capstone icon indicating copy to clipboard operation
capstone copied to clipboard
verified publisher icon capstone-engine

Printers ignore HEX_THRESHOLD for negative values

Open arnaud-lb opened this issue 8 months ago • 1 comments

Work environment

Questions Answers
System Capstone runs on OS/arch/bits Fedora 41 x86_64
Capstone module affected x86
Source of Capstone Fedora package
Version/git commit 5.0.1-6.fc41

Instruction bytes giving faulty results

0x48,0xb8,0xff,0xff,0xff,0xff,0xff,0xf3,0xff,0xff

Expected results

It should be:

movabsq	$0xfffff3ffffffffff, %rax

But I got:

movabsq	$18446730879570018303, %rax

The immediate value is represented as decimal instead of hexadecimal.

This seems to have changed in capstone 5.x, as 4.x displays the expect result. This is not really an incorrect result, but the fact that different capstone versions yield different results is inconvenient.

Steps to get the wrong result

$ cstool x64att 0x48,0xb8,0xff,0xff,0xff,0xff,0xff,0xf3,0xff,0xff
 0  48 b8 ff ff ff ff ff f3 ff ff                    movabsq	$18446730879570018303, %rax

arnaud-lb avatar Apr 02 '25 11:04 arnaud-lb

Seems to be specific to x86 (but likely some other none Auto-Sync archs). Because the printer doesn't use the printInt... functions from SStream.c:

https://github.com/capstone-engine/capstone/blob/5058c6342e42d52f35b79dd95f4a19f99b7c479b/arch/X86/X86ATTInstPrinter.c#L267-L279

Rot127 avatar Apr 02 '25 11:04 Rot127