capstone
capstone copied to clipboard
capstone-engine
LEA Memory Operand listed as a read
I'm on the 'next' branch using python bindings. I find that the LEA instruction reports that it reads from memory via i.operands->access
operand_data = [[],[],[],[]]
for operand in i.operands:
if operand.type == X86_OP_MEM:
data = operand.size
if operand.access & capstone.CS_AC_READ:
operand_data[2].append(data)
if operand.access & capstone.CS_AC_WRITE:
operand_data[3].append(data)
One of the failing cases byte code: b'448d4258'
Related to issue #301 (linking not showing up, so: ) https://github.com/aquynh/capstone/issues/301#issue-65073528
It looks like it was fixed at one point, but those changes do not still seem to be present. Am I missing something?
These changes were reverted in https://github.com/aquynh/capstone/commit/aceb2bb8a14e3fcc4554f77a775c2d578177e556
These changes were reverted in aceb2bb
Hello , So how to solve this problem in the end? I will download the latest capstone, or I will parse the second operand of lea instruction into MEM type
As far as I know the issue is unfixed. The LEA instruction does have a memory operand. The issue is whether that operand should be marked as READ or not.
In the meantime I’ve just been using a small workaround, but thought I’d leave this comment here in case anyone else runs into the same problem so they knew what the current behaviour was.
While the operand is a memory operand, if READ flag really means READ memory access, it cannot be set. All is about the meaning you give to READ flag.
De: "WorksButNotTested" @.> À: "aquynh/capstone" @.> Cc: "Subscribed" @.***> Envoyé: Jeudi 8 Juillet 2021 11:09:30 Objet: Re: [aquynh/capstone] LEA Memory Operand listed as a read (#1563)
As far as I know the issue is unfixed. The LEA instruction does have a memory operand. The issue is whether that operand should be marked as READ or not.
In the meantime I’ve just been using a small workaround, but thought I’d leave this comment here in case anyone else runs into the same problem so they knew what the current behaviour was.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, [ https://github.com/aquynh/capstone/issues/1563#issuecomment-876270784 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AAAN3ULB4XOWRC5PM5ZHQCLTWVTMVANCNFSM4JJ7QPJA | unsubscribe ] .
Exactly. In my case, the LEA instruction was being used by the compiler to perform simple addition/subtraction. Given the base register wasn’t a valid address, the memory operand in this case didn’t point to valid memory.
Exactly. In my case, the LEA instruction was being used by the compiler to perform simple addition/subtraction. Given the base register wasn’t a valid address, the memory operand in this case didn’t point to valid memory.
I still don't think this can be resolved to MEM type. The lea instruction never reads or writes data from memory. I think this should be changed to invalid type
It’s still a memory operand. It’s just a question of whether the operand should be marked CS_AC_READ or CS_AC_IGNORE. That depends on the semantics of what CS_AC_READ actually means. Unfortunately, I couldn’t see any clear documentation on that. I’d assumed it meant one thing, but perhaps the authors intended it to mean something else.
It might not actually be a bug, the library might be working as designed and I just made a wrong assumption about how to use it. Just figured I’d leave the link to the commit as the behaviour has clearly changed over time.