LightHook icon indicating copy to clipboard operation
LightHook copied to clipboard
verified publisher icon SamuelTulach

GetInstructionSize returns wrong value for four byte sub rsp

Open ProN00b opened this issue 1 year ago • 1 comments

GetInstructionSize returns wrong value for 48 81 ec d0 00 00 00 sub rsp,0xd0 returns 11, should return 7.

ProN00b avatar Apr 21 '24 15:04 ProN00b 

    else if ((HOOK_R < 4 && (HOOK_C == 5 || HOOK_C == 0xD)) || (HOOK_R == 0xB && HOOK_C >= 8) || (*b == 0xF7 && !(*(b + 1) & 48)) || FindByte(OP1_IMM32, sizeof(OP1_IMM32), *b))

"& 48" ?? I think this should be & 0x48 This is actually in 2 places. I could be wrong, but decimal 48 (0x30) seems... wrong??

VXACDev avatar May 09 '24 21:05 VXACDev

The handling was indeed incorrect. I've added more checks and added a test program. It should now correctly handle instructions with REX.W bit set. Please let me know if you find any more problems.

image

^ old version would fail at 30+ instances

SamuelTulach avatar Jul 26 '24 12:07 SamuelTulach