keystone-engine/keystone

python : mov reg,qword ptr [XXX] error

IcEy-999 opened this issue · 0 comments

import keystone import capstone HEX2ASM = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64 ) ASM2HEX = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_64 ) ASM2HEX.syntax = keystone.KS_OPT_SYNTAX_INTEL asm = """ mov qword ptr ds:[0x14000d250],rcx """ byte,con = ASM2HEX.asm(asm,addr = 0x1400ef00a) for b in byte: print("%02x "%b,end="") print("") bytess = bytes(byte) dis = HEX2ASM.disasm_lite(bytess, offset=0x1400ef00a) for insn in dis: print("%x "%insn[0],end="") print("%s "%insn[2],end="") print("%s"%insn[3])

OUT:
48 89 0d 3f e2 f1 ff 1400ef00a mov qword ptr [rip - 0xe1dc1], rcx
This is not an error.
0x1400ef00a - 0xe1dc1 + 0x7 = 0x14000d250

BUT:
asm = """ mov rcx,qword ptr ds:[0x14000d250] """

OUT:
48 8b 0d 50 d2 00 40 1400ef00a mov rcx, qword ptr [rip + 0x4000d250]

0x1400ef00a + 0x4000d250 + 0x7 != 0x14000d250