CMOVZ edx, ebx // RDX = 0x00000000ffff5f4f RDX = 0xffffffffffff5f4f - Githubissues

bitdefender / bddisasm

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

Apache License 2.0

888 stars 115 forks source link

CMOVZ edx, ebx // RDX = 0x00000000ffff5f4f RDX = 0xffffffffffff5f4f #66

Closed icyfox168168 closed 2 years ago

icyfox168168 commented 2 years ago

RDX = 0x00000000ffff5f4f RDX = 0xffffffffffff5f4f

attribute((naked)) long long asmadc() { __asm { push rbx push 0x216 popf mov rdx, 0xffffffffffff5f4f mov rbx, 0x00000001405d7c25 CMOVZ edx, ebx mov rax,rdx pop rbx ret }

"\x53\x68\x16\x02\x00\x00\x9D\x48\xC7\xC2\x4F\x5F\xFF\xFF\x48\xBB\x25\x7C\x5D\x40\x01\x00\x00\x00\x0F\x44\xD3\x48\x89\xD0\x5B\xC3" }

vlutas commented 2 years ago

Hello! Thanks for reporting this! The problem is fixed in https://github.com/bitdefender/bddisasm/commit/6dda2c122cd7e3132c2872d61804666dc5ce3f51.