From 2e37c9aeda254627db0febcc8ad057cdd6fd0ba5 Mon Sep 17 00:00:00 2001 From: oureveryday Date: Tue, 15 Oct 2024 11:27:09 +0800 Subject: [PATCH 1/7] Implement movsq --- lifter/Semantics.cpp | 72 +++++++++++++++++++++++++++++++++++++++++++- lifter/lifterClass.h | 1 + 2 files changed, 72 insertions(+), 1 deletion(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index 623b93c..5fd4338 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -341,6 +341,73 @@ void lifterClass::lift_movsb() { SetOperandValue(SRCop, UpdateSRCvalue); SetOperandValue(DSTop, UpdateDSTvalue); } +void lifterClass::lift_movsq() { + + // DEST := SRC; + // movsq copies 8 bytes (quadword) + // sign = DF (-1/+1) + // incdecv = size*sign (sq means size is 8) + // + + Value* DSTptrvalue = GetOperandValue(operands[1], operands[1].size); + + SetOperandValue(operands[0], DSTptrvalue); + + bool isREP = (instruction.attributes & ZYDIS_ATTRIB_HAS_REP) != 0; + + Value* DF = getFlag(FLAG_DF); + auto eight = ConstantInt::get(DF->getType(), 8); + auto one = ConstantInt::get(DF->getType(), 1); + + // sign = (DF*(DF+1)) - 1 + // v = sign * quadword size (8 bytes) + + Value* Direction = createMulFolder( + createSubFolder(createMulFolder(DF, createAddFolder(DF, one)), one), + eight); + + auto SRCop = operands[2 + isREP]; + auto DSTop = operands[3 + isREP]; + + Value* SRCvalue = GetOperandValue(SRCop, SRCop.size); + Value* DSTvalue = GetOperandValue(DSTop, DSTop.size); + + if (isREP) { + Value* count = GetOperandValue(operands[2], operands[2].size); + if (auto countci = dyn_cast(count)) { + Value* UpdateSRCvalue = SRCvalue; + Value* UpdateDSTvalue = DSTvalue; + uint64_t looptime = countci->getZExtValue(); + + for (int i = looptime; i > 0; i--) { + DSTptrvalue = GetOperandValue(operands[1], operands[1].size); + + SetOperandValue(operands[0], DSTptrvalue); + + UpdateSRCvalue = createAddFolder(UpdateSRCvalue, Direction); + UpdateDSTvalue = createAddFolder(UpdateDSTvalue, Direction); + + SetOperandValue(SRCop, UpdateSRCvalue); + SetOperandValue(DSTop, UpdateDSTvalue); + + if (i > 1) + debugging::increaseInstCounter(); + } + + SetOperandValue(operands[2], ConstantInt::get(count->getType(), 0)); + + return; + } else { + UNREACHABLE("fix rep"); + } + } + + Value* UpdateSRCvalue = createAddFolder(SRCvalue, Direction); + Value* UpdateDSTvalue = createAddFolder(DSTvalue, Direction); + + SetOperandValue(SRCop, UpdateSRCvalue); + SetOperandValue(DSTop, UpdateDSTvalue); +} void lifterClass::lift_movaps() { auto dest = operands[0]; auto src = operands[1]; @@ -3673,7 +3740,10 @@ void lifterClass::liftInstructionSemantics() { lift_movsb(); break; } - + case ZYDIS_MNEMONIC_MOVSQ: { + lift_movsq(); + break; + } // cmov case ZYDIS_MNEMONIC_CMOVZ: { lift_cmovz(); diff --git a/lifter/lifterClass.h b/lifter/lifterClass.h index 761f257..8aadef4 100644 --- a/lifter/lifterClass.h +++ b/lifter/lifterClass.h @@ -409,6 +409,7 @@ class lifterClass { // semantics definition DEFINE_FUNCTION(movsb); + DEFINE_FUNCTION(movsq); DEFINE_FUNCTION(movaps); DEFINE_FUNCTION(mov); DEFINE_FUNCTION(cmovbz); From 45d22b97fb63166c811fbce983ca6ba8d577ec3c Mon Sep 17 00:00:00 2001 From: oureveryday Date: Wed, 16 Oct 2024 16:11:08 +0800 Subject: [PATCH 2/7] Implement movsX --- lifter/Semantics.cpp | 118 ++++++++----------------------------------- lifter/lifterClass.h | 3 +- 2 files changed, 22 insertions(+), 99 deletions(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index 5fd4338..cfc7c24 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -259,112 +259,29 @@ void lifterClass::branchHelper(Value* condition, const string& instname, // cout << "pathInfo:" << pathInfo << " dest: " << destination << // "\n"; } - -void lifterClass::lift_movsb() { - - // DEST := SRC; - // [esi] = [edi] - // sign = DF (-1/+1) - // incdecv = size*sign (sb means size is 1) - // esi += incdecv - // edi += incdecv - // - - // Value* SRCptrvalue = - // GetOperandValue(operands[0],operands[0].size); - - Value* DSTptrvalue = GetOperandValue(operands[1], operands[1].size); - - SetOperandValue(operands[0], DSTptrvalue); - - bool isREP = (instruction.attributes & ZYDIS_ATTRIB_HAS_REP) != 0; - - Value* DF = getFlag(FLAG_DF); - auto one = ConstantInt::get(DF->getType(), 1); - // sign = (x*(x+1)) - 1 - // v = sign * bytesize ; bytesize is 1 - - Value* Direction = - createSubFolder(createMulFolder(DF, createAddFolder(DF, one)), one); - - auto SRCop = operands[2 + isREP]; - auto DSTop = operands[3 + isREP]; - - Value* SRCvalue = GetOperandValue(SRCop, SRCop.size); - Value* DSTvalue = GetOperandValue(DSTop, DSTop.size); - - if (isREP) { - // if REP, operands[1] will be e/rax - // in that case, repeat and decrement e/rax until its 0 - - // we can create a loop but I dont know how that would effect our - // optimizations - Value* count = GetOperandValue(operands[2], operands[2].size); - if (auto countci = dyn_cast(count)) { - Value* UpdateSRCvalue = SRCvalue; - Value* UpdateDSTvalue = DSTvalue; - uint64_t looptime = countci->getZExtValue(); - printvalue2(looptime); - - for (int i = looptime; i > 0; i--) { - // TODO: fix this loop - - // Value* SRCptrvalue = GetOperandValue( - // operands[0], - // operands[0].size); - DSTptrvalue = GetOperandValue(operands[1], operands[1].size); - - SetOperandValue(operands[0], DSTptrvalue); - - UpdateSRCvalue = createAddFolder(UpdateSRCvalue, Direction); - UpdateDSTvalue = createAddFolder(UpdateDSTvalue, Direction); - printvalue(UpdateDSTvalue) printvalue(UpdateSRCvalue); - - SetOperandValue(SRCop, UpdateSRCvalue); - SetOperandValue(DSTop, UpdateDSTvalue); - // bad cheat - if (i > 1) - debugging::increaseInstCounter(); - } - - SetOperandValue(operands[2], ConstantInt::get(count->getType(), 0)); - - return; - } else { - UNREACHABLE("fix rep"); - } - } - - Value* UpdateSRCvalue = createAddFolder(SRCvalue, Direction); - Value* UpdateDSTvalue = createAddFolder(DSTvalue, Direction); - - SetOperandValue(SRCop, UpdateSRCvalue); - SetOperandValue(DSTop, UpdateDSTvalue); -} -void lifterClass::lift_movsq() { +void lifterClass::lift_movsX() { + // Get the size based on the operand + int size = operands[1].size; // DEST := SRC; - // movsq copies 8 bytes (quadword) + // Parameterize size and direction // sign = DF (-1/+1) - // incdecv = size*sign (sq means size is 8) - // - - Value* DSTptrvalue = GetOperandValue(operands[1], operands[1].size); + // incdecv = size*sign + Value* DSTptrvalue = GetOperandValue(operands[1], size); SetOperandValue(operands[0], DSTptrvalue); bool isREP = (instruction.attributes & ZYDIS_ATTRIB_HAS_REP) != 0; Value* DF = getFlag(FLAG_DF); - auto eight = ConstantInt::get(DF->getType(), 8); + auto byteSize = ConstantInt::get(DF->getType(), size); auto one = ConstantInt::get(DF->getType(), 1); // sign = (DF*(DF+1)) - 1 - // v = sign * quadword size (8 bytes) - + // v = sign * byteSize Value* Direction = createMulFolder( createSubFolder(createMulFolder(DF, createAddFolder(DF, one)), one), - eight); + byteSize); auto SRCop = operands[2 + isREP]; auto DSTop = operands[3 + isREP]; @@ -380,8 +297,7 @@ void lifterClass::lift_movsq() { uint64_t looptime = countci->getZExtValue(); for (int i = looptime; i > 0; i--) { - DSTptrvalue = GetOperandValue(operands[1], operands[1].size); - + DSTptrvalue = GetOperandValue(operands[1], size); SetOperandValue(operands[0], DSTptrvalue); UpdateSRCvalue = createAddFolder(UpdateSRCvalue, Direction); @@ -395,7 +311,6 @@ void lifterClass::lift_movsq() { } SetOperandValue(operands[2], ConstantInt::get(count->getType(), 0)); - return; } else { UNREACHABLE("fix rep"); @@ -408,6 +323,7 @@ void lifterClass::lift_movsq() { SetOperandValue(SRCop, UpdateSRCvalue); SetOperandValue(DSTop, UpdateDSTvalue); } + void lifterClass::lift_movaps() { auto dest = operands[0]; auto src = operands[1]; @@ -3737,11 +3653,19 @@ void lifterClass::liftInstructionSemantics() { break; } case ZYDIS_MNEMONIC_MOVSB: { - lift_movsb(); + lift_movsX(); + break; + } + case ZYDIS_MNEMONIC_MOVSW: { + lift_movsX(); + break; + } + case ZYDIS_MNEMONIC_MOVSD: { + lift_movsX(); break; } case ZYDIS_MNEMONIC_MOVSQ: { - lift_movsq(); + lift_movsX(); break; } // cmov diff --git a/lifter/lifterClass.h b/lifter/lifterClass.h index 8aadef4..aa82700 100644 --- a/lifter/lifterClass.h +++ b/lifter/lifterClass.h @@ -408,8 +408,7 @@ class lifterClass { // end folders // semantics definition - DEFINE_FUNCTION(movsb); - DEFINE_FUNCTION(movsq); + DEFINE_FUNCTION(movsX); DEFINE_FUNCTION(movaps); DEFINE_FUNCTION(mov); DEFINE_FUNCTION(cmovbz); From 80bfe9e9febd4d8ac52ec06fa6e815f2a3c52716 Mon Sep 17 00:00:00 2001 From: oureveryday Date: Wed, 16 Oct 2024 23:33:18 +0800 Subject: [PATCH 3/7] Update Semantics.cpp --- lifter/Semantics.cpp | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index cfc7c24..3158b4c 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -3652,18 +3652,9 @@ void lifterClass::liftInstructionSemantics() { lift_mov(); break; } - case ZYDIS_MNEMONIC_MOVSB: { - lift_movsX(); - break; - } - case ZYDIS_MNEMONIC_MOVSW: { - lift_movsX(); - break; - } - case ZYDIS_MNEMONIC_MOVSD: { - lift_movsX(); - break; - } + case ZYDIS_MNEMONIC_MOVSB: + case ZYDIS_MNEMONIC_MOVSW: + case ZYDIS_MNEMONIC_MOVSD: case ZYDIS_MNEMONIC_MOVSQ: { lift_movsX(); break; From 9711ef5a3f8a6d1da59a759a6110eba0fbc9773c Mon Sep 17 00:00:00 2001 From: oureveryday Date: Thu, 17 Oct 2024 10:43:02 +0800 Subject: [PATCH 4/7] Update Direction --- lifter/Semantics.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index 3158b4c..bc2095c 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -12,6 +12,8 @@ #include #include +#define __directionSize__ 64 + FunctionType* lifterClass::parseArgsType(funcsignatures::functioninfo* funcInfo, LLVMContext& context) { if (!funcInfo) { @@ -260,6 +262,7 @@ void lifterClass::branchHelper(Value* condition, const string& instname, // "\n"; } void lifterClass::lift_movsX() { + LLVMContext& context = builder.getContext(); // Get the size based on the operand int size = operands[1].size; @@ -275,13 +278,14 @@ void lifterClass::lift_movsX() { Value* DF = getFlag(FLAG_DF); auto byteSize = ConstantInt::get(DF->getType(), size); - auto one = ConstantInt::get(DF->getType(), 1); // sign = (DF*(DF+1)) - 1 // v = sign * byteSize - Value* Direction = createMulFolder( - createSubFolder(createMulFolder(DF, createAddFolder(DF, one)), one), - byteSize); + + auto byteSizeValue = dyn_cast(byteSize)->getSExtValue(); + + Value* Direction = createSelectFolder(DF, ConstantInt::get(Type::getIntNTy(context, __directionSize__),1 * byteSizeValue), + ConstantInt::get(Type::getIntNTy(context, __directionSize__),-1 * byteSizeValue)); auto SRCop = operands[2 + isREP]; auto DSTop = operands[3 + isREP]; From 6c27a7e2a6b4aab95cf281d1a30e3a4905ab0e1e Mon Sep 17 00:00:00 2001 From: naci Date: Fri, 18 Oct 2024 15:13:59 +0300 Subject: [PATCH 5/7] fix direction and DF issues --- lifter/OperandUtils.cpp | 6 ++---- lifter/Semantics.cpp | 14 ++++++-------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/lifter/OperandUtils.cpp b/lifter/OperandUtils.cpp index fe50b55..5dfa8cc 100644 --- a/lifter/OperandUtils.cpp +++ b/lifter/OperandUtils.cpp @@ -1147,8 +1147,7 @@ Value* lifterClass::setFlag(const Flag flag, Value* newValue) { LLVMContext& context = builder.getContext(); newValue = createTruncFolder(newValue, Type::getInt1Ty(context)); printvalue2((int32_t)flag) printvalue(newValue); - if (flag == FLAG_RESERVED1 || flag == FLAG_RESERVED5 || flag == FLAG_IF || - flag == FLAG_DF) + if (flag == FLAG_RESERVED1 || flag == FLAG_RESERVED5 || flag == FLAG_IF) return nullptr; FlagList[flag].set(newValue); // Set the new value directly @@ -1158,8 +1157,7 @@ Value* lifterClass::setFlag(const Flag flag, Value* newValue) { void lifterClass::setFlag(const Flag flag, std::function calculation) { // If the flag is one of the reserved ones, do not modify - if (flag == FLAG_RESERVED1 || flag == FLAG_RESERVED5 || flag == FLAG_IF || - flag == FLAG_DF) + if (flag == FLAG_RESERVED1 || flag == FLAG_RESERVED5 || flag == FLAG_IF) return; // lazy calculation diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index bc2095c..1b77391 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -12,8 +12,6 @@ #include #include -#define __directionSize__ 64 - FunctionType* lifterClass::parseArgsType(funcsignatures::functioninfo* funcInfo, LLVMContext& context) { if (!funcInfo) { @@ -277,19 +275,19 @@ void lifterClass::lift_movsX() { bool isREP = (instruction.attributes & ZYDIS_ATTRIB_HAS_REP) != 0; Value* DF = getFlag(FLAG_DF); - auto byteSize = ConstantInt::get(DF->getType(), size); // sign = (DF*(DF+1)) - 1 // v = sign * byteSize - auto byteSizeValue = dyn_cast(byteSize)->getSExtValue(); - - Value* Direction = createSelectFolder(DF, ConstantInt::get(Type::getIntNTy(context, __directionSize__),1 * byteSizeValue), - ConstantInt::get(Type::getIntNTy(context, __directionSize__),-1 * byteSizeValue)); + auto byteSizeValue = size; auto SRCop = operands[2 + isREP]; auto DSTop = operands[3 + isREP]; - + printvalue(DF); + Value* Direction = createSelectFolder(DF, ConstantInt::get(Type::getIntNTy(context, SRCop.size),1 * byteSizeValue), + ConstantInt::get(Type::getIntNTy(context, SRCop.size),-1 * byteSizeValue)); + printvalue(Direction); + Value* SRCvalue = GetOperandValue(SRCop, SRCop.size); Value* DSTvalue = GetOperandValue(DSTop, DSTop.size); From 5b27df69c219c070fff131212f5e2b0123d607fb Mon Sep 17 00:00:00 2001 From: naci Date: Fri, 18 Oct 2024 15:15:09 +0300 Subject: [PATCH 6/7] rename movsX because movsx already exists (mov sign extend) --- lifter/Semantics.cpp | 2 +- lifter/lifterClass.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index 1b77391..beee180 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -3658,7 +3658,7 @@ void lifterClass::liftInstructionSemantics() { case ZYDIS_MNEMONIC_MOVSW: case ZYDIS_MNEMONIC_MOVSD: case ZYDIS_MNEMONIC_MOVSQ: { - lift_movsX(); + lift_movs_X(); break; } // cmov diff --git a/lifter/lifterClass.h b/lifter/lifterClass.h index aa82700..0d5bfbf 100644 --- a/lifter/lifterClass.h +++ b/lifter/lifterClass.h @@ -408,7 +408,7 @@ class lifterClass { // end folders // semantics definition - DEFINE_FUNCTION(movsX); + DEFINE_FUNCTION(movs_X); DEFINE_FUNCTION(movaps); DEFINE_FUNCTION(mov); DEFINE_FUNCTION(cmovbz); From ecbf49afddb714f04d605f12e2c1845c1269b351 Mon Sep 17 00:00:00 2001 From: naci Date: Fri, 18 Oct 2024 15:17:24 +0300 Subject: [PATCH 7/7] Update Semantics.cpp --- lifter/Semantics.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lifter/Semantics.cpp b/lifter/Semantics.cpp index beee180..ff8aed9 100644 --- a/lifter/Semantics.cpp +++ b/lifter/Semantics.cpp @@ -259,7 +259,7 @@ void lifterClass::branchHelper(Value* condition, const string& instname, // cout << "pathInfo:" << pathInfo << " dest: " << destination << // "\n"; } -void lifterClass::lift_movsX() { +void lifterClass::lift_movs_X() { LLVMContext& context = builder.getContext(); // Get the size based on the operand int size = operands[1].size;