, inc; uvlong srcaddr, dstaddr; uvlong v; uvlong cx; char buf[16]; if((step.opcode & 1) != 0) sz = step.osz; else sz = 1; srcseg = step.seg >= 0 ? step.seg : SEGDS; srcaddr = rget(RSI); dstaddr = rget(RDI); if((step.flags & INSREP) != 0) cx = rgetsz(RCX, step.asz); else cx = 1; if((rget(RFLAGS) & 0x400) != 0) inc = -sz; else inc = sz; rc = 1; switch((u8int)step.inf){ case OLODS: for(; cx > 0; cx--){ if(x86access(srcseg, srcaddr, step.asz, &v, sz, ACCR, &step.tlb) < 0){ rc = 0; break; } rsetsz(RAX, v, sz); srcaddr += inc; } break; case OSTOS: v = rget(RAX); for(; cx > 0; cx--){ if(x86access(SEGES, dstaddr, step.asz, &v, sz, ACCW, &step.tlb) < 0){ rc = 0; break; } dstaddr += inc; } break; case OMOVS: for(; cx > 0; cx--){ if(x86access(srcseg, srcaddr, step.asz, &v, sz, ACCR, &step.tlb) < 0 || x86access(SEGES, dstaddr, step.asz, &v, sz, ACCW, &step.tlb) < 0){ rc = 0; break; } srcaddr += inc; dstaddr += inc; } break; default: vmerror("x86step: opcstring: unhandled case %s", enumconv((u8int)step.inf, buf, onames)); giveup(); return 0; } rsetsz(RSI, srcaddr, step.asz); rsetsz(RDI, dstaddr, step.asz); if((step.flags & (INSREP|INSREPNE)) != 0) rsetsz(RCX, cx, step.asz); return rc; } static int opcstack(void) { uvlong val, sp; int spsz; /* todo: get stack pointer size from stack segment */ spsz = step.mode; sp = rgetsz(RSP, spsz); switch((u8int)step.inf){ case OPUSH: if(opread(&step.op[0], &val) < 0) return 0; if(step.op[0].sz < step.osz && step.op[0].type != OPSEG) val = (vlong)val << 64 - 8 * step.op[0].sz >> 64 - 8 * step.op[0].sz; sp -= step.osz; if(x86access(SEGSS, sp, spsz, &val, step.osz, ACCW, &step.tlb) < 0) return 0; break; case OPOP: if(x86access(SEGSS, sp, spsz, &val, step.osz, ACCR, &step.tlb) < 0) return 0; if(opwrite(&step.op[0], val) < 0) return 0; sp += step.osz; break; default: vmerror("x86step: stack: unhandled case op==%d, shouldn't happen", (u8int)step.inf); return 0; } rsetsz(RSP, sp, spsz); return 1; } int x86step(void) { uvlong val, valb; uvlong rflags; char buf[16]; memset(&step, 0, sizeof(step)); step.seg = -1; step.pc = rget(RPC); step.npc = step.pc; step.mode = 4; step.asz = step.osz = step.mode; if(grab() < 0 || parseoper() < 0) return 0; // print("flags=%#ux modrm=%#ux sib=%#ux disp=%#ullx imm=%#ullx\n", step.flags, step.modrm, step.sib, step.disp, step.imm); // print("op0: type=%#ux addr=%#ullx val=%#ullx sz=%d\n", , ); // print("op1: type=%#ux addr=%#ullx val=%#ullx sz=%d\n", step.op[1].type, step.op[1].addr, step.op[1].val, step.op[1].sz); print("%#.*p %s (%#ux,%d,%#ullx,%#ullx) (%#ux,%d,%#ullx,%#ullx) si %#llux di %#llux\n", 2*step.mode, step.pc, enumconv((u8int)step.inf,buf,onames), step.op[0].type, step.op[0].sz, (uvlong)step.op[0].addr, step.op[0].val, step.op[1].type, step.op[1].sz, (uvlong)step.op[1].addr, step.op[1].val, rget(RSI), rget(RDI)); switch((u8int)step.inf){ case OMOV: if((step.flags & (INSREP|INSREPNE|INSLOCK)) != 0) {giveup(); return 0;} if(opread(&step.op[1], &val) < 0) return 0; if(opwrite(&step.op[0], val) < 0) return 0; return 1; case OSTOS: case OLODS: case OMOVS: if((step.flags & (INSREPNE|INSLOCK)) != 0) {giveup(); return 0;} return opcstring(); case OADD: case OADC: case OSUB: case OSBB: case OCMP: case OAND: case OOR: case OXOR: if((step.flags & (INSREP|INSREPNE)) != 0) {giveup(); return 0;} if(opread(&step.op[0], &val) < 0) return 0; if(opread(&step.op[1], &valb) < 0) return 0; rflags = rget(RFLAGS); val = alu((u8int)step.inf, val, step.op[0].sz, valb, step.op[1].sz, &rflags); if((u8int)step.inf != OCMP && opwrite(&step.op[0], val) < 0) return 0; rset(RFLAGS, rflags); return 1; case OPUSH: case OPOP: if((step.flags & (INSLOCK|INSREPNE|INSLOCK)) != 0) {giveup(); return 0;} return opcstack(); default: vmerror("x86step: unhandled case %s", enumconv((u8int)step.inf, buf, onames)); giveup(); return 0; } }