From 7ef63c94da2ab60f0b50dabd9ef35da7146c0687 Mon Sep 17 00:00:00 2001
From: Ratin Gao <ratin@knsoft.org>
Date: Tue, 26 May 2026 02:35:26 +0800
Subject: [PATCH] Fix REX2 JMPABS target detection

JMPABS only requires REX2.M=0, REX2.W=0, and opcode A1. Ignore the remaining REX2 payload bits when recognizing the absolute target, matching Intel APX semantics.
---
 src/disasm.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/disasm.cpp b/src/disasm.cpp
index 894f46a0..db604bf5 100644
--- a/src/disasm.cpp
+++ b/src/disasm.cpp
@@ -975,9 +975,9 @@ PBYTE CDetourDis::CopyRex2(REFCOPYENTRY pEntry, PBYTE pbDst, PBYTE pbSrc)
         pbOut = (this->*pEntry2->pfCopy)(pEntry2, pbDst + 2, pbSrc + 2);
     }
 
-    // JMPABS: REX2 with payload=0x00 (M=0, W=0, all ext bits 0) and opcode A1.
+    // JMPABS: REX2 with M=0, W=0, and opcode A1. Other payload bits are ignored.
     // This is an absolute 64-bit jump whose target is the 8-byte immediate.
-    if (payload == 0x00 && pbSrc[2] == 0xA1) {
+    if ((payload & 0x88) == 0x00 && pbSrc[2] == 0xA1) {
         *m_ppbTarget = *(UNALIGNED PBYTE*)&pbSrc[3];
     }