2017-11-21 14:30 CET

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000219Cheat Enginepublic2013-08-19 15:45
ReporterMJavad 
Assigned ToDark Byte 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusfeedbackResolutionreopened 
Summary0000219: Disassembler: Wrong asm
Descriptioni found a wrong disassembly output on this Opcode:
Opcode: 83 3C C8 FE
Output: cmp dword ptr [eax+ecx*8],FE
True: cmp dword ptr [eax+ecx*8],FFFFFFFE
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0000470

ablonevn (reporter)

@MJavad: no, it is right, the second operand for 83 opcode must be imm8, that mean only one byte is allowed. with following form: CMP r/m32,imm8

~0000471

Dark Byte (developer)

the correct one is "cmp dword ptr [eax+ecx*8],-02" which is what ce shows in the svn now

~0000575

MJavad (reporter)

Last edited: 2013-08-19 15:47

Both of you are wrong
According to Intel® 64 and IA-32 Architectures Software Developer's Manual

Volume 2, 3.1.1.3:
    imm8 — An immediate byte value. The imm8 symbol is a signed number between
    –128 and +127 inclusive. For instructions in which imm8 is combined with
    a word or doubleword operand, the immediate value is signextended to
    form a word or doubleword.

Volume 2, 3.2, CMP:
    ... When an immediate value is used as an operand, it is sign-extended
    to the length of the first operand.

Btw, I found this bug on some other instuctions like PUSH
Volume 2, 4.2, PUSH:
    If the source operand is an immediate and its size is less than the
    operand size, a sign-extended value is pushed on the stack.

And from Volume 2, 4.2, PUSH ,again, The D flag in the current code-segment
descriptor determines the default operand size; it may be overridden by instruction
prefixes

Volume 1, 3.3.5:
    When operating in protected mode, the segment descriptor for the currently
    executing code segment defines the default address and operand size.

And from Table 3-3 in Volume 1, 3.6 when D flag from segment descriptor
is set (which is usually set by 32-bit compilers) default operand size is 32-bit.
    
For 64-bit(its a little confusing):
Volume 1, 3.4.1.1:
    In 64-bit mode, ... the default operand size is 32 bits. (it is because of
    the D flag which only can be set or unset (16 or 32))

But don't get it wrong
Volume 2, 2.2.1.7:
    In 64-bit mode, two groups of instructions have a default operand size
    of 64 bits (do not need a REX prefix for this operand size). These are:
    • Near branches (CALL, RET, JCC, JCXZ, JMP, and LOOP)
    • All instructions, except far branches, that implicitly reference the RSP

+Notes

-Issue History
Date Modified Username Field Change
2013-01-30 11:44 MJavad New Issue
2013-01-30 16:59 ablonevn Note Added: 0000470
2013-01-30 18:59 Dark Byte Note Added: 0000471
2013-01-30 18:59 Dark Byte Status new => resolved
2013-01-30 18:59 Dark Byte Resolution open => fixed
2013-01-30 18:59 Dark Byte Assigned To => Dark Byte
2013-08-19 15:45 MJavad Note Added: 0000575
2013-08-19 15:45 MJavad Status resolved => feedback
2013-08-19 15:45 MJavad Resolution fixed => reopened
2013-08-19 15:47 MJavad Note Edited: 0000575
2013-08-19 15:47 MJavad Note Edited: 0000575
+Issue History