2016-05-26 03:25:48 +08:00
|
|
|
/***************************************************************************************************
|
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
Zyan Disassembler Library (Zydis)
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
|
Original Author : Florian Bernd
|
|
|
|
|
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
|
*
|
|
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
|
* copies or substantial portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
|
|
|
|
|
***************************************************************************************************/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @file
|
2017-07-03 23:02:32 +08:00
|
|
|
* @brief Defines the basic @c ZydisDecodedInstruction and @c ZydisDecodedOperand structs.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef ZYDIS_INSTRUCTIONINFO_H
|
|
|
|
|
#define ZYDIS_INSTRUCTIONINFO_H
|
|
|
|
|
|
2017-07-06 06:34:36 +08:00
|
|
|
#include <Zydis/CommonTypes.h>
|
2017-09-05 23:35:23 +08:00
|
|
|
#include <Zydis/MetaInfo.h>
|
2016-05-26 03:25:48 +08:00
|
|
|
#include <Zydis/Mnemonic.h>
|
|
|
|
|
#include <Zydis/Register.h>
|
2017-07-06 06:34:36 +08:00
|
|
|
#include <Zydis/SharedTypes.h>
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2017-01-20 00:37:05 +08:00
|
|
|
/* ============================================================================================== */
|
2017-07-03 09:14:01 +08:00
|
|
|
/* Decoded operand */
|
2017-07-06 06:34:36 +08:00
|
|
|
/* ============================================================================================== */
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
|
/**
|
2017-07-03 09:14:01 +08:00
|
|
|
* @brief Defines the @c ZydisDecodedOperand struct.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2017-07-03 09:14:01 +08:00
|
|
|
typedef struct ZydisDecodedOperand_
|
2016-05-26 03:25:48 +08:00
|
|
|
{
|
2016-11-26 20:08:37 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The operand-id.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t id;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The type of the operand.
|
|
|
|
|
*/
|
|
|
|
|
ZydisOperandType type;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The visibility of the operand.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisOperandVisibility visibility;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand-action.
|
|
|
|
|
*/
|
|
|
|
|
ZydisOperandAction action;
|
2017-06-14 02:17:20 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The operand-encoding.
|
|
|
|
|
*/
|
|
|
|
|
ZydisOperandEncoding encoding;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-06-23 09:35:12 +08:00
|
|
|
* @brief The logical size of the operand (in bits).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2017-06-14 02:17:20 +08:00
|
|
|
uint16_t size;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The element-type.
|
|
|
|
|
*/
|
|
|
|
|
ZydisElementType elementType;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The size of a single element.
|
|
|
|
|
*/
|
2017-06-17 05:19:57 +08:00
|
|
|
ZydisElementSize elementSize;
|
2017-06-14 02:17:20 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The number of elements.
|
|
|
|
|
*/
|
|
|
|
|
uint16_t elementCount;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for register-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2017-09-20 21:46:51 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The register value.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRegister value;
|
|
|
|
|
// TODO: AVX512_4VNNIW MULTISOURCE registers
|
|
|
|
|
} reg;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Extended info for memory-operands.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2017-06-17 08:50:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the memory operand is only used for address generation.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isAddressGenOnly;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The segment register.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRegister segment;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The base register.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRegister base;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The index register.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRegister index;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The scale factor.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t scale;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for memory-operands with displacement.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2017-06-14 02:17:20 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the displacement value is used.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool hasDisplacement;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The displacement value
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
int64_t value;
|
2016-05-26 03:25:48 +08:00
|
|
|
} disp;
|
|
|
|
|
} mem;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for pointer-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
uint16_t segment;
|
|
|
|
|
uint32_t offset;
|
|
|
|
|
} ptr;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for immediate-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the immediate value is signed.
|
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isSigned;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-04-10 04:54:53 +08:00
|
|
|
* @brief Signals, if the immediate value contains a relative offset. You can use
|
|
|
|
|
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address value.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isRelative;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The immediate value.
|
|
|
|
|
*/
|
|
|
|
|
union
|
|
|
|
|
{
|
2017-07-01 07:10:03 +08:00
|
|
|
uint64_t u;
|
|
|
|
|
int64_t s;
|
2016-05-26 03:25:48 +08:00
|
|
|
} value;
|
|
|
|
|
} imm;
|
2017-07-03 09:14:01 +08:00
|
|
|
} ZydisDecodedOperand;
|
2016-05-26 03:25:48 +08:00
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ============================================================================================== */
|
2017-07-06 06:34:36 +08:00
|
|
|
/* Decoded instruction */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ============================================================================================== */
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* Instruction attributes */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisInstructionAttributes datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint64_t ZydisInstructionAttributes;
|
|
|
|
|
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the ModRM byte.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_MODRM 0x0000000000000001 // (1 << 0)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the SUB byte.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SIB 0x0000000000000002 // (1 << 1)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the REX prefix.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REX 0x0000000000000004 // (1 << 2)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the XOP prefix.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_XOP 0x0000000000000008 // (1 << 3)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the VEX prefix.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_VEX 0x0000000000000010 // (1 << 4)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction has the EVEX prefix.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_EVEX 0x0000000000000020 // (1 << 5)
|
|
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the MVEX prefix.
|
|
|
|
|
*/
|
|
|
|
|
#define ZYDIS_ATTRIB_HAS_MVEX 0x0000000000000040 // (1 << 6)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has one or more operands with position-relative offsets.
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_IS_RELATIVE 0x0000000000000080 // (1 << 7)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 01:54:16 +08:00
|
|
|
* @brief The instruction is privileged.
|
|
|
|
|
*
|
2017-06-20 09:16:17 +08:00
|
|
|
* Priviliged instructions are any instructions that require a current ring level below 3.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_IS_PRIVILEGED 0x0000000000000100 // (1 << 8)
|
2017-09-24 00:26:48 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief The instruction is a far JMP/CALL/RET.
|
|
|
|
|
*/
|
|
|
|
|
#define ZYDIS_ATTRIB_IS_FAR_BRANCH 0x0000001000000000 // (1 << 36) // TODO: rebase
|
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the lock prefix (0xF0).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_LOCK 0x0000000000000200 // (1 << 9)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the rep prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REP 0x0000000000000400 // (1 << 10)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the repe/repz prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPE 0x0000000000000800 // (1 << 11)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the repe/repz prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPZ 0x0000000000000800 // (1 << 11)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the repne/repnz prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPNE 0x0000000000001000 // (1 << 12)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the repne/repnz prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPNZ 0x0000000000001000 // (1 << 12)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the bound prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_BOUND 0x0000000000002000 // (1 << 13)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the xacquire prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_XACQUIRE 0x0000000000004000 // (1 << 14)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-20 07:01:56 +08:00
|
|
|
* @brief The instruction accepts the xrelease prefix (0xF3).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_XRELEASE 0x0000000000008000 // (1 << 15)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts the xacquire/xrelease prefixes (0xF2, 0xF3) without the
|
|
|
|
|
* lock-prefix (0x0F).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_HLE_WITHOUT_LOCK 0x0000000000010000 // (1 << 16)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts branch hints (0x2E, 0x3E).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_BRANCH_HINTS 0x0000000000020000 // (1 << 17)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction accepts segment prefixes (0x2E, 0x36, 0x3E, 0x26, 0x64, 0x65).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_SEGMENT 0x0000000000040000 // (1 << 18)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the lock prefix (0xF0).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_LOCK 0x0000000000080000 // (1 << 19)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the rep prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REP 0x0000000000100000 // (1 << 20)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the repe/repz prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REPE 0x0000000000200000 // (1 << 21)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the repe/repz prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REPZ 0x0000000000200000 // (1 << 21)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the repne/repnz prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REPNE 0x0000000000400000 // (1 << 22)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the repne/repnz prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_REPNZ 0x0000000000400000 // (1 << 22)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the bound prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_BOUND 0x0000000000800000 // (1 << 23)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the xacquire prefix (0xF2).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_XACQUIRE 0x0000000001000000 // (1 << 24)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the xrelease prefix (0xF3).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_XRELEASE 0x0000000002000000 // (1 << 25)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the branch-not-taken hint (0x2E).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_BRANCH_NOT_TAKEN 0x0000000004000000 // (1 << 26)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the branch-taken hint (0x3E).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_BRANCH_TAKEN 0x0000000008000000 // (1 << 27)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has a segment modifier.
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT 0x00000003F0000000
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the CS segment modifier (0x2E).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_CS 0x0000000010000000 // (1 << 28)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the SS segment modifier (0x36).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_SS 0x0000000020000000 // (1 << 29)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the DS segment modifier (0x3E).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_DS 0x0000000040000000 // (1 << 30)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 01:54:16 +08:00
|
|
|
* @brief The instruction has the ES segment modifier (0x26).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_ES 0x0000000080000000 // (1 << 31)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the FS segment modifier (0x64).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_FS 0x0000000100000000 // (1 << 32)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the GS segment modifier (0x65).
|
|
|
|
|
*/
|
2017-09-09 20:16:54 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_GS 0x0000000200000000 // (1 << 33)
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction has the operand-size prefix (0x66).
|
|
|
|
|
*/
|
2017-09-24 00:26:48 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_OPERANDSIZE 0x0000000400000000 // (1 << 34) // TODO: rename
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 01:54:16 +08:00
|
|
|
* @brief The instruction has the address-size prefix (0x67).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-24 00:26:48 +08:00
|
|
|
#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000000800000000 // (1 << 35) // TODO: rename
|
2016-12-05 09:24:01 +08:00
|
|
|
|
2017-07-12 00:51:54 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* R/E/FLAGS info */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisCPUFlag datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint8_t ZydisCPUFlag;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisCPUFlagMask datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint32_t ZydisCPUFlagMask;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent CPU-flags.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisCPUFlags
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief Carry flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_CF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Parity flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_PF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Adjust flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_AF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Zero flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_ZF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Sign flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_SF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Trap flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_TF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Interrupt enable flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_IF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Direction flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_DF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Overflow flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_OF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief I/O privilege level flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_IOPL,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Nested task flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_NT,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Resume flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_RF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Virtual 8086 mode flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_VM,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Alignment check.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_AC,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Virtual interrupt flag.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_VIF,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Virtual interrupt pending.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_VIP,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Able to use CPUID instruction.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_ID,
|
|
|
|
|
/**
|
|
|
|
|
* @brief FPU condition-code flag 0.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_C0,
|
|
|
|
|
/**
|
|
|
|
|
* @brief FPU condition-code flag 1.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_C1,
|
|
|
|
|
/**
|
|
|
|
|
* @brief FPU condition-code flag 2.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_C2,
|
|
|
|
|
/**
|
|
|
|
|
* @brief FPU condition-code flag 3.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_C3,
|
|
|
|
|
/**
|
2017-09-22 05:50:44 +08:00
|
|
|
* @brief Maximum value of this enum.
|
2017-07-12 00:51:54 +08:00
|
|
|
*/
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_CPUFLAG_MAX_VALUE = ZYDIS_CPUFLAG_C3
|
2017-07-12 00:51:54 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisCPUFlagAction datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint8_t ZydisCPUFlagAction;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent CPU-flag actions.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisCPUFlagActions
|
|
|
|
|
{
|
|
|
|
|
ZYDIS_CPUFLAG_ACTION_NONE,
|
2017-07-12 23:48:02 +08:00
|
|
|
ZYDIS_CPUFLAG_ACTION_TESTED,
|
2017-07-12 00:51:54 +08:00
|
|
|
ZYDIS_CPUFLAG_ACTION_MODIFIED,
|
|
|
|
|
ZYDIS_CPUFLAG_ACTION_SET_0,
|
|
|
|
|
ZYDIS_CPUFLAG_ACTION_SET_1,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_CPUFLAG_ACTION_UNDEFINED,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CPUFLAG_ACTION_MAX_VALUE = ZYDIS_CPUFLAG_ACTION_UNDEFINED
|
2017-07-12 00:51:54 +08:00
|
|
|
};
|
|
|
|
|
|
2017-07-01 07:10:03 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* SSE/AVX exception-class */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisExceptionClass datatype.
|
|
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
typedef uint8_t ZydisExceptionClass;
|
2017-07-01 07:10:03 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent exception-classes.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisExceptionClasses
|
|
|
|
|
{
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_NONE,
|
2017-09-06 23:05:05 +08:00
|
|
|
// TODO: FP Exceptions
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE1,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE2,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE3,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE4,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE5,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_SSE7,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX1,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX2,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX3,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX4,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX5,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX6,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX7,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX8,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX11,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_AVX12,
|
2017-07-01 07:10:03 +08:00
|
|
|
ZYDIS_EXCEPTION_CLASS_E1,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E1NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E2,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E2NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E3,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E3NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E4,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E4NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E5,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E5NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E6,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E6NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E7NM,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E7NM128,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E9NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E10,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E10NF,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E11,
|
2017-09-06 23:05:05 +08:00
|
|
|
ZYDIS_EXCEPTION_CLASS_E11NF,
|
2017-07-01 07:10:03 +08:00
|
|
|
ZYDIS_EXCEPTION_CLASS_E12,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_E12NP,
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_K20,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_EXCEPTION_CLASS_K21,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_EXCEPTION_CLASS_MAX_VALUE = ZYDIS_EXCEPTION_CLASS_K21
|
2017-07-01 07:10:03 +08:00
|
|
|
};
|
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
2017-06-14 02:17:20 +08:00
|
|
|
/* AVX vector-length */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
2017-06-14 02:17:20 +08:00
|
|
|
* @brief Defines the @c ZydisVectorLength datatype.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-06-14 02:17:20 +08:00
|
|
|
typedef uint16_t ZydisVectorLength;
|
2016-12-05 09:24:01 +08:00
|
|
|
|
|
|
|
|
/**
|
2017-06-14 02:17:20 +08:00
|
|
|
* @brief Values that represent vector-lengths.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-06-14 02:17:20 +08:00
|
|
|
enum ZydisVectorLengths
|
2016-12-05 09:24:01 +08:00
|
|
|
{
|
2017-06-14 02:17:20 +08:00
|
|
|
ZYDIS_VECTOR_LENGTH_INVALID = 0,
|
|
|
|
|
ZYDIS_VECTOR_LENGTH_128 = 128,
|
|
|
|
|
ZYDIS_VECTOR_LENGTH_256 = 256,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_VECTOR_LENGTH_512 = 512,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_VECTOR_LENGTH_MAX_VALUE = ZYDIS_VECTOR_LENGTH_512
|
2016-12-05 09:24:01 +08:00
|
|
|
};
|
|
|
|
|
|
2017-06-14 04:04:29 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* AVX mask mode */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisMaskMode datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint8_t ZydisMaskMode;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent AVX mask-modes.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisMaskModes
|
|
|
|
|
{
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_MASK_MODE_INVALID,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
2017-07-15 04:54:22 +08:00
|
|
|
* @brief The embedded mask register is used as a merge-mask. This is the default mode for
|
|
|
|
|
* all EVEX/MVEX-instructions.
|
2017-06-14 04:04:29 +08:00
|
|
|
*/
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_MASK_MODE_MERGE,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
2017-07-15 04:54:22 +08:00
|
|
|
* @brief The embedded mask register is used as a zero-mask.
|
2017-06-14 04:04:29 +08:00
|
|
|
*/
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_MASK_MODE_ZERO,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_MASK_MODE_MAX_VALUE = ZYDIS_MASK_MODE_ZERO
|
2017-06-14 04:04:29 +08:00
|
|
|
};
|
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
2017-06-14 02:17:20 +08:00
|
|
|
/* AVX broadcast-mode */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
2017-06-14 02:17:20 +08:00
|
|
|
* @brief Defines the @c ZydisBroadcastMode datatype.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
typedef uint8_t ZydisBroadcastMode;
|
2016-12-05 09:24:01 +08:00
|
|
|
|
|
|
|
|
/**
|
2017-06-14 02:17:20 +08:00
|
|
|
* @brief Values that represent AVX broadcast-modes.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-06-14 02:17:20 +08:00
|
|
|
enum ZydisBroadcastModes
|
2016-12-05 09:24:01 +08:00
|
|
|
{
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_BROADCAST_MODE_INVALID,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_2,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_4,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_8,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_16,
|
2017-06-24 02:47:34 +08:00
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_32,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_1_TO_64,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_2_TO_4,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_2_TO_8,
|
|
|
|
|
ZYDIS_BROADCAST_MODE_2_TO_16,
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_BROADCAST_MODE_4_TO_8,
|
2017-06-24 02:47:34 +08:00
|
|
|
ZYDIS_BROADCAST_MODE_4_TO_16,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_BROADCAST_MODE_8_TO_16,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_BROADCAST_MODE_MAX_VALUE = ZYDIS_BROADCAST_MODE_8_TO_16
|
2016-12-05 09:24:01 +08:00
|
|
|
};
|
|
|
|
|
|
2017-06-14 04:04:29 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* AVX rounding-mode */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisRoundingMode datatype.
|
|
|
|
|
*/
|
|
|
|
|
typedef uint8_t ZydisRoundingMode;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent AVX rounding-modes.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisRoundingModes
|
|
|
|
|
{
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_ROUNDING_MODE_INVALID,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Round to nearest.
|
|
|
|
|
*/
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_ROUNDING_MODE_RN,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Round down.
|
|
|
|
|
*/
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_ROUNDING_MODE_RD,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Round up.
|
|
|
|
|
*/
|
2017-06-22 08:42:16 +08:00
|
|
|
ZYDIS_ROUNDING_MODE_RU,
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Round towards zero.
|
|
|
|
|
*/
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_ROUNDING_MODE_RZ,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_ROUNDING_MODE_MAX_VALUE = ZYDIS_ROUNDING_MODE_RZ
|
2017-06-22 08:42:16 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* KNC swizzle-mode */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisSwizzleMode datatype.
|
|
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
typedef uint8_t ZydisSwizzleMode;
|
2017-06-22 08:42:16 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent swizzle-modes.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisSwizzleModes
|
|
|
|
|
{
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_INVALID,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_DCBA,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_CDAB,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_BADC,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_DACB,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_AAAA,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_BBBB,
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_CCCC,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_SWIZZLE_MODE_DDDD,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_SWIZZLE_MODE_MAX_VALUE = ZYDIS_SWIZZLE_MODE_DDDD
|
2017-06-22 08:42:16 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
/* KNC conversion-mode */
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Defines the @c ZydisConversionMode datatype.
|
|
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
typedef uint8_t ZydisConversionMode;
|
2017-06-22 08:42:16 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent conversion-modes.
|
|
|
|
|
*/
|
|
|
|
|
enum ZydisConversionModes
|
|
|
|
|
{
|
|
|
|
|
ZYDIS_CONVERSION_MODE_INVALID,
|
|
|
|
|
ZYDIS_CONVERSION_MODE_FLOAT16,
|
|
|
|
|
ZYDIS_CONVERSION_MODE_SINT8,
|
|
|
|
|
ZYDIS_CONVERSION_MODE_UINT8,
|
|
|
|
|
ZYDIS_CONVERSION_MODE_SINT16,
|
2017-09-22 05:50:44 +08:00
|
|
|
ZYDIS_CONVERSION_MODE_UINT16,
|
|
|
|
|
/**
|
|
|
|
|
* @brief Maximum value of this enum.
|
|
|
|
|
*/
|
|
|
|
|
ZYDIS_CONVERSION_MODE_MAX_VALUE = ZYDIS_CONVERSION_MODE_UINT16
|
2017-06-14 04:04:29 +08:00
|
|
|
};
|
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
2017-07-03 09:14:01 +08:00
|
|
|
/* Decoded instruction */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/**
|
2017-07-03 09:14:01 +08:00
|
|
|
* @brief Defines the @c ZydisDecodedInstruction struct.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-07-03 09:14:01 +08:00
|
|
|
typedef struct ZydisDecodedInstruction_
|
2016-12-05 09:24:01 +08:00
|
|
|
{
|
|
|
|
|
/**
|
2017-06-13 01:16:01 +08:00
|
|
|
* @brief The machine mode used to decode this instruction.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
2017-06-13 01:16:01 +08:00
|
|
|
ZydisMachineMode machineMode;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction-mnemonic.
|
|
|
|
|
*/
|
2017-07-05 19:33:59 +08:00
|
|
|
ZydisMnemonic mnemonic;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The length of the decoded instruction.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t length;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the decoded instruction.
|
|
|
|
|
*/
|
2017-07-12 00:51:54 +08:00
|
|
|
uint8_t data[ZYDIS_MAX_INSTRUCTION_LENGTH];
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief The instruction-encoding (default, 3DNow, VEX, EVEX, XOP).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
ZydisInstructionEncoding encoding;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The opcode-map.
|
|
|
|
|
*/
|
|
|
|
|
ZydisOpcodeMap opcodeMap;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The instruction-opcode.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t opcode;
|
2017-07-15 04:54:22 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The stack width.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t stackWidth;
|
2017-09-22 04:16:37 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The effective operand width.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t operandWidth;
|
2017-06-13 01:16:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The effective address width.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t addressWidth;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The number of instruction-operands.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t operandCount;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Detailed info for all instruction operands.
|
|
|
|
|
*/
|
2017-07-12 00:51:54 +08:00
|
|
|
ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Instruction attributes.
|
2016-11-24 17:57:23 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisInstructionAttributes attributes;
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The instruction address points at the current instruction (relative to the
|
|
|
|
|
* initial instruction pointer).
|
|
|
|
|
*/
|
|
|
|
|
uint64_t instrAddress;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The instruction pointer points at the address of the next instruction (relative
|
|
|
|
|
* to the initial instruction pointer).
|
|
|
|
|
*
|
|
|
|
|
* This field is used to properly format relative instructions.
|
|
|
|
|
*/
|
|
|
|
|
uint64_t instrPointer;
|
2017-07-12 00:51:54 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Information about accessed CPU flags.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The CPU-flag action.
|
|
|
|
|
*
|
2017-09-11 03:43:52 +08:00
|
|
|
* You can call `ZydisGetAccessedFlagsByAction` to get a mask with all flags matching a
|
|
|
|
|
* specific action.
|
2017-07-12 00:51:54 +08:00
|
|
|
*/
|
|
|
|
|
ZydisCPUFlagAction action;
|
2017-09-22 05:50:44 +08:00
|
|
|
} accessedFlags[ZYDIS_CPUFLAG_MAX_VALUE + 1];
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-06-14 02:17:20 +08:00
|
|
|
* @brief Extended info for AVX instructions.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The AVX vector-length.
|
|
|
|
|
*/
|
2017-06-14 02:17:20 +08:00
|
|
|
ZydisVectorLength vectorLength;
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
2017-07-15 04:54:22 +08:00
|
|
|
* @brief Info about the embedded writemask-register.
|
2017-06-14 04:04:29 +08:00
|
|
|
*/
|
2017-07-15 04:54:22 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The masking mode.
|
|
|
|
|
*/
|
|
|
|
|
ZydisMaskMode mode;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The mask register.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRegister reg;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the mask-register is used as a control mask.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isControlMask;
|
|
|
|
|
} mask;
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
2017-09-11 03:43:52 +08:00
|
|
|
* @brief Contains info about the AVX broadcast.
|
2017-06-14 04:04:29 +08:00
|
|
|
*/
|
2017-06-23 09:35:12 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the broadcast is a static broadcast.
|
|
|
|
|
*
|
|
|
|
|
* This is the case for instructions with inbuild broadcast functionality, that is
|
2017-07-03 23:02:32 +08:00
|
|
|
* always active and not be controlled by a flag in the XOP/VEX/EVEX/MVEX-prefix.
|
2017-06-23 09:35:12 +08:00
|
|
|
*/
|
|
|
|
|
ZydisBool isStatic;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The AVX broadcast-mode.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBroadcastMode mode;
|
|
|
|
|
} broadcast;
|
2017-06-14 04:04:29 +08:00
|
|
|
/**
|
2017-09-11 03:43:52 +08:00
|
|
|
* @brief Contains info about the AVX rounding.
|
2017-06-14 04:04:29 +08:00
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The AVX rounding-mode.
|
|
|
|
|
*/
|
|
|
|
|
ZydisRoundingMode mode;
|
|
|
|
|
} rounding;
|
2017-06-23 01:54:35 +08:00
|
|
|
/**
|
2017-09-11 03:43:52 +08:00
|
|
|
* @brief Contains info about the AVX register-swizzle (MVEX only).
|
2017-06-23 01:54:35 +08:00
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The AVX register-swizzle mode (MVEX only).
|
|
|
|
|
*/
|
|
|
|
|
ZydisSwizzleMode mode;
|
|
|
|
|
} swizzle;
|
2017-06-23 01:54:35 +08:00
|
|
|
/**
|
2017-09-11 03:43:52 +08:00
|
|
|
* @brief Contains info about the AVX data-conversion (MVEX only).
|
2017-06-23 01:54:35 +08:00
|
|
|
*/
|
2017-09-11 03:43:52 +08:00
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The AVX data-conversion mode (MVEX only).
|
|
|
|
|
*/
|
|
|
|
|
ZydisConversionMode mode;
|
|
|
|
|
} conversion;
|
2017-06-23 01:54:35 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the sae functionality is enabled for the instruction.
|
|
|
|
|
*/
|
2017-06-22 07:38:41 +08:00
|
|
|
ZydisBool hasSAE;
|
2017-06-23 01:54:35 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the instruction has a memory eviction-hint (MVEX only).
|
|
|
|
|
*/
|
2017-06-22 07:38:41 +08:00
|
|
|
ZydisBool hasEvictionHint;
|
2017-09-05 23:35:23 +08:00
|
|
|
} avx;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Meta info.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The instruction category.
|
|
|
|
|
*/
|
|
|
|
|
ZydisInstructionCategory category;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The ISA-set.
|
|
|
|
|
*/
|
|
|
|
|
ZydisISASet isaSet;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The ISA-set extension.
|
|
|
|
|
*/
|
|
|
|
|
ZydisISAExt isaExt;
|
2017-09-06 23:05:05 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The exception class.
|
|
|
|
|
*/
|
|
|
|
|
ZydisExceptionClass exceptionClass;
|
2017-09-05 23:35:23 +08:00
|
|
|
} meta;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extended info about different instruction-parts like ModRM, SIB or
|
2016-05-26 03:25:48 +08:00
|
|
|
* encoding-prefixes.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Detailed info about the legacy prefixes
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2017-06-13 01:16:01 +08:00
|
|
|
uint8_t data[ZYDIS_MAX_INSTRUCTION_LENGTH - 1];
|
|
|
|
|
uint8_t count;
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t hasF0;
|
|
|
|
|
uint8_t hasF3;
|
|
|
|
|
uint8_t hasF2;
|
|
|
|
|
uint8_t has2E;
|
|
|
|
|
uint8_t has36;
|
|
|
|
|
uint8_t has3E;
|
|
|
|
|
uint8_t has26;
|
|
|
|
|
uint8_t has64;
|
|
|
|
|
uint8_t has65;
|
|
|
|
|
uint8_t has66;
|
|
|
|
|
uint8_t has67;
|
|
|
|
|
} prefixes;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the REX-prefix.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t data[1];
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief 64-bit operand-size promotion.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t W;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.reg field.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the SIB.index field.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t X;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.rm, SIB.base, or opcode.reg field.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t B;
|
2016-05-26 03:25:48 +08:00
|
|
|
} rex;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the XOP-prefix.
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isDecoded;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t data[3];
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.reg field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t R;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the SIB.index field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t X;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.rm, SIB.base, or opcode.reg field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t B;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Opcode-map specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t m_mmmm;
|
|
|
|
|
/**
|
|
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t W;
|
|
|
|
|
/**
|
|
|
|
|
* @brief NDS register specifier (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t vvvv;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Vector-length specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t L;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t pp;
|
|
|
|
|
} xop;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the VEX-prefix.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t data[3];
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.reg field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t R;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the SIB.index field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t X;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.rm, SIB.base, or opcode.reg field (inverted).
|
2016-12-05 09:24:01 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t B;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Opcode-map specifier.
|
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t m_mmmm;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t W;
|
|
|
|
|
/**
|
|
|
|
|
* @brief NDS register specifier (inverted).
|
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t vvvv;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Vector-length specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t L;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t pp;
|
|
|
|
|
} vex;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the EVEX-prefix.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t data[4];
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.reg field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the SIB.index/vidx field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t X;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Extension of the ModRM.rm or SIB.base field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t B;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief High-16 register specifier modifier (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Opcode-map specifier.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t mm;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t W;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief NDS register specifier (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
uint8_t vvvv;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t pp;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Zeroing/Merging.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t z;
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Vector-length specifier or rounding-control (most significant bit).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t L2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Vector-length specifier or rounding-control (least significant bit).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t L;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Broadcast/RC/SAE Context.
|
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t b;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief High-16 NDS/VIDX register specifier.
|
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t V2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Embedded opmask register specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t aaa;
|
|
|
|
|
} evex;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Detailed info about the MVEX-prefix.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isDecoded;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t data[4];
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extension of the ModRM.reg field (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t R;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extension of the SIB.index/vidx field (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t X;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Extension of the ModRM.rm or SIB.base field (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t B;
|
|
|
|
|
/**
|
|
|
|
|
* @brief High-16 register specifier modifier (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t R2;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Opcode-map specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t mmmm;
|
|
|
|
|
/**
|
|
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t W;
|
|
|
|
|
/**
|
|
|
|
|
* @brief NDS register specifier (inverted).
|
|
|
|
|
*/
|
|
|
|
|
uint8_t vvvv;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t pp;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Non-temporal/eviction hint.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t E;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Swizzle/broadcast/up-convert/down-convert/static-rounding controls.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t SSS;
|
|
|
|
|
/**
|
|
|
|
|
* @brief High-16 NDS/VIDX register specifier.
|
|
|
|
|
*/
|
|
|
|
|
uint8_t V2;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Embedded opmask register specifier.
|
|
|
|
|
*/
|
2017-06-13 01:16:01 +08:00
|
|
|
uint8_t kkk;
|
2017-05-09 00:18:08 +08:00
|
|
|
} mvex;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the ModRM-byte.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t data[1];
|
|
|
|
|
uint8_t mod;
|
|
|
|
|
uint8_t reg;
|
|
|
|
|
uint8_t rm;
|
|
|
|
|
} modrm;
|
|
|
|
|
/**
|
2017-01-13 02:37:57 +08:00
|
|
|
* @brief Detailed info about the SIB-byte.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t data[1];
|
|
|
|
|
uint8_t scale;
|
|
|
|
|
uint8_t index;
|
|
|
|
|
uint8_t base;
|
|
|
|
|
} sib;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Detailed info about displacement-bytes.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief The displacement value
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
int64_t value;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The physical displacement size, in bits.
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
uint8_t size;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The offset of the displacement data, relative to the beginning of the
|
|
|
|
|
* instruction, in bytes.
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
uint8_t offset;
|
2017-05-09 00:18:08 +08:00
|
|
|
} disp;
|
|
|
|
|
/**
|
|
|
|
|
* @brief Detailed info about immediate-bytes.
|
|
|
|
|
*/
|
|
|
|
|
struct
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the immediate value is signed.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isSigned;
|
2017-06-13 01:16:01 +08:00
|
|
|
/**
|
|
|
|
|
* @brief Signals, if the immediate value contains a relative offset. You can use
|
|
|
|
|
* @c ZydisUtilsCalcAbsoluteTargetAddress to determine the absolute address
|
|
|
|
|
* value.
|
|
|
|
|
*/
|
|
|
|
|
ZydisBool isRelative;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The immediate value.
|
|
|
|
|
*/
|
|
|
|
|
union
|
2017-07-01 07:10:03 +08:00
|
|
|
{
|
|
|
|
|
uint64_t u;
|
|
|
|
|
int64_t s;
|
2017-05-09 00:18:08 +08:00
|
|
|
} value;
|
|
|
|
|
/**
|
|
|
|
|
* @brief The physical immediate size, in bits.
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
uint8_t size;
|
2017-05-09 00:18:08 +08:00
|
|
|
/**
|
|
|
|
|
* @brief The offset of the immediate data, relative to the beginning of the
|
|
|
|
|
* instruction, in bytes.
|
|
|
|
|
*/
|
2017-07-01 07:10:03 +08:00
|
|
|
uint8_t offset;
|
2017-05-09 00:18:08 +08:00
|
|
|
} imm[2];
|
2017-07-04 22:10:21 +08:00
|
|
|
} raw;
|
2016-09-22 02:02:09 +08:00
|
|
|
/**
|
|
|
|
|
* @brief This field is intended for custom data and may be freely set by the user.
|
|
|
|
|
*/
|
|
|
|
|
void* userData;
|
2017-07-03 09:14:01 +08:00
|
|
|
} ZydisDecodedInstruction;
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
/* ============================================================================================== */
|
|
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#endif /* ZYDIS_INSTRUCTIONINFO_H */
|
