|
28 | 28 |
|
29 | 29 | The following example program uses Zydis to disassemble a given memory buffer and prints the output to the console ([more examples here](./examples/)). |
30 | 30 |
|
31 | | -```C |
32 | | -#include <stdio.h> |
33 | | -#include <inttypes.h> |
34 | | -#include <Zydis/Zydis.h> |
35 | | - |
36 | | -int main() |
37 | | -{ |
38 | | - ZyanU8 data[] = |
39 | | - { |
40 | | - 0x51, 0x8D, 0x45, 0xFF, 0x50, 0xFF, 0x75, 0x0C, 0xFF, 0x75, |
41 | | - 0x08, 0xFF, 0x15, 0xA0, 0xA5, 0x48, 0x76, 0x85, 0xC0, 0x0F, |
42 | | - 0x88, 0xFC, 0xDA, 0x02, 0x00 |
43 | | - }; |
44 | | - |
45 | | - // Initialize decoder context |
46 | | - ZydisDecoder decoder; |
47 | | - ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_STACK_WIDTH_64); |
48 | | - |
49 | | - // Initialize formatter. Only required when you actually plan to do instruction |
50 | | - // formatting ("disassembling"), like we do here |
51 | | - ZydisFormatter formatter; |
52 | | - ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL); |
53 | | - |
54 | | - // Loop over the instructions in our buffer. |
55 | | - // The runtime-address (instruction pointer) is chosen arbitrary here in order to better |
56 | | - // visualize relative addressing |
57 | | - ZyanU64 runtime_address = 0x007FFFFFFF400000; |
58 | | - ZyanUSize offset = 0; |
59 | | - const ZyanUSize length = sizeof(data); |
60 | | - ZydisDecodedInstruction instruction; |
61 | | - ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE]; |
62 | | - while (ZYAN_SUCCESS(ZydisDecoderDecodeFull(&decoder, data + offset, length - offset, |
63 | | - &instruction, operands, ZYDIS_MAX_OPERAND_COUNT_VISIBLE, |
64 | | - ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY))) |
65 | | - { |
66 | | - // Print current instruction pointer. |
67 | | - printf("%016" PRIX64 " ", runtime_address); |
68 | | - |
69 | | - // Format & print the binary instruction structure to human-readable format |
70 | | - char buffer[256]; |
71 | | - ZydisFormatterFormatInstruction(&formatter, &instruction, operands, |
72 | | - instruction.operand_count_visible, buffer, sizeof(buffer), runtime_address, ZYAN_NULL); |
73 | | - puts(buffer); |
74 | | - |
75 | | - offset += instruction.length; |
76 | | - runtime_address += instruction.length; |
77 | | - } |
78 | | - |
79 | | - return 0; |
80 | | -} |
81 | | -``` |
| 31 | +https://github.com/zyantific/zydis/blob/9cb54996c215422a398d7d2a287a08a185344200/examples/Disassemble.c#L27-L75 |
82 | 32 |
|
83 | 33 | ## Sample Output |
84 | 34 |
|
|
0 commit comments