Closed jpidancet closed 1 year ago
flobernd
commented
1 year ago Hey, i will check that instruction. If it is (has been) used in real world binaries, it might be useful to include that in Zydis.
Could you please provide me an example of this instruction (hex bytes or something like that)?
jpidancet
commented
1 year ago Hi,
Thanks for the quick response.
You can find the exact opcode there: https://elixir.bootlin.com/linux/v4.1.12/source/arch/x86/include/asm/special_insns.h#L218 (66 0f ae f8).
This is the exact commit that introduced support for this instruction in the linux kernel: https://github.com/torvalds/linux/commit/719d359dc7b6be3e43d6661f192ceb980b10ee26
There's a link in that commit description pointing to an Intel document that used to contain information about the instruction but has since been removed.
mappzor
commented
1 year ago There's a link in that commit description pointing to an Intel document that used to contain information about the instruction but has since been removed.
Luckily there are still some older revisions floating around: https://kib.kiev.ua/x86docs/Intel/ISAFuture/319433-024.pdf
jpidancet
commented
1 year ago Hi @flobernd, any update on this one ? Please let me know if there's anything I can do to help.
flobernd
commented
1 year ago Hi @jpidancet, I'm very sorry, my time is pretty limited at the moment. I try to take care on this weekend 🙂
flobernd
commented
1 year ago Found some time to do it in my lunch break. Will be merged soon.
Hi,
I am currently conducting an experiment using Zydis where we need to disassemble the linux kernel, including some rather old revisions of the kernel and I'm running into an issue where Zydis fails to recognize a particular instruction: PCOMMIT.
It turns out PCOMMIT is quite special since it was deprecated by Intel even before shipping CPUs supporting it (https://www.intel.com/content/www/us/en/developer/articles/technical/deprecate-pcommit-instruction.html). But it is a problem when disassembling older distro kernels since there are still linux kernels in the wild that have been compiled with this instruction and we need to be able to disassemble it properly.
If adding support for this instruction in Zydis's mainline tree is not possible, we would be grateful to have the instructions on how to manually add support for custom instructions to our own tree. As I understand, currently a lot of code from the Zydis source is actually generated from files in the zydis-db project, but I was unable to find proper documentation on how to use it.
Thanks.