Open
Description
if we do push rsp operand info tells us that we push rsp to [rsp] however, it should be [rsp-8(size)].
https://www.felixcloutier.com/x86/push
IA-32 Architecture Compatibility ¶
For IA-32 processors from the Intel 286 on, the PUSH ESP instruction pushes the value of the ESP register as it existed before the instruction was executed. (This is also true for Intel 64 architecture, real-address and virtual-8086 modes of IA-32 architecture.) For the Intel® 8086 processor, the PUSH SP instruction pushes the new value of the SP register (that is the value after it has been decremented by 2).
mov rsp, 0x1008
push rsp
is [0x1000] = 0x1008 and not [0x1000] = 0x1000
ZydisInfo.exe -64 -64 56
== [ BASIC ] ============================================================================================
MNEMONIC: push [ENC: DEFAULT, MAP: DEFAULT, OPC: 0x56]
LENGTH: 1
SSZ: 64
EOSZ: 64
EASZ: 64
CATEGORY: PUSH
ISA-SET: I86
ISA-EXT: BASE
EXCEPTIONS: NONE
OPTIMIZED: 56
== [ OPERANDS ] ============================================================================================
## TYPE VISIBILITY ACTION ENCODING SIZE NELEM ELEMSZ ELEMTYPE VALUE
-- --------- ---------- ------ ------------ ---- ----- ------ -------- ---------------------------
0 REGISTER EXPLICIT R OPCODE 64 1 64 INT rsi
1 REGISTER HIDDEN RW NONE 64 1 64 INT rsp
2 MEMORY HIDDEN W NONE 64 1 64 INT TYPE = MEM
SEG = ss
BASE = rsp
INDEX = none
SCALE = 0
DISP = 0x0000000000000000
-- --------- ---------- ------ ------------ ---- ----- ------ -------- ---------------------------
== [ ATT ] ============================================================================================
ABSOLUTE: push %rsi
RELATIVE: push %rsi
== [ INTEL ] ============================================================================================
ABSOLUTE: push rsi
RELATIVE: push rsi
== [ SEGMENTS ] ============================================================================================
56
:..OPCODE
Activity