nmd icon indicating copy to clipboard operation
nmd copied to clipboard

Published 20 hours ago verified publisher icon Nomade040

Fix disassembly of mov drX, reg

Open mrexodia opened this issue 3 years ago • 0 comments

Was using it to handle some privileged instructions and it looks like the rex prefix isn't handled correctly. For some reason the disassembly text was correct, but the structure reported the wrong register.

The code I was using:

https://github.com/mrexodia/driver_unpacking/blob/4f2db064fabfc828549eba80d4b57ce80f0daa43/ntoskrnl/ntoskrnl.cpp#L111-L131

mrexodia avatar Dec 26 '21 00:12 mrexodia