bdshemu: Fix edge case with unsupported instrs

Fixes #106
bitdefender · Sep 23, 2024 · 66b983c · 66b983c
1 parent 34a0880
commit 66b983c
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/bdshemu/bdshemu_x86.c b/bdshemu/bdshemu_x86.c
@@ -1777,7 +1777,7 @@ ShemuX86Emulate(
         decodeCtx.FeatMode |= ND_FEAT_APX;
     }
 
-    while (Context->InstructionsCount++ < Context->MaxInstructionsCount)
+    while (!stop && Context->InstructionsCount++ < Context->MaxInstructionsCount)
     {
         SHEMU_STATUS shstatus;
         NDSTATUS ndstatus;
@@ -1793,13 +1793,6 @@ ShemuX86Emulate(
         nd_memzero(&dst, sizeof(dst));
         nd_memzero(&src, sizeof(src));
 
-        // The stop flag has been set, this means we've reached a valid instruction, but that instruction cannot be
-        // emulated (for example, SYSCALL, INT, system instructions, etc).
-        if (stop)
-        {
-            return SHEMU_ABORT_CANT_EMULATE;
-        }
-
         // If we already have a detection and we wish to stop on detections, do so now.
         if ((0 != Context->Flags) && (0 != (Context->Options & SHEMU_OPT_STOP_ON_EXPLOIT)))
         {
@@ -3559,6 +3552,13 @@ ShemuX86Emulate(
         }
     }
 
+    // The stop flag has been set, this means we've reached a valid instruction, but that instruction cannot be
+    // emulated (for example, SYSCALL, INT, system instructions, etc).
+    if (stop)
+    {
+        return SHEMU_ABORT_CANT_EMULATE;
+    }
+
     // Minimum percent of the instructions were NOPs => consider we have a NOP sled. Note that we get here only if
     // the maximum number of instructions has been emulated successfully; if the emulation is aborted for any reason,
     // this code will have no effect.