Rizin
unix-like reverse engineering framework and cli tools
analysis_xap.c
Go to the documentation of this file.
1 // SPDX-FileCopyrightText: 2008-2016 pancake <pancake@nopcode.org>
2 // SPDX-License-Identifier: LGPL-3.0-only
3 
4 #include <string.h>
5 #include <rz_types.h>
6 #include <rz_lib.h>
7 #include <rz_asm.h>
8 #include <rz_analysis.h>
9 #include "../asm/arch/xap/dis.c"
10 
11 static int label_off(struct directive *d) {
12  int off = d->d_operand;
13  int lame = off & 0x80;
14 
15  if (!d->d_prefix) {
16  off = (char)(off & 0xff);
17  } else if (d->d_prefix == 1) {
18  off = (short)(off & 0xffff);
19  if (lame) {
20  off -= 0x100;
21  }
22  } else {
23  off = (int)(off & 0xffffff);
24  if (off & 0x800000) {
25  off |= 0xff000000;
26  }
27  if (off & 0x8000) {
28  off -= 0x10000;
29  }
30  if (lame) {
31  off -= 0x100;
32  }
33  }
34  return d->d_off + off;
35 }
36 
37 static inline ut16 i2ut16(struct instruction *in) {
38  return *((uint16_t *)in);
39 }
40 
41 static int xap_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *bytes, int len, RzAnalysisOpMask mask) {
42  struct instruction *in = (struct instruction *)bytes;
43  ut16 lol, ins;
44  struct directive d = { { 0 } };
45  struct state s = { 0 };
46 
47  if (!analysis || !op) {
48  return 2;
49  }
50 
51  memcpy(&ins, bytes, sizeof(ins));
52  memcpy(&lol, bytes, sizeof(ins));
53  s.s_buf = (void *)bytes;
54  s.s_off = addr;
55  s.s_out = NULL;
56  s.s_prefix = 0;
57  memset(&d, '\0', sizeof(struct directive));
58  memcpy(&d.d_inst, s.s_buf, sizeof(d.d_inst));
59  s.s_off += 2;
60  d.d_off = s.s_off;
61  xap_decode(&s, &d);
62  d.d_operand = get_operand(&s, &d);
63 
64  memset(op, 0, sizeof(RzAnalysisOp));
65  op->type = RZ_ANALYSIS_OP_TYPE_UNK;
66  op->size = 2;
67 
68  switch (i2ut16(in)) {
69  case INST_NOP:
70  op->type = RZ_ANALYSIS_OP_TYPE_NOP;
71  break;
72  case INST_BRK:
73  op->type = RZ_ANALYSIS_OP_TYPE_TRAP;
74  break;
75  case INST_BC:
76  op->type = RZ_ANALYSIS_OP_TYPE_TRAP;
77  break;
78  case INST_BRXL:
79  op->type = RZ_ANALYSIS_OP_TYPE_TRAP;
80  break;
81  default:
82  switch (in->in_opcode) {
83  case 0:
84  switch (lol & 0xf) {
85  case 1:
86  case 2:
87  case 3:
88  case 0xa:
89  op->type = RZ_ANALYSIS_OP_TYPE_PUSH;
90  break;
91  case 4:
92  case 5:
93  case 6:
94  case 7:
95  case 0xe:
96  op->type = RZ_ANALYSIS_OP_TYPE_POP;
97  break;
98  }
99  break;
100  case 1:
101  op->type = RZ_ANALYSIS_OP_TYPE_POP;
102  break;
103  case 2:
104  op->type = RZ_ANALYSIS_OP_TYPE_PUSH;
105  break;
106  case 3:
107  case 4:
108  case 7:
109  op->type = RZ_ANALYSIS_OP_TYPE_ADD;
110  break;
111  case 5:
112  case 6:
113  op->type = RZ_ANALYSIS_OP_TYPE_SUB;
114  break;
115  case 8:
116  op->type = RZ_ANALYSIS_OP_TYPE_CMP;
117  break;
118  case 9:
119  switch (in->in_reg) {
120  case 0:
121  op->type = RZ_ANALYSIS_OP_TYPE_MUL;
122  break;
123  case 1:
124  op->type = RZ_ANALYSIS_OP_TYPE_DIV;
125  break;
126  case 2:
127  op->type = RZ_ANALYSIS_OP_TYPE_CMP;
128  break;
129  case 3:
130  // BSR
131  op->type = RZ_ANALYSIS_OP_TYPE_CALL;
132  op->jump = label_off(&d);
133  if (op->jump & 1) {
134  op->jump += 3;
135  }
136  op->fail = addr + 2;
137  op->eob = true;
138  break;
139  }
140  break;
141  case 0xb:
142  op->type = RZ_ANALYSIS_OP_TYPE_OR;
143  break;
144  case 0xc:
145  op->type = RZ_ANALYSIS_OP_TYPE_AND;
146  break;
147  case 0xd:
148  op->type = RZ_ANALYSIS_OP_TYPE_XOR;
149  break;
150  case 0xe:
151  switch (in->in_reg) {
152  case 0: // BRA
153  op->type = RZ_ANALYSIS_OP_TYPE_JMP;
154  op->jump = label_off(&d) + 4;
155  if (op->jump & 1) {
156  op->jump += 3;
157  }
158  op->eob = true;
159  break;
160  case 1:
161  // BLT
162  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
163  op->jump = label_off(&d);
164  if (op->jump & 1) {
165  op->jump += 3;
166  }
167  op->fail = addr + 2;
168  op->eob = true;
169  break;
170  case 2:
171  // BPL
172  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
173  op->jump = label_off(&d);
174  if (op->jump & 1) {
175  op->jump += 3;
176  }
177  op->fail = addr + 2;
178  op->eob = true;
179  break;
180  case 3:
181  // BMI
182  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
183  op->jump = label_off(&d);
184  if (op->jump & 1) {
185  op->jump += 3;
186  }
187  op->fail = addr + 2;
188  op->eob = true;
189  break;
190  }
191  break;
192  case 0xf:
193  switch (in->in_reg) {
194  case 0: // BNE
195  case 1: // BEQ
196  case 2: // BCC
197  case 3: // BCS
198  op->type = RZ_ANALYSIS_OP_TYPE_CJMP;
199  op->jump = label_off(&d);
200  if (op->jump & 1) {
201  op->jump += 3;
202  }
203  op->fail = addr + 2;
204  break;
205  }
206  break;
207  }
208  break;
209  }
210  return op->size;
211 }
212 
213 RzAnalysisPlugin rz_analysis_plugin_xap = {
214  .name = "xap",
215  .desc = "XAP code analysis plugin",
216  .license = "LGPL3",
217  .arch = "xap",
218  .bits = 16,
219  .op = &xap_op,
220 };
221 
222 #ifndef RZ_PLUGIN_INCORE
223 RZ_API RzLibStruct rizin_plugin = {
224  .type = RZ_LIB_TYPE_ANALYSIS,
225  .data = &rz_analysis_plugin_xap,
226  .version = RZ_VERSION
227 };
228 #endif
len
size_t len
Definition: 6502dis.c:15
mask
#define mask()
Definition: analysis_h8300.c:39
label_off
static int label_off(struct directive *d)
Definition: analysis_xap.c:11
rizin_plugin
RZ_API RzLibStruct rizin_plugin
Definition: analysis_xap.c:223
rz_analysis_plugin_xap
RzAnalysisPlugin rz_analysis_plugin_xap
Definition: analysis_xap.c:213
xap_op
static int xap_op(RzAnalysis *analysis, RzAnalysisOp *op, ut64 addr, const ut8 *bytes, int len, RzAnalysisOpMask mask)
Definition: analysis_xap.c:41
i2ut16
static ut16 i2ut16(struct instruction *in)
Definition: analysis_xap.c:37
bytes
static ut8 bytes[32]
Definition: asm_arc.c:23
in
const lzma_allocator const uint8_t * in
Definition: block.h:527
RZ_API
#define RZ_API
Definition: core_plugin_example.c:36
NULL
#define NULL
Definition: cris-opc.c:27
ut16
uint16_t ut16
Definition: demangler_util.h:30
INST_BRK
#define INST_BRK
Definition: dis.h:69
INST_NOP
#define INST_NOP
Definition: dis.h:68
INST_BC
#define INST_BC
Definition: dis.h:75
INST_BRXL
#define INST_BRXL
Definition: dis.h:74
ut8
uint8_t ut8
Definition: lh5801.h:11
memset
return memset(p, 0, total)
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
off
int off
Definition: pal.c:13
s
static RzSocket * s
Definition: rtr.c:28
rz_analysis.h
RzAnalysisOpMask
RzAnalysisOpMask
Definition: rz_analysis.h:439
RZ_ANALYSIS_OP_TYPE_CMP
@ RZ_ANALYSIS_OP_TYPE_CMP
Definition: rz_analysis.h:399
RZ_ANALYSIS_OP_TYPE_SUB
@ RZ_ANALYSIS_OP_TYPE_SUB
Definition: rz_analysis.h:402
RZ_ANALYSIS_OP_TYPE_UNK
@ RZ_ANALYSIS_OP_TYPE_UNK
Definition: rz_analysis.h:388
RZ_ANALYSIS_OP_TYPE_MUL
@ RZ_ANALYSIS_OP_TYPE_MUL
Definition: rz_analysis.h:404
RZ_ANALYSIS_OP_TYPE_JMP
@ RZ_ANALYSIS_OP_TYPE_JMP
Definition: rz_analysis.h:368
RZ_ANALYSIS_OP_TYPE_AND
@ RZ_ANALYSIS_OP_TYPE_AND
Definition: rz_analysis.h:411
RZ_ANALYSIS_OP_TYPE_TRAP
@ RZ_ANALYSIS_OP_TYPE_TRAP
Definition: rz_analysis.h:392
RZ_ANALYSIS_OP_TYPE_CALL
@ RZ_ANALYSIS_OP_TYPE_CALL
Definition: rz_analysis.h:378
RZ_ANALYSIS_OP_TYPE_ADD
@ RZ_ANALYSIS_OP_TYPE_ADD
Definition: rz_analysis.h:401
RZ_ANALYSIS_OP_TYPE_OR
@ RZ_ANALYSIS_OP_TYPE_OR
Definition: rz_analysis.h:410
RZ_ANALYSIS_OP_TYPE_PUSH
@ RZ_ANALYSIS_OP_TYPE_PUSH
Definition: rz_analysis.h:397
RZ_ANALYSIS_OP_TYPE_POP
@ RZ_ANALYSIS_OP_TYPE_POP
Definition: rz_analysis.h:398
RZ_ANALYSIS_OP_TYPE_CJMP
@ RZ_ANALYSIS_OP_TYPE_CJMP
Definition: rz_analysis.h:373
RZ_ANALYSIS_OP_TYPE_DIV
@ RZ_ANALYSIS_OP_TYPE_DIV
Definition: rz_analysis.h:405
RZ_ANALYSIS_OP_TYPE_NOP
@ RZ_ANALYSIS_OP_TYPE_NOP
Definition: rz_analysis.h:389
RZ_ANALYSIS_OP_TYPE_XOR
@ RZ_ANALYSIS_OP_TYPE_XOR
Definition: rz_analysis.h:412
rz_asm.h
rz_lib.h
RZ_LIB_TYPE_ANALYSIS
@ RZ_LIB_TYPE_ANALYSIS
Definition: rz_lib.h:73
rz_types.h
RZ_VERSION
#define RZ_VERSION
Definition: rz_version.h:8
int
static int
Definition: sfsocketcall.h:114
uint16_t
unsigned short uint16_t
Definition: sftypes.h:30
d
#define d(i)
Definition: sha256.c:44
directive
Definition: dis.h:26
rz_analysis_op_t
Definition: rz_analysis.h:811
rz_analysis_plugin_t
Definition: rz_analysis.h:1233
rz_analysis_plugin_t::version
const char * version
Definition: rz_analysis.h:1239
rz_analysis_plugin_t::name
const char * name
Definition: rz_analysis.h:1234
rz_analysis_t
Definition: rz_analysis.h:553
rz_lib_struct_t
Definition: rz_lib.h:57
rz_lib_struct_t::type
int type
Definition: rz_lib.h:58
state
Definition: dis.h:43
op
Definition: dis.c:32
ut64
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
xap_decode
static void xap_decode(struct state *s, struct directive *d)
Definition: dis.c:448
get_operand
static int get_operand(struct state *s, struct directive *d)
Definition: dis.c:86
addr
static int addr
Definition: z80asm.c:58