Handle not decodable instructions.

KN4CK3R · KN4CK3R · commit d95a424ffdd1 · 2021-05-13T21:34:09.000+02:00
diff --git a/NativeCore/Shared/DistormHelper.cpp b/NativeCore/Shared/DistormHelper.cpp
@@ -58,99 +58,87 @@ bool AreOperandsStatic(const _DInst &instruction, const int prefixLength)
 	return true;
 }
 
-int GetStaticInstructionBytes(const _DInst &instruction, const uint8_t *data)
+_CodeInfo CreateCodeInfo(const uint8_t* address, int length, const _OffsetType virtualAddress)
 {
 	_CodeInfo info = {};
-	info.codeOffset = reinterpret_cast<_OffsetType>(data);
-	info.code = data;
-	info.codeLen = instruction.size;
+	info.codeOffset = virtualAddress;
+	info.code = address;
+	info.codeLen = length;
 	info.features = DF_NONE;
+
 #ifdef RECLASSNET32
 	info.dt = Decode32Bits;
 #else
 	info.dt = Decode64Bits;
 #endif
 
-	_PrefixState ps = {};
-	memset(ps.pfxIndexer, PFXIDX_NONE, sizeof(int) * PFXIDX_MAX);
-	ps.start = data;
-	ps.last = data;
-
-	prefixes_decode(data, info.codeLen, &ps, info.dt);
+	return info;
+}
 
-	info.codeOffset = reinterpret_cast<_OffsetType>(ps.last);
-	info.code = ps.last;
 
-	const auto prefixLength = static_cast<int>(ps.start - ps.last);
-	info.codeLen -= prefixLength;
+int GetStaticInstructionBytes(const _DInst &instruction, const uint8_t *data)
+{
+	auto info = CreateCodeInfo(data, instruction.size, reinterpret_cast<_OffsetType>(data));
 
-	inst_lookup(&info, &ps);
+	_PrefixState ps = {};
+	int isPrefixed;
+	inst_lookup(&info, &ps, &isPrefixed);
 
-	if (AreOperandsStatic(instruction, prefixLength))
+	if (AreOperandsStatic(instruction, ps.count))
 	{
 		return instruction.size;
 	}
 
-	return instruction.size - info.codeLen;
+	return instruction.size - info.codeLen - ps.count;
 }
 
-_CodeInfo CreateCodeInfo(const RC_Pointer address, const RC_Size length, const RC_Pointer virtualAddress)
-{
-	_CodeInfo info = {};
-	info.codeOffset = reinterpret_cast<_OffsetType>(virtualAddress);
-	info.code = reinterpret_cast<const uint8_t*>(address);
-	info.codeLen = static_cast<int>(length);
-	info.features = DF_NONE;
-
-#ifdef RECLASSNET32
-	info.dt = Decode32Bits;
-#else
-	info.dt = Decode64Bits;
-#endif
-
-	return info;
-}
-
-void FillInstructionData(const RC_Pointer address, const _DInst& instruction, const _DecodedInst& instructionInfo, const bool determineStaticInstructionBytes, InstructionData* data)
+void FillInstructionData(const _CodeInfo& info, const RC_Pointer address, const _DInst& instruction, const bool determineStaticInstructionBytes, InstructionData* data)
 {
 	data->Address = reinterpret_cast<RC_Pointer>(instruction.addr);
-	data->Length = instructionInfo.size;
-	std::memcpy(data->Data, address, instructionInfo.size);
-
-	MultiByteToUnicode(
-		reinterpret_cast<const char*>(instructionInfo.mnemonic.p),
-		data->Instruction,
-		instructionInfo.mnemonic.length
-	);
-	if (instructionInfo.operands.length != 0)
-	{
-		data->Instruction[instructionInfo.mnemonic.length] = ' ';
-
-		MultiByteToUnicode(
-			reinterpret_cast<const char*>(instructionInfo.operands.p),
-			0,
-			data->Instruction,
-			instructionInfo.mnemonic.length + 1,
-			std::min<int>(64 - 1 - instructionInfo.mnemonic.length, instructionInfo.operands.length)
-		);
-	}
+	data->Length = instruction.size;
+	std::memcpy(data->Data, address, instruction.size);
+	data->StaticInstructionBytes = -1;
 
-	if (determineStaticInstructionBytes)
+	if (instruction.flags == FLAG_NOT_DECODABLE)
 	{
-		data->StaticInstructionBytes = GetStaticInstructionBytes(
-			instruction,
-			reinterpret_cast<const uint8_t*>(address)
-		);
+		std::memcpy(data->Instruction, L"???", sizeof(RC_UnicodeChar) * 3);
 	}
 	else
 	{
-		data->StaticInstructionBytes = -1;
+		_DecodedInst instructionInfo = {};
+		distorm_format(&info, &instruction, &instructionInfo);
+		
+		MultiByteToUnicode(
+			reinterpret_cast<const char*>(instructionInfo.mnemonic.p),
+			data->Instruction,
+			instructionInfo.mnemonic.length
+		);
+		if (instructionInfo.operands.length != 0)
+		{
+			data->Instruction[instructionInfo.mnemonic.length] = ' ';
+
+			MultiByteToUnicode(
+				reinterpret_cast<const char*>(instructionInfo.operands.p),
+				0,
+				data->Instruction,
+				instructionInfo.mnemonic.length + 1,
+				std::min<int>(64 - 1 - instructionInfo.mnemonic.length, instructionInfo.operands.length)
+			);
+		}
+
+		if (determineStaticInstructionBytes)
+		{
+			data->StaticInstructionBytes = GetStaticInstructionBytes(
+				instruction,
+				reinterpret_cast<const uint8_t*>(address)
+			);
+		}
 	}
 }
 
 bool DisassembleInstructionsImpl(const RC_Pointer address, const RC_Size length, const RC_Pointer virtualAddress, const bool determineStaticInstructionBytes, EnumerateInstructionCallback callback)
 {
-	auto info = CreateCodeInfo(address, length, virtualAddress);
+	auto info = CreateCodeInfo(static_cast<const uint8_t*>(address), static_cast<int>(length), reinterpret_cast<_OffsetType>(virtualAddress));
 
 	const unsigned MaxInstructions = 50;
 
@@ -169,26 +157,25 @@ bool DisassembleInstructionsImpl(const RC_Pointer address, const RC_Size length,
 
 		for (auto i = 0u; i < count; ++i)
 		{
-			_DecodedInst instructionInfo = {};
-			distorm_format(&info, &decodedInstructions[i], &instructionInfo);
+			const auto& instruction = decodedInstructions[i];
 
 			InstructionData data = {};
-			FillInstructionData(instructionAddress, decodedInstructions[i], instructionInfo, determineStaticInstructionBytes, &data);
+			FillInstructionData(info, instructionAddress, instruction, determineStaticInstructionBytes, &data);
 
 			if (callback(&data) == false)
 			{
 				return true;
 			}
 
-			instructionAddress += decodedInstructions[i].size;
+			instructionAddress += instruction.size;
 		}
 
 		if (res == DECRES_SUCCESS || count == 0)
 		{
 			return true;
 		}
 
-		const auto offset = static_cast<unsigned>(decodedInstructions[count - 1].addr - info.codeOffset);
+		const auto offset = static_cast<unsigned>(decodedInstructions[count - 1].addr + decodedInstructions[count - 1].size - info.codeOffset);
 
 		info.codeOffset += offset;
 		info.code += offset;
