add find_add_instruction_with_mem_operand

smx-smx · Apr 23, 2024 · d35d641 · d35d641
1 parent 66d0fae
commit d35d641
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/xzre.S b/xzre.S
@@ -51,6 +51,7 @@ secret_data_append_trampoline:
 
 dasm_sample:
 	endbr64
+	add QWORD PTR [rdi], 0x0f
 	push r15
 	sub rsp, 0xC0
 	add rbp, 1234

diff --git a/xzre.h b/xzre.h
@@ -487,7 +487,13 @@ typedef struct __attribute__((packed)) dasm_ctx {
 	u64 instruction_size;
 	union {
 		struct __attribute__((packed)) {
+			/**
+			 * @brief see @ref InstructionFlags
+			 */
 			u8 flags;
+			/**
+			 * @brief see @ref InstructionFlags2
+			 */
 			u8 flags2;
 			PADDING(2);
 			u8 lock_rep_byte;
@@ -1831,6 +1837,22 @@ extern BOOL find_lea_instruction_with_mem_operand(
 	void *mem_address
 );
 
+/**
+ * @brief finds an ADD instruction with an immediate memory operand
+ * 
+ * @param code_start address to start searching from
+ * @param code_end address to stop searching at
+ * @param dctx disassembler context to hold the state
+ * @param mem_address the expected address of the memory access
+ * @return BOOL TRUE if found, FALSE otherwise
+ */
+extern BOOL find_add_instruction_with_mem_operand(
+	u8 *code_start,
+	u8 *code_end,
+	dasm_ctx_t *dctx,
+	void *mem_address
+);
+
 /**
  * @brief like @ref find_mov_instruction, but also considers LEA instructions
  * 

diff --git a/xzre.lds.in b/xzre.lds.in
@@ -25,6 +25,7 @@ SECTIONS_BEGIN()
 	DEFSYM(find_lea_instruction, .text.lzma_raw_encodea)
 	DEFSYM(find_instruction_with_mem_operand, .text.stream_encoder_mt_inia)
 	DEFSYM(find_lea_instruction_with_mem_operand, .text.lzma_mt_block_siza)
+	DEFSYM(find_add_instruction_with_mem_operand, .text.lzma_simple_x86_decoder_inif)
 	DEFSYM_START(.text.lzma_filters_updata)
 		DEFSYM2(find_mov_lea_instruction, 0)
 		DEFSYM2(find_mov_instruction, 0xDF0 - 0xD30)