From 231388d6fc1f49b3b8181cdcd347755ea087fd39 Mon Sep 17 00:00:00 2001
From: _xeroxz <xerox@back.engineering>
Date: Tue, 1 Jun 2021 22:27:58 -0700
Subject: [PATCH] fixed an issue in LRFLAGS profile

---
 src/vmprofiles/lflags.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/vmprofiles/lflags.cpp b/src/vmprofiles/lflags.cpp
index ded18a8..5b84ef6 100644
--- a/src/vmprofiles/lflags.cpp
+++ b/src/vmprofiles/lflags.cpp
@@ -23,7 +23,9 @@ namespace vm
                     []( const zydis_decoded_instr_t &instr ) -> bool {
                         return instr.mnemonic == ZYDIS_MNEMONIC_ADD &&
                                instr.operands[ 0 ].type == ZYDIS_OPERAND_TYPE_REGISTER &&
-                               instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP;
+                               instr.operands[ 0 ].reg.value == ZYDIS_REGISTER_RBP &&
+                               instr.operands[ 1 ].type == ZYDIS_OPERAND_TYPE_IMMEDIATE &&
+                               instr.operands[ 1 ].imm.value.u == 0x8;
                     },
                     // POPFQ
                     []( const zydis_decoded_instr_t &instr ) -> bool {