diff options
Diffstat (limited to 'subx')
-rw-r--r-- | subx/012indirect_addressing.cc | 6 | ||||
-rw-r--r-- | subx/016functions.cc | 77 |
2 files changed, 80 insertions, 3 deletions
diff --git a/subx/012indirect_addressing.cc b/subx/012indirect_addressing.cc index f4e8c665..0acd7a1e 100644 --- a/subx/012indirect_addressing.cc +++ b/subx/012indirect_addressing.cc @@ -323,11 +323,11 @@ case 0x8b: { // copy r32 to r/m32 -run: inst: 0x00000003 :(before "End Single-Byte Opcodes") -case 0xff: { // jump to r/m32 +case 0xff: { uint8_t modrm = next(); uint8_t subop = (modrm>>3)&0x7; // middle 3 'reg opcode' bits switch (subop) { - case 4: { + case 4: { // jump to r/m32 trace(2, "run") << "jump to effective address" << end(); int32_t* arg2 = effective_address(modrm); EIP = *arg2; @@ -353,7 +353,7 @@ case 0xff: { // jump to r/m32 +run: pushing value 0x000000af :(before "End Op ff Subops") -case 6: { +case 6: { // push r/m32 to stack trace(2, "run") << "push effective address" << end(); const int32_t* val = effective_address(modrm); push(*val); diff --git a/subx/016functions.cc b/subx/016functions.cc new file mode 100644 index 00000000..7837f080 --- /dev/null +++ b/subx/016functions.cc @@ -0,0 +1,77 @@ +//:: call + +:(scenario call_imm32) +% Reg[ESP].u = 0x64; +# op ModRM SIB displacement immediate + e8 a0 00 00 00 # call function offset at 0x000000a0 + # next EIP is 6 ++run: call imm32 0x000000a0 ++run: decrementing ESP to 0x00000060 ++run: pushing value 0x00000006 ++run: jumping to 0x000000a6 + +:(before "End Single-Byte Opcodes") +case 0xe8: { // call imm32 relative to next EIP + int32_t offset = imm32(); + trace(2, "run") << "call imm32 0x" << HEXWORD << offset << end(); + push(EIP); + EIP += offset; + trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end(); + break; +} + +//: + +:(scenario call_r32) +% Reg[ESP].u = 0x64; +% Reg[EBX].u = 0x000000a0; +# op ModRM SIB displacement immediate + ff d3 # call function offset at EBX (reg 3) + # next EIP is 3 ++run: call to effective address ++run: effective address is reg 3 ++run: decrementing ESP to 0x00000060 ++run: pushing value 0x00000003 ++run: jumping to 0x000000a3 + +:(before "End Op ff Subops") +case 2: { // call function pointer at r/m32 + trace(2, "run") << "call to effective address" << end(); + int32_t* offset = effective_address(modrm); + push(EIP); + EIP += *offset; + trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end(); + break; +} + +:(scenario call_mem_at_r32) +% Reg[ESP].u = 0x64; +% Reg[EBX].u = 0x10; +% SET_WORD_IN_MEM(0x10, 0x000000a0); +# op ModRM SIB displacement immediate + ff 13 # call function offset at *EBX (reg 3) + # next EIP is 3 ++run: call to effective address ++run: effective address is mem at address 0x10 (reg 3) ++run: decrementing ESP to 0x00000060 ++run: pushing value 0x00000003 ++run: jumping to 0x000000a3 + +//:: ret + +:(scenario ret) +% Reg[ESP].u = 0x60; +% SET_WORD_IN_MEM(0x60, 0x00000010); +# op ModRM SIB displacement immediate + c3 ++run: return ++run: popping value 0x00000010 ++run: jumping to 0x00000010 + +:(before "End Single-Byte Opcodes") +case 0xc3: { // return from a call + trace(2, "run") << "return" << end(); + EIP = pop(); + trace(2, "run") << "jumping to 0x" << HEXWORD << EIP << end(); + break; +} |