rdtsc (read timestamp counter) broken
Closed this issue · 4 comments
brandonros commented
{
"i": 53,
"x64dbgLine": {
"rawLine": {
"Index": "00035",
"Address": "0000000144FF95A0",
"Bytes": "0F31",
"Disassembly": "rdtsc ",
"Registers": "rax: 100000FDFF-> E6668424 rdx: 0-> 1BC2B",
"Memory": "",
"Comments": ""
},
"rip": "144ff95a0",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "100000fdff",
"newValue": "e6668424"
},
{
"registerName": "rdx",
"previousValue": "0",
"newValue": "1bc2b"
}
],
"memoryChanges": []
},
"scemuLine": {
"rawLine": "diff_reg: rip = 144ff95a0 rax 100000fdff -> 0;",
"rip": "144ff95a0",
"registerChanges": [
{
"registerName": "rax",
"previousValue": "100000fdff",
"newValue": "0"
}
],
"memoryChanges": []
},
"instructionErrors": [
{
"index": 0,
"message": "newValue mismatch",
"x64dbg": "e6668424",
"scemu": "0"
},
{
"index": 1,
"message": "unmatchedRegisterChange mismatch (x64dbg but not scemu)",
"x64dbg": "rdx"
}
]
},
brandonros commented
Mnemonic::Rdtsc => {
self.show_instruction(&self.colors.red, &ins);
// TODO: actually mock a timestamp?
self.regs.rdx = 0x1BC2B;
self.regs.rax = 0xE6668424;
}
this will work for DTS9_PatcherV but the next instruction flags are off
do we need to do set_operand_value instead of setting self.regs directly because otherwise flags will not update?
sha0coder commented
set_operand_value don't update flags, because its also used by instructions that don't update flags.
rdtsc is used for malwares as an anti-analisis, reads TSC which is the bus cycle, it would be nice figure out how to emulate it.
measuring the cpu cicles of every instruction is huge work.
bus cycle is updated every n x cpu cycle.
brandonros commented
we're just going to mock it for now/hardcode it