NPF Just-in-time compiler definitions
[NPF driver internals manual]


Data Structures

struct  binary_stream
 A stream of X86 binary code. More...
struct  JIT_BPF_Filter
 Structure describing a x86 filtering program created by the jitter. More...

Defines

#define EAX   0
#define ECX   1
#define EDX   2
#define EBX   3
#define ESP   4
#define EBP   5
#define ESI   6
#define EDI   7
#define AX   0
#define CX   1
#define DX   2
#define BX   3
#define SP   4
#define BP   5
#define SI   6
#define DI   7
#define AL   0
#define CL   1
#define DL   2
#define BL   3
#define MOVid(r32, i32)   emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);
 mov r32,i32
#define MOVrd(dr32, sr32)   emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
 mov dr32,sr32
#define MOVodd(dr32, sr32, off)
 mov dr32,sr32[off]
#define MOVobd(dr32, sr32, or32)
 mov dr32,sr32[or32]
#define MOVobw(dr32, sr32, or32)
 mov dr16,sr32[or32]
#define MOVobb(dr8, sr32, or32)
 mov dr8,sr32[or32]
#define MOVomd(dr32, or32, sr32)
 mov [dr32][or32],sr32
#define BSWAP(dr32)
 bswap dr32
#define SWAP_AX()
 xchg al,ah
#define PUSH(r32)   emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);
 push r32
#define POP(r32)   emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);
 pop r32
#define RET()   emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);
 ret
#define ADDrd(dr32, sr32)
 add dr32,sr32
#define ADD_EAXi(i32)
 add eax,i32
#define ADDid(r32, i32)
 add r32,i32
#define ADDib(r32, i8)
 add r32,i8
#define SUBrd(dr32, sr32)
 sub dr32,sr32
#define SUB_EAXi(i32)
 sub eax,i32
#define MULrd(r32)
 mul r32
#define DIVrd(r32)
 div r32
#define ANDib(r8, i8)
 and r8,i8
#define ANDid(r32, i32)
 and r32,i32
#define ANDrd(dr32, sr32)
 and dr32,sr32
#define ORrd(dr32, sr32)
 or dr32,sr32
#define ORid(r32, i32)
 or r32,i32
#define SHLib(r32, i8)
 shl r32,i8
#define SHL_CLrb(dr32)
 shl dr32,cl
#define SHRib(r32, i8)
 shr r32,i8
#define SHR_CLrb(dr32)
 shr dr32,cl
#define NEGd(r32)
 neg r32
#define CMPodd(dr32, sr32, off)
 cmp dr32,sr32[off]
#define CMPrd(dr32, sr32)
 cmp dr32,sr32
#define CMPid(dr32, i32)
 cmp dr32,i32
#define JNEb(off8)
 jne off32
#define JE(off32)
 je off32
#define JLE(off32)
 jle off32
#define JLEb(off8)
 jle off8
#define JA(off32)
 ja off32
#define JAE(off32)
 jae off32
#define JG(off32)
 jg off32
#define JGE(off32)
 jge off32
#define JMP(off32)
 jmp off32

Typedefs

typedef UINT(__cdecl * BPF_filter_function )(PVOID *, ULONG, UINT)
 Prototype of a filtering function created by the jitter.
typedef void(* emit_func )(binary_stream *stream, ULONG value, UINT n)
 Prototype of the emit functions.

Define Documentation

#define ADD_EAXi ( i32   ) 

Value:

emitm(&stream, 0x05, 1);\
  emitm(&stream, i32, 4);
add eax,i32

Definition at line 175 of file jitter.h.

#define ADDib ( r32,
i8   ) 

Value:

emitm(&stream, 0x83, 1);\
  emitm(&stream, 24 << 3 | r32, 1);\
  emitm(&stream, i8, 1);
add r32,i8

Definition at line 186 of file jitter.h.

#define ADDid ( r32,
i32   ) 

Value:

emitm(&stream, 0x81, 1);\
  emitm(&stream, 24 << 3 | r32, 1);\
  emitm(&stream, i32, 4);
add r32,i32

Definition at line 180 of file jitter.h.

#define ADDrd ( dr32,
sr32   ) 

Value:

emitm(&stream, 0x03, 1);\
  emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
add dr32,sr32

Definition at line 170 of file jitter.h.

#define AL   0

Definition at line 63 of file jitter.h.

#define ANDib ( r8,
i8   ) 

Value:

emitm(&stream, 0x80, 1);\
  emitm(&stream, 7 << 5 | r8, 1);\
  emitm(&stream, i8, 1);
and r8,i8

Definition at line 212 of file jitter.h.

#define ANDid ( r32,
i32   ) 

Value:

if (r32 == EAX){ \
  emitm(&stream, 0x25, 1);\
  emitm(&stream, i32, 4);}\
  else{ \
  emitm(&stream, 0x81, 1);\
  emitm(&stream, 7 << 5 | r32, 1);\
  emitm(&stream, i32, 4);}
and r32,i32

Definition at line 218 of file jitter.h.

#define ANDrd ( dr32,
sr32   ) 

Value:

emitm(&stream, 0x23, 1);\
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
and dr32,sr32

Definition at line 228 of file jitter.h.

#define AX   0

Definition at line 54 of file jitter.h.

#define BL   3

Definition at line 66 of file jitter.h.

#define BP   5

Definition at line 59 of file jitter.h.

#define BSWAP ( dr32   ) 

Value:

emitm(&stream, 0xf, 1); \
  emitm(&stream,  0x19 << 3 | dr32 , 1);
bswap dr32

Definition at line 148 of file jitter.h.

#define BX   3

Definition at line 57 of file jitter.h.

#define CL   1

Definition at line 64 of file jitter.h.

#define CMPid ( dr32,
i32   ) 

Value:

if (dr32 == EAX){ \
  emitm(&stream, 0x3d, 1); \
  emitm(&stream,  i32, 4);} \
  else{ \
  emitm(&stream, 0x81, 1); \
  emitm(&stream,  0x1f << 3 | (dr32 & 0x7), 1);\
  emitm(&stream,  i32, 4);}
cmp dr32,i32

Definition at line 286 of file jitter.h.

#define CMPodd ( dr32,
sr32,
off   ) 

Value:

emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
  emitm(&stream,  off, 1);
cmp dr32,sr32[off]

Definition at line 275 of file jitter.h.

#define CMPrd ( dr32,
sr32   ) 

Value:

emitm(&stream, 0x3b, 1); \
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
cmp dr32,sr32

Definition at line 281 of file jitter.h.

#define CX   1

Definition at line 55 of file jitter.h.

#define DI   7

Definition at line 61 of file jitter.h.

#define DIVrd ( r32   ) 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream, 15 << 4 | (r32 & 0x7), 1);
div r32

Definition at line 207 of file jitter.h.

#define DL   2

Definition at line 65 of file jitter.h.

#define DX   2

Definition at line 56 of file jitter.h.

#define EAX   0

Definition at line 45 of file jitter.h.

#define EBP   5

Definition at line 50 of file jitter.h.

#define EBX   3

Definition at line 48 of file jitter.h.

#define ECX   1

Definition at line 46 of file jitter.h.

#define EDI   7

Definition at line 52 of file jitter.h.

#define EDX   2

Definition at line 47 of file jitter.h.

#define ESI   6

Definition at line 51 of file jitter.h.

#define ESP   4

Definition at line 49 of file jitter.h.

#define JA ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x87, 1);\
   emitm(&stream, off32, 4);
ja off32

Definition at line 318 of file jitter.h.

#define JAE ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x83, 1);\
   emitm(&stream, off32, 4);
jae off32

Definition at line 324 of file jitter.h.

#define JE ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x84, 1);\
   emitm(&stream, off32, 4);
je off32

Definition at line 301 of file jitter.h.

#define JG ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8f, 1);\
   emitm(&stream, off32, 4);
jg off32

Definition at line 330 of file jitter.h.

#define JGE ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8d, 1);\
   emitm(&stream, off32, 4);
jge off32

Definition at line 336 of file jitter.h.

#define JLE ( off32   ) 

Value:

emitm(&stream, 0x0f, 1);\
   emitm(&stream, 0x8e, 1);\
   emitm(&stream, off32, 4);
jle off32

Definition at line 307 of file jitter.h.

#define JLEb ( off8   ) 

Value:

emitm(&stream, 0x7e, 1);\
   emitm(&stream, off8, 1);
jle off8

Definition at line 313 of file jitter.h.

#define JMP ( off32   ) 

Value:

emitm(&stream, 0xe9, 1);\
   emitm(&stream, off32, 4);
jmp off32

Definition at line 342 of file jitter.h.

#define JNEb ( off8   ) 

Value:

emitm(&stream, 0x75, 1);\
   emitm(&stream, off8, 1);
jne off32

Definition at line 296 of file jitter.h.

#define MOVid ( r32,
i32   )     emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);

mov r32,i32

Definition at line 109 of file jitter.h.

#define MOVobb ( dr8,
sr32,
or32   ) 

Value:

emitm(&stream, 0x8a, 1); \
  emitm(&stream,  (dr8 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr8,sr32[or32]

Definition at line 136 of file jitter.h.

#define MOVobd ( dr32,
sr32,
or32   ) 

Value:

emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  (dr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr32,sr32[or32]

Definition at line 123 of file jitter.h.

#define MOVobw ( dr32,
sr32,
or32   ) 

Value:

emitm(&stream, 0x66, 1); \
  emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  (dr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
mov dr16,sr32[or32]

Definition at line 129 of file jitter.h.

#define MOVodd ( dr32,
sr32,
off   ) 

Value:

emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
  emitm(&stream,  1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
  emitm(&stream,  off, 1);
mov dr32,sr32[off]

Definition at line 117 of file jitter.h.

#define MOVomd ( dr32,
or32,
sr32   ) 

Value:

emitm(&stream, 0x89, 1); \
  emitm(&stream,  (sr32 & 0x7) << 3 | 4 , 1);\
  emitm(&stream,  (or32 & 0x7) << 3 | (dr32 & 0x7) , 1);
mov [dr32][or32],sr32

Definition at line 142 of file jitter.h.

#define MOVrd ( dr32,
sr32   )     emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);

mov dr32,sr32

Definition at line 113 of file jitter.h.

#define MULrd ( r32   ) 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream, 7 << 5 | (r32 & 0x7), 1);
mul r32

Definition at line 202 of file jitter.h.

#define NEGd ( r32   ) 

Value:

emitm(&stream, 0xf7, 1);\
  emitm(&stream,  27 << 3 | r32 & 0x7, 1);
neg r32

Definition at line 270 of file jitter.h.

#define ORid ( r32,
i32   ) 

Value:

if (r32 == EAX){ \
  emitm(&stream, 0x0d, 1);\
  emitm(&stream, i32, 4);}\
  else{ \
  emitm(&stream, 0x81, 1);\
  emitm(&stream, 25 << 3 | r32, 1);\
  emitm(&stream, i32, 4);}
or r32,i32

Definition at line 238 of file jitter.h.

#define ORrd ( dr32,
sr32   ) 

Value:

emitm(&stream, 0x0b, 1);\
  emitm(&stream,  3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
or dr32,sr32

Definition at line 233 of file jitter.h.

#define POP ( r32   )     emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);

pop r32

Definition at line 162 of file jitter.h.

#define PUSH ( r32   )     emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);

push r32

Definition at line 158 of file jitter.h.

 
#define RET (  )     emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);

ret

Definition at line 166 of file jitter.h.

#define SHL_CLrb ( dr32   ) 

Value:

emitm(&stream, 0xd3, 1);\
  emitm(&stream,  7 << 5 | dr32 & 0x7, 1);
shl dr32,cl

Definition at line 254 of file jitter.h.

#define SHLib ( r32,
i8   ) 

Value:

emitm(&stream, 0xc1, 1);\
  emitm(&stream, 7 << 5 | r32 & 0x7, 1);\
  emitm(&stream, i8, 1);
shl r32,i8

Definition at line 248 of file jitter.h.

#define SHR_CLrb ( dr32   ) 

Value:

emitm(&stream, 0xd3, 1);\
  emitm(&stream,  29 << 3 | dr32 & 0x7, 1);
shr dr32,cl

Definition at line 265 of file jitter.h.

#define SHRib ( r32,
i8   ) 

Value:

emitm(&stream, 0xc1, 1);\
  emitm(&stream, 29 << 3 | r32 & 0x7, 1);\
  emitm(&stream, i8, 1);
shr r32,i8

Definition at line 259 of file jitter.h.

#define SI   6

Definition at line 60 of file jitter.h.

#define SP   4

Definition at line 58 of file jitter.h.

#define SUB_EAXi ( i32   ) 

Value:

emitm(&stream, 0x2d, 1);\
  emitm(&stream, i32, 4);
sub eax,i32

Definition at line 197 of file jitter.h.

#define SUBrd ( dr32,
sr32   ) 

Value:

emitm(&stream, 0x2b, 1);\
  emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
sub dr32,sr32

Definition at line 192 of file jitter.h.

 
#define SWAP_AX (  ) 

Value:

emitm(&stream, 0x86, 1); \
  emitm(&stream,  0xc4 , 1);
xchg al,ah

Definition at line 153 of file jitter.h.


Typedef Documentation

typedef UINT(__cdecl * BPF_filter_function)(PVOID *, ULONG, UINT)

Prototype of a filtering function created by the jitter.

The syntax and the meaning of the parameters is analogous to the one of bpf_filter(). Notice that the filter is not among the parameters, because it is hardwired in the function.

Definition at line 82 of file jitter.h.

typedef void(* emit_func)(binary_stream *stream, ULONG value, UINT n)

Prototype of the emit functions.

Different emit functions are used to create the reference table and to generate the actual filtering code. This allows to have simpler instruction macros. The first parameter is the stream that will receive the data. The secon one is a variable containing the data, the third one is the length, that can be 1,2 or 4 since it is possible to emit a byte, a short or a work at a time.

Definition at line 92 of file jitter.h.


documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2008 CACE Technologies. All rights reserved.