Added `ZYDIS_ATTRIB_IS_FAR_BRANCH` attribute for far JMP/CALL/RET instructions

include/Zydis/DecoderTypes.h

@@ -222,6 +222,12 @@ typedef uint64_t ZydisInstructionAttributes;
  * Priviliged instructions are any instructions that require a current ring level below 3.
  */
 #define ZYDIS_ATTRIB_IS_PRIVILEGED              0x0000000000000100 // (1 <<  8)
+
+/**
+ * @brief   The instruction is a far JMP/CALL/RET.
+ */
+#define ZYDIS_ATTRIB_IS_FAR_BRANCH              0x0000001000000000 // (1 << 36) // TODO: rebase
+
 /**
  * @brief   The instruction accepts the lock prefix (0xF0). 
  */
@@ -346,11 +352,11 @@ typedef uint64_t ZydisInstructionAttributes;
 /**
  * @brief   The instruction has the operand-size prefix (0x66). 
  */
-#define ZYDIS_ATTRIB_HAS_OPERANDSIZE            0x0000000400000000 // (1 << 34)
+#define ZYDIS_ATTRIB_HAS_OPERANDSIZE            0x0000000400000000 // (1 << 34) // TODO: rename
 /**
  * @brief   The instruction has the address-size prefix (0x67). 
  */
-#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE            0x0000000800000000 // (1 << 35)
+#define ZYDIS_ATTRIB_HAS_ADDRESSSIZE            0x0000000800000000 // (1 << 35) // TODO: rename
 
 /* ---------------------------------------------------------------------------------------------- */
 /* R/E/FLAGS info                                                                                 */

src/Decoder.c

@@ -2030,6 +2030,10 @@ static void ZydisSetAttributes(ZydisDecoderContext* context, ZydisDecodedInstruc
         {
             instruction->attributes |= ZYDIS_ATTRIB_IS_PRIVILEGED;
         }
+        if (def->isFarBranch)
+        {
+            instruction->attributes |= ZYDIS_ATTRIB_IS_FAR_BRANCH;
+        }
         if (def->acceptsLock)
         {
             instruction->attributes |= ZYDIS_ATTRIB_ACCEPTS_LOCK;

src/Generated/OperandDefinitions.inc

@@ -6240,6 +6240,7 @@ const ZydisOperandDefinition operandDefinitions[] =
     { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_DS } } } }, 
     { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_FS } } } }, 
     { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_WRITE, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_GS } } } }, 
+    { ZYDIS_SEMANTIC_OPTYPE_MEM, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 1, 1, 1 }, ZYDIS_IELEMENT_TYPE_INT64, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, 
     { ZYDIS_SEMANTIC_OPTYPE_GPR32_32_64, ZYDIS_OPERAND_VISIBILITY_EXPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .encoding = ZYDIS_OPERAND_ENCODING_MODRM_RM } }, 
     { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_ES } } } }, 
     { ZYDIS_SEMANTIC_OPTYPE_IMPLICIT_REG, ZYDIS_OPERAND_VISIBILITY_IMPLICIT, ZYDIS_OPERAND_ACTION_READ, { 0, 0, 0 }, ZYDIS_IELEMENT_TYPE_INVALID, { .reg = { ZYDIS_IMPLREG_TYPE_STATIC, { .reg = ZYDIS_REGISTER_CS } } } }, 

src/SharedData.h

@@ -572,6 +572,7 @@ typedef struct ZydisInstructionDefinitionDEFAULT_
 {
     ZYDIS_INSTRUCTION_DEFINITION_BASE;
     ZydisBool isPrivileged                  ZYDIS_BITFIELD( 1);
+    ZydisBool isFarBranch                   ZYDIS_BITFIELD( 1);
     ZydisBool acceptsLock                   ZYDIS_BITFIELD( 1);
     ZydisBool acceptsREP                    ZYDIS_BITFIELD( 1);
     ZydisBool acceptsREPEREPZ               ZYDIS_BITFIELD( 1);