zydis/README.md

# Zyan Disassembler Engine (Zydis)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)

Fast and lightweight x86/x86-64 disassembler library.

## Features ##

- Supports all x86 and x86-64 (AMD64) general-purpose and system instructions.
- Supported ISA extensions:
  - FPU (x87), MMX
  - SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4A, AESNI
  - AVX, AVX2, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512F, AVX512PF, AVX512VL
  - ADX, BMI1, BMI2, FMA, FMA4
  - ..
- Optimized for high performance
- No dynamic memory allocation
  - Perfect for kernel-mode drivers and embedded devices
- Very small file-size overhead compared to other common disassembler libraries
- Language bindings
  - C++, Delphi, Python, ..
- Complete doxygen documentation

## Quick Example ##

The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

```C
#include <stdio.h>
#include <Zydis/Zydis.h>

int main()
{
    uint8_t data[] =
    {
        0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75, 
        0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F, 
        0x88, 0xFC, 0xDA, 0x02, 0x00
    };

    ZydisMemoryInput input;
    ZydisInputInitMemoryInput(&input, &data, sizeof(data));

    ZydisInstructionDecoder decoder;
    ZydisDecoderInitInstructionDecoderEx(&decoder, ZYDIS_DISASSEMBLER_MODE_64BIT, 
        (ZydisCustomInput*)&input, ZYDIS_DECODER_FLAG_SKIP_DATA); 
    ZydisDecoderSetInstructionPointer(&decoder, 0x007FFFFFFF400000);

    ZydisInstructionFormatter formatter;
    ZydisFormatterInitInstructionFormatterEx(&formatter, 
        ZYDIS_FORMATTER_STYLE_INTEL, ZYDIS_FORMATTER_FLAG_ALWAYS_DISPLAY_MEMORY_SEGMENT);
  
    ZydisInstructionInfo info;
    char buffer[256];
    while (ZYDIS_SUCCESS(ZydisDecoderDecodeNextInstruction(&decoder, &info)))
    {
        printf("%016llX  ", info.instrAddress);
        if (info.flags & ZYDIS_IFLAG_ERROR_MASK)
        {
            printf(" db %02x\n", info.data[0]);    
            continue;
        }
        ZydisFormatterFormatInstruction(&formatter, &info, &buffer[0], sizeof(buffer));  
        printf(" %s\n", &buffer[0]);
    }
}
```

## Sample Output ##

The above example program generates the following output:

```
007FFFFFFF400000   push rcx
007FFFFFFF400001   lea eax, dword ptr ss:[rbp-0x01]
007FFFFFFF400004   push rax
007FFFFFFF400005   push qword ptr ss:[rbp+0x0C]
007FFFFFFF400008   push qword ptr ss:[rbp+0x08]
007FFFFFFF40000B   call qword ptr ds:[0x008000007588A5B1]
007FFFFFFF400011   test eax, eax
007FFFFFFF400013   js 0x007FFFFFFF42DB15
```

## Compilation ##

Zydis builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.

## License ##

Zyan Disassembler Engine is licensed under the MIT License. Dependencies are under their respective licenses.
CMake bugfix and cosmetical changes to the README file 2017-04-10 04:54:53 +08:00			`# Zyan Disassembler Engine (Zydis)`
			`[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)`
Initial commit 2014-10-25 05:05:43 +08:00
			`Fast and lightweight x86/x86-64 disassembler library.`
Initial commit 2014-10-25 05:11:16 +08:00
			`## Features ##`

Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`- Supports all x86 and x86-64 (AMD64) general-purpose and system instructions.`
Initial commit 2014-10-25 05:11:16 +08:00			`- Supported ISA extensions:`
CMake bugfix and cosmetical changes to the README file 2017-04-10 04:54:53 +08:00			`- FPU (x87), MMX`
			`- SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4A, AESNI`
			`- AVX, AVX2, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512F, AVX512PF, AVX512VL`
			`- ADX, BMI1, BMI2, FMA, FMA4`
			`- ..`
Initial commit 2014-10-25 05:11:16 +08:00			`- Optimized for high performance`
Fixed CMake file 2016-06-20 07:33:29 +08:00			`- No dynamic memory allocation`
CMake bugfix and cosmetical changes to the README file 2017-04-10 04:54:53 +08:00			`- Perfect for kernel-mode drivers and embedded devices`
Fixed CMake file 2016-06-20 07:33:29 +08:00			`- Very small file-size overhead compared to other common disassembler libraries`
			`- Language bindings`
CMake bugfix and cosmetical changes to the README file 2017-04-10 04:54:53 +08:00			`- C++, Delphi, Python, ..`
Fixed instruction pointer pointing to current instead of next instruction Added instruction address field to the VXInstructionInfo struct Added operand access mode information to the VXOperandInfo struct Added abstract data provider interface for the VXInstructionDecoder Added concrete VXBufferDataProvider and VXStreamDataProvider classes Published effectively used REX/VEX.w/r/x/b and VEX.l values in the VXInstructionInfo struct Published extended modrm.reg/rm and sib.base/index values in the VXInstructionInfo struct Internal changes and improvements 2014-10-27 21:10:22 +08:00			`- Complete doxygen documentation`
Initial commit 2014-10-25 05:11:16 +08:00
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`## Quick Example ##`

Project name changed and C-Bindings reverted * Changed project name to Zydis * Removed Zydis (former VX) prefix from classes and enums * Renamed Verteron namespace to Zydis * Reverted C-Bindings back to the old solution * C-Bindings are now based on the C++ source again (and not the other way around) 2015-05-16 11:05:17 +08:00			`The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			```C
			`#include <stdio.h>`
			`#include <Zydis/Zydis.h>`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`int main()`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`{`
			`uint8_t data[] =`
			`{`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,`
			`0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,`
			`0x88, 0xFC, 0xDA, 0x02, 0x00`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`};`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`ZydisMemoryInput input;`
			`ZydisInputInitMemoryInput(&input, &data, sizeof(data));`

			`ZydisInstructionDecoder decoder;`
			`ZydisDecoderInitInstructionDecoderEx(&decoder, ZYDIS_DISASSEMBLER_MODE_64BIT,`
			`(ZydisCustomInput*)&input, ZYDIS_DECODER_FLAG_SKIP_DATA);`
			`ZydisDecoderSetInstructionPointer(&decoder, 0x007FFFFFFF400000);`

			`ZydisInstructionFormatter formatter;`
			`ZydisFormatterInitInstructionFormatterEx(&formatter,`
			`ZYDIS_FORMATTER_STYLE_INTEL, ZYDIS_FORMATTER_FLAG_ALWAYS_DISPLAY_MEMORY_SEGMENT);`

			`ZydisInstructionInfo info;`
			`char buffer[256];`
			`while (ZYDIS_SUCCESS(ZydisDecoderDecodeNextInstruction(&decoder, &info)))`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`{`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`printf("%016llX ", info.instrAddress);`
			`if (info.flags & ZYDIS_IFLAG_ERROR_MASK)`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`{`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`printf(" db %02x\n", info.data[0]);`
			`continue;`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`}`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`ZydisFormatterFormatInstruction(&formatter, &info, &buffer[0], sizeof(buffer));`
			`printf(" %s\n", &buffer[0]);`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`}`
			`}`
			```

Added sample output to README 2016-04-06 06:15:12 +08:00			`## Sample Output ##`

			`The above example program generates the following output:`

			```
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`007FFFFFFF400000 push rcx`
			`007FFFFFFF400001 lea eax, dword ptr ss:[rbp-0x01]`
			`007FFFFFFF400004 push rax`
			`007FFFFFFF400005 push qword ptr ss:[rbp+0x0C]`
			`007FFFFFFF400008 push qword ptr ss:[rbp+0x08]`
			`007FFFFFFF40000B call qword ptr ds:[0x008000007588A5B1]`
			`007FFFFFFF400011 test eax, eax`
			`007FFFFFFF400013 js 0x007FFFFFFF42DB15`
Added sample output to README 2016-04-06 06:15:12 +08:00			```

Initial commit 2014-10-25 05:11:16 +08:00			`## Compilation ##`
improved documentation and README.md 2015-05-22 23:23:32 +08:00
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`Zydis builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.`
improved documentation and README.md 2015-05-22 23:23:32 +08:00
Initial commit 2014-10-25 05:11:16 +08:00			`## License ##`
improved documentation and README.md 2015-05-22 23:23:32 +08:00
CMake bugfix and cosmetical changes to the README file 2017-04-10 04:54:53 +08:00			`Zyan Disassembler Engine is licensed under the MIT License. Dependencies are under their respective licenses.`