Unable to disassemble specific instruction in RISCV

[trojanwarriors]

I tried to disassemble a specific instruction, and Capstone couldn't return with the correct output The following Python code reproduces the error:

# test1.py
from capstone import *

md = Cs(CS_ARCH_RISCV, CS_MODE_RISCVC)

# 1001 0100 0010 0101 0011 0101 0000 0011
# (1001 0100 0010) (0101 0)(011) (0101 0)000 0011
# ld x10, -1726(x10)
# 0x94253503

CODE = b"\x03\x35\x25\x94"
print("First instruction: ")
for i in md.disasm(CODE, 0x00000690):
    print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

CODE = b"\x03\x25\x35\x94"
print("Second instruction: ")
for i in md.disasm(CODE, 0x00000690):
    print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

The output shows that only the second instruction could be disassembled:

[trojanwarriors]

another instruction: 0x63cd3d03 -> ld x26, 1596(x26). It seems it is affecting LD instructions. The interesting part is that tools like ROPGadget can disassemble it correctly.

[Rot127]

Unfortunately, the RISCV module is still not updated and is at the level of LLVM 7. This is likely why it isn't decoding it. Checkout https://github.com/capstone-engine/capstone/issues/2015 for any progress in this regard.

[trojanwarriors]

I am sorry. I couldn't find a way to send a private message to you, Rot127, so I am sending it here. Can I work to fix this issue? I just saw a Kaban-like dashboard after clicking the link Capstone V6 Plan. How does the collaboration work?

[Rot127]

Can you ping me in the Telegram channel of Capstone, please?

[Rot127]

If you can't use Telegram I would write something properly out for RISCV, but it will take a day or two.

[Rot127]

@trojanwarriors There is the idea to generate the RISCV module not from LLVM, but use SAIL. Because the definitions have way better quality. So please ping us before starting to work on anything.

[trojanwarriors]

It is working now with CS_MODE_RISCV64 instead of CS_MODE_RISCVC. Great!