bitdefender / bddisasm

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
Apache License 2.0
888 stars 115 forks source link

ROR r11b, 1 //OF #70

Closed icyfox168168 closed 2 years ago

icyfox168168 commented 2 years ago

"\x55\x50\x48\x89\xE5\x68\x96\x02\x00\x00\x9D\x49\xC7\xC3\x82\x00\x00\x00\x41\xD0\xCB\x9C\x58\x48\x89\x45\x00\x48\x89\xE8\xB9\x0B\x00\x00\x00\x48\x0F\xA3\x08\xB8\x99\x00\x00\x00\x48\x83\xD0\xFF\x48\x83\xC4\x08\x5D\xC3"

long long asmadc() { long long ret = 0; ;

__asm
{
    push 0x296
    popf
    mov r11, 0x0000000000000082
    ROR       r11b, 1
}

ret = __readeflags();

if (_bittest64((LONG64*)&ret, RFLAG_OF))
{
    ret = 0x99;
}
else
{
    ret = 0x98;
}
return ret;

}

vlutas commented 2 years ago

Fixed in https://github.com/bitdefender/bddisasm/commit/f62c8a22383d9e7345ea8685510b56829ce0d630.