Newer
Older
// create a function for the contiguous code starting at that
// address and ask IDA to analyze it and store it in the
// IDA database. If it is a branch target, not a call target,
// create a new TAIL chunk for the current parent functions.
for (ea_t addr = ChunkInfo->startEA; addr < ChunkInfo->endEA;
addr = get_item_end(addr)) {
flags_t InstrFlags = getFlags(addr);
if (isCode(InstrFlags) && isHead(InstrFlags)) {
SMPInstr CurrInst(addr);
CurrInst.Analyze();
if ((CALL|JUMP|COND_BRANCH) & CurrInst.GetDataFlowType()) {
clc5q
committed
SMP_xref_t xb;
for (bool ok = xb.SMP_first_from(addr, XREF_FAR); ok; ok = xb.SMP_next_from()) {
if (xb.GetIscode()) {
ea_t FirstAddr = xb.GetTo();
func_t *FuncInfo = get_func(FirstAddr);
if (NULL == FuncInfo) {
// Found call to addr that is not in a func.
// Find limits of contiguous code starting at FirstAddr.
clc5q
committed
ea_t LastAddr = FindNewFuncLimit(FirstAddr);
if (CALL == CurrInst.GetDataFlowType())
SMP_msg("AUDIT: Found new func from %lx to %lx\n",
(unsigned long) FirstAddr, (unsigned long) LastAddr);
SMP_msg("AUDIT: Found new chunk from %lx to %lx\n",
(unsigned long) FirstAddr, (unsigned long) LastAddr);
}
}
}
}
}
}
} // end for (size_t ChunkIndex = 0; ... )
return;
} // end of AuditCodeTargets()
// Find the span of contiguous code that is not contained within any
// function, starting at StartAddr, which should already be an example
// of an instruction address that is outside of a function.
ea_t FindNewFuncLimit(ea_t StartAddr) {
ea_t LimitAddr = StartAddr;
clc5q
committed
segment_t *seg = SMP_getseg(StartAddr);
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
if (NULL == seg)
return LimitAddr;
ea_t SegLimit = seg->endEA;
for (ea_t addr = get_item_end(StartAddr); addr < SegLimit; addr = get_item_end(addr)) {
flags_t InstrFlags = getFlags(addr);
if (isCode(InstrFlags) && isHead(InstrFlags)) {
LimitAddr = addr;
func_t *FuncInfo = get_func(addr);
if (NULL != FuncInfo)
break; // ran into an existing function
}
else // Not a code head; time to stop.
break;
}
return LimitAddr;
} // end of FindNewFuncLimit()
void SpecialDebugOutput(void) {
char disasm[MAXSTR];
vector<ea_t> ProblemAddrs;
ProblemAddrs.push_back(0x8066d08);
bool IDAsuccess;
int InstLen;
ssize_t StringLen;
clc5q
committed
insn_t LocalCmd;
ulong LocalFeatures;
for (size_t index = 0; index < ProblemAddrs.size(); ++index) {
ea_t addr = ProblemAddrs[index];
flags_t InstrFlags = getFlags(addr);
if (isCode(InstrFlags) && isHead(InstrFlags)) {
clc5q
committed
IDAsuccess = SMPGetCmd(addr, LocalCmd, LocalFeatures);
InstLen = (int) LocalCmd.size;
if ((IDAsuccess) && (0 < InstLen)) {
IDAsuccess = generate_disasm_line(addr, disasm, sizeof(disasm) - 1);
if (IDAsuccess) {
StringLen = tag_remove(disasm, disasm, 0);
if (-1 < StringLen)
SMP_msg("Problem addr %lx : %s\n", (unsigned long) addr, disasm);
SMP_msg("ERROR: tag_remove failed at addr %lx \n", (unsigned long) addr);
SMP_msg("ERROR: generate_disasm_line failed at addr %lx \n", (unsigned long) addr);
SMP_msg("ERROR: decode_insn failed at addr %lx \n", (unsigned long) addr);
}
}
return;
} // end of SpecialDebugOutput()
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
// Convert a call type string from the policy file, such as "FILECALLS", to the
// corresponding ZST_SysCallType, such as ZST_FILE_CALL.
ZST_SysCallType ConvertStringToCallType(char *Str2) {
ZST_SysCallType ReturnVal;
if (0 == strcmp("PRIVILEGECALLS", Str2)) {
ReturnVal = ZST_HIGHPRIVILEGE_CALL;
}
else if (0 == strcmp("FILECALLS", Str2)) {
ReturnVal = ZST_FILE_CALL;
}
else if (0 == strcmp("NETWORKCALLS", Str2)) {
ReturnVal = ZST_NETWORK_CALL;
}
else {
ReturnVal = ZST_UNMONITORED_CALL;
}
return ReturnVal;
} // end of ConvertStringToCallType()
// Convert a policy string from the policy file, such as "DISALLOW", to
// the corresponding ZST_Policy value, such as ZST_DISALLOW.
ZST_Policy ConvertStringToPolicy(char *Str3) {
ZST_Policy ReturnVal;
if (0 == strcmp("DISALLOW", Str3)) {
ReturnVal = ZST_DISALLOW;
}
else if (0 == strcmp("WHITELIST", Str3)) {
ReturnVal = ZST_WHITELIST;
}
else if (0 == strcmp("BLACKLIST", Str3)) {
ReturnVal = ZST_BLACKLIST;
}
else { // error handling precedes calls to this function
ReturnVal = ZST_ALLOWALL;
}
return ReturnVal;
} // end of ConvertStringToPolicy()
// Given a function name, return its Zephyr Security Toolkit call type.
ZST_SysCallType GetCallTypeFromFuncName(string SysCallName) {
ZST_SysCallType ReturnVal;
map<string, ZST_SysCallType>::iterator FindIter = ZST_FuncTypeMap.find(SysCallName);
if (FindIter == ZST_FuncTypeMap.end()) { // not found; might not even be system call
ReturnVal = ZST_UNMONITORED_CALL;
}
else {
ReturnVal = FindIter->second;
}
return ReturnVal;
} // end of GetCallTypeFromFuncName()
// Get the user-specified security policy for the given call type.
ZST_Policy GetPolicyFromCallType(ZST_SysCallType CallType) {
ZST_Policy ReturnVal;
map<ZST_SysCallType, ZST_Policy>::iterator FindIter = ZST_TypePolicyMap.find(CallType);
if (FindIter == ZST_TypePolicyMap.end()) {
// Policy not found; default to ALLOW_ALL
ReturnVal = ZST_ALLOWALL;
}
else {
ReturnVal = FindIter->second;
}
return ReturnVal;
} // end of GetPolicyFromCallType()
// Given a call type and called function name, is it on the location whitelist
// for that call type?
// NOTE: HANDLE CASE IN WHICH WHITELISTED LOCATION IS A PREFIX, TERMINATING in a slash.
bool IsLocationWhitelisted(ZST_SysCallType CallType, string LocationName) {
set<string>::iterator FindIter;
bool ReturnVal;
if (CallType == ZST_FILE_CALL) {
FindIter = ZST_FileLocWhitelist.find(LocationName);
ReturnVal = (FindIter != ZST_FileLocWhitelist.end());
}
else if (CallType == ZST_NETWORK_CALL) {
FindIter = ZST_NetworkLocWhitelist.find(LocationName);
ReturnVal = (FindIter != ZST_NetworkLocWhitelist.end());
}
else { // should not be here
ReturnVal = false;
}
return ReturnVal;
} // end of IsLocationWhitelisted()
// Given a call type and called function name, is it on the location blacklist
// for that call type?
// NOTE: HANDLE CASE IN WHICH BLACKLISTED LOCATION IS A PREFIX, TERMINATING in a slash.
bool IsLocationBlacklisted(ZST_SysCallType CallType, string LocationName) {
set<string>::iterator FindIter;
bool ReturnVal;
if (CallType == ZST_FILE_CALL) {
FindIter = ZST_FileLocBlacklist.find(LocationName);
ReturnVal = (FindIter != ZST_FileLocBlacklist.end());
}
else if (CallType == ZST_NETWORK_CALL) {
FindIter = ZST_NetworkLocBlacklist.find(LocationName);
ReturnVal = (FindIter != ZST_NetworkLocBlacklist.end());
}
else { // should not be here
ReturnVal = false;
}
return ReturnVal;
}
// Given a called function name, does it produce only benign numeric errors when
// its returned values are used in arithmetic? (i.e. it is a trusted input)
bool IsNumericSafeSystemCall(string CallName) {
set<string>::iterator FindIter = ZST_SystemCallNumericWhitelist.find(CallName);
bool ReturnVal = (FindIter != ZST_SystemCallNumericWhitelist.end());
return ReturnVal;
}
// Utility functions to print code xrefs to STARS_XrefsFile
void PrintCodeToCodeXref(ea_t FromAddr, ea_t ToAddr, size_t InstrSize) {
SMP_fprintf(STARS_XrefsFile, "%10lx %6zu INSTR XREF IBT FROMIB %10lx \n",
(unsigned long) ToAddr, InstrSize, (unsigned long) FromAddr);
return;
}
void PrintDataToCodeXref(ea_t FromDataAddr, ea_t ToCodeAddr, size_t InstrSize) {
SMP_fprintf(STARS_XrefsFile, "%10lx %6zu INSTR XREF IBT FROMDATA %10lx \n",
(unsigned long) ToCodeAddr, InstrSize, (unsigned long) FromDataAddr);
return;
}
// These two constants should agree with their counterparts in ZST-policy.c.
#define ZST_MAX_FILE_NAME_LEN 1024
#define ZST_MAX_CALL_NAME_LEN 64
// Read the foo.exe.policy file to initialize our security policies for system calls.
void ZST_InitPolicies(const char *PolicyFileName) {
clc5q
committed
FILE *PolicyFile = SMP_fopen(PolicyFileName, "r");
char Str1[ZST_MAX_CALL_NAME_LEN], Str2[ZST_MAX_CALL_NAME_LEN], Str3[ZST_MAX_FILE_NAME_LEN];
string SafeSystemCall1("gettimeofday");
ZST_SystemCallNumericWhitelist.insert(SafeSystemCall1);
if (NULL != PolicyFile) {
clc5q
committed
while (!SMP_feof(PolicyFile)) {
int ItemsRead = qfscanf(PolicyFile, "%63s %63s %1023s", Str1, Str2, Str3);
if (3 != ItemsRead) {
clc5q
committed
SMP_msg("ERROR: Line in %s had %d items instead of the required 3; line ignored.\n", PolicyFileName, ItemsRead);
}
else {
string ThirdStr(Str3);
pair<set<string>::iterator, bool> SetInsertResult;
if (0 == strcmp(Str1, "SECURITYPOLICY")) {
ZST_SysCallType TempCallType = ConvertStringToCallType(Str2);
ZST_Policy TempPolicy = ConvertStringToPolicy(Str3);
pair<map<ZST_SysCallType, ZST_Policy>::iterator, bool> InsertResult;
pair<ZST_SysCallType, ZST_Policy> TempPair(TempCallType, TempPolicy);
InsertResult = ZST_TypePolicyMap.insert(TempPair);
if (!(InsertResult.second)) {
clc5q
committed
SMP_msg("ERROR: Could not insert security policy %s for %s. Possible duplicate or conflicting policies.\n",
Str3, Str2);
}
}
else if (0 == strcmp(Str1, "FILELOCATION")) {
if (0 == strcmp(Str2, "WHITELIST")) {
SetInsertResult = ZST_FileLocWhitelist.insert(ThirdStr);
if (!(SetInsertResult.second)) {
clc5q
committed
SMP_msg("WARNING: Duplicate file whitelist location %s ignored.\n", Str3);
}
}
else if (0 == strcmp(Str2, "BLACKLIST")) {
SetInsertResult = ZST_FileLocBlacklist.insert(ThirdStr);
if (!(SetInsertResult.second)) {
clc5q
committed
SMP_msg("WARNING: Duplicate file blacklist location %s ignored.\n", Str3);
}
}
else {
clc5q
committed
SMP_msg("ERROR: Unknown second field value in policy line: %s %s %s ; ignored\n", Str1, Str2, Str3);
}
}
else if (0 == strcmp(Str1, "NETWORKLOCATION")) {
if (0 == strcmp(Str2, "WHITELIST")) {
SetInsertResult = ZST_NetworkLocWhitelist.insert(ThirdStr);
if (!(SetInsertResult.second)) {
clc5q
committed
SMP_msg("WARNING: Duplicate network whitelist location %s ignored.\n", Str3);
}
}
else if (0 == strcmp(Str2, "BLACKLIST")) {
SetInsertResult = ZST_NetworkLocBlacklist.insert(ThirdStr);
if (!(SetInsertResult.second)) {
clc5q
committed
SMP_msg("WARNING: Duplicate network blacklist location %s ignored.\n", Str3);
}
}
else {
clc5q
committed
SMP_msg("ERROR: Unknown second field value in policy line: %s %s %s ; ignored\n", Str1, Str2, Str3);
}
}
else {
clc5q
committed
SMP_msg("ERROR: Unknown first field value in policy line: %s %s %s ; ignored\n", Str1, Str2, Str3);
}
}
}
clc5q
committed
if (0 == SMP_fclose(PolicyFile)) {
SMP_msg("Policy file %s successfully closed; all policies recorded.\n", PolicyFileName);
}
else {
clc5q
committed
SMP_msg("ERROR: fclose failed on policy file %s. However, policies should be in effect.\n", PolicyFileName);
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
}
// Now, initialize the system call name maps.
pair<map<string, ZST_SysCallType>::iterator, bool> FuncInsertResult;
// Do all the high privilege calls first.
string SysFuncName("putenv");
pair<string, ZST_SysCallType> FuncNamePolicyPair(SysFuncName, ZST_HIGHPRIVILEGE_CALL);
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setenv");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setegid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("seteuid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setgid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setpgid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setregid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setreuid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("setuid");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execl");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execv");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execle");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execve");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execlp");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("execvp");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("system");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
// Now do all the file operation calls.
FuncNamePolicyPair.second = ZST_FILE_CALL;
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("chdir");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("chmod");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("chown");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("creat");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("creat64");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("fopen");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("freopen");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("open");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("open64");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("mknod");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("remove");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("rmdir");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("unlink");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
// Finally, handle all the network connection calls.
FuncNamePolicyPair.second = ZST_NETWORK_CALL;
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("socket");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("socketpair");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("pipe");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("bind");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("listen");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("accept");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
FuncNamePolicyPair.first.clear();
FuncNamePolicyPair.first.append("connect");
FuncInsertResult = ZST_FuncTypeMap.insert(FuncNamePolicyPair);
assert(FuncInsertResult.second);
}
else {
clc5q
committed
SMP_msg("WARNING: No policy file %s found. System call policies not in effect.\n", PolicyFileName);
}
return;
} // end of ZST_InitPolicies()
// Initialize the OptCategory[] array to define how we emit
// optimizing annotations.
void InitOptCategory(void) {
// Default category is 0, no optimization without knowing context.
(void) memset(OptCategory, 0, sizeof(OptCategory));
// Category 1 instructions never need updating of their memory
// metadata by the Memory Monitor SDT. Currently, this is because
// these instructions only have effects on registers we do not maintain
// metadata for, such as the EIP and the FLAGS, e.g. jumps, compares,
// or because they are no-ops, including machine-dependent no-op idioms.
// Effects on floating-point regs are always NUMERIC and can be put into
// categury 1 because mmStrata knows these registers are NUMERIC and does
// not keep a metadata map for them.
// Category 2 instructions always have a result type of 'n' (number).
// Category 3 instructions have a result type of 'n' (number)
// whenever the second source operand is an operand of type 'n'.
// NOTE: MOV is only current example, and this will take some thought if
// other examples arise.
// Category 4 instructions have a result type identical to the 1st source operand type.
// NOTE: This is currently set for single-operand instructions such as
// INC, DEC. As a result, these are treated pretty much as if
// they were category 1 instructions, as there is no metadata update,
// unless the operand is a memory operand (i.e. mem or [reg]).
// If new instructions are added to this category that are not single
// operand and do require some updating, the category should be split.
// Category 5 instructions have a result type identical to the 1st source operand
// type whenever the 2nd source operand is an operand of type 'n'.
// If the destination is memory, metadata still needs to be checked; if
// not, no metadata check is needed, so it becomes category 1.
// Category 6 instructions always have a result type of 'p' (pointer).
// Category 7 instructions are category 2 instructions with two destinations,
// such as multiply and divide instructions that affect EDX:EAX. There are
// forms of these instructions that only have one destination, so they have
// to be distinguished via the operand info.
// Category 8 instructions implicitly write a numeric value to EDX:EAX, but
// EDX and EAX are not listed as operands. RDTSC, RDPMC, RDMSR, and other
// instructions that copy machine registers into EDX:EAX are category 8.
// Category 9 instructions are floating point instructions that either
// have a memory destination (treat as category 0) or a FP reg destination
// (treat as category 1).
// Category 10 instructions are the same as category 8, but also write
// to register ECX in addition to EDX:EAX.
// NOTE: The Memory Monitor SDT needs just three categories, corresponding
// to categories 0, 1, and all others. For all categories > 1, the
// annotation should tell the SDT exactly how to update its metadata.
// For example, a division instruction will write type 'n' (NUM) as
// the metadata for result registers EDX:EAX. So, the annotation should
// list 'n', EDX, EAX, and a terminator of ZZ. CWD (convert word to
// doubleword) should have a list of 'n', EAX, ZZ.
OptCategory[NN_null] = 0; // Unknown Operation
OptCategory[NN_aaa] = 2; // ASCII Adjust after Addition
OptCategory[NN_aad] = 2; // ASCII Adjust AX before Division
OptCategory[NN_aam] = 2; // ASCII Adjust AX after Multiply
OptCategory[NN_aas] = 2; // ASCII Adjust AL after Subtraction
OptCategory[NN_adc] = 5; // Add with Carry
OptCategory[NN_add] = 5; // Add
OptCategory[NN_and] = 0; // Logical AND
OptCategory[NN_arpl] = 1; // Adjust RPL Field of Selector
OptCategory[NN_bound] = 1; // Check Array Index Against Bounds
OptCategory[NN_bsf] = 2; // Bit Scan Forward
OptCategory[NN_bsr] = 2; // Bit Scan Reverse
OptCategory[NN_bt] = 0; // Bit Test
OptCategory[NN_btc] = 0; // Bit Test and Complement
OptCategory[NN_btr] = 0; // Bit Test and Reset
OptCategory[NN_bts] = 0; // Bit Test and Set
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
OptCategory[NN_call] = 1; // Call Procedure
OptCategory[NN_callfi] = 1; // Indirect Call Far Procedure
OptCategory[NN_callni] = 1; // Indirect Call Near Procedure
OptCategory[NN_cbw] = 2; // AL -> AX (with sign) ** No ops?
OptCategory[NN_cwde] = 2; // AX -> EAX (with sign) **
OptCategory[NN_cdqe] = 2; // EAX -> RAX (with sign) **
OptCategory[NN_clc] = 1; // Clear Carry Flag
OptCategory[NN_cld] = 1; // Clear Direction Flag
OptCategory[NN_cli] = 1; // Clear Interrupt Flag
OptCategory[NN_clts] = 1; // Clear Task-Switched Flag in CR0
OptCategory[NN_cmc] = 1; // Complement Carry Flag
OptCategory[NN_cmp] = 1; // Compare Two Operands
OptCategory[NN_cmps] = 1; // Compare Strings
OptCategory[NN_cwd] = 2; // AX -> DX:AX (with sign)
OptCategory[NN_cdq] = 2; // EAX -> EDX:EAX (with sign)
OptCategory[NN_cqo] = 2; // RAX -> RDX:RAX (with sign)
OptCategory[NN_daa] = 2; // Decimal Adjust AL after Addition
OptCategory[NN_das] = 2; // Decimal Adjust AL after Subtraction
OptCategory[NN_dec] = 4; // Decrement by 1
OptCategory[NN_div] = 7; // Unsigned Divide
OptCategory[NN_enterw] = 0; // Make Stack Frame for Procedure Parameters **
OptCategory[NN_enter] = 0; // Make Stack Frame for Procedure Parameters **
OptCategory[NN_enterd] = 0; // Make Stack Frame for Procedure Parameters **
OptCategory[NN_enterq] = 0; // Make Stack Frame for Procedure Parameters **
OptCategory[NN_hlt] = 0; // Halt
OptCategory[NN_idiv] = 7; // Signed Divide
OptCategory[NN_imul] = 7; // Signed Multiply
OptCategory[NN_in] = 0; // Input from Port **
OptCategory[NN_inc] = 4; // Increment by 1
OptCategory[NN_ins] = 2; // Input Byte(s) from Port to String **
OptCategory[NN_int] = 0; // Call to Interrupt Procedure
OptCategory[NN_into] = 0; // Call to Interrupt Procedure if Overflow Flag = 1
OptCategory[NN_int3] = 0; // Trap to Debugger
OptCategory[NN_iretw] = 0; // Interrupt Return
OptCategory[NN_iret] = 0; // Interrupt Return
OptCategory[NN_iretd] = 0; // Interrupt Return (use32)
OptCategory[NN_iretq] = 0; // Interrupt Return (use64)
OptCategory[NN_ja] = 1; // Jump if Above (CF=0 & ZF=0)
OptCategory[NN_jae] = 1; // Jump if Above or Equal (CF=0)
OptCategory[NN_jb] = 1; // Jump if Below (CF=1)
OptCategory[NN_jbe] = 1; // Jump if Below or Equal (CF=1 | ZF=1)
OptCategory[NN_jc] = 1; // Jump if Carry (CF=1)
OptCategory[NN_jcxz] = 1; // Jump if CX is 0
OptCategory[NN_jecxz] = 1; // Jump if ECX is 0
OptCategory[NN_jrcxz] = 1; // Jump if RCX is 0
OptCategory[NN_je] = 1; // Jump if Equal (ZF=1)
OptCategory[NN_jg] = 1; // Jump if Greater (ZF=0 & SF=OF)
OptCategory[NN_jge] = 1; // Jump if Greater or Equal (SF=OF)
OptCategory[NN_jl] = 1; // Jump if Less (SF!=OF)
OptCategory[NN_jle] = 1; // Jump if Less or Equal (ZF=1 | SF!=OF)
OptCategory[NN_jna] = 1; // Jump if Not Above (CF=1 | ZF=1)
OptCategory[NN_jnae] = 1; // Jump if Not Above or Equal (CF=1)
OptCategory[NN_jnb] = 1; // Jump if Not Below (CF=0)
OptCategory[NN_jnbe] = 1; // Jump if Not Below or Equal (CF=0 & ZF=0)
OptCategory[NN_jnc] = 1; // Jump if Not Carry (CF=0)
OptCategory[NN_jne] = 1; // Jump if Not Equal (ZF=0)
OptCategory[NN_jng] = 1; // Jump if Not Greater (ZF=1 | SF!=OF)
OptCategory[NN_jnge] = 1; // Jump if Not Greater or Equal (SF!=OF)
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
OptCategory[NN_jnl] = 1; // Jump if Not Less (SF=OF)
OptCategory[NN_jnle] = 1; // Jump if Not Less or Equal (ZF=0 & SF=OF)
OptCategory[NN_jno] = 1; // Jump if Not Overflow (OF=0)
OptCategory[NN_jnp] = 1; // Jump if Not Parity (PF=0)
OptCategory[NN_jns] = 1; // Jump if Not Sign (SF=0)
OptCategory[NN_jnz] = 1; // Jump if Not Zero (ZF=0)
OptCategory[NN_jo] = 1; // Jump if Overflow (OF=1)
OptCategory[NN_jp] = 1; // Jump if Parity (PF=1)
OptCategory[NN_jpe] = 1; // Jump if Parity Even (PF=1)
OptCategory[NN_jpo] = 1; // Jump if Parity Odd (PF=0)
OptCategory[NN_js] = 1; // Jump if Sign (SF=1)
OptCategory[NN_jz] = 1; // Jump if Zero (ZF=1)
OptCategory[NN_jmp] = 1; // Jump
OptCategory[NN_jmpfi] = 1; // Indirect Far Jump
OptCategory[NN_jmpni] = 1; // Indirect Near Jump
OptCategory[NN_jmpshort] = 1; // Jump Short (not used)
OptCategory[NN_lahf] = 2; // Load Flags into AH Register
OptCategory[NN_lar] = 2; // Load Access Rights Byte
OptCategory[NN_lea] = 0; // Load Effective Address **
OptCategory[NN_leavew] = 0; // High Level Procedure Exit **
OptCategory[NN_leave] = 0; // High Level Procedure Exit **
OptCategory[NN_leaved] = 0; // High Level Procedure Exit **
OptCategory[NN_leaveq] = 0; // High Level Procedure Exit **
OptCategory[NN_lgdt] = 0; // Load Global Descriptor Table Register
OptCategory[NN_lidt] = 0; // Load Interrupt Descriptor Table Register
OptCategory[NN_lgs] = 6; // Load Full Pointer to GS:xx
OptCategory[NN_lss] = 6; // Load Full Pointer to SS:xx
OptCategory[NN_lds] = 6; // Load Full Pointer to DS:xx
OptCategory[NN_les] = 6; // Load Full Pointer to ES:xx
OptCategory[NN_lfs] = 6; // Load Full Pointer to FS:xx
OptCategory[NN_lldt] = 0; // Load Local Descriptor Table Register
OptCategory[NN_lmsw] = 1; // Load Machine Status Word
OptCategory[NN_lock] = 1; // Assert LOCK# Signal Prefix
OptCategory[NN_lods] = 0; // Load String
OptCategory[NN_loopw] = 1; // Loop while ECX != 0
OptCategory[NN_loop] = 1; // Loop while CX != 0
OptCategory[NN_loopd] = 1; // Loop while ECX != 0
OptCategory[NN_loopq] = 1; // Loop while RCX != 0
OptCategory[NN_loopwe] = 1; // Loop while CX != 0 and ZF=1
OptCategory[NN_loope] = 1; // Loop while rCX != 0 and ZF=1
OptCategory[NN_loopde] = 1; // Loop while ECX != 0 and ZF=1
OptCategory[NN_loopqe] = 1; // Loop while RCX != 0 and ZF=1
OptCategory[NN_loopwne] = 1; // Loop while CX != 0 and ZF=0
OptCategory[NN_loopne] = 1; // Loop while rCX != 0 and ZF=0
OptCategory[NN_loopdne] = 1; // Loop while ECX != 0 and ZF=0
OptCategory[NN_loopqne] = 1; // Loop while RCX != 0 and ZF=0
OptCategory[NN_lsl] = 6; // Load Segment Limit
OptCategory[NN_ltr] = 1; // Load Task Register
OptCategory[NN_mov] = 3; // Move Data
OptCategory[NN_movsp] = 3; // Move to/from Special Registers
OptCategory[NN_movs] = 0; // Move Byte(s) from String to String
OptCategory[NN_movsx] = 3; // Move with Sign-Extend
OptCategory[NN_movzx] = 3; // Move with Zero-Extend
OptCategory[NN_mul] = 7; // Unsigned Multiplication of AL or AX
clc5q
committed
OptCategory[NN_neg] = 2; // Two's Complement Negation !!!!****!!!! Change this when mmStrata handles NEGATEDPTR type.
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
OptCategory[NN_nop] = 1; // No Operation
OptCategory[NN_not] = 2; // One's Complement Negation
OptCategory[NN_or] = 0; // Logical Inclusive OR
OptCategory[NN_out] = 0; // Output to Port
OptCategory[NN_outs] = 0; // Output Byte(s) to Port
OptCategory[NN_pop] = 0; // Pop a word from the Stack
OptCategory[NN_popaw] = 0; // Pop all General Registers
OptCategory[NN_popa] = 0; // Pop all General Registers
OptCategory[NN_popad] = 0; // Pop all General Registers (use32)
OptCategory[NN_popaq] = 0; // Pop all General Registers (use64)
OptCategory[NN_popfw] = 1; // Pop Stack into Flags Register **
OptCategory[NN_popf] = 1; // Pop Stack into Flags Register **
OptCategory[NN_popfd] = 1; // Pop Stack into Eflags Register **
OptCategory[NN_popfq] = 1; // Pop Stack into Rflags Register **
OptCategory[NN_push] = 0; // Push Operand onto the Stack
OptCategory[NN_pushaw] = 0; // Push all General Registers
OptCategory[NN_pusha] = 0; // Push all General Registers
OptCategory[NN_pushad] = 0; // Push all General Registers (use32)
OptCategory[NN_pushaq] = 0; // Push all General Registers (use64)
OptCategory[NN_pushfw] = 0; // Push Flags Register onto the Stack
OptCategory[NN_pushf] = 0; // Push Flags Register onto the Stack
OptCategory[NN_pushfd] = 0; // Push Flags Register onto the Stack (use32)
OptCategory[NN_pushfq] = 0; // Push Flags Register onto the Stack (use64)
OptCategory[NN_rcl] = 2; // Rotate Through Carry Left
OptCategory[NN_rcr] = 2; // Rotate Through Carry Right
OptCategory[NN_rol] = 2; // Rotate Left
OptCategory[NN_ror] = 2; // Rotate Right
OptCategory[NN_rep] = 0; // Repeat String Operation
OptCategory[NN_repe] = 0; // Repeat String Operation while ZF=1
OptCategory[NN_repne] = 0; // Repeat String Operation while ZF=0
OptCategory[NN_retn] = 0; // Return Near from Procedure
OptCategory[NN_retf] = 0; // Return Far from Procedure
OptCategory[NN_sahf] = 1; // Store AH into Flags Register
OptCategory[NN_sal] = 2; // Shift Arithmetic Left
OptCategory[NN_sar] = 2; // Shift Arithmetic Right
OptCategory[NN_shl] = 2; // Shift Logical Left
OptCategory[NN_shr] = 2; // Shift Logical Right
OptCategory[NN_sbb] = 5; // Integer Subtraction with Borrow
OptCategory[NN_scas] = 1; // Compare String
OptCategory[NN_seta] = 2; // Set Byte if Above (CF=0 & ZF=0)
OptCategory[NN_setae] = 2; // Set Byte if Above or Equal (CF=0)
OptCategory[NN_setb] = 2; // Set Byte if Below (CF=1)
OptCategory[NN_setbe] = 2; // Set Byte if Below or Equal (CF=1 | ZF=1)
OptCategory[NN_setc] = 2; // Set Byte if Carry (CF=1)
OptCategory[NN_sete] = 2; // Set Byte if Equal (ZF=1)
OptCategory[NN_setg] = 2; // Set Byte if Greater (ZF=0 & SF=OF)
OptCategory[NN_setge] = 2; // Set Byte if Greater or Equal (SF=OF)
OptCategory[NN_setl] = 2; // Set Byte if Less (SF!=OF)
OptCategory[NN_setle] = 2; // Set Byte if Less or Equal (ZF=1 | SF!=OF)
OptCategory[NN_setna] = 2; // Set Byte if Not Above (CF=1 | ZF=1)
OptCategory[NN_setnae] = 2; // Set Byte if Not Above or Equal (CF=1)
OptCategory[NN_setnb] = 2; // Set Byte if Not Below (CF=0)
OptCategory[NN_setnbe] = 2; // Set Byte if Not Below or Equal (CF=0 & ZF=0)
OptCategory[NN_setnc] = 2; // Set Byte if Not Carry (CF=0)
OptCategory[NN_setne] = 2; // Set Byte if Not Equal (ZF=0)
OptCategory[NN_setng] = 2; // Set Byte if Not Greater (ZF=1 | SF!=OF)
OptCategory[NN_setnge] = 2; // Set Byte if Not Greater or Equal (SF!=OF)
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
OptCategory[NN_setnl] = 2; // Set Byte if Not Less (SF=OF)
OptCategory[NN_setnle] = 2; // Set Byte if Not Less or Equal (ZF=0 & SF=OF)
OptCategory[NN_setno] = 2; // Set Byte if Not Overflow (OF=0)
OptCategory[NN_setnp] = 2; // Set Byte if Not Parity (PF=0)
OptCategory[NN_setns] = 2; // Set Byte if Not Sign (SF=0)
OptCategory[NN_setnz] = 2; // Set Byte if Not Zero (ZF=0)
OptCategory[NN_seto] = 2; // Set Byte if Overflow (OF=1)
OptCategory[NN_setp] = 2; // Set Byte if Parity (PF=1)
OptCategory[NN_setpe] = 2; // Set Byte if Parity Even (PF=1)
OptCategory[NN_setpo] = 2; // Set Byte if Parity Odd (PF=0)
OptCategory[NN_sets] = 2; // Set Byte if Sign (SF=1)
OptCategory[NN_setz] = 2; // Set Byte if Zero (ZF=1)
OptCategory[NN_sgdt] = 0; // Store Global Descriptor Table Register
OptCategory[NN_sidt] = 0; // Store Interrupt Descriptor Table Register
OptCategory[NN_shld] = 2; // Double Precision Shift Left
OptCategory[NN_shrd] = 2; // Double Precision Shift Right
OptCategory[NN_sldt] = 6; // Store Local Descriptor Table Register
OptCategory[NN_smsw] = 2; // Store Machine Status Word
OptCategory[NN_stc] = 1; // Set Carry Flag
OptCategory[NN_std] = 1; // Set Direction Flag
OptCategory[NN_sti] = 1; // Set Interrupt Flag
OptCategory[NN_stos] = 0; // Store String
OptCategory[NN_str] = 6; // Store Task Register
OptCategory[NN_sub] = 5; // Integer Subtraction
OptCategory[NN_test] = 1; // Logical Compare
OptCategory[NN_verr] = 1; // Verify a Segment for Reading
OptCategory[NN_verw] = 1; // Verify a Segment for Writing
OptCategory[NN_wait] = 1; // Wait until BUSY# Pin is Inactive (HIGH)
OptCategory[NN_xchg] = 0; // Exchange Register/Memory with Register
OptCategory[NN_xlat] = 0; // Table Lookup Translation
OptCategory[NN_xor] = 2; // Logical Exclusive OR
//
// 486 instructions
//
OptCategory[NN_cmpxchg] = 0; // Compare and Exchange
OptCategory[NN_bswap] = 2; // Swap bytes in register
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
OptCategory[NN_xadd] = 0; // t<-dest; dest<-src+dest; src<-t
OptCategory[NN_invd] = 1; // Invalidate Data Cache
OptCategory[NN_wbinvd] = 1; // Invalidate Data Cache (write changes)
OptCategory[NN_invlpg] = 1; // Invalidate TLB entry
//
// Pentium instructions
//
OptCategory[NN_rdmsr] = 8; // Read Machine Status Register
OptCategory[NN_wrmsr] = 1; // Write Machine Status Register
OptCategory[NN_cpuid] = 8; // Get CPU ID
OptCategory[NN_cmpxchg8b] = 0; // Compare and Exchange Eight Bytes
OptCategory[NN_rdtsc] = 8; // Read Time Stamp Counter
OptCategory[NN_rsm] = 1; // Resume from System Management Mode
//
// Pentium Pro instructions
//
OptCategory[NN_cmova] = 0; // Move if Above (CF=0 & ZF=0)
OptCategory[NN_cmovb] = 0; // Move if Below (CF=1)
OptCategory[NN_cmovbe] = 0; // Move if Below or Equal (CF=1 | ZF=1)
OptCategory[NN_cmovg] = 0; // Move if Greater (ZF=0 & SF=OF)
OptCategory[NN_cmovge] = 0; // Move if Greater or Equal (SF=OF)
OptCategory[NN_cmovl] = 0; // Move if Less (SF!=OF)
OptCategory[NN_cmovle] = 0; // Move if Less or Equal (ZF=1 | SF!=OF)
OptCategory[NN_cmovnb] = 0; // Move if Not Below (CF=0)
OptCategory[NN_cmovno] = 0; // Move if Not Overflow (OF=0)
OptCategory[NN_cmovnp] = 0; // Move if Not Parity (PF=0)
OptCategory[NN_cmovns] = 0; // Move if Not Sign (SF=0)
OptCategory[NN_cmovnz] = 0; // Move if Not Zero (ZF=0)
OptCategory[NN_cmovo] = 0; // Move if Overflow (OF=1)
OptCategory[NN_cmovp] = 0; // Move if Parity (PF=1)
OptCategory[NN_cmovs] = 0; // Move if Sign (SF=1)
OptCategory[NN_cmovz] = 0; // Move if Zero (ZF=1)
OptCategory[NN_fcmovb] = 1; // Floating Move if Below
OptCategory[NN_fcmove] = 1; // Floating Move if Equal
OptCategory[NN_fcmovbe] = 1; // Floating Move if Below or Equal
OptCategory[NN_fcmovu] = 1; // Floating Move if Unordered
OptCategory[NN_fcmovnb] = 1; // Floating Move if Not Below
OptCategory[NN_fcmovne] = 1; // Floating Move if Not Equal
OptCategory[NN_fcmovnbe] = 1; // Floating Move if Not Below or Equal
OptCategory[NN_fcmovnu] = 1; // Floating Move if Not Unordered
OptCategory[NN_fcomi] = 1; // FP Compare, result in EFLAGS
OptCategory[NN_fucomi] = 1; // FP Unordered Compare, result in EFLAGS
OptCategory[NN_fcomip] = 1; // FP Compare, result in EFLAGS, pop stack
OptCategory[NN_fucomip] = 1; // FP Unordered Compare, result in EFLAGS, pop stack
OptCategory[NN_rdpmc] = 8; // Read Performance Monitor Counter
//
// FPP instructions
//
OptCategory[NN_fld] = 1; // Load Real ** Infer src is 'n'
OptCategory[NN_fst] = 9; // Store Real
OptCategory[NN_fstp] = 9; // Store Real and Pop
OptCategory[NN_fxch] = 1; // Exchange Registers
OptCategory[NN_fild] = 1; // Load Integer ** Infer src is 'n'
OptCategory[NN_fist] = 0; // Store Integer
OptCategory[NN_fistp] = 0; // Store Integer and Pop
OptCategory[NN_fbld] = 1; // Load BCD
OptCategory[NN_fbstp] = 0; // Store BCD and Pop
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
OptCategory[NN_fadd] = 1; // Add Real
OptCategory[NN_faddp] = 1; // Add Real and Pop
OptCategory[NN_fiadd] = 1; // Add Integer
OptCategory[NN_fsub] = 1; // Subtract Real
OptCategory[NN_fsubp] = 1; // Subtract Real and Pop
OptCategory[NN_fisub] = 1; // Subtract Integer
OptCategory[NN_fsubr] = 1; // Subtract Real Reversed
OptCategory[NN_fsubrp] = 1; // Subtract Real Reversed and Pop
OptCategory[NN_fisubr] = 1; // Subtract Integer Reversed
OptCategory[NN_fmul] = 1; // Multiply Real
OptCategory[NN_fmulp] = 1; // Multiply Real and Pop
OptCategory[NN_fimul] = 1; // Multiply Integer
OptCategory[NN_fdiv] = 1; // Divide Real
OptCategory[NN_fdivp] = 1; // Divide Real and Pop
OptCategory[NN_fidiv] = 1; // Divide Integer
OptCategory[NN_fdivr] = 1; // Divide Real Reversed
OptCategory[NN_fdivrp] = 1; // Divide Real Reversed and Pop
OptCategory[NN_fidivr] = 1; // Divide Integer Reversed
OptCategory[NN_fsqrt] = 1; // Square Root
OptCategory[NN_fscale] = 1; // Scale: st(0) <- st(0) * 2^st(1)
OptCategory[NN_fprem] = 1; // Partial Remainder
OptCategory[NN_frndint] = 1; // Round to Integer
OptCategory[NN_fxtract] = 1; // Extract exponent and significand
OptCategory[NN_fabs] = 1; // Absolute value
OptCategory[NN_fchs] = 1; // Change Sign
OptCategory[NN_fcom] = 1; // Compare Real
OptCategory[NN_fcomp] = 1; // Compare Real and Pop
OptCategory[NN_fcompp] = 1; // Compare Real and Pop Twice
OptCategory[NN_ficom] = 1; // Compare Integer
OptCategory[NN_ficomp] = 1; // Compare Integer and Pop
OptCategory[NN_ftst] = 1; // Test
OptCategory[NN_fxam] = 1; // Examine
OptCategory[NN_fptan] = 1; // Partial tangent
OptCategory[NN_fpatan] = 1; // Partial arctangent
OptCategory[NN_f2xm1] = 1; // 2^x - 1
OptCategory[NN_fyl2x] = 1; // Y * lg2(X)
OptCategory[NN_fyl2xp1] = 1; // Y * lg2(X+1)
OptCategory[NN_fldz] = 1; // Load +0.0
OptCategory[NN_fld1] = 1; // Load +1.0
OptCategory[NN_fldpi] = 1; // Load PI=3.14...
OptCategory[NN_fldl2t] = 1; // Load lg2(10)
OptCategory[NN_fldl2e] = 1; // Load lg2(e)
OptCategory[NN_fldlg2] = 1; // Load lg10(2)
OptCategory[NN_fldln2] = 1; // Load ln(2)
OptCategory[NN_finit] = 1; // Initialize Processor
OptCategory[NN_fninit] = 1; // Initialize Processor (no wait)
OptCategory[NN_fsetpm] = 1; // Set Protected Mode
OptCategory[NN_fldcw] = 1; // Load Control Word
OptCategory[NN_fstcw] = 0; // Store Control Word
OptCategory[NN_fnstcw] = 0; // Store Control Word (no wait)
OptCategory[NN_fstsw] = 2; // Store Status Word to memory or AX
OptCategory[NN_fnstsw] = 2; // Store Status Word (no wait) to memory or AX
OptCategory[NN_fclex] = 1; // Clear Exceptions
OptCategory[NN_fnclex] = 1; // Clear Exceptions (no wait)
OptCategory[NN_fstenv] = 0; // Store Environment
OptCategory[NN_fnstenv] = 0; // Store Environment (no wait)
OptCategory[NN_fldenv] = 1; // Load Environment
OptCategory[NN_fsave] = 0; // Save State
OptCategory[NN_fnsave] = 0; // Save State (no wait)
OptCategory[NN_frstor] = 1; // Restore State ** infer src is 'n'
OptCategory[NN_fincstp] = 1; // Increment Stack Pointer
OptCategory[NN_fdecstp] = 1; // Decrement Stack Pointer
OptCategory[NN_ffree] = 1; // Free Register
OptCategory[NN_fnop] = 1; // No Operation
OptCategory[NN_feni] = 1; // (8087 only)
OptCategory[NN_fneni] = 1; // (no wait) (8087 only)
OptCategory[NN_fdisi] = 1; // (8087 only)
OptCategory[NN_fndisi] = 1; // (no wait) (8087 only)
//
// 80387 instructions
//
OptCategory[NN_fprem1] = 1; // Partial Remainder ( < half )
OptCategory[NN_fsincos] = 1; // t<-cos(st); st<-sin(st); push t
OptCategory[NN_fsin] = 1; // Sine
OptCategory[NN_fcos] = 1; // Cosine
OptCategory[NN_fucom] = 1; // Compare Unordered Real
OptCategory[NN_fucomp] = 1; // Compare Unordered Real and Pop
OptCategory[NN_fucompp] = 1; // Compare Unordered Real and Pop Twice
//
// Instructions added 28.02.96
//
OptCategory[NN_setalc] = 2; // Set AL to Carry Flag **
OptCategory[NN_svdc] = 0; // Save Register and Descriptor
OptCategory[NN_rsdc] = 0; // Restore Register and Descriptor
OptCategory[NN_svldt] = 0; // Save LDTR and Descriptor
OptCategory[NN_rsldt] = 0; // Restore LDTR and Descriptor
OptCategory[NN_svts] = 1; // Save TR and Descriptor
OptCategory[NN_rsts] = 1; // Restore TR and Descriptor
OptCategory[NN_icebp] = 1; // ICE Break Point
OptCategory[NN_loadall] = 0; // Load the entire CPU state from ES:EDI
//
// MMX instructions
//
OptCategory[NN_emms] = 1; // Empty MMX state
OptCategory[NN_movd] = 9; // Move 32 bits
OptCategory[NN_movq] = 9; // Move 64 bits
OptCategory[NN_packsswb] = 1; // Pack with Signed Saturation (Word->Byte)
OptCategory[NN_packssdw] = 1; // Pack with Signed Saturation (Dword->Word)
OptCategory[NN_packuswb] = 1; // Pack with Unsigned Saturation (Word->Byte)
OptCategory[NN_paddb] = 1; // Packed Add Byte
OptCategory[NN_paddw] = 1; // Packed Add Word
OptCategory[NN_paddd] = 1; // Packed Add Dword
OptCategory[NN_paddsb] = 1; // Packed Add with Saturation (Byte)
OptCategory[NN_paddsw] = 1; // Packed Add with Saturation (Word)
OptCategory[NN_paddusb] = 1; // Packed Add Unsigned with Saturation (Byte)
OptCategory[NN_paddusw] = 1; // Packed Add Unsigned with Saturation (Word)
OptCategory[NN_pand] = 1; // Bitwise Logical And
OptCategory[NN_pandn] = 1; // Bitwise Logical And Not
OptCategory[NN_pcmpeqb] = 1; // Packed Compare for Equal (Byte)
OptCategory[NN_pcmpeqw] = 1; // Packed Compare for Equal (Word)
OptCategory[NN_pcmpeqd] = 1; // Packed Compare for Equal (Dword)
OptCategory[NN_pcmpgtb] = 1; // Packed Compare for Greater Than (Byte)
OptCategory[NN_pcmpgtw] = 1; // Packed Compare for Greater Than (Word)
OptCategory[NN_pcmpgtd] = 1; // Packed Compare for Greater Than (Dword)
OptCategory[NN_pmaddwd] = 1; // Packed Multiply and Add
OptCategory[NN_pmulhw] = 1; // Packed Multiply High
OptCategory[NN_pmullw] = 1; // Packed Multiply Low
OptCategory[NN_por] = 1; // Bitwise Logical Or
OptCategory[NN_psllw] = 1; // Packed Shift Left Logical (Word)
OptCategory[NN_pslld] = 1; // Packed Shift Left Logical (Dword)
OptCategory[NN_psllq] = 1; // Packed Shift Left Logical (Qword)
OptCategory[NN_psraw] = 1; // Packed Shift Right Arithmetic (Word)
OptCategory[NN_psrad] = 1; // Packed Shift Right Arithmetic (Dword)
OptCategory[NN_psrlw] = 1; // Packed Shift Right Logical (Word)
OptCategory[NN_psrld] = 1; // Packed Shift Right Logical (Dword)
OptCategory[NN_psrlq] = 1; // Packed Shift Right Logical (Qword)
OptCategory[NN_psubb] = 1; // Packed Subtract Byte
OptCategory[NN_psubw] = 1; // Packed Subtract Word
OptCategory[NN_psubd] = 1; // Packed Subtract Dword
OptCategory[NN_psubsb] = 1; // Packed Subtract with Saturation (Byte)
OptCategory[NN_psubsw] = 1; // Packed Subtract with Saturation (Word)
OptCategory[NN_psubusb] = 1; // Packed Subtract Unsigned with Saturation (Byte)
OptCategory[NN_psubusw] = 1; // Packed Subtract Unsigned with Saturation (Word)
OptCategory[NN_punpckhbw] = 1; // Unpack High Packed Data (Byte->Word)
OptCategory[NN_punpckhwd] = 1; // Unpack High Packed Data (Word->Dword)
OptCategory[NN_punpckhdq] = 1; // Unpack High Packed Data (Dword->Qword)
OptCategory[NN_punpcklbw] = 1; // Unpack Low Packed Data (Byte->Word)
OptCategory[NN_punpcklwd] = 1; // Unpack Low Packed Data (Word->Dword)
OptCategory[NN_punpckldq] = 1; // Unpack Low Packed Data (Dword->Qword)
OptCategory[NN_pxor] = 1; // Bitwise Logical Exclusive Or
//
// Undocumented Deschutes processor instructions
//
OptCategory[NN_fxsave] = 1; // Fast save FP context ** to where?
OptCategory[NN_fxrstor] = 1; // Fast restore FP context ** from where?
// Pentium II instructions
OptCategory[NN_sysenter] = 1; // Fast Transition to System Call Entry Point
OptCategory[NN_sysexit] = 1; // Fast Transition from System Call Entry Point
// 3DNow! instructions
OptCategory[NN_pavgusb] = 1; // Packed 8-bit Unsigned Integer Averaging
OptCategory[NN_pfadd] = 1; // Packed Floating-Point Addition
OptCategory[NN_pfsub] = 1; // Packed Floating-Point Subtraction
OptCategory[NN_pfsubr] = 1; // Packed Floating-Point Reverse Subtraction
OptCategory[NN_pfacc] = 1; // Packed Floating-Point Accumulate
OptCategory[NN_pfcmpge] = 1; // Packed Floating-Point Comparison, Greater or Equal
OptCategory[NN_pfcmpgt] = 1; // Packed Floating-Point Comparison, Greater
OptCategory[NN_pfcmpeq] = 1; // Packed Floating-Point Comparison, Equal
OptCategory[NN_pfmin] = 1; // Packed Floating-Point Minimum
OptCategory[NN_pfmax] = 1; // Packed Floating-Point Maximum
OptCategory[NN_pi2fd] = 1; // Packed 32-bit Integer to Floating-Point
OptCategory[NN_pf2id] = 1; // Packed Floating-Point to 32-bit Integer
OptCategory[NN_pfrcp] = 1; // Packed Floating-Point Reciprocal Approximation
OptCategory[NN_pfrsqrt] = 1; // Packed Floating-Point Reciprocal Square Root Approximation
OptCategory[NN_pfmul] = 1; // Packed Floating-Point Multiplication
OptCategory[NN_pfrcpit1] = 1; // Packed Floating-Point Reciprocal First Iteration Step
OptCategory[NN_pfrsqit1] = 1; // Packed Floating-Point Reciprocal Square Root First Iteration Step
OptCategory[NN_pfrcpit2] = 1; // Packed Floating-Point Reciprocal Second Iteration Step
OptCategory[NN_pmulhrw] = 1; // Packed Floating-Point 16-bit Integer Multiply with rounding
OptCategory[NN_femms] = 1; // Faster entry/exit of the MMX or floating-point state
OptCategory[NN_prefetch] = 1; // Prefetch at least a 32-byte line into L1 data cache
OptCategory[NN_prefetchw] = 1; // Prefetch processor cache line into L1 data cache (mark as modified)
// Pentium III instructions
OptCategory[NN_addps] = 1; // Packed Single-FP Add
OptCategory[NN_addss] = 1; // Scalar Single-FP Add
OptCategory[NN_andnps] = 1; // Bitwise Logical And Not for Single-FP
OptCategory[NN_andps] = 1; // Bitwise Logical And for Single-FP
OptCategory[NN_cmpps] = 1; // Packed Single-FP Compare
OptCategory[NN_cmpss] = 1; // Scalar Single-FP Compare
OptCategory[NN_comiss] = 1; // Scalar Ordered Single-FP Compare and Set EFLAGS
OptCategory[NN_cvtpi2ps] = 1; // Packed signed INT32 to Packed Single-FP conversion
OptCategory[NN_cvtps2pi] = 1; // Packed Single-FP to Packed INT32 conversion
OptCategory[NN_cvtsi2ss] = 1; // Scalar signed INT32 to Single-FP conversion
OptCategory[NN_cvtss2si] = 2; // Scalar Single-FP to signed INT32 conversion