binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

"push r16" not correctly lifted in x86 (32 bits)

Open themaks opened this issue 3 years ago • 3 comments

On x86 (32 bits mode), disassembling the opcodes 66 53 66 5B, binary ninja outputs the following disassembly:

00000000  6653               push    bx {var_4}
00000002  665b               pop     bx

which is correct; however, the lifted IL is not :

   0 @ 00000000  push(zx.d(bx))
   1 @ 00000002  bx = pop.w

Indeed, it should read instead :

   0 @ 00000000  push(bx)  // OperandSize == 16
   1 @ 00000002  bx = pop.w

The 0x66 prefix is correctly interpreted for the pop operation (since it operates on 16 bits), but not forthe push operation.

Binary Ninja Version: 3.0.3280-dev Personal, 8291c569 Platform: Windows 10 Version 2009

themaks avatar Mar 08 '22 15:03 themaks

I can confirm this bug. The related code is here: https://github.com/Vector35/arch-x86/blob/master/il.cpp#L2819-L2834. For push bx instruction, stackAdjustment is 4 and opOneLen is 2. This is unexpected, since stackAdjustment should really be 2. Seems like a xed bug

xusheng6 avatar Apr 07 '23 12:04 xusheng6

Filed upstream bug report: https://github.com/intelxed/xed/issues/319

xusheng6 avatar Jan 22 '24 04:01 xusheng6

I have removed the milestone for this issue because it depends on an upstream issue, so I cannot really do much for it

xusheng6 avatar May 02 '24 04:05 xusheng6