-
-
Notifications
You must be signed in to change notification settings - Fork 427
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Operand Visibility Bug #171
Comments
Hi @fred26! This is expected behavior. For
For
The first instruction has the @flobernd since we've now heard this question twice in a rather short period of time, we should probably think about renaming these (and make the old constants a deprecated alias). |
@athre0z thanks for the explanation, makes sense. |
@athre0z Sure, meanwhile we could improve the documentation for these values. Although I think it already is quite understandable 😛 /**
* The operand is explicitly encoded in the instruction.
*/
ZYDIS_OPERAND_VISIBILITY_EXPLICIT,
/**
* The operand is part of the opcode, but listed as an operand.
*/
ZYDIS_OPERAND_VISIBILITY_IMPLICIT,
/**
* The operand is part of the opcode, and not typically listed as an operand.
*/
ZYDIS_OPERAND_VISIBILITY_HIDDEN, |
Yeah, I think the documentation is fine -- it's just the names that are confusing. |
I have tested 2 types of AND operations providing 2 different decoded results:
Just to test this, in the formatter01.c sample, I redefined ZyanU8 data[] to these:
ZyanU8 data[] =
{
0x25, 0xFF, 0x03, 0x00, 0x00, // and eax, 000003FF
0x83, 0xE0, 0x0F // and eax, 0F
};
The first decoded instruction (and eax, 000003FF) decodes first operand ZYDIS_REGISTER_EAX with visibility == ZYDIS_OPERAND_VISIBILITY_IMPLICIT
However, second instruction (and eax, 0F) decodes first operand ZYDIS_REGISTER_EAX with visibility == ZYDIS_OPERAND_VISIBILITY_EXPLICIT
To replicate this just use the formatter01.c sample and change the ZyanU8 data[] to the above.
Thanks
The text was updated successfully, but these errors were encountered: