-
-
Notifications
You must be signed in to change notification settings - Fork 251
/
gumx86writer.h
367 lines (325 loc) · 14.7 KB
/
gumx86writer.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
/*
* Copyright (C) 2009-2022 Ole André Vadla Ravnås <[email protected]>
* Copyright (C) 2023 Fabian Freyer <[email protected]>
* Copyright (C) 2024 Yannis Juglaret <[email protected]>
*
* Licence: wxWindows Library Licence, Version 3.1
*/
#ifndef __GUM_X86_WRITER_H__
#define __GUM_X86_WRITER_H__
#include <gum/gumdefs.h>
#include <gum/gummetalarray.h>
#include <gum/gummetalhash.h>
#include <capstone.h>
G_BEGIN_DECLS
typedef struct _GumX86Writer GumX86Writer;
typedef guint GumX86Reg;
typedef guint GumX86PtrTarget;
struct _GumX86Writer
{
volatile gint ref_count;
gboolean flush_on_destroy;
GumCpuType target_cpu;
GumAbiType target_abi;
GumCpuFeatures cpu_features;
guint8 * base;
guint8 * code;
GumAddress pc;
GumMetalHashTable * label_defs;
GumMetalArray label_refs;
};
enum _GumX86Reg
{
/* 32-bit */
GUM_X86_EAX = 0,
GUM_X86_ECX,
GUM_X86_EDX,
GUM_X86_EBX,
GUM_X86_ESP,
GUM_X86_EBP,
GUM_X86_ESI,
GUM_X86_EDI,
GUM_X86_R8D,
GUM_X86_R9D,
GUM_X86_R10D,
GUM_X86_R11D,
GUM_X86_R12D,
GUM_X86_R13D,
GUM_X86_R14D,
GUM_X86_R15D,
GUM_X86_EIP,
/* 64-bit */
GUM_X86_RAX,
GUM_X86_RCX,
GUM_X86_RDX,
GUM_X86_RBX,
GUM_X86_RSP,
GUM_X86_RBP,
GUM_X86_RSI,
GUM_X86_RDI,
GUM_X86_R8,
GUM_X86_R9,
GUM_X86_R10,
GUM_X86_R11,
GUM_X86_R12,
GUM_X86_R13,
GUM_X86_R14,
GUM_X86_R15,
GUM_X86_RIP,
/* Meta */
GUM_X86_XAX,
GUM_X86_XCX,
GUM_X86_XDX,
GUM_X86_XBX,
GUM_X86_XSP,
GUM_X86_XBP,
GUM_X86_XSI,
GUM_X86_XDI,
GUM_X86_XIP,
GUM_X86_NONE
};
enum _GumX86PtrTarget
{
GUM_X86_PTR_BYTE,
GUM_X86_PTR_DWORD,
GUM_X86_PTR_QWORD
};
GUM_API GumX86Writer * gum_x86_writer_new (gpointer code_address);
GUM_API GumX86Writer * gum_x86_writer_ref (GumX86Writer * writer);
GUM_API void gum_x86_writer_unref (GumX86Writer * writer);
GUM_API void gum_x86_writer_init (GumX86Writer * writer,
gpointer code_address);
GUM_API void gum_x86_writer_clear (GumX86Writer * writer);
GUM_API void gum_x86_writer_reset (GumX86Writer * writer,
gpointer code_address);
GUM_API void gum_x86_writer_set_target_cpu (GumX86Writer * self,
GumCpuType cpu_type);
GUM_API void gum_x86_writer_set_target_abi (GumX86Writer * self,
GumAbiType abi_type);
GUM_API gpointer gum_x86_writer_cur (GumX86Writer * self);
GUM_API guint gum_x86_writer_offset (GumX86Writer * self);
GUM_API gboolean gum_x86_writer_flush (GumX86Writer * self);
GUM_API GumX86Reg gum_x86_writer_get_cpu_register_for_nth_argument (
GumX86Writer * self, guint n);
GUM_API gboolean gum_x86_writer_put_label (GumX86Writer * self,
gconstpointer id);
GUM_API gboolean gum_x86_writer_can_branch_directly_between (GumAddress from,
GumAddress to);
GUM_API gboolean gum_x86_writer_put_call_address_with_arguments (
GumX86Writer * self, GumCallingConvention conv, GumAddress func,
guint n_args, ...);
GUM_API gboolean gum_x86_writer_put_call_address_with_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumAddress func,
guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_address_with_aligned_arguments (
GumX86Writer * self, GumCallingConvention conv, GumAddress func,
guint n_args, ...);
GUM_API gboolean gum_x86_writer_put_call_address_with_aligned_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumAddress func,
guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_reg_with_arguments (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
guint n_args, ...);
GUM_API gboolean gum_x86_writer_put_call_reg_with_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_reg_with_aligned_arguments (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
guint n_args, ...);
GUM_API gboolean gum_x86_writer_put_call_reg_with_aligned_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_reg_offset_ptr_with_arguments (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
gssize offset, guint n_args, ...);
GUM_API gboolean gum_x86_writer_put_call_reg_offset_ptr_with_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
gssize offset, guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_reg_offset_ptr_with_aligned_arguments (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
gssize offset, guint n_args, ...);
GUM_API gboolean
gum_x86_writer_put_call_reg_offset_ptr_with_aligned_arguments_array (
GumX86Writer * self, GumCallingConvention conv, GumX86Reg reg,
gssize offset, guint n_args, const GumArgument * args);
GUM_API gboolean gum_x86_writer_put_call_address (GumX86Writer * self,
GumAddress address);
GUM_API gboolean gum_x86_writer_put_call_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_call_reg_offset_ptr (GumX86Writer * self,
GumX86Reg reg, gssize offset);
GUM_API gboolean gum_x86_writer_put_call_indirect (GumX86Writer * self,
GumAddress addr);
GUM_API gboolean gum_x86_writer_put_call_indirect_label (GumX86Writer * self,
gconstpointer label_id);
GUM_API void gum_x86_writer_put_call_near_label (GumX86Writer * self,
gconstpointer label_id);
GUM_API void gum_x86_writer_put_leave (GumX86Writer * self);
GUM_API void gum_x86_writer_put_ret (GumX86Writer * self);
GUM_API void gum_x86_writer_put_ret_imm (GumX86Writer * self,
guint16 imm_value);
GUM_API gboolean gum_x86_writer_put_jmp_address (GumX86Writer * self,
GumAddress address);
GUM_API void gum_x86_writer_put_jmp_short_label (GumX86Writer * self,
gconstpointer label_id);
GUM_API void gum_x86_writer_put_jmp_near_label (GumX86Writer * self,
gconstpointer label_id);
GUM_API gboolean gum_x86_writer_put_jmp_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_jmp_reg_ptr (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_jmp_reg_offset_ptr (GumX86Writer * self,
GumX86Reg reg, gssize offset);
GUM_API gboolean gum_x86_writer_put_jmp_near_ptr (GumX86Writer * self,
GumAddress address);
GUM_API gboolean gum_x86_writer_put_jcc_short (GumX86Writer * self,
x86_insn instruction_id, gconstpointer target, GumBranchHint hint);
GUM_API gboolean gum_x86_writer_put_jcc_near (GumX86Writer * self,
x86_insn instruction_id, gconstpointer target, GumBranchHint hint);
GUM_API void gum_x86_writer_put_jcc_short_label (GumX86Writer * self,
x86_insn instruction_id, gconstpointer label_id, GumBranchHint hint);
GUM_API void gum_x86_writer_put_jcc_near_label (GumX86Writer * self,
x86_insn instruction_id, gconstpointer label_id, GumBranchHint hint);
GUM_API gboolean gum_x86_writer_put_add_reg_imm (GumX86Writer * self,
GumX86Reg reg, gssize imm_value);
GUM_API gboolean gum_x86_writer_put_add_reg_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_add_reg_near_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumAddress src_address);
GUM_API gboolean gum_x86_writer_put_sub_reg_imm (GumX86Writer * self,
GumX86Reg reg, gssize imm_value);
GUM_API gboolean gum_x86_writer_put_sub_reg_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_sub_reg_near_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumAddress src_address);
GUM_API gboolean gum_x86_writer_put_inc_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_dec_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_inc_reg_ptr (GumX86Writer * self,
GumX86PtrTarget target, GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_dec_reg_ptr (GumX86Writer * self,
GumX86PtrTarget target, GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_lock_xadd_reg_ptr_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_lock_cmpxchg_reg_ptr_reg (
GumX86Writer * self, GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_lock_inc_imm32_ptr (GumX86Writer * self,
gpointer target);
GUM_API gboolean gum_x86_writer_put_lock_dec_imm32_ptr (GumX86Writer * self,
gpointer target);
GUM_API gboolean gum_x86_writer_put_and_reg_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_and_reg_u32 (GumX86Writer * self,
GumX86Reg reg, guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_shl_reg_u8 (GumX86Writer * self,
GumX86Reg reg, guint8 imm_value);
GUM_API gboolean gum_x86_writer_put_shr_reg_u8 (GumX86Writer * self,
GumX86Reg reg, guint8 imm_value);
GUM_API gboolean gum_x86_writer_put_xor_reg_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_u32 (GumX86Writer * self,
GumX86Reg dst_reg, guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_mov_reg_u64 (GumX86Writer * self,
GumX86Reg dst_reg, guint64 imm_value);
GUM_API void gum_x86_writer_put_mov_reg_address (GumX86Writer * self,
GumX86Reg dst_reg, GumAddress address);
GUM_API void gum_x86_writer_put_mov_reg_ptr_u32 (GumX86Writer * self,
GumX86Reg dst_reg, guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_mov_reg_offset_ptr_u32 (GumX86Writer * self,
GumX86Reg dst_reg, gssize dst_offset, guint32 imm_value);
GUM_API void gum_x86_writer_put_mov_reg_ptr_reg (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_offset_ptr_reg (GumX86Writer * self,
GumX86Reg dst_reg, gssize dst_offset, GumX86Reg src_reg);
GUM_API void gum_x86_writer_put_mov_reg_reg_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_reg_offset_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg, gssize src_offset);
GUM_API gboolean gum_x86_writer_put_mov_reg_base_index_scale_offset_ptr (
GumX86Writer * self, GumX86Reg dst_reg, GumX86Reg base_reg,
GumX86Reg index_reg, guint8 scale, gssize offset);
GUM_API gboolean gum_x86_writer_put_mov_reg_near_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumAddress src_address);
GUM_API gboolean gum_x86_writer_put_mov_near_ptr_reg (GumX86Writer * self,
GumAddress dst_address, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_fs_u32_ptr_reg (GumX86Writer * self,
guint32 fs_offset, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_fs_u32_ptr (GumX86Writer * self,
GumX86Reg dst_reg, guint32 fs_offset);
GUM_API void gum_x86_writer_put_mov_fs_reg_ptr_reg (GumX86Writer * self,
GumX86Reg fs_offset, GumX86Reg src_reg);
GUM_API void gum_x86_writer_put_mov_reg_fs_reg_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg fs_offset);
GUM_API gboolean gum_x86_writer_put_mov_gs_u32_ptr_reg (GumX86Writer * self,
guint32 fs_offset, GumX86Reg src_reg);
GUM_API gboolean gum_x86_writer_put_mov_reg_gs_u32_ptr (GumX86Writer * self,
GumX86Reg dst_reg, guint32 fs_offset);
GUM_API void gum_x86_writer_put_mov_gs_reg_ptr_reg (GumX86Writer * self,
GumX86Reg gs_offset, GumX86Reg src_reg);
GUM_API void gum_x86_writer_put_mov_reg_gs_reg_ptr (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg gs_offset);
GUM_API void gum_x86_writer_put_movq_xmm0_esp_offset_ptr (GumX86Writer * self,
gint8 offset);
GUM_API void gum_x86_writer_put_movq_eax_offset_ptr_xmm0 (GumX86Writer * self,
gint8 offset);
GUM_API void gum_x86_writer_put_movdqu_xmm0_esp_offset_ptr (GumX86Writer * self,
gint8 offset);
GUM_API void gum_x86_writer_put_movdqu_eax_offset_ptr_xmm0 (GumX86Writer * self,
gint8 offset);
GUM_API gboolean gum_x86_writer_put_lea_reg_reg_offset (GumX86Writer * self,
GumX86Reg dst_reg, GumX86Reg src_reg, gssize src_offset);
GUM_API gboolean gum_x86_writer_put_xchg_reg_reg_ptr (GumX86Writer * self,
GumX86Reg left_reg, GumX86Reg right_reg);
GUM_API void gum_x86_writer_put_push_u32 (GumX86Writer * self,
guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_push_near_ptr (GumX86Writer * self,
GumAddress address);
GUM_API gboolean gum_x86_writer_put_push_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_pop_reg (GumX86Writer * self,
GumX86Reg reg);
GUM_API void gum_x86_writer_put_push_imm_ptr (GumX86Writer * self,
gconstpointer imm_ptr);
GUM_API void gum_x86_writer_put_pushax (GumX86Writer * self);
GUM_API void gum_x86_writer_put_popax (GumX86Writer * self);
GUM_API void gum_x86_writer_put_pushfx (GumX86Writer * self);
GUM_API void gum_x86_writer_put_popfx (GumX86Writer * self);
GUM_API void gum_x86_writer_put_sahf (GumX86Writer * self);
GUM_API void gum_x86_writer_put_lahf (GumX86Writer * self);
GUM_API gboolean gum_x86_writer_put_test_reg_reg (GumX86Writer * self,
GumX86Reg reg_a, GumX86Reg reg_b);
GUM_API gboolean gum_x86_writer_put_test_reg_u32 (GumX86Writer * self,
GumX86Reg reg, guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_cmp_reg_i32 (GumX86Writer * self,
GumX86Reg reg, gint32 imm_value);
GUM_API gboolean gum_x86_writer_put_cmp_reg_offset_ptr_reg (GumX86Writer * self,
GumX86Reg reg_a, gssize offset, GumX86Reg reg_b);
GUM_API void gum_x86_writer_put_cmp_imm_ptr_imm_u32 (GumX86Writer * self,
gconstpointer imm_ptr, guint32 imm_value);
GUM_API gboolean gum_x86_writer_put_cmp_reg_reg (GumX86Writer * self,
GumX86Reg reg_a, GumX86Reg reg_b);
GUM_API void gum_x86_writer_put_clc (GumX86Writer * self);
GUM_API void gum_x86_writer_put_stc (GumX86Writer * self);
GUM_API void gum_x86_writer_put_cld (GumX86Writer * self);
GUM_API void gum_x86_writer_put_std (GumX86Writer * self);
GUM_API void gum_x86_writer_put_cpuid (GumX86Writer * self);
GUM_API void gum_x86_writer_put_lfence (GumX86Writer * self);
GUM_API void gum_x86_writer_put_rdtsc (GumX86Writer * self);
GUM_API void gum_x86_writer_put_pause (GumX86Writer * self);
GUM_API void gum_x86_writer_put_nop (GumX86Writer * self);
GUM_API void gum_x86_writer_put_breakpoint (GumX86Writer * self);
GUM_API void gum_x86_writer_put_padding (GumX86Writer * self, guint n);
GUM_API void gum_x86_writer_put_nop_padding (GumX86Writer * self, guint n);
GUM_API gboolean gum_x86_writer_put_fxsave_reg_ptr (GumX86Writer * self,
GumX86Reg reg);
GUM_API gboolean gum_x86_writer_put_fxrstor_reg_ptr (GumX86Writer * self,
GumX86Reg reg);
GUM_API void gum_x86_writer_put_u8 (GumX86Writer * self, guint8 value);
GUM_API void gum_x86_writer_put_s8 (GumX86Writer * self, gint8 value);
GUM_API void gum_x86_writer_put_bytes (GumX86Writer * self, const guint8 * data,
guint n);
G_END_DECLS
#endif