x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Fixed examples and tools

This commit is contained in:
flobernd 2017-07-03 03:58:25 +02:00
parent 66fe376f36
commit d12059e043
3 changed files with 61 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
examples/FormatterHooks.c
View File

@ -37,6 +37,7 @@
#include <Zydis/Zydis.h>
#include "FormatHelper.h"
#include <stdlib.h>
#include <time.h>
/* ============================================================================================== */
/* Static data */
@ -87,75 +88,78 @@ static const char* conditionCodeStrings[0x20] =
ZydisFormatterFormatFunc defaultPrintMnemonic;
static ZydisStatus ZydisFormatterPrintMnemonic(ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisInstructionInfo* info)
static ZydisStatus ZydisFormatterPrintMnemonic(const ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisDecodedInstruction* instruction)
{
// We use the user-data field of the instruction-info to pass data to the
// @c ZydisFormatterFormatOperandImm function.
// In this case we are using a simple ordinal value, but you could pass a pointer to a
// complex datatype as well.
info->userData = (void*)1;
instruction->userData = (void*)1;
// Rewrite the instruction-mnemonic for the given instructions
if ((info->operandCount == 3) && (info->operands[2].type == ZYDIS_OPERAND_TYPE_IMMEDIATE))
{
uint8_t conditionCode = info->operands[2].imm.value.ubyte;
if (conditionCode < 0x08)
if (instruction->operands[instruction->operandCount - 1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE)
{
uint8_t conditionCode =
(uint8_t)instruction->operands[instruction->operandCount - 1].imm.value.u;
switch (instruction->mnemonic)
{
switch (info->mnemonic)
case ZYDIS_MNEMONIC_CMPPS:
if (conditionCode < 0x08)
{
case ZYDIS_MNEMONIC_CMPPS:
return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%sps",
conditionCodeStrings[conditionCode]);
case ZYDIS_MNEMONIC_CMPPD:
}
break;
case ZYDIS_MNEMONIC_CMPPD:
if (conditionCode < 0x08)
{
return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%spd",
conditionCodeStrings[conditionCode]);
default:
break;
}
}
}
if ((info->operandCount == 4) && (info->operands[3].type == ZYDIS_OPERAND_TYPE_IMMEDIATE))
{
uint8_t conditionCode = info->operands[3].imm.value.ubyte;
if (conditionCode < 0x20)
{
switch (info->mnemonic)
break;
case ZYDIS_MNEMONIC_VCMPPS:
if (conditionCode < 0x20)
{
case ZYDIS_MNEMONIC_VCMPPS:
return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%sps",
conditionCodeStrings[conditionCode]);
case ZYDIS_MNEMONIC_VCMPPD:
}
break;
case ZYDIS_MNEMONIC_VCMPPD:
if (conditionCode < 0x20)
{
return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%spd",
conditionCodeStrings[conditionCode]);
default:
break;
}
}
break;
default:
break;
}
}
// We did not rewrite the instruction-mnemonic. Signal the @c ZydisFormatterFormatOperandImm
// function not to omit the operand
info->userData = (void*)0;
instruction->userData = (void*)0;
// Default mnemonic printing
return defaultPrintMnemonic(formatter, buffer, bufferLen, info);
return defaultPrintMnemonic(formatter, buffer, bufferLen, instruction);
}
/* ---------------------------------------------------------------------------------------------- */
ZydisFormatterFormatOperandFunc defaultFormatOperandImm;
static ZydisStatus ZydisFormatterFormatOperandImm(ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisInstructionInfo* info, ZydisOperandInfo* operand)
static ZydisStatus ZydisFormatterFormatOperandImm(const ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisDecodedInstruction* instruction,
ZydisDecodedOperand* operand)
{
// The @c ZydisFormatterFormatMnemonic sinals us to omit the immediate (condition-code)
// operand, because it got replaced by the alias-mnemonic
if ((uintptr_t)info->userData == 1)
if ((uintptr_t)instruction->userData == 1)
{
// The formatter will automatically omit the operand, if the buffer remains unchanged
// after the callback returns
@ -163,7 +167,7 @@ static ZydisStatus ZydisFormatterFormatOperandImm(ZydisInstructionFormatter* for
}
// Default immediate formatting
return defaultFormatOperandImm(formatter, buffer, bufferLen, info, operand);
return defaultFormatOperandImm(formatter, buffer, bufferLen, instruction, operand);
}
/* ---------------------------------------------------------------------------------------------- */
@ -192,16 +196,16 @@ void disassembleBuffer(ZydisInstructionDecoder* decoder, uint8_t* data, size_t l
uint64_t instructionPointer = 0x007FFFFFFF400000;
ZydisInstructionInfo info;
ZydisDecodedInstruction instruction;
char buffer[256];
while (ZYDIS_SUCCESS(
ZydisDecoderDecodeBuffer(decoder, data, length, instructionPointer, &info)))
ZydisDecoderDecodeBuffer(decoder, data, length, instructionPointer, &instruction)))
{
data += info.length;
length -= info.length;
instructionPointer += info.length;
printf("%016" PRIX64 " ", info.instrAddress);
ZydisFormatterFormatInstruction(&formatter, &info, &buffer[0], sizeof(buffer));
data += instruction.length;
length -= instruction.length;
instructionPointer += instruction.length;
printf("%016" PRIX64 " ", instruction.instrAddress);
ZydisFormatterFormatInstruction(&formatter, &instruction, &buffer[0], sizeof(buffer));
printf(" %s\n", &buffer[0]);
}
}
@ -223,13 +227,14 @@ int main()
// vcmppd xmm1, xmm2, xmm3, 0x17
0xC5, 0xE9, 0xC2, 0xCB, 0x17,
// vcmpps k2 {k7}, zmm2, dword ptr ds:[rax + rbx*4 + 0x100] {1to16}, 0x0F
// vcmpps k2 {k7}, zmm2, zmmword ptr ds:[rax + rbx*4 + 0x100] {1to16}, 0x0F
0x62, 0xF1, 0x6C, 0x5F, 0xC2, 0x54, 0x98, 0x40, 0x0F
};
ZydisInstructionDecoder decoder;
ZydisDecoderInitInstructionDecoder(
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_INVALID);
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
disassembleBuffer(&decoder, &data[0], sizeof(data), ZYDIS_FALSE);
puts("");

20
tools/ZydisDisasm.c
View File

@ -53,7 +53,7 @@ int main(int argc, char** argv)
ZydisInstructionDecoder decoder;
if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoder(
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_INVALID)))
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64)))
{
fputs("Failed to initialize decoder\n", stderr);
return EXIT_FAILURE;
@ -74,28 +74,22 @@ int main(int argc, char** argv)
{
numBytesRead = fread(readBuf, 1, sizeof(readBuf), file);
ZydisInstructionInfo info;
ZydisDecodedInstruction instruction;
ZydisStatus status;
size_t readOffs = 0;
while ((status = ZydisDecoderDecodeBuffer(
&decoder,
readBuf + readOffs,
numBytesRead - readOffs,
readOffs,
&info
)) != ZYDIS_STATUS_NO_MORE_DATA)
while ((status = ZydisDecoderDecodeBuffer(&decoder, readBuf + readOffs,
numBytesRead - readOffs, readOffs, &instruction)) != ZYDIS_STATUS_NO_MORE_DATA)
{
if (!ZYDIS_SUCCESS(status))
{
++readOffs;
printf("db %02X\n", info.data[0]);
printf("db %02X\n", instruction.data[0]);
continue;
}
char printBuffer[256];
ZydisFormatterFormatInstruction(
&formatter, &info, printBuffer, sizeof(printBuffer)
);
&formatter, &instruction, printBuffer, sizeof(printBuffer));
puts(printBuffer);
// TODO: Remove
@ -124,7 +118,7 @@ int main(int argc, char** argv)
#endif
// DEBUG CODE END
readOffs += info.length;
readOffs += instruction.length;
}
if (readOffs < sizeof(readBuf))

22
tools/ZydisFuzzIn.c
View File

@ -40,7 +40,8 @@
#include <Zydis/Zydis.h>
typedef struct ZydisFuzzControlBlock_ {
ZydisMachineMode machineMode;
ZydisMachineMode machineMode;
ZydisAddressWidth addressWidth;
ZydisDecodeGranularity granularity;
ZydisFormatterStyle formatterStyle;
ZydisFormatterFlags formatterFlags;
@ -64,8 +65,7 @@ int main()
ZydisInstructionDecoder decoder;
if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoderEx(
&decoder, controlBlock.machineMode,
ZYDIS_ADDRESS_WIDTH_INVALID, controlBlock.granularity)))
&decoder, controlBlock.machineMode, controlBlock.addressWidth, controlBlock.granularity)))
{
fputs("Failed to initialize decoder\n", stderr);
return EXIT_FAILURE;
@ -86,16 +86,11 @@ int main()
{
numBytesRead = fread(readBuf, 1, sizeof(readBuf), stdin);
ZydisInstructionInfo info;
ZydisDecodedInstruction instruction;
ZydisStatus status;
size_t readOffs = 0;
while ((status = ZydisDecoderDecodeBuffer(
&decoder,
readBuf + readOffs,
numBytesRead - readOffs,
readOffs,
&info
)) != ZYDIS_STATUS_NO_MORE_DATA)
while ((status = ZydisDecoderDecodeBuffer(&decoder, readBuf + readOffs,
numBytesRead - readOffs, readOffs, &instruction)) != ZYDIS_STATUS_NO_MORE_DATA)
{
if (!ZYDIS_SUCCESS(status))
{
@ -104,8 +99,9 @@ int main()
}
char printBuffer[256];
ZydisFormatterFormatInstruction(&formatter, &info, printBuffer, sizeof(printBuffer));
readOffs += info.length;
ZydisFormatterFormatInstruction(
&formatter, &instruction, printBuffer, sizeof(printBuffer));
readOffs += instruction.length;
}
if (readOffs < sizeof(readBuf))