how to use this in windowsx64 kernel project?

I updated today to the new version of XEDParse and noticed it is handling incorrectly the following instruction:

mov rax, 0x100000000 ;generated bytes: "48 C7 C0 00 00 00 00" = mov rax, 0

If I'm not doing something wrong it should be: 48 b8 00 00 00 00 01 00 00 00

I tried to compile XEDParse with MS VS 2019 and had this following error:

1>libxed_x86.lib(xed-util.obj) : error LNK2019: unresolved external symbol ___iob_func referenced in function _xed_internal_assert

To solve this issue please see here:

https://stackoverflow.com/questions/30412951/unresolved-external-symbol-imp-fprintf-and-imp-iob-func-sdl2

严重性 代码 说明 项目 文件 行 Suppression State
错误 LNK2019 无法解析的外部符号 __iob_func，该符号在函数 xed_internal_assert 中被引用 XEDParse C:\Users\Administrator\Desktop\XEDParse-master\libxed_x64.lib(xed-util.obj) 1

__iob_func error in vs 2017

• Debugger version (can be found on right hand side of menu bar of debugger).
  Current - 2020/02/23
• Operating system version and Service Pack (including 32 or 64 bits).
  Win10 Pro x64 1909

Dear x64dbg team,
dear mrexodia,

I was in need to assemble an instruction with mutliple registers and offsets and went into some strange problems. The problem appears on both, x86 and x64 versions but only with XEDParse. asmjit is working fine. (so I think it's better placed here than as an x64dbg issue)

When trying to assemble the following instruction,
x64
cmp word ptr ds:[rbx+rsi+0x1c+0x16], 0x1337
x86
cmp word ptr ds:[ebx+esi+0x1c+0x16], 0x1337)

it assembles to the following instruction,
cmp word ptr ds:[rbx+rsi*1+0x16], 0x1337

the opcodes are fine though (66 81 7C 33 16 37 13), except the byte with the offset that should not be +16 but +32 instead. Even when summing up the offsets by hand and trying to assemble,
cmp word ptr ds:[rbx+rsi+0x32], 0x1337

the offset now ist correct but following instruction will be shown when trying to assemble the instruction,
cmp word ptr ds:[rbx+rsi*1+0x32], 0x1337

I also tried some different instructions, for example
mov ax, word ptr ds:[ebx+esi+0x1c+0x16]
but the same problem appears, he always converts all offset, if more than one is available, except the last one to rsi*1

I hope the problem is explained well enough, in case of any questions feel free to contact me.

Thanks in advance for fixing this issue.

With best regards

John

cannot assemble "enter XXXX, XX" (C8 XXXX XX)

The bytes 66 68 59 22 (push word 2259) is not possible to emit with XEDParse (possibly add a pushw and popw mnemonic is enough)

when assemble instruction like this
000007FEF1475C50 | 48 89 1D 11 F9 0F 00 | mov qword ptr ds:[7FEF1575568],rbx
i get this
000007FEF1475C50 | 48 89 1D 12 F9 0F 00 | mov qword ptr ds:[7FEF1575569],rbx
so it wrong calculate relative offset of instruction
problem how i see in OperandMem.cpp at 153 line
LONGLONG newDisp = TranslateRelativeCip(Parse, Operand->Mem.DispVal - 6, true);
Operand->Mem.DispVal - 6 if instruction have size 6 all good , if instruction bigger then 6 we have a error.
So it must be something like that
LONGLONG newDisp = TranslateRelativeCip(Parse, Operand->Mem.DispVal -Operand->Size, true);

A minor issue with XEDParse:

    int 3
    lea rcx, [rdx + rax + 123h] ; source
    ; lea rcx, [rax + rdx + 0x123]  ; as seen by disassembler
    ; lea rcx, [eax + rdx + 0x123]  ; hit space and change rax to eax: accepted by XEDParse
    ; lea rcx, [eax + 0x123]    ; resulting code

x64dbg/x64dbg#741

Creating this issue before someone else does.

Examples:
imul
VEX prefix (AVX) instructions