mirror of
https://github.com/bitdefender/bddisasm.git
synced 2025-01-10 15:20:52 +00:00
752bc626c4
Fixed VEX decoding in 32 bit mode - vex.vvvv bit 3 is simply ignored. Fixed several FMA instructions decoding (L/W flag should be ignored). Print the 64 bit immediate value in disassembly, instead of the raw immediate (note that the operand always contains the sign-extended, full immediate). XBEGIN always uses 32/64 bit RIP size (0x66 does not affect its size). Decode WBINVD even if it's preceded by 0x66/0xF2 prefixes. Several mnemonic fixes (FXSAVE64, FXRSTOR64, PUSHA/PUSHAD...). Properly decode VPERMIL2* instructions. Fixed SSE register decoding when it is encoded in immediate. Decode SCATTER instructions even though they use the VSIB index as source. Some disp8 fixes (t1s -> t1s8/t1s16). SYSCALL/SYSRET are decoded and executed in 32 bit compat modem, even though SDM states they are invalid. RDPID uses 32/64 bit reg size, never 16. Various other minor tweaks & fixes. Re-generated the test files, and added some more, new tests. |
||
---|---|---|
.. | ||
basic | ||
README.md | ||
test_all.py |
Shellcode Emulator Tests
These tests are used to validate basic bdshemu functionality. Each test consists of up to three files:
- The binary test file. The name format for this type of file is
name_32|64[_r0]
. No extension must be provided; 32 indicates 32 bit test file, 64 indicates 64 bit test file, and r0 indicates kernel payload - The output result file. Must be named the same as the binary test file, but with the extension .result
- Optional assembly file, used to generate the binary test file
The test_all.py
script will iterate all the test folders, and it will run bdshemu on each identified test file.
The result file will be compared with the output of the test run. If they are not the same, the test will fail.
NOTE: This test will assume disasm
is in the path. Works on Windows only.