7 #include <capstone/platform.h>
8 #include <capstone/capstone.h>
186 cs_regs regs_read, regs_write;
187 uint8_t regs_read_count, regs_write_count;
190 if (ins->detail ==
NULL)
193 x86 = &(ins->detail->x86);
201 printf(
"\taddr_size: %u\n",
x86->addr_size);
203 if (
x86->encoding.modrm_offset != 0) {
204 printf(
"\tmodrm_offset: 0x%x\n",
x86->encoding.modrm_offset);
208 if (
x86->encoding.disp_offset != 0) {
209 printf(
"\tdisp_offset: 0x%x\n",
x86->encoding.disp_offset);
212 if (
x86->encoding.disp_size != 0) {
213 printf(
"\tdisp_size: 0x%x\n",
x86->encoding.disp_size);
223 if (
x86->sib_scale != 0)
224 printf(
"\t\tsib_scale: %d\n",
x86->sib_scale);
259 if (
x86->encoding.imm_offset != 0) {
260 printf(
"\timm_offset: 0x%x\n",
x86->encoding.imm_offset);
263 if (
x86->encoding.imm_size != 0) {
264 printf(
"\timm_size: 0x%x\n",
x86->encoding.imm_size);
270 printf(
"\top_count: %u\n",
x86->op_count);
273 for (
i = 0;
i <
x86->op_count;
i++) {
276 switch((
int)
op->type) {
284 printf(
"\t\toperands[%u].type: MEM\n",
i);
291 if (
op->mem.scale != 1)
292 printf(
"\t\t\toperands[%u].mem.scale: %u\n",
i,
op->mem.scale);
293 if (
op->mem.disp != 0)
294 printf(
"\t\t\toperands[%u].mem.disp: 0x%" PRIx64 "\n",
i,
op->mem.disp);
302 printf(
"\t\toperands[%u].avx_bcast: %u\n",
i,
op->avx_bcast);
305 if (
op->avx_zero_opmask !=
false)
306 printf(
"\t\toperands[%u].avx_zero_opmask: TRUE\n",
i);
308 printf(
"\t\toperands[%u].size: %u\n",
i,
op->size);
314 printf(
"\t\toperands[%u].access: READ\n",
i);
317 printf(
"\t\toperands[%u].access: WRITE\n",
i);
320 printf(
"\t\toperands[%u].access: READ | WRITE\n",
i);
327 regs_read, ®s_read_count,
328 regs_write, ®s_write_count)) {
329 if (regs_read_count) {
330 printf(
"\tRegisters read:");
331 for(
i = 0;
i < regs_read_count;
i++) {
337 if (regs_write_count) {
338 printf(
"\tRegisters modified:");
339 for(
i = 0;
i < regs_write_count;
i++) {
346 if (
x86->eflags ||
x86->fpu_flags) {
347 for(
i = 0;
i < ins->detail->groups_count;
i++) {
350 for(
i = 0;
i <= 63;
i++)
359 if (
i == ins->detail->groups_count) {
361 for(
i = 0;
i <= 63;
i++)
374 #define X86_CODE64 "\x55\x48\x8b\x05\xb8\x13\x00\x00\xe9\xea\xbe\xad\xde\xff\x25\x23\x01\x00\x00\xe8\xdf\xbe\xad\xde\x74\xff"
375 #define X86_CODE16 "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\x66\xe9\xb8\x00\x00\x00\x67\xff\xa0\x23\x01\x00\x00\x66\xe8\xcb\x00\x00\x00\x74\xfc"
376 #define X86_CODE32 "\x8d\x4c\x32\x08\x01\xd8\x81\xc6\x34\x12\x00\x00\x05\x23\x01\x00\x00\x36\x8b\x84\x91\x23\x01\x00\x00\x41\x8d\x84\x39\x89\x67\x00\x00\x8d\x87\x89\x67\x00\x00\xb4\xc6\xe9\xea\xbe\xad\xde\xff\xa0\x23\x01\x00\x00\xe8\xdf\xbe\xad\xde\x74\xff"
384 "X86 16bit (Intel syntax)"
391 "X86 32 (AT&T syntax)",
400 "X86 32 (Intel syntax)"
407 "X86 64 (Intel syntax)"
419 printf(
"Failed on cs_open() with error returned: %u\n",
err);
432 printf(
"****************\n");
437 for (j = 0; j <
count; j++) {
446 printf(
"****************\n");
449 printf(
"ERROR: Failed to disasm given code!\n");
cs_arch
Architecture type.
@ CS_ARCH_X86
X86 architecture (including x86 & x86-64)
@ CS_MODE_64
64-bit mode (X86, PPC)
@ CS_MODE_32
32-bit mode (X86)
@ CS_MODE_16
16-bit mode (X86)
cs_opt_type
Runtime option for the disassembled engine.
@ CS_OPT_DETAIL
Break down instruction structure into details.
@ CS_OPT_SYNTAX
Assembly output syntax.
cs_opt_value
Runtime option value (associated with option type above)
@ CS_OPT_SYNTAX_ATT
X86 ATT asm syntax (CS_OPT_SYNTAX).
@ CS_OPT_ON
Turn ON an option (CS_OPT_DETAIL, CS_OPT_SKIPDATA).
@ CS_AC_READ
Operand read from memory or register.
@ CS_AC_WRITE
Operand write to memory or register.
#define X86_EFLAGS_SET_IF
@ X86_AVX_BCAST_INVALID
Uninitialized.
#define X86_EFLAGS_RESET_AF
#define X86_EFLAGS_PRIOR_DF
#define X86_FPU_FLAGS_RESET_C0
#define X86_FPU_FLAGS_SET_C3
#define X86_EFLAGS_PRIOR_NT
#define X86_FPU_FLAGS_UNDEFINED_C0
#define X86_FPU_FLAGS_UNDEFINED_C1
#define X86_EFLAGS_TEST_NT
@ X86_AVX_RM_INVALID
Uninitialized.
#define X86_EFLAGS_RESET_TF
#define X86_EFLAGS_RESET_DF
#define X86_EFLAGS_RESET_CF
#define X86_FPU_FLAGS_UNDEFINED_C3
#define X86_FPU_FLAGS_MODIFY_C0
#define X86_FPU_FLAGS_TEST_C0
#define X86_EFLAGS_UNDEFINED_AF
#define X86_EFLAGS_MODIFY_CF
#define X86_EFLAGS_TEST_OF
#define X86_FPU_FLAGS_SET_C0
#define X86_EFLAGS_MODIFY_IF
#define X86_EFLAGS_MODIFY_DF
#define X86_FPU_FLAGS_MODIFY_C3
#define X86_EFLAGS_PRIOR_IF
#define X86_EFLAGS_SET_CF
#define X86_EFLAGS_MODIFY_OF
#define X86_EFLAGS_RESET_SF
#define X86_EFLAGS_TEST_PF
#define X86_FPU_FLAGS_TEST_C1
@ X86_OP_IMM
= CS_OP_IMM (Immediate operand).
@ X86_OP_REG
= CS_OP_REG (Register operand).
@ X86_OP_MEM
= CS_OP_MEM (Memory operand).
#define X86_EFLAGS_SET_DF
#define X86_EFLAGS_MODIFY_PF
#define X86_EFLAGS_RESET_OF
#define X86_EFLAGS_UNDEFINED_ZF
#define X86_EFLAGS_MODIFY_TF
#define X86_EFLAGS_MODIFY_NT
#define X86_FPU_FLAGS_RESET_C2
#define X86_EFLAGS_PRIOR_OF
#define X86_FPU_FLAGS_TEST_C3
#define X86_EFLAGS_RESET_PF
#define X86_EFLAGS_MODIFY_ZF
#define X86_EFLAGS_PRIOR_PF
#define X86_EFLAGS_MODIFY_AF
#define X86_FPU_FLAGS_MODIFY_C2
#define X86_FPU_FLAGS_SET_C1
@ X86_XOP_CC_INVALID
Uninitialized.
#define X86_EFLAGS_UNDEFINED_PF
#define X86_EFLAGS_TEST_ZF
#define X86_FPU_FLAGS_UNDEFINED_C2
#define X86_EFLAGS_UNDEFINED_SF
#define X86_FPU_FLAGS_RESET_C3
#define X86_EFLAGS_TEST_SF
#define X86_FPU_FLAGS_RESET_C1
#define X86_FPU_FLAGS_SET_C2
#define X86_EFLAGS_PRIOR_ZF
#define X86_EFLAGS_RESET_NT
#define X86_EFLAGS_UNDEFINED_OF
#define X86_EFLAGS_PRIOR_AF
#define X86_EFLAGS_PRIOR_SF
#define X86_EFLAGS_PRIOR_TF
#define X86_EFLAGS_MODIFY_SF
@ X86_AVX_CC_INVALID
Uninitialized.
@ X86_SSE_CC_INVALID
Uninitialized.
#define X86_EFLAGS_RESET_IF
#define X86_EFLAGS_TEST_DF
#define X86_FPU_FLAGS_MODIFY_C1
#define X86_EFLAGS_TEST_CF
#define X86_EFLAGS_PRIOR_CF
#define X86_FPU_FLAGS_TEST_C2
#define X86_EFLAGS_UNDEFINED_CF
#define X86_EFLAGS_MODIFY_RF
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_regs_access(csh ud, const cs_insn *insn, cs_regs regs_read, uint8_t *regs_read_count, cs_regs regs_write, uint8_t *regs_write_count)
CAPSTONE_EXPORT size_t CAPSTONE_API cs_disasm(csh ud, const uint8_t *buffer, size_t size, uint64_t offset, size_t count, cs_insn **insn)
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_open(cs_arch arch, cs_mode mode, csh *handle)
CAPSTONE_EXPORT int CAPSTONE_API cs_op_count(csh ud, const cs_insn *insn, unsigned int op_type)
CAPSTONE_EXPORT void CAPSTONE_API cs_free(cs_insn *insn, size_t count)
CAPSTONE_EXPORT const char *CAPSTONE_API cs_reg_name(csh ud, unsigned int reg)
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_close(csh *handle)
CAPSTONE_EXPORT int CAPSTONE_API cs_op_index(csh ud, const cs_insn *insn, unsigned int op_type, unsigned int post)
CAPSTONE_EXPORT cs_err CAPSTONE_API cs_option(csh ud, cs_opt_type type, size_t value)
_Use_decl_annotations_ int __cdecl printf(const char *const _Format,...)
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void count
struct platform platforms[]
static void print_insn_detail(csh ud, cs_mode mode, cs_insn *ins)
static void print_string_hex(const char *comment, unsigned char *str, size_t len)
static const char * get_fpu_flag_name(uint64_t flag)
static const char * get_eflag_name(uint64_t flag)
1.9.1