Issue with x86 rep instructions

airbus-seclab / bincat

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection

1.68k stars 162 forks source link

Issue with x86 rep instructions #75

Closed hohohohohohoho closed 6 years ago

hohohohohohoho commented 6 years ago

It appears that rep instructions (eg. rep movs) are treated as repe: | '\xf3' -> (* REP/REPE *) s.repe <- true; rep s Word.zero However, unlike repe, rep instructions do not depend on ZF. As a result instructions like rep movsb (f3 a4) would terminate prematurely when ZF is 0.

trou commented 6 years ago

Indeed ! Thanks for spotting this, I'm looking into it.