2016-05-26 03:25:48 +08:00
|
|
|
/***************************************************************************************************
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
Zyan Disassembler Library (Zydis)
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
Original Author : Florian Bernd
|
|
|
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
* copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
* SOFTWARE.
|
|
|
|
|
|
|
|
***************************************************************************************************/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @file
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Defines the basic @c ZydisInstructionInfo and @c ZydisOperandInfo struct.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef ZYDIS_INSTRUCTIONINFO_H
|
|
|
|
#define ZYDIS_INSTRUCTIONINFO_H
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
#include <Zydis/Types.h>
|
2016-05-26 03:25:48 +08:00
|
|
|
#include <Zydis/Mnemonic.h>
|
|
|
|
#include <Zydis/Register.h>
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
extern "C" {
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* ============================================================================================== */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* Operand info */
|
2016-05-26 03:25:48 +08:00
|
|
|
/* ============================================================================================== */
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Operand type */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-11-21 21:55:17 +08:00
|
|
|
* @brief Defines the @c ZydisOperandType datatype.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisOperandType;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent operand-types.
|
|
|
|
*/
|
|
|
|
enum ZydisOperandTypes
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief The operand is not used.
|
|
|
|
*/
|
|
|
|
ZYDIS_OPERAND_TYPE_UNUSED,
|
|
|
|
/**
|
|
|
|
* @brief The operand is a register operand.
|
|
|
|
*/
|
|
|
|
ZYDIS_OPERAND_TYPE_REGISTER,
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is a memory operand.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
ZYDIS_OPERAND_TYPE_MEMORY,
|
|
|
|
/**
|
|
|
|
* @brief The operand is a pointer operand with a segment:offset lvalue.
|
|
|
|
*/
|
|
|
|
ZYDIS_OPERAND_TYPE_POINTER,
|
|
|
|
/**
|
|
|
|
* @brief The operand is an immediate operand.
|
|
|
|
*/
|
|
|
|
ZYDIS_OPERAND_TYPE_IMMEDIATE
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Operand encoding */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-11-21 21:55:17 +08:00
|
|
|
* @brief Defines the @c ZydisOperandEncoding datatype.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisOperandEncoding;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent operand-encodings.
|
|
|
|
*/
|
|
|
|
enum ZydisOperandEncodings
|
|
|
|
{
|
|
|
|
ZYDIS_OPERAND_ENCODING_NONE,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.reg field.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_REG,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD2,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD4,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD8,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD16,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD32,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the modrm.rm field and uses the compressed-disp8 form.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_RM_CD64,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the lower 4 bits of the opcode (register only).
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_OPCODE,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the vex/evex.vvvv field.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_VVVV,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the evex.aaa field.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_AAA,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the low-part of an 8-bit immediate value.
|
|
|
|
*/
|
2016-09-13 11:26:55 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM8_LO,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded in the high-part of an 8-bit immediate value.
|
|
|
|
*/
|
2016-09-13 11:26:55 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM8_HI,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded as an 8-bit immediate value.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM8,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded as an 16-bit immediate value.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM16,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded as an 32-bit immediate value.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM32,
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand is encoded as an 64-bit immediate value.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
ZYDIS_OPERAND_ENCODING_IMM64
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* Operand visibility */
|
2016-05-26 03:25:48 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Defines the @c ZydisOperandVisibility datatype.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
typedef uint8_t ZydisOperandVisibility;
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Values that represent operand-visibilities.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
enum ZydisOperandVisibilities
|
2016-05-26 03:25:48 +08:00
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is explicitly encoded in the instruction.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_VISIBILITY_EXPLICIT,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is part of the opcode, but listed as an operand.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_VISIBILITY_IMPLICIT,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is part of the opcode, and not typically listed as an operand.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_VISIBILITY_HIDDEN
|
2016-05-26 03:25:48 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* Operand action */
|
2016-05-26 03:25:48 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Defines the @c ZydisOperandAction datatype.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
typedef uint8_t ZydisOperandAction;
|
2016-05-26 03:25:48 +08:00
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Values that represent operand-actions.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
enum ZydisOperandActions
|
2016-05-26 03:25:48 +08:00
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is read by the instruction.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_READ,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is written by the instruction (must write).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_WRITE,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is read and written by the instruction (must write).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_READWRITE,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is conditionally read by the instruction.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_COND_READ,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is conditionally written by the instruction (may write).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_COND_WRITE,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is read and conditionally written by the instruction (may write).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_READ_COND_WRITE,
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand is written conditionally read by the instruction (must write).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_OPERAND_ACTION_WRITE_COND_READ,
|
2016-05-26 03:25:48 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Operand info */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Defines the @c ZydisOperandInfo struct.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
typedef struct ZydisOperandInfo_
|
|
|
|
{
|
2016-11-26 20:08:37 +08:00
|
|
|
/**
|
|
|
|
* @brief The operand-id.
|
|
|
|
*/
|
|
|
|
uint8_t id;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The type of the operand.
|
|
|
|
*/
|
|
|
|
ZydisOperandType type;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The visibility of the operand.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisOperandVisibility visibility;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand-encoding (only valid for explicit operands).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
ZydisOperandEncoding encoding;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The operand-action.
|
|
|
|
*/
|
|
|
|
ZydisOperandAction action;
|
|
|
|
/**
|
|
|
|
* @brief The logical size of the operand (in bytes).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint16_t size;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for register-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
ZydisRegister reg;
|
|
|
|
/**
|
|
|
|
* @brief Extended info for memory-operands.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
2016-11-14 09:10:59 +08:00
|
|
|
/**
|
|
|
|
* @brief The adress size (16, 32 or 64 bit).
|
|
|
|
*/
|
|
|
|
uint8_t addressSize;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The segment register.
|
|
|
|
*/
|
|
|
|
ZydisRegister segment;
|
|
|
|
/**
|
|
|
|
* @brief The base register.
|
|
|
|
*/
|
|
|
|
ZydisRegister base;
|
|
|
|
/**
|
|
|
|
* @brief The index register.
|
|
|
|
*/
|
|
|
|
ZydisRegister index;
|
|
|
|
/**
|
|
|
|
* @brief The scale factor.
|
|
|
|
*/
|
|
|
|
uint8_t scale;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for memory-operands with displacement.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief The displacement value
|
|
|
|
*/
|
|
|
|
union
|
|
|
|
{
|
|
|
|
int8_t sbyte;
|
|
|
|
int16_t sword;
|
|
|
|
int32_t sdword;
|
|
|
|
int64_t sqword;
|
|
|
|
} value;
|
2016-11-12 05:03:26 +08:00
|
|
|
/**
|
|
|
|
* @brief The physical displacement size.
|
|
|
|
*/
|
|
|
|
uint8_t dataSize;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The offset of the displacement data, relative to the beginning of the
|
|
|
|
* instruction.
|
|
|
|
*/
|
|
|
|
uint8_t dataOffset;
|
|
|
|
} disp;
|
|
|
|
} mem;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for pointer-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
uint16_t segment;
|
|
|
|
uint32_t offset;
|
|
|
|
} ptr;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extended info for immediate-operands.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief Signals, if the immediate value is signed.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isSigned;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Signals, if the immediate value contains a relative offset.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isRelative;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The immediate value.
|
|
|
|
*/
|
|
|
|
union
|
|
|
|
{
|
|
|
|
int8_t sbyte;
|
|
|
|
uint8_t ubyte;
|
|
|
|
int16_t sword;
|
|
|
|
uint16_t uword;
|
|
|
|
int32_t sdword;
|
|
|
|
uint32_t udword;
|
|
|
|
int64_t sqword;
|
|
|
|
uint64_t uqword;
|
|
|
|
} value;
|
2016-11-12 05:03:26 +08:00
|
|
|
/**
|
|
|
|
* @brief The physical immediate size.
|
|
|
|
*/
|
|
|
|
uint8_t dataSize;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The offset of the immediate data, relative to the beginning of the
|
|
|
|
* instruction.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
uint8_t dataOffset;
|
|
|
|
} imm;
|
2016-09-22 02:02:09 +08:00
|
|
|
/**
|
|
|
|
* @brief This field is intended for custom data and may be freely set by the user.
|
|
|
|
*/
|
|
|
|
void* userData;
|
2016-05-26 03:25:48 +08:00
|
|
|
} ZydisOperandInfo;
|
|
|
|
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ============================================================================================== */
|
2016-05-26 03:25:48 +08:00
|
|
|
/* Instruction info */
|
2016-12-05 09:24:01 +08:00
|
|
|
/* ============================================================================================== */
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Disassembler mode */
|
2016-05-26 03:25:48 +08:00
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Defines the @c ZydisDisassemblerMode datatype.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
typedef uint8_t ZydisDisassemblerMode;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent disassembler-modes.
|
|
|
|
*/
|
|
|
|
enum ZydisDisassemblerModes
|
2016-05-26 03:25:48 +08:00
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_DISASSEMBLER_MODE_16BIT = 16,
|
|
|
|
ZYDIS_DISASSEMBLER_MODE_32BIT = 32,
|
|
|
|
ZYDIS_DISASSEMBLER_MODE_64BIT = 64
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Instruction encoding */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisInstructionEncoding datatype.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisInstructionEncoding;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent instruction-encodings.
|
|
|
|
*/
|
|
|
|
enum ZydisInstructionEncodings
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief The instruction uses the default operand-encoding.
|
|
|
|
*/
|
|
|
|
ZYDIS_INSTRUCTION_ENCODING_DEFAULT = 0x00,
|
|
|
|
/**
|
|
|
|
* @brief The instruction uses the AMD 3DNow operand-encoding.
|
|
|
|
*/
|
|
|
|
ZYDIS_INSTRUCTION_ENCODING_3DNOW = 0x01,
|
|
|
|
/**
|
|
|
|
* @brief The instruction uses the AMD XOP operand-encoding.
|
|
|
|
*/
|
|
|
|
ZYDIS_INSTRUCTION_ENCODING_XOP = 0x02,
|
|
|
|
/**
|
|
|
|
* @brief The instruction uses the VEX operand-encoding.
|
|
|
|
*/
|
|
|
|
ZYDIS_INSTRUCTION_ENCODING_VEX = 0x03,
|
|
|
|
/**
|
|
|
|
* @brief The instruction uses the EVEX operand-encoding.
|
|
|
|
*/
|
|
|
|
ZYDIS_INSTRUCTION_ENCODING_EVEX = 0x04
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Opcode map */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisOpcodeMap map.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisOpcodeMap;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent opcode-maps.
|
|
|
|
*/
|
|
|
|
enum ZydisOpcodeMaps
|
|
|
|
{
|
|
|
|
ZYDIS_OPCODE_MAP_DEFAULT = 0x00,
|
|
|
|
ZYDIS_OPCODE_MAP_0F = 0x01,
|
|
|
|
ZYDIS_OPCODE_MAP_0F38 = 0x02,
|
|
|
|
ZYDIS_OPCODE_MAP_0F3A = 0x03,
|
|
|
|
ZYDIS_OPCODE_MAP_XOP8 = 0x04,
|
|
|
|
ZYDIS_OPCODE_MAP_XOP9 = 0x05,
|
|
|
|
ZYDIS_OPCODE_MAP_XOPA = 0x06
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Instruction attributes */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisInstructionAttributes datatype.
|
|
|
|
*/
|
|
|
|
typedef uint64_t ZydisInstructionAttributes;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the modrm byte.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_MODRM 0x0000000000000001
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the sib byte.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SIB 0x0000000000000002
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the rex prefix.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REX 0x0000000000000004
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the xop prefix.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_XOP 0x0000000000000008
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the vex prefix.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_VEX 0x0000000000000010
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the evex prefix.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_EVEX 0x0000000000000020
|
|
|
|
/**
|
|
|
|
* @brief The instruction has one or more operands with position-relative offsets.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_IS_RELATIVE 0x0000000000000040
|
|
|
|
/**
|
|
|
|
* @brief The instruction is privileged and may only be executed in ring0.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_IS_PRIVILEGED 0x0000000000000080
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the lock prefix (0xF0).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_LOCK 0x0000000000000100
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the rep prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REP 0x0000000000000200
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the repe/repz prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPE 0x0000000000000400
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the repe/repz prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPZ 0x0000000000000400
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the repne/repnz prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPNE 0x0000000000000800
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the repne/repnz prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_REPNZ 0x0000000000000800
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the bound prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_BOUND 0x0000000000001000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the xacquire prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_XACQUIRE 0x0000000000002000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the xrelease prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_XRELEASE 0x0000000000004000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the xacquire/xrelease prefixes (0xF2, 0xF3) without the
|
|
|
|
* lock-prefix (0x0F).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_HLE_WITHOUT_LOCK 0x0000000000008000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts branch hints (0x2E, 0x3E).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_BRANCH_HINTS 0x0000000000010000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts segment prefixes (0x2E, 0x36, 0x3E, 0x26, 0x64, 0x65).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_SEGMENT 0x0000000000020000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the operand-size prefix (0x66).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_OPERANDSIZE 0x0000000000040000
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts the address-size prefix (0x67).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_ACCEPTS_ADDRESSSIZE 0x0000000000080000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the lock prefix (0xF0).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_LOCK 0x0000000000100000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the rep prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REP 0x0000000000200000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the repe/repz prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REPE 0x0000000000400000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the repe/repz prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REPZ 0x0000000000400000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the repne/repnz prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REPNE 0x0000000000800000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the repne/repnz prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_REPNZ 0x0000000000800000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the bound prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_BOUND 0x0000000001000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the xacquire prefix (0xF2).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_XACQUIRE 0x0000000002000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the xrelease prefix (0xF3).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_XRELEASE 0x0000000004000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the branch-not-taken hint (0x2E).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_BRANCH_NOT_TAKEN 0x0000000008000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the branch-taken hint (0x3E).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_BRANCH_TAKEN 0x0000000010000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has a segment modifier.
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT 0x00000007E0000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the CS segment modifier (0x2E).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_CS 0x0000000020000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the SS segment modifier (0x36).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_SS 0x0000000040000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the DS segment modifier (0x3E).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_DS 0x0000000080000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the ES segment modifier (0x25).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_ES 0x0000000100000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the FS segment modifier (0x64).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_FS 0x0000000200000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the GS segment modifier (0x65).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_SEGMENT_GS 0x0000000400000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the operand-size prefix (0x66).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_OPERANDSIZE 0x0000000800000000
|
|
|
|
/**
|
|
|
|
* @brief The instruction has the address-size prefix (0x66).
|
|
|
|
*/
|
|
|
|
#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE 0x0000001000000000
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* AVX mask policy */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisAVX512MaskPolicy datatype.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisAVX512MaskPolicy;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent avx-512 mask-policies.
|
|
|
|
*/
|
|
|
|
enum ZydisAVX512MaskPolicies
|
|
|
|
{
|
|
|
|
ZYDIS_AVX512_MASKPOLICY_INVALID,
|
|
|
|
/**
|
|
|
|
* @brief The instruction accepts mask-registers other than the default-mask (@c REG_K0), but
|
|
|
|
* does not require them.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_MASKPOLICY_MASK_ACCEPTED,
|
|
|
|
/**
|
|
|
|
* @brief The instruction requires a mask-register other than the default-mask (@c REG_K0).
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_MASKPOLICY_MASK_REQUIRED,
|
|
|
|
/**
|
|
|
|
* @brief The instruction does not allow a mask-register other than the default-mask
|
|
|
|
* (@c REG_K0).
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_MASKPOLICY_MASK_FORBIDDEN
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* AVX mask mode */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisAVX512MaskMode datatype.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisAVX512MaskMode;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent avx-512 mask-modes.
|
|
|
|
*/
|
|
|
|
enum ZydisAVX512MaskModes
|
|
|
|
{
|
|
|
|
ZYDIS_AVX512_MASKMODE_INVALID,
|
|
|
|
/**
|
|
|
|
* @brief Merge mode. This is the default mode for all evex-instructions.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_MASKMODE_MERGE,
|
|
|
|
/**
|
|
|
|
* @brief The zeroing mode is enabled for this instruction.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_MASKMODE_ZERO
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* AVX broadcast type */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisAVX512BroadcastType datatype.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisAVX512BroadcastType;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent avx-512 broadcast-types.
|
|
|
|
*/
|
|
|
|
enum ZydisAVX512BroadcastTypes
|
|
|
|
{
|
|
|
|
ZYDIS_AVX512_BCSTMODE_INVALID,
|
|
|
|
/**
|
|
|
|
* @brief 1to2 broadcast.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_BCSTMODE_2,
|
|
|
|
/**
|
|
|
|
* @brief 1to4 broadcast.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_BCSTMODE_4,
|
|
|
|
/**
|
|
|
|
* @brief 1to8 broadcast.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_BCSTMODE_8,
|
|
|
|
/**
|
|
|
|
* @brief 1to16 broadcast.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX512_BCSTMODE_16
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* AVX rounding mode */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the @c ZydisAVX512RoundingMode datatype.
|
|
|
|
*/
|
|
|
|
typedef uint8_t ZydisAVX512RoundingMode;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Values that represent avx-512 rounding-modes.
|
|
|
|
*/
|
|
|
|
enum ZydisAVXRoundingModes
|
|
|
|
{
|
|
|
|
ZYDIS_AVX_RNDMODE_INVALID,
|
|
|
|
/**
|
|
|
|
* @brief Round to nearest.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX_RNDMODE_RN,
|
|
|
|
/**
|
|
|
|
* @brief Round down.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZYDIS_AVX_RNDMODE_RD,
|
|
|
|
/**
|
|
|
|
* @brief Round up.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX_RNDMODE_RU,
|
|
|
|
/**
|
|
|
|
* @brief Round towards zero.
|
|
|
|
*/
|
|
|
|
ZYDIS_AVX_RNDMODE_RZ
|
|
|
|
};
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
/* Instruction info */
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief Defines the zydis instruction info struct.
|
|
|
|
*/
|
|
|
|
typedef struct ZydisInstructionInfo_
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief The disassembler-mode used to decode this instruction.
|
|
|
|
*/
|
|
|
|
ZydisDisassemblerMode mode;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The instruction-mnemonic.
|
|
|
|
*/
|
|
|
|
ZydisInstructionMnemonic mnemonic;
|
|
|
|
/**
|
|
|
|
* @brief The length of the decoded instruction.
|
|
|
|
*/
|
|
|
|
uint8_t length;
|
|
|
|
/**
|
|
|
|
* @brief The raw bytes of the decoded instruction.
|
|
|
|
*/
|
|
|
|
uint8_t data[15];
|
|
|
|
/**
|
|
|
|
* @brief The instruction-encoding (default, 3dnow, vex, evex, xop).
|
|
|
|
*/
|
|
|
|
ZydisInstructionEncoding encoding;
|
|
|
|
/**
|
|
|
|
* @brief The opcode-map.
|
|
|
|
*/
|
|
|
|
ZydisOpcodeMap opcodeMap;
|
|
|
|
/**
|
|
|
|
* @brief The instruction-opcode.
|
|
|
|
*/
|
|
|
|
uint8_t opcode;
|
|
|
|
/**
|
|
|
|
* @brief The number of instruction-operands.
|
|
|
|
*/
|
|
|
|
uint8_t operandCount;
|
|
|
|
/**
|
|
|
|
* @brief Detailed info for all instruction operands.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisOperandInfo operands[5];
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Instruction attributes.
|
2016-11-24 17:57:23 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisInstructionAttributes attributes;
|
2016-11-24 17:57:23 +08:00
|
|
|
/**
|
|
|
|
* @brief The instruction address points at the current instruction (relative to the
|
|
|
|
* initial instruction pointer).
|
|
|
|
*/
|
|
|
|
uint64_t instrAddress;
|
|
|
|
/**
|
|
|
|
* @brief The instruction pointer points at the address of the next instruction (relative
|
|
|
|
* to the initial instruction pointer).
|
|
|
|
*
|
|
|
|
* This field is used to properly format relative instructions.
|
|
|
|
*/
|
|
|
|
uint64_t instrPointer;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Extended info for avx-related instructions.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The AVX mask-policy.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisAVX512MaskPolicy maskPolicy;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The AVX mask-mode.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisAVX512MaskMode maskMode;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The AVX mask-register.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisRegister maskRegister;
|
|
|
|
/**
|
|
|
|
* @brief The avx-512 broadcast-type.
|
|
|
|
*/
|
|
|
|
ZydisAVX512BroadcastType broadcast;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief The avx-512 rounding-mode.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisAVX512RoundingMode roundingMode;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE, if the avx-512 suppress-all-exceptions flag is set.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool hasSAE;
|
2016-11-24 17:57:23 +08:00
|
|
|
} avx;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Extended info about different instruction-parts like modrm, sib or
|
|
|
|
* encoding-prefixes.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
* @brief Detailed info about the legacy prefixes
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
uint8_t hasF0;
|
|
|
|
uint8_t hasF3;
|
|
|
|
uint8_t hasF2;
|
|
|
|
uint8_t has2E;
|
|
|
|
uint8_t has36;
|
|
|
|
uint8_t has3E;
|
|
|
|
uint8_t has26;
|
|
|
|
uint8_t has64;
|
|
|
|
uint8_t has65;
|
|
|
|
uint8_t has66;
|
|
|
|
uint8_t has67;
|
|
|
|
} prefixes;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Detailed info about the rex-prefix.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
*/
|
|
|
|
uint8_t data[1];
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief 64-bit operand-size promotion.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t W;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Extension of the modrm.reg field.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Extension of the sib.index field.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t X;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extension of the modrm.rm, sib.base, or opcode.reg field.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t B;
|
2016-05-26 03:25:48 +08:00
|
|
|
} rex;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
* @brief Detailed info about the xop-prefix.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
|
|
|
*/
|
|
|
|
ZydisBool isDecoded;
|
|
|
|
/**
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
*/
|
|
|
|
uint8_t data[3];
|
|
|
|
/**
|
|
|
|
* @brief Extension of the modrm.reg field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t R;
|
|
|
|
/**
|
|
|
|
* @brief Extension of the sib.index field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t X;
|
|
|
|
/**
|
|
|
|
* @brief Extension of the modrm.rm, sib.base, or opcode.reg field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t B;
|
|
|
|
/**
|
|
|
|
* @brief Opcode-map specifier.
|
|
|
|
*/
|
|
|
|
uint8_t m_mmmm;
|
|
|
|
/**
|
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
|
|
|
*/
|
|
|
|
uint8_t W;
|
|
|
|
/**
|
|
|
|
* @brief NDS register specifier (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t vvvv;
|
|
|
|
/**
|
|
|
|
* @brief Vector-length specifier.
|
|
|
|
*/
|
|
|
|
uint8_t L;
|
|
|
|
/**
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
*/
|
|
|
|
uint8_t pp;
|
|
|
|
} xop;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Detailed info about the vex-prefix.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
*/
|
|
|
|
uint8_t data[3];
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
* @brief Extension of the modrm.reg field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t R;
|
|
|
|
/**
|
|
|
|
* @brief Extension of the sib.index field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t X;
|
|
|
|
/**
|
|
|
|
* @brief Extension of the modrm.rm, sib.base, or opcode.reg field (inverted).
|
|
|
|
*/
|
|
|
|
uint8_t B;
|
|
|
|
/**
|
|
|
|
* @brief Opcode-map specifier.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t m_mmmm;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
|
|
|
*/
|
|
|
|
uint8_t W;
|
|
|
|
/**
|
|
|
|
* @brief NDS register specifier (inverted).
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t vvvv;
|
2016-12-05 09:24:01 +08:00
|
|
|
/**
|
|
|
|
* @brief Vector-length specifier.
|
|
|
|
*/
|
|
|
|
uint8_t L;
|
|
|
|
/**
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
*/
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t pp;
|
|
|
|
} vex;
|
|
|
|
/**
|
|
|
|
* @brief Detailed info about the evex-prefix.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief @c TRUE if the prefix got already decoded.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief The raw bytes of the prefix.
|
|
|
|
*/
|
|
|
|
uint8_t data[4];
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extension of the modrm.reg field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extension of the sib.index/vidx field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t X;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Extension of the modrm.rm or sib.base field (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t B;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief High-16 register specifier modifier (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t R2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Opcode-map specifier.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
uint8_t mm;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief 64-bit operand-size promotion or opcode-extension.
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t W;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief NDS register specifier (inverted).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
|
|
|
uint8_t vvvv;
|
|
|
|
/**
|
|
|
|
* @brief Compressed legacy prefix.
|
|
|
|
*/
|
|
|
|
uint8_t pp;
|
|
|
|
/**
|
|
|
|
* @brief Zeroing/Merging.
|
|
|
|
*/
|
|
|
|
uint8_t z;
|
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Vector-length specifier or rounding-control (most significant bit).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t L2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
2016-12-05 09:24:01 +08:00
|
|
|
* @brief Vector-length specifier or rounding-control (least significant bit).
|
2016-05-26 03:25:48 +08:00
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t L;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Broadcast/RC/SAE Context.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t b;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief High-16 NDS/VIDX register specifier.
|
|
|
|
*/
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t V2;
|
2016-05-26 03:25:48 +08:00
|
|
|
/**
|
|
|
|
* @brief Embedded opmask register specifier.
|
|
|
|
*/
|
|
|
|
uint8_t aaa;
|
|
|
|
} evex;
|
|
|
|
/**
|
|
|
|
* @brief Detailed info about the modrm-byte.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t data[1];
|
|
|
|
uint8_t mod;
|
|
|
|
uint8_t reg;
|
|
|
|
uint8_t rm;
|
|
|
|
} modrm;
|
|
|
|
/**
|
|
|
|
* @brief Detailed info about the sib-byte.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
2016-12-05 09:24:01 +08:00
|
|
|
ZydisBool isDecoded;
|
2016-05-26 03:25:48 +08:00
|
|
|
uint8_t data[1];
|
|
|
|
uint8_t scale;
|
|
|
|
uint8_t index;
|
|
|
|
uint8_t base;
|
|
|
|
} sib;
|
|
|
|
/**
|
|
|
|
* @brief Internal data.
|
|
|
|
*/
|
|
|
|
struct
|
|
|
|
{
|
2016-11-24 17:57:23 +08:00
|
|
|
const void* definition;
|
2016-12-05 09:24:01 +08:00
|
|
|
uint8_t W;
|
|
|
|
uint8_t R;
|
|
|
|
uint8_t X;
|
|
|
|
uint8_t B;
|
|
|
|
uint8_t L;
|
|
|
|
uint8_t L2;
|
2016-12-06 04:06:29 +08:00
|
|
|
uint8_t R2;
|
|
|
|
uint8_t V2;
|
2016-12-05 09:24:01 +08:00
|
|
|
} internal; // TODO: Move into decoder struct
|
2016-05-26 03:25:48 +08:00
|
|
|
} details;
|
2016-09-22 02:02:09 +08:00
|
|
|
/**
|
|
|
|
* @brief This field is intended for custom data and may be freely set by the user.
|
|
|
|
*/
|
|
|
|
void* userData;
|
2016-05-26 03:25:48 +08:00
|
|
|
} ZydisInstructionInfo;
|
|
|
|
|
|
|
|
/* ---------------------------------------------------------------------------------------------- */
|
|
|
|
|
|
|
|
/* ============================================================================================== */
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif /* ZYDIS_INSTRUCTIONINFO_H */
|