├── .clang-format
├── .gitattributes
├── .gitignore
├── .gitmodules
├── FU_Hypervisor.sln
├── FU_Hypervisor
    ├── FU_Hypervisor.cpp
    ├── FU_Hypervisor.h
    ├── FU_Hypervisor.vcxproj
    ├── FU_Hypervisor.vcxproj.filters
    ├── fake_page.cpp
    └── fake_page.h
├── LICENSE
├── README.md
├── TODO.txt
├── TestPrograms
    ├── ReadProcMem
    │   ├── ReadProcMem.sln
    │   └── ReadProcMem
    │   │   ├── ReadMe.txt
    │   │   ├── ReadProcMem.cpp
    │   │   ├── ReadProcMem.vcxproj
    │   │   ├── ReadProcMem.vcxproj.filters
    │   │   ├── capstone.lib
    │   │   ├── include
    │   │       ├── arm.h
    │   │       ├── arm64.h
    │   │       ├── capstone.h
    │   │       ├── mips.h
    │   │       ├── platform.h
    │   │       ├── ppc.h
    │   │       ├── sparc.h
    │   │       ├── systemz.h
    │   │       ├── x86.h
    │   │       └── xcore.h
    │   │   ├── stdafx.cpp
    │   │   ├── stdafx.h
    │   │   └── targetver.h
    └── SampleHook
    │   ├── SampleHook.sln
    │   └── SampleHook
    │       ├── MinHook.h
    │       ├── ReadMe.txt
    │       ├── SampleHook.c
    │       ├── SampleHook.vcxproj
    │       ├── SampleHook.vcxproj.filters
    │       ├── capstone.x64.lib
    │       ├── capstone.x86.lib
    │       ├── fu.h
    │       ├── include
    │           ├── arm.h
    │           ├── arm64.h
    │           ├── capstone.h
    │           ├── mips.h
    │           ├── platform.h
    │           ├── ppc.h
    │           ├── sparc.h
    │           ├── systemz.h
    │           ├── x86.h
    │           └── xcore.h
    │       ├── libMinHook.x64.lib
    │       ├── libMinHook.x86.lib
    │       ├── stdafx.c
    │       ├── stdafx.h
    │       └── targetver.h
└── clean.bat


/.clang-format:
--------------------------------------------------------------------------------
 1 | ---
 2 | Language:        Cpp
 3 | # BasedOnStyle:  Google
 4 | AccessModifierOffset: -1
 5 | AlignAfterOpenBracket: Align
 6 | AlignConsecutiveAssignments: false
 7 | AlignConsecutiveDeclarations: false
 8 | AlignEscapedNewlinesLeft: true
 9 | AlignOperands:   true
10 | AlignTrailingComments: true
11 | AllowAllParametersOfDeclarationOnNextLine: true
12 | AllowShortBlocksOnASingleLine: false
13 | AllowShortCaseLabelsOnASingleLine: false
14 | AllowShortFunctionsOnASingleLine: All
15 | AllowShortIfStatementsOnASingleLine: true
16 | AllowShortLoopsOnASingleLine: true
17 | AlwaysBreakAfterDefinitionReturnType: None
18 | AlwaysBreakBeforeMultilineStrings: true
19 | AlwaysBreakTemplateDeclarations: true
20 | BinPackArguments: true
21 | BinPackParameters: true
22 | BraceWrapping:   
23 |   AfterClass:      false
24 |   AfterControlStatement: false
25 |   AfterEnum:       false
26 |   AfterFunction:   false
27 |   AfterNamespace:  false
28 |   AfterObjCDeclaration: false
29 |   AfterStruct:     false
30 |   AfterUnion:      false
31 |   BeforeCatch:     false
32 |   BeforeElse:      false
33 |   IndentBraces:    false
34 | BreakBeforeBinaryOperators: None
35 | BreakBeforeBraces: Attach
36 | BreakBeforeTernaryOperators: true
37 | BreakConstructorInitializersBeforeComma: false
38 | ColumnLimit:     80
39 | CommentPragmas:  '^ IWYU pragma:'
40 | ConstructorInitializerAllOnOneLineOrOnePerLine: true
41 | ConstructorInitializerIndentWidth: 4
42 | ContinuationIndentWidth: 4
43 | Cpp11BracedListStyle: true
44 | DerivePointerAlignment: true
45 | DisableFormat:   false
46 | ExperimentalAutoDetectBinPacking: false
47 | ForEachMacros:   [ foreach, Q_FOREACH, BOOST_FOREACH ]
48 | IncludeCategories: 
49 |   - Regex:           '^<.*\.h>'
50 |     Priority:        1
51 |   - Regex:           '^<.*'
52 |     Priority:        2
53 |   - Regex:           '.*'
54 |     Priority:        3
55 | IndentCaseLabels: true
56 | IndentWidth:     2
57 | IndentWrappedFunctionNames: false
58 | KeepEmptyLinesAtTheStartOfBlocks: false
59 | MacroBlockBegin: ''
60 | MacroBlockEnd:   ''
61 | MaxEmptyLinesToKeep: 1
62 | NamespaceIndentation: None
63 | ObjCBlockIndentWidth: 2
64 | ObjCSpaceAfterProperty: false
65 | ObjCSpaceBeforeProtocolList: false
66 | PenaltyBreakBeforeFirstCallParameter: 1
67 | PenaltyBreakComment: 300
68 | PenaltyBreakFirstLessLess: 120
69 | PenaltyBreakString: 1000
70 | PenaltyExcessCharacter: 1000000
71 | PenaltyReturnTypeOnItsOwnLine: 200
72 | SortIncludes:    false
73 | PointerAlignment: Left
74 | SpaceAfterCStyleCast: false
75 | SpaceBeforeAssignmentOperators: true
76 | SpaceBeforeParens: ControlStatements
77 | SpaceInEmptyParentheses: false
78 | SpacesBeforeTrailingComments: 2
79 | SpacesInAngles:  false
80 | SpacesInContainerLiterals: true
81 | SpacesInCStyleCastParentheses: false
82 | SpacesInParentheses: false
83 | SpacesInSquareBrackets: false
84 | Standard:        Auto
85 | TabWidth:        8
86 | UseTab:          Never
87 | ...
88 | 
89 | 


--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
 1 | ###############################################################################
 2 | # Set default behavior to automatically normalize line endings.
 3 | ###############################################################################
 4 | * text=auto
 5 | 
 6 | ###############################################################################
 7 | # Set default behavior for command prompt diff.
 8 | #
 9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs     diff=csharp
14 | 
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following 
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln       merge=binary
26 | #*.csproj    merge=binary
27 | #*.vbproj    merge=binary
28 | #*.vcxproj   merge=binary
29 | #*.vcproj    merge=binary
30 | #*.dbproj    merge=binary
31 | #*.fsproj    merge=binary
32 | #*.lsproj    merge=binary
33 | #*.wixproj   merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj   merge=binary
36 | #*.wwaproj   merge=binary
37 | 
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg   binary
44 | #*.png   binary
45 | #*.gif   binary
46 | 
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | # 
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the 
52 | # entries below.
53 | ###############################################################################
54 | #*.doc   diff=astextplain
55 | #*.DOC   diff=astextplain
56 | #*.docx  diff=astextplain
57 | #*.DOCX  diff=astextplain
58 | #*.dot   diff=astextplain
59 | #*.DOT   diff=astextplain
60 | #*.pdf   diff=astextplain
61 | #*.PDF   diff=astextplain
62 | #*.rtf   diff=astextplain
63 | #*.RTF   diff=astextplain
64 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | 
  4 | # User-specific files
  5 | *.suo
  6 | *.user
  7 | *.userosscache
  8 | *.sln.docstates
  9 | 
 10 | # User-specific files (MonoDevelop/Xamarin Studio)
 11 | *.userprefs
 12 | 
 13 | # Build results
 14 | [Dd]ebug/
 15 | [Dd]ebugPublic/
 16 | [Rr]elease/
 17 | [Rr]eleases/
 18 | [Xx]64/
 19 | [Xx]86/
 20 | [Bb]uild/
 21 | bld/
 22 | [Bb]in/
 23 | [Oo]bj/
 24 | 
 25 | # Visual Studio 2015 cache/options directory
 26 | .vs/
 27 | # Uncomment if you have tasks that create the project's static files in wwwroot
 28 | #wwwroot/
 29 | 
 30 | # MSTest test Results
 31 | [Tt]est[Rr]esult*/
 32 | [Bb]uild[Ll]og.*
 33 | 
 34 | # NUNIT
 35 | *.VisualState.xml
 36 | TestResult.xml
 37 | 
 38 | # Build Results of an ATL Project
 39 | [Dd]ebugPS/
 40 | [Rr]eleasePS/
 41 | dlldata.c
 42 | 
 43 | # DNX
 44 | project.lock.json
 45 | artifacts/
 46 | 
 47 | *_i.c
 48 | *_p.c
 49 | *_i.h
 50 | *.ilk
 51 | *.meta
 52 | *.obj
 53 | *.pch
 54 | *.pdb
 55 | *.pgc
 56 | *.pgd
 57 | *.rsp
 58 | *.sbr
 59 | *.tlb
 60 | *.tli
 61 | *.tlh
 62 | *.tmp
 63 | *.tmp_proj
 64 | *.log
 65 | *.vspscc
 66 | *.vssscc
 67 | .builds
 68 | *.pidb
 69 | *.svclog
 70 | *.scc
 71 | 
 72 | # Chutzpah Test files
 73 | _Chutzpah*
 74 | 
 75 | # Visual C++ cache files
 76 | ipch/
 77 | *.aps
 78 | *.ncb
 79 | *.opendb
 80 | *.opensdf
 81 | *.sdf
 82 | *.cachefile
 83 | *.VC.db
 84 | 
 85 | # Visual Studio profiler
 86 | *.psess
 87 | *.vsp
 88 | *.vspx
 89 | *.sap
 90 | 
 91 | # TFS 2012 Local Workspace
 92 | $tf/
 93 | 
 94 | # Guidance Automation Toolkit
 95 | *.gpState
 96 | 
 97 | # ReSharper is a .NET coding add-in
 98 | _ReSharper*/
 99 | *.[Rr]e[Ss]harper
100 | *.DotSettings.user
101 | 
102 | # JustCode is a .NET coding add-in
103 | .JustCode
104 | 
105 | # TeamCity is a build add-in
106 | _TeamCity*
107 | 
108 | # DotCover is a Code Coverage Tool
109 | *.dotCover
110 | 
111 | # NCrunch
112 | _NCrunch_*
113 | .*crunch*.local.xml
114 | nCrunchTemp_*
115 | 
116 | # MightyMoose
117 | *.mm.*
118 | AutoTest.Net/
119 | 
120 | # Web workbench (sass)
121 | .sass-cache/
122 | 
123 | # Installshield output folder
124 | [Ee]xpress/
125 | 
126 | # DocProject is a documentation generator add-in
127 | DocProject/buildhelp/
128 | DocProject/Help/*.HxT
129 | DocProject/Help/*.HxC
130 | DocProject/Help/*.hhc
131 | DocProject/Help/*.hhk
132 | DocProject/Help/*.hhp
133 | DocProject/Help/Html2
134 | DocProject/Help/html
135 | 
136 | # Click-Once directory
137 | publish/
138 | 
139 | # Publish Web Output
140 | *.[Pp]ublish.xml
141 | *.azurePubxml
142 | 
143 | # TODO: Un-comment the next line if you do not want to checkin 
144 | # your web deploy settings because they may include unencrypted
145 | # passwords
146 | #*.pubxml
147 | *.publishproj
148 | 
149 | # NuGet Packages
150 | *.nupkg
151 | # The packages folder can be ignored because of Package Restore
152 | **/packages/*
153 | # except build/, which is used as an MSBuild target.
154 | !**/packages/build/
155 | # Uncomment if necessary however generally it will be regenerated when needed
156 | #!**/packages/repositories.config
157 | # NuGet v3's project.json files produces more ignoreable files
158 | *.nuget.props
159 | *.nuget.targets
160 | 
161 | # Microsoft Azure Build Output
162 | csx/
163 | *.build.csdef
164 | 
165 | # Microsoft Azure Emulator
166 | ecf/
167 | rcf/
168 | 
169 | # Microsoft Azure ApplicationInsights config file
170 | ApplicationInsights.config
171 | 
172 | # Windows Store app package directory
173 | AppPackages/
174 | BundleArtifacts/
175 | 
176 | # Visual Studio cache files
177 | # files ending in .cache can be ignored
178 | *.[Cc]ache
179 | # but keep track of directories ending in .cache
180 | !*.[Cc]ache/
181 | 
182 | # Others
183 | ClientBin/
184 | [Ss]tyle[Cc]op.*
185 | ~$*
186 | *~
187 | *.dbmdl
188 | *.dbproj.schemaview
189 | *.pfx
190 | *.publishsettings
191 | node_modules/
192 | orleans.codegen.cs
193 | 
194 | # RIA/Silverlight projects
195 | Generated_Code/
196 | 
197 | # Backup & report files from converting an old project file
198 | # to a newer Visual Studio version. Backup files are not needed,
199 | # because we have git ;-)
200 | _UpgradeReport_Files/
201 | Backup*/
202 | UpgradeLog*.XML
203 | UpgradeLog*.htm
204 | 
205 | # SQL Server files
206 | *.mdf
207 | *.ldf
208 | 
209 | # Business Intelligence projects
210 | *.rdl.data
211 | *.bim.layout
212 | *.bim_*.settings
213 | 
214 | # Microsoft Fakes
215 | FakesAssemblies/
216 | 
217 | # GhostDoc plugin setting file
218 | *.GhostDoc.xml
219 | 
220 | # Node.js Tools for Visual Studio
221 | .ntvs_analysis.dat
222 | 
223 | # Visual Studio 6 build log
224 | *.plg
225 | 
226 | # Visual Studio 6 workspace options file
227 | *.opt
228 | 
229 | # Visual Studio LightSwitch build output
230 | **/*.HTMLClient/GeneratedArtifacts
231 | **/*.DesktopClient/GeneratedArtifacts
232 | **/*.DesktopClient/ModelManifest.xml
233 | **/*.Server/GeneratedArtifacts
234 | **/*.Server/ModelManifest.xml
235 | _Pvt_Extensions
236 | 
237 | # LightSwitch generated files
238 | GeneratedArtifacts/
239 | ModelManifest.xml
240 | 
241 | # Paket dependency manager
242 | .paket/paket.exe
243 | 
244 | # FAKE - F# Make
245 | .fake/


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
 1 | [submodule "HyperPlatform"]
 2 | 	path = HyperPlatform
 3 | 	url = https://github.com/tandasat/HyperPlatform.git
 4 | [submodule "TestPrograms/capstone"]
 5 | 	path = TestPrograms/capstone
 6 | 	url = https://github.com/tandasat/capstone.git
 7 | [submodule "TestPrograms/minhook"]
 8 | 	path = TestPrograms/minhook
 9 | 	url = https://github.com/tandasat/minhook.git
10 | 


--------------------------------------------------------------------------------
/FU_Hypervisor.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FU_Hypervisor", "FU_Hypervisor\FU_Hypervisor.vcxproj", "{108B26EA-C225-476E-B763-975A409A252F}"
 7 | EndProject
 8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{CF7F7666-5330-481C-AE37-02DA46B66650}"
 9 | 	ProjectSection(SolutionItems) = preProject
10 | 		.clang-format = .clang-format
11 | 		.gitattributes = .gitattributes
12 | 		.gitignore = .gitignore
13 | 		.gitmodules = .gitmodules
14 | 		clean.bat = clean.bat
15 | 		README.md = README.md
16 | 	EndProjectSection
17 | EndProject
18 | Global
19 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
20 | 		Debug|x64 = Debug|x64
21 | 		Debug|x86 = Debug|x86
22 | 		Release|x64 = Release|x64
23 | 		Release|x86 = Release|x86
24 | 	EndGlobalSection
25 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
26 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x64.ActiveCfg = Debug|x64
27 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x64.Build.0 = Debug|x64
28 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x64.Deploy.0 = Debug|x64
29 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x86.ActiveCfg = Debug|Win32
30 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x86.Build.0 = Debug|Win32
31 | 		{108B26EA-C225-476E-B763-975A409A252F}.Debug|x86.Deploy.0 = Debug|Win32
32 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x64.ActiveCfg = Release|x64
33 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x64.Build.0 = Release|x64
34 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x64.Deploy.0 = Release|x64
35 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x86.ActiveCfg = Release|Win32
36 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x86.Build.0 = Release|Win32
37 | 		{108B26EA-C225-476E-B763-975A409A252F}.Release|x86.Deploy.0 = Release|Win32
38 | 	EndGlobalSection
39 | 	GlobalSection(SolutionProperties) = preSolution
40 | 		HideSolutionNode = FALSE
41 | 	EndGlobalSection
42 | EndGlobal
43 | 


--------------------------------------------------------------------------------
/FU_Hypervisor/FU_Hypervisor.cpp:
--------------------------------------------------------------------------------
 1 | // Copyright (c) 2015-2018, Satoshi Tanda. All rights reserved.
 2 | // Use of this source code is governed by a MIT-style license that can be
 3 | // found in the LICENSE file.
 4 | 
 5 | /// @file
 6 | /// Implements FU functions.
 7 | 
 8 | #include "FU_Hypervisor.h"
 9 | #include <ntimage.h>
10 | #define NTSTRSAFE_NO_CB_FUNCTIONS
11 | #include <ntstrsafe.h>
12 | #include "../HyperPlatform/HyperPlatform/common.h"
13 | #include "../HyperPlatform/HyperPlatform/log.h"
14 | #include "../HyperPlatform/HyperPlatform/util.h"
15 | #include "../HyperPlatform/HyperPlatform/ept.h"
16 | 
17 | extern "C" {
18 | ////////////////////////////////////////////////////////////////////////////////
19 | //
20 | // macro utilities
21 | //
22 | 
23 | ////////////////////////////////////////////////////////////////////////////////
24 | //
25 | // constants and macros
26 | //
27 | 
28 | ////////////////////////////////////////////////////////////////////////////////
29 | //
30 | // types
31 | //
32 | 
33 | ////////////////////////////////////////////////////////////////////////////////
34 | //
35 | // prototypes
36 | //
37 | 
38 | _IRQL_requires_max_(PASSIVE_LEVEL) static void FupCreateProcessNotifyRoutine(
39 |     _In_ HANDLE parent_pid, _In_ HANDLE pid, _In_ BOOLEAN create);
40 | 
41 | #if defined(ALLOC_PRAGMA)
42 | #pragma alloc_text(INIT, FuInitialization)
43 | #pragma alloc_text(PAGE, FuTermination)
44 | #pragma alloc_text(PAGE, FupCreateProcessNotifyRoutine)
45 | #endif
46 | 
47 | ////////////////////////////////////////////////////////////////////////////////
48 | //
49 | // variables
50 | //
51 | 
52 | ////////////////////////////////////////////////////////////////////////////////
53 | //
54 | // implementations
55 | //
56 | 
57 | _Use_decl_annotations_ NTSTATUS FuInitialization() {
58 |   PAGED_CODE();
59 | 
60 |   auto status =
61 |       PsSetCreateProcessNotifyRoutine(FupCreateProcessNotifyRoutine, FALSE);
62 |   return status;
63 | }
64 | 
65 | _Use_decl_annotations_ void FuTermination() {
66 |   PAGED_CODE();
67 | 
68 |   PsSetCreateProcessNotifyRoutine(FupCreateProcessNotifyRoutine, TRUE);
69 | }
70 | 
71 | _Use_decl_annotations_ static void FupCreateProcessNotifyRoutine(
72 |     HANDLE parent_pid, HANDLE pid, BOOLEAN create) {
73 |   PAGED_CODE();
74 |   UNREFERENCED_PARAMETER(parent_pid);
75 |   UNREFERENCED_PARAMETER(pid);
76 | 
77 |   if (create) {
78 |     return;
79 |   }
80 | 
81 |   UtilForEachProcessor(
82 |       [](void* context) {
83 |         UNREFERENCED_PARAMETER(context);
84 |         return UtilVmCall(HypercallNumber::kApiMonDisableConcealment, nullptr);
85 |       },
86 |       nullptr);
87 | 
88 |   UtilVmCall(HypercallNumber::kApiMonDeleteConcealment, nullptr);
89 | }
90 | 
91 | }  // extern "C"
92 | 


--------------------------------------------------------------------------------
/FU_Hypervisor/FU_Hypervisor.h:
--------------------------------------------------------------------------------
 1 | // Copyright (c) 2015-2018, Satoshi Tanda. All rights reserved.
 2 | // Use of this source code is governed by a MIT-style license that can be
 3 | // found in the LICENSE file.
 4 | 
 5 | /// @file
 6 | /// Declares interfaces to FU functions.
 7 | 
 8 | #ifndef FU_HYPERVISOR_FU_HYPERVISOR_H_
 9 | #define FU_HYPERVISOR_FU_HYPERVISOR_H_
10 | 
11 | #include <fltKernel.h>
12 | 
13 | extern "C" {
14 | ////////////////////////////////////////////////////////////////////////////////
15 | //
16 | // macro utilities
17 | //
18 | 
19 | ////////////////////////////////////////////////////////////////////////////////
20 | //
21 | // constants and macros
22 | //
23 | 
24 | ////////////////////////////////////////////////////////////////////////////////
25 | //
26 | // types
27 | //
28 | 
29 | struct EptData;
30 | struct ProcessorFakePageData;
31 | struct SharedFakePageData;
32 | 
33 | ////////////////////////////////////////////////////////////////////////////////
34 | //
35 | // prototypes
36 | //
37 | 
38 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C NTSTATUS FuInitialization();
39 | 
40 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C void FuTermination();
41 | 
42 | ////////////////////////////////////////////////////////////////////////////////
43 | //
44 | // variables
45 | //
46 | 
47 | ////////////////////////////////////////////////////////////////////////////////
48 | //
49 | // implementations
50 | //
51 | 
52 | }  // extern "C"
53 | 
54 | #endif  // FU_HYPERVISOR_FU_HYPERVISOR_H_
55 | 


--------------------------------------------------------------------------------
/FU_Hypervisor/FU_Hypervisor.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{108B26EA-C225-476E-B763-975A409A252F}</ProjectGuid>
 23 |     <TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
 24 |     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
 25 |     <MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
 26 |     <Configuration>Debug</Configuration>
 27 |     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
 28 |     <RootNamespace>FU_Hypervisor</RootNamespace>
 29 |   </PropertyGroup>
 30 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 31 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 32 |     <TargetVersion>Windows7</TargetVersion>
 33 |     <UseDebugLibraries>true</UseDebugLibraries>
 34 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 35 |     <ConfigurationType>Driver</ConfigurationType>
 36 |     <DriverType>KMDF</DriverType>
 37 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 38 |   </PropertyGroup>
 39 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 40 |     <TargetVersion>Windows7</TargetVersion>
 41 |     <UseDebugLibraries>false</UseDebugLibraries>
 42 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 43 |     <ConfigurationType>Driver</ConfigurationType>
 44 |     <DriverType>KMDF</DriverType>
 45 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 48 |     <TargetVersion>Windows7</TargetVersion>
 49 |     <UseDebugLibraries>true</UseDebugLibraries>
 50 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 51 |     <ConfigurationType>Driver</ConfigurationType>
 52 |     <DriverType>KMDF</DriverType>
 53 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 54 |   </PropertyGroup>
 55 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 56 |     <TargetVersion>Windows7</TargetVersion>
 57 |     <UseDebugLibraries>false</UseDebugLibraries>
 58 |     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
 59 |     <ConfigurationType>Driver</ConfigurationType>
 60 |     <DriverType>KMDF</DriverType>
 61 |     <DriverTargetPlatform>Desktop</DriverTargetPlatform>
 62 |   </PropertyGroup>
 63 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 64 |   <ImportGroup Label="ExtensionSettings">
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <PropertyGroup Label="UserMacros" />
 70 |   <PropertyGroup />
 71 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 72 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 73 |     <IncludePath>$(VC_IncludePath);$(IncludePath)</IncludePath>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 76 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 77 |     <IncludePath>$(VC_IncludePath);$(IncludePath)</IncludePath>
 78 |   </PropertyGroup>
 79 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 80 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 81 |     <IncludePath>$(VC_IncludePath);$(IncludePath)</IncludePath>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 84 |     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
 85 |     <IncludePath>$(VC_IncludePath);$(IncludePath)</IncludePath>
 86 |   </PropertyGroup>
 87 |   <ItemGroup>
 88 |     <FilesToPackage Include="$(TargetPath)" />
 89 |   </ItemGroup>
 90 |   <ItemGroup>
 91 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\driver.cpp" />
 92 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\ept.cpp" />
 93 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\global_object.cpp" />
 94 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\hotplug_callback.cpp" />
 95 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\kernel_stl.cpp" />
 96 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\log.cpp" />
 97 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\performance.cpp" />
 98 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\power_callback.cpp" />
 99 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\util.cpp" />
100 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\vm.cpp" />
101 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\vmm.cpp" />
102 |     <ClCompile Include="fake_page.cpp" />
103 |     <ClCompile Include="FU_Hypervisor.cpp" />
104 |   </ItemGroup>
105 |   <ItemGroup>
106 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\asm.h" />
107 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\common.h" />
108 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\driver.h" />
109 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\ept.h" />
110 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\global_object.h" />
111 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\hotplug_callback.h" />
112 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\ia32_type.h" />
113 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\kernel_stl.h" />
114 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\log.h" />
115 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\performance.h" />
116 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\perf_counter.h" />
117 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\power_callback.h" />
118 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\util.h" />
119 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\util_page_constants.h" />
120 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\vm.h" />
121 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\vmm.h" />
122 |     <ClInclude Include="fake_page.h" />
123 |     <ClInclude Include="FU_Hypervisor.h" />
124 |   </ItemGroup>
125 |   <ItemGroup>
126 |     <MASM Include="..\HyperPlatform\HyperPlatform\Arch\x64\x64.asm">
127 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
128 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
129 |     </MASM>
130 |     <MASM Include="..\HyperPlatform\HyperPlatform\Arch\x86\x86.asm">
131 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
132 |       <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
133 |       <UseSafeExceptionHandlers Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</UseSafeExceptionHandlers>
134 |       <UseSafeExceptionHandlers Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</UseSafeExceptionHandlers>
135 |     </MASM>
136 |   </ItemGroup>
137 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
138 |   <ImportGroup Label="ExtensionTargets">
139 |   </ImportGroup>
140 | </Project>


--------------------------------------------------------------------------------
/FU_Hypervisor/FU_Hypervisor.vcxproj.filters:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup>
  4 |     <Filter Include="Source Files">
  5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
  6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
  7 |     </Filter>
  8 |     <Filter Include="Header Files">
  9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
 10 |       <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
 11 |     </Filter>
 12 |     <Filter Include="Resource Files">
 13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
 14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
 15 |     </Filter>
 16 |     <Filter Include="Driver Files">
 17 |       <UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
 18 |       <Extensions>inf;inv;inx;mof;mc;</Extensions>
 19 |     </Filter>
 20 |   </ItemGroup>
 21 |   <ItemGroup>
 22 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\driver.cpp">
 23 |       <Filter>Source Files</Filter>
 24 |     </ClCompile>
 25 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\ept.cpp">
 26 |       <Filter>Source Files</Filter>
 27 |     </ClCompile>
 28 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\kernel_stl.cpp">
 29 |       <Filter>Source Files</Filter>
 30 |     </ClCompile>
 31 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\log.cpp">
 32 |       <Filter>Source Files</Filter>
 33 |     </ClCompile>
 34 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\performance.cpp">
 35 |       <Filter>Source Files</Filter>
 36 |     </ClCompile>
 37 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\util.cpp">
 38 |       <Filter>Source Files</Filter>
 39 |     </ClCompile>
 40 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\vm.cpp">
 41 |       <Filter>Source Files</Filter>
 42 |     </ClCompile>
 43 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\vmm.cpp">
 44 |       <Filter>Source Files</Filter>
 45 |     </ClCompile>
 46 |     <ClCompile Include="FU_Hypervisor.cpp">
 47 |       <Filter>Source Files</Filter>
 48 |     </ClCompile>
 49 |     <ClCompile Include="fake_page.cpp">
 50 |       <Filter>Source Files</Filter>
 51 |     </ClCompile>
 52 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\global_object.cpp">
 53 |       <Filter>Source Files</Filter>
 54 |     </ClCompile>
 55 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\hotplug_callback.cpp">
 56 |       <Filter>Source Files</Filter>
 57 |     </ClCompile>
 58 |     <ClCompile Include="..\HyperPlatform\HyperPlatform\power_callback.cpp">
 59 |       <Filter>Source Files</Filter>
 60 |     </ClCompile>
 61 |   </ItemGroup>
 62 |   <ItemGroup>
 63 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\asm.h">
 64 |       <Filter>Header Files</Filter>
 65 |     </ClInclude>
 66 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\common.h">
 67 |       <Filter>Header Files</Filter>
 68 |     </ClInclude>
 69 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\driver.h">
 70 |       <Filter>Header Files</Filter>
 71 |     </ClInclude>
 72 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\ept.h">
 73 |       <Filter>Header Files</Filter>
 74 |     </ClInclude>
 75 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\ia32_type.h">
 76 |       <Filter>Header Files</Filter>
 77 |     </ClInclude>
 78 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\kernel_stl.h">
 79 |       <Filter>Header Files</Filter>
 80 |     </ClInclude>
 81 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\log.h">
 82 |       <Filter>Header Files</Filter>
 83 |     </ClInclude>
 84 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\perf_counter.h">
 85 |       <Filter>Header Files</Filter>
 86 |     </ClInclude>
 87 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\performance.h">
 88 |       <Filter>Header Files</Filter>
 89 |     </ClInclude>
 90 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\util.h">
 91 |       <Filter>Header Files</Filter>
 92 |     </ClInclude>
 93 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\util_page_constants.h">
 94 |       <Filter>Header Files</Filter>
 95 |     </ClInclude>
 96 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\vm.h">
 97 |       <Filter>Header Files</Filter>
 98 |     </ClInclude>
 99 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\vmm.h">
100 |       <Filter>Header Files</Filter>
101 |     </ClInclude>
102 |     <ClInclude Include="FU_Hypervisor.h">
103 |       <Filter>Header Files</Filter>
104 |     </ClInclude>
105 |     <ClInclude Include="fake_page.h">
106 |       <Filter>Header Files</Filter>
107 |     </ClInclude>
108 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\global_object.h">
109 |       <Filter>Header Files</Filter>
110 |     </ClInclude>
111 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\hotplug_callback.h">
112 |       <Filter>Header Files</Filter>
113 |     </ClInclude>
114 |     <ClInclude Include="..\HyperPlatform\HyperPlatform\power_callback.h">
115 |       <Filter>Header Files</Filter>
116 |     </ClInclude>
117 |   </ItemGroup>
118 |   <ItemGroup>
119 |     <MASM Include="..\HyperPlatform\HyperPlatform\Arch\x64\x64.asm">
120 |       <Filter>Source Files</Filter>
121 |     </MASM>
122 |     <MASM Include="..\HyperPlatform\HyperPlatform\Arch\x86\x86.asm">
123 |       <Filter>Source Files</Filter>
124 |     </MASM>
125 |   </ItemGroup>
126 | </Project>


--------------------------------------------------------------------------------
/FU_Hypervisor/fake_page.cpp:
--------------------------------------------------------------------------------
  1 | // Copyright (c) 2015-2018, Satoshi Tanda. All rights reserved.
  2 | // Use of this source code is governed by a MIT-style license that can be
  3 | // found in the LICENSE file.
  4 | 
  5 | /// @file
  6 | /// Implements fake page functions.
  7 | 
  8 | #include "fake_page.h"
  9 | #include "../HyperPlatform/HyperPlatform/common.h"
 10 | #include "../HyperPlatform/HyperPlatform/log.h"
 11 | #include "../HyperPlatform/HyperPlatform/util.h"
 12 | #include "../HyperPlatform/HyperPlatform/ept.h"
 13 | #include <vector>
 14 | #include <memory>
 15 | #include <algorithm>
 16 | #include <array>
 17 | #include <intrin.h>
 18 | 
 19 | ////////////////////////////////////////////////////////////////////////////////
 20 | //
 21 | // macro utilities
 22 | //
 23 | 
 24 | ////////////////////////////////////////////////////////////////////////////////
 25 | //
 26 | // constants and macros
 27 | //
 28 | 
 29 | ////////////////////////////////////////////////////////////////////////////////
 30 | //
 31 | // types
 32 | //
 33 | 
 34 | // Copy of a page seen by a guest as a result of memory shadowing
 35 | struct Page {
 36 |   UCHAR* address;  // A page aligned copy of a page
 37 |   Page();
 38 |   ~Page();
 39 | };
 40 | 
 41 | // Allocates a non-paged, page-aligned page. Issues bug check on failure
 42 | Page::Page()
 43 |     : address(reinterpret_cast<UCHAR*>(ExAllocatePoolWithTag(
 44 |           NonPagedPool, PAGE_SIZE, kHyperPlatformCommonPoolTag))) {
 45 |   if (!address) {
 46 |     HYPERPLATFORM_COMMON_BUG_CHECK(
 47 |         HyperPlatformBugCheck::kCritialPoolAllocationFailure, 0, 0, 0);
 48 |   }
 49 | }
 50 | 
 51 | // De-allocates the allocated page
 52 | Page::~Page() { ExFreePoolWithTag(address, kHyperPlatformCommonPoolTag); }
 53 | 
 54 | // Contains single fake page data
 55 | struct FakePageData {
 56 |   void* patch_address;   // An address to be faked
 57 |   ULONG_PTR target_cr3;  // CR3 of the target process
 58 | 
 59 |   // A copy of a pages where patch_address belongs to. shadow_page_base_for_rw
 60 |   // is exposed to a guest for read and write operation against the page of
 61 |   // patch_address, and shadow_page_base_for_exec is exposed for execution.
 62 |   std::shared_ptr<Page> shadow_page_base_for_exec;
 63 | 
 64 |   // Physical address of the above two copied pages
 65 |   ULONG64 pa_base_for_rw;
 66 |   ULONG64 pa_base_for_exec;
 67 | 
 68 |   std::array<UCHAR, 32> original_bytes;  // Bytes to show for read operations
 69 | };
 70 | 
 71 | // Data structure shared across all processors
 72 | struct SharedFakePageData {
 73 |   std::vector<std::unique_ptr<FakePageData>> all_fp_data;
 74 | };
 75 | 
 76 | // Data structure for each processor
 77 | struct ProcessorFakePageData {
 78 |   const FakePageData* last_fp_data;
 79 | };
 80 | 
 81 | ////////////////////////////////////////////////////////////////////////////////
 82 | //
 83 | // prototypes
 84 | //
 85 | 
 86 | _IRQL_requires_max_(PASSIVE_LEVEL) static std::unique_ptr<
 87 |     FakePageData> FppCreateFakePageData(_In_ SharedFakePageData* shared_fp_data,
 88 |                                         _In_ void* context);
 89 | 
 90 | static FakePageData* FppFindFakePageDataByPage(
 91 |     _In_ const SharedFakePageData* shared_fp_data, _In_ void* address);
 92 | 
 93 | static void FppEnableFakePageForExec(_In_ const FakePageData& fp_data,
 94 |                                      _In_ EptData* ept_data);
 95 | 
 96 | static void FppEnableFakePageForRw(_In_ const FakePageData& fp_data,
 97 |                                    _In_ EptData* ept_data);
 98 | 
 99 | static void FppDisableFakePage(_In_ const FakePageData& fp_data,
100 |                                _In_ EptData* ept_data);
101 | 
102 | static void FppSetMonitorTrapFlag(_In_ ProcessorFakePageData* processor_fp_data,
103 |                                   _In_ bool enable);
104 | 
105 | static void FppSaveLastFakePageData(
106 |     _In_ ProcessorFakePageData* processor_fp_data,
107 |     _In_ const FakePageData& fp_data);
108 | 
109 | static const FakePageData* FppRestoreLastFakePageData(
110 |     _In_ ProcessorFakePageData* processor_fp_data);
111 | 
112 | static bool FppIsFuActive(_In_ const SharedFakePageData* shared_fp_data);
113 | 
114 | #if defined(ALLOC_PRAGMA)
115 | #pragma alloc_text(INIT, FpAllocateProcessorData)
116 | #pragma alloc_text(INIT, FpAllocateSharedProcessorData)
117 | #pragma alloc_text(PAGE, FpFreeProcessorData)
118 | #pragma alloc_text(PAGE, FpFreeSharedProcessorData)
119 | #endif
120 | 
121 | ////////////////////////////////////////////////////////////////////////////////
122 | //
123 | // variables
124 | //
125 | 
126 | ////////////////////////////////////////////////////////////////////////////////
127 | //
128 | // implementations
129 | //
130 | 
131 | // Allocates per-processor fake page data
132 | _Use_decl_annotations_ EXTERN_C ProcessorFakePageData*
133 | FpAllocateProcessorData() {
134 |   PAGED_CODE();
135 | 
136 |   auto processor_fp_data = reinterpret_cast<ProcessorFakePageData*>(
137 |       ExAllocatePoolWithTag(NonPagedPool, sizeof(ProcessorFakePageData),
138 |                             kHyperPlatformCommonPoolTag));
139 |   if (!processor_fp_data) {
140 |     return nullptr;
141 |   }
142 |   RtlFillMemory(processor_fp_data, sizeof(ProcessorFakePageData), 0);
143 |   return processor_fp_data;
144 | }
145 | 
146 | // Frees per-processor fake page data
147 | _Use_decl_annotations_ EXTERN_C void FpFreeProcessorData(
148 |     ProcessorFakePageData* processor_fp_data) {
149 |   PAGED_CODE();
150 | 
151 |   ExFreePoolWithTag(processor_fp_data, kHyperPlatformCommonPoolTag);
152 | }
153 | 
154 | // Allocates processor-shared fake page data
155 | _Use_decl_annotations_ EXTERN_C SharedFakePageData*
156 | FpAllocateSharedProcessorData() {
157 |   PAGED_CODE();
158 | 
159 |   return new SharedFakePageData();
160 | }
161 | 
162 | // Frees processor-shared fake page data
163 | _Use_decl_annotations_ EXTERN_C void FpFreeSharedProcessorData(
164 |     SharedFakePageData* shared_fp_data) {
165 |   PAGED_CODE();
166 | 
167 |   delete shared_fp_data;
168 | }
169 | 
170 | //
171 | // Following code is executed in hypervisor context
172 | //
173 | 
174 | // Handles MTF VM-exit
175 | _Use_decl_annotations_ void FpHandleMonitorTrapFlag(
176 |     ProcessorFakePageData* processor_fp_data,
177 |     const SharedFakePageData* shared_fp_data, EptData* ept_data) {
178 |   NT_VERIFY(FppIsFuActive(shared_fp_data));
179 | 
180 |   // Re-enable the shadow hook and clears MTF
181 |   const auto fp_data = FppRestoreLastFakePageData(processor_fp_data);
182 |   FppEnableFakePageForExec(*fp_data, ept_data);
183 |   FppSetMonitorTrapFlag(processor_fp_data, false);
184 | }
185 | 
186 | // Handles EPT violation VM-exit
187 | _Use_decl_annotations_ void FpHandleEptViolation(
188 |     ProcessorFakePageData* processor_fp_data,
189 |     const SharedFakePageData* shared_fp_data, EptData* ept_data,
190 |     void* fault_va) {
191 |   if (!FppIsFuActive(shared_fp_data)) {
192 |     return;
193 |   }
194 | 
195 |   const auto fp_data = FppFindFakePageDataByPage(shared_fp_data, fault_va);
196 |   if (!fp_data) {
197 |     return;
198 |   }
199 | 
200 |   // EPT violation was caused because a guest tried to read or write to a page
201 |   // where currently set as execute only. Let a guest read or write the page
202 |   // from a read/write fake page and run a single instruction.
203 |   FppEnableFakePageForRw(*fp_data, ept_data);
204 |   FppSetMonitorTrapFlag(processor_fp_data, true);
205 |   FppSaveLastFakePageData(processor_fp_data, *fp_data);
206 | }
207 | 
208 | // Create fake page data without activating it
209 | _Use_decl_annotations_ bool FpVmCallCreateFakePage(
210 |     SharedFakePageData* shared_fp_data, void* context) {
211 |   auto fp_data = FppCreateFakePageData(shared_fp_data, context);
212 |   if (!fp_data) {
213 |     return false;
214 |   }
215 | 
216 |   HYPERPLATFORM_LOG_DEBUG("CR3 = %016Ix, Patch = %p (%016llx), Exec = %p (%016llx)",
217 |                           fp_data->target_cr3, fp_data->patch_address,
218 |                           fp_data->pa_base_for_rw,
219 |                           fp_data->shadow_page_base_for_exec->address +
220 |                               BYTE_OFFSET(fp_data->patch_address),
221 |                           fp_data->pa_base_for_exec);
222 | 
223 |   // FIXME: lock here
224 |   shared_fp_data->all_fp_data.push_back(std::move(fp_data));
225 |   return true;
226 | }
227 | 
228 | // Creates or reuses a couple of copied pages and initializes FakePageData
229 | _Use_decl_annotations_ static std::unique_ptr<FakePageData>
230 | FppCreateFakePageData(SharedFakePageData* shared_fp_data, void* context) {
231 |   typedef struct {
232 |     ULONG64 start_address;
233 |     ULONG64 original_byte_size;
234 |     std::array<UCHAR, 32> original_bytes;
235 |   } APIMON_CREATE_SHADOW_PARAMETERS;
236 |   C_ASSERT(sizeof(APIMON_CREATE_SHADOW_PARAMETERS) == 48);
237 | 
238 |   APIMON_CREATE_SHADOW_PARAMETERS params = {};
239 | 
240 |   const auto guest_cr3 = UtilVmRead(VmcsField::kGuestCr3);
241 |   const auto vmm_cr3 = __readcr3();
242 | 
243 |   // Get parameters from an user supplied address.
244 |   //
245 |   // This is bad code for numerous reasons. What if the context points
246 |   // to an unmapped address? What if the address was already paged-out? What if
247 |   // start_address points to the kernel address space? This code does not give
248 |   // good answers to those situations. A right thing to do is reading the
249 |   // parameter from kernel context where MmProbeAndLockPages() and
250 |   // MmGetSystemAddressForMdlSafe() are available or using Buffered I/O via
251 |   // IOCTL, and then verify that start_address points to a valid location. See
252 |   // "User-Mode Interactions: Guidelines for Kernel-Mode Drivers" from
253 |   // Microsoft.
254 |   __writecr3(guest_cr3);
255 |   RtlCopyMemory(&params, context, sizeof(params));
256 | 
257 |   // Get PA of the start_address in requester process's context
258 |   const auto page_base = PAGE_ALIGN(params.start_address);
259 |   const auto pa_base = UtilPaFromVa(page_base);
260 |   __writecr3(vmm_cr3);
261 | 
262 |   auto fp_data = std::make_unique<FakePageData>();
263 |   fp_data->patch_address = reinterpret_cast<void*>(params.start_address);
264 |   fp_data->target_cr3 = guest_cr3;
265 | 
266 |   auto reusable_fp_data = FppFindFakePageDataByPage(
267 |       shared_fp_data, reinterpret_cast<void*>(params.start_address));
268 |   if (reusable_fp_data) {
269 |     // Found an existing FakePageData object targeting the same page as this
270 |     // one. re-use shadow pages.
271 |     fp_data->shadow_page_base_for_exec =
272 |         reusable_fp_data->shadow_page_base_for_exec;
273 |   } else {
274 |     // No associated FakePageData for the address. Create a fake page.
275 |     fp_data->shadow_page_base_for_exec = std::make_shared<Page>();
276 |     __writecr3(fp_data->target_cr3);
277 |     RtlCopyMemory(fp_data->shadow_page_base_for_exec->address, page_base,
278 |                   PAGE_SIZE);
279 |     __writecr3(vmm_cr3);
280 |   }
281 |   fp_data->original_bytes = params.original_bytes;
282 |   fp_data->pa_base_for_rw = pa_base;
283 |   fp_data->pa_base_for_exec =
284 |       UtilPaFromVa(fp_data->shadow_page_base_for_exec->address);
285 |   return fp_data;
286 | }
287 | 
288 | // Find a FakePageData instance by address
289 | _Use_decl_annotations_ static FakePageData* FppFindFakePageDataByPage(
290 |     const SharedFakePageData* shared_fp_data, void* address) {
291 |   const auto guest_cr3 = UtilVmRead(VmcsField::kGuestCr3);
292 |   const auto found = std::find_if(
293 |       shared_fp_data->all_fp_data.cbegin(), shared_fp_data->all_fp_data.cend(),
294 |       [address, guest_cr3](const auto& fp_data) {
295 |         return PAGE_ALIGN(fp_data->patch_address) == PAGE_ALIGN(address) &&
296 |                fp_data->target_cr3 == guest_cr3;
297 |       });
298 |   if (found == shared_fp_data->all_fp_data.cend()) {
299 |     return nullptr;
300 |   }
301 |   return found->get();
302 | }
303 | 
304 | // Enables all fake pages for the current process
305 | _Use_decl_annotations_ NTSTATUS FpVmCallEnableFakePages(
306 |     EptData* ept_data, const SharedFakePageData* shared_fp_data) {
307 |   const auto requester_cr3 = UtilVmRead(VmcsField::kGuestCr3);
308 |   const auto vmm_cr3 = __readcr3();
309 | 
310 |   // conceal contents of the original PA
311 |   Cr0 cr0_old = {__readcr0()};
312 |   Cr0 cr0_new = cr0_old;
313 |   cr0_new.fields.wp = false;
314 |   __writecr0(cr0_new.all);
315 | 
316 |   for (auto& fp_data : shared_fp_data->all_fp_data) {
317 |     if (fp_data->target_cr3 != requester_cr3) {
318 |       continue;
319 |     }
320 | 
321 |     __writecr3(fp_data->target_cr3);
322 |     RtlCopyMemory(fp_data->patch_address, fp_data->original_bytes.data(),
323 |                   fp_data->original_bytes.size());
324 |     __writecr3(vmm_cr3);
325 | 
326 |     HYPERPLATFORM_LOG_DEBUG_SAFE("Shadowing %016Ix:%p", fp_data->target_cr3,
327 |                                  fp_data->patch_address);
328 |     FppEnableFakePageForExec(*fp_data, ept_data);
329 |   }
330 |   __writecr0(cr0_old.all);
331 |   return STATUS_SUCCESS;
332 | }
333 | 
334 | // Show a shadowed page for execution
335 | _Use_decl_annotations_ static void FppEnableFakePageForExec(
336 |     const FakePageData& fp_data, EptData* ept_data) {
337 |   const auto old_cr3 = __readcr3();
338 |   __writecr3(fp_data.target_cr3);
339 | 
340 |   const auto ept_pt_entry =
341 |       EptGetEptPtEntry(ept_data, UtilPaFromVa(fp_data.patch_address));
342 | 
343 |   // Allow the VMM to redirect read and write access to the address by denying
344 |   // those accesses and handling them on EPT violation
345 |   ept_pt_entry->fields.write_access = false;
346 |   ept_pt_entry->fields.read_access = false;
347 | 
348 |   // Only execution is allowed on the address. Show the copied page for exec
349 |   // that has an actual breakpoint to the guest.
350 |   ept_pt_entry->fields.physial_address =
351 |       UtilPfnFromPa(fp_data.pa_base_for_exec);
352 | 
353 |   __writecr3(old_cr3);
354 |   UtilInveptGlobal();
355 | }
356 | 
357 | // Show a shadowed page for read and write
358 | _Use_decl_annotations_ static void FppEnableFakePageForRw(
359 |     const FakePageData& fp_data, EptData* ept_data) {
360 |   const auto old_cr3 = __readcr3();
361 |   __writecr3(fp_data.target_cr3);
362 | 
363 |   // Allow a guest to read and write as well as execute the address. Show the
364 |   // copied page for read/write that does not have an breakpoint but reflects
365 |   // all modification by a guest if that happened.
366 |   const auto ept_pt_entry =
367 |       EptGetEptPtEntry(ept_data, UtilPaFromVa(fp_data.patch_address));
368 |   ept_pt_entry->fields.write_access = true;
369 |   ept_pt_entry->fields.read_access = true;
370 |   ept_pt_entry->fields.physial_address = UtilPfnFromPa(fp_data.pa_base_for_rw);
371 | 
372 |   __writecr3(old_cr3);
373 |   UtilInveptGlobal();
374 | }
375 | 
376 | // Disables all fake pages for the current process
377 | _Use_decl_annotations_ void FpVmCallDisableFakePages(
378 |     EptData* ept_data, SharedFakePageData* shared_fp_data) {
379 |   const auto requester_cr3 = UtilVmRead(VmcsField::kGuestCr3);
380 |   const auto vmm_cr3 = __readcr3();
381 | 
382 |   Cr0 cr0_old = {__readcr0()};
383 |   Cr0 cr0_new = cr0_old;
384 |   cr0_new.fields.wp = false;
385 |   __writecr0(cr0_new.all);
386 | 
387 |   for (auto& fp_data : shared_fp_data->all_fp_data) {
388 |     if (fp_data->target_cr3 != requester_cr3) {
389 |       continue;
390 |     }
391 | 
392 |     HYPERPLATFORM_LOG_DEBUG_SAFE("Unshadowing %016Ix:%p", fp_data->target_cr3,
393 |                                  fp_data->patch_address);
394 |     FppDisableFakePage(*fp_data, ept_data);
395 | 
396 |     // Write back contents of EXEC page onto a patched address
397 |     __writecr3(fp_data->target_cr3);
398 |     RtlCopyMemory(fp_data->patch_address,
399 |                   fp_data->shadow_page_base_for_exec->address +
400 |                       BYTE_OFFSET(fp_data->patch_address),
401 |                   fp_data->original_bytes.size());
402 |     __writecr3(vmm_cr3);
403 |   }
404 |   __writecr0(cr0_old.all);
405 | }
406 | 
407 | // Stop showing a shadow page
408 | _Use_decl_annotations_ static void FppDisableFakePage(
409 |     const FakePageData& fp_data, EptData* ept_data) {
410 |   const auto old_cr3 = __readcr3();
411 |   __writecr3(fp_data.target_cr3);
412 | 
413 |   const auto page_base = (UCHAR*)PAGE_ALIGN(fp_data.patch_address);
414 |   const auto pa_base = UtilPaFromVa(page_base);
415 |   const auto ept_pt_entry = EptGetEptPtEntry(ept_data, pa_base);
416 |   ept_pt_entry->fields.write_access = true;
417 |   ept_pt_entry->fields.read_access = true;
418 |   ept_pt_entry->fields.physial_address = UtilPfnFromPa(pa_base);
419 | 
420 |   __writecr3(old_cr3);
421 |   UtilInveptGlobal();
422 | }
423 | 
424 | _Use_decl_annotations_ void FpVmCallDeleteFakePages(
425 |     SharedFakePageData* shared_fp_data) {
426 |   const auto requester_cr3 = UtilVmRead(VmcsField::kGuestCr3);
427 | 
428 |   // FIXME: lock the structure
429 |   const auto new_end = std::remove_if(
430 |       shared_fp_data->all_fp_data.begin(), shared_fp_data->all_fp_data.end(),
431 |       [requester_cr3](auto& fp_data) {
432 |         return fp_data->target_cr3 == requester_cr3;
433 |       });
434 |   shared_fp_data->all_fp_data.erase(new_end, shared_fp_data->all_fp_data.end());
435 | }
436 | 
437 | // Set MTF on the current processor
438 | _Use_decl_annotations_ static void FppSetMonitorTrapFlag(
439 |     ProcessorFakePageData* processor_fp_data, bool enable) {
440 |   UNREFERENCED_PARAMETER(processor_fp_data);
441 | 
442 |   VmxProcessorBasedControls vm_procctl = {
443 |       static_cast<unsigned int>(UtilVmRead(VmcsField::kCpuBasedVmExecControl))};
444 |   vm_procctl.fields.monitor_trap_flag = enable;
445 |   UtilVmWrite(VmcsField::kCpuBasedVmExecControl, vm_procctl.all);
446 | }
447 | 
448 | // Saves FakePageData as the last one for reusing it on up coming MTF VM-exit
449 | _Use_decl_annotations_ static void FppSaveLastFakePageData(
450 |     ProcessorFakePageData* processor_fp_data, const FakePageData& fp_data) {
451 |   NT_ASSERT(!processor_fp_data->last_fp_data);
452 |   processor_fp_data->last_fp_data = &fp_data;
453 | }
454 | 
455 | // Retrieves the last FakePageData
456 | _Use_decl_annotations_ static const FakePageData* FppRestoreLastFakePageData(
457 |     ProcessorFakePageData* processor_fp_data) {
458 |   NT_ASSERT(processor_fp_data->last_fp_data);
459 |   auto fp_data = processor_fp_data->last_fp_data;
460 |   processor_fp_data->last_fp_data = nullptr;
461 |   return fp_data;
462 | }
463 | 
464 | // Checks if DdiMon is already initialized
465 | _Use_decl_annotations_ static bool FppIsFuActive(
466 |     const SharedFakePageData* shared_fp_data) {
467 |   return !!(shared_fp_data);
468 | }
469 | 


--------------------------------------------------------------------------------
/FU_Hypervisor/fake_page.h:
--------------------------------------------------------------------------------
 1 | // Copyright (c) 2015-2018, Satoshi Tanda. All rights reserved.
 2 | // Use of this source code is governed by a MIT-style license that can be
 3 | // found in the LICENSE file.
 4 | 
 5 | /// @file
 6 | /// Declares interfaces to fake page functions.
 7 | 
 8 | #ifndef FU_HYPERVISOR_FAKE_PAGE_H_
 9 | #define FU_HYPERVISOR_FAKE_PAGE_H_
10 | 
11 | #include <fltKernel.h>
12 | 
13 | ////////////////////////////////////////////////////////////////////////////////
14 | //
15 | // macro utilities
16 | //
17 | 
18 | ////////////////////////////////////////////////////////////////////////////////
19 | //
20 | // constants and macros
21 | //
22 | 
23 | ////////////////////////////////////////////////////////////////////////////////
24 | //
25 | // types
26 | //
27 | 
28 | struct EptData;
29 | struct ProcessorFakePageData;
30 | struct SharedFakePageData;
31 | 
32 | ////////////////////////////////////////////////////////////////////////////////
33 | //
34 | // prototypes
35 | //
36 | 
37 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C
38 |     ProcessorFakePageData* FpAllocateProcessorData();
39 | 
40 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C
41 |     void FpFreeProcessorData(_In_ ProcessorFakePageData* processor_fp_data);
42 | 
43 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C
44 |     SharedFakePageData* FpAllocateSharedProcessorData();
45 | 
46 | _IRQL_requires_max_(PASSIVE_LEVEL) EXTERN_C
47 |     void FpFreeSharedProcessorData(_In_ SharedFakePageData* shared_fp_data);
48 | 
49 | _IRQL_requires_min_(DISPATCH_LEVEL) void FpHandleMonitorTrapFlag(
50 |     _In_ ProcessorFakePageData* processor_fp_data,
51 |     _In_ const SharedFakePageData* shared_fp_data, _In_ EptData* ept_data);
52 | 
53 | _IRQL_requires_min_(DISPATCH_LEVEL) void FpHandleEptViolation(
54 |     _In_ ProcessorFakePageData* processor_fp_data,
55 |     _In_ const SharedFakePageData* shared_fp_data, _In_ EptData* ept_data,
56 |     _In_ void* fault_va);
57 | 
58 | _IRQL_requires_max_(PASSIVE_LEVEL) bool FpVmCallCreateFakePage(
59 |     _In_ SharedFakePageData* shared_fp_data, _In_ void* context);
60 | 
61 | _IRQL_requires_min_(DISPATCH_LEVEL) NTSTATUS
62 |     FpVmCallEnableFakePages(_In_ EptData* ept_data,
63 |                             _In_ const SharedFakePageData* shared_fp_data);
64 | 
65 | _IRQL_requires_min_(DISPATCH_LEVEL) void FpVmCallDisableFakePages(
66 |     _In_ EptData* ept_data, _In_ SharedFakePageData* shared_fp_data);
67 | 
68 | _IRQL_requires_min_(DISPATCH_LEVEL) void FpVmCallDeleteFakePages(
69 |     _In_ SharedFakePageData* shared_fp_data);
70 | 
71 | ////////////////////////////////////////////////////////////////////////////////
72 | //
73 | // variables
74 | //
75 | 
76 | ////////////////////////////////////////////////////////////////////////////////
77 | //
78 | // implementations
79 | //
80 | 
81 | #endif  // FU_HYPERVISOR_FAKE_PAGE_H_
82 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2016 Satoshi Tanda
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # FU_Hypervisor
2 | 
3 | A discontinued hypervisor project to hide user-mode memory using EPT. No support.
4 | Uploading code as-is as requested. The FU_Hypervisor.sln compiles on VS2017,
5 | while test programs compile on VS2015.
6 | 


--------------------------------------------------------------------------------
/TODO.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | TODO:
 3 | - wanna map patch_address to the kernel space using MmProbeAndLockPages
 4 | - multi-page handling
 5 | - create sample hook projects: local hook with minihook (C), and remote hook 
 6 |     with EasyHook (C++)
 7 | 
 8 | BUG:
 9 | - Full dmp aquision never ends
10 | 
11 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ReadProcMem", "ReadProcMem\ReadProcMem.vcxproj", "{80778571-48BD-431A-BE52-28F7388157CC}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Debug|x64.Build.0 = Debug|x64
18 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Debug|x86.Build.0 = Debug|Win32
20 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Release|x64.ActiveCfg = Release|x64
21 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Release|x64.Build.0 = Release|x64
22 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Release|x86.ActiveCfg = Release|Win32
23 | 		{80778571-48BD-431A-BE52-28F7388157CC}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : ReadProcMem Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this ReadProcMem application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your ReadProcMem application.
 9 | 
10 | 
11 | ReadProcMem.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | ReadProcMem.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | ReadProcMem.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named ReadProcMem.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/ReadProcMem.cpp:
--------------------------------------------------------------------------------
 1 | // ReadProcMem.cpp : Defines the entry point for the console application.
 2 | //
 3 | 
 4 | #include "stdafx.h"
 5 | 
 6 | #include "include/capstone.h"
 7 | #pragma comment(lib, "capstone.lib")
 8 | 
 9 | bool DumpDisassemble(BYTE *bytes, SIZE_T length, ULONG_PTR address, const char* message, const char* label)
10 | {
11 |   csh handle = 0;
12 |   if (cs_open(CS_ARCH_X86, (sizeof(void *) == 4) ? CS_MODE_32 : CS_MODE_64,
13 |     &handle) != CS_ERR_OK)
14 |   {
15 |     return false;
16 |   }
17 | 
18 |   cs_insn *insn;
19 |   size_t count = cs_disasm(handle, bytes, length,
20 |     address, 0, &insn);
21 |   if (count > 0)
22 |   {
23 |     printf("%s %s: ", message, label);
24 |     for (size_t j = 0; j < count; j++)
25 |     {
26 |       printf("0x%p %s %s\n", (void *)(uintptr_t)insn[j].address,
27 |         insn[j].mnemonic, insn[j].op_str);
28 |     }
29 |     cs_free(insn, count);
30 |   }
31 |   cs_close(&handle);
32 |   return true;
33 | }
34 | 
35 | int main(int argc, char *argv[]) {
36 |   if (argc != 3) {
37 |     printf(">this.exe pid remote_address\n");
38 |     return 0;
39 |   }
40 | 
41 |   auto pid = std::stoul(argv[1]);
42 |   auto addr = reinterpret_cast<void *>(std::stoull(argv[2], 0, 16));
43 |   auto handle = OpenProcess(PROCESS_VM_READ, FALSE, pid);
44 |   if (!handle) {
45 |     return 1;
46 |   }
47 | 
48 |   SIZE_T read = 0;
49 |   UCHAR bytes[32] = {};
50 |   if (!ReadProcessMemory(handle, addr, bytes, sizeof(bytes), &read)) {
51 |     return 1;
52 |   }
53 | 
54 |   DumpDisassemble(bytes, 6, reinterpret_cast<ULONG_PTR>(addr), "PID", argv[1]);
55 |   return 0;
56 | }
57 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/ReadProcMem.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{80778571-48BD-431A-BE52-28F7388157CC}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>ReadProcMem</RootNamespace>
 25 |     <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
 26 |   </PropertyGroup>
 27 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 28 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 29 |     <ConfigurationType>Application</ConfigurationType>
 30 |     <UseDebugLibraries>true</UseDebugLibraries>
 31 |     <PlatformToolset>v140</PlatformToolset>
 32 |     <CharacterSet>Unicode</CharacterSet>
 33 |   </PropertyGroup>
 34 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 35 |     <ConfigurationType>Application</ConfigurationType>
 36 |     <UseDebugLibraries>false</UseDebugLibraries>
 37 |     <PlatformToolset>v140</PlatformToolset>
 38 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 39 |     <CharacterSet>Unicode</CharacterSet>
 40 |   </PropertyGroup>
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 42 |     <ConfigurationType>Application</ConfigurationType>
 43 |     <UseDebugLibraries>true</UseDebugLibraries>
 44 |     <PlatformToolset>v140</PlatformToolset>
 45 |     <CharacterSet>Unicode</CharacterSet>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 48 |     <ConfigurationType>Application</ConfigurationType>
 49 |     <UseDebugLibraries>false</UseDebugLibraries>
 50 |     <PlatformToolset>v140</PlatformToolset>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>Unicode</CharacterSet>
 53 |   </PropertyGroup>
 54 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 55 |   <ImportGroup Label="ExtensionSettings">
 56 |   </ImportGroup>
 57 |   <ImportGroup Label="Shared">
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 69 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 70 |   </ImportGroup>
 71 |   <PropertyGroup Label="UserMacros" />
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 73 |     <LinkIncremental>true</LinkIncremental>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 76 |     <LinkIncremental>true</LinkIncremental>
 77 |   </PropertyGroup>
 78 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 79 |     <LinkIncremental>false</LinkIncremental>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 82 |     <LinkIncremental>false</LinkIncremental>
 83 |   </PropertyGroup>
 84 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 85 |     <ClCompile>
 86 |       <PrecompiledHeader>Use</PrecompiledHeader>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <Optimization>Disabled</Optimization>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 98 |     <ClCompile>
 99 |       <PrecompiledHeader>Use</PrecompiledHeader>
100 |       <WarningLevel>Level3</WarningLevel>
101 |       <Optimization>Disabled</Optimization>
102 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
103 |       <SDLCheck>true</SDLCheck>
104 |     </ClCompile>
105 |     <Link>
106 |       <SubSystem>Console</SubSystem>
107 |       <GenerateDebugInformation>true</GenerateDebugInformation>
108 |     </Link>
109 |   </ItemDefinitionGroup>
110 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
111 |     <ClCompile>
112 |       <WarningLevel>Level3</WarningLevel>
113 |       <PrecompiledHeader>Use</PrecompiledHeader>
114 |       <Optimization>MaxSpeed</Optimization>
115 |       <FunctionLevelLinking>true</FunctionLevelLinking>
116 |       <IntrinsicFunctions>true</IntrinsicFunctions>
117 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
120 |     </ClCompile>
121 |     <Link>
122 |       <SubSystem>Console</SubSystem>
123 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
124 |       <OptimizeReferences>true</OptimizeReferences>
125 |       <GenerateDebugInformation>true</GenerateDebugInformation>
126 |     </Link>
127 |   </ItemDefinitionGroup>
128 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
129 |     <ClCompile>
130 |       <WarningLevel>Level3</WarningLevel>
131 |       <PrecompiledHeader>Use</PrecompiledHeader>
132 |       <Optimization>MaxSpeed</Optimization>
133 |       <FunctionLevelLinking>true</FunctionLevelLinking>
134 |       <IntrinsicFunctions>true</IntrinsicFunctions>
135 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
138 |     </ClCompile>
139 |     <Link>
140 |       <SubSystem>Console</SubSystem>
141 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
142 |       <OptimizeReferences>true</OptimizeReferences>
143 |       <GenerateDebugInformation>true</GenerateDebugInformation>
144 |     </Link>
145 |   </ItemDefinitionGroup>
146 |   <ItemGroup>
147 |     <Text Include="ReadMe.txt" />
148 |   </ItemGroup>
149 |   <ItemGroup>
150 |     <ClInclude Include="stdafx.h" />
151 |     <ClInclude Include="targetver.h" />
152 |   </ItemGroup>
153 |   <ItemGroup>
154 |     <ClCompile Include="ReadProcMem.cpp" />
155 |     <ClCompile Include="stdafx.cpp">
156 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
157 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
158 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
159 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
160 |     </ClCompile>
161 |   </ItemGroup>
162 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
163 |   <ImportGroup Label="ExtensionTargets">
164 |   </ImportGroup>
165 | </Project>


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/ReadProcMem.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="ReadProcMem.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/capstone.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tandasat/FU_Hypervisor/d8a5fdf9f8eb723007bfd0a057e38232ef18002d/TestPrograms/ReadProcMem/ReadProcMem/capstone.lib


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/include/mips.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_MIPS_H
  2 | #define CAPSTONE_MIPS_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2013-2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | // GCC MIPS toolchain has a default macro called "mips" which breaks
 18 | // compilation
 19 | #undef mips
 20 | 
 21 | #ifdef _MSC_VER
 22 | #pragma warning(disable:4201)
 23 | #endif
 24 | 
 25 | //> Operand type for instruction's operands
 26 | typedef enum mips_op_type {
 27 | 	MIPS_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 28 | 	MIPS_OP_REG, // = CS_OP_REG (Register operand).
 29 | 	MIPS_OP_IMM, // = CS_OP_IMM (Immediate operand).
 30 | 	MIPS_OP_MEM, // = CS_OP_MEM (Memory operand).
 31 | } mips_op_type;
 32 | 
 33 | // Instruction's operand referring to memory
 34 | // This is associated with MIPS_OP_MEM operand type above
 35 | typedef struct mips_op_mem {
 36 | 	unsigned int base;	// base register
 37 | 	int64_t disp;	// displacement/offset value
 38 | } mips_op_mem;
 39 | 
 40 | // Instruction operand
 41 | typedef struct cs_mips_op {
 42 | 	mips_op_type type;	// operand type
 43 | 	union {
 44 | 		unsigned int reg;	// register value for REG operand
 45 | 		int64_t imm;		// immediate value for IMM operand
 46 | 		mips_op_mem mem;	// base/index/scale/disp value for MEM operand
 47 | 	};
 48 | } cs_mips_op;
 49 | 
 50 | // Instruction structure
 51 | typedef struct cs_mips {
 52 | 	// Number of operands of this instruction, 
 53 | 	// or 0 when instruction has no operand.
 54 | 	uint8_t op_count;
 55 | 	cs_mips_op operands[8]; // operands for this instruction.
 56 | } cs_mips;
 57 | 
 58 | //> MIPS registers
 59 | typedef enum mips_reg {
 60 | 	MIPS_REG_INVALID = 0,
 61 | 	//> General purpose registers
 62 | 	MIPS_REG_0,
 63 | 	MIPS_REG_1,
 64 | 	MIPS_REG_2,
 65 | 	MIPS_REG_3,
 66 | 	MIPS_REG_4,
 67 | 	MIPS_REG_5,
 68 | 	MIPS_REG_6,
 69 | 	MIPS_REG_7,
 70 | 	MIPS_REG_8,
 71 | 	MIPS_REG_9,
 72 | 	MIPS_REG_10,
 73 | 	MIPS_REG_11,
 74 | 	MIPS_REG_12,
 75 | 	MIPS_REG_13,
 76 | 	MIPS_REG_14,
 77 | 	MIPS_REG_15,
 78 | 	MIPS_REG_16,
 79 | 	MIPS_REG_17,
 80 | 	MIPS_REG_18,
 81 | 	MIPS_REG_19,
 82 | 	MIPS_REG_20,
 83 | 	MIPS_REG_21,
 84 | 	MIPS_REG_22,
 85 | 	MIPS_REG_23,
 86 | 	MIPS_REG_24,
 87 | 	MIPS_REG_25,
 88 | 	MIPS_REG_26,
 89 | 	MIPS_REG_27,
 90 | 	MIPS_REG_28,
 91 | 	MIPS_REG_29,
 92 | 	MIPS_REG_30,
 93 | 	MIPS_REG_31,
 94 | 
 95 | 	//> DSP registers
 96 | 	MIPS_REG_DSPCCOND,
 97 | 	MIPS_REG_DSPCARRY,
 98 | 	MIPS_REG_DSPEFI,
 99 | 	MIPS_REG_DSPOUTFLAG,
100 | 	MIPS_REG_DSPOUTFLAG16_19,
101 | 	MIPS_REG_DSPOUTFLAG20,
102 | 	MIPS_REG_DSPOUTFLAG21,
103 | 	MIPS_REG_DSPOUTFLAG22,
104 | 	MIPS_REG_DSPOUTFLAG23,
105 | 	MIPS_REG_DSPPOS,
106 | 	MIPS_REG_DSPSCOUNT,
107 | 
108 | 	//> ACC registers
109 | 	MIPS_REG_AC0,
110 | 	MIPS_REG_AC1,
111 | 	MIPS_REG_AC2,
112 | 	MIPS_REG_AC3,
113 | 
114 | 	//> COP registers
115 | 	MIPS_REG_CC0,
116 | 	MIPS_REG_CC1,
117 | 	MIPS_REG_CC2,
118 | 	MIPS_REG_CC3,
119 | 	MIPS_REG_CC4,
120 | 	MIPS_REG_CC5,
121 | 	MIPS_REG_CC6,
122 | 	MIPS_REG_CC7,
123 | 
124 | 	//> FPU registers
125 | 	MIPS_REG_F0,
126 | 	MIPS_REG_F1,
127 | 	MIPS_REG_F2,
128 | 	MIPS_REG_F3,
129 | 	MIPS_REG_F4,
130 | 	MIPS_REG_F5,
131 | 	MIPS_REG_F6,
132 | 	MIPS_REG_F7,
133 | 	MIPS_REG_F8,
134 | 	MIPS_REG_F9,
135 | 	MIPS_REG_F10,
136 | 	MIPS_REG_F11,
137 | 	MIPS_REG_F12,
138 | 	MIPS_REG_F13,
139 | 	MIPS_REG_F14,
140 | 	MIPS_REG_F15,
141 | 	MIPS_REG_F16,
142 | 	MIPS_REG_F17,
143 | 	MIPS_REG_F18,
144 | 	MIPS_REG_F19,
145 | 	MIPS_REG_F20,
146 | 	MIPS_REG_F21,
147 | 	MIPS_REG_F22,
148 | 	MIPS_REG_F23,
149 | 	MIPS_REG_F24,
150 | 	MIPS_REG_F25,
151 | 	MIPS_REG_F26,
152 | 	MIPS_REG_F27,
153 | 	MIPS_REG_F28,
154 | 	MIPS_REG_F29,
155 | 	MIPS_REG_F30,
156 | 	MIPS_REG_F31,
157 | 
158 | 	MIPS_REG_FCC0,
159 | 	MIPS_REG_FCC1,
160 | 	MIPS_REG_FCC2,
161 | 	MIPS_REG_FCC3,
162 | 	MIPS_REG_FCC4,
163 | 	MIPS_REG_FCC5,
164 | 	MIPS_REG_FCC6,
165 | 	MIPS_REG_FCC7,
166 | 
167 | 	//> AFPR128
168 | 	MIPS_REG_W0,
169 | 	MIPS_REG_W1,
170 | 	MIPS_REG_W2,
171 | 	MIPS_REG_W3,
172 | 	MIPS_REG_W4,
173 | 	MIPS_REG_W5,
174 | 	MIPS_REG_W6,
175 | 	MIPS_REG_W7,
176 | 	MIPS_REG_W8,
177 | 	MIPS_REG_W9,
178 | 	MIPS_REG_W10,
179 | 	MIPS_REG_W11,
180 | 	MIPS_REG_W12,
181 | 	MIPS_REG_W13,
182 | 	MIPS_REG_W14,
183 | 	MIPS_REG_W15,
184 | 	MIPS_REG_W16,
185 | 	MIPS_REG_W17,
186 | 	MIPS_REG_W18,
187 | 	MIPS_REG_W19,
188 | 	MIPS_REG_W20,
189 | 	MIPS_REG_W21,
190 | 	MIPS_REG_W22,
191 | 	MIPS_REG_W23,
192 | 	MIPS_REG_W24,
193 | 	MIPS_REG_W25,
194 | 	MIPS_REG_W26,
195 | 	MIPS_REG_W27,
196 | 	MIPS_REG_W28,
197 | 	MIPS_REG_W29,
198 | 	MIPS_REG_W30,
199 | 	MIPS_REG_W31,
200 | 
201 | 	MIPS_REG_HI,
202 | 	MIPS_REG_LO,
203 | 
204 | 	MIPS_REG_P0,
205 | 	MIPS_REG_P1,
206 | 	MIPS_REG_P2,
207 | 
208 | 	MIPS_REG_MPL0,
209 | 	MIPS_REG_MPL1,
210 | 	MIPS_REG_MPL2,
211 | 
212 | 	MIPS_REG_ENDING,	// <-- mark the end of the list or registers
213 | 
214 | 	// alias registers
215 | 	MIPS_REG_ZERO = MIPS_REG_0,
216 | 	MIPS_REG_AT = MIPS_REG_1,
217 | 	MIPS_REG_V0 = MIPS_REG_2,
218 | 	MIPS_REG_V1 = MIPS_REG_3,
219 | 	MIPS_REG_A0 = MIPS_REG_4,
220 | 	MIPS_REG_A1 = MIPS_REG_5,
221 | 	MIPS_REG_A2 = MIPS_REG_6,
222 | 	MIPS_REG_A3 = MIPS_REG_7,
223 | 	MIPS_REG_T0 = MIPS_REG_8,
224 | 	MIPS_REG_T1 = MIPS_REG_9,
225 | 	MIPS_REG_T2 = MIPS_REG_10,
226 | 	MIPS_REG_T3 = MIPS_REG_11,
227 | 	MIPS_REG_T4 = MIPS_REG_12,
228 | 	MIPS_REG_T5 = MIPS_REG_13,
229 | 	MIPS_REG_T6 = MIPS_REG_14,
230 | 	MIPS_REG_T7 = MIPS_REG_15,
231 | 	MIPS_REG_S0 = MIPS_REG_16,
232 | 	MIPS_REG_S1 = MIPS_REG_17,
233 | 	MIPS_REG_S2 = MIPS_REG_18,
234 | 	MIPS_REG_S3 = MIPS_REG_19,
235 | 	MIPS_REG_S4 = MIPS_REG_20,
236 | 	MIPS_REG_S5 = MIPS_REG_21,
237 | 	MIPS_REG_S6 = MIPS_REG_22,
238 | 	MIPS_REG_S7 = MIPS_REG_23,
239 | 	MIPS_REG_T8 = MIPS_REG_24,
240 | 	MIPS_REG_T9 = MIPS_REG_25,
241 | 	MIPS_REG_K0 = MIPS_REG_26,
242 | 	MIPS_REG_K1 = MIPS_REG_27,
243 | 	MIPS_REG_GP = MIPS_REG_28,
244 | 	MIPS_REG_SP = MIPS_REG_29,
245 | 	MIPS_REG_FP = MIPS_REG_30, MIPS_REG_S8 = MIPS_REG_30,
246 | 	MIPS_REG_RA = MIPS_REG_31,
247 | 
248 | 	MIPS_REG_HI0 = MIPS_REG_AC0,
249 | 	MIPS_REG_HI1 = MIPS_REG_AC1,
250 | 	MIPS_REG_HI2 = MIPS_REG_AC2,
251 | 	MIPS_REG_HI3 = MIPS_REG_AC3,
252 | 
253 | 	MIPS_REG_LO0 = MIPS_REG_HI0,
254 | 	MIPS_REG_LO1 = MIPS_REG_HI1,
255 | 	MIPS_REG_LO2 = MIPS_REG_HI2,
256 | 	MIPS_REG_LO3 = MIPS_REG_HI3,
257 | } mips_reg;
258 | 
259 | //> MIPS instruction
260 | typedef enum mips_insn {
261 | 	MIPS_INS_INVALID = 0,
262 | 
263 | 	MIPS_INS_ABSQ_S,
264 | 	MIPS_INS_ADD,
265 | 	MIPS_INS_ADDIUPC,
266 | 	MIPS_INS_ADDQH,
267 | 	MIPS_INS_ADDQH_R,
268 | 	MIPS_INS_ADDQ,
269 | 	MIPS_INS_ADDQ_S,
270 | 	MIPS_INS_ADDSC,
271 | 	MIPS_INS_ADDS_A,
272 | 	MIPS_INS_ADDS_S,
273 | 	MIPS_INS_ADDS_U,
274 | 	MIPS_INS_ADDUH,
275 | 	MIPS_INS_ADDUH_R,
276 | 	MIPS_INS_ADDU,
277 | 	MIPS_INS_ADDU_S,
278 | 	MIPS_INS_ADDVI,
279 | 	MIPS_INS_ADDV,
280 | 	MIPS_INS_ADDWC,
281 | 	MIPS_INS_ADD_A,
282 | 	MIPS_INS_ADDI,
283 | 	MIPS_INS_ADDIU,
284 | 	MIPS_INS_ALIGN,
285 | 	MIPS_INS_ALUIPC,
286 | 	MIPS_INS_AND,
287 | 	MIPS_INS_ANDI,
288 | 	MIPS_INS_APPEND,
289 | 	MIPS_INS_ASUB_S,
290 | 	MIPS_INS_ASUB_U,
291 | 	MIPS_INS_AUI,
292 | 	MIPS_INS_AUIPC,
293 | 	MIPS_INS_AVER_S,
294 | 	MIPS_INS_AVER_U,
295 | 	MIPS_INS_AVE_S,
296 | 	MIPS_INS_AVE_U,
297 | 	MIPS_INS_BADDU,
298 | 	MIPS_INS_BAL,
299 | 	MIPS_INS_BALC,
300 | 	MIPS_INS_BALIGN,
301 | 	MIPS_INS_BC,
302 | 	MIPS_INS_BC0F,
303 | 	MIPS_INS_BC0FL,
304 | 	MIPS_INS_BC0T,
305 | 	MIPS_INS_BC0TL,
306 | 	MIPS_INS_BC1EQZ,
307 | 	MIPS_INS_BC1F,
308 | 	MIPS_INS_BC1FL,
309 | 	MIPS_INS_BC1NEZ,
310 | 	MIPS_INS_BC1T,
311 | 	MIPS_INS_BC1TL,
312 | 	MIPS_INS_BC2EQZ,
313 | 	MIPS_INS_BC2F,
314 | 	MIPS_INS_BC2FL,
315 | 	MIPS_INS_BC2NEZ,
316 | 	MIPS_INS_BC2T,
317 | 	MIPS_INS_BC2TL,
318 | 	MIPS_INS_BC3F,
319 | 	MIPS_INS_BC3FL,
320 | 	MIPS_INS_BC3T,
321 | 	MIPS_INS_BC3TL,
322 | 	MIPS_INS_BCLRI,
323 | 	MIPS_INS_BCLR,
324 | 	MIPS_INS_BEQ,
325 | 	MIPS_INS_BEQC,
326 | 	MIPS_INS_BEQL,
327 | 	MIPS_INS_BEQZALC,
328 | 	MIPS_INS_BEQZC,
329 | 	MIPS_INS_BGEC,
330 | 	MIPS_INS_BGEUC,
331 | 	MIPS_INS_BGEZ,
332 | 	MIPS_INS_BGEZAL,
333 | 	MIPS_INS_BGEZALC,
334 | 	MIPS_INS_BGEZALL,
335 | 	MIPS_INS_BGEZALS,
336 | 	MIPS_INS_BGEZC,
337 | 	MIPS_INS_BGEZL,
338 | 	MIPS_INS_BGTZ,
339 | 	MIPS_INS_BGTZALC,
340 | 	MIPS_INS_BGTZC,
341 | 	MIPS_INS_BGTZL,
342 | 	MIPS_INS_BINSLI,
343 | 	MIPS_INS_BINSL,
344 | 	MIPS_INS_BINSRI,
345 | 	MIPS_INS_BINSR,
346 | 	MIPS_INS_BITREV,
347 | 	MIPS_INS_BITSWAP,
348 | 	MIPS_INS_BLEZ,
349 | 	MIPS_INS_BLEZALC,
350 | 	MIPS_INS_BLEZC,
351 | 	MIPS_INS_BLEZL,
352 | 	MIPS_INS_BLTC,
353 | 	MIPS_INS_BLTUC,
354 | 	MIPS_INS_BLTZ,
355 | 	MIPS_INS_BLTZAL,
356 | 	MIPS_INS_BLTZALC,
357 | 	MIPS_INS_BLTZALL,
358 | 	MIPS_INS_BLTZALS,
359 | 	MIPS_INS_BLTZC,
360 | 	MIPS_INS_BLTZL,
361 | 	MIPS_INS_BMNZI,
362 | 	MIPS_INS_BMNZ,
363 | 	MIPS_INS_BMZI,
364 | 	MIPS_INS_BMZ,
365 | 	MIPS_INS_BNE,
366 | 	MIPS_INS_BNEC,
367 | 	MIPS_INS_BNEGI,
368 | 	MIPS_INS_BNEG,
369 | 	MIPS_INS_BNEL,
370 | 	MIPS_INS_BNEZALC,
371 | 	MIPS_INS_BNEZC,
372 | 	MIPS_INS_BNVC,
373 | 	MIPS_INS_BNZ,
374 | 	MIPS_INS_BOVC,
375 | 	MIPS_INS_BPOSGE32,
376 | 	MIPS_INS_BREAK,
377 | 	MIPS_INS_BSELI,
378 | 	MIPS_INS_BSEL,
379 | 	MIPS_INS_BSETI,
380 | 	MIPS_INS_BSET,
381 | 	MIPS_INS_BZ,
382 | 	MIPS_INS_BEQZ,
383 | 	MIPS_INS_B,
384 | 	MIPS_INS_BNEZ,
385 | 	MIPS_INS_BTEQZ,
386 | 	MIPS_INS_BTNEZ,
387 | 	MIPS_INS_CACHE,
388 | 	MIPS_INS_CEIL,
389 | 	MIPS_INS_CEQI,
390 | 	MIPS_INS_CEQ,
391 | 	MIPS_INS_CFC1,
392 | 	MIPS_INS_CFCMSA,
393 | 	MIPS_INS_CINS,
394 | 	MIPS_INS_CINS32,
395 | 	MIPS_INS_CLASS,
396 | 	MIPS_INS_CLEI_S,
397 | 	MIPS_INS_CLEI_U,
398 | 	MIPS_INS_CLE_S,
399 | 	MIPS_INS_CLE_U,
400 | 	MIPS_INS_CLO,
401 | 	MIPS_INS_CLTI_S,
402 | 	MIPS_INS_CLTI_U,
403 | 	MIPS_INS_CLT_S,
404 | 	MIPS_INS_CLT_U,
405 | 	MIPS_INS_CLZ,
406 | 	MIPS_INS_CMPGDU,
407 | 	MIPS_INS_CMPGU,
408 | 	MIPS_INS_CMPU,
409 | 	MIPS_INS_CMP,
410 | 	MIPS_INS_COPY_S,
411 | 	MIPS_INS_COPY_U,
412 | 	MIPS_INS_CTC1,
413 | 	MIPS_INS_CTCMSA,
414 | 	MIPS_INS_CVT,
415 | 	MIPS_INS_C,
416 | 	MIPS_INS_CMPI,
417 | 	MIPS_INS_DADD,
418 | 	MIPS_INS_DADDI,
419 | 	MIPS_INS_DADDIU,
420 | 	MIPS_INS_DADDU,
421 | 	MIPS_INS_DAHI,
422 | 	MIPS_INS_DALIGN,
423 | 	MIPS_INS_DATI,
424 | 	MIPS_INS_DAUI,
425 | 	MIPS_INS_DBITSWAP,
426 | 	MIPS_INS_DCLO,
427 | 	MIPS_INS_DCLZ,
428 | 	MIPS_INS_DDIV,
429 | 	MIPS_INS_DDIVU,
430 | 	MIPS_INS_DERET,
431 | 	MIPS_INS_DEXT,
432 | 	MIPS_INS_DEXTM,
433 | 	MIPS_INS_DEXTU,
434 | 	MIPS_INS_DI,
435 | 	MIPS_INS_DINS,
436 | 	MIPS_INS_DINSM,
437 | 	MIPS_INS_DINSU,
438 | 	MIPS_INS_DIV,
439 | 	MIPS_INS_DIVU,
440 | 	MIPS_INS_DIV_S,
441 | 	MIPS_INS_DIV_U,
442 | 	MIPS_INS_DLSA,
443 | 	MIPS_INS_DMFC0,
444 | 	MIPS_INS_DMFC1,
445 | 	MIPS_INS_DMFC2,
446 | 	MIPS_INS_DMOD,
447 | 	MIPS_INS_DMODU,
448 | 	MIPS_INS_DMTC0,
449 | 	MIPS_INS_DMTC1,
450 | 	MIPS_INS_DMTC2,
451 | 	MIPS_INS_DMUH,
452 | 	MIPS_INS_DMUHU,
453 | 	MIPS_INS_DMUL,
454 | 	MIPS_INS_DMULT,
455 | 	MIPS_INS_DMULTU,
456 | 	MIPS_INS_DMULU,
457 | 	MIPS_INS_DOTP_S,
458 | 	MIPS_INS_DOTP_U,
459 | 	MIPS_INS_DPADD_S,
460 | 	MIPS_INS_DPADD_U,
461 | 	MIPS_INS_DPAQX_SA,
462 | 	MIPS_INS_DPAQX_S,
463 | 	MIPS_INS_DPAQ_SA,
464 | 	MIPS_INS_DPAQ_S,
465 | 	MIPS_INS_DPAU,
466 | 	MIPS_INS_DPAX,
467 | 	MIPS_INS_DPA,
468 | 	MIPS_INS_DPOP,
469 | 	MIPS_INS_DPSQX_SA,
470 | 	MIPS_INS_DPSQX_S,
471 | 	MIPS_INS_DPSQ_SA,
472 | 	MIPS_INS_DPSQ_S,
473 | 	MIPS_INS_DPSUB_S,
474 | 	MIPS_INS_DPSUB_U,
475 | 	MIPS_INS_DPSU,
476 | 	MIPS_INS_DPSX,
477 | 	MIPS_INS_DPS,
478 | 	MIPS_INS_DROTR,
479 | 	MIPS_INS_DROTR32,
480 | 	MIPS_INS_DROTRV,
481 | 	MIPS_INS_DSBH,
482 | 	MIPS_INS_DSHD,
483 | 	MIPS_INS_DSLL,
484 | 	MIPS_INS_DSLL32,
485 | 	MIPS_INS_DSLLV,
486 | 	MIPS_INS_DSRA,
487 | 	MIPS_INS_DSRA32,
488 | 	MIPS_INS_DSRAV,
489 | 	MIPS_INS_DSRL,
490 | 	MIPS_INS_DSRL32,
491 | 	MIPS_INS_DSRLV,
492 | 	MIPS_INS_DSUB,
493 | 	MIPS_INS_DSUBU,
494 | 	MIPS_INS_EHB,
495 | 	MIPS_INS_EI,
496 | 	MIPS_INS_ERET,
497 | 	MIPS_INS_EXT,
498 | 	MIPS_INS_EXTP,
499 | 	MIPS_INS_EXTPDP,
500 | 	MIPS_INS_EXTPDPV,
501 | 	MIPS_INS_EXTPV,
502 | 	MIPS_INS_EXTRV_RS,
503 | 	MIPS_INS_EXTRV_R,
504 | 	MIPS_INS_EXTRV_S,
505 | 	MIPS_INS_EXTRV,
506 | 	MIPS_INS_EXTR_RS,
507 | 	MIPS_INS_EXTR_R,
508 | 	MIPS_INS_EXTR_S,
509 | 	MIPS_INS_EXTR,
510 | 	MIPS_INS_EXTS,
511 | 	MIPS_INS_EXTS32,
512 | 	MIPS_INS_ABS,
513 | 	MIPS_INS_FADD,
514 | 	MIPS_INS_FCAF,
515 | 	MIPS_INS_FCEQ,
516 | 	MIPS_INS_FCLASS,
517 | 	MIPS_INS_FCLE,
518 | 	MIPS_INS_FCLT,
519 | 	MIPS_INS_FCNE,
520 | 	MIPS_INS_FCOR,
521 | 	MIPS_INS_FCUEQ,
522 | 	MIPS_INS_FCULE,
523 | 	MIPS_INS_FCULT,
524 | 	MIPS_INS_FCUNE,
525 | 	MIPS_INS_FCUN,
526 | 	MIPS_INS_FDIV,
527 | 	MIPS_INS_FEXDO,
528 | 	MIPS_INS_FEXP2,
529 | 	MIPS_INS_FEXUPL,
530 | 	MIPS_INS_FEXUPR,
531 | 	MIPS_INS_FFINT_S,
532 | 	MIPS_INS_FFINT_U,
533 | 	MIPS_INS_FFQL,
534 | 	MIPS_INS_FFQR,
535 | 	MIPS_INS_FILL,
536 | 	MIPS_INS_FLOG2,
537 | 	MIPS_INS_FLOOR,
538 | 	MIPS_INS_FMADD,
539 | 	MIPS_INS_FMAX_A,
540 | 	MIPS_INS_FMAX,
541 | 	MIPS_INS_FMIN_A,
542 | 	MIPS_INS_FMIN,
543 | 	MIPS_INS_MOV,
544 | 	MIPS_INS_FMSUB,
545 | 	MIPS_INS_FMUL,
546 | 	MIPS_INS_MUL,
547 | 	MIPS_INS_NEG,
548 | 	MIPS_INS_FRCP,
549 | 	MIPS_INS_FRINT,
550 | 	MIPS_INS_FRSQRT,
551 | 	MIPS_INS_FSAF,
552 | 	MIPS_INS_FSEQ,
553 | 	MIPS_INS_FSLE,
554 | 	MIPS_INS_FSLT,
555 | 	MIPS_INS_FSNE,
556 | 	MIPS_INS_FSOR,
557 | 	MIPS_INS_FSQRT,
558 | 	MIPS_INS_SQRT,
559 | 	MIPS_INS_FSUB,
560 | 	MIPS_INS_SUB,
561 | 	MIPS_INS_FSUEQ,
562 | 	MIPS_INS_FSULE,
563 | 	MIPS_INS_FSULT,
564 | 	MIPS_INS_FSUNE,
565 | 	MIPS_INS_FSUN,
566 | 	MIPS_INS_FTINT_S,
567 | 	MIPS_INS_FTINT_U,
568 | 	MIPS_INS_FTQ,
569 | 	MIPS_INS_FTRUNC_S,
570 | 	MIPS_INS_FTRUNC_U,
571 | 	MIPS_INS_HADD_S,
572 | 	MIPS_INS_HADD_U,
573 | 	MIPS_INS_HSUB_S,
574 | 	MIPS_INS_HSUB_U,
575 | 	MIPS_INS_ILVEV,
576 | 	MIPS_INS_ILVL,
577 | 	MIPS_INS_ILVOD,
578 | 	MIPS_INS_ILVR,
579 | 	MIPS_INS_INS,
580 | 	MIPS_INS_INSERT,
581 | 	MIPS_INS_INSV,
582 | 	MIPS_INS_INSVE,
583 | 	MIPS_INS_J,
584 | 	MIPS_INS_JAL,
585 | 	MIPS_INS_JALR,
586 | 	MIPS_INS_JALRS,
587 | 	MIPS_INS_JALS,
588 | 	MIPS_INS_JALX,
589 | 	MIPS_INS_JIALC,
590 | 	MIPS_INS_JIC,
591 | 	MIPS_INS_JR,
592 | 	MIPS_INS_JRADDIUSP,
593 | 	MIPS_INS_JRC,
594 | 	MIPS_INS_JALRC,
595 | 	MIPS_INS_LB,
596 | 	MIPS_INS_LBUX,
597 | 	MIPS_INS_LBU,
598 | 	MIPS_INS_LD,
599 | 	MIPS_INS_LDC1,
600 | 	MIPS_INS_LDC2,
601 | 	MIPS_INS_LDC3,
602 | 	MIPS_INS_LDI,
603 | 	MIPS_INS_LDL,
604 | 	MIPS_INS_LDPC,
605 | 	MIPS_INS_LDR,
606 | 	MIPS_INS_LDXC1,
607 | 	MIPS_INS_LH,
608 | 	MIPS_INS_LHX,
609 | 	MIPS_INS_LHU,
610 | 	MIPS_INS_LL,
611 | 	MIPS_INS_LLD,
612 | 	MIPS_INS_LSA,
613 | 	MIPS_INS_LUXC1,
614 | 	MIPS_INS_LUI,
615 | 	MIPS_INS_LW,
616 | 	MIPS_INS_LWC1,
617 | 	MIPS_INS_LWC2,
618 | 	MIPS_INS_LWC3,
619 | 	MIPS_INS_LWL,
620 | 	MIPS_INS_LWPC,
621 | 	MIPS_INS_LWR,
622 | 	MIPS_INS_LWUPC,
623 | 	MIPS_INS_LWU,
624 | 	MIPS_INS_LWX,
625 | 	MIPS_INS_LWXC1,
626 | 	MIPS_INS_LI,
627 | 	MIPS_INS_MADD,
628 | 	MIPS_INS_MADDF,
629 | 	MIPS_INS_MADDR_Q,
630 | 	MIPS_INS_MADDU,
631 | 	MIPS_INS_MADDV,
632 | 	MIPS_INS_MADD_Q,
633 | 	MIPS_INS_MAQ_SA,
634 | 	MIPS_INS_MAQ_S,
635 | 	MIPS_INS_MAXA,
636 | 	MIPS_INS_MAXI_S,
637 | 	MIPS_INS_MAXI_U,
638 | 	MIPS_INS_MAX_A,
639 | 	MIPS_INS_MAX,
640 | 	MIPS_INS_MAX_S,
641 | 	MIPS_INS_MAX_U,
642 | 	MIPS_INS_MFC0,
643 | 	MIPS_INS_MFC1,
644 | 	MIPS_INS_MFC2,
645 | 	MIPS_INS_MFHC1,
646 | 	MIPS_INS_MFHI,
647 | 	MIPS_INS_MFLO,
648 | 	MIPS_INS_MINA,
649 | 	MIPS_INS_MINI_S,
650 | 	MIPS_INS_MINI_U,
651 | 	MIPS_INS_MIN_A,
652 | 	MIPS_INS_MIN,
653 | 	MIPS_INS_MIN_S,
654 | 	MIPS_INS_MIN_U,
655 | 	MIPS_INS_MOD,
656 | 	MIPS_INS_MODSUB,
657 | 	MIPS_INS_MODU,
658 | 	MIPS_INS_MOD_S,
659 | 	MIPS_INS_MOD_U,
660 | 	MIPS_INS_MOVE,
661 | 	MIPS_INS_MOVF,
662 | 	MIPS_INS_MOVN,
663 | 	MIPS_INS_MOVT,
664 | 	MIPS_INS_MOVZ,
665 | 	MIPS_INS_MSUB,
666 | 	MIPS_INS_MSUBF,
667 | 	MIPS_INS_MSUBR_Q,
668 | 	MIPS_INS_MSUBU,
669 | 	MIPS_INS_MSUBV,
670 | 	MIPS_INS_MSUB_Q,
671 | 	MIPS_INS_MTC0,
672 | 	MIPS_INS_MTC1,
673 | 	MIPS_INS_MTC2,
674 | 	MIPS_INS_MTHC1,
675 | 	MIPS_INS_MTHI,
676 | 	MIPS_INS_MTHLIP,
677 | 	MIPS_INS_MTLO,
678 | 	MIPS_INS_MTM0,
679 | 	MIPS_INS_MTM1,
680 | 	MIPS_INS_MTM2,
681 | 	MIPS_INS_MTP0,
682 | 	MIPS_INS_MTP1,
683 | 	MIPS_INS_MTP2,
684 | 	MIPS_INS_MUH,
685 | 	MIPS_INS_MUHU,
686 | 	MIPS_INS_MULEQ_S,
687 | 	MIPS_INS_MULEU_S,
688 | 	MIPS_INS_MULQ_RS,
689 | 	MIPS_INS_MULQ_S,
690 | 	MIPS_INS_MULR_Q,
691 | 	MIPS_INS_MULSAQ_S,
692 | 	MIPS_INS_MULSA,
693 | 	MIPS_INS_MULT,
694 | 	MIPS_INS_MULTU,
695 | 	MIPS_INS_MULU,
696 | 	MIPS_INS_MULV,
697 | 	MIPS_INS_MUL_Q,
698 | 	MIPS_INS_MUL_S,
699 | 	MIPS_INS_NLOC,
700 | 	MIPS_INS_NLZC,
701 | 	MIPS_INS_NMADD,
702 | 	MIPS_INS_NMSUB,
703 | 	MIPS_INS_NOR,
704 | 	MIPS_INS_NORI,
705 | 	MIPS_INS_NOT,
706 | 	MIPS_INS_OR,
707 | 	MIPS_INS_ORI,
708 | 	MIPS_INS_PACKRL,
709 | 	MIPS_INS_PAUSE,
710 | 	MIPS_INS_PCKEV,
711 | 	MIPS_INS_PCKOD,
712 | 	MIPS_INS_PCNT,
713 | 	MIPS_INS_PICK,
714 | 	MIPS_INS_POP,
715 | 	MIPS_INS_PRECEQU,
716 | 	MIPS_INS_PRECEQ,
717 | 	MIPS_INS_PRECEU,
718 | 	MIPS_INS_PRECRQU_S,
719 | 	MIPS_INS_PRECRQ,
720 | 	MIPS_INS_PRECRQ_RS,
721 | 	MIPS_INS_PRECR,
722 | 	MIPS_INS_PRECR_SRA,
723 | 	MIPS_INS_PRECR_SRA_R,
724 | 	MIPS_INS_PREF,
725 | 	MIPS_INS_PREPEND,
726 | 	MIPS_INS_RADDU,
727 | 	MIPS_INS_RDDSP,
728 | 	MIPS_INS_RDHWR,
729 | 	MIPS_INS_REPLV,
730 | 	MIPS_INS_REPL,
731 | 	MIPS_INS_RINT,
732 | 	MIPS_INS_ROTR,
733 | 	MIPS_INS_ROTRV,
734 | 	MIPS_INS_ROUND,
735 | 	MIPS_INS_SAT_S,
736 | 	MIPS_INS_SAT_U,
737 | 	MIPS_INS_SB,
738 | 	MIPS_INS_SC,
739 | 	MIPS_INS_SCD,
740 | 	MIPS_INS_SD,
741 | 	MIPS_INS_SDBBP,
742 | 	MIPS_INS_SDC1,
743 | 	MIPS_INS_SDC2,
744 | 	MIPS_INS_SDC3,
745 | 	MIPS_INS_SDL,
746 | 	MIPS_INS_SDR,
747 | 	MIPS_INS_SDXC1,
748 | 	MIPS_INS_SEB,
749 | 	MIPS_INS_SEH,
750 | 	MIPS_INS_SELEQZ,
751 | 	MIPS_INS_SELNEZ,
752 | 	MIPS_INS_SEL,
753 | 	MIPS_INS_SEQ,
754 | 	MIPS_INS_SEQI,
755 | 	MIPS_INS_SH,
756 | 	MIPS_INS_SHF,
757 | 	MIPS_INS_SHILO,
758 | 	MIPS_INS_SHILOV,
759 | 	MIPS_INS_SHLLV,
760 | 	MIPS_INS_SHLLV_S,
761 | 	MIPS_INS_SHLL,
762 | 	MIPS_INS_SHLL_S,
763 | 	MIPS_INS_SHRAV,
764 | 	MIPS_INS_SHRAV_R,
765 | 	MIPS_INS_SHRA,
766 | 	MIPS_INS_SHRA_R,
767 | 	MIPS_INS_SHRLV,
768 | 	MIPS_INS_SHRL,
769 | 	MIPS_INS_SLDI,
770 | 	MIPS_INS_SLD,
771 | 	MIPS_INS_SLL,
772 | 	MIPS_INS_SLLI,
773 | 	MIPS_INS_SLLV,
774 | 	MIPS_INS_SLT,
775 | 	MIPS_INS_SLTI,
776 | 	MIPS_INS_SLTIU,
777 | 	MIPS_INS_SLTU,
778 | 	MIPS_INS_SNE,
779 | 	MIPS_INS_SNEI,
780 | 	MIPS_INS_SPLATI,
781 | 	MIPS_INS_SPLAT,
782 | 	MIPS_INS_SRA,
783 | 	MIPS_INS_SRAI,
784 | 	MIPS_INS_SRARI,
785 | 	MIPS_INS_SRAR,
786 | 	MIPS_INS_SRAV,
787 | 	MIPS_INS_SRL,
788 | 	MIPS_INS_SRLI,
789 | 	MIPS_INS_SRLRI,
790 | 	MIPS_INS_SRLR,
791 | 	MIPS_INS_SRLV,
792 | 	MIPS_INS_SSNOP,
793 | 	MIPS_INS_ST,
794 | 	MIPS_INS_SUBQH,
795 | 	MIPS_INS_SUBQH_R,
796 | 	MIPS_INS_SUBQ,
797 | 	MIPS_INS_SUBQ_S,
798 | 	MIPS_INS_SUBSUS_U,
799 | 	MIPS_INS_SUBSUU_S,
800 | 	MIPS_INS_SUBS_S,
801 | 	MIPS_INS_SUBS_U,
802 | 	MIPS_INS_SUBUH,
803 | 	MIPS_INS_SUBUH_R,
804 | 	MIPS_INS_SUBU,
805 | 	MIPS_INS_SUBU_S,
806 | 	MIPS_INS_SUBVI,
807 | 	MIPS_INS_SUBV,
808 | 	MIPS_INS_SUXC1,
809 | 	MIPS_INS_SW,
810 | 	MIPS_INS_SWC1,
811 | 	MIPS_INS_SWC2,
812 | 	MIPS_INS_SWC3,
813 | 	MIPS_INS_SWL,
814 | 	MIPS_INS_SWR,
815 | 	MIPS_INS_SWXC1,
816 | 	MIPS_INS_SYNC,
817 | 	MIPS_INS_SYSCALL,
818 | 	MIPS_INS_TEQ,
819 | 	MIPS_INS_TEQI,
820 | 	MIPS_INS_TGE,
821 | 	MIPS_INS_TGEI,
822 | 	MIPS_INS_TGEIU,
823 | 	MIPS_INS_TGEU,
824 | 	MIPS_INS_TLBP,
825 | 	MIPS_INS_TLBR,
826 | 	MIPS_INS_TLBWI,
827 | 	MIPS_INS_TLBWR,
828 | 	MIPS_INS_TLT,
829 | 	MIPS_INS_TLTI,
830 | 	MIPS_INS_TLTIU,
831 | 	MIPS_INS_TLTU,
832 | 	MIPS_INS_TNE,
833 | 	MIPS_INS_TNEI,
834 | 	MIPS_INS_TRUNC,
835 | 	MIPS_INS_V3MULU,
836 | 	MIPS_INS_VMM0,
837 | 	MIPS_INS_VMULU,
838 | 	MIPS_INS_VSHF,
839 | 	MIPS_INS_WAIT,
840 | 	MIPS_INS_WRDSP,
841 | 	MIPS_INS_WSBH,
842 | 	MIPS_INS_XOR,
843 | 	MIPS_INS_XORI,
844 | 
845 | 	//> some alias instructions
846 | 	MIPS_INS_NOP,
847 | 	MIPS_INS_NEGU,
848 | 
849 | 	//> special instructions
850 | 	MIPS_INS_JALR_HB,	// jump and link with Hazard Barrier
851 | 	MIPS_INS_JR_HB,		// jump register with Hazard Barrier
852 | 
853 | 	MIPS_INS_ENDING,
854 | } mips_insn;
855 | 
856 | //> Group of MIPS instructions
857 | typedef enum mips_insn_group {
858 | 	MIPS_GRP_INVALID = 0, // = CS_GRP_INVALID
859 | 
860 | 	//> Generic groups
861 | 	// all jump instructions (conditional+direct+indirect jumps)
862 | 	MIPS_GRP_JUMP,	// = CS_GRP_JUMP
863 | 
864 | 	//> Architecture-specific groups
865 | 	MIPS_GRP_BITCOUNT = 128,
866 | 	MIPS_GRP_DSP,
867 | 	MIPS_GRP_DSPR2,
868 | 	MIPS_GRP_FPIDX,
869 | 	MIPS_GRP_MSA,
870 | 	MIPS_GRP_MIPS32R2,
871 | 	MIPS_GRP_MIPS64,
872 | 	MIPS_GRP_MIPS64R2,
873 | 	MIPS_GRP_SEINREG,
874 | 	MIPS_GRP_STDENC,
875 | 	MIPS_GRP_SWAP,
876 | 	MIPS_GRP_MICROMIPS,
877 | 	MIPS_GRP_MIPS16MODE,
878 | 	MIPS_GRP_FP64BIT,
879 | 	MIPS_GRP_NONANSFPMATH,
880 | 	MIPS_GRP_NOTFP64BIT,
881 | 	MIPS_GRP_NOTINMICROMIPS,
882 | 	MIPS_GRP_NOTNACL,
883 | 	MIPS_GRP_NOTMIPS32R6,
884 | 	MIPS_GRP_NOTMIPS64R6,
885 | 	MIPS_GRP_CNMIPS,
886 | 	MIPS_GRP_MIPS32,
887 | 	MIPS_GRP_MIPS32R6,
888 | 	MIPS_GRP_MIPS64R6,
889 | 	MIPS_GRP_MIPS2,
890 | 	MIPS_GRP_MIPS3,
891 | 	MIPS_GRP_MIPS3_32,
892 | 	MIPS_GRP_MIPS3_32R2,
893 | 	MIPS_GRP_MIPS4_32,
894 | 	MIPS_GRP_MIPS4_32R2,
895 | 	MIPS_GRP_MIPS5_32R2,
896 | 	MIPS_GRP_GP32BIT,
897 | 	MIPS_GRP_GP64BIT,
898 | 
899 | 	MIPS_GRP_ENDING,
900 | } mips_insn_group;
901 | 
902 | #ifdef __cplusplus
903 | }
904 | #endif
905 | 
906 | #endif
907 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/include/platform.h:
--------------------------------------------------------------------------------
  1 | /* Capstone Disassembly Engine */
  2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */
  3 | 
  4 | #ifndef CAPSTONE_PLATFORM_H
  5 | #define CAPSTONE_PLATFORM_H
  6 | 
  7 | // handle C99 issue (for pre-2013 VisualStudio)
  8 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64))
  9 | // MSVC
 10 | 
 11 | // stdbool.h
 12 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE)
 13 | // this system does not have stdbool.h
 14 | #ifndef __cplusplus
 15 | typedef unsigned char bool;
 16 | #define false 0
 17 | #define true 1
 18 | #endif
 19 | 
 20 | #else
 21 | // VisualStudio 2013+ -> C99 is supported
 22 | #include <stdbool.h>
 23 | #endif
 24 | 
 25 | #else
 26 | // not MSVC -> C99 is supported
 27 | #include <stdbool.h>
 28 | #endif
 29 | 
 30 | 
 31 | // handle C99 issue (for pre-2013 VisualStudio)
 32 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)))
 33 | // this system does not have inttypes.h
 34 | 
 35 | #if defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))
 36 | // this system does not have stdint.h
 37 | typedef signed char  int8_t;
 38 | typedef signed short int16_t;
 39 | typedef signed int   int32_t;
 40 | typedef unsigned char  uint8_t;
 41 | typedef unsigned short uint16_t;
 42 | typedef unsigned int   uint32_t;
 43 | typedef signed long long   int64_t;
 44 | typedef unsigned long long uint64_t;
 45 | 
 46 | #define INT8_MIN         (-127i8 - 1)
 47 | #define INT16_MIN        (-32767i16 - 1)
 48 | #define INT32_MIN        (-2147483647i32 - 1)
 49 | #define INT64_MIN        (-9223372036854775807i64 - 1)
 50 | #define INT8_MAX         127i8
 51 | #define INT16_MAX        32767i16
 52 | #define INT32_MAX        2147483647i32
 53 | #define INT64_MAX        9223372036854775807i64
 54 | #define UINT8_MAX        0xffui8
 55 | #define UINT16_MAX       0xffffui16
 56 | #define UINT32_MAX       0xffffffffui32
 57 | #define UINT64_MAX       0xffffffffffffffffui64
 58 | #endif
 59 | 
 60 | #define __PRI_8_LENGTH_MODIFIER__ "hh"
 61 | #define __PRI_64_LENGTH_MODIFIER__ "ll"
 62 | 
 63 | #define PRId8         __PRI_8_LENGTH_MODIFIER__ "d"
 64 | #define PRIi8         __PRI_8_LENGTH_MODIFIER__ "i"
 65 | #define PRIo8         __PRI_8_LENGTH_MODIFIER__ "o"
 66 | #define PRIu8         __PRI_8_LENGTH_MODIFIER__ "u"
 67 | #define PRIx8         __PRI_8_LENGTH_MODIFIER__ "x"
 68 | #define PRIX8         __PRI_8_LENGTH_MODIFIER__ "X"
 69 | 
 70 | #define PRId16        "hd"
 71 | #define PRIi16        "hi"
 72 | #define PRIo16        "ho"
 73 | #define PRIu16        "hu"
 74 | #define PRIx16        "hx"
 75 | #define PRIX16        "hX"
 76 | 
 77 | #if defined(_MSC_VER) && _MSC_VER <= 1700
 78 | #define PRId32        "ld"
 79 | #define PRIi32        "li"
 80 | #define PRIo32        "lo"
 81 | #define PRIu32        "lu"
 82 | #define PRIx32        "lx"
 83 | #define PRIX32        "lX"
 84 | #else	// OSX
 85 | #define PRId32        "d"
 86 | #define PRIi32        "i"
 87 | #define PRIo32        "o"
 88 | #define PRIu32        "u"
 89 | #define PRIx32        "x"
 90 | #define PRIX32        "X"
 91 | #endif
 92 | 
 93 | #define PRId64        __PRI_64_LENGTH_MODIFIER__ "d"
 94 | #define PRIi64        __PRI_64_LENGTH_MODIFIER__ "i"
 95 | #define PRIo64        __PRI_64_LENGTH_MODIFIER__ "o"
 96 | #define PRIu64        __PRI_64_LENGTH_MODIFIER__ "u"
 97 | #define PRIx64        __PRI_64_LENGTH_MODIFIER__ "x"
 98 | #define PRIX64        __PRI_64_LENGTH_MODIFIER__ "X"
 99 | 
100 | #else
101 | // this system has inttypes.h by default
102 | #include <inttypes.h>
103 | #endif
104 | 
105 | #endif
106 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/include/sparc.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_SPARC_H
  2 | #define CAPSTONE_SPARC_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | // GCC SPARC toolchain has a default macro called "sparc" which breaks
 18 | // compilation
 19 | #undef sparc
 20 | 
 21 | #ifdef _MSC_VER
 22 | #pragma warning(disable:4201)
 23 | #endif
 24 | 
 25 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's.
 26 | typedef enum sparc_cc {
 27 | 	SPARC_CC_INVALID = 0,	// invalid CC (default)
 28 | 	//> Integer condition codes
 29 | 	SPARC_CC_ICC_A   =  8+256,  // Always
 30 | 	SPARC_CC_ICC_N   =  0+256,  // Never
 31 | 	SPARC_CC_ICC_NE  =  9+256,  // Not Equal
 32 | 	SPARC_CC_ICC_E   =  1+256,  // Equal
 33 | 	SPARC_CC_ICC_G   = 10+256,  // Greater
 34 | 	SPARC_CC_ICC_LE  =  2+256,  // Less or Equal
 35 | 	SPARC_CC_ICC_GE  = 11+256,  // Greater or Equal
 36 | 	SPARC_CC_ICC_L   =  3+256,  // Less
 37 | 	SPARC_CC_ICC_GU  = 12+256,  // Greater Unsigned
 38 | 	SPARC_CC_ICC_LEU =  4+256,  // Less or Equal Unsigned
 39 | 	SPARC_CC_ICC_CC  = 13+256,  // Carry Clear/Great or Equal Unsigned
 40 | 	SPARC_CC_ICC_CS  =  5+256,  // Carry Set/Less Unsigned
 41 | 	SPARC_CC_ICC_POS = 14+256,  // Positive
 42 | 	SPARC_CC_ICC_NEG =  6+256,  // Negative
 43 | 	SPARC_CC_ICC_VC  = 15+256,  // Overflow Clear
 44 | 	SPARC_CC_ICC_VS  =  7+256,  // Overflow Set
 45 | 
 46 | 	//> Floating condition codes
 47 | 	SPARC_CC_FCC_A   =  8+16+256,  // Always
 48 | 	SPARC_CC_FCC_N   =  0+16+256,  // Never
 49 | 	SPARC_CC_FCC_U   =  7+16+256,  // Unordered
 50 | 	SPARC_CC_FCC_G   =  6+16+256,  // Greater
 51 | 	SPARC_CC_FCC_UG  =  5+16+256,  // Unordered or Greater
 52 | 	SPARC_CC_FCC_L   =  4+16+256,  // Less
 53 | 	SPARC_CC_FCC_UL  =  3+16+256,  // Unordered or Less
 54 | 	SPARC_CC_FCC_LG  =  2+16+256,  // Less or Greater
 55 | 	SPARC_CC_FCC_NE  =  1+16+256,  // Not Equal
 56 | 	SPARC_CC_FCC_E   =  9+16+256,  // Equal
 57 | 	SPARC_CC_FCC_UE  = 10+16+256,  // Unordered or Equal
 58 | 	SPARC_CC_FCC_GE  = 11+16+256,  // Greater or Equal
 59 | 	SPARC_CC_FCC_UGE = 12+16+256,  // Unordered or Greater or Equal
 60 | 	SPARC_CC_FCC_LE  = 13+16+256,  // Less or Equal
 61 | 	SPARC_CC_FCC_ULE = 14+16+256,  // Unordered or Less or Equal
 62 | 	SPARC_CC_FCC_O   = 15+16+256,  // Ordered
 63 | } sparc_cc;
 64 | 
 65 | //> Branch hint
 66 | typedef enum sparc_hint {
 67 | 	SPARC_HINT_INVALID = 0,	// no hint
 68 | 	SPARC_HINT_A	= 1 << 0,	// annul delay slot instruction
 69 | 	SPARC_HINT_PT	= 1 << 1,	// branch taken
 70 | 	SPARC_HINT_PN	= 1 << 2,	// branch NOT taken
 71 | } sparc_hint;
 72 | 
 73 | //> Operand type for instruction's operands
 74 | typedef enum sparc_op_type {
 75 | 	SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 76 | 	SPARC_OP_REG, // = CS_OP_REG (Register operand).
 77 | 	SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand).
 78 | 	SPARC_OP_MEM, // = CS_OP_MEM (Memory operand).
 79 | } sparc_op_type;
 80 | 
 81 | // Instruction's operand referring to memory
 82 | // This is associated with SPARC_OP_MEM operand type above
 83 | typedef struct sparc_op_mem {
 84 | 	uint8_t base;	// base register
 85 | 	uint8_t index;	// index register
 86 | 	int32_t disp;	// displacement/offset value
 87 | } sparc_op_mem;
 88 | 
 89 | // Instruction operand
 90 | typedef struct cs_sparc_op {
 91 | 	sparc_op_type type;	// operand type
 92 | 	union {
 93 | 		unsigned int reg;	// register value for REG operand
 94 | 		int32_t imm;		// immediate value for IMM operand
 95 | 		sparc_op_mem mem;		// base/disp value for MEM operand
 96 | 	};
 97 | } cs_sparc_op;
 98 | 
 99 | // Instruction structure
100 | typedef struct cs_sparc {
101 | 	sparc_cc cc;	// code condition for this insn
102 | 	sparc_hint hint;	// branch hint: encoding as bitwise OR of sparc_hint.
103 | 	// Number of operands of this instruction, 
104 | 	// or 0 when instruction has no operand.
105 | 	uint8_t op_count;
106 | 	cs_sparc_op operands[4]; // operands for this instruction.
107 | } cs_sparc;
108 | 
109 | //> SPARC registers
110 | typedef enum sparc_reg {
111 | 	SPARC_REG_INVALID = 0,
112 | 
113 | 	SPARC_REG_F0,
114 | 	SPARC_REG_F1,
115 | 	SPARC_REG_F2,
116 | 	SPARC_REG_F3,
117 | 	SPARC_REG_F4,
118 | 	SPARC_REG_F5,
119 | 	SPARC_REG_F6,
120 | 	SPARC_REG_F7,
121 | 	SPARC_REG_F8,
122 | 	SPARC_REG_F9,
123 | 	SPARC_REG_F10,
124 | 	SPARC_REG_F11,
125 | 	SPARC_REG_F12,
126 | 	SPARC_REG_F13,
127 | 	SPARC_REG_F14,
128 | 	SPARC_REG_F15,
129 | 	SPARC_REG_F16,
130 | 	SPARC_REG_F17,
131 | 	SPARC_REG_F18,
132 | 	SPARC_REG_F19,
133 | 	SPARC_REG_F20,
134 | 	SPARC_REG_F21,
135 | 	SPARC_REG_F22,
136 | 	SPARC_REG_F23,
137 | 	SPARC_REG_F24,
138 | 	SPARC_REG_F25,
139 | 	SPARC_REG_F26,
140 | 	SPARC_REG_F27,
141 | 	SPARC_REG_F28,
142 | 	SPARC_REG_F29,
143 | 	SPARC_REG_F30,
144 | 	SPARC_REG_F31,
145 | 	SPARC_REG_F32,
146 | 	SPARC_REG_F34,
147 | 	SPARC_REG_F36,
148 | 	SPARC_REG_F38,
149 | 	SPARC_REG_F40,
150 | 	SPARC_REG_F42,
151 | 	SPARC_REG_F44,
152 | 	SPARC_REG_F46,
153 | 	SPARC_REG_F48,
154 | 	SPARC_REG_F50,
155 | 	SPARC_REG_F52,
156 | 	SPARC_REG_F54,
157 | 	SPARC_REG_F56,
158 | 	SPARC_REG_F58,
159 | 	SPARC_REG_F60,
160 | 	SPARC_REG_F62,
161 | 	SPARC_REG_FCC0,	// Floating condition codes
162 | 	SPARC_REG_FCC1,
163 | 	SPARC_REG_FCC2,
164 | 	SPARC_REG_FCC3,
165 | 	SPARC_REG_FP,
166 | 	SPARC_REG_G0,
167 | 	SPARC_REG_G1,
168 | 	SPARC_REG_G2,
169 | 	SPARC_REG_G3,
170 | 	SPARC_REG_G4,
171 | 	SPARC_REG_G5,
172 | 	SPARC_REG_G6,
173 | 	SPARC_REG_G7,
174 | 	SPARC_REG_I0,
175 | 	SPARC_REG_I1,
176 | 	SPARC_REG_I2,
177 | 	SPARC_REG_I3,
178 | 	SPARC_REG_I4,
179 | 	SPARC_REG_I5,
180 | 	SPARC_REG_I7,
181 | 	SPARC_REG_ICC,	// Integer condition codes
182 | 	SPARC_REG_L0,
183 | 	SPARC_REG_L1,
184 | 	SPARC_REG_L2,
185 | 	SPARC_REG_L3,
186 | 	SPARC_REG_L4,
187 | 	SPARC_REG_L5,
188 | 	SPARC_REG_L6,
189 | 	SPARC_REG_L7,
190 | 	SPARC_REG_O0,
191 | 	SPARC_REG_O1,
192 | 	SPARC_REG_O2,
193 | 	SPARC_REG_O3,
194 | 	SPARC_REG_O4,
195 | 	SPARC_REG_O5,
196 | 	SPARC_REG_O7,
197 | 	SPARC_REG_SP,
198 | 	SPARC_REG_Y,
199 | 
200 | 	// special register
201 | 	SPARC_REG_XCC,
202 | 
203 | 	SPARC_REG_ENDING,   // <-- mark the end of the list of registers
204 | 
205 | 	// extras
206 | 	SPARC_REG_O6 = SPARC_REG_SP,
207 | 	SPARC_REG_I6 = SPARC_REG_FP,
208 | } sparc_reg;
209 | 
210 | //> SPARC instruction
211 | typedef enum sparc_insn {
212 | 	SPARC_INS_INVALID = 0,
213 | 
214 | 	SPARC_INS_ADDCC,
215 | 	SPARC_INS_ADDX,
216 | 	SPARC_INS_ADDXCC,
217 | 	SPARC_INS_ADDXC,
218 | 	SPARC_INS_ADDXCCC,
219 | 	SPARC_INS_ADD,
220 | 	SPARC_INS_ALIGNADDR,
221 | 	SPARC_INS_ALIGNADDRL,
222 | 	SPARC_INS_ANDCC,
223 | 	SPARC_INS_ANDNCC,
224 | 	SPARC_INS_ANDN,
225 | 	SPARC_INS_AND,
226 | 	SPARC_INS_ARRAY16,
227 | 	SPARC_INS_ARRAY32,
228 | 	SPARC_INS_ARRAY8,
229 | 	SPARC_INS_B,
230 | 	SPARC_INS_JMP,
231 | 	SPARC_INS_BMASK,
232 | 	SPARC_INS_FB,
233 | 	SPARC_INS_BRGEZ,
234 | 	SPARC_INS_BRGZ,
235 | 	SPARC_INS_BRLEZ,
236 | 	SPARC_INS_BRLZ,
237 | 	SPARC_INS_BRNZ,
238 | 	SPARC_INS_BRZ,
239 | 	SPARC_INS_BSHUFFLE,
240 | 	SPARC_INS_CALL,
241 | 	SPARC_INS_CASX,
242 | 	SPARC_INS_CAS,
243 | 	SPARC_INS_CMASK16,
244 | 	SPARC_INS_CMASK32,
245 | 	SPARC_INS_CMASK8,
246 | 	SPARC_INS_CMP,
247 | 	SPARC_INS_EDGE16,
248 | 	SPARC_INS_EDGE16L,
249 | 	SPARC_INS_EDGE16LN,
250 | 	SPARC_INS_EDGE16N,
251 | 	SPARC_INS_EDGE32,
252 | 	SPARC_INS_EDGE32L,
253 | 	SPARC_INS_EDGE32LN,
254 | 	SPARC_INS_EDGE32N,
255 | 	SPARC_INS_EDGE8,
256 | 	SPARC_INS_EDGE8L,
257 | 	SPARC_INS_EDGE8LN,
258 | 	SPARC_INS_EDGE8N,
259 | 	SPARC_INS_FABSD,
260 | 	SPARC_INS_FABSQ,
261 | 	SPARC_INS_FABSS,
262 | 	SPARC_INS_FADDD,
263 | 	SPARC_INS_FADDQ,
264 | 	SPARC_INS_FADDS,
265 | 	SPARC_INS_FALIGNDATA,
266 | 	SPARC_INS_FAND,
267 | 	SPARC_INS_FANDNOT1,
268 | 	SPARC_INS_FANDNOT1S,
269 | 	SPARC_INS_FANDNOT2,
270 | 	SPARC_INS_FANDNOT2S,
271 | 	SPARC_INS_FANDS,
272 | 	SPARC_INS_FCHKSM16,
273 | 	SPARC_INS_FCMPD,
274 | 	SPARC_INS_FCMPEQ16,
275 | 	SPARC_INS_FCMPEQ32,
276 | 	SPARC_INS_FCMPGT16,
277 | 	SPARC_INS_FCMPGT32,
278 | 	SPARC_INS_FCMPLE16,
279 | 	SPARC_INS_FCMPLE32,
280 | 	SPARC_INS_FCMPNE16,
281 | 	SPARC_INS_FCMPNE32,
282 | 	SPARC_INS_FCMPQ,
283 | 	SPARC_INS_FCMPS,
284 | 	SPARC_INS_FDIVD,
285 | 	SPARC_INS_FDIVQ,
286 | 	SPARC_INS_FDIVS,
287 | 	SPARC_INS_FDMULQ,
288 | 	SPARC_INS_FDTOI,
289 | 	SPARC_INS_FDTOQ,
290 | 	SPARC_INS_FDTOS,
291 | 	SPARC_INS_FDTOX,
292 | 	SPARC_INS_FEXPAND,
293 | 	SPARC_INS_FHADDD,
294 | 	SPARC_INS_FHADDS,
295 | 	SPARC_INS_FHSUBD,
296 | 	SPARC_INS_FHSUBS,
297 | 	SPARC_INS_FITOD,
298 | 	SPARC_INS_FITOQ,
299 | 	SPARC_INS_FITOS,
300 | 	SPARC_INS_FLCMPD,
301 | 	SPARC_INS_FLCMPS,
302 | 	SPARC_INS_FLUSHW,
303 | 	SPARC_INS_FMEAN16,
304 | 	SPARC_INS_FMOVD,
305 | 	SPARC_INS_FMOVQ,
306 | 	SPARC_INS_FMOVRDGEZ,
307 | 	SPARC_INS_FMOVRQGEZ,
308 | 	SPARC_INS_FMOVRSGEZ,
309 | 	SPARC_INS_FMOVRDGZ,
310 | 	SPARC_INS_FMOVRQGZ,
311 | 	SPARC_INS_FMOVRSGZ,
312 | 	SPARC_INS_FMOVRDLEZ,
313 | 	SPARC_INS_FMOVRQLEZ,
314 | 	SPARC_INS_FMOVRSLEZ,
315 | 	SPARC_INS_FMOVRDLZ,
316 | 	SPARC_INS_FMOVRQLZ,
317 | 	SPARC_INS_FMOVRSLZ,
318 | 	SPARC_INS_FMOVRDNZ,
319 | 	SPARC_INS_FMOVRQNZ,
320 | 	SPARC_INS_FMOVRSNZ,
321 | 	SPARC_INS_FMOVRDZ,
322 | 	SPARC_INS_FMOVRQZ,
323 | 	SPARC_INS_FMOVRSZ,
324 | 	SPARC_INS_FMOVS,
325 | 	SPARC_INS_FMUL8SUX16,
326 | 	SPARC_INS_FMUL8ULX16,
327 | 	SPARC_INS_FMUL8X16,
328 | 	SPARC_INS_FMUL8X16AL,
329 | 	SPARC_INS_FMUL8X16AU,
330 | 	SPARC_INS_FMULD,
331 | 	SPARC_INS_FMULD8SUX16,
332 | 	SPARC_INS_FMULD8ULX16,
333 | 	SPARC_INS_FMULQ,
334 | 	SPARC_INS_FMULS,
335 | 	SPARC_INS_FNADDD,
336 | 	SPARC_INS_FNADDS,
337 | 	SPARC_INS_FNAND,
338 | 	SPARC_INS_FNANDS,
339 | 	SPARC_INS_FNEGD,
340 | 	SPARC_INS_FNEGQ,
341 | 	SPARC_INS_FNEGS,
342 | 	SPARC_INS_FNHADDD,
343 | 	SPARC_INS_FNHADDS,
344 | 	SPARC_INS_FNOR,
345 | 	SPARC_INS_FNORS,
346 | 	SPARC_INS_FNOT1,
347 | 	SPARC_INS_FNOT1S,
348 | 	SPARC_INS_FNOT2,
349 | 	SPARC_INS_FNOT2S,
350 | 	SPARC_INS_FONE,
351 | 	SPARC_INS_FONES,
352 | 	SPARC_INS_FOR,
353 | 	SPARC_INS_FORNOT1,
354 | 	SPARC_INS_FORNOT1S,
355 | 	SPARC_INS_FORNOT2,
356 | 	SPARC_INS_FORNOT2S,
357 | 	SPARC_INS_FORS,
358 | 	SPARC_INS_FPACK16,
359 | 	SPARC_INS_FPACK32,
360 | 	SPARC_INS_FPACKFIX,
361 | 	SPARC_INS_FPADD16,
362 | 	SPARC_INS_FPADD16S,
363 | 	SPARC_INS_FPADD32,
364 | 	SPARC_INS_FPADD32S,
365 | 	SPARC_INS_FPADD64,
366 | 	SPARC_INS_FPMERGE,
367 | 	SPARC_INS_FPSUB16,
368 | 	SPARC_INS_FPSUB16S,
369 | 	SPARC_INS_FPSUB32,
370 | 	SPARC_INS_FPSUB32S,
371 | 	SPARC_INS_FQTOD,
372 | 	SPARC_INS_FQTOI,
373 | 	SPARC_INS_FQTOS,
374 | 	SPARC_INS_FQTOX,
375 | 	SPARC_INS_FSLAS16,
376 | 	SPARC_INS_FSLAS32,
377 | 	SPARC_INS_FSLL16,
378 | 	SPARC_INS_FSLL32,
379 | 	SPARC_INS_FSMULD,
380 | 	SPARC_INS_FSQRTD,
381 | 	SPARC_INS_FSQRTQ,
382 | 	SPARC_INS_FSQRTS,
383 | 	SPARC_INS_FSRA16,
384 | 	SPARC_INS_FSRA32,
385 | 	SPARC_INS_FSRC1,
386 | 	SPARC_INS_FSRC1S,
387 | 	SPARC_INS_FSRC2,
388 | 	SPARC_INS_FSRC2S,
389 | 	SPARC_INS_FSRL16,
390 | 	SPARC_INS_FSRL32,
391 | 	SPARC_INS_FSTOD,
392 | 	SPARC_INS_FSTOI,
393 | 	SPARC_INS_FSTOQ,
394 | 	SPARC_INS_FSTOX,
395 | 	SPARC_INS_FSUBD,
396 | 	SPARC_INS_FSUBQ,
397 | 	SPARC_INS_FSUBS,
398 | 	SPARC_INS_FXNOR,
399 | 	SPARC_INS_FXNORS,
400 | 	SPARC_INS_FXOR,
401 | 	SPARC_INS_FXORS,
402 | 	SPARC_INS_FXTOD,
403 | 	SPARC_INS_FXTOQ,
404 | 	SPARC_INS_FXTOS,
405 | 	SPARC_INS_FZERO,
406 | 	SPARC_INS_FZEROS,
407 | 	SPARC_INS_JMPL,
408 | 	SPARC_INS_LDD,
409 | 	SPARC_INS_LD,
410 | 	SPARC_INS_LDQ,
411 | 	SPARC_INS_LDSB,
412 | 	SPARC_INS_LDSH,
413 | 	SPARC_INS_LDSW,
414 | 	SPARC_INS_LDUB,
415 | 	SPARC_INS_LDUH,
416 | 	SPARC_INS_LDX,
417 | 	SPARC_INS_LZCNT,
418 | 	SPARC_INS_MEMBAR,
419 | 	SPARC_INS_MOVDTOX,
420 | 	SPARC_INS_MOV,
421 | 	SPARC_INS_MOVRGEZ,
422 | 	SPARC_INS_MOVRGZ,
423 | 	SPARC_INS_MOVRLEZ,
424 | 	SPARC_INS_MOVRLZ,
425 | 	SPARC_INS_MOVRNZ,
426 | 	SPARC_INS_MOVRZ,
427 | 	SPARC_INS_MOVSTOSW,
428 | 	SPARC_INS_MOVSTOUW,
429 | 	SPARC_INS_MULX,
430 | 	SPARC_INS_NOP,
431 | 	SPARC_INS_ORCC,
432 | 	SPARC_INS_ORNCC,
433 | 	SPARC_INS_ORN,
434 | 	SPARC_INS_OR,
435 | 	SPARC_INS_PDIST,
436 | 	SPARC_INS_PDISTN,
437 | 	SPARC_INS_POPC,
438 | 	SPARC_INS_RD,
439 | 	SPARC_INS_RESTORE,
440 | 	SPARC_INS_RETT,
441 | 	SPARC_INS_SAVE,
442 | 	SPARC_INS_SDIVCC,
443 | 	SPARC_INS_SDIVX,
444 | 	SPARC_INS_SDIV,
445 | 	SPARC_INS_SETHI,
446 | 	SPARC_INS_SHUTDOWN,
447 | 	SPARC_INS_SIAM,
448 | 	SPARC_INS_SLLX,
449 | 	SPARC_INS_SLL,
450 | 	SPARC_INS_SMULCC,
451 | 	SPARC_INS_SMUL,
452 | 	SPARC_INS_SRAX,
453 | 	SPARC_INS_SRA,
454 | 	SPARC_INS_SRLX,
455 | 	SPARC_INS_SRL,
456 | 	SPARC_INS_STBAR,
457 | 	SPARC_INS_STB,
458 | 	SPARC_INS_STD,
459 | 	SPARC_INS_ST,
460 | 	SPARC_INS_STH,
461 | 	SPARC_INS_STQ,
462 | 	SPARC_INS_STX,
463 | 	SPARC_INS_SUBCC,
464 | 	SPARC_INS_SUBX,
465 | 	SPARC_INS_SUBXCC,
466 | 	SPARC_INS_SUB,
467 | 	SPARC_INS_SWAP,
468 | 	SPARC_INS_TADDCCTV,
469 | 	SPARC_INS_TADDCC,
470 | 	SPARC_INS_T,
471 | 	SPARC_INS_TSUBCCTV,
472 | 	SPARC_INS_TSUBCC,
473 | 	SPARC_INS_UDIVCC,
474 | 	SPARC_INS_UDIVX,
475 | 	SPARC_INS_UDIV,
476 | 	SPARC_INS_UMULCC,
477 | 	SPARC_INS_UMULXHI,
478 | 	SPARC_INS_UMUL,
479 | 	SPARC_INS_UNIMP,
480 | 	SPARC_INS_FCMPED,
481 | 	SPARC_INS_FCMPEQ,
482 | 	SPARC_INS_FCMPES,
483 | 	SPARC_INS_WR,
484 | 	SPARC_INS_XMULX,
485 | 	SPARC_INS_XMULXHI,
486 | 	SPARC_INS_XNORCC,
487 | 	SPARC_INS_XNOR,
488 | 	SPARC_INS_XORCC,
489 | 	SPARC_INS_XOR,
490 | 
491 | 	// alias instructions
492 | 	SPARC_INS_RET,
493 | 	SPARC_INS_RETL,
494 | 
495 | 	SPARC_INS_ENDING,   // <-- mark the end of the list of instructions
496 | } sparc_insn;
497 | 
498 | //> Group of SPARC instructions
499 | typedef enum sparc_insn_group {
500 | 	SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID
501 | 
502 | 	//> Generic groups
503 | 	// all jump instructions (conditional+direct+indirect jumps)
504 | 	SPARC_GRP_JUMP,	// = CS_GRP_JUMP
505 | 
506 | 	//> Architecture-specific groups
507 | 	SPARC_GRP_HARDQUAD = 128,
508 | 	SPARC_GRP_V9,
509 | 	SPARC_GRP_VIS,
510 | 	SPARC_GRP_VIS2,
511 | 	SPARC_GRP_VIS3, 
512 | 	SPARC_GRP_32BIT,
513 | 	SPARC_GRP_64BIT,
514 | 
515 | 	SPARC_GRP_ENDING,   // <-- mark the end of the list of groups
516 | } sparc_insn_group;
517 | 
518 | #ifdef __cplusplus
519 | }
520 | #endif
521 | 
522 | #endif
523 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/include/systemz.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_SYSTEMZ_H
  2 | #define CAPSTONE_SYSTEMZ_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | #ifdef _MSC_VER
 18 | #pragma warning(disable:4201)
 19 | #endif
 20 | 
 21 | //> Enums corresponding to SystemZ condition codes
 22 | typedef enum sysz_cc {
 23 | 	SYSZ_CC_INVALID = 0,	// invalid CC (default)
 24 | 
 25 | 	SYSZ_CC_O,
 26 | 	SYSZ_CC_H,
 27 | 	SYSZ_CC_NLE,
 28 | 	SYSZ_CC_L,
 29 | 	SYSZ_CC_NHE,
 30 | 	SYSZ_CC_LH,
 31 | 	SYSZ_CC_NE,
 32 | 	SYSZ_CC_E,
 33 | 	SYSZ_CC_NLH,
 34 | 	SYSZ_CC_HE,
 35 | 	SYSZ_CC_NL,
 36 | 	SYSZ_CC_LE,
 37 | 	SYSZ_CC_NH,
 38 | 	SYSZ_CC_NO,
 39 | } sysz_cc;
 40 | 
 41 | //> Operand type for instruction's operands
 42 | typedef enum sysz_op_type {
 43 | 	SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 44 | 	SYSZ_OP_REG, // = CS_OP_REG (Register operand).
 45 | 	SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand).
 46 | 	SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand).
 47 | 	SYSZ_OP_ACREG = 64,	// Access register operand.
 48 | } sysz_op_type;
 49 | 
 50 | // Instruction's operand referring to memory
 51 | // This is associated with SYSZ_OP_MEM operand type above
 52 | typedef struct sysz_op_mem {
 53 | 	uint8_t base;	// base register
 54 | 	uint8_t index;	// index register
 55 | 	uint64_t length;	// BDLAddr operand
 56 | 	int64_t disp;	// displacement/offset value
 57 | } sysz_op_mem;
 58 | 
 59 | // Instruction operand
 60 | typedef struct cs_sysz_op {
 61 | 	sysz_op_type type;	// operand type
 62 | 	union {
 63 | 		unsigned int reg;	// register value for REG operand
 64 | 		int64_t imm;		// immediate value for IMM operand
 65 | 		sysz_op_mem mem;		// base/disp value for MEM operand
 66 | 	};
 67 | } cs_sysz_op;
 68 | 
 69 | // Instruction structure
 70 | typedef struct cs_sysz {
 71 | 	sysz_cc cc;		// Code condition
 72 | 	// Number of operands of this instruction, 
 73 | 	// or 0 when instruction has no operand.
 74 | 	uint8_t op_count;
 75 | 	cs_sysz_op operands[6]; // operands for this instruction.
 76 | } cs_sysz;
 77 | 
 78 | //> SystemZ registers
 79 | typedef enum sysz_reg {
 80 | 	SYSZ_REG_INVALID = 0,
 81 | 
 82 | 	SYSZ_REG_0, 
 83 | 	SYSZ_REG_1, 
 84 | 	SYSZ_REG_2, 
 85 | 	SYSZ_REG_3, 
 86 | 	SYSZ_REG_4, 
 87 | 	SYSZ_REG_5, 
 88 | 	SYSZ_REG_6, 
 89 | 	SYSZ_REG_7, 
 90 | 	SYSZ_REG_8, 
 91 | 	SYSZ_REG_9, 
 92 | 	SYSZ_REG_10,
 93 | 	SYSZ_REG_11,
 94 | 	SYSZ_REG_12,
 95 | 	SYSZ_REG_13,
 96 | 	SYSZ_REG_14,
 97 | 	SYSZ_REG_15,
 98 | 	SYSZ_REG_CC,
 99 | 	SYSZ_REG_F0,
100 | 	SYSZ_REG_F1,
101 | 	SYSZ_REG_F2,
102 | 	SYSZ_REG_F3,
103 | 	SYSZ_REG_F4,
104 | 	SYSZ_REG_F5,
105 | 	SYSZ_REG_F6,
106 | 	SYSZ_REG_F7,
107 | 	SYSZ_REG_F8,
108 | 	SYSZ_REG_F9,
109 | 	SYSZ_REG_F10,
110 | 	SYSZ_REG_F11,
111 | 	SYSZ_REG_F12,
112 | 	SYSZ_REG_F13,
113 | 	SYSZ_REG_F14,
114 | 	SYSZ_REG_F15,
115 | 
116 | 	SYSZ_REG_R0L,
117 | 
118 | 	SYSZ_REG_ENDING,
119 | } sysz_reg;
120 | 
121 | //> SystemZ instruction
122 | typedef enum sysz_insn {
123 | 	SYSZ_INS_INVALID = 0,
124 | 
125 | 	SYSZ_INS_A,
126 | 	SYSZ_INS_ADB,
127 | 	SYSZ_INS_ADBR,
128 | 	SYSZ_INS_AEB,
129 | 	SYSZ_INS_AEBR,
130 | 	SYSZ_INS_AFI,
131 | 	SYSZ_INS_AG,
132 | 	SYSZ_INS_AGF,
133 | 	SYSZ_INS_AGFI,
134 | 	SYSZ_INS_AGFR,
135 | 	SYSZ_INS_AGHI,
136 | 	SYSZ_INS_AGHIK,
137 | 	SYSZ_INS_AGR,
138 | 	SYSZ_INS_AGRK,
139 | 	SYSZ_INS_AGSI,
140 | 	SYSZ_INS_AH,
141 | 	SYSZ_INS_AHI,
142 | 	SYSZ_INS_AHIK,
143 | 	SYSZ_INS_AHY,
144 | 	SYSZ_INS_AIH,
145 | 	SYSZ_INS_AL,
146 | 	SYSZ_INS_ALC,
147 | 	SYSZ_INS_ALCG,
148 | 	SYSZ_INS_ALCGR,
149 | 	SYSZ_INS_ALCR,
150 | 	SYSZ_INS_ALFI,
151 | 	SYSZ_INS_ALG,
152 | 	SYSZ_INS_ALGF,
153 | 	SYSZ_INS_ALGFI,
154 | 	SYSZ_INS_ALGFR,
155 | 	SYSZ_INS_ALGHSIK,
156 | 	SYSZ_INS_ALGR,
157 | 	SYSZ_INS_ALGRK,
158 | 	SYSZ_INS_ALHSIK,
159 | 	SYSZ_INS_ALR,
160 | 	SYSZ_INS_ALRK,
161 | 	SYSZ_INS_ALY,
162 | 	SYSZ_INS_AR,
163 | 	SYSZ_INS_ARK,
164 | 	SYSZ_INS_ASI,
165 | 	SYSZ_INS_AXBR,
166 | 	SYSZ_INS_AY,
167 | 	SYSZ_INS_BCR,
168 | 	SYSZ_INS_BRC,
169 | 	SYSZ_INS_BRCL,
170 | 	SYSZ_INS_CGIJ,
171 | 	SYSZ_INS_CGRJ,
172 | 	SYSZ_INS_CIJ,
173 | 	SYSZ_INS_CLGIJ,
174 | 	SYSZ_INS_CLGRJ,
175 | 	SYSZ_INS_CLIJ,
176 | 	SYSZ_INS_CLRJ,
177 | 	SYSZ_INS_CRJ,
178 | 	SYSZ_INS_BER,
179 | 	SYSZ_INS_JE,
180 | 	SYSZ_INS_JGE,
181 | 	SYSZ_INS_LOCE,
182 | 	SYSZ_INS_LOCGE,
183 | 	SYSZ_INS_LOCGRE,
184 | 	SYSZ_INS_LOCRE,
185 | 	SYSZ_INS_STOCE,
186 | 	SYSZ_INS_STOCGE,
187 | 	SYSZ_INS_BHR,
188 | 	SYSZ_INS_BHER,
189 | 	SYSZ_INS_JHE,
190 | 	SYSZ_INS_JGHE,
191 | 	SYSZ_INS_LOCHE,
192 | 	SYSZ_INS_LOCGHE,
193 | 	SYSZ_INS_LOCGRHE,
194 | 	SYSZ_INS_LOCRHE,
195 | 	SYSZ_INS_STOCHE,
196 | 	SYSZ_INS_STOCGHE,
197 | 	SYSZ_INS_JH,
198 | 	SYSZ_INS_JGH,
199 | 	SYSZ_INS_LOCH,
200 | 	SYSZ_INS_LOCGH,
201 | 	SYSZ_INS_LOCGRH,
202 | 	SYSZ_INS_LOCRH,
203 | 	SYSZ_INS_STOCH,
204 | 	SYSZ_INS_STOCGH,
205 | 	SYSZ_INS_CGIJNLH,
206 | 	SYSZ_INS_CGRJNLH,
207 | 	SYSZ_INS_CIJNLH,
208 | 	SYSZ_INS_CLGIJNLH,
209 | 	SYSZ_INS_CLGRJNLH,
210 | 	SYSZ_INS_CLIJNLH,
211 | 	SYSZ_INS_CLRJNLH,
212 | 	SYSZ_INS_CRJNLH,
213 | 	SYSZ_INS_CGIJE,
214 | 	SYSZ_INS_CGRJE,
215 | 	SYSZ_INS_CIJE,
216 | 	SYSZ_INS_CLGIJE,
217 | 	SYSZ_INS_CLGRJE,
218 | 	SYSZ_INS_CLIJE,
219 | 	SYSZ_INS_CLRJE,
220 | 	SYSZ_INS_CRJE,
221 | 	SYSZ_INS_CGIJNLE,
222 | 	SYSZ_INS_CGRJNLE,
223 | 	SYSZ_INS_CIJNLE,
224 | 	SYSZ_INS_CLGIJNLE,
225 | 	SYSZ_INS_CLGRJNLE,
226 | 	SYSZ_INS_CLIJNLE,
227 | 	SYSZ_INS_CLRJNLE,
228 | 	SYSZ_INS_CRJNLE,
229 | 	SYSZ_INS_CGIJH,
230 | 	SYSZ_INS_CGRJH,
231 | 	SYSZ_INS_CIJH,
232 | 	SYSZ_INS_CLGIJH,
233 | 	SYSZ_INS_CLGRJH,
234 | 	SYSZ_INS_CLIJH,
235 | 	SYSZ_INS_CLRJH,
236 | 	SYSZ_INS_CRJH,
237 | 	SYSZ_INS_CGIJNL,
238 | 	SYSZ_INS_CGRJNL,
239 | 	SYSZ_INS_CIJNL,
240 | 	SYSZ_INS_CLGIJNL,
241 | 	SYSZ_INS_CLGRJNL,
242 | 	SYSZ_INS_CLIJNL,
243 | 	SYSZ_INS_CLRJNL,
244 | 	SYSZ_INS_CRJNL,
245 | 	SYSZ_INS_CGIJHE,
246 | 	SYSZ_INS_CGRJHE,
247 | 	SYSZ_INS_CIJHE,
248 | 	SYSZ_INS_CLGIJHE,
249 | 	SYSZ_INS_CLGRJHE,
250 | 	SYSZ_INS_CLIJHE,
251 | 	SYSZ_INS_CLRJHE,
252 | 	SYSZ_INS_CRJHE,
253 | 	SYSZ_INS_CGIJNHE,
254 | 	SYSZ_INS_CGRJNHE,
255 | 	SYSZ_INS_CIJNHE,
256 | 	SYSZ_INS_CLGIJNHE,
257 | 	SYSZ_INS_CLGRJNHE,
258 | 	SYSZ_INS_CLIJNHE,
259 | 	SYSZ_INS_CLRJNHE,
260 | 	SYSZ_INS_CRJNHE,
261 | 	SYSZ_INS_CGIJL,
262 | 	SYSZ_INS_CGRJL,
263 | 	SYSZ_INS_CIJL,
264 | 	SYSZ_INS_CLGIJL,
265 | 	SYSZ_INS_CLGRJL,
266 | 	SYSZ_INS_CLIJL,
267 | 	SYSZ_INS_CLRJL,
268 | 	SYSZ_INS_CRJL,
269 | 	SYSZ_INS_CGIJNH,
270 | 	SYSZ_INS_CGRJNH,
271 | 	SYSZ_INS_CIJNH,
272 | 	SYSZ_INS_CLGIJNH,
273 | 	SYSZ_INS_CLGRJNH,
274 | 	SYSZ_INS_CLIJNH,
275 | 	SYSZ_INS_CLRJNH,
276 | 	SYSZ_INS_CRJNH,
277 | 	SYSZ_INS_CGIJLE,
278 | 	SYSZ_INS_CGRJLE,
279 | 	SYSZ_INS_CIJLE,
280 | 	SYSZ_INS_CLGIJLE,
281 | 	SYSZ_INS_CLGRJLE,
282 | 	SYSZ_INS_CLIJLE,
283 | 	SYSZ_INS_CLRJLE,
284 | 	SYSZ_INS_CRJLE,
285 | 	SYSZ_INS_CGIJNE,
286 | 	SYSZ_INS_CGRJNE,
287 | 	SYSZ_INS_CIJNE,
288 | 	SYSZ_INS_CLGIJNE,
289 | 	SYSZ_INS_CLGRJNE,
290 | 	SYSZ_INS_CLIJNE,
291 | 	SYSZ_INS_CLRJNE,
292 | 	SYSZ_INS_CRJNE,
293 | 	SYSZ_INS_CGIJLH,
294 | 	SYSZ_INS_CGRJLH,
295 | 	SYSZ_INS_CIJLH,
296 | 	SYSZ_INS_CLGIJLH,
297 | 	SYSZ_INS_CLGRJLH,
298 | 	SYSZ_INS_CLIJLH,
299 | 	SYSZ_INS_CLRJLH,
300 | 	SYSZ_INS_CRJLH,
301 | 	SYSZ_INS_BLR,
302 | 	SYSZ_INS_BLER,
303 | 	SYSZ_INS_JLE,
304 | 	SYSZ_INS_JGLE,
305 | 	SYSZ_INS_LOCLE,
306 | 	SYSZ_INS_LOCGLE,
307 | 	SYSZ_INS_LOCGRLE,
308 | 	SYSZ_INS_LOCRLE,
309 | 	SYSZ_INS_STOCLE,
310 | 	SYSZ_INS_STOCGLE,
311 | 	SYSZ_INS_BLHR,
312 | 	SYSZ_INS_JLH,
313 | 	SYSZ_INS_JGLH,
314 | 	SYSZ_INS_LOCLH,
315 | 	SYSZ_INS_LOCGLH,
316 | 	SYSZ_INS_LOCGRLH,
317 | 	SYSZ_INS_LOCRLH,
318 | 	SYSZ_INS_STOCLH,
319 | 	SYSZ_INS_STOCGLH,
320 | 	SYSZ_INS_JL,
321 | 	SYSZ_INS_JGL,
322 | 	SYSZ_INS_LOCL,
323 | 	SYSZ_INS_LOCGL,
324 | 	SYSZ_INS_LOCGRL,
325 | 	SYSZ_INS_LOCRL,
326 | 	SYSZ_INS_LOC,
327 | 	SYSZ_INS_LOCG,
328 | 	SYSZ_INS_LOCGR,
329 | 	SYSZ_INS_LOCR,
330 | 	SYSZ_INS_STOCL,
331 | 	SYSZ_INS_STOCGL,
332 | 	SYSZ_INS_BNER,
333 | 	SYSZ_INS_JNE,
334 | 	SYSZ_INS_JGNE,
335 | 	SYSZ_INS_LOCNE,
336 | 	SYSZ_INS_LOCGNE,
337 | 	SYSZ_INS_LOCGRNE,
338 | 	SYSZ_INS_LOCRNE,
339 | 	SYSZ_INS_STOCNE,
340 | 	SYSZ_INS_STOCGNE,
341 | 	SYSZ_INS_BNHR,
342 | 	SYSZ_INS_BNHER,
343 | 	SYSZ_INS_JNHE,
344 | 	SYSZ_INS_JGNHE,
345 | 	SYSZ_INS_LOCNHE,
346 | 	SYSZ_INS_LOCGNHE,
347 | 	SYSZ_INS_LOCGRNHE,
348 | 	SYSZ_INS_LOCRNHE,
349 | 	SYSZ_INS_STOCNHE,
350 | 	SYSZ_INS_STOCGNHE,
351 | 	SYSZ_INS_JNH,
352 | 	SYSZ_INS_JGNH,
353 | 	SYSZ_INS_LOCNH,
354 | 	SYSZ_INS_LOCGNH,
355 | 	SYSZ_INS_LOCGRNH,
356 | 	SYSZ_INS_LOCRNH,
357 | 	SYSZ_INS_STOCNH,
358 | 	SYSZ_INS_STOCGNH,
359 | 	SYSZ_INS_BNLR,
360 | 	SYSZ_INS_BNLER,
361 | 	SYSZ_INS_JNLE,
362 | 	SYSZ_INS_JGNLE,
363 | 	SYSZ_INS_LOCNLE,
364 | 	SYSZ_INS_LOCGNLE,
365 | 	SYSZ_INS_LOCGRNLE,
366 | 	SYSZ_INS_LOCRNLE,
367 | 	SYSZ_INS_STOCNLE,
368 | 	SYSZ_INS_STOCGNLE,
369 | 	SYSZ_INS_BNLHR,
370 | 	SYSZ_INS_JNLH,
371 | 	SYSZ_INS_JGNLH,
372 | 	SYSZ_INS_LOCNLH,
373 | 	SYSZ_INS_LOCGNLH,
374 | 	SYSZ_INS_LOCGRNLH,
375 | 	SYSZ_INS_LOCRNLH,
376 | 	SYSZ_INS_STOCNLH,
377 | 	SYSZ_INS_STOCGNLH,
378 | 	SYSZ_INS_JNL,
379 | 	SYSZ_INS_JGNL,
380 | 	SYSZ_INS_LOCNL,
381 | 	SYSZ_INS_LOCGNL,
382 | 	SYSZ_INS_LOCGRNL,
383 | 	SYSZ_INS_LOCRNL,
384 | 	SYSZ_INS_STOCNL,
385 | 	SYSZ_INS_STOCGNL,
386 | 	SYSZ_INS_BNOR,
387 | 	SYSZ_INS_JNO,
388 | 	SYSZ_INS_JGNO,
389 | 	SYSZ_INS_LOCNO,
390 | 	SYSZ_INS_LOCGNO,
391 | 	SYSZ_INS_LOCGRNO,
392 | 	SYSZ_INS_LOCRNO,
393 | 	SYSZ_INS_STOCNO,
394 | 	SYSZ_INS_STOCGNO,
395 | 	SYSZ_INS_BOR,
396 | 	SYSZ_INS_JO,
397 | 	SYSZ_INS_JGO,
398 | 	SYSZ_INS_LOCO,
399 | 	SYSZ_INS_LOCGO,
400 | 	SYSZ_INS_LOCGRO,
401 | 	SYSZ_INS_LOCRO,
402 | 	SYSZ_INS_STOCO,
403 | 	SYSZ_INS_STOCGO,
404 | 	SYSZ_INS_STOC,
405 | 	SYSZ_INS_STOCG,
406 | 	SYSZ_INS_BASR,
407 | 	SYSZ_INS_BR,
408 | 	SYSZ_INS_BRAS,
409 | 	SYSZ_INS_BRASL,
410 | 	SYSZ_INS_J,
411 | 	SYSZ_INS_JG,
412 | 	SYSZ_INS_BRCT,
413 | 	SYSZ_INS_BRCTG,
414 | 	SYSZ_INS_C,
415 | 	SYSZ_INS_CDB,
416 | 	SYSZ_INS_CDBR,
417 | 	SYSZ_INS_CDFBR,
418 | 	SYSZ_INS_CDGBR,
419 | 	SYSZ_INS_CDLFBR,
420 | 	SYSZ_INS_CDLGBR,
421 | 	SYSZ_INS_CEB,
422 | 	SYSZ_INS_CEBR,
423 | 	SYSZ_INS_CEFBR,
424 | 	SYSZ_INS_CEGBR,
425 | 	SYSZ_INS_CELFBR,
426 | 	SYSZ_INS_CELGBR,
427 | 	SYSZ_INS_CFDBR,
428 | 	SYSZ_INS_CFEBR,
429 | 	SYSZ_INS_CFI,
430 | 	SYSZ_INS_CFXBR,
431 | 	SYSZ_INS_CG,
432 | 	SYSZ_INS_CGDBR,
433 | 	SYSZ_INS_CGEBR,
434 | 	SYSZ_INS_CGF,
435 | 	SYSZ_INS_CGFI,
436 | 	SYSZ_INS_CGFR,
437 | 	SYSZ_INS_CGFRL,
438 | 	SYSZ_INS_CGH,
439 | 	SYSZ_INS_CGHI,
440 | 	SYSZ_INS_CGHRL,
441 | 	SYSZ_INS_CGHSI,
442 | 	SYSZ_INS_CGR,
443 | 	SYSZ_INS_CGRL,
444 | 	SYSZ_INS_CGXBR,
445 | 	SYSZ_INS_CH,
446 | 	SYSZ_INS_CHF,
447 | 	SYSZ_INS_CHHSI,
448 | 	SYSZ_INS_CHI,
449 | 	SYSZ_INS_CHRL,
450 | 	SYSZ_INS_CHSI,
451 | 	SYSZ_INS_CHY,
452 | 	SYSZ_INS_CIH,
453 | 	SYSZ_INS_CL,
454 | 	SYSZ_INS_CLC,
455 | 	SYSZ_INS_CLFDBR,
456 | 	SYSZ_INS_CLFEBR,
457 | 	SYSZ_INS_CLFHSI,
458 | 	SYSZ_INS_CLFI,
459 | 	SYSZ_INS_CLFXBR,
460 | 	SYSZ_INS_CLG,
461 | 	SYSZ_INS_CLGDBR,
462 | 	SYSZ_INS_CLGEBR,
463 | 	SYSZ_INS_CLGF,
464 | 	SYSZ_INS_CLGFI,
465 | 	SYSZ_INS_CLGFR,
466 | 	SYSZ_INS_CLGFRL,
467 | 	SYSZ_INS_CLGHRL,
468 | 	SYSZ_INS_CLGHSI,
469 | 	SYSZ_INS_CLGR,
470 | 	SYSZ_INS_CLGRL,
471 | 	SYSZ_INS_CLGXBR,
472 | 	SYSZ_INS_CLHF,
473 | 	SYSZ_INS_CLHHSI,
474 | 	SYSZ_INS_CLHRL,
475 | 	SYSZ_INS_CLI,
476 | 	SYSZ_INS_CLIH,
477 | 	SYSZ_INS_CLIY,
478 | 	SYSZ_INS_CLR,
479 | 	SYSZ_INS_CLRL,
480 | 	SYSZ_INS_CLST,
481 | 	SYSZ_INS_CLY,
482 | 	SYSZ_INS_CPSDR,
483 | 	SYSZ_INS_CR,
484 | 	SYSZ_INS_CRL,
485 | 	SYSZ_INS_CS,
486 | 	SYSZ_INS_CSG,
487 | 	SYSZ_INS_CSY,
488 | 	SYSZ_INS_CXBR,
489 | 	SYSZ_INS_CXFBR,
490 | 	SYSZ_INS_CXGBR,
491 | 	SYSZ_INS_CXLFBR,
492 | 	SYSZ_INS_CXLGBR,
493 | 	SYSZ_INS_CY,
494 | 	SYSZ_INS_DDB,
495 | 	SYSZ_INS_DDBR,
496 | 	SYSZ_INS_DEB,
497 | 	SYSZ_INS_DEBR,
498 | 	SYSZ_INS_DL,
499 | 	SYSZ_INS_DLG,
500 | 	SYSZ_INS_DLGR,
501 | 	SYSZ_INS_DLR,
502 | 	SYSZ_INS_DSG,
503 | 	SYSZ_INS_DSGF,
504 | 	SYSZ_INS_DSGFR,
505 | 	SYSZ_INS_DSGR,
506 | 	SYSZ_INS_DXBR,
507 | 	SYSZ_INS_EAR,
508 | 	SYSZ_INS_FIDBR,
509 | 	SYSZ_INS_FIDBRA,
510 | 	SYSZ_INS_FIEBR,
511 | 	SYSZ_INS_FIEBRA,
512 | 	SYSZ_INS_FIXBR,
513 | 	SYSZ_INS_FIXBRA,
514 | 	SYSZ_INS_FLOGR,
515 | 	SYSZ_INS_IC,
516 | 	SYSZ_INS_ICY,
517 | 	SYSZ_INS_IIHF,
518 | 	SYSZ_INS_IIHH,
519 | 	SYSZ_INS_IIHL,
520 | 	SYSZ_INS_IILF,
521 | 	SYSZ_INS_IILH,
522 | 	SYSZ_INS_IILL,
523 | 	SYSZ_INS_IPM,
524 | 	SYSZ_INS_L,
525 | 	SYSZ_INS_LA,
526 | 	SYSZ_INS_LAA,
527 | 	SYSZ_INS_LAAG,
528 | 	SYSZ_INS_LAAL,
529 | 	SYSZ_INS_LAALG,
530 | 	SYSZ_INS_LAN,
531 | 	SYSZ_INS_LANG,
532 | 	SYSZ_INS_LAO,
533 | 	SYSZ_INS_LAOG,
534 | 	SYSZ_INS_LARL,
535 | 	SYSZ_INS_LAX,
536 | 	SYSZ_INS_LAXG,
537 | 	SYSZ_INS_LAY,
538 | 	SYSZ_INS_LB,
539 | 	SYSZ_INS_LBH,
540 | 	SYSZ_INS_LBR,
541 | 	SYSZ_INS_LCDBR,
542 | 	SYSZ_INS_LCEBR,
543 | 	SYSZ_INS_LCGFR,
544 | 	SYSZ_INS_LCGR,
545 | 	SYSZ_INS_LCR,
546 | 	SYSZ_INS_LCXBR,
547 | 	SYSZ_INS_LD,
548 | 	SYSZ_INS_LDEB,
549 | 	SYSZ_INS_LDEBR,
550 | 	SYSZ_INS_LDGR,
551 | 	SYSZ_INS_LDR,
552 | 	SYSZ_INS_LDXBR,
553 | 	SYSZ_INS_LDXBRA,
554 | 	SYSZ_INS_LDY,
555 | 	SYSZ_INS_LE,
556 | 	SYSZ_INS_LEDBR,
557 | 	SYSZ_INS_LEDBRA,
558 | 	SYSZ_INS_LER,
559 | 	SYSZ_INS_LEXBR,
560 | 	SYSZ_INS_LEXBRA,
561 | 	SYSZ_INS_LEY,
562 | 	SYSZ_INS_LFH,
563 | 	SYSZ_INS_LG,
564 | 	SYSZ_INS_LGB,
565 | 	SYSZ_INS_LGBR,
566 | 	SYSZ_INS_LGDR,
567 | 	SYSZ_INS_LGF,
568 | 	SYSZ_INS_LGFI,
569 | 	SYSZ_INS_LGFR,
570 | 	SYSZ_INS_LGFRL,
571 | 	SYSZ_INS_LGH,
572 | 	SYSZ_INS_LGHI,
573 | 	SYSZ_INS_LGHR,
574 | 	SYSZ_INS_LGHRL,
575 | 	SYSZ_INS_LGR,
576 | 	SYSZ_INS_LGRL,
577 | 	SYSZ_INS_LH,
578 | 	SYSZ_INS_LHH,
579 | 	SYSZ_INS_LHI,
580 | 	SYSZ_INS_LHR,
581 | 	SYSZ_INS_LHRL,
582 | 	SYSZ_INS_LHY,
583 | 	SYSZ_INS_LLC,
584 | 	SYSZ_INS_LLCH,
585 | 	SYSZ_INS_LLCR,
586 | 	SYSZ_INS_LLGC,
587 | 	SYSZ_INS_LLGCR,
588 | 	SYSZ_INS_LLGF,
589 | 	SYSZ_INS_LLGFR,
590 | 	SYSZ_INS_LLGFRL,
591 | 	SYSZ_INS_LLGH,
592 | 	SYSZ_INS_LLGHR,
593 | 	SYSZ_INS_LLGHRL,
594 | 	SYSZ_INS_LLH,
595 | 	SYSZ_INS_LLHH,
596 | 	SYSZ_INS_LLHR,
597 | 	SYSZ_INS_LLHRL,
598 | 	SYSZ_INS_LLIHF,
599 | 	SYSZ_INS_LLIHH,
600 | 	SYSZ_INS_LLIHL,
601 | 	SYSZ_INS_LLILF,
602 | 	SYSZ_INS_LLILH,
603 | 	SYSZ_INS_LLILL,
604 | 	SYSZ_INS_LMG,
605 | 	SYSZ_INS_LNDBR,
606 | 	SYSZ_INS_LNEBR,
607 | 	SYSZ_INS_LNGFR,
608 | 	SYSZ_INS_LNGR,
609 | 	SYSZ_INS_LNR,
610 | 	SYSZ_INS_LNXBR,
611 | 	SYSZ_INS_LPDBR,
612 | 	SYSZ_INS_LPEBR,
613 | 	SYSZ_INS_LPGFR,
614 | 	SYSZ_INS_LPGR,
615 | 	SYSZ_INS_LPR,
616 | 	SYSZ_INS_LPXBR,
617 | 	SYSZ_INS_LR,
618 | 	SYSZ_INS_LRL,
619 | 	SYSZ_INS_LRV,
620 | 	SYSZ_INS_LRVG,
621 | 	SYSZ_INS_LRVGR,
622 | 	SYSZ_INS_LRVR,
623 | 	SYSZ_INS_LT,
624 | 	SYSZ_INS_LTDBR,
625 | 	SYSZ_INS_LTEBR,
626 | 	SYSZ_INS_LTG,
627 | 	SYSZ_INS_LTGF,
628 | 	SYSZ_INS_LTGFR,
629 | 	SYSZ_INS_LTGR,
630 | 	SYSZ_INS_LTR,
631 | 	SYSZ_INS_LTXBR,
632 | 	SYSZ_INS_LXDB,
633 | 	SYSZ_INS_LXDBR,
634 | 	SYSZ_INS_LXEB,
635 | 	SYSZ_INS_LXEBR,
636 | 	SYSZ_INS_LXR,
637 | 	SYSZ_INS_LY,
638 | 	SYSZ_INS_LZDR,
639 | 	SYSZ_INS_LZER,
640 | 	SYSZ_INS_LZXR,
641 | 	SYSZ_INS_MADB,
642 | 	SYSZ_INS_MADBR,
643 | 	SYSZ_INS_MAEB,
644 | 	SYSZ_INS_MAEBR,
645 | 	SYSZ_INS_MDB,
646 | 	SYSZ_INS_MDBR,
647 | 	SYSZ_INS_MDEB,
648 | 	SYSZ_INS_MDEBR,
649 | 	SYSZ_INS_MEEB,
650 | 	SYSZ_INS_MEEBR,
651 | 	SYSZ_INS_MGHI,
652 | 	SYSZ_INS_MH,
653 | 	SYSZ_INS_MHI,
654 | 	SYSZ_INS_MHY,
655 | 	SYSZ_INS_MLG,
656 | 	SYSZ_INS_MLGR,
657 | 	SYSZ_INS_MS,
658 | 	SYSZ_INS_MSDB,
659 | 	SYSZ_INS_MSDBR,
660 | 	SYSZ_INS_MSEB,
661 | 	SYSZ_INS_MSEBR,
662 | 	SYSZ_INS_MSFI,
663 | 	SYSZ_INS_MSG,
664 | 	SYSZ_INS_MSGF,
665 | 	SYSZ_INS_MSGFI,
666 | 	SYSZ_INS_MSGFR,
667 | 	SYSZ_INS_MSGR,
668 | 	SYSZ_INS_MSR,
669 | 	SYSZ_INS_MSY,
670 | 	SYSZ_INS_MVC,
671 | 	SYSZ_INS_MVGHI,
672 | 	SYSZ_INS_MVHHI,
673 | 	SYSZ_INS_MVHI,
674 | 	SYSZ_INS_MVI,
675 | 	SYSZ_INS_MVIY,
676 | 	SYSZ_INS_MVST,
677 | 	SYSZ_INS_MXBR,
678 | 	SYSZ_INS_MXDB,
679 | 	SYSZ_INS_MXDBR,
680 | 	SYSZ_INS_N,
681 | 	SYSZ_INS_NC,
682 | 	SYSZ_INS_NG,
683 | 	SYSZ_INS_NGR,
684 | 	SYSZ_INS_NGRK,
685 | 	SYSZ_INS_NI,
686 | 	SYSZ_INS_NIHF,
687 | 	SYSZ_INS_NIHH,
688 | 	SYSZ_INS_NIHL,
689 | 	SYSZ_INS_NILF,
690 | 	SYSZ_INS_NILH,
691 | 	SYSZ_INS_NILL,
692 | 	SYSZ_INS_NIY,
693 | 	SYSZ_INS_NR,
694 | 	SYSZ_INS_NRK,
695 | 	SYSZ_INS_NY,
696 | 	SYSZ_INS_O,
697 | 	SYSZ_INS_OC,
698 | 	SYSZ_INS_OG,
699 | 	SYSZ_INS_OGR,
700 | 	SYSZ_INS_OGRK,
701 | 	SYSZ_INS_OI,
702 | 	SYSZ_INS_OIHF,
703 | 	SYSZ_INS_OIHH,
704 | 	SYSZ_INS_OIHL,
705 | 	SYSZ_INS_OILF,
706 | 	SYSZ_INS_OILH,
707 | 	SYSZ_INS_OILL,
708 | 	SYSZ_INS_OIY,
709 | 	SYSZ_INS_OR,
710 | 	SYSZ_INS_ORK,
711 | 	SYSZ_INS_OY,
712 | 	SYSZ_INS_PFD,
713 | 	SYSZ_INS_PFDRL,
714 | 	SYSZ_INS_RISBG,
715 | 	SYSZ_INS_RISBHG,
716 | 	SYSZ_INS_RISBLG,
717 | 	SYSZ_INS_RLL,
718 | 	SYSZ_INS_RLLG,
719 | 	SYSZ_INS_RNSBG,
720 | 	SYSZ_INS_ROSBG,
721 | 	SYSZ_INS_RXSBG,
722 | 	SYSZ_INS_S,
723 | 	SYSZ_INS_SDB,
724 | 	SYSZ_INS_SDBR,
725 | 	SYSZ_INS_SEB,
726 | 	SYSZ_INS_SEBR,
727 | 	SYSZ_INS_SG,
728 | 	SYSZ_INS_SGF,
729 | 	SYSZ_INS_SGFR,
730 | 	SYSZ_INS_SGR,
731 | 	SYSZ_INS_SGRK,
732 | 	SYSZ_INS_SH,
733 | 	SYSZ_INS_SHY,
734 | 	SYSZ_INS_SL,
735 | 	SYSZ_INS_SLB,
736 | 	SYSZ_INS_SLBG,
737 | 	SYSZ_INS_SLBR,
738 | 	SYSZ_INS_SLFI,
739 | 	SYSZ_INS_SLG,
740 | 	SYSZ_INS_SLBGR,
741 | 	SYSZ_INS_SLGF,
742 | 	SYSZ_INS_SLGFI,
743 | 	SYSZ_INS_SLGFR,
744 | 	SYSZ_INS_SLGR,
745 | 	SYSZ_INS_SLGRK,
746 | 	SYSZ_INS_SLL,
747 | 	SYSZ_INS_SLLG,
748 | 	SYSZ_INS_SLLK,
749 | 	SYSZ_INS_SLR,
750 | 	SYSZ_INS_SLRK,
751 | 	SYSZ_INS_SLY,
752 | 	SYSZ_INS_SQDB,
753 | 	SYSZ_INS_SQDBR,
754 | 	SYSZ_INS_SQEB,
755 | 	SYSZ_INS_SQEBR,
756 | 	SYSZ_INS_SQXBR,
757 | 	SYSZ_INS_SR,
758 | 	SYSZ_INS_SRA,
759 | 	SYSZ_INS_SRAG,
760 | 	SYSZ_INS_SRAK,
761 | 	SYSZ_INS_SRK,
762 | 	SYSZ_INS_SRL,
763 | 	SYSZ_INS_SRLG,
764 | 	SYSZ_INS_SRLK,
765 | 	SYSZ_INS_SRST,
766 | 	SYSZ_INS_ST,
767 | 	SYSZ_INS_STC,
768 | 	SYSZ_INS_STCH,
769 | 	SYSZ_INS_STCY,
770 | 	SYSZ_INS_STD,
771 | 	SYSZ_INS_STDY,
772 | 	SYSZ_INS_STE,
773 | 	SYSZ_INS_STEY,
774 | 	SYSZ_INS_STFH,
775 | 	SYSZ_INS_STG,
776 | 	SYSZ_INS_STGRL,
777 | 	SYSZ_INS_STH,
778 | 	SYSZ_INS_STHH,
779 | 	SYSZ_INS_STHRL,
780 | 	SYSZ_INS_STHY,
781 | 	SYSZ_INS_STMG,
782 | 	SYSZ_INS_STRL,
783 | 	SYSZ_INS_STRV,
784 | 	SYSZ_INS_STRVG,
785 | 	SYSZ_INS_STY,
786 | 	SYSZ_INS_SXBR,
787 | 	SYSZ_INS_SY,
788 | 	SYSZ_INS_TM,
789 | 	SYSZ_INS_TMHH,
790 | 	SYSZ_INS_TMHL,
791 | 	SYSZ_INS_TMLH,
792 | 	SYSZ_INS_TMLL,
793 | 	SYSZ_INS_TMY,
794 | 	SYSZ_INS_X,
795 | 	SYSZ_INS_XC,
796 | 	SYSZ_INS_XG,
797 | 	SYSZ_INS_XGR,
798 | 	SYSZ_INS_XGRK,
799 | 	SYSZ_INS_XI,
800 | 	SYSZ_INS_XIHF,
801 | 	SYSZ_INS_XILF,
802 | 	SYSZ_INS_XIY,
803 | 	SYSZ_INS_XR,
804 | 	SYSZ_INS_XRK,
805 | 	SYSZ_INS_XY,
806 | 
807 | 	SYSZ_INS_ENDING,   // <-- mark the end of the list of instructions
808 | } sysz_insn;
809 | 
810 | //> Group of SystemZ instructions
811 | typedef enum sysz_insn_group {
812 | 	SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID
813 | 
814 | 	//> Generic groups
815 | 	// all jump instructions (conditional+direct+indirect jumps)
816 | 	SYSZ_GRP_JUMP,	// = CS_GRP_JUMP
817 | 
818 | 	//> Architecture-specific groups
819 | 	SYSZ_GRP_DISTINCTOPS = 128,
820 | 	SYSZ_GRP_FPEXTENSION,
821 | 	SYSZ_GRP_HIGHWORD,
822 | 	SYSZ_GRP_INTERLOCKEDACCESS1,
823 | 	SYSZ_GRP_LOADSTOREONCOND,
824 | 
825 | 	SYSZ_GRP_ENDING,   // <-- mark the end of the list of groups
826 | } sysz_insn_group;
827 | 
828 | #ifdef __cplusplus
829 | }
830 | #endif
831 | 
832 | #endif
833 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/include/xcore.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_XCORE_H
  2 | #define CAPSTONE_XCORE_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | #ifdef _MSC_VER
 18 | #pragma warning(disable:4201)
 19 | #endif
 20 | 
 21 | //> Operand type for instruction's operands
 22 | typedef enum xcore_op_type {
 23 | 	XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 24 | 	XCORE_OP_REG, // = CS_OP_REG (Register operand).
 25 | 	XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand).
 26 | 	XCORE_OP_MEM, // = CS_OP_MEM (Memory operand).
 27 | } xcore_op_type;
 28 | 
 29 | // Instruction's operand referring to memory
 30 | // This is associated with XCORE_OP_MEM operand type above
 31 | typedef struct xcore_op_mem {
 32 | 	uint8_t base;	// base register
 33 | 	uint8_t index;	// index register
 34 | 	int32_t disp;	// displacement/offset value
 35 | 	int     direct;	// +1: forward, -1: backward
 36 | } xcore_op_mem;
 37 | 
 38 | // Instruction operand
 39 | typedef struct cs_xcore_op {
 40 | 	xcore_op_type type;	// operand type
 41 | 	union {
 42 | 		unsigned int reg;	// register value for REG operand
 43 | 		int32_t imm;		// immediate value for IMM operand
 44 | 		xcore_op_mem mem;		// base/disp value for MEM operand
 45 | 	};
 46 | } cs_xcore_op;
 47 | 
 48 | // Instruction structure
 49 | typedef struct cs_xcore {
 50 | 	// Number of operands of this instruction, 
 51 | 	// or 0 when instruction has no operand.
 52 | 	uint8_t op_count;
 53 | 	cs_xcore_op operands[8]; // operands for this instruction.
 54 | } cs_xcore;
 55 | 
 56 | //> XCore registers
 57 | typedef enum xcore_reg {
 58 | 	XCORE_REG_INVALID = 0,
 59 | 
 60 | 	XCORE_REG_CP,
 61 | 	XCORE_REG_DP,
 62 | 	XCORE_REG_LR,
 63 | 	XCORE_REG_SP,
 64 | 	XCORE_REG_R0,
 65 | 	XCORE_REG_R1,
 66 | 	XCORE_REG_R2,
 67 | 	XCORE_REG_R3,
 68 | 	XCORE_REG_R4,
 69 | 	XCORE_REG_R5,
 70 | 	XCORE_REG_R6,
 71 | 	XCORE_REG_R7,
 72 | 	XCORE_REG_R8,
 73 | 	XCORE_REG_R9,
 74 | 	XCORE_REG_R10,
 75 | 	XCORE_REG_R11,
 76 | 
 77 | 	//> pseudo registers
 78 | 	XCORE_REG_PC,	// pc
 79 | 
 80 | 	// internal thread registers
 81 | 	// see The-XMOS-XS1-Architecture(X7879A).pdf
 82 | 	XCORE_REG_SCP,	// save pc
 83 | 	XCORE_REG_SSR,	// save status
 84 | 	XCORE_REG_ET,	// exception type
 85 | 	XCORE_REG_ED,	// exception data
 86 | 	XCORE_REG_SED,	// save exception data
 87 | 	XCORE_REG_KEP,	// kernel entry pointer
 88 | 	XCORE_REG_KSP,	// kernel stack pointer
 89 | 	XCORE_REG_ID,	// thread ID
 90 | 
 91 | 	XCORE_REG_ENDING,	// <-- mark the end of the list of registers
 92 | } xcore_reg;
 93 | 
 94 | //> XCore instruction
 95 | typedef enum xcore_insn {
 96 | 	XCORE_INS_INVALID = 0,
 97 | 
 98 | 	XCORE_INS_ADD,
 99 | 	XCORE_INS_ANDNOT,
100 | 	XCORE_INS_AND,
101 | 	XCORE_INS_ASHR,
102 | 	XCORE_INS_BAU,
103 | 	XCORE_INS_BITREV,
104 | 	XCORE_INS_BLA,
105 | 	XCORE_INS_BLAT,
106 | 	XCORE_INS_BL,
107 | 	XCORE_INS_BF,
108 | 	XCORE_INS_BT,
109 | 	XCORE_INS_BU,
110 | 	XCORE_INS_BRU,
111 | 	XCORE_INS_BYTEREV,
112 | 	XCORE_INS_CHKCT,
113 | 	XCORE_INS_CLRE,
114 | 	XCORE_INS_CLRPT,
115 | 	XCORE_INS_CLRSR,
116 | 	XCORE_INS_CLZ,
117 | 	XCORE_INS_CRC8,
118 | 	XCORE_INS_CRC32,
119 | 	XCORE_INS_DCALL,
120 | 	XCORE_INS_DENTSP,
121 | 	XCORE_INS_DGETREG,
122 | 	XCORE_INS_DIVS,
123 | 	XCORE_INS_DIVU,
124 | 	XCORE_INS_DRESTSP,
125 | 	XCORE_INS_DRET,
126 | 	XCORE_INS_ECALLF,
127 | 	XCORE_INS_ECALLT,
128 | 	XCORE_INS_EDU,
129 | 	XCORE_INS_EEF,
130 | 	XCORE_INS_EET,
131 | 	XCORE_INS_EEU,
132 | 	XCORE_INS_ENDIN,
133 | 	XCORE_INS_ENTSP,
134 | 	XCORE_INS_EQ,
135 | 	XCORE_INS_EXTDP,
136 | 	XCORE_INS_EXTSP,
137 | 	XCORE_INS_FREER,
138 | 	XCORE_INS_FREET,
139 | 	XCORE_INS_GETD,
140 | 	XCORE_INS_GET,
141 | 	XCORE_INS_GETN,
142 | 	XCORE_INS_GETR,
143 | 	XCORE_INS_GETSR,
144 | 	XCORE_INS_GETST,
145 | 	XCORE_INS_GETTS,
146 | 	XCORE_INS_INCT,
147 | 	XCORE_INS_INIT,
148 | 	XCORE_INS_INPW,
149 | 	XCORE_INS_INSHR,
150 | 	XCORE_INS_INT,
151 | 	XCORE_INS_IN,
152 | 	XCORE_INS_KCALL,
153 | 	XCORE_INS_KENTSP,
154 | 	XCORE_INS_KRESTSP,
155 | 	XCORE_INS_KRET,
156 | 	XCORE_INS_LADD,
157 | 	XCORE_INS_LD16S,
158 | 	XCORE_INS_LD8U,
159 | 	XCORE_INS_LDA16,
160 | 	XCORE_INS_LDAP,
161 | 	XCORE_INS_LDAW,
162 | 	XCORE_INS_LDC,
163 | 	XCORE_INS_LDW,
164 | 	XCORE_INS_LDIVU,
165 | 	XCORE_INS_LMUL,
166 | 	XCORE_INS_LSS,
167 | 	XCORE_INS_LSUB,
168 | 	XCORE_INS_LSU,
169 | 	XCORE_INS_MACCS,
170 | 	XCORE_INS_MACCU,
171 | 	XCORE_INS_MJOIN,
172 | 	XCORE_INS_MKMSK,
173 | 	XCORE_INS_MSYNC,
174 | 	XCORE_INS_MUL,
175 | 	XCORE_INS_NEG,
176 | 	XCORE_INS_NOT,
177 | 	XCORE_INS_OR,
178 | 	XCORE_INS_OUTCT,
179 | 	XCORE_INS_OUTPW,
180 | 	XCORE_INS_OUTSHR,
181 | 	XCORE_INS_OUTT,
182 | 	XCORE_INS_OUT,
183 | 	XCORE_INS_PEEK,
184 | 	XCORE_INS_REMS,
185 | 	XCORE_INS_REMU,
186 | 	XCORE_INS_RETSP,
187 | 	XCORE_INS_SETCLK,
188 | 	XCORE_INS_SET,
189 | 	XCORE_INS_SETC,
190 | 	XCORE_INS_SETD,
191 | 	XCORE_INS_SETEV,
192 | 	XCORE_INS_SETN,
193 | 	XCORE_INS_SETPSC,
194 | 	XCORE_INS_SETPT,
195 | 	XCORE_INS_SETRDY,
196 | 	XCORE_INS_SETSR,
197 | 	XCORE_INS_SETTW,
198 | 	XCORE_INS_SETV,
199 | 	XCORE_INS_SEXT,
200 | 	XCORE_INS_SHL,
201 | 	XCORE_INS_SHR,
202 | 	XCORE_INS_SSYNC,
203 | 	XCORE_INS_ST16,
204 | 	XCORE_INS_ST8,
205 | 	XCORE_INS_STW,
206 | 	XCORE_INS_SUB,
207 | 	XCORE_INS_SYNCR,
208 | 	XCORE_INS_TESTCT,
209 | 	XCORE_INS_TESTLCL,
210 | 	XCORE_INS_TESTWCT,
211 | 	XCORE_INS_TSETMR,
212 | 	XCORE_INS_START,
213 | 	XCORE_INS_WAITEF,
214 | 	XCORE_INS_WAITET,
215 | 	XCORE_INS_WAITEU,
216 | 	XCORE_INS_XOR,
217 | 	XCORE_INS_ZEXT,
218 | 
219 | 	XCORE_INS_ENDING,   // <-- mark the end of the list of instructions
220 | } xcore_insn;
221 | 
222 | //> Group of XCore instructions
223 | typedef enum xcore_insn_group {
224 | 	XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID
225 | 
226 | 	//> Generic groups
227 | 	// all jump instructions (conditional+direct+indirect jumps)
228 | 	XCORE_GRP_JUMP,	// = CS_GRP_JUMP
229 | 
230 | 	XCORE_GRP_ENDING,   // <-- mark the end of the list of groups
231 | } xcore_insn_group;
232 | 
233 | #ifdef __cplusplus
234 | }
235 | #endif
236 | 
237 | #endif
238 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // ReadProcMem.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <iostream>
12 | #include <string>
13 | #include <tchar.h>
14 | #include <Windows.h>
15 | 
16 | 
17 | // TODO: reference additional headers your program requires here
18 | 


--------------------------------------------------------------------------------
/TestPrograms/ReadProcMem/ReadProcMem/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio 14
 4 | VisualStudioVersion = 14.0.25420.1
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SampleHook", "SampleHook\SampleHook.vcxproj", "{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Debug|x64.Build.0 = Debug|x64
18 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Debug|x86.Build.0 = Debug|Win32
20 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Release|x64.ActiveCfg = Release|x64
21 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Release|x64.Build.0 = Release|x64
22 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Release|x86.ActiveCfg = Release|Win32
23 | 		{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | EndGlobal
29 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/MinHook.h:
--------------------------------------------------------------------------------
  1 | /*
  2 |  *  MinHook - The Minimalistic API Hooking Library for x64/x86
  3 |  *  Copyright (C) 2009-2015 Tsuda Kageyu.
  4 |  *  All rights reserved.
  5 |  *
  6 |  *  Redistribution and use in source and binary forms, with or without
  7 |  *  modification, are permitted provided that the following conditions
  8 |  *  are met:
  9 |  *
 10 |  *   1. Redistributions of source code must retain the above copyright
 11 |  *      notice, this list of conditions and the following disclaimer.
 12 |  *   2. Redistributions in binary form must reproduce the above copyright
 13 |  *      notice, this list of conditions and the following disclaimer in the
 14 |  *      documentation and/or other materials provided with the distribution.
 15 |  *
 16 |  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 17 |  *  "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 18 |  *  TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 19 |  *  PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
 20 |  *  OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 21 |  *  EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 22 |  *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 23 |  *  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 24 |  *  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 25 |  *  NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 26 |  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 27 |  */
 28 | 
 29 | #pragma once
 30 | 
 31 | #if !(defined _M_IX86) && !(defined _M_X64)
 32 |     #error MinHook supports only x86 and x64 systems.
 33 | #endif
 34 | 
 35 | #include <windows.h>
 36 | 
 37 | // MinHook Error Codes.
 38 | typedef enum MH_STATUS
 39 | {
 40 |     // Unknown error. Should not be returned.
 41 |     MH_UNKNOWN = -1,
 42 | 
 43 |     // Successful.
 44 |     MH_OK = 0,
 45 | 
 46 |     // MinHook is already initialized.
 47 |     MH_ERROR_ALREADY_INITIALIZED,
 48 | 
 49 |     // MinHook is not initialized yet, or already uninitialized.
 50 |     MH_ERROR_NOT_INITIALIZED,
 51 | 
 52 |     // The hook for the specified target function is already created.
 53 |     MH_ERROR_ALREADY_CREATED,
 54 | 
 55 |     // The hook for the specified target function is not created yet.
 56 |     MH_ERROR_NOT_CREATED,
 57 | 
 58 |     // The hook for the specified target function is already enabled.
 59 |     MH_ERROR_ENABLED,
 60 | 
 61 |     // The hook for the specified target function is not enabled yet, or already
 62 |     // disabled.
 63 |     MH_ERROR_DISABLED,
 64 | 
 65 |     // The specified pointer is invalid. It points the address of non-allocated
 66 |     // and/or non-executable region.
 67 |     MH_ERROR_NOT_EXECUTABLE,
 68 | 
 69 |     // The specified target function cannot be hooked.
 70 |     MH_ERROR_UNSUPPORTED_FUNCTION,
 71 | 
 72 |     // Failed to allocate memory.
 73 |     MH_ERROR_MEMORY_ALLOC,
 74 | 
 75 |     // Failed to change the memory protection.
 76 |     MH_ERROR_MEMORY_PROTECT,
 77 | 
 78 |     // The specified module is not loaded.
 79 |     MH_ERROR_MODULE_NOT_FOUND,
 80 | 
 81 |     // The specified function is not found.
 82 |     MH_ERROR_FUNCTION_NOT_FOUND
 83 | }
 84 | MH_STATUS;
 85 | 
 86 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook,
 87 | // MH_QueueEnableHook or MH_QueueDisableHook.
 88 | #define MH_ALL_HOOKS NULL
 89 | 
 90 | #ifdef __cplusplus
 91 | extern "C" {
 92 | #endif
 93 | 
 94 |     // Initialize the MinHook library. You must call this function EXACTLY ONCE
 95 |     // at the beginning of your program.
 96 |     MH_STATUS WINAPI MH_Initialize(VOID);
 97 | 
 98 |     // Uninitialize the MinHook library. You must call this function EXACTLY
 99 |     // ONCE at the end of your program.
100 |     MH_STATUS WINAPI MH_Uninitialize(VOID);
101 | 
102 |     // Creates a Hook for the specified target function, in disabled state.
103 |     // Parameters:
104 |     //   pTarget    [in]  A pointer to the target function, which will be
105 |     //                    overridden by the detour function.
106 |     //   pDetour    [in]  A pointer to the detour function, which will override
107 |     //                    the target function.
108 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
109 |     //                    used to call the original target function.
110 |     //                    This parameter can be NULL.
111 |     MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
112 | 
113 |     // Creates a Hook for the specified API function, in disabled state.
114 |     // Parameters:
115 |     //   pszModule  [in]  A pointer to the loaded module name which contains the
116 |     //                    target function.
117 |     //   pszTarget  [in]  A pointer to the target function name, which will be
118 |     //                    overridden by the detour function.
119 |     //   pDetour    [in]  A pointer to the detour function, which will override
120 |     //                    the target function.
121 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
122 |     //                    used to call the original target function.
123 |     //                    This parameter can be NULL.
124 |     MH_STATUS WINAPI MH_CreateHookApi(
125 |         LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
126 | 
127 |     // Creates a Hook for the specified API function, in disabled state.
128 |     // Parameters:
129 |     //   pszModule  [in]  A pointer to the loaded module name which contains the
130 |     //                    target function.
131 |     //   pszTarget  [in]  A pointer to the target function name, which will be
132 |     //                    overridden by the detour function.
133 |     //   pDetour    [in]  A pointer to the detour function, which will override
134 |     //                    the target function.
135 |     //   ppOriginal [out] A pointer to the trampoline function, which will be
136 |     //                    used to call the original target function.
137 |     //                    This parameter can be NULL.
138 |     //   ppTarget   [out] A pointer to the target function, which will be used
139 |     //                    with other functions.
140 |     //                    This parameter can be NULL.
141 |     MH_STATUS WINAPI MH_CreateHookApiEx(
142 |         LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
143 | 
144 |     // Removes an already created hook.
145 |     // Parameters:
146 |     //   pTarget [in] A pointer to the target function.
147 |     MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
148 | 
149 |     // Enables an already created hook.
150 |     // Parameters:
151 |     //   pTarget [in] A pointer to the target function.
152 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
153 |     //                enabled in one go.
154 |     MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
155 | 
156 |     // Disables an already created hook.
157 |     // Parameters:
158 |     //   pTarget [in] A pointer to the target function.
159 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
160 |     //                disabled in one go.
161 |     MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
162 | 
163 |     // Queues to enable an already created hook.
164 |     // Parameters:
165 |     //   pTarget [in] A pointer to the target function.
166 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
167 |     //                queued to be enabled.
168 |     MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
169 | 
170 |     // Queues to disable an already created hook.
171 |     // Parameters:
172 |     //   pTarget [in] A pointer to the target function.
173 |     //                If this parameter is MH_ALL_HOOKS, all created hooks are
174 |     //                queued to be disabled.
175 |     MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
176 | 
177 |     // Applies all queued changes in one go.
178 |     MH_STATUS WINAPI MH_ApplyQueued(VOID);
179 | 
180 |     // Translates the MH_STATUS to its name as a string.
181 |     const char * WINAPI MH_StatusToString(MH_STATUS status);
182 | 
183 | #ifdef __cplusplus
184 | }
185 | #endif
186 | 
187 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/ReadMe.txt:
--------------------------------------------------------------------------------
 1 | ========================================================================
 2 |     CONSOLE APPLICATION : SampleHook Project Overview
 3 | ========================================================================
 4 | 
 5 | AppWizard has created this SampleHook application for you.
 6 | 
 7 | This file contains a summary of what you will find in each of the files that
 8 | make up your SampleHook application.
 9 | 
10 | 
11 | SampleHook.vcxproj
12 |     This is the main project file for VC++ projects generated using an Application Wizard.
13 |     It contains information about the version of Visual C++ that generated the file, and
14 |     information about the platforms, configurations, and project features selected with the
15 |     Application Wizard.
16 | 
17 | SampleHook.vcxproj.filters
18 |     This is the filters file for VC++ projects generated using an Application Wizard. 
19 |     It contains information about the association between the files in your project 
20 |     and the filters. This association is used in the IDE to show grouping of files with
21 |     similar extensions under a specific node (for e.g. ".cpp" files are associated with the
22 |     "Source Files" filter).
23 | 
24 | SampleHook.cpp
25 |     This is the main application source file.
26 | 
27 | /////////////////////////////////////////////////////////////////////////////
28 | Other standard files:
29 | 
30 | StdAfx.h, StdAfx.cpp
31 |     These files are used to build a precompiled header (PCH) file
32 |     named SampleHook.pch and a precompiled types file named StdAfx.obj.
33 | 
34 | /////////////////////////////////////////////////////////////////////////////
35 | Other notes:
36 | 
37 | AppWizard uses "TODO:" comments to indicate parts of the source code you
38 | should add to or customize.
39 | 
40 | /////////////////////////////////////////////////////////////////////////////
41 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/SampleHook.c:
--------------------------------------------------------------------------------
  1 | // SampleHook.cpp : Defines the entry point for the console application.
  2 | //
  3 | 
  4 | #include "stdafx.h"
  5 | 
  6 | #include "fu.h"
  7 | #include "MinHook.h"
  8 | #include "include/capstone.h"
  9 | 
 10 | #if defined _M_X64
 11 | #pragma comment(lib, "libMinHook.x64.lib")
 12 | #pragma comment(lib, "capstone.x64.lib")
 13 | #elif defined _M_IX86
 14 | #pragma comment(lib, "libMinHook.x86.lib")
 15 | #pragma comment(lib, "capstone.x86.lib")
 16 | #endif
 17 | 
 18 | 
 19 | // 'type cast': from function pointer '...' to data pointer '...'
 20 | #pragma warning(disable : 4054)
 21 | 
 22 | // nonstandard extension, function / data pointer conversion in expression
 23 | #pragma warning(disable : 4152)
 24 | 
 25 | typedef int(WINAPI *MESSAGEBOXW)(HWND, LPCWSTR, LPCWSTR, UINT);
 26 | 
 27 | // Pointer for calling original MessageBoxW.
 28 | MESSAGEBOXW fpMessageBoxW = NULL;
 29 | 
 30 | // Detour function which overrides MessageBoxW.
 31 | int WINAPI DetourMessageBoxW(HWND hWnd, LPCWSTR lpText, LPCWSTR lpCaption,
 32 |                              UINT uType) {
 33 |   return fpMessageBoxW(hWnd, L"Hooked!", lpCaption, uType);
 34 | }
 35 | 
 36 | bool DumpDisassemble(BYTE *bytes, SIZE_T length, ULONG_PTR address,
 37 |                      const char *message, const char *label) {
 38 |   csh handle = 0;
 39 |   if (cs_open(CS_ARCH_X86, (sizeof(void *) == 4) ? CS_MODE_32 : CS_MODE_64,
 40 |               &handle) != CS_ERR_OK) {
 41 |     return false;
 42 |   }
 43 | 
 44 |   cs_insn *insn;
 45 |   size_t count = cs_disasm(handle, bytes, length, address, 0, &insn);
 46 |   if (count > 0) {
 47 |     printf("%s %s: ", message, label);
 48 |     for (size_t j = 0; j < count; j++) {
 49 |       printf("0x%p %s %s\n", (void *)(uintptr_t)insn[j].address,
 50 |              insn[j].mnemonic, insn[j].op_str);
 51 |     }
 52 |     cs_free(insn, count);
 53 |   }
 54 |   cs_close(&handle);
 55 |   return true;
 56 | }
 57 | 
 58 | int main() {
 59 |   // Initialize MinHook.
 60 |   if (MH_Initialize() != MH_OK) {
 61 |     return 1;
 62 |   }
 63 | 
 64 |   printf("PID= %d\n", GetCurrentProcessId());
 65 | 
 66 |   static const SIZE_T DISAS_BYTES = 6;
 67 |   BYTE OriginalBytes[32];
 68 |   memcpy(OriginalBytes, &MessageBoxW, sizeof(OriginalBytes));
 69 | 
 70 |   // Create a hook for MessageBoxW, in disabled state.
 71 |   if (MH_CreateHook(&MessageBoxW, &DetourMessageBoxW,
 72 |                     (LPVOID *)&fpMessageBoxW) != MH_OK) {
 73 |     return 1;
 74 |   }
 75 | 
 76 |   DumpDisassemble((BYTE *)&MessageBoxW, DISAS_BYTES, (ULONG_PTR)&MessageBoxW,
 77 |                   "[ ]Hook [ ]Concealment", "user32!MessageBoxW");
 78 | 
 79 |   // Enable the hook for MessageBoxW.
 80 |   if (MH_EnableHook(&MessageBoxW) != MH_OK) {
 81 |     return 1;
 82 |   }
 83 | 
 84 |   // Create concealment but not activate it yet
 85 |   if (!FuCreateFakePage(&MessageBoxW, OriginalBytes,
 86 |                             sizeof(OriginalBytes))) {
 87 |     return 1;
 88 |   }
 89 | 
 90 |   DumpDisassemble((BYTE *)&MessageBoxW, DISAS_BYTES, (ULONG_PTR)&MessageBoxW,
 91 |                   "[X]Hook [ ]Concealment", "user32!MessageBoxW");
 92 | 
 93 |   // Avtivate concealment
 94 |   if (!FuEnableFakePages()) {
 95 |     return 1;
 96 |   }
 97 | 
 98 |   DumpDisassemble((BYTE *)&MessageBoxW, DISAS_BYTES, (ULONG_PTR)&MessageBoxW,
 99 |                   "[X]Hook [X]Concealment", "user32!MessageBoxW");
100 | 
101 |   // Expected to tell "Hooked!".
102 |   MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);
103 | 
104 |   // Deavtivate concealment
105 |   if (!FuDisableFakePages()) {
106 |     return 1;
107 |   }
108 | 
109 |   DumpDisassemble((BYTE *)&MessageBoxW, DISAS_BYTES, (ULONG_PTR)&MessageBoxW,
110 |                   "[X]Hook [ ]Concealment", "user32!MessageBoxW");
111 | 
112 |   // Expected to tell "Hooked!".
113 |   MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);
114 | 
115 |   // Disable the hook for MessageBoxW.
116 |   if (MH_DisableHook(&MessageBoxW) != MH_OK) {
117 |     return 1;
118 |   }
119 | 
120 |   DumpDisassemble((BYTE *)&MessageBoxW, DISAS_BYTES, (ULONG_PTR)&MessageBoxW,
121 |                   "[ ]Hook [ ]Concealment", "user32!MessageBoxW");
122 | 
123 |   // Expected to tell "Not hooked...".
124 |   MessageBoxW(NULL, L"Not hooked...", L"MinHook Sample", MB_OK);
125 | 
126 |   // Uninitialize MinHook.
127 |   if (MH_Uninitialize() != MH_OK) {
128 |     return 1;
129 |   }
130 | 
131 |   return 0;
132 | }


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/SampleHook.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{FFC63D92-5C61-4A38-BCC8-5F5B659BECBF}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>SampleHook</RootNamespace>
 25 |     <WindowsTargetPlatformVersion>10.0.16299.0</WindowsTargetPlatformVersion>
 26 |   </PropertyGroup>
 27 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 28 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 29 |     <ConfigurationType>Application</ConfigurationType>
 30 |     <UseDebugLibraries>true</UseDebugLibraries>
 31 |     <PlatformToolset>v140</PlatformToolset>
 32 |     <CharacterSet>Unicode</CharacterSet>
 33 |   </PropertyGroup>
 34 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 35 |     <ConfigurationType>Application</ConfigurationType>
 36 |     <UseDebugLibraries>false</UseDebugLibraries>
 37 |     <PlatformToolset>v140</PlatformToolset>
 38 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 39 |     <CharacterSet>Unicode</CharacterSet>
 40 |   </PropertyGroup>
 41 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 42 |     <ConfigurationType>Application</ConfigurationType>
 43 |     <UseDebugLibraries>true</UseDebugLibraries>
 44 |     <PlatformToolset>v140</PlatformToolset>
 45 |     <CharacterSet>Unicode</CharacterSet>
 46 |   </PropertyGroup>
 47 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 48 |     <ConfigurationType>Application</ConfigurationType>
 49 |     <UseDebugLibraries>false</UseDebugLibraries>
 50 |     <PlatformToolset>v140</PlatformToolset>
 51 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 52 |     <CharacterSet>Unicode</CharacterSet>
 53 |   </PropertyGroup>
 54 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 55 |   <ImportGroup Label="ExtensionSettings">
 56 |   </ImportGroup>
 57 |   <ImportGroup Label="Shared">
 58 |   </ImportGroup>
 59 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 69 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 70 |   </ImportGroup>
 71 |   <PropertyGroup Label="UserMacros" />
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 73 |     <LinkIncremental>true</LinkIncremental>
 74 |   </PropertyGroup>
 75 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 76 |     <LinkIncremental>true</LinkIncremental>
 77 |   </PropertyGroup>
 78 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 79 |     <LinkIncremental>false</LinkIncremental>
 80 |   </PropertyGroup>
 81 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 82 |     <LinkIncremental>false</LinkIncremental>
 83 |   </PropertyGroup>
 84 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 85 |     <ClCompile>
 86 |       <PrecompiledHeader>Use</PrecompiledHeader>
 87 |       <WarningLevel>Level4</WarningLevel>
 88 |       <Optimization>Disabled</Optimization>
 89 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |     </ClCompile>
 92 |     <Link>
 93 |       <SubSystem>Console</SubSystem>
 94 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 95 |     </Link>
 96 |   </ItemDefinitionGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 98 |     <ClCompile>
 99 |       <PrecompiledHeader>Use</PrecompiledHeader>
100 |       <WarningLevel>Level4</WarningLevel>
101 |       <Optimization>Disabled</Optimization>
102 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
103 |       <SDLCheck>true</SDLCheck>
104 |     </ClCompile>
105 |     <Link>
106 |       <SubSystem>Console</SubSystem>
107 |       <GenerateDebugInformation>true</GenerateDebugInformation>
108 |     </Link>
109 |   </ItemDefinitionGroup>
110 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
111 |     <ClCompile>
112 |       <WarningLevel>Level4</WarningLevel>
113 |       <PrecompiledHeader>Use</PrecompiledHeader>
114 |       <Optimization>MaxSpeed</Optimization>
115 |       <FunctionLevelLinking>true</FunctionLevelLinking>
116 |       <IntrinsicFunctions>true</IntrinsicFunctions>
117 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
120 |     </ClCompile>
121 |     <Link>
122 |       <SubSystem>Console</SubSystem>
123 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
124 |       <OptimizeReferences>true</OptimizeReferences>
125 |       <GenerateDebugInformation>true</GenerateDebugInformation>
126 |     </Link>
127 |   </ItemDefinitionGroup>
128 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
129 |     <ClCompile>
130 |       <WarningLevel>Level4</WarningLevel>
131 |       <PrecompiledHeader>Use</PrecompiledHeader>
132 |       <Optimization>MaxSpeed</Optimization>
133 |       <FunctionLevelLinking>true</FunctionLevelLinking>
134 |       <IntrinsicFunctions>true</IntrinsicFunctions>
135 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
136 |       <SDLCheck>true</SDLCheck>
137 |       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
138 |     </ClCompile>
139 |     <Link>
140 |       <SubSystem>Console</SubSystem>
141 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
142 |       <OptimizeReferences>true</OptimizeReferences>
143 |       <GenerateDebugInformation>true</GenerateDebugInformation>
144 |     </Link>
145 |   </ItemDefinitionGroup>
146 |   <ItemGroup>
147 |     <Text Include="ReadMe.txt" />
148 |   </ItemGroup>
149 |   <ItemGroup>
150 |     <ClInclude Include="fu.h" />
151 |     <ClInclude Include="stdafx.h" />
152 |     <ClInclude Include="targetver.h" />
153 |   </ItemGroup>
154 |   <ItemGroup>
155 |     <ClCompile Include="SampleHook.c" />
156 |     <ClCompile Include="stdafx.c">
157 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
158 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
159 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
160 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
161 |     </ClCompile>
162 |   </ItemGroup>
163 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
164 |   <ImportGroup Label="ExtensionTargets">
165 |   </ImportGroup>
166 | </Project>


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/SampleHook.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="fu.h">
28 |       <Filter>Header Files</Filter>
29 |     </ClInclude>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClCompile Include="SampleHook.c">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |     <ClCompile Include="stdafx.c">
36 |       <Filter>Source Files</Filter>
37 |     </ClCompile>
38 |   </ItemGroup>
39 | </Project>


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/capstone.x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tandasat/FU_Hypervisor/d8a5fdf9f8eb723007bfd0a057e38232ef18002d/TestPrograms/SampleHook/SampleHook/capstone.x64.lib


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/capstone.x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tandasat/FU_Hypervisor/d8a5fdf9f8eb723007bfd0a057e38232ef18002d/TestPrograms/SampleHook/SampleHook/capstone.x86.lib


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/fu.h:
--------------------------------------------------------------------------------
  1 | // Copyright (c) 2015-2016, tandasat. All rights reserved.
  2 | // Use of this source code is governed by a MIT-style license that can be
  3 | // found in the LICENSE file.
  4 | 
  5 | /// @file
  6 | /// @brief Declares interfaces to FU APIs.
  7 | 
  8 | #ifndef FU_FU_H_
  9 | #define FU_FU_H_
 10 | 
 11 | #include <Windows.h>
 12 | 
 13 | #ifdef __cplusplus
 14 | extern "C" {
 15 | #endif
 16 | ////////////////////////////////////////////////////////////////////////////////
 17 | //
 18 | // macro utilities
 19 | //
 20 | 
 21 | ////////////////////////////////////////////////////////////////////////////////
 22 | //
 23 | // constants and macros
 24 | //
 25 | 
 26 | ////////////////////////////////////////////////////////////////////////////////
 27 | //
 28 | // types
 29 | //
 30 | 
 31 | // Internal use only.
 32 | typedef enum {
 33 |   kCreateFakePage = 0x11223300,
 34 |   kEnableFakePages,
 35 |   kDisableFakePages,
 36 |   kDeleteFakePages,
 37 | } FuHypercall;
 38 | 
 39 | ////////////////////////////////////////////////////////////////////////////////
 40 | //
 41 | // prototypes
 42 | //
 43 | 
 44 | /// Creates a fake page in a hypervisor without activating it
 45 | /// @param start_address        An address to fake with \a fake_bytes
 46 | /// @param fake_bytes           A bytes to show for read operation
 47 | /// @param size_of_fake_bytes   A size of \a fake_bytes in bytes
 48 | /// @return TRUE when a fake page was created
 49 | inline BOOL FuCreateFakePage(void *start_address, const BYTE *fake_bytes,
 50 |                              SIZE_T size_of_fake_bytes);
 51 | 
 52 | /// Enables and activate all created fake pages
 53 | /// @return TRUE when the request was processed by a hypervisor
 54 | inline BOOL FuEnableFakePages();
 55 | 
 56 | /// Disables and deletes all created fake pages
 57 | /// @return TRUE when the request was processed by a hypervisor
 58 | inline BOOL FuDisableFakePages();
 59 | 
 60 | /// Internal use only
 61 | inline BOOL FupEnableFakePagesCallback(void *context);
 62 | 
 63 | /// Internal use only
 64 | inline BOOL FupDisableFakePagesCallback(void *context);
 65 | 
 66 | /// Internal use only
 67 | inline BOOL FupVmCall(ULONG_PTR hypercall_number, void *context);
 68 | 
 69 | /// Internal use only
 70 | inline BOOL FupForEachProcessor(BOOL (*callback)(void *), void *context);
 71 | 
 72 | ////////////////////////////////////////////////////////////////////////////////
 73 | //
 74 | // variables
 75 | //
 76 | 
 77 | ////////////////////////////////////////////////////////////////////////////////
 78 | //
 79 | // implementations
 80 | //
 81 | 
 82 | inline BOOL FuCreateFakePage(void *start_address, const BYTE *original_bytes,
 83 |                              SIZE_T original_byte_size) {
 84 |   typedef struct {
 85 |     ULONG64 start_address;
 86 |     ULONG64 original_byte_size;
 87 |     UCHAR original_bytes[32];
 88 |   } FU_CREATE_SHADOW_PARAMETERS;
 89 |   C_ASSERT(sizeof(FU_CREATE_SHADOW_PARAMETERS) == 48);
 90 | 
 91 |   if (!start_address || !original_byte_size ||
 92 |       original_byte_size >
 93 |           sizeof(((FU_CREATE_SHADOW_PARAMETERS *)NULL)->original_bytes)) {
 94 |     return FALSE;
 95 |   }
 96 | 
 97 |   // Modify the start_address to cause copy-on-write in case the page is shared.
 98 |   // It lets the address be backed by a physical page that is only used for this
 99 |   // process. By doing this, only this process's memory is faked and no other
100 |   // processes are affected.
101 |   DWORD old_protect = 0;
102 |   if (!VirtualProtect(start_address, original_byte_size, PAGE_EXECUTE_READWRITE,
103 |                       &old_protect)) {
104 |     return FALSE;
105 |   }
106 |   memmove(start_address, start_address, original_byte_size);
107 |   FlushInstructionCache(GetCurrentProcess(), start_address, original_byte_size);
108 |   if (!VirtualProtect(start_address, original_byte_size, old_protect,
109 |                       &old_protect)) {
110 |     return FALSE;
111 |   }
112 | 
113 |   // Lock the address to a physical page. This prevents a page from paged out
114 |   if (!VirtualLock(start_address, original_byte_size)) {
115 |     return FALSE;
116 |   }
117 | 
118 |   FU_CREATE_SHADOW_PARAMETERS params;
119 |   params.start_address = (ULONG64)start_address;
120 |   params.original_byte_size = original_byte_size;
121 |   memset(params.original_bytes, 0, _countof(params.original_bytes));
122 |   memcpy(params.original_bytes, original_bytes, original_byte_size);
123 | 
124 |   return FupVmCall(kCreateFakePage, &params);
125 | }
126 | 
127 | inline BOOL FuEnableFakePages() {
128 |   return FupForEachProcessor(FupEnableFakePagesCallback, NULL);
129 | }
130 | 
131 | inline BOOL FupEnableFakePagesCallback(void *context) {
132 |   UNREFERENCED_PARAMETER(context);
133 |   return FupVmCall(kEnableFakePages, NULL);
134 | }
135 | 
136 | inline BOOL FuDisableFakePages() {
137 |   FupForEachProcessor(FupDisableFakePagesCallback, NULL);
138 |   return FupVmCall(kDeleteFakePages, NULL);
139 | }
140 | 
141 | inline BOOL FupDisableFakePagesCallback(void *context) {
142 |   UNREFERENCED_PARAMETER(context);
143 |   return FupVmCall(kDisableFakePages, NULL);
144 | }
145 | 
146 | // Internal use only; executes \a callback on each processor
147 | // @param callback   A function to execute
148 | // @param context    An arbitrary parameter for \a callback
149 | // @return TRUE when \a callback was executed on all processors or until it
150 | //         returned FALSE
151 | inline BOOL FupForEachProcessor(BOOL (*callback)(void *), void *context) {
152 |   GROUP_AFFINITY original_group_affinity;
153 |   if (!GetThreadGroupAffinity(GetCurrentThread(), &original_group_affinity)) {
154 |     return FALSE;
155 |   }
156 | 
157 |   BOOL result = FALSE;
158 |   WORD group_count = GetActiveProcessorGroupCount();
159 |   for (WORD group_number = 0; group_number < group_count; ++group_number) {
160 |     DWORD processor_count = GetActiveProcessorCount(group_number);
161 |     for (DWORD processor_number = 0; processor_number < processor_count;
162 |          ++processor_number) {
163 |       GROUP_AFFINITY group_affinity;
164 |       memset(&group_affinity, 0, sizeof(group_affinity));
165 |       group_affinity.Mask = (KAFFINITY)(1) << processor_number;
166 |       group_affinity.Group = group_number;
167 |       if (!SetThreadGroupAffinity(GetCurrentThread(), &group_affinity, NULL)) {
168 |         goto exit;
169 |       }
170 | 
171 |       if (!callback(context)) {
172 |         break;
173 |       }
174 |     }
175 |   }
176 |   result = TRUE;
177 | 
178 | exit:;
179 |   SetThreadGroupAffinity(GetCurrentThread(), &original_group_affinity, NULL);
180 |   return result;
181 | }
182 | 
183 | // Internal use only; issues VMCALL
184 | // @param callback   A hypercall number
185 | // @param context    An arbitrary parameter
186 | // @return TRUE when a VMCALL instruction was executed without an error
187 | inline BOOL FupVmCall(ULONG_PTR hypercall_number, void *context) {
188 | #pragma section(".asm", read, execute)
189 | #if defined(_AMD64_)
190 |   __declspec(allocate(".asm")) static const BYTE CODE[] = {
191 |       0x0F, 0x01, 0xC1, //    vmcall
192 |       0x74, 0x0E,       //    jz      short errorWithCode
193 |       0x72, 0x04,       //    jb      short errorWithoutCode
194 |       0x48, 0x33, 0xC0, //    xor     rax, rax
195 |       0xC3,             //    retn
196 |                         // errorWithoutCode:
197 |       0x48, 0xC7, 0xC0, 0x02, 0x00, 0x00, 0x00, //    mov     rax, 2
198 |       0xC3,                                     //    retn
199 |                                                 // errorWithCode:
200 |       0x48, 0xC7, 0xC0, 0x01, 0x00, 0x00, 0x00, //    mov     rax, 1
201 |       0xC3,                                     //    retn
202 |   };
203 | #else
204 |   __declspec(allocate(".asm")) static const BYTE CODE[] = {
205 |       0x55,                         //    push    ebp
206 |       0x8B, 0xEC,                   //    mov     ebp, esp
207 |       0x8B, 0x4D, 0x08,             //    mov     ecx, [ebp+hypercall_number]
208 |       0x8B, 0x55, 0x0C,             //    mov     edx, [ebp+context]
209 |       0x0F, 0x01, 0xC1,             //    vmcall
210 |       0x74, 0x11,                   //    jz      short errorWithCode
211 |       0x72, 0x06,                   //    jb      short errorWithoutCode
212 |       0x33, 0xC0,                   //    xor     eax, eax
213 |       0xC9,                         //    leave
214 |       0xC2, 0x08, 0x00,             //    retn    8
215 |                                     // errorWithoutCode:
216 |       0xB8, 0x02, 0x00, 0x00, 0x00, //    mov     eax, 2
217 |       0xC9,                         //    leave
218 |       0xC2, 0x08, 0x00,             //    retn    8
219 |                                     // errorWithCode:
220 |       0xB8, 0x01, 0x00, 0x00, 0x00, //    mov     eax, 1
221 |       0xC9,                         //    leave
222 |       0xC2, 0x08, 0x00,             //    retn    8
223 |   };
224 | #endif
225 | 
226 |   typedef unsigned char(__stdcall * AsmVmxCallType)(
227 |       _In_ ULONG_PTR hypercall_number, _In_opt_ void *context);
228 | 
229 | #pragma warning(suppress : 4055)
230 |   AsmVmxCallType AsmVmxCall = (AsmVmxCallType)CODE;
231 | 
232 |   __try {
233 |     return AsmVmxCall(hypercall_number, context) == 0;
234 |   } __except (EXCEPTION_EXECUTE_HANDLER) {
235 |     SetLastError(GetExceptionCode());
236 |     return FALSE;
237 |   }
238 | }
239 | 
240 | #ifdef __cplusplus
241 | }
242 | #endif
243 | 
244 | #endif // FU_FU_H_
245 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/include/platform.h:
--------------------------------------------------------------------------------
  1 | /* Capstone Disassembly Engine */
  2 | /* By Axel Souchet & Nguyen Anh Quynh, 2014 */
  3 | 
  4 | #ifndef CAPSTONE_PLATFORM_H
  5 | #define CAPSTONE_PLATFORM_H
  6 | 
  7 | // handle C99 issue (for pre-2013 VisualStudio)
  8 | #if !defined(__CYGWIN__) && !defined(__MINGW32__) && !defined(__MINGW64__) && (defined (WIN32) || defined (WIN64) || defined (_WIN32) || defined (_WIN64))
  9 | // MSVC
 10 | 
 11 | // stdbool.h
 12 | #if (_MSC_VER < 1800) || defined(_KERNEL_MODE)
 13 | // this system does not have stdbool.h
 14 | #ifndef __cplusplus
 15 | typedef unsigned char bool;
 16 | #define false 0
 17 | #define true 1
 18 | #endif
 19 | 
 20 | #else
 21 | // VisualStudio 2013+ -> C99 is supported
 22 | #include <stdbool.h>
 23 | #endif
 24 | 
 25 | #else
 26 | // not MSVC -> C99 is supported
 27 | #include <stdbool.h>
 28 | #endif
 29 | 
 30 | 
 31 | // handle C99 issue (for pre-2013 VisualStudio)
 32 | #if defined(CAPSTONE_HAS_OSXKERNEL) || (defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE)))
 33 | // this system does not have inttypes.h
 34 | 
 35 | #if defined(_MSC_VER) && (_MSC_VER <= 1700 || defined(_KERNEL_MODE))
 36 | // this system does not have stdint.h
 37 | typedef signed char  int8_t;
 38 | typedef signed short int16_t;
 39 | typedef signed int   int32_t;
 40 | typedef unsigned char  uint8_t;
 41 | typedef unsigned short uint16_t;
 42 | typedef unsigned int   uint32_t;
 43 | typedef signed long long   int64_t;
 44 | typedef unsigned long long uint64_t;
 45 | 
 46 | #define INT8_MIN         (-127i8 - 1)
 47 | #define INT16_MIN        (-32767i16 - 1)
 48 | #define INT32_MIN        (-2147483647i32 - 1)
 49 | #define INT64_MIN        (-9223372036854775807i64 - 1)
 50 | #define INT8_MAX         127i8
 51 | #define INT16_MAX        32767i16
 52 | #define INT32_MAX        2147483647i32
 53 | #define INT64_MAX        9223372036854775807i64
 54 | #define UINT8_MAX        0xffui8
 55 | #define UINT16_MAX       0xffffui16
 56 | #define UINT32_MAX       0xffffffffui32
 57 | #define UINT64_MAX       0xffffffffffffffffui64
 58 | #endif
 59 | 
 60 | #define __PRI_8_LENGTH_MODIFIER__ "hh"
 61 | #define __PRI_64_LENGTH_MODIFIER__ "ll"
 62 | 
 63 | #define PRId8         __PRI_8_LENGTH_MODIFIER__ "d"
 64 | #define PRIi8         __PRI_8_LENGTH_MODIFIER__ "i"
 65 | #define PRIo8         __PRI_8_LENGTH_MODIFIER__ "o"
 66 | #define PRIu8         __PRI_8_LENGTH_MODIFIER__ "u"
 67 | #define PRIx8         __PRI_8_LENGTH_MODIFIER__ "x"
 68 | #define PRIX8         __PRI_8_LENGTH_MODIFIER__ "X"
 69 | 
 70 | #define PRId16        "hd"
 71 | #define PRIi16        "hi"
 72 | #define PRIo16        "ho"
 73 | #define PRIu16        "hu"
 74 | #define PRIx16        "hx"
 75 | #define PRIX16        "hX"
 76 | 
 77 | #if defined(_MSC_VER) && _MSC_VER <= 1700
 78 | #define PRId32        "ld"
 79 | #define PRIi32        "li"
 80 | #define PRIo32        "lo"
 81 | #define PRIu32        "lu"
 82 | #define PRIx32        "lx"
 83 | #define PRIX32        "lX"
 84 | #else	// OSX
 85 | #define PRId32        "d"
 86 | #define PRIi32        "i"
 87 | #define PRIo32        "o"
 88 | #define PRIu32        "u"
 89 | #define PRIx32        "x"
 90 | #define PRIX32        "X"
 91 | #endif
 92 | 
 93 | #define PRId64        __PRI_64_LENGTH_MODIFIER__ "d"
 94 | #define PRIi64        __PRI_64_LENGTH_MODIFIER__ "i"
 95 | #define PRIo64        __PRI_64_LENGTH_MODIFIER__ "o"
 96 | #define PRIu64        __PRI_64_LENGTH_MODIFIER__ "u"
 97 | #define PRIx64        __PRI_64_LENGTH_MODIFIER__ "x"
 98 | #define PRIX64        __PRI_64_LENGTH_MODIFIER__ "X"
 99 | 
100 | #else
101 | // this system has inttypes.h by default
102 | #include <inttypes.h>
103 | #endif
104 | 
105 | #endif
106 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/include/sparc.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_SPARC_H
  2 | #define CAPSTONE_SPARC_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | // GCC SPARC toolchain has a default macro called "sparc" which breaks
 18 | // compilation
 19 | #undef sparc
 20 | 
 21 | #ifdef _MSC_VER
 22 | #pragma warning(disable:4201)
 23 | #endif
 24 | 
 25 | //> Enums corresponding to Sparc condition codes, both icc's and fcc's.
 26 | typedef enum sparc_cc {
 27 | 	SPARC_CC_INVALID = 0,	// invalid CC (default)
 28 | 	//> Integer condition codes
 29 | 	SPARC_CC_ICC_A   =  8+256,  // Always
 30 | 	SPARC_CC_ICC_N   =  0+256,  // Never
 31 | 	SPARC_CC_ICC_NE  =  9+256,  // Not Equal
 32 | 	SPARC_CC_ICC_E   =  1+256,  // Equal
 33 | 	SPARC_CC_ICC_G   = 10+256,  // Greater
 34 | 	SPARC_CC_ICC_LE  =  2+256,  // Less or Equal
 35 | 	SPARC_CC_ICC_GE  = 11+256,  // Greater or Equal
 36 | 	SPARC_CC_ICC_L   =  3+256,  // Less
 37 | 	SPARC_CC_ICC_GU  = 12+256,  // Greater Unsigned
 38 | 	SPARC_CC_ICC_LEU =  4+256,  // Less or Equal Unsigned
 39 | 	SPARC_CC_ICC_CC  = 13+256,  // Carry Clear/Great or Equal Unsigned
 40 | 	SPARC_CC_ICC_CS  =  5+256,  // Carry Set/Less Unsigned
 41 | 	SPARC_CC_ICC_POS = 14+256,  // Positive
 42 | 	SPARC_CC_ICC_NEG =  6+256,  // Negative
 43 | 	SPARC_CC_ICC_VC  = 15+256,  // Overflow Clear
 44 | 	SPARC_CC_ICC_VS  =  7+256,  // Overflow Set
 45 | 
 46 | 	//> Floating condition codes
 47 | 	SPARC_CC_FCC_A   =  8+16+256,  // Always
 48 | 	SPARC_CC_FCC_N   =  0+16+256,  // Never
 49 | 	SPARC_CC_FCC_U   =  7+16+256,  // Unordered
 50 | 	SPARC_CC_FCC_G   =  6+16+256,  // Greater
 51 | 	SPARC_CC_FCC_UG  =  5+16+256,  // Unordered or Greater
 52 | 	SPARC_CC_FCC_L   =  4+16+256,  // Less
 53 | 	SPARC_CC_FCC_UL  =  3+16+256,  // Unordered or Less
 54 | 	SPARC_CC_FCC_LG  =  2+16+256,  // Less or Greater
 55 | 	SPARC_CC_FCC_NE  =  1+16+256,  // Not Equal
 56 | 	SPARC_CC_FCC_E   =  9+16+256,  // Equal
 57 | 	SPARC_CC_FCC_UE  = 10+16+256,  // Unordered or Equal
 58 | 	SPARC_CC_FCC_GE  = 11+16+256,  // Greater or Equal
 59 | 	SPARC_CC_FCC_UGE = 12+16+256,  // Unordered or Greater or Equal
 60 | 	SPARC_CC_FCC_LE  = 13+16+256,  // Less or Equal
 61 | 	SPARC_CC_FCC_ULE = 14+16+256,  // Unordered or Less or Equal
 62 | 	SPARC_CC_FCC_O   = 15+16+256,  // Ordered
 63 | } sparc_cc;
 64 | 
 65 | //> Branch hint
 66 | typedef enum sparc_hint {
 67 | 	SPARC_HINT_INVALID = 0,	// no hint
 68 | 	SPARC_HINT_A	= 1 << 0,	// annul delay slot instruction
 69 | 	SPARC_HINT_PT	= 1 << 1,	// branch taken
 70 | 	SPARC_HINT_PN	= 1 << 2,	// branch NOT taken
 71 | } sparc_hint;
 72 | 
 73 | //> Operand type for instruction's operands
 74 | typedef enum sparc_op_type {
 75 | 	SPARC_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 76 | 	SPARC_OP_REG, // = CS_OP_REG (Register operand).
 77 | 	SPARC_OP_IMM, // = CS_OP_IMM (Immediate operand).
 78 | 	SPARC_OP_MEM, // = CS_OP_MEM (Memory operand).
 79 | } sparc_op_type;
 80 | 
 81 | // Instruction's operand referring to memory
 82 | // This is associated with SPARC_OP_MEM operand type above
 83 | typedef struct sparc_op_mem {
 84 | 	uint8_t base;	// base register
 85 | 	uint8_t index;	// index register
 86 | 	int32_t disp;	// displacement/offset value
 87 | } sparc_op_mem;
 88 | 
 89 | // Instruction operand
 90 | typedef struct cs_sparc_op {
 91 | 	sparc_op_type type;	// operand type
 92 | 	union {
 93 | 		unsigned int reg;	// register value for REG operand
 94 | 		int32_t imm;		// immediate value for IMM operand
 95 | 		sparc_op_mem mem;		// base/disp value for MEM operand
 96 | 	};
 97 | } cs_sparc_op;
 98 | 
 99 | // Instruction structure
100 | typedef struct cs_sparc {
101 | 	sparc_cc cc;	// code condition for this insn
102 | 	sparc_hint hint;	// branch hint: encoding as bitwise OR of sparc_hint.
103 | 	// Number of operands of this instruction, 
104 | 	// or 0 when instruction has no operand.
105 | 	uint8_t op_count;
106 | 	cs_sparc_op operands[4]; // operands for this instruction.
107 | } cs_sparc;
108 | 
109 | //> SPARC registers
110 | typedef enum sparc_reg {
111 | 	SPARC_REG_INVALID = 0,
112 | 
113 | 	SPARC_REG_F0,
114 | 	SPARC_REG_F1,
115 | 	SPARC_REG_F2,
116 | 	SPARC_REG_F3,
117 | 	SPARC_REG_F4,
118 | 	SPARC_REG_F5,
119 | 	SPARC_REG_F6,
120 | 	SPARC_REG_F7,
121 | 	SPARC_REG_F8,
122 | 	SPARC_REG_F9,
123 | 	SPARC_REG_F10,
124 | 	SPARC_REG_F11,
125 | 	SPARC_REG_F12,
126 | 	SPARC_REG_F13,
127 | 	SPARC_REG_F14,
128 | 	SPARC_REG_F15,
129 | 	SPARC_REG_F16,
130 | 	SPARC_REG_F17,
131 | 	SPARC_REG_F18,
132 | 	SPARC_REG_F19,
133 | 	SPARC_REG_F20,
134 | 	SPARC_REG_F21,
135 | 	SPARC_REG_F22,
136 | 	SPARC_REG_F23,
137 | 	SPARC_REG_F24,
138 | 	SPARC_REG_F25,
139 | 	SPARC_REG_F26,
140 | 	SPARC_REG_F27,
141 | 	SPARC_REG_F28,
142 | 	SPARC_REG_F29,
143 | 	SPARC_REG_F30,
144 | 	SPARC_REG_F31,
145 | 	SPARC_REG_F32,
146 | 	SPARC_REG_F34,
147 | 	SPARC_REG_F36,
148 | 	SPARC_REG_F38,
149 | 	SPARC_REG_F40,
150 | 	SPARC_REG_F42,
151 | 	SPARC_REG_F44,
152 | 	SPARC_REG_F46,
153 | 	SPARC_REG_F48,
154 | 	SPARC_REG_F50,
155 | 	SPARC_REG_F52,
156 | 	SPARC_REG_F54,
157 | 	SPARC_REG_F56,
158 | 	SPARC_REG_F58,
159 | 	SPARC_REG_F60,
160 | 	SPARC_REG_F62,
161 | 	SPARC_REG_FCC0,	// Floating condition codes
162 | 	SPARC_REG_FCC1,
163 | 	SPARC_REG_FCC2,
164 | 	SPARC_REG_FCC3,
165 | 	SPARC_REG_FP,
166 | 	SPARC_REG_G0,
167 | 	SPARC_REG_G1,
168 | 	SPARC_REG_G2,
169 | 	SPARC_REG_G3,
170 | 	SPARC_REG_G4,
171 | 	SPARC_REG_G5,
172 | 	SPARC_REG_G6,
173 | 	SPARC_REG_G7,
174 | 	SPARC_REG_I0,
175 | 	SPARC_REG_I1,
176 | 	SPARC_REG_I2,
177 | 	SPARC_REG_I3,
178 | 	SPARC_REG_I4,
179 | 	SPARC_REG_I5,
180 | 	SPARC_REG_I7,
181 | 	SPARC_REG_ICC,	// Integer condition codes
182 | 	SPARC_REG_L0,
183 | 	SPARC_REG_L1,
184 | 	SPARC_REG_L2,
185 | 	SPARC_REG_L3,
186 | 	SPARC_REG_L4,
187 | 	SPARC_REG_L5,
188 | 	SPARC_REG_L6,
189 | 	SPARC_REG_L7,
190 | 	SPARC_REG_O0,
191 | 	SPARC_REG_O1,
192 | 	SPARC_REG_O2,
193 | 	SPARC_REG_O3,
194 | 	SPARC_REG_O4,
195 | 	SPARC_REG_O5,
196 | 	SPARC_REG_O7,
197 | 	SPARC_REG_SP,
198 | 	SPARC_REG_Y,
199 | 
200 | 	// special register
201 | 	SPARC_REG_XCC,
202 | 
203 | 	SPARC_REG_ENDING,   // <-- mark the end of the list of registers
204 | 
205 | 	// extras
206 | 	SPARC_REG_O6 = SPARC_REG_SP,
207 | 	SPARC_REG_I6 = SPARC_REG_FP,
208 | } sparc_reg;
209 | 
210 | //> SPARC instruction
211 | typedef enum sparc_insn {
212 | 	SPARC_INS_INVALID = 0,
213 | 
214 | 	SPARC_INS_ADDCC,
215 | 	SPARC_INS_ADDX,
216 | 	SPARC_INS_ADDXCC,
217 | 	SPARC_INS_ADDXC,
218 | 	SPARC_INS_ADDXCCC,
219 | 	SPARC_INS_ADD,
220 | 	SPARC_INS_ALIGNADDR,
221 | 	SPARC_INS_ALIGNADDRL,
222 | 	SPARC_INS_ANDCC,
223 | 	SPARC_INS_ANDNCC,
224 | 	SPARC_INS_ANDN,
225 | 	SPARC_INS_AND,
226 | 	SPARC_INS_ARRAY16,
227 | 	SPARC_INS_ARRAY32,
228 | 	SPARC_INS_ARRAY8,
229 | 	SPARC_INS_B,
230 | 	SPARC_INS_JMP,
231 | 	SPARC_INS_BMASK,
232 | 	SPARC_INS_FB,
233 | 	SPARC_INS_BRGEZ,
234 | 	SPARC_INS_BRGZ,
235 | 	SPARC_INS_BRLEZ,
236 | 	SPARC_INS_BRLZ,
237 | 	SPARC_INS_BRNZ,
238 | 	SPARC_INS_BRZ,
239 | 	SPARC_INS_BSHUFFLE,
240 | 	SPARC_INS_CALL,
241 | 	SPARC_INS_CASX,
242 | 	SPARC_INS_CAS,
243 | 	SPARC_INS_CMASK16,
244 | 	SPARC_INS_CMASK32,
245 | 	SPARC_INS_CMASK8,
246 | 	SPARC_INS_CMP,
247 | 	SPARC_INS_EDGE16,
248 | 	SPARC_INS_EDGE16L,
249 | 	SPARC_INS_EDGE16LN,
250 | 	SPARC_INS_EDGE16N,
251 | 	SPARC_INS_EDGE32,
252 | 	SPARC_INS_EDGE32L,
253 | 	SPARC_INS_EDGE32LN,
254 | 	SPARC_INS_EDGE32N,
255 | 	SPARC_INS_EDGE8,
256 | 	SPARC_INS_EDGE8L,
257 | 	SPARC_INS_EDGE8LN,
258 | 	SPARC_INS_EDGE8N,
259 | 	SPARC_INS_FABSD,
260 | 	SPARC_INS_FABSQ,
261 | 	SPARC_INS_FABSS,
262 | 	SPARC_INS_FADDD,
263 | 	SPARC_INS_FADDQ,
264 | 	SPARC_INS_FADDS,
265 | 	SPARC_INS_FALIGNDATA,
266 | 	SPARC_INS_FAND,
267 | 	SPARC_INS_FANDNOT1,
268 | 	SPARC_INS_FANDNOT1S,
269 | 	SPARC_INS_FANDNOT2,
270 | 	SPARC_INS_FANDNOT2S,
271 | 	SPARC_INS_FANDS,
272 | 	SPARC_INS_FCHKSM16,
273 | 	SPARC_INS_FCMPD,
274 | 	SPARC_INS_FCMPEQ16,
275 | 	SPARC_INS_FCMPEQ32,
276 | 	SPARC_INS_FCMPGT16,
277 | 	SPARC_INS_FCMPGT32,
278 | 	SPARC_INS_FCMPLE16,
279 | 	SPARC_INS_FCMPLE32,
280 | 	SPARC_INS_FCMPNE16,
281 | 	SPARC_INS_FCMPNE32,
282 | 	SPARC_INS_FCMPQ,
283 | 	SPARC_INS_FCMPS,
284 | 	SPARC_INS_FDIVD,
285 | 	SPARC_INS_FDIVQ,
286 | 	SPARC_INS_FDIVS,
287 | 	SPARC_INS_FDMULQ,
288 | 	SPARC_INS_FDTOI,
289 | 	SPARC_INS_FDTOQ,
290 | 	SPARC_INS_FDTOS,
291 | 	SPARC_INS_FDTOX,
292 | 	SPARC_INS_FEXPAND,
293 | 	SPARC_INS_FHADDD,
294 | 	SPARC_INS_FHADDS,
295 | 	SPARC_INS_FHSUBD,
296 | 	SPARC_INS_FHSUBS,
297 | 	SPARC_INS_FITOD,
298 | 	SPARC_INS_FITOQ,
299 | 	SPARC_INS_FITOS,
300 | 	SPARC_INS_FLCMPD,
301 | 	SPARC_INS_FLCMPS,
302 | 	SPARC_INS_FLUSHW,
303 | 	SPARC_INS_FMEAN16,
304 | 	SPARC_INS_FMOVD,
305 | 	SPARC_INS_FMOVQ,
306 | 	SPARC_INS_FMOVRDGEZ,
307 | 	SPARC_INS_FMOVRQGEZ,
308 | 	SPARC_INS_FMOVRSGEZ,
309 | 	SPARC_INS_FMOVRDGZ,
310 | 	SPARC_INS_FMOVRQGZ,
311 | 	SPARC_INS_FMOVRSGZ,
312 | 	SPARC_INS_FMOVRDLEZ,
313 | 	SPARC_INS_FMOVRQLEZ,
314 | 	SPARC_INS_FMOVRSLEZ,
315 | 	SPARC_INS_FMOVRDLZ,
316 | 	SPARC_INS_FMOVRQLZ,
317 | 	SPARC_INS_FMOVRSLZ,
318 | 	SPARC_INS_FMOVRDNZ,
319 | 	SPARC_INS_FMOVRQNZ,
320 | 	SPARC_INS_FMOVRSNZ,
321 | 	SPARC_INS_FMOVRDZ,
322 | 	SPARC_INS_FMOVRQZ,
323 | 	SPARC_INS_FMOVRSZ,
324 | 	SPARC_INS_FMOVS,
325 | 	SPARC_INS_FMUL8SUX16,
326 | 	SPARC_INS_FMUL8ULX16,
327 | 	SPARC_INS_FMUL8X16,
328 | 	SPARC_INS_FMUL8X16AL,
329 | 	SPARC_INS_FMUL8X16AU,
330 | 	SPARC_INS_FMULD,
331 | 	SPARC_INS_FMULD8SUX16,
332 | 	SPARC_INS_FMULD8ULX16,
333 | 	SPARC_INS_FMULQ,
334 | 	SPARC_INS_FMULS,
335 | 	SPARC_INS_FNADDD,
336 | 	SPARC_INS_FNADDS,
337 | 	SPARC_INS_FNAND,
338 | 	SPARC_INS_FNANDS,
339 | 	SPARC_INS_FNEGD,
340 | 	SPARC_INS_FNEGQ,
341 | 	SPARC_INS_FNEGS,
342 | 	SPARC_INS_FNHADDD,
343 | 	SPARC_INS_FNHADDS,
344 | 	SPARC_INS_FNOR,
345 | 	SPARC_INS_FNORS,
346 | 	SPARC_INS_FNOT1,
347 | 	SPARC_INS_FNOT1S,
348 | 	SPARC_INS_FNOT2,
349 | 	SPARC_INS_FNOT2S,
350 | 	SPARC_INS_FONE,
351 | 	SPARC_INS_FONES,
352 | 	SPARC_INS_FOR,
353 | 	SPARC_INS_FORNOT1,
354 | 	SPARC_INS_FORNOT1S,
355 | 	SPARC_INS_FORNOT2,
356 | 	SPARC_INS_FORNOT2S,
357 | 	SPARC_INS_FORS,
358 | 	SPARC_INS_FPACK16,
359 | 	SPARC_INS_FPACK32,
360 | 	SPARC_INS_FPACKFIX,
361 | 	SPARC_INS_FPADD16,
362 | 	SPARC_INS_FPADD16S,
363 | 	SPARC_INS_FPADD32,
364 | 	SPARC_INS_FPADD32S,
365 | 	SPARC_INS_FPADD64,
366 | 	SPARC_INS_FPMERGE,
367 | 	SPARC_INS_FPSUB16,
368 | 	SPARC_INS_FPSUB16S,
369 | 	SPARC_INS_FPSUB32,
370 | 	SPARC_INS_FPSUB32S,
371 | 	SPARC_INS_FQTOD,
372 | 	SPARC_INS_FQTOI,
373 | 	SPARC_INS_FQTOS,
374 | 	SPARC_INS_FQTOX,
375 | 	SPARC_INS_FSLAS16,
376 | 	SPARC_INS_FSLAS32,
377 | 	SPARC_INS_FSLL16,
378 | 	SPARC_INS_FSLL32,
379 | 	SPARC_INS_FSMULD,
380 | 	SPARC_INS_FSQRTD,
381 | 	SPARC_INS_FSQRTQ,
382 | 	SPARC_INS_FSQRTS,
383 | 	SPARC_INS_FSRA16,
384 | 	SPARC_INS_FSRA32,
385 | 	SPARC_INS_FSRC1,
386 | 	SPARC_INS_FSRC1S,
387 | 	SPARC_INS_FSRC2,
388 | 	SPARC_INS_FSRC2S,
389 | 	SPARC_INS_FSRL16,
390 | 	SPARC_INS_FSRL32,
391 | 	SPARC_INS_FSTOD,
392 | 	SPARC_INS_FSTOI,
393 | 	SPARC_INS_FSTOQ,
394 | 	SPARC_INS_FSTOX,
395 | 	SPARC_INS_FSUBD,
396 | 	SPARC_INS_FSUBQ,
397 | 	SPARC_INS_FSUBS,
398 | 	SPARC_INS_FXNOR,
399 | 	SPARC_INS_FXNORS,
400 | 	SPARC_INS_FXOR,
401 | 	SPARC_INS_FXORS,
402 | 	SPARC_INS_FXTOD,
403 | 	SPARC_INS_FXTOQ,
404 | 	SPARC_INS_FXTOS,
405 | 	SPARC_INS_FZERO,
406 | 	SPARC_INS_FZEROS,
407 | 	SPARC_INS_JMPL,
408 | 	SPARC_INS_LDD,
409 | 	SPARC_INS_LD,
410 | 	SPARC_INS_LDQ,
411 | 	SPARC_INS_LDSB,
412 | 	SPARC_INS_LDSH,
413 | 	SPARC_INS_LDSW,
414 | 	SPARC_INS_LDUB,
415 | 	SPARC_INS_LDUH,
416 | 	SPARC_INS_LDX,
417 | 	SPARC_INS_LZCNT,
418 | 	SPARC_INS_MEMBAR,
419 | 	SPARC_INS_MOVDTOX,
420 | 	SPARC_INS_MOV,
421 | 	SPARC_INS_MOVRGEZ,
422 | 	SPARC_INS_MOVRGZ,
423 | 	SPARC_INS_MOVRLEZ,
424 | 	SPARC_INS_MOVRLZ,
425 | 	SPARC_INS_MOVRNZ,
426 | 	SPARC_INS_MOVRZ,
427 | 	SPARC_INS_MOVSTOSW,
428 | 	SPARC_INS_MOVSTOUW,
429 | 	SPARC_INS_MULX,
430 | 	SPARC_INS_NOP,
431 | 	SPARC_INS_ORCC,
432 | 	SPARC_INS_ORNCC,
433 | 	SPARC_INS_ORN,
434 | 	SPARC_INS_OR,
435 | 	SPARC_INS_PDIST,
436 | 	SPARC_INS_PDISTN,
437 | 	SPARC_INS_POPC,
438 | 	SPARC_INS_RD,
439 | 	SPARC_INS_RESTORE,
440 | 	SPARC_INS_RETT,
441 | 	SPARC_INS_SAVE,
442 | 	SPARC_INS_SDIVCC,
443 | 	SPARC_INS_SDIVX,
444 | 	SPARC_INS_SDIV,
445 | 	SPARC_INS_SETHI,
446 | 	SPARC_INS_SHUTDOWN,
447 | 	SPARC_INS_SIAM,
448 | 	SPARC_INS_SLLX,
449 | 	SPARC_INS_SLL,
450 | 	SPARC_INS_SMULCC,
451 | 	SPARC_INS_SMUL,
452 | 	SPARC_INS_SRAX,
453 | 	SPARC_INS_SRA,
454 | 	SPARC_INS_SRLX,
455 | 	SPARC_INS_SRL,
456 | 	SPARC_INS_STBAR,
457 | 	SPARC_INS_STB,
458 | 	SPARC_INS_STD,
459 | 	SPARC_INS_ST,
460 | 	SPARC_INS_STH,
461 | 	SPARC_INS_STQ,
462 | 	SPARC_INS_STX,
463 | 	SPARC_INS_SUBCC,
464 | 	SPARC_INS_SUBX,
465 | 	SPARC_INS_SUBXCC,
466 | 	SPARC_INS_SUB,
467 | 	SPARC_INS_SWAP,
468 | 	SPARC_INS_TADDCCTV,
469 | 	SPARC_INS_TADDCC,
470 | 	SPARC_INS_T,
471 | 	SPARC_INS_TSUBCCTV,
472 | 	SPARC_INS_TSUBCC,
473 | 	SPARC_INS_UDIVCC,
474 | 	SPARC_INS_UDIVX,
475 | 	SPARC_INS_UDIV,
476 | 	SPARC_INS_UMULCC,
477 | 	SPARC_INS_UMULXHI,
478 | 	SPARC_INS_UMUL,
479 | 	SPARC_INS_UNIMP,
480 | 	SPARC_INS_FCMPED,
481 | 	SPARC_INS_FCMPEQ,
482 | 	SPARC_INS_FCMPES,
483 | 	SPARC_INS_WR,
484 | 	SPARC_INS_XMULX,
485 | 	SPARC_INS_XMULXHI,
486 | 	SPARC_INS_XNORCC,
487 | 	SPARC_INS_XNOR,
488 | 	SPARC_INS_XORCC,
489 | 	SPARC_INS_XOR,
490 | 
491 | 	// alias instructions
492 | 	SPARC_INS_RET,
493 | 	SPARC_INS_RETL,
494 | 
495 | 	SPARC_INS_ENDING,   // <-- mark the end of the list of instructions
496 | } sparc_insn;
497 | 
498 | //> Group of SPARC instructions
499 | typedef enum sparc_insn_group {
500 | 	SPARC_GRP_INVALID = 0, // = CS_GRP_INVALID
501 | 
502 | 	//> Generic groups
503 | 	// all jump instructions (conditional+direct+indirect jumps)
504 | 	SPARC_GRP_JUMP,	// = CS_GRP_JUMP
505 | 
506 | 	//> Architecture-specific groups
507 | 	SPARC_GRP_HARDQUAD = 128,
508 | 	SPARC_GRP_V9,
509 | 	SPARC_GRP_VIS,
510 | 	SPARC_GRP_VIS2,
511 | 	SPARC_GRP_VIS3, 
512 | 	SPARC_GRP_32BIT,
513 | 	SPARC_GRP_64BIT,
514 | 
515 | 	SPARC_GRP_ENDING,   // <-- mark the end of the list of groups
516 | } sparc_insn_group;
517 | 
518 | #ifdef __cplusplus
519 | }
520 | #endif
521 | 
522 | #endif
523 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/include/systemz.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_SYSTEMZ_H
  2 | #define CAPSTONE_SYSTEMZ_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | #ifdef _MSC_VER
 18 | #pragma warning(disable:4201)
 19 | #endif
 20 | 
 21 | //> Enums corresponding to SystemZ condition codes
 22 | typedef enum sysz_cc {
 23 | 	SYSZ_CC_INVALID = 0,	// invalid CC (default)
 24 | 
 25 | 	SYSZ_CC_O,
 26 | 	SYSZ_CC_H,
 27 | 	SYSZ_CC_NLE,
 28 | 	SYSZ_CC_L,
 29 | 	SYSZ_CC_NHE,
 30 | 	SYSZ_CC_LH,
 31 | 	SYSZ_CC_NE,
 32 | 	SYSZ_CC_E,
 33 | 	SYSZ_CC_NLH,
 34 | 	SYSZ_CC_HE,
 35 | 	SYSZ_CC_NL,
 36 | 	SYSZ_CC_LE,
 37 | 	SYSZ_CC_NH,
 38 | 	SYSZ_CC_NO,
 39 | } sysz_cc;
 40 | 
 41 | //> Operand type for instruction's operands
 42 | typedef enum sysz_op_type {
 43 | 	SYSZ_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 44 | 	SYSZ_OP_REG, // = CS_OP_REG (Register operand).
 45 | 	SYSZ_OP_IMM, // = CS_OP_IMM (Immediate operand).
 46 | 	SYSZ_OP_MEM, // = CS_OP_MEM (Memory operand).
 47 | 	SYSZ_OP_ACREG = 64,	// Access register operand.
 48 | } sysz_op_type;
 49 | 
 50 | // Instruction's operand referring to memory
 51 | // This is associated with SYSZ_OP_MEM operand type above
 52 | typedef struct sysz_op_mem {
 53 | 	uint8_t base;	// base register
 54 | 	uint8_t index;	// index register
 55 | 	uint64_t length;	// BDLAddr operand
 56 | 	int64_t disp;	// displacement/offset value
 57 | } sysz_op_mem;
 58 | 
 59 | // Instruction operand
 60 | typedef struct cs_sysz_op {
 61 | 	sysz_op_type type;	// operand type
 62 | 	union {
 63 | 		unsigned int reg;	// register value for REG operand
 64 | 		int64_t imm;		// immediate value for IMM operand
 65 | 		sysz_op_mem mem;		// base/disp value for MEM operand
 66 | 	};
 67 | } cs_sysz_op;
 68 | 
 69 | // Instruction structure
 70 | typedef struct cs_sysz {
 71 | 	sysz_cc cc;		// Code condition
 72 | 	// Number of operands of this instruction, 
 73 | 	// or 0 when instruction has no operand.
 74 | 	uint8_t op_count;
 75 | 	cs_sysz_op operands[6]; // operands for this instruction.
 76 | } cs_sysz;
 77 | 
 78 | //> SystemZ registers
 79 | typedef enum sysz_reg {
 80 | 	SYSZ_REG_INVALID = 0,
 81 | 
 82 | 	SYSZ_REG_0, 
 83 | 	SYSZ_REG_1, 
 84 | 	SYSZ_REG_2, 
 85 | 	SYSZ_REG_3, 
 86 | 	SYSZ_REG_4, 
 87 | 	SYSZ_REG_5, 
 88 | 	SYSZ_REG_6, 
 89 | 	SYSZ_REG_7, 
 90 | 	SYSZ_REG_8, 
 91 | 	SYSZ_REG_9, 
 92 | 	SYSZ_REG_10,
 93 | 	SYSZ_REG_11,
 94 | 	SYSZ_REG_12,
 95 | 	SYSZ_REG_13,
 96 | 	SYSZ_REG_14,
 97 | 	SYSZ_REG_15,
 98 | 	SYSZ_REG_CC,
 99 | 	SYSZ_REG_F0,
100 | 	SYSZ_REG_F1,
101 | 	SYSZ_REG_F2,
102 | 	SYSZ_REG_F3,
103 | 	SYSZ_REG_F4,
104 | 	SYSZ_REG_F5,
105 | 	SYSZ_REG_F6,
106 | 	SYSZ_REG_F7,
107 | 	SYSZ_REG_F8,
108 | 	SYSZ_REG_F9,
109 | 	SYSZ_REG_F10,
110 | 	SYSZ_REG_F11,
111 | 	SYSZ_REG_F12,
112 | 	SYSZ_REG_F13,
113 | 	SYSZ_REG_F14,
114 | 	SYSZ_REG_F15,
115 | 
116 | 	SYSZ_REG_R0L,
117 | 
118 | 	SYSZ_REG_ENDING,
119 | } sysz_reg;
120 | 
121 | //> SystemZ instruction
122 | typedef enum sysz_insn {
123 | 	SYSZ_INS_INVALID = 0,
124 | 
125 | 	SYSZ_INS_A,
126 | 	SYSZ_INS_ADB,
127 | 	SYSZ_INS_ADBR,
128 | 	SYSZ_INS_AEB,
129 | 	SYSZ_INS_AEBR,
130 | 	SYSZ_INS_AFI,
131 | 	SYSZ_INS_AG,
132 | 	SYSZ_INS_AGF,
133 | 	SYSZ_INS_AGFI,
134 | 	SYSZ_INS_AGFR,
135 | 	SYSZ_INS_AGHI,
136 | 	SYSZ_INS_AGHIK,
137 | 	SYSZ_INS_AGR,
138 | 	SYSZ_INS_AGRK,
139 | 	SYSZ_INS_AGSI,
140 | 	SYSZ_INS_AH,
141 | 	SYSZ_INS_AHI,
142 | 	SYSZ_INS_AHIK,
143 | 	SYSZ_INS_AHY,
144 | 	SYSZ_INS_AIH,
145 | 	SYSZ_INS_AL,
146 | 	SYSZ_INS_ALC,
147 | 	SYSZ_INS_ALCG,
148 | 	SYSZ_INS_ALCGR,
149 | 	SYSZ_INS_ALCR,
150 | 	SYSZ_INS_ALFI,
151 | 	SYSZ_INS_ALG,
152 | 	SYSZ_INS_ALGF,
153 | 	SYSZ_INS_ALGFI,
154 | 	SYSZ_INS_ALGFR,
155 | 	SYSZ_INS_ALGHSIK,
156 | 	SYSZ_INS_ALGR,
157 | 	SYSZ_INS_ALGRK,
158 | 	SYSZ_INS_ALHSIK,
159 | 	SYSZ_INS_ALR,
160 | 	SYSZ_INS_ALRK,
161 | 	SYSZ_INS_ALY,
162 | 	SYSZ_INS_AR,
163 | 	SYSZ_INS_ARK,
164 | 	SYSZ_INS_ASI,
165 | 	SYSZ_INS_AXBR,
166 | 	SYSZ_INS_AY,
167 | 	SYSZ_INS_BCR,
168 | 	SYSZ_INS_BRC,
169 | 	SYSZ_INS_BRCL,
170 | 	SYSZ_INS_CGIJ,
171 | 	SYSZ_INS_CGRJ,
172 | 	SYSZ_INS_CIJ,
173 | 	SYSZ_INS_CLGIJ,
174 | 	SYSZ_INS_CLGRJ,
175 | 	SYSZ_INS_CLIJ,
176 | 	SYSZ_INS_CLRJ,
177 | 	SYSZ_INS_CRJ,
178 | 	SYSZ_INS_BER,
179 | 	SYSZ_INS_JE,
180 | 	SYSZ_INS_JGE,
181 | 	SYSZ_INS_LOCE,
182 | 	SYSZ_INS_LOCGE,
183 | 	SYSZ_INS_LOCGRE,
184 | 	SYSZ_INS_LOCRE,
185 | 	SYSZ_INS_STOCE,
186 | 	SYSZ_INS_STOCGE,
187 | 	SYSZ_INS_BHR,
188 | 	SYSZ_INS_BHER,
189 | 	SYSZ_INS_JHE,
190 | 	SYSZ_INS_JGHE,
191 | 	SYSZ_INS_LOCHE,
192 | 	SYSZ_INS_LOCGHE,
193 | 	SYSZ_INS_LOCGRHE,
194 | 	SYSZ_INS_LOCRHE,
195 | 	SYSZ_INS_STOCHE,
196 | 	SYSZ_INS_STOCGHE,
197 | 	SYSZ_INS_JH,
198 | 	SYSZ_INS_JGH,
199 | 	SYSZ_INS_LOCH,
200 | 	SYSZ_INS_LOCGH,
201 | 	SYSZ_INS_LOCGRH,
202 | 	SYSZ_INS_LOCRH,
203 | 	SYSZ_INS_STOCH,
204 | 	SYSZ_INS_STOCGH,
205 | 	SYSZ_INS_CGIJNLH,
206 | 	SYSZ_INS_CGRJNLH,
207 | 	SYSZ_INS_CIJNLH,
208 | 	SYSZ_INS_CLGIJNLH,
209 | 	SYSZ_INS_CLGRJNLH,
210 | 	SYSZ_INS_CLIJNLH,
211 | 	SYSZ_INS_CLRJNLH,
212 | 	SYSZ_INS_CRJNLH,
213 | 	SYSZ_INS_CGIJE,
214 | 	SYSZ_INS_CGRJE,
215 | 	SYSZ_INS_CIJE,
216 | 	SYSZ_INS_CLGIJE,
217 | 	SYSZ_INS_CLGRJE,
218 | 	SYSZ_INS_CLIJE,
219 | 	SYSZ_INS_CLRJE,
220 | 	SYSZ_INS_CRJE,
221 | 	SYSZ_INS_CGIJNLE,
222 | 	SYSZ_INS_CGRJNLE,
223 | 	SYSZ_INS_CIJNLE,
224 | 	SYSZ_INS_CLGIJNLE,
225 | 	SYSZ_INS_CLGRJNLE,
226 | 	SYSZ_INS_CLIJNLE,
227 | 	SYSZ_INS_CLRJNLE,
228 | 	SYSZ_INS_CRJNLE,
229 | 	SYSZ_INS_CGIJH,
230 | 	SYSZ_INS_CGRJH,
231 | 	SYSZ_INS_CIJH,
232 | 	SYSZ_INS_CLGIJH,
233 | 	SYSZ_INS_CLGRJH,
234 | 	SYSZ_INS_CLIJH,
235 | 	SYSZ_INS_CLRJH,
236 | 	SYSZ_INS_CRJH,
237 | 	SYSZ_INS_CGIJNL,
238 | 	SYSZ_INS_CGRJNL,
239 | 	SYSZ_INS_CIJNL,
240 | 	SYSZ_INS_CLGIJNL,
241 | 	SYSZ_INS_CLGRJNL,
242 | 	SYSZ_INS_CLIJNL,
243 | 	SYSZ_INS_CLRJNL,
244 | 	SYSZ_INS_CRJNL,
245 | 	SYSZ_INS_CGIJHE,
246 | 	SYSZ_INS_CGRJHE,
247 | 	SYSZ_INS_CIJHE,
248 | 	SYSZ_INS_CLGIJHE,
249 | 	SYSZ_INS_CLGRJHE,
250 | 	SYSZ_INS_CLIJHE,
251 | 	SYSZ_INS_CLRJHE,
252 | 	SYSZ_INS_CRJHE,
253 | 	SYSZ_INS_CGIJNHE,
254 | 	SYSZ_INS_CGRJNHE,
255 | 	SYSZ_INS_CIJNHE,
256 | 	SYSZ_INS_CLGIJNHE,
257 | 	SYSZ_INS_CLGRJNHE,
258 | 	SYSZ_INS_CLIJNHE,
259 | 	SYSZ_INS_CLRJNHE,
260 | 	SYSZ_INS_CRJNHE,
261 | 	SYSZ_INS_CGIJL,
262 | 	SYSZ_INS_CGRJL,
263 | 	SYSZ_INS_CIJL,
264 | 	SYSZ_INS_CLGIJL,
265 | 	SYSZ_INS_CLGRJL,
266 | 	SYSZ_INS_CLIJL,
267 | 	SYSZ_INS_CLRJL,
268 | 	SYSZ_INS_CRJL,
269 | 	SYSZ_INS_CGIJNH,
270 | 	SYSZ_INS_CGRJNH,
271 | 	SYSZ_INS_CIJNH,
272 | 	SYSZ_INS_CLGIJNH,
273 | 	SYSZ_INS_CLGRJNH,
274 | 	SYSZ_INS_CLIJNH,
275 | 	SYSZ_INS_CLRJNH,
276 | 	SYSZ_INS_CRJNH,
277 | 	SYSZ_INS_CGIJLE,
278 | 	SYSZ_INS_CGRJLE,
279 | 	SYSZ_INS_CIJLE,
280 | 	SYSZ_INS_CLGIJLE,
281 | 	SYSZ_INS_CLGRJLE,
282 | 	SYSZ_INS_CLIJLE,
283 | 	SYSZ_INS_CLRJLE,
284 | 	SYSZ_INS_CRJLE,
285 | 	SYSZ_INS_CGIJNE,
286 | 	SYSZ_INS_CGRJNE,
287 | 	SYSZ_INS_CIJNE,
288 | 	SYSZ_INS_CLGIJNE,
289 | 	SYSZ_INS_CLGRJNE,
290 | 	SYSZ_INS_CLIJNE,
291 | 	SYSZ_INS_CLRJNE,
292 | 	SYSZ_INS_CRJNE,
293 | 	SYSZ_INS_CGIJLH,
294 | 	SYSZ_INS_CGRJLH,
295 | 	SYSZ_INS_CIJLH,
296 | 	SYSZ_INS_CLGIJLH,
297 | 	SYSZ_INS_CLGRJLH,
298 | 	SYSZ_INS_CLIJLH,
299 | 	SYSZ_INS_CLRJLH,
300 | 	SYSZ_INS_CRJLH,
301 | 	SYSZ_INS_BLR,
302 | 	SYSZ_INS_BLER,
303 | 	SYSZ_INS_JLE,
304 | 	SYSZ_INS_JGLE,
305 | 	SYSZ_INS_LOCLE,
306 | 	SYSZ_INS_LOCGLE,
307 | 	SYSZ_INS_LOCGRLE,
308 | 	SYSZ_INS_LOCRLE,
309 | 	SYSZ_INS_STOCLE,
310 | 	SYSZ_INS_STOCGLE,
311 | 	SYSZ_INS_BLHR,
312 | 	SYSZ_INS_JLH,
313 | 	SYSZ_INS_JGLH,
314 | 	SYSZ_INS_LOCLH,
315 | 	SYSZ_INS_LOCGLH,
316 | 	SYSZ_INS_LOCGRLH,
317 | 	SYSZ_INS_LOCRLH,
318 | 	SYSZ_INS_STOCLH,
319 | 	SYSZ_INS_STOCGLH,
320 | 	SYSZ_INS_JL,
321 | 	SYSZ_INS_JGL,
322 | 	SYSZ_INS_LOCL,
323 | 	SYSZ_INS_LOCGL,
324 | 	SYSZ_INS_LOCGRL,
325 | 	SYSZ_INS_LOCRL,
326 | 	SYSZ_INS_LOC,
327 | 	SYSZ_INS_LOCG,
328 | 	SYSZ_INS_LOCGR,
329 | 	SYSZ_INS_LOCR,
330 | 	SYSZ_INS_STOCL,
331 | 	SYSZ_INS_STOCGL,
332 | 	SYSZ_INS_BNER,
333 | 	SYSZ_INS_JNE,
334 | 	SYSZ_INS_JGNE,
335 | 	SYSZ_INS_LOCNE,
336 | 	SYSZ_INS_LOCGNE,
337 | 	SYSZ_INS_LOCGRNE,
338 | 	SYSZ_INS_LOCRNE,
339 | 	SYSZ_INS_STOCNE,
340 | 	SYSZ_INS_STOCGNE,
341 | 	SYSZ_INS_BNHR,
342 | 	SYSZ_INS_BNHER,
343 | 	SYSZ_INS_JNHE,
344 | 	SYSZ_INS_JGNHE,
345 | 	SYSZ_INS_LOCNHE,
346 | 	SYSZ_INS_LOCGNHE,
347 | 	SYSZ_INS_LOCGRNHE,
348 | 	SYSZ_INS_LOCRNHE,
349 | 	SYSZ_INS_STOCNHE,
350 | 	SYSZ_INS_STOCGNHE,
351 | 	SYSZ_INS_JNH,
352 | 	SYSZ_INS_JGNH,
353 | 	SYSZ_INS_LOCNH,
354 | 	SYSZ_INS_LOCGNH,
355 | 	SYSZ_INS_LOCGRNH,
356 | 	SYSZ_INS_LOCRNH,
357 | 	SYSZ_INS_STOCNH,
358 | 	SYSZ_INS_STOCGNH,
359 | 	SYSZ_INS_BNLR,
360 | 	SYSZ_INS_BNLER,
361 | 	SYSZ_INS_JNLE,
362 | 	SYSZ_INS_JGNLE,
363 | 	SYSZ_INS_LOCNLE,
364 | 	SYSZ_INS_LOCGNLE,
365 | 	SYSZ_INS_LOCGRNLE,
366 | 	SYSZ_INS_LOCRNLE,
367 | 	SYSZ_INS_STOCNLE,
368 | 	SYSZ_INS_STOCGNLE,
369 | 	SYSZ_INS_BNLHR,
370 | 	SYSZ_INS_JNLH,
371 | 	SYSZ_INS_JGNLH,
372 | 	SYSZ_INS_LOCNLH,
373 | 	SYSZ_INS_LOCGNLH,
374 | 	SYSZ_INS_LOCGRNLH,
375 | 	SYSZ_INS_LOCRNLH,
376 | 	SYSZ_INS_STOCNLH,
377 | 	SYSZ_INS_STOCGNLH,
378 | 	SYSZ_INS_JNL,
379 | 	SYSZ_INS_JGNL,
380 | 	SYSZ_INS_LOCNL,
381 | 	SYSZ_INS_LOCGNL,
382 | 	SYSZ_INS_LOCGRNL,
383 | 	SYSZ_INS_LOCRNL,
384 | 	SYSZ_INS_STOCNL,
385 | 	SYSZ_INS_STOCGNL,
386 | 	SYSZ_INS_BNOR,
387 | 	SYSZ_INS_JNO,
388 | 	SYSZ_INS_JGNO,
389 | 	SYSZ_INS_LOCNO,
390 | 	SYSZ_INS_LOCGNO,
391 | 	SYSZ_INS_LOCGRNO,
392 | 	SYSZ_INS_LOCRNO,
393 | 	SYSZ_INS_STOCNO,
394 | 	SYSZ_INS_STOCGNO,
395 | 	SYSZ_INS_BOR,
396 | 	SYSZ_INS_JO,
397 | 	SYSZ_INS_JGO,
398 | 	SYSZ_INS_LOCO,
399 | 	SYSZ_INS_LOCGO,
400 | 	SYSZ_INS_LOCGRO,
401 | 	SYSZ_INS_LOCRO,
402 | 	SYSZ_INS_STOCO,
403 | 	SYSZ_INS_STOCGO,
404 | 	SYSZ_INS_STOC,
405 | 	SYSZ_INS_STOCG,
406 | 	SYSZ_INS_BASR,
407 | 	SYSZ_INS_BR,
408 | 	SYSZ_INS_BRAS,
409 | 	SYSZ_INS_BRASL,
410 | 	SYSZ_INS_J,
411 | 	SYSZ_INS_JG,
412 | 	SYSZ_INS_BRCT,
413 | 	SYSZ_INS_BRCTG,
414 | 	SYSZ_INS_C,
415 | 	SYSZ_INS_CDB,
416 | 	SYSZ_INS_CDBR,
417 | 	SYSZ_INS_CDFBR,
418 | 	SYSZ_INS_CDGBR,
419 | 	SYSZ_INS_CDLFBR,
420 | 	SYSZ_INS_CDLGBR,
421 | 	SYSZ_INS_CEB,
422 | 	SYSZ_INS_CEBR,
423 | 	SYSZ_INS_CEFBR,
424 | 	SYSZ_INS_CEGBR,
425 | 	SYSZ_INS_CELFBR,
426 | 	SYSZ_INS_CELGBR,
427 | 	SYSZ_INS_CFDBR,
428 | 	SYSZ_INS_CFEBR,
429 | 	SYSZ_INS_CFI,
430 | 	SYSZ_INS_CFXBR,
431 | 	SYSZ_INS_CG,
432 | 	SYSZ_INS_CGDBR,
433 | 	SYSZ_INS_CGEBR,
434 | 	SYSZ_INS_CGF,
435 | 	SYSZ_INS_CGFI,
436 | 	SYSZ_INS_CGFR,
437 | 	SYSZ_INS_CGFRL,
438 | 	SYSZ_INS_CGH,
439 | 	SYSZ_INS_CGHI,
440 | 	SYSZ_INS_CGHRL,
441 | 	SYSZ_INS_CGHSI,
442 | 	SYSZ_INS_CGR,
443 | 	SYSZ_INS_CGRL,
444 | 	SYSZ_INS_CGXBR,
445 | 	SYSZ_INS_CH,
446 | 	SYSZ_INS_CHF,
447 | 	SYSZ_INS_CHHSI,
448 | 	SYSZ_INS_CHI,
449 | 	SYSZ_INS_CHRL,
450 | 	SYSZ_INS_CHSI,
451 | 	SYSZ_INS_CHY,
452 | 	SYSZ_INS_CIH,
453 | 	SYSZ_INS_CL,
454 | 	SYSZ_INS_CLC,
455 | 	SYSZ_INS_CLFDBR,
456 | 	SYSZ_INS_CLFEBR,
457 | 	SYSZ_INS_CLFHSI,
458 | 	SYSZ_INS_CLFI,
459 | 	SYSZ_INS_CLFXBR,
460 | 	SYSZ_INS_CLG,
461 | 	SYSZ_INS_CLGDBR,
462 | 	SYSZ_INS_CLGEBR,
463 | 	SYSZ_INS_CLGF,
464 | 	SYSZ_INS_CLGFI,
465 | 	SYSZ_INS_CLGFR,
466 | 	SYSZ_INS_CLGFRL,
467 | 	SYSZ_INS_CLGHRL,
468 | 	SYSZ_INS_CLGHSI,
469 | 	SYSZ_INS_CLGR,
470 | 	SYSZ_INS_CLGRL,
471 | 	SYSZ_INS_CLGXBR,
472 | 	SYSZ_INS_CLHF,
473 | 	SYSZ_INS_CLHHSI,
474 | 	SYSZ_INS_CLHRL,
475 | 	SYSZ_INS_CLI,
476 | 	SYSZ_INS_CLIH,
477 | 	SYSZ_INS_CLIY,
478 | 	SYSZ_INS_CLR,
479 | 	SYSZ_INS_CLRL,
480 | 	SYSZ_INS_CLST,
481 | 	SYSZ_INS_CLY,
482 | 	SYSZ_INS_CPSDR,
483 | 	SYSZ_INS_CR,
484 | 	SYSZ_INS_CRL,
485 | 	SYSZ_INS_CS,
486 | 	SYSZ_INS_CSG,
487 | 	SYSZ_INS_CSY,
488 | 	SYSZ_INS_CXBR,
489 | 	SYSZ_INS_CXFBR,
490 | 	SYSZ_INS_CXGBR,
491 | 	SYSZ_INS_CXLFBR,
492 | 	SYSZ_INS_CXLGBR,
493 | 	SYSZ_INS_CY,
494 | 	SYSZ_INS_DDB,
495 | 	SYSZ_INS_DDBR,
496 | 	SYSZ_INS_DEB,
497 | 	SYSZ_INS_DEBR,
498 | 	SYSZ_INS_DL,
499 | 	SYSZ_INS_DLG,
500 | 	SYSZ_INS_DLGR,
501 | 	SYSZ_INS_DLR,
502 | 	SYSZ_INS_DSG,
503 | 	SYSZ_INS_DSGF,
504 | 	SYSZ_INS_DSGFR,
505 | 	SYSZ_INS_DSGR,
506 | 	SYSZ_INS_DXBR,
507 | 	SYSZ_INS_EAR,
508 | 	SYSZ_INS_FIDBR,
509 | 	SYSZ_INS_FIDBRA,
510 | 	SYSZ_INS_FIEBR,
511 | 	SYSZ_INS_FIEBRA,
512 | 	SYSZ_INS_FIXBR,
513 | 	SYSZ_INS_FIXBRA,
514 | 	SYSZ_INS_FLOGR,
515 | 	SYSZ_INS_IC,
516 | 	SYSZ_INS_ICY,
517 | 	SYSZ_INS_IIHF,
518 | 	SYSZ_INS_IIHH,
519 | 	SYSZ_INS_IIHL,
520 | 	SYSZ_INS_IILF,
521 | 	SYSZ_INS_IILH,
522 | 	SYSZ_INS_IILL,
523 | 	SYSZ_INS_IPM,
524 | 	SYSZ_INS_L,
525 | 	SYSZ_INS_LA,
526 | 	SYSZ_INS_LAA,
527 | 	SYSZ_INS_LAAG,
528 | 	SYSZ_INS_LAAL,
529 | 	SYSZ_INS_LAALG,
530 | 	SYSZ_INS_LAN,
531 | 	SYSZ_INS_LANG,
532 | 	SYSZ_INS_LAO,
533 | 	SYSZ_INS_LAOG,
534 | 	SYSZ_INS_LARL,
535 | 	SYSZ_INS_LAX,
536 | 	SYSZ_INS_LAXG,
537 | 	SYSZ_INS_LAY,
538 | 	SYSZ_INS_LB,
539 | 	SYSZ_INS_LBH,
540 | 	SYSZ_INS_LBR,
541 | 	SYSZ_INS_LCDBR,
542 | 	SYSZ_INS_LCEBR,
543 | 	SYSZ_INS_LCGFR,
544 | 	SYSZ_INS_LCGR,
545 | 	SYSZ_INS_LCR,
546 | 	SYSZ_INS_LCXBR,
547 | 	SYSZ_INS_LD,
548 | 	SYSZ_INS_LDEB,
549 | 	SYSZ_INS_LDEBR,
550 | 	SYSZ_INS_LDGR,
551 | 	SYSZ_INS_LDR,
552 | 	SYSZ_INS_LDXBR,
553 | 	SYSZ_INS_LDXBRA,
554 | 	SYSZ_INS_LDY,
555 | 	SYSZ_INS_LE,
556 | 	SYSZ_INS_LEDBR,
557 | 	SYSZ_INS_LEDBRA,
558 | 	SYSZ_INS_LER,
559 | 	SYSZ_INS_LEXBR,
560 | 	SYSZ_INS_LEXBRA,
561 | 	SYSZ_INS_LEY,
562 | 	SYSZ_INS_LFH,
563 | 	SYSZ_INS_LG,
564 | 	SYSZ_INS_LGB,
565 | 	SYSZ_INS_LGBR,
566 | 	SYSZ_INS_LGDR,
567 | 	SYSZ_INS_LGF,
568 | 	SYSZ_INS_LGFI,
569 | 	SYSZ_INS_LGFR,
570 | 	SYSZ_INS_LGFRL,
571 | 	SYSZ_INS_LGH,
572 | 	SYSZ_INS_LGHI,
573 | 	SYSZ_INS_LGHR,
574 | 	SYSZ_INS_LGHRL,
575 | 	SYSZ_INS_LGR,
576 | 	SYSZ_INS_LGRL,
577 | 	SYSZ_INS_LH,
578 | 	SYSZ_INS_LHH,
579 | 	SYSZ_INS_LHI,
580 | 	SYSZ_INS_LHR,
581 | 	SYSZ_INS_LHRL,
582 | 	SYSZ_INS_LHY,
583 | 	SYSZ_INS_LLC,
584 | 	SYSZ_INS_LLCH,
585 | 	SYSZ_INS_LLCR,
586 | 	SYSZ_INS_LLGC,
587 | 	SYSZ_INS_LLGCR,
588 | 	SYSZ_INS_LLGF,
589 | 	SYSZ_INS_LLGFR,
590 | 	SYSZ_INS_LLGFRL,
591 | 	SYSZ_INS_LLGH,
592 | 	SYSZ_INS_LLGHR,
593 | 	SYSZ_INS_LLGHRL,
594 | 	SYSZ_INS_LLH,
595 | 	SYSZ_INS_LLHH,
596 | 	SYSZ_INS_LLHR,
597 | 	SYSZ_INS_LLHRL,
598 | 	SYSZ_INS_LLIHF,
599 | 	SYSZ_INS_LLIHH,
600 | 	SYSZ_INS_LLIHL,
601 | 	SYSZ_INS_LLILF,
602 | 	SYSZ_INS_LLILH,
603 | 	SYSZ_INS_LLILL,
604 | 	SYSZ_INS_LMG,
605 | 	SYSZ_INS_LNDBR,
606 | 	SYSZ_INS_LNEBR,
607 | 	SYSZ_INS_LNGFR,
608 | 	SYSZ_INS_LNGR,
609 | 	SYSZ_INS_LNR,
610 | 	SYSZ_INS_LNXBR,
611 | 	SYSZ_INS_LPDBR,
612 | 	SYSZ_INS_LPEBR,
613 | 	SYSZ_INS_LPGFR,
614 | 	SYSZ_INS_LPGR,
615 | 	SYSZ_INS_LPR,
616 | 	SYSZ_INS_LPXBR,
617 | 	SYSZ_INS_LR,
618 | 	SYSZ_INS_LRL,
619 | 	SYSZ_INS_LRV,
620 | 	SYSZ_INS_LRVG,
621 | 	SYSZ_INS_LRVGR,
622 | 	SYSZ_INS_LRVR,
623 | 	SYSZ_INS_LT,
624 | 	SYSZ_INS_LTDBR,
625 | 	SYSZ_INS_LTEBR,
626 | 	SYSZ_INS_LTG,
627 | 	SYSZ_INS_LTGF,
628 | 	SYSZ_INS_LTGFR,
629 | 	SYSZ_INS_LTGR,
630 | 	SYSZ_INS_LTR,
631 | 	SYSZ_INS_LTXBR,
632 | 	SYSZ_INS_LXDB,
633 | 	SYSZ_INS_LXDBR,
634 | 	SYSZ_INS_LXEB,
635 | 	SYSZ_INS_LXEBR,
636 | 	SYSZ_INS_LXR,
637 | 	SYSZ_INS_LY,
638 | 	SYSZ_INS_LZDR,
639 | 	SYSZ_INS_LZER,
640 | 	SYSZ_INS_LZXR,
641 | 	SYSZ_INS_MADB,
642 | 	SYSZ_INS_MADBR,
643 | 	SYSZ_INS_MAEB,
644 | 	SYSZ_INS_MAEBR,
645 | 	SYSZ_INS_MDB,
646 | 	SYSZ_INS_MDBR,
647 | 	SYSZ_INS_MDEB,
648 | 	SYSZ_INS_MDEBR,
649 | 	SYSZ_INS_MEEB,
650 | 	SYSZ_INS_MEEBR,
651 | 	SYSZ_INS_MGHI,
652 | 	SYSZ_INS_MH,
653 | 	SYSZ_INS_MHI,
654 | 	SYSZ_INS_MHY,
655 | 	SYSZ_INS_MLG,
656 | 	SYSZ_INS_MLGR,
657 | 	SYSZ_INS_MS,
658 | 	SYSZ_INS_MSDB,
659 | 	SYSZ_INS_MSDBR,
660 | 	SYSZ_INS_MSEB,
661 | 	SYSZ_INS_MSEBR,
662 | 	SYSZ_INS_MSFI,
663 | 	SYSZ_INS_MSG,
664 | 	SYSZ_INS_MSGF,
665 | 	SYSZ_INS_MSGFI,
666 | 	SYSZ_INS_MSGFR,
667 | 	SYSZ_INS_MSGR,
668 | 	SYSZ_INS_MSR,
669 | 	SYSZ_INS_MSY,
670 | 	SYSZ_INS_MVC,
671 | 	SYSZ_INS_MVGHI,
672 | 	SYSZ_INS_MVHHI,
673 | 	SYSZ_INS_MVHI,
674 | 	SYSZ_INS_MVI,
675 | 	SYSZ_INS_MVIY,
676 | 	SYSZ_INS_MVST,
677 | 	SYSZ_INS_MXBR,
678 | 	SYSZ_INS_MXDB,
679 | 	SYSZ_INS_MXDBR,
680 | 	SYSZ_INS_N,
681 | 	SYSZ_INS_NC,
682 | 	SYSZ_INS_NG,
683 | 	SYSZ_INS_NGR,
684 | 	SYSZ_INS_NGRK,
685 | 	SYSZ_INS_NI,
686 | 	SYSZ_INS_NIHF,
687 | 	SYSZ_INS_NIHH,
688 | 	SYSZ_INS_NIHL,
689 | 	SYSZ_INS_NILF,
690 | 	SYSZ_INS_NILH,
691 | 	SYSZ_INS_NILL,
692 | 	SYSZ_INS_NIY,
693 | 	SYSZ_INS_NR,
694 | 	SYSZ_INS_NRK,
695 | 	SYSZ_INS_NY,
696 | 	SYSZ_INS_O,
697 | 	SYSZ_INS_OC,
698 | 	SYSZ_INS_OG,
699 | 	SYSZ_INS_OGR,
700 | 	SYSZ_INS_OGRK,
701 | 	SYSZ_INS_OI,
702 | 	SYSZ_INS_OIHF,
703 | 	SYSZ_INS_OIHH,
704 | 	SYSZ_INS_OIHL,
705 | 	SYSZ_INS_OILF,
706 | 	SYSZ_INS_OILH,
707 | 	SYSZ_INS_OILL,
708 | 	SYSZ_INS_OIY,
709 | 	SYSZ_INS_OR,
710 | 	SYSZ_INS_ORK,
711 | 	SYSZ_INS_OY,
712 | 	SYSZ_INS_PFD,
713 | 	SYSZ_INS_PFDRL,
714 | 	SYSZ_INS_RISBG,
715 | 	SYSZ_INS_RISBHG,
716 | 	SYSZ_INS_RISBLG,
717 | 	SYSZ_INS_RLL,
718 | 	SYSZ_INS_RLLG,
719 | 	SYSZ_INS_RNSBG,
720 | 	SYSZ_INS_ROSBG,
721 | 	SYSZ_INS_RXSBG,
722 | 	SYSZ_INS_S,
723 | 	SYSZ_INS_SDB,
724 | 	SYSZ_INS_SDBR,
725 | 	SYSZ_INS_SEB,
726 | 	SYSZ_INS_SEBR,
727 | 	SYSZ_INS_SG,
728 | 	SYSZ_INS_SGF,
729 | 	SYSZ_INS_SGFR,
730 | 	SYSZ_INS_SGR,
731 | 	SYSZ_INS_SGRK,
732 | 	SYSZ_INS_SH,
733 | 	SYSZ_INS_SHY,
734 | 	SYSZ_INS_SL,
735 | 	SYSZ_INS_SLB,
736 | 	SYSZ_INS_SLBG,
737 | 	SYSZ_INS_SLBR,
738 | 	SYSZ_INS_SLFI,
739 | 	SYSZ_INS_SLG,
740 | 	SYSZ_INS_SLBGR,
741 | 	SYSZ_INS_SLGF,
742 | 	SYSZ_INS_SLGFI,
743 | 	SYSZ_INS_SLGFR,
744 | 	SYSZ_INS_SLGR,
745 | 	SYSZ_INS_SLGRK,
746 | 	SYSZ_INS_SLL,
747 | 	SYSZ_INS_SLLG,
748 | 	SYSZ_INS_SLLK,
749 | 	SYSZ_INS_SLR,
750 | 	SYSZ_INS_SLRK,
751 | 	SYSZ_INS_SLY,
752 | 	SYSZ_INS_SQDB,
753 | 	SYSZ_INS_SQDBR,
754 | 	SYSZ_INS_SQEB,
755 | 	SYSZ_INS_SQEBR,
756 | 	SYSZ_INS_SQXBR,
757 | 	SYSZ_INS_SR,
758 | 	SYSZ_INS_SRA,
759 | 	SYSZ_INS_SRAG,
760 | 	SYSZ_INS_SRAK,
761 | 	SYSZ_INS_SRK,
762 | 	SYSZ_INS_SRL,
763 | 	SYSZ_INS_SRLG,
764 | 	SYSZ_INS_SRLK,
765 | 	SYSZ_INS_SRST,
766 | 	SYSZ_INS_ST,
767 | 	SYSZ_INS_STC,
768 | 	SYSZ_INS_STCH,
769 | 	SYSZ_INS_STCY,
770 | 	SYSZ_INS_STD,
771 | 	SYSZ_INS_STDY,
772 | 	SYSZ_INS_STE,
773 | 	SYSZ_INS_STEY,
774 | 	SYSZ_INS_STFH,
775 | 	SYSZ_INS_STG,
776 | 	SYSZ_INS_STGRL,
777 | 	SYSZ_INS_STH,
778 | 	SYSZ_INS_STHH,
779 | 	SYSZ_INS_STHRL,
780 | 	SYSZ_INS_STHY,
781 | 	SYSZ_INS_STMG,
782 | 	SYSZ_INS_STRL,
783 | 	SYSZ_INS_STRV,
784 | 	SYSZ_INS_STRVG,
785 | 	SYSZ_INS_STY,
786 | 	SYSZ_INS_SXBR,
787 | 	SYSZ_INS_SY,
788 | 	SYSZ_INS_TM,
789 | 	SYSZ_INS_TMHH,
790 | 	SYSZ_INS_TMHL,
791 | 	SYSZ_INS_TMLH,
792 | 	SYSZ_INS_TMLL,
793 | 	SYSZ_INS_TMY,
794 | 	SYSZ_INS_X,
795 | 	SYSZ_INS_XC,
796 | 	SYSZ_INS_XG,
797 | 	SYSZ_INS_XGR,
798 | 	SYSZ_INS_XGRK,
799 | 	SYSZ_INS_XI,
800 | 	SYSZ_INS_XIHF,
801 | 	SYSZ_INS_XILF,
802 | 	SYSZ_INS_XIY,
803 | 	SYSZ_INS_XR,
804 | 	SYSZ_INS_XRK,
805 | 	SYSZ_INS_XY,
806 | 
807 | 	SYSZ_INS_ENDING,   // <-- mark the end of the list of instructions
808 | } sysz_insn;
809 | 
810 | //> Group of SystemZ instructions
811 | typedef enum sysz_insn_group {
812 | 	SYSZ_GRP_INVALID = 0, // = CS_GRP_INVALID
813 | 
814 | 	//> Generic groups
815 | 	// all jump instructions (conditional+direct+indirect jumps)
816 | 	SYSZ_GRP_JUMP,	// = CS_GRP_JUMP
817 | 
818 | 	//> Architecture-specific groups
819 | 	SYSZ_GRP_DISTINCTOPS = 128,
820 | 	SYSZ_GRP_FPEXTENSION,
821 | 	SYSZ_GRP_HIGHWORD,
822 | 	SYSZ_GRP_INTERLOCKEDACCESS1,
823 | 	SYSZ_GRP_LOADSTOREONCOND,
824 | 
825 | 	SYSZ_GRP_ENDING,   // <-- mark the end of the list of groups
826 | } sysz_insn_group;
827 | 
828 | #ifdef __cplusplus
829 | }
830 | #endif
831 | 
832 | #endif
833 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/include/xcore.h:
--------------------------------------------------------------------------------
  1 | #ifndef CAPSTONE_XCORE_H
  2 | #define CAPSTONE_XCORE_H
  3 | 
  4 | /* Capstone Disassembly Engine */
  5 | /* By Nguyen Anh Quynh <aquynh@gmail.com>, 2014 */
  6 | 
  7 | #ifdef __cplusplus
  8 | extern "C" {
  9 | #endif
 10 | 
 11 | #if !defined(_MSC_VER) || !defined(_KERNEL_MODE)
 12 | #include <stdint.h>
 13 | #endif
 14 | 
 15 | #include "platform.h"
 16 | 
 17 | #ifdef _MSC_VER
 18 | #pragma warning(disable:4201)
 19 | #endif
 20 | 
 21 | //> Operand type for instruction's operands
 22 | typedef enum xcore_op_type {
 23 | 	XCORE_OP_INVALID = 0, // = CS_OP_INVALID (Uninitialized).
 24 | 	XCORE_OP_REG, // = CS_OP_REG (Register operand).
 25 | 	XCORE_OP_IMM, // = CS_OP_IMM (Immediate operand).
 26 | 	XCORE_OP_MEM, // = CS_OP_MEM (Memory operand).
 27 | } xcore_op_type;
 28 | 
 29 | // Instruction's operand referring to memory
 30 | // This is associated with XCORE_OP_MEM operand type above
 31 | typedef struct xcore_op_mem {
 32 | 	uint8_t base;	// base register
 33 | 	uint8_t index;	// index register
 34 | 	int32_t disp;	// displacement/offset value
 35 | 	int     direct;	// +1: forward, -1: backward
 36 | } xcore_op_mem;
 37 | 
 38 | // Instruction operand
 39 | typedef struct cs_xcore_op {
 40 | 	xcore_op_type type;	// operand type
 41 | 	union {
 42 | 		unsigned int reg;	// register value for REG operand
 43 | 		int32_t imm;		// immediate value for IMM operand
 44 | 		xcore_op_mem mem;		// base/disp value for MEM operand
 45 | 	};
 46 | } cs_xcore_op;
 47 | 
 48 | // Instruction structure
 49 | typedef struct cs_xcore {
 50 | 	// Number of operands of this instruction, 
 51 | 	// or 0 when instruction has no operand.
 52 | 	uint8_t op_count;
 53 | 	cs_xcore_op operands[8]; // operands for this instruction.
 54 | } cs_xcore;
 55 | 
 56 | //> XCore registers
 57 | typedef enum xcore_reg {
 58 | 	XCORE_REG_INVALID = 0,
 59 | 
 60 | 	XCORE_REG_CP,
 61 | 	XCORE_REG_DP,
 62 | 	XCORE_REG_LR,
 63 | 	XCORE_REG_SP,
 64 | 	XCORE_REG_R0,
 65 | 	XCORE_REG_R1,
 66 | 	XCORE_REG_R2,
 67 | 	XCORE_REG_R3,
 68 | 	XCORE_REG_R4,
 69 | 	XCORE_REG_R5,
 70 | 	XCORE_REG_R6,
 71 | 	XCORE_REG_R7,
 72 | 	XCORE_REG_R8,
 73 | 	XCORE_REG_R9,
 74 | 	XCORE_REG_R10,
 75 | 	XCORE_REG_R11,
 76 | 
 77 | 	//> pseudo registers
 78 | 	XCORE_REG_PC,	// pc
 79 | 
 80 | 	// internal thread registers
 81 | 	// see The-XMOS-XS1-Architecture(X7879A).pdf
 82 | 	XCORE_REG_SCP,	// save pc
 83 | 	XCORE_REG_SSR,	// save status
 84 | 	XCORE_REG_ET,	// exception type
 85 | 	XCORE_REG_ED,	// exception data
 86 | 	XCORE_REG_SED,	// save exception data
 87 | 	XCORE_REG_KEP,	// kernel entry pointer
 88 | 	XCORE_REG_KSP,	// kernel stack pointer
 89 | 	XCORE_REG_ID,	// thread ID
 90 | 
 91 | 	XCORE_REG_ENDING,	// <-- mark the end of the list of registers
 92 | } xcore_reg;
 93 | 
 94 | //> XCore instruction
 95 | typedef enum xcore_insn {
 96 | 	XCORE_INS_INVALID = 0,
 97 | 
 98 | 	XCORE_INS_ADD,
 99 | 	XCORE_INS_ANDNOT,
100 | 	XCORE_INS_AND,
101 | 	XCORE_INS_ASHR,
102 | 	XCORE_INS_BAU,
103 | 	XCORE_INS_BITREV,
104 | 	XCORE_INS_BLA,
105 | 	XCORE_INS_BLAT,
106 | 	XCORE_INS_BL,
107 | 	XCORE_INS_BF,
108 | 	XCORE_INS_BT,
109 | 	XCORE_INS_BU,
110 | 	XCORE_INS_BRU,
111 | 	XCORE_INS_BYTEREV,
112 | 	XCORE_INS_CHKCT,
113 | 	XCORE_INS_CLRE,
114 | 	XCORE_INS_CLRPT,
115 | 	XCORE_INS_CLRSR,
116 | 	XCORE_INS_CLZ,
117 | 	XCORE_INS_CRC8,
118 | 	XCORE_INS_CRC32,
119 | 	XCORE_INS_DCALL,
120 | 	XCORE_INS_DENTSP,
121 | 	XCORE_INS_DGETREG,
122 | 	XCORE_INS_DIVS,
123 | 	XCORE_INS_DIVU,
124 | 	XCORE_INS_DRESTSP,
125 | 	XCORE_INS_DRET,
126 | 	XCORE_INS_ECALLF,
127 | 	XCORE_INS_ECALLT,
128 | 	XCORE_INS_EDU,
129 | 	XCORE_INS_EEF,
130 | 	XCORE_INS_EET,
131 | 	XCORE_INS_EEU,
132 | 	XCORE_INS_ENDIN,
133 | 	XCORE_INS_ENTSP,
134 | 	XCORE_INS_EQ,
135 | 	XCORE_INS_EXTDP,
136 | 	XCORE_INS_EXTSP,
137 | 	XCORE_INS_FREER,
138 | 	XCORE_INS_FREET,
139 | 	XCORE_INS_GETD,
140 | 	XCORE_INS_GET,
141 | 	XCORE_INS_GETN,
142 | 	XCORE_INS_GETR,
143 | 	XCORE_INS_GETSR,
144 | 	XCORE_INS_GETST,
145 | 	XCORE_INS_GETTS,
146 | 	XCORE_INS_INCT,
147 | 	XCORE_INS_INIT,
148 | 	XCORE_INS_INPW,
149 | 	XCORE_INS_INSHR,
150 | 	XCORE_INS_INT,
151 | 	XCORE_INS_IN,
152 | 	XCORE_INS_KCALL,
153 | 	XCORE_INS_KENTSP,
154 | 	XCORE_INS_KRESTSP,
155 | 	XCORE_INS_KRET,
156 | 	XCORE_INS_LADD,
157 | 	XCORE_INS_LD16S,
158 | 	XCORE_INS_LD8U,
159 | 	XCORE_INS_LDA16,
160 | 	XCORE_INS_LDAP,
161 | 	XCORE_INS_LDAW,
162 | 	XCORE_INS_LDC,
163 | 	XCORE_INS_LDW,
164 | 	XCORE_INS_LDIVU,
165 | 	XCORE_INS_LMUL,
166 | 	XCORE_INS_LSS,
167 | 	XCORE_INS_LSUB,
168 | 	XCORE_INS_LSU,
169 | 	XCORE_INS_MACCS,
170 | 	XCORE_INS_MACCU,
171 | 	XCORE_INS_MJOIN,
172 | 	XCORE_INS_MKMSK,
173 | 	XCORE_INS_MSYNC,
174 | 	XCORE_INS_MUL,
175 | 	XCORE_INS_NEG,
176 | 	XCORE_INS_NOT,
177 | 	XCORE_INS_OR,
178 | 	XCORE_INS_OUTCT,
179 | 	XCORE_INS_OUTPW,
180 | 	XCORE_INS_OUTSHR,
181 | 	XCORE_INS_OUTT,
182 | 	XCORE_INS_OUT,
183 | 	XCORE_INS_PEEK,
184 | 	XCORE_INS_REMS,
185 | 	XCORE_INS_REMU,
186 | 	XCORE_INS_RETSP,
187 | 	XCORE_INS_SETCLK,
188 | 	XCORE_INS_SET,
189 | 	XCORE_INS_SETC,
190 | 	XCORE_INS_SETD,
191 | 	XCORE_INS_SETEV,
192 | 	XCORE_INS_SETN,
193 | 	XCORE_INS_SETPSC,
194 | 	XCORE_INS_SETPT,
195 | 	XCORE_INS_SETRDY,
196 | 	XCORE_INS_SETSR,
197 | 	XCORE_INS_SETTW,
198 | 	XCORE_INS_SETV,
199 | 	XCORE_INS_SEXT,
200 | 	XCORE_INS_SHL,
201 | 	XCORE_INS_SHR,
202 | 	XCORE_INS_SSYNC,
203 | 	XCORE_INS_ST16,
204 | 	XCORE_INS_ST8,
205 | 	XCORE_INS_STW,
206 | 	XCORE_INS_SUB,
207 | 	XCORE_INS_SYNCR,
208 | 	XCORE_INS_TESTCT,
209 | 	XCORE_INS_TESTLCL,
210 | 	XCORE_INS_TESTWCT,
211 | 	XCORE_INS_TSETMR,
212 | 	XCORE_INS_START,
213 | 	XCORE_INS_WAITEF,
214 | 	XCORE_INS_WAITET,
215 | 	XCORE_INS_WAITEU,
216 | 	XCORE_INS_XOR,
217 | 	XCORE_INS_ZEXT,
218 | 
219 | 	XCORE_INS_ENDING,   // <-- mark the end of the list of instructions
220 | } xcore_insn;
221 | 
222 | //> Group of XCore instructions
223 | typedef enum xcore_insn_group {
224 | 	XCORE_GRP_INVALID = 0, // = CS_GRP_INVALID
225 | 
226 | 	//> Generic groups
227 | 	// all jump instructions (conditional+direct+indirect jumps)
228 | 	XCORE_GRP_JUMP,	// = CS_GRP_JUMP
229 | 
230 | 	XCORE_GRP_ENDING,   // <-- mark the end of the list of groups
231 | } xcore_insn_group;
232 | 
233 | #ifdef __cplusplus
234 | }
235 | #endif
236 | 
237 | #endif
238 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/libMinHook.x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tandasat/FU_Hypervisor/d8a5fdf9f8eb723007bfd0a057e38232ef18002d/TestPrograms/SampleHook/SampleHook/libMinHook.x64.lib


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/libMinHook.x86.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/tandasat/FU_Hypervisor/d8a5fdf9f8eb723007bfd0a057e38232ef18002d/TestPrograms/SampleHook/SampleHook/libMinHook.x86.lib


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/stdafx.c:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // SampleHook.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/TestPrograms/SampleHook/SampleHook/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/clean.bat:
--------------------------------------------------------------------------------
 1 | @echo off
 2 | del *.sdf
 3 | del *.VC.db
 4 | del /s *.aps
 5 | del /a:h *.suo
 6 | rmdir /s /q .vs
 7 | rmdir /s /q ipch
 8 | rmdir /s /q x64
 9 | rmdir /s /q Debug
10 | rmdir /s /q Release
11 | rmdir /s /q FU_Hypervisor\x64
12 | rmdir /s /q FU_Hypervisor\Debug
13 | rmdir /s /q FU_Hypervisor\Release
14 | cd HyperPlatform
15 | clean.bat
16 | 


--------------------------------------------------------------------------------