Skip to content

Wrong output of ZydisRegisterGetLargestEnclosing #443

Closed
#456
Closed
Wrong output of ZydisRegisterGetLargestEnclosing#443
#456
Assignees
flobernd
Labels
A-utilsArea: Utilities (tools, examples, fuzzing)C-bugCategory: This is a bug (or a fix for a bug, when applied to PRs)
@r3bb1t

Description

@r3bb1t
r3bb1t
opened on May 25, 2023

Function ZydisRegisterGetLargestEnclosing can't return the correct output for a variety of registers. Here is the proof code:

#include <stdio.h>
#include <Zydis/Zydis.h>


int main()
{
    // Same with ZYDIS_REGISTER_FLAGS, ZYDIS_REGISTER_IP, ZYDIS_REGISTER_EIP (maybe there are more)
    ZydisRegister result = ZydisRegisterGetLargestEnclosing(ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_REGISTER_EFLAGS);

    if (result == ZYDIS_REGISTER_NONE)
        puts("ZydisRegisterGetLargestEnclosing returned: ZYDIS_REGISTER_NONE");

    else if (result == ZYDIS_REGISTER_RFLAGS)
        puts("ZydisRegisterGetLargestEnclosing returned: ZYDIS_REGISTER_RFLAGS");

    else
        printf("ZydisRegisterGetLargestEnclosing returned unxepected return value: %s\n",
            ZydisRegisterGetString(result));


    return 0;
}

Same for Rust bindings: zyantific/zydis-rs#32

Metadata

Metadata

Assignees

Labels

A-utilsArea: Utilities (tools, examples, fuzzing)C-bugCategory: This is a bug (or a fix for a bug, when applied to PRs)

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions