Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home WINDBG

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


What is tmm register in disassembly

MetekMetek Member - All Emails Posts: 57
in WINDBG

Hi all!

WinDbg (Version 10.0.22000.194 AMD64) displays in disassembly of the crash dump:

xxx!SaveCR0:
fffff807`55f5d6d8 0f22c1          mov     tmm,rcx
fffff807`55f5d6db c3              ret
fffff807`55f5d6dc 66666690        xchg    ax,ax
xxx!ReadCR2:
fffff807`55f5d6e0 0f20d0          mov     rax,tmm
fffff807`55f5d6e3 c3              ret
fffff807`55f5d6e4 66666690        xchg    ax,ax
xxx!SaveCR2:
fffff807`55f5d6e8 0f22d1          mov     tmm,rcx
fffff807`55f5d6eb c3              ret

According to my knowledge, the "0F 22 C1" should be disassembled as "mov cr0, ecx"; "0F 20 D0" as "mov eax, cr2" and "0F 22 D1" as "mov cr2,ecx"

Is it bug in WinDbg or something else?

Thank you

· Share on Facebook

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,658

    That's an interesting bug. The TMM registers are part of the "Advanced Matrix Extensions", or "AMX". It is a two-dimensional block of registers that can be used for fast matrix multiplies. There's a CR0 bit involved, but your assessment is correct.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
  • MetekMetek Member - All Emails Posts: 57

    Hi Tim,

    You are correct. The AMX was the first thing that come to my mind. But AMX registers are numbered (tmm0 - tmm7). For this reason I started to disassemble opcodes manually and found that WinDbg apparently have bug in disassembling module. Since we all rely heavily on proper disassembling, it made sense to ask. Maybe someone else has encountered something like this.

    Best regards,

    Al

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online
Internals & Software Drivers 4-8 Dec 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online

Categories