search

zyantific / zydis

Fast and lightweight x86/x86-64 disassembler and code generation library
https://zydis.re
MIT License
3.47k stars 438 forks source link

Wrong output of ZydisRegisterGetLargestEnclosing #443

Closed r3bb1t closed 1 year ago

r3bb1t commented 1 year ago

Function ZydisRegisterGetLargestEnclosing can't return the correct output for a variety of registers. Here is the proof code:

#include <stdio.h>
#include <Zydis/Zydis.h>

int main()
{
    // Same with ZYDIS_REGISTER_FLAGS, ZYDIS_REGISTER_IP, ZYDIS_REGISTER_EIP (maybe there are more)
    ZydisRegister result = ZydisRegisterGetLargestEnclosing(ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_REGISTER_EFLAGS);

    if (result == ZYDIS_REGISTER_NONE)
        puts("ZydisRegisterGetLargestEnclosing returned: ZYDIS_REGISTER_NONE");

    else if (result == ZYDIS_REGISTER_RFLAGS)
        puts("ZydisRegisterGetLargestEnclosing returned: ZYDIS_REGISTER_RFLAGS");

    else
        printf("ZydisRegisterGetLargestEnclosing returned unxepected return value: %s\n",
            ZydisRegisterGetString(result));

    return 0;
}

Same for Rust bindings: https://github.com/zyantific/zydis-rs/issues/32

r3bb1t commented 1 year ago

Hey, don't forget to fix this. At the time of writing, there are 11 issues with C-bug label 👀