Gadix point me to a wrong disassembly of a certain opcode on x86 which makes two different bytes show the same opcode. Which is incorrect.
I found the point in udis86, coz gnu disasm for intel does it properly. This happens to be used in the Hispasec crackme. Here's the info of the bug: The bytes: [0x00000000]> :x 4 dcc0 d8c0 Using GNU objdump: [0x00000000]> pd 4 0: dc c0 fadd st(0),st 2: d8 c0 fadd st,st(0) Using udis86: [0x00000000]> pD 4 0x00000000 dcc0 fadd st0, st0 0x00000002 d8c0 fadd st0, st0 0x00000004 41 inc ecx PD: Looks like ollydbg and IDA's disassembler does it wrong too :) I have notified the udis86 author, so I hope to have this fixed in radare today or so :) Have fun! _______________________________________________ radare mailing list [email protected] http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
