From bf81c647e3a7cf1e84cb968b37c7e7f82d4ecf16 Mon Sep 17 00:00:00 2001
From: "BITDEFENDER\\vlutas" <vlutas@bitdefender.com>
Date: Tue, 19 Jul 2022 11:03:17 +0300
Subject: [PATCH] Make sure all flags are set for CMPXCHG (this was left
 intentionally incomplete). Make sure we clear upper bits of the 256/512 bit
 SSE register.

---
 bdshemu/bdshemu.c             |  16 ++++++++++++----
 bdshemu_test/bdshemu_test.zip | Bin 78890 -> 79983 bytes
 bindings/pybddisasm/setup.py  |   2 +-
 inc/bdshemu.h                 |   2 +-
 inc/version.h                 |   2 +-
 5 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/bdshemu/bdshemu.c b/bdshemu/bdshemu.c
index 6285c44..3a6e1a5 100644
--- a/bdshemu/bdshemu.c
+++ b/bdshemu/bdshemu.c
@@ -1145,7 +1145,7 @@ ShemuGetOperandValue(
 
         case ND_REG_SSE:
             shemu_memcpy(Value->Value.Bytes,
-                         &Context->SseRegisters[op->Info.Register.Reg * ND_MAX_REGISTER_SIZE], 
+                         &Context->SseRegisters[op->Info.Register.Reg], 
                          op->Size);
             break;
 
@@ -1335,7 +1335,10 @@ ShemuSetOperandValue(
             break;
 
         case ND_REG_SSE:
-            shemu_memcpy(&Context->SseRegisters[op->Info.Register.Reg * ND_MAX_REGISTER_SIZE],
+            // Zero the register first.
+            nd_memzero(&Context->SseRegisters[op->Info.Register.Reg], ND_MAX_REGISTER_SIZE);
+            // Copy the value.
+            shemu_memcpy(&Context->SseRegisters[op->Info.Register.Reg],
                          Value->Value.Bytes, 
                          op->Size);
             // Only log these when they're written.
@@ -1935,16 +1938,21 @@ ShemuEmulate(
         case ND_INS_CMPXCHG:
             GET_OP(Context, 2, &src);
             GET_OP(Context, 0, &dst);
+
+            res.Size = src.Size;
+            // Note: The accumulator is compared with the destination, not the other way around.
+            res.Value.Qwords[0] = src.Value.Qwords[0] - dst.Value.Qwords[0];
+
+            SET_FLAGS(Context, res, src, dst, FM_SUB);
+
             if (src.Value.Qwords[0] == dst.Value.Qwords[0])
             {
                 GET_OP(Context, 1, &src);
                 SET_OP(Context, 0, &src);
-                SET_FLAG(Context, NDR_RFLAG_ZF, 1);
             }
             else
             {
                 SET_OP(Context, 2, &dst);
-                SET_FLAG(Context, NDR_RFLAG_ZF, 0);
             }
             break;
 
diff --git a/bdshemu_test/bdshemu_test.zip b/bdshemu_test/bdshemu_test.zip
index 8beccdf772f4a53d3e3ad43c9733b7294af6f230..a89035ab4268d428394613256a78e42ebdc3491f 100644
GIT binary patch
delta 1132
zcmZ4Wg5~`OmWC~i!A$kcEFuid3>*wT!Jk9wCmWcyGB7Y4V`N~E2GU81#hJ<aC8@<F
z@n$CR$+-m;$r<SehI)y`x%bo#{|MSpeg562#u-V{pQ<X#8ovwH$gHwF9yhnH&SmbF
z>u&1jSa#*d#YXL~(3Z7XbnEULu?4T(nEILB19bUi?=5jz&OTe*sNSiF_1UlEJevA?
z8<JYiKA9Nb6!g<+&aXmNxnmc_FDYJddJ(3y@lB)Y&r|0+Sa=fH%Ge9sn7W-a4Ys|#
zvns$F=KMgQ^X+&7muLc=Z3V>QxSgL9G@EDY9;Vu@2Tk5yuTL~M{cp4U$IFR38r|nO
zPt8AEc72j|*IA|qZAQ}(#>WDU|MjzYlQ0tl!&+4a207fu>lLLIm*$l0>YpZJX}_-W
zmFGLgYpOp*U&<WilM!t?`gili?3Arcy7y;PsBd*;s8`)~R_*JoZ`WOuvN+53Db4sB
z(OMR?{g?Us168Sh(@*{S*zx+Q(IGbGjhA<9+PHty*FzVU9`eyNnd$v|2jh>sabI3-
zP>O1P#$VEQ;P;E4%a2|Nx4NPBZ4<k)$Me;Hf+u(MZD*bl^?dEhO<aA?9zRSnZaQT6
zVz;?o-h^FOZ}RQ!$g6+Vx25mrndFNX{@mZ9RkW+C|4^)LRZC_4tB%mJjx)WEE2ox<
zzdf(Xe@5r?!9Q6NuEl1xf|i~(J@yjjHql>o6Q-OI`E-@9ux^cA(_W#S%73Qk@LUy%
z37l=gmOrWD`(73Ir@g!fw_VB>kU5fS`tC?VN5SpI&OGy;p7{D<mX#%Q{f@LH;pO^^
z;_cd1_KLXVMN9EKZCbJB^@8TLyUcF3p1spw;3({&cQxg>^!b_ppEbFd87Qzt+O#e<
zG*RqMIsW(8;lm}hSMS;|)N{uzy)^SvVQs*j)AJS8T=aD7as>9aKkKy(=w2BeS#vZ0
z$MHH>1-b2U_bcMERnpAw<#cgR(aA3mD`;f-&DZ|zY3d=4Sv*N<_m_yLh(-L|nCS5F
zopQkPCh0BT9zW#c%S!upw_?qY1=s8jv;W)7${4|<SoLeWu+xIQ)0BJPvAp$~%(}h%
zc)7v9DCOCW(uaA^OksR?)Ami7!JH}cwR>IFx8_DCiI~3M9>~Oa)Np#05hGVUwk!us
zR}72{3P2L55MKri@MdHZVSwaaY>6La5ChmCerD_jr2?}uvMJcoILHi$b8>N*0xAz6
YDL%lPl?|kR2N2FRVqn<A3M@t#0O0S>EdT%j

delta 38
qcmaF=fo0VTmWC~i!A#rtu`(Vu6k%m!0D`SRc-WAEA&`j?$O8Zh8VW=J

diff --git a/bindings/pybddisasm/setup.py b/bindings/pybddisasm/setup.py
index b95a041..045c23d 100644
--- a/bindings/pybddisasm/setup.py
+++ b/bindings/pybddisasm/setup.py
@@ -12,7 +12,7 @@ from setuptools import find_packages, setup, Command, Extension, Distribution
 from codecs import open
 
 VERSION = (0, 1, 3)
-LIBRARY_VERSION = (1, 34, 16)
+LIBRARY_VERSION = (1, 34, 17)
 LIBRARY_INSTRUX_SIZE = 856
 
 packages = ['pybddisasm']
diff --git a/inc/bdshemu.h b/inc/bdshemu.h
index b1b6bf0..4c25c84 100644
--- a/inc/bdshemu.h
+++ b/inc/bdshemu.h
@@ -129,7 +129,7 @@ typedef struct _SHEMU_CONTEXT
     ND_UINT64       MmxRegisters[ND_MAX_MMX_REGS];
 
     // SSE registers state. 32 x 64 bytes = 2048 bytes for the SSE registers. Can be provided on input, if needed.
-    ND_UINT8        SseRegisters[ND_MAX_SSE_REGS * ND_MAX_REGISTER_SIZE];
+    ND_UINT8        SseRegisters[ND_MAX_SSE_REGS][ND_MAX_REGISTER_SIZE];
 
     // General purpose registers write bitmap. After the first write, a register will be marked dirty in here. 
     // Should be 0 on input.
diff --git a/inc/version.h b/inc/version.h
index 69c7d0d..aea37fc 100644
--- a/inc/version.h
+++ b/inc/version.h
@@ -7,6 +7,6 @@
 
 #define DISASM_VERSION_MAJOR        1
 #define DISASM_VERSION_MINOR        34
-#define DISASM_VERSION_REVISION     16
+#define DISASM_VERSION_REVISION     17
 
 #endif // DISASM_VER_H