+/*
+ * ia32rtools
+ * (C) notaz, 2013,2014
+ *
+ * This work is licensed under the terms of 3-clause BSD license.
+ * See COPYING file in the top-level directory.
+ */
+
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
OPF_ATAIL = (1 << 14), /* tail call with reused arg frame */
OPF_32BIT = (1 << 15), /* 32bit division */
OPF_LOCK = (1 << 16), /* op has lock prefix */
+ OPF_VAPUSH = (1 << 17), /* vararg ptr push (as call arg) */
};
enum op_op {
OP_SHL,
OP_SHR,
OP_SAR,
+ OP_SHRD,
OP_ROL,
OP_ROR,
OP_RCL,
unsigned char pfo;
unsigned char pfo_inv;
unsigned char operand_cnt;
- unsigned char pad;
+ unsigned char p_argnum; // push: altered before call arg #
+ unsigned char p_argpass;// push: arg of host func
+ unsigned char pad[3];
int regmask_src; // all referensed regs
int regmask_dst;
int pfomask; // flagop: parsed_flag_op that can't be delayed
- int argnum; // push: altered before call arg #
int cc_scratch; // scratch storage during analysis
int bt_i; // branch target for branches
struct parsed_data *btj;// branch targets for jumptables
struct parsed_proto *pp;// parsed_proto for OP_CALL
void *datap;
+ int asmln;
};
// datap:
static int g_ida_func_attr;
static int g_allow_regfunc;
#define ferr(op_, fmt, ...) do { \
- printf("error:%s:#%zd: '%s': " fmt, g_func, (op_) - ops, \
+ printf("%s:%d: error: [%s] '%s': " fmt, asmfn, (op_)->asmln, g_func, \
dump_op(op_), ##__VA_ARGS__); \
fcloseall(); \
exit(1); \
} while (0)
#define fnote(op_, fmt, ...) \
- printf("error:%s:#%zd: '%s': " fmt, g_func, (op_) - ops, \
+ printf("%s:%d: note: [%s] '%s': " fmt, asmfn, (op_)->asmln, g_func, \
dump_op(op_), ##__VA_ARGS__)
#define MAX_REGS 8
snprintf(buf, buf_size, number < 10 ? "%lu" : "0x%02lx", number);
}
+static int check_segment_prefix(const char *s)
+{
+ if (s[0] == 0 || s[1] != 's' || s[2] != ':')
+ return 0;
+
+ switch (s[0]) {
+ case 'c': return 1;
+ case 'd': return 2;
+ case 's': return 3;
+ case 'e': return 4;
+ case 'f': return 5;
+ case 'g': return 6;
+ default: return 0;
+ }
+}
+
static int parse_reg(enum opr_lenmod *reg_lmod, const char *s)
{
int reg;
s++;
*d = 0;
- // skip 'ds:' prefix
- if (IS_START(s, "ds:"))
+ // skip '?s:' prefixes
+ if (check_segment_prefix(s))
s += 3;
s = next_idt(w, sizeof(w), s);
return 0;
}
-static const char *parse_stack_el(const char *name, char *extra_reg)
+static const char *parse_stack_el(const char *name, char *extra_reg,
+ int early_try)
{
const char *p, *p2, *s;
char *endp = NULL;
long val;
int len;
- p = name;
- if (IS_START(p + 3, "+ebp+") && is_reg_in_str(p)) {
- p += 4;
- if (extra_reg != NULL) {
- strncpy(extra_reg, name, 3);
- extra_reg[4] = 0;
+ if (g_bp_frame || early_try)
+ {
+ p = name;
+ if (IS_START(p + 3, "+ebp+") && is_reg_in_str(p)) {
+ p += 4;
+ if (extra_reg != NULL) {
+ strncpy(extra_reg, name, 3);
+ extra_reg[4] = 0;
+ }
}
- }
- if (IS_START(p, "ebp+")) {
- p += 4;
+ if (IS_START(p, "ebp+")) {
+ p += 4;
- p2 = strchr(p, '+');
- if (p2 != NULL && is_reg_in_str(p)) {
- if (extra_reg != NULL) {
- strncpy(extra_reg, p, p2 - p);
- extra_reg[p2 - p] = 0;
+ p2 = strchr(p, '+');
+ if (p2 != NULL && is_reg_in_str(p)) {
+ if (extra_reg != NULL) {
+ strncpy(extra_reg, p, p2 - p);
+ extra_reg[p2 - p] = 0;
+ }
+ p = p2 + 1;
}
- p = p2 + 1;
- }
- if (!('0' <= *p && *p <= '9'))
- return p;
+ if (!('0' <= *p && *p <= '9'))
+ return p;
- return NULL;
+ return NULL;
+ }
}
if (!IS_START(name, "esp+"))
static const char *dword_types[] = {
"int", "_DWORD", "UINT_PTR", "DWORD",
"WPARAM", "LPARAM", "UINT", "__int32",
- "LONG", "HIMC",
+ "LONG", "HIMC", "BOOL", "size_t",
+ "float",
};
static const char *word_types[] = {
- "uint16_t", "int16_t", "_WORD",
+ "uint16_t", "int16_t", "_WORD", "WORD",
"unsigned __int16", "__int16",
};
static const char *byte_types[] = {
"uint8_t", "int8_t", "char",
"unsigned __int8", "__int8", "BYTE", "_BYTE",
"CHAR", "_UNKNOWN",
+ // structures.. deal the same as with _UNKNOWN for now
+ "CRITICAL_SECTION",
};
const char *n;
int i;
if (label != NULL) {
opr->type = OPT_LABEL;
- if (IS_START(label, "ds:")) {
+ ret = check_segment_prefix(label);
+ if (ret != 0) {
+ if (ret >= 5)
+ aerr("fs/gs used\n");
opr->had_ds = 1;
label += 3;
}
if (wordc_in == 2) {
if (IS(words[w], "offset")) {
opr->type = OPT_OFFSET;
+ opr->lmod = OPLM_DWORD;
strcpy(opr->name, words[w + 1]);
- return wordc;
+ pp = proto_parse(g_fhdr, opr->name, 1);
+ goto do_label;
}
if (IS(words[w], "(offset")) {
p = strchr(words[w + 1], ')');
if (wordc_in != 1)
aerr("parse_operand 1 word expected\n");
- if (IS_START(words[w], "ds:")) {
+ ret = check_segment_prefix(words[w]);
+ if (ret != 0) {
+ if (ret >= 5)
+ aerr("fs/gs used\n");
opr->had_ds = 1;
memmove(words[w], words[w] + 3, strlen(words[w]) - 2);
}
aerr("[] parse failure\n");
parse_indmode(opr->name, regmask_indirect, 1);
- if (opr->lmod == OPLM_UNSPEC && parse_stack_el(opr->name, NULL)) {
+ if (opr->lmod == OPLM_UNSPEC && parse_stack_el(opr->name, NULL, 1))
+ {
// might be an equ
struct parsed_equ *eq =
- equ_find(NULL, parse_stack_el(opr->name, NULL), &i);
+ equ_find(NULL, parse_stack_el(opr->name, NULL, 1), &i);
if (eq)
opr->lmod = eq->lmod;
}
{ "shr", OP_SHR, 2, 2, OPF_DATA|OPF_FLAGS },
{ "sal", OP_SHL, 2, 2, OPF_DATA|OPF_FLAGS },
{ "sar", OP_SAR, 2, 2, OPF_DATA|OPF_FLAGS },
+ { "shrd", OP_SHRD, 3, 3, OPF_DATA|OPF_FLAGS },
{ "rol", OP_ROL, 2, 2, OPF_DATA|OPF_FLAGS },
{ "ror", OP_ROR, 2, 2, OPF_DATA|OPF_FLAGS },
{ "rcl", OP_RCL, 2, 2, OPF_DATA|OPF_FLAGS|OPF_CC, PFO_C },
op->pfo = op_table[i].pfo;
op->pfo_inv = op_table[i].pfo_inv;
op->regmask_src = op->regmask_dst = 0;
+ op->asmln = asmln;
for (opr = 0; opr < op_table[i].minopr; opr++) {
regmask = regmask_ind = 0;
op->operand[1].lmod = OPLM_BYTE;
break;
+ case OP_SHRD:
+ if (op->operand[2].lmod == OPLM_UNSPEC)
+ op->operand[2].lmod = OPLM_BYTE;
+ break;
+
case OP_PUSH:
if (op->operand[0].lmod == OPLM_UNSPEC
&& (op->operand[0].type == OPT_CONST
static int is_stack_access(struct parsed_op *po,
const struct parsed_opr *popr)
{
- return (parse_stack_el(popr->name, NULL)
+ return (parse_stack_el(popr->name, NULL, 0)
|| (g_bp_frame && !(po->flags & OPF_EBP_S)
&& IS_START(popr->name, "ebp")));
}
ferr(po, "ebp- parse of '%s' failed\n", name);
}
else {
- bp_arg = parse_stack_el(name, ofs_reg);
+ bp_arg = parse_stack_el(name, ofs_reg, 0);
snprintf(g_comment, sizeof(g_comment), "%s", bp_arg);
eq = equ_find(po, bp_arg, &offset);
if (eq == NULL)
*bp_arg_out = bp_arg;
}
-static void stack_frame_access(struct parsed_op *po,
+static int stack_frame_access(struct parsed_op *po,
struct parsed_opr *popr, char *buf, size_t buf_size,
const char *name, const char *cast, int is_src, int is_lea)
{
int unaligned = 0;
int stack_ra = 0;
int offset = 0;
+ int retval = -1;
int sf_ofs;
int lim;
if (cast[0] == 0)
cast = "(u32)";
snprintf(buf, buf_size, "%sap", cast);
- return;
+ return -1;
}
ferr(po, "offset %d (%s,%d) doesn't map to any arg\n",
offset, bp_arg, arg_i);
ferr(po, "arg %d not in prototype?\n", arg_i);
popr->is_ptr = g_func_pp->arg[i].type.is_ptr;
+ retval = i;
switch (popr->lmod)
{
// common problem
guess_lmod_from_c_type(&tmp_lmod, &g_func_pp->arg[i].type);
if (tmp_lmod != OPLM_DWORD
- && (unaligned || (!is_src && tmp_lmod < popr->lmod)))
+ && (unaligned || (!is_src && lmod_bytes(po, tmp_lmod)
+ < lmod_bytes(po, popr->lmod) + (offset & 3))))
{
ferr(po, "bp_arg arg%d/w offset %d and type '%s' is too small\n",
i + 1, offset, g_func_pp->arg[i].type.name);
ferr(po, "bp_stack bad lmod: %d\n", popr->lmod);
}
}
+
+ return retval;
}
static void check_func_pp(struct parsed_op *po,
const struct parsed_proto *pp, const char *pfx)
{
+ enum opr_lenmod tmp_lmod;
char buf[256];
+ int ret, i;
if (pp->argc_reg != 0) {
if (/*!g_allow_regfunc &&*/ !pp->is_fastcall) {
ferr(po, "%s: %d reg arg(s) with %d stack arg(s)\n",
pfx, pp->argc_reg, pp->argc_stack);
}
+
+ // fptrs must use 32bit args, callsite might have no information and
+ // lack a cast to smaller types, which results in incorrectly masked
+ // args passed (callee may assume masked args, it does on ARM)
+ if (!pp->is_oslib) {
+ for (i = 0; i < pp->argc; i++) {
+ ret = guess_lmod_from_c_type(&tmp_lmod, &pp->arg[i].type);
+ if (ret && tmp_lmod != OPLM_DWORD)
+ ferr(po, "reference to %s with arg%d '%s'\n", pp->name,
+ i + 1, pp->arg[i].type.name);
+ }
+ }
}
static const char *check_label_read_ref(struct parsed_op *po,
}
if ((po->flags & OPF_RMD)
- || (po->op == OP_PUSH && po->argnum != 0)) // arg push
+ || (po->op == OP_PUSH && po->p_argnum != 0)) // arg push
continue;
if ((po->flags & OPF_JMP) && po->op != OP_CALL) {
return pp;
}
-static int try_resolve_const(int i, const struct parsed_opr *opr,
- int magic, unsigned int *val)
+// find an instruction that changed opr before i op
+// *op_i must be set to -1
+static int resolve_origin(int i, const struct parsed_opr *opr,
+ int magic, int *op_i)
{
struct label_ref *lr;
int ret = 0;
if (g_labels[i][0] != 0) {
lr = &g_label_refs[i];
for (; lr != NULL; lr = lr->next)
- ret |= try_resolve_const(lr->i, opr, magic, val);
+ ret |= resolve_origin(lr->i, opr, magic, op_i);
if (i > 0 && LAST_OP(i - 1))
return ret;
}
continue;
if (!is_opr_modified(opr, &ops[i]))
continue;
+
+ if (*op_i >= 0) {
+ if (*op_i == i)
+ return 1;
+ // XXX: could check if the other op does the same
+ return -1;
+ }
+
+ *op_i = i;
+ return 1;
+ }
+}
+
+static int try_resolve_const(int i, const struct parsed_opr *opr,
+ int magic, unsigned int *val)
+{
+ int s_i = -1;
+ int ret = 0;
+
+ ret = resolve_origin(i, opr, magic, &s_i);
+ if (ret == 1) {
+ i = s_i;
if (ops[i].op != OP_MOV && ops[i].operand[1].type != OPT_CONST)
return -1;
*val = ops[i].operand[1].val;
return 1;
}
+
+ return -1;
}
static int collect_call_args_r(struct parsed_op *po, int i,
struct parsed_proto *pp_tmp;
struct label_ref *lr;
int need_to_save_current;
+ int save_args;
int ret = 0;
- int j;
+ int reg;
+ char buf[32];
+ int j, k;
if (i < 0) {
ferr(po, "dead label encountered\n");
ferr(po, "arg collect %d/%d hit '%s' with %d stack args\n",
arg, pp->argc, opr_name(&ops[j], 0), pp_tmp->argc_stack);
}
- else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP) {
+ // esp adjust of 0 means we collected it before
+ else if (ops[j].op == OP_ADD && ops[j].operand[0].reg == xSP
+ && (ops[j].operand[1].type != OPT_CONST
+ || ops[j].operand[1].val != 0))
+ {
if (pp->is_unresolved)
break;
- ferr(po, "arg collect %d/%d hit esp adjust\n",
- arg, pp->argc);
+ ferr(po, "arg collect %d/%d hit esp adjust of %d\n",
+ arg, pp->argc, ops[j].operand[1].val);
}
else if (ops[j].op == OP_POP) {
if (pp->is_unresolved)
pp->arg[arg].datap = &ops[j];
need_to_save_current = 0;
+ save_args = 0;
+ reg = -1;
+ if (ops[j].operand[0].type == OPT_REG)
+ reg = ops[j].operand[0].reg;
+
if (!need_op_saving) {
ret = scan_for_mod(&ops[j], j + 1, i, 1);
need_to_save_current = (ret >= 0);
if (need_op_saving || need_to_save_current) {
// mark this push as one that needs operand saving
ops[j].flags &= ~OPF_RMD;
- if (ops[j].argnum == 0) {
- ops[j].argnum = arg + 1;
- *save_arg_vars |= 1 << arg;
+ if (ops[j].p_argnum == 0) {
+ ops[j].p_argnum = arg + 1;
+ save_args |= 1 << arg;
+ }
+ else if (ops[j].p_argnum < arg + 1) {
+ // XXX: might kill valid var..
+ //*save_arg_vars &= ~(1 << (ops[j].p_argnum - 1));
+ ops[j].p_argnum = arg + 1;
+ save_args |= 1 << arg;
}
- else if (ops[j].argnum < arg + 1)
- ferr(&ops[j], "argnum conflict (%d<%d) for '%s'\n",
- ops[j].argnum, arg + 1, pp->name);
}
- else if (ops[j].argnum == 0)
+ else if (ops[j].p_argnum == 0)
ops[j].flags |= OPF_RMD;
// some PUSHes are reused by different calls on other branches,
ops[j].flags &= ~OPF_RSAVE;
+ // check for __VALIST
+ if (!pp->is_unresolved && pp->arg[arg].type.is_va_list) {
+ k = -1;
+ ret = resolve_origin(j, &ops[j].operand[0], magic + 1, &k);
+ if (ret == 1 && k >= 0)
+ {
+ if (ops[k].op == OP_LEA) {
+ snprintf(buf, sizeof(buf), "arg_%X",
+ g_func_pp->argc_stack * 4);
+ if (!g_func_pp->is_vararg
+ || strstr(ops[k].operand[1].name, buf))
+ {
+ ops[k].flags |= OPF_RMD;
+ ops[j].flags |= OPF_RMD | OPF_VAPUSH;
+ save_args &= ~(1 << arg);
+ reg = -1;
+ }
+ else
+ ferr(&ops[j], "lea va_list used, but no vararg?\n");
+ }
+ // check for va_list from g_func_pp arg too
+ else if (ops[k].op == OP_MOV
+ && is_stack_access(&ops[k], &ops[k].operand[1]))
+ {
+ ret = stack_frame_access(&ops[k], &ops[k].operand[1],
+ buf, sizeof(buf), ops[k].operand[1].name, "", 1, 0);
+ if (ret >= 0) {
+ ops[k].flags |= OPF_RMD;
+ ops[j].flags |= OPF_RMD;
+ ops[j].p_argpass = ret + 1;
+ save_args &= ~(1 << arg);
+ reg = -1;
+ }
+ }
+ }
+ }
+
+ *save_arg_vars |= save_args;
+
+ // tracking reg usage
+ if (reg >= 0)
+ *regmask |= 1 << reg;
+
arg++;
if (!pp->is_unresolved) {
// next arg
break;
}
magic = (magic & 0xffffff) | (arg << 24);
-
- // tracking reg usage
- if (ops[j].operand[0].type == OPT_REG)
- *regmask |= 1 << ops[j].operand[0].reg;
}
}
if (g_func_pp == NULL)
ferr(ops, "proto_parse failed for '%s'\n", funcn);
- fprintf(fout, "%s ", g_func_pp->ret_type.name);
- output_pp_attrs(fout, g_func_pp, g_ida_func_attr & IDAFA_NORETURN);
- fprintf(fout, "%s(", g_func_pp->name);
-
for (i = 0; i < g_func_pp->argc; i++) {
- if (i > 0)
- fprintf(fout, ", ");
- if (g_func_pp->arg[i].fptr != NULL) {
- // func pointer..
- pp = g_func_pp->arg[i].fptr;
- fprintf(fout, "%s (", pp->ret_type.name);
- output_pp_attrs(fout, pp, 0);
- fprintf(fout, "*a%d)(", i + 1);
- for (j = 0; j < pp->argc; j++) {
- if (j > 0)
- fprintf(fout, ", ");
- if (pp->arg[j].fptr)
- ferr(ops, "nested fptr\n");
- fprintf(fout, "%s", pp->arg[j].type.name);
- }
- if (pp->is_vararg) {
- if (j > 0)
- fprintf(fout, ", ");
- fprintf(fout, "...");
- }
- fprintf(fout, ")");
- }
- else if (g_func_pp->arg[i].type.is_retreg) {
- fprintf(fout, "u32 *r_%s", g_func_pp->arg[i].reg);
- }
- else {
- fprintf(fout, "%s a%d", g_func_pp->arg[i].type.name, i + 1);
- }
if (g_func_pp->arg[i].reg != NULL) {
reg = char_array_i(regs_r32,
ARRAY_SIZE(regs_r32), g_func_pp->arg[i].reg);
regmask_arg |= 1 << reg;
}
}
- if (g_func_pp->is_vararg) {
- if (i > 0)
- fprintf(fout, ", ");
- fprintf(fout, "...");
- }
-
- fprintf(fout, ")\n{\n");
// pass1:
// - handle ebp/esp frame, remove ops related to it
} while (i < opcnt);
}
else {
- for (i = 0; i < opcnt; i++) {
+ int ecx_push = 0, esp_sub = 0;
+
+ i = 0;
+ while (ops[i].op == OP_PUSH && IS(opr_name(&ops[i], 0), "ecx")) {
+ ops[i].flags |= OPF_RMD;
+ g_stack_fsz += 4;
+ ecx_push++;
+ i++;
+ }
+
+ for (; i < opcnt; i++) {
if (ops[i].op == OP_PUSH || (ops[i].flags & (OPF_JMP|OPF_TAIL)))
break;
if (ops[i].op == OP_SUB && ops[i].operand[0].reg == xSP
&& ops[i].operand[1].type == OPT_CONST)
{
- g_sp_frame = 1;
+ g_stack_fsz = ops[i].operand[1].val;
+ ops[i].flags |= OPF_RMD;
+ esp_sub = 1;
break;
}
}
found = 0;
- if (g_sp_frame)
+ if (ecx_push || esp_sub)
{
- g_stack_fsz = ops[i].operand[1].val;
- ops[i].flags |= OPF_RMD;
+ g_sp_frame = 1;
i++;
do {
j--;
}
- if (ops[j].op != OP_ADD
- || !IS(opr_name(&ops[j], 0), "esp")
- || ops[j].operand[1].type != OPT_CONST
- || ops[j].operand[1].val != g_stack_fsz)
- ferr(&ops[j], "'add esp' expected\n");
- ops[j].flags |= OPF_RMD;
+ if (ecx_push > 0) {
+ for (l = 0; l < ecx_push; l++) {
+ if (ops[j].op != OP_POP
+ || !IS(opr_name(&ops[j], 0), "ecx"))
+ {
+ ferr(&ops[j], "'pop ecx' expected\n");
+ }
+ ops[j].flags |= OPF_RMD;
+ j--;
+ }
+
+ found = 1;
+ }
+
+ if (esp_sub) {
+ if (ops[j].op != OP_ADD
+ || !IS(opr_name(&ops[j], 0), "esp")
+ || ops[j].operand[1].type != OPT_CONST
+ || ops[j].operand[1].val != g_stack_fsz)
+ ferr(&ops[j], "'add esp' expected\n");
+ ops[j].flags |= OPF_RMD;
+
+ found = 1;
+ }
- found = 1;
i++;
} while (i < opcnt);
}
// indirect call
pp_c = resolve_icall(i, opcnt, &l);
if (pp_c != NULL) {
+ if (!pp_c->is_func && !pp_c->is_fptr)
+ ferr(po, "call to non-func: %s\n", pp_c->name);
pp = proto_clone(pp_c);
my_assert_not(pp, NULL);
if (l)
regmask_save |= 1 << reg;
}
- if (po->op == OP_PUSH && po->argnum == 0
+ if (po->op == OP_PUSH && po->p_argnum == 0
&& !(po->flags & OPF_RSAVE) && !g_func_pp->is_userstack)
{
if (po->operand[0].type == OPT_REG)
pfomask = 1 << po->pfo;
}
- if (tmp_op->op == OP_ADD && po->pfo == PFO_C)
- need_tmp64 = 1;
+ if (tmp_op->op == OP_ADD && po->pfo == PFO_C) {
+ propagate_lmod(tmp_op, &tmp_op->operand[0],
+ &tmp_op->operand[1]);
+ if (tmp_op->operand[0].lmod == OPLM_DWORD)
+ need_tmp64 = 1;
+ }
}
if (pfomask) {
tmp_op->pfomask |= pfomask;
else if (po->op == OP_MUL
|| (po->op == OP_IMUL && po->operand_cnt == 1))
{
- need_tmp64 = 1;
+ if (po->operand[0].lmod == OPLM_DWORD)
+ need_tmp64 = 1;
}
else if (po->op == OP_CALL) {
pp = po->pp;
tmp_op = pp->arg[arg].datap;
if (tmp_op == NULL)
ferr(po, "parsed_op missing for arg%d\n", arg);
- if (tmp_op->argnum == 0 && tmp_op->operand[0].type == OPT_REG)
+ if (tmp_op->p_argnum == 0 && tmp_op->operand[0].type == OPT_REG)
regmask_stack |= 1 << tmp_op->operand[0].reg;
}
}
}
}
-
- // declare indirect funcs
- if (pp->is_fptr && !(pp->name[0] != 0 && pp->is_arg)) {
- if (pp->name[0] != 0) {
- memmove(pp->name + 2, pp->name, strlen(pp->name) + 1);
- memcpy(pp->name, "i_", 2);
-
- // might be declared already
- found = 0;
- for (j = 0; j < i; j++) {
- if (ops[j].op == OP_CALL && (pp_tmp = ops[j].pp)) {
- if (pp_tmp->is_fptr && IS(pp->name, pp_tmp->name)) {
- found = 1;
- break;
- }
- }
- }
- if (found)
- continue;
- }
- else
- snprintf(pp->name, sizeof(pp->name), "icall%d", i);
-
- fprintf(fout, " %s (", pp->ret_type.name);
- output_pp_attrs(fout, pp, 0);
- fprintf(fout, "*%s)(", pp->name);
- for (j = 0; j < pp->argc; j++) {
- if (j > 0)
- fprintf(fout, ", ");
- fprintf(fout, "%s a%d", pp->arg[j].type.name, j + 1);
+ }
+ else if (po->op == OP_MOV && po->operand[0].pp != NULL
+ && po->operand[1].pp != NULL)
+ {
+ // <var> = offset <something>
+ if ((po->operand[1].pp->is_func || po->operand[1].pp->is_fptr)
+ && !IS_START(po->operand[1].name, "off_"))
+ {
+ if (!po->operand[0].pp->is_fptr)
+ ferr(po, "%s not declared as fptr when it should be\n",
+ po->operand[0].name);
+ if (pp_cmp_func(po->operand[0].pp, po->operand[1].pp)) {
+ pp_print(buf1, sizeof(buf1), po->operand[0].pp);
+ pp_print(buf2, sizeof(buf2), po->operand[1].pp);
+ fnote(po, "var: %s\n", buf1);
+ fnote(po, "func: %s\n", buf2);
+ ferr(po, "^ mismatch\n");
}
- fprintf(fout, ");\n");
}
}
else if (po->op == OP_RET && !IS(g_func_pp->ret_type.name, "void"))
}
}
+ // output starts here
+
+ // define userstack size
+ if (g_func_pp->is_userstack) {
+ fprintf(fout, "#ifndef US_SZ_%s\n", g_func_pp->name);
+ fprintf(fout, "#define US_SZ_%s USERSTACK_SIZE\n", g_func_pp->name);
+ fprintf(fout, "#endif\n");
+ }
+
+ // the function itself
+ fprintf(fout, "%s ", g_func_pp->ret_type.name);
+ output_pp_attrs(fout, g_func_pp, g_ida_func_attr & IDAFA_NORETURN);
+ fprintf(fout, "%s(", g_func_pp->name);
+
+ for (i = 0; i < g_func_pp->argc; i++) {
+ if (i > 0)
+ fprintf(fout, ", ");
+ if (g_func_pp->arg[i].fptr != NULL) {
+ // func pointer..
+ pp = g_func_pp->arg[i].fptr;
+ fprintf(fout, "%s (", pp->ret_type.name);
+ output_pp_attrs(fout, pp, 0);
+ fprintf(fout, "*a%d)(", i + 1);
+ for (j = 0; j < pp->argc; j++) {
+ if (j > 0)
+ fprintf(fout, ", ");
+ if (pp->arg[j].fptr)
+ ferr(ops, "nested fptr\n");
+ fprintf(fout, "%s", pp->arg[j].type.name);
+ }
+ if (pp->is_vararg) {
+ if (j > 0)
+ fprintf(fout, ", ");
+ fprintf(fout, "...");
+ }
+ fprintf(fout, ")");
+ }
+ else if (g_func_pp->arg[i].type.is_retreg) {
+ fprintf(fout, "u32 *r_%s", g_func_pp->arg[i].reg);
+ }
+ else {
+ fprintf(fout, "%s a%d", g_func_pp->arg[i].type.name, i + 1);
+ }
+ }
+ if (g_func_pp->is_vararg) {
+ if (i > 0)
+ fprintf(fout, ", ");
+ fprintf(fout, "...");
+ }
+
+ fprintf(fout, ")\n{\n");
+
+ // declare indirect functions
+ for (i = 0; i < opcnt; i++) {
+ po = &ops[i];
+ if (po->flags & OPF_RMD)
+ continue;
+
+ if (po->op == OP_CALL) {
+ pp = po->pp;
+ if (pp == NULL)
+ ferr(po, "NULL pp\n");
+
+ if (pp->is_fptr && !(pp->name[0] != 0 && pp->is_arg)) {
+ if (pp->name[0] != 0) {
+ memmove(pp->name + 2, pp->name, strlen(pp->name) + 1);
+ memcpy(pp->name, "i_", 2);
+
+ // might be declared already
+ found = 0;
+ for (j = 0; j < i; j++) {
+ if (ops[j].op == OP_CALL && (pp_tmp = ops[j].pp)) {
+ if (pp_tmp->is_fptr && IS(pp->name, pp_tmp->name)) {
+ found = 1;
+ break;
+ }
+ }
+ }
+ if (found)
+ continue;
+ }
+ else
+ snprintf(pp->name, sizeof(pp->name), "icall%d", i);
+
+ fprintf(fout, " %s (", pp->ret_type.name);
+ output_pp_attrs(fout, pp, 0);
+ fprintf(fout, "*%s)(", pp->name);
+ for (j = 0; j < pp->argc; j++) {
+ if (j > 0)
+ fprintf(fout, ", ");
+ fprintf(fout, "%s a%d", pp->arg[j].type.name, j + 1);
+ }
+ fprintf(fout, ");\n");
+ }
+ }
+ }
// output LUTs/jumptables
for (i = 0; i < g_func_pd_cnt; i++) {
}
if (g_func_pp->is_userstack) {
- fprintf(fout, " u32 fake_sf[1024];\n");
- fprintf(fout, " u32 *esp = &fake_sf[1024];\n");
+ fprintf(fout, " u32 fake_sf[US_SZ_%s / 4];\n", g_func_pp->name);
+ fprintf(fout, " u32 *esp = &fake_sf[sizeof(fake_sf) / 4];\n");
had_decl = 1;
}
ferr(po, "TODO\n");
}
else {
- fprintf(fout, " eax = %sedi; esi %c= %d;",
+ fprintf(fout, " eax = %sesi; esi %c= %d;",
lmod_cast_u_ptr(po, po->operand[0].lmod),
(po->flags & OPF_DF) ? '-' : '+',
lmod_bytes(po, po->operand[0].lmod));
if (pfomask & (1 << PFO_C)) {
// ugh..
fprintf(fout,
- " cond_c = %sedi < %sesi;\n", buf1, buf1);
+ " cond_c = %sesi < %sedi;\n", buf1, buf1);
pfomask &= ~(1 << PFO_C);
}
fprintf(fout,
- " cond_z = (%sedi == %sesi); edi %c= %d, esi %c= %d;\n",
+ " cond_z = (%sesi == %sedi); esi %c= %d, edi %c= %d;\n",
buf1, buf1, l, j, l, j);
fprintf(fout,
" if (cond_z %s 0) break;\n",
}
else {
fprintf(fout,
- " cond_z = (%sedi = %sesi); edi %c= %d; esi %c= %d;",
+ " cond_z = (%sesi == %sedi); esi %c= %d; edi %c= %d;",
buf1, buf1, l, j, l, j);
strcpy(g_comment, "cmps");
}
(po->flags & OPF_REPZ) ? "e" : "ne");
}
else {
- fprintf(fout, " cond_z = (%seax = %sedi); edi %c= %d;",
+ fprintf(fout, " cond_z = (%seax == %sedi); edi %c= %d;",
lmod_cast_u(po, po->operand[0].lmod),
lmod_cast_u_ptr(po, po->operand[0].lmod), l, j);
strcpy(g_comment, "scas");
delayed_flag_op = NULL;
break;
+ case OP_SHRD:
+ assert_operand_cnt(3);
+ propagate_lmod(po, &po->operand[0], &po->operand[1]);
+ l = lmod_bytes(po, po->operand[0].lmod) * 8;
+ out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]);
+ out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
+ out_src_opr_u32(buf3, sizeof(buf3), po, &po->operand[2]);
+ fprintf(fout, " %s >>= %s; %s |= %s << (%d - %s);",
+ buf1, buf3, buf1, buf2, l, buf3);
+ strcpy(g_comment, "shrd");
+ output_std_flags(fout, po, &pfomask, buf1);
+ last_arith_dst = &po->operand[0];
+ delayed_flag_op = NULL;
+ break;
+
case OP_ROL:
case OP_ROR:
assert_operand_cnt(2);
assert_operand_cnt(2);
propagate_lmod(po, &po->operand[0], &po->operand[1]);
if (pfomask & (1 << PFO_C)) {
- fprintf(fout, " tmp64 = (u64)%s + %s;\n",
- out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]),
- out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
- fprintf(fout, " cond_c = tmp64 >> 32;\n");
- fprintf(fout, " %s = (u32)tmp64;",
- out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]));
- strcat(g_comment, "add64");
+ out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
+ out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]);
+ if (po->operand[0].lmod == OPLM_DWORD) {
+ fprintf(fout, " tmp64 = (u64)%s + %s;\n", buf1, buf2);
+ fprintf(fout, " cond_c = tmp64 >> 32;\n");
+ fprintf(fout, " %s = (u32)tmp64;",
+ out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]));
+ strcat(g_comment, "add64");
+ }
+ else {
+ fprintf(fout, " cond_c = ((u32)%s + %s) >> %d;\n",
+ buf1, buf2, lmod_bytes(po, po->operand[0].lmod) * 8);
+ fprintf(fout, " %s += %s;",
+ out_dst_opr(buf1, sizeof(buf1), po, &po->operand[0]),
+ buf2);
+ }
pfomask &= ~(1 << PFO_C);
output_std_flags(fout, po, &pfomask, buf1);
last_arith_dst = &po->operand[0];
case OP_SUB:
assert_operand_cnt(2);
propagate_lmod(po, &po->operand[0], &po->operand[1]);
- if (pfomask & (1 << PFO_C)) {
- fprintf(fout, " cond_c = %s < %s;\n",
- out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]),
- out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[1]));
- pfomask &= ~(1 << PFO_C);
+ if (pfomask & ~((1 << PFO_Z) | (1 << PFO_S))) {
+ for (j = 0; j <= PFO_LE; j++) {
+ if (!(pfomask & (1 << j)))
+ continue;
+ if (j == PFO_Z || j == PFO_S)
+ continue;
+
+ out_cmp_for_cc(buf1, sizeof(buf1), po, j, 0);
+ fprintf(fout, " cond_%s = %s;\n",
+ parsed_flag_op_names[j], buf1);
+ pfomask &= ~(1 << j);
+ }
}
goto dualop_arith;
// fallthrough
case OP_MUL:
assert_operand_cnt(1);
- strcpy(buf1, po->op == OP_IMUL ? "(s64)(s32)" : "(u64)");
- fprintf(fout, " tmp64 = %seax * %s%s;\n", buf1, buf1,
- out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[0]));
- fprintf(fout, " edx = tmp64 >> 32;\n");
- fprintf(fout, " eax = tmp64;");
+ switch (po->operand[0].lmod) {
+ case OPLM_DWORD:
+ strcpy(buf1, po->op == OP_IMUL ? "(s64)(s32)" : "(u64)");
+ fprintf(fout, " tmp64 = %seax * %s%s;\n", buf1, buf1,
+ out_src_opr_u32(buf2, sizeof(buf2), po, &po->operand[0]));
+ fprintf(fout, " edx = tmp64 >> 32;\n");
+ fprintf(fout, " eax = tmp64;");
+ break;
+ case OPLM_BYTE:
+ strcpy(buf1, po->op == OP_IMUL ? "(s16)(s8)" : "(u16)(u8)");
+ fprintf(fout, " LOWORD(eax) = %seax * %s;", buf1,
+ out_src_opr(buf2, sizeof(buf2), po, &po->operand[0],
+ buf1, 0));
+ break;
+ default:
+ ferr(po, "TODO: unhandled mul type\n");
+ break;
+ }
last_arith_dst = NULL;
delayed_flag_op = NULL;
break;
fprintf(fout, " {\n");
}
- if (pp->is_fptr && !pp->is_arg)
+ if (pp->is_fptr && !pp->is_arg) {
fprintf(fout, "%s%s = %s;\n", buf3, pp->name,
out_src_opr(buf1, sizeof(buf1), po, &po->operand[0],
"(void *)", 0));
+ if (pp->is_unresolved)
+ fprintf(fout, "%sunresolved_call(\"%s:%d\", %s);\n",
+ buf3, asmfn, po->asmln, pp->name);
+ }
fprintf(fout, "%s", buf3);
if (strstr(pp->ret_type.name, "int64")) {
tmp_op = pp->arg[arg].datap;
if (tmp_op == NULL)
ferr(po, "parsed_op missing for arg%d\n", arg);
- if (tmp_op->argnum != 0) {
- fprintf(fout, "%ss_a%d", cast, tmp_op->argnum);
+
+ if (tmp_op->flags & OPF_VAPUSH) {
+ fprintf(fout, "ap");
+ }
+ else if (tmp_op->p_argpass != 0) {
+ fprintf(fout, "a%d", tmp_op->p_argpass);
+ }
+ else if (tmp_op->p_argnum != 0) {
+ fprintf(fout, "%ss_a%d", cast, tmp_op->p_argnum);
}
else {
fprintf(fout, "%s",
}
if (pp->is_unresolved) {
- snprintf(buf2, sizeof(buf2), " unresoved %dreg",
+ snprintf(buf2, sizeof(buf2), " unresolved %dreg",
pp->argc_reg);
strcat(g_comment, buf2);
}
case OP_PUSH:
out_src_opr_u32(buf1, sizeof(buf1), po, &po->operand[0]);
- if (po->argnum != 0) {
+ if (po->p_argnum != 0) {
// special case - saved func arg
- fprintf(fout, " s_a%d = %s;", po->argnum, buf1);
+ fprintf(fout, " s_a%d = %s;", po->p_argnum, buf1);
break;
}
else if (po->flags & OPF_RSAVE) {
parse_op(&ops[pi], words, wordc);
if (sctproto != NULL) {
- if (ops[pi].op == OP_CALL)
+ if (ops[pi].op == OP_CALL || ops[pi].op == OP_JMP)
ops[pi].datap = sctproto;
sctproto = NULL;
}