LAHF // Get different return values

bitdefender / bddisasm

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

Apache License 2.0

888 stars 115 forks source link

LAHF // Get different return values #71

Closed icyfox168168 closed 2 years ago

icyfox168168 commented 2 years ago

ret 6 ret 4

"\x55\x53\x50\x48\x89\xE5\x48\xC7\x45\x00\x00\x00\x00\x00\xB8\x01\x00\x00\x80\x0F\xA2\xF7\xC1\x01\x00\x00\x00\x74\x14\x68\x04\x02\x00\x00\x9D\x48\xB8\x06\x50\xFF\xFF\x00\x00\x00\x00\x9F\x88\x65\x00\x48\x8B\x45\x00\x48\x83\xC4\x08\x5B\x5D\xC3"

long long asmadc() { long long ret = 0; __asm { mov eax, 0x80000001 cpuid test ecx, 1 je noLAHF push 0x204 popf mov rax, 0x00000000ffff5006 LAHF mov ret,ah noLAHF:

}
return ret;

}

icyfox168168 commented 2 years ago

long long asmadc() { long long ret = 0; __asm { / mov eax, 0x80000001 cpuid test ecx, 1 je noLAHF / push 0x204 popf mov rax, 0x00000000ffff5006 LAHF mov ret,ah noLAHF:

}
return ret;

}

vlutas commented 2 years ago

Fixed in https://github.com/bitdefender/bddisasm/commit/2fc491d51d9e68aa36331d4c0557179ec585e00a

Thank you for reporting this!