diff options
| author | iximeow <me@iximeow.net> | 2021-08-21 14:03:08 -0700 |
|---|---|---|
| committer | iximeow <me@iximeow.net> | 2021-08-21 14:03:08 -0700 |
| commit | d7208834963c46a6da74a3837d9e82bad33dfd7f (patch) | |
| tree | 6df2525647cc29b719ce1db376d271b801c47371 | |
| parent | e4131e4eb64595d9b24493eb31a9af4c5e21b1eb (diff) | |
fix incorrect decoding of 0x9*-series instructions with rex.b
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | src/long_mode/mod.rs | 14 | ||||
| -rw-r--r-- | test/long_mode/mod.rs | 4 |
3 files changed, 16 insertions, 4 deletions
@@ -14,6 +14,8 @@ the *read*, not the corresponding write of pushing `{e}ip` to the stack. documentation has been added to `mem_size` more specifically describing this circumstance. +* correct `rex.b` incorrectly applying to the `*ax` register - `4f91` is `xchg rax, r9`, not `xchg r8, r9`. +* correct `nop` incorrectly ignoring `rex.b` - `4190` is `xchg rax, r8`, not `nop`. ## 1.0.4 diff --git a/src/long_mode/mod.rs b/src/long_mode/mod.rs index a01e854..22b6a99 100644 --- a/src/long_mode/mod.rs +++ b/src/long_mode/mod.rs @@ -5118,7 +5118,7 @@ enum OperandCode { Zv_R5 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_R, 5).bits(), Zv_R6 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_R, 6).bits(), Zv_R7 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_R, 7).bits(), - // Zv_AX_R0 = 0x48, + Zv_AX_R0 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_AX, 0).bits(), Zv_AX_R1 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_AX, 1).bits(), Zv_AX_R2 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_AX, 2).bits(), Zv_AX_R3 = OperandCodeBuilder::new().op0_is_rrr_and_Z_operand(ZOperandCategory::Zv_AX, 3).bits(), @@ -5447,7 +5447,7 @@ const OPCODES: [OpcodeRecord; 256] = [ OpcodeRecord(Interpretation::Instruction(Opcode::LEA), OperandCode::Gv_M), OpcodeRecord(Interpretation::Instruction(Opcode::MOV), OperandCode::Sw_Ew), OpcodeRecord(Interpretation::Instruction(Opcode::Invalid), OperandCode::ModRM_0x8f_Ev), - OpcodeRecord(Interpretation::Instruction(Opcode::NOP), OperandCode::Nothing), + OpcodeRecord(Interpretation::Instruction(Opcode::XCHG), OperandCode::Zv_AX_R0), OpcodeRecord(Interpretation::Instruction(Opcode::XCHG), OperandCode::Zv_AX_R1), OpcodeRecord(Interpretation::Instruction(Opcode::XCHG), OperandCode::Zv_AX_R2), OpcodeRecord(Interpretation::Instruction(Opcode::XCHG), OperandCode::Zv_AX_R3), @@ -7428,6 +7428,13 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe } 1 => { // Zv_AX + // in 64-bit mode, rex.b is able to make "nop" into an `xchg`, as in `4190` + // aka `xchg eax, r8d. + if reg == 0 && !instruction.prefixes.rex_unchecked().b() { + instruction.opcode = Opcode::NOP; + instruction.operand_count = 0; + return Ok(()); + } let opwidth = imm_width_from_prefixes_64(SizeCode::vqp, instruction.prefixes); let bank = if opwidth == 4 { RegisterBank::D @@ -7436,8 +7443,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe } else { RegisterBank::Q }; + // always *ax, but size is determined by prefixes (or lack thereof) instruction.regs[0] = - RegSpec::from_parts(0, instruction.prefixes.rex_unchecked().b(), bank); + RegSpec::from_parts(0, false, bank); instruction.operands[1] = OperandSpec::RegMMM; instruction.regs[1] = RegSpec::from_parts(reg, instruction.prefixes.rex_unchecked().b(), bank); diff --git a/test/long_mode/mod.rs b/test/long_mode/mod.rs index 61ea63d..015f1c6 100644 --- a/test/long_mode/mod.rs +++ b/test/long_mode/mod.rs @@ -1176,8 +1176,10 @@ fn test_mov() { fn test_xchg() { test_display(&[0x90], "nop"); test_display(&[0x91], "xchg eax, ecx"); - test_display(&[0x4f, 0x91], "xchg r8, r9"); + test_display(&[0x4f, 0x91], "xchg rax, r9"); test_display(&[0x66, 0x91], "xchg ax, cx"); + test_display(&[0x4f, 0x90], "xchg rax, r8"); + test_display(&[0x41, 0x90], "xchg eax, r8d"); } #[test] |