| b54e540e |
/*
* Copyright (C) 2008 Sourcefire, Inc.
*
* Authors: Török Edvin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef DISASM_BC_H
#define DISASM_BC_H
/** @file */
/** X86 opcode */
enum X86OPS {
OP_INVALID,
OP_AAA,/**< Ascii Adjust after Addition */
OP_AAD,/**< Ascii Adjust AX before Division */
OP_AAM,/**< Ascii Adjust AX after Multiply */
OP_AAS,/**< Ascii Adjust AL after Subtraction */
OP_ADD,/**< Add */
OP_ADC,/**< Add with Carry */
OP_AND,/**< Logical And */
OP_ARPL,/**< Adjust Requested Privilege Level */
OP_BOUND,/**< Check Array Index Against Bounds */
OP_BSF,/**< Bit Scan Forward */
OP_BSR,/**< Bit Scan Reverse */
OP_BSWAP,/**< Byte Swap */
OP_BT,/**< Bit Test */
OP_BTC,/**< Bit Test and Complement */
OP_BTR,/**< Bit Test and Reset */
OP_BTS,/**< Bit Test and Set */
OP_CALL,/**< Call */
OP_CDQ,/**< Convert DoubleWord to QuadWord*/
OP_CWD,
OP_CWDE,/**< Convert Word to DoubleWord */
OP_CBW,/**< Convert Byte to Word */
OP_CLC,/**< Clear Carry Flag */
OP_CLD,/**< Clear Direction Flag */
OP_CLI,/**< Clear Interrupt Flag */
OP_CLTS,/**< Clear Task-Switched Flag in CR0 */
OP_CMC,/**< Complement Carry Flag */
OP_CMOVO,/**< Conditional Move if Overflow */
OP_CMOVNO,/**< Conditional Move if Not Overflow */
OP_CMOVC,/**< Conditional Move if Carry */
OP_CMOVNC,/**< Conditional Move if Not Carry */
OP_CMOVZ,/**< Conditional Move if Zero */
OP_CMOVNZ,/**< Conditional Move if Non-Zero */
OP_CMOVBE,/**< Conditional Move if Below or Equal */
OP_CMOVA,/**< Conditional Move if Above */
OP_CMOVS,/**< Conditional Move if Sign */
OP_CMOVNS,/**< Conditional Move if Not Sign */
OP_CMOVP,/**< Conditional Move if Parity */
OP_CMOVNP,/**< Conditional Move if Not Parity */
OP_CMOVL,/**< Conditional Move if Less */
OP_CMOVGE,/**< Conditional Move if Greater or Equal */
OP_CMOVLE,/**< Conditional Move if Less than or Equal */
OP_CMOVG,/**< Conditional Move if Greater */
OP_CMP,/**< Compare */
OP_CMPSD,/**< Compare String DoubleWord */
OP_CMPSW,/**< Compare String Word */
OP_CMPSB,/**< Compare String Byte */
OP_CMPXCHG,/**< Compare and Exchange */
OP_CMPXCHG8B,/**< Compare and Exchange Bytes */
OP_CPUID,/**< CPU Identification */
OP_DAA,/**< Decimal Adjust AL after Addition */
OP_DAS,/**< Decimal Adjust AL after Subtraction */
OP_DEC,/**< Decrement by 1 */
OP_DIV,/**< Unsigned Divide */
OP_ENTER,/**< Make Stack Frame for Procedure Parameters */
OP_FWAIT,/**< Wait */
OP_HLT,/**< Halt */
OP_IDIV,/**< Signed Divide */
OP_IMUL,/**< Signed Multiply */
OP_INC,/**< Increment by 1 */
OP_IN,/**< INput from port */
OP_INSD,/**< INput from port to String Doubleword */
OP_INSW,/**< INput from port to String Word */
OP_INSB,/**< INput from port to String Byte */
OP_INT,/**< INTerrupt */
OP_INT3,/**< INTerrupt 3 (breakpoint) */
OP_INTO,/**< INTerrupt 4 if Overflow */
OP_INVD,/**< Invalidate Internal Caches */
OP_INVLPG,/**< Invalidate TLB Entry */
OP_IRET,/**< Interrupt Return */
OP_JO,/**< Jump if Overflow */
OP_JNO,/**< Jump if Not Overflow */
OP_JC,/**< Jump if Carry */
OP_JNC,/**< Jump if Not Carry */
OP_JZ,/**< Jump if Zero */
OP_JNZ,/**< Jump if Not Zero */
OP_JBE,/**< Jump if Below or Equal */
OP_JA,/**< Jump if Above */
OP_JS,/**< Jump if Sign */
OP_JNS,/**< Jump if Not Sign */
OP_JP,/**< Jump if Parity */
OP_JNP,/**< Jump if Not Parity */
OP_JL,/**< Jump if Less */
OP_JGE,/**< Jump if Greater or Equal */
OP_JLE,/**< Jump if Less or Equal */
OP_JG,/**< Jump if Greater */
OP_JMP,/**< Jump (unconditional) */
OP_LAHF,/**< Load Status Flags into AH Register */
OP_LAR,/**< load Access Rights Byte */
OP_LDS,/**< Load Far Pointer into DS */
OP_LES,/**< Load Far Pointer into ES */
OP_LFS,/**< Load Far Pointer into FS */
OP_LGS,/**< Load Far Pointer into GS */
OP_LEA,/**< Load Effective Address */
OP_LEAVE,/**< High Level Procedure Exit */
OP_LGDT,/**< Load Global Descript Table Register */
OP_LIDT,/**< Load Interrupt Descriptor Table Register */
OP_LLDT,/**< Load Local Descriptor Table Register */
OP_PREFIX_LOCK,/**< Assert LOCK# Signal Prefix */
OP_LODSD,/**< Load String Dword*/
OP_LODSW,/**< Load String Word */
OP_LODSB,/**< Load String Byte */
OP_LOOP,/**< Loop According to ECX Counter */
OP_LOOPE,/**< Loop According to ECX Counter and ZF=1 */
OP_LOOPNE,/**< Looop According to ECX Counter and ZF=0 */
OP_JECXZ,/**< Jump if ECX is Zero */
OP_LSL,/**< Load Segment Limit */
OP_LSS,/**< Load Far Pointer into SS */
OP_LTR,/**< Load Task Register */
OP_MOV,/**< Move */
OP_MOVSD,/**< Move Data from String to String Doubleword */
OP_MOVSW,/**< Move Data from String to String Word */
OP_MOVSB,/**< Move Data from String to String Byte */
OP_MOVSX,/**< Move with Sign-Extension */
OP_MOVZX,/**< Move with Zero-Extension */
OP_MUL,/**< Unsigned Multiply */
OP_NEG,/**< Two's Complement Negation */
OP_NOP,/**< No Operation */
OP_NOT,/**< One's Complement Negation */
OP_OR,/**< Logical Inclusive OR */
OP_OUT,/**< Output to Port */
OP_OUTSD,/**< Output String to Port Doubleword */
OP_OUTSW,/**< Output String to Port Word */
OP_OUTSB,/**< Output String to Port Bytes */
OP_PUSH,/**< Push Onto the Stack */
OP_PUSHAD,/**< Push All Double General Purpose Registers */
OP_PUSHA,
OP_PUSHFD,/**< Push EFLAGS Register onto the Stack */
OP_PUSHF,
OP_POP,/**< Pop a Value from the Stack */
OP_POPAD,/**< Pop All Double General Purpose Registers from the Stack */
OP_POPFD,/**< Pop Stack into EFLAGS Register */
OP_POPF,
OP_RCL,/**< Rotate Carry Left */
OP_RCR,/**< Rotate Carry Right */
OP_RDMSR,/**< Read from Model Specific Register */
OP_RDPMC,/**< Read Performance Monitoring Counters */
OP_RDTSC,/**< Read Time-Stamp Coutner */
OP_PREFIX_REPE,/**< Repeat String Operation Prefix while Equal */
OP_PREFIX_REPNE,/**< Repeat String Operation Prefix while Not Equal */
OP_RETF,/**< Return from Far Procedure */
OP_RETN,/**< Return from Near Procedure */
OP_ROL,/**< Rotate Left */
OP_ROR,/**< Rotate Right */
OP_RSM,/**< Resumse from System Management Mode */
OP_SAHF,/**< Store AH into Flags */
OP_SAR,/**< Shift Arithmetic Right */
OP_SBB,/**< Subtract with Borrow */
OP_SCASD,/**< Scan String Doubleword */
OP_SCASW,/**< Scan String Word */
OP_SCASB,/**< Scan String Byte */
OP_SETO,/**< Set Byte on Overflow */
OP_SETNO,/**< Set Byte on Not Overflow */
OP_SETC,/**< Set Byte on Carry */
OP_SETNC,/**< Set Byte on Not Carry */
OP_SETZ,/**< Set Byte on Zero */
OP_SETNZ,/**< Set Byte on Not Zero */
OP_SETBE,/**< Set Byte on Below or Equal */
OP_SETA,/**< Set Byte on Above */
OP_SETS,/**< Set Byte on Sign */
OP_SETNS,/**< Set Byte on Not Sign */
OP_SETP,/**< Set Byte on Parity */
OP_SETNP,/**< Set Byte on Not Parity */
OP_SETL,/**< Set Byte on Less */
OP_SETGE,/**< Set Byte on Greater or Equal */
OP_SETLE,/**< Set Byte on Less or Equal */
OP_SETG,/**< Set Byte on Greater */
OP_SGDT,/**< Store Global Descriptor Table Register */
OP_SIDT,/**< Store Interrupt Descriptor Table Register */
OP_SHL,/**< Shift Left */
OP_SHLD,/**< Double Precision Shift Left */
OP_SHR,/**< Shift Right */
OP_SHRD,/**< Double Precision Shift Right */
OP_SLDT,/**< Store Local Descriptor Table Register */
OP_STOSD,/**< Store String Doubleword */
OP_STOSW,/**< Store String Word */
OP_STOSB,/**< Store String Byte */
OP_STR,/**< Store Task Register */
OP_STC,/**< Set Carry Flag */
OP_STD,/**< Set Direction Flag */
OP_STI,/**< Set Interrupt Flag */
OP_SUB,/**< Subtract */
OP_SYSCALL,/**< Fast System Call */
OP_SYSENTER,/**< Fast System Call */
OP_SYSEXIT,/**< Fast Return from Fast System Call */
OP_SYSRET,/**< Return from Fast System Call */
OP_TEST,/**< Logical Compare */
OP_UD2,/**< Undefined Instruction */
OP_VERR,/**< Verify a Segment for Reading */
OP_VERRW,/**< Verify a Segment for Writing */
OP_WBINVD,/**< Write Back and Invalidate Cache */
OP_WRMSR,/**< Write to Model Specific Register */
OP_XADD,/**< Exchange and Add */
OP_XCHG,/**< Exchange Register/Memory with Register */
OP_XLAT,/**< Table Look-up Translation */
OP_XOR,/**< Logical Exclusive OR */
OP_PREFIX_OPSIZE,
OP_PREFIX_ADDRSIZE,
OP_PREFIX_SEGMENT,
OP_2BYTE,
OP_FPU,/**< FPU operation */
OP_F2XM1,/**< Compute 2x-1 */
OP_FABS,/**< Absolute Value */
OP_FADD,/**< Floating Point Add */
OP_FADDP,/**< Floating Point Add, Pop */
OP_FBLD,/**< Load Binary Coded Decimal */
OP_FBSTP,/**< Store BCD Integer and Pop */
OP_FCHS,/**< Change Sign */
OP_FCLEX,/**< Clear Exceptions */
OP_FCMOVB,/**< Floating Point Move on Below */
OP_FCMOVBE,/**< Floating Point Move on Below or Equal */
OP_FCMOVE,/**< Floating Point Move on Equal */
OP_FCMOVNB,/**< Floating Point Move on Not Below */
OP_FCMOVNBE,/**< Floating Point Move on Not Below or Equal */
OP_FCMOVNE,/**< Floating Point Move on Not Equal */
OP_FCMOVNU,/**< Floating Point Move on Not Unordered */
OP_FCMOVU,/**< Floating Point Move on Unordered */
OP_FCOM,/**< Compare Floating Pointer Values and Set FPU Flags */
OP_FCOMI,/**< Compare Floating Pointer Values and Set EFLAGS */
OP_FCOMIP,/**< Compare Floating Pointer Values and Set EFLAGS, Pop */
OP_FCOMP,/**< Compare Floating Pointer Values and Set FPU Flags, Pop */
OP_FCOMPP,/**< Compare Floating Pointer Values and Set FPU Flags, Pop Twice */
OP_FCOS,/**< Cosine */
OP_FDECSTP,/**< Decrement Stack Top Pointer */
OP_FDIV,/**< Floating Point Divide */
OP_FDIVP,/**< Floating Point Divide, Pop */
OP_FDIVR,/**< Floating Point Reverse Divide */
OP_FDIVRP,/**< Floating Point Reverse Divide, Pop */
OP_FFREE,/**< Free Floating Point Register */
OP_FIADD,/**< Floating Point Add */
OP_FICOM,/**< Compare Integer */
OP_FICOMP,/**< Compare Integer, Pop */
OP_FIDIV,/**< Floating Point Divide by Integer */
OP_FIDIVR,/**< Floating Point Reverse Divide by Integer */
OP_FILD,/**< Load Integer */
OP_FIMUL,/**< Floating Point Multiply with Integer */
OP_FINCSTP,/**< Increment Stack-Top Pointer */
OP_FINIT,/**< Initialize Floating-Point Unit */
OP_FIST,/**< Store Integer */
OP_FISTP,/**< Store Integer, Pop */
OP_FISTTP,/**< Store Integer with Truncation */
OP_FISUB,/**< Floating Point Integer Subtract */
OP_FISUBR,/**< Floating Point Reverse Integer Subtract */
OP_FLD,/**< Load Floating Point Value */
OP_FLD1,/**< Load Constant 1 */
OP_FLDCW,/**< Load x87 FPU Control Word */
OP_FLDENV,/**< Load x87 FPU Environment */
OP_FLDL2E,/**< Load Constant log_2(e) */
OP_FLDL2T,/**< Load Constant log_2(10) */
OP_FLDLG2,/**< Load Constant log_10(2) */
OP_FLDLN2,/**< Load Constant log_e(2) */
OP_FLDPI,/**< Load Constant PI */
OP_FLDZ,/**< Load Constant Zero */
OP_FMUL,/**< Floating Point Multiply */
OP_FMULP,/**< Floating Point Multiply, Pop */
OP_FNOP,/**< No Operation */
OP_FPATAN,/**< Partial Arctangent */
OP_FPREM,/**< Partial Remainder */
OP_FPREM1,/**< Partial Remainder */
OP_FPTAN,/**< Partial Tangent */
OP_FRNDINT,/**< Round to Integer */
OP_FRSTOR,/**< Restore x86 FPU State */
OP_FSCALE,/**< Scale */
OP_FSIN,/* Sine */
OP_FSINCOS,/**< Sine and Cosine */
OP_FSQRT,/**< Square Root */
OP_FSAVE,/**< Store x87 FPU State */
OP_FST,/**< Store Floating Point Value */
OP_FSTCW,/**< Store x87 FPU Control Word */
OP_FSTENV,/**< Store x87 FPU Environment */
OP_FSTP,/**< Store Floating Point Value, Pop */
OP_FSTSW,/**< Store x87 FPU Status Word */
OP_FSUB,/**< Floating Point Subtract */
OP_FSUBP,/**< Floating Point Subtract, Pop */
OP_FSUBR,/**< Floating Point Reverse Subtract */
OP_FSUBRP,/**< Floating Point Reverse Subtract, Pop */
OP_FTST,/**< Floating Point Test */
OP_FUCOM,/**< Floating Point Unordered Compare */
OP_FUCOMI,/**< Floating Point Unordered Compare with Integer */
OP_FUCOMIP,/**< Floating Point Unorder Compare with Integer, Pop */
OP_FUCOMP,/**< Floating Point Unorder Compare, Pop */
OP_FUCOMPP,/**< Floating Point Unorder Compare, Pop Twice */
OP_FXAM,/**< Examine ModR/M */
OP_FXCH,/**< Exchange Register Contents */
OP_FXTRACT,/**< Extract Exponent and Significand */
OP_FYL2X,/**< Compute y*log2x */
OP_FYL2XP1 /**< Compute y*log2(x+1) */
};
/** Access type */
enum DIS_ACCESS { |
| b54e540e |
};
/** for mem access, immediate and relative */
enum DIS_SIZE {
SIZEB,/**< Byte size access */
SIZEW,/**< Word size access */
SIZED,/**< Doubleword size access */
SIZEF,/**< 6-byte access (seg+reg pair)*/
SIZEQ,/**< Quadword access */
SIZET,/**< 10-byte access */
SIZEPTR /** ptr */
};
/** X86 registers */
enum X86REGS {
REG_EAX, REG_ECX, REG_EDX, REG_EBX, REG_ESP, REG_EBP, REG_ESI, REG_EDI,
REG_AX, REG_CX, REG_DX, REG_BX, REG_SP, REG_BP, REG_SI, REG_DI,
REG_AH, REG_CH, REG_DH, REG_BH, REG_AL, REG_CL, REG_DL, REG_BL,
REG_ES, REG_CS, REG_SS, REG_DS, REG_FS, REG_GS,
REG_CR0, REG_CR1, REG_CR2, REG_CR3, REG_CR4, REG_CR5, REG_CR6, REG_CR7,
REG_DR0, REG_DR1, REG_DR2, REG_DR3, REG_DR4, REG_DR5, REG_DR6, REG_DR7,
REG_ST0, REG_ST1, REG_ST2, REG_ST3, REG_ST4, REG_ST5, REG_ST6, REG_ST7,
REG_INVALID
};
/** disassembly result, 64-byte, matched by type-8 signatures */
struct DISASM_RESULT {
uint16_t real_op;
uint8_t opsize;
uint8_t adsize;
uint8_t segment;
uint8_t arg[3][10];
uint8_t extra[29];
};
#endif
|