* KVM-29 + Windows Server 2003 = kernel panic
@ 2007-07-19 11:32 Alessandro Sardo
[not found] ` <469F4BE5.4040801-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
0 siblings, 1 reply; 9+ messages in thread
From: Alessandro Sardo @ 2007-07-19 11:32 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Hello list,
I am trying to install Windows Server 2003 using KVM-29, but getting
kernel panics every time.
Some notes:
* CPU model: 2 x Dual-Core AMD Opteron Processor 2210
* KVM versions: KVM-29
* Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
* Guest: Windows Server 2003 Standard edition
* the problem does NOT appear with the "-no-kvm" switch
* the server doesn't have a X server, so I had to work through VNC
---
Steps I followed:
1) created a brand new VM disk image
# sudo -u kvm qemu-img create -f qcow VM.img
2) set up a bridge on the host using RedHat's own scripts (called sw0)
3) manually set up a TAP device
# tunctl -u kvm
# brctl addif sw0 tap0
4) started the installation with the following command line
# sudo -u kvm qemu-system-x86_64 -hda VM.img -cdrom Win2003.iso
-boot d -net nic,model=rtl8139 -net tap,ifname=tap0,fd=h,script=no -m
1024 -no-acpi -daemonize -usb -usbdevice tablet -vnc :1
5) pressed F5 and selected "Standard PC"
6) waited for setup to format the disk and copy the files and auto-reboot
---
The 1st part of the installation goes smoothly. However, as soon as the
VM is rebooted and Windows tries to start the 2nd part, KVM crashes and
leads to a kernel panic.
Here are some explanatory pics:
- the VNC output while kernel panic'ing
http://www.labinf.polito.it/images/qemu.png
- the KVM trace output and kernel panic itself
http://www.labinf.polito.it/images/kernel_panic.jpg
Please let me know if there is anything I can do to help you.
Thanks,
AS
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-29 + Windows Server 2003 = kernel panic
[not found] ` <469F4BE5.4040801-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
@ 2007-07-19 11:36 ` Avi Kivity
[not found] ` <469F7A34.4070606@polito.it>
0 siblings, 1 reply; 9+ messages in thread
From: Avi Kivity @ 2007-07-19 11:36 UTC (permalink / raw)
To: Alessandro Sardo; +Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Alessandro Sardo wrote:
> Hello list,
>
> I am trying to install Windows Server 2003 using KVM-29, but getting
> kernel panics every time.
>
> Some notes:
>
> * CPU model: 2 x Dual-Core AMD Opteron Processor 2210
> * KVM versions: KVM-29
> * Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
> * Guest: Windows Server 2003 Standard edition
> * the problem does NOT appear with the "-no-kvm" switch
> * the server doesn't have a X server, so I had to work through VNC
>
> ---
>
> Steps I followed:
>
> 1) created a brand new VM disk image
> # sudo -u kvm qemu-img create -f qcow VM.img
>
> 2) set up a bridge on the host using RedHat's own scripts (called sw0)
>
> 3) manually set up a TAP device
> # tunctl -u kvm
> # brctl addif sw0 tap0
>
> 4) started the installation with the following command line
> # sudo -u kvm qemu-system-x86_64 -hda VM.img -cdrom Win2003.iso
> -boot d -net nic,model=rtl8139 -net tap,ifname=tap0,fd=h,script=no -m
> 1024 -no-acpi -daemonize -usb -usbdevice tablet -vnc :1
>
> 5) pressed F5 and selected "Standard PC"
>
> 6) waited for setup to format the disk and copy the files and auto-reboot
>
> ---
>
> The 1st part of the installation goes smoothly. However, as soon as the
> VM is rebooted and Windows tries to start the 2nd part, KVM crashes and
> leads to a kernel panic.
>
> Here are some explanatory pics:
>
> - the VNC output while kernel panic'ing
> http://www.labinf.polito.it/images/qemu.png
>
> - the KVM trace output and kernel panic itself
> http://www.labinf.polito.it/images/kernel_panic.jpg
>
>
> Please let me know if there is anything I can do to help you.
>
Can you generate a cleaner (more readable) oops, for example by using
netconsole?
--
error compiling committee.c: too many arguments to function
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-29 + Windows Server 2003 = kernel panic
[not found] ` <469F7F33.7040702-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
@ 2007-07-23 14:26 ` Alessandro Sardo
2007-07-23 14:27 ` Alessandro Sardo
1 sibling, 0 replies; 9+ messages in thread
From: Alessandro Sardo @ 2007-07-23 14:26 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Hello,
I have tried what you suggested but I could not reproduce the problem
anymore with KVM-32... guess it could have been fixed somewhere in
between the new releases. However, I am noticing two new issues:
1) rebooting the guest never works
2) I *very* often get BSODs as the one I sent as attachment, mainly
immediately after logon - with and without the "-smp 2" flag
Just to remind you all,
* CPU model: 2 x Dual-Core AMD Opteron Processor 2210
* KVM versions: KVM-32
* Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
* Guest: Windows Server 2003 Standard edition
* qemu command line: "kvm -hda VM.img -cdrom Win2003.iso -boot c -net
nic,model=rtl8139,macaddr=00:01:02:1E:77:96 -net
tap,script=/etc/kvm/qemu-ifup -m 1024 -smp 2 -daemonize -usb -usbdevice
tablet -vnc :1"
Please let me know if I can help in any way, thanks.
AS
Avi Kivity ha scritto:
> Alessandro Sardo wrote:
>>>
>>> Can you generate a cleaner (more readable) oops, for example by
>>> using netconsole?
>>>
>> Hi Avi,
>>
>> would you be so kind to tell me how to do it? I have tried running
>> KVM on the server with:
>>
>> # sudo -u kvm qemu-system-x86_64 -hda VM.img -cdrom Win2003.iso -boot
>> d -net nic,model=rtl8139 -net tap,ifname=tap0,fd=h,script=no -m 1024
>> -no-acpi -daemonize -usb -usbdevice tablet -vnc :1 -serial
>> udp:<client IP>:6666
>>
>
> This redirects the guest console, not the host console.
>
>> and running nc on the client with:
>>
>> # nc -u -l -p 6666
>>
>> but all I got was this:
>>
>> kvm: emulating exchange as write
>> kvm[2865]: segfault at 00002aaaec84d000 rip 000000000046dad9 rsp
>> 00007fffec682640 error 4
>>
>
> I use somthing like:
>
> /sbin/modprobe netconsole
> netconsole=@10.0.11.54/eth0,10054-2+4ijDgkSvM@public.gmane.org/00:E0:81:2B:0C:C1
>
> Where:
> 10.0.11.54 == host IP address
> 10054 == udp port number
> 10.0.0.1 == logger ip address
> 00:E0:81:2B:0C:C1 == logger mac address
>
> On the logger, I run
>
> nc -uld 10054
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-29 + Windows Server 2003 = kernel panic
[not found] ` <469F7F33.7040702-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-07-23 14:26 ` Alessandro Sardo
@ 2007-07-23 14:27 ` Alessandro Sardo
[not found] ` <46A4BAD5.6020906-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
1 sibling, 1 reply; 9+ messages in thread
From: Alessandro Sardo @ 2007-07-23 14:27 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1: Type: text/plain, Size: 59 bytes --]
Ooops,
I forgot the attachment (twice!) :-)
Thanks,
AS
[-- Attachment #2: BSOD.jpg --]
[-- Type: image/jpeg, Size: 96928 bytes --]
[-- Attachment #3: Type: text/plain, Size: 315 bytes --]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
[-- Attachment #4: Type: text/plain, Size: 186 bytes --]
_______________________________________________
kvm-devel mailing list
kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/kvm-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
* KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic?
[not found] ` <46A4BAD5.6020906-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
@ 2007-07-24 11:12 ` Alessandro Sardo
[not found] ` <46A5DE99.6040407-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
0 siblings, 1 reply; 9+ messages in thread
From: Alessandro Sardo @ 2007-07-24 11:12 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Hello list,
I am facing some big issues with the latest KVM release. I am still
trying to boot and use the same VM image on four different hosts, but
with outstanding bad luck.
More precisely, I created a brand new VM image and installed Windows
Server 2003. Then, I did shut it down and archived it. After that, I
copied it to the four hosts and tried to boot it, using the same KVM
version and qemu command line.
Test #1
CPU model: 1 x Dual-Core Intel Core Duo
Host: Ubuntu 6.06, kernel 2.6.15
KVM-33
Result -> everything is OK, no problems at all
----
Test #2
CPU model: 1 x Dual-Core Intel Core 2 Duo
Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
KVM-33
Result -> everything is OK, no problems at all
----
Test #3
CPU model: 1 x Single-Core AMD Athlon64 Processor 3500+ AM2
Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
KVM-33
Result -> boots fine, but when I try to install the SP2 I get the
following kernel panic:
Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
[<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
PGD 7b8a067 PUD 3973067 PMD 0
Oops: 0002 [1] SMP
last sysfs file: /class/net/lo/ifindex
CPU 0
Modules linked in: kvm_amd(U) kvm(U) tun netconsole bridge
cpufreq_ondemand video sbs i2c_ec button battery asus_acpi
acpi_memhotplug ac lp snd_hda_intel snd_hda_codec snd_seq_dummy
snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss floppy
snd_mixer_oss snd_pcm pcspkr sg i2c_nforce2 i2c_core snd_timer snd
shpchp soundcore k8_edac snd_page_alloc parport_pc edac_mc forcedeth
parport ide_cd cdrom serio_raw dm_snapshot dm_zero dm_mirror dm_mod
sata_nv libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 2168, comm: kvm Not tainted 2.6.18-8.1.8.el5 #1
RIP: 0010:[<ffffffff883d80ce>] [<ffffffff883d80ce>]
:kvm:x86_emulate_memop+0x2a79/0x3b03
RSP: 0018:ffff81006225d9d8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003
RDX: ffff81006225da60 RSI: 0000000000000000 RDI: ffff81006207a130
RBP: ffffffff883df621 R08: 0000000000000200 R09: 0000000000000000
R10: ffff81003f18d000 R11: ffffffff883eb542 R12: 0000000000000000
R13: ffff81006225db78 R14: 0000000000000000 R15: 0000000000000000
FS: 00000000ffdff000(0000) GS:ffffffff8038a000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000062cd7000 CR4: 00000000000006e0
Process kvm (pid: 2168, threadinfo ffff81006225c000, task ffff81007d987100)
Stack: ffffffff883df600 03007fffe0e1ce40 00007fffe0e1cea0 0300010000000040
ffff81006225db00 0000000000000004 0000000400000000 0300000000000000
0000000000000000 0000000000000004 0000000400000000 0000000000000000
Call Trace:
[<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
[<ffffffff883d5657>] :kvm:x86_emulate_memop+0x2/0x3b03
[<ffffffff883d0e95>] :kvm:emulate_instruction+0xee/0x278
[<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
[<ffffffff883eacec>] :kvm_amd:emulate_on_interception+0xf/0x30
[<ffffffff883ebbed>] :kvm_amd:svm_vcpu_run+0x506/0x599
[<ffffffff883d11e4>] :kvm:kvm_vcpu_ioctl+0x1c5/0xd04
[<ffffffff80044d31>] try_to_wake_up+0x407/0x418
[<ffffffff800850ed>] __wake_up_common+0x3e/0x68
[<ffffffff8002dd9b>] __wake_up+0x38/0x4f
[<ffffffff800d8498>] core_sys_select+0x234/0x265
[<ffffffff80093f38>] __dequeue_signal+0x18b/0x19b
[<ffffffff80094fd2>] dequeue_signal+0x3c/0xbc
[<ffffffff8003fc5a>] do_ioctl+0x21/0x6b
[<ffffffff8002fa60>] vfs_ioctl+0x248/0x261
[<ffffffff80058bf0>] getnstimeofday+0x10/0x28
[<ffffffff8004a266>] sys_ioctl+0x59/0x78
[<ffffffff8005b14e>] system_call+0x7e/0x83
Code: 4c 89 00 eb 63 48 8b 94 24 f8 00 00 00 48 8b 84 24 08 01 00
RIP [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
RSP <ffff81006225d9d8>
CR2: 0000000000000000
<0>Kernel panic - not syncing: Fatal exception
----
Test #4 (the most important one)
CPU model: 2 x Dual-Core AMD Opteron Processor 2210
Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
KVM-33
Result -> boots fine, but I cannot get past logon - I type
username/password and press enter, then I *always* get a BSOD (I sent a
screenshot yesterday to the list)
This is driving me nuts. I can make the VM image available to anyone
interested, please contact me privately for link and account details.
Thanks,
AS
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic?
[not found] ` <46A5DE99.6040407-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
@ 2007-07-24 11:30 ` Alexey Eremenko
[not found] ` <7fac565a0707240430w73393f46w729378a636f08ec2-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-07-24 12:27 ` Avi Kivity
1 sibling, 1 reply; 9+ messages in thread
From: Alexey Eremenko @ 2007-07-24 11:30 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Actually this is known problem, that I reproduced easily.
Windows 2000/XP/2003 (32-bit) all fails on AMD SVM.
Strage, but Vista runs on SVM fine.
VMX and SVM have different problems, with different guests failing on each.
--
-Alexey Eremenko "Technologov"
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic?
[not found] ` <7fac565a0707240430w73393f46w729378a636f08ec2-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2007-07-24 11:36 ` Alexey Eremenko
0 siblings, 0 replies; 9+ messages in thread
From: Alexey Eremenko @ 2007-07-24 11:36 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
http://sourceforge.net/tracker/index.php?func=detail&aid=1750684&group_id=180599&atid=893831
http://sourceforge.net/tracker/index.php
bug 1750684
--
-Alexey Eremenko "Technologov"
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic?
[not found] ` <46A5DE99.6040407-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2007-07-24 11:30 ` Alexey Eremenko
@ 2007-07-24 12:27 ` Avi Kivity
[not found] ` <46A5F029.4000002-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
1 sibling, 1 reply; 9+ messages in thread
From: Avi Kivity @ 2007-07-24 12:27 UTC (permalink / raw)
To: Alessandro Sardo; +Cc: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
Alessandro Sardo wrote:
One at a time.
> Test #3
> CPU model: 1 x Single-Core AMD Athlon64 Processor 3500+ AM2
> Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
> KVM-33
> Result -> boots fine, but when I try to install the SP2 I get the
> following kernel panic:
>
> Unable to handle kernel NULL pointer dereference at 0000000000000000 RIP:
> [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
> PGD 7b8a067 PUD 3973067 PMD 0
> Oops: 0002 [1] SMP
> last sysfs file: /class/net/lo/ifindex
> CPU 0
> Modules linked in: kvm_amd(U) kvm(U) tun netconsole bridge
> cpufreq_ondemand video sbs i2c_ec button battery asus_acpi
> acpi_memhotplug ac lp snd_hda_intel snd_hda_codec snd_seq_dummy
> snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss floppy
> snd_mixer_oss snd_pcm pcspkr sg i2c_nforce2 i2c_core snd_timer snd
> shpchp soundcore k8_edac snd_page_alloc parport_pc edac_mc forcedeth
> parport ide_cd cdrom serio_raw dm_snapshot dm_zero dm_mirror dm_mod
> sata_nv libata sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
> Pid: 2168, comm: kvm Not tainted 2.6.18-8.1.8.el5 #1
> RIP: 0010:[<ffffffff883d80ce>] [<ffffffff883d80ce>]
> :kvm:x86_emulate_memop+0x2a79/0x3b03
> RSP: 0018:ffff81006225d9d8 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003
> RDX: ffff81006225da60 RSI: 0000000000000000 RDI: ffff81006207a130
> RBP: ffffffff883df621 R08: 0000000000000200 R09: 0000000000000000
> R10: ffff81003f18d000 R11: ffffffff883eb542 R12: 0000000000000000
> R13: ffff81006225db78 R14: 0000000000000000 R15: 0000000000000000
> FS: 00000000ffdff000(0000) GS:ffffffff8038a000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000000 CR3: 0000000062cd7000 CR4: 00000000000006e0
> Process kvm (pid: 2168, threadinfo ffff81006225c000, task ffff81007d987100)
> Stack: ffffffff883df600 03007fffe0e1ce40 00007fffe0e1cea0 0300010000000040
> ffff81006225db00 0000000000000004 0000000400000000 0300000000000000
> 0000000000000000 0000000000000004 0000000400000000 0000000000000000
> Call Trace:
> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
> [<ffffffff883d5657>] :kvm:x86_emulate_memop+0x2/0x3b03
> [<ffffffff883d0e95>] :kvm:emulate_instruction+0xee/0x278
> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
> [<ffffffff883eacec>] :kvm_amd:emulate_on_interception+0xf/0x30
> [<ffffffff883ebbed>] :kvm_amd:svm_vcpu_run+0x506/0x599
> [<ffffffff883d11e4>] :kvm:kvm_vcpu_ioctl+0x1c5/0xd04
> [<ffffffff80044d31>] try_to_wake_up+0x407/0x418
> [<ffffffff800850ed>] __wake_up_common+0x3e/0x68
> [<ffffffff8002dd9b>] __wake_up+0x38/0x4f
> [<ffffffff800d8498>] core_sys_select+0x234/0x265
> [<ffffffff80093f38>] __dequeue_signal+0x18b/0x19b
> [<ffffffff80094fd2>] dequeue_signal+0x3c/0xbc
> [<ffffffff8003fc5a>] do_ioctl+0x21/0x6b
> [<ffffffff8002fa60>] vfs_ioctl+0x248/0x261
> [<ffffffff80058bf0>] getnstimeofday+0x10/0x28
> [<ffffffff8004a266>] sys_ioctl+0x59/0x78
> [<ffffffff8005b14e>] system_call+0x7e/0x83
>
>
> Code: 4c 89 00 eb 63 48 8b 94 24 f8 00 00 00 48 8b 84 24 08 01 00
> RIP [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
> RSP <ffff81006225d9d8>
> CR2: 0000000000000000
> <0>Kernel panic - not syncing: Fatal exception
> ----
>
Can you post the output of 'objdump -Sr kernel/x86_emulate.o'? Please
ensure that it is exactly the same object used to generate this oops.
--
error compiling committee.c: too many arguments to function
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic?
[not found] ` <46A5F029.4000002-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
@ 2007-07-24 12:45 ` Alessandro Sardo
0 siblings, 0 replies; 9+ messages in thread
From: Alessandro Sardo @ 2007-07-24 12:45 UTC (permalink / raw)
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f
[-- Attachment #1: Type: text/plain, Size: 3555 bytes --]
There you go.
AS
Avi Kivity ha scritto:
> Alessandro Sardo wrote:
>
> One at a time.
>
>> Test #3
>> CPU model: 1 x Single-Core AMD Athlon64 Processor 3500+ AM2
>> Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
>> KVM-33
>> Result -> boots fine, but when I try to install the SP2 I get the
>> following kernel panic:
>>
>> Unable to handle kernel NULL pointer dereference at 0000000000000000
>> RIP:
>> [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
>> PGD 7b8a067 PUD 3973067 PMD 0
>> Oops: 0002 [1] SMP
>> last sysfs file: /class/net/lo/ifindex
>> CPU 0
>> Modules linked in: kvm_amd(U) kvm(U) tun netconsole bridge
>> cpufreq_ondemand video sbs i2c_ec button battery asus_acpi
>> acpi_memhotplug ac lp snd_hda_intel snd_hda_codec snd_seq_dummy
>> snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss
>> floppy snd_mixer_oss snd_pcm pcspkr sg i2c_nforce2 i2c_core snd_timer
>> snd shpchp soundcore k8_edac snd_page_alloc parport_pc edac_mc
>> forcedeth parport ide_cd cdrom serio_raw dm_snapshot dm_zero
>> dm_mirror dm_mod sata_nv libata sd_mod scsi_mod ext3 jbd ehci_hcd
>> ohci_hcd uhci_hcd
>> Pid: 2168, comm: kvm Not tainted 2.6.18-8.1.8.el5 #1
>> RIP: 0010:[<ffffffff883d80ce>] [<ffffffff883d80ce>]
>> :kvm:x86_emulate_memop+0x2a79/0x3b03
>> RSP: 0018:ffff81006225d9d8 EFLAGS: 00010246
>> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003
>> RDX: ffff81006225da60 RSI: 0000000000000000 RDI: ffff81006207a130
>> RBP: ffffffff883df621 R08: 0000000000000200 R09: 0000000000000000
>> R10: ffff81003f18d000 R11: ffffffff883eb542 R12: 0000000000000000
>> R13: ffff81006225db78 R14: 0000000000000000 R15: 0000000000000000
>> FS: 00000000ffdff000(0000) GS:ffffffff8038a000(0000)
>> knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000000 CR3: 0000000062cd7000 CR4: 00000000000006e0
>> Process kvm (pid: 2168, threadinfo ffff81006225c000, task
>> ffff81007d987100)
>> Stack: ffffffff883df600 03007fffe0e1ce40 00007fffe0e1cea0
>> 0300010000000040
>> ffff81006225db00 0000000000000004 0000000400000000 0300000000000000
>> 0000000000000000 0000000000000004 0000000400000000 0000000000000000
>> Call Trace:
>> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
>> [<ffffffff883d5657>] :kvm:x86_emulate_memop+0x2/0x3b03
>> [<ffffffff883d0e95>] :kvm:emulate_instruction+0xee/0x278
>> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
>> [<ffffffff883eacec>] :kvm_amd:emulate_on_interception+0xf/0x30
>> [<ffffffff883ebbed>] :kvm_amd:svm_vcpu_run+0x506/0x599
>> [<ffffffff883d11e4>] :kvm:kvm_vcpu_ioctl+0x1c5/0xd04
>> [<ffffffff80044d31>] try_to_wake_up+0x407/0x418
>> [<ffffffff800850ed>] __wake_up_common+0x3e/0x68
>> [<ffffffff8002dd9b>] __wake_up+0x38/0x4f
>> [<ffffffff800d8498>] core_sys_select+0x234/0x265
>> [<ffffffff80093f38>] __dequeue_signal+0x18b/0x19b
>> [<ffffffff80094fd2>] dequeue_signal+0x3c/0xbc
>> [<ffffffff8003fc5a>] do_ioctl+0x21/0x6b
>> [<ffffffff8002fa60>] vfs_ioctl+0x248/0x261
>> [<ffffffff80058bf0>] getnstimeofday+0x10/0x28
>> [<ffffffff8004a266>] sys_ioctl+0x59/0x78
>> [<ffffffff8005b14e>] system_call+0x7e/0x83
>>
>>
>> Code: 4c 89 00 eb 63 48 8b 94 24 f8 00 00 00 48 8b 84 24 08 01 00
>> RIP [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
>> RSP <ffff81006225d9d8>
>> CR2: 0000000000000000
>> <0>Kernel panic - not syncing: Fatal exception
>> ----
>>
>
> Can you post the output of 'objdump -Sr kernel/x86_emulate.o'? Please
> ensure that it is exactly the same object used to generate this oops.
[-- Attachment #2: x86_emulate.txt --]
[-- Type: text/plain, Size: 230504 bytes --]
/usr/src/kvm-33/kernel/x86_emulate.o: file format elf64-x86-64
Disassembly of section .text:
0000000000000000 <kvm_emulator_want_group7_invlpg>:
* be mapped.
*/
void kvm_emulator_want_group7_invlpg(void)
{
twobyte_table[1] &= ~SrcMem;
0: 66 83 25 00 00 00 00 andw $0xffffffffffffffef,0(%rip) # 8 <kvm_emulator_want_group7_invlpg+0x8>
7: ef
3: R_X86_64_PC32 .data+0xfffffffffffffffd
}
8: c3 retq
0000000000000009 <decode_register>:
EXPORT_SYMBOL_GPL(kvm_emulator_want_group7_invlpg);
/* Type, address-of, and value of an instruction's operand. */
struct operand {
enum { OP_REG, OP_MEM, OP_IMM } type;
unsigned int bytes;
unsigned long val, orig_val, *ptr;
};
/* EFLAGS bit definitions. */
#define EFLG_OF (1<<11)
#define EFLG_DF (1<<10)
#define EFLG_SF (1<<7)
#define EFLG_ZF (1<<6)
#define EFLG_AF (1<<4)
#define EFLG_PF (1<<2)
#define EFLG_CF (1<<0)
/*
* Instruction emulation:
* Most instructions are emulated directly via a fragment of inline assembly
* code. This allows us to save/restore EFLAGS and thus very easily pick up
* any modified flags.
*/
#if defined(CONFIG_X86_64)
#define _LO32 "k" /* force 32-bit operand */
#define _STK "%%rsp" /* stack pointer */
#elif defined(__i386__)
#define _LO32 "" /* force 32-bit operand */
#define _STK "%%esp" /* stack pointer */
#endif
/*
* These EFLAGS bits are restored from saved value during emulation, and
* any changes are written back to the saved value after emulation.
*/
#define EFLAGS_MASK (EFLG_OF|EFLG_SF|EFLG_ZF|EFLG_AF|EFLG_PF|EFLG_CF)
/* Before executing instruction: restore necessary bits in EFLAGS. */
#define _PRE_EFLAGS(_sav, _msk, _tmp) \
/* EFLAGS = (_sav & _msk) | (EFLAGS & ~_msk); */ \
"push %"_sav"; " \
"movl %"_msk",%"_LO32 _tmp"; " \
"andl %"_LO32 _tmp",("_STK"); " \
"pushf; " \
"notl %"_LO32 _tmp"; " \
"andl %"_LO32 _tmp",("_STK"); " \
"pop %"_tmp"; " \
"orl %"_LO32 _tmp",("_STK"); " \
"popf; " \
/* _sav &= ~msk; */ \
"movl %"_msk",%"_LO32 _tmp"; " \
"notl %"_LO32 _tmp"; " \
"andl %"_LO32 _tmp",%"_sav"; "
/* After executing instruction: write-back necessary bits in EFLAGS. */
#define _POST_EFLAGS(_sav, _msk, _tmp) \
/* _sav |= EFLAGS & _msk; */ \
"pushf; " \
"pop %"_tmp"; " \
"andl %"_msk",%"_LO32 _tmp"; " \
"orl %"_LO32 _tmp",%"_sav"; "
/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
unsigned long _tmp; \
\
switch ((_dst).bytes) { \
case 2: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","4","2") \
_op"w %"_wx"3,%1; " \
_POST_EFLAGS("0","4","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: _wy ((_src).val), "i" (EFLAGS_MASK) ); \
break; \
case 4: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","4","2") \
_op"l %"_lx"3,%1; " \
_POST_EFLAGS("0","4","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: _ly ((_src).val), "i" (EFLAGS_MASK) ); \
break; \
case 8: \
__emulate_2op_8byte(_op, _src, _dst, \
_eflags, _qx, _qy); \
break; \
} \
} while (0)
#define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
unsigned long _tmp; \
switch ( (_dst).bytes ) \
{ \
case 1: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","4","2") \
_op"b %"_bx"3,%1; " \
_POST_EFLAGS("0","4","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: _by ((_src).val), "i" (EFLAGS_MASK) ); \
break; \
default: \
__emulate_2op_nobyte(_op, _src, _dst, _eflags, \
_wx, _wy, _lx, _ly, _qx, _qy); \
break; \
} \
} while (0)
/* Source operand is byte-sized and may be restricted to just %cl. */
#define emulate_2op_SrcB(_op, _src, _dst, _eflags) \
__emulate_2op(_op, _src, _dst, _eflags, \
"b", "c", "b", "c", "b", "c", "b", "c")
/* Source operand is byte, word, long or quad sized. */
#define emulate_2op_SrcV(_op, _src, _dst, _eflags) \
__emulate_2op(_op, _src, _dst, _eflags, \
"b", "q", "w", "r", _LO32, "r", "", "r")
/* Source operand is word, long or quad sized. */
#define emulate_2op_SrcV_nobyte(_op, _src, _dst, _eflags) \
__emulate_2op_nobyte(_op, _src, _dst, _eflags, \
"w", "r", _LO32, "r", "", "r")
/* Instruction has only one explicit operand (no source operand). */
#define emulate_1op(_op, _dst, _eflags) \
do { \
unsigned long _tmp; \
\
switch ( (_dst).bytes ) \
{ \
case 1: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","3","2") \
_op"b %1; " \
_POST_EFLAGS("0","3","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: "i" (EFLAGS_MASK) ); \
break; \
case 2: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","3","2") \
_op"w %1; " \
_POST_EFLAGS("0","3","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: "i" (EFLAGS_MASK) ); \
break; \
case 4: \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","3","2") \
_op"l %1; " \
_POST_EFLAGS("0","3","2") \
: "=m" (_eflags), "=m" ((_dst).val), \
"=&r" (_tmp) \
: "i" (EFLAGS_MASK) ); \
break; \
case 8: \
__emulate_1op_8byte(_op, _dst, _eflags); \
break; \
} \
} while (0)
/* Emulate an instruction with quadword operands (x86/64 only). */
#if defined(CONFIG_X86_64)
#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy) \
do { \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","4","2") \
_op"q %"_qx"3,%1; " \
_POST_EFLAGS("0","4","2") \
: "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
: _qy ((_src).val), "i" (EFLAGS_MASK) ); \
} while (0)
#define __emulate_1op_8byte(_op, _dst, _eflags) \
do { \
__asm__ __volatile__ ( \
_PRE_EFLAGS("0","3","2") \
_op"q %1; " \
_POST_EFLAGS("0","3","2") \
: "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
: "i" (EFLAGS_MASK) ); \
} while (0)
#elif defined(__i386__)
#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy)
#define __emulate_1op_8byte(_op, _dst, _eflags)
#endif /* __i386__ */
/* Fetch next part of the instruction being emulated. */
#define insn_fetch(_type, _size, _eip) \
({ unsigned long _x; \
rc = ops->read_std((unsigned long)(_eip) + ctxt->cs_base, &_x, \
(_size), ctxt); \
if ( rc != 0 ) \
goto done; \
(_eip) += (_size); \
(_type)_x; \
})
/* Access/update address held in a register, based on addressing mode. */
#define register_address(base, reg) \
((base) + ((ad_bytes == sizeof(unsigned long)) ? (reg) : \
((reg) & ((1UL << (ad_bytes << 3)) - 1))))
#define register_address_increment(reg, inc) \
do { \
/* signed type ensures sign extension to long */ \
int _inc = (inc); \
if ( ad_bytes == sizeof(unsigned long) ) \
(reg) += _inc; \
else \
(reg) = ((reg) & ~((1UL << (ad_bytes << 3)) - 1)) | \
(((reg) + _inc) & ((1UL << (ad_bytes << 3)) - 1)); \
} while (0)
/*
* Given the 'reg' portion of a ModRM byte, and a register block, return a
* pointer into the block that addresses the relevant register.
* @highbyte_regs specifies whether to decode AH,CH,DH,BH.
*/
static void *decode_register(u8 modrm_reg, unsigned long *regs,
int highbyte_regs)
{
9: 40 88 f9 mov %dil,%cl
void *p;
p = ®s[modrm_reg];
if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8)
c: 85 d2 test %edx,%edx
e: 40 0f b6 ff movzbl %dil,%edi
12: 48 8d 04 fe lea (%rsi,%rdi,8),%rax
16: 74 12 je 2a <decode_register+0x21>
18: 80 f9 03 cmp $0x3,%cl
1b: 76 0d jbe 2a <decode_register+0x21>
1d: 80 f9 07 cmp $0x7,%cl
20: 77 08 ja 2a <decode_register+0x21>
p = (unsigned char *)®s[modrm_reg & 3] + 1;
22: 83 e7 03 and $0x3,%edi
25: 48 8d 44 fe 01 lea 0x1(%rsi,%rdi,8),%rax
return p;
}
2a: c3 retq
000000000000002b <read_descriptor>:
static int read_descriptor(struct x86_emulate_ctxt *ctxt,
struct x86_emulate_ops *ops,
void *ptr,
u16 *size, unsigned long *address, int op_bytes)
{
2b: 41 56 push %r14
int rc;
if (op_bytes == 2)
2d: 41 83 f9 02 cmp $0x2,%r9d
31: 49 89 f6 mov %rsi,%r14
34: b8 03 00 00 00 mov $0x3,%eax
39: 48 89 ce mov %rcx,%rsi
op_bytes = 3;
*address = 0;
3c: 49 c7 00 00 00 00 00 movq $0x0,(%r8)
43: 41 55 push %r13
rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2, ctxt);
45: 48 89 f9 mov %rdi,%rcx
48: 49 89 fd mov %rdi,%r13
4b: 41 54 push %r12
4d: 4d 89 c4 mov %r8,%r12
50: 55 push %rbp
51: 48 89 d5 mov %rdx,%rbp
54: ba 02 00 00 00 mov $0x2,%edx
59: 48 89 ef mov %rbp,%rdi
5c: 53 push %rbx
5d: 44 89 cb mov %r9d,%ebx
60: 0f 44 d8 cmove %eax,%ebx
63: 41 ff 16 callq *(%r14)
if (rc)
66: 85 c0 test %eax,%eax
68: 75 1a jne 84 <read_descriptor+0x59>
return rc;
rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes, ctxt);
6a: 89 da mov %ebx,%edx
6c: 48 8d 7d 02 lea 0x2(%rbp),%rdi
70: 4c 89 e6 mov %r12,%rsi
return rc;
}
73: 5b pop %rbx
74: 5d pop %rbp
75: 41 5c pop %r12
77: 4c 89 e9 mov %r13,%rcx
7a: 4d 8b 1e mov (%r14),%r11
7d: 41 5d pop %r13
7f: 41 5e pop %r14
81: 41 ff e3 jmpq *%r11
84: 5b pop %rbx
85: 5d pop %rbp
86: 41 5c pop %r12
88: 41 5d pop %r13
8a: 41 5e pop %r14
8c: c3 retq
000000000000008d <x86_emulate_memop>:
int
x86_emulate_memop(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
{
8d: 41 57 push %r15
unsigned d;
u8 b, sib, twobyte = 0, rex_prefix = 0;
u8 modrm, modrm_mod = 0, modrm_reg = 0, modrm_rm = 0;
unsigned long *override_base = NULL;
unsigned int op_bytes, ad_bytes, lock_prefix = 0, rep_prefix = 0, i;
int rc = 0;
struct operand src, dst;
unsigned long cr2 = ctxt->cr2;
int mode = ctxt->mode;
unsigned long modrm_ea;
int use_modrm_ea, index_reg = 0, base_reg = 0, scale, rip_relative = 0;
int no_wb = 0;
u64 msr_data;
/* Shadow copy of register state. Committed on successful emulation. */
unsigned long _regs[NR_VCPU_REGS];
unsigned long _eip = ctxt->vcpu->rip, _eflags = ctxt->eflags;
unsigned long modrm_val = 0;
memcpy(_regs, ctxt->vcpu->regs, sizeof _regs);
8f: ba 80 00 00 00 mov $0x80,%edx
94: 41 56 push %r14
96: 41 55 push %r13
98: 49 89 fd mov %rdi,%r13
9b: 41 54 push %r12
9d: 55 push %rbp
9e: 53 push %rbx
9f: 48 81 ec 68 01 00 00 sub $0x168,%rsp
a6: 48 89 34 24 mov %rsi,(%rsp)
aa: 8b 47 18 mov 0x18(%rdi),%eax
ad: 4c 8b 67 10 mov 0x10(%rdi),%r12
b1: 89 44 24 54 mov %eax,0x54(%rsp)
b5: 48 8b 07 mov (%rdi),%rax
b8: 48 8b 80 00 01 00 00 mov 0x100(%rax),%rax
bf: 48 89 84 24 50 01 00 mov %rax,0x150(%rsp)
c6: 00
c7: 48 8b 47 08 mov 0x8(%rdi),%rax
cb: 48 89 84 24 48 01 00 mov %rax,0x148(%rsp)
d2: 00
d3: 48 8b 37 mov (%rdi),%rsi
d6: 48 8d 7c 24 70 lea 0x70(%rsp),%rdi
db: 48 83 ee 80 sub $0xffffffffffffff80,%rsi
df: e8 00 00 00 00 callq e4 <x86_emulate_memop+0x57>
e0: R_X86_64_PC32 __memcpy+0xfffffffffffffffc
switch (mode) {
e4: 83 7c 24 54 02 cmpl $0x2,0x54(%rsp)
e9: 74 46 je 131 <x86_emulate_memop+0xa4>
eb: 7f 0c jg f9 <x86_emulate_memop+0x6c>
ed: 83 7c 24 54 00 cmpl $0x0,0x54(%rsp)
f2: 74 3d je 131 <x86_emulate_memop+0xa4>
f4: e9 58 3a 00 00 jmpq 3b51 <x86_emulate_memop+0x3ac4>
f9: 83 7c 24 54 04 cmpl $0x4,0x54(%rsp)
fe: 74 0d je 10d <x86_emulate_memop+0x80>
100: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
105: 0f 85 46 3a 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
10b: eb 12 jmp 11f <x86_emulate_memop+0x92>
10d: c7 44 24 6c 04 00 00 movl $0x4,0x6c(%rsp)
114: 00
115: c7 44 24 48 04 00 00 movl $0x4,0x48(%rsp)
11c: 00
11d: eb 22 jmp 141 <x86_emulate_memop+0xb4>
11f: c7 44 24 6c 04 00 00 movl $0x4,0x6c(%rsp)
126: 00
127: c7 44 24 48 08 00 00 movl $0x8,0x48(%rsp)
12e: 00
12f: eb 10 jmp 141 <x86_emulate_memop+0xb4>
131: c7 44 24 6c 02 00 00 movl $0x2,0x6c(%rsp)
138: 00
139: c7 44 24 48 02 00 00 movl $0x2,0x48(%rsp)
140: 00
141: 48 c7 44 24 40 00 00 movq $0x0,0x40(%rsp)
148: 00 00
14a: c7 44 24 4c 00 00 00 movl $0x0,0x4c(%rsp)
151: 00
152: 31 db xor %ebx,%ebx
154: c7 44 24 50 00 00 00 movl $0x0,0x50(%rsp)
15b: 00
case X86EMUL_MODE_REAL:
case X86EMUL_MODE_PROT16:
op_bytes = ad_bytes = 2;
break;
case X86EMUL_MODE_PROT32:
op_bytes = ad_bytes = 4;
break;
#ifdef CONFIG_X86_64
case X86EMUL_MODE_PROT64:
op_bytes = 4;
ad_bytes = 8;
break;
#endif
default:
return -1;
}
/* Legacy prefixes. */
for (i = 0; i < 8; i++) {
switch (b = insn_fetch(u8, 1, _eip)) {
15c: 48 8b 2c 24 mov (%rsp),%rbp
160: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
167: 00
168: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
16f: 00
170: 49 03 7d 20 add 0x20(%r13),%rdi
174: 4c 89 e9 mov %r13,%rcx
177: ba 01 00 00 00 mov $0x1,%edx
17c: ff 55 00 callq *0x0(%rbp)
17f: 85 c0 test %eax,%eax
181: 41 89 c7 mov %eax,%r15d
184: 0f 85 1a 2a 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
18a: 40 8a ac 24 38 01 00 mov 0x138(%rsp),%bpl
191: 00
192: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
199: 00
19a: 40 80 fd 65 cmp $0x65,%bpl
19e: 0f 84 9c 00 00 00 je 240 <x86_emulate_memop+0x1b3>
1a4: 77 30 ja 1d6 <x86_emulate_memop+0x149>
1a6: 40 80 fd 36 cmp $0x36,%bpl
1aa: 0f 84 9b 00 00 00 je 24b <x86_emulate_memop+0x1be>
1b0: 77 12 ja 1c4 <x86_emulate_memop+0x137>
1b2: 40 80 fd 26 cmp $0x26,%bpl
1b6: 74 72 je 22a <x86_emulate_memop+0x19d>
1b8: 40 80 fd 2e cmp $0x2e,%bpl
1bc: 0f 85 a7 00 00 00 jne 269 <x86_emulate_memop+0x1dc>
1c2: eb 5a jmp 21e <x86_emulate_memop+0x191>
1c4: 40 80 fd 3e cmp $0x3e,%bpl
1c8: 74 5a je 224 <x86_emulate_memop+0x197>
1ca: 40 80 fd 64 cmp $0x64,%bpl
1ce: 0f 85 95 00 00 00 jne 269 <x86_emulate_memop+0x1dc>
1d4: eb 5f jmp 235 <x86_emulate_memop+0x1a8>
1d6: 40 80 fd f0 cmp $0xf0,%bpl
1da: 74 7a je 256 <x86_emulate_memop+0x1c9>
1dc: 77 0e ja 1ec <x86_emulate_memop+0x15f>
1de: 40 80 fd 66 cmp $0x66,%bpl
1e2: 74 1e je 202 <x86_emulate_memop+0x175>
1e4: 40 80 fd 67 cmp $0x67,%bpl
1e8: 75 7f jne 269 <x86_emulate_memop+0x1dc>
1ea: eb 1d jmp 209 <x86_emulate_memop+0x17c>
1ec: 40 80 fd f2 cmp $0xf2,%bpl
1f0: 74 6c je 25e <x86_emulate_memop+0x1d1>
1f2: 40 80 fd f3 cmp $0xf3,%bpl
1f6: 75 71 jne 269 <x86_emulate_memop+0x1dc>
1f8: c7 44 24 50 01 00 00 movl $0x1,0x50(%rsp)
1ff: 00
200: eb 5c jmp 25e <x86_emulate_memop+0x1d1>
case 0x66: /* operand-size override */
op_bytes ^= 6; /* switch between 2/4 bytes */
202: 83 74 24 6c 06 xorl $0x6,0x6c(%rsp)
207: eb 55 jmp 25e <x86_emulate_memop+0x1d1>
break;
case 0x67: /* address-size override */
if (mode == X86EMUL_MODE_PROT64)
209: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
20e: 75 07 jne 217 <x86_emulate_memop+0x18a>
ad_bytes ^= 12; /* switch between 4/8 bytes */
210: 83 74 24 48 0c xorl $0xc,0x48(%rsp)
215: eb 47 jmp 25e <x86_emulate_memop+0x1d1>
else
ad_bytes ^= 6; /* switch between 2/4 bytes */
217: 83 74 24 48 06 xorl $0x6,0x48(%rsp)
21c: eb 40 jmp 25e <x86_emulate_memop+0x1d1>
break;
case 0x2e: /* CS override */
override_base = &ctxt->cs_base;
21e: 4d 8d 45 20 lea 0x20(%r13),%r8
222: eb 20 jmp 244 <x86_emulate_memop+0x1b7>
break;
case 0x3e: /* DS override */
override_base = &ctxt->ds_base;
224: 49 8d 45 28 lea 0x28(%r13),%rax
228: eb 25 jmp 24f <x86_emulate_memop+0x1c2>
break;
case 0x26: /* ES override */
override_base = &ctxt->es_base;
22a: 49 8d 55 30 lea 0x30(%r13),%rdx
22e: 48 89 54 24 40 mov %rdx,0x40(%rsp)
233: eb 29 jmp 25e <x86_emulate_memop+0x1d1>
break;
case 0x64: /* FS override */
override_base = &ctxt->fs_base;
235: 49 8d 4d 48 lea 0x48(%r13),%rcx
239: 48 89 4c 24 40 mov %rcx,0x40(%rsp)
23e: eb 1e jmp 25e <x86_emulate_memop+0x1d1>
break;
case 0x65: /* GS override */
override_base = &ctxt->gs_base;
240: 4d 8d 45 40 lea 0x40(%r13),%r8
244: 4c 89 44 24 40 mov %r8,0x40(%rsp)
249: eb 13 jmp 25e <x86_emulate_memop+0x1d1>
break;
case 0x36: /* SS override */
override_base = &ctxt->ss_base;
24b: 49 8d 45 38 lea 0x38(%r13),%rax
24f: 48 89 44 24 40 mov %rax,0x40(%rsp)
254: eb 08 jmp 25e <x86_emulate_memop+0x1d1>
break;
256: c7 44 24 4c 01 00 00 movl $0x1,0x4c(%rsp)
25d: 00
25e: ff c3 inc %ebx
260: 83 fb 08 cmp $0x8,%ebx
263: 0f 85 f3 fe ff ff jne 15c <x86_emulate_memop+0xcf>
case 0xf0: /* LOCK */
lock_prefix = 1;
break;
case 0xf3: /* REP/REPE/REPZ */
rep_prefix = 1;
break;
case 0xf2: /* REPNE/REPNZ */
break;
default:
goto done_prefixes;
}
}
done_prefixes:
/* REX prefix. */
if ((mode == X86EMUL_MODE_PROT64) && ((b & 0xf0) == 0x40)) {
269: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
26e: 0f 85 84 00 00 00 jne 2f8 <x86_emulate_memop+0x26b>
274: 40 0f b6 dd movzbl %bpl,%ebx
278: 89 d8 mov %ebx,%eax
27a: 25 f0 00 00 00 and $0xf0,%eax
27f: 83 f8 40 cmp $0x40,%eax
282: 75 74 jne 2f8 <x86_emulate_memop+0x26b>
rex_prefix = b;
if (b & 8)
284: f6 c3 08 test $0x8,%bl
287: 8b 54 24 54 mov 0x54(%rsp),%edx
28b: 0f 44 54 24 6c cmove 0x6c(%rsp),%edx
op_bytes = 8; /* REX.W */
modrm_reg = (b & 4) << 1; /* REX.R */
index_reg = (b & 2) << 2; /* REX.X */
modrm_rm = base_reg = (b & 1) << 3; /* REG.B */
b = insn_fetch(u8, 1, _eip);
290: 4c 8b 04 24 mov (%rsp),%r8
294: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
29b: 00
29c: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
2a3: 00
2a4: 49 03 7d 20 add 0x20(%r13),%rdi
2a8: 4c 89 e9 mov %r13,%rcx
2ab: 89 54 24 6c mov %edx,0x6c(%rsp)
2af: ba 01 00 00 00 mov $0x1,%edx
2b4: 41 ff 10 callq *(%r8)
2b7: 85 c0 test %eax,%eax
2b9: 0f 85 b1 07 00 00 jne a70 <x86_emulate_memop+0x9e3>
2bf: 40 88 e8 mov %bpl,%al
2c2: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
2c9: 00
2ca: 40 88 6c 24 1e mov %bpl,0x1e(%rsp)
2cf: 83 e0 04 and $0x4,%eax
2d2: 40 8a ac 24 38 01 00 mov 0x138(%rsp),%bpl
2d9: 00
2da: 01 c0 add %eax,%eax
2dc: 88 44 24 20 mov %al,0x20(%rsp)
2e0: 89 d8 mov %ebx,%eax
2e2: 83 e3 01 and $0x1,%ebx
2e5: 83 e0 02 and $0x2,%eax
2e8: c1 e3 03 shl $0x3,%ebx
2eb: c1 e0 02 shl $0x2,%eax
2ee: 88 5c 24 3f mov %bl,0x3f(%rsp)
2f2: 89 44 24 58 mov %eax,0x58(%rsp)
2f6: eb 19 jmp 311 <x86_emulate_memop+0x284>
2f8: c6 44 24 1e 00 movb $0x0,0x1e(%rsp)
2fd: c6 44 24 20 00 movb $0x0,0x20(%rsp)
302: 31 db xor %ebx,%ebx
304: c6 44 24 3f 00 movb $0x0,0x3f(%rsp)
309: c7 44 24 58 00 00 00 movl $0x0,0x58(%rsp)
310: 00
}
/* Opcode byte(s). */
d = opcode_table[b];
311: 40 0f b6 c5 movzbl %bpl,%eax
315: 8a 80 00 00 00 00 mov 0x0(%rax),%al
317: R_X86_64_32S .rodata+0x140
if (d == 0) {
31b: 84 c0 test %al,%al
31d: 74 0e je 32d <x86_emulate_memop+0x2a0>
31f: 0f b6 c0 movzbl %al,%eax
322: c6 44 24 1d 00 movb $0x0,0x1d(%rsp)
327: 89 44 24 18 mov %eax,0x18(%rsp)
32b: eb 66 jmp 393 <x86_emulate_memop+0x306>
/* Two-byte opcode? */
if (b == 0x0f) {
32d: 40 80 fd 0f cmp $0xf,%bpl
331: 0f 85 1a 38 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
twobyte = 1;
b = insn_fetch(u8, 1, _eip);
337: 48 8b 2c 24 mov (%rsp),%rbp
33b: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
342: 00
343: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
34a: 00
34b: 49 03 7d 20 add 0x20(%r13),%rdi
34f: 4c 89 e9 mov %r13,%rcx
352: ba 01 00 00 00 mov $0x1,%edx
357: ff 55 00 callq *0x0(%rbp)
35a: 85 c0 test %eax,%eax
35c: 0f 85 0e 07 00 00 jne a70 <x86_emulate_memop+0x9e3>
362: 40 8a ac 24 38 01 00 mov 0x138(%rsp),%bpl
369: 00
36a: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
371: 00
d = twobyte_table[b];
372: 40 0f b6 c5 movzbl %bpl,%eax
376: 66 8b 84 00 00 00 00 mov 0x0(%rax,%rax,1),%ax
37d: 00
37a: R_X86_64_32S .data
}
/* Unrecognised? */
if (d == 0)
37e: 66 85 c0 test %ax,%ax
381: 0f 84 ca 37 00 00 je 3b51 <x86_emulate_memop+0x3ac4>
387: 0f b7 c0 movzwl %ax,%eax
38a: c6 44 24 1d 01 movb $0x1,0x1d(%rsp)
38f: 89 44 24 18 mov %eax,0x18(%rsp)
goto cannot_emulate;
}
/* ModRM and SIB bytes. */
if (d & ModRM) {
393: 45 31 f6 xor %r14d,%r14d
396: f6 44 24 18 40 testb $0x40,0x18(%rsp)
39b: c6 44 24 1f 00 movb $0x0,0x1f(%rsp)
3a0: 0f 84 2a 04 00 00 je 7d0 <x86_emulate_memop+0x743>
modrm = insn_fetch(u8, 1, _eip);
3a6: 4c 8b 04 24 mov (%rsp),%r8
3aa: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
3b1: 00
3b2: 4c 89 e9 mov %r13,%rcx
3b5: 49 03 7d 20 add 0x20(%r13),%rdi
3b9: ba 01 00 00 00 mov $0x1,%edx
3be: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
3c5: 00
3c6: 41 ff 10 callq *(%r8)
3c9: 85 c0 test %eax,%eax
3cb: 0f 85 9f 06 00 00 jne a70 <x86_emulate_memop+0x9e3>
3d1: 8a 84 24 38 01 00 00 mov 0x138(%rsp),%al
3d8: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
3df: 00
modrm_mod |= (modrm & 0xc0) >> 6;
3e0: 0f b6 d0 movzbl %al,%edx
modrm_reg |= (modrm & 0x38) >> 3;
modrm_rm |= (modrm & 0x07);
3e3: 83 e0 07 and $0x7,%eax
3e6: 48 ff c7 inc %rdi
3e9: 41 88 c6 mov %al,%r14b
3ec: 44 0a 74 24 3f or 0x3f(%rsp),%r14b
3f1: 89 d1 mov %edx,%ecx
3f3: c1 e9 06 shr $0x6,%ecx
3f6: 83 e2 38 and $0x38,%edx
3f9: 48 89 bc 24 50 01 00 mov %rdi,0x150(%rsp)
400: 00
401: c1 fa 03 sar $0x3,%edx
404: 08 54 24 20 or %dl,0x20(%rsp)
modrm_ea = 0;
use_modrm_ea = 1;
if (modrm_mod == 3) {
408: 80 f9 03 cmp $0x3,%cl
40b: 88 4c 24 0f mov %cl,0xf(%rsp)
40f: 88 4c 24 1f mov %cl,0x1f(%rsp)
413: 44 88 74 24 3f mov %r14b,0x3f(%rsp)
418: 75 1d jne 437 <x86_emulate_memop+0x3aa>
modrm_val = *(unsigned long *)
41a: 8b 54 24 18 mov 0x18(%rsp),%edx
41e: 48 8d 74 24 70 lea 0x70(%rsp),%rsi
423: 41 0f b6 fe movzbl %r14b,%edi
427: 83 e2 01 and $0x1,%edx
42a: e8 da fb ff ff callq 9 <decode_register>
42f: 4c 8b 30 mov (%rax),%r14
432: e9 99 03 00 00 jmpq 7d0 <x86_emulate_memop+0x743>
decode_register(modrm_rm, _regs, d & ByteOp);
goto modrm_done;
}
if (ad_bytes == 2) {
437: 83 7c 24 48 02 cmpl $0x2,0x48(%rsp)
43c: 0f 85 3f 01 00 00 jne 581 <x86_emulate_memop+0x4f4>
unsigned bx = _regs[VCPU_REGS_RBX];
unsigned bp = _regs[VCPU_REGS_RBP];
unsigned si = _regs[VCPU_REGS_RSI];
unsigned di = _regs[VCPU_REGS_RDI];
/* 16-bit ModR/M decode. */
switch (modrm_mod) {
442: 80 7c 24 1f 01 cmpb $0x1,0x1f(%rsp)
447: 48 8b 84 24 98 00 00 mov 0x98(%rsp),%rax
44e: 00
44f: 48 8b 94 24 a8 00 00 mov 0xa8(%rsp),%rdx
456: 00
457: 48 8b 9c 24 88 00 00 mov 0x88(%rsp),%rbx
45e: 00
45f: 4c 8b a4 24 a0 00 00 mov 0xa0(%rsp),%r12
466: 00
467: 48 89 44 24 10 mov %rax,0x10(%rsp)
46c: 48 89 54 24 60 mov %rdx,0x60(%rsp)
471: 74 12 je 485 <x86_emulate_memop+0x3f8>
473: 72 07 jb 47c <x86_emulate_memop+0x3ef>
475: 80 7c 24 1f 02 cmpb $0x2,0x1f(%rsp)
47a: eb 05 jmp 481 <x86_emulate_memop+0x3f4>
case 0:
if (modrm_rm == 6)
47c: 80 7c 24 3f 06 cmpb $0x6,0x3f(%rsp)
481: 75 6e jne 4f1 <x86_emulate_memop+0x464>
483: eb 36 jmp 4bb <x86_emulate_memop+0x42e>
modrm_ea += insn_fetch(u16, 2, _eip);
break;
case 1:
modrm_ea += insn_fetch(s8, 1, _eip);
485: 4c 8b 04 24 mov (%rsp),%r8
489: 49 03 7d 20 add 0x20(%r13),%rdi
48d: 4c 89 e9 mov %r13,%rcx
490: ba 01 00 00 00 mov $0x1,%edx
495: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
49c: 00
49d: 41 ff 10 callq *(%r8)
4a0: 85 c0 test %eax,%eax
4a2: 0f 85 c8 05 00 00 jne a70 <x86_emulate_memop+0x9e3>
4a8: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
4af: 00
4b0: 48 0f be 94 24 38 01 movsbq 0x138(%rsp),%rdx
4b7: 00 00
4b9: eb 38 jmp 4f3 <x86_emulate_memop+0x466>
break;
case 2:
modrm_ea += insn_fetch(u16, 2, _eip);
4bb: 4c 8b 04 24 mov (%rsp),%r8
4bf: 49 03 7d 20 add 0x20(%r13),%rdi
4c3: 4c 89 e9 mov %r13,%rcx
4c6: ba 02 00 00 00 mov $0x2,%edx
4cb: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
4d2: 00
4d3: 41 ff 10 callq *(%r8)
4d6: 85 c0 test %eax,%eax
4d8: 0f 85 92 05 00 00 jne a70 <x86_emulate_memop+0x9e3>
4de: 48 83 84 24 50 01 00 addq $0x2,0x150(%rsp)
4e5: 00 02
4e7: 0f b7 94 24 38 01 00 movzwl 0x138(%rsp),%edx
4ee: 00
4ef: eb 02 jmp 4f3 <x86_emulate_memop+0x466>
4f1: 31 d2 xor %edx,%edx
break;
}
switch (modrm_rm) {
4f3: 41 80 fe 07 cmp $0x7,%r14b
4f7: 89 df mov %ebx,%edi
4f9: 44 8b 44 24 10 mov 0x10(%rsp),%r8d
4fe: 44 89 e6 mov %r12d,%esi
501: 8b 4c 24 60 mov 0x60(%rsp),%ecx
505: 77 40 ja 547 <x86_emulate_memop+0x4ba>
507: 41 0f b6 c6 movzbl %r14b,%eax
50b: ff 24 c5 00 00 00 00 jmpq *0x0(,%rax,8)
50e: R_X86_64_32S .rodata
case 0:
modrm_ea += bx + si;
512: 8d 04 3e lea (%rsi,%rdi,1),%eax
515: eb 03 jmp 51a <x86_emulate_memop+0x48d>
break;
case 1:
modrm_ea += bx + di;
517: 8d 04 39 lea (%rcx,%rdi,1),%eax
51a: 48 01 c2 add %rax,%rdx
51d: eb 30 jmp 54f <x86_emulate_memop+0x4c2>
break;
case 2:
modrm_ea += bp + si;
51f: 42 8d 04 06 lea (%rsi,%r8,1),%eax
523: eb 04 jmp 529 <x86_emulate_memop+0x49c>
break;
case 3:
modrm_ea += bp + di;
525: 42 8d 04 01 lea (%rcx,%r8,1),%eax
529: 48 01 c2 add %rax,%rdx
52c: eb 2e jmp 55c <x86_emulate_memop+0x4cf>
break;
case 4:
modrm_ea += si;
52e: 44 89 e0 mov %r12d,%eax
531: eb e7 jmp 51a <x86_emulate_memop+0x48d>
break;
case 5:
modrm_ea += di;
533: 89 c8 mov %ecx,%eax
535: eb e3 jmp 51a <x86_emulate_memop+0x48d>
break;
case 6:
if (modrm_mod != 0)
537: 80 7c 24 0f 00 cmpb $0x0,0xf(%rsp)
modrm_ea += bp;
53c: 44 89 c0 mov %r8d,%eax
53f: 75 d9 jne 51a <x86_emulate_memop+0x48d>
541: eb 0c jmp 54f <x86_emulate_memop+0x4c2>
break;
case 7:
modrm_ea += bx;
543: 89 d8 mov %ebx,%eax
545: eb d3 jmp 51a <x86_emulate_memop+0x48d>
break;
}
if (modrm_rm == 2 || modrm_rm == 3 ||
547: 41 8d 46 fe lea 0xfffffffffffffffe(%r14),%eax
54b: 3c 01 cmp $0x1,%al
54d: 76 0d jbe 55c <x86_emulate_memop+0x4cf>
54f: 41 80 fe 06 cmp $0x6,%r14b
553: 75 1c jne 571 <x86_emulate_memop+0x4e4>
555: 80 7c 24 1f 00 cmpb $0x0,0x1f(%rsp)
55a: 74 15 je 571 <x86_emulate_memop+0x4e4>
(modrm_rm == 6 && modrm_mod != 0))
if (!override_base)
override_base = &ctxt->ss_base;
55c: 48 83 7c 24 40 00 cmpq $0x0,0x40(%rsp)
562: 49 8d 45 38 lea 0x38(%r13),%rax
566: 48 0f 45 44 24 40 cmovne 0x40(%rsp),%rax
56c: 48 89 44 24 40 mov %rax,0x40(%rsp)
modrm_ea = (u16)modrm_ea;
571: 0f b7 da movzwl %dx,%ebx
574: c7 44 24 5c 00 00 00 movl $0x0,0x5c(%rsp)
57b: 00
57c: e9 b0 01 00 00 jmpq 731 <x86_emulate_memop+0x6a4>
} else {
/* 32/64-bit ModR/M decode. */
switch (modrm_rm) {
581: 80 7c 24 3f 05 cmpb $0x5,0x3f(%rsp)
586: 0f b6 44 24 3f movzbl 0x3f(%rsp),%eax
58b: 0f 84 da 00 00 00 je 66b <x86_emulate_memop+0x5de>
591: 80 7c 24 3f 0c cmpb $0xc,0x3f(%rsp)
596: 74 0b je 5a3 <x86_emulate_memop+0x516>
598: 80 7c 24 3f 04 cmpb $0x4,0x3f(%rsp)
59d: 0f 85 ea 00 00 00 jne 68d <x86_emulate_memop+0x600>
case 4:
case 12:
sib = insn_fetch(u8, 1, _eip);
5a3: 4c 8b 04 24 mov (%rsp),%r8
5a7: 49 03 7d 20 add 0x20(%r13),%rdi
5ab: 4c 89 e9 mov %r13,%rcx
5ae: ba 01 00 00 00 mov $0x1,%edx
5b3: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
5ba: 00
5bb: 41 ff 10 callq *(%r8)
5be: 85 c0 test %eax,%eax
5c0: 0f 85 aa 04 00 00 jne a70 <x86_emulate_memop+0x9e3>
5c6: 44 8a a4 24 38 01 00 mov 0x138(%rsp),%r12b
5cd: 00
5ce: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
5d5: 00
index_reg |= (sib >> 3) & 7;
base_reg |= sib & 7;
5d6: 44 89 e0 mov %r12d,%eax
5d9: 48 ff c7 inc %rdi
5dc: 83 e0 07 and $0x7,%eax
5df: 48 89 bc 24 50 01 00 mov %rdi,0x150(%rsp)
5e6: 00
5e7: 09 d8 or %ebx,%eax
scale = sib >> 6;
switch (base_reg) {
5e9: 83 f8 05 cmp $0x5,%eax
5ec: 75 46 jne 634 <x86_emulate_memop+0x5a7>
case 5:
if (modrm_mod != 0)
5ee: 80 7c 24 1f 00 cmpb $0x0,0x1f(%rsp)
5f3: 74 0a je 5ff <x86_emulate_memop+0x572>
modrm_ea += _regs[base_reg];
5f5: 48 8b 9c 24 98 00 00 mov 0x98(%rsp),%rbx
5fc: 00
5fd: eb 3c jmp 63b <x86_emulate_memop+0x5ae>
else
modrm_ea += insn_fetch(s32, 4, _eip);
5ff: 48 8b 1c 24 mov (%rsp),%rbx
603: 49 03 7d 20 add 0x20(%r13),%rdi
607: 4c 89 e9 mov %r13,%rcx
60a: ba 04 00 00 00 mov $0x4,%edx
60f: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
616: 00
617: ff 13 callq *(%rbx)
619: 85 c0 test %eax,%eax
61b: 0f 85 4f 04 00 00 jne a70 <x86_emulate_memop+0x9e3>
621: 48 83 84 24 50 01 00 addq $0x4,0x150(%rsp)
628: 00 04
62a: 48 63 9c 24 38 01 00 movslq 0x138(%rsp),%rbx
631: 00
632: eb 07 jmp 63b <x86_emulate_memop+0x5ae>
break;
default:
modrm_ea += _regs[base_reg];
634: 48 98 cltq
636: 48 8b 5c c4 70 mov 0x70(%rsp,%rax,8),%rbx
63b: 44 88 e0 mov %r12b,%al
}
switch (index_reg) {
63e: c7 44 24 5c 00 00 00 movl $0x0,0x5c(%rsp)
645: 00
646: c0 e8 03 shr $0x3,%al
649: 83 e0 07 and $0x7,%eax
64c: 0b 44 24 58 or 0x58(%rsp),%eax
650: 83 f8 04 cmp $0x4,%eax
653: 74 47 je 69c <x86_emulate_memop+0x60f>
case 4:
break;
default:
modrm_ea += _regs[index_reg] << scale;
655: 48 98 cltq
657: 41 c0 ec 06 shr $0x6,%r12b
65b: 48 8b 44 c4 70 mov 0x70(%rsp,%rax,8),%rax
660: 44 88 e1 mov %r12b,%cl
663: 48 d3 e0 shl %cl,%rax
666: 48 01 c3 add %rax,%rbx
669: eb 31 jmp 69c <x86_emulate_memop+0x60f>
}
break;
case 5:
if (modrm_mod != 0)
66b: 80 7c 24 1f 00 cmpb $0x0,0x1f(%rsp)
670: 75 1b jne 68d <x86_emulate_memop+0x600>
modrm_ea += _regs[modrm_rm];
else if (mode == X86EMUL_MODE_PROT64)
672: 31 db xor %ebx,%ebx
674: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
679: c7 44 24 5c 01 00 00 movl $0x1,0x5c(%rsp)
680: 00
681: 74 6f je 6f2 <x86_emulate_memop+0x665>
683: c7 44 24 5c 00 00 00 movl $0x0,0x5c(%rsp)
68a: 00
68b: eb 65 jmp 6f2 <x86_emulate_memop+0x665>
rip_relative = 1;
break;
default:
modrm_ea += _regs[modrm_rm];
68d: 48 98 cltq
68f: 48 8b 5c c4 70 mov 0x70(%rsp,%rax,8),%rbx
694: c7 44 24 5c 00 00 00 movl $0x0,0x5c(%rsp)
69b: 00
break;
}
switch (modrm_mod) {
69c: 80 7c 24 1f 01 cmpb $0x1,0x1f(%rsp)
6a1: 74 11 je 6b4 <x86_emulate_memop+0x627>
6a3: 72 07 jb 6ac <x86_emulate_memop+0x61f>
6a5: 80 7c 24 1f 02 cmpb $0x2,0x1f(%rsp)
6aa: eb 04 jmp 6b0 <x86_emulate_memop+0x623>
case 0:
if (modrm_rm == 5)
6ac: 41 80 fe 05 cmp $0x5,%r14b
6b0: 75 7f jne 731 <x86_emulate_memop+0x6a4>
6b2: eb 3e jmp 6f2 <x86_emulate_memop+0x665>
modrm_ea += insn_fetch(s32, 4, _eip);
break;
case 1:
modrm_ea += insn_fetch(s8, 1, _eip);
6b4: 4c 8b 04 24 mov (%rsp),%r8
6b8: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
6bf: 00
6c0: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
6c7: 00
6c8: 49 03 7d 20 add 0x20(%r13),%rdi
6cc: 4c 89 e9 mov %r13,%rcx
6cf: ba 01 00 00 00 mov $0x1,%edx
6d4: 41 ff 10 callq *(%r8)
6d7: 85 c0 test %eax,%eax
6d9: 0f 85 91 03 00 00 jne a70 <x86_emulate_memop+0x9e3>
6df: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
6e6: 00
6e7: 48 0f be 84 24 38 01 movsbq 0x138(%rsp),%rax
6ee: 00 00
6f0: eb 3c jmp 72e <x86_emulate_memop+0x6a1>
break;
case 2:
modrm_ea += insn_fetch(s32, 4, _eip);
6f2: 4c 8b 04 24 mov (%rsp),%r8
6f6: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
6fd: 00
6fe: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
705: 00
706: 49 03 7d 20 add 0x20(%r13),%rdi
70a: 4c 89 e9 mov %r13,%rcx
70d: ba 04 00 00 00 mov $0x4,%edx
712: 41 ff 10 callq *(%r8)
715: 85 c0 test %eax,%eax
717: 0f 85 53 03 00 00 jne a70 <x86_emulate_memop+0x9e3>
71d: 48 83 84 24 50 01 00 addq $0x4,0x150(%rsp)
724: 00 04
726: 48 63 84 24 38 01 00 movslq 0x138(%rsp),%rax
72d: 00
72e: 48 01 c3 add %rax,%rbx
break;
}
}
if (!override_base)
override_base = &ctxt->ds_base;
731: 48 83 7c 24 40 00 cmpq $0x0,0x40(%rsp)
737: 49 8d 45 28 lea 0x28(%r13),%rax
73b: 48 0f 45 44 24 40 cmovne 0x40(%rsp),%rax
if (mode == X86EMUL_MODE_PROT64 &&
741: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
746: 48 89 44 24 40 mov %rax,0x40(%rsp)
74b: 75 21 jne 76e <x86_emulate_memop+0x6e1>
74d: 49 8d 45 48 lea 0x48(%r13),%rax
751: 48 39 44 24 40 cmp %rax,0x40(%rsp)
756: 74 16 je 76e <x86_emulate_memop+0x6e1>
758: 49 8d 45 40 lea 0x40(%r13),%rax
75c: 48 39 44 24 40 cmp %rax,0x40(%rsp)
761: 74 0b je 76e <x86_emulate_memop+0x6e1>
763: 48 c7 44 24 40 00 00 movq $0x0,0x40(%rsp)
76a: 00 00
76c: eb 10 jmp 77e <x86_emulate_memop+0x6f1>
override_base != &ctxt->fs_base &&
override_base != &ctxt->gs_base)
override_base = NULL;
if (override_base)
76e: 48 83 7c 24 40 00 cmpq $0x0,0x40(%rsp)
774: 74 08 je 77e <x86_emulate_memop+0x6f1>
modrm_ea += *override_base;
776: 48 8b 44 24 40 mov 0x40(%rsp),%rax
77b: 48 03 18 add (%rax),%rbx
if (rip_relative) {
77e: 83 7c 24 5c 00 cmpl $0x0,0x5c(%rsp)
783: 74 3b je 7c0 <x86_emulate_memop+0x733>
modrm_ea += _eip;
switch (d & SrcMask) {
785: 8b 44 24 18 mov 0x18(%rsp),%eax
789: 48 03 9c 24 50 01 00 add 0x150(%rsp),%rbx
790: 00
791: 83 e0 38 and $0x38,%eax
794: 83 f8 28 cmp $0x28,%eax
797: 74 07 je 7a0 <x86_emulate_memop+0x713>
799: 83 f8 30 cmp $0x30,%eax
79c: 75 22 jne 7c0 <x86_emulate_memop+0x733>
79e: eb 07 jmp 7a7 <x86_emulate_memop+0x71a>
case SrcImmByte:
modrm_ea += 1;
break;
case SrcImm:
if (d & ByteOp)
7a0: f6 44 24 18 01 testb $0x1,0x18(%rsp)
7a5: 74 05 je 7ac <x86_emulate_memop+0x71f>
modrm_ea += 1;
7a7: 48 ff c3 inc %rbx
7aa: eb 14 jmp 7c0 <x86_emulate_memop+0x733>
else
if (op_bytes == 8)
7ac: 83 7c 24 6c 08 cmpl $0x8,0x6c(%rsp)
7b1: 75 06 jne 7b9 <x86_emulate_memop+0x72c>
modrm_ea += 4;
7b3: 48 83 c3 04 add $0x4,%rbx
7b7: eb 07 jmp 7c0 <x86_emulate_memop+0x733>
else
modrm_ea += op_bytes;
7b9: 8b 44 24 6c mov 0x6c(%rsp),%eax
7bd: 48 01 c3 add %rax,%rbx
}
}
if (ad_bytes != 8)
7c0: 45 31 f6 xor %r14d,%r14d
7c3: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
7c8: 49 89 dc mov %rbx,%r12
7cb: 74 03 je 7d0 <x86_emulate_memop+0x743>
modrm_ea = (u32)modrm_ea;
7cd: 41 89 dc mov %ebx,%r12d
cr2 = modrm_ea;
modrm_done:
;
}
/*
* Decode and fetch the source operand: register, memory
* or immediate.
*/
switch (d & SrcMask) {
7d0: 8b 44 24 18 mov 0x18(%rsp),%eax
7d4: 83 e0 38 and $0x38,%eax
7d7: 83 f8 18 cmp $0x18,%eax
7da: 0f 84 d6 00 00 00 je 8b6 <x86_emulate_memop+0x829>
7e0: 77 13 ja 7f5 <x86_emulate_memop+0x768>
7e2: 83 f8 08 cmp $0x8,%eax
7e5: 74 2e je 815 <x86_emulate_memop+0x788>
7e7: 83 f8 10 cmp $0x10,%eax
7ea: 0f 85 a1 02 00 00 jne a91 <x86_emulate_memop+0xa04>
7f0: e9 db 00 00 00 jmpq 8d0 <x86_emulate_memop+0x843>
7f5: 83 f8 28 cmp $0x28,%eax
7f8: 0f 84 34 01 00 00 je 932 <x86_emulate_memop+0x8a5>
7fe: 83 f8 30 cmp $0x30,%eax
801: 0f 84 24 02 00 00 je a2b <x86_emulate_memop+0x99e>
807: 83 f8 20 cmp $0x20,%eax
80a: 0f 85 81 02 00 00 jne a91 <x86_emulate_memop+0xa04>
810: e9 ae 00 00 00 jmpq 8c3 <x86_emulate_memop+0x836>
case SrcNone:
break;
case SrcReg:
src.type = OP_REG;
if (d & ByteOp) {
815: f6 44 24 18 01 testb $0x1,0x18(%rsp)
81a: c7 84 24 10 01 00 00 movl $0x0,0x110(%rsp)
821: 00 00 00 00
825: 48 8d 74 24 70 lea 0x70(%rsp),%rsi
82a: 74 3f je 86b <x86_emulate_memop+0x7de>
src.ptr = decode_register(modrm_reg, _regs,
82c: 31 d2 xor %edx,%edx
82e: 80 7c 24 1e 00 cmpb $0x0,0x1e(%rsp)
833: 0f b6 7c 24 20 movzbl 0x20(%rsp),%edi
838: 0f 94 c2 sete %dl
83b: e8 c9 f7 ff ff callq 9 <decode_register>
840: 48 89 84 24 28 01 00 mov %rax,0x128(%rsp)
847: 00
(rex_prefix == 0));
src.val = src.orig_val = *(u8 *) src.ptr;
848: 0f b6 00 movzbl (%rax),%eax
src.bytes = 1;
84b: c7 84 24 14 01 00 00 movl $0x1,0x114(%rsp)
852: 01 00 00 00
856: 48 89 84 24 20 01 00 mov %rax,0x120(%rsp)
85d: 00
85e: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
865: 00
866: e9 26 02 00 00 jmpq a91 <x86_emulate_memop+0xa04>
} else {
src.ptr = decode_register(modrm_reg, _regs, 0);
86b: 0f b6 7c 24 20 movzbl 0x20(%rsp),%edi
870: 31 d2 xor %edx,%edx
872: e8 92 f7 ff ff callq 9 <decode_register>
switch ((src.bytes = op_bytes)) {
877: 8b 54 24 6c mov 0x6c(%rsp),%edx
87b: 48 89 84 24 28 01 00 mov %rax,0x128(%rsp)
882: 00
883: 83 fa 04 cmp $0x4,%edx
886: 89 94 24 14 01 00 00 mov %edx,0x114(%rsp)
88d: 74 13 je 8a2 <x86_emulate_memop+0x815>
88f: 83 fa 08 cmp $0x8,%edx
892: 74 1d je 8b1 <x86_emulate_memop+0x824>
894: 83 fa 02 cmp $0x2,%edx
897: 0f 85 f4 01 00 00 jne a91 <x86_emulate_memop+0xa04>
case 2:
src.val = src.orig_val = *(u16 *) src.ptr;
89d: 0f b7 00 movzwl (%rax),%eax
8a0: eb 02 jmp 8a4 <x86_emulate_memop+0x817>
break;
case 4:
src.val = src.orig_val = *(u32 *) src.ptr;
8a2: 8b 00 mov (%rax),%eax
8a4: 48 89 84 24 20 01 00 mov %rax,0x120(%rsp)
8ab: 00
8ac: e9 d8 01 00 00 jmpq a89 <x86_emulate_memop+0x9fc>
break;
case 8:
src.val = src.orig_val = *(u64 *) src.ptr;
8b1: 48 8b 00 mov (%rax),%rax
8b4: eb ee jmp 8a4 <x86_emulate_memop+0x817>
break;
}
}
break;
case SrcMem16:
src.bytes = 2;
8b6: c7 84 24 14 01 00 00 movl $0x2,0x114(%rsp)
8bd: 02 00 00 00
8c1: eb 23 jmp 8e6 <x86_emulate_memop+0x859>
goto srcmem_common;
case SrcMem32:
src.bytes = 4;
8c3: c7 84 24 14 01 00 00 movl $0x4,0x114(%rsp)
8ca: 04 00 00 00
8ce: eb 16 jmp 8e6 <x86_emulate_memop+0x859>
goto srcmem_common;
case SrcMem:
src.bytes = (d & ByteOp) ? 1 : op_bytes;
8d0: f6 44 24 18 01 testb $0x1,0x18(%rsp)
8d5: b8 01 00 00 00 mov $0x1,%eax
8da: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
8df: 89 84 24 14 01 00 00 mov %eax,0x114(%rsp)
srcmem_common:
src.type = OP_MEM;
src.ptr = (unsigned long *)cr2;
if ((rc = ops->read_emulated((unsigned long)src.ptr,
8e6: 48 8b 1c 24 mov (%rsp),%rbx
8ea: c7 84 24 10 01 00 00 movl $0x1,0x110(%rsp)
8f1: 01 00 00 00
8f5: 48 8d b4 24 18 01 00 lea 0x118(%rsp),%rsi
8fc: 00
8fd: 4c 89 a4 24 28 01 00 mov %r12,0x128(%rsp)
904: 00
905: 8b 94 24 14 01 00 00 mov 0x114(%rsp),%edx
90c: 4c 89 e9 mov %r13,%rcx
90f: 4c 89 e7 mov %r12,%rdi
912: ff 53 10 callq *0x10(%rbx)
915: 85 c0 test %eax,%eax
917: 0f 85 53 01 00 00 jne a70 <x86_emulate_memop+0x9e3>
&src.val, src.bytes, ctxt)) != 0)
goto done;
src.orig_val = src.val;
91d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
924: 00
925: 48 89 84 24 20 01 00 mov %rax,0x120(%rsp)
92c: 00
92d: e9 5f 01 00 00 jmpq a91 <x86_emulate_memop+0xa04>
break;
case SrcImm:
src.type = OP_IMM;
src.ptr = (unsigned long *)_eip;
src.bytes = (d & ByteOp) ? 1 : op_bytes;
932: f6 44 24 18 01 testb $0x1,0x18(%rsp)
937: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
93e: 00
93f: c7 84 24 10 01 00 00 movl $0x2,0x110(%rsp)
946: 02 00 00 00
94a: 48 89 bc 24 28 01 00 mov %rdi,0x128(%rsp)
951: 00
952: 0f 85 fe 31 00 00 jne 3b56 <x86_emulate_memop+0x3ac9>
958: 44 8b 44 24 6c mov 0x6c(%rsp),%r8d
if (src.bytes == 8)
95d: 41 83 f8 08 cmp $0x8,%r8d
961: 44 89 84 24 14 01 00 mov %r8d,0x114(%rsp)
968: 00
969: 75 0d jne 978 <x86_emulate_memop+0x8eb>
src.bytes = 4;
96b: c7 84 24 14 01 00 00 movl $0x4,0x114(%rsp)
972: 04 00 00 00
976: eb 7a jmp 9f2 <x86_emulate_memop+0x965>
/* NB. Immediates are sign-extended as necessary. */
switch (src.bytes) {
978: 83 7c 24 6c 02 cmpl $0x2,0x6c(%rsp)
97d: 74 39 je 9b8 <x86_emulate_memop+0x92b>
97f: 83 7c 24 6c 04 cmpl $0x4,0x6c(%rsp)
984: 74 6c je 9f2 <x86_emulate_memop+0x965>
986: 83 7c 24 6c 01 cmpl $0x1,0x6c(%rsp)
98b: 0f 85 00 01 00 00 jne a91 <x86_emulate_memop+0xa04>
case 1:
src.val = insn_fetch(s8, 1, _eip);
991: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
998: 00
999: 49 03 7d 20 add 0x20(%r13),%rdi
99d: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
9a4: 00
9a5: 48 8b 1c 24 mov (%rsp),%rbx
9a9: 4c 89 e9 mov %r13,%rcx
9ac: ba 01 00 00 00 mov $0x1,%edx
9b1: ff 13 callq *(%rbx)
9b3: e9 b4 00 00 00 jmpq a6c <x86_emulate_memop+0x9df>
break;
case 2:
src.val = insn_fetch(s16, 2, _eip);
9b8: 4c 8b 04 24 mov (%rsp),%r8
9bc: 49 03 7d 20 add 0x20(%r13),%rdi
9c0: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
9c7: 00
9c8: 4c 89 e9 mov %r13,%rcx
9cb: ba 02 00 00 00 mov $0x2,%edx
9d0: 41 ff 10 callq *(%r8)
9d3: 85 c0 test %eax,%eax
9d5: 0f 85 95 00 00 00 jne a70 <x86_emulate_memop+0x9e3>
9db: 48 83 84 24 50 01 00 addq $0x2,0x150(%rsp)
9e2: 00 02
9e4: 48 0f bf 84 24 38 01 movswq 0x138(%rsp),%rax
9eb: 00 00
9ed: e9 97 00 00 00 jmpq a89 <x86_emulate_memop+0x9fc>
break;
case 4:
src.val = insn_fetch(s32, 4, _eip);
9f2: 48 8b 1c 24 mov (%rsp),%rbx
9f6: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
9fd: 00
9fe: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
a05: 00
a06: 49 03 7d 20 add 0x20(%r13),%rdi
a0a: 4c 89 e9 mov %r13,%rcx
a0d: ba 04 00 00 00 mov $0x4,%edx
a12: ff 13 callq *(%rbx)
a14: 85 c0 test %eax,%eax
a16: 75 58 jne a70 <x86_emulate_memop+0x9e3>
a18: 48 83 84 24 50 01 00 addq $0x4,0x150(%rsp)
a1f: 00 04
a21: 48 63 84 24 38 01 00 movslq 0x138(%rsp),%rax
a28: 00
a29: eb 5e jmp a89 <x86_emulate_memop+0x9fc>
break;
}
break;
case SrcImmByte:
src.type = OP_IMM;
src.ptr = (unsigned long *)_eip;
a2b: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
a32: 00
src.bytes = 1;
src.val = insn_fetch(s8, 1, _eip);
a33: 4c 8b 04 24 mov (%rsp),%r8
a37: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
a3e: 00
a3f: c7 84 24 10 01 00 00 movl $0x2,0x110(%rsp)
a46: 02 00 00 00
a4a: c7 84 24 14 01 00 00 movl $0x1,0x114(%rsp)
a51: 01 00 00 00
a55: 4c 89 e9 mov %r13,%rcx
a58: ba 01 00 00 00 mov $0x1,%edx
a5d: 48 89 bc 24 28 01 00 mov %rdi,0x128(%rsp)
a64: 00
a65: 49 03 7d 20 add 0x20(%r13),%rdi
a69: 41 ff 10 callq *(%r8)
a6c: 85 c0 test %eax,%eax
a6e: 74 08 je a78 <x86_emulate_memop+0x9eb>
a70: 41 89 c7 mov %eax,%r15d
a73: e9 2c 21 00 00 jmpq 2ba4 <x86_emulate_memop+0x2b17>
a78: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
a7f: 00
a80: 48 0f be 84 24 38 01 movsbq 0x138(%rsp),%rax
a87: 00 00
a89: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
a90: 00
break;
}
/* Decode and fetch the destination operand: register or memory. */
switch (d & DstMask) {
a91: 8b 44 24 18 mov 0x18(%rsp),%eax
a95: 83 e0 06 and $0x6,%eax
a98: 83 f8 04 cmp $0x4,%eax
a9b: 74 17 je ab4 <x86_emulate_memop+0xa27>
a9d: 83 f8 06 cmp $0x6,%eax
aa0: 0f 84 ba 00 00 00 je b60 <x86_emulate_memop+0xad3>
aa6: 83 f8 02 cmp $0x2,%eax
aa9: 0f 85 2f 01 00 00 jne bde <x86_emulate_memop+0xb51>
aaf: e9 00 21 00 00 jmpq 2bb4 <x86_emulate_memop+0x2b27>
case ImplicitOps:
/* Special instructions do their own operand decoding. */
goto special_insn;
case DstReg:
dst.type = OP_REG;
if ((d & ByteOp)
ab4: f6 44 24 18 01 testb $0x1,0x18(%rsp)
ab9: c7 84 24 f0 00 00 00 movl $0x0,0xf0(%rsp)
ac0: 00 00 00 00
ac4: 74 4a je b10 <x86_emulate_memop+0xa83>
ac6: 80 7c 24 1d 00 cmpb $0x0,0x1d(%rsp)
acb: 74 07 je ad4 <x86_emulate_memop+0xa47>
acd: 8d 45 4a lea 0x4a(%rbp),%eax
ad0: 3c 01 cmp $0x1,%al
ad2: 76 3c jbe b10 <x86_emulate_memop+0xa83>
&& !(twobyte && (b == 0xb6 || b == 0xb7))) {
dst.ptr = decode_register(modrm_reg, _regs,
ad4: 31 d2 xor %edx,%edx
ad6: 80 7c 24 1e 00 cmpb $0x0,0x1e(%rsp)
adb: 0f b6 7c 24 20 movzbl 0x20(%rsp),%edi
ae0: 48 8d 74 24 70 lea 0x70(%rsp),%rsi
ae5: 0f 94 c2 sete %dl
ae8: e8 1c f5 ff ff callq 9 <decode_register>
aed: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
af4: 00
(rex_prefix == 0));
dst.val = *(u8 *) dst.ptr;
af5: 0f b6 00 movzbl (%rax),%eax
dst.bytes = 1;
af8: c7 84 24 f4 00 00 00 movl $0x1,0xf4(%rsp)
aff: 01 00 00 00
b03: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
b0a: 00
b0b: e9 ce 00 00 00 jmpq bde <x86_emulate_memop+0xb51>
} else {
dst.ptr = decode_register(modrm_reg, _regs, 0);
b10: 0f b6 7c 24 20 movzbl 0x20(%rsp),%edi
b15: 48 8d 74 24 70 lea 0x70(%rsp),%rsi
b1a: 31 d2 xor %edx,%edx
b1c: e8 e8 f4 ff ff callq 9 <decode_register>
switch ((dst.bytes = op_bytes)) {
b21: 8b 54 24 6c mov 0x6c(%rsp),%edx
b25: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
b2c: 00
b2d: 83 fa 04 cmp $0x4,%edx
b30: 89 94 24 f4 00 00 00 mov %edx,0xf4(%rsp)
b37: 74 13 je b4c <x86_emulate_memop+0xabf>
b39: 83 fa 08 cmp $0x8,%edx
b3c: 74 1d je b5b <x86_emulate_memop+0xace>
b3e: 83 fa 02 cmp $0x2,%edx
b41: 0f 85 97 00 00 00 jne bde <x86_emulate_memop+0xb51>
case 2:
dst.val = *(u16 *)dst.ptr;
b47: 0f b7 00 movzwl (%rax),%eax
b4a: eb 02 jmp b4e <x86_emulate_memop+0xac1>
break;
case 4:
dst.val = *(u32 *)dst.ptr;
b4c: 8b 00 mov (%rax),%eax
b4e: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
b55: 00
b56: e9 83 00 00 00 jmpq bde <x86_emulate_memop+0xb51>
break;
case 8:
dst.val = *(u64 *)dst.ptr;
b5b: 48 8b 00 mov (%rax),%rax
b5e: eb ee jmp b4e <x86_emulate_memop+0xac1>
break;
}
}
break;
case DstMem:
dst.type = OP_MEM;
dst.ptr = (unsigned long *)cr2;
dst.bytes = (d & ByteOp) ? 1 : op_bytes;
b60: f6 44 24 18 01 testb $0x1,0x18(%rsp)
b65: b8 01 00 00 00 mov $0x1,%eax
b6a: c7 84 24 f0 00 00 00 movl $0x1,0xf0(%rsp)
b71: 01 00 00 00
b75: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
if (d & BitOp) {
b7a: f7 44 24 18 00 01 00 testl $0x100,0x18(%rsp)
b81: 00
b82: 4c 89 a4 24 08 01 00 mov %r12,0x108(%rsp)
b89: 00
b8a: 89 84 24 f4 00 00 00 mov %eax,0xf4(%rsp)
b91: 74 18 je bab <x86_emulate_memop+0xb1e>
unsigned long mask = ~(dst.bytes * 8 - 1);
dst.ptr = (void *)dst.ptr + (src.val & mask) / 8;
b93: c1 e0 03 shl $0x3,%eax
b96: f7 d8 neg %eax
b98: 23 84 24 18 01 00 00 and 0x118(%rsp),%eax
b9f: 48 c1 e8 03 shr $0x3,%rax
ba3: 48 01 84 24 08 01 00 add %rax,0x108(%rsp)
baa: 00
}
if (!(d & Mov) && /* optimisation - avoid slow emulated read */
bab: 80 7c 24 18 00 cmpb $0x0,0x18(%rsp)
bb0: 78 2c js bde <x86_emulate_memop+0xb51>
bb2: 48 8b 1c 24 mov (%rsp),%rbx
bb6: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
bbd: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
bc4: 00
bc5: 48 8b bc 24 08 01 00 mov 0x108(%rsp),%rdi
bcc: 00
bcd: 4c 89 e9 mov %r13,%rcx
bd0: ff 53 10 callq *0x10(%rbx)
bd3: 85 c0 test %eax,%eax
bd5: 41 89 c7 mov %eax,%r15d
bd8: 0f 85 c6 1f 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
((rc = ops->read_emulated((unsigned long)dst.ptr,
&dst.val, dst.bytes, ctxt)) != 0))
goto done;
break;
}
dst.orig_val = dst.val;
if (twobyte)
bde: 80 7c 24 1d 00 cmpb $0x0,0x1d(%rsp)
be3: 48 8b 94 24 f8 00 00 mov 0xf8(%rsp),%rdx
bea: 00
beb: 48 89 94 24 00 01 00 mov %rdx,0x100(%rsp)
bf2: 00
bf3: 0f 85 2a 24 00 00 jne 3023 <x86_emulate_memop+0x2f96>
goto twobyte_insn;
switch (b) {
bf9: 40 80 fd 85 cmp $0x85,%bpl
bfd: 0f 87 b0 00 00 00 ja cb3 <x86_emulate_memop+0xc26>
c03: 40 80 fd 84 cmp $0x84,%bpl
c07: 0f 83 67 0c 00 00 jae 1874 <x86_emulate_memop+0x17e7>
c0d: 40 80 fd 25 cmp $0x25,%bpl
c11: 77 4d ja c60 <x86_emulate_memop+0xbd3>
c13: 40 80 fd 20 cmp $0x20,%bpl
c17: 0f 83 ac 06 00 00 jae 12c9 <x86_emulate_memop+0x123c>
c1d: 40 80 fd 0d cmp $0xd,%bpl
c21: 77 19 ja c3c <x86_emulate_memop+0xbaf>
c23: 40 80 fd 08 cmp $0x8,%bpl
c27: 0f 83 91 02 00 00 jae ebe <x86_emulate_memop+0xe31>
c2d: 40 80 fd 05 cmp $0x5,%bpl
c31: 0f 87 56 1e 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
c37: e9 25 01 00 00 jmpq d61 <x86_emulate_memop+0xcd4>
c3c: 40 80 fd 10 cmp $0x10,%bpl
c40: 0f 82 47 1e 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
c46: 40 80 fd 15 cmp $0x15,%bpl
c4a: 0f 86 cb 03 00 00 jbe 101b <x86_emulate_memop+0xf8e>
c50: 8d 45 e8 lea 0xffffffffffffffe8(%rbp),%eax
c53: 3c 05 cmp $0x5,%al
c55: 0f 87 32 1e 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
c5b: e9 18 05 00 00 jmpq 1178 <x86_emulate_memop+0x10eb>
c60: 40 80 fd 3d cmp $0x3d,%bpl
c64: 77 2e ja c94 <x86_emulate_memop+0xc07>
c66: 40 80 fd 38 cmp $0x38,%bpl
c6a: 0f 83 70 0a 00 00 jae 16e0 <x86_emulate_memop+0x1653>
c70: 40 80 fd 28 cmp $0x28,%bpl
c74: 0f 82 13 1e 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
c7a: 40 80 fd 2d cmp $0x2d,%bpl
c7e: 0f 86 a2 07 00 00 jbe 1426 <x86_emulate_memop+0x1399>
c84: 8d 45 d0 lea 0xffffffffffffffd0(%rbp),%eax
c87: 3c 05 cmp $0x5,%al
c89: 0f 87 fe 1d 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
c8f: e9 ef 08 00 00 jmpq 1583 <x86_emulate_memop+0x14f6>
c94: 40 80 fd 63 cmp $0x63,%bpl
c98: 0f 84 9f 0b 00 00 je 183d <x86_emulate_memop+0x17b0>
c9e: 0f 82 e9 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
ca4: 40 80 fd 80 cmp $0x80,%bpl
ca8: 0f 82 df 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
cae: e9 aa 0b 00 00 jmpq 185d <x86_emulate_memop+0x17d0>
cb3: 40 80 fd c1 cmp $0xc1,%bpl
cb7: 77 52 ja d0b <x86_emulate_memop+0xc7e>
cb9: 40 80 fd c0 cmp $0xc0,%bpl
cbd: 0f 83 98 0e 00 00 jae 1b5b <x86_emulate_memop+0x1ace>
cc3: 40 80 fd 8f cmp $0x8f,%bpl
cc7: 0f 84 ce 0d 00 00 je 1a9b <x86_emulate_memop+0x1a0e>
ccd: 77 19 ja ce8 <x86_emulate_memop+0xc5b>
ccf: 40 80 fd 87 cmp $0x87,%bpl
cd3: 0f 86 ec 0c 00 00 jbe 19c5 <x86_emulate_memop+0x1938>
cd9: 40 80 fd 8b cmp $0x8b,%bpl
cdd: 0f 87 aa 1d 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
ce3: e9 9e 0d 00 00 jmpq 1a86 <x86_emulate_memop+0x19f9>
ce8: 40 80 fd a0 cmp $0xa0,%bpl
cec: 0f 82 9b 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
cf2: 40 80 fd a1 cmp $0xa1,%bpl
cf6: 0f 86 3e 0d 00 00 jbe 1a3a <x86_emulate_memop+0x19ad>
cfc: 40 80 fd a3 cmp $0xa3,%bpl
d00: 0f 87 87 1d 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
d06: e9 5d 0d 00 00 jmpq 1a68 <x86_emulate_memop+0x19db>
d0b: 40 80 fd d3 cmp $0xd3,%bpl
d0f: 77 2d ja d3e <x86_emulate_memop+0xcb1>
d11: 40 80 fd d2 cmp $0xd2,%bpl
d15: 0f 83 76 17 00 00 jae 2491 <x86_emulate_memop+0x2404>
d1b: 40 80 fd c6 cmp $0xc6,%bpl
d1f: 0f 82 68 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
d25: 40 80 fd c7 cmp $0xc7,%bpl
d29: 0f 86 57 0d 00 00 jbe 1a86 <x86_emulate_memop+0x19f9>
d2f: 40 80 fd d0 cmp $0xd0,%bpl
d33: 0f 82 54 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
d39: e9 42 17 00 00 jmpq 2480 <x86_emulate_memop+0x23f3>
d3e: 40 80 fd f6 cmp $0xf6,%bpl
d42: 0f 82 45 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
d48: 40 80 fd f7 cmp $0xf7,%bpl
d4c: 0f 86 51 17 00 00 jbe 24a3 <x86_emulate_memop+0x2416>
d52: 40 80 fd fe cmp $0xfe,%bpl
d56: 0f 82 31 1d 00 00 jb 2a8d <x86_emulate_memop+0x2a00>
d5c: e9 ce 19 00 00 jmpq 272f <x86_emulate_memop+0x26a2>
case 0x00 ... 0x05:
add: /* add */
emulate_2op_SrcV("add", src, dst, _eflags);
d61: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
d68: 83 f8 01 cmp $0x1,%eax
d6b: 75 4b jne db8 <x86_emulate_memop+0xd2b>
d6d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
d74: 00
d75: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
d7c: bd d5 08 00 00 mov $0x8d5,%ebp
d81: 21 2c 24 and %ebp,(%rsp)
d84: 9c pushfq
d85: f7 d5 not %ebp
d87: 21 2c 24 and %ebp,(%rsp)
d8a: 5d pop %rbp
d8b: 09 2c 24 or %ebp,(%rsp)
d8e: 9d popfq
d8f: bd d5 08 00 00 mov $0x8d5,%ebp
d94: f7 d5 not %ebp
d96: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
d9d: 00 84 24 f8 00 00 00 add %al,0xf8(%rsp)
da4: 9c pushfq
da5: 5d pop %rbp
da6: 81 e5 d5 08 00 00 and $0x8d5,%ebp
dac: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
db3: e9 d5 1c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
db8: 83 f8 04 cmp $0x4,%eax
dbb: 74 6a je e27 <x86_emulate_memop+0xd9a>
dbd: 83 f8 08 cmp $0x8,%eax
dc0: 0f 84 ac 00 00 00 je e72 <x86_emulate_memop+0xde5>
dc6: 83 f8 02 cmp $0x2,%eax
dc9: 0f 85 be 1c 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
dcf: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
dd6: 00
dd7: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
dde: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
de4: 44 21 04 24 and %r8d,(%rsp)
de8: 9c pushfq
de9: 41 f7 d0 not %r8d
dec: 44 21 04 24 and %r8d,(%rsp)
df0: 41 58 pop %r8
df2: 44 09 04 24 or %r8d,(%rsp)
df6: 9d popfq
df7: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
dfd: 41 f7 d0 not %r8d
e00: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
e07: 00
e08: 66 01 84 24 f8 00 00 add %ax,0xf8(%rsp)
e0f: 00
e10: 9c pushfq
e11: 41 58 pop %r8
e13: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
e1a: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
e21: 00
e22: e9 66 1c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
e27: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
e2e: 00
e2f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
e36: ba d5 08 00 00 mov $0x8d5,%edx
e3b: 21 14 24 and %edx,(%rsp)
e3e: 9c pushfq
e3f: f7 d2 not %edx
e41: 21 14 24 and %edx,(%rsp)
e44: 5a pop %rdx
e45: 09 14 24 or %edx,(%rsp)
e48: 9d popfq
e49: ba d5 08 00 00 mov $0x8d5,%edx
e4e: f7 d2 not %edx
e50: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
e57: 01 84 24 f8 00 00 00 add %eax,0xf8(%rsp)
e5e: 9c pushfq
e5f: 5a pop %rdx
e60: 81 e2 d5 08 00 00 and $0x8d5,%edx
e66: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
e6d: e9 1b 1c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
e72: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
e79: 00
e7a: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
e81: b9 d5 08 00 00 mov $0x8d5,%ecx
e86: 21 0c 24 and %ecx,(%rsp)
e89: 9c pushfq
e8a: f7 d1 not %ecx
e8c: 21 0c 24 and %ecx,(%rsp)
e8f: 59 pop %rcx
e90: 09 0c 24 or %ecx,(%rsp)
e93: 9d popfq
e94: b9 d5 08 00 00 mov $0x8d5,%ecx
e99: f7 d1 not %ecx
e9b: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
ea2: 48 01 84 24 f8 00 00 add %rax,0xf8(%rsp)
ea9: 00
eaa: 9c pushfq
eab: 59 pop %rcx
eac: 81 e1 d5 08 00 00 and $0x8d5,%ecx
eb2: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
eb9: e9 cf 1b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x08 ... 0x0d:
or: /* or */
emulate_2op_SrcV("or", src, dst, _eflags);
ebe: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
ec5: 83 f8 01 cmp $0x1,%eax
ec8: 75 4b jne f15 <x86_emulate_memop+0xe88>
eca: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
ed1: 00
ed2: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
ed9: bb d5 08 00 00 mov $0x8d5,%ebx
ede: 21 1c 24 and %ebx,(%rsp)
ee1: 9c pushfq
ee2: f7 d3 not %ebx
ee4: 21 1c 24 and %ebx,(%rsp)
ee7: 5b pop %rbx
ee8: 09 1c 24 or %ebx,(%rsp)
eeb: 9d popfq
eec: bb d5 08 00 00 mov $0x8d5,%ebx
ef1: f7 d3 not %ebx
ef3: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
efa: 08 84 24 f8 00 00 00 or %al,0xf8(%rsp)
f01: 9c pushfq
f02: 5b pop %rbx
f03: 81 e3 d5 08 00 00 and $0x8d5,%ebx
f09: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
f10: e9 78 1b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
f15: 83 f8 04 cmp $0x4,%eax
f18: 74 5e je f78 <x86_emulate_memop+0xeeb>
f1a: 83 f8 08 cmp $0x8,%eax
f1d: 0f 84 ac 00 00 00 je fcf <x86_emulate_memop+0xf42>
f23: 83 f8 02 cmp $0x2,%eax
f26: 0f 85 61 1b 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
f2c: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
f33: 00
f34: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
f3b: bd d5 08 00 00 mov $0x8d5,%ebp
f40: 21 2c 24 and %ebp,(%rsp)
f43: 9c pushfq
f44: f7 d5 not %ebp
f46: 21 2c 24 and %ebp,(%rsp)
f49: 5d pop %rbp
f4a: 09 2c 24 or %ebp,(%rsp)
f4d: 9d popfq
f4e: bd d5 08 00 00 mov $0x8d5,%ebp
f53: f7 d5 not %ebp
f55: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
f5c: 66 09 84 24 f8 00 00 or %ax,0xf8(%rsp)
f63: 00
f64: 9c pushfq
f65: 5d pop %rbp
f66: 81 e5 d5 08 00 00 and $0x8d5,%ebp
f6c: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
f73: e9 15 1b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
f78: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
f7f: 00
f80: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
f87: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
f8d: 44 21 04 24 and %r8d,(%rsp)
f91: 9c pushfq
f92: 41 f7 d0 not %r8d
f95: 44 21 04 24 and %r8d,(%rsp)
f99: 41 58 pop %r8
f9b: 44 09 04 24 or %r8d,(%rsp)
f9f: 9d popfq
fa0: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
fa6: 41 f7 d0 not %r8d
fa9: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
fb0: 00
fb1: 09 84 24 f8 00 00 00 or %eax,0xf8(%rsp)
fb8: 9c pushfq
fb9: 41 58 pop %r8
fbb: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
fc2: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
fc9: 00
fca: e9 be 1a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
fcf: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
fd6: 00
fd7: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
fde: ba d5 08 00 00 mov $0x8d5,%edx
fe3: 21 14 24 and %edx,(%rsp)
fe6: 9c pushfq
fe7: f7 d2 not %edx
fe9: 21 14 24 and %edx,(%rsp)
fec: 5a pop %rdx
fed: 09 14 24 or %edx,(%rsp)
ff0: 9d popfq
ff1: ba d5 08 00 00 mov $0x8d5,%edx
ff6: f7 d2 not %edx
ff8: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
fff: 48 09 84 24 f8 00 00 or %rax,0xf8(%rsp)
1006: 00
1007: 9c pushfq
1008: 5a pop %rdx
1009: 81 e2 d5 08 00 00 and $0x8d5,%edx
100f: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
1016: e9 72 1a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x10 ... 0x15:
adc: /* adc */
emulate_2op_SrcV("adc", src, dst, _eflags);
101b: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
1022: 83 f8 01 cmp $0x1,%eax
1025: 75 4b jne 1072 <x86_emulate_memop+0xfe5>
1027: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
102e: 00
102f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1036: b9 d5 08 00 00 mov $0x8d5,%ecx
103b: 21 0c 24 and %ecx,(%rsp)
103e: 9c pushfq
103f: f7 d1 not %ecx
1041: 21 0c 24 and %ecx,(%rsp)
1044: 59 pop %rcx
1045: 09 0c 24 or %ecx,(%rsp)
1048: 9d popfq
1049: b9 d5 08 00 00 mov $0x8d5,%ecx
104e: f7 d1 not %ecx
1050: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
1057: 10 84 24 f8 00 00 00 adc %al,0xf8(%rsp)
105e: 9c pushfq
105f: 59 pop %rcx
1060: 81 e1 d5 08 00 00 and $0x8d5,%ecx
1066: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
106d: e9 1b 1a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1072: 83 f8 04 cmp $0x4,%eax
1075: 74 5e je 10d5 <x86_emulate_memop+0x1048>
1077: 83 f8 08 cmp $0x8,%eax
107a: 0f 84 a0 00 00 00 je 1120 <x86_emulate_memop+0x1093>
1080: 83 f8 02 cmp $0x2,%eax
1083: 0f 85 04 1a 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1089: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1090: 00
1091: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1098: bb d5 08 00 00 mov $0x8d5,%ebx
109d: 21 1c 24 and %ebx,(%rsp)
10a0: 9c pushfq
10a1: f7 d3 not %ebx
10a3: 21 1c 24 and %ebx,(%rsp)
10a6: 5b pop %rbx
10a7: 09 1c 24 or %ebx,(%rsp)
10aa: 9d popfq
10ab: bb d5 08 00 00 mov $0x8d5,%ebx
10b0: f7 d3 not %ebx
10b2: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
10b9: 66 11 84 24 f8 00 00 adc %ax,0xf8(%rsp)
10c0: 00
10c1: 9c pushfq
10c2: 5b pop %rbx
10c3: 81 e3 d5 08 00 00 and $0x8d5,%ebx
10c9: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
10d0: e9 b8 19 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
10d5: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
10dc: 00
10dd: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
10e4: bd d5 08 00 00 mov $0x8d5,%ebp
10e9: 21 2c 24 and %ebp,(%rsp)
10ec: 9c pushfq
10ed: f7 d5 not %ebp
10ef: 21 2c 24 and %ebp,(%rsp)
10f2: 5d pop %rbp
10f3: 09 2c 24 or %ebp,(%rsp)
10f6: 9d popfq
10f7: bd d5 08 00 00 mov $0x8d5,%ebp
10fc: f7 d5 not %ebp
10fe: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
1105: 11 84 24 f8 00 00 00 adc %eax,0xf8(%rsp)
110c: 9c pushfq
110d: 5d pop %rbp
110e: 81 e5 d5 08 00 00 and $0x8d5,%ebp
1114: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
111b: e9 6d 19 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1120: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1127: 00
1128: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
112f: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
1135: 44 21 04 24 and %r8d,(%rsp)
1139: 9c pushfq
113a: 41 f7 d0 not %r8d
113d: 44 21 04 24 and %r8d,(%rsp)
1141: 41 58 pop %r8
1143: 44 09 04 24 or %r8d,(%rsp)
1147: 9d popfq
1148: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
114e: 41 f7 d0 not %r8d
1151: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
1158: 00
1159: 48 11 84 24 f8 00 00 adc %rax,0xf8(%rsp)
1160: 00
1161: 9c pushfq
1162: 41 58 pop %r8
1164: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
116b: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
1172: 00
1173: e9 15 19 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x18 ... 0x1d:
sbb: /* sbb */
emulate_2op_SrcV("sbb", src, dst, _eflags);
1178: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
117f: 83 f8 01 cmp $0x1,%eax
1182: 75 4b jne 11cf <x86_emulate_memop+0x1142>
1184: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
118b: 00
118c: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1193: ba d5 08 00 00 mov $0x8d5,%edx
1198: 21 14 24 and %edx,(%rsp)
119b: 9c pushfq
119c: f7 d2 not %edx
119e: 21 14 24 and %edx,(%rsp)
11a1: 5a pop %rdx
11a2: 09 14 24 or %edx,(%rsp)
11a5: 9d popfq
11a6: ba d5 08 00 00 mov $0x8d5,%edx
11ab: f7 d2 not %edx
11ad: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
11b4: 18 84 24 f8 00 00 00 sbb %al,0xf8(%rsp)
11bb: 9c pushfq
11bc: 5a pop %rdx
11bd: 81 e2 d5 08 00 00 and $0x8d5,%edx
11c3: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
11ca: e9 be 18 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
11cf: 83 f8 04 cmp $0x4,%eax
11d2: 74 5e je 1232 <x86_emulate_memop+0x11a5>
11d4: 83 f8 08 cmp $0x8,%eax
11d7: 0f 84 a0 00 00 00 je 127d <x86_emulate_memop+0x11f0>
11dd: 83 f8 02 cmp $0x2,%eax
11e0: 0f 85 a7 18 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
11e6: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
11ed: 00
11ee: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
11f5: b9 d5 08 00 00 mov $0x8d5,%ecx
11fa: 21 0c 24 and %ecx,(%rsp)
11fd: 9c pushfq
11fe: f7 d1 not %ecx
1200: 21 0c 24 and %ecx,(%rsp)
1203: 59 pop %rcx
1204: 09 0c 24 or %ecx,(%rsp)
1207: 9d popfq
1208: b9 d5 08 00 00 mov $0x8d5,%ecx
120d: f7 d1 not %ecx
120f: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
1216: 66 19 84 24 f8 00 00 sbb %ax,0xf8(%rsp)
121d: 00
121e: 9c pushfq
121f: 59 pop %rcx
1220: 81 e1 d5 08 00 00 and $0x8d5,%ecx
1226: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
122d: e9 5b 18 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1232: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1239: 00
123a: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1241: bb d5 08 00 00 mov $0x8d5,%ebx
1246: 21 1c 24 and %ebx,(%rsp)
1249: 9c pushfq
124a: f7 d3 not %ebx
124c: 21 1c 24 and %ebx,(%rsp)
124f: 5b pop %rbx
1250: 09 1c 24 or %ebx,(%rsp)
1253: 9d popfq
1254: bb d5 08 00 00 mov $0x8d5,%ebx
1259: f7 d3 not %ebx
125b: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
1262: 19 84 24 f8 00 00 00 sbb %eax,0xf8(%rsp)
1269: 9c pushfq
126a: 5b pop %rbx
126b: 81 e3 d5 08 00 00 and $0x8d5,%ebx
1271: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
1278: e9 10 18 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
127d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1284: 00
1285: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
128c: bd d5 08 00 00 mov $0x8d5,%ebp
1291: 21 2c 24 and %ebp,(%rsp)
1294: 9c pushfq
1295: f7 d5 not %ebp
1297: 21 2c 24 and %ebp,(%rsp)
129a: 5d pop %rbp
129b: 09 2c 24 or %ebp,(%rsp)
129e: 9d popfq
129f: bd d5 08 00 00 mov $0x8d5,%ebp
12a4: f7 d5 not %ebp
12a6: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
12ad: 48 19 84 24 f8 00 00 sbb %rax,0xf8(%rsp)
12b4: 00
12b5: 9c pushfq
12b6: 5d pop %rbp
12b7: 81 e5 d5 08 00 00 and $0x8d5,%ebp
12bd: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
12c4: e9 c4 17 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x20 ... 0x25:
and: /* and */
emulate_2op_SrcV("and", src, dst, _eflags);
12c9: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
12d0: 83 f8 01 cmp $0x1,%eax
12d3: 75 57 jne 132c <x86_emulate_memop+0x129f>
12d5: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
12dc: 00
12dd: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
12e4: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
12ea: 44 21 04 24 and %r8d,(%rsp)
12ee: 9c pushfq
12ef: 41 f7 d0 not %r8d
12f2: 44 21 04 24 and %r8d,(%rsp)
12f6: 41 58 pop %r8
12f8: 44 09 04 24 or %r8d,(%rsp)
12fc: 9d popfq
12fd: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
1303: 41 f7 d0 not %r8d
1306: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
130d: 00
130e: 20 84 24 f8 00 00 00 and %al,0xf8(%rsp)
1315: 9c pushfq
1316: 41 58 pop %r8
1318: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
131f: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
1326: 00
1327: e9 61 17 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
132c: 83 f8 04 cmp $0x4,%eax
132f: 74 5e je 138f <x86_emulate_memop+0x1302>
1331: 83 f8 08 cmp $0x8,%eax
1334: 0f 84 a0 00 00 00 je 13da <x86_emulate_memop+0x134d>
133a: 83 f8 02 cmp $0x2,%eax
133d: 0f 85 4a 17 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1343: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
134a: 00
134b: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1352: ba d5 08 00 00 mov $0x8d5,%edx
1357: 21 14 24 and %edx,(%rsp)
135a: 9c pushfq
135b: f7 d2 not %edx
135d: 21 14 24 and %edx,(%rsp)
1360: 5a pop %rdx
1361: 09 14 24 or %edx,(%rsp)
1364: 9d popfq
1365: ba d5 08 00 00 mov $0x8d5,%edx
136a: f7 d2 not %edx
136c: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
1373: 66 21 84 24 f8 00 00 and %ax,0xf8(%rsp)
137a: 00
137b: 9c pushfq
137c: 5a pop %rdx
137d: 81 e2 d5 08 00 00 and $0x8d5,%edx
1383: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
138a: e9 fe 16 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
138f: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1396: 00
1397: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
139e: b9 d5 08 00 00 mov $0x8d5,%ecx
13a3: 21 0c 24 and %ecx,(%rsp)
13a6: 9c pushfq
13a7: f7 d1 not %ecx
13a9: 21 0c 24 and %ecx,(%rsp)
13ac: 59 pop %rcx
13ad: 09 0c 24 or %ecx,(%rsp)
13b0: 9d popfq
13b1: b9 d5 08 00 00 mov $0x8d5,%ecx
13b6: f7 d1 not %ecx
13b8: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
13bf: 21 84 24 f8 00 00 00 and %eax,0xf8(%rsp)
13c6: 9c pushfq
13c7: 59 pop %rcx
13c8: 81 e1 d5 08 00 00 and $0x8d5,%ecx
13ce: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
13d5: e9 b3 16 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
13da: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
13e1: 00
13e2: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
13e9: bb d5 08 00 00 mov $0x8d5,%ebx
13ee: 21 1c 24 and %ebx,(%rsp)
13f1: 9c pushfq
13f2: f7 d3 not %ebx
13f4: 21 1c 24 and %ebx,(%rsp)
13f7: 5b pop %rbx
13f8: 09 1c 24 or %ebx,(%rsp)
13fb: 9d popfq
13fc: bb d5 08 00 00 mov $0x8d5,%ebx
1401: f7 d3 not %ebx
1403: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
140a: 48 21 84 24 f8 00 00 and %rax,0xf8(%rsp)
1411: 00
1412: 9c pushfq
1413: 5b pop %rbx
1414: 81 e3 d5 08 00 00 and $0x8d5,%ebx
141a: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
1421: e9 67 16 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x28 ... 0x2d:
sub: /* sub */
emulate_2op_SrcV("sub", src, dst, _eflags);
1426: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
142d: 83 f8 01 cmp $0x1,%eax
1430: 75 4b jne 147d <x86_emulate_memop+0x13f0>
1432: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1439: 00
143a: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1441: bd d5 08 00 00 mov $0x8d5,%ebp
1446: 21 2c 24 and %ebp,(%rsp)
1449: 9c pushfq
144a: f7 d5 not %ebp
144c: 21 2c 24 and %ebp,(%rsp)
144f: 5d pop %rbp
1450: 09 2c 24 or %ebp,(%rsp)
1453: 9d popfq
1454: bd d5 08 00 00 mov $0x8d5,%ebp
1459: f7 d5 not %ebp
145b: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
1462: 28 84 24 f8 00 00 00 sub %al,0xf8(%rsp)
1469: 9c pushfq
146a: 5d pop %rbp
146b: 81 e5 d5 08 00 00 and $0x8d5,%ebp
1471: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
1478: e9 10 16 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
147d: 83 f8 04 cmp $0x4,%eax
1480: 74 6a je 14ec <x86_emulate_memop+0x145f>
1482: 83 f8 08 cmp $0x8,%eax
1485: 0f 84 ac 00 00 00 je 1537 <x86_emulate_memop+0x14aa>
148b: 83 f8 02 cmp $0x2,%eax
148e: 0f 85 f9 15 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1494: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
149b: 00
149c: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
14a3: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
14a9: 44 21 04 24 and %r8d,(%rsp)
14ad: 9c pushfq
14ae: 41 f7 d0 not %r8d
14b1: 44 21 04 24 and %r8d,(%rsp)
14b5: 41 58 pop %r8
14b7: 44 09 04 24 or %r8d,(%rsp)
14bb: 9d popfq
14bc: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
14c2: 41 f7 d0 not %r8d
14c5: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
14cc: 00
14cd: 66 29 84 24 f8 00 00 sub %ax,0xf8(%rsp)
14d4: 00
14d5: 9c pushfq
14d6: 41 58 pop %r8
14d8: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
14df: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
14e6: 00
14e7: e9 a1 15 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
14ec: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
14f3: 00
14f4: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
14fb: ba d5 08 00 00 mov $0x8d5,%edx
1500: 21 14 24 and %edx,(%rsp)
1503: 9c pushfq
1504: f7 d2 not %edx
1506: 21 14 24 and %edx,(%rsp)
1509: 5a pop %rdx
150a: 09 14 24 or %edx,(%rsp)
150d: 9d popfq
150e: ba d5 08 00 00 mov $0x8d5,%edx
1513: f7 d2 not %edx
1515: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
151c: 29 84 24 f8 00 00 00 sub %eax,0xf8(%rsp)
1523: 9c pushfq
1524: 5a pop %rdx
1525: 81 e2 d5 08 00 00 and $0x8d5,%edx
152b: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
1532: e9 56 15 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1537: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
153e: 00
153f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1546: b9 d5 08 00 00 mov $0x8d5,%ecx
154b: 21 0c 24 and %ecx,(%rsp)
154e: 9c pushfq
154f: f7 d1 not %ecx
1551: 21 0c 24 and %ecx,(%rsp)
1554: 59 pop %rcx
1555: 09 0c 24 or %ecx,(%rsp)
1558: 9d popfq
1559: b9 d5 08 00 00 mov $0x8d5,%ecx
155e: f7 d1 not %ecx
1560: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
1567: 48 29 84 24 f8 00 00 sub %rax,0xf8(%rsp)
156e: 00
156f: 9c pushfq
1570: 59 pop %rcx
1571: 81 e1 d5 08 00 00 and $0x8d5,%ecx
1577: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
157e: e9 0a 15 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x30 ... 0x35:
xor: /* xor */
emulate_2op_SrcV("xor", src, dst, _eflags);
1583: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
158a: 83 f8 01 cmp $0x1,%eax
158d: 75 4b jne 15da <x86_emulate_memop+0x154d>
158f: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1596: 00
1597: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
159e: bb d5 08 00 00 mov $0x8d5,%ebx
15a3: 21 1c 24 and %ebx,(%rsp)
15a6: 9c pushfq
15a7: f7 d3 not %ebx
15a9: 21 1c 24 and %ebx,(%rsp)
15ac: 5b pop %rbx
15ad: 09 1c 24 or %ebx,(%rsp)
15b0: 9d popfq
15b1: bb d5 08 00 00 mov $0x8d5,%ebx
15b6: f7 d3 not %ebx
15b8: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
15bf: 30 84 24 f8 00 00 00 xor %al,0xf8(%rsp)
15c6: 9c pushfq
15c7: 5b pop %rbx
15c8: 81 e3 d5 08 00 00 and $0x8d5,%ebx
15ce: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
15d5: e9 b3 14 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
15da: 83 f8 04 cmp $0x4,%eax
15dd: 74 5e je 163d <x86_emulate_memop+0x15b0>
15df: 83 f8 08 cmp $0x8,%eax
15e2: 0f 84 ac 00 00 00 je 1694 <x86_emulate_memop+0x1607>
15e8: 83 f8 02 cmp $0x2,%eax
15eb: 0f 85 9c 14 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
15f1: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
15f8: 00
15f9: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1600: bd d5 08 00 00 mov $0x8d5,%ebp
1605: 21 2c 24 and %ebp,(%rsp)
1608: 9c pushfq
1609: f7 d5 not %ebp
160b: 21 2c 24 and %ebp,(%rsp)
160e: 5d pop %rbp
160f: 09 2c 24 or %ebp,(%rsp)
1612: 9d popfq
1613: bd d5 08 00 00 mov $0x8d5,%ebp
1618: f7 d5 not %ebp
161a: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
1621: 66 31 84 24 f8 00 00 xor %ax,0xf8(%rsp)
1628: 00
1629: 9c pushfq
162a: 5d pop %rbp
162b: 81 e5 d5 08 00 00 and $0x8d5,%ebp
1631: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
1638: e9 50 14 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
163d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1644: 00
1645: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
164c: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
1652: 44 21 04 24 and %r8d,(%rsp)
1656: 9c pushfq
1657: 41 f7 d0 not %r8d
165a: 44 21 04 24 and %r8d,(%rsp)
165e: 41 58 pop %r8
1660: 44 09 04 24 or %r8d,(%rsp)
1664: 9d popfq
1665: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
166b: 41 f7 d0 not %r8d
166e: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
1675: 00
1676: 31 84 24 f8 00 00 00 xor %eax,0xf8(%rsp)
167d: 9c pushfq
167e: 41 58 pop %r8
1680: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
1687: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
168e: 00
168f: e9 f9 13 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1694: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
169b: 00
169c: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
16a3: ba d5 08 00 00 mov $0x8d5,%edx
16a8: 21 14 24 and %edx,(%rsp)
16ab: 9c pushfq
16ac: f7 d2 not %edx
16ae: 21 14 24 and %edx,(%rsp)
16b1: 5a pop %rdx
16b2: 09 14 24 or %edx,(%rsp)
16b5: 9d popfq
16b6: ba d5 08 00 00 mov $0x8d5,%edx
16bb: f7 d2 not %edx
16bd: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
16c4: 48 31 84 24 f8 00 00 xor %rax,0xf8(%rsp)
16cb: 00
16cc: 9c pushfq
16cd: 5a pop %rdx
16ce: 81 e2 d5 08 00 00 and $0x8d5,%edx
16d4: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
16db: e9 ad 13 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x38 ... 0x3d:
cmp: /* cmp */
emulate_2op_SrcV("cmp", src, dst, _eflags);
16e0: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
16e7: 83 f8 01 cmp $0x1,%eax
16ea: 75 4b jne 1737 <x86_emulate_memop+0x16aa>
16ec: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
16f3: 00
16f4: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
16fb: b9 d5 08 00 00 mov $0x8d5,%ecx
1700: 21 0c 24 and %ecx,(%rsp)
1703: 9c pushfq
1704: f7 d1 not %ecx
1706: 21 0c 24 and %ecx,(%rsp)
1709: 59 pop %rcx
170a: 09 0c 24 or %ecx,(%rsp)
170d: 9d popfq
170e: b9 d5 08 00 00 mov $0x8d5,%ecx
1713: f7 d1 not %ecx
1715: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
171c: 38 84 24 f8 00 00 00 cmp %al,0xf8(%rsp)
1723: 9c pushfq
1724: 59 pop %rcx
1725: 81 e1 d5 08 00 00 and $0x8d5,%ecx
172b: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
1732: e9 56 13 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1737: 83 f8 04 cmp $0x4,%eax
173a: 74 5e je 179a <x86_emulate_memop+0x170d>
173c: 83 f8 08 cmp $0x8,%eax
173f: 0f 84 a0 00 00 00 je 17e5 <x86_emulate_memop+0x1758>
1745: 83 f8 02 cmp $0x2,%eax
1748: 0f 85 3f 13 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
174e: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1755: 00
1756: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
175d: bb d5 08 00 00 mov $0x8d5,%ebx
1762: 21 1c 24 and %ebx,(%rsp)
1765: 9c pushfq
1766: f7 d3 not %ebx
1768: 21 1c 24 and %ebx,(%rsp)
176b: 5b pop %rbx
176c: 09 1c 24 or %ebx,(%rsp)
176f: 9d popfq
1770: bb d5 08 00 00 mov $0x8d5,%ebx
1775: f7 d3 not %ebx
1777: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
177e: 66 39 84 24 f8 00 00 cmp %ax,0xf8(%rsp)
1785: 00
1786: 9c pushfq
1787: 5b pop %rbx
1788: 81 e3 d5 08 00 00 and $0x8d5,%ebx
178e: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
1795: e9 f3 12 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
179a: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
17a1: 00
17a2: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
17a9: bd d5 08 00 00 mov $0x8d5,%ebp
17ae: 21 2c 24 and %ebp,(%rsp)
17b1: 9c pushfq
17b2: f7 d5 not %ebp
17b4: 21 2c 24 and %ebp,(%rsp)
17b7: 5d pop %rbp
17b8: 09 2c 24 or %ebp,(%rsp)
17bb: 9d popfq
17bc: bd d5 08 00 00 mov $0x8d5,%ebp
17c1: f7 d5 not %ebp
17c3: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
17ca: 39 84 24 f8 00 00 00 cmp %eax,0xf8(%rsp)
17d1: 9c pushfq
17d2: 5d pop %rbp
17d3: 81 e5 d5 08 00 00 and $0x8d5,%ebp
17d9: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
17e0: e9 a8 12 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
17e5: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
17ec: 00
17ed: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
17f4: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
17fa: 44 21 04 24 and %r8d,(%rsp)
17fe: 9c pushfq
17ff: 41 f7 d0 not %r8d
1802: 44 21 04 24 and %r8d,(%rsp)
1806: 41 58 pop %r8
1808: 44 09 04 24 or %r8d,(%rsp)
180c: 9d popfq
180d: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
1813: 41 f7 d0 not %r8d
1816: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
181d: 00
181e: 48 39 84 24 f8 00 00 cmp %rax,0xf8(%rsp)
1825: 00
1826: 9c pushfq
1827: 41 58 pop %r8
1829: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
1830: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
1837: 00
1838: e9 50 12 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x63: /* movsxd */
if (mode != X86EMUL_MODE_PROT64)
183d: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
1842: 0f 85 09 23 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
goto cannot_emulate;
dst.val = (s32) src.val;
1848: 48 63 84 24 18 01 00 movslq 0x118(%rsp),%rax
184f: 00
1850: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1857: 00
1858: e9 30 12 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x80 ... 0x83: /* Grp1 */
switch (modrm_reg) {
185d: 80 7c 24 20 07 cmpb $0x7,0x20(%rsp)
1862: 0f 87 25 12 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
1868: 0f b6 44 24 20 movzbl 0x20(%rsp),%eax
186d: ff 24 c5 00 00 00 00 jmpq *0x0(,%rax,8)
1870: R_X86_64_32S .rodata+0x40
case 0:
goto add;
case 1:
goto or;
case 2:
goto adc;
case 3:
goto sbb;
case 4:
goto and;
case 5:
goto sub;
case 6:
goto xor;
case 7:
goto cmp;
}
break;
case 0x84 ... 0x85:
test: /* test */
emulate_2op_SrcV("test", src, dst, _eflags);
1874: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
187b: 83 f8 01 cmp $0x1,%eax
187e: 75 4b jne 18cb <x86_emulate_memop+0x183e>
1880: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1887: 00
1888: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
188f: ba d5 08 00 00 mov $0x8d5,%edx
1894: 21 14 24 and %edx,(%rsp)
1897: 9c pushfq
1898: f7 d2 not %edx
189a: 21 14 24 and %edx,(%rsp)
189d: 5a pop %rdx
189e: 09 14 24 or %edx,(%rsp)
18a1: 9d popfq
18a2: ba d5 08 00 00 mov $0x8d5,%edx
18a7: f7 d2 not %edx
18a9: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
18b0: 84 84 24 f8 00 00 00 test %al,0xf8(%rsp)
18b7: 9c pushfq
18b8: 5a pop %rdx
18b9: 81 e2 d5 08 00 00 and $0x8d5,%edx
18bf: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
18c6: e9 c2 11 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
18cb: 83 f8 04 cmp $0x4,%eax
18ce: 74 5e je 192e <x86_emulate_memop+0x18a1>
18d0: 83 f8 08 cmp $0x8,%eax
18d3: 0f 84 a0 00 00 00 je 1979 <x86_emulate_memop+0x18ec>
18d9: 83 f8 02 cmp $0x2,%eax
18dc: 0f 85 ab 11 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
18e2: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
18e9: 00
18ea: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
18f1: b9 d5 08 00 00 mov $0x8d5,%ecx
18f6: 21 0c 24 and %ecx,(%rsp)
18f9: 9c pushfq
18fa: f7 d1 not %ecx
18fc: 21 0c 24 and %ecx,(%rsp)
18ff: 59 pop %rcx
1900: 09 0c 24 or %ecx,(%rsp)
1903: 9d popfq
1904: b9 d5 08 00 00 mov $0x8d5,%ecx
1909: f7 d1 not %ecx
190b: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
1912: 66 85 84 24 f8 00 00 test %ax,0xf8(%rsp)
1919: 00
191a: 9c pushfq
191b: 59 pop %rcx
191c: 81 e1 d5 08 00 00 and $0x8d5,%ecx
1922: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
1929: e9 5f 11 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
192e: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1935: 00
1936: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
193d: bb d5 08 00 00 mov $0x8d5,%ebx
1942: 21 1c 24 and %ebx,(%rsp)
1945: 9c pushfq
1946: f7 d3 not %ebx
1948: 21 1c 24 and %ebx,(%rsp)
194b: 5b pop %rbx
194c: 09 1c 24 or %ebx,(%rsp)
194f: 9d popfq
1950: bb d5 08 00 00 mov $0x8d5,%ebx
1955: f7 d3 not %ebx
1957: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
195e: 85 84 24 f8 00 00 00 test %eax,0xf8(%rsp)
1965: 9c pushfq
1966: 5b pop %rbx
1967: 81 e3 d5 08 00 00 and $0x8d5,%ebx
196d: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
1974: e9 14 11 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1979: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1980: 00
1981: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1988: bd d5 08 00 00 mov $0x8d5,%ebp
198d: 21 2c 24 and %ebp,(%rsp)
1990: 9c pushfq
1991: f7 d5 not %ebp
1993: 21 2c 24 and %ebp,(%rsp)
1996: 5d pop %rbp
1997: 09 2c 24 or %ebp,(%rsp)
199a: 9d popfq
199b: bd d5 08 00 00 mov $0x8d5,%ebp
19a0: f7 d5 not %ebp
19a2: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
19a9: 48 85 84 24 f8 00 00 test %rax,0xf8(%rsp)
19b0: 00
19b1: 9c pushfq
19b2: 5d pop %rbp
19b3: 81 e5 d5 08 00 00 and $0x8d5,%ebp
19b9: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
19c0: e9 c8 10 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x86 ... 0x87: /* xchg */
/* Write back the register source. */
switch (dst.bytes) {
19c5: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
19cc: 83 f8 02 cmp $0x2,%eax
19cf: 74 20 je 19f1 <x86_emulate_memop+0x1964>
19d1: 77 06 ja 19d9 <x86_emulate_memop+0x194c>
19d3: ff c8 dec %eax
19d5: 75 46 jne 1a1d <x86_emulate_memop+0x1990>
19d7: eb 0c jmp 19e5 <x86_emulate_memop+0x1958>
19d9: 83 f8 04 cmp $0x4,%eax
19dc: 74 20 je 19fe <x86_emulate_memop+0x1971>
19de: 83 f8 08 cmp $0x8,%eax
19e1: 75 3a jne 1a1d <x86_emulate_memop+0x1990>
19e3: eb 25 jmp 1a0a <x86_emulate_memop+0x197d>
case 1:
*(u8 *) src.ptr = (u8) dst.val;
19e5: 48 8b 84 24 28 01 00 mov 0x128(%rsp),%rax
19ec: 00
19ed: 88 10 mov %dl,(%rax)
19ef: eb 2c jmp 1a1d <x86_emulate_memop+0x1990>
break;
case 2:
*(u16 *) src.ptr = (u16) dst.val;
19f1: 48 8b 84 24 28 01 00 mov 0x128(%rsp),%rax
19f8: 00
19f9: 66 89 10 mov %dx,(%rax)
19fc: eb 1f jmp 1a1d <x86_emulate_memop+0x1990>
break;
case 4:
*src.ptr = (u32) dst.val;
19fe: 48 8b 84 24 28 01 00 mov 0x128(%rsp),%rax
1a05: 00
1a06: 89 d2 mov %edx,%edx
1a08: eb 10 jmp 1a1a <x86_emulate_memop+0x198d>
break; /* 64b reg: zero-extend */
case 8:
*src.ptr = dst.val;
1a0a: 48 8b 94 24 f8 00 00 mov 0xf8(%rsp),%rdx
1a11: 00
1a12: 48 8b 84 24 28 01 00 mov 0x128(%rsp),%rax
1a19: 00
1a1a: 48 89 10 mov %rdx,(%rax)
break;
}
/*
* Write back the memory destination with implicit LOCK
* prefix.
*/
dst.val = src.val;
1a1d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1a24: 00
1a25: c7 44 24 4c 01 00 00 movl $0x1,0x4c(%rsp)
1a2c: 00
1a2d: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1a34: 00
1a35: e9 53 10 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
lock_prefix = 1;
break;
case 0xa0 ... 0xa1: /* mov */
dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
1a3a: 48 8d 44 24 70 lea 0x70(%rsp),%rax
1a3f: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
1a46: 00
dst.val = src.val;
1a47: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1a4e: 00
1a4f: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1a56: 00
_eip += ad_bytes; /* skip src displacement */
1a57: 8b 44 24 48 mov 0x48(%rsp),%eax
1a5b: 48 01 84 24 50 01 00 add %rax,0x150(%rsp)
1a62: 00
1a63: e9 25 10 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xa2 ... 0xa3: /* mov */
dst.val = (unsigned long)_regs[VCPU_REGS_RAX];
1a68: 48 8b 44 24 70 mov 0x70(%rsp),%rax
1a6d: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1a74: 00
_eip += ad_bytes; /* skip dst displacement */
1a75: 8b 44 24 48 mov 0x48(%rsp),%eax
1a79: 48 01 84 24 50 01 00 add %rax,0x150(%rsp)
1a80: 00
1a81: e9 07 10 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x88 ... 0x8b: /* mov */
case 0xc6 ... 0xc7: /* mov (sole member of Grp11) */
dst.val = src.val;
1a86: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
1a8d: 00
1a8e: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
1a95: 00
1a96: e9 f2 0f 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0x8f: /* pop (sole member of Grp1a) */
/* 64-bit mode: POP always pops a 64-bit operand. */
if (mode == X86EMUL_MODE_PROT64)
dst.bytes = 8;
1a9b: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
1aa0: ba 08 00 00 00 mov $0x8,%edx
if ((rc = ops->read_std(register_address(ctxt->ss_base,
1aa5: 48 8b 04 24 mov (%rsp),%rax
1aa9: 0f 45 94 24 f4 00 00 cmovne 0xf4(%rsp),%edx
1ab0: 00
1ab1: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
1ab6: 49 8b 7d 38 mov 0x38(%r13),%rdi
1aba: 89 94 24 f4 00 00 00 mov %edx,0xf4(%rsp)
1ac1: 4c 8b 00 mov (%rax),%r8
1ac4: 75 0a jne 1ad0 <x86_emulate_memop+0x1a43>
1ac6: 48 8b 84 24 90 00 00 mov 0x90(%rsp),%rax
1acd: 00
1ace: eb 1a jmp 1aea <x86_emulate_memop+0x1a5d>
1ad0: 8b 4c 24 48 mov 0x48(%rsp),%ecx
1ad4: b8 01 00 00 00 mov $0x1,%eax
1ad9: c1 e1 03 shl $0x3,%ecx
1adc: 48 d3 e0 shl %cl,%rax
1adf: 48 ff c8 dec %rax
1ae2: 48 23 84 24 90 00 00 and 0x90(%rsp),%rax
1ae9: 00
1aea: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
1af1: 00
1af2: 48 8d 3c 38 lea (%rax,%rdi,1),%rdi
1af6: 4c 89 e9 mov %r13,%rcx
1af9: 41 ff d0 callq *%r8
1afc: 85 c0 test %eax,%eax
1afe: 41 89 c7 mov %eax,%r15d
1b01: 0f 85 9d 10 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
_regs[VCPU_REGS_RSP]),
&dst.val, dst.bytes, ctxt)) != 0)
goto done;
register_address_increment(_regs[VCPU_REGS_RSP], dst.bytes);
1b07: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
1b0c: 48 63 bc 24 f4 00 00 movslq 0xf4(%rsp),%rdi
1b13: 00
1b14: 75 0d jne 1b23 <x86_emulate_memop+0x1a96>
1b16: 48 01 bc 24 90 00 00 add %rdi,0x90(%rsp)
1b1d: 00
1b1e: e9 6a 0f 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1b23: 8b 4c 24 48 mov 0x48(%rsp),%ecx
1b27: 48 8b b4 24 90 00 00 mov 0x90(%rsp),%rsi
1b2e: 00
1b2f: b8 01 00 00 00 mov $0x1,%eax
1b34: c1 e1 03 shl $0x3,%ecx
1b37: 48 d3 e0 shl %cl,%rax
1b3a: 48 8d 0c 37 lea (%rdi,%rsi,1),%rcx
1b3e: 48 8d 50 ff lea 0xffffffffffffffff(%rax),%rdx
1b42: 48 f7 d8 neg %rax
1b45: 48 21 f0 and %rsi,%rax
1b48: 48 21 ca and %rcx,%rdx
1b4b: 48 09 c2 or %rax,%rdx
1b4e: 48 89 94 24 90 00 00 mov %rdx,0x90(%rsp)
1b55: 00
1b56: e9 32 0f 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xc0 ... 0xc1:
grp2: /* Grp2 */
switch (modrm_reg) {
1b5b: 80 7c 24 20 07 cmpb $0x7,0x20(%rsp)
1b60: 0f 87 27 0f 00 00 ja 2a8d <x86_emulate_memop+0x2a00>
1b66: 0f b6 44 24 20 movzbl 0x20(%rsp),%eax
1b6b: 44 8b 8c 24 f4 00 00 mov 0xf4(%rsp),%r9d
1b72: 00
1b73: ff 24 c5 00 00 00 00 jmpq *0x0(,%rax,8)
1b76: R_X86_64_32S .rodata+0x80
case 0: /* rol */
emulate_2op_SrcB("rol", src, dst, _eflags);
1b7a: 41 83 f9 01 cmp $0x1,%r9d
1b7e: 75 4a jne 1bca <x86_emulate_memop+0x1b3d>
1b80: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1b87: 00
1b88: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1b8f: b8 d5 08 00 00 mov $0x8d5,%eax
1b94: 21 04 24 and %eax,(%rsp)
1b97: 9c pushfq
1b98: f7 d0 not %eax
1b9a: 21 04 24 and %eax,(%rsp)
1b9d: 58 pop %rax
1b9e: 09 04 24 or %eax,(%rsp)
1ba1: 9d popfq
1ba2: b8 d5 08 00 00 mov $0x8d5,%eax
1ba7: f7 d0 not %eax
1ba9: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1bb0: d2 84 24 f8 00 00 00 rolb %cl,0xf8(%rsp)
1bb7: 9c pushfq
1bb8: 58 pop %rax
1bb9: 25 d5 08 00 00 and $0x8d5,%eax
1bbe: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1bc5: e9 c3 0e 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1bca: 41 83 f9 04 cmp $0x4,%r9d
1bce: 74 5f je 1c2f <x86_emulate_memop+0x1ba2>
1bd0: 41 83 f9 08 cmp $0x8,%r9d
1bd4: 0f 84 9f 00 00 00 je 1c79 <x86_emulate_memop+0x1bec>
1bda: 41 83 f9 02 cmp $0x2,%r9d
1bde: 0f 85 a9 0e 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1be4: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1beb: 00
1bec: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1bf3: b8 d5 08 00 00 mov $0x8d5,%eax
1bf8: 21 04 24 and %eax,(%rsp)
1bfb: 9c pushfq
1bfc: f7 d0 not %eax
1bfe: 21 04 24 and %eax,(%rsp)
1c01: 58 pop %rax
1c02: 09 04 24 or %eax,(%rsp)
1c05: 9d popfq
1c06: b8 d5 08 00 00 mov $0x8d5,%eax
1c0b: f7 d0 not %eax
1c0d: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1c14: 66 d3 84 24 f8 00 00 rolw %cl,0xf8(%rsp)
1c1b: 00
1c1c: 9c pushfq
1c1d: 58 pop %rax
1c1e: 25 d5 08 00 00 and $0x8d5,%eax
1c23: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1c2a: e9 5e 0e 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1c2f: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1c36: 00
1c37: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1c3e: b8 d5 08 00 00 mov $0x8d5,%eax
1c43: 21 04 24 and %eax,(%rsp)
1c46: 9c pushfq
1c47: f7 d0 not %eax
1c49: 21 04 24 and %eax,(%rsp)
1c4c: 58 pop %rax
1c4d: 09 04 24 or %eax,(%rsp)
1c50: 9d popfq
1c51: b8 d5 08 00 00 mov $0x8d5,%eax
1c56: f7 d0 not %eax
1c58: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1c5f: d3 84 24 f8 00 00 00 roll %cl,0xf8(%rsp)
1c66: 9c pushfq
1c67: 58 pop %rax
1c68: 25 d5 08 00 00 and $0x8d5,%eax
1c6d: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1c74: e9 14 0e 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1c79: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1c80: 00
1c81: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1c88: b8 d5 08 00 00 mov $0x8d5,%eax
1c8d: 21 04 24 and %eax,(%rsp)
1c90: 9c pushfq
1c91: f7 d0 not %eax
1c93: 21 04 24 and %eax,(%rsp)
1c96: 58 pop %rax
1c97: 09 04 24 or %eax,(%rsp)
1c9a: 9d popfq
1c9b: b8 d5 08 00 00 mov $0x8d5,%eax
1ca0: f7 d0 not %eax
1ca2: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1ca9: 48 d3 84 24 f8 00 00 rolq %cl,0xf8(%rsp)
1cb0: 00
1cb1: 9c pushfq
1cb2: 58 pop %rax
1cb3: 25 d5 08 00 00 and $0x8d5,%eax
1cb8: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1cbf: e9 c9 0d 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 1: /* ror */
emulate_2op_SrcB("ror", src, dst, _eflags);
1cc4: 41 83 f9 01 cmp $0x1,%r9d
1cc8: 75 4a jne 1d14 <x86_emulate_memop+0x1c87>
1cca: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1cd1: 00
1cd2: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1cd9: b8 d5 08 00 00 mov $0x8d5,%eax
1cde: 21 04 24 and %eax,(%rsp)
1ce1: 9c pushfq
1ce2: f7 d0 not %eax
1ce4: 21 04 24 and %eax,(%rsp)
1ce7: 58 pop %rax
1ce8: 09 04 24 or %eax,(%rsp)
1ceb: 9d popfq
1cec: b8 d5 08 00 00 mov $0x8d5,%eax
1cf1: f7 d0 not %eax
1cf3: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1cfa: d2 8c 24 f8 00 00 00 rorb %cl,0xf8(%rsp)
1d01: 9c pushfq
1d02: 58 pop %rax
1d03: 25 d5 08 00 00 and $0x8d5,%eax
1d08: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1d0f: e9 79 0d 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1d14: 41 83 f9 04 cmp $0x4,%r9d
1d18: 74 5f je 1d79 <x86_emulate_memop+0x1cec>
1d1a: 41 83 f9 08 cmp $0x8,%r9d
1d1e: 0f 84 9f 00 00 00 je 1dc3 <x86_emulate_memop+0x1d36>
1d24: 41 83 f9 02 cmp $0x2,%r9d
1d28: 0f 85 5f 0d 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1d2e: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1d35: 00
1d36: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1d3d: b8 d5 08 00 00 mov $0x8d5,%eax
1d42: 21 04 24 and %eax,(%rsp)
1d45: 9c pushfq
1d46: f7 d0 not %eax
1d48: 21 04 24 and %eax,(%rsp)
1d4b: 58 pop %rax
1d4c: 09 04 24 or %eax,(%rsp)
1d4f: 9d popfq
1d50: b8 d5 08 00 00 mov $0x8d5,%eax
1d55: f7 d0 not %eax
1d57: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1d5e: 66 d3 8c 24 f8 00 00 rorw %cl,0xf8(%rsp)
1d65: 00
1d66: 9c pushfq
1d67: 58 pop %rax
1d68: 25 d5 08 00 00 and $0x8d5,%eax
1d6d: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1d74: e9 14 0d 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1d79: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1d80: 00
1d81: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1d88: b8 d5 08 00 00 mov $0x8d5,%eax
1d8d: 21 04 24 and %eax,(%rsp)
1d90: 9c pushfq
1d91: f7 d0 not %eax
1d93: 21 04 24 and %eax,(%rsp)
1d96: 58 pop %rax
1d97: 09 04 24 or %eax,(%rsp)
1d9a: 9d popfq
1d9b: b8 d5 08 00 00 mov $0x8d5,%eax
1da0: f7 d0 not %eax
1da2: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1da9: d3 8c 24 f8 00 00 00 rorl %cl,0xf8(%rsp)
1db0: 9c pushfq
1db1: 58 pop %rax
1db2: 25 d5 08 00 00 and $0x8d5,%eax
1db7: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1dbe: e9 ca 0c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1dc3: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1dca: 00
1dcb: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1dd2: b8 d5 08 00 00 mov $0x8d5,%eax
1dd7: 21 04 24 and %eax,(%rsp)
1dda: 9c pushfq
1ddb: f7 d0 not %eax
1ddd: 21 04 24 and %eax,(%rsp)
1de0: 58 pop %rax
1de1: 09 04 24 or %eax,(%rsp)
1de4: 9d popfq
1de5: b8 d5 08 00 00 mov $0x8d5,%eax
1dea: f7 d0 not %eax
1dec: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1df3: 48 d3 8c 24 f8 00 00 rorq %cl,0xf8(%rsp)
1dfa: 00
1dfb: 9c pushfq
1dfc: 58 pop %rax
1dfd: 25 d5 08 00 00 and $0x8d5,%eax
1e02: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1e09: e9 7f 0c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 2: /* rcl */
emulate_2op_SrcB("rcl", src, dst, _eflags);
1e0e: 41 83 f9 01 cmp $0x1,%r9d
1e12: 75 4a jne 1e5e <x86_emulate_memop+0x1dd1>
1e14: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1e1b: 00
1e1c: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1e23: b8 d5 08 00 00 mov $0x8d5,%eax
1e28: 21 04 24 and %eax,(%rsp)
1e2b: 9c pushfq
1e2c: f7 d0 not %eax
1e2e: 21 04 24 and %eax,(%rsp)
1e31: 58 pop %rax
1e32: 09 04 24 or %eax,(%rsp)
1e35: 9d popfq
1e36: b8 d5 08 00 00 mov $0x8d5,%eax
1e3b: f7 d0 not %eax
1e3d: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1e44: d2 94 24 f8 00 00 00 rclb %cl,0xf8(%rsp)
1e4b: 9c pushfq
1e4c: 58 pop %rax
1e4d: 25 d5 08 00 00 and $0x8d5,%eax
1e52: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1e59: e9 2f 0c 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1e5e: 41 83 f9 04 cmp $0x4,%r9d
1e62: 74 5f je 1ec3 <x86_emulate_memop+0x1e36>
1e64: 41 83 f9 08 cmp $0x8,%r9d
1e68: 0f 84 9f 00 00 00 je 1f0d <x86_emulate_memop+0x1e80>
1e6e: 41 83 f9 02 cmp $0x2,%r9d
1e72: 0f 85 15 0c 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1e78: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1e7f: 00
1e80: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1e87: b8 d5 08 00 00 mov $0x8d5,%eax
1e8c: 21 04 24 and %eax,(%rsp)
1e8f: 9c pushfq
1e90: f7 d0 not %eax
1e92: 21 04 24 and %eax,(%rsp)
1e95: 58 pop %rax
1e96: 09 04 24 or %eax,(%rsp)
1e99: 9d popfq
1e9a: b8 d5 08 00 00 mov $0x8d5,%eax
1e9f: f7 d0 not %eax
1ea1: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1ea8: 66 d3 94 24 f8 00 00 rclw %cl,0xf8(%rsp)
1eaf: 00
1eb0: 9c pushfq
1eb1: 58 pop %rax
1eb2: 25 d5 08 00 00 and $0x8d5,%eax
1eb7: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1ebe: e9 ca 0b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1ec3: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1eca: 00
1ecb: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1ed2: b8 d5 08 00 00 mov $0x8d5,%eax
1ed7: 21 04 24 and %eax,(%rsp)
1eda: 9c pushfq
1edb: f7 d0 not %eax
1edd: 21 04 24 and %eax,(%rsp)
1ee0: 58 pop %rax
1ee1: 09 04 24 or %eax,(%rsp)
1ee4: 9d popfq
1ee5: b8 d5 08 00 00 mov $0x8d5,%eax
1eea: f7 d0 not %eax
1eec: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1ef3: d3 94 24 f8 00 00 00 rcll %cl,0xf8(%rsp)
1efa: 9c pushfq
1efb: 58 pop %rax
1efc: 25 d5 08 00 00 and $0x8d5,%eax
1f01: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1f08: e9 80 0b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1f0d: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1f14: 00
1f15: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1f1c: b8 d5 08 00 00 mov $0x8d5,%eax
1f21: 21 04 24 and %eax,(%rsp)
1f24: 9c pushfq
1f25: f7 d0 not %eax
1f27: 21 04 24 and %eax,(%rsp)
1f2a: 58 pop %rax
1f2b: 09 04 24 or %eax,(%rsp)
1f2e: 9d popfq
1f2f: b8 d5 08 00 00 mov $0x8d5,%eax
1f34: f7 d0 not %eax
1f36: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1f3d: 48 d3 94 24 f8 00 00 rclq %cl,0xf8(%rsp)
1f44: 00
1f45: 9c pushfq
1f46: 58 pop %rax
1f47: 25 d5 08 00 00 and $0x8d5,%eax
1f4c: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1f53: e9 35 0b 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 3: /* rcr */
emulate_2op_SrcB("rcr", src, dst, _eflags);
1f58: 41 83 f9 01 cmp $0x1,%r9d
1f5c: 75 4a jne 1fa8 <x86_emulate_memop+0x1f1b>
1f5e: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1f65: 00
1f66: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1f6d: b8 d5 08 00 00 mov $0x8d5,%eax
1f72: 21 04 24 and %eax,(%rsp)
1f75: 9c pushfq
1f76: f7 d0 not %eax
1f78: 21 04 24 and %eax,(%rsp)
1f7b: 58 pop %rax
1f7c: 09 04 24 or %eax,(%rsp)
1f7f: 9d popfq
1f80: b8 d5 08 00 00 mov $0x8d5,%eax
1f85: f7 d0 not %eax
1f87: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1f8e: d2 9c 24 f8 00 00 00 rcrb %cl,0xf8(%rsp)
1f95: 9c pushfq
1f96: 58 pop %rax
1f97: 25 d5 08 00 00 and $0x8d5,%eax
1f9c: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
1fa3: e9 e5 0a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
1fa8: 41 83 f9 04 cmp $0x4,%r9d
1fac: 74 5f je 200d <x86_emulate_memop+0x1f80>
1fae: 41 83 f9 08 cmp $0x8,%r9d
1fb2: 0f 84 9f 00 00 00 je 2057 <x86_emulate_memop+0x1fca>
1fb8: 41 83 f9 02 cmp $0x2,%r9d
1fbc: 0f 85 cb 0a 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
1fc2: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
1fc9: 00
1fca: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
1fd1: b8 d5 08 00 00 mov $0x8d5,%eax
1fd6: 21 04 24 and %eax,(%rsp)
1fd9: 9c pushfq
1fda: f7 d0 not %eax
1fdc: 21 04 24 and %eax,(%rsp)
1fdf: 58 pop %rax
1fe0: 09 04 24 or %eax,(%rsp)
1fe3: 9d popfq
1fe4: b8 d5 08 00 00 mov $0x8d5,%eax
1fe9: f7 d0 not %eax
1feb: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
1ff2: 66 d3 9c 24 f8 00 00 rcrw %cl,0xf8(%rsp)
1ff9: 00
1ffa: 9c pushfq
1ffb: 58 pop %rax
1ffc: 25 d5 08 00 00 and $0x8d5,%eax
2001: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2008: e9 80 0a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
200d: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
2014: 00
2015: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
201c: b8 d5 08 00 00 mov $0x8d5,%eax
2021: 21 04 24 and %eax,(%rsp)
2024: 9c pushfq
2025: f7 d0 not %eax
2027: 21 04 24 and %eax,(%rsp)
202a: 58 pop %rax
202b: 09 04 24 or %eax,(%rsp)
202e: 9d popfq
202f: b8 d5 08 00 00 mov $0x8d5,%eax
2034: f7 d0 not %eax
2036: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
203d: d3 9c 24 f8 00 00 00 rcrl %cl,0xf8(%rsp)
2044: 9c pushfq
2045: 58 pop %rax
2046: 25 d5 08 00 00 and $0x8d5,%eax
204b: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2052: e9 36 0a 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2057: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
205e: 00
205f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2066: b8 d5 08 00 00 mov $0x8d5,%eax
206b: 21 04 24 and %eax,(%rsp)
206e: 9c pushfq
206f: f7 d0 not %eax
2071: 21 04 24 and %eax,(%rsp)
2074: 58 pop %rax
2075: 09 04 24 or %eax,(%rsp)
2078: 9d popfq
2079: b8 d5 08 00 00 mov $0x8d5,%eax
207e: f7 d0 not %eax
2080: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2087: 48 d3 9c 24 f8 00 00 rcrq %cl,0xf8(%rsp)
208e: 00
208f: 9c pushfq
2090: 58 pop %rax
2091: 25 d5 08 00 00 and $0x8d5,%eax
2096: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
209d: e9 eb 09 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 4: /* sal/shl */
case 6: /* sal/shl */
emulate_2op_SrcB("sal", src, dst, _eflags);
20a2: 41 83 f9 01 cmp $0x1,%r9d
20a6: 75 4a jne 20f2 <x86_emulate_memop+0x2065>
20a8: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
20af: 00
20b0: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
20b7: b8 d5 08 00 00 mov $0x8d5,%eax
20bc: 21 04 24 and %eax,(%rsp)
20bf: 9c pushfq
20c0: f7 d0 not %eax
20c2: 21 04 24 and %eax,(%rsp)
20c5: 58 pop %rax
20c6: 09 04 24 or %eax,(%rsp)
20c9: 9d popfq
20ca: b8 d5 08 00 00 mov $0x8d5,%eax
20cf: f7 d0 not %eax
20d1: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
20d8: d2 a4 24 f8 00 00 00 shlb %cl,0xf8(%rsp)
20df: 9c pushfq
20e0: 58 pop %rax
20e1: 25 d5 08 00 00 and $0x8d5,%eax
20e6: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
20ed: e9 9b 09 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
20f2: 41 83 f9 04 cmp $0x4,%r9d
20f6: 74 5f je 2157 <x86_emulate_memop+0x20ca>
20f8: 41 83 f9 08 cmp $0x8,%r9d
20fc: 0f 84 9f 00 00 00 je 21a1 <x86_emulate_memop+0x2114>
2102: 41 83 f9 02 cmp $0x2,%r9d
2106: 0f 85 81 09 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
210c: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
2113: 00
2114: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
211b: b8 d5 08 00 00 mov $0x8d5,%eax
2120: 21 04 24 and %eax,(%rsp)
2123: 9c pushfq
2124: f7 d0 not %eax
2126: 21 04 24 and %eax,(%rsp)
2129: 58 pop %rax
212a: 09 04 24 or %eax,(%rsp)
212d: 9d popfq
212e: b8 d5 08 00 00 mov $0x8d5,%eax
2133: f7 d0 not %eax
2135: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
213c: 66 d3 a4 24 f8 00 00 shlw %cl,0xf8(%rsp)
2143: 00
2144: 9c pushfq
2145: 58 pop %rax
2146: 25 d5 08 00 00 and $0x8d5,%eax
214b: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2152: e9 36 09 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2157: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
215e: 00
215f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2166: b8 d5 08 00 00 mov $0x8d5,%eax
216b: 21 04 24 and %eax,(%rsp)
216e: 9c pushfq
216f: f7 d0 not %eax
2171: 21 04 24 and %eax,(%rsp)
2174: 58 pop %rax
2175: 09 04 24 or %eax,(%rsp)
2178: 9d popfq
2179: b8 d5 08 00 00 mov $0x8d5,%eax
217e: f7 d0 not %eax
2180: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2187: d3 a4 24 f8 00 00 00 shll %cl,0xf8(%rsp)
218e: 9c pushfq
218f: 58 pop %rax
2190: 25 d5 08 00 00 and $0x8d5,%eax
2195: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
219c: e9 ec 08 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
21a1: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
21a8: 00
21a9: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
21b0: b8 d5 08 00 00 mov $0x8d5,%eax
21b5: 21 04 24 and %eax,(%rsp)
21b8: 9c pushfq
21b9: f7 d0 not %eax
21bb: 21 04 24 and %eax,(%rsp)
21be: 58 pop %rax
21bf: 09 04 24 or %eax,(%rsp)
21c2: 9d popfq
21c3: b8 d5 08 00 00 mov $0x8d5,%eax
21c8: f7 d0 not %eax
21ca: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
21d1: 48 d3 a4 24 f8 00 00 shlq %cl,0xf8(%rsp)
21d8: 00
21d9: 9c pushfq
21da: 58 pop %rax
21db: 25 d5 08 00 00 and $0x8d5,%eax
21e0: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
21e7: e9 a1 08 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 5: /* shr */
emulate_2op_SrcB("shr", src, dst, _eflags);
21ec: 41 83 f9 01 cmp $0x1,%r9d
21f0: 75 4a jne 223c <x86_emulate_memop+0x21af>
21f2: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
21f9: 00
21fa: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2201: b8 d5 08 00 00 mov $0x8d5,%eax
2206: 21 04 24 and %eax,(%rsp)
2209: 9c pushfq
220a: f7 d0 not %eax
220c: 21 04 24 and %eax,(%rsp)
220f: 58 pop %rax
2210: 09 04 24 or %eax,(%rsp)
2213: 9d popfq
2214: b8 d5 08 00 00 mov $0x8d5,%eax
2219: f7 d0 not %eax
221b: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2222: d2 ac 24 f8 00 00 00 shrb %cl,0xf8(%rsp)
2229: 9c pushfq
222a: 58 pop %rax
222b: 25 d5 08 00 00 and $0x8d5,%eax
2230: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2237: e9 51 08 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
223c: 41 83 f9 04 cmp $0x4,%r9d
2240: 74 5f je 22a1 <x86_emulate_memop+0x2214>
2242: 41 83 f9 08 cmp $0x8,%r9d
2246: 0f 84 9f 00 00 00 je 22eb <x86_emulate_memop+0x225e>
224c: 41 83 f9 02 cmp $0x2,%r9d
2250: 0f 85 37 08 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
2256: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
225d: 00
225e: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2265: b8 d5 08 00 00 mov $0x8d5,%eax
226a: 21 04 24 and %eax,(%rsp)
226d: 9c pushfq
226e: f7 d0 not %eax
2270: 21 04 24 and %eax,(%rsp)
2273: 58 pop %rax
2274: 09 04 24 or %eax,(%rsp)
2277: 9d popfq
2278: b8 d5 08 00 00 mov $0x8d5,%eax
227d: f7 d0 not %eax
227f: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2286: 66 d3 ac 24 f8 00 00 shrw %cl,0xf8(%rsp)
228d: 00
228e: 9c pushfq
228f: 58 pop %rax
2290: 25 d5 08 00 00 and $0x8d5,%eax
2295: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
229c: e9 ec 07 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
22a1: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
22a8: 00
22a9: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
22b0: b8 d5 08 00 00 mov $0x8d5,%eax
22b5: 21 04 24 and %eax,(%rsp)
22b8: 9c pushfq
22b9: f7 d0 not %eax
22bb: 21 04 24 and %eax,(%rsp)
22be: 58 pop %rax
22bf: 09 04 24 or %eax,(%rsp)
22c2: 9d popfq
22c3: b8 d5 08 00 00 mov $0x8d5,%eax
22c8: f7 d0 not %eax
22ca: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
22d1: d3 ac 24 f8 00 00 00 shrl %cl,0xf8(%rsp)
22d8: 9c pushfq
22d9: 58 pop %rax
22da: 25 d5 08 00 00 and $0x8d5,%eax
22df: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
22e6: e9 a2 07 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
22eb: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
22f2: 00
22f3: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
22fa: b8 d5 08 00 00 mov $0x8d5,%eax
22ff: 21 04 24 and %eax,(%rsp)
2302: 9c pushfq
2303: f7 d0 not %eax
2305: 21 04 24 and %eax,(%rsp)
2308: 58 pop %rax
2309: 09 04 24 or %eax,(%rsp)
230c: 9d popfq
230d: b8 d5 08 00 00 mov $0x8d5,%eax
2312: f7 d0 not %eax
2314: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
231b: 48 d3 ac 24 f8 00 00 shrq %cl,0xf8(%rsp)
2322: 00
2323: 9c pushfq
2324: 58 pop %rax
2325: 25 d5 08 00 00 and $0x8d5,%eax
232a: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2331: e9 57 07 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 7: /* sar */
emulate_2op_SrcB("sar", src, dst, _eflags);
2336: 41 83 f9 01 cmp $0x1,%r9d
233a: 75 4a jne 2386 <x86_emulate_memop+0x22f9>
233c: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
2343: 00
2344: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
234b: b8 d5 08 00 00 mov $0x8d5,%eax
2350: 21 04 24 and %eax,(%rsp)
2353: 9c pushfq
2354: f7 d0 not %eax
2356: 21 04 24 and %eax,(%rsp)
2359: 58 pop %rax
235a: 09 04 24 or %eax,(%rsp)
235d: 9d popfq
235e: b8 d5 08 00 00 mov $0x8d5,%eax
2363: f7 d0 not %eax
2365: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
236c: d2 bc 24 f8 00 00 00 sarb %cl,0xf8(%rsp)
2373: 9c pushfq
2374: 58 pop %rax
2375: 25 d5 08 00 00 and $0x8d5,%eax
237a: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2381: e9 07 07 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2386: 41 83 f9 04 cmp $0x4,%r9d
238a: 74 5f je 23eb <x86_emulate_memop+0x235e>
238c: 41 83 f9 08 cmp $0x8,%r9d
2390: 0f 84 9f 00 00 00 je 2435 <x86_emulate_memop+0x23a8>
2396: 41 83 f9 02 cmp $0x2,%r9d
239a: 0f 85 ed 06 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
23a0: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
23a7: 00
23a8: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
23af: b8 d5 08 00 00 mov $0x8d5,%eax
23b4: 21 04 24 and %eax,(%rsp)
23b7: 9c pushfq
23b8: f7 d0 not %eax
23ba: 21 04 24 and %eax,(%rsp)
23bd: 58 pop %rax
23be: 09 04 24 or %eax,(%rsp)
23c1: 9d popfq
23c2: b8 d5 08 00 00 mov $0x8d5,%eax
23c7: f7 d0 not %eax
23c9: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
23d0: 66 d3 bc 24 f8 00 00 sarw %cl,0xf8(%rsp)
23d7: 00
23d8: 9c pushfq
23d9: 58 pop %rax
23da: 25 d5 08 00 00 and $0x8d5,%eax
23df: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
23e6: e9 a2 06 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
23eb: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
23f2: 00
23f3: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
23fa: b8 d5 08 00 00 mov $0x8d5,%eax
23ff: 21 04 24 and %eax,(%rsp)
2402: 9c pushfq
2403: f7 d0 not %eax
2405: 21 04 24 and %eax,(%rsp)
2408: 58 pop %rax
2409: 09 04 24 or %eax,(%rsp)
240c: 9d popfq
240d: b8 d5 08 00 00 mov $0x8d5,%eax
2412: f7 d0 not %eax
2414: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
241b: d3 bc 24 f8 00 00 00 sarl %cl,0xf8(%rsp)
2422: 9c pushfq
2423: 58 pop %rax
2424: 25 d5 08 00 00 and $0x8d5,%eax
2429: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2430: e9 58 06 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2435: 48 8b 8c 24 18 01 00 mov 0x118(%rsp),%rcx
243c: 00
243d: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2444: b8 d5 08 00 00 mov $0x8d5,%eax
2449: 21 04 24 and %eax,(%rsp)
244c: 9c pushfq
244d: f7 d0 not %eax
244f: 21 04 24 and %eax,(%rsp)
2452: 58 pop %rax
2453: 09 04 24 or %eax,(%rsp)
2456: 9d popfq
2457: b8 d5 08 00 00 mov $0x8d5,%eax
245c: f7 d0 not %eax
245e: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2465: 48 d3 bc 24 f8 00 00 sarq %cl,0xf8(%rsp)
246c: 00
246d: 9c pushfq
246e: 58 pop %rax
246f: 25 d5 08 00 00 and $0x8d5,%eax
2474: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
247b: e9 0d 06 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
}
break;
case 0xd0 ... 0xd1: /* Grp2 */
src.val = 1;
2480: 48 c7 84 24 18 01 00 movq $0x1,0x118(%rsp)
2487: 00 01 00 00 00
248c: e9 ca f6 ff ff jmpq 1b5b <x86_emulate_memop+0x1ace>
goto grp2;
case 0xd2 ... 0xd3: /* Grp2 */
src.val = _regs[VCPU_REGS_RCX];
2491: 48 8b 44 24 78 mov 0x78(%rsp),%rax
2496: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
249d: 00
249e: e9 b8 f6 ff ff jmpq 1b5b <x86_emulate_memop+0x1ace>
goto grp2;
case 0xf6 ... 0xf7: /* Grp3 */
switch (modrm_reg) {
24a3: 80 7c 24 20 02 cmpb $0x2,0x20(%rsp)
24a8: 0f 84 3b 01 00 00 je 25e9 <x86_emulate_memop+0x255c>
24ae: 72 10 jb 24c0 <x86_emulate_memop+0x2433>
24b0: 80 7c 24 20 03 cmpb $0x3,0x20(%rsp)
24b5: 0f 85 96 16 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
24bb: e9 36 01 00 00 jmpq 25f6 <x86_emulate_memop+0x2569>
case 0 ... 1: /* test */
/*
* Special case in Grp3: test has an immediate
* source operand.
*/
src.type = OP_IMM;
src.ptr = (unsigned long *)_eip;
src.bytes = (d & ByteOp) ? 1 : op_bytes;
24c0: f6 44 24 18 01 testb $0x1,0x18(%rsp)
24c5: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
24cc: 00
24cd: c7 84 24 10 01 00 00 movl $0x2,0x110(%rsp)
24d4: 02 00 00 00
24d8: 48 89 bc 24 28 01 00 mov %rdi,0x128(%rsp)
24df: 00
24e0: 0f 85 80 16 00 00 jne 3b66 <x86_emulate_memop+0x3ad9>
24e6: 8b 54 24 6c mov 0x6c(%rsp),%edx
if (src.bytes == 8)
24ea: 83 fa 08 cmp $0x8,%edx
24ed: 89 94 24 14 01 00 00 mov %edx,0x114(%rsp)
24f4: 75 10 jne 2506 <x86_emulate_memop+0x2479>
src.bytes = 4;
24f6: c7 84 24 14 01 00 00 movl $0x4,0x114(%rsp)
24fd: 04 00 00 00
2501: e9 97 00 00 00 jmpq 259d <x86_emulate_memop+0x2510>
switch (src.bytes) {
2506: 83 7c 24 6c 02 cmpl $0x2,0x6c(%rsp)
250b: 74 56 je 2563 <x86_emulate_memop+0x24d6>
250d: 83 7c 24 6c 04 cmpl $0x4,0x6c(%rsp)
2512: 0f 84 85 00 00 00 je 259d <x86_emulate_memop+0x2510>
2518: 83 7c 24 6c 01 cmpl $0x1,0x6c(%rsp)
251d: 0f 85 51 f3 ff ff jne 1874 <x86_emulate_memop+0x17e7>
case 1:
src.val = insn_fetch(s8, 1, _eip);
2523: 48 8b 1c 24 mov (%rsp),%rbx
2527: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
252e: 00
252f: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
2536: 00
2537: 49 03 7d 20 add 0x20(%r13),%rdi
253b: 4c 89 e9 mov %r13,%rcx
253e: ba 01 00 00 00 mov $0x1,%edx
2543: ff 13 callq *(%rbx)
2545: 85 c0 test %eax,%eax
2547: 41 89 c7 mov %eax,%r15d
254a: 0f 85 54 06 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
2550: 48 ff 84 24 50 01 00 incq 0x150(%rsp)
2557: 00
2558: 48 0f be 84 24 38 01 movsbq 0x138(%rsp),%rax
255f: 00 00
2561: eb 79 jmp 25dc <x86_emulate_memop+0x254f>
break;
case 2:
src.val = insn_fetch(s16, 2, _eip);
2563: 48 8b 2c 24 mov (%rsp),%rbp
2567: 49 03 7d 20 add 0x20(%r13),%rdi
256b: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
2572: 00
2573: 4c 89 e9 mov %r13,%rcx
2576: ba 02 00 00 00 mov $0x2,%edx
257b: ff 55 00 callq *0x0(%rbp)
257e: 85 c0 test %eax,%eax
2580: 41 89 c7 mov %eax,%r15d
2583: 0f 85 1b 06 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
2589: 48 83 84 24 50 01 00 addq $0x2,0x150(%rsp)
2590: 00 02
2592: 48 0f bf 84 24 38 01 movswq 0x138(%rsp),%rax
2599: 00 00
259b: eb 3f jmp 25dc <x86_emulate_memop+0x254f>
break;
case 4:
src.val = insn_fetch(s32, 4, _eip);
259d: 4c 8b 04 24 mov (%rsp),%r8
25a1: 48 8b bc 24 50 01 00 mov 0x150(%rsp),%rdi
25a8: 00
25a9: 48 8d b4 24 38 01 00 lea 0x138(%rsp),%rsi
25b0: 00
25b1: 49 03 7d 20 add 0x20(%r13),%rdi
25b5: 4c 89 e9 mov %r13,%rcx
25b8: ba 04 00 00 00 mov $0x4,%edx
25bd: 41 ff 10 callq *(%r8)
25c0: 85 c0 test %eax,%eax
25c2: 41 89 c7 mov %eax,%r15d
25c5: 0f 85 d9 05 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
25cb: 48 83 84 24 50 01 00 addq $0x4,0x150(%rsp)
25d2: 00 04
25d4: 48 63 84 24 38 01 00 movslq 0x138(%rsp),%rax
25db: 00
25dc: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
25e3: 00
25e4: e9 8b f2 ff ff jmpq 1874 <x86_emulate_memop+0x17e7>
break;
}
goto test;
case 2: /* not */
dst.val = ~dst.val;
25e9: 48 f7 94 24 f8 00 00 notq 0xf8(%rsp)
25f0: 00
25f1: e9 97 04 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 3: /* neg */
emulate_1op("neg", dst, _eflags);
25f6: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
25fd: 83 f8 02 cmp $0x2,%eax
2600: 74 65 je 2667 <x86_emulate_memop+0x25da>
2602: 77 0a ja 260e <x86_emulate_memop+0x2581>
2604: ff c8 dec %eax
2606: 0f 85 81 04 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
260c: eb 17 jmp 2625 <x86_emulate_memop+0x2598>
260e: 83 f8 04 cmp $0x4,%eax
2611: 0f 84 93 00 00 00 je 26aa <x86_emulate_memop+0x261d>
2617: 83 f8 08 cmp $0x8,%eax
261a: 0f 85 6d 04 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
2620: e9 c7 00 00 00 jmpq 26ec <x86_emulate_memop+0x265f>
2625: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
262c: b8 d5 08 00 00 mov $0x8d5,%eax
2631: 21 04 24 and %eax,(%rsp)
2634: 9c pushfq
2635: f7 d0 not %eax
2637: 21 04 24 and %eax,(%rsp)
263a: 58 pop %rax
263b: 09 04 24 or %eax,(%rsp)
263e: 9d popfq
263f: b8 d5 08 00 00 mov $0x8d5,%eax
2644: f7 d0 not %eax
2646: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
264d: f6 9c 24 f8 00 00 00 negb 0xf8(%rsp)
2654: 9c pushfq
2655: 58 pop %rax
2656: 25 d5 08 00 00 and $0x8d5,%eax
265b: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2662: e9 26 04 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2667: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
266e: b8 d5 08 00 00 mov $0x8d5,%eax
2673: 21 04 24 and %eax,(%rsp)
2676: 9c pushfq
2677: f7 d0 not %eax
2679: 21 04 24 and %eax,(%rsp)
267c: 58 pop %rax
267d: 09 04 24 or %eax,(%rsp)
2680: 9d popfq
2681: b8 d5 08 00 00 mov $0x8d5,%eax
2686: f7 d0 not %eax
2688: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
268f: 66 f7 9c 24 f8 00 00 negw 0xf8(%rsp)
2696: 00
2697: 9c pushfq
2698: 58 pop %rax
2699: 25 d5 08 00 00 and $0x8d5,%eax
269e: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
26a5: e9 e3 03 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
26aa: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
26b1: b8 d5 08 00 00 mov $0x8d5,%eax
26b6: 21 04 24 and %eax,(%rsp)
26b9: 9c pushfq
26ba: f7 d0 not %eax
26bc: 21 04 24 and %eax,(%rsp)
26bf: 58 pop %rax
26c0: 09 04 24 or %eax,(%rsp)
26c3: 9d popfq
26c4: b8 d5 08 00 00 mov $0x8d5,%eax
26c9: f7 d0 not %eax
26cb: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
26d2: f7 9c 24 f8 00 00 00 negl 0xf8(%rsp)
26d9: 9c pushfq
26da: 58 pop %rax
26db: 25 d5 08 00 00 and $0x8d5,%eax
26e0: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
26e7: e9 a1 03 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
26ec: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
26f3: b8 d5 08 00 00 mov $0x8d5,%eax
26f8: 21 04 24 and %eax,(%rsp)
26fb: 9c pushfq
26fc: f7 d0 not %eax
26fe: 21 04 24 and %eax,(%rsp)
2701: 58 pop %rax
2702: 09 04 24 or %eax,(%rsp)
2705: 9d popfq
2706: b8 d5 08 00 00 mov $0x8d5,%eax
270b: f7 d0 not %eax
270d: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2714: 48 f7 9c 24 f8 00 00 negq 0xf8(%rsp)
271b: 00
271c: 9c pushfq
271d: 58 pop %rax
271e: 25 d5 08 00 00 and $0x8d5,%eax
2723: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
272a: e9 5e 03 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
default:
goto cannot_emulate;
}
break;
case 0xfe ... 0xff: /* Grp4/Grp5 */
switch (modrm_reg) {
272f: 80 7c 24 20 01 cmpb $0x1,0x20(%rsp)
2734: 0f 84 4b 01 00 00 je 2885 <x86_emulate_memop+0x27f8>
273a: 72 10 jb 274c <x86_emulate_memop+0x26bf>
273c: 80 7c 24 20 06 cmpb $0x6,0x20(%rsp)
2741: 0f 85 0a 14 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
2747: e9 72 02 00 00 jmpq 29be <x86_emulate_memop+0x2931>
case 0: /* inc */
emulate_1op("inc", dst, _eflags);
274c: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
2753: 83 f8 02 cmp $0x2,%eax
2756: 74 65 je 27bd <x86_emulate_memop+0x2730>
2758: 77 0a ja 2764 <x86_emulate_memop+0x26d7>
275a: ff c8 dec %eax
275c: 0f 85 2b 03 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
2762: eb 17 jmp 277b <x86_emulate_memop+0x26ee>
2764: 83 f8 04 cmp $0x4,%eax
2767: 0f 84 93 00 00 00 je 2800 <x86_emulate_memop+0x2773>
276d: 83 f8 08 cmp $0x8,%eax
2770: 0f 85 17 03 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
2776: e9 c7 00 00 00 jmpq 2842 <x86_emulate_memop+0x27b5>
277b: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2782: b8 d5 08 00 00 mov $0x8d5,%eax
2787: 21 04 24 and %eax,(%rsp)
278a: 9c pushfq
278b: f7 d0 not %eax
278d: 21 04 24 and %eax,(%rsp)
2790: 58 pop %rax
2791: 09 04 24 or %eax,(%rsp)
2794: 9d popfq
2795: b8 d5 08 00 00 mov $0x8d5,%eax
279a: f7 d0 not %eax
279c: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
27a3: fe 84 24 f8 00 00 00 incb 0xf8(%rsp)
27aa: 9c pushfq
27ab: 58 pop %rax
27ac: 25 d5 08 00 00 and $0x8d5,%eax
27b1: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
27b8: e9 d0 02 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
27bd: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
27c4: b8 d5 08 00 00 mov $0x8d5,%eax
27c9: 21 04 24 and %eax,(%rsp)
27cc: 9c pushfq
27cd: f7 d0 not %eax
27cf: 21 04 24 and %eax,(%rsp)
27d2: 58 pop %rax
27d3: 09 04 24 or %eax,(%rsp)
27d6: 9d popfq
27d7: b8 d5 08 00 00 mov $0x8d5,%eax
27dc: f7 d0 not %eax
27de: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
27e5: 66 ff 84 24 f8 00 00 incw 0xf8(%rsp)
27ec: 00
27ed: 9c pushfq
27ee: 58 pop %rax
27ef: 25 d5 08 00 00 and $0x8d5,%eax
27f4: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
27fb: e9 8d 02 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2800: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2807: b8 d5 08 00 00 mov $0x8d5,%eax
280c: 21 04 24 and %eax,(%rsp)
280f: 9c pushfq
2810: f7 d0 not %eax
2812: 21 04 24 and %eax,(%rsp)
2815: 58 pop %rax
2816: 09 04 24 or %eax,(%rsp)
2819: 9d popfq
281a: b8 d5 08 00 00 mov $0x8d5,%eax
281f: f7 d0 not %eax
2821: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2828: ff 84 24 f8 00 00 00 incl 0xf8(%rsp)
282f: 9c pushfq
2830: 58 pop %rax
2831: 25 d5 08 00 00 and $0x8d5,%eax
2836: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
283d: e9 4b 02 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2842: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2849: b8 d5 08 00 00 mov $0x8d5,%eax
284e: 21 04 24 and %eax,(%rsp)
2851: 9c pushfq
2852: f7 d0 not %eax
2854: 21 04 24 and %eax,(%rsp)
2857: 58 pop %rax
2858: 09 04 24 or %eax,(%rsp)
285b: 9d popfq
285c: b8 d5 08 00 00 mov $0x8d5,%eax
2861: f7 d0 not %eax
2863: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
286a: 48 ff 84 24 f8 00 00 incq 0xf8(%rsp)
2871: 00
2872: 9c pushfq
2873: 58 pop %rax
2874: 25 d5 08 00 00 and $0x8d5,%eax
2879: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2880: e9 08 02 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 1: /* dec */
emulate_1op("dec", dst, _eflags);
2885: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
288c: 83 f8 02 cmp $0x2,%eax
288f: 74 65 je 28f6 <x86_emulate_memop+0x2869>
2891: 77 0a ja 289d <x86_emulate_memop+0x2810>
2893: ff c8 dec %eax
2895: 0f 85 f2 01 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
289b: eb 17 jmp 28b4 <x86_emulate_memop+0x2827>
289d: 83 f8 04 cmp $0x4,%eax
28a0: 0f 84 93 00 00 00 je 2939 <x86_emulate_memop+0x28ac>
28a6: 83 f8 08 cmp $0x8,%eax
28a9: 0f 85 de 01 00 00 jne 2a8d <x86_emulate_memop+0x2a00>
28af: e9 c7 00 00 00 jmpq 297b <x86_emulate_memop+0x28ee>
28b4: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
28bb: b8 d5 08 00 00 mov $0x8d5,%eax
28c0: 21 04 24 and %eax,(%rsp)
28c3: 9c pushfq
28c4: f7 d0 not %eax
28c6: 21 04 24 and %eax,(%rsp)
28c9: 58 pop %rax
28ca: 09 04 24 or %eax,(%rsp)
28cd: 9d popfq
28ce: b8 d5 08 00 00 mov $0x8d5,%eax
28d3: f7 d0 not %eax
28d5: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
28dc: fe 8c 24 f8 00 00 00 decb 0xf8(%rsp)
28e3: 9c pushfq
28e4: 58 pop %rax
28e5: 25 d5 08 00 00 and $0x8d5,%eax
28ea: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
28f1: e9 97 01 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
28f6: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
28fd: b8 d5 08 00 00 mov $0x8d5,%eax
2902: 21 04 24 and %eax,(%rsp)
2905: 9c pushfq
2906: f7 d0 not %eax
2908: 21 04 24 and %eax,(%rsp)
290b: 58 pop %rax
290c: 09 04 24 or %eax,(%rsp)
290f: 9d popfq
2910: b8 d5 08 00 00 mov $0x8d5,%eax
2915: f7 d0 not %eax
2917: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
291e: 66 ff 8c 24 f8 00 00 decw 0xf8(%rsp)
2925: 00
2926: 9c pushfq
2927: 58 pop %rax
2928: 25 d5 08 00 00 and $0x8d5,%eax
292d: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2934: e9 54 01 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
2939: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2940: b8 d5 08 00 00 mov $0x8d5,%eax
2945: 21 04 24 and %eax,(%rsp)
2948: 9c pushfq
2949: f7 d0 not %eax
294b: 21 04 24 and %eax,(%rsp)
294e: 58 pop %rax
294f: 09 04 24 or %eax,(%rsp)
2952: 9d popfq
2953: b8 d5 08 00 00 mov $0x8d5,%eax
2958: f7 d0 not %eax
295a: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
2961: ff 8c 24 f8 00 00 00 decl 0xf8(%rsp)
2968: 9c pushfq
2969: 58 pop %rax
296a: 25 d5 08 00 00 and $0x8d5,%eax
296f: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
2976: e9 12 01 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
297b: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
2982: b8 d5 08 00 00 mov $0x8d5,%eax
2987: 21 04 24 and %eax,(%rsp)
298a: 9c pushfq
298b: f7 d0 not %eax
298d: 21 04 24 and %eax,(%rsp)
2990: 58 pop %rax
2991: 09 04 24 or %eax,(%rsp)
2994: 9d popfq
2995: b8 d5 08 00 00 mov $0x8d5,%eax
299a: f7 d0 not %eax
299c: 21 84 24 48 01 00 00 and %eax,0x148(%rsp)
29a3: 48 ff 8c 24 f8 00 00 decq 0xf8(%rsp)
29aa: 00
29ab: 9c pushfq
29ac: 58 pop %rax
29ad: 25 d5 08 00 00 and $0x8d5,%eax
29b2: 09 84 24 48 01 00 00 or %eax,0x148(%rsp)
29b9: e9 cf 00 00 00 jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 6: /* push */
/* 64-bit mode: PUSH always pushes a 64-bit operand. */
if (mode == X86EMUL_MODE_PROT64) {
29be: 83 7c 24 54 08 cmpl $0x8,0x54(%rsp)
29c3: 75 34 jne 29f9 <x86_emulate_memop+0x296c>
dst.bytes = 8;
if ((rc = ops->read_std((unsigned long)dst.ptr,
29c5: 48 8b 1c 24 mov (%rsp),%rbx
29c9: c7 84 24 f4 00 00 00 movl $0x8,0xf4(%rsp)
29d0: 08 00 00 00
29d4: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
29db: 00
29dc: 48 8b bc 24 08 01 00 mov 0x108(%rsp),%rdi
29e3: 00
29e4: 4c 89 e9 mov %r13,%rcx
29e7: ba 08 00 00 00 mov $0x8,%edx
29ec: ff 13 callq *(%rbx)
29ee: 85 c0 test %eax,%eax
29f0: 41 89 c7 mov %eax,%r15d
29f3: 0f 85 ab 01 00 00 jne 2ba4 <x86_emulate_memop+0x2b17>
&dst.val, 8,
ctxt)) != 0)
goto done;
}
register_address_increment(_regs[VCPU_REGS_RSP],
29f9: 44 8b 84 24 f4 00 00 mov 0xf4(%rsp),%r8d
2a00: 00
2a01: 48 8b 2c 24 mov (%rsp),%rbp
2a05: 49 8b 7d 38 mov 0x38(%r13),%rdi
2a09: 44 89 c0 mov %r8d,%eax
2a0c: 4c 8b 4d 08 mov 0x8(%rbp),%r9
2a10: f7 d8 neg %eax
2a12: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2a17: 48 63 d0 movslq %eax,%rdx
2a1a: 75 15 jne 2a31 <x86_emulate_memop+0x29a4>
2a1c: 48 89 d0 mov %rdx,%rax
2a1f: 48 03 84 24 90 00 00 add 0x90(%rsp),%rax
2a26: 00
2a27: 48 89 84 24 90 00 00 mov %rax,0x90(%rsp)
2a2e: 00
2a2f: eb 38 jmp 2a69 <x86_emulate_memop+0x29dc>
2a31: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2a35: 48 8b b4 24 90 00 00 mov 0x90(%rsp),%rsi
2a3c: 00
2a3d: b8 01 00 00 00 mov $0x1,%eax
2a42: c1 e1 03 shl $0x3,%ecx
2a45: 48 01 f2 add %rsi,%rdx
2a48: 48 d3 e0 shl %cl,%rax
2a4b: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
2a4f: 48 f7 d8 neg %rax
2a52: 48 21 f0 and %rsi,%rax
2a55: 48 21 ca and %rcx,%rdx
2a58: 48 09 c2 or %rax,%rdx
-dst.bytes);
if ((rc = ops->write_std(
2a5b: 48 89 d0 mov %rdx,%rax
2a5e: 48 89 94 24 90 00 00 mov %rdx,0x90(%rsp)
2a65: 00
2a66: 48 21 c8 and %rcx,%rax
2a69: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
2a70: 00
2a71: 48 01 c7 add %rax,%rdi
2a74: 4c 89 e9 mov %r13,%rcx
2a77: 44 89 c2 mov %r8d,%edx
2a7a: 41 ff d1 callq *%r9
2a7d: e9 e5 00 00 00 jmpq 2b67 <x86_emulate_memop+0x2ada>
register_address(ctxt->ss_base,
_regs[VCPU_REGS_RSP]),
&dst.val, dst.bytes, ctxt)) != 0)
goto done;
no_wb = 1;
break;
default:
goto cannot_emulate;
}
break;
}
writeback:
if (!no_wb) {
switch (dst.type) {
case OP_REG:
/* The 4-byte case *is* correct: in 64-bit mode we zero-extend. */
switch (dst.bytes) {
case 1:
*(u8 *)dst.ptr = (u8)dst.val;
break;
case 2:
*(u16 *)dst.ptr = (u16)dst.val;
break;
case 4:
*dst.ptr = (u32)dst.val;
break; /* 64b: zero-ext */
case 8:
*dst.ptr = dst.val;
break;
}
break;
case OP_MEM:
if (lock_prefix)
rc = ops->cmpxchg_emulated((unsigned long)dst.
ptr, &dst.orig_val,
&dst.val, dst.bytes,
ctxt);
else
rc = ops->write_emulated((unsigned long)dst.ptr,
&dst.val, dst.bytes,
ctxt);
if (rc != 0)
goto done;
default:
break;
}
}
/* Commit shadow register state. */
memcpy(ctxt->vcpu->regs, _regs, sizeof _regs);
ctxt->eflags = _eflags;
ctxt->vcpu->rip = _eip;
done:
return (rc == X86EMUL_UNHANDLEABLE) ? -1 : 0;
special_insn:
if (twobyte)
goto twobyte_special_insn;
if (rep_prefix) {
if (_regs[VCPU_REGS_RCX] == 0) {
ctxt->vcpu->rip = _eip;
goto done;
}
_regs[VCPU_REGS_RCX]--;
_eip = ctxt->vcpu->rip;
}
switch (b) {
case 0xa4 ... 0xa5: /* movs */
dst.type = OP_MEM;
dst.bytes = (d & ByteOp) ? 1 : op_bytes;
dst.ptr = (unsigned long *)register_address(ctxt->es_base,
_regs[VCPU_REGS_RDI]);
if ((rc = ops->read_emulated(register_address(
override_base ? *override_base : ctxt->ds_base,
_regs[VCPU_REGS_RSI]), &dst.val, dst.bytes, ctxt)) != 0)
goto done;
register_address_increment(_regs[VCPU_REGS_RSI],
(_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
register_address_increment(_regs[VCPU_REGS_RDI],
(_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
break;
case 0xa6 ... 0xa7: /* cmps */
DPRINTF("Urk! I don't handle CMPS.\n");
goto cannot_emulate;
case 0xaa ... 0xab: /* stos */
dst.type = OP_MEM;
dst.bytes = (d & ByteOp) ? 1 : op_bytes;
dst.ptr = (unsigned long *)cr2;
dst.val = _regs[VCPU_REGS_RAX];
register_address_increment(_regs[VCPU_REGS_RDI],
(_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
break;
case 0xac ... 0xad: /* lods */
dst.type = OP_REG;
dst.bytes = (d & ByteOp) ? 1 : op_bytes;
dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
if ((rc = ops->read_emulated(cr2, &dst.val, dst.bytes, ctxt)) != 0)
goto done;
register_address_increment(_regs[VCPU_REGS_RSI],
(_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
break;
case 0xae ... 0xaf: /* scas */
DPRINTF("Urk! I don't handle SCAS.\n");
goto cannot_emulate;
case 0xf4: /* hlt */
ctxt->vcpu->halt_request = 1;
goto done;
case 0xc3: /* ret */
dst.ptr = &_eip;
goto pop_instruction;
case 0x58 ... 0x5f: /* pop reg */
dst.ptr = (unsigned long *)&_regs[b & 0x7];
pop_instruction:
if ((rc = ops->read_std(register_address(ctxt->ss_base,
_regs[VCPU_REGS_RSP]), dst.ptr, op_bytes, ctxt)) != 0)
goto done;
register_address_increment(_regs[VCPU_REGS_RSP], op_bytes);
no_wb = 1; /* Disable writeback. */
break;
}
goto writeback;
twobyte_insn:
switch (b) {
case 0x01: /* lgdt, lidt, lmsw */
switch (modrm_reg) {
u16 size;
unsigned long address;
case 2: /* lgdt */
rc = read_descriptor(ctxt, ops, src.ptr,
&size, &address, op_bytes);
if (rc)
goto done;
realmode_lgdt(ctxt->vcpu, size, address);
break;
case 3: /* lidt */
rc = read_descriptor(ctxt, ops, src.ptr,
&size, &address, op_bytes);
if (rc)
goto done;
realmode_lidt(ctxt->vcpu, size, address);
break;
case 4: /* smsw */
if (modrm_mod != 3)
goto cannot_emulate;
*(u16 *)&_regs[modrm_rm]
= realmode_get_cr(ctxt->vcpu, 0);
break;
case 6: /* lmsw */
if (modrm_mod != 3)
goto cannot_emulate;
realmode_lmsw(ctxt->vcpu, (u16)modrm_val, &_eflags);
break;
case 7: /* invlpg*/
emulate_invlpg(ctxt->vcpu, cr2);
break;
default:
goto cannot_emulate;
}
break;
case 0x21: /* mov from dr to reg */
if (modrm_mod != 3)
goto cannot_emulate;
rc = emulator_get_dr(ctxt, modrm_reg, &_regs[modrm_rm]);
break;
case 0x23: /* mov from reg to dr */
if (modrm_mod != 3)
goto cannot_emulate;
rc = emulator_set_dr(ctxt, modrm_reg, _regs[modrm_rm]);
break;
case 0x40 ... 0x4f: /* cmov */
dst.val = dst.orig_val = src.val;
no_wb = 1;
/*
* First, assume we're decoding an even cmov opcode
* (lsb == 0).
*/
switch ((b & 15) >> 1) {
case 0: /* cmovo */
no_wb = (_eflags & EFLG_OF) ? 0 : 1;
break;
case 1: /* cmovb/cmovc/cmovnae */
no_wb = (_eflags & EFLG_CF) ? 0 : 1;
break;
case 2: /* cmovz/cmove */
no_wb = (_eflags & EFLG_ZF) ? 0 : 1;
break;
case 3: /* cmovbe/cmovna */
no_wb = (_eflags & (EFLG_CF | EFLG_ZF)) ? 0 : 1;
break;
case 4: /* cmovs */
no_wb = (_eflags & EFLG_SF) ? 0 : 1;
break;
case 5: /* cmovp/cmovpe */
no_wb = (_eflags & EFLG_PF) ? 0 : 1;
break;
case 7: /* cmovle/cmovng */
no_wb = (_eflags & EFLG_ZF) ? 0 : 1;
/* fall through */
case 6: /* cmovl/cmovnge */
no_wb &= (!(_eflags & EFLG_SF) !=
!(_eflags & EFLG_OF)) ? 0 : 1;
break;
}
/* Odd cmov opcodes (lsb == 1) have inverted sense. */
no_wb ^= b & 1;
2a82: 83 e1 01 and $0x1,%ecx
2a85: 39 ca cmp %ecx,%edx
2a87: 0f 85 e1 00 00 00 jne 2b6e <x86_emulate_memop+0x2ae1>
2a8d: 8b 84 24 f0 00 00 00 mov 0xf0(%rsp),%eax
2a94: 85 c0 test %eax,%eax
2a96: 74 0a je 2aa2 <x86_emulate_memop+0x2a15>
2a98: ff c8 dec %eax
2a9a: 0f 85 ce 00 00 00 jne 2b6e <x86_emulate_memop+0x2ae1>
2aa0: eb 7e jmp 2b20 <x86_emulate_memop+0x2a93>
2aa2: 8b 84 24 f4 00 00 00 mov 0xf4(%rsp),%eax
2aa9: 83 f8 02 cmp $0x2,%eax
2aac: 74 33 je 2ae1 <x86_emulate_memop+0x2a54>
2aae: 77 0a ja 2aba <x86_emulate_memop+0x2a2d>
2ab0: ff c8 dec %eax
2ab2: 0f 85 b6 00 00 00 jne 2b6e <x86_emulate_memop+0x2ae1>
2ab8: eb 10 jmp 2aca <x86_emulate_memop+0x2a3d>
2aba: 83 f8 04 cmp $0x4,%eax
2abd: 74 37 je 2af6 <x86_emulate_memop+0x2a69>
2abf: 83 f8 08 cmp $0x8,%eax
2ac2: 0f 85 a6 00 00 00 jne 2b6e <x86_emulate_memop+0x2ae1>
2ac8: eb 41 jmp 2b0b <x86_emulate_memop+0x2a7e>
2aca: 48 8b 94 24 f8 00 00 mov 0xf8(%rsp),%rdx
2ad1: 00
2ad2: 48 8b 84 24 08 01 00 mov 0x108(%rsp),%rax
2ad9: 00
2ada: 88 10 mov %dl,(%rax)
2adc: e9 8d 00 00 00 jmpq 2b6e <x86_emulate_memop+0x2ae1>
2ae1: 48 8b 94 24 f8 00 00 mov 0xf8(%rsp),%rdx
2ae8: 00
2ae9: 48 8b 84 24 08 01 00 mov 0x108(%rsp),%rax
2af0: 00
2af1: 66 89 10 mov %dx,(%rax)
2af4: eb 78 jmp 2b6e <x86_emulate_memop+0x2ae1>
2af6: 44 8b 84 24 f8 00 00 mov 0xf8(%rsp),%r8d
2afd: 00
2afe: 48 8b 84 24 08 01 00 mov 0x108(%rsp),%rax
2b05: 00
2b06: 4c 89 00 mov %r8,(%rax)
2b09: eb 63 jmp 2b6e <x86_emulate_memop+0x2ae1>
2b0b: 48 8b 94 24 f8 00 00 mov 0xf8(%rsp),%rdx
2b12: 00
2b13: 48 8b 84 24 08 01 00 mov 0x108(%rsp),%rax
2b1a: 00
2b1b: 48 89 10 mov %rdx,(%rax)
2b1e: eb 4e jmp 2b6e <x86_emulate_memop+0x2ae1>
2b20: 83 7c 24 4c 00 cmpl $0x0,0x4c(%rsp)
2b25: 44 8b 8c 24 f4 00 00 mov 0xf4(%rsp),%r9d
2b2c: 00
2b2d: 48 8d 84 24 f0 00 00 lea 0xf0(%rsp),%rax
2b34: 00
2b35: 48 8b bc 24 08 01 00 mov 0x108(%rsp),%rdi
2b3c: 00
2b3d: 74 17 je 2b56 <x86_emulate_memop+0x2ac9>
2b3f: 48 8b 1c 24 mov (%rsp),%rbx
2b43: 48 8d 50 08 lea 0x8(%rax),%rdx
2b47: 48 8d 70 10 lea 0x10(%rax),%rsi
2b4b: 4d 89 e8 mov %r13,%r8
2b4e: 44 89 c9 mov %r9d,%ecx
2b51: ff 53 20 callq *0x20(%rbx)
2b54: eb 11 jmp 2b67 <x86_emulate_memop+0x2ada>
2b56: 48 8b 2c 24 mov (%rsp),%rbp
2b5a: 48 8d 70 08 lea 0x8(%rax),%rsi
2b5e: 4c 89 e9 mov %r13,%rcx
2b61: 44 89 ca mov %r9d,%edx
2b64: ff 55 18 callq *0x18(%rbp)
2b67: 85 c0 test %eax,%eax
2b69: 41 89 c7 mov %eax,%r15d
2b6c: 75 36 jne 2ba4 <x86_emulate_memop+0x2b17>
2b6e: 49 8b 7d 00 mov 0x0(%r13),%rdi
2b72: 48 8d 74 24 70 lea 0x70(%rsp),%rsi
2b77: ba 80 00 00 00 mov $0x80,%edx
2b7c: 48 83 ef 80 sub $0xffffffffffffff80,%rdi
2b80: e8 00 00 00 00 callq 2b85 <x86_emulate_memop+0x2af8>
2b81: R_X86_64_PC32 __memcpy+0xfffffffffffffffc
2b85: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
2b8c: 00
2b8d: 49 8b 55 00 mov 0x0(%r13),%rdx
2b91: 49 89 45 08 mov %rax,0x8(%r13)
2b95: 48 8b 84 24 50 01 00 mov 0x150(%rsp),%rax
2b9c: 00
2b9d: 48 89 82 00 01 00 00 mov %rax,0x100(%rdx)
2ba4: 41 ff cf dec %r15d
2ba7: 0f 84 a4 0f 00 00 je 3b51 <x86_emulate_memop+0x3ac4>
2bad: 31 c0 xor %eax,%eax
2baf: e9 ca 0f 00 00 jmpq 3b7e <x86_emulate_memop+0x3af1>
2bb4: 80 7c 24 1d 00 cmpb $0x0,0x1d(%rsp)
2bb9: 0f 85 aa 0d 00 00 jne 3969 <x86_emulate_memop+0x38dc>
2bbf: 83 7c 24 50 00 cmpl $0x0,0x50(%rsp)
2bc4: 74 36 je 2bfc <x86_emulate_memop+0x2b6f>
2bc6: 48 8b 44 24 78 mov 0x78(%rsp),%rax
2bcb: 49 8b 55 00 mov 0x0(%r13),%rdx
2bcf: 48 85 c0 test %rax,%rax
2bd2: 75 11 jne 2be5 <x86_emulate_memop+0x2b58>
2bd4: 48 8b 84 24 50 01 00 mov 0x150(%rsp),%rax
2bdb: 00
2bdc: 48 89 82 00 01 00 00 mov %rax,0x100(%rdx)
2be3: eb c8 jmp 2bad <x86_emulate_memop+0x2b20>
2be5: 48 ff c8 dec %rax
2be8: 48 89 44 24 78 mov %rax,0x78(%rsp)
2bed: 48 8b 82 00 01 00 00 mov 0x100(%rdx),%rax
2bf4: 48 89 84 24 50 01 00 mov %rax,0x150(%rsp)
2bfb: 00
2bfc: 40 80 fd ab cmp $0xab,%bpl
2c00: 77 35 ja 2c37 <x86_emulate_memop+0x2baa>
2c02: 40 80 fd aa cmp $0xaa,%bpl
2c06: 0f 83 e7 01 00 00 jae 2df3 <x86_emulate_memop+0x2d66>
2c0c: 40 80 fd a5 cmp $0xa5,%bpl
2c10: 77 16 ja 2c28 <x86_emulate_memop+0x2b9b>
2c12: 40 80 fd a4 cmp $0xa4,%bpl
2c16: 73 4d jae 2c65 <x86_emulate_memop+0x2bd8>
2c18: 8d 45 a8 lea 0xffffffffffffffa8(%rbp),%eax
2c1b: 3c 07 cmp $0x7,%al
2c1d: 0f 87 6a fe ff ff ja 2a8d <x86_emulate_memop+0x2a00>
2c23: e9 40 03 00 00 jmpq 2f68 <x86_emulate_memop+0x2edb>
2c28: 40 80 fd a7 cmp $0xa7,%bpl
2c2c: 0f 87 5b fe ff ff ja 2a8d <x86_emulate_memop+0x2a00>
2c32: e9 1a 0f 00 00 jmpq 3b51 <x86_emulate_memop+0x3ac4>
2c37: 40 80 fd af cmp $0xaf,%bpl
2c3b: 77 0f ja 2c4c <x86_emulate_memop+0x2bbf>
2c3d: 40 80 fd ae cmp $0xae,%bpl
2c41: 0f 83 0a 0f 00 00 jae 3b51 <x86_emulate_memop+0x3ac4>
2c47: e9 42 02 00 00 jmpq 2e8e <x86_emulate_memop+0x2e01>
2c4c: 40 80 fd c3 cmp $0xc3,%bpl
2c50: 0f 84 08 03 00 00 je 2f5e <x86_emulate_memop+0x2ed1>
2c56: 40 80 fd f4 cmp $0xf4,%bpl
2c5a: 0f 85 2d fe ff ff jne 2a8d <x86_emulate_memop+0x2a00>
2c60: e9 e6 02 00 00 jmpq 2f4b <x86_emulate_memop+0x2ebe>
2c65: f6 44 24 18 01 testb $0x1,0x18(%rsp)
2c6a: b8 01 00 00 00 mov $0x1,%eax
2c6f: c7 84 24 f0 00 00 00 movl $0x1,0xf0(%rsp)
2c76: 01 00 00 00
2c7a: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
2c7f: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2c84: 49 8b 55 30 mov 0x30(%r13),%rdx
2c88: 89 84 24 f4 00 00 00 mov %eax,0xf4(%rsp)
2c8f: 75 0a jne 2c9b <x86_emulate_memop+0x2c0e>
2c91: 48 8b 84 24 a8 00 00 mov 0xa8(%rsp),%rax
2c98: 00
2c99: eb 1a jmp 2cb5 <x86_emulate_memop+0x2c28>
2c9b: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2c9f: b8 01 00 00 00 mov $0x1,%eax
2ca4: c1 e1 03 shl $0x3,%ecx
2ca7: 48 d3 e0 shl %cl,%rax
2caa: 48 ff c8 dec %rax
2cad: 48 23 84 24 a8 00 00 and 0xa8(%rsp),%rax
2cb4: 00
2cb5: 48 01 d0 add %rdx,%rax
2cb8: 48 83 7c 24 40 00 cmpq $0x0,0x40(%rsp)
2cbe: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
2cc5: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
2ccc: 00
2ccd: 48 8b 04 24 mov (%rsp),%rax
2cd1: 4c 8b 40 10 mov 0x10(%rax),%r8
2cd5: 74 0a je 2ce1 <x86_emulate_memop+0x2c54>
2cd7: 48 8b 4c 24 40 mov 0x40(%rsp),%rcx
2cdc: 48 8b 39 mov (%rcx),%rdi
2cdf: eb 04 jmp 2ce5 <x86_emulate_memop+0x2c58>
2ce1: 49 8b 7d 28 mov 0x28(%r13),%rdi
2ce5: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2cea: 75 0a jne 2cf6 <x86_emulate_memop+0x2c69>
2cec: 48 8b 84 24 a0 00 00 mov 0xa0(%rsp),%rax
2cf3: 00
2cf4: eb 1a jmp 2d10 <x86_emulate_memop+0x2c83>
2cf6: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2cfa: b8 01 00 00 00 mov $0x1,%eax
2cff: c1 e1 03 shl $0x3,%ecx
2d02: 48 d3 e0 shl %cl,%rax
2d05: 48 ff c8 dec %rax
2d08: 48 23 84 24 a0 00 00 and 0xa0(%rsp),%rax
2d0f: 00
2d10: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
2d17: 00
2d18: 48 8d 3c 38 lea (%rax,%rdi,1),%rdi
2d1c: 4c 89 e9 mov %r13,%rcx
2d1f: 41 ff d0 callq *%r8
2d22: 85 c0 test %eax,%eax
2d24: 41 89 c7 mov %eax,%r15d
2d27: 0f 85 77 fe ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
2d2d: 44 8b 8c 24 f4 00 00 mov 0xf4(%rsp),%r9d
2d34: 00
2d35: 44 89 c8 mov %r9d,%eax
2d38: f7 d8 neg %eax
2d3a: f6 84 24 49 01 00 00 testb $0x4,0x149(%rsp)
2d41: 04
2d42: 44 0f 45 c8 cmovne %eax,%r9d
2d46: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2d4b: 49 63 d1 movslq %r9d,%rdx
2d4e: 75 0a jne 2d5a <x86_emulate_memop+0x2ccd>
2d50: 48 01 94 24 a0 00 00 add %rdx,0xa0(%rsp)
2d57: 00
2d58: eb 32 jmp 2d8c <x86_emulate_memop+0x2cff>
2d5a: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2d5e: 48 8b b4 24 a0 00 00 mov 0xa0(%rsp),%rsi
2d65: 00
2d66: b8 01 00 00 00 mov $0x1,%eax
2d6b: c1 e1 03 shl $0x3,%ecx
2d6e: 48 01 f2 add %rsi,%rdx
2d71: 48 d3 e0 shl %cl,%rax
2d74: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
2d78: 48 f7 d8 neg %rax
2d7b: 48 21 f0 and %rsi,%rax
2d7e: 48 21 ca and %rcx,%rdx
2d81: 48 09 c2 or %rax,%rdx
2d84: 48 89 94 24 a0 00 00 mov %rdx,0xa0(%rsp)
2d8b: 00
2d8c: 44 8b 8c 24 f4 00 00 mov 0xf4(%rsp),%r9d
2d93: 00
2d94: 44 89 c8 mov %r9d,%eax
2d97: f7 d8 neg %eax
2d99: f6 84 24 49 01 00 00 testb $0x4,0x149(%rsp)
2da0: 04
2da1: 44 0f 45 c8 cmovne %eax,%r9d
2da5: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2daa: 49 63 d1 movslq %r9d,%rdx
2dad: 75 0d jne 2dbc <x86_emulate_memop+0x2d2f>
2daf: 48 01 94 24 a8 00 00 add %rdx,0xa8(%rsp)
2db6: 00
2db7: e9 d1 fc ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2dbc: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2dc0: 48 8b b4 24 a8 00 00 mov 0xa8(%rsp),%rsi
2dc7: 00
2dc8: b8 01 00 00 00 mov $0x1,%eax
2dcd: c1 e1 03 shl $0x3,%ecx
2dd0: 48 01 f2 add %rsi,%rdx
2dd3: 48 d3 e0 shl %cl,%rax
2dd6: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
2dda: 48 f7 d8 neg %rax
2ddd: 48 21 f0 and %rsi,%rax
2de0: 48 21 ca and %rcx,%rdx
2de3: 48 09 c2 or %rax,%rdx
2de6: 48 89 94 24 a8 00 00 mov %rdx,0xa8(%rsp)
2ded: 00
2dee: e9 9a fc ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2df3: f6 44 24 18 01 testb $0x1,0x18(%rsp)
2df8: b8 01 00 00 00 mov $0x1,%eax
2dfd: c7 84 24 f0 00 00 00 movl $0x1,0xf0(%rsp)
2e04: 01 00 00 00
2e08: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
2e0d: 4c 89 a4 24 08 01 00 mov %r12,0x108(%rsp)
2e14: 00
2e15: 89 44 24 6c mov %eax,0x6c(%rsp)
2e19: 89 84 24 f4 00 00 00 mov %eax,0xf4(%rsp)
2e20: 48 8b 44 24 70 mov 0x70(%rsp),%rax
2e25: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
2e2c: 00
2e2d: 8b 44 24 6c mov 0x6c(%rsp),%eax
2e31: f7 d8 neg %eax
2e33: f6 84 24 49 01 00 00 testb $0x4,0x149(%rsp)
2e3a: 04
2e3b: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
2e40: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2e45: 48 63 d0 movslq %eax,%rdx
2e48: 75 0d jne 2e57 <x86_emulate_memop+0x2dca>
2e4a: 48 01 94 24 a8 00 00 add %rdx,0xa8(%rsp)
2e51: 00
2e52: e9 36 fc ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2e57: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2e5b: 48 8b b4 24 a8 00 00 mov 0xa8(%rsp),%rsi
2e62: 00
2e63: b8 01 00 00 00 mov $0x1,%eax
2e68: c1 e1 03 shl $0x3,%ecx
2e6b: 48 01 f2 add %rsi,%rdx
2e6e: 48 d3 e0 shl %cl,%rax
2e71: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
2e75: 48 f7 d8 neg %rax
2e78: 48 21 f0 and %rsi,%rax
2e7b: 48 21 ca and %rcx,%rdx
2e7e: 48 09 c2 or %rax,%rdx
2e81: 48 89 94 24 a8 00 00 mov %rdx,0xa8(%rsp)
2e88: 00
2e89: e9 ff fb ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2e8e: f6 44 24 18 01 testb $0x1,0x18(%rsp)
2e93: b8 01 00 00 00 mov $0x1,%eax
2e98: 48 8b 1c 24 mov (%rsp),%rbx
2e9c: 0f 44 44 24 6c cmove 0x6c(%rsp),%eax
2ea1: c7 84 24 f0 00 00 00 movl $0x0,0xf0(%rsp)
2ea8: 00 00 00 00
2eac: 48 8d b4 24 f8 00 00 lea 0xf8(%rsp),%rsi
2eb3: 00
2eb4: 4c 89 e9 mov %r13,%rcx
2eb7: 4c 89 e7 mov %r12,%rdi
2eba: 89 44 24 6c mov %eax,0x6c(%rsp)
2ebe: 89 84 24 f4 00 00 00 mov %eax,0xf4(%rsp)
2ec5: 48 8d 44 24 70 lea 0x70(%rsp),%rax
2eca: 8b 54 24 6c mov 0x6c(%rsp),%edx
2ece: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
2ed5: 00
2ed6: ff 53 10 callq *0x10(%rbx)
2ed9: 85 c0 test %eax,%eax
2edb: 41 89 c7 mov %eax,%r15d
2ede: 0f 85 c0 fc ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
2ee4: 44 8b 8c 24 f4 00 00 mov 0xf4(%rsp),%r9d
2eeb: 00
2eec: 44 89 c8 mov %r9d,%eax
2eef: f7 d8 neg %eax
2ef1: f6 84 24 49 01 00 00 testb $0x4,0x149(%rsp)
2ef8: 04
2ef9: 44 0f 45 c8 cmovne %eax,%r9d
2efd: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2f02: 49 63 d1 movslq %r9d,%rdx
2f05: 75 0d jne 2f14 <x86_emulate_memop+0x2e87>
2f07: 48 01 94 24 a0 00 00 add %rdx,0xa0(%rsp)
2f0e: 00
2f0f: e9 79 fb ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2f14: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2f18: 48 8b b4 24 a0 00 00 mov 0xa0(%rsp),%rsi
2f1f: 00
2f20: b8 01 00 00 00 mov $0x1,%eax
2f25: c1 e1 03 shl $0x3,%ecx
2f28: 48 01 f2 add %rsi,%rdx
2f2b: 48 d3 e0 shl %cl,%rax
2f2e: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
2f32: 48 f7 d8 neg %rax
2f35: 48 21 f0 and %rsi,%rax
2f38: 48 21 ca and %rcx,%rdx
2f3b: 48 09 c2 or %rax,%rdx
2f3e: 48 89 94 24 a0 00 00 mov %rdx,0xa0(%rsp)
2f45: 00
2f46: e9 42 fb ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
2f4b: 49 8b 45 00 mov 0x0(%r13),%rax
2f4f: c7 80 28 0a 00 00 01 movl $0x1,0xa28(%rax)
2f56: 00 00 00
2f59: e9 4f fc ff ff jmpq 2bad <x86_emulate_memop+0x2b20>
2f5e: 48 8d 84 24 50 01 00 lea 0x150(%rsp),%rax
2f65: 00
2f66: eb 0b jmp 2f73 <x86_emulate_memop+0x2ee6>
2f68: 48 89 e8 mov %rbp,%rax
2f6b: 83 e0 07 and $0x7,%eax
2f6e: 48 8d 44 c4 70 lea 0x70(%rsp,%rax,8),%rax
2f73: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2f78: 48 8b 2c 24 mov (%rsp),%rbp
2f7c: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
2f83: 00
2f84: 49 8b 55 38 mov 0x38(%r13),%rdx
2f88: 48 8b b4 24 08 01 00 mov 0x108(%rsp),%rsi
2f8f: 00
2f90: 4c 8b 45 00 mov 0x0(%rbp),%r8
2f94: 75 0a jne 2fa0 <x86_emulate_memop+0x2f13>
2f96: 48 8b 84 24 90 00 00 mov 0x90(%rsp),%rax
2f9d: 00
2f9e: eb 1a jmp 2fba <x86_emulate_memop+0x2f2d>
2fa0: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2fa4: b8 01 00 00 00 mov $0x1,%eax
2fa9: c1 e1 03 shl $0x3,%ecx
2fac: 48 d3 e0 shl %cl,%rax
2faf: 48 ff c8 dec %rax
2fb2: 48 23 84 24 90 00 00 and 0x90(%rsp),%rax
2fb9: 00
2fba: 48 8d 3c 10 lea (%rax,%rdx,1),%rdi
2fbe: 4c 89 e9 mov %r13,%rcx
2fc1: 8b 54 24 6c mov 0x6c(%rsp),%edx
2fc5: 41 ff d0 callq *%r8
2fc8: 85 c0 test %eax,%eax
2fca: 41 89 c7 mov %eax,%r15d
2fcd: 0f 85 d1 fb ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
2fd3: 83 7c 24 48 08 cmpl $0x8,0x48(%rsp)
2fd8: 48 63 54 24 6c movslq 0x6c(%rsp),%rdx
2fdd: 75 0d jne 2fec <x86_emulate_memop+0x2f5f>
2fdf: 48 01 94 24 90 00 00 add %rdx,0x90(%rsp)
2fe6: 00
2fe7: e9 82 fb ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
2fec: 8b 4c 24 48 mov 0x48(%rsp),%ecx
2ff0: 48 8b b4 24 90 00 00 mov 0x90(%rsp),%rsi
2ff7: 00
2ff8: b8 01 00 00 00 mov $0x1,%eax
2ffd: c1 e1 03 shl $0x3,%ecx
3000: 48 01 f2 add %rsi,%rdx
3003: 48 d3 e0 shl %cl,%rax
3006: 48 8d 48 ff lea 0xffffffffffffffff(%rax),%rcx
300a: 48 f7 d8 neg %rax
300d: 48 21 f0 and %rsi,%rax
3010: 48 21 ca and %rcx,%rdx
3013: 48 09 c2 or %rax,%rdx
3016: 48 89 94 24 90 00 00 mov %rdx,0x90(%rsp)
301d: 00
301e: e9 4b fb ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
3023: 40 80 fd b1 cmp $0xb1,%bpl
3027: 77 52 ja 307b <x86_emulate_memop+0x2fee>
3029: 40 80 fd b0 cmp $0xb0,%bpl
302d: 0f 83 e5 02 00 00 jae 3318 <x86_emulate_memop+0x328b>
3033: 40 80 fd 4f cmp $0x4f,%bpl
3037: 77 29 ja 3062 <x86_emulate_memop+0x2fd5>
3039: 40 80 fd 40 cmp $0x40,%bpl
303d: 0f 83 ea 01 00 00 jae 322d <x86_emulate_memop+0x31a0>
3043: 40 80 fd 21 cmp $0x21,%bpl
3047: 0f 84 8c 01 00 00 je 31d9 <x86_emulate_memop+0x314c>
304d: 40 80 fd 23 cmp $0x23,%bpl
3051: 0f 84 ac 01 00 00 je 3203 <x86_emulate_memop+0x3176>
3057: 40 fe cd dec %bpl
305a: 0f 85 2d fa ff ff jne 2a8d <x86_emulate_memop+0x2a00>
3060: eb 5f jmp 30c1 <x86_emulate_memop+0x3034>
3062: 40 80 fd a3 cmp $0xa3,%bpl
3066: 0f 84 37 04 00 00 je 34a3 <x86_emulate_memop+0x3416>
306c: 40 80 fd ab cmp $0xab,%bpl
3070: 0f 85 17 fa ff ff jne 2a8d <x86_emulate_memop+0x2a00>
3076: e9 3a 06 00 00 jmpq 36b5 <x86_emulate_memop+0x3628>
307b: 40 80 fd ba cmp $0xba,%bpl
307f: 0f 84 7d 08 00 00 je 3902 <x86_emulate_memop+0x3875>
3085: 77 20 ja 30a7 <x86_emulate_memop+0x301a>
3087: 40 80 fd b3 cmp $0xb3,%bpl
308b: 0f 84 21 05 00 00 je 35b2 <x86_emulate_memop+0x3525>
3091: 0f 82 f6 f9 ff ff jb 2a8d <x86_emulate_memop+0x2a00>
3097: 8d 45 4a lea 0x4a(%rbp),%eax
309a: 3c 01 cmp $0x1,%al
309c: 0f 87 eb f9 ff ff ja 2a8d <x86_emulate_memop+0x2a00>
30a2: e9 1d 07 00 00 jmpq 37c4 <x86_emulate_memop+0x3737>
30a7: 40 80 fd bb cmp $0xbb,%bpl
30ab: 0f 84 42 07 00 00 je 37f3 <x86_emulate_memop+0x3766>
30b1: 8d 45 42 lea 0x42(%rbp),%eax
30b4: 3c 01 cmp $0x1,%al
30b6: 0f 87 d1 f9 ff ff ja 2a8d <x86_emulate_memop+0x2a00>
30bc: e9 77 08 00 00 jmpq 3938 <x86_emulate_memop+0x38ab>
30c1: 8a 44 24 20 mov 0x20(%rsp),%al
30c5: 83 e8 02 sub $0x2,%eax
30c8: 3c 05 cmp $0x5,%al
30ca: 0f 87 81 0a 00 00 ja 3b51 <x86_emulate_memop+0x3ac4>
30d0: 0f b6 c0 movzbl %al,%eax
30d3: ff 24 c5 00 00 00 00 jmpq *0x0(,%rax,8)
30d6: R_X86_64_32S .rodata+0xc0
30da: 48 8b 94 24 28 01 00 mov 0x128(%rsp),%rdx
30e1: 00
30e2: 44 8b 4c 24 6c mov 0x6c(%rsp),%r9d
30e7: 48 8d 8c 24 38 01 00 lea 0x138(%rsp),%rcx
30ee: 00
30ef: 48 8b 34 24 mov (%rsp),%rsi
30f3: 4c 8d 84 24 40 01 00 lea 0x140(%rsp),%r8
30fa: 00
30fb: 4c 89 ef mov %r13,%rdi
30fe: e8 28 cf ff ff callq 2b <read_descriptor>
3103: 85 c0 test %eax,%eax
3105: 41 89 c7 mov %eax,%r15d
3108: 0f 85 96 fa ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
310e: 0f b7 b4 24 38 01 00 movzwl 0x138(%rsp),%esi
3115: 00
3116: 48 8b 94 24 40 01 00 mov 0x140(%rsp),%rdx
311d: 00
311e: 49 8b 7d 00 mov 0x0(%r13),%rdi
3122: e8 00 00 00 00 callq 3127 <x86_emulate_memop+0x309a>
3123: R_X86_64_PC32 realmode_lgdt+0xfffffffffffffffc
3127: e9 61 f9 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
312c: 48 8b 94 24 28 01 00 mov 0x128(%rsp),%rdx
3133: 00
3134: 44 8b 4c 24 6c mov 0x6c(%rsp),%r9d
3139: 48 8d 8c 24 38 01 00 lea 0x138(%rsp),%rcx
3140: 00
3141: 48 8b 34 24 mov (%rsp),%rsi
3145: 4c 8d 84 24 40 01 00 lea 0x140(%rsp),%r8
314c: 00
314d: 4c 89 ef mov %r13,%rdi
3150: e8 d6 ce ff ff callq 2b <read_descriptor>
3155: 85 c0 test %eax,%eax
3157: 41 89 c7 mov %eax,%r15d
315a: 0f 85 44 fa ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
3160: 0f b7 b4 24 38 01 00 movzwl 0x138(%rsp),%esi
3167: 00
3168: 48 8b 94 24 40 01 00 mov 0x140(%rsp),%rdx
316f: 00
3170: 49 8b 7d 00 mov 0x0(%r13),%rdi
3174: e8 00 00 00 00 callq 3179 <x86_emulate_memop+0x30ec>
3175: R_X86_64_PC32 realmode_lidt+0xfffffffffffffffc
3179: e9 0f f9 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
317e: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
3183: 0f 85 c8 09 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
3189: 49 8b 7d 00 mov 0x0(%r13),%rdi
318d: 31 f6 xor %esi,%esi
318f: e8 00 00 00 00 callq 3194 <x86_emulate_memop+0x3107>
3190: R_X86_64_PC32 realmode_get_cr+0xfffffffffffffffc
3194: 0f b6 54 24 3f movzbl 0x3f(%rsp),%edx
3199: 66 89 44 d4 70 mov %ax,0x70(%rsp,%rdx,8)
319e: e9 ea f8 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
31a3: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
31a8: 0f 85 a3 09 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
31ae: 49 8b 7d 00 mov 0x0(%r13),%rdi
31b2: 48 8d 94 24 48 01 00 lea 0x148(%rsp),%rdx
31b9: 00
31ba: 41 0f b7 f6 movzwl %r14w,%esi
31be: e8 00 00 00 00 callq 31c3 <x86_emulate_memop+0x3136>
31bf: R_X86_64_PC32 realmode_lmsw+0xfffffffffffffffc
31c3: e9 c5 f8 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
31c8: 49 8b 7d 00 mov 0x0(%r13),%rdi
31cc: 4c 89 e6 mov %r12,%rsi
31cf: e8 00 00 00 00 callq 31d4 <x86_emulate_memop+0x3147>
31d0: R_X86_64_PC32 emulate_invlpg+0xfffffffffffffffc
31d4: e9 b4 f8 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
31d9: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
31de: 0f 85 6d 09 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
31e4: 0f b6 54 24 3f movzbl 0x3f(%rsp),%edx
31e9: 0f b6 74 24 20 movzbl 0x20(%rsp),%esi
31ee: 4c 89 ef mov %r13,%rdi
31f1: 48 8d 54 d4 70 lea 0x70(%rsp,%rdx,8),%rdx
31f6: e8 00 00 00 00 callq 31fb <x86_emulate_memop+0x316e>
31f7: R_X86_64_PC32 emulator_get_dr+0xfffffffffffffffc
31fb: 41 89 c7 mov %eax,%r15d
31fe: e9 8a f8 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
3203: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
3208: 0f 85 43 09 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
320e: 0f b6 44 24 3f movzbl 0x3f(%rsp),%eax
3213: 0f b6 74 24 20 movzbl 0x20(%rsp),%esi
3218: 4c 89 ef mov %r13,%rdi
321b: 48 8b 54 c4 70 mov 0x70(%rsp,%rax,8),%rdx
3220: e8 00 00 00 00 callq 3225 <x86_emulate_memop+0x3198>
3221: R_X86_64_PC32 emulator_set_dr+0xfffffffffffffffc
3225: 41 89 c7 mov %eax,%r15d
3228: e9 60 f8 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
322d: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
3234: 00
3235: 40 0f b6 cd movzbl %bpl,%ecx
3239: ba 01 00 00 00 mov $0x1,%edx
323e: 48 89 84 24 00 01 00 mov %rax,0x100(%rsp)
3245: 00
3246: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
324d: 00
324e: 89 c8 mov %ecx,%eax
3250: 83 e0 0f and $0xf,%eax
3253: d1 f8 sar %eax
3255: 83 f8 07 cmp $0x7,%eax
3258: 0f 87 24 f8 ff ff ja 2a82 <x86_emulate_memop+0x29f5>
325e: 89 c0 mov %eax,%eax
3260: ff 24 c5 00 00 00 00 jmpq *0x0(,%rax,8)
3263: R_X86_64_32S .rodata+0xf0
3267: be 01 00 00 00 mov $0x1,%esi
326c: e9 84 00 00 00 jmpq 32f5 <x86_emulate_memop+0x3268>
3271: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
3278: 00
3279: 80 f4 08 xor $0x8,%ah
327c: 48 c1 e8 0b shr $0xb,%rax
3280: eb 54 jmp 32d6 <x86_emulate_memop+0x3249>
3282: 8a 84 24 48 01 00 00 mov 0x148(%rsp),%al
3289: 83 e0 01 and $0x1,%eax
328c: 83 f0 01 xor $0x1,%eax
328f: eb 1d jmp 32ae <x86_emulate_memop+0x3221>
3291: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
3298: 00
3299: 48 83 f0 40 xor $0x40,%rax
329d: 48 c1 e8 06 shr $0x6,%rax
32a1: eb 33 jmp 32d6 <x86_emulate_memop+0x3249>
32a3: f6 84 24 48 01 00 00 testb $0x41,0x148(%rsp)
32aa: 41
32ab: 0f 94 c0 sete %al
32ae: 0f b6 d0 movzbl %al,%edx
32b1: e9 cc f7 ff ff jmpq 2a82 <x86_emulate_memop+0x29f5>
32b6: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
32bd: 00
32be: 34 80 xor $0x80,%al
32c0: 48 c1 e8 07 shr $0x7,%rax
32c4: eb 10 jmp 32d6 <x86_emulate_memop+0x3249>
32c6: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
32cd: 00
32ce: 48 83 f0 04 xor $0x4,%rax
32d2: 48 c1 e8 02 shr $0x2,%rax
32d6: 89 c2 mov %eax,%edx
32d8: 83 e2 01 and $0x1,%edx
32db: e9 a2 f7 ff ff jmpq 2a82 <x86_emulate_memop+0x29f5>
32e0: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
32e7: 00
32e8: 48 83 f0 40 xor $0x40,%rax
32ec: 48 c1 e8 06 shr $0x6,%rax
32f0: 89 c6 mov %eax,%esi
32f2: 83 e6 01 and $0x1,%esi
32f5: 48 8b 84 24 48 01 00 mov 0x148(%rsp),%rax
32fc: 00
32fd: 48 89 c2 mov %rax,%rdx
3300: 48 c1 e8 0b shr $0xb,%rax
3304: 48 c1 ea 07 shr $0x7,%rdx
3308: 48 83 f0 01 xor $0x1,%rax
330c: 48 31 d0 xor %rdx,%rax
330f: 89 f2 mov %esi,%edx
3311: 21 c2 and %eax,%edx
3313: e9 6a f7 ff ff jmpq 2a82 <x86_emulate_memop+0x29f5>
break;
case 0xb0 ... 0xb1: /* cmpxchg */
/*
* Save real source value, then compare EAX against
* destination.
*/
src.orig_val = src.val;
3318: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
331f: 00
src.val = _regs[VCPU_REGS_RAX];
emulate_2op_SrcV("cmp", src, dst, _eflags);
3320: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
3327: 48 89 84 24 20 01 00 mov %rax,0x120(%rsp)
332e: 00
332f: 48 8b 44 24 70 mov 0x70(%rsp),%rax
3334: 83 fa 01 cmp $0x1,%edx
3337: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
333e: 00
333f: 75 4f jne 3390 <x86_emulate_memop+0x3303>
3341: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3348: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
334e: 44 21 04 24 and %r8d,(%rsp)
3352: 9c pushfq
3353: 41 f7 d0 not %r8d
3356: 44 21 04 24 and %r8d,(%rsp)
335a: 41 58 pop %r8
335c: 44 09 04 24 or %r8d,(%rsp)
3360: 9d popfq
3361: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
3367: 41 f7 d0 not %r8d
336a: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
3371: 00
3372: 38 84 24 f8 00 00 00 cmp %al,0xf8(%rsp)
3379: 9c pushfq
337a: 41 58 pop %r8
337c: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
3383: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
338a: 00
338b: e9 d7 00 00 00 jmpq 3467 <x86_emulate_memop+0x33da>
3390: 83 fa 04 cmp $0x4,%edx
3393: 74 53 je 33e8 <x86_emulate_memop+0x335b>
3395: 83 fa 08 cmp $0x8,%edx
3398: 0f 84 8a 00 00 00 je 3428 <x86_emulate_memop+0x339b>
339e: 83 fa 02 cmp $0x2,%edx
33a1: 0f 85 c0 00 00 00 jne 3467 <x86_emulate_memop+0x33da>
33a7: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
33ae: ba d5 08 00 00 mov $0x8d5,%edx
33b3: 21 14 24 and %edx,(%rsp)
33b6: 9c pushfq
33b7: f7 d2 not %edx
33b9: 21 14 24 and %edx,(%rsp)
33bc: 5a pop %rdx
33bd: 09 14 24 or %edx,(%rsp)
33c0: 9d popfq
33c1: ba d5 08 00 00 mov $0x8d5,%edx
33c6: f7 d2 not %edx
33c8: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
33cf: 66 39 84 24 f8 00 00 cmp %ax,0xf8(%rsp)
33d6: 00
33d7: 9c pushfq
33d8: 5a pop %rdx
33d9: 81 e2 d5 08 00 00 and $0x8d5,%edx
33df: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
33e6: eb 7f jmp 3467 <x86_emulate_memop+0x33da>
33e8: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
33ef: b9 d5 08 00 00 mov $0x8d5,%ecx
33f4: 21 0c 24 and %ecx,(%rsp)
33f7: 9c pushfq
33f8: f7 d1 not %ecx
33fa: 21 0c 24 and %ecx,(%rsp)
33fd: 59 pop %rcx
33fe: 09 0c 24 or %ecx,(%rsp)
3401: 9d popfq
3402: b9 d5 08 00 00 mov $0x8d5,%ecx
3407: f7 d1 not %ecx
3409: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
3410: 39 84 24 f8 00 00 00 cmp %eax,0xf8(%rsp)
3417: 9c pushfq
3418: 59 pop %rcx
3419: 81 e1 d5 08 00 00 and $0x8d5,%ecx
341f: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
3426: eb 3f jmp 3467 <x86_emulate_memop+0x33da>
3428: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
342f: bb d5 08 00 00 mov $0x8d5,%ebx
3434: 21 1c 24 and %ebx,(%rsp)
3437: 9c pushfq
3438: f7 d3 not %ebx
343a: 21 1c 24 and %ebx,(%rsp)
343d: 5b pop %rbx
343e: 09 1c 24 or %ebx,(%rsp)
3441: 9d popfq
3442: bb d5 08 00 00 mov $0x8d5,%ebx
3447: f7 d3 not %ebx
3449: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
3450: 48 39 84 24 f8 00 00 cmp %rax,0xf8(%rsp)
3457: 00
3458: 9c pushfq
3459: 5b pop %rbx
345a: 81 e3 d5 08 00 00 and $0x8d5,%ebx
3460: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
/* Always write back. The question is: where to? */
d |= Mov;
if (_eflags & EFLG_ZF) {
3467: f6 84 24 48 01 00 00 testb $0x40,0x148(%rsp)
346e: 40
346f: 74 15 je 3486 <x86_emulate_memop+0x33f9>
/* Success: write back to memory. */
dst.val = src.orig_val;
3471: 48 8b 84 24 20 01 00 mov 0x120(%rsp),%rax
3478: 00
3479: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
3480: 00
3481: e9 07 f6 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
} else {
/* Failure: write the value we saw to EAX. */
dst.type = OP_REG;
dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
3486: 48 8d 44 24 70 lea 0x70(%rsp),%rax
348b: c7 84 24 f0 00 00 00 movl $0x0,0xf0(%rsp)
3492: 00 00 00 00
3496: 48 89 84 24 08 01 00 mov %rax,0x108(%rsp)
349d: 00
349e: e9 ea f5 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
}
break;
case 0xa3:
bt: /* bt */
src.val &= (dst.bytes << 3) - 1; /* only subword offset */
34a3: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
34aa: 8d 04 d5 ff ff ff ff lea 0xffffffffffffffff(,%rdx,8),%eax
34b1: 48 23 84 24 18 01 00 and 0x118(%rsp),%rax
34b8: 00
emulate_2op_SrcV_nobyte("bt", src, dst, _eflags);
34b9: 83 fa 04 cmp $0x4,%edx
34bc: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
34c3: 00
34c4: 74 57 je 351d <x86_emulate_memop+0x3490>
34c6: 83 fa 08 cmp $0x8,%edx
34c9: 0f 84 9e 00 00 00 je 356d <x86_emulate_memop+0x34e0>
34cf: 83 fa 02 cmp $0x2,%edx
34d2: 0f 85 b5 f5 ff ff jne 2a8d <x86_emulate_memop+0x2a00>
34d8: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
34df: bd d5 08 00 00 mov $0x8d5,%ebp
34e4: 21 2c 24 and %ebp,(%rsp)
34e7: 9c pushfq
34e8: f7 d5 not %ebp
34ea: 21 2c 24 and %ebp,(%rsp)
34ed: 5d pop %rbp
34ee: 09 2c 24 or %ebp,(%rsp)
34f1: 9d popfq
34f2: bd d5 08 00 00 mov $0x8d5,%ebp
34f7: f7 d5 not %ebp
34f9: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
3500: 66 0f a3 84 24 f8 00 bt %ax,0xf8(%rsp)
3507: 00 00
3509: 9c pushfq
350a: 5d pop %rbp
350b: 81 e5 d5 08 00 00 and $0x8d5,%ebp
3511: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
3518: e9 70 f5 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
351d: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3524: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
352a: 44 21 04 24 and %r8d,(%rsp)
352e: 9c pushfq
352f: 41 f7 d0 not %r8d
3532: 44 21 04 24 and %r8d,(%rsp)
3536: 41 58 pop %r8
3538: 44 09 04 24 or %r8d,(%rsp)
353c: 9d popfq
353d: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
3543: 41 f7 d0 not %r8d
3546: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
354d: 00
354e: 0f a3 84 24 f8 00 00 bt %eax,0xf8(%rsp)
3555: 00
3556: 9c pushfq
3557: 41 58 pop %r8
3559: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
3560: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
3567: 00
3568: e9 20 f5 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
356d: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3574: ba d5 08 00 00 mov $0x8d5,%edx
3579: 21 14 24 and %edx,(%rsp)
357c: 9c pushfq
357d: f7 d2 not %edx
357f: 21 14 24 and %edx,(%rsp)
3582: 5a pop %rdx
3583: 09 14 24 or %edx,(%rsp)
3586: 9d popfq
3587: ba d5 08 00 00 mov $0x8d5,%edx
358c: f7 d2 not %edx
358e: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
3595: 48 0f a3 84 24 f8 00 bt %rax,0xf8(%rsp)
359c: 00 00
359e: 9c pushfq
359f: 5a pop %rdx
35a0: 81 e2 d5 08 00 00 and $0x8d5,%edx
35a6: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
35ad: e9 db f4 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xb3:
btr: /* btr */
src.val &= (dst.bytes << 3) - 1; /* only subword offset */
35b2: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
35b9: 8d 04 d5 ff ff ff ff lea 0xffffffffffffffff(,%rdx,8),%eax
35c0: 48 23 84 24 18 01 00 and 0x118(%rsp),%rax
35c7: 00
emulate_2op_SrcV_nobyte("btr", src, dst, _eflags);
35c8: 83 fa 04 cmp $0x4,%edx
35cb: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
35d2: 00
35d3: 74 57 je 362c <x86_emulate_memop+0x359f>
35d5: 83 fa 08 cmp $0x8,%edx
35d8: 0f 84 92 00 00 00 je 3670 <x86_emulate_memop+0x35e3>
35de: 83 fa 02 cmp $0x2,%edx
35e1: 0f 85 a6 f4 ff ff jne 2a8d <x86_emulate_memop+0x2a00>
35e7: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
35ee: b9 d5 08 00 00 mov $0x8d5,%ecx
35f3: 21 0c 24 and %ecx,(%rsp)
35f6: 9c pushfq
35f7: f7 d1 not %ecx
35f9: 21 0c 24 and %ecx,(%rsp)
35fc: 59 pop %rcx
35fd: 09 0c 24 or %ecx,(%rsp)
3600: 9d popfq
3601: b9 d5 08 00 00 mov $0x8d5,%ecx
3606: f7 d1 not %ecx
3608: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
360f: 66 0f b3 84 24 f8 00 btr %ax,0xf8(%rsp)
3616: 00 00
3618: 9c pushfq
3619: 59 pop %rcx
361a: 81 e1 d5 08 00 00 and $0x8d5,%ecx
3620: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
3627: e9 61 f4 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
362c: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3633: bb d5 08 00 00 mov $0x8d5,%ebx
3638: 21 1c 24 and %ebx,(%rsp)
363b: 9c pushfq
363c: f7 d3 not %ebx
363e: 21 1c 24 and %ebx,(%rsp)
3641: 5b pop %rbx
3642: 09 1c 24 or %ebx,(%rsp)
3645: 9d popfq
3646: bb d5 08 00 00 mov $0x8d5,%ebx
364b: f7 d3 not %ebx
364d: 21 9c 24 48 01 00 00 and %ebx,0x148(%rsp)
3654: 0f b3 84 24 f8 00 00 btr %eax,0xf8(%rsp)
365b: 00
365c: 9c pushfq
365d: 5b pop %rbx
365e: 81 e3 d5 08 00 00 and $0x8d5,%ebx
3664: 09 9c 24 48 01 00 00 or %ebx,0x148(%rsp)
366b: e9 1d f4 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
3670: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3677: bd d5 08 00 00 mov $0x8d5,%ebp
367c: 21 2c 24 and %ebp,(%rsp)
367f: 9c pushfq
3680: f7 d5 not %ebp
3682: 21 2c 24 and %ebp,(%rsp)
3685: 5d pop %rbp
3686: 09 2c 24 or %ebp,(%rsp)
3689: 9d popfq
368a: bd d5 08 00 00 mov $0x8d5,%ebp
368f: f7 d5 not %ebp
3691: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
3698: 48 0f b3 84 24 f8 00 btr %rax,0xf8(%rsp)
369f: 00 00
36a1: 9c pushfq
36a2: 5d pop %rbp
36a3: 81 e5 d5 08 00 00 and $0x8d5,%ebp
36a9: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
36b0: e9 d8 f3 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xab:
bts: /* bts */
src.val &= (dst.bytes << 3) - 1; /* only subword offset */
36b5: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
36bc: 8d 04 d5 ff ff ff ff lea 0xffffffffffffffff(,%rdx,8),%eax
36c3: 48 23 84 24 18 01 00 and 0x118(%rsp),%rax
36ca: 00
emulate_2op_SrcV_nobyte("bts", src, dst, _eflags);
36cb: 83 fa 04 cmp $0x4,%edx
36ce: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
36d5: 00
36d6: 74 63 je 373b <x86_emulate_memop+0x36ae>
36d8: 83 fa 08 cmp $0x8,%edx
36db: 0f 84 9e 00 00 00 je 377f <x86_emulate_memop+0x36f2>
36e1: 83 fa 02 cmp $0x2,%edx
36e4: 0f 85 a3 f3 ff ff jne 2a8d <x86_emulate_memop+0x2a00>
36ea: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
36f1: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
36f7: 44 21 04 24 and %r8d,(%rsp)
36fb: 9c pushfq
36fc: 41 f7 d0 not %r8d
36ff: 44 21 04 24 and %r8d,(%rsp)
3703: 41 58 pop %r8
3705: 44 09 04 24 or %r8d,(%rsp)
3709: 9d popfq
370a: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
3710: 41 f7 d0 not %r8d
3713: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
371a: 00
371b: 66 0f ab 84 24 f8 00 bts %ax,0xf8(%rsp)
3722: 00 00
3724: 9c pushfq
3725: 41 58 pop %r8
3727: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
372e: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
3735: 00
3736: e9 52 f3 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
373b: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3742: ba d5 08 00 00 mov $0x8d5,%edx
3747: 21 14 24 and %edx,(%rsp)
374a: 9c pushfq
374b: f7 d2 not %edx
374d: 21 14 24 and %edx,(%rsp)
3750: 5a pop %rdx
3751: 09 14 24 or %edx,(%rsp)
3754: 9d popfq
3755: ba d5 08 00 00 mov $0x8d5,%edx
375a: f7 d2 not %edx
375c: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
3763: 0f ab 84 24 f8 00 00 bts %eax,0xf8(%rsp)
376a: 00
376b: 9c pushfq
376c: 5a pop %rdx
376d: 81 e2 d5 08 00 00 and $0x8d5,%edx
3773: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
377a: e9 0e f3 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
377f: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3786: b9 d5 08 00 00 mov $0x8d5,%ecx
378b: 21 0c 24 and %ecx,(%rsp)
378e: 9c pushfq
378f: f7 d1 not %ecx
3791: 21 0c 24 and %ecx,(%rsp)
3794: 59 pop %rcx
3795: 09 0c 24 or %ecx,(%rsp)
3798: 9d popfq
3799: b9 d5 08 00 00 mov $0x8d5,%ecx
379e: f7 d1 not %ecx
37a0: 21 8c 24 48 01 00 00 and %ecx,0x148(%rsp)
37a7: 48 0f ab 84 24 f8 00 bts %rax,0xf8(%rsp)
37ae: 00 00
37b0: 9c pushfq
37b1: 59 pop %rcx
37b2: 81 e1 d5 08 00 00 and $0x8d5,%ecx
37b8: 09 8c 24 48 01 00 00 or %ecx,0x148(%rsp)
37bf: e9 c9 f2 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xb6 ... 0xb7: /* movzx */
dst.bytes = op_bytes;
dst.val = (d & ByteOp) ? (u8) src.val : (u16) src.val;
37c4: f6 44 24 18 01 testb $0x1,0x18(%rsp)
37c9: 8b 5c 24 6c mov 0x6c(%rsp),%ebx
37cd: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
37d4: 00
37d5: 89 9c 24 f4 00 00 00 mov %ebx,0xf4(%rsp)
37dc: 74 05 je 37e3 <x86_emulate_memop+0x3756>
37de: 0f b6 c0 movzbl %al,%eax
37e1: eb 03 jmp 37e6 <x86_emulate_memop+0x3759>
37e3: 0f b7 c0 movzwl %ax,%eax
37e6: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
37ed: 00
37ee: e9 9a f2 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xbb:
btc: /* btc */
src.val &= (dst.bytes << 3) - 1; /* only subword offset */
37f3: 8b 94 24 f4 00 00 00 mov 0xf4(%rsp),%edx
37fa: 8d 04 d5 ff ff ff ff lea 0xffffffffffffffff(,%rdx,8),%eax
3801: 48 23 84 24 18 01 00 and 0x118(%rsp),%rax
3808: 00
emulate_2op_SrcV_nobyte("btc", src, dst, _eflags);
3809: 83 fa 04 cmp $0x4,%edx
380c: 48 89 84 24 18 01 00 mov %rax,0x118(%rsp)
3813: 00
3814: 74 57 je 386d <x86_emulate_memop+0x37e0>
3816: 83 fa 08 cmp $0x8,%edx
3819: 0f 84 9e 00 00 00 je 38bd <x86_emulate_memop+0x3830>
381f: 83 fa 02 cmp $0x2,%edx
3822: 0f 85 65 f2 ff ff jne 2a8d <x86_emulate_memop+0x2a00>
3828: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
382f: bd d5 08 00 00 mov $0x8d5,%ebp
3834: 21 2c 24 and %ebp,(%rsp)
3837: 9c pushfq
3838: f7 d5 not %ebp
383a: 21 2c 24 and %ebp,(%rsp)
383d: 5d pop %rbp
383e: 09 2c 24 or %ebp,(%rsp)
3841: 9d popfq
3842: bd d5 08 00 00 mov $0x8d5,%ebp
3847: f7 d5 not %ebp
3849: 21 ac 24 48 01 00 00 and %ebp,0x148(%rsp)
3850: 66 0f bb 84 24 f8 00 btc %ax,0xf8(%rsp)
3857: 00 00
3859: 9c pushfq
385a: 5d pop %rbp
385b: 81 e5 d5 08 00 00 and $0x8d5,%ebp
3861: 09 ac 24 48 01 00 00 or %ebp,0x148(%rsp)
3868: e9 20 f2 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
386d: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
3874: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
387a: 44 21 04 24 and %r8d,(%rsp)
387e: 9c pushfq
387f: 41 f7 d0 not %r8d
3882: 44 21 04 24 and %r8d,(%rsp)
3886: 41 58 pop %r8
3888: 44 09 04 24 or %r8d,(%rsp)
388c: 9d popfq
388d: 41 b8 d5 08 00 00 mov $0x8d5,%r8d
3893: 41 f7 d0 not %r8d
3896: 44 21 84 24 48 01 00 and %r8d,0x148(%rsp)
389d: 00
389e: 0f bb 84 24 f8 00 00 btc %eax,0xf8(%rsp)
38a5: 00
38a6: 9c pushfq
38a7: 41 58 pop %r8
38a9: 41 81 e0 d5 08 00 00 and $0x8d5,%r8d
38b0: 44 09 84 24 48 01 00 or %r8d,0x148(%rsp)
38b7: 00
38b8: e9 d0 f1 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
38bd: ff b4 24 48 01 00 00 pushq 0x148(%rsp)
38c4: ba d5 08 00 00 mov $0x8d5,%edx
38c9: 21 14 24 and %edx,(%rsp)
38cc: 9c pushfq
38cd: f7 d2 not %edx
38cf: 21 14 24 and %edx,(%rsp)
38d2: 5a pop %rdx
38d3: 09 14 24 or %edx,(%rsp)
38d6: 9d popfq
38d7: ba d5 08 00 00 mov $0x8d5,%edx
38dc: f7 d2 not %edx
38de: 21 94 24 48 01 00 00 and %edx,0x148(%rsp)
38e5: 48 0f bb 84 24 f8 00 btc %rax,0xf8(%rsp)
38ec: 00 00
38ee: 9c pushfq
38ef: 5a pop %rdx
38f0: 81 e2 d5 08 00 00 and $0x8d5,%edx
38f6: 09 94 24 48 01 00 00 or %edx,0x148(%rsp)
38fd: e9 8b f1 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
case 0xba: /* Grp8 */
switch (modrm_reg & 3) {
3902: 8a 44 24 20 mov 0x20(%rsp),%al
3906: 83 e0 03 and $0x3,%eax
3909: 83 f8 01 cmp $0x1,%eax
390c: 0f 84 a3 fd ff ff je 36b5 <x86_emulate_memop+0x3628>
3912: 7f 0d jg 3921 <x86_emulate_memop+0x3894>
3914: 85 c0 test %eax,%eax
3916: 0f 84 87 fb ff ff je 34a3 <x86_emulate_memop+0x3416>
391c: e9 6c f1 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
3921: 83 f8 02 cmp $0x2,%eax
3924: 0f 84 88 fc ff ff je 35b2 <x86_emulate_memop+0x3525>
392a: 83 f8 03 cmp $0x3,%eax
392d: 0f 85 5a f1 ff ff jne 2a8d <x86_emulate_memop+0x2a00>
3933: e9 bb fe ff ff jmpq 37f3 <x86_emulate_memop+0x3766>
case 0:
goto bt;
case 1:
goto bts;
case 2:
goto btr;
case 3:
goto btc;
}
break;
case 0xbe ... 0xbf: /* movsx */
dst.bytes = op_bytes;
dst.val = (d & ByteOp) ? (s8) src.val : (s16) src.val;
3938: f6 44 24 18 01 testb $0x1,0x18(%rsp)
393d: 8b 4c 24 6c mov 0x6c(%rsp),%ecx
3941: 48 8b 84 24 18 01 00 mov 0x118(%rsp),%rax
3948: 00
3949: 89 8c 24 f4 00 00 00 mov %ecx,0xf4(%rsp)
3950: 74 06 je 3958 <x86_emulate_memop+0x38cb>
3952: 48 0f be c0 movsbq %al,%rax
3956: eb 04 jmp 395c <x86_emulate_memop+0x38cf>
3958: 48 0f bf c0 movswq %ax,%rax
395c: 48 89 84 24 f8 00 00 mov %rax,0xf8(%rsp)
3963: 00
3964: e9 24 f1 ff ff jmpq 2a8d <x86_emulate_memop+0x2a00>
break;
}
goto writeback;
twobyte_special_insn:
/* Disable writeback. */
no_wb = 1;
switch (b) {
3969: 40 80 fd 22 cmp $0x22,%bpl
396d: 74 69 je 39d8 <x86_emulate_memop+0x394b>
396f: 77 12 ja 3983 <x86_emulate_memop+0x38f6>
3971: 40 80 fd 06 cmp $0x6,%bpl
3975: 74 2b je 39a2 <x86_emulate_memop+0x3915>
3977: 40 80 fd 20 cmp $0x20,%bpl
397b: 0f 85 ed f1 ff ff jne 2b6e <x86_emulate_memop+0x2ae1>
3981: eb 2d jmp 39b0 <x86_emulate_memop+0x3923>
3983: 40 80 fd 32 cmp $0x32,%bpl
3987: 0f 84 a6 00 00 00 je 3a33 <x86_emulate_memop+0x39a6>
398d: 40 80 fd c7 cmp $0xc7,%bpl
3991: 0f 84 00 01 00 00 je 3a97 <x86_emulate_memop+0x3a0a>
3997: 40 80 fd 30 cmp $0x30,%bpl
399b: 74 64 je 3a01 <x86_emulate_memop+0x3974>
399d: e9 cc f1 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
case 0x09: /* wbinvd */
break;
case 0x0d: /* GrpP (prefetch) */
case 0x18: /* Grp16 (prefetch/nop) */
break;
case 0x06:
emulate_clts(ctxt->vcpu);
39a2: 49 8b 7d 00 mov 0x0(%r13),%rdi
39a6: e8 00 00 00 00 callq 39ab <x86_emulate_memop+0x391e>
39a7: R_X86_64_PC32 emulate_clts+0xfffffffffffffffc
39ab: e9 be f1 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
break;
case 0x20: /* mov cr, reg */
if (modrm_mod != 3)
39b0: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
39b5: 0f 85 96 01 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
goto cannot_emulate;
_regs[modrm_rm] = realmode_get_cr(ctxt->vcpu, modrm_reg);
39bb: 0f b6 74 24 20 movzbl 0x20(%rsp),%esi
39c0: 49 8b 7d 00 mov 0x0(%r13),%rdi
39c4: e8 00 00 00 00 callq 39c9 <x86_emulate_memop+0x393c>
39c5: R_X86_64_PC32 realmode_get_cr+0xfffffffffffffffc
39c9: 0f b6 54 24 3f movzbl 0x3f(%rsp),%edx
39ce: 48 89 44 d4 70 mov %rax,0x70(%rsp,%rdx,8)
39d3: e9 96 f1 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
break;
case 0x22: /* mov reg, cr */
if (modrm_mod != 3)
39d8: 80 7c 24 1f 03 cmpb $0x3,0x1f(%rsp)
39dd: 0f 85 6e 01 00 00 jne 3b51 <x86_emulate_memop+0x3ac4>
goto cannot_emulate;
realmode_set_cr(ctxt->vcpu, modrm_reg, modrm_val, &_eflags);
39e3: 0f b6 74 24 20 movzbl 0x20(%rsp),%esi
39e8: 49 8b 7d 00 mov 0x0(%r13),%rdi
39ec: 48 8d 8c 24 48 01 00 lea 0x148(%rsp),%rcx
39f3: 00
39f4: 4c 89 f2 mov %r14,%rdx
39f7: e8 00 00 00 00 callq 39fc <x86_emulate_memop+0x396f>
39f8: R_X86_64_PC32 realmode_set_cr+0xfffffffffffffffc
39fc: e9 6d f1 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
break;
case 0x30:
/* wrmsr */
msr_data = (u32)_regs[VCPU_REGS_RAX]
3a01: 8b 54 24 70 mov 0x70(%rsp),%edx
3a05: 48 8b 84 24 80 00 00 mov 0x80(%rsp),%rax
3a0c: 00
| ((u64)_regs[VCPU_REGS_RDX] << 32);
rc = kvm_set_msr(ctxt->vcpu, _regs[VCPU_REGS_RCX], msr_data);
3a0d: 8b 74 24 78 mov 0x78(%rsp),%esi
3a11: 49 8b 7d 00 mov 0x0(%r13),%rdi
3a15: 48 c1 e0 20 shl $0x20,%rax
3a19: 48 09 c2 or %rax,%rdx
3a1c: 48 89 94 24 58 01 00 mov %rdx,0x158(%rsp)
3a23: 00
3a24: e8 00 00 00 00 callq 3a29 <x86_emulate_memop+0x399c>
3a25: R_X86_64_PC32 kvm_set_msr+0xfffffffffffffffc
if (rc) {
3a29: 85 c0 test %eax,%eax
3a2b: 0f 84 45 01 00 00 je 3b76 <x86_emulate_memop+0x3ae9>
3a31: eb 19 jmp 3a4c <x86_emulate_memop+0x39bf>
kvm_arch_ops->inject_gp(ctxt->vcpu, 0);
_eip = ctxt->vcpu->rip;
}
rc = X86EMUL_CONTINUE;
break;
case 0x32:
/* rdmsr */
rc = kvm_get_msr(ctxt->vcpu, _regs[VCPU_REGS_RCX], &msr_data);
3a33: 8b 74 24 78 mov 0x78(%rsp),%esi
3a37: 49 8b 7d 00 mov 0x0(%r13),%rdi
3a3b: 48 8d 94 24 58 01 00 lea 0x158(%rsp),%rdx
3a42: 00
3a43: e8 00 00 00 00 callq 3a48 <x86_emulate_memop+0x39bb>
3a44: R_X86_64_PC32 kvm_get_msr+0xfffffffffffffffc
if (rc) {
3a48: 85 c0 test %eax,%eax
3a4a: 74 2b je 3a77 <x86_emulate_memop+0x39ea>
kvm_arch_ops->inject_gp(ctxt->vcpu, 0);
3a4c: 48 8b 05 00 00 00 00 mov 0(%rip),%rax # 3a53 <x86_emulate_memop+0x39c6>
3a4f: R_X86_64_PC32 kvm_arch_ops+0xfffffffffffffffc
3a53: 31 f6 xor %esi,%esi
3a55: 49 8b 7d 00 mov 0x0(%r13),%rdi
3a59: ff 90 20 01 00 00 callq *0x120(%rax)
_eip = ctxt->vcpu->rip;
3a5f: 49 8b 45 00 mov 0x0(%r13),%rax
3a63: 48 8b 80 00 01 00 00 mov 0x100(%rax),%rax
3a6a: 48 89 84 24 50 01 00 mov %rax,0x150(%rsp)
3a71: 00
3a72: e9 f7 f0 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
} else {
_regs[VCPU_REGS_RAX] = (u32)msr_data;
3a77: 48 8b 84 24 58 01 00 mov 0x158(%rsp),%rax
3a7e: 00
3a7f: 89 c3 mov %eax,%ebx
_regs[VCPU_REGS_RDX] = msr_data >> 32;
3a81: 48 c1 e8 20 shr $0x20,%rax
3a85: 48 89 5c 24 70 mov %rbx,0x70(%rsp)
3a8a: 48 89 84 24 80 00 00 mov %rax,0x80(%rsp)
3a91: 00
3a92: e9 df 00 00 00 jmpq 3b76 <x86_emulate_memop+0x3ae9>
}
rc = X86EMUL_CONTINUE;
break;
case 0xc7: /* Grp9 (cmpxchg8b) */
{
u64 old, new;
if ((rc = ops->read_emulated(cr2, &old, 8, ctxt)) != 0)
3a97: 48 8b 2c 24 mov (%rsp),%rbp
3a9b: 48 8d 9c 24 40 01 00 lea 0x140(%rsp),%rbx
3aa2: 00
3aa3: 4c 89 e9 mov %r13,%rcx
3aa6: ba 08 00 00 00 mov $0x8,%edx
3aab: 4c 89 e7 mov %r12,%rdi
3aae: 48 89 de mov %rbx,%rsi
3ab1: ff 55 10 callq *0x10(%rbp)
3ab4: 85 c0 test %eax,%eax
3ab6: 41 89 c7 mov %eax,%r15d
3ab9: 0f 85 e5 f0 ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
goto done;
if (((u32) (old >> 0) != (u32) _regs[VCPU_REGS_RAX]) ||
3abf: 48 8b 94 24 40 01 00 mov 0x140(%rsp),%rdx
3ac6: 00
3ac7: 3b 54 24 70 cmp 0x70(%rsp),%edx
3acb: 89 d1 mov %edx,%ecx
3acd: 75 10 jne 3adf <x86_emulate_memop+0x3a52>
3acf: 48 89 d0 mov %rdx,%rax
3ad2: 48 c1 e8 20 shr $0x20,%rax
3ad6: 39 84 24 80 00 00 00 cmp %eax,0x80(%rsp)
3add: 74 21 je 3b00 <x86_emulate_memop+0x3a73>
((u32) (old >> 32) != (u32) _regs[VCPU_REGS_RDX])) {
_regs[VCPU_REGS_RAX] = (u32) (old >> 0);
_regs[VCPU_REGS_RDX] = (u32) (old >> 32);
_eflags &= ~EFLG_ZF;
3adf: 48 83 a4 24 48 01 00 andq $0xffffffffffffffbf,0x148(%rsp)
3ae6: 00 bf
3ae8: 89 c9 mov %ecx,%ecx
3aea: 48 c1 ea 20 shr $0x20,%rdx
3aee: 48 89 4c 24 70 mov %rcx,0x70(%rsp)
3af3: 48 89 94 24 80 00 00 mov %rdx,0x80(%rsp)
3afa: 00
3afb: e9 6e f0 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
} else {
new = ((u64)_regs[VCPU_REGS_RCX] << 32)
3b00: 8b 84 24 88 00 00 00 mov 0x88(%rsp),%eax
3b07: 48 8b 54 24 78 mov 0x78(%rsp),%rdx
| (u32) _regs[VCPU_REGS_RBX];
if ((rc = ops->cmpxchg_emulated(cr2, &old,
3b0c: 48 89 de mov %rbx,%rsi
3b0f: 48 8b 1c 24 mov (%rsp),%rbx
3b13: 4d 89 e8 mov %r13,%r8
3b16: b9 08 00 00 00 mov $0x8,%ecx
3b1b: 4c 89 e7 mov %r12,%rdi
3b1e: 48 c1 e2 20 shl $0x20,%rdx
3b22: 48 09 d0 or %rdx,%rax
3b25: 48 8d 94 24 38 01 00 lea 0x138(%rsp),%rdx
3b2c: 00
3b2d: 48 89 84 24 38 01 00 mov %rax,0x138(%rsp)
3b34: 00
3b35: ff 53 20 callq *0x20(%rbx)
3b38: 85 c0 test %eax,%eax
3b3a: 41 89 c7 mov %eax,%r15d
3b3d: 0f 85 61 f0 ff ff jne 2ba4 <x86_emulate_memop+0x2b17>
&new, 8, ctxt)) != 0)
goto done;
_eflags |= EFLG_ZF;
3b43: 48 83 8c 24 48 01 00 orq $0x40,0x148(%rsp)
3b4a: 00 40
3b4c: e9 1d f0 ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
3b51: 83 c8 ff or $0xffffffffffffffff,%eax
3b54: eb 28 jmp 3b7e <x86_emulate_memop+0x3af1>
3b56: c7 84 24 14 01 00 00 movl $0x1,0x114(%rsp)
3b5d: 01 00 00 00
3b61: e9 2b ce ff ff jmpq 991 <x86_emulate_memop+0x904>
3b66: c7 84 24 14 01 00 00 movl $0x1,0x114(%rsp)
3b6d: 01 00 00 00
3b71: e9 ad e9 ff ff jmpq 2523 <x86_emulate_memop+0x2496>
3b76: 45 31 ff xor %r15d,%r15d
3b79: e9 f0 ef ff ff jmpq 2b6e <x86_emulate_memop+0x2ae1>
}
break;
}
}
goto writeback;
cannot_emulate:
DPRINTF("Cannot emulate %02x\n", b);
return -1;
}
3b7e: 48 81 c4 68 01 00 00 add $0x168,%rsp
3b85: 5b pop %rbx
3b86: 5d pop %rbp
3b87: 41 5c pop %r12
3b89: 41 5d pop %r13
3b8b: 41 5e pop %r14
3b8d: 41 5f pop %r15
3b8f: c3 retq
[-- Attachment #3: Type: text/plain, Size: 315 bytes --]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
[-- Attachment #4: Type: text/plain, Size: 186 bytes --]
_______________________________________________
kvm-devel mailing list
kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/kvm-devel
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2007-07-24 12:45 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-19 11:32 KVM-29 + Windows Server 2003 = kernel panic Alessandro Sardo
[not found] ` <469F4BE5.4040801-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2007-07-19 11:36 ` Avi Kivity
[not found] ` <469F7A34.4070606@polito.it>
[not found] ` <469F7F33.7040702@qumranet.com>
[not found] ` <469F7F33.7040702-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-07-23 14:26 ` Alessandro Sardo
2007-07-23 14:27 ` Alessandro Sardo
[not found] ` <46A4BAD5.6020906-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2007-07-24 11:12 ` KVM-33 + Windows Server 2003 = VMX->OK / SVM->kernel panic? Alessandro Sardo
[not found] ` <46A5DE99.6040407-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
2007-07-24 11:30 ` Alexey Eremenko
[not found] ` <7fac565a0707240430w73393f46w729378a636f08ec2-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2007-07-24 11:36 ` Alexey Eremenko
2007-07-24 12:27 ` Avi Kivity
[not found] ` <46A5F029.4000002-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
2007-07-24 12:45 ` Alessandro Sardo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox