Can't disassemble 'movsxd esp, dword ptr [rax]'

[randomdude]

Hi. I came across the following byte sequence that Capstone ('next' branch, 6656bc) reported as invalid:

aliz@aliz-xi:~/capstone$ ./cstool/cstool -d x64 "63 20"
ERROR: invalid assembly code

This is decoded by IDA as "movsxd esp, dword ptr [rax]", and by intel xed as movsxd:

c:\code\xed\xed>C:\code\xed\xed_x64\wkit\examples\obj\xed.exe  -I -64 -d 63 20
6320
ICLASS:     MOVSXD
CATEGORY:   DATAXFER
EXTENSION:  LONGMODE
IFORM:      MOVSXD_GPRv_MEMz
ISA_SET:    LONGMODE
ATTRIBUTES: SCALABLE
SHORT:      movsxd esp, dword ptr [rax]

FYI, this is a repurposed 32bit instruction, which Capstone correctly decodes in x32 mode.

aliz@aliz-xi:~/capstone$ ./cstool/cstool -d x32 "63 20"
 0  63 20                                            arpl       word ptr [eax]:sp
<snip>

I tested a few tags, 2.0 and 3.0, and none of them decoded this instruction correctly.

Hope this is useful.

[adamjseitz]

It looks like this is decoded by capstone 4.0.2:

$ git checkout 4.0.2
HEAD is now at 1d230532 update SPONSORS.TXT for v4.0.2
$ ./make.sh
$ ./cstool/cstool -d x64att '63 20'
 0  63 20                                            movslq     (%rax), %rsp
        ID: 478 (movsxd)
        Prefix:0x00 0x00 0x00 0x00
        Opcode:0x63 0x00 0x00 0x00
        rex: 0x0
        addr_size: 8
        modrm: 0x20
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: MEM
                        operands[0].mem.base: REG = rax
                operands[0].size: 4
                operands[0].access: READ
                operands[1].type: REG = rsp
                operands[1].size: 8
                operands[1].access: WRITE
        Registers read: rax
        Registers modified: rsp
        Groups: mode64

I encountered a similar instruction, 63 68 61, with the same problem (decodes on 4.0.2, but not next). It is also an arpl on x32.