Zydis  v4.1.0
Data Structures | Typedefs | Functions
Disassembler.h File Reference

All-in-one convenience function providing the simplest possible way to use Zydis. More...

#include <Zydis/Decoder.h>
#include <Zydis/Formatter.h>
Include dependency graph for Disassembler.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ZydisDisassembledInstruction_
 All commonly used information about a decoded instruction that Zydis can provide. More...
 

Typedefs

typedef struct ZydisDisassembledInstruction_ ZydisDisassembledInstruction
 All commonly used information about a decoded instruction that Zydis can provide. More...
 

Functions

ZYDIS_EXPORT ZyanStatus ZydisDisassembleIntel (ZydisMachineMode machine_mode, ZyanU64 runtime_address, const void *buffer, ZyanUSize length, ZydisDisassembledInstruction *instruction)
 Disassemble an instruction and format it to human-readable text in a single step (Intel syntax). More...
 
ZYDIS_EXPORT ZyanStatus ZydisDisassembleATT (ZydisMachineMode machine_mode, ZyanU64 runtime_address, const void *buffer, ZyanUSize length, ZydisDisassembledInstruction *instruction)
 Disassemble an instruction and format it to human-readable text in a single step (AT&T syntax). More...
 

Detailed Description

All-in-one convenience function providing the simplest possible way to use Zydis.

Typedef Documentation

◆ ZydisDisassembledInstruction

typedef struct ZydisDisassembledInstruction_ ZydisDisassembledInstruction

All commonly used information about a decoded instruction that Zydis can provide.

This structure is filled in by calling ZydisDisassembleIntel or ZydisDisassembleATT.

Function Documentation

◆ ZydisDisassembleATT()

ZYDIS_EXPORT ZyanStatus ZydisDisassembleATT ( ZydisMachineMode  machine_mode,
ZyanU64  runtime_address,
const void *  buffer,
ZyanUSize  length,
ZydisDisassembledInstruction instruction 
)

Disassemble an instruction and format it to human-readable text in a single step (AT&T syntax).

Parameters
machine_modeThe machine mode to assume when disassembling. When in doubt, pass ZYDIS_MACHINE_MODE_LONG_64 for what is typically referred to as "64-bit mode" or ZYDIS_MACHINE_MODE_LEGACY_32 for "32-bit mode".
runtime_addressThe program counter (eip / rip) to assume when formatting the instruction. Many instructions behave differently depending on the address they are located at.
bufferA pointer to the raw instruction bytes that you wish to decode.
lengthThe length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer.
instructionA pointer to receive the decoded instruction information. Can be uninitialized and reused on later calls.

This is a convenience function intended as a quick path for getting started with using Zydis. It internally calls a range of other more advanced functions to obtain all commonly needed information about the instruction. It is likely that you won't need most of this information in practice, so it is advisable to instead call these more advanced functions directly if you're concerned about performance.

This function essentially combines the following more advanced functions into a single call:

  • ZydisDecoderInit
  • ZydisDecoderDecodeInstruction
  • ZydisDecoderDecodeOperands
  • ZydisFormatterInit
  • ZydisFormatterFormatInstruction
Returns
A zyan status code.

◆ ZydisDisassembleIntel()

ZYDIS_EXPORT ZyanStatus ZydisDisassembleIntel ( ZydisMachineMode  machine_mode,
ZyanU64  runtime_address,
const void *  buffer,
ZyanUSize  length,
ZydisDisassembledInstruction instruction 
)

Disassemble an instruction and format it to human-readable text in a single step (Intel syntax).

Parameters
machine_modeThe machine mode to assume when disassembling. When in doubt, pass ZYDIS_MACHINE_MODE_LONG_64 for what is typically referred to as "64-bit mode" or ZYDIS_MACHINE_MODE_LEGACY_32 for "32-bit mode".
runtime_addressThe program counter (eip / rip) to assume when formatting the instruction. Many instructions behave differently depending on the address they are located at.
bufferA pointer to the raw instruction bytes that you wish to decode.
lengthThe length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer.
instructionA pointer to receive the decoded instruction information. Can be uninitialized and reused on later calls.

This is a convenience function intended as a quick path for getting started with using Zydis. It internally calls a range of other more advanced functions to obtain all commonly needed information about the instruction. It is likely that you won't need most of this information in practice, so it is advisable to instead call these more advanced functions directly if you're concerned about performance.

This function essentially combines the following more advanced functions into a single call:

  • ZydisDecoderInit
  • ZydisDecoderDecodeInstruction
  • ZydisDecoderDecodeOperands
  • ZydisFormatterInit
  • ZydisFormatterFormatInstruction
Returns
A zyan status code.