Path: blob/master/dep/zydis/include/Zydis/Disassembler.h
4216 views
/***************************************************************************************************12Zyan Disassembler Library (Zydis)34Original Author : Joel Hoener56* Permission is hereby granted, free of charge, to any person obtaining a copy7* of this software and associated documentation files (the "Software"), to deal8* in the Software without restriction, including without limitation the rights9* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell10* copies of the Software, and to permit persons to whom the Software is11* furnished to do so, subject to the following conditions:12*13* The above copyright notice and this permission notice shall be included in all14* copies or substantial portions of the Software.15*16* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR17* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,18* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE19* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER20* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,21* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE22* SOFTWARE.2324***************************************************************************************************/2526/**27* @file28* All-in-one convenience function providing the simplest possible way to use Zydis.29*/3031#ifndef ZYDIS_DISASSEMBLER_H32#define ZYDIS_DISASSEMBLER_H3334#include <Zydis/Decoder.h>35#include <Zydis/Formatter.h>3637#ifdef __cplusplus38extern "C" {39#endif4041/* ============================================================================================== */42/* Types */43/* ============================================================================================== */4445/**46* All commonly used information about a decoded instruction that Zydis can provide.47*48* This structure is filled in by calling `ZydisDisassembleIntel` or `ZydisDisassembleATT`.49*/50typedef struct ZydisDisassembledInstruction_51{52/**53* The runtime address that was passed when disassembling the instruction.54*/55ZyanU64 runtime_address;56/**57* General information about the decoded instruction in machine-readable format.58*/59ZydisDecodedInstruction info;60/**61* The operands of the decoded instruction in a machine-readable format.62*63* The amount of actual operands can be determined by inspecting the corresponding fields64* in the `info` member of this struct. Inspect `operand_count_visible` if you care about65* visible operands (those that are printed by the formatter) or `operand_count` if you're66* also interested in implicit operands (for example the registers implicitly accessed by67* `pushad`). Unused entries are zeroed.68*/69ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT];70/**71* The textual, human-readable representation of the instruction.72*73* Guaranteed to be zero-terminated.74*/75char text[96];76} ZydisDisassembledInstruction;7778/* ============================================================================================== */79/* Exported functions */80/* ============================================================================================== */8182/**83* Disassemble an instruction and format it to human-readable text in a single step (Intel syntax).84*85* @param machine_mode The machine mode to assume when disassembling. When in doubt, pass86* `ZYDIS_MACHINE_MODE_LONG_64` for what is typically referred to as87* "64-bit mode" or `ZYDIS_MACHINE_MODE_LEGACY_32` for "32-bit mode".88* @param runtime_address The program counter (`eip` / `rip`) to assume when formatting the89* instruction. Many instructions behave differently depending on the90* address they are located at.91* @param buffer A pointer to the raw instruction bytes that you wish to decode.92* @param length The length of the input buffer. Note that this can be bigger than the93* actual size of the instruction -- you don't have to know the size up94* front. This length is merely used to prevent Zydis from doing95* out-of-bounds reads on your buffer.96* @param instruction A pointer to receive the decoded instruction information. Can be97* uninitialized and reused on later calls.98*99* This is a convenience function intended as a quick path for getting started with using Zydis.100* It internally calls a range of other more advanced functions to obtain all commonly needed101* information about the instruction. It is likely that you won't need most of this information in102* practice, so it is advisable to instead call these more advanced functions directly if you're103* concerned about performance.104*105* This function essentially combines the following more advanced functions into a single call:106*107* - `ZydisDecoderInit`108* - `ZydisDecoderDecodeInstruction`109* - `ZydisDecoderDecodeOperands`110* - `ZydisFormatterInit`111* - `ZydisFormatterFormatInstruction`112*113* @return A zyan status code.114*/115ZYDIS_EXPORT ZyanStatus ZydisDisassembleIntel(ZydisMachineMode machine_mode,116ZyanU64 runtime_address, const void* buffer, ZyanUSize length,117ZydisDisassembledInstruction *instruction);118119/**120* Disassemble an instruction and format it to human-readable text in a single step (AT&T syntax).121*122* @copydetails ZydisDisassembleIntel123*/124ZYDIS_EXPORT ZyanStatus ZydisDisassembleATT(ZydisMachineMode machine_mode,125ZyanU64 runtime_address, const void* buffer, ZyanUSize length,126ZydisDisassembledInstruction *instruction);127128/* ============================================================================================== */129130#ifdef __cplusplus131}132#endif133134#endif /* ZYDIS_DISASSEMBLER_H */135136137