Skip to content

Commit dbfc425

Browse files
hainesthainest
authored
Update read/written registers for x86 enter/leave instructions (#2788)
1 parent be9a4d2 commit dbfc425

File tree

2 files changed

+129
-0
lines changed

2 files changed

+129
-0
lines changed

arch/X86/X86Mapping.c

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1099,6 +1099,51 @@ void X86_get_insn_id(cs_struct *h, cs_insn *insn, unsigned int id)
10991099
break;
11001100
}
11011101
break;
1102+
1103+
case X86_INS_ENTER:
1104+
case X86_INS_LEAVE:
1105+
switch (h->mode) {
1106+
default:
1107+
break;
1108+
case CS_MODE_16:
1109+
arr_replace(
1110+
insn->detail->regs_read,
1111+
insn->detail->regs_read_count,
1112+
X86_REG_EBP, X86_REG_BP);
1113+
arr_replace(
1114+
insn->detail->regs_read,
1115+
insn->detail->regs_read_count,
1116+
X86_REG_ESP, X86_REG_SP);
1117+
1118+
arr_replace(
1119+
insn->detail->regs_write,
1120+
insn->detail->regs_write_count,
1121+
X86_REG_EBP, X86_REG_BP);
1122+
arr_replace(
1123+
insn->detail->regs_write,
1124+
insn->detail->regs_write_count,
1125+
X86_REG_ESP, X86_REG_SP);
1126+
break;
1127+
case CS_MODE_64:
1128+
arr_replace(
1129+
insn->detail->regs_read,
1130+
insn->detail->regs_read_count,
1131+
X86_REG_EBP, X86_REG_RBP);
1132+
arr_replace(
1133+
insn->detail->regs_read,
1134+
insn->detail->regs_read_count,
1135+
X86_REG_ESP, X86_REG_RSP);
1136+
arr_replace(
1137+
insn->detail->regs_write,
1138+
insn->detail->regs_write_count,
1139+
X86_REG_EBP, X86_REG_RBP);
1140+
arr_replace(
1141+
insn->detail->regs_write,
1142+
insn->detail->regs_write_count,
1143+
X86_REG_ESP, X86_REG_RSP);
1144+
break;
1145+
}
1146+
break;
11021147
}
11031148

11041149
memcpy(insn->detail->groups, insns[i].groups,

tests/details/x86.yaml

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3048,3 +3048,87 @@ test_cases:
30483048
fpu_flags: [X86_FPU_FLAGS_MODIFY_C0, X86_FPU_FLAGS_MODIFY_C1, X86_FPU_FLAGS_MODIFY_C2, X86_FPU_FLAGS_MODIFY_C3 ]
30493049
regs_read: [ st(0) ]
30503050
regs_write: [ st(0), fpsw ]
3051+
3052+
-
3053+
input:
3054+
name: "Enter/leave instructions, 16-bit decode mode"
3055+
bytes: [
3056+
0xc8, 0x34, 0x12, 0x05, # enter 0x1234, 0x5 (Create a stack frame of size 0x1234 with a nesting level of 0x5)
3057+
0xc9 # leave
3058+
]
3059+
arch: "x86"
3060+
options: [ CS_OPT_DETAIL, CS_MODE_16 ]
3061+
expected:
3062+
insns:
3063+
-
3064+
asm_text: "enter 0x1234, 0x5"
3065+
details:
3066+
x86:
3067+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3068+
opcode: [ 0xc8, 0x00, 0x00, 0x00 ]
3069+
regs_read: [ bp, sp ]
3070+
regs_write: [ bp, sp ]
3071+
-
3072+
asm_text: "leave"
3073+
details:
3074+
x86:
3075+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3076+
opcode: [ 0xc9, 0x00, 0x00, 0x00 ]
3077+
regs_read: [ bp, sp ]
3078+
regs_write: [ bp, sp ]
3079+
3080+
-
3081+
input:
3082+
name: "Enter/leave instructions, 32-bit decode mode"
3083+
bytes: [
3084+
0xc8, 0x34, 0x12, 0x05, # enter 0x1234, 0x5 (Create a stack frame of size 0x1234 with a nesting level of 0x5)
3085+
0xc9 # leave
3086+
]
3087+
arch: "x86"
3088+
options: [ CS_OPT_DETAIL, CS_MODE_32 ]
3089+
expected:
3090+
insns:
3091+
-
3092+
asm_text: "enter 0x1234, 0x5"
3093+
details:
3094+
x86:
3095+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3096+
opcode: [ 0xc8, 0x00, 0x00, 0x00 ]
3097+
regs_read: [ ebp, esp ]
3098+
regs_write: [ ebp, esp ]
3099+
-
3100+
asm_text: "leave"
3101+
details:
3102+
x86:
3103+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3104+
opcode: [ 0xc9, 0x00, 0x00, 0x00 ]
3105+
regs_read: [ ebp, esp ]
3106+
regs_write: [ ebp, esp ]
3107+
3108+
-
3109+
input:
3110+
name: "Enter/leave instructions, 64-bit decode mode"
3111+
bytes: [
3112+
0xc8, 0x34, 0x12, 0x05, # enter 0x1234, 0x5 (Create a stack frame of size 0x1234 with a nesting level of 0x5)
3113+
0xc9 # leave
3114+
]
3115+
arch: "x86"
3116+
options: [ CS_OPT_DETAIL, CS_MODE_64 ]
3117+
expected:
3118+
insns:
3119+
-
3120+
asm_text: "enter 0x1234, 0x5"
3121+
details:
3122+
x86:
3123+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3124+
opcode: [ 0xc8, 0x00, 0x00, 0x00 ]
3125+
regs_read: [ rbp, rsp ]
3126+
regs_write: [ rbp, rsp ]
3127+
-
3128+
asm_text: "leave"
3129+
details:
3130+
x86:
3131+
prefix: [ X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0, X86_PREFIX_0 ]
3132+
opcode: [ 0xc9, 0x00, 0x00, 0x00 ]
3133+
regs_read: [ rbp, rsp ]
3134+
regs_write: [ rbp, rsp ]

0 commit comments

Comments
 (0)