Open
Description
Work environment
| Questions | Answers |
|---|---|
| OS/arch/bits | x86_64 Ubuntu 20.04 |
| Architecture | x86_64 |
| Source of Capstone | git clone, default on next branch. |
| Version/git commit | v6.0.0, e46838 |
Instruction bytes giving faulty results
0x85 0x58 0x01
Expected results
It should be:
$ ./cstool_v6.0.0 -d x64 "855801"
0 85 58 01 test dword ptr [rax + 1], ebx
ID: 734 (test)
Prefix:0x00 0x00 0x00 0x00
Opcode:0x85 0x00 0x00 0x00
rex: 0x0
addr_size: 8
modrm: 0x58
disp: 0x1
sib: 0x0
op_count: 2
operands[0].type: MEM
operands[0].mem.base: REG = rax
operands[0].mem.disp: 0x1
operands[0].size: 4
***** operands[0].access: READ ******* MISSING LINE *****
operands[1].type: REG = ebx
operands[1].size: 4
***** operands[1].access: READ ******* MISSING LINE *****
Registers read: rax (rbx <--- MISSING FIELD)
***** EFLAGS: MOD_SF MOD_ZF MOD_PF UNDEF_AF ******* MISSING LINE *****Steps to get the wrong result
With cstool:
$ ./cstool_v6.0.0 -d x64 "855801"
0 85 58 01 test dword ptr [rax + 1], ebx
ID: 734 (test)
Prefix:0x00 0x00 0x00 0x00
Opcode:0x85 0x00 0x00 0x00
rex: 0x0
addr_size: 8
modrm: 0x58
disp: 0x1
sib: 0x0
op_count: 2
operands[0].type: MEM
operands[0].mem.base: REG = rax
operands[0].mem.disp: 0x1
operands[0].size: 4
operands[1].type: REG = ebx
operands[1].size: 4
Registers read: raxAdditional Logs, screenshots, source code, configuration dump, ...
testinstruction in x86 performs a bitwiseANDoperation between the value at a memory location and the contents of a register. The test instruction sets the correspondingEFLAGSbut the result itself is discarded. Capstone seems failed to display theEFLAGSfields of instructiontest.- This issue is detected with a fully automatic decoder testing tool based on my research. Please add a
Bugtag to this page if you verify it's a problem. It means a lot to me and my research. Thank you for your consideration😊!