search

MahdiSafsafi / UnivDisasm

x86 Disassembler and Analyzer
Mozilla Public License 2.0
97 stars 36 forks source link

Missing[] Bug #20

Closed hksoobe closed 5 years ago

hksoobe commented 5 years ago

db $48, $A1, $88, $88, $88, $88, $77, $77, $77, $77 Delphi Show mov rax,[qword $7777777788888888]

x64dbg show movabs rax, qword ptr [0x7777777788888888]

UnivDisasm show Missing[] mov rax,0x7777777788888888

MahdiSafsafi commented 5 years ago

Hello there, No this's not a bug: the opcode 0xA1 defines the following instruction : MOV rAX,Ov The "O" is an offset ! some disassembler stringify it as memory and some of them as immediate (like UnivDisasm). There is an option USO_OFFSET_AS_MEM to make UnivDisasm stringify offset as memory. Here is an example : 

const 
  LArray: array [0 .. 9] of Byte = ($48, $A1, $88, $88, $88, $88, $77, $77, $77, $77);
var
  ins: TInstruction;
  P: PByte;
begin
  P := @LArray[0];
  ins := default (TInstruction);
  ins.Arch := CPUX64;
  ins.Addr := P;
  ins.SyntaxOptions := USO_OFFSET_AS_MEM;  //  stringify offset as memory.
  Disasm(@ins);
  Writeln(ins.inststr); // output = mov rax,[0x7777777788888888]
  ReadLn;
end.
hksoobe commented 5 years ago

thank you