disasm fixes

git-svn: trunk@4144

ChangeLog

@@ -1,3 +1,7 @@
+Tue Aug 26 02:52:10 CEST 2008 (acab)
+------------------------------------
+  * libclamav/disasm*; unit_tests/check_disasm: some fixes, work in progress
+
 Mon Aug 25 23:52:04 CEST 2008 (tk)
 ----------------------------------
   * drop support for Cygwin (due to broken ClamAV builds)

libclamav/disasm.c

@@ -361,6 +361,7 @@ static const char *mnemonic[] = {
   "loop",
   "loope",
   "loopne",
+  "jecxz",
   "lsl",
   "lss",
   "ltr",
@@ -857,7 +858,7 @@ static const struct OPCODES x86ops[2][256] = {{
   PUSHOP(0xe0, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPNE),
   PUSHOP(0xe1, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPE),
   PUSHOP(0xe2, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOP),
-  PUSHOP(0xe3, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_LOOPNE),
+  PUSHOP(0xe3, ADDR_RELJ, SIZE_BYTE, ADDR_NOADDR, SIZE_NOSIZE, OP_JECXZ),
   PUSHOP(0xe4, ADDR_REG_EAX, SIZE_BYTE, ADDR_IMMED, SIZE_BYTE, OP_IN),
   PUSHOP(0xe5, ADDR_REG_EAX, SIZE_WD, ADDR_IMMED, SIZE_BYTE, OP_IN),
   PUSHOP(0xe6, ADDR_IMMED, SIZE_BYTE, ADDR_REG_EAX, SIZE_BYTE, OP_OUT),
@@ -1709,7 +1710,7 @@ void disasmbuf(uint8_t *buff, unsigned int len, int fd) {
       switch(s.args[i].access) {
       case ACCESS_MEM:
 	w.arg[i][2]=s.args[i].arg.marg.r1;
-	w.arg[i][3]=s.args[i].arg.marg.r1;
+	w.arg[i][3]=s.args[i].arg.marg.r2;
 	w.arg[i][4]=s.args[i].arg.marg.scale;
 	w.arg[i][5]=0;
 	cli_writeint32(&w.arg[i][6], s.args[i].arg.marg.disp);

libclamav/disasmpriv.h

@@ -137,6 +137,7 @@ enum X86OPS {
   OP_LOOP,
   OP_LOOPE,
   OP_LOOPNE,
+  OP_JECXZ,
   OP_LSL,
   OP_LSS,
   OP_LTR,

unit_tests/check_disasm.c

@@ -46,6 +46,61 @@ START_TEST (test_disasm_basic) {
 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
   int fd = mkstemp(file);
   uint8_t buf[] = {0x33, 0xc0};
+/*   uint8_t buf[] = { */
+/*     /\* m00/rm000 - add [eax], al *\/ */
+/*     0x00, 0x00, */
+/*     /\* m00/rm011 - add [ebx], edi *\/ */
+/*     0x01, 0x3b, */
+/*     /\* m00/rm100/ss00/idx010/b100 - or [edx*1+esp], dh *\/ */
+/*     0x08, 0x34, 0x14, */
+/*     /\* m00/rm100/ss00/idx100/b001 - or [0*1+ecx], edi *\/ */
+/*     0x09, 0x3c, 0x21, */
+/*     /\* m00/rm100/ss00/idx010/b101 - adc [edx*1+0x42614361], ah *\/ */
+/*     0x10, 0x24, 0x15, 0x61, 0x43, 0x61, 0x42, */
+/*     /\* m00/rm100/ss10/idx111/b110 - adc [edi*4+esi], ecx *\/ */
+/*     0x11, 0x0c, 0xbe, */
+/*     /\* m00/rm101 - sbb [0xaaccaabb], dl *\/ */
+/*     0x18, 0x15, 0xbb, 0xaa, 0xcc, 0xaa, */
+/*     /\* m01/rm001 - sbb [ecx+0xffffffff], esp *\/ */
+/*     0x19, 0x61, 0xff, */
+/*     /\* m10/rm100/ss01/idx110/b010 - and [esi*2+edx+0x0b0a0c0a], ch *\/ */
+/*     0x20, 0xac, 0x72, 0x0a, 0x0c, 0x0a, 0x0b, */
+/*     /\* m10/rm100/ss11/idx011/b101 - and [eax*8+ebp+0xabacabac], ebx *\/ */
+/*     0x21, 0x9c, 0xc5, 0xac, 0xab, 0xac, 0xab, */
+/*     /\* m11/rm100 - sub ah, dh *\/ */
+/*     0x28, 0xf4, */
+/*     /\* m11/rm101 - sub ebp, edx *\/ */
+/*     0x29, 0xd5, */
+/*     /\* mov al, 17 *\/ */
+/*     0x04, 0x17, */
+/*     /\* pop es *\/ */
+/*     0x07, */
+/*     /\* push cs *\/ */
+/*     0x0e, */
+/*     /\* adc eax, 0x37333331 *\/ */
+/*     0x15, 0x31, 0x33, 0x33, 0x37, */
+/*     /\* sbb ax, 3713 *\/ */
+/*     0x66, 0x1d, 0x13, 0x37, */
+/*     /\* inc esi *\/ */
+/*     0x46, */
+/*     /\* jnc +0x31 *\/ */
+/*     0x73, 0x31, */
+/*     /\* pop [edx] *\/ */
+/*     0x8f, 0x02, */
+/*     /\* nop *\/ */
+/*     0x90, */
+/*     /\* call far 1122:33445566 *\/ */
+/*     0x9a, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, */
+/*     /\* mov [11223344], eax *\/ */
+/*     0xa2, 0x44, 0x33, 0x22, 0x11, */
+/*     /\* enter 1122, 33 *\/ */
+/*     0xc8, 0x22, 0x11, 0x33, */
+/*     /\* rcl [ecx], 1 *\/ */
+/*     0xd0, 0x11, */
+    
+/*     /\* WIP... *\/ */
+
+/*   }; */
   off_t *d;
   off_t size;