Magic-Mirror/x64dbg
1
0
Fork 0
mirror of https://github.com/x64dbg/x64dbg.git synced 2024-11-23 04:50:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update zydis_wrapper

Browse Source
This commit is contained in:
Duncan Ogilvie 2023-08-19 22:50:07 +02:00
parent b22266b822
commit 952c16aad7
26 changed files with 346 additions and 406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/dbg/TraceRecord.cpp
View File

@ -205,14 +205,14 @@ void TraceRecordManager::TraceExecute(duint address, duint size)
//See https://www.felixcloutier.com/x86/FXSAVE.html, max 512 bytes
#define memoryContentSize 512
static void HandleZydisOperand(const Zydis & cp, int opindex, DISASM_ARGTYPE* argType, duint* value, unsigned char memoryContent[memoryContentSize], unsigned char* memorySize)
static void HandleZydisOperand(const Zydis & zydis, int opindex, DISASM_ARGTYPE* argType, duint* value, unsigned char memoryContent[memoryContentSize], unsigned char* memorySize)
{
*value = cp.ResolveOpValue(opindex, [&cp](ZydisRegister reg)
*value = (duint)zydis.ResolveOpValue(opindex, [&zydis](ZydisRegister reg) -> uint64_t
{
auto regName = cp.RegName(reg);
auto regName = zydis.RegName(reg);
return regName ? getregister(nullptr, regName) : 0; //TODO: temporary needs enums + caching
});
const auto & op = cp[opindex];
const auto & op = zydis[opindex];
switch(op.type)
{
case ZYDIS_OPERAND_TYPE_REGISTER:
@ -269,7 +269,7 @@ void TraceRecordManager::TraceExecuteRecord(const Zydis & newInstruction)
if(newInstruction.Success() && !newInstruction.IsNop() && newInstruction.GetId() != ZYDIS_MNEMONIC_LEA)
{
// This can happen when trace execute instruction is used, we need to fix that or something would go wrong with the GUI.
newContext.registers.regcontext.cip = newInstruction.Address();
newContext.registers.regcontext.cip = (duint)newInstruction.Address();
DISASM_ARGTYPE argType;
duint value;
unsigned char memoryContent[memoryContentSize];
@ -553,13 +553,13 @@ bool TraceRecordManager::enableTraceRecording(bool enabled, const char* fileName
for(size_t i = 0; i < _countof(rtOldContextChanged); i++)
rtOldContextChanged[i] = true;
dprintf(QT_TRANSLATE_NOOP("DBG", "Started trace recording to file: %s\r\n"), fileName);
Zydis cp;
Zydis zydis;
unsigned char instr[MAX_DISASM_BUFFER];
auto cip = GetContextDataEx(hActiveThread, UE_CIP);
if(MemRead(cip, instr, MAX_DISASM_BUFFER))
{
cp.DisassembleSafe(cip, instr, MAX_DISASM_BUFFER);
TraceExecuteRecord(cp);
zydis.DisassembleSafe(cip, instr, MAX_DISASM_BUFFER);
TraceExecuteRecord(zydis);
}
GuiOpenTraceFile(fileName);
return true;

32
src/dbg/_exports.cpp
View File

@ -102,8 +102,8 @@ extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr)
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Zydis cp;
if(cp.Disassemble(addr, data))
Zydis zydis;
if(zydis.Disassemble(addr, data))
{
CONTEXT ctx;
memset(&ctx, 0, sizeof(ctx));
@ -116,7 +116,7 @@ extern "C" DLL_EXPORT bool _dbg_isjumpgoingtoexecute(duint addr)
auto cflags = ctx.EFlags;
auto ccx = ctx.Ecx;
#endif //_WIN64
return cp.IsBranchGoingToExecute(cflags, ccx);
return zydis.IsBranchGoingToExecute(cflags, ccx);
}
}
return false;
@ -329,11 +329,11 @@ static bool getAutoComment(duint addr, String & comment)
BRIDGE_ADDRINFO newinfo;
char string_text[MAX_STRING_SIZE] = "";
Zydis cp;
Zydis zydis;
auto getregs = !bOnlyCipAutoComments || addr == lastContext.cip;
disasmget(cp, addr, &instr, getregs);
disasmget(zydis, addr, &instr, getregs);
// Some nop variants have 'operands' that should be ignored
if(cp.Success() && !cp.IsNop())
if(zydis.Success() && !zydis.IsNop())
{
//Ignore register values when not on CIP and OnlyCipAutoComments is enabled: https://github.com/x64dbg/x64dbg/issues/1383
if(!getregs)
@ -342,7 +342,7 @@ static bool getAutoComment(duint addr, String & comment)
instr.arg[i].value = instr.arg[i].constant;
}
if(addr == lastContext.cip && (cp.GetId() == ZYDIS_MNEMONIC_SYSCALL || (cp.GetId() == ZYDIS_MNEMONIC_INT && cp[0].imm.value.u == 0x2e)))
if(addr == lastContext.cip && (zydis.GetId() == ZYDIS_MNEMONIC_SYSCALL || (zydis.GetId() == ZYDIS_MNEMONIC_INT && zydis[0].imm.value.u == 0x2e)))
{
auto syscallName = SyscallToName((unsigned int)lastContext.cax);
if(!syscallName.empty())
@ -367,9 +367,9 @@ static bool getAutoComment(duint addr, String & comment)
if(instr.arg[i].constant == instr.arg[i].value) //avoid: call <module.label> ; addr:label
{
auto constant = instr.arg[i].constant;
if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && cp.IsCall())
if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && zydis.IsCall())
temp_string.assign("call $0");
else if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && cp.IsJump())
else if(instr.arg[i].type == arg_normal && instr.arg[i].value == addr + instr.instr_size && zydis.IsJump())
temp_string.assign("jmp $0");
else if(instr.type == instr_branch)
continue;
@ -881,12 +881,12 @@ extern "C" DLL_EXPORT duint _dbg_getbranchdestination(duint addr)
unsigned char data[MAX_DISASM_BUFFER];
if(!MemIsValidReadPtr(addr, true) || !MemRead(addr, data, sizeof(data)))
return 0;
Zydis cp;
if(!cp.Disassemble(addr, data))
Zydis zydis;
if(!zydis.Disassemble(addr, data))
return 0;
if(cp.IsBranchType(Zydis::BTJmp | Zydis::BTCall | Zydis::BTLoop | Zydis::BTXbegin))
if(zydis.IsBranchType(Zydis::BTJmp | Zydis::BTCall | Zydis::BTLoop | Zydis::BTXbegin))
{
auto opValue = cp.ResolveOpValue(0, [](ZydisRegister reg) -> size_t
auto opValue = (duint)zydis.ResolveOpValue(0, [](ZydisRegister reg) -> uint64_t
{
switch(reg)
{
@ -949,10 +949,10 @@ extern "C" DLL_EXPORT duint _dbg_getbranchdestination(duint addr)
return 0;
}
});
if(cp.OpCount() && cp[0].type == ZYDIS_OPERAND_TYPE_MEMORY)
if(zydis.OpCount() && zydis[0].type == ZYDIS_OPERAND_TYPE_MEMORY)
{
auto const tebseg = ArchValue(ZYDIS_REGISTER_FS, ZYDIS_REGISTER_GS);
if(cp[0].mem.segment == tebseg)
if(zydis[0].mem.segment == tebseg)
opValue += duint(GetTEBLocation(hActiveThread));
if(MemRead(opValue, &opValue, sizeof(opValue)))
return opValue;
@ -960,7 +960,7 @@ extern "C" DLL_EXPORT duint _dbg_getbranchdestination(duint addr)
else
return opValue;
}
if(cp.IsRet())
if(zydis.IsRet())
{
auto csp = lastContext.csp;
duint dest = 0;

8
src/dbg/analysis/CodeFollowPass.cpp
View File

@ -31,9 +31,9 @@ bool CodeFollowPass::Analyse()
return false;
}
duint CodeFollowPass::GetReferenceOperand(const ZydisDecodedInstruction & Context)
duint CodeFollowPass::GetReferenceOperand(const ZydisDisassembledInstruction & Context)
{
for(int i = 0; i < Context.operandCount; i++)
for(int i = 0; i < Context.info.operand_count; i++)
{
auto operand = Context.operands[i];
@ -50,9 +50,9 @@ duint CodeFollowPass::GetReferenceOperand(const ZydisDecodedInstruction & Contex
return 0;
}
duint CodeFollowPass::GetMemoryOperand(Zydis & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect)
duint CodeFollowPass::GetMemoryOperand(Zydis & Disasm, const ZydisDisassembledInstruction & Context, bool* Indirect)
{
if(Context.operandCount <= 0)
if(Context.info.operand_count <= 0)
return 0;
// Only the first operand matters

4
src/dbg/analysis/CodeFollowPass.h
View File

@ -14,6 +14,6 @@ public:
virtual bool Analyse() override;
private:
duint GetReferenceOperand(const ZydisDecodedInstruction & Context);
duint GetMemoryOperand(Zydis & Disasm, const ZydisDecodedInstruction & Context, bool* Indirect);
duint GetReferenceOperand(const ZydisDisassembledInstruction & Context);
duint GetMemoryOperand(Zydis & Disasm, const ZydisDisassembledInstruction & Context, bool* Indirect);
};

46
src/dbg/analysis/advancedanalysis.cpp
View File

@ -94,7 +94,7 @@ void AdvancedAnalysis::analyzeFunction(duint entryPoint, bool writedata)
while(true)
{
node.icount++;
if(!mCp.Disassemble(node.end, translateAddr(node.end)))
if(!mZydis.Disassemble(node.end, translateAddr(node.end)))
{
if(writedata)
mEncMap[node.end - mBase] = (byte)enc_byte;
@ -109,7 +109,7 @@ void AdvancedAnalysis::analyzeFunction(duint entryPoint, bool writedata)
}
// If the memory range doesn't fit the entire instruction
// mark it as bytes and finish this node
if(!inRange(node.end + mCp.Size() - 1))
if(!inRange(node.end + mZydis.Size() - 1))
{
duint remainingSize = mBase + mSize - node.end;
memset(&mEncMap[node.end - mBase], (byte)enc_byte, remainingSize);
@ -119,15 +119,15 @@ void AdvancedAnalysis::analyzeFunction(duint entryPoint, bool writedata)
if(writedata)
{
mEncMap[node.end - mBase] = (byte)enc_code;
for(int i = 1; i < mCp.Size(); i++)
for(size_t i = 1; i < mZydis.Size(); i++)
mEncMap[node.end - mBase + i] = (byte)enc_middle;
}
if(mCp.IsJump() || mCp.IsLoop()) //jump
if(mZydis.IsJump() || mZydis.IsLoop()) //jump
{
//set the branch destinations
node.brtrue = mCp.BranchDestination();
if(mCp.GetId() != ZYDIS_MNEMONIC_JMP) //unconditional jumps dont have a brfalse
node.brfalse = node.end + mCp.Size();
node.brtrue = (duint)mZydis.BranchDestination();
if(mZydis.GetId() != ZYDIS_MNEMONIC_JMP) //unconditional jumps dont have a brfalse
node.brfalse = node.end + mZydis.Size();
//add node to the function graph
graph.AddNode(node);
@ -140,26 +140,26 @@ void AdvancedAnalysis::analyzeFunction(duint entryPoint, bool writedata)
break;
}
if(mCp.IsCall()) //call
if(mZydis.IsCall()) //call
{
//TODO: handle no return
duint target = mCp.BranchDestination();
auto target = (duint)mZydis.BranchDestination();
if(inRange(target) && mEntryPoints.find(target) == mEntryPoints.end())
mCandidateEPs.insert(target);
}
if(mCp.IsRet()) //return
if(mZydis.IsRet()) //return
{
node.terminal = true;
graph.AddNode(node);
break;
}
// If this instruction finishes the memory range, end the loop for this entry point
if(!inRange(node.end + mCp.Size()))
if(!inRange(node.end + mZydis.Size()))
{
graph.AddNode(node);
break;
}
node.end += mCp.Size();
node.end += mZydis.Size();
}
}
mFunctions.push_back(graph);
@ -173,20 +173,20 @@ void AdvancedAnalysis::linearXrefPass()
for(auto addr = mBase; addr < mBase + mSize;)
{
if(!mCp.Disassemble(addr, translateAddr(addr)))
if(!mZydis.Disassemble(addr, translateAddr(addr)))
{
addr++;
continue;
}
addr += mCp.Size();
addr += mZydis.Size();
XREF xref;
xref.valid = true;
xref.addr = 0;
xref.from = mCp.Address();
for(auto i = 0; i < mCp.OpCount(); i++)
xref.from = (duint)mZydis.Address();
for(auto i = 0; i < mZydis.OpCount(); i++)
{
duint dest = mCp.ResolveOpValue(i, [](ZydisRegister)->size_t
auto dest = (duint)mZydis.ResolveOpValue(i, [](ZydisRegister) -> uint64_t
{
return 0;
});
@ -198,9 +198,9 @@ void AdvancedAnalysis::linearXrefPass()
}
if(xref.addr)
{
if(mCp.IsCall())
if(mZydis.IsCall())
xref.type = XREF_CALL;
else if(mCp.IsJump())
else if(mZydis.IsJump())
xref.type = XREF_JMP;
else
xref.type = XREF_DATA;
@ -270,16 +270,16 @@ void AdvancedAnalysis::writeDataXrefs()
{
if(xref.type == XREF_DATA && xref.valid)
{
if(!mCp.Disassemble(xref.from, translateAddr(xref.from)))
if(!mZydis.Disassemble(xref.from, translateAddr(xref.from)))
{
xref.valid = false;
continue;
}
auto opcode = mCp.GetId();
auto opcode = mZydis.GetId();
bool isfloat = isFloatInstruction(opcode);
for(auto i = 0; i < mCp.OpCount(); i++)
for(auto i = 0; i < mZydis.OpCount(); i++)
{
auto & op = mCp[i];
auto & op = mZydis[i];
ENCODETYPE type = enc_unknown;
//Todo: Analyze op type and set correct type

2
src/dbg/analysis/analysis.h
View File

@ -17,7 +17,7 @@ protected:
duint mBase;
duint mSize;
unsigned char* mData;
Zydis mCp;
Zydis mZydis;
bool inRange(duint addr) const
{

32
src/dbg/analysis/controlflowanalysis.cpp
View File

@ -140,26 +140,26 @@ void ControlFlowAnalysis::BasicBlockStarts()
for(duint i = 0; i < mSize;)
{
auto addr = mBase + i;
if(mCp.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
if(mZydis.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
{
if(bSkipFilling) //handle filling skip mode
{
if(!mCp.IsFilling()) //do nothing until the filling stopped
if(!mZydis.IsFilling()) //do nothing until the filling stopped
{
bSkipFilling = false;
mBlockStarts.insert(addr);
}
}
else if(mCp.IsRet()) //RET breaks control flow
else if(mZydis.IsRet()) //RET breaks control flow
{
bSkipFilling = true; //skip INT3/NOP/whatever filling bytes (those are not part of the control flow)
}
else if(mCp.IsJump() || mCp.IsLoop()) //branches
else if(mZydis.IsJump() || mZydis.IsLoop()) //branches
{
auto dest1 = getReferenceOperand();
duint dest2 = 0;
if(mCp.GetId() != ZYDIS_MNEMONIC_JMP) //conditional jump
dest2 = addr + mCp.Size();
if(mZydis.GetId() != ZYDIS_MNEMONIC_JMP) //conditional jump
dest2 = addr + mZydis.Size();
if(!dest1 && !dest2) //TODO: better code for this (make sure absolutely no filling is inserted)
bSkipFilling = true;
@ -168,7 +168,7 @@ void ControlFlowAnalysis::BasicBlockStarts()
if(dest2)
mBlockStarts.insert(dest2);
}
else if(mCp.IsCall())
else if(mZydis.IsCall())
{
auto dest1 = getReferenceOperand();
if(dest1)
@ -183,7 +183,7 @@ void ControlFlowAnalysis::BasicBlockStarts()
if(dest1)
mBlockStarts.insert(dest1);
}
i += mCp.Size();
i += mZydis.Size();
}
else
i++;
@ -204,23 +204,23 @@ void ControlFlowAnalysis::BasicBlocks()
for(duint addr = start, prevaddr; addr < mBase + mSize;)
{
prevaddr = addr;
if(mCp.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
if(mZydis.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
{
if(mCp.IsRet())
if(mZydis.IsRet())
{
insertBlock(BasicBlock(start, addr, 0, 0)); //leaf block
break;
}
else if(mCp.IsJump() || mCp.IsLoop())
else if(mZydis.IsJump() || mZydis.IsLoop())
{
auto dest1 = getReferenceOperand();
auto dest2 = mCp.GetId() != ZYDIS_MNEMONIC_JMP ? addr + mCp.Size() : 0;
auto dest2 = mZydis.GetId() != ZYDIS_MNEMONIC_JMP ? addr + mZydis.Size() : 0;
insertBlock(BasicBlock(start, addr, dest1, dest2));
insertParent(dest1, start);
insertParent(dest2, start);
break;
}
addr += mCp.Size();
addr += mZydis.Size();
}
else
addr++;
@ -413,9 +413,9 @@ String ControlFlowAnalysis::blockToString(const BasicBlock* block)
duint ControlFlowAnalysis::getReferenceOperand() const
{
for(auto i = 0; i < mCp.OpCount(); i++)
for(auto i = 0; i < mZydis.OpCount(); i++)
{
const auto & op = mCp[i];
const auto & op = mZydis[i];
if(op.type == ZYDIS_OPERAND_TYPE_IMMEDIATE)
{
auto dest = duint(op.imm.value.u);
@ -426,7 +426,7 @@ duint ControlFlowAnalysis::getReferenceOperand() const
{
auto dest = duint(op.mem.disp.value);
if(op.mem.base == ZYDIS_REGISTER_RIP) //rip-relative
dest += mCp.Address() + mCp.Size();
dest += (duint)mZydis.Address() + mZydis.Size();
if(inRange(dest))
return dest;
}

32
src/dbg/analysis/linearanalysis.cpp
View File

@ -45,12 +45,12 @@ void LinearAnalysis::populateReferences()
for(duint i = 0; i < mSize;)
{
auto addr = mBase + i;
if(mCp.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
if(mZydis.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
{
auto ref = getReferenceOperand();
if(ref)
mFunctions.push_back({ ref, 0 });
i += mCp.Size();
i += mZydis.Size();
}
else
i++;
@ -72,8 +72,8 @@ void LinearAnalysis::analyseFunctions()
auto end = findFunctionEnd(function.start, maxaddr);
if(end)
{
if(mCp.Disassemble(end, translateAddr(end), MAX_DISASM_BUFFER))
function.end = end + mCp.Size() - 1;
if(mZydis.Disassemble(end, translateAddr(end), MAX_DISASM_BUFFER))
function.end = end + mZydis.Size() - 1;
else
function.end = end;
}
@ -83,10 +83,10 @@ void LinearAnalysis::analyseFunctions()
duint LinearAnalysis::findFunctionEnd(duint start, duint maxaddr)
{
//disassemble first instruction for some heuristics
if(mCp.Disassemble(start, translateAddr(start), MAX_DISASM_BUFFER))
if(mZydis.Disassemble(start, translateAddr(start), MAX_DISASM_BUFFER))
{
//JMP [123456] ; import
if(mCp.IsJump() && mCp.OpCount() && mCp[0].type == ZYDIS_OPERAND_TYPE_MEMORY)
if(mZydis.IsJump() && mZydis.OpCount() && mZydis[0].type == ZYDIS_OPERAND_TYPE_MEMORY)
return 0;
}
@ -95,14 +95,14 @@ duint LinearAnalysis::findFunctionEnd(duint start, duint maxaddr)
duint jumpback = 0;
for(duint addr = start, fardest = 0; addr < maxaddr;)
{
if(mCp.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
if(mZydis.Disassemble(addr, translateAddr(addr), MAX_DISASM_BUFFER))
{
if(addr + mCp.Size() > maxaddr) //we went past the maximum allowed address
if(addr + mZydis.Size() > maxaddr) //we went past the maximum allowed address
break;
if((mCp.IsJump() || mCp.IsLoop()) && mCp.OpCount() && mCp[0].type == ZYDIS_OPERAND_TYPE_IMMEDIATE) //jump
if((mZydis.IsJump() || mZydis.IsLoop()) && mZydis.OpCount() && mZydis[0].type == ZYDIS_OPERAND_TYPE_IMMEDIATE) //jump
{
auto dest = duint(mCp[0].imm.value.u);
auto dest = duint(mZydis[0].imm.value.u);
if(dest >= maxaddr) //jump across function boundaries
{
@ -112,19 +112,19 @@ duint LinearAnalysis::findFunctionEnd(duint start, duint maxaddr)
{
fardest = dest;
}
else if(end && dest < end && (mCp.GetId() == ZYDIS_MNEMONIC_JMP || mCp.GetId() == ZYDIS_MNEMONIC_LOOP)) //save the last JMP backwards
else if(end && dest < end && (mZydis.GetId() == ZYDIS_MNEMONIC_JMP || mZydis.GetId() == ZYDIS_MNEMONIC_LOOP)) //save the last JMP backwards
{
jumpback = addr;
}
}
else if(mCp.IsRet()) //possible function end?
else if(mZydis.IsRet()) //possible function end?
{
end = addr;
if(fardest < addr) //we stop if the farthest JXX destination forward is before this RET
break;
}
addr += mCp.Size();
addr += mZydis.Size();
}
else
addr++;
@ -134,10 +134,10 @@ duint LinearAnalysis::findFunctionEnd(duint start, duint maxaddr)
duint LinearAnalysis::getReferenceOperand() const
{
for(auto i = 0; i < mCp.OpCount(); i++)
for(auto i = 0; i < mZydis.OpCount(); i++)
{
const auto & op = mCp[i];
if(mCp.IsJump() || mCp.IsLoop()) //skip jumps/loops
const auto & op = mZydis[i];
if(mZydis.IsJump() || mZydis.IsLoop()) //skip jumps/loops
continue;
if(op.type == ZYDIS_OPERAND_TYPE_IMMEDIATE) //we are looking for immediate references
{

46
src/dbg/analysis/recursiveanalysis.cpp
View File

@ -59,11 +59,11 @@ void RecursiveAnalysis::SetMarkers()
duint rangeStart = 0, rangeEnd = 0, rangeInstructionCount = 0;
for(auto rangeItr = blockRanges.begin(); rangeItr != blockRanges.end(); ++rangeItr)
{
auto disasmLen = [this](duint addr)
auto disasmLen = [this](duint addr) -> size_t
{
if(!mCp.Disassemble(addr, translateAddr(addr)))
if(!mZydis.Disassemble(addr, translateAddr(addr)))
return 1;
return mCp.Size();
return mZydis.Size();
};
const auto & node = *rangeItr->second;
if(!rangeStart)
@ -171,14 +171,14 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
{
if(!inRange(node.end))
{
node.end = mCp.Address();
node.end = (duint)mZydis.Address();
node.terminal = true;
graph.AddNode(node);
break;
}
node.icount++;
if(!mCp.Disassemble(node.end, translateAddr(node.end)))
if(!mZydis.Disassemble(node.end, translateAddr(node.end)))
{
node.end++;
continue;
@ -187,10 +187,10 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
//do xref analysis on the instruction
XREF xref;
xref.addr = 0;
xref.from = mCp.Address();
for(auto i = 0; i < mCp.OpCount(); i++)
xref.from = (duint)mZydis.Address();
for(auto i = 0; i < mZydis.OpCount(); i++)
{
duint dest = mCp.ResolveOpValue(i, [](ZydisRegister)->size_t
auto dest = (duint)mZydis.ResolveOpValue(i, [](ZydisRegister) -> uint64_t
{
return 0;
});
@ -203,23 +203,23 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
if(xref.addr)
mXrefs.push_back(xref);
if(!mCp.IsNop() && (mCp.IsJump() || mCp.IsLoop())) //non-nop jump
if(!mZydis.IsNop() && (mZydis.IsJump() || mZydis.IsLoop())) //non-nop jump
{
//set the branch destinations
node.brtrue = mCp.BranchDestination();
if(mCp.GetId() != ZYDIS_MNEMONIC_JMP) //unconditional jumps dont have a brfalse
node.brfalse = node.end + mCp.Size();
node.brtrue = (duint)mZydis.BranchDestination();
if(mZydis.GetId() != ZYDIS_MNEMONIC_JMP) //unconditional jumps dont have a brfalse
node.brfalse = node.end + mZydis.Size();
//consider register/memory branches as terminal nodes
if(mCp.OpCount() && mCp[0].type != ZYDIS_OPERAND_TYPE_IMMEDIATE)
if(mZydis.OpCount() && mZydis[0].type != ZYDIS_OPERAND_TYPE_IMMEDIATE)
{
//jmp ptr [index * sizeof(duint) + switchTable]
if(mCp[0].type == ZYDIS_OPERAND_TYPE_MEMORY && mCp[0].mem.base == ZYDIS_REGISTER_NONE && mCp[0].mem.index != ZYDIS_REGISTER_NONE
&& mCp[0].mem.scale == sizeof(duint) && MemIsValidReadPtr(duint(mCp[0].mem.disp.value)))
if(mZydis[0].type == ZYDIS_OPERAND_TYPE_MEMORY && mZydis[0].mem.base == ZYDIS_REGISTER_NONE && mZydis[0].mem.index != ZYDIS_REGISTER_NONE
&& mZydis[0].mem.scale == sizeof(duint) && MemIsValidReadPtr(duint(mZydis[0].mem.disp.value)))
{
Memory<duint*> switchTable(512 * sizeof(duint));
duint actualSize, index;
MemRead(duint(mCp[0].mem.disp.value), switchTable(), 512 * sizeof(duint), &actualSize);
MemRead(duint(mZydis[0].mem.disp.value), switchTable(), 512 * sizeof(duint), &actualSize);
actualSize /= sizeof(duint);
for(index = 0; index < actualSize; index++)
if(MemIsCodePage(switchTable()[index], false) == false)
@ -257,17 +257,17 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
break;
}
if(mCp.IsCall())
if(mZydis.IsCall())
{
//TODO: add this to a queue to be analyzed later
}
if(mCp.IsRet())
if(mZydis.IsRet())
{
node.terminal = true;
graph.AddNode(node);
break;
}
node.end += mCp.Size();
node.end += mZydis.Size();
}
}
//second pass: split overlapping blocks introduced by backedges
@ -279,7 +279,7 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
while(addr < node.end)
{
icount++;
auto size = mCp.Disassemble(addr, translateAddr(addr)) ? mCp.Size() : 1;
auto size = mZydis.Disassemble(addr, translateAddr(addr)) ? mZydis.Size() : 1;
if(graph.nodes.count(addr + size))
{
node.end = addr;
@ -312,10 +312,10 @@ void RecursiveAnalysis::analyzeFunction(duint entryPoint)
auto addr = node.start;
while(addr <= node.end) //disassemble all instructions
{
auto size = mCp.Disassemble(addr, translateAddr(addr)) ? mCp.Size() : 1;
if(mCp.IsCall() && mCp.OpCount()) //call reg / call [reg+X]
auto size = mZydis.Disassemble(addr, translateAddr(addr)) ? mZydis.Size() : 1;
if(mZydis.IsCall() && mZydis.OpCount()) //call reg / call [reg+X]
{
auto & op = mCp[0];
auto & op = mZydis[0];
switch(op.type)
{
case ZYDIS_OPERAND_TYPE_REGISTER:

10
src/dbg/analysis/xrefsanalysis.cpp
View File

@ -17,19 +17,19 @@ void XrefsAnalysis::Analyse()
for(auto addr = mBase; addr < mBase + mSize;)
{
if(!mCp.Disassemble(addr, translateAddr(addr)))
if(!mZydis.Disassemble(addr, translateAddr(addr)))
{
addr++;
continue;
}
addr += mCp.Size();
addr += mZydis.Size();
XREF xref;
xref.addr = 0;
xref.from = mCp.Address();
for(auto i = 0; i < mCp.OpCount(); i++)
xref.from = (duint)mZydis.Address();
for(auto i = 0; i < mZydis.OpCount(); i++)
{
duint dest = mCp.ResolveOpValue(i, [](ZydisRegister)->size_t
auto dest = (duint)mZydis.ResolveOpValue(i, [](ZydisRegister) -> uint64_t
{
return 0;
});

2
src/dbg/commands/cmd-debug-control.cpp
View File

@ -504,7 +504,7 @@ static bool IsRepeated(const Zydis & zydis)
case ZYDIS_MNEMONIC_SCASW:
case ZYDIS_MNEMONIC_SCASD:
case ZYDIS_MNEMONIC_SCASQ:
return (zydis.GetInstr()->attributes & (ZYDIS_ATTRIB_HAS_REP | ZYDIS_ATTRIB_HAS_REPZ | ZYDIS_ATTRIB_HAS_REPNZ)) != 0;
return (zydis.GetInstr()->info.attributes & (ZYDIS_ATTRIB_HAS_REP | ZYDIS_ATTRIB_HAS_REPZ | ZYDIS_ATTRIB_HAS_REPNZ)) != 0;
}
return false;
}

4
src/dbg/commands/cmd-searching.cpp
View File

@ -710,9 +710,9 @@ static bool cbModCallFind(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFI
duint foundaddr = 0;
char label[MAX_LABEL_SIZE] = "";
char module[MAX_MODULE_SIZE] = "";
duint base = ModBaseFromAddr(disasm->Address()), size = 0;
duint base = ModBaseFromAddr((duint)disasm->Address()), size = 0;
if(!base)
base = MemFindBaseAddr(disasm->Address(), &size);
base = MemFindBaseAddr((duint)disasm->Address(), &size);
else
size = ModSizeFromAddr(base);
if(!base || !size)

63
src/dbg/commands/cmd-undocumented.cpp
View File

@ -243,23 +243,26 @@ bool cbInstrZydis(int argc, char* argv[])
if(!valfromstring(argv[2], &addr, false))
return false;
Zydis cp;
if(!cp.Disassemble(addr, data))
Zydis zydis;
if(!zydis.Disassemble(addr, data))
{
dputs_untranslated("Failed to disassemble!\n");
return false;
}
auto instr = cp.GetInstr();
int argcount = instr->operandCount;
dputs_untranslated(cp.InstructionText(true).c_str());
dprintf_untranslated("prefix size: %d\n", instr->raw.prefixes.count);
if(instr->attributes & ZYDIS_ATTRIB_HAS_REX)
dprintf_untranslated("rex.W: %d, rex.R: %d, rex.X: %d, rex.B: %d, rex.data: %02x\n", instr->raw.rex.W, instr->raw.rex.R, instr->raw.rex.X, instr->raw.rex.B, instr->raw.rex.data[0]);
dprintf_untranslated("disp.offset: %d, disp.size: %d\n", instr->raw.disp.offset, instr->raw.disp.size);
dprintf_untranslated("imm[0].offset: %d, imm[0].size: %d\n", instr->raw.imm[0].offset, instr->raw.imm[0].size);
dprintf_untranslated("imm[1].offset: %d, imm[1].size: %d\n", instr->raw.imm[1].offset, instr->raw.imm[1].size);
dprintf_untranslated("size: %d, id: %d, opcount: %d\n", cp.Size(), cp.GetId(), instr->operandCount);
auto instr = zydis.GetInstr();
int argcount = zydis.OpCount();
dputs_untranslated(zydis.InstructionText(true).c_str());
dprintf_untranslated("prefix size: %d\n", instr->info.raw.prefix_count);
if(instr->info.attributes & ZYDIS_ATTRIB_HAS_REX)
{
auto rexdata = data[instr->info.raw.rex.offset];
dprintf_untranslated("rex.W: %d, rex.R: %d, rex.X: %d, rex.B: %d, rex.data: %02x\n", instr->info.raw.rex.W, instr->info.raw.rex.R, instr->info.raw.rex.X, instr->info.raw.rex.B, rexdata);
}
dprintf_untranslated("disp.offset: %d, disp.size: %d\n", instr->info.raw.disp.offset, instr->info.raw.disp.size);
dprintf_untranslated("imm[0].offset: %d, imm[0].size: %d\n", instr->info.raw.imm[0].offset, instr->info.raw.imm[0].size);
dprintf_untranslated("imm[1].offset: %d, imm[1].size: %d\n", instr->info.raw.imm[1].offset, instr->info.raw.imm[1].size);
dprintf_untranslated("size: %d, id: %d, opcount: %d\n", zydis.Size(), zydis.GetId(), instr->info.operand_count);
auto rwstr = [](uint8_t action)
{
switch(action)
@ -297,11 +300,11 @@ bool cbInstrZydis(int argc, char* argv[])
for(int i = 0; i < argcount; i++)
{
const auto & op = instr->operands[i];
dprintf("operand %d (size: %d, access: %s, visibility: %s) \"%s\", ", i + 1, op.size, rwstr(op.action), vis(op.visibility), cp.OperandText(i).c_str());
dprintf("operand %d (size: %d, access: %s, visibility: %s) \"%s\", ", i + 1, op.size, rwstr(op.actions), vis(op.visibility), zydis.OperandText(i).c_str());
switch(op.type)
{
case ZYDIS_OPERAND_TYPE_REGISTER:
dprintf_untranslated("register: %s\n", cp.RegName(op.reg.value));
dprintf_untranslated("register: %s\n", zydis.RegName(op.reg.value));
break;
case ZYDIS_OPERAND_TYPE_IMMEDIATE:
dprintf_untranslated("immediate: 0x%p\n", op.imm.value.u);
@ -311,9 +314,9 @@ bool cbInstrZydis(int argc, char* argv[])
//[base + index * scale +/- disp]
const auto & mem = op.mem;
dprintf_untranslated("memory segment: %s, base: %s, index: %s, scale: %d, displacement: 0x%p\n",
cp.RegName(mem.segment),
cp.RegName(mem.base),
cp.RegName(mem.index),
zydis.RegName(mem.segment),
zydis.RegName(mem.base),
zydis.RegName(mem.index),
mem.scale,
mem.disp.value);
}
@ -348,7 +351,7 @@ bool cbInstrVisualize(int argc, char* argv[])
//DisassemblyBreakpointColor = #000000
{
//initialize
Zydis _cp;
Zydis zydis;
duint _base = start;
duint _size = maxaddr - start;
Memory<unsigned char*> _data(_size);
@ -376,14 +379,14 @@ bool cbInstrVisualize(int argc, char* argv[])
//continue algorithm
const unsigned char* curData = (addr >= _base && addr < _base + _size) ? _data() + (addr - _base) : nullptr;
if(_cp.Disassemble(addr, curData, MAX_DISASM_BUFFER))
if(zydis.Disassemble(addr, curData, MAX_DISASM_BUFFER))
{
if(addr + _cp.Size() > maxaddr) //we went past the maximum allowed address
if(addr + zydis.Size() > maxaddr) //we went past the maximum allowed address
break;
if((_cp.IsJump() || _cp.IsLoop()) && _cp.OpCount() && _cp[0].type == ZYDIS_OPERAND_TYPE_IMMEDIATE) //jump
if((zydis.IsJump() || zydis.IsLoop()) && zydis.OpCount() && zydis[0].type == ZYDIS_OPERAND_TYPE_IMMEDIATE) //jump
{
duint dest = (duint)_cp[0].imm.value.u;
duint dest = (duint)zydis[0].imm.value.u;
if(dest >= maxaddr) //jump across function boundaries
{
@ -393,19 +396,19 @@ bool cbInstrVisualize(int argc, char* argv[])
{
fardest = dest;
}
else if(end && dest < end && _cp.GetId() == ZYDIS_MNEMONIC_JMP) //save the last JMP backwards
else if(end && dest < end && zydis.GetId() == ZYDIS_MNEMONIC_JMP) //save the last JMP backwards
{
jumpback = addr;
}
}
else if(_cp.IsRet()) //possible function end?
else if(zydis.IsRet()) //possible function end?
{
end = addr;
if(fardest < addr) //we stop if the farthest JXX destination forward is before this RET
break;
}
addr += _cp.Size();
addr += zydis.Size();
}
else
addr++;
@ -471,22 +474,22 @@ bool cbInstrBriefcheck(int argc, char* argv[])
return false;
Memory<unsigned char*> buffer(size + 16);
DbgMemRead(base, buffer(), size);
Zydis cp;
Zydis zydis;
std::unordered_set<String> reported;
for(duint i = 0; i < size;)
{
if(!cp.Disassemble(base + i, buffer() + i, 16))
if(!zydis.Disassemble(base + i, buffer() + i, 16))
{
i++;
continue;
}
i += cp.Size();
auto mnem = StringUtils::ToLower(cp.Mnemonic());
i += zydis.Size();
auto mnem = StringUtils::ToLower(zydis.Mnemonic());
auto brief = MnemonicHelp::getBriefDescription(mnem.c_str());
if(brief.length() || reported.count(mnem))
continue;
reported.insert(mnem);
dprintf_untranslated("%p: %s\n", cp.Address(), mnem.c_str());
dprintf_untranslated("%p: %s\n", zydis.Address(), mnem.c_str());
}
return true;
}

4
src/dbg/debugger.cpp
View File

@ -1263,8 +1263,8 @@ void cbRtrStep()
#endif //_WIN64
)
{
Zydis cp;
if(cp.Disassemble(cip, data) && cp.IsRet())
Zydis zydis;
if(zydis.Disassemble(cip, data) && zydis.IsRet())
reachedReturn = true;
}
}

10
src/dbg/disasm_fast.cpp
View File

@ -83,17 +83,17 @@ bool disasmfast(const unsigned char* data, duint addr, BASIC_INSTRUCTION_INFO* b
{
if(!data || !basicinfo)
return false;
Zydis cp;
cp.Disassemble(addr, data, MAX_DISASM_BUFFER);
if(trydisasmfast(data, addr, basicinfo, cp.Success() ? cp.Size() : 1))
Zydis zydis;
zydis.Disassemble(addr, data, MAX_DISASM_BUFFER);
if(trydisasmfast(data, addr, basicinfo, zydis.Success() ? zydis.Size() : 1))
return true;
if(!cp.Success())
if(!zydis.Success())
{
strcpy_s(basicinfo->instruction, "???");
basicinfo->size = 1;
return false;
}
fillbasicinfo(&cp, basicinfo);
fillbasicinfo(&zydis, basicinfo);
return true;
}

58
src/dbg/disasm_helper.cpp
View File

@ -22,7 +22,7 @@ duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n)
unsigned char* pdata;
// Reset Disasm Structure
Zydis cp;
Zydis zydis;
// Check if the pointer is not null
if(data == NULL)
@ -58,10 +58,10 @@ duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n)
{
abuf[i % 128] = addr;
if(!cp.Disassemble(0, pdata, (int)size))
if(!zydis.Disassemble(0, pdata, (int)size))
cmdsize = 1;
else
cmdsize = cp.Size();
cmdsize = zydis.Size();
pdata += cmdsize;
addr += cmdsize;
@ -82,7 +82,7 @@ duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n)
unsigned char* pdata;
// Reset Disasm Structure
Zydis cp;
Zydis zydis;
if(data == NULL)
return 0;
@ -98,10 +98,10 @@ duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n)
for(i = 0; i < n && size > 0; i++)
{
if(!cp.Disassemble(0, pdata, (int)size))
if(!zydis.Disassemble(0, pdata, (int)size))
cmdsize = 1;
else
cmdsize = cp.Size();
cmdsize = zydis.Size();
pdata += cmdsize;
ip += cmdsize;
@ -111,16 +111,16 @@ duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n)
return ip;
}
static void HandleZydisOperand(Zydis & cp, int opindex, DISASM_ARG* arg, bool getregs)
static void HandleZydisOperand(Zydis & zydis, int opindex, DISASM_ARG* arg, bool getregs)
{
auto value = cp.ResolveOpValue(opindex, [&cp, getregs](ZydisRegister reg)
auto value = (duint)zydis.ResolveOpValue(opindex, [&zydis, getregs](ZydisRegister reg)
{
auto regName = getregs ? cp.RegName(reg) : nullptr;
auto regName = getregs ? zydis.RegName(reg) : nullptr;
return regName ? getregister(nullptr, regName) : 0; //TODO: temporary needs enums + caching
});
const auto & op = cp[opindex];
const auto & op = zydis[opindex];
arg->segment = SEG_DEFAULT;
auto opText = cp.OperandText(opindex);
auto opText = zydis.OperandText(opindex);
StringUtils::ReplaceAll(opText, "0x", "");
strcpy_s(arg->mnemonic, opText.c_str());
switch(op.type)
@ -144,7 +144,7 @@ static void HandleZydisOperand(Zydis & cp, int opindex, DISASM_ARG* arg, bool ge
arg->type = arg_memory;
const auto & mem = op.mem;
if(mem.base == ZYDIS_REGISTER_RIP) //rip-relative
arg->constant = cp.Address() + duint(mem.disp.value) + cp.Size();
arg->constant = (duint)zydis.Address() + duint(mem.disp.value) + zydis.Size();
else
arg->constant = duint(mem.disp.value);
if(mem.segment == ArchValue(ZYDIS_REGISTER_FS, ZYDIS_REGISTER_GS))
@ -216,13 +216,13 @@ static void HandleZydisOperand(Zydis & cp, int opindex, DISASM_ARG* arg, bool ge
}
}
void disasmget(Zydis & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
void disasmget(Zydis & zydis, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
{
memset(instr, 0, sizeof(DISASM_INSTR));
cp.Disassemble(addr, buffer, MAX_DISASM_BUFFER);
if(trydisasm(buffer, addr, instr, cp.Success() ? cp.Size() : 1))
zydis.Disassemble(addr, buffer, MAX_DISASM_BUFFER);
if(trydisasm(buffer, addr, instr, zydis.Success() ? zydis.Size() : 1))
return;
if(!cp.Success())
if(!zydis.Success())
{
strcpy_s(instr->instruction, "???");
instr->instr_size = 1;
@ -230,21 +230,21 @@ void disasmget(Zydis & cp, unsigned char* buffer, duint addr, DISASM_INSTR* inst
instr->argcount = 0;
return;
}
auto cpInstr = cp.GetInstr();
strncpy_s(instr->instruction, cp.InstructionText().c_str(), _TRUNCATE);
instr->instr_size = cpInstr->length;
if(cp.IsBranchType(Zydis::BTJmp | Zydis::BTLoop | Zydis::BTRet | Zydis::BTCall))
auto zyInstr = zydis.GetInstr();
strncpy_s(instr->instruction, zydis.InstructionText().c_str(), _TRUNCATE);
instr->instr_size = zyInstr->info.length;
if(zydis.IsBranchType(Zydis::BTJmp | Zydis::BTLoop | Zydis::BTRet | Zydis::BTCall))
instr->type = instr_branch;
else if(strstr(instr->instruction, "sp") || strstr(instr->instruction, "bp"))
instr->type = instr_stack;
else
instr->type = instr_normal;
instr->argcount = cp.OpCount() <= 3 ? cp.OpCount() : 3;
instr->argcount = zydis.OpCount() <= 3 ? zydis.OpCount() : 3;
for(int i = 0; i < instr->argcount; i++)
HandleZydisOperand(cp, i, &instr->arg[i], getregs);
HandleZydisOperand(zydis, i, &instr->arg[i], getregs);
}
void disasmget(Zydis & cp, duint addr, DISASM_INSTR* instr, bool getregs)
void disasmget(Zydis & zydis, duint addr, DISASM_INSTR* instr, bool getregs)
{
if(!DbgIsDebugging())
{
@ -254,15 +254,15 @@ void disasmget(Zydis & cp, duint addr, DISASM_INSTR* instr, bool getregs)
}
unsigned char buffer[MAX_DISASM_BUFFER] = "";
if(MemRead(addr, buffer, sizeof(buffer)))
disasmget(cp, buffer, addr, instr, getregs);
disasmget(zydis, buffer, addr, instr, getregs);
else
memset(instr, 0, sizeof(DISASM_INSTR)); // Buffer overflow
}
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs)
{
Zydis cp;
disasmget(cp, buffer, addr, instr, getregs);
Zydis zydis;
disasmget(zydis, buffer, addr, instr, getregs);
}
void disasmget(duint addr, DISASM_INSTR* instr, bool getregs)
@ -518,10 +518,10 @@ bool disasmgetstringatwrapper(duint addr, char* dest, bool cache)
int disasmgetsize(duint addr, unsigned char* data)
{
Zydis cp;
if(!cp.Disassemble(addr, data, MAX_DISASM_BUFFER))
Zydis zydis;
if(!zydis.Disassemble(addr, data, MAX_DISASM_BUFFER))
return 1;
return int(EncodeMapGetSize(addr, cp.Size()));
return int(EncodeMapGetSize(addr, zydis.Size()));
}
int disasmgetsize(duint addr)

4
src/dbg/disasm_helper.h
View File

@ -7,8 +7,8 @@
//functions
duint disasmback(unsigned char* data, duint base, duint size, duint ip, int n);
duint disasmnext(unsigned char* data, duint base, duint size, duint ip, int n);
void disasmget(Zydis & cp, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Zydis & cp, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Zydis & zydis, unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(Zydis & zydis, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(unsigned char* buffer, duint addr, DISASM_INSTR* instr, bool getregs = true);
void disasmget(duint addr, DISASM_INSTR* instr, bool getregs = true);
bool disasmispossiblestring(duint addr, STRING_TYPE* type = nullptr);

6
src/dbg/encodemap.cpp
View File

@ -287,7 +287,7 @@ bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type, bool* created)
memset(map.data + offset, (byte)enc_middle, size);
if(IsCodeType(type) && size > 1)
{
Zydis cp;
Zydis zydis;
Memory<unsigned char*> buffer(size);
if(!MemRead(addr, buffer(), size))
return false;
@ -296,8 +296,8 @@ bool EncodeMapSetType(duint addr, duint size, ENCODETYPE type, bool* created)
for(auto i = offset; i < offset + size;)
{
map.data[i] = (byte)type;
cp.Disassemble(base + i, buffer() + bufferoffset, int(buffersize - bufferoffset));
cmdsize = cp.Success() ? cp.Size() : 1;
zydis.Disassemble(base + i, buffer() + bufferoffset, int(buffersize - bufferoffset));
cmdsize = zydis.Success() ? zydis.Size() : 1;
i += cmdsize;
bufferoffset += cmdsize;
buffersize -= cmdsize;

14
src/dbg/exprfunc.cpp
View File

@ -282,9 +282,9 @@ namespace Exprfunc
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Zydis cp;
if(cp.Disassemble(addr, data))
return cp.IsNop();
Zydis zydis;
if(zydis.Disassemble(addr, data))
return zydis.IsNop();
}
return false;
}
@ -294,9 +294,9 @@ namespace Exprfunc
unsigned char data[16];
if(MemRead(addr, data, sizeof(data), nullptr, true))
{
Zydis cp;
if(cp.Disassemble(addr, data))
return cp.IsUnusual();
Zydis zydis;
if(zydis.Disassemble(addr, data))
return zydis.IsUnusual();
}
return false;
}
@ -455,7 +455,7 @@ namespace Exprfunc
duint rdtsc()
{
return __rdtsc();
return (duint)__rdtsc();
}
static duint readMem(duint addr, duint size)

30
src/dbg/reference.cpp
View File

@ -63,14 +63,14 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "%s (Region %p)")), Name, scanStart);
// Initialize disassembler
Zydis cp;
Zydis zydis;
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, true, [](int percent)
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, zydis, true, [](int percent)
{
GuiReferenceSetCurrentTaskProgress(percent, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Region Search")));
GuiReferenceSetProgress(percent);
@ -104,14 +104,14 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
sprintf_s(fullName, "%s (%p)", Name, scanStart);
// Initialize disassembler
Zydis cp;
Zydis zydis;
// Allow an "initialization" notice
refInfo.refcount = 0;
refInfo.userinfo = UserData;
refInfo.name = fullName;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, true, [](int percent)
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, zydis, true, [](int percent)
{
GuiReferenceSetCurrentTaskProgress(percent, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "Module Search")));
GuiReferenceSetProgress(percent);
@ -147,7 +147,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
}
// Initialize disassembler
Zydis cp;
Zydis zydis;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "User Modules (%s)")), Name);
@ -165,7 +165,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
scanStart = modList[i].base;
scanSize = modList[i].size;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, zydis, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
@ -209,7 +209,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
}
// Initialize disassembler
Zydis cp;
Zydis zydis;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "System Modules (%s)")), Name);
@ -228,7 +228,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
scanSize = modList[i].size;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, zydis, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
@ -271,7 +271,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
}
// Initialize disassembler
Zydis cp;
Zydis zydis;
// Determine the full module
sprintf_s(fullName, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "All Modules (%s)")), Name);
@ -289,7 +289,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
if(i != 0)
initCallBack = false;
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, cp, initCallBack, [&i, &modList](int percent)
RefFindInRange(scanStart, scanSize, Callback, UserData, Silent, refInfo, zydis, initCallBack, [&i, &modList](int percent)
{
float fPercent = (float)percent / 100.f;
float fTotalPercent = ((float)i + fPercent) / (float)modList.size();
@ -309,7 +309,7 @@ int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Sile
return refInfo.refcount;
}
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText)
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & zydis, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText)
{
// Allocate and read a buffer from the remote process
Memory<unsigned char*> data(scanSize, "reffind:data");
@ -339,15 +339,15 @@ int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserDa
int disasmMaxSize = min(MAX_DISASM_BUFFER, (int)(scanSize - i)); // Prevent going past the boundary
int disasmLen = 1;
if(cp.Disassemble(scanStart, data() + i, disasmMaxSize))
if(zydis.Disassemble(scanStart, data() + i, disasmMaxSize))
{
BASIC_INSTRUCTION_INFO basicinfo;
fillbasicinfo(&cp, &basicinfo, disasmText);
fillbasicinfo(&zydis, &basicinfo, disasmText);
if(Callback(&cp, &basicinfo, &refInfo))
if(Callback(&zydis, &basicinfo, &refInfo))
refInfo.refcount++;
disasmLen = cp.Size();
disasmLen = zydis.Size();
}
else
{

2
src/dbg/reference.h
View File

@ -26,6 +26,6 @@ typedef bool (*CBREF)(Zydis* disasm, BASIC_INSTRUCTION_INFO* basicinfo, REFINFO*
typedef std::function<void(int)> CBPROGRESS;
int RefFind(duint Address, duint Size, CBREF Callback, void* UserData, bool Silent, const char* Name, REFFINDTYPE type, bool disasmText);
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & cp, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText);
int RefFindInRange(duint scanStart, duint scanSize, CBREF Callback, void* UserData, bool Silent, REFINFO & refInfo, Zydis & zydis, bool initCallBack, const CBPROGRESS & cbUpdateProgress, bool disasmText);
#endif // _REFERENCE_H

3
src/dbg/x64dbg.cpp
View File

@ -699,8 +699,6 @@ extern "C" DLL_EXPORT const char* _dbg_dbginit()
dputs(QT_TRANSLATE_NOOP("DBG", "Setting JSON memory management functions..."));
json_set_alloc_funcs(json_malloc, json_free);
//#endif //ENABLE_MEM_TRACE
dputs(QT_TRANSLATE_NOOP("DBG", "Initializing Zydis..."));
Zydis::GlobalInitialize();
dputs(QT_TRANSLATE_NOOP("DBG", "Getting directory information..."));
strcpy_s(scriptDllDir, szUserDir);
@ -833,7 +831,6 @@ extern "C" DLL_EXPORT void _dbg_dbgexitsignal()
dputs(QT_TRANSLATE_NOOP("DBG", "Cleaning up allocated data..."));
cmdfree();
varfree();
Zydis::GlobalFinalize();
dputs(QT_TRANSLATE_NOOP("DBG", "Cleaning up wait objects..."));
waitdeinitialize();
SafeDbghelpDeinitialize();

166
src/zydis_wrapper/zydis_wrapper.cpp
View File

@ -72,29 +72,29 @@ void Zydis::Reset(bool disasm64)
ZydisDecoderInit(&mDecoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_STACK_WIDTH_32);
}
bool Zydis::Disassemble(size_t addr, const unsigned char data[MAX_DISASM_BUFFER])
bool Zydis::Disassemble(uint64_t addr, const unsigned char data[MAX_DISASM_BUFFER])
{
return Disassemble(addr, data, MAX_DISASM_BUFFER);
}
bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
bool Zydis::Disassemble(uint64_t addr, const unsigned char* data, size_t size)
{
if(!data || !size)
if(data == nullptr || size == 0)
return false;
mAddr = addr;
mSuccess = false;
// Decode instruction.
if(!ZYAN_SUCCESS(ZydisDecoderDecodeFull(&mDecoder, data, size, &mInstr, mOperands)))
if(!ZYAN_SUCCESS(ZydisDecoderDecodeFull(&mDecoder, data, size, &mInstr.info, mInstr.operands)))
return false;
// Format it to human readable representation.
if(!ZYAN_SUCCESS(ZydisFormatterFormatInstruction(
&mFormatter,
&mInstr,
mOperands,
mInstr.operand_count,
&mInstr.info,
mInstr.operands,
mInstr.info.operand_count,
mInstrText,
sizeof(mInstrText),
mAddr,
@ -103,9 +103,9 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
// Count explicit operands.
mVisibleOpCount = 0;
for(size_t i = 0; i < mInstr.operand_count; ++i)
for(ZyanU8 i = 0; i < mInstr.info.operand_count; ++i)
{
auto & op = mOperands[i];
auto & op = mInstr.operands[i];
// Rebase IMM if relative and DISP if absolute (codebase expects it this way).
// Once, at some point in time, the disassembler is abstracted away more and more,
@ -113,7 +113,7 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
// such transformations in the getters instead.
if(op.type == ZYDIS_OPERAND_TYPE_IMMEDIATE && op.imm.is_relative)
{
ZydisCalcAbsoluteAddress(&mInstr, &op, mAddr, &op.imm.value.u);
ZydisCalcAbsoluteAddress(&mInstr.info, &op, mAddr, &op.imm.value.u);
op.imm.is_relative = false; //hack to prevent OperandText from returning bogus values
}
else if(op.type == ZYDIS_OPERAND_TYPE_MEMORY &&
@ -122,7 +122,7 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
op.mem.disp.value != 0)
{
//TODO: what is this used for?
ZydisCalcAbsoluteAddress(&mInstr, &op, mAddr, (uint64_t*)&op.mem.disp.value);
ZydisCalcAbsoluteAddress(&mInstr.info, &op, mAddr, (uint64_t*)&op.mem.disp.value);
}
if(op.visibility == ZYDIS_OPERAND_VISIBILITY_HIDDEN)
@ -135,15 +135,15 @@ bool Zydis::Disassemble(size_t addr, const unsigned char* data, int size)
return true;
}
bool Zydis::DisassembleSafe(size_t addr, const unsigned char* data, int size)
bool Zydis::DisassembleSafe(uint64_t addr, const unsigned char* data, size_t size)
{
unsigned char dataSafe[MAX_DISASM_BUFFER];
memset(dataSafe, 0, sizeof(dataSafe));
memcpy(dataSafe, data, std::min(sizeof(dataSafe), size_t(size)));
memcpy(dataSafe, data, std::min(sizeof(dataSafe), size));
return Disassemble(addr, dataSafe);
}
const ZydisDecodedInstruction* Zydis::GetInstr() const
const ZydisDisassembledInstruction* Zydis::GetInstr() const
{
if(!Success())
return nullptr;
@ -180,27 +180,27 @@ const char* Zydis::RegName(ZydisRegister reg) const
}
}
std::string Zydis::OperandText(int opindex) const
std::string Zydis::OperandText(uint8_t opindex) const
{
if(!Success() || opindex >= mInstr.operand_count)
if(!Success() || opindex >= mInstr.info.operand_count)
return std::string();
auto & op = mOperands[opindex];
auto & op = mInstr.operands[opindex];
char buf[200];
if(ZYAN_SUCCESS(ZydisFormatterFormatOperand(&this->mFormatter, &mInstr, &mOperands[opindex], buf, sizeof(buf), mAddr, nullptr)))
if(ZYAN_SUCCESS(ZydisFormatterFormatOperand(&this->mFormatter, &mInstr.info, &mInstr.operands[opindex], buf, sizeof(buf), mAddr, nullptr)))
return std::string(buf);
else
return std::string();
}
int Zydis::Size() const
uint8_t Zydis::Size() const
{
if(!Success())
return 1;
return GetInstr()->length;
return GetInstr()->info.length;
}
size_t Zydis::Address() const
uint64_t Zydis::Address() const
{
if(!Success())
return 0;
@ -212,7 +212,7 @@ bool Zydis::IsFilling() const
if(!Success())
return false;
switch(mInstr.mnemonic)
switch(mInstr.info.mnemonic)
{
case ZYDIS_MNEMONIC_NOP:
case ZYDIS_MNEMONIC_INT3:
@ -228,18 +228,18 @@ bool Zydis::IsBranchType(std::underlying_type<BranchType>::type bt) const
return false;
std::underlying_type<BranchType>::type ref = 0;
const auto & op0 = mOperands[0];
const auto & op0 = mInstr.operands[0];
switch(mInstr.mnemonic)
switch(mInstr.info.mnemonic)
{
case ZYDIS_MNEMONIC_RET:
ref = (mInstr.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarRet : BTRet;
ref = (mInstr.info.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarRet : BTRet;
break;
case ZYDIS_MNEMONIC_CALL:
ref = (mInstr.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarCall : BTCall;
ref = (mInstr.info.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarCall : BTCall;
break;
case ZYDIS_MNEMONIC_JMP:
ref = (mInstr.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarJmp : BTUncondJmp;
ref = (mInstr.info.meta.branch_type == ZYDIS_BRANCH_TYPE_FAR) ? BTFarJmp : BTUncondJmp;
break;
case ZYDIS_MNEMONIC_JB:
case ZYDIS_MNEMONIC_JBE:
@ -310,7 +310,7 @@ ZydisMnemonic Zydis::GetId() const
{
if(!Success())
return ZYDIS_MNEMONIC_INVALID;
return mInstr.mnemonic;
return mInstr.info.mnemonic;
}
std::string Zydis::InstructionText(bool replaceRipRelative) const
@ -337,10 +337,18 @@ std::string Zydis::InstructionText(bool replaceRipRelative) const
auto end = result.find("]", found);
auto ripStr = result.substr(found + 1, end - found - 1);
uint64_t offset;
#ifdef _MSC_VER
sscanf_s(ripStr.substr(ripStr.rfind(' ') + 1).c_str(), "%llX", &offset);
#else
sscanf(ripStr.substr(ripStr.rfind(' ') + 1).c_str(), "%llX", &offset);
#endif // _MSC_VER
auto dest = ripPlus ? (wVA + offset + Size()) : (wVA - offset + Size());
char buf[20];
#ifdef _MSC_VER
sprintf_s(buf, "0x%llx", dest);
#else
snprintf(buf, sizeof(buf), "0x%llx", dest);
#endif // _MSC_VER
result.replace(found + 1, ripStr.length(), buf);
}
}
@ -348,18 +356,18 @@ std::string Zydis::InstructionText(bool replaceRipRelative) const
return result;
}
int Zydis::OpCount() const
uint8_t Zydis::OpCount() const
{
if(!Success())
return 0;
return mVisibleOpCount;
}
const ZydisDecodedOperand & Zydis::operator[](int index) const
const ZydisDecodedOperand & Zydis::operator[](uint8_t index) const
{
if(!Success() || index < 0 || index >= OpCount())
if(!Success() || index >= OpCount())
throw std::out_of_range("Operand out of range");
return mOperands[index];
return mInstr.operands[index];
}
bool Zydis::IsSafeNopRegOp(const ZydisDecodedOperand & op) const
@ -398,9 +406,9 @@ bool Zydis::IsNop() const
if(!Success())
return false;
const auto & ops = mOperands;
const auto & ops = mInstr.operands;
switch(mInstr.mnemonic)
switch(mInstr.info.mnemonic)
{
case ZYDIS_MNEMONIC_NOP:
case ZYDIS_MNEMONIC_PAUSE:
@ -497,7 +505,7 @@ bool Zydis::IsPushPop() const
if(!Success())
return false;
switch(mInstr.meta.category)
switch(mInstr.info.meta.category)
{
case ZYDIS_CATEGORY_PUSH:
case ZYDIS_CATEGORY_POP:
@ -513,13 +521,13 @@ bool Zydis::IsUnusual() const
if(!Success())
return false;
auto id = mInstr.mnemonic;
return mInstr.attributes & ZYDIS_ATTRIB_IS_PRIVILEGED
|| mInstr.meta.category == ZYDIS_CATEGORY_IO
|| mInstr.meta.category == ZYDIS_CATEGORY_IOSTRINGOP
|| mInstr.meta.category == ZYDIS_CATEGORY_RDWRFSGS
|| mInstr.meta.category == ZYDIS_CATEGORY_SGX
|| mInstr.meta.category == ZYDIS_CATEGORY_INTERRUPT
auto id = mInstr.info.mnemonic;
return mInstr.info.attributes & ZYDIS_ATTRIB_IS_PRIVILEGED
|| mInstr.info.meta.category == ZYDIS_CATEGORY_IO
|| mInstr.info.meta.category == ZYDIS_CATEGORY_IOSTRINGOP
|| mInstr.info.meta.category == ZYDIS_CATEGORY_RDWRFSGS
|| mInstr.info.meta.category == ZYDIS_CATEGORY_SGX
|| mInstr.info.meta.category == ZYDIS_CATEGORY_INTERRUPT
|| id == ZYDIS_MNEMONIC_SYSCALL
|| id == ZYDIS_MNEMONIC_SYSENTER
|| id == ZYDIS_MNEMONIC_CPUID
@ -544,10 +552,10 @@ std::string Zydis::Mnemonic() const
{
if(!Success())
return "???";
return ZydisMnemonicGetStringHook(mInstr.mnemonic);
return ZydisMnemonicGetStringHook(mInstr.info.mnemonic);
}
const char* Zydis::MemSizeName(int size) const
const char* Zydis::MemSizeName(size_t size) const
{
switch(size)
{
@ -578,30 +586,30 @@ const char* Zydis::MemSizeName(int size) const
}
}
size_t Zydis::BranchDestination() const
uint64_t Zydis::BranchDestination() const
{
if(!Success()
|| mOperands[0].type != ZYDIS_OPERAND_TYPE_IMMEDIATE
|| mInstr.operands[0].type != ZYDIS_OPERAND_TYPE_IMMEDIATE
/*|| !mInstr.operands[0].imm.isRelative HACKED*/)
return 0;
return size_t(mOperands[0].imm.value.u);
return uint64_t(mInstr.operands[0].imm.value.u);
}
size_t Zydis::ResolveOpValue(int opindex, const std::function<size_t(ZydisRegister)> & resolveReg) const
uint64_t Zydis::ResolveOpValue(uint8_t opindex, const std::function<uint64_t(ZydisRegister)> & resolveReg) const
{
size_t dest = 0;
const auto & op = mOperands[opindex];
uint64_t dest = 0;
const auto & op = mInstr.operands[opindex];
switch(op.type)
{
case ZYDIS_OPERAND_TYPE_IMMEDIATE:
dest = size_t(op.imm.value.u);
dest = uint64_t(op.imm.value.u);
break;
case ZYDIS_OPERAND_TYPE_REGISTER:
dest = resolveReg(op.reg.value);
break;
case ZYDIS_OPERAND_TYPE_MEMORY:
dest = size_t(op.mem.disp.value);
dest = uint64_t(op.mem.disp.value);
if(op.mem.base == ZYDIS_REGISTER_RIP) //rip-relative
dest += Address() + Size();
else
@ -613,13 +621,13 @@ size_t Zydis::ResolveOpValue(int opindex, const std::function<size_t(ZydisRegist
return dest;
}
Zydis::VectorElementType Zydis::getVectorElementType(int opindex) const
Zydis::VectorElementType Zydis::getVectorElementType(uint8_t opindex) const
{
if(!Success())
return Zydis::VETDefault;
if(opindex >= mInstr.operand_count)
if(opindex >= mInstr.info.operand_count)
return Zydis::VETDefault;
const auto & op = mOperands[opindex];
const auto & op = mInstr.operands[opindex];
switch(op.element_type)
{
case ZYDIS_ELEMENT_TYPE_FLOAT32:
@ -631,20 +639,20 @@ Zydis::VectorElementType Zydis::getVectorElementType(int opindex) const
}
}
bool Zydis::IsBranchGoingToExecute(size_t cflags, size_t ccx) const
bool Zydis::IsBranchGoingToExecute(uint32_t eflags, uint64_t ccx) const
{
if(!Success())
return false;
return IsBranchGoingToExecute(mInstr.mnemonic, cflags, ccx);
return IsBranchGoingToExecute(mInstr.info.mnemonic, eflags, ccx);
}
bool Zydis::IsBranchGoingToExecute(ZydisMnemonic id, size_t cflags, size_t ccx)
bool Zydis::IsBranchGoingToExecute(ZydisMnemonic id, uint32_t eflags, uint64_t ccx)
{
auto bCF = (cflags & (1 << 0)) != 0;
auto bPF = (cflags & (1 << 2)) != 0;
auto bZF = (cflags & (1 << 6)) != 0;
auto bSF = (cflags & (1 << 7)) != 0;
auto bOF = (cflags & (1 << 11)) != 0;
auto bCF = (eflags & (1 << 0)) != 0;
auto bPF = (eflags & (1 << 2)) != 0;
auto bZF = (eflags & (1 << 6)) != 0;
auto bSF = (eflags & (1 << 7)) != 0;
auto bOF = (eflags & (1 << 11)) != 0;
switch(id)
{
case ZYDIS_MNEMONIC_CALL:
@ -698,20 +706,20 @@ bool Zydis::IsBranchGoingToExecute(ZydisMnemonic id, size_t cflags, size_t ccx)
}
}
bool Zydis::IsConditionalGoingToExecute(size_t cflags, size_t ccx) const
bool Zydis::IsConditionalGoingToExecute(uint32_t eflags, uint64_t ccx) const
{
if(!Success())
return false;
return IsConditionalGoingToExecute(mInstr.mnemonic, cflags, ccx);
return IsConditionalGoingToExecute(mInstr.info.mnemonic, eflags, ccx);
}
bool Zydis::IsConditionalGoingToExecute(ZydisMnemonic id, size_t cflags, size_t ccx)
bool Zydis::IsConditionalGoingToExecute(ZydisMnemonic id, uint32_t eflags, uint64_t ccx)
{
auto bCF = (cflags & (1 << 0)) != 0;
auto bPF = (cflags & (1 << 2)) != 0;
auto bZF = (cflags & (1 << 6)) != 0;
auto bSF = (cflags & (1 << 7)) != 0;
auto bOF = (cflags & (1 << 11)) != 0;
auto bCF = (eflags & (1 << 0)) != 0;
auto bPF = (eflags & (1 << 2)) != 0;
auto bZF = (eflags & (1 << 6)) != 0;
auto bSF = (eflags & (1 << 7)) != 0;
auto bOF = (eflags & (1 << 11)) != 0;
switch(id)
{
case ZYDIS_MNEMONIC_CMOVNBE: //conditional move - above/not below nor equal
@ -805,9 +813,9 @@ void Zydis::RegInfo(uint8_t regs[ZYDIS_REGISTER_MAX_VALUE + 1]) const
if(!Success() || IsNop())
return;
for(int i = 0; i < mInstr.operand_count; ++i)
for(int i = 0; i < mInstr.info.operand_count; ++i)
{
const auto & op = mOperands[i];
const auto & op = mInstr.operands[i];
switch(op.type)
{
@ -897,16 +905,16 @@ void Zydis::BytesGroup(uint8_t* prefixSize, uint8_t* opcodeSize, uint8_t* group1
{
if(Success())
{
*prefixSize = mInstr.raw.prefix_count;
*group1Size = mInstr.raw.disp.size / 8;
*group2Size = mInstr.raw.imm[0].size / 8;
*group3Size = mInstr.raw.imm[1].size / 8;
*opcodeSize = mInstr.length - *prefixSize - *group1Size - *group2Size - *group3Size;
*prefixSize = mInstr.info.raw.prefix_count;
*group1Size = mInstr.info.raw.disp.size / 8;
*group2Size = mInstr.info.raw.imm[0].size / 8;
*group3Size = mInstr.info.raw.imm[1].size / 8;
*opcodeSize = mInstr.info.length - *prefixSize - *group1Size - *group2Size - *group3Size;
}
else
{
*prefixSize = 0;
*opcodeSize = mInstr.length;
*opcodeSize = mInstr.info.length;
*group1Size = 0;
*group2Size = 0;
*group3Size = 0;

45
src/zydis_wrapper/zydis_wrapper.h
View File

@ -1,5 +1,7 @@
#pragma once
#define ZYCORE_STATIC_BUILD
#define ZYDIS_STATIC_BUILD
#include "Zydis/Zydis.h"
#include <type_traits>
#include <functional>
@ -10,35 +12,41 @@
class Zydis
{
public:
#ifdef _WIN64
Zydis() : Zydis(true) {}
#elif _WIN32
Zydis() : Zydis(false) {}
#endif // _WIN64
explicit Zydis(bool disasm64);
Zydis(const Zydis & zydis) = delete;
~Zydis() = default;
void Reset(bool disasm64);
bool Disassemble(size_t addr, const unsigned char data[MAX_DISASM_BUFFER]);
bool Disassemble(size_t addr, const unsigned char* data, int size);
bool DisassembleSafe(size_t addr, const unsigned char* data, int size);
const ZydisDecodedInstruction* GetInstr() const;
bool Disassemble(uint64_t addr, const unsigned char data[MAX_DISASM_BUFFER]);
bool Disassemble(uint64_t addr, const unsigned char* data, size_t size);
bool DisassembleSafe(uint64_t addr, const unsigned char* data, size_t size);
const ZydisDisassembledInstruction* GetInstr() const;
bool Success() const;
const char* RegName(ZydisRegister reg) const;
std::string OperandText(int opindex) const;
int Size() const;
size_t Address() const;
std::string OperandText(uint8_t opindex) const;
uint8_t Size() const;
uint64_t Address() const;
bool IsFilling() const;
bool IsUnusual() const;
bool IsNop() const;
bool IsPushPop() const;
ZydisMnemonic GetId() const;
std::string InstructionText(bool replaceRipRelative = true) const;
int OpCount() const;
const ZydisDecodedOperand & operator[](int index) const;
uint8_t OpCount() const;
const ZydisDecodedOperand & operator[](uint8_t index) const;
std::string Mnemonic() const;
const char* MemSizeName(int size) const;
size_t BranchDestination() const;
size_t ResolveOpValue(int opindex, const std::function<size_t(ZydisRegister)> & resolveReg) const;
bool IsBranchGoingToExecute(size_t cflags, size_t ccx) const;
static bool IsBranchGoingToExecute(ZydisMnemonic id, size_t cflags, size_t ccx);
bool IsConditionalGoingToExecute(size_t cflags, size_t ccx) const;
static bool IsConditionalGoingToExecute(ZydisMnemonic id, size_t cflags, size_t ccx);
const char* MemSizeName(size_t size) const;
uint64_t BranchDestination() const;
uint64_t ResolveOpValue(uint8_t opindex, const std::function<uint64_t(ZydisRegister)> & resolveReg) const;
bool IsBranchGoingToExecute(uint32_t eflags, uint64_t ccx) const;
static bool IsBranchGoingToExecute(ZydisMnemonic id, uint32_t eflags, uint64_t ccx);
bool IsConditionalGoingToExecute(uint32_t eflags, uint64_t ccx) const;
static bool IsConditionalGoingToExecute(ZydisMnemonic id, uint32_t eflags, uint64_t ccx);
void BytesGroup(uint8_t* prefixSize, uint8_t* opcodeSize, uint8_t* group1Size, uint8_t* group2Size, uint8_t* group3Size) const;
enum RegAccessInfo : uint8_t
@ -98,7 +106,7 @@ public:
VETInt32,
VETInt64
};
VectorElementType getVectorElementType(int opindex) const;
VectorElementType getVectorElementType(uint8_t opindex) const;
// Shortcuts.
bool IsRet() const { return IsBranchType(BTRet); }
@ -113,8 +121,7 @@ private:
ZydisFormatter mFormatter;
bool mDisasm64;
uint64_t mAddr = 0;
ZydisDecodedInstruction mInstr;
ZydisDecodedOperand mOperands[ZYDIS_MAX_OPERAND_COUNT];
ZydisDisassembledInstruction mInstr;
char mInstrText[200];
bool mSuccess = false;
uint8_t mVisibleOpCount = 0;

42
src/zydis_wrapper/zydis_wrapper.vcxproj
View File

@ -69,23 +69,23 @@
<TargetExt>.lib</TargetExt>
<OutDir>$(ProjectDir)bin\x32\</OutDir>
<IntDir>$(Platform)\$(Configuration)\</IntDir>
<IncludePath>$(ProjectDir);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src;$(IncludePath)</IncludePath>
<IncludePath>$(ProjectDir)\Zydis;$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<TargetExt>.lib</TargetExt>
<OutDir>$(ProjectDir)bin\x64\</OutDir>
<IncludePath>$(ProjectDir);$(IncludePath);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src</IncludePath>
<IncludePath>$(ProjectDir)\Zydis;$(IncludePath);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<TargetExt>.lib</TargetExt>
<OutDir>$(ProjectDir)bin\x32d\</OutDir>
<IntDir>$(Platform)\$(Configuration)\</IntDir>
<IncludePath>$(ProjectDir);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src;$(IncludePath)</IncludePath>
<IncludePath>$(ProjectDir)\Zydis;$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src;$(IncludePath)</IncludePath>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<TargetExt>.lib</TargetExt>
<OutDir>$(ProjectDir)bin\x64d\</OutDir>
<IncludePath>$(ProjectDir);$(IncludePath);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src</IncludePath>
<IncludePath>$(ProjectDir)\Zydis;$(IncludePath);$(ProjectDir)\zydis\include;$(ProjectDir)\zydis\src</IncludePath>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
@ -138,32 +138,20 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="zydis\src\Decoder.c" />
<ClCompile Include="zydis\src\DecoderData.c" />
<ClCompile Include="zydis\src\Formatter.c" />
<ClCompile Include="zydis\src\MetaInfo.c" />
<ClCompile Include="zydis\src\Mnemonic.c" />
<ClCompile Include="zydis\src\Register.c" />
<ClCompile Include="zydis\src\SharedData.c" />
<ClCompile Include="zydis\src\String.c" />
<ClCompile Include="zydis\src\Utils.c" />
<ClCompile Include="zydis\src\Zydis.c" />
<ClCompile Include="Zydis\Zydis.c">
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">ZYCORE_STATIC_BUILD
;ZYDIS_STATIC_BUILD;_USING_V110_SDK71_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">ZYCORE_STATIC_BUILD
;ZYDIS_STATIC_BUILD;_USING_V110_SDK71_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ZYCORE_STATIC_BUILD
;ZYDIS_STATIC_BUILD;_USING_V110_SDK71_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">ZYCORE_STATIC_BUILD
;ZYDIS_STATIC_BUILD;_USING_V110_SDK71_;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<ClCompile Include="zydis_wrapper.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="zydis\include\Zydis\CommonTypes.h" />
<ClInclude Include="zydis\include\Zydis\Decoder.h" />
<ClInclude Include="zydis\include\Zydis\DecoderTypes.h" />
<ClInclude Include="zydis\include\Zydis\Defines.h" />
<ClInclude Include="zydis\include\Zydis\Formatter.h" />
<ClInclude Include="zydis\include\Zydis\MetaInfo.h" />
<ClInclude Include="zydis\include\Zydis\Mnemonic.h" />
<ClInclude Include="zydis\include\Zydis\Register.h" />
<ClInclude Include="zydis\include\Zydis\SharedTypes.h" />
<ClInclude Include="zydis\include\Zydis\Status.h" />
<ClInclude Include="zydis\include\Zydis\String.h" />
<ClInclude Include="zydis\include\Zydis\Utils.h" />
<ClInclude Include="zydis\include\Zydis\Zydis.h" />
<ClInclude Include="Zydis\Zydis.h" />
<ClInclude Include="zydis_wrapper.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

71
src/zydis_wrapper/zydis_wrapper.vcxproj.filters
View File

@ -10,44 +10,17 @@
<Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Header Files\Zydis">
<UniqueIdentifier>{0f43347f-70ba-4bf2-b8bc-ae1df066b27a}</UniqueIdentifier>
<UniqueIdentifier>{d1e8e1c5-c3ed-4cbc-9c1b-3bfd92076ef9}</UniqueIdentifier>
</Filter>
<Filter Include="Source Files\Zydis">
<UniqueIdentifier>{9b6d6e4c-4e1e-48b2-b8ba-1b926c7c7302}</UniqueIdentifier>
<UniqueIdentifier>{73179162-d6f3-49e8-af4f-73b5a24dbbcf}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="zydis_wrapper.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Decoder.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\DecoderData.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Formatter.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\MetaInfo.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Mnemonic.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Register.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\SharedData.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Utils.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\Zydis.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
<ClCompile Include="zydis\src\String.c">
<ClCompile Include="Zydis\Zydis.c">
<Filter>Source Files\Zydis</Filter>
</ClCompile>
</ItemGroup>
@ -55,43 +28,7 @@
<ClInclude Include="zydis_wrapper.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\CommonTypes.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Decoder.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\DecoderTypes.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Defines.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Formatter.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\MetaInfo.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Mnemonic.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Register.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\SharedTypes.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Status.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Utils.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\Zydis.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
<ClInclude Include="zydis\include\Zydis\String.h">
<ClInclude Include="Zydis\Zydis.h">
<Filter>Header Files\Zydis</Filter>
</ClInclude>
</ItemGroup>