Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem when disassembling raw data #4

Open
shahrilnet opened this issue May 26, 2019 · 0 comments
Open

Problem when disassembling raw data #4

shahrilnet opened this issue May 26, 2019 · 0 comments

Comments

@shahrilnet
Copy link

shahrilnet commented May 26, 2019

pydis threw an exception error when disassembling raw data.

Example:
0x66, 0x8C, 0x31, 0xC0

Expected Output:

db 0x66
db 0x8c
xor eax, eax

Pydis Output:

Traceback (most recent call last):
  File "test.py", line 6, in <module>
    for instruction in pydis.decode(instructions, instruction_pointer):
  File "/home/shahril/.local/lib/python3.7/site-packages/pydis/decoder.py", line 71, in decode
    raise Exception(f'Failed while decoding: {status.name}')
Exception: Failed while decoding: BadRegister

Looking at the code here, decoder.py#L62, pydis quickly break if decoder returns !success.

However, official ZydisDisasm tool treated the "invalid" instruction as raw data, as shown here: https://github.com/zyantific/zydis/blob/326d1fb586630adfcad9491b9c440425c31ed0e3/tools/ZydisDisasm.c#L139


A hackish way I found to handle this problem is by using try...except:

import pydis

instructions = b"\x66\x8C\x31\xC0"
instruction_pointer = 0x007FFFFFFF400000

offset = 0

while True:
    try:
        if offset >= len(instructions):
            break
        for instr in pydis.decode(instructions[offset:], instruction_pointer):
            offset += instr.length
            print(instr)
        if offset < len(instructions):
            raise Exception()
    except:
        print(f"db 0x{instructions[offset]:02x}")
        offset += 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant