mappzor
commented
1 year ago Please provide hex input for bytes you are trying to disassemble.
Closed kkh961216 closed 1 year ago
mappzor
commented
1 year ago Please provide hex input for bytes you are trying to disassemble.
kkh961216
commented
1 year ago Please provide hex input for bytes you are trying to disassemble.
Sorry, I apologize. Here is the opcode: 48 BD 6E 02 00 00 00 00 00 00
which should disassemble into movabs rbp,0x26e
athre0z
commented
1 year ago This decodes just fine with ZydisInfo:
Please provide your code.
kkh961216
commented
1 year ago Please excuse me, I made one of the sillier mistakes I could have made. The code was:
BYTE* data = new BYTE[size]; uc_mem_read(uc, address, data, size); ZydisDisassembledInstruction instruction; ZydisDisassembleIntel(ZYDIS_MACHINE_MODE_LONG_64, address, data, sizeof(data), &instruction);
which turned the size parameter of ZydisDisassembleIntel into 8, due to being sizeof(pointer). I've been stuck on this for quite a few days now, and it seems I needed to stir up trouble before figuring it out. I apologize and thank you for your time.
Hello!
I hope this is not a known issue / mistake on my part...
I am finding that via ZydisDisassembleIntel, movabs instructions are not able to be disassembled. Has anyone found the same / have a solution / could tell me that it's an issue specific to myself?