robertwhitton
commented
8 years ago Another set of cases are the single operand instructions such as "not" with an operand of type UD_OP_MEM, New patch attached.
Open robertwhitton opened 8 years ago
robertwhitton
commented
8 years ago Another set of cases are the single operand instructions such as "not" with an operand of type UD_OP_MEM, New patch attached.
robertwhitton
commented
8 years ago Yet more cases come to light. All candidate changes attached:
In the function ud_translate_att "size" is initialised to zero and isn't subsequently set. Consequently some instructions decode ambiguously and it isn't possible to determine the size of the operation. For example a "mov" instruction with operands of the following type:
mov UD_OP_IMM, UD_OP_MEM
For cases such as this size of the operation is ambiguous in the disassembly.
I suggest that udis86 takes a lead from objdump and for such ambiguous cases appends b, w, l, q to the mnemonic as appropriate. For the case above (and I don't know if there are other similar cases) the attached patch appears to be helpful:
patch.txt