Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[X86] Missing ACCESS mode in operands and EFLAGS are missing in instruction test #2576

Open
Mar3yZhang opened this issue Dec 7, 2024 · 0 comments
Open

[X86] Missing ACCESS mode in operands and EFLAGS are missing in instruction test #2576

Mar3yZhang opened this issue Dec 7, 2024 · 0 comments
Labels
bug Something is not working as it should X86 Arch

Comments

@Mar3yZhang
Copy link

Mar3yZhang commented Dec 7, 2024
edited
Loading

Work environment

Questions Answers
OS/arch/bits x86_64 Ubuntu 20.04
Architecture x86_64
Source of Capstone git clone, default on next branch.
Version/git commit v6.0.0, e46838

Instruction bytes giving faulty results

0x85 0x58 0x01

Expected results

It should be:

$ ./cstool_v6.0.0 -d x64 "855801"
 0  85 58 01                                         test       dword ptr [rax + 1], ebx
        ID: 734 (test)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x85 0x00 0x00 0x00 
        rex: 0x0
        addr_size: 8
        modrm: 0x58
        disp: 0x1
        sib: 0x0
        op_count: 2
                operands[0].type: MEM
                        operands[0].mem.base: REG = rax
                        operands[0].mem.disp: 0x1
                operands[0].size: 4
 *****          operands[0].access: READ        ******* MISSING LINE *****
                operands[1].type: REG = ebx
                operands[1].size: 4
 *****          operands[1].access: READ        ******* MISSING LINE *****
        Registers read: rax  (rbx  <--- MISSING FIELD)
 *****  EFLAGS: MOD_SF MOD_ZF MOD_PF UNDEF_AF     ******* MISSING LINE *****

Steps to get the wrong result

With cstool:

$ ./cstool_v6.0.0 -d x64 "855801"
 0  85 58 01                                         test       dword ptr [rax + 1], ebx
        ID: 734 (test)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x85 0x00 0x00 0x00 
        rex: 0x0
        addr_size: 8
        modrm: 0x58
        disp: 0x1
        sib: 0x0
        op_count: 2
                operands[0].type: MEM
                        operands[0].mem.base: REG = rax
                        operands[0].mem.disp: 0x1
                operands[0].size: 4
                operands[1].type: REG = ebx
                operands[1].size: 4
        Registers read: rax

Additional Logs, screenshots, source code, configuration dump, ...

  • test instruction in x86 performs a bitwise AND operation between the value at a memory location and the contents of a register. The test instruction sets the corresponding EFLAGS but the result itself is discarded. Capstone seems failed to display the EFLAGS fields of instruction test.
  • This issue is detected with a fully automatic decoder testing tool based on my research. Please add a Bug tag to this page if you verify it's a problem. It means a lot to me and my research. Thank you for your consideration😊!
@Rot127 Rot127 added bug Something is not working as it should X86 Arch outdated-module Issue due to an outdated arch module and removed outdated-module Issue due to an outdated arch module labels Dec 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something is not working as it should X86 Arch
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rot127 @Mar3yZhang