search

gdabah / distorm

Powerful Disassembler Library For x86/AMD64
Other
1.26k stars 238 forks source link

SYSENTER and SYSEXIT are not decoded #36

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
Disassemble:
0x0f 0x34
0x0f 0x35

What is the expected output? What do you see instead?

Expect:
SYSENTER
SYSEXIT

Get:
   1: (   0) 0f                       DB 0xf
   2: (   1) 34                       DB 0x34

   1: (   0) 0f                       DB 0xf
   2: (   1) 35                       DB 0x35

What version of the product are you using? On what operating system?

diStorm 3.1 on MacOS X 10.6.8

Original issue reported on code.google.com by spa...@rotateright.com on 9 Feb 2012 at 6:05

GoogleCodeExporter commented 9 years ago 
Further testing shows these decode as expected in 32-bit mode, but I was using 
64-bit mode.

These instructions are defined in Intel's Volume 2B, pp. 4-444, 4-445. It looks 
like a REX.W prefix may be used, but isn't required in 64-bit mode? Adding a 
REX prefix doesn't change the diStorm output in 64-bit mode.

Original comment by spa...@rotateright.com on 9 Feb 2012 at 6:15

GoogleCodeExporter commented 9 years ago 
According to AMD's http://support.amd.com/us/Processor_TechDocs/24594_APM_v3.pdf
They are invalid in Long mode.

Original comment by distorm@gmail.com on 7 Mar 2012 at 10:21

GoogleCodeExporter commented 9 years ago 
Intel docs say otherwise.
Therefore I will make them valid for all modes, but encoded than invalid..

Original comment by distorm@gmail.com on 7 Mar 2012 at 3:00