search

SoftSec-KAIST / MeanDiff

Testing Intermediate Representations for Binary Analysis (ASE '17)
https://softsec-kaist.github.io/MeanDiff/
MIT License
79 stars 11 forks source link

Invalid padding - `mov` #14

Open mfaerevaag opened 7 years ago

mfaerevaag commented 7 years ago

Description

When moving segment register (two bytes), for instance ES, to register (four bytes), it is invalidly padded. According to the Intel manual, "When executing MOV Reg, Sreg, the processor copies the content of Sreg to the 16 least significant bits of the general-purpose register. The upper bits of the destination register are zero for most IA-32 processors [...]"

Reference: Ref. Intel 64 and IA-32 Architecture Software Developer's Manual Vol. 2B 4-35

Affected instructions:

0x8cc0    # mov
0x8cc8

Reproduction guide

Instruction:

00000000  8CC0              mov eax,es

Input:

binsec disasm -decode 8cc0

Observed output:

mov ax, es ⎧1: eax{0, 15} := es₍₁₆₎
           ⎩2: goto ({0x00000002; 32}, 0)

Expected output: EAX set with correct paddding.

System Info

OS:

# uname -a
Linux ubuntu 4.10.0-28-generic #32-Ubuntu SMP Fri Jun 30 05:32:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=17.04
DISTRIB_CODENAME=zesty
DISTRIB_DESCRIPTION="Ubuntu 17.04"

BINSEC: 20170301 0.1