documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.00001 /* 00002 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00042 // 00043 // Registers 00044 // 00045 #define EAX 0 00046 #define ECX 1 00047 #define EDX 2 00048 #define EBX 3 00049 #define ESP 4 00050 #define EBP 5 00051 #define ESI 6 00052 #define EDI 7 00053 00054 #define AX 0 00055 #define CX 1 00056 #define DX 2 00057 #define BX 3 00058 #define SP 4 00059 #define BP 5 00060 #define SI 6 00061 #define DI 7 00062 00063 #define AL 0 00064 #define CL 1 00065 #define DL 2 00066 #define BL 3 00067 00069 typedef struct binary_stream{ 00070 INT cur_ip; 00071 INT bpf_pc; 00072 PCHAR ibuf; 00073 PUINT refs; 00074 }binary_stream; 00075 00076 00082 typedef UINT (__cdecl *BPF_filter_function)( PVOID *, ULONG, UINT); 00083 00092 typedef void (*emit_func)(binary_stream *stream, ULONG value, UINT n); 00093 00095 typedef struct JIT_BPF_Filter{ 00096 BPF_filter_function Function; 00097 PINT mem; 00098 } 00099 JIT_BPF_Filter; 00100 00101 00102 00103 00104 /**************************/ 00105 /* X86 INSTRUCTION MACROS */ 00106 /**************************/ 00107 00109 #define MOVid(r32, i32) \ 00110 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); 00111 00113 #define MOVrd(dr32, sr32) \ 00114 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00115 00117 #define MOVodd(dr32, sr32, off) \ 00118 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00119 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00120 emitm(&stream, off, 1); 00121 00123 #define MOVobd(dr32, sr32, or32) \ 00124 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00125 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00126 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00127 00129 #define MOVobw(dr32, sr32, or32) \ 00130 emitm(&stream, 0x66, 1); \ 00131 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00132 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00133 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00134 00136 #define MOVobb(dr8, sr32, or32) \ 00137 emitm(&stream, 0x8a, 1); \ 00138 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\ 00139 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00140 00142 #define MOVomd(dr32, or32, sr32) \ 00143 emitm(&stream, 0x89, 1); \ 00144 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\ 00145 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1); 00146 00148 #define BSWAP(dr32) \ 00149 emitm(&stream, 0xf, 1); \ 00150 emitm(&stream, 0x19 << 3 | dr32 , 1); 00151 00153 #define SWAP_AX() \ 00154 emitm(&stream, 0x86, 1); \ 00155 emitm(&stream, 0xc4 , 1); 00156 00158 #define PUSH(r32) \ 00159 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); 00160 00162 #define POP(r32) \ 00163 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); 00164 00166 #define RET() \ 00167 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); 00168 00170 #define ADDrd(dr32, sr32) \ 00171 emitm(&stream, 0x03, 1);\ 00172 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00173 00175 #define ADD_EAXi(i32) \ 00176 emitm(&stream, 0x05, 1);\ 00177 emitm(&stream, i32, 4); 00178 00180 #define ADDid(r32, i32) \ 00181 emitm(&stream, 0x81, 1);\ 00182 emitm(&stream, 24 << 3 | r32, 1);\ 00183 emitm(&stream, i32, 4); 00184 00186 #define ADDib(r32, i8) \ 00187 emitm(&stream, 0x83, 1);\ 00188 emitm(&stream, 24 << 3 | r32, 1);\ 00189 emitm(&stream, i8, 1); 00190 00192 #define SUBrd(dr32, sr32) \ 00193 emitm(&stream, 0x2b, 1);\ 00194 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00195 00197 #define SUB_EAXi(i32) \ 00198 emitm(&stream, 0x2d, 1);\ 00199 emitm(&stream, i32, 4); 00200 00202 #define MULrd(r32) \ 00203 emitm(&stream, 0xf7, 1);\ 00204 emitm(&stream, 7 << 5 | (r32 & 0x7), 1); 00205 00207 #define DIVrd(r32) \ 00208 emitm(&stream, 0xf7, 1);\ 00209 emitm(&stream, 15 << 4 | (r32 & 0x7), 1); 00210 00212 #define ANDib(r8, i8) \ 00213 emitm(&stream, 0x80, 1);\ 00214 emitm(&stream, 7 << 5 | r8, 1);\ 00215 emitm(&stream, i8, 1); 00216 00218 #define ANDid(r32, i32) \ 00219 if (r32 == EAX){ \ 00220 emitm(&stream, 0x25, 1);\ 00221 emitm(&stream, i32, 4);}\ 00222 else{ \ 00223 emitm(&stream, 0x81, 1);\ 00224 emitm(&stream, 7 << 5 | r32, 1);\ 00225 emitm(&stream, i32, 4);} 00226 00228 #define ANDrd(dr32, sr32) \ 00229 emitm(&stream, 0x23, 1);\ 00230 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00231 00233 #define ORrd(dr32, sr32) \ 00234 emitm(&stream, 0x0b, 1);\ 00235 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00236 00238 #define ORid(r32, i32) \ 00239 if (r32 == EAX){ \ 00240 emitm(&stream, 0x0d, 1);\ 00241 emitm(&stream, i32, 4);}\ 00242 else{ \ 00243 emitm(&stream, 0x81, 1);\ 00244 emitm(&stream, 25 << 3 | r32, 1);\ 00245 emitm(&stream, i32, 4);} 00246 00248 #define SHLib(r32, i8) \ 00249 emitm(&stream, 0xc1, 1);\ 00250 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\ 00251 emitm(&stream, i8, 1); 00252 00254 #define SHL_CLrb(dr32) \ 00255 emitm(&stream, 0xd3, 1);\ 00256 emitm(&stream, 7 << 5 | dr32 & 0x7, 1); 00257 00259 #define SHRib(r32, i8) \ 00260 emitm(&stream, 0xc1, 1);\ 00261 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\ 00262 emitm(&stream, i8, 1); 00263 00265 #define SHR_CLrb(dr32) \ 00266 emitm(&stream, 0xd3, 1);\ 00267 emitm(&stream, 29 << 3 | dr32 & 0x7, 1); 00268 00270 #define NEGd(r32) \ 00271 emitm(&stream, 0xf7, 1);\ 00272 emitm(&stream, 27 << 3 | r32 & 0x7, 1); 00273 00275 #define CMPodd(dr32, sr32, off) \ 00276 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \ 00277 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00278 emitm(&stream, off, 1); 00279 00281 #define CMPrd(dr32, sr32) \ 00282 emitm(&stream, 0x3b, 1); \ 00283 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00284 00286 #define CMPid(dr32, i32) \ 00287 if (dr32 == EAX){ \ 00288 emitm(&stream, 0x3d, 1); \ 00289 emitm(&stream, i32, 4);} \ 00290 else{ \ 00291 emitm(&stream, 0x81, 1); \ 00292 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\ 00293 emitm(&stream, i32, 4);} 00294 00296 #define JNEb(off8) \ 00297 emitm(&stream, 0x75, 1);\ 00298 emitm(&stream, off8, 1); 00299 00301 #define JE(off32) \ 00302 emitm(&stream, 0x0f, 1);\ 00303 emitm(&stream, 0x84, 1);\ 00304 emitm(&stream, off32, 4); 00305 00307 #define JLE(off32) \ 00308 emitm(&stream, 0x0f, 1);\ 00309 emitm(&stream, 0x8e, 1);\ 00310 emitm(&stream, off32, 4); 00311 00313 #define JLEb(off8) \ 00314 emitm(&stream, 0x7e, 1);\ 00315 emitm(&stream, off8, 1); 00316 00318 #define JA(off32) \ 00319 emitm(&stream, 0x0f, 1);\ 00320 emitm(&stream, 0x87, 1);\ 00321 emitm(&stream, off32, 4); 00322 00324 #define JAE(off32) \ 00325 emitm(&stream, 0x0f, 1);\ 00326 emitm(&stream, 0x83, 1);\ 00327 emitm(&stream, off32, 4); 00328 00330 #define JG(off32) \ 00331 emitm(&stream, 0x0f, 1);\ 00332 emitm(&stream, 0x8f, 1);\ 00333 emitm(&stream, off32, 4); 00334 00336 #define JGE(off32) \ 00337 emitm(&stream, 0x0f, 1);\ 00338 emitm(&stream, 0x8d, 1);\ 00339 emitm(&stream, off32, 4); 00340 00342 #define JMP(off32) \ 00343 emitm(&stream, 0xe9, 1);\ 00344 emitm(&stream, off32, 4); 00345 00350 /**************************/ 00351 /* Prototypes */ 00352 /**************************/ 00353 00367 JIT_BPF_Filter* BPF_jitter(struct bpf_insn *fp, INT nins); 00368 00380 BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem); 00387 void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter); 00388
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.