Description
I'm running into a weird issue with capstone where the following instruction:
66 0F 6F 05 DC A7 01 00
is presented as movdqa xmm0, xmmword ptr [rip + 0x1a7dc], however the disp_size value is 2 and disp_offset is 4. These two things do not agree with each other, because if the disp_size was 2 then the displacement bytes would be DC A7, which, when sign-extended would give a value of -22564 which should be added to the current value of rip. However, the string disassembly clearly shows the displacement as 0x1a7dc. After verifying against objdump and GDB, I can see that 0x1a7dc is the correct displacement value. This means that the disp_size should be coming back as 4, not 2.
Unless I'm missing something?
Tested with Capstone 5.0.5
Work environment
| Questions | Answers |
|---|---|
| System Capstone runs on OS/arch/bits | PopOS x86-64 |
| Capstone module affected | x86 |
| Source of Capstone | git clone |
| Version/git commit | v5.0.5:55261253c3f14d957c58382df82e61123dad45b9 |
Instruction bytes giving faulty results
66 0F 6F 05 DC A7 01 00
Expected results
It should be:
disp_size=4
Steps to get the wrong result
With Python
CODE = b'\x66\x0F\x6F\x05\xDC\xA7\x01\x00'
md = Cs(CS_ARCH_X86, CS_MODE_64)
md.detail = True
for insn in md.disasm(CODE, 0x1000):
print(insn.disp_size)
Activity