ZaiRoN

Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight

Rating: 4 votes, 2.50 average.
Just yesterday a new version of Ollydbg was released, but I’m still using the old 1.10 version. It’s a really good debugger and until some days ago I didn’t hit on few errors inside the disasm engine, nothing compared with Ida's bug btw. Look here:

0047C720 6E OUTS DX,BYTE PTR ES:[EDI]
0047C721 6F OUTS DX,DWORD PTR ES:[EDI]


According to Intel Manual’s opcode map 0×6E is defined as “OUTS/OUTSB DX, Xb”.
The first operand is DX register, and the second one is defined as an “Xb” operand.
X: memory addressed by DS: (E)SI
b : byte, regardless of operand-size attribute
The error is obvious, Ollydbg shows EDI instead of ESI.

There’s something similar with A6 opcode. Ollydbg v1.10 shows:
004012FA A6 CMPS BYTE PTR DS:[ESI],BYTE PTR ES:[EDI]
but the right line is:
004012FA A6 CMPS BYTE PTR DS:[EDI],BYTE PTR ES:[ESI]

It’s an oversight on X and Y addressing method.
The errors occour in v1.10 only, v2 shows the right instructions. I asked to Olly (Oleh Yuschuk) and he kindly replied: “Unfortunately, I will not correct it in 1.10…This project is closed, and I don’t want to make any modifications.”. Ok, I’ll switch to v2.

Submit "Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight" to Digg Submit "Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight" to del.icio.us Submit "Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight" to StumbleUpon Submit "Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight" to Google

Categories
Uncategorized

Comments