ud-arch-x86 0.2.0

x86 (16/32/64-bit) decode + encode backend with byte-identical round-trip.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311

//! `ArchCodec` implementation for x86 (16 / 32 / 64-bit).
//!
//! Each codec instance carries a [`crate::Bitness`]; one Bitness =
//! one codec. `register()` submits three factories — one for each
//! bitness — so the registry can pick by `module.arch`:
//! `"x86_64"`, `"i386"`, or `"x86_16"` (the last currently never
//! seen in the wild but trivially supported).
//!
//! Every method except `desymbolize` forwards to the existing
//! free-standing functions in the crate root. The trait shape is
//! the long-term API; the free functions stay for now because
//! callers (tests, internal lifters) reference them directly.

use crate::{
    assemble_intel, encode_call_rel32, encode_jcc, encode_jmp, encode_msvc_jmp_table_dispatch,
    encoded_jcc_size, encoded_jmp_size, Bitness,
};
use ud_arch_codec::{ArchCodec, ArchError, EncodeHints, SwitchSpec};

/// One codec per bitness. Cheap to construct, no state.
#[derive(Debug, Clone, Copy)]
pub struct X86Codec(pub Bitness);

impl X86Codec {
    /// 64-bit codec singleton — most common case.
    pub const BITS64: Self = Self(Bitness::Bits64);
    /// 32-bit codec singleton.
    pub const BITS32: Self = Self(Bitness::Bits32);
}

impl ArchCodec for X86Codec {
    fn name(&self) -> &'static str {
        match self.0 {
            Bitness::Bits16 => "x86-16",
            Bitness::Bits32 => "x86-32",
            Bitness::Bits64 => "x86-64",
        }
    }

    fn assemble_one(&self, text: &str, addr: u64) -> Result<Vec<u8>, ArchError> {
        assemble_intel(self.0, text, addr).map_err(|e| ArchError::Assemble(e.to_string()))
    }

    fn encode_jump(
        &self,
        source_ip: u64,
        target: u64,
        hints: EncodeHints,
    ) -> Result<Vec<u8>, ArchError> {
        encode_jmp(source_ip, target, hints.wide_or(false))
            .map_err(|e| ArchError::OutOfRange(e.to_string()))
    }

    fn encode_call(
        &self,
        source_ip: u64,
        target: u64,
        _hints: EncodeHints,
    ) -> Result<Vec<u8>, ArchError> {
        encode_call_rel32(source_ip, target).map_err(|e| ArchError::OutOfRange(e.to_string()))
    }

    /// x86 doesn't have a single text-driven cond-jump form (the
    /// existing path uses the cond_code-driven encoder); BPF-style
    /// IfBlock/WhileBlock Stmts don't originate from the x86 lifter.
    fn encode_cond_jump(
        &self,
        _cond_text: &str,
        _source_ip: u64,
        _target: u64,
        _hints: EncodeHints,
    ) -> Result<Vec<u8>, ArchError> {
        Err(ArchError::Unsupported {
            arch: self.name(),
            operation: "cond_jump (text)",
        })
    }

    fn encode_cond_jump_with_code(
        &self,
        cond_code: u8,
        source_ip: u64,
        target: u64,
        hints: EncodeHints,
    ) -> Result<Vec<u8>, ArchError> {
        encode_jcc(source_ip, target, cond_code, hints.wide_or(false))
            .map_err(|e| ArchError::OutOfRange(e.to_string()))
    }

    fn encode_switch_dispatch(&self, spec: &SwitchSpec) -> Result<Vec<u8>, ArchError> {
        if spec.dispatch != "msvc-jmp-table" {
            return Err(ArchError::Unsupported {
                arch: self.name(),
                operation: "switch_dispatch (non-msvc)",
            });
        }
        encode_msvc_jmp_table_dispatch(
            spec.selector,
            spec.cases.len(),
            spec.default_addr,
            spec.table_va,
            spec.cmp_ip,
        )
        .map_err(|e| ArchError::OutOfRange(e.to_string()))
    }

    fn encoded_jump_size(&self, source_ip: u64, target: u64, hints: EncodeHints) -> usize {
        encoded_jmp_size(source_ip, target, hints.wide_or(false))
    }

    fn encoded_cond_jump_size(&self, source_ip: u64, target: u64, hints: EncodeHints) -> usize {
        encoded_jcc_size(source_ip, target, hints.wide_or(false))
    }

    fn encoded_call_size(&self, _source_ip: u64, _target: u64, _hints: EncodeHints) -> usize {
        5
    }

    /// Encode a `dst = src` Move whose operand text uses the
    /// x86 lifter's symbolic forms (`var_<hex>` for stack
    /// slots, `arg_<hex>` for stack args, plain register
    /// names, decimal/hex immediates).
    ///
    /// The width default is 32-bit (`mov dword ptr [...]`) —
    /// matches the gcc -O0 idiom that emits 32-bit slot
    /// access for int locals. 64-bit Moves keep their pinned
    /// bytes because the codec can't disambiguate width
    /// without function-local-decl context.
    ///
    /// Returns `Unsupported` for shapes the resolver can't
    /// model (compound expressions, sized memory access with
    /// non-standard width, etc.) so the byte-drop pass
    /// leaves the bytes pinned for those.
    fn encode_move(&self, dst: &str, src: &str) -> Result<Vec<u8>, ArchError> {
        let (asm_dst, dst_width) =
            resolve_x86_operand(dst).ok_or_else(|| ArchError::Unsupported {
                arch: self.name(),
                operation: "move (unresolved dst)",
            })?;
        let (asm_src, src_width) =
            resolve_x86_operand(src).ok_or_else(|| ArchError::Unsupported {
                arch: self.name(),
                operation: "move (unresolved src)",
            })?;
        // Width preference: a register operand carries width
        // info (eax = 32, rax = 64). Memory operand inherits
        // from register if present, else defaults to 32 (the
        // gcc -O0 idiom for int locals).
        let width = dst_width.or(src_width).unwrap_or(32);
        let size_prefix = match width {
            8 => "byte ptr",
            16 => "word ptr",
            32 => "dword ptr",
            _ => "qword ptr",
        };
        // Memory operands need an explicit size prefix; bare
        // register dst/src don't.
        let dst_text = if asm_dst.starts_with('[') {
            format!("{size_prefix} {asm_dst}")
        } else {
            asm_dst
        };
        let src_text = if asm_src.starts_with('[') {
            format!("{size_prefix} {asm_src}")
        } else {
            asm_src
        };
        let text = format!("mov {dst_text}, {src_text}");
        assemble_intel(self.0, &text, 0).map_err(|e| ArchError::Assemble(e.to_string()))
    }
}

/// Map an x86 lifter operand text to (iced-assembly text,
/// known width in bits). Returns `None` when the shape isn't
/// recognised; the caller falls back to `Unsupported` so the
/// byte-drop pass leaves the pinned bytes alone.
///
/// Supported shapes:
/// * `var_<hex>` → `[rbp - 0x<hex>]`, width unknown (None)
/// * `arg_<hex>` → `[rbp + 0x<hex>]`, width unknown (None)
/// * register names (`eax`, `rax`, `edi`, `dil`, …) → as-is,
///   width inferred from the register (8 / 16 / 32 / 64)
/// * decimal / `0x`-prefixed integer literals → as-is,
///   width unknown
fn resolve_x86_operand(s: &str) -> Option<(String, Option<u32>)> {
    let s = s.trim();
    if let Some(hex) = s.strip_prefix("var_") {
        let disp = u64::from_str_radix(hex, 16).ok()?;
        return Some((format!("[rbp - 0x{disp:x}]"), None));
    }
    if let Some(hex) = s.strip_prefix("arg_") {
        let disp = u64::from_str_radix(hex, 16).ok()?;
        return Some((format!("[rbp + 0x{disp:x}]"), None));
    }
    if let Some(w) = x86_gpr_width(s) {
        return Some((s.to_string(), Some(w)));
    }
    if is_integer_literal(s) {
        return Some((s.to_string(), None));
    }
    None
}

/// Return the bit width of a named x86 GPR, or `None` when
/// the name doesn't match a recognised register. Covers
/// 8/16/32/64-bit GPRs including the AMD64-extended set
/// (`r8..r15` plus `r8b`/`r8w`/`r8d` aliases).
fn x86_gpr_width(s: &str) -> Option<u32> {
    let s = s.trim();
    // 64-bit
    if matches!(
        s,
        "rax"
            | "rbx"
            | "rcx"
            | "rdx"
            | "rsi"
            | "rdi"
            | "rbp"
            | "rsp"
            | "r8"
            | "r9"
            | "r10"
            | "r11"
            | "r12"
            | "r13"
            | "r14"
            | "r15"
    ) {
        return Some(64);
    }
    // 32-bit
    if matches!(
        s,
        "eax" | "ebx" | "ecx" | "edx" | "esi" | "edi" | "ebp" | "esp"
    ) || (s.starts_with('r')
        && s.ends_with('d')
        && s.len() == 3
        && s.as_bytes()[1].is_ascii_digit())
        || (s.starts_with("r1") && s.ends_with('d') && s.len() == 4)
    {
        return Some(32);
    }
    // 16-bit
    if matches!(s, "ax" | "bx" | "cx" | "dx" | "si" | "di" | "bp" | "sp") {
        return Some(16);
    }
    // 8-bit
    if matches!(
        s,
        "al" | "bl" | "cl" | "dl" | "ah" | "bh" | "ch" | "dh" | "sil" | "dil" | "bpl" | "spl"
    ) {
        return Some(8);
    }
    None
}

/// True when `s` is a decimal or `0x`-hex integer literal
/// the assembler will accept verbatim. Tolerates a leading
/// `-` for signed forms.
fn is_integer_literal(s: &str) -> bool {
    let s = s.trim();
    let s = s.strip_prefix('-').unwrap_or(s);
    if let Some(hex) = s.strip_prefix("0x") {
        return !hex.is_empty() && hex.chars().all(|c| c.is_ascii_hexdigit());
    }
    !s.is_empty() && s.chars().all(|c| c.is_ascii_digit())
}

/// Register the x86 codec factory with [`ud_arch_codec::registry`].
///
/// One factory handles all bitnesses by inspecting `arch_name`.
/// Call once at process startup.
pub fn register() {
    ud_arch_codec::register(factory);
}

fn factory(arch_name: Option<&str>, _e_machine: Option<u64>) -> Option<Box<dyn ArchCodec>> {
    match arch_name {
        Some("x86_64") => Some(Box::new(X86Codec(Bitness::Bits64))),
        Some("i386") => Some(Box::new(X86Codec(Bitness::Bits32))),
        Some("x86_16") => Some(Box::new(X86Codec(Bitness::Bits16))),
        _ => None,
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use ud_arch_codec::ArchCodec;

    /// `mov reg, reg` is the one form `assemble_intel`
    /// currently encodes; verify the codec wires through.
    #[test]
    fn encode_move_reg_reg() {
        let codec = X86Codec(Bitness::Bits64);
        let bytes = codec.encode_move("rax", "rbx").expect("encode");
        assert_eq!(bytes, vec![0x48, 0x89, 0xd8]);
    }

    /// Forms `assemble_intel` doesn't yet model (mov ↔ imm /
    /// mov ↔ memory / lea / etc.) return Unsupported so the
    /// byte-drop pass leaves the pinned bytes alone. This is
    /// the round-trip-safe default.
    #[test]
    fn encode_move_unsupported_forms_error() {
        let codec = X86Codec(Bitness::Bits64);
        assert!(codec.encode_move("eax", "0").is_err());
        assert!(codec.encode_move("var_8", "0").is_err());
    }
}