[Intel] Fix MOV (Control Registers) instruction

Two bugs have been fixed. First, REX.R prefix was applied. Second, REX.W prefix and 66H prefix are ignored. Fix #1
B2R2-org · Feb 28, 2019 · b282f58 · b282f58
1 parent 0e70f89
commit b282f58
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/src/FrontEnd/Intel/IntelDisasm.fs b/src/FrontEnd/Intel/IntelDisasm.fs
@@ -3,6 +3,7 @@
 
   Author: Sang Kil Cha <sangkilc@kaist.ac.kr>
           DongYeop Oh <oh51dy@kaist.ac.kr>
+          Seung Il Jung <sijung@kaist.ac.kr>
 
   Copyright (c) SoftSec Lab. @ KAIST, since 2016
 
@@ -183,6 +184,7 @@ let regToStr = function
   | R.CR2 -> "cr2"
   | R.CR3 -> "cr3"
   | R.CR4 -> "cr4"
+  | R.CR8 -> "cr8"
   | R.DR0 -> "dr0"
   | R.DR1 -> "dr1"
   | R.DR2 -> "dr2"

diff --git a/src/FrontEnd/Intel/IntelHelper.fs b/src/FrontEnd/Intel/IntelHelper.fs
@@ -67,6 +67,7 @@ let segRegToBase = function
   | _ -> failwith "Unhandled segment."
 
 let inline hasREXW rexPref = rexPref &&& REXPrefix.REXW = REXPrefix.REXW
+let inline hasREXR rexPref = rexPref &&& REXPrefix.REXR = REXPrefix.REXR
 let inline hasAddrSz prefs = (prefs &&& Prefix.PrxADDRSIZE) <> Prefix.PrxNone
 let inline hasOprSz prefs = (prefs &&& Prefix.PrxOPSIZE) <> Prefix.PrxNone
 let inline hasREPZ prefs = (prefs &&& Prefix.PrxREPZ) <> Prefix.PrxNone

diff --git a/src/FrontEnd/Intel/IntelParser.fs b/src/FrontEnd/Intel/IntelParser.fs
@@ -471,8 +471,8 @@ let inline getSize64 prefs rexPref sizeCond =
     else struct (64<rt>, 64<rt>)
   else
     if hasOprSz prefs then
-      if hasAddrSz prefs then struct (16<rt>, 32<rt>)
-      else struct (16<rt>, 64<rt>)
+      if hasAddrSz prefs then struct (getOprSize 16<rt> sizeCond, 32<rt>)
+      else struct (getOprSize 16<rt> sizeCond, 64<rt>)
     else
       if hasAddrSz prefs then
         struct (getOprSize 32<rt> sizeCond, 32<rt>)
@@ -1299,7 +1299,7 @@ let private pTwoByteOp t reader pos byte =
   | 0x1Auy -> parseBND t SzDef32 opNor0F1A dsNor0F1A, pos
   | 0x1Buy -> parseBND t SzDef32 opNor0F1B dsNor0F1B, pos
   | 0x1Fuy -> parseOp t Opcode.NOP SzDef32 E0v, pos
-  | 0x20uy -> parseOp t Opcode.MOV SzDef32 RdCd, pos
+  | 0x20uy -> parseOp t Opcode.MOV Sz64 RdCd, pos
   | 0x21uy -> parseOp t Opcode.MOV SzDef32 RdDd, pos
   | 0x22uy -> parseOp t Opcode.MOV SzDef32 CdRd, pos
   | 0x23uy -> parseOp t Opcode.MOV SzDef32 DdRd, pos
@@ -2136,6 +2136,8 @@ let parseWithModRM insInfo wordSz reader pos modRM mode =
   | OprMode.G | OprMode.V | OprMode.VZ ->
     parseReg (getReg modRM) insInfo.InsSize.RegSize RGrpAttr.ARegBits insInfo
              pos
+  | OprMode.C when insInfo.Opcode = Opcode.MOV && hasREXR insInfo.REXPrefix ->
+    struct (parseControlReg 0x808, pos) (* CR8 *)
   | OprMode.C -> struct (parseControlReg (getReg modRM), pos)
   | OprMode.D -> struct (parseDebugReg (getReg modRM), pos)
   | OprMode.H -> struct (parseXMMReg insInfo, pos)

diff --git a/src/FrontEnd/Intel/IntelRegister.fs b/src/FrontEnd/Intel/IntelRegister.fs
@@ -353,6 +353,8 @@ type Register =
   | CR3 = 0x803
   /// Control registers.
   | CR4 = 0x804
+  /// Control registers.
+  | CR8 = 0x808
   /// Debug registers.
   | DR0 = 0x900
   /// Debug registers.