A strange behavior in the ShowSegmentRegs option.

My code:

/*
 * mov rax,qword ptr ds:[2D40D36016C]
 * mov qword ptr ds:[2D4127C48A2],rax
 * lea rdx,qword ptr ds:[2D40DB7449C]
*/
unsigned char Ins[]="\x48\x8B\x05\x65\x01\x00\x00\x48\x89\x05\x94\x48\x46\x05\x48\x8D\x15\x87\x44\x81\x00";
DISASM disAsm = {0};
int len;
unsigned char* pEnd = Ins + Size;

disAsm.VirtualAddr = 0x18100000000;
disAsm.EIP = (UInt64)Ins;
disAsm.Archi = 0x40;        // 0x40 = x64,0x20 = x86
disAsm.Options = MasmSyntax | ShowSegmentRegs  | PrefixedNumeral;

while (!disAsm.Error)
{
disAsm.SecurityBlock = (UInt64)(pEnd - disAsm.EIP);
if (disAsm.SecurityBlock <= 0) break;

len = Disasm(&disAsm);

switch (disAsm.Error)
{
case OUT_OF_BLOCK:
    break;
case UNKNOWN_OPCODE:
    printf("%s \n", &disAsm.CompleteInstr);
    disAsm.EIP += 1;
    disAsm.Error = 0;
    break;
default:

    printf("%s \n", &disAsm.CompleteInstr);
    disAsm.EIP += len;
    break;
}
}

Output:

mov rax, qword ptr ??:[0x000001810000016C]
mov qword ptr ??:[0x000001810546489B], rax
lea rdx, qword ptr ??:[0x000001810081448E]

BeaEngine / beaengine

A strange behavior in the ShowSegmentRegs option. #44