2015-05-16 11:05:17 +08:00
|
|
|
|
/***************************************************************************************************
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
Zyan Disassembler Engine
|
2014-10-25 05:11:16 +08:00
|
|
|
|
Version 1.0
|
|
|
|
|
|
|
|
|
|
Remarks : Freeware, Copyright must be included
|
|
|
|
|
|
|
|
|
|
Original Author : Florian Bernd
|
2015-05-16 11:05:17 +08:00
|
|
|
|
Modifications : Joel H<EFBFBD>ner
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
|
* furnished to do so, subject to the following conditions:
|
2015-05-16 11:05:17 +08:00
|
|
|
|
*
|
2014-10-25 05:11:16 +08:00
|
|
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
|
|
|
* copies or substantial portions of the Software.
|
2015-05-16 11:05:17 +08:00
|
|
|
|
*
|
2014-10-25 05:11:16 +08:00
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
***************************************************************************************************/
|
2015-03-16 23:37:15 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
#ifndef _ZYDIS_INSTRUCTIONDECODER_H_
|
|
|
|
|
#define _ZYDIS_INSTRUCTIONDECODER_H_
|
2015-03-16 23:37:15 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
#include "ZydisTypes.h"
|
2015-03-16 23:37:15 +08:00
|
|
|
|
#include <stdbool.h>
|
|
|
|
|
#include <stddef.h>
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C"
|
2014-10-25 05:11:16 +08:00
|
|
|
|
{
|
2015-03-16 23:37:15 +08:00
|
|
|
|
#endif
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
/* BaseInput ============================================================================ */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
typedef struct _ZydisBaseInputContext { int a; } ZydisBaseInputContext;
|
2015-03-20 00:13:37 +08:00
|
|
|
|
|
2014-10-27 21:10:22 +08:00
|
|
|
|
/**
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* @brief Releases a data source.
|
|
|
|
|
* @param ctx The context to release.
|
|
|
|
|
* The context may no longer be used after it was released.
|
2014-10-27 21:10:22 +08:00
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisBaseInput_Release(ZydisBaseInputContext *ctx);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Reads the next byte from the data source without altering the current input position
|
|
|
|
|
* or the @c length field of the @c info parameter.
|
|
|
|
|
* @param ctx The data source context.
|
|
|
|
|
* @param info The instruction info struct.
|
|
|
|
|
* @return The current input byte. If the result is zero, you should always check the @c flags
|
|
|
|
|
* field of the @c info parameter for error flags. Possible error values are
|
|
|
|
|
* @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
uint8_t ZydisBaseInput_InputPeek(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Reads the next byte from the data source.
|
|
|
|
|
* @param ctx The data soruce context.
|
|
|
|
|
* @param info The instruction info.
|
|
|
|
|
* @return The current input byte. If the result is zero, you should always check the
|
|
|
|
|
* @c flags field of the @c info parameter for error flags.
|
|
|
|
|
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
|
|
|
|
|
* This method increases the current input position and the @c length field of the @c info
|
|
|
|
|
* parameter. This function also appends the new byte to to @c data field of the @c info
|
|
|
|
|
* parameter.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
uint8_t ZydisBaseInput_InputNext(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the current input byte.
|
|
|
|
|
* @param ctx The data soruce context.
|
|
|
|
|
* @return The current input byte.
|
|
|
|
|
* The current input byte is set everytime the @c inputPeek or @c inputNext method is called.
|
|
|
|
|
*/
|
|
|
|
|
// TODO: check long descr
|
2015-05-16 11:05:17 +08:00
|
|
|
|
uint8_t ZydisBaseInput_InputCurrent(const ZydisBaseInputContext *ctx);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Queries if the end of the data source is reached.
|
|
|
|
|
* @param ctx The data soruce context.
|
|
|
|
|
* @return @c true if end of input, @c false if not.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
bool ZydisBaseInput_IsEndOfInput(const ZydisBaseInputContext *ctx);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the current input position.
|
|
|
|
|
* @param ctx The data soruce context.
|
|
|
|
|
* @return The current input position.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
uint64_t ZydisBaseInput_GetPosition(const ZydisBaseInputContext *ctx);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Sets a new input position.
|
|
|
|
|
* @param ctx The data soruce context.
|
|
|
|
|
* @param position The new input position.
|
|
|
|
|
* @return @c false if the new position exceeds the maximum input length.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
bool ZydisBaseInput_SetPosition(ZydisBaseInputContext *ctx, uint64_t position);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
/* MemoryInput ========================================================================== */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* @brief Creates a memory data source.
|
|
|
|
|
* @param buffer The input buffer.
|
|
|
|
|
* @param bufferLen THe length of the input buffer.
|
|
|
|
|
* @return @c NULL if it fails, else a data source context.
|
2015-05-16 11:05:17 +08:00
|
|
|
|
* @see BaseInput_Release
|
2014-10-27 21:10:22 +08:00
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
// TODO: verify return value
|
|
|
|
|
ZydisBaseInputContext* ZydisMemoryInput_Create(const void* buffer, size_t bufferLen);
|
2015-03-20 00:13:37 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/* Enums ======================================================================================= */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent a disassembler mode.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
typedef enum _ZydisDisassemblerMode /* : uint8_t */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
{
|
2015-03-16 23:37:15 +08:00
|
|
|
|
DM_M16BIT,
|
|
|
|
|
DM_M32BIT,
|
|
|
|
|
DM_M64BIT
|
2015-05-16 11:05:17 +08:00
|
|
|
|
} ZydisDisassemblerMode;
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Values that represent an instruction-set vendor.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
typedef enum _ZydisInstructionSetVendor /* : uint8_t */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
{
|
2015-03-16 23:37:15 +08:00
|
|
|
|
ISV_ANY,
|
|
|
|
|
ISV_INTEL,
|
|
|
|
|
ISV_AMD
|
2015-05-16 11:05:17 +08:00
|
|
|
|
} ZydisInstructionSetVendor;
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
/* InstructionDecoder ======================================================================== */
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
typedef struct _ZydisInstructionDecoderContext { int a; } ZydisInstructionDecoderContext;
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2014-10-25 05:11:16 +08:00
|
|
|
|
/**
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* @brief Creates an instruction decoder.
|
|
|
|
|
* @return @c NULL if it fails, else an instruction decoder context.
|
2015-05-16 11:05:17 +08:00
|
|
|
|
* @see InstructionDecoder_Release
|
2014-10-25 05:11:16 +08:00
|
|
|
|
*/
|
2015-03-16 23:37:15 +08:00
|
|
|
|
// TODO: verify return value
|
2015-05-16 11:05:17 +08:00
|
|
|
|
ZydisInstructionDecoderContext* ZydisInstructionDecoder_Create(void);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* @brief Creates an instruction decoder.
|
|
|
|
|
* @param input A reference to the input data source.
|
|
|
|
|
* @param disassemblerMode The disassembler mode.
|
|
|
|
|
* @param preferredVendor The preferred instruction-set vendor.
|
|
|
|
|
* @param instructionPointer The initial instruction pointer.
|
|
|
|
|
* @return @c NULL if it fails, else an instruction decoder context.
|
2015-05-16 11:05:17 +08:00
|
|
|
|
* @see InstructionDecoder_Release
|
2014-10-25 05:11:16 +08:00
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
ZydisInstructionDecoderContext* ZydisInstructionDecoder_CreateEx(ZydisBaseInputContext *input,
|
|
|
|
|
ZydisDisassemblerMode disassemblerMode, ZydisInstructionSetVendor preferredVendor,
|
2015-03-16 23:37:15 +08:00
|
|
|
|
uint64_t instructionPointer);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
|
|
|
|
/**
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* @brief Releases an instruction decoder.
|
|
|
|
|
* @param ctx The context of the instruction decoder to release.
|
2014-10-25 05:11:16 +08:00
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisInstructionDecoder_Release(ZydisInstructionDecoderContext *ctx);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Decodes the next instruction from the input data source.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
2015-05-16 11:05:17 +08:00
|
|
|
|
* @param info The @c ZydisInstructionInfo struct that receives the information about the decoded
|
2015-03-16 23:37:15 +08:00
|
|
|
|
* instruction.
|
|
|
|
|
* @return This function returns @c false if the current position exceeds the maximum input
|
|
|
|
|
* length. In all other cases (valid and invalid instructions) the return value is
|
|
|
|
|
* @c true.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
bool ZydisInstructionDecoder_DecodeInstruction(ZydisInstructionDecoderContext *ctx,
|
|
|
|
|
ZydisInstructionInfo *info);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns a pointer to the current data source.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @return The context of the data source.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
ZydisBaseInputContext* ZydisInstructionDecoder_GetDataSource(const ZydisInstructionDecoderContext *ctx);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Sets a new data source.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @param input The context of the new input data source.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisInstructionDecoder_SetDataSource(ZydisInstructionDecoderContext *ctx,
|
|
|
|
|
ZydisBaseInputContext *input);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the current disassembler mode.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @return The current disassembler mode.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
ZydisDisassemblerMode ZydisInstructionDecoder_GetDisassemblerMode(ZydisInstructionDecoderContext *ctx);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Sets the current disassembler mode.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @param disassemblerMode The new disassembler mode.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisInstructionDecoder_SetDisassemblerMode(ZydisInstructionDecoderContext *ctx,
|
|
|
|
|
ZydisDisassemblerMode disassemblerMode);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the preferred instruction-set vendor.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @return The preferred instruction-set vendor.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
ZydisInstructionSetVendor ZydisInstructionDecoder_GetPreferredVendor(
|
|
|
|
|
const ZydisInstructionDecoderContext *ctx);
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Sets the preferred instruction-set vendor.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @param preferredVendor The new preferred instruction-set vendor.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisInstructionDecoder_SetPreferredVendor(ZydisInstructionDecoderContext *ctx,
|
|
|
|
|
ZydisInstructionSetVendor preferredVendor);
|
2014-10-27 21:10:22 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Returns the current instruction pointer.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @return The current instruction pointer.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
uint64_t ZydisInstructionDecoder_GetInstructionPointer(ZydisInstructionDecoderContext *ctx);
|
2014-10-30 06:26:17 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/**
|
|
|
|
|
* @brief Sets a new instruction pointer.
|
|
|
|
|
* @param ctx The instruction decoder context.
|
|
|
|
|
* @param instructionPointer The new instruction pointer.
|
|
|
|
|
*/
|
2015-05-16 11:05:17 +08:00
|
|
|
|
void ZydisInstructionDecoder_SetInstructionPointer(ZydisInstructionDecoderContext *ctx,
|
2015-03-16 23:37:15 +08:00
|
|
|
|
uint64_t instructionPointer);
|
2014-10-30 06:26:17 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
/* ============================================================================================= */
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-03-16 23:37:15 +08:00
|
|
|
|
#ifdef __cplusplus
|
2014-10-25 05:11:16 +08:00
|
|
|
|
}
|
2015-03-16 23:37:15 +08:00
|
|
|
|
#endif
|
2014-10-25 05:11:16 +08:00
|
|
|
|
|
2015-05-16 11:05:17 +08:00
|
|
|
|
#endif /* _ZYDIS_INSTRUCTIONDECODER_H_ */
|