beaengine
beaengine copied to clipboard
Published
20 hours ago •
BeaEngine
BeaEngine
Cannot correctly explain the operand access mode of the bts instruction
trafficstars
disinfo.CompleteInstr: bts qword ptr ds:[rcx], 08h disinfo.Instruction.Category: 10005 disinfo.AccessMode: 1
I think the access mode of this instruction should be READ+WRITE
you are right, actually, when operand is READ+WRITE, BeaEngine uses WRITE but it is wrong. Work in progress...
fixed in commit fb42d80
from BeaEnginePython import *
buffer = bytes.fromhex('480fba2908')
instr = Disasm(buffer)
instr.read()
print(instr.json())
output is:
{
"repr": "bts qword ptr [rcx], 08h",
"category": "GENERAL_PURPOSE_INSTRUCTION",
"mnemonic": "bts",
"bytes": "48 0f ba 29 08",
"error": 0,
"arch": 64,
"operands": {
"1": {
"repr": "rcx",
"type": "memory",
"size": 64,
"mode": "read+write",
"memory": {
"base": "REG1",
"index": "",
"scale": 0,
"displacement": "0x0"
}
},
"2": {
"repr": "08h",
"type": "constant",
"size": 8,
"mode": "read"
}
},
"registers": {
"modified": {
"type": 32,
"gpr": "",
"mmx": "",
"xmm": "",
"ymm": "",
"zmm": "",
"special": "REG0",
"cr": "",
"dr": "",
"mem_management": "",
"mpx": "",
"opmask": "",
"segment": "",
"fpu": "",
"tmm": ""
},
"read": {
"type": 2049,
"gpr": "REG1",
"mmx": "",
"xmm": "",
"ymm": "",
"zmm": "",
"special": "",
"cr": "",
"dr": "",
"mem_management": "",
"mpx": "",
"opmask": "",
"segment": "REG1",
"fpu": "",
"tmm": ""
}
},
"rflags": {
"of": "undef",
"sf": "undef",
"zf": "undef",
"af": "undef",
"pf": "undef",
"cf": "modified",
"tf": null,
"if": null,
"df": null,
"nt": null,
"rf": null
},
"immediat": "0x8"
}
Last release 5.3.0 is now available : https://github.com/BeaEngine/beaengine/releases/tag/v5.3.0