capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

ARM LDRD instruction third operand not present operands list

Open udiboy1209 opened this issue 1 year ago • 3 comments

When parsing the ldrd ARM instruction, I do not see the third operand for the memory address in the operands list, but it shows up correctly in the op_str.

Code snippet to reproduce:

from capstone import *
from capstone.arm import *

md = Cs(CS_ARCH_ARM, CS_MODE_ARM)
md.detail = True
byt = b"\xd0\x20\xc5\xe1"
for insn in md.disasm(byt, offset=0):
    print("Mne:", insn.mnemonic)
    print("Opstr:", insn.op_str)
    for op in insn.operands:
        print("Op:", op.type)
        if op.type == ARM_OP_REG:
            print("  reg:", insn.reg_name(op.value.reg))

Output is

Mne: ldrd
Opstr: r2, r3, [r5]
Op: 1
  reg: r2
Op: 1
  reg: r3

There are only two registers in the operands list, while op_str correctly shows the third operand [r5]. Am I doing something wrong in accessing the operand list?

I am using version 5.0.1 via the python API.

udiboy1209 avatar Jan 26 '24 00:01 udiboy1209

It is very unlikely that this will be fixed due to https://github.com/capstone-engine/capstone/issues/2089. In the next branch the instruction is disassembled correctly. Also it has many more features and is more precise:

./cstool -d arm "\xd0\x20\xc5\xe1"
 0  d0 20 c5 e1  ldrd	r2, r3, [r5]
	ID: 112 (ldrd)
	op_count: 3
		operands[0].type: REG = r2
		operands[0].access: WRITE
		operands[1].type: REG = r3
		operands[1].access: WRITE
		operands[2].type: MEM
			operands[2].mem.base: REG = r5
			operands[2].mem.scale: 0
		operands[2].access: READ
	Registers read: r5
	Registers modified: r2 r3
	Groups: IsARM HasV5TE

If you rely on a release there should be a pre-release soon. cc @kabeor for pre-release info

Rot127 avatar Jan 26 '24 05:01 Rot127

I built and installed the next branch but that does not fix the issue. The cstool shows the same correct output as you have shown, but the python binding still gives the wrong result. I also built the version 5.0.1 and checked cstool output. It identifies all three operands, but with less information (which is fine for my use case right now).

I believe the issue is with the python bindings and not in the library itself.

I will try to debug this further myself. If you can point me to places where I can start, that would be really helpful!

udiboy1209 avatar Jan 26 '24 20:01 udiboy1209

Weird. Make sure that you have not v4 installed and clean the complete capstone dir from build files. Or clone it freshly. It might be, that the Python bindings use the incorrect library.

Rot127 avatar Jan 27 '24 01:01 Rot127

@Rot127 sorry for the late response. There was no other capstone version on my machine, and I did a clean install.

udiboy1209 avatar Mar 18 '24 19:03 udiboy1209

The next branch does fix this issue. I don't know what I was doing wrong before. I also checked #2280 and #2286 and both are fixed in the next branch latest commit.

Closing this, thanks @Rot127 for your help!

udiboy1209 avatar Mar 18 '24 20:03 udiboy1209