lifting-bits
Lifting a long jump
Hello all,
When lifting a jmp far instruction, e.g.
ea 5f b9 15 77 33 00 jmp far 0x33:0x7715b95f
remill will crash at instruction decoding because it rejects an operand of of "name" XED_OPERAND_PTR.
Such an instruction will modify CS and RIP so to support this instruction, I think that an approach is to parse the operand to get these values.
Do you know how to parse these values, i.e. segment register and immediate value, using xed? Or is the another approach which is more "remill"?
Many thanks for any response.
Looks like we need to add support for XED_OPERAND_PTR to Remill. Once we add support for decoding that operand kind, then I think the right way to handle a far jump/call/return in semantics is via a __remill_async_hyper_call. So the semantics would probably take in a 16-bit segment value, which we would place into cs, it would take in a 64-bit target PC, which would get placed into rip, and then the hyper call name would be set, with different ones for each of jmp/call/ret. This means that a decoded XED_OPERAND_PTR will expand into two Remill instruction Operands.
