search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.61k stars 1.56k forks source link

Disassembly Error, over-decode invalid instruction with mutual exclusive prefix #2547

Open Mar3yZhang opened 2 days ago

Mar3yZhang commented 2 days ago

Work environment

Questions Answers
OS/arch/bits x86_64 Ubuntu 20.04
Architecture x86_64
Source of Capstone git clone, default on next branch.
Version/git commit v6.0.0, d7be5f9

Instruction bytes giving faulty results

0xf0,0xf2,0x41,0x0f,0xb7,0xd6

Expected results

It should be:

ERROR: invalid assembly code

Steps to get the wrong result

With cstool:

$ ./cstool -d x64 "0xf0,0xf2,0x41,0x0f,0xb7,0xd6"
 0  f0 f2 41 0f b7 d6                                movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx

$ ./cstool -d x64 "0xf0,0x41,0x0f,0xb7,0xd6" 
ERROR: invalid assembly code

$ ./cstool -d x64 "0xf2,0x41,0x0f,0xb7,0xd6"
 0  f2 41 0f b7 d6                                   movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx

Additional Logs, screenshots, source code, configuration dump, ...

Capstone correctly identifies that the LOCK prefix (0xf0) is incompatible with the movzx instruction. It also has no problem with the REPNE/REPNZ prefix (0xf2). However, it fails to recognize that the prefixes 0xf2 and 0xf0 are mutually exclusive and cannot appear together in a single instruction. In contrast, both XED and Zydis disassemblers return an 'invalid assembly code' error for the sequence 0xf0, 0xf2, 0x41, 0x0f, 0xb7, 0xd6

Rot127 commented 2 days ago

Thanks for reporting it. Idk what your use case is, but please also take a look at https://github.com/capstone-engine/capstone/discussions/2505.