Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x64: failure to disassemble LIDT instructions #5577

Closed
sad-dev opened this issue Jul 20, 2023 · 1 comment
Closed

x64: failure to disassemble LIDT instructions #5577

sad-dev opened this issue Jul 20, 2023 · 1 comment
Assignees
@GhidorahRex
Labels
Feature: Processor/x86 Status: Internal This is being tracked internally by the Ghidra team Type: Bug Something isn't working
Milestone
10.3.3

Comments

@sad-dev
Copy link
Contributor

sad-dev commented Jul 20, 2023
edited

Describe the bug
The following are several (de-duped) byte patterns that Ghidra fails to disassemble on an x64 program, with corresponding disassembly from Capstone/IDA

0f 01 9d 98 01 00 00
lidt [rbp + 0x198]

0f 01 9f f6 00 00 00
lidt [rdi + 0xf6]

0f 01 59 66
lidt [rcx + 0x66]

0f 01 5d f7
lidt [rbp - 9]

image

image

image
@GhidorahRex GhidorahRex self-assigned this Jul 20, 2023
@GhidorahRex GhidorahRex added Type: Bug Something isn't working Feature: Processor/x86 Status: Triage Information is being gathered labels Jul 20, 2023
@GhidorahRex
Copy link
Collaborator

This is an issue with the constructors for the LIDT instruction. The 64-bit versions are specifying an opsize of 64, but the default opszize is 32 for 64-bit. The opsize parameter should be removed.

The SIDT instruction is also wrong here - it's using the 32-bit version, not the 64-bit version. It doesn't have the $(LONGMODE_OFF) restriction (but it should), and the opsize=2 should be removed from the 64-bit version.

@GhidorahRex GhidorahRex added Status: Internal This is being tracked internally by the Ghidra team and removed Status: Triage Information is being gathered labels Jul 20, 2023
@ryanmkurtz ryanmkurtz added this to the 10.3.3 milestone Jul 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GhidorahRex GhidorahRex

Labels
Feature: Processor/x86 Status: Internal This is being tracked internally by the Ghidra team Type: Bug Something isn't working
Projects
None yet
Milestone
10.3.3
Development

No branches or pull requests
3 participants
@ryanmkurtz @GhidorahRex @sad-dev