/*
*
*       ____| |           |                  _)       ___|              |
*       __|   |  _ \  __| __|  __| _ \  __ \  |  __|\___ \   _ \  |   | |  __|
*       |     |  __/ (    |   |   (   | |   | | (         | (   | |   | |\__ \
*      _____|_|\___|\___|\__|_|  \___/ _|  _|_|\___|_____/ \___/ \____|_|____/
*      	    
*        			    Presents
*
*		[ 0x4553_LDE - 16/32-bit Length Disassembler Engine ]
*		
*					    (c) Ares, 2003
*					    
*[-----------------------------------------------------------------------------------]
*  Description:
* It based on ADE32 disassembler engine by z0mbie, modified and ported to AT&T asm.
*
* table.h - contain table of opcodes from 0x00 to 0xFF, 
* it define the type of each other.
* 
*  Usage:
* There is the main function l_disasm(). It get one parameter from stack, 
* which point to array with data. Return value reside in %eax - length of opcode.
*
*  Example:
* ...
* mov data,%eax		
* add $123,%eax		# data[123]
* push %eax
* call l_disasm
* ...
*
* Section Headers:
*    [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
*    [ 0]                   NULL            00000000 000000 000000 00      0   0  0
*    [ 1] .text             PROGBITS        08048074 000074 0002c2 00  AX  0   0  4
*    [ 2] .data             PROGBITS        08049380 000380 000800 00  WA  0   0  4
*    ...
*                                                           = AA5(hex) = 2725(dec)	
*
*[-----------------------------------------------------------------------------------]
*
* version: 1.0BETA
*
*/

.include "table.h"
.text
# little defines
diza = 12
buffer = -4
flag1 = -52
flag2 = -51
opcode = -53
t = -60
mod = -61
rm = -62
a = -68
b = -72 
counter = -76

.globl l_disasm
l_disasm:
	pushl %ebp
	movl %esp,%ebp

	movl 8(%ebp),%eax		
	movl %eax,buffer(%ebp)		# buf
	leal -48(%ebp),%eax		# temp diza structure
	movl %eax,diza(%ebp)		# diza

	movb $4,1(%eax)                 # filling structure
	movb $4,(%eax)

	movl $0,flag1(%ebp)		# flag1 = 0

loop:
	movl buffer(%ebp),%eax
	movb (%eax),%dl
	movb %dl,opcode(%ebp)		# opcode
	incl buffer(%ebp)		# buf++;
	movzbl opcode(%ebp),%eax	 
	leal 0(,%eax,4),%edx
	movl $op_tab,%eax
	movl (%edx,%eax),%edx
	movl %edx,t(%ebp)		# t = op_tab[opcode]
	movb t(%ebp),%al
	andb $0xF8,%al
	testb %al,%al
	je check_opcode
	movl flag1(%ebp),%eax
	andl t(%ebp),%eax
	testl %eax,%eax
	jne return

	movl t(%ebp),%edx
	orl %edx,flag1(%ebp)

# prefix/mod/rm/flags/opcodes...checking
# no reason to comment all this stuff...

check_prefix:

	movb t(%ebp),%al
	test %esi,%esi
	jne chp1
	andb $0x10,%al
	testb %al,%al
	je chp1
	jmp chpn
chp1:
	movb t(%ebp),%al
	incl %esi
	andb $0x20,%al
	testb %al,%al
	je cp_sub2
chpn:
	movl diza(%ebp),%eax
	movl diza(%ebp),%edx
	movb 1(%edx),%cl
	xorb $6,%cl
	movb %cl,1(%eax)
	jmp loop

cp_sub2:
	movb t(%ebp),%al
	andb $0x80,%al
	testb %al,%al
	je cp_sub3
        movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,21(%eax)
	jmp loop

cp_sub3:
	movb t(%ebp),%al
	andb $0x40,%al
	testb %al,%al
	je loop
	movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,20(%eax)

check_opcode:
	movl t(%ebp),%eax
	orl %eax,flag1(%ebp)
	movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,22(%eax)
	cmpb $15,opcode(%ebp)
	jne co_sub1
	movl buffer(%ebp),%ebx
	movb (%ebx),%al
	movb %al,opcode(%ebp)
	incl buffer(%ebp)
	movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,23(%eax)
	movzbl opcode(%ebp),%eax
	leal 256(%eax),%edx
	leal 0(,%edx,4),%eax
	movl $op_tab,%edx
	movl (%eax,%edx),%ecx
	orl %ecx,flag1(%ebp)
	cmpl $-1,flag1(%ebp)
	jne check_mod
	jmp return

co_sub1:
	cmpb $0xF7,opcode(%ebp)
	jne co_sub2
	movl buffer(%ebp),%eax
	movb (%eax),%dl
	andb $0x38,%dl
	testb %dl,%dl
	jne check_mod
	orb $0x20,flag2(%ebp)
	jmp check_mod

co_sub2:
	cmpb $0xF6,opcode(%ebp)
	jne check_mod
	movl buffer(%ebp),%eax
	movb (%eax),%dl
	andb $0x38,%dl
	testb %dl,%dl
	jne check_mod
	orb $1,flag2(%ebp)

check_mod:
	movl flag1(%ebp),%eax
	andl $0x4000,%eax
	testl %eax,%eax
	je checks_complete
	movl buffer(%ebp),%edi
	movb (%edi),%al
	movb %al,opcode(%ebp)
	incl buffer(%ebp)
	movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,24(%eax)
	movb opcode(%ebp),%al
	andb $0x38,%al
	cmpb $0x20,%al
	jne cm_sub1
	movl diza(%ebp),%eax
	cmpb $0xFF,22(%eax)
	jne cm_sub1
	orb $4,-50(%ebp)		# flag

cm_sub1:				
	movb opcode(%ebp),%al
	andb $0xC0,%al
	movb %al,mod(%ebp)
	movb opcode(%ebp),%dl
	andb $7,%dl
	movb %dl,rm(%ebp)
	cmpb $0xC0,mod(%ebp)
	je checks_complete
	movl diza(%ebp),%eax
	cmpb $4,(%eax)
	jne cm_sub5
	cmpb $4,rm(%ebp)
	jne cm_sub2
	orb $8,flag2(%ebp)
	movl buffer(%ebp),%edi
	movb (%edi),%al
	movb %al,opcode(%ebp)
	incl buffer(%ebp)
	movl diza(%ebp),%eax
	movb opcode(%ebp),%dl
	movb %dl,25(%eax)
	movb opcode(%ebp),%cl
	andb $7,%cl
	movb %cl,rm(%ebp)

cm_sub2:
	cmpb $0x40,mod(%ebp)
	jne cm_sub3
	orb $1,flag1(%ebp)
	jmp checks_complete

cm_sub3:
	cmpb $0x80,mod(%ebp)
	jne cm_sub4
	orb $4,flag1(%ebp)
	jmp checks_complete

cm_sub4:
	cmpb $5,rm(%ebp)
	jne checks_complete
	orb $4,flag1(%ebp)
	jmp checks_complete

cm_sub5:
	cmpb $0x40,mod(%ebp)
	jne cm_sub6
	orb $1,flag1(%ebp)
	jmp checks_complete

cm_sub6:
	cmpb $0x80,mod(%ebp)
	jne cm_sub7
	orb $2,flag1(%ebp)
	jmp checks_complete

cm_sub7:
	cmpb $6,rm(%ebp)
	jne checks_complete
	orb $2,flag1(%ebp)

checks_complete:
	movl diza(%ebp),%eax
	movl flag1(%ebp),%edx
	movl %edx,8(%eax)
	movl flag1(%ebp),%eax
	andl $7,%eax
	movl %eax,a(%ebp)

	movl flag1(%ebp),%edx
	andl $0x700,%edx
	shrl $8,%edx
	movl %edx,b(%ebp)
	movl flag1(%ebp),%eax
	andl $0x1000,%eax
	testl %eax,%eax
	je cc_sub1
	movl diza(%ebp),%eax
	movzbl (%eax),%edx
	addl %edx,a(%ebp)

cc_sub1:
	movl flag1(%ebp),%eax
	andl $0x2000,%eax
	testl %eax,%eax
	je cc_sub2
	movl diza(%ebp),%eax
	movzbl 1(%eax),%edx
	addl %edx,b(%ebp)
cc_sub2:
	movl diza(%ebp),%eax
	movl a(%ebp),%edx
	movl %edx,diza(%eax)
	movl diza(%ebp),%eax
	movl b(%ebp),%edx
	movl %edx,16(%eax)
	movl $0,counter(%ebp)
cc_sub3:
	movl counter(%ebp),%eax
	cmpl a(%ebp),%eax
	jnb cc_sub4
	movl diza(%ebp),%edx
	leal 28(%edx),%eax
	movl counter(%ebp),%edx
	movl buffer(%ebp),%ecx
	movl %ecx,(%edx,%eax)
	incl buffer(%ebp)
	incl counter(%ebp)
	jmp cc_sub3
cc_sub4:
	movl $0,counter(%ebp)
cc_sub5:
	movl counter(%ebp),%eax
	cmpl b(%ebp),%eax
	jnb cc_sub6
	movl diza(%ebp),%edx
	leal 36(%edx),%eax
	movl counter(%ebp),%edx
	movl buffer(%ebp),%ecx
	movl %ecx,(%edx,%eax)
	incl buffer(%ebp)
	incl counter(%ebp)
	jmp cc_sub5
cc_sub6:
	movl buffer(%ebp),%eax
	subl 8(%ebp),%eax

return:
	leave
	ret


/****************************************************
.include "0x4553_LDE.s"
.globl main
main:

push %ebp
mov %esp,%ebp

push $2
push $file
call open
mov %eax,fd

push $424
call malloc
mov %eax,data

push $424
push data
push fd
call read

mov data,%eax
add $0x74,%eax		# entry point, first instruction - xor %eax,%eax
push %eax
call l_disasm

push %eax
push $l
call printf

call exit

l:.string"Lenght of instruction: %d\n" 
file: .string "test"

.comm fd,4,4
.comm data,424,4
*****************************************************/

/****************************************************
table.h

.globl op_tab
.data
op_tab:
	.long 16384 	# 0x00
	.long 16384	# 0x01
	.long 16384	# 0x02
	.long 16384	# ...
	.long 256
	.long 8192
	.long 32768
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 256
	.long 8192
	.long 32768
	.long 65536
	.long 49152
	.long 16384
	.long 49152
	.long 16384
	.long 33024
	.long 40960
	.long 32768
	.long 32768
	.long 49152
	.long 16384
	.long 16384
	.long 16384
	.long 33024
	.long 40960
	.long 32768
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 256
	.long 8192
	.long 32896
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 256
	.long 8192
	.long 32896
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 256
	.long 8192
	.long 32896
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 256
	.long 8192
	.long 32896
	.long 32768
	.long 0
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 32768
	.long 49152
	.long 49152
	.long 128
	.long 32896
	.long 32
	.long 16
	.long 8192
	.long 24576
	.long 256
	.long 16640
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 164096
	.long 164096
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 164096
	.long 164096
	.long 131328
	.long 131328
	.long 131328
	.long 131328
	.long 16640
	.long 24576
	.long 49408
	.long 16640
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 49152
	.long 16384
	.long 49152
	.long 16384
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 0
	.long 41472
	.long 0
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 4096
	.long 4096
	.long 4096
	.long 4096
	.long 0
	.long 0
	.long 0
	.long 0
	.long 256
	.long 8192
	.long 0
	.long 0
	.long 0
	.long 32768
	.long 0
	.long 32768
	.long 256
	.long 256
	.long 256
	.long 256
	.long 256
	.long 256
	.long 33024
	.long 33024
	.long 8192
	.long 8192
	.long 8192
	.long 8192
	.long 40960
	.long 8192
	.long 8192
	.long 8192
	.long 16640
	.long 16640
	.long 262656
	.long 262144
	.long 49152
	.long 49152
	.long 16640
	.long 24576
	.long 768
	.long 0
	.long 295424
	.long 294912
	.long 32768
	.long 256
	.long 32768
	.long 294912
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 33024
	.long 33024
	.long 32768
	.long 32768
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 164096
	.long 164096
	.long 131328
	.long 131328
	.long 33024
	.long 33024
	.long 33024
	.long 33024
	.long 139264
	.long 401408
	.long 41472
	.long 393472
	.long 32768
	.long 32768
	.long 32768
	.long 32768
	.long 32776
	.long 32768
	.long 64
	.long 64
	.long 32768
	.long 32768
	.long 16384
	.long 16384
	.long 0
	.long 0
	.long 32768
	.long 32768
	.long 0
	.long 0
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long -1
	.long -1
	.long 0
	.long -1
	.long 0
	.long 0
	.long 0
	.long 0
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 139264
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 0
	.long 0
	.long 0
	.long 16384
	.long 16640
	.long 16384
	.long -1
	.long -1
	.long 0
	.long 0
	.long 0
	.long 16384
	.long 16640
	.long 16384
	.long -1
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long -1
	.long -1
	.long 16640
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long 16384
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long 0
	.long 0
	.long 0
	.long 0
	.long 0
	.long 256
	.long 0
	.long 0
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1
	.long -1	# 0xff
*****************************************************/