documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005
CACE technologies. All rights reserved.00001 /* 00002 * Copyright (c) 2002 - 2003 00003 * NetGroup, Politecnico di Torino (Italy) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino nor the names of its 00016 * contributors may be used to endorse or promote products derived from 00017 * this software without specific prior written permission. 00018 * 00019 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00020 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00021 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00022 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00023 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00024 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00025 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00026 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00027 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00028 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00029 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00030 * 00031 */ 00032 00041 // 00042 // Registers 00043 // 00044 #define EAX 0 00045 #define ECX 1 00046 #define EDX 2 00047 #define EBX 3 00048 #define ESP 4 00049 #define EBP 5 00050 #define ESI 6 00051 #define EDI 7 00052 00053 #define AX 0 00054 #define CX 1 00055 #define DX 2 00056 #define BX 3 00057 #define SP 4 00058 #define BP 5 00059 #define SI 6 00060 #define DI 7 00061 00062 #define AL 0 00063 #define CL 1 00064 #define DL 2 00065 #define BL 3 00066 00068 typedef struct binary_stream{ 00069 INT cur_ip; 00070 INT bpf_pc; 00071 PCHAR ibuf; 00072 PUINT refs; 00073 }binary_stream; 00074 00075 00081 typedef UINT (*BPF_filter_function)( binary_stream *, ULONG, UINT); 00082 00091 typedef void (*emit_func)(binary_stream *stream, ULONG value, UINT n); 00092 00094 typedef struct JIT_BPF_Filter{ 00095 BPF_filter_function Function; 00096 PINT mem; 00097 } 00098 JIT_BPF_Filter; 00099 00100 00101 00102 00103 /**************************/ 00104 /* X86 INSTRUCTION MACROS */ 00105 /**************************/ 00106 00108 #define MOVid(r32, i32) \ 00109 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); 00110 00112 #define MOVrd(dr32, sr32) \ 00113 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00114 00116 #define MOVodd(dr32, sr32, off) \ 00117 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00118 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00119 emitm(&stream, off, 1); 00120 00122 #define MOVobd(dr32, sr32, or32) \ 00123 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00124 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00125 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00126 00128 #define MOVobw(dr32, sr32, or32) \ 00129 emitm(&stream, 0x66, 1); \ 00130 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00131 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00132 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00133 00135 #define MOVobb(dr8, sr32, or32) \ 00136 emitm(&stream, 0x8a, 1); \ 00137 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\ 00138 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00139 00141 #define MOVomd(dr32, or32, sr32) \ 00142 emitm(&stream, 0x89, 1); \ 00143 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\ 00144 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1); 00145 00147 #define BSWAP(dr32) \ 00148 emitm(&stream, 0xf, 1); \ 00149 emitm(&stream, 0x19 << 3 | dr32 , 1); 00150 00152 #define SWAP_AX() \ 00153 emitm(&stream, 0x86, 1); \ 00154 emitm(&stream, 0xc4 , 1); 00155 00157 #define PUSH(r32) \ 00158 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); 00159 00161 #define POP(r32) \ 00162 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); 00163 00165 #define RET() \ 00166 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); 00167 00169 #define ADDrd(dr32, sr32) \ 00170 emitm(&stream, 0x03, 1);\ 00171 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00172 00174 #define ADD_EAXi(i32) \ 00175 emitm(&stream, 0x05, 1);\ 00176 emitm(&stream, i32, 4); 00177 00179 #define ADDid(r32, i32) \ 00180 emitm(&stream, 0x81, 1);\ 00181 emitm(&stream, 24 << 3 | r32, 1);\ 00182 emitm(&stream, i32, 4); 00183 00185 #define ADDib(r32, i8) \ 00186 emitm(&stream, 0x83, 1);\ 00187 emitm(&stream, 24 << 3 | r32, 1);\ 00188 emitm(&stream, i8, 1); 00189 00191 #define SUBrd(dr32, sr32) \ 00192 emitm(&stream, 0x2b, 1);\ 00193 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00194 00196 #define SUB_EAXi(i32) \ 00197 emitm(&stream, 0x2d, 1);\ 00198 emitm(&stream, i32, 4); 00199 00201 #define MULrd(r32) \ 00202 emitm(&stream, 0xf7, 1);\ 00203 emitm(&stream, 7 << 5 | (r32 & 0x7), 1); 00204 00206 #define DIVrd(r32) \ 00207 emitm(&stream, 0xf7, 1);\ 00208 emitm(&stream, 15 << 4 | (r32 & 0x7), 1); 00209 00211 #define ANDib(r8, i8) \ 00212 emitm(&stream, 0x80, 1);\ 00213 emitm(&stream, 7 << 5 | r8, 1);\ 00214 emitm(&stream, i8, 1); 00215 00217 #define ANDid(r32, i32) \ 00218 if (r32 == EAX){ \ 00219 emitm(&stream, 0x25, 1);\ 00220 emitm(&stream, i32, 4);}\ 00221 else{ \ 00222 emitm(&stream, 0x81, 1);\ 00223 emitm(&stream, 7 << 5 | r32, 1);\ 00224 emitm(&stream, i32, 4);} 00225 00227 #define ANDrd(dr32, sr32) \ 00228 emitm(&stream, 0x23, 1);\ 00229 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00230 00232 #define ORrd(dr32, sr32) \ 00233 emitm(&stream, 0x0b, 1);\ 00234 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00235 00237 #define ORid(r32, i32) \ 00238 if (r32 == EAX){ \ 00239 emitm(&stream, 0x0d, 1);\ 00240 emitm(&stream, i32, 4);}\ 00241 else{ \ 00242 emitm(&stream, 0x81, 1);\ 00243 emitm(&stream, 25 << 3 | r32, 1);\ 00244 emitm(&stream, i32, 4);} 00245 00247 #define SHLib(r32, i8) \ 00248 emitm(&stream, 0xc1, 1);\ 00249 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\ 00250 emitm(&stream, i8, 1); 00251 00253 #define SHL_CLrb(dr32) \ 00254 emitm(&stream, 0xd3, 1);\ 00255 emitm(&stream, 7 << 5 | dr32 & 0x7, 1); 00256 00258 #define SHRib(r32, i8) \ 00259 emitm(&stream, 0xc1, 1);\ 00260 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\ 00261 emitm(&stream, i8, 1); 00262 00264 #define SHR_CLrb(dr32) \ 00265 emitm(&stream, 0xd3, 1);\ 00266 emitm(&stream, 29 << 3 | dr32 & 0x7, 1); 00267 00269 #define NEGd(r32) \ 00270 emitm(&stream, 0xf7, 1);\ 00271 emitm(&stream, 27 << 3 | r32 & 0x7, 1); 00272 00274 #define CMPodd(dr32, sr32, off) \ 00275 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \ 00276 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00277 emitm(&stream, off, 1); 00278 00280 #define CMPrd(dr32, sr32) \ 00281 emitm(&stream, 0x3b, 1); \ 00282 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00283 00285 #define CMPid(dr32, i32) \ 00286 if (dr32 == EAX){ \ 00287 emitm(&stream, 0x3d, 1); \ 00288 emitm(&stream, i32, 4);} \ 00289 else{ \ 00290 emitm(&stream, 0x81, 1); \ 00291 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\ 00292 emitm(&stream, i32, 4);} 00293 00295 #define JNEb(off8) \ 00296 emitm(&stream, 0x75, 1);\ 00297 emitm(&stream, off8, 1); 00298 00300 #define JE(off32) \ 00301 emitm(&stream, 0x0f, 1);\ 00302 emitm(&stream, 0x84, 1);\ 00303 emitm(&stream, off32, 4); 00304 00306 #define JLE(off32) \ 00307 emitm(&stream, 0x0f, 1);\ 00308 emitm(&stream, 0x8e, 1);\ 00309 emitm(&stream, off32, 4); 00310 00312 #define JLEb(off8) \ 00313 emitm(&stream, 0x7e, 1);\ 00314 emitm(&stream, off8, 1); 00315 00317 #define JA(off32) \ 00318 emitm(&stream, 0x0f, 1);\ 00319 emitm(&stream, 0x87, 1);\ 00320 emitm(&stream, off32, 4); 00321 00323 #define JAE(off32) \ 00324 emitm(&stream, 0x0f, 1);\ 00325 emitm(&stream, 0x83, 1);\ 00326 emitm(&stream, off32, 4); 00327 00329 #define JG(off32) \ 00330 emitm(&stream, 0x0f, 1);\ 00331 emitm(&stream, 0x8f, 1);\ 00332 emitm(&stream, off32, 4); 00333 00335 #define JGE(off32) \ 00336 emitm(&stream, 0x0f, 1);\ 00337 emitm(&stream, 0x8d, 1);\ 00338 emitm(&stream, off32, 4); 00339 00341 #define JMP(off32) \ 00342 emitm(&stream, 0xe9, 1);\ 00343 emitm(&stream, off32, 4); 00344 00353 /**************************/ 00354 /* Prototypes */ 00355 /**************************/ 00356 00374 JIT_BPF_Filter* BPF_jitter(struct bpf_insn *fp, INT nins); 00375 00387 BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem); 00394 void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter); 00395
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005
CACE technologies. All rights reserved.