Title of the post nearly sums it up.  In win32, single stepping over a popf that sets the trap flag.  The trap flag when examined using GetThreadContext reports the trap flag as being clear.
I tried for the first time installing OllyDbg today also, but Olly has no problem in detecting the trap flag as set.  [...]

In my bid to emulate win32 seh (in my emulator), I needed (to test my emulator) to single step through exception handling.  My first approach was to just single step through the program by setting the trap flag in the eflags register.  I had some problems with this.
One of the problems is single stepping through [...]

UPDATE:  This isn’t a bug after all.  Aspect provided documtation of what is actually occuring.
It’s a feature since pentium pro computers to do ‘fast string’ or block operations.  A block operation (eg, movb) of 64 bytes is performeed if ecx >= 64, if edi is aligned to 8 an byte boundary, and if esi and edi are not [...]

Another CPU bug uncovered while testing my emulator.   I came across a repne scasb while emulating the win32 version of upx.  The logic of scasb (scan string), to paraphrase the intel manuals is

SRC = dereference(edi)
temp = al -  SRC
SetStatusFlags(temp)
update_edi

In the code I ran across, %al was set to 0, the byte at (%edi) was 70 [...]

I have my emulator running reasonably successfully on upx now.  It’s actually an auto unpacker, and identifies when the program is unpacked by monitoring execution on previously written memory.  In the process of emulating file io I came across a particular bug in gdb.
The file descriptor returned from an open call inside the debuggee, was [...]

I’ve been writing an x86 emulator, and to debug it, I ran it on a p4 computer in parallel to a debugger on a target program (a upx packed binary).  Well.. I got to shl $8, %eax where eax = 0×00ffffff.
The intel documentation says that the overflow flag is only changed for 1 bit shifts.  Suprisingly, [...]

In some binaries, basic blocks may be connected only by jumps.  These basic blocks may also be non contiguous in the file, ie scattered throught the binary.
In cases like this, if your looking at the disassembly, you need to constantly jump throught the image to have the logical order of the control flow.  When the [...]

Some procedures, following a calling convention simply return (ret), without modifying the stack pointer (they expect the caller to perform stack correction).  In another call convention, procedures (callees) modify the stack using retn $0xhh.
Yesterday I made some changes to my disassembler, so that it would look at the stack correction in procedures.  But there is a possibility of inconsistency when [...]

I lied when I said I would write in a day the details of the ClamAV bug published by idefense last week.
 ClamAV was acquired by Sourcefire, which is the software company that is responsible for the Snort IDS.
 ClamAV code needs a fair amount of refactoring to be maintainable.  The current sources are quite disturbing.  I’m [...]

I lied when I said I would write in a day the details of the ClamAV bug published by idefense last week.
 ClamAV was acquired by Sourcefire, which is the software company that is responsible for the Snort IDS.
 ClamAV code needs a fair amount of refactoring to be maintainable.  The current sources are quite disturbing.  I’m [...]