Add support for RIP relative addresses on x86_64.

courgette/disassembler_win32_x64.cc

Index: courgette/disassembler_win32_x64.cc
diff --git a/courgette/disassembler_win32_x64.cc b/courgette/disassembler_win32_x64.cc
index 04356d7f23317cbaf3aa29f3de480f58cba68e48..6f648713366b1a26b01536ef04cd639136c9f122 100644
--- a/courgette/disassembler_win32_x64.cc
+++ b/courgette/disassembler_win32_x64.cc
@@ -461,18 +461,40 @@ void DisassemblerWin32X64::ParseRel32RelocsFromSection(const Section* section) {
     // next few bytes the start of an instruction containing a rel32
     // addressing mode?
     const uint8* rel32 = NULL;
+    bool is_rip_relative = false;
 
     if (p + 5 <= end_pointer) {

[dgarrett, 2015/03/10 03:03:48]

This CL isn't introducing the pattern, but shouldn't each of these if blocks be
if/else blocks?

If we get a hit, we shouldn't keep looking for another match until we've
processed the first hit. Right?

[Will Harris, 2015/03/12 05:33:28]

yes, none of the blocks will ever collide with each other as they read the
instructions and they are all mutually exclusive.

[dgarrett, 2015/03/12 16:40:54]

For some reason, I read the "rel32 = p + 2" type lines as advancing p, nvm.

       if (*p == 0xE8 || *p == 0xE9) {  // jmp rel32 and call rel32
         rel32 = p + 1;
+        is_rip_relative = false;

[rickyz (no longer on Chrome), 2015/03/10 05:13:50]

Fine if you prefer it this way, but no need to set it explicitly if it's already
initialized to false.

[Will Harris, 2015/03/12 05:33:28]

Done.

       }
     }
     if (p + 6 <= end_pointer) {
       if (*p == 0x0F  &&  (*(p+1) & 0xF0) == 0x80) {  // Jcc long form

[rickyz (no longer on Chrome), 2015/03/10 05:13:50]

nit: Could we use p[1] or *(p + 1) consistently everywhere?

[Will Harris, 2015/03/12 05:33:28]

Done.

-        if (p[1] != 0x8A && p[1] != 0x8B)  // JPE/JPO unlikely
+        if (p[1] != 0x8A && p[1] != 0x8B) {           // JPE/JPO unlikely
           rel32 = p + 2;
+          is_rip_relative = false;
+        }
+      } else if (*p == 0xFF && (*(p + 1) == 0x15 || *(p + 1) == 0x25)) {
+        // rip relative call/jmp
+        rel32 = p + 2;
+        is_rip_relative = true;
+      }
+    }
+    if (p + 7 <= end_pointer) {
+      if ((*p & 0xFE) == 0x48 && *(p + 1) == 0x8D &&

[rickyz (no longer on Chrome), 2015/03/10 05:13:50]

Did you mean to use 0xFB here and below? Otherwise this will miss instructions
that load into r8-r15.

[Will Harris, 2015/03/12 05:33:28]

Done.  Good spot.

+          (*(p + 2) & 0xC7) == 0x05) {
+        // rip relative lea
+        rel32 = p + 3;
+        is_rip_relative = true;
+      } else if ((*p & 0xFE) == 0x48 && *(p + 1) == 0x8B &&
+                 (*(p + 2) & 0xC7) == 0x05) {
+        // rip relative mov
+        rel32 = p + 3;
+        is_rip_relative = true;
       }
     }

[rickyz (no longer on Chrome), 2015/03/10 05:13:50]

Out of curiosity, how do we decide which instructions to consider vs. not here?
(For example, we don't support MOV r/m64,r64 or things that take immediates, or
other instructions like cmp, etc.)

[Will Harris, 2015/03/12 05:33:28]

I agree that there is probably still some scope here for expanding this function
to cope with even more instructions.

+
     if (rel32) {
       RVA rel32_rva = static_cast<RVA>(rel32 - adjust_pointer_to_rva);
 
@@ -494,7 +516,8 @@ void DisassemblerWin32X64::ParseRel32RelocsFromSection(const Section* section) {
       // To be valid, rel32 target must be within image, and within this
       // section.
       if (IsValidRVA(target_rva) &&
-          start_rva <= target_rva && target_rva < end_rva) {
+          (is_rip_relative ||
+           start_rva <= target_rva && target_rva < end_rva)) {
         rel32_locations_.push_back(rel32_rva);
 #if COURGETTE_HISTOGRAM_TARGETS
         ++rel32_target_rvas_[target_rva];