Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add UD0_COMPAT decoder mode #477

Merged
merged 2 commits into from
Jan 26, 2024
Merged

Add UD0_COMPAT decoder mode #477

merged 2 commits into from
Jan 26, 2024

Conversation

flobernd
Copy link
Member

Closes #436

@flobernd flobernd requested a review from athre0z January 22, 2024 10:14
@jpidancet
Copy link
Contributor

jpidancet commented Jan 22, 2024
edited
Loading

Hi @flobernd, thanks a lot for working on this.
I verified your changes give the expected results using this simple program:

#include <Zydis.h>
#include <assert.h>

int main(void)
{
	ZydisDecoder decoder;
	const char data[4] = "\x0f\xff\x00\x00";
	ZydisDecodedInstruction instruction;
	ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];
	ZyanStatus status;

	ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64,
			 ZYDIS_STACK_WIDTH_64);
	ZydisDecoderEnableMode(&decoder, ZYDIS_DECODER_MODE_UD0_COMPAT, ZYAN_FALSE);
	status = ZydisDecoderDecodeFull(&decoder,
					data, sizeof(data),
					&instruction,
					operands);
	assert(ZYAN_SUCCESS(status));
	assert(instruction.mnemonic == ZYDIS_MNEMONIC_UD0);
	assert(instruction.length == 3);

	ZydisDecoderEnableMode(&decoder, ZYDIS_DECODER_MODE_UD0_COMPAT, ZYAN_TRUE);
	status = ZydisDecoderDecodeFull(&decoder,
					data, sizeof(data),
					&instruction,
					operands);

	assert(ZYAN_SUCCESS(status));
	assert(instruction.mnemonic == ZYDIS_MNEMONIC_UD0);
	assert(instruction.length == 2);

	return 0;	
}

@flobernd
Copy link
Member Author

I think the encoder does not like this new mode. Maybe @mappzor can have a look 🙂

@mappzor
Copy link
Contributor

mappzor commented Jan 22, 2024

Encoder itself is fine, it can encode everything based on mnemonics, signatures and encodings. ZydisFuzzEncoder starts with a random encoder request, so it needs to figure out how to configure decoder for verification purposes.

I would just add this piece of code here:

    if (request.mnemonic == ZYDIS_MNEMONIC_UD0 && request.operand_count == 0)
    {
        status = ZydisDecoderEnableMode(&decoder, ZYDIS_DECODER_MODE_UD0_COMPAT, ZYAN_TRUE);
        if (!ZYAN_SUCCESS(status))
        {
            fputs("Failed to enable UD0_COMPAT mode\n", ZYAN_STDERR);
            abort();
        }
    }

@flobernd flobernd merged commit 15e38ac into master Jan 26, 2024
13 checks passed
@flobernd flobernd deleted the ud0-compat branch January 26, 2024 19:34
athre0z pushed a commit that referenced this pull request Feb 4, 2024
@flobernd @athre0z
Add UD0_COMPAT decoder mode (#477)
87938cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@athre0z athre0z athre0z approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UD0 instruction without ModRM byte
4 participants
@flobernd @jpidancet @mappzor @athre0z