Closed williballenthin closed 5 years ago
williballenthin
commented
5 years ago update: looks like the .action field can contain invalid values even for operands that are "used" (e.g. index < operand_count).
the bytes 48 8D 55 E8 should decode to something like lea rdx, [rbp+var_18], but i'm unable to serialize the value of insn.operands[1].action:
th0rex
commented
5 years ago Hi, thanks for the report. I can reproduce it and it's indeed caused by the operand action, because its a bitflag and I've used an enum in Rust. A value of 0 means None, but that's not explicitly declared in zydis so when auto generating the Rust enums it's missing.
I've pushed a commit that temporarily fixes this (I didn't test serialization, just printing, but it should be fixed as well), until we decide whether zydis should just add a None variant so that it get picked up by auto generation, or whether I'm going to use bitflags for the operand action and not an enum. bitflags would probably be better, but a bigger breaking change.
th0rex
commented
5 years ago Considering no one noticed this before it's likely that not many people will be affected by changing the enum to bitflags, so I changed it.
williballenthin
commented
5 years ago great, thanks!
I believe that zydis-rs may crash in some cases when serializing instructions, either via serde_json or via debug format (
println!("{:?}", insn)). This seems to be due to some operands being invalid. Without doing any research, I wonder if the underlying zydis library does not initialize the unused operands resulting in the serializer getting confused by unexpected enum values or something.Short term fix: When I overwrite the operands from
insn.operand_count..10with a dummy zero operand, then serialization (edit: sometimes) works:I apologize for not having a test case ready. Would you like me to provide one?