mirror of
https://github.com/bitdefender/bddisasm.git
synced 2025-01-18 19:10:57 +00:00
08096172cc
- New shemu flag - SHEMU_FLAG_SIDT, set when sheu encounters a SIDT in ring0. - Added the CET Tracked flag to SYSCLAL, SYSENTER and INT n instructions. - Fixed Do Not Track prefix recognition for CALL and JMP in long-mode. - Fixed MONITOR and MONITORX implicit operands - the rAX register encodes a virtual address that will be used as the monitored range. That address is subject to a 1 byte load. - Fixed RMPADJUST and RMPUPDATE implicit operands - the rAX register encodes a virtual address, and the rCX register encodes a virtual address of the RMP updated entry.
274 lines
17 KiB
Plaintext
274 lines
17 KiB
Plaintext
0000000000000000 ff10 CALL qword ptr [rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 3, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000002 ffd0 CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000004 64ff10 CALL qword ptr fs:[rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 4, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000007 64ffd0 CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
000000000000000A 3eff10 DNT CALL qword ptr [rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 3, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
000000000000000D 3effd0 DNT CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000010 3e2eff10 DNT CALL qword ptr [rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 3, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000014 3e2effd0 DNT CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000018 2e3eff10 DNT CALL qword ptr [rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 3, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
000000000000001C 2e3effd0 DNT CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: no
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000020 3e64ff10 CALL qword ptr fs:[rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 4, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000024 3e64ffd0 CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
0000000000000028 643eff10 CALL qword ptr fs:[rax]
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Memory, Size: 8, RawSize: 8, Encoding: M,
|
|
Segment: 4, Base: 0,
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|
|
000000000000002C 643effd0 CALL rax
|
|
DSIZE: 64, ASIZE: 64, VLEN: -
|
|
ISA Set: I86, Ins cat: CALL, CET tracked: yes
|
|
Valid modes
|
|
R0: yes, R1: yes, R2: yes, R3: yes
|
|
Real: yes, V8086: yes, Prot: yes, Compat: yes, Long: yes
|
|
SMM on: yes, SMM off: yes, SGX on: yes, SGX off: yes, TSX on: yes, TSX off: yes
|
|
VMXRoot: yes, VMXNonRoot: yes, VMXRoot SEAM: yes, VMXNonRoot SEAM: yes, VMX off: yes
|
|
Valid prefixes
|
|
REP: no, REPcc: no, LOCK: no
|
|
HLE: no, XACQUIRE only: no, XRELEASE only: no
|
|
BND: yes, BHINT: no, DNT: yes
|
|
Operand: 0, Acc: R-, Type: Register, Size: 8, RawSize: 8, Encoding: M, RegType: General Purpose, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 1, Acc: -W, Type: Register, Size: 8, RawSize: 8, Encoding: S, RegType: IP, RegSize: 8, RegId: 0, RegCount: 1
|
|
Operand: 2, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Stack: yes,
|
|
Segment: 2, Base: 4,
|
|
Operand: 3, Acc: -W, Type: Memory, Size: 8, RawSize: 8, Encoding: S, Shadow stack: 3,
|
|
|
|
|