capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

Issue in detail feature for ARM post-incrementing ldrb/strb instructions

Open chiffreKing opened this issue 1 year ago • 2 comments

There are different instructions where the access details of memory operands is incorrect interpreted:

cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb   r3, [r1], #1
        ID: 84 (ldrb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: WRITE
                operands[1].type: MEM
                        operands[1].mem.base: REG = r1
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r1
        Registers modified: r3 r1
        Groups: thumb2


cstool -d thumb 00f8013b
 0  00 f8 01 3b  strb   r3, [r0], #1
        ID: 241 (strb)
        op_count: 3
                operands[0].type: REG = r3
                operands[0].access: READ
                operands[1].type: MEM
                        operands[1].mem.base: REG = r0
                operands[2].type: IMM = 0x1
        Write-back: True
        Registers read: r3 r0
        Registers modified: r0
        Groups: thumb2

As you can see in both cases the access type for both memory operations is missing. Using capstone v5.0.1

chiffreKing avatar Feb 28 '24 14:02 chiffreKing

They work in the next branch:

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb	r3, [r1], #1
	ID: 23 (ldrb)
	op_count: 2
		operands[0].type: REG = r3
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.scale: 0
			operands[1].mem.disp: 0x1
		operands[1].access: READ
	Write-back: True
	Post index: True
	Registers read: r1
	Registers modified: r1 r3
	Groups: IsThumb2 

$ ./cstool -d thumb 11f8013b
 0  11 f8 01 3b  ldrb	r3, [r1], #1
	ID: 23 (ldrb)
	op_count: 2
		operands[0].type: REG = r3
		operands[0].access: WRITE
		operands[1].type: MEM
			operands[1].mem.base: REG = r1
			operands[1].mem.scale: 0
			operands[1].mem.disp: 0x1
		operands[1].access: READ
	Write-back: True
	Post index: True
	Registers read: r1
	Registers modified: r1 r3
	Groups: IsThumb2

I would advice you to use it. It contains way more precise disassembly and also supports the newly added processor extensions.

Rot127 avatar Mar 05 '24 04:03 Rot127

@chiffreKing Can you provide me with a list of instructions which have the incorrect access flags? I would fix them manually and they can be part of the v5.0.2 release. If you don't have a list, I would only fix the two you mention. Because investigating which instructions are all broken in v5 takes way too long. And we have the better next branch.

Rot127 avatar Apr 24 '24 07:04 Rot127