Closed codenulls closed 10 months ago
Make sure you have read this: https://github.com/unicorn-engine/unicorn/wiki/FAQ#memory-hooks-get-called-multiple-times-for-a-single-instruction
This makes a lot of sense. I'll check for alignment in the hook. Thank you.
I'm trying to trace memory operations for x86_64 instructions.
I have the instruction
mov ecx, [R8]
. If the address in R8 is0c140005ffe
, I get the output:This is wrong because there should be only one memory read access at address
0x140005ffe
instead of three. If you change the address to something else, like0x140005fb
or0x140005fc
, then the issue is gone. This issue seems to only happen when the address is0x140005ffd
,0x140005ffe
, or0x140005fff
. It has something to do with thefff
at the end of the address (first 12 bits in little endian).Here's the code to reproduce the bug: