search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.61k stars 1.56k forks source link

wrong retf #1204

Closed radare closed 5 years ago

radare commented 6 years ago

0x00000000 cafeba retf 0xffffffffffffbafe

ollydis shows retf 47870

aquynh commented 6 years ago

Is this regression, or a new issue?

radare commented 6 years ago

i didnt upgraded to the latest capstone because this test breaks.. but new output looks good.. so maybe this issues is fixed in recent next.

-0x004019da   # 3: ror ebp, 0xffffffffffffffe5
+0x004019da   # 3: ror ebp, 0xe5
radare commented 6 years ago

didnt verified this behaviour with other disassemblers or intel documentation either, you can check yourself

aquynh commented 6 years ago

So problem is solved?

radare commented 6 years ago

well, right now in capstone-next i get this:

$ ./cstool x32 cafeba
 0  ca fe ba                                         retf   -0x4502

ollydbg shows that:

$ rasm2 -a x86.olly -b 32 -d  cafeba
retf 47870

Zyan shows this:

$ rasm2 -a x86.zyan -b 32 -d  cafeba
ret 0xBAFE

so imho, old and new outputs are wrong, because the argument of retf should be unsigned.

In fact, i have written an r2 script to debug this, and i can confirm, the argument is unsigned when executing this in real hardware. same goes for the retn instruction.

This is the r2pipe script to verify this:

import r2pipe
r2 = r2pipe.open("./a.out", ["-d"])
r2.cmd("dcu main;3ds;.dr*")
print(r2.cmd("?v rsp-rbp"))
r2.quit()

and the stupid hello world program to run

main() {
 //  asm("retn 0xff00");
  asm("retn 0xff");
}
aquynh commented 6 years ago

Fixed, please confirmed