From 0782a63eac4c4a9fb20752062f08eae2aea42a2a Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Thu, 19 Aug 2021 19:15:16 -0700 Subject: [PATCH] fixed a small bug v2 lol --- include/transform.hpp | 5 ----- src/vminstrs.cpp | 4 +++- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/include/transform.hpp b/include/transform.hpp index 2b5e875..5ada35a 100644 --- a/include/transform.hpp +++ b/include/transform.hpp @@ -157,11 +157,6 @@ namespace vm::transform return _byteswap_ulong( a ); if constexpr ( std::is_same_v< T, std::uint16_t > ) return _byteswap_ushort( a ); - // XCHG AL, AH... the size will be "8 bits" because it only - // looks at the first operand but this is truly a "BSWAP 16"... - // which btw: BSWAP on 16bit registers isnt a thing... - if constexpr ( std::is_same_v< T, std::uint8_t > ) - return _byteswap_ushort( a ); throw std::invalid_argument( "invalid type size..." ); }; diff --git a/src/vminstrs.cpp b/src/vminstrs.cpp index 6dcc60d..cfeb235 100644 --- a/src/vminstrs.cpp +++ b/src/vminstrs.cpp @@ -15,7 +15,9 @@ namespace vm::instrs if ( generic_decrypt_0.mnemonic != ZYDIS_MNEMONIC_INVALID ) { operand = transform::apply( - generic_decrypt_0.operands[ 0 ].size, generic_decrypt_0.mnemonic, operand, + /* this is a hot patch for generic0 transformations which bswap 16bit operands... (they xchg)... */ + generic_decrypt_0.mnemonic == ZYDIS_MNEMONIC_XCHG ? 16 : generic_decrypt_0.operands[ 0 ].size, + generic_decrypt_0.mnemonic, operand, // check to see if this instruction has an IMM... transform::has_imm( &generic_decrypt_0 ) ? generic_decrypt_0.operands[ 1 ].imm.value.u : 0 ); }