1*1003e004SJérôme Duval /***************************************************************************************************
2*1003e004SJérôme Duval
3*1003e004SJérôme Duval Zyan Disassembler Library (Zydis)
4*1003e004SJérôme Duval
5*1003e004SJérôme Duval Original Author : Florian Bernd
6*1003e004SJérôme Duval
7*1003e004SJérôme Duval * Permission is hereby granted, free of charge, to any person obtaining a copy
8*1003e004SJérôme Duval * of this software and associated documentation files (the "Software"), to deal
9*1003e004SJérôme Duval * in the Software without restriction, including without limitation the rights
10*1003e004SJérôme Duval * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11*1003e004SJérôme Duval * copies of the Software, and to permit persons to whom the Software is
12*1003e004SJérôme Duval * furnished to do so, subject to the following conditions:
13*1003e004SJérôme Duval *
14*1003e004SJérôme Duval * The above copyright notice and this permission notice shall be included in all
15*1003e004SJérôme Duval * copies or substantial portions of the Software.
16*1003e004SJérôme Duval *
17*1003e004SJérôme Duval * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18*1003e004SJérôme Duval * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19*1003e004SJérôme Duval * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20*1003e004SJérôme Duval * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21*1003e004SJérôme Duval * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22*1003e004SJérôme Duval * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23*1003e004SJérôme Duval * SOFTWARE.
24*1003e004SJérôme Duval
25*1003e004SJérôme Duval ***************************************************************************************************/
26*1003e004SJérôme Duval
27*1003e004SJérôme Duval #ifndef ZYDIS_INTERNAL_DECODERDATA_H
28*1003e004SJérôme Duval #define ZYDIS_INTERNAL_DECODERDATA_H
29*1003e004SJérôme Duval
30*1003e004SJérôme Duval #include <Zycore/Defines.h>
31*1003e004SJérôme Duval #include <Zycore/Types.h>
32*1003e004SJérôme Duval #include <Zydis/Defines.h>
33*1003e004SJérôme Duval
34*1003e004SJérôme Duval #ifdef __cplusplus
35*1003e004SJérôme Duval extern "C" {
36*1003e004SJérôme Duval #endif
37*1003e004SJérôme Duval
38*1003e004SJérôme Duval /* ============================================================================================== */
39*1003e004SJérôme Duval /* Enums and types */
40*1003e004SJérôme Duval /* ============================================================================================== */
41*1003e004SJérôme Duval
42*1003e004SJérôme Duval // MSVC does not like types other than (un-)signed int for bit-fields
43*1003e004SJérôme Duval #ifdef ZYAN_MSVC
44*1003e004SJérôme Duval # pragma warning(push)
45*1003e004SJérôme Duval # pragma warning(disable:4214)
46*1003e004SJérôme Duval #endif
47*1003e004SJérôme Duval
48*1003e004SJérôme Duval #pragma pack(push, 1)
49*1003e004SJérôme Duval
50*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
51*1003e004SJérôme Duval /* Decoder tree */
52*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
53*1003e004SJérôme Duval
54*1003e004SJérôme Duval /**
55*1003e004SJérôme Duval * Defines the `ZydisDecoderTreeNodeType` data-type.
56*1003e004SJérôme Duval */
57*1003e004SJérôme Duval typedef ZyanU8 ZydisDecoderTreeNodeType;
58*1003e004SJérôme Duval
59*1003e004SJérôme Duval /**
60*1003e004SJérôme Duval * Values that represent zydis decoder tree node types.
61*1003e004SJérôme Duval */
62*1003e004SJérôme Duval enum ZydisDecoderTreeNodeTypes
63*1003e004SJérôme Duval {
64*1003e004SJérôme Duval ZYDIS_NODETYPE_INVALID = 0x00,
65*1003e004SJérôme Duval /**
66*1003e004SJérôme Duval * Reference to an instruction-definition.
67*1003e004SJérôme Duval */
68*1003e004SJérôme Duval ZYDIS_NODETYPE_DEFINITION_MASK = 0x80,
69*1003e004SJérôme Duval /**
70*1003e004SJérôme Duval * Reference to an XOP-map filter.
71*1003e004SJérôme Duval */
72*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_XOP = 0x01,
73*1003e004SJérôme Duval /**
74*1003e004SJérôme Duval * Reference to an VEX-map filter.
75*1003e004SJérôme Duval */
76*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_VEX = 0x02,
77*1003e004SJérôme Duval /**
78*1003e004SJérôme Duval * Reference to an EVEX/MVEX-map filter.
79*1003e004SJérôme Duval */
80*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_EMVEX = 0x03,
81*1003e004SJérôme Duval /**
82*1003e004SJérôme Duval * Reference to an opcode filter.
83*1003e004SJérôme Duval */
84*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_OPCODE = 0x04,
85*1003e004SJérôme Duval /**
86*1003e004SJérôme Duval * Reference to an instruction-mode filter.
87*1003e004SJérôme Duval */
88*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE = 0x05,
89*1003e004SJérôme Duval /**
90*1003e004SJérôme Duval * Reference to an compacted instruction-mode filter.
91*1003e004SJérôme Duval */
92*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_COMPACT = 0x06,
93*1003e004SJérôme Duval /**
94*1003e004SJérôme Duval * Reference to a ModRM.mod filter.
95*1003e004SJérôme Duval */
96*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODRM_MOD = 0x07,
97*1003e004SJérôme Duval /**
98*1003e004SJérôme Duval * Reference to a compacted ModRM.mod filter.
99*1003e004SJérôme Duval */
100*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODRM_MOD_COMPACT = 0x08,
101*1003e004SJérôme Duval /**
102*1003e004SJérôme Duval * Reference to a ModRM.reg filter.
103*1003e004SJérôme Duval */
104*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODRM_REG = 0x09,
105*1003e004SJérôme Duval /**
106*1003e004SJérôme Duval * Reference to a ModRM.rm filter.
107*1003e004SJérôme Duval */
108*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODRM_RM = 0x0A,
109*1003e004SJérôme Duval /**
110*1003e004SJérôme Duval * Reference to a PrefixGroup1 filter.
111*1003e004SJérôme Duval */
112*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_PREFIX_GROUP1 = 0x0B,
113*1003e004SJérôme Duval /**
114*1003e004SJérôme Duval * Reference to a mandatory-prefix filter.
115*1003e004SJérôme Duval */
116*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MANDATORY_PREFIX = 0x0C,
117*1003e004SJérôme Duval /**
118*1003e004SJérôme Duval * Reference to an operand-size filter.
119*1003e004SJérôme Duval */
120*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_OPERAND_SIZE = 0x0D,
121*1003e004SJérôme Duval /**
122*1003e004SJérôme Duval * Reference to an address-size filter.
123*1003e004SJérôme Duval */
124*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_ADDRESS_SIZE = 0x0E,
125*1003e004SJérôme Duval /**
126*1003e004SJérôme Duval * Reference to a vector-length filter.
127*1003e004SJérôme Duval */
128*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_VECTOR_LENGTH = 0x0F,
129*1003e004SJérôme Duval /**
130*1003e004SJérôme Duval * Reference to an REX/VEX/EVEX.W filter.
131*1003e004SJérôme Duval */
132*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_REX_W = 0x10,
133*1003e004SJérôme Duval /**
134*1003e004SJérôme Duval * Reference to an REX/VEX/EVEX.B filter.
135*1003e004SJérôme Duval */
136*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_REX_B = 0x11,
137*1003e004SJérôme Duval /**
138*1003e004SJérôme Duval * Reference to an EVEX.b filter.
139*1003e004SJérôme Duval */
140*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_EVEX_B = 0x12,
141*1003e004SJérôme Duval /**
142*1003e004SJérôme Duval * Reference to an MVEX.E filter.
143*1003e004SJérôme Duval */
144*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MVEX_E = 0x13,
145*1003e004SJérôme Duval /**
146*1003e004SJérôme Duval * Reference to a AMD-mode filter.
147*1003e004SJérôme Duval */
148*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_AMD = 0x14,
149*1003e004SJérôme Duval /**
150*1003e004SJérôme Duval * Reference to a KNC-mode filter.
151*1003e004SJérôme Duval */
152*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_KNC = 0x15,
153*1003e004SJérôme Duval /**
154*1003e004SJérôme Duval * Reference to a MPX-mode filter.
155*1003e004SJérôme Duval */
156*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_MPX = 0x16,
157*1003e004SJérôme Duval /**
158*1003e004SJérôme Duval * Reference to a CET-mode filter.
159*1003e004SJérôme Duval */
160*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_CET = 0x17,
161*1003e004SJérôme Duval /**
162*1003e004SJérôme Duval * Reference to a LZCNT-mode filter.
163*1003e004SJérôme Duval */
164*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_LZCNT = 0x18,
165*1003e004SJérôme Duval /**
166*1003e004SJérôme Duval * Reference to a TZCNT-mode filter.
167*1003e004SJérôme Duval */
168*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_TZCNT = 0x19,
169*1003e004SJérôme Duval /**
170*1003e004SJérôme Duval * Reference to a WBNOINVD-mode filter.
171*1003e004SJérôme Duval */
172*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_WBNOINVD = 0x1A,
173*1003e004SJérôme Duval /**
174*1003e004SJérôme Duval * Reference to a CLDEMOTE-mode filter.
175*1003e004SJérôme Duval */
176*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_CLDEMOTE = 0x1B,
177*1003e004SJérôme Duval /**
178*1003e004SJérôme Duval * Reference to a IPREFETCH-mode filter.
179*1003e004SJérôme Duval */
180*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_IPREFETCH = 0x1C,
181*1003e004SJérôme Duval /**
182*1003e004SJérôme Duval * Reference to a UD0_COMPAT-mode filter.
183*1003e004SJérôme Duval */
184*1003e004SJérôme Duval ZYDIS_NODETYPE_FILTER_MODE_UD0_COMPAT = 0x1D
185*1003e004SJérôme Duval };
186*1003e004SJérôme Duval
187*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
188*1003e004SJérôme Duval
189*1003e004SJérôme Duval /**
190*1003e004SJérôme Duval * Defines the `ZydisDecoderTreeNodeValue` data-type.
191*1003e004SJérôme Duval */
192*1003e004SJérôme Duval typedef ZyanU16 ZydisDecoderTreeNodeValue;
193*1003e004SJérôme Duval
194*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
195*1003e004SJérôme Duval
196*1003e004SJérôme Duval /**
197*1003e004SJérôme Duval * Defines the `ZydisDecoderTreeNode` struct.
198*1003e004SJérôme Duval */
199*1003e004SJérôme Duval typedef struct ZydisDecoderTreeNode_
200*1003e004SJérôme Duval {
201*1003e004SJérôme Duval ZydisDecoderTreeNodeType type;
202*1003e004SJérôme Duval ZydisDecoderTreeNodeValue value;
203*1003e004SJérôme Duval } ZydisDecoderTreeNode;
204*1003e004SJérôme Duval
205*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
206*1003e004SJérôme Duval
207*1003e004SJérôme Duval #pragma pack(pop)
208*1003e004SJérôme Duval
209*1003e004SJérôme Duval #ifdef ZYAN_MSVC
210*1003e004SJérôme Duval # pragma warning(pop)
211*1003e004SJérôme Duval #endif
212*1003e004SJérôme Duval
213*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
214*1003e004SJérôme Duval /* Physical instruction encoding info */
215*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
216*1003e004SJérôme Duval
217*1003e004SJérôme Duval /**
218*1003e004SJérôme Duval * Defines the `ZydisInstructionEncodingFlags` data-type.
219*1003e004SJérôme Duval */
220*1003e004SJérôme Duval typedef ZyanU8 ZydisInstructionEncodingFlags;
221*1003e004SJérôme Duval
222*1003e004SJérôme Duval /**
223*1003e004SJérôme Duval * The instruction has an optional modrm byte.
224*1003e004SJérôme Duval */
225*1003e004SJérôme Duval #define ZYDIS_INSTR_ENC_FLAG_HAS_MODRM 0x01
226*1003e004SJérôme Duval
227*1003e004SJérôme Duval /**
228*1003e004SJérôme Duval * The instruction has an optional displacement value.
229*1003e004SJérôme Duval */
230*1003e004SJérôme Duval #define ZYDIS_INSTR_ENC_FLAG_HAS_DISP 0x02
231*1003e004SJérôme Duval
232*1003e004SJérôme Duval /**
233*1003e004SJérôme Duval * The instruction has an optional immediate value.
234*1003e004SJérôme Duval */
235*1003e004SJérôme Duval #define ZYDIS_INSTR_ENC_FLAG_HAS_IMM0 0x04
236*1003e004SJérôme Duval
237*1003e004SJérôme Duval /**
238*1003e004SJérôme Duval * The instruction has a second optional immediate value.
239*1003e004SJérôme Duval */
240*1003e004SJérôme Duval #define ZYDIS_INSTR_ENC_FLAG_HAS_IMM1 0x08
241*1003e004SJérôme Duval
242*1003e004SJérôme Duval /**
243*1003e004SJérôme Duval * The instruction ignores the value of `modrm.mod` and always assumes `modrm.mod == 3`
244*1003e004SJérôme Duval * ("reg, reg" - form).
245*1003e004SJérôme Duval *
246*1003e004SJérôme Duval * Instructions with this flag can't have a SIB byte or a displacement value.
247*1003e004SJérôme Duval */
248*1003e004SJérôme Duval #define ZYDIS_INSTR_ENC_FLAG_FORCE_REG_FORM 0x10
249*1003e004SJérôme Duval
250*1003e004SJérôme Duval /**
251*1003e004SJérôme Duval * Defines the `ZydisInstructionEncodingInfo` struct.
252*1003e004SJérôme Duval */
253*1003e004SJérôme Duval typedef struct ZydisInstructionEncodingInfo_
254*1003e004SJérôme Duval {
255*1003e004SJérôme Duval /**
256*1003e004SJérôme Duval * Contains flags with information about the physical instruction-encoding.
257*1003e004SJérôme Duval */
258*1003e004SJérôme Duval ZydisInstructionEncodingFlags flags;
259*1003e004SJérôme Duval /**
260*1003e004SJérôme Duval * Displacement info.
261*1003e004SJérôme Duval */
262*1003e004SJérôme Duval struct
263*1003e004SJérôme Duval {
264*1003e004SJérôme Duval /**
265*1003e004SJérôme Duval * The size of the displacement value.
266*1003e004SJérôme Duval */
267*1003e004SJérôme Duval ZyanU8 size[3];
268*1003e004SJérôme Duval } disp;
269*1003e004SJérôme Duval /**
270*1003e004SJérôme Duval * Immediate info.
271*1003e004SJérôme Duval */
272*1003e004SJérôme Duval struct
273*1003e004SJérôme Duval {
274*1003e004SJérôme Duval /**
275*1003e004SJérôme Duval * The size of the immediate value.
276*1003e004SJérôme Duval */
277*1003e004SJérôme Duval ZyanU8 size[3];
278*1003e004SJérôme Duval /**
279*1003e004SJérôme Duval * Signals, if the value is signed.
280*1003e004SJérôme Duval */
281*1003e004SJérôme Duval ZyanBool is_signed;
282*1003e004SJérôme Duval /**
283*1003e004SJérôme Duval * Signals, if the value is a relative offset.
284*1003e004SJérôme Duval */
285*1003e004SJérôme Duval ZyanBool is_relative;
286*1003e004SJérôme Duval } imm[2];
287*1003e004SJérôme Duval } ZydisInstructionEncodingInfo;
288*1003e004SJérôme Duval
289*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
290*1003e004SJérôme Duval
291*1003e004SJérôme Duval /* ============================================================================================== */
292*1003e004SJérôme Duval /* Functions */
293*1003e004SJérôme Duval /* ============================================================================================== */
294*1003e004SJérôme Duval
295*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
296*1003e004SJérôme Duval /* Decoder tree */
297*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
298*1003e004SJérôme Duval
299*1003e004SJérôme Duval extern const ZydisDecoderTreeNode zydis_decoder_tree_root;
300*1003e004SJérôme Duval
301*1003e004SJérôme Duval /**
302*1003e004SJérôme Duval * Returns the root node of the instruction tree.
303*1003e004SJérôme Duval *
304*1003e004SJérôme Duval * @return The root node of the instruction tree.
305*1003e004SJérôme Duval */
ZydisDecoderTreeGetRootNode(void)306*1003e004SJérôme Duval ZYAN_INLINE const ZydisDecoderTreeNode* ZydisDecoderTreeGetRootNode(void)
307*1003e004SJérôme Duval {
308*1003e004SJérôme Duval return &zydis_decoder_tree_root;
309*1003e004SJérôme Duval }
310*1003e004SJérôme Duval
311*1003e004SJérôme Duval /**
312*1003e004SJérôme Duval * Returns the child node of `parent` specified by `index`.
313*1003e004SJérôme Duval *
314*1003e004SJérôme Duval * @param parent The parent node.
315*1003e004SJérôme Duval * @param index The index of the child node to retrieve.
316*1003e004SJérôme Duval *
317*1003e004SJérôme Duval * @return The specified child node.
318*1003e004SJérôme Duval */
319*1003e004SJérôme Duval ZYDIS_NO_EXPORT const ZydisDecoderTreeNode* ZydisDecoderTreeGetChildNode(
320*1003e004SJérôme Duval const ZydisDecoderTreeNode* parent, ZyanU16 index);
321*1003e004SJérôme Duval
322*1003e004SJérôme Duval /**
323*1003e004SJérôme Duval * Returns information about optional instruction parts (like modrm, displacement or
324*1003e004SJérôme Duval * immediates) for the instruction that is linked to the given `node`.
325*1003e004SJérôme Duval *
326*1003e004SJérôme Duval * @param node The instruction definition node.
327*1003e004SJérôme Duval * @param info A pointer to the `ZydisInstructionParts` struct.
328*1003e004SJérôme Duval */
329*1003e004SJérôme Duval ZYDIS_NO_EXPORT void ZydisGetInstructionEncodingInfo(const ZydisDecoderTreeNode* node,
330*1003e004SJérôme Duval const ZydisInstructionEncodingInfo** info);
331*1003e004SJérôme Duval
332*1003e004SJérôme Duval /* ---------------------------------------------------------------------------------------------- */
333*1003e004SJérôme Duval
334*1003e004SJérôme Duval /* ============================================================================================== */
335*1003e004SJérôme Duval
336*1003e004SJérôme Duval #ifdef __cplusplus
337*1003e004SJérôme Duval }
338*1003e004SJérôme Duval #endif
339*1003e004SJérôme Duval
340*1003e004SJérôme Duval #endif /* ZYDIS_INTERNAL_DECODERDATA_H */
341