Add support for RIP relative addresses on x86_64.

courgette/disassembler_win32_x64.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "courgette/disassembler_win32_x64.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 444 matching lines @@
       }
     }
 
     //while (abs32_pos != abs32_locations_.end() && *abs32_pos < current_rva)
     //  ++abs32_pos;
 
     // Heuristic discovery of rel32 locations in instruction stream: are the
     // next few bytes the start of an instruction containing a rel32
     // addressing mode?
     const uint8* rel32 = NULL;
+    bool is_rip_relative = false;
 
     if (p + 5 <= end_pointer) {
-      if (*p == 0xE8 || *p == 0xE9) {  // jmp rel32 and call rel32
+      if (*p == 0xE8 || *p == 0xE9)  // jmp rel32 and call rel32
         rel32 = p + 1;
+    }
+    if (p + 6 <= end_pointer) {
+      if (*p == 0x0F && (*(p + 1) & 0xF0) == 0x80) {  // Jcc long form
+        if (p[1] != 0x8A && p[1] != 0x8B)  // JPE/JPO unlikely
+          rel32 = p + 2;
+      } else if (*p == 0xFF && (*(p + 1) == 0x15 || *(p + 1) == 0x25)) {
+        // rip relative call/jmp
+        rel32 = p + 2;
+        is_rip_relative = true;
       }
     }
-    if (p + 6 <= end_pointer) {
-      if (*p == 0x0F  &&  (*(p+1) & 0xF0) == 0x80) {  // Jcc long form
-        if (p[1] != 0x8A && p[1] != 0x8B)  // JPE/JPO unlikely
-          rel32 = p + 2;
+    if (p + 7 <= end_pointer) {
+      if ((*p & 0xFB) == 0x48 && *(p + 1) == 0x8D &&
+          (*(p + 2) & 0xC7) == 0x05) {
+        // rip relative lea
+        rel32 = p + 3;
+        is_rip_relative = true;
+      } else if ((*p & 0xFB) == 0x48 && *(p + 1) == 0x8B &&
+                 (*(p + 2) & 0xC7) == 0x05) {
+        // rip relative mov
+        rel32 = p + 3;
+        is_rip_relative = true;
       }
     }
+
     if (rel32) {
       RVA rel32_rva = static_cast<RVA>(rel32 - adjust_pointer_to_rva);
 
       // Is there an abs32 reloc overlapping the candidate?
       while (abs32_pos != abs32_locations_.end() && *abs32_pos < rel32_rva - 3)
         ++abs32_pos;
       // Now: (*abs32_pos > rel32_rva - 4) i.e. the lowest addressed 4-byte
       // region that could overlap rel32_rva.
       if (abs32_pos != abs32_locations_.end()) {
         if (*abs32_pos < rel32_rva + 4) {
           // Beginning of abs32 reloc is before end of rel32 reloc so they
           // overlap.  Skip four bytes past the abs32 reloc.
           p += (*abs32_pos + 4) - current_rva;
           continue;
         }
       }
 
       RVA target_rva = rel32_rva + 4 + Read32LittleEndian(rel32);
       // To be valid, rel32 target must be within image, and within this
       // section.
       if (IsValidRVA(target_rva) &&
-          start_rva <= target_rva && target_rva < end_rva) {
+          (is_rip_relative ||
+           (start_rva <= target_rva && target_rva < end_rva))) {
         rel32_locations_.push_back(rel32_rva);
 #if COURGETTE_HISTOGRAM_TARGETS
         ++rel32_target_rvas_[target_rva];
 #endif
         p = rel32 + 4;
         continue;
       }
     }
     p += 1;
   }
@@ skipping 211 matching lines @@
     directory->size_ = static_cast<uint32>(size);
     return true;
   } else {
     directory->address_ = 0;
     directory->size_ = 0;
     return true;
   }
 }
 
 }  // namespace courgette