search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.2k stars 1.53k forks source link

Issue in detail feature for ARM post-incrementing ldrb/strb instructions #2283

Open chiffreKing opened 4 months ago

chiffreKing commented 4 months ago

There are different instructions where the access details of memory operands is incorrect interpreted:

cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb   r3, [r1], #1
        ID: 84 (ldrb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: WRITE
                operands[1].type: MEM
                        operands[1].mem.base: REG = r1
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r1
        Registers modified: r3 r1
        Groups: thumb2

cstool -d thumb 00f8013b
 0  00 f8 01 3b  strb   r3, [r0], #1
        ID: 241 (strb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: READ
                operands[1].type: MEM
                        operands[1].mem.base: REG = r0
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r3 r0
        Registers modified: r0
        Groups: thumb2

As you can see in both cases the access type for both memory operations is missing. Using capstone v5.0.1

Rot127 commented 4 months ago

They work in the next branch:

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb   r3, [r1], #1
    ID: 23 (ldrb)
    op_count: 2
        operands[0].type: REG = r3
        operands[0].access: WRITE
        operands[1].type: MEM
            operands[1].mem.base: REG = r1
            operands[1].mem.scale: 0
            operands[1].mem.disp: 0x1
        operands[1].access: READ
    Write-back: True
    Post index: True
    Registers read: r1
    Registers modified: r1 r3
    Groups: IsThumb2 

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb   r3, [r1], #1
    ID: 23 (ldrb)
    op_count: 2
        operands[0].type: REG = r3
        operands[0].access: WRITE
        operands[1].type: MEM
            operands[1].mem.base: REG = r1
            operands[1].mem.scale: 0
            operands[1].mem.disp: 0x1
        operands[1].access: READ
    Write-back: True
    Post index: True
    Registers read: r1
    Registers modified: r1 r3
    Groups: IsThumb2

I would advice you to use it. It contains way more precise disassembly and also supports the newly added processor extensions.

Rot127 commented 2 months ago

@chiffreKing Can you provide me with a list of instructions which have the incorrect access flags? I would fix them manually and they can be part of the v5.0.2 release. If you don't have a list, I would only fix the two you mention. Because investigating which instructions are all broken in v5 takes way too long. And we have the better next branch.