Ghidra: x86: many instructions fail to disassemble correctly or even at all
Describe the bug
many instructions fail to disassemble correctly or even at all, see examples below
Ghidra: 9.1.2 2020-Feb-12 1149 EST
-red = iced disassembler, +green = ghidra.
All examples should be disassembled in 64-bit mode.
- 67 + REX is shown as INC/DEC REG
-00000011 66674e10ec ADC SPL,R13B
+00000011 66674e DEC SI
+00000014 10ec ADC AH,CH
-000039ca 67410130 ADD dword ptr [R8D],ESI
+000039ca 6741 INC ECX
+000039cc 0130 ADD dword ptr [RAX],ESI
- LOCK is shown on its own line. It's a prefix and should be on the same line as the instruction. This can be used to hide other prefixes, eg. segment overrides.
-00000018 f01038 LOCK ADC byte ptr [RAX],BH
+00000018 f0 LOCK
+00000019 1038 ADC byte ptr [RAX],BH
-0000001b 64F00000 LOCK ADD byte ptr FS:[RAX],AL
+0000001b 64F0 LOCK
+0000001d 0000 ADD byte ptr [RAX],AL
- xrelease/xacquire prefixes aren't shown
-00000122 f0f380105a XRELEASE LOCK ADC byte ptr [RAX],0x5a
-00000127 f0f280105a XACQUIRE LOCK ADC byte ptr [RAX],0x5a
+00000122 f0 LOCK
+00000123 f380105a ADC byte ptr [RAX],0x5a
+00000127 f0 LOCK
+00000128 f280105a ADC byte ptr [RAX],0x5a
- REX prefix before other prefix causes disasm failure. The REX prefix should be ignored.
-000002ee 4f6601ce ADD SI,CX
+000002ee -> 000002ee [UNDEFINED BYTES REMOVED]
+000002ef 6601ce ADD SI,CX
-00003842 48670118 ADD dword ptr [EAX],EBX
+00003842 -> 00003842 [UNDEFINED BYTES REMOVED]
+00003843 670118 ADD dword ptr [EAX],EBX
- Wrong address
-00001f2f 01342534125aa5 ADD dword ptr [0xffffffffa55a1234],ESI
+00001f2f 01342534125aa5 ADD dword ptr [DAT_a55a1234],ESI
-00007f39 0134a534125aa5 ADD dword ptr [0xffffffffa55a1234],ESI
+00007f39 0134a534125aa5 ADD dword ptr [DAT_a55a1234],ESI
-00007f6e 0134e534125aa5 ADD dword ptr [0xffffffffa55a1234],ESI
+00007f6e 0134e534125aa5 ADD dword ptr [DAT_a55a1234],ESI
- FS/GS prefixes have higher priority than ES/CS/SS/DS prefixes in 64-bit mode
-00003812 64260118 ADD dword ptr FS:[RAX],EBX
-00003816 642e0118 ADD dword ptr FS:[RAX],EBX
-0000381a 64360118 ADD dword ptr FS:[RAX],EBX
-0000381e 643e0118 ADD dword ptr FS:[RAX],EBX
+00003812 64260118 ADD dword ptr ES:[RAX],EBX
+00003816 642e0118 ADD dword ptr CS:[RAX],EBX
+0000381a 64360118 ADD dword ptr SS:[RAX],EBX
+0000381e 643e0118 ADD dword ptr DS:[RAX],EBX
-0000382a 65260118 ADD dword ptr GS:[RAX],EBX
-0000382e 652e0118 ADD dword ptr GS:[RAX],EBX
-00003832 65360118 ADD dword ptr GS:[RAX],EBX
-00003836 653e0118 ADD dword ptr GS:[RAX],EBX
+0000382a 65260118 ADD dword ptr ES:[RAX],EBX
+0000382e 652e0118 ADD dword ptr CS:[RAX],EBX
+00003832 65360118 ADD dword ptr SS:[RAX],EBX
+00003836 653e0118 ADD dword ptr DS:[RAX],EBX
- Fails to disasm some MPX instruction encodings: bndcl/bndcn/bndcu/bndldx/bndmk/bndmov/bndstx
-00009b36 f30f1a08 BNDCL BND1,qword ptr [RAX]
+00009b36 f30f1a08 NOP dword ptr [RAX]
-00009b61 f20f1bca BNDCN BND1,RDX
+00009b61 f20f1bca NOP EDX
-00009b93 f2420f1aca BNDCU BND1,RDX
+00009b93 f2420f1aca NOP EDX
-00009bd8 0f1a08 BNDLDX BND1,qword ptr [RAX]
+00009bd8 0f1a08 NOP dword ptr [RAX]
-00009be5 f30f1b08 BNDMK BND1,qword ptr [RAX]
+00009be5 f30f1b08 NOP dword ptr [RAX]
-00009bf9 660f1a08 BNDMOV BND1,oword ptr [RAX]
+00009bf9 660f1a08 NOP word ptr [RAX]
-00009c31 660f1b08 BNDMOV oword ptr [RAX],BND1
+00009c31 660f1b08 NOP word ptr [RAX]
-00009c5e 0f1b08 BNDSTX qword ptr [RAX],BND1
+00009c5e 0f1b08 NOP dword ptr [RAX]
- bswap r16 disasm is incorrect
-00009d53 66460fca BSWAP DX
+00009d53 66460fca BSWAP EDX
- BT/BTC/BTR/BTS: wrong regs
-00009e83 66410fa3d6 BT R14W,DX
-00009e88 66450fa3d0 BT R8W,R10W
-00009e8d 66410fa3d9 BT R9W,BX
+00009e83 66410fa3d6 BT SI,DX
+00009e88 66450fa3d0 BT AX,R10W
+00009e8d 66410fa3d9 BT CX,BX
-00009eb4 410fa3d6 BT R14D,EDX
-00009eb8 450fa3d0 BT R8D,R10D
-00009ebc 410fa3d9 BT R9D,EBX
+00009eb4 410fa3d6 BT ESI,EDX
+00009eb8 450fa3d0 BT EAX,R10D
+00009ebc 410fa3d9 BT ECX,EBX
-00009ecf 4d0fa3d0 BT R8,R10
-00009ed3 490fa3d9 BT R9,RBX
+00009ecf 4d0fa3d0 BT RAX,R10
+00009ed3 490fa3d9 BT RCX,RBX
-00009ee3 490fa3d6 BT R14,RDX
+00009ee3 490fa3d6 BT RSI,RDX
-00009fc5 66410fbbd9 BTC R9W,BX
-00009fca 66410fbbd6 BTC R14W,DX
+00009fc5 66410fbbd9 BTC CX,BX
+00009fca 66410fbbd6 BTC SI,DX
-00009fdd 450fbbd0 BTC R8D,R10D
-00009fe1 410fbbd6 BTC R14D,EDX
+00009fdd 450fbbd0 BTC EAX,R10D
+00009fe1 410fbbd6 BTC ESI,EDX
-0000a003 490fbbd6 BTC R14,RDX
-0000a007 4d0fbbd0 BTC R8,R10
-0000a00b 490fbbd9 BTC R9,RBX
+0000a003 490fbbd6 BTC RSI,RDX
+0000a007 4d0fbbd0 BTC RAX,R10
+0000a00b 490fbbd9 BTC RCX,RBX
-0000a041 66410fb3d9 BTR R9W,BX
-0000a046 66450fb3d0 BTR R8W,R10W
-0000a04b 66410fb3d6 BTR R14W,DX
+0000a041 66410fb3d9 BTR CX,BX
+0000a046 66450fb3d0 BTR AX,R10W
+0000a04b 66410fb3d6 BTR SI,DX
-0000a083 410fb3d9 BTR R9D,EBX
-0000a087 410fb3d6 BTR R14D,EDX
-0000a08b 450fb3d0 BTR R8D,R10D
+0000a083 410fb3d9 BTR ECX,EBX
+0000a087 410fb3d6 BTR ESI,EDX
+0000a08b 450fb3d0 BTR EAX,R10D
-0000a0b4 4d0fb3d0 BTR R8,R10
+0000a0b4 4d0fb3d0 BTR RAX,R10
-0000a0bc 490fb3d9 BTR R9,RBX
+0000a0bc 490fb3d9 BTR RCX,RBX
-0000a158 66410fabd9 BTS R9W,BX
-0000a15d 66450fabd0 BTS R8W,R10W
-0000a162 66410fabd6 BTS R14W,DX
+0000a158 66410fabd9 BTS CX,BX
+0000a15d 66450fabd0 BTS AX,R10W
+0000a162 66410fabd6 BTS SI,DX
-0000a16c 450fabd0 BTS R8D,R10D
-0000a170 410fabd9 BTS R9D,EBX
+0000a16c 450fabd0 BTS EAX,R10D
+0000a170 410fabd9 BTS ECX,EBX
-0000a188 410fabd6 BTS R14D,EDX
+0000a188 410fabd6 BTS ESI,EDX
-0000a1a1 490fabd6 BTS R14,RDX
+0000a1a1 490fabd6 BTS RSI,RDX
-0000a1b5 4d0fabd0 BTS R8,R10
-0000a1b9 490fabd9 BTS R9,RBX
+0000a1b5 4d0fabd0 BTS RAX,R10
+0000a1b9 490fabd9 BTS RCX,RBX
- Can't disasm 66 + E8 call (66 should be ignored in 64-bit mode)
-0000a28c 66e85678a55a CALL 0x000000005aa61ae8
+0000a28c -> 0000a28c [UNDEFINED BYTES REMOVED]
+0000a28d e85678a55a CALL SUB_5aa61ae8
- Wrong 66 call disasm output (66 should be ignored in 64-bit mode)
-0000a2bc 66ffd1 CALL RCX
+0000a2bc 66ffd1 CALL CX
-0000a2c3 66ff10 CALL qword ptr [RAX]
+0000a2c3 66ff10 CALL word ptr [RAX]
- Can't disasm call far 64-bit op size
-0000a2dd 48ff18 CALL tbyte ptr [RAX]
+0000a2dd -> 0000a2dd [UNDEFINED BYTES REMOVED]
+0000a2de ff18 CALLF [EAX]
- bnd prefix not supported at all, eg.:
-0000a292 f2e85678a55a BND CALL 0x000000005aa61aee
+0000a292 f2e85678a55a CALL SUB_5aa61aee
- clrssbsy isn't disasm'd
-0000a31a f30fae30 CLRSSBSY qword ptr [RAX]
-0000a31e f3440fae30 CLRSSBSY qword ptr [RAX]
+0000a31a f30fae30 XSAVEOPT [RAX]
+0000a31e f3440fae30 XSAVEOPT [RAX]
- clwb isn't disasm'd
-0000a328 66440fae30 CLWB [RAX]
-0000a32d 660fae30 CLWB [RAX]
+0000a328 66440fae30 XSAVEOPT [RAX]
+0000a32d 660fae30 XSAVEOPT [RAX]
- Extra comma
-0000a97e 660fc2cda5 CMPPD XMM1,XMM5,0xa5
+0000a97e 660fc2cda5 CMPPD XMM1,XMM5,, 0xa5
-00011d14 c48149c2d3a5 VCMPPD XMM2,XMM6,XMM11,0xa5
+00011d14 c48149c2d3a5 VCMPPD XMM2,XMM6,XMM11,, 0xa5
-00011d6c c48148c2d3a5 VCMPPS XMM2,XMM6,XMM11,0xa5
+00011d6c c48148c2d3a5 VCMPPS XMM2,XMM6,XMM11,, 0xa5
...etc
- Can't disasm if REPZ + REPNZ prefix and CMPS/SCAS, examples:
-0000a9aa f3f2a6 REPNZ CMPSB
-0000a9ad f2f3a6 REPZ CMPSB
+0000a9aa -> 0000a9aa [UNDEFINED BYTES REMOVED]
+0000a9ab f2a6 CMPSB.REPNE RDI,RSI
+0000a9ad -> 0000a9ad [UNDEFINED BYTES REMOVED]
+0000a9ae f3a6 CMPSB.REPE RDI,RSI
-00010316 f2f3ae REPZ SCASB
-00010319 f3f2ae REPNZ SCASB
+00010316 -> 00010316 [UNDEFINED BYTES REMOVED]
+00010317 f3ae SCASB.REPE RDI
+00010319 -> 00010319 [UNDEFINED BYTES REMOVED]
+0001031a f2ae SCASB.REPNE RDI
- Segment overrides aren't shown
-0000a9ba 64a6 CMPS byte ptr FS:[RSI],byte ptr ES:[RDI]
+0000a9ba 64a6 CMPSB RDI,RSI
-0000beb8 65f3ac REP LODS byte ptr GS:[RSI]
+0000beb8 65f3ac LODSB.REP RSI
-0000d0b3 65a4 MOVS byte ptr ES:[RDI],byte ptr GS:[RSI]
+0000d0b3 65a4 MOVSB RDI,RSI
- Incorrect memory size
-0000b1ee 660f3a174801a5 EXTRACTPS dword ptr [RAX + 1],XMM1,0xa5
+0000b1ee 660f3a174801a5 EXTRACTPS qword ptr [RAX + 0x1],XMM1,0xa5
- Doesn't support undocumented FPU instructions
opcode | instruction
-------|------------
D9 D8+i | FSTPNCE ST(i)
DC D0+i | FCOM ST(i)
DC D8+i | FCOMP ST(i)
DD C8+i | FXCH ST(i)
DE D0+i | FCOMP ST(i)
DF C0+i | FFREEP ST(i)
DF C8+i | FXCH ST(i)
DF D0+i | FSTP ST(i)
DF D8+i | FSTP ST(i)
DB E0 | FNENI (behaves as an FNOP now)
DB E1 | FNDISI (behaves as an FNOP now)
-0000b74d d9db FSTPNCE ST3
-0000b330 dcd3 FCOM ST3
-0000b378 dcdb FCOMP ST3
-0000b81e ddcb FXCH ST3
-0000b37a ded3 FCOMP ST3
-0000b424 dfc3 FFREEP ST3
-0000b82e dfcb FXCH ST3
-0000b738 dfd3 FSTP ST3
-0000b73a dfdb FSTP ST3
-0000b416 dbe0 FNENI
-0000b396 dbe1 FNDISI
- Incorrect disasm of FXRSTOR64/FXSAVE64
-0000b83e 480fae08 FXRSTOR64 [RAX]
+0000b83e 480fae08 FXRSTOR [RAX]
-0000b84d 480fae00 FXSAVE64 [RAX]
+0000b84d 480fae00 FXSAVE [RAX]
INcan't useRAX
-0000bac0 4fe55a IN EAX,0x5a
+0000bac0 4fe55a IN RAX,0x5a
-0000bad9 4fed IN EAX,DX
+0000bad9 4fed IN RAX,DX
- INCSSPD/INCSSPQ show the wrong reg and INCSSPQ is disasm'd as INCSSPD
-0000bb4d f3410faeed INCSSPD R13D
+0000bb4d f3410faeed INCSSPD EBP
-0000bb5f f3480faeec INCSSPQ RSP
+0000bb5f f3480faeec INCSSPD ESP
-0000bb73 f3490faeef INCSSPQ R15
+0000bb73 f3490faeef INCSSPD EDI
- Doesn't support the 'undocumented' ICEBP/INT1 instruction
-0000bc0e 4ff1 INT1
-0000bc10 f1 INT1
+0000bc0e -> 0000bc10 [UNDEFINED BYTES REMOVED]
- INVPCID: wrong reg
-0000bc4b 66440f388210 INVPCID R10,oword ptr [RAX]
-0000bc51 66480f388210 INVPCID RDX,oword ptr [RAX]
-0000bc57 660f388210 INVPCID RDX,oword ptr [RAX]
+0000bc4b 66440f388210 INVPCID RAX,xmmword ptr [RAX]
+0000bc51 66480f388210 INVPCID RAX,xmmword ptr [RAX]
+0000bc57 660f388210 INVPCID RAX,xmmword ptr [RAX]
- Wrong mnemonic
-0000bc7d 6667e3a5 JECXZ 0x000000000000bc26
-0000bc81 6667e35a JECXZ 0x000000000000bcdf
+0000bc7d 6667e3a5 JCXZ LAB_0000bc22+4
+0000bc81 6667e35a JCXZ LAB_0000bcdf
-8765abcdef5a32ab 66e35a JRCXZ 0x8765abcdef5a3308
-8765abcdef5a32ae 47e35a JRCXZ 0x8765abcdef5a330b
-8765abcdef5a32b1 66e3a5 JRCXZ 0x8765abcdef5a3259
-8765abcdef5a32b4 e3a5 JRCXZ 0x8765abcdef5a325b
-8765abcdef5a32b6 e35a JRCXZ 0x8765abcdef5a3312
+8765abcdef5a32ab 66e35a JCXZ LAB_8765abcdef5a3308
+8765abcdef5a32ae 47e35a JECXZ LAB_8765abcdef5a330b
+8765abcdef5a32b1 66e3a5 JCXZ LAB_8765abcdef5a3257+2
+8765abcdef5a32b4 e3a5 JECXZ LAB_8765abcdef5a325a+1
+8765abcdef5a32b6 e35a JECXZ LAB_8765abcdef5a3312
- Wrong memory size
-0000bd4c 0f0218 LAR EBX,word ptr [RAX]
+0000bd4c 0f0218 LAR EBX,dword ptr [RAX]
-0000bd6a 480f0218 LAR RBX,word ptr [RAX]
+0000bd6a 480f0218 LAR RBX,dword ptr [RAX]
-0000c039 0f0318 LSL EBX,word ptr [RAX]
+0000c039 0f0318 LSL EBX,dword ptr [RAX]
-0000c05b 480f0318 LSL RBX,word ptr [RAX]
+0000c05b 480f0318 LSL RBX,dword ptr [RAX]
- Wrong addressing size. 16-bit addressing is impossible in 64-bit mode.
-0000bdb7 67678d18 LEA EBX,[EAX]
+0000bdb7 67678d18 LEA EBX,[BX + SI]
- Wrong operand size
-8765abcdef5a3348 666601C2 ADD DX,AX
+8765abcdef5a3348 666601C2 ADD EDX,EAX
- Wrong memory size, it can't be overridden in 64-bit mode
-0000be06 0f0110 LGDT fword ptr [RAX]
-0000be09 660f0110 LGDT fword ptr [RAX]
-0000be0d 480f0110 LGDT fword ptr [RAX]
-0000be11 440f0110 LGDT fword ptr [RAX]
+0000be06 0f0110 LGDT dword ptr [RAX]
+0000be09 660f0110 LGDT word ptr [RAX]
+0000be0d 480f0110 LGDT qword ptr [RAX]
+0000be11 440f0110 LGDT dword ptr [RAX]
-0000be2d 480f0118 LIDT fword ptr [RAX]
-0000be31 660f0118 LIDT fword ptr [RAX]
-0000be35 0f0118 LIDT fword ptr [RAX]
-0000be38 440f0118 LIDT fword ptr [RAX]
+0000be2d 480f0118 LIDT qword ptr [RAX]
+0000be31 660f0118 LIDT word ptr [RAX]
+0000be35 0f0118 LIDT dword ptr [RAX]
+0000be38 440f0118 LIDT dword ptr [RAX]
-00010990 0f0100 SGDT fword ptr [RAX]
-00010993 660f0100 SGDT fword ptr [RAX]
-00010997 480f0100 SGDT fword ptr [RAX]
-0001099b 440f0100 SGDT fword ptr [RAX]
+00010990 0f0100 SGDT dword ptr [RAX]
+00010993 660f0100 SGDT word ptr [RAX]
+00010997 480f0100 SGDT qword ptr [RAX]
+0001099b 440f0100 SGDT dword ptr [RAX]
-00011057 0f0108 SIDT fword ptr [RAX]
-0001105a 660f0108 SIDT fword ptr [RAX]
-0001105e 480f0108 SIDT fword ptr [RAX]
-00011062 440f0108 SIDT fword ptr [RAX]
+00011057 0f0108 SIDT dword ptr [RAX]
+0001105a 660f0108 SIDT word ptr [RAX]
+0001105e 480f0108 SIDT qword ptr [RAX]
+00011062 440f0108 SIDT dword ptr [RAX]
- Wrong disasm (
MCOMMITdoesn't seem to be supported but it should not showMONITORX)
-0000c213 f30f01fa MCOMMIT
-0000c217 f34f0f01fa MCOMMIT
+0000c213 f30f01fa MONITORX
+0000c217 f34f0f01fa MONITORX
MOV reg,segis using the wrong dest reg
-0000c3bf 8cce MOV ESI,CS
+0000c3bf 8cce MOV SI,CS
-0000c3c9 488cce MOV RSI,CS
+0000c3c9 488cce MOV SI,CS
- Addresses are shown as signed numbers
-0000c433 3ea0123456789abcdef0 MOV AL,byte ptr [0xf0debc9a78563412]
+0000c433 3ea0123456789abcdef0 MOV AL,DS:[-0xf21436587a9cbee]
- MOV to/from CR/DR regs always use 64-bit regs in 64-bit mode (and 32-bit regs in 16/32-bit mode)
-0000cd0b 0f2301 MOV DR0,RCX
+0000cd0b 0f2301 MOV DR0,ECX
- Wrong regs
-0000ce3e f2410fd6cd MOVDQ2Q MM1,XMM13
-0000ce43 f20fd6cd MOVDQ2Q MM1,XMM5
-0000ce47 f24e0fd6cd MOVDQ2Q MM1,XMM5
+0000ce3e f2410fd6cd MOVDQ2Q MM5,XMM1
+0000ce43 f20fd6cd MOVDQ2Q MM5,XMM1
+0000ce47 f24e0fd6cd MOVDQ2Q MM5,XMM9
- Wrong instruction (extra mandatory prefixes). F3/F2 have highest prio and always override any other mandatory prefix. 66 can never override a F3/F2 even if it's after them, eg. F266 or F366.
-0000d2a6 f2f2f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
+0000d2a6 f2f2f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
-0000d2b6 f2f366640f1008 MOVSS XMM1,dword ptr FS:[RAX]
-0000d2bd 67f2f30f1008 MOVSS XMM1,dword ptr [EAX]
+0000d2b6 f2f366640f1008 MOVSD XMM1,qword ptr FS:[RAX]
+0000d2bd 67f2f30f1008 MOVSD XMM1,qword ptr [EAX]
-0000d2c7 f266f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
+0000d2c7 f266f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
-0000d2d8 f2f3f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
+0000d2d8 f2f3f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
-0000d2fd f2f2f30f1008 MOVSS XMM1,dword ptr [RAX]
-0000d303 f2f3f30f1008 MOVSS XMM1,dword ptr [RAX]
-0000d309 f3f2f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
-0000d310 f266f30f1008 MOVSS XMM1,dword ptr [RAX]
-0000d316 f3f2f30f1008 MOVSS XMM1,dword ptr [RAX]
+0000d2fd f2f2f30f1008 MOVSD XMM1,qword ptr [RAX]
+0000d303 f2f3f30f1008 MOVSD XMM1,qword ptr [RAX]
+0000d309 f3f2f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
+0000d310 f266f30f1008 MOVSD XMM1,qword ptr [RAX]
+0000d316 f3f2f30f1008 MOVSD XMM1,qword ptr [RAX]
-0000d334 66f2f30f1008 MOVSS XMM1,dword ptr [RAX]
+0000d334 66f2f30f1008 MOVSD XMM1,qword ptr [RAX]
-0000d34c f2f30f1008 MOVSS XMM1,dword ptr [RAX]
+0000d34c f2f30f1008 MOVSD XMM1,qword ptr [RAX]
-0000d360 f2f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
+0000d360 f2f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
-0000d36d f2f3660f1008 MOVSS XMM1,dword ptr [RAX]
+0000d36d f2f3660f1008 MOVSD XMM1,qword ptr [RAX]
-0000d38f 66f2f3640f1008 MOVSS XMM1,dword ptr FS:[RAX]
+0000d38f 66f2f3640f1008 MOVSD XMM1,qword ptr FS:[RAX]
-0000d53c 66660f1008 MOVUPD XMM1,xmmword ptr [RAX]
+0000d53c 66660f1008 MOVUPS XMM1,xmmword ptr [RAX]
-0000d559 6666640f1008 MOVUPD XMM1,xmmword ptr FS:[RAX]
+0000d559 6666640f1008 MOVUPS XMM1,xmmword ptr FS:[RAX]
- Wrong disassembly of MOVSX/MOVZX with a 16-bit operand size
-0000d47f 660fbfce MOVSX CX,SI
+0000d47f 660fbfce MOVSX ECX,SI
-0000d641 660fb7ce MOVZX CX,SI
+0000d641 660fb7ce MOVZX ECX,SI
- MOVSXD with a 16-bit operand size is documented but ghidra fails to disasm it
-0000d4e3 664463c5 MOVSXD R8W,BP
+0000d4e3 -> 0000d4e3 [UNDEFINED BYTES REMOVED]
+0000d4e4 4463c5 MOVSXD R8D,EBP
-0000d4eb 666318 MOVSXD BX,word ptr [RAX]
+0000d4ec 6318 MOVSXD EBX,dword ptr [RAX]
- Reserved-nop: can't disasm if it has a REX.W prefix
-0000d841 490f1fc1 NOP R9
+0000d841 -> 0000d841 [UNDEFINED BYTES REMOVED]
+0000d842 0f1fc1 NOP ECX
- Can't disasm REX.W + PAVGUSB
-0000deb7 4f0f0fcdbf PAVGUSB MM1,MM5
+0000deb7 -> 0000deb7 [UNDEFINED BYTES REMOVED]
+0000deb8 0f0fcdbf PAVGUSB MM1,MM5
- PEXTRB dest reg op is 32-bit (memory op is 8-bit though). Note also that it's showing
CHinstead ofBPL. That could be another bug.
-0000e1f6 66420f3a14cda5 PEXTRB EBP,XMM1,0xa5
-0000e1fd 660f3a14cda5 PEXTRB EBP,XMM1,0xa5
+0000e1f6 66420f3a14cda5 PEXTRB BPL,XMM1,0xa5
+0000e1fd 660f3a14cda5 PEXTRB CH,XMM1,0xa5
- PINSRB source reg op is 32-bit (memory op is 8-bit though). Note also that it's showing
CHinstead ofBPL. That could be another bug.
-0000e605 66440f3a20cda5 PINSRB XMM9,EBP,0xa5
-0000e60c 660f3a20cda5 PINSRB XMM1,EBP,0xa5
+0000e605 66440f3a20cda5 PINSRB XMM9,BPL,0xa5
+0000e60c 660f3a20cda5 PINSRB XMM1,CH,0xa5
- Can't disasm MMX instructions with a REX prefix. REX should be ignored.
-0000e340 4f0f0fcd1d PF2ID MM1,MM5
+0000e340 -> 0000e340 [UNDEFINED BYTES REMOVED]
+0000e341 0f0fcd1d PF2ID MM1,MM5
-0000e34d 4f0f0fcd1c PF2IW MM1,MM5
+0000e34d -> 0000e34d [UNDEFINED BYTES REMOVED]
+0000e34e 0f0fcd1c PF2IW MM1,MM5
-0000e38c 4f0f0fcdb0 PFCMPEQ MM1,MM5
+0000e38c -> 0000e38c [UNDEFINED BYTES REMOVED]
+0000e38d 0f0fcdb0 PFCMPEQ MM1,MM5
...etc for many other MMX instructions...
- PINSRW: Wrong reg
-0000e6b1 410fc4cfa5 PINSRW MM1,R15D,0xa5
-0000e6b6 410fc4cda5 PINSRW MM1,R13D,0xa5
+0000e6b1 410fc4cfa5 PINSRW MM1,EDI,0xa5
+0000e6b6 410fc4cda5 PINSRW MM1,EBP,0xa5
- Incorrect disasm of POPFQ
-0000ed7c 9d POPFQ
-0000ed7d 479d POPFQ
+0000ed7c 9d POPFD
+0000ed7d 479d POPFD
- prefetch instructions disasm as nops
-0000edc8 0f1800 PREFETCHNTA [RAX]
-0000edcb 440f1800 PREFETCHNTA [RAX]
-0000edcf 0f1808 PREFETCHT0 [RAX]
-0000edd2 440f1808 PREFETCHT0 [RAX]
-0000edd6 0f1810 PREFETCHT1 [RAX]
-0000edd9 440f1810 PREFETCHT1 [RAX]
-0000eddd 440f1818 PREFETCHT2 [RAX]
-0000ede1 0f1818 PREFETCHT2 [RAX]
+0000edc8 0f1800 NOP dword ptr [RAX]
+0000edcb 440f1800 NOP dword ptr [RAX]
+0000edcf 0f1808 NOP dword ptr [RAX]
+0000edd2 440f1808 NOP dword ptr [RAX]
+0000edd6 0f1810 NOP dword ptr [RAX]
+0000edd9 440f1810 NOP dword ptr [RAX]
+0000eddd 440f1818 NOP dword ptr [RAX]
+0000ede1 0f1818 NOP dword ptr [RAX]
- PTWRITE with a 64-bit op size isn't supported
-0000f322 f3490faee5 PTWRITE R13
-0000f327 f3480fae20 PTWRITE qword ptr [RAX]
+0000f322 f3490faee5 PTWRITE R13D
+0000f327 f3480fae20 PTWRITE dword ptr [RAX]
- 67 + PUSH mem shows wrong operand size
-0000f539 67ff742410 PUSH qword ptr [ESP + 0x10]
+0000f539 67ff742410 PUSH dword ptr [ESP + 0x10]
- RDFSBASE/RDGSBASE/WRFSBASE/WRGSBASE: wrong reg
-0000f848 f3410faec5 RDFSBASE R13D
+0000f848 f3410faec5 RDFSBASE EBP
-0000f852 f3490faec5 RDFSBASE R13
+0000f852 f3490faec5 RDFSBASE RBP
-0000f860 f3410faecd RDGSBASE R13D
+0000f860 f3410faecd RDGSBASE EBP
-0000f86f f3490faecd RDGSBASE R13
+0000f86f f3490faecd RDGSBASE RBP
-0001713c f3410faed5 WRFSBASE R13D
+0001713c f3410faed5 WRFSBASE EBP
-00017146 f3490faed5 WRFSBASE R13
+00017146 f3490faed5 WRFSBASE RBP
-00017159 f3410faedd WRGSBASE R13D
+00017159 f3410faedd WRGSBASE EBP
-00017163 f3490faedd WRGSBASE R13
+00017163 f3490faedd WRGSBASE RBP
- RDPID: wrong reg
-0000f87e f3490fc7fa RDPID R10
+0000f87e f3490fc7fa RDPID RDX
-0000f888 f3410fc7fa RDPID R10
-0000f88d f30fc7fa RDPID RDX
+0000f888 f3410fc7fa RDPID EDX
+0000f88d f30fc7fa RDPID EDX
- RDPID disasm'd as RDSEED
-0000f891 66f3410fc7fa RDPID R10
-0000f897 66f30fc7fa RDPID RDX
+0000f891 66f3410fc7fa RDSEED DX
+0000f897 66f30fc7fa RDSEED DX
- RDSEED: wrong reg
-0000f8d6 66410fc7fa RDSEED R10W
+0000f8d6 66410fc7fa RDSEED DX
-0000f8e3 410fc7fa RDSEED R10D
+0000f8e3 410fc7fa RDSEED EDX
-0000f8f3 490fc7fa RDSEED R10
+0000f8f3 490fc7fa RDSEED RDX
- RDSSPD: wrong reg
-0000f8f7 f3410f1ec9 RDSSPD R9D
+0000f8f7 f3410f1ec9 RDSSPD ECX
- RDSSPQ: wrong reg and disasm'd as RDSSPD
-0000f905 f3490f1ec9 RDSSPQ R9
-0000f90a f3480f1ec9 RDSSPQ RCX
-0000f90f f34e0f1ec9 RDSSPQ RCX
+0000f905 f3490f1ec9 RDSSPD ECX
+0000f90a f3480f1ec9 RDSSPD ECX
+0000f90f f34e0f1ec9 RDSSPD ECX
- Far returns use the same mnemonic as near returns making it difficult to know what
RETdoes. Is it near or far?
-0000fa32 ca5aa5 RETF 0xa55a
+0000fa32 ca5aa5 RET 0xa55a
- Can't disasm 4C + SHRD, it's disasm'd as
PMINSW MM5,MM5
-00010fd1 4c0fadc5 SHRD RBP,R8,CL
+00010fd1 4c0fad PMINSW MM5,MM5
+00010fd4 c5 ?? C5h
- Wrong mem size
-00011086 0f0000 SLDT word ptr [RAX]
+00011086 0f0000 SLDT dword ptr [RAX]
-00011095 480f0000 SLDT word ptr [RAX]
+00011095 480f0000 SLDT qword ptr [RAX]
-000110b6 0f0120 SMSW word ptr [RAX]
+000110b6 0f0120 SMSW dword ptr [RAX]
-000110c1 480f0120 SMSW word ptr [RAX]
+000110c1 480f0120 SMSW qword ptr [RAX]
- Wrong reg op size
-000111df 0f00ca STR EDX
+000111df 0f00ca STR DX
-000111e5 480f00ca STR RDX
+000111e5 480f00ca STR DX
- Can't decode some LIG/WIG VEX instructions
-000118a2 c4e1cf5810 VADDSD XMM2,XMM6,qword ptr [RAX]
-000118a7 c5cf5810 VADDSD XMM2,XMM6,qword ptr [RAX]
-000118c4 c4e1ce5810 VADDSS XMM2,XMM6,dword ptr [RAX]
-000118dc c5ce5810 VADDSS XMM2,XMM6,dword ptr [RAX]
-00011dcf c5cfc210a5 VCMPSD XMM2,XMM6,qword ptr [RAX],0xa5
-00011dd9 c4e1cfc210a5 VCMPSD XMM2,XMM6,qword ptr [RAX],0xa5
-00011dfb c5cec210a5 VCMPSS XMM2,XMM6,dword ptr [RAX],0xa5
-00011e10 c4e1cec210a5 VCMPSS XMM2,XMM6,dword ptr [RAX],0xa5
-00011e45 c4e1fd2f10 VCOMISD XMM2,qword ptr [RAX]
-00011e4f c5fd2f10 VCOMISD XMM2,qword ptr [RAX]
-00011e6d c4e1fc2f10 VCOMISS XMM2,dword ptr [RAX]
-00011e77 c5fc2f10 VCOMISS XMM2,dword ptr [RAX]
-0001208d c4c17f2dcd VCVTSD2SI ECX,XMM13
-000120a9 c5ff2d10 VCVTSD2SI EDX,qword ptr [RAX]
-000120b6 c4e1ff2d10 VCVTSD2SI RDX,qword ptr [RAX]
-000120d4 c5cf5a10 VCVTSD2SS XMM2,XMM6,qword ptr [RAX]
-000120d8 c4c14f5ad3 VCVTSD2SS XMM2,XMM6,XMM11
-000120e2 c58f5ad3 VCVTSD2SS XMM2,XMM14,XMM3
-000120ea c54f5ad3 VCVTSD2SS XMM10,XMM6,XMM3
-000120f2 c5cf5ad3 VCVTSD2SS XMM2,XMM6,XMM3
-000120fa c4e1cf5a10 VCVTSD2SS XMM2,XMM6,qword ptr [RAX]
-0001211b c58f2ad3 VCVTSI2SD XMM2,XMM14,EBX
-00012123 c4e14f2a10 VCVTSI2SD XMM2,XMM6,dword ptr [RAX]
-00012137 c54f2ad3 VCVTSI2SD XMM10,XMM6,EBX
-0001213f c5cf2ad3 VCVTSI2SD XMM2,XMM6,EBX
-00012143 c4c14f2ad3 VCVTSI2SD XMM2,XMM6,R11D
-00012148 c5cf2a10 VCVTSI2SD XMM2,XMM6,dword ptr [RAX]
-00012155 c4c1cf2ad3 VCVTSI2SD XMM2,XMM6,R11
-0001215f c461cf2ad3 VCVTSI2SD XMM10,XMM6,RBX
-00012169 c4e1cf2ad3 VCVTSI2SD XMM2,XMM6,RBX
-00012173 c4e1cf2a10 VCVTSI2SD XMM2,XMM6,qword ptr [RAX]
-0001217d c4e18f2ad3 VCVTSI2SD XMM2,XMM14,RBX
-00012187 c4e14e2a10 VCVTSI2SS XMM2,XMM6,dword ptr [RAX]
-0001218c c5ce2a10 VCVTSI2SS XMM2,XMM6,dword ptr [RAX]
-00012199 c5ce2ad3 VCVTSI2SS XMM2,XMM6,EBX
-000121a2 c4c14e2ad3 VCVTSI2SS XMM2,XMM6,R11D
-000121b5 c58e2ad3 VCVTSI2SS XMM2,XMM14,EBX
-000121bd c54e2ad3 VCVTSI2SS XMM10,XMM6,EBX
-000121ca c4e18e2ad3 VCVTSI2SS XMM2,XMM14,RBX
-000121d4 c4c1ce2ad3 VCVTSI2SS XMM2,XMM6,R11
-000121de c4e1ce2ad3 VCVTSI2SS XMM2,XMM6,RBX
-000121f2 c461ce2ad3 VCVTSI2SS XMM10,XMM6,RBX
-000121f7 c4e1ce2a10 VCVTSI2SS XMM2,XMM6,qword ptr [RAX]
-00012200 c58e5ad3 VCVTSS2SD XMM2,XMM14,XMM3
-00012204 c5ce5a10 VCVTSS2SD XMM2,XMM6,dword ptr [RAX]
-00012208 c54e5ad3 VCVTSS2SD XMM10,XMM6,XMM3
-0001220c c54a5ad3 VCVTSS2SD XMM10,XMM6,XMM3
-00012210 c5ce5ad3 VCVTSS2SD XMM2,XMM6,XMM3
-00012218 c4e1ce5a10 VCVTSS2SD XMM2,XMM6,dword ptr [RAX]
-00012226 c4c14e5ad3 VCVTSS2SD XMM2,XMM6,XMM11
-0001223f c5fe2d10 VCVTSS2SI EDX,dword ptr [RAX]
-0001224c c4c17e2dcd VCVTSS2SI ECX,XMM13
-00012277 c4e1fe2d10 VCVTSS2SI RDX,dword ptr [RAX]
-00012319 c4c17f2ccd VCVTTSD2SI ECX,XMM13
-00012326 c5ff2c10 VCVTTSD2SI EDX,qword ptr [RAX]
-00012339 c4e1ff2c10 VCVTTSD2SI RDX,qword ptr [RAX]
-00012369 c4c17e2ccd VCVTTSS2SI ECX,XMM13
-00012377 c5fe2c10 VCVTTSS2SI EDX,dword ptr [RAX]
-00012380 c4e1fe2c10 VCVTTSS2SI RDX,dword ptr [RAX]
-00012449 c4e1cf5e10 VDIVSD XMM2,XMM6,qword ptr [RAX]
-0001244e c5cf5e10 VDIVSD XMM2,XMM6,qword ptr [RAX]
-0001245b c4e1ce5e10 VDIVSS XMM2,XMM6,dword ptr [RAX]
-00012460 c5ce5e10 VDIVSS XMM2,XMM6,dword ptr [RAX]
-0001357f c4e1cf5f10 VMAXSD XMM2,XMM6,qword ptr [RAX]
-00013594 c5cf5f10 VMAXSD XMM2,XMM6,qword ptr [RAX]
-000135c1 c4e1ce5f10 VMAXSS XMM2,XMM6,dword ptr [RAX]
-000135c6 c5ce5f10 VMAXSS XMM2,XMM6,dword ptr [RAX]
-00013687 c5cf5d10 VMINSD XMM2,XMM6,qword ptr [RAX]
-000136a3 c4e1cf5d10 VMINSD XMM2,XMM6,qword ptr [RAX]
-000136bf c4e1ce5d10 VMINSS XMM2,XMM6,dword ptr [RAX]
-000136c4 c5ce5d10 VMINSS XMM2,XMM6,dword ptr [RAX]
-00014004 c4e1cf5910 VMULSD XMM2,XMM6,qword ptr [RAX]
-00014009 c5cf5910 VMULSD XMM2,XMM6,qword ptr [RAX]
-00014036 c4e1ce5910 VMULSS XMM2,XMM6,dword ptr [RAX]
-0001403b c5ce5910 VMULSS XMM2,XMM6,dword ptr [RAX]
-00016d0f c4e1cf5110 VSQRTSD XMM2,XMM6,qword ptr [RAX]
-00016d21 c5cf5110 VSQRTSD XMM2,XMM6,qword ptr [RAX]
-00016d2e c5ce5110 VSQRTSS XMM2,XMM6,dword ptr [RAX]
-00016d32 c4e1ce5110 VSQRTSS XMM2,XMM6,dword ptr [RAX]
-00016e09 c5cf5c10 VSUBSD XMM2,XMM6,qword ptr [RAX]
-00016e0d c4e1cf5c10 VSUBSD XMM2,XMM6,qword ptr [RAX]
-00016e4c c4e1ce5c10 VSUBSS XMM2,XMM6,dword ptr [RAX]
-00016e51 c5ce5c10 VSUBSS XMM2,XMM6,dword ptr [RAX]
-00016eea c4e1fd2e10 VUCOMISD XMM2,qword ptr [RAX]
-00016efc c5fd2e10 VUCOMISD XMM2,qword ptr [RAX]
-00016f04 c4e1fc2e10 VUCOMISS XMM2,dword ptr [RAX]
-00016f0e c5fc2e10 VUCOMISS XMM2,dword ptr [RAX]
- VMREAD/VMWRITE are 64-bit in 64-bit mode
-00013f21 0f78ce VMREAD RSI,RCX
+00013f21 0f78ce VMREAD ESI,ECX
-00013f30 0f7818 VMREAD qword ptr [RAX],RBX
+00013f30 0f7818 VMREAD dword ptr [RAX],EBX
-00014048 0f79ce VMWRITE RCX,RSI
-0001404b 0f7918 VMWRITE RBX,qword ptr [RAX]
+00014048 0f79ce VMWRITE ECX,ESI
+0001404b 0f7918 VMWRITE EBX,dword ptr [RAX]
- Can't disasm VPEXTRB/VPEXTRW/VPINSRB/VPINSRW
-00014d67 c4e3f9145001a5 VPEXTRB byte ptr [RAX + 1],XMM2,0xa5
-00014d74 c463f914d3a5 VPEXTRB RBX,XMM10,0xa5
-00014d80 c4a3f9145001a5 VPEXTRB byte ptr [RAX + 1],XMM2,0xa5
-00014e21 c4a3f9155001a5 VPEXTRW word ptr [RAX + 1],XMM2,0xa5
-00014e28 c4e3f9155001a5 VPEXTRW word ptr [RAX + 1],XMM2,0xa5
-00014e2f c4e3f915d3a5 VPEXTRW RBX,XMM2,0xa5
-000150e0 c4c3c920d7a5 VPINSRB XMM2,XMM6,R15D,0xa5
-000150e6 c4a3c92010a5 VPINSRB XMM2,XMM6,byte ptr [RAX],0xa5
-00015185 c4a1c9c410a5 VPINSRW XMM2,XMM6,word ptr [RAX],0xa5
-0001518b c4c1c9c4d7a5 VPINSRW XMM2,XMM6,R15D,0xa5
- WRSSQ disasm'd as WRSSD
-00017182 4c0f38f618 WRSSQ qword ptr [RAX],R11
-00017187 480f38f618 WRSSQ qword ptr [RAX],RBX
+00017182 4c0f38f618 WRSSD dword ptr [RAX],R11D
+00017187 480f38f618 WRSSD dword ptr [RAX],EBX
- WRUSSQ disasm'd as WRUSSD
-00017197 66480f38f518 WRUSSQ qword ptr [RAX],RBX
-0001719d 664c0f38f518 WRUSSQ qword ptr [RAX],R11
+00017197 66480f38f518 WRUSSD dword ptr [RAX],EBX
+0001719d 664c0f38f518 WRUSSD dword ptr [RAX],R11D
- XBEGIN: wrong target addr. This instruction doesn't mask RIP, and the rel offset should be sign extended to 64 bits.
-00017279 66c7f80080 XBEGIN 0x000000000000f27e
+00017279 66c7f80080 XBEGIN DAT_0001f27e
- XLAT weird disassembly. There should be no comma here
-00017434 d7 XLATB
+00017434 d7 XLAT ,RBX
-0001743b 64d7 XLAT byte ptr FS:[RBX]
+0001743b 64d7 XLAT FS:,RBX
- 66 + E9 (JMP NEAR) is not decoded correctly. 66 should be ignored.
-8765abcdef5a3244 66e95678a55a JMP near ptr 0x8765abce49ffaaa0
+8765abcdef5a3244 66e95678 JMP LAB_8765abcdef5aaa9e
+8765abcdef5a3248 -> 8765abcdef5a3249 [UNDEFINED BYTES REMOVED]
- REX.W + call far doesn't disassemble
-8765abcdef5a3197 48ff18 CALL tbyte ptr [RAX]
+8765abcdef5a3197 -> 8765abcdef5a3197 [UNDEFINED BYTES REMOVED]
+8765abcdef5a3198 ff18 CALLF [EAX]
- Missing Intel instructions
-8765abcdef5a31be 66410f3acfcda5 GF2P8AFFINEINVQB XMM1,XMM13,0xa5
-8765abcdef5a31d3 66410f3acecda5 GF2P8AFFINEQB XMM1,XMM13,0xa5
-8765abcdef5a3203 66410f38cfcd GF2P8MULB XMM1,XMM13
-8765abcdef5a3377 6766480f38f818 MOVDIR64B EBX,zmmword ptr [EAX]
-8765abcdef5a3391 440f38f918 MOVDIRI dword ptr [RAX],R11D
-8765abcdef5a33a8 660fa1 POPW FS
-8765abcdef5a33ae 0fa1 POP FS
-8765abcdef5a33b0 660fa9 POPW GS
-8765abcdef5a33ba 0fa9 POP GS
-8765abcdef5a33c0 660fa0 PUSHW FS
-8765abcdef5a33c6 0fa0 PUSH FS
-8765abcdef5a33cc 660fa8 PUSHW GS
-8765abcdef5a33d2 0fa8 PUSH GS
-8765abcdef5a3498 66410faef5 TPAUSE R13D
-8765abcdef5a34b1 67f3460faef5 UMONITOR EBP
-8765abcdef5a34c2 f3410faef5 UMONITOR R13
-8765abcdef5a34d4 f2410faef5 UMWAIT R13D
-8765abcdef5a350b c4c28dded3 VAESDEC YMM2,YMM14,YMM11
-8765abcdef5a3524 c4c28ddfd3 VAESDECLAST YMM2,YMM14,YMM11
-8765abcdef5a3547 c4c28ddcd3 VAESENC YMM2,YMM14,YMM11
-8765abcdef5a3565 c4c28dddd3 VAESENCLAST YMM2,YMM14,YMM11
-8765abcdef5a357f c4c3c9cfd3a5 VGF2P8AFFINEINVQB XMM2,XMM6,XMM11,0xa5
-8765abcdef5a35d3 c4e389ced3a5 VGF2P8AFFINEQB XMM2,XMM14,XMM3,0xa5
-8765abcdef5a3613 c4e209cfd3 VGF2P8MULB XMM2,XMM14,XMM3
-8765abcdef5a3681 c4e30d44d3a5 VPCLMULQDQ YMM2,YMM14,YMM3,0xa5
- lfence/mfence/sfence ignore the low 3 bits of the last byte
-8765abcdef5a32b8 0faee9 LFENCE
-8765abcdef5a32bf 0faeea LFENCE
-8765abcdef5a32ca 0faeeb LFENCE
-8765abcdef5a32cd 0faeec LFENCE
-8765abcdef5a32d4 0faeed LFENCE
-8765abcdef5a32db 0faeee LFENCE
-8765abcdef5a32e2 0faeef LFENCE
-8765abcdef5a3346 0faef1 MFENCE
-8765abcdef5a334d 0faef2 MFENCE
-8765abcdef5a3354 0faef3 MFENCE
-8765abcdef5a335b 0faef4 MFENCE
-8765abcdef5a3366 0faef5 MFENCE
-8765abcdef5a3369 0faef6 MFENCE
-8765abcdef5a3374 0faef7 MFENCE
-8765abcdef5a3442 0faef9 SFENCE
-8765abcdef5a3449 0faefa SFENCE
-8765abcdef5a3454 0faefb SFENCE
-8765abcdef5a345b 0faefc SFENCE
-8765abcdef5a3462 0faefd SFENCE
-8765abcdef5a3469 0faefe SFENCE
-8765abcdef5a3470 0faeff SFENCE
0xd4d
👍7
All 4 comments
I tested the 32-bit disassembler too, it has many other unique failures:
32-bit code:
- The 16-bit far call (1st instruction) isn't shown with a segment selector like the 2nd instruction, instead it just assumes it's real mode and converts it to a linear address. 16-bit protected mode uses selectors.
-8765abcd 669a12345678 CALL far ptr 0x7856:0x3412
-8765abd3 9a123456789abc CALL far ptr 0xbc9a:0x78563412
+8765abcd 669a12345678 CALLF SUB_0007b972
+8765abd3 9a123456789abc CALLF 0xbc9a:SUB_78563412
-8765ac8e 66ea12345678 JMP far ptr 0x7856:0x3412
-8765ac94 ea12345678eabc JMP far ptr 0xbcea:0x78563412
+8765ac8e 66ea12345678 JMPF SUB_0007b972
+8765ac94 ea12345678eabc JMPF 0xbcea:SUB_78563412
- Wrong target offset. It must be truncated to 16 bits because operand size is 16 bits.
-8765abda 66e85aa5 CALL 0x5138
-8765abde 66e8a55a CALL 0x0687
+8765abda 66e85aa5 CALL SUB_87655138
+8765abde 66e8a55a CALL SUB_87650687
-8765ac59 6667e35a JCXZ 0xacb7
-8765ac5d 6667e3a5 JCXZ 0xac06
+8765ac59 6667e35a JCXZ LAB_8765acb5+2
+8765ac5d 6667e3a5 JCXZ LAB_8765ac06
-8765ac67 66e3a5 JECXZ 0xac0f
-8765ac6a 66e35a JECXZ 0xacc7
+8765ac67 66e3a5 JCXZ LAB_8765ac0b+4
+8765ac6a 66e35a JCXZ LAB_8765acc5+2
-8765ac76 66e9a55a JMP near ptr 0x071f
+8765ac76 66e9a55a JMP LAB_8765071f
-8765ac9b 66eb5a JMP short 0xacf8
+8765ac9b 66eb5a JMP LAB_8765acf7+1
-8765acf7 6667e25a LOOPW 0xad55
+8765acf7 6667e25a LOOP LAB_8765ad55
-8765ad05 66e2a5 LOOP 0xacad
+8765ad05 66e2a5 LOOP LAB_8765acad
-8765ad13 6667e1a5 LOOPZW 0xacbc
+8765ad13 6667e1a5 LOOPZ LAB_8765acb9+3
-8765ad1d 66e1a5 LOOPZ 0xacc5
+8765ad1d 66e1a5 LOOPZ LAB_8765acc5
-8765ad2b 6667e0a5 LOOPNZW 0xacd4
+8765ad2b 6667e0a5 LOOPNZ LAB_8765acd4
-8765ad35 66e05a LOOPNZ 0xad92
+8765ad35 66e05a LOOPNZ LAB_8765ad91+1
-8765ace6 667580 JNZ 0xac69
+8765ace6 667580 JNZ LAB_8765ac67+2
- Can't disasm 67 + vmrun/vmload/vmsave
-8765aea6 670f01d8 VMRUN AX
-8765f756 670f01da VMLOAD AX
-8765fc95 670f01db VMSAVE AX
- Wrong 66 + xbegin target address. The rel offset should be sign extended.
-8765aed5 66c7f8a55a XBEGIN 0x8766097f
+8765aed5 66c7f8a55a XBEGIN DAT_8765097f
- Fails to disasm several instructions when VEX.W=1 (it's ignored)
-8765c18e c4e2c8f2d3 ANDN EDX,ESI,EBX
-8765c198 c4e2c8f210 ANDN EDX,ESI,dword ptr [EAX]
-8765c1cd c4e2c8f7d3 BEXTR EDX,EBX,ESI
-8765c1d7 c4e2c8f710 BEXTR EDX,dword ptr [EAX],ESI
-8765c217 c4e2c8f3db BLSI ESI,EBX
-8765c221 c4e2c8f318 BLSI ESI,dword ptr [EAX]
-8765c22b c4e2c8f3d3 BLSMSK ESI,EBX
-8765c235 c4e2c8f310 BLSMSK ESI,dword ptr [EAX]
-8765c244 c4e2c8f3cb BLSR ESI,EBX
-8765c253 c4e2c8f308 BLSR ESI,dword ptr [EAX]
-8765c440 c4e2c8f5d3 BZHI EDX,EBX,ESI
-8765c44f c4e2c8f510 BZHI EDX,dword ptr [EAX],ESI
-8765d38d c4e2cbf6d3 MULX EDX,ESI,EBX
-8765d397 c4e2cbf610 MULX EDX,ESI,dword ptr [EAX]
-8765d733 c4e2cbf510 PDEP EDX,ESI,dword ptr [EAX]
-8765d747 c4e2cbf5d3 PDEP EDX,ESI,EBX
-8765d751 c4e2caf5d3 PEXT EDX,ESI,EBX
-8765d75b c4e2caf510 PEXT EDX,ESI,dword ptr [EAX]
-8765decb c4e3fbf0d3a5 RORX EDX,EBX,0xa5
-8765dedd c4e3fbf0105a RORX EDX,dword ptr [EAX],0x5a
-8765df8b c4e2caf710 SARX EDX,dword ptr [EAX],ESI
-8765df95 c4e2caf7d3 SARX EDX,EBX,ESI
-8765e31d c4e2c9f7d3 SHLX EDX,EBX,ESI
-8765e327 c4e2c9f710 SHLX EDX,dword ptr [EAX],ESI
-8765e386 c4e2cbf710 SHRX EDX,dword ptr [EAX],ESI
-8765e390 c4e2cbf7d3 SHRX EDX,EBX,ESI
- Wrong memory size
-8765c28a 666218 BOUND BX,dword ptr [EAX]
-8765c28d 6218 BOUND EBX,qword ptr [EAX]
+8765c28a 666218 BOUND BX,word ptr [EAX]
+8765c28d 6218 BOUND EBX,dword ptr [EAX]
- Can't disasm encls/enclu/enclv
-8765c83d 0f01cf ENCLS
-8765c840 0f01d7 ENCLU
-8765c843 0f01c0 ENCLV
- Can't disasm endbr64
-8765c84a f30f1efa ENDBR64
- Wrong memory size
-8765cc7d 660f0110 LGDTW fword ptr [EAX]
-8765cc81 0f0110 LGDT fword ptr [EAX]
+8765cc7d 660f0110 LGDT word ptr [EAX]
+8765cc81 0f0110 LGDT dword ptr [EAX]
-8765cc8b 660f0118 LIDTW fword ptr [EAX]
-8765cc8f 0f0118 LIDT fword ptr [EAX]
+8765cc8b 660f0118 LIDT word ptr [EAX]
+8765cc8f 0f0118 LIDT dword ptr [EAX]
-8765e282 660f0100 SGDTW fword ptr [EAX]
-8765e286 0f0100 SGDT fword ptr [EAX]
+8765e282 660f0100 SGDT word ptr [EAX]
+8765e286 0f0100 SGDT dword ptr [EAX]
-8765e3a7 660f0108 SIDTW fword ptr [EAX]
-8765e3ab 0f0108 SIDT fword ptr [EAX]
+8765e3a7 660f0108 SIDT word ptr [EAX]
+8765e3ab 0f0108 SIDT dword ptr [EAX]
- Can't disasm RDPID/RDRAND/RDSEED/RDTSCP
-8765de44 66f30fc7fa RDPID EDX
-8765de4e 660fc7f2 RDRAND DX
-8765de52 0fc7f2 RDRAND EDX
-8765de55 660fc7fa RDSEED DX
-8765de59 0fc7fa RDSEED EDX
-8765de62 0f01f9 RDTSCP
- Can't disasm undocumented
SALC
-8765df58 d6 SALC
-8765df59 66d6 SALC
- Can't access vec regs 8-15 in 16/32-bit mode (ignore that bit)
-8765e8ab c4e3494b10c0 VBLENDVPD XMM2,XMM6,xmmword ptr [EAX],XMM4
+8765e8ab c4e3494b10c0 VBLENDVPD XMM2,XMM6,xmmword ptr [EAX],XMM12
-8765e8c9 c4e34d4b10d0 VBLENDVPD YMM2,YMM6,ymmword ptr [EAX],YMM5
+8765e8c9 c4e34d4b10d0 VBLENDVPD YMM2,YMM6,ymmword ptr [EAX],YMM13
-8765e8e1 c4e3494a10c0 VBLENDVPS XMM2,XMM6,xmmword ptr [EAX],XMM4
+8765e8e1 c4e3494a10c0 VBLENDVPS XMM2,XMM6,xmmword ptr [EAX],XMM12
-8765e8f3 c4e34d4a10d0 VBLENDVPS YMM2,YMM6,ymmword ptr [EAX],YMM5
+8765e8f3 c4e34d4a10d0 VBLENDVPS YMM2,YMM6,ymmword ptr [EAX],YMM13
-8766014e c4e3494c10c0 VPBLENDVB XMM2,XMM6,xmmword ptr [EAX],XMM4
+8766014e c4e3494c10c0 VPBLENDVB XMM2,XMM6,xmmword ptr [EAX],XMM12
-8766015a c4e34d4c10d0 VPBLENDVB YMM2,YMM6,ymmword ptr [EAX],YMM5
+8766015a c4e34d4c10d0 VPBLENDVB YMM2,YMM6,ymmword ptr [EAX],YMM13
- Can't disasm these instructions
-8765eb8c c4e17f2dcd VCVTSD2SI ECX,XMM5
-8765eb91 c4e1fb2dcd VCVTSD2SI ECX,XMM5
-8765ec28 c4e1fa2dcd VCVTSS2SI ECX,XMM5
-8765ec2d c4e17e2dcd VCVTSS2SI ECX,XMM5
-8765ec93 c4e1fb2ccd VCVTTSD2SI ECX,XMM5
-8765ec98 c4e17f2ccd VCVTTSD2SI ECX,XMM5
-8765ecae c4e17e2ccd VCVTTSS2SI ECX,XMM5
-8765ecbb c4e1fa2ccd VCVTTSS2SI ECX,XMM5
- Can't disasm any FMA instruction
-8765edf9 c4e2c998d3 VFMADD132PD XMM2,XMM6,XMM3
-8765ee17 c4e2499810 VFMADD132PS XMM2,XMM6,xmmword ptr [EAX]
-8765ee35 c4c2c99910 VFMADD132SD XMM2,XMM6,qword ptr [EAX]
-8765ee49 c4e24d9910 VFMADD132SS XMM2,XMM6,dword ptr [EAX]
-8765ee5d c4c2c9a810 VFMADD213PD XMM2,XMM6,xmmword ptr [EAX]
-8765ee7b c4e249a810 VFMADD213PS XMM2,XMM6,xmmword ptr [EAX]
-8765ee99 c4e2c9a910 VFMADD213SD XMM2,XMM6,qword ptr [EAX]
-8765eeb2 c4e249a910 VFMADD213SS XMM2,XMM6,dword ptr [EAX]
-8765eec1 c4e2c9b8d3 VFMADD231PD XMM2,XMM6,XMM3
-8765eedf c4e249b810 VFMADD231PS XMM2,XMM6,xmmword ptr [EAX]
-8765eefd c4c2c9b910 VFMADD231SD XMM2,XMM6,qword ptr [EAX]
-8765ef11 c4c249b910 VFMADD231SS XMM2,XMM6,dword ptr [EAX]
-8765ef25 c4e2c99610 VFMADDSUB132PD XMM2,XMM6,xmmword ptr [EAX]
-8765ef43 c4e24996d3 VFMADDSUB132PS XMM2,XMM6,XMM3
-8765ef61 c4e2c9a6d3 VFMADDSUB213PD XMM2,XMM6,XMM3
-8765ef7f c4e249a610 VFMADDSUB213PS XMM2,XMM6,xmmword ptr [EAX]
-8765ef9d c4e2c9b610 VFMADDSUB231PD XMM2,XMM6,xmmword ptr [EAX]
-8765efbb c4c249b610 VFMADDSUB231PS XMM2,XMM6,xmmword ptr [EAX]
-8765efd9 c4e2c99ad3 VFMSUB132PD XMM2,XMM6,XMM3
-8765eff7 c4c2499a10 VFMSUB132PS XMM2,XMM6,xmmword ptr [EAX]
-8765f015 c4c2c99b10 VFMSUB132SD XMM2,XMM6,qword ptr [EAX]
-8765f029 c4e2499bd3 VFMSUB132SS XMM2,XMM6,XMM3
-8765f03d c4e2c9aad3 VFMSUB213PD XMM2,XMM6,XMM3
-8765f05b c4e249aa10 VFMSUB213PS XMM2,XMM6,xmmword ptr [EAX]
-8765f079 c4c2c9ab10 VFMSUB213SD XMM2,XMM6,qword ptr [EAX]
-8765f08d c4e249ab10 VFMSUB213SS XMM2,XMM6,dword ptr [EAX]
-8765f0a1 c4c2c9ba10 VFMSUB231PD XMM2,XMM6,xmmword ptr [EAX]
-8765f0bf c4e249ba10 VFMSUB231PS XMM2,XMM6,xmmword ptr [EAX]
-8765f0dd c4e2c9bb10 VFMSUB231SD XMM2,XMM6,qword ptr [EAX]
-8765f0f1 c4c249bb10 VFMSUB231SS XMM2,XMM6,dword ptr [EAX]
-8765f105 c4c2c99710 VFMSUBADD132PD XMM2,XMM6,xmmword ptr [EAX]
-8765f123 c4c2499710 VFMSUBADD132PS XMM2,XMM6,xmmword ptr [EAX]
-8765f141 c4c2c9a710 VFMSUBADD213PD XMM2,XMM6,xmmword ptr [EAX]
-8765f15f c4c249a710 VFMSUBADD213PS XMM2,XMM6,xmmword ptr [EAX]
-8765f17d c4e2c9b710 VFMSUBADD231PD XMM2,XMM6,xmmword ptr [EAX]
-8765f19b c4c249b710 VFMSUBADD231PS XMM2,XMM6,xmmword ptr [EAX]
-8765f1b9 c4e2c99c10 VFNMADD132PD XMM2,XMM6,xmmword ptr [EAX]
-8765f1d7 c4e2499c10 VFNMADD132PS XMM2,XMM6,xmmword ptr [EAX]
-8765f1f5 c4e2c99dd3 VFNMADD132SD XMM2,XMM6,XMM3
-8765f209 c4e2499d10 VFNMADD132SS XMM2,XMM6,dword ptr [EAX]
-8765f21d c4e2c9acd3 VFNMADD213PD XMM2,XMM6,XMM3
-8765f23b c4e249ac10 VFNMADD213PS XMM2,XMM6,xmmword ptr [EAX]
-8765f259 c4e2cdad10 VFNMADD213SD XMM2,XMM6,qword ptr [EAX]
-8765f26d c4e249add3 VFNMADD213SS XMM2,XMM6,XMM3
-8765f281 c4e2c9bcd3 VFNMADD231PD XMM2,XMM6,XMM3
-8765f29f c4c249bc10 VFNMADD231PS XMM2,XMM6,xmmword ptr [EAX]
-8765f2bd c4c2c9bd10 VFNMADD231SD XMM2,XMM6,qword ptr [EAX]
-8765f2d1 c4c249bd10 VFNMADD231SS XMM2,XMM6,dword ptr [EAX]
-8765f2e5 c4e2c99ed3 VFNMSUB132PD XMM2,XMM6,XMM3
-8765f303 c4e2499ed3 VFNMSUB132PS XMM2,XMM6,XMM3
-8765f321 c4e2c99fd3 VFNMSUB132SD XMM2,XMM6,XMM3
-8765f335 c4c2499f10 VFNMSUB132SS XMM2,XMM6,dword ptr [EAX]
-8765f349 c4e2c9ae10 VFNMSUB213PD XMM2,XMM6,xmmword ptr [EAX]
-8765f367 c4e249aed3 VFNMSUB213PS XMM2,XMM6,XMM3
-8765f385 c4e2c9af10 VFNMSUB213SD XMM2,XMM6,qword ptr [EAX]
-8765f399 c4e249af10 VFNMSUB213SS XMM2,XMM6,dword ptr [EAX]
-8765f3ad c4c2c9be10 VFNMSUB231PD XMM2,XMM6,xmmword ptr [EAX]
-8765f3cb c4c249be10 VFNMSUB231PS XMM2,XMM6,xmmword ptr [EAX]
-8765f3e9 c4e2c9bfd3 VFNMSUB231SD XMM2,XMM6,XMM3
-8765f3fd c4e249bfd3 VFNMSUB231SS XMM2,XMM6,XMM3
- Can't disasm VGATHERQPD/VGATHERQPS
-8765f42d c4e2c99354a101 VGATHERQPD XMM2,qword ptr [ECX + XMM4*0x4 + 0x1],XMM6
-8765f434 c4e2cd9354a101 VGATHERQPD YMM2,qword ptr [ECX + YMM4*0x4 + 0x1],YMM6
-8765f43b c4e2499354a101 VGATHERQPS XMM2,dword ptr [ECX + XMM4*0x4 + 0x1],XMM6
-8765f442 c4e24d9354a101 VGATHERQPS XMM2,dword ptr [ECX + YMM4*0x4 + 0x1],XMM6
- VMCLEAR disasm'd as VMPTRLD
-8765f6bd 660fc730 VMCLEAR qword ptr [EAX]
+8765f6bd 660fc730 VMPTRLD qword ptr [EAX]
- Can't disasm VMOVD
-8765f815 c4e1f96ecd VMOVD XMM1,EBP
-8765f830 c4e1f97ecd VMOVD EBP,XMM1
- Can't disasm VPEXTRB/VPEXTRD/VPEXTRW/VPINSRB/VPINSRD/VPINSRW
-876604ff c4e3f9145001a5 VPEXTRB byte ptr [EAX + 0x1],XMM2,0xa5
-87660519 c4e3f9165001a5 VPEXTRD dword ptr [EAX + 0x1],XMM2,0xa5
-8766052e c4e1f9c5d3a5 VPEXTRW EDX,XMM3,0xa5
-876606ae c4e3c92010a5 VPINSRB XMM2,XMM6,byte ptr [EAX],0xa5
-876606b4 c4e3c92210a5 VPINSRD XMM2,XMM6,dword ptr [EAX],0xa5
-876606cc c4c1c9c410a5 VPINSRW XMM2,XMM6,word ptr [EAX],0xa5
-876606d8 c4e1c9c4d3a5 VPINSRW XMM2,XMM6,EBX,0xa5
-876606e3 c4e1c9c410a5 VPINSRW XMM2,XMM6,word ptr [EAX],0xa5
- Can't disasm VPGATHERQD/VPGATHERQQ
-8766057c c4e2499154a101 VPGATHERQD XMM2,dword ptr [ECX + XMM4*0x4 + 0x1],XMM6
-87660583 c4e24d9154a101 VPGATHERQD XMM2,dword ptr [ECX + YMM4*0x4 + 0x1],XMM6
-8766058a c4e2c99154a101 VPGATHERQQ XMM2,qword ptr [ECX + XMM4*0x4 + 0x1],XMM6
-87660591 c4e2cd9154a101 VPGATHERQQ YMM2,qword ptr [ECX + YMM4*0x4 + 0x1],YMM6
👍1
For completeness, I tested the 16-bit disassembler too.
16-bit code (protected mode):
- Wrong target address
-0010:877c 66e812345aa5 CALL 0xa55abb94
-0010:8782 66e85678a55a CALL 0x5aa5ffde
+0010:877c 66e812345aa5 CALL SUB_a56a_bb94
+0010:8782 66e85678a55a CALL SUB_5ab5_ffde
-0010:8813 66e95678a55a JMP near ptr 0x5aa6006f
+0010:8813 66e95678a55a JMP LAB_5ab6_006f
-0010:8820 66e912345aa5 JMP near ptr 0xa55abc38
+0010:8820 66e912345aa5 JMP LAB_a56a_bc38
- It fails to decode these branches with 66 prefixes
-0010:8859 66ff20 JMP dword ptr [BX + SI]
-0010:8869 66ffe2 JMP EDX
- Can't disasm vmrun
-0010:8a3a 0f01d8 VMRUN AX
-0010:8a3d 670f01d8 VMRUN EAX
- Wrong target offset
-0010:8a6b 66c7f85aa51234 XBEGIN 0x34132fcc
-0010:8a72 66c7f8a56789ab XBEGIN 0xab89f21e
+0010:8a6b 66c7f85aa51234 XBEGIN DAT_3423_2fcc
+0010:8a72 66c7f8a56789ab XBEGIN DAT_ab99_f21e
- Can't disasm crc32 and it can be disasm'd as movbe
-0010:a4db f20f38f0ce CRC32 ECX,DH
-0010:a4e0 f20f38f018 CRC32 EBX,byte ptr [BX + SI]
+0010:a4db -> 0010:a4df [UNDEFINED BYTES REMOVED]
+0010:a4e0 f20f38f018 MOVBE BX,word ptr [BX + SI]
- Can't disasm these (same as in 32-bit mode)
-0010:a636 0f01cf ENCLS
-0010:a639 0f01d7 ENCLU
-0010:a63c 0f01c0 ENCLV
-0010:a643 f30f1efa ENDBR64
-0010:bc0f f30fc7fa RDPID EDX
-0010:bc1d 0fc7f2 RDRAND DX
-0010:bc20 660fc7f2 RDRAND EDX
-0010:bc24 0fc7fa RDSEED DX
-0010:bc27 660fc7fa RDSEED EDX
-0010:bc31 0f01f9 RDTSCP
-0010:d494 660fc730 VMCLEAR qword ptr [BX + SI]
+0010:d494 660fc730 VMPTRLD qword ptr [BX + SI]
-0010:d52d 0f01da VMLOAD AX
-0010:da6c 0f01db VMSAVE AX
- Can't disasm INVPCID
-0010:aa1f 660f388210 INVPCID EDX,oword ptr [BX + SI]
- Can't disasm LZCNT/TZCNT
-0010:ab59 f30fbdce LZCNT CX,SI
-0010:ab5d f30fbd18 LZCNT BX,word ptr [BX + SI]
+0010:ab59 f30fbdce BSR CX,SI
+0010:ab5d f30fbd18 BSR BX,word ptr [BX + SI]
-0010:c341 f30fbc18 TZCNT BX,word ptr [BX + SI]
-0010:c345 f30fbcce TZCNT CX,SI
+0010:c341 f30fbc18 BSF BX,word ptr [BX + SI]
+0010:c345 f30fbcce BSF CX,SI
- Can't disasm MOVBE
-0010:af6c 660f38f018 MOVBE EBX,dword ptr [BX + SI]
-0010:af75 660f38f118 MOVBE dword ptr [BX + SI],EBX
- Can't disasm MOVNTI
-0010:b003 0fc318 MOVNTI dword ptr [BX + SI],EBX
- Can't disasm VMFUNC/VMREAD/VMWRITE
-0010:d498 0f01d4 VMFUNC
-0010:da66 0f7818 VMREAD dword ptr [BX + SI],EBX
-0010:da69 0f78ce VMREAD ESI,ECX
-0010:db05 0f79ce VMWRITE ECX,ESI
-0010:db08 0f7918 VMWRITE EBX,dword ptr [BX + SI]
👍1
There's a lot of bugs/issues here to address. Thanks for submitting!
GhidorahRex
on 28 Jul 2020
@0xd4d we've seen the list and hope to address them all soon. It is a very thorough and long list!
There have been some fixes in this area coming, and we need to parse which ones are left. For example, the correct register operands for many instructions on 64-bit x86 processors have been fixed in master.
emteere
on 30 Aug 2020
❤2
Was this page helpful?
0 / 5 - 0 ratings
Related issues
pd0wm
路
3Comments
lab313ru
路
3Comments
toor-de-force
路
3Comments
CalcProgrammer1
路
3Comments
loudinthecloud
路
3Comments
Most helpful comment
@0xd4d we've seen the list and hope to address them all soon. It is a very thorough and long list!
There have been some fixes in this area coming, and we need to parse which ones are left. For example, the correct register operands for many instructions on 64-bit x86 processors have been fixed in master.