jecxz check in analyze_jump is likely faulty

10110111 / edb-debugger

edb is a cross platform x86/x86-64 debugger.

GNU General Public License v2.0

6 stars 0 forks source link

jecxz check in analyze_jump is likely faulty #2

Closed 10110111 closed 9 years ago

10110111 commented 9 years ago

in analyze_jump() instruction jecxz/jrcxz is checked only by first byte. But this ignores any prefixes, namely it most likely will fail for e.g. jcxz in 32 bit mode, which would use 66-prefix. Or am I wrong, and the prefix doesn't change .?cx size? Capstone suggests I am.

10110111 commented 9 years ago

Well, I was almost right: there can be a prefix, but not 66: for some reason it's rather 67.

10110111 commented 9 years ago

Done upstream.