├── README.md
├── distorm_lib.pbi
└── tests
├── Debug_distorm_DataTypes.pbi
├── Dis_Test1.pb
├── Dis_Test2.pb
└── TestHelper.pbi
/README.md:
--------------------------------------------------------------------------------
1 | # distorm-PB
2 | diStorm Disassembler for PureBasic
3 |
4 | http://ragestorm.net/distorm/
5 |
6 | https://github.com/gdabah/distorm
7 |
8 | Powerful Disassembler Library For AMD64
9 |
10 | Definition: A lightweight, Easy-to-Use and Fast Disassembler/Decomposer Library for x86/AMD64. A Decomposer means that you get a binary structure that describes an instruction rather than textual representation.
11 |
12 | diStorm3 includes the following new features:
13 |
14 | Access to CPU flags that were affected by the instruction.
15 | New API for instruction decomposition.
16 | Basic Flow Control analysis support.
17 | AVX and FMA instruction sets support.
18 | Complete documentation and code samples.
19 | Some bug fixes and massive code refactoring.
20 |
21 | diStorm3 also supports:
22 |
23 | Minimal API for decode and decompose, no initialization is required.
24 | Decode modes: 16, 32 and 64 bits.
25 | Instruction Sets: FPU, MMX, SSE, SSE2, SSE3, SSSE3, SSE4,
26 | 3DNow! (w/ extensions), new x86-64, VMX and AMD's SVM.
27 |
28 | Reentrancy (multi-threaded).
29 | Platform independent - Windows, Linux and Mac. Little/big endianity. User/kernel mode.
30 | Different compilers (GCC, MSVC). Can be used either statically or dynamically.
31 | Java and Python wrappers.
32 |
33 |
34 | diStorm3 is dual-licensed under the GPL (http://www.gnu.org/licenses/gpl.html) and a commercial license.
35 |
--------------------------------------------------------------------------------
/distorm_lib.pbi:
--------------------------------------------------------------------------------
1 | ; distorm_lib.pbi
2 | ;
3 | ; diStorm3 - Powerful disassembler For X86/AMD64
4 | ; http://ragestorm.net/distorm/
5 | ; https://github.com/gdabah/distorm
6 | ;
7 | ; diStorm License =
8 | ;
9 | ; distorm at gmail dot com
10 | ; Copyright (C) 2003-2015 Gil Dabah
11 | ;
12 | ; This program is free software: you can redistribute it And/Or modify
13 | ; it under the terms of the GNU General Public License As published by
14 | ; the Free Software Foundation, either version 3 of the License, Or
15 | ; (at your option) any later version.
16 | ;
17 | ; This program is distributed in the hope that it will be useful,
18 | ; but WITHOUT ANY WARRANTY; without even the implied warranty of
19 | ; MERCHANTABILITY Or FITNESS For A PARTICULAR PURPOSE. See the
20 | ; GNU General Public License For more details.
21 | ;
22 | ; You should have received a copy of the GNU General Public License
23 | ; along With this program. If Not, see
24 | ;
25 |
26 |
27 | ; Visual Studio Compile Settings =
28 | ;
29 | ; clib
30 | ; ** General **
31 | ; Target Name = distorm_$(PlatformShortName)
32 | ; Whole Program Optimization = No Whole Program Optimization
33 | ;
34 | ; ** Code Generation **
35 | ; Enable C++ Exceptions = No
36 | ; Runtime Library = Multi-threaded (/MT)
37 | ; Buffer Security Check = No (/GS-)
38 | ;
39 |
40 | ;
41 | ; Don't forget to set #DISTORM_LIB_PATH
42 | ;
43 | ; default is = #DISTORM_LIB_PATH = #PB_Compiler_FilePath + "..\distorm-master\"
44 | ;
45 | ;
46 | ; eg: #DISTORM_LIB_PATH = "C:\distorm\"
47 | ;
48 |
49 | CompilerIf Defined(DISTORM_LIB_PBI, #PB_Constant) = 0
50 | #DISTORM_LIB_PBI = 1
51 |
52 | EnableExplicit
53 |
54 | ;- =====================================
55 | ;- NAMING INFO
56 | ;- =====================================
57 | ;
58 | ; Macros have this prefix: DISTORM_M_
59 | ;
60 | ; Constants have this prefix: #DISTORM_
61 | ;
62 | ; Structures have this prefix: _DISTORM_
63 | ;
64 | ; Imported Function Names have no prefix
65 | ;
66 | ; Helper Functions have this prefix: DISTORM_
67 | ;
68 |
69 | ;- =====================================
70 | ;- DATA TYPES
71 | ;- =====================================
72 | ;
73 | ; _OffsetType = .q (QUAD)
74 | ;
75 | ; OFFSET_INTEGER = .q (QUAD)
76 | ;
77 | ;- =====================================
78 |
79 | ; diStorm3 3.3
80 | ;
81 | ;
82 | ; distorm.pbi
83 | ;
84 | ; diStorm3 - Powerful disassembler For X86/AMD64
85 | ; http://ragestorm.net/distorm/
86 | ; distorm at gmail dot com
87 | ; Copyright (C) 2003-2015 Gil Dabah
88 | ;
89 | ; This program is free software: you can redistribute it And/Or modify
90 | ; it under the terms of the GNU General Public License As published by
91 | ; the Free Software Foundation, either version 3 of the License, Or
92 | ; (at your option) any later version.
93 | ;
94 | ; This program is distributed in the hope that it will be useful,
95 | ; but WITHOUT ANY WARRANTY; without even the implied warranty of
96 | ; MERCHANTABILITY Or FITNESS For A PARTICULAR PURPOSE. See the
97 | ; GNU General Public License For more details.
98 | ;
99 | ; You should have received a copy of the GNU General Public License
100 | ; along With this program. If Not, see
101 |
102 |
103 | ; 64 bit offsets support:
104 | ; If the diStorm library you use was compiled With 64 bits offsets,
105 | ; make sure you compile your own code With the following Macro set:
106 | ; SUPPORT_64BIT_OFFSET
107 | ; Otherwise comment it out, Or you will get a linker error of an unresolved symbol...
108 | ; Turned on by Default!
109 |
110 | ; #DISTORM_SUPPORT_64BIT_OFFSET = 1
111 |
112 |
113 | ; Helper Macros
114 |
115 | ; Get the ISC of the instruction, used with the definitions below.
116 |
117 | Macro DISTORM_M_META_GET_ISC(__META__)
118 | (((__META__) >> 3) & $1f)
119 | EndMacro
120 |
121 | Macro DISTORM_M_META_SET_ISC(__DI__, __ISC__)
122 | (__DI__\meta | ((__ISC__) << 3))
123 | EndMacro
124 |
125 | ; Get the flow control flags of the instruction, see 'features for decompose' below.
126 | Macro DISTORM_M_META_GET_FC(__META__)
127 | ((__META__) & $7)
128 | EndMacro
129 |
130 | ; Get the target address of a branching instruction. O_PC operand type.
131 | Macro DISTORM_M_INSTRUCTION_GET_TARGET(__DI__)
132 | (__DI__\addr + __DI__\imm\addr + __DI__\size)
133 | EndMacro
134 |
135 | ; Get the target address of a RIP-relative memory indirection.
136 | Macro DISTORM_M_INSTRUCTION_GET_RIP_TARGET(__DI__)
137 | (__DI__\addr + __DI__\disp + __DI__\size)
138 | EndMacro
139 |
140 | ; Operand Size Or Adderss size are stored inside the flags:
141 | ; 00 - 16 bits
142 | ; 01 - 32 bits
143 | ; 10 - 64 bits
144 | ; 11 - reserved
145 | ;
146 | ; If you call these set-macros more than once, you will have To clean the bits before doing so.
147 |
148 |
149 | Macro DISTORM_M_FLAG_SET_OPSIZE(__DI__, __SIZE__)
150 | (__DI__\flags | (((__SIZE__) & 3) << 8))
151 | EndMacro
152 |
153 | Macro DISTORM_M_FLAG_SET_ADDRSIZE(__DI__, __SIZE__)
154 | (__DI__\flags | (((__SIZE__) & 3) << 10))
155 | EndMacro
156 |
157 | Macro DISTORM_M_FLAG_GET_OPSIZE(__FLAGS__)
158 | (((__FLAGS__) >> 8) & 3)
159 | EndMacro
160 |
161 | Macro DISTORM_M_FLAG_GET_ADDRSIZE(__FLAGS__)
162 | (((__FLAGS__) >> 10) & 3)
163 | EndMacro
164 |
165 | ; To get the LOCK/REPNZ/REP prefixes.
166 | Macro DISTORM_M_FLAG_GET_PREFIX(__FLAGS__)
167 | ((__FLAGS__) & 7)
168 | EndMacro
169 |
170 | ; Indicates whether the instruction is privileged.
171 | Macro DISTORM_M_FLAG_GET_PRIVILEGED(__FLAGS__)
172 | Bool(((__FLAGS__) & #DISTORM_FLAG_PRIVILEGED_INSTRUCTION) <> 0)
173 | EndMacro
174 |
175 | ; Macros to extract segment registers from 'segment':
176 |
177 | #DISTORM_SEGMENT_DEFAULT = $80
178 |
179 |
180 | Macro DISTORM_M_SEGMENT_SET(__DI__, __SEG__)
181 | (__DI__\segment | __SEG__)
182 | EndMacro
183 |
184 | Macro DISTORM_M_SEGMENT_GET(__SEGMENT__, __VARIABLE__)
185 | If __SEGMENT__ = #DISTORM_R_NONE
186 | __VARIABLE__ = #DISTORM_R_NONE
187 | Else
188 | __VARIABLE__ = ((__SEGMENT__) & $7f)
189 | EndIf
190 | EndMacro
191 |
192 | Macro DISTORM_M_SEGMENT_IS_DEFAULT(__SEGMENT__)
193 | Bool( (__SEGMENT__ & #DISTORM_SEGMENT_DEFAULT) = #DISTORM_SEGMENT_DEFAULT )
194 | EndMacro
195 |
196 | ; Decodes modes of the disassembler, 16 bits or 32 bits or 64 bits for AMD64, x86-64.
197 |
198 | #DISTORM_Decode16Bits = 0
199 | #DISTORM_Decode32Bits = 1
200 | #DISTORM_Decode64Bits = 2
201 |
202 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
203 |
204 | Macro DISTORM_M_GET_DECODEMODE_PB()
205 | #DISTORM_Decode32Bits
206 | EndMacro
207 |
208 | CompilerElse
209 |
210 | Macro DISTORM_M_GET_DECODEMODE_PB()
211 | #DISTORM_Decode64Bits
212 | EndMacro
213 |
214 | CompilerEndIf
215 |
216 |
217 |
218 |
219 | Structure _DISTORM_PB_Ascii_Array
220 | a.a[0]
221 | EndStructure
222 |
223 | Structure _DISTORM_CodeInfo Align #PB_Structure_AlignC
224 | codeOffset.q
225 | nextOffset.q ; nextOffset is OUT only.
226 | *code._DISTORM_PB_Ascii_Array ; const uint8_t*
227 | codeLen.l ; Using signed integer makes it easier to detect an underflow.
228 | dt.l
229 | features.l
230 | EndStructure
231 |
232 | Structure _DISTORM_CodeInfo_array
233 | CodeInfo._DISTORM_CodeInfo[0]
234 | EndStructure
235 |
236 | ; _OperandType
237 |
238 | Enumeration
239 | #DISTORM_O_NONE
240 | #DISTORM_O_REG
241 | #DISTORM_O_IMM
242 | #DISTORM_O_IMM1
243 | #DISTORM_O_IMM2
244 | #DISTORM_O_DISP
245 | #DISTORM_O_SMEM
246 | #DISTORM_O_MEM
247 | #DISTORM_O_PC
248 | #DISTORM_O_PTR
249 | EndEnumeration
250 |
251 | Structure _DISTORM_Value_ptr Align #PB_Structure_AlignC
252 | seg.u
253 | ; Can be 16 or 32 bits, size is in ops[n].size.
254 | off.l
255 | EndStructure
256 |
257 | Structure _DISTORM_Value_ex Align #PB_Structure_AlignC
258 | i1.l
259 | i2.l
260 | EndStructure
261 |
262 | Structure _DISTORM_Value Align #PB_Structure_AlignC
263 | StructureUnion
264 | ; Used by O_IMM:
265 | sbyte.b
266 | byte.a
267 | sword.w
268 | word.u
269 | sdword.l
270 | dword.l
271 | sqword.q ; All immediates are SIGN-EXTENDED to 64 bits!
272 | qword.q
273 |
274 | ; Used by O_PC: (Use GET_TARGET_ADDR).
275 | addr.q ; It's a relative offset as for now.
276 |
277 | ; Used by O_PTR:
278 | ptr._DISTORM_Value_ptr
279 |
280 | ; Used by O_IMM1 (i1) and O_IMM2 (i2). ENTER instruction only.
281 | ex._DISTORM_Value_ex
282 |
283 | EndStructureUnion
284 | EndStructure
285 |
286 | Structure _DISTORM_Operand Align #PB_Structure_AlignC
287 | ; Type of operand:
288 | ; O_NONE: operand is To be ignored.
289 | ; O_REG: index holds Global register index.
290 | ; O_IMM: instruction.imm.
291 | ; O_IMM1: instruction.imm.ex.i1.
292 | ; O_IMM2: instruction.imm.ex.i2.
293 | ; O_DISP: memory dereference With displacement only, instruction.disp.
294 | ; O_SMEM: simple memory dereference With optional displacement (a single register memory dereference).
295 | ; O_MEM: complex memory dereference (optional fields: s/i/b/disp).
296 | ; O_PC: the relative address of a branch instruction (instruction.imm.addr).
297 | ; O_PTR: the absolute target address of a far branch instruction (instruction.imm.ptr.seg/off).
298 |
299 | type.a ; _OperandType
300 |
301 | ; Index of:
302 | ; O_REG: holds Global register index
303 | ; O_SMEM: holds the 'base' register. E.G: [ECX], [EBX+0x1234] are both in operand.index.
304 | ; O_MEM: holds the 'index' register. E.G: [EAX*4] is in operand.index.
305 |
306 | index.a
307 |
308 | ; Size in bits of:
309 | ; O_REG: register
310 | ; O_IMM: instruction.imm
311 | ; O_IMM1: instruction.imm.ex.i1
312 | ; O_IMM2: instruction.imm.ex.i2
313 | ; O_DISP: instruction.disp
314 | ; O_SMEM: size of indirection.
315 | ; O_MEM: size of indirection.
316 | ; O_PC: size of the relative offset
317 | ; O_PTR: size of instruction.imm.ptr.off (16 Or 32)
318 |
319 | size.u
320 | EndStructure
321 |
322 | Structure _DISTORM_Operand_array
323 | Operand._DISTORM_Operand[0]
324 | EndStructure
325 |
326 |
327 | #DISTORM_OPCODE_ID_NONE = 0
328 | ; Instruction could not be disassembled.
329 | #DISTORM_FLAG_NOT_DECODABLE = -1
330 | ; The instruction locks memory access.
331 | #DISTORM_FLAG_LOCK = 1 << 0
332 | ; The instruction is prefixed with a REPNZ.
333 | #DISTORM_FLAG_REPNZ = 1 << 1
334 | ; The instruction is prefixed with a REP, this can be a REPZ, it depends on the specific instruction.
335 | #DISTORM_FLAG_REP = 1 << 2
336 | ; Indicates there is a hint taken for Jcc instructions only.
337 | #DISTORM_FLAG_HINT_TAKEN = 1 << 3
338 | ; Indicates there is a hint non-taken for Jcc instructions only.
339 | #DISTORM_FLAG_HINT_NOT_TAKEN = 1 << 4
340 | ; The Imm value is signed extended (E.G in 64 bit decoding mode, a 32 bit imm is usually sign extended into 64 bit imm).
341 | #DISTORM_FLAG_IMM_SIGNED = 1 << 5
342 | ; The destination operand is writable.
343 | #DISTORM_FLAG_DST_WR = 1 << 6
344 | ; The instruction uses RIP-relative indirection.
345 | #DISTORM_FLAG_RIP_RELATIVE = 1 << 7
346 |
347 | ; See flag FLAG_GET_XXX macros above.
348 |
349 | ; The instruction is privileged and can only be used from Ring0.
350 |
351 | #DISTORM_FLAG_PRIVILEGED_INSTRUCTION = 1 << 15
352 |
353 | ; No register was defined.
354 | #DISTORM_R_NONE = -1
355 |
356 | #DISTORM_REGS64_BASE = 0
357 | #DISTORM_REGS32_BASE = 16
358 | #DISTORM_REGS16_BASE = 32
359 | #DISTORM_REGS8_BASE = 48
360 | #DISTORM_REGS8_REX_BASE = 64
361 | #DISTORM_SREGS_BASE = 68
362 | #DISTORM_FPUREGS_BASE = 75
363 | #DISTORM_MMXREGS_BASE = 83
364 | #DISTORM_SSEREGS_BASE = 91
365 | #DISTORM_AVXREGS_BASE = 107
366 | #DISTORM_CREGS_BASE = 123
367 | #DISTORM_DREGS_BASE = 132
368 |
369 | #DISTORM_OPERANDS_NO = 4
370 |
371 |
372 | Structure _DISTORM_DInst Align #PB_Structure_AlignC
373 | ; Used by ops[n].type == O_IMM/O_IMM1&O_IMM2/O_PTR/O_PC. Its size is ops[n].size.
374 | imm._DISTORM_Value
375 |
376 | ; Used by ops[n].type == O_SMEM/O_MEM/O_DISP. Its size is dispSize.
377 | disp.q
378 |
379 | ; Virtual address of first byte of instruction.
380 | addr.q
381 |
382 | ; General flags of instruction, holds prefixes and more, if FLAG_NOT_DECODABLE, instruction is invalid.
383 | flags.u
384 |
385 | ; Unused prefixes mask, for each bit that is set that prefix is not used (LSB is byte [addr + 0]).
386 | unusedPrefixesMask.u
387 |
388 | ; Mask of registers that were used in the operands, only used for quick look up, in order to know *some* operand uses that register class.
389 | usedRegistersMask.l
390 |
391 | ; ID of opcode in the global opcode table. Use for mnemonic look up.
392 | opcode.u
393 |
394 | ; Up to four operands per instruction, ignored if ops[n].type == O_NONE.
395 | ops._DISTORM_Operand[#DISTORM_OPERANDS_NO]
396 |
397 | ; Size of the whole instruction in bytes.
398 | size.a
399 |
400 | ; Segment information of memory indirection, default segment, or overriden one, can be -1. Use SEGMENT macros.
401 | segment.a
402 |
403 | ; Used by ops[n].type == O_MEM. Base global register index (might be R_NONE), scale size (2/4/8), ignored for 0 or 1.
404 | base.a
405 | scale.a
406 | dispSize.a
407 |
408 | ; Meta defines the instruction set class, and the flow control flags. Use META macros.
409 | meta.a
410 |
411 | ; The CPU flags that the instruction operates upon.
412 | modifiedFlagsMask.u
413 | testedFlagsMask.u
414 | undefinedFlagsMask.u
415 | EndStructure
416 |
417 | Structure _DISTORM_DInst_array
418 | DInst._DISTORM_DInst[0]
419 | EndStructure
420 |
421 |
422 | ; Static size of strings. Do not change this value. Keep Python wrapper in sync.
423 | #DISTORM_MAX_TEXT_SIZE = 48
424 |
425 |
426 | Structure _DISTORM_WString Align #PB_Structure_AlignC
427 | length.l
428 | p.a[#DISTORM_MAX_TEXT_SIZE] ; p is a null terminated string.
429 | EndStructure
430 |
431 | Structure _DISTORM_WString_array
432 | WString._DISTORM_WString[0]
433 | EndStructure
434 |
435 | ; Old decoded instruction Structure in text format.
436 | ; Used only For backward compatibility With diStorm64.
437 | ; This Structure holds all information the disassembler generates per instruction.
438 |
439 | Structure _DISTORM_DecodedInst Align #PB_Structure_AlignC
440 | mnemonic._DISTORM_WString ; Mnemonic of decoded instruction, prefixed if required by REP, LOCK etc.
441 | operands._DISTORM_WString ; Operands of the decoded instruction, up to 3 operands, comma-seperated.
442 | instructionHex._DISTORM_WString ; Hex dump - little endian, including prefixes.
443 | size.l ; Size of decoded instruction in bytes.
444 | offset.q ; Start offset of the decoded instruction.
445 | EndStructure
446 |
447 | Structure _DISTORM_DecodedInst_array
448 | DecodedInst._DISTORM_DecodedInst[0]
449 | EndStructure
450 |
451 | ; Register masks for quick look up, each mask indicates one of a register-class that is being used in some operand.
452 |
453 | #DISTORM_RM_AX = 1 ; AL, AH, AX, EAX, RAX
454 | #DISTORM_RM_CX = 2 ; CL, CH, CX, ECX, RCX
455 | #DISTORM_RM_DX = 4 ; DL, DH, DX, EDX, RDX
456 | #DISTORM_RM_BX = 8 ; BL, BH, BX, EBX, RBX
457 | #DISTORM_RM_SP = $10 ; SPL, SP, ESP, RSP
458 | #DISTORM_RM_BP = $20 ; BPL, BP, EBP, RBP
459 | #DISTORM_RM_SI = $40 ; SIL, SI, ESI, RSI
460 | #DISTORM_RM_DI = $80 ; DIL, DI, EDI, RDI
461 | #DISTORM_RM_FPU = $100 ; ST(0) - ST(7)
462 | #DISTORM_RM_MMX = $200 ; MM0 - MM7
463 | #DISTORM_RM_SSE = $400 ; XMM0 - XMM15
464 | #DISTORM_RM_AVX = $800 ; YMM0 - YMM15
465 | #DISTORM_RM_CR = $1000 ; CR0, CR2, CR3, CR4, CR8
466 | #DISTORM_RM_DR = $2000 ; DR0, DR1, DR2, DR3, DR6, DR7
467 | #DISTORM_RM_R8 = $4000 ; R8B, R8W, R8D, R8
468 | #DISTORM_RM_R9 = $8000 ; R9B, R9W, R9D, R9
469 | #DISTORM_RM_R10 = $10000 ; R10B, R10W, R10D, R10
470 | #DISTORM_RM_R11 = $20000 ; R11B, R11W, R11D, R11
471 | #DISTORM_RM_R12 = $40000 ; R12B, R12W, R12D, R12
472 | #DISTORM_RM_R13 = $80000 ; R13B, R13W, R13D, R13
473 | #DISTORM_RM_R14 = $100000 ; R14B, R14W, R14D, R14
474 | #DISTORM_RM_R15 = $200000 ; R15B, R15W, R15D, R15
475 |
476 | ; RIP should be checked using the 'flags' field And FLAG_RIP_RELATIVE.
477 | ; Segments should be checked using the segment macros.
478 | ; For now R8 - R15 are Not supported And non general purpose registers Map into same RM.
479 |
480 | ; CPU flags that instructions modify, test or undefine (are EFLAGS compatible!).
481 | #DISTORM_D_CF = 1 ; Carry
482 | #DISTORM_D_PF = 4 ; Parity
483 | #DISTORM_D_AF = $10 ; Auxiliary
484 | #DISTORM_D_ZF = $40 ; Zero
485 | #DISTORM_D_SF = $80 ; Sign
486 | #DISTORM_D_IF = $200 ; Interrupt
487 | #DISTORM_D_DF = $400 ; Direction
488 | #DISTORM_D_OF = $800 ; Overflow
489 |
490 | ; Instructions Set classes:
491 | ; If you want a better understanding of the available classes, look at disOps project, file: x86sets.py.
492 |
493 | ; Indicates the instruction belongs To the General Integer set.
494 | #DISTORM_ISC_INTEGER = 1
495 | ; Indicates the instruction belongs to the 387 FPU set.
496 | #DISTORM_ISC_FPU = 2
497 | ; Indicates the instruction belongs to the P6 set.
498 | #DISTORM_ISC_P6 = 3
499 | ; Indicates the instruction belongs to the MMX set.
500 | #DISTORM_ISC_MMX = 4
501 | ; Indicates the instruction belongs to the SSE set.
502 | #DISTORM_ISC_SSE = 5
503 | ; Indicates the instruction belongs to the SSE2 set.
504 | #DISTORM_ISC_SSE2 = 6
505 | ; Indicates the instruction belongs to the SSE3 set.
506 | #DISTORM_ISC_SSE3 = 7
507 | ; Indicates the instruction belongs to the SSSE3 set.
508 | #DISTORM_ISC_SSSE3 = 8
509 | ; Indicates the instruction belongs to the SSE4.1 set.
510 | #DISTORM_ISC_SSE4_1 = 9
511 | ; Indicates the instruction belongs to the SSE4.2 set.
512 | #DISTORM_ISC_SSE4_2 = 10
513 | ; Indicates the instruction belongs to the AMD's SSE4.A set.
514 | #DISTORM_ISC_SSE4_A = 11
515 | ; Indicates the instruction belongs to the 3DNow! set.
516 | #DISTORM_ISC_3DNOW = 12
517 | ; Indicates the instruction belongs to the 3DNow! Extensions set.
518 | #DISTORM_ISC_3DNOWEXT = 13
519 | ; Indicates the instruction belongs to the VMX (Intel) set.
520 | #DISTORM_ISC_VMX = 14
521 | ; Indicates the instruction belongs to the SVM (AMD) set.
522 | #DISTORM_ISC_SVM = 15
523 | ; Indicates the instruction belongs to the AVX (Intel) set.
524 | #DISTORM_ISC_AVX = 16
525 | ; Indicates the instruction belongs to the FMA (Intel) set.
526 | #DISTORM_ISC_FMA = 17
527 | ; Indicates the instruction belongs to the AES/AVX (Intel) set.
528 | #DISTORM_ISC_AES = 18
529 | ; Indicates the instruction belongs to the CLMUL (Intel) set.
530 | #DISTORM_ISC_CLMUL = 19
531 |
532 |
533 | ; Features for decompose:
534 |
535 | #DISTORM_DF_NONE = 0
536 | ; The decoder will limit addresses to a maximum of 16 bits.
537 | #DISTORM_DF_MAXIMUM_ADDR16 = 1
538 | ; The decoder will limit addresses to a maximum of 32 bits.
539 | #DISTORM_DF_MAXIMUM_ADDR32 = 2
540 | ; The decoder will return only flow control instructions (and filter the others internally).
541 | #DISTORM_DF_RETURN_FC_ONLY = 4
542 | ; The decoder will stop and return to the caller when the instruction 'CALL' (near and far) was decoded.
543 | #DISTORM_DF_STOP_ON_CALL = 8
544 | ; The decoder will stop and return to the caller when the instruction 'RET' (near and far) was decoded.
545 | #DISTORM_DF_STOP_ON_RET = $10
546 | ; The decoder will stop and return to the caller when the instruction system-call/ret was decoded.
547 | #DISTORM_DF_STOP_ON_SYS = $20
548 | ; The decoder will stop and return to the caller when any of the branch 'JMP', (near and far) instructions were decoded.
549 | #DISTORM_DF_STOP_ON_UNC_BRANCH = $40
550 | ; The decoder will stop and return to the caller when any of the conditional branch instruction were decoded.
551 | #DISTORM_DF_STOP_ON_CND_BRANCH = $80
552 | ; The decoder will stop and return to the caller when the instruction 'INT' (INT, INT1, INTO, INT 3) was decoded.
553 | #DISTORM_DF_STOP_ON_INT = $100
554 | ; The decoder will stop and return to the caller when any of the 'CMOVxx' instruction was decoded.
555 | #DISTORM_DF_STOP_ON_CMOV = $200
556 | ; The decoder will stop and return to the caller when any flow control instruction was decoded.
557 | #DISTORM_DF_STOP_ON_FLOW_CONTROL = #DISTORM_DF_STOP_ON_CALL | #DISTORM_DF_STOP_ON_RET | #DISTORM_DF_STOP_ON_SYS | #DISTORM_DF_STOP_ON_UNC_BRANCH | #DISTORM_DF_STOP_ON_CND_BRANCH | #DISTORM_DF_STOP_ON_INT | #DISTORM_DF_STOP_ON_CMOV
558 |
559 |
560 | ; Indicates the instruction is Not a flow-control instruction.
561 | #DISTORM_FC_NONE = 0
562 | ; Indicates the instruction is one of: CALL, CALL FAR.
563 | #DISTORM_FC_CALL = 1
564 | ; Indicates the instruction is one of: RET, IRET, RETF.
565 | #DISTORM_FC_RET = 2
566 | ; Indicates the instruction is one of: SYSCALL, SYSRET, SYSENTER, SYSEXIT.
567 | #DISTORM_FC_SYS = 3
568 | ; Indicates the instruction is one of: JMP, JMP FAR.
569 | #DISTORM_FC_UNC_BRANCH = 4
570 |
571 | ; Indicates the instruction is one of:
572 | ; JCXZ, JO, JNO, JB, JAE, JZ, JNZ, JBE, JA, JS, JNS, JP, JNP, JL, JGE, JLE, JG, LOOP, LOOPZ, LOOPNZ.
573 |
574 | #DISTORM_FC_CND_BRANCH = 5
575 | ; Indiciates the instruction is one of: INT, INT1, INT 3, INTO, UD2.
576 | #DISTORM_FC_INT = 6
577 | ; Indicates the instruction is one of: CMOVxx.
578 | #DISTORM_FC_CMOV = 7
579 |
580 |
581 | ; _DecodeResult
582 | Enumeration
583 | #DISTORM_DECRES_NONE
584 | #DISTORM_DECRES_SUCCESS
585 | #DISTORM_DECRES_MEMORYERR
586 | #DISTORM_DECRES_INPUTERR
587 | #DISTORM_DECRES_FILTERED
588 | EndEnumeration
589 |
590 |
591 | ;- =====================================
592 | ;- LIB IMPORTS
593 | ;- =====================================
594 |
595 | ; Return code of the decoding function.
596 |
597 |
598 |
599 | CompilerIf Defined(DISTORM_LIB_PATH, #PB_Constant) = 0
600 | #DISTORM_LIB_PATH = #PB_Compiler_FilePath + "..\distorm-master\"
601 | CompilerEndIf
602 |
603 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
604 | #DISTORM_LIB_FULLPATH = #DISTORM_LIB_PATH + "distorm_x86.lib"
605 | CompilerElse
606 | #DISTORM_LIB_FULLPATH = #DISTORM_LIB_PATH + "distorm_amd64.lib"
607 | CompilerEndIf
608 |
609 | ; distorm_decode
610 | ; * Input:
611 | ; * offset - Origin of the given code (virtual address that is), Not an offset in code.
612 | ; * code - Pointer To the code buffer To be disassembled.
613 | ; * length - Amount of bytes that should be decoded from the code buffer.
614 | ; * dt - Decoding mode, 16 bits (Decode16Bits), 32 bits (Decode32Bits) Or AMD64 (Decode64Bits).
615 | ; * result - Array of type _DecodeInst which will be used by this function in order To Return the disassembled instructions.
616 | ; * maxInstructions - The maximum number of entries in the result Array that you pass To this function, so it won't exceed its bound.
617 | ; * usedInstructionsCount - Number of the instruction that successfully were disassembled And written To the result Array.
618 | ; * Output: usedInstructionsCount will hold the number of entries used in the result Array
619 | ; * And the result Array itself will be filled With the disassembled instructions.
620 | ; * Return: DECRES_SUCCESS on success (no more To disassemble), DECRES_INPUTERR on input error (null code buffer, invalid decoding mode, etc...),
621 | ; * DECRES_MEMORYERR when there are Not enough entries To use in the result Array, BUT YOU STILL have To check For usedInstructionsCount!
622 | ; * Side-Effects: Even If the Return code is DECRES_MEMORYERR, there might STILL be Data in the
623 | ; * Array you passed, this function will try To use As much entries As possible!
624 | ; * Notes: 1)The minimal size of maxInstructions is 15.
625 | ; * 2)You will have To synchronize the offset,code And length by yourself If you pass code fragments And Not a complete code block!
626 |
627 | ; distorm_decompose
628 | ; * There is lots of documentation about diStorm at https://code.google.com/p/distorm/wiki
629 | ; *
630 | ; * Please Read https://code.google.com/p/distorm/wiki/DecomposeInterface
631 | ; *
632 | ; * And also see https://code.google.com/p/distorm/wiki/TipsnTricks
633 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
634 | ImportC #DISTORM_LIB_FULLPATH
635 | CompilerElse
636 | Import #DISTORM_LIB_FULLPATH
637 | CompilerEndIf
638 | distorm_decompose64.l(*ci._DISTORM_CodeInfo, *result._DISTORM_DInst, maxInstructions.l, *usedInstructionsCount.LONG)
639 |
640 | distorm_decode64.l(codeOffset.q, *code, codeLen.l, dt.l, *result._DISTORM_DecodedInst, maxInstructions.l, *usedInstructionsCount.LONG)
641 |
642 | distorm_format64(*ci._DISTORM_CodeInfo, *di._DISTORM_DInst, *result._DISTORM_DecodedInst)
643 |
644 | ; * distorm_version
645 | ; * Input:
646 | ; * none
647 | ; *
648 | ; * Output: unsigned int - version of compiled library.
649 |
650 | distorm_version.l()
651 | EndImport
652 |
653 |
654 |
655 |
656 |
657 |
658 | ;- =====================================
659 | ;- Mnemonics
660 | ;- =====================================
661 |
662 | Structure _DISTORM_WMnemonic Align #PB_Structure_AlignC
663 | length.a
664 | p.a[1] ; p is a null terminated string, which contains 'length' characters.
665 | EndStructure
666 |
667 | Structure _DISTORM_WMnemonic_array Align #PB_Structure_AlignC
668 | WMnemonic._DISTORM_WMnemonic[0]
669 | EndStructure
670 |
671 | Structure _DISTORM_WRegister Align #PB_Structure_AlignC
672 | length.l
673 | p.a[6] ; p is a null terminated string.
674 | EndStructure
675 |
676 | Structure _DISTORM_WRegister_array Align #PB_Structure_AlignC
677 | WRegister._DISTORM_WRegister[0]
678 | EndStructure
679 |
680 |
681 |
682 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
683 | ImportC #DISTORM_LIB_FULLPATH
684 | CompilerElse
685 | Import #DISTORM_LIB_FULLPATH
686 | CompilerEndIf
687 |
688 | ; extern const unsigned char _MNEMONICS[];
689 | _MNEMONICS()
690 | ; extern const _WRegister _REGISTERS[];
691 | _REGISTERS()
692 | EndImport
693 |
694 |
695 | Macro DISTORM_M_GET_REGISTER_NAME(__R__)
696 | PeekS(@_REGISTERS() + __R__ * SizeOf(_DISTORM_WRegister) + OffsetOf(_DISTORM_WRegister\p), -1, #PB_Ascii)
697 | EndMacro
698 |
699 | ;Macro DISTORM_M_GET_MNEMONIC_NAME(__M__)
700 | ;PeekS(@_MNEMONICS() + __M__ * SizeOf(_DISTORM_WMnemonic) + OffsetOf(_DISTORM_WMnemonic\p), -1, #PB_Ascii)
701 |
702 | ;PeekS(@_MNEMONICS() + __M__ * SizeOf(_DISTORM_WMnemonic) + OffsetOf(_DISTORM_WMnemonic\p), -1, #PB_Ascii)
703 | ;EndMacro
704 |
705 |
706 |
707 | ; _InstructionType
708 |
709 | Enumeration
710 | #DISTORM_I_UNDEFINED = 0
711 | #DISTORM_I_AAA = 66
712 | #DISTORM_I_AAD = 389
713 | #DISTORM_I_AAM = 384
714 | #DISTORM_I_AAS = 76
715 | #DISTORM_I_ADC = 31
716 | #DISTORM_I_ADD = 11
717 | #DISTORM_I_ADDPD = 3110
718 | #DISTORM_I_ADDPS = 3103
719 | #DISTORM_I_ADDSD = 3124
720 | #DISTORM_I_ADDSS = 3117
721 | #DISTORM_I_ADDSUBPD = 6394
722 | #DISTORM_I_ADDSUBPS = 6404
723 | #DISTORM_I_AESDEC = 9209
724 | #DISTORM_I_AESDECLAST = 9226
725 | #DISTORM_I_AESENC = 9167
726 | #DISTORM_I_AESENCLAST = 9184
727 | #DISTORM_I_AESIMC = 9150
728 | #DISTORM_I_AESKEYGENASSIST = 9795
729 | #DISTORM_I_AND = 41
730 | #DISTORM_I_ANDNPD = 3021
731 | #DISTORM_I_ANDNPS = 3013
732 | #DISTORM_I_ANDPD = 2990
733 | #DISTORM_I_ANDPS = 2983
734 | #DISTORM_I_ARPL = 111
735 | #DISTORM_I_BLENDPD = 9372
736 | #DISTORM_I_BLENDPS = 9353
737 | #DISTORM_I_BLENDVPD = 7619
738 | #DISTORM_I_BLENDVPS = 7609
739 | #DISTORM_I_BOUND = 104
740 | #DISTORM_I_BSF = 4346
741 | #DISTORM_I_BSR = 4358
742 | #DISTORM_I_BSWAP = 960
743 | #DISTORM_I_BT = 872
744 | #DISTORM_I_BTC = 934
745 | #DISTORM_I_BTR = 912
746 | #DISTORM_I_BTS = 887
747 | #DISTORM_I_CALL = 456
748 | #DISTORM_I_CALL_FAR = 260
749 | #DISTORM_I_CBW = 228
750 | #DISTORM_I_CDQ = 250
751 | #DISTORM_I_CDQE = 239
752 | #DISTORM_I_CLC = 492
753 | #DISTORM_I_CLD = 512
754 | #DISTORM_I_CLFLUSH = 4329
755 | #DISTORM_I_CLGI = 1833
756 | #DISTORM_I_CLI = 502
757 | #DISTORM_I_CLTS = 541
758 | #DISTORM_I_CMC = 487
759 | #DISTORM_I_CMOVA = 694
760 | #DISTORM_I_CMOVAE = 663
761 | #DISTORM_I_CMOVB = 656
762 | #DISTORM_I_CMOVBE = 686
763 | #DISTORM_I_CMOVG = 754
764 | #DISTORM_I_CMOVGE = 738
765 | #DISTORM_I_CMOVL = 731
766 | #DISTORM_I_CMOVLE = 746
767 | #DISTORM_I_CMOVNO = 648
768 | #DISTORM_I_CMOVNP = 723
769 | #DISTORM_I_CMOVNS = 708
770 | #DISTORM_I_CMOVNZ = 678
771 | #DISTORM_I_CMOVO = 641
772 | #DISTORM_I_CMOVP = 716
773 | #DISTORM_I_CMOVS = 701
774 | #DISTORM_I_CMOVZ = 671
775 | #DISTORM_I_CMP = 71
776 | #DISTORM_I_CMPEQPD = 4449
777 | #DISTORM_I_CMPEQPS = 4370
778 | #DISTORM_I_CMPEQSD = 4607
779 | #DISTORM_I_CMPEQSS = 4528
780 | #DISTORM_I_CMPLEPD = 4467
781 | #DISTORM_I_CMPLEPS = 4388
782 | #DISTORM_I_CMPLESD = 4625
783 | #DISTORM_I_CMPLESS = 4546
784 | #DISTORM_I_CMPLTPD = 4458
785 | #DISTORM_I_CMPLTPS = 4379
786 | #DISTORM_I_CMPLTSD = 4616
787 | #DISTORM_I_CMPLTSS = 4537
788 | #DISTORM_I_CMPNEQPD = 4488
789 | #DISTORM_I_CMPNEQPS = 4409
790 | #DISTORM_I_CMPNEQSD = 4646
791 | #DISTORM_I_CMPNEQSS = 4567
792 | #DISTORM_I_CMPNLEPD = 4508
793 | #DISTORM_I_CMPNLEPS = 4429
794 | #DISTORM_I_CMPNLESD = 4666
795 | #DISTORM_I_CMPNLESS = 4587
796 | #DISTORM_I_CMPNLTPD = 4498
797 | #DISTORM_I_CMPNLTPS = 4419
798 | #DISTORM_I_CMPNLTSD = 4656
799 | #DISTORM_I_CMPNLTSS = 4577
800 | #DISTORM_I_CMPORDPD = 4518
801 | #DISTORM_I_CMPORDPS = 4439
802 | #DISTORM_I_CMPORDSD = 4676
803 | #DISTORM_I_CMPORDSS = 4597
804 | #DISTORM_I_CMPS = 301
805 | #DISTORM_I_CMPUNORDPD = 4476
806 | #DISTORM_I_CMPUNORDPS = 4397
807 | #DISTORM_I_CMPUNORDSD = 4634
808 | #DISTORM_I_CMPUNORDSS = 4555
809 | #DISTORM_I_CMPXCHG = 898
810 | #DISTORM_I_CMPXCHG16B = 6373
811 | #DISTORM_I_CMPXCHG8B = 6362
812 | #DISTORM_I_COMISD = 2779
813 | #DISTORM_I_COMISS = 2771
814 | #DISTORM_I_CPUID = 865
815 | #DISTORM_I_CQO = 255
816 | #DISTORM_I_CRC32 = 9258
817 | #DISTORM_I_CVTDQ2PD = 6787
818 | #DISTORM_I_CVTDQ2PS = 3307
819 | #DISTORM_I_CVTPD2DQ = 6797
820 | #DISTORM_I_CVTPD2PI = 2681
821 | #DISTORM_I_CVTPD2PS = 3233
822 | #DISTORM_I_CVTPH2PS = 4161
823 | #DISTORM_I_CVTPI2PD = 2495
824 | #DISTORM_I_CVTPI2PS = 2485
825 | #DISTORM_I_CVTPS2DQ = 3317
826 | #DISTORM_I_CVTPS2PD = 3223
827 | #DISTORM_I_CVTPS2PH = 4171
828 | #DISTORM_I_CVTPS2PI = 2671
829 | #DISTORM_I_CVTSD2SI = 2701
830 | #DISTORM_I_CVTSD2SS = 3253
831 | #DISTORM_I_CVTSI2SD = 2515
832 | #DISTORM_I_CVTSI2SS = 2505
833 | #DISTORM_I_CVTSS2SD = 3243
834 | #DISTORM_I_CVTSS2SI = 2691
835 | #DISTORM_I_CVTTPD2DQ = 6776
836 | #DISTORM_I_CVTTPD2PI = 2614
837 | #DISTORM_I_CVTTPS2DQ = 3327
838 | #DISTORM_I_CVTTPS2PI = 2603
839 | #DISTORM_I_CVTTSD2SI = 2636
840 | #DISTORM_I_CVTTSS2SI = 2625
841 | #DISTORM_I_CWD = 245
842 | #DISTORM_I_CWDE = 233
843 | #DISTORM_I_DAA = 46
844 | #DISTORM_I_DAS = 56
845 | #DISTORM_I_DEC = 86
846 | #DISTORM_I_DIV = 1630
847 | #DISTORM_I_DIVPD = 3499
848 | #DISTORM_I_DIVPS = 3492
849 | #DISTORM_I_DIVSD = 3513
850 | #DISTORM_I_DIVSS = 3506
851 | #DISTORM_I_DPPD = 9615
852 | #DISTORM_I_DPPS = 9602
853 | #DISTORM_I_EMMS = 4100
854 | #DISTORM_I_ENTER = 340
855 | #DISTORM_I_EXTRACTPS = 9480
856 | #DISTORM_I_EXTRQ = 4136
857 | #DISTORM_I_F2XM1 = 1176
858 | #DISTORM_I_FABS = 1107
859 | #DISTORM_I_FADD = 1007
860 | #DISTORM_I_FADDP = 1533
861 | #DISTORM_I_FBLD = 1585
862 | #DISTORM_I_FBSTP = 1591
863 | #DISTORM_I_FCHS = 1101
864 | #DISTORM_I_FCLEX = 7289
865 | #DISTORM_I_FCMOVB = 1360
866 | #DISTORM_I_FCMOVBE = 1376
867 | #DISTORM_I_FCMOVE = 1368
868 | #DISTORM_I_FCMOVNB = 1429
869 | #DISTORM_I_FCMOVNBE = 1447
870 | #DISTORM_I_FCMOVNE = 1438
871 | #DISTORM_I_FCMOVNU = 1457
872 | #DISTORM_I_FCMOVU = 1385
873 | #DISTORM_I_FCOM = 1019
874 | #DISTORM_I_FCOMI = 1496
875 | #DISTORM_I_FCOMIP = 1607
876 | #DISTORM_I_FCOMP = 1025
877 | #DISTORM_I_FCOMPP = 1547
878 | #DISTORM_I_FCOS = 1295
879 | #DISTORM_I_FDECSTP = 1222
880 | #DISTORM_I_FDIV = 1045
881 | #DISTORM_I_FDIVP = 1578
882 | #DISTORM_I_FDIVR = 1051
883 | #DISTORM_I_FDIVRP = 1570
884 | #DISTORM_I_FEDISI = 1472
885 | #DISTORM_I_FEMMS = 574
886 | #DISTORM_I_FENI = 1466
887 | #DISTORM_I_FFREE = 1511
888 | #DISTORM_I_FIADD = 1301
889 | #DISTORM_I_FICOM = 1315
890 | #DISTORM_I_FICOMP = 1322
891 | #DISTORM_I_FIDIV = 1345
892 | #DISTORM_I_FIDIVR = 1352
893 | #DISTORM_I_FILD = 1402
894 | #DISTORM_I_FIMUL = 1308
895 | #DISTORM_I_FINCSTP = 1231
896 | #DISTORM_I_FINIT = 7304
897 | #DISTORM_I_FIST = 1416
898 | #DISTORM_I_FISTP = 1422
899 | #DISTORM_I_FISTTP = 1408
900 | #DISTORM_I_FISUB = 1330
901 | #DISTORM_I_FISUBR = 1337
902 | #DISTORM_I_FLD = 1058
903 | #DISTORM_I_FLD1 = 1125
904 | #DISTORM_I_FLDCW = 1082
905 | #DISTORM_I_FLDENV = 1074
906 | #DISTORM_I_FLDL2E = 1139
907 | #DISTORM_I_FLDL2T = 1131
908 | #DISTORM_I_FLDLG2 = 1154
909 | #DISTORM_I_FLDLN2 = 1162
910 | #DISTORM_I_FLDPI = 1147
911 | #DISTORM_I_FLDZ = 1170
912 | #DISTORM_I_FMUL = 1013
913 | #DISTORM_I_FMULP = 1540
914 | #DISTORM_I_FNCLEX = 7281
915 | #DISTORM_I_FNINIT = 7296
916 | #DISTORM_I_FNOP = 1095
917 | #DISTORM_I_FNSAVE = 7311
918 | #DISTORM_I_FNSTCW = 7266
919 | #DISTORM_I_FNSTENV = 7249
920 | #DISTORM_I_FNSTSW = 7326
921 | #DISTORM_I_FPATAN = 1197
922 | #DISTORM_I_FPREM = 1240
923 | #DISTORM_I_FPREM1 = 1214
924 | #DISTORM_I_FPTAN = 1190
925 | #DISTORM_I_FRNDINT = 1272
926 | #DISTORM_I_FRSTOR = 1503
927 | #DISTORM_I_FSAVE = 7319
928 | #DISTORM_I_FSCALE = 1281
929 | #DISTORM_I_FSETPM = 1480
930 | #DISTORM_I_FSIN = 1289
931 | #DISTORM_I_FSINCOS = 1263
932 | #DISTORM_I_FSQRT = 1256
933 | #DISTORM_I_FST = 1063
934 | #DISTORM_I_FSTCW = 7274
935 | #DISTORM_I_FSTENV = 7258
936 | #DISTORM_I_FSTP = 1068
937 | #DISTORM_I_FSTSW = 7334
938 | #DISTORM_I_FSUB = 1032
939 | #DISTORM_I_FSUBP = 1563
940 | #DISTORM_I_FSUBR = 1038
941 | #DISTORM_I_FSUBRP = 1555
942 | #DISTORM_I_FTST = 1113
943 | #DISTORM_I_FUCOM = 1518
944 | #DISTORM_I_FUCOMI = 1488
945 | #DISTORM_I_FUCOMIP = 1598
946 | #DISTORM_I_FUCOMP = 1525
947 | #DISTORM_I_FUCOMPP = 1393
948 | #DISTORM_I_FXAM = 1119
949 | #DISTORM_I_FXCH = 1089
950 | #DISTORM_I_FXRSTOR = 9892
951 | #DISTORM_I_FXRSTOR64 = 9901
952 | #DISTORM_I_FXSAVE = 9864
953 | #DISTORM_I_FXSAVE64 = 9872
954 | #DISTORM_I_FXTRACT = 1205
955 | #DISTORM_I_FYL2X = 1183
956 | #DISTORM_I_FYL2XP1 = 1247
957 | #DISTORM_I_GETSEC = 633
958 | #DISTORM_I_HADDPD = 4181
959 | #DISTORM_I_HADDPS = 4189
960 | #DISTORM_I_HLT = 482
961 | #DISTORM_I_HSUBPD = 4215
962 | #DISTORM_I_HSUBPS = 4223
963 | #DISTORM_I_IDIV = 1635
964 | #DISTORM_I_IMUL = 117
965 | #DISTORM_I_IN = 447
966 | #DISTORM_I_INC = 81
967 | #DISTORM_I_INS = 123
968 | #DISTORM_I_INSERTPS = 9547
969 | #DISTORM_I_INSERTQ = 4143
970 | #DISTORM_I_INT = 367
971 | #DISTORM_I_INT_3 = 360
972 | #DISTORM_I_INT1 = 476
973 | #DISTORM_I_INTO = 372
974 | #DISTORM_I_INVD = 555
975 | #DISTORM_I_INVEPT = 8284
976 | #DISTORM_I_INVLPG = 1711
977 | #DISTORM_I_INVLPGA = 1847
978 | #DISTORM_I_INVPCID = 8301
979 | #DISTORM_I_INVVPID = 8292
980 | #DISTORM_I_IRET = 378
981 | #DISTORM_I_JA = 166
982 | #DISTORM_I_JAE = 147
983 | #DISTORM_I_JB = 143
984 | #DISTORM_I_JBE = 161
985 | #DISTORM_I_JCXZ = 427
986 | #DISTORM_I_JECXZ = 433
987 | #DISTORM_I_JG = 202
988 | #DISTORM_I_JGE = 192
989 | #DISTORM_I_JL = 188
990 | #DISTORM_I_JLE = 197
991 | #DISTORM_I_JMP = 462
992 | #DISTORM_I_JMP_FAR = 467
993 | #DISTORM_I_JNO = 138
994 | #DISTORM_I_JNP = 183
995 | #DISTORM_I_JNS = 174
996 | #DISTORM_I_JNZ = 156
997 | #DISTORM_I_JO = 134
998 | #DISTORM_I_JP = 179
999 | #DISTORM_I_JRCXZ = 440
1000 | #DISTORM_I_JS = 170
1001 | #DISTORM_I_JZ = 152
1002 | #DISTORM_I_LAHF = 289
1003 | #DISTORM_I_LAR = 522
1004 | #DISTORM_I_LDDQU = 6994
1005 | #DISTORM_I_LDMXCSR = 9922
1006 | #DISTORM_I_LDS = 335
1007 | #DISTORM_I_LEA = 223
1008 | #DISTORM_I_LEAVE = 347
1009 | #DISTORM_I_LES = 330
1010 | #DISTORM_I_LFENCE = 4265
1011 | #DISTORM_I_LFS = 917
1012 | #DISTORM_I_LGDT = 1687
1013 | #DISTORM_I_LGS = 922
1014 | #DISTORM_I_LIDT = 1693
1015 | #DISTORM_I_LLDT = 1652
1016 | #DISTORM_I_LMSW = 1705
1017 | #DISTORM_I_LODS = 313
1018 | #DISTORM_I_LOOP = 421
1019 | #DISTORM_I_LOOPNZ = 406
1020 | #DISTORM_I_LOOPZ = 414
1021 | #DISTORM_I_LSL = 527
1022 | #DISTORM_I_LSS = 907
1023 | #DISTORM_I_LTR = 1658
1024 | #DISTORM_I_LZCNT = 4363
1025 | #DISTORM_I_MASKMOVDQU = 7119
1026 | #DISTORM_I_MASKMOVQ = 7109
1027 | #DISTORM_I_MAXPD = 3559
1028 | #DISTORM_I_MAXPS = 3552
1029 | #DISTORM_I_MAXSD = 3573
1030 | #DISTORM_I_MAXSS = 3566
1031 | #DISTORM_I_MFENCE = 4291
1032 | #DISTORM_I_MINPD = 3439
1033 | #DISTORM_I_MINPS = 3432
1034 | #DISTORM_I_MINSD = 3453
1035 | #DISTORM_I_MINSS = 3446
1036 | #DISTORM_I_MONITOR = 1755
1037 | #DISTORM_I_MOV = 218
1038 | #DISTORM_I_MOVAPD = 2459
1039 | #DISTORM_I_MOVAPS = 2451
1040 | #DISTORM_I_MOVBE = 9251
1041 | #DISTORM_I_MOVD = 3920
1042 | #DISTORM_I_MOVDDUP = 2186
1043 | #DISTORM_I_MOVDQ2Q = 6522
1044 | #DISTORM_I_MOVDQA = 3946
1045 | #DISTORM_I_MOVDQU = 3954
1046 | #DISTORM_I_MOVHLPS = 2151
1047 | #DISTORM_I_MOVHPD = 2345
1048 | #DISTORM_I_MOVHPS = 2337
1049 | #DISTORM_I_MOVLHPS = 2328
1050 | #DISTORM_I_MOVLPD = 2168
1051 | #DISTORM_I_MOVLPS = 2160
1052 | #DISTORM_I_MOVMSKPD = 2815
1053 | #DISTORM_I_MOVMSKPS = 2805
1054 | #DISTORM_I_MOVNTDQ = 6849
1055 | #DISTORM_I_MOVNTDQA = 7895
1056 | #DISTORM_I_MOVNTI = 952
1057 | #DISTORM_I_MOVNTPD = 2556
1058 | #DISTORM_I_MOVNTPS = 2547
1059 | #DISTORM_I_MOVNTQ = 6841
1060 | #DISTORM_I_MOVNTSD = 2574
1061 | #DISTORM_I_MOVNTSS = 2565
1062 | #DISTORM_I_MOVQ = 3926
1063 | #DISTORM_I_MOVQ2DQ = 6513
1064 | #DISTORM_I_MOVS = 295
1065 | #DISTORM_I_MOVSD = 2110
1066 | #DISTORM_I_MOVSHDUP = 2353
1067 | #DISTORM_I_MOVSLDUP = 2176
1068 | #DISTORM_I_MOVSS = 2103
1069 | #DISTORM_I_MOVSX = 939
1070 | #DISTORM_I_MOVSXD = 10005
1071 | #DISTORM_I_MOVUPD = 2095
1072 | #DISTORM_I_MOVUPS = 2087
1073 | #DISTORM_I_MOVZX = 927
1074 | #DISTORM_I_MPSADBW = 9628
1075 | #DISTORM_I_MUL = 1625
1076 | #DISTORM_I_MULPD = 3170
1077 | #DISTORM_I_MULPS = 3163
1078 | #DISTORM_I_MULSD = 3184
1079 | #DISTORM_I_MULSS = 3177
1080 | #DISTORM_I_MWAIT = 1764
1081 | #DISTORM_I_NEG = 1620
1082 | #DISTORM_I_NOP = 581
1083 | #DISTORM_I_NOT = 1615
1084 | #DISTORM_I_OR = 27
1085 | #DISTORM_I_ORPD = 3053
1086 | #DISTORM_I_ORPS = 3047
1087 | #DISTORM_I_OUT = 451
1088 | #DISTORM_I_OUTS = 128
1089 | #DISTORM_I_PABSB = 7688
1090 | #DISTORM_I_PABSD = 7718
1091 | #DISTORM_I_PABSW = 7703
1092 | #DISTORM_I_PACKSSDW = 3849
1093 | #DISTORM_I_PACKSSWB = 3681
1094 | #DISTORM_I_PACKUSDW = 7916
1095 | #DISTORM_I_PACKUSWB = 3759
1096 | #DISTORM_I_PADDB = 7204
1097 | #DISTORM_I_PADDD = 7234
1098 | #DISTORM_I_PADDQ = 6481
1099 | #DISTORM_I_PADDSB = 6930
1100 | #DISTORM_I_PADDSW = 6947
1101 | #DISTORM_I_PADDUSB = 6620
1102 | #DISTORM_I_PADDUSW = 6639
1103 | #DISTORM_I_PADDW = 7219
1104 | #DISTORM_I_PALIGNR = 9410
1105 | #DISTORM_I_PAND = 6607
1106 | #DISTORM_I_PANDN = 6665
1107 | #DISTORM_I_PAUSE = 10013
1108 | #DISTORM_I_PAVGB = 6680
1109 | #DISTORM_I_PAVGUSB = 2078
1110 | #DISTORM_I_PAVGW = 6725
1111 | #DISTORM_I_PBLENDVB = 7599
1112 | #DISTORM_I_PBLENDW = 9391
1113 | #DISTORM_I_PCLMULQDQ = 9647
1114 | #DISTORM_I_PCMPEQB = 4043
1115 | #DISTORM_I_PCMPEQD = 4081
1116 | #DISTORM_I_PCMPEQQ = 7876
1117 | #DISTORM_I_PCMPEQW = 4062
1118 | #DISTORM_I_PCMPESTRI = 9726
1119 | #DISTORM_I_PCMPESTRM = 9703
1120 | #DISTORM_I_PCMPGTB = 3702
1121 | #DISTORM_I_PCMPGTD = 3740
1122 | #DISTORM_I_PCMPGTQ = 8087
1123 | #DISTORM_I_PCMPGTW = 3721
1124 | #DISTORM_I_PCMPISTRI = 9772
1125 | #DISTORM_I_PCMPISTRM = 9749
1126 | #DISTORM_I_PEXTRB = 9429
1127 | #DISTORM_I_PEXTRD = 9446
1128 | #DISTORM_I_PEXTRQ = 9454
1129 | #DISTORM_I_PEXTRW = 6311
1130 | #DISTORM_I_PF2ID = 1914
1131 | #DISTORM_I_PF2IW = 1907
1132 | #DISTORM_I_PFACC = 2028
1133 | #DISTORM_I_PFADD = 1977
1134 | #DISTORM_I_PFCMPEQ = 2035
1135 | #DISTORM_I_PFCMPGE = 1938
1136 | #DISTORM_I_PFCMPGT = 1984
1137 | #DISTORM_I_PFMAX = 1993
1138 | #DISTORM_I_PFMIN = 1947
1139 | #DISTORM_I_PFMUL = 2044
1140 | #DISTORM_I_PFNACC = 1921
1141 | #DISTORM_I_PFPNACC = 1929
1142 | #DISTORM_I_PFRCP = 1954
1143 | #DISTORM_I_PFRCPIT1 = 2000
1144 | #DISTORM_I_PFRCPIT2 = 2051
1145 | #DISTORM_I_PFRSQIT1 = 2010
1146 | #DISTORM_I_PFRSQRT = 1961
1147 | #DISTORM_I_PFSUB = 1970
1148 | #DISTORM_I_PFSUBR = 2020
1149 | #DISTORM_I_PHADDD = 7375
1150 | #DISTORM_I_PHADDSW = 7392
1151 | #DISTORM_I_PHADDW = 7358
1152 | #DISTORM_I_PHMINPOSUW = 8259
1153 | #DISTORM_I_PHSUBD = 7451
1154 | #DISTORM_I_PHSUBSW = 7468
1155 | #DISTORM_I_PHSUBW = 7434
1156 | #DISTORM_I_PI2FD = 1900
1157 | #DISTORM_I_PI2FW = 1893
1158 | #DISTORM_I_PINSRB = 9530
1159 | #DISTORM_I_PINSRD = 9568
1160 | #DISTORM_I_PINSRQ = 9576
1161 | #DISTORM_I_PINSRW = 6294
1162 | #DISTORM_I_PMADDUBSW = 7411
1163 | #DISTORM_I_PMADDWD = 7073
1164 | #DISTORM_I_PMAXSB = 8174
1165 | #DISTORM_I_PMAXSD = 8191
1166 | #DISTORM_I_PMAXSW = 6964
1167 | #DISTORM_I_PMAXUB = 6648
1168 | #DISTORM_I_PMAXUD = 8225
1169 | #DISTORM_I_PMAXUW = 8208
1170 | #DISTORM_I_PMINSB = 8106
1171 | #DISTORM_I_PMINSD = 8123
1172 | #DISTORM_I_PMINSW = 6902
1173 | #DISTORM_I_PMINUB = 6590
1174 | #DISTORM_I_PMINUD = 8157
1175 | #DISTORM_I_PMINUW = 8140
1176 | #DISTORM_I_PMOVMSKB = 6531
1177 | #DISTORM_I_PMOVSXBD = 7754
1178 | #DISTORM_I_PMOVSXBQ = 7775
1179 | #DISTORM_I_PMOVSXBW = 7733
1180 | #DISTORM_I_PMOVSXDQ = 7838
1181 | #DISTORM_I_PMOVSXWD = 7796
1182 | #DISTORM_I_PMOVSXWQ = 7817
1183 | #DISTORM_I_PMOVZXBD = 7982
1184 | #DISTORM_I_PMOVZXBQ = 8003
1185 | #DISTORM_I_PMOVZXBW = 7961
1186 | #DISTORM_I_PMOVZXDQ = 8066
1187 | #DISTORM_I_PMOVZXWD = 8024
1188 | #DISTORM_I_PMOVZXWQ = 8045
1189 | #DISTORM_I_PMULDQ = 7859
1190 | #DISTORM_I_PMULHRSW = 7538
1191 | #DISTORM_I_PMULHRW = 2061
1192 | #DISTORM_I_PMULHUW = 6740
1193 | #DISTORM_I_PMULHW = 6759
1194 | #DISTORM_I_PMULLD = 8242
1195 | #DISTORM_I_PMULLW = 6496
1196 | #DISTORM_I_PMULUDQ = 7054
1197 | #DISTORM_I_POP = 22
1198 | #DISTORM_I_POPA = 98
1199 | #DISTORM_I_POPCNT = 4338
1200 | #DISTORM_I_POPF = 277
1201 | #DISTORM_I_POR = 6919
1202 | #DISTORM_I_PREFETCH = 1872
1203 | #DISTORM_I_PREFETCHNTA = 2402
1204 | #DISTORM_I_PREFETCHT0 = 2415
1205 | #DISTORM_I_PREFETCHT1 = 2427
1206 | #DISTORM_I_PREFETCHT2 = 2439
1207 | #DISTORM_I_PREFETCHW = 1882
1208 | #DISTORM_I_PSADBW = 7092
1209 | #DISTORM_I_PSHUFB = 7341
1210 | #DISTORM_I_PSHUFD = 3988
1211 | #DISTORM_I_PSHUFHW = 3996
1212 | #DISTORM_I_PSHUFLW = 4005
1213 | #DISTORM_I_PSHUFW = 3980
1214 | #DISTORM_I_PSIGNB = 7487
1215 | #DISTORM_I_PSIGND = 7521
1216 | #DISTORM_I_PSIGNW = 7504
1217 | #DISTORM_I_PSLLD = 7024
1218 | #DISTORM_I_PSLLDQ = 9847
1219 | #DISTORM_I_PSLLQ = 7039
1220 | #DISTORM_I_PSLLW = 7009
1221 | #DISTORM_I_PSRAD = 6710
1222 | #DISTORM_I_PSRAW = 6695
1223 | #DISTORM_I_PSRLD = 6451
1224 | #DISTORM_I_PSRLDQ = 9830
1225 | #DISTORM_I_PSRLQ = 6466
1226 | #DISTORM_I_PSRLW = 6436
1227 | #DISTORM_I_PSUBB = 7144
1228 | #DISTORM_I_PSUBD = 7174
1229 | #DISTORM_I_PSUBQ = 7189
1230 | #DISTORM_I_PSUBSB = 6868
1231 | #DISTORM_I_PSUBSW = 6885
1232 | #DISTORM_I_PSUBUSB = 6552
1233 | #DISTORM_I_PSUBUSW = 6571
1234 | #DISTORM_I_PSUBW = 7159
1235 | #DISTORM_I_PSWAPD = 2070
1236 | #DISTORM_I_PTEST = 7629
1237 | #DISTORM_I_PUNPCKHBW = 3780
1238 | #DISTORM_I_PUNPCKHDQ = 3826
1239 | #DISTORM_I_PUNPCKHQDQ = 3895
1240 | #DISTORM_I_PUNPCKHWD = 3803
1241 | #DISTORM_I_PUNPCKLBW = 3612
1242 | #DISTORM_I_PUNPCKLDQ = 3658
1243 | #DISTORM_I_PUNPCKLQDQ = 3870
1244 | #DISTORM_I_PUNPCKLWD = 3635
1245 | #DISTORM_I_PUSH = 16
1246 | #DISTORM_I_PUSHA = 91
1247 | #DISTORM_I_PUSHF = 270
1248 | #DISTORM_I_PXOR = 6981
1249 | #DISTORM_I_RCL = 977
1250 | #DISTORM_I_RCPPS = 2953
1251 | #DISTORM_I_RCPSS = 2960
1252 | #DISTORM_I_RCR = 982
1253 | #DISTORM_I_RDFSBASE = 9882
1254 | #DISTORM_I_RDGSBASE = 9912
1255 | #DISTORM_I_RDMSR = 600
1256 | #DISTORM_I_RDPMC = 607
1257 | #DISTORM_I_RDRAND = 10026
1258 | #DISTORM_I_RDTSC = 593
1259 | #DISTORM_I_RDTSCP = 1864
1260 | #DISTORM_I_RET = 325
1261 | #DISTORM_I_RETF = 354
1262 | #DISTORM_I_ROL = 967
1263 | #DISTORM_I_ROR = 972
1264 | #DISTORM_I_ROUNDPD = 9296
1265 | #DISTORM_I_ROUNDPS = 9277
1266 | #DISTORM_I_ROUNDSD = 9334
1267 | #DISTORM_I_ROUNDSS = 9315
1268 | #DISTORM_I_RSM = 882
1269 | #DISTORM_I_RSQRTPS = 2915
1270 | #DISTORM_I_RSQRTSS = 2924
1271 | #DISTORM_I_SAHF = 283
1272 | #DISTORM_I_SAL = 997
1273 | #DISTORM_I_SALC = 394
1274 | #DISTORM_I_SAR = 1002
1275 | #DISTORM_I_SBB = 36
1276 | #DISTORM_I_SCAS = 319
1277 | #DISTORM_I_SETA = 807
1278 | #DISTORM_I_SETAE = 780
1279 | #DISTORM_I_SETB = 774
1280 | #DISTORM_I_SETBE = 800
1281 | #DISTORM_I_SETG = 859
1282 | #DISTORM_I_SETGE = 845
1283 | #DISTORM_I_SETL = 839
1284 | #DISTORM_I_SETLE = 852
1285 | #DISTORM_I_SETNO = 767
1286 | #DISTORM_I_SETNP = 832
1287 | #DISTORM_I_SETNS = 819
1288 | #DISTORM_I_SETNZ = 793
1289 | #DISTORM_I_SETO = 761
1290 | #DISTORM_I_SETP = 826
1291 | #DISTORM_I_SETS = 813
1292 | #DISTORM_I_SETZ = 787
1293 | #DISTORM_I_SFENCE = 4321
1294 | #DISTORM_I_SGDT = 1675
1295 | #DISTORM_I_SHL = 987
1296 | #DISTORM_I_SHLD = 876
1297 | #DISTORM_I_SHR = 992
1298 | #DISTORM_I_SHRD = 892
1299 | #DISTORM_I_SHUFPD = 6336
1300 | #DISTORM_I_SHUFPS = 6328
1301 | #DISTORM_I_SIDT = 1681
1302 | #DISTORM_I_SKINIT = 1839
1303 | #DISTORM_I_SLDT = 1641
1304 | #DISTORM_I_SMSW = 1699
1305 | #DISTORM_I_SQRTPD = 2855
1306 | #DISTORM_I_SQRTPS = 2847
1307 | #DISTORM_I_SQRTSD = 2871
1308 | #DISTORM_I_SQRTSS = 2863
1309 | #DISTORM_I_STC = 497
1310 | #DISTORM_I_STD = 517
1311 | #DISTORM_I_STGI = 1827
1312 | #DISTORM_I_STI = 507
1313 | #DISTORM_I_STMXCSR = 9951
1314 | #DISTORM_I_STOS = 307
1315 | #DISTORM_I_STR = 1647
1316 | #DISTORM_I_SUB = 51
1317 | #DISTORM_I_SUBPD = 3379
1318 | #DISTORM_I_SUBPS = 3372
1319 | #DISTORM_I_SUBSD = 3393
1320 | #DISTORM_I_SUBSS = 3386
1321 | #DISTORM_I_SWAPGS = 1856
1322 | #DISTORM_I_SYSCALL = 532
1323 | #DISTORM_I_SYSENTER = 614
1324 | #DISTORM_I_SYSEXIT = 624
1325 | #DISTORM_I_SYSRET = 547
1326 | #DISTORM_I_TEST = 206
1327 | #DISTORM_I_TZCNT = 4351
1328 | #DISTORM_I_UCOMISD = 2742
1329 | #DISTORM_I_UCOMISS = 2733
1330 | #DISTORM_I_UD2 = 569
1331 | #DISTORM_I_UNPCKHPD = 2296
1332 | #DISTORM_I_UNPCKHPS = 2286
1333 | #DISTORM_I_UNPCKLPD = 2254
1334 | #DISTORM_I_UNPCKLPS = 2244
1335 | #DISTORM_I_VADDPD = 3139
1336 | #DISTORM_I_VADDPS = 3131
1337 | #DISTORM_I_VADDSD = 3155
1338 | #DISTORM_I_VADDSS = 3147
1339 | #DISTORM_I_VADDSUBPD = 6414
1340 | #DISTORM_I_VADDSUBPS = 6425
1341 | #DISTORM_I_VAESDEC = 9217
1342 | #DISTORM_I_VAESDECLAST = 9238
1343 | #DISTORM_I_VAESENC = 9175
1344 | #DISTORM_I_VAESENCLAST = 9196
1345 | #DISTORM_I_VAESIMC = 9158
1346 | #DISTORM_I_VAESKEYGENASSIST = 9812
1347 | #DISTORM_I_VANDNPD = 3038
1348 | #DISTORM_I_VANDNPS = 3029
1349 | #DISTORM_I_VANDPD = 3005
1350 | #DISTORM_I_VANDPS = 2997
1351 | #DISTORM_I_VBLENDPD = 9381
1352 | #DISTORM_I_VBLENDPS = 9362
1353 | #DISTORM_I_VBLENDVPD = 9681
1354 | #DISTORM_I_VBLENDVPS = 9670
1355 | #DISTORM_I_VBROADCASTF128 = 7672
1356 | #DISTORM_I_VBROADCASTSD = 7658
1357 | #DISTORM_I_VBROADCASTSS = 7644
1358 | #DISTORM_I_VCMPEQPD = 5088
1359 | #DISTORM_I_VCMPEQPS = 4686
1360 | #DISTORM_I_VCMPEQSD = 5892
1361 | #DISTORM_I_VCMPEQSS = 5490
1362 | #DISTORM_I_VCMPEQ_OSPD = 5269
1363 | #DISTORM_I_VCMPEQ_OSPS = 4867
1364 | #DISTORM_I_VCMPEQ_OSSD = 6073
1365 | #DISTORM_I_VCMPEQ_OSSS = 5671
1366 | #DISTORM_I_VCMPEQ_UQPD = 5175
1367 | #DISTORM_I_VCMPEQ_UQPS = 4773
1368 | #DISTORM_I_VCMPEQ_UQSD = 5979
1369 | #DISTORM_I_VCMPEQ_UQSS = 5577
1370 | #DISTORM_I_VCMPEQ_USPD = 5378
1371 | #DISTORM_I_VCMPEQ_USPS = 4976
1372 | #DISTORM_I_VCMPEQ_USSD = 6182
1373 | #DISTORM_I_VCMPEQ_USSS = 5780
1374 | #DISTORM_I_VCMPFALSEPD = 5210
1375 | #DISTORM_I_VCMPFALSEPS = 4808
1376 | #DISTORM_I_VCMPFALSESD = 6014
1377 | #DISTORM_I_VCMPFALSESS = 5612
1378 | #DISTORM_I_VCMPFALSE_OSPD = 5419
1379 | #DISTORM_I_VCMPFALSE_OSPS = 5017
1380 | #DISTORM_I_VCMPFALSE_OSSD = 6223
1381 | #DISTORM_I_VCMPFALSE_OSSS = 5821
1382 | #DISTORM_I_VCMPGEPD = 5237
1383 | #DISTORM_I_VCMPGEPS = 4835
1384 | #DISTORM_I_VCMPGESD = 6041
1385 | #DISTORM_I_VCMPGESS = 5639
1386 | #DISTORM_I_VCMPGE_OQPD = 5449
1387 | #DISTORM_I_VCMPGE_OQPS = 5047
1388 | #DISTORM_I_VCMPGE_OQSD = 6253
1389 | #DISTORM_I_VCMPGE_OQSS = 5851
1390 | #DISTORM_I_VCMPGTPD = 5247
1391 | #DISTORM_I_VCMPGTPS = 4845
1392 | #DISTORM_I_VCMPGTSD = 6051
1393 | #DISTORM_I_VCMPGTSS = 5649
1394 | #DISTORM_I_VCMPGT_OQPD = 5462
1395 | #DISTORM_I_VCMPGT_OQPS = 5060
1396 | #DISTORM_I_VCMPGT_OQSD = 6266
1397 | #DISTORM_I_VCMPGT_OQSS = 5864
1398 | #DISTORM_I_VCMPLEPD = 5108
1399 | #DISTORM_I_VCMPLEPS = 4706
1400 | #DISTORM_I_VCMPLESD = 5912
1401 | #DISTORM_I_VCMPLESS = 5510
1402 | #DISTORM_I_VCMPLE_OQPD = 5295
1403 | #DISTORM_I_VCMPLE_OQPS = 4893
1404 | #DISTORM_I_VCMPLE_OQSD = 6099
1405 | #DISTORM_I_VCMPLE_OQSS = 5697
1406 | #DISTORM_I_VCMPLTPD = 5098
1407 | #DISTORM_I_VCMPLTPS = 4696
1408 | #DISTORM_I_VCMPLTSD = 5902
1409 | #DISTORM_I_VCMPLTSS = 5500
1410 | #DISTORM_I_VCMPLT_OQPD = 5282
1411 | #DISTORM_I_VCMPLT_OQPS = 4880
1412 | #DISTORM_I_VCMPLT_OQSD = 6086
1413 | #DISTORM_I_VCMPLT_OQSS = 5684
1414 | #DISTORM_I_VCMPNEQPD = 5131
1415 | #DISTORM_I_VCMPNEQPS = 4729
1416 | #DISTORM_I_VCMPNEQSD = 5935
1417 | #DISTORM_I_VCMPNEQSS = 5533
1418 | #DISTORM_I_VCMPNEQ_OQPD = 5223
1419 | #DISTORM_I_VCMPNEQ_OQPS = 4821
1420 | #DISTORM_I_VCMPNEQ_OQSD = 6027
1421 | #DISTORM_I_VCMPNEQ_OQSS = 5625
1422 | #DISTORM_I_VCMPNEQ_OSPD = 5435
1423 | #DISTORM_I_VCMPNEQ_OSPS = 5033
1424 | #DISTORM_I_VCMPNEQ_OSSD = 6239
1425 | #DISTORM_I_VCMPNEQ_OSSS = 5837
1426 | #DISTORM_I_VCMPNEQ_USPD = 5323
1427 | #DISTORM_I_VCMPNEQ_USPS = 4921
1428 | #DISTORM_I_VCMPNEQ_USSD = 6127
1429 | #DISTORM_I_VCMPNEQ_USSS = 5725
1430 | #DISTORM_I_VCMPNGEPD = 5188
1431 | #DISTORM_I_VCMPNGEPS = 4786
1432 | #DISTORM_I_VCMPNGESD = 5992
1433 | #DISTORM_I_VCMPNGESS = 5590
1434 | #DISTORM_I_VCMPNGE_UQPD = 5391
1435 | #DISTORM_I_VCMPNGE_UQPS = 4989
1436 | #DISTORM_I_VCMPNGE_UQSD = 6195
1437 | #DISTORM_I_VCMPNGE_UQSS = 5793
1438 | #DISTORM_I_VCMPNGTPD = 5199
1439 | #DISTORM_I_VCMPNGTPS = 4797
1440 | #DISTORM_I_VCMPNGTSD = 6003
1441 | #DISTORM_I_VCMPNGTSS = 5601
1442 | #DISTORM_I_VCMPNGT_UQPD = 5405
1443 | #DISTORM_I_VCMPNGT_UQPS = 5003
1444 | #DISTORM_I_VCMPNGT_UQSD = 6209
1445 | #DISTORM_I_VCMPNGT_UQSS = 5807
1446 | #DISTORM_I_VCMPNLEPD = 5153
1447 | #DISTORM_I_VCMPNLEPS = 4751
1448 | #DISTORM_I_VCMPNLESD = 5957
1449 | #DISTORM_I_VCMPNLESS = 5555
1450 | #DISTORM_I_VCMPNLE_UQPD = 5351
1451 | #DISTORM_I_VCMPNLE_UQPS = 4949
1452 | #DISTORM_I_VCMPNLE_UQSD = 6155
1453 | #DISTORM_I_VCMPNLE_UQSS = 5753
1454 | #DISTORM_I_VCMPNLTPD = 5142
1455 | #DISTORM_I_VCMPNLTPS = 4740
1456 | #DISTORM_I_VCMPNLTSD = 5946
1457 | #DISTORM_I_VCMPNLTSS = 5544
1458 | #DISTORM_I_VCMPNLT_UQPD = 5337
1459 | #DISTORM_I_VCMPNLT_UQPS = 4935
1460 | #DISTORM_I_VCMPNLT_UQSD = 6141
1461 | #DISTORM_I_VCMPNLT_UQSS = 5739
1462 | #DISTORM_I_VCMPORDPD = 5164
1463 | #DISTORM_I_VCMPORDPS = 4762
1464 | #DISTORM_I_VCMPORDSD = 5968
1465 | #DISTORM_I_VCMPORDSS = 5566
1466 | #DISTORM_I_VCMPORD_SPD = 5365
1467 | #DISTORM_I_VCMPORD_SPS = 4963
1468 | #DISTORM_I_VCMPORD_SSD = 6169
1469 | #DISTORM_I_VCMPORD_SSS = 5767
1470 | #DISTORM_I_VCMPTRUEPD = 5257
1471 | #DISTORM_I_VCMPTRUEPS = 4855
1472 | #DISTORM_I_VCMPTRUESD = 6061
1473 | #DISTORM_I_VCMPTRUESS = 5659
1474 | #DISTORM_I_VCMPTRUE_USPD = 5475
1475 | #DISTORM_I_VCMPTRUE_USPS = 5073
1476 | #DISTORM_I_VCMPTRUE_USSD = 6279
1477 | #DISTORM_I_VCMPTRUE_USSS = 5877
1478 | #DISTORM_I_VCMPUNORDPD = 5118
1479 | #DISTORM_I_VCMPUNORDPS = 4716
1480 | #DISTORM_I_VCMPUNORDSD = 5922
1481 | #DISTORM_I_VCMPUNORDSS = 5520
1482 | #DISTORM_I_VCMPUNORD_SPD = 5308
1483 | #DISTORM_I_VCMPUNORD_SPS = 4906
1484 | #DISTORM_I_VCMPUNORD_SSD = 6112
1485 | #DISTORM_I_VCMPUNORD_SSS = 5710
1486 | #DISTORM_I_VCOMISD = 2796
1487 | #DISTORM_I_VCOMISS = 2787
1488 | #DISTORM_I_VCVTDQ2PD = 6819
1489 | #DISTORM_I_VCVTDQ2PS = 3338
1490 | #DISTORM_I_VCVTPD2DQ = 6830
1491 | #DISTORM_I_VCVTPD2PS = 3274
1492 | #DISTORM_I_VCVTPS2DQ = 3349
1493 | #DISTORM_I_VCVTPS2PD = 3263
1494 | #DISTORM_I_VCVTSD2SI = 2722
1495 | #DISTORM_I_VCVTSD2SS = 3296
1496 | #DISTORM_I_VCVTSI2SD = 2536
1497 | #DISTORM_I_VCVTSI2SS = 2525
1498 | #DISTORM_I_VCVTSS2SD = 3285
1499 | #DISTORM_I_VCVTSS2SI = 2711
1500 | #DISTORM_I_VCVTTPD2DQ = 6807
1501 | #DISTORM_I_VCVTTPS2DQ = 3360
1502 | #DISTORM_I_VCVTTSD2SI = 2659
1503 | #DISTORM_I_VCVTTSS2SI = 2647
1504 | #DISTORM_I_VDIVPD = 3528
1505 | #DISTORM_I_VDIVPS = 3520
1506 | #DISTORM_I_VDIVSD = 3544
1507 | #DISTORM_I_VDIVSS = 3536
1508 | #DISTORM_I_VDPPD = 9621
1509 | #DISTORM_I_VDPPS = 9608
1510 | #DISTORM_I_VERR = 1663
1511 | #DISTORM_I_VERW = 1669
1512 | #DISTORM_I_VEXTRACTF128 = 9516
1513 | #DISTORM_I_VEXTRACTPS = 9491
1514 | #DISTORM_I_VFMADD132PD = 8387
1515 | #DISTORM_I_VFMADD132PS = 8374
1516 | #DISTORM_I_VFMADD132SD = 8413
1517 | #DISTORM_I_VFMADD132SS = 8400
1518 | #DISTORM_I_VFMADD213PD = 8667
1519 | #DISTORM_I_VFMADD213PS = 8654
1520 | #DISTORM_I_VFMADD213SD = 8693
1521 | #DISTORM_I_VFMADD213SS = 8680
1522 | #DISTORM_I_VFMADD231PD = 8947
1523 | #DISTORM_I_VFMADD231PS = 8934
1524 | #DISTORM_I_VFMADD231SD = 8973
1525 | #DISTORM_I_VFMADD231SS = 8960
1526 | #DISTORM_I_VFMADDSUB132PD = 8326
1527 | #DISTORM_I_VFMADDSUB132PS = 8310
1528 | #DISTORM_I_VFMADDSUB213PD = 8606
1529 | #DISTORM_I_VFMADDSUB213PS = 8590
1530 | #DISTORM_I_VFMADDSUB231PD = 8886
1531 | #DISTORM_I_VFMADDSUB231PS = 8870
1532 | #DISTORM_I_VFMSUB132PD = 8439
1533 | #DISTORM_I_VFMSUB132PS = 8426
1534 | #DISTORM_I_VFMSUB132SD = 8465
1535 | #DISTORM_I_VFMSUB132SS = 8452
1536 | #DISTORM_I_VFMSUB213PD = 8719
1537 | #DISTORM_I_VFMSUB213PS = 8706
1538 | #DISTORM_I_VFMSUB213SD = 8745
1539 | #DISTORM_I_VFMSUB213SS = 8732
1540 | #DISTORM_I_VFMSUB231PD = 8999
1541 | #DISTORM_I_VFMSUB231PS = 8986
1542 | #DISTORM_I_VFMSUB231SD = 9025
1543 | #DISTORM_I_VFMSUB231SS = 9012
1544 | #DISTORM_I_VFMSUBADD132PD = 8358
1545 | #DISTORM_I_VFMSUBADD132PS = 8342
1546 | #DISTORM_I_VFMSUBADD213PD = 8638
1547 | #DISTORM_I_VFMSUBADD213PS = 8622
1548 | #DISTORM_I_VFMSUBADD231PD = 8918
1549 | #DISTORM_I_VFMSUBADD231PS = 8902
1550 | #DISTORM_I_VFNMADD132PD = 8492
1551 | #DISTORM_I_VFNMADD132PS = 8478
1552 | #DISTORM_I_VFNMADD132SD = 8520
1553 | #DISTORM_I_VFNMADD132SS = 8506
1554 | #DISTORM_I_VFNMADD213PD = 8772
1555 | #DISTORM_I_VFNMADD213PS = 8758
1556 | #DISTORM_I_VFNMADD213SD = 8800
1557 | #DISTORM_I_VFNMADD213SS = 8786
1558 | #DISTORM_I_VFNMADD231PD = 9052
1559 | #DISTORM_I_VFNMADD231PS = 9038
1560 | #DISTORM_I_VFNMADD231SD = 9080
1561 | #DISTORM_I_VFNMADD231SS = 9066
1562 | #DISTORM_I_VFNMSUB132PD = 8548
1563 | #DISTORM_I_VFNMSUB132PS = 8534
1564 | #DISTORM_I_VFNMSUB132SD = 8576
1565 | #DISTORM_I_VFNMSUB132SS = 8562
1566 | #DISTORM_I_VFNMSUB213PD = 8828
1567 | #DISTORM_I_VFNMSUB213PS = 8814
1568 | #DISTORM_I_VFNMSUB213SD = 8856
1569 | #DISTORM_I_VFNMSUB213SS = 8842
1570 | #DISTORM_I_VFNMSUB231PD = 9108
1571 | #DISTORM_I_VFNMSUB231PS = 9094
1572 | #DISTORM_I_VFNMSUB231SD = 9136
1573 | #DISTORM_I_VFNMSUB231SS = 9122
1574 | #DISTORM_I_VHADDPD = 4197
1575 | #DISTORM_I_VHADDPS = 4206
1576 | #DISTORM_I_VHSUBPD = 4231
1577 | #DISTORM_I_VHSUBPS = 4240
1578 | #DISTORM_I_VINSERTF128 = 9503
1579 | #DISTORM_I_VINSERTPS = 9557
1580 | #DISTORM_I_VLDDQU = 7001
1581 | #DISTORM_I_VLDMXCSR = 9941
1582 | #DISTORM_I_VMASKMOVDQU = 7131
1583 | #DISTORM_I_VMASKMOVPD = 7949
1584 | #DISTORM_I_VMASKMOVPS = 7937
1585 | #DISTORM_I_VMAXPD = 3588
1586 | #DISTORM_I_VMAXPS = 3580
1587 | #DISTORM_I_VMAXSD = 3604
1588 | #DISTORM_I_VMAXSS = 3596
1589 | #DISTORM_I_VMCALL = 1719
1590 | #DISTORM_I_VMCLEAR = 9989
1591 | #DISTORM_I_VMFUNC = 1787
1592 | #DISTORM_I_VMINPD = 3468
1593 | #DISTORM_I_VMINPS = 3460
1594 | #DISTORM_I_VMINSD = 3484
1595 | #DISTORM_I_VMINSS = 3476
1596 | #DISTORM_I_VMLAUNCH = 1727
1597 | #DISTORM_I_VMLOAD = 1811
1598 | #DISTORM_I_VMMCALL = 1802
1599 | #DISTORM_I_VMOVAPD = 2476
1600 | #DISTORM_I_VMOVAPS = 2467
1601 | #DISTORM_I_VMOVD = 3932
1602 | #DISTORM_I_VMOVDDUP = 2234
1603 | #DISTORM_I_VMOVDQA = 3962
1604 | #DISTORM_I_VMOVDQU = 3971
1605 | #DISTORM_I_VMOVHLPS = 2195
1606 | #DISTORM_I_VMOVHPD = 2382
1607 | #DISTORM_I_VMOVHPS = 2373
1608 | #DISTORM_I_VMOVLHPS = 2363
1609 | #DISTORM_I_VMOVLPD = 2214
1610 | #DISTORM_I_VMOVLPS = 2205
1611 | #DISTORM_I_VMOVMSKPD = 2836
1612 | #DISTORM_I_VMOVMSKPS = 2825
1613 | #DISTORM_I_VMOVNTDQ = 6858
1614 | #DISTORM_I_VMOVNTDQA = 7905
1615 | #DISTORM_I_VMOVNTPD = 2593
1616 | #DISTORM_I_VMOVNTPS = 2583
1617 | #DISTORM_I_VMOVQ = 3939
1618 | #DISTORM_I_VMOVSD = 2143
1619 | #DISTORM_I_VMOVSHDUP = 2391
1620 | #DISTORM_I_VMOVSLDUP = 2223
1621 | #DISTORM_I_VMOVSS = 2135
1622 | #DISTORM_I_VMOVUPD = 2126
1623 | #DISTORM_I_VMOVUPS = 2117
1624 | #DISTORM_I_VMPSADBW = 9637
1625 | #DISTORM_I_VMPTRLD = 9980
1626 | #DISTORM_I_VMPTRST = 6385
1627 | #DISTORM_I_VMREAD = 4128
1628 | #DISTORM_I_VMRESUME = 1737
1629 | #DISTORM_I_VMRUN = 1795
1630 | #DISTORM_I_VMSAVE = 1819
1631 | #DISTORM_I_VMULPD = 3199
1632 | #DISTORM_I_VMULPS = 3191
1633 | #DISTORM_I_VMULSD = 3215
1634 | #DISTORM_I_VMULSS = 3207
1635 | #DISTORM_I_VMWRITE = 4152
1636 | #DISTORM_I_VMXOFF = 1747
1637 | #DISTORM_I_VMXON = 9998
1638 | #DISTORM_I_VORPD = 3066
1639 | #DISTORM_I_VORPS = 3059
1640 | #DISTORM_I_VPABSB = 7695
1641 | #DISTORM_I_VPABSD = 7725
1642 | #DISTORM_I_VPABSW = 7710
1643 | #DISTORM_I_VPACKSSDW = 3859
1644 | #DISTORM_I_VPACKSSWB = 3691
1645 | #DISTORM_I_VPACKUSDW = 7926
1646 | #DISTORM_I_VPACKUSWB = 3769
1647 | #DISTORM_I_VPADDB = 7211
1648 | #DISTORM_I_VPADDD = 7241
1649 | #DISTORM_I_VPADDQ = 6488
1650 | #DISTORM_I_VPADDSB = 6938
1651 | #DISTORM_I_VPADDSW = 6955
1652 | #DISTORM_I_VPADDUSW = 6629
1653 | #DISTORM_I_VPADDW = 7226
1654 | #DISTORM_I_VPALIGNR = 9419
1655 | #DISTORM_I_VPAND = 6613
1656 | #DISTORM_I_VPANDN = 6672
1657 | #DISTORM_I_VPAVGB = 6687
1658 | #DISTORM_I_VPAVGW = 6732
1659 | #DISTORM_I_VPBLENDVB = 9692
1660 | #DISTORM_I_VPBLENDW = 9400
1661 | #DISTORM_I_VPCLMULQDQ = 9658
1662 | #DISTORM_I_VPCMPEQB = 4052
1663 | #DISTORM_I_VPCMPEQD = 4090
1664 | #DISTORM_I_VPCMPEQQ = 7885
1665 | #DISTORM_I_VPCMPEQW = 4071
1666 | #DISTORM_I_VPCMPESTRI = 9737
1667 | #DISTORM_I_VPCMPESTRM = 9714
1668 | #DISTORM_I_VPCMPGTB = 3711
1669 | #DISTORM_I_VPCMPGTD = 3749
1670 | #DISTORM_I_VPCMPGTQ = 8096
1671 | #DISTORM_I_VPCMPGTW = 3730
1672 | #DISTORM_I_VPCMPISTRI = 9783
1673 | #DISTORM_I_VPCMPISTRM = 9760
1674 | #DISTORM_I_VPERM2F128 = 9265
1675 | #DISTORM_I_VPERMILPD = 7570
1676 | #DISTORM_I_VPERMILPS = 7559
1677 | #DISTORM_I_VPEXTRB = 9437
1678 | #DISTORM_I_VPEXTRD = 9462
1679 | #DISTORM_I_VPEXTRQ = 9471
1680 | #DISTORM_I_VPEXTRW = 6319
1681 | #DISTORM_I_VPHADDD = 7383
1682 | #DISTORM_I_VPHADDSW = 7401
1683 | #DISTORM_I_VPHADDW = 7366
1684 | #DISTORM_I_VPHMINPOSUW = 8271
1685 | #DISTORM_I_VPHSUBD = 7459
1686 | #DISTORM_I_VPHSUBSW = 7477
1687 | #DISTORM_I_VPHSUBW = 7442
1688 | #DISTORM_I_VPINSRB = 9538
1689 | #DISTORM_I_VPINSRD = 9584
1690 | #DISTORM_I_VPINSRQ = 9593
1691 | #DISTORM_I_VPINSRW = 6302
1692 | #DISTORM_I_VPMADDUBSW = 7422
1693 | #DISTORM_I_VPMADDWD = 7082
1694 | #DISTORM_I_VPMAXSB = 8182
1695 | #DISTORM_I_VPMAXSD = 8199
1696 | #DISTORM_I_VPMAXSW = 6972
1697 | #DISTORM_I_VPMAXUB = 6656
1698 | #DISTORM_I_VPMAXUD = 8233
1699 | #DISTORM_I_VPMAXUW = 8216
1700 | #DISTORM_I_VPMINSB = 8114
1701 | #DISTORM_I_VPMINSD = 8131
1702 | #DISTORM_I_VPMINSW = 6910
1703 | #DISTORM_I_VPMINUB = 6598
1704 | #DISTORM_I_VPMINUD = 8165
1705 | #DISTORM_I_VPMINUW = 8148
1706 | #DISTORM_I_VPMOVMSKB = 6541
1707 | #DISTORM_I_VPMOVSXBD = 7764
1708 | #DISTORM_I_VPMOVSXBQ = 7785
1709 | #DISTORM_I_VPMOVSXBW = 7743
1710 | #DISTORM_I_VPMOVSXDQ = 7848
1711 | #DISTORM_I_VPMOVSXWD = 7806
1712 | #DISTORM_I_VPMOVSXWQ = 7827
1713 | #DISTORM_I_VPMOVZXBD = 7992
1714 | #DISTORM_I_VPMOVZXBQ = 8013
1715 | #DISTORM_I_VPMOVZXBW = 7971
1716 | #DISTORM_I_VPMOVZXDQ = 8076
1717 | #DISTORM_I_VPMOVZXWD = 8034
1718 | #DISTORM_I_VPMOVZXWQ = 8055
1719 | #DISTORM_I_VPMULDQ = 7867
1720 | #DISTORM_I_VPMULHRSW = 7548
1721 | #DISTORM_I_VPMULHUW = 6749
1722 | #DISTORM_I_VPMULHW = 6767
1723 | #DISTORM_I_VPMULLD = 8250
1724 | #DISTORM_I_VPMULLW = 6504
1725 | #DISTORM_I_VPMULUDQ = 7063
1726 | #DISTORM_I_VPOR = 6924
1727 | #DISTORM_I_VPSADBW = 7100
1728 | #DISTORM_I_VPSHUFB = 7349
1729 | #DISTORM_I_VPSHUFD = 4014
1730 | #DISTORM_I_VPSHUFHW = 4023
1731 | #DISTORM_I_VPSHUFLW = 4033
1732 | #DISTORM_I_VPSIGNB = 7495
1733 | #DISTORM_I_VPSIGND = 7529
1734 | #DISTORM_I_VPSIGNW = 7512
1735 | #DISTORM_I_VPSLLD = 7031
1736 | #DISTORM_I_VPSLLDQ = 9855
1737 | #DISTORM_I_VPSLLQ = 7046
1738 | #DISTORM_I_VPSLLW = 7016
1739 | #DISTORM_I_VPSRAD = 6717
1740 | #DISTORM_I_VPSRAW = 6702
1741 | #DISTORM_I_VPSRLD = 6458
1742 | #DISTORM_I_VPSRLDQ = 9838
1743 | #DISTORM_I_VPSRLQ = 6473
1744 | #DISTORM_I_VPSRLW = 6443
1745 | #DISTORM_I_VPSUBB = 7151
1746 | #DISTORM_I_VPSUBD = 7181
1747 | #DISTORM_I_VPSUBQ = 7196
1748 | #DISTORM_I_VPSUBSB = 6876
1749 | #DISTORM_I_VPSUBSW = 6893
1750 | #DISTORM_I_VPSUBUSB = 6561
1751 | #DISTORM_I_VPSUBUSW = 6580
1752 | #DISTORM_I_VPSUBW = 7166
1753 | #DISTORM_I_VPTEST = 7636
1754 | #DISTORM_I_VPUNPCKHBW = 3791
1755 | #DISTORM_I_VPUNPCKHDQ = 3837
1756 | #DISTORM_I_VPUNPCKHQDQ = 3907
1757 | #DISTORM_I_VPUNPCKHWD = 3814
1758 | #DISTORM_I_VPUNPCKLBW = 3623
1759 | #DISTORM_I_VPUNPCKLDQ = 3669
1760 | #DISTORM_I_VPUNPCKLQDQ = 3882
1761 | #DISTORM_I_VPUNPCKLWD = 3646
1762 | #DISTORM_I_VPXOR = 6987
1763 | #DISTORM_I_VRCPPS = 2967
1764 | #DISTORM_I_VRCPSS = 2975
1765 | #DISTORM_I_VROUNDPD = 9305
1766 | #DISTORM_I_VROUNDPS = 9286
1767 | #DISTORM_I_VROUNDSD = 9343
1768 | #DISTORM_I_VROUNDSS = 9324
1769 | #DISTORM_I_VRSQRTPS = 2933
1770 | #DISTORM_I_VRSQRTSS = 2943
1771 | #DISTORM_I_VSHUFPD = 6353
1772 | #DISTORM_I_VSHUFPS = 6344
1773 | #DISTORM_I_VSQRTPD = 2888
1774 | #DISTORM_I_VSQRTPS = 2879
1775 | #DISTORM_I_VSQRTSD = 2906
1776 | #DISTORM_I_VSQRTSS = 2897
1777 | #DISTORM_I_VSTMXCSR = 9970
1778 | #DISTORM_I_VSUBPD = 3408
1779 | #DISTORM_I_VSUBPS = 3400
1780 | #DISTORM_I_VSUBSD = 3424
1781 | #DISTORM_I_VSUBSS = 3416
1782 | #DISTORM_I_VTESTPD = 7590
1783 | #DISTORM_I_VTESTPS = 7581
1784 | #DISTORM_I_VUCOMISD = 2761
1785 | #DISTORM_I_VUCOMISS = 2751
1786 | #DISTORM_I_VUNPCKHPD = 2317
1787 | #DISTORM_I_VUNPCKHPS = 2306
1788 | #DISTORM_I_VUNPCKLPD = 2275
1789 | #DISTORM_I_VUNPCKLPS = 2264
1790 | #DISTORM_I_VXORPD = 3095
1791 | #DISTORM_I_VXORPS = 3087
1792 | #DISTORM_I_VZEROALL = 4118
1793 | #DISTORM_I_VZEROUPPER = 4106
1794 | #DISTORM_I_WAIT = 10020
1795 | #DISTORM_I_WBINVD = 561
1796 | #DISTORM_I_WRFSBASE = 9931
1797 | #DISTORM_I_WRGSBASE = 9960
1798 | #DISTORM_I_WRMSR = 586
1799 | #DISTORM_I_XADD = 946
1800 | #DISTORM_I_XCHG = 212
1801 | #DISTORM_I_XGETBV = 1771
1802 | #DISTORM_I_XLAT = 400
1803 | #DISTORM_I_XOR = 61
1804 | #DISTORM_I_XORPD = 3080
1805 | #DISTORM_I_XORPS = 3073
1806 | #DISTORM_I_XRSTOR = 4273
1807 | #DISTORM_I_XRSTOR64 = 4281
1808 | #DISTORM_I_XSAVE = 4249
1809 | #DISTORM_I_XSAVE64 = 4256
1810 | #DISTORM_I_XSAVEOPT = 4299
1811 | #DISTORM_I_XSAVEOPT64 = 4309
1812 | #DISTORM_I_XSETBV = 1779
1813 | #DISTORM_I__3DNOW = 10034
1814 | EndEnumeration
1815 |
1816 |
1817 | ; _RegisterType
1818 |
1819 | Enumeration
1820 | #DISTORM_R_RAX
1821 | #DISTORM_R_RCX
1822 | #DISTORM_R_RDX
1823 | #DISTORM_R_RBX
1824 | #DISTORM_R_RSP
1825 | #DISTORM_R_RBP
1826 | #DISTORM_R_RSI
1827 | #DISTORM_R_RDI
1828 | #DISTORM_R_R8
1829 | #DISTORM_R_R9
1830 | #DISTORM_R_R10
1831 | #DISTORM_R_R11
1832 | #DISTORM_R_R12
1833 | #DISTORM_R_R13
1834 | #DISTORM_R_R14
1835 | #DISTORM_R_R15
1836 | #DISTORM_R_EAX
1837 | #DISTORM_R_ECX
1838 | #DISTORM_R_EDX
1839 | #DISTORM_R_EBX
1840 | #DISTORM_R_ESP
1841 | #DISTORM_R_EBP
1842 | #DISTORM_R_ESI
1843 | #DISTORM_R_EDI
1844 | #DISTORM_R_R8D
1845 | #DISTORM_R_R9D
1846 | #DISTORM_R_R10D
1847 | #DISTORM_R_R11D
1848 | #DISTORM_R_R12D
1849 | #DISTORM_R_R13D
1850 | #DISTORM_R_R14D
1851 | #DISTORM_R_R15D
1852 | #DISTORM_R_AX
1853 | #DISTORM_R_CX
1854 | #DISTORM_R_DX
1855 | #DISTORM_R_BX
1856 | #DISTORM_R_SP
1857 | #DISTORM_R_BP
1858 | #DISTORM_R_SI
1859 | #DISTORM_R_DI
1860 | #DISTORM_R_R8W
1861 | #DISTORM_R_R9W
1862 | #DISTORM_R_R10W
1863 | #DISTORM_R_R11W
1864 | #DISTORM_R_R12W
1865 | #DISTORM_R_R13W
1866 | #DISTORM_R_R14W
1867 | #DISTORM_R_R15W
1868 | #DISTORM_R_AL
1869 | #DISTORM_R_CL
1870 | #DISTORM_R_DL
1871 | #DISTORM_R_BL
1872 | #DISTORM_R_AH
1873 | #DISTORM_R_CH
1874 | #DISTORM_R_DH
1875 | #DISTORM_R_BH
1876 | #DISTORM_R_R8B
1877 | #DISTORM_R_R9B
1878 | #DISTORM_R_R10B
1879 | #DISTORM_R_R11B
1880 | #DISTORM_R_R12B
1881 | #DISTORM_R_R13B
1882 | #DISTORM_R_R14B
1883 | #DISTORM_R_R15B
1884 | #DISTORM_R_SPL
1885 | #DISTORM_R_BPL
1886 | #DISTORM_R_SIL
1887 | #DISTORM_R_DIL
1888 | #DISTORM_R_ES
1889 | #DISTORM_R_CS
1890 | #DISTORM_R_SS
1891 | #DISTORM_R_DS
1892 | #DISTORM_R_FS
1893 | #DISTORM_R_GS
1894 | #DISTORM_R_RIP
1895 | #DISTORM_R_ST0
1896 | #DISTORM_R_ST1
1897 | #DISTORM_R_ST2
1898 | #DISTORM_R_ST3
1899 | #DISTORM_R_ST4
1900 | #DISTORM_R_ST5
1901 | #DISTORM_R_ST6
1902 | #DISTORM_R_ST7
1903 | #DISTORM_R_MM0
1904 | #DISTORM_R_MM1
1905 | #DISTORM_R_MM2
1906 | #DISTORM_R_MM3
1907 | #DISTORM_R_MM4
1908 | #DISTORM_R_MM5
1909 | #DISTORM_R_MM6
1910 | #DISTORM_R_MM7
1911 | #DISTORM_R_XMM0
1912 | #DISTORM_R_XMM1
1913 | #DISTORM_R_XMM2
1914 | #DISTORM_R_XMM3
1915 | #DISTORM_R_XMM4
1916 | #DISTORM_R_XMM5
1917 | #DISTORM_R_XMM6
1918 | #DISTORM_R_XMM7
1919 | #DISTORM_R_XMM8
1920 | #DISTORM_R_XMM9
1921 | #DISTORM_R_XMM10
1922 | #DISTORM_R_XMM11
1923 | #DISTORM_R_XMM12
1924 | #DISTORM_R_XMM13
1925 | #DISTORM_R_XMM14
1926 | #DISTORM_R_XMM15
1927 | #DISTORM_R_YMM0
1928 | #DISTORM_R_YMM1
1929 | #DISTORM_R_YMM2
1930 | #DISTORM_R_YMM3
1931 | #DISTORM_R_YMM4
1932 | #DISTORM_R_YMM5
1933 | #DISTORM_R_YMM6
1934 | #DISTORM_R_YMM7
1935 | #DISTORM_R_YMM8
1936 | #DISTORM_R_YMM9
1937 | #DISTORM_R_YMM10
1938 | #DISTORM_R_YMM11
1939 | #DISTORM_R_YMM12
1940 | #DISTORM_R_YMM13
1941 | #DISTORM_R_YMM14
1942 | #DISTORM_R_YMM15
1943 | #DISTORM_R_CR0
1944 | #DISTORM_R_UNUSED0
1945 | #DISTORM_R_CR2
1946 | #DISTORM_R_CR3
1947 | #DISTORM_R_CR4
1948 | #DISTORM_R_UNUSED1
1949 | #DISTORM_R_UNUSED2
1950 | #DISTORM_R_UNUSED3
1951 | #DISTORM_R_CR8
1952 | #DISTORM_R_DR0
1953 | #DISTORM_R_DR1
1954 | #DISTORM_R_DR2
1955 | #DISTORM_R_DR3
1956 | #DISTORM_R_UNUSED4
1957 | #DISTORM_R_UNUSED5
1958 | #DISTORM_R_DR6
1959 | #DISTORM_R_DR7
1960 | EndEnumeration
1961 |
1962 |
1963 |
1964 | ;- =====================================
1965 | ;- Prefix
1966 | ;- =====================================
1967 |
1968 |
1969 | ; Specifies the type of the extension prefix, such as: REX, 2 bytes VEX, 3 bytes VEX.
1970 |
1971 |
1972 | ; _PrefixExtType
1973 |
1974 | Enumeration
1975 | #DISTORM_PET_NONE = 0
1976 | #DISTORM_PET_REX
1977 | #DISTORM_PET_VEX2BYTES
1978 | #DISTORM_PET_VEX3BYTES
1979 | EndEnumeration
1980 |
1981 | ; Specifies an index into a table of prefixes by their type.
1982 |
1983 | ; _PrefixIndexer
1984 |
1985 | Enumeration
1986 | #DISTORM_PFXIDX_NONE = -1
1987 | #DISTORM_PFXIDX_REX
1988 | #DISTORM_PFXIDX_LOREP
1989 | #DISTORM_PFXIDX_SEG
1990 | #DISTORM_PFXIDX_OP_SIZE
1991 | #DISTORM_PFXIDX_ADRS
1992 | #DISTORM_PFXIDX_MAX
1993 | EndEnumeration
1994 |
1995 |
1996 | ; * This holds the prefixes state For the current instruction we decode.
1997 | ; * decodedPrefixes includes all specific prefixes that the instruction got.
1998 | ; * start is a pointer To the first prefix To take into account.
1999 | ; * last is a pointer To the last byte we scanned.
2000 | ; * Other pointers are used To keep track of prefixes positions And help us know If they appeared already And where.
2001 |
2002 | Structure _DISTORM_PrefixState Align #PB_Structure_AlignC
2003 | decodedPrefixes.l
2004 | usedPrefixes.l
2005 | *start
2006 | *last
2007 | *vexPos
2008 | *rexPos
2009 | prefixExtType.l
2010 | unusedPrefixesMask.u
2011 |
2012 | ; Indicates whether the operand size prefix (0x66) was used as a mandatory prefix.
2013 | isOpSizeMandatory.l
2014 |
2015 | ; If VEX prefix is used, store the VEX.vvvv field.
2016 | vexV.l
2017 |
2018 | ; The fields B/X/R/W/L of REX and VEX are stored together in this byte.
2019 | vrex.l
2020 |
2021 | ; Make sure pfxIndexer is LAST! Otherwise memset won't work well with it.
2022 |
2023 | ; Holds the offset to the prefix byte by its type.
2024 | pfxIndexer.l[#DISTORM_PFXIDX_MAX]
2025 | EndStructure
2026 |
2027 | Structure _DISTORM_PrefixState_array
2028 | PrefixState._DISTORM_PrefixState[0]
2029 | EndStructure
2030 |
2031 | ; * Intel supports 6 types of prefixes, whereas AMD supports 5 types (lock is seperated from rep/nz).
2032 | ; * REX is the fifth prefix type, this time I'm based on AMD64.
2033 | ; * VEX is the 6th, though it can't be repeated.
2034 |
2035 | #DISTORM_MAX_PREFIXES = 5
2036 |
2037 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
2038 | ImportC #DISTORM_LIB_FULLPATH
2039 | CompilerElse
2040 | Import #DISTORM_LIB_FULLPATH
2041 | CompilerEndIf
2042 |
2043 | prefixes_is_valid.l(ch.l, dt.l)
2044 | prefixes_ignore(*ps._DIstorm_PrefixState, pi.l)
2045 | prefixes_ignore_all(*ps._DIstorm_PrefixState)
2046 | prefixes_set_unused_mask.u(*ps._DIstorm_PrefixState)
2047 | prefixes_decode(*code, codeLen.l, *ps._DIstorm_PrefixState, dt.l)
2048 | prefixes_use_segment(defaultSeg.l, *ps._DIstorm_PrefixState, dt.l, *di._DISTORM_DInst)
2049 | EndImport
2050 |
2051 |
2052 |
2053 | ;- =====================================
2054 | ;- Instructions
2055 | ;- =====================================
2056 |
2057 |
2058 | ; * Operand type possibilities:
2059 | ; * Note "_FULL" suffix indicates To decode the operand As 16 bits Or 32 bits depends on DecodeType -
2060 | ; * actually, it depends on the decoding mode, unless there's an operand/address size prefix.
2061 | ; * For example, the code: 33 c0 could be decoded/executed As XOr AX, AX Or XOr EAX, EAX.
2062 |
2063 |
2064 | ; _OpType
2065 |
2066 | Enumeration
2067 | ; No operand is set
2068 | #DISTORM_OT_NONE = 0
2069 |
2070 | ; Read a byte(8 bits) immediate
2071 | #DISTORM_OT_IMM8
2072 | ; Force a read of a word(16 bits) immediate, used by ret only
2073 | #DISTORM_OT_IMM16
2074 | ; Read a word/dword immediate
2075 | #DISTORM_OT_IMM_FULL
2076 | ; Read a double-word(32 bits) immediate
2077 | #DISTORM_OT_IMM32
2078 |
2079 | ; Read a signed extended byte(8 bits) immediate
2080 | #DISTORM_OT_SEIMM8
2081 |
2082 | ; Special immediates For instructions which have more than one immediate
2083 | ; which is an exception from standard instruction format.
2084 | ; As To version v1.0: ENTER, INSERTQ, EXTRQ are the only problematic ones.
2085 |
2086 | ; 16 bits immediate using the first imm-slot
2087 | #DISTORM_OT_IMM16_1
2088 | ; 8 bits immediate using the first imm-slot
2089 | #DISTORM_OT_IMM8_1
2090 | ; 8 bits immediate using the second imm-slot
2091 | #DISTORM_OT_IMM8_2
2092 |
2093 | ; Use a 8bit register
2094 | #DISTORM_OT_REG8
2095 | ; Use a 16bit register
2096 | #DISTORM_OT_REG16
2097 | ; Use a 16/32/64bit register
2098 | #DISTORM_OT_REG_FULL
2099 | ; Use a 32bit register
2100 | #DISTORM_OT_REG32
2101 |
2102 | ; If used With REX the reg operand size becomes 64 bits, otherwise 32 bits.
2103 | ; VMX instructions are promoted automatically without a REX prefix.
2104 |
2105 | #DISTORM_OT_REG32_64
2106 | ; Used only by MOV CR/DR(n). Promoted with REX onlly.
2107 | #DISTORM_OT_FREG32_64_RM
2108 |
2109 | ; Use or read (indirection) a 8bit register or immediate byte
2110 | #DISTORM_OT_RM8
2111 | ; Some instructions force 16 bits (mov sreg, rm16)
2112 | #DISTORM_OT_RM16
2113 | ; Use or read a 16/32/64bit register or immediate word/dword/qword
2114 | #DISTORM_OT_RM_FULL
2115 |
2116 | ; 32 Or 64 bits (With REX) operand size indirection memory operand.
2117 | ; Some instructions are promoted automatically without a REX prefix.
2118 |
2119 | #DISTORM_OT_RM32_64
2120 | ; 16 or 32 bits RM. This is used only with MOVZXD instruction in 64bits.
2121 | #DISTORM_OT_RM16_32
2122 | ; Same as #DISTORM_OT_RMXX but POINTS to 16 bits [cannot use GENERAL-PURPOSE REG!]
2123 | #DISTORM_OT_FPUM16
2124 | ; Same as #DISTORM_OT_RMXX but POINTS to 32 bits (single precision) [cannot use GENERAL-PURPOSE REG!]
2125 | #DISTORM_OT_FPUM32
2126 | ; Same as #DISTORM_OT_RMXX but POINTS to 64 bits (double precision) [cannot use GENERAL-PURPOSE REG!]
2127 | #DISTORM_OT_FPUM64
2128 | ; Same as #DISTORM_OT_RMXX but POINTS to 80 bits (extended precision) [cannot use GENERAL-PURPOSE REG!]
2129 | #DISTORM_OT_FPUM80
2130 |
2131 |
2132 | ; Special operand type For SSE4 where the ModR/M might
2133 | ; be a 32 bits register Or 8 bits memory indirection operand.
2134 |
2135 | #DISTORM_OT_R32_M8
2136 |
2137 | ; Special ModR/M For PINSRW, which need a 16 bits memory operand Or 32 bits register.
2138 | ; In 16 bits decoding mode R32 becomes R16, operand size cannot affect this.
2139 |
2140 | #DISTORM_OT_R32_M16
2141 |
2142 | ; Special type For SSE4, ModR/M might be a 32 bits Or 64 bits (With REX) register Or
2143 | ; a 8 bits memory indirection operand.
2144 |
2145 | #DISTORM_OT_R32_64_M8
2146 |
2147 | ; Special type For SSE4, ModR/M might be a 32 bits Or 64 bits (With REX) register Or
2148 | ; a 16 bits memory indirection operand.
2149 |
2150 | #DISTORM_OT_R32_64_M16
2151 |
2152 | ; Special operand type For MOV reg16/32/64/mem16, segReg 8C /r. And SMSW.
2153 | ; It supports all decoding modes, but If used As a memory indirection it's a 16 bit ModR/M indirection.
2154 |
2155 | #DISTORM_OT_RFULL_M16
2156 |
2157 | ; Use a control register
2158 | #DISTORM_OT_CREG
2159 | ; Use a debug register
2160 | #DISTORM_OT_DREG
2161 | ; Use a segment register
2162 | #DISTORM_OT_SREG
2163 |
2164 | ; * SEG is encoded in the flags of the opcode itself!
2165 | ; * This is used For specific "push SS" where SS is a segment where
2166 | ; * each "push SS" has an absolutely different opcode byte.
2167 | ; * We need this To detect whether an operand size prefix is used.
2168 |
2169 | #DISTORM_OT_SEG
2170 |
2171 | ; Use AL
2172 | #DISTORM_OT_ACC8
2173 | ; Use AX (FSTSW)
2174 | #DISTORM_OT_ACC16
2175 | ; Use AX/EAX/RAX
2176 | #DISTORM_OT_ACC_FULL
2177 | ; Use AX/EAX, no REX is possible for RAX, used only with IN/OUT which don't support 64 bit registers
2178 | #DISTORM_OT_ACC_FULL_NOT64
2179 |
2180 |
2181 | ; * Read one word (seg), And a word/dword/qword (depends on operand size) from memory.
2182 | ; * JMP FAR [EBX] means EBX point To 16:32 ptr.
2183 |
2184 | #DISTORM_OT_MEM16_FULL
2185 | ; Read one word (seg) and a word/dword/qword (depends on operand size), usually SEG:OFF, JMP 1234:1234
2186 | #DISTORM_OT_PTR16_FULL
2187 | ; Read one word (limit) and a dword/qword (limit) (depends on operand size), used by SGDT, SIDT, LGDT, LIDT.
2188 | #DISTORM_OT_MEM16_3264
2189 |
2190 | ; Read a byte(8 bits) immediate and calculate it relatively to the current offset of the instruction being decoded
2191 | #DISTORM_OT_RELCB
2192 | ; Read a word/dword immediate and calculate it relatively to the current offset of the instruction being decoded
2193 | #DISTORM_OT_RELC_FULL
2194 |
2195 | ; Use general memory indirection, with varying sizes:
2196 | #DISTORM_OT_MEM
2197 | ; Used when a memory indirection is required, but if the mod field is 11, this operand will be ignored.
2198 | #DISTORM_OT_MEM_OPT
2199 | #DISTORM_OT_MEM32
2200 | ; Memory dereference for MOVNTI, either 32 or 64 bits (with REX).
2201 | #DISTORM_OT_MEM32_64
2202 | #DISTORM_OT_MEM64
2203 | #DISTORM_OT_MEM128
2204 | ; Used for cmpxchg8b/16b.
2205 | #DISTORM_OT_MEM64_128
2206 |
2207 | ; Read an immediate as an absolute address, size is known by instruction, used by MOV (memory offset) only
2208 | #DISTORM_OT_MOFFS8
2209 | #DISTORM_OT_MOFFS_FULL
2210 | ; Use an immediate of 1, as for SHR R/M, 1
2211 | #DISTORM_OT_CONST1
2212 | ; Use CL, as for SHR R/M, CL
2213 | #DISTORM_OT_REGCL
2214 |
2215 |
2216 | ; * Instruction-Block For one byte long instructions, used by INC/DEC/PUSH/POP/XCHG
2217 | ; * REG is extracted from the value of opcode
2218 | ; * Use a 8bit register
2219 |
2220 | #DISTORM_OT_IB_RB
2221 | ; Use a 16/32/64bit register
2222 | #DISTORM_OT_IB_R_FULL
2223 |
2224 | ; Use [(r)SI] as INDIRECTION, for repeatable instructions
2225 | #DISTORM_OT_REGI_ESI
2226 | ; Use [(r)DI] as INDIRECTION, for repeatable instructions
2227 | #DISTORM_OT_REGI_EDI
2228 | ; Use [(r)BX + AL] as INDIRECTIOM, used by XLAT only
2229 | #DISTORM_OT_REGI_EBXAL
2230 | ; Use [(r)AX] as INDIRECTION, used by AMD's SVM instructions
2231 | #DISTORM_OT_REGI_EAX
2232 | ; Use DX, as for OUTS DX, BYTE [SI]
2233 | #DISTORM_OT_REGDX
2234 | ; Use ECX in INVLPGA instruction
2235 | #DISTORM_OT_REGECX
2236 |
2237 | ; FPU registers:
2238 | #DISTORM_OT_FPU_SI ; ST(i)
2239 | #DISTORM_OT_FPU_SSI; ST(0), ST(i)
2240 | #DISTORM_OT_FPU_SIS; ST(i), ST(0)
2241 |
2242 | ; MMX registers:
2243 | #DISTORM_OT_MM
2244 | ; Extract the MMX register from the RM bits this time (used when the REG bits are used for opcode extension)
2245 | #DISTORM_OT_MM_RM
2246 | ; ModR/M points to 32 bits MMX variable
2247 | #DISTORM_OT_MM32
2248 | ; ModR/M points to 32 bits MMX variable
2249 | #DISTORM_OT_MM64
2250 |
2251 | ; SSE registers:
2252 | #DISTORM_OT_XMM
2253 | ; Extract the SSE register from the RM bits this time (used when the REG bits are used for opcode extension)
2254 | #DISTORM_OT_XMM_RM
2255 | ; ModR/M points to 16 bits SSE variable
2256 | #DISTORM_OT_XMM16
2257 | ; ModR/M points to 32 bits SSE variable
2258 | #DISTORM_OT_XMM32
2259 | ; ModR/M points to 64 bits SSE variable
2260 | #DISTORM_OT_XMM64
2261 | ; ModR/M points to 128 bits SSE variable
2262 | #DISTORM_OT_XMM128
2263 | ; Implied XMM0 register as operand, used in SSE4.
2264 | #DISTORM_OT_REGXMM0
2265 |
2266 | ; AVX operands:
2267 |
2268 | ; ModR/M for 32 bits.
2269 | #DISTORM_OT_RM32
2270 | ; Reg32/Reg64 (prefix width) or Mem8.
2271 | #DISTORM_OT_REG32_64_M8
2272 | ; Reg32/Reg64 (prefix width) or Mem16.
2273 | #DISTORM_OT_REG32_64_M16
2274 | ; Reg32/Reg 64 depends on prefix width only.
2275 | #DISTORM_OT_WREG32_64
2276 | ; RM32/RM64 depends on prefix width only.
2277 | #DISTORM_OT_WRM32_64
2278 | ; XMM or Mem32/Mem64 depends on perfix width only.
2279 | #DISTORM_OT_WXMM32_64
2280 | ; XMM is encoded in VEX.VVVV.
2281 | #DISTORM_OT_VXMM
2282 | ; XMM is encoded in the high nibble of an immediate byte.
2283 | #DISTORM_OT_XMM_IMM
2284 | ; YMM/XMM is dependent on VEX.L.
2285 | #DISTORM_OT_YXMM
2286 | ; YMM/XMM (depends on prefix length) is encoded in the high nibble of an immediate byte.
2287 | #DISTORM_OT_YXMM_IMM
2288 | ; YMM is encoded in reg.
2289 | #DISTORM_OT_YMM
2290 | ; YMM or Mem256.
2291 | #DISTORM_OT_YMM256
2292 | ; YMM is encoded in VEX.VVVV.
2293 | #DISTORM_OT_VYMM
2294 | ; YMM/XMM is dependent on VEX.L, and encoded in VEX.VVVV.
2295 | #DISTORM_OT_VYXMM
2296 | ; YMM/XMM or Mem64/Mem256 is dependent on VEX.L.
2297 | #DISTORM_OT_YXMM64_256
2298 | ; YMM/XMM or Mem128/Mem256 is dependent on VEX.L.
2299 | #DISTORM_OT_YXMM128_256
2300 | ; XMM or Mem64/Mem256 is dependent on VEX.L.
2301 | #DISTORM_OT_LXMM64_128
2302 | ; Mem128/Mem256 is dependent on VEX.L.
2303 | #DISTORM_OT_LMEM128_256
2304 | EndEnumeration
2305 |
2306 |
2307 | ; Flags for instruction:
2308 |
2309 |
2310 | ; Empty flags indicator:
2311 | #DISTORM_INST_FLAGS_NONE = 0
2312 | ; The instruction we are going to decode requires ModR/M encoding.
2313 | #DISTORM_INST_MODRM_REQUIRED = 1
2314 | ; Special treatment for instructions which are in the divided-category but still needs the whole byte for ModR/M...
2315 | #DISTORM_INST_NOT_DIVIDED = 1 << 1
2316 |
2317 | ; Used explicitly in repeatable instructions,
2318 | ; which needs a suffix letter in their mnemonic To specify operation-size (depend on operands).
2319 |
2320 | #DISTORM_INST_16BITS = 1 << 2
2321 | ; If the opcode is supported by 80286 and upper models (16/32 bits).
2322 | #DISTORM_INST_32BITS = 1 << 3
2323 |
2324 | ; Prefix flags (6 types: lock/rep, seg override, addr-size, oper-size, REX, VEX)
2325 | ; There are several specific instructions that can follow LOCK prefix,
2326 | ; note that they must be using a memory operand form, otherwise they generate an exception.
2327 |
2328 | #DISTORM_INST_PRE_LOCK = 1 << 4
2329 | ; REPNZ prefix for string instructions only - means an instruction can follow it.
2330 | #DISTORM_INST_PRE_REPNZ = 1 << 5
2331 | ; REP prefix for string instructions only - means an instruction can follow it.
2332 | #DISTORM_INST_PRE_REP = 1 << 6
2333 | ; CS override prefix.
2334 | #DISTORM_INST_PRE_CS = 1 << 7
2335 | ; SS override prefix.
2336 | #DISTORM_INST_PRE_SS = 1 << 8
2337 | ; DS override prefix.
2338 | #DISTORM_INST_PRE_DS = 1 << 9
2339 | ; ES override prefix.
2340 | #DISTORM_INST_PRE_ES = 1 << 10
2341 | ; FS override prefix. Funky Segment :)
2342 | #DISTORM_INST_PRE_FS = 1 << 11
2343 | ; GS override prefix. Groovy Segment, of course not, duh !
2344 | #DISTORM_INST_PRE_GS = 1 << 12
2345 | ; Switch operand size from 32 to 16 and vice versa.
2346 | #DISTORM_INST_PRE_OP_SIZE = 1 << 13
2347 | ; Switch address size from 32 to 16 and vice versa.
2348 | #DISTORM_INST_PRE_ADDR_SIZE = 1 << 14
2349 | ; Native instructions which needs suffix letter to indicate their operation-size (and don't depend on operands).
2350 | #DISTORM_INST_NATIVE = 1 << 15
2351 | ; Use extended mnemonic, means it's an _InstInfoEx structure, which contains another mnemonic for 32 bits specifically.
2352 | #DISTORM_INST_USE_EXMNEMONIC = 1 << 16
2353 | ; Use third operand, means it's an _InstInfoEx structure, which contains another operand for special instructions.
2354 | #DISTORM_INST_USE_OP3 = 1 << 17
2355 | ; Use fourth operand, means it's an _InstInfoEx structure, which contains another operand for special instructions.
2356 | #DISTORM_INST_USE_OP4 = 1 << 18
2357 | ; The instruction's mnemonic depends on the mod value of the ModR/M byte (mod=11, mod!=11).
2358 | #DISTORM_INST_MNEMONIC_MODRM_BASED = 1 << 19
2359 | ; The instruction uses a ModR/M byte which the MOD must be 11 (for registers operands only).
2360 | #DISTORM_INST_MODRR_REQUIRED = 1 << 20
2361 | ; The way of 3DNow! instructions are built, we have to handle their locating specially. Suffix imm8 tells which instruction it is.
2362 | #DISTORM_INST_3DNOW_FETCH = 1 << 21
2363 | ; The instruction needs two suffixes, one for the comparison type (imm8) and the second for its operation size indication (second mnemonic).
2364 | #DISTORM_INST_PSEUDO_OPCODE = 1 << 22
2365 | ; Invalid instruction at 64 bits decoding mode.
2366 | #DISTORM_INST_INVALID_64BITS = 1 << 23
2367 | ; Specific instruction can be promoted to 64 bits (without REX, it is promoted automatically).
2368 | #DISTORM_INST_64BITS = 1 << 24
2369 | ; Indicates the instruction must be REX prefixed in order to use 64 bits operands.
2370 | #DISTORM_INST_PRE_REX = 1 << 25
2371 | ; Third mnemonic is set.
2372 | #DISTORM_INST_USE_EXMNEMONIC2 = 1 << 26
2373 | ; Instruction is only valid in 64 bits decoding mode.
2374 | #DISTORM_INST_64BITS_FETCH = 1 << 27
2375 | ; Forces that the ModRM-REG/Opcode field will be 0. (For EXTRQ).
2376 | #DISTORM_INST_FORCE_REG0 = 1 << 28
2377 | ; Indicates that instruction is encoded with a VEX prefix.
2378 | #DISTORM_INST_PRE_VEX = 1 << 29
2379 | ; Indicates that the instruction is encoded with a ModRM byte (REG field specifically).
2380 | #DISTORM_INST_MODRM_INCLUDED = 1 << 30
2381 | ; Indicates that the first (/destination) operand of the instruction is writable.
2382 | #DISTORM_INST_DST_WR = 1 << 31
2383 |
2384 |
2385 | #DISTORM_INST_PRE_REPS = #DISTORM_INST_PRE_REPNZ | #DISTORM_INST_PRE_REP
2386 | #DISTORM_INST_PRE_LOKREP_MASK = #DISTORM_INST_PRE_LOCK | #DISTORM_INST_PRE_REPNZ | #DISTORM_INST_PRE_REP
2387 | #DISTORM_INST_PRE_SEGOVRD_MASK32 = #DISTORM_INST_PRE_CS | #DISTORM_INST_PRE_SS | #DISTORM_INST_PRE_DS | #DISTORM_INST_PRE_ES
2388 | #DISTORM_INST_PRE_SEGOVRD_MASK64 = #DISTORM_INST_PRE_FS | #DISTORM_INST_PRE_GS
2389 | #DISTORM_INST_PRE_SEGOVRD_MASK = #DISTORM_INST_PRE_SEGOVRD_MASK32 | #DISTORM_INST_PRE_SEGOVRD_MASK64
2390 |
2391 |
2392 |
2393 | ; Extended flags for VEX:
2394 | ; Indicates that the instruction might have VEX.L encoded.
2395 | #DISTORM_INST_VEX_L = 1
2396 | ; Indicates that the instruction might have VEX.W encoded.
2397 | #DISTORM_INST_VEX_W = 1 << 1
2398 | ; Indicates that the mnemonic of the instruction is based on the VEX.W bit.
2399 | #DISTORM_INST_MNEMONIC_VEXW_BASED = 1 << 2
2400 | ; Indicates that the mnemonic of the instruction is based on the VEX.L bit.
2401 | #DISTORM_INST_MNEMONIC_VEXL_BASED = 1 << 3
2402 | ; Forces the instruction to be encoded with VEX.L, otherwise it's undefined.
2403 | #DISTORM_INST_FORCE_VEXL = 1 << 4
2404 |
2405 | ; Indicates that the instruction is based on the MOD field of the ModRM byte.
2406 | ; (MOD==11: got the right instruction, Else skip +4 in prefixed table For the correct instruction).
2407 |
2408 | #DISTORM_INST_MODRR_BASED = 1 << 5
2409 | ; Indicates that the instruction doesn't use the VVVV field of the VEX prefix, if it does then it's undecodable.
2410 | #DISTORM_INST_VEX_V_UNUSED = 1 << 6
2411 |
2412 | ; Indication that the instruction is privileged (Ring 0), this should be checked on the opcodeId field.
2413 | #DISTORM_OPCODE_ID_PRIVILEGED = $8000
2414 |
2415 |
2416 | ;Indicates which operand is being decoded.
2417 | ; Destination (1st), Source (2nd), op3 (3rd), op4 (4th).
2418 | ; Used To set the operands' fields in the _DInst structure!
2419 |
2420 |
2421 | ; _OperandNumberType
2422 | Enumeration
2423 | #DISTORM_ONT_NONE = -1
2424 | #DISTORM_ONT_1 = 0
2425 | #DISTORM_ONT_2 = 1
2426 | #DISTORM_ONT_3 = 2
2427 | #DISTORM_ONT_4 = 3
2428 | EndEnumeration
2429 |
2430 | ; CPU Flags that instructions modify, test or undefine, in compacted form (CF,PF,AF,ZF,SF are 1:1 map to EFLAGS).
2431 | #DISTORM_D_COMPACT_CF = 1 ; Carry
2432 | #DISTORM_D_COMPACT_PF = 4 ; Parity
2433 | #DISTORM_D_COMPACT_AF = $10 ; Auxiliary
2434 | #DISTORM_D_COMPACT_ZF = $40 ; Zero
2435 | #DISTORM_D_COMPACT_SF = $80 ; Sign
2436 | ; The following flags have to be translated to EFLAGS.
2437 | #DISTORM_D_COMPACT_IF = 2 ; Interrupt
2438 | #DISTORM_D_COMPACT_DF = 8 ; Direction
2439 | #DISTORM_D_COMPACT_OF = $20 ; Overflow
2440 |
2441 | ; The mask of flags that are already compatible with EFLAGS.
2442 | #DISTORM_D_COMPACT_SAME_FLAGS = #DISTORM_D_COMPACT_CF | #DISTORM_D_COMPACT_PF | #DISTORM_D_COMPACT_AF | #DISTORM_D_COMPACT_ZF | #DISTORM_D_COMPACT_SF
2443 |
2444 |
2445 |
2446 | ; * In order To save more space For storing the DB statically,
2447 | ; * I came up With another level of Shared info.
2448 | ; * Because I saw that most of the information that instructions use repeats itself.
2449 | ; *
2450 | ; * Info about the instruction, source/dest types, meta And flags.
2451 | ; * _InstInfo points To a table of _InstSharedInfo.
2452 |
2453 | Structure _DISTORM_InstSharedInfo Align #PB_Structure_AlignC
2454 | flagsIndex.a ; An index into FlagsTables
2455 | s.a ; OpType.
2456 | d.a
2457 | meta.a ; Hi 5 bits = Instruction set class | Lo 3 bits = flow control flags.
2458 |
2459 | ; * The following are CPU flag masks that the instruction changes.
2460 | ; * The flags are compacted so 8 bits representation is enough.
2461 | ; * They will be expanded in Runtime To be compatible To EFLAGS.
2462 |
2463 | modifiedFlagsMask.a
2464 | testedFlagsMask.a
2465 | undefinedFlagsMask.a
2466 | EndStructure
2467 |
2468 | Structure _DISTORM_InstSharedInfo_array
2469 | InstSharedInfo._DISTORM_InstSharedInfo[0]
2470 | EndStructure
2471 |
2472 | ; This Structure is used For the instructions DB And Not For the disassembled result code!
2473 | ; This is the BASE Structure, there are extensions To this Structure below.
2474 |
2475 | Structure _DISTORM_InstInfo Align #PB_Structure_AlignC
2476 | sharedIndex.u ; An index into the SharedInfoTable.
2477 | opcodeId.u ; The opcodeId is really a byte-offset into the mnemonics table. MSB is a privileged indication.
2478 | EndStructure
2479 |
2480 | Structure _DISTORM_InstInfo_array
2481 | InstInfo._DISTORM_InstInfo[0]
2482 | EndStructure
2483 |
2484 | ; * There are merely few instructions which need a second mnemonic For 32 bits.
2485 | ; * Or a third For 64 bits. Therefore sometimes the second mnemonic is empty but Not the third.
2486 | ; * In all decoding modes the first mnemonic is the Default.
2487 | ; * A flag will indicate it uses another mnemonic.
2488 | ; *
2489 | ; * There are a couple of (SSE4) instructions in the whole DB which need both op3 And 3rd mnemonic For 64bits,
2490 | ; * therefore, I decided To make the extended Structure contain all extra info in the same Structure.
2491 | ; * There are a few instructions (SHLD/SHRD/IMUL And SSE too) which use third operand (Or a fourth).
2492 | ; * A flag will indicate it uses a third/fourth operand.
2493 |
2494 | Structure _DISTORM_InstInfoEx Align #PB_Structure_AlignC
2495 | ; Base structure (doesn't get accessed directly from code).
2496 | BASE._DISTORM_InstInfo
2497 |
2498 | ; Extended starts here.
2499 | flagsEx.a ; 8 bits are enough, in the future we might make it a bigger integer.
2500 | op3.a ; OpType.
2501 | op4.a
2502 | opcodeId2.u
2503 | opcodeId3.u
2504 | EndStructure
2505 |
2506 | Structure _DISTORM_InstInfoEx_array
2507 | InstInfoEx._DISTORM_InstInfoEx[0]
2508 | EndStructure
2509 |
2510 | ; Trie data structure node type:
2511 |
2512 | ; _InstNodeType
2513 | Enumeration
2514 | #DISTORM_INT_NOTEXISTS = 0 ; Not exists.
2515 | #DISTORM_INT_INFO = 1 ; It's an instruction info.
2516 | #DISTORM_INT_INFOEX
2517 | #DISTORM_INT_LIST_GROUP
2518 | #DISTORM_INT_LIST_FULL
2519 | #DISTORM_INT_LIST_DIVIDED
2520 | #DISTORM_INT_LIST_PREFIXED
2521 | EndEnumeration
2522 |
2523 | ; Used to check instType < INT_INFOS, means we got an inst-info. Cause it has to be only one of them.
2524 | #DISTORM_INT_INFOS = #DISTORM_INT_LIST_GROUP
2525 |
2526 | ; Instruction node is treated as { int index:13; int type:3; }
2527 | ; typedef uint16_t _InstNode;
2528 |
2529 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
2530 | ImportC #DISTORM_LIB_FULLPATH
2531 | CompilerElse
2532 | Import #DISTORM_LIB_FULLPATH
2533 | CompilerEndIf
2534 |
2535 | inst_lookup.i(*ci._DISTORM_CodeInfo, *ps._DISTORM_PrefixState)
2536 | inst_lookup_3dnow.i(*ci._DISTORM_CodeInfo)
2537 |
2538 | EndImport
2539 |
2540 |
2541 |
2542 | ;- =====================================
2543 | ;- insts
2544 | ;- =====================================
2545 |
2546 |
2547 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
2548 | ImportC #DISTORM_LIB_FULLPATH
2549 | CompilerElse
2550 | Import #DISTORM_LIB_FULLPATH
2551 | CompilerEndIf
2552 |
2553 | ; Flags Table
2554 | FlagsTable()
2555 |
2556 | ; Root Trie DB
2557 | InstSharedInfoTable()
2558 | InstInfos()
2559 | InstInfosEx()
2560 | InstructionsTree()
2561 |
2562 | ; 3DNow! Trie DB
2563 | Table_0F_0F()
2564 | ; AVX related:
2565 | Table_0F()
2566 | Table_0F_38()
2567 | Table_0F_3A()
2568 |
2569 |
2570 | ; * The inst_lookup will Return on of these two instructions according To the specified decoding mode.
2571 | ; * ARPL Or MOVSXD on 64 bits is one byte instruction at index 0x63.
2572 |
2573 | II_ARPL()
2574 | II_MOVSXD()
2575 |
2576 |
2577 | ; * The NOP instruction can be prefixed by REX in 64bits, therefore we have To decide in Runtime whether it's an XCHG or NOP instruction.
2578 | ; * If 0x90 is prefixed by a useable REX it will become XCHG, otherwise it will become a NOP.
2579 | ; * Also note that If it's prefixed by 0xf3, it becomes a Pause.
2580 |
2581 | II_NOP()
2582 | II_PAUSE()
2583 |
2584 |
2585 | ; * Used For letting the extract operand know the type of operands without knowing the
2586 | ; * instruction itself yet, because of the way those instructions work.
2587 | ; * See function instructions.c!inst_lookup_3dnow.
2588 |
2589 | II_3DNOW()
2590 |
2591 | ; Helper tables for pesudo compare mnemonics.
2592 | CmpMnemonicOffsets() ; SSE
2593 | VCmpMnemonicOffsets() ; AVX
2594 |
2595 | EndImport
2596 |
2597 |
2598 |
2599 | ;- =====================================
2600 | ;- operands
2601 | ;- =====================================
2602 |
2603 | CompilerIf #PB_Compiler_Processor = #PB_Processor_x86
2604 | ImportC #DISTORM_LIB_FULLPATH
2605 | CompilerElse
2606 | Import #DISTORM_LIB_FULLPATH
2607 | CompilerEndIf
2608 |
2609 | _REGISTERTORCLASS()
2610 |
2611 | operands_extract.l(*ci._DISTORM_CodeInfo, *di._DISTORM_DInst, *ii._DISTORM_InstInfo,
2612 | instFlags.l, type.l, opNum.l, modrm.l, *ps._DISTORM_PrefixState, effOpSz.l,
2613 | effAdrSz.l, *lockableInstruction.LONG)
2614 |
2615 | EndImport
2616 |
2617 |
2618 | ;- =====================================
2619 | ;- x86defs
2620 | ;- =====================================
2621 |
2622 |
2623 |
2624 | #DISTORM_SEG_REGS_MAX = 6
2625 | #DISTORM_CREGS_MAX = 9
2626 | #DISTORM_DREGS_MAX = 8
2627 |
2628 | ; Maximum instruction size, including prefixes
2629 | #DISTORM_INST_MAXIMUM_SIZE = 15
2630 |
2631 | ; Maximum range of imm8 (comparison type) of special SSE CMP instructions.
2632 | #DISTORM_INST_CMP_MAX_RANGE = 8
2633 |
2634 | ; Maximum range of imm8 (comparison type) of special AVX VCMP instructions.
2635 | #DISTORM_INST_VCMP_MAX_RANGE = 32
2636 |
2637 | ; Wait instruction byte code.
2638 | #DISTORM_INST_WAIT_INDEX = $9b
2639 |
2640 | ; Lea instruction byte code.
2641 | #DISTORM_INST_LEA_INDEX = $8d
2642 |
2643 | ; NOP/XCHG instruction byte code.
2644 | #DISTORM_INST_NOP_INDEX = $90
2645 |
2646 | ; ARPL/MOVSXD instruction byte code.
2647 | #DISTORM_INST_ARPL_INDEX = $63
2648 |
2649 | ; Minimal MODR/M value of divided instructions.
2650 | ; It's $c0, two MSBs set, which indicates a general purpose register is used too.
2651 |
2652 | #DISTORM_INST_DIVIDED_MODRM = $c0
2653 |
2654 | ; This is the escape byte value used for 3DNow! instructions.
2655 | #DISTORM__3DNOW_ESCAPE_BYTE = $0f
2656 |
2657 | #DISTORM_PREFIX_LOCK = $f0
2658 | #DISTORM_PREFIX_REPNZ = $f2
2659 | #DISTORM_PREFIX_REP = $f3
2660 | #DISTORM_PREFIX_CS = $2e
2661 | #DISTORM_PREFIX_SS = $36
2662 | #DISTORM_PREFIX_DS = $3e
2663 | #DISTORM_PREFIX_ES = $26
2664 | #DISTORM_PREFIX_FS = $64
2665 | #DISTORM_PREFIX_GS = $65
2666 | #DISTORM_PREFIX_OP_SIZE = $66
2667 | #DISTORM_PREFIX_ADDR_SIZE = $67
2668 | #DISTORM_PREFIX_VEX2b = $c5
2669 | #DISTORM_PREFIX_VEX3b = $c4
2670 |
2671 | ; REX prefix value range, 64 bits mode decoding only.
2672 | #DISTORM_PREFIX_REX_LOW = $40
2673 | #DISTORM_PREFIX_REX_HI = $4f
2674 | ; In order to use the extended GPR's we have to add 8 to the Modr/M info values.
2675 | #DISTORM_EX_GPR_BASE = 8
2676 |
2677 | ; Mask for REX and VEX features:
2678 | ; Base
2679 | #DISTORM_PREFIX_EX_B = 1
2680 | ; Index
2681 | #DISTORM_PREFIX_EX_X = 2
2682 | ; Register
2683 | #DISTORM_PREFIX_EX_R = 4
2684 | ; Operand Width
2685 | #DISTORM_PREFIX_EX_W = 8
2686 | ; Vector Lengh
2687 | #DISTORM_PREFIX_EX_L = $10
2688 |
2689 |
2690 |
2691 |
2692 |
2693 | CompilerEndIf
2694 |
--------------------------------------------------------------------------------
/tests/Debug_distorm_DataTypes.pbi:
--------------------------------------------------------------------------------
1 | XIncludeFile #PB_Compiler_FilePath + "..\distorm_lib.pbi"
2 |
3 | EnableExplicit
4 |
5 | Macro M_DQUOTE
6 | "
7 | EndMacro
8 |
9 | Macro M_OffsetOfEx(__structA__, __structB__)
10 | (OffsetOf(__structA__) + OffsetOf(__structB__))
11 | EndMacro
12 |
13 | Macro M_MAKE_GENERIC_VALUE(__NUMBER__)
14 | Str(__NUMBER__)+" | 0x"+Hex(__NUMBER__)
15 | EndMacro
16 |
17 | CompilerIf #PB_Compiler_Debugger
18 |
19 | Macro M_DEBUG_SIZEOF(__NAME__)
20 | Debug M_DQUOTE#__NAME__ - size (dec) = "+Str(SizeOf(__NAME__))+" | size (hex) = 0x"+Hex(SizeOf(__NAME__))
21 | EndMacro
22 |
23 | Macro M_DEBUG_OFFSETOF(__NAME__)
24 | Debug M_DQUOTE#__NAME__ - offset (dec) = "+Str(OffsetOf(__NAME__))+" | offset (hex) = 0x"+Hex(OffsetOf(__NAME__))
25 | EndMacro
26 |
27 | CompilerElse
28 |
29 | Macro M_DEBUG_SIZEOF(__NAME__)
30 | EndMacro
31 |
32 | Macro M_DEBUG_OFFSETOF(__NAME__)
33 | EndMacro
34 |
35 | CompilerEndIf
36 |
37 | Debug "======== Displaying Structures Sizes ========"
38 |
39 | M_DEBUG_SIZEOF(_DISTORM_CodeInfo)
40 | M_DEBUG_SIZEOF(_DISTORM_Value)
41 | M_DEBUG_SIZEOF(_DISTORM_Operand)
42 | M_DEBUG_SIZEOF(_DISTORM_DInst)
43 | M_DEBUG_SIZEOF(_DISTORM_WString)
44 | M_DEBUG_SIZEOF(_DISTORM_DecodedInst)
45 |
46 | Debug "----- Mnemonics -----"
47 |
48 | M_DEBUG_SIZEOF(_DISTORM_WMnemonic)
49 | M_DEBUG_SIZEOF(_DISTORM_WRegister)
50 |
51 |
52 | Debug "----- Prefix -----"
53 |
54 | M_DEBUG_SIZEOF(_DISTORM_PrefixState)
55 |
56 | Debug "----- Instructions -----"
57 |
58 | M_DEBUG_SIZEOF(_DISTORM_InstSharedInfo)
59 | M_DEBUG_SIZEOF(_DISTORM_InstInfo)
60 | M_DEBUG_SIZEOF(_DISTORM_InstInfoEx)
61 |
62 |
63 | Debug "Distorm Version: "+distorm_version()
64 |
--------------------------------------------------------------------------------
/tests/Dis_Test1.pb:
--------------------------------------------------------------------------------
1 | XIncludeFile #PB_Compiler_FilePath + "TestHelper.pbi"
2 |
3 | Procedure Do_Distorm_Test1()
4 | Protected res.l
5 | Protected Dim decodedInstructions._DISTORM_DecodedInst(1000)
6 | Protected decodedInstructionsCount.l = 0
7 | Protected i.l = 0
8 | Protected offset.q = 0
9 | Protected max_instructions.l = 1000
10 |
11 |
12 | Protected *code = ?test_data1_start
13 | Protected codeLen.l = ?test_data1_end - ?test_data1_start
14 |
15 | res = distorm_decode64(offset, *code, codeLen, #DISTORM_Decode32Bits, @decodedInstructions(), max_instructions, @decodedInstructionsCount)
16 |
17 | PrintN("")
18 |
19 | If res = #DISTORM_DECRES_SUCCESS
20 | Protected de_text.s = ""
21 |
22 | For i.l = 0 To decodedInstructionsCount - 1
23 | de_text = Distorm_InstructionString(@decodedInstructions(i))
24 |
25 | PrintN(de_text)
26 |
27 | Next i
28 | Else
29 | PrintN("Decoding Failed")
30 | EndIf
31 |
32 | ;SetClipboardText( Distorm_CreateInstructionStringFromArray(decodedInstructions(), decodedInstructionsCount))
33 |
34 | DataSection
35 | test_data1_start: ; 11 bytes
36 | Data.a $55, $8B, $EC, $8B, $45, $08, $03, $45, $0C, $C9, $C3
37 | test_data1_end:
38 | EndDataSection
39 |
40 | EndProcedure
41 |
42 | If OpenConsole()
43 | PrintN("diStorm version: "+GetDistormVersionString())
44 | PrintN("")
45 |
46 | Do_Distorm_Test1()
47 |
48 | PrintN("")
49 | PrintN("Press enter to continue")
50 | PrintN("")
51 | Input()
52 |
53 | CloseConsole()
54 | EndIf
55 |
--------------------------------------------------------------------------------
/tests/Dis_Test2.pb:
--------------------------------------------------------------------------------
1 | XIncludeFile #PB_Compiler_FilePath + "TestHelper.pbi"
2 |
3 | Procedure myTestFunc(a.l, b.l)
4 | a = 8
5 | b = 4
6 | Protected myvalue.q = 9999999999999999999
7 | ProcedureReturn 2
8 | EndProcedure
9 |
10 | Procedure Do_Distorm_Test2()
11 | Protected res.l
12 | Protected decodedInstructionsCount.l = 0
13 | Protected i.l = 0
14 | Protected offset.q = 0
15 | Protected max_instructions.l = 1000
16 |
17 | Protected Dim decodedInstructions._DISTORM_DecodedInst(0)
18 | Protected Dim Instructions._DISTORM_DInst(max_instructions)
19 |
20 | Protected code_info._DISTORM_CodeInfo
21 |
22 | offset = 0
23 |
24 | code_info\codeOffset = offset
25 | code_info\code = @myTestFunc()
26 | code_info\codeLen = 500
27 | code_info\dt = DISTORM_M_GET_DECODEMODE_PB()
28 | code_info\features = #DISTORM_DF_STOP_ON_RET
29 |
30 | PrintN("Decoding Instructions form: "+Hex(@myTestFunc()))
31 |
32 | res = distorm_decompose64(@code_info, @Instructions(), max_instructions, @decodedInstructionsCount)
33 |
34 | If res = #DISTORM_DECRES_SUCCESS
35 | PrintN("Decoded "+Str(decodedInstructionsCount)+" Instructions")
36 | PrintN("")
37 |
38 | Protected x.l = 0
39 |
40 | For i.l = 0 To decodedInstructionsCount - 1
41 | distorm_format64(@code_info, @Instructions(i), @decodedInstructions(x))
42 |
43 | ReDim decodedInstructions(ArraySize(decodedInstructions())+1)
44 | x + 1
45 | Next i
46 |
47 |
48 | Protected de_text.s = ""
49 |
50 | For i.l = 0 To decodedInstructionsCount - 1
51 | de_text = Distorm_InstructionString(@decodedInstructions(i))
52 | PrintN(de_text)
53 | Next i
54 |
55 | Else
56 | PrintN("Decoding Failed")
57 | EndIf
58 |
59 |
60 |
61 | EndProcedure
62 |
63 | If OpenConsole()
64 | PrintN("diStorm version: "+GetDistormVersionString())
65 | PrintN("")
66 |
67 | Do_Distorm_Test2()
68 |
69 | PrintN("")
70 | PrintN("Press enter to continue")
71 | PrintN("")
72 | Input()
73 |
74 | CloseConsole()
75 | EndIf
76 |
--------------------------------------------------------------------------------
/tests/TestHelper.pbi:
--------------------------------------------------------------------------------
1 | XIncludeFile #PB_Compiler_FilePath + "..\distorm_lib.pbi"
2 |
3 | EnableExplicit
4 |
5 | Procedure.s Distorm_InstructionString(*Inst._DISTORM_DecodedInst)
6 | Protected result.s
7 | Protected str_instructionHex.s, str_mnemonic.s, str_operands.s
8 | Protected formated_instructionHex.s
9 |
10 | str_instructionHex = PeekS(@*Inst\instructionHex\p, -1, #PB_Ascii)
11 | str_mnemonic = PeekS(@*Inst\mnemonic\p, -1, #PB_Ascii)
12 | str_operands = PeekS(@*Inst\operands\p, -1, #PB_Ascii)
13 |
14 | If *Inst\instructionHex\length > 0
15 | Protected x.l
16 | For x = 1 To Len(str_instructionHex) Step 2
17 | formated_instructionHex + UCase(Mid(str_instructionHex, x, 2)) + " "
18 | Next x
19 |
20 | formated_instructionHex = RTrim(formated_instructionHex)
21 | EndIf
22 |
23 | result = RSet(Hex(*Inst\offset),8, "0") + " (" + Str(*Inst\size) + ")"
24 |
25 | If *Inst\size >= 10
26 | result + " "
27 | Else
28 | result + " "
29 | EndIf
30 |
31 | result + LSet(formated_instructionHex, 24)
32 | result + " " + str_mnemonic
33 |
34 | If *Inst\operands\length <> 0
35 | result + " "
36 | EndIf
37 |
38 | result + str_operands
39 |
40 | ProcedureReturn result
41 | EndProcedure
42 |
43 | Procedure.s Distorm_CreateInstructionStringFromArray(Array Insts._DISTORM_DecodedInst(1), InstructionsCount.l)
44 | Protected result.s
45 | Protected i.l
46 | Protected inst_string.s
47 | Protected arr_size.i
48 |
49 | arr_size = ArraySize(Insts())
50 |
51 | If InstructionsCount > (arr_size+1)
52 | ProcedureReturn ""
53 | EndIf
54 |
55 | For i.l = 0 To InstructionsCount - 1
56 | inst_string = Distorm_InstructionString(@Insts(i))
57 | result + inst_string + #CRLF$
58 | Next i
59 |
60 | ProcedureReturn result
61 | EndProcedure
62 |
63 | Procedure.s Format_DistormVersion(dver.l)
64 | Protected result.s
65 | result = Str(dver >> 16)+"."+Str((dver >> 8) & $ff)+"."+Str(dver & $ff)
66 | ProcedureReturn result
67 | EndProcedure
68 |
69 | Procedure.s GetDistormVersionString()
70 | Protected result.s
71 | result = Format_DistormVersion(distorm_version())
72 | ProcedureReturn result
73 | EndProcedure
74 |
75 |
76 |
--------------------------------------------------------------------------------