Merge pull request #54 from serpilliere/fix_x86_pop_esp

Fix x86 pop esp

3 files changed, 22 insertions, 2 deletions

diff --git a/example/samples/x86_32_pop_esp.S b/example/samples/x86_32_pop_esp.S
new file mode 100644
index 00000000..4115a522
--- /dev/null
+++ b/example/samples/x86_32_pop_esp.S
@@ -0,0 +1,18 @@
+main:
+    MOV EAX, ESP
+    CALL test
+    MOV ESP, EAX
+    PUSH 0
+    PUSH title
+    PUSH msg
+    PUSH 0
+    CALL DWORD PTR [ MessageBoxA ]
+    RET
+
+test:
+    POP ESP
+    JMP ESP
+title:
+.string "Hello!"
+msg:
+.string "World!"
diff --git a/miasm2/arch/x86/sem.py b/miasm2/arch/x86/sem.py
index 22e8c276..6fc2e96b 100644
--- a/miasm2/arch/x86/sem.py
+++ b/miasm2/arch/x86/sem.py
@@ -635,7 +635,9 @@ def pop(ir, instr, a):
     if not s in [16, 32, 64]:
         raise ValueError('bad size stacker!')
     new_esp = mRSP[instr.mode][:s] + ExprInt_fromsize(s, off / 8)
-    e.append(ExprAff(mRSP[instr.mode][:s], new_esp))
+    # don't generate ESP incrementation on POP ESP
+    if a != ir.sp:
+        e.append(ExprAff(mRSP[instr.mode][:s], new_esp))
     # XXX FIX XXX for pop [esp]
     if isinstance(a, ExprMem):
         a = a.replace_expr({mRSP[instr.mode]: new_esp})
diff --git a/test/test_all.py b/test/test_all.py
index 5de12bf4..66620375 100644
--- a/test/test_all.py
+++ b/test/test_all.py
@@ -120,7 +120,7 @@ class ExampleShellcode(ExampleAssembler):
 testset += ExampleShellcode(['x86_32', 'x86_32_manip_ptr.S', "demo_x86_32.bin"])
 
 test_box = {}
-test_box_names = ["mod", "mod_self", "repmod", "simple", "enc"]
+test_box_names = ["mod", "mod_self", "repmod", "simple", "enc", "pop_esp"]
 for source in test_box_names:
     sample_base = "x86_32_" + source
     args = ["x86_32", sample_base + ".S", sample_base + ".bin", "--PE"]