Decode additional segment prefixes

This is mainly needed to handle the new control flow enforcement extensions, making 3E a "notrack" prefix for indirect calls and jumps. This is not (yet) modeled, and requires additional information on the order of the prefixes, as 3E_66 (16-bit in ds segment) has a different meaning than 66_3E (16-bit notrack). Before implementing this, an analysis of the performance impact when decoding more prefix information is probably required to avoid degrading overall performance for very few and (as of now) seldomly used corner cases.
2018-12-31 13:19:28 +01:00
parent ca54ca7422
commit 8063cb7401
3 changed files with 23 additions and 0 deletions
--- a/decode.c
+++ b/decode.c
@@ -65,6 +65,14 @@ decode_prefixes(const uint8_t* buffer, int len, PrefixSet* out_prefixes,
        {
            prefixes |= PREFIX_SEG_CS;
        }
+        else if (prefix == 0x26)
+        {
+            prefixes |= PREFIX_SEG_ES;
+        }
+        else if (prefix == 0x3E)
+        {
+            prefixes |= PREFIX_SEG_DS;
+        }
        else if (prefix == 0x64)
        {
            prefixes |= PREFIX_SEG_FS;
@@ -511,6 +519,18 @@ decode(const uint8_t* buffer, int len, Instr* instr)
    {
        instr->segment = RI_GS;
    }
+    else if (prefixes & PREFIX_SEG_CS)
+    {
+        instr->segment = RI_CS;
+    }
+    else if (prefixes & PREFIX_SEG_DS)
+    {
+        instr->segment = RI_DS;
+    }
+    else if (prefixes & PREFIX_SEG_ES)
+    {
+        instr->segment = RI_ES;
+    }
    else
    {
        instr->segment = RI_DS;