bsf (bit scan forward) broken

Question

bsf (bit scan forward) broken

brandonros opened this issue 2 years ago · 12 comments

{
    "i": 70,
    "x64dbgLine": {
      "rawLine": {
        "Index": "00046",
        "Address": "0000000144FF95E9",
        "Bytes": "49:0FBCED",
        "Disassembly": "bsf rbp,r13",
        "Registers": "",
        "Memory": "",
        "Comments": ""
      },
      "rip": "144ff95e9",
      "registerChanges": [],
      "memoryChanges": []
    },
    "scemuLine": {
      "rawLine": "diff_reg: rip = 144ff95e9 rbp 7ffe0624 -> 3f;",
      "rip": "144ff95e9",
      "registerChanges": [
        {
          "registerName": "rbp",
          "previousValue": "7ffe0624",
          "newValue": "3f"
        }
      ],
      "memoryChanges": []
    },
    "instructionErrors": [
      {
        "index": 0,
        "message": "unmatchedRegisterChange mismatch (scemu but not x64dbg)",
        "scemu": "rbp"
      }
    ]
  },

sha0coder commented 2 years ago

yep

brandonros commented 2 years ago

fixed

Answer 1 · 2022-10-02T19:49:22.000Z

https://www.felixcloutier.com/x86/bsf

Answer 2 · 2022-10-02T19:49:45.000Z

rbp = 0x000000007FFE06B2

r13 = 0x0000000000000000

Answer 3 · 2022-10-02T19:50:21.000Z

=>r rbp
rbp: 0x7ffe0624
=>r r13
r13: 0x0 0
=>
71 0x144ff95e9: bsf rbp,r13
=>r rbp
rbp: 0x3f
=>

Answer 4 · 2022-10-02T19:51:33.000Z

current algorithm:

                let mut bitpos: u8 = 0;
                let mut dest: u64 = 0;
                 
                while bitpos < sz && get_bit!(src, bitpos) == 0 {
                    dest += 1;
                    bitpos += 1;
                }  
                if dest > 0 {
                    dest -= 1;
                }     
                          
                if dest == sz as u64 {
                    self.flags.f_cf = true;
                } else {
                    self.flags.f_cf = false;
                }

                if dest == 0 {
                    self.flags.f_zf = true;
                } else {
                    self.flags.f_zf = false;
                }

Answer 5 · 2022-10-02T19:56:52.000Z

manual pseudocode
https://www.felixcloutier.com/x86/bsf

Answer 6 · 2022-10-02T20:03:14.000Z

in scemu rbp: 7ffe0624 -> 3f
but what is on x64dbg?

Answer 7 · 2022-10-02T20:03:24.000Z

no change, leave rbp alone

Answer 8 · 2022-10-02T20:03:43.000Z

oddly enough x64dbg also not seeing zf flag

Answer 9 · 2022-10-02T20:05:50.000Z

Mnemonic::Bsf => {
                self.show_instruction(&self.colors.green, &ins);
                assert!(ins.op_count() == 2);

                let src = match self.get_operand_value(&ins, 1, true) {
                    Some(v) => v,
                    None => return,
                };

                println!("bsf: src = {:x}", src);

                if src == 0 {
                    self.flags.f_zf = true;
                    println!("/!\\ bsf src == 0 is undefined behavior");
                } else {
                    let sz = self.get_operand_sz(&ins, 0);
                    let mut bitpos: u8 = 0;
                    let mut dest: u64 = 0;

                    while bitpos < sz && get_bit!(src, bitpos) == 0 {
                        dest += 1;
                        bitpos += 1;
                    }
                    if dest > 0 {
                        dest -= 1;
                    }

                    if dest == sz as u64 {
                        self.flags.f_cf = true;
                    } else {
                        self.flags.f_cf = false;
                    }

                    if dest == 0 {
                        self.flags.f_zf = true;
                    } else {
                        self.flags.f_zf = false;
                    }

                    if !self.set_operand_value(&ins, 0, dest) {
                        return;
                    }
                }
            }

so we are good if we do this i guess

Answer 10 · 2022-10-02T20:08:42.000Z

sha0coder commented 2 years ago