Code refactored

Author: psrok1

ANDN.c

@@ -1,20 +1,12 @@
 #include "Driver.h"
 #include "Parser.h"
 
-inline int isANDN(char* instruction) {
-	UNREFERENCED_PARAMETER(instruction); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	return FALSE;
-}
-
-int __stdcall ANDNInstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall ANDNInstructionEmulator(
+	ParsedInstruction instruction,
+	CALLER_CONTEXT* context)
 {
-	UNREFERENCED_PARAMETER(context); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	if (isANDN(*instruction)) {
-		// Parse and emulate
-		return TRUE;
-	}
-	else
-		return FALSE; // not supported -> not handled
-}
+	UNREFERENCED_PARAMETER(instruction);
+	UNREFERENCED_PARAMETER(context);
+
+	return TRUE;
+}

BEXTR.c

@@ -1,20 +1,12 @@
 #include "Driver.h"
 #include "Parser.h"
 
-inline int isBEXTR(char* instruction) {
-	UNREFERENCED_PARAMETER(instruction); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	return FALSE;
-}
-
-int __stdcall BEXTRInstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall BEXTRInstructionEmulator(
+	ParsedInstruction instruction,
+	CALLER_CONTEXT* context)
 {
-	UNREFERENCED_PARAMETER(context); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	if (isBEXTR(*instruction)) {
-		// Parse and emulate
-		return TRUE;
-	}
-	else
-		return FALSE; // not supported -> not handled
-}
+	UNREFERENCED_PARAMETER(instruction);
+	UNREFERENCED_PARAMETER(context);
+
+	return TRUE;
+}

BLSI.c

@@ -1,20 +1,12 @@
 #include "Driver.h"
 #include "Parser.h"
 
-inline int isBLSI(char* instruction) {
-	UNREFERENCED_PARAMETER(instruction); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	return FALSE;
-}
-
-int __stdcall BLSIInstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall BLSIInstructionEmulator(
+	ParsedInstruction instruction,
+	CALLER_CONTEXT* context)
 {
-	UNREFERENCED_PARAMETER(context); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	if (isBLSI(*instruction)) {
-		// Parse and emulate
-		return TRUE;
-	}
-	else
-		return FALSE; // not supported -> not handled
-}
+	UNREFERENCED_PARAMETER(instruction);
+	UNREFERENCED_PARAMETER(context);
+
+	return TRUE;
+}

BLSMSK.c

@@ -1,20 +1,12 @@
 #include "Driver.h"
 #include "Parser.h"
 
-inline int isBLSMSK(char* instruction) {
-	UNREFERENCED_PARAMETER(instruction); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	return FALSE;
-}
-
-int __stdcall BLSMSKInstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall BLSMSKInstructionEmulator(
+	ParsedInstruction instruction,
+	CALLER_CONTEXT* context)
 {
-	UNREFERENCED_PARAMETER(context); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	if (isBLSMSK(*instruction)) {
-		// Parse and emulate
-		return TRUE;
-	}
-	else
-		return FALSE; // not supported -> not handled
-}
+	UNREFERENCED_PARAMETER(instruction);
+	UNREFERENCED_PARAMETER(context);
+
+	return TRUE;
+}

BLSR.c

@@ -1,20 +1,12 @@
 #include "Driver.h"
 #include "Parser.h"
 
-inline int isBLSR(char* instruction) {
-	UNREFERENCED_PARAMETER(instruction); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	return FALSE;
-}
-
-int __stdcall BLSRInstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall BLSRInstructionEmulator(
+	ParsedInstruction instruction,
+	CALLER_CONTEXT* context)
 {
-	UNREFERENCED_PARAMETER(context); // <-- LINE TO REMOVE DURING IMPLEMENTATION
-	if (isBLSR(*instruction)) {
-		// Parse and emulate
-		return TRUE;
-	}
-	else
-		return FALSE; // not supported -> not handled
-}
+	UNREFERENCED_PARAMETER(instruction);
+	UNREFERENCED_PARAMETER(context);
+
+	return TRUE;
+}

Consts.h

@@ -40,11 +40,13 @@
 
 // Instruction descriptors
 
-#define INSTR_ANDN		0x00000000
-#define INSTR_BEXTR		0x10000000
-#define INSTR_BLSI		0x20000000
-#define INSTR_BLSMSK	0x30000000
-#define INSTR_BLSR		0x40000000
-#define INSTR_LZCNT		0x50000000
-#define INSTR_POPCNT	0x60000000
-#define INSTR_TZCNT		0x70000000
+#define INSTR_ANDN	    0x00000000
+#define INSTR_BEXTR	    0x10000000
+#define INSTR_BLSI	    0x20000000
+#define INSTR_BLSMSK    0x30000000
+#define INSTR_BLSR	    0x40000000
+#define INSTR_LZCNT	    0x50000000
+#define INSTR_POPCNT    0x60000000
+#define INSTR_TZCNT	    0x70000000
+#define INSTR_DEBUG     0xFFFFFFFE
+#define INSTR_UNKNOWN   0xFFFFFFFF

Driver.c

@@ -44,35 +44,27 @@ __declspec(naked) HookRoutine() {
 		pushfd;
 		pushad;
 
-		// Get address to interrupt handlers chain
-		mov esi, offset handlers_chain;
-	handlerLookup:
-		// Load address of interrupt handler
-		mov edi, [esi];
-		lea esi, [esi + 4];
-		// If NULL - end of chain, go to system handler
-		test edi, edi;
-		jz unhandledExc;
-		
 		// Get fault address
 		lea eax, [esp + 0x24];
 		// Push pointer to stored context
 		push esp;
 		// Push fault address
 		push eax;
 		// Call handler
-		call edi;
-		
+		mov esi, offset HandleUndefInstruction;
+		call esi;
+
 		// If handler refuses to handle exception: try next
 		test eax, eax;
-		jz handlerLookup;
+		jz unhandledExc;
 
 		// If exception is handled:
 		// Restore context and return from interrupt
 		popad;
 		popfd;
 		iretd;
 	unhandledExc:
+		// If exception isn't handled:
 		// Jumping to system handler
 		popad
 		popfd

Driver.h

@@ -51,11 +51,8 @@ extern void setRegValue(
 	unsigned int value,
 	CALLER_CONTEXT* context);
 
-/***** Handlers.c *****/
+/*** Handlers.c ***/
 
-typedef int(__stdcall *InstructionHandler)(char**, CALLER_CONTEXT*);
-#define EMULATOR_ROUTINE(name) int __stdcall name (char** instruction, CALLER_CONTEXT* context)
-
-extern InstructionHandler handlers_chain[];
+extern int __stdcall HandleUndefInstruction(char** instruction, CALLER_CONTEXT* context);
 
 #pragma pack(pop)

Emulators.h

@@ -0,0 +1,20 @@
+#pragma once
+
+#include "Driver.h"
+#include "Parser.h"
+
+typedef int(__stdcall *EmulatorRoutine)(ParsedInstruction, CALLER_CONTEXT*);
+
+#define EMULATOR_ROUTINE_PTR(name) name##InstructionEmulator
+#define EMULATOR_ROUTINE(name) int __stdcall name##InstructionEmulator (ParsedInstruction instruction, CALLER_CONTEXT* context);
+
+extern EMULATOR_ROUTINE(ANDN);
+extern EMULATOR_ROUTINE(BEXTR);
+extern EMULATOR_ROUTINE(BLSI);
+extern EMULATOR_ROUTINE(BLSMSK);
+extern EMULATOR_ROUTINE(BLSR);
+extern EMULATOR_ROUTINE(LZCNT);
+extern EMULATOR_ROUTINE(POPCNT);
+extern EMULATOR_ROUTINE(TZCNT);
+// @DEBUG
+extern EMULATOR_ROUTINE(Example);

Example.c

@@ -3,31 +3,24 @@
 
 /* Example! */
 
-// Checking if opcode is associated with handled instruction
-inline int isUD2(char* instruction) {
-	return instruction[0] == 0x0F && instruction[1] == 0x0B;
-}
-
-int __stdcall UD2InstructionHandler(
-	char** instruction,		   // bytes of instruction
-	CALLER_CONTEXT* context)   // caller context 
+int __stdcall ExampleInstructionEmulator(
+	ParsedInstruction instruction,	// parsed instruction data
+	CALLER_CONTEXT* context)		// caller context
 {
-	if (isUD2(*instruction)) {
-		// Setting GPR registers!
-		// Using getters
-		setRegValue(REG_ECX, 0xFACEFEED, context);
-		setRegValue(REG_EDX, 0x00000000, context);
-		// ... or in structure
-		context->ecx = 0xFACEFEED;
-		context->edx = 0x00000000;
-		context->flags |= FLAG_ZF;
-		// Other registers (SSE), memory etc. need to be set directly!
-		__asm movhlps xmm5, xmm4;
-		// Move EIP two bytes forward! [instruction length]
-		(*instruction) += 2;
-		// Handled!
-		return TRUE;
-	}
-	else
-		return FALSE; // not UD2 -> not handled
-}
+	// Setting GPR registers!
+	// Using setters
+	setRegValue(REG_ECX, 0xFACEFEED, context);
+	setRegValue(REG_EDX, 0x00000000, context);
+	// .. or directly in structure
+	context->ecx = 0xFACEFEED;
+	context->edx = 0x00000000;
+	context->flags |= FLAG_ZF;
+	// Other registers (SSE), memory etc. need to be set directly!
+	__asm movhlps xmm5, xmm4;
+	// Memory? Use getEffectiveVA to get address from mem structure
+	// But check earlier, whether you deal with 32b or 16b pointer!
+	if(instruction.src1 == MEM_32)
+		*((UINT32*)getEffectiveVA(instruction.mem, context)) = 0x00000000;
+	// Success: handled!
+	return TRUE;
+}