From 1805a9edec384bd9976e7f14dcfaf668a58ab37e Mon Sep 17 00:00:00 2001
From: "BITDEFENDER\\vlutas" <vlutas@bitdefender.com>
Date: Thu, 14 Jul 2022 13:42:37 +0300
Subject: [PATCH] Fixed flag setting for ADC, SBB, SAR and IMUL instructions.

---
 bdshemu/bdshemu.c             |  47 +++++++++++++++++++++-------------
 bdshemu_test/bdshemu_test.zip | Bin 74758 -> 78024 bytes
 bindings/pybddisasm/setup.py  |   2 +-
 inc/version.h                 |   2 +-
 4 files changed, 31 insertions(+), 20 deletions(-)

diff --git a/bdshemu/bdshemu.c b/bdshemu/bdshemu.c
index c69d00e..2f30283 100644
--- a/bdshemu/bdshemu.c
+++ b/bdshemu/bdshemu.c
@@ -422,8 +422,9 @@ ShemuSetFlags(
     }
     else if (FM_SAR == FlagsMode)
     {
-        // CF is the last bit shifted out of the destination.
-        if (ND_GET_BIT(Src2 - 1, Src1))
+        // CF is the last bit shifted out of the destination. In case of SAR, if the shift ammount exceeds the operand
+        // size, CF will be 1 if the result is -1, or 0 if the result is 0.
+        if (ND_GET_BIT(Src2 - 1, Src1) || ((Src2 >= (ND_UINT64)Size * 8) && Dst != 0))
         {
             Context->Registers.RegFlags |= NDR_RFLAG_CF;
         }
@@ -437,11 +438,11 @@ ShemuSetFlags(
     else
     {
         // Set CF.
-        if ((FM_SUB == FlagsMode) && (Src1 < Src2))
+        if ((FM_SUB == FlagsMode) && ((Src1 < Src2) || (Src1 == Src2 && Dst != 0)))
         {
             Context->Registers.RegFlags |= NDR_RFLAG_CF;
         }
-        else if ((FM_ADD == FlagsMode) && (Dst < Src1))
+        else if ((FM_ADD == FlagsMode) && ((Dst < Src1) || (Dst == Src1 && Src2 != 0)))
         {
             Context->Registers.RegFlags |= NDR_RFLAG_CF;
         }
@@ -1107,7 +1108,7 @@ ShemuSetMemValue(
 
 
 //
-// IntWinShcSetOperandValue
+// ShemuGetOperandValue
 //
 static SHEMU_STATUS
 ShemuGetOperandValue(
@@ -1293,7 +1294,7 @@ done_gla:;
 
 
 //
-// IntWinShcSetOperandValue
+// ShemuSetOperandValue
 //
 static SHEMU_STATUS
 ShemuSetOperandValue(
@@ -1945,14 +1946,14 @@ ShemuEmulate(
             GET_OP(Context, 0, &dst);
             GET_OP(Context, 1, &src);
 
+            res.Size = src.Size;
+            res.Value.Qwords[0] = dst.Value.Qwords[0] + src.Value.Qwords[0];
+
             if (ND_INS_ADC == Context->Instruction.Instruction)
             {
-                src.Value.Qwords[0] += GET_FLAG(Context, NDR_RFLAG_CF);
+                res.Value.Qwords[0] += GET_FLAG(Context, NDR_RFLAG_CF);
             }
 
-            res.Size = src.Size;
-            res.Value.Qwords[0] = dst.Value.Qwords[0] + src.Value.Qwords[0];
-
             SET_FLAGS(Context, res, dst, src, FM_ADD);
             SET_OP(Context, 0, &res);
 
@@ -1964,14 +1965,14 @@ ShemuEmulate(
             GET_OP(Context, 0, &dst);
             GET_OP(Context, 1, &src);
 
+            res.Size = src.Size;
+            res.Value.Qwords[0] = dst.Value.Qwords[0] - src.Value.Qwords[0];
+
             if (ND_INS_SBB == Context->Instruction.Instruction)
             {
-                src.Value.Qwords[0] += GET_FLAG(Context, NDR_RFLAG_CF);
+                res.Value.Qwords[0] -= GET_FLAG(Context, NDR_RFLAG_CF);
             }
 
-            res.Size = src.Size;
-            res.Value.Qwords[0] = dst.Value.Qwords[0] - src.Value.Qwords[0];
-
             SET_FLAGS(Context, res, dst, src, FM_SUB);
 
             if (ND_INS_CMP != Context->Instruction.Instruction)
@@ -2521,20 +2522,29 @@ check_far_branch:
 
         case ND_INS_MUL:
         case ND_INS_IMUL:
-            if (Context->Instruction.ExpOperandsCount < 3)
+            if (Context->Instruction.ExpOperandsCount == 1)
             {
-                // MUL or IMUL with a single explicit operand or IMUL with 2 explicit operands.
+                // MUL or IMUL with a single explicit operand.
                 GET_OP(Context, 0, &dst);
                 GET_OP(Context, 1, &src);
+                res.Size = dst.Size * 2;
+            }
+            else if (Context->Instruction.ExpOperandsCount == 2)
+            {
+                // IMUL with 2 explicit operands.
+                GET_OP(Context, 0, &dst);
+                GET_OP(Context, 1, &src);
+                res.Size = dst.Size;
             }
             else
             {
                 // IMUL with 3 operands. The first operand is the write-only destination.
-                GET_OP(Context, 0, &res);
                 GET_OP(Context, 1, &dst);
                 GET_OP(Context, 2, &src);
+                res.Size = dst.Size;
             }
 
+
             if (dst.Size == 1)
             {
                 if (ND_INS_MUL == Context->Instruction.Instruction)
@@ -2610,6 +2620,7 @@ check_far_branch:
                 SET_OP(Context, 0, &res);
             }
 
+            // Set the flags.
             if (ND_INS_MUL == Context->Instruction.Instruction)
             {
                 ND_UINT8 cfof = 0;
@@ -2640,7 +2651,7 @@ check_far_branch:
                 // the sign extended operand - size - truncated product, otherwise the CF and OF flags are cleared.
                 ND_UINT8 cfof = 0, sign = 0;
 
-                sign = ND_MSB(res.Size, res.Value.Qwords[0]);
+                sign = ND_MSB(dst.Size, res.Value.Qwords[0]);
 
                 switch (dst.Size)
                 {
diff --git a/bdshemu_test/bdshemu_test.zip b/bdshemu_test/bdshemu_test.zip
index 31cdd817ca3ee35735faf77341fe015399dc2dba..4eeeaa0b9953e27ba2568ab5cee4ee0aafd270c1 100644
GIT binary patch
delta 3257
zcmZ{m2{_bw7{^D>97&m)am5Oad)(v59kv`5iQMD9HH@4ya^GhpM{>mo6Dkrj7{??j
z6xL113Pm&|b~L+7ZTp|+Kfh<5XMUgO`+cAHit3{2nxervt)r-E*a6f420)DWk};{A
zu`>Vw09aE204K?(oh`xzF5&Bd@U@ncv9`5`OG3qM5gv5g3YiRUY*F*Wj_ZM-F(@aP
zNsbz18?=#^b)u~3@mIstdGuLjk*T_&p!8LZOYBs`H_UHtud^%<irtDYJ$ES=^ChGI
zd7u80*-DdE0xM)ZG}oo@!=$#Fv(B8pIsg1x@Xb&bdW(SZyaBv`62ZtC{W`LyIGZ{w
z!07xxa^=W!P0gaxek02Sr5mXMRlmy<(ppQnlFPUHPSSr>*>s?qwYVC2VlI#P=e6y!
z;lzdJi>vzxc`{-HuRHRQ>{d!3U44liMX`9@0paKF+aVnNZm0T<PdK<HG>!?=E;#1z
zCvj+^FL<3pL|{h>QXSVL|LqyEuU&s`CWpRZF>~m&U5KQp?S%QUG6K^@Yp)z57<;xL
zz~f8y7D5l|;KVn0hkm-sRQPJppF$T4jf{y!ZOeCFb^;v!kd9bEY#X|~MlF888ORN)
zDRwnWIJoNg!i^dElYE4c1oP0qs+V8@)41pykHDH%TxLntO#S3r5YbEk1OFQM4c!mA
zDbi?rW97P@IcHMM66%QgK+9>9>&@02mOa^pYo&iOerc5uHN!pGskb=J*3=^FrMh@X
z-2OH-b@I)~CFaVL(t2hKU=(pf`>vabwJMk9*|8awhEz+UIsR^FNv5JuEqt>$a%H{f
zJ*c}&3SQVA^|6B`Gu0Zi=F-#QlEH_#MLMnub}%$^H>dXujPw2E>~VqUU1}tzfNtAx
zbE2Z@e)LdR9$(1NWxje@IS?6c{_SjecDT?R4Su<cSC6<hgC=0mO_cgowE=@ALTJZs
z{HssjW(wJPJg&%K=}#c#W0D_(-7RinjUFViu`Nt#M$#`MgWXk!xv3X0u-A2Jz)#S{
z+E>~s6>P0QbZJxmt$s)us+(Zyqka3dS^h{%iPhzc`48>!Di6SMG<jG<)`7seGukAW
z_cf_(wC7mE+*il;F4TT<I0h^k&l}I!q?7Y2<<PIn0byrHDF;jQOIx>FIrPV7OM2x>
zwvyjGcJXQ?Mc6Gn(^kQHYvBk7UyY~7#MugBAx?f7Ns^~AfZRT$0k(k^$_ws<G)hMs
zM{u`ORV2b~JhXo|&3a3UrW$`bU?2CnMfb%JFX4HS4fB0^m9|J`u}5X1tSR=naSyH*
zOj8AnO~v@eGko&L4MOB6@<r?COV+NZjKQPb5{CDUIFXIyGjY5VB^wdhD-^x&!iVUJ
zx487B6<c+UB{)^%m(Q*Ei@VDa&P!Z7cMqBosu9GRW8~VcfNP1cIZ!grWY{8Y##bUa
zA^=Tt$pBH`qd=*c0`Kk$f3XU!orDB+aIgq1>)q7Un;m(qT(dZAO{Y1j(s9%K_K2aj
z*9aUOxI4WIRsdyPglS*m@ZvcfHCqHziY2~!^o9FO<^9*OjyHhrspstCzt|KY8=af;
zsz6E)+*}S3&w;vc%Op))upC>$=j4w;PzIl0h8LI}f;1pbe29q4M25={B$A;U(Qj-n
z4XLwGXVdg;?0Oe!YfnS1wgPB+HcxRn=wt|XGt9@iZ<Hj&$IiT~7VQal?mo3Nds>59
zmJye^K3ck7ix;sSd*76%vfvDv!*S<yY<NXNP6gk|(6!YB=(;%Z*@eUV-yxQ&QGHGb
zvtR@|7(CTCxpIozlCV>48B_ZViWToMy`a&8{jJpU@TFRegD|=!n~QKvveaI=aUuOw
zrO;XLPDjy+(ZOS*XFpGsUi}D+HG%n-g;}(EcRo>nZ^3~MH^>#;)RorIg9w=M7MQ6W
zofA1;1UG2H7pS+5eFZ!B_8q}mqFw?6e{U6B=UR}S&5E%XDZWBt5bmVz4HevI5Pk!x
z$ZlhOq0i#gUtjK-SSI*rDghnI314lV;-l$Eo*B{4w?Y+0(7E1T;WNJ?KQ%42*!|SU
zLoY^YE#IoS4OG*+R{ylAsg*h1!=h&R#b;>3JWG9IS|$E-Y(Yd9odPp)6$Lz+$~rOY
z>%b$gjNt(E(!j-Hm^9ZX6s4V_PIe(|+8uU?RmI>>)d0K_<438`dwd;SmJ!t$5|``F
zcx2g<yZaEMv)b0ty8%(jCMrWH*nCJFp^j!mz@%I^pHt3lcH0pxRnKCOq*q?mmIkx9
z&;jo8kzJgqX!m;jQ08p_O2TRE2CYx@S}1mQj1crbAEj=gWAgR<vwUDp32^z9pA)v9
z*u>*iB=jLr!zOk#%9Lw43>HAl#1^ANAP+3m4DL}^s84Z+vG|M?DW#MiuZ#38cT3wA
z*W53mM3-gbq`H$gg2_q0HyT0Y^Pka}-mFE3a`EtUr}TnJ#iqbGi{e{ImP46L+#G^0
z^c_#n-G8(^qdobK%^P|@b5~;|Tlu5$7eQQ#dXX-$91rVL>}+Ox5--jE@TK6a-8f!a
zv&#|)HGF|f3*>21-+TfSaQI-i(OxQQ2fVYOGwXK@dXN9`Wu3P{9Y-!2&826x5KtZq
z%RQ4hZTpI|$%^|0Y?Xz{O3#pA_5+G3!<-`7x$7zC^Ab`v?W?SFJ_)xliu$+-v8)=&
zEf2>TX0(UwN1m7UH6gQio+I|zg=BW3cBLSW9El5D001WdwI7ayaB)gkcu<Ky3`pTV
zs_IA@PCH&VSxIkE*nWL;s%U331;)$2WX*6ZkUCc;%F?ErxE;Z3jCnleuY!w!=q+z~
zj1*Iaj({+~jb3G@yMc~HFx(A~o1{|bk;M;;=E84zBjt7MGNw_X<wLlEBIB$-<h4NV
zhkG0A_@ztTXG8q0`P;Dy<+d4YN`*Yq^Mk3=!=H9cD(^vzA?$GG7NhX8E`^Yjw@=V$
zzt=~+k-dP%HCW^#{VtP^<b8+=m2{0{#)Rn$RT+lIazuBUw*?4`iPo)>p0Q6f-N;o4
zIltnRWizo-fv!Xu{?W$7=GbRUb9A70fuQcWTBx#8i_d^@`#ZM^CY+e;v+7gK_B5yu
z`w+$Fb|;vqWZ$3WiOe`tdQU1<=5D;9`X$4m(QB&q7Nlfan)+s0&qdN>6U}-?ko9?Q
zrHY5Ao-w#usk##L{II=zh=H&m#o?q;-ND^H(p8t#K6XWGAz-e?$6A-inHm_LMybW%
z1aa=1*a9x(NUVX?YS*{UO;d%zp1Cs?(k-GON$B#UoWZ+t6A~JAgoj~TCk=t);VFYm
z{chVrgsG}9q*tz?egaM*5YxDeEIaxsQ&gnZVLeeCMRkasoJaq+Dv}cnKn36>e><%I
zoDTmkjz;JAAwMi|<ZH*tFXiDSAICR-hER61gM=UVHvoX+@B0)Pj{hMXT<#8Xel_a%
zP!vuQiJ}CxzX<<3`43Wln6rBh{#FC{9+WGaKl}L(ISBZ1w*G9V7WHew-$iy1^s9EY
z@2772XC?dH>mcRl7J}OAA(V%gd^mplHRd4Vzny||pAy*C{~`SAh?Z{e?=|EPNfH2{
Jd%C;#^Di2!Tn+#L

delta 35
mcmX@{kfrSe%ZBu?oA><h))Qf6V*rAcK-jIvz>xYC!~*~eB@4Fz

diff --git a/bindings/pybddisasm/setup.py b/bindings/pybddisasm/setup.py
index 934ef73..61cbd4e 100644
--- a/bindings/pybddisasm/setup.py
+++ b/bindings/pybddisasm/setup.py
@@ -12,7 +12,7 @@ from setuptools import find_packages, setup, Command, Extension, Distribution
 from codecs import open
 
 VERSION = (0, 1, 3)
-LIBRARY_VERSION = (1, 34, 10)
+LIBRARY_VERSION = (1, 34, 15)
 LIBRARY_INSTRUX_SIZE = 856
 
 packages = ['pybddisasm']
diff --git a/inc/version.h b/inc/version.h
index f91a7a2..b4d6980 100644
--- a/inc/version.h
+++ b/inc/version.h
@@ -7,6 +7,6 @@
 
 #define DISASM_VERSION_MAJOR        1
 #define DISASM_VERSION_MINOR        34
-#define DISASM_VERSION_REVISION     10
+#define DISASM_VERSION_REVISION     15
 
 #endif // DISASM_VER_H