FMI: https://www.openrce.org/blog/view/1115/Another_incorrect_disassembly
btw seems that most of fpu opcodes are affected by this bug. not only fadd :) On Wed, Apr 09, 2008 at 11:10:12AM +0200, pancake wrote: > Gadix point me to a wrong disassembly of a certain opcode on x86 which makes > two different bytes show the same opcode. Which is incorrect. > > I found the point in udis86, coz gnu disasm for intel does it properly. > > This happens to be used in the Hispasec crackme. > > Here's the info of the bug: > > The bytes: > > [0x00000000]> :x 4 > dcc0 d8c0 > > > Using GNU objdump: > > [0x00000000]> pd 4 > 0: dc c0 fadd st(0),st > 2: d8 c0 fadd st,st(0) > > Using udis86: > > [0x00000000]> pD 4 > 0x00000000 dcc0 fadd st0, st0 > 0x00000002 d8c0 fadd st0, st0 > 0x00000004 41 inc ecx > > > PD: Looks like ollydbg and IDA's disassembler does it wrong too :) > > I have notified the udis86 author, so I hope to have this fixed in radare > today or so :) > > > Have fun! > _______________________________________________ > radare mailing list > [email protected] > http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org > _______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
