search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.61k stars 1.56k forks source link

cs_insn::id is always invalid value on aarch64 #2325

Closed niansa closed 7 months ago

niansa commented 7 months ago

Hi!

On latest next, I am using the following code to disassemble aarch64 instructions:

    if (cs_open(CS_ARCH_AARCH64, CS_MODE_LITTLE_ENDIAN, &handle) != CS_ERR_OK) {
        handle = 0;
    } else {
        cs_option(handle, CS_OPT_DETAIL, CS_OPT_ON);
        cs_option(handle, CS_OPT_UNSIGNED, CS_OPT_ON);
    }
...
        cs_insn *insn;
        const auto count = cs_disasm(handle, block.data(), block.size(), addr, 0, &insn);

        for (unsigned i = 0; i != count; ++i)
            if (!process_instruction(insn[i]))
                break;

The cs_insn passed to process_instruction(const cs_insn& insn) always has its's id field set to an out-of-range value like 815. Is this a bug? If not, what am I getting wrong here?

I know for sure that what I am disassembling is valid ARM:

std::array<uint32_t, 2> block {
    0x52800540, // mov  w0, #0x2a
    0xd65f03c0  // ret
};

Thanks in advance

Rot127 commented 7 months ago

I am not sure I understand the problem. The id is set to an enum value of type aarch64_insn. In your example 815 == AArch64_INS_RET.

niansa commented 7 months ago

Yup, that was the issue. Looks like I was looking at the wrong enum (the one for ARM, now AArch64...)

Thank you!