Zydis
v4.0.0
|
Functions allowing decoding of instruction bytes to a machine interpretable struct. More...
Modules | |
CPU flags | |
Constants used for testing CPU flags accessed by an instruction. | |
FPU flags | |
Constants used for testing FPU flags accessed by an instruction. | |
Functions | |
ZYDIS_EXPORT ZyanStatus | ZydisDecoderInit (ZydisDecoder *decoder, ZydisMachineMode machine_mode, ZydisStackWidth stack_width) |
Initializes the given ZydisDecoder instance. More... | |
ZYDIS_EXPORT ZyanStatus | ZydisDecoderEnableMode (ZydisDecoder *decoder, ZydisDecoderMode mode, ZyanBool enabled) |
Enables or disables the specified decoder-mode. More... | |
ZYDIS_EXPORT ZyanStatus | ZydisDecoderDecodeFull (const ZydisDecoder *decoder, const void *buffer, ZyanUSize length, ZydisDecodedInstruction *instruction, ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT]) |
Decodes the instruction in the given input buffer and returns all details (e.g. More... | |
ZYDIS_EXPORT ZyanStatus | ZydisDecoderDecodeInstruction (const ZydisDecoder *decoder, ZydisDecoderContext *context, const void *buffer, ZyanUSize length, ZydisDecodedInstruction *instruction) |
Decodes the instruction in the given input buffer . More... | |
ZYDIS_EXPORT ZyanStatus | ZydisDecoderDecodeOperands (const ZydisDecoder *decoder, const ZydisDecoderContext *context, const ZydisDecodedInstruction *instruction, ZydisDecodedOperand *operands, ZyanU8 operand_count) |
Decodes the instruction operands. More... | |
Functions allowing decoding of instruction bytes to a machine interpretable struct.
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeFull | ( | const ZydisDecoder * | decoder, |
const void * | buffer, | ||
ZyanUSize | length, | ||
ZydisDecodedInstruction * | instruction, | ||
ZydisDecodedOperand | operands[ZYDIS_MAX_OPERAND_COUNT] | ||
) |
Decodes the instruction in the given input buffer
and returns all details (e.g.
operands).
decoder | A pointer to the ZydisDecoder instance. |
buffer | A pointer to the input buffer. |
length | The length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer. |
instruction | A pointer to the ZydisDecodedInstruction struct receiving the details about the decoded instruction. |
operands | A pointer to an array with ZYDIS_MAX_OPERAND_COUNT entries that receives the decoded operands. The number of operands decoded is determined by the instruction.operand_count field. Excess entries are zeroed. |
This is a convenience function that combines the following functions into one call:
ZydisDecoderDecodeInstruction
ZydisDecoderDecodeOperands
Please refer to ZydisDecoderDecodeInstruction
if operand decoding is not required or should be done separately (ZydisDecoderDecodeOperands
).
This function is not available in MINIMAL_MODE.
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeInstruction | ( | const ZydisDecoder * | decoder, |
ZydisDecoderContext * | context, | ||
const void * | buffer, | ||
ZyanUSize | length, | ||
ZydisDecodedInstruction * | instruction | ||
) |
Decodes the instruction in the given input buffer
.
decoder | A pointer to the ZydisDecoder instance. |
context | A pointer to a decoder context struct which is required for further decoding (e.g. operand decoding using ZydisDecoderDecodeOperands ) or ZYAN_NULL if not needed. |
buffer | A pointer to the input buffer. |
length | The length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer. |
instruction | A pointer to the ZydisDecodedInstruction struct, that receives the details about the decoded instruction. |
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeOperands | ( | const ZydisDecoder * | decoder, |
const ZydisDecoderContext * | context, | ||
const ZydisDecodedInstruction * | instruction, | ||
ZydisDecodedOperand * | operands, | ||
ZyanU8 | operand_count | ||
) |
Decodes the instruction operands.
decoder | A pointer to the ZydisDecoder instance. |
context | A pointer to the ZydisDecoderContext struct. |
instruction | A pointer to the ZydisDecodedInstruction struct. |
operands | The array that receives the decoded operands. Refer to ZYDIS_MAX_OPERAND_COUNT or ZYDIS_MAX_OPERAND_COUNT_VISIBLE when allocating space for the array to ensure that the buffer size is sufficient to always fit all instruction operands. Refer to instruction.operand_count or ‘instruction.operand_count_visible’ when allocating space for the array to ensure that the buffer size is sufficient to fit all operands of the given instruction. |
operand_count | The length of the operands array. This argument as well limits the maximum amount of operands to decode. If this value is 0 , no operands will be decoded and ZYAN_NULL will be accepted for the operands argument. |
This function fails, if operand_count
is larger than the total number of operands for the given instruction (instruction.operand_count
).
This function is not available in MINIMAL_MODE.
ZYDIS_EXPORT ZyanStatus ZydisDecoderEnableMode | ( | ZydisDecoder * | decoder, |
ZydisDecoderMode | mode, | ||
ZyanBool | enabled | ||
) |
Enables or disables the specified decoder-mode.
decoder | A pointer to the ZydisDecoder instance. |
mode | The decoder mode. |
enabled | ZYAN_TRUE to enable, or ZYAN_FALSE to disable the specified decoder-mode. |
ZYDIS_EXPORT ZyanStatus ZydisDecoderInit | ( | ZydisDecoder * | decoder, |
ZydisMachineMode | machine_mode, | ||
ZydisStackWidth | stack_width | ||
) |
Initializes the given ZydisDecoder
instance.
decoder | A pointer to the ZydisDecoder instance. |
machine_mode | The machine mode. |
stack_width | The stack width. |