Triton: x64 instruction processing problem

Hi, I am trying to handle sub rsp, 0x28h instruction. I’ve setup architecture using api->setArchitecture(arch::ARCH_X86_64); to be x64 before calling the code below:

tritonInst->clear();
tritonInst->setOpcode((uint8*)"\x48\x83\xec\x28", 4); // sub rsp, 0x28h.
tritonInst->setSize(4);
tritonInst->setAddress(pc); // pc actually has this sub rsp,0x28h opcode but I explicitly defined it in setOpcode below just to make sure we are processing the right opcode.
tritonInst->setThreadId((triton::uint32)threadID);
if (!api->processing(*tritonInst))
        dr_printf("not supported!\n");

Output: not supported!

Is there some API to better understand why it is happening ?

I tried to print disassembly using the following code:

api->disassembly(*tritonInst);
printf("disas = %s\n", tritonInst->getDisassembly().c_str());

Output: sub

Then, I am trying to debug and printing all registers:

[>] concretizeAndSetAllRegisters ENTER rax [>] getCurrentRegisterValue ENTER [<] getCurrentRegisterValue EXIT zmm30 [>] getCurrentRegisterValue ENTER [!] tracer::pintool::context::getCurrentRegisterValue(): Invalid register: zmm30

zmm30 looks very strange and I am not sure whether this is related or not…

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 29 (10 by maintainers)

Most upvoted comments

Ok, I am having this problem when capstone.dll is dynamically linked with triton.dll. When I link capstone statically with triton everything works fine. Thank you everyone, problem solved ! 😃

mxmssh on Nov 6, 2018

This is what I get with my build in master. I compiled Triton and all the dependencies with VS2013 x64

0xdead: sub rsp, 0x28
        SymExpr 0: (define-fun ref!0 () (_ BitVec 64) (bvsub (_ bv0 64) (_ bv40 64))) ; SUB operation
        SymExpr 1: (define-fun ref!1 () (_ BitVec 1) (ite (= (_ bv16 64) (bvand (_ bv16 64) (bvxor ref!0 (bvxor (_ bv0 64) (_ bv40 64))))) (_ bv1 1) (_ bv0 1))) ; Adjust flag
        SymExpr 2: (define-fun ref!2 () (_ BitVec 1) ((_ extract 63 63) (bvxor (bvxor (_ bv0 64) (bvxor (_ bv40 64) ref!0)) (bvand (bvxor (_ bv0 64) ref!0) (bvxor (_ bv0 64) (_ bv40 64)))))) ; Carry flag
        SymExpr 3: (define-fun ref!3 () (_ BitVec 1) ((_ extract 63 63) (bvand (bvxor (_ bv0 64) (_ bv40 64)) (bvxor (_ bv0 64) ref!0)))) ; Overflow flag
        SymExpr 4: (define-fun ref!4 () (_ BitVec 1) (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (bvxor (_ bv1 1) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv0 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv1 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv2 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv3 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv4 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv5 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv6 8)))) ((_ extract 0 0) (bvlshr ((_ extract 7 0) ref!0) (_ bv7 8))))) ; Parity flag
        SymExpr 5: (define-fun ref!5 () (_ BitVec 1) ((_ extract 63 63) ref!0)) ; Sign flag
        SymExpr 6: (define-fun ref!6 () (_ BitVec 1) (ite (= ref!0 (_ bv0 64)) (_ bv1 1) (_ bv0 1))) ; Zero flag
        SymExpr 7: (define-fun ref!7 () (_ BitVec 64) (_ bv57009 64)) ; Program Counter

illera88 on Nov 5, 2018