05-09-2021, 02:41 PM
对比了一下代码,发现是capstone反汇编movs系列指令的问题。
代码:
bits 32
repne movsd ; capstone misses repne
db 0x66, 0xa5 ; movsw
db 0xf3, 0x66, 0xa5 ; rep movsw
db 0x66, 0xf3, 0xa5 ; capstone says rep movsd
db 0x66, 0xf3, 0xa4 ; rep movsb, capstone doesn't show o16/data16
; ndisasm -b 32 movs
; 00000000 F2A5 repne movsd
; 00000002 66A5 movsw
; 00000004 F366A5 rep movsw
; 00000007 66F3A5 rep movsw
; 0000000A 66F3A4 rep o16 movsb
; $ objdump -d movs.o
;
; 00000000 <.text>:
; 0: f2 a5 repnz movsl %ds:(%esi),%es:(%edi)
; 2: 66 a5 movsw %ds:(%esi),%es:(%edi)
; 4: f3 66 a5 rep movsw %ds:(%esi),%es:(%edi)
; 7: 66 f3 a5 rep movsw %ds:(%esi),%es:(%edi)
; a: 66 f3 a4 data16 rep movsb %ds:(%esi),%es:(%edi)
; $ llvm-objdump -d movs.o
;
; 00000000 <.text>:
; 0: f2 a5 repne movsl (%esi), %es:(%edi)
; 2: 66 a5 movsw (%esi), %es:(%edi)
; 4: f3 66 a5 rep movsw (%esi), %es:(%edi)
; 7: 66 f3 a5 rep movsw (%esi), %es:(%edi)
; a: 66 f3 a4 rep movsb (%esi), %es:(%edi)