Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Incorrect operand-size for IP/EIP/RIP register?
See original GitHub issueI’m not sure if this is an actual issue, but I played with the JMP (0xE9) instruction and got the following results for the suppressed instruction-pointer operand in 32-bit mode:
1. xed-ex1 e900000000 -> REG0=EIP SUPPRESSED RW V 32
2. xed-ex1 66e900000000 -> REG0=EIP SUPPRESSED RW V 16
3. xed-ex1 67e900000000 -> REG0=IP SUPPRESSED RW V 32
4. xed-ex1 6766e900000000 -> REG0=IP SUPPRESSED RW V 16
Especially the third one looks fishy, because the operand-size is 32-bit, but the register (IP) itself is only 16-bits wide.
The Intel doc contains the following pseudo code, where EIP is always accessed as a full register (32-bit) regardless of the effective operand-size:
IF OperandSize = 32
THEN
EIP ← tempEIP;
ELSE
IF OperandSize = 16
THEN (* OperandSize = 16 *)
EIP ← tempEIP AND 0000FFFFH;
ELSE (* OperandSize = 64)
RIP ← tempRIP;
FI;
FI;
Therefore I think the actual XED-operand-size for IP/EIP/RIP should always be the total width of the used register regardless of the effective-operand-size.
Issue Analytics
- State:
- Created 6 years ago
- Comments:10 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sorry about the delay. Pushed changes to master. Thanks for the issue(s). Let me know if you encounter any others!
I have to review a bunch of instructions that use rIP() before I push my fix. Working on this…