00001 /* 00002 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy) 00003 * Copyright (c) 2005 CACE Technologies, Davis (California) 00004 * All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 3. Neither the name of the Politecnico di Torino, CACE Technologies 00016 * nor the names of its contributors may be used to endorse or promote 00017 * products derived from this software without specific prior written 00018 * permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 00021 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 00022 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 00023 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 00024 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 00025 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 00026 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 00027 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 00028 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 00029 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 00030 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00031 * 00032 */ 00033 00034 00043 // 00044 // Registers 00045 // 00046 #define EAX 0 00047 #define ECX 1 00048 #define EDX 2 00049 #define EBX 3 00050 #define ESP 4 00051 #define EBP 5 00052 #define ESI 6 00053 #define EDI 7 00054 00055 #define AX 0 00056 #define CX 1 00057 #define DX 2 00058 #define BX 3 00059 #define SP 4 00060 #define BP 5 00061 #define SI 6 00062 #define DI 7 00063 00064 #define AL 0 00065 #define CL 1 00066 #define DL 2 00067 #define BL 3 00068 00070 typedef struct binary_stream{ 00071 INT cur_ip; 00072 INT bpf_pc; 00073 PCHAR ibuf; 00074 PUINT refs; 00075 }binary_stream; 00076 00077 00083 typedef UINT (__cdecl *BPF_filter_function)( PVOID *, ULONG, UINT); 00084 00093 typedef void (*emit_func)(binary_stream *stream, ULONG value, UINT n); 00094 00096 typedef struct JIT_BPF_Filter{ 00097 BPF_filter_function Function; 00098 PINT mem; 00099 } 00100 JIT_BPF_Filter; 00101 00102 00103 00104 00105 /**************************/ 00106 /* X86 INSTRUCTION MACROS */ 00107 /**************************/ 00108 00110 #define MOVid(r32, i32) \ 00111 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); 00112 00114 #define MOVrd(dr32, sr32) \ 00115 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00116 00118 #define MOVodd(dr32, sr32, off) \ 00119 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00120 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00121 emitm(&stream, off, 1); 00122 00124 #define MOVobd(dr32, sr32, or32) \ 00125 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00126 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00127 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00128 00130 #define MOVobw(dr32, sr32, or32) \ 00131 emitm(&stream, 0x66, 1); \ 00132 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 00133 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 00134 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00135 00137 #define MOVobb(dr8, sr32, or32) \ 00138 emitm(&stream, 0x8a, 1); \ 00139 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\ 00140 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 00141 00143 #define MOVomd(dr32, or32, sr32) \ 00144 emitm(&stream, 0x89, 1); \ 00145 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\ 00146 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1); 00147 00149 #define BSWAP(dr32) \ 00150 emitm(&stream, 0xf, 1); \ 00151 emitm(&stream, 0x19 << 3 | dr32 , 1); 00152 00154 #define SWAP_AX() \ 00155 emitm(&stream, 0x86, 1); \ 00156 emitm(&stream, 0xc4 , 1); 00157 00159 #define PUSH(r32) \ 00160 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); 00161 00163 #define POP(r32) \ 00164 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); 00165 00167 #define RET() \ 00168 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); 00169 00171 #define ADDrd(dr32, sr32) \ 00172 emitm(&stream, 0x03, 1);\ 00173 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00174 00176 #define ADD_EAXi(i32) \ 00177 emitm(&stream, 0x05, 1);\ 00178 emitm(&stream, i32, 4); 00179 00181 #define ADDid(r32, i32) \ 00182 emitm(&stream, 0x81, 1);\ 00183 emitm(&stream, 24 << 3 | r32, 1);\ 00184 emitm(&stream, i32, 4); 00185 00187 #define ADDib(r32, i8) \ 00188 emitm(&stream, 0x83, 1);\ 00189 emitm(&stream, 24 << 3 | r32, 1);\ 00190 emitm(&stream, i8, 1); 00191 00193 #define SUBrd(dr32, sr32) \ 00194 emitm(&stream, 0x2b, 1);\ 00195 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 00196 00198 #define SUB_EAXi(i32) \ 00199 emitm(&stream, 0x2d, 1);\ 00200 emitm(&stream, i32, 4); 00201 00203 #define MULrd(r32) \ 00204 emitm(&stream, 0xf7, 1);\ 00205 emitm(&stream, 7 << 5 | (r32 & 0x7), 1); 00206 00208 #define DIVrd(r32) \ 00209 emitm(&stream, 0xf7, 1);\ 00210 emitm(&stream, 15 << 4 | (r32 & 0x7), 1); 00211 00213 #define ANDib(r8, i8) \ 00214 emitm(&stream, 0x80, 1);\ 00215 emitm(&stream, 7 << 5 | r8, 1);\ 00216 emitm(&stream, i8, 1); 00217 00219 #define ANDid(r32, i32) \ 00220 if (r32 == EAX){ \ 00221 emitm(&stream, 0x25, 1);\ 00222 emitm(&stream, i32, 4);}\ 00223 else{ \ 00224 emitm(&stream, 0x81, 1);\ 00225 emitm(&stream, 7 << 5 | r32, 1);\ 00226 emitm(&stream, i32, 4);} 00227 00229 #define ANDrd(dr32, sr32) \ 00230 emitm(&stream, 0x23, 1);\ 00231 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00232 00234 #define ORrd(dr32, sr32) \ 00235 emitm(&stream, 0x0b, 1);\ 00236 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00237 00239 #define ORid(r32, i32) \ 00240 if (r32 == EAX){ \ 00241 emitm(&stream, 0x0d, 1);\ 00242 emitm(&stream, i32, 4);}\ 00243 else{ \ 00244 emitm(&stream, 0x81, 1);\ 00245 emitm(&stream, 25 << 3 | r32, 1);\ 00246 emitm(&stream, i32, 4);} 00247 00249 #define SHLib(r32, i8) \ 00250 emitm(&stream, 0xc1, 1);\ 00251 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\ 00252 emitm(&stream, i8, 1); 00253 00255 #define SHL_CLrb(dr32) \ 00256 emitm(&stream, 0xd3, 1);\ 00257 emitm(&stream, 7 << 5 | dr32 & 0x7, 1); 00258 00260 #define SHRib(r32, i8) \ 00261 emitm(&stream, 0xc1, 1);\ 00262 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\ 00263 emitm(&stream, i8, 1); 00264 00266 #define SHR_CLrb(dr32) \ 00267 emitm(&stream, 0xd3, 1);\ 00268 emitm(&stream, 29 << 3 | dr32 & 0x7, 1); 00269 00271 #define NEGd(r32) \ 00272 emitm(&stream, 0xf7, 1);\ 00273 emitm(&stream, 27 << 3 | r32 & 0x7, 1); 00274 00276 #define CMPodd(dr32, sr32, off) \ 00277 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \ 00278 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 00279 emitm(&stream, off, 1); 00280 00282 #define CMPrd(dr32, sr32) \ 00283 emitm(&stream, 0x3b, 1); \ 00284 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 00285 00287 #define CMPid(dr32, i32) \ 00288 if (dr32 == EAX){ \ 00289 emitm(&stream, 0x3d, 1); \ 00290 emitm(&stream, i32, 4);} \ 00291 else{ \ 00292 emitm(&stream, 0x81, 1); \ 00293 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\ 00294 emitm(&stream, i32, 4);} 00295 00297 #define JNEb(off8) \ 00298 emitm(&stream, 0x75, 1);\ 00299 emitm(&stream, off8, 1); 00300 00302 #define JE(off32) \ 00303 emitm(&stream, 0x0f, 1);\ 00304 emitm(&stream, 0x84, 1);\ 00305 emitm(&stream, off32, 4); 00306 00308 #define JLE(off32) \ 00309 emitm(&stream, 0x0f, 1);\ 00310 emitm(&stream, 0x8e, 1);\ 00311 emitm(&stream, off32, 4); 00312 00314 #define JLEb(off8) \ 00315 emitm(&stream, 0x7e, 1);\ 00316 emitm(&stream, off8, 1); 00317 00319 #define JA(off32) \ 00320 emitm(&stream, 0x0f, 1);\ 00321 emitm(&stream, 0x87, 1);\ 00322 emitm(&stream, off32, 4); 00323 00325 #define JAE(off32) \ 00326 emitm(&stream, 0x0f, 1);\ 00327 emitm(&stream, 0x83, 1);\ 00328 emitm(&stream, off32, 4); 00329 00331 #define JG(off32) \ 00332 emitm(&stream, 0x0f, 1);\ 00333 emitm(&stream, 0x8f, 1);\ 00334 emitm(&stream, off32, 4); 00335 00337 #define JGE(off32) \ 00338 emitm(&stream, 0x0f, 1);\ 00339 emitm(&stream, 0x8d, 1);\ 00340 emitm(&stream, off32, 4); 00341 00343 #define JMP(off32) \ 00344 emitm(&stream, 0xe9, 1);\ 00345 emitm(&stream, off32, 4); 00346 00355 /**************************/ 00356 /* Prototypes */ 00357 /**************************/ 00358 00376 JIT_BPF_Filter* BPF_jitter(struct bpf_insn *fp, INT nins); 00377 00389 BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem); 00396 void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter); 00397
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005
CACE Technologies. All rights reserved.