Zydis
v4.1.0
|
Miscellaneous utility functions. More...
Functions | |
ZYDIS_EXPORT ZyanStatus | ZydisCalcAbsoluteAddress (const ZydisDecodedInstruction *instruction, const ZydisDecodedOperand *operand, ZyanU64 runtime_address, ZyanU64 *result_address) |
Calculates the absolute address value for the given instruction operand. More... | |
ZYDIS_EXPORT ZyanStatus | ZydisCalcAbsoluteAddressEx (const ZydisDecodedInstruction *instruction, const ZydisDecodedOperand *operand, ZyanU64 runtime_address, const ZydisRegisterContext *register_context, ZyanU64 *result_address) |
Calculates the absolute address value for the given instruction operand. More... | |
Miscellaneous utility functions.
Address translation and other helpers.
ZYDIS_EXPORT ZyanStatus ZydisCalcAbsoluteAddress | ( | const ZydisDecodedInstruction * | instruction, |
const ZydisDecodedOperand * | operand, | ||
ZyanU64 | runtime_address, | ||
ZyanU64 * | result_address | ||
) |
Calculates the absolute address value for the given instruction operand.
instruction | A pointer to the ZydisDecodedInstruction struct. |
operand | A pointer to the ZydisDecodedOperand struct. |
runtime_address | The runtime address of the instruction. |
result_address | A pointer to the memory that receives the absolute address. |
You should use this function in the following cases:
IMM
operands with relative address (e.g. JMP
, CALL
, ...)MEM
operands with RIP
/EIP
-relative address (e.g. MOV RAX, [RIP+0x12345678]
)MEM
operands with absolute address (e.g. MOV RAX, [0x12345678]
)ZYDIS_EXPORT ZyanStatus ZydisCalcAbsoluteAddressEx | ( | const ZydisDecodedInstruction * | instruction, |
const ZydisDecodedOperand * | operand, | ||
ZyanU64 | runtime_address, | ||
const ZydisRegisterContext * | register_context, | ||
ZyanU64 * | result_address | ||
) |
Calculates the absolute address value for the given instruction operand.
instruction | A pointer to the ZydisDecodedInstruction struct. |
operand | A pointer to the ZydisDecodedOperand struct. |
runtime_address | The runtime address of the instruction. |
register_context | A pointer to the ZydisRegisterContext struct. |
result_address | A pointer to the memory that receives the absolute target-address. |
This function behaves like ZydisCalcAbsoluteAddress
but takes an additional register-context argument to allow calculation of addresses depending on runtime register values.
Note that IP/EIP/RIP
from the register-context will be ignored in favor of the passed runtime-address.