109 #define MOVid(r32, i32) \
110 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);
113 #define MOVrd(dr32, sr32) \
114 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
117 #define MOVodd(dr32, sr32, off) \
118 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
119 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
120 emitm(&stream, off, 1);
123 #define MOVobd(dr32, sr32, or32) \
124 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
125 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\
126 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
129 #define MOVobw(dr32, sr32, or32) \
130 emitm(&stream, 0x66, 1); \
131 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
132 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\
133 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
136 #define MOVobb(dr8, sr32, or32) \
137 emitm(&stream, 0x8a, 1); \
138 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\
139 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
142 #define MOVomd(dr32, or32, sr32) \
143 emitm(&stream, 0x89, 1); \
144 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\
145 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1);
148 #define BSWAP(dr32) \
149 emitm(&stream, 0xf, 1); \
150 emitm(&stream, 0x19 << 3 | dr32 , 1);
154 emitm(&stream, 0x86, 1); \
155 emitm(&stream, 0xc4 , 1);
159 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);
163 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);
167 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);
170 #define ADDrd(dr32, sr32) \
171 emitm(&stream, 0x03, 1);\
172 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
175 #define ADD_EAXi(i32) \
176 emitm(&stream, 0x05, 1);\
177 emitm(&stream, i32, 4);
180 #define ADDid(r32, i32) \
181 emitm(&stream, 0x81, 1);\
182 emitm(&stream, 24 << 3 | r32, 1);\
183 emitm(&stream, i32, 4);
186 #define ADDib(r32, i8) \
187 emitm(&stream, 0x83, 1);\
188 emitm(&stream, 24 << 3 | r32, 1);\
189 emitm(&stream, i8, 1);
192 #define SUBrd(dr32, sr32) \
193 emitm(&stream, 0x2b, 1);\
194 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
197 #define SUB_EAXi(i32) \
198 emitm(&stream, 0x2d, 1);\
199 emitm(&stream, i32, 4);
203 emitm(&stream, 0xf7, 1);\
204 emitm(&stream, 7 << 5 | (r32 & 0x7), 1);
208 emitm(&stream, 0xf7, 1);\
209 emitm(&stream, 15 << 4 | (r32 & 0x7), 1);
212 #define ANDib(r8, i8) \
213 emitm(&stream, 0x80, 1);\
214 emitm(&stream, 7 << 5 | r8, 1);\
215 emitm(&stream, i8, 1);
218 #define ANDid(r32, i32) \
220 emitm(&stream, 0x25, 1);\
221 emitm(&stream, i32, 4);}\
223 emitm(&stream, 0x81, 1);\
224 emitm(&stream, 7 << 5 | r32, 1);\
225 emitm(&stream, i32, 4);}
228 #define ANDrd(dr32, sr32) \
229 emitm(&stream, 0x23, 1);\
230 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
233 #define ORrd(dr32, sr32) \
234 emitm(&stream, 0x0b, 1);\
235 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
238 #define ORid(r32, i32) \
240 emitm(&stream, 0x0d, 1);\
241 emitm(&stream, i32, 4);}\
243 emitm(&stream, 0x81, 1);\
244 emitm(&stream, 25 << 3 | r32, 1);\
245 emitm(&stream, i32, 4);}
248 #define SHLib(r32, i8) \
249 emitm(&stream, 0xc1, 1);\
250 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\
251 emitm(&stream, i8, 1);
254 #define SHL_CLrb(dr32) \
255 emitm(&stream, 0xd3, 1);\
256 emitm(&stream, 7 << 5 | dr32 & 0x7, 1);
259 #define SHRib(r32, i8) \
260 emitm(&stream, 0xc1, 1);\
261 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\
262 emitm(&stream, i8, 1);
265 #define SHR_CLrb(dr32) \
266 emitm(&stream, 0xd3, 1);\
267 emitm(&stream, 29 << 3 | dr32 & 0x7, 1);
271 emitm(&stream, 0xf7, 1);\
272 emitm(&stream, 27 << 3 | r32 & 0x7, 1);
275 #define CMPodd(dr32, sr32, off) \
276 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \
277 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
278 emitm(&stream, off, 1);
281 #define CMPrd(dr32, sr32) \
282 emitm(&stream, 0x3b, 1); \
283 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
286 #define CMPid(dr32, i32) \
288 emitm(&stream, 0x3d, 1); \
289 emitm(&stream, i32, 4);} \
291 emitm(&stream, 0x81, 1); \
292 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\
293 emitm(&stream, i32, 4);}
297 emitm(&stream, 0x75, 1);\
298 emitm(&stream, off8, 1);
302 emitm(&stream, 0x77, 1);\
303 emitm(&stream, off8, 1);
307 emitm(&stream, 0x0f, 1);\
308 emitm(&stream, 0x84, 1);\
309 emitm(&stream, off32, 4);
313 emitm(&stream, 0x0f, 1);\
314 emitm(&stream, 0x8e, 1);\
315 emitm(&stream, off32, 4);
319 emitm(&stream, 0x7e, 1);\
320 emitm(&stream, off8, 1);
324 emitm(&stream, 0x76, 1);\
325 emitm(&stream, off8, 1);
329 emitm(&stream, 0x72, 1);\
330 emitm(&stream, off8, 1);
334 emitm(&stream, 0x0f, 1);\
335 emitm(&stream, 0x87, 1);\
336 emitm(&stream, off32, 4);
340 emitm(&stream, 0x0f, 1);\
341 emitm(&stream, 0x83, 1);\
342 emitm(&stream, off32, 4);
346 emitm(&stream, 0x0f, 1);\
347 emitm(&stream, 0x8f, 1);\
348 emitm(&stream, off32, 4);
352 emitm(&stream, 0x0f, 1);\
353 emitm(&stream, 0x8d, 1);\
354 emitm(&stream, off32, 4);
358 emitm(&stream, 0xe9, 1);\
359 emitm(&stream, off32, 4);
Structure describing a x86 filtering program created by the jitter.
INT cur_ip
Current X86 instruction pointer.
A stream of X86 binary code.
struct binary_stream binary_stream
A stream of X86 binary code.
PUINT refs
Jumps reference table.
void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter)
Deletes a filtering function that was previously created by BPF_jitter().
PCHAR ibuf
Instruction buffer, contains the X86 generated code.
UINT(__cdecl * BPF_filter_function)(PVOID *, ULONG, UINT)
Prototype of a filtering function created by the jitter.
BPF_filter_function Function
The x86 filtering binary, in the form of a BPF_filter_function.
INT bpf_pc
Current BPF instruction pointer, i.e. position in the BPF program reached by the jitter.
JIT_BPF_Filter * BPF_jitter(struct bpf_insn *fp, INT nins)
BPF jitter, builds an x86 function from a BPF program.
BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem)
Translates a set of BPF instructions in a set of x86 ones.
struct JIT_BPF_Filter JIT_BPF_Filter
Structure describing a x86 filtering program created by the jitter.
void(* emit_func)(binary_stream *stream, ULONG value, UINT n)
Prototype of the emit functions.