Zydis  v2.0.0-alpha1
Zyan Disassembler Engine (Zydis)

License: MIT Gitter

Fast and lightweight x86/x86-64 disassembler library.


  • Supports all x86 and x86-64 (AMD64) general-purpose and system instructions.
  • Supports pretty much all ISA extensions:
    • FPU (x87), MMX
    • SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, SSE4A, AESNI
    • AVX, AVX2, AVX512BW, AVX512CD, AVX512DQ, AVX512ER, AVX512F, AVX512PF, AVX512VL
    • ADX, BMI1, BMI2, FMA, FMA4
    • ..
  • Optimized for high performance
  • No dynamic memory allocation
    • Perfect for kernel-mode drivers and embedded devices
  • Very small file-size overhead compared to other common disassembler libraries
  • Complete doxygen documentation


  • Language bindings [v2.0 final]
  • Tests [v2.0 final]
  • Graphical editor for the instruction-database [v2.0 final]
  • Implement CMake feature gates. Currently, everything is always included. [v2.0 final]
  • Encoding support [v2.1]

Quick Example

The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console.

#include <stdio.h>
#include <Zydis/Zydis.h>
int main()
uint8_t data[] =
0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75,
0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F,
0x88, 0xFC, 0xDA, 0x02, 0x00
ZydisDecoder decoder;
ZydisFormatter formatter;
ZydisFormatterInitEx(&formatter, ZYDIS_FORMATTER_STYLE_INTEL,
uint64_t instructionPointer = 0x007FFFFFFF400000;
char buffer[256];
ZydisDecoderDecodeBuffer(decoder, data, length, instructionPointer, &instruction)))
data += instruction.length;
length -= instruction.length;
instructionPointer += instruction.length;
printf("%016" PRIX64 " ", instruction.instrAddress);
ZydisFormatterFormatInstruction(&formatter, &instruction, &buffer[0], sizeof(buffer));
printf(" %s\n", &buffer[0]);
64 bit mode.
Definition: SharedTypes.h:76
Defines the ZydisDecodedInstruction struct.
Definition: DecoderTypes.h:676
uint64_t instrAddress
The instruction address points at the current instruction (relative to the initial instruction pointe...
Definition: DecoderTypes.h:733
uint8_t length
The length of the decoded instruction.
Definition: DecoderTypes.h:688
Defines the ZydisDecoder struct.
Definition: Decoder.h:78
Defines the ZydisFormatter struct.
Definition: Formatter.h:425

Sample Output

The above example program generates the following output:

007FFFFFFF400000 push rcx
007FFFFFFF400001 lea eax, dword ptr ss:[rbp-0x01]
007FFFFFFF400004 push rax
007FFFFFFF400005 push qword ptr ss:[rbp+0x0C]
007FFFFFFF400008 push qword ptr ss:[rbp+0x08]
007FFFFFFF40000B call qword ptr ds:[0x008000007588A5B1]
007FFFFFFF400011 test eax, eax
007FFFFFFF400013 js 0x007FFFFFFF42DB15


Zydis builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.

# Linux and OS X
git clone 'https://github.com/zyantific/zydis.git'
cd zydis
mkdir build && cd build
cmake ..

ZydisInfo tool



Zydis is licensed under the MIT license.