ARM Instruction Encoding E1F322D1 Seems to be Incorrectly Disassembled

Question

ARM Instruction Encoding E1F322D1 Seems to be Incorrectly Disassembled

uxmal opened this issue 9 years ago · 3 comments

I'm preparing to integrate Capstone.NET into the Reko decompiler to replace the only partially completed ARM disassembler in Reko. The unit tests for the old ARM disassembler had captured that the opcode E1F322D1 disassembles to:

ldrsb r2, [r3, #33]!

The offset 33 is 0x21 in hexadecimal.

When I run the unit tests using the Capstone.NET I get instead:

ldrsb r2,[r3,#&221]!

Notice how the offset is 0x221. I've confirmed with others that the offset should indeed be 0x021.

When I run the instruction through the (native) Capstone test executable, it returns 0x21 as expected.

0x102c: ldrsb   r2, [r3, #0x21]!
        op_count: 2
                operands[0].type: REG = r2
                operands[1].type: MEM
                        operands[1].mem.base: REG = r3
                        operands[1].mem.disp: 0x21
                Subtracted: True
        Write-back: True

When I do the same with the Capstone.NET executable, I get the following:

102C:    ldrsb   r2, [r3, #0x21]!
         Id = LDRSB
         CPS Flag = Invalid
         CPS Mode = Invalid
         Code Condition = AL
         Load User Mode Registers? False
         Memory Barrier = Invalid
         Operand Count: 2
                 Register = R2
                         Is Subtracted? = False
                         Shifter = -->
                                 Type = Invalid
                                 Value = 0
                         Vector Index = -1
                 Memory = -->
                         Base Register = R3
                         Displacement = 221
                         Index Register = Invalid
                         Index Register Scale = 1

                         Is Subtracted? = True
                         Shifter = -->
                                 Type = Invalid
                                 Value = 0
                         Vector Index = -1
         Update Flags? False
         Vector Data Type = Invalid
         Vector Size= 0
         Write Back? True

Notice how the displacement is 0x221, which is incorrect.

Answer 1 · 2015-08-11T20:28:31.000Z

I confirm this is a bug. Will take a look and resolve ASAP.

Answer 2 · 2015-08-12T00:31:18.000Z

I actually jumped to a conclusion here. This looks like a bug in Capstone 3.0.1. If you upgrade to the latest version of Capstone, Capstone 3.0.4, you will find the Displacement is correctly 0x21. Make sure that you are referencing the correct version of Capstone in the .NET application. If you download Capstone.NET 1.2, you should find that Capstone 3.0.4 is bundled with it. Please confirm and let me know.

Answer 3 · 2015-08-12T06:06:26.000Z

Indeed, the new capstone.dll binary was the fix. It's regrettable that capstone.dll doesn't have a version number -- we would have caught the error much sooner.