mcsema icon indicating copy to clipboard operation
mcsema copied to clipboard

Published 20 hours ago verified publisher icon lifting-bits

Check failed: allow_failure Could not find variable MMX5

Open AnFunctionArray opened this issue 6 years ago • 31 comments

When I allow the failure though the program crashes a few bits after the way. Ultimately I was able to make it to a point where it fails on assertation inside llvm saying that variable type mismatches. However for that to happen I referred to access violation skipper.

Here is the CFG file I used (you also need to patch the SetTotalBytesLimit call to INT_MAX to read the protobuf stream and also you need like at least 100 gbs of ram).

Here is the full output with only the SetTotalBytesLimit patched:

E1121 07:27:14.797348  5024 CFG.cpp:1013] Successor 633820 of block 63381d in function 633790 does not exist
E1121 07:27:15.516064  5024 CFG.cpp:1013] Successor 653f90 of block 653f8d in function 653b60 does not exist
E1121 07:27:16.781713  5024 CFG.cpp:1013] Successor 5d4a0c of block 5d4a09 in function 5d4930 does not exist
E1121 07:27:16.781713  5024 CFG.cpp:1013] Successor 5d4c10 of block 5d4c0e in function 5d4930 does not exist
E1121 07:27:16.781713  5024 CFG.cpp:1013] Successor 5d4bca of block 5d4bc9 in function 5d4930 does not exist
E1121 07:27:16.781713  5024 CFG.cpp:1013] Successor 5d4a78 of block 5d4a76 in function 5d4930 does not exist
E1121 07:28:16.906733  5024 CFG.cpp:1013] Successor 5d2a3a of block 5d2a39 in function 5d27a0 does not exist
E1121 07:28:16.906733  5024 CFG.cpp:1013] Successor 5d28e8 of block 5d28e6 in function 5d27a0 does not exist
E1121 07:28:16.906733  5024 CFG.cpp:1013] Successor 5d287c of block 5d2879 in function 5d27a0 does not exist
E1121 07:28:16.906733  5024 CFG.cpp:1013] Successor 5d2a80 of block 5d2a7e in function 5d27a0 does not exist
E1121 07:28:54.375409  5024 CFG.cpp:1013] Successor 656a6c of block 656a6a in function 6568b0 does not exist
E1121 07:33:22.609813  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd536 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.625427  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c91bc 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:22.687938  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c81d5 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:22.687938  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc32b 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.703555  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c61a4 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:22.719228  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4991 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.719228  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0995 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.719228  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc1a5 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.766057  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4386 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.766057  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c47ca 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:22.781698  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bc0e6 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:22.797310  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c45be 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.812981  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be5a4 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.812981  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c2301 3 (BYTES 0f 15 ff) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)))
E1121 07:33:22.828547  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bfc10 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.828547  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0375 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:22.828547  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be694 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:22.844172  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c834a 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.875445  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0ea0 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.891065  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be426 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:22.953573  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc692 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:22.953573  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd00f 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:22.969173  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bcd9d 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:22.984833  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd7fe 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:22.984833  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4dea 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.000465  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bce72 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.000465  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c3e53 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.000465  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4bb2 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.031679  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c5eff 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:23.047307  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bdf5f 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.047307  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4165 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.047307  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c7fe7 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.047307  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4ff6 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.156728  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd536 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.172313  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c91bc 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.234800  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c81d5 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:23.234800  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc32b 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.250402  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c61a4 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:23.266067  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4991 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.266067  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0995 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.266067  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc1a5 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.312965  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4386 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.312965  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c47ca 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:23.312965  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bc0e6 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:23.328541  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c45be 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.344221  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be5a4 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.344221  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c2301 3 (BYTES 0f 15 ff) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)))
E1121 07:33:23.359807  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc692 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.359807  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bfc10 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.359807  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0375 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:23.375461  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be694 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:23.375461  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c834a 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.406692  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0ea0 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.422302  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be426 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.484792  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd00f 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:23.500443  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bcd9d 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.516062  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd7fe 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:23.516062  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4dea 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.531674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bce72 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.531674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c3e53 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.531674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4bb2 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.562976  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c5eff 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:23.562976  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bdf5f 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.562976  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4165 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:23.578560  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c7fe7 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:23.578560  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4ff6 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:23.609804  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4d807f 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.641041  5024 Lifter.cpp:123] Missing semantics for instruction (X86 645cd7 5 (BYTES 0f 15 5c 24 30) UNPCKHPS_XMMps_MEMdq (WRITE_OP (REG_128 XMM3)) (READ_OP (REG_128 XMM3)) (READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 ESP) (SIGNED_IMM_32 0x30)))))
E1121 07:33:24.641041  5024 Lifter.cpp:123] Missing semantics for instruction (X86 645d05 3 (BYTES 0f 15 e2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM2)))
E1121 07:33:24.672308  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd536 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:24.703546  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c91bc 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:24.703546  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4386 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.766048  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c81d5 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:24.766048  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc32b 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:24.766048  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c61a4 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:24.797271  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4991 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.797271  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0995 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.797271  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc1a5 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:24.828615  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4dea 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.844166  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c47ca 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:24.844166  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bc0e6 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:24.875432  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c45be 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:24.891085  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be5a4 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.891085  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c2301 3 (BYTES 0f 15 ff) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)))
E1121 07:33:24.906674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bfc10 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.906674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0375 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:24.906674  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be694 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:24.922331  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c834a 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:24.953536  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0ea0 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:24.984817  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be426 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.031718  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc692 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.047310  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd00f 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.047310  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bcd9d 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.078558  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd7fe 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.078558  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bce72 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.094180  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c3e53 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.094180  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4bb2 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.109809  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c5eff 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:25.125490  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bdf5f 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.125490  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4165 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.141068  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c7fe7 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.141068  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4ff6 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.172358  5024 Lifter.cpp:123] Missing semantics for instruction (X86 64824c 5 (BYTES 0f 15 5c 24 30) UNPCKHPS_XMMps_MEMdq (WRITE_OP (REG_128 XMM3)) (READ_OP (REG_128 XMM3)) (READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 ESP) (SIGNED_IMM_32 0x30)))))
E1121 07:33:25.172358  5024 Lifter.cpp:123] Missing semantics for instruction (X86 64827a 3 (BYTES 0f 15 e2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.250448  5024 Lifter.cpp:123] Missing semantics for instruction (X86 5003c5 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:25.250448  5024 Lifter.cpp:123] Missing semantics for instruction (X86 500453 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.281687  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd536 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.297345  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c91bc 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.359865  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c81d5 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.359865  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc32b 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.375444  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c61a4 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:25.391085  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4991 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.391085  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0995 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.391085  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc1a5 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.422304  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4dea 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.437969  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4386 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.437969  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c47ca 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:25.437969  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bc0e6 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:25.469234  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c45be 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.484833  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be5a4 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.484833  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c2301 3 (BYTES 0f 15 ff) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)) (READ_OP (REG_128 XMM7)))
E1121 07:33:25.500437  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bfc10 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.500437  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0375 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.500437  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be694 3 (BYTES 0f 15 f6) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)) (READ_OP (REG_128 XMM6)))
E1121 07:33:25.516052  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c834a 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.547304  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c0ea0 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.578553  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4be426 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.625429  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4cc692 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.625429  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd00f 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.641083  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bcd9d 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
E1121 07:33:25.656711  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bd7fe 3 (BYTES 0f 15 ed) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)) (READ_OP (REG_128 XMM5)))
E1121 07:33:25.672300  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bce72 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.672300  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c3e53 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.672300  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4bb2 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.703624  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c5eff 3 (BYTES 0f 15 e4) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM4)))
E1121 07:33:25.703624  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4bdf5f 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.719188  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4165 3 (BYTES 0f 15 c0) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)) (READ_OP (REG_128 XMM0)))
E1121 07:33:25.719188  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c7fe7 3 (BYTES 0f 15 d2) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)) (READ_OP (REG_128 XMM2)))
E1121 07:33:25.719188  5024 Lifter.cpp:123] Missing semantics for instruction (X86 4c4ff6 3 (BYTES 0f 15 c9) UNPCKHPS_XMMps_XMMdq (WRITE_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)) (READ_OP (REG_128 XMM1)))
F1121 07:33:25.781677  5024 Util.cpp:160] Check failed: allow_failure Could not find variable MMX5 in function sub_64a4f2__x3d_D3DXQuaternionToAxisAngle__YGXPBUD3DXQUATERNION__PAUD3DXVECTOR3__PAM_Z
*** Check failure stack trace: ***
    @   00007FF7F08EB31B  (unknown)
    @   00007FF7F090D9FA  (unknown)
    @   00007FF7F09CDDB6  (unknown)
    @   00007FF7F09CC9A0  (unknown)
    @   00007FF7F08D0445  (unknown)
    @   00007FF7F09CFC6D  (unknown)
    @   00007FF7F09CA332  (unknown)
    @   00007FF7F08CD9EB  (unknown)
    @   00007FF7F08C4395  (unknown)
    @   00007FF7F08C11B7  (unknown)
    @   00007FF7F08C0451  (unknown)
    @   00007FF7F08BF7B5  (unknown)
    @   00007FF7F08E179C  (unknown)
    @   00007FF7F08E3B9E  (unknown)
    @   00007FF7F1487CDC  (unknown)
    @   00007FFFFC2484D4  BaseThreadInitThunk
    @   00007FFFFC59E8B1  RtlUserThreadStart

OS is windows and arch is x86

Also maybe there is someway to skip this function since it's part of a library to which I can probably relink later.

AnFunctionArray avatar Nov 21 '19 07:11 AnFunctionArray

OK I think the issue is that remill has the variables names MM0 through MM7. I will do some testing, might be that I need to rename them MMX0 through MMX7.

pgoodman avatar Jan 08 '20 19:01 pgoodman

I don't have that much RAM :-/ Can you send me the copy and paste disassembly or bytes of _x3d_D3DXQuaternionToAxisAngle__YGXPBUD3DXQUATERNION__PAUD3DXVECTOR3__PAM_Z? I.e. the code at 64a4f2 in your binary.

pgoodman avatar Jan 08 '20 19:01 pgoodman

You can go ahead and download the file yourself it's in this archive (https://www.tombraiderchronicles.com/cgi-bin/dl09/dl.pl?me_angelofdarkness_pcupdate2) - the file name is TRAOD_P4.exe I believe - just use IDA.

AnFunctionArray avatar Jan 10 '20 14:01 AnFunctionArray

Forgive my ignorance, but how do I find that specific TRAOD_P4.exe in the downloaded file? I found and downloaded a same-named file off of Google, but the address 0x64a4f2 was in the middle of an instruction in a function.

pgoodman avatar Jan 10 '20 14:01 pgoodman

Use 7zip and open as archive. It may also be TRAOD.exe keep in mind thanks.

On Fri, Jan 10, 2020, 4:56 PM Peter Goodman [email protected] wrote:

Forgive my ignorance, but how do I find that specific TRAOD_P4.exe in the downloaded file? I found and downloaded a same-named file off of Google, but the address 0x64a4f2 was in the middle of an instruction in a function.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lifting-bits/mcsema/issues/608?email_source=notifications&email_token=AD7VRWT5MKSEYPEYB5Z6SALQ5CECDA5CNFSM4JP6KDU2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIUFCXA#issuecomment-573067612, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD7VRWTAI4EUFAI6OBGK6HDQ5CECDANCNFSM4JP6KDUQ .

AnFunctionArray avatar Jan 10 '20 15:01 AnFunctionArray

So I've been fixing various things, but I am unable to replicate this specific problem. I did find a host of other issues. My best guess is that your version of Remill or McSema is very out of date. Fixes are in #624 . I've also made some Remill changes that add support various 3DNow instructions used by your binary, but there remain many unsupported instructions. Those changes are not yet merged.

pgoodman avatar Jan 10 '20 20:01 pgoodman

By the way, your log seems to have much less variety in missing semantics; have you implemented semantics on your own?

pgoodman avatar Jan 10 '20 20:01 pgoodman

ping @bsld

pgoodman avatar Jan 15 '20 05:01 pgoodman

@pgoodman I have the same issue. I followed the instructions on the readme page in root, so I should have the newest version. git log shows:

c:\Users\Sab24\Downloads\remill\tools\mcsema>git log
commit e626fb86e1fb69245266efec713dba772942c388 (grafted, HEAD -> master, origin/master, origin/HEAD)
Author: Youssef <[email protected]>
Date:   Wed Apr 15 04:58:07 2020 +0200

    adjusted readme to retdec update (#643)

    according to https://engineering.avast.io/retdec-v4-0-is-out/

mcsema-lift-5.0 --os windows --arch x86_avx --cfg fa.cfg --output fa.bc

E0415 18:04:41.993916 15324 Function.cpp:376] Adding missing block 9dd64a in function sub_9dd640 as a tail call to __remill_error
E0415 18:04:42.088660 15324 Function.cpp:376] Adding missing block ac65d2 in function sub_ac65cc as a tail call to sub_ac65d2
E0415 18:04:42.144505 15324 Function.cpp:353] Cannot find target of instruction at 602349; the static target 60234c is not associated with a lifted subroutine, and it does not have a known call target.
F0415 18:04:42.150470 15324 Util.cpp:150] Check failed: allow_failure Could not find variable MMX2 in function sub_b059e0
*** Check failure stack trace: ***
    @   00007FF63496028B  (unknown)
    @   00007FF63497D1CC  (unknown)
    @   00007FF634A14928  (unknown)
    @   00007FF634A164C4  (unknown)
    @   00007FF634A11B6C  (unknown)
    @   00007FF63494E461  (unknown)
    @   00007FF634949A04  (unknown)
    @   00007FF634947CB8  (unknown)
    @   00007FF634946190  (unknown)
    @   00007FF6349583AE  (unknown)
    @   00007FF63495AA0A  (unknown)
    @   00007FF6352CC6F8  (unknown)
    @   00007FFB5C377BD4  BaseThreadInitThunk
    @   00007FFB5DCACED1  RtlUserThreadStart

sab24 avatar Apr 15 '20 16:04 sab24

What is the commit hash of your version of remill?

pgoodman avatar Apr 15 '20 16:04 pgoodman

That's eae68217c43f2e99a657c75ae36d40af740cc20e from 10th of February

commit eae68217c43f2e99a657c75ae36d40af740cc20e (HEAD -> production)
Author: Aiethel <[email protected]>
Date:   Mon Feb 10 18:36:44 2020 +0100

    Annotate semantics (#401)

    * Annotate semantics functions with their own metadata kind.

    * Remove forgotten Mips entry in enum.

sab24 avatar Apr 15 '20 16:04 sab24

I think it's because I disassembled with --arch x86 instead of --arch x86_avx

sab24 avatar Apr 15 '20 16:04 sab24

That shouldn't make a difference. Can you do this...

Right here: https://github.com/lifting-bits/mcsema/blob/master/mcsema/BC/Instruction.cpp#L130 Can you add: LOG(ERROR) << inst.Serialize();

You'll get a lot of output logged, but that last line of output should be super useful and tell me what the problematic instruction is.

pgoodman avatar Apr 15 '20 16:04 pgoodman

Done, I get

 (READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x28)))))
E0415 18:25:07.242838 22108 Instruction.cpp:130] (X86 b06290 2 (BYTES 03 d0) ADD_GPRv_GPRv_03_32 (WRITE_OP (REG_32 EDX)) (READ_OP (REG_32 EDX)) (READ_OP (REG_32 EAX)))
E0415 18:25:07.242838 22108 Instruction.cpp:130] (X86 b06292 2 (BYTES 03 c8) ADD_GPRv_GPRv_03_32 (WRITE_OP (REG_32 ECX)) (READ_OP (REG_32 ECX)) (READ_OP (REG_32 EAX)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b06294 3 (BYTES 8b 45 e0) MOV_GPRv_MEMv_32 (WRITE_OP (REG_32 EAX)) (READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x20)))))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b06297 3 (BYTES 89 7d fc) MOV_MEMv_GPRv_32 (WRITE_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x4)))) (READ_OP (REG_32 EDI)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b0629a 1 (BYTES 48) DEC_GPRv_48_32 (WRITE_OP (REG_32 EAX)) (READ_OP (REG_32 EAX)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b0629b 3 (BYTES 89 75 f0) MOV_MEMv_GPRv_32 (WRITE_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x10)))) (READ_OP (REG_32 ESI)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b0629e 3 (BYTES 89 55 ec) MOV_MEMv_GPRv_32 (WRITE_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x14)))) (READ_OP (REG_32 EDX)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062a1 3 (BYTES 89 4d e8) MOV_MEMv_GPRv_32 (WRITE_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x18)))) (READ_OP (REG_32 ECX)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062a4 3 (BYTES 89 45 e0) MOV_MEMv_GPRv_32 (WRITE_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x20)))) (READ_OP (REG_32 EAX)))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062a7 6 (BYTES 0f 85 b4 f7 ff ff) JNZ_RELBRz_32 (WRITE_OP (REG_8 BRANCH_TAKEN)) (READ_OP (DWORD_PTR (ADD (REG_32 PC) (SIGNED_IMM_32 -0x846)))) (READ_OP (DWORD_PTR (ADD (REG_32 PC) (SIGNED_IMM_32 0x6)))))
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062b3 1 (BYTES 90) NOP_90)
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062b4 1 (BYTES 90) NOP_90)
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062b5 1 (BYTES 90) NOP_90)
E0415 18:25:07.243862 22108 Instruction.cpp:130] (X86 b062b6 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062b7 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062b8 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062b9 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062ba 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062bb 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062bc 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062bd 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062be 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b062bf 1 (BYTES 90) NOP_90)
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b05a6b 3 (BYTES 8b 7d f8) MOV_GPRv_MEMv_32 (WRITE_OP (REG_32 EDI)) (READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x8)))))
E0415 18:25:07.244861 22108 Instruction.cpp:130] (X86 b05a6e 4 (BYTES 0f 6f 14 0f) MOVQ_MMXq_MEMq_0F6F (WRITE_OP (REG_64 MMX2)) (READ_OP (DWORD_PTR (ADD (REG_32 DS_BASE) (REG_32 EDI) (MUL (REG_32 ECX) (IMM_32 0x1))))))
F0415 18:25:07.244861 22108 Util.cpp:150] Check failed: allow_failure Could not find variable MMX2 in function sub_b059e0
*** Check failure stack trace: ***
    @   00007FF7CFF4041B  (unknown)
    @   00007FF7CFF5D35C  (unknown)
    @   00007FF7CFFF4AB8  (unknown)
    @   00007FF7CFFF6654  (unknown)
    @   00007FF7CFFF1CFC  (unknown)
    @   00007FF7CFF2E506  (unknown)
    @   00007FF7CFF29A04  (unknown)
    @   00007FF7CFF27CB8  (unknown)
    @   00007FF7CFF26190  (unknown)
    @   00007FF7CFF3853E  (unknown)
    @   00007FF7CFF3AB9A  (unknown)
    @   00007FF7D08AC888  (unknown)
    @   00007FFB5C377BD4  BaseThreadInitThunk
    @   00007FFB5DCACED1  RtlUserThreadStart

sab24 avatar Apr 15 '20 16:04 sab24

My XED gives me different results:

(X86 0 (BYTES 0f 6f 14 0f) MOVQ_MMXq_MEMq_0F6F (WRITE_OP (REG_64 MM2)) (READ_OP (DWORD_PTR (ADD (REG_32 DS_BASE) (REG_32 EDI) (MUL (REG_32 ECX) (IMM_32 0x1))))))

I think you have two options:

  1. Build cxx-common from scratch (long)
  2. Copy these [1] and then paste them, and add an X into each of the variable names. Then make -j8 from inside your build dir.

[1] https://github.com/lifting-bits/remill/blob/master/remill/Arch/X86/Runtime/BasicBlock.cpp#L318-L325

pgoodman avatar Apr 15 '20 16:04 pgoodman

I choose option 1 and will report back in some time.

sab24 avatar Apr 15 '20 16:04 sab24

Some compilation issues with llvm 10.0, is it not supported yet?

 <command line>(6): note: previous definition is here
  In file included from <built-in>:368:
<command line>(10): warning : '_CRT_SECURE_NO_DEPRECATE' macro redefined [-Wmacro-redefined] [C:\Users\sab24\Downloads\re
mill\remill_build3\remill.vcxproj]
  <command line>(6): note: previous definition is here
C:\Users\sab24\Downloads\remill\remill\Arch\Arch.cpp(221): warning : 'if' initialization statements are a C++17 extension
 [-Wc++17-extensions] [C:\Users\sab24\Downloads\remill\remill_build3\remill.vcxproj]
C:\Users\sab24\Downloads\remill\remill\Arch\Arch.cpp(247): warning : returning address of local temporary object [-Wretur
n-stack-address] [C:\Users\sab24\Downloads\remill\remill_build3\remill.vcxproj]
  remill.vcxproj -> C:\Users\sab24\Downloads\remill\remill_build3\Release\remill.lib
  Running C++ protocol buffer compiler on C:/Users/sab24/Downloads/remill/tools/mcsema/mcsema/CFG/CFG.proto
  Building Custom Rule C:/Users/sab24/Downloads/remill/tools/mcsema/CMakeLists.txt
  In file included from <built-in>:368:
<command line>(16): warning : '_CRT_SECURE_NO_DEPRECATE' macro redefined [-Wmacro-redefined] [C:\Users\sab24\Downloads\re
mill\remill_build3\tools\mcsema\mcsema-lift-10.0.vcxproj]
  <command line>(6): note: previous definition is here
  In file included from <built-in>:368:
<command line>(16): warning : '_CRT_SECURE_NO_DEPRECATE' macro redefined [-Wmacro-redefined] [C:\Users\sab24\Downloads\re
mill\remill_build3\tools\mcsema\mcsema-lift-10.0.vcxproj]
  <command line>(6): note: previous definition is here
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\ABI.cpp(771): error : no viable overloaded '=' [C:\Users\sab24\Dow
nloads\remill\remill_build3\tools\mcsema\mcsema-lift-10.0.vcxproj]
  C:\TrailOfBits\libraries\llvm\include\llvm/Support/TypeSize.h(50): note: candidate function (the implicit copy assign
  ment operator) not viable: no known conversion from 'const unsigned long long' to 'const llvm::TypeSize' for 1st argu
  ment
  C:\TrailOfBits\libraries\llvm\include\llvm/Support/TypeSize.h(50): note: candidate function (the implicit move assign
  ment operator) not viable: no known conversion from 'const unsigned long long' to 'llvm::TypeSize' for 1st argument
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\ABI.cpp(1040): error : no viable overloaded '=' [C:\Users\sab24\Do
wnloads\remill\remill_build3\tools\mcsema\mcsema-lift-10.0.vcxproj]
  C:\TrailOfBits\libraries\llvm\include\llvm/Support/TypeSize.h(50): note: candidate function (the implicit copy assign
  ment operator) not viable: no known conversion from 'const unsigned long long' to 'const llvm::TypeSize' for 1st argu
  ment
  C:\TrailOfBits\libraries\llvm\include\llvm/Support/TypeSize.h(50): note: candidate function (the implicit move assign
  ment operator) not viable: no known conversion from 'const unsigned long long' to 'llvm::TypeSize' for 1st argument
  Building Custom Rule C:/Users/sab24/Downloads/remill/tools/lift/CMakeLists.txt
  In file included from <built-in>:368:
<command line>(15): warning : '_CRT_SECURE_NO_DEPRECATE' macro redefined [-Wmacro-redefined] [C:\Users\sab24\Downloads\re
mill\remill_build3\tools\lift\remill-lift-10.0.vcxproj]
  <command line>(6): note: previous definition is here
  remill-lift-10.0.vcxproj -> C:\Users\sab24\Downloads\remill\remill_build3\tools\lift\Release\remill-lift-10.0.exe

sab24 avatar Apr 16 '20 18:04 sab24

changed the code to:

alloc_size = llvm::TypeSize(std::max<uint64_t>(alloc_size, addr_size), true);

Where true stands for scalable. Seems to compile.

sab24 avatar Apr 17 '20 08:04 sab24

same error when recompiling with llvm 10.0

(READ_OP (DWORD_PTR (ADD (REG_32 SS_BASE) (REG_32 EBP) (SIGNED_IMM_32 -0x8)))))
E0417 11:25:21.563992  4364 Instruction.cpp:130] (X86 b05a6e 4 (BYTES 0f 6f 14 0f) MOVQ_MMXq_MEMq_0F6F (WRITE_OP (REG_64 MMX2)) (READ_OP (DWORD_PTR (ADD (REG_32 DS_BASE) (REG_32 EDI) (MUL (REG_32 ECX) (IMM_32 0x1))))))
F0417 11:25:21.563992  4364 Util.cpp:150] Check failed: allow_failure Could not find variable MMX2 in function sub_b059e0
*** Check failure stack trace: ***
    @   00007FF6FDF2041B  (unknown)
    @   00007FF6FDF3D35C  (unknown)
    @   00007FF6FDFD4AB8  (unknown)
    @   00007FF6FDFD6654  (unknown)
    @   00007FF6FDFD1CFC  (unknown)
    @   00007FF6FDF0E506  (unknown)
    @   00007FF6FDF09A04  (unknown)
    @   00007FF6FDF07CB8  (unknown)
    @   00007FF6FDF06190  (unknown)
    @   00007FF6FDF1853E  (unknown)
    @   00007FF6FDF1AB9A  (unknown)
    @   00007FF6FE88C888  (unknown)
    @   00007FFFD1B07BD4  BaseThreadInitThunk
    @   00007FFFD31ACED1  RtlUserThreadStart

sab24 avatar Apr 17 '20 09:04 sab24

It works now. Only still having problems with compiling. I have

remill-clang-10.0: error: linker command failed with exit code 1561 (use -v to see invocation)

sab24 avatar Apr 18 '20 11:04 sab24

Somehow the mcsema_rt64-5.0.lib and mcsema_rt32-5.0.lib 's are not built. remill/tools/mcsema/CMakeLists.txt:184 has

if("${CMAKE_HOST_SYSTEM_PROCESSOR}" STREQUAL "x86_64" AND MCSEMA_ENABLE_RUNTIME)

but the system on windows has AMD64. Uncommenting this and enabling building this library gives a lot of errors:

Microsoft (R) Build Engine version 16.5.0+d4cbfca49 for .NET Framework
Copyright (C) Microsoft Corporation. All rights reserved.

  remill.vcxproj -> C:\Users\sab24\Downloads\remill\build5\Release\remill.lib
  mcsema-lift-10.0.vcxproj -> C:\Users\sab24\Downloads\remill\build5\tools\mcsema\Release\mcsema-lift-10.0.exe
  In file included from <built-in>:368:
<command line>(10): warning : '_CRT_SECURE_NO_DEPRECATE' macro redefined [-Wmacro-redefined] [C:\Users\sab24\Downloads
\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-amd64.vcxproj]
  <command line>(6): note: previous definition is here
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(68): error : use of undec
lared identifier 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-
runtime-amd64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(115): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(116): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(121): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(122): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(123): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(124): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(125): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(126): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(128): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(129): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(130): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(131): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(132): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(133): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(134): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(135): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(138): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
C:\Users\sab24\Downloads\remill\tools\mcsema\mcsema\Arch\X86\Runtime\print_PE_64_windows.cpp(139): error : unknown typ
e name 'RegState' [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-am
d64.vcxproj]
CL : fatal error : too many errors emitted, stopping now [-ferror-limit=] [C:\Users\sab24\Downloads\remill\build5\tool
s\mcsema\mcsema\Arch\X86\Runtime\mcsema-print-runtime-amd64.vcxproj]
  mcsema-print-runtime-x86.vcxproj -> C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\Rele
  ase\mcsema-print-runtime-x86.exe
  Generating 32-bit Windows PE runtime...
  Building 32-bit runtime
clang++ : warning : argument unused during compilation: '-shared' [-Wunused-command-line-argument] [C:\Users\sab24\Dow
nloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
  In file included from C:/Users/Sab/Downloads/remill/tools/mcsema/mcsema/Arch/X86/Runtime/Runtime.cpp:26:
  In file included from C:/Users/Sab/Downloads/remill\remill/Arch/X86/Runtime/State.h:38:
  In file included from C:/Users/Sab/Downloads/remill\remill/Arch/Runtime/Types.h:20:
  In file included from C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\incl
  ude\functional:6:
  In file included from C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\incl
  ude\exception:8:
  In file included from C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\incl
  ude\type_traits:6:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xstddef(338,2): erro
r G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\Do
wnloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          auto _Unfancy(_Ptrty _Ptr)
          ^
  In file included from C:/Users/Sab/Downloads/remill/tools/mcsema/mcsema/Arch/X86/Runtime/Runtime.cpp:26:
  In file included from C:/Users/Sab/Downloads/remill\remill/Arch/X86/Runtime/State.h:38:
  In file included from C:/Users/Sab/Downloads/remill\remill/Arch/Runtime/Types.h:20:
  In file included from C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\incl
  ude\functional:7:
  In file included from C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\incl
  ude\tuple:8:
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(363,13): er
ror G549FDB67: deduced return types are a C++14 extension [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema\
Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
                  constexpr decltype(auto) operator()(_Args&&... _Vals)
                            ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(601,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Adl_verify_range1(const _Iter& _First, const _Sentinel& _Last, true_type)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(608,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Adl_verify_range1(const _Iter&, const _Sentinel&, false_type)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(614,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Adl_verify_range(const _Iter& _First, const _Sentinel& _Last)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(641,23): er
ror G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\
Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          _NODISCARD constexpr auto _Get_unwrapped(const _Iter& _It)
                               ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(692,23): er
ror G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\
Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          _NODISCARD constexpr auto _Get_unwrapped_unverified(const _Iter& _It)
                               ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(759,23): er
ror G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\
Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          _NODISCARD constexpr auto _Get_unwrapped_n(const _Iter& _It, const _Diff _Off)
                               ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(779,23): er
ror G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\
Downloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          _NODISCARD constexpr auto _Get_unwrapped_n(const _Iter& _It, _Diff)
                               ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(855,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Seek_wrapped(_Iter& _It, const _UIter& _UIt)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(863,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Seek_wrapped(_Iter& _It, const _UIter& _UIt)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(870,17): er
ror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\t
ools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Seek_wrapped(_Ty *& _It, _Ty * const _UIt)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(973,2): err
or G90440305: 'auto' return without trailing return type; deduced return types are a C++14 extension [C:\Users\sab24\D
ownloads\remill\build5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          auto _Idl_distance(const _Iter& _First, const _Iter& _Last)
          ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(1289,12): e
rror G549FDB67: deduced return types are a C++14 extension [C:\Users\sab24\Downloads\remill\build5\tools\mcsema\mcsema
\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr decltype(auto) _Operator_arrow(_Iterator&& _Target, false_type)
                    ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(1404,18): e
rror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\
tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
                  constexpr void _Verify_offset(const difference_type _Off) const
                                 ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(1421,18): e
rror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\
tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
                  constexpr void _Seek_to(const reverse_iterator<_Src>& _It)
                                 ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(1432,17): e
rror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\
tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Verify_range(const reverse_iterator<_BidIt>& _First, const reverse_iterator<_BidIt2>& _Las
  t)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(1844,17): e
rror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\
tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
          constexpr void _Seek_to(pointer _It)
                         ^
C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\include\xutility(2260,25): e
rror G2221FED8: constexpr function's return type 'void' is not a literal type [C:\Users\sab24\Downloads\remill\build5\
tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
                  friend constexpr void _Verify_range(const move_iterator& _First, const move_iterator<_Iter2>& _Las
  t)
                                        ^
CUSTOMBUILD : fatal error : too many errors emitted, stopping now [-ferror-limit=] [C:\Users\sab24\Downloads\remill\bu
ild5\tools\mcsema\mcsema\Arch\X86\Runtime\mcsema_rt32-10.0.vcxproj]
  20 errors generated.
  remill-lift-10.0.vcxproj -> C:\Users\sab24\Downloads\remill\build5\tools\lift\Release\remill-lift-10.0.exe

C:\Users\sab24\Downloads\remill\build5>

sab24 avatar Apr 18 '20 12:04 sab24

I get

 error LNK2001: unresolved external symbol ___mcsema_attach_call

but the mcsema libraries don't compile on windows? Also this file has not been changed for three years, is there an alternative?

sab24 avatar Apr 18 '20 16:04 sab24

Also do I need to link to remill? It is compiled to 64 bit but this application I am trying to recompile uses 32bit

 Creating library f.lib and object f.exp
f.o : error LNK2019: unresolved external symbol ___remill_missing_block referenced in function _sub_b294e0
f.o : error LNK2019: unresolved external symbol ___remill_atomic_begin referenced in function _sub_bc0008
f.o : error LNK2019: unresolved external symbol ___remill_atomic_end referenced in function _sub_bc0008
f.o : error LNK2019: unresolved external symbol ___remill_function_call referenced in function _sub_bc0008
f.o : error LNK2019: unresolved external symbol ___remill_jump referenced in function _sub_bc0008
f.o : error LNK2019: unresolved external symbol ___remill_fpu_exception_test_and_clear referenced in function _sub_69f4d0
f.o : error LNK2019: unresolved external symbol ___remill_error referenced in function _sub_720010
f.o : error LNK2019: unresolved external symbol ___remill_async_hyper_call referenced in function _sub_695a40
f.o : error LNK2019: unresolved external symbol ___remill_compare_exchange_memory_32 referenced in function _sub_7474b0
f.o : error LNK2019: unresolved external symbol ___remill_sync_hyper_call referenced in function _sub_af7ff0
f.o : error LNK2019: unresolved external symbol ___remill_compare_exchange_memory_64 referenced in function _sub_55c410
f.o : error LNK2001: unresolved external symbol ___mcsema_attach_call
libcmt.lib(exe_winmain.obj) : error LNK2019: unresolved external symbol _WinMain@16 referenced in function "int __cdecl __scrt_common_main_seh(void)" (?__scrt_common_main_seh@@YAHXZ)
f.o.exe : fatal error LNK1120: 13 unresolved externals
clang: error: linker command failed with exit code 1120 (use -v to see invocation)

sab24 avatar Apr 18 '20 18:04 sab24

Recompiled everything to 32 bit, makes no difference. It turns out that in the remill.lib there are no definitions to the symbols:

| |||| ||   0x00001ca6     .string "__remill_atomic_begin" ; len=22    ; [35] -r-- section size 22 named .rdata_35
|  ||||||   ;-- str.remill_atomic_end:
|  ||||||   ;-- section..rdata_36:
|  ||||||   ;-- ??_C@_0BE@LEIBMLCO@__remill_atomic_end?$AA@:

So they are just empty. Enabling Windows runtime library turns out to be impossible as the code is unmaintained for three years. Also the newer version only supports linux, as the arch/os directory only contains linux.

sab24 avatar Apr 19 '20 18:04 sab24

Yeah, we don't have a runtime made for windows just yet. One can be made by copying the definitions of those missing functions from remill/tests/X86/Run.cpp.

pgoodman avatar Apr 19 '20 20:04 pgoodman

@pgoodman

I tried to add the code to remill/remill/BC/IntrinsicTable.cpp:

namespace remill {
namespace {


// Find a specific function.
static llvm::Function *FindIntrinsic(llvm::Module *module,
                                     const char *name) {
  auto function = FindFunction(module, name);
  CHECK(nullptr != function)
      << "Unable to find intrinsic: " << name;

  // We don't want calls to memory intrinsics to be duplicated because then
  // they might have the wrong side effects!
  function->addFnAttr(llvm::Attribute::NoDuplicate);

  InitFunctionAttributes(function);

  function->setLinkage(llvm::GlobalValue::ExternalLinkage);

  function->removeFnAttr(llvm::Attribute::AlwaysInline);
  function->removeFnAttr(llvm::Attribute::InlineHint);
  function->addFnAttr(llvm::Attribute::OptimizeNone);
  function->addFnAttr(llvm::Attribute::NoInline);

  return function;
}

// Find a specific function.
static llvm::Function *FindPureIntrinsic(llvm::Module *module,
                                         const char *name) {
  auto function = FindIntrinsic(module, name);

  // We want memory intrinsics to be marked as not accessing memory so that
  // they don't interfere with dead store elimination.
  function->addFnAttr(llvm::Attribute::ReadNone);
  return function;
}

}  // namespace

IntrinsicTable::IntrinsicTable(llvm::Module *module)
    : error(FindIntrinsic(module, "__remill_error")),

      // Control-flow.
      function_call(FindIntrinsic(module, "__remill_function_call")),
      function_return(FindIntrinsic(
          module, "__remill_function_return")),
      jump(FindIntrinsic(module, "__remill_jump")),
      missing_block(FindIntrinsic(module, "__remill_missing_block")),

      // OS interaction.
      async_hyper_call(FindIntrinsic(
          module, "__remill_async_hyper_call")),
	  sync_hyper_call(FindIntrinsic(
          module, "__remill_sync_hyper_call")),

      // Memory access.
      read_memory_8(FindPureIntrinsic(module, "__remill_read_memory_8")),
      read_memory_16(FindPureIntrinsic(module, "__remill_read_memory_16")),
      read_memory_32(FindPureIntrinsic(module, "__remill_read_memory_32")),
      read_memory_64(FindPureIntrinsic(module, "__remill_read_memory_64")),

      write_memory_8(FindPureIntrinsic(module, "__remill_write_memory_8")),
      write_memory_16(FindPureIntrinsic(module, "__remill_write_memory_16")),
      write_memory_32(FindPureIntrinsic(module, "__remill_write_memory_32")),
      write_memory_64(FindPureIntrinsic(module, "__remill_write_memory_64")),

      read_memory_f32(FindPureIntrinsic(module, "__remill_read_memory_f32")),
      read_memory_f64(FindPureIntrinsic(module, "__remill_read_memory_f64")),
      read_memory_f80(FindPureIntrinsic(module, "__remill_read_memory_f80")),

      write_memory_f32(FindPureIntrinsic(module, "__remill_write_memory_f32")),
      write_memory_f64(FindPureIntrinsic(module, "__remill_write_memory_f64")),
      write_memory_f80(FindPureIntrinsic(
          module, "__remill_write_memory_f80")),

      // Memory barriers.
      barrier_load_load(FindPureIntrinsic(
          module, "__remill_barrier_load_load")),
      barrier_load_store(FindPureIntrinsic(
          module, "__remill_barrier_load_store")),
      barrier_store_load(FindPureIntrinsic(
          module, "__remill_barrier_store_load")),
      barrier_store_store(FindPureIntrinsic(
          module, "__remill_barrier_store_store")),
      atomic_begin(FindPureIntrinsic(module, "__remill_atomic_begin")),
      atomic_end(FindPureIntrinsic(module, "__remill_atomic_end")),

//      // Optimization guides.
//      //
//      // Note:  NOT pure! This is a total hack: we call an unpure function
//      //        within a pure one so that it is not optimized out!
//      defer_inlining(FindIntrinsic(module, "__remill_defer_inlining")),

      // Optimization enablers.
      undefined_8(FindPureIntrinsic(module, "__remill_undefined_8")),
      undefined_16(FindPureIntrinsic(module, "__remill_undefined_16")),
      undefined_32(FindPureIntrinsic(module, "__remill_undefined_32")),
      undefined_64(FindPureIntrinsic(module, "__remill_undefined_64")),
      undefined_f32(FindPureIntrinsic(module, "__remill_undefined_f32")),
      undefined_f64(FindPureIntrinsic(module, "__remill_undefined_f64")) {

  // Make sure to set the correct attributes on this to make sure that
  // it's never optimized away.
  (void) FindIntrinsic(module, "__remill_intrinsics");
}

struct Memory;

Memory* IntrinsicTable::__remill_atomic_begin(Memory *) { return nullptr; }
Memory* IntrinsicTable::__remill_atomic_end(Memory *) { return nullptr; }


Memory* IntrinsicTable::__remill_sync_hyper_call(
    State &state, Memory *mem, SyncHyperCall::Name call) {
  auto eax = state.gpr.rax.dword;
  auto ebx = state.gpr.rbx.dword;
  auto ecx = state.gpr.rcx.dword;
  auto edx = state.gpr.rdx.dword;

  switch (call) {
    case SyncHyperCall::kX86CPUID:
      state.gpr.rax.aword = 0;
      state.gpr.rbx.aword = 0;
      state.gpr.rcx.aword = 0;
      state.gpr.rdx.aword = 0;

      asm volatile(
          "cpuid"
          : "=a"(state.gpr.rax.dword),
            "=b"(state.gpr.rbx.dword),
            "=c"(state.gpr.rcx.dword),
            "=d"(state.gpr.rdx.dword)
          : "a"(eax),
            "b"(ebx),
            "c"(ecx),
            "d"(edx)
      );
      break;

    case SyncHyperCall::kX86ReadTSC:
      state.gpr.rax.aword = 0;
      state.gpr.rdx.aword = 0;
      asm volatile(
          "rdtsc"
          : "=a"(state.gpr.rax.dword),
            "=d"(state.gpr.rdx.dword)
      );
      break;

    case SyncHyperCall::kX86ReadTSCP:
      state.gpr.rax.aword = 0;
      state.gpr.rcx.aword = 0;
      state.gpr.rdx.aword = 0;
      asm volatile(
          "rdtscp"
          : "=a"(state.gpr.rax.dword),
            "=c"(state.gpr.rcx.dword),
            "=d"(state.gpr.rdx.dword)
      );
      break;

    default:
      __builtin_unreachable();
  }

  return mem;
}

Memory* IntrinsicTable::__remill_async_hyper_call(X86State &, addr_t, Memory *) {
  abort();
}

Memory* IntrinsicTable::__remill_depizza(){

}

Memory* IntrinsicTable::__remill_compare_exchange_memory_32(
    Memory *memory, addr_t addr, uint32_t &expected, uint32_t desired) {
  expected = __sync_val_compare_and_swap(
      reinterpret_cast<uint32_t *>(addr), expected, desired);
  return memory;
}

Memory* IntrinsicTable::__remill_compare_exchange_memory_64(
    Memory *memory, addr_t addr, uint64_t &expected, uint64_t desired) {
  expected = __sync_val_compare_and_swap(
      reinterpret_cast<uint64_t *>(addr), expected, desired);
  return memory;
}

}  // namespace remill

But the llvm::function and Memory struct don't match. Is there code missing to convert memory to an instruction? There is no constructor for llvm::function

sab24 avatar Apr 20 '20 10:04 sab24

They should match declarations such as

  llvm::Function * const atomic_begin;
  llvm::Function * const atomic_end;

sab24 avatar Apr 20 '20 10:04 sab24

I am not sure what does you code snippet trying to achieve. I believe that what @pgoodman tried to say is that you can have a look at the definitions in the remill/tests/X86/Run.cpp and create a runtime library from it, i.e. you would want to compile that to bitcode (or pass it as .c/.cpp during re-compilation). So you can write something like clang lifted.bc my_runtime.bc -o recompiled

Some intrinsic are easy to implement, however __mcsema_attach_call may prove to be a bit tough. (depending on what is your goal you may be able to by-pass it with --explicit-args option of mcsem-lift).

You don't need to implement new things into remill/mcsema code that "lifts things".

(Maybe it would be better to move this conversation to Slack?)

Aiethel avatar Apr 20 '20 19:04 Aiethel

Hi Aiethel,

The above code is from remill/tests/X86/Run.cpp . I tried to overwrite the symbols from remill.lib but indeed that might not be necessary. I will try tomorrow, it’s evening here. On Slack from Empire Hacking was very little activity

sab24 avatar Apr 20 '20 19:04 sab24

Almost there, I have this code that is 64bit assembly, incompatible with my 32 bit executable:

Memory *__remill_sync_hyper_call(
    X86State &state, Memory *mem, SyncHyperCall::Name call) {
  switch (call) {
    case SyncHyperCall::kX86CPUID:
      asm volatile(
          "cpuid"
          : "=a"(state.gpr.rax.aword),
            "=b"(state.gpr.rbx.aword),
            "=c"(state.gpr.rcx.aword),
            "=d"(state.gpr.rdx.aword)
          : "a"(state.gpr.rax.aword),
            "b"(state.gpr.rbx.aword),
            "c"(state.gpr.rcx.aword),
            "d"(state.gpr.rdx.aword)
      );
      break;

    case SyncHyperCall::kX86ReadTSC:
      asm volatile(
          "rdtsc"
          : "=a"(state.gpr.rax.dword),
            "=d"(state.gpr.rdx.dword)
      );
      break;

    case SyncHyperCall::kX86ReadTSCP:
      asm volatile(
          "rdtscp"
          : "=a"(state.gpr.rax.aword),
            "=c"(state.gpr.rcx.aword),
            "=d"(state.gpr.rdx.aword)
          : "a"(state.gpr.rax.aword),
            "c"(state.gpr.rcx.aword),
            "d"(state.gpr.rdx.aword)
      );
      break;

    default:
      abort();
  }

  return mem;
}

How do I change this to 32 bit?

Error is:

run.cpp:160:18: error: invalid output size for constraint '=a'
          : "=a"(state.gpr.rax.aword),
                 ^
run.cpp:182:18: error: invalid output size for constraint '=a'
          : "=a"(state.gpr.rax.aword),
                 ^

sab24 avatar Apr 21 '20 09:04 sab24