Fix 16 bit x86 code analysis

Mark cursor in visual for pw and pq

libr/anal/p/anal_x86.c

@@ -1,5 +1,4 @@
-/* radare - LGPL - Copyright 2009-2012 */
-/*   nibble<.ds@gmail.com> */
+/* radare - LGPL - Copyright 2009-2012 - nibble */
 
 #include <string.h>
 
@@ -101,18 +100,21 @@ static RAnalValue *anal_fill_ai_mm(RAnal *anal, x86im_instr_object io) {
 	return ret;
 }
 
-static void anal_jmp(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
-	st64 imm, disp;
-	imm = r_hex_bin_truncate (io.imm, io.imm_size);
-	disp = r_hex_bin_truncate (io.disp, io.disp_size);
+static int anal_jmp(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
+	st64 imm = r_hex_bin_truncate (io.imm, io.imm_size);
+	st64 disp = r_hex_bin_truncate (io.disp, io.disp_size);
 
 	op->eob = R_TRUE;
 	switch (io.id) {
 	case X86IM_IO_ID_JMP_N_R_S: /* jmp short 0x0ff */ 
 	case X86IM_IO_ID_JMP_N_R:   /* jmp 0x0ff */
+		if (anal->bits == 16) {
+			io.len = 3;
+			imm = io.imm & 0xffff;
+		}
 		op->type = R_ANAL_OP_TYPE_JMP;
-		op->dst = anal_fill_r (anal, io, op->addr);
 		op->jump = op->addr + io.len + imm;
+		op->dst = anal_fill_r (anal, io, op->addr);
 		break;
 	case X86IM_IO_ID_JMP_N_AI_MM: /* jmp  [0x0ff | reg1+reg2+0x0ff] */
 	case X86IM_IO_ID_JMP_F_AI_MM: /* jmp dword far  [0x0ff | reg1+reg2+0x0ff] */
@@ -121,7 +123,6 @@ static void anal_jmp(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
 		/* TODO: Deprecate */
 		if (io.mem_base == 0)
 			op->ref = disp;
-
 		if (anal->iob.io != NULL) {
 			if (io.mem_base == X86IM_IO_ROP_ID_RIP) {
 				op->type = R_ANAL_OP_TYPE_JMP;
@@ -148,6 +149,7 @@ static void anal_jmp(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
 		op->ref = imm;
 		break;
 	}
+	return io.len;
 }
 
 static void anal_cjmp(RAnal *anal, RAnalOp *op, x86im_instr_object io) {
@@ -826,7 +828,7 @@ static int x86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 		imm = r_hex_bin_truncate (io.imm, io.imm_size);
 		//disp = r_hex_bin_truncate (io.disp, io.disp_size);
 		if (X86IM_IO_IS_GPI_JMP (&io)) /* jump */
-			anal_jmp (anal, op, io);
+			io.len = anal_jmp (anal, op, io);
 		else
 		if (X86IM_IO_IS_GPI_JCC (&io)) /* conditional jump*/
 			anal_cjmp (anal, op, io);
@@ -911,6 +913,7 @@ static int x86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 
 static int set_reg_profile(RAnal *anal) {
 	/* XXX Dupped Profiles */
+// TODO: add support for 16 bit
 	if (anal->bits == 32)
 #if __WINDOWS__
 		return r_reg_set_profile_string (anal->reg,
@@ -1067,7 +1070,7 @@ struct r_anal_plugin_t r_anal_plugin_x86 = {
 	.name = "x86",
 	.desc = "X86 analysis plugin (x86im backend)",
 	.arch = R_SYS_ARCH_X86,
-	.bits = 32|64,
+	.bits = 16|32|64,
 	.init = NULL,
 	.fini = NULL,
 	.op = &x86_op,

libr/anal/p/anal_x86_udis86.c

@@ -8,7 +8,17 @@
 #include "udis86/types.h"
 #include "udis86/extern.h"
 
+static ut64 getval(int bits, ud_operand_t *op) {
+	switch (bits) {
+	case 8: return op->lval.sbyte;
+	case 16: return op->lval.uword;
+	case 32: return op->lval.udword;
+	case 64: return op->lval.uqword;
+	}
+	return 0LL;
+}
 static int x86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len) {
+	int oplen;
 	struct ud u;
 	ud_init (&u);
 	ud_set_pc (&u, addr);
@@ -16,8 +26,33 @@ static int x86_op(RAnal *anal, RAnalOp *op, ut64 addr, const ut8 *data, int len)
 	ud_set_syntax (&u, NULL);
 	ud_set_input_buffer (&u, data, len);
 	ud_disassemble (&u);
-
-	return ud_insn_len (&u);
+	memset (op, '\0', sizeof (RAnalOp));
+	op->addr = addr;
+	op->jump = op->fail = -1;
+	op->ref = op->value = -1;
+	oplen = op->length = ud_insn_len (&u);
+	switch (u.mnemonic) {
+	case UD_Ijmp:
+		op->type = R_ANAL_OP_TYPE_JMP;
+		op->jump = oplen + getval (anal->bits, &u.operand[0]);
+		break;
+	case UD_Icall:
+		op->type = R_ANAL_OP_TYPE_CALL;
+		op->jump = oplen + getval (anal->bits, &u.operand[0]);
+		op->fail = addr+oplen;
+		break;
+	case UD_Iret:
+	case UD_Iretf:
+	case UD_Isysret:
+		op->type = R_ANAL_OP_TYPE_RET;
+		break;
+	case UD_Isyscall:
+		op->type = R_ANAL_OP_TYPE_SWI;
+		break;
+	default:
+		break;
+	}
+	return oplen;
 }
 
 static int set_reg_profile(RAnal *anal) {
@@ -178,7 +213,7 @@ struct r_anal_plugin_t r_anal_plugin_x86_udis86 = {
 	.name = "x86.udis86",
 	.desc = "X86 analysis plugin (udis86 backend)",
 	.arch = R_SYS_ARCH_X86,
-	.bits = 32|64,
+	.bits = 16|32|64,
 	.init = NULL,
 	.fini = NULL,
 	.op = &x86_op,

libr/include/r_print.h

@@ -59,6 +59,7 @@ R_API void r_print_byte(RPrint *p, const char *fmt, int idx, ut8 ch);
 R_API void r_print_c(RPrint *p, const ut8 *str, int len);
 R_API void r_print_raw(RPrint *p, const ut8* buf, int len);
 R_API void r_print_cursor(RPrint *p, int cur, int set);
+R_API void r_print_cursor_range(RPrint *p, int cur, int to, int set);
 R_API void r_print_set_cursor(RPrint *p, int curset, int ocursor, int cursor);
 R_API void r_print_code(RPrint *p, ut64 addr, ut8 *buf, int len, char lang);
 R_API void r_print_format(RPrint *p, ut64 seek, const ut8* buf, int len, const char *fmt);

libr/print/print.c

@@ -1,4 +1,4 @@
-/* radare - LGPL - Copyright 2007-2012 pancake<nopcode.org> */
+/* radare - LGPL - Copyright 2007-2012 - pancake */
 
 #include "r_cons.h"
 #include "r_print.h"
@@ -61,7 +61,7 @@ R_API void r_print_cursor(RPrint *p, int cur, int set) {
 		int from = p->ocur;
 		int to = p->cur;
 		r_num_minmax_swap_i (&from, &to);
-		if (cur>=from&&cur<=to)
+		if (cur>=from && cur<=to)
 			r_cons_invert (set, 1); //p->flags&R_PRINT_FLAGS_COLOR);
 	} else
 	if (cur==p->cur)
@@ -324,7 +324,9 @@ R_API void r_print_hexdump(RPrint *p, ut64 addr, const ut8 *buf, int len, int ba
 			if (base==32) {
 				ut32 n;
 				memcpy (&n, buf+j, sizeof (n));
+				r_print_cursor (p, j, 1);
 				p->printf ("0x%08x ", n);
+				r_print_cursor (p, j, 0);
 				j += 3;
 			} else
 			if (base==64) {
@@ -334,8 +336,10 @@ R_API void r_print_hexdump(RPrint *p, ut64 addr, const ut8 *buf, int len, int ba
 				// size_t l = sizeof (n); if (j + l > len) l = len - j;
 				memcpy (&a, buf+j, 4);
 				memcpy (&b, buf+j+4, 4);
-				j += 7;
+				r_print_cursor (p, j, 1);
 				p->printf ("0x%08x%08x ", b, a); //n<<32, n&0xffffff);
+				r_print_cursor (p, j, 0);
+				j += 7;
 			} else {
 				r_print_byte (p, fmt, j, buf[j]);
 				if (j%2) {
@@ -477,7 +481,6 @@ R_API void r_print_progressbar(RPrint *p, int pc, int _cols) {
         p->printf ("]");
 }
 
-
 R_API void r_print_zoom (RPrint *p, void *user, RPrintZoomCallback cb, ut64 from, ut64 to, int len, int maxlen) {
 	static int mode = -1;
 	ut8 *bufz, *bufz2;

shlr/www/index.html

@@ -6,7 +6,7 @@
 	<meta name="apple-mobile-web-app-status-bar-style" content="black" />
 -->
 	<link rel=Stylesheet href="style.css" type="text/css" />
-<meta name="viewport" content="width=320px, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=false" />
+	<meta name="viewport" content="width=340px, initial-scale=1" />
 	<script src="script.js"></script>
 <script>
 function Ajax (method, uri, body, fn) {
@@ -25,11 +25,7 @@ function cmd(c, cb) {
 	});
 }
 
-function about() {
-	cmd ("?V", function (version) {
-		alert ("r2w v"+version);
-	});
-}
+function about() { cmd ("?V", function (version) { alert ("r2w v"+version); }); }
 
 function panel_functions_load() {
 	Ajax ('GET', "/cmd/afl", '', function (x) {
@@ -160,8 +156,10 @@ function init() {
 </script>
 </head>
 <body onload="init()">
-<div class=popup_background id="popup_background"></div>
-<div class=popup id="popup">
+<div class=popup_background id="popup_background"
+style="visibility:hidden"> </div>
+<div class=popup id="popup" style="visibility:hidden">
+
 <table>
 <tr>
 	<td style="text-align:left; width:100%">

shlr/www/style.css

@@ -88,6 +88,7 @@ input {
 	background-color: #ffffff;
 	z-index: 3;
 }
+
 .popup_title {
-margin-left: 5px;
+	margin-left: 5px;
 }