ea28907359Fix potential division error in bdshemu, when the destination operand is not large enough to hold the result.
Andrei Vlad LUTAS
2020-08-27 16:25:39 +0300
d61a6fa5dd* INC/DEC do not modify the CF. * Fixed FXSAVE64, PUSHAD and POPAD emulation - when explicit mnemonics were added for them, emulation support was not added, thus causing emulation to stop when encountering one of these.
Andrei Vlad LUTAS
2020-08-19 19:14:22 +0300
79ee40b113Fixed pybddisasm build.
#19
Andrei Vlad LUTAS
2020-08-11 09:37:10 +0300
1d43b7b1baImproved stack string detection heuristic: only consider registers which have been modified during emulation; registers which were provided as "input" can be ignored, as they most likely contain addresses or other data relevant to the emulated code. We are only interested in string dynamically built during our emulation.
Andrei Vlad LUTAS
2020-08-11 09:26:48 +0300
3d8401be4cAdded a check for the latest version of the library which is compatible with pybddisasm.
#16
Andrei KISARI
2020-08-05 14:01:32 +0300
90c020a114Updated the README file.
Andrei KISARI
2020-08-04 15:45:16 +0300
c6a741b711Added the paths to bddisasm library : default install path (Linux) and local build path (Linux/Windows)
Andrei KISARI
2020-08-04 15:30:12 +0300
175b059b27Changed the version of the pybddisasm package.
Andrei KISARI
2020-08-04 14:14:34 +0300
4dc2fe4a8aFixed pybddisasm build.
Andrei KISARI
2020-08-04 14:13:16 +0300
ee235fa5deModified the python-disassembler-wraper to be able to be installed using pip.
Andrei KISARI
2020-08-04 13:57:03 +0300
2e69f12b88Remove duplicate nd_decode function
#15
Sebastiaan Peters
2020-08-02 23:28:40 +0200
ed564dba32Specifically flag multi-byte NOP operands as not-accessed. New capability - bddisasm can now be instructed whether to decode some instructions as NOPs are as MPX/CET/CLDEMOTE. This is the case for instructions that are mapped onto the wide NOP space: in that case, an encoding might be NOP if the feature is off, but might be something else (even #UD) if the feature is on. Added NdDecodeWithContext API - this becomes the base decode API; it received the input information filled in a ND_CONTEXT structure, whih has to be initialized only once, and can be reused across calls. The NdInitContext function must be used to initialize the context, as it ensures backwards compatibility by filling new options with default values. Improvements to the README file.
Andrei Vlad LUTAS
2020-07-30 11:07:14 +0300
4328dc4efaChanged REG_xxx to NDR_xxx in docs too.
Andrei Vlad LUTAS
2020-07-29 11:26:07 +0300
144baa5140Renamed REG_* fields to NDR_*, so that we don't conflict with _GNU_SOURCES.
Andrei Vlad LUTAS
2020-07-29 11:05:27 +0300
049ecc0ab7Don't use reserved identifiers for include guards
Ionel-Cristinel ANICHITEI
2020-07-27 16:51:16 +0300
0d5d2a9625Fixed include path.
Andrei KISARI
2020-07-27 11:51:02 +0300
9d98a67c70Added the 'nd_memset' implementation for pydis.
Andrei KISARI
2020-07-27 11:43:41 +0300
d622f56211Added SERIAL flag to the SERIALIZE instruction. CLWB memory operand is subject to load access checks, while CLDEMOTE does not access memory at all (similar to PREFETCH).
Andrei Vlad LUTAS
2020-07-25 20:32:06 +0300
4b2f2aee66Added dedicated Prefetch operand access type. Internally, store the access type sepparately than the flags. Dump conditional operand accesses with exi option too.
Andrei Vlad LUTAS
2020-07-25 17:16:35 +0300
d11fe85599Improved linear address computation in bdshemu.
Andrei Vlad LUTAS
2020-07-24 23:11:36 +0300
6c248cc4c1Handle Ignore ER bit in instruction attributes.
Andrei Vlad LUTAS
2020-07-23 18:05:19 +0300
7ddf7e448aApply address size override to gla computation.
Andrei Vlad LUTAS
2020-07-23 16:19:08 +0300
cfb0f97897Truncate the output of a relative addressing if 0x67 prefix is used.
Andrei Vlad LUTAS
2020-07-23 15:31:05 +0300
752bc626c4Fixed RET with immediate - the immediate is not sign-extended. Fixed VEX decoding in 32 bit mode - vex.vvvv bit 3 is simply ignored. Fixed several FMA instructions decoding (L/W flag should be ignored). Print the 64 bit immediate value in disassembly, instead of the raw immediate (note that the operand always contains the sign-extended, full immediate). XBEGIN always uses 32/64 bit RIP size (0x66 does not affect its size). Decode WBINVD even if it's preceded by 0x66/0xF2 prefixes. Several mnemonic fixes (FXSAVE64, FXRSTOR64, PUSHA/PUSHAD...). Properly decode VPERMIL2* instructions. Fixed SSE register decoding when it is encoded in immediate. Decode SCATTER instructions even though they use the VSIB index as source. Some disp8 fixes (t1s -> t1s8/t1s16). SYSCALL/SYSRET are decoded and executed in 32 bit compat modem, even though SDM states they are invalid. RDPID uses 32/64 bit reg size, never 16. Various other minor tweaks & fixes. Re-generated the test files, and added some more, new tests.
Andrei Vlad LUTAS
2020-07-23 14:08:01 +0300
52ed638c13Fixed some typos. Added SECURITY.md file.
Andrei Vlad LUTAS
2020-07-22 21:47:25 +0300
Fix typo "Lighetweight" in README.md
#2
andreaswimmer
2020-07-22 18:10:28 +0200
960e9eaeeedisasmtool_lix dumper fix - dump cet_ss and cet_ibt.
Andrei Vlad LUTAS
2020-07-22 09:32:18 +0300
94d7894fa5Added the Shadow Stack Pointer operand to the SYSRET and SYSENTER instructions. Regenrated CET test files, as the CPUID feature flag was split as per the last documentation into CET_SS and CET_IBT.
Andrei Vlad LUTAS
2020-07-22 09:15:29 +0300
Merge pull request #1 from valkheim/fix-no-color
vlutas
2020-07-22 08:55:10 +0300
8392c97f97Use the documented byte granularity for cache-line accesses. Fixed CET CPUID feature flag - split into CET_SS and CET_IBT.
Andrei Vlad LUTAS
2020-07-22 00:47:46 +0300
f936d0c020Fix disasmtool_lix no_color option
#1
Charles Paulet
2020-07-21 22:13:05 +0200
9ff2543660Added the Shadow Stack Pointer operand to the SYSCALL and SYSEXIT instructions. Moved the CET test cases in dedicated folders. Improved shadow-stack operand reporting - a distinction can be made between push/pop shadow stack accesses, and other shadow stack accesses. A new field is now present in the memory information - the shadow stack access type, which indicates: explicit access, implicit via SSP, implicit push/pop via SSP or implicit via IA32_PL0_SSP.
Andrei Vlad LUTAS
2020-07-21 22:29:59 +0300
811c3d0f7cFixed several issues with CET instructions specification - shadow stack and shadow stack pointer implicit operands were missing from SETSSBSY instruction, and flags access was missing from them.
Andrei Vlad LUTAS
2020-07-21 17:36:19 +0300
efe359b506Typo fixes in the instruction tables. Added a reference to the git repo in the documentation.
Andrei Vlad LUTAS
2020-07-21 16:38:09 +0300
1d8adaf668Use the safe NdDecodeEx API instead of the NdDecode API in the public docs example.
Andrei Vlad LUTAS
2020-07-21 16:22:59 +0300
698ba367a1Initial commit.
Andrei Vlad LUTAS
2020-07-21 11:19:18 +0300