Add support for ghost nops for x86-{32,64} ##arch

Author: trufae

libr/arch/p/x86/plugin_cs.c

@@ -8,6 +8,7 @@
 
 #define r_anal_value_new() R_NEW0 (RAnalValue)
 #define ARCH_HAVE_READ 1
+#define GHOSTOPS 1
 
 #if 0
 CYCLES:
@@ -3901,6 +3902,17 @@ static bool decode(RArchSession *as, RAnalOp *op, RArchDecodeMask mask) {
 
 	cs_insn *insn = NULL;
 	int n;
+#if GHOSTOPS
+	if (op->size >= 2 && op->bytes[0] == 0x0f) {
+		ut8 b1 = op->bytes[1];
+		if (b1 == 0x1a || b1 == 0x1b) {
+			op->type = R_ANAL_OP_TYPE_NOP;
+			op->mnemonic = strdup ("nop2");
+			op->size = 2;
+			return true;
+		}
+	}
+#endif
 
 	op->cycles = 1; // aprox
 	cs_option (handle, CS_OPT_DETAIL, CS_OPT_ON);
@@ -3920,7 +3932,7 @@ static bool decode(RArchSession *as, RAnalOp *op, RArchDecodeMask mask) {
 	n = cs_disasm (handle, (const ut8*)buf, len, addr, 1, &insn);
 #endif
 	//XXX: capstone lcall seg:off workaround, remove when capstone will be fixed
-	if (n >= 1 && mode == CS_MODE_16 && !strncmp (insn->mnemonic, "lcall", 5)) {
+	if (n >= 1 && mode == CS_MODE_16 && r_str_startswith (insn->mnemonic, "lcall")) {
 		char *opstr = strdup (insn->op_str);
 		opstr = r_str_replace (opstr, ", ", ":", 0);
 		r_str_ncpy (insn->op_str, opstr, sizeof (insn->op_str));

libr/arch/p/x86_nz/nzasm.c

@@ -4946,6 +4946,7 @@ static const LookupTable oplookup[] = {
 	{ "mwait", 0, NULL, 0x0f01c9, 3},
 	{ "neg", 0, &opneg, 0},
 	{ "nop", 0, NULL, 0x90, 1},
+	{ "nop2", 0, NULL, 0x0f1a, 2},
 	{ "not", 0, &opnot, 0},
 	{ "or", 0, &opor, 0},
 	{ "out", 0, &opout, 0},

test/db/asm/x86_32

@@ -2192,3 +2192,5 @@ a "dec DWORD PTR [esi+0x8]" ff4e08
 a "dec DWORD PTR [esp]" ff0c24
 a "dec DWORD PTR [esp+0x10]" ff4c2410
 ad "bsr eax, dword [4]" 0fbd0504000000
+ad "nop2" 0f1a
+d "nop2" 0f1b