On 7/8/24 18:48, Borislav Petkov wrote:
On Mon, Jul 08, 2024 at 11:49:24AM -0000, tip-bot2 for Alexandre Chartre wrote:4c 8b 24 25 e0 ff ff mov 0xffffffffffffffe0,%r12Right, this is missing a "ff" which is the 4th byte of a disp32. I.e., ModRM=0, SIB=5 simply means that what follows is a disp32 field: REX: 0x4c { 4 [w]: 1 [r]: 1 [x]: 0 [b]: 0 } Opcode: 0x8b ModRM: 0x24 [mod:0b][.R:1b,reg:1100b][.B:0b,r/m:100b] register-indirect mode, offset 0 SIB: 0x25 [.B:0b,base:101b][.X:0b,idx:100b][scale: 0] MOV Gv,Ev; MOV reg{16,32,64} reg/mem{16,32,64} 0: 4c 8b 24 25 e0 ff ff mov 0xffffffffffffffe0,%r12 7: ff
Ah! Right. I regularly got tricked when the opcode is output on two lines :-( Sorry. alex.
|