Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decode REG+REG*X as REG*(X+1) #678

AaronOpfer opened this Issue Sep 29, 2018 · 2 comments


None yet
3 participants
Copy link

AaronOpfer commented Sep 29, 2018

The instruction MOVZX EAX, [RAX+RAX*4+0x5CFEA60] appeared in an application I was debugging and, while I understand the instruction's bytecode translates literally to this instruction, I think it would make sense to instead represent this as MOVZX EAX, [RAX*5+0x5CFEA60].


This comment has been minimized.

Copy link

10110111 commented Sep 29, 2018

Might be better to first try asking for this at Capstone's issue tracker. If they refuse, then we'll have to add one more tweak of the disassembly.


This comment has been minimized.

Copy link

eteran commented Sep 30, 2018

I agree, that this is a capstone "issue". And I use the word issue lightly because capstone is technically doing the right thing and what you suggest is merely a visual simplification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.