edb-debugger icon indicating copy to clipboard operation
edb-debugger copied to clipboard

Published 20 hours ago verified publisher icon eteran

Disassember can‘t support Intel CET instruction

Open xuhancn opened this issue 2 years ago • 4 comments

in ObjDump: 0000000007f01e90 <Sleef_ilogbd4_avx2>: 7f01e90: f3 0f 1e fa endbr64 <-- this instruction.

in edb-debugger: 00007f6c:952e1e90 f3 db 0xf3 00007f6c:952e1e91 0f db 0x0f 00007f6c:952e1e92 1e db 0x1e 00007f6c:952e1e93 fa cli

I don't know, what disassember core was used here. It should be fixed to support CET instruction.

xuhancn avatar Nov 28 '21 12:11 xuhancn

EDB uses Capstone for disassembly. Unfortunately, there're a lot of open issues there, about a dozen of which were opened by me ~5 years ago and still unresolved (or forgotten).

Maybe it was not the best choice of an engine...

10110111 avatar Nov 28 '21 12:11 10110111

Whether consider to replace disassembler engine to Zydis? https://github.com/zyantific/zydis

xuhancn avatar Nov 29 '21 02:11 xuhancn

@xuhancn worth invvestigating if it's a superior choice. At the time, capstone was "the best" by mist accounts, but what we really need is a solid library that is not only easy to work with, but is well maintained as the architectures evolve over time.

eteran avatar Dec 02 '21 03:12 eteran

I strong suggest to use zydis, due to my ex-employer use it in million users production. But it looks only support x86.

xuhancn avatar Dec 02 '21 03:12 xuhancn