grotrek
commented
7 years ago I find this comment in binexport code (ida/metapc.cc:HandleImmediate). // By default IDA will perform a sign/zero extension, returning a 32 bit // operand size even when the encoding only contains an 8 bit value. This is // consistent with what the CPU actually computes, but not with the intel // opcode specification. BeaEngine follows the intel convention, leading to // lots of spurious diffs between the two disassemblers. This here is an // attempt at undoing the sign extension.
But if binexport use F0 instead of 0FFFFFFF0h in this case, we have an error while interprets the reil code.
There is instruction in IDA "and esp, 0FFFFFFF0h" with opcode "83 E4 F0", but after export to Binnavi it converts to "and esp, 0F0h". Instruction "83 E4 F0" is "r/m32 AND imm8 (sign-extended)", so F0 should be converted to 0FFFFFFF0h Example of IDB file and binary attached: and_bug.zip