add not setting zf flag #40

brandonros · 2022-10-07T21:55:53Z

1426 0x144fdff35: mov   r9,[rsi]
	mem_trace: rip = 144fdff35 read 64 bits ->  0x14f498: 0x217  map:'stack'
	diff_flags: rip = 144fdff35 
	diff_reg: rip = 144fdff35 r9 1db36b3a -> 217; 
	rax: 0xfffffffffffeebe0 rbx: 0x3fd49 rcx: 0x0 rdx: 0x74256658f92d6bae rsi: 0x14f498 rdi: 0x144e471d7 rbp: 0x144fdff35 rsp: 0x14f290
	r8: 0x0 r9: 0x217 r10: 0x8bda99a706d29452 r11: 0x7425665806caaf4b r12: 0x1448a76a4 r13: 0x0 r14: 0x140000000 r15: 0x0
	r8u: 0x0 r9u: 0x0 r10u: 0x8bda99a7 r11u: 0x74256658 r12u: 0x1 r13u: 0x0 r14u: 0x1 r15u: 0x0
	r8d: 0x0 r9d: 0x217 r10d: 0x6d29452 r11d: 0x6caaf4b r12d: 0x448a76a4 r13d: 0x0 r14d: 0x40000000 r15d: 0x0
	r8w: 0x0 r9w: 0x217 r10w: 0x9452 r11w: 0xaf4b r12w: 0x76a4 r13w: 0x0 r14w: 0x0 r15w: 0x0
	r8l: 0x0 r9l: 0x17 r10l: 0x52 r11l: 0x4b r12l: 0xa4 r13l: 0x0 r14l: 0x0 r15l: 0x0
	zf: false pf: true af: false of: false sf: false df: false cf: true tf: false if: true nt: false

  {
    "i": 1425,
    "iHex": "591",
    "x64dbgLine": {
      "rawLine": {
        "Index": "00591",
        "Address": "0000000144FDFF35",
        "Bytes": "4C:8B0E",
        "Disassembly": "mov r9,qword ptr ds:[rsi]",
        "Registers": "r9: 1DB36B3A-> 257",
        "Memory": "000000000014F498: 257-> 257",
        "Comments": ""
      },
      "rip": "144fdff35",
      "registerChanges": [
        {
          "registerName": "r9",
          "previousValue": "1db36b3a",
          "newValue": "257"
        }
      ],
      "memoryChanges": [
        "000000000014F498: 257-> 257"
      ]
    },
    "scemuLine": {
      "rawLine": "diff_reg: rip = 144fdff35 r9 1db36b3a -> 217;",
      "rip": "144fdff35",
      "registerChanges": [
        {
          "registerName": "r9",
          "previousValue": "1db36b3a",
          "newValue": "217"
        }
      ],
      "memoryChanges": []
    },
    "instructionErrors": [
      {
        "index": 0,
        "message": "newValue mismatch",
        "x64dbg": "257",
        "scemu": "217"
      }
    ]
  },

The text was updated successfully, but these errors were encountered:

sha0coder · 2022-10-08T16:37:23Z

It's a flags problem, a previous pushfq is pushing the 0x217 instead of 0x257

brandonros · 2022-10-10T17:15:23Z

1400 0x144ff137d: pushfq
	mem_trace: pos = 1400 rip = 144ff137d op = write bits = 64 address = 0x14f290 value = 0x217 name = 'stack'
	diff_flags: pos = 5452534653 rip = 577 
	diff_reg: pos = 1399 rip = 144ff137d rsp 14f290 -> 14f288; 
	rax: 0x0 rbx: 0x3fd49 rcx: 0x0 rdx: 0x74256658f92d6bae rsi: 0x14f498 rdi: 0x144e471db rbp: 0x144ff1355 rsp: 0x14f288
	r8: 0x0 r9: 0x1db36b3a r10: 0x8bda99a706d29452 r11: 0x74256658f93444ab r12: 0x1448a76a4 r13: 0x0 r14: 0x140000000 r15: 0x0
	r8u: 0x0 r9u: 0x0 r10u: 0x8bda99a7 r11u: 0x74256658 r12u: 0x1 r13u: 0x0 r14u: 0x1 r15u: 0x0
	r8d: 0x0 r9d: 0x1db36b3a r10d: 0x6d29452 r11d: 0xf93444ab r12d: 0x448a76a4 r13d: 0x0 r14d: 0x40000000 r15d: 0x0
	r8w: 0x0 r9w: 0x6b3a r10w: 0x9452 r11w: 0x44ab r12w: 0x76a4 r13w: 0x0 r14w: 0x0 r15w: 0x0
	r8l: 0x0 r9l: 0x3a r10l: 0x52 r11l: 0xab r12l: 0xa4 r13l: 0x0 r14l: 0x0 r15l: 0x0
	zf: false pf: true af: true of: false sf: false df: false cf: true tf: false if: true nt: false

brandonros · 2022-10-10T17:16:03Z

need to have 0x257 instead of 0x217

brandonros · 2022-10-10T17:16:36Z

zf true pf true af true
of false sf false df false
cf true tf false if true

zf: false pf: true af: true
of: false sf: false df: false
cf: true tf: false if: true
nt: false

looks like it is just zf

brandonros · 2022-10-10T17:16:52Z

572 | 0000000144FF136B     | 48:03CA                  | add rcx,rdx                             | rcx: 8BDA99A706D2 |                                                                                          |

sets zf

brandonros · 2022-10-10T17:18:02Z

https://www.felixcloutier.com/x86/add

brandonros · 2022-10-10T17:18:11Z

1394 0x144ff136b: add   rcx,rdx
	diff_flags: pos = 5452534635 rip = 571 f_cf 0 -> 1; 
	diff_reg: pos = 1393 rip = 144ff136b rcx 8bda99a706d29452 -> 0; 
	rax: 0x9bb40a00 rbx: 0x3fd49 rcx: 0x0 rdx: 0x74256658f92d6bae rsi: 0x14f498 rdi: 0x144e471db rbp: 0x144ff1355 rsp: 0x14f290
	r8: 0x0 r9: 0x1db36b3a r10: 0x8bda99a706d29452 r11: 0x74256658f93444ab r12: 0x1448a76a4 r13: 0x0 r14: 0x140000000 r15: 0x0
	r8u: 0x0 r9u: 0x0 r10u: 0x8bda99a7 r11u: 0x74256658 r12u: 0x1 r13u: 0x0 r14u: 0x1 r15u: 0x0
	r8d: 0x0 r9d: 0x1db36b3a r10d: 0x6d29452 r11d: 0xf93444ab r12d: 0x448a76a4 r13d: 0x0 r14d: 0x40000000 r15d: 0x0
	r8w: 0x0 r9w: 0x6b3a r10w: 0x9452 r11w: 0x44ab r12w: 0x76a4 r13w: 0x0 r14w: 0x0 r15w: 0x0
	r8l: 0x0 r9l: 0x3a r10l: 0x52 r11l: 0xab r12l: 0xa4 r13l: 0x0 r14l: 0x0 r15l: 0x0
	zf: false pf: true af: true of: false sf: false df: false cf: true tf: false if: true nt: false
	```

brandonros changed the title ~~memory in 0x14f498 out of sync~~ add not setting zf flag Oct 10, 2022

sha0coder closed this as completed Oct 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add not setting zf flag #40

add not setting zf flag #40

brandonros commented Oct 7, 2022 •

edited

sha0coder commented Oct 8, 2022 •

edited

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

add not setting zf flag #40

add not setting zf flag #40

Comments

brandonros commented Oct 7, 2022 • edited

sha0coder commented Oct 8, 2022 • edited

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 10, 2022

brandonros commented Oct 7, 2022 •

edited

sha0coder commented Oct 8, 2022 •

edited