bitdefender / bddisasm

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
Apache License 2.0
911 stars 117 forks source link

False-positive decoding on AMD64: PFRSQRTV #35

Closed woodruffw closed 3 years ago

woodruffw commented 3 years ago

Similar to #23: bddisasm decodes 64666526490f3f as PFRSQRTV mm2, mm7 when in 64-bit mode, despite being a 16/32-bit only instruction on some very old AMD Geode CPUs:

64410f0fd787 (0 / 0) (0 / 0) (0 / 0) PFRSQRTV mm2, mm7 (6 / 17) (0 / 0)

See Iced's documentation for a reference on it being 16/32 only: https://docs.rs/iced-x86/1.10.0/iced_x86/enum.Code.html#variant.D3NOW_Pfrsqrtv_mm_mmm64

vlutas commented 3 years ago

Fixed in https://github.com/bitdefender/bddisasm/commit/98ea9e1d9a74b5e6ed050d2356cceefbc18462d4