It does not process 'mov [0x12345678], eax statements properly. For Ex:
mov edx, [eax]
mov ecx, eax
mov eax, [edx]
call eax
mov ecx, [0x3b417e84]
mov edx, [ecx]
mov [0x3B417E8C], eax
push eax
mov eax, [edx+8]
call eax
Generates bytecode: 8B1089C18B02FFD08B0D847E413B8B11A3508B4208FFD0
Testing with: http://alexaltea.github.io/capstone.js/ returns the following asm:
00000000 8B 10 mov edx, dword ptr [eax]
00000002 89 C1 mov ecx, eax
00000004 8B 02 mov eax, dword ptr [edx]
00000006 FF D0 call eax
00000008 8B 0D 84 7E 41 3B mov ecx, dword ptr [0x3b417e84]
0000000E 8B 11 mov edx, dword ptr [ecx]
00000010 A3 50 8B 42 08 mov dword ptr [0x8428b50], eax
00000015 FF D0 call eax
So what is happening is, the entire 'mov [0x3B417E8C], eax' statement (move with a memory offset dest operand) is parsed to a single byte code: 0xa3. The following bytes 0x50, 0x8b 0x42, 0x08 should be interpreted as:
push eax
mov eax, [edx+8]
It does not process 'mov [0x12345678], eax statements properly. For Ex:
mov edx, [eax]
mov ecx, eax
mov eax, [edx]
call eax
mov ecx, [0x3b417e84]
mov edx, [ecx]
mov [0x3B417E8C], eax
push eax
mov eax, [edx+8]
call eax
Generates bytecode: 8B1089C18B02FFD08B0D847E413B8B11A3508B4208FFD0
Testing with: http://alexaltea.github.io/capstone.js/ returns the following asm:
00000000 8B 10 mov edx, dword ptr [eax]
00000002 89 C1 mov ecx, eax
00000004 8B 02 mov eax, dword ptr [edx]
00000006 FF D0 call eax
00000008 8B 0D 84 7E 41 3B mov ecx, dword ptr [0x3b417e84]
0000000E 8B 11 mov edx, dword ptr [ecx]
00000010 A3 50 8B 42 08 mov dword ptr [0x8428b50], eax
00000015 FF D0 call eax
So what is happening is, the entire 'mov [0x3B417E8C], eax' statement (move with a memory offset dest operand) is parsed to a single byte code: 0xa3. The following bytes 0x50, 0x8b 0x42, 0x08 should be interpreted as:
push eax
mov eax, [edx+8]