x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Merge branch 'develop' of https://github.com/zyantific/zyan-disassembler-engine into develop

This commit is contained in:
Joel Höner 2017-01-21 01:48:35 +01:00
parent 0a50bb9daa 98d34d0c62
commit 03e26408fe
7 changed files with 74 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
examples/FormatterHooks.c
View File

@ -36,6 +36,8 @@
#include <inttypes.h>
#include <Zydis/Zydis.h>
#include "FormatHelper.h"
#include <stdlib.h>
#include <time.h>
/* ============================================================================================== */
/* Static data */
@ -46,38 +48,38 @@
*/
static const char* conditionCodeStrings[0x20] =
{
"eq",
"lt",
"le",
"unord",
"neq",
"nlt",
"nle",
"ord",
"eq_uq",
"nge",
"ngt",
"false",
"oq",
"ge",
"gt",
"true",
"eq_os",
"lt_oq",
"le_oq",
"unord_s",
"neq_us",
"nlt_uq",
"nle_uq",
"ord_s",
"eq_us",
"nge_uq",
"ngt_uq",
"false_os",
"neq_os",
"ge_oq",
"gt_oq",
"true_us"
/*00*/ "eq",
/*01*/ "lt",
/*02*/ "le",
/*03*/ "unord",
/*04*/ "neq",
/*05*/ "nlt",
/*06*/ "nle",
/*07*/ "ord",
/*08*/ "eq_uq",
/*09*/ "nge",
/*0A*/ "ngt",
/*0B*/ "false",
/*0C*/ "oq",
/*0D*/ "ge",
/*0E*/ "gt",
/*0F*/ "true",
/*10*/ "eq_os",
/*11*/ "lt_oq",
/*12*/ "le_oq",
/*13*/ "unord_s",
/*14*/ "neq_us",
/*15*/ "nlt_uq",
/*16*/ "nle_uq",
/*17*/ "ord_s",
/*18*/ "eq_us",
/*19*/ "nge_uq",
/*1A*/ "ngt_uq",
/*1B*/ "false_os",
/*1C*/ "neq_os",
/*1D*/ "ge_oq",
/*1E*/ "gt_oq",
/*1F*/ "true_us"
};
/* ============================================================================================== */
@ -175,7 +177,6 @@ void disassembleBuffer(uint8_t* data, size_t length, ZydisBool installHooks)
{
ZydisInstructionDecoder decoder;
ZydisDecoderInitInstructionDecoder(&decoder, ZYDIS_DISASSEMBLER_MODE_64BIT);
ZydisDecoderSetInstructionPointer(&decoder, 0x007FFFFFFF400000);
ZydisInstructionFormatter formatter;
ZydisFormatterInitInstructionFormatterEx(&formatter, ZYDIS_FORMATTER_STYLE_INTEL,
@ -191,13 +192,17 @@ void disassembleBuffer(uint8_t* data, size_t length, ZydisBool installHooks)
ZydisFormatterSetHook(&formatter, ZYDIS_FORMATTER_HOOK_FORMAT_OPERAND_IMM,
(const void**)&defaultFormatOperandImm);
}
uint64_t instructionPointer = 0x007FFFFFFF400000;
ZydisInstructionInfo info;
char buffer[256];
while (ZYDIS_SUCCESS(ZydisDecoderDecodeInstruction(&decoder, data, length, &info)))
while (ZYDIS_SUCCESS(
ZydisDecoderDecodeInstruction(&decoder, data, length, instructionPointer, &info)))
{
data += info.length;
length -= info.length;
instructionPointer += info.length;
printf("%016" PRIX64 " ", info.instrAddress);
ZydisFormatterFormatInstruction(&formatter, &info, &buffer[0], sizeof(buffer));
printf(" %s\n", &buffer[0]);

58
include/Zydis/Decoder.h
View File

@ -67,11 +67,6 @@ typedef struct ZydisInstructionDecoder_
const uint8_t* buffer;
size_t bufferLen;
} input;
// TODO: (Maybe) remove from this struct and pass as argument
/**
* @brief The current instruction-pointer value.
*/
uint64_t instructionPointer;
/**
* @brief Internal field. @c TRUE, if the @c imm8 value is already initialized.
*/
@ -118,58 +113,37 @@ typedef struct ZydisInstructionDecoder_
ZYDIS_EXPORT ZydisStatus ZydisDecoderInitInstructionDecoder(ZydisInstructionDecoder* decoder,
ZydisDisassemblerMode disassemblerMode);
/**
* @brief Returns the current instruction-pointer of the given @c ZydisInstructionDecoder
* instance.
*
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param instructionPointer A pointer to the memory that receives the current
* instruction-pointer.
*
* @return A zydis status code.
*/
ZYDIS_EXPORT ZydisStatus ZydisDecoderGetInstructionPointer(
const ZydisInstructionDecoder* decoder, uint64_t* instructionPointer);
/**
* @brief Changes the instruction-pointer of the given @c ZydisInstructionDecoder instance.
*
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param instructionPointer The new instruction-pointer value.
*
* @return A zydis status code.
*/
ZYDIS_EXPORT ZydisStatus ZydisDecoderSetInstructionPointer(ZydisInstructionDecoder* decoder,
uint64_t instructionPointer);
/**
* @brief Decodes the instruction in the given input @c buffer.
*
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param buffer A pointer to the input buffer.
* @param bufferLen The length of the input buffer.
* @param info A pointer to the @c ZydisInstructionInfo struct, that receives the details
* about the decoded instruction.
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param buffer A pointer to the input buffer.
* @param bufferLen The length of the input buffer.
* @param instructionPointer The instruction-pointer.
* @param info A pointer to the @c ZydisInstructionInfo struct, that receives the
* details about the decoded instruction.
*
* @return A zydis status code.
*/
ZYDIS_EXPORT ZydisStatus ZydisDecoderDecodeInstruction(ZydisInstructionDecoder* decoder,
const void* buffer, size_t bufferLen, ZydisInstructionInfo* info);
const void* buffer, size_t bufferLen, uint64_t instructionPointer, ZydisInstructionInfo* info);
/**
* @brief Decodes the instruction in the given input @c buffer.
*
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param buffer A pointer to the input buffer.
* @param bufferLen The length of the input buffer.
* @param flags Additional decoding flags.
* @param info A pointer to the @c ZydisInstructionInfo struct, that receives the details
* about the decoded instruction.
* @param decoder A pointer to the @c ZydisInstructionDecoder instance.
* @param buffer A pointer to the input buffer.
* @param bufferLen The length of the input buffer.
* @param instructionPointer The instruction-pointer.
* @param flags Additional decoding flags.
* @param info A pointer to the @c ZydisInstructionInfo struct, that receives the
* details about the decoded instruction.
*
* @return A zydis status code.
*/
ZYDIS_EXPORT ZydisStatus ZydisDecoderDecodeInstructionEx(ZydisInstructionDecoder* decoder,
const void* buffer, size_t bufferLen, ZydisDecoderFlags flags, ZydisInstructionInfo* info);
const void* buffer, size_t bufferLen, uint64_t instructionPointer, ZydisDecoderFlags flags,
ZydisInstructionInfo* info);
/* ============================================================================================== */

8
include/Zydis/InstructionInfo.h
View File

@ -382,10 +382,6 @@ typedef struct ZydisOperandInfo_
*/
uint8_t dataOffset;
} imm;
/**
* @brief This field is intended for custom data and may be freely set by the user.
*/
void* userData;
} ZydisOperandInfo;
/* ============================================================================================== */
@ -502,7 +498,7 @@ typedef uint64_t ZydisInstructionAttributes;
/**
* @brief The instruction has the EVEX prefix.
*/
#define ZYDIS_ATTRIB_HAS_EVEX 0x0000000000000020
#define ZYDIS_ATTRIB_HAS_EVEX 0x0000000000000020
/**
* @brief The instruction has one or more operands with position-relative offsets.
*/
@ -547,7 +543,7 @@ typedef uint64_t ZydisInstructionAttributes;
*/
#define ZYDIS_ATTRIB_ACCEPTS_XACQUIRE 0x0000000000002000
/**
* @brief The instruction accepts the xrelease prefix (0xF2).
* @brief The instruction accepts the xrelease prefix (0xF3).
*/
#define ZYDIS_ATTRIB_ACCEPTS_XRELEASE 0x0000000000004000
/**

5
include/Zydis/Status.h
View File

@ -85,7 +85,7 @@ enum ZydisStatusCode
/**
* @brief The instruction encoded an invalid register.
*/
ZYDIS_STATUS_INVALID_REGISTER,
ZYDIS_STATUS_BAD_REGISTER,
/**
* @brief A lock-prefix (F0) was found while decoding an instruction that does not support
* locking.
@ -154,13 +154,14 @@ enum ZydisStatusCode
* @param status The zydis status-code to check.
*/
#define ZYDIS_CHECK(status) \
do \
{ \
ZydisStatus s = status; \
if (!ZYDIS_SUCCESS(s)) \
{ \
return s; \
} \
}
} while(0)
/* ============================================================================================== */

50
src/Decoder.c
View File

@ -600,7 +600,7 @@ static ZydisStatus ZydisDecodeOperandRegister(ZydisInstructionInfo* info,
operand->reg = ZydisRegisterEncode(registerClass, registerId);
if (!operand->reg)
{
return ZYDIS_STATUS_INVALID_REGISTER;
return ZYDIS_STATUS_BAD_REGISTER;
}
}
@ -2275,40 +2275,18 @@ ZydisStatus ZydisDecoderInitInstructionDecoder(ZydisInstructionDecoder* decoder,
decoder->disassemblerMode = disassemblerMode;
decoder->input.buffer = NULL;
decoder->input.bufferLen = 0;
decoder->instructionPointer = 0;
return ZYDIS_STATUS_SUCCESS;
}
ZydisStatus ZydisDecoderGetInstructionPointer(const ZydisInstructionDecoder* decoder,
uint64_t* instructionPointer)
{
if (!decoder || !instructionPointer)
{
return ZYDIS_STATUS_INVALID_PARAMETER;
}
*instructionPointer = decoder->instructionPointer;
return ZYDIS_STATUS_SUCCESS;
}
ZydisStatus ZydisDecoderSetInstructionPointer(ZydisInstructionDecoder* decoder,
uint64_t instructionPointer)
{
if (!decoder)
{
return ZYDIS_STATUS_INVALID_PARAMETER;
}
decoder->instructionPointer = instructionPointer;
return ZYDIS_STATUS_SUCCESS;
}
ZydisStatus ZydisDecoderDecodeInstruction(ZydisInstructionDecoder* decoder,
const void* buffer, size_t bufferLen, ZydisInstructionInfo* info)
const void* buffer, size_t bufferLen, uint64_t instructionPointer, ZydisInstructionInfo* info)
{
return ZydisDecoderDecodeInstructionEx(decoder, buffer, bufferLen, 0, info);
return ZydisDecoderDecodeInstructionEx(decoder, buffer, bufferLen, instructionPointer, 0, info);
}
ZydisStatus ZydisDecoderDecodeInstructionEx(ZydisInstructionDecoder* decoder,
const void* buffer, size_t bufferLen, ZydisDecoderFlags flags, ZydisInstructionInfo* info)
const void* buffer, size_t bufferLen, uint64_t instructionPointer, ZydisDecoderFlags flags,
ZydisInstructionInfo* info)
{
(void)flags;
@ -2328,20 +2306,11 @@ ZydisStatus ZydisDecoderDecodeInstructionEx(ZydisInstructionDecoder* decoder,
decoder->lastSegmentPrefix = 0;
decoder->imm8initialized = ZYDIS_FALSE;
void* userData[6];
for (int i = 0; i < 5; ++i)
{
userData[i] = info->operands[i].userData;
}
userData[5] = info->userData;
void* userData = info->userData;
memset(info, 0, sizeof(*info));
info->mode = decoder->disassemblerMode;
info->instrAddress = decoder->instructionPointer;
for (int i = 0; i < 5; ++i)
{
info->operands[i].userData = userData[i];
}
info->userData = userData[5];
info->instrAddress = instructionPointer;
info->userData = userData;
ZYDIS_CHECK(ZydisCollectOptionalPrefixes(decoder, info));
ZYDIS_CHECK(ZydisDecodeOpcode(decoder, info));
@ -2426,9 +2395,6 @@ ZydisStatus ZydisDecoderDecodeInstructionEx(ZydisInstructionDecoder* decoder,
}
}
decoder->instructionPointer += info->length;
info->instrPointer = decoder->instructionPointer;
return ZYDIS_STATUS_SUCCESS;
}

6
src/Formatter.c
View File

@ -592,14 +592,14 @@ static ZydisStatus ZydisFormatterPrintSegmentIntel(ZydisInstructionFormatter* fo
switch (operand->mem.segment)
{
case ZYDIS_REGISTER_ES:
case ZYDIS_REGISTER_SS:
case ZYDIS_REGISTER_CS:
case ZYDIS_REGISTER_FS:
case ZYDIS_REGISTER_GS:
return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_APPENDMODE, "%s:",
ZydisRegisterGetString(operand->mem.segment));
case ZYDIS_REGISTER_CS:
case ZYDIS_REGISTER_SS:
if ((formatter->flags & ZYDIS_FMTFLAG_FORCE_SEGMENTS) ||
(info->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_CS))
(info->attributes & ZYDIS_ATTRIB_HAS_SEGMENT_SS))
{
return ZydisStringBufferAppendFormat(buffer, bufferLen, ZYDIS_APPENDMODE, "%s:",
ZydisRegisterGetString(operand->mem.segment));

5
src/Register.c
View File

@ -132,7 +132,6 @@ struct ZydisRegisterMapItem
static const struct ZydisRegisterMapItem registerMap[] =
{
{ ZYDIS_REGCLASS_INVALID , ZYDIS_REGISTER_NONE , ZYDIS_REGISTER_NONE , 0 , 0 },
{ ZYDIS_REGCLASS_GPR8 , ZYDIS_REGISTER_AL , ZYDIS_REGISTER_R15B , 8 , 8 },
{ ZYDIS_REGCLASS_GPR16 , ZYDIS_REGISTER_AX , ZYDIS_REGISTER_R15W , 16 , 16 },
{ ZYDIS_REGCLASS_GPR32 , ZYDIS_REGISTER_EAX , ZYDIS_REGISTER_R15D , 32 , 32 },
@ -146,8 +145,8 @@ static const struct ZydisRegisterMapItem registerMap[] =
{ ZYDIS_REGCLASS_IP , ZYDIS_REGISTER_RIP , ZYDIS_REGISTER_IP , 0 , 0 },
{ ZYDIS_REGCLASS_SEGMENT , ZYDIS_REGISTER_ES , ZYDIS_REGISTER_GS , 16 , 16 },
{ ZYDIS_REGCLASS_TEST , ZYDIS_REGISTER_TR0 , ZYDIS_REGISTER_TR7 , 32 , 32 },
{ ZYDIS_REGCLASS_CONTROL , ZYDIS_REGISTER_CR0 , ZYDIS_REGISTER_CR7 , 32 , 64 },
{ ZYDIS_REGCLASS_DEBUG , ZYDIS_REGISTER_DR0 , ZYDIS_REGISTER_DR7 , 32 , 64 },
{ ZYDIS_REGCLASS_CONTROL , ZYDIS_REGISTER_CR0 , ZYDIS_REGISTER_CR15 , 32 , 64 },
{ ZYDIS_REGCLASS_DEBUG , ZYDIS_REGISTER_DR0 , ZYDIS_REGISTER_DR15 , 32 , 64 },
{ ZYDIS_REGCLASS_MASK , ZYDIS_REGISTER_K0 , ZYDIS_REGISTER_K7 , 64 , 64 },
{ ZYDIS_REGCLASS_BOUND , ZYDIS_REGISTER_BND0 , ZYDIS_REGISTER_BND3 , 128 , 128 }
};