Added detailed comments to test files explaining x86 encoding special cases: 1) Mod=00 and R/M=101 (EBP) for displacement-only addressing, 2) Mod=00 and R/M=100 (ESP) for SIB byte requirement, 3) SIB byte with EBP as base register special cases

X86DisassemblerTests/TestData/call_tests.csv

@@ -23,7 +23,12 @@ FF10;[{ "Type": "Call", "Operands": ["dword ptr [eax]"] }]
 FF11;[{ "Type": "Call", "Operands": ["dword ptr [ecx]"] }]
 FF12;[{ "Type": "Call", "Operands": ["dword ptr [edx]"] }]
 FF13;[{ "Type": "Call", "Operands": ["dword ptr [ebx]"] }]
-# TODO: these are not recognized by ghidra, but these seem to be valid x86 instructions. 
+# SPECIAL CASES in x86 encoding:
+# 1. When Mod=00 and R/M=100 (ESP), a SIB byte is required. The instruction FF14 is invalid because
+#    it's missing the required SIB byte. The correct encoding would use a SIB byte (e.g., FF1424).
+# 2. When Mod=00 and R/M=101 (EBP), this doesn't actually refer to [EBP] but instead indicates
+#    a 32-bit displacement-only addressing mode. The correct encoding for "Call [disp32]" would be
+#    FF1578563412 which is "Call dword ptr [0x12345678]"
 # FF14;[{ "Type": "Call", "Operands": ["dword ptr [esp]"] }]
 # FF15;[{ "Type": "Call", "Operands": ["dword ptr [ebp]"] }]
 FF16;[{ "Type": "Call", "Operands": ["dword ptr [esi]"] }]
@@ -33,11 +38,17 @@ FF17;[{ "Type": "Call", "Operands": ["dword ptr [edi]"] }]
 FF1400;[{ "Type": "Call", "Operands": ["dword ptr [eax+eax*1]"] }]
 FF14C0;[{ "Type": "Call", "Operands": ["dword ptr [eax+eax*8]"] }]
 FF1444;[{ "Type": "Call", "Operands": ["dword ptr [esp+eax*2]"] }]
-# not recognized neither by ghidra nor online disasms
+# SPECIAL CASE: SIB byte with EBP as base register
+# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
+# Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case).
+# This instruction is commented out because it's not correctly recognized by many disassemblers.
 # FF1485;[{ "Type": "Call", "Operands": ["dword ptr [ebp+eax*4]"] }]
 FF1498;[{ "Type": "Call", "Operands": ["dword ptr [eax+ebx*4]"] }]
 FF14D9;[{ "Type": "Call", "Operands": ["dword ptr [ecx+ebx*8]"] }]
-# not recognized neither by ghidra nor online disasms
+# SPECIAL CASE: Another SIB byte with EBP as base register
+# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
+# Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case).
+# This instruction is commented out because it's not correctly recognized by many disassemblers.
 # FF149D;[{ "Type": "Call", "Operands": ["dword ptr [ebp+ebx*4]"] }]
 
 # CALL m32 (opcode FF /2) with displacement

X86DisassemblerTests/TestData/jmp_tests.csv

@@ -27,6 +27,9 @@ FF22;[{ "Type": "Jmp", "Operands": ["dword ptr [edx]"] }]
 FF23;[{ "Type": "Jmp", "Operands": ["dword ptr [ebx]"] }]
 FF24;[{ "Type": "Jmp", "Operands": ["dword ptr [esp]"] }]
 
+# SPECIAL CASE: When Mod=00 and R/M=101 (EBP), this doesn't actually refer to [EBP].
+# Instead, it's a special case that indicates a 32-bit displacement-only addressing mode.
+# The correct encoding for this would be FF2578563412 which is "Jmp dword ptr [0x12345678]"
 # FF25;[{ "Type": "Jmp", "Operands": ["dword ptr [ebp]"] }]
 FF26;[{ "Type": "Jmp", "Operands": ["dword ptr [esi]"] }]
 FF27;[{ "Type": "Jmp", "Operands": ["dword ptr [edi]"] }]
@@ -42,7 +45,11 @@ FF6610;[{ "Type": "Jmp", "Operands": ["dword ptr [esi+0x10]"] }]
 FF6710;[{ "Type": "Jmp", "Operands": ["dword ptr [edi+0x10]"] }]
 
 # JMP m32 (opcode FF /4) with SIB byte
-# not recognized by ghidra or online disasms
+# SPECIAL CASE: These SIB encodings with EBP as base register have special rules.
+# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
+# Instead, a 32-bit displacement follows the SIB byte (similar to the Mod=00, R/M=101 special case).
+# These instructions are commented out because they're not correctly recognized by many disassemblers,
+# including Ghidra and online disassemblers, due to their unusual encoding.
 # FF24C5;[{ "Type": "Jmp", "Operands": ["dword ptr [eax*8+ebp]"] }]
 # FF24CD;[{ "Type": "Jmp", "Operands": ["dword ptr [ecx*8+ebp]"] }]
 # FF24D5;[{ "Type": "Jmp", "Operands": ["dword ptr [edx*8+ebp]"] }]