documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007
CACE Technologies. All rights reserved.00001 /* 00002 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2006 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00038 // 00039 // Registers 00040 // 00041 #define EAX 0 00042 #define ECX 1 00043 #define EDX 2 00044 #define EBX 3 00045 #define ESP 4 00046 #define EBP 5 00047 #define ESI 6 00048 #define EDI 7 00049 00050 #define AX 0 00051 #define CX 1 00052 #define DX 2 00053 #define BX 3 00054 #define SP 4 00055 #define BP 5 00056 #define SI 6 00057 #define DI 7 00058 00059 #define AL 0 00060 #define CL 1 00061 #define DL 2 00062 #define BL 3 00063 00065 typedef struct binary_stream{ 00066 INT cur_ip; 00067 INT bpf_pc; 00068 PCHAR ibuf; 00069 PUINT refs; 00070 }binary_stream; 00071 00072 00078 typedef UINT (__cdecl *BPF_filter_function)( PVOID *, ULONG, UINT); 00079 00088 typedef void (*emit_func)(binary_stream *stream, ULONG value, UINT n); 00089 00091 typedef struct JIT_BPF_Filter{ 00092 BPF_filter_function Function; 00093 PINT mem; 00094 } 00095 JIT_BPF_Filter; 00096 00097 00098 00099 00100 /**************************/ 00101 /* X86 INSTRUCTION MACROS */ 00102 /**************************/ 00103 00105 #define MOVid(r32, i32) \ 00106 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); 00107 00109 #define MOVrd(dr32, sr32) \ 00110 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00111 00113 #define MOVodd(dr32, sr32, off) \ 00114 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00115 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00116 emitm(&stream, off, 1); 00117 00119 #define MOVobd(dr32, sr32, or32) \ 00120 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00121 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00122 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00123 00125 #define MOVobw(dr32, sr32, or32) \ 00126 emitm(&stream, 0x66, 1); \ 00127 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00128 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00129 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00130 00132 #define MOVobb(dr8, sr32, or32) \ 00133 emitm(&stream, 0x8a, 1); \ 00134 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\ 00135 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00136 00138 #define MOVomd(dr32, or32, sr32) \ 00139 emitm(&stream, 0x89, 1); \ 00140 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\ 00141 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1); 00142 00144 #define BSWAP(dr32) \ 00145 emitm(&stream, 0xf, 1); \ 00146 emitm(&stream, 0x19 << 3 | dr32 , 1); 00147 00149 #define SWAP_AX() \ 00150 emitm(&stream, 0x86, 1); \ 00151 emitm(&stream, 0xc4 , 1); 00152 00154 #define PUSH(r32) \ 00155 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); 00156 00158 #define POP(r32) \ 00159 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); 00160 00162 #define RET() \ 00163 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); 00164 00166 #define ADDrd(dr32, sr32) \ 00167 emitm(&stream, 0x03, 1);\ 00168 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00169 00171 #define ADD_EAXi(i32) \ 00172 emitm(&stream, 0x05, 1);\ 00173 emitm(&stream, i32, 4); 00174 00176 #define ADDid(r32, i32) \ 00177 emitm(&stream, 0x81, 1);\ 00178 emitm(&stream, 24 << 3 | r32, 1);\ 00179 emitm(&stream, i32, 4); 00180 00182 #define ADDib(r32, i8) \ 00183 emitm(&stream, 0x83, 1);\ 00184 emitm(&stream, 24 << 3 | r32, 1);\ 00185 emitm(&stream, i8, 1); 00186 00188 #define SUBrd(dr32, sr32) \ 00189 emitm(&stream, 0x2b, 1);\ 00190 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00191 00193 #define SUB_EAXi(i32) \ 00194 emitm(&stream, 0x2d, 1);\ 00195 emitm(&stream, i32, 4); 00196 00198 #define MULrd(r32) \ 00199 emitm(&stream, 0xf7, 1);\ 00200 emitm(&stream, 7 << 5 | (r32 & 0x7), 1); 00201 00203 #define DIVrd(r32) \ 00204 emitm(&stream, 0xf7, 1);\ 00205 emitm(&stream, 15 << 4 | (r32 & 0x7), 1); 00206 00208 #define ANDib(r8, i8) \ 00209 emitm(&stream, 0x80, 1);\ 00210 emitm(&stream, 7 << 5 | r8, 1);\ 00211 emitm(&stream, i8, 1); 00212 00214 #define ANDid(r32, i32) \ 00215 if (r32 == EAX){ \ 00216 emitm(&stream, 0x25, 1);\ 00217 emitm(&stream, i32, 4);}\ 00218 else{ \ 00219 emitm(&stream, 0x81, 1);\ 00220 emitm(&stream, 7 << 5 | r32, 1);\ 00221 emitm(&stream, i32, 4);} 00222 00224 #define ANDrd(dr32, sr32) \ 00225 emitm(&stream, 0x23, 1);\ 00226 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00227 00229 #define ORrd(dr32, sr32) \ 00230 emitm(&stream, 0x0b, 1);\ 00231 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00232 00234 #define ORid(r32, i32) \ 00235 if (r32 == EAX){ \ 00236 emitm(&stream, 0x0d, 1);\ 00237 emitm(&stream, i32, 4);}\ 00238 else{ \ 00239 emitm(&stream, 0x81, 1);\ 00240 emitm(&stream, 25 << 3 | r32, 1);\ 00241 emitm(&stream, i32, 4);} 00242 00244 #define SHLib(r32, i8) \ 00245 emitm(&stream, 0xc1, 1);\ 00246 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\ 00247 emitm(&stream, i8, 1); 00248 00250 #define SHL_CLrb(dr32) \ 00251 emitm(&stream, 0xd3, 1);\ 00252 emitm(&stream, 7 << 5 | dr32 & 0x7, 1); 00253 00255 #define SHRib(r32, i8) \ 00256 emitm(&stream, 0xc1, 1);\ 00257 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\ 00258 emitm(&stream, i8, 1); 00259 00261 #define SHR_CLrb(dr32) \ 00262 emitm(&stream, 0xd3, 1);\ 00263 emitm(&stream, 29 << 3 | dr32 & 0x7, 1); 00264 00266 #define NEGd(r32) \ 00267 emitm(&stream, 0xf7, 1);\ 00268 emitm(&stream, 27 << 3 | r32 & 0x7, 1); 00269 00271 #define CMPodd(dr32, sr32, off) \ 00272 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \ 00273 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00274 emitm(&stream, off, 1); 00275 00277 #define CMPrd(dr32, sr32) \ 00278 emitm(&stream, 0x3b, 1); \ 00279 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00280 00282 #define CMPid(dr32, i32) \ 00283 if (dr32 == EAX){ \ 00284 emitm(&stream, 0x3d, 1); \ 00285 emitm(&stream, i32, 4);} \ 00286 else{ \ 00287 emitm(&stream, 0x81, 1); \ 00288 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\ 00289 emitm(&stream, i32, 4);} 00290 00292 #define JNEb(off8) \ 00293 emitm(&stream, 0x75, 1);\ 00294 emitm(&stream, off8, 1); 00295 00297 #define JE(off32) \ 00298 emitm(&stream, 0x0f, 1);\ 00299 emitm(&stream, 0x84, 1);\ 00300 emitm(&stream, off32, 4); 00301 00303 #define JLE(off32) \ 00304 emitm(&stream, 0x0f, 1);\ 00305 emitm(&stream, 0x8e, 1);\ 00306 emitm(&stream, off32, 4); 00307 00309 #define JLEb(off8) \ 00310 emitm(&stream, 0x7e, 1);\ 00311 emitm(&stream, off8, 1); 00312 00314 #define JA(off32) \ 00315 emitm(&stream, 0x0f, 1);\ 00316 emitm(&stream, 0x87, 1);\ 00317 emitm(&stream, off32, 4); 00318 00320 #define JAE(off32) \ 00321 emitm(&stream, 0x0f, 1);\ 00322 emitm(&stream, 0x83, 1);\ 00323 emitm(&stream, off32, 4); 00324 00326 #define JG(off32) \ 00327 emitm(&stream, 0x0f, 1);\ 00328 emitm(&stream, 0x8f, 1);\ 00329 emitm(&stream, off32, 4); 00330 00332 #define JGE(off32) \ 00333 emitm(&stream, 0x0f, 1);\ 00334 emitm(&stream, 0x8d, 1);\ 00335 emitm(&stream, off32, 4); 00336 00338 #define JMP(off32) \ 00339 emitm(&stream, 0xe9, 1);\ 00340 emitm(&stream, off32, 4); 00341 00346 /**************************/ 00347 /* Prototypes */ 00348 /**************************/ 00349 00363 JIT_BPF_Filter* BPF_jitter(struct bpf_insn *fp, INT nins); 00364 00376 BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem); 00383 void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter); 00384
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007
CACE Technologies. All rights reserved.