Skip to content

Commit ba4c1a9

Browse files
Charlie BartoCharlie Barto
authored andcommitted
Teach GetInstructionSize about many instructions that appear in MSVC generated code.
1 parent 55c9f24 commit ba4c1a9

File tree

1 file changed

+130
-30
lines changed

1 file changed

+130
-30
lines changed

compiler-rt/lib/interception/interception_win.cpp

Lines changed: 130 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -494,6 +494,11 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
494494
case 0x6A: // 6A XX = push XX
495495
return 2;
496496

497+
// This instruction can be encoded with a 16-bit immediate but that is
498+
// incredibly unlikely.
499+
case 0x68: // 68 XX XX XX XX : push imm32
500+
return 5;
501+
497502
case 0xb8: // b8 XX XX XX XX : mov eax, XX XX XX XX
498503
case 0xB9: // b9 XX XX XX XX : mov ecx, XX XX XX XX
499504
return 5;
@@ -530,8 +535,13 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
530535
case 0xE589: // 89 E5 : mov ebp, esp
531536
case 0xC18B: // 8B C1 : mov eax, ecx
532537
case 0xC033: // 33 C0 : xor eax, eax
538+
case 0x8bec: // EC 8B : mov ebp, esp
533539
case 0xC933: // 33 C9 : xor ecx, ecx
534540
case 0xD233: // 33 D2 : xor edx, edx
541+
case 0xc084: // 84 c0 : test al,al
542+
case 0xdb84: // 84 db : test bl,bl
543+
case 0xc984: // 84 c9 : test cl,cl
544+
case 0xd284: // 84 d2 : test dl,dl
535545
return 2;
536546

537547
// Cannot overwrite control-instruction. Return 0 to indicate failure.
@@ -540,6 +550,9 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
540550
}
541551

542552
switch (0x00FFFFFF & *(u32*)address) {
553+
case 0x83e4f8: // F8 E4 83 : and esp, 0xFFFFFFF8
554+
case 0x83ec64: // 64 EC 83 : sub esp, 64h
555+
return 3;
543556
case 0x24A48D: // 8D A4 24 XX XX XX XX : lea esp, [esp + XX XX XX XX]
544557
return 7;
545558
}
@@ -549,6 +562,21 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
549562
case 0xA1: // A1 XX XX XX XX XX XX XX XX :
550563
// movabs eax, dword ptr ds:[XXXXXXXX]
551564
return 9;
565+
case 0xf2:
566+
switch (*(u32 *)(address + 1)) {
567+
case 0x2444110f: // f2 0f 11 44 24 XX movsd mmword ptr [rsp + XX],
568+
// xmm0
569+
case 0x244c110f: // f2 0f 11 4c 24 XX movsd QWORD PTR
570+
// [rsp+0x8],xmm1
571+
case 0x2454110f: // f2 0f 11 54 24 XX movsd QWORD PTR
572+
// [rsp+0x8],xmm2
573+
case 0x245c110f: // f2 0f 11 5c 24 XX movsd QWORD PTR
574+
// [rsp+0x8],xmm3
575+
case 0x2464110f: // f2 0f 11 64 24 XX movsd QWORD PTR
576+
// [rsp+0x8],xmm4
577+
return 6;
578+
}
579+
break;
552580

553581
case 0x83:
554582
const u8 next_byte = *(u8*)(address + 1);
@@ -577,48 +605,116 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
577605
case 0x018a: // mov al, byte ptr [rcx]
578606
return 2;
579607

608+
case 0x7e80: // 80 7e YY XX cmp BYTE PTR [rsi+YY], XX
609+
case 0x7d80: // 80 7d YY XX cmp BYTE PTR [rdx+YY], XX
610+
case 0x7a80: // 80 7a YY XX cmp BYTE PTR [rdx+YY], XX
611+
case 0x7880: // 80 78 YY XX cmp BYTE PTR [rax+YY], XX
612+
case 0x7b80: // 80 7b YY XX cmp BYTE PTR [rbx+YY], XX
613+
case 0x7980: // 80 79 YY XX cmp BYTE ptr [rcx+YY], XX
614+
return 4;
615+
580616
case 0x058B: // 8B 05 XX XX XX XX : mov eax, dword ptr [XX XX XX XX]
581617
if (rel_offset)
582618
*rel_offset = 2;
583619
return 6;
620+
621+
case 0x7e81: // 81 7e YY XX XX XX XX cmp DWORD PTR [rsi+YY], XX XX XX XX
622+
case 0x7d81: // 81 7d YY XX XX XX XX cmp DWORD PTR [rdx+YY], XX XX XX XX
623+
case 0x7a81: // 81 7a YY XX XX XX XX cmp DWORD PTR [rdx+YY], XX XX XX XX
624+
case 0x7881: // 81 78 YY XX XX XX XX cmp DWORD PTR [rax+YY], XX XX XX XX
625+
case 0x7b81: // 81 78 YY XX XX XX XX cmp DWORD PTR [rbx+YY], XX XX XX XX
626+
case 0x7981: // 81 79 YY XX XX XX XX cmp dword ptr [rcx+YY], XX XX XX XX
627+
return 7;
584628
}
585629

586630
switch (0x00FFFFFF & *(u32*)address) {
587-
case 0xe58948: // 48 8b c4 : mov rbp, rsp
588-
case 0xc18b48: // 48 8b c1 : mov rax, rcx
589-
case 0xc48b48: // 48 8b c4 : mov rax, rsp
590-
case 0xd9f748: // 48 f7 d9 : neg rcx
591-
case 0xd12b48: // 48 2b d1 : sub rdx, rcx
592-
case 0x07c1f6: // f6 c1 07 : test cl, 0x7
593-
case 0xc98548: // 48 85 C9 : test rcx, rcx
594-
case 0xd28548: // 48 85 d2 : test rdx, rdx
595-
case 0xc0854d: // 4d 85 c0 : test r8, r8
596-
case 0xc2b60f: // 0f b6 c2 : movzx eax, dl
597-
case 0xc03345: // 45 33 c0 : xor r8d, r8d
598-
case 0xc93345: // 45 33 c9 : xor r9d, r9d
599-
case 0xdb3345: // 45 33 DB : xor r11d, r11d
600-
case 0xd98b4c: // 4c 8b d9 : mov r11, rcx
601-
case 0xd28b4c: // 4c 8b d2 : mov r10, rdx
602-
case 0xc98b4c: // 4C 8B C9 : mov r9, rcx
603-
case 0xc18b4c: // 4C 8B C1 : mov r8, rcx
604-
case 0xd2b60f: // 0f b6 d2 : movzx edx, dl
605-
case 0xca2b48: // 48 2b ca : sub rcx, rdx
606-
case 0x10b70f: // 0f b7 10 : movzx edx, WORD PTR [rax]
607-
case 0xc00b4d: // 3d 0b c0 : or r8, r8
608-
case 0xc08b41: // 41 8b c0 : mov eax, r8d
609-
case 0xd18b48: // 48 8b d1 : mov rdx, rcx
610-
case 0xdc8b4c: // 4c 8b dc : mov r11, rsp
611-
case 0xd18b4c: // 4c 8b d1 : mov r10, rcx
612-
case 0xE0E483: // 83 E4 E0 : and esp, 0xFFFFFFE0
631+
case 0x07c1f6: // f6 c1 07 : test cl, 0x7
632+
case 0x10b70f: // 0f b7 10 : movzx edx, word ptr [rax]
633+
case 0xc00b4d: // 3d 0b c0 : or r8, r8
634+
case 0xc03345: // 45 33 c0 : xor r8d, r8d
635+
case 0xc08548: // 48 85 c0 : test rax, rax
636+
case 0xc0854d: // 4d 85 c0 : test r8, r8
637+
case 0xc08b41: // 41 8b c0 : mov eax, r8d
638+
case 0xc0ff48: // 48 ff c0 : inc rax
639+
case 0xc0ff49: // 49 ff c0 : inc r8
640+
case 0xc18b41: // 41 8b c1 : mov eax, r9d
641+
case 0xc18b48: // 48 8b c1 : mov rax, rcx
642+
case 0xc18b4c: // 4c 8b c1 : mov r8, rcx
643+
case 0xc1ff48: // 48 ff c1 : inc rcx
644+
case 0xc1ff49: // 49 ff c1 : inc r9
645+
case 0xc28b41: // 41 8b c2 : mov eax, r10d
646+
case 0xc2b60f: // 0f b6 c2 : movzx eax, dl
647+
case 0xc2ff48: // 48 ff c2 : inc rdx
648+
case 0xc2ff49: // 49 ff c2 : inc r10
649+
case 0xc38b41: // 41 8b c3 : mov eax, r11d
650+
case 0xc3ff48: // 48 ff c3 : inc rbx
651+
case 0xc3ff49: // 49 ff c3 : inc r11
652+
case 0xc48b41: // 41 8b c4 : mov eax, r12d
653+
case 0xc48b48: // 48 8b c4 : mov rax, rsp
654+
case 0xc4ff49: // 49 ff c4 : inc r12
655+
case 0xc5ff49: // 49 ff c5 : inc r13
656+
case 0xc6ff48: // 48 ff c6 : inc rsi
657+
case 0xc6ff49: // 49 ff c6 : inc r14
658+
case 0xc7ff48: // 48 ff c7 : inc rdi
659+
case 0xc7ff49: // 49 ff c7 : inc r15
660+
case 0xc93345: // 45 33 c9 : xor r9d, r9d
661+
case 0xc98548: // 48 85 c9 : test rcx, rcx
662+
case 0xc9854d: // 4d 85 c9 : test r9, r9
663+
case 0xc98b4c: // 4c 8b c9 : mov r9, rcx
664+
case 0xca2b48: // 48 2b ca : sub rcx, rdx
665+
case 0xd12b48: // 48 2b d1 : sub rdx, rcx
666+
case 0xd18b48: // 48 8b d1 : mov rdx, rcx
667+
case 0xd18b4c: // 4c 8b d1 : mov r10, rcx
668+
case 0xd28548: // 48 85 d2 : test rdx, rdx
669+
case 0xd2854d: // 4d 85 d2 : test r10, r10
670+
case 0xd28b4c: // 4c 8b d2 : mov r10, rdx
671+
case 0xd2b60f: // 0f b6 d2 : movzx edx, dl
672+
case 0xd98b4c: // 4c 8b d9 : mov r11, rcx
673+
case 0xd9f748: // 48 f7 d9 : neg rcx
674+
case 0xdb3345: // 45 33 db : xor r11d, r11d
675+
case 0xdb8548: // 48 85 db : test rbx, rbx
676+
case 0xdb854d: // 4d 85 db : test r11, r11
677+
case 0xdc8b4c: // 4c 8b dc : mov r11, rsp
678+
case 0xe0e483: // 83 e4 e0 : and esp, 0xffffffe0
679+
case 0xe48548: // 48 85 e4 : test rsp, rsp
680+
case 0xe4854d: // 4d 85 e4 : test r12, r12
681+
case 0xe58948: // 48 8b c4 : mov rbp, rsp
682+
case 0xed8548: // 48 85 ed : test rbp, rbp
683+
case 0xed854d: // 4d 85 ed : test r13, r13
684+
case 0xf6854d: // 4d 85 f6 : test r14, r14
685+
case 0xff854d: // 4d 85 ff : test r15, r15
613686
return 3;
614687

615-
case 0xec8348: // 48 83 ec XX : sub rsp, XX
616-
case 0xf88349: // 49 83 f8 XX : cmp r8, XX
617-
case 0x588948: // 48 89 58 XX : mov QWORD PTR[rax + XX], rbx
688+
case 0x245489: // 89 54 24 XX : mov DWORD PTR[rsp + XX], edx
689+
case 0x428d44: // 44 8d 42 XX : lea r8d , [rdx + XX]
690+
case 0x588948: // 48 89 58 XX : mov QWORD PTR[rax + XX], rbx
691+
case 0xec8348: // 48 83 ec XX : sub rsp, XX
692+
case 0xf88349: // 49 83 f8 XX : cmp r8, XX
618693
return 4;
619694

695+
case 0x246483: // 83 64 24 00 00 : and DWORD PTR [rsp+xx],0x0
696+
return 5;
697+
698+
case 0x788166: // 66 81 78 YY XX XX cmp WORD PTR [rax+0xYY], XX XX
699+
case 0x798166: // 66 81 79 YY XX XX cmp WORD PTR [rcx+0xYY], XX XX
700+
case 0x7a8166: // 66 81 7a YY XX XX cmp WORD PTR [rdx+0xYY], XX XX
701+
case 0x7b8166: // 66 81 7b YY XX XX cmp WORD PTR [rbx+0xYY], XX XX
702+
case 0x7e8166: // 66 81 7e YY XX XX cmp WORD PTR [rsi+0xYY], XX XX
703+
case 0x7f8166: // 66 81 7f YY XX XX cmp WORD PTR [rdi+0xYY], XX XX
704+
return 6;
705+
620706
case 0xec8148: // 48 81 EC XX XX XX XX : sub rsp, XXXXXXXX
621707
return 7;
708+
case 0x788141: // 41 81 78 YY XX XX XX XX cmp DWORD PTR [r8+YY], XX XX XX XX
709+
case 0x798141: // r9
710+
case 0x7a8141: //r10
711+
case 0x7b8141: //r11
712+
case 0x7c8141: //r12
713+
case 0x7d8141: //r13
714+
case 0x7e8141: //r14
715+
case 0x7f8141: // 41 81 78 YY XX XX XX XX cmp DWORD P [r15+YY], XX XX XX XX
716+
case 0x247c81: // 81 7c 24 YY XX XX XX XX cmp DWORD P [rsp+YY], XX XX XX XX
717+
return 8;
622718

623719
case 0x058b48: // 48 8b 05 XX XX XX XX :
624720
// mov rax, QWORD PTR [rip + XXXXXXXX]
@@ -645,8 +741,11 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
645741
case 0x24548948: // 48 89 54 24 XX : mov QWORD PTR [rsp + XX], rdx
646742
case 0x244c894c: // 4c 89 4c 24 XX : mov QWORD PTR [rsp + XX], r9
647743
case 0x2444894c: // 4c 89 44 24 XX : mov QWORD PTR [rsp + XX], r8
744+
case 0x244c8944: // 44 89 4c 24 XX mov DWORD PTR [rsp + XX], r9d
745+
case 0x24448944: // 44 89 44 24 XX mov DWORD PTR [rsp + XX], r8d
746+
case 0x246c8d48: // 48 8d 6c 24 XX : lea rbp, [rsp + XX]
648747
return 5;
649-
case 0x24648348: // 48 83 64 24 XX : and QWORD PTR [rsp + XX], YY
748+
case 0x24648348: // 48 83 64 24 XX YY : and QWORD PTR [rsp + XX], YY
650749
return 6;
651750
}
652751

@@ -660,6 +759,7 @@ static size_t GetInstructionSize(uptr address, size_t* rel_offset = nullptr) {
660759
case 0x458B: // 8B 45 XX : mov eax, dword ptr [ebp + XX]
661760
case 0x5D8B: // 8B 5D XX : mov ebx, dword ptr [ebp + XX]
662761
case 0x7D8B: // 8B 7D XX : mov edi, dword ptr [ebp + XX]
762+
case 0x758B: // 8B 75 XX : mov esi, dword ptr [ebp + XX]
663763
case 0xEC83: // 83 EC XX : sub esp, XX
664764
case 0x75FF: // FF 75 XX : push dword ptr [ebp + XX]
665765
return 3;

0 commit comments

Comments
 (0)