Added the Shadow Stack Pointer operand to the SYSCALL and SYSEXIT instructions.

Moved the CET test cases in dedicated folders.
Improved shadow-stack operand reporting - a distinction can be made between push/pop shadow stack accesses, and other shadow stack accesses.
A new field is now present in the memory information - the shadow stack access type, which indicates: explicit access, implicit via SSP, implicit push/pop via SSP or implicit via IA32_PL0_SSP.
pull/1/head
Andrei Vlad LUTAS 4 years ago
parent 811c3d0f7c
commit 9ff2543660

@ -200,6 +200,8 @@ static const uint16_t gOperandMap[] =
ND_OPE_S, // ND_OPT_MEM_rBX_AL (as used by XLAT)
ND_OPE_S, // ND_OPT_MEM_rDI (as used by masked moves)
ND_OPE_S, // ND_OPT_MEM_SHS
ND_OPE_S, // ND_OPT_MEM_SHSP
ND_OPE_S, // ND_OPT_MEM_SHS0
ND_OPE_S, // ND_OPT_CR_0
ND_OPE_S, // ND_OPT_IDTR
@ -1665,6 +1667,11 @@ NdParseOperand(
}
break;
case ND_OPS_12:
// SAVPREVSSP instruction reads/writes 4 + 8 bytes from the shadow stack.
size = 12;
break;
case ND_OPS_t:
// Tile register. The actual size depends on how the TILECFG register has been programmed, but it can be
// up to 1K in size.
@ -1940,7 +1947,7 @@ NdParseOperand(
// The operand is the SSP register.
operand->Type = ND_OP_REG;
operand->Info.Register.Type = ND_REG_SSP;
operand->Info.Register.Size = (Instrux->OpMode == ND_OPSZ_64) ? ND_SIZE_64BIT : ND_SIZE_32BIT;
operand->Info.Register.Size = operand->Size;
operand->Info.Register.Reg = 0;
break;
@ -2686,7 +2693,11 @@ memory:
}
// Shadow Stack Access, if this is the case.
operand->Info.Memory.IsShadowStack = ND_HAS_SHS(Instrux);
if (ND_HAS_SHS(Instrux))
{
operand->Info.Memory.IsShadowStack = true;
operand->Info.Memory.ShStkType = ND_SHSTK_EXPLICIT;
}
break;
@ -2808,10 +2819,27 @@ memory:
break;
case ND_OPT_MEM_SHS:
// Shadow stack.
// Shadow stack access using the current SSP.
Instrux->MemoryAccess |= operand->Access.Access;
operand->Type = ND_OP_MEM;
operand->Info.Memory.IsShadowStack = true;
operand->Info.Memory.ShStkType = ND_SHSTK_SSP_LD_ST;
break;
case ND_OPT_MEM_SHS0:
// Shadow stack access using the IA32_PL0_SSP.
Instrux->MemoryAccess |= operand->Access.Access;
operand->Type = ND_OP_MEM;
operand->Info.Memory.IsShadowStack = true;
operand->Info.Memory.ShStkType = ND_SHSTK_PL0_SSP;
break;
case ND_OPT_MEM_SHSP:
// Shadow stack push/pop access.
Instrux->MemoryAccess |= operand->Access.Access;
operand->Type = ND_OP_MEM;
operand->Info.Memory.IsShadowStack = true;
operand->Info.Memory.ShStkType = ND_SHSTK_SSP_PUSH_POP;
break;
case ND_OPT_Z:

@ -1360,7 +1360,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_J, ND_OPS_z, ND_OPF_R, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:100 Instruction:"CALL Ev" Encoding:"0xFF /2"/"M"
@ -1375,7 +1375,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_E, ND_OPS_v, ND_OPF_R, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:101 Instruction:"CALLF Ap" Encoding:"0x9A cp"/"D"
@ -1391,7 +1391,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:102 Instruction:"CALLF Mp" Encoding:"0xFF /3:mem"/"M"
@ -1407,7 +1407,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:103 Instruction:"CBW" Encoding:"ds16 0x98"/""
@ -5772,7 +5772,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:425 Instruction:"INT1" Encoding:"0xF1"/""
@ -5803,7 +5803,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:427 Instruction:"INTO" Encoding:"0xCE"/""
@ -5819,7 +5819,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:428 Instruction:"INVD" Encoding:"0x0F 0x08"/""
@ -5926,7 +5926,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
},
// Pos:436 Instruction:"IRETQ" Encoding:"ds64 0xCF"/""
@ -5942,7 +5942,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
},
// Pos:437 Instruction:"IRETW" Encoding:"ds16 0xCF"/""
@ -5958,7 +5958,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v3, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
},
// Pos:438 Instruction:"JBE Jz" Encoding:"0x0F 0x86 cz"/"D"
@ -15186,7 +15186,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
},
// Pos:1131 Instruction:"RETF" Encoding:"0xCB"/""
@ -15201,7 +15201,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v2, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
},
// Pos:1132 Instruction:"RETN Iw" Encoding:"0xC2 iw"/"I"
@ -15217,7 +15217,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
},
// Pos:1133 Instruction:"RETN" Encoding:"0xC3"/""
@ -15231,7 +15231,7 @@ const ND_INSTRUCTION gInstructions[2554] =
0,
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_K, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
OP(ND_OPT_MEM_SHSP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
},
// Pos:1134 Instruction:"RMPADJUST" Encoding:"0xF3 0x0F 0x01 /0xFE"/""
@ -15808,8 +15808,8 @@ const ND_INSTRUCTION gInstructions[2554] =
0,
0,
0,
OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHS, ND_OPS_12, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_R, 0, 0),
},
// Pos:1176 Instruction:"SBB Eb,Gb" Encoding:"0x18 /r"/"MR"
@ -16291,7 +16291,7 @@ const ND_INSTRUCTION gInstructions[2554] =
0,
0,
0,
OP(ND_OPT_MEM_SHS, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_MEM_SHS0, ND_OPS_q, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
},
@ -17353,7 +17353,7 @@ const ND_INSTRUCTION gInstructions[2554] =
{
ND_INS_SYSCALL, ND_CAT_SYSCALL, ND_SET_AMD, 760,
ND_MOD_R0|ND_MOD_R1|ND_MOD_R2|ND_MOD_R3|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX,
0, 0, ND_OPS_CNT(0, 9), 0, 0, 0, 0, 0, 0, ND_FLAG_O64, ND_CFF_FSC,
0, 0, ND_OPS_CNT(0, 10), 0, 0, 0, 0, 0, 0, ND_FLAG_F64|ND_FLAG_O64, ND_CFF_FSC,
0,
0,
0,
@ -17367,6 +17367,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_F, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_RW, 0, 0),
},
// Pos:1290 Instruction:"SYSENTER" Encoding:"0x0F 0x34"/""
@ -17392,7 +17393,7 @@ const ND_INSTRUCTION gInstructions[2554] =
{
ND_INS_SYSEXIT, ND_CAT_SYSRET, ND_SET_PPRO, 762,
ND_MOD_R0|ND_MOD_SMM|ND_MOD_PROT|ND_MOD_COMPAT|ND_MOD_LONG|ND_MOD_VMXR|ND_MOD_VMXN|ND_MOD_VMXO|ND_MOD_TSX,
0, 0, ND_OPS_CNT(0, 4), 0, 0, 0, 0, 0, 0, 0, ND_CFF_SEP,
0, 0, ND_OPS_CNT(0, 5), 0, 0, 0, 0, 0, 0, ND_FLAG_F64, ND_CFF_SEP,
0,
0,
0,
@ -17401,6 +17402,7 @@ const ND_INSTRUCTION gInstructions[2554] =
OP(ND_OPT_GPR_rSP, ND_OPS_ssz, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_SEG_CS, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_RIP, ND_OPS_v, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
OP(ND_OPT_SSP, ND_OPS_yf, ND_OPF_DEFAULT|ND_OPF_W, 0, 0),
},
// Pos:1292 Instruction:"SYSRET" Encoding:"o64 0x0F 0x07"/""

@ -300,6 +300,8 @@ typedef enum _ND_OPERAND_SIZE_SPEC
ND_OPS_v3,
ND_OPS_v4,
ND_OPS_v8,
// 4 + 8 bytes accessed on the shadow stack by the SAVPREVSSP instruction.
ND_OPS_12,
// MIB
ND_OPS_mib,
// VSIB sizes (for both the index and the accessed data).
@ -408,6 +410,8 @@ typedef enum _ND_OPERAND_TYPE_SPEC
ND_OPT_MEM_rBX_AL,
ND_OPT_MEM_rDI,
ND_OPT_MEM_SHS,
ND_OPT_MEM_SHSP,
ND_OPT_MEM_SHS0,
// Misc CR/XCR/MSR/SYS registers.
ND_OPT_CR_0,

@ -13,7 +13,7 @@
Operand: 1, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
0000000000000003 ffd0 CALL ax
@ -31,7 +31,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
0000000000000005 66ffd0 CALL eax
@ -49,7 +49,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000008 ff17 CALL word ptr [bx]
@ -68,7 +68,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
000000000000000A 67ff13 CALL word ptr [ebx]
@ -87,7 +87,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
000000000000000D 67ff13 CALL word ptr [ebx]
@ -106,7 +106,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
0000000000000010 6667ff13 CALL dword ptr [ebx]
@ -125,7 +125,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000014 ebfe JMP 0x14
@ -246,7 +246,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000002C 669a000000102000 CALLF 0x0020:0x10000000
@ -265,7 +265,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000034 ea00102000 JMPF 0x0020:0x1000
@ -299,7 +299,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000041 67ff1b CALLF dword ptr [ebx]
@ -319,7 +319,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000044 ff1f CALLF dword ptr [bx]
@ -339,7 +339,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000046 6667ff1b CALLF fword ptr [ebx]
@ -359,7 +359,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000004A 66ff1f CALLF fword ptr [bx]
@ -379,7 +379,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000004D 67ff2b JMPF dword ptr [ebx]
@ -565,7 +565,7 @@
Operand: 3, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1
Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes,
Operand: 5, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3,
0000000000000068 cc INT3
@ -586,7 +586,7 @@
Operand: 2, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1
Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3,
0000000000000069 f1 INT1
@ -641,7 +641,7 @@
Operand: 0, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 2, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
000000000000006C c22000 RETN 0x0020
@ -660,7 +660,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: General Purpose, RegSize: 2, RegId: 4, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
000000000000006F cb RETF
@ -678,7 +678,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000070 ca2000 RETF 0x0020
@ -697,7 +697,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000073 cf IRETW
@ -718,7 +718,7 @@
Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3,
0000000000000074 66cf IRETD
@ -739,6 +739,6 @@
Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,

@ -13,7 +13,7 @@
Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000005 66ffd0 CALL ax
@ -31,7 +31,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
0000000000000008 ffd0 CALL eax
@ -49,7 +49,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000000A 67ff17 CALL dword ptr [bx]
@ -68,7 +68,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000000D ff13 CALL dword ptr [ebx]
@ -87,7 +87,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000000F 66ff13 CALL word ptr [ebx]
@ -106,7 +106,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 2, RawSize: 2, Encoding: S, Shadow stack: 3,
0000000000000012 ff13 CALL dword ptr [ebx]
@ -125,7 +125,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000014 ebfe JMP 0x14
@ -246,7 +246,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000002B 9a000000102000 CALLF 0x0020:0x10000000
@ -265,7 +265,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000032 66ea00102000 JMPF 0x0020:0x1000
@ -299,7 +299,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000003F 66ff1b CALLF dword ptr [ebx]
@ -319,7 +319,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000042 6667ff1f CALLF dword ptr [bx]
@ -339,7 +339,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000046 ff1b CALLF fword ptr [ebx]
@ -359,7 +359,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000048 67ff1f CALLF fword ptr [bx]
@ -379,7 +379,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000004B 66ff2b JMPF dword ptr [ebx]
@ -565,7 +565,7 @@
Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000066 cc INT3
@ -586,7 +586,7 @@
Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000067 f1 INT1
@ -641,7 +641,7 @@
Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 2, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000006A c22000 RETN 0x0020
@ -660,7 +660,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
000000000000006D cb RETF
@ -678,7 +678,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000006E ca2000 RETF 0x0020
@ -697,7 +697,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000071 66cf IRETW
@ -718,7 +718,7 @@
Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3,
0000000000000073 cf IRETD
@ -739,7 +739,7 @@
Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000074 0f34 SYSENTER
@ -781,4 +781,5 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: General Purpose, RegSize: 4, RegId: 4, RegCount: 1
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1

@ -13,7 +13,7 @@
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000005 ffd0 CALL rax
@ -31,7 +31,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000007 67ff13 CALL qword ptr [ebx]
@ -50,7 +50,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000000A ff13 CALL qword ptr [rbx]
@ -69,7 +69,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000000C ebfe JMP 0xc
@ -147,7 +147,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: IP, RegSize: 2, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow stack: 3,
0000000000000018 ff1b CALLF fword ptr [rbx]
@ -167,7 +167,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000001A 48ff1b CALLF tbyte ptr [rbx]
@ -187,7 +187,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow stack: 3,
000000000000001D 66ff2b JMPF dword ptr [rbx]
@ -357,7 +357,7 @@
Operand: 3, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 5, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000034 cc INT3
@ -378,7 +378,7 @@
Operand: 2, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000035 f1 INT1
@ -433,7 +433,7 @@
Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
0000000000000038 c22000 RETN 0x0020
@ -452,7 +452,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000003B cb RETF
@ -470,7 +470,7 @@
Operand: 1, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000003C ca2000 RETF 0x0020
@ -489,7 +489,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000003F 66cf IRETW
@ -510,7 +510,7 @@
Operand: 2, Acc: R-, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 2, RawSize: 2, Encoding: S, RegType: Flags, RegSize: 2, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 6, RawSize: 6, Encoding: S, Shadow stack: 3,
0000000000000041 cf IRETD
@ -531,11 +531,11 @@
Operand: 2, Acc: R-, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 3,
0000000000000042 0f05 SYSCALL
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: AMD, Ins cat: SYSCALL, CET tracked: no
CPUID leaf: 0x80000001, reg: ecx, bit: 11
FLAGS access
@ -551,15 +551,16 @@
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741695, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741694, RegCount: 1
Operand: 2, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741692, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1
Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 1, RegCount: 1
Operand: 5, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 11, RegCount: 1
Operand: 6, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1
Operand: 7, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 8, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 6, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1
Operand: 7, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 8, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Flags, RegSize: 8, RegId: 0, RegCount: 1
Operand: 9, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000044 0f35 SYSEXIT
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: PPRO, Ins cat: SYSRET, CET tracked: no
CPUID leaf: 0x00000001, reg: edx, bit: 11
Valid modes
@ -570,8 +571,9 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1
Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 4, RegCount: 1
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1

Binary file not shown.

@ -1,13 +0,0 @@
bits 64
db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP qword ptr [rax]
db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP
db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY
db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax
db 0xF3, 0x48, 0x0F, 0x1E, 0xC8 ; RDSSPQ rax
db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR32
db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR64
db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD dword ptr [rax], eax
db 0x66, 0x48, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSQ dword ptr [rax], rax
db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD dword ptr [rax], eax
db 0x48, 0x0F, 0x38, 0xF6, 0x00 ; WRSSQ dword ptr [rax], rax

@ -1277,6 +1277,6 @@
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,

Binary file not shown.

@ -0,0 +1,12 @@
bits 32
db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP [eax]
db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP
db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY
db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax
db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR64
db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR32
db 0xF3, 0x0F, 0xAE, 0x30 ; CLRSSBSY [rax]
db 0xF3, 0x0F, 0xAE, 0xE8 ; INCSSPD eax
db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD [rax], eax
db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD [rax], eax

@ -1,5 +1,5 @@
0000000000000000 f30f0128 RSTORSSP qword ptr [rax]
DSIZE: 32, ASIZE: 64, VLEN: -
0000000000000000 f30f0128 RSTORSSP qword ptr [eax]
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -10,11 +10,12 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes,
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
0000000000000004 f30f01ea SAVEPREVSSP
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -25,12 +26,12 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: S, Shadow Stack: yes,
Operand: 0, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 2,
Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
0000000000000008 f30f01e8 SETSSBSY
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -41,9 +42,12 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 4,
Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
000000000000000C f30f1ec8 RDSSPD eax
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -57,8 +61,8 @@
Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
0000000000000010 f3480f1ec8 RDSSPQ rax
DSIZE: 64, ASIZE: 64, VLEN: -
0000000000000010 f30f1efa ENDBR64
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -69,11 +73,9 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000015 f30f1efa ENDBR64
DSIZE: 32, ASIZE: 64, VLEN: -
0000000000000014 f30f1efb ENDBR32
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -85,8 +87,8 @@
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
0000000000000019 f30f1efb ENDBR32
DSIZE: 32, ASIZE: 64, VLEN: -
0000000000000018 f30fae30 CLRSSBSY qword ptr [eax]
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -97,25 +99,12 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
000000000000001D 660f38f500 WRUSSD dword ptr [rax], eax
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow Stack: yes,
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
0000000000000022 66480f38f500 WRUSSQ qword ptr [rax], rax
DSIZE: 64, ASIZE: 64, VLEN: -
000000000000001C f30faee8 INCSSPD eax
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -126,12 +115,13 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
Operand: 0, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 2,
0000000000000028 0f38f600 WRSSD dword ptr [rax], eax
DSIZE: 32, ASIZE: 64, VLEN: -
Operand: 2, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: SSP, RegSize: 4, RegId: 0, RegCount: 1
0000000000000020 660f38f500 WRUSSD dword ptr [eax], eax
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -142,12 +132,12 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow Stack: yes,
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
000000000000002C 480f38f600 WRSSQ qword ptr [rax], rax
DSIZE: 64, ASIZE: 64, VLEN: -
0000000000000025 0f38f600 WRSSD dword ptr [eax], eax
DSIZE: 32, ASIZE: 32, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
@ -158,7 +148,7 @@
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow Stack: yes,
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1

Binary file not shown.

@ -0,0 +1,16 @@
bits 64
db 0xF3, 0x0F, 0x01, 0x28 ; RSTORSSP [rax]
db 0xF3, 0x0F, 0x01, 0xEA ; SAVEPREVSSP
db 0xF3, 0x0F, 0x01, 0xE8 ; SETSSBSY
db 0xF3, 0x0F, 0x1E, 0xC8 ; RDSSPD eax
db 0xF3, 0x48, 0x0F, 0x1E, 0xC8 ; RDSSPD rax
db 0xF3, 0x0F, 0x1E, 0xFA ; ENDBR64
db 0xF3, 0x0F, 0x1E, 0xFB ; ENDBR32
db 0xF3, 0x0F, 0xAE, 0x30 ; CLRSSBSY [rax]
db 0xF3, 0x0F, 0xAE, 0xE8 ; INCSSPD eax
db 0xF3, 0x48, 0x0F, 0xAE, 0xE8 ; INCSSPQ rax
db 0x66, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSD [rax], eax
db 0x66, 0x48, 0x0F, 0x38, 0xF5, 0x00 ; WRUSSQ [rax], eax
db 0x0F, 0x38, 0xF6, 0x00 ; WRSSD [rax], eax
db 0x48, 0x0F, 0x38, 0xF6, 0x00 ; WRSSQ [rax], eax

@ -0,0 +1,218 @@
0000000000000000 f30f0128 RSTORSSP qword ptr [rax]
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000004 f30f01ea SAVEPREVSSP
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 12, RawSize: 12, Encoding: S, Shadow stack: 2,
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000008 f30f01e8 SETSSBSY
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 4,
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
000000000000000C f30f1ec8 RDSSPD eax
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000010 f3480f1ec8 RDSSPQ rax
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000015 f30f1efa ENDBR64
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
0000000000000019 f30f1efb ENDBR32
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
000000000000001D f30fae30 CLRSSBSY qword ptr [rax]
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: RW, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000021 f30faee8 INCSSPD eax
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: M, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 2,
Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
0000000000000025 f3480faee8 INCSSPQ rax
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
Operand: 1, Acc: R-, Type: Memory, Size: 16, RawSize: 16, Encoding: S, Shadow stack: 2,
Operand: 2, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
000000000000002A 660f38f500 WRUSSD dword ptr [rax], eax
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
000000000000002F 66480f38f500 WRUSSQ qword ptr [rax], rax
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
0000000000000035 0f38f600 WRSSD dword ptr [rax], eax
DSIZE: 32, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 4, RawSize: 4, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 4, RawSize: 4, Encoding: R, RegType: General Purpose, RegSize: 4, RegId: 0, RegCount: 1
0000000000000039 480f38f600 WRSSQ qword ptr [rax], rax
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: CET, Ins cat: CET, CET tracked: no
CPUID leaf: 0x00000007, sub-leaf: 0x00000000, reg: ecx, bit: 7
Valid modes
R0: yes, R1: yes, R2: yes, R3: yes
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
SMM: yes, SGX: yes, TSX: yes, VMXRoot: yes, VMXNonRoot: yes
Valid prefixes
REP: no, REPcc: no, LOCK: no
HLE: no, XACQUIRE only: no, XRELEASE only: no
BND: no, BHINT: no, DNT: no
Operand: 0, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: M, Shadow stack: 1,
Segment: 3, Base: 0,
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: R, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1

@ -285,7 +285,7 @@
Operand: 2, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
Segment: 2, Base: 4,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow Stack: yes,
Operand: 4, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
000000000000001D 90 NOP

@ -55,7 +55,7 @@
Operand: 1, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741567, RegCount: 1
000000000000000B 0f05 SYSCALL
DSIZE: 32, ASIZE: 64, VLEN: -
DSIZE: 64, ASIZE: 64, VLEN: -
ISA Set: AMD, Ins cat: SYSCALL, CET tracked: no
CPUID leaf: 0x80000001, reg: ecx, bit: 11
FLAGS access
@ -71,12 +71,13 @@
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741695, RegCount: 1
Operand: 1, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741694, RegCount: 1
Operand: 2, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Model Specific, RegSize: 8, RegId: -1073741692, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 2, RegCount: 1
Operand: 3, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 2, RegCount: 1
Operand: 4, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 1, RegCount: 1
Operand: 5, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: General Purpose, RegSize: 8, RegId: 11, RegCount: 1
Operand: 6, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Segment, RegSize: 4, RegId: 1, RegCount: 1
Operand: 7, Acc: -W, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: IP, RegSize: 4, RegId: 0, RegCount: 1
Operand: 8, Acc: RW, Type: Register, Size: 4, RawSize: 4, Encoding: S, RegType: Flags, RegSize: 4, RegId: 0, RegCount: 1
Operand: 6, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Segment, RegSize: 8, RegId: 1, RegCount: 1
Operand: 7, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
Operand: 8, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: Flags, RegSize: 8, RegId: 0, RegCount: 1
Operand: 9, Acc: RW, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: SSP, RegSize: 8, RegId: 0, RegCount: 1
000000000000000D 0f07 SYSRET
DSIZE: 32, ASIZE: 64, VLEN: -

@ -914,7 +914,7 @@ print_instruction(
if (Instrux->Operands[i].Info.Memory.IsShadowStack)
{
printf("Shadow Stack: yes, ");
printf("Shadow stack: %d, ", Instrux->Operands[i].Info.Memory.ShStkType);
}
if (Instrux->Operands[i].Info.Memory.HasCompDisp)

@ -758,6 +758,19 @@ typedef struct _ND_OPDESC_ADDRESS
} ND_OPDESC_ADDRESS;
//
// Shadow stack access types.
//
typedef enum _ND_SHSTK_ACCESS
{
ND_SHSTK_NONE = 0,
ND_SHSTK_EXPLICIT, // Explicit memory operand accessed as shadow stack.
ND_SHSTK_SSP_LD_ST, // Shadow Stack Pointer (SSP) used as base for addressing using conventional load/store.
ND_SHSTK_SSP_PUSH_POP, // Shadow Stack Pointer (SSP) used as base for addressing using push/pop.
ND_SHSTK_PL0_SSP, // Privilege 0 SSP (IA32_PL0_SSP) used (SETSSBSY).
} ND_SHSTK_ACCESS;
//
// Describes a memory operand.
//
@ -775,7 +788,7 @@ typedef struct _ND_OPDESC_MEMORY
bool IsStack:1; // TRUE if this is a stack op. Note that explicit stack accesses are not
// included (eg: mov eax, [rsp] will NOT set IsStack).
bool IsString:1; // TRUE for [RSI] and [RDI] operands inside string operations.
bool IsShadowStack:1; // TRUE if this is a shadow stack access.
bool IsShadowStack:1; // TRUE if this is a shadow stack access. Check out ShStkType for more info.
bool IsDirect:1; // TRUE if direct addressing (MOV [...], EAX, 0xA3).
bool IsBitbase:1; // TRUE if this is a bit base. Used for BT* instructions. The bitbase
// stored in the second operand must be added to the linear address.
@ -791,6 +804,8 @@ typedef struct _ND_OPDESC_MEMORY
uint8_t DispSize; // Displacement size. Max 4 bytes.
uint8_t CompDispSize; // Compressed displacement size - 1, 2, 4, 8, 16, 32, 64.
uint8_t ShStkType; // Shadow stack access type. Check out ND_SHSTK_ACCESS.
struct
{
uint8_t IndexSize; // VSIB index size.

@ -197,6 +197,7 @@ valid_opsize = [
'l', # Either a 64 bit or a 128 bit operand size (used by BNDMOV).
'rx', # 512 bytes extended state.
'cl', # 32/64/128 bytes - the size of one cache line.
'12', # 4 bytes (0) + 8 bytes (old SSP), used by SAVEPREVSSP.
't', # A tile register. The size varies dependning on execution environment, but can be as high as 1K.
]
@ -270,17 +271,21 @@ valid_impops = {# register size
'X87STATUS': ('X87STATUS', 'w'), # X87 status register.
'MXCSR' : ('MXCSR', 'd'), # MXCSR register.
'PKRU' : ('PKRU', 'd'), # PKRU register.
'SSP' : ('SSP', 'yf'), # Shadow stack pointer.
'SSP' : ('SSP', 'yf'), # Shadow stack pointer. 32 bit in protected/compat mode, 64 in long mode.
# Implicit memory operands.
'pBXALb' : ('pBXAL', 'b'), # Implicit [RBX + AL], as used by XLAT.
'pDIq' : ('pDI', 'q'), # Implicit qword [RDI].
'pDIdq' : ('pDI', 'dq'), # Implicit xmmword [RDI].
'SHS' : ('SHS', 'q'), # Shadow stack access, 1 qword (use by CET instructions).
'SHS1' : ('SHS', 'v'), # Shadow stack access, 1 word.
'SHS2' : ('SHS', 'v2'), # Shadow stack, 2 words.
'SHS3' : ('SHS', 'v3'), # Shadow stack, 3 words.
'SHS4' : ('SHS', 'v4'), # Shadow stack, 4 words.
# Implicit shadow stack accesses.
'SHS' : ('SHS', 'q'), # Shadow stack (SSP) implicit access, 1 qword (use by CET instructions).
'SHS0' : ('SHS0', 'q'), # Shadow stack (IA32_PL0_SSP) implicit access, 1 qword (use by CET instructions).
'SHSI' : ('SHS', 'v2'), # Shadow stack load & discard, 2 elements (INCCSPD/INCSSPQ).
'SHSS' : ('SHS', '12'), # Shadow stack read & store 4 + 8 bytes (SAVEPREVSSP).
'SHS1' : ('SHSP', 'v'), # Shadow stack push/pop, 1 word.
'SHS2' : ('SHSP', 'v2'), # Shadow stack push/pop, 2 words.
'SHS3' : ('SHSP', 'v3'), # Shadow stack push/pop, 3 words.
'SHS4' : ('SHSP', 'v4'), # Shadow stack push/pop, 4 words.
}
# If an operand type is not present here, than that operand is implicit & it's not encoded inside the instruction.

@ -137,6 +137,8 @@ optype = {
'pBXAL' : 'ND_OPT_MEM_rBX_AL',
'pDI' : 'ND_OPT_MEM_rDI',
'SHS' : 'ND_OPT_MEM_SHS',
'SHS0' : 'ND_OPT_MEM_SHS0',
'SHSP' : 'ND_OPT_MEM_SHSP',
# System registers, MSRs, XCRs, etc.
'GDTR' : 'ND_OPT_SYS_GDTR',
@ -222,6 +224,7 @@ opsize = {
'l' : 'ND_OPS_l',
'rx' : 'ND_OPS_rx',
'cl' : 'ND_OPS_cl',
'12' : 'ND_OPS_12',
't' : 'ND_OPS_t',
}

@ -39,7 +39,7 @@ ENCLU nil EAX,RBX,RCX,RDX [ NP 0x0F 0x01 /0
SERIALIZE nil nil [ NP 0x0F 0x01 /0xE8] s:SERIALIZE, t:MISC
XSUSLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE8] s:TSXLDTRK, t:MISC
XRESLDTRK nil nil [ 0xF2 0x0F 0x01 /0xE9] s:TSXLDTRK, t:MISC
SAVEPREVSSP nil SHS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:W|RW, f:CF=t
SAVEPREVSSP nil SHSS,SSP [ 0xF3 0x0F 0x01 /0xEA] s:CET, t:CET, w:RW|R, f:CF=t
RDPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEE] s:PKU, t:MISC, w:W|W|R|R
WRPKRU nil EDX,EAX,ECX,PKRU [ NP 0x0F 0x01 /0xEF] s:PKU, t:MISC, w:R|R|R|W
SWAPGS nil GSBASE,KGSBASE [ 0x0F 0x01 /0xF8] s:LONGMODE, t:SYSTEM, w:RW|RW, m:KERNEL|O64
@ -59,7 +59,7 @@ STGI nil nil [ 0x0F 0x01 /0
CLGI nil nil [ 0x0F 0x01 /0xDD] s:SVM, t:SYSTEM, m:VMXROOT
SKINIT nil EAX [ 0x0F 0x01 /0xDE] s:SVM, t:SYSTEM, w:R, m:VMXROOT
INVLPGA nil rAX,ECX [ 0x0F 0x01 /0xDF] s:SVM, t:SYSTEM, w:R|R, m:VMXROOT
SETSSBSY nil SHS,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW
SETSSBSY nil SHS0,SSP [ 0xF3 0x0F 0x01 /0xE8] s:CET, t:CET, a:SHS, w:RW|RW
INVLPGB nil rAX,ECX,EDX [ 0x0F 0x01 /0xFE] s:INVLPGB, t:SYSTEM, w:R|R|R, m:NOREAL|KERNEL
RMPADJUST nil RAX,RCX,RDX,Fv [ 0xF3 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL
RMPUPDATE nil RAX,RCX,Fv [ 0xF2 0x0F 0x01 /0xFE] s:SNP, t:SYSTEM, w:RW|R|W, f:OF=m|ZF=m|AF=m|PF=m|SF=m, m:O64|KERNEL
@ -71,7 +71,7 @@ LAR Gv,Rz Fv [ 0x0F 0x02 /r
LSL Gv,Mw Fv [ 0x0F 0x03 /r:mem] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL
LSL Gv,Rz Fv [ 0x0F 0x03 /r:reg] s:I286PROT, t:SYSTEM, w:RW|R|W, f:ZF=m, m:NOREAL
LOADALL nil BANK [ 0x0F 0x05] s:I486REAL, t:UNDOC, w:R
SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW, i:FSC, m:O64|NOSGX
SYSCALL nil STAR,LSTAR,FMASK,SS,RCX,R11,CS,rIP,Fv,SSP [ o64 0x0F 0x05] s:AMD, t:SYSCALL, w:R|R|R|W|W|W|W|W|RW|RW, a:F64, i:FSC, m:O64|NOSGX
CLTS nil CR0 [ 0x0F 0x06] s:I286REAL, t:SYSTEM, w:W, m:KERNEL|NOV86
LOADALLD nil BANK [ 0x0F 0x07] s:I486REAL, t:UNDOC, w:R
SYSRET nil STAR,SS,rCX,R11,CS,rIP,Fv [ o64 0x0F 0x07] s:AMD, t:SYSRET, w:R|W|R|R|W|W|W, i:FSC, m:KERNEL|O64
@ -230,7 +230,7 @@ RDTSC nil EAX,EDX,TSC [ 0x0F 0x31]
RDMSR nil EAX,EDX,ECX,MSR [ 0x0F 0x32] s:PENTIUMREAL, t:SYSTEM, w:W|W|R|R, m:KERNEL|NOV86, i:MSR
RDPMC nil EAX,EDX,ECX,MSR [ 0x0F 0x33] s:RDPMC, t:SYSTEM, w:W|W|R|R, m:NOSGX
SYSENTER nil SCS,SESP,SEIP,SS,sSP,CS,rIP,Fv [ 0x0F 0x34] s:PPRO, t:SYSCALL, w:R|R|R|W|W|W|W|W, i:SEP, f:IF=0, m:NOREAL|NOSGX
SYSEXIT nil SS,sSP,CS,rIP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W, i:SEP, m:KERNEL|NOREAL
SYSEXIT nil SS,sSP,CS,rIP,SSP [ 0x0F 0x35] s:PPRO, t:SYSRET, w:W|W|W|W|W, a:F64, i:SEP, m:KERNEL|NOREAL
RDSHR Ed nil [ cyrix 0x0F 0x36 /r] s:CYRIX, t:SYSTEM, w:R
GETSEC nil EAX,EBX [ NP 0x0F 0x37] s:SMX, t:SYSTEM, w:RCW|R, m:KERNEL|NOREAL|NOSGX
WRSHR Ed nil [ cyrix 0x0F 0x37 /r] s:CYRIX, t:SYSTEM, w:W
@ -485,8 +485,8 @@ RDFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /0
RDGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /1:reg] s:RDWRFSGS, t:RDWRFSGS, w:W|R, m:O64
WRFSBASE Ry FSBASE [ o64 0xF3 0x0F 0xAE /2:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64
WRGSBASE Ry GSBASE [ o64 0xF3 0x0F 0xAE /3:reg] s:RDWRFSGS, t:RDWRFSGS, w:R|W, m:O64
INCSSPD Rd SHS2,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW
INCSSPQ Rq SHS2,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW
INCSSPD Rd SHSI,SSP [ 0xF3 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW
INCSSPQ Rq SHSI,SSP [ 0xF3 rexw 0x0F 0xAE /5:reg] s:CET, t:CET, c:INCSSP, w:R|R|RW
LFENCE nil nil [ NP 0x0F 0xAE /5:reg] s:SSE2, t:MISC
UMONITOR mMb Fv [ 0xF3 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|W, f:WAITPKG, m:NOTSX
UMWAIT Ry EDX,EAX [ 0xF2 0x0F 0xAE /6:reg] s:WAITPKG, t:WAITPKG, w:R|R|R, m:NOTSX

Loading…
Cancel
Save