@@ -1,3 +1,7 @@

+Tue Aug 26 02:52:10 CEST 2008 (acab)

+------------------------------------

+  * libclamav/disasm*; unit_tests/check_disasm: some fixes, work in progress

+

 Mon Aug 25 23:52:04 CEST 2008 (tk)

 ----------------------------------

   * drop support for Cygwin (due to broken ClamAV builds)

@@ -361,6 +361,7 @@ static const char *mnemonic[] = {

   "loop",

   "loope",

   "loopne",

+  "jecxz",

   "lsl",

   "lss",

   "ltr",

@@ -857,7 +858,7 @@ static const struct OPCODES x86ops[2][256] = {{

   PUSHOP(0xe0, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPNE),

   PUSHOP(0xe1, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPE),

   PUSHOP(0xe2, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOP),

-  PUSHOP(0xe3, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPNE),

+  PUSHOP(0xe3, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_JECXZ),

   PUSHOP(0xe4, ADDR_REG_EAX, SIZE_BYTE, ADDR_IMMED, SIZE_BYTE, OP_IN),

   PUSHOP(0xe5, ADDR_REG_EAX, SIZE_WD, ADDR_IMMED, SIZE_BYTE, OP_IN),

   PUSHOP(0xe6, ADDR_IMMED, SIZE_BYTE, ADDR_REG_EAX, SIZE_BYTE, OP_OUT),

@@ -1709,7 +1710,7 @@ void disasmbuf(uint8_t *buff, unsigned int len, int fd) {

       switch(s.args[i].access) {

       case ACCESS_MEM:

 	w.arg[i][2]=s.args[i].arg.marg.r1;

-	w.arg[i][3]=s.args[i].arg.marg.r1;

+	w.arg[i][3]=s.args[i].arg.marg.r2;

 	w.arg[i][4]=s.args[i].arg.marg.scale;

 	w.arg[i][5]=0;

 	cli_writeint32(&w.arg[i][6], s.args[i].arg.marg.disp);

@@ -137,6 +137,7 @@ enum X86OPS {

   OP_LOOP,

   OP_LOOPE,

   OP_LOOPNE,

+  OP_JECXZ,

   OP_LSL,

   OP_LSS,

   OP_LTR,

@@ -46,6 +46,61 @@ START_TEST (test_disasm_basic) {

 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";

   int fd = mkstemp(file);

   uint8_t buf[] = {0x33, 0xc0};

+/*   uint8_t buf[] = { */

+/*     /\* m00/rm000 - add [eax], al *\/ */

+/*     0x00, 0x00, */

+/*     /\* m00/rm011 - add [ebx], edi *\/ */

+/*     0x01, 0x3b, */

+/*     /\* m00/rm100/ss00/idx010/b100 - or [edx*1+esp], dh *\/ */

+/*     0x08, 0x34, 0x14, */

+/*     /\* m00/rm100/ss00/idx100/b001 - or [0*1+ecx], edi *\/ */

+/*     0x09, 0x3c, 0x21, */

+/*     /\* m00/rm100/ss00/idx010/b101 - adc [edx*1+0x42614361], ah *\/ */

+/*     0x10, 0x24, 0x15, 0x61, 0x43, 0x61, 0x42, */

+/*     /\* m00/rm100/ss10/idx111/b110 - adc [edi*4+esi], ecx *\/ */

+/*     0x11, 0x0c, 0xbe, */

+/*     /\* m00/rm101 - sbb [0xaaccaabb], dl *\/ */

+/*     0x18, 0x15, 0xbb, 0xaa, 0xcc, 0xaa, */

+/*     /\* m01/rm001 - sbb [ecx+0xffffffff], esp *\/ */

+/*     0x19, 0x61, 0xff, */

+/*     /\* m10/rm100/ss01/idx110/b010 - and [esi*2+edx+0x0b0a0c0a], ch *\/ */

+/*     0x20, 0xac, 0x72, 0x0a, 0x0c, 0x0a, 0x0b, */

+/*     /\* m10/rm100/ss11/idx011/b101 - and [eax*8+ebp+0xabacabac], ebx *\/ */

+/*     0x21, 0x9c, 0xc5, 0xac, 0xab, 0xac, 0xab, */

+/*     /\* m11/rm100 - sub ah, dh *\/ */

+/*     0x28, 0xf4, */

+/*     /\* m11/rm101 - sub ebp, edx *\/ */

+/*     0x29, 0xd5, */

+/*     /\* mov al, 17 *\/ */

+/*     0x04, 0x17, */

+/*     /\* pop es *\/ */

+/*     0x07, */

+/*     /\* push cs *\/ */

+/*     0x0e, */

+/*     /\* adc eax, 0x37333331 *\/ */

+/*     0x15, 0x31, 0x33, 0x33, 0x37, */

+/*     /\* sbb ax, 3713 *\/ */

+/*     0x66, 0x1d, 0x13, 0x37, */

+/*     /\* inc esi *\/ */

+/*     0x46, */

+/*     /\* jnc +0x31 *\/ */

+/*     0x73, 0x31, */

+/*     /\* pop [edx] *\/ */

+/*     0x8f, 0x02, */

+/*     /\* nop *\/ */

+/*     0x90, */

+/*     /\* call far 1122:33445566 *\/ */

+/*     0x9a, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, */

+/*     /\* mov [11223344], eax *\/ */

+/*     0xa2, 0x44, 0x33, 0x22, 0x11, */

+/*     /\* enter 1122, 33 *\/ */

+/*     0xc8, 0x22, 0x11, 0x33, */

+/*     /\* rcl [ecx], 1 *\/ */

+/*     0xd0, 0x11, */

+    

+/*     /\* WIP... *\/ */

+

+/*   }; */

   off_t *d;

   off_t size;