APP CRASH (acprotect-hostname.exe) sandboxing addr16 push %fs:0x00[4byte]

Created by: Simorfo

With version 6.2.0-2 of DynamoRio The latest build does not solve the problem

On Windows 7, with a 32 bit application, acprotect-hostname.exe the classic hostname software packed with acprotect

I run it with (no client) C:\rio\bin32\drrun.exe -- acrotect-hostname.exe

The expected output is a line with the hostname. Instead we get a crash with message

SYSLOG_ERROR: Usage error: encode error: invalid 16-bit base+index (encode.c, line 1622)

The problem is sandboxing following instruction 64 67 ff 36 00 00 addr16 push %fs:0x00[4byte] %sp -> %sp 0xfffffffc(%sp)[4byte]

I think that the second destination operand should be 0xfffffffc(%esp)[4byte] (32 bit esp instead of 16 bit esp) With sandboxing, we try to insert lea 0xfffffffc(%sp) -> %ebx but we cannot encode 0xfffffffc(%sp) as an argument for lea.

I will submit a pull request with a simple test shortly