X86 Prefix ordering

[lintile]

I have found an issue with prefix ordering that causes the disassembler to ignore both the osz and the repe/repne prefixes:

% ./quickcs 66 f2 af
scasd eax, dword ptr es:[edi]
% ./quickcs f2 66 af
repne scasw ax, word ptr es:[edi]

This is currently a problem in LLVM ToT, but the prefix handling in this base is much closer to reality. Thanks!

[radare]

As a note: udis86 shows repne scasw in both cases:

capstone

pair:~ pancake$ rasm2 -a x86.cs -d 66f2af
scasd eax, dword es:[edi]
pair:~ pancake$ rasm2 -a x86.cs -d f266af
repne scasw ax, word es:[edi]

udis86

pair:~ pancake$ rasm2 -a x86 -d f266af
repne scasw
pair:~ pancake$ rasm2 -a x86 -d 66f2af
repne scasw

olly disasm:

pair:~ pancake$ rasm2 -a x86.olly -d f266af
repne scas word ptr es:[edi]
pair:~ pancake$ rasm2 -a x86.olly -d 66f2af
repne scas word ptr es:[edi]

And I guess gnu would do something completely different here too :P

Who’s right?

On 18 Mar 2014, at 17:32, lintile notifications@github.com wrote:

I have found an issue with prefix ordering that causes the disassembler to ignore both the osz and the repe/repne prefixes:

% ./quickcs 66 f2 af
scasd eax, dword ptr es:[edi]
% ./quickcs f2 66 af
repne scasw ax, word ptr es:[edi]

This is currently a problem in LLVM ToT, but the prefix handling in this base is much closer to reality. Thanks!

—
Reply to this email directly or view it on GitHub.

[lintile]

Well, I can tell you that there are at least 3 different compilers on different platforms which generate this instruction, and when executed on the processor, they are equivalent.

[aquynh]

thanks for the report! we will work on these cases & get back to you soon.

usually when there are differences, we would trust IDAPro more than others.
so it is a good idea for you to try these with IDA, too.

best!

On Wed, Mar 19, 2014 at 12:40 AM, radare notifications@github.com wrote:

As a note: udis86 shows repne scasw in both cases:

capstone

pair:~ pancake$ rasm2 -a x86.cs -d 66f2af
scasd eax, dword es:[edi]
pair:~ pancake$ rasm2 -a x86.cs -d f266af
repne scasw ax, word es:[edi]

udis86

pair:~ pancake$ rasm2 -a x86 -d f266af
repne scasw
pair:~ pancake$ rasm2 -a x86 -d 66f2af
repne scasw

olly disasm:

pair:~ pancake$ rasm2 -a x86.olly -d f266af
repne scas word ptr es:[edi]
pair:~ pancake$ rasm2 -a x86.olly -d 66f2af
repne scas word ptr es:[edi]

And I guess gnu would do something completely different here too :P

Who's right?

On 18 Mar 2014, at 17:32, lintile notifications@github.com wrote:

I have found an issue with prefix ordering that causes the disassembler
to ignore both the osz and the repe/repne prefixes:

% ./quickcs 66 f2 af
scasd eax, dword ptr es:[edi]
% ./quickcs f2 66 af
repne scasw ax, word ptr es:[edi]

This is currently a problem in LLVM ToT, but the prefix handling in this
base is much closer to reality. Thanks!

Reply to this email directly or view it on GitHub.

Reply to this email directly or view it on GitHubhttps://github.com//issues/82#issuecomment-37955778
.

[lintile]

IDA agrees:

seg000:00000004 66 F2 AF repne scasw
seg000:00000007 F2 66 AF repne scasw

[radare]

udis wins

On 18 Mar 2014, at 17:58, lintile notifications@github.com wrote:

IDA agrees:

seg000:00000004 66 F2 AF repne scasw
seg000:00000007 F2 66 AF repne scasw

—
Reply to this email directly or view it on GitHub.

[aquynh]

Lintile, this problem has been fixed in the "next" branch. can you confirm?

thanks.

[aquynh]

this has been fixed in the "next" branch. if you still have this issue with some input, please reopen it.

thanks.