diff --git a/X86Disassembler/X86/Handlers/Add/AddEaxImmHandler.cs b/X86Disassembler/X86/Handlers/Add/AddEaxImmHandler.cs
index 87c111d..9908765 100644
--- a/X86Disassembler/X86/Handlers/Add/AddEaxImmHandler.cs
+++ b/X86Disassembler/X86/Handlers/Add/AddEaxImmHandler.cs
@@ -23,7 +23,14 @@ public class AddEaxImmHandler : InstructionHandler
/// True if this handler can decode the opcode
public override bool CanHandle(byte opcode)
{
- return opcode == 0x05;
+ // ADD EAX, imm32 is encoded as 0x05 without 0x66 prefix
+ if (opcode != 0x05)
+ {
+ return false;
+ }
+
+ // Only handle when the operand size prefix is NOT present
+ return !Decoder.HasOperandSizePrefix();
}
///
diff --git a/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs b/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs
index a4adc08..6f83641 100644
--- a/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs
+++ b/X86Disassembler/X86/Handlers/And/AndEaxImmHandler.cs
@@ -23,7 +23,14 @@ public class AndEaxImmHandler : InstructionHandler
/// True if this handler can decode the opcode
public override bool CanHandle(byte opcode)
{
- return opcode == 0x25;
+ // AND EAX, imm32 is encoded as 0x25 without 0x66 prefix
+ if (opcode != 0x25)
+ {
+ return false;
+ }
+
+ // Only handle when the operand size prefix is NOT present
+ return !Decoder.HasOperandSizePrefix();
}
///
diff --git a/X86Disassembler/X86/Handlers/Idiv/IdivRm32Handler.cs b/X86Disassembler/X86/Handlers/Idiv/IdivRm32Handler.cs
index 70ad49b..c94df86 100644
--- a/X86Disassembler/X86/Handlers/Idiv/IdivRm32Handler.cs
+++ b/X86Disassembler/X86/Handlers/Idiv/IdivRm32Handler.cs
@@ -23,16 +23,19 @@ public class IdivRm32Handler : InstructionHandler
/// True if this handler can decode the opcode
public override bool CanHandle(byte opcode)
{
+ // IDIV r/m32 is encoded as 0xF7 with reg field 7
if (opcode != 0xF7)
return false;
- // Check if the reg field of the ModR/M byte is 7 (IDIV)
+ // Check if we can read the ModR/M byte
if (!Decoder.CanReadByte())
return false;
+ // Check if the reg field of the ModR/M byte is 7 (IDIV)
var reg = ModRMDecoder.PeakModRMReg();
- return reg == 7; // 7 = IDIV
+ // reg = 7 means IDIV operation
+ return reg == 7;
}
///
@@ -54,7 +57,13 @@ public class IdivRm32Handler : InstructionHandler
// Read the ModR/M byte
// For IDIV r/m32 (0xF7 /7):
// - The r/m field with mod specifies the operand (register or memory)
- var (_, _, _, operand) = ModRMDecoder.ReadModRM();
+ var (mod, reg, rm, operand) = ModRMDecoder.ReadModRM();
+
+ // Verify that the reg field is 7 (IDIV)
+ if (reg != RegisterIndex.Di)
+ {
+ return false;
+ }
// Set the structured operands
// IDIV has only one operand
diff --git a/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs b/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
index 0c42183..f46b081 100644
--- a/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
+++ b/X86Disassembler/X86/Handlers/InstructionHandlerFactory.cs
@@ -80,21 +80,22 @@ public class InstructionHandlerFactory
RegisterImulHandlers(); // IMUL instructions
RegisterDivHandlers(); // DIV instructions
RegisterIdivHandlers(); // IDIV instructions
- RegisterDataTransferHandlers();
- RegisterJumpHandlers();
- RegisterCallHandlers();
- RegisterReturnHandlers();
- RegisterDecHandlers();
+ RegisterDataTransferHandlers(); // MOV, MOVZX, MOVSX
+ RegisterJumpHandlers(); // JMP instructions
+ RegisterCallHandlers(); // CALL instructions
+ RegisterReturnHandlers(); // RET instructions
+ RegisterDecHandlers(); // DEC instructions
RegisterIncHandlers(); // INC/DEC handlers after Group 1 handlers
- RegisterPushHandlers();
- RegisterPopHandlers();
- RegisterLeaHandlers();
- RegisterFloatingPointHandlers();
- RegisterStringHandlers();
- RegisterMovHandlers();
+ RegisterPushHandlers(); // PUSH instructions
+ RegisterPopHandlers(); // POP instructions
+ RegisterLeaHandlers(); // LEA instructions
+ RegisterFloatingPointHandlers(); // FPU instructions
+ RegisterStringHandlers(); // String instructions
+ RegisterMovHandlers(); // MOV instructions
RegisterSubHandlers(); // Register SUB handlers
RegisterNopHandlers(); // Register NOP handlers
RegisterBitHandlers(); // Register bit manipulation handlers
+ RegisterAndHandlers(); // Register AND handlers
}
///
@@ -168,9 +169,9 @@ public class InstructionHandlerFactory
_handlers.Add(new JmpRm32Handler(_decoder)); // JMP r/m32 (opcode FF /4)
// Conditional jump handlers
- _handlers.Add(new JgeRel8Handler(_decoder));
- _handlers.Add(new ConditionalJumpHandler(_decoder));
- _handlers.Add(new TwoByteConditionalJumpHandler(_decoder));
+ _handlers.Add(new JgeRel8Handler(_decoder)); // JGE rel8 (opcode 0F 8D)
+ _handlers.Add(new ConditionalJumpHandler(_decoder)); // Short conditional jumps
+ _handlers.Add(new TwoByteConditionalJumpHandler(_decoder)); // Long conditional jumps
}
///
@@ -179,12 +180,12 @@ public class InstructionHandlerFactory
private void RegisterTestHandlers()
{
// TEST handlers
- _handlers.Add(new TestImmWithRm32Handler(_decoder));
- _handlers.Add(new TestImmWithRm8Handler(_decoder));
- _handlers.Add(new TestRegMem8Handler(_decoder));
- _handlers.Add(new TestRegMemHandler(_decoder));
- _handlers.Add(new TestAlImmHandler(_decoder));
- _handlers.Add(new TestEaxImmHandler(_decoder));
+ _handlers.Add(new TestImmWithRm32Handler(_decoder)); // TEST r/m32, imm32 (opcode A9)
+ _handlers.Add(new TestImmWithRm8Handler(_decoder)); // TEST r/m8, imm8 (opcode F6 /0)
+ _handlers.Add(new TestRegMem8Handler(_decoder)); // TEST r8, r/m8 (opcode 84 /0)
+ _handlers.Add(new TestRegMemHandler(_decoder)); // TEST r32, r/m32 (opcode 85 /0)
+ _handlers.Add(new TestAlImmHandler(_decoder)); // TEST AL, imm8 (opcode A8)
+ _handlers.Add(new TestEaxImmHandler(_decoder)); // TEST EAX, imm32 (opcode A9)
}
///
@@ -243,7 +244,7 @@ public class InstructionHandlerFactory
private void RegisterLeaHandlers()
{
// Add Lea handlers
- _handlers.Add(new LeaR32MHandler(_decoder));
+ _handlers.Add(new LeaR32MHandler(_decoder)); // LEA r32, m (opcode 8D)
}
///
@@ -252,21 +253,21 @@ public class InstructionHandlerFactory
private void RegisterCmpHandlers()
{
// Add Cmp handlers for 32-bit operands
- _handlers.Add(new CmpR32Rm32Handler(_decoder));
- _handlers.Add(new CmpRm32R32Handler(_decoder));
+ _handlers.Add(new CmpR32Rm32Handler(_decoder)); // CMP r32, r/m32 (opcode 3B)
+ _handlers.Add(new CmpRm32R32Handler(_decoder)); // CMP r/m32, r32 (opcode 39)
// Add Cmp handlers for 8-bit operands
_handlers.Add(new CmpRm8R8Handler(_decoder)); // CMP r/m8, r8 (opcode 38)
_handlers.Add(new CmpR8Rm8Handler(_decoder)); // CMP r8, r/m8 (opcode 3A)
// Add Cmp handlers for immediate operands
- _handlers.Add(new CmpImmWithRm8Handler(_decoder));
+ _handlers.Add(new CmpImmWithRm8Handler(_decoder)); // CMP r/m8, imm8 (opcode 80 /7)
_handlers.Add(new CmpAlImmHandler(_decoder)); // CMP AL, imm8 (opcode 3C)
_handlers.Add(new CmpEaxImmHandler(_decoder)); // CMP EAX, imm32 (opcode 3D)
// Add CMP immediate handlers from ArithmeticImmediate namespace
- _handlers.Add(new CmpImmWithRm32Handler(_decoder));
- _handlers.Add(new CmpImmWithRm32SignExtendedHandler(_decoder));
+ _handlers.Add(new CmpImmWithRm32Handler(_decoder)); // CMP r/m32, imm32 (opcode 81 /7)
+ _handlers.Add(new CmpImmWithRm32SignExtendedHandler(_decoder)); // CMP r/m32, imm8 (opcode 83 /7)
}
///
@@ -275,7 +276,9 @@ public class InstructionHandlerFactory
private void RegisterDecHandlers()
{
// Add Dec handlers
- _handlers.Add(new DecRegHandler(_decoder));
+ _handlers.Add(new DecRegHandler(_decoder)); // DEC r/m8 (opcode FE)
+
+ // _handlers.Add(new DecMem8Handler(_decoder)); // DEC r/m16 (opcode FF /1) and DEC r/m32 (opcode FF /1)
}
///
@@ -284,7 +287,9 @@ public class InstructionHandlerFactory
private void RegisterIncHandlers()
{
// Add Inc handlers
- _handlers.Add(new IncRegHandler(_decoder));
+ _handlers.Add(new IncRegHandler(_decoder)); // INC r/m8 (opcode FE)
+
+ // _handlers.Add(new IncMem8Handler(_decoder)); // INC r/m16 (opcode FF /0) and INC r/m32 (opcode FF /0)
}
///
@@ -295,7 +300,8 @@ public class InstructionHandlerFactory
// Add ADD register-to-register handlers (32-bit)
_handlers.Add(new AddR32Rm32Handler(_decoder)); // ADD r32, r/m32 (opcode 03)
_handlers.Add(new AddRm32R32Handler(_decoder)); // ADD r/m32, r32 (opcode 01)
- _handlers.Add(new AddEaxImmHandler(_decoder)); // ADD EAX, imm32 (opcode 05)
+ _handlers.Add(new AddEaxImmHandler(_decoder)); // ADD EAX, imm32 (opcode 05 without 0x66 prefix)
+ _handlers.Add(new AddAxImmHandler(_decoder)); // ADD AX, imm16 (opcode 05 with 0x66 prefix)
// Add ADD register-to-register handlers (16-bit)
_handlers.Add(new AddR16Rm16Handler(_decoder)); // ADD r16, r/m16 (opcode 03 with 0x66 prefix)
@@ -320,17 +326,17 @@ public class InstructionHandlerFactory
private void RegisterDataTransferHandlers()
{
// Add MOV handlers
- _handlers.Add(new MovRegMemHandler(_decoder));
- _handlers.Add(new MovMemRegHandler(_decoder));
- _handlers.Add(new MovRegImm32Handler(_decoder));
- _handlers.Add(new MovRegImm8Handler(_decoder));
- _handlers.Add(new MovEaxMoffsHandler(_decoder));
- _handlers.Add(new MovMoffsEaxHandler(_decoder));
- _handlers.Add(new MovRm32Imm32Handler(_decoder));
- _handlers.Add(new MovRm8Imm8Handler(_decoder));
+ _handlers.Add(new MovRegMemHandler(_decoder)); // MOV r32, r/m32 (opcode 8B)
+ _handlers.Add(new MovMemRegHandler(_decoder)); // MOV r/m32, r32 (opcode 89)
+ _handlers.Add(new MovRegImm32Handler(_decoder)); // MOV r32, imm32 (opcode B8 + register)
+ _handlers.Add(new MovRegImm8Handler(_decoder)); // MOV r32, imm8 (opcode B0 + register)
+ _handlers.Add(new MovEaxMoffsHandler(_decoder)); // MOV EAX, moffs32 (opcode A1)
+ _handlers.Add(new MovMoffsEaxHandler(_decoder)); // MOV moffs32, EAX (opcode A3)
+ _handlers.Add(new MovRm32Imm32Handler(_decoder)); // MOV r/m32, imm32 (opcode C7 /0)
+ _handlers.Add(new MovRm8Imm8Handler(_decoder)); // MOV r/m8, imm8 (opcode C6 /0)
// Add XCHG handlers
- _handlers.Add(new XchgEaxRegHandler(_decoder));
+ _handlers.Add(new XchgEaxRegHandler(_decoder)); // XCHG EAX, r32 (opcode 90 + register)
}
///
@@ -339,15 +345,15 @@ public class InstructionHandlerFactory
private void RegisterFloatingPointHandlers()
{
// Add Floating Point handlers
- _handlers.Add(new FnstswHandler(_decoder));
- _handlers.Add(new Float32OperationHandler(_decoder));
- _handlers.Add(new LoadStoreControlHandler(_decoder));
- _handlers.Add(new Int32OperationHandler(_decoder));
- _handlers.Add(new LoadStoreInt32Handler(_decoder));
- _handlers.Add(new Float64OperationHandler(_decoder));
- _handlers.Add(new LoadStoreFloat64Handler(_decoder));
- _handlers.Add(new Int16OperationHandler(_decoder));
- _handlers.Add(new LoadStoreInt16Handler(_decoder));
+ _handlers.Add(new FnstswHandler(_decoder)); // FSTSW (opcode DF /7)
+ _handlers.Add(new Float32OperationHandler(_decoder)); // Floating Point operations on 32-bit values
+ _handlers.Add(new LoadStoreControlHandler(_decoder)); // Load and store control words (opcode D9 /0)
+ _handlers.Add(new Int32OperationHandler(_decoder)); // Integer operations on 32-bit values
+ _handlers.Add(new LoadStoreInt32Handler(_decoder)); // Load and store 32-bit values
+ _handlers.Add(new Float64OperationHandler(_decoder)); // Floating Point operations on 64-bit values
+ _handlers.Add(new LoadStoreFloat64Handler(_decoder)); // Load and store 64-bit values
+ _handlers.Add(new Int16OperationHandler(_decoder)); // Integer operations on 16-bit values
+ _handlers.Add(new LoadStoreInt16Handler(_decoder)); // Load and store 16-bit values
}
///
@@ -407,24 +413,29 @@ public class InstructionHandlerFactory
}
///
- /// Registers all And instruction handlers
+ /// Registers all AND instruction handlers
///
private void RegisterAndHandlers()
{
- // Add AND immediate handlers
- _handlers.Add(new AndImmToRm8Handler(_decoder)); // AND r/m8, imm8 (opcode 80 /4)
- _handlers.Add(new AndImmToRm32Handler(_decoder)); // AND r/m32, imm32 (opcode 81 /4)
- _handlers.Add(new AndImmToRm32SignExtendedHandler(_decoder)); // AND r/m32, imm8 (opcode 83 /4)
-
- // Add AND register handlers
+ // 16-bit handlers with operand size prefix (must come first)
+ _handlers.Add(new AndAxImmHandler(_decoder)); // AND AX, imm16 (opcode 25 with 0x66 prefix)
+ _handlers.Add(new AndImmToRm16Handler(_decoder)); // AND r/m16, imm16 (opcode 81 /4 with 0x66 prefix)
+ _handlers.Add(new AndImmToRm16SignExtendedHandler(_decoder)); // AND r/m16, imm8 (opcode 83 /4 with 0x66 prefix)
+ _handlers.Add(new AndRm16R16Handler(_decoder)); // AND r/m16, r16 (opcode 21 with 0x66 prefix)
+ _handlers.Add(new AndR16Rm16Handler(_decoder)); // AND r16, r/m16 (opcode 23 with 0x66 prefix)
+
+ // 8-bit handlers
+ _handlers.Add(new AndAlImmHandler(_decoder)); // AND AL, imm8 (opcode 24)
_handlers.Add(new AndR8Rm8Handler(_decoder)); // AND r8, r/m8 (opcode 22)
_handlers.Add(new AndRm8R8Handler(_decoder)); // AND r/m8, r8 (opcode 20)
+ _handlers.Add(new AndImmToRm8Handler(_decoder)); // AND r/m8, imm8 (opcode 80 /4)
+
+ // 32-bit handlers
+ _handlers.Add(new AndEaxImmHandler(_decoder)); // AND EAX, imm32 (opcode 25 without 0x66 prefix)
_handlers.Add(new AndR32Rm32Handler(_decoder)); // AND r32, r/m32 (opcode 23)
_handlers.Add(new AndMemRegHandler(_decoder)); // AND r/m32, r32 (opcode 21)
-
- // Add AND immediate with accumulator handlers
- _handlers.Add(new AndAlImmHandler(_decoder)); // AND AL, imm8 (opcode 24)
- _handlers.Add(new AndEaxImmHandler(_decoder)); // AND EAX, imm32 (opcode 25)
+ _handlers.Add(new AndImmToRm32Handler(_decoder)); // AND r/m32, imm32 (opcode 81 /4)
+ _handlers.Add(new AndImmToRm32SignExtendedHandler(_decoder)); // AND r/m32, imm8 (opcode 83 /4)
}
///
@@ -435,23 +446,23 @@ public class InstructionHandlerFactory
// Register SUB handlers
// 16-bit handlers with operand size prefix (must come first)
- _handlers.Add(new SubAxImm16Handler(_decoder));
- _handlers.Add(new SubImmFromRm16Handler(_decoder));
- _handlers.Add(new SubImmFromRm16SignExtendedHandler(_decoder));
- _handlers.Add(new SubRm16R16Handler(_decoder));
- _handlers.Add(new SubR16Rm16Handler(_decoder));
+ _handlers.Add(new SubAxImm16Handler(_decoder)); // SUB AX, imm16 (opcode 0x66 0x83 /5)
+ _handlers.Add(new SubImmFromRm16Handler(_decoder)); // SUB r/m16, imm16 (opcode 0x66 0x81 /5)
+ _handlers.Add(new SubImmFromRm16SignExtendedHandler(_decoder)); // SUB r/m16, imm8 (opcode 0x66 0x83 /5)
+ _handlers.Add(new SubRm16R16Handler(_decoder)); // SUB r/m16, r16 (opcode 0x66 0x29)
+ _handlers.Add(new SubR16Rm16Handler(_decoder)); // SUB r16, r/m16 (opcode 0x66 0x2B)
// 32-bit handlers
- _handlers.Add(new SubRm32R32Handler(_decoder));
- _handlers.Add(new SubR32Rm32Handler(_decoder));
- _handlers.Add(new SubImmFromRm32Handler(_decoder));
- _handlers.Add(new SubImmFromRm32SignExtendedHandler(_decoder));
+ _handlers.Add(new SubRm32R32Handler(_decoder)); // SUB r/m32, r32 (opcode 0x29)
+ _handlers.Add(new SubR32Rm32Handler(_decoder)); // SUB r32, r/m32 (opcode 0x2B)
+ _handlers.Add(new SubImmFromRm32Handler(_decoder)); // SUB r/m32, imm32 (opcode 0x81 /5)
+ _handlers.Add(new SubImmFromRm32SignExtendedHandler(_decoder)); // SUB r/m32, imm8 (opcode 0x83 /5)
// 8-bit handlers
- _handlers.Add(new SubRm8R8Handler(_decoder));
- _handlers.Add(new SubR8Rm8Handler(_decoder));
- _handlers.Add(new SubAlImm8Handler(_decoder));
- _handlers.Add(new SubImmFromRm8Handler(_decoder));
+ _handlers.Add(new SubRm8R8Handler(_decoder)); // SUB r/m8, r8 (opcode 0x28)
+ _handlers.Add(new SubR8Rm8Handler(_decoder)); // SUB r8, r/m8 (opcode 0x2A)
+ _handlers.Add(new SubAlImm8Handler(_decoder)); // SUB AL, imm8 (opcode 0x2C)
+ _handlers.Add(new SubImmFromRm8Handler(_decoder)); // SUB r/m8, imm8 (opcode 0x80 /5)
}
///
@@ -460,9 +471,9 @@ public class InstructionHandlerFactory
private void RegisterNopHandlers()
{
// Register NOP handlers
- _handlers.Add(new NopHandler(_decoder));
- _handlers.Add(new TwoByteNopHandler(_decoder));
- _handlers.Add(new MultiByteNopHandler(_decoder));
+ _handlers.Add(new NopHandler(_decoder)); // NOP (opcode 0x90)
+ _handlers.Add(new TwoByteNopHandler(_decoder)); // 2-byte NOP (opcode 0x66 0x90)
+ _handlers.Add(new MultiByteNopHandler(_decoder)); // Multi-byte NOP (opcode 0F 1F /0)
}
///
@@ -491,16 +502,15 @@ public class InstructionHandlerFactory
_handlers.Add(new BsrR32Rm32Handler(_decoder)); // BSR r32, r/m32 (0F BD)
}
+
+
///
/// Registers all NEG instruction handlers
///
private void RegisterNegHandlers()
{
- // NEG r/m8 handler (F6 /3)
- _handlers.Add(new NegRm8Handler(_decoder));
-
- // NEG r/m32 handler (F7 /3)
- _handlers.Add(new NegRm32Handler(_decoder));
+ _handlers.Add(new NegRm8Handler(_decoder)); // NEG r/m8 handler (F6 /3)
+ _handlers.Add(new NegRm32Handler(_decoder)); // NEG r/m32 handler (F7 /3)
}
///
@@ -508,11 +518,8 @@ public class InstructionHandlerFactory
///
private void RegisterMulHandlers()
{
- // MUL r/m8 handler (F6 /4)
- _handlers.Add(new MulRm8Handler(_decoder));
-
- // MUL r/m32 handler (F7 /4)
- _handlers.Add(new MulRm32Handler(_decoder));
+ _handlers.Add(new MulRm8Handler(_decoder)); // MUL r/m8 handler (F6 /4)
+ _handlers.Add(new MulRm32Handler(_decoder)); // MUL r/m32 handler (F7 /4)
}
///
@@ -520,11 +527,8 @@ public class InstructionHandlerFactory
///
private void RegisterNotHandlers()
{
- // NOT r/m8 handler (F6 /2)
- _handlers.Add(new NotRm8Handler(_decoder));
-
- // NOT r/m32 handler (F7 /2)
- _handlers.Add(new NotRm32Handler(_decoder));
+ _handlers.Add(new NotRm8Handler(_decoder)); // NOT r/m8 handler (F6 /2)
+ _handlers.Add(new NotRm32Handler(_decoder)); // NOT r/m32 handler (F7 /2)
}
///
@@ -532,20 +536,12 @@ public class InstructionHandlerFactory
///
private void RegisterImulHandlers()
{
- // IMUL r/m8 handler (F6 /5)
- _handlers.Add(new ImulRm8Handler(_decoder));
+ _handlers.Add(new ImulRm8Handler(_decoder)); // IMUL r/m8 handler (F6 /5)
+ _handlers.Add(new ImulRm32Handler(_decoder)); // IMUL r/m32 handler (F7 /5)
- // IMUL r/m32 handler (F7 /5)
- _handlers.Add(new ImulRm32Handler(_decoder));
-
- // IMUL r32, r/m32 handler (0F AF /r)
- _handlers.Add(new ImulR32Rm32Handler(_decoder));
-
- // IMUL r32, r/m32, imm8 handler (6B /r ib)
- _handlers.Add(new ImulR32Rm32Imm8Handler(_decoder));
-
- // IMUL r32, r/m32, imm32 handler (69 /r id)
- _handlers.Add(new ImulR32Rm32Imm32Handler(_decoder));
+ _handlers.Add(new ImulR32Rm32Handler(_decoder)); // IMUL r32, r/m32 handler (0F AF /r)
+ _handlers.Add(new ImulR32Rm32Imm8Handler(_decoder)); // IMUL r32, r/m32, imm8 handler (6B /r ib)
+ _handlers.Add(new ImulR32Rm32Imm32Handler(_decoder)); // IMUL r32, r/m32, imm32 handler (69 /r id)
}
///
@@ -553,11 +549,8 @@ public class InstructionHandlerFactory
///
private void RegisterDivHandlers()
{
- // DIV r/m8 handler (F6 /6)
- _handlers.Add(new DivRm8Handler(_decoder));
-
- // DIV r/m32 handler (F7 /6)
- _handlers.Add(new DivRm32Handler(_decoder));
+ _handlers.Add(new DivRm8Handler(_decoder)); // DIV r/m8 handler (F6 /6)
+ _handlers.Add(new DivRm32Handler(_decoder)); // DIV r/m32 handler (F7 /6)
}
///
@@ -565,11 +558,8 @@ public class InstructionHandlerFactory
///
private void RegisterIdivHandlers()
{
- // IDIV r/m8 handler (F6 /7)
- _handlers.Add(new IdivRm8Handler(_decoder));
-
- // IDIV r/m32 handler (F7 /7)
- _handlers.Add(new IdivRm32Handler(_decoder));
+ _handlers.Add(new IdivRm8Handler(_decoder)); // IDIV r/m8 handler (F6 /7)
+ _handlers.Add(new IdivRm32Handler(_decoder)); // IDIV r/m32 handler (F7 /7)
}
///
diff --git a/X86Disassembler/X86/InstructionDecoder.cs b/X86Disassembler/X86/InstructionDecoder.cs
index 8c06e67..3affd5a 100644
--- a/X86Disassembler/X86/InstructionDecoder.cs
+++ b/X86Disassembler/X86/InstructionDecoder.cs
@@ -43,7 +43,6 @@ public class InstructionDecoder
// Create specialized decoders
_prefixDecoder = new PrefixDecoder();
- new ModRMDecoder(this);
// Create the instruction handler factory
_handlerFactory = new InstructionHandlerFactory(_codeBuffer, this, _length);
@@ -101,7 +100,7 @@ public class InstructionDecoder
Printer.WriteLine?.Invoke($"Resolved handler {handler?.GetType().Name}");
- bool handlerSuccess = false;
+ bool handlerSuccess;
// Try to decode with a handler first
if (handler != null)
@@ -115,6 +114,11 @@ public class InstructionDecoder
// Decode the instruction
handlerSuccess = handler.Decode(opcode, instruction);
+ if (!handlerSuccess)
+ {
+ Printer.WriteLine?.Invoke($"Handler {handler.GetType().Name} failed!");
+ }
+
// Apply segment override prefix to the structured operands if needed
if (handlerSuccess && hasSegmentOverride)
{
diff --git a/X86Disassembler/X86/ModRMDecoder.cs b/X86Disassembler/X86/ModRMDecoder.cs
index b82da19..bab564f 100644
--- a/X86Disassembler/X86/ModRMDecoder.cs
+++ b/X86Disassembler/X86/ModRMDecoder.cs
@@ -77,7 +77,7 @@ public class ModRMDecoder
if (_decoder.CanReadByte())
{
byte sib = _decoder.ReadByte();
- return _sibDecoder.DecodeSIB(sib, 0, operandSize);
+ return _sibDecoder.DecodeSIB(sib, 0, operandSize, mod);
}
// Fallback for incomplete data
@@ -95,7 +95,7 @@ public class ModRMDecoder
{
byte sib = _decoder.ReadByte();
sbyte disp8 = (sbyte)(_decoder.CanReadByte() ? _decoder.ReadByte() : 0);
- return _sibDecoder.DecodeSIB(sib, (uint)disp8, operandSize);
+ return _sibDecoder.DecodeSIB(sib, (uint)disp8, operandSize, mod);
}
// Fallback for incomplete data
@@ -108,6 +108,7 @@ public class ModRMDecoder
sbyte disp8 = (sbyte)_decoder.ReadByte();
// Always create a displacement memory operand for mod=1, even if displacement is 0
+ // This ensures we show exactly what's encoded in the ModR/M byte
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, disp8, operandSize);
}
@@ -123,7 +124,7 @@ public class ModRMDecoder
{
byte sib = _decoder.ReadByte();
uint disp32 = _decoder.ReadUInt32();
- return _sibDecoder.DecodeSIB(sib, disp32, operandSize);
+ return _sibDecoder.DecodeSIB(sib, disp32, operandSize, mod);
}
// Fallback for incomplete data
@@ -143,11 +144,7 @@ public class ModRMDecoder
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
}
- // Only show displacement if it's not zero
- if (disp32 == 0)
- {
- return OperandFactory.CreateBaseRegisterMemoryOperand(rmIndex, operandSize);
- }
+ // Always include the displacement, even if it's zero, to match the encoding
// Cast to long to preserve the unsigned value for large displacements
return OperandFactory.CreateDisplacementMemoryOperand(rmIndex, (long)disp32, operandSize);
diff --git a/X86Disassembler/X86/SIBDecoder.cs b/X86Disassembler/X86/SIBDecoder.cs
index cf798e9..7432d38 100644
--- a/X86Disassembler/X86/SIBDecoder.cs
+++ b/X86Disassembler/X86/SIBDecoder.cs
@@ -24,8 +24,9 @@ public class SIBDecoder
/// The SIB byte
/// The displacement value
/// The size of the operand in bits (8, 16, 32, or 64)
+ /// The mod field from the ModR/M byte
/// The decoded SIB operand
- public Operand DecodeSIB(byte sib, uint displacement, int operandSize)
+ public Operand DecodeSIB(byte sib, uint displacement, int operandSize, byte mod = 0)
{
// Extract fields from SIB byte
byte scale = (byte)((sib & Constants.SIB_SCALE_MASK) >> 6);
@@ -39,8 +40,8 @@ public class SIBDecoder
// Special case: ESP/SP (4) in index field means no index register
if (index == RegisterIndex.Sp)
{
- // Special case: EBP/BP (5) in base field with no displacement means disp32 only
- if (@base == RegisterIndex.Bp && displacement == 0)
+ // Special case: EBP/BP (5) in base field with mod=00 means disp32 only
+ if (@base == RegisterIndex.Bp && mod == 0)
{
if (_decoder.CanReadUInt())
{
@@ -56,16 +57,12 @@ public class SIBDecoder
}
// When index is ESP (no index), we just have a base register with optional displacement
- if (displacement == 0)
- {
- return OperandFactory.CreateBaseRegisterMemoryOperand(@base, operandSize);
- }
-
+ // Always include the displacement, even if it's zero, to match the encoding
return OperandFactory.CreateDisplacementMemoryOperand(@base, (int)displacement, operandSize);
}
- // Special case: EBP/BP (5) in base field with no displacement means disp32 only
- if (@base == RegisterIndex.Bp && displacement == 0)
+ // Special case: EBP/BP (5) in base field with mod=00 means disp32 only
+ if (@base == RegisterIndex.Bp && mod == 0 && displacement == 0)
{
if (_decoder.CanReadUInt())
{
@@ -98,6 +95,22 @@ public class SIBDecoder
operandSize);
}
+ // Special case: When base is EBP/BP and mod is 01 or 10
+ // This is a special case in x86 addressing.
+ if (@base == RegisterIndex.Bp && (mod == 1 || mod == 2))
+ {
+ int scaleFactorBp = 1 << scale; // 1, 2, 4, or 8
+
+ // Always include the displacement for EBP, even if it's zero
+ // This ensures we show exactly what's encoded in the ModR/M and SIB bytes
+ return OperandFactory.CreateScaledIndexMemoryOperand(
+ index,
+ scaleFactorBp,
+ @base,
+ (int)displacement,
+ operandSize);
+ }
+
// Normal case with base and index registers
int scaleFactor = 1 << scale; // 1, 2, 4, or 8
diff --git a/X86DisassemblerTests/InstructionTests/XorInstructionTests.cs b/X86DisassemblerTests/InstructionTests/XorInstructionTests.cs
index 2b65d2d..1d06964 100644
--- a/X86DisassemblerTests/InstructionTests/XorInstructionTests.cs
+++ b/X86DisassemblerTests/InstructionTests/XorInstructionTests.cs
@@ -111,9 +111,9 @@ public class XorInstructionTests
// Check the first operand (AL)
var alOperand = instruction.StructuredOperands[0];
- Assert.IsType(alOperand);
- var registerOperand = (RegisterOperand)alOperand;
- Assert.Equal(RegisterIndex.A, registerOperand.Register);
+ Assert.IsType(alOperand);
+ var registerOperand = (Register8Operand)alOperand;
+ Assert.Equal(RegisterIndex8.AL, registerOperand.Register);
Assert.Equal(8, registerOperand.Size); // Validate that it's an 8-bit register (AL)
// Check the second operand (immediate value)
diff --git a/X86DisassemblerTests/TestData/add_tests.csv b/X86DisassemblerTests/TestData/add_tests.csv
index c5a21bc..f6e9db4 100644
--- a/X86DisassemblerTests/TestData/add_tests.csv
+++ b/X86DisassemblerTests/TestData/add_tests.csv
@@ -4,7 +4,7 @@ RawBytes;Instructions
04AA;[{ "Type": "Add", "Operands": ["al", "0xAA"] }]
80C1AA;[{ "Type": "Add", "Operands": ["cl", "0xAA"] }]
8000AA;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "0xAA"] }]
-805310AA;[{ "Type": "Add", "Operands": ["byte ptr [ebx+0x10]", "0xAA"] }]
+804310AA;[{ "Type": "Add", "Operands": ["byte ptr [ebx+0x10]", "0xAA"] }]
00D8;[{ "Type": "Add", "Operands": ["al", "bl"] }]
0018;[{ "Type": "Add", "Operands": ["byte ptr [eax]", "bl"] }]
0218;[{ "Type": "Add", "Operands": ["bl", "byte ptr [eax]"] }]
diff --git a/X86DisassemblerTests/TestData/and_tests.csv b/X86DisassemblerTests/TestData/and_tests.csv
index f439492..54a51a6 100644
--- a/X86DisassemblerTests/TestData/and_tests.csv
+++ b/X86DisassemblerTests/TestData/and_tests.csv
@@ -10,7 +10,7 @@ RawBytes;Instructions
20D8;[{ "Type": "And", "Operands": ["al", "bl"] }]
2018;[{ "Type": "And", "Operands": ["byte ptr [eax]", "bl"] }]
2218;[{ "Type": "And", "Operands": ["bl", "byte ptr [eax]"] }]
-800488AA;[{ "Type": "And", "Operands": ["byte ptr [eax+ecx*4]", "0xAA"] }]
+802488AA;[{ "Type": "And", "Operands": ["byte ptr [eax+ecx*4]", "0xAA"] }]
# 16-bit AND (with 66 prefix)
6625AA00;[{ "Type": "And", "Operands": ["ax", "0xAA"] }]
@@ -22,7 +22,7 @@ RawBytes;Instructions
6621D8;[{ "Type": "And", "Operands": ["ax", "bx"] }]
662118;[{ "Type": "And", "Operands": ["word ptr [eax]", "bx"] }]
662318;[{ "Type": "And", "Operands": ["bx", "word ptr [eax]"] }]
-66810488AA00;[{ "Type": "And", "Operands": ["word ptr [eax+ecx*4]", "0xAA"] }]
+66812488AA00;[{ "Type": "And", "Operands": ["word ptr [eax+ecx*4]", "0xAA"] }]
# 32-bit AND
25AA000000;[{ "Type": "And", "Operands": ["eax", "0xAA"] }]
@@ -34,9 +34,9 @@ RawBytes;Instructions
21D8;[{ "Type": "And", "Operands": ["eax", "ebx"] }]
2118;[{ "Type": "And", "Operands": ["dword ptr [eax]", "ebx"] }]
2318;[{ "Type": "And", "Operands": ["ebx", "dword ptr [eax]"] }]
-810488AA000000;[{ "Type": "And", "Operands": ["dword ptr [eax+ecx*4]", "0xAA"] }]
+812488AA000000;[{ "Type": "And", "Operands": ["dword ptr [eax+ecx*4]", "0xAA"] }]
# Complex addressing modes
-20A314285600;[{ "Type": "And", "Operands": ["byte ptr [ebx+0x562814]", "ah"] }]
+20A314285600;[{ "Type": "And", "Operands": ["byte ptr [ebx+0x00562814]", "ah"] }]
6621B310203040;[{ "Type": "And", "Operands": ["word ptr [ebx+0x40302010]", "si"] }]
-230C8D10203040;[{ "Type": "And", "Operands": ["ecx", "dword ptr [ebp*4+0x40302010]"] }]
\ No newline at end of file
+230CAD10203040;[{ "Type": "And", "Operands": ["ecx", "dword ptr [ebp*4+0x40302010]"] }]
\ No newline at end of file
diff --git a/X86DisassemblerTests/TestData/idiv_tests.csv b/X86DisassemblerTests/TestData/idiv_tests.csv
index c03904b..f9254da 100644
--- a/X86DisassemblerTests/TestData/idiv_tests.csv
+++ b/X86DisassemblerTests/TestData/idiv_tests.csv
@@ -31,4 +31,4 @@ F738;[{ "Type": "IDiv", "Operands": ["dword ptr [eax]"] }]
# The correct encoding for "IDIV dword ptr [eax+0x10]" would be F74010 (with Mod=01, R/M=0 for EAX, disp8=0x10)
# F73C2510000000;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
-F74010;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
+F77810;[{ "Type": "IDiv", "Operands": ["dword ptr [eax+0x10]"] }]
diff --git a/X86DisassemblerTests/TestData/lea_tests.csv b/X86DisassemblerTests/TestData/lea_tests.csv
index 603eb97..8b7f8e4 100644
--- a/X86DisassemblerTests/TestData/lea_tests.csv
+++ b/X86DisassemblerTests/TestData/lea_tests.csv
@@ -37,7 +37,7 @@ RawBytes;Instructions
8D47F0;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [edi-0x10]"] }]
# LEA r32, m (opcode 8D) with SIB byte (no displacement)
-8D0424;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [esp]"] }]
+8D0424;[{ "Type": "Lea", "Operands": ["eax", "dword ptr [esp+0x00]"] }]
# SPECIAL CASE: The following encodings with EBP as base register have special rules.
# When the SIB byte has Base=101 (EBP) and Mod=00, the base register is not used.
diff --git a/X86DisassemblerTests/TestData/poprm_tests.csv b/X86DisassemblerTests/TestData/poprm_tests.csv
index 0cd741f..30f31e8 100644
--- a/X86DisassemblerTests/TestData/poprm_tests.csv
+++ b/X86DisassemblerTests/TestData/poprm_tests.csv
@@ -7,8 +7,8 @@ RawBytes;Instructions
8F01;[{ "Type": "Pop", "Operands": ["dword ptr [ecx]"] }]
8F02;[{ "Type": "Pop", "Operands": ["dword ptr [edx]"] }]
8F03;[{ "Type": "Pop", "Operands": ["dword ptr [ebx]"] }]
-8F0424;[{ "Type": "Pop", "Operands": ["dword ptr [esp]"] }]
-88F4500;[{ "Type": "Pop", "Operands": ["dword ptr [ebp]"] }]
+8F0424;[{ "Type": "Pop", "Operands": ["dword ptr [esp+0x00]"] }]
+8F4500;[{ "Type": "Pop", "Operands": ["dword ptr [ebp+0x00]"] }]
8F06;[{ "Type": "Pop", "Operands": ["dword ptr [esi]"] }]
8F07;[{ "Type": "Pop", "Operands": ["dword ptr [edi]"] }]
diff --git a/X86DisassemblerTests/TestData/pushrm_tests.csv b/X86DisassemblerTests/TestData/pushrm_tests.csv
index ad350aa..6391c83 100644
--- a/X86DisassemblerTests/TestData/pushrm_tests.csv
+++ b/X86DisassemblerTests/TestData/pushrm_tests.csv
@@ -7,8 +7,8 @@ FF30;[{ "Type": "Push", "Operands": ["dword ptr [eax]"] }]
FF31;[{ "Type": "Push", "Operands": ["dword ptr [ecx]"] }]
FF32;[{ "Type": "Push", "Operands": ["dword ptr [edx]"] }]
FF33;[{ "Type": "Push", "Operands": ["dword ptr [ebx]"] }]
-FF3424;[{ "Type": "Push", "Operands": ["dword ptr [esp]"] }]
-FF7500;[{ "Type": "Push", "Operands": ["dword ptr [ebp]"] }]
+FF3424;[{ "Type": "Push", "Operands": ["dword ptr [esp+0x00]"] }]
+FF7500;[{ "Type": "Push", "Operands": ["dword ptr [ebp+0x00]"] }]
FF36;[{ "Type": "Push", "Operands": ["dword ptr [esi]"] }]
FF37;[{ "Type": "Push", "Operands": ["dword ptr [edi]"] }]
diff --git a/X86DisassemblerTests/TestData/ret_tests.csv b/X86DisassemblerTests/TestData/ret_tests.csv
index 3875923..b0feb18 100644
--- a/X86DisassemblerTests/TestData/ret_tests.csv
+++ b/X86DisassemblerTests/TestData/ret_tests.csv
@@ -6,10 +6,10 @@ RawBytes;Instructions
C3;[{ "Type": "Ret", "Operands": [] }]
# RET imm16 (opcode C2) - Near return to calling procedure and pop imm16 bytes from stack
-C20000;[{ "Type": "Ret", "Operands": ["0x0000"] }]
-C20400;[{ "Type": "Ret", "Operands": ["0x0004"] }]
-C20800;[{ "Type": "Ret", "Operands": ["0x0008"] }]
-C21000;[{ "Type": "Ret", "Operands": ["0x0010"] }]
+C20000;[{ "Type": "Ret", "Operands": ["0x00"] }]
+C20400;[{ "Type": "Ret", "Operands": ["0x04"] }]
+C20800;[{ "Type": "Ret", "Operands": ["0x08"] }]
+C21000;[{ "Type": "Ret", "Operands": ["0x10"] }]
C2FFFF;[{ "Type": "Ret", "Operands": ["0xFFFF"] }]
# RETF (opcode CB) - Far return to calling procedure
diff --git a/X86DisassemblerTests/TestData/string_tests.csv b/X86DisassemblerTests/TestData/string_tests.csv
index 68191f3..54d567a 100644
--- a/X86DisassemblerTests/TestData/string_tests.csv
+++ b/X86DisassemblerTests/TestData/string_tests.csv
@@ -3,50 +3,50 @@
RawBytes;Instructions
# MOVS - Move string
-A4;[{ "Type": "MovsB", "Operands": [] }]
+A4;[{ "Type": "MovsB", "Operands": ["byte ptr es:[edi]", "byte ptr ds:[esi]"] }]
A5;[{ "Type": "MovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
-66A5;[{ "Type": "MovsW", "Operands": [] }]
+66A5;[{ "Type": "MovsW", "Operands": ["word ptr es:[edi]", "byte ptr es:[esi]"] }]
# CMPS - Compare string
-A6;[{ "Type": "CmpsB", "Operands": [] }]
-A7;[{ "Type": "CmpsD", "Operands": [] }]
-66A7;[{ "Type": "CmpsW", "Operands": [] }]
+A6;[{ "Type": "CmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
+A7;[{ "Type": "CmpsD", "Operands": ["dword ptr es:[esi]", "dword ptr es:[edi]"] }]
+66A7;[{ "Type": "CmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
# SCAS - Scan string
-AE;[{ "Type": "ScasB", "Operands": [] }]
-AF;[{ "Type": "ScasD", "Operands": [] }]
-66AF;[{ "Type": "ScasW", "Operands": [] }]
+AE;[{ "Type": "ScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
+AF;[{ "Type": "ScasD", "Operands": ["eax", "dword ptr es:[edi]"] }]
+66AF;[{ "Type": "ScasW", "Operands": ["ax", "word ptr es:[edi]"] }]
# LODS - Load string
-AC;[{ "Type": "LodsB", "Operands": [] }]
-AD;[{ "Type": "LodsD", "Operands": [] }]
-66AD;[{ "Type": "LodsW", "Operands": [] }]
+AC;[{ "Type": "LodsB", "Operands": ["al", "byte ptr es:[esi]"] }]
+AD;[{ "Type": "LodsD", "Operands": ["eax", "dword ptr es:[esi]"] }]
+66AD;[{ "Type": "LodsW", "Operands": ["ax", "byte ptr es:[esi]"] }]
# STOS - Store string
-AA;[{ "Type": "StosB", "Operands": [] }]
-AB;[{ "Type": "StosD", "Operands": [] }]
-66AB;[{ "Type": "StosW", "Operands": [] }]
+AA;[{ "Type": "StosB", "Operands": ["byte ptr es:[edi]", "al"] }]
+AB;[{ "Type": "StosD", "Operands": ["dword ptr es:[edi]", "eax"] }]
+66AB;[{ "Type": "StosW", "Operands": ["word ptr es:[edi]", "ax"] }]
# REP prefix with string instructions
-F3A4;[{ "Type": "RepMovsB", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
+F3A4;[{ "Type": "RepMovsB", "Operands": ["byte ptr es:[edi]", "byte ptr ds:[esi]"] }]
F3A5;[{ "Type": "RepMovsD", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
-F366A5;[{ "Type": "RepMovsW", "Operands": ["dword ptr es:[edi]", "dword ptr ds:[esi]"] }]
-F3AA;[{ "Type": "RepStosB", "Operands": ["dword ptr es:[edi]"] }]
-F3AB;[{ "Type": "RepStosD", "Operands": ["dword ptr es:[edi]"] }]
-F366AB;[{ "Type": "RepStosW", "Operands": ["dword ptr es:[edi]"] }]
+F366A5;[{ "Type": "RepMovsW", "Operands": ["word ptr es:[edi]", "word ptr ds:[esi]"] }]
+F3AA;[{ "Type": "RepStosB", "Operands": ["byte ptr es:[edi]", "al"] }]
+F3AB;[{ "Type": "RepStosD", "Operands": ["dword ptr es:[edi]", "eax"] }]
+F366AB;[{ "Type": "RepStosW", "Operands": ["word ptr es:[edi]", "ax"] }]
# REPE/REPZ prefix with string instructions
-F3A6;[{ "Type": "RepeCmpsB", "Operands": [] }]
-F3A7;[{ "Type": "RepeCmpsD", "Operands": [] }]
-F366A7;[{ "Type": "RepeCmpsW", "Operands": [] }]
-F3AE;[{ "Type": "RepScasB", "Operands": [] }]
-F3AF;[{ "Type": "RepScasD", "Operands": [] }]
-F366AF;[{ "Type": "RepScasW", "Operands": [] }]
+F3A6;[{ "Type": "RepeCmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
+F3A7;[{ "Type": "RepeCmpsD", "Operands": ["dword ptr es:[esi]", "byte ptr es:[edi]"] }]
+F366A7;[{ "Type": "RepeCmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
+F3AE;[{ "Type": "RepScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
+F3AF;[{ "Type": "RepScasD", "Operands": ["eax", "dword ptr es:[edi]"] }]
+F366AF;[{ "Type": "RepScasW", "Operands": ["ax", "word ptr es:[edi]"] }]
# REPNE/REPNZ prefix with string instructions
-F2A6;[{ "Type": "RepneCmpsB", "Operands": [] }]
-F2A7;[{ "Type": "RepneCmpsD", "Operands": [] }]
-F266A7;[{ "Type": "RepneCmpsW", "Operands": [] }]
-F2AE;[{ "Type": "RepneScasB", "Operands": [] }]
-F2AF;[{ "Type": "RepneScasD", "Operands": [] }]
-F266AF;[{ "Type": "RepneScasW", "Operands": [] }]
+F2A6;[{ "Type": "RepneCmpsB", "Operands": ["byte ptr es:[esi]", "byte ptr es:[edi]"] }]
+F2A7;[{ "Type": "RepneCmpsD", "Operands": ["dword ptr es:[esi]", "dword ptr es:[edi]"] }]
+F266A7;[{ "Type": "RepneCmpsW", "Operands": ["word ptr es:[esi]", "word ptr es:[edi]"] }]
+F2AE;[{ "Type": "RepneScasB", "Operands": ["al", "byte ptr es:[edi]"] }]
+F2AF;[{ "Type": "RepneScasD", "Operands": ["eax", "byte ptr es:[edi]"] }]
+F266AF;[{ "Type": "RepneScasW", "Operands": ["eax", "byte ptr es:[edi]"] }]
diff --git a/X86DisassemblerTests/TestData/test_tests.csv b/X86DisassemblerTests/TestData/test_tests.csv
index 0ad5711..d348ee4 100644
--- a/X86DisassemblerTests/TestData/test_tests.csv
+++ b/X86DisassemblerTests/TestData/test_tests.csv
@@ -21,4 +21,4 @@ F7C378563412;[{ "Type": "Test", "Operands": ["ebx", "0x12345678"] }]
# TEST with memory operands
F60042;[{ "Type": "Test", "Operands": ["byte ptr [eax]", "0x42"] }]
F70078563412;[{ "Type": "Test", "Operands": ["dword ptr [eax]", "0x12345678"] }]
-854510;[{ "Type": "Test", "Operands": ["dword ptr [eax+0x10]", "eax"] }]
+854510;[{ "Type": "Test", "Operands": ["dword ptr [ebp+0x10]", "eax"] }]