Skip to content
GitLab
Closed
Issue created by Derek Bruening@derekbrueningContributor

add support for Intel ADX instructions

Xref #1312

Hit by a user (xref https://groups.google.com/forum/#!topic/dynamorio-users/iaPPsE4bTKY):

interp: start_pc = 0x00007ff653840c60
  0x00007ff653840c60  48 8d 7a 08          lea    0x08(%rdx) -> %rdi
  0x00007ff653840c64  48 8b 12             mov    (%rdx)[8byte] -> %rdx
  0x00007ff653840c67  48 8d 5c 24 60       lea    0x60(%rsp) -> %rbx
  0x00007ff653840c6c  49 89 d1             mov    %rdx -> %r9
  0x00007ff653840c6f  c4 e2 bb f6 06       mulx   (%rsi)[8byte] %rdx -> %r8 %rax
  0x00007ff653840c74  c4 62 a3 f6 76 08    mulx   0x08(%rsi)[8byte] %rdx -> %r11 %r14
  0x00007ff653840c7a  49 01 c3             add    %rax %r11 -> %r11
  0x00007ff653840c7d  48 89 7c 24 08       mov    %rdi -> 0x08(%rsp)[8byte]
  0x00007ff653840c82  c4 62 9b f6 6e 10    mulx   0x10(%rsi)[8byte] %rdx -> %r12 %r13
  0x00007ff653840c88  4d 11 f4             adc    %r14 %r12 -> %r12
  0x00007ff653840c8b  49 83 d5 00          adc    $0x0000000000000000 %r13 -> %r13
  0x00007ff653840c8f  4c 89 c7             mov    %r8 -> %rdi
  0x00007ff653840c92  4c 0f af 44 24 18    imul   0x18(%rsp)[8byte] %r8 -> %r8
  0x00007ff653840c98  48 31 ed             xor    %rbp %rbp -> %rbp
  0x00007ff653840c9b  c4 62 fb f6 76 18    mulx   0x18(%rsi)[8byte] %rdx -> %rax %r14
  0x00007ff653840ca1  4c 89 c2             mov    %r8 -> %rdx
  0x00007ff653840ca4  48 8d 76 20          lea    0x20(%rsi) -> %rsi
WARNING: make_writable 0x000000001555a000: param size 0x3f000 vs. mbi size 0x33000 base 0x000000001555a000
make_writable: pc 0x000000001555a000-0x000000001558d000, currently r--- committed
WARNING: make_writable 0x000000001558d000: param size 0xc000 vs. mbi size 0x9000 base 0x000000001558d000
make_writable: pc 0x000000001558d000-0x0000000015596000, currently r-x- committed
make_writable: pc 0x0000000015596000-0x0000000015599000, currently r--- committed
WARNING: make_unwritable 0x000000001555a000: param size 0x3f000 vs. mbi size 0x33000 base 0x000000001555a000
make_unwritable: pc 0x000000001555a000-0x000000001558d000, currently rw-- committed
WARNING: make_unwritable 0x000000001558d000: param size 0xc000 vs. mbi size 0x9000 base 0x000000001558d000
make_unwritable: pc 0x000000001558d000-0x0000000015596000, currently rwx- committed
make_unwritable: pc 0x0000000015596000-0x0000000015599000, currently rw-- committed
SYSLOG_WARNING: Invalid opcode encountered
Invalid opcode @0x00007ff653840ca8: 0x38f618
decode: invalid instr at 0x00007ff653840ca8
Invalid opcode @0x00007ff653840ca8: 0x38f618
decode: invalid instr at 0x00007ff653840ca8
  0x00007ff653840ca8  66 4c 0f 38 f6 e8...??  <INVALID>
interp: invalid instr at 0x00007ff653840ca8
end_pc = 0x00007ff653840ca8

exit_branch_type=0x0 bb->exit_target=0x00007ff653840ca8
exit_branch_type=0x0 target=0x00007ff653840ca8 l->flags=0x9801
Fragment 20081, tag 0x00007ff653840c60, flags 0x1000630, shared, size 77:
        [TestProject.exe]

Here's what gdb thinks:

(gdb) set {unsigned char[400]}0x04311000 = { 66, 4c, f, 38, f6, e8, 90, 90, 90, 90}
(gdb) x/4i 0x04311000
   0x4311000:   adcx   %rax,%r13
   0x4311006:   nop

That's part of Intel ADX, added in Intel Broadwell and AMD Ryzen. Just two opcodes, OP_adcx and OP_adox.

Xref #2524 (closed) on AMD Ryzen -- though symptoms there look more like win10 syscalls changing.