16bit disassembly using wrong syntax

[radare]

[pancake@koega ~]$ rasm2 -b16 -d eaaaff00f0
ljmp 0xffaa, 0xf000
[pancake@koega ~]$ rasm2 -a x86.udis -b16 -d eaaaff00f0
jmp word 0xf000:0xffaa

the first output is capstone, the second udis86. the capstone output for 16bit disassembly is somewhat confusing to read.

[aquynh]

hmm this is the same output generated by Intel's XED.

what is the output of Gnu & IDA in this case?

thanks.

[XVilka]

@aquynh IDA using the 2nd notation, and it is more common in the 16-bit (aka DOS) world due to the early segment addressing adoption.

[mrexodia]

Intel XED uses a very strange syntax indeed, also noticed that while developing a tool with XED.

[aquynh]

while you guys are at it, can you also try jmp m16:16? do we have similar issue here?

[radare]

can you give us some hexpairs to construct that instruction?

On 11/10/2014 01:51 PM, Nguyen Anh Quynh wrote:

while you guys are at it, can you also try jmp m16:16? do we have
similar
issue here?

—
Reply to this email directly or view it on GitHub
#213 (comment).

[aquynh]

this instruction:

jmp ptr ds:[di]

but this has no issue with Capstone.

[aquynh]

fixed this issue with commit 4f99ed2

thanks.

[radare]

That was quick! thanks!