Fix #1031 - incorrect call offsets calculated in DOS EXEs

Also fix the incorrect MZ entrypoint calculation.
2025-02-11 09:05:33 +00:00 · 2014-06-14 09:12:23 -04:00 · 2014-06-14 09:12:23 -04:00 · 62b2c60031
commit 62b2c60031
parent 8d84f4b30f
2 changed files with 5 additions and 4 deletions
--- a/libr/anal/p/anal_x86_udis.c
+++ b/libr/anal/p/anal_x86_udis.c
@ -131,7 +131,7 @@ static st64 getval(ud_operand_t *op) {
 	int bits = op->size;
 	switch (op->type) {
 	case UD_OP_PTR:
-		return (op->lval.ptr.seg<<4) | (op->lval.ptr.off & 0xFFFF);
+		return (op->lval.ptr.seg<<4) + (op->lval.ptr.off & 0xFFFF);
 	default:
 		break;
 	}
@ -385,9 +385,11 @@ default:
 			op->type = R_ANAL_OP_TYPE_UCALL;
 			op->jump = 0; // EAX, EBX, ... use anal->reg
 			break;
+		case UD_OP_PTR:
+			op->jump = (int)getval (&u.operand[0]);
+			break;
 		case UD_OP_IMM:
 		case UD_OP_MEM:
-		case UD_OP_PTR:
 		default:
 			op->jump = addr + oplen + (int)getval (&u.operand[0]);
 		}
--- a/libr/bin/p/bin_mz.c
+++ b/libr/bin/p/bin_mz.c
@ -71,8 +71,7 @@ static RList* entries(RBinFile *arch) {
 	if (!(ret = r_list_new ()))
 		return NULL;
 	ret->free = free;
-	off = exe->header_paragraphs * 16L;
-	off += exe->ip; // XXX
+	off = (exe->cs << 4) + exe->ip;
 	if ((ptr = R_NEW (RBinAddr))) {
 		ptr->paddr = off;
 		ptr->vaddr = off;