x64dbg
/
zydis
mirror of https://github.com/x64dbg/zydis
1
0
Fork 0
Code Releases Activity

Fixed examples and tools

This commit is contained in:
flobernd 2017-07-03 03:58:25 +02:00
parent 66fe376f36
commit d12059e043
3 changed files with 61 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
examples/FormatterHooks.c
View File

@ -37,6 +37,7 @@
#include <Zydis/Zydis.h> #include <Zydis/Zydis.h>
#include "FormatHelper.h" #include "FormatHelper.h"
#include <stdlib.h> #include <stdlib.h>
#include <time.h>
/* ============================================================================================== */ /* ============================================================================================== */
/* Static data */ /* Static data */
@ -87,75 +88,78 @@ static const char* conditionCodeStrings[0x20] =
ZydisFormatterFormatFunc defaultPrintMnemonic; ZydisFormatterFormatFunc defaultPrintMnemonic;
static ZydisStatus ZydisFormatterPrintMnemonic(ZydisInstructionFormatter* formatter, static ZydisStatus ZydisFormatterPrintMnemonic(const ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisInstructionInfo* info) char** buffer, size_t bufferLen, ZydisDecodedInstruction* instruction)
{ {
// We use the user-data field of the instruction-info to pass data to the // We use the user-data field of the instruction-info to pass data to the
// @c ZydisFormatterFormatOperandImm function. // @c ZydisFormatterFormatOperandImm function.
// In this case we are using a simple ordinal value, but you could pass a pointer to a // In this case we are using a simple ordinal value, but you could pass a pointer to a
// complex datatype as well. // complex datatype as well.
info->userData = (void*)1; instruction->userData = (void*)1;
// Rewrite the instruction-mnemonic for the given instructions // Rewrite the instruction-mnemonic for the given instructions
if ((info->operandCount == 3) && (info->operands[2].type == ZYDIS_OPERAND_TYPE_IMMEDIATE)) if (instruction->operands[instruction->operandCount - 1].type == ZYDIS_OPERAND_TYPE_IMMEDIATE)
{ {
uint8_t conditionCode = info->operands[2].imm.value.ubyte; uint8_t conditionCode =
if (conditionCode < 0x08) (uint8_t)instruction->operands[instruction->operandCount - 1].imm.value.u;
switch (instruction->mnemonic)
{ {
switch (info->mnemonic) case ZYDIS_MNEMONIC_CMPPS:
if (conditionCode < 0x08)
{ {
case ZYDIS_MNEMONIC_CMPPS:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%sps", ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%sps",
conditionCodeStrings[conditionCode]); conditionCodeStrings[conditionCode]);
case ZYDIS_MNEMONIC_CMPPD: }
break;
case ZYDIS_MNEMONIC_CMPPD:
if (conditionCode < 0x08)
{
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%spd", ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "cmp%spd",
conditionCodeStrings[conditionCode]); conditionCodeStrings[conditionCode]);
default:
break;
} }
} break;
} case ZYDIS_MNEMONIC_VCMPPS:
if ((info->operandCount == 4) && (info->operands[3].type == ZYDIS_OPERAND_TYPE_IMMEDIATE)) if (conditionCode < 0x20)
{
uint8_t conditionCode = info->operands[3].imm.value.ubyte;
if (conditionCode < 0x20)
{
switch (info->mnemonic)
{ {
case ZYDIS_MNEMONIC_VCMPPS:
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%sps", ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%sps",
conditionCodeStrings[conditionCode]); conditionCodeStrings[conditionCode]);
case ZYDIS_MNEMONIC_VCMPPD: }
break;
case ZYDIS_MNEMONIC_VCMPPD:
if (conditionCode < 0x20)
{
return ZydisStringBufferAppendFormat(buffer, bufferLen, return ZydisStringBufferAppendFormat(buffer, bufferLen,
ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%spd", ZYDIS_STRBUF_APPEND_MODE_DEFAULT, "vcmp%spd",
conditionCodeStrings[conditionCode]); conditionCodeStrings[conditionCode]);
default:
break;
} }
break;
default:
break;
} }
} }
// We did not rewrite the instruction-mnemonic. Signal the @c ZydisFormatterFormatOperandImm // We did not rewrite the instruction-mnemonic. Signal the @c ZydisFormatterFormatOperandImm
// function not to omit the operand // function not to omit the operand
info->userData = (void*)0; instruction->userData = (void*)0;
// Default mnemonic printing // Default mnemonic printing
return defaultPrintMnemonic(formatter, buffer, bufferLen, info); return defaultPrintMnemonic(formatter, buffer, bufferLen, instruction);
} }
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
ZydisFormatterFormatOperandFunc defaultFormatOperandImm; ZydisFormatterFormatOperandFunc defaultFormatOperandImm;
static ZydisStatus ZydisFormatterFormatOperandImm(ZydisInstructionFormatter* formatter, static ZydisStatus ZydisFormatterFormatOperandImm(const ZydisInstructionFormatter* formatter,
char** buffer, size_t bufferLen, ZydisInstructionInfo* info, ZydisOperandInfo* operand) char** buffer, size_t bufferLen, ZydisDecodedInstruction* instruction,
ZydisDecodedOperand* operand)
{ {
// The @c ZydisFormatterFormatMnemonic sinals us to omit the immediate (condition-code) // The @c ZydisFormatterFormatMnemonic sinals us to omit the immediate (condition-code)
// operand, because it got replaced by the alias-mnemonic // operand, because it got replaced by the alias-mnemonic
if ((uintptr_t)info->userData == 1) if ((uintptr_t)instruction->userData == 1)
{ {
// The formatter will automatically omit the operand, if the buffer remains unchanged // The formatter will automatically omit the operand, if the buffer remains unchanged
// after the callback returns // after the callback returns
@ -163,7 +167,7 @@ static ZydisStatus ZydisFormatterFormatOperandImm(ZydisInstructionFormatter* for
} }
// Default immediate formatting // Default immediate formatting
return defaultFormatOperandImm(formatter, buffer, bufferLen, info, operand); return defaultFormatOperandImm(formatter, buffer, bufferLen, instruction, operand);
} }
/* ---------------------------------------------------------------------------------------------- */ /* ---------------------------------------------------------------------------------------------- */
@ -192,16 +196,16 @@ void disassembleBuffer(ZydisInstructionDecoder* decoder, uint8_t* data, size_t l
uint64_t instructionPointer = 0x007FFFFFFF400000; uint64_t instructionPointer = 0x007FFFFFFF400000;
ZydisInstructionInfo info; ZydisDecodedInstruction instruction;
char buffer[256]; char buffer[256];
while (ZYDIS_SUCCESS( while (ZYDIS_SUCCESS(
ZydisDecoderDecodeBuffer(decoder, data, length, instructionPointer, &info))) ZydisDecoderDecodeBuffer(decoder, data, length, instructionPointer, &instruction)))
{ {
data += info.length; data += instruction.length;
length -= info.length; length -= instruction.length;
instructionPointer += info.length; instructionPointer += instruction.length;
printf("%016" PRIX64 " ", info.instrAddress); printf("%016" PRIX64 " ", instruction.instrAddress);
ZydisFormatterFormatInstruction(&formatter, &info, &buffer[0], sizeof(buffer)); ZydisFormatterFormatInstruction(&formatter, &instruction, &buffer[0], sizeof(buffer));
printf(" %s\n", &buffer[0]); printf(" %s\n", &buffer[0]);
} }
} }
@ -223,13 +227,14 @@ int main()
// vcmppd xmm1, xmm2, xmm3, 0x17 // vcmppd xmm1, xmm2, xmm3, 0x17
0xC5, 0xE9, 0xC2, 0xCB, 0x17, 0xC5, 0xE9, 0xC2, 0xCB, 0x17,
// vcmpps k2 {k7}, zmm2, dword ptr ds:[rax + rbx*4 + 0x100] {1to16}, 0x0F // vcmpps k2 {k7}, zmm2, zmmword ptr ds:[rax + rbx*4 + 0x100] {1to16}, 0x0F
0x62, 0xF1, 0x6C, 0x5F, 0xC2, 0x54, 0x98, 0x40, 0x0F 0x62, 0xF1, 0x6C, 0x5F, 0xC2, 0x54, 0x98, 0x40, 0x0F
}; };
ZydisInstructionDecoder decoder; ZydisInstructionDecoder decoder;
ZydisDecoderInitInstructionDecoder( ZydisDecoderInitInstructionDecoder(
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_INVALID); &decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64);
disassembleBuffer(&decoder, &data[0], sizeof(data), ZYDIS_FALSE); disassembleBuffer(&decoder, &data[0], sizeof(data), ZYDIS_FALSE);
puts(""); puts("");

20
tools/ZydisDisasm.c
View File

@ -53,7 +53,7 @@ int main(int argc, char** argv)
ZydisInstructionDecoder decoder; ZydisInstructionDecoder decoder;
if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoder( if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoder(
&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_INVALID))) &decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_WIDTH_64)))
{ {
fputs("Failed to initialize decoder\n", stderr); fputs("Failed to initialize decoder\n", stderr);
return EXIT_FAILURE; return EXIT_FAILURE;
@ -74,28 +74,22 @@ int main(int argc, char** argv)
{ {
numBytesRead = fread(readBuf, 1, sizeof(readBuf), file); numBytesRead = fread(readBuf, 1, sizeof(readBuf), file);
ZydisInstructionInfo info; ZydisDecodedInstruction instruction;
ZydisStatus status; ZydisStatus status;
size_t readOffs = 0; size_t readOffs = 0;
while ((status = ZydisDecoderDecodeBuffer( while ((status = ZydisDecoderDecodeBuffer(&decoder, readBuf + readOffs,
&decoder, numBytesRead - readOffs, readOffs, &instruction)) != ZYDIS_STATUS_NO_MORE_DATA)
readBuf + readOffs,
numBytesRead - readOffs,
readOffs,
&info
)) != ZYDIS_STATUS_NO_MORE_DATA)
{ {
if (!ZYDIS_SUCCESS(status)) if (!ZYDIS_SUCCESS(status))
{ {
++readOffs; ++readOffs;
printf("db %02X\n", info.data[0]); printf("db %02X\n", instruction.data[0]);
continue; continue;
} }
char printBuffer[256]; char printBuffer[256];
ZydisFormatterFormatInstruction( ZydisFormatterFormatInstruction(
&formatter, &info, printBuffer, sizeof(printBuffer) &formatter, &instruction, printBuffer, sizeof(printBuffer));
);
puts(printBuffer); puts(printBuffer);
// TODO: Remove // TODO: Remove
@ -124,7 +118,7 @@ int main(int argc, char** argv)
#endif #endif
// DEBUG CODE END // DEBUG CODE END
readOffs += info.length; readOffs += instruction.length;
} }
if (readOffs < sizeof(readBuf)) if (readOffs < sizeof(readBuf))

20
tools/ZydisFuzzIn.c
View File

@ -41,6 +41,7 @@
typedef struct ZydisFuzzControlBlock_ { typedef struct ZydisFuzzControlBlock_ {
ZydisMachineMode machineMode; ZydisMachineMode machineMode;
ZydisAddressWidth addressWidth;
ZydisDecodeGranularity granularity; ZydisDecodeGranularity granularity;
ZydisFormatterStyle formatterStyle; ZydisFormatterStyle formatterStyle;
ZydisFormatterFlags formatterFlags; ZydisFormatterFlags formatterFlags;
@ -64,8 +65,7 @@ int main()
ZydisInstructionDecoder decoder; ZydisInstructionDecoder decoder;
if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoderEx( if (!ZYDIS_SUCCESS(ZydisDecoderInitInstructionDecoderEx(
&decoder, controlBlock.machineMode, &decoder, controlBlock.machineMode, controlBlock.addressWidth, controlBlock.granularity)))
ZYDIS_ADDRESS_WIDTH_INVALID, controlBlock.granularity)))
{ {
fputs("Failed to initialize decoder\n", stderr); fputs("Failed to initialize decoder\n", stderr);
return EXIT_FAILURE; return EXIT_FAILURE;
@ -86,16 +86,11 @@ int main()
{ {
numBytesRead = fread(readBuf, 1, sizeof(readBuf), stdin); numBytesRead = fread(readBuf, 1, sizeof(readBuf), stdin);
ZydisInstructionInfo info; ZydisDecodedInstruction instruction;
ZydisStatus status; ZydisStatus status;
size_t readOffs = 0; size_t readOffs = 0;
while ((status = ZydisDecoderDecodeBuffer( while ((status = ZydisDecoderDecodeBuffer(&decoder, readBuf + readOffs,
&decoder, numBytesRead - readOffs, readOffs, &instruction)) != ZYDIS_STATUS_NO_MORE_DATA)
readBuf + readOffs,
numBytesRead - readOffs,
readOffs,
&info
)) != ZYDIS_STATUS_NO_MORE_DATA)
{ {
if (!ZYDIS_SUCCESS(status)) if (!ZYDIS_SUCCESS(status))
{ {
@ -104,8 +99,9 @@ int main()
} }
char printBuffer[256]; char printBuffer[256];
ZydisFormatterFormatInstruction(&formatter, &info, printBuffer, sizeof(printBuffer)); ZydisFormatterFormatInstruction(
readOffs += info.length; &formatter, &instruction, printBuffer, sizeof(printBuffer));
readOffs += instruction.length;
} }
if (readOffs < sizeof(readBuf)) if (readOffs < sizeof(readBuf))