1 /*************************************************************************************************** 2 3 Zyan Disassembler Library (Zydis) 4 5 Original Author : Florian Bernd 6 7 * Permission is hereby granted, free of charge, to any person obtaining a copy 8 * of this software and associated documentation files (the "Software"), to deal 9 * in the Software without restriction, including without limitation the rights 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 11 * copies of the Software, and to permit persons to whom the Software is 12 * furnished to do so, subject to the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be included in all 15 * copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 23 * SOFTWARE. 24 25 ***************************************************************************************************/ 26 27 /** 28 * @file 29 * Defines the basic `ZydisDecodedInstruction` and `ZydisDecodedOperand` structs. 30 */ 31 32 #ifndef ZYDIS_INSTRUCTIONINFO_H 33 #define ZYDIS_INSTRUCTIONINFO_H 34 35 #include <Zycore/Types.h> 36 #include <Zydis/MetaInfo.h> 37 #include <Zydis/Mnemonic.h> 38 #include <Zydis/Register.h> 39 #include <Zydis/SharedTypes.h> 40 41 #ifdef __cplusplus 42 extern "C" { 43 #endif 44 45 /* ============================================================================================== */ 46 /* Decoded operand */ 47 /* ============================================================================================== */ 48 49 /* ---------------------------------------------------------------------------------------------- */ 50 /* Operand attributes */ 51 /* ---------------------------------------------------------------------------------------------- */ 52 53 /** 54 * Defines the `ZydisOperandAttributes` data-type. 55 */ 56 typedef ZyanU8 ZydisOperandAttributes; 57 58 /** 59 * The operand is a `MULTISOURCE4` register operand. 60 * 61 * This is a special register operand-type used by `4FMAPS` instructions where the given register 62 * points to the first register of a register range (4 registers in total). 63 * 64 * Example: ZMM3 -> [ZMM3..ZMM6] 65 */ 66 #define ZYDIS_OATTRIB_IS_MULTISOURCE4 0x01 // (1 << 0) 67 68 /* ---------------------------------------------------------------------------------------------- */ 69 /* Memory type */ 70 /* ---------------------------------------------------------------------------------------------- */ 71 72 /** 73 * Defines the `ZydisMemoryOperandType` enum. 74 */ 75 typedef enum ZydisMemoryOperandType_ 76 { 77 ZYDIS_MEMOP_TYPE_INVALID, 78 /** 79 * Normal memory operand. 80 */ 81 ZYDIS_MEMOP_TYPE_MEM, 82 /** 83 * The memory operand is only used for address-generation. No real memory-access is 84 * caused. 85 */ 86 ZYDIS_MEMOP_TYPE_AGEN, 87 /** 88 * A memory operand using `SIB` addressing form, where the index register is not used 89 * in address calculation and scale is ignored. No real memory-access is caused. 90 */ 91 ZYDIS_MEMOP_TYPE_MIB, 92 /** 93 * A vector `SIB` memory addressing operand (`VSIB`). 94 */ 95 ZYDIS_MEMOP_TYPE_VSIB, 96 97 /** 98 * Maximum value of this enum. 99 */ 100 ZYDIS_MEMOP_TYPE_MAX_VALUE = ZYDIS_MEMOP_TYPE_VSIB, 101 /** 102 * The minimum number of bits required to represent all values of this enum. 103 */ 104 ZYDIS_MEMOP_TYPE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_MEMOP_TYPE_MAX_VALUE) 105 } ZydisMemoryOperandType; 106 107 /* ---------------------------------------------------------------------------------------------- */ 108 /* Decoded operand */ 109 /* ---------------------------------------------------------------------------------------------- */ 110 111 /** 112 * Extended info for register-operands. 113 */ 114 typedef struct ZydisDecodedOperandReg_ 115 { 116 /** 117 * The register value. 118 */ 119 ZydisRegister value; 120 } ZydisDecodedOperandReg; 121 122 /** 123 * Extended info for memory-operands. 124 */ 125 typedef struct ZydisDecodedOperandMem_ 126 { 127 /** 128 * The type of the memory operand. 129 */ 130 ZydisMemoryOperandType type; 131 /** 132 * The segment register. 133 */ 134 ZydisRegister segment; 135 /** 136 * The base register. 137 */ 138 ZydisRegister base; 139 /** 140 * The index register. 141 */ 142 ZydisRegister index; 143 /** 144 * The scale factor. 145 */ 146 ZyanU8 scale; 147 /** 148 * Extended info for memory-operands with displacement. 149 */ 150 struct ZydisDecodedOperandMemDisp_ 151 { 152 /** 153 * Signals, if the displacement value is used. 154 */ 155 ZyanBool has_displacement; 156 /** 157 * The displacement value 158 */ 159 ZyanI64 value; 160 } disp; 161 } ZydisDecodedOperandMem; 162 163 /** 164 * Extended info for pointer-operands. 165 */ 166 typedef struct ZydisDecodedOperandPtr_ 167 { 168 ZyanU16 segment; 169 ZyanU32 offset; 170 } ZydisDecodedOperandPtr; 171 172 /** 173 * Extended info for immediate-operands. 174 */ 175 typedef struct ZydisDecodedOperandImm_ 176 { 177 /** 178 * Signals, if the immediate value is signed. 179 */ 180 ZyanBool is_signed; 181 /** 182 * Signals, if the immediate value contains a relative offset. You can use 183 * `ZydisCalcAbsoluteAddress` to determine the absolute address value. 184 */ 185 ZyanBool is_relative; 186 /** 187 * The immediate value. 188 */ 189 union ZydisDecodedOperandImmValue_ 190 { 191 ZyanU64 u; 192 ZyanI64 s; 193 } value; 194 } ZydisDecodedOperandImm; 195 196 /** 197 * Defines the `ZydisDecodedOperand` struct. 198 */ 199 typedef struct ZydisDecodedOperand_ 200 { 201 /** 202 * The operand-id. 203 */ 204 ZyanU8 id; 205 /** 206 * The visibility of the operand. 207 */ 208 ZydisOperandVisibility visibility; 209 /** 210 * The operand-actions. 211 */ 212 ZydisOperandActions actions; 213 /** 214 * The operand-encoding. 215 */ 216 ZydisOperandEncoding encoding; 217 /** 218 * The logical size of the operand (in bits). 219 */ 220 ZyanU16 size; 221 /** 222 * The element-type. 223 */ 224 ZydisElementType element_type; 225 /** 226 * The size of a single element. 227 */ 228 ZydisElementSize element_size; 229 /** 230 * The number of elements. 231 */ 232 ZyanU16 element_count; 233 /* 234 * Additional operand attributes. 235 */ 236 ZydisOperandAttributes attributes; 237 /** 238 * The type of the operand. 239 */ 240 ZydisOperandType type; 241 /* 242 * Operand type specific information. 243 * 244 * The enabled union variant is determined by the `type` field. 245 */ 246 union 247 { 248 ZydisDecodedOperandReg reg; 249 ZydisDecodedOperandMem mem; 250 ZydisDecodedOperandPtr ptr; 251 ZydisDecodedOperandImm imm; 252 }; 253 } ZydisDecodedOperand; 254 255 /* ---------------------------------------------------------------------------------------------- */ 256 257 /* ============================================================================================== */ 258 /* Decoded instruction */ 259 /* ============================================================================================== */ 260 261 /* ---------------------------------------------------------------------------------------------- */ 262 /* CPU/FPU flags */ 263 /* ---------------------------------------------------------------------------------------------- */ 264 265 /** 266 * Defines the `ZydisAccessedFlagsMask` data-type. 267 */ 268 typedef ZyanU32 ZydisAccessedFlagsMask; 269 270 /** 271 * @defgroup decoder_cpu_flags CPU flags 272 * @ingroup decoder 273 * 274 * Constants used for testing CPU flags accessed by an instruction. 275 * 276 * @{ 277 */ 278 279 /** 280 * Carry flag. 281 */ 282 #define ZYDIS_CPUFLAG_CF (1ul << 0) 283 /** 284 * Parity flag. 285 */ 286 #define ZYDIS_CPUFLAG_PF (1ul << 2) 287 /** 288 * Adjust flag. 289 */ 290 #define ZYDIS_CPUFLAG_AF (1ul << 4) 291 /** 292 * Zero flag. 293 */ 294 #define ZYDIS_CPUFLAG_ZF (1ul << 6) 295 /** 296 * Sign flag. 297 */ 298 #define ZYDIS_CPUFLAG_SF (1ul << 7) 299 /** 300 * Trap flag. 301 */ 302 #define ZYDIS_CPUFLAG_TF (1ul << 8) 303 /** 304 * Interrupt enable flag. 305 */ 306 #define ZYDIS_CPUFLAG_IF (1ul << 9) 307 /** 308 * Direction flag. 309 */ 310 #define ZYDIS_CPUFLAG_DF (1ul << 10) 311 /** 312 * Overflow flag. 313 */ 314 #define ZYDIS_CPUFLAG_OF (1ul << 11) 315 /** 316 * I/O privilege level flag. 317 */ 318 #define ZYDIS_CPUFLAG_IOPL (1ul << 12) 319 /** 320 * Nested task flag. 321 */ 322 #define ZYDIS_CPUFLAG_NT (1ul << 14) 323 /** 324 * Resume flag. 325 */ 326 #define ZYDIS_CPUFLAG_RF (1ul << 16) 327 /** 328 * Virtual 8086 mode flag. 329 */ 330 #define ZYDIS_CPUFLAG_VM (1ul << 17) 331 /** 332 * Alignment check. 333 */ 334 #define ZYDIS_CPUFLAG_AC (1ul << 18) 335 /** 336 * Virtual interrupt flag. 337 */ 338 #define ZYDIS_CPUFLAG_VIF (1ul << 19) 339 /** 340 * Virtual interrupt pending. 341 */ 342 #define ZYDIS_CPUFLAG_VIP (1ul << 20) 343 /** 344 * Able to use CPUID instruction. 345 */ 346 #define ZYDIS_CPUFLAG_ID (1ul << 21) 347 348 /** 349 * @} 350 */ 351 352 /** 353 * @defgroup decoder_fpu_flags FPU flags 354 * @ingroup decoder 355 * 356 * Constants used for testing FPU flags accessed by an instruction. 357 * 358 * @{ 359 */ 360 361 /** 362 * FPU condition-code flag 0. 363 */ 364 #define ZYDIS_FPUFLAG_C0 (1ul << 0) 365 /** 366 * FPU condition-code flag 1. 367 */ 368 #define ZYDIS_FPUFLAG_C1 (1ul << 1) 369 /** 370 * FPU condition-code flag 2. 371 */ 372 #define ZYDIS_FPUFLAG_C2 (1ul << 2) 373 /** 374 * FPU condition-code flag 3. 375 */ 376 #define ZYDIS_FPUFLAG_C3 (1ul << 3) 377 378 /** 379 * @} 380 */ 381 382 /* 383 * Information about CPU/FPU flags accessed by the instruction. 384 */ 385 typedef struct ZydisAccessedFlags_ 386 { 387 /* 388 * As mask containing the flags `TESTED` by the instruction. 389 */ 390 ZydisAccessedFlagsMask tested; 391 /* 392 * As mask containing the flags `MODIFIED` by the instruction. 393 */ 394 ZydisAccessedFlagsMask modified; 395 /* 396 * As mask containing the flags `SET_0` by the instruction. 397 */ 398 ZydisAccessedFlagsMask set_0; 399 /* 400 * As mask containing the flags `SET_1` by the instruction. 401 */ 402 ZydisAccessedFlagsMask set_1; 403 /* 404 * As mask containing the flags `UNDEFINED` by the instruction. 405 */ 406 ZydisAccessedFlagsMask undefined; 407 } ZydisAccessedFlags; 408 409 /* ---------------------------------------------------------------------------------------------- */ 410 /* Branch types */ 411 /* ---------------------------------------------------------------------------------------------- */ 412 413 /** 414 * Defines the `ZydisBranchType` enum. 415 */ 416 typedef enum ZydisBranchType_ 417 { 418 /** 419 * The instruction is not a branch instruction. 420 */ 421 ZYDIS_BRANCH_TYPE_NONE, 422 /** 423 * The instruction is a short (8-bit) branch instruction. 424 */ 425 ZYDIS_BRANCH_TYPE_SHORT, 426 /** 427 * The instruction is a near (16-bit or 32-bit) branch instruction. 428 */ 429 ZYDIS_BRANCH_TYPE_NEAR, 430 /** 431 * The instruction is a far (inter-segment) branch instruction. 432 */ 433 ZYDIS_BRANCH_TYPE_FAR, 434 435 /** 436 * Maximum value of this enum. 437 */ 438 ZYDIS_BRANCH_TYPE_MAX_VALUE = ZYDIS_BRANCH_TYPE_FAR, 439 /** 440 * The minimum number of bits required to represent all values of this enum. 441 */ 442 ZYDIS_BRANCH_TYPE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_BRANCH_TYPE_MAX_VALUE) 443 } ZydisBranchType; 444 445 /* ---------------------------------------------------------------------------------------------- */ 446 /* SSE/AVX exception-class */ 447 /* ---------------------------------------------------------------------------------------------- */ 448 449 /** 450 * Defines the `ZydisExceptionClass` enum. 451 */ 452 typedef enum ZydisExceptionClass_ 453 { 454 ZYDIS_EXCEPTION_CLASS_NONE, 455 // TODO: FP Exceptions 456 ZYDIS_EXCEPTION_CLASS_SSE1, 457 ZYDIS_EXCEPTION_CLASS_SSE2, 458 ZYDIS_EXCEPTION_CLASS_SSE3, 459 ZYDIS_EXCEPTION_CLASS_SSE4, 460 ZYDIS_EXCEPTION_CLASS_SSE5, 461 ZYDIS_EXCEPTION_CLASS_SSE7, 462 ZYDIS_EXCEPTION_CLASS_AVX1, 463 ZYDIS_EXCEPTION_CLASS_AVX2, 464 ZYDIS_EXCEPTION_CLASS_AVX3, 465 ZYDIS_EXCEPTION_CLASS_AVX4, 466 ZYDIS_EXCEPTION_CLASS_AVX5, 467 ZYDIS_EXCEPTION_CLASS_AVX6, 468 ZYDIS_EXCEPTION_CLASS_AVX7, 469 ZYDIS_EXCEPTION_CLASS_AVX8, 470 ZYDIS_EXCEPTION_CLASS_AVX11, 471 ZYDIS_EXCEPTION_CLASS_AVX12, 472 ZYDIS_EXCEPTION_CLASS_E1, 473 ZYDIS_EXCEPTION_CLASS_E1NF, 474 ZYDIS_EXCEPTION_CLASS_E2, 475 ZYDIS_EXCEPTION_CLASS_E2NF, 476 ZYDIS_EXCEPTION_CLASS_E3, 477 ZYDIS_EXCEPTION_CLASS_E3NF, 478 ZYDIS_EXCEPTION_CLASS_E4, 479 ZYDIS_EXCEPTION_CLASS_E4NF, 480 ZYDIS_EXCEPTION_CLASS_E5, 481 ZYDIS_EXCEPTION_CLASS_E5NF, 482 ZYDIS_EXCEPTION_CLASS_E6, 483 ZYDIS_EXCEPTION_CLASS_E6NF, 484 ZYDIS_EXCEPTION_CLASS_E7NM, 485 ZYDIS_EXCEPTION_CLASS_E7NM128, 486 ZYDIS_EXCEPTION_CLASS_E9NF, 487 ZYDIS_EXCEPTION_CLASS_E10, 488 ZYDIS_EXCEPTION_CLASS_E10NF, 489 ZYDIS_EXCEPTION_CLASS_E11, 490 ZYDIS_EXCEPTION_CLASS_E11NF, 491 ZYDIS_EXCEPTION_CLASS_E12, 492 ZYDIS_EXCEPTION_CLASS_E12NP, 493 ZYDIS_EXCEPTION_CLASS_K20, 494 ZYDIS_EXCEPTION_CLASS_K21, 495 ZYDIS_EXCEPTION_CLASS_AMXE1, 496 ZYDIS_EXCEPTION_CLASS_AMXE2, 497 ZYDIS_EXCEPTION_CLASS_AMXE3, 498 ZYDIS_EXCEPTION_CLASS_AMXE4, 499 ZYDIS_EXCEPTION_CLASS_AMXE5, 500 ZYDIS_EXCEPTION_CLASS_AMXE6, 501 502 /** 503 * Maximum value of this enum. 504 */ 505 ZYDIS_EXCEPTION_CLASS_MAX_VALUE = ZYDIS_EXCEPTION_CLASS_AMXE6, 506 /** 507 * The minimum number of bits required to represent all values of this enum. 508 */ 509 ZYDIS_EXCEPTION_CLASS_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_EXCEPTION_CLASS_MAX_VALUE) 510 } ZydisExceptionClass; 511 512 /* ---------------------------------------------------------------------------------------------- */ 513 /* AVX mask mode */ 514 /* ---------------------------------------------------------------------------------------------- */ 515 516 /** 517 * Defines the `ZydisMaskMode` enum. 518 */ 519 typedef enum ZydisMaskMode_ 520 { 521 ZYDIS_MASK_MODE_INVALID, 522 /** 523 * Masking is disabled for the current instruction (`K0` register is used). 524 */ 525 ZYDIS_MASK_MODE_DISABLED, 526 /** 527 * The embedded mask register is used as a merge-mask. 528 */ 529 ZYDIS_MASK_MODE_MERGING, 530 /** 531 * The embedded mask register is used as a zero-mask. 532 */ 533 ZYDIS_MASK_MODE_ZEROING, 534 /** 535 * The embedded mask register is used as a control-mask (element selector). 536 */ 537 ZYDIS_MASK_MODE_CONTROL, 538 /** 539 * The embedded mask register is used as a zeroing control-mask (element selector). 540 */ 541 ZYDIS_MASK_MODE_CONTROL_ZEROING, 542 543 /** 544 * Maximum value of this enum. 545 */ 546 ZYDIS_MASK_MODE_MAX_VALUE = ZYDIS_MASK_MODE_CONTROL_ZEROING, 547 /** 548 * The minimum number of bits required to represent all values of this enum. 549 */ 550 ZYDIS_MASK_MODE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_MASK_MODE_MAX_VALUE) 551 } ZydisMaskMode; 552 553 /* ---------------------------------------------------------------------------------------------- */ 554 /* AVX broadcast-mode */ 555 /* ---------------------------------------------------------------------------------------------- */ 556 557 /** 558 * Defines the `ZydisBroadcastMode` enum. 559 */ 560 typedef enum ZydisBroadcastMode_ 561 { 562 ZYDIS_BROADCAST_MODE_INVALID, 563 ZYDIS_BROADCAST_MODE_1_TO_2, 564 ZYDIS_BROADCAST_MODE_1_TO_4, 565 ZYDIS_BROADCAST_MODE_1_TO_8, 566 ZYDIS_BROADCAST_MODE_1_TO_16, 567 ZYDIS_BROADCAST_MODE_1_TO_32, 568 ZYDIS_BROADCAST_MODE_1_TO_64, 569 ZYDIS_BROADCAST_MODE_2_TO_4, 570 ZYDIS_BROADCAST_MODE_2_TO_8, 571 ZYDIS_BROADCAST_MODE_2_TO_16, 572 ZYDIS_BROADCAST_MODE_4_TO_8, 573 ZYDIS_BROADCAST_MODE_4_TO_16, 574 ZYDIS_BROADCAST_MODE_8_TO_16, 575 576 /** 577 * Maximum value of this enum. 578 */ 579 ZYDIS_BROADCAST_MODE_MAX_VALUE = ZYDIS_BROADCAST_MODE_8_TO_16, 580 /** 581 * The minimum number of bits required to represent all values of this enum. 582 */ 583 ZYDIS_BROADCAST_MODE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_BROADCAST_MODE_MAX_VALUE) 584 } ZydisBroadcastMode; 585 586 /* ---------------------------------------------------------------------------------------------- */ 587 /* AVX rounding-mode */ 588 /* ---------------------------------------------------------------------------------------------- */ 589 590 /** 591 * Defines the `ZydisRoundingMode` enum. 592 */ 593 typedef enum ZydisRoundingMode_ 594 { 595 ZYDIS_ROUNDING_MODE_INVALID, 596 /** 597 * Round to nearest. 598 */ 599 ZYDIS_ROUNDING_MODE_RN, 600 /** 601 * Round down. 602 */ 603 ZYDIS_ROUNDING_MODE_RD, 604 /** 605 * Round up. 606 */ 607 ZYDIS_ROUNDING_MODE_RU, 608 /** 609 * Round towards zero. 610 */ 611 ZYDIS_ROUNDING_MODE_RZ, 612 613 /** 614 * Maximum value of this enum. 615 */ 616 ZYDIS_ROUNDING_MODE_MAX_VALUE = ZYDIS_ROUNDING_MODE_RZ, 617 /** 618 * The minimum number of bits required to represent all values of this enum. 619 */ 620 ZYDIS_ROUNDING_MODE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_ROUNDING_MODE_MAX_VALUE) 621 } ZydisRoundingMode; 622 623 /* ---------------------------------------------------------------------------------------------- */ 624 /* KNC swizzle-mode */ 625 /* ---------------------------------------------------------------------------------------------- */ 626 627 /** 628 * Defines the `ZydisSwizzleMode` enum. 629 */ 630 typedef enum ZydisSwizzleMode_ 631 { 632 ZYDIS_SWIZZLE_MODE_INVALID, 633 ZYDIS_SWIZZLE_MODE_DCBA, 634 ZYDIS_SWIZZLE_MODE_CDAB, 635 ZYDIS_SWIZZLE_MODE_BADC, 636 ZYDIS_SWIZZLE_MODE_DACB, 637 ZYDIS_SWIZZLE_MODE_AAAA, 638 ZYDIS_SWIZZLE_MODE_BBBB, 639 ZYDIS_SWIZZLE_MODE_CCCC, 640 ZYDIS_SWIZZLE_MODE_DDDD, 641 642 /** 643 * Maximum value of this enum. 644 */ 645 ZYDIS_SWIZZLE_MODE_MAX_VALUE = ZYDIS_SWIZZLE_MODE_DDDD, 646 /** 647 * The minimum number of bits required to represent all values of this enum. 648 */ 649 ZYDIS_SWIZZLE_MODE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_SWIZZLE_MODE_MAX_VALUE) 650 } ZydisSwizzleMode; 651 652 /* ---------------------------------------------------------------------------------------------- */ 653 /* KNC conversion-mode */ 654 /* ---------------------------------------------------------------------------------------------- */ 655 656 /** 657 * Defines the `ZydisConversionMode` enum. 658 */ 659 typedef enum ZydisConversionMode_ 660 { 661 ZYDIS_CONVERSION_MODE_INVALID, 662 ZYDIS_CONVERSION_MODE_FLOAT16, 663 ZYDIS_CONVERSION_MODE_SINT8, 664 ZYDIS_CONVERSION_MODE_UINT8, 665 ZYDIS_CONVERSION_MODE_SINT16, 666 ZYDIS_CONVERSION_MODE_UINT16, 667 668 /** 669 * Maximum value of this enum. 670 */ 671 ZYDIS_CONVERSION_MODE_MAX_VALUE = ZYDIS_CONVERSION_MODE_UINT16, 672 /** 673 * The minimum number of bits required to represent all values of this enum. 674 */ 675 ZYDIS_CONVERSION_MODE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_CONVERSION_MODE_MAX_VALUE) 676 } ZydisConversionMode; 677 678 /* ---------------------------------------------------------------------------------------------- */ 679 /* Legacy prefix type */ 680 /* ---------------------------------------------------------------------------------------------- */ 681 682 /** 683 * Defines the `ZydisPrefixType` enum. 684 */ 685 typedef enum ZydisPrefixType_ 686 { 687 /** 688 * The prefix is ignored by the instruction. 689 * 690 * This applies to all prefixes that are not accepted by the instruction in general or the 691 * ones that are overwritten by a prefix of the same group closer to the instruction opcode. 692 */ 693 ZYDIS_PREFIX_TYPE_IGNORED, 694 /** 695 * The prefix is effectively used by the instruction. 696 */ 697 ZYDIS_PREFIX_TYPE_EFFECTIVE, 698 /** 699 * The prefix is used as a mandatory prefix. 700 * 701 * A mandatory prefix is interpreted as an opcode extension and has no further effect on the 702 * instruction. 703 */ 704 ZYDIS_PREFIX_TYPE_MANDATORY, 705 706 /** 707 * Maximum value of this enum. 708 */ 709 ZYDIS_PREFIX_TYPE_MAX_VALUE = ZYDIS_PREFIX_TYPE_MANDATORY, 710 /** 711 * The minimum number of bits required to represent all values of this enum. 712 */ 713 ZYDIS_PREFIX_TYPE_REQUIRED_BITS = ZYAN_BITS_TO_REPRESENT(ZYDIS_PREFIX_TYPE_MAX_VALUE) 714 } ZydisPrefixType; 715 716 // TODO: Check effective for 66/67 prefixes (currently defaults to EFFECTIVE) 717 718 /* ---------------------------------------------------------------------------------------------- */ 719 /* Decoded instruction */ 720 /* ---------------------------------------------------------------------------------------------- */ 721 722 /** 723 * Detailed info about the `REX` prefix. 724 */ 725 typedef struct ZydisDecodedInstructionRawRex_ 726 { 727 /** 728 * 64-bit operand-size promotion. 729 */ 730 ZyanU8 W; 731 /** 732 * Extension of the `ModRM.reg` field. 733 */ 734 ZyanU8 R; 735 /** 736 * Extension of the `SIB.index` field. 737 */ 738 ZyanU8 X; 739 /** 740 * Extension of the `ModRM.rm`, `SIB.base`, or `opcode.reg` field. 741 */ 742 ZyanU8 B; 743 /** 744 * The offset of the effective `REX` byte, relative to the beginning of the 745 * instruction, in bytes. 746 * 747 * This offset always points to the "effective" `REX` prefix (the one closest to the 748 * instruction opcode), if multiple `REX` prefixes are present. 749 * 750 * Note that the `REX` byte can be the first byte of the instruction, which would lead 751 * to an offset of `0`. Please refer to the instruction attributes to check for the 752 * presence of the `REX` prefix. 753 */ 754 ZyanU8 offset; 755 } ZydisDecodedInstructionRawRex; 756 757 /** 758 * Detailed info about the `XOP` prefix. 759 */ 760 typedef struct ZydisDecodedInstructionRawXop_ 761 { 762 /** 763 * Extension of the `ModRM.reg` field (inverted). 764 */ 765 ZyanU8 R; 766 /** 767 * Extension of the `SIB.index` field (inverted). 768 */ 769 ZyanU8 X; 770 /** 771 * Extension of the `ModRM.rm`, `SIB.base`, or `opcode.reg` field (inverted). 772 */ 773 ZyanU8 B; 774 /** 775 * Opcode-map specifier. 776 */ 777 ZyanU8 m_mmmm; 778 /** 779 * 64-bit operand-size promotion or opcode-extension. 780 */ 781 ZyanU8 W; 782 /** 783 * `NDS`/`NDD` (non-destructive-source/destination) register 784 * specifier (inverted). 785 */ 786 ZyanU8 vvvv; 787 /** 788 * Vector-length specifier. 789 */ 790 ZyanU8 L; 791 /** 792 * Compressed legacy prefix. 793 */ 794 ZyanU8 pp; 795 /** 796 * The offset of the first xop byte, relative to the beginning of 797 * the instruction, in bytes. 798 */ 799 ZyanU8 offset; 800 } ZydisDecodedInstructionRawXop; 801 802 /** 803 * Detailed info about the `VEX` prefix. 804 */ 805 typedef struct ZydisDecodedInstructionRawVex_ 806 { 807 /** 808 * Extension of the `ModRM.reg` field (inverted). 809 */ 810 ZyanU8 R; 811 /** 812 * Extension of the `SIB.index` field (inverted). 813 */ 814 ZyanU8 X; 815 /** 816 * Extension of the `ModRM.rm`, `SIB.base`, or `opcode.reg` field (inverted). 817 */ 818 ZyanU8 B; 819 /** 820 * Opcode-map specifier. 821 */ 822 ZyanU8 m_mmmm; 823 /** 824 * 64-bit operand-size promotion or opcode-extension. 825 */ 826 ZyanU8 W; 827 /** 828 * `NDS`/`NDD` (non-destructive-source/destination) register specifier 829 * (inverted). 830 */ 831 ZyanU8 vvvv; 832 /** 833 * Vector-length specifier. 834 */ 835 ZyanU8 L; 836 /** 837 * Compressed legacy prefix. 838 */ 839 ZyanU8 pp; 840 /** 841 * The offset of the first `VEX` byte, relative to the beginning of the instruction, in 842 * bytes. 843 */ 844 ZyanU8 offset; 845 /** 846 * The size of the `VEX` prefix, in bytes. 847 */ 848 ZyanU8 size; 849 } ZydisDecodedInstructionRawVex; 850 851 /** 852 * Detailed info about the `EVEX` prefix. 853 */ 854 typedef struct ZydisDecodedInstructionRawEvex 855 { 856 /** 857 * Extension of the `ModRM.reg` field (inverted). 858 */ 859 ZyanU8 R; 860 /** 861 * Extension of the `SIB.index/vidx` field (inverted). 862 */ 863 ZyanU8 X; 864 /** 865 * Extension of the `ModRM.rm` or `SIB.base` field (inverted). 866 */ 867 ZyanU8 B; 868 /** 869 * High-16 register specifier modifier (inverted). 870 */ 871 ZyanU8 R2; 872 /** 873 * Opcode-map specifier. 874 */ 875 ZyanU8 mmm; 876 /** 877 * 64-bit operand-size promotion or opcode-extension. 878 */ 879 ZyanU8 W; 880 /** 881 * `NDS`/`NDD` (non-destructive-source/destination) register specifier 882 * (inverted). 883 */ 884 ZyanU8 vvvv; 885 /** 886 * Compressed legacy prefix. 887 */ 888 ZyanU8 pp; 889 /** 890 * Zeroing/Merging. 891 */ 892 ZyanU8 z; 893 /** 894 * Vector-length specifier or rounding-control (most significant bit). 895 */ 896 ZyanU8 L2; 897 /** 898 * Vector-length specifier or rounding-control (least significant bit). 899 */ 900 ZyanU8 L; 901 /** 902 * Broadcast/RC/SAE context. 903 */ 904 ZyanU8 b; 905 /** 906 * High-16 `NDS`/`VIDX` register specifier. 907 */ 908 ZyanU8 V2; 909 /** 910 * Embedded opmask register specifier. 911 */ 912 ZyanU8 aaa; 913 /** 914 * The offset of the first evex byte, relative to the beginning of the 915 * instruction, in bytes. 916 */ 917 ZyanU8 offset; 918 } ZydisDecodedInstructionRawEvex; 919 920 /** 921 * Detailed info about the `MVEX` prefix. 922 */ 923 typedef struct ZydisDecodedInstructionRawMvex_ 924 { 925 /** 926 * Extension of the `ModRM.reg` field (inverted). 927 */ 928 ZyanU8 R; 929 /** 930 * Extension of the `SIB.index/vidx` field (inverted). 931 */ 932 ZyanU8 X; 933 /** 934 * Extension of the `ModRM.rm` or `SIB.base` field (inverted). 935 */ 936 ZyanU8 B; 937 /** 938 * High-16 register specifier modifier (inverted). 939 */ 940 ZyanU8 R2; 941 /** 942 * Opcode-map specifier. 943 */ 944 ZyanU8 mmmm; 945 /** 946 * 64-bit operand-size promotion or opcode-extension. 947 */ 948 ZyanU8 W; 949 /** 950 * `NDS`/`NDD` (non-destructive-source/destination) register specifier 951 * (inverted). 952 */ 953 ZyanU8 vvvv; 954 /** 955 * Compressed legacy prefix. 956 */ 957 ZyanU8 pp; 958 /** 959 * Non-temporal/eviction hint. 960 */ 961 ZyanU8 E; 962 /** 963 * Swizzle/broadcast/up-convert/down-convert/static-rounding controls. 964 */ 965 ZyanU8 SSS; 966 /** 967 * High-16 `NDS`/`VIDX` register specifier. 968 */ 969 ZyanU8 V2; 970 /** 971 * Embedded opmask register specifier. 972 */ 973 ZyanU8 kkk; 974 /** 975 * The offset of the first mvex byte, relative to the beginning of the 976 * instruction, in bytes. 977 */ 978 ZyanU8 offset; 979 } ZydisDecodedInstructionRawMvex; 980 981 /** 982 * Extended info for `AVX` instructions. 983 */ 984 typedef struct ZydisDecodedInstructionAvx_ 985 { 986 /** 987 * The `AVX` vector-length. 988 */ 989 ZyanU16 vector_length; 990 /** 991 * Info about the embedded writemask-register (`AVX-512` and `KNC` only). 992 */ 993 struct ZydisDecodedInstructionAvxMask_ 994 { 995 /** 996 * The masking mode. 997 */ 998 ZydisMaskMode mode; 999 /** 1000 * The mask register. 1001 */ 1002 ZydisRegister reg; 1003 } mask; 1004 /** 1005 * Contains info about the `AVX` broadcast. 1006 */ 1007 struct ZydisDecodedInstructionAvxBroadcast_ 1008 { 1009 /** 1010 * Signals, if the broadcast is a static broadcast. 1011 * 1012 * This is the case for instructions with inbuilt broadcast functionality, which is 1013 * always active and not controlled by the `EVEX/MVEX.RC` bits. 1014 */ 1015 ZyanBool is_static; 1016 /** 1017 * The `AVX` broadcast-mode. 1018 */ 1019 ZydisBroadcastMode mode; 1020 } broadcast; 1021 /** 1022 * Contains info about the `AVX` rounding. 1023 */ 1024 struct ZydisDecodedInstructionAvxRounding_ 1025 { 1026 /** 1027 * The `AVX` rounding-mode. 1028 */ 1029 ZydisRoundingMode mode; 1030 } rounding; 1031 /** 1032 * Contains info about the `AVX` register-swizzle (`KNC` only). 1033 */ 1034 struct ZydisDecodedInstructionAvxSwizzle_ 1035 { 1036 /** 1037 * The `AVX` register-swizzle mode. 1038 */ 1039 ZydisSwizzleMode mode; 1040 } swizzle; 1041 /** 1042 * Contains info about the `AVX` data-conversion (`KNC` only). 1043 */ 1044 struct ZydisDecodedInstructionAvxConversion_ 1045 { 1046 /** 1047 * The `AVX` data-conversion mode. 1048 */ 1049 ZydisConversionMode mode; 1050 } conversion; 1051 /** 1052 * Signals, if the `SAE` (suppress-all-exceptions) functionality is 1053 * enabled for the instruction. 1054 */ 1055 ZyanBool has_sae; 1056 /** 1057 * Signals, if the instruction has a memory-eviction-hint (`KNC` only). 1058 */ 1059 ZyanBool has_eviction_hint; 1060 // TODO: publish EVEX tuple-type and MVEX functionality 1061 } ZydisDecodedInstructionAvx; 1062 1063 /** 1064 * Instruction meta info. 1065 */ 1066 typedef struct ZydisDecodedInstructionMeta_ 1067 { 1068 /** 1069 * The instruction category. 1070 */ 1071 ZydisInstructionCategory category; 1072 /** 1073 * The ISA-set. 1074 */ 1075 ZydisISASet isa_set; 1076 /** 1077 * The ISA-set extension. 1078 */ 1079 ZydisISAExt isa_ext; 1080 /** 1081 * The branch type. 1082 */ 1083 ZydisBranchType branch_type; 1084 /** 1085 * The exception class. 1086 */ 1087 ZydisExceptionClass exception_class; 1088 } ZydisDecodedInstructionMeta; 1089 1090 /** 1091 * Detailed info about different instruction-parts like `ModRM`, `SIB` or 1092 * encoding-prefixes. 1093 */ 1094 typedef struct ZydisDecodedInstructionRaw_ 1095 { 1096 /** 1097 * The number of legacy prefixes. 1098 */ 1099 ZyanU8 prefix_count; 1100 /** 1101 * Detailed info about the legacy prefixes (including `REX`). 1102 */ 1103 struct ZydisDecodedInstructionRawPrefixes_ 1104 { 1105 /** 1106 * The prefix type. 1107 */ 1108 ZydisPrefixType type; 1109 /** 1110 * The prefix byte. 1111 */ 1112 ZyanU8 value; 1113 } prefixes[ZYDIS_MAX_INSTRUCTION_LENGTH]; 1114 1115 /* 1116 * Copy of the `encoding` field. 1117 * 1118 * This is here to allow the Rust bindings to treat the following union as an `enum`, 1119 * sparing us a lot of unsafe code. Prefer using the regular `encoding` field in C/C++ code. 1120 */ 1121 ZydisInstructionEncoding encoding2; 1122 /* 1123 * Union for things from various mutually exclusive encodings. 1124 */ 1125 union 1126 { 1127 ZydisDecodedInstructionRawRex rex; 1128 ZydisDecodedInstructionRawXop xop; 1129 ZydisDecodedInstructionRawVex vex; 1130 ZydisDecodedInstructionRawEvex evex; 1131 ZydisDecodedInstructionRawMvex mvex; 1132 }; 1133 1134 /** 1135 * Detailed info about the `ModRM` byte. 1136 */ 1137 struct ZydisDecodedInstructionModRm_ 1138 { 1139 /** 1140 * The addressing mode. 1141 */ 1142 ZyanU8 mod; 1143 /** 1144 * Register specifier or opcode-extension. 1145 */ 1146 ZyanU8 reg; 1147 /** 1148 * Register specifier or opcode-extension. 1149 */ 1150 ZyanU8 rm; 1151 /** 1152 * The offset of the `ModRM` byte, relative to the beginning of the 1153 * instruction, in bytes. 1154 */ 1155 ZyanU8 offset; 1156 } modrm; 1157 /** 1158 * Detailed info about the `SIB` byte. 1159 */ 1160 struct ZydisDecodedInstructionRawSib_ 1161 { 1162 /** 1163 * The scale factor. 1164 */ 1165 ZyanU8 scale; 1166 /** 1167 * The index-register specifier. 1168 */ 1169 ZyanU8 index; 1170 /** 1171 * The base-register specifier. 1172 */ 1173 ZyanU8 base; 1174 /** 1175 * The offset of the `SIB` byte, relative to the beginning of the 1176 * instruction, in bytes. 1177 */ 1178 ZyanU8 offset; 1179 } sib; 1180 /** 1181 * Detailed info about displacement-bytes. 1182 */ 1183 struct ZydisDecodedInstructionRawDisp_ 1184 { 1185 /** 1186 * The displacement value 1187 */ 1188 ZyanI64 value; 1189 /** 1190 * The physical displacement size, in bits. 1191 */ 1192 ZyanU8 size; 1193 // TODO: publish cd8 scale 1194 /** 1195 * The offset of the displacement data, relative to the beginning of the 1196 * instruction, in bytes. 1197 */ 1198 ZyanU8 offset; 1199 } disp; 1200 /** 1201 * Detailed info about immediate-bytes. 1202 */ 1203 struct ZydisDecodedInstructionRawImm_ 1204 { 1205 /** 1206 * Signals, if the immediate value is signed. 1207 */ 1208 ZyanBool is_signed; 1209 /** 1210 * Signals, if the immediate value contains a relative offset. You can use 1211 * `ZydisCalcAbsoluteAddress` to determine the absolute address value. 1212 */ 1213 ZyanBool is_relative; 1214 /** 1215 * The immediate value. 1216 */ 1217 union ZydisDecodedInstructionRawImmValue_ 1218 { 1219 ZyanU64 u; 1220 ZyanI64 s; 1221 } value; 1222 /** 1223 * The physical immediate size, in bits. 1224 */ 1225 ZyanU8 size; 1226 /** 1227 * The offset of the immediate data, relative to the beginning of the 1228 * instruction, in bytes. 1229 */ 1230 ZyanU8 offset; 1231 } imm[2]; 1232 } ZydisDecodedInstructionRaw; 1233 1234 /** 1235 * Information about a decoded instruction. 1236 */ 1237 typedef struct ZydisDecodedInstruction_ 1238 { 1239 /** 1240 * The machine mode used to decode this instruction. 1241 */ 1242 ZydisMachineMode machine_mode; 1243 /** 1244 * The instruction-mnemonic. 1245 */ 1246 ZydisMnemonic mnemonic; 1247 /** 1248 * The length of the decoded instruction. 1249 */ 1250 ZyanU8 length; 1251 /** 1252 * The instruction-encoding (`LEGACY`, `3DNOW`, `VEX`, `EVEX`, `XOP`). 1253 */ 1254 ZydisInstructionEncoding encoding; 1255 /** 1256 * The opcode-map. 1257 */ 1258 ZydisOpcodeMap opcode_map; 1259 /** 1260 * The instruction-opcode. 1261 */ 1262 ZyanU8 opcode; 1263 /** 1264 * The stack width. 1265 */ 1266 ZyanU8 stack_width; 1267 /** 1268 * The effective operand width. 1269 */ 1270 ZyanU8 operand_width; 1271 /** 1272 * The effective address width. 1273 */ 1274 ZyanU8 address_width; 1275 /** 1276 * The number of instruction-operands. 1277 * 1278 * Explicit and implicit operands are guaranteed to be in the front and ordered as they are 1279 * printed by the formatter in `Intel` mode. No assumptions can be made about the order of 1280 * hidden operands, except that they always located behind the explicit and implicit operands. 1281 */ 1282 ZyanU8 operand_count; 1283 /** 1284 * The number of explicit (visible) instruction-operands. 1285 * 1286 * Explicit and implicit operands are guaranteed to be in the front and ordered as they are 1287 * printed by the formatter in `Intel` mode. 1288 */ 1289 ZyanU8 operand_count_visible; 1290 /** 1291 * See @ref instruction_attributes. 1292 */ 1293 ZydisInstructionAttributes attributes; 1294 /** 1295 * Information about CPU flags accessed by the instruction. 1296 * 1297 * The bits in the masks correspond to the actual bits in the `FLAGS/EFLAGS/RFLAGS` 1298 * register. See @ref decoder_cpu_flags. 1299 */ 1300 const ZydisAccessedFlags* cpu_flags; 1301 /** 1302 * Information about FPU flags accessed by the instruction. 1303 * 1304 * See @ref decoder_fpu_flags. 1305 */ 1306 const ZydisAccessedFlags* fpu_flags; 1307 /** 1308 * Extended info for `AVX` instructions. 1309 */ 1310 ZydisDecodedInstructionAvx avx; 1311 /** 1312 * Meta info. 1313 */ 1314 ZydisDecodedInstructionMeta meta; 1315 /** 1316 * Detailed info about different instruction-parts like `ModRM`, `SIB` or 1317 * encoding-prefixes. 1318 */ 1319 ZydisDecodedInstructionRaw raw; 1320 } ZydisDecodedInstruction; 1321 1322 /* ---------------------------------------------------------------------------------------------- */ 1323 /* Decoder context */ 1324 /* ---------------------------------------------------------------------------------------------- */ 1325 1326 /** 1327 * The decoder context is used to preserve some internal state between subsequent decode 1328 * operations for THE SAME instruction. 1329 * 1330 * The context is initialized by @c ZydisDecoderDecodeInstruction and required by e.g. 1331 * @c ZydisDecoderDecodeOperands. 1332 * 1333 * All fields in this struct should be considered as "private". Any changes may lead to unexpected 1334 * behavior. 1335 * 1336 * This struct is neither ABI nor API stable! 1337 */ 1338 typedef struct ZydisDecoderContext_ 1339 { 1340 /** 1341 * A pointer to the internal instruction definition. 1342 */ 1343 const void* definition; 1344 /** 1345 * Contains the effective operand-size index. 1346 * 1347 * 0 = 16 bit, 1 = 32 bit, 2 = 64 bit 1348 */ 1349 ZyanU8 eosz_index; 1350 /** 1351 * Contains the effective address-size index. 1352 * 1353 * 0 = 16 bit, 1 = 32 bit, 2 = 64 bit 1354 */ 1355 ZyanU8 easz_index; 1356 /** 1357 * Contains some cached REX/XOP/VEX/EVEX/MVEX values to provide uniform access. 1358 */ 1359 struct 1360 { 1361 ZyanU8 W; 1362 ZyanU8 R; 1363 ZyanU8 X; 1364 ZyanU8 B; 1365 ZyanU8 L; 1366 ZyanU8 LL; 1367 ZyanU8 R2; 1368 ZyanU8 V2; 1369 ZyanU8 vvvv; 1370 ZyanU8 mask; 1371 } vector_unified; 1372 /** 1373 * Information about encoded operand registers. 1374 */ 1375 struct 1376 { 1377 /** 1378 * Signals if the `modrm.mod == 3` or `reg` form is forced for the instruction. 1379 */ 1380 ZyanBool is_mod_reg; 1381 /** 1382 * The final register id for the `reg` encoded register. 1383 */ 1384 ZyanU8 id_reg; 1385 /** 1386 * The final register id for the `rm` encoded register. 1387 * 1388 * This value is only set, if a register is encoded in `modrm.rm`. 1389 */ 1390 ZyanU8 id_rm; 1391 /** 1392 * The final register id for the `ndsndd` (`.vvvv`) encoded register. 1393 */ 1394 ZyanU8 id_ndsndd; 1395 /** 1396 * The final register id for the base register. 1397 * 1398 * This value is only set, if a memory operand is encoded in `modrm.rm`. 1399 */ 1400 ZyanU8 id_base; 1401 /** 1402 * The final register id for the index register. 1403 * 1404 * This value is only set, if a memory operand is encoded in `modrm.rm` and the `SIB` byte 1405 * is present. 1406 */ 1407 ZyanU8 id_index; 1408 } reg_info; 1409 /** 1410 * Internal EVEX-specific information. 1411 */ 1412 struct 1413 { 1414 /** 1415 * The EVEX tuple-type. 1416 */ 1417 ZyanU8 tuple_type; 1418 /** 1419 * The EVEX element-size. 1420 */ 1421 ZyanU8 element_size; 1422 } evex; 1423 /** 1424 * Internal MVEX-specific information. 1425 */ 1426 struct 1427 { 1428 /** 1429 * The MVEX functionality. 1430 */ 1431 ZyanU8 functionality; 1432 } mvex; 1433 /** 1434 * The scale factor for EVEX/MVEX compressed 8-bit displacement values. 1435 */ 1436 ZyanU8 cd8_scale; // TODO: Could make sense to expose this in the ZydisDecodedInstruction 1437 } ZydisDecoderContext; 1438 1439 /* ---------------------------------------------------------------------------------------------- */ 1440 1441 /* ============================================================================================== */ 1442 1443 #ifdef __cplusplus 1444 } 1445 #endif 1446 1447 #endif /* ZYDIS_INSTRUCTIONINFO_H */ 1448