Bug-fix: Incorrect RIP-relative detection logic and mmap() argument order

[ehgus607]

Summary

Two correctness issues were identified:

1. Incorrect logical condition when detecting RIP-relative addressing. (src/e9patch/e9CFR.cpp:244)
2. Wrong argument order in mmap() call (POSIX violation). (src/e9tool/e9frontend.cpp:898 and 1358)

These issues may lead to false positives in instruction detection and undefined behavior in memory mapping.

---

1. Incorrect RIP-relative Addressing Check

The code(e9CFR.cpp:244) attempts to detect RIP-relative addressing using:

!(mod == 0x00 && rm == 0x05)

However, the original negated condition was written as:

mod != 0x00 && rm != 0x05

This incorrectly applies De Morgan’s law and does not represent: !(A && B). Correct De Morgan transformation: !(A && B) = !A || !B

Therefore, the condition should be:

mod != 0x00 || rm != 0x05

2. Incorrect mmap() Argument Order

The third and fourth arguments to mmap() were swapped:

//e9frontend.cpp:898
void *ptr = mmap(NULL, size, MAP_SHARED, PROT_READ, fd, 0);

//correct mmap()
void *ptr = mmap(NULL, size, PROT_READ, MAP_SHARED, fd, 0);

POSIX signature:

void *mmap(void *addr, size_t length,
           int prot, int flags,
           int fd, off_t offset);

The implementation mistakenly passed flags before prot, which violates the required calling convention and may cause incorrect memory protection behavior.

Expected Behavior

1. RIP-relative addressing detection should strictly match (mod == 0x00 && rm == 0x05)

2. mmap() should follow the correct POSIX parameter order

Resolution

A fix has been proposed in PR #109 .

[ehgus607]

the fix is merged #109. Thanks! :)