search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.18k stars 1.52k forks source link

Wrong operand type for RISCV compressed instruction disassemble #2351

Open apach301 opened 1 month ago

apach301 commented 1 month ago

Hi,

I tried to disassemble a compressed store instruction, but it turned out that capstone detected wrong operands:

>>> import capstone as cs
>>> md = cs.Cs(cs.CS_ARCH_RISCV, cs.CS_MODE_RISCVC)
>>> md.detail = True
>>> ins = md.disasm(b"\x98\xc3", 0).__next__()
>>> ins
<CsInsn 0x0 [98c3]: c.sw a4, 0(a5)>
>>> ins.operands[0].type
1
>>> ins.operands[1].type
2
>>> ins.operands[2].type
1
>>> cs.CS_OP_MEM
128
>>> cs.CS_OP_REG
1
>>> cs.CS_OP_IMM
2

This instruction expected to have two operands: OP_reg and OP_mem. Here is non-compressed analog for store:

>>> md = cs.Cs(cs.CS_ARCH_RISCV, cs.CS_MODE_RISCV64)
>>> md.detail = True
>>> ins = md.disasm(b"\x23\xa0\xe7\x00", 0).__next__()
>>> ins
<CsInsn 0x0 [23a0e700]: sw a4, 0(a5)>
>>> ins.operands
[<capstone.riscv.RISCVOp object at 0x7fe2e8de65c0>, <capstone.riscv.RISCVOp object at 0x7fe2e8de6bc0>]
>>> ins.operands[0].type
1
>>> ins.operands[1].type
3

Work environment

Questions Answers
OS/arch/bits Ubuntu 20.04, amd64
Architecture riscv
Source of Capstone git clone, pip
Version/git commit v5.0.1, current next branch