x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Project name changed and C-Bindings reverted 

* Changed project name to Zydis
  * Removed Zydis (former VX) prefix from classes and enums
  * Renamed Verteron namespace to Zydis
* Reverted C-Bindings back to the old solution
  * C-Bindings are now based on the C++ source again (and not the other way around)
This commit is contained in:
flobernd 2015-05-16 05:05:17 +02:00
parent de31261273
commit 4676a8b2d7
41 changed files with 12863 additions and 26570 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Examples/PerformanceTest/Main.c → Bindings/C/Zydis.h
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : athre0z Modifications : Joel Höner
Last change : 19. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,14 +26,15 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#include <ZyDisDisassembler.h> #ifndef _ZYDIS_DISASSEMBLER_H_
#define _ZYDIS_DISASSEMBLER_H_
int main(int argc, char* argv[]) #include "ZydisTypes.h"
{ #include "ZydisInstructionDecoder.h"
ZYDIS_UNUSED(argc); ZYDIS_UNUSED(argv); #include "ZydisInstructionFormatter.h"
#include "ZydisSymbolResolver.h"
#include "ZydisUtils.h"
// TODO: #endif /* _ZYDIS_DISASSEMBLER_H_ */
return 0;
}

259
Bindings/C/ZydisInstructionDecoder.cpp Normal file
View File

@ -0,0 +1,259 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#include "ZydisInstructionDecoder.h"
#include "ZydisInstructionDecoder.hpp"
#include "ZydisTypes.hpp"
/* Helpers ===================================================================================== */
namespace
{
inline Zydis::BaseInput* ZydisBaseInput_CppPtr(
ZydisBaseInputContext *ctx)
{
return reinterpret_cast<Zydis::BaseInput*>(ctx);
}
inline const Zydis::BaseInput* ZydisBaseInput_CppPtr(
const ZydisBaseInputContext *ctx)
{
return reinterpret_cast<const Zydis::BaseInput*>(ctx);
}
inline ZydisBaseInputContext* ZydisBaseInput_CPtr(
Zydis::BaseInput *ptr)
{
return reinterpret_cast<ZydisBaseInputContext*>(ptr);
}
inline const ZydisBaseInputContext* ZydisBaseInput_CPtr(
const Zydis::BaseInput *ptr)
{
return reinterpret_cast<const ZydisBaseInputContext*>(ptr);
}
inline Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<Zydis::InstructionInfo*>(ptr);
}
inline const Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
const ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<const Zydis::InstructionInfo*>(ptr);
}
inline ZydisInstructionDecoderContext* ZydisInstructionDecoder_CPtr(
Zydis::InstructionDecoder *ptr)
{
return reinterpret_cast<ZydisInstructionDecoderContext*>(ptr);
}
inline const ZydisInstructionDecoderContext* ZydisInstructionDecoder_CPtr(
const Zydis::InstructionDecoder *ptr)
{
return reinterpret_cast<const ZydisInstructionDecoderContext*>(ptr);
}
inline Zydis::InstructionDecoder* ZydisInstructionDecoder_CppPtr(
ZydisInstructionDecoderContext *ctx)
{
return reinterpret_cast<Zydis::InstructionDecoder*>(ctx);
}
inline const Zydis::InstructionDecoder* ZydisInstructionDecoder_CppPtr(
const ZydisInstructionDecoderContext *ctx)
{
return reinterpret_cast<const Zydis::InstructionDecoder*>(ctx);
}
inline Zydis::DisassemblerMode ZydisDisassemblerMode_CppRepr(
ZydisDisassemblerMode val)
{
return static_cast<Zydis::DisassemblerMode>(val);
}
inline ZydisDisassemblerMode ZydisDisassemblerMode_CRepr(
Zydis::DisassemblerMode val)
{
return static_cast<ZydisDisassemblerMode>(val);
}
inline Zydis::InstructionSetVendor ZydisInstructionSetVendor_CppRepr(
ZydisInstructionSetVendor val)
{
return static_cast<Zydis::InstructionSetVendor>(val);
}
inline ZydisInstructionSetVendor ZydisInstructionSetVendor_CRepr(
Zydis::InstructionSetVendor val)
{
return static_cast<ZydisInstructionSetVendor>(val);
}
}
/* BaseInput ============================================================================ */
void ZydisBaseInput_Release(ZydisBaseInputContext *ctx)
{
delete ZydisBaseInput_CppPtr(ctx);
}
uint8_t ZydisBaseInput_InputPeek(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info)
{
return ZydisBaseInput_CppPtr(ctx)->inputPeek(*ZydisInstructionInfo_CppPtr(info));
}
uint8_t ZydisBaseInput_InputNext(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info)
{
return ZydisBaseInput_CppPtr(ctx)->inputNext(*ZydisInstructionInfo_CppPtr(info));
}
uint8_t ZydisBaseInput_InputCurrent(const ZydisBaseInputContext *ctx)
{
return ZydisBaseInput_CppPtr(ctx)->inputCurrent();
}
bool ZydisBaseInput_IsEndOfInput(const ZydisBaseInputContext *ctx)
{
return ZydisBaseInput_CppPtr(ctx)->isEndOfInput();
}
uint64_t ZydisBaseInput_GetPosition(const ZydisBaseInputContext *ctx)
{
return ZydisBaseInput_CppPtr(ctx)->getPosition();
}
bool ZydisBaseInput_SetPosition(ZydisBaseInputContext *ctx, uint64_t position)
{
return ZydisBaseInput_CppPtr(ctx)->setPosition(position);
}
/* MemoryInput ========================================================================== */
ZydisBaseInputContext* ZydisMemoryInput_Create(const void* buffer, size_t bufferLen)
{
return reinterpret_cast<ZydisBaseInputContext*>(
new Zydis::MemoryInput(buffer, bufferLen));
}
/* InstructionDecoder ======================================================================== */
ZydisInstructionDecoderContext* ZydisInstructionDecoder_Create()
{
return reinterpret_cast<ZydisInstructionDecoderContext*>(new Zydis::InstructionDecoder);
}
ZydisInstructionDecoderContext* ZydisInstructionDecoder_CreateEx(
ZydisBaseInputContext *input,
ZydisDisassemblerMode disassemblerMode,
ZydisInstructionSetVendor preferredVendor,
uint64_t instructionPointer)
{
return ZydisInstructionDecoder_CPtr(new Zydis::InstructionDecoder(
ZydisBaseInput_CppPtr(input),
ZydisDisassemblerMode_CppRepr(disassemblerMode),
ZydisInstructionSetVendor_CppRepr(preferredVendor),
instructionPointer));
}
void ZydisInstructionDecoder_Release(ZydisInstructionDecoderContext *ctx)
{
delete ZydisInstructionDecoder_CppPtr(ctx);
}
bool ZydisInstructionDecoder_DecodeInstruction(
ZydisInstructionDecoderContext *ctx, ZydisInstructionInfo *info)
{
return ZydisInstructionDecoder_CppPtr(ctx)->decodeInstruction(
*ZydisInstructionInfo_CppPtr(info));
}
ZydisBaseInputContext* ZydisInstructionDecoder_GetDataSource(
const ZydisInstructionDecoderContext *ctx)
{
return ZydisBaseInput_CPtr(ZydisInstructionDecoder_CppPtr(ctx)->getDataSource());
}
void ZydisInstructionDecoder_SetDataSource(
ZydisInstructionDecoderContext *ctx, ZydisBaseInputContext *input)
{
ZydisInstructionDecoder_CppPtr(ctx)->setDataSource(ZydisBaseInput_CppPtr(input));
}
ZydisDisassemblerMode ZydisInstructionDecoder_GetDisassemblerMode(
ZydisInstructionDecoderContext *ctx)
{
return ZydisDisassemblerMode_CRepr(ZydisInstructionDecoder_CppPtr(ctx)->getDisassemblerMode());
}
void ZydisInstructionDecoder_SetDisassemblerMode(
ZydisInstructionDecoderContext *ctx,
ZydisDisassemblerMode disassemblerMode)
{
ZydisInstructionDecoder_CppPtr(ctx)->setDisassemblerMode(
ZydisDisassemblerMode_CppRepr(disassemblerMode));
}
ZydisInstructionSetVendor ZydisInstructionDecoder_GetPreferredVendor(
const ZydisInstructionDecoderContext *ctx)
{
return ZydisInstructionSetVendor_CRepr(
ZydisInstructionDecoder_CppPtr(ctx)->getPreferredVendor());
}
void ZydisInstructionDecoder_SetPreferredVendor(
ZydisInstructionDecoderContext *ctx,
ZydisInstructionSetVendor preferredVendor)
{
return ZydisInstructionDecoder_CppPtr(ctx)->setPreferredVendor(
ZydisInstructionSetVendor_CppRepr(preferredVendor));
}
uint64_t ZydisInstructionDecoder_GetInstructionPointer(
ZydisInstructionDecoderContext *ctx)
{
return ZydisInstructionDecoder_CppPtr(ctx)->getInstructionPointer();
}
void ZydisInstructionDecoder_SetInstructionPointer(
ZydisInstructionDecoderContext *ctx,
uint64_t instructionPointer)
{
ZydisInstructionDecoder_CppPtr(ctx)->setInstructionPointer(instructionPointer);
}
/* ============================================================================================= */

175
VerteronDisassemblerEngine/ZyDisInstructionDecoder.h → Bindings/C/ZydisInstructionDecoder.h
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : athre0z Modifications : Joel Höner
Last change : 14. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,14 +26,12 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#ifndef _VDE_ZyDisINSTRUCTIONDECODERC_H_ #ifndef _ZYDIS_INSTRUCTIONDECODER_H_
#define _VDE_ZyDisINSTRUCTIONDECODERC_H_ #define _ZYDIS_INSTRUCTIONDECODER_H_
#include "ZyDisDisassemblerTypes.h"
#include "ZyDisDisassemblerUtils.h"
#include "ZydisTypes.h"
#include <stdbool.h> #include <stdbool.h>
#include <stddef.h> #include <stddef.h>
@ -44,24 +40,16 @@ extern "C"
{ {
#endif #endif
/* ZyDisBaseDataSource ============================================================================ */ /* BaseInput ============================================================================ */
typedef struct _ZyDisBaseDataSourceContext { ZyDisContextDescriptor d; } ZyDisBaseDataSourceContext; typedef struct _ZydisBaseInputContext { int a; } ZydisBaseInputContext;
typedef void(*ZyDisBaseDataSource_DestructionCallback)(ZyDisBaseDataSourceContext *ctx);
typedef uint8_t(*ZyDisBaseDataSource_InputCallback)(ZyDisBaseDataSourceContext *ctx);
typedef bool(*ZyDisBaseDataSource_IsEndOfInputCallback)(const ZyDisBaseDataSourceContext *ctx);
typedef uint64_t(*ZyDisBaseDataSource_GetPositionCallback)(const ZyDisBaseDataSourceContext *ctx);
typedef bool(*ZyDisBaseDataSource_SetPositionCallback)(
ZyDisBaseDataSourceContext *ctx, uint64_t position);
/** /**
* @brief Releases a data source. * @brief Releases a data source.
* @param ctx The context to release. * @param ctx The context to release.
* The context may no longer be used after it was released. * The context may no longer be used after it was released.
*/ */
ZYDIS_EXPORT void ZyDisBaseDataSource_Release( void ZydisBaseInput_Release(ZydisBaseInputContext *ctx);
ZyDisBaseDataSourceContext *ctx);
/** /**
* @brief Reads the next byte from the data source without altering the current input position * @brief Reads the next byte from the data source without altering the current input position
@ -72,9 +60,7 @@ ZYDIS_EXPORT void ZyDisBaseDataSource_Release(
* field of the @c info parameter for error flags. Possible error values are * field of the @c info parameter for error flags. Possible error values are
* @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
ZYDIS_EXPORT uint8_t ZyDisBaseDataSource_InputPeek( uint8_t ZydisBaseInput_InputPeek(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info);
ZyDisBaseDataSourceContext *ctx,
ZyDisInstructionInfo *info);
/** /**
* @brief Reads the next byte from the data source. * @brief Reads the next byte from the data source.
@ -87,30 +73,7 @@ ZYDIS_EXPORT uint8_t ZyDisBaseDataSource_InputPeek(
* parameter. This function also appends the new byte to to @c data field of the @c info * parameter. This function also appends the new byte to to @c data field of the @c info
* parameter. * parameter.
*/ */
ZYDIS_EXPORT uint8_t ZyDisBaseDataSource_InputNext8( uint8_t ZydisBaseInput_InputNext(ZydisBaseInputContext *ctx, ZydisInstructionInfo *info);
ZyDisBaseDataSourceContext *ctx,
ZyDisInstructionInfo *info);
/**
* @copydoc ZyDisBaseDataSource_InputNext8
*/
ZYDIS_EXPORT uint16_t ZyDisBaseDataSource_InputNext16(
ZyDisBaseDataSourceContext *ctx,
ZyDisInstructionInfo *info);
/**
* @copydoc ZyDisBaseDataSource_InputNext8
*/
ZYDIS_EXPORT uint32_t ZyDisBaseDataSource_InputNext32(
ZyDisBaseDataSourceContext *ctx,
ZyDisInstructionInfo *info);
/**
* @copydoc ZyDisBaseDataSource_InputNext8
*/
ZYDIS_EXPORT uint64_t ZyDisBaseDataSource_InputNext64(
ZyDisBaseDataSourceContext *ctx,
ZyDisInstructionInfo *info);
/** /**
* @brief Returns the current input byte. * @brief Returns the current input byte.
@ -119,24 +82,21 @@ ZYDIS_EXPORT uint64_t ZyDisBaseDataSource_InputNext64(
* The current input byte is set everytime the @c inputPeek or @c inputNext method is called. * The current input byte is set everytime the @c inputPeek or @c inputNext method is called.
*/ */
// TODO: check long descr // TODO: check long descr
ZYDIS_EXPORT uint8_t ZyDisBaseDataSource_InputCurrent( uint8_t ZydisBaseInput_InputCurrent(const ZydisBaseInputContext *ctx);
const ZyDisBaseDataSourceContext *ctx);
/** /**
* @brief Queries if the end of the data source is reached. * @brief Queries if the end of the data source is reached.
* @param ctx The data soruce context. * @param ctx The data soruce context.
* @return @c true if end of input, @c false if not. * @return @c true if end of input, @c false if not.
*/ */
ZYDIS_EXPORT bool ZyDisBaseDataSource_IsEndOfInput( bool ZydisBaseInput_IsEndOfInput(const ZydisBaseInputContext *ctx);
const ZyDisBaseDataSourceContext *ctx);
/** /**
* @brief Returns the current input position. * @brief Returns the current input position.
* @param ctx The data soruce context. * @param ctx The data soruce context.
* @return The current input position. * @return The current input position.
*/ */
ZYDIS_EXPORT uint64_t ZyDisBaseDataSource_GetPosition( uint64_t ZydisBaseInput_GetPosition(const ZydisBaseInputContext *ctx);
const ZyDisBaseDataSourceContext *ctx);
/** /**
* @brief Sets a new input position. * @brief Sets a new input position.
@ -144,81 +104,53 @@ ZYDIS_EXPORT uint64_t ZyDisBaseDataSource_GetPosition(
* @param position The new input position. * @param position The new input position.
* @return @c false if the new position exceeds the maximum input length. * @return @c false if the new position exceeds the maximum input length.
*/ */
ZYDIS_EXPORT bool ZyDisBaseDataSource_SetPosition( bool ZydisBaseInput_SetPosition(ZydisBaseInputContext *ctx, uint64_t position);
ZyDisBaseDataSourceContext *ctx,
uint64_t position);
/* ZyDisMemoryDataSource ========================================================================== */ /* MemoryInput ========================================================================== */
/** /**
* @brief Creates a memory data source. * @brief Creates a memory data source.
* @param buffer The input buffer. * @param buffer The input buffer.
* @param bufferLen THe length of the input buffer. * @param bufferLen THe length of the input buffer.
* @return @c NULL if it fails, else a data source context. * @return @c NULL if it fails, else a data source context.
* @see ZyDisBaseDataSource_Release * @see BaseInput_Release
*/ */
ZYDIS_EXPORT ZyDisBaseDataSourceContext* ZyDisMemoryDataSource_Create( // TODO: verify return value
const void* buffer, ZydisBaseInputContext* ZydisMemoryInput_Create(const void* buffer, size_t bufferLen);
size_t bufferLen);
/* ZyDisCustomDataSource ========================================================================== */
/**
* @brief Creates a custom daat source.
* @param ctx The context.
* @param inputPeekCb The callback peeking the next input byte.
* @param inputNextCb The callback consuming the next input byte.
* @param isEndOfInputCb The callback determining if the end of input was reached.
* @param getPositionCb The callback obtaining the current input position.
* @param setPositionCb The callback setting the current input position.
* @param destructionCb The destruction callback. May be @c NULL.
* @return @c NULL if it fails, else a data source context.
* @see ZyDisBaseDataSource_Release
*/
ZYDIS_EXPORT ZyDisBaseDataSourceContext* ZyDisCustomDataSource_Create(
ZyDisBaseDataSource_InputCallback inputPeekCb,
ZyDisBaseDataSource_InputCallback inputNextCb,
ZyDisBaseDataSource_IsEndOfInputCallback isEndOfInputCb,
ZyDisBaseDataSource_GetPositionCallback getPositionCb,
ZyDisBaseDataSource_SetPositionCallback setPositionCb,
ZyDisBaseDataSource_DestructionCallback destructionCb);
/* Enums ======================================================================================= */ /* Enums ======================================================================================= */
/** /**
* @brief Values that represent a disassembler mode. * @brief Values that represent a disassembler mode.
*/ */
typedef enum _ZyDisDisassemblerMode /* : uint8_t */ typedef enum _ZydisDisassemblerMode /* : uint8_t */
{ {
DM_M16BIT, DM_M16BIT,
DM_M32BIT, DM_M32BIT,
DM_M64BIT DM_M64BIT
} ZyDisDisassemblerMode; } ZydisDisassemblerMode;
/** /**
* @brief Values that represent an instruction-set vendor. * @brief Values that represent an instruction-set vendor.
*/ */
typedef enum _ZyDisInstructionSetVendor /* : uint8_t */ typedef enum _ZydisInstructionSetVendor /* : uint8_t */
{ {
ISV_ANY, ISV_ANY,
ISV_INTEL, ISV_INTEL,
ISV_AMD ISV_AMD
} ZyDisInstructionSetVendor; } ZydisInstructionSetVendor;
/* ZyDisInstructionDecoder ======================================================================== */ /* InstructionDecoder ======================================================================== */
typedef struct _ZyDisInstructionDecoderContext typedef struct _ZydisInstructionDecoderContext { int a; } ZydisInstructionDecoderContext;
{
ZyDisContextDescriptor d;
} ZyDisInstructionDecoderContext;
/** /**
* @brief Creates an instruction decoder. * @brief Creates an instruction decoder.
* @return @c NULL if it fails, else an instruction decoder context. * @return @c NULL if it fails, else an instruction decoder context.
* @see ZyDisInstructionDecoder_Release * @see InstructionDecoder_Release
*/ */
// TODO: verify return value // TODO: verify return value
ZYDIS_EXPORT ZyDisInstructionDecoderContext* ZyDisInstructionDecoder_Create(void); ZydisInstructionDecoderContext* ZydisInstructionDecoder_Create(void);
/** /**
* @brief Creates an instruction decoder. * @brief Creates an instruction decoder.
@ -227,100 +159,89 @@ ZYDIS_EXPORT ZyDisInstructionDecoderContext* ZyDisInstructionDecoder_Create(void
* @param preferredVendor The preferred instruction-set vendor. * @param preferredVendor The preferred instruction-set vendor.
* @param instructionPointer The initial instruction pointer. * @param instructionPointer The initial instruction pointer.
* @return @c NULL if it fails, else an instruction decoder context. * @return @c NULL if it fails, else an instruction decoder context.
* @see ZyDisInstructionDecoder_Release * @see InstructionDecoder_Release
*/ */
ZYDIS_EXPORT ZyDisInstructionDecoderContext* ZyDisInstructionDecoder_CreateEx( ZydisInstructionDecoderContext* ZydisInstructionDecoder_CreateEx(ZydisBaseInputContext *input,
ZyDisBaseDataSourceContext *input, ZydisDisassemblerMode disassemblerMode, ZydisInstructionSetVendor preferredVendor,
ZyDisDisassemblerMode disassemblerMode,
ZyDisInstructionSetVendor preferredVendor,
uint64_t instructionPointer); uint64_t instructionPointer);
/** /**
* @brief Releases an instruction decoder. * @brief Releases an instruction decoder.
* @param ctx The context of the instruction decoder to release. * @param ctx The context of the instruction decoder to release.
*/ */
ZYDIS_EXPORT void ZyDisInstructionDecoder_Release( void ZydisInstructionDecoder_Release(ZydisInstructionDecoderContext *ctx);
ZyDisInstructionDecoderContext *ctx);
/** /**
* @brief Decodes the next instruction from the input data source. * @brief Decodes the next instruction from the input data source.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @param info The @c ZyDisInstructionInfo struct that receives the information about the decoded * @param info The @c ZydisInstructionInfo struct that receives the information about the decoded
* instruction. * instruction.
* @return This function returns @c false if the current position exceeds the maximum input * @return This function returns @c false if the current position exceeds the maximum input
* length. In all other cases (valid and invalid instructions) the return value is * length. In all other cases (valid and invalid instructions) the return value is
* @c true. * @c true.
*/ */
ZYDIS_EXPORT bool ZyDisInstructionDecoder_DecodeInstruction( bool ZydisInstructionDecoder_DecodeInstruction(ZydisInstructionDecoderContext *ctx,
ZyDisInstructionDecoderContext *ctx, ZydisInstructionInfo *info);
ZyDisInstructionInfo *info);
/** /**
* @brief Returns a pointer to the current data source. * @brief Returns a pointer to the current data source.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @return The context of the data source. * @return The context of the data source.
*/ */
ZYDIS_EXPORT ZyDisBaseDataSourceContext* ZyDisInstructionDecoder_GetDataSource( ZydisBaseInputContext* ZydisInstructionDecoder_GetDataSource(const ZydisInstructionDecoderContext *ctx);
const ZyDisInstructionDecoderContext *ctx);
/** /**
* @brief Sets a new data source. * @brief Sets a new data source.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @param input The context of the new input data source. * @param input The context of the new input data source.
*/ */
ZYDIS_EXPORT void ZyDisInstructionDecoder_SetDataSource( void ZydisInstructionDecoder_SetDataSource(ZydisInstructionDecoderContext *ctx,
ZyDisInstructionDecoderContext *ctx, ZydisBaseInputContext *input);
ZyDisBaseDataSourceContext *input);
/** /**
* @brief Returns the current disassembler mode. * @brief Returns the current disassembler mode.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @return The current disassembler mode. * @return The current disassembler mode.
*/ */
ZYDIS_EXPORT ZyDisDisassemblerMode ZyDisInstructionDecoder_GetDisassemblerMode( ZydisDisassemblerMode ZydisInstructionDecoder_GetDisassemblerMode(ZydisInstructionDecoderContext *ctx);
const ZyDisInstructionDecoderContext *ctx);
/** /**
* @brief Sets the current disassembler mode. * @brief Sets the current disassembler mode.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @param disassemblerMode The new disassembler mode. * @param disassemblerMode The new disassembler mode.
*/ */
ZYDIS_EXPORT void ZyDisInstructionDecoder_SetDisassemblerMode( void ZydisInstructionDecoder_SetDisassemblerMode(ZydisInstructionDecoderContext *ctx,
ZyDisInstructionDecoderContext *ctx, ZydisDisassemblerMode disassemblerMode);
ZyDisDisassemblerMode disassemblerMode);
/** /**
* @brief Returns the preferred instruction-set vendor. * @brief Returns the preferred instruction-set vendor.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @return The preferred instruction-set vendor. * @return The preferred instruction-set vendor.
*/ */
ZYDIS_EXPORT ZyDisInstructionSetVendor ZyDisInstructionDecoder_GetPreferredVendor( ZydisInstructionSetVendor ZydisInstructionDecoder_GetPreferredVendor(
const ZyDisInstructionDecoderContext *ctx); const ZydisInstructionDecoderContext *ctx);
/** /**
* @brief Sets the preferred instruction-set vendor. * @brief Sets the preferred instruction-set vendor.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @param preferredVendor The new preferred instruction-set vendor. * @param preferredVendor The new preferred instruction-set vendor.
*/ */
ZYDIS_EXPORT void ZyDisInstructionDecoder_SetPreferredVendor( void ZydisInstructionDecoder_SetPreferredVendor(ZydisInstructionDecoderContext *ctx,
ZyDisInstructionDecoderContext *ctx, ZydisInstructionSetVendor preferredVendor);
ZyDisInstructionSetVendor preferredVendor);
/** /**
* @brief Returns the current instruction pointer. * @brief Returns the current instruction pointer.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @return The current instruction pointer. * @return The current instruction pointer.
*/ */
ZYDIS_EXPORT uint64_t ZyDisInstructionDecoder_GetInstructionPointer( uint64_t ZydisInstructionDecoder_GetInstructionPointer(ZydisInstructionDecoderContext *ctx);
const ZyDisInstructionDecoderContext *ctx);
/** /**
* @brief Sets a new instruction pointer. * @brief Sets a new instruction pointer.
* @param ctx The instruction decoder context. * @param ctx The instruction decoder context.
* @param instructionPointer The new instruction pointer. * @param instructionPointer The new instruction pointer.
*/ */
ZYDIS_EXPORT void ZyDisInstructionDecoder_SetInstructionPointer( void ZydisInstructionDecoder_SetInstructionPointer(ZydisInstructionDecoderContext *ctx,
ZyDisInstructionDecoderContext *ctx,
uint64_t instructionPointer); uint64_t instructionPointer);
/* ============================================================================================= */ /* ============================================================================================= */
@ -329,4 +250,4 @@ ZYDIS_EXPORT void ZyDisInstructionDecoder_SetInstructionPointer(
} }
#endif #endif
#endif /* _VDE_ZyDisINSTRUCTIONDECODERC_H_ */ #endif /* _ZYDIS_INSTRUCTIONDECODER_H_ */

251
Bindings/C/ZydisInstructionFormatter.cpp Normal file
View File

@ -0,0 +1,251 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#include "ZydisInstructionFormatter.h"
#include "ZydisInstructionFormatter.hpp"
/* Helpers ===================================================================================== */
namespace
{
inline Zydis::BaseSymbolResolver* ZydisBaseSymbolResolver_CppPtr(
ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<Zydis::BaseSymbolResolver*>(ctx);
}
inline const Zydis::BaseSymbolResolver* ZydisBaseSymbolResolver_CppPtr(
const ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<const Zydis::BaseSymbolResolver*>(ctx);
}
inline ZydisBaseSymbolResolverContext* ZydisBaseSymbolResolver_CPtr(
Zydis::BaseSymbolResolver *ptr)
{
return reinterpret_cast<ZydisBaseSymbolResolverContext*>(ptr);
}
inline const ZydisBaseSymbolResolverContext* ZydisBaseSymbolResolver_CPtr(
const Zydis::BaseSymbolResolver *ptr)
{
return reinterpret_cast<const ZydisBaseSymbolResolverContext*>(ptr);
}
inline Zydis::ExactSymbolResolver* ZydisExactSymbolResolver_CppPtr(
ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<Zydis::ExactSymbolResolver*>(ctx);
}
inline const Zydis::ExactSymbolResolver* ZydisExactSymbolResolver_CppPtr(
const ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<const Zydis::ExactSymbolResolver*>(ctx);
}
inline ZydisBaseSymbolResolverContext* ZydisExactSymbolResolver_CPtr(
Zydis::ExactSymbolResolver *ptr)
{
return reinterpret_cast<ZydisBaseSymbolResolverContext*>(ptr);
}
inline const ZydisBaseSymbolResolverContext* ZydisExactSymbolResolver_CPtr(
const Zydis::ExactSymbolResolver *ptr)
{
return reinterpret_cast<const ZydisBaseSymbolResolverContext*>(ptr);
}
inline Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<Zydis::InstructionInfo*>(ptr);
}
inline const Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
const ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<const Zydis::InstructionInfo*>(ptr);
}
inline ZydisInstructionInfo* ZydisInstructionInfo_CPtr(
Zydis::InstructionInfo *ptr)
{
return reinterpret_cast<ZydisInstructionInfo*>(ptr);
}
inline const ZydisInstructionInfo* ZydisInstructionInfo_CPtr(
const Zydis::InstructionInfo *ptr)
{
return reinterpret_cast<const ZydisInstructionInfo*>(ptr);
}
inline Zydis::BaseInstructionFormatter* ZydisBaseInstructionFormatter_CppPtr(
ZydisBaseInstructionFormatterContext *ctx)
{
return reinterpret_cast<Zydis::BaseInstructionFormatter*>(ctx);
}
inline const Zydis::BaseInstructionFormatter* ZydisBaseInstructionFormatter_CppPtr(
const ZydisBaseInstructionFormatterContext *ctx)
{
return reinterpret_cast<const Zydis::BaseInstructionFormatter*>(ctx);
}
inline Zydis::BaseInstructionFormatter* ZydisIntelInstructionFormatter_CppPtr(
ZydisBaseInstructionFormatterContext *ctx)
{
return reinterpret_cast<Zydis::BaseInstructionFormatter*>(ctx);
}
inline const Zydis::BaseInstructionFormatter* ZydisIntelInstructionFormatter_CppPtr(
const ZydisBaseInstructionFormatterContext *ctx)
{
return reinterpret_cast<const Zydis::BaseInstructionFormatter*>(ctx);
}
inline ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_CPtr(
Zydis::BaseInstructionFormatter *ctx)
{
return reinterpret_cast<ZydisBaseInstructionFormatterContext*>(ctx);
}
inline const ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_CPtr(
const Zydis::BaseInstructionFormatter *ctx)
{
return reinterpret_cast<const ZydisBaseInstructionFormatterContext*>(ctx);
}
}
/* BaseSymbolResolver ======================================================================== */
void ZydisBaseSymbolResolver_Release(
ZydisBaseSymbolResolverContext *ctx)
{
delete ZydisBaseSymbolResolver_CppPtr(ctx);
}
const char* ZydisBaseSymbolResolver_ResolveSymbol(
ZydisBaseSymbolResolverContext *ctx,
const ZydisInstructionInfo *info,
uint64_t address,
uint64_t *offset)
{
return ZydisBaseSymbolResolver_CppPtr(ctx)->resolveSymbol(
*ZydisInstructionInfo_CppPtr(info),
address,
*offset);
}
/* ExactSymbolResolver ======================================================================= */
ZydisBaseSymbolResolverContext* ZydisExactSymbolResolver_Create(void)
{
return ZydisExactSymbolResolver_CPtr(new Zydis::ExactSymbolResolver);
}
bool EZydisxactSymbolResolver_ContainsSymbol(
ZydisBaseSymbolResolverContext *ctx,
uint64_t address)
{
return ZydisExactSymbolResolver_CppPtr(ctx)->containsSymbol(address);
}
void ZydisExactSymbolResolverContext_SetSymbol(
ZydisBaseSymbolResolverContext *ctx,
uint64_t address,
const char* name)
{
ZydisExactSymbolResolver_CppPtr(ctx)->setSymbol(address, name);
}
void ZydisExactSymbolResolverContext_RemoveSymbol(
ZydisBaseSymbolResolverContext *ctx,
uint64_t address)
{
ZydisExactSymbolResolver_CppPtr(ctx)->removeSymbol(address);
}
void ZydisExactSymbolResolverContext_Clear(
ZydisBaseSymbolResolverContext *ctx)
{
ZydisExactSymbolResolver_CppPtr(ctx)->clear();
}
/* BaseInstructionFormatter ================================================================== */
const char* ZydisBaseInstructionFormatter_FormatInstruction(
ZydisBaseInstructionFormatterContext *ctx,
const ZydisInstructionInfo *info)
{
return ZydisBaseInstructionFormatter_CppPtr(ctx)->formatInstruction(
*ZydisInstructionInfo_CppPtr(info));
}
ZydisBaseSymbolResolverContext* ZydisBaseInstructionFormatter_GetSymbolResolver(
const ZydisBaseInstructionFormatterContext *ctx)
{
return ZydisBaseSymbolResolver_CPtr(
ZydisBaseInstructionFormatter_CppPtr(ctx)->getSymbolResolver());
}
void ZydisBaseInstructionFormatter_SetSymbolResolver(
ZydisBaseInstructionFormatterContext *ctx,
ZydisBaseSymbolResolverContext *resolver)
{
ZydisBaseInstructionFormatter_CppPtr(ctx)->setSymbolResolver(
ZydisBaseSymbolResolver_CppPtr(resolver));
}
void ZydisBaseInstructionFormatter_Release(
ZydisBaseInstructionFormatterContext *ctx)
{
delete ZydisBaseInstructionFormatter_CppPtr(ctx);
}
/* IntelInstructionFormatter ================================================================ */
ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_Create(void)
{
return ZydisIntelInstructionFormatter_CPtr(new Zydis::IntelInstructionFormatter);
}
ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_CreateEx(
ZydisBaseSymbolResolverContext *resolver)
{
return ZydisIntelInstructionFormatter_CPtr(new Zydis::IntelInstructionFormatter(
ZydisBaseSymbolResolver_CppPtr(resolver)));
}
/* ============================================================================================= */

104
Bindings/C/ZydisInstructionFormatter.h Normal file
View File

@ -0,0 +1,104 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#ifndef _ZYDIS_INSTRUCTIONFORMATTER_H_
#define _ZYDIS_INSTRUCTIONFORMATTER_H_
#include "ZydisTypes.h"
#include "ZydisSymbolResolver.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* BaseInstructionFormatter ================================================================== */
typedef struct _ZydisBaseInstructionFormatterContext {int a;} ZydisBaseInstructionFormatterContext;
/**
* @brief Formats a decoded instruction.
* @param ctx The instruction formatter context.
* @param info The instruction info.
* @return Pointer to the formatted instruction string. This pointer remains valid until
* this function is called again or the context is released.
*/
const char* ZydisBaseInstructionFormatter_FormatInstruction(
ZydisBaseInstructionFormatterContext *ctx, const ZydisInstructionInfo *info);
/**
* @brief Returns a pointer to the current symbol resolver.
* @param ctx The instruction formatter context.
* @return Pointer to the current symbol resolver or @c NULL if no symbol resolver is used.
*/
ZydisBaseSymbolResolverContext* ZydisBaseInstructionFormatter_GetSymbolResolver(
const ZydisBaseInstructionFormatterContext *ctx);
/**
* @brief Sets a new symbol resolver.
* @param ctx The instruction formatter context.
* @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol
* resolver should be used.
*/
void ZydisBaseInstructionFormatter_SetSymbolResolver(ZydisBaseInstructionFormatterContext *ctx,
ZydisBaseSymbolResolverContext *resolver);
/**
* @brief Releases an instruction formatter.
* @param ctx The context of the instruction formatter to release.
* The context may no longer used after it has been released.
*/
void ZydisBaseInstructionFormatter_Release(ZydisBaseInstructionFormatterContext *ctx);
/* IntelInstructionFormatter ================================================================ */
/**
* @brief Creates an Intel-syntax instruction formatter.
* @return @c NULL if it fails, else an Intel instruction formatter context.
* @see BaseInstructionFormatter_Release
*/
ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_Create(void);
/**
* @brief Creates an Intel-syntax instruction formatter.
* @param resolver The symbol resolver consulted to resolve symbols on formatting.
* @return @c NULL if it fails, else an Intel instruction formatter context.
* @see BaseInstructionFormatter_Release
*/
ZydisBaseInstructionFormatterContext* ZydisIntelInstructionFormatter_CreateEx(
ZydisBaseSymbolResolverContext *resolver);
/* ============================================================================================= */
#ifdef __cplusplus
}
#endif
#endif /* _ZYDIS_INSTRUCTIONFORMATTER_H_ */

21
Examples/CustomDataSource/Main.c → Bindings/C/ZydisOpcodeTable.cpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : athre0z Modifications : Joel Höner
Last change : 19. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,14 +26,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#include <ZyDisDisassembler.h> #include "ZydisOpcodeTable.h"
#include "ZydisOpcodeTable.hpp"
int main(int argc, char* argv[])
{
ZYDIS_UNUSED(argc); ZYDIS_UNUSED(argv);
// TODO:
return 0;
}

961
Bindings/C/ZydisOpcodeTable.h Normal file
View File

@ -0,0 +1,961 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#ifndef _ZYDIS_OPCODETABLE_H_
#define _ZYDIS_OPCODETABLE_H_
#include <stdint.h>
#ifdef __cplusplus
extern "C"
{
#endif
/**
* @brief Values that represent an instruction mnemonic.
*/
typedef enum _ZydisInstructionMnemonic /* : uint16_t */
{
/* 000 */ ZYDIS_MNEM_INVALID,
/* 001 */ ZYDIS_MNEM_AAA,
/* 002 */ ZYDIS_MNEM_AAD,
/* 003 */ ZYDIS_MNEM_AAM,
/* 004 */ ZYDIS_MNEM_AAS,
/* 005 */ ZYDIS_MNEM_ADC,
/* 006 */ ZYDIS_MNEM_ADD,
/* 007 */ ZYDIS_MNEM_ADDPD,
/* 008 */ ZYDIS_MNEM_ADDPS,
/* 009 */ ZYDIS_MNEM_ADDSD,
/* 00A */ ZYDIS_MNEM_ADDSS,
/* 00B */ ZYDIS_MNEM_ADDSUBPD,
/* 00C */ ZYDIS_MNEM_ADDSUBPS,
/* 00D */ ZYDIS_MNEM_AESDEC,
/* 00E */ ZYDIS_MNEM_AESDECLAST,
/* 00F */ ZYDIS_MNEM_AESENC,
/* 010 */ ZYDIS_MNEM_AESENCLAST,
/* 011 */ ZYDIS_MNEM_AESIMC,
/* 012 */ ZYDIS_MNEM_AESKEYGENASSIST,
/* 013 */ ZYDIS_MNEM_AND,
/* 014 */ ZYDIS_MNEM_ANDNPD,
/* 015 */ ZYDIS_MNEM_ANDNPS,
/* 016 */ ZYDIS_MNEM_ANDPD,
/* 017 */ ZYDIS_MNEM_ANDPS,
/* 018 */ ZYDIS_MNEM_ARPL,
/* 019 */ ZYDIS_MNEM_BLENDPD,
/* 01A */ ZYDIS_MNEM_BLENDPS,
/* 01B */ ZYDIS_MNEM_BLENDVPD,
/* 01C */ ZYDIS_MNEM_BLENDVPS,
/* 01D */ ZYDIS_MNEM_BOUND,
/* 01E */ ZYDIS_MNEM_BSF,
/* 01F */ ZYDIS_MNEM_BSR,
/* 020 */ ZYDIS_MNEM_BSWAP,
/* 021 */ ZYDIS_MNEM_BT,
/* 022 */ ZYDIS_MNEM_BTC,
/* 023 */ ZYDIS_MNEM_BTR,
/* 024 */ ZYDIS_MNEM_BTS,
/* 025 */ ZYDIS_MNEM_CALL,
/* 026 */ ZYDIS_MNEM_CBW,
/* 027 */ ZYDIS_MNEM_CDQ,
/* 028 */ ZYDIS_MNEM_CDQE,
/* 029 */ ZYDIS_MNEM_CLC,
/* 02A */ ZYDIS_MNEM_CLD,
/* 02B */ ZYDIS_MNEM_CLFLUSH,
/* 02C */ ZYDIS_MNEM_CLGI,
/* 02D */ ZYDIS_MNEM_CLI,
/* 02E */ ZYDIS_MNEM_CLTS,
/* 02F */ ZYDIS_MNEM_CMC,
/* 030 */ ZYDIS_MNEM_CMOVA,
/* 031 */ ZYDIS_MNEM_CMOVAE,
/* 032 */ ZYDIS_MNEM_CMOVB,
/* 033 */ ZYDIS_MNEM_CMOVBE,
/* 034 */ ZYDIS_MNEM_CMOVE,
/* 035 */ ZYDIS_MNEM_CMOVG,
/* 036 */ ZYDIS_MNEM_CMOVGE,
/* 037 */ ZYDIS_MNEM_CMOVL,
/* 038 */ ZYDIS_MNEM_CMOVLE,
/* 039 */ ZYDIS_MNEM_CMOVNE,
/* 03A */ ZYDIS_MNEM_CMOVNO,
/* 03B */ ZYDIS_MNEM_CMOVNP,
/* 03C */ ZYDIS_MNEM_CMOVNS,
/* 03D */ ZYDIS_MNEM_CMOVO,
/* 03E */ ZYDIS_MNEM_CMOVP,
/* 03F */ ZYDIS_MNEM_CMOVS,
/* 040 */ ZYDIS_MNEM_CMP,
/* 041 */ ZYDIS_MNEM_CMPPD,
/* 042 */ ZYDIS_MNEM_CMPPS,
/* 043 */ ZYDIS_MNEM_CMPSB,
/* 044 */ ZYDIS_MNEM_CMPSD,
/* 045 */ ZYDIS_MNEM_CMPSQ,
/* 046 */ ZYDIS_MNEM_CMPSS,
/* 047 */ ZYDIS_MNEM_CMPSW,
/* 048 */ ZYDIS_MNEM_CMPXCHG,
/* 049 */ ZYDIS_MNEM_CMPXCHG16B,
/* 04A */ ZYDIS_MNEM_CMPXCHG8B,
/* 04B */ ZYDIS_MNEM_COMISD,
/* 04C */ ZYDIS_MNEM_COMISS,
/* 04D */ ZYDIS_MNEM_CPUID,
/* 04E */ ZYDIS_MNEM_CQO,
/* 04F */ ZYDIS_MNEM_CRC32,
/* 050 */ ZYDIS_MNEM_CVTDQ2PD,
/* 051 */ ZYDIS_MNEM_CVTDQ2PS,
/* 052 */ ZYDIS_MNEM_CVTPD2DQ,
/* 053 */ ZYDIS_MNEM_CVTPD2PI,
/* 054 */ ZYDIS_MNEM_CVTPD2PS,
/* 055 */ ZYDIS_MNEM_CVTPI2PD,
/* 056 */ ZYDIS_MNEM_CVTPI2PS,
/* 057 */ ZYDIS_MNEM_CVTPS2DQ,
/* 058 */ ZYDIS_MNEM_CVTPS2PD,
/* 059 */ ZYDIS_MNEM_CVTPS2PI,
/* 05A */ ZYDIS_MNEM_CVTSD2SI,
/* 05B */ ZYDIS_MNEM_CVTSD2SS,
/* 05C */ ZYDIS_MNEM_CVTSI2SD,
/* 05D */ ZYDIS_MNEM_CVTSI2SS,
/* 05E */ ZYDIS_MNEM_CVTSS2SD,
/* 05F */ ZYDIS_MNEM_CVTSS2SI,
/* 060 */ ZYDIS_MNEM_CVTTPD2DQ,
/* 061 */ ZYDIS_MNEM_CVTTPD2PI,
/* 062 */ ZYDIS_MNEM_CVTTPS2DQ,
/* 063 */ ZYDIS_MNEM_CVTTPS2PI,
/* 064 */ ZYDIS_MNEM_CVTTSD2SI,
/* 065 */ ZYDIS_MNEM_CVTTSS2SI,
/* 066 */ ZYDIS_MNEM_CWD,
/* 067 */ ZYDIS_MNEM_CWDE,
/* 068 */ ZYDIS_MNEM_DAA,
/* 069 */ ZYDIS_MNEM_DAS,
/* 06A */ ZYDIS_MNEM_DEC,
/* 06B */ ZYDIS_MNEM_DIV,
/* 06C */ ZYDIS_MNEM_DIVPD,
/* 06D */ ZYDIS_MNEM_DIVPS,
/* 06E */ ZYDIS_MNEM_DIVSD,
/* 06F */ ZYDIS_MNEM_DIVSS,
/* 070 */ ZYDIS_MNEM_DPPD,
/* 071 */ ZYDIS_MNEM_DPPS,
/* 072 */ ZYDIS_MNEM_EMMS,
/* 073 */ ZYDIS_MNEM_ENTER,
/* 074 */ ZYDIS_MNEM_EXTRACTPS,
/* 075 */ ZYDIS_MNEM_F2XM1,
/* 076 */ ZYDIS_MNEM_FABS,
/* 077 */ ZYDIS_MNEM_FADD,
/* 078 */ ZYDIS_MNEM_FADDP,
/* 079 */ ZYDIS_MNEM_FBLD,
/* 07A */ ZYDIS_MNEM_FBSTP,
/* 07B */ ZYDIS_MNEM_FCHS,
/* 07C */ ZYDIS_MNEM_FCLEX,
/* 07D */ ZYDIS_MNEM_FCMOVB,
/* 07E */ ZYDIS_MNEM_FCMOVBE,
/* 07F */ ZYDIS_MNEM_FCMOVE,
/* 080 */ ZYDIS_MNEM_FCMOVNB,
/* 081 */ ZYDIS_MNEM_FCMOVNBE,
/* 082 */ ZYDIS_MNEM_FCMOVNE,
/* 083 */ ZYDIS_MNEM_FCMOVNU,
/* 084 */ ZYDIS_MNEM_FCMOVU,
/* 085 */ ZYDIS_MNEM_FCOM,
/* 086 */ ZYDIS_MNEM_FCOM2,
/* 087 */ ZYDIS_MNEM_FCOMI,
/* 088 */ ZYDIS_MNEM_FCOMIP,
/* 089 */ ZYDIS_MNEM_FCOMP,
/* 08A */ ZYDIS_MNEM_FCOMP3,
/* 08B */ ZYDIS_MNEM_FCOMP5,
/* 08C */ ZYDIS_MNEM_FCOMPP,
/* 08D */ ZYDIS_MNEM_FCOS,
/* 08E */ ZYDIS_MNEM_FDECSTP,
/* 08F */ ZYDIS_MNEM_FDIV,
/* 090 */ ZYDIS_MNEM_FDIVP,
/* 091 */ ZYDIS_MNEM_FDIVR,
/* 092 */ ZYDIS_MNEM_FDIVRP,
/* 093 */ ZYDIS_MNEM_FEMMS,
/* 094 */ ZYDIS_MNEM_FFREE,
/* 095 */ ZYDIS_MNEM_FFREEP,
/* 096 */ ZYDIS_MNEM_FIADD,
/* 097 */ ZYDIS_MNEM_FICOM,
/* 098 */ ZYDIS_MNEM_FICOMP,
/* 099 */ ZYDIS_MNEM_FIDIV,
/* 09A */ ZYDIS_MNEM_FIDIVR,
/* 09B */ ZYDIS_MNEM_FILD,
/* 09C */ ZYDIS_MNEM_FIMUL,
/* 09D */ ZYDIS_MNEM_FINCSTP,
/* 09E */ ZYDIS_MNEM_FIST,
/* 09F */ ZYDIS_MNEM_FISTP,
/* 0A0 */ ZYDIS_MNEM_FISTTP,
/* 0A1 */ ZYDIS_MNEM_FISUB,
/* 0A2 */ ZYDIS_MNEM_FISUBR,
/* 0A3 */ ZYDIS_MNEM_FLD,
/* 0A4 */ ZYDIS_MNEM_FLD1,
/* 0A5 */ ZYDIS_MNEM_FLDCW,
/* 0A6 */ ZYDIS_MNEM_FLDENV,
/* 0A7 */ ZYDIS_MNEM_FLDL2E,
/* 0A8 */ ZYDIS_MNEM_FLDL2T,
/* 0A9 */ ZYDIS_MNEM_FLDLG2,
/* 0AA */ ZYDIS_MNEM_FLDLN2,
/* 0AB */ ZYDIS_MNEM_FLDPI,
/* 0AC */ ZYDIS_MNEM_FLDZ,
/* 0AD */ ZYDIS_MNEM_FMUL,
/* 0AE */ ZYDIS_MNEM_FMULP,
/* 0AF */ ZYDIS_MNEM_FNDISI,
/* 0B0 */ ZYDIS_MNEM_FNENI,
/* 0B1 */ ZYDIS_MNEM_FNINIT,
/* 0B2 */ ZYDIS_MNEM_FNOP,
/* 0B3 */ ZYDIS_MNEM_FNSAVE,
/* 0B4 */ ZYDIS_MNEM_FNSETPM,
/* 0B5 */ ZYDIS_MNEM_FNSTCW,
/* 0B6 */ ZYDIS_MNEM_FNSTENV,
/* 0B7 */ ZYDIS_MNEM_FNSTSW,
/* 0B8 */ ZYDIS_MNEM_FPATAN,
/* 0B9 */ ZYDIS_MNEM_FPREM,
/* 0BA */ ZYDIS_MNEM_FPREM1,
/* 0BB */ ZYDIS_MNEM_FPTAN,
/* 0BC */ ZYDIS_MNEM_FRNDINT,
/* 0BD */ ZYDIS_MNEM_FRSTOR,
/* 0BE */ ZYDIS_MNEM_FRSTPM,
/* 0BF */ ZYDIS_MNEM_FSCALE,
/* 0C0 */ ZYDIS_MNEM_FSIN,
/* 0C1 */ ZYDIS_MNEM_FSINCOS,
/* 0C2 */ ZYDIS_MNEM_FSQRT,
/* 0C3 */ ZYDIS_MNEM_FST,
/* 0C4 */ ZYDIS_MNEM_FSTP,
/* 0C5 */ ZYDIS_MNEM_FSTP1,
/* 0C6 */ ZYDIS_MNEM_FSTP8,
/* 0C7 */ ZYDIS_MNEM_FSTP9,
/* 0C8 */ ZYDIS_MNEM_FSUB,
/* 0C9 */ ZYDIS_MNEM_FSUBP,
/* 0CA */ ZYDIS_MNEM_FSUBR,
/* 0CB */ ZYDIS_MNEM_FSUBRP,
/* 0CC */ ZYDIS_MNEM_FTST,
/* 0CD */ ZYDIS_MNEM_FUCOM,
/* 0CE */ ZYDIS_MNEM_FUCOMI,
/* 0CF */ ZYDIS_MNEM_FUCOMIP,
/* 0D0 */ ZYDIS_MNEM_FUCOMP,
/* 0D1 */ ZYDIS_MNEM_FUCOMPP,
/* 0D2 */ ZYDIS_MNEM_FXAM,
/* 0D3 */ ZYDIS_MNEM_FXCH,
/* 0D4 */ ZYDIS_MNEM_FXCH4,
/* 0D5 */ ZYDIS_MNEM_FXCH7,
/* 0D6 */ ZYDIS_MNEM_FXRSTOR,
/* 0D7 */ ZYDIS_MNEM_FXSAVE,
/* 0D8 */ ZYDIS_MNEM_FXTRACT,
/* 0D9 */ ZYDIS_MNEM_FYL2X,
/* 0DA */ ZYDIS_MNEM_FYL2XP1,
/* 0DB */ ZYDIS_MNEM_GETSEC,
/* 0DC */ ZYDIS_MNEM_HADDPD,
/* 0DD */ ZYDIS_MNEM_HADDPS,
/* 0DE */ ZYDIS_MNEM_HLT,
/* 0DF */ ZYDIS_MNEM_HSUBPD,
/* 0E0 */ ZYDIS_MNEM_HSUBPS,
/* 0E1 */ ZYDIS_MNEM_IDIV,
/* 0E2 */ ZYDIS_MNEM_IMUL,
/* 0E3 */ ZYDIS_MNEM_IN,
/* 0E4 */ ZYDIS_MNEM_INC,
/* 0E5 */ ZYDIS_MNEM_INSB,
/* 0E6 */ ZYDIS_MNEM_INSD,
/* 0E7 */ ZYDIS_MNEM_INSERTPS,
/* 0E8 */ ZYDIS_MNEM_INSW,
/* 0E9 */ ZYDIS_MNEM_INT,
/* 0EA */ ZYDIS_MNEM_INT1,
/* 0EB */ ZYDIS_MNEM_INT3,
/* 0EC */ ZYDIS_MNEM_INTO,
/* 0ED */ ZYDIS_MNEM_INVD,
/* 0EE */ ZYDIS_MNEM_INVEPT,
/* 0EF */ ZYDIS_MNEM_INVLPG,
/* 0F0 */ ZYDIS_MNEM_INVLPGA,
/* 0F1 */ ZYDIS_MNEM_INVVPID,
/* 0F2 */ ZYDIS_MNEM_IRETD,
/* 0F3 */ ZYDIS_MNEM_IRETQ,
/* 0F4 */ ZYDIS_MNEM_IRETW,
/* 0F5 */ ZYDIS_MNEM_JA,
/* 0F6 */ ZYDIS_MNEM_JB,
/* 0F7 */ ZYDIS_MNEM_JBE,
/* 0F8 */ ZYDIS_MNEM_JCXZ,
/* 0F9 */ ZYDIS_MNEM_JE,
/* 0FA */ ZYDIS_MNEM_JECXZ,
/* 0FB */ ZYDIS_MNEM_JG,
/* 0FC */ ZYDIS_MNEM_JGE,
/* 0FD */ ZYDIS_MNEM_JL,
/* 0FE */ ZYDIS_MNEM_JLE,
/* 0FF */ ZYDIS_MNEM_JMP,
/* 100 */ ZYDIS_MNEM_JNB,
/* 101 */ ZYDIS_MNEM_JNE,
/* 102 */ ZYDIS_MNEM_JNO,
/* 103 */ ZYDIS_MNEM_JNP,
/* 104 */ ZYDIS_MNEM_JNS,
/* 105 */ ZYDIS_MNEM_JO,
/* 106 */ ZYDIS_MNEM_JP,
/* 107 */ ZYDIS_MNEM_JRCXZ,
/* 108 */ ZYDIS_MNEM_JS,
/* 109 */ ZYDIS_MNEM_LAHF,
/* 10A */ ZYDIS_MNEM_LAR,
/* 10B */ ZYDIS_MNEM_LDDQU,
/* 10C */ ZYDIS_MNEM_LDMXCSR,
/* 10D */ ZYDIS_MNEM_LDS,
/* 10E */ ZYDIS_MNEM_LEA,
/* 10F */ ZYDIS_MNEM_LEAVE,
/* 110 */ ZYDIS_MNEM_LES,
/* 111 */ ZYDIS_MNEM_LFENCE,
/* 112 */ ZYDIS_MNEM_LFS,
/* 113 */ ZYDIS_MNEM_LGDT,
/* 114 */ ZYDIS_MNEM_LGS,
/* 115 */ ZYDIS_MNEM_LIDT,
/* 116 */ ZYDIS_MNEM_LLDT,
/* 117 */ ZYDIS_MNEM_LMSW,
/* 118 */ ZYDIS_MNEM_LOCK,
/* 119 */ ZYDIS_MNEM_LODSB,
/* 11A */ ZYDIS_MNEM_LODSD,
/* 11B */ ZYDIS_MNEM_LODSQ,
/* 11C */ ZYDIS_MNEM_LODSW,
/* 11D */ ZYDIS_MNEM_LOOP,
/* 11E */ ZYDIS_MNEM_LOOPE,
/* 11F */ ZYDIS_MNEM_LOOPNE,
/* 120 */ ZYDIS_MNEM_LSL,
/* 121 */ ZYDIS_MNEM_LSS,
/* 122 */ ZYDIS_MNEM_LTR,
/* 123 */ ZYDIS_MNEM_MASKMOVDQU,
/* 124 */ ZYDIS_MNEM_MASKMOVQ,
/* 125 */ ZYDIS_MNEM_MAXPD,
/* 126 */ ZYDIS_MNEM_MAXPS,
/* 127 */ ZYDIS_MNEM_MAXSD,
/* 128 */ ZYDIS_MNEM_MAXSS,
/* 129 */ ZYDIS_MNEM_MFENCE,
/* 12A */ ZYDIS_MNEM_MINPD,
/* 12B */ ZYDIS_MNEM_MINPS,
/* 12C */ ZYDIS_MNEM_MINSD,
/* 12D */ ZYDIS_MNEM_MINSS,
/* 12E */ ZYDIS_MNEM_MONITOR,
/* 12F */ ZYDIS_MNEM_MONTMUL,
/* 130 */ ZYDIS_MNEM_MOV,
/* 131 */ ZYDIS_MNEM_MOVAPD,
/* 132 */ ZYDIS_MNEM_MOVAPS,
/* 133 */ ZYDIS_MNEM_MOVBE,
/* 134 */ ZYDIS_MNEM_MOVD,
/* 135 */ ZYDIS_MNEM_MOVDDUP,
/* 136 */ ZYDIS_MNEM_MOVDQ2Q,
/* 137 */ ZYDIS_MNEM_MOVDQA,
/* 138 */ ZYDIS_MNEM_MOVDQU,
/* 139 */ ZYDIS_MNEM_MOVHLPS,
/* 13A */ ZYDIS_MNEM_MOVHPD,
/* 13B */ ZYDIS_MNEM_MOVHPS,
/* 13C */ ZYDIS_MNEM_MOVLHPS,
/* 13D */ ZYDIS_MNEM_MOVLPD,
/* 13E */ ZYDIS_MNEM_MOVLPS,
/* 13F */ ZYDIS_MNEM_MOVMSKPD,
/* 140 */ ZYDIS_MNEM_MOVMSKPS,
/* 141 */ ZYDIS_MNEM_MOVNTDQ,
/* 142 */ ZYDIS_MNEM_MOVNTDQA,
/* 143 */ ZYDIS_MNEM_MOVNTI,
/* 144 */ ZYDIS_MNEM_MOVNTPD,
/* 145 */ ZYDIS_MNEM_MOVNTPS,
/* 146 */ ZYDIS_MNEM_MOVNTQ,
/* 147 */ ZYDIS_MNEM_MOVQ,
/* 148 */ ZYDIS_MNEM_MOVQ2DQ,
/* 149 */ ZYDIS_MNEM_MOVSB,
/* 14A */ ZYDIS_MNEM_MOVSD,
/* 14B */ ZYDIS_MNEM_MOVSHDUP,
/* 14C */ ZYDIS_MNEM_MOVSLDUP,
/* 14D */ ZYDIS_MNEM_MOVSQ,
/* 14E */ ZYDIS_MNEM_MOVSS,
/* 14F */ ZYDIS_MNEM_MOVSW,
/* 150 */ ZYDIS_MNEM_MOVSX,
/* 151 */ ZYDIS_MNEM_MOVSXD,
/* 152 */ ZYDIS_MNEM_MOVUPD,
/* 153 */ ZYDIS_MNEM_MOVUPS,
/* 154 */ ZYDIS_MNEM_MOVZX,
/* 155 */ ZYDIS_MNEM_MPSADBW,
/* 156 */ ZYDIS_MNEM_MUL,
/* 157 */ ZYDIS_MNEM_MULPD,
/* 158 */ ZYDIS_MNEM_MULPS,
/* 159 */ ZYDIS_MNEM_MULSD,
/* 15A */ ZYDIS_MNEM_MULSS,
/* 15B */ ZYDIS_MNEM_MWAIT,
/* 15C */ ZYDIS_MNEM_NEG,
/* 15D */ ZYDIS_MNEM_NOP,
/* 15E */ ZYDIS_MNEM_NOT,
/* 15F */ ZYDIS_MNEM_OR,
/* 160 */ ZYDIS_MNEM_ORPD,
/* 161 */ ZYDIS_MNEM_ORPS,
/* 162 */ ZYDIS_MNEM_OUT,
/* 163 */ ZYDIS_MNEM_OUTSB,
/* 164 */ ZYDIS_MNEM_OUTSD,
/* 165 */ ZYDIS_MNEM_OUTSW,
/* 166 */ ZYDIS_MNEM_PABSB,
/* 167 */ ZYDIS_MNEM_PABSD,
/* 168 */ ZYDIS_MNEM_PABSW,
/* 169 */ ZYDIS_MNEM_PACKSSDW,
/* 16A */ ZYDIS_MNEM_PACKSSWB,
/* 16B */ ZYDIS_MNEM_PACKUSDW,
/* 16C */ ZYDIS_MNEM_PACKUSWB,
/* 16D */ ZYDIS_MNEM_PADDB,
/* 16E */ ZYDIS_MNEM_PADDD,
/* 16F */ ZYDIS_MNEM_PADDQ,
/* 170 */ ZYDIS_MNEM_PADDSB,
/* 171 */ ZYDIS_MNEM_PADDSW,
/* 172 */ ZYDIS_MNEM_PADDUSB,
/* 173 */ ZYDIS_MNEM_PADDUSW,
/* 174 */ ZYDIS_MNEM_PADDW,
/* 175 */ ZYDIS_MNEM_PALIGNR,
/* 176 */ ZYDIS_MNEM_PAND,
/* 177 */ ZYDIS_MNEM_PANDN,
/* 178 */ ZYDIS_MNEM_PAUSE,
/* 179 */ ZYDIS_MNEM_PAVGB,
/* 17A */ ZYDIS_MNEM_PAVGUSB,
/* 17B */ ZYDIS_MNEM_PAVGW,
/* 17C */ ZYDIS_MNEM_PBLENDVB,
/* 17D */ ZYDIS_MNEM_PBLENDW,
/* 17E */ ZYDIS_MNEM_PCLMULQDQ,
/* 17F */ ZYDIS_MNEM_PCMPEQB,
/* 180 */ ZYDIS_MNEM_PCMPEQD,
/* 181 */ ZYDIS_MNEM_PCMPEQQ,
/* 182 */ ZYDIS_MNEM_PCMPEQW,
/* 183 */ ZYDIS_MNEM_PCMPESTRI,
/* 184 */ ZYDIS_MNEM_PCMPESTRM,
/* 185 */ ZYDIS_MNEM_PCMPGTB,
/* 186 */ ZYDIS_MNEM_PCMPGTD,
/* 187 */ ZYDIS_MNEM_PCMPGTQ,
/* 188 */ ZYDIS_MNEM_PCMPGTW,
/* 189 */ ZYDIS_MNEM_PCMPISTRI,
/* 18A */ ZYDIS_MNEM_PCMPISTRM,
/* 18B */ ZYDIS_MNEM_PEXTRB,
/* 18C */ ZYDIS_MNEM_PEXTRD,
/* 18D */ ZYDIS_MNEM_PEXTRQ,
/* 18E */ ZYDIS_MNEM_PEXTRW,
/* 18F */ ZYDIS_MNEM_PF2ID,
/* 190 */ ZYDIS_MNEM_PF2IW,
/* 191 */ ZYDIS_MNEM_PFACC,
/* 192 */ ZYDIS_MNEM_PFADD,
/* 193 */ ZYDIS_MNEM_PFCMPEQ,
/* 194 */ ZYDIS_MNEM_PFCMPGE,
/* 195 */ ZYDIS_MNEM_PFCMPGT,
/* 196 */ ZYDIS_MNEM_PFMAX,
/* 197 */ ZYDIS_MNEM_PFMIN,
/* 198 */ ZYDIS_MNEM_PFMUL,
/* 199 */ ZYDIS_MNEM_PFNACC,
/* 19A */ ZYDIS_MNEM_PFPNACC,
/* 19B */ ZYDIS_MNEM_PFRCP,
/* 19C */ ZYDIS_MNEM_PFRCPIT1,
/* 19D */ ZYDIS_MNEM_PFRCPIT2,
/* 19E */ ZYDIS_MNEM_PFRSQIT1,
/* 19F */ ZYDIS_MNEM_PFRSQRT,
/* 1A0 */ ZYDIS_MNEM_PFSUB,
/* 1A1 */ ZYDIS_MNEM_PFSUBR,
/* 1A2 */ ZYDIS_MNEM_PHADDD,
/* 1A3 */ ZYDIS_MNEM_PHADDSW,
/* 1A4 */ ZYDIS_MNEM_PHADDW,
/* 1A5 */ ZYDIS_MNEM_PHMINPOSUW,
/* 1A6 */ ZYDIS_MNEM_PHSUBD,
/* 1A7 */ ZYDIS_MNEM_PHSUBSW,
/* 1A8 */ ZYDIS_MNEM_PHSUBW,
/* 1A9 */ ZYDIS_MNEM_PI2FD,
/* 1AA */ ZYDIS_MNEM_PI2FW,
/* 1AB */ ZYDIS_MNEM_PINSRB,
/* 1AC */ ZYDIS_MNEM_PINSRD,
/* 1AD */ ZYDIS_MNEM_PINSRQ,
/* 1AE */ ZYDIS_MNEM_PINSRW,
/* 1AF */ ZYDIS_MNEM_PMADDUBSW,
/* 1B0 */ ZYDIS_MNEM_PMADDWD,
/* 1B1 */ ZYDIS_MNEM_PMAXSB,
/* 1B2 */ ZYDIS_MNEM_PMAXSD,
/* 1B3 */ ZYDIS_MNEM_PMAXSW,
/* 1B4 */ ZYDIS_MNEM_PMAXUB,
/* 1B5 */ ZYDIS_MNEM_PMAXUD,
/* 1B6 */ ZYDIS_MNEM_PMAXUW,
/* 1B7 */ ZYDIS_MNEM_PMINSB,
/* 1B8 */ ZYDIS_MNEM_PMINSD,
/* 1B9 */ ZYDIS_MNEM_PMINSW,
/* 1BA */ ZYDIS_MNEM_PMINUB,
/* 1BB */ ZYDIS_MNEM_PMINUD,
/* 1BC */ ZYDIS_MNEM_PMINUW,
/* 1BD */ ZYDIS_MNEM_PMOVMSKB,
/* 1BE */ ZYDIS_MNEM_PMOVSXBD,
/* 1BF */ ZYDIS_MNEM_PMOVSXBQ,
/* 1C0 */ ZYDIS_MNEM_PMOVSXBW,
/* 1C1 */ ZYDIS_MNEM_PMOVSXDQ,
/* 1C2 */ ZYDIS_MNEM_PMOVSXWD,
/* 1C3 */ ZYDIS_MNEM_PMOVSXWQ,
/* 1C4 */ ZYDIS_MNEM_PMOVZXBD,
/* 1C5 */ ZYDIS_MNEM_PMOVZXBQ,
/* 1C6 */ ZYDIS_MNEM_PMOVZXBW,
/* 1C7 */ ZYDIS_MNEM_PMOVZXDQ,
/* 1C8 */ ZYDIS_MNEM_PMOVZXWD,
/* 1C9 */ ZYDIS_MNEM_PMOVZXWQ,
/* 1CA */ ZYDIS_MNEM_PMULDQ,
/* 1CB */ ZYDIS_MNEM_PMULHRSW,
/* 1CC */ ZYDIS_MNEM_PMULHRW,
/* 1CD */ ZYDIS_MNEM_PMULHUW,
/* 1CE */ ZYDIS_MNEM_PMULHW,
/* 1CF */ ZYDIS_MNEM_PMULLD,
/* 1D0 */ ZYDIS_MNEM_PMULLW,
/* 1D1 */ ZYDIS_MNEM_PMULUDQ,
/* 1D2 */ ZYDIS_MNEM_POP,
/* 1D3 */ ZYDIS_MNEM_POPA,
/* 1D4 */ ZYDIS_MNEM_POPAD,
/* 1D5 */ ZYDIS_MNEM_POPCNT,
/* 1D6 */ ZYDIS_MNEM_POPFD,
/* 1D7 */ ZYDIS_MNEM_POPFQ,
/* 1D8 */ ZYDIS_MNEM_POPFW,
/* 1D9 */ ZYDIS_MNEM_POR,
/* 1DA */ ZYDIS_MNEM_PREFETCH,
/* 1DB */ ZYDIS_MNEM_PREFETCHNTA,
/* 1DC */ ZYDIS_MNEM_PREFETCHT0,
/* 1DD */ ZYDIS_MNEM_PREFETCHT1,
/* 1DE */ ZYDIS_MNEM_PREFETCHT2,
/* 1DF */ ZYDIS_MNEM_PSADBW,
/* 1E0 */ ZYDIS_MNEM_PSHUFB,
/* 1E1 */ ZYDIS_MNEM_PSHUFD,
/* 1E2 */ ZYDIS_MNEM_PSHUFHW,
/* 1E3 */ ZYDIS_MNEM_PSHUFLW,
/* 1E4 */ ZYDIS_MNEM_PSHUFW,
/* 1E5 */ ZYDIS_MNEM_PSIGNB,
/* 1E6 */ ZYDIS_MNEM_PSIGND,
/* 1E7 */ ZYDIS_MNEM_PSIGNW,
/* 1E8 */ ZYDIS_MNEM_PSLLD,
/* 1E9 */ ZYDIS_MNEM_PSLLDQ,
/* 1EA */ ZYDIS_MNEM_PSLLQ,
/* 1EB */ ZYDIS_MNEM_PSLLW,
/* 1EC */ ZYDIS_MNEM_PSRAD,
/* 1ED */ ZYDIS_MNEM_PSRAW,
/* 1EE */ ZYDIS_MNEM_PSRLD,
/* 1EF */ ZYDIS_MNEM_PSRLDQ,
/* 1F0 */ ZYDIS_MNEM_PSRLQ,
/* 1F1 */ ZYDIS_MNEM_PSRLW,
/* 1F2 */ ZYDIS_MNEM_PSUBB,
/* 1F3 */ ZYDIS_MNEM_PSUBD,
/* 1F4 */ ZYDIS_MNEM_PSUBQ,
/* 1F5 */ ZYDIS_MNEM_PSUBSB,
/* 1F6 */ ZYDIS_MNEM_PSUBSW,
/* 1F7 */ ZYDIS_MNEM_PSUBUSB,
/* 1F8 */ ZYDIS_MNEM_PSUBUSW,
/* 1F9 */ ZYDIS_MNEM_PSUBW,
/* 1FA */ ZYDIS_MNEM_PSWAPD,
/* 1FB */ ZYDIS_MNEM_PTEST,
/* 1FC */ ZYDIS_MNEM_PUNPCKHBW,
/* 1FD */ ZYDIS_MNEM_PUNPCKHDQ,
/* 1FE */ ZYDIS_MNEM_PUNPCKHQDQ,
/* 1FF */ ZYDIS_MNEM_PUNPCKHWD,
/* 200 */ ZYDIS_MNEM_PUNPCKLBW,
/* 201 */ ZYDIS_MNEM_PUNPCKLDQ,
/* 202 */ ZYDIS_MNEM_PUNPCKLQDQ,
/* 203 */ ZYDIS_MNEM_PUNPCKLWD,
/* 204 */ ZYDIS_MNEM_PUSH,
/* 205 */ ZYDIS_MNEM_PUSHA,
/* 206 */ ZYDIS_MNEM_PUSHAD,
/* 207 */ ZYDIS_MNEM_PUSHFD,
/* 208 */ ZYDIS_MNEM_PUSHFQ,
/* 209 */ ZYDIS_MNEM_PUSHFW,
/* 20A */ ZYDIS_MNEM_PXOR,
/* 20B */ ZYDIS_MNEM_RCL,
/* 20C */ ZYDIS_MNEM_RCPPS,
/* 20D */ ZYDIS_MNEM_RCPSS,
/* 20E */ ZYDIS_MNEM_RCR,
/* 20F */ ZYDIS_MNEM_RDMSR,
/* 210 */ ZYDIS_MNEM_RDPMC,
/* 211 */ ZYDIS_MNEM_RDRAND,
/* 212 */ ZYDIS_MNEM_RDTSC,
/* 213 */ ZYDIS_MNEM_RDTSCP,
/* 214 */ ZYDIS_MNEM_REP,
/* 215 */ ZYDIS_MNEM_REPNE,
/* 216 */ ZYDIS_MNEM_RET,
/* 217 */ ZYDIS_MNEM_RETF,
/* 218 */ ZYDIS_MNEM_ROL,
/* 219 */ ZYDIS_MNEM_ROR,
/* 21A */ ZYDIS_MNEM_ROUNDPD,
/* 21B */ ZYDIS_MNEM_ROUNDPS,
/* 21C */ ZYDIS_MNEM_ROUNDSD,
/* 21D */ ZYDIS_MNEM_ROUNDSS,
/* 21E */ ZYDIS_MNEM_RSM,
/* 21F */ ZYDIS_MNEM_RSQRTPS,
/* 220 */ ZYDIS_MNEM_RSQRTSS,
/* 221 */ ZYDIS_MNEM_SAHF,
/* 222 */ ZYDIS_MNEM_SALC,
/* 223 */ ZYDIS_MNEM_SAR,
/* 224 */ ZYDIS_MNEM_SBB,
/* 225 */ ZYDIS_MNEM_SCASB,
/* 226 */ ZYDIS_MNEM_SCASD,
/* 227 */ ZYDIS_MNEM_SCASQ,
/* 228 */ ZYDIS_MNEM_SCASW,
/* 229 */ ZYDIS_MNEM_SETA,
/* 22A */ ZYDIS_MNEM_SETAE,
/* 22B */ ZYDIS_MNEM_SETB,
/* 22C */ ZYDIS_MNEM_SETBE,
/* 22D */ ZYDIS_MNEM_SETE,
/* 22E */ ZYDIS_MNEM_SETG,
/* 22F */ ZYDIS_MNEM_SETGE,
/* 230 */ ZYDIS_MNEM_SETL,
/* 231 */ ZYDIS_MNEM_SETLE,
/* 232 */ ZYDIS_MNEM_SETNE,
/* 233 */ ZYDIS_MNEM_SETNO,
/* 234 */ ZYDIS_MNEM_SETNP,
/* 235 */ ZYDIS_MNEM_SETNS,
/* 236 */ ZYDIS_MNEM_SETO,
/* 237 */ ZYDIS_MNEM_SETP,
/* 238 */ ZYDIS_MNEM_SETS,
/* 239 */ ZYDIS_MNEM_SFENCE,
/* 23A */ ZYDIS_MNEM_SGDT,
/* 23B */ ZYDIS_MNEM_SHL,
/* 23C */ ZYDIS_MNEM_SHLD,
/* 23D */ ZYDIS_MNEM_SHR,
/* 23E */ ZYDIS_MNEM_SHRD,
/* 23F */ ZYDIS_MNEM_SHUFPD,
/* 240 */ ZYDIS_MNEM_SHUFPS,
/* 241 */ ZYDIS_MNEM_SIDT,
/* 242 */ ZYDIS_MNEM_SKINIT,
/* 243 */ ZYDIS_MNEM_SLDT,
/* 244 */ ZYDIS_MNEM_SMSW,
/* 245 */ ZYDIS_MNEM_SQRTPD,
/* 246 */ ZYDIS_MNEM_SQRTPS,
/* 247 */ ZYDIS_MNEM_SQRTSD,
/* 248 */ ZYDIS_MNEM_SQRTSS,
/* 249 */ ZYDIS_MNEM_STC,
/* 24A */ ZYDIS_MNEM_STD,
/* 24B */ ZYDIS_MNEM_STGI,
/* 24C */ ZYDIS_MNEM_STI,
/* 24D */ ZYDIS_MNEM_STMXCSR,
/* 24E */ ZYDIS_MNEM_STOSB,
/* 24F */ ZYDIS_MNEM_STOSD,
/* 250 */ ZYDIS_MNEM_STOSQ,
/* 251 */ ZYDIS_MNEM_STOSW,
/* 252 */ ZYDIS_MNEM_STR,
/* 253 */ ZYDIS_MNEM_SUB,
/* 254 */ ZYDIS_MNEM_SUBPD,
/* 255 */ ZYDIS_MNEM_SUBPS,
/* 256 */ ZYDIS_MNEM_SUBSD,
/* 257 */ ZYDIS_MNEM_SUBSS,
/* 258 */ ZYDIS_MNEM_SWAPGS,
/* 259 */ ZYDIS_MNEM_SYSCALL,
/* 25A */ ZYDIS_MNEM_SYSENTER,
/* 25B */ ZYDIS_MNEM_SYSEXIT,
/* 25C */ ZYDIS_MNEM_SYSRET,
/* 25D */ ZYDIS_MNEM_TEST,
/* 25E */ ZYDIS_MNEM_UCOMISD,
/* 25F */ ZYDIS_MNEM_UCOMISS,
/* 260 */ ZYDIS_MNEM_UD2,
/* 261 */ ZYDIS_MNEM_UNPCKHPD,
/* 262 */ ZYDIS_MNEM_UNPCKHPS,
/* 263 */ ZYDIS_MNEM_UNPCKLPD,
/* 264 */ ZYDIS_MNEM_UNPCKLPS,
/* 265 */ ZYDIS_MNEM_VADDPD,
/* 266 */ ZYDIS_MNEM_VADDPS,
/* 267 */ ZYDIS_MNEM_VADDSD,
/* 268 */ ZYDIS_MNEM_VADDSS,
/* 269 */ ZYDIS_MNEM_VADDSUBPD,
/* 26A */ ZYDIS_MNEM_VADDSUBPS,
/* 26B */ ZYDIS_MNEM_VAESDEC,
/* 26C */ ZYDIS_MNEM_VAESDECLAST,
/* 26D */ ZYDIS_MNEM_VAESENC,
/* 26E */ ZYDIS_MNEM_VAESENCLAST,
/* 26F */ ZYDIS_MNEM_VAESIMC,
/* 270 */ ZYDIS_MNEM_VAESKEYGENASSIST,
/* 271 */ ZYDIS_MNEM_VANDNPD,
/* 272 */ ZYDIS_MNEM_VANDNPS,
/* 273 */ ZYDIS_MNEM_VANDPD,
/* 274 */ ZYDIS_MNEM_VANDPS,
/* 275 */ ZYDIS_MNEM_VBLENDPD,
/* 276 */ ZYDIS_MNEM_VBLENDPS,
/* 277 */ ZYDIS_MNEM_VBLENDVPD,
/* 278 */ ZYDIS_MNEM_VBLENDVPS,
/* 279 */ ZYDIS_MNEM_VBROADCASTSD,
/* 27A */ ZYDIS_MNEM_VBROADCASTSS,
/* 27B */ ZYDIS_MNEM_VCMPPD,
/* 27C */ ZYDIS_MNEM_VCMPPS,
/* 27D */ ZYDIS_MNEM_VCMPSD,
/* 27E */ ZYDIS_MNEM_VCMPSS,
/* 27F */ ZYDIS_MNEM_VCOMISD,
/* 280 */ ZYDIS_MNEM_VCOMISS,
/* 281 */ ZYDIS_MNEM_VCVTDQ2PD,
/* 282 */ ZYDIS_MNEM_VCVTDQ2PS,
/* 283 */ ZYDIS_MNEM_VCVTPD2DQ,
/* 284 */ ZYDIS_MNEM_VCVTPD2PS,
/* 285 */ ZYDIS_MNEM_VCVTPS2DQ,
/* 286 */ ZYDIS_MNEM_VCVTPS2PD,
/* 287 */ ZYDIS_MNEM_VCVTSD2SI,
/* 288 */ ZYDIS_MNEM_VCVTSD2SS,
/* 289 */ ZYDIS_MNEM_VCVTSI2SD,
/* 28A */ ZYDIS_MNEM_VCVTSI2SS,
/* 28B */ ZYDIS_MNEM_VCVTSS2SD,
/* 28C */ ZYDIS_MNEM_VCVTSS2SI,
/* 28D */ ZYDIS_MNEM_VCVTTPD2DQ,
/* 28E */ ZYDIS_MNEM_VCVTTPS2DQ,
/* 28F */ ZYDIS_MNEM_VCVTTSD2SI,
/* 290 */ ZYDIS_MNEM_VCVTTSS2SI,
/* 291 */ ZYDIS_MNEM_VDIVPD,
/* 292 */ ZYDIS_MNEM_VDIVPS,
/* 293 */ ZYDIS_MNEM_VDIVSD,
/* 294 */ ZYDIS_MNEM_VDIVSS,
/* 295 */ ZYDIS_MNEM_VDPPD,
/* 296 */ ZYDIS_MNEM_VDPPS,
/* 297 */ ZYDIS_MNEM_VERR,
/* 298 */ ZYDIS_MNEM_VERW,
/* 299 */ ZYDIS_MNEM_VEXTRACTF128,
/* 29A */ ZYDIS_MNEM_VEXTRACTPS,
/* 29B */ ZYDIS_MNEM_VHADDPD,
/* 29C */ ZYDIS_MNEM_VHADDPS,
/* 29D */ ZYDIS_MNEM_VHSUBPD,
/* 29E */ ZYDIS_MNEM_VHSUBPS,
/* 29F */ ZYDIS_MNEM_VINSERTF128,
/* 2A0 */ ZYDIS_MNEM_VINSERTPS,
/* 2A1 */ ZYDIS_MNEM_VLDDQU,
/* 2A2 */ ZYDIS_MNEM_VMASKMOVDQU,
/* 2A3 */ ZYDIS_MNEM_VMASKMOVPD,
/* 2A4 */ ZYDIS_MNEM_VMASKMOVPS,
/* 2A5 */ ZYDIS_MNEM_VMAXPD,
/* 2A6 */ ZYDIS_MNEM_VMAXPS,
/* 2A7 */ ZYDIS_MNEM_VMAXSD,
/* 2A8 */ ZYDIS_MNEM_VMAXSS,
/* 2A9 */ ZYDIS_MNEM_VMCALL,
/* 2AA */ ZYDIS_MNEM_VMCLEAR,
/* 2AB */ ZYDIS_MNEM_VMINPD,
/* 2AC */ ZYDIS_MNEM_VMINPS,
/* 2AD */ ZYDIS_MNEM_VMINSD,
/* 2AE */ ZYDIS_MNEM_VMINSS,
/* 2AF */ ZYDIS_MNEM_VMLAUNCH,
/* 2B0 */ ZYDIS_MNEM_VMLOAD,
/* 2B1 */ ZYDIS_MNEM_VMMCALL,
/* 2B2 */ ZYDIS_MNEM_VMOVAPD,
/* 2B3 */ ZYDIS_MNEM_VMOVAPS,
/* 2B4 */ ZYDIS_MNEM_VMOVD,
/* 2B5 */ ZYDIS_MNEM_VMOVDDUP,
/* 2B6 */ ZYDIS_MNEM_VMOVDQA,
/* 2B7 */ ZYDIS_MNEM_VMOVDQU,
/* 2B8 */ ZYDIS_MNEM_VMOVHLPS,
/* 2B9 */ ZYDIS_MNEM_VMOVHPD,
/* 2BA */ ZYDIS_MNEM_VMOVHPS,
/* 2BB */ ZYDIS_MNEM_VMOVLHPS,
/* 2BC */ ZYDIS_MNEM_VMOVLPD,
/* 2BD */ ZYDIS_MNEM_VMOVLPS,
/* 2BE */ ZYDIS_MNEM_VMOVMSKPD,
/* 2BF */ ZYDIS_MNEM_VMOVMSKPS,
/* 2C0 */ ZYDIS_MNEM_VMOVNTDQ,
/* 2C1 */ ZYDIS_MNEM_VMOVNTDQA,
/* 2C2 */ ZYDIS_MNEM_VMOVNTPD,
/* 2C3 */ ZYDIS_MNEM_VMOVNTPS,
/* 2C4 */ ZYDIS_MNEM_VMOVQ,
/* 2C5 */ ZYDIS_MNEM_VMOVSD,
/* 2C6 */ ZYDIS_MNEM_VMOVSHDUP,
/* 2C7 */ ZYDIS_MNEM_VMOVSLDUP,
/* 2C8 */ ZYDIS_MNEM_VMOVSS,
/* 2C9 */ ZYDIS_MNEM_VMOVUPD,
/* 2CA */ ZYDIS_MNEM_VMOVUPS,
/* 2CB */ ZYDIS_MNEM_VMPSADBW,
/* 2CC */ ZYDIS_MNEM_VMPTRLD,
/* 2CD */ ZYDIS_MNEM_VMPTRST,
/* 2CE */ ZYDIS_MNEM_VMREAD,
/* 2CF */ ZYDIS_MNEM_VMRESUME,
/* 2D0 */ ZYDIS_MNEM_VMRUN,
/* 2D1 */ ZYDIS_MNEM_VMSAVE,
/* 2D2 */ ZYDIS_MNEM_VMULPD,
/* 2D3 */ ZYDIS_MNEM_VMULPS,
/* 2D4 */ ZYDIS_MNEM_VMULSD,
/* 2D5 */ ZYDIS_MNEM_VMULSS,
/* 2D6 */ ZYDIS_MNEM_VMWRITE,
/* 2D7 */ ZYDIS_MNEM_VMXOFF,
/* 2D8 */ ZYDIS_MNEM_VMXON,
/* 2D9 */ ZYDIS_MNEM_VORPD,
/* 2DA */ ZYDIS_MNEM_VORPS,
/* 2DB */ ZYDIS_MNEM_VPABSB,
/* 2DC */ ZYDIS_MNEM_VPABSD,
/* 2DD */ ZYDIS_MNEM_VPABSW,
/* 2DE */ ZYDIS_MNEM_VPACKSSDW,
/* 2DF */ ZYDIS_MNEM_VPACKSSWB,
/* 2E0 */ ZYDIS_MNEM_VPACKUSDW,
/* 2E1 */ ZYDIS_MNEM_VPACKUSWB,
/* 2E2 */ ZYDIS_MNEM_VPADDB,
/* 2E3 */ ZYDIS_MNEM_VPADDD,
/* 2E4 */ ZYDIS_MNEM_VPADDQ,
/* 2E5 */ ZYDIS_MNEM_VPADDSB,
/* 2E6 */ ZYDIS_MNEM_VPADDSW,
/* 2E7 */ ZYDIS_MNEM_VPADDUSB,
/* 2E8 */ ZYDIS_MNEM_VPADDUSW,
/* 2E9 */ ZYDIS_MNEM_VPADDW,
/* 2EA */ ZYDIS_MNEM_VPALIGNR,
/* 2EB */ ZYDIS_MNEM_VPAND,
/* 2EC */ ZYDIS_MNEM_VPANDN,
/* 2ED */ ZYDIS_MNEM_VPAVGB,
/* 2EE */ ZYDIS_MNEM_VPAVGW,
/* 2EF */ ZYDIS_MNEM_VPBLENDVB,
/* 2F0 */ ZYDIS_MNEM_VPBLENDW,
/* 2F1 */ ZYDIS_MNEM_VPCLMULQDQ,
/* 2F2 */ ZYDIS_MNEM_VPCMPEQB,
/* 2F3 */ ZYDIS_MNEM_VPCMPEQD,
/* 2F4 */ ZYDIS_MNEM_VPCMPEQQ,
/* 2F5 */ ZYDIS_MNEM_VPCMPEQW,
/* 2F6 */ ZYDIS_MNEM_VPCMPESTRI,
/* 2F7 */ ZYDIS_MNEM_VPCMPESTRM,
/* 2F8 */ ZYDIS_MNEM_VPCMPGTB,
/* 2F9 */ ZYDIS_MNEM_VPCMPGTD,
/* 2FA */ ZYDIS_MNEM_VPCMPGTQ,
/* 2FB */ ZYDIS_MNEM_VPCMPGTW,
/* 2FC */ ZYDIS_MNEM_VPCMPISTRI,
/* 2FD */ ZYDIS_MNEM_VPCMPISTRM,
/* 2FE */ ZYDIS_MNEM_VPERM2F128,
/* 2FF */ ZYDIS_MNEM_VPERMILPD,
/* 300 */ ZYDIS_MNEM_VPERMILPS,
/* 301 */ ZYDIS_MNEM_VPEXTRB,
/* 302 */ ZYDIS_MNEM_VPEXTRD,
/* 303 */ ZYDIS_MNEM_VPEXTRQ,
/* 304 */ ZYDIS_MNEM_VPEXTRW,
/* 305 */ ZYDIS_MNEM_VPHADDD,
/* 306 */ ZYDIS_MNEM_VPHADDSW,
/* 307 */ ZYDIS_MNEM_VPHADDW,
/* 308 */ ZYDIS_MNEM_VPHMINPOSUW,
/* 309 */ ZYDIS_MNEM_VPHSUBD,
/* 30A */ ZYDIS_MNEM_VPHSUBSW,
/* 30B */ ZYDIS_MNEM_VPHSUBW,
/* 30C */ ZYDIS_MNEM_VPINSRB,
/* 30D */ ZYDIS_MNEM_VPINSRD,
/* 30E */ ZYDIS_MNEM_VPINSRQ,
/* 30F */ ZYDIS_MNEM_VPINSRW,
/* 310 */ ZYDIS_MNEM_VPMADDUBSW,
/* 311 */ ZYDIS_MNEM_VPMADDWD,
/* 312 */ ZYDIS_MNEM_VPMAXSB,
/* 313 */ ZYDIS_MNEM_VPMAXSD,
/* 314 */ ZYDIS_MNEM_VPMAXSW,
/* 315 */ ZYDIS_MNEM_VPMAXUB,
/* 316 */ ZYDIS_MNEM_VPMAXUD,
/* 317 */ ZYDIS_MNEM_VPMAXUW,
/* 318 */ ZYDIS_MNEM_VPMINSB,
/* 319 */ ZYDIS_MNEM_VPMINSD,
/* 31A */ ZYDIS_MNEM_VPMINSW,
/* 31B */ ZYDIS_MNEM_VPMINUB,
/* 31C */ ZYDIS_MNEM_VPMINUD,
/* 31D */ ZYDIS_MNEM_VPMINUW,
/* 31E */ ZYDIS_MNEM_VPMOVMSKB,
/* 31F */ ZYDIS_MNEM_VPMOVSXBD,
/* 320 */ ZYDIS_MNEM_VPMOVSXBQ,
/* 321 */ ZYDIS_MNEM_VPMOVSXBW,
/* 322 */ ZYDIS_MNEM_VPMOVSXWD,
/* 323 */ ZYDIS_MNEM_VPMOVSXWQ,
/* 324 */ ZYDIS_MNEM_VPMOVZXBD,
/* 325 */ ZYDIS_MNEM_VPMOVZXBQ,
/* 326 */ ZYDIS_MNEM_VPMOVZXBW,
/* 327 */ ZYDIS_MNEM_VPMOVZXDQ,
/* 328 */ ZYDIS_MNEM_VPMOVZXWD,
/* 329 */ ZYDIS_MNEM_VPMOVZXWQ,
/* 32A */ ZYDIS_MNEM_VPMULDQ,
/* 32B */ ZYDIS_MNEM_VPMULHRSW,
/* 32C */ ZYDIS_MNEM_VPMULHUW,
/* 32D */ ZYDIS_MNEM_VPMULHW,
/* 32E */ ZYDIS_MNEM_VPMULLD,
/* 32F */ ZYDIS_MNEM_VPMULLW,
/* 330 */ ZYDIS_MNEM_VPOR,
/* 331 */ ZYDIS_MNEM_VPSADBW,
/* 332 */ ZYDIS_MNEM_VPSHUFB,
/* 333 */ ZYDIS_MNEM_VPSHUFD,
/* 334 */ ZYDIS_MNEM_VPSHUFHW,
/* 335 */ ZYDIS_MNEM_VPSHUFLW,
/* 336 */ ZYDIS_MNEM_VPSIGNB,
/* 337 */ ZYDIS_MNEM_VPSIGND,
/* 338 */ ZYDIS_MNEM_VPSIGNW,
/* 339 */ ZYDIS_MNEM_VPSLLD,
/* 33A */ ZYDIS_MNEM_VPSLLDQ,
/* 33B */ ZYDIS_MNEM_VPSLLQ,
/* 33C */ ZYDIS_MNEM_VPSLLW,
/* 33D */ ZYDIS_MNEM_VPSRAD,
/* 33E */ ZYDIS_MNEM_VPSRAW,
/* 33F */ ZYDIS_MNEM_VPSRLD,
/* 340 */ ZYDIS_MNEM_VPSRLDQ,
/* 341 */ ZYDIS_MNEM_VPSRLQ,
/* 342 */ ZYDIS_MNEM_VPSRLW,
/* 343 */ ZYDIS_MNEM_VPSUBB,
/* 344 */ ZYDIS_MNEM_VPSUBD,
/* 345 */ ZYDIS_MNEM_VPSUBQ,
/* 346 */ ZYDIS_MNEM_VPSUBSB,
/* 347 */ ZYDIS_MNEM_VPSUBSW,
/* 348 */ ZYDIS_MNEM_VPSUBUSB,
/* 349 */ ZYDIS_MNEM_VPSUBUSW,
/* 34A */ ZYDIS_MNEM_VPSUBW,
/* 34B */ ZYDIS_MNEM_VPTEST,
/* 34C */ ZYDIS_MNEM_VPUNPCKHBW,
/* 34D */ ZYDIS_MNEM_VPUNPCKHDQ,
/* 34E */ ZYDIS_MNEM_VPUNPCKHQDQ,
/* 34F */ ZYDIS_MNEM_VPUNPCKHWD,
/* 350 */ ZYDIS_MNEM_VPUNPCKLBW,
/* 351 */ ZYDIS_MNEM_VPUNPCKLDQ,
/* 352 */ ZYDIS_MNEM_VPUNPCKLQDQ,
/* 353 */ ZYDIS_MNEM_VPUNPCKLWD,
/* 354 */ ZYDIS_MNEM_VPXOR,
/* 355 */ ZYDIS_MNEM_VRCPPS,
/* 356 */ ZYDIS_MNEM_VRCPSS,
/* 357 */ ZYDIS_MNEM_VROUNDPD,
/* 358 */ ZYDIS_MNEM_VROUNDPS,
/* 359 */ ZYDIS_MNEM_VROUNDSD,
/* 35A */ ZYDIS_MNEM_VROUNDSS,
/* 35B */ ZYDIS_MNEM_VRSQRTPS,
/* 35C */ ZYDIS_MNEM_VRSQRTSS,
/* 35D */ ZYDIS_MNEM_VSHUFPD,
/* 35E */ ZYDIS_MNEM_VSHUFPS,
/* 35F */ ZYDIS_MNEM_VSQRTPD,
/* 360 */ ZYDIS_MNEM_VSQRTPS,
/* 361 */ ZYDIS_MNEM_VSQRTSD,
/* 362 */ ZYDIS_MNEM_VSQRTSS,
/* 363 */ ZYDIS_MNEM_VSTMXCSR,
/* 364 */ ZYDIS_MNEM_VSUBPD,
/* 365 */ ZYDIS_MNEM_VSUBPS,
/* 366 */ ZYDIS_MNEM_VSUBSD,
/* 367 */ ZYDIS_MNEM_VSUBSS,
/* 368 */ ZYDIS_MNEM_VTESTPD,
/* 369 */ ZYDIS_MNEM_VTESTPS,
/* 36A */ ZYDIS_MNEM_VUCOMISD,
/* 36B */ ZYDIS_MNEM_VUCOMISS,
/* 36C */ ZYDIS_MNEM_VUNPCKHPD,
/* 36D */ ZYDIS_MNEM_VUNPCKHPS,
/* 36E */ ZYDIS_MNEM_VUNPCKLPD,
/* 36F */ ZYDIS_MNEM_VUNPCKLPS,
/* 370 */ ZYDIS_MNEM_VXORPD,
/* 371 */ ZYDIS_MNEM_VXORPS,
/* 372 */ ZYDIS_MNEM_VZEROALL,
/* 373 */ ZYDIS_MNEM_VZEROUPPER,
/* 374 */ ZYDIS_MNEM_WAIT,
/* 375 */ ZYDIS_MNEM_WBINVD,
/* 376 */ ZYDIS_MNEM_WRMSR,
/* 377 */ ZYDIS_MNEM_XADD,
/* 378 */ ZYDIS_MNEM_XCHG,
/* 379 */ ZYDIS_MNEM_XCRYPTCBC,
/* 37A */ ZYDIS_MNEM_XCRYPTCFB,
/* 37B */ ZYDIS_MNEM_XCRYPTCTR,
/* 37C */ ZYDIS_MNEM_XCRYPTECB,
/* 37D */ ZYDIS_MNEM_XCRYPTOFB,
/* 37E */ ZYDIS_MNEM_XGETBV,
/* 37F */ ZYDIS_MNEM_XLATB,
/* 380 */ ZYDIS_MNEM_XOR,
/* 381 */ ZYDIS_MNEM_XORPD,
/* 382 */ ZYDIS_MNEM_XORPS,
/* 383 */ ZYDIS_MNEM_XRSTOR,
/* 384 */ ZYDIS_MNEM_XSAVE,
/* 385 */ ZYDIS_MNEM_XSETBV,
/* 386 */ ZYDIS_MNEM_XSHA1,
/* 387 */ ZYDIS_MNEM_XSHA256,
/* 388 */ ZYDIS_MNEM_XSTORE,
ZYDIS_MNEM_FORCE_WORD = 0x7FFF
} ZydisInstructionMnemonic;
/* TODO: Port instruction definition types */
#ifdef __cplusplus
}
#endif
#endif // _ZYDIS_OPCODETABLE_H_

144
Bindings/C/ZydisSymbolResolver.cpp Normal file
View File

@ -0,0 +1,144 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#include "ZydisSymbolResolver.h"
#include <ZydisSymbolResolver.hpp>
/* CustomSymbolResolver ========================================================================= */
inline Zydis::BaseSymbolResolver* ZydisBaseSymbolResolver_CppPtr(
ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<Zydis::BaseSymbolResolver*>(ctx);
}
inline const Zydis::BaseSymbolResolver* ZydisBaseSymbolResolver_CppPtr(
const ZydisBaseSymbolResolverContext *ctx)
{
return reinterpret_cast<const Zydis::BaseSymbolResolver*>(ctx);
}
inline ZydisBaseSymbolResolverContext* ZydisBaseSymbolResolver_CPtr(
Zydis::BaseSymbolResolver *ptr)
{
return reinterpret_cast<ZydisBaseSymbolResolverContext*>(ptr);
}
inline const ZydisBaseSymbolResolverContext* ZydisBaseSymbolResolver_CPtr(
const Zydis::BaseSymbolResolver *ptr)
{
return reinterpret_cast<const ZydisBaseSymbolResolverContext*>(ptr);
}
inline Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<Zydis::InstructionInfo*>(ptr);
}
inline const Zydis::InstructionInfo* ZydisInstructionInfo_CppPtr(
const ZydisInstructionInfo *ptr)
{
static_assert(sizeof(*ptr) == sizeof(Zydis::InstructionInfo), "broken struct");
return reinterpret_cast<const Zydis::InstructionInfo*>(ptr);
}
inline ZydisInstructionInfo* ZydisInstructionInfo_CPtr(
Zydis::InstructionInfo *ptr)
{
return reinterpret_cast<ZydisInstructionInfo*>(ptr);
}
inline const ZydisInstructionInfo* ZydisInstructionInfo_CPtr(
const Zydis::InstructionInfo *ptr)
{
return reinterpret_cast<const ZydisInstructionInfo*>(ptr);
}
/* Internal helper class ----------------------------------------------------------------------- */
namespace
{
class ZydisCustomSymbolResolver : public Zydis::BaseSymbolResolver
{
ZydisResolveSymbol_t m_resolverCb;
void* m_userData;
public:
/**
* @brief Constructor.
* @param resolverCb The resolver callback.
* @param userData User provided pointer to arbitrary data passed to resolve callback.
*/
ZydisCustomSymbolResolver(ZydisResolveSymbol_t resolverCb, void *userData);
/**
* @brief Destructor.
*/
~ZydisCustomSymbolResolver() override = default;
public:
/**
* @brief Resolves a symbol.
* @param info The instruction info.
* @param address The address.
* @param offset Reference to an unsigned 64 bit integer that receives an offset
* relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not.
*/
const char* resolveSymbol(const Zydis::InstructionInfo &info, uint64_t address,
uint64_t &offset) override;
};
ZydisCustomSymbolResolver::ZydisCustomSymbolResolver(ZydisResolveSymbol_t resolverCb,
void *userData)
: m_resolverCb(resolverCb)
, m_userData(userData)
{
}
const char* ZydisCustomSymbolResolver::resolveSymbol(
const Zydis::InstructionInfo &info, uint64_t address, uint64_t &offset)
{
return m_resolverCb(ZydisInstructionInfo_CPtr(&info), address, &offset, m_userData);
}
} // anon namespace
/* C API implementation ------------------------------------------------------------------------ */
ZydisBaseSymbolResolverContext* ZydisCustomSymbolResolver_Create(
ZydisResolveSymbol_t resolverCb,
void *userData)
{
return ZydisBaseSymbolResolver_CPtr(new ZydisCustomSymbolResolver(resolverCb, userData));
}
/* ============================================================================================= */

126
Bindings/C/ZydisSymbolResolver.h Normal file
View File

@ -0,0 +1,126 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#ifndef _ZYDIS_SYMBOLRESOLVER_H_
#define _ZYDIS_SYMBOLRESOLVER_H_
#include "ZydisTypes.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* BaseSymbolResolver ======================================================================== */
typedef struct _ZydisBaseSymbolResolverContext { int a; } ZydisBaseSymbolResolverContext;
/**
* @brief Releases a symbol resolver.
* @param ctx The context of the symbol resolver to free.
* The context may no longer used after it was released.
*/
void ZydisBaseSymbolResolver_Release(ZydisBaseSymbolResolverContext *ctx);
/**
* @brief Resolves a symbol.
* @param ctx The symbol resolver context.
* @param info The instruction info.
* @param address The address.
* @param offset Pointer to an unsigned 64 bit integer that receives an offset relative to
* the base address of the symbol.
* @return The name of the symbol if the symbol was found, else @c NULL.
*/
const char* ZydisBaseSymbolResolver_ResolveSymbol(ZydisBaseSymbolResolverContext *ctx,
const ZydisInstructionInfo *info, uint64_t address, uint64_t *offset);
/* ExactSymbolResolver ======================================================================= */
/**
* @brief Creates an exact symbol resolver.
* @return @c NULL if it fails, else a symbol resolver context.
* @see BaseSymbolResolver_Release
* An exact resolver is a simple symbol resolver that only matches exact addresses.
*/
// TODO: verify return value
ZydisBaseSymbolResolverContext* ZydisExactSymbolResolver_Create(void);
/**
* @brief Query if the given address is a known symbol.
* @param ctx The exact symbol resolver context.
* @param address The address.
* @return @c true if the address is known, @c false if not.
*/
bool ZydisExactSymbolResolver_ContainsSymbol(ZydisBaseSymbolResolverContext *ctx, uint64_t address);
/**
* @brief Adds or changes a symbol.
* @param ctx The exact symbol resolver context.
* @param address The address.
* @param name The symbol name.
*/
void ZydisExactSymbolResolverContext_SetSymbol(ZydisBaseSymbolResolverContext *ctx,
uint64_t address, const char* name);
/**
* @brief Removes the symbol described by address.
* @param ctx The exact symbol resolver context.
* @param address The address.
* This will invalidate all char-pointers to the affected symbol name.
*/
void ZydisExactSymbolResolverContext_RemoveSymbol(ZydisBaseSymbolResolverContext *ctx,
uint64_t address);
/**
* @brief Clears the symbol tree.
* @param ctx The exact symbol resolver context.
*/
void ExactSymbolResolverContext_Clear(ZydisBaseSymbolResolverContext *ctx);
/* CustomSymbolResolver ====================================================================== */
typedef const char* (*ZydisResolveSymbol_t)(const ZydisInstructionInfo *info, uint64_t address,
uint64_t *offset, void *userData);
/**
* @brief Creates a custom symbol resolver.
* @param resolverCb The resolver callback consulted when symbols need to be resolved.
* @param userData A pointer to arbitrary data passed to the resolver callback.
* May also be @c NULL.
* @return @c NULL if it fails, else a symbol resolver context.
*/
ZydisBaseSymbolResolverContext* CustomSymbolResolver_Create(ZydisResolveSymbol_t resolverCb,
void *userData);
#ifdef __cplusplus
}
#endif
#endif /* _ZYDIS_SYMBOLRESOLVER_H_ */

208
VerteronDisassemblerEngine/ZyDisDisassemblerTypes.h → Bindings/C/ZydisTypes.h
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : athre0z Modifications : Joel Höner
Last change : 04. February 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,14 +26,14 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#ifndef _VDE_ZyDisDISASSEMBLERTYPESC_H_ #ifndef _ZYDIS_TYPES_H_
#define _VDE_ZyDisDISASSEMBLERTYPESC_H_ #define _ZYDIS_TYPES_H_
#include <stdint.h> #include <stdint.h>
#include <stdbool.h> #include <stdbool.h>
#include "ZyDisOpcodeTable.h" #include "ZydisOpcodeTable.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
@ -45,218 +43,218 @@ extern "C"
/** /**
* @brief Values that represent additional flags of a decoded instruction. * @brief Values that represent additional flags of a decoded instruction.
*/ */
typedef enum _ZyDisInstructionFlags /* : uint32_t */ typedef enum _ZydisInstructionFlags /* : uint32_t */
{ {
IF_NONE = 0x00000000, ZYDIS_IF_NONE = 0x00000000,
/** /**
* @brief The instruction was decoded in 16 bit disassembler mode. * @brief The instruction was decoded in 16 bit disassembler mode.
*/ */
IF_DISASSEMBLER_MODE_16 = 0x00000001, ZYDIS_IF_DISASSEMBLER_MODE_16 = 0x00000001,
/** /**
* @brief The instruction was decoded in 32 bit disassembler mode. * @brief The instruction was decoded in 32 bit disassembler mode.
*/ */
IF_DISASSEMBLER_MODE_32 = 0x00000002, ZYDIS_IF_DISASSEMBLER_MODE_32 = 0x00000002,
/** /**
* @brief The instruction was decoded in 64 bit disassembler mode. * @brief The instruction was decoded in 64 bit disassembler mode.
*/ */
IF_DISASSEMBLER_MODE_64 = 0x00000004, ZYDIS_IF_DISASSEMBLER_MODE_64 = 0x00000004,
/** /**
* @brief The instruction has a segment prefix (0x26, 0x2E, 0x36, 0x3E, 0x64, 0x65). * @brief The instruction has a segment prefix (0x26, 0x2E, 0x36, 0x3E, 0x64, 0x65).
*/ */
IF_PREFIX_SEGMENT = 0x00000008, ZYDIS_IF_PREFIX_SEGMENT = 0x00000008,
/** /**
* @brief The instruction has a lock prefix (0xF0). * @brief The instruction has a lock prefix (0xF0).
*/ */
IF_PREFIX_LOCK = 0x00000010, ZYDIS_IF_PREFIX_LOCK = 0x00000010,
/** /**
* @brief The instruction has a repne prefix (0xF2). * @brief The instruction has a repne prefix (0xF2).
*/ */
IF_PREFIX_REPNE = 0x00000020, ZYDIS_IF_PREFIX_REPNE = 0x00000020,
/** /**
* @brief The instruction has a rep prefix (0xF3). * @brief The instruction has a rep prefix (0xF3).
*/ */
IF_PREFIX_REP = 0x00000040, ZYDIS_IF_PREFIX_REP = 0x00000040,
/** /**
* @brief The instruction has an operand size prefix (0x66). * @brief The instruction has an operand size prefix (0x66).
*/ */
IF_PREFIX_OPERAND_SIZE = 0x00000080, ZYDIS_IF_PREFIX_OPERAND_SIZE = 0x00000080,
/** /**
* @brief The instruction has an address size prefix (0x67). * @brief The instruction has an address size prefix (0x67).
*/ */
IF_PREFIX_ADDRESS_SIZE = 0x00000100, ZYDIS_IF_PREFIX_ADDRESS_SIZE = 0x00000100,
/** /**
* @brief The instruction has a rex prefix (0x40 - 0x4F). * @brief The instruction has a rex prefix (0x40 - 0x4F).
*/ */
IF_PREFIX_REX = 0x00000200, ZYDIS_IF_PREFIX_REX = 0x00000200,
/** /**
* @brief The instruction has a vex prefix (0xC4 or 0xC5). * @brief The instruction has a vex prefix (0xC4 or 0xC5).
*/ */
IF_PREFIX_VEX = 0x00000400, ZYDIS_IF_PREFIX_VEX = 0x00000400,
/** /**
* @brief The instruction has a modrm byte. * @brief The instruction has a modrm byte.
*/ */
IF_MODRM = 0x00000800, ZYDIS_IF_MODRM = 0x00000800,
/** /**
* @brief The instruction has a sib byte. * @brief The instruction has a sib byte.
*/ */
IF_SIB = 0x00001000, ZYDIS_IF_SIB = 0x00001000,
/** /**
* @brief The instruction has an operand with a relative address. * @brief The instruction has an operand with a relative address.
*/ */
IF_RELATIVE = 0x00002000, ZYDIS_IF_RELATIVE = 0x00002000,
/** /**
* @brief An error occured while decoding the instruction. * @brief An error occured while decoding the instruction.
*/ */
IF_ERROR_MASK = 0xFFF00000, ZYDIS_IF_ERROR_MASK = 0xFFF00000,
/** /**
* @brief End of input reached while decoding the instruction. * @brief End of input reached while decoding the instruction.
*/ */
IF_ERROR_END_OF_INPUT = 0x00100000, ZYDIS_IF_ERROR_END_OF_INPUT = 0x00100000,
/** /**
* @brief The instruction length has exceeded the maximum of 15 bytes. * @brief The instruction length has exceeded the maximum of 15 bytes.
*/ */
IF_ERROR_LENGTH = 0x00200000, ZYDIS_IF_ERROR_LENGTH = 0x00200000,
/** /**
* @brief The instruction is invalid. * @brief The instruction is invalid.
*/ */
IF_ERROR_INVALID = 0x00400000, ZYDIS_IF_ERROR_INVALID = 0x00400000,
/** /**
* @brief The instruction is invalid in 64 bit mode. * @brief The instruction is invalid in 64 bit mode.
*/ */
IF_ERROR_INVALID_64 = 0x00800000, ZYDIS_IF_ERROR_INVALID_64 = 0x00800000,
/** /**
* @brief An error occured while decoding the instruction operands. * @brief An error occured while decoding the instruction operands.
*/ */
IF_ERROR_OPERAND = 0x01000000, ZYDIS_IF_ERROR_OPERAND = 0x01000000,
IF_FORCE_DWORD = 0x7FFFFFFF ZYDIS_IF_FORCE_DWORD = 0x7FFFFFFF
} ZyDisInstructionFlags; } ZydisInstructionFlags;
/** /**
* @brief Values that represent a cpu register. * @brief Values that represent a cpu register.
*/ */
typedef enum _ZyDisRegister /* : uint16_t */ typedef enum _ZydisRegister /* : uint16_t */
{ {
REG_NONE, ZYDIS_REG_NONE,
/* 8 bit general purpose registers */ /* 8 bit general purpose registers */
REG_AL, REG_CL, REG_DL, REG_BL, ZYDIS_REG_AL, ZYDIS_REG_CL, ZYDIS_REG_DL, ZYDIS_REG_BL,
REG_AH, REG_CH, REG_DH, REG_BH, ZYDIS_REG_AH, ZYDIS_REG_CH, ZYDIS_REG_DH, ZYDIS_REG_BH,
REG_SPL, REG_BPL, REG_SIL, REG_DIL, ZYDIS_REG_SPL, ZYDIS_REG_BPL, ZYDIS_REG_SIL, ZYDIS_REG_DIL,
REG_R8B, REG_R9B, REG_R10B, REG_R11B, ZYDIS_REG_R8B, ZYDIS_REG_R9B, ZYDIS_REG_R10B, ZYDIS_REG_R11B,
REG_R12B, REG_R13B, REG_R14B, REG_R15B, ZYDIS_REG_R12B, ZYDIS_REG_R13B, ZYDIS_REG_R14B, ZYDIS_REG_R15B,
/* 16 bit general purpose registers */ /* 16 bit general purpose registers */
REG_AX, REG_CX, REG_DX, REG_BX, ZYDIS_REG_AX, ZYDIS_REG_CX, ZYDIS_REG_DX, ZYDIS_REG_BX,
REG_SP, REG_BP, REG_SI, REG_DI, ZYDIS_REG_SP, ZYDIS_REG_BP, ZYDIS_REG_SI, ZYDIS_REG_DI,
REG_R8W, REG_R9W, REG_R10W, REG_R11W, ZYDIS_REG_R8W, ZYDIS_REG_R9W, ZYDIS_REG_R10W, ZYDIS_REG_R11W,
REG_R12W, REG_R13W, REG_R14W, REG_R15W, ZYDIS_REG_R12W, ZYDIS_REG_R13W, ZYDIS_REG_R14W, ZYDIS_REG_R15W,
/* 32 bit general purpose registers */ /* 32 bit general purpose registers */
REG_EAX, REG_ECX, REG_EDX, REG_EBX, ZYDIS_REG_EAX, ZYDIS_REG_ECX, ZYDIS_REG_EDX, ZYDIS_REG_EBX,
REG_ESP, REG_EBP, REG_ESI, REG_EDI, ZYDIS_REG_ESP, ZYDIS_REG_EBP, ZYDIS_REG_ESI, ZYDIS_REG_EDI,
REG_R8D, REG_R9D, REG_R10D, REG_R11D, ZYDIS_REG_R8D, ZYDIS_REG_R9D, ZYDIS_REG_R10D, ZYDIS_REG_R11D,
REG_R12D, REG_R13D, REG_R14D, REG_R15D, ZYDIS_REG_R12D, ZYDIS_REG_R13D, ZYDIS_REG_R14D, ZYDIS_REG_R15D,
/* 64 bit general purpose registers */ /* 64 bit general purpose registers */
REG_RAX, REG_RCX, REG_RDX, REG_RBX, ZYDIS_REG_RAX, ZYDIS_REG_RCX, ZYDIS_REG_RDX, ZYDIS_REG_RBX,
REG_RSP, REG_RBP, REG_RSI, REG_RDI, ZYDIS_REG_RSP, ZYDIS_REG_RBP, ZYDIS_REG_RSI, ZYDIS_REG_RDI,
REG_R8, REG_R9, REG_R10, REG_R11, ZYDIS_REG_R8, ZYDIS_REG_R9, ZYDIS_REG_R10, ZYDIS_REG_R11,
REG_R12, REG_R13, REG_R14, REG_R15, ZYDIS_REG_R12, ZYDIS_REG_R13, ZYDIS_REG_R14, ZYDIS_REG_R15,
/* segment registers */ /* segment registers */
REG_ES, REG_CS, REG_SS, ZYDIS_REG_ES, ZYDIS_REG_CS, ZYDIS_REG_SS,
REG_DS, REG_FS, REG_GS, ZYDIS_REG_DS, ZYDIS_REG_FS, ZYDIS_REG_GS,
/* control registers */ /* control registers */
REG_CR0, REG_CR1, REG_CR2, REG_CR3, ZYDIS_REG_CR0, ZYDIS_REG_CR1, ZYDIS_REG_CR2, ZYDIS_REG_CR3,
REG_CR4, REG_CR5, REG_CR6, REG_CR7, ZYDIS_REG_CR4, ZYDIS_REG_CR5, ZYDIS_REG_CR6, ZYDIS_REG_CR7,
REG_CR8, REG_CR9, REG_CR10, REG_CR11, ZYDIS_REG_CR8, ZYDIS_REG_CR9, ZYDIS_REG_CR10, ZYDIS_REG_CR11,
REG_CR12, REG_CR13, REG_CR14, REG_CR15, ZYDIS_REG_CR12, ZYDIS_REG_CR13, ZYDIS_REG_CR14, ZYDIS_REG_CR15,
/* debug registers */ /* debug registers */
REG_DR0, REG_DR1, REG_DR2, REG_DR3, ZYDIS_REG_DR0, ZYDIS_REG_DR1, ZYDIS_REG_DR2, ZYDIS_REG_DR3,
REG_DR4, REG_DR5, REG_DR6, REG_DR7, ZYDIS_REG_DR4, ZYDIS_REG_DR5, ZYDIS_REG_DR6, ZYDIS_REG_DR7,
REG_DR8, REG_DR9, REG_DR10, REG_DR11, ZYDIS_REG_DR8, ZYDIS_REG_DR9, ZYDIS_REG_DR10, ZYDIS_REG_DR11,
REG_DR12, REG_DR13, REG_DR14, REG_DR15, ZYDIS_REG_DR12, ZYDIS_REG_DR13, ZYDIS_REG_DR14, ZYDIS_REG_DR15,
/* mmx registers */ /* mmx registers */
REG_MM0, REG_MM1, REG_MM2, REG_MM3, ZYDIS_REG_MM0, ZYDIS_REG_MM1, ZYDIS_REG_MM2, ZYDIS_REG_MM3,
REG_MM4, REG_MM5, REG_MM6, REG_MM7, ZYDIS_REG_MM4, ZYDIS_REG_MM5, ZYDIS_REG_MM6, ZYDIS_REG_MM7,
/* x87 registers */ /* x87 registers */
REG_ST0, REG_ST1, REG_ST2, REG_ST3, ZYDIS_REG_ST0, ZYDIS_REG_ST1, ZYDIS_REG_ST2, ZYDIS_REG_ST3,
REG_ST4, REG_ST5, REG_ST6, REG_ST7, ZYDIS_REG_ST4, ZYDIS_REG_ST5, ZYDIS_REG_ST6, ZYDIS_REG_ST7,
/* extended multimedia registers */ /* extended multimedia registers */
REG_XMM0, REG_XMM1, REG_XMM2, REG_XMM3, ZYDIS_REG_XMM0, ZYDIS_REG_XMM1, ZYDIS_REG_XMM2, ZYDIS_REG_XMM3,
REG_XMM4, REG_XMM5, REG_XMM6, REG_XMM7, ZYDIS_REG_XMM4, ZYDIS_REG_XMM5, ZYDIS_REG_XMM6, ZYDIS_REG_XMM7,
REG_XMM8, REG_XMM9, REG_XMM10, REG_XMM11, ZYDIS_REG_XMM8, ZYDIS_REG_XMM9, ZYDIS_REG_XMM10, ZYDIS_REG_XMM11,
REG_XMM12, REG_XMM13, REG_XMM14, REG_XMM15, ZYDIS_REG_XMM12, ZYDIS_REG_XMM13, ZYDIS_REG_XMM14, ZYDIS_REG_XMM15,
/* 256 bit multimedia registers */ /* 256 bit multimedia registers */
REG_YMM0, REG_YMM1, REG_YMM2, REG_YMM3, ZYDIS_REG_YMM0, ZYDIS_REG_YMM1, ZYDIS_REG_YMM2, ZYDIS_REG_YMM3,
REG_YMM4, REG_YMM5, REG_YMM6, REG_YMM7, ZYDIS_REG_YMM4, ZYDIS_REG_YMM5, ZYDIS_REG_YMM6, ZYDIS_REG_YMM7,
REG_YMM8, REG_YMM9, REG_YMM10, REG_YMM11, ZYDIS_REG_YMM8, ZYDIS_REG_YMM9, ZYDIS_REG_YMM10, ZYDIS_REG_YMM11,
REG_YMM12, REG_YMM13, REG_YMM14, YMM15, ZYDIS_REG_YMM12, ZYDIS_REG_YMM13, ZYDIS_REG_YMM14, YMM15,
/* instruction pointer register */ /* instruction pointer register */
REG_RIP, ZYDIS_REG_RIP,
REG_FORCE_WORD = 0x7FFF ZYDIS_REG_FORCE_WORD = 0x7FFF
} ZyDisRegister; } ZydisRegister;
/** /**
* @brief Values that represent the type of a decoded operand. * @brief Values that represent the type of a decoded operand.
*/ */
typedef enum _ZyDisOperandType /*: uint8_t*/ typedef enum _ZydisOperandType /*: uint8_t*/
{ {
/** /**
* @brief The operand is not used. * @brief The operand is not used.
*/ */
OPTYPE_NONE, ZYDIS_OPTYPE_NONE,
/** /**
* @brief The operand is a register operand. * @brief The operand is a register operand.
*/ */
OPTYPE_REGISTER, ZYDIS_OPTYPE_REGISTER,
/** /**
* @brief The operand is a memory operand. * @brief The operand is a memory operand.
*/ */
OPTYPE_MEMORY, ZYDIS_OPTYPE_MEMORY,
/** /**
* @brief The operand is a pointer operand. * @brief The operand is a pointer operand.
*/ */
OPTYPE_POINTER, ZYDIS_OPTYPE_POINTER,
/** /**
* @brief The operand is an immediate operand. * @brief The operand is an immediate operand.
*/ */
OPTYPE_IMMEDIATE, ZYDIS_OPTYPE_IMMEDIATE,
/** /**
* @brief The operand is a relative immediate operand. * @brief The operand is a relative immediate operand.
*/ */
OPTYPE_REL_IMMEDIATE, ZYDIS_OPTYPE_REL_IMMEDIATE,
/** /**
* @brief The operand is a constant value. * @brief The operand is a constant value.
*/ */
OPTYPE_CONSTANT ZYDIS_OPTYPE_CONSTANT
} ZyDisOperandType; } ZydisOperandType;
/** /**
* @brief Values that represent the operand access mode. * @brief Values that represent the operand access mode.
*/ */
typedef enum _ZyDisOperandAccessMode /* : uint8_t */ typedef enum _ZydisOperandAccessMode /* : uint8_t */
{ {
OPACCESSMODE_NA, ZYDIS_OPACCESSMODE_NA,
/** /**
* @brief The operand is accessed in read-only mode. * @brief The operand is accessed in read-only mode.
*/ */
OPACCESSMODE_READ, ZYDIS_OPACCESSMODE_READ,
/** /**
* @brief The operand is accessed in write mode. * @brief The operand is accessed in write mode.
*/ */
OPACCESSMODE_WRITE, ZYDIS_OPACCESSMODE_WRITE,
/** /**
* @brief The operand is accessed in read-write mode. * @brief The operand is accessed in read-write mode.
*/ */
OPACCESSMODE_READWRITE ZYDIS_OPACCESSMODE_READWRITE
} ZyDisOperandAccessMode; } ZydisOperandAccessMode;
/** /**
* @brief This struct holds information about a decoded operand. * @brief This struct holds information about a decoded operand.
*/ */
typedef struct _ZyDisOperandInfo typedef struct _ZydisOperandInfo
{ {
/** /**
* @brief The type of the operand. * @brief The type of the operand.
* @see ZyDisOperandType * @see ZydisOperandType
*/ */
uint8_t type; uint8_t type;
/** /**
@ -265,17 +263,17 @@ typedef struct _ZyDisOperandInfo
uint16_t size; uint16_t size;
/** /**
* @brief The operand access mode. * @brief The operand access mode.
* @see ZyDisOperandAccessMode * @see ZydisOperandAccessMode
*/ */
uint8_t access_mode; uint8_t access_mode;
/** /**
* @brief The base register. * @brief The base register.
* @see ZyDisRegister * @see ZydisRegister
*/ */
uint16_t base; uint16_t base;
/** /**
* @brief The index register. * @brief The index register.
* @see ZyDisRegister * @see ZydisRegister
*/ */
uint16_t index; uint16_t index;
/** /**
@ -308,12 +306,12 @@ typedef struct _ZyDisOperandInfo
uint32_t off; uint32_t off;
} ptr; } ptr;
} lval; } lval;
} ZyDisOperandInfo; } ZydisOperandInfo;
/** /**
* @brief This struct holds information about a decoded instruction. * @brief This struct holds information about a decoded instruction.
*/ */
typedef struct _ZyDisInstructionInfo typedef struct _ZydisInstructionInfo
{ {
/** /**
* @brief The instruction flags. * @brief The instruction flags.
@ -321,7 +319,7 @@ typedef struct _ZyDisInstructionInfo
uint32_t flags; uint32_t flags;
/** /**
* @brief The instruction mnemonic. * @brief The instruction mnemonic.
* @see ZyDisInstructionMnemonic * @see ZydisInstructionMnemonic
*/ */
uint16_t mnemonic; uint16_t mnemonic;
/** /**
@ -351,11 +349,11 @@ typedef struct _ZyDisInstructionInfo
/** /**
* @brief The decoded operands. * @brief The decoded operands.
*/ */
ZyDisOperandInfo operand[4]; ZydisOperandInfo operand[4];
/** /**
* @brief The segment register. This value will default to @c NONE, if no segment register * @brief The segment register. This value will default to @c NONE, if no segment register
* prefix is present. * prefix is present.
* @see ZyDisRegister * @see ZydisRegister
*/ */
uint16_t segment; uint16_t segment;
/** /**
@ -527,7 +525,7 @@ typedef struct _ZyDisInstructionInfo
/** /**
* @brief The instruction definition. * @brief The instruction definition.
*/ */
const ZyDisInstructionDefinition *instrDefinition; const void* instrDefinition; /* TODO: Port instruction definition types */
/** /**
* @brief The instruction address points to the current instruction (relative to the * @brief The instruction address points to the current instruction (relative to the
* initial instruction pointer). * initial instruction pointer).
@ -539,10 +537,10 @@ typedef struct _ZyDisInstructionInfo
* This field is used to properly format relative instructions. * This field is used to properly format relative instructions.
*/ */
uint64_t instrPointer; uint64_t instrPointer;
} ZyDisInstructionInfo; } ZydisInstructionInfo;
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _VDE_ZyDisDISASSEMBLERTYPESC_H_ */ #endif /* _ZYDIS_TYPES_H_ */

46
Bindings/C/ZydisUtils.cpp Normal file
View File

@ -0,0 +1,46 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#include "ZydisUtils.h"
#include "ZydisUtils.hpp"
static_assert(
sizeof(ZydisInstructionInfo) == sizeof(Zydis::InstructionInfo),
"struct size mismatch");
static_assert(
sizeof(ZydisOperandInfo) == sizeof(Zydis::OperandInfo),
"struct size mismatch");
uint64_t ZydisCalcAbsoluteTarget(const ZydisInstructionInfo *info, const ZydisOperandInfo *operand)
{
return Zydis::CalcAbsoluteTarget(
*reinterpret_cast<const Zydis::InstructionInfo*>(info),
*reinterpret_cast<const Zydis::OperandInfo*>(operand));
}

31
VerteronDisassemblerEngine/ZyDisDisassemblerUtils.h → Bindings/C/ZydisUtils.h
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : athre0z Modifications : Joel Höner
Last change : 04. February 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,40 +26,29 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#ifndef _VDE_ZyDisDISASSEMBLERUTILSC_H_ #ifndef _ZYDIS_UTILS_H_
#define _VDE_ZyDisDISASSEMBLERUTILSC_H_ #define _ZYDIS_UTILS_H_
#include "ZyDisDisassemblerTypes.h"
#include "ZyDisInternalConfig.h"
#include <stdint.h> #include <stdint.h>
#include "ZydisTypes.h"
#ifdef __cplusplus #ifdef __cplusplus
extern "C" extern "C"
{ {
#endif #endif
typedef struct _ZyDisContextDescriptor
{
uint8_t type;
void *ptr;
} ZyDisContextDescriptor;
/** /**
* @brief Calculates the absolute target address of a relative instruction operand. * @brief Calculates the absolute target address of a relative instruction operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The operand. * @param operand The operand.
* @return The absolute target address. * @return The absolute target address.
*/ */
ZYDIS_EXPORT uint64_t ZyDisCalcAbsoluteTarget( uint64_t ZydisCalcAbsoluteTarget(const ZydisInstructionInfo* info, const ZydisOperandInfo* operand);
const ZyDisInstructionInfo *info,
const ZyDisOperandInfo *operand);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _VDE_ZyDisDISASSEMBLERUTILSC_H_ */ #endif /* _ZYDIS_UTILS_H_ */

9655
Bindings/Cpp/ZyDisOpcodeTable.cpp
View File

File diff suppressed because it is too large Load Diff

2
CMakeLists.txt
View File

@ -1,7 +1,7 @@
cmake_minimum_required(VERSION 2.8.12) cmake_minimum_required(VERSION 2.8.12)
include(GenerateExportHeader) include(GenerateExportHeader)
project(VerteronDisassemblerEngine) project(ZyanDisassemblerEngine)
option(BUILD_SHARED_LIBS "Build shared libraries rather than static ones" FALSE) option(BUILD_SHARED_LIBS "Build shared libraries rather than static ones" FALSE)
option(FORCE_SHARED_CRT option(FORCE_SHARED_CRT

86
Examples/C/SimpleDemo/SimpleDemo.c Normal file
View File

@ -0,0 +1,86 @@
#include <Zydis.h>
#include <stdio.h>
#include <stdint.h>
int main()
{
uint8_t data32[] =
{
0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0xD8, 0x18, 0x09, 0x77, 0x68, 0x85, 0xD2,
0x09, 0x77, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x83, 0xEC, 0x14, 0x53, 0x56, 0x57,
0xA1, 0x68, 0xEE, 0x13, 0x77, 0x31, 0x45, 0xF8, 0x33, 0xC5, 0x50, 0x8D, 0x45, 0xF0, 0x64,
0xA3, 0x00, 0x00, 0x00, 0x00, 0x89, 0x65, 0xE8, 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00,
0x8B, 0x5D, 0x08, 0xF6, 0xC3, 0x04, 0x0F, 0x85, 0x57, 0x74, 0x00, 0x00, 0x53, 0x6A, 0x00,
0xFF, 0x35, 0xA0, 0xE3, 0x13, 0x77, 0xFF, 0x15, 0x00, 0x10, 0x14, 0x77, 0x85, 0xC0, 0x0F,
0x84, 0xC6, 0x48, 0x04, 0x00, 0xC7, 0x45, 0x08, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x45, 0xFC,
0xFE, 0xFF, 0xFF, 0xFF, 0x33, 0xC0, 0x8B, 0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00,
0x00, 0x59, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00
};
uint8_t data64[] =
{
0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x89, 0x4C, 0x24, 0x08, 0x57,
0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x40, 0x4C, 0x8B, 0xF2,
0x8B, 0xD9, 0x48, 0xC7, 0x44, 0x24, 0x20, 0x00, 0x00, 0x00, 0x00, 0x33, 0xF6, 0x48, 0x89,
0x74, 0x24, 0x30, 0x45, 0x33, 0xFF, 0xF7, 0xC1, 0x8D, 0xF0, 0xFF, 0xFF, 0x0F, 0x85, 0xAA,
0x53, 0x08, 0x00, 0xF6, 0xC1, 0x40, 0x8B, 0xFE, 0x41, 0xBD, 0x08, 0x00, 0x00, 0x00, 0x41,
0x0F, 0x45, 0xFD, 0xF6, 0xC1, 0x02, 0x48, 0x8B, 0x0D, 0x10, 0xD4, 0x0E, 0x00, 0x0F, 0x85,
0x40, 0xE1, 0x01, 0x00, 0x8B, 0x15, 0x4C, 0xD5, 0x0E, 0x00, 0x81, 0xC2, 0x00, 0x00, 0x14,
0x00, 0x0B, 0xD7, 0x4D, 0x8B, 0xC6, 0xFF, 0x15, 0x3B, 0x2F, 0x10, 0x00, 0x48, 0x8B, 0xD8,
0x48, 0x85, 0xC0, 0x0F, 0x84, 0x93, 0x78, 0x0A, 0x00, 0x48, 0x8B, 0xC3, 0x48, 0x8B, 0x5C,
0x24, 0x78, 0x48, 0x8B, 0xB4, 0x24, 0x80, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x40, 0x41,
0x5F, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5F, 0xC3
};
ZydisInstructionInfo info;
ZydisInstructionDecoderContext* decoder = NULL;
ZydisBaseInstructionFormatterContext* formatter = NULL;
ZydisBaseInputContext* input32 = NULL;
ZydisBaseInputContext* input64 = NULL;
decoder = ZydisInstructionDecoder_Create();
formatter = ZydisIntelInstructionFormatter_Create();
input32 = ZydisMemoryInput_Create(&data32[0], sizeof(data32));
input64 = ZydisMemoryInput_Create(&data64[0], sizeof(data64));
ZydisInstructionDecoder_SetDisassemblerMode(decoder, DM_M32BIT);
ZydisInstructionDecoder_SetDataSource(decoder, input32);
ZydisInstructionDecoder_SetInstructionPointer(decoder, 0x77091852);
puts("32 bit test ...\n\n");
while (ZydisInstructionDecoder_DecodeInstruction(decoder, &info))
{
printf("%08X ", (uint32_t)(info.instrAddress & 0xFFFFFFFF));
if (info.flags & ZYDIS_IF_ERROR_MASK)
{
printf("db %02X\n", info.data[0]);
}
else
{
printf("%s\n", ZydisBaseInstructionFormatter_FormatInstruction(formatter, &info));
}
}
puts("\n");
ZydisInstructionDecoder_SetDisassemblerMode(decoder, DM_M64BIT);
ZydisInstructionDecoder_SetDataSource(decoder, input64);
ZydisInstructionDecoder_SetInstructionPointer(decoder, 0x00007FFA39A81930ull);
puts("64 bit test ...\n\n");
while (ZydisInstructionDecoder_DecodeInstruction(decoder, &info))
{
printf("%016llX ", info.instrAddress);
if (info.flags & ZYDIS_IF_ERROR_MASK)
{
printf("db %02X", info.data[0]);
}
else
{
printf("%s\n", ZydisBaseInstructionFormatter_FormatInstruction(formatter, &info));
}
}
getchar();
return 0;
}

115
Examples/CppBindings/Main.cpp
View File

@ -1,115 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications :
Last change : 29. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#include <stdint.h>
#include <iostream>
#include <iomanip>
#include <ZyDisDisassembler.hpp>
using namespace Verteron;
int main(int argc, char* argv[])
{
(void)argc; (void)argv;
uint8_t data32[] =
{
0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0xD8, 0x18, 0x09, 0x77, 0x68, 0x85, 0xD2,
0x09, 0x77, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x83, 0xEC, 0x14, 0x53, 0x56, 0x57,
0xA1, 0x68, 0xEE, 0x13, 0x77, 0x31, 0x45, 0xF8, 0x33, 0xC5, 0x50, 0x8D, 0x45, 0xF0, 0x64,
0xA3, 0x00, 0x00, 0x00, 0x00, 0x89, 0x65, 0xE8, 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00,
0x8B, 0x5D, 0x08, 0xF6, 0xC3, 0x04, 0x0F, 0x85, 0x57, 0x74, 0x00, 0x00, 0x53, 0x6A, 0x00,
0xFF, 0x35, 0xA0, 0xE3, 0x13, 0x77, 0xFF, 0x15, 0x00, 0x10, 0x14, 0x77, 0x85, 0xC0, 0x0F,
0x84, 0xC6, 0x48, 0x04, 0x00, 0xC7, 0x45, 0x08, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x45, 0xFC,
0xFE, 0xFF, 0xFF, 0xFF, 0x33, 0xC0, 0x8B, 0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00,
0x00, 0x59, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00
};
uint8_t data64[] =
{
0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x89, 0x4C, 0x24, 0x08, 0x57,
0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x40, 0x4C, 0x8B, 0xF2,
0x8B, 0xD9, 0x48, 0xC7, 0x44, 0x24, 0x20, 0x00, 0x00, 0x00, 0x00, 0x33, 0xF6, 0x48, 0x89,
0x74, 0x24, 0x30, 0x45, 0x33, 0xFF, 0xF7, 0xC1, 0x8D, 0xF0, 0xFF, 0xFF, 0x0F, 0x85, 0xAA,
0x53, 0x08, 0x00, 0xF6, 0xC1, 0x40, 0x8B, 0xFE, 0x41, 0xBD, 0x08, 0x00, 0x00, 0x00, 0x41,
0x0F, 0x45, 0xFD, 0xF6, 0xC1, 0x02, 0x48, 0x8B, 0x0D, 0x10, 0xD4, 0x0E, 0x00, 0x0F, 0x85,
0x40, 0xE1, 0x01, 0x00, 0x8B, 0x15, 0x4C, 0xD5, 0x0E, 0x00, 0x81, 0xC2, 0x00, 0x00, 0x14,
0x00, 0x0B, 0xD7, 0x4D, 0x8B, 0xC6, 0xFF, 0x15, 0x3B, 0x2F, 0x10, 0x00, 0x48, 0x8B, 0xD8,
0x48, 0x85, 0xC0, 0x0F, 0x84, 0x93, 0x78, 0x0A, 0x00, 0x48, 0x8B, 0xC3, 0x48, 0x8B, 0x5C,
0x24, 0x78, 0x48, 0x8B, 0xB4, 0x24, 0x80, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x40, 0x41,
0x5F, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5F, 0xC3
};
VXInstructionInfo info;
VXInstructionDecoder decoder;
VXIntelInstructionFormatter formatter;
VXMemoryDataSource input32(&data32[0], sizeof(data32));
VXMemoryDataSource input64(&data64[0], sizeof(data64));
decoder.setDisassemblerMode(VXDisassemblerMode::M32BIT);
decoder.setDataSource(&input32);
decoder.setInstructionPointer(0x77091852);
std::cout << "32 bit test ..." << std::endl << std::endl;
while (decoder.decodeInstruction(info))
{
std::cout << std::hex << std::setw(8) << std::setfill('0') << std::uppercase
<< info.instrAddress << " ";
if (info.flags & IF_ERROR_MASK)
{
std::cout << "db " << std::setw(2) << info.data[0];
} else
{
std::cout << formatter.formatInstruction(info) << std::endl;
}
}
std::cout << std::endl;
decoder.setDisassemblerMode(VXDisassemblerMode::M64BIT);
decoder.setDataSource(&input64);
decoder.setInstructionPointer(0x00007FFA39A81930ull);
std::cout << "64 bit test ..." << std::endl << std::endl;
while (decoder.decodeInstruction(info))
{
std::cout << std::hex << std::setw(16) << std::setfill('0') << std::uppercase
<< info.instrAddress << " ";
if (info.flags & IF_ERROR_MASK)
{
std::cout << "db " << std::setw(2) << info.data[0];
} else
{
std::cout << formatter.formatInstruction(info) << std::endl;
}
}
std::cin.get();
return 0;
}

123
Examples/SimpleDemo/Main.c
View File

@ -1,123 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 04. February 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#include <ZyDisDisassembler.h>
#include <stdio.h>
#include <stdint.h>
int main()
{
uint8_t data32[] =
{
0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x6A, 0xFE, 0x68, 0xD8, 0x18, 0x09, 0x77, 0x68, 0x85, 0xD2,
0x09, 0x77, 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, 0x50, 0x83, 0xEC, 0x14, 0x53, 0x56, 0x57,
0xA1, 0x68, 0xEE, 0x13, 0x77, 0x31, 0x45, 0xF8, 0x33, 0xC5, 0x50, 0x8D, 0x45, 0xF0, 0x64,
0xA3, 0x00, 0x00, 0x00, 0x00, 0x89, 0x65, 0xE8, 0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00,
0x8B, 0x5D, 0x08, 0xF6, 0xC3, 0x04, 0x0F, 0x85, 0x57, 0x74, 0x00, 0x00, 0x53, 0x6A, 0x00,
0xFF, 0x35, 0xA0, 0xE3, 0x13, 0x77, 0xFF, 0x15, 0x00, 0x10, 0x14, 0x77, 0x85, 0xC0, 0x0F,
0x84, 0xC6, 0x48, 0x04, 0x00, 0xC7, 0x45, 0x08, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x45, 0xFC,
0xFE, 0xFF, 0xFF, 0xFF, 0x33, 0xC0, 0x8B, 0x4D, 0xF0, 0x64, 0x89, 0x0D, 0x00, 0x00, 0x00,
0x00, 0x59, 0x5F, 0x5E, 0x5B, 0x8B, 0xE5, 0x5D, 0xC2, 0x04, 0x00
};
uint8_t data64[] =
{
0x48, 0x89, 0x5C, 0x24, 0x10, 0x48, 0x89, 0x74, 0x24, 0x18, 0x89, 0x4C, 0x24, 0x08, 0x57,
0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xEC, 0x40, 0x4C, 0x8B, 0xF2,
0x8B, 0xD9, 0x48, 0xC7, 0x44, 0x24, 0x20, 0x00, 0x00, 0x00, 0x00, 0x33, 0xF6, 0x48, 0x89,
0x74, 0x24, 0x30, 0x45, 0x33, 0xFF, 0xF7, 0xC1, 0x8D, 0xF0, 0xFF, 0xFF, 0x0F, 0x85, 0xAA,
0x53, 0x08, 0x00, 0xF6, 0xC1, 0x40, 0x8B, 0xFE, 0x41, 0xBD, 0x08, 0x00, 0x00, 0x00, 0x41,
0x0F, 0x45, 0xFD, 0xF6, 0xC1, 0x02, 0x48, 0x8B, 0x0D, 0x10, 0xD4, 0x0E, 0x00, 0x0F, 0x85,
0x40, 0xE1, 0x01, 0x00, 0x8B, 0x15, 0x4C, 0xD5, 0x0E, 0x00, 0x81, 0xC2, 0x00, 0x00, 0x14,
0x00, 0x0B, 0xD7, 0x4D, 0x8B, 0xC6, 0xFF, 0x15, 0x3B, 0x2F, 0x10, 0x00, 0x48, 0x8B, 0xD8,
0x48, 0x85, 0xC0, 0x0F, 0x84, 0x93, 0x78, 0x0A, 0x00, 0x48, 0x8B, 0xC3, 0x48, 0x8B, 0x5C,
0x24, 0x78, 0x48, 0x8B, 0xB4, 0x24, 0x80, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x40, 0x41,
0x5F, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5F, 0xC3
};
ZyDisInstructionInfo info;
ZyDisInstructionDecoderContext* decoder = NULL;
ZyDisBaseInstructionFormatterContext* formatter = NULL;
ZyDisBaseDataSourceContext* input32 = NULL;
ZyDisBaseDataSourceContext* input64 = NULL;
decoder = ZyDisInstructionDecoder_Create();
formatter = ZyDisIntelInstructionFormatter_Create();
input32 = ZyDisMemoryDataSource_Create(&data32[0], sizeof(data32));
input64 = ZyDisMemoryDataSource_Create(&data64[0], sizeof(data64));
ZyDisInstructionDecoder_SetDisassemblerMode(decoder, DM_M32BIT);
ZyDisInstructionDecoder_SetDataSource(decoder, input32);
ZyDisInstructionDecoder_SetInstructionPointer(decoder, 0x77091852);
puts("32 bit test ...\n\n");
while (ZyDisInstructionDecoder_DecodeInstruction(decoder, &info))
{
printf("%08X ", (uint32_t)(info.instrAddress & 0xFFFFFFFF));
if (info.flags & IF_ERROR_MASK)
{
printf("db %02X\n", info.data[0]);
}
else
{
printf("%s\n", ZyDisBaseInstructionFormatter_FormatInstruction(formatter, &info));
}
}
puts("\n");
ZyDisInstructionDecoder_SetDisassemblerMode(decoder, DM_M64BIT);
ZyDisInstructionDecoder_SetDataSource(decoder, input64);
ZyDisInstructionDecoder_SetInstructionPointer(decoder, 0x00007FFA39A81930ull);
puts("64 bit test ...\n\n");
while (ZyDisInstructionDecoder_DecodeInstruction(decoder, &info))
{
printf("%016llX ", info.instrAddress);
if (info.flags & IF_ERROR_MASK)
{
printf("db %02X", info.data[0]);
}
else
{
printf("%s\n", ZyDisBaseInstructionFormatter_FormatInstruction(formatter, &info));
}
}
ZyDisBaseDataSource_Release(input32);
ZyDisBaseDataSource_Release(input64);
ZyDisBaseInstructionFormatter_Release(formatter);
ZyDisInstructionDecoder_Release(decoder);
getchar();
return 0;
}

195
Examples/SymbolResolver/Main.c
View File

@ -1,195 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 19. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#include <ZyDisDisassembler.h>
#include <Windows.h>
int main(int argc, char* argv[])
{
ZYDIS_UNUSED(argc); ZYDIS_UNUSED(argv);
// TODO: port to C
/*
// Find module base in memory
void *moduleBase = GetModuleHandle("kernel32.dll");
uintptr_t baseAddress = (uintptr_t)moduleBase;
// Parse PE headers
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)moduleBase;
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
{
return 1;
}
PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)(baseAddress + dosHeader->e_lfanew);
if (ntHeaders->Signature != IMAGE_NT_SIGNATURE)
{
return 1;
}
// Initialize disassembler
ZyDisInstructionInfo info;
ZyDisInstructionDecoder decoder;
ZyDisExactSymbolResolver resolver;
ZyDisIntelInstructionFormatter formatter;
#ifdef _M_X64
decoder.setDisassemblerMode(ZyDisDisassemblerMode::M64BIT);
#else
decoder.setDisassemblerMode(ZyDisDisassemblerMode::M32BIT);
#endif
formatter.setSymbolResolver(&resolver);
// Initialize output stream
std::ofstream out;
out.open(".\\output.txt");
// Find all call and jump targets
uint64_t subCount = 0;
uint64_t locCount = 0;
PIMAGE_SECTION_HEADER sectionHeader =
reinterpret_cast<PIMAGE_SECTION_HEADER>(
reinterpret_cast<uintptr_t>(ntHeaders) + sizeof(IMAGE_NT_HEADERS)
+ ntHeaders->FileHeader.SizeOfOptionalHeader - sizeof(IMAGE_OPTIONAL_HEADER));
for (unsigned int i = 0; i < ntHeaders->FileHeader.NumberOfSections; ++i)
{
if (sectionHeader->Characteristics & IMAGE_SCN_CNT_CODE)
{
ZyDisMemoryDataSource input(reinterpret_cast<const void*>(
baseAddress + sectionHeader->VirtualAddress), sectionHeader->SizeOfRawData);
decoder.setDataSource(&input);
decoder.setInstructionPointer(baseAddress + sectionHeader->VirtualAddress);
while (decoder.decodeInstruction(info))
{
// Skip invalid and non-relative instructions
if ((info.flags & IF_ERROR_MASK) || !(info.flags & IF_RELATIVE))
{
continue;
}
switch (info.mnemonic)
{
case ZyDisInstructionMnemonic::CALL:
resolver.setSymbol(VDECalcAbsoluteTarget(info, info.operand[0]),
std::string("sub_" + std::to_string(subCount)).c_str());
subCount++;
break;
case ZyDisInstructionMnemonic::JMP:
case ZyDisInstructionMnemonic::JO:
case ZyDisInstructionMnemonic::JNO:
case ZyDisInstructionMnemonic::JB:
case ZyDisInstructionMnemonic::JNB:
case ZyDisInstructionMnemonic::JE:
case ZyDisInstructionMnemonic::JNE:
case ZyDisInstructionMnemonic::JBE:
case ZyDisInstructionMnemonic::JA:
case ZyDisInstructionMnemonic::JS:
case ZyDisInstructionMnemonic::JNS:
case ZyDisInstructionMnemonic::JP:
case ZyDisInstructionMnemonic::JNP:
case ZyDisInstructionMnemonic::JL:
case ZyDisInstructionMnemonic::JGE:
case ZyDisInstructionMnemonic::JLE:
case ZyDisInstructionMnemonic::JG:
case ZyDisInstructionMnemonic::JCXZ:
case ZyDisInstructionMnemonic::JECXZ:
case ZyDisInstructionMnemonic::JRCXZ:
resolver.setSymbol(VDECalcAbsoluteTarget(info, info.operand[0]),
std::string("loc_" + std::to_string(locCount)).c_str());
locCount++;
break;
default:
break;
}
}
}
sectionHeader++;
}
// Add entry point symbol
resolver.setSymbol(baseAddress + ntHeaders->OptionalHeader.AddressOfEntryPoint, "EntryPoint");
// Add exported symbols
if (ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress > 0)
{
PIMAGE_EXPORT_DIRECTORY exports =
reinterpret_cast<PIMAGE_EXPORT_DIRECTORY>(reinterpret_cast<LPBYTE>(baseAddress) +
ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);
PDWORD address =
reinterpret_cast<PDWORD>(reinterpret_cast<LPBYTE>(baseAddress) +
exports->AddressOfFunctions);
PDWORD name =
reinterpret_cast<PDWORD>(reinterpret_cast<LPBYTE>(baseAddress) +
exports->AddressOfNames);
PWORD ordinal =
reinterpret_cast<PWORD>(reinterpret_cast<LPBYTE>(baseAddress) +
exports->AddressOfNameOrdinals);
for(unsigned int i = 0; i < exports->NumberOfNames; ++i)
{
resolver.setSymbol(baseAddress + address[ordinal[i]],
reinterpret_cast<char*>(baseAddress) + name[i]);
}
}
// Disassemble
sectionHeader =
reinterpret_cast<PIMAGE_SECTION_HEADER>(
reinterpret_cast<uintptr_t>(ntHeaders) + sizeof(IMAGE_NT_HEADERS)
+ ntHeaders->FileHeader.SizeOfOptionalHeader - sizeof(IMAGE_OPTIONAL_HEADER));
for (unsigned int i = 0; i < ntHeaders->FileHeader.NumberOfSections; ++i)
{
if (sectionHeader->Characteristics & IMAGE_SCN_CNT_CODE)
{
ZyDisMemoryDataSource input(reinterpret_cast<const void*>(
baseAddress + sectionHeader->VirtualAddress), sectionHeader->SizeOfRawData);
decoder.setDataSource(&input);
decoder.setInstructionPointer(baseAddress + sectionHeader->VirtualAddress);
while (decoder.decodeInstruction(info))
{
uint64_t offset;
const char *symbol = resolver.resolveSymbol(info, info.instrAddress, offset);
if (symbol)
{
out << symbol << ": " << std::endl;
}
out << " " << std::hex << std::setw(16) << std::setfill('0')
<< info.instrAddress << " ";
if (info.flags & IF_ERROR_MASK)
{
out << "db " << std::hex << std::setw(2) << std::setfill('0')
<< static_cast<int>(info.data[0]) << std::endl;
} else
{
out << formatter.formatInstruction(info) << std::endl;
}
}
}
sectionHeader++;
}
out.close();
*/
return 0;
}

22
README.md
View File

@ -1,4 +1,4 @@
Verteron Disassembler Engine (VDE) Zyan Disassembler Engine (Zydis)
================================== ==================================
Fast and lightweight x86/x86-64 disassembler library. Fast and lightweight x86/x86-64 disassembler library.
@ -18,15 +18,15 @@ Fast and lightweight x86/x86-64 disassembler library.
## Quick Example ## ## Quick Example ##
The following example program uses VDE to disassemble a given memory buffer and prints the output to the console. The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.
```C++ ```C++
#include <tchar.h> #include <tchar.h>
#include <iostream> #include <iostream>
#include <stdint.h> #include <stdint.h>
#include "VXDisassembler.h" #include "Zydis.hpp"
using namespace Verteron; using namespace Zydis;
int _tmain(int argc, _TCHAR* argv[]) int _tmain(int argc, _TCHAR* argv[])
{ {
@ -34,13 +34,13 @@ int _tmain(int argc, _TCHAR* argv[])
{ {
0x90, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xC3 0x90, 0xE9, 0x00, 0x00, 0x00, 0x00, 0xC3
}; };
VXMemoryDataSource input(&data[0], sizeof(data)); MemoryInput input(&data[0], sizeof(data));
VXInstructionInfo info; InstructionInfo info;
VXInstructionDecoder decoder; InstructionDecoder decoder;
decoder.setDisassemblerMode(VXDisassemblerMode::M32BIT); decoder.setDisassemblerMode(ZydisMode::M32BIT);
decoder.setDataSource(&input); decoder.setDataSource(&input);
decoder.setInstructionPointer(0); decoder.setInstructionPointer(0);
VXIntelInstructionFormatter formatter; IntelInstructionFormatter formatter;
while (decoder.decodeInstruction(info)) while (decoder.decodeInstruction(info))
{ {
std::cout << formatter.formatInstruction(info) << std::endl; std::cout << formatter.formatInstruction(info) << std::endl;
@ -50,8 +50,8 @@ int _tmain(int argc, _TCHAR* argv[])
## Compilation ## ## Compilation ##
- While VDE supports other compilers in theory, compilation has not been tested with any compiler other than MSVC12 (Visual Studio 2013) - While Zydis supports other compilers in theory, compilation has not been tested with any compiler other than MSVC12 (Visual Studio 2013)
- Multi-compiler support might be added in the future - Multi-compiler support might be added in the future
## License ## ## License ##
Verteron Disassembler Engine is licensed under the MIT License. Dependencies are under their respective licenses. Zyan Disassembler Engine is licensed under the MIT License. Dependencies are under their respective licenses.

41
VerteronDisassemblerEngine/ZyDisDisassembler.h
View File

@ -1,41 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 04. February 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#ifndef _VDE_ZyDisDISASSEMBLERC_H_
#define _VDE_ZyDisDISASSEMBLERC_H_
#include "ZyDisDisassemblerTypes.h"
#include "ZyDisInstructionDecoder.h"
#include "ZyDisInstructionFormatter.h"
#include "ZyDisDisassemblerUtils.h"
#endif /* _VDE_ZyDisDISASSEMBLERC_H_ */

74
VerteronDisassemblerEngine/ZyDisDisassemblerUtils.c
View File

@ -1,74 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 13. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#include "ZyDisDisassemblerUtils.h"
#include <assert.h>
uint64_t ZyDisCalcAbsoluteTarget(const ZyDisInstructionInfo *info, const ZyDisOperandInfo *operand)
{
assert((operand->type == OPTYPE_REL_IMMEDIATE) ||
((operand->type == OPTYPE_MEMORY) && (operand->base == REG_RIP)));
uint64_t truncMask = 0xFFFFFFFFFFFFFFFFull;
if (!(info->flags & IF_DISASSEMBLER_MODE_64))
{
truncMask >>= (64 - info->operand_mode);
}
uint16_t size = operand->size;
if ((operand->type == OPTYPE_MEMORY) && (operand->base == REG_RIP))
{
size = operand->offset;
}
switch (size)
{
case 8:
return (info->instrPointer + operand->lval.sbyte) & truncMask;
case 16:
{
uint32_t delta = operand->lval.sword & truncMask;
if ((info->instrPointer + delta) > 0xFFFF)
{
return (info->instrPointer & 0xF0000) + ((info->instrPointer + delta) & 0xFFFF);
}
return info->instrPointer + delta;
}
case 32:
return (info->instrPointer + operand->lval.sdword) & truncMask;
default:
assert(0);
}
return 0;
}

2122
VerteronDisassemblerEngine/ZyDisInstructionDecoder.c
View File

File diff suppressed because it is too large Load Diff

1136
VerteronDisassemblerEngine/ZyDisInstructionFormatter.c
View File

File diff suppressed because it is too large Load Diff

174
VerteronDisassemblerEngine/ZyDisInstructionFormatter.h
View File

@ -1,174 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 14. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#ifndef _VDE_ZyDisINSTRUCTIONFORMATTERC_H_
#define _VDE_ZyDisINSTRUCTIONFORMATTERC_H_
#include "ZyDisDisassemblerTypes.h"
#include "ZyDisDisassemblerUtils.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* ZyDisBaseSymbolResolver ======================================================================== */
typedef struct _ZyDisBaseSymbolResolverContext
{
ZyDisContextDescriptor d;
} ZyDisBaseSymbolResolverContext;
/**
* @brief Releases a symbol resolver.
* @param ctx The context of the symbol resolver to free.
* The context may no longer used after it was released.
*/
ZYDIS_EXPORT void ZyDisBaseSymbolResolver_Release(
ZyDisBaseSymbolResolverContext *ctx);
/**
* @brief Resolves a symbol.
* @param ctx The symbol resolver context.
* @param info The instruction info.
* @param address The address.
* @param offset Pointer to an unsigned 64 bit integer that receives an offset relative to
* the base address of the symbol.
* @return The name of the symbol if the symbol was found, else @c NULL.
*/
ZYDIS_EXPORT const char* ZyDisBaseSymbolResolver_ResolveSymbol(
ZyDisBaseSymbolResolverContext *ctx,
const ZyDisInstructionInfo *info,
uint64_t address,
uint64_t *offset);
/* ZyDisCustomSymbolResolver ====================================================================== */
typedef const char* (*ZyDisCustomSymbolResolver_ResolveSymbolCallback)(
const ZyDisInstructionInfo *info,
uint64_t address,
uint64_t *offset,
void *userData);
/**
* @brief Creates a custom symbol resolver.
* @param resolverCb The resolver callback consulted when symbols need to be resolved.
* @param userData A pointer to arbitrary data passed to the resolver callback.
* May also be @c NULL.
* @return @c NULL if it fails, else a symbol resolver context.
*/
ZYDIS_EXPORT ZyDisBaseSymbolResolverContext* ZyDisCustomSymbolResolver_Create(
ZyDisCustomSymbolResolver_ResolveSymbolCallback resolverCb,
void *userData);
/* ZyDisBaseInstructionFormatter ================================================================== */
typedef struct _ZyDisBaseInstructionFormatterContext
{
ZyDisContextDescriptor d;
} ZyDisBaseInstructionFormatterContext;
typedef void(*ZyDisBaseInstructionFormatter_InternalFormatInstructionCallback)(
ZyDisBaseInstructionFormatterContext *ctx, const ZyDisInstructionInfo *info);
/**
* @brief Formats a decoded instruction.
* @param ctx The instruction formatter context.
* @param info The instruction info.
* @return Pointer to the formatted instruction string. This pointer remains valid until
* this function is called again or the context is released.
*/
ZYDIS_EXPORT const char* ZyDisBaseInstructionFormatter_FormatInstruction(
ZyDisBaseInstructionFormatterContext *ctx,
const ZyDisInstructionInfo *info);
/**
* @brief Returns a pointer to the current symbol resolver.
* @param ctx The instruction formatter context.
* @return Pointer to the current symbol resolver or @c NULL if no symbol resolver is used.
*/
ZYDIS_EXPORT ZyDisBaseSymbolResolverContext* ZyDisBaseInstructionFormatter_GetSymbolResolver(
const ZyDisBaseInstructionFormatterContext *ctx);
/**
* @brief Sets a new symbol resolver.
* @param ctx The instruction formatter context.
* @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol
* resolver should be used.
*/
ZYDIS_EXPORT void ZyDisBaseInstructionFormatter_SetSymbolResolver(
ZyDisBaseInstructionFormatterContext *ctx,
ZyDisBaseSymbolResolverContext *resolver);
/**
* @brief Releases an instruction formatter.
* @param ctx The context of the instruction formatter to release.
* The context may no longer used after it has been released.
*/
ZYDIS_EXPORT void ZyDisBaseInstructionFormatter_Release(
ZyDisBaseInstructionFormatterContext *ctx);
/* ZyDisIntelInstructionFormatter ================================================================= */
/**
* @brief Creates an Intel-syntax instruction formatter.
* @return @c NULL if it fails, else an Intel instruction formatter context.
* @see ZyDisBaseInstructionFormatter_Release
*/
ZYDIS_EXPORT ZyDisBaseInstructionFormatterContext* ZyDisIntelInstructionFormatter_Create(void);
/**
* @brief Creates an Intel-syntax instruction formatter.
* @param resolver The symbol resolver consulted to resolve symbols on formatting.
* @return @c NULL if it fails, else an Intel instruction formatter context.
* @see ZyDisBaseInstructionFormatter_Release
*/
ZYDIS_EXPORT ZyDisBaseInstructionFormatterContext* ZyDisIntelInstructionFormatter_CreateEx(
ZyDisBaseSymbolResolverContext *resolver);
/* ZyDisCustomInstructionFormatter ================================================================ */
/**
* @brief Creats a custom instruction formatter.
* @param formatInsnCb The callback formatting the instruction.
* @return @c NULL if it fails, else a custom instruction formatter context.
*/
ZYDIS_EXPORT ZyDisBaseInstructionFormatterContext* ZyDisCustomInstructionFormatter_Create(
ZyDisBaseInstructionFormatter_InternalFormatInstructionCallback formatInsnCb);
/* ============================================================================================= */
#ifdef __cplusplus
}
#endif
#endif /* _VDE_ZyDisINSTRUCTIONFORMATTERC_H_ */

50
VerteronDisassemblerEngine/ZyDisInternalConfig.h
View File

@ -1,50 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : athre0z
Modifications :
Last change : 16. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
/*
* Include CMake generated header defining macros im-/exporting functions statically or
* dynamically depending what the user requested from CMake.
*/
#include "ZyDisExportConfig.h"
#ifndef _VDE_ZyDisINTERNALCONFIG_H_
#define _VDE_ZyDisINTERNALCONFIG_H_
#ifdef _MSC_VER
# define ZYDIS_INLINE __inline
#else
# define ZYDIS_INLINE static inline
#endif
#define ZYDIS_UNUSED(x) ((void)x)
#endif /* _VDE_ZyDisINTERNALCONFIG_H_ */

197
VerteronDisassemblerEngine/ZyDisInternalHelpers.h
View File

@ -1,197 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : athre0z
Modifications :
Last change : 19. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#ifndef _VDE_ZyDisINTERNALHELPERS_H_
#define _VDE_ZyDisINTERNALHELPERS_H_
#include "ZyDisInstructionDecoder.h"
#include "ZyDisInstructionFormatter.h"
#include "ZyDisInternalConfig.h"
#include <assert.h>
/* Types IDs =================================================================================== */
typedef enum _ZyDisTypeId
{
TYPE_BASEDATASOURCE,
TYPE_MEMORYDATASOURCE,
TYPE_CUSTOMDATASOURCE,
TYPE_INSTRUCTIONDECODER,
TYPE_BASESYMBOLRESOLVER,
TYPE_CUSTOMSYMBOLRESOLVER,
TYPE_BASEINSTRUCTIONFORMATTER,
TYPE_INTELINSTRUCTIONFORMATTER,
TYPE_CUSTOMINSTRUCTIONFORMATTER,
} ZyDisTypeId;
/* Context conversion helpers ================================================================== */
ZYDIS_INLINE struct _ZyDisBaseDataSource* ZyDisBaseDataSource_thiz(
ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_BASEDATASOURCE
|| ctx->d.type == TYPE_MEMORYDATASOURCE
|| ctx->d.type == TYPE_CUSTOMDATASOURCE);
return (struct _ZyDisBaseDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisBaseDataSource* ZyDisBaseDataSource_cthiz(
const ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_BASEDATASOURCE
|| ctx->d.type == TYPE_MEMORYDATASOURCE
|| ctx->d.type == TYPE_CUSTOMDATASOURCE);
return (const struct _ZyDisBaseDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisMemoryDataSource* ZyDisMemoryDataSource_thiz(
ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_MEMORYDATASOURCE);
return (struct _ZyDisMemoryDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisMemoryDataSource* ZyDisMemoryDataSource_cthiz(
const ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_MEMORYDATASOURCE);
return (const struct _ZyDisMemoryDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisCustomDataSource* ZyDisCustomDataSource_thiz(
ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMDATASOURCE);
return (struct _ZyDisCustomDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisCustomDataSource* ZyDisCustomDataSource_cthiz(
const ZyDisBaseDataSourceContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMDATASOURCE);
return (const struct _ZyDisCustomDataSource*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisInstructionDecoder* ZyDisInstructionDecoder_thiz(
ZyDisInstructionDecoderContext *ctx)
{
assert(ctx->d.type == TYPE_INSTRUCTIONDECODER);
return (struct _ZyDisInstructionDecoder*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisInstructionDecoder* ZyDisInstructionDecoder_cthiz(
const ZyDisInstructionDecoderContext *ctx)
{
assert(ctx->d.type == TYPE_INSTRUCTIONDECODER);
return (const struct _ZyDisInstructionDecoder*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisBaseSymbolResolver* ZyDisBaseSymbolResolver_thiz(
ZyDisBaseSymbolResolverContext *ctx)
{
assert(ctx->d.type == TYPE_BASESYMBOLRESOLVER
|| ctx->d.type == TYPE_CUSTOMSYMBOLRESOLVER);
return (struct _ZyDisBaseSymbolResolver*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisBaseSymbolResolver* ZyDisBaseSymbolResolver_cthiz(
const ZyDisBaseSymbolResolverContext *ctx)
{
assert(ctx->d.type == TYPE_BASESYMBOLRESOLVER
|| ctx->d.type == TYPE_CUSTOMSYMBOLRESOLVER);
return (const struct _ZyDisBaseSymbolResolver*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisCustomSymbolResolver* ZyDisCustomSymbolResolver_thiz(
ZyDisBaseSymbolResolverContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMSYMBOLRESOLVER);
return (struct _ZyDisCustomSymbolResolver*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisCustomSymbolResolver* ZyDisCustomSymbolResolver_cthiz(
const ZyDisBaseSymbolResolverContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMSYMBOLRESOLVER);
return (const struct _ZyDisCustomSymbolResolver*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisBaseInstructionFormatter* ZyDisBaseInstructionFormatter_thiz(
ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_BASEINSTRUCTIONFORMATTER
|| ctx->d.type == TYPE_INTELINSTRUCTIONFORMATTER
|| ctx->d.type == TYPE_CUSTOMINSTRUCTIONFORMATTER);
return (struct _ZyDisBaseInstructionFormatter*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisBaseInstructionFormatter* ZyDisBaseInstructionFormatter_cthiz(
const ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_BASEINSTRUCTIONFORMATTER
|| ctx->d.type == TYPE_INTELINSTRUCTIONFORMATTER
|| ctx->d.type == TYPE_CUSTOMINSTRUCTIONFORMATTER);
return (const struct _ZyDisBaseInstructionFormatter*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisIntelInstructionFormatter* ZyDisIntelInstructionFormatter_thiz(
ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_INTELINSTRUCTIONFORMATTER);
return (struct _ZyDisIntelInstructionFormatter*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisIntelInstructionFormatter* ZyDisIntelInstructionFormatter_cthiz(
const ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_INTELINSTRUCTIONFORMATTER);
return (const struct _ZyDisIntelInstructionFormatter*)ctx->d.ptr;
}
ZYDIS_INLINE struct _ZyDisCustomInstructionFormatter* ZyDisCustomInstructionFormatter_thiz(
ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMINSTRUCTIONFORMATTER);
return (struct _ZyDisCustomInstructionFormatter*)ctx->d.ptr;
}
ZYDIS_INLINE const struct _ZyDisCustomInstructionFormatter* ZyDisCustomInstructionFormatter_cthiz(
const ZyDisBaseInstructionFormatterContext *ctx)
{
assert(ctx->d.type == TYPE_CUSTOMINSTRUCTIONFORMATTER);
return (struct _ZyDisCustomInstructionFormatter*)ctx->d.ptr;
}
/* ============================================================================================= */
#endif /* _VDE_ZyDisINTERNALHELPERS_H_ */

9649
VerteronDisassemblerEngine/ZyDisOpcodeTable.c
View File

File diff suppressed because it is too large Load Diff

1504
VerteronDisassemblerEngine/ZyDisOpcodeTable.h
View File

File diff suppressed because it is too large Load Diff

313
VerteronDisassemblerEngine/ZyDisOpcodeTableInternal.h
View File

@ -1,313 +0,0 @@
/**************************************************************************************************
Verteron Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : athre0z
Last change : 19. March 2015
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
**************************************************************************************************/
#ifndef _VDE_ZyDisOPCODETABLEINTERNAL_H_
#define _VDE_ZyDisOPCODETABLEINTERNAL_H_
#include <stdint.h>
#include "ZyDisOpcodeTable.h"
/**
* @brief Contains all opcode tables.
* Indexed by the numeric value of the opcode.
*/
extern const ZyDisOpcodeTreeNode vxOptreeTable[][256];
/**
* @brief Contains all modrm_mod switch tables.
* Index values:
* 0 = [modrm_mod == !11]
* 1 = [modrm_mod == 11]
*/
extern const ZyDisOpcodeTreeNode vxOptreeModrmMod[][2];
/**
* @brief Contains all modrm_reg switch tables.
* Indexed by the numeric value of the modrm_reg field.
*/
extern const ZyDisOpcodeTreeNode vxOptreeModrmReg[][8];
/**
* @brief Contains all modrm_rm switch tables.
* Indexed by the numeric value of the modrm_rm field.
*/
extern const ZyDisOpcodeTreeNode vxOptreeModrmRm[][8];
/**
* @brief Contains all mandatory-prefix switch tables.
* Index values:
* 0 = none
* 1 = F2
* 2 = F3
* 3 = 66
*/
extern const ZyDisOpcodeTreeNode vxOptreeMandatory[][4];
/**
* @brief Contains all x87 opcode tables.
* Indexed by the numeric value of the 6 lowest bits of the modrm byte (modrm_mod should
* always be 11).
*/
extern const ZyDisOpcodeTreeNode vxOptreeX87[][64];
/**
* @brief Contains all address-size switch tables.
* Index values:
* 0 = 16
* 1 = 32
* 2 = 64
*/
extern const ZyDisOpcodeTreeNode vxOptreeAddressSize[][3];
/**
* @brief Contains all operand-size switch tables.
* Index values:
* 0 = 16
* 1 = 32
* 2 = 64
*/
extern const ZyDisOpcodeTreeNode vxOptreeOperandSize[][3];
/**
* @brief Contains all cpu-mode switch tables.
* Index values:
* 0 = [!= 64]
* 1 = 64
*/
extern const ZyDisOpcodeTreeNode vxOptreeMode[][2];
/**
* @brief Contains all vendor switch tables.
* Index values:
* 0 = AMD
* 1 = Intel
*/
extern const ZyDisOpcodeTreeNode vxOptreeVendor[][2];
/**
* @brief Contains all 3DNow! switch tables.
* Indexed by the numeric value of the 3DNow! opcode.
*/
extern const ZyDisOpcodeTreeNode vxOptree3dnow[][256];
/**
* @brief Contains all vex switch tables.
* Index values:
* 0 = none
* 1 = 0F
* 2 = 0F38
* 3 = 0F3A
* 4 = 66
* 5 = 66_0F
* 6 = 66_0F38
* 7 = 66_0F3A
* 8 = F3
* 9 = F3_0F
* A = F3_0F38
* B = F3_0F3A
* C = F2
* D = F2_0F
* E = F2_0F38
* F = F2_0F3A
*/
extern const ZyDisOpcodeTreeNode vxOptreeVex[][16];
/**
* @brief Contains all vex_w switch tables.
* Indexed by the numeric value of the vex_w field.
*/
extern const ZyDisOpcodeTreeNode vxOptreeVexW[][2];
/**
* @brief Contains all vex_l switch tables.
* Indexed by the numeric value of the vex_l field.
*/
extern const ZyDisOpcodeTreeNode vxOptreeVexL[][2];
/**
* @brief Contains all instruction definitions.
*/
extern const ZyDisInstructionDefinition vxInstrDefinitions[];
/**
* @brief Contains all instruction mnemonic strings.
*/
extern const char* vxInstrMnemonicStrings[];
/**
* @brief Returns the type of the specified opcode tree node.
* @param node The node.
* @return The type of the specified opcode tree node.
*/
ZYDIS_INLINE ZyDisOpcodeTreeNodeType ZyDisGetOpcodeNodeType(ZyDisOpcodeTreeNode node)
{
return (ZyDisOpcodeTreeNodeType)((node >> 12) & 0x0F);
}
/**
* @brief Returns the value of the specified opcode tree node.
* @param node The node.
* @return The value of the specified opcode tree node.
*/
ZYDIS_INLINE uint16_t ZyDisGetOpcodeNodeValue(ZyDisOpcodeTreeNode node)
{
return (node & 0x0FFF);
}
/**
* @brief Returns the root node of the opcode tree.
* @return The root node of the opcode tree.
*/
ZYDIS_INLINE ZyDisOpcodeTreeNode ZyDisGetOpcodeTreeRoot()
{
return 0x1000;
}
/**
* @brief Returns a child node of @c parent specified by @c index.
* @param parent The parent node.
* @param index The index of the child node to retrieve.
* @return The specified child node.
*/
ZYDIS_INLINE ZyDisOpcodeTreeNode ZyDisGetOpcodeTreeChild(ZyDisOpcodeTreeNode parent, uint16_t index)
{
ZyDisOpcodeTreeNodeType nodeType = ZyDisGetOpcodeNodeType(parent);
uint16_t tableIndex = ZyDisGetOpcodeNodeValue(parent);
switch (nodeType)
{
case OTNT_TABLE:
assert(index < 256);
return vxOptreeTable[tableIndex][index];
case OTNT_MODRM_MOD:
assert(index < 2);
return vxOptreeModrmMod[tableIndex][index];
case OTNT_MODRM_REG:
assert(index < 8);
return vxOptreeModrmReg[tableIndex][index];
case OTNT_MODRM_RM:
assert(index < 8);
return vxOptreeModrmRm[tableIndex][index];
case OTNT_MANDATORY:
assert(index < 4);
return vxOptreeMandatory[tableIndex][index];
case OTNT_X87:
assert(index < 64);
return vxOptreeX87[tableIndex][index];
case OTNT_ADDRESS_SIZE:
assert(index < 3);
return vxOptreeAddressSize[tableIndex][index];
case OTNT_OPERAND_SIZE:
assert(index < 3);
return vxOptreeOperandSize[tableIndex][index];
case OTNT_MODE:
assert(index < 2);
return vxOptreeMode[tableIndex][index];
case OTNT_VENDOR:
assert(index < 3);
return vxOptreeVendor[tableIndex][index];
case OTNT_AMD3DNOW:
assert(index < 256);
return vxOptree3dnow[tableIndex][index];
case OTNT_VEX:
assert(index < 16);
return vxOptreeVex[tableIndex][index];
case OTNT_VEXW:
assert(index < 2);
return vxOptreeVexW[tableIndex][index];
case OTNT_VEXL:
assert(index < 2);
return vxOptreeVexL[tableIndex][index];
default:
assert(0);
}
return 0xFFFF;
}
/**
* @brief Returns the instruction definition that is linked to the given @c node.
* @param node The instruction definition node.
* @return Pointer to the instruction definition.
*/
ZYDIS_INLINE const ZyDisInstructionDefinition* ZyDisGetInstructionDefinition(ZyDisOpcodeTreeNode node)
{
assert(ZyDisGetOpcodeNodeType(node) == OTNT_INSTRUCTION_DEFINITION);
return &vxInstrDefinitions[node & 0x0FFF];
}
/**
* @brief Returns the specified instruction mnemonic string.
* @param mnemonic The mnemonic.
* @return The instruction mnemonic string.
*/
ZYDIS_INLINE const char* ZyDisGetInstructionMnemonicString(ZyDisInstructionMnemonic mnemonic)
{
return vxInstrMnemonicStrings[(uint16_t)mnemonic];
}
/**
* @brief Returns the numeric value for a simple operand size definition.
* @param operandSize The defined operand size.
* @return The the numeric value for the simple operand size definition.
*/
ZYDIS_INLINE uint16_t ZyDisGetSimpleOperandSize(ZyDisDefinedOperandSize operandSize)
{
static const uint16_t operandSizes[8] =
{
8, 16, 32, 64, 80, 12, 128, 256
};
uint16_t index = (uint16_t)(operandSize - DOS_B);
assert(index < 8);
return operandSizes[index];
}
/**
* @brief Returns the memory-size part of a complex operand size definition.
* @param operandSize The defined operand size.
* @return The memory-size part of the operand size definition.
*/
ZYDIS_INLINE ZyDisDefinedOperandSize ZyDisGetComplexOperandMemSize(ZyDisDefinedOperandSize operandSize)
{
return (ZyDisDefinedOperandSize)(operandSize & 0x0F);
}
/**
* @brief Returns the register-size part of a complex operand size definition.
* @param operandSize The defined operand size.
* @return The register-size part of the operand size definition.
*/
ZYDIS_INLINE ZyDisDefinedOperandSize ZyDisGetComplexOperandRegSize(ZyDisDefinedOperandSize operandSize)
{
return (ZyDisDefinedOperandSize)((operandSize >> 4) & 0x0F);
}
#endif // _VDE_ZyDisOPCODETABLEINTERNAL_H_

23
Bindings/Cpp/ZyDisDisassembler.hpp → Zydis/Zydis.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 29. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,11 +26,14 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once #ifndef _ZYDIS_DISASSEMBLER_HPP_
#define _ZYDIS_DISASSEMBLER_HPP_
#include "ZyDisDisassemblerTypes.hpp" #include "ZydisInstructionDecoder.hpp"
#include "ZyDisInstructionDecoder.hpp" #include "ZydisInstructionFormatter.hpp"
#include "ZyDisInstructionFormatter.hpp" #include "ZydisSymbolResolver.hpp"
#include "ZyDisDisassemblerUtils.hpp" #include "ZydisUtils.hpp"
#endif /*_ZYDIS_DISASSEMBLER_HPP_ */

561
Bindings/Cpp/ZyDisInstructionDecoder.cpp → Zydis/ZydisInstructionDecoder.cpp
View File

File diff suppressed because it is too large Load Diff

236
Bindings/Cpp/ZyDisInstructionDecoder.hpp → Zydis/ZydisInstructionDecoder.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 29. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,22 +26,24 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once
#ifndef _ZYDIS_INSTRUCTIONDECODER_HPP_
#define _ZYDIS_INSTRUCTIONDECODER_HPP_
#include <type_traits> #include <type_traits>
#include <istream> #include <istream>
#include "ZyDisDisassemblerTypes.hpp" #include "ZydisTypes.hpp"
namespace Verteron namespace Zydis
{ {
/////////////////////////////////////////////////////////////////////////////////////////////////// /* BaseInput ==================================================================================== */
/** /**
* @brief The base class for all data-source implementations. * @brief The base class for all data-source implementations.
*/ */
class ZyDisBaseDataSource class BaseInput
{ {
private: private:
uint8_t m_currentInput; uint8_t m_currentInput;
@ -66,12 +66,12 @@ protected:
/** /**
* @brief Default constructor. * @brief Default constructor.
*/ */
ZyDisBaseDataSource() { }; BaseInput() { };
public: public:
/** /**
* @brief Destructor. * @brief Destructor.
*/ */
virtual ~ZyDisBaseDataSource() { }; virtual ~BaseInput() { };
public: public:
/** /**
* @brief Reads the next byte from the data source. This method does NOT increase the * @brief Reads the next byte from the data source. This method does NOT increase the
@ -81,7 +81,7 @@ public:
* @c flags field of the @c info parameter for error flags. * @c flags field of the @c info parameter for error flags.
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
uint8_t inputPeek(ZyDisInstructionInfo &info); uint8_t inputPeek(InstructionInfo& info);
/** /**
* @brief Reads the next byte from the data source. This method increases the current * @brief Reads the next byte from the data source. This method increases the current
* input position and the @c length field of the @c info parameter. * input position and the @c length field of the @c info parameter.
@ -92,7 +92,7 @@ public:
* @c flags field of the @c info parameter for error flags. * @c flags field of the @c info parameter for error flags.
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
uint8_t inputNext(ZyDisInstructionInfo &info); uint8_t inputNext(InstructionInfo& info);
/** /**
* @brief Reads the next byte(s) from the data source. This method increases the current * @brief Reads the next byte(s) from the data source. This method increases the current
* input position and the @c length field of the @c info parameter. * input position and the @c length field of the @c info parameter.
@ -104,7 +104,7 @@ public:
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
template <typename T> template <typename T>
T inputNext(ZyDisInstructionInfo &info); T inputNext(InstructionInfo& info);
/** /**
* @brief Returns the current input byte. The current input byte is set everytime the * @brief Returns the current input byte. The current input byte is set everytime the
* @c inputPeek or @c inputNext method is called. * @c inputPeek or @c inputNext method is called.
@ -133,7 +133,7 @@ public:
virtual bool setPosition(uint64_t position) = 0; virtual bool setPosition(uint64_t position) = 0;
}; };
inline uint8_t ZyDisBaseDataSource::inputPeek(ZyDisInstructionInfo &info) inline uint8_t BaseInput::inputPeek(InstructionInfo& info)
{ {
if (info.length == 15) if (info.length == 15)
{ {
@ -149,7 +149,7 @@ inline uint8_t ZyDisBaseDataSource::inputPeek(ZyDisInstructionInfo &info)
return m_currentInput; return m_currentInput;
} }
inline uint8_t ZyDisBaseDataSource::inputNext(ZyDisInstructionInfo &info) inline uint8_t BaseInput::inputNext(InstructionInfo& info)
{ {
if (info.length == 15) if (info.length == 15)
{ {
@ -168,7 +168,7 @@ inline uint8_t ZyDisBaseDataSource::inputNext(ZyDisInstructionInfo &info)
} }
template <typename T> template <typename T>
inline T ZyDisBaseDataSource::inputNext(ZyDisInstructionInfo &info) inline T BaseInput::inputNext(InstructionInfo& info)
{ {
static_assert(std::is_integral<T>::value, "integral type required"); static_assert(std::is_integral<T>::value, "integral type required");
T result = 0; T result = 0;
@ -184,17 +184,17 @@ inline T ZyDisBaseDataSource::inputNext(ZyDisInstructionInfo &info)
return result; return result;
} }
inline uint8_t ZyDisBaseDataSource::inputCurrent() const inline uint8_t BaseInput::inputCurrent() const
{ {
return m_currentInput; return m_currentInput;
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* MemoryInput ================================================================================== */
/** /**
* @brief A memory-buffer based data source for the @c ZyDisInstructionDecoder class. * @brief A memory-buffer based data source for the @c InstructionDecoder class.
*/ */
class ZyDisMemoryDataSource : public ZyDisBaseDataSource class MemoryInput : public BaseInput
{ {
private: private:
const void* m_inputBuffer; const void* m_inputBuffer;
@ -219,7 +219,7 @@ public:
* @param buffer The input buffer. * @param buffer The input buffer.
* @param bufferLen The length of the input buffer. * @param bufferLen The length of the input buffer.
*/ */
ZyDisMemoryDataSource(const void* buffer, size_t bufferLen) MemoryInput(const void* buffer, size_t bufferLen)
: m_inputBuffer(buffer) : m_inputBuffer(buffer)
, m_inputBufferLen(bufferLen) , m_inputBufferLen(bufferLen)
, m_inputBufferPos(0) { }; , m_inputBufferPos(0) { };
@ -242,39 +242,39 @@ public:
bool setPosition(uint64_t position) override; bool setPosition(uint64_t position) override;
}; };
inline uint8_t ZyDisMemoryDataSource::internalInputPeek() inline uint8_t MemoryInput::internalInputPeek()
{ {
return *(static_cast<const uint8_t*>(m_inputBuffer) + m_inputBufferPos); return *(static_cast<const uint8_t*>(m_inputBuffer) + m_inputBufferPos);
} }
inline uint8_t ZyDisMemoryDataSource::internalInputNext() inline uint8_t MemoryInput::internalInputNext()
{ {
++m_inputBufferPos; ++m_inputBufferPos;
return *(static_cast<const uint8_t*>(m_inputBuffer) + m_inputBufferPos - 1); return *(static_cast<const uint8_t*>(m_inputBuffer) + m_inputBufferPos - 1);
} }
inline bool ZyDisMemoryDataSource::isEndOfInput() const inline bool MemoryInput::isEndOfInput() const
{ {
return (m_inputBufferPos >= m_inputBufferLen); return (m_inputBufferPos >= m_inputBufferLen);
} }
inline uint64_t ZyDisMemoryDataSource::getPosition() const inline uint64_t MemoryInput::getPosition() const
{ {
return m_inputBufferPos; return m_inputBufferPos;
} }
inline bool ZyDisMemoryDataSource::setPosition(uint64_t position) inline bool MemoryInput::setPosition(uint64_t position)
{ {
m_inputBufferPos = position; m_inputBufferPos = position;
return isEndOfInput(); return isEndOfInput();
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* StreamInput ================================================================================== */
/** /**
* @brief A stream based data source for the @c ZyDisInstructionDecoder class. * @brief A stream based data source for the @c InstructionDecoder class.
*/ */
class ZyDisStreamDataSource : public ZyDisBaseDataSource class StreamInput : public BaseInput
{ {
private: private:
std::istream* m_inputStream; std::istream* m_inputStream;
@ -296,7 +296,7 @@ public:
* @brief Constructor. * @brief Constructor.
* @param stream The input stream. * @param stream The input stream.
*/ */
explicit ZyDisStreamDataSource(std::istream *stream) explicit StreamInput(std::istream* stream)
: m_inputStream(stream) { }; : m_inputStream(stream) { };
public: public:
/** /**
@ -317,7 +317,7 @@ public:
bool setPosition(uint64_t position) override; bool setPosition(uint64_t position) override;
}; };
inline uint8_t ZyDisStreamDataSource::internalInputPeek() inline uint8_t StreamInput::internalInputPeek()
{ {
if (!m_inputStream) if (!m_inputStream)
{ {
@ -326,7 +326,7 @@ inline uint8_t ZyDisStreamDataSource::internalInputPeek()
return static_cast<uint8_t>(m_inputStream->peek()); return static_cast<uint8_t>(m_inputStream->peek());
} }
inline uint8_t ZyDisStreamDataSource::internalInputNext() inline uint8_t StreamInput::internalInputNext()
{ {
if (!m_inputStream) if (!m_inputStream)
{ {
@ -335,7 +335,7 @@ inline uint8_t ZyDisStreamDataSource::internalInputNext()
return static_cast<uint8_t>(m_inputStream->get()); return static_cast<uint8_t>(m_inputStream->get());
} }
inline bool ZyDisStreamDataSource::isEndOfInput() const inline bool StreamInput::isEndOfInput() const
{ {
if (!m_inputStream) if (!m_inputStream)
{ {
@ -346,7 +346,7 @@ inline bool ZyDisStreamDataSource::isEndOfInput() const
return !m_inputStream->good(); return !m_inputStream->good();
} }
inline uint64_t ZyDisStreamDataSource::getPosition() const inline uint64_t StreamInput::getPosition() const
{ {
if (!m_inputStream) if (!m_inputStream)
{ {
@ -355,7 +355,7 @@ inline uint64_t ZyDisStreamDataSource::getPosition() const
return m_inputStream->tellg(); return m_inputStream->tellg();
} }
inline bool ZyDisStreamDataSource::setPosition(uint64_t position) inline bool StreamInput::setPosition(uint64_t position)
{ {
if (!m_inputStream) if (!m_inputStream)
{ {
@ -365,12 +365,12 @@ inline bool ZyDisStreamDataSource::setPosition(uint64_t position)
return isEndOfInput(); return isEndOfInput();
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* Enums ======================================================================================== */
/** /**
* @brief Values that represent a disassembler mode. * @brief Values that represent a disassembler mode.
*/ */
enum class ZyDisDisassemblerMode : uint8_t enum class DisassemblerMode : uint8_t
{ {
M16BIT, M16BIT,
M32BIT, M32BIT,
@ -380,18 +380,20 @@ enum class ZyDisDisassemblerMode : uint8_t
/** /**
* @brief Values that represent an instruction-set vendor. * @brief Values that represent an instruction-set vendor.
*/ */
enum class ZyDisInstructionSetVendor : uint8_t enum class InstructionSetVendor : uint8_t
{ {
ANY, ANY,
INTEL, INTEL,
AMD AMD
}; };
/* InstructionDecoder =========================================================================== */
/** /**
* @brief The @c ZyDisInstructionDecoder class decodes x86/x86-64 assembly instructions from a * @brief The @c InstructionDecoder class decodes x86/x86-64 assembly instructions from a
* given data source. * given data source.
*/ */
class ZyDisInstructionDecoder class InstructionDecoder
{ {
private: private:
enum class RegisterClass : uint8_t enum class RegisterClass : uint8_t
@ -404,9 +406,9 @@ private:
XMM XMM
}; };
private: private:
ZyDisBaseDataSource *m_dataSource; BaseInput* m_input;
ZyDisDisassemblerMode m_disassemblerMode; DisassemblerMode m_disassemblerMode;
ZyDisInstructionSetVendor m_preferredVendor; InstructionSetVendor m_preferredVendor;
uint64_t m_instructionPointer; uint64_t m_instructionPointer;
private: private:
/** /**
@ -417,7 +419,7 @@ private:
* @c flags field of the @c info parameter for error flags. * @c flags field of the @c info parameter for error flags.
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
uint8_t inputPeek(ZyDisInstructionInfo &info); uint8_t inputPeek(InstructionInfo& info);
/** /**
* @brief Reads the next byte from the data source. This method increases the current * @brief Reads the next byte from the data source. This method increases the current
* input position and the @c length field of the @info parameter. * input position and the @c length field of the @info parameter.
@ -428,7 +430,7 @@ private:
* @c flags field of the @c info parameter for error flags. * @c flags field of the @c info parameter for error flags.
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
uint8_t inputNext(ZyDisInstructionInfo &info); uint8_t inputNext(InstructionInfo& info);
/** /**
* @brief Reads the next byte(s) from the data source. This method increases the current * @brief Reads the next byte(s) from the data source. This method increases the current
* input position and the @c length field of the @info parameter. * input position and the @c length field of the @info parameter.
@ -440,7 +442,7 @@ private:
* Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH. * Possible error values are @c IF_ERROR_END_OF_INPUT or @c IF_ERROR_LENGTH.
*/ */
template <typename T> template <typename T>
T inputNext(ZyDisInstructionInfo &info); T inputNext(InstructionInfo& info);
/** /**
* @brief Returns the current input byte. The current input byte is set everytime the * @brief Returns the current input byte. The current input byte is set everytime the
* @c inputPeek or @c inputNext method is called. * @c inputPeek or @c inputNext method is called.
@ -451,64 +453,64 @@ private:
/** /**
* @brief Decodes a register operand. * @brief Decodes a register operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The @c ZyDisOperandInfo struct that receives the decoded data. * @param operand The @c OperandInfo struct that receives the decoded data.
* @param registerClass The register class to use. * @param registerClass The register class to use.
* @param registerId The register id. * @param registerId The register id.
* @param operandSize The defined size of the operand. * @param operandSize The defined size of the operand.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeRegisterOperand(ZyDisInstructionInfo &info, ZyDisOperandInfo &operand, bool decodeRegisterOperand(InstructionInfo& info, OperandInfo& operand,
RegisterClass registerClass, uint8_t registerId, ZyDisDefinedOperandSize operandSize) const; RegisterClass registerClass, uint8_t registerId, DefinedOperandSize operandSize) const;
/** /**
* @brief Decodes a register/memory operand. * @brief Decodes a register/memory operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The @c ZyDisOperandInfo struct that receives the decoded data. * @param operand The @c OperandInfo struct that receives the decoded data.
* @param registerClass The register class to use. * @param registerClass The register class to use.
* @param operandSize The defined size of the operand. * @param operandSize The defined size of the operand.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeRegisterMemoryOperand(ZyDisInstructionInfo &info, ZyDisOperandInfo &operand, bool decodeRegisterMemoryOperand(InstructionInfo& info, OperandInfo& operand,
RegisterClass registerClass, ZyDisDefinedOperandSize operandSize); RegisterClass registerClass, DefinedOperandSize operandSize);
/** /**
* @brief Decodes an immediate operand. * @brief Decodes an immediate operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The @c ZyDisOperandInfo struct that receives the decoded data. * @param operand The @c OperandInfo struct that receives the decoded data.
* @param operandSize The defined size of the operand. * @param operandSize The defined size of the operand.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeImmediate(ZyDisInstructionInfo &info, ZyDisOperandInfo &operand, bool decodeImmediate(InstructionInfo& info, OperandInfo& operand,
ZyDisDefinedOperandSize operandSize); DefinedOperandSize operandSize);
/** /**
* @brief Decodes a displacement operand. * @brief Decodes a displacement operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The @c ZyDisOperandInfo struct that receives the decoded data. * @param operand The @c OperandInfo struct that receives the decoded data.
* @param size The size of the displacement data. * @param size The size of the displacement data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeDisplacement(ZyDisInstructionInfo &info, ZyDisOperandInfo &operand, uint8_t size); bool decodeDisplacement(InstructionInfo& info, OperandInfo& operand, uint8_t size);
private: private:
/** /**
* @brief Decodes the modrm field of the instruction. This method reads an additional * @brief Decodes the modrm field of the instruction. This method reads an additional
* input byte. * input byte.
* @param The @c ZyDisInstructionInfo struct that receives the decoded data. * @param The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeModrm(ZyDisInstructionInfo &info); bool decodeModrm(InstructionInfo& info);
/** /**
* @brief Decodes the sib field of the instruction. This method reads an additional * @brief Decodes the sib field of the instruction. This method reads an additional
* input byte. * input byte.
* @param info The @c ZyDisInstructionInfo struct that receives the decoded data. * @param info The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeSIB(ZyDisInstructionInfo &info); bool decodeSIB(InstructionInfo& info);
/** /**
* @brief Decodes vex prefix of the instruction. This method takes the current input byte * @brief Decodes vex prefix of the instruction. This method takes the current input byte
* to determine the vex prefix type and reads one or two additional input bytes * to determine the vex prefix type and reads one or two additional input bytes
* on demand. * on demand.
* @param info The @c ZyDisInstructionInfo struct that receives the decoded data. * @param info The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeVex(ZyDisInstructionInfo &info); bool decodeVex(InstructionInfo& info);
private: private:
/** /**
* @brief Returns the effective operand size. * @brief Returns the effective operand size.
@ -516,59 +518,59 @@ private:
* @param operandSize The defined operand size. * @param operandSize The defined operand size.
* @return The effective operand size. * @return The effective operand size.
*/ */
uint16_t getEffectiveOperandSize(const ZyDisInstructionInfo &info, uint16_t getEffectiveOperandSize(const InstructionInfo& info,
ZyDisDefinedOperandSize operandSize) const; DefinedOperandSize operandSize) const;
/** /**
* @brief Decodes all instruction operands. * @brief Decodes all instruction operands.
* @param info The @c ZyDisInstructionInfo struct that receives the decoded data. * @param info The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeOperands(ZyDisInstructionInfo &info); bool decodeOperands(InstructionInfo& info);
/** /**
* @brief Decodes the specified instruction operand. * @brief Decodes the specified instruction operand.
* @param info The instruction info. * @param info The instruction info.
* @param operand The @c ZyDisOperandInfo struct that receives the decoded data. * @param operand The @c OperandInfo struct that receives the decoded data.
* @param operandType The defined type of the operand. * @param operandType The defined type of the operand.
* @param operandSize The defined size of the operand. * @param operandSize The defined size of the operand.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeOperand(ZyDisInstructionInfo &info, ZyDisOperandInfo &operand, bool decodeOperand(InstructionInfo& info, OperandInfo& operand,
ZyDisDefinedOperandType operandType, ZyDisDefinedOperandSize operandSize); DefinedOperandType operandType, DefinedOperandSize operandSize);
private: private:
/** /**
* @brief Resolves the effective operand and address mode of the instruction. * @brief Resolves the effective operand and address mode of the instruction.
* This method requires a non-null value in the @c instrDefinition field of the * This method requires a non-null value in the @c instrDefinition field of the
* @c info struct. * @c info struct.
* @param info The @c ZyDisInstructionInfo struct that receives the effective operand and * @param info The @c InstructionInfo struct that receives the effective operand and
* address mode. * address mode.
*/ */
void resolveOperandAndAddressMode(ZyDisInstructionInfo &info) const; void resolveOperandAndAddressMode(InstructionInfo& info) const;
/** /**
* @brief Calculates the effective REX/VEX.w, r, x, b, l values. * @brief Calculates the effective REX/VEX.w, r, x, b, l values.
* This method requires a non-null value in the @c instrDefinition field of the * This method requires a non-null value in the @c instrDefinition field of the
* @c info struct. * @c info struct.
* @param info The @c ZyDisInstructionInfo struct that receives the effective operand and * @param info The @c InstructionInfo struct that receives the effective operand and
* address mode. * address mode.
*/ */
void calculateEffectiveRexVexValues(ZyDisInstructionInfo &info) const; void calculateEffectiveRexVexValues(InstructionInfo& info) const;
private: private:
/** /**
* @brief Collects and decodes optional instruction prefixes. * @brief Collects and decodes optional instruction prefixes.
* @param info The @c ZyDisInstructionInfo struct that receives the decoded data. * @param info The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodePrefixes(ZyDisInstructionInfo &info); bool decodePrefixes(InstructionInfo& info);
/** /**
* @brief Collects and decodes the instruction opcodes using the opcode tree. * @brief Collects and decodes the instruction opcodes using the opcode tree.
* @param info The @c ZyDisInstructionInfo struct that receives the decoded data. * @param info The @c InstructionInfo struct that receives the decoded data.
* @return True if it succeeds, false if it fails. * @return True if it succeeds, false if it fails.
*/ */
bool decodeOpcode(ZyDisInstructionInfo &info); bool decodeOpcode(InstructionInfo& info);
public: public:
/** /**
* @brief Default constructor. * @brief Default constructor.
*/ */
ZyDisInstructionDecoder(); InstructionDecoder();
/** /**
* @brief Constructor. * @brief Constructor.
* @param input A reference to the input data source. * @param input A reference to the input data source.
@ -576,51 +578,51 @@ public:
* @param preferredVendor The preferred instruction-set vendor. * @param preferredVendor The preferred instruction-set vendor.
* @param instructionPointer The initial instruction pointer. * @param instructionPointer The initial instruction pointer.
*/ */
explicit ZyDisInstructionDecoder(ZyDisBaseDataSource *input, explicit InstructionDecoder(BaseInput* input,
ZyDisDisassemblerMode disassemblerMode = ZyDisDisassemblerMode::M32BIT, DisassemblerMode disassemblerMode = DisassemblerMode::M32BIT,
ZyDisInstructionSetVendor preferredVendor = ZyDisInstructionSetVendor::ANY, InstructionSetVendor preferredVendor = InstructionSetVendor::ANY,
uint64_t instructionPointer = 0); uint64_t instructionPointer = 0);
public: public:
/** /**
* @brief Decodes the next instruction from the input data source. * @brief Decodes the next instruction from the input data source.
* @param info The @c ZyDisInstructionInfo struct that receives the information about the * @param info The @c InstructionInfo struct that receives the information about the
* decoded instruction. * decoded instruction.
* @return This method returns false, if the current position has exceeded the maximum input * @return This method returns false, if the current position has exceeded the maximum input
* length. * length.
* In all other cases (valid and invalid instructions) the return value is true. * In all other cases (valid and invalid instructions) the return value is true.
*/ */
bool decodeInstruction(ZyDisInstructionInfo &info); bool decodeInstruction(InstructionInfo& info);
public: public:
/** /**
* @brief Returns a pointer to the current data source. * @brief Returns a pointer to the current data source.
* @return A pointer to the current data source. * @return A pointer to the current data source.
*/ */
ZyDisBaseDataSource* getDataSource() const; BaseInput* getDataSource() const;
/** /**
* @brief Sets a new data source. * @brief Sets a new data source.
* @param input A reference to the new input data source. * @param input A reference to the new input data source.
*/ */
void setDataSource(ZyDisBaseDataSource *input); void setDataSource(BaseInput* input);
/** /**
* @brief Returns the current disassembler mode. * @brief Returns the current disassembler mode.
* @return The current disassembler mode. * @return The current disassembler mode.
*/ */
ZyDisDisassemblerMode getDisassemblerMode() const; DisassemblerMode getDisassemblerMode() const;
/** /**
* @brief Sets the current disassembler mode. * @brief Sets the current disassembler mode.
* @param disassemblerMode The new disassembler mode. * @param disassemblerMode The new disassembler mode.
*/ */
void setDisassemblerMode(ZyDisDisassemblerMode disassemblerMode); void setDisassemblerMode(DisassemblerMode disassemblerMode);
/** /**
* @brief Returns the preferred instruction-set vendor. * @brief Returns the preferred instruction-set vendor.
* @return The preferred instruction-set vendor. * @return The preferred instruction-set vendor.
*/ */
ZyDisInstructionSetVendor getPreferredVendor() const; InstructionSetVendor getPreferredVendor() const;
/** /**
* @brief Sets the preferred instruction-set vendor. * @brief Sets the preferred instruction-set vendor.
* @param preferredVendor The new preferred instruction-set vendor. * @param preferredVendor The new preferred instruction-set vendor.
*/ */
void setPreferredVendor(ZyDisInstructionSetVendor preferredVendor); void setPreferredVendor(InstructionSetVendor preferredVendor);
/** /**
* @brief Returns the current instruction pointer. * @brief Returns the current instruction pointer.
* @return The current instruction pointer. * @return The current instruction pointer.
@ -633,86 +635,88 @@ public:
void setInstructionPointer(uint64_t instructionPointer); void setInstructionPointer(uint64_t instructionPointer);
}; };
inline uint8_t ZyDisInstructionDecoder::inputPeek(ZyDisInstructionInfo &info) inline uint8_t InstructionDecoder::inputPeek(InstructionInfo& info)
{ {
if (!m_dataSource) if (!m_input)
{ {
info.flags |= IF_ERROR_END_OF_INPUT; info.flags |= IF_ERROR_END_OF_INPUT;
return 0; return 0;
} }
return m_dataSource->inputPeek(info); return m_input->inputPeek(info);
} }
inline uint8_t ZyDisInstructionDecoder::inputNext(ZyDisInstructionInfo &info) inline uint8_t InstructionDecoder::inputNext(InstructionInfo& info)
{ {
if (!m_dataSource) if (!m_input)
{ {
info.flags |= IF_ERROR_END_OF_INPUT; info.flags |= IF_ERROR_END_OF_INPUT;
return 0; return 0;
} }
return m_dataSource->inputNext(info); return m_input->inputNext(info);
} }
template <typename T> template <typename T>
inline T ZyDisInstructionDecoder::inputNext(ZyDisInstructionInfo &info) inline T InstructionDecoder::inputNext(InstructionInfo& info)
{ {
if (!m_dataSource) if (!m_input)
{ {
info.flags |= IF_ERROR_END_OF_INPUT; info.flags |= IF_ERROR_END_OF_INPUT;
return 0; return 0;
} }
return m_dataSource->inputNext<T>(info); return m_input->inputNext<T>(info);
} }
inline uint8_t ZyDisInstructionDecoder::inputCurrent() const inline uint8_t InstructionDecoder::inputCurrent() const
{ {
if (!m_dataSource) if (!m_input)
{ {
return 0; return 0;
} }
return m_dataSource->inputCurrent(); return m_input->inputCurrent();
} }
inline ZyDisBaseDataSource* ZyDisInstructionDecoder::getDataSource() const inline BaseInput *InstructionDecoder::getDataSource() const
{ {
return m_dataSource; return m_input;
} }
inline void ZyDisInstructionDecoder::setDataSource(ZyDisBaseDataSource *input) inline void InstructionDecoder::setDataSource(BaseInput* input)
{ {
m_dataSource = input; m_input = input;
} }
inline ZyDisDisassemblerMode ZyDisInstructionDecoder::getDisassemblerMode() const inline DisassemblerMode InstructionDecoder::getDisassemblerMode() const
{ {
return m_disassemblerMode; return m_disassemblerMode;
} }
inline void ZyDisInstructionDecoder::setDisassemblerMode(ZyDisDisassemblerMode disassemblerMode) inline void InstructionDecoder::setDisassemblerMode(DisassemblerMode disassemblerMode)
{ {
m_disassemblerMode = disassemblerMode; m_disassemblerMode = disassemblerMode;
} }
inline ZyDisInstructionSetVendor ZyDisInstructionDecoder::getPreferredVendor() const inline InstructionSetVendor InstructionDecoder::getPreferredVendor() const
{ {
return m_preferredVendor; return m_preferredVendor;
} }
inline void ZyDisInstructionDecoder::setPreferredVendor(ZyDisInstructionSetVendor preferredVendor) inline void InstructionDecoder::setPreferredVendor(InstructionSetVendor preferredVendor)
{ {
m_preferredVendor = preferredVendor; m_preferredVendor = preferredVendor;
} }
inline uint64_t ZyDisInstructionDecoder::getInstructionPointer() const inline uint64_t InstructionDecoder::getInstructionPointer() const
{ {
return m_instructionPointer; return m_instructionPointer;
} }
inline void ZyDisInstructionDecoder::setInstructionPointer(uint64_t instructionPointer) inline void InstructionDecoder::setInstructionPointer(uint64_t instructionPointer)
{ {
m_instructionPointer = instructionPointer; m_instructionPointer = instructionPointer;
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* ============================================================================================== */
} }
#endif /* _ZYDIS_INSTRUCTIONDECODER_HPP_ */

226
Bindings/Cpp/ZyDisInstructionFormatter.cpp → Zydis/ZydisInstructionFormatter.cpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 22. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,34 +26,20 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#include "ZyDisInstructionFormatter.hpp"
#include "ZyDisDisassemblerUtils.hpp" #include "ZydisInstructionFormatter.hpp"
#include "ZydisUtils.hpp"
#include <cstdarg> #include <cstdarg>
#include <cctype> #include <cctype>
#include <cstring>
#include <cstdio> #include <cstdio>
#include <string>
namespace Verteron namespace Zydis
{ {
/////////////////////////////////////////////////////////////////////////////////////////////////// /* BaseInstructionFormatter ================================================================ */
ZyDisBaseSymbolResolver::~ZyDisBaseSymbolResolver() const char *BaseInstructionFormatter::m_registerStrings[] =
{
}
const char* ZyDisBaseSymbolResolver::resolveSymbol(const ZyDisInstructionInfo &info, uint64_t address,
uint64_t &offset)
{
return nullptr;
}
///////////////////////////////////////////////////////////////////////////////////////////////////
const char* ZyDisBaseInstructionFormatter::m_registerStrings[] =
{ {
/* 8 bit general purpose registers */ /* 8 bit general purpose registers */
"al", "cl", "dl", "bl", "al", "cl", "dl", "bl",
@ -111,12 +95,12 @@ const char* ZyDisBaseInstructionFormatter::m_registerStrings[] =
"rip" "rip"
}; };
void ZyDisBaseInstructionFormatter::internalFormatInstruction(const ZyDisInstructionInfo &info) void BaseInstructionFormatter::internalFormatInstruction(const InstructionInfo& /*info*/)
{ {
// Nothing to do here // Nothing to do here
} }
ZyDisBaseInstructionFormatter::ZyDisBaseInstructionFormatter() BaseInstructionFormatter::BaseInstructionFormatter()
: m_symbolResolver(nullptr) : m_symbolResolver(nullptr)
, m_outputStringLen(0) , m_outputStringLen(0)
, m_outputUppercase(false) , m_outputUppercase(false)
@ -124,7 +108,8 @@ ZyDisBaseInstructionFormatter::ZyDisBaseInstructionFormatter()
} }
ZyDisBaseInstructionFormatter::ZyDisBaseInstructionFormatter(ZyDisBaseSymbolResolver *symbolResolver) BaseInstructionFormatter::BaseInstructionFormatter(
BaseSymbolResolver *symbolResolver)
: m_symbolResolver(symbolResolver) : m_symbolResolver(symbolResolver)
, m_outputStringLen(0) , m_outputStringLen(0)
, m_outputUppercase(false) , m_outputUppercase(false)
@ -132,7 +117,7 @@ ZyDisBaseInstructionFormatter::ZyDisBaseInstructionFormatter(ZyDisBaseSymbolReso
} }
const char* ZyDisBaseInstructionFormatter::formatInstruction(const ZyDisInstructionInfo &info) const char *BaseInstructionFormatter::formatInstruction(const InstructionInfo& info)
{ {
// Clears the internal string buffer // Clears the internal string buffer
outputClear(); outputClear();
@ -141,28 +126,28 @@ const char* ZyDisBaseInstructionFormatter::formatInstruction(const ZyDisInstruct
if (m_outputBuffer.size() == 0) if (m_outputBuffer.size() == 0)
{ {
// The basic instruction formatter only returns the instruction menmonic. // The basic instruction formatter only returns the instruction menmonic.
return Internal::VDEGetInstructionMnemonicString(info.mnemonic); return Internal::GetInstructionMnemonicString(info.mnemonic);
} }
// Return the formatted instruction string // Return the formatted instruction string
return outputString(); return outputString();
} }
ZyDisBaseInstructionFormatter::~ZyDisBaseInstructionFormatter() BaseInstructionFormatter::~BaseInstructionFormatter()
{ {
} }
void ZyDisBaseInstructionFormatter::outputClear() void BaseInstructionFormatter::outputClear()
{ {
m_outputStringLen = 0; m_outputStringLen = 0;
} }
char const* ZyDisBaseInstructionFormatter::outputString() char const *BaseInstructionFormatter::outputString()
{ {
return& m_outputBuffer[0]; return& m_outputBuffer[0];
} }
void ZyDisBaseInstructionFormatter::outputAppend(char const *text) void BaseInstructionFormatter::outputAppend(char const *text)
{ {
// Get the string length including the null-terminator char // Get the string length including the null-terminator char
size_t strLen = strlen(text) + 1; size_t strLen = strlen(text) + 1;
@ -191,7 +176,7 @@ char const* ZyDisBaseInstructionFormatter::outputString()
} }
} }
void ZyDisBaseInstructionFormatter::outputAppendFormatted(char const *format, ...) void BaseInstructionFormatter::outputAppendFormatted(char const *format, ...)
{ {
va_list arguments; va_list arguments;
va_start(arguments, format); va_start(arguments, format);
@ -218,7 +203,7 @@ char const* ZyDisBaseInstructionFormatter::outputString()
// Write the formatted text to the output buffer // Write the formatted text to the output buffer
assert((bufLen - offset) > 0); assert((bufLen - offset) > 0);
strLen = strLen =
std::vsnprintf(&m_outputBuffer[offset], bufLen - offset, format, arguments); vsnprintf_s(&m_outputBuffer[offset], bufLen - offset, _TRUNCATE, format, arguments);
} while (strLen < 0); } while (strLen < 0);
// Increase the string length // Increase the string length
m_outputStringLen = offset + strLen + 1; m_outputStringLen = offset + strLen + 1;
@ -233,7 +218,7 @@ char const* ZyDisBaseInstructionFormatter::outputString()
va_end(arguments); va_end(arguments);
} }
void ZyDisBaseInstructionFormatter::outputAppendAddress(const ZyDisInstructionInfo &info, void BaseInstructionFormatter::outputAppendAddress(const InstructionInfo& info,
uint64_t address, bool resolveSymbols) uint64_t address, bool resolveSymbols)
{ {
uint64_t offset = 0; uint64_t offset = 0;
@ -269,10 +254,10 @@ void ZyDisBaseInstructionFormatter::outputAppendAddress(const ZyDisInstructionIn
} }
} }
void ZyDisBaseInstructionFormatter::outputAppendImmediate(const ZyDisInstructionInfo &info, void BaseInstructionFormatter::outputAppendImmediate(const InstructionInfo& info,
const ZyDisOperandInfo &operand, bool resolveSymbols) const OperandInfo& operand, bool resolveSymbols)
{ {
assert(operand.type == ZyDisOperandType::IMMEDIATE); assert(operand.type == OperandType::IMMEDIATE);
uint64_t value = 0; uint64_t value = 0;
if (operand.signed_lval&& (operand.size != info.operand_mode)) if (operand.signed_lval&& (operand.size != info.operand_mode))
{ {
@ -329,11 +314,10 @@ void ZyDisBaseInstructionFormatter::outputAppendImmediate(const ZyDisInstruction
} }
} }
void ZyDisBaseInstructionFormatter::outputAppendDisplacement(const ZyDisInstructionInfo &info, void BaseInstructionFormatter::outputAppendDisplacement(const OperandInfo& operand)
const ZyDisOperandInfo &operand)
{ {
assert(operand.offset > 0); assert(operand.offset > 0);
if ((operand.base == ZyDisRegister::NONE) && (operand.index == ZyDisRegister::NONE)) if ((operand.base == Register::NONE)&& (operand.index == Register::NONE))
{ {
// Assume the displacement value is unsigned // Assume the displacement value is unsigned
assert(operand.scale == 0); assert(operand.scale == 0);
@ -378,16 +362,15 @@ void ZyDisBaseInstructionFormatter::outputAppendDisplacement(const ZyDisInstruct
outputAppendFormatted("-%.2lX", -value); outputAppendFormatted("-%.2lX", -value);
} else } else
{ {
outputAppendFormatted("%s%.2lX", (operand.base != ZyDisRegister::NONE || outputAppendFormatted("%s%.2lX", (operand.base != Register::NONE ||
operand.index != ZyDisRegister::NONE) ? "+" : "", value); operand.index != Register::NONE) ? "+" : "", value);
} }
} }
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* IntelInstructionFormatter =============================================================== */
void ZyDisIntelInstructionFormatter::outputAppendOperandCast(const ZyDisInstructionInfo &info, void IntelInstructionFormatter::outputAppendOperandCast(const OperandInfo& operand)
const ZyDisOperandInfo &operand)
{ {
switch(operand.size) switch(operand.size)
{ {
@ -417,33 +400,33 @@ void ZyDisIntelInstructionFormatter::outputAppendOperandCast(const ZyDisInstruct
} }
} }
void ZyDisIntelInstructionFormatter::formatOperand(const ZyDisInstructionInfo &info, void IntelInstructionFormatter::formatOperand(const InstructionInfo& info,
const ZyDisOperandInfo &operand) const OperandInfo& operand)
{ {
switch (operand.type) switch (operand.type)
{ {
case ZyDisOperandType::REGISTER: case OperandType::REGISTER:
outputAppend(registerToString(operand.base)); outputAppend(registerToString(operand.base));
break; break;
case ZyDisOperandType::MEMORY: case OperandType::MEMORY:
if (info.flags& IF_PREFIX_SEGMENT) if (info.flags& IF_PREFIX_SEGMENT)
{ {
outputAppendFormatted("%s:", registerToString(info.segment)); outputAppendFormatted("%s:", registerToString(info.segment));
} }
outputAppend("["); outputAppend("[");
if (operand.base == ZyDisRegister::RIP) if (operand.base == Register::RIP)
{ {
// TODO: Add option // TODO: Add option
outputAppendAddress(info, VDECalcAbsoluteTarget(info, operand), true); outputAppendAddress(info, CalcAbsoluteTarget(info, operand), true);
} else } else
{ {
if (operand.base != ZyDisRegister::NONE) if (operand.base != Register::NONE)
{ {
outputAppend(registerToString(operand.base)); outputAppend(registerToString(operand.base));
} }
if (operand.index != ZyDisRegister::NONE) if (operand.index != Register::NONE)
{ {
outputAppendFormatted("%s%s", operand.base != ZyDisRegister::NONE ? "+" : "", outputAppendFormatted("%s%s", operand.base != Register::NONE ? "+" : "",
registerToString(operand.index)); registerToString(operand.index));
if (operand.scale) if (operand.scale)
{ {
@ -452,12 +435,12 @@ void ZyDisIntelInstructionFormatter::formatOperand(const ZyDisInstructionInfo &i
} }
if (operand.offset) if (operand.offset)
{ {
outputAppendDisplacement(info, operand); outputAppendDisplacement(operand);
} }
} }
outputAppend("]"); outputAppend("]");
break; break;
case ZyDisOperandType::POINTER: case OperandType::POINTER:
// TODO: resolve symbols // TODO: resolve symbols
switch (operand.size) switch (operand.size)
{ {
@ -472,21 +455,21 @@ void ZyDisIntelInstructionFormatter::formatOperand(const ZyDisInstructionInfo &i
assert(0); assert(0);
} }
break; break;
case ZyDisOperandType::IMMEDIATE: case OperandType::IMMEDIATE:
{ {
outputAppendImmediate(info, operand, true); outputAppendImmediate(info, operand, true);
} }
break; break;
case ZyDisOperandType::REL_IMMEDIATE: case OperandType::REL_IMMEDIATE:
{ {
if (operand.size == 8) if (operand.size == 8)
{ {
outputAppend("short "); outputAppend("short ");
} }
outputAppendAddress(info, VDECalcAbsoluteTarget(info, operand), true); outputAppendAddress(info, CalcAbsoluteTarget(info, operand), true);
} }
break; break;
case ZyDisOperandType::CONSTANT: case OperandType::CONSTANT:
outputAppendFormatted("%.2X", operand.lval.udword); outputAppendFormatted("%.2X", operand.lval.udword);
break; break;
default: default:
@ -495,7 +478,7 @@ void ZyDisIntelInstructionFormatter::formatOperand(const ZyDisInstructionInfo &i
} }
} }
void ZyDisIntelInstructionFormatter::internalFormatInstruction(const ZyDisInstructionInfo &info) void IntelInstructionFormatter::internalFormatInstruction(const InstructionInfo& info)
{ {
// Append string prefixes // Append string prefixes
if (info.flags& IF_PREFIX_LOCK) if (info.flags& IF_PREFIX_LOCK)
@ -510,32 +493,32 @@ void ZyDisIntelInstructionFormatter::internalFormatInstruction(const ZyDisInstru
outputAppend("repne "); outputAppend("repne ");
} }
// Append the instruction mnemonic // Append the instruction mnemonic
outputAppend(Internal::VDEGetInstructionMnemonicString(info.mnemonic)); outputAppend(Internal::GetInstructionMnemonicString(info.mnemonic));
// Append the first operand // Append the first operand
if (info.operand[0].type != ZyDisOperandType::NONE) if (info.operand[0].type != OperandType::NONE)
{ {
outputAppend(" "); outputAppend(" ");
bool cast = false; bool cast = false;
if (info.operand[0].type == ZyDisOperandType::MEMORY) if (info.operand[0].type == OperandType::MEMORY)
{ {
if (info.operand[1].type == ZyDisOperandType::IMMEDIATE || if (info.operand[1].type == OperandType::IMMEDIATE ||
info.operand[1].type == ZyDisOperandType::CONSTANT || info.operand[1].type == OperandType::CONSTANT ||
info.operand[1].type == ZyDisOperandType::NONE || info.operand[1].type == OperandType::NONE ||
(info.operand[0].size != info.operand[1].size)) (info.operand[0].size != info.operand[1].size))
{ {
cast = true; cast = true;
} else if (info.operand[1].type == ZyDisOperandType::REGISTER && } else if (info.operand[1].type == OperandType::REGISTER&&
info.operand[1].base == ZyDisRegister::CL) info.operand[1].base == Register::CL)
{ {
switch (info.mnemonic) switch (info.mnemonic)
{ {
case ZyDisInstructionMnemonic::RCL: case InstructionMnemonic::RCL:
case ZyDisInstructionMnemonic::ROL: case InstructionMnemonic::ROL:
case ZyDisInstructionMnemonic::ROR: case InstructionMnemonic::ROR:
case ZyDisInstructionMnemonic::RCR: case InstructionMnemonic::RCR:
case ZyDisInstructionMnemonic::SHL: case InstructionMnemonic::SHL:
case ZyDisInstructionMnemonic::SHR: case InstructionMnemonic::SHR:
case ZyDisInstructionMnemonic::SAR: case InstructionMnemonic::SAR:
cast = true; cast = true;
break; break;
default: default:
@ -545,114 +528,75 @@ void ZyDisIntelInstructionFormatter::internalFormatInstruction(const ZyDisInstru
} }
if (cast) if (cast)
{ {
outputAppendOperandCast(info, info.operand[0]); outputAppendOperandCast(info.operand[0]);
} }
formatOperand(info, info.operand[0]); formatOperand(info, info.operand[0]);
} }
// Append the second operand // Append the second operand
if (info.operand[1].type != ZyDisOperandType::NONE) if (info.operand[1].type != OperandType::NONE)
{ {
outputAppend(", "); outputAppend(", ");
bool cast = false; bool cast = false;
if (info.operand[1].type == ZyDisOperandType::MEMORY && if (info.operand[1].type == OperandType::MEMORY&&
info.operand[0].size != info.operand[1].size&& info.operand[0].size != info.operand[1].size&&
((info.operand[0].type != ZyDisOperandType::REGISTER) || ((info.operand[0].type != OperandType::REGISTER) ||
((info.operand[0].base != ZyDisRegister::ES) && ((info.operand[0].base != Register::ES)&&
(info.operand[0].base != ZyDisRegister::CS) && (info.operand[0].base != Register::CS)&&
(info.operand[0].base != ZyDisRegister::SS) && (info.operand[0].base != Register::SS)&&
(info.operand[0].base != ZyDisRegister::DS) && (info.operand[0].base != Register::DS)&&
(info.operand[0].base != ZyDisRegister::FS) && (info.operand[0].base != Register::FS)&&
(info.operand[0].base != ZyDisRegister::GS)))) (info.operand[0].base != Register::GS))))
{ {
cast = true; cast = true;
} }
if (cast) if (cast)
{ {
outputAppendOperandCast(info, info.operand[1]); outputAppendOperandCast(info.operand[1]);
} }
formatOperand(info, info.operand[1]); formatOperand(info, info.operand[1]);
} }
// Append the third operand // Append the third operand
if (info.operand[2].type != ZyDisOperandType::NONE) if (info.operand[2].type != OperandType::NONE)
{ {
outputAppend(", "); outputAppend(", ");
bool cast = false; bool cast = false;
if (info.operand[2].type == ZyDisOperandType::MEMORY && if (info.operand[2].type == OperandType::MEMORY&&
(info.operand[2].size != info.operand[1].size)) (info.operand[2].size != info.operand[1].size))
{ {
cast = true; cast = true;
} }
if (cast) if (cast)
{ {
outputAppendOperandCast(info, info.operand[2]); outputAppendOperandCast(info.operand[2]);
} }
formatOperand(info, info.operand[2]); formatOperand(info, info.operand[2]);
} }
// Append the fourth operand // Append the fourth operand
if (info.operand[3].type != ZyDisOperandType::NONE) if (info.operand[3].type != OperandType::NONE)
{ {
outputAppend(", "); outputAppend(", ");
formatOperand(info, info.operand[3]); formatOperand(info, info.operand[3]);
} }
} }
ZyDisIntelInstructionFormatter::ZyDisIntelInstructionFormatter() IntelInstructionFormatter::IntelInstructionFormatter()
: ZyDisBaseInstructionFormatter() : BaseInstructionFormatter()
{ {
} }
ZyDisIntelInstructionFormatter::ZyDisIntelInstructionFormatter(ZyDisBaseSymbolResolver* symbolResolver) IntelInstructionFormatter::IntelInstructionFormatter(
: ZyDisBaseInstructionFormatter(symbolResolver) BaseSymbolResolver *symbolResolver)
: BaseInstructionFormatter(symbolResolver)
{ {
} }
ZyDisIntelInstructionFormatter::~ZyDisIntelInstructionFormatter() IntelInstructionFormatter::~IntelInstructionFormatter()
{ {
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* ============================================================================================== */
ZyDisExactSymbolResolver::~ZyDisExactSymbolResolver()
{
}
const char* ZyDisExactSymbolResolver::resolveSymbol(const ZyDisInstructionInfo &info, uint64_t address,
uint64_t &offset)
{
std::unordered_map<uint64_t, std::string>::const_iterator iterator = m_symbolMap.find(address);
if (iterator != m_symbolMap.cend())
{
offset = 0;
return iterator->second.c_str();
}
return nullptr;
}
bool ZyDisExactSymbolResolver::containsSymbol(uint64_t address) const
{
std::unordered_map<uint64_t, std::string>::const_iterator iterator = m_symbolMap.find(address);
return (iterator != m_symbolMap.end());
}
void ZyDisExactSymbolResolver::setSymbol(uint64_t address, const char* name)
{
m_symbolMap[address].assign(name);
}
void ZyDisExactSymbolResolver::removeSymbol(uint64_t address)
{
m_symbolMap.erase(address);
}
void ZyDisExactSymbolResolver::clear()
{
m_symbolMap.clear();
}
///////////////////////////////////////////////////////////////////////////////////////////////////
} }

161
Bindings/Cpp/ZyDisInstructionFormatter.hpp → Zydis/ZydisInstructionFormatter.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 22. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,52 +26,28 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once
#ifndef _ZYDIS_INSTRUCTIONFORMATTER_HPP_
#define _ZYDIS_INSTRUCTIONFORMATTER_HPP_
#include <vector> #include <vector>
#include <unordered_map> #include "ZydisTypes.hpp"
#include <string> #include "ZydisSymbolResolver.hpp"
#include "ZyDisDisassemblerTypes.hpp"
namespace Verteron namespace Zydis
{ {
/////////////////////////////////////////////////////////////////////////////////////////////////// /* BaseInstructionFormatter ===================================================================== */
/**
* @brief Base class for all symbol resolver implementations.
*/
class ZyDisBaseSymbolResolver
{
public:
/**
* @brief Destructor.
*/
virtual ~ZyDisBaseSymbolResolver();
public:
/**
* @brief Resolves a symbol.
* @param info The instruction info.
* @param address The address.
* @param offset Reference to an unsigned 64 bit integer that receives an offset
* relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not.
*/
virtual const char* resolveSymbol(const ZyDisInstructionInfo &info, uint64_t address,
uint64_t &offset);
};
///////////////////////////////////////////////////////////////////////////////////////////////////
/** /**
* @brief Base class for all instruction formatter implementations. * @brief Base class for all instruction formatter implementations.
*/ */
class ZyDisBaseInstructionFormatter class BaseInstructionFormatter
{ {
private: private:
static const char* m_registerStrings[]; static const char* m_registerStrings[];
ZyDisBaseSymbolResolver *m_symbolResolver; BaseSymbolResolver* m_symbolResolver;
std::vector<char> m_outputBuffer; std::vector<char> m_outputBuffer;
size_t m_outputStringLen; size_t m_outputStringLen;
bool m_outputUppercase; bool m_outputUppercase;
@ -109,7 +83,7 @@ protected:
* @param resolveSymbols If this parameter is true, the method will try to display a * @param resolveSymbols If this parameter is true, the method will try to display a
* smybol name instead of the numeric value. * smybol name instead of the numeric value.
*/ */
void outputAppendAddress(const ZyDisInstructionInfo &info, uint64_t address, void outputAppendAddress(const InstructionInfo& info, uint64_t address,
bool resolveSymbols = true); bool resolveSymbols = true);
/** /**
* @brief Appends a formatted immediate value to the output string buffer. * @brief Appends a formatted immediate value to the output string buffer.
@ -118,21 +92,20 @@ protected:
* @param resolveSymbols If this parameter is true, the method will try to display a * @param resolveSymbols If this parameter is true, the method will try to display a
* smybol name instead of the numeric value. * smybol name instead of the numeric value.
*/ */
void outputAppendImmediate(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand, void outputAppendImmediate(const InstructionInfo& info, const OperandInfo& operand,
bool resolveSymbols = false); bool resolveSymbols = false);
/** /**
* @brief Appends a formatted memory displacement value to the output string buffer. * @brief Appends a formatted memory displacement value to the output string buffer.
* @param info The instruction info.
* @param operand The memory operand. * @param operand The memory operand.
*/ */
void outputAppendDisplacement(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand); void outputAppendDisplacement(const OperandInfo& operand);
protected: protected:
/** /**
* @brief Returns the string representation of a given register. * @brief Returns the string representation of a given register.
* @param reg The register. * @param reg The register.
* @return The string representation of the given register. * @return The string representation of the given register.
*/ */
const char* registerToString(ZyDisRegister reg) const; const char *registerToString(Register reg) const;
/** /**
* @brief Resolves a symbol. * @brief Resolves a symbol.
* @param info The instruction info. * @param info The instruction info.
@ -141,7 +114,7 @@ protected:
* relative to the base address of the symbol. * relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not. * @return The name of the symbol, if the symbol was found, @c NULL if not.
*/ */
const char* resolveSymbol(const ZyDisInstructionInfo &info, uint64_t address, const char* resolveSymbol(const InstructionInfo& info, uint64_t address,
uint64_t& offset) const; uint64_t& offset) const;
protected: protected:
/** /**
@ -150,58 +123,58 @@ protected:
* string buffer. * string buffer.
* @param info The instruction info. * @param info The instruction info.
*/ */
virtual void internalFormatInstruction(const ZyDisInstructionInfo &info); virtual void internalFormatInstruction(const InstructionInfo& info);
/** /**
* @brief Default constructor. * @brief Default constructor.
*/ */
ZyDisBaseInstructionFormatter(); BaseInstructionFormatter();
/** /**
* @brief Constructor. * @brief Constructor.
* @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol * @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol
* resolver should be used. * resolver should be used.
*/ */
explicit ZyDisBaseInstructionFormatter(ZyDisBaseSymbolResolver *symbolResolver); explicit BaseInstructionFormatter(BaseSymbolResolver* symbolResolver);
public: public:
/** /**
* @brief Destructor. * @brief Destructor.
*/ */
virtual ~ZyDisBaseInstructionFormatter(); virtual ~BaseInstructionFormatter();
public: public:
/** /**
* @brief Formats a decoded instruction. * @brief Formats a decoded instruction.
* @param info The instruction info. * @param info The instruction info.
* @return Pointer to the formatted instruction string. * @return Pointer to the formatted instruction string.
*/ */
const char* formatInstruction(const ZyDisInstructionInfo &info); const char *formatInstruction(const InstructionInfo& info);
public: public:
/** /**
* @brief Returns a pointer to the current symbol resolver. * @brief Returns a pointer to the current symbol resolver.
* @return Pointer to the current symbol resolver or @c NULL, if no symbol resolver is used. * @return Pointer to the current symbol resolver or @c NULL, if no symbol resolver is used.
*/ */
ZyDisBaseSymbolResolver* getSymbolResolver() const; BaseSymbolResolver* getSymbolResolver() const;
/** /**
* @brief Sets a new symbol resolver. * @brief Sets a new symbol resolver.
* @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol * @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol
* resolver should be used. * resolver should be used.
*/ */
void setSymbolResolver(ZyDisBaseSymbolResolver *symbolResolver); void setSymbolResolver(BaseSymbolResolver* symbolResolver);
}; };
inline void ZyDisBaseInstructionFormatter::outputSetUppercase(bool uppercase) inline void BaseInstructionFormatter::outputSetUppercase(bool uppercase)
{ {
m_outputUppercase = uppercase; m_outputUppercase = uppercase;
} }
inline char const* ZyDisBaseInstructionFormatter::registerToString(ZyDisRegister reg) const inline char const *BaseInstructionFormatter::registerToString(Register reg) const
{ {
if (reg == ZyDisRegister::NONE) if (reg == Register::NONE)
{ {
return "error"; return "error";
} }
return m_registerStrings[static_cast<uint16_t>(reg) - 1]; return m_registerStrings[static_cast<uint16_t>(reg) - 1];
} }
inline char const* ZyDisBaseInstructionFormatter::resolveSymbol(const ZyDisInstructionInfo &info, inline char const* BaseInstructionFormatter::resolveSymbol(const InstructionInfo& info,
uint64_t address, uint64_t& offset) const uint64_t address, uint64_t& offset) const
{ {
if (m_symbolResolver) if (m_symbolResolver)
@ -211,110 +184,62 @@ inline char const* ZyDisBaseInstructionFormatter::resolveSymbol(const ZyDisInstr
return nullptr; return nullptr;
} }
inline ZyDisBaseSymbolResolver* ZyDisBaseInstructionFormatter::getSymbolResolver() const inline BaseSymbolResolver* BaseInstructionFormatter::getSymbolResolver() const
{ {
return m_symbolResolver; return m_symbolResolver;
} }
inline void ZyDisBaseInstructionFormatter::setSymbolResolver(ZyDisBaseSymbolResolver *symbolResolver) inline void BaseInstructionFormatter::setSymbolResolver(
BaseSymbolResolver* symbolResolver)
{ {
m_symbolResolver = symbolResolver; m_symbolResolver = symbolResolver;
} }
/////////////////////////////////////////////////////////////////////////////////////////////////// /* IntelInstructionFormatter ==================================================================== */
/** /**
* @brief Intel syntax instruction formatter. * @brief Intel syntax instruction formatter.
*/ */
class ZyDisIntelInstructionFormatter : public ZyDisBaseInstructionFormatter class IntelInstructionFormatter : public BaseInstructionFormatter
{ {
private: private:
/** /**
* @brief Appends an operand cast to the output string buffer. * @brief Appends an operand cast to the output string buffer.
* @param info The instruction info.
* @param operand The operand. * @param operand The operand.
*/ */
void outputAppendOperandCast(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand); void outputAppendOperandCast(const OperandInfo& operand);
/** /**
* @brief Formats the specified operand and appends the resulting string to the output * @brief Formats the specified operand and appends the resulting string to the output
* buffer. * buffer.
* @param info The instruction info. * @param info The instruction info.
* @param operand The operand. * @param operand The operand.
*/ */
void formatOperand(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand); void formatOperand(const InstructionInfo& info, const OperandInfo& operand);
protected: protected:
/** /**
* @brief Fills the internal string buffer with an intel style formatted instruction string. * @brief Fills the internal string buffer with an intel style formatted instruction string.
* @param info The instruction info. * @param info The instruction info.
*/ */
void internalFormatInstruction(const ZyDisInstructionInfo &info) override; void internalFormatInstruction(const InstructionInfo& info) override;
public: public:
/** /**
* @brief Default constructor. * @brief Default constructor.
*/ */
ZyDisIntelInstructionFormatter(); IntelInstructionFormatter();
/** /**
* @brief Constructor. * @brief Constructor.
* @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol * @param symbolResolver Pointer to a symbol resolver instance or @c NULL, if no smybol
* resolver should be used. * resolver should be used.
*/ */
explicit ZyDisIntelInstructionFormatter(ZyDisBaseSymbolResolver *symbolResolver); explicit IntelInstructionFormatter(BaseSymbolResolver* symbolResolver);
/** /**
* @brief Destructor. * @brief Destructor.
*/ */
~ZyDisIntelInstructionFormatter() override; ~IntelInstructionFormatter() override;
}; };
/////////////////////////////////////////////////////////////////////////////////////////////////// /* ============================================================================================== */
/**
* @brief Simple symbol resolver that only matches exact addresses.
*/
class ZyDisExactSymbolResolver : public ZyDisBaseSymbolResolver
{
private:
std::unordered_map<uint64_t, std::string> m_symbolMap;
public:
/**
* @brief Destructor.
*/
~ZyDisExactSymbolResolver() override;
public:
/**
* @brief Resolves a symbol.
* @param info The instruction info.
* @param address The address.
* @param offset Reference to an unsigned 64 bit integer that receives an offset
* relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not.
*/
const char* resolveSymbol(const ZyDisInstructionInfo &info, uint64_t address,
uint64_t &offset) override;
public:
/**
* @brief Query if the given address is a known symbol.
* @param address The address.
* @return True if the address is known, false if not.
*/
bool containsSymbol(uint64_t address) const;
/**
* @brief Adds or changes a symbol.
* @param address The address.
* @param name The symbol name.
*/
void setSymbol(uint64_t address, const char* name);
/**
* @brief Removes the symbol described by address. This will invalidate all char pointers
* to the specific symbol name.
* @param address The address.
*/
void removeSymbol(uint64_t address);
/**
* @brief Clears the symbol tree.
*/
void clear();
};
///////////////////////////////////////////////////////////////////////////////////////////////////
} }
#endif /* _ZYDIS_INSTRUCTIONFORMATTER_HPP_ */

9654
Zydis/ZydisOpcodeTable.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

136
Bindings/Cpp/ZyDisOpcodeTable.hpp → Zydis/ZydisOpcodeTable.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 29. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,19 +26,21 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once
#ifndef _ZYDIS_OPCODETABLE_HPP_
#define _ZYDIS_OPCODETABLE_HPP_
#include <stdint.h> #include <stdint.h>
#include <cassert> #include <cassert>
namespace Verteron namespace Zydis
{ {
/** /**
* @brief Values that represent an instruction mnemonic. * @brief Values that represent an instruction mnemonic.
*/ */
enum class ZyDisInstructionMnemonic : uint16_t enum class InstructionMnemonic : uint16_t
{ {
/* 000 */ INVALID, /* 000 */ INVALID,
/* 001 */ AAA, /* 001 */ AAA,
@ -922,8 +922,8 @@ enum class ZyDisInstructionMnemonic : uint16_t
/* 36D */ VUNPCKHPS, /* 36D */ VUNPCKHPS,
/* 36E */ VUNPCKLPD, /* 36E */ VUNPCKLPD,
/* 36F */ VUNPCKLPS, /* 36F */ VUNPCKLPS,
/* 370 */ ZyDisORPD, /* 370 */ VXORPD,
/* 371 */ ZyDisORPS, /* 371 */ VXORPS,
/* 372 */ VZEROALL, /* 372 */ VZEROALL,
/* 373 */ VZEROUPPER, /* 373 */ VZEROUPPER,
/* 374 */ WAIT, /* 374 */ WAIT,
@ -953,12 +953,12 @@ enum class ZyDisInstructionMnemonic : uint16_t
* @brief Defines an alias representing an opcode tree node. An opcode tree node is a 16 bit * @brief Defines an alias representing an opcode tree node. An opcode tree node is a 16 bit
* unsigned integer value with its first 4 bits reserved for the node type. * unsigned integer value with its first 4 bits reserved for the node type.
*/ */
typedef uint16_t ZyDisOpcodeTreeNode; typedef uint16_t OpcodeTreeNode;
/** /**
* @brief Values that represent the type of an opcode tree node. * @brief Values that represent the type of an opcode tree node.
*/ */
enum class ZyDisOpcodeTreeNodeType : uint8_t enum class OpcodeTreeNodeType : uint8_t
{ {
/** /**
* @brief Reference to a concrete instruction definition. * @brief Reference to a concrete instruction definition.
@ -1025,7 +1025,7 @@ enum class ZyDisOpcodeTreeNodeType : uint8_t
/** /**
* @brief Values that represent the type of an operand in the instruction definition. * @brief Values that represent the type of an operand in the instruction definition.
*/ */
enum class ZyDisDefinedOperandType : uint8_t enum class DefinedOperandType : uint8_t
{ {
/* /*
* @brief No operand. * @brief No operand.
@ -1286,7 +1286,7 @@ enum class ZyDisDefinedOperandType : uint8_t
* @brief Values that represent the size of an operand in the instruction definition. * @brief Values that represent the size of an operand in the instruction definition.
* Do not change the order or the values of this enum! * Do not change the order or the values of this enum!
*/ */
enum class ZyDisDefinedOperandSize : uint8_t enum class DefinedOperandSize : uint8_t
{ {
/** /**
* @brief No operand. * @brief No operand.
@ -1386,7 +1386,7 @@ enum class ZyDisDefinedOperandSize : uint8_t
* @brief Values that represent optional flags in the instruction definition. * @brief Values that represent optional flags in the instruction definition.
* Do not change the order or the values of this enum! * Do not change the order or the values of this enum!
*/ */
enum ZyDisInstructionDefinitionFlags : uint16_t enum InstructionDefinitionFlags : uint16_t
{ {
/** /**
* @brief The instruction accepts the rex.b prefix value. * @brief The instruction accepts the rex.b prefix value.
@ -1454,30 +1454,30 @@ enum ZyDisInstructionDefinitionFlags : uint16_t
/** /**
* @brief An operand definition. * @brief An operand definition.
*/ */
struct ZyDisOperandDefinition struct OperandDefinition
{ {
/** /**
* @brief The defined operand type. * @brief The defined operand type.
*/ */
ZyDisDefinedOperandType type; DefinedOperandType type;
/** /**
* @brief The defined operand size. * @brief The defined operand size.
*/ */
ZyDisDefinedOperandSize size; DefinedOperandSize size;
}; };
/** /**
* @brief An instruction definition. * @brief An instruction definition.
*/ */
struct ZyDisInstructionDefinition struct InstructionDefinition
{ {
/** /**
* @brief The instruction mnemonic. * @brief The instruction mnemonic.
*/ */
ZyDisInstructionMnemonic mnemonic; InstructionMnemonic mnemonic;
/** /**
* @brief The operand definitions for all four possible operands. * @brief The operand definitions for all four possible operands.
*/ */
ZyDisOperandDefinition operand[4]; OperandDefinition operand[4];
/** /**
* @brief Additional flags for the instruction definition. * @brief Additional flags for the instruction definition.
*/ */
@ -1492,24 +1492,24 @@ namespace Internal
* @brief Contains all opcode tables. * @brief Contains all opcode tables.
* Indexed by the numeric value of the opcode. * Indexed by the numeric value of the opcode.
*/ */
extern const ZyDisOpcodeTreeNode optreeTable[][256]; extern const OpcodeTreeNode optreeTable[][256];
/** /**
* @brief Contains all modrm_mod switch tables. * @brief Contains all modrm_mod switch tables.
* Index values: * Index values:
* 0 = [modrm_mod == !11] * 0 = [modrm_mod == !11]
* 1 = [modrm_mod == 11] * 1 = [modrm_mod == 11]
*/ */
extern const ZyDisOpcodeTreeNode optreeModrmMod[][2]; extern const OpcodeTreeNode optreeModrmMod[][2];
/** /**
* @brief Contains all modrm_reg switch tables. * @brief Contains all modrm_reg switch tables.
* Indexed by the numeric value of the modrm_reg field. * Indexed by the numeric value of the modrm_reg field.
*/ */
extern const ZyDisOpcodeTreeNode optreeModrmReg[][8]; extern const OpcodeTreeNode optreeModrmReg[][8];
/** /**
* @brief Contains all modrm_rm switch tables. * @brief Contains all modrm_rm switch tables.
* Indexed by the numeric value of the modrm_rm field. * Indexed by the numeric value of the modrm_rm field.
*/ */
extern const ZyDisOpcodeTreeNode optreeModrmRm[][8]; extern const OpcodeTreeNode optreeModrmRm[][8];
/** /**
* @brief Contains all mandatory-prefix switch tables. * @brief Contains all mandatory-prefix switch tables.
* Index values: * Index values:
@ -1518,13 +1518,13 @@ extern const ZyDisOpcodeTreeNode optreeModrmRm[][8];
* 2 = F3 * 2 = F3
* 3 = 66 * 3 = 66
*/ */
extern const ZyDisOpcodeTreeNode optreeMandatory[][4]; extern const OpcodeTreeNode optreeMandatory[][4];
/** /**
* @brief Contains all x87 opcode tables. * @brief Contains all x87 opcode tables.
* Indexed by the numeric value of the 6 lowest bits of the modrm byte (modrm_mod should * Indexed by the numeric value of the 6 lowest bits of the modrm byte (modrm_mod should
* always be 11). * always be 11).
*/ */
extern const ZyDisOpcodeTreeNode optreeX87[][64]; extern const OpcodeTreeNode optreeX87[][64];
/** /**
* @brief Contains all address-size switch tables. * @brief Contains all address-size switch tables.
* Index values: * Index values:
@ -1532,7 +1532,7 @@ extern const ZyDisOpcodeTreeNode optreeX87[][64];
* 1 = 32 * 1 = 32
* 2 = 64 * 2 = 64
*/ */
extern const ZyDisOpcodeTreeNode optreeAddressSize[][3]; extern const OpcodeTreeNode optreeAddressSize[][3];
/** /**
* @brief Contains all operand-size switch tables. * @brief Contains all operand-size switch tables.
* Index values: * Index values:
@ -1540,26 +1540,26 @@ extern const ZyDisOpcodeTreeNode optreeAddressSize[][3];
* 1 = 32 * 1 = 32
* 2 = 64 * 2 = 64
*/ */
extern const ZyDisOpcodeTreeNode optreeOperandSize[][3]; extern const OpcodeTreeNode optreeOperandSize[][3];
/** /**
* @brief Contains all cpu-mode switch tables. * @brief Contains all cpu-mode switch tables.
* Index values: * Index values:
* 0 = [!= 64] * 0 = [!= 64]
* 1 = 64 * 1 = 64
*/ */
extern const ZyDisOpcodeTreeNode optreeMode[][2]; extern const OpcodeTreeNode optreeMode[][2];
/** /**
* @brief Contains all vendor switch tables. * @brief Contains all vendor switch tables.
* Index values: * Index values:
* 0 = AMD * 0 = AMD
* 1 = Intel * 1 = Intel
*/ */
extern const ZyDisOpcodeTreeNode optreeVendor[][2]; extern const OpcodeTreeNode optreeVendor[][2];
/** /**
* @brief Contains all 3dnow! switch tables. * @brief Contains all 3dnow! switch tables.
* Indexed by the numeric value of the 3dnow! opcode. * Indexed by the numeric value of the 3dnow! opcode.
*/ */
extern const ZyDisOpcodeTreeNode optree3dnow[][256]; extern const OpcodeTreeNode optree3dnow[][256];
/** /**
* @brief Contains all vex switch tables. * @brief Contains all vex switch tables.
* Index values: * Index values:
@ -1580,21 +1580,21 @@ extern const ZyDisOpcodeTreeNode optree3dnow[][256];
* E = F2_0F38 * E = F2_0F38
* F = F2_0F3A * F = F2_0F3A
*/ */
extern const ZyDisOpcodeTreeNode optreeVex[][16]; extern const OpcodeTreeNode optreeVex[][16];
/** /**
* @brief Contains all vex_w switch tables. * @brief Contains all vex_w switch tables.
* Indexed by the numeric value of the vex_w field. * Indexed by the numeric value of the vex_w field.
*/ */
extern const ZyDisOpcodeTreeNode optreeVexW[][2]; extern const OpcodeTreeNode optreeVexW[][2];
/** /**
* @brief Contains all vex_l switch tables. * @brief Contains all vex_l switch tables.
* Indexed by the numeric value of the vex_l field. * Indexed by the numeric value of the vex_l field.
*/ */
extern const ZyDisOpcodeTreeNode optreeVexL[][2]; extern const OpcodeTreeNode optreeVexL[][2];
/** /**
* @brief Contains all instruction definitions. * @brief Contains all instruction definitions.
*/ */
extern const ZyDisInstructionDefinition instrDefinitions[]; extern const InstructionDefinition instrDefinitions[];
/** /**
* @brief Contains all instruction mnemonic strings. * @brief Contains all instruction mnemonic strings.
*/ */
@ -1605,9 +1605,9 @@ extern const char* instrMnemonicStrings[];
* @param node The node. * @param node The node.
* @return The type of the specified opcode tree node. * @return The type of the specified opcode tree node.
*/ */
inline ZyDisOpcodeTreeNodeType VDEGetOpcodeNodeType(ZyDisOpcodeTreeNode node) inline OpcodeTreeNodeType GetOpcodeNodeType(OpcodeTreeNode node)
{ {
return static_cast<ZyDisOpcodeTreeNodeType>((node >> 12) & 0x0F); return static_cast<OpcodeTreeNodeType>((node >> 12)& 0x0F);
} }
/** /**
@ -1615,7 +1615,7 @@ inline ZyDisOpcodeTreeNodeType VDEGetOpcodeNodeType(ZyDisOpcodeTreeNode node)
* @param node The node. * @param node The node.
* @return The value of the specified opcode tree node. * @return The value of the specified opcode tree node.
*/ */
inline uint16_t VDEGetOpcodeNodeValue(ZyDisOpcodeTreeNode node) inline uint16_t GetOpcodeNodeValue(OpcodeTreeNode node)
{ {
return (node& 0x0FFF); return (node& 0x0FFF);
} }
@ -1624,7 +1624,7 @@ inline uint16_t VDEGetOpcodeNodeValue(ZyDisOpcodeTreeNode node)
* @brief Returns the root node of the opcode tree. * @brief Returns the root node of the opcode tree.
* @return The root node of the opcode tree. * @return The root node of the opcode tree.
*/ */
inline ZyDisOpcodeTreeNode VDEGetOpcodeTreeRoot() inline OpcodeTreeNode GetOpcodeTreeRoot()
{ {
return 0x1000; return 0x1000;
} }
@ -1635,53 +1635,53 @@ inline ZyDisOpcodeTreeNode VDEGetOpcodeTreeRoot()
* @param index The index of the child node to retrieve. * @param index The index of the child node to retrieve.
* @return The specified child node. * @return The specified child node.
*/ */
inline ZyDisOpcodeTreeNode VDEGetOpcodeTreeChild(ZyDisOpcodeTreeNode parent, uint16_t index) inline OpcodeTreeNode GetOpcodeTreeChild(OpcodeTreeNode parent, uint16_t index)
{ {
using namespace Internal; using namespace Internal;
ZyDisOpcodeTreeNodeType nodeType = VDEGetOpcodeNodeType(parent); OpcodeTreeNodeType nodeType = GetOpcodeNodeType(parent);
uint16_t tableIndex = VDEGetOpcodeNodeValue(parent); uint16_t tableIndex = GetOpcodeNodeValue(parent);
switch (nodeType) switch (nodeType)
{ {
case ZyDisOpcodeTreeNodeType::TABLE: case OpcodeTreeNodeType::TABLE:
assert(index < 256); assert(index < 256);
return optreeTable[tableIndex][index]; return optreeTable[tableIndex][index];
case ZyDisOpcodeTreeNodeType::MODRM_MOD: case OpcodeTreeNodeType::MODRM_MOD:
assert(index < 2); assert(index < 2);
return optreeModrmMod[tableIndex][index]; return optreeModrmMod[tableIndex][index];
case ZyDisOpcodeTreeNodeType::MODRM_REG: case OpcodeTreeNodeType::MODRM_REG:
assert(index < 8); assert(index < 8);
return optreeModrmReg[tableIndex][index]; return optreeModrmReg[tableIndex][index];
case ZyDisOpcodeTreeNodeType::MODRM_RM: case OpcodeTreeNodeType::MODRM_RM:
assert(index < 8); assert(index < 8);
return optreeModrmRm[tableIndex][index]; return optreeModrmRm[tableIndex][index];
case ZyDisOpcodeTreeNodeType::MANDATORY: case OpcodeTreeNodeType::MANDATORY:
assert(index < 4); assert(index < 4);
return optreeMandatory[tableIndex][index]; return optreeMandatory[tableIndex][index];
case ZyDisOpcodeTreeNodeType::X87: case OpcodeTreeNodeType::X87:
assert(index < 64); assert(index < 64);
return optreeX87[tableIndex][index]; return optreeX87[tableIndex][index];
case ZyDisOpcodeTreeNodeType::ADDRESS_SIZE: case OpcodeTreeNodeType::ADDRESS_SIZE:
assert(index < 3); assert(index < 3);
return optreeAddressSize[tableIndex][index]; return optreeAddressSize[tableIndex][index];
case ZyDisOpcodeTreeNodeType::OPERAND_SIZE: case OpcodeTreeNodeType::OPERAND_SIZE:
assert(index < 3); assert(index < 3);
return optreeOperandSize[tableIndex][index]; return optreeOperandSize[tableIndex][index];
case ZyDisOpcodeTreeNodeType::MODE: case OpcodeTreeNodeType::MODE:
assert(index < 2); assert(index < 2);
return optreeMode[tableIndex][index]; return optreeMode[tableIndex][index];
case ZyDisOpcodeTreeNodeType::VENDOR: case OpcodeTreeNodeType::VENDOR:
assert(index < 3); assert(index < 3);
return optreeVendor[tableIndex][index]; return optreeVendor[tableIndex][index];
case ZyDisOpcodeTreeNodeType::AMD3DNOW: case OpcodeTreeNodeType::AMD3DNOW:
assert(index < 256); assert(index < 256);
return optree3dnow[tableIndex][index]; return optree3dnow[tableIndex][index];
case ZyDisOpcodeTreeNodeType::VEX: case OpcodeTreeNodeType::VEX:
assert(index < 16); assert(index < 16);
return optreeVex[tableIndex][index]; return optreeVex[tableIndex][index];
case ZyDisOpcodeTreeNodeType::VEXW: case OpcodeTreeNodeType::VEXW:
assert(index < 2); assert(index < 2);
return optreeVexW[tableIndex][index]; return optreeVexW[tableIndex][index];
case ZyDisOpcodeTreeNodeType::VEXL: case OpcodeTreeNodeType::VEXL:
assert(index < 2); assert(index < 2);
return optreeVexL[tableIndex][index]; return optreeVexL[tableIndex][index];
default: default:
@ -1695,9 +1695,9 @@ inline ZyDisOpcodeTreeNode VDEGetOpcodeTreeChild(ZyDisOpcodeTreeNode parent, uin
* @param node The instruction definition node. * @param node The instruction definition node.
* @return Pointer to the instruction definition. * @return Pointer to the instruction definition.
*/ */
inline const ZyDisInstructionDefinition* VDEGetInstructionDefinition(ZyDisOpcodeTreeNode node) inline const InstructionDefinition* GetInstructionDefinition(OpcodeTreeNode node)
{ {
assert(VDEGetOpcodeNodeType(node) == ZyDisOpcodeTreeNodeType::INSTRUCTION_DEFINITION); assert(GetOpcodeNodeType(node) == OpcodeTreeNodeType::INSTRUCTION_DEFINITION);
return& instrDefinitions[node& 0x0FFF]; return& instrDefinitions[node& 0x0FFF];
} }
@ -1706,7 +1706,7 @@ inline const ZyDisInstructionDefinition* VDEGetInstructionDefinition(ZyDisOpcode
* @param mnemonic The mnemonic. * @param mnemonic The mnemonic.
* @return The instruction mnemonic string. * @return The instruction mnemonic string.
*/ */
inline const char* VDEGetInstructionMnemonicString(ZyDisInstructionMnemonic mnemonic) inline const char* GetInstructionMnemonicString(InstructionMnemonic mnemonic)
{ {
return instrMnemonicStrings[static_cast<uint16_t>(mnemonic)]; return instrMnemonicStrings[static_cast<uint16_t>(mnemonic)];
} }
@ -1716,14 +1716,14 @@ inline const char* VDEGetInstructionMnemonicString(ZyDisInstructionMnemonic mnem
* @param operandSize The defined operand size. * @param operandSize The defined operand size.
* @return The the numeric value for the simple operand size definition. * @return The the numeric value for the simple operand size definition.
*/ */
inline uint16_t VDEGetSimpleOperandSize(ZyDisDefinedOperandSize operandSize) inline uint16_t GetSimpleOperandSize(DefinedOperandSize operandSize)
{ {
static uint16_t operandSizes[8] = static uint16_t operandSizes[8] =
{ {
8, 16, 32, 64, 80, 12, 128, 256 8, 16, 32, 64, 80, 12, 128, 256
}; };
uint16_t index = uint16_t index =
static_cast<uint8_t>(operandSize) - static_cast<uint8_t>(ZyDisDefinedOperandSize::B); static_cast<uint8_t>(operandSize) - static_cast<uint8_t>(DefinedOperandSize::B);
assert(index < 8); assert(index < 8);
return operandSizes[index]; return operandSizes[index];
} }
@ -1733,9 +1733,9 @@ inline uint16_t VDEGetSimpleOperandSize(ZyDisDefinedOperandSize operandSize)
* @param operandSize The defined operand size. * @param operandSize The defined operand size.
* @return The memory-size part of the operand size definition. * @return The memory-size part of the operand size definition.
*/ */
inline ZyDisDefinedOperandSize VDEGetComplexOperandMemSize(ZyDisDefinedOperandSize operandSize) inline DefinedOperandSize GetComplexOperandMemSize(DefinedOperandSize operandSize)
{ {
return static_cast<ZyDisDefinedOperandSize>(static_cast<uint8_t>(operandSize) & 0x0F); return static_cast<DefinedOperandSize>(static_cast<uint8_t>(operandSize)& 0x0F);
} }
/** /**
@ -1743,11 +1743,13 @@ inline ZyDisDefinedOperandSize VDEGetComplexOperandMemSize(ZyDisDefinedOperandSi
* @param operandSize The defined operand size. * @param operandSize The defined operand size.
* @return The register-size part of the operand size definition. * @return The register-size part of the operand size definition.
*/ */
inline ZyDisDefinedOperandSize VDEGetComplexOperandRegSize(ZyDisDefinedOperandSize operandSize) inline DefinedOperandSize GetComplexOperandRegSize(DefinedOperandSize operandSize)
{ {
return static_cast<ZyDisDefinedOperandSize>((static_cast<uint8_t>(operandSize) >> 4) & 0x0F); return static_cast<DefinedOperandSize>((static_cast<uint8_t>(operandSize) >> 4)& 0x0F);
} }
} }
} }
#endif /* _ZYDIS_OPCODETABLE_HPP_ */

91
Zydis/ZydisSymbolResolver.cpp Normal file
View File

@ -0,0 +1,91 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#include "ZydisSymbolResolver.hpp"
namespace Zydis
{
/* BaseSymbolResolver ====================================================================== */
BaseSymbolResolver::~BaseSymbolResolver()
{
}
const char *BaseSymbolResolver::resolveSymbol(const InstructionInfo& info,
uint64_t address, uint64_t& offset)
{
return nullptr;
}
/* ExactSymbolResolver ===================================================================== */
ExactSymbolResolver::~ExactSymbolResolver()
{
}
const char *ExactSymbolResolver::resolveSymbol(const InstructionInfo& info,
uint64_t address, uint64_t& offset)
{
std::unordered_map<uint64_t, std::string>::const_iterator iterator = m_symbolMap.find(address);
if (iterator != m_symbolMap.cend())
{
offset = 0;
return iterator->second.c_str();
}
return nullptr;
}
bool ExactSymbolResolver::containsSymbol(uint64_t address) const
{
std::unordered_map<uint64_t, std::string>::const_iterator iterator = m_symbolMap.find(address);
return (iterator != m_symbolMap.end());
}
void ExactSymbolResolver::setSymbol(uint64_t address, const char *name)
{
m_symbolMap[address].assign(name);
}
void ExactSymbolResolver::removeSymbol(uint64_t address)
{
m_symbolMap.erase(address);
}
void ExactSymbolResolver::clear()
{
m_symbolMap.clear();
}
/* ============================================================================================== */
}

119
Zydis/ZydisSymbolResolver.hpp Normal file
View File

@ -0,0 +1,119 @@
/***************************************************************************************************
Zyan Disassembler Engine
Version 1.0
Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd
Modifications : Joel Höner
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
***************************************************************************************************/
#ifndef _ZYDIS_SYMBOLRESOLVER_HPP_
#define _ZYDIS_SYMBOLRESOLVER_HPP_
#include <unordered_map>
#include "ZydisTypes.hpp"
namespace Zydis
{
/* BaseSymbolResolver =========================================================================== */
/**
* @brief Base class for all symbol resolver implementations.
*/
class BaseSymbolResolver
{
public:
/**
* @brief Destructor.
*/
virtual ~BaseSymbolResolver();
public:
/**
* @brief Resolves a symbol.
* @param info The instruction info.
* @param address The address.
* @param offset Reference to an unsigned 64 bit integer that receives an offset
* relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not.
*/
virtual const char *resolveSymbol(const InstructionInfo& info, uint64_t address,
uint64_t& offset);
};
/* ExactSymbolResolver ========================================================================== */
/**
* @brief Simple symbol resolver that only matches exact addresses.
*/
class ExactSymbolResolver : public BaseSymbolResolver
{
private:
std::unordered_map<uint64_t, std::string> m_symbolMap;
public:
/**
* @brief Destructor.
*/
~ExactSymbolResolver() override;
public:
/**
* @brief Resolves a symbol.
* @param info The instruction info.
* @param address The address.
* @param offset Reference to an unsigned 64 bit integer that receives an offset
* relative to the base address of the symbol.
* @return The name of the symbol, if the symbol was found, @c NULL if not.
*/
const char* resolveSymbol(const InstructionInfo& info, uint64_t address,
uint64_t& offset) override;
public:
/**
* @brief Query if the given address is a known symbol.
* @param address The address.
* @return True if the address is known, false if not.
*/
bool containsSymbol(uint64_t address) const;
/**
* @brief Adds or changes a symbol.
* @param address The address.
* @param name The symbol name.
*/
void setSymbol(uint64_t address, const char *name);
/**
* @brief Removes the symbol described by address. This will invalidate all char pointers
* to the specific symbol name.
* @param address The address.
*/
void removeSymbol(uint64_t address);
/**
* @brief Clears the symbol tree.
*/
void clear();
};
/* ============================================================================================== */
}
#endif /* _ZYDIS_SYMBOLRESOLVER_HPP_ */

58
Bindings/Cpp/ZyDisDisassemblerTypes.hpp → Zydis/ZydisTypes.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 22. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,15 +26,19 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once
#ifndef _ZYDIS_TYPES_HPP_
#define _ZYDIS_TYPES_HPP_
#include <stdint.h> #include <stdint.h>
#include "ZyDisOpcodeTable.hpp" #include "ZydisOpcodeTable.hpp"
namespace Verteron namespace Zydis
{ {
/* InstructionFlags ============================================================================= */
/** /**
* @brief Values that represent additional flags of a decoded instruction. * @brief Values that represent additional flags of a decoded instruction.
*/ */
@ -125,10 +127,12 @@ enum InstructionFlags : uint32_t
IF_ERROR_OPERAND = 0x01000000 IF_ERROR_OPERAND = 0x01000000
}; };
/* Register ===================================================================================== */
/** /**
* @brief Values that represent a cpu register. * @brief Values that represent a cpu register.
*/ */
enum class ZyDisRegister : uint16_t enum class Register : uint16_t
{ {
NONE, NONE,
/* 8 bit general purpose registers */ /* 8 bit general purpose registers */
@ -185,10 +189,12 @@ enum class ZyDisRegister : uint16_t
RIP RIP
}; };
/* OperandType ================================================================================== */
/** /**
* @brief Values that represent the type of a decoded operand. * @brief Values that represent the type of a decoded operand.
*/ */
enum class ZyDisOperandType : uint8_t enum class OperandType : uint8_t
{ {
/** /**
* @brief The operand is not used. * @brief The operand is not used.
@ -220,10 +226,12 @@ enum class ZyDisOperandType : uint8_t
CONSTANT CONSTANT
}; };
/* ZydisOperandAccessMode ============================================================================ */
/** /**
* @brief Values that represent the operand access mode. * @brief Values that represent the operand access mode.
*/ */
enum class ZyDisOperandAccessMode : uint8_t enum class OperandAccessMode : uint8_t
{ {
NA, NA,
/** /**
@ -240,15 +248,17 @@ enum class ZyDisOperandAccessMode : uint8_t
READWRITE READWRITE
}; };
/* OperandInfo ================================================================================== */
/** /**
* @brief This struct holds information about a decoded operand. * @brief This struct holds information about a decoded operand.
*/ */
struct ZyDisOperandInfo struct OperandInfo
{ {
/** /**
* @brief The type of the operand. * @brief The type of the operand.
*/ */
ZyDisOperandType type; OperandType type;
/** /**
* @brief The size of the operand. * @brief The size of the operand.
*/ */
@ -256,15 +266,15 @@ struct ZyDisOperandInfo
/** /**
* @brief The operand access mode. * @brief The operand access mode.
*/ */
ZyDisOperandAccessMode access_mode; OperandAccessMode access_mode;
/** /**
* @brief The base register. * @brief The base register.
*/ */
ZyDisRegister base; Register base;
/** /**
* @brief The index register. * @brief The index register.
*/ */
ZyDisRegister index; Register index;
/** /**
* @brief The scale factor. * @brief The scale factor.
*/ */
@ -297,10 +307,12 @@ struct ZyDisOperandInfo
} lval; } lval;
}; };
/* InstructionInfo ============================================================================== */
/** /**
* @brief This struct holds information about a decoded instruction. * @brief This struct holds information about a decoded instruction.
*/ */
struct ZyDisInstructionInfo struct InstructionInfo
{ {
/** /**
* @brief The instruction flags. * @brief The instruction flags.
@ -309,7 +321,7 @@ struct ZyDisInstructionInfo
/** /**
* @brief The instruction mnemonic. * @brief The instruction mnemonic.
*/ */
ZyDisInstructionMnemonic mnemonic; InstructionMnemonic mnemonic;
/** /**
* @brief The total length of the instruction. * @brief The total length of the instruction.
*/ */
@ -337,12 +349,12 @@ struct ZyDisInstructionInfo
/** /**
* @brief The decoded operands. * @brief The decoded operands.
*/ */
ZyDisOperandInfo operand[4]; OperandInfo operand[4];
/** /**
* @brief The segment register. This value will default to @c NONE, if no segment register * @brief The segment register. This value will default to @c NONE, if no segment register
* prefix is present. * prefix is present.
*/ */
ZyDisRegister segment; Register segment;
/** /**
* @brief The rex prefix byte. * @brief The rex prefix byte.
*/ */
@ -512,7 +524,7 @@ struct ZyDisInstructionInfo
/** /**
* @brief The instruction definition. * @brief The instruction definition.
*/ */
const ZyDisInstructionDefinition *instrDefinition; const InstructionDefinition* instrDefinition;
/** /**
* @brief The instruction address points to the current instruction (relative to the * @brief The instruction address points to the current instruction (relative to the
* initial instruction pointer). * initial instruction pointer).
@ -527,3 +539,5 @@ struct ZyDisInstructionInfo
}; };
} }
#endif /* _ZYDIS_TYPES_HPP_ */

23
Bindings/Cpp/ZyDisDisassemblerUtils.cpp → Zydis/ZydisUtils.cpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 30. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,17 +26,18 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#include "ZyDisDisassemblerUtils.hpp"
#include "ZydisUtils.hpp"
#include <cassert> #include <cassert>
namespace Verteron namespace Zydis
{ {
uint64_t VDECalcAbsoluteTarget(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand) uint64_t CalcAbsoluteTarget(const InstructionInfo& info, const OperandInfo& operand)
{ {
assert((operand.type == ZyDisOperandType::REL_IMMEDIATE) || assert((operand.type == OperandType::REL_IMMEDIATE) ||
((operand.type == ZyDisOperandType::MEMORY) && (operand.base == ZyDisRegister::RIP))); ((operand.type == OperandType::MEMORY)&& (operand.base == Register::RIP)));
uint64_t truncMask = 0xFFFFFFFFFFFFFFFFull; uint64_t truncMask = 0xFFFFFFFFFFFFFFFFull;
if (!(info.flags& IF_DISASSEMBLER_MODE_64)) if (!(info.flags& IF_DISASSEMBLER_MODE_64))
@ -46,7 +45,7 @@ uint64_t VDECalcAbsoluteTarget(const ZyDisInstructionInfo &info, const ZyDisOper
truncMask >>= (64 - info.operand_mode); truncMask >>= (64 - info.operand_mode);
} }
uint16_t size = operand.size; uint16_t size = operand.size;
if ((operand.type == ZyDisOperandType::MEMORY) && (operand.base == ZyDisRegister::RIP)) if ((operand.type == OperandType::MEMORY)&& (operand.base == Register::RIP))
{ {
size = operand.offset; size = operand.offset;
} }

22
Bindings/Cpp/ZyDisDisassemblerUtils.hpp → Zydis/ZydisUtils.hpp
View File

@ -1,14 +1,12 @@
/************************************************************************************************** /***************************************************************************************************
Verteron Disassembler Engine Zyan Disassembler Engine
Version 1.0 Version 1.0
Remarks : Freeware, Copyright must be included Remarks : Freeware, Copyright must be included
Original Author : Florian Bernd Original Author : Florian Bernd
Modifications : Modifications : Joel Höner
Last change : 30. October 2014
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
@ -28,13 +26,15 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. * SOFTWARE.
**************************************************************************************************/ ***************************************************************************************************/
#pragma once
#ifndef _ZYDIS_UTILS_HPP_
#define _ZYDIS_UTILS_HPP_
#include <stdint.h> #include <stdint.h>
#include "ZyDisDisassemblerTypes.hpp" #include "ZydisTypes.hpp"
namespace Verteron namespace Zydis
{ {
/** /**
@ -43,6 +43,8 @@ namespace Verteron
* @param operand The operand. * @param operand The operand.
* @return The absolute target address. * @return The absolute target address.
*/ */
uint64_t VDECalcAbsoluteTarget(const ZyDisInstructionInfo &info, const ZyDisOperandInfo &operand); uint64_t CalcAbsoluteTarget(const InstructionInfo& info, const OperandInfo& operand);
} }
#endif /* _ZYDIS_UTILS_HPP_ */