capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

[X86] Disassembly Error, over-decode invalid instruction with mutual exclusive prefix

Open venkyqz opened this issue 1 year ago • 2 comments

Work environment

Questions Answers
OS/arch/bits x86_64 Ubuntu 20.04
Architecture x86_64
Source of Capstone git clone, default on next branch.
Version/git commit v6.0.0, d7be5f9

Instruction bytes giving faulty results

0xf0,0xf2,0x41,0x0f,0xb7,0xd6

Expected results

It should be:

ERROR: invalid assembly code

Steps to get the wrong result

With cstool:

$ ./cstool -d x64 "0xf0,0xf2,0x41,0x0f,0xb7,0xd6"
 0  f0 f2 41 0f b7 d6                                movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx
        
$ ./cstool -d x64 "0xf0,0x41,0x0f,0xb7,0xd6" 
ERROR: invalid assembly code

$ ./cstool -d x64 "0xf2,0x41,0x0f,0xb7,0xd6"
 0  f2 41 0f b7 d6                                   movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx

Additional Logs, screenshots, source code, configuration dump, ...

Capstone correctly identifies that the LOCK prefix (0xf0) is incompatible with the movzx instruction. It also has no problem with the REPNE/REPNZ prefix (0xf2). However, it fails to recognize that the prefixes 0xf2 and 0xf0 are mutually exclusive and cannot appear together in a single instruction. In contrast, both XED and Zydis disassemblers return an 'invalid assembly code' error for the sequence 0xf0, 0xf2, 0x41, 0x0f, 0xb7, 0xd6

venkyqz avatar Nov 14 '24 08:11 venkyqz

Thanks for reporting it. Idk what your use case is, but please also take a look at https://github.com/capstone-engine/capstone/discussions/2505.

Rot127 avatar Nov 14 '24 11:11 Rot127

Thanks for reporting it. Idk what your use case is, but please also take a look at #2505.

Hi, Rot. Thank you for your prompt reply! I think unified x86 instruction modeling will help the x86 software instruction decoder community.

venkyqz avatar Nov 18 '24 10:11 venkyqz