From ebed4cd728e69ce627440178617e16225457a085 Mon Sep 17 00:00:00 2001 From: Thomas Harte Date: Tue, 8 Mar 2022 19:57:10 -0500 Subject: [PATCH] Introduce failing 32-bit parsing test. --- .../Mac/Clock SignalTests/x86DecoderTests.mm | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/OSBindings/Mac/Clock SignalTests/x86DecoderTests.mm b/OSBindings/Mac/Clock SignalTests/x86DecoderTests.mm index 78f0689f1..3a8375356 100644 --- a/OSBindings/Mac/Clock SignalTests/x86DecoderTests.mm +++ b/OSBindings/Mac/Clock SignalTests/x86DecoderTests.mm @@ -345,4 +345,95 @@ std::vector::InstructionT> decode(c XCTAssertEqual(instructions[1].address_size(), AddressSize::b16); } +- (void)test32bitSequence { + const auto instructions = decode({ + 0x2e, 0x42, 0x0c, 0x09, 0x81, 0x47, 0xbe, 0xa9, 0x3a, 0x68, 0x9f, 0xf0, 0x7a, 0xe2, 0x3e, 0xb4, + 0xc1, 0x1f, 0xaa, 0x60, 0xb4, 0xe1, 0x91, 0xdc, 0xf6, 0x62, 0x90, 0x90, 0xdf, 0xcd, 0xf9, 0x0f, + 0xbb, 0x71, 0x4b, 0x58, 0x55, 0x38, 0x2c, 0xf9, 0x50, 0xfe, 0xce, 0xe0, 0xc1, 0xda, 0x83, 0x8c, + 0x19, 0x0c, 0x9b, 0x89, 0x13, 0x34, 0x45, 0xc5, 0x11, 0xa2, 0xd3, 0xa6, 0xdb, 0xe4, 0x1f, 0xa5, + 0x79, 0xf3, 0x7d, 0x1c, 0xb8, 0xda, 0x6b, 0x76, 0x8a, 0x79, 0x28, 0x52, 0xcd, 0xc4, 0xe9, 0xba, + 0x11, 0xcf, 0x29, 0x09, 0x46, 0x1a, 0xc0, 0x5d, 0x88, 0x34, 0xa5, 0x83, 0xe2, 0xd0, 0xf5, 0x44, + 0x9d, 0xa5, 0xc1, 0x5e, 0x4f, 0x07, 0x51, 0xd4, 0xed, 0xb0, 0x69, 0xd7, 0x00, 0xc5, 0x51, 0xfb, + 0x68, 0x85, 0x3a, 0x8b, 0x69, 0x28, 0x0c, 0xec, 0xb1, 0xb7, 0x3b, 0x8d, 0x5f, 0x44, 0x87, 0x2c, + 0xe3, 0x02, 0x9e, 0x74, 0x6e, 0x1b, 0x8f, 0x4d, 0xc5, 0x33, 0x04, 0x9f, 0xac, 0xc0, 0xc9, 0x60, + 0x9a, 0x8a, 0xf5, 0xd0, 0x97, 0x1b, 0xe2, 0x64, 0x60, 0xb0, 0xcf, 0xe3, 0x37, + }, true); + + XCTAssertEqual(instructions.size(), 64); + + //cs inc edx + //or al,0x9 + //add DWORD PTR [edi-0x42],0x9f683aa9 + //lock jp 0xfffffff0 (from 0000000e) + test(instructions[0], DataSize::DWord, Operation::INC, Source::eDX); + XCTAssertEqual(instructions[0].data_segment(), Source::CS); + test(instructions[1], DataSize::Byte, Operation::OR, Source::Immediate, Source::eAX, 0x9); + test(instructions[2], DataSize::DWord, Operation::ADD, Source::Immediate, ScaleIndexBase(Source::eDI), 0x9f683aa9, -0x42); + test(instructions[3], Operation::JP, 0, -30); + XCTAssert(instructions[3].lock()); + + //ds mov ah,0xc1 + //pop ds + //stos BYTE PTR es:[edi],al + //pusha + //mov ah,0xe1 + //xchg ecx,eax + //fdivr st(6),st + //bound edx,QWORD PTR [eax-0x6322070] + //btc DWORD PTR [ecx+0x4b],esi + //pop eax + //push ebp + //cmp BYTE PTR [ecx+edi*8],ch + //push eax + //dec dh + //loopne 0xffffffee + //fiadd DWORD PTR [ebx-0x64f3e674] + //mov DWORD PTR [ebx],edx + //xor al,0x45 + //lds edx,FWORD PTR [ecx] + + // Note to self: disassembly currently diverges at or immediately after this MOV: + //mov ds:0xe4dba6d3,al + //pop ds + //movs DWORD PTR es:[edi],DWORD PTR ds:[esi] + //jns 0x00000035 + //jge 0x00000060 + //mov eax,0x8a766bda + //jns 0x00000073 + //push edx + //int 0xc4 + //jmp 0x29cf120d + //or DWORD PTR [esi+0x1a],eax + //rcr BYTE PTR [ebp-0x78],0x34 + //movs DWORD PTR es:[edi],DWORD PTR ds:[esi] + //and edx,0xffffffd0 + //cmc + //inc esp + //popf + //movs DWORD PTR es:[edi],DWORD PTR ds:[esi] + //rcr DWORD PTR [esi+0x4f],0x7 + //push ecx + //aam 0xed + //mov al,0x69 + //xlat BYTE PTR ds:[ebx] + //add ch,al + //push ecx + //sti + //push 0x698b3a85 + //sub BYTE PTR [esp+ebp*8],cl + //mov cl,0xb7 + //cmp ecx,DWORD PTR [ebp+0x2c87445f] + //jecxz 0x00000084 + //sahf + //je 0x000000f3 + //sbb ecx,DWORD PTR [edi+0x433c54d] + //lahf + //lods al,BYTE PTR ds:[esi] + //ror cl,0x60 + //call 0xe21b:0x97d0f58a + //fs pusha + //mov al,0xcf + //jecxz 0x000000d4 +} + @end