WinPcap 4.1.3
jitter.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2002 - 2005 NetGroup, Politecnico di Torino (Italy)
3 * Copyright (c) 2005 - 2007 CACE Technologies, Davis (California)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the Politecnico di Torino, CACE Technologies
16 * nor the names of its contributors may be used to endorse or promote
17 * products derived from this software without specific prior written
18 * permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
37
41
42//
43// Registers
44//
45#define EAX 0
46#define ECX 1
47#define EDX 2
48#define EBX 3
49#define ESP 4
50#define EBP 5
51#define ESI 6
52#define EDI 7
53
54#define AX 0
55#define CX 1
56#define DX 2
57#define BX 3
58#define SP 4
59#define BP 5
60#define SI 6
61#define DI 7
62
63#define AL 0
64#define CL 1
65#define DL 2
66#define BL 3
67
69typedef struct binary_stream{
70 INT cur_ip;
71 INT bpf_pc;
72 PCHAR ibuf;
73 PUINT refs;
75
76
82typedef UINT (__cdecl *BPF_filter_function)( PVOID *, ULONG, UINT);
83
92typedef void (*emit_func)(binary_stream *stream, ULONG value, UINT n);
93
100
101
102
103
104/**************************/
105/* X86 INSTRUCTION MACROS */
106/**************************/
107
109#define MOVid(r32, i32) \
110 emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4);
111
113#define MOVrd(dr32, sr32) \
114 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
115
117#define MOVodd(dr32, sr32, off) \
118 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
119 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
120 emitm(&stream, off, 1);
121
123#define MOVobd(dr32, sr32, or32) \
124 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
125 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\
126 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
127
129#define MOVobw(dr32, sr32, or32) \
130 emitm(&stream, 0x66, 1); \
131 emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); \
132 emitm(&stream, (dr32 & 0x7) << 3 | 4 , 1);\
133 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
134
136#define MOVobb(dr8, sr32, or32) \
137 emitm(&stream, 0x8a, 1); \
138 emitm(&stream, (dr8 & 0x7) << 3 | 4 , 1);\
139 emitm(&stream, (or32 & 0x7) << 3 | (sr32 & 0x7) , 1);
140
142#define MOVomd(dr32, or32, sr32) \
143 emitm(&stream, 0x89, 1); \
144 emitm(&stream, (sr32 & 0x7) << 3 | 4 , 1);\
145 emitm(&stream, (or32 & 0x7) << 3 | (dr32 & 0x7) , 1);
146
148#define BSWAP(dr32) \
149 emitm(&stream, 0xf, 1); \
150 emitm(&stream, 0x19 << 3 | dr32 , 1);
151
153#define SWAP_AX() \
154 emitm(&stream, 0x86, 1); \
155 emitm(&stream, 0xc4 , 1);
156
158#define PUSH(r32) \
159 emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1);
160
162#define POP(r32) \
163 emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1);
164
166#define RET() \
167 emitm(&stream, 12 << 4 | 0 << 3 | 3, 1);
168
170#define ADDrd(dr32, sr32) \
171 emitm(&stream, 0x03, 1);\
172 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
173
175#define ADD_EAXi(i32) \
176 emitm(&stream, 0x05, 1);\
177 emitm(&stream, i32, 4);
178
180#define ADDid(r32, i32) \
181 emitm(&stream, 0x81, 1);\
182 emitm(&stream, 24 << 3 | r32, 1);\
183 emitm(&stream, i32, 4);
184
186#define ADDib(r32, i8) \
187 emitm(&stream, 0x83, 1);\
188 emitm(&stream, 24 << 3 | r32, 1);\
189 emitm(&stream, i8, 1);
190
192#define SUBrd(dr32, sr32) \
193 emitm(&stream, 0x2b, 1);\
194 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | (sr32 & 0x7), 1);
195
197#define SUB_EAXi(i32) \
198 emitm(&stream, 0x2d, 1);\
199 emitm(&stream, i32, 4);
200
202#define MULrd(r32) \
203 emitm(&stream, 0xf7, 1);\
204 emitm(&stream, 7 << 5 | (r32 & 0x7), 1);
205
207#define DIVrd(r32) \
208 emitm(&stream, 0xf7, 1);\
209 emitm(&stream, 15 << 4 | (r32 & 0x7), 1);
210
212#define ANDib(r8, i8) \
213 emitm(&stream, 0x80, 1);\
214 emitm(&stream, 7 << 5 | r8, 1);\
215 emitm(&stream, i8, 1);
216
218#define ANDid(r32, i32) \
219 if (r32 == EAX){ \
220 emitm(&stream, 0x25, 1);\
221 emitm(&stream, i32, 4);}\
222 else{ \
223 emitm(&stream, 0x81, 1);\
224 emitm(&stream, 7 << 5 | r32, 1);\
225 emitm(&stream, i32, 4);}
226
228#define ANDrd(dr32, sr32) \
229 emitm(&stream, 0x23, 1);\
230 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
231
233#define ORrd(dr32, sr32) \
234 emitm(&stream, 0x0b, 1);\
235 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
236
238#define ORid(r32, i32) \
239 if (r32 == EAX){ \
240 emitm(&stream, 0x0d, 1);\
241 emitm(&stream, i32, 4);}\
242 else{ \
243 emitm(&stream, 0x81, 1);\
244 emitm(&stream, 25 << 3 | r32, 1);\
245 emitm(&stream, i32, 4);}
246
248#define SHLib(r32, i8) \
249 emitm(&stream, 0xc1, 1);\
250 emitm(&stream, 7 << 5 | r32 & 0x7, 1);\
251 emitm(&stream, i8, 1);
252
254#define SHL_CLrb(dr32) \
255 emitm(&stream, 0xd3, 1);\
256 emitm(&stream, 7 << 5 | dr32 & 0x7, 1);
257
259#define SHRib(r32, i8) \
260 emitm(&stream, 0xc1, 1);\
261 emitm(&stream, 29 << 3 | r32 & 0x7, 1);\
262 emitm(&stream, i8, 1);
263
265#define SHR_CLrb(dr32) \
266 emitm(&stream, 0xd3, 1);\
267 emitm(&stream, 29 << 3 | dr32 & 0x7, 1);
268
270#define NEGd(r32) \
271 emitm(&stream, 0xf7, 1);\
272 emitm(&stream, 27 << 3 | r32 & 0x7, 1);
273
275#define CMPodd(dr32, sr32, off) \
276 emitm(&stream, 3 << 4 | 3 | 1 << 3, 1); \
277 emitm(&stream, 1 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);\
278 emitm(&stream, off, 1);
279
281#define CMPrd(dr32, sr32) \
282 emitm(&stream, 0x3b, 1); \
283 emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1);
284
286#define CMPid(dr32, i32) \
287 if (dr32 == EAX){ \
288 emitm(&stream, 0x3d, 1); \
289 emitm(&stream, i32, 4);} \
290 else{ \
291 emitm(&stream, 0x81, 1); \
292 emitm(&stream, 0x1f << 3 | (dr32 & 0x7), 1);\
293 emitm(&stream, i32, 4);}
294
296#define JNEb(off8) \
297 emitm(&stream, 0x75, 1);\
298 emitm(&stream, off8, 1);
299
301#define JAb(off8) \
302 emitm(&stream, 0x77, 1);\
303 emitm(&stream, off8, 1);
304
306#define JE(off32) \
307 emitm(&stream, 0x0f, 1);\
308 emitm(&stream, 0x84, 1);\
309 emitm(&stream, off32, 4);
310
312#define JLE(off32) \
313 emitm(&stream, 0x0f, 1);\
314 emitm(&stream, 0x8e, 1);\
315 emitm(&stream, off32, 4);
316
318#define JLEb(off8) \
319 emitm(&stream, 0x7e, 1);\
320 emitm(&stream, off8, 1);
321
323#define JBEb(off8) \
324 emitm(&stream, 0x76, 1);\
325 emitm(&stream, off8, 1);
326
328#define JBb(off8) \
329 emitm(&stream, 0x72, 1);\
330 emitm(&stream, off8, 1);
331
333#define JA(off32) \
334 emitm(&stream, 0x0f, 1);\
335 emitm(&stream, 0x87, 1);\
336 emitm(&stream, off32, 4);
337
339#define JAE(off32) \
340 emitm(&stream, 0x0f, 1);\
341 emitm(&stream, 0x83, 1);\
342 emitm(&stream, off32, 4);
343
345#define JG(off32) \
346 emitm(&stream, 0x0f, 1);\
347 emitm(&stream, 0x8f, 1);\
348 emitm(&stream, off32, 4);
349
351#define JGE(off32) \
352 emitm(&stream, 0x0f, 1);\
353 emitm(&stream, 0x8d, 1);\
354 emitm(&stream, off32, 4);
355
357#define JMP(off32) \
358 emitm(&stream, 0xe9, 1);\
359 emitm(&stream, off32, 4);
360
364
365/**************************/
366/* Prototypes */
367/**************************/
368
372
382JIT_BPF_Filter* BPF_jitter(struct bpf_insn *fp, INT nins);
383
395BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem);
403
407
void BPF_Destroy_JIT_Filter(JIT_BPF_Filter *Filter)
Deletes a filtering function that was previously created by BPF_jitter().
BPF_filter_function BPFtoX86(struct bpf_insn *ins, UINT nins, INT *mem)
Translates a set of BPF instructions in a set of x86 ones.
JIT_BPF_Filter * BPF_jitter(struct bpf_insn *fp, INT nins)
BPF jitter, builds an x86 function from a BPF program.
UINT(__cdecl * BPF_filter_function)(PVOID *, ULONG, UINT)
Prototype of a filtering function created by the jitter.
Definition jitter.h:82
void(* emit_func)(binary_stream *stream, ULONG value, UINT n)
Prototype of the emit functions.
Definition jitter.h:92
Structure describing a x86 filtering program created by the jitter.
Definition jitter.h:95
BPF_filter_function Function
The x86 filtering binary, in the form of a BPF_filter_function.
Definition jitter.h:96
A stream of X86 binary code.
Definition jitter.h:69
PUINT refs
Jumps reference table.
Definition jitter.h:73
INT cur_ip
Current X86 instruction pointer.
Definition jitter.h:70
INT bpf_pc
Current BPF instruction pointer, i.e. position in the BPF program reached by the jitter.
Definition jitter.h:71
PCHAR ibuf
Instruction buffer, contains the X86 generated code.
Definition jitter.h:72

documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2010 CACE Technologies. Copyright (c) 2010-2013 Riverbed Technology. All rights reserved.