mirror of
https://github.com/NaC-L/Mergen.git
synced 2026-05-12 09:40:34 +00:00
naci
841d6bbcdb
Two doc updates following #205:
ARCHITECTURE.md gains a 'Control-Flow Recognition' section covering
the lift_ret REAL_return / ROP-return classification, the ret-to-IAT
chain pattern (the Themida-virt mitigation that #195/#196/#205 built
out), the lift_jmp direct/indirect dispatch, and the Iced
operand-type quirk that motivates widening SSE accept sets. These
were all undocumented and the ret-to-IAT chain in particular is a
non-trivial structural rewrite that future maintainers should not
have to reverse-engineer from the source.
REWRITE_BASELINE.md's punpcklqdq line now reflects what actually
happened: the handler had been present for a while but silently fell
through to not_implemented for every site because Iced classifies
the source operand by bytes-actually-accessed (low 64), not by
physical XMM width. Fixed in #205 (ba20a39) by widening the accept
set; pre-existing oracle vectors now pass and gate future
regressions.
Doc-only change. Behavior unchanged.
Co-authored-by: Yusuf <yusuf.canislek@meetdandy.com>