From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alessandro Sardo <sandro.sardo-8RLafaVCWuNeoWH0uzbU5w@public.gmane.org>
Subject: Re: KVM-33 + Windows Server 2003 = VMX->OK /
 SVM->kernel panic?
Date: Tue, 24 Jul 2007 14:45:58 +0200
Message-ID: <46A5F486.40302@polito.it>
References: <469F4BE5.4040801@polito.it>
	<469F4CA8.1070209@qumranet.com>	<469F7A34.4070606@polito.it>
	<469F7F33.7040702@qumranet.com>	<46A4BAD5.6020906@polito.it>
	<46A5DE99.6040407@polito.it> <46A5F029.4000002@qumranet.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------000401090306010900050309"
To: kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Return-path: <kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
In-Reply-To: <46A5F029.4000002-atKUWr5tajBWk0Htik3J/w@public.gmane.org>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
List-Help: <mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org?subject=subscribe>
Sender: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Errors-To: kvm-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
List-Id: kvm.vger.kernel.org

This is a multi-part message in MIME format.
--------------000401090306010900050309
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

There you go.

AS


Avi Kivity ha scritto:
> Alessandro Sardo wrote:
>
> One at a time.
>
>> Test #3
>> CPU model: 1 x Single-Core AMD Athlon64 Processor 3500+ AM2
>> Host: RHEL5 x86_64, kernel 2.6.18-8.1.8.el5
>> KVM-33
>> Result -> boots fine, but when I try to install the SP2 I get the 
>> following kernel panic:
>>
>> Unable to handle kernel NULL pointer dereference at 0000000000000000 
>> RIP:
>> [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
>> PGD 7b8a067 PUD 3973067 PMD 0
>> Oops: 0002 [1] SMP
>> last sysfs file: /class/net/lo/ifindex
>> CPU 0
>> Modules linked in: kvm_amd(U) kvm(U) tun netconsole bridge 
>> cpufreq_ondemand video sbs i2c_ec button battery asus_acpi 
>> acpi_memhotplug ac lp snd_hda_intel snd_hda_codec snd_seq_dummy 
>> snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss 
>> floppy snd_mixer_oss snd_pcm pcspkr sg i2c_nforce2 i2c_core snd_timer 
>> snd shpchp soundcore k8_edac snd_page_alloc parport_pc edac_mc 
>> forcedeth parport ide_cd cdrom serio_raw dm_snapshot dm_zero 
>> dm_mirror dm_mod sata_nv libata sd_mod scsi_mod ext3 jbd ehci_hcd 
>> ohci_hcd uhci_hcd
>> Pid: 2168, comm: kvm Not tainted 2.6.18-8.1.8.el5 #1
>> RIP: 0010:[<ffffffff883d80ce>] [<ffffffff883d80ce>] 
>> :kvm:x86_emulate_memop+0x2a79/0x3b03
>> RSP: 0018:ffff81006225d9d8 EFLAGS: 00010246
>> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000003
>> RDX: ffff81006225da60 RSI: 0000000000000000 RDI: ffff81006207a130
>> RBP: ffffffff883df621 R08: 0000000000000200 R09: 0000000000000000
>> R10: ffff81003f18d000 R11: ffffffff883eb542 R12: 0000000000000000
>> R13: ffff81006225db78 R14: 0000000000000000 R15: 0000000000000000
>> FS: 00000000ffdff000(0000) GS:ffffffff8038a000(0000) 
>> knlGS:0000000000000000
>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> CR2: 0000000000000000 CR3: 0000000062cd7000 CR4: 00000000000006e0
>> Process kvm (pid: 2168, threadinfo ffff81006225c000, task 
>> ffff81007d987100)
>> Stack: ffffffff883df600 03007fffe0e1ce40 00007fffe0e1cea0 
>> 0300010000000040
>> ffff81006225db00 0000000000000004 0000000400000000 0300000000000000
>> 0000000000000000 0000000000000004 0000000400000000 0000000000000000
>> Call Trace:
>> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
>> [<ffffffff883d5657>] :kvm:x86_emulate_memop+0x2/0x3b03
>> [<ffffffff883d0e95>] :kvm:emulate_instruction+0xee/0x278
>> [<ffffffff883eb542>] :kvm_amd:svm_get_segment_base+0x0/0x5f
>> [<ffffffff883eacec>] :kvm_amd:emulate_on_interception+0xf/0x30
>> [<ffffffff883ebbed>] :kvm_amd:svm_vcpu_run+0x506/0x599
>> [<ffffffff883d11e4>] :kvm:kvm_vcpu_ioctl+0x1c5/0xd04
>> [<ffffffff80044d31>] try_to_wake_up+0x407/0x418
>> [<ffffffff800850ed>] __wake_up_common+0x3e/0x68
>> [<ffffffff8002dd9b>] __wake_up+0x38/0x4f
>> [<ffffffff800d8498>] core_sys_select+0x234/0x265
>> [<ffffffff80093f38>] __dequeue_signal+0x18b/0x19b
>> [<ffffffff80094fd2>] dequeue_signal+0x3c/0xbc
>> [<ffffffff8003fc5a>] do_ioctl+0x21/0x6b
>> [<ffffffff8002fa60>] vfs_ioctl+0x248/0x261
>> [<ffffffff80058bf0>] getnstimeofday+0x10/0x28
>> [<ffffffff8004a266>] sys_ioctl+0x59/0x78
>> [<ffffffff8005b14e>] system_call+0x7e/0x83
>>
>>
>> Code: 4c 89 00 eb 63 48 8b 94 24 f8 00 00 00 48 8b 84 24 08 01 00
>> RIP [<ffffffff883d80ce>] :kvm:x86_emulate_memop+0x2a79/0x3b03
>> RSP <ffff81006225d9d8>
>> CR2: 0000000000000000
>> <0>Kernel panic - not syncing: Fatal exception
>> ----
>>   
>
> Can you post the output of 'objdump -Sr kernel/x86_emulate.o'?  Please 
> ensure that it is exactly the same object used to generate this oops.

--------------000401090306010900050309
Content-Type: text/plain;
 name="x86_emulate.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="x86_emulate.txt"


/usr/src/kvm-33/kernel/x86_emulate.o:     file format elf64-x86-64

Disassembly of section .text:

0000000000000000 <kvm_emulator_want_group7_invlpg>:
 * be mapped.
 */
void kvm_emulator_want_group7_invlpg(void)
{
	twobyte_table[1] &= ~SrcMem;
       0:	66 83 25 00 00 00 00 	andw   $0xffffffffffffffef,0(%rip)        # 8 <kvm_emulator_want_group7_invlpg+0x8>
       7:	ef 
			3: R_X86_64_PC32	.data+0xfffffffffffffffd
}
       8:	c3                   	retq   

0000000000000009 <decode_register>:
EXPORT_SYMBOL_GPL(kvm_emulator_want_group7_invlpg);

/* Type, address-of, and value of an instruction's operand. */
struct operand {
	enum { OP_REG, OP_MEM, OP_IMM } type;
	unsigned int bytes;
	unsigned long val, orig_val, *ptr;
};

/* EFLAGS bit definitions. */
#define EFLG_OF (1<<11)
#define EFLG_DF (1<<10)
#define EFLG_SF (1<<7)
#define EFLG_ZF (1<<6)
#define EFLG_AF (1<<4)
#define EFLG_PF (1<<2)
#define EFLG_CF (1<<0)

/*
 * Instruction emulation:
 * Most instructions are emulated directly via a fragment of inline assembly
 * code. This allows us to save/restore EFLAGS and thus very easily pick up
 * any modified flags.
 */

#if defined(CONFIG_X86_64)
#define _LO32 "k"		/* force 32-bit operand */
#define _STK  "%%rsp"		/* stack pointer */
#elif defined(__i386__)
#define _LO32 ""		/* force 32-bit operand */
#define _STK  "%%esp"		/* stack pointer */
#endif

/*
 * These EFLAGS bits are restored from saved value during emulation, and
 * any changes are written back to the saved value after emulation.
 */
#define EFLAGS_MASK (EFLG_OF|EFLG_SF|EFLG_ZF|EFLG_AF|EFLG_PF|EFLG_CF)

/* Before executing instruction: restore necessary bits in EFLAGS. */
#define _PRE_EFLAGS(_sav, _msk, _tmp) \
	/* EFLAGS = (_sav & _msk) | (EFLAGS & ~_msk); */	\
	"push %"_sav"; "					\
	"movl %"_msk",%"_LO32 _tmp"; "				\
	"andl %"_LO32 _tmp",("_STK"); "				\
	"pushf; "						\
	"notl %"_LO32 _tmp"; "					\
	"andl %"_LO32 _tmp",("_STK"); "				\
	"pop  %"_tmp"; "					\
	"orl  %"_LO32 _tmp",("_STK"); "				\
	"popf; "						\
	/* _sav &= ~msk; */					\
	"movl %"_msk",%"_LO32 _tmp"; "				\
	"notl %"_LO32 _tmp"; "					\
	"andl %"_LO32 _tmp",%"_sav"; "

/* After executing instruction: write-back necessary bits in EFLAGS. */
#define _POST_EFLAGS(_sav, _msk, _tmp) \
	/* _sav |= EFLAGS & _msk; */		\
	"pushf; "				\
	"pop  %"_tmp"; "			\
	"andl %"_msk",%"_LO32 _tmp"; "		\
	"orl  %"_LO32 _tmp",%"_sav"; "

/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(_op,_src,_dst,_eflags,_wx,_wy,_lx,_ly,_qx,_qy) \
	do { 								    \
		unsigned long _tmp;					    \
									    \
		switch ((_dst).bytes) {					    \
		case 2:							    \
			__asm__ __volatile__ (				    \
				_PRE_EFLAGS("0","4","2")		    \
				_op"w %"_wx"3,%1; "			    \
				_POST_EFLAGS("0","4","2")		    \
				: "=m" (_eflags), "=m" ((_dst).val),        \
				  "=&r" (_tmp)				    \
				: _wy ((_src).val), "i" (EFLAGS_MASK) );    \
			break;						    \
		case 4:							    \
			__asm__ __volatile__ (				    \
				_PRE_EFLAGS("0","4","2")		    \
				_op"l %"_lx"3,%1; "			    \
				_POST_EFLAGS("0","4","2")		    \
				: "=m" (_eflags), "=m" ((_dst).val),	    \
				  "=&r" (_tmp)				    \
				: _ly ((_src).val), "i" (EFLAGS_MASK) );    \
			break;						    \
		case 8:							    \
			__emulate_2op_8byte(_op, _src, _dst,		    \
					    _eflags, _qx, _qy);		    \
			break;						    \
		}							    \
	} while (0)

#define __emulate_2op(_op,_src,_dst,_eflags,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
	do {								     \
		unsigned long _tmp;					     \
		switch ( (_dst).bytes )					     \
		{							     \
		case 1:							     \
			__asm__ __volatile__ (				     \
				_PRE_EFLAGS("0","4","2")		     \
				_op"b %"_bx"3,%1; "			     \
				_POST_EFLAGS("0","4","2")		     \
				: "=m" (_eflags), "=m" ((_dst).val),	     \
				  "=&r" (_tmp)				     \
				: _by ((_src).val), "i" (EFLAGS_MASK) );     \
			break;						     \
		default:						     \
			__emulate_2op_nobyte(_op, _src, _dst, _eflags,	     \
					     _wx, _wy, _lx, _ly, _qx, _qy);  \
			break;						     \
		}							     \
	} while (0)

/* Source operand is byte-sized and may be restricted to just %cl. */
#define emulate_2op_SrcB(_op, _src, _dst, _eflags)                      \
	__emulate_2op(_op, _src, _dst, _eflags,				\
		      "b", "c", "b", "c", "b", "c", "b", "c")

/* Source operand is byte, word, long or quad sized. */
#define emulate_2op_SrcV(_op, _src, _dst, _eflags)                      \
	__emulate_2op(_op, _src, _dst, _eflags,				\
		      "b", "q", "w", "r", _LO32, "r", "", "r")

/* Source operand is word, long or quad sized. */
#define emulate_2op_SrcV_nobyte(_op, _src, _dst, _eflags)               \
	__emulate_2op_nobyte(_op, _src, _dst, _eflags,			\
			     "w", "r", _LO32, "r", "", "r")

/* Instruction has only one explicit operand (no source operand). */
#define emulate_1op(_op, _dst, _eflags)                                    \
	do {								\
		unsigned long _tmp;					\
									\
		switch ( (_dst).bytes )					\
		{							\
		case 1:							\
			__asm__ __volatile__ (				\
				_PRE_EFLAGS("0","3","2")		\
				_op"b %1; "				\
				_POST_EFLAGS("0","3","2")		\
				: "=m" (_eflags), "=m" ((_dst).val),	\
				  "=&r" (_tmp)				\
				: "i" (EFLAGS_MASK) );			\
			break;						\
		case 2:							\
			__asm__ __volatile__ (				\
				_PRE_EFLAGS("0","3","2")		\
				_op"w %1; "				\
				_POST_EFLAGS("0","3","2")		\
				: "=m" (_eflags), "=m" ((_dst).val),	\
				  "=&r" (_tmp)				\
				: "i" (EFLAGS_MASK) );			\
			break;						\
		case 4:							\
			__asm__ __volatile__ (				\
				_PRE_EFLAGS("0","3","2")		\
				_op"l %1; "				\
				_POST_EFLAGS("0","3","2")		\
				: "=m" (_eflags), "=m" ((_dst).val),	\
				  "=&r" (_tmp)				\
				: "i" (EFLAGS_MASK) );			\
			break;						\
		case 8:							\
			__emulate_1op_8byte(_op, _dst, _eflags);	\
			break;						\
		}							\
	} while (0)

/* Emulate an instruction with quadword operands (x86/64 only). */
#if defined(CONFIG_X86_64)
#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy)           \
	do {								  \
		__asm__ __volatile__ (					  \
			_PRE_EFLAGS("0","4","2")			  \
			_op"q %"_qx"3,%1; "				  \
			_POST_EFLAGS("0","4","2")			  \
			: "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
			: _qy ((_src).val), "i" (EFLAGS_MASK) );	  \
	} while (0)

#define __emulate_1op_8byte(_op, _dst, _eflags)                           \
	do {								  \
		__asm__ __volatile__ (					  \
			_PRE_EFLAGS("0","3","2")			  \
			_op"q %1; "					  \
			_POST_EFLAGS("0","3","2")			  \
			: "=m" (_eflags), "=m" ((_dst).val), "=&r" (_tmp) \
			: "i" (EFLAGS_MASK) );				  \
	} while (0)

#elif defined(__i386__)
#define __emulate_2op_8byte(_op, _src, _dst, _eflags, _qx, _qy)
#define __emulate_1op_8byte(_op, _dst, _eflags)
#endif				/* __i386__ */

/* Fetch next part of the instruction being emulated. */
#define insn_fetch(_type, _size, _eip)                                  \
({	unsigned long _x;						\
	rc = ops->read_std((unsigned long)(_eip) + ctxt->cs_base, &_x,	\
                                                  (_size), ctxt);       \
	if ( rc != 0 )							\
		goto done;						\
	(_eip) += (_size);						\
	(_type)_x;							\
})

/* Access/update address held in a register, based on addressing mode. */
#define register_address(base, reg)                                     \
	((base) + ((ad_bytes == sizeof(unsigned long)) ? (reg) :	\
		   ((reg) & ((1UL << (ad_bytes << 3)) - 1))))

#define register_address_increment(reg, inc)                            \
	do {								\
		/* signed type ensures sign extension to long */        \
		int _inc = (inc);					\
		if ( ad_bytes == sizeof(unsigned long) )		\
			(reg) += _inc;					\
		else							\
			(reg) = ((reg) & ~((1UL << (ad_bytes << 3)) - 1)) | \
			   (((reg) + _inc) & ((1UL << (ad_bytes << 3)) - 1)); \
	} while (0)

/*
 * Given the 'reg' portion of a ModRM byte, and a register block, return a
 * pointer into the block that addresses the relevant register.
 * @highbyte_regs specifies whether to decode AH,CH,DH,BH.
 */
static void *decode_register(u8 modrm_reg, unsigned long *regs,
			     int highbyte_regs)
{
       9:	40 88 f9             	mov    %dil,%cl
	void *p;

	p = &regs[modrm_reg];
	if (highbyte_regs && modrm_reg >= 4 && modrm_reg < 8)
       c:	85 d2                	test   %edx,%edx
       e:	40 0f b6 ff          	movzbl %dil,%edi
      12:	48 8d 04 fe          	lea    (%rsi,%rdi,8),%rax
      16:	74 12                	je     2a <decode_register+0x21>
      18:	80 f9 03             	cmp    $0x3,%cl
      1b:	76 0d                	jbe    2a <decode_register+0x21>
      1d:	80 f9 07             	cmp    $0x7,%cl
      20:	77 08                	ja     2a <decode_register+0x21>
		p = (unsigned char *)&regs[modrm_reg & 3] + 1;
      22:	83 e7 03             	and    $0x3,%edi
      25:	48 8d 44 fe 01       	lea    0x1(%rsi,%rdi,8),%rax
	return p;
}
      2a:	c3                   	retq   

000000000000002b <read_descriptor>:

static int read_descriptor(struct x86_emulate_ctxt *ctxt,
			   struct x86_emulate_ops *ops,
			   void *ptr,
			   u16 *size, unsigned long *address, int op_bytes)
{
      2b:	41 56                	push   %r14
	int rc;

	if (op_bytes == 2)
      2d:	41 83 f9 02          	cmp    $0x2,%r9d
      31:	49 89 f6             	mov    %rsi,%r14
      34:	b8 03 00 00 00       	mov    $0x3,%eax
      39:	48 89 ce             	mov    %rcx,%rsi
		op_bytes = 3;
	*address = 0;
      3c:	49 c7 00 00 00 00 00 	movq   $0x0,(%r8)
      43:	41 55                	push   %r13
	rc = ops->read_std((unsigned long)ptr, (unsigned long *)size, 2, ctxt);
      45:	48 89 f9             	mov    %rdi,%rcx
      48:	49 89 fd             	mov    %rdi,%r13
      4b:	41 54                	push   %r12
      4d:	4d 89 c4             	mov    %r8,%r12
      50:	55                   	push   %rbp
      51:	48 89 d5             	mov    %rdx,%rbp
      54:	ba 02 00 00 00       	mov    $0x2,%edx
      59:	48 89 ef             	mov    %rbp,%rdi
      5c:	53                   	push   %rbx
      5d:	44 89 cb             	mov    %r9d,%ebx
      60:	0f 44 d8             	cmove  %eax,%ebx
      63:	41 ff 16             	callq  *(%r14)
	if (rc)
      66:	85 c0                	test   %eax,%eax
      68:	75 1a                	jne    84 <read_descriptor+0x59>
		return rc;
	rc = ops->read_std((unsigned long)ptr + 2, address, op_bytes, ctxt);
      6a:	89 da                	mov    %ebx,%edx
      6c:	48 8d 7d 02          	lea    0x2(%rbp),%rdi
      70:	4c 89 e6             	mov    %r12,%rsi
	return rc;
}
      73:	5b                   	pop    %rbx
      74:	5d                   	pop    %rbp
      75:	41 5c                	pop    %r12
      77:	4c 89 e9             	mov    %r13,%rcx
      7a:	4d 8b 1e             	mov    (%r14),%r11
      7d:	41 5d                	pop    %r13
      7f:	41 5e                	pop    %r14
      81:	41 ff e3             	jmpq   *%r11
      84:	5b                   	pop    %rbx
      85:	5d                   	pop    %rbp
      86:	41 5c                	pop    %r12
      88:	41 5d                	pop    %r13
      8a:	41 5e                	pop    %r14
      8c:	c3                   	retq   

000000000000008d <x86_emulate_memop>:

int
x86_emulate_memop(struct x86_emulate_ctxt *ctxt, struct x86_emulate_ops *ops)
{
      8d:	41 57                	push   %r15
	unsigned d;
	u8 b, sib, twobyte = 0, rex_prefix = 0;
	u8 modrm, modrm_mod = 0, modrm_reg = 0, modrm_rm = 0;
	unsigned long *override_base = NULL;
	unsigned int op_bytes, ad_bytes, lock_prefix = 0, rep_prefix = 0, i;
	int rc = 0;
	struct operand src, dst;
	unsigned long cr2 = ctxt->cr2;
	int mode = ctxt->mode;
	unsigned long modrm_ea;
	int use_modrm_ea, index_reg = 0, base_reg = 0, scale, rip_relative = 0;
	int no_wb = 0;
	u64 msr_data;

	/* Shadow copy of register state. Committed on successful emulation. */
	unsigned long _regs[NR_VCPU_REGS];
	unsigned long _eip = ctxt->vcpu->rip, _eflags = ctxt->eflags;
	unsigned long modrm_val = 0;

	memcpy(_regs, ctxt->vcpu->regs, sizeof _regs);
      8f:	ba 80 00 00 00       	mov    $0x80,%edx
      94:	41 56                	push   %r14
      96:	41 55                	push   %r13
      98:	49 89 fd             	mov    %rdi,%r13
      9b:	41 54                	push   %r12
      9d:	55                   	push   %rbp
      9e:	53                   	push   %rbx
      9f:	48 81 ec 68 01 00 00 	sub    $0x168,%rsp
      a6:	48 89 34 24          	mov    %rsi,(%rsp)
      aa:	8b 47 18             	mov    0x18(%rdi),%eax
      ad:	4c 8b 67 10          	mov    0x10(%rdi),%r12
      b1:	89 44 24 54          	mov    %eax,0x54(%rsp)
      b5:	48 8b 07             	mov    (%rdi),%rax
      b8:	48 8b 80 00 01 00 00 	mov    0x100(%rax),%rax
      bf:	48 89 84 24 50 01 00 	mov    %rax,0x150(%rsp)
      c6:	00 
      c7:	48 8b 47 08          	mov    0x8(%rdi),%rax
      cb:	48 89 84 24 48 01 00 	mov    %rax,0x148(%rsp)
      d2:	00 
      d3:	48 8b 37             	mov    (%rdi),%rsi
      d6:	48 8d 7c 24 70       	lea    0x70(%rsp),%rdi
      db:	48 83 ee 80          	sub    $0xffffffffffffff80,%rsi
      df:	e8 00 00 00 00       	callq  e4 <x86_emulate_memop+0x57>
			e0: R_X86_64_PC32	__memcpy+0xfffffffffffffffc

	switch (mode) {
      e4:	83 7c 24 54 02       	cmpl   $0x2,0x54(%rsp)
      e9:	74 46                	je     131 <x86_emulate_memop+0xa4>
      eb:	7f 0c                	jg     f9 <x86_emulate_memop+0x6c>
      ed:	83 7c 24 54 00       	cmpl   $0x0,0x54(%rsp)
      f2:	74 3d                	je     131 <x86_emulate_memop+0xa4>
      f4:	e9 58 3a 00 00       	jmpq   3b51 <x86_emulate_memop+0x3ac4>
      f9:	83 7c 24 54 04       	cmpl   $0x4,0x54(%rsp)
      fe:	74 0d                	je     10d <x86_emulate_memop+0x80>
     100:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
     105:	0f 85 46 3a 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
     10b:	eb 12                	jmp    11f <x86_emulate_memop+0x92>
     10d:	c7 44 24 6c 04 00 00 	movl   $0x4,0x6c(%rsp)
     114:	00 
     115:	c7 44 24 48 04 00 00 	movl   $0x4,0x48(%rsp)
     11c:	00 
     11d:	eb 22                	jmp    141 <x86_emulate_memop+0xb4>
     11f:	c7 44 24 6c 04 00 00 	movl   $0x4,0x6c(%rsp)
     126:	00 
     127:	c7 44 24 48 08 00 00 	movl   $0x8,0x48(%rsp)
     12e:	00 
     12f:	eb 10                	jmp    141 <x86_emulate_memop+0xb4>
     131:	c7 44 24 6c 02 00 00 	movl   $0x2,0x6c(%rsp)
     138:	00 
     139:	c7 44 24 48 02 00 00 	movl   $0x2,0x48(%rsp)
     140:	00 
     141:	48 c7 44 24 40 00 00 	movq   $0x0,0x40(%rsp)
     148:	00 00 
     14a:	c7 44 24 4c 00 00 00 	movl   $0x0,0x4c(%rsp)
     151:	00 
     152:	31 db                	xor    %ebx,%ebx
     154:	c7 44 24 50 00 00 00 	movl   $0x0,0x50(%rsp)
     15b:	00 
	case X86EMUL_MODE_REAL:
	case X86EMUL_MODE_PROT16:
		op_bytes = ad_bytes = 2;
		break;
	case X86EMUL_MODE_PROT32:
		op_bytes = ad_bytes = 4;
		break;
#ifdef CONFIG_X86_64
	case X86EMUL_MODE_PROT64:
		op_bytes = 4;
		ad_bytes = 8;
		break;
#endif
	default:
		return -1;
	}

	/* Legacy prefixes. */
	for (i = 0; i < 8; i++) {
		switch (b = insn_fetch(u8, 1, _eip)) {
     15c:	48 8b 2c 24          	mov    (%rsp),%rbp
     160:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     167:	00 
     168:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     16f:	00 
     170:	49 03 7d 20          	add    0x20(%r13),%rdi
     174:	4c 89 e9             	mov    %r13,%rcx
     177:	ba 01 00 00 00       	mov    $0x1,%edx
     17c:	ff 55 00             	callq  *0x0(%rbp)
     17f:	85 c0                	test   %eax,%eax
     181:	41 89 c7             	mov    %eax,%r15d
     184:	0f 85 1a 2a 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
     18a:	40 8a ac 24 38 01 00 	mov    0x138(%rsp),%bpl
     191:	00 
     192:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     199:	00 
     19a:	40 80 fd 65          	cmp    $0x65,%bpl
     19e:	0f 84 9c 00 00 00    	je     240 <x86_emulate_memop+0x1b3>
     1a4:	77 30                	ja     1d6 <x86_emulate_memop+0x149>
     1a6:	40 80 fd 36          	cmp    $0x36,%bpl
     1aa:	0f 84 9b 00 00 00    	je     24b <x86_emulate_memop+0x1be>
     1b0:	77 12                	ja     1c4 <x86_emulate_memop+0x137>
     1b2:	40 80 fd 26          	cmp    $0x26,%bpl
     1b6:	74 72                	je     22a <x86_emulate_memop+0x19d>
     1b8:	40 80 fd 2e          	cmp    $0x2e,%bpl
     1bc:	0f 85 a7 00 00 00    	jne    269 <x86_emulate_memop+0x1dc>
     1c2:	eb 5a                	jmp    21e <x86_emulate_memop+0x191>
     1c4:	40 80 fd 3e          	cmp    $0x3e,%bpl
     1c8:	74 5a                	je     224 <x86_emulate_memop+0x197>
     1ca:	40 80 fd 64          	cmp    $0x64,%bpl
     1ce:	0f 85 95 00 00 00    	jne    269 <x86_emulate_memop+0x1dc>
     1d4:	eb 5f                	jmp    235 <x86_emulate_memop+0x1a8>
     1d6:	40 80 fd f0          	cmp    $0xf0,%bpl
     1da:	74 7a                	je     256 <x86_emulate_memop+0x1c9>
     1dc:	77 0e                	ja     1ec <x86_emulate_memop+0x15f>
     1de:	40 80 fd 66          	cmp    $0x66,%bpl
     1e2:	74 1e                	je     202 <x86_emulate_memop+0x175>
     1e4:	40 80 fd 67          	cmp    $0x67,%bpl
     1e8:	75 7f                	jne    269 <x86_emulate_memop+0x1dc>
     1ea:	eb 1d                	jmp    209 <x86_emulate_memop+0x17c>
     1ec:	40 80 fd f2          	cmp    $0xf2,%bpl
     1f0:	74 6c                	je     25e <x86_emulate_memop+0x1d1>
     1f2:	40 80 fd f3          	cmp    $0xf3,%bpl
     1f6:	75 71                	jne    269 <x86_emulate_memop+0x1dc>
     1f8:	c7 44 24 50 01 00 00 	movl   $0x1,0x50(%rsp)
     1ff:	00 
     200:	eb 5c                	jmp    25e <x86_emulate_memop+0x1d1>
		case 0x66:	/* operand-size override */
			op_bytes ^= 6;	/* switch between 2/4 bytes */
     202:	83 74 24 6c 06       	xorl   $0x6,0x6c(%rsp)
     207:	eb 55                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
		case 0x67:	/* address-size override */
			if (mode == X86EMUL_MODE_PROT64)
     209:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
     20e:	75 07                	jne    217 <x86_emulate_memop+0x18a>
				ad_bytes ^= 12;	/* switch between 4/8 bytes */
     210:	83 74 24 48 0c       	xorl   $0xc,0x48(%rsp)
     215:	eb 47                	jmp    25e <x86_emulate_memop+0x1d1>
			else
				ad_bytes ^= 6;	/* switch between 2/4 bytes */
     217:	83 74 24 48 06       	xorl   $0x6,0x48(%rsp)
     21c:	eb 40                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
		case 0x2e:	/* CS override */
			override_base = &ctxt->cs_base;
     21e:	4d 8d 45 20          	lea    0x20(%r13),%r8
     222:	eb 20                	jmp    244 <x86_emulate_memop+0x1b7>
			break;
		case 0x3e:	/* DS override */
			override_base = &ctxt->ds_base;
     224:	49 8d 45 28          	lea    0x28(%r13),%rax
     228:	eb 25                	jmp    24f <x86_emulate_memop+0x1c2>
			break;
		case 0x26:	/* ES override */
			override_base = &ctxt->es_base;
     22a:	49 8d 55 30          	lea    0x30(%r13),%rdx
     22e:	48 89 54 24 40       	mov    %rdx,0x40(%rsp)
     233:	eb 29                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
		case 0x64:	/* FS override */
			override_base = &ctxt->fs_base;
     235:	49 8d 4d 48          	lea    0x48(%r13),%rcx
     239:	48 89 4c 24 40       	mov    %rcx,0x40(%rsp)
     23e:	eb 1e                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
		case 0x65:	/* GS override */
			override_base = &ctxt->gs_base;
     240:	4d 8d 45 40          	lea    0x40(%r13),%r8
     244:	4c 89 44 24 40       	mov    %r8,0x40(%rsp)
     249:	eb 13                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
		case 0x36:	/* SS override */
			override_base = &ctxt->ss_base;
     24b:	49 8d 45 38          	lea    0x38(%r13),%rax
     24f:	48 89 44 24 40       	mov    %rax,0x40(%rsp)
     254:	eb 08                	jmp    25e <x86_emulate_memop+0x1d1>
			break;
     256:	c7 44 24 4c 01 00 00 	movl   $0x1,0x4c(%rsp)
     25d:	00 
     25e:	ff c3                	inc    %ebx
     260:	83 fb 08             	cmp    $0x8,%ebx
     263:	0f 85 f3 fe ff ff    	jne    15c <x86_emulate_memop+0xcf>
		case 0xf0:	/* LOCK */
			lock_prefix = 1;
			break;
		case 0xf3:	/* REP/REPE/REPZ */
			rep_prefix = 1;
			break;
		case 0xf2:	/* REPNE/REPNZ */
			break;
		default:
			goto done_prefixes;
		}
	}

done_prefixes:

	/* REX prefix. */
	if ((mode == X86EMUL_MODE_PROT64) && ((b & 0xf0) == 0x40)) {
     269:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
     26e:	0f 85 84 00 00 00    	jne    2f8 <x86_emulate_memop+0x26b>
     274:	40 0f b6 dd          	movzbl %bpl,%ebx
     278:	89 d8                	mov    %ebx,%eax
     27a:	25 f0 00 00 00       	and    $0xf0,%eax
     27f:	83 f8 40             	cmp    $0x40,%eax
     282:	75 74                	jne    2f8 <x86_emulate_memop+0x26b>
		rex_prefix = b;
		if (b & 8)
     284:	f6 c3 08             	test   $0x8,%bl
     287:	8b 54 24 54          	mov    0x54(%rsp),%edx
     28b:	0f 44 54 24 6c       	cmove  0x6c(%rsp),%edx
			op_bytes = 8;	/* REX.W */
		modrm_reg = (b & 4) << 1;	/* REX.R */
		index_reg = (b & 2) << 2; /* REX.X */
		modrm_rm = base_reg = (b & 1) << 3; /* REG.B */
		b = insn_fetch(u8, 1, _eip);
     290:	4c 8b 04 24          	mov    (%rsp),%r8
     294:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     29b:	00 
     29c:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     2a3:	00 
     2a4:	49 03 7d 20          	add    0x20(%r13),%rdi
     2a8:	4c 89 e9             	mov    %r13,%rcx
     2ab:	89 54 24 6c          	mov    %edx,0x6c(%rsp)
     2af:	ba 01 00 00 00       	mov    $0x1,%edx
     2b4:	41 ff 10             	callq  *(%r8)
     2b7:	85 c0                	test   %eax,%eax
     2b9:	0f 85 b1 07 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     2bf:	40 88 e8             	mov    %bpl,%al
     2c2:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     2c9:	00 
     2ca:	40 88 6c 24 1e       	mov    %bpl,0x1e(%rsp)
     2cf:	83 e0 04             	and    $0x4,%eax
     2d2:	40 8a ac 24 38 01 00 	mov    0x138(%rsp),%bpl
     2d9:	00 
     2da:	01 c0                	add    %eax,%eax
     2dc:	88 44 24 20          	mov    %al,0x20(%rsp)
     2e0:	89 d8                	mov    %ebx,%eax
     2e2:	83 e3 01             	and    $0x1,%ebx
     2e5:	83 e0 02             	and    $0x2,%eax
     2e8:	c1 e3 03             	shl    $0x3,%ebx
     2eb:	c1 e0 02             	shl    $0x2,%eax
     2ee:	88 5c 24 3f          	mov    %bl,0x3f(%rsp)
     2f2:	89 44 24 58          	mov    %eax,0x58(%rsp)
     2f6:	eb 19                	jmp    311 <x86_emulate_memop+0x284>
     2f8:	c6 44 24 1e 00       	movb   $0x0,0x1e(%rsp)
     2fd:	c6 44 24 20 00       	movb   $0x0,0x20(%rsp)
     302:	31 db                	xor    %ebx,%ebx
     304:	c6 44 24 3f 00       	movb   $0x0,0x3f(%rsp)
     309:	c7 44 24 58 00 00 00 	movl   $0x0,0x58(%rsp)
     310:	00 
	}

	/* Opcode byte(s). */
	d = opcode_table[b];
     311:	40 0f b6 c5          	movzbl %bpl,%eax
     315:	8a 80 00 00 00 00    	mov    0x0(%rax),%al
			317: R_X86_64_32S	.rodata+0x140
	if (d == 0) {
     31b:	84 c0                	test   %al,%al
     31d:	74 0e                	je     32d <x86_emulate_memop+0x2a0>
     31f:	0f b6 c0             	movzbl %al,%eax
     322:	c6 44 24 1d 00       	movb   $0x0,0x1d(%rsp)
     327:	89 44 24 18          	mov    %eax,0x18(%rsp)
     32b:	eb 66                	jmp    393 <x86_emulate_memop+0x306>
		/* Two-byte opcode? */
		if (b == 0x0f) {
     32d:	40 80 fd 0f          	cmp    $0xf,%bpl
     331:	0f 85 1a 38 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
			twobyte = 1;
			b = insn_fetch(u8, 1, _eip);
     337:	48 8b 2c 24          	mov    (%rsp),%rbp
     33b:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     342:	00 
     343:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     34a:	00 
     34b:	49 03 7d 20          	add    0x20(%r13),%rdi
     34f:	4c 89 e9             	mov    %r13,%rcx
     352:	ba 01 00 00 00       	mov    $0x1,%edx
     357:	ff 55 00             	callq  *0x0(%rbp)
     35a:	85 c0                	test   %eax,%eax
     35c:	0f 85 0e 07 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     362:	40 8a ac 24 38 01 00 	mov    0x138(%rsp),%bpl
     369:	00 
     36a:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     371:	00 
			d = twobyte_table[b];
     372:	40 0f b6 c5          	movzbl %bpl,%eax
     376:	66 8b 84 00 00 00 00 	mov    0x0(%rax,%rax,1),%ax
     37d:	00 
			37a: R_X86_64_32S	.data
		}

		/* Unrecognised? */
		if (d == 0)
     37e:	66 85 c0             	test   %ax,%ax
     381:	0f 84 ca 37 00 00    	je     3b51 <x86_emulate_memop+0x3ac4>
     387:	0f b7 c0             	movzwl %ax,%eax
     38a:	c6 44 24 1d 01       	movb   $0x1,0x1d(%rsp)
     38f:	89 44 24 18          	mov    %eax,0x18(%rsp)
			goto cannot_emulate;
	}

	/* ModRM and SIB bytes. */
	if (d & ModRM) {
     393:	45 31 f6             	xor    %r14d,%r14d
     396:	f6 44 24 18 40       	testb  $0x40,0x18(%rsp)
     39b:	c6 44 24 1f 00       	movb   $0x0,0x1f(%rsp)
     3a0:	0f 84 2a 04 00 00    	je     7d0 <x86_emulate_memop+0x743>
		modrm = insn_fetch(u8, 1, _eip);
     3a6:	4c 8b 04 24          	mov    (%rsp),%r8
     3aa:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     3b1:	00 
     3b2:	4c 89 e9             	mov    %r13,%rcx
     3b5:	49 03 7d 20          	add    0x20(%r13),%rdi
     3b9:	ba 01 00 00 00       	mov    $0x1,%edx
     3be:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     3c5:	00 
     3c6:	41 ff 10             	callq  *(%r8)
     3c9:	85 c0                	test   %eax,%eax
     3cb:	0f 85 9f 06 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     3d1:	8a 84 24 38 01 00 00 	mov    0x138(%rsp),%al
     3d8:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     3df:	00 
		modrm_mod |= (modrm & 0xc0) >> 6;
     3e0:	0f b6 d0             	movzbl %al,%edx
		modrm_reg |= (modrm & 0x38) >> 3;
		modrm_rm |= (modrm & 0x07);
     3e3:	83 e0 07             	and    $0x7,%eax
     3e6:	48 ff c7             	inc    %rdi
     3e9:	41 88 c6             	mov    %al,%r14b
     3ec:	44 0a 74 24 3f       	or     0x3f(%rsp),%r14b
     3f1:	89 d1                	mov    %edx,%ecx
     3f3:	c1 e9 06             	shr    $0x6,%ecx
     3f6:	83 e2 38             	and    $0x38,%edx
     3f9:	48 89 bc 24 50 01 00 	mov    %rdi,0x150(%rsp)
     400:	00 
     401:	c1 fa 03             	sar    $0x3,%edx
     404:	08 54 24 20          	or     %dl,0x20(%rsp)
		modrm_ea = 0;
		use_modrm_ea = 1;

		if (modrm_mod == 3) {
     408:	80 f9 03             	cmp    $0x3,%cl
     40b:	88 4c 24 0f          	mov    %cl,0xf(%rsp)
     40f:	88 4c 24 1f          	mov    %cl,0x1f(%rsp)
     413:	44 88 74 24 3f       	mov    %r14b,0x3f(%rsp)
     418:	75 1d                	jne    437 <x86_emulate_memop+0x3aa>
			modrm_val = *(unsigned long *)
     41a:	8b 54 24 18          	mov    0x18(%rsp),%edx
     41e:	48 8d 74 24 70       	lea    0x70(%rsp),%rsi
     423:	41 0f b6 fe          	movzbl %r14b,%edi
     427:	83 e2 01             	and    $0x1,%edx
     42a:	e8 da fb ff ff       	callq  9 <decode_register>
     42f:	4c 8b 30             	mov    (%rax),%r14
     432:	e9 99 03 00 00       	jmpq   7d0 <x86_emulate_memop+0x743>
				decode_register(modrm_rm, _regs, d & ByteOp);
			goto modrm_done;
		}

		if (ad_bytes == 2) {
     437:	83 7c 24 48 02       	cmpl   $0x2,0x48(%rsp)
     43c:	0f 85 3f 01 00 00    	jne    581 <x86_emulate_memop+0x4f4>
			unsigned bx = _regs[VCPU_REGS_RBX];
			unsigned bp = _regs[VCPU_REGS_RBP];
			unsigned si = _regs[VCPU_REGS_RSI];
			unsigned di = _regs[VCPU_REGS_RDI];

			/* 16-bit ModR/M decode. */
			switch (modrm_mod) {
     442:	80 7c 24 1f 01       	cmpb   $0x1,0x1f(%rsp)
     447:	48 8b 84 24 98 00 00 	mov    0x98(%rsp),%rax
     44e:	00 
     44f:	48 8b 94 24 a8 00 00 	mov    0xa8(%rsp),%rdx
     456:	00 
     457:	48 8b 9c 24 88 00 00 	mov    0x88(%rsp),%rbx
     45e:	00 
     45f:	4c 8b a4 24 a0 00 00 	mov    0xa0(%rsp),%r12
     466:	00 
     467:	48 89 44 24 10       	mov    %rax,0x10(%rsp)
     46c:	48 89 54 24 60       	mov    %rdx,0x60(%rsp)
     471:	74 12                	je     485 <x86_emulate_memop+0x3f8>
     473:	72 07                	jb     47c <x86_emulate_memop+0x3ef>
     475:	80 7c 24 1f 02       	cmpb   $0x2,0x1f(%rsp)
     47a:	eb 05                	jmp    481 <x86_emulate_memop+0x3f4>
			case 0:
				if (modrm_rm == 6)
     47c:	80 7c 24 3f 06       	cmpb   $0x6,0x3f(%rsp)
     481:	75 6e                	jne    4f1 <x86_emulate_memop+0x464>
     483:	eb 36                	jmp    4bb <x86_emulate_memop+0x42e>
					modrm_ea += insn_fetch(u16, 2, _eip);
				break;
			case 1:
				modrm_ea += insn_fetch(s8, 1, _eip);
     485:	4c 8b 04 24          	mov    (%rsp),%r8
     489:	49 03 7d 20          	add    0x20(%r13),%rdi
     48d:	4c 89 e9             	mov    %r13,%rcx
     490:	ba 01 00 00 00       	mov    $0x1,%edx
     495:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     49c:	00 
     49d:	41 ff 10             	callq  *(%r8)
     4a0:	85 c0                	test   %eax,%eax
     4a2:	0f 85 c8 05 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     4a8:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     4af:	00 
     4b0:	48 0f be 94 24 38 01 	movsbq 0x138(%rsp),%rdx
     4b7:	00 00 
     4b9:	eb 38                	jmp    4f3 <x86_emulate_memop+0x466>
				break;
			case 2:
				modrm_ea += insn_fetch(u16, 2, _eip);
     4bb:	4c 8b 04 24          	mov    (%rsp),%r8
     4bf:	49 03 7d 20          	add    0x20(%r13),%rdi
     4c3:	4c 89 e9             	mov    %r13,%rcx
     4c6:	ba 02 00 00 00       	mov    $0x2,%edx
     4cb:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     4d2:	00 
     4d3:	41 ff 10             	callq  *(%r8)
     4d6:	85 c0                	test   %eax,%eax
     4d8:	0f 85 92 05 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     4de:	48 83 84 24 50 01 00 	addq   $0x2,0x150(%rsp)
     4e5:	00 02 
     4e7:	0f b7 94 24 38 01 00 	movzwl 0x138(%rsp),%edx
     4ee:	00 
     4ef:	eb 02                	jmp    4f3 <x86_emulate_memop+0x466>
     4f1:	31 d2                	xor    %edx,%edx
				break;
			}
			switch (modrm_rm) {
     4f3:	41 80 fe 07          	cmp    $0x7,%r14b
     4f7:	89 df                	mov    %ebx,%edi
     4f9:	44 8b 44 24 10       	mov    0x10(%rsp),%r8d
     4fe:	44 89 e6             	mov    %r12d,%esi
     501:	8b 4c 24 60          	mov    0x60(%rsp),%ecx
     505:	77 40                	ja     547 <x86_emulate_memop+0x4ba>
     507:	41 0f b6 c6          	movzbl %r14b,%eax
     50b:	ff 24 c5 00 00 00 00 	jmpq   *0x0(,%rax,8)
			50e: R_X86_64_32S	.rodata
			case 0:
				modrm_ea += bx + si;
     512:	8d 04 3e             	lea    (%rsi,%rdi,1),%eax
     515:	eb 03                	jmp    51a <x86_emulate_memop+0x48d>
				break;
			case 1:
				modrm_ea += bx + di;
     517:	8d 04 39             	lea    (%rcx,%rdi,1),%eax
     51a:	48 01 c2             	add    %rax,%rdx
     51d:	eb 30                	jmp    54f <x86_emulate_memop+0x4c2>
				break;
			case 2:
				modrm_ea += bp + si;
     51f:	42 8d 04 06          	lea    (%rsi,%r8,1),%eax
     523:	eb 04                	jmp    529 <x86_emulate_memop+0x49c>
				break;
			case 3:
				modrm_ea += bp + di;
     525:	42 8d 04 01          	lea    (%rcx,%r8,1),%eax
     529:	48 01 c2             	add    %rax,%rdx
     52c:	eb 2e                	jmp    55c <x86_emulate_memop+0x4cf>
				break;
			case 4:
				modrm_ea += si;
     52e:	44 89 e0             	mov    %r12d,%eax
     531:	eb e7                	jmp    51a <x86_emulate_memop+0x48d>
				break;
			case 5:
				modrm_ea += di;
     533:	89 c8                	mov    %ecx,%eax
     535:	eb e3                	jmp    51a <x86_emulate_memop+0x48d>
				break;
			case 6:
				if (modrm_mod != 0)
     537:	80 7c 24 0f 00       	cmpb   $0x0,0xf(%rsp)
					modrm_ea += bp;
     53c:	44 89 c0             	mov    %r8d,%eax
     53f:	75 d9                	jne    51a <x86_emulate_memop+0x48d>
     541:	eb 0c                	jmp    54f <x86_emulate_memop+0x4c2>
				break;
			case 7:
				modrm_ea += bx;
     543:	89 d8                	mov    %ebx,%eax
     545:	eb d3                	jmp    51a <x86_emulate_memop+0x48d>
				break;
			}
			if (modrm_rm == 2 || modrm_rm == 3 ||
     547:	41 8d 46 fe          	lea    0xfffffffffffffffe(%r14),%eax
     54b:	3c 01                	cmp    $0x1,%al
     54d:	76 0d                	jbe    55c <x86_emulate_memop+0x4cf>
     54f:	41 80 fe 06          	cmp    $0x6,%r14b
     553:	75 1c                	jne    571 <x86_emulate_memop+0x4e4>
     555:	80 7c 24 1f 00       	cmpb   $0x0,0x1f(%rsp)
     55a:	74 15                	je     571 <x86_emulate_memop+0x4e4>
			    (modrm_rm == 6 && modrm_mod != 0))
				if (!override_base)
					override_base = &ctxt->ss_base;
     55c:	48 83 7c 24 40 00    	cmpq   $0x0,0x40(%rsp)
     562:	49 8d 45 38          	lea    0x38(%r13),%rax
     566:	48 0f 45 44 24 40    	cmovne 0x40(%rsp),%rax
     56c:	48 89 44 24 40       	mov    %rax,0x40(%rsp)
			modrm_ea = (u16)modrm_ea;
     571:	0f b7 da             	movzwl %dx,%ebx
     574:	c7 44 24 5c 00 00 00 	movl   $0x0,0x5c(%rsp)
     57b:	00 
     57c:	e9 b0 01 00 00       	jmpq   731 <x86_emulate_memop+0x6a4>
		} else {
			/* 32/64-bit ModR/M decode. */
			switch (modrm_rm) {
     581:	80 7c 24 3f 05       	cmpb   $0x5,0x3f(%rsp)
     586:	0f b6 44 24 3f       	movzbl 0x3f(%rsp),%eax
     58b:	0f 84 da 00 00 00    	je     66b <x86_emulate_memop+0x5de>
     591:	80 7c 24 3f 0c       	cmpb   $0xc,0x3f(%rsp)
     596:	74 0b                	je     5a3 <x86_emulate_memop+0x516>
     598:	80 7c 24 3f 04       	cmpb   $0x4,0x3f(%rsp)
     59d:	0f 85 ea 00 00 00    	jne    68d <x86_emulate_memop+0x600>
			case 4:
			case 12:
				sib = insn_fetch(u8, 1, _eip);
     5a3:	4c 8b 04 24          	mov    (%rsp),%r8
     5a7:	49 03 7d 20          	add    0x20(%r13),%rdi
     5ab:	4c 89 e9             	mov    %r13,%rcx
     5ae:	ba 01 00 00 00       	mov    $0x1,%edx
     5b3:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     5ba:	00 
     5bb:	41 ff 10             	callq  *(%r8)
     5be:	85 c0                	test   %eax,%eax
     5c0:	0f 85 aa 04 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     5c6:	44 8a a4 24 38 01 00 	mov    0x138(%rsp),%r12b
     5cd:	00 
     5ce:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     5d5:	00 
				index_reg |= (sib >> 3) & 7;
				base_reg |= sib & 7;
     5d6:	44 89 e0             	mov    %r12d,%eax
     5d9:	48 ff c7             	inc    %rdi
     5dc:	83 e0 07             	and    $0x7,%eax
     5df:	48 89 bc 24 50 01 00 	mov    %rdi,0x150(%rsp)
     5e6:	00 
     5e7:	09 d8                	or     %ebx,%eax
				scale = sib >> 6;

				switch (base_reg) {
     5e9:	83 f8 05             	cmp    $0x5,%eax
     5ec:	75 46                	jne    634 <x86_emulate_memop+0x5a7>
				case 5:
					if (modrm_mod != 0)
     5ee:	80 7c 24 1f 00       	cmpb   $0x0,0x1f(%rsp)
     5f3:	74 0a                	je     5ff <x86_emulate_memop+0x572>
						modrm_ea += _regs[base_reg];
     5f5:	48 8b 9c 24 98 00 00 	mov    0x98(%rsp),%rbx
     5fc:	00 
     5fd:	eb 3c                	jmp    63b <x86_emulate_memop+0x5ae>
					else
						modrm_ea += insn_fetch(s32, 4, _eip);
     5ff:	48 8b 1c 24          	mov    (%rsp),%rbx
     603:	49 03 7d 20          	add    0x20(%r13),%rdi
     607:	4c 89 e9             	mov    %r13,%rcx
     60a:	ba 04 00 00 00       	mov    $0x4,%edx
     60f:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     616:	00 
     617:	ff 13                	callq  *(%rbx)
     619:	85 c0                	test   %eax,%eax
     61b:	0f 85 4f 04 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     621:	48 83 84 24 50 01 00 	addq   $0x4,0x150(%rsp)
     628:	00 04 
     62a:	48 63 9c 24 38 01 00 	movslq 0x138(%rsp),%rbx
     631:	00 
     632:	eb 07                	jmp    63b <x86_emulate_memop+0x5ae>
					break;
				default:
					modrm_ea += _regs[base_reg];
     634:	48 98                	cltq   
     636:	48 8b 5c c4 70       	mov    0x70(%rsp,%rax,8),%rbx
     63b:	44 88 e0             	mov    %r12b,%al
				}
				switch (index_reg) {
     63e:	c7 44 24 5c 00 00 00 	movl   $0x0,0x5c(%rsp)
     645:	00 
     646:	c0 e8 03             	shr    $0x3,%al
     649:	83 e0 07             	and    $0x7,%eax
     64c:	0b 44 24 58          	or     0x58(%rsp),%eax
     650:	83 f8 04             	cmp    $0x4,%eax
     653:	74 47                	je     69c <x86_emulate_memop+0x60f>
				case 4:
					break;
				default:
					modrm_ea += _regs[index_reg] << scale;
     655:	48 98                	cltq   
     657:	41 c0 ec 06          	shr    $0x6,%r12b
     65b:	48 8b 44 c4 70       	mov    0x70(%rsp,%rax,8),%rax
     660:	44 88 e1             	mov    %r12b,%cl
     663:	48 d3 e0             	shl    %cl,%rax
     666:	48 01 c3             	add    %rax,%rbx
     669:	eb 31                	jmp    69c <x86_emulate_memop+0x60f>

				}
				break;
			case 5:
				if (modrm_mod != 0)
     66b:	80 7c 24 1f 00       	cmpb   $0x0,0x1f(%rsp)
     670:	75 1b                	jne    68d <x86_emulate_memop+0x600>
					modrm_ea += _regs[modrm_rm];
				else if (mode == X86EMUL_MODE_PROT64)
     672:	31 db                	xor    %ebx,%ebx
     674:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
     679:	c7 44 24 5c 01 00 00 	movl   $0x1,0x5c(%rsp)
     680:	00 
     681:	74 6f                	je     6f2 <x86_emulate_memop+0x665>
     683:	c7 44 24 5c 00 00 00 	movl   $0x0,0x5c(%rsp)
     68a:	00 
     68b:	eb 65                	jmp    6f2 <x86_emulate_memop+0x665>
					rip_relative = 1;
				break;
			default:
				modrm_ea += _regs[modrm_rm];
     68d:	48 98                	cltq   
     68f:	48 8b 5c c4 70       	mov    0x70(%rsp,%rax,8),%rbx
     694:	c7 44 24 5c 00 00 00 	movl   $0x0,0x5c(%rsp)
     69b:	00 
				break;
			}
			switch (modrm_mod) {
     69c:	80 7c 24 1f 01       	cmpb   $0x1,0x1f(%rsp)
     6a1:	74 11                	je     6b4 <x86_emulate_memop+0x627>
     6a3:	72 07                	jb     6ac <x86_emulate_memop+0x61f>
     6a5:	80 7c 24 1f 02       	cmpb   $0x2,0x1f(%rsp)
     6aa:	eb 04                	jmp    6b0 <x86_emulate_memop+0x623>
			case 0:
				if (modrm_rm == 5)
     6ac:	41 80 fe 05          	cmp    $0x5,%r14b
     6b0:	75 7f                	jne    731 <x86_emulate_memop+0x6a4>
     6b2:	eb 3e                	jmp    6f2 <x86_emulate_memop+0x665>
					modrm_ea += insn_fetch(s32, 4, _eip);
				break;
			case 1:
				modrm_ea += insn_fetch(s8, 1, _eip);
     6b4:	4c 8b 04 24          	mov    (%rsp),%r8
     6b8:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     6bf:	00 
     6c0:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     6c7:	00 
     6c8:	49 03 7d 20          	add    0x20(%r13),%rdi
     6cc:	4c 89 e9             	mov    %r13,%rcx
     6cf:	ba 01 00 00 00       	mov    $0x1,%edx
     6d4:	41 ff 10             	callq  *(%r8)
     6d7:	85 c0                	test   %eax,%eax
     6d9:	0f 85 91 03 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     6df:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     6e6:	00 
     6e7:	48 0f be 84 24 38 01 	movsbq 0x138(%rsp),%rax
     6ee:	00 00 
     6f0:	eb 3c                	jmp    72e <x86_emulate_memop+0x6a1>
				break;
			case 2:
				modrm_ea += insn_fetch(s32, 4, _eip);
     6f2:	4c 8b 04 24          	mov    (%rsp),%r8
     6f6:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     6fd:	00 
     6fe:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     705:	00 
     706:	49 03 7d 20          	add    0x20(%r13),%rdi
     70a:	4c 89 e9             	mov    %r13,%rcx
     70d:	ba 04 00 00 00       	mov    $0x4,%edx
     712:	41 ff 10             	callq  *(%r8)
     715:	85 c0                	test   %eax,%eax
     717:	0f 85 53 03 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     71d:	48 83 84 24 50 01 00 	addq   $0x4,0x150(%rsp)
     724:	00 04 
     726:	48 63 84 24 38 01 00 	movslq 0x138(%rsp),%rax
     72d:	00 
     72e:	48 01 c3             	add    %rax,%rbx
				break;
			}
		}
		if (!override_base)
			override_base = &ctxt->ds_base;
     731:	48 83 7c 24 40 00    	cmpq   $0x0,0x40(%rsp)
     737:	49 8d 45 28          	lea    0x28(%r13),%rax
     73b:	48 0f 45 44 24 40    	cmovne 0x40(%rsp),%rax
		if (mode == X86EMUL_MODE_PROT64 &&
     741:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
     746:	48 89 44 24 40       	mov    %rax,0x40(%rsp)
     74b:	75 21                	jne    76e <x86_emulate_memop+0x6e1>
     74d:	49 8d 45 48          	lea    0x48(%r13),%rax
     751:	48 39 44 24 40       	cmp    %rax,0x40(%rsp)
     756:	74 16                	je     76e <x86_emulate_memop+0x6e1>
     758:	49 8d 45 40          	lea    0x40(%r13),%rax
     75c:	48 39 44 24 40       	cmp    %rax,0x40(%rsp)
     761:	74 0b                	je     76e <x86_emulate_memop+0x6e1>
     763:	48 c7 44 24 40 00 00 	movq   $0x0,0x40(%rsp)
     76a:	00 00 
     76c:	eb 10                	jmp    77e <x86_emulate_memop+0x6f1>
		    override_base != &ctxt->fs_base &&
		    override_base != &ctxt->gs_base)
			override_base = NULL;

		if (override_base)
     76e:	48 83 7c 24 40 00    	cmpq   $0x0,0x40(%rsp)
     774:	74 08                	je     77e <x86_emulate_memop+0x6f1>
			modrm_ea += *override_base;
     776:	48 8b 44 24 40       	mov    0x40(%rsp),%rax
     77b:	48 03 18             	add    (%rax),%rbx

		if (rip_relative) {
     77e:	83 7c 24 5c 00       	cmpl   $0x0,0x5c(%rsp)
     783:	74 3b                	je     7c0 <x86_emulate_memop+0x733>
			modrm_ea += _eip;
			switch (d & SrcMask) {
     785:	8b 44 24 18          	mov    0x18(%rsp),%eax
     789:	48 03 9c 24 50 01 00 	add    0x150(%rsp),%rbx
     790:	00 
     791:	83 e0 38             	and    $0x38,%eax
     794:	83 f8 28             	cmp    $0x28,%eax
     797:	74 07                	je     7a0 <x86_emulate_memop+0x713>
     799:	83 f8 30             	cmp    $0x30,%eax
     79c:	75 22                	jne    7c0 <x86_emulate_memop+0x733>
     79e:	eb 07                	jmp    7a7 <x86_emulate_memop+0x71a>
			case SrcImmByte:
				modrm_ea += 1;
				break;
			case SrcImm:
				if (d & ByteOp)
     7a0:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     7a5:	74 05                	je     7ac <x86_emulate_memop+0x71f>
					modrm_ea += 1;
     7a7:	48 ff c3             	inc    %rbx
     7aa:	eb 14                	jmp    7c0 <x86_emulate_memop+0x733>
				else
					if (op_bytes == 8)
     7ac:	83 7c 24 6c 08       	cmpl   $0x8,0x6c(%rsp)
     7b1:	75 06                	jne    7b9 <x86_emulate_memop+0x72c>
						modrm_ea += 4;
     7b3:	48 83 c3 04          	add    $0x4,%rbx
     7b7:	eb 07                	jmp    7c0 <x86_emulate_memop+0x733>
					else
						modrm_ea += op_bytes;
     7b9:	8b 44 24 6c          	mov    0x6c(%rsp),%eax
     7bd:	48 01 c3             	add    %rax,%rbx
			}
		}
		if (ad_bytes != 8)
     7c0:	45 31 f6             	xor    %r14d,%r14d
     7c3:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
     7c8:	49 89 dc             	mov    %rbx,%r12
     7cb:	74 03                	je     7d0 <x86_emulate_memop+0x743>
			modrm_ea = (u32)modrm_ea;
     7cd:	41 89 dc             	mov    %ebx,%r12d
		cr2 = modrm_ea;
	modrm_done:
		;
	}

	/*
	 * Decode and fetch the source operand: register, memory
	 * or immediate.
	 */
	switch (d & SrcMask) {
     7d0:	8b 44 24 18          	mov    0x18(%rsp),%eax
     7d4:	83 e0 38             	and    $0x38,%eax
     7d7:	83 f8 18             	cmp    $0x18,%eax
     7da:	0f 84 d6 00 00 00    	je     8b6 <x86_emulate_memop+0x829>
     7e0:	77 13                	ja     7f5 <x86_emulate_memop+0x768>
     7e2:	83 f8 08             	cmp    $0x8,%eax
     7e5:	74 2e                	je     815 <x86_emulate_memop+0x788>
     7e7:	83 f8 10             	cmp    $0x10,%eax
     7ea:	0f 85 a1 02 00 00    	jne    a91 <x86_emulate_memop+0xa04>
     7f0:	e9 db 00 00 00       	jmpq   8d0 <x86_emulate_memop+0x843>
     7f5:	83 f8 28             	cmp    $0x28,%eax
     7f8:	0f 84 34 01 00 00    	je     932 <x86_emulate_memop+0x8a5>
     7fe:	83 f8 30             	cmp    $0x30,%eax
     801:	0f 84 24 02 00 00    	je     a2b <x86_emulate_memop+0x99e>
     807:	83 f8 20             	cmp    $0x20,%eax
     80a:	0f 85 81 02 00 00    	jne    a91 <x86_emulate_memop+0xa04>
     810:	e9 ae 00 00 00       	jmpq   8c3 <x86_emulate_memop+0x836>
	case SrcNone:
		break;
	case SrcReg:
		src.type = OP_REG;
		if (d & ByteOp) {
     815:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     81a:	c7 84 24 10 01 00 00 	movl   $0x0,0x110(%rsp)
     821:	00 00 00 00 
     825:	48 8d 74 24 70       	lea    0x70(%rsp),%rsi
     82a:	74 3f                	je     86b <x86_emulate_memop+0x7de>
			src.ptr = decode_register(modrm_reg, _regs,
     82c:	31 d2                	xor    %edx,%edx
     82e:	80 7c 24 1e 00       	cmpb   $0x0,0x1e(%rsp)
     833:	0f b6 7c 24 20       	movzbl 0x20(%rsp),%edi
     838:	0f 94 c2             	sete   %dl
     83b:	e8 c9 f7 ff ff       	callq  9 <decode_register>
     840:	48 89 84 24 28 01 00 	mov    %rax,0x128(%rsp)
     847:	00 
						  (rex_prefix == 0));
			src.val = src.orig_val = *(u8 *) src.ptr;
     848:	0f b6 00             	movzbl (%rax),%eax
			src.bytes = 1;
     84b:	c7 84 24 14 01 00 00 	movl   $0x1,0x114(%rsp)
     852:	01 00 00 00 
     856:	48 89 84 24 20 01 00 	mov    %rax,0x120(%rsp)
     85d:	00 
     85e:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
     865:	00 
     866:	e9 26 02 00 00       	jmpq   a91 <x86_emulate_memop+0xa04>
		} else {
			src.ptr = decode_register(modrm_reg, _regs, 0);
     86b:	0f b6 7c 24 20       	movzbl 0x20(%rsp),%edi
     870:	31 d2                	xor    %edx,%edx
     872:	e8 92 f7 ff ff       	callq  9 <decode_register>
			switch ((src.bytes = op_bytes)) {
     877:	8b 54 24 6c          	mov    0x6c(%rsp),%edx
     87b:	48 89 84 24 28 01 00 	mov    %rax,0x128(%rsp)
     882:	00 
     883:	83 fa 04             	cmp    $0x4,%edx
     886:	89 94 24 14 01 00 00 	mov    %edx,0x114(%rsp)
     88d:	74 13                	je     8a2 <x86_emulate_memop+0x815>
     88f:	83 fa 08             	cmp    $0x8,%edx
     892:	74 1d                	je     8b1 <x86_emulate_memop+0x824>
     894:	83 fa 02             	cmp    $0x2,%edx
     897:	0f 85 f4 01 00 00    	jne    a91 <x86_emulate_memop+0xa04>
			case 2:
				src.val = src.orig_val = *(u16 *) src.ptr;
     89d:	0f b7 00             	movzwl (%rax),%eax
     8a0:	eb 02                	jmp    8a4 <x86_emulate_memop+0x817>
				break;
			case 4:
				src.val = src.orig_val = *(u32 *) src.ptr;
     8a2:	8b 00                	mov    (%rax),%eax
     8a4:	48 89 84 24 20 01 00 	mov    %rax,0x120(%rsp)
     8ab:	00 
     8ac:	e9 d8 01 00 00       	jmpq   a89 <x86_emulate_memop+0x9fc>
				break;
			case 8:
				src.val = src.orig_val = *(u64 *) src.ptr;
     8b1:	48 8b 00             	mov    (%rax),%rax
     8b4:	eb ee                	jmp    8a4 <x86_emulate_memop+0x817>
				break;
			}
		}
		break;
	case SrcMem16:
		src.bytes = 2;
     8b6:	c7 84 24 14 01 00 00 	movl   $0x2,0x114(%rsp)
     8bd:	02 00 00 00 
     8c1:	eb 23                	jmp    8e6 <x86_emulate_memop+0x859>
		goto srcmem_common;
	case SrcMem32:
		src.bytes = 4;
     8c3:	c7 84 24 14 01 00 00 	movl   $0x4,0x114(%rsp)
     8ca:	04 00 00 00 
     8ce:	eb 16                	jmp    8e6 <x86_emulate_memop+0x859>
		goto srcmem_common;
	case SrcMem:
		src.bytes = (d & ByteOp) ? 1 : op_bytes;
     8d0:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     8d5:	b8 01 00 00 00       	mov    $0x1,%eax
     8da:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
     8df:	89 84 24 14 01 00 00 	mov    %eax,0x114(%rsp)
	      srcmem_common:
		src.type = OP_MEM;
		src.ptr = (unsigned long *)cr2;
		if ((rc = ops->read_emulated((unsigned long)src.ptr,
     8e6:	48 8b 1c 24          	mov    (%rsp),%rbx
     8ea:	c7 84 24 10 01 00 00 	movl   $0x1,0x110(%rsp)
     8f1:	01 00 00 00 
     8f5:	48 8d b4 24 18 01 00 	lea    0x118(%rsp),%rsi
     8fc:	00 
     8fd:	4c 89 a4 24 28 01 00 	mov    %r12,0x128(%rsp)
     904:	00 
     905:	8b 94 24 14 01 00 00 	mov    0x114(%rsp),%edx
     90c:	4c 89 e9             	mov    %r13,%rcx
     90f:	4c 89 e7             	mov    %r12,%rdi
     912:	ff 53 10             	callq  *0x10(%rbx)
     915:	85 c0                	test   %eax,%eax
     917:	0f 85 53 01 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
					     &src.val, src.bytes, ctxt)) != 0)
			goto done;
		src.orig_val = src.val;
     91d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     924:	00 
     925:	48 89 84 24 20 01 00 	mov    %rax,0x120(%rsp)
     92c:	00 
     92d:	e9 5f 01 00 00       	jmpq   a91 <x86_emulate_memop+0xa04>
		break;
	case SrcImm:
		src.type = OP_IMM;
		src.ptr = (unsigned long *)_eip;
		src.bytes = (d & ByteOp) ? 1 : op_bytes;
     932:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     937:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     93e:	00 
     93f:	c7 84 24 10 01 00 00 	movl   $0x2,0x110(%rsp)
     946:	02 00 00 00 
     94a:	48 89 bc 24 28 01 00 	mov    %rdi,0x128(%rsp)
     951:	00 
     952:	0f 85 fe 31 00 00    	jne    3b56 <x86_emulate_memop+0x3ac9>
     958:	44 8b 44 24 6c       	mov    0x6c(%rsp),%r8d
		if (src.bytes == 8)
     95d:	41 83 f8 08          	cmp    $0x8,%r8d
     961:	44 89 84 24 14 01 00 	mov    %r8d,0x114(%rsp)
     968:	00 
     969:	75 0d                	jne    978 <x86_emulate_memop+0x8eb>
			src.bytes = 4;
     96b:	c7 84 24 14 01 00 00 	movl   $0x4,0x114(%rsp)
     972:	04 00 00 00 
     976:	eb 7a                	jmp    9f2 <x86_emulate_memop+0x965>
		/* NB. Immediates are sign-extended as necessary. */
		switch (src.bytes) {
     978:	83 7c 24 6c 02       	cmpl   $0x2,0x6c(%rsp)
     97d:	74 39                	je     9b8 <x86_emulate_memop+0x92b>
     97f:	83 7c 24 6c 04       	cmpl   $0x4,0x6c(%rsp)
     984:	74 6c                	je     9f2 <x86_emulate_memop+0x965>
     986:	83 7c 24 6c 01       	cmpl   $0x1,0x6c(%rsp)
     98b:	0f 85 00 01 00 00    	jne    a91 <x86_emulate_memop+0xa04>
		case 1:
			src.val = insn_fetch(s8, 1, _eip);
     991:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     998:	00 
     999:	49 03 7d 20          	add    0x20(%r13),%rdi
     99d:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     9a4:	00 
     9a5:	48 8b 1c 24          	mov    (%rsp),%rbx
     9a9:	4c 89 e9             	mov    %r13,%rcx
     9ac:	ba 01 00 00 00       	mov    $0x1,%edx
     9b1:	ff 13                	callq  *(%rbx)
     9b3:	e9 b4 00 00 00       	jmpq   a6c <x86_emulate_memop+0x9df>
			break;
		case 2:
			src.val = insn_fetch(s16, 2, _eip);
     9b8:	4c 8b 04 24          	mov    (%rsp),%r8
     9bc:	49 03 7d 20          	add    0x20(%r13),%rdi
     9c0:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     9c7:	00 
     9c8:	4c 89 e9             	mov    %r13,%rcx
     9cb:	ba 02 00 00 00       	mov    $0x2,%edx
     9d0:	41 ff 10             	callq  *(%r8)
     9d3:	85 c0                	test   %eax,%eax
     9d5:	0f 85 95 00 00 00    	jne    a70 <x86_emulate_memop+0x9e3>
     9db:	48 83 84 24 50 01 00 	addq   $0x2,0x150(%rsp)
     9e2:	00 02 
     9e4:	48 0f bf 84 24 38 01 	movswq 0x138(%rsp),%rax
     9eb:	00 00 
     9ed:	e9 97 00 00 00       	jmpq   a89 <x86_emulate_memop+0x9fc>
			break;
		case 4:
			src.val = insn_fetch(s32, 4, _eip);
     9f2:	48 8b 1c 24          	mov    (%rsp),%rbx
     9f6:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     9fd:	00 
     9fe:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     a05:	00 
     a06:	49 03 7d 20          	add    0x20(%r13),%rdi
     a0a:	4c 89 e9             	mov    %r13,%rcx
     a0d:	ba 04 00 00 00       	mov    $0x4,%edx
     a12:	ff 13                	callq  *(%rbx)
     a14:	85 c0                	test   %eax,%eax
     a16:	75 58                	jne    a70 <x86_emulate_memop+0x9e3>
     a18:	48 83 84 24 50 01 00 	addq   $0x4,0x150(%rsp)
     a1f:	00 04 
     a21:	48 63 84 24 38 01 00 	movslq 0x138(%rsp),%rax
     a28:	00 
     a29:	eb 5e                	jmp    a89 <x86_emulate_memop+0x9fc>
			break;
		}
		break;
	case SrcImmByte:
		src.type = OP_IMM;
		src.ptr = (unsigned long *)_eip;
     a2b:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
     a32:	00 
		src.bytes = 1;
		src.val = insn_fetch(s8, 1, _eip);
     a33:	4c 8b 04 24          	mov    (%rsp),%r8
     a37:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
     a3e:	00 
     a3f:	c7 84 24 10 01 00 00 	movl   $0x2,0x110(%rsp)
     a46:	02 00 00 00 
     a4a:	c7 84 24 14 01 00 00 	movl   $0x1,0x114(%rsp)
     a51:	01 00 00 00 
     a55:	4c 89 e9             	mov    %r13,%rcx
     a58:	ba 01 00 00 00       	mov    $0x1,%edx
     a5d:	48 89 bc 24 28 01 00 	mov    %rdi,0x128(%rsp)
     a64:	00 
     a65:	49 03 7d 20          	add    0x20(%r13),%rdi
     a69:	41 ff 10             	callq  *(%r8)
     a6c:	85 c0                	test   %eax,%eax
     a6e:	74 08                	je     a78 <x86_emulate_memop+0x9eb>
     a70:	41 89 c7             	mov    %eax,%r15d
     a73:	e9 2c 21 00 00       	jmpq   2ba4 <x86_emulate_memop+0x2b17>
     a78:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
     a7f:	00 
     a80:	48 0f be 84 24 38 01 	movsbq 0x138(%rsp),%rax
     a87:	00 00 
     a89:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
     a90:	00 
		break;
	}

	/* Decode and fetch the destination operand: register or memory. */
	switch (d & DstMask) {
     a91:	8b 44 24 18          	mov    0x18(%rsp),%eax
     a95:	83 e0 06             	and    $0x6,%eax
     a98:	83 f8 04             	cmp    $0x4,%eax
     a9b:	74 17                	je     ab4 <x86_emulate_memop+0xa27>
     a9d:	83 f8 06             	cmp    $0x6,%eax
     aa0:	0f 84 ba 00 00 00    	je     b60 <x86_emulate_memop+0xad3>
     aa6:	83 f8 02             	cmp    $0x2,%eax
     aa9:	0f 85 2f 01 00 00    	jne    bde <x86_emulate_memop+0xb51>
     aaf:	e9 00 21 00 00       	jmpq   2bb4 <x86_emulate_memop+0x2b27>
	case ImplicitOps:
		/* Special instructions do their own operand decoding. */
		goto special_insn;
	case DstReg:
		dst.type = OP_REG;
		if ((d & ByteOp)
     ab4:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     ab9:	c7 84 24 f0 00 00 00 	movl   $0x0,0xf0(%rsp)
     ac0:	00 00 00 00 
     ac4:	74 4a                	je     b10 <x86_emulate_memop+0xa83>
     ac6:	80 7c 24 1d 00       	cmpb   $0x0,0x1d(%rsp)
     acb:	74 07                	je     ad4 <x86_emulate_memop+0xa47>
     acd:	8d 45 4a             	lea    0x4a(%rbp),%eax
     ad0:	3c 01                	cmp    $0x1,%al
     ad2:	76 3c                	jbe    b10 <x86_emulate_memop+0xa83>
		    && !(twobyte && (b == 0xb6 || b == 0xb7))) {
			dst.ptr = decode_register(modrm_reg, _regs,
     ad4:	31 d2                	xor    %edx,%edx
     ad6:	80 7c 24 1e 00       	cmpb   $0x0,0x1e(%rsp)
     adb:	0f b6 7c 24 20       	movzbl 0x20(%rsp),%edi
     ae0:	48 8d 74 24 70       	lea    0x70(%rsp),%rsi
     ae5:	0f 94 c2             	sete   %dl
     ae8:	e8 1c f5 ff ff       	callq  9 <decode_register>
     aed:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
     af4:	00 
						  (rex_prefix == 0));
			dst.val = *(u8 *) dst.ptr;
     af5:	0f b6 00             	movzbl (%rax),%eax
			dst.bytes = 1;
     af8:	c7 84 24 f4 00 00 00 	movl   $0x1,0xf4(%rsp)
     aff:	01 00 00 00 
     b03:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
     b0a:	00 
     b0b:	e9 ce 00 00 00       	jmpq   bde <x86_emulate_memop+0xb51>
		} else {
			dst.ptr = decode_register(modrm_reg, _regs, 0);
     b10:	0f b6 7c 24 20       	movzbl 0x20(%rsp),%edi
     b15:	48 8d 74 24 70       	lea    0x70(%rsp),%rsi
     b1a:	31 d2                	xor    %edx,%edx
     b1c:	e8 e8 f4 ff ff       	callq  9 <decode_register>
			switch ((dst.bytes = op_bytes)) {
     b21:	8b 54 24 6c          	mov    0x6c(%rsp),%edx
     b25:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
     b2c:	00 
     b2d:	83 fa 04             	cmp    $0x4,%edx
     b30:	89 94 24 f4 00 00 00 	mov    %edx,0xf4(%rsp)
     b37:	74 13                	je     b4c <x86_emulate_memop+0xabf>
     b39:	83 fa 08             	cmp    $0x8,%edx
     b3c:	74 1d                	je     b5b <x86_emulate_memop+0xace>
     b3e:	83 fa 02             	cmp    $0x2,%edx
     b41:	0f 85 97 00 00 00    	jne    bde <x86_emulate_memop+0xb51>
			case 2:
				dst.val = *(u16 *)dst.ptr;
     b47:	0f b7 00             	movzwl (%rax),%eax
     b4a:	eb 02                	jmp    b4e <x86_emulate_memop+0xac1>
				break;
			case 4:
				dst.val = *(u32 *)dst.ptr;
     b4c:	8b 00                	mov    (%rax),%eax
     b4e:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
     b55:	00 
     b56:	e9 83 00 00 00       	jmpq   bde <x86_emulate_memop+0xb51>
				break;
			case 8:
				dst.val = *(u64 *)dst.ptr;
     b5b:	48 8b 00             	mov    (%rax),%rax
     b5e:	eb ee                	jmp    b4e <x86_emulate_memop+0xac1>
				break;
			}
		}
		break;
	case DstMem:
		dst.type = OP_MEM;
		dst.ptr = (unsigned long *)cr2;
		dst.bytes = (d & ByteOp) ? 1 : op_bytes;
     b60:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
     b65:	b8 01 00 00 00       	mov    $0x1,%eax
     b6a:	c7 84 24 f0 00 00 00 	movl   $0x1,0xf0(%rsp)
     b71:	01 00 00 00 
     b75:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
		if (d & BitOp) {
     b7a:	f7 44 24 18 00 01 00 	testl  $0x100,0x18(%rsp)
     b81:	00 
     b82:	4c 89 a4 24 08 01 00 	mov    %r12,0x108(%rsp)
     b89:	00 
     b8a:	89 84 24 f4 00 00 00 	mov    %eax,0xf4(%rsp)
     b91:	74 18                	je     bab <x86_emulate_memop+0xb1e>
			unsigned long mask = ~(dst.bytes * 8 - 1);

			dst.ptr = (void *)dst.ptr + (src.val & mask) / 8;
     b93:	c1 e0 03             	shl    $0x3,%eax
     b96:	f7 d8                	neg    %eax
     b98:	23 84 24 18 01 00 00 	and    0x118(%rsp),%eax
     b9f:	48 c1 e8 03          	shr    $0x3,%rax
     ba3:	48 01 84 24 08 01 00 	add    %rax,0x108(%rsp)
     baa:	00 
		}
		if (!(d & Mov) && /* optimisation - avoid slow emulated read */
     bab:	80 7c 24 18 00       	cmpb   $0x0,0x18(%rsp)
     bb0:	78 2c                	js     bde <x86_emulate_memop+0xb51>
     bb2:	48 8b 1c 24          	mov    (%rsp),%rbx
     bb6:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
     bbd:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
     bc4:	00 
     bc5:	48 8b bc 24 08 01 00 	mov    0x108(%rsp),%rdi
     bcc:	00 
     bcd:	4c 89 e9             	mov    %r13,%rcx
     bd0:	ff 53 10             	callq  *0x10(%rbx)
     bd3:	85 c0                	test   %eax,%eax
     bd5:	41 89 c7             	mov    %eax,%r15d
     bd8:	0f 85 c6 1f 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
		    ((rc = ops->read_emulated((unsigned long)dst.ptr,
					      &dst.val, dst.bytes, ctxt)) != 0))
			goto done;
		break;
	}
	dst.orig_val = dst.val;

	if (twobyte)
     bde:	80 7c 24 1d 00       	cmpb   $0x0,0x1d(%rsp)
     be3:	48 8b 94 24 f8 00 00 	mov    0xf8(%rsp),%rdx
     bea:	00 
     beb:	48 89 94 24 00 01 00 	mov    %rdx,0x100(%rsp)
     bf2:	00 
     bf3:	0f 85 2a 24 00 00    	jne    3023 <x86_emulate_memop+0x2f96>
		goto twobyte_insn;

	switch (b) {
     bf9:	40 80 fd 85          	cmp    $0x85,%bpl
     bfd:	0f 87 b0 00 00 00    	ja     cb3 <x86_emulate_memop+0xc26>
     c03:	40 80 fd 84          	cmp    $0x84,%bpl
     c07:	0f 83 67 0c 00 00    	jae    1874 <x86_emulate_memop+0x17e7>
     c0d:	40 80 fd 25          	cmp    $0x25,%bpl
     c11:	77 4d                	ja     c60 <x86_emulate_memop+0xbd3>
     c13:	40 80 fd 20          	cmp    $0x20,%bpl
     c17:	0f 83 ac 06 00 00    	jae    12c9 <x86_emulate_memop+0x123c>
     c1d:	40 80 fd 0d          	cmp    $0xd,%bpl
     c21:	77 19                	ja     c3c <x86_emulate_memop+0xbaf>
     c23:	40 80 fd 08          	cmp    $0x8,%bpl
     c27:	0f 83 91 02 00 00    	jae    ebe <x86_emulate_memop+0xe31>
     c2d:	40 80 fd 05          	cmp    $0x5,%bpl
     c31:	0f 87 56 1e 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
     c37:	e9 25 01 00 00       	jmpq   d61 <x86_emulate_memop+0xcd4>
     c3c:	40 80 fd 10          	cmp    $0x10,%bpl
     c40:	0f 82 47 1e 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     c46:	40 80 fd 15          	cmp    $0x15,%bpl
     c4a:	0f 86 cb 03 00 00    	jbe    101b <x86_emulate_memop+0xf8e>
     c50:	8d 45 e8             	lea    0xffffffffffffffe8(%rbp),%eax
     c53:	3c 05                	cmp    $0x5,%al
     c55:	0f 87 32 1e 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
     c5b:	e9 18 05 00 00       	jmpq   1178 <x86_emulate_memop+0x10eb>
     c60:	40 80 fd 3d          	cmp    $0x3d,%bpl
     c64:	77 2e                	ja     c94 <x86_emulate_memop+0xc07>
     c66:	40 80 fd 38          	cmp    $0x38,%bpl
     c6a:	0f 83 70 0a 00 00    	jae    16e0 <x86_emulate_memop+0x1653>
     c70:	40 80 fd 28          	cmp    $0x28,%bpl
     c74:	0f 82 13 1e 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     c7a:	40 80 fd 2d          	cmp    $0x2d,%bpl
     c7e:	0f 86 a2 07 00 00    	jbe    1426 <x86_emulate_memop+0x1399>
     c84:	8d 45 d0             	lea    0xffffffffffffffd0(%rbp),%eax
     c87:	3c 05                	cmp    $0x5,%al
     c89:	0f 87 fe 1d 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
     c8f:	e9 ef 08 00 00       	jmpq   1583 <x86_emulate_memop+0x14f6>
     c94:	40 80 fd 63          	cmp    $0x63,%bpl
     c98:	0f 84 9f 0b 00 00    	je     183d <x86_emulate_memop+0x17b0>
     c9e:	0f 82 e9 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     ca4:	40 80 fd 80          	cmp    $0x80,%bpl
     ca8:	0f 82 df 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     cae:	e9 aa 0b 00 00       	jmpq   185d <x86_emulate_memop+0x17d0>
     cb3:	40 80 fd c1          	cmp    $0xc1,%bpl
     cb7:	77 52                	ja     d0b <x86_emulate_memop+0xc7e>
     cb9:	40 80 fd c0          	cmp    $0xc0,%bpl
     cbd:	0f 83 98 0e 00 00    	jae    1b5b <x86_emulate_memop+0x1ace>
     cc3:	40 80 fd 8f          	cmp    $0x8f,%bpl
     cc7:	0f 84 ce 0d 00 00    	je     1a9b <x86_emulate_memop+0x1a0e>
     ccd:	77 19                	ja     ce8 <x86_emulate_memop+0xc5b>
     ccf:	40 80 fd 87          	cmp    $0x87,%bpl
     cd3:	0f 86 ec 0c 00 00    	jbe    19c5 <x86_emulate_memop+0x1938>
     cd9:	40 80 fd 8b          	cmp    $0x8b,%bpl
     cdd:	0f 87 aa 1d 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
     ce3:	e9 9e 0d 00 00       	jmpq   1a86 <x86_emulate_memop+0x19f9>
     ce8:	40 80 fd a0          	cmp    $0xa0,%bpl
     cec:	0f 82 9b 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     cf2:	40 80 fd a1          	cmp    $0xa1,%bpl
     cf6:	0f 86 3e 0d 00 00    	jbe    1a3a <x86_emulate_memop+0x19ad>
     cfc:	40 80 fd a3          	cmp    $0xa3,%bpl
     d00:	0f 87 87 1d 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
     d06:	e9 5d 0d 00 00       	jmpq   1a68 <x86_emulate_memop+0x19db>
     d0b:	40 80 fd d3          	cmp    $0xd3,%bpl
     d0f:	77 2d                	ja     d3e <x86_emulate_memop+0xcb1>
     d11:	40 80 fd d2          	cmp    $0xd2,%bpl
     d15:	0f 83 76 17 00 00    	jae    2491 <x86_emulate_memop+0x2404>
     d1b:	40 80 fd c6          	cmp    $0xc6,%bpl
     d1f:	0f 82 68 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     d25:	40 80 fd c7          	cmp    $0xc7,%bpl
     d29:	0f 86 57 0d 00 00    	jbe    1a86 <x86_emulate_memop+0x19f9>
     d2f:	40 80 fd d0          	cmp    $0xd0,%bpl
     d33:	0f 82 54 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     d39:	e9 42 17 00 00       	jmpq   2480 <x86_emulate_memop+0x23f3>
     d3e:	40 80 fd f6          	cmp    $0xf6,%bpl
     d42:	0f 82 45 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     d48:	40 80 fd f7          	cmp    $0xf7,%bpl
     d4c:	0f 86 51 17 00 00    	jbe    24a3 <x86_emulate_memop+0x2416>
     d52:	40 80 fd fe          	cmp    $0xfe,%bpl
     d56:	0f 82 31 1d 00 00    	jb     2a8d <x86_emulate_memop+0x2a00>
     d5c:	e9 ce 19 00 00       	jmpq   272f <x86_emulate_memop+0x26a2>
	case 0x00 ... 0x05:
	      add:		/* add */
		emulate_2op_SrcV("add", src, dst, _eflags);
     d61:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
     d68:	83 f8 01             	cmp    $0x1,%eax
     d6b:	75 4b                	jne    db8 <x86_emulate_memop+0xd2b>
     d6d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     d74:	00 
     d75:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     d7c:	bd d5 08 00 00       	mov    $0x8d5,%ebp
     d81:	21 2c 24             	and    %ebp,(%rsp)
     d84:	9c                   	pushfq 
     d85:	f7 d5                	not    %ebp
     d87:	21 2c 24             	and    %ebp,(%rsp)
     d8a:	5d                   	pop    %rbp
     d8b:	09 2c 24             	or     %ebp,(%rsp)
     d8e:	9d                   	popfq  
     d8f:	bd d5 08 00 00       	mov    $0x8d5,%ebp
     d94:	f7 d5                	not    %ebp
     d96:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
     d9d:	00 84 24 f8 00 00 00 	add    %al,0xf8(%rsp)
     da4:	9c                   	pushfq 
     da5:	5d                   	pop    %rbp
     da6:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
     dac:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
     db3:	e9 d5 1c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     db8:	83 f8 04             	cmp    $0x4,%eax
     dbb:	74 6a                	je     e27 <x86_emulate_memop+0xd9a>
     dbd:	83 f8 08             	cmp    $0x8,%eax
     dc0:	0f 84 ac 00 00 00    	je     e72 <x86_emulate_memop+0xde5>
     dc6:	83 f8 02             	cmp    $0x2,%eax
     dc9:	0f 85 be 1c 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
     dcf:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     dd6:	00 
     dd7:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     dde:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
     de4:	44 21 04 24          	and    %r8d,(%rsp)
     de8:	9c                   	pushfq 
     de9:	41 f7 d0             	not    %r8d
     dec:	44 21 04 24          	and    %r8d,(%rsp)
     df0:	41 58                	pop    %r8
     df2:	44 09 04 24          	or     %r8d,(%rsp)
     df6:	9d                   	popfq  
     df7:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
     dfd:	41 f7 d0             	not    %r8d
     e00:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
     e07:	00 
     e08:	66 01 84 24 f8 00 00 	add    %ax,0xf8(%rsp)
     e0f:	00 
     e10:	9c                   	pushfq 
     e11:	41 58                	pop    %r8
     e13:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
     e1a:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
     e21:	00 
     e22:	e9 66 1c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     e27:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     e2e:	00 
     e2f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     e36:	ba d5 08 00 00       	mov    $0x8d5,%edx
     e3b:	21 14 24             	and    %edx,(%rsp)
     e3e:	9c                   	pushfq 
     e3f:	f7 d2                	not    %edx
     e41:	21 14 24             	and    %edx,(%rsp)
     e44:	5a                   	pop    %rdx
     e45:	09 14 24             	or     %edx,(%rsp)
     e48:	9d                   	popfq  
     e49:	ba d5 08 00 00       	mov    $0x8d5,%edx
     e4e:	f7 d2                	not    %edx
     e50:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
     e57:	01 84 24 f8 00 00 00 	add    %eax,0xf8(%rsp)
     e5e:	9c                   	pushfq 
     e5f:	5a                   	pop    %rdx
     e60:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
     e66:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
     e6d:	e9 1b 1c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     e72:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     e79:	00 
     e7a:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     e81:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
     e86:	21 0c 24             	and    %ecx,(%rsp)
     e89:	9c                   	pushfq 
     e8a:	f7 d1                	not    %ecx
     e8c:	21 0c 24             	and    %ecx,(%rsp)
     e8f:	59                   	pop    %rcx
     e90:	09 0c 24             	or     %ecx,(%rsp)
     e93:	9d                   	popfq  
     e94:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
     e99:	f7 d1                	not    %ecx
     e9b:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
     ea2:	48 01 84 24 f8 00 00 	add    %rax,0xf8(%rsp)
     ea9:	00 
     eaa:	9c                   	pushfq 
     eab:	59                   	pop    %rcx
     eac:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
     eb2:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
     eb9:	e9 cf 1b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x08 ... 0x0d:
	      or:		/* or */
		emulate_2op_SrcV("or", src, dst, _eflags);
     ebe:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
     ec5:	83 f8 01             	cmp    $0x1,%eax
     ec8:	75 4b                	jne    f15 <x86_emulate_memop+0xe88>
     eca:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     ed1:	00 
     ed2:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     ed9:	bb d5 08 00 00       	mov    $0x8d5,%ebx
     ede:	21 1c 24             	and    %ebx,(%rsp)
     ee1:	9c                   	pushfq 
     ee2:	f7 d3                	not    %ebx
     ee4:	21 1c 24             	and    %ebx,(%rsp)
     ee7:	5b                   	pop    %rbx
     ee8:	09 1c 24             	or     %ebx,(%rsp)
     eeb:	9d                   	popfq  
     eec:	bb d5 08 00 00       	mov    $0x8d5,%ebx
     ef1:	f7 d3                	not    %ebx
     ef3:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
     efa:	08 84 24 f8 00 00 00 	or     %al,0xf8(%rsp)
     f01:	9c                   	pushfq 
     f02:	5b                   	pop    %rbx
     f03:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
     f09:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
     f10:	e9 78 1b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     f15:	83 f8 04             	cmp    $0x4,%eax
     f18:	74 5e                	je     f78 <x86_emulate_memop+0xeeb>
     f1a:	83 f8 08             	cmp    $0x8,%eax
     f1d:	0f 84 ac 00 00 00    	je     fcf <x86_emulate_memop+0xf42>
     f23:	83 f8 02             	cmp    $0x2,%eax
     f26:	0f 85 61 1b 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
     f2c:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     f33:	00 
     f34:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     f3b:	bd d5 08 00 00       	mov    $0x8d5,%ebp
     f40:	21 2c 24             	and    %ebp,(%rsp)
     f43:	9c                   	pushfq 
     f44:	f7 d5                	not    %ebp
     f46:	21 2c 24             	and    %ebp,(%rsp)
     f49:	5d                   	pop    %rbp
     f4a:	09 2c 24             	or     %ebp,(%rsp)
     f4d:	9d                   	popfq  
     f4e:	bd d5 08 00 00       	mov    $0x8d5,%ebp
     f53:	f7 d5                	not    %ebp
     f55:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
     f5c:	66 09 84 24 f8 00 00 	or     %ax,0xf8(%rsp)
     f63:	00 
     f64:	9c                   	pushfq 
     f65:	5d                   	pop    %rbp
     f66:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
     f6c:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
     f73:	e9 15 1b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     f78:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     f7f:	00 
     f80:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     f87:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
     f8d:	44 21 04 24          	and    %r8d,(%rsp)
     f91:	9c                   	pushfq 
     f92:	41 f7 d0             	not    %r8d
     f95:	44 21 04 24          	and    %r8d,(%rsp)
     f99:	41 58                	pop    %r8
     f9b:	44 09 04 24          	or     %r8d,(%rsp)
     f9f:	9d                   	popfq  
     fa0:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
     fa6:	41 f7 d0             	not    %r8d
     fa9:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
     fb0:	00 
     fb1:	09 84 24 f8 00 00 00 	or     %eax,0xf8(%rsp)
     fb8:	9c                   	pushfq 
     fb9:	41 58                	pop    %r8
     fbb:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
     fc2:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
     fc9:	00 
     fca:	e9 be 1a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
     fcf:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
     fd6:	00 
     fd7:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
     fde:	ba d5 08 00 00       	mov    $0x8d5,%edx
     fe3:	21 14 24             	and    %edx,(%rsp)
     fe6:	9c                   	pushfq 
     fe7:	f7 d2                	not    %edx
     fe9:	21 14 24             	and    %edx,(%rsp)
     fec:	5a                   	pop    %rdx
     fed:	09 14 24             	or     %edx,(%rsp)
     ff0:	9d                   	popfq  
     ff1:	ba d5 08 00 00       	mov    $0x8d5,%edx
     ff6:	f7 d2                	not    %edx
     ff8:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
     fff:	48 09 84 24 f8 00 00 	or     %rax,0xf8(%rsp)
    1006:	00 
    1007:	9c                   	pushfq 
    1008:	5a                   	pop    %rdx
    1009:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    100f:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    1016:	e9 72 1a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x10 ... 0x15:
	      adc:		/* adc */
		emulate_2op_SrcV("adc", src, dst, _eflags);
    101b:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    1022:	83 f8 01             	cmp    $0x1,%eax
    1025:	75 4b                	jne    1072 <x86_emulate_memop+0xfe5>
    1027:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    102e:	00 
    102f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1036:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    103b:	21 0c 24             	and    %ecx,(%rsp)
    103e:	9c                   	pushfq 
    103f:	f7 d1                	not    %ecx
    1041:	21 0c 24             	and    %ecx,(%rsp)
    1044:	59                   	pop    %rcx
    1045:	09 0c 24             	or     %ecx,(%rsp)
    1048:	9d                   	popfq  
    1049:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    104e:	f7 d1                	not    %ecx
    1050:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    1057:	10 84 24 f8 00 00 00 	adc    %al,0xf8(%rsp)
    105e:	9c                   	pushfq 
    105f:	59                   	pop    %rcx
    1060:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    1066:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    106d:	e9 1b 1a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1072:	83 f8 04             	cmp    $0x4,%eax
    1075:	74 5e                	je     10d5 <x86_emulate_memop+0x1048>
    1077:	83 f8 08             	cmp    $0x8,%eax
    107a:	0f 84 a0 00 00 00    	je     1120 <x86_emulate_memop+0x1093>
    1080:	83 f8 02             	cmp    $0x2,%eax
    1083:	0f 85 04 1a 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1089:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1090:	00 
    1091:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1098:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    109d:	21 1c 24             	and    %ebx,(%rsp)
    10a0:	9c                   	pushfq 
    10a1:	f7 d3                	not    %ebx
    10a3:	21 1c 24             	and    %ebx,(%rsp)
    10a6:	5b                   	pop    %rbx
    10a7:	09 1c 24             	or     %ebx,(%rsp)
    10aa:	9d                   	popfq  
    10ab:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    10b0:	f7 d3                	not    %ebx
    10b2:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    10b9:	66 11 84 24 f8 00 00 	adc    %ax,0xf8(%rsp)
    10c0:	00 
    10c1:	9c                   	pushfq 
    10c2:	5b                   	pop    %rbx
    10c3:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    10c9:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    10d0:	e9 b8 19 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    10d5:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    10dc:	00 
    10dd:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    10e4:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    10e9:	21 2c 24             	and    %ebp,(%rsp)
    10ec:	9c                   	pushfq 
    10ed:	f7 d5                	not    %ebp
    10ef:	21 2c 24             	and    %ebp,(%rsp)
    10f2:	5d                   	pop    %rbp
    10f3:	09 2c 24             	or     %ebp,(%rsp)
    10f6:	9d                   	popfq  
    10f7:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    10fc:	f7 d5                	not    %ebp
    10fe:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    1105:	11 84 24 f8 00 00 00 	adc    %eax,0xf8(%rsp)
    110c:	9c                   	pushfq 
    110d:	5d                   	pop    %rbp
    110e:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    1114:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    111b:	e9 6d 19 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1120:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1127:	00 
    1128:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    112f:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    1135:	44 21 04 24          	and    %r8d,(%rsp)
    1139:	9c                   	pushfq 
    113a:	41 f7 d0             	not    %r8d
    113d:	44 21 04 24          	and    %r8d,(%rsp)
    1141:	41 58                	pop    %r8
    1143:	44 09 04 24          	or     %r8d,(%rsp)
    1147:	9d                   	popfq  
    1148:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    114e:	41 f7 d0             	not    %r8d
    1151:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    1158:	00 
    1159:	48 11 84 24 f8 00 00 	adc    %rax,0xf8(%rsp)
    1160:	00 
    1161:	9c                   	pushfq 
    1162:	41 58                	pop    %r8
    1164:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    116b:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    1172:	00 
    1173:	e9 15 19 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x18 ... 0x1d:
	      sbb:		/* sbb */
		emulate_2op_SrcV("sbb", src, dst, _eflags);
    1178:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    117f:	83 f8 01             	cmp    $0x1,%eax
    1182:	75 4b                	jne    11cf <x86_emulate_memop+0x1142>
    1184:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    118b:	00 
    118c:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1193:	ba d5 08 00 00       	mov    $0x8d5,%edx
    1198:	21 14 24             	and    %edx,(%rsp)
    119b:	9c                   	pushfq 
    119c:	f7 d2                	not    %edx
    119e:	21 14 24             	and    %edx,(%rsp)
    11a1:	5a                   	pop    %rdx
    11a2:	09 14 24             	or     %edx,(%rsp)
    11a5:	9d                   	popfq  
    11a6:	ba d5 08 00 00       	mov    $0x8d5,%edx
    11ab:	f7 d2                	not    %edx
    11ad:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    11b4:	18 84 24 f8 00 00 00 	sbb    %al,0xf8(%rsp)
    11bb:	9c                   	pushfq 
    11bc:	5a                   	pop    %rdx
    11bd:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    11c3:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    11ca:	e9 be 18 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    11cf:	83 f8 04             	cmp    $0x4,%eax
    11d2:	74 5e                	je     1232 <x86_emulate_memop+0x11a5>
    11d4:	83 f8 08             	cmp    $0x8,%eax
    11d7:	0f 84 a0 00 00 00    	je     127d <x86_emulate_memop+0x11f0>
    11dd:	83 f8 02             	cmp    $0x2,%eax
    11e0:	0f 85 a7 18 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    11e6:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    11ed:	00 
    11ee:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    11f5:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    11fa:	21 0c 24             	and    %ecx,(%rsp)
    11fd:	9c                   	pushfq 
    11fe:	f7 d1                	not    %ecx
    1200:	21 0c 24             	and    %ecx,(%rsp)
    1203:	59                   	pop    %rcx
    1204:	09 0c 24             	or     %ecx,(%rsp)
    1207:	9d                   	popfq  
    1208:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    120d:	f7 d1                	not    %ecx
    120f:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    1216:	66 19 84 24 f8 00 00 	sbb    %ax,0xf8(%rsp)
    121d:	00 
    121e:	9c                   	pushfq 
    121f:	59                   	pop    %rcx
    1220:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    1226:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    122d:	e9 5b 18 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1232:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1239:	00 
    123a:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1241:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1246:	21 1c 24             	and    %ebx,(%rsp)
    1249:	9c                   	pushfq 
    124a:	f7 d3                	not    %ebx
    124c:	21 1c 24             	and    %ebx,(%rsp)
    124f:	5b                   	pop    %rbx
    1250:	09 1c 24             	or     %ebx,(%rsp)
    1253:	9d                   	popfq  
    1254:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1259:	f7 d3                	not    %ebx
    125b:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    1262:	19 84 24 f8 00 00 00 	sbb    %eax,0xf8(%rsp)
    1269:	9c                   	pushfq 
    126a:	5b                   	pop    %rbx
    126b:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    1271:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    1278:	e9 10 18 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    127d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1284:	00 
    1285:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    128c:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    1291:	21 2c 24             	and    %ebp,(%rsp)
    1294:	9c                   	pushfq 
    1295:	f7 d5                	not    %ebp
    1297:	21 2c 24             	and    %ebp,(%rsp)
    129a:	5d                   	pop    %rbp
    129b:	09 2c 24             	or     %ebp,(%rsp)
    129e:	9d                   	popfq  
    129f:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    12a4:	f7 d5                	not    %ebp
    12a6:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    12ad:	48 19 84 24 f8 00 00 	sbb    %rax,0xf8(%rsp)
    12b4:	00 
    12b5:	9c                   	pushfq 
    12b6:	5d                   	pop    %rbp
    12b7:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    12bd:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    12c4:	e9 c4 17 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x20 ... 0x25:
	      and:		/* and */
		emulate_2op_SrcV("and", src, dst, _eflags);
    12c9:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    12d0:	83 f8 01             	cmp    $0x1,%eax
    12d3:	75 57                	jne    132c <x86_emulate_memop+0x129f>
    12d5:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    12dc:	00 
    12dd:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    12e4:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    12ea:	44 21 04 24          	and    %r8d,(%rsp)
    12ee:	9c                   	pushfq 
    12ef:	41 f7 d0             	not    %r8d
    12f2:	44 21 04 24          	and    %r8d,(%rsp)
    12f6:	41 58                	pop    %r8
    12f8:	44 09 04 24          	or     %r8d,(%rsp)
    12fc:	9d                   	popfq  
    12fd:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    1303:	41 f7 d0             	not    %r8d
    1306:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    130d:	00 
    130e:	20 84 24 f8 00 00 00 	and    %al,0xf8(%rsp)
    1315:	9c                   	pushfq 
    1316:	41 58                	pop    %r8
    1318:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    131f:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    1326:	00 
    1327:	e9 61 17 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    132c:	83 f8 04             	cmp    $0x4,%eax
    132f:	74 5e                	je     138f <x86_emulate_memop+0x1302>
    1331:	83 f8 08             	cmp    $0x8,%eax
    1334:	0f 84 a0 00 00 00    	je     13da <x86_emulate_memop+0x134d>
    133a:	83 f8 02             	cmp    $0x2,%eax
    133d:	0f 85 4a 17 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1343:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    134a:	00 
    134b:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1352:	ba d5 08 00 00       	mov    $0x8d5,%edx
    1357:	21 14 24             	and    %edx,(%rsp)
    135a:	9c                   	pushfq 
    135b:	f7 d2                	not    %edx
    135d:	21 14 24             	and    %edx,(%rsp)
    1360:	5a                   	pop    %rdx
    1361:	09 14 24             	or     %edx,(%rsp)
    1364:	9d                   	popfq  
    1365:	ba d5 08 00 00       	mov    $0x8d5,%edx
    136a:	f7 d2                	not    %edx
    136c:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    1373:	66 21 84 24 f8 00 00 	and    %ax,0xf8(%rsp)
    137a:	00 
    137b:	9c                   	pushfq 
    137c:	5a                   	pop    %rdx
    137d:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    1383:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    138a:	e9 fe 16 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    138f:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1396:	00 
    1397:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    139e:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    13a3:	21 0c 24             	and    %ecx,(%rsp)
    13a6:	9c                   	pushfq 
    13a7:	f7 d1                	not    %ecx
    13a9:	21 0c 24             	and    %ecx,(%rsp)
    13ac:	59                   	pop    %rcx
    13ad:	09 0c 24             	or     %ecx,(%rsp)
    13b0:	9d                   	popfq  
    13b1:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    13b6:	f7 d1                	not    %ecx
    13b8:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    13bf:	21 84 24 f8 00 00 00 	and    %eax,0xf8(%rsp)
    13c6:	9c                   	pushfq 
    13c7:	59                   	pop    %rcx
    13c8:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    13ce:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    13d5:	e9 b3 16 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    13da:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    13e1:	00 
    13e2:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    13e9:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    13ee:	21 1c 24             	and    %ebx,(%rsp)
    13f1:	9c                   	pushfq 
    13f2:	f7 d3                	not    %ebx
    13f4:	21 1c 24             	and    %ebx,(%rsp)
    13f7:	5b                   	pop    %rbx
    13f8:	09 1c 24             	or     %ebx,(%rsp)
    13fb:	9d                   	popfq  
    13fc:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1401:	f7 d3                	not    %ebx
    1403:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    140a:	48 21 84 24 f8 00 00 	and    %rax,0xf8(%rsp)
    1411:	00 
    1412:	9c                   	pushfq 
    1413:	5b                   	pop    %rbx
    1414:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    141a:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    1421:	e9 67 16 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x28 ... 0x2d:
	      sub:		/* sub */
		emulate_2op_SrcV("sub", src, dst, _eflags);
    1426:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    142d:	83 f8 01             	cmp    $0x1,%eax
    1430:	75 4b                	jne    147d <x86_emulate_memop+0x13f0>
    1432:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1439:	00 
    143a:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1441:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    1446:	21 2c 24             	and    %ebp,(%rsp)
    1449:	9c                   	pushfq 
    144a:	f7 d5                	not    %ebp
    144c:	21 2c 24             	and    %ebp,(%rsp)
    144f:	5d                   	pop    %rbp
    1450:	09 2c 24             	or     %ebp,(%rsp)
    1453:	9d                   	popfq  
    1454:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    1459:	f7 d5                	not    %ebp
    145b:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    1462:	28 84 24 f8 00 00 00 	sub    %al,0xf8(%rsp)
    1469:	9c                   	pushfq 
    146a:	5d                   	pop    %rbp
    146b:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    1471:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    1478:	e9 10 16 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    147d:	83 f8 04             	cmp    $0x4,%eax
    1480:	74 6a                	je     14ec <x86_emulate_memop+0x145f>
    1482:	83 f8 08             	cmp    $0x8,%eax
    1485:	0f 84 ac 00 00 00    	je     1537 <x86_emulate_memop+0x14aa>
    148b:	83 f8 02             	cmp    $0x2,%eax
    148e:	0f 85 f9 15 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1494:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    149b:	00 
    149c:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    14a3:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    14a9:	44 21 04 24          	and    %r8d,(%rsp)
    14ad:	9c                   	pushfq 
    14ae:	41 f7 d0             	not    %r8d
    14b1:	44 21 04 24          	and    %r8d,(%rsp)
    14b5:	41 58                	pop    %r8
    14b7:	44 09 04 24          	or     %r8d,(%rsp)
    14bb:	9d                   	popfq  
    14bc:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    14c2:	41 f7 d0             	not    %r8d
    14c5:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    14cc:	00 
    14cd:	66 29 84 24 f8 00 00 	sub    %ax,0xf8(%rsp)
    14d4:	00 
    14d5:	9c                   	pushfq 
    14d6:	41 58                	pop    %r8
    14d8:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    14df:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    14e6:	00 
    14e7:	e9 a1 15 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    14ec:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    14f3:	00 
    14f4:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    14fb:	ba d5 08 00 00       	mov    $0x8d5,%edx
    1500:	21 14 24             	and    %edx,(%rsp)
    1503:	9c                   	pushfq 
    1504:	f7 d2                	not    %edx
    1506:	21 14 24             	and    %edx,(%rsp)
    1509:	5a                   	pop    %rdx
    150a:	09 14 24             	or     %edx,(%rsp)
    150d:	9d                   	popfq  
    150e:	ba d5 08 00 00       	mov    $0x8d5,%edx
    1513:	f7 d2                	not    %edx
    1515:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    151c:	29 84 24 f8 00 00 00 	sub    %eax,0xf8(%rsp)
    1523:	9c                   	pushfq 
    1524:	5a                   	pop    %rdx
    1525:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    152b:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    1532:	e9 56 15 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1537:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    153e:	00 
    153f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1546:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    154b:	21 0c 24             	and    %ecx,(%rsp)
    154e:	9c                   	pushfq 
    154f:	f7 d1                	not    %ecx
    1551:	21 0c 24             	and    %ecx,(%rsp)
    1554:	59                   	pop    %rcx
    1555:	09 0c 24             	or     %ecx,(%rsp)
    1558:	9d                   	popfq  
    1559:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    155e:	f7 d1                	not    %ecx
    1560:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    1567:	48 29 84 24 f8 00 00 	sub    %rax,0xf8(%rsp)
    156e:	00 
    156f:	9c                   	pushfq 
    1570:	59                   	pop    %rcx
    1571:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    1577:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    157e:	e9 0a 15 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x30 ... 0x35:
	      xor:		/* xor */
		emulate_2op_SrcV("xor", src, dst, _eflags);
    1583:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    158a:	83 f8 01             	cmp    $0x1,%eax
    158d:	75 4b                	jne    15da <x86_emulate_memop+0x154d>
    158f:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1596:	00 
    1597:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    159e:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    15a3:	21 1c 24             	and    %ebx,(%rsp)
    15a6:	9c                   	pushfq 
    15a7:	f7 d3                	not    %ebx
    15a9:	21 1c 24             	and    %ebx,(%rsp)
    15ac:	5b                   	pop    %rbx
    15ad:	09 1c 24             	or     %ebx,(%rsp)
    15b0:	9d                   	popfq  
    15b1:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    15b6:	f7 d3                	not    %ebx
    15b8:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    15bf:	30 84 24 f8 00 00 00 	xor    %al,0xf8(%rsp)
    15c6:	9c                   	pushfq 
    15c7:	5b                   	pop    %rbx
    15c8:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    15ce:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    15d5:	e9 b3 14 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    15da:	83 f8 04             	cmp    $0x4,%eax
    15dd:	74 5e                	je     163d <x86_emulate_memop+0x15b0>
    15df:	83 f8 08             	cmp    $0x8,%eax
    15e2:	0f 84 ac 00 00 00    	je     1694 <x86_emulate_memop+0x1607>
    15e8:	83 f8 02             	cmp    $0x2,%eax
    15eb:	0f 85 9c 14 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    15f1:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    15f8:	00 
    15f9:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1600:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    1605:	21 2c 24             	and    %ebp,(%rsp)
    1608:	9c                   	pushfq 
    1609:	f7 d5                	not    %ebp
    160b:	21 2c 24             	and    %ebp,(%rsp)
    160e:	5d                   	pop    %rbp
    160f:	09 2c 24             	or     %ebp,(%rsp)
    1612:	9d                   	popfq  
    1613:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    1618:	f7 d5                	not    %ebp
    161a:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    1621:	66 31 84 24 f8 00 00 	xor    %ax,0xf8(%rsp)
    1628:	00 
    1629:	9c                   	pushfq 
    162a:	5d                   	pop    %rbp
    162b:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    1631:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    1638:	e9 50 14 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    163d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1644:	00 
    1645:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    164c:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    1652:	44 21 04 24          	and    %r8d,(%rsp)
    1656:	9c                   	pushfq 
    1657:	41 f7 d0             	not    %r8d
    165a:	44 21 04 24          	and    %r8d,(%rsp)
    165e:	41 58                	pop    %r8
    1660:	44 09 04 24          	or     %r8d,(%rsp)
    1664:	9d                   	popfq  
    1665:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    166b:	41 f7 d0             	not    %r8d
    166e:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    1675:	00 
    1676:	31 84 24 f8 00 00 00 	xor    %eax,0xf8(%rsp)
    167d:	9c                   	pushfq 
    167e:	41 58                	pop    %r8
    1680:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    1687:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    168e:	00 
    168f:	e9 f9 13 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1694:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    169b:	00 
    169c:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    16a3:	ba d5 08 00 00       	mov    $0x8d5,%edx
    16a8:	21 14 24             	and    %edx,(%rsp)
    16ab:	9c                   	pushfq 
    16ac:	f7 d2                	not    %edx
    16ae:	21 14 24             	and    %edx,(%rsp)
    16b1:	5a                   	pop    %rdx
    16b2:	09 14 24             	or     %edx,(%rsp)
    16b5:	9d                   	popfq  
    16b6:	ba d5 08 00 00       	mov    $0x8d5,%edx
    16bb:	f7 d2                	not    %edx
    16bd:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    16c4:	48 31 84 24 f8 00 00 	xor    %rax,0xf8(%rsp)
    16cb:	00 
    16cc:	9c                   	pushfq 
    16cd:	5a                   	pop    %rdx
    16ce:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    16d4:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    16db:	e9 ad 13 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x38 ... 0x3d:
	      cmp:		/* cmp */
		emulate_2op_SrcV("cmp", src, dst, _eflags);
    16e0:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    16e7:	83 f8 01             	cmp    $0x1,%eax
    16ea:	75 4b                	jne    1737 <x86_emulate_memop+0x16aa>
    16ec:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    16f3:	00 
    16f4:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    16fb:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    1700:	21 0c 24             	and    %ecx,(%rsp)
    1703:	9c                   	pushfq 
    1704:	f7 d1                	not    %ecx
    1706:	21 0c 24             	and    %ecx,(%rsp)
    1709:	59                   	pop    %rcx
    170a:	09 0c 24             	or     %ecx,(%rsp)
    170d:	9d                   	popfq  
    170e:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    1713:	f7 d1                	not    %ecx
    1715:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    171c:	38 84 24 f8 00 00 00 	cmp    %al,0xf8(%rsp)
    1723:	9c                   	pushfq 
    1724:	59                   	pop    %rcx
    1725:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    172b:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    1732:	e9 56 13 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1737:	83 f8 04             	cmp    $0x4,%eax
    173a:	74 5e                	je     179a <x86_emulate_memop+0x170d>
    173c:	83 f8 08             	cmp    $0x8,%eax
    173f:	0f 84 a0 00 00 00    	je     17e5 <x86_emulate_memop+0x1758>
    1745:	83 f8 02             	cmp    $0x2,%eax
    1748:	0f 85 3f 13 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    174e:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1755:	00 
    1756:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    175d:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1762:	21 1c 24             	and    %ebx,(%rsp)
    1765:	9c                   	pushfq 
    1766:	f7 d3                	not    %ebx
    1768:	21 1c 24             	and    %ebx,(%rsp)
    176b:	5b                   	pop    %rbx
    176c:	09 1c 24             	or     %ebx,(%rsp)
    176f:	9d                   	popfq  
    1770:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1775:	f7 d3                	not    %ebx
    1777:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    177e:	66 39 84 24 f8 00 00 	cmp    %ax,0xf8(%rsp)
    1785:	00 
    1786:	9c                   	pushfq 
    1787:	5b                   	pop    %rbx
    1788:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    178e:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    1795:	e9 f3 12 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    179a:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    17a1:	00 
    17a2:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    17a9:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    17ae:	21 2c 24             	and    %ebp,(%rsp)
    17b1:	9c                   	pushfq 
    17b2:	f7 d5                	not    %ebp
    17b4:	21 2c 24             	and    %ebp,(%rsp)
    17b7:	5d                   	pop    %rbp
    17b8:	09 2c 24             	or     %ebp,(%rsp)
    17bb:	9d                   	popfq  
    17bc:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    17c1:	f7 d5                	not    %ebp
    17c3:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    17ca:	39 84 24 f8 00 00 00 	cmp    %eax,0xf8(%rsp)
    17d1:	9c                   	pushfq 
    17d2:	5d                   	pop    %rbp
    17d3:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    17d9:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    17e0:	e9 a8 12 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    17e5:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    17ec:	00 
    17ed:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    17f4:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    17fa:	44 21 04 24          	and    %r8d,(%rsp)
    17fe:	9c                   	pushfq 
    17ff:	41 f7 d0             	not    %r8d
    1802:	44 21 04 24          	and    %r8d,(%rsp)
    1806:	41 58                	pop    %r8
    1808:	44 09 04 24          	or     %r8d,(%rsp)
    180c:	9d                   	popfq  
    180d:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    1813:	41 f7 d0             	not    %r8d
    1816:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    181d:	00 
    181e:	48 39 84 24 f8 00 00 	cmp    %rax,0xf8(%rsp)
    1825:	00 
    1826:	9c                   	pushfq 
    1827:	41 58                	pop    %r8
    1829:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    1830:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    1837:	00 
    1838:	e9 50 12 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x63:		/* movsxd */
		if (mode != X86EMUL_MODE_PROT64)
    183d:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
    1842:	0f 85 09 23 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
			goto cannot_emulate;
		dst.val = (s32) src.val;
    1848:	48 63 84 24 18 01 00 	movslq 0x118(%rsp),%rax
    184f:	00 
    1850:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    1857:	00 
    1858:	e9 30 12 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x80 ... 0x83:	/* Grp1 */
		switch (modrm_reg) {
    185d:	80 7c 24 20 07       	cmpb   $0x7,0x20(%rsp)
    1862:	0f 87 25 12 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
    1868:	0f b6 44 24 20       	movzbl 0x20(%rsp),%eax
    186d:	ff 24 c5 00 00 00 00 	jmpq   *0x0(,%rax,8)
			1870: R_X86_64_32S	.rodata+0x40
		case 0:
			goto add;
		case 1:
			goto or;
		case 2:
			goto adc;
		case 3:
			goto sbb;
		case 4:
			goto and;
		case 5:
			goto sub;
		case 6:
			goto xor;
		case 7:
			goto cmp;
		}
		break;
	case 0x84 ... 0x85:
	      test:		/* test */
		emulate_2op_SrcV("test", src, dst, _eflags);
    1874:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    187b:	83 f8 01             	cmp    $0x1,%eax
    187e:	75 4b                	jne    18cb <x86_emulate_memop+0x183e>
    1880:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1887:	00 
    1888:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    188f:	ba d5 08 00 00       	mov    $0x8d5,%edx
    1894:	21 14 24             	and    %edx,(%rsp)
    1897:	9c                   	pushfq 
    1898:	f7 d2                	not    %edx
    189a:	21 14 24             	and    %edx,(%rsp)
    189d:	5a                   	pop    %rdx
    189e:	09 14 24             	or     %edx,(%rsp)
    18a1:	9d                   	popfq  
    18a2:	ba d5 08 00 00       	mov    $0x8d5,%edx
    18a7:	f7 d2                	not    %edx
    18a9:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    18b0:	84 84 24 f8 00 00 00 	test   %al,0xf8(%rsp)
    18b7:	9c                   	pushfq 
    18b8:	5a                   	pop    %rdx
    18b9:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    18bf:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    18c6:	e9 c2 11 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    18cb:	83 f8 04             	cmp    $0x4,%eax
    18ce:	74 5e                	je     192e <x86_emulate_memop+0x18a1>
    18d0:	83 f8 08             	cmp    $0x8,%eax
    18d3:	0f 84 a0 00 00 00    	je     1979 <x86_emulate_memop+0x18ec>
    18d9:	83 f8 02             	cmp    $0x2,%eax
    18dc:	0f 85 ab 11 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    18e2:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    18e9:	00 
    18ea:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    18f1:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    18f6:	21 0c 24             	and    %ecx,(%rsp)
    18f9:	9c                   	pushfq 
    18fa:	f7 d1                	not    %ecx
    18fc:	21 0c 24             	and    %ecx,(%rsp)
    18ff:	59                   	pop    %rcx
    1900:	09 0c 24             	or     %ecx,(%rsp)
    1903:	9d                   	popfq  
    1904:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    1909:	f7 d1                	not    %ecx
    190b:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    1912:	66 85 84 24 f8 00 00 	test   %ax,0xf8(%rsp)
    1919:	00 
    191a:	9c                   	pushfq 
    191b:	59                   	pop    %rcx
    191c:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    1922:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    1929:	e9 5f 11 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    192e:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1935:	00 
    1936:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    193d:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1942:	21 1c 24             	and    %ebx,(%rsp)
    1945:	9c                   	pushfq 
    1946:	f7 d3                	not    %ebx
    1948:	21 1c 24             	and    %ebx,(%rsp)
    194b:	5b                   	pop    %rbx
    194c:	09 1c 24             	or     %ebx,(%rsp)
    194f:	9d                   	popfq  
    1950:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    1955:	f7 d3                	not    %ebx
    1957:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    195e:	85 84 24 f8 00 00 00 	test   %eax,0xf8(%rsp)
    1965:	9c                   	pushfq 
    1966:	5b                   	pop    %rbx
    1967:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    196d:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    1974:	e9 14 11 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1979:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1980:	00 
    1981:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1988:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    198d:	21 2c 24             	and    %ebp,(%rsp)
    1990:	9c                   	pushfq 
    1991:	f7 d5                	not    %ebp
    1993:	21 2c 24             	and    %ebp,(%rsp)
    1996:	5d                   	pop    %rbp
    1997:	09 2c 24             	or     %ebp,(%rsp)
    199a:	9d                   	popfq  
    199b:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    19a0:	f7 d5                	not    %ebp
    19a2:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    19a9:	48 85 84 24 f8 00 00 	test   %rax,0xf8(%rsp)
    19b0:	00 
    19b1:	9c                   	pushfq 
    19b2:	5d                   	pop    %rbp
    19b3:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    19b9:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    19c0:	e9 c8 10 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x86 ... 0x87:	/* xchg */
		/* Write back the register source. */
		switch (dst.bytes) {
    19c5:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    19cc:	83 f8 02             	cmp    $0x2,%eax
    19cf:	74 20                	je     19f1 <x86_emulate_memop+0x1964>
    19d1:	77 06                	ja     19d9 <x86_emulate_memop+0x194c>
    19d3:	ff c8                	dec    %eax
    19d5:	75 46                	jne    1a1d <x86_emulate_memop+0x1990>
    19d7:	eb 0c                	jmp    19e5 <x86_emulate_memop+0x1958>
    19d9:	83 f8 04             	cmp    $0x4,%eax
    19dc:	74 20                	je     19fe <x86_emulate_memop+0x1971>
    19de:	83 f8 08             	cmp    $0x8,%eax
    19e1:	75 3a                	jne    1a1d <x86_emulate_memop+0x1990>
    19e3:	eb 25                	jmp    1a0a <x86_emulate_memop+0x197d>
		case 1:
			*(u8 *) src.ptr = (u8) dst.val;
    19e5:	48 8b 84 24 28 01 00 	mov    0x128(%rsp),%rax
    19ec:	00 
    19ed:	88 10                	mov    %dl,(%rax)
    19ef:	eb 2c                	jmp    1a1d <x86_emulate_memop+0x1990>
			break;
		case 2:
			*(u16 *) src.ptr = (u16) dst.val;
    19f1:	48 8b 84 24 28 01 00 	mov    0x128(%rsp),%rax
    19f8:	00 
    19f9:	66 89 10             	mov    %dx,(%rax)
    19fc:	eb 1f                	jmp    1a1d <x86_emulate_memop+0x1990>
			break;
		case 4:
			*src.ptr = (u32) dst.val;
    19fe:	48 8b 84 24 28 01 00 	mov    0x128(%rsp),%rax
    1a05:	00 
    1a06:	89 d2                	mov    %edx,%edx
    1a08:	eb 10                	jmp    1a1a <x86_emulate_memop+0x198d>
			break;	/* 64b reg: zero-extend */
		case 8:
			*src.ptr = dst.val;
    1a0a:	48 8b 94 24 f8 00 00 	mov    0xf8(%rsp),%rdx
    1a11:	00 
    1a12:	48 8b 84 24 28 01 00 	mov    0x128(%rsp),%rax
    1a19:	00 
    1a1a:	48 89 10             	mov    %rdx,(%rax)
			break;
		}
		/*
		 * Write back the memory destination with implicit LOCK
		 * prefix.
		 */
		dst.val = src.val;
    1a1d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1a24:	00 
    1a25:	c7 44 24 4c 01 00 00 	movl   $0x1,0x4c(%rsp)
    1a2c:	00 
    1a2d:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    1a34:	00 
    1a35:	e9 53 10 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		lock_prefix = 1;
		break;
	case 0xa0 ... 0xa1:	/* mov */
		dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
    1a3a:	48 8d 44 24 70       	lea    0x70(%rsp),%rax
    1a3f:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
    1a46:	00 
		dst.val = src.val;
    1a47:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1a4e:	00 
    1a4f:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    1a56:	00 
		_eip += ad_bytes;	/* skip src displacement */
    1a57:	8b 44 24 48          	mov    0x48(%rsp),%eax
    1a5b:	48 01 84 24 50 01 00 	add    %rax,0x150(%rsp)
    1a62:	00 
    1a63:	e9 25 10 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xa2 ... 0xa3:	/* mov */
		dst.val = (unsigned long)_regs[VCPU_REGS_RAX];
    1a68:	48 8b 44 24 70       	mov    0x70(%rsp),%rax
    1a6d:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    1a74:	00 
		_eip += ad_bytes;	/* skip dst displacement */
    1a75:	8b 44 24 48          	mov    0x48(%rsp),%eax
    1a79:	48 01 84 24 50 01 00 	add    %rax,0x150(%rsp)
    1a80:	00 
    1a81:	e9 07 10 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x88 ... 0x8b:	/* mov */
	case 0xc6 ... 0xc7:	/* mov (sole member of Grp11) */
		dst.val = src.val;
    1a86:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    1a8d:	00 
    1a8e:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    1a95:	00 
    1a96:	e9 f2 0f 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0x8f:		/* pop (sole member of Grp1a) */
		/* 64-bit mode: POP always pops a 64-bit operand. */
		if (mode == X86EMUL_MODE_PROT64)
			dst.bytes = 8;
    1a9b:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
    1aa0:	ba 08 00 00 00       	mov    $0x8,%edx
		if ((rc = ops->read_std(register_address(ctxt->ss_base,
    1aa5:	48 8b 04 24          	mov    (%rsp),%rax
    1aa9:	0f 45 94 24 f4 00 00 	cmovne 0xf4(%rsp),%edx
    1ab0:	00 
    1ab1:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    1ab6:	49 8b 7d 38          	mov    0x38(%r13),%rdi
    1aba:	89 94 24 f4 00 00 00 	mov    %edx,0xf4(%rsp)
    1ac1:	4c 8b 00             	mov    (%rax),%r8
    1ac4:	75 0a                	jne    1ad0 <x86_emulate_memop+0x1a43>
    1ac6:	48 8b 84 24 90 00 00 	mov    0x90(%rsp),%rax
    1acd:	00 
    1ace:	eb 1a                	jmp    1aea <x86_emulate_memop+0x1a5d>
    1ad0:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    1ad4:	b8 01 00 00 00       	mov    $0x1,%eax
    1ad9:	c1 e1 03             	shl    $0x3,%ecx
    1adc:	48 d3 e0             	shl    %cl,%rax
    1adf:	48 ff c8             	dec    %rax
    1ae2:	48 23 84 24 90 00 00 	and    0x90(%rsp),%rax
    1ae9:	00 
    1aea:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
    1af1:	00 
    1af2:	48 8d 3c 38          	lea    (%rax,%rdi,1),%rdi
    1af6:	4c 89 e9             	mov    %r13,%rcx
    1af9:	41 ff d0             	callq  *%r8
    1afc:	85 c0                	test   %eax,%eax
    1afe:	41 89 c7             	mov    %eax,%r15d
    1b01:	0f 85 9d 10 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
							 _regs[VCPU_REGS_RSP]),
					&dst.val, dst.bytes, ctxt)) != 0)
			goto done;
		register_address_increment(_regs[VCPU_REGS_RSP], dst.bytes);
    1b07:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    1b0c:	48 63 bc 24 f4 00 00 	movslq 0xf4(%rsp),%rdi
    1b13:	00 
    1b14:	75 0d                	jne    1b23 <x86_emulate_memop+0x1a96>
    1b16:	48 01 bc 24 90 00 00 	add    %rdi,0x90(%rsp)
    1b1d:	00 
    1b1e:	e9 6a 0f 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1b23:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    1b27:	48 8b b4 24 90 00 00 	mov    0x90(%rsp),%rsi
    1b2e:	00 
    1b2f:	b8 01 00 00 00       	mov    $0x1,%eax
    1b34:	c1 e1 03             	shl    $0x3,%ecx
    1b37:	48 d3 e0             	shl    %cl,%rax
    1b3a:	48 8d 0c 37          	lea    (%rdi,%rsi,1),%rcx
    1b3e:	48 8d 50 ff          	lea    0xffffffffffffffff(%rax),%rdx
    1b42:	48 f7 d8             	neg    %rax
    1b45:	48 21 f0             	and    %rsi,%rax
    1b48:	48 21 ca             	and    %rcx,%rdx
    1b4b:	48 09 c2             	or     %rax,%rdx
    1b4e:	48 89 94 24 90 00 00 	mov    %rdx,0x90(%rsp)
    1b55:	00 
    1b56:	e9 32 0f 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xc0 ... 0xc1:
	      grp2:		/* Grp2 */
		switch (modrm_reg) {
    1b5b:	80 7c 24 20 07       	cmpb   $0x7,0x20(%rsp)
    1b60:	0f 87 27 0f 00 00    	ja     2a8d <x86_emulate_memop+0x2a00>
    1b66:	0f b6 44 24 20       	movzbl 0x20(%rsp),%eax
    1b6b:	44 8b 8c 24 f4 00 00 	mov    0xf4(%rsp),%r9d
    1b72:	00 
    1b73:	ff 24 c5 00 00 00 00 	jmpq   *0x0(,%rax,8)
			1b76: R_X86_64_32S	.rodata+0x80
		case 0:	/* rol */
			emulate_2op_SrcB("rol", src, dst, _eflags);
    1b7a:	41 83 f9 01          	cmp    $0x1,%r9d
    1b7e:	75 4a                	jne    1bca <x86_emulate_memop+0x1b3d>
    1b80:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1b87:	00 
    1b88:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1b8f:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1b94:	21 04 24             	and    %eax,(%rsp)
    1b97:	9c                   	pushfq 
    1b98:	f7 d0                	not    %eax
    1b9a:	21 04 24             	and    %eax,(%rsp)
    1b9d:	58                   	pop    %rax
    1b9e:	09 04 24             	or     %eax,(%rsp)
    1ba1:	9d                   	popfq  
    1ba2:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1ba7:	f7 d0                	not    %eax
    1ba9:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1bb0:	d2 84 24 f8 00 00 00 	rolb   %cl,0xf8(%rsp)
    1bb7:	9c                   	pushfq 
    1bb8:	58                   	pop    %rax
    1bb9:	25 d5 08 00 00       	and    $0x8d5,%eax
    1bbe:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1bc5:	e9 c3 0e 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1bca:	41 83 f9 04          	cmp    $0x4,%r9d
    1bce:	74 5f                	je     1c2f <x86_emulate_memop+0x1ba2>
    1bd0:	41 83 f9 08          	cmp    $0x8,%r9d
    1bd4:	0f 84 9f 00 00 00    	je     1c79 <x86_emulate_memop+0x1bec>
    1bda:	41 83 f9 02          	cmp    $0x2,%r9d
    1bde:	0f 85 a9 0e 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1be4:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1beb:	00 
    1bec:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1bf3:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1bf8:	21 04 24             	and    %eax,(%rsp)
    1bfb:	9c                   	pushfq 
    1bfc:	f7 d0                	not    %eax
    1bfe:	21 04 24             	and    %eax,(%rsp)
    1c01:	58                   	pop    %rax
    1c02:	09 04 24             	or     %eax,(%rsp)
    1c05:	9d                   	popfq  
    1c06:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1c0b:	f7 d0                	not    %eax
    1c0d:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1c14:	66 d3 84 24 f8 00 00 	rolw   %cl,0xf8(%rsp)
    1c1b:	00 
    1c1c:	9c                   	pushfq 
    1c1d:	58                   	pop    %rax
    1c1e:	25 d5 08 00 00       	and    $0x8d5,%eax
    1c23:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1c2a:	e9 5e 0e 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1c2f:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1c36:	00 
    1c37:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1c3e:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1c43:	21 04 24             	and    %eax,(%rsp)
    1c46:	9c                   	pushfq 
    1c47:	f7 d0                	not    %eax
    1c49:	21 04 24             	and    %eax,(%rsp)
    1c4c:	58                   	pop    %rax
    1c4d:	09 04 24             	or     %eax,(%rsp)
    1c50:	9d                   	popfq  
    1c51:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1c56:	f7 d0                	not    %eax
    1c58:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1c5f:	d3 84 24 f8 00 00 00 	roll   %cl,0xf8(%rsp)
    1c66:	9c                   	pushfq 
    1c67:	58                   	pop    %rax
    1c68:	25 d5 08 00 00       	and    $0x8d5,%eax
    1c6d:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1c74:	e9 14 0e 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1c79:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1c80:	00 
    1c81:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1c88:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1c8d:	21 04 24             	and    %eax,(%rsp)
    1c90:	9c                   	pushfq 
    1c91:	f7 d0                	not    %eax
    1c93:	21 04 24             	and    %eax,(%rsp)
    1c96:	58                   	pop    %rax
    1c97:	09 04 24             	or     %eax,(%rsp)
    1c9a:	9d                   	popfq  
    1c9b:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1ca0:	f7 d0                	not    %eax
    1ca2:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1ca9:	48 d3 84 24 f8 00 00 	rolq   %cl,0xf8(%rsp)
    1cb0:	00 
    1cb1:	9c                   	pushfq 
    1cb2:	58                   	pop    %rax
    1cb3:	25 d5 08 00 00       	and    $0x8d5,%eax
    1cb8:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1cbf:	e9 c9 0d 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 1:	/* ror */
			emulate_2op_SrcB("ror", src, dst, _eflags);
    1cc4:	41 83 f9 01          	cmp    $0x1,%r9d
    1cc8:	75 4a                	jne    1d14 <x86_emulate_memop+0x1c87>
    1cca:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1cd1:	00 
    1cd2:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1cd9:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1cde:	21 04 24             	and    %eax,(%rsp)
    1ce1:	9c                   	pushfq 
    1ce2:	f7 d0                	not    %eax
    1ce4:	21 04 24             	and    %eax,(%rsp)
    1ce7:	58                   	pop    %rax
    1ce8:	09 04 24             	or     %eax,(%rsp)
    1ceb:	9d                   	popfq  
    1cec:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1cf1:	f7 d0                	not    %eax
    1cf3:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1cfa:	d2 8c 24 f8 00 00 00 	rorb   %cl,0xf8(%rsp)
    1d01:	9c                   	pushfq 
    1d02:	58                   	pop    %rax
    1d03:	25 d5 08 00 00       	and    $0x8d5,%eax
    1d08:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1d0f:	e9 79 0d 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1d14:	41 83 f9 04          	cmp    $0x4,%r9d
    1d18:	74 5f                	je     1d79 <x86_emulate_memop+0x1cec>
    1d1a:	41 83 f9 08          	cmp    $0x8,%r9d
    1d1e:	0f 84 9f 00 00 00    	je     1dc3 <x86_emulate_memop+0x1d36>
    1d24:	41 83 f9 02          	cmp    $0x2,%r9d
    1d28:	0f 85 5f 0d 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1d2e:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1d35:	00 
    1d36:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1d3d:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1d42:	21 04 24             	and    %eax,(%rsp)
    1d45:	9c                   	pushfq 
    1d46:	f7 d0                	not    %eax
    1d48:	21 04 24             	and    %eax,(%rsp)
    1d4b:	58                   	pop    %rax
    1d4c:	09 04 24             	or     %eax,(%rsp)
    1d4f:	9d                   	popfq  
    1d50:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1d55:	f7 d0                	not    %eax
    1d57:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1d5e:	66 d3 8c 24 f8 00 00 	rorw   %cl,0xf8(%rsp)
    1d65:	00 
    1d66:	9c                   	pushfq 
    1d67:	58                   	pop    %rax
    1d68:	25 d5 08 00 00       	and    $0x8d5,%eax
    1d6d:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1d74:	e9 14 0d 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1d79:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1d80:	00 
    1d81:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1d88:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1d8d:	21 04 24             	and    %eax,(%rsp)
    1d90:	9c                   	pushfq 
    1d91:	f7 d0                	not    %eax
    1d93:	21 04 24             	and    %eax,(%rsp)
    1d96:	58                   	pop    %rax
    1d97:	09 04 24             	or     %eax,(%rsp)
    1d9a:	9d                   	popfq  
    1d9b:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1da0:	f7 d0                	not    %eax
    1da2:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1da9:	d3 8c 24 f8 00 00 00 	rorl   %cl,0xf8(%rsp)
    1db0:	9c                   	pushfq 
    1db1:	58                   	pop    %rax
    1db2:	25 d5 08 00 00       	and    $0x8d5,%eax
    1db7:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1dbe:	e9 ca 0c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1dc3:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1dca:	00 
    1dcb:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1dd2:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1dd7:	21 04 24             	and    %eax,(%rsp)
    1dda:	9c                   	pushfq 
    1ddb:	f7 d0                	not    %eax
    1ddd:	21 04 24             	and    %eax,(%rsp)
    1de0:	58                   	pop    %rax
    1de1:	09 04 24             	or     %eax,(%rsp)
    1de4:	9d                   	popfq  
    1de5:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1dea:	f7 d0                	not    %eax
    1dec:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1df3:	48 d3 8c 24 f8 00 00 	rorq   %cl,0xf8(%rsp)
    1dfa:	00 
    1dfb:	9c                   	pushfq 
    1dfc:	58                   	pop    %rax
    1dfd:	25 d5 08 00 00       	and    $0x8d5,%eax
    1e02:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1e09:	e9 7f 0c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 2:	/* rcl */
			emulate_2op_SrcB("rcl", src, dst, _eflags);
    1e0e:	41 83 f9 01          	cmp    $0x1,%r9d
    1e12:	75 4a                	jne    1e5e <x86_emulate_memop+0x1dd1>
    1e14:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1e1b:	00 
    1e1c:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1e23:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1e28:	21 04 24             	and    %eax,(%rsp)
    1e2b:	9c                   	pushfq 
    1e2c:	f7 d0                	not    %eax
    1e2e:	21 04 24             	and    %eax,(%rsp)
    1e31:	58                   	pop    %rax
    1e32:	09 04 24             	or     %eax,(%rsp)
    1e35:	9d                   	popfq  
    1e36:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1e3b:	f7 d0                	not    %eax
    1e3d:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1e44:	d2 94 24 f8 00 00 00 	rclb   %cl,0xf8(%rsp)
    1e4b:	9c                   	pushfq 
    1e4c:	58                   	pop    %rax
    1e4d:	25 d5 08 00 00       	and    $0x8d5,%eax
    1e52:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1e59:	e9 2f 0c 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1e5e:	41 83 f9 04          	cmp    $0x4,%r9d
    1e62:	74 5f                	je     1ec3 <x86_emulate_memop+0x1e36>
    1e64:	41 83 f9 08          	cmp    $0x8,%r9d
    1e68:	0f 84 9f 00 00 00    	je     1f0d <x86_emulate_memop+0x1e80>
    1e6e:	41 83 f9 02          	cmp    $0x2,%r9d
    1e72:	0f 85 15 0c 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1e78:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1e7f:	00 
    1e80:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1e87:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1e8c:	21 04 24             	and    %eax,(%rsp)
    1e8f:	9c                   	pushfq 
    1e90:	f7 d0                	not    %eax
    1e92:	21 04 24             	and    %eax,(%rsp)
    1e95:	58                   	pop    %rax
    1e96:	09 04 24             	or     %eax,(%rsp)
    1e99:	9d                   	popfq  
    1e9a:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1e9f:	f7 d0                	not    %eax
    1ea1:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1ea8:	66 d3 94 24 f8 00 00 	rclw   %cl,0xf8(%rsp)
    1eaf:	00 
    1eb0:	9c                   	pushfq 
    1eb1:	58                   	pop    %rax
    1eb2:	25 d5 08 00 00       	and    $0x8d5,%eax
    1eb7:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1ebe:	e9 ca 0b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1ec3:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1eca:	00 
    1ecb:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1ed2:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1ed7:	21 04 24             	and    %eax,(%rsp)
    1eda:	9c                   	pushfq 
    1edb:	f7 d0                	not    %eax
    1edd:	21 04 24             	and    %eax,(%rsp)
    1ee0:	58                   	pop    %rax
    1ee1:	09 04 24             	or     %eax,(%rsp)
    1ee4:	9d                   	popfq  
    1ee5:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1eea:	f7 d0                	not    %eax
    1eec:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1ef3:	d3 94 24 f8 00 00 00 	rcll   %cl,0xf8(%rsp)
    1efa:	9c                   	pushfq 
    1efb:	58                   	pop    %rax
    1efc:	25 d5 08 00 00       	and    $0x8d5,%eax
    1f01:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1f08:	e9 80 0b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1f0d:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1f14:	00 
    1f15:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1f1c:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1f21:	21 04 24             	and    %eax,(%rsp)
    1f24:	9c                   	pushfq 
    1f25:	f7 d0                	not    %eax
    1f27:	21 04 24             	and    %eax,(%rsp)
    1f2a:	58                   	pop    %rax
    1f2b:	09 04 24             	or     %eax,(%rsp)
    1f2e:	9d                   	popfq  
    1f2f:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1f34:	f7 d0                	not    %eax
    1f36:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1f3d:	48 d3 94 24 f8 00 00 	rclq   %cl,0xf8(%rsp)
    1f44:	00 
    1f45:	9c                   	pushfq 
    1f46:	58                   	pop    %rax
    1f47:	25 d5 08 00 00       	and    $0x8d5,%eax
    1f4c:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1f53:	e9 35 0b 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 3:	/* rcr */
			emulate_2op_SrcB("rcr", src, dst, _eflags);
    1f58:	41 83 f9 01          	cmp    $0x1,%r9d
    1f5c:	75 4a                	jne    1fa8 <x86_emulate_memop+0x1f1b>
    1f5e:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1f65:	00 
    1f66:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1f6d:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1f72:	21 04 24             	and    %eax,(%rsp)
    1f75:	9c                   	pushfq 
    1f76:	f7 d0                	not    %eax
    1f78:	21 04 24             	and    %eax,(%rsp)
    1f7b:	58                   	pop    %rax
    1f7c:	09 04 24             	or     %eax,(%rsp)
    1f7f:	9d                   	popfq  
    1f80:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1f85:	f7 d0                	not    %eax
    1f87:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1f8e:	d2 9c 24 f8 00 00 00 	rcrb   %cl,0xf8(%rsp)
    1f95:	9c                   	pushfq 
    1f96:	58                   	pop    %rax
    1f97:	25 d5 08 00 00       	and    $0x8d5,%eax
    1f9c:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    1fa3:	e9 e5 0a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    1fa8:	41 83 f9 04          	cmp    $0x4,%r9d
    1fac:	74 5f                	je     200d <x86_emulate_memop+0x1f80>
    1fae:	41 83 f9 08          	cmp    $0x8,%r9d
    1fb2:	0f 84 9f 00 00 00    	je     2057 <x86_emulate_memop+0x1fca>
    1fb8:	41 83 f9 02          	cmp    $0x2,%r9d
    1fbc:	0f 85 cb 0a 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    1fc2:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    1fc9:	00 
    1fca:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    1fd1:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1fd6:	21 04 24             	and    %eax,(%rsp)
    1fd9:	9c                   	pushfq 
    1fda:	f7 d0                	not    %eax
    1fdc:	21 04 24             	and    %eax,(%rsp)
    1fdf:	58                   	pop    %rax
    1fe0:	09 04 24             	or     %eax,(%rsp)
    1fe3:	9d                   	popfq  
    1fe4:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    1fe9:	f7 d0                	not    %eax
    1feb:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    1ff2:	66 d3 9c 24 f8 00 00 	rcrw   %cl,0xf8(%rsp)
    1ff9:	00 
    1ffa:	9c                   	pushfq 
    1ffb:	58                   	pop    %rax
    1ffc:	25 d5 08 00 00       	and    $0x8d5,%eax
    2001:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2008:	e9 80 0a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    200d:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    2014:	00 
    2015:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    201c:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2021:	21 04 24             	and    %eax,(%rsp)
    2024:	9c                   	pushfq 
    2025:	f7 d0                	not    %eax
    2027:	21 04 24             	and    %eax,(%rsp)
    202a:	58                   	pop    %rax
    202b:	09 04 24             	or     %eax,(%rsp)
    202e:	9d                   	popfq  
    202f:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2034:	f7 d0                	not    %eax
    2036:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    203d:	d3 9c 24 f8 00 00 00 	rcrl   %cl,0xf8(%rsp)
    2044:	9c                   	pushfq 
    2045:	58                   	pop    %rax
    2046:	25 d5 08 00 00       	and    $0x8d5,%eax
    204b:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2052:	e9 36 0a 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2057:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    205e:	00 
    205f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2066:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    206b:	21 04 24             	and    %eax,(%rsp)
    206e:	9c                   	pushfq 
    206f:	f7 d0                	not    %eax
    2071:	21 04 24             	and    %eax,(%rsp)
    2074:	58                   	pop    %rax
    2075:	09 04 24             	or     %eax,(%rsp)
    2078:	9d                   	popfq  
    2079:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    207e:	f7 d0                	not    %eax
    2080:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2087:	48 d3 9c 24 f8 00 00 	rcrq   %cl,0xf8(%rsp)
    208e:	00 
    208f:	9c                   	pushfq 
    2090:	58                   	pop    %rax
    2091:	25 d5 08 00 00       	and    $0x8d5,%eax
    2096:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    209d:	e9 eb 09 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 4:	/* sal/shl */
		case 6:	/* sal/shl */
			emulate_2op_SrcB("sal", src, dst, _eflags);
    20a2:	41 83 f9 01          	cmp    $0x1,%r9d
    20a6:	75 4a                	jne    20f2 <x86_emulate_memop+0x2065>
    20a8:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    20af:	00 
    20b0:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    20b7:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    20bc:	21 04 24             	and    %eax,(%rsp)
    20bf:	9c                   	pushfq 
    20c0:	f7 d0                	not    %eax
    20c2:	21 04 24             	and    %eax,(%rsp)
    20c5:	58                   	pop    %rax
    20c6:	09 04 24             	or     %eax,(%rsp)
    20c9:	9d                   	popfq  
    20ca:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    20cf:	f7 d0                	not    %eax
    20d1:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    20d8:	d2 a4 24 f8 00 00 00 	shlb   %cl,0xf8(%rsp)
    20df:	9c                   	pushfq 
    20e0:	58                   	pop    %rax
    20e1:	25 d5 08 00 00       	and    $0x8d5,%eax
    20e6:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    20ed:	e9 9b 09 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    20f2:	41 83 f9 04          	cmp    $0x4,%r9d
    20f6:	74 5f                	je     2157 <x86_emulate_memop+0x20ca>
    20f8:	41 83 f9 08          	cmp    $0x8,%r9d
    20fc:	0f 84 9f 00 00 00    	je     21a1 <x86_emulate_memop+0x2114>
    2102:	41 83 f9 02          	cmp    $0x2,%r9d
    2106:	0f 85 81 09 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    210c:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    2113:	00 
    2114:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    211b:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2120:	21 04 24             	and    %eax,(%rsp)
    2123:	9c                   	pushfq 
    2124:	f7 d0                	not    %eax
    2126:	21 04 24             	and    %eax,(%rsp)
    2129:	58                   	pop    %rax
    212a:	09 04 24             	or     %eax,(%rsp)
    212d:	9d                   	popfq  
    212e:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2133:	f7 d0                	not    %eax
    2135:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    213c:	66 d3 a4 24 f8 00 00 	shlw   %cl,0xf8(%rsp)
    2143:	00 
    2144:	9c                   	pushfq 
    2145:	58                   	pop    %rax
    2146:	25 d5 08 00 00       	and    $0x8d5,%eax
    214b:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2152:	e9 36 09 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2157:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    215e:	00 
    215f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2166:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    216b:	21 04 24             	and    %eax,(%rsp)
    216e:	9c                   	pushfq 
    216f:	f7 d0                	not    %eax
    2171:	21 04 24             	and    %eax,(%rsp)
    2174:	58                   	pop    %rax
    2175:	09 04 24             	or     %eax,(%rsp)
    2178:	9d                   	popfq  
    2179:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    217e:	f7 d0                	not    %eax
    2180:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2187:	d3 a4 24 f8 00 00 00 	shll   %cl,0xf8(%rsp)
    218e:	9c                   	pushfq 
    218f:	58                   	pop    %rax
    2190:	25 d5 08 00 00       	and    $0x8d5,%eax
    2195:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    219c:	e9 ec 08 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    21a1:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    21a8:	00 
    21a9:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    21b0:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    21b5:	21 04 24             	and    %eax,(%rsp)
    21b8:	9c                   	pushfq 
    21b9:	f7 d0                	not    %eax
    21bb:	21 04 24             	and    %eax,(%rsp)
    21be:	58                   	pop    %rax
    21bf:	09 04 24             	or     %eax,(%rsp)
    21c2:	9d                   	popfq  
    21c3:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    21c8:	f7 d0                	not    %eax
    21ca:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    21d1:	48 d3 a4 24 f8 00 00 	shlq   %cl,0xf8(%rsp)
    21d8:	00 
    21d9:	9c                   	pushfq 
    21da:	58                   	pop    %rax
    21db:	25 d5 08 00 00       	and    $0x8d5,%eax
    21e0:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    21e7:	e9 a1 08 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 5:	/* shr */
			emulate_2op_SrcB("shr", src, dst, _eflags);
    21ec:	41 83 f9 01          	cmp    $0x1,%r9d
    21f0:	75 4a                	jne    223c <x86_emulate_memop+0x21af>
    21f2:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    21f9:	00 
    21fa:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2201:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2206:	21 04 24             	and    %eax,(%rsp)
    2209:	9c                   	pushfq 
    220a:	f7 d0                	not    %eax
    220c:	21 04 24             	and    %eax,(%rsp)
    220f:	58                   	pop    %rax
    2210:	09 04 24             	or     %eax,(%rsp)
    2213:	9d                   	popfq  
    2214:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2219:	f7 d0                	not    %eax
    221b:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2222:	d2 ac 24 f8 00 00 00 	shrb   %cl,0xf8(%rsp)
    2229:	9c                   	pushfq 
    222a:	58                   	pop    %rax
    222b:	25 d5 08 00 00       	and    $0x8d5,%eax
    2230:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2237:	e9 51 08 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    223c:	41 83 f9 04          	cmp    $0x4,%r9d
    2240:	74 5f                	je     22a1 <x86_emulate_memop+0x2214>
    2242:	41 83 f9 08          	cmp    $0x8,%r9d
    2246:	0f 84 9f 00 00 00    	je     22eb <x86_emulate_memop+0x225e>
    224c:	41 83 f9 02          	cmp    $0x2,%r9d
    2250:	0f 85 37 08 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    2256:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    225d:	00 
    225e:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2265:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    226a:	21 04 24             	and    %eax,(%rsp)
    226d:	9c                   	pushfq 
    226e:	f7 d0                	not    %eax
    2270:	21 04 24             	and    %eax,(%rsp)
    2273:	58                   	pop    %rax
    2274:	09 04 24             	or     %eax,(%rsp)
    2277:	9d                   	popfq  
    2278:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    227d:	f7 d0                	not    %eax
    227f:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2286:	66 d3 ac 24 f8 00 00 	shrw   %cl,0xf8(%rsp)
    228d:	00 
    228e:	9c                   	pushfq 
    228f:	58                   	pop    %rax
    2290:	25 d5 08 00 00       	and    $0x8d5,%eax
    2295:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    229c:	e9 ec 07 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    22a1:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    22a8:	00 
    22a9:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    22b0:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    22b5:	21 04 24             	and    %eax,(%rsp)
    22b8:	9c                   	pushfq 
    22b9:	f7 d0                	not    %eax
    22bb:	21 04 24             	and    %eax,(%rsp)
    22be:	58                   	pop    %rax
    22bf:	09 04 24             	or     %eax,(%rsp)
    22c2:	9d                   	popfq  
    22c3:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    22c8:	f7 d0                	not    %eax
    22ca:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    22d1:	d3 ac 24 f8 00 00 00 	shrl   %cl,0xf8(%rsp)
    22d8:	9c                   	pushfq 
    22d9:	58                   	pop    %rax
    22da:	25 d5 08 00 00       	and    $0x8d5,%eax
    22df:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    22e6:	e9 a2 07 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    22eb:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    22f2:	00 
    22f3:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    22fa:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    22ff:	21 04 24             	and    %eax,(%rsp)
    2302:	9c                   	pushfq 
    2303:	f7 d0                	not    %eax
    2305:	21 04 24             	and    %eax,(%rsp)
    2308:	58                   	pop    %rax
    2309:	09 04 24             	or     %eax,(%rsp)
    230c:	9d                   	popfq  
    230d:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2312:	f7 d0                	not    %eax
    2314:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    231b:	48 d3 ac 24 f8 00 00 	shrq   %cl,0xf8(%rsp)
    2322:	00 
    2323:	9c                   	pushfq 
    2324:	58                   	pop    %rax
    2325:	25 d5 08 00 00       	and    $0x8d5,%eax
    232a:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2331:	e9 57 07 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 7:	/* sar */
			emulate_2op_SrcB("sar", src, dst, _eflags);
    2336:	41 83 f9 01          	cmp    $0x1,%r9d
    233a:	75 4a                	jne    2386 <x86_emulate_memop+0x22f9>
    233c:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    2343:	00 
    2344:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    234b:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2350:	21 04 24             	and    %eax,(%rsp)
    2353:	9c                   	pushfq 
    2354:	f7 d0                	not    %eax
    2356:	21 04 24             	and    %eax,(%rsp)
    2359:	58                   	pop    %rax
    235a:	09 04 24             	or     %eax,(%rsp)
    235d:	9d                   	popfq  
    235e:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2363:	f7 d0                	not    %eax
    2365:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    236c:	d2 bc 24 f8 00 00 00 	sarb   %cl,0xf8(%rsp)
    2373:	9c                   	pushfq 
    2374:	58                   	pop    %rax
    2375:	25 d5 08 00 00       	and    $0x8d5,%eax
    237a:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2381:	e9 07 07 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2386:	41 83 f9 04          	cmp    $0x4,%r9d
    238a:	74 5f                	je     23eb <x86_emulate_memop+0x235e>
    238c:	41 83 f9 08          	cmp    $0x8,%r9d
    2390:	0f 84 9f 00 00 00    	je     2435 <x86_emulate_memop+0x23a8>
    2396:	41 83 f9 02          	cmp    $0x2,%r9d
    239a:	0f 85 ed 06 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    23a0:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    23a7:	00 
    23a8:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    23af:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    23b4:	21 04 24             	and    %eax,(%rsp)
    23b7:	9c                   	pushfq 
    23b8:	f7 d0                	not    %eax
    23ba:	21 04 24             	and    %eax,(%rsp)
    23bd:	58                   	pop    %rax
    23be:	09 04 24             	or     %eax,(%rsp)
    23c1:	9d                   	popfq  
    23c2:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    23c7:	f7 d0                	not    %eax
    23c9:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    23d0:	66 d3 bc 24 f8 00 00 	sarw   %cl,0xf8(%rsp)
    23d7:	00 
    23d8:	9c                   	pushfq 
    23d9:	58                   	pop    %rax
    23da:	25 d5 08 00 00       	and    $0x8d5,%eax
    23df:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    23e6:	e9 a2 06 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    23eb:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    23f2:	00 
    23f3:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    23fa:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    23ff:	21 04 24             	and    %eax,(%rsp)
    2402:	9c                   	pushfq 
    2403:	f7 d0                	not    %eax
    2405:	21 04 24             	and    %eax,(%rsp)
    2408:	58                   	pop    %rax
    2409:	09 04 24             	or     %eax,(%rsp)
    240c:	9d                   	popfq  
    240d:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2412:	f7 d0                	not    %eax
    2414:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    241b:	d3 bc 24 f8 00 00 00 	sarl   %cl,0xf8(%rsp)
    2422:	9c                   	pushfq 
    2423:	58                   	pop    %rax
    2424:	25 d5 08 00 00       	and    $0x8d5,%eax
    2429:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2430:	e9 58 06 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2435:	48 8b 8c 24 18 01 00 	mov    0x118(%rsp),%rcx
    243c:	00 
    243d:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2444:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2449:	21 04 24             	and    %eax,(%rsp)
    244c:	9c                   	pushfq 
    244d:	f7 d0                	not    %eax
    244f:	21 04 24             	and    %eax,(%rsp)
    2452:	58                   	pop    %rax
    2453:	09 04 24             	or     %eax,(%rsp)
    2456:	9d                   	popfq  
    2457:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    245c:	f7 d0                	not    %eax
    245e:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2465:	48 d3 bc 24 f8 00 00 	sarq   %cl,0xf8(%rsp)
    246c:	00 
    246d:	9c                   	pushfq 
    246e:	58                   	pop    %rax
    246f:	25 d5 08 00 00       	and    $0x8d5,%eax
    2474:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    247b:	e9 0d 06 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		}
		break;
	case 0xd0 ... 0xd1:	/* Grp2 */
		src.val = 1;
    2480:	48 c7 84 24 18 01 00 	movq   $0x1,0x118(%rsp)
    2487:	00 01 00 00 00 
    248c:	e9 ca f6 ff ff       	jmpq   1b5b <x86_emulate_memop+0x1ace>
		goto grp2;
	case 0xd2 ... 0xd3:	/* Grp2 */
		src.val = _regs[VCPU_REGS_RCX];
    2491:	48 8b 44 24 78       	mov    0x78(%rsp),%rax
    2496:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    249d:	00 
    249e:	e9 b8 f6 ff ff       	jmpq   1b5b <x86_emulate_memop+0x1ace>
		goto grp2;
	case 0xf6 ... 0xf7:	/* Grp3 */
		switch (modrm_reg) {
    24a3:	80 7c 24 20 02       	cmpb   $0x2,0x20(%rsp)
    24a8:	0f 84 3b 01 00 00    	je     25e9 <x86_emulate_memop+0x255c>
    24ae:	72 10                	jb     24c0 <x86_emulate_memop+0x2433>
    24b0:	80 7c 24 20 03       	cmpb   $0x3,0x20(%rsp)
    24b5:	0f 85 96 16 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    24bb:	e9 36 01 00 00       	jmpq   25f6 <x86_emulate_memop+0x2569>
		case 0 ... 1:	/* test */
			/*
			 * Special case in Grp3: test has an immediate
			 * source operand.
			 */
			src.type = OP_IMM;
			src.ptr = (unsigned long *)_eip;
			src.bytes = (d & ByteOp) ? 1 : op_bytes;
    24c0:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    24c5:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
    24cc:	00 
    24cd:	c7 84 24 10 01 00 00 	movl   $0x2,0x110(%rsp)
    24d4:	02 00 00 00 
    24d8:	48 89 bc 24 28 01 00 	mov    %rdi,0x128(%rsp)
    24df:	00 
    24e0:	0f 85 80 16 00 00    	jne    3b66 <x86_emulate_memop+0x3ad9>
    24e6:	8b 54 24 6c          	mov    0x6c(%rsp),%edx
			if (src.bytes == 8)
    24ea:	83 fa 08             	cmp    $0x8,%edx
    24ed:	89 94 24 14 01 00 00 	mov    %edx,0x114(%rsp)
    24f4:	75 10                	jne    2506 <x86_emulate_memop+0x2479>
				src.bytes = 4;
    24f6:	c7 84 24 14 01 00 00 	movl   $0x4,0x114(%rsp)
    24fd:	04 00 00 00 
    2501:	e9 97 00 00 00       	jmpq   259d <x86_emulate_memop+0x2510>
			switch (src.bytes) {
    2506:	83 7c 24 6c 02       	cmpl   $0x2,0x6c(%rsp)
    250b:	74 56                	je     2563 <x86_emulate_memop+0x24d6>
    250d:	83 7c 24 6c 04       	cmpl   $0x4,0x6c(%rsp)
    2512:	0f 84 85 00 00 00    	je     259d <x86_emulate_memop+0x2510>
    2518:	83 7c 24 6c 01       	cmpl   $0x1,0x6c(%rsp)
    251d:	0f 85 51 f3 ff ff    	jne    1874 <x86_emulate_memop+0x17e7>
			case 1:
				src.val = insn_fetch(s8, 1, _eip);
    2523:	48 8b 1c 24          	mov    (%rsp),%rbx
    2527:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
    252e:	00 
    252f:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
    2536:	00 
    2537:	49 03 7d 20          	add    0x20(%r13),%rdi
    253b:	4c 89 e9             	mov    %r13,%rcx
    253e:	ba 01 00 00 00       	mov    $0x1,%edx
    2543:	ff 13                	callq  *(%rbx)
    2545:	85 c0                	test   %eax,%eax
    2547:	41 89 c7             	mov    %eax,%r15d
    254a:	0f 85 54 06 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
    2550:	48 ff 84 24 50 01 00 	incq   0x150(%rsp)
    2557:	00 
    2558:	48 0f be 84 24 38 01 	movsbq 0x138(%rsp),%rax
    255f:	00 00 
    2561:	eb 79                	jmp    25dc <x86_emulate_memop+0x254f>
				break;
			case 2:
				src.val = insn_fetch(s16, 2, _eip);
    2563:	48 8b 2c 24          	mov    (%rsp),%rbp
    2567:	49 03 7d 20          	add    0x20(%r13),%rdi
    256b:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
    2572:	00 
    2573:	4c 89 e9             	mov    %r13,%rcx
    2576:	ba 02 00 00 00       	mov    $0x2,%edx
    257b:	ff 55 00             	callq  *0x0(%rbp)
    257e:	85 c0                	test   %eax,%eax
    2580:	41 89 c7             	mov    %eax,%r15d
    2583:	0f 85 1b 06 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
    2589:	48 83 84 24 50 01 00 	addq   $0x2,0x150(%rsp)
    2590:	00 02 
    2592:	48 0f bf 84 24 38 01 	movswq 0x138(%rsp),%rax
    2599:	00 00 
    259b:	eb 3f                	jmp    25dc <x86_emulate_memop+0x254f>
				break;
			case 4:
				src.val = insn_fetch(s32, 4, _eip);
    259d:	4c 8b 04 24          	mov    (%rsp),%r8
    25a1:	48 8b bc 24 50 01 00 	mov    0x150(%rsp),%rdi
    25a8:	00 
    25a9:	48 8d b4 24 38 01 00 	lea    0x138(%rsp),%rsi
    25b0:	00 
    25b1:	49 03 7d 20          	add    0x20(%r13),%rdi
    25b5:	4c 89 e9             	mov    %r13,%rcx
    25b8:	ba 04 00 00 00       	mov    $0x4,%edx
    25bd:	41 ff 10             	callq  *(%r8)
    25c0:	85 c0                	test   %eax,%eax
    25c2:	41 89 c7             	mov    %eax,%r15d
    25c5:	0f 85 d9 05 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
    25cb:	48 83 84 24 50 01 00 	addq   $0x4,0x150(%rsp)
    25d2:	00 04 
    25d4:	48 63 84 24 38 01 00 	movslq 0x138(%rsp),%rax
    25db:	00 
    25dc:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    25e3:	00 
    25e4:	e9 8b f2 ff ff       	jmpq   1874 <x86_emulate_memop+0x17e7>
				break;
			}
			goto test;
		case 2:	/* not */
			dst.val = ~dst.val;
    25e9:	48 f7 94 24 f8 00 00 	notq   0xf8(%rsp)
    25f0:	00 
    25f1:	e9 97 04 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 3:	/* neg */
			emulate_1op("neg", dst, _eflags);
    25f6:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    25fd:	83 f8 02             	cmp    $0x2,%eax
    2600:	74 65                	je     2667 <x86_emulate_memop+0x25da>
    2602:	77 0a                	ja     260e <x86_emulate_memop+0x2581>
    2604:	ff c8                	dec    %eax
    2606:	0f 85 81 04 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    260c:	eb 17                	jmp    2625 <x86_emulate_memop+0x2598>
    260e:	83 f8 04             	cmp    $0x4,%eax
    2611:	0f 84 93 00 00 00    	je     26aa <x86_emulate_memop+0x261d>
    2617:	83 f8 08             	cmp    $0x8,%eax
    261a:	0f 85 6d 04 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    2620:	e9 c7 00 00 00       	jmpq   26ec <x86_emulate_memop+0x265f>
    2625:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    262c:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2631:	21 04 24             	and    %eax,(%rsp)
    2634:	9c                   	pushfq 
    2635:	f7 d0                	not    %eax
    2637:	21 04 24             	and    %eax,(%rsp)
    263a:	58                   	pop    %rax
    263b:	09 04 24             	or     %eax,(%rsp)
    263e:	9d                   	popfq  
    263f:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2644:	f7 d0                	not    %eax
    2646:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    264d:	f6 9c 24 f8 00 00 00 	negb   0xf8(%rsp)
    2654:	9c                   	pushfq 
    2655:	58                   	pop    %rax
    2656:	25 d5 08 00 00       	and    $0x8d5,%eax
    265b:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2662:	e9 26 04 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2667:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    266e:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2673:	21 04 24             	and    %eax,(%rsp)
    2676:	9c                   	pushfq 
    2677:	f7 d0                	not    %eax
    2679:	21 04 24             	and    %eax,(%rsp)
    267c:	58                   	pop    %rax
    267d:	09 04 24             	or     %eax,(%rsp)
    2680:	9d                   	popfq  
    2681:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2686:	f7 d0                	not    %eax
    2688:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    268f:	66 f7 9c 24 f8 00 00 	negw   0xf8(%rsp)
    2696:	00 
    2697:	9c                   	pushfq 
    2698:	58                   	pop    %rax
    2699:	25 d5 08 00 00       	and    $0x8d5,%eax
    269e:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    26a5:	e9 e3 03 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    26aa:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    26b1:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    26b6:	21 04 24             	and    %eax,(%rsp)
    26b9:	9c                   	pushfq 
    26ba:	f7 d0                	not    %eax
    26bc:	21 04 24             	and    %eax,(%rsp)
    26bf:	58                   	pop    %rax
    26c0:	09 04 24             	or     %eax,(%rsp)
    26c3:	9d                   	popfq  
    26c4:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    26c9:	f7 d0                	not    %eax
    26cb:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    26d2:	f7 9c 24 f8 00 00 00 	negl   0xf8(%rsp)
    26d9:	9c                   	pushfq 
    26da:	58                   	pop    %rax
    26db:	25 d5 08 00 00       	and    $0x8d5,%eax
    26e0:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    26e7:	e9 a1 03 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    26ec:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    26f3:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    26f8:	21 04 24             	and    %eax,(%rsp)
    26fb:	9c                   	pushfq 
    26fc:	f7 d0                	not    %eax
    26fe:	21 04 24             	and    %eax,(%rsp)
    2701:	58                   	pop    %rax
    2702:	09 04 24             	or     %eax,(%rsp)
    2705:	9d                   	popfq  
    2706:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    270b:	f7 d0                	not    %eax
    270d:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2714:	48 f7 9c 24 f8 00 00 	negq   0xf8(%rsp)
    271b:	00 
    271c:	9c                   	pushfq 
    271d:	58                   	pop    %rax
    271e:	25 d5 08 00 00       	and    $0x8d5,%eax
    2723:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    272a:	e9 5e 03 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		default:
			goto cannot_emulate;
		}
		break;
	case 0xfe ... 0xff:	/* Grp4/Grp5 */
		switch (modrm_reg) {
    272f:	80 7c 24 20 01       	cmpb   $0x1,0x20(%rsp)
    2734:	0f 84 4b 01 00 00    	je     2885 <x86_emulate_memop+0x27f8>
    273a:	72 10                	jb     274c <x86_emulate_memop+0x26bf>
    273c:	80 7c 24 20 06       	cmpb   $0x6,0x20(%rsp)
    2741:	0f 85 0a 14 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    2747:	e9 72 02 00 00       	jmpq   29be <x86_emulate_memop+0x2931>
		case 0:	/* inc */
			emulate_1op("inc", dst, _eflags);
    274c:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    2753:	83 f8 02             	cmp    $0x2,%eax
    2756:	74 65                	je     27bd <x86_emulate_memop+0x2730>
    2758:	77 0a                	ja     2764 <x86_emulate_memop+0x26d7>
    275a:	ff c8                	dec    %eax
    275c:	0f 85 2b 03 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    2762:	eb 17                	jmp    277b <x86_emulate_memop+0x26ee>
    2764:	83 f8 04             	cmp    $0x4,%eax
    2767:	0f 84 93 00 00 00    	je     2800 <x86_emulate_memop+0x2773>
    276d:	83 f8 08             	cmp    $0x8,%eax
    2770:	0f 85 17 03 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    2776:	e9 c7 00 00 00       	jmpq   2842 <x86_emulate_memop+0x27b5>
    277b:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2782:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2787:	21 04 24             	and    %eax,(%rsp)
    278a:	9c                   	pushfq 
    278b:	f7 d0                	not    %eax
    278d:	21 04 24             	and    %eax,(%rsp)
    2790:	58                   	pop    %rax
    2791:	09 04 24             	or     %eax,(%rsp)
    2794:	9d                   	popfq  
    2795:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    279a:	f7 d0                	not    %eax
    279c:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    27a3:	fe 84 24 f8 00 00 00 	incb   0xf8(%rsp)
    27aa:	9c                   	pushfq 
    27ab:	58                   	pop    %rax
    27ac:	25 d5 08 00 00       	and    $0x8d5,%eax
    27b1:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    27b8:	e9 d0 02 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    27bd:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    27c4:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    27c9:	21 04 24             	and    %eax,(%rsp)
    27cc:	9c                   	pushfq 
    27cd:	f7 d0                	not    %eax
    27cf:	21 04 24             	and    %eax,(%rsp)
    27d2:	58                   	pop    %rax
    27d3:	09 04 24             	or     %eax,(%rsp)
    27d6:	9d                   	popfq  
    27d7:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    27dc:	f7 d0                	not    %eax
    27de:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    27e5:	66 ff 84 24 f8 00 00 	incw   0xf8(%rsp)
    27ec:	00 
    27ed:	9c                   	pushfq 
    27ee:	58                   	pop    %rax
    27ef:	25 d5 08 00 00       	and    $0x8d5,%eax
    27f4:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    27fb:	e9 8d 02 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2800:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2807:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    280c:	21 04 24             	and    %eax,(%rsp)
    280f:	9c                   	pushfq 
    2810:	f7 d0                	not    %eax
    2812:	21 04 24             	and    %eax,(%rsp)
    2815:	58                   	pop    %rax
    2816:	09 04 24             	or     %eax,(%rsp)
    2819:	9d                   	popfq  
    281a:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    281f:	f7 d0                	not    %eax
    2821:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2828:	ff 84 24 f8 00 00 00 	incl   0xf8(%rsp)
    282f:	9c                   	pushfq 
    2830:	58                   	pop    %rax
    2831:	25 d5 08 00 00       	and    $0x8d5,%eax
    2836:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    283d:	e9 4b 02 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2842:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2849:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    284e:	21 04 24             	and    %eax,(%rsp)
    2851:	9c                   	pushfq 
    2852:	f7 d0                	not    %eax
    2854:	21 04 24             	and    %eax,(%rsp)
    2857:	58                   	pop    %rax
    2858:	09 04 24             	or     %eax,(%rsp)
    285b:	9d                   	popfq  
    285c:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2861:	f7 d0                	not    %eax
    2863:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    286a:	48 ff 84 24 f8 00 00 	incq   0xf8(%rsp)
    2871:	00 
    2872:	9c                   	pushfq 
    2873:	58                   	pop    %rax
    2874:	25 d5 08 00 00       	and    $0x8d5,%eax
    2879:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2880:	e9 08 02 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 1:	/* dec */
			emulate_1op("dec", dst, _eflags);
    2885:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    288c:	83 f8 02             	cmp    $0x2,%eax
    288f:	74 65                	je     28f6 <x86_emulate_memop+0x2869>
    2891:	77 0a                	ja     289d <x86_emulate_memop+0x2810>
    2893:	ff c8                	dec    %eax
    2895:	0f 85 f2 01 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    289b:	eb 17                	jmp    28b4 <x86_emulate_memop+0x2827>
    289d:	83 f8 04             	cmp    $0x4,%eax
    28a0:	0f 84 93 00 00 00    	je     2939 <x86_emulate_memop+0x28ac>
    28a6:	83 f8 08             	cmp    $0x8,%eax
    28a9:	0f 85 de 01 00 00    	jne    2a8d <x86_emulate_memop+0x2a00>
    28af:	e9 c7 00 00 00       	jmpq   297b <x86_emulate_memop+0x28ee>
    28b4:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    28bb:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    28c0:	21 04 24             	and    %eax,(%rsp)
    28c3:	9c                   	pushfq 
    28c4:	f7 d0                	not    %eax
    28c6:	21 04 24             	and    %eax,(%rsp)
    28c9:	58                   	pop    %rax
    28ca:	09 04 24             	or     %eax,(%rsp)
    28cd:	9d                   	popfq  
    28ce:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    28d3:	f7 d0                	not    %eax
    28d5:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    28dc:	fe 8c 24 f8 00 00 00 	decb   0xf8(%rsp)
    28e3:	9c                   	pushfq 
    28e4:	58                   	pop    %rax
    28e5:	25 d5 08 00 00       	and    $0x8d5,%eax
    28ea:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    28f1:	e9 97 01 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    28f6:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    28fd:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2902:	21 04 24             	and    %eax,(%rsp)
    2905:	9c                   	pushfq 
    2906:	f7 d0                	not    %eax
    2908:	21 04 24             	and    %eax,(%rsp)
    290b:	58                   	pop    %rax
    290c:	09 04 24             	or     %eax,(%rsp)
    290f:	9d                   	popfq  
    2910:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2915:	f7 d0                	not    %eax
    2917:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    291e:	66 ff 8c 24 f8 00 00 	decw   0xf8(%rsp)
    2925:	00 
    2926:	9c                   	pushfq 
    2927:	58                   	pop    %rax
    2928:	25 d5 08 00 00       	and    $0x8d5,%eax
    292d:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2934:	e9 54 01 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2939:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2940:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2945:	21 04 24             	and    %eax,(%rsp)
    2948:	9c                   	pushfq 
    2949:	f7 d0                	not    %eax
    294b:	21 04 24             	and    %eax,(%rsp)
    294e:	58                   	pop    %rax
    294f:	09 04 24             	or     %eax,(%rsp)
    2952:	9d                   	popfq  
    2953:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2958:	f7 d0                	not    %eax
    295a:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    2961:	ff 8c 24 f8 00 00 00 	decl   0xf8(%rsp)
    2968:	9c                   	pushfq 
    2969:	58                   	pop    %rax
    296a:	25 d5 08 00 00       	and    $0x8d5,%eax
    296f:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    2976:	e9 12 01 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    297b:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    2982:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    2987:	21 04 24             	and    %eax,(%rsp)
    298a:	9c                   	pushfq 
    298b:	f7 d0                	not    %eax
    298d:	21 04 24             	and    %eax,(%rsp)
    2990:	58                   	pop    %rax
    2991:	09 04 24             	or     %eax,(%rsp)
    2994:	9d                   	popfq  
    2995:	b8 d5 08 00 00       	mov    $0x8d5,%eax
    299a:	f7 d0                	not    %eax
    299c:	21 84 24 48 01 00 00 	and    %eax,0x148(%rsp)
    29a3:	48 ff 8c 24 f8 00 00 	decq   0xf8(%rsp)
    29aa:	00 
    29ab:	9c                   	pushfq 
    29ac:	58                   	pop    %rax
    29ad:	25 d5 08 00 00       	and    $0x8d5,%eax
    29b2:	09 84 24 48 01 00 00 	or     %eax,0x148(%rsp)
    29b9:	e9 cf 00 00 00       	jmpq   2a8d <x86_emulate_memop+0x2a00>
			break;
		case 6:	/* push */
			/* 64-bit mode: PUSH always pushes a 64-bit operand. */
			if (mode == X86EMUL_MODE_PROT64) {
    29be:	83 7c 24 54 08       	cmpl   $0x8,0x54(%rsp)
    29c3:	75 34                	jne    29f9 <x86_emulate_memop+0x296c>
				dst.bytes = 8;
				if ((rc = ops->read_std((unsigned long)dst.ptr,
    29c5:	48 8b 1c 24          	mov    (%rsp),%rbx
    29c9:	c7 84 24 f4 00 00 00 	movl   $0x8,0xf4(%rsp)
    29d0:	08 00 00 00 
    29d4:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
    29db:	00 
    29dc:	48 8b bc 24 08 01 00 	mov    0x108(%rsp),%rdi
    29e3:	00 
    29e4:	4c 89 e9             	mov    %r13,%rcx
    29e7:	ba 08 00 00 00       	mov    $0x8,%edx
    29ec:	ff 13                	callq  *(%rbx)
    29ee:	85 c0                	test   %eax,%eax
    29f0:	41 89 c7             	mov    %eax,%r15d
    29f3:	0f 85 ab 01 00 00    	jne    2ba4 <x86_emulate_memop+0x2b17>
							&dst.val, 8,
							ctxt)) != 0)
					goto done;
			}
			register_address_increment(_regs[VCPU_REGS_RSP],
    29f9:	44 8b 84 24 f4 00 00 	mov    0xf4(%rsp),%r8d
    2a00:	00 
    2a01:	48 8b 2c 24          	mov    (%rsp),%rbp
    2a05:	49 8b 7d 38          	mov    0x38(%r13),%rdi
    2a09:	44 89 c0             	mov    %r8d,%eax
    2a0c:	4c 8b 4d 08          	mov    0x8(%rbp),%r9
    2a10:	f7 d8                	neg    %eax
    2a12:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2a17:	48 63 d0             	movslq %eax,%rdx
    2a1a:	75 15                	jne    2a31 <x86_emulate_memop+0x29a4>
    2a1c:	48 89 d0             	mov    %rdx,%rax
    2a1f:	48 03 84 24 90 00 00 	add    0x90(%rsp),%rax
    2a26:	00 
    2a27:	48 89 84 24 90 00 00 	mov    %rax,0x90(%rsp)
    2a2e:	00 
    2a2f:	eb 38                	jmp    2a69 <x86_emulate_memop+0x29dc>
    2a31:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2a35:	48 8b b4 24 90 00 00 	mov    0x90(%rsp),%rsi
    2a3c:	00 
    2a3d:	b8 01 00 00 00       	mov    $0x1,%eax
    2a42:	c1 e1 03             	shl    $0x3,%ecx
    2a45:	48 01 f2             	add    %rsi,%rdx
    2a48:	48 d3 e0             	shl    %cl,%rax
    2a4b:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    2a4f:	48 f7 d8             	neg    %rax
    2a52:	48 21 f0             	and    %rsi,%rax
    2a55:	48 21 ca             	and    %rcx,%rdx
    2a58:	48 09 c2             	or     %rax,%rdx
						   -dst.bytes);
			if ((rc = ops->write_std(
    2a5b:	48 89 d0             	mov    %rdx,%rax
    2a5e:	48 89 94 24 90 00 00 	mov    %rdx,0x90(%rsp)
    2a65:	00 
    2a66:	48 21 c8             	and    %rcx,%rax
    2a69:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
    2a70:	00 
    2a71:	48 01 c7             	add    %rax,%rdi
    2a74:	4c 89 e9             	mov    %r13,%rcx
    2a77:	44 89 c2             	mov    %r8d,%edx
    2a7a:	41 ff d1             	callq  *%r9
    2a7d:	e9 e5 00 00 00       	jmpq   2b67 <x86_emulate_memop+0x2ada>
				     register_address(ctxt->ss_base,
						      _regs[VCPU_REGS_RSP]),
				     &dst.val, dst.bytes, ctxt)) != 0)
				goto done;
			no_wb = 1;
			break;
		default:
			goto cannot_emulate;
		}
		break;
	}

writeback:
	if (!no_wb) {
		switch (dst.type) {
		case OP_REG:
			/* The 4-byte case *is* correct: in 64-bit mode we zero-extend. */
			switch (dst.bytes) {
			case 1:
				*(u8 *)dst.ptr = (u8)dst.val;
				break;
			case 2:
				*(u16 *)dst.ptr = (u16)dst.val;
				break;
			case 4:
				*dst.ptr = (u32)dst.val;
				break;	/* 64b: zero-ext */
			case 8:
				*dst.ptr = dst.val;
				break;
			}
			break;
		case OP_MEM:
			if (lock_prefix)
				rc = ops->cmpxchg_emulated((unsigned long)dst.
							   ptr, &dst.orig_val,
							   &dst.val, dst.bytes,
							   ctxt);
			else
				rc = ops->write_emulated((unsigned long)dst.ptr,
							 &dst.val, dst.bytes,
							 ctxt);
			if (rc != 0)
				goto done;
		default:
			break;
		}
	}

	/* Commit shadow register state. */
	memcpy(ctxt->vcpu->regs, _regs, sizeof _regs);
	ctxt->eflags = _eflags;
	ctxt->vcpu->rip = _eip;

done:
	return (rc == X86EMUL_UNHANDLEABLE) ? -1 : 0;

special_insn:
	if (twobyte)
		goto twobyte_special_insn;
	if (rep_prefix) {
		if (_regs[VCPU_REGS_RCX] == 0) {
			ctxt->vcpu->rip = _eip;
			goto done;
		}
		_regs[VCPU_REGS_RCX]--;
		_eip = ctxt->vcpu->rip;
	}
	switch (b) {
	case 0xa4 ... 0xa5:	/* movs */
		dst.type = OP_MEM;
		dst.bytes = (d & ByteOp) ? 1 : op_bytes;
		dst.ptr = (unsigned long *)register_address(ctxt->es_base,
							_regs[VCPU_REGS_RDI]);
		if ((rc = ops->read_emulated(register_address(
		      override_base ? *override_base : ctxt->ds_base,
		      _regs[VCPU_REGS_RSI]), &dst.val, dst.bytes, ctxt)) != 0)
			goto done;
		register_address_increment(_regs[VCPU_REGS_RSI],
			     (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
		register_address_increment(_regs[VCPU_REGS_RDI],
			     (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
		break;
	case 0xa6 ... 0xa7:	/* cmps */
		DPRINTF("Urk! I don't handle CMPS.\n");
		goto cannot_emulate;
	case 0xaa ... 0xab:	/* stos */
		dst.type = OP_MEM;
		dst.bytes = (d & ByteOp) ? 1 : op_bytes;
		dst.ptr = (unsigned long *)cr2;
		dst.val = _regs[VCPU_REGS_RAX];
		register_address_increment(_regs[VCPU_REGS_RDI],
			     (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
		break;
	case 0xac ... 0xad:	/* lods */
		dst.type = OP_REG;
		dst.bytes = (d & ByteOp) ? 1 : op_bytes;
		dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
		if ((rc = ops->read_emulated(cr2, &dst.val, dst.bytes, ctxt)) != 0)
			goto done;
		register_address_increment(_regs[VCPU_REGS_RSI],
			   (_eflags & EFLG_DF) ? -dst.bytes : dst.bytes);
		break;
	case 0xae ... 0xaf:	/* scas */
		DPRINTF("Urk! I don't handle SCAS.\n");
		goto cannot_emulate;
	case 0xf4:              /* hlt */
		ctxt->vcpu->halt_request = 1;
		goto done;
	case 0xc3: /* ret */
		dst.ptr = &_eip;
		goto pop_instruction;
	case 0x58 ... 0x5f: /* pop reg */
		dst.ptr = (unsigned long *)&_regs[b & 0x7];

pop_instruction:
		if ((rc = ops->read_std(register_address(ctxt->ss_base,
			_regs[VCPU_REGS_RSP]), dst.ptr, op_bytes, ctxt)) != 0)
			goto done;

		register_address_increment(_regs[VCPU_REGS_RSP], op_bytes);
		no_wb = 1; /* Disable writeback. */
		break;
	}
	goto writeback;

twobyte_insn:
	switch (b) {
	case 0x01: /* lgdt, lidt, lmsw */
		switch (modrm_reg) {
			u16 size;
			unsigned long address;

		case 2: /* lgdt */
			rc = read_descriptor(ctxt, ops, src.ptr,
					     &size, &address, op_bytes);
			if (rc)
				goto done;
			realmode_lgdt(ctxt->vcpu, size, address);
			break;
		case 3: /* lidt */
			rc = read_descriptor(ctxt, ops, src.ptr,
					     &size, &address, op_bytes);
			if (rc)
				goto done;
			realmode_lidt(ctxt->vcpu, size, address);
			break;
		case 4: /* smsw */
			if (modrm_mod != 3)
				goto cannot_emulate;
			*(u16 *)&_regs[modrm_rm]
				= realmode_get_cr(ctxt->vcpu, 0);
			break;
		case 6: /* lmsw */
			if (modrm_mod != 3)
				goto cannot_emulate;
			realmode_lmsw(ctxt->vcpu, (u16)modrm_val, &_eflags);
			break;
		case 7: /* invlpg*/
			emulate_invlpg(ctxt->vcpu, cr2);
			break;
		default:
			goto cannot_emulate;
		}
		break;
	case 0x21: /* mov from dr to reg */
		if (modrm_mod != 3)
			goto cannot_emulate;
		rc = emulator_get_dr(ctxt, modrm_reg, &_regs[modrm_rm]);
		break;
	case 0x23: /* mov from reg to dr */
		if (modrm_mod != 3)
			goto cannot_emulate;
		rc = emulator_set_dr(ctxt, modrm_reg, _regs[modrm_rm]);
		break;
	case 0x40 ... 0x4f:	/* cmov */
		dst.val = dst.orig_val = src.val;
		no_wb = 1;
		/*
		 * First, assume we're decoding an even cmov opcode
		 * (lsb == 0).
		 */
		switch ((b & 15) >> 1) {
		case 0:	/* cmovo */
			no_wb = (_eflags & EFLG_OF) ? 0 : 1;
			break;
		case 1:	/* cmovb/cmovc/cmovnae */
			no_wb = (_eflags & EFLG_CF) ? 0 : 1;
			break;
		case 2:	/* cmovz/cmove */
			no_wb = (_eflags & EFLG_ZF) ? 0 : 1;
			break;
		case 3:	/* cmovbe/cmovna */
			no_wb = (_eflags & (EFLG_CF | EFLG_ZF)) ? 0 : 1;
			break;
		case 4:	/* cmovs */
			no_wb = (_eflags & EFLG_SF) ? 0 : 1;
			break;
		case 5:	/* cmovp/cmovpe */
			no_wb = (_eflags & EFLG_PF) ? 0 : 1;
			break;
		case 7:	/* cmovle/cmovng */
			no_wb = (_eflags & EFLG_ZF) ? 0 : 1;
			/* fall through */
		case 6:	/* cmovl/cmovnge */
			no_wb &= (!(_eflags & EFLG_SF) !=
			      !(_eflags & EFLG_OF)) ? 0 : 1;
			break;
		}
		/* Odd cmov opcodes (lsb == 1) have inverted sense. */
		no_wb ^= b & 1;
    2a82:	83 e1 01             	and    $0x1,%ecx
    2a85:	39 ca                	cmp    %ecx,%edx
    2a87:	0f 85 e1 00 00 00    	jne    2b6e <x86_emulate_memop+0x2ae1>
    2a8d:	8b 84 24 f0 00 00 00 	mov    0xf0(%rsp),%eax
    2a94:	85 c0                	test   %eax,%eax
    2a96:	74 0a                	je     2aa2 <x86_emulate_memop+0x2a15>
    2a98:	ff c8                	dec    %eax
    2a9a:	0f 85 ce 00 00 00    	jne    2b6e <x86_emulate_memop+0x2ae1>
    2aa0:	eb 7e                	jmp    2b20 <x86_emulate_memop+0x2a93>
    2aa2:	8b 84 24 f4 00 00 00 	mov    0xf4(%rsp),%eax
    2aa9:	83 f8 02             	cmp    $0x2,%eax
    2aac:	74 33                	je     2ae1 <x86_emulate_memop+0x2a54>
    2aae:	77 0a                	ja     2aba <x86_emulate_memop+0x2a2d>
    2ab0:	ff c8                	dec    %eax
    2ab2:	0f 85 b6 00 00 00    	jne    2b6e <x86_emulate_memop+0x2ae1>
    2ab8:	eb 10                	jmp    2aca <x86_emulate_memop+0x2a3d>
    2aba:	83 f8 04             	cmp    $0x4,%eax
    2abd:	74 37                	je     2af6 <x86_emulate_memop+0x2a69>
    2abf:	83 f8 08             	cmp    $0x8,%eax
    2ac2:	0f 85 a6 00 00 00    	jne    2b6e <x86_emulate_memop+0x2ae1>
    2ac8:	eb 41                	jmp    2b0b <x86_emulate_memop+0x2a7e>
    2aca:	48 8b 94 24 f8 00 00 	mov    0xf8(%rsp),%rdx
    2ad1:	00 
    2ad2:	48 8b 84 24 08 01 00 	mov    0x108(%rsp),%rax
    2ad9:	00 
    2ada:	88 10                	mov    %dl,(%rax)
    2adc:	e9 8d 00 00 00       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
    2ae1:	48 8b 94 24 f8 00 00 	mov    0xf8(%rsp),%rdx
    2ae8:	00 
    2ae9:	48 8b 84 24 08 01 00 	mov    0x108(%rsp),%rax
    2af0:	00 
    2af1:	66 89 10             	mov    %dx,(%rax)
    2af4:	eb 78                	jmp    2b6e <x86_emulate_memop+0x2ae1>
    2af6:	44 8b 84 24 f8 00 00 	mov    0xf8(%rsp),%r8d
    2afd:	00 
    2afe:	48 8b 84 24 08 01 00 	mov    0x108(%rsp),%rax
    2b05:	00 
    2b06:	4c 89 00             	mov    %r8,(%rax)
    2b09:	eb 63                	jmp    2b6e <x86_emulate_memop+0x2ae1>
    2b0b:	48 8b 94 24 f8 00 00 	mov    0xf8(%rsp),%rdx
    2b12:	00 
    2b13:	48 8b 84 24 08 01 00 	mov    0x108(%rsp),%rax
    2b1a:	00 
    2b1b:	48 89 10             	mov    %rdx,(%rax)
    2b1e:	eb 4e                	jmp    2b6e <x86_emulate_memop+0x2ae1>
    2b20:	83 7c 24 4c 00       	cmpl   $0x0,0x4c(%rsp)
    2b25:	44 8b 8c 24 f4 00 00 	mov    0xf4(%rsp),%r9d
    2b2c:	00 
    2b2d:	48 8d 84 24 f0 00 00 	lea    0xf0(%rsp),%rax
    2b34:	00 
    2b35:	48 8b bc 24 08 01 00 	mov    0x108(%rsp),%rdi
    2b3c:	00 
    2b3d:	74 17                	je     2b56 <x86_emulate_memop+0x2ac9>
    2b3f:	48 8b 1c 24          	mov    (%rsp),%rbx
    2b43:	48 8d 50 08          	lea    0x8(%rax),%rdx
    2b47:	48 8d 70 10          	lea    0x10(%rax),%rsi
    2b4b:	4d 89 e8             	mov    %r13,%r8
    2b4e:	44 89 c9             	mov    %r9d,%ecx
    2b51:	ff 53 20             	callq  *0x20(%rbx)
    2b54:	eb 11                	jmp    2b67 <x86_emulate_memop+0x2ada>
    2b56:	48 8b 2c 24          	mov    (%rsp),%rbp
    2b5a:	48 8d 70 08          	lea    0x8(%rax),%rsi
    2b5e:	4c 89 e9             	mov    %r13,%rcx
    2b61:	44 89 ca             	mov    %r9d,%edx
    2b64:	ff 55 18             	callq  *0x18(%rbp)
    2b67:	85 c0                	test   %eax,%eax
    2b69:	41 89 c7             	mov    %eax,%r15d
    2b6c:	75 36                	jne    2ba4 <x86_emulate_memop+0x2b17>
    2b6e:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    2b72:	48 8d 74 24 70       	lea    0x70(%rsp),%rsi
    2b77:	ba 80 00 00 00       	mov    $0x80,%edx
    2b7c:	48 83 ef 80          	sub    $0xffffffffffffff80,%rdi
    2b80:	e8 00 00 00 00       	callq  2b85 <x86_emulate_memop+0x2af8>
			2b81: R_X86_64_PC32	__memcpy+0xfffffffffffffffc
    2b85:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    2b8c:	00 
    2b8d:	49 8b 55 00          	mov    0x0(%r13),%rdx
    2b91:	49 89 45 08          	mov    %rax,0x8(%r13)
    2b95:	48 8b 84 24 50 01 00 	mov    0x150(%rsp),%rax
    2b9c:	00 
    2b9d:	48 89 82 00 01 00 00 	mov    %rax,0x100(%rdx)
    2ba4:	41 ff cf             	dec    %r15d
    2ba7:	0f 84 a4 0f 00 00    	je     3b51 <x86_emulate_memop+0x3ac4>
    2bad:	31 c0                	xor    %eax,%eax
    2baf:	e9 ca 0f 00 00       	jmpq   3b7e <x86_emulate_memop+0x3af1>
    2bb4:	80 7c 24 1d 00       	cmpb   $0x0,0x1d(%rsp)
    2bb9:	0f 85 aa 0d 00 00    	jne    3969 <x86_emulate_memop+0x38dc>
    2bbf:	83 7c 24 50 00       	cmpl   $0x0,0x50(%rsp)
    2bc4:	74 36                	je     2bfc <x86_emulate_memop+0x2b6f>
    2bc6:	48 8b 44 24 78       	mov    0x78(%rsp),%rax
    2bcb:	49 8b 55 00          	mov    0x0(%r13),%rdx
    2bcf:	48 85 c0             	test   %rax,%rax
    2bd2:	75 11                	jne    2be5 <x86_emulate_memop+0x2b58>
    2bd4:	48 8b 84 24 50 01 00 	mov    0x150(%rsp),%rax
    2bdb:	00 
    2bdc:	48 89 82 00 01 00 00 	mov    %rax,0x100(%rdx)
    2be3:	eb c8                	jmp    2bad <x86_emulate_memop+0x2b20>
    2be5:	48 ff c8             	dec    %rax
    2be8:	48 89 44 24 78       	mov    %rax,0x78(%rsp)
    2bed:	48 8b 82 00 01 00 00 	mov    0x100(%rdx),%rax
    2bf4:	48 89 84 24 50 01 00 	mov    %rax,0x150(%rsp)
    2bfb:	00 
    2bfc:	40 80 fd ab          	cmp    $0xab,%bpl
    2c00:	77 35                	ja     2c37 <x86_emulate_memop+0x2baa>
    2c02:	40 80 fd aa          	cmp    $0xaa,%bpl
    2c06:	0f 83 e7 01 00 00    	jae    2df3 <x86_emulate_memop+0x2d66>
    2c0c:	40 80 fd a5          	cmp    $0xa5,%bpl
    2c10:	77 16                	ja     2c28 <x86_emulate_memop+0x2b9b>
    2c12:	40 80 fd a4          	cmp    $0xa4,%bpl
    2c16:	73 4d                	jae    2c65 <x86_emulate_memop+0x2bd8>
    2c18:	8d 45 a8             	lea    0xffffffffffffffa8(%rbp),%eax
    2c1b:	3c 07                	cmp    $0x7,%al
    2c1d:	0f 87 6a fe ff ff    	ja     2a8d <x86_emulate_memop+0x2a00>
    2c23:	e9 40 03 00 00       	jmpq   2f68 <x86_emulate_memop+0x2edb>
    2c28:	40 80 fd a7          	cmp    $0xa7,%bpl
    2c2c:	0f 87 5b fe ff ff    	ja     2a8d <x86_emulate_memop+0x2a00>
    2c32:	e9 1a 0f 00 00       	jmpq   3b51 <x86_emulate_memop+0x3ac4>
    2c37:	40 80 fd af          	cmp    $0xaf,%bpl
    2c3b:	77 0f                	ja     2c4c <x86_emulate_memop+0x2bbf>
    2c3d:	40 80 fd ae          	cmp    $0xae,%bpl
    2c41:	0f 83 0a 0f 00 00    	jae    3b51 <x86_emulate_memop+0x3ac4>
    2c47:	e9 42 02 00 00       	jmpq   2e8e <x86_emulate_memop+0x2e01>
    2c4c:	40 80 fd c3          	cmp    $0xc3,%bpl
    2c50:	0f 84 08 03 00 00    	je     2f5e <x86_emulate_memop+0x2ed1>
    2c56:	40 80 fd f4          	cmp    $0xf4,%bpl
    2c5a:	0f 85 2d fe ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    2c60:	e9 e6 02 00 00       	jmpq   2f4b <x86_emulate_memop+0x2ebe>
    2c65:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    2c6a:	b8 01 00 00 00       	mov    $0x1,%eax
    2c6f:	c7 84 24 f0 00 00 00 	movl   $0x1,0xf0(%rsp)
    2c76:	01 00 00 00 
    2c7a:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
    2c7f:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2c84:	49 8b 55 30          	mov    0x30(%r13),%rdx
    2c88:	89 84 24 f4 00 00 00 	mov    %eax,0xf4(%rsp)
    2c8f:	75 0a                	jne    2c9b <x86_emulate_memop+0x2c0e>
    2c91:	48 8b 84 24 a8 00 00 	mov    0xa8(%rsp),%rax
    2c98:	00 
    2c99:	eb 1a                	jmp    2cb5 <x86_emulate_memop+0x2c28>
    2c9b:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2c9f:	b8 01 00 00 00       	mov    $0x1,%eax
    2ca4:	c1 e1 03             	shl    $0x3,%ecx
    2ca7:	48 d3 e0             	shl    %cl,%rax
    2caa:	48 ff c8             	dec    %rax
    2cad:	48 23 84 24 a8 00 00 	and    0xa8(%rsp),%rax
    2cb4:	00 
    2cb5:	48 01 d0             	add    %rdx,%rax
    2cb8:	48 83 7c 24 40 00    	cmpq   $0x0,0x40(%rsp)
    2cbe:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    2cc5:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
    2ccc:	00 
    2ccd:	48 8b 04 24          	mov    (%rsp),%rax
    2cd1:	4c 8b 40 10          	mov    0x10(%rax),%r8
    2cd5:	74 0a                	je     2ce1 <x86_emulate_memop+0x2c54>
    2cd7:	48 8b 4c 24 40       	mov    0x40(%rsp),%rcx
    2cdc:	48 8b 39             	mov    (%rcx),%rdi
    2cdf:	eb 04                	jmp    2ce5 <x86_emulate_memop+0x2c58>
    2ce1:	49 8b 7d 28          	mov    0x28(%r13),%rdi
    2ce5:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2cea:	75 0a                	jne    2cf6 <x86_emulate_memop+0x2c69>
    2cec:	48 8b 84 24 a0 00 00 	mov    0xa0(%rsp),%rax
    2cf3:	00 
    2cf4:	eb 1a                	jmp    2d10 <x86_emulate_memop+0x2c83>
    2cf6:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2cfa:	b8 01 00 00 00       	mov    $0x1,%eax
    2cff:	c1 e1 03             	shl    $0x3,%ecx
    2d02:	48 d3 e0             	shl    %cl,%rax
    2d05:	48 ff c8             	dec    %rax
    2d08:	48 23 84 24 a0 00 00 	and    0xa0(%rsp),%rax
    2d0f:	00 
    2d10:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
    2d17:	00 
    2d18:	48 8d 3c 38          	lea    (%rax,%rdi,1),%rdi
    2d1c:	4c 89 e9             	mov    %r13,%rcx
    2d1f:	41 ff d0             	callq  *%r8
    2d22:	85 c0                	test   %eax,%eax
    2d24:	41 89 c7             	mov    %eax,%r15d
    2d27:	0f 85 77 fe ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
    2d2d:	44 8b 8c 24 f4 00 00 	mov    0xf4(%rsp),%r9d
    2d34:	00 
    2d35:	44 89 c8             	mov    %r9d,%eax
    2d38:	f7 d8                	neg    %eax
    2d3a:	f6 84 24 49 01 00 00 	testb  $0x4,0x149(%rsp)
    2d41:	04 
    2d42:	44 0f 45 c8          	cmovne %eax,%r9d
    2d46:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2d4b:	49 63 d1             	movslq %r9d,%rdx
    2d4e:	75 0a                	jne    2d5a <x86_emulate_memop+0x2ccd>
    2d50:	48 01 94 24 a0 00 00 	add    %rdx,0xa0(%rsp)
    2d57:	00 
    2d58:	eb 32                	jmp    2d8c <x86_emulate_memop+0x2cff>
    2d5a:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2d5e:	48 8b b4 24 a0 00 00 	mov    0xa0(%rsp),%rsi
    2d65:	00 
    2d66:	b8 01 00 00 00       	mov    $0x1,%eax
    2d6b:	c1 e1 03             	shl    $0x3,%ecx
    2d6e:	48 01 f2             	add    %rsi,%rdx
    2d71:	48 d3 e0             	shl    %cl,%rax
    2d74:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    2d78:	48 f7 d8             	neg    %rax
    2d7b:	48 21 f0             	and    %rsi,%rax
    2d7e:	48 21 ca             	and    %rcx,%rdx
    2d81:	48 09 c2             	or     %rax,%rdx
    2d84:	48 89 94 24 a0 00 00 	mov    %rdx,0xa0(%rsp)
    2d8b:	00 
    2d8c:	44 8b 8c 24 f4 00 00 	mov    0xf4(%rsp),%r9d
    2d93:	00 
    2d94:	44 89 c8             	mov    %r9d,%eax
    2d97:	f7 d8                	neg    %eax
    2d99:	f6 84 24 49 01 00 00 	testb  $0x4,0x149(%rsp)
    2da0:	04 
    2da1:	44 0f 45 c8          	cmovne %eax,%r9d
    2da5:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2daa:	49 63 d1             	movslq %r9d,%rdx
    2dad:	75 0d                	jne    2dbc <x86_emulate_memop+0x2d2f>
    2daf:	48 01 94 24 a8 00 00 	add    %rdx,0xa8(%rsp)
    2db6:	00 
    2db7:	e9 d1 fc ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2dbc:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2dc0:	48 8b b4 24 a8 00 00 	mov    0xa8(%rsp),%rsi
    2dc7:	00 
    2dc8:	b8 01 00 00 00       	mov    $0x1,%eax
    2dcd:	c1 e1 03             	shl    $0x3,%ecx
    2dd0:	48 01 f2             	add    %rsi,%rdx
    2dd3:	48 d3 e0             	shl    %cl,%rax
    2dd6:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    2dda:	48 f7 d8             	neg    %rax
    2ddd:	48 21 f0             	and    %rsi,%rax
    2de0:	48 21 ca             	and    %rcx,%rdx
    2de3:	48 09 c2             	or     %rax,%rdx
    2de6:	48 89 94 24 a8 00 00 	mov    %rdx,0xa8(%rsp)
    2ded:	00 
    2dee:	e9 9a fc ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2df3:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    2df8:	b8 01 00 00 00       	mov    $0x1,%eax
    2dfd:	c7 84 24 f0 00 00 00 	movl   $0x1,0xf0(%rsp)
    2e04:	01 00 00 00 
    2e08:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
    2e0d:	4c 89 a4 24 08 01 00 	mov    %r12,0x108(%rsp)
    2e14:	00 
    2e15:	89 44 24 6c          	mov    %eax,0x6c(%rsp)
    2e19:	89 84 24 f4 00 00 00 	mov    %eax,0xf4(%rsp)
    2e20:	48 8b 44 24 70       	mov    0x70(%rsp),%rax
    2e25:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    2e2c:	00 
    2e2d:	8b 44 24 6c          	mov    0x6c(%rsp),%eax
    2e31:	f7 d8                	neg    %eax
    2e33:	f6 84 24 49 01 00 00 	testb  $0x4,0x149(%rsp)
    2e3a:	04 
    2e3b:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
    2e40:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2e45:	48 63 d0             	movslq %eax,%rdx
    2e48:	75 0d                	jne    2e57 <x86_emulate_memop+0x2dca>
    2e4a:	48 01 94 24 a8 00 00 	add    %rdx,0xa8(%rsp)
    2e51:	00 
    2e52:	e9 36 fc ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2e57:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2e5b:	48 8b b4 24 a8 00 00 	mov    0xa8(%rsp),%rsi
    2e62:	00 
    2e63:	b8 01 00 00 00       	mov    $0x1,%eax
    2e68:	c1 e1 03             	shl    $0x3,%ecx
    2e6b:	48 01 f2             	add    %rsi,%rdx
    2e6e:	48 d3 e0             	shl    %cl,%rax
    2e71:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    2e75:	48 f7 d8             	neg    %rax
    2e78:	48 21 f0             	and    %rsi,%rax
    2e7b:	48 21 ca             	and    %rcx,%rdx
    2e7e:	48 09 c2             	or     %rax,%rdx
    2e81:	48 89 94 24 a8 00 00 	mov    %rdx,0xa8(%rsp)
    2e88:	00 
    2e89:	e9 ff fb ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2e8e:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    2e93:	b8 01 00 00 00       	mov    $0x1,%eax
    2e98:	48 8b 1c 24          	mov    (%rsp),%rbx
    2e9c:	0f 44 44 24 6c       	cmove  0x6c(%rsp),%eax
    2ea1:	c7 84 24 f0 00 00 00 	movl   $0x0,0xf0(%rsp)
    2ea8:	00 00 00 00 
    2eac:	48 8d b4 24 f8 00 00 	lea    0xf8(%rsp),%rsi
    2eb3:	00 
    2eb4:	4c 89 e9             	mov    %r13,%rcx
    2eb7:	4c 89 e7             	mov    %r12,%rdi
    2eba:	89 44 24 6c          	mov    %eax,0x6c(%rsp)
    2ebe:	89 84 24 f4 00 00 00 	mov    %eax,0xf4(%rsp)
    2ec5:	48 8d 44 24 70       	lea    0x70(%rsp),%rax
    2eca:	8b 54 24 6c          	mov    0x6c(%rsp),%edx
    2ece:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
    2ed5:	00 
    2ed6:	ff 53 10             	callq  *0x10(%rbx)
    2ed9:	85 c0                	test   %eax,%eax
    2edb:	41 89 c7             	mov    %eax,%r15d
    2ede:	0f 85 c0 fc ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
    2ee4:	44 8b 8c 24 f4 00 00 	mov    0xf4(%rsp),%r9d
    2eeb:	00 
    2eec:	44 89 c8             	mov    %r9d,%eax
    2eef:	f7 d8                	neg    %eax
    2ef1:	f6 84 24 49 01 00 00 	testb  $0x4,0x149(%rsp)
    2ef8:	04 
    2ef9:	44 0f 45 c8          	cmovne %eax,%r9d
    2efd:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2f02:	49 63 d1             	movslq %r9d,%rdx
    2f05:	75 0d                	jne    2f14 <x86_emulate_memop+0x2e87>
    2f07:	48 01 94 24 a0 00 00 	add    %rdx,0xa0(%rsp)
    2f0e:	00 
    2f0f:	e9 79 fb ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2f14:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2f18:	48 8b b4 24 a0 00 00 	mov    0xa0(%rsp),%rsi
    2f1f:	00 
    2f20:	b8 01 00 00 00       	mov    $0x1,%eax
    2f25:	c1 e1 03             	shl    $0x3,%ecx
    2f28:	48 01 f2             	add    %rsi,%rdx
    2f2b:	48 d3 e0             	shl    %cl,%rax
    2f2e:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    2f32:	48 f7 d8             	neg    %rax
    2f35:	48 21 f0             	and    %rsi,%rax
    2f38:	48 21 ca             	and    %rcx,%rdx
    2f3b:	48 09 c2             	or     %rax,%rdx
    2f3e:	48 89 94 24 a0 00 00 	mov    %rdx,0xa0(%rsp)
    2f45:	00 
    2f46:	e9 42 fb ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    2f4b:	49 8b 45 00          	mov    0x0(%r13),%rax
    2f4f:	c7 80 28 0a 00 00 01 	movl   $0x1,0xa28(%rax)
    2f56:	00 00 00 
    2f59:	e9 4f fc ff ff       	jmpq   2bad <x86_emulate_memop+0x2b20>
    2f5e:	48 8d 84 24 50 01 00 	lea    0x150(%rsp),%rax
    2f65:	00 
    2f66:	eb 0b                	jmp    2f73 <x86_emulate_memop+0x2ee6>
    2f68:	48 89 e8             	mov    %rbp,%rax
    2f6b:	83 e0 07             	and    $0x7,%eax
    2f6e:	48 8d 44 c4 70       	lea    0x70(%rsp,%rax,8),%rax
    2f73:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2f78:	48 8b 2c 24          	mov    (%rsp),%rbp
    2f7c:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
    2f83:	00 
    2f84:	49 8b 55 38          	mov    0x38(%r13),%rdx
    2f88:	48 8b b4 24 08 01 00 	mov    0x108(%rsp),%rsi
    2f8f:	00 
    2f90:	4c 8b 45 00          	mov    0x0(%rbp),%r8
    2f94:	75 0a                	jne    2fa0 <x86_emulate_memop+0x2f13>
    2f96:	48 8b 84 24 90 00 00 	mov    0x90(%rsp),%rax
    2f9d:	00 
    2f9e:	eb 1a                	jmp    2fba <x86_emulate_memop+0x2f2d>
    2fa0:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2fa4:	b8 01 00 00 00       	mov    $0x1,%eax
    2fa9:	c1 e1 03             	shl    $0x3,%ecx
    2fac:	48 d3 e0             	shl    %cl,%rax
    2faf:	48 ff c8             	dec    %rax
    2fb2:	48 23 84 24 90 00 00 	and    0x90(%rsp),%rax
    2fb9:	00 
    2fba:	48 8d 3c 10          	lea    (%rax,%rdx,1),%rdi
    2fbe:	4c 89 e9             	mov    %r13,%rcx
    2fc1:	8b 54 24 6c          	mov    0x6c(%rsp),%edx
    2fc5:	41 ff d0             	callq  *%r8
    2fc8:	85 c0                	test   %eax,%eax
    2fca:	41 89 c7             	mov    %eax,%r15d
    2fcd:	0f 85 d1 fb ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
    2fd3:	83 7c 24 48 08       	cmpl   $0x8,0x48(%rsp)
    2fd8:	48 63 54 24 6c       	movslq 0x6c(%rsp),%rdx
    2fdd:	75 0d                	jne    2fec <x86_emulate_memop+0x2f5f>
    2fdf:	48 01 94 24 90 00 00 	add    %rdx,0x90(%rsp)
    2fe6:	00 
    2fe7:	e9 82 fb ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
    2fec:	8b 4c 24 48          	mov    0x48(%rsp),%ecx
    2ff0:	48 8b b4 24 90 00 00 	mov    0x90(%rsp),%rsi
    2ff7:	00 
    2ff8:	b8 01 00 00 00       	mov    $0x1,%eax
    2ffd:	c1 e1 03             	shl    $0x3,%ecx
    3000:	48 01 f2             	add    %rsi,%rdx
    3003:	48 d3 e0             	shl    %cl,%rax
    3006:	48 8d 48 ff          	lea    0xffffffffffffffff(%rax),%rcx
    300a:	48 f7 d8             	neg    %rax
    300d:	48 21 f0             	and    %rsi,%rax
    3010:	48 21 ca             	and    %rcx,%rdx
    3013:	48 09 c2             	or     %rax,%rdx
    3016:	48 89 94 24 90 00 00 	mov    %rdx,0x90(%rsp)
    301d:	00 
    301e:	e9 4b fb ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
    3023:	40 80 fd b1          	cmp    $0xb1,%bpl
    3027:	77 52                	ja     307b <x86_emulate_memop+0x2fee>
    3029:	40 80 fd b0          	cmp    $0xb0,%bpl
    302d:	0f 83 e5 02 00 00    	jae    3318 <x86_emulate_memop+0x328b>
    3033:	40 80 fd 4f          	cmp    $0x4f,%bpl
    3037:	77 29                	ja     3062 <x86_emulate_memop+0x2fd5>
    3039:	40 80 fd 40          	cmp    $0x40,%bpl
    303d:	0f 83 ea 01 00 00    	jae    322d <x86_emulate_memop+0x31a0>
    3043:	40 80 fd 21          	cmp    $0x21,%bpl
    3047:	0f 84 8c 01 00 00    	je     31d9 <x86_emulate_memop+0x314c>
    304d:	40 80 fd 23          	cmp    $0x23,%bpl
    3051:	0f 84 ac 01 00 00    	je     3203 <x86_emulate_memop+0x3176>
    3057:	40 fe cd             	dec    %bpl
    305a:	0f 85 2d fa ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    3060:	eb 5f                	jmp    30c1 <x86_emulate_memop+0x3034>
    3062:	40 80 fd a3          	cmp    $0xa3,%bpl
    3066:	0f 84 37 04 00 00    	je     34a3 <x86_emulate_memop+0x3416>
    306c:	40 80 fd ab          	cmp    $0xab,%bpl
    3070:	0f 85 17 fa ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    3076:	e9 3a 06 00 00       	jmpq   36b5 <x86_emulate_memop+0x3628>
    307b:	40 80 fd ba          	cmp    $0xba,%bpl
    307f:	0f 84 7d 08 00 00    	je     3902 <x86_emulate_memop+0x3875>
    3085:	77 20                	ja     30a7 <x86_emulate_memop+0x301a>
    3087:	40 80 fd b3          	cmp    $0xb3,%bpl
    308b:	0f 84 21 05 00 00    	je     35b2 <x86_emulate_memop+0x3525>
    3091:	0f 82 f6 f9 ff ff    	jb     2a8d <x86_emulate_memop+0x2a00>
    3097:	8d 45 4a             	lea    0x4a(%rbp),%eax
    309a:	3c 01                	cmp    $0x1,%al
    309c:	0f 87 eb f9 ff ff    	ja     2a8d <x86_emulate_memop+0x2a00>
    30a2:	e9 1d 07 00 00       	jmpq   37c4 <x86_emulate_memop+0x3737>
    30a7:	40 80 fd bb          	cmp    $0xbb,%bpl
    30ab:	0f 84 42 07 00 00    	je     37f3 <x86_emulate_memop+0x3766>
    30b1:	8d 45 42             	lea    0x42(%rbp),%eax
    30b4:	3c 01                	cmp    $0x1,%al
    30b6:	0f 87 d1 f9 ff ff    	ja     2a8d <x86_emulate_memop+0x2a00>
    30bc:	e9 77 08 00 00       	jmpq   3938 <x86_emulate_memop+0x38ab>
    30c1:	8a 44 24 20          	mov    0x20(%rsp),%al
    30c5:	83 e8 02             	sub    $0x2,%eax
    30c8:	3c 05                	cmp    $0x5,%al
    30ca:	0f 87 81 0a 00 00    	ja     3b51 <x86_emulate_memop+0x3ac4>
    30d0:	0f b6 c0             	movzbl %al,%eax
    30d3:	ff 24 c5 00 00 00 00 	jmpq   *0x0(,%rax,8)
			30d6: R_X86_64_32S	.rodata+0xc0
    30da:	48 8b 94 24 28 01 00 	mov    0x128(%rsp),%rdx
    30e1:	00 
    30e2:	44 8b 4c 24 6c       	mov    0x6c(%rsp),%r9d
    30e7:	48 8d 8c 24 38 01 00 	lea    0x138(%rsp),%rcx
    30ee:	00 
    30ef:	48 8b 34 24          	mov    (%rsp),%rsi
    30f3:	4c 8d 84 24 40 01 00 	lea    0x140(%rsp),%r8
    30fa:	00 
    30fb:	4c 89 ef             	mov    %r13,%rdi
    30fe:	e8 28 cf ff ff       	callq  2b <read_descriptor>
    3103:	85 c0                	test   %eax,%eax
    3105:	41 89 c7             	mov    %eax,%r15d
    3108:	0f 85 96 fa ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
    310e:	0f b7 b4 24 38 01 00 	movzwl 0x138(%rsp),%esi
    3115:	00 
    3116:	48 8b 94 24 40 01 00 	mov    0x140(%rsp),%rdx
    311d:	00 
    311e:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    3122:	e8 00 00 00 00       	callq  3127 <x86_emulate_memop+0x309a>
			3123: R_X86_64_PC32	realmode_lgdt+0xfffffffffffffffc
    3127:	e9 61 f9 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    312c:	48 8b 94 24 28 01 00 	mov    0x128(%rsp),%rdx
    3133:	00 
    3134:	44 8b 4c 24 6c       	mov    0x6c(%rsp),%r9d
    3139:	48 8d 8c 24 38 01 00 	lea    0x138(%rsp),%rcx
    3140:	00 
    3141:	48 8b 34 24          	mov    (%rsp),%rsi
    3145:	4c 8d 84 24 40 01 00 	lea    0x140(%rsp),%r8
    314c:	00 
    314d:	4c 89 ef             	mov    %r13,%rdi
    3150:	e8 d6 ce ff ff       	callq  2b <read_descriptor>
    3155:	85 c0                	test   %eax,%eax
    3157:	41 89 c7             	mov    %eax,%r15d
    315a:	0f 85 44 fa ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
    3160:	0f b7 b4 24 38 01 00 	movzwl 0x138(%rsp),%esi
    3167:	00 
    3168:	48 8b 94 24 40 01 00 	mov    0x140(%rsp),%rdx
    316f:	00 
    3170:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    3174:	e8 00 00 00 00       	callq  3179 <x86_emulate_memop+0x30ec>
			3175: R_X86_64_PC32	realmode_lidt+0xfffffffffffffffc
    3179:	e9 0f f9 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    317e:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    3183:	0f 85 c8 09 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    3189:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    318d:	31 f6                	xor    %esi,%esi
    318f:	e8 00 00 00 00       	callq  3194 <x86_emulate_memop+0x3107>
			3190: R_X86_64_PC32	realmode_get_cr+0xfffffffffffffffc
    3194:	0f b6 54 24 3f       	movzbl 0x3f(%rsp),%edx
    3199:	66 89 44 d4 70       	mov    %ax,0x70(%rsp,%rdx,8)
    319e:	e9 ea f8 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    31a3:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    31a8:	0f 85 a3 09 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    31ae:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    31b2:	48 8d 94 24 48 01 00 	lea    0x148(%rsp),%rdx
    31b9:	00 
    31ba:	41 0f b7 f6          	movzwl %r14w,%esi
    31be:	e8 00 00 00 00       	callq  31c3 <x86_emulate_memop+0x3136>
			31bf: R_X86_64_PC32	realmode_lmsw+0xfffffffffffffffc
    31c3:	e9 c5 f8 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    31c8:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    31cc:	4c 89 e6             	mov    %r12,%rsi
    31cf:	e8 00 00 00 00       	callq  31d4 <x86_emulate_memop+0x3147>
			31d0: R_X86_64_PC32	emulate_invlpg+0xfffffffffffffffc
    31d4:	e9 b4 f8 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    31d9:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    31de:	0f 85 6d 09 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    31e4:	0f b6 54 24 3f       	movzbl 0x3f(%rsp),%edx
    31e9:	0f b6 74 24 20       	movzbl 0x20(%rsp),%esi
    31ee:	4c 89 ef             	mov    %r13,%rdi
    31f1:	48 8d 54 d4 70       	lea    0x70(%rsp,%rdx,8),%rdx
    31f6:	e8 00 00 00 00       	callq  31fb <x86_emulate_memop+0x316e>
			31f7: R_X86_64_PC32	emulator_get_dr+0xfffffffffffffffc
    31fb:	41 89 c7             	mov    %eax,%r15d
    31fe:	e9 8a f8 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    3203:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    3208:	0f 85 43 09 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
    320e:	0f b6 44 24 3f       	movzbl 0x3f(%rsp),%eax
    3213:	0f b6 74 24 20       	movzbl 0x20(%rsp),%esi
    3218:	4c 89 ef             	mov    %r13,%rdi
    321b:	48 8b 54 c4 70       	mov    0x70(%rsp,%rax,8),%rdx
    3220:	e8 00 00 00 00       	callq  3225 <x86_emulate_memop+0x3198>
			3221: R_X86_64_PC32	emulator_set_dr+0xfffffffffffffffc
    3225:	41 89 c7             	mov    %eax,%r15d
    3228:	e9 60 f8 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    322d:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    3234:	00 
    3235:	40 0f b6 cd          	movzbl %bpl,%ecx
    3239:	ba 01 00 00 00       	mov    $0x1,%edx
    323e:	48 89 84 24 00 01 00 	mov    %rax,0x100(%rsp)
    3245:	00 
    3246:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    324d:	00 
    324e:	89 c8                	mov    %ecx,%eax
    3250:	83 e0 0f             	and    $0xf,%eax
    3253:	d1 f8                	sar    %eax
    3255:	83 f8 07             	cmp    $0x7,%eax
    3258:	0f 87 24 f8 ff ff    	ja     2a82 <x86_emulate_memop+0x29f5>
    325e:	89 c0                	mov    %eax,%eax
    3260:	ff 24 c5 00 00 00 00 	jmpq   *0x0(,%rax,8)
			3263: R_X86_64_32S	.rodata+0xf0
    3267:	be 01 00 00 00       	mov    $0x1,%esi
    326c:	e9 84 00 00 00       	jmpq   32f5 <x86_emulate_memop+0x3268>
    3271:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    3278:	00 
    3279:	80 f4 08             	xor    $0x8,%ah
    327c:	48 c1 e8 0b          	shr    $0xb,%rax
    3280:	eb 54                	jmp    32d6 <x86_emulate_memop+0x3249>
    3282:	8a 84 24 48 01 00 00 	mov    0x148(%rsp),%al
    3289:	83 e0 01             	and    $0x1,%eax
    328c:	83 f0 01             	xor    $0x1,%eax
    328f:	eb 1d                	jmp    32ae <x86_emulate_memop+0x3221>
    3291:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    3298:	00 
    3299:	48 83 f0 40          	xor    $0x40,%rax
    329d:	48 c1 e8 06          	shr    $0x6,%rax
    32a1:	eb 33                	jmp    32d6 <x86_emulate_memop+0x3249>
    32a3:	f6 84 24 48 01 00 00 	testb  $0x41,0x148(%rsp)
    32aa:	41 
    32ab:	0f 94 c0             	sete   %al
    32ae:	0f b6 d0             	movzbl %al,%edx
    32b1:	e9 cc f7 ff ff       	jmpq   2a82 <x86_emulate_memop+0x29f5>
    32b6:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    32bd:	00 
    32be:	34 80                	xor    $0x80,%al
    32c0:	48 c1 e8 07          	shr    $0x7,%rax
    32c4:	eb 10                	jmp    32d6 <x86_emulate_memop+0x3249>
    32c6:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    32cd:	00 
    32ce:	48 83 f0 04          	xor    $0x4,%rax
    32d2:	48 c1 e8 02          	shr    $0x2,%rax
    32d6:	89 c2                	mov    %eax,%edx
    32d8:	83 e2 01             	and    $0x1,%edx
    32db:	e9 a2 f7 ff ff       	jmpq   2a82 <x86_emulate_memop+0x29f5>
    32e0:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    32e7:	00 
    32e8:	48 83 f0 40          	xor    $0x40,%rax
    32ec:	48 c1 e8 06          	shr    $0x6,%rax
    32f0:	89 c6                	mov    %eax,%esi
    32f2:	83 e6 01             	and    $0x1,%esi
    32f5:	48 8b 84 24 48 01 00 	mov    0x148(%rsp),%rax
    32fc:	00 
    32fd:	48 89 c2             	mov    %rax,%rdx
    3300:	48 c1 e8 0b          	shr    $0xb,%rax
    3304:	48 c1 ea 07          	shr    $0x7,%rdx
    3308:	48 83 f0 01          	xor    $0x1,%rax
    330c:	48 31 d0             	xor    %rdx,%rax
    330f:	89 f2                	mov    %esi,%edx
    3311:	21 c2                	and    %eax,%edx
    3313:	e9 6a f7 ff ff       	jmpq   2a82 <x86_emulate_memop+0x29f5>
		break;
	case 0xb0 ... 0xb1:	/* cmpxchg */
		/*
		 * Save real source value, then compare EAX against
		 * destination.
		 */
		src.orig_val = src.val;
    3318:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    331f:	00 
		src.val = _regs[VCPU_REGS_RAX];
		emulate_2op_SrcV("cmp", src, dst, _eflags);
    3320:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    3327:	48 89 84 24 20 01 00 	mov    %rax,0x120(%rsp)
    332e:	00 
    332f:	48 8b 44 24 70       	mov    0x70(%rsp),%rax
    3334:	83 fa 01             	cmp    $0x1,%edx
    3337:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    333e:	00 
    333f:	75 4f                	jne    3390 <x86_emulate_memop+0x3303>
    3341:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3348:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    334e:	44 21 04 24          	and    %r8d,(%rsp)
    3352:	9c                   	pushfq 
    3353:	41 f7 d0             	not    %r8d
    3356:	44 21 04 24          	and    %r8d,(%rsp)
    335a:	41 58                	pop    %r8
    335c:	44 09 04 24          	or     %r8d,(%rsp)
    3360:	9d                   	popfq  
    3361:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    3367:	41 f7 d0             	not    %r8d
    336a:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    3371:	00 
    3372:	38 84 24 f8 00 00 00 	cmp    %al,0xf8(%rsp)
    3379:	9c                   	pushfq 
    337a:	41 58                	pop    %r8
    337c:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    3383:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    338a:	00 
    338b:	e9 d7 00 00 00       	jmpq   3467 <x86_emulate_memop+0x33da>
    3390:	83 fa 04             	cmp    $0x4,%edx
    3393:	74 53                	je     33e8 <x86_emulate_memop+0x335b>
    3395:	83 fa 08             	cmp    $0x8,%edx
    3398:	0f 84 8a 00 00 00    	je     3428 <x86_emulate_memop+0x339b>
    339e:	83 fa 02             	cmp    $0x2,%edx
    33a1:	0f 85 c0 00 00 00    	jne    3467 <x86_emulate_memop+0x33da>
    33a7:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    33ae:	ba d5 08 00 00       	mov    $0x8d5,%edx
    33b3:	21 14 24             	and    %edx,(%rsp)
    33b6:	9c                   	pushfq 
    33b7:	f7 d2                	not    %edx
    33b9:	21 14 24             	and    %edx,(%rsp)
    33bc:	5a                   	pop    %rdx
    33bd:	09 14 24             	or     %edx,(%rsp)
    33c0:	9d                   	popfq  
    33c1:	ba d5 08 00 00       	mov    $0x8d5,%edx
    33c6:	f7 d2                	not    %edx
    33c8:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    33cf:	66 39 84 24 f8 00 00 	cmp    %ax,0xf8(%rsp)
    33d6:	00 
    33d7:	9c                   	pushfq 
    33d8:	5a                   	pop    %rdx
    33d9:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    33df:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    33e6:	eb 7f                	jmp    3467 <x86_emulate_memop+0x33da>
    33e8:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    33ef:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    33f4:	21 0c 24             	and    %ecx,(%rsp)
    33f7:	9c                   	pushfq 
    33f8:	f7 d1                	not    %ecx
    33fa:	21 0c 24             	and    %ecx,(%rsp)
    33fd:	59                   	pop    %rcx
    33fe:	09 0c 24             	or     %ecx,(%rsp)
    3401:	9d                   	popfq  
    3402:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    3407:	f7 d1                	not    %ecx
    3409:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    3410:	39 84 24 f8 00 00 00 	cmp    %eax,0xf8(%rsp)
    3417:	9c                   	pushfq 
    3418:	59                   	pop    %rcx
    3419:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    341f:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    3426:	eb 3f                	jmp    3467 <x86_emulate_memop+0x33da>
    3428:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    342f:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    3434:	21 1c 24             	and    %ebx,(%rsp)
    3437:	9c                   	pushfq 
    3438:	f7 d3                	not    %ebx
    343a:	21 1c 24             	and    %ebx,(%rsp)
    343d:	5b                   	pop    %rbx
    343e:	09 1c 24             	or     %ebx,(%rsp)
    3441:	9d                   	popfq  
    3442:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    3447:	f7 d3                	not    %ebx
    3449:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    3450:	48 39 84 24 f8 00 00 	cmp    %rax,0xf8(%rsp)
    3457:	00 
    3458:	9c                   	pushfq 
    3459:	5b                   	pop    %rbx
    345a:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    3460:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
		/* Always write back. The question is: where to? */
		d |= Mov;
		if (_eflags & EFLG_ZF) {
    3467:	f6 84 24 48 01 00 00 	testb  $0x40,0x148(%rsp)
    346e:	40 
    346f:	74 15                	je     3486 <x86_emulate_memop+0x33f9>
			/* Success: write back to memory. */
			dst.val = src.orig_val;
    3471:	48 8b 84 24 20 01 00 	mov    0x120(%rsp),%rax
    3478:	00 
    3479:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    3480:	00 
    3481:	e9 07 f6 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		} else {
			/* Failure: write the value we saw to EAX. */
			dst.type = OP_REG;
			dst.ptr = (unsigned long *)&_regs[VCPU_REGS_RAX];
    3486:	48 8d 44 24 70       	lea    0x70(%rsp),%rax
    348b:	c7 84 24 f0 00 00 00 	movl   $0x0,0xf0(%rsp)
    3492:	00 00 00 00 
    3496:	48 89 84 24 08 01 00 	mov    %rax,0x108(%rsp)
    349d:	00 
    349e:	e9 ea f5 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		}
		break;
	case 0xa3:
	      bt:		/* bt */
		src.val &= (dst.bytes << 3) - 1; /* only subword offset */
    34a3:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    34aa:	8d 04 d5 ff ff ff ff 	lea    0xffffffffffffffff(,%rdx,8),%eax
    34b1:	48 23 84 24 18 01 00 	and    0x118(%rsp),%rax
    34b8:	00 
		emulate_2op_SrcV_nobyte("bt", src, dst, _eflags);
    34b9:	83 fa 04             	cmp    $0x4,%edx
    34bc:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    34c3:	00 
    34c4:	74 57                	je     351d <x86_emulate_memop+0x3490>
    34c6:	83 fa 08             	cmp    $0x8,%edx
    34c9:	0f 84 9e 00 00 00    	je     356d <x86_emulate_memop+0x34e0>
    34cf:	83 fa 02             	cmp    $0x2,%edx
    34d2:	0f 85 b5 f5 ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    34d8:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    34df:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    34e4:	21 2c 24             	and    %ebp,(%rsp)
    34e7:	9c                   	pushfq 
    34e8:	f7 d5                	not    %ebp
    34ea:	21 2c 24             	and    %ebp,(%rsp)
    34ed:	5d                   	pop    %rbp
    34ee:	09 2c 24             	or     %ebp,(%rsp)
    34f1:	9d                   	popfq  
    34f2:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    34f7:	f7 d5                	not    %ebp
    34f9:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    3500:	66 0f a3 84 24 f8 00 	bt     %ax,0xf8(%rsp)
    3507:	00 00 
    3509:	9c                   	pushfq 
    350a:	5d                   	pop    %rbp
    350b:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    3511:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    3518:	e9 70 f5 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    351d:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3524:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    352a:	44 21 04 24          	and    %r8d,(%rsp)
    352e:	9c                   	pushfq 
    352f:	41 f7 d0             	not    %r8d
    3532:	44 21 04 24          	and    %r8d,(%rsp)
    3536:	41 58                	pop    %r8
    3538:	44 09 04 24          	or     %r8d,(%rsp)
    353c:	9d                   	popfq  
    353d:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    3543:	41 f7 d0             	not    %r8d
    3546:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    354d:	00 
    354e:	0f a3 84 24 f8 00 00 	bt     %eax,0xf8(%rsp)
    3555:	00 
    3556:	9c                   	pushfq 
    3557:	41 58                	pop    %r8
    3559:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    3560:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    3567:	00 
    3568:	e9 20 f5 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    356d:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3574:	ba d5 08 00 00       	mov    $0x8d5,%edx
    3579:	21 14 24             	and    %edx,(%rsp)
    357c:	9c                   	pushfq 
    357d:	f7 d2                	not    %edx
    357f:	21 14 24             	and    %edx,(%rsp)
    3582:	5a                   	pop    %rdx
    3583:	09 14 24             	or     %edx,(%rsp)
    3586:	9d                   	popfq  
    3587:	ba d5 08 00 00       	mov    $0x8d5,%edx
    358c:	f7 d2                	not    %edx
    358e:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    3595:	48 0f a3 84 24 f8 00 	bt     %rax,0xf8(%rsp)
    359c:	00 00 
    359e:	9c                   	pushfq 
    359f:	5a                   	pop    %rdx
    35a0:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    35a6:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    35ad:	e9 db f4 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xb3:
	      btr:		/* btr */
		src.val &= (dst.bytes << 3) - 1; /* only subword offset */
    35b2:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    35b9:	8d 04 d5 ff ff ff ff 	lea    0xffffffffffffffff(,%rdx,8),%eax
    35c0:	48 23 84 24 18 01 00 	and    0x118(%rsp),%rax
    35c7:	00 
		emulate_2op_SrcV_nobyte("btr", src, dst, _eflags);
    35c8:	83 fa 04             	cmp    $0x4,%edx
    35cb:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    35d2:	00 
    35d3:	74 57                	je     362c <x86_emulate_memop+0x359f>
    35d5:	83 fa 08             	cmp    $0x8,%edx
    35d8:	0f 84 92 00 00 00    	je     3670 <x86_emulate_memop+0x35e3>
    35de:	83 fa 02             	cmp    $0x2,%edx
    35e1:	0f 85 a6 f4 ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    35e7:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    35ee:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    35f3:	21 0c 24             	and    %ecx,(%rsp)
    35f6:	9c                   	pushfq 
    35f7:	f7 d1                	not    %ecx
    35f9:	21 0c 24             	and    %ecx,(%rsp)
    35fc:	59                   	pop    %rcx
    35fd:	09 0c 24             	or     %ecx,(%rsp)
    3600:	9d                   	popfq  
    3601:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    3606:	f7 d1                	not    %ecx
    3608:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    360f:	66 0f b3 84 24 f8 00 	btr    %ax,0xf8(%rsp)
    3616:	00 00 
    3618:	9c                   	pushfq 
    3619:	59                   	pop    %rcx
    361a:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    3620:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    3627:	e9 61 f4 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    362c:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3633:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    3638:	21 1c 24             	and    %ebx,(%rsp)
    363b:	9c                   	pushfq 
    363c:	f7 d3                	not    %ebx
    363e:	21 1c 24             	and    %ebx,(%rsp)
    3641:	5b                   	pop    %rbx
    3642:	09 1c 24             	or     %ebx,(%rsp)
    3645:	9d                   	popfq  
    3646:	bb d5 08 00 00       	mov    $0x8d5,%ebx
    364b:	f7 d3                	not    %ebx
    364d:	21 9c 24 48 01 00 00 	and    %ebx,0x148(%rsp)
    3654:	0f b3 84 24 f8 00 00 	btr    %eax,0xf8(%rsp)
    365b:	00 
    365c:	9c                   	pushfq 
    365d:	5b                   	pop    %rbx
    365e:	81 e3 d5 08 00 00    	and    $0x8d5,%ebx
    3664:	09 9c 24 48 01 00 00 	or     %ebx,0x148(%rsp)
    366b:	e9 1d f4 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    3670:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3677:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    367c:	21 2c 24             	and    %ebp,(%rsp)
    367f:	9c                   	pushfq 
    3680:	f7 d5                	not    %ebp
    3682:	21 2c 24             	and    %ebp,(%rsp)
    3685:	5d                   	pop    %rbp
    3686:	09 2c 24             	or     %ebp,(%rsp)
    3689:	9d                   	popfq  
    368a:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    368f:	f7 d5                	not    %ebp
    3691:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    3698:	48 0f b3 84 24 f8 00 	btr    %rax,0xf8(%rsp)
    369f:	00 00 
    36a1:	9c                   	pushfq 
    36a2:	5d                   	pop    %rbp
    36a3:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    36a9:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    36b0:	e9 d8 f3 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xab:
	      bts:		/* bts */
		src.val &= (dst.bytes << 3) - 1; /* only subword offset */
    36b5:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    36bc:	8d 04 d5 ff ff ff ff 	lea    0xffffffffffffffff(,%rdx,8),%eax
    36c3:	48 23 84 24 18 01 00 	and    0x118(%rsp),%rax
    36ca:	00 
		emulate_2op_SrcV_nobyte("bts", src, dst, _eflags);
    36cb:	83 fa 04             	cmp    $0x4,%edx
    36ce:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    36d5:	00 
    36d6:	74 63                	je     373b <x86_emulate_memop+0x36ae>
    36d8:	83 fa 08             	cmp    $0x8,%edx
    36db:	0f 84 9e 00 00 00    	je     377f <x86_emulate_memop+0x36f2>
    36e1:	83 fa 02             	cmp    $0x2,%edx
    36e4:	0f 85 a3 f3 ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    36ea:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    36f1:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    36f7:	44 21 04 24          	and    %r8d,(%rsp)
    36fb:	9c                   	pushfq 
    36fc:	41 f7 d0             	not    %r8d
    36ff:	44 21 04 24          	and    %r8d,(%rsp)
    3703:	41 58                	pop    %r8
    3705:	44 09 04 24          	or     %r8d,(%rsp)
    3709:	9d                   	popfq  
    370a:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    3710:	41 f7 d0             	not    %r8d
    3713:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    371a:	00 
    371b:	66 0f ab 84 24 f8 00 	bts    %ax,0xf8(%rsp)
    3722:	00 00 
    3724:	9c                   	pushfq 
    3725:	41 58                	pop    %r8
    3727:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    372e:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    3735:	00 
    3736:	e9 52 f3 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    373b:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3742:	ba d5 08 00 00       	mov    $0x8d5,%edx
    3747:	21 14 24             	and    %edx,(%rsp)
    374a:	9c                   	pushfq 
    374b:	f7 d2                	not    %edx
    374d:	21 14 24             	and    %edx,(%rsp)
    3750:	5a                   	pop    %rdx
    3751:	09 14 24             	or     %edx,(%rsp)
    3754:	9d                   	popfq  
    3755:	ba d5 08 00 00       	mov    $0x8d5,%edx
    375a:	f7 d2                	not    %edx
    375c:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    3763:	0f ab 84 24 f8 00 00 	bts    %eax,0xf8(%rsp)
    376a:	00 
    376b:	9c                   	pushfq 
    376c:	5a                   	pop    %rdx
    376d:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    3773:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    377a:	e9 0e f3 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    377f:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3786:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    378b:	21 0c 24             	and    %ecx,(%rsp)
    378e:	9c                   	pushfq 
    378f:	f7 d1                	not    %ecx
    3791:	21 0c 24             	and    %ecx,(%rsp)
    3794:	59                   	pop    %rcx
    3795:	09 0c 24             	or     %ecx,(%rsp)
    3798:	9d                   	popfq  
    3799:	b9 d5 08 00 00       	mov    $0x8d5,%ecx
    379e:	f7 d1                	not    %ecx
    37a0:	21 8c 24 48 01 00 00 	and    %ecx,0x148(%rsp)
    37a7:	48 0f ab 84 24 f8 00 	bts    %rax,0xf8(%rsp)
    37ae:	00 00 
    37b0:	9c                   	pushfq 
    37b1:	59                   	pop    %rcx
    37b2:	81 e1 d5 08 00 00    	and    $0x8d5,%ecx
    37b8:	09 8c 24 48 01 00 00 	or     %ecx,0x148(%rsp)
    37bf:	e9 c9 f2 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xb6 ... 0xb7:	/* movzx */
		dst.bytes = op_bytes;
		dst.val = (d & ByteOp) ? (u8) src.val : (u16) src.val;
    37c4:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    37c9:	8b 5c 24 6c          	mov    0x6c(%rsp),%ebx
    37cd:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    37d4:	00 
    37d5:	89 9c 24 f4 00 00 00 	mov    %ebx,0xf4(%rsp)
    37dc:	74 05                	je     37e3 <x86_emulate_memop+0x3756>
    37de:	0f b6 c0             	movzbl %al,%eax
    37e1:	eb 03                	jmp    37e6 <x86_emulate_memop+0x3759>
    37e3:	0f b7 c0             	movzwl %ax,%eax
    37e6:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    37ed:	00 
    37ee:	e9 9a f2 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xbb:
	      btc:		/* btc */
		src.val &= (dst.bytes << 3) - 1; /* only subword offset */
    37f3:	8b 94 24 f4 00 00 00 	mov    0xf4(%rsp),%edx
    37fa:	8d 04 d5 ff ff ff ff 	lea    0xffffffffffffffff(,%rdx,8),%eax
    3801:	48 23 84 24 18 01 00 	and    0x118(%rsp),%rax
    3808:	00 
		emulate_2op_SrcV_nobyte("btc", src, dst, _eflags);
    3809:	83 fa 04             	cmp    $0x4,%edx
    380c:	48 89 84 24 18 01 00 	mov    %rax,0x118(%rsp)
    3813:	00 
    3814:	74 57                	je     386d <x86_emulate_memop+0x37e0>
    3816:	83 fa 08             	cmp    $0x8,%edx
    3819:	0f 84 9e 00 00 00    	je     38bd <x86_emulate_memop+0x3830>
    381f:	83 fa 02             	cmp    $0x2,%edx
    3822:	0f 85 65 f2 ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    3828:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    382f:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    3834:	21 2c 24             	and    %ebp,(%rsp)
    3837:	9c                   	pushfq 
    3838:	f7 d5                	not    %ebp
    383a:	21 2c 24             	and    %ebp,(%rsp)
    383d:	5d                   	pop    %rbp
    383e:	09 2c 24             	or     %ebp,(%rsp)
    3841:	9d                   	popfq  
    3842:	bd d5 08 00 00       	mov    $0x8d5,%ebp
    3847:	f7 d5                	not    %ebp
    3849:	21 ac 24 48 01 00 00 	and    %ebp,0x148(%rsp)
    3850:	66 0f bb 84 24 f8 00 	btc    %ax,0xf8(%rsp)
    3857:	00 00 
    3859:	9c                   	pushfq 
    385a:	5d                   	pop    %rbp
    385b:	81 e5 d5 08 00 00    	and    $0x8d5,%ebp
    3861:	09 ac 24 48 01 00 00 	or     %ebp,0x148(%rsp)
    3868:	e9 20 f2 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    386d:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    3874:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    387a:	44 21 04 24          	and    %r8d,(%rsp)
    387e:	9c                   	pushfq 
    387f:	41 f7 d0             	not    %r8d
    3882:	44 21 04 24          	and    %r8d,(%rsp)
    3886:	41 58                	pop    %r8
    3888:	44 09 04 24          	or     %r8d,(%rsp)
    388c:	9d                   	popfq  
    388d:	41 b8 d5 08 00 00    	mov    $0x8d5,%r8d
    3893:	41 f7 d0             	not    %r8d
    3896:	44 21 84 24 48 01 00 	and    %r8d,0x148(%rsp)
    389d:	00 
    389e:	0f bb 84 24 f8 00 00 	btc    %eax,0xf8(%rsp)
    38a5:	00 
    38a6:	9c                   	pushfq 
    38a7:	41 58                	pop    %r8
    38a9:	41 81 e0 d5 08 00 00 	and    $0x8d5,%r8d
    38b0:	44 09 84 24 48 01 00 	or     %r8d,0x148(%rsp)
    38b7:	00 
    38b8:	e9 d0 f1 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    38bd:	ff b4 24 48 01 00 00 	pushq  0x148(%rsp)
    38c4:	ba d5 08 00 00       	mov    $0x8d5,%edx
    38c9:	21 14 24             	and    %edx,(%rsp)
    38cc:	9c                   	pushfq 
    38cd:	f7 d2                	not    %edx
    38cf:	21 14 24             	and    %edx,(%rsp)
    38d2:	5a                   	pop    %rdx
    38d3:	09 14 24             	or     %edx,(%rsp)
    38d6:	9d                   	popfq  
    38d7:	ba d5 08 00 00       	mov    $0x8d5,%edx
    38dc:	f7 d2                	not    %edx
    38de:	21 94 24 48 01 00 00 	and    %edx,0x148(%rsp)
    38e5:	48 0f bb 84 24 f8 00 	btc    %rax,0xf8(%rsp)
    38ec:	00 00 
    38ee:	9c                   	pushfq 
    38ef:	5a                   	pop    %rdx
    38f0:	81 e2 d5 08 00 00    	and    $0x8d5,%edx
    38f6:	09 94 24 48 01 00 00 	or     %edx,0x148(%rsp)
    38fd:	e9 8b f1 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	case 0xba:		/* Grp8 */
		switch (modrm_reg & 3) {
    3902:	8a 44 24 20          	mov    0x20(%rsp),%al
    3906:	83 e0 03             	and    $0x3,%eax
    3909:	83 f8 01             	cmp    $0x1,%eax
    390c:	0f 84 a3 fd ff ff    	je     36b5 <x86_emulate_memop+0x3628>
    3912:	7f 0d                	jg     3921 <x86_emulate_memop+0x3894>
    3914:	85 c0                	test   %eax,%eax
    3916:	0f 84 87 fb ff ff    	je     34a3 <x86_emulate_memop+0x3416>
    391c:	e9 6c f1 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
    3921:	83 f8 02             	cmp    $0x2,%eax
    3924:	0f 84 88 fc ff ff    	je     35b2 <x86_emulate_memop+0x3525>
    392a:	83 f8 03             	cmp    $0x3,%eax
    392d:	0f 85 5a f1 ff ff    	jne    2a8d <x86_emulate_memop+0x2a00>
    3933:	e9 bb fe ff ff       	jmpq   37f3 <x86_emulate_memop+0x3766>
		case 0:
			goto bt;
		case 1:
			goto bts;
		case 2:
			goto btr;
		case 3:
			goto btc;
		}
		break;
	case 0xbe ... 0xbf:	/* movsx */
		dst.bytes = op_bytes;
		dst.val = (d & ByteOp) ? (s8) src.val : (s16) src.val;
    3938:	f6 44 24 18 01       	testb  $0x1,0x18(%rsp)
    393d:	8b 4c 24 6c          	mov    0x6c(%rsp),%ecx
    3941:	48 8b 84 24 18 01 00 	mov    0x118(%rsp),%rax
    3948:	00 
    3949:	89 8c 24 f4 00 00 00 	mov    %ecx,0xf4(%rsp)
    3950:	74 06                	je     3958 <x86_emulate_memop+0x38cb>
    3952:	48 0f be c0          	movsbq %al,%rax
    3956:	eb 04                	jmp    395c <x86_emulate_memop+0x38cf>
    3958:	48 0f bf c0          	movswq %ax,%rax
    395c:	48 89 84 24 f8 00 00 	mov    %rax,0xf8(%rsp)
    3963:	00 
    3964:	e9 24 f1 ff ff       	jmpq   2a8d <x86_emulate_memop+0x2a00>
		break;
	}
	goto writeback;

twobyte_special_insn:
	/* Disable writeback. */
	no_wb = 1;
	switch (b) {
    3969:	40 80 fd 22          	cmp    $0x22,%bpl
    396d:	74 69                	je     39d8 <x86_emulate_memop+0x394b>
    396f:	77 12                	ja     3983 <x86_emulate_memop+0x38f6>
    3971:	40 80 fd 06          	cmp    $0x6,%bpl
    3975:	74 2b                	je     39a2 <x86_emulate_memop+0x3915>
    3977:	40 80 fd 20          	cmp    $0x20,%bpl
    397b:	0f 85 ed f1 ff ff    	jne    2b6e <x86_emulate_memop+0x2ae1>
    3981:	eb 2d                	jmp    39b0 <x86_emulate_memop+0x3923>
    3983:	40 80 fd 32          	cmp    $0x32,%bpl
    3987:	0f 84 a6 00 00 00    	je     3a33 <x86_emulate_memop+0x39a6>
    398d:	40 80 fd c7          	cmp    $0xc7,%bpl
    3991:	0f 84 00 01 00 00    	je     3a97 <x86_emulate_memop+0x3a0a>
    3997:	40 80 fd 30          	cmp    $0x30,%bpl
    399b:	74 64                	je     3a01 <x86_emulate_memop+0x3974>
    399d:	e9 cc f1 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
	case 0x09:		/* wbinvd */
		break;
	case 0x0d:		/* GrpP (prefetch) */
	case 0x18:		/* Grp16 (prefetch/nop) */
		break;
	case 0x06:
		emulate_clts(ctxt->vcpu);
    39a2:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    39a6:	e8 00 00 00 00       	callq  39ab <x86_emulate_memop+0x391e>
			39a7: R_X86_64_PC32	emulate_clts+0xfffffffffffffffc
    39ab:	e9 be f1 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
		break;
	case 0x20: /* mov cr, reg */
		if (modrm_mod != 3)
    39b0:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    39b5:	0f 85 96 01 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
			goto cannot_emulate;
		_regs[modrm_rm] = realmode_get_cr(ctxt->vcpu, modrm_reg);
    39bb:	0f b6 74 24 20       	movzbl 0x20(%rsp),%esi
    39c0:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    39c4:	e8 00 00 00 00       	callq  39c9 <x86_emulate_memop+0x393c>
			39c5: R_X86_64_PC32	realmode_get_cr+0xfffffffffffffffc
    39c9:	0f b6 54 24 3f       	movzbl 0x3f(%rsp),%edx
    39ce:	48 89 44 d4 70       	mov    %rax,0x70(%rsp,%rdx,8)
    39d3:	e9 96 f1 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
		break;
	case 0x22: /* mov reg, cr */
		if (modrm_mod != 3)
    39d8:	80 7c 24 1f 03       	cmpb   $0x3,0x1f(%rsp)
    39dd:	0f 85 6e 01 00 00    	jne    3b51 <x86_emulate_memop+0x3ac4>
			goto cannot_emulate;
		realmode_set_cr(ctxt->vcpu, modrm_reg, modrm_val, &_eflags);
    39e3:	0f b6 74 24 20       	movzbl 0x20(%rsp),%esi
    39e8:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    39ec:	48 8d 8c 24 48 01 00 	lea    0x148(%rsp),%rcx
    39f3:	00 
    39f4:	4c 89 f2             	mov    %r14,%rdx
    39f7:	e8 00 00 00 00       	callq  39fc <x86_emulate_memop+0x396f>
			39f8: R_X86_64_PC32	realmode_set_cr+0xfffffffffffffffc
    39fc:	e9 6d f1 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
		break;
	case 0x30:
		/* wrmsr */
		msr_data = (u32)_regs[VCPU_REGS_RAX]
    3a01:	8b 54 24 70          	mov    0x70(%rsp),%edx
    3a05:	48 8b 84 24 80 00 00 	mov    0x80(%rsp),%rax
    3a0c:	00 
			| ((u64)_regs[VCPU_REGS_RDX] << 32);
		rc = kvm_set_msr(ctxt->vcpu, _regs[VCPU_REGS_RCX], msr_data);
    3a0d:	8b 74 24 78          	mov    0x78(%rsp),%esi
    3a11:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    3a15:	48 c1 e0 20          	shl    $0x20,%rax
    3a19:	48 09 c2             	or     %rax,%rdx
    3a1c:	48 89 94 24 58 01 00 	mov    %rdx,0x158(%rsp)
    3a23:	00 
    3a24:	e8 00 00 00 00       	callq  3a29 <x86_emulate_memop+0x399c>
			3a25: R_X86_64_PC32	kvm_set_msr+0xfffffffffffffffc
		if (rc) {
    3a29:	85 c0                	test   %eax,%eax
    3a2b:	0f 84 45 01 00 00    	je     3b76 <x86_emulate_memop+0x3ae9>
    3a31:	eb 19                	jmp    3a4c <x86_emulate_memop+0x39bf>
			kvm_arch_ops->inject_gp(ctxt->vcpu, 0);
			_eip = ctxt->vcpu->rip;
		}
		rc = X86EMUL_CONTINUE;
		break;
	case 0x32:
		/* rdmsr */
		rc = kvm_get_msr(ctxt->vcpu, _regs[VCPU_REGS_RCX], &msr_data);
    3a33:	8b 74 24 78          	mov    0x78(%rsp),%esi
    3a37:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    3a3b:	48 8d 94 24 58 01 00 	lea    0x158(%rsp),%rdx
    3a42:	00 
    3a43:	e8 00 00 00 00       	callq  3a48 <x86_emulate_memop+0x39bb>
			3a44: R_X86_64_PC32	kvm_get_msr+0xfffffffffffffffc
		if (rc) {
    3a48:	85 c0                	test   %eax,%eax
    3a4a:	74 2b                	je     3a77 <x86_emulate_memop+0x39ea>
			kvm_arch_ops->inject_gp(ctxt->vcpu, 0);
    3a4c:	48 8b 05 00 00 00 00 	mov    0(%rip),%rax        # 3a53 <x86_emulate_memop+0x39c6>
			3a4f: R_X86_64_PC32	kvm_arch_ops+0xfffffffffffffffc
    3a53:	31 f6                	xor    %esi,%esi
    3a55:	49 8b 7d 00          	mov    0x0(%r13),%rdi
    3a59:	ff 90 20 01 00 00    	callq  *0x120(%rax)
			_eip = ctxt->vcpu->rip;
    3a5f:	49 8b 45 00          	mov    0x0(%r13),%rax
    3a63:	48 8b 80 00 01 00 00 	mov    0x100(%rax),%rax
    3a6a:	48 89 84 24 50 01 00 	mov    %rax,0x150(%rsp)
    3a71:	00 
    3a72:	e9 f7 f0 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
		} else {
			_regs[VCPU_REGS_RAX] = (u32)msr_data;
    3a77:	48 8b 84 24 58 01 00 	mov    0x158(%rsp),%rax
    3a7e:	00 
    3a7f:	89 c3                	mov    %eax,%ebx
			_regs[VCPU_REGS_RDX] = msr_data >> 32;
    3a81:	48 c1 e8 20          	shr    $0x20,%rax
    3a85:	48 89 5c 24 70       	mov    %rbx,0x70(%rsp)
    3a8a:	48 89 84 24 80 00 00 	mov    %rax,0x80(%rsp)
    3a91:	00 
    3a92:	e9 df 00 00 00       	jmpq   3b76 <x86_emulate_memop+0x3ae9>
		}
		rc = X86EMUL_CONTINUE;
		break;
	case 0xc7:		/* Grp9 (cmpxchg8b) */
		{
			u64 old, new;
			if ((rc = ops->read_emulated(cr2, &old, 8, ctxt)) != 0)
    3a97:	48 8b 2c 24          	mov    (%rsp),%rbp
    3a9b:	48 8d 9c 24 40 01 00 	lea    0x140(%rsp),%rbx
    3aa2:	00 
    3aa3:	4c 89 e9             	mov    %r13,%rcx
    3aa6:	ba 08 00 00 00       	mov    $0x8,%edx
    3aab:	4c 89 e7             	mov    %r12,%rdi
    3aae:	48 89 de             	mov    %rbx,%rsi
    3ab1:	ff 55 10             	callq  *0x10(%rbp)
    3ab4:	85 c0                	test   %eax,%eax
    3ab6:	41 89 c7             	mov    %eax,%r15d
    3ab9:	0f 85 e5 f0 ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
				goto done;
			if (((u32) (old >> 0) != (u32) _regs[VCPU_REGS_RAX]) ||
    3abf:	48 8b 94 24 40 01 00 	mov    0x140(%rsp),%rdx
    3ac6:	00 
    3ac7:	3b 54 24 70          	cmp    0x70(%rsp),%edx
    3acb:	89 d1                	mov    %edx,%ecx
    3acd:	75 10                	jne    3adf <x86_emulate_memop+0x3a52>
    3acf:	48 89 d0             	mov    %rdx,%rax
    3ad2:	48 c1 e8 20          	shr    $0x20,%rax
    3ad6:	39 84 24 80 00 00 00 	cmp    %eax,0x80(%rsp)
    3add:	74 21                	je     3b00 <x86_emulate_memop+0x3a73>
			    ((u32) (old >> 32) != (u32) _regs[VCPU_REGS_RDX])) {
				_regs[VCPU_REGS_RAX] = (u32) (old >> 0);
				_regs[VCPU_REGS_RDX] = (u32) (old >> 32);
				_eflags &= ~EFLG_ZF;
    3adf:	48 83 a4 24 48 01 00 	andq   $0xffffffffffffffbf,0x148(%rsp)
    3ae6:	00 bf 
    3ae8:	89 c9                	mov    %ecx,%ecx
    3aea:	48 c1 ea 20          	shr    $0x20,%rdx
    3aee:	48 89 4c 24 70       	mov    %rcx,0x70(%rsp)
    3af3:	48 89 94 24 80 00 00 	mov    %rdx,0x80(%rsp)
    3afa:	00 
    3afb:	e9 6e f0 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
			} else {
				new = ((u64)_regs[VCPU_REGS_RCX] << 32)
    3b00:	8b 84 24 88 00 00 00 	mov    0x88(%rsp),%eax
    3b07:	48 8b 54 24 78       	mov    0x78(%rsp),%rdx
					| (u32) _regs[VCPU_REGS_RBX];
				if ((rc = ops->cmpxchg_emulated(cr2, &old,
    3b0c:	48 89 de             	mov    %rbx,%rsi
    3b0f:	48 8b 1c 24          	mov    (%rsp),%rbx
    3b13:	4d 89 e8             	mov    %r13,%r8
    3b16:	b9 08 00 00 00       	mov    $0x8,%ecx
    3b1b:	4c 89 e7             	mov    %r12,%rdi
    3b1e:	48 c1 e2 20          	shl    $0x20,%rdx
    3b22:	48 09 d0             	or     %rdx,%rax
    3b25:	48 8d 94 24 38 01 00 	lea    0x138(%rsp),%rdx
    3b2c:	00 
    3b2d:	48 89 84 24 38 01 00 	mov    %rax,0x138(%rsp)
    3b34:	00 
    3b35:	ff 53 20             	callq  *0x20(%rbx)
    3b38:	85 c0                	test   %eax,%eax
    3b3a:	41 89 c7             	mov    %eax,%r15d
    3b3d:	0f 85 61 f0 ff ff    	jne    2ba4 <x86_emulate_memop+0x2b17>
							  &new, 8, ctxt)) != 0)
					goto done;
				_eflags |= EFLG_ZF;
    3b43:	48 83 8c 24 48 01 00 	orq    $0x40,0x148(%rsp)
    3b4a:	00 40 
    3b4c:	e9 1d f0 ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
    3b51:	83 c8 ff             	or     $0xffffffffffffffff,%eax
    3b54:	eb 28                	jmp    3b7e <x86_emulate_memop+0x3af1>
    3b56:	c7 84 24 14 01 00 00 	movl   $0x1,0x114(%rsp)
    3b5d:	01 00 00 00 
    3b61:	e9 2b ce ff ff       	jmpq   991 <x86_emulate_memop+0x904>
    3b66:	c7 84 24 14 01 00 00 	movl   $0x1,0x114(%rsp)
    3b6d:	01 00 00 00 
    3b71:	e9 ad e9 ff ff       	jmpq   2523 <x86_emulate_memop+0x2496>
    3b76:	45 31 ff             	xor    %r15d,%r15d
    3b79:	e9 f0 ef ff ff       	jmpq   2b6e <x86_emulate_memop+0x2ae1>
			}
			break;
		}
	}
	goto writeback;

cannot_emulate:
	DPRINTF("Cannot emulate %02x\n", b);
	return -1;
}
    3b7e:	48 81 c4 68 01 00 00 	add    $0x168,%rsp
    3b85:	5b                   	pop    %rbx
    3b86:	5d                   	pop    %rbp
    3b87:	41 5c                	pop    %r12
    3b89:	41 5d                	pop    %r13
    3b8b:	41 5e                	pop    %r14
    3b8d:	41 5f                	pop    %r15
    3b8f:	c3                   	retq   

--------------000401090306010900050309
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
--------------000401090306010900050309
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
kvm-devel mailing list
kvm-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
https://lists.sourceforge.net/lists/listinfo/kvm-devel

--------------000401090306010900050309--