On Mon, 2017-05-08 at 13:42 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 08:33:46PM -0700, Ricardo Neri wrote:
> > This is the reason I check the value of long_bytes. If long_bytes is not
> > 4, being the only other possible value 8 (perhaps I need to issue an
> > error when the value is
On Sun, 2017-05-07 at 19:20 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 06:29:59PM -0700, Ricardo Neri wrote:
> > > if (X86_MODRM_MOD(insn->modrm.value) == 0 &&
> > > X86_MODRM_RM(insn->modrm.value) == 5)
> > >
> > > looks more understandable to me.
> >
> > Should I go with !
On Fri, 2017-05-05 at 19:28 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 03:52:41PM -0700, Ricardo Neri wrote:
> > Probably insn_get_seg_base() itself can verify if there are segment
> > override prefixes in the struct insn. If yes, use them except for
> > specific cases such as CS.
>
>
On Fri, 2017-05-05 at 19:19 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 03:37:44PM -0700, Ricardo Neri wrote:
> > I need a human-readable way of identifying what segment selector (in
> > pt_regs, vm86regs or directly reading the segment registers) to use.
> > Since there is a segment ov
On Thu, 2017-05-04 at 13:02 +0200, Borislav Petkov wrote:
> On Wed, Apr 26, 2017 at 02:51:56PM -0700, Ricardo Neri wrote:
> > > > +seg >=
> > > > current->active_mm->context.ldt->size)) {
> > >
> > > ldt->size is the size of the descriptor table but you've shifted seg
