Open occamsrzor opened 7 years ago
Adding the following additional examples:
lsr.d{*}(edx, 1)
sbb.d{*}(eax, eax, flag:c)
and.b{*}([0x405000].b, 2)
sub.d{*}(esp, 0x100)
and.b{*}(ah, 0x41)
and.b{*}([0x405000].b, 2)
add.d{*}(esp, 0xc)
sub.d{*}(esp, 0x100)
add.d{*}(esp, 0xc)
sbb.d{*}(eax, [esi + 0xc].d, flag:c)
sbb.d{*}(eax, edx, flag:c)
I think this is already fixed, isn't it?
This is still a problem.
These are all caused by flag c not being properly lifted except for the "cmp" usage which is partially unimplemented because flag p isn't lifted properly.
It's causing distortion in the MLIL and HLIL views as a side effect :/
@rssor is working on part of this on a separate branch for the upcoming release (specific carry flag stuff). I've assigned it to him and stuck it in the milestone so we track that progress, but we'll be removing it from the milestone and un-assigning it once he's completed that work.
If you decompile vmprotect's virtual machine, you will find that more instructions have not been implemented. maybe the files packaged by vmprotect/themida should be part of the CI testing workflow ... Is it possible to provide a plugin example for such unimplemented instructions so that users can implement it by themselves?
@romanholidaypancakes This is where @rssor made the changes that I had mentioned above: https://github.com/Vector35/arch-x86/commit/5b134ac7da45c009094faf654f613a9ecd11cae8.
If anyone else wants to take a look at this and PR additional changes, we'd really appreciate it.
The parity flag stuff is probably not doable without some far more invasive changes...but, the other flags should be reasonably implementable.
Hi, is there any progress here, I have been following this issue for a few years and this issue was one of the things that stopped me from buying bj, as I have been working on analyzing binaries protected by vmp/themida/ollvm etc.
Binary Ninja Version: 1.0.776 Personal, 6573250f Platform: Windows 10
Seems to have issue with sbb.d, lsr.d, and.b, and xor.d instructions