WinPcap
4.1.2
|
Data Structures | |
struct | binary_stream |
A stream of X86 binary code. More... | |
struct | JIT_BPF_Filter |
Structure describing a x86 filtering program created by the jitter. More... |
Macros | |
#define | EAX 0 |
#define | ECX 1 |
#define | EDX 2 |
#define | EBX 3 |
#define | ESP 4 |
#define | EBP 5 |
#define | ESI 6 |
#define | EDI 7 |
#define | AX 0 |
#define | CX 1 |
#define | DX 2 |
#define | BX 3 |
#define | SP 4 |
#define | BP 5 |
#define | SI 6 |
#define | DI 7 |
#define | AL 0 |
#define | CL 1 |
#define | DL 2 |
#define | BL 3 |
#define | MOVid(r32, i32) emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); |
mov r32,i32 | |
#define | MOVrd(dr32, sr32) emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); |
mov dr32,sr32 | |
#define | MOVodd(dr32, sr32, off) |
mov dr32,sr32[off] | |
#define | MOVobd(dr32, sr32, or32) |
mov dr32,sr32[or32] | |
#define | MOVobw(dr32, sr32, or32) |
mov dr16,sr32[or32] | |
#define | MOVobb(dr8, sr32, or32) |
mov dr8,sr32[or32] | |
#define | MOVomd(dr32, or32, sr32) |
mov [dr32][or32],sr32 | |
#define | BSWAP(dr32) |
bswap dr32 | |
#define | SWAP_AX() |
xchg al,ah | |
#define | PUSH(r32) emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); |
push r32 | |
#define | POP(r32) emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); |
pop r32 | |
#define | RET() emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); |
ret | |
#define | ADDrd(dr32, sr32) |
add dr32,sr32 | |
#define | ADD_EAXi(i32) |
add eax,i32 | |
#define | ADDid(r32, i32) |
add r32,i32 | |
#define | ADDib(r32, i8) |
add r32,i8 | |
#define | SUBrd(dr32, sr32) |
sub dr32,sr32 | |
#define | SUB_EAXi(i32) |
sub eax,i32 | |
#define | MULrd(r32) |
mul r32 | |
#define | DIVrd(r32) |
div r32 | |
#define | ANDib(r8, i8) |
and r8,i8 | |
#define | ANDid(r32, i32) |
and r32,i32 | |
#define | ANDrd(dr32, sr32) |
and dr32,sr32 | |
#define | ORrd(dr32, sr32) |
or dr32,sr32 | |
#define | ORid(r32, i32) |
or r32,i32 | |
#define | SHLib(r32, i8) |
shl r32,i8 | |
#define | SHL_CLrb(dr32) |
shl dr32,cl | |
#define | SHRib(r32, i8) |
shr r32,i8 | |
#define | SHR_CLrb(dr32) |
shr dr32,cl | |
#define | NEGd(r32) |
neg r32 | |
#define | CMPodd(dr32, sr32, off) |
cmp dr32,sr32[off] | |
#define | CMPrd(dr32, sr32) |
cmp dr32,sr32 | |
#define | CMPid(dr32, i32) |
cmp dr32,i32 | |
#define | JNEb(off8) |
jne off32 | |
#define | JE(off32) |
je off32 | |
#define | JLE(off32) |
jle off32 | |
#define | JLEb(off8) |
jle off8 | |
#define | JA(off32) |
ja off32 | |
#define | JAE(off32) |
jae off32 | |
#define | JG(off32) |
jg off32 | |
#define | JGE(off32) |
jge off32 | |
#define | JMP(off32) |
jmp off32 |
Typedefs | |
typedef struct binary_stream | binary_stream |
A stream of X86 binary code. | |
typedef UINT(__cdecl * | BPF_filter_function )(PVOID *, ULONG, UINT) |
Prototype of a filtering function created by the jitter. | |
typedef void(* | emit_func )(binary_stream *stream, ULONG value, UINT n) |
Prototype of the emit functions. | |
typedef struct JIT_BPF_Filter | JIT_BPF_Filter |
Structure describing a x86 filtering program created by the jitter. |
#define ADD_EAXi | ( | i32 | ) |
#define ADDib | ( | r32, | |
i8 | |||
) |
#define ADDid | ( | r32, | |
i32 | |||
) |
#define ADDrd | ( | dr32, | |
sr32 | |||
) |
#define ANDib | ( | r8, | |
i8 | |||
) |
#define ANDid | ( | r32, | |
i32 | |||
) |
#define ANDrd | ( | dr32, | |
sr32 | |||
) |
#define BSWAP | ( | dr32 | ) |
#define CMPid | ( | dr32, | |
i32 | |||
) |
#define CMPodd | ( | dr32, | |
sr32, | |||
off | |||
) |
#define CMPrd | ( | dr32, | |
sr32 | |||
) |
#define DIVrd | ( | r32 | ) |
#define JA | ( | off32 | ) |
#define JAE | ( | off32 | ) |
#define JE | ( | off32 | ) |
#define JG | ( | off32 | ) |
#define JGE | ( | off32 | ) |
#define JLE | ( | off32 | ) |
#define JLEb | ( | off8 | ) |
#define JMP | ( | off32 | ) |
#define JNEb | ( | off8 | ) |
#define MOVid | ( | r32, | |
i32 | |||
) | emitm(&stream, 11 << 4 | 1 << 3 | r32 & 0x7, 1); emitm(&stream, i32, 4); |
#define MOVobb | ( | dr8, | |
sr32, | |||
or32 | |||
) |
#define MOVobd | ( | dr32, | |
sr32, | |||
or32 | |||
) |
#define MOVobw | ( | dr32, | |
sr32, | |||
or32 | |||
) |
#define MOVodd | ( | dr32, | |
sr32, | |||
off | |||
) |
#define MOVomd | ( | dr32, | |
or32, | |||
sr32 | |||
) |
#define MOVrd | ( | dr32, | |
sr32 | |||
) | emitm(&stream, 8 << 4 | 3 | 1 << 3, 1); emitm(&stream, 3 << 6 | (dr32 & 0x7) << 3 | sr32 & 0x7, 1); |
#define MULrd | ( | r32 | ) |
#define NEGd | ( | r32 | ) |
#define ORid | ( | r32, | |
i32 | |||
) |
#define ORrd | ( | dr32, | |
sr32 | |||
) |
#define POP | ( | r32 | ) | emitm(&stream, 5 << 4 | 1 << 3 | r32 & 0x7, 1); |
#define PUSH | ( | r32 | ) | emitm(&stream, 5 << 4 | 0 << 3 | r32 & 0x7, 1); |
#define RET | ( | ) | emitm(&stream, 12 << 4 | 0 << 3 | 3, 1); |
#define SHL_CLrb | ( | dr32 | ) |
#define SHLib | ( | r32, | |
i8 | |||
) |
#define SHR_CLrb | ( | dr32 | ) |
#define SHRib | ( | r32, | |
i8 | |||
) |
#define SUB_EAXi | ( | i32 | ) |
#define SUBrd | ( | dr32, | |
sr32 | |||
) |
#define SWAP_AX | ( | ) |
typedef struct binary_stream binary_stream |
A stream of X86 binary code.
typedef UINT(__cdecl * BPF_filter_function)(PVOID *, ULONG, UINT) |
typedef void(* emit_func)(binary_stream *stream, ULONG value, UINT n) |
Prototype of the emit functions.
Different emit functions are used to create the reference table and to generate the actual filtering code. This allows to have simpler instruction macros. The first parameter is the stream that will receive the data. The secon one is a variable containing the data, the third one is the length, that can be 1,2 or 4 since it is possible to emit a byte, a short or a work at a time.
typedef struct JIT_BPF_Filter JIT_BPF_Filter |
Structure describing a x86 filtering program created by the jitter.
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2009
CACE Technologies. All rights reserved.