r3bb1t
commented
1 year ago Update: This is not a rust bindings bug, it's a Zydis's bug itself
Closed r3bb1t closed 8 months ago
r3bb1t
commented
1 year ago Update: This is not a rust bindings bug, it's a Zydis's bug itself
athre0z
commented
1 year ago Yeah. I think this function is broken for any register that isn't encodable with a (register-class, register-id) tuple, so any register having a -1 in the first numeric column here: https://github.com/zyantific/zydis/blob/master/src/Generated/RegisterLookup.inc. These are all registers that can only be read and written to via specialized instructions.
@flobernd I think we should probably special case at least EFLAGS and EIP in ZydisRegisterGetLargestEnclosing: the whole "needs to be (class, ID) encodable requirement is not at all obvious from the function signature.
r3bb1t
commented
10 months ago We need the updated zydis-c submodule to fix this
athre0z
commented
10 months ago Not a fan of bindings where the corresponding library is pinned to some random commit. Will need to do a 4.X release of Zydis first. It's a bit more work than I'd like because there were some (minor) breaking changes on master & I'll need to start a branch that undoes those while keeping all the fixes.
athre0z
commented
8 months ago Following the corresponding Zydis release on Sunday, I just published v4.1.0-beta.1 that includes this fix.
I've encountered the following bug with zydis rust bindings v 3.1.3:
Running the following:
Ouputs this:
while in fact, i expect to see the RFLAGS as a result