re_enc_test_cases.json
1 [ 2 { 3 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 4 "stack_width": "ZYDIS_STACK_WIDTH_64", 5 "payload": "678D342525250225", 6 "description": "lea esi, ds:[0x0000000025022525]" 7 }, 8 { 9 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 10 "stack_width": "ZYDIS_STACK_WIDTH_64", 11 "payload": "66669C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C696666666666", 12 "description": "pushf" 13 }, 14 { 15 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 16 "stack_width": "ZYDIS_STACK_WIDTH_16", 17 "payload": "6767676767AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", 18 "description": "stosb" 19 }, 20 { 21 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 22 "stack_width": "ZYDIS_STACK_WIDTH_64", 23 "payload": "C57811FC", 24 "description": "vmovups xmm4, xmm15" 25 }, 26 { 27 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 28 "stack_width": "ZYDIS_STACK_WIDTH_16", 29 "payload": "C5C5D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9C5", 30 "description": "vpsubusw ymm3, ymm7, ymm1" 31 }, 32 { 33 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 34 "stack_width": "ZYDIS_STACK_WIDTH_64", 35 "payload": "C48301496C6C6C6C6F6C6C000000000000", 36 "description": "vpermil2pd xmm5, xmm15, xmmword ptr ds:[r12+r13*2+0x6C], xmm6, 0x0C" 37 }, 38 { 39 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 40 "stack_width": "ZYDIS_STACK_WIDTH_32", 41 "payload": "0F1B040000001717171717171717171717171717171717171717171700000000", 42 "description": "bndstx ds:[eax+eax], bnd0" 43 }, 44 { 45 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 46 "stack_width": "ZYDIS_STACK_WIDTH_64", 47 "payload": "45454545454532B10C00000014141400C4C48400000000000000", 48 "description": "xor r14b, byte ptr ds:[r9+0x0C]" 49 }, 50 { 51 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 52 "stack_width": "ZYDIS_STACK_WIDTH_16", 53 "payload": "666666C2B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6B6000000000A0A", 54 "description": "ret 0xB6B6" 55 }, 56 { 57 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 58 "stack_width": "ZYDIS_STACK_WIDTH_64", 59 "payload": "6762727D2490040400", 60 "description": "vpgatherdd ymm8 {k4}, dword ptr ss:[esp+ymm16*1]" 61 }, 62 { 63 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32", 64 "stack_width": "ZYDIS_STACK_WIDTH_32", 65 "payload": "8D0D8D00000000000000000000", 66 "description": "lea ecx, ds:[0x0000008D]" 67 }, 68 { 69 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 70 "stack_width": "ZYDIS_STACK_WIDTH_16", 71 "payload": "FF1B0A0A000000000000005D0000000000000000000000000000000000000000", 72 "description": "call far dword ptr ss:[bp+di*1]" 73 }, 74 { 75 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 76 "stack_width": "ZYDIS_STACK_WIDTH_64", 77 "payload": "C579D6FC", 78 "description": "vmovq xmm4, xmm15" 79 }, 80 { 81 "machine_mode": "ZYDIS_MACHINE_MODE_REAL_16", 82 "stack_width": "ZYDIS_STACK_WIDTH_16", 83 "payload": "A00300", 84 "description": "mov al, byte ptr ds:[0x0003]" 85 }, 86 { 87 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 88 "stack_width": "ZYDIS_STACK_WIDTH_64", 89 "payload": "6659", 90 "description": "pop cx" 91 }, 92 { 93 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 94 "stack_width": "ZYDIS_STACK_WIDTH_64", 95 "payload": "C53B11FC", 96 "description": "vmovsd xmm4, xmm8, xmm15" 97 }, 98 { 99 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 100 "stack_width": "ZYDIS_STACK_WIDTH_16", 101 "payload": "67FF0EC00C0CA0", 102 "description": "dec dword ptr ds:[0x0CC0]" 103 }, 104 { 105 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 106 "stack_width": "ZYDIS_STACK_WIDTH_16", 107 "payload": "D32600D3", 108 "description": "shl word ptr ds:[0xD300], cl" 109 }, 110 { 111 "machine_mode": "ZYDIS_MACHINE_MODE_REAL_16", 112 "stack_width": "ZYDIS_STACK_WIDTH_32", 113 "payload": "67008B00001000", 114 "description": "add byte ptr ds:[ebx+0x100000], cl" 115 }, 116 { 117 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 118 "stack_width": "ZYDIS_STACK_WIDTH_64", 119 "payload": "6225145F5F00005F5F5FFFFFFFFFFF00FFFF", 120 "description": "vmaxph zmm24 {k7}, zmm13, word ptr ds:[rax] {1to32}" 121 }, 122 { 123 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 124 "stack_width": "ZYDIS_STACK_WIDTH_64", 125 "payload": "67C44235919490909090906B", 126 "description": "vpgatherqd xmm10, dword ptr ds:[r8d+ymm2*4-0x6F6F6F70], xmm9" 127 }, 128 { 129 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 130 "stack_width": "ZYDIS_STACK_WIDTH_64", 131 "payload": "640F1A5454545454545454545454545454545454545454545454545454545454", 132 "description": "bndldx bnd2, fs:[rsp+rdx+0x54]" 133 }, 134 { 135 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 136 "stack_width": "ZYDIS_STACK_WIDTH_64", 137 "payload": "00A4A4A4A4A4A4A4A4A4A4A4A4A4A4A400000000000000000000000000000000", 138 "description": "add byte ptr ss:[rsp-0x5B5B5B5C], ah" 139 }, 140 { 141 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 142 "stack_width": "ZYDIS_STACK_WIDTH_64", 143 "payload": "F30FA7C8", 144 "description": "rep xcrypt_ecb" 145 }, 146 { 147 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 148 "stack_width": "ZYDIS_STACK_WIDTH_64", 149 "payload": "C4A3FD7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 150 "description": "vfnmsubsd xmm7, xmm0, xmm15, xmm7" 151 }, 152 { 153 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 154 "stack_width": "ZYDIS_STACK_WIDTH_64", 155 "payload": "2A34CDCDCDCDCDCDCDCDCDCDCDCDCDFD00005A5A5A5A5A000000BDBDBDBDBDBD", 156 "description": "sub dh, byte ptr ds:[rcx*8-0x32323233]" 157 }, 158 { 159 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 160 "stack_width": "ZYDIS_STACK_WIDTH_64", 161 "payload": "4C4C63DF4C6C4C4C4C0000", 162 "description": "movsxd r11, edi" 163 }, 164 { 165 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 166 "stack_width": "ZYDIS_STACK_WIDTH_32", 167 "payload": "8F2800B60000000000000000000A", 168 "description": "vpmadcswd xmm0, xmm7, xmmword ptr ds:[eax], xmm0" 169 }, 170 { 171 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 172 "stack_width": "ZYDIS_STACK_WIDTH_64", 173 "payload": "6262FD06A0A4A43E256262", 174 "description": "vpscatterdq qword ptr ss:[rsp+xmm20*4+0x6262253E] {k6}, xmm28" 175 }, 176 { 177 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 178 "stack_width": "ZYDIS_STACK_WIDTH_64", 179 "payload": "FFE22D0000", 180 "description": "jmp rdx" 181 }, 182 { 183 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 184 "stack_width": "ZYDIS_STACK_WIDTH_32", 185 "payload": "2E2E2E2E2E2E2E2E2E2E322E2A0000002E382E2E3E3E3E3EBC003E3E3E3E3E3E", 186 "description": "xor ch, byte ptr cs:[esi]" 187 }, 188 { 189 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 190 "stack_width": "ZYDIS_STACK_WIDTH_16", 191 "payload": "F20F38F10D", 192 "description": "crc32 ecx, word ptr ds:[di]" 193 }, 194 { 195 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 196 "stack_width": "ZYDIS_STACK_WIDTH_64", 197 "payload": "6242795A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A5A", 198 "description": "vbroadcasti32x4 zmm27 {k2}, dword ptr ds:[r10+0x168] {sint8}" 199 }, 200 { 201 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 202 "stack_width": "ZYDIS_STACK_WIDTH_64", 203 "payload": "2E2E2E2E2E2E322E2A0000002E382E2E3E3E3E3EBC003E3E3E3E3E3E3E00FF3E", 204 "description": "xor ch, byte ptr ds:[rsi]" 205 }, 206 { 207 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 208 "stack_width": "ZYDIS_STACK_WIDTH_16", 209 "payload": "3EC5C2C2BEC2C2C2C2C2B5C2C2C2C2C2C2C2C2C2C2C27076267000", 210 "description": "vcmpss xmm7, xmm7, dword ptr ds:[bp-0x3D3E], 0xC2" 211 }, 212 { 213 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 214 "stack_width": "ZYDIS_STACK_WIDTH_64", 215 "payload": "8F89000110000000000000000000000000000000000000000000000000000000", 216 "description": "blsfill r15d, dword ptr ds:[r8]" 217 }, 218 { 219 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 220 "stack_width": "ZYDIS_STACK_WIDTH_32", 221 "payload": "E800000000E8E80A0A0000000000000000000000000000000000000000", 222 "description": "call 0x00000005" 223 }, 224 { 225 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 226 "stack_width": "ZYDIS_STACK_WIDTH_64", 227 "payload": "87C01D", 228 "description": "xchg eax, eax" 229 }, 230 { 231 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 232 "stack_width": "ZYDIS_STACK_WIDTH_64", 233 "payload": "626239DD3D3D3D883D3D3D3D3D3D3D3D00FF6F6FFF00", 234 "description": "vpmaxsd zmm31 {k5}, zmm8, xmmword ptr ds:[0x000000003D3D8847] {sint8} {eh}" 235 }, 236 { 237 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 238 "stack_width": "ZYDIS_STACK_WIDTH_16", 239 "payload": "009E00000000000000000000000000003838332700", 240 "description": "add byte ptr ss:[bp], bl" 241 }, 242 { 243 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 244 "stack_width": "ZYDIS_STACK_WIDTH_64", 245 "payload": "4B4B4B4B4B4B4B4B4B4B4B4B0F070055949494945555555555555555555501", 246 "description": "sysret" 247 }, 248 { 249 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 250 "stack_width": "ZYDIS_STACK_WIDTH_64", 251 "payload": "6221DD4CDDDDDD4C4C4C4C5858580A00E000000000000000000100", 252 "description": "vpaddusw zmm27 {k4}, zmm4, zmm21" 253 }, 254 { 255 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 256 "stack_width": "ZYDIS_STACK_WIDTH_64", 257 "payload": "4D9F9F9F9F0000009F9F9F009F9F9F00000000FF", 258 "description": "lahf" 259 }, 260 { 261 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 262 "stack_width": "ZYDIS_STACK_WIDTH_64", 263 "payload": "8383830A83000000000A0000000000830A00000000000A0A", 264 "description": "add dword ptr ds:[rbx+0x830A83], 0x00" 265 }, 266 { 267 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 268 "stack_width": "ZYDIS_STACK_WIDTH_64", 269 "payload": "6767676767F63DF6F6F6F6F6F6F6F6F60909099F00", 270 "description": "idiv byte ptr ds:[0x00000000F6F6F701]" 271 }, 272 { 273 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 274 "stack_width": "ZYDIS_STACK_WIDTH_16", 275 "payload": "C4E1F8902420", 276 "description": "kmovq k4, qword ptr ds:[eax]" 277 }, 278 { 279 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 280 "stack_width": "ZYDIS_STACK_WIDTH_64", 281 "payload": "3E683E4E3E7E3E3E3E3E3E3E3E3E3E3E3E3E3E3E3E0900000000000000000000", 282 "description": "push 0x7E3E4E3E" 283 }, 284 { 285 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 286 "stack_width": "ZYDIS_STACK_WIDTH_64", 287 "payload": "80C87AC8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8FFFFFFFF", 288 "description": "or al, 0x7A" 289 }, 290 { 291 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 292 "stack_width": "ZYDIS_STACK_WIDTH_32", 293 "payload": "36363636366767368D368D8D8D8D8D8D8D8D8D8D8D67670D0D0D0D0D0D0D0D32", 294 "description": "lea esi, ds:[0x00008D8D]" 295 }, 296 { 297 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 298 "stack_width": "ZYDIS_STACK_WIDTH_64", 299 "payload": "2E47474747B0472E2E2E2E2E2E2E5B2E2E2E2E2E2E2E2E2E2E2E2E2E2E2E2E00", 300 "description": "mov r8b, 0x47" 301 }, 302 { 303 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 304 "stack_width": "ZYDIS_STACK_WIDTH_64", 305 "payload": "C55C851600000085855C5C5C90000A00000000", 306 "description": "jknzd k4, 0x000000000000001D" 307 }, 308 { 309 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 310 "stack_width": "ZYDIS_STACK_WIDTH_16", 311 "payload": "87C0C00166673E00000909050980090509802281EA640000000067000000001C", 312 "description": "xchg ax, ax" 313 }, 314 { 315 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 316 "stack_width": "ZYDIS_STACK_WIDTH_16", 317 "payload": "006BF8", 318 "description": "add byte ptr ds:[ebx-0x08], ch" 319 }, 320 { 321 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 322 "stack_width": "ZYDIS_STACK_WIDTH_16", 323 "payload": "67676762E27D4F902400000062E27D4F9024EB006222CD579A0000D8D5000033", 324 "description": "vpgatherdd zmm4 {k7}, dword ptr ds:[eax+zmm0*1]" 325 }, 326 { 327 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 328 "stack_width": "ZYDIS_STACK_WIDTH_64", 329 "payload": "6252794AA02435052D6266", 330 "description": "vpscatterdd byte ptr ds:[zmm6*1+0x66622D05] {k2} {uint8}, zmm12" 331 }, 332 { 333 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 334 "stack_width": "ZYDIS_STACK_WIDTH_32", 335 "payload": "66666666DD6666666766666666666266666600B1B1B1B1B1B1B1B1B1FFFF7F00", 336 "description": "frstor ds:[esi+0x66]" 337 }, 338 { 339 "machine_mode": "ZYDIS_MACHINE_MODE_REAL_16", 340 "stack_width": "ZYDIS_STACK_WIDTH_16", 341 "payload": "678D999A2D9B340000000A000A0A0000", 342 "description": "lea bx, ds:[ecx+0x349B2D9A]" 343 }, 344 { 345 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 346 "stack_width": "ZYDIS_STACK_WIDTH_64", 347 "payload": "B90A000200", 348 "description": "mov ecx, 0x2000A" 349 }, 350 { 351 "machine_mode": "ZYDIS_MACHINE_MODE_REAL_16", 352 "stack_width": "ZYDIS_STACK_WIDTH_16", 353 "payload": "FF50FF", 354 "description": "call word ptr ds:[bx+si*1-0x01]" 355 }, 356 { 357 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 358 "stack_width": "ZYDIS_STACK_WIDTH_64", 359 "payload": "62565656567C6767676767676767676767676767676767676767676767676767", 360 "description": "vfmaddcph zmm15 {k6}, zmm21, dword ptr ds:[r15+0x19C] {1to16}" 361 }, 362 { 363 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 364 "stack_width": "ZYDIS_STACK_WIDTH_64", 365 "payload": "622231CD4747FF005D00000000", 366 "description": "vpsllvd zmm24 {k5}, zmm9, xmmword ptr ds:[rdi-0x10] {uint8} {eh}" 367 }, 368 { 369 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 370 "stack_width": "ZYDIS_STACK_WIDTH_64", 371 "payload": "6262F900922C0000", 372 "description": "vgatherdpd zmm29, qword ptr ds:[rax+zmm16*1]" 373 }, 374 { 375 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 376 "stack_width": "ZYDIS_STACK_WIDTH_64", 377 "payload": "62457D3D7A2500E76767011FFF", 378 "description": "vcvttph2qq ymm28 {k5}, word ptr ds:[0x000000006767E70A] {1to4}" 379 }, 380 { 381 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 382 "stack_width": "ZYDIS_STACK_WIDTH_64", 383 "payload": "C8C8C8C80400000000CDCDCDCDCDCDCDCDCDCDCDCDCDCD0100000000000110FF", 384 "description": "enter 0xC8C8, 0xC8" 385 }, 386 { 387 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 388 "stack_width": "ZYDIS_STACK_WIDTH_64", 389 "payload": "8B04256232CDF22C00000002000200000000000000666666669A9066662B0900", 390 "description": "mov eax, dword ptr ds:[0xFFFFFFFFF2CD3262]" 391 }, 392 { 393 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 394 "stack_width": "ZYDIS_STACK_WIDTH_64", 395 "payload": "C57B11FC", 396 "description": "vmovsd xmm4, xmm0, xmm15" 397 }, 398 { 399 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 400 "stack_width": "ZYDIS_STACK_WIDTH_64", 401 "payload": "6262219E3FBC9D000000000008000000445F", 402 "description": "vpmaxud zmm31 {k6}, zmm11, dword ptr ss:[rbp+rbx*4] {1to16} {eh}" 403 }, 404 { 405 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 406 "stack_width": "ZYDIS_STACK_WIDTH_64", 407 "payload": "C7C7C7C7C7C700060000000000", 408 "description": "mov edi, 0xC7C7C7C7" 409 }, 410 { 411 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 412 "stack_width": "ZYDIS_STACK_WIDTH_32", 413 "payload": "0F1B05000000000000000000000A8D0A000A0A", 414 "description": "bndstx ds:[0x00000000], bnd0" 415 }, 416 { 417 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 418 "stack_width": "ZYDIS_STACK_WIDTH_64", 419 "payload": "008800000000000000F0F0F0F0F0F0F0F0F0", 420 "description": "add byte ptr ds:[rax], cl" 421 }, 422 { 423 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 424 "stack_width": "ZYDIS_STACK_WIDTH_64", 425 "payload": "6464C7F8000F64007900646464646464646464646400000000000000000B0B", 426 "description": "xbegin 0x0000000000640F08" 427 }, 428 { 429 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 430 "stack_width": "ZYDIS_STACK_WIDTH_64", 431 "payload": "6262FD2EA39C190024242524", 432 "description": "vscatterqpd qword ptr ds:[rcx+ymm3*1+0x25242400] {k6}, ymm27" 433 }, 434 { 435 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 436 "stack_width": "ZYDIS_STACK_WIDTH_16", 437 "payload": "8C252DC8C8C8", 438 "description": "mov word ptr ds:[0xC82D], fs" 439 }, 440 { 441 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 442 "stack_width": "ZYDIS_STACK_WIDTH_64", 443 "payload": "6767555555555555555555673B01000000000000676767676767676767676767", 444 "description": "push rbp" 445 }, 446 { 447 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 448 "stack_width": "ZYDIS_STACK_WIDTH_64", 449 "payload": "4A4A4A4A6A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4A4AAB00000000000000", 450 "description": "push 0x4A" 451 }, 452 { 453 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 454 "stack_width": "ZYDIS_STACK_WIDTH_32", 455 "payload": "9A0000000000000000000000000000000F000000000000F9FF282828282828D7", 456 "description": "call far 0x0000:0x00000000" 457 }, 458 { 459 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 460 "stack_width": "ZYDIS_STACK_WIDTH_64", 461 "payload": "62F20198B5FFFFFFFFFFFFFFFF5CFF5C4CFFFFFFFFFFFF05000000000000B75C", 462 "description": "vpmadd231d zmm7, zmm15, zmm7" 463 }, 464 { 465 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 466 "stack_width": "ZYDIS_STACK_WIDTH_64", 467 "payload": "62817C0B5A5B14210000000000FFB2", 468 "description": "vcvtps2pd xmm19 {k3}, qword ptr ds:[r11+0xA0]" 469 }, 470 { 471 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 472 "stack_width": "ZYDIS_STACK_WIDTH_64", 473 "payload": "718EECECECECECECEC00A4A4A4", 474 "description": "jno 0xFFFFFFFFFFFFFF90" 475 }, 476 { 477 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 478 "stack_width": "ZYDIS_STACK_WIDTH_32", 479 "payload": "62F27E0829CD29292929FC00", 480 "description": "vpmovb2m k1, xmm5" 481 }, 482 { 483 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 484 "stack_width": "ZYDIS_STACK_WIDTH_16", 485 "payload": "2EC5FFE600F5C1C100", 486 "description": "vcvtpd2dq xmm0, ymmword ptr cs:[bx+si*1]" 487 }, 488 { 489 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 490 "stack_width": "ZYDIS_STACK_WIDTH_64", 491 "payload": "D100000000003E3E453E3E3E2E3EBC003E3E3E3E3E3E3E00FF3E3E3E3E3E3E3E", 492 "description": "rol dword ptr ds:[rax], 0x01" 493 }, 494 { 495 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 496 "stack_width": "ZYDIS_STACK_WIDTH_64", 497 "payload": "3E3E3E3E3EBC003E3E3E3E3E3E3E00FF3E3E3E3E3E3E3E3E3E3E3E3E3E", 498 "description": "mov esp, 0x3E3E3E00" 499 }, 500 { 501 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 502 "stack_width": "ZYDIS_STACK_WIDTH_16", 503 "payload": "62E29D9D2C9CFFFFFFFFFFFFFF0E202020FF2020202020200100000000000000", 504 "description": "vscalefpd xmm3 {k5} {z}, xmm4, qword ptr ds:[si-0x01] {1to2}" 505 }, 506 { 507 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 508 "stack_width": "ZYDIS_STACK_WIDTH_64", 509 "payload": "6291780E1811", 510 "description": "vprefetch1 byte ptr ds:[r9]" 511 }, 512 { 513 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 514 "stack_width": "ZYDIS_STACK_WIDTH_64", 515 "payload": "6222CD9A9A9AFFFFFFFF", 516 "description": "vfmsub132pd xmm27 {k2} {z}, xmm6, qword ptr ds:[rdx-0x01] {1to2}" 517 }, 518 { 519 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 520 "stack_width": "ZYDIS_STACK_WIDTH_64", 521 "payload": "7E6D0A0A00", 522 "description": "jle 0x000000000000006F" 523 }, 524 { 525 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 526 "stack_width": "ZYDIS_STACK_WIDTH_64", 527 "payload": "36643636363636363647470F0F0F1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D1D", 528 "description": "pf2id mm1, qword ptr fs:[r15]" 529 }, 530 { 531 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 532 "stack_width": "ZYDIS_STACK_WIDTH_64", 533 "payload": "C4A3F963493086", 534 "description": "vpcmpistri xmm1, xmmword ptr ds:[rcx+0x30], 0x86" 535 }, 536 { 537 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 538 "stack_width": "ZYDIS_STACK_WIDTH_64", 539 "payload": "C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C300000A0000000000000000000000", 540 "description": "ret" 541 }, 542 { 543 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_16", 544 "stack_width": "ZYDIS_STACK_WIDTH_16", 545 "payload": "67670F1B050000000000000001FDFFFF66676767676767210000000000", 546 "description": "bndstx ds:[0x0000], bnd0" 547 }, 548 { 549 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 550 "stack_width": "ZYDIS_STACK_WIDTH_64", 551 "payload": "626205239D63FFF862030062626262626262230100000000000A00", 552 "description": "vfnmadd132ss xmm28 {k3}, xmm31, dword ptr ds:[rbx-0x04]" 553 }, 554 { 555 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 556 "stack_width": "ZYDIS_STACK_WIDTH_64", 557 "payload": "8080800000000000000000000000200000000000000A0AFF80808080808080FF", 558 "description": "add byte ptr ds:[rax+0x80], 0x00" 559 }, 560 { 561 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 562 "stack_width": "ZYDIS_STACK_WIDTH_64", 563 "payload": "FF1100000083838383838383830500000000000000E30A0000000000000A0000", 564 "description": "call qword ptr ds:[rcx]" 565 }, 566 { 567 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 568 "stack_width": "ZYDIS_STACK_WIDTH_64", 569 "payload": "A0A0A0A0A000000000001AFFFF00", 570 "description": "mov al, byte ptr ds:[0x00000000A0A0A0A0]" 571 }, 572 { 573 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 574 "stack_width": "ZYDIS_STACK_WIDTH_64", 575 "payload": "80E0E84F4F4F4F4F4F4F4F4F4F4F8C050000000A0A0A8E8E0AE8E8E8E8E8E8E8", 576 "description": "and al, 0xE8" 577 }, 578 { 579 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 580 "stack_width": "ZYDIS_STACK_WIDTH_64", 581 "payload": "8D000000D600D6830000000000", 582 "description": "lea eax, ds:[rax]" 583 }, 584 { 585 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 586 "stack_width": "ZYDIS_STACK_WIDTH_32", 587 "payload": "8F898092929292929292929292929292929292D30000", 588 "description": "vprotd xmm2, xmm7, xmmword ptr ds:[edx-0x6D6D6D6E]" 589 }, 590 { 591 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_COMPAT_32", 592 "stack_width": "ZYDIS_STACK_WIDTH_32", 593 "payload": "535353535353535353535353535353535353535353005353", 594 "description": "push ebx" 595 }, 596 { 597 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 598 "stack_width": "ZYDIS_STACK_WIDTH_64", 599 "payload": "49C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7C7", 600 "description": "mov r15, 0xFFFFFFFFC7C7C7C7" 601 }, 602 { 603 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 604 "stack_width": "ZYDIS_STACK_WIDTH_64", 605 "payload": "6201FD2B5A00008E", 606 "description": "vcvtpd2ps xmm24 {k3}, ymmword ptr ds:[r8]" 607 }, 608 { 609 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 610 "stack_width": "ZYDIS_STACK_WIDTH_64", 611 "payload": "4D0AA4A4A4A4A40000A4FFFFFFF6A40000FF0000000000000AF3A4A4A4A4", 612 "description": "or r12b, byte ptr ds:[r12+0xA4A4A4]" 613 }, 614 { 615 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 616 "stack_width": "ZYDIS_STACK_WIDTH_64", 617 "payload": "62624D017E0A", 618 "description": "vpermt2d xmm25 {k1}, xmm22, xmmword ptr ds:[rdx]" 619 }, 620 { 621 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 622 "stack_width": "ZYDIS_STACK_WIDTH_64", 623 "payload": "C42231939C3C3D3D3D3D3D", 624 "description": "vgatherqps xmm11, dword ptr ss:[rsp+xmm15*1+0x3D3D3D3D], xmm9" 625 }, 626 { 627 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 628 "stack_width": "ZYDIS_STACK_WIDTH_64", 629 "payload": "62257D3E5B7373", 630 "description": "vcvtph2dq ymm30 {k6}, word ptr ds:[rbx+0xE6] {1to8}" 631 }, 632 { 633 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 634 "stack_width": "ZYDIS_STACK_WIDTH_64", 635 "payload": "6262010C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C9C", 636 "description": "vfnmadd132ps zmm27 {k4}, zmm15, zmmword ptr ss:[rsp+rbx*4-0x63636364]" 637 }, 638 { 639 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 640 "stack_width": "ZYDIS_STACK_WIDTH_64", 641 "payload": "8B042505FFFFFFFFFFFFFFFFFFFFFFFF0000", 642 "description": "mov eax, dword ptr ds:[0xFFFFFFFFFFFFFF05]" 643 }, 644 { 645 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 646 "stack_width": "ZYDIS_STACK_WIDTH_64", 647 "payload": "41D385000000000000000000000000000000000000000000000000", 648 "description": "rol dword ptr ds:[r13], cl" 649 }, 650 { 651 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 652 "stack_width": "ZYDIS_STACK_WIDTH_64", 653 "payload": "0F01000000000000000040000000FFFFFFFFFF3FFFFFFFFFFFFFFFFFFF000A", 654 "description": "sgdt tbyte ptr ds:[rax]" 655 }, 656 { 657 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_16", 658 "stack_width": "ZYDIS_STACK_WIDTH_16", 659 "payload": "67000500006600", 660 "description": "add byte ptr ds:[0x0000], al" 661 }, 662 { 663 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 664 "stack_width": "ZYDIS_STACK_WIDTH_64", 665 "payload": "0F0701000000000000070F0000000000000000000000FFFF0A0000", 666 "description": "sysret" 667 }, 668 { 669 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32", 670 "stack_width": "ZYDIS_STACK_WIDTH_32", 671 "payload": "676767676767676736E230303030303030303030303031313039313830383232", 672 "description": "loop 0x0000003B" 673 }, 674 { 675 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 676 "stack_width": "ZYDIS_STACK_WIDTH_64", 677 "payload": "62A645BBA6454545454545454545454536360000", 678 "description": "vfmaddsub213ph ymm16 {k3} {z}, ymm7, word ptr ss:[rbp+0x8A] {1to16}" 679 }, 680 { 681 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 682 "stack_width": "ZYDIS_STACK_WIDTH_64", 683 "payload": "8800000000000000F0F0F0F0F0F0F0F0F0", 684 "description": "mov byte ptr ds:[rax], al" 685 }, 686 { 687 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 688 "stack_width": "ZYDIS_STACK_WIDTH_64", 689 "payload": "6426626205007EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", 690 "description": "vpermt2d xmm31, xmm31, xmm7" 691 }, 692 { 693 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 694 "stack_width": "ZYDIS_STACK_WIDTH_64", 695 "payload": "4DC7C730000000", 696 "description": "mov r15, 0x30" 697 }, 698 { 699 "machine_mode": "ZYDIS_MACHINE_MODE_LEGACY_32", 700 "stack_width": "ZYDIS_STACK_WIDTH_16", 701 "payload": "D324FF", 702 "description": "shl dword ptr ds:[edi+edi*8], cl" 703 }, 704 { 705 "machine_mode": "ZYDIS_MACHINE_MODE_LONG_64", 706 "stack_width": "ZYDIS_STACK_WIDTH_64", 707 "payload": "CACACA", 708 "description": "ret far 0xCACA" 709 } 710 ]