First, technically it is an error to use the lock prefix when the destination
is a register. However, distorm does decompose the byte streams that result in
this and does not set FLAG_LOCK.
Also, it does appear that some older processors may have allowed the lock
prefix on these instructions without throwing an exception. Modern processors
will throw an exception.
In what mode did you try to disassemble (16/32/64)?
32 and 64bit
What is the input buffer (binary stream) you used to reproduce the problem?
f093 lock xchg eax, ebx
f089d8 lock mov eax, ebx
f0ffc0 lock inc eax
What is the expected output (or what instruction)?
1 of 2 things:
1) I would expect FLAG_LOCK to be set.
-OR-
2) fail to disassemble
Which tool did you use to see the expected output?
ndisasm will display these as shown above. (BTW, these also compile with nasm
and yasm. Haven't tried other compilers.)
What do you see instead?
Since FLAG_LOCK is not set, Decode shows the instruction without the lock
prefix, even though the byte sequence will contain f0 showing there is a prefix.
What version of diStorm are you using? On what platform (Python/EXE/other)?
distorm 3.3 on Linux, using python interface
Please provide any additional information below.
Original issue reported on code.google.com by
mnor...@cerodias.comon 15 Aug 2013 at 2:31