t_asmmod

Describes binary command produced by Assembleallforms(). If command was compiled in AM_IMPRECISE mode, contains information necessary to find all variations of this command. In fact, plugins don't need to know the internal layout of this structure. They call Assembleallforms() or Getasmsearchmodel() to produce set of models and Comparecommand() or Comparesequence() to find command.

 typedef struct t_asmmod {              // Description of assembled command
  uchar          code[MAXCMDSIZE];     // Binary code
  uchar          mask[MAXCMDSIZE];     // Mask for binary code (0: bit ignored)
  ulong          prefixes;             // List of prefixes, set of PF_xxx
  uchar          ncode;                // Length of code w/o prefixes, bytes
  uchar          features;             // Code features, set of AMF_xxx
  uchar          postbyte;             // Postbyte (if AMF_POSTBYTE set)
  uchar          noperand;             // Number of operands (no pseudooperands)
  t_modop        op[NOPERAND];         // Description of operands
} t_asmmod;


Members:

code
Binary code of the command. In precise mode, this is the complete command of length ncode that includes prefixes and postbyte. If command was compiled in AM_IMPRECISE mode, usually contains only opcode without prefixes and postbyte
mask
Comparison mask, marks significant bits of code. In precise mode, all bits in the mask are set
prefixes
List of prefixes as a combination of flags ASP_xxx. In precise mode, prefixes are included in the code
ncode
Length of the significant part of the code and mask. In precise mode, this is the length of the complete command
features
Combination of zero or more of the following flags. Always zero in precise mode:
AMF_SAMEORDER - set if command accesses memory using SIB and registers (index, base) appear in the same order as in the source
AMF_ANYSEG - set if command must possess segment prefix, but it does not matter which
AMF_POSTBYTE - command includes postbyte
AMF_IMPRECISE - model is imprecise in the sense that binary code alone is not sufficient to locate the command and operands must be analysed. This flag does not influence the comparion of prefixes
AMF_ANYSIZE - size of the operands does not matter, so optional data size prefix is acceptable
AMF_NOSMALL - 16-bit addressing is not allowed
postbyte
Postbyte as a last byte in the command, valid only if AMF_POSTBYTE is set
noperand
Number of operands in op that must be taken into account when comparing two commands. May differ from the real number of operands in the found command
op
Pointer to array of structures t_modop that describe operands. Not used in precise mode


See also:
Assembler and disassembler, t_asmlist, t_modop, Assembleassforms(), Comparecommand(), Comparesequence(), Getasmsearchmodel(), Getseqsearchmodel()