miasm icon indicating copy to clipboard operation
miasm copied to clipboard

Published 20 hours ago verified publisher icon cea-sec

NotImplementedError:

Open zzjss12 opened this issue 2 years ago • 5 comments

NotImplementedError: Mnemonic XGETBV not implemented. NotImplementedError: Mnemonic FNSAVE not implemented.

problem like this .

how it happend?

zzjss12 avatar May 24 '22 08:05 zzjss12

image

I use IDA Pro software to disassemble exe files. During this period, I will use miasm library. I find that different notimplemented errors will appear when I disassemble different programs. When I comment out the corresponding addop, the program may be disassembled successfully. So what is the addop operation? Do I have any other way to solve my problem? After all, every EXE file is very laborious if I do this

zzjss12 avatar May 24 '22 12:05 zzjss12

Hi @zzjss12 The addp is here to add an instruction to the disasm engine. So the code will be correctly disassembled. But, I think you are doing a Lift of the assembly code to the IR code. But the semantic of the xgetbv instruction is not defined in miasm, to during the lift of the xgetbv, you get the error that the instruction is missing. When you remove the addop, the disassembler won't be able to disasm it and the graph of the exec flow will stop at that unknown instruction. Later, when you will lift the code to ir, it works as the xgetbv is not prendsent on the asm listing. But you have an unfinished basic block, and so an unfinished IR representation.

serpilliere avatar May 24 '22 15:05 serpilliere

Thanks a lot . Miasm doesn't add semantics. Does that mean that the latest miasm doesn't support these scripts.If so, maybe I have to accept a small number of wrong results.

zzjss12 avatar May 25 '22 01:05 zzjss12

@serpilliere Are there any plans to implement this? And if not how hard would it be to implement these two instructions myself? Is there any guideline how to add instructions to the lifter? And also would you take and review a PR adding these?

JHeinzde avatar Jun 17 '22 12:06 JHeinzde

Hi @JHeinzde The instruction is interesting as there is an arbitrary number of control register. The instruction can be implemented with the following mecanism: simply raise an excecption in the IR (like int 0x3 for example) which will call a python callback to store or get the value of the register during emulation. Thus, you can manipulate the value and do some specific behavior to react to crx modifications for example. However, if your goal is to analyse the IR code, this model is a bit annoying.

serpilliere avatar Jun 30 '22 06:06 serpilliere