zydis/README.md

![zydis logo](https://mainframe.pw/u/P94JAqY9XSDdPedv.svg?x)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Gitter](https://badges.gitter.im/zyantific/zyan-disassembler-engine.svg)](https://gitter.im/zyantific/zydis?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=body_badge) [![Discord](https://img.shields.io/discord/390136917779415060.svg)](https://discordapp.com/channels/390136917779415060/390138781313007626) [![Build status](https://ci.appveyor.com/api/projects/status/2tad27q0b9v6qtga/branch/master?svg=true)](https://ci.appveyor.com/project/athre0z/zydis/branch/master)

Fast and lightweight x86/x86-64 disassembler library.

## Features

- Supports all x86 and x86-64 (AMD64) instructions and [extensions](https://github.com/zyantific/zydis/blob/master/include/Zydis/Generated/EnumISAExt.h)
- Optimized for high performance
- No dynamic memory allocation ("malloc")
- Thread-safe by design
- Very small file-size overhead compared to other common disassembler libraries
- [Complete doxygen documentation](https://www.zyantific.com/doc/zydis/index.html)
- Absolutely no dependencies — [not even libc](https://github.com/zyantific/zydis/blob/develop/CMakeLists.txt#L32)
  - Should compile on any platform with a working C99 compiler
  - Tested on Windows, macOS, FreeBSD and Linux, both user and kernel mode

## Quick Example

The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

```C
#include <stdio.h>
#include <inttypes.h>
#include <Zydis/Zydis.h>

int main()
{
    uint8_t data[] =
    {
        0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,
        0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,
        0x88, 0xFC, 0xDA, 0x02, 0x00
    };

    // Initialize decoder context.
    ZydisDecoder decoder;
    ZydisDecoderInit(
        &decoder,
        ZYDIS_MACHINE_MODE_LONG_64,
        ZYDIS_ADDRESS_WIDTH_64);

    // Initialize formatter. Only required when you actually plan to
    // do instruction formatting ("disassembling"), like we do here.
    ZydisFormatter formatter;
    ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);

    // Loop over the instructions in our buffer.
    // The IP is chosen arbitrary here in order to better visualize
    // relative addressing.
    uint64_t instructionPointer = 0x007FFFFFFF400000;
    size_t offset = 0;
    size_t length = sizeof(data);
    ZydisDecodedInstruction instruction;
    while (ZYDIS_SUCCESS(ZydisDecoderDecodeBuffer(
        &decoder, data + offset, length - offset,
        instructionPointer, &instruction)))
    {
        // Print current instruction pointer.
        printf("%016" PRIX64 "  ", instructionPointer);

        // Format & print the binary instruction
        // structure to human readable format.
        char buffer[256];
        ZydisFormatterFormatInstruction(
            &formatter, &instruction, buffer, sizeof(buffer));
        puts(buffer);

        offset += instruction.length;
        instructionPointer += instruction.length;
    }
}
```

## Sample Output

The above example program generates the following output:

```
007FFFFFFF400000   push rcx
007FFFFFFF400001   lea eax, [rbp-0x01]
007FFFFFFF400004   push rax
007FFFFFFF400005   push qword ptr [rbp+0x0C]
007FFFFFFF400008   push qword ptr [rbp+0x08]
007FFFFFFF40000B   call [0x008000007588A5B1]
007FFFFFFF400011   test eax, eax
007FFFFFFF400013   js 0x007FFFFFFF42DB15
```

## Build

#### Unix

Zydis builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.

```bash
git clone 'https://github.com/zyantific/zydis.git'
cd zydis
mkdir build && cd build
cmake ..
make
```

#### Windows

Either use the [Visual Studio 2017 project](https://github.com/zyantific/zydis/tree/master/msvc) or build Zydis using [CMake](https://cmake.org/download/) ([video guide](https://www.youtube.com/watch?v=fywLDK1OAtQ)).

## `ZydisInfo` tool
![ZydisInfo](https://raw.githubusercontent.com/zyantific/zydis/master/assets/screenshots/ZydisInfo.png)

## Credits
- Intel (for open-sourcing [XED](https://github.com/intelxed/xed), allowing for automatic comparision of our tables against theirs, improving both)
- [LLVM](https://llvm.org) (for providing pretty solid instruction data as well)
- Christian Ludloff (http://sandpile.org, insanely helpful)
- [LekoArts](https://www.lekoarts.de/) (for creating the project logo)
- Our [contributors on GitHub](https://github.com/zyantific/zydis/graphs/contributors)

## License

Zydis is licensed under the MIT license.
Fixed URL in README.md 2017-11-24 10:28:31 +08:00			`![zydis logo](https://mainframe.pw/u/P94JAqY9XSDdPedv.svg?x)`
Update README.md Updated badges 2017-12-13 18:55:30 +08:00			[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Gitter](https://badges.gitter.im/zyantific/zyan-disassembler-engine.svg)](https://gitter.im/zyantific/zydis?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=body_badge) [![Discord](https://img.shields.io/discord/390136917779415060.svg)](https://discordapp.com/channels/390136917779415060/390138781313007626) [![Build status](https://ci.appveyor.com/api/projects/status/2tad27q0b9v6qtga/branch/master?svg=true)](https://ci.appveyor.com/project/athre0z/zydis/branch/master)
Initial commit 2014-10-25 05:05:43 +08:00
			`Fast and lightweight x86/x86-64 disassembler library.`
Initial commit 2014-10-25 05:11:16 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`## Features`
Initial commit 2014-10-25 05:11:16 +08:00
Various small README tweaks 2018-03-01 03:01:22 +08:00			`- Supports all x86 and x86-64 (AMD64) instructions and [extensions](https://github.com/zyantific/zydis/blob/master/include/Zydis/Generated/EnumISAExt.h)`
Initial commit 2014-10-25 05:11:16 +08:00			`- Optimized for high performance`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`- No dynamic memory allocation ("malloc")`
Updated readme 2017-12-20 02:32:09 +08:00			`- Thread-safe by design`
Fixed CMake file 2016-06-20 07:33:29 +08:00			`- Very small file-size overhead compared to other common disassembler libraries`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`- [Complete doxygen documentation](https://www.zyantific.com/doc/zydis/index.html)`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`- Absolutely no dependencies — [not even libc](https://github.com/zyantific/zydis/blob/develop/CMakeLists.txt#L32)`
			`- Should compile on any platform with a working C99 compiler`
			`- Tested on Windows, macOS, FreeBSD and Linux, both user and kernel mode`
Updated README.md 2017-07-25 04:41:08 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`## Quick Example`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00
Project name changed and C-Bindings reverted * Changed project name to Zydis * Removed Zydis (former VX) prefix from classes and enums * Renamed Verteron namespace to Zydis * Reverted C-Bindings back to the old solution * C-Bindings are now based on the C++ source again (and not the other way around) 2015-05-16 11:05:17 +08:00			`The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			```C
			`#include <stdio.h>`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`#include <inttypes.h>`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`#include <Zydis/Zydis.h>`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`int main()`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`{`
			`uint8_t data[] =`
			`{`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,`
			`0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00			`0x88, 0xFC, 0xDA, 0x02, 0x00`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`};`
use an example with a little more interesting output 2016-04-16 04:11:49 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`// Initialize decoder context.`
Refactorings 2017-07-03 23:36:03 +08:00			`ZydisDecoder decoder;`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`ZydisDecoderInit(`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`&decoder,`
			`ZYDIS_MACHINE_MODE_LONG_64,`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`ZYDIS_ADDRESS_WIDTH_64);`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`// Initialize formatter. Only required when you actually plan to`
			`// do instruction formatting ("disassembling"), like we do here.`
Refactorings 2017-07-03 23:36:03 +08:00			`ZydisFormatter formatter;`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);`
Various small README tweaks 2018-03-01 03:01:22 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`// Loop over the instructions in our buffer.`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`// The IP is chosen arbitrary here in order to better visualize`
			`// relative addressing.`
Refactorings 2017-07-03 23:36:03 +08:00			`uint64_t instructionPointer = 0x007FFFFFFF400000;`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`size_t offset = 0;`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`size_t length = sizeof(data);`
Refactorings 2017-07-03 23:36:03 +08:00			`ZydisDecodedInstruction instruction;`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`while (ZYDIS_SUCCESS(ZydisDecoderDecodeBuffer(`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`&decoder, data + offset, length - offset,`
			`instructionPointer, &instruction)))`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`{`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`// Print current instruction pointer.`
			`printf("%016" PRIX64 " ", instructionPointer);`

Various small README tweaks 2018-03-01 03:01:22 +08:00			`// Format & print the binary instruction`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`// structure to human readable format.`
			`char buffer[256];`
			`ZydisFormatterFormatInstruction(`
			`&formatter, &instruction, buffer, sizeof(buffer));`
			`puts(buffer);`

Various small README tweaks 2018-03-01 03:01:22 +08:00			`offset += instruction.length;`
Refactorings 2017-07-03 23:36:03 +08:00			`instructionPointer += instruction.length;`
Removed the "Disassembler" namespace Added experimental Clang compiler support 2014-11-03 22:15:48 +08:00			`}`
			`}`
			```

Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`## Sample Output`
Added sample output to README 2016-04-06 06:15:12 +08:00
			`The above example program generates the following output:`

			```
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`007FFFFFFF400000 push rcx`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`007FFFFFFF400001 lea eax, [rbp-0x01]`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`007FFFFFFF400004 push rax`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`007FFFFFFF400005 push qword ptr [rbp+0x0C]`
			`007FFFFFFF400008 push qword ptr [rbp+0x08]`
			`007FFFFFFF40000B call [0x008000007588A5B1]`
Initial version 2.0 release 2016-05-26 03:25:48 +08:00			`007FFFFFFF400011 test eax, eax`
			`007FFFFFFF400013 js 0x007FFFFFFF42DB15`
Added sample output to README 2016-04-06 06:15:12 +08:00			```

Various small README tweaks 2018-03-01 03:01:22 +08:00			`## Build`

			`#### Unix`
Moved `Compilation` README section 2017-07-25 04:46:28 +08:00
			`Zydis builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.`

			```bash
			`git clone 'https://github.com/zyantific/zydis.git'`
			`cd zydis`
			`mkdir build && cd build`
			`cmake ..`
			`make`
			```

Various small README tweaks 2018-03-01 03:01:22 +08:00			`#### Windows`

			`Either use the [Visual Studio 2017 project](https://github.com/zyantific/zydis/tree/master/msvc) or build Zydis using [CMake](https://cmake.org/download/) ([video guide](https://www.youtube.com/watch?v=fywLDK1OAtQ)).`

Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			## `ZydisInfo` tool
Updated README.md 2017-07-25 04:41:08 +08:00			`![ZydisInfo](https://raw.githubusercontent.com/zyantific/zydis/master/assets/screenshots/ZydisInfo.png)`
Updated README file 2017-07-25 03:40:59 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`## Credits`
Various small README tweaks 2018-03-01 03:01:22 +08:00			`- Intel (for open-sourcing [XED](https://github.com/intelxed/xed), allowing for automatic comparision of our tables against theirs, improving both)`
			`- [LLVM](https://llvm.org) (for providing pretty solid instruction data as well)`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`- Christian Ludloff (http://sandpile.org, insanely helpful)`
Fixed URL in README.md 2017-11-24 10:28:31 +08:00			`- [LekoArts](https://www.lekoarts.de/) (for creating the project logo)`
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`- Our [contributors on GitHub](https://github.com/zyantific/zydis/graphs/contributors)`

			`## License`
improved documentation and README.md 2015-05-22 23:23:32 +08:00
Updated README.md - Fixed example - Added credits section - A little bit of rephrasing in the `Feature` section 2017-08-18 19:34:00 +08:00			`Zydis is licensed under the MIT license.`