Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Decode REG+REG*X as REG*(X+1) #678

Open
AaronOpfer opened this Issue Sep 29, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@AaronOpfer
Copy link
Contributor

AaronOpfer commented Sep 29, 2018

The instruction MOVZX EAX, [RAX+RAX*4+0x5CFEA60] appeared in an application I was debugging and, while I understand the instruction's bytecode translates literally to this instruction, I think it would make sense to instead represent this as MOVZX EAX, [RAX*5+0x5CFEA60].

@10110111

This comment has been minimized.

Copy link
Contributor

10110111 commented Sep 29, 2018

Might be better to first try asking for this at Capstone's issue tracker. If they refuse, then we'll have to add one more tweak of the disassembly.

@eteran

This comment has been minimized.

Copy link
Owner

eteran commented Sep 30, 2018

I agree, that this is a capstone "issue". And I use the word issue lightly because capstone is technically doing the right thing and what you suggest is merely a visual simplification.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.