Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrent InstDecode #40

Open
SergeyAnfalov opened this issue Oct 26, 2016 · 2 comments
Open

Incorrent InstDecode #40

SergeyAnfalov opened this issue Oct 26, 2016 · 2 comments
Labels
bug

Comments

@SergeyAnfalov
Copy link

8 byte instruction 66 0f af 1d 77 00 00 00 (imul bx,WORD PTR ds:0x77) is decoded as 3 bytes length.
Same instruction without operand prefix 66 decoded corectly.
0f af 1d 77 00 00 00 (imul ebx,DWORD PTR ds:0x77) is decoded as 7 bytes length.
@MahdiSafsafi
Copy link
Owner

Hi SergeyAnfalov,
The problem occurs because InstDecode assumes that any instruction from table 2 (prefix 0x0f 0xxx) uses op prefix as mandatory prefix (which is not).
I'll solve that problem in the next major update because it requires to update the whole architecture to solve that problem.
If you're using InstDecode alone without Detours, I strongly recommend that you use UnivDisasm library instead meanwhile I fix this critical bug.

Mahdi.

@MahdiSafsafi
Copy link
Owner

Hello again !
I just created a new branch v3 and it contains InstDecode v3.
The new version has a fix for this issue ... So I will close this issue when merging.

Mahdi.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MahdiSafsafi @SergeyAnfalov