Zydis  v4.1.0
Modules | Functions
Decoder

Functions allowing decoding of instruction bytes to a machine interpretable struct. More...

Collaboration diagram for Decoder:

Modules

 CPU flags
 Constants used for testing CPU flags accessed by an instruction.
 
 FPU flags
 Constants used for testing FPU flags accessed by an instruction.
 

Functions

ZYDIS_EXPORT ZyanStatus ZydisDecoderInit (ZydisDecoder *decoder, ZydisMachineMode machine_mode, ZydisStackWidth stack_width)
 Initializes the given ZydisDecoder instance. More...
 
ZYDIS_EXPORT ZyanStatus ZydisDecoderEnableMode (ZydisDecoder *decoder, ZydisDecoderMode mode, ZyanBool enabled)
 Enables or disables the specified decoder-mode. More...
 
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeFull (const ZydisDecoder *decoder, const void *buffer, ZyanUSize length, ZydisDecodedInstruction *instruction, ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT])
 Decodes the instruction in the given input buffer and returns all details (e.g. More...
 
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeInstruction (const ZydisDecoder *decoder, ZydisDecoderContext *context, const void *buffer, ZyanUSize length, ZydisDecodedInstruction *instruction)
 Decodes the instruction in the given input buffer. More...
 
ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeOperands (const ZydisDecoder *decoder, const ZydisDecoderContext *context, const ZydisDecodedInstruction *instruction, ZydisDecodedOperand *operands, ZyanU8 operand_count)
 Decodes the instruction operands. More...
 

Detailed Description

Functions allowing decoding of instruction bytes to a machine interpretable struct.

Function Documentation

◆ ZydisDecoderDecodeFull()

ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeFull ( const ZydisDecoder decoder,
const void *  buffer,
ZyanUSize  length,
ZydisDecodedInstruction instruction,
ZydisDecodedOperand  operands[ZYDIS_MAX_OPERAND_COUNT] 
)

Decodes the instruction in the given input buffer and returns all details (e.g.

operands).

Parameters
decoderA pointer to the ZydisDecoder instance.
bufferA pointer to the input buffer.
lengthThe length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer.
instructionA pointer to the ZydisDecodedInstruction struct receiving the details about the decoded instruction.
operandsA pointer to an array with ZYDIS_MAX_OPERAND_COUNT entries that receives the decoded operands. The number of operands decoded is determined by the instruction.operand_count field. Excess entries are zeroed.

This is a convenience function that combines the following functions into one call:

  • ZydisDecoderDecodeInstruction
  • ZydisDecoderDecodeOperands

Please refer to ZydisDecoderDecodeInstruction if operand decoding is not required or should be done separately (ZydisDecoderDecodeOperands).

This function is not available in MINIMAL_MODE.

Returns
A zyan status code.

◆ ZydisDecoderDecodeInstruction()

ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeInstruction ( const ZydisDecoder decoder,
ZydisDecoderContext context,
const void *  buffer,
ZyanUSize  length,
ZydisDecodedInstruction instruction 
)

Decodes the instruction in the given input buffer.

Parameters
decoderA pointer to the ZydisDecoder instance.
contextA pointer to a decoder context struct which is required for further decoding (e.g. operand decoding using ZydisDecoderDecodeOperands) or ZYAN_NULL if not needed.
bufferA pointer to the input buffer.
lengthThe length of the input buffer. Note that this can be bigger than the actual size of the instruction – you don't have to know the size up front. This length is merely used to prevent Zydis from doing out-of-bounds reads on your buffer.
instructionA pointer to the ZydisDecodedInstruction struct, that receives the details about the decoded instruction.
Returns
A zyan status code.

◆ ZydisDecoderDecodeOperands()

ZYDIS_EXPORT ZyanStatus ZydisDecoderDecodeOperands ( const ZydisDecoder decoder,
const ZydisDecoderContext context,
const ZydisDecodedInstruction instruction,
ZydisDecodedOperand operands,
ZyanU8  operand_count 
)

Decodes the instruction operands.

Parameters
decoderA pointer to the ZydisDecoder instance.
contextA pointer to the ZydisDecoderContext struct.
instructionA pointer to the ZydisDecodedInstruction struct.
operandsThe array that receives the decoded operands. Refer to ZYDIS_MAX_OPERAND_COUNT or ZYDIS_MAX_OPERAND_COUNT_VISIBLE when allocating space for the array to ensure that the buffer size is sufficient to always fit all instruction operands. Refer to instruction.operand_count or ‘instruction.operand_count_visible’ when allocating space for the array to ensure that the buffer size is sufficient to fit all operands of the given instruction.
operand_countThe length of the operands array. This argument as well limits the maximum amount of operands to decode. If this value is 0, no operands will be decoded and ZYAN_NULL will be accepted for the operands argument.

This function fails, if operand_count is larger than the total number of operands for the given instruction (instruction.operand_count).

This function is not available in MINIMAL_MODE.

Returns
A zyan status code.

◆ ZydisDecoderEnableMode()

ZYDIS_EXPORT ZyanStatus ZydisDecoderEnableMode ( ZydisDecoder decoder,
ZydisDecoderMode  mode,
ZyanBool  enabled 
)

Enables or disables the specified decoder-mode.

Parameters
decoderA pointer to the ZydisDecoder instance.
modeThe decoder mode.
enabledZYAN_TRUE to enable, or ZYAN_FALSE to disable the specified decoder-mode.
Returns
A zyan status code.

◆ ZydisDecoderInit()

ZYDIS_EXPORT ZyanStatus ZydisDecoderInit ( ZydisDecoder decoder,
ZydisMachineMode  machine_mode,
ZydisStackWidth  stack_width 
)

Initializes the given ZydisDecoder instance.

Parameters
decoderA pointer to the ZydisDecoder instance.
machine_modeThe machine mode.
stack_widthThe stack width.
Returns
A zyan status code.