search

gdabah / distorm

Powerful Disassembler Library For x86/AMD64
Other
1.26k stars 238 forks source link

the output disassembling INS/OUTS is confusing #26

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.  disassemble the following code with latest disasm-32.exe choosing 32-bit 
mode
a5 f3 a5 f3 ab f3 aa 66 ab f3 6e f3 66 6f f3 6c 6e 6c
and get the following output:
00000000 (01) a5                       MOVSD
00000001 (02) f3a5                     REP MOVSD
00000003 (02) f3ab                     REP STOSD
00000005 (02) f3aa                     REP STOSB
00000007 (02) 66ab                     STOSW
00000009 (02) f36e                     REP OUTS DX, [ESI]
0000000b (03) f3666f                   REP OUTS DX, [ESI]
0000000e (02) f36c                     REP INS [ES:EDI], DX
00000010 (01) 6e                       OUTS DX, [ESI]
00000011 (01) 6c                       INS [ES:EDI], DX

What is the expected output? What do you see instead?
1. a consistent output format for INS/OUTS and MOVS/STOS.
INS/OUTS follows the format of OUTS XX, XXX, while MOVS/STOS follow the format 
of MOVSB/MOVSW/MOVSD.

2. For OUTS/ins, I want to get the operand size information like the following 
result,
6E              OUTS DX,BYTE PTR DS:[ESI] 

Since the following two instructions share the same mnemonics and operands, the 
result is confusing to judge the operand size.
00000009 (02) f36e                     REP OUTS DX, [ESI]
0000000b (03) f3666f                   REP OUTS DX, [ESI]

Maybe I'm asking a silly question, but can anyone make it clear?

What version of the product are you using? On what operating system?
distorm3-1.0
on Windows 7 enterprise (32-bit)

Please provide any additional information below.

Original issue reported on code.google.com by jialis...@gmail.com on 6 Sep 2011 at 1:02

GoogleCodeExporter commented 9 years ago

Original comment by distorm@gmail.com on 7 Mar 2012 at 3:46

GoogleCodeExporter commented 9 years ago 
1) AFAIK, most disassemblers use short mnemonic for the String operations. So I 
will leave it formatted that way.
2) You are absolutely right, there's a lack of indirection size, soon to be 
fixed.
Thanks

Original comment by distorm@gmail.com on 7 Mar 2012 at 3:51

GoogleCodeExporter commented 9 years ago

Original comment by distorm@gmail.com on 8 Mar 2012 at 10:41