You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sleigh documentation says the following about the STORE instruction:
This instruction is the complement of LOAD. The data in the variable input2 is stored at a dynamic location by dereferencing a pointer. As with LOAD, the “pointer” comes in two pieces: a space ID part, and an offset variable. The size of input1 must match the address space specified by the ID, and the amount of data stored is determined by the size of input2.
(Emphasis Mine)
My interpretation of that is that any pointer into a space in the STORE instruction MUST be the same width as the domain of the space.
However, some segmented-addressing instructions in x64 break this rule. For example:
0046cdf6 67 6c INSB ES:EDI,DX
$U8b00:4 = COPY EDI
$U8b80:4 = INT_ADD EDI, 1:4
$U8c00:4 = INT_ZEXT DF
$U8c80:4 = INT_MULT 2:4, $U8c00:4
EDI = INT_SUB $U8b80:4, $U8c80:4
$U8d80:1 = CALLOTHER "in", DX
STORE ram($U8b00:4), $U8d80:1
Note that the RAM address is 4-bytes wide even though RAM is an 8-byte-wide space (x86:LE:64:default).
Am I misunderstanding the sleigh documentation or should this STORE's address be 8-bytes wide?
The text was updated successfully, but these errors were encountered:
The sleigh documentation says the following about the STORE instruction:
(Emphasis Mine)
My interpretation of that is that any pointer into a space in the STORE instruction MUST be the same width as the domain of the space.
However, some segmented-addressing instructions in x64 break this rule. For example:
Note that the RAM address is 4-bytes wide even though RAM is an 8-byte-wide space (
x86:LE:64:default
).Am I misunderstanding the sleigh documentation or should this STORE's address be 8-bytes wide?
The text was updated successfully, but these errors were encountered: