109 #define MOVid(r32, i32) \ 110 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); 113 #define MOVrd(dr32, sr32) \ 114 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 117 #define MOVodd(dr32, sr32, off) \ 118 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 119 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 120 emitm(&stream, off, 1); 123 #define MOVobd(dr32, sr32, or32) \ 124 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 125 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 126 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 129 #define MOVobw(dr32, sr32, or32) \ 130 emitm(&stream, 0x66, 1); \ 131 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \ 132 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\ 133 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 136 #define MOVobb(dr8, sr32, or32) \ 137 emitm(&stream, 0x8a, 1); \ 138 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\ 139 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1); 142 #define MOVomd(dr32, or32, sr32) \ 143 emitm(&stream, 0x89, 1); \ 144 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\ 145 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1); 148 #define BSWAP(dr32) \ 149 emitm(&stream, 0xf, 1); \ 150 emitm(&stream, 0x19 << 3 | dr32 , 1); 154 emitm(&stream, 0x86, 1); \ 155 emitm(&stream, 0xc4 , 1); 159 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); 163 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); 167 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); 170 #define ADDrd(dr32, sr32) \ 171 emitm(&stream, 0x03, 1);\ 172 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 175 #define ADD_EAXi(i32) \ 176 emitm(&stream, 0x05, 1);\ 177 emitm(&stream, i32, 4); 180 #define ADDid(r32, i32) \ 181 emitm(&stream, 0x81, 1);\ 182 emitm(&stream, 24 << 3 | r32, 1);\ 183 emitm(&stream, i32, 4); 186 #define ADDib(r32, i8) \ 187 emitm(&stream, 0x83, 1);\ 188 emitm(&stream, 24 << 3 | r32, 1);\ 189 emitm(&stream, i8, 1); 192 #define SUBrd(dr32, sr32) \ 193 emitm(&stream, 0x2b, 1);\ 194 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1); 197 #define SUB_EAXi(i32) \ 198 emitm(&stream, 0x2d, 1);\ 199 emitm(&stream, i32, 4); 203 emitm(&stream, 0xf7, 1);\ 204 emitm(&stream, 7 << 5 | (r32 & 0x7), 1); 208 emitm(&stream, 0xf7, 1);\ 209 emitm(&stream, 15 << 4 | (r32 & 0x7), 1); 212 #define ANDib(r8, i8) \ 213 emitm(&stream, 0x80, 1);\ 214 emitm(&stream, 7 << 5 | r8, 1);\ 215 emitm(&stream, i8, 1); 218 #define ANDid(r32, i32) \ 220 emitm(&stream, 0x25, 1);\ 221 emitm(&stream, i32, 4);}\ 223 emitm(&stream, 0x81, 1);\ 224 emitm(&stream, 7 << 5 | r32, 1);\ 225 emitm(&stream, i32, 4);} 228 #define ANDrd(dr32, sr32) \ 229 emitm(&stream, 0x23, 1);\ 230 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 233 #define ORrd(dr32, sr32) \ 234 emitm(&stream, 0x0b, 1);\ 235 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 238 #define ORid(r32, i32) \ 240 emitm(&stream, 0x0d, 1);\ 241 emitm(&stream, i32, 4);}\ 243 emitm(&stream, 0x81, 1);\ 244 emitm(&stream, 25 << 3 | r32, 1);\ 245 emitm(&stream, i32, 4);} 248 #define SHLib(r32, i8) \ 249 emitm(&stream, 0xc1, 1);\ 250 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\ 251 emitm(&stream, i8, 1); 254 #define SHL_CLrb(dr32) \ 255 emitm(&stream, 0xd3, 1);\ 256 emitm(&stream, 7 << 5 | dr32 & 0x7, 1); 259 #define SHRib(r32, i8) \ 260 emitm(&stream, 0xc1, 1);\ 261 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\ 262 emitm(&stream, i8, 1); 265 #define SHR_CLrb(dr32) \ 266 emitm(&stream, 0xd3, 1);\ 267 emitm(&stream, 29 << 3 | dr32 & 0x7, 1); 271 emitm(&stream, 0xf7, 1);\ 272 emitm(&stream, 27 << 3 | r32 & 0x7, 1); 275 #define CMPodd(dr32, sr32, off) \ 276 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \ 277 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\ 278 emitm(&stream, off, 1); 281 #define CMPrd(dr32, sr32) \ 282 emitm(&stream, 0x3b, 1); \ 283 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); 286 #define CMPid(dr32, i32) \ 288 emitm(&stream, 0x3d, 1); \ 289 emitm(&stream, i32, 4);} \ 291 emitm(&stream, 0x81, 1); \ 292 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\ 293 emitm(&stream, i32, 4);} 297 emitm(&stream, 0x75, 1);\ 298 emitm(&stream, off8, 1); 302 emitm(&stream, 0x77, 1);\ 303 emitm(&stream, off8, 1); 307 emitm(&stream, 0x0f, 1);\ 308 emitm(&stream, 0x84, 1);\ 309 emitm(&stream, off32, 4); 313 emitm(&stream, 0x0f, 1);\ 314 emitm(&stream, 0x8e, 1);\ 315 emitm(&stream, off32, 4); 319 emitm(&stream, 0x7e, 1);\ 320 emitm(&stream, off8, 1); 324 emitm(&stream, 0x76, 1);\ 325 emitm(&stream, off8, 1); 329 emitm(&stream, 0x72, 1);\ 330 emitm(&stream, off8, 1); 334 emitm(&stream, 0x0f, 1);\ 335 emitm(&stream, 0x87, 1);\ 336 emitm(&stream, off32, 4); 340 emitm(&stream, 0x0f, 1);\ 341 emitm(&stream, 0x83, 1);\ 342 emitm(&stream, off32, 4); 346 emitm(&stream, 0x0f, 1);\ 347 emitm(&stream, 0x8f, 1);\ 348 emitm(&stream, off32, 4); 352 emitm(&stream, 0x0f, 1);\ 353 emitm(&stream, 0x8d, 1);\ 354 emitm(&stream, off32, 4); 358 emitm(&stream, 0xe9, 1);\ 359 emitm(&stream, off32, 4);
Structure describing a x86 filtering program created by the jitter.
INT cur_ip
Current X86 instruction pointer.
A stream of X86 binary code.
struct binary_stream binary_stream
A stream of X86 binary code.
PUINT refs
Jumps reference table.
void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter)
Deletes a filtering function that was previously created by BPF_jitter().
PCHAR ibuf
Instruction buffer, contains the X86 generated code.
UINT(__cdecl * BPF_filter_function)(PVOID *, ULONG, UINT)
Prototype of a filtering function created by the jitter.
BPF_filter_function Function
The x86 filtering binary, in the form of a BPF_filter_function.
INT bpf_pc
Current BPF instruction pointer, i.e. position in the BPF program reached by the jitter.
JIT_BPF_Filter * BPF_jitter(struct bpf_insn *fp, INT nins)
BPF jitter, builds an x86 function from a BPF program.
BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem)
Translates a set of BPF instructions in a set of x86 ones.
struct JIT_BPF_Filter JIT_BPF_Filter
Structure describing a x86 filtering program created by the jitter.
void(* emit_func)(binary_stream *stream, ULONG value, UINT n)
Prototype of the emit functions.