All notable (user-facing) changes to this project will be documented in this file.
The format is based on Keep a Changelog.
- Support in bddisasm for AMD
RMPREAD
instruction. - Support in bddisasm for Intel AVX 10.2 instructions.
LEAVE
instruction: size attribute for theRSP
operand is stack address size, not operand size.ENTER
instruction: size attribute for theRSP
operand is operand size, not stack address size.ENTER
instruction: added missing operands -RBP
(stack address size),[RBP]
(operand size).EVEX
instructions in maps 5 & 6 may not be decoded ifND_FEAT_APX
feature is not enabled.
- Proper handling of the
EVEX.U
bit, depending on the instruction type. - Removed APX encodings for SHA & KEYLOCKER instruction.
- Implemented new test scripts.
- Potential unaligned load, as reported by UBSAN.
- Removed no longer needed static assert.
- Aligned BDDISASM APX instructions syntax with some of the Intel recomandations (using the suffix notation for
NF
andZU
indications, using finite set notation forDFV
operands).
- The
ZU
indication is appended as a mnemonic sufix, as per recomandations. However, in case ofSETcc
instructions, BDDISASM will append theZU
indication AFTER the condition code (similar toCMPccXADD
and with initialSETcc.ZU
specification). - The
DFV
(default flags value) operand obeys the finite set notation, but it is placed as the last operand of the instruction.
Read
access for therIP
operand for theSYSCALL
instruction.SCS
,rCX
,rDX
operands for theSYSEXIT
instruction.
Read
access for therIP
operand for someCALL
instructions.
- Support in bddisasm for Intel REX2 prefix.
- Support in bddisasm for Intel APX extensions.
- Support in bddisasm for Intel USERMSR extensions.
- Support in bddisasm for prefix activation fields inside
INSTRUX
- these fields can be consulted to determine whether a particular prefix is present, accepted & active. - New feature in bdshemu:
SHEMU_OPT_DIRECT_MAPPED_SHELL
- allows emulation with a smallerIntBuff
at the cost of not havingWRITE_SELF
detections. The shellcode can be provided directly from its original location, without the need to allocate it in a dedicated memory region. - New feature in bdshemu:
SHEMU_OPT_TRACK_LOOPS
- loops can now be tracked by bdshemu.SHEMU_OPT_TRACE_LOOPS
can be used to log loop information. - Support in bdshemu for APX instructions (both REX2 and EVEX encoded instructions) - the new
SHEMU_OPT_SUPPORT_APX
must be set in order to enable APX emulation.
- Reduced the size of the
INSTRUX
structure from 856 bytes to 488 bytes (almost -43%!). - Increased decoding performance from average 300 clocks/instruction to average 235 clocks/instruction (almost +20%!).
- New decode options - do not decode implicit operands - this further increases performance from average 235 clocks/instruction to 200 clocks/instruction (almost +15%!).
- Re-worked the Python scripts - both
disasmlib.py
andgenerate_tables.py
have been significantly reworked, improving readability, and making them more efficient. disasmtool
builds on Linux.
- Support for Cyrix & VIA instructions - only current Intel & AMD instructions remain supported.
- disasmtool_lix has been removed.
disasmtool
is available on Linux as well.
- Removed
Iclass
field - it was aliased overInstruction
field, which must be used from now on. - Removed
OperandsEncodingMap
field - one can consult theEncoding
field in each operand to determine the encoding. - Removed
ExceptionClass
field - onlyExceptionType
remains, which contains an enum with all the exception types. - Removed
Predicate
field - onlyCondition
remains, which was aliased overPredicate
. - Removed
HasImm3
,Immediate3
,Imm3Length
andImm3Offset
fields, as they were not used/needed. - Removed
Bhint
,SseCondition
,SignDisp
fields, as they were not used. - Moved
FlagsAccess.RegAccess
outside and renamed it toRflAccess
, to save more space. - Switched from
char Mnemonic[32]
toconst char *Mnemonic
- this decreases INSTRUX size by almost 32 bytes, and increases perf.
- Removed
RawSize
- in most cases,Size
andRawSize
are identical; the only case where they might differ is forImmediate
andRelativeOffset
operands - in that case, one can consult theRawSize
field inImmediate
orRelativeOffset
.
- Removed
Broadcast
field, moved it insideND_OPDESC_MEMORY
. - Removed
HasSae
,HasEr
- they are per instruction, not per operand, and can be consulted directly insideINSTRUX
. - Moved
Msk
one level up, inside theND_OPERAND_DECORATOR
structure.
- Removed
ND_PRED_*
defines - search & replace them withND_COND_*
. - Removed
ND_HAS_PREDICATE
- useND_HAS_CONDITION
instead. - Removed
ND_VEND_GEODE
andND_VEND_CYRIX
.