Wrong disassembly of 32-bit registers and immediate operands in 64-bit mode #1448

Open
lhmouse opened this Issue Feb 2, 2017 · 5 comments

Projects

None yet

2 participants

@lhmouse
lhmouse commented Feb 2, 2017

On x64 the machine code 83 F9 FF is decoded as cmp ecx, FFFFFFFFFFFFFFFF which compares a 32-bit register with a 64-bit immediate. In spite that the immediate is sign-extended, if an unsigned format is preferred the correct code should be cmp ecx, FFFFFFFF.

@lhmouse
lhmouse commented Feb 3, 2017 edited

How is this not reproduced??
You just pick an arbitrary x64 executable, open it with x96dbg, press Ctrl+E in the disassembly tab, enter 83 f9 ff then Click OK.
9411

@mrexodia
Member
mrexodia commented Feb 3, 2017 edited

@lhmouse the not reproduced label means that I have not reproduced the issue yet. Obviously the creator of the issue (eg you) reproduced the issue but that's not very relevant to the issue management from my side.

@lhmouse
lhmouse commented Feb 3, 2017

Oh fair enough. The label is extremely misleading to me.

@mrexodia mrexodia removed the not reproduced label Feb 3, 2017
@lhmouse
lhmouse commented Feb 3, 2017

Thanks.

One more word: I didn't receive any notification about the action that someone (you) had added some labels. Would you please add a comment after it, letting people (me) know they must provide more information?

@mrexodia
Member
mrexodia commented Feb 3, 2017

No, I did not require more information. The labels on issues are intended for developers, in general they are not relevant for the person reporting the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment